{ pkgs, config, lib, ... }:
with lib;
let
  cfg = config.eboskma.woodpecker;
in
{
  options.eboskma.woodpecker = { enable = mkEnableOption "Woodpecker CI"; };

  config = mkIf cfg.enable {
    services.woodpecker-server = {
      enable = true;
      environment = {
        WOODPECKER_GITEA = "true";
        WOODPECKER_GITEA_URL = "https://git.datarift.nl";
        WOODPECKER_HOST = "https://drone.datarift.nl";
        WOODPECKER_SERVER_ADDR = ":8100";
        WOODPECKER_ADMIN = "erwin";
        WOODPECKER_SESSION_EXPIRES = "48h";
      };
      environmentFile = config.sops.secrets.woodpecker-server.path;
    };
    services.woodpecker-agents.agents.local = {
      enable = true;
      environment = {
        WOODPECKER_SERVER = "localhost:9000";
        WOODPECKER_MAX_PROCS = "2";
        WOODPECKER_BACKEND = "docker";
        DOCKER_HOST = "unix:///run/podman/podman.sock";
      };
      environmentFile = [ config.sops.secrets.woodpecker-agent.path ];
      extraGroups = [ "podman" ];
    };

    environment.systemPackages = [ pkgs.woodpecker-cli ];

    # virtualisation.docker = {
    #   enable = true;
    #   autoPrune = {
    #     enable = true;
    #   };
    # };

    virtualisation.podman = {
      enable = true;
      dockerCompat = true;
      autoPrune = {
        enable = true;
      };
      defaultNetwork.settings.dns_enable = true;
    };

    networking.firewall = {
      allowedTCPPorts = [ 8100 ];

      interfaces."podman+" = {
        allowedUDPPorts = [ 53 ];
        allowedTCPPorts = [ 53 ];
      };
    };
  };
}