{ pkgs, config, ... }:

{
  sops.secrets."forgejo/runner_token" = {
    sopsFile = ./secrets/forgejo.yaml;
  };

  sops.templates."forgejo-runner-token".content = ''
    TOKEN=${config.sops.placeholder."forgejo/runner_token"}
  '';

  services.gitea-actions-runner = {
    package = pkgs.forgejo-runner;

    instances.default = {
      enable = true;
      name = "home-server";
      url = "https://forgejo.ellie.town";
      tokenFile = config.sops.templates."forgejo-runner-token".path;

      labels = [
        "native:host"
      ];

      hostPackages = with pkgs; [
        bash
        coreutils
        git
        nix
        curl
        nodejs
      ];
    };
  };
}