{ pkgs, config, ... }:
{
  sops.secrets."actions-token-1" = {
    sopsFile = ../../secrets/nix-cache01/actions_token_1;
    format = "binary";
  };

  virtualisation.podman = {
    enable = true;
    dockerCompat = true;
  };

  services.gitea-actions-runner.instances = {
    actions1 = {
      enable = true;
      tokenFile = config.sops.secrets.actions-token-1.path;
      name = "actions1.home.2rjus.net";
      settings = {
        log = {
          level = "debug";
        };

        runner = {
          file = ".runner";
          capacity = 4;
          timeout = "2h";
          shutdown_timeout = "10m";
          insecure = false;
          fetch_timeout = "10s";
          fetch_interval = "30s";
        };

        cache = {
          enabled = true;
        };

        container = {
          privileged = false;
        };
      };

      labels = [
        "homelab"
        "ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:runner-latest"
        "alpine-latest:docker://alpine:latest"
        "nix-latest:docker://nixos/nix:latest"
        "nixos:host"
      ];

      url = "https://git.t-juice.club";
    };
  };

}