{ pkgs, config, ... }:
{
  imports = [
    ./common.nix
  ];

  # Ensure the /var/lib/gitea-runner/default directory is created
  # and has the correct permissions.
  systemd.tmpfiles.rules = [
    "d /var/lib/gitea-runner/default 0750 gitea-runner gitea-runner -"
  ];

  services.gitea-actions-runner = {
    package = pkgs.forgejo-actions-runner;
    instances.default = {
      enable = true;
      name = config.networking.hostName;
      url = "https://git.hsn.dev";
      # The gitea-runner token file is pushed on vm creation with this command:
      # `incus file push "$TOKEN_FILE" "$INCUS_INSTANCE/var/lib/forgejo/$TOKEN_FILE" --mode 400`
      tokenFile = "/var/lib/gitea-runner/default/tokenfile";
      labels = [
        "x86_64"
        "linux"
        "pc"
        "docker-x86_64:docker://node:20-bullseye"
        "native-x86_64:host"
      ];
    };
  };
}