{ pkgs, config, lib, ... }:

let
in {
  environment.systemPackages = with pkgs; [ 
    vim 
    # zig broken on darwin
    #ncdu 
    git
    tmux 
    cachix
    direnv
    lazydocker
    lazygit
  ];

  sops.secrets."forgejo-runner-token" = {
    # configure secret for forwarding rules
    sopsFile = ./secrets.sops.yaml;
    mode = "0444";
    restartUnits = [ "gitea-runner-default.service" ];
  };

  
  virtualisation.docker.enable = true;

  users.users.gitea-runner.group = "gitea-runner";
  users.groups.gitea-runner = {};
  users.users.gitea-runner.extraGroups = [ "docker" ];
  users.users.gitea-runner.isNormalUser = true;

  services.gitea-actions-runner = {
    package = pkgs.forgejo-actions-runner;
    instances.default = {
      enable = true;
      name = "monolith";
      url = "https://git.hsn.dev";
      # Obtaining the path to the runner token file may differ
      tokenFile = config.sops.secrets.forgejo-runner-token.path;
      labels = [
        "ubuntu-latest:docker://node:16-bullseye"
        "ubuntu-22.04:docker://node:16-bullseye"
        "ubuntu-20.04:docker://node:16-bullseye"
        "ubuntu-18.04:docker://node:16-buster"     
        ## optionally provide native execution on the host:
        # "native:host"
      ];
    };
  };
  system.stateVersion = "24.05";
}

# extraPackages = with pkgs; [ 
#   # custom
#     cachix 
#     tmate
#     jq
#     # nixos
#     docker
#     openssh
#     coreutils-full
#     bashInteractive # bash with ncurses support
#     bzip2
#     cpio
#     curl
#     diffutils
#     findutils
#     gawk
#     stdenv.cc.libc
#     getent
#     getconf
#     gnugrep
#     gnupatch
#     gnused
#     gnutar
#     gzip
#     xz
#     less
#     ncurses
#     netcat
#     mkpasswd
#     procps
#     time
#     zstd
#     util-linux
#     which
#     nixos-rebuild
# ];