{
  lib,
  config,
  inputs,
  pkgs,
  ...
}: let
  gitea-actions-runner-custom = import ./services/gitea-runner.nix;
in {
  imports = [gitea-actions-runner-custom];
  # config = { services.gitea-actions-runner = gitea-actions-runner-custom.config.services.gitea-actions-runner; };
  sops.secrets.forgejo_runner_token = {
    owner = "forgejo";
    group = "forgejo";
    mode = "0444";
  };
  services.forgejo = {
    enable = true;
    settings.server = {
      HTTP_PORT = 3002;
      ROOT_URL = "https://git.heroin.trade";
    };
    settings = {
      service = {
        DISABLE_REGISTRATION = true;
        # REQUIRE_SIGNIN_VIEW = true;
      };
      DEFAULT = {
        APP_NAME = "Git so good it could be heroin";
      };
      metrics = {
        ENABLED = true;
      };
    };
  };
  services.gitea-actions-runner-custom = {
    package = pkgs.forgejo-actions-runner;
    instances.default = {
      enable = true;
      name = "monolith";
      url = "https://git.heroin.trade";
      token = "";
      labels = [
        "ubuntu-latest:docker://node:16-bullseye"
        "ubuntu-22.04:docker://node:16-bullseye"
        "ubuntu-20.04:docker://node:16-bullseye"
        "ubuntu-18.04:docker://node:16-buster"
        "native:host"
      ];
      hostPackages = with pkgs; [
        bash
        coreutils
        curl
        gawk
        gitMinimal
        gnused
        nodejs
        wget
      ];
    };
  };
  # systemd.services.gitea-runner-default = {
  #   preStart = lib.mkForce ''
  #     export INSTANCE_DIR="$STATE_DIRECTORY/default"
  #     export TOKEN="$(cat /run/secrets/forgejo_runner_token)"
  #     mkdir -vp "$INSTANCE_DIR"
  #     cd "$INSTANCE_DIR"
  #
  #     # force reregistration on changed labels
  #     export LABELS_FILE="$INSTANCE_DIR/.labels"
  #     # export LABELS_WANTED="$(echo 'ubuntu-latest:docker://node:16-bullseye
  #     # ubuntu-22.04:docker://node:16-bullseye
  #     # ubuntu-20.04:docker://node:16-bullseye
  #     # ubuntu-18.04:docker://node:16-buster' | sort)"
  #     export LABELS_WANTED="$(echo ${lib.strings.concatStrings config.services.gitea-actions-runner.instances.default.labels} | sort)"
  #     export LABELS_CURRENT="$(cat $LABELS_FILE 2>/dev/null || echo 0)"
  #
  #     if [ ! -e "$INSTANCE_DIR/.runner" ] || [ "$LABELS_WANTED" != "$LABELS_CURRENT" ]; then
  #       # remove existing registration file, so that changing the labels forces a re-registration
  #       rm -v "$INSTANCE_DIR/.runner" || true
  #
  #       # perform the registration
  #       /nix/store/z3v4091wwdhdb60m72k0pxkim8q7chrk-forgejo-runner-3.5.0/bin/act_runner register --no-interactive \
  #         --instance 'https://git.heroin.trade' \
  #         --token "$TOKEN" \
  #         --name 'monolith' \
  #         --labels 'ubuntu-latest:docker://node:16-bullseye,ubuntu-22.04:docker://node:16-bullseye,ubuntu-20.04:docker://node:16-bullseye,ubuntu-18.04:docker://node:16-buster' \
  #         --config /nix/store/99q15qaajdi7rqz4bxbmhpkch2v8wg4f-config.yaml
  #
  #       # and write back the configured labels
  #       echo "$LABELS_WANTED" > "$LABELS_FILE"
  #     fi
  #   '';
  #   serviceConfig.DynamicUser = lib.mkForce false;
  #   serviceConfig.User = lib.mkForce "forgejo";
  #   serviceConfig.Group = lib.mkForce "forgejo";
  # };
  environment.systemPackages = with pkgs; [forgejo-runner];
}