{
  flake,
  modulesPath,
  config,
  pkgs,
  ...
}:

let
  inherit (flake) inputs;
  inherit (inputs) self;
in
{
  imports = [
    self.nixosModules.default
    "${modulesPath}/virtualisation/lxc-container.nix"
  ];

  nix.settings = {
    allowed-users = [ "gitea-runner" ];
    trusted-users = [ "gitea-runner" ];
  };

  services.gitea-actions-runner = {
    package = pkgs.forgejo-runner;
    instances = {
      native = {
        enable = true;
        url = "https://git.skdevstuios.com";
        name = "nix";
        labels = [ "native:host" ];
        tokenFile = config.sops.secrets.forgejo-runners-token.path;
        hostPackages = with pkgs; [
          nix
          nodejs
          git
          bash
          coreutils
          curl
        ];
      };
    };
  };
  deploy = {
    enable = false;
  };
  services = {
    tty-ips.enable = true;
  };
  networking = {
    hostName = "base";
  };
  environment.systemPackages = [
  ];
  system.stateVersion = "25.05";
}