{ config, pkgs, lib, agenix, ... }:
let
  cfg = config.services.vm_forgejo;
in
{
  options.services.vm_forgejo = {
    enable = lib.mkEnableOption "Enable Forgejo service";
  };
  config = lib.mkIf cfg.enable {
    users.users.gitea-runner = {
      isNormalUser = true;
    };
    age.secrets.forgejo-runner-token = {
      file  = ./secrets/forgejo-runner-token.age;
      mode  = "0660";
      owner = "gitea-runner";
    };
    services.gitea-actions-runner = {
      package = pkgs.forgejo-actions-runner;
      instances.default = {
        enable = true;
        name = "nixos-runner";
        url = "https://git.le43.eu";
        tokenFile = config.age.secrets.forgejo-runner-token.path;
        labels = [
          "native:host"
        ];
      };
    };
  };
}