{
  config,
  pkgs,
  ...
}: {
  services.gitea-actions-runner = {
    package = pkgs.forgejo-actions-runner;
    instances.default = {
      enable = true;
      name = config.networking.hostName;
      url = "https://git.procopius.dk";
      # Obtaining the path to the runner token file may differ
      # tokenFile should be in format TOKEN=<secret>, since it's EnvironmentFile for systemd
      tokenFile = config.sops.secrets."forgejo-runner-registration-token".path;
      labels = [
        "ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-22.04"
        "node-22:docker://node:22-bookworm"
        "nixos-latest:docker://nixos/nix"
        ## optionally provide native execution on the host:
        "native:host"
      ];
      settings = {
        log = {
          level = "debug";
        };
      };
    };
  };

  environment.systemPackages = with pkgs; [
    wget
    nodejs
  ];

  virtualisation.docker.enable = true; # Optional: if using docker
}