{ pkgs, config, ... }: {
  virtualisation.podman.enable = true;
  
  services.gitea-actions-runner = {
    package = pkgs.forgejo-runner;
    instances.default = {
      enable = true;
      name = "ptigoron";
      url = "https://git.lyes.eu";
      # Obtaining the path to the runner token file may differ
      # tokenFile should be in format TOKEN=<secret>, since it's EnvironmentFile for systemd
      tokenFile = config.age.secrets.ptigoron-token.path;
      labels = [
        "fedora-rawhide:docker://quay.io/fedora/fedora:rawhide"
        "fedora-latest:docker://quay.io/fedora/fedora:latest"
        "ubuntu-rolling:docker://ubuntu:rolling"
        "ubuntu-latest:docker://ubuntu:latest"
        "nixos-latest:docker://nixos/nix"
        ## optionally provide native execution on the host:
        # "native:host"
      ];
    };
  };

  age.secrets.ptigoron-token = {
    file = ../../../secrets/zora/services/ptigoron-token.age;
    owner = "gitea-runner";
    group = "gitea-runner";
  };
}