{ pkgs, ... }:

{
  # Gitea Actions Runner Configuration
  # This module configures a Gitea runner for CI/CD with Nix support

  services.gitea-actions-runner = {
    package = pkgs.gitea-actions-runner;

    instances = {
      # Main runner instance for webref project
      webref-runner = {
        enable = true;

        # Runner name (will appear in Gitea)
        name = "nixos-runner-webref";

        # Gitea instance URL
        url = "https://your-gitea-instance.com";

        # Runner token - Generate this from Gitea:
        # Settings -> Actions -> Runners -> Create New Runner
        # Store the token in a file and reference it here
        tokenFile = "/var/secrets/gitea-runner-token";

        # Labels define what jobs this runner can handle
        # Format: "label:docker_image" or just "label" for host execution
        labels = [
          # Native execution with Nix
          "nix:native"

          # Ubuntu-like for compatibility
          "ubuntu-latest:docker://node:20-bookworm"

          # Specific for this project
          "webref:native"
        ];

        # Host packages available to the runner
        hostPackages = with pkgs; [
          # Essential tools
          bash
          coreutils
          curl
          git
          nix

          # Project-specific
          nodejs
          python3
          postgresql

          # Binary cache
          attic-client

          # Container runtime (optional)
          docker
          docker-compose
        ];
      };
    };
  };

  # Enable Docker for service containers (PostgreSQL, MinIO, etc.)
  virtualisation.docker = {
    enable = true;
    autoPrune.enable = true;
    autoPrune.dates = "weekly";
  };

  # Ensure the runner user has access to Docker
  users.users.gitea-runner = {
    isSystemUser = true;
    group = "gitea-runner";
    extraGroups = [ "docker" ];
  };

  users.groups.gitea-runner = { };

  # Allow runner to use Nix
  nix.settings = {
    allowed-users = [ "gitea-runner" ];
    trusted-users = [ "gitea-runner" ];

    # Enable flakes for the runner
    experimental-features = [
      "nix-command"
      "flakes"
    ];

    # Optimize for CI performance
    max-jobs = "auto";
    cores = 0; # Use all available cores
  };

  # Network access for downloading packages
  networking.firewall = {
    # If your runner needs to expose ports, configure them here
    # allowedTCPPorts = [ ];
  };

  # Systemd service optimizations
  systemd.services."gitea-runner-webref-runner" = {
    serviceConfig = {
      # Resource limits (adjust based on your hardware)
      MemoryMax = "8G";
      CPUQuota = "400%"; # 4 cores

      # Restart policy
      Restart = "always";
      RestartSec = "10s";
    };
  };
}