{
  pkgs,
  config,
  lib,
  ...
}:
let
  runnerBase = {
    enable = true;
    url = "https://git.pyrox.dev";
    labels = [
      "default:docker://git.pyrox.dev/pyrox/flake-base:latest"
      "nodejs:docker://node:20"
      "nodejs-alpine:docker://node:20-alpine"
      "nodejs-lts:docker://node:20"
      "nodejs-lts:docker://node:20-alpine"
      "nodejs-latest:docker://node:21"
      "nodejs-latest-alpine:docker://node:21-alpine"
      "alpine:docker://alpine:3.19"
    ];
    settings = {
      log.level = "info";
      runner = {
        insecure = false;
        capacity = 4;
      };
      cache = {
        enabled = true;
        dir = "/var/lib/forgejo/runners/cache/";
        host = "";
        port = 0;
      };
      container = {
        # Automatically create a network for containers
        network = "";
        enable_ipv6 = false;
      };
    };
  };
  cfg = config.py.services.forgejo-runner;
in
{
  options.py.services.forgejo-runner = {
    enable = lib.mkEnableOption "Forgejo Actions Runner configuration";
    tokenFile = lib.mkOption {
      type = lib.types.path;
      description = "Token for default runner";
      example = /path/to/token/file;
    };
  };

  config.services.gitea-actions-runner = lib.mkIf cfg.enable {
    package = pkgs.forgejo-actions-runner;
    instances = {
      "${config.networking.hostName}-default" = runnerBase // {
        inherit (cfg) tokenFile;
        name = "${config.networking.hostName}";
      };
    };
  };
}