{ pkgs, ... }:

{
  virtualisation.oci-containers.containers.act-runner-buildkitd = {
    image = "moby/buildkit:v0.19.0-rc2-rootless";
    cmd = [ 
      "--oci-worker-no-process-sandbox"
      "--addr=unix:///var/run/act-runner-buildkit/buildkitd.sock"
    ];
    user = "1000:1000";
    extraOptions = [
      "--security-opt=seccomp=unconfined"
      "--security-opt=apparmor=unconfined"
      "--mount=type=bind,source=/var/lib/act-runner-buildkit,target=/home/user/.local/share/buildkit"
      "--mount=type=bind,source=/var/run/act-runner-buildkit,target=/var/run/act-runner-buildkit"
    ];
  };

  systemd.services.act-runner-buildkit-clear-cache = {
    serviceConfig = {
      Type = "oneshot";
      User = "1000";
      ExecStart = "${pkgs.buildkit}/bin/buildctl --addr=unix:///var/run/act-runner-buildkit/buildkitd.sock prune";
    };
    startAt = "Mon 03:00";
  };

  systemd.tmpfiles.rules = [
    "d /var/lib/act-runner-buildkit 0700 1000 1000 -"
    "d /var/run/act-runner-buildkit 0700 1000 1000 -"
  ];
}