{ config, pkgs, ... }: 

{
  imports = [ ./buildkitd.nix ];
  desu.secrets.forgejo-runners-token-sf = {};

  systemd.services.actions-runner-build-buildkit = {
    description = "buildkit image builder for actions runner";
    after = [ "docker.service" ];
    wantedBy = [ "multi-user.target" ];
    serviceConfig = {
      Type = "oneshot";
      ExecStart = "${pkgs.docker}/bin/docker build -t local/actions-runner-buildkit ${pkgs.copyPathToStore ./image-buildkit}";
    };
  };

  systemd.services.gitea-runner-koi-buildkit.requires = [
    "actions-runner-build-buildkit.service"
    "docker-act-runner-buildkitd.service"
  ];

  services.gitea-actions-runner = {
    package = pkgs.forgejo-runner;
    instances.koi = {
      name = "koi";
      enable = true;
      url = "https://git.stupid.fish";
      tokenFile = config.desu.secrets.forgejo-runners-token-sf.path;
      labels = [
        "node18:docker://node:18-bookworm"
        "node20:docker://node:20-bookworm"
        "node22:docker://node:22-bookworm"
        # fun fact: the actual image doesnt matter! it's only used to determine the runner
        "docker:docker://node:22-bookworm"
      ];
      settings = {
        runner.capacity = 8;
      };
    };

    instances.koi-buildkit = {
      name = "koi-buildkit";
      enable = true;
      url = "https://git.stupid.fish";
      tokenFile = config.desu.secrets.forgejo-runners-token-sf.path;
      labels = [
        "buildkit:docker://local/actions-runner-buildkit" 
      ];
      settings = {
        runner.capacity = 4;
        container = {
          valid_volumes = [ "/var/run/act-runner-buildkit" ];
          options = "--user=1000:1000 --mount=type=bind,source=/var/run/act-runner-buildkit,target=/var/run/buildkit"; 
        };
      };
    };
  };
}