infrastructure/hosts/pink/services/actions-runner.nix

{ pkgs, config, ... }:
{

  services.gitea-actions-runner.instances = {
    root = {
      enable = true;
      url = "https://git.4o1x5.dev";
      tokenFile = config.age.secrets.actions-runner.path;
      settings = {
        container = {
          # TODO fix: networking
          # instead of using host, create a subnet that cannot contact other server on my network to avoid being haxxed
          network = "host";
        };
      };
      labels = [
        "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
      ];
      name = "${config.networking.hostName}@${config.networking.domain}";
    };
  };
}