{ pkgs, ... }:
{
  networking.firewall.trustedInterfaces = [ "br-+" ];

  services.gitea-actions-runner = {
    package = pkgs.forgejo-runner;
    instances."forgejo.sinerva.eu" = {
      enable = true;
      name = "ci-forgejo-runner";
      token = "/persist/secrets/forgejo_token";
      url = "https://code.forgejo.org/";
      labels = [
        "Ubuntu-24.04-LTS:docker://ubuntu:24.04"
        "nixos-latest:docker://nixos/nix"
      ];
    };
  };

  virtualisation.docker = {
    enable = true;
    daemon.settings = {
      fixed-cidr-v6 = "fd00::/80";
      ipv6 = true;
    };
  };
}