{
  config,
  pkgs,
  lib,
  ...
}:
let
  p = import ../parameters.nix;
in
{

  age.secrets.forgejo-runner-token.file = ../../secrets/forgejo-runner-token.age;

  nix.settings = {
    download-buffer-size = 524288000; # 500 MiB
  };

  my = {
    utils = {
      commons = {
        enable = true;
        gc.enable = false;
      };
      lxc-standard.enable = true;
    };

    services.forgejo-runner = {
      enable = true;
      url = "https://git.${p.domains.public}";
      tokenFile = config.age.secrets.forgejo-runner-token.path;
      name = "nix-runner";
      labels = [
        "nix:host"
        "native:host"
      ];
    };

    virtualisation.proxmox.enable = true;
  };

  nix.gc = {
    automatic = true;
    dates = "daily";
    options = "--delete-older-than 15d";
  };

  # Extra packages needed for CI operations
  environment.systemPackages = with pkgs; [
    git
    colmena
    jq
    curl
    just
  ];

  # Allow the runner to use nix-daemon
  nix.settings.trusted-users = [
    "root"
    "gitea-runner"
  ];

  system.stateVersion = "25.11";
}