{
  pkgs,
  config,
  ...
}: {
  services.gitea-actions-runner = {
    package = pkgs.forgejo-runner;
    instances.default = {
      enable = true;
      name = "monolith";
      url = "https://git.cronyakatsuki.xyz";
      # Obtaining the path to the runner token file may differ
      # tokenFile should be in format TOKEN=<secret>, since it's EnvironmentFile for systemd
      tokenFile = config.age.secrets.forgejo-runner-token.path;
      labels = [
        "node:docker://node:22-bookworm"
        "nix:docker://forgejo-runner-nix"
        ## optionally provide native execution on the host:
        "native:host"
      ];
    };
  };
}