{ nodes, pkgs, ... }:
{
  systemd.sockets.podman.socketConfig.Symlinks = [
    "/run/docker.sock"
  ];
  virtualisation = {
    containers = {
      enable = true;
    };
    podman = {
      enable = true;
      dockerCompat = true;
      dockerSocket.enable = true;
      defaultNetwork.settings.dns_enabled = true;
      autoPrune.enable = true;
    };
  };

  virtualisation.oci-containers.containers =
    let
      runner_config = pkgs.writeTextFile {
        name = "config.yml";
        text = ''
          container:
            network: "host"
        '';
      };
    in
    {
      gitea-runner = {
        image = "gitea/act_runner@sha256:8477d5b61b655caad4449888bae39f1f34bebd27db56cb15a62dccb3dcf3a944";
        autoStart = true;

        # capabilities = {
        #   NET_RAW = true;
        # };

        environment = {
          GITEA_INSTANCE_URL = nodes.sin.config.services.gitea.settings.server.ROOT_URL;
          GITEA_RUNNER_REGISTRATION_TOKEN = "uEDPBW6Z9oItAKRtloVwis0LkPbD4OmV2w5esOhW";
          CONFIG_FILE = "/config.yml";
        };
        volumes = [
          "/var/run/docker.sock:/var/run/docker.sock"
          "${runner_config}:/config.yml:ro"
        ];
      };
    };
}