{ config, pkgs, lib, ... }:

{
  security.sudo.wheelNeedsPassword = false;
  imports =
    [ ./hardware-configuration.nix ];
  networking.hostName = "tesla-nixos";
  boot.initrd.enable = true;
  boot.loader = {
    systemd-boot = {
      enable = true;
    }; # end loader.systemd-boot
  }; # end boot
  virtualisation.oci-containers.containers = {
    isponsorblocktv = {
      image = "ghcr.io/dmunozv04/isponsorblocktv:latest";
      autoStart = true;
      volumes = [
        "/home/alisceon/isponsorblocktv:/app/data"
      ];
    }; # end isponsorblocktv
  };
  virtualisation.podman.dockerCompat = false;
  virtualisation.docker = {
    enable = true;
    autoPrune = {
      enable = true;
      dates = "daily";
    };
    daemon.settings = {
      "runtimes" = {
        crun = { path = "${pkgs.crun}/bin/crun"; };
      };
      "default-runtime" = "crun";
    };
  };
  users.users.gitlab-runner = {
    isNormalUser = true;
    home = "/var/lib/gitlab-runner";
    createHome = true;
    shell = pkgs.bashInteractive;
    extraGroups = [ "docker" "wheel" ];
    group = "gitlab-runner";
  };
  users.groups.gitlab-runner = { };
  users.groups.docker = { };
  systemd.services."enable-linger-gitlab-runner" = {
    description = "Enable linger for gitlab-runner";
    wantedBy = [ "multi-user.target" ];
    serviceConfig = {
      Type = "oneshot";
      ExecStart = "${pkgs.systemd}/bin/loginctl enable-linger gitlab-runner";
      RemainAfterExit = true;
    };
  };

  # GitLab Runner configured to use the local Docker daemon
  services.gitlab-runner = {
    enable = true;
    services = {
      ci-nspawn-docker = {
        authenticationTokenConfigFile = "/var/lib/gitlab-runner/token-env";
        executor = "docker";
        dockerImage = "alpine:3";
        dockerPrivileged = true;
        dockerVolumes = [
          "/var/lib/gitlab-runner/cache:/cache"
        ];
      };
    };
  };
} # end file