{
  config,
  ...
}:

let
  vars = import ../vars.nix;
  act_path = vars.primary_act;
in
{
  virtualisation.oci-containers.containers = {
    act-stable-latest-main = {
      image = "gitea/act_runner:latest";
      extraOptions = [
        "--stop-signal=SIGINT"
      ];
      labels = {
        "com.centurylinklabs.watchtower.enable" = "true";
        "com.centurylinklabs.watchtower.scope" = "act-runner";
      };
      ports = [ "8088:8088" ];
      volumes = [
        "${act_path}/stable-latest-main/config.yaml:/config.yaml"
        "${act_path}/stable-latest-main/data:/data"
        "/var/run/docker.sock:/var/run/docker.sock"
        "/nix:/nix"
      ];
      environment = {
        CONFIG_FILE = "/config.yaml";
        GITEA_RUNNER_NAME = "stable-latest-main";
      };
      environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
      log-driver = "local";
    };

    act-stable-latest-1 = {
      image = "gitea/act_runner:latest";
      extraOptions = [
        "--stop-signal=SIGINT"
      ];
      labels = {
        "com.centurylinklabs.watchtower.enable" = "true";
        "com.centurylinklabs.watchtower.scope" = "act-runner";
      };
      volumes = [
        "${act_path}/stable-latest-1/config.yaml:/config.yaml"
        "${act_path}/stable-latest-1/data:/data"
        "/var/run/docker.sock:/var/run/docker.sock"
        "/nix:/nix"
      ];
      environment = {
        CONFIG_FILE = "/config.yaml";
        GITEA_RUNNER_NAME = "stable-latest-1";
      };
      environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
      log-driver = "local";
    };

    act-stable-latest-2 = {
      image = "gitea/act_runner:latest";
      extraOptions = [
        "--stop-signal=SIGINT"
      ];
      labels = {
        "com.centurylinklabs.watchtower.enable" = "true";
        "com.centurylinklabs.watchtower.scope" = "act-runner";
      };
      volumes = [
        "${act_path}/stable-latest-2/config.yaml:/config.yaml"
        "${act_path}/stable-latest-2/data:/data"
        "/var/run/docker.sock:/var/run/docker.sock"
        "/nix:/nix"
      ];
      environment = {
        CONFIG_FILE = "/config.yaml";
        GITEA_RUNNER_NAME = "stable-latest-2";
      };
      environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
      log-driver = "local";
    };

    act-stable-latest-3 = {
      image = "gitea/act_runner:latest";
      extraOptions = [
        "--stop-signal=SIGINT"
      ];
      labels = {
        "com.centurylinklabs.watchtower.enable" = "true";
        "com.centurylinklabs.watchtower.scope" = "act-runner";
      };
      volumes = [
        "${act_path}/stable-latest-3/config.yaml:/config.yaml"
        "${act_path}/stable-latest-3/data:/data"
        "/var/run/docker.sock:/var/run/docker.sock"
        "/nix:/nix"
      ];
      environment = {
        CONFIG_FILE = "/config.yaml";
        GITEA_RUNNER_NAME = "stable-latest-3";
      };
      environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
      log-driver = "local";
    };

    act-stable-latest-4 = {
      image = "gitea/act_runner:latest";
      extraOptions = [
        "--stop-signal=SIGINT"
      ];
      labels = {
        "com.centurylinklabs.watchtower.enable" = "true";
        "com.centurylinklabs.watchtower.scope" = "act-runner";
      };
      volumes = [
        "${act_path}/stable-latest-4/config.yaml:/config.yaml"
        "${act_path}/stable-latest-4/data:/data"
        "/var/run/docker.sock:/var/run/docker.sock"
        "/nix:/nix"
      ];
      environment = {
        CONFIG_FILE = "/config.yaml";
        GITEA_RUNNER_NAME = "stable-latest-4";
      };
      environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
      log-driver = "local";
    };

    act-stable-latest-5 = {
      image = "gitea/act_runner:latest";
      extraOptions = [
        "--stop-signal=SIGINT"
      ];
      labels = {
        "com.centurylinklabs.watchtower.enable" = "true";
        "com.centurylinklabs.watchtower.scope" = "act-runner";
      };
      volumes = [
        "${act_path}/stable-latest-5/config.yaml:/config.yaml"
        "${act_path}/stable-latest-5/data:/data"
        "/var/run/docker.sock:/var/run/docker.sock"
        "/nix:/nix"
      ];
      environment = {
        CONFIG_FILE = "/config.yaml";
        GITEA_RUNNER_NAME = "stable-latest-5";
      };
      environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
      log-driver = "local";
    };
  };

  systemd = {
    timers."custom-watchtower@act-runner" = {
      wantedBy = [ "timers.target" ];
      timerConfig = {
        OnBootSec = "20m";
        OnUnitActiveSec = "5m";
        Unit = "custom-watchtower@act-runner.service";
      };
    };
    services."custom-watchtower@act-runner" = {
      bindsTo = [ "docker.service" ];
      after = [ "docker.service" ];
      description = "a watchtower-esque script for systemd-based oci-containers";
      serviceConfig = {
        Type = "oneshot";
        User = "root";
        ExecStart = "${config.nix.package}/bin/nix ${./watchtower.bash} 'com.centurylinklabs.watchtower.scope' 'act-runner'";
      };
    };
  };

  sops.secrets = {
    "docker/act-runner" = {
      owner = "root";
      restartUnits = [
        "docker-act-stable-latest-1.service"
      ];
    };
  };
}