{
  pkgs,
  config,
  tools,
  ...
}:
{
  services = {
    gitea = {
      enable = true;
      database = {
        type = "postgres";
        user = "git";
        name = "git";
        password = config.my-lxc.git.db.password;
        host = tools.build_ip "db";
        createDatabase = false;
      };
      settings = {
        server.ROOT_URL = "https://${tools.build_hostname "git"}";
        server.HTTP_PORT = 3000;
      };
      dump = {
        enable = true;
        # TODO: Manual mountpoint /mnt/backups => NAS
        backupDir = "/mnt/backups/gitea";
        interval = "1:42";
        type = "tar.gz";
      };
    };
    gitea-actions-runner.instances.nixos = {
      name = "nixos";
      enable = true;
      hostPackages = with pkgs; [
        bash
        coreutils
        curl
        gawk
        gitMinimal
        gnused
        wget
        devenv
      ];
      labels = [
        "native:host"
      ];
      tokenFile = config.age.secrets.gitea-action-token.path;
      url = "https://${tools.build_hostname "git"}";
    };
  };
}