{ host, config, pkgs, ... }:
{
  imports = [
    ./hardware-configuration.nix
  ];
  sops.secrets = {
    "password" = {
      sopsFile = ../../secrets/k8s.yaml;
    };
    forgejo-runner = {
      sopsFile = ../../secrets/forgejo-runner.yaml;
    };
  };
  system-sys.zram = false;
  networking = {
    hostId = "81238132";
    firewall = {
      allowedTCPPorts = [
        22
        10250
        25565 #mc
        25566 #mc
      ];
    };
  };
  virtualisation.podman.enable = true;
  services.gitea-actions-runner = {
    package = pkgs.forgejo-runner;
    instances.default = {
      enable = true;
      name = host.hostName;
      url = "https://git.10110110.xyz";
      tokenFile = config.sops.secrets.forgejo-runner.path;
      labels = [
        "ubuntu-latest:docker://node:24-bullseye"
        "nix-upstream-latest:docker://nixos/nix:latest"
      ];
    };
  };
  services.k3s = {
    enable = true;
    role = "agent";
    extraFlags = toString [
      "--flannel-iface=tailscale0"
    ];
    tokenFile = config.sops.secrets."password".path;
    serverAddr = "https://consensus:6443";
  };
  services.logind.lidSwitch = "ignore";
  services.logind.lidSwitchExternalPower = "ignore";
  hardware.enableRedistributableFirmware = true;
  hardware.firmware = [ pkgs.linux-firmware ];
  system.stateVersion = "23.11";
}