{ lib, config, ... }:
let
  runnerInstances = lib.attrValues config.services.gitea-actions-runner.instances;
  runnerCachePorts = lib.map (i: i.settings.cache.proxy_port) runnerInstances;
in {
  networking = {
    interfaces.net0 = {
      ipv4.addresses = [
        {
          address = "172.31.17.155";
          prefixLength = 25;
        }
      ];
    };
    defaultGateway = "172.31.17.129";
    nameservers = [ "212.12.50.158" "192.76.134.90" ];
    search = [ "hamburg.ccc.de" ];
  };

  systemd.network.links."10-net0" = {
    matchConfig.MACAddress = "1E:E0:4E:D0:DA:BE";
    linkConfig.Name = "net0";
  };

  # open ports for runner cache proxy so that we can use the cache action
  networking.firewall.allowedTCPPorts = runnerCachePorts;
}