diff --git a/secrets/monolith/default.yaml b/secrets/monolith/default.yaml
index 857bc5d..46cc388 100644
--- a/secrets/monolith/default.yaml
+++ b/secrets/monolith/default.yaml
@@ -1,4 +1,8 @@
+forgejo-runners:
+    git.lelgenio.com-default: ENC[AES256_GCM,data:sEfpBZvgQUkyXPWY4RI0RPJWUbsYK/RGqiYJ5wDSVY9a0EYenyt96QYq6815evq2iQ==,iv:rSWnCOdhfKH4TM9R0/IParYd9laYhWxR+iUhgkVvqfc=,tag:mBcSH/oGDMBgBScvCdn3Zg==,type:str]
 gitlab-runners:
+    thoreb-telemetria-nix: ENC[AES256_GCM,data:zrZvG4be08ulpo7itbrprKK5csCMLvzZjrszfMw1XiJP0FyRTUd9nHgHpbAzbjj2KyT7kKngoZAyengvaTEhkT9sUi1pdGnvajAH8BDDOD0g4LJIHFl4,iv:3bSsTzU7gHx+MchuPg9kmb5xEDugmGPje8Jw74NpRJI=,tag:zffRr77lWbyLt7o/mywb5A==,type:str]
+    thoreb-itinerario-nix: ENC[AES256_GCM,data:UdAAD0V895sFoEYR56sCG2LlpZugJ0K/nwkTygzWOnbTSmBRAcIQ8qVFPZGw+K+XMSLiCyio6Jp7k8AYP0K1VYm+6aEP3OkqR9FCLQTJgXo=,iv:UGUby50BYkn13OzItk6zZmxc5+SnbZZa4bebQHIow2A=,tag:LjDg3deWwdH2T71EtPo6jA==,type:str]
     docker-images-token: ENC[AES256_GCM,data:GGB/KSkjdAyhFKEspAh91ItbqEDf7K/LZSGSn+Jp7SxRfXpDzHIiMD8XJ9PTkGLeQGN4ug1i2nTYPS7d/P5OALWDU+1NPiV9nPdG0w7GERfu4g==,iv:6roabdOKX9xFMf0hWlECd73+943R+hFLos0e2dOpzns=,tag:LrASFc4DtN7aQ+3oOW/p/w==,type:str]
 sops:
     kms: []
@@ -34,8 +38,8 @@ sops:
             TGNwNUQxN0VQMHErMGVZbG5CZW9kSGMK9TRcgSJQT73dYoQxrrqFW/FkKExLGT4T
             Xagi6Eq4rhT7pvaL4h3vglwbqkLPsHrWRSyhh0sAEIJ1WpvD+cFEMA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-03-07T14:47:44Z"
-    mac: ENC[AES256_GCM,data:k0yhfVhDmtU8wOZIylaxmmd+8TIXCzCbGhlaQnyeLplH2BDHVnpzAxBJVizS/VtVpAkjMAESndXqW7N6pnGnRWdZPtCxE8KNtz/nUxCZA44cn+mjC+ghKgsgaLuxe4smu0f4u4TK2uFsJqw5J0VGFgMtyKe4AaHujoXWL80zTR0=,iv:xiDrOtto246oPjMw5+ny0qB8HjdMpkzZyPNi3csgMVE=,tag:2xioMXxERDSePdIwPpP7hg==,type:str]
+    lastmodified: "2025-03-07T16:48:32Z"
+    mac: ENC[AES256_GCM,data:vyO1MMSRCoc8CK1wqXdgvvAiNP4NUXxpF1MPNsz2z9ioeu15ue2AYV+kWH3I94qUOZ93UM+Nbfx1sqN+JKpkbQ7iS8vY1NNwovEYtrp4FInr6esYOIJXSvvf/3wlWoquSaNACQnbjKJKgV05m24+hu/meIXMYs9sn2SxlnetTmg=,iv:W1jokO9Shhle0cWZpR5bonVdLPZAOo76h8sClMUYZbE=,tag:1Pg5f6q6TmBrAmYWuhKaKQ==,type:str]
     pgp:
         - created_at: "2025-03-07T14:42:24Z"
           enc: |-
diff --git a/system/monolith-gitlab-runner.nix b/system/monolith-gitlab-runner.nix
index ce0dc6f..28a0ecd 100644
--- a/system/monolith-gitlab-runner.nix
+++ b/system/monolith-gitlab-runner.nix
@@ -1,7 +1,6 @@
 {
   config,
   pkgs,
-  lib,
   ...
 }:
 let
@@ -16,8 +15,8 @@ in
     services = {
       # runner for building in docker via host's nix-daemon
       # nix store will be readable in runner, might be insecure
-      thoreb-telemetria-nix = mkNixRunner config.age.secrets.gitlab-runner-thoreb-telemetria-registrationConfigFile.path;
-      thoreb-itinerario-nix = mkNixRunner config.age.secrets.monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.path;
+      thoreb-telemetria-nix = mkNixRunner config.sops.secrets."gitlab-runners/thoreb-telemetria-nix".path;
+      thoreb-itinerario-nix = mkNixRunner config.sops.secrets."gitlab-runners/thoreb-itinerario-nix".path;
 
       default = {
         # File should contain at least these two variables:
@@ -31,6 +30,12 @@ in
   systemd.services.gitlab-runner.serviceConfig.Nice = 10;
 
   sops.secrets = {
+    "gitlab-runners/thoreb-telemetria-nix" = {
+      sopsFile = ../secrets/monolith/default.yaml;
+    };
+    "gitlab-runners/thoreb-itinerario-nix" = {
+      sopsFile = ../secrets/monolith/default.yaml;
+    };
     "gitlab-runners/docker-images-token" = {
       sopsFile = ../secrets/monolith/default.yaml;
     };