diff --git a/flake.nix b/flake.nix
index 3bff3c6..f3a4532 100644
--- a/flake.nix
+++ b/flake.nix
@@ -123,6 +123,7 @@
           modules = [
             ./hosts/monolith.nix
             ./system/monolith-gitlab-runner.nix
+            ./system/monolith-forgejo-runner.nix
             ./system/nix-serve.nix
             ./system/steam.nix
           ] ++ common_modules;
diff --git a/secrets/monolith-forgejo-runner-token.age b/secrets/monolith-forgejo-runner-token.age
new file mode 100644
index 0000000..aa3deb8
Binary files /dev/null and b/secrets/monolith-forgejo-runner-token.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 976cc88..90de405 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -5,6 +5,7 @@ in
   "rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age".publicKeys = [ main_ssh_public_key ];
   "monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age".publicKeys = [ main_ssh_public_key ];
   "gitlab-runner-thoreb-telemetria-registrationConfigFile.age".publicKeys = [ main_ssh_public_key ];
+  "monolith-forgejo-runner-token.age".publicKeys = [ main_ssh_public_key ];
   "lelgenio-cachix.age".publicKeys = [ main_ssh_public_key ];
   "monolith-nix-serve-privkey.age".publicKeys = [ main_ssh_public_key ];
   "phantom-nextcloud.age".publicKeys = [ main_ssh_public_key ];
diff --git a/system/monolith-forgejo-runner.nix b/system/monolith-forgejo-runner.nix
new file mode 100644
index 0000000..2fa82b4
--- /dev/null
+++ b/system/monolith-forgejo-runner.nix
@@ -0,0 +1,19 @@
+{ pkgs, config, ... }: {
+  services.gitea-actions-runner = {
+    package = pkgs.forgejo-actions-runner;
+    instances.default = {
+      enable = true;
+      name = "monolith";
+      url = "https://git.lelgenio.xyz";
+      tokenFile = config.age.secrets.monolith-forgejo-runner-token.path;
+      labels = [
+        # provide a debian base with nodejs for actions
+        "debian-latest:docker://node:18-bullseye"
+        # fake the ubuntu name, because node provides no ubuntu builds
+        "ubuntu-latest:docker://node:18-bullseye"
+        # provide native execution on the host
+        #"native:host"
+      ];
+    };
+  };
+}
diff --git a/system/secrets.nix b/system/secrets.nix
index 22c5d14..c94581c 100644
--- a/system/secrets.nix
+++ b/system/secrets.nix
@@ -6,6 +6,8 @@
       ../secrets/monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age;
     secrets.gitlab-runner-thoreb-telemetria-registrationConfigFile.file =
       ../secrets/gitlab-runner-thoreb-telemetria-registrationConfigFile.age;
+    secrets.monolith-forgejo-runner-token.file =
+      ../secrets/monolith-forgejo-runner-token.age;
     secrets.rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.file =
       ../secrets/rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age;
     secrets.monolith-nix-serve-privkey.file =