diff --git a/hosts/server/secrets.nix b/hosts/server/secrets.nix
index 698cc70..9f439c6 100644
--- a/hosts/server/secrets.nix
+++ b/hosts/server/secrets.nix
@@ -60,6 +60,13 @@
     mode = "0440";
   };
 
+  age.secrets."forgejo-runner-token" = {
+    file = ../../secrets/forgejo-runner-token.age;
+    owner = "forgejo";
+    group = "forgejo";
+    mode = "0440";
+  };
+
   age.secrets."nextcloud-database" = {
     file = ../../secrets/nextcloud-database.age;
     owner = "nextcloud";
diff --git a/secrets/forgejo-runner-token.age b/secrets/forgejo-runner-token.age
new file mode 100644
index 0000000..47e7e7f
Binary files /dev/null and b/secrets/forgejo-runner-token.age differ
diff --git a/services/self_host/git.nix b/services/self_host/git.nix
index ebeae81..12def2a 100644
--- a/services/self_host/git.nix
+++ b/services/self_host/git.nix
@@ -35,6 +35,7 @@ in
           AUTH_URL = "https://git.enium.eu/ui/oauth2";
           TOKEN_URL = "https://git.enium.eu/oauth2/token";
           API_URL = "https://git.enium.eu/oauth2/openid/forgejo/userinfo";
+          REDIRECT_URI = "https://git.enium.eu/user/oauth2/Enium/callback";
           CODE_CHALLENGE_METHOD = "S256";
           ENABLE_AUTO_REGISTRATION = true;
           UPDATE_AVATAR = true;
@@ -51,7 +52,18 @@ in
         };
       };
     };
-
+    gitea-actions-runner = {
+      package = pkgs.forgejo-runner;
+      instances.default = {
+        enable = true;
+        name = "monolith";
+        url = "https://git.enium.eu";
+        tokenFile = config.age.secrets.forgejo-runner-token.path;
+        labels = [
+          "ubuntu-latest:docker://node:16-bullseye"
+        ];
+      };
+    };
     nginx.virtualHosts."${gitDomain}" = {
       enableACME = true;
       forceSSL = true;