diff --git a/.sops.yaml b/.sops.yaml
index f14f0e2..6a98abc 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,6 +1,8 @@
   keys:
     - &Lyn age18c6zws9wk9r7dxjqafwj2l2ex5mn5v8u6yrd2ys9ng8q09rsedpqm38jzv
     - &forgenite age1u4dtlq4lavqufzsqfqlsnu67u3x2t3d7ffxkqrah2des4dlxns2slegl38
+    - &forgejo-ci age13pau3xqusxuczm9kwpxg4fdze4xhenfwmjw80ed7g336a8x7tqpqdqvjjj
+
   creation_rules:
     - path_regex: secrets/all/[^/]+\.yaml$
       key_groups:      
@@ -13,3 +15,8 @@
         - age:
           - *Lyn
           - *forgenite
+    - path_regex: secrets/hosts/forgejo-ci.yaml
+      key_groups:
+        - age:
+          - *Lyn
+          - *forgejo-ci
diff --git a/flake.nix b/flake.nix
index 1593567..2109647 100644
--- a/flake.nix
+++ b/flake.nix
@@ -5,24 +5,36 @@
     sops-nix.url = "github:Mic92/sops-nix";
     nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
   };
-  outputs = {self, nixpkgs, nixpkgs-unstable, sops-nix }@inputs: {
+  outputs = {self, nixpkgs, nixpkgs-unstable, sops-nix }@inputs: let 
   
-  nixosConfigurations = {
-    "forgejo" = nixpkgs.lib.nixosSystem {
+  passInputs = ({lib,config,...}:{
+    options.inputs = lib.mkOption{type = lib.types.attrs;};
+    config.inputs = inputs;
+    options.pkgsInstances = lib.mkOption{type = lib.types.attrs;};
+    config.pkgsInstances = {
+      unstable = import inputs.nixpkgs-unstable{system = config.nixpkgs.system;};
+    };
+  });
+  
+  in {
+
+    nixosConfigurations = {
+      "forgejo" = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
-	modules = [
+        modules = [
           ./hosts/forgenite
           sops-nix.nixosModules.sops
-	  ({lib,config,...}:{
-	    options.inputs = lib.mkOption{type = lib.types.attrs;};
-	    config.inputs = inputs;
-	    options.pkgsInstances = lib.mkOption{type = lib.types.attrs;};
-            config.pkgsInstances = {
-		unstable = import inputs.nixpkgs-unstable{system = config.nixpkgs.system;};
-	    };
-	  })
+          passInputs
         ];
+      };
+      "forgejo-ci" = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          ./hosts/forgejo-ci
+          sops-nix.nixosModules.sops
+          passInputs
+        ];
+      };
     };
   };
-};
 }
diff --git a/hosts/forgejo-ci/default.nix b/hosts/forgejo-ci/default.nix
new file mode 100644
index 0000000..a0727aa
--- /dev/null
+++ b/hosts/forgejo-ci/default.nix
@@ -0,0 +1,19 @@
+{ config, pkgs, lib, inputs, ... }: {
+  imports =
+    [
+      ./../../services/forgejo-ci.nix
+      ./hardware-configuration.nix
+      ./../../users/lyn
+      ./../../meta/profiles/base.nix
+      ./../../meta/profiles/vm.nix
+    ];
+  lyn.sops.secrets."hosts/frottjo-ci-runner/forgejo_ci-token".owner = "gitea-runner";
+  # Use UEFI
+  boot.loader.systemd-boot.enable = true;
+
+  networking.hostName = "forgenite"; # Define your hostname.
+
+  # Firewall stuff:
+  networking.firewall.enable = true;
+  networking.firewall.allowPing = true;
+}
\ No newline at end of file
diff --git a/hosts/forgejo-ci/hardware-configuration.nix b/hosts/forgejo-ci/hardware-configuration.nix
new file mode 100644
index 0000000..0f10cb8
--- /dev/null
+++ b/hosts/forgejo-ci/hardware-configuration.nix
@@ -0,0 +1,38 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/58fe64e6-74c3-4a96-885c-340a3126d1f0";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/40A9-C398";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/4d39c334-1726-4646-95d3-ecbedbf21ddb"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp6s18.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}
diff --git a/hosts/forgenite/default.nix b/hosts/forgenite/default.nix
index ba02e48..3d2af14 100644
--- a/hosts/forgenite/default.nix
+++ b/hosts/forgenite/default.nix
@@ -11,7 +11,7 @@
   # Use UEFI
   boot.loader.systemd-boot.enable = true;
 
-  networking.hostName = "forgejo"; # Define your hostname.
+  networking.hostName = "forgenite"; # Define your hostname.
 
   # Firewall stuff:
   networking.firewall.enable = true;
diff --git a/secrets/hosts/forgejo-ci.yaml b/secrets/hosts/forgejo-ci.yaml
new file mode 100644
index 0000000..adb9d56
--- /dev/null
+++ b/secrets/hosts/forgejo-ci.yaml
@@ -0,0 +1,32 @@
+hosts:
+    forgejo-ci:
+        forgejo_ci_token: ENC[AES256_GCM,data:zZQPn/YxMKly1hcT2m3cGoIILh4wG7GiCXwiKRwNLrrPfwJlfAUn9g==,iv:xKVR09JhCIM5plxifcHeAEcsp1UyuXaqXaQCqIPywtU=,tag:zF032vUnTr8Mj79ZLCWcfg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age18c6zws9wk9r7dxjqafwj2l2ex5mn5v8u6yrd2ys9ng8q09rsedpqm38jzv
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhMG5zVlFXWjNYdFVjdEd3
+            WWliRGtBR2YrTEtYcXF0WmI1NnNQc0NnN2dFCjVMMXVWVzJ3Z3g3NjlBaFNSdFFy
+            NWxSNjNxN2hFNWYyQkRVUHBGa25laFkKLS0tIFpWaEE4MDBPTWhFdnBOOWNtRC80
+            YW9QUWJCRmhhYm1Zb2t6RFJ1SStERHMK8Yk/lGQYocea8MaR4c7/7tkRSqIcjYrO
+            +i1HN9gIrasVtZF1k0YuSB7sCCQ+oVvKtVCR7TRoeJhoxqgQZ/q5RQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age13pau3xqusxuczm9kwpxg4fdze4xhenfwmjw80ed7g336a8x7tqpqdqvjjj
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2TWhSM3lYK3JMQUc0WDUz
+            VlEySTNTN2ZaMHo0OXlyTWNPYVhSWE5uZkNJCkFqNHJCc3h6WkVJUkYxM0VibFRY
+            MWdYYWdtd1FnMmdtMndIY3gvcmJVQzQKLS0tIFpZV2RrZTg3cWxJOFlkY2F3TWRW
+            SVdvMjEyVi81Nnh1UndKMGdXRkIwQjgK+uRsg09wkhyYMW/31mCrRK1AE/Zrvcy8
+            Vc7oHU0jscuhBNl/nMRsdquUgIZ67wAf6xJHjAXkUmQ2zi3PVXELvw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-09-06T03:55:48Z"
+    mac: ENC[AES256_GCM,data:H9RZy7w/quqfjMedaQe1NHAasC0FspxcXPyAXoy5uZaAoevNdXQNIe5yqBW+BRrw/5uIKKtLuS7YS5B3evpor2WRV0EeoPmy4dI/oFYZWg2kNzLVTumxQp4Q1vOOcrBrMUmm7OeoItr85p42Cx/08I9TnwRieGMnG5Mn0J6o+Zo=,iv:XbWd6j2LhhOld7NXN2m58f1cUJpLcdb3Ywf0bNkQYdA=,tag:T5gTjfRCCLfGFtIzXE7OfA==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.0
diff --git a/services/forgejo-ci.nix b/services/forgejo-ci.nix
new file mode 100644
index 0000000..6294b1d
--- /dev/null
+++ b/services/forgejo-ci.nix
@@ -0,0 +1,29 @@
+{ config, pkgs, lib, inputs, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    docker
+    forgejo-actions-runner
+    
+];
+
+  # Enable docker
+  virtualisation.docker = {
+    enable = true;
+    daemon.settings = {
+      fixed-cidr-v6 = "fd00::/80";
+      ipv6 = true;
+    };
+  };
+  # Forgejo actions runner
+  services.gitea-actions-runner = {
+    instances = {
+      "shibepro-ci" = {
+        enable = true;
+            url = "https://git.shibe.pro";
+            name = "shibepro-ci";
+            tokenFile = config.sops.secrets."hosts/forgejo-ci/forgejo_ci-token".path;
+            labels = [];
+      };
+    };
+  };
+}
\ No newline at end of file