diff --git a/nix/hosts/chaewon/home.nix b/nix/hosts/chaewon/home.nix
index 1584655..201bbe7 100644
--- a/nix/hosts/chaewon/home.nix
+++ b/nix/hosts/chaewon/home.nix
@@ -13,6 +13,7 @@
       tailscale
 
       nginx
+      docker
     ];
   in packages;
 }
diff --git a/nix/hosts/chaewon/sys.nix b/nix/hosts/chaewon/sys.nix
index 465994b..9c63387 100644
--- a/nix/hosts/chaewon/sys.nix
+++ b/nix/hosts/chaewon/sys.nix
@@ -1,5 +1,5 @@
 { inputs, config, pkgs, lib, ... }: {
-  imports = [ ./hw.nix ];
+  imports = [ ./hw.nix ../../modules/secrets.nix ];
 
   time.timeZone = "America/New_York";
 
@@ -156,6 +156,25 @@
     };
   };
 
+  virtualisation.docker.enable = true;
+
+  services.gitea-actions-runner = {
+    package = pkgs.forgejo-actions-runner;
+    instances.default = {
+      enable = true;
+      name = "monolith";
+      url = "https://git.priime.dev";
+      tokenFile = config.age.secrets.forgejo-runner-token.path;
+      # Default labels
+      labels = [
+        "ubuntu-latest:docker://node:16-bullseye"
+        "ubuntu-22.04:docker://node:16-bullseye"
+        "ubuntu-20.04:docker://node:16-bullseye"
+        "ubuntu-18.04:docker://node:16-buster"
+      ];
+    };
+  };
+
   services.tailscale.enable = true;
 
   services.thelounge.enable = true;
diff --git a/nix/modules/secrets.nix b/nix/modules/secrets.nix
new file mode 100644
index 0000000..7267cfb
--- /dev/null
+++ b/nix/modules/secrets.nix
@@ -0,0 +1,6 @@
+{ config, ... }:
+{
+  age.secrets = {
+    forgejo-runner-token.file = ../../secrets/forgejo-runner-token.age;
+  };
+}
diff --git a/secrets/forgejo-runner-token.age b/secrets/forgejo-runner-token.age
new file mode 100644
index 0000000..3433d1d
--- /dev/null
+++ b/secrets/forgejo-runner-token.age
@@ -0,0 +1,11 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEIrN21jdyBtaVpU
+dzJYS0VRTGh5R2kzQWtZSHYwWTdVNWJMLzFMSG9SZnNmeHRxWGprCnRyb2JLMlVt
+d0xTRnFSKzlpNXROYjRiTGlMeWNEM041aHYrVllPS2dWL2MKLT4gc3NoLWVkMjU1
+MTkgN045S1hnIG9HSlJ5bGlIQVRQK2t5TVBrSXJ1OTdBRjg4bll1ZHRad2RtMVMr
+ZDBoWGMKZGExMUhVWEdQYkpoYXgvazAwcC9CSDkxYkREdmF5WGR1RDJUdEJTb2Jt
+OAotPiBQPkdRLGJsLWdyZWFzZQpyWDdGQnRyb2hmelUzZTE4TWlRZEpHYktBQUJ0
+MHJNCi0tLSBSaEF2NXRaOFpYZlpLNk1Jd1BRVGVRYjJVTkZBd0V1YjJFMjN5V0Ra
+dW9ZCvZH5Mz7x4CfsVjVBYm/Lh0f1O6y9FiA5aONR7a6LA4lNMWwwjNXhFLMASG6
+tBIipz5c6+5WHx/Vlw7SENZ3szFotWYsofyCF8mEJ1E1NA==
+-----END AGE ENCRYPTED FILE-----
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
new file mode 100644
index 0000000..20213a5
--- /dev/null
+++ b/secrets/secrets.nix
@@ -0,0 +1,7 @@
+let
+  main = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBGpnPYxrYnmtFaf591Q80FQPb01dqTwlH58V6uRa7Fi";
+  chaewon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN3rS/k+1jaTtly0/SHvYZ8yy2LJqNk/5HN0wdGRpoqa";
+in
+{
+  "forgejo-runner-token.age".publicKeys = [ main chaewon ];
+}