diff --git a/.github/workflows/apply-kubernetes.yml b/.gitea/workflows/apply-kubernetes.yml
similarity index 100%
rename from .github/workflows/apply-kubernetes.yml
rename to .gitea/workflows/apply-kubernetes.yml
diff --git a/.github/workflows/backup-zfs.yml b/.gitea/workflows/backup-zfs.yml
similarity index 100%
rename from .github/workflows/backup-zfs.yml
rename to .gitea/workflows/backup-zfs.yml
diff --git a/.github/workflows/beets-sync.yml b/.gitea/workflows/beets-sync.yml
similarity index 100%
rename from .github/workflows/beets-sync.yml
rename to .gitea/workflows/beets-sync.yml
diff --git a/.github/workflows/libation-sync.yml b/.gitea/workflows/libation-sync.yml
similarity index 100%
rename from .github/workflows/libation-sync.yml
rename to .gitea/workflows/libation-sync.yml
diff --git a/.github/workflows/update-home-server.yml b/.gitea/workflows/update-home-server.yml
similarity index 100%
rename from .github/workflows/update-home-server.yml
rename to .gitea/workflows/update-home-server.yml
diff --git a/.github/workflows/update-playlist.yml b/.gitea/workflows/update-playlist.yml
similarity index 100%
rename from .github/workflows/update-playlist.yml
rename to .gitea/workflows/update-playlist.yml
diff --git a/nix/home-server.nix b/nix/home-server.nix
index 8e2546a..00d6e86 100644
--- a/nix/home-server.nix
+++ b/nix/home-server.nix
@@ -286,6 +286,45 @@
       ];
     };
   };
+
+  services.gitea-actions-runner = {
+    instances.infrastructure = {
+      enable = true;
+      name = "infrastructure-runner";
+      url = "https://git.alexmickelson.guru";
+      tokenFile = "/data/runner/gitea-infrastructure-token.txt";
+      labels = ["home-server"];
+      hostPackages = with pkgs; [
+        docker
+        git-secret
+        zfs
+        sanoid
+        mbuffer
+        lzop
+        kubectl
+        kubernetes-helm
+      ];
+    };
+  };
+  systemd.services.gitea-actions-runner-infrastructure.serviceConfig = {
+    ReadWritePaths = [
+      "/data/cloudflare/"
+      "/data/runner/infrastructure"
+      "/data/runner"
+      "/home/github/infrastructure"
+    ];
+
+    PrivateDevices = false;
+    DeviceAllow = [ "/dev/zfs rw" ];
+    ProtectProc = false;
+    ProtectSystem = false;
+    PrivateMounts = false;
+    PrivateUsers = false;
+    ProtectHome = false;
+
+    Restart = "always";
+  };
+
   
   networking.firewall.enable = false;