diff --git a/.agenix_config.nix b/.agenix_config.nix
index 03406f0..df86029 100644
Binary files a/.agenix_config.nix and b/.agenix_config.nix differ
diff --git a/hosts/istal/services/default.nix b/hosts/istal/services/default.nix
index 4bcfcce..06f5abe 100644
--- a/hosts/istal/services/default.nix
+++ b/hosts/istal/services/default.nix
@@ -1,5 +1,6 @@
 {
   imports = [
+    ./forgejo-runners
     ./wireguard
     ./docker-registry-proxy.nix
     ./nginx.nix
diff --git a/hosts/istal/services/forgejo-runners/default.nix b/hosts/istal/services/forgejo-runners/default.nix
new file mode 100644
index 0000000..f5e1d0f
--- /dev/null
+++ b/hosts/istal/services/forgejo-runners/default.nix
@@ -0,0 +1,21 @@
+{ config, pkgs, ... }:
+
+{
+  age.secrets.forgejo-runner-docker-token.file = ./forgejo-runner-docker-token.age;
+
+  local.system.kernel = "stable";
+  virtualisation.docker.enable = true;
+
+  services.gitea-actions-runner = {
+    package = pkgs.unstable.forgejo-runner;
+    instances = {
+      istal-docker = {
+        enable = true;
+        name = "istal-docker";
+        url = "https://git.pleshevski.ru";
+        labels = [ "ubuntu-22.04:docker://node:22-bullseye" ];
+        tokenFile = config.age.secrets.forgejo-runner-docker-token.path;
+      };
+    };
+  };
+}
diff --git a/hosts/istal/services/forgejo-runners/forgejo-runner-docker-token.age b/hosts/istal/services/forgejo-runners/forgejo-runner-docker-token.age
new file mode 100644
index 0000000..7ac1fcd
Binary files /dev/null and b/hosts/istal/services/forgejo-runners/forgejo-runner-docker-token.age differ