diff --git a/compose/.DS_Store b/compose/.DS_Store
new file mode 100644
index 0000000..5008ddf
Binary files /dev/null and b/compose/.DS_Store differ
diff --git a/compose/git.yml b/compose/git.yml
index 6f7109b..8271870 100644
--- a/compose/git.yml
+++ b/compose/git.yml
@@ -1,70 +1,88 @@
-services:
-  postgres:
-    image: postgres:latest
-    volumes:
-      - ${DATA_DIR:-/var/lib/homelab}/postgres:/var/lib/postgresql/data
-    environment:
-      POSTGRES_DB: ${DB_NAME}
-      POSTGRES_USER: ${DB_USER}
-      POSTGRES_PASSWORD: ${DB_PASSWORD}
+# Create a secret with:
+#
+#   openssl rand -hex 20
 
-  forgejo:
-    image: codeberg.org/forgejo/forgejo:8-rootless
-    depends_on:
-      - postgres
-    volumes:
-      - ${DATA_DIR:-/var/lib/homelab}/forgejo:/data
-    stop_signal: SIGKILL
-    ports:
-      - "3000:3000"
-      - "2222:2222"
-    environment:
-      FORGEJO__server__ROOT_URL: https://${FORGEJO_ROOT_URL}
-      FORGEJO__server__START_SSH_SERVER: true
-      FORGEJO__server__SSH_PORT: 2222
-      FORGEJO__server__SSH_DOMAIN: ${FORGEJO_ROOT_URL}
-      FORGEJO__database__DB_TYPE: postgres
-      FORGEJO__database__HOST: postgres:5432
-      FORGEJO__database__NAME: ${DB_NAME}
-      FORGEJO__database__USER: ${DB_USER}
-      FORGEJO__database__PASSWD: ${DB_PASSWORD}
-      FORGEJO__security__INSTALL_LOCK: "true"
-      FORGEJO__repository__ENABLE_PUSH_CREATE_USER: "true"
-
-  woodpecker:
-    image: woodpeckerci/woodpecker-server:latest
-    volumes:
-      - ${DATA_DIR:-/var/lib/homelab}/woodpecker:/var/lib/woodpecker
-    stop_signal: SIGKILL
-    ports:
-      - "8008:8000"
-    environment:
-      WOODPECKER_OPEN: "true"
-      WOODPECKER_HOST: https://${WOODPECKER_ROOT_URL}
-      WOODPECKER_AGENT_SECRET: ${WOODPECKER_AGENT_SECRET}
-      WOODPECKER_FORGEJO: "true"
-      WOODPECKER_FORGEJO_URL: https://${FORGEJO_ROOT_URL}
-      WOODPECKER_FORGEJO_CLIENT: ${WOODPECKER_FORGEJO_CLIENT}
-      WOODPECKER_FORGEJO_SECRET: ${WOODPECKER_FORGEJO_SECRET}
-      WOODPECKER_GRPC_ADDR: ":9000"
-
-  woodpecker-agent:
-    image: woodpeckerci/woodpecker-agent:latest
-    command: agent
-    restart: always
-    depends_on:
-      - woodpecker
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-    environment:
-      WOODPECKER_SERVER: woodpecker:9000
-      WOODPECKER_AGENT_SECRET: ${WOODPECKER_AGENT_SECRET}
-      WOODPECKER_MAX_PROCS: ${WOODPECKER_MAX_PROCS:-2}
-      WOODPECKER_HEALTHCHECK: "false"
-    networks:
-      - default
 
 volumes:
-  forgejo-data:
-  woodpecker-data:
-  postgres-data:
+  docker_certs:
+  forgejo_data:
+  runner_data:
+
+services:
+
+  docker-in-docker:
+    image: code.forgejo.org/oci/docker:dind
+    hostname: docker
+    privileged: true
+    environment:
+      DOCKER_TLS_CERTDIR: /certs
+      DOCKER_HOST: docker-in-docker
+    volumes:
+      - docker_certs:/certs
+
+  forgejo:
+    image: codeberg.org/forgejo/forgejo:8
+    command: >-
+      bash -c '
+      /bin/s6-svscan /etc/s6 &
+      sleep 10 ;
+      su -c "forgejo forgejo-cli actions register --secret ${SHARED_SECRET}" git ;
+      sleep infinity
+      '      
+    environment:
+      FORGEJO__security__INSTALL_LOCK: "true"
+      FORGEJO__log__LEVEL: "debug"
+      FORGEJO__repository__ENABLE_PUSH_CREATE_USER: "true"
+      FORGEJO__repository__DEFAULT_PUSH_CREATE_PRIVATE: "false"
+      FORGEJO__repository__DEFAULT_REPO_UNITS: "repo.code,repo.actions"
+      FORGEJO__APP_NAME: ${FORGEJO_APP_NAME}
+      FORGEJO__APP_SLOGAN: ${FORGEJO_APP_SLOGAN}
+      FORGEJO__server__ROOT_URL: ${FORGEJO_ROOT_URL}
+
+    volumes:
+      - forgejo_data:/data
+    ports:
+      - '8080:3000'
+      - '2222:22'
+
+  runner-register:
+    image: code.forgejo.org/forgejo/runner:3.4.1
+    links:
+      - docker-in-docker
+      - forgejo
+    environment:
+      DOCKER_HOST: tcp://docker-in-docker:2376
+    volumes:
+      - runner_data:/data
+    user: 0:0
+    command: >-
+      bash -ec '
+      while : ; do
+        forgejo-runner create-runner-file --connect --instance http://forgejo:3000 --name runner --secret ${SHARED_SECRET} && break ;
+        sleep 1 ;
+      done ;
+      sed -i -e "s|\"labels\": null|\"labels\": [\"docker:docker://code.forgejo.org/oci/alpine:3.18\", \"ubuntu-latest:docker://catthehacker/ubuntu:act-22.04\"]|" .runner ;
+      forgejo-runner generate-config > config.yml ;
+      sed -i -e "s|network: .*|network: host|" config.yml ;
+      sed -i -e "s|^  envs:$$|  envs:\n    DOCKER_HOST: tcp://docker:2376\n    DOCKER_TLS_VERIFY: 1\n    DOCKER_CERT_PATH: /certs/client|" config.yml ;
+      sed -i -e "s|^  options:|  options: -v /certs/client:/certs/client|" config.yml ;
+      sed -i -e "s|  valid_volumes: \[\]$$|  valid_volumes:\n    - /certs/client|" config.yml ;
+      chown -R 1000:1000 /data
+      '      
+
+  runner-daemon:
+    image: code.forgejo.org/forgejo/runner:3.4.1
+    links:
+      - docker-in-docker
+      - forgejo
+    environment:
+      DOCKER_HOST: tcp://docker:2376
+      DOCKER_CERT_PATH: /certs/client
+      DOCKER_TLS_VERIFY: "1"
+    volumes:
+      - runner_data:/data
+      - docker_certs:/certs
+    command: >-
+      bash -c '
+      while : ; do test -w .runner && forgejo-runner --config config.yml daemon ; sleep 1 ; done
+      '