diff --git a/.forgejo/workflows/check.yml b/.forgejo/workflows/check.yml
new file mode 100644
index 0000000..3a57dd9
--- /dev/null
+++ b/.forgejo/workflows/check.yml
@@ -0,0 +1,11 @@
+on: [push]
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: install nix action
+        uses: https://github.com/DeterminateSystems/nix-installer-action@main
+        with:
+          github-token: ${{ secrets.GH_TOKEN }}
+      - run: nix flake check
diff --git a/.forgejo/workflows/flake-lock-update.yml b/.forgejo/workflows/flake-lock-update.yml
new file mode 100644
index 0000000..e69de29
diff --git a/.forgejo/workflows/fmt.yml b/.forgejo/workflows/fmt.yml
new file mode 100644
index 0000000..e69de29
diff --git a/.woodpecker/checks.yml b/.woodpecker/checks.yml
deleted file mode 100644
index 72f8c83..0000000
--- a/.woodpecker/checks.yml
+++ /dev/null
@@ -1,11 +0,0 @@
-steps:
-  check:
-    image: nixos/nix
-    commands:
-      - echo 'experimental-features = flakes nix-command' >> /etc/nix/nix.conf
-      - nix flake check
-  fmt:
-    image: nixos/nix
-    commands:
-      - echo 'experimental-features = flakes nix-command' >> /etc/nix/nix.conf
-      - nix run nixpkgs#alejandra -- -c .
diff --git a/hosts/sakura/services/default.nix b/hosts/sakura/services/default.nix
index ebc4adc..7b9d5e9 100644
--- a/hosts/sakura/services/default.nix
+++ b/hosts/sakura/services/default.nix
@@ -4,7 +4,6 @@
     ./authelia.nix
     ./forgejo.nix
     ./rustypaste.nix
-    ./woodpecker.nix
     ./hedgedoc.nix
     ./dashdot.nix
     ./grafana.nix
diff --git a/hosts/sakura/services/forgejo.nix b/hosts/sakura/services/forgejo.nix
index 5ad579c..e9eca03 100644
--- a/hosts/sakura/services/forgejo.nix
+++ b/hosts/sakura/services/forgejo.nix
@@ -1,4 +1,10 @@
-{lib, ...}: {
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: {
+  sops.secrets.forgejo-runner-token = {owner = "forgejo";};
   services.forgejo = {
     enable = true;
     stateDir = "/var/lib/forgejo";
@@ -10,7 +16,7 @@
       };
       actions = {
         ENABLED = true;
-        DEFAULT_ACTIONS_URL = "https://gitea.com";
+        DEFAULT_ACTIONS_URL = "https://code.forgejo.org";
       };
       server = {
         HTTP_PORT = 3200;
@@ -32,4 +38,23 @@
       };
     };
   };
+  services.gitea-actions-runner.instances.main = {
+    enable = true;
+    name = config.networking.hostName;
+    url = "https://git.flake.sh";
+    token = config.sops.secrets.forgejo-runner-token.path;
+    labels = [
+      "debian-latest:docker://node:18-bullseye"
+      "ubuntu-latest:docker://node:18-bullseye"
+      #"native:host"
+    ];
+    hostPackages = with pkgs; [
+      bash
+      curl
+      coreutils
+      wget
+      gitMinimal
+      wget
+    ];
+  };
 }
diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml
index 933adf2..1f186f3 100644
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -13,6 +13,7 @@ miniflux: ENC[AES256_GCM,data:C4kurW7+C62ewPUalvJWnxV/fipCEwFFvkAst13aRAwi0v+R8g
 authelia-jwt: ENC[AES256_GCM,data:cAn2uZeSGjG2FqTFgZkupcSutCZLvZXCNBsxuUQvGX4=,iv:1OTDQzQwaPTmnTEB4TfnxU6l8CdBAlHfqFThE8QZa6A=,tag:KJ6aYDczHFajhLJHemfIQw==,type:str]
 authelia-sek: ENC[AES256_GCM,data:yWhAvl1AuEcrUCFAv2vcz6A8BLEIMIz9sqbFRAriHpw=,iv:i887EZgqGtRfFs6mHHAJry0XfQzvrTaDliz8PRh7oLs=,tag:dmn2GSG8gZk9CVXMNmH1Dw==,type:str]
 cloudflareddns: ENC[AES256_GCM,data:xow7oaqa3QbMPwggx2zmGvLcKmov7isvLLZKuC6jW/SNjst8kicSQmNhrZw8M/eq8TuqxOT4BqMILQ+I7As2ZCOjSbEBxi1DwU/z47qI,iv:W8UH4kWlh9JyxcGkeuOjRZKqjOHDg9vpzXezHYs1kEg=,tag:YgGk7svEQr9sqLJtKWcHqA==,type:str]
+forgejo-runner-token: ENC[AES256_GCM,data:cmE70bA22B1YMr/iD32f+TRhk/X1f4aA8N4z1NGj4GxLgYMXkS1FpA==,iv:8XQ00VnQTyOh3wgb3ipO8P0QTo3qPSAJXvf7rRGi+Tc=,tag:QZpyUa+MDL8Hsjj3mdpOnA==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -28,8 +29,8 @@ sops:
             YWNQcURKMSs2U0pOa3E0cTdCZ3RnalkKGayA7DBUQS+kn+6OYVBc6oTunF0qeZdt
             5b9DLHgh0HRWFm09XGSOog8K315d93Wzblw1My1/dXeEQX/ryinqUQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-10-03T19:45:04Z"
-    mac: ENC[AES256_GCM,data:wTc3M3ivjFWumD0pjSPfaf96dAefRCGxupx7X7F4LiH0RsgsX6godc9N9Er1S5rk/uht07rwpMTdEPUXKRofsRlUrLPaOu/q/74QptNCLtwSQxTIpSiWyIYeQz1nuizkqdZdCCaBXAiVpk8vPp9RDe21ZUgZzEDOeWrg9cYMFmg=,iv:8xzWyRQz6w764ZFAaMKf47HqlkJEVgVUjOeP8cvKlTE=,tag:/nfRoAEAb2IzknuD0CDnEA==,type:str]
+    lastmodified: "2023-10-05T18:49:20Z"
+    mac: ENC[AES256_GCM,data:kREsbUEnGXtF5gsAsYt3OwlIK2EirR6qP5hTHcdiEqtSpfjjYR1ifDEGL3Pdr3it/aceuHXprxf3UcTHlIlmQFp/m7UQdiQVp/nUJnSCcWKNxPUru832rp6T41mQ6iU+Np9rHSUMGhKeUEFUBuIFqVScWG/HmZvti079ZcFRBCQ=,iv:G0mgLbH2WiOQOfRgYFeH5k+FtGaaN4mKvKf/WQB/nZk=,tag:c/WOM52rSTquTfT5hKyxiw==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.0