diff --git a/hosts/ci/configuration.nix b/hosts/ci/configuration.nix
index e0f9428..f24380b 100644
--- a/hosts/ci/configuration.nix
+++ b/hosts/ci/configuration.nix
@@ -4,5 +4,7 @@
     ../../shared/base.nix
     ../../shared/hardware/vm.nix
     ../../shared/disko/basic-ext4.nix
+
+    ../../servers/ci.nix
   ];
 }
diff --git a/servers/ci.nix b/servers/ci.nix
new file mode 100644
index 0000000..a0a7c27
--- /dev/null
+++ b/servers/ci.nix
@@ -0,0 +1,45 @@
+{ pkgs, config, ... }:
+{
+  networking.firewall.trustedInterfaces = [ "br-+" ];
+
+  services.gitea-actions-runner = {
+    package = pkgs.forgejo-runner;
+    instances.default = {
+      enable = true;
+      name = "ci.sinerva.eu";
+      url = "https://forgejo.sinerva.eu";
+      tokenFile = "/persist/secrets/forgejo_token";
+      labels = [
+        "ubuntu-24.04-lts:docker://ubuntu:24.04"
+        "ubuntu-22.04:docker://node:24-bullseye"
+        "nixos-latest:docker://nixos/nix"
+      ];
+      settings = {
+        container = {
+          network = "";
+          enable_ipv6 = true;
+        };
+      };
+    };
+  };
+
+  virtualisation.docker = {
+    enable = true;
+    daemon.settings = {
+      fixed-cidr-v6 = "${config.custom.gua_pref}d2::/64";
+      ipv6 = true;
+      ip6tables = true;
+      experimental = true;
+      default-address-pools = [
+        {
+          base = "172.30.0.0/16";
+          size = 24;
+        }
+        {
+          base = "${config.custom.gua_pref}d2:d0ce::/80";
+          size = 96;
+        }
+      ];
+    };
+  };
+}