diff --git a/clusters/cl01tl/platform/gitea/Chart.yaml b/clusters/cl01tl/platform/gitea/Chart.yaml
index 22df38fc3..6978c4856 100644
--- a/clusters/cl01tl/platform/gitea/Chart.yaml
+++ b/clusters/cl01tl/platform/gitea/Chart.yaml
@@ -30,6 +30,10 @@ dependencies:
     alias: renovate
     repository: https://bjw-s.github.io/helm-charts/
     version: 3.7.2
+  - name: app-template
+    alias: act-runners
+    repository: https://bjw-s.github.io/helm-charts/
+    version: 3.7.2
   - name: app-template
     alias: backup
     repository: https://bjw-s.github.io/helm-charts/
diff --git a/clusters/cl01tl/platform/gitea/templates/external-secret.yaml b/clusters/cl01tl/platform/gitea/templates/external-secret.yaml
index 3ecd0d0f1..181f38766 100644
--- a/clusters/cl01tl/platform/gitea/templates/external-secret.yaml
+++ b/clusters/cl01tl/platform/gitea/templates/external-secret.yaml
@@ -61,6 +61,31 @@ spec:
         metadataPolicy: None
         property: client
 
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: gitea-runner-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: gitea-runner-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: runner
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: token-1
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/gitea/runner
+        metadataPolicy: None
+        property: token-1
+
 ---
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
diff --git a/clusters/cl01tl/platform/gitea/values.yaml b/clusters/cl01tl/platform/gitea/values.yaml
index 1387849e0..63f967fb4 100644
--- a/clusters/cl01tl/platform/gitea/values.yaml
+++ b/clusters/cl01tl/platform/gitea/values.yaml
@@ -130,6 +130,50 @@ gitea:
     enabled: false
   mariadb:
     enabled: false
+act-runners:
+  controllers:
+    main:
+      type: deployment
+      replicas: 1
+      strategy: Recreate
+      revisionHistoryLimit: 3
+      containers:
+        # alexlebens/helm-charts
+        runner-1:
+          image:
+            repository: gitea/act_runner
+            tag: 0.2.10-dind-rootless
+            pullPolicy: IfNotPresent
+          env:
+            - name: DOCKER_HOST
+              value: tcp://localhost:2376
+            - name: DOCKER_CERT_PATH
+              value: /certs/client
+            - name: DOCKER_TLS_VERIFY
+              value: "1"
+            - name: GITEA_INSTANCE_URL
+              value: http://gitea-http.gitea.svc.cluster.local:3000
+            - name: GITEA_RUNNER_REGISTRATION_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: gitea-runner-secret
+                  key: token-1
+          resources:
+            requests:
+              cpu: 100m
+              memory: 256Mi
+  serviceAccount:
+    create: true
+  persistence:
+    data-1:
+      storageClass: ceph-block
+      accessMode: ReadWriteOnce
+      size: 1Gi
+      advancedMounts:
+        main:
+          runner-1:
+            - path: /data
+              readOnly: false
 renovate:
   global:
     fullnameOverride: gitea-renovate