diff --git a/kubernetes/main/apps/dev/forgejo-runner/kustomization.yaml b/kubernetes/main/apps/dev/forgejo-runner/app/kustomization.yaml
similarity index 55%
rename from kubernetes/main/apps/dev/forgejo-runner/kustomization.yaml
rename to kubernetes/main/apps/dev/forgejo-runner/app/kustomization.yaml
index 4b16afa..c9dc609 100644
--- a/kubernetes/main/apps/dev/forgejo-runner/kustomization.yaml
+++ b/kubernetes/main/apps/dev/forgejo-runner/app/kustomization.yaml
@@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - ./reg-token.sops.yaml
-- ./service-account.yaml
-- ./service.yaml
-- ./runner.yaml
\ No newline at end of file
+#- ./service-account.yaml
+#- ./service.yaml
+#- ./runner.yaml
+- ./runner-dep.yaml
\ No newline at end of file
diff --git a/kubernetes/main/apps/dev/forgejo-runner/app/reg-token.sops.yaml b/kubernetes/main/apps/dev/forgejo-runner/app/reg-token.sops.yaml
new file mode 100644
index 0000000..b18cea5
--- /dev/null
+++ b/kubernetes/main/apps/dev/forgejo-runner/app/reg-token.sops.yaml
@@ -0,0 +1,70 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: forgejo-runner-token
+stringData:
+    token: ENC[AES256_GCM,data:UKDiJKpmWSDJlQaq1WN23Ow3PAuVRPNWSk+zrx91zeyarYPgA6LhmQ==,iv:/JUZFaMYXVeItHsNPCs1mJxhidPi2kxbi/57atSSqAE=,tag:t0SwJLLKnTqs5fS+p1SAnQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2024-12-15T02:37:38Z"
+    mac: ENC[AES256_GCM,data:lCpKZk88pMXmsBphnNlQWRFWOz0O/ghrMN8AEtQGhckm1M6r25P6GaoBldM7891dZM1ULzthQjZdCL3Js4Q9jCnVzbuUNQW/UE9Blmfnrrf342I2+XhgMwK473Cqe8v6EpwSaxZpOA5+EUxoYmEw/lU5i0iLrsk3DdJ3CPGczo8=,iv:t/EhngcseRSK5ly5/x03tf/dxRqeY/x5ScwDldzyh4M=,tag:OMn9jwJwgCu6RaJZ6ZP17g==,type:str]
+    pgp:
+        - created_at: "2024-12-15T02:37:38Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAyqlIeyoxYovARAAywMl2DiEYnQxd7deuFeKpyDdv+iQDy5J94qp9tkS5OYH
+            HYliIjrzNy++ZduizBu9wS7R6LMn4w0rdrN7FKtZb4Ack+JHjJsjzI7E8YBn9DY8
+            OsbqShU091mJ8tSPJk2fx3n/1OAk3mil5nUdAobWJnygnQG3fUFI+UDfO39m91Ci
+            OZtTPSY9NOeCJejN1waDa0Z0F9kuKn2WKlyHoM1l/bbMI4K5HIH1hpO+z7Knvyue
+            AjcKk1rw7kS6+afv2cj9ZhQDKPaZ0eQoq9h43Csmdwy0uUghd5OzM1a0XeXhD0zL
+            gPBBNBy30mmEsiehPii/ZeOcGJ1wAPopZOv7k52nWzCb+h1ohRgIWljCfz3AlHE1
+            DrOOWAGyDXKV0FmR1Ltum8IL5tRgeOOhHe45BsVG+sWWSo9V3aOX+9EEz/9eFOhj
+            lWSP7aswAQ1ravlkJa1Y4m1CwPqWEhv4M8pkASmuj4q28lrxTpE75Zj1QkzN1no5
+            Fi7P6LXWYE39QYheCv5orH8sY1SkRN2Bl7fiLPIFFGp3AqoGOaxk8v1K7bJ6obOw
+            bR3oeGT3yuKBejT/a0wzQJrv60hhOiOj0O/Qo3aAqy7U0UW2OKDqI/SxAcuiA3m3
+            zD3aD4Ss3yjtqTnLoH6oSX9BTBssLkfl1Z6/enIam+7o+deobB/X59Opk9m0/KCF
+            AgwDXjg0p2IN1X8BEACPs0fg3Wf9z8hFQrSptKcucMlD/t+sUPZvWTgvy3sbIQIN
+            c6xHzjtJq7pgnKqFvN7V+guk4F2+AQOxsGmKcC+omH3ZawH9mhNlCBwUlEPcsEaY
+            LA1/yCVmLX50F4U3p+Z0UYbQcdmWOAJoKTw1Y3uXBdicl/P7WB+4olzTLN+aGcYv
+            vXCUSv5InZLPQ8znvJrW3gggLyaJbY75xLMaqbIH7wV7EIUy/1kFeV6SjnXoRWm1
+            u1m0D9A1oF4aOVaOgmXAS0PBC0l2Q6iLQPxx595go7QMyOFZbDSW9I01DRStCVX1
+            R46Ov1fHxxMeWFTOU64dIIPJH7bSiOVWIOWTY4M6ehgRmc+Nur8P/LsebynX5n93
+            AFmISit7oybWrRl0qjvcpt1RoLU61uVEb1e1NE6sYriDIaF+JuCqekAGlBa6lJPV
+            +PWrTk8mR7tTyRU+gWmIDPQO19X26bZBbIoY0/8nMkQP3I/BoBq5Ph/Ufu2nXUNT
+            S/cTLtzKlFqt6mkWT2agLJulhjlfhVfH8bCinE3dWTFP55UDkp33MQyLVxrqz9Im
+            fg9FR9WgNCDuPeM/SQ3O/RLsW+qYZtlmB9jgOY1nFJQSzTcvgxRJU30wyxv9O32J
+            4svXI+3EPHQOAFyylAVueJbj2HhtLLbroi0T4Z/eRTmWUDgOYETmSw/7BSK799Ro
+            AQkCEPO3ogD0ZIxLdEwiSyeKAWr+1kuci0YqwTO0DrCHZsM4Acz7h9L7MZc0SU7x
+            0mtW7Bfz1gNtFbjmKoa8jhIzu+CaoVFT80pzzvkqMknnRkHjqhglB3Q4IUp2j6dl
+            mTUZZeOiV8M=
+            =3xX0
+            -----END PGP MESSAGE-----
+          fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
+        - created_at: "2024-12-15T02:37:38Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAy5t8IMoPu4VAQ//XPYtg+p+MPu4XLJ1AEGej7fyUjb23J5U6kl54jX+rbhB
+            BxvwUpumnpGM0RPhbw/6lYRGAq8GxnHY9VNvHeW6L4ckIN3DOenJTcqOa/KD4SZN
+            eGsdbGCfs5SbbAOIjuMfGcIBd6zgm/O94E+KTv80j17T6o6gcMSkB59siWIzShOs
+            vBQdb1OwhXo/po9BIzqUeqU+5bqwsMD/pkWRfQGRUkS/ExrmCVg0AU0AniT/Tkyk
+            umVE6/nhvLEDq+6TOCvXy3eok/wlroyOFuBqQ6zhxLFfaQVCpShS3ka/g79JG1Ft
+            FVTL3lDlfaz9Tkm/0mWE70iYJk5wyBO5wRusdO9ArivSlYjyHXj0quYfU201f0ui
+            zshj/6WCfmMwa6llBj7CP1OmX9wddjgrDN5UvhYiKHyH8c+3B+YK5PkEd4Wq5bhl
+            mZOmPD5mjwBJsxivSe7qvQq8JTPuHN7BcGhZKcbLxOYDH6WhEjJvDj3PYa301cJR
+            V2Ae3uJKAXvxmUkMUS6mFYvybE83OdU2CmKPgroTq4cI0O5qap3Eum+paPozqKlS
+            8+bMD+T4mPdUNfQD9WJ48HE5WWUBRFrEbfvzEzPc221JsQvxdqg2VCCPUHjnpE3K
+            5fOr4XjbwrBZivsg+vpO150Iwj1+hJy6oUJ69Yg+NvzS+xQYJGWPS7Ibt0U+P9HU
+            aAEJAhCM2oNnauMhl+YI+2HQQfdiM8PoMFxLwCT1wtePNfhk+1jyJw4omyDb6A8K
+            R6PbYttywZeGYFV8l+Nb/EDhNg37siKnMm3cAGPBBQMReFaDjM1LLnHvgvzosSBO
+            Knn2vaTqtosn
+            =Lio/
+            -----END PGP MESSAGE-----
+          fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
+    encrypted_regex: ^(data|stringData)$
+    version: 3.9.1
diff --git a/kubernetes/main/apps/dev/forgejo-runner/app/runner-dep.yaml b/kubernetes/main/apps/dev/forgejo-runner/app/runner-dep.yaml
new file mode 100644
index 0000000..2c02176
--- /dev/null
+++ b/kubernetes/main/apps/dev/forgejo-runner/app/runner-dep.yaml
@@ -0,0 +1,75 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.4/deployment.json
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: forgejo-runner
+  labels:
+    app: forgejo-runner
+spec:
+  replicas: 5
+  selector:
+    matchLabels:
+      app: forgejo-runner
+  strategy: {}
+  template:
+    metadata:
+      labels:
+        app: forgejo-runner
+    spec:
+      restartPolicy: Always
+      volumes:
+      - name: docker-certs
+        emptyDir: {}
+      - name: runner-data
+        emptyDir: {}
+      # Initialise our configuration file using offline registration
+      # https://forgejo.org/docs/v1.21/admin/actions/#offline-registration
+      initContainers:
+        - name: runner-register
+          image: &runnerImg code.forgejo.org/forgejo/runner:5.0.3
+          command: ["forgejo-runner", "register", "--no-interactive", "--token", $(RUNNER_SECRET), "--name", $(RUNNER_NAME), "--instance", $(FORGEJO_INSTANCE_URL)]
+          env:
+            - name: RUNNER_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: RUNNER_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: forgejo-runner-token
+                  key: token
+            - name: FORGEJO_INSTANCE_URL
+              value: https://git.seanomik.net #${SECRET_NEW_DOMAIN}
+          resources:
+            limits:
+              cpu: "0.50"
+              memory: "64Mi"
+          volumeMounts:
+            - name: runner-data
+              mountPath: /data
+      containers:
+      - name: runner
+        image: *runnerImg
+        command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; forgejo-runner daemon"]
+        env:
+        - name: DOCKER_HOST
+          value: tcp://localhost:2376
+        - name: DOCKER_CERT_PATH
+          value: /certs/client
+        - name: DOCKER_TLS_VERIFY
+          value: "1"
+        volumeMounts:
+        - name: docker-certs
+          mountPath: /certs
+        - name: runner-data
+          mountPath: /data
+      - name: daemon
+        image: docker:27.4.0-dind
+        env:
+        - name: DOCKER_TLS_CERTDIR
+          value: /certs
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - name: docker-certs
+          mountPath: /certs
\ No newline at end of file
diff --git a/kubernetes/main/apps/dev/forgejo-runner/ks.yaml b/kubernetes/main/apps/dev/forgejo-runner/ks.yaml
new file mode 100644
index 0000000..8377566
--- /dev/null
+++ b/kubernetes/main/apps/dev/forgejo-runner/ks.yaml
@@ -0,0 +1,25 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: forgejo-runner
+  namespace: flux-system
+spec:
+  timeout: 5m
+  interval: 10m
+  targetNamespace: dev
+  path: ./kubernetes/main/apps/dev/forgejo-runner/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-cluster
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-gpg
+  postBuild:
+    substituteFrom:
+      - kind: ConfigMap
+        name: cluster-settings
+      - kind: Secret
+        name: cluster-secrets
diff --git a/kubernetes/main/apps/dev/forgejo-runner/reg-token.sops.yaml b/kubernetes/main/apps/dev/forgejo-runner/reg-token.sops.yaml
deleted file mode 100644
index 3efbebb..0000000
--- a/kubernetes/main/apps/dev/forgejo-runner/reg-token.sops.yaml
+++ /dev/null
@@ -1,71 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-    name: forgejo-runner-token
-    namespace: dev
-stringData:
-    token: ENC[AES256_GCM,data:9jDgV6FWMe0l6AL84CxgJbYQaaHeoFp4YokCaLiemRWp0gWIchi+7w==,iv:TfxHPiwKavl03AOn3O9EUsdeTGTSfhAISG51RB3lAMg=,tag:YbJ1ZrB2GLzQNTHpev5Qog==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age: []
-    lastmodified: "2024-06-14T01:48:50Z"
-    mac: ENC[AES256_GCM,data:iYIQUl8hcNDgjvusqdA7VctAiqEI9qc9rtRsvlYieQHqm0ZsnZNmp3Am0uiBtRpnKOhgMQVimfVGQSeUp92FudbCLgKGCvnaEyDN9ejCRleGOWsyAmtsQIjJoNlkfYA98als0sKdK3OXtwSejof4hTdX83zHa6oul7Yo5+BAXzg=,iv:sMrCEVEHoe0B7G92XPGzKRIA8YBkguVN/XjiyWjCZGE=,tag:UzqPr464PwfyT7yZ1DbUyQ==,type:str]
-    pgp:
-        - created_at: "2024-06-14T01:48:50Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMAyqlIeyoxYovAQ/+NoUJHW5bR2CXAsW8RFEn44duKfCf2zvk8xvvxeTRPFpy
-            osXhr9dtph9dCO/DiD1fO04qfdpcwUARwT+iUHxhXCMhh3YxK2WX3DrccDswCpVW
-            wx/8GVhRnVgD16A/joanGyNhE11bXE+pwTN+TletEbXa3o3sktiiSKLfIAD+lfQU
-            pR66u9SkgZk0hINw3Ubjj/BF2/y6rGPKOOqZniRc4sgJ3c/PWfKjzQBUT/4WwbBx
-            BwJaAAxkmZJTL944iqaP4lSLgqE5hckmtXSMlZcRSVBLidgWqF6zf+JmXa3Bu96s
-            r4br8XO2AR9BPLhbpTl5CcbvEiIkho9s+DLQt97t0efOlv/fTs1C+9TT9W8I1HMx
-            kB8bJQtX5uWV/2FPhgzwwQmRHMU3cRlfdv5b0nQgatMRMsEPsL65RYmQvakeYjb1
-            4sMAuSmlGSHBnbN4BZX6Bakt47onELADTe+8ECx6JVNMPxltnx3Q0gaEqfWx6tRU
-            EG8YEN/veEmNl2kGwi5hH1WaQIlioKh82FwxqRMHET3U+ru4osfFh4nEyHfsz0YF
-            ckG8h5CKCUZJ+BDZXTarHsa/d7U7FxAlfw6WnhekM6hvJghs2OpHBdJCkO4gL+VH
-            e/uva4MJV+Hq32pRgj5QvH3CvVI/fPe0b9D7kdmSeVBpXrkBeqkqlWDK7CR05auF
-            AgwDXjg0p2IN1X8BD/49nRK47AEuhvSqblkXFm1f3GJ8/KK3fpiB/OUVmgrkqV6E
-            iR6SPTufcfGBJIeMZBC99TFZWllZcDGybA5aFinI6c4fOIbfZAAO0JC4IXrYqWKg
-            5kB5QBjIkXD/7pELwbgiDXU/MuYu/spICY+AwciOowk8JTXV4OU9omTatC85GDFW
-            R131Ids5n5IYIofxiHr3hCuAg8n/pFzTzn6TITtAdVgDlPCdfY+dw2Nm8s1cu4by
-            mElpoVljNv6+SX/pGGxDs46ECZ83zLwr7h49fW1OKfb2tVFq1PvFj6YclxfDcVPp
-            GwSTjy6jELEyGYAWTwyLo3WaZO/iO0UKin1sWHeoPIYgGE2De/KamAr4iqpWXYC6
-            n1EU9bso2omFgZqmPvRt+z+b8yEttOeRmvIH+pXkJgM+Hva+qHBuU1oeYVA+32hm
-            nbxwutIHMX2tA+jOcG+MTjCqTtk0/JmD37Ulr1+KvFnlvidY1Lt7oa755kkpOi/h
-            6il1hpPR0h7pJ1zJceI7GwaUvaX/RCam5pQnPeQ2INUUl3DNiMaC9mjZcqjV5Cgt
-            s4F2WJsIkkZszMM0VCBzwpXYOLkUtX5OprXohqunq+CxfE8jnbS4OPvrFxzqcn9X
-            d4a8GQSUoXT9tbGWt23F1zcrihZJKVZQ1DzL6OXVsZBK8hoi5k3ahkxKZaRNRtRm
-            AQkCEJT2L4bU/KWwQjUQBInUaWWsElNZwy3f5axWXGTpdn3ZoRjjr6cQWCM9Xs1r
-            02fGSMADhLp+RCUuEvhcp71FKjgq+h2kC+z4QS0JT17M0nnlijnXXE4M3819KpmV
-            QXawwt7Y
-            =Bh7C
-            -----END PGP MESSAGE-----
-          fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
-        - created_at: "2024-06-14T01:48:50Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMAy5t8IMoPu4VARAAp+DJIqWWFMWNaezrX85hHiuHZJjTWjnJIrQ0Bqvvv89d
-            hZENS3PbSN4gVz6NXmZ7obNcdFew2pcF8+zgZrM77DiPoKzpBrvJuy41fgSGYx3Z
-            QFE4w/FgzZ19Ad86AgvzALLNWH0bWZBZtkaPcsQBIdVp4xV9FzgnVOrE20OZgaVc
-            iucedMswCEPXHFbuBkeJZCmUNV06wQWANweZdJ/TC86PN+vKNML5dD7H6Mp6W9cK
-            97vznkxSgQALVWSkqV9KVQW3OuLn68xc2ewTy5ILDAUGrS+US9yz4EKwb6oBG8nF
-            EwEEbxV8sUHRfIp73ub4YD8IxDxdXGZFevZXggpTnZ0BcTyxHQmQ+ukKAn4W9ddI
-            VKq9oHOMgcn4IVvIsybCMoC1ieJSq+ZT+ebRQAgT9Z5f+OMndokBREhVHjBgRl7G
-            NQK/yGBsUTn04hvOW/6T+R4EC9HJCpASQBHfh+WYjBTRMl2icZburQPKZhDJOdzS
-            5YEMToYewqYhJ87/e1++vHsUE2PwAjT1R0zC0h4mpXQliyeYJ5jl3AAJR8YYtRui
-            q1fMgr1a4ZDDJk6abXObzHpEcUanxxD75GedCdmq4JOLdaI2m5c8pdpN3ecx0QbS
-            39jOJW/eAiWsnjWe2Rq9gucB0qRQmUG3338DtRh5W8JC722G20A5E6Txa40nI0fU
-            ZgEJAhA9ZwSEEY2K4+aIZb1+s6ZOQ++a6rC6ymIJRs/gmusw0rO5pfDwpq+8kQU3
-            oGF9VrmwGgSF3zO2Y9iWlPp58sEsNS54PJygBOabgD88W0SqTg490TXxtjIj6HLL
-            JACfvy57bQ==
-            =wTij
-            -----END PGP MESSAGE-----
-          fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
-    encrypted_regex: ^(data|stringData)$
-    version: 3.8.1
diff --git a/kubernetes/main/apps/dev/forgejo-runner/runner.yaml b/kubernetes/main/apps/dev/forgejo-runner/runner.yaml
deleted file mode 100644
index 70998f8..0000000
--- a/kubernetes/main/apps/dev/forgejo-runner/runner.yaml
+++ /dev/null
@@ -1,77 +0,0 @@
-# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.4/statefulset.json
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: forgejo-runner
-  namespace: dev
-spec:
-  serviceName: forgejo-runner
-  replicas: 5
-  revisionHistoryLimit: 0
-
-  volumeClaimTemplates:
-    - metadata:
-        name: runner-work
-      spec:
-        storageClassName: mainpool-hostpath
-        accessModes:
-          - ReadWriteOnce
-        resources:
-          requests:
-            storage: 5Gi
-  
-  persistentVolumeClaimRetentionPolicy:
-    whenScaled: Delete
-    whenDeleted: Delete
-
-  selector:
-    matchLabels:
-      app: forgejo-runner
-
-  template:
-    metadata:
-      labels:
-        app: forgejo-runner
-
-    spec:
-      serviceAccountName: forgejo-runner
-
-      containers:
-        - name: runner
-          image: ghcr.io/christopherhx/gitea-actions-runner:v0.0.13
-          imagePullPolicy: Always
-          
-          env:
-            - name: ACTIONS_RUNNER_POD_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-            - name: ACTIONS_RUNNER_CLAIM_NAME
-              value: runner-work-$(ACTIONS_RUNNER_POD_NAME)
-            - name: ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER
-              value: "true"
-            - name: ACTIONS_RUNNER_CONTAINER_HOOKS
-              value: /home/runner/k8s/index.js
-            - name: GITEA_INSTANCE_URL
-              value: https://git.${SECRET_NEW_DOMAIN}
-            - name: GITEA_RUNNER_REGISTRATION_TOKEN
-              valueFrom:
-                secretKeyRef:
-                  name: forgejo-runner-token
-                  key: token
-            - name: GITEA_RUNNER_LABELS
-              value: docker,cluster
-            - name: GITEA_RUNNER_NAME
-              value: cluster-$(ACTIONS_RUNNER_POD_NAME)
-          
-          volumeMounts:
-            - mountPath: /home/runner/_work
-              name: runner-work
-
-          resources:
-            requests:
-              cpu: "10m"
-              memory: "500Mi"
-            limits:
-              cpu: "1"
-              memory: "1Gi"
\ No newline at end of file
diff --git a/kubernetes/main/apps/dev/forgejo-runner/service-account.yaml b/kubernetes/main/apps/dev/forgejo-runner/service-account.yaml
deleted file mode 100644
index 634eaff..0000000
--- a/kubernetes/main/apps/dev/forgejo-runner/service-account.yaml
+++ /dev/null
@@ -1,43 +0,0 @@
-# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.4/role.json
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: forgejo-runner
-  namespace: dev
-rules:
-  - apiGroups: [""]
-    resources: ["pods"]
-    verbs: ["get", "list", "create", "delete"]
-  - apiGroups: [""]
-    resources: ["pods/exec"]
-    verbs: ["get", "create"]
-  - apiGroups: [""]
-    resources: ["pods/log"]
-    verbs: ["get", "list", "watch",]
-  - apiGroups: ["batch"]
-    resources: ["jobs"]
-    verbs: ["get", "list", "create", "delete"]
-  - apiGroups: [""]
-    resources: ["secrets"]
-    verbs: ["get", "list", "create", "delete"]
----
-# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.4/rolebinding.json
-kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: forgejo-runner
-  namespace: dev
-subjects:
-  - kind: ServiceAccount
-    name: forgejo-runner
-roleRef:
-  kind: Role
-  name: forgejo-runner
-  apiGroup: rbac.authorization.k8s.io
----
-# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.4/serviceaccount.json
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: forgejo-runner
-  namespace: dev
\ No newline at end of file
diff --git a/kubernetes/main/apps/dev/forgejo-runner/service.yaml b/kubernetes/main/apps/dev/forgejo-runner/service.yaml
deleted file mode 100644
index 0afa39a..0000000
--- a/kubernetes/main/apps/dev/forgejo-runner/service.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
-# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.4/service.json
-kind: Service
-apiVersion: v1
-metadata:
-  name: forgejo-runner
-  namespace: dev
-spec:
-  type: ClusterIP
-  clusterIP: None
-  selector:
-    app: forgejo-runner
\ No newline at end of file
diff --git a/kubernetes/main/apps/dev/kustomization.yaml b/kubernetes/main/apps/dev/kustomization.yaml
index 8af0ebb..2823217 100644
--- a/kubernetes/main/apps/dev/kustomization.yaml
+++ b/kubernetes/main/apps/dev/kustomization.yaml
@@ -3,5 +3,5 @@ kind: Kustomization
 resources:
 - ./namespace.yaml
 - ./woodpecker
-- ./forgejo-runner
+- ./forgejo-runner/ks.yaml
 - ./airflow
\ No newline at end of file