diff --git a/home/linux/default.nix b/home/linux/default.nix
index 44e4839f..a881c1d5 100644
--- a/home/linux/default.nix
+++ b/home/linux/default.nix
@@ -16,8 +16,8 @@ in {
 
   services.kdeconnect.enable = linux_gui;
   services.kdeconnect.indicator = linux_gui;
-  services.swayosd.enable = linux_gui;
-  services.swaync.enable = linux_gui;
+  # services.swayosd.enable = linux_gui;
+  # services.swaync.enable = linux_gui;
   # services.nextcloud-client = {
   #   enable = device.hasGui;
   #   startInBackground = true;
diff --git a/home/services/swaync.nix b/home/services/swaync.nix
new file mode 100644
index 00000000..0af54440
--- /dev/null
+++ b/home/services/swaync.nix
@@ -0,0 +1,3 @@
+{...}: {
+  services.swaync.enable = true;
+}
diff --git a/home/services/swayosd.nix b/home/services/swayosd.nix
new file mode 100644
index 00000000..27219ae1
--- /dev/null
+++ b/home/services/swayosd.nix
@@ -0,0 +1,3 @@
+{...}: {
+  services.swayosd.enable = true;
+}
diff --git a/nixos/mirai/services/gitea.nix b/nixos/mirai/services/gitea.nix
index 71a201de..0a22fb8f 100644
--- a/nixos/mirai/services/gitea.nix
+++ b/nixos/mirai/services/gitea.nix
@@ -1,21 +1,40 @@
-{...}: {
+{config, ...}: {
+  virtualisation.docker.enable = true;
+  sops = {
+    secrets."gitea/token" = {};
+  };
   services = {
     gitea = {
       enable = true;
       settings = {
         service = {
-          # DISABLE_REGISTRATION = false;
           ENABLE_REVERSE_PROXY_AUTHENTICATION = true;
           ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = true;
         };
         mailer = {
           ENABLED = true;
           PROTOCOL = "sendmail";
-          # SENDMAIL_PATH = "sendmail";
         };
         security = {
           REVERSE_PROXY_AUTHENTICATION_USER = "REMOTE-USER";
         };
+        server = {
+          ROOT_URL = "https://git.darksailor.dev";
+          DOMAIN = "git.darksailor.dev";
+        };
+      };
+    };
+    gitea-actions-runner = {
+      instances = {
+        mirai = {
+          name = "mirai";
+          enable = true;
+          url = "https://git.darksailor.dev";
+          labels = [
+            "ubuntu-latest:docker://node:18-bullseye"
+          ];
+          tokenFile = config.sops.secrets."gitea/token".path;
+        };
       };
     };
     caddy = {
diff --git a/nixos/mirai/services/llama.nix b/nixos/mirai/services/llama.nix
index c045e6c8..ca89f3c2 100644
--- a/nixos/mirai/services/llama.nix
+++ b/nixos/mirai/services/llama.nix
@@ -28,7 +28,7 @@
       };
     };
     open-webui = {
-      enable = true;
+      enable = false;
       port = 7070;
       environment = {
         SCARF_NO_ANALYTICS = "True";
@@ -44,13 +44,13 @@
     };
 
     caddy = {
-      virtualHosts."llama.darksailor.dev".extraConfig = ''
-        forward_auth localhost:5555 {
-            uri /api/authz/forward-auth
-            copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
-        }
-        reverse_proxy localhost:7070
-      '';
+      # virtualHosts."llama.darksailor.dev".extraConfig = ''
+      #   forward_auth localhost:5555 {
+      #       uri /api/authz/forward-auth
+      #       copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
+      #   }
+      #   reverse_proxy localhost:7070
+      # '';
       virtualHosts."ollama.darksailor.dev".extraConfig = ''
         @apikey {
             header Authorization "Bearer {env.LLAMA_API_KEY}"
diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml
index 75fe3eab..c5546312 100644
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -3,6 +3,8 @@ nextcloud:
 paperless:
     adminpass: ENC[AES256_GCM,data:SkW+uh8/WlpJOgEF5GIIt5UygLU=,iv:KaKAmqJxSs822be6FsthJZ3dactgOckwrXLNa3dx350=,tag:40kSGe1O5d6killRdZiSYQ==,type:str]
     secret_key: ENC[AES256_GCM,data:9OkJ/WRLHCQXA0a/FqMieoUX5Lk=,iv:br2OSWU6uQ4/JAEvYeRlA1buhF2PGyPCdGYx0OwROek=,tag:cgnmTTWgkga6E0krWXFIdw==,type:str]
+gitea:
+    token: ENC[AES256_GCM,data:6vcGrOlxFxrsCEq3Mu9s3deOnXNpwgc6marpx90+FrU=,iv:3CNdT6P58Wy2/anaucvl9KVLTZ7z4MyDImXNxQVIAcI=,tag:YQboEG8R6G2MCZzDLaZ4wg==,type:str]
 llama:
     user: ENC[AES256_GCM,data:qWbhnc/XLotWzqbEa6ekuMe5kD/GwC9SW8omXvgWqCG1BPPCOI3DtlS4YqKxsIhYmw8MQw+4DPnaWHqjrbIsVSrQ79M=,iv:VeqkKb1N9NSKfuilG6dzYdha8cO4JqJ+YUzmkjrPU+0=,tag:SYwR1oU6VWzNoCBPsMg0uQ==,type:str]
     api_key: ENC[AES256_GCM,data:wib+xbb25sTY2K9pacc1mU5eVSyQRurHiCMZyDVSqCAmG4yjkzEykvBevpThNbTZlsk6GZuK4hH0SYJM,iv:GTU6CQ83chXHAuuL0bFMf4L+UWqlcVfXnEE0/SxLzj4=,tag:0LkOSQsuuQd6TK3KHE95TA==,type:str]
@@ -46,7 +48,7 @@ sops:
             VGZKdHpVeFRpQUxtSEkyaEhLMlBJcGsKLb0DvPNZosPBUuiX6qz1s5IO5INQh8CK
             ZtXTVClwMSmaUYhdSB2gKFrKVZHXTJZ4oAL5t/BpC0pOHyr+o96T3Q==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-07-12T11:46:28Z"
-    mac: ENC[AES256_GCM,data:wBXotjaIYnMuXf1p+UAUUl1qDdy3Gm+yXAZo9/dnKBh+RPY7D5+nqdRq3ogSfXwtF7z+s7Mu3pZykapgw7oUuNzsi2N1beEFC4OgWGPDEorVNmy7WjPUCDKvurarUoXMoRCVU5VXR6kC5U7T7bAER8wC52F+ryeMn8IVaQtMT4U=,iv:Xgm0gqHG0DUS/JBYWtmn0E/1g3PxVy2hRCA57sqSxXM=,tag:1TYL2S+VWXmt22Rhwk36wg==,type:str]
+    lastmodified: "2025-07-15T18:26:32Z"
+    mac: ENC[AES256_GCM,data:ioly0v6GKcPaIREk4PNYFvaX3ZpgGNDzB4HLyZyMlVatnjqKJajUDCnWi2dMHNmSBLIWID6CrY6mfUeE0BpOTNk7onTgfDUR/Ipuo9KtBmSuQC22IA7yR4CHo1Mrtn9t/OOJMXxl7b+PCs5ko8C/CHV2mEJF5cM1ew2rh2rDUYU=,iv:YkjrAm26SO9U0gK1172aeDEzcFrsiVGyhGERyEfNQXg=,tag:ZDkpcl2pGnGXluOou/gvbQ==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.10.2