diff --git a/modules/web01/gitea/actions-runner.nix b/modules/web01/gitea/actions-runner.nix
index 7ef117d..459d8a0 100644
--- a/modules/web01/gitea/actions-runner.nix
+++ b/modules/web01/gitea/actions-runner.nix
@@ -199,7 +199,7 @@ in
     tokenFile = "/var/lib/gitea-registration/token";
     labels = [ "nix:docker://gitea-runner-nix" ];
     settings = {
-      container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser";
+      container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm";
       # the default network that also respects our dns server settings
       container.network = "podman";
       container.valid_volumes = [