diff --git a/.gitea/workflows/check-flake.yaml b/.gitea/workflows/check-flake.yaml
new file mode 100644
index 0000000..95f84c1
--- /dev/null
+++ b/.gitea/workflows/check-flake.yaml
@@ -0,0 +1,38 @@
+name: Check Flake
+
+on: [push]
+
+env:
+  DEBIAN_FRONTEND: noninteractive
+  PATH: /run/current-system/sw/bin/:/nix/var/nix/profiles/per-user/gitea-runner/profile/bin
+
+# defaults:
+#   run:
+#     shell: nix shell nixpkgs#nodejs-18_x
+
+jobs:
+  check-flake:
+    runs-on: nixos
+    steps:
+      # - run: node --version
+      # - name: Install basic dependencies
+      #   run: apt-get update && apt-get install -y --no-install-recommends sudo curl ca-certificates xz-utils
+
+      # - name: Install Nix
+      #   uses: https://github.com/cachix/install-nix-action@v20
+      #   with:
+      #     github_access_token: ${{ secrets.__GITHUB_TOKEN }}
+
+      - name: Install dependencies
+        run: nix profile install nixpkgs#nodejs-18_x
+
+      - name: Checkout the repository
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      # - name: Get ENV var names
+      #   run: printenv | cut -d'=' -f1
+
+      - name: Check Flake
+        run: nix flake check --show-trace
\ No newline at end of file
diff --git a/common/server/gitea-runner.nix b/common/server/gitea-runner.nix
index f5f4a17..b57b056 100644
--- a/common/server/gitea-runner.nix
+++ b/common/server/gitea-runner.nix
@@ -11,12 +11,6 @@ in
       type = lib.types.str;
       description = lib.mdDoc "gitea runner data directory.";
     };
-    instanceUrl = lib.mkOption {
-      type = lib.types.str;
-    };
-    registrationTokenFile = lib.mkOption {
-      type = lib.types.path;
-    };
   };
 
   config = lib.mkIf cfg.enable {
@@ -35,13 +29,6 @@ in
     };
     users.groups.gitea-runner = { };
 
-    # registration token
-    services.gitea-runner.registrationTokenFile = "/run/agenix/gitea-runner-registration-token";
-    age.secrets.gitea-runner-registration-token = {
-      file = ../../secrets/gitea-runner-registration-token.age;
-      owner = "gitea-runner";
-    };
-
     systemd.services.gitea-runner = {
       description = "Gitea Runner";
 
@@ -57,40 +44,7 @@ in
 
       path = with pkgs; [ gitea-actions-runner ];
 
-      # based on https://gitea.com/gitea/act_runner/src/branch/main/run.sh
       script = ''
-        . ${cfg.registrationTokenFile}
-
-        if [[ ! -s .runner ]]; then
-          try=$((try + 1))
-          success=0
-
-          LOGFILE="$(mktemp)"
-
-          # The point of this loop is to make it simple, when running both act_runner and gitea in docker,
-          # for the act_runner to wait a moment for gitea to become available before erroring out.  Within
-          # the context of a single docker-compose, something similar could be done via healthchecks, but
-          # this is more flexible.
-          while [[ $success -eq 0 ]] && [[ $try -lt ''${10:-10} ]]; do
-            act_runner register \
-              --instance "${cfg.instanceUrl}" \
-              --token    "$GITEA_RUNNER_REGISTRATION_TOKEN" \
-              --name     "${config.networking.hostName}" \
-              --no-interactive > $LOGFILE 2>&1
-
-            cat $LOGFILE
-
-            cat $LOGFILE | grep 'Runner registered successfully' > /dev/null
-            if [[ $? -eq 0 ]]; then
-              echo "SUCCESS"
-              success=1
-            else
-              echo "Waiting to retry ..."
-              sleep 5
-            fi
-          done
-        fi
-
         exec act_runner daemon
       '';
     };
diff --git a/machines/phil/default.nix b/machines/phil/default.nix
index 592623d..10e299f 100644
--- a/machines/phil/default.nix
+++ b/machines/phil/default.nix
@@ -5,8 +5,6 @@
     ./hardware-configuration.nix
   ];
 
-  services.gitea-runner = {
-    enable = true;
-    instanceUrl = "https://git.neet.dev";
-  };
+  networking.hostName = "phil";
+  services.gitea-runner.enable = true;
 }
diff --git a/machines/storage/s0/default.nix b/machines/storage/s0/default.nix
index a2ac572..845ba03 100644
--- a/machines/storage/s0/default.nix
+++ b/machines/storage/s0/default.nix
@@ -5,7 +5,14 @@
     ./hardware-configuration.nix
   ];
 
-  system.autoUpgrade.enable = true;
+  networking.hostName = "s0";
+
+  # system.autoUpgrade.enable = true;
+
+  # gitea runner and allow it to build ARM derivations
+  services.gitea-runner.enable = true;
+  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
+  nix.gc.automatic = lib.mkForce false; # allow the nix store to serve as a build cache
 
   services.iperf3.enable = true;
   services.iperf3.openFirewall = true;
diff --git a/secrets/gitea-runner-registration-token.age b/secrets/gitea-runner-registration-token.age
deleted file mode 100644
index bf56a84..0000000
Binary files a/secrets/gitea-runner-registration-token.age and /dev/null differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index bb2c705..a0fdf7c 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -19,9 +19,6 @@ with roles;
   "hashed-robots-email-pw.age".publicKeys = email-server;
   "robots-email-pw.age".publicKeys = gitea;
 
-  # gitea
-  "gitea-runner-registration-token.age".publicKeys = gitea-runner;
-
   # vpn
   "iodine.age".publicKeys = iodine;
   "pia-login.age".publicKeys = pia;