diff --git a/hosts/spacestation/services.nix b/hosts/spacestation/services.nix
index a884e28..15faa92 100644
--- a/hosts/spacestation/services.nix
+++ b/hosts/spacestation/services.nix
@@ -72,6 +72,7 @@ in {
         enable = true;
         token = secrets.services.forgejo.actions-token;
         url = "http://192.168.1.10:${toString secrets.services.forgejo.port}";
+        labels = secrets.services.forgejo.actions-labels;
       };
       users = {
         user1 = {
diff --git a/modules/nixos/services/forgejo/default.nix b/modules/nixos/services/forgejo/default.nix
index 1e0251e..e508ea6 100644
--- a/modules/nixos/services/forgejo/default.nix
+++ b/modules/nixos/services/forgejo/default.nix
@@ -66,6 +66,18 @@ in {
         type = str;
         default = "http://localhost:${toString cfg.settings.server.HTTP_PORT}";
       };
+      labels = mkOption {
+        type = listOf str;
+        default = [
+          /*
+          Remember to install git on these images so actions/checkout can work,
+          without it, the actions tries to use the /api/v3/repos/{user}/{repo}/tarball/{ref}
+          api endpoint, which Gitea/Forgejo doesn't has.
+          */
+          "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest-slim"
+          "ubuntu-latest-full:docker://gitea/runner-images:ubuntu-latest"
+        ];
+      };
     };
   };
   config = with lib;
@@ -122,16 +134,7 @@ in {
           token = mkDefault cfg.actions.token;
           name = mkDefault "${cfg.settings.DEFAULT.APP_NAME} - Actions";
           url = cfg.actions.url;
-          labels = mkDefault [
-            "alpine-plus:docker://cicirello/alpine-plus-plus:3.19.1"
-            /*
-            Remember to install git on these images so actions/checkout can work,
-            without it, the actions tries to use the /api/v3/repos/{user}/{repo}/tarball/{ref}
-            api endpoint, which Gitea/Forgejo doesn't has.
-            */
-            "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest-slim"
-            "ubuntu-latest-full:docker://gitea/runner-images:ubuntu-latest"
-          ];
+          labels = mkDefault cfg.actions.labels;
           settings = {
             runner = {
               insecure = true;
diff --git a/secrets/spacestation-secrets.lesser.json b/secrets/spacestation-secrets.lesser.json
index 397a566..225b85a 100644
--- a/secrets/spacestation-secrets.lesser.json
+++ b/secrets/spacestation-secrets.lesser.json
@@ -14,7 +14,13 @@
 		"forgejo": {
 			"domain": "ENC[AES256_GCM,data:DJDExE7VVmAk4ZLhOkTfD2wBY5i1,iv:tnOgrKCpglvDyk75mnmeoiz2trmD3r3wCL2etHmALC4=,tag:rAiEK9U48cR1q+W7Zbkhvg==,type:str]",
 			"port": "ENC[AES256_GCM,data:ydSACw==,iv:0RWRLLCU8YyYmOmTawns2Iy+ABiBFbBqgQ10+buZNt0=,tag:3QW0NzbKeUkcfYh/5my3fA==,type:float]",
-			"actions-token": "ENC[AES256_GCM,data:eNZtfpBt0ZjgLrykGKGEL3gtKCHHE+UWaDATgi0QHBGj7ZZX7ROuKQ==,iv:J8wmqFVmi8sarGupw/F4PP20HdaGTrxC4pF8GERwZxs=,tag:wZve5TI4/NpacMpHtpBnoA==,type:str]"
+			"actions-token": "ENC[AES256_GCM,data:eNZtfpBt0ZjgLrykGKGEL3gtKCHHE+UWaDATgi0QHBGj7ZZX7ROuKQ==,iv:J8wmqFVmi8sarGupw/F4PP20HdaGTrxC4pF8GERwZxs=,tag:wZve5TI4/NpacMpHtpBnoA==,type:str]",
+			"actions-labels": [
+				"ENC[AES256_GCM,data:QFgl5alecI2Ecc6hTisc1orcvOE5dmdoNf3gwN5HWeq40B65NhsmXcZuTpkALEE8gm42mLfq4Wtb8xvnBQ==,iv:Cktpy6ot7T9PVoertFmkznateg1GuI82j2/niAlTcP8=,tag:KJspmDE0OUCWI3sFY/5J4Q==,type:str]",
+				"ENC[AES256_GCM,data:7vnIpQXr6k+I5/1siptl6OEkSJj3FFRFXOEd5yv+c5pIzJU6CilcdTOHo+7Yp1E2IvKFla7MqcWZ0OjSAg==,iv:lPhi+CC8xJgvW5WR6C9OAbfEzXl8ueQOSl4JWKk9Zmo=,tag:5xY+AtNUWn+D3L4G3PmkpQ==,type:str]",
+				"ENC[AES256_GCM,data:KybqnMcU6ON30jLPHHdKB8oc2clxwV7otpUfinlm/YCWgvLZpsjFPnm/eu9hjKLfcwPEsWqi,iv:mmhWpJLzLJJJ8eJkNQtVLYudNG+wgIFoIEvc0o9KP7I=,tag:YB/x4AF+jrC1i0q/LhtnCw==,type:str]",
+				"ENC[AES256_GCM,data:ewFeb0pgS7t7ugV1rvEqQHkZ3UfHf7BdPXh9rIZAmyAG04E53EFYFcjuLLlZKnsu,iv:Dc+8zlv0bKkNbmMYgUXOrBkolOKJLrasen2KfUjwyoc=,tag:TUmz6hvwS3jbxvSfq3ajTQ==,type:str]"
+			]
 		},
 		"homarr": {
 			"domain": "ENC[AES256_GCM,data:IsFYq/sZtCgrCGuEFJCFZ8Yn3st4ILg=,iv:Iexxw/OcbjIuVz5VtY/170yAc/h3fLqNw5BJGiyROdg=,tag:PTYsnvq2Cr+M8MaHvMiJjw==,type:str]",
@@ -61,8 +67,8 @@
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnL3dCY1VLMmoxRFRmS0Ir\nV0ppTnI0RE5ZMjcvRGNPWkNxWFdJYTBDTG00ClRGQkh1UStGTmc0RE5aNy9nL3FI\nbHJIa3hLR0ZkTjd6WkFzOFkzeFdMNUEKLS0tIDBidk93Qy9LenFlSGZ2aEpuTUFt\nWVM2eS9UdXAvbzE4eEdKMjVEM3RLdm8KKeIhk+YOKVL9Y19lLyb6/Pxv8rbewK2e\nLm96jx+LOMOCFcQGxuFKWqQbTB4br/cPvRKSY5jFmFWqVg7pCPTAzQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
-		"lastmodified": "2024-04-28T23:36:35Z",
-		"mac": "ENC[AES256_GCM,data:vEWskDUDKWAcGiWiOWkVTmukDf/hMb+3IiCGacoGs4t44BBRRHuw8Mk6nwz7jBsYykDO1a6JZP5nmCu1V2USSfxfrw4cHaPv/FQ50r5Q8XhF4AJquIaEfx8sKb499ZCVdtTHjTjTgiJOE/mr0x/0OGjtic0EesfF402metRAiLI=,iv:kMJ652qKmwk/mU6Nulcsr3AOadvY5Rbs7lhaj2Ee0/g=,tag:uP6Gltjha97gGI8D6jG2vQ==,type:str]",
+		"lastmodified": "2024-05-01T02:27:47Z",
+		"mac": "ENC[AES256_GCM,data:8FgN0rawt0JYtvIbsT7qBIGVuBIJVF5yE8TF/2XSOiKijtghv7/VbOSQNNyxUun/mShR85b3LMfHMXg1avde/fhrs/DFu7+nf3K2oK3QMZrkmmT7lhP2c7TjwodLMqynCOvtemO5VxZMyU2uiKdyHEFoiFGwO5TVcbIdQDuEjs4=,iv:FUARn2KJxMj766Zrv0sfAfGTZX5rSibRLyCOqGXZY3k=,tag:Q9mxLCMMC9mZ6/+jBZUDaQ==,type:str]",
 		"pgp": null,
 		"unencrypted_suffix": "_unencrypted",
 		"version": "3.8.1"