diff --git a/nixos/common/services/forgejo-runner.nix b/nixos/common/services/forgejo-runner.nix
index be102bb1..f8e621bf 100644
--- a/nixos/common/services/forgejo-runner.nix
+++ b/nixos/common/services/forgejo-runner.nix
@@ -29,6 +29,7 @@
         container = {
           force_pull = true;
           clean_working_directory = true;
+          privileged = true;
         };
         valid_volumes = [
           "/run/podman/podman.sock:/run/podman/podman.sock:rw" # Poadman socket
@@ -41,9 +42,9 @@
           allow-host-namespace = false;
         };
         docker-opts = [
-          "--cap-drop=ALL"      # Drop all caps first
-          "--cap-add=NET_ADMIN" # Required for TUN device access
+          "--cap-drop=ALL"  # Drop all caps first
           "--security-opt=no-new-privileges"
+          "--cap-add=NET_ADMIN"            # Required for TUN device access
         ];
       };
     };