diff --git a/.forgejo/workflows/runner-image.yml b/.forgejo/workflows/runner-image.yml
new file mode 100644
index 0000000..0e03ddf
--- /dev/null
+++ b/.forgejo/workflows/runner-image.yml
@@ -0,0 +1,47 @@
+name: Create OCI image(s)
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+
+env:
+  registry: git.amarth.cloud
+  owner: amarth
+  image: default
+  tag: latest
+
+jobs:
+  build:
+    name: Build and push images
+    runs-on: default
+    steps:
+      - name: Checkout
+        run: |
+          git clone ${{ forge.server_url }}/${{ forge.repository }}.git .
+
+      - name: Prepare podman
+        run: |
+          # configure container policy to accept insecure registry
+          nix-env -iA nixpkgs.podman nixpkgs.kvmtool
+
+          # configure container policy to accept insecure registry
+          mkdir -p ~/.config/containers
+          echo '{ "default": [ {"type":"insecureAcceptAnything"} ] }' > ~/.config/containers/policy.json
+
+      - name: Log into registry
+        run: |
+          podman login --username "${{ forge.actor }}" --password "${{ forge.token }}" ${{ env.registry }}
+
+      - name: Create image
+        run: |
+          nix-build src/default.nix
+          podman load < result
+
+      - name: Push image
+        run: >-
+          podman push
+          --creds="${{ forge.actor }}:${{ forge.token }}"
+          localhost/default:latest
+          ${{ env.registry }}/${{ env.owner }}/${{ env.image }}:${{ env.tag }}
\ No newline at end of file
diff --git a/src/default.nix b/src/default.nix
new file mode 100644
index 0000000..608cc69
--- /dev/null
+++ b/src/default.nix
@@ -0,0 +1,28 @@
+{
+  pkgs ? import <nixpkgs> {},
+  pkgs_linux ? import <nixpkgs> { system = "x86_64-linux"; },
+}:
+
+with pkgs;
+dockerTools.buildImage {
+  name = "default";
+  tag = "latest";
+
+  copyToRoot = buildEnv {
+    name = "image-root";
+    pathsToLink = [ "/bin" ];
+    paths = with pkgs_linux; [
+      coreutils
+      u-root-cmds
+      bash
+      nix
+      nodejs
+      podman
+    ];
+  };
+
+  config = {
+    User = "runner";
+    Cmd = [ "${lib.getExe bashInteractive}" ];
+  };
+}
\ No newline at end of file