diff --git a/modules/ci-runner/default.nix b/modules/ci-runner/default.nix
new file mode 100644
index 00000000..1460ab16
--- /dev/null
+++ b/modules/ci-runner/default.nix
@@ -0,0 +1,41 @@
+{ lib, config, pkgs, self, ... }:
+with lib;
+let
+  psCfg = config.pub-solar;
+  cfg = config.pub-solar.ci-runner;
+in
+{
+  options.pub-solar.ci-runner = {
+    enable = mkEnableOption "Enables a systemd service that runs drone-ci-runner";
+  };
+
+  config = mkIf cfg.enable {
+    systemd.user.services.ci-runner = {
+      enable = true;
+
+      description = "CI runner for the PubSolarOS repository that can run test VM instances with KVM.";
+
+      serviceConfig = {
+        Type = "simple";
+        Restart = "always";
+      };
+
+      path = [
+        pkgs.git
+        pkgs.nix
+        pkgs.libvirt
+      ];
+
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" "libvirtd.service" ];
+
+      script = ''${pkgs.drone-runner-exec}/bin/drone-runner-exec daemon /run/agenix/drone-runner-exec-config'';
+    };
+
+    age.secrets."drone-runner-exec-config" = {
+      file = "${self}/secrets/drone-runner-exec-config";
+      mode = "700";
+      owner = psCfg.user.name;
+    };
+  };
+}
diff --git a/pkgs/drone-docker-runner.nix b/pkgs/drone-docker-runner.nix
index 7d098536..e1773d5a 100644
--- a/pkgs/drone-docker-runner.nix
+++ b/pkgs/drone-docker-runner.nix
@@ -6,7 +6,7 @@ self: with self; ''
         --env=DRONE_RPC_PROTO=$DRONE_RPC_PROTO \
         --env=DRONE_RPC_HOST=$DRONE_RPC_HOST \
         --env=DRONE_RPC_SECRET=$(${self.libsecret}/bin/secret-tool lookup drone rpc-secret) \
-        --env=DRONE_RUNNER_CAPACITY=4 \
+        --env=DRONE_RUNNER_CAPACITY=8 \
         --env=DRONE_RUNNER_NAME=$(${self.inetutils}/bin/hostname) \
         --publish=3000:3000 \
         --restart=always \