diff --git a/.forgejo/workflows/activate.yml b/.forgejo/workflows/activate.yml
index caa3857..7cd9dcc 100644
--- a/.forgejo/workflows/activate.yml
+++ b/.forgejo/workflows/activate.yml
@@ -19,6 +19,6 @@ jobs:
       - name: Build
         run: nixos-rebuild build --flake ./src#homelab -L --show-trace
       - name: Activate
-        run: sudo nixos-rebuild switch --flake ./src#homelab -L --show-trace -v
+        run: nixos-rebuild switch --flake ./src#homelab -L --show-trace -v
       - name: Clean
         run: rm -rfv src
diff --git a/modules/system/homelab/git.nix b/modules/system/homelab/git.nix
index e39f8d6..92b4982 100644
--- a/modules/system/homelab/git.nix
+++ b/modules/system/homelab/git.nix
@@ -59,6 +59,9 @@
     NoNewPrivileges = lib.mkForce false;
     RestrictSUIDSGID = lib.mkForce false;
     PrivateUsers = lib.mkForce false;
+    User = lib.mkForce "root";
+    ProtectSystem = lib.mkForce false;
+    ProtectHome = lib.mkForce false;
   };
   systemd.services."gitea-runner-nixos-deploy".restartIfChanged = false;
 }