diff --git a/hosts/ude/default.nix b/hosts/ude/default.nix
index cf0db3d..1913f08 100644
--- a/hosts/ude/default.nix
+++ b/hosts/ude/default.nix
@@ -8,7 +8,6 @@
     imports = [
       "${modulesPath}/profiles/qemu-guest.nix"
       ./disks.nix
-      ./github-runner.nix
     ];
 
     nixpkgs.hostPlatform = "aarch64-linux";
@@ -21,6 +20,10 @@
 
     common.hercules.enable = true;
     services.hercules-ci-agent.settings.concurrentTasks = 6;
+    common.github-runner = {
+      enable = true;
+      runners.settei.url = "https://github.com/nrabulinski/settei";
+    };
 
     services.nginx = {
       enable = true;
diff --git a/hosts/ude/github-runner.nix b/hosts/ude/github-runner.nix
deleted file mode 100644
index dbd204d..0000000
--- a/hosts/ude/github-runner.nix
+++ /dev/null
@@ -1,27 +0,0 @@
-{config, ...}: let
-  github-runner-user = "github-runner";
-in {
-  age.secrets.github-token = {
-    file = ../../secrets/github-token.age;
-    owner = github-runner-user;
-  };
-
-  services.github-runners.settei = {
-    enable = true;
-    tokenFile = config.age.secrets.github-token.path;
-    url = "https://github.com/nrabulinski/settei";
-    ephemeral = true;
-    user = github-runner-user;
-    serviceOverrides = {
-      DynamicUser = false;
-    };
-  };
-
-  users = {
-    users.${github-runner-user} = {
-      isSystemUser = true;
-      group = github-runner-user;
-    };
-    groups.${github-runner-user} = {};
-  };
-}
diff --git a/modules/system/common/default.nix b/modules/system/common/default.nix
index 788d89a..e8df39e 100644
--- a/modules/system/common/default.nix
+++ b/modules/system/common/default.nix
@@ -61,6 +61,7 @@ in {
   imports = [
     (import ./hercules.nix {inherit isLinux;})
     (import ./user.nix {inherit isLinux;})
+    (import ./github-runner.nix {inherit isLinux;})
   ];
 
   config = lib.mkMerge [
diff --git a/modules/system/common/github-runner.nix b/modules/system/common/github-runner.nix
new file mode 100644
index 0000000..12163b9
--- /dev/null
+++ b/modules/system/common/github-runner.nix
@@ -0,0 +1,72 @@
+{isLinux}: {
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit (lib) mkOption types;
+  github-runner-user = "github-runner";
+
+  cfg = config.common.github-runner;
+
+  sharedConfig = {
+    age.secrets.github-token = {
+      file = ../../../secrets/github-token.age;
+      owner = github-runner-user;
+    };
+  };
+
+  linuxConfig = lib.optionalAttrs isLinux {
+    services.github-runners =
+      lib.mapAttrs (name: cfg: {
+        enable = true;
+        tokenFile = config.age.secrets.github-token.path;
+        inherit (cfg) name url;
+        ephemeral = true;
+        user = github-runner-user;
+        serviceOverrides = {
+          DynamicUser = false;
+        };
+        extraLabels = ["nix"];
+      })
+      cfg.runners;
+
+    users = {
+      users.${github-runner-user} = {
+        isSystemUser = true;
+        group = github-runner-user;
+      };
+      groups.${github-runner-user} = {};
+    };
+  };
+
+  darwinConfig = lib.optionalAttrs (!isLinux) {
+    warnings = lib.singleton "common.github-runner doesn't do anything on darwin yet";
+  };
+in {
+  _file = ./github-runner.nix;
+
+  options.common.github-runner = {
+    enable = lib.mkEnableOption "using this machine as a self-hosted github runner";
+    runners = mkOption {
+      type = with types;
+        attrsOf (submodule ({name, ...}: {
+          options = {
+            name = mkOption {
+              type = types.str;
+              default = "${name}-${config.networking.hostName}";
+            };
+            url = mkOption {
+              type = types.str;
+            };
+          };
+        }));
+    };
+  };
+
+  config = lib.mkIf cfg.enable (lib.mkMerge [
+    sharedConfig
+    linuxConfig
+    darwinConfig
+  ]);
+}