diff --git a/ansible/playbooks/nanna-docker.yaml b/ansible/playbooks/nanna-docker.yaml
index 1a772ef..a0e6708 100644
--- a/ansible/playbooks/nanna-docker.yaml
+++ b/ansible/playbooks/nanna-docker.yaml
@@ -77,6 +77,12 @@
           user: caddy
         - name: codi_uploads
           user: hackmd
+        - name: nix_runner_etc
+          user: 1000
+        - name: nix_runner_nix
+          user: 1000
+        - name: nix_runner_home_node
+          user: 1000
     # Since some docker-compose configuration might want to pull
     # images from the Gitea package repository, we need to ensure
     # that Gitea is reachable before those configurations are deployed.
diff --git a/docker/docker/gitea/runner-config.yaml b/docker/docker/gitea/runner-config.yaml
index 11ada3f..ae06d3e 100644
--- a/docker/docker/gitea/runner-config.yaml
+++ b/docker/docker/gitea/runner-config.yaml
@@ -74,7 +74,10 @@ container:
   # If you want to allow any volume, please use the following configuration:
   # valid_volumes:
   #   - '**'
-  valid_volumes: []
+  valid_volumes:
+    - /var/lib/pbri/docker/nix_runner_etc
+    - /var/lib/pbri/docker/nix_runner_nix
+    - /var/lib/pbri/docker/nix_runner_home_node
   # overrides the docker client host with the specified one.
   # If it's empty, act_runner will find an available docker host automatically.
   # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers.