diff --git a/Dockerfile-runner b/Dockerfile-runner
new file mode 100644
index 0000000..61fe525
--- /dev/null
+++ b/Dockerfile-runner
@@ -0,0 +1,28 @@
+FROM gitea/runner:nightly
+
+SHELL ["/bin/bash", "-c"]
+
+RUN apk add --no-cache \
+    nodejs \
+    npm \
+    make \
+    git \
+    gnupg \
+    python3 \
+    py3-pip \
+    curl \
+    unzip \
+    docker-cli \
+    libc6-compat
+
+# tfenv
+RUN git clone --depth=1 https://github.com/tfutils/tfenv.git ~/.tfenv && \
+    ln -s ~/.tfenv/bin/* /usr/local/bin && \
+    tfenv install 1.8.4 && \
+    tfenv use 1.8.4
+
+# AWS CLI
+RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" && \
+    unzip awscliv2.zip && \
+    ./aws/install && \
+    rm -rf awscliv2.zip aws
diff --git a/docker-compose.example.yml b/docker-compose.example.yml
new file mode 100644
index 0000000..96f8b4e
--- /dev/null
+++ b/docker-compose.example.yml
@@ -0,0 +1,76 @@
+services:
+  git:
+    image: gitea/gitea:latest-rootless
+    restart: always
+    networks:
+      - caddy
+    environment:
+      - GITEA__database__DB_TYPE=postgres
+      - GITEA__database__HOST=gitdb:5432
+      - GITEA__database__NAME=gitea
+      - GITEA__database__USER=gitea
+      - GITEA__database__PASSWD=<fill-me-in>
+    volumes:
+      - ./data:/var/lib/gitea
+      - ./config:/etc/gitea
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - "127.0.0.1:3000:3000"
+      - "2222:2222"
+    depends_on:
+      - gitdb
+
+  gitdb:
+    image: postgres:14
+    restart: always
+    networks:
+      - caddy
+    environment:
+      - POSTGRES_USER=gitea
+      - POSTGRES_PASSWORD=<fill-me-in>
+      - POSTGRES_DB=gitea
+    volumes:
+      - ./postgres:/var/lib/postgresql/data
+
+  runner:
+    build:
+      context: .
+      dockerfile: Dockerfile-runner
+    restart: always
+    privileged: true
+    depends_on:
+      - git
+    volumes:
+      - ./data/runner:/data
+      - /var/run/docker.sock:/var/run/docker.sock
+    environment:
+      - GITEA_INSTANCE_URL=https://git.example.com
+      - GITEA_RUNNER_REGISTRATION_TOKEN=<replace>
+      - DOCKER_HOST=unix:///var/run/docker.sock
+      - DOCKERD_ROOTLESS_ROOTLESSKIT_NET=slirp4netns
+      - DOCKERD_ROOTLESS_ROOTLESSKIT_MTU=65520
+      - GITEA_RUNNER_LABELS=ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest,host:host
+  runner-2:
+    build:
+      context: .
+      dockerfile: Dockerfile-runner
+    restart: always
+    privileged: true
+    depends_on:
+      - git
+    volumes:
+      - ./data/runner-2:/data
+      - /var/run/docker.sock:/var/run/docker.sock
+    environment:
+      - GITEA_INSTANCE_URL=https://git.example.com
+      - GITEA_RUNNER_REGISTRATION_TOKEN=<replace>
+      - DOCKER_HOST=unix:///var/run/docker.sock
+      - DOCKERD_ROOTLESS_ROOTLESSKIT_NET=slirp4netns
+      - DOCKERD_ROOTLESS_ROOTLESSKIT_MTU=65520
+      - GITEA_RUNNER_LABELS=ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest,host:host
+
+networks:
+  caddy:
+    name: caddy
+    external: true