diff --git a/.forgejo/workflows/ci.yml b/.forgejo/workflows/ci.yml
new file mode 100644
index 0000000..b12c8fd
--- /dev/null
+++ b/.forgejo/workflows/ci.yml
@@ -0,0 +1,34 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+
+jobs:
+  check:
+    name: Full Project Check
+    # Match the label of your self-hosted runner
+    runs-on: self-hosted
+    
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Run Full Check Suite
+        # Using nix develop ensures the runner doesn't need flutter/dart/stalwart installed globally.
+        # 'task check' runs analyze, unit tests, widget tests, and integration tests.
+        run: nix develop --command task check
+
+  build-linux:
+    name: Build Linux Release
+    runs-on: self-hosted
+    needs: check
+    if: github.ref == 'refs/heads/main'
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Build Linux
+        # The Taskfile task 'build-linux' currently builds --debug.
+        # You can add a 'build-linux-release' task or override it here.
+        run: nix develop --command fvm flutter build linux --release
diff --git a/.gitignore b/.gitignore
index 16144a1..283163e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -60,3 +60,5 @@ linux/flutter/generated_plugins.cmake
 .task
 
 *.log
+runner-data/
+codeberg-runner/runner-data/
diff --git a/GEMINI.md b/GEMINI.md
new file mode 100644
index 0000000..31f447a
--- /dev/null
+++ b/GEMINI.md
@@ -0,0 +1,11 @@
+# Project Setup & Conventions
+
+## Continuous Integration (CI)
+*   **Platform:** Codeberg Actions (Forgejo Actions).
+*   **Strategy:** "Thin CI, Heavy Taskfile".
+*   **Rule:** CI workflows (`.forgejo/workflows/`) should **never** contain complex logic, dependency installation steps, or custom scripts.
+*   **Execution:** CI must only invoke `task` commands (e.g., `nix develop --command task check`). All environment setup is handled by Nix (`flake.nix`), and all task orchestration is handled by `Taskfile.yml`.
+*   **Infrastructure:** We use self-hosted runners (`act_runner`) to bypass hosted CI limits and support heavy tasks (like local Stalwart integration tests).
+
+## Code Quality
+*   (Add general code quality rules here as they develop)
diff --git a/Taskfile.yml b/Taskfile.yml
index 5a963c2..d4d5f60 100644
--- a/Taskfile.yml
+++ b/Taskfile.yml
@@ -175,6 +175,19 @@ tasks:
     cmds:
       - scripts/silent_on_success.sh fvm flutter build linux --debug --no-pub
 
+  build-linux-release:
+    desc: Build the Linux desktop app (release)
+    deps: [_preflight, _linux-deps-check, _codegen]
+    method: timestamp
+    sources:
+      - lib/**/*.dart
+      - linux/**/*
+      - pubspec.yaml
+    generates:
+      - build/linux/x64/release/bundle/sharedinbox
+    cmds:
+      - scripts/silent_on_success.sh fvm flutter build linux --release --no-pub
+
   _android-avd-setup:
     internal: true
     run: once
diff --git a/codeberg-runner/Dockerfile b/codeberg-runner/Dockerfile
new file mode 100644
index 0000000..528cc7d
--- /dev/null
+++ b/codeberg-runner/Dockerfile
@@ -0,0 +1,18 @@
+# Dockerfile for a Codeberg Runner with Nix installed
+FROM gitea/act_runner:latest
+
+# Install Nix requirements and basic tools
+RUN apt-get update && apt-get install -y curl xz-utils sudo && rm -rf /var/lib/apt/lists/*
+
+# Install Nix in single-user mode (suitable for container)
+# We use the Determinate Systems installer for reliability
+RUN curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install linux \
+    --init none \
+    --no-confirm
+
+# Add Nix to PATH
+ENV PATH="/nix/var/nix/profiles/default/bin:${PATH}"
+ENV NIX_PATH="nixpkgs=channel:nixos-unstable"
+
+# Ensure the runner user can use Nix
+RUN echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf
diff --git a/codeberg-runner/codeberg-runner.service b/codeberg-runner/codeberg-runner.service
new file mode 100644
index 0000000..aab00b4
--- /dev/null
+++ b/codeberg-runner/codeberg-runner.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=Codeberg CI Runner (Docker Compose)
+Requires=docker.service
+After=docker.service network-online.target
+
+[Service]
+Type=simple
+WorkingDirectory=/home/picoclaw/projects/sharedinbox3/codeberg-runner
+ExecStartPre=-/usr/bin/docker compose down
+ExecStart=/usr/bin/docker compose up --build
+ExecStop=/usr/bin/docker compose down
+Restart=always
+RestartSec=10
+
+[Install]
+WantedBy=multi-user.target
diff --git a/codeberg-runner/docker-compose.yml b/codeberg-runner/docker-compose.yml
new file mode 100644
index 0000000..c5529e8
--- /dev/null
+++ b/codeberg-runner/docker-compose.yml
@@ -0,0 +1,19 @@
+services:
+  runner:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    restart: always
+    env_file:
+      - ../.env
+    environment:
+      - GITEA_INSTANCE_URL=${CODEBERG_INSTANCE_URL:-https://codeberg.org}
+      - GITEA_RUNNER_REGISTRATION_TOKEN=${CODEBERG_CI_RUNNER_TOKEN}
+      - GITEA_RUNNER_NAME=${CODEBERG_RUNNER_NAME:-laptop-runner}
+      - GITEA_RUNNER_LABELS=${CODEBERG_RUNNER_LABELS:-self-hosted,linux,nix}
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./runner-data:/data
+    # Use host network if you want to access local services easily, 
+    # but for most cases the default bridge is fine.
+    # network_mode: host