It's Talos Linux on Hetzner VMs where all resources are managed via kubenix, and all CI runners are running NixOS.
So... extremely affordable and extremely performant, but very complicated.
Drop me an email if you want the writeup when I get around to making it.
Until then, here's a Forgejo Actions that compiles its own CI runner image:
https://git.shine.town/infra/runners/src/branch/main/.forgej...
No Docker involved in the build process, it's all Nix.
Unfortunately the CI runner itself is still Docker-in-Docker because:
https://codeberg.org/forgejo/discussions/issues/66#issuecomm...