diff --git a/.github/workflows/deploy-admin-staging.yml b/.github/workflows/deploy-admin-staging.yml
index 7c00161..4c07e35 100644
--- a/.github/workflows/deploy-admin-staging.yml
+++ b/.github/workflows/deploy-admin-staging.yml
@@ -4,7 +4,7 @@ name: Deploy Admin Staging
 # Build + Deploy-Pipeline fuer rebreak-admin-staging.
 #
 # Pattern: identisch zu deploy-staging.yml (backend).
-#   - Build laeuft auf GH-Runner (7 GB RAM, kein OOM-Risiko auf Hetzner CX23)
+#   - Build laeuft auf self-hosted Runner (raynis-builder, 8 GB RAM)
 #   - Artifact wird via scp zum Server gepusht
 #   - Server-Script deploy-admin-from-artifact.sh extrahiert + pm2 restart
 #
@@ -33,10 +33,10 @@ permissions:
   contents: read
 
 jobs:
-  # ── 1. Build auf GitHub-Runner ──────────────────────────────────────────────
+  # ── 1. Build auf self-hosted Runner ─────────────────────────────────────────
   build:
     name: Build admin (Nuxt SSR)
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, raynis-builder]
     steps:
       - uses: actions/checkout@v4
 
@@ -69,7 +69,7 @@ jobs:
   deploy:
     name: Deploy zu Hetzner
     needs: build
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, raynis-builder]
     environment: staging  # selbes GitHub-Environment wie backend-deploy (shared secrets)
     steps:
       - name: Download artifact
@@ -79,11 +79,11 @@ jobs:
 
       - name: Setup SSH
         env:
-          SSH_PRIVATE_KEY: ${{ secrets.HETZNER_SSH_KEY }}
+          SSH_PRIVATE_KEY: ${{ secrets.STAGING_DEPLOY_KEY }}
           SSH_HOST: ${{ vars.HETZNER_HOST }}
         run: |
           if [ -z "$SSH_PRIVATE_KEY" ] || [ -z "$SSH_HOST" ]; then
-            echo "FATAL: HETZNER_SSH_KEY (secret) oder HETZNER_HOST (var) nicht gesetzt"
+            echo "FATAL: STAGING_DEPLOY_KEY (secret) oder HETZNER_HOST (var) nicht gesetzt"
             exit 1
           fi
           echo "Deploying admin to host: $SSH_HOST"
diff --git a/.github/workflows/deploy-staging.yml b/.github/workflows/deploy-staging.yml
index 3201725..7a58ccf 100644
--- a/.github/workflows/deploy-staging.yml
+++ b/.github/workflows/deploy-staging.yml
@@ -4,14 +4,12 @@ name: Deploy Staging
 # Build + Deploy-Pipeline fuer rebreak-staging.
 #
 # Warum GitHub-Actions statt Server-Build:
-#   - Hetzner CX23 (4 GB RAM) gerissen am 2026-05-06 das 1.5 GB Heap-Limit
-#     waehrend `pnpm build` (OOM, "ineffective mark-compacts near heap limit").
-#   - GitHub Actions Runner haben 7 GB RAM und sind frei (public-repo) bzw.
-#     monatliches Free-Quota (private-repo).
+#   - Self-hosted Runner auf raynis-builder (api.trucko.org, 8 GB RAM).
+#   - Keine kostenpflichtigen GitHub Actions Minuten mehr fuer Linux-Builds.
 #   - Server bleibt unangetastet -- nur Artifact-Extract + pm2 restart.
 #
 # Pattern (uebernommen aus trucko-monorepo .github/workflows/android.yml):
-#   - SSH-Key in GitHub-Secret (HETZNER_SSH_KEY)
+#   - SSH-Key in GitHub-Secret (STAGING_DEPLOY_KEY)
 #   - ssh-keyscan + scp + ssh fuer Server-Side-Trigger
 #   - Concurrency-Group verhindert parallele Deploys
 #
@@ -33,10 +31,10 @@ permissions:
   contents: read
 
 jobs:
-  # ── 1. Build auf GitHub-Runner (7 GB RAM, kein OOM-Risiko) ──────────────────
+  # ── 1. Build auf self-hosted Runner (raynis-builder) ────────────────────────
   build:
     name: Build backend (Nitro)
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, raynis-builder]
     steps:
       - uses: actions/checkout@v4
         with:
@@ -55,9 +53,7 @@ jobs:
 
       - name: Build backend (prisma generate + nitro build)
         working-directory: backend
-        # Runner hat 7 GB RAM, aber Node nimmt default nur ~2 GB Heap → nitro build
-        # OOM'te ("ineffective mark-compacts near heap limit", exit 134), seit der
-        # Build gewachsen ist. Heap auf 4 GB anheben (passt locker in die 7 GB).
+        # Runner hat 8 GB RAM; Heap auf 4 GB anheben fuer Nitro build.
         env:
           NODE_OPTIONS: "--max-old-space-size=4096"
         run: pnpm build
@@ -83,7 +79,7 @@ jobs:
   deploy:
     name: Deploy zu Hetzner
     needs: build
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, raynis-builder]
     environment: staging  # GitHub-Environment fuer Secret-Isolation
     steps:
       - name: Download artifact
@@ -99,11 +95,11 @@ jobs:
 
       - name: Setup SSH
         env:
-          SSH_PRIVATE_KEY: ${{ secrets.HETZNER_SSH_KEY }}
+          SSH_PRIVATE_KEY: ${{ secrets.STAGING_DEPLOY_KEY }}
           SSH_HOST: ${{ vars.HETZNER_HOST }}
         run: |
           if [ -z "$SSH_PRIVATE_KEY" ] || [ -z "$SSH_HOST" ]; then
-            echo "FATAL: HETZNER_SSH_KEY (secret) oder HETZNER_HOST (var) nicht gesetzt"
+            echo "FATAL: STAGING_DEPLOY_KEY (secret) oder HETZNER_HOST (var) nicht gesetzt"
             exit 1
           fi
           echo "Deploying to host: $SSH_HOST"