diff --git a/talos/patches/woodpecker.patch b/talos/patches/woodpecker.patch
new file mode 100644
index 0000000..6a91c95
--- /dev/null
+++ b/talos/patches/woodpecker.patch
@@ -0,0 +1,14 @@
+# Allow Woodpecker to run privileged containers
+# Used for example to build multi-arch mikrotik-tailscale image
+# which needs to register binfmt
+
+cluster:
+  apiServer:
+    admissionControl:
+      - name: PodSecurity
+        configuration:
+          apiVersion: pod-security.admission.config.k8s.io/v1beta1
+          kind: PodSecurityConfiguration
+          exemptions:
+            namespaces:
+              - woodpecker