diff --git a/hosts/freun-dev/secrets.nix b/hosts/freun-dev/secrets.nix
index 611e305..36233fc 100644
--- a/hosts/freun-dev/secrets.nix
+++ b/hosts/freun-dev/secrets.nix
@@ -19,6 +19,8 @@
           "dnote"
           "octodns"
           "mealie"
+          "gitlab-runner/default"
+          "gitlab-runner/docker"
         ]
     )
     // {
diff --git a/hosts/freun-dev/services.nix b/hosts/freun-dev/services.nix
index 4f4a8e0..05e15e0 100644
--- a/hosts/freun-dev/services.nix
+++ b/hosts/freun-dev/services.nix
@@ -230,5 +230,21 @@ in
         PORT = "3007";
       };
     };
+
+    gitlab-runner = {
+      enable = true;
+      services = {
+        default = {
+          dockerImage = "alpine";
+          authenticationTokenConfigFile = secrets."gitlab-runner/default".path;
+        };
+        docker = {
+          dockerImage = "docker:stable";
+          dockerVolumes = [ "/var/run/docker.sock:/var/run/docker.sock" ];
+          tagList = [ "docker" ];
+          authenticationTokenConfigFile = secrets."gitlab-runner/docker".path;
+        };
+      };
+    };
   };
 }
diff --git a/secrets/gitlab-runner/default.age b/secrets/gitlab-runner/default.age
new file mode 100644
index 0000000..8eb450d
Binary files /dev/null and b/secrets/gitlab-runner/default.age differ
diff --git a/secrets/gitlab-runner/docker.age b/secrets/gitlab-runner/docker.age
new file mode 100644
index 0000000..d2d2830
Binary files /dev/null and b/secrets/gitlab-runner/docker.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index ef4fcbb..683084f 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -29,4 +29,6 @@ in
   "octodns.age".publicKeys = users ++ [ freun-dev ];
   "mealie.age".publicKeys = users ++ [ freun-dev ];
   "borgbackup-radish.age".publicKeys = users ++ [ radish ];
+  "gitlab-runner/default.age".publicKeys = users ++ [ freun-dev ];
+  "gitlab-runner/docker.age".publicKeys = users ++ [ freun-dev ];
 }