diff --git a/applications/gitlab_runner.nix b/applications/gitlab_runner.nix
new file mode 100644
index 0000000..601aecf
--- /dev/null
+++ b/applications/gitlab_runner.nix
@@ -0,0 +1,69 @@
+{ config, pkgs, lib, ... }:
+  with lib;
+  let
+    cfg = config.services.skynet_gitlab_runner;
+  in {
+  imports = [
+
+  ];
+
+  options.services.skynet_gitlab_runner = {
+    enable = mkEnableOption "Skynet Gitlab Runner";
+
+    runner = {
+      name = mkOption {
+        type = types.str;
+      };
+
+      gitlab = mkOption {
+        default = "https://gitlab.skynet.ie";
+        type = types.str;
+      };
+
+      description = mkOption {
+        default = cfg.runner.name;
+        type = types.str;
+      };
+
+      docker = {
+        image = mkOption {
+          default = "alpine:latest";
+          type = types.str;
+        };
+
+        cleanup_dates = mkOption {
+          # https://man.archlinux.org/man/systemd.time.7#CALENDAR_EVENTS
+          # it will use a lot of storage so clear it daily, may change to hourly if required
+          default = "daily";
+          type = types.str;
+        };
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    # https://search.nixos.org/options?from=0&size=50&sort=alpha_desc&type=packages&query=services.gitlab-runner.
+
+
+    age.secrets."${cfg.runner.name}".file = ../secrets/gitlab/runners/${cfg.runner.name}.age;
+
+    services.gitlab-runner = {
+      enable = true;
+
+      clear-docker-cache = {
+        enable = true;
+        dates = cfg.runner.docker.cleanup_dates;
+      };
+
+      services = {
+        # might make a function later to have multiple runners, might never need it though
+        "${cfg.runner.name}" = {
+          cloneUrl = cfg.runner.gitlab;
+          description = cfg.runner.description;
+          registrationConfigFile = config.age.secrets."${cfg.runner.name}".path;
+          dockerImage = cfg.runner.docker.image;
+        };
+      };
+    };
+  };
+}
\ No newline at end of file
diff --git a/flake.nix b/flake.nix
index 6fd9804..b3c4589 100644
--- a/flake.nix
+++ b/flake.nix
@@ -57,6 +57,9 @@
       # Gitlab
       glados = import ./machines/glados.nix;
 
+      # Gitlab runners
+      wheatly = import ./machines/wheatly.nix;
+
       # email
       gir.imports = [ ./machines/gir.nix simple-nixos-mailserver.nixosModule];
 
diff --git a/machines/wheatly.nix b/machines/wheatly.nix
new file mode 100644
index 0000000..7d0631e
--- /dev/null
+++ b/machines/wheatly.nix
@@ -0,0 +1,53 @@
+/*
+
+  Name:     https://theportalwiki.com/wiki/Wheatley
+  Why:      Whereever GLaDOS is Wheatly is not too far away
+  Type:     VM
+  Hardware: -
+  From:     2023
+  Role:     Gitlab Runner
+  Notes:
+
+*/
+
+{ pkgs, lib, nodes, ... }:
+let
+  # name of the server, sets teh hostname and record for it
+  name      = "wheatly";
+  ip_pub    = "193.1.99.78";
+  ip_priv   = "172.20.20.7";
+  hostname  = "${name}.skynet.ie";
+
+in {
+  imports = [
+    ../applications/gitlab_runner.nix
+  ];
+
+  deployment = {
+    targetHost = hostname;
+    targetPort = 22;
+    targetUser = "root";
+
+    tags = [ "active" ];
+  };
+
+
+  skynet_dns.records = {
+    external = [
+      "${name}       A       ${ip_pub}"
+    ];
+    reverse = [
+      "${builtins.substring 9 3 ip_pub} IN PTR ${hostname}."
+    ];
+  };
+
+  environment.systemPackages = [
+      pkgs.gitlab-runner
+  ];
+
+  services.skynet_gitlab_runner = {
+    enable = true;
+    runner.name = "runner01";
+  };
+
+}
\ No newline at end of file
diff --git a/secrets/gitlab/runners/runner01.age b/secrets/gitlab/runners/runner01.age
new file mode 100644
index 0000000..15ceba3
--- /dev/null
+++ b/secrets/gitlab/runners/runner01.age
@@ -0,0 +1,14 @@
+age-encryption.org/v1
+-> ssh-ed25519 V1pwNA zfq1BfPaVUFSBQp9N511d9dH/7OOaXCV+g+cbYMZphw
+50UdZD5tpPVR2PKEHPaPVhi/1x8GXoA/kDRKNAs5OnU
+-> ssh-ed25519 rIwlvw pKhv0WXm8Cbc5KjZgI/b/NJvF8rTzzxdBvON8HBRgVY
+Wyzj2gDrBawwxoirJgR24gIrYi6oaV3R1dki6cpepS4
+-> ssh-ed25519 q8eJgg oP4w7oRI4suBuIEZ6SC9SOw991WGDjd4103m3ADZuTs
+Clt4xDr+OrS4MtwK+1/7LmTM0P0jGhqvZD4+cPg533g
+-> ssh-ed25519 yvS9bw FimWkJGigumVEyx2CV96SfwXRkl8aPHdgFTVAlMSa3s
+etHz9IbwrOtzDAMXKQ0xa716OCLeJYX6rGgvLI+7Ngc
+-> OQ)-grease
+FmK6wjGW+7g4g+/HorXpNDoGV2G0RW6HYHlJfzHVhpY+o9No2et/q/lOOkly7+GQ
+MMijO83k9LMwtN0zqY4aZfv4kpcJWQhjESUuY+FX
+--- uleDVma8uLL0beHr7DTDVlNz218xZuKHeIa24ANkpJo
+ej& ¼€à~'ÖÃ¸0­pf÷>.‰)¤bâ4rÒ¶dtÅ§”õ“ÞnúH{ŒKÏà5WÁ$72¿’b}EíAÔ­Ö+Æî³	­A;TØ2Ó`·ÓâŽÄ£k]qK>
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 42578df..3380255 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -25,6 +25,8 @@ let
 
   glados = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6go7ScvOga9vYqC5HglPfh2Nu8wQTpEKpvIZuMAZom root@glados";
 
+  wheatly = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEehcrWqZbTr4+do1ONE9Il/SayP0xXMvhozm845tonN root@wheatly";
+
   kitt = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPble6JA2O/Wwv0Fztl/kiV0qj+QMjS+jTTj1Sz8k9xK root@kitt";
 
   gir = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINL2qk/e0QBqpTQ2xDjF7Cv4c92jJ53jW2fuu88hAF/u root@gir";
@@ -55,6 +57,10 @@ let
     glados
   ];
 
+  gitlab_runners = [
+    wheatly
+  ];
+
   # these need dns stuff
   webservers = [
     # ULFM
@@ -84,6 +90,8 @@ in
   "gitlab/secrets_jws.age".publicKeys = users ++ gitlab;
   "gitlab/ldap_pw.age".publicKeys = users ++ gitlab;
 
+  "gitlab/runners/runner01.age".publicKeys = users ++ gitlab_runners;
+
   # for ldap
   "ldap/pw.age".publicKeys = users ++ ldap;
   "ldap/self_service.age".publicKeys = users ++ ldap;