diff --git a/.gitmodules b/.gitmodules
index 4b74b94f..a844e6d5 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -40,3 +40,4 @@
 [submodule "roles/geerlingguy.gitlab"]
 	path = roles/geerlingguy.gitlab
 	url = https://github.com/geerlingguy/ansible-role-gitlab
+
diff --git a/README.md b/README.md
index 986512ba..c87ab7d3 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,26 @@
 # ansible_heimserver
 
+## collections als Dependency
+- in meta
+```
+collections:
+  - community.general
+```
+
+## defaults in Dictionary
+```bash
+- name: "register_runner"
+  community.general.gitlab_runner:
+    description: "{{ description|default('GitLab-Runner') }}"
+```
+
+```
+description: <-- Original-Variable
+"{{ item.description| <-- Original-Inhalt
+default('GitLab-Runner') }}" <-- wenn Inhalt leer, dann default...
+```
+
+
 ## playbook-grapher
 `ansible-playbook-grapher --include-role-tasks  tests/fixtures/with_roles.yml`
 
diff --git a/group_vars/all.yml b/group_vars/all.yml
index 610862ff..5605c84c 100644
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@@ -47,18 +47,18 @@
   ufw_default_outgoing_policy: allow
   ### ryandaniels.create_users
   users:
-  - username: mg
-    password: "{{ lookup('keepass', 'linux_mg_user_password_hash', 'password') }}"
-    update_password: on_create
-    ssh_key: "{{ lookup('keepass', 'ssh_pubkey_mg', 'password') }}"
-    use_sudo: yes
-    use_sudo_nopass: yes
-    user_state: present
-    groups: ssh, sudo
-    servers:
-      - production
-      - staging
-      - test
+    - username: mg
+      password: "{{ lookup('keepass', 'linux_mg_user_password_hash', 'password') }}"
+      update_password: on_create
+      ssh_key: "{{ lookup('keepass', 'ssh_pubkey_mg', 'password') }}"
+      use_sudo: yes
+      use_sudo_nopass: yes
+      user_state: present
+      groups: ssh, sudo
+      servers:
+        - production
+        - staging
+        - test
   ### geerlingguy.dotfiles
   dotfiles_repo: "https://git.mgrote.net/mg/dotfiles"
   dotfiles_repo_local_destination: "/home/mg/dotfiles-repo"
diff --git a/group_vars/docker.yml b/group_vars/docker.yml
index a27fcbc9..6a5bca25 100644
--- a/group_vars/docker.yml
+++ b/group_vars/docker.yml
@@ -28,9 +28,6 @@
       - production
       - staging
       - test
-      - virt
-      - cephq
-      - k8s
   ### mgrote.restic
   restic_folders_to_backup: /usr/local /etc /root /home /var/lib/docker
   restic_cron_hours: "*"
diff --git a/group_vars/gitlabrunner.yml b/group_vars/gitlabrunner.yml
new file mode 100644
index 00000000..04bd41ff
--- /dev/null
+++ b/group_vars/gitlabrunner.yml
@@ -0,0 +1,17 @@
+---
+  ### geerlingguy.docker
+  docker_users:
+    - mg
+    - root
+    - ansible-user
+  ### geerlingguy.pip
+  pip_package: python3-pip
+  pip_install_packages:
+    - name: python-gitlab
+  ### mgrote.gitlab-runner
+  gitlab_runner:
+    - api_url: https://git.mgrote.net
+      registration_token: "{{ lookup('keepass', 'gitlab_runner_registration_token', 'password') }}"
+      api_token: "{{ lookup('keepass', 'gitlab_runner_api_token', 'password') }}" #Token: ansible-gitlab-runner
+      api_username: root
+      description: "{{ ansible_hostname }}"
diff --git a/inventory b/inventory
index a0802baa..1e194509 100644
--- a/inventory
+++ b/inventory
@@ -54,12 +54,16 @@ all:
         gitea-staging.grote.lan:
         gitea-test.grote.lan:
         gitea.grote.lan:
-    gitlab:  # immer auch unten in den 2 Gruppen eintragen, sonst schlägt in Bootstrap das verteilen der ssh-keys fehl
+    gitlab:
       hosts:
         gitlab-staging.grote.lan:
         gitlab-test.grote.lan:
         gitlab.grote.lan:
-
+    gitlabrunner:  # immer auch unten in den 2 Gruppen eintragen, sonst schlägt in Bootstrap das verteilen der ssh-keys fehl
+      hosts:
+        gitlab-runner-staging.grote.lan:
+        gitlab-runner-test.grote.lan:
+        gitlab-runner.grote.lan:
 #    wsl:
 #      hosts:
 #        irantu.grote.lan:
@@ -85,6 +89,7 @@ all:
         jenkins.grote.lan:
         gitea.grote.lan:
         gitlab.grote.lan:
+        gitlab-runner.grote.lan:
     staging:
       hosts:
         wireguard-staging.grote.lan:
@@ -98,6 +103,7 @@ all:
         jenkins-staging.grote.lan:
         gitea-staging.grote.lan:
         gitlab-staging.grote.lan:
+        gitlab-runner-staging.grote.lan:
     test:
       hosts:
         wireguard-test.grote.lan:
@@ -113,3 +119,4 @@ all:
         jenkins-test.grote.lan:
         gitea-test.grote.lan:
         gitlab-test.grote.lan:
+        gitlab-runner-test.grote.lan:
diff --git a/keepass_db.kdbx b/keepass_db.kdbx
index 1a8958b2..92038bd8 100644
Binary files a/keepass_db.kdbx and b/keepass_db.kdbx differ
diff --git a/playbooks/service/gitlab-runner.yml b/playbooks/service/gitlab-runner.yml
new file mode 100644
index 00000000..4a416c60
--- /dev/null
+++ b/playbooks/service/gitlab-runner.yml
@@ -0,0 +1,7 @@
+---
+- hosts: gitlabrunner
+  roles:
+    - { role: geerlingguy.pip, tags: "pip", become: true }
+    - { role: geerlingguy.docker, tags: "docker", become: true }
+    - { role: gantsign.ctop, tags: "ctop", become: true }
+    - { role: mgrote.gitlab-runner, tags: "gitlab-runner", become: true }
diff --git a/roles/mgrote.gitlab-runner/README.md b/roles/mgrote.gitlab-runner/README.md
new file mode 100644
index 00000000..ed26464f
--- /dev/null
+++ b/roles/mgrote.gitlab-runner/README.md
@@ -0,0 +1,10 @@
+## mgrote.gitlab_runner
+
+### Beschreibung
+Installiert einen Gitlab-Runner.
+
+### Funktioniert auf
+- [X] Ubuntu (>=18.04)
+
+### Variablen + Defaults
+see [defaults](./defaults/main.yml)
diff --git a/roles/mgrote.gitlab-runner/defaults/main.yml b/roles/mgrote.gitlab-runner/defaults/main.yml
new file mode 100644
index 00000000..ce9bb2f4
--- /dev/null
+++ b/roles/mgrote.gitlab-runner/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+  gitlab_runner_arch: amd64 #https://gitlab-runner-downloads.s3.amazonaws.com/latest/index.html
+  gitlab_runner_dl_link: "https://gitlab-runner-downloads.s3.amazonaws.com/latest/deb/gitlab-runner_{{ gitlab_runner_arch }}.deb"
diff --git a/roles/mgrote.gitlab-runner/handlers/main.yml b/roles/mgrote.gitlab-runner/handlers/main.yml
new file mode 100644
index 00000000..d559f099
--- /dev/null
+++ b/roles/mgrote.gitlab-runner/handlers/main.yml
@@ -0,0 +1,13 @@
+---
+  - name: "register_runner"
+    community.general.gitlab_runner:
+      api_url: "{{ item.api_url }}"
+      registration_token: "{{ item.registration_token }}"
+      api_token: "{{ item.api_token }}"
+      description: "{{ item.description|default('GitLab-Runner') }}"
+      state: "{{ item.state|default('present') }}"
+      active: "{{ item.active|default('True') }}"
+      run_untagged: True
+      locked: "{{ item.locked|default('False') }}"
+    loop: "{{ gitlab_runner }}"
+    no_log: true
diff --git a/roles/mgrote.gitlab-runner/meta/main.yml b/roles/mgrote.gitlab-runner/meta/main.yml
new file mode 100644
index 00000000..44c16ab8
--- /dev/null
+++ b/roles/mgrote.gitlab-runner/meta/main.yml
@@ -0,0 +1,3 @@
+---
+  collections: # Damit wird die Collection, wenn nicht vorhanden, als Abhängigkeit heruntergeladen.
+    - community.general
diff --git a/roles/mgrote.gitlab-runner/tasks/main.yml b/roles/mgrote.gitlab-runner/tasks/main.yml
new file mode 100644
index 00000000..1e2924f8
--- /dev/null
+++ b/roles/mgrote.gitlab-runner/tasks/main.yml
@@ -0,0 +1,6 @@
+---
+  - name: Install deb package
+    apt:
+      deb: "{{ gitlab_runner_dl_link }}"
+      state: present
+    notify: register_runner