---
version: "3.4"

services:
  dind:
    image: docker:dind
    restart: unless-stopped
    privileged: true
    volumes:
      - /lib/modules:/lib/modules:ro
    environment:
      DOCKER_TLS_CERTDIR: ""
    networks:
      - backend
      - default

  runner:
    image: gitlab/gitlab-runner:alpine
    restart: unless-stopped
    depends_on:
      - dind
    networks:
      - default
      - backend
    volumes:
      - runner_cfg:/etc/gitlab-runner:z
    environment:
      - DOCKER_HOST=tcp://dind:2375
      - CI_SERVER_URL={{ ba_gitlab_runner.server }}
      - REGISTRATION_TOKEN={{ ba_gitlab_runner.token }}

volumes:
  runner_cfg:

networks:
  backend:
    internal: true

...