diff --git a/ansible/runner/README.md b/ansible/runner/README.md
index 9d85e5902e9f5edb48ce9cf65dc985593e5ff125..b9dd5d0ee1b8a29bbef223984c3f24ae26633012 100644
--- a/ansible/runner/README.md
+++ b/ansible/runner/README.md
@@ -1,7 +1,16 @@
-# MAIN VMs ansible
+# Runner Ansible config with podman
 
 First run:  
-`ansible-playbook -i inventory.yaml install.yaml --user root`
+`ansible-playbook -i inventory.yaml install.yaml --user ubuntu --become`
 
-After first run:  
-`ansible-playbook -i inventory.yaml install.yaml --become --user rlacko`
\ No newline at end of file
+After first run: (And update ssh port to 10022)  
+`ansible-playbook -i inventory.yaml install.yaml --become --user rlacko`
+
+## Config
+Update the variables in `vars` folder.
+
+## Run 
+
+`sudo -s`  
+`cd /home/ubuntu`
+`podman-compose up -d`
diff --git a/ansible/runner/install.yaml b/ansible/runner/install.yaml
index 86e945492c158cbeebb8fbf9c93d6981a83609b5..7fc394819ed4e86abac53a694ca5e8ad956b0649 100644
--- a/ansible/runner/install.yaml
+++ b/ansible/runner/install.yaml
@@ -9,6 +9,8 @@
     - name: Setup Runner VM
       import_tasks: tasks/main.yaml
   
+  vars_files:
+    - vars/vars.yaml
   vars:
     users: 
       - name: rlacko
@@ -19,4 +21,7 @@
       port: 10022
       permitRootLogin: 'no'
       pubkeyAuthentication: 'yes'
-      passwordAuthentication: 'no'
\ No newline at end of file
+      passwordAuthentication: 'no'
+      allow:
+        users: 'rlacko'
+    
diff --git a/ansible/runner/inventory.yaml b/ansible/runner/inventory.yaml
index 07bf36282d19b4b9072a09d876b9f05ba7a38342..a7a9cc6f7a413f9ea497e14c0d623fc7a784c8cc 100644
--- a/ansible/runner/inventory.yaml
+++ b/ansible/runner/inventory.yaml
@@ -1,3 +1,4 @@
 all:
   hosts:
-    152.66.211.122:
+    152.66.211.9:
+      ansible_port: 10022
diff --git a/ansible/runner/tasks/packages.yaml b/ansible/runner/tasks/packages.yaml
index 5e869ec01868f78b0b786149f3b86b63cf2eff05..dd08cd07e80168825e16bccb0c115ba7e6c47084 100644
--- a/ansible/runner/tasks/packages.yaml
+++ b/ansible/runner/tasks/packages.yaml
@@ -1,5 +1,5 @@
 ---
-- name: Install basic packages
+- name: Install packages
   package:
     state: present
     name:
diff --git a/ansible/runner/tasks/runner.yaml b/ansible/runner/tasks/runner.yaml
index da2d0f85772877eed9c01f63e2188fb8387c6977..22f18e3077ffdef718f141c4805cfe678d4aceeb 100644
--- a/ansible/runner/tasks/runner.yaml
+++ b/ansible/runner/tasks/runner.yaml
@@ -20,13 +20,12 @@
 
 - name: Copy config toml
   template:
-    src: home/ubuntu/gitlab-runner/config.toml
+    src: home/ubuntu/gitlab-runner/config.toml.j2
     dest: /home/ubuntu/gitlab-runner/config.toml
     owner: ubuntu
     group: ubuntu
     mode: 0700
-    # backing up in case the need to recover
-    backup: false
+    backup: true
   become: true
 
 - name: Copy compose file
@@ -39,3 +38,27 @@
     # backing up in case the need to recover
     backup: false
   become: true
+
+- name: Copy registries config
+  template:
+    src: etc/containers/registries.conf
+    dest: /etc/containers/registries.conf
+    owner: root
+    group: root
+    mode: 0644
+    # backing up in case the need to recover
+    backup: true
+  become: true
+
+- name: Enable podman socket service
+  systemd:
+    name: podman.socket
+    state: started
+    enabled: yes
+
+- name: Add read write permission to podman socket
+  file:
+    path: /var/run/podman/podman.sock
+    owner: root
+    group: root
+    mode: '0664'
diff --git a/ansible/runner/templates/etc/containers/registries.conf b/ansible/runner/templates/etc/containers/registries.conf
new file mode 100644
index 0000000000000000000000000000000000000000..cbc1a31a1c4989aeccbd5809d056f50055e61732
--- /dev/null
+++ b/ansible/runner/templates/etc/containers/registries.conf
@@ -0,0 +1,70 @@
+# For more information on this configuration file, see containers-registries.conf(5).
+#
+# NOTE: RISK OF USING UNQUALIFIED IMAGE NAMES
+# We recommend always using fully qualified image names including the registry
+# server (full dns name), namespace, image name, and tag
+# (e.g., registry.redhat.io/ubi8/ubi:latest). Pulling by digest (i.e.,
+# quay.io/repository/name@digest) further eliminates the ambiguity of tags.
+# When using short names, there is always an inherent risk that the image being
+# pulled could be spoofed. For example, a user wants to pull an image named
+# `foobar` from a registry and expects it to come from myregistry.com. If
+# myregistry.com is not first in the search list, an attacker could place a
+# different `foobar` image at a registry earlier in the search list. The user
+# would accidentally pull and run the attacker's image and code rather than the
+# intended content. We recommend only adding registries which are completely
+# trusted (i.e., registries which don't allow unknown or anonymous users to
+# create accounts with arbitrary names). This will prevent an image from being
+# spoofed, squatted or otherwise made insecure.  If it is necessary to use one
+# of these registries, it should be added at the end of the list.
+#
+# # An array of host[:port] registries to try when pulling an unqualified image, in order.
+unqualified-search-registries = ["docker.io"]
+#
+# [[registry]]
+# # The "prefix" field is used to choose the relevant [[registry]] TOML table;
+# # (only) the TOML table with the longest match for the input image name
+# # (taking into account namespace/repo/tag/digest separators) is used.
+# #
+# # If the prefix field is missing, it defaults to be the same as the "location" field.
+# prefix = "example.com/foo"
+#
+# # If true, unencrypted HTTP as well as TLS connections with untrusted
+# # certificates are allowed.
+# insecure = false
+#
+# # If true, pulling images with matching names is forbidden.
+# blocked = false
+#
+# # The physical location of the "prefix"-rooted namespace.
+# #
+# # By default, this equal to "prefix" (in which case "prefix" can be omitted
+# # and the [[registry]] TOML table can only specify "location").
+# #
+# # Example: Given
+# #   prefix = "example.com/foo"
+# #   location = "internal-registry-for-example.net/bar"
+# # requests for the image example.com/foo/myimage:latest will actually work with the
+# # internal-registry-for-example.net/bar/myimage:latest image.
+# location = internal-registry-for-example.com/bar"
+#
+# # (Possibly-partial) mirrors for the "prefix"-rooted namespace.
+# #
+# # The mirrors are attempted in the specified order; the first one that can be
+# # contacted and contains the image will be used (and if none of the mirrors contains the image,
+# # the primary location specified by the "registry.location" field, or using the unmodified
+# # user-specified reference, is tried last).
+# #
+# # Each TOML table in the "mirror" array can contain the following fields, with the same semantics
+# # as if specified in the [[registry]] TOML table directly:
+# # - location
+# # - insecure
+# [[registry.mirror]]
+# location = "example-mirror-0.local/mirror-for-foo"
+# [[registry.mirror]]
+# location = "example-mirror-1.local/mirrors/foo"
+# insecure = true
+# # Given the above, a pull of example.com/foo/image:latest will try:
+# # 1. example-mirror-0.local/mirror-for-foo/image:latest
+# # 2. example-mirror-1.local/mirrors/foo/image:latest
+# # 3. internal-registry-for-example.net/bar/image:latest
+# # in order, and use the first one that exists.
\ No newline at end of file
diff --git a/ansible/runner/templates/home/ubuntu/gitlab-runner/config.toml b/ansible/runner/templates/home/ubuntu/gitlab-runner/config.toml
deleted file mode 100644
index 03e1a8c2c52f7face22c205c7d4c89080d623d01..0000000000000000000000000000000000000000
--- a/ansible/runner/templates/home/ubuntu/gitlab-runner/config.toml
+++ /dev/null
@@ -1,6 +0,0 @@
-listen_address = ":9252"
-concurrent = 10
-check_interval = 1
-
-[session_server]
-  session_timeout = 1800
diff --git a/ansible/runner/templates/home/ubuntu/gitlab-runner/config.toml.j2 b/ansible/runner/templates/home/ubuntu/gitlab-runner/config.toml.j2
new file mode 100644
index 0000000000000000000000000000000000000000..84390fe05cac977a0c248ff3b1a93af6579f9d69
--- /dev/null
+++ b/ansible/runner/templates/home/ubuntu/gitlab-runner/config.toml.j2
@@ -0,0 +1,35 @@
+listen_address = ":9252"
+concurrent = 10
+check_interval = 1
+
+[session_server]
+  session_timeout = 1800
+
+[[runners]]
+  name = {{ runner.name}}
+  url = {{ runner.url }}
+  token = {{ runner.token }}
+  executor = "docker"
+  [runners.custom_build_dir]
+  {% if runner.s3cache is defined %}
+  [runners.cache]
+    Type = "s3"
+    Path = "runner"
+    Shared = true
+    [runners.cache.s3]
+      ServerAddress = {{ runner.s3cache.server_address }}
+      BucketName = {{ runner.s3cache.bucket_name }}
+      Insecure = false
+      AccessKey = {{ runner.s3cache.access_key }}
+      SecretKey = {{ runner.s3cache.secret_key }}
+  {% endif %}
+  [runners.docker]
+    tls_verify = false
+    image = "ubuntu:20.04"
+    privileged = false
+    disable_entrypoint_overwrite = false
+    oom_kill_disable = false
+    disable_cache = false
+    volumes = ["/cache"]
+    shm_size = 0
+    pull_policy = ["if-not-present"]
diff --git a/ansible/runner/vars/.gitignore b/ansible/runner/vars/.gitignore
new file mode 100644
index 0000000000000000000000000000000000000000..c92268eb82cc9ce03346f4cca0d27a4bca21bcbb
--- /dev/null
+++ b/ansible/runner/vars/.gitignore
@@ -0,0 +1,4 @@
+*
+
+!.gitignore
+!*.example
\ No newline at end of file
diff --git a/ansible/runner/vars/vars.yaml.example b/ansible/runner/vars/vars.yaml.example
new file mode 100644
index 0000000000000000000000000000000000000000..cdf84da14d6a8d0483d3765e893bd78acd6e6e42
--- /dev/null
+++ b/ansible/runner/vars/vars.yaml.example
@@ -0,0 +1,23 @@
+---
+
+users: 
+  - name: rlacko
+    sudo: yes
+    passwordless_sudo: yes
+    keys_url: https://git.sch.bme.hu/rlacko.keys
+ssh:
+  port: 10022
+  permitRootLogin: 'no'
+  pubkeyAuthentication: 'yes'
+  passwordAuthentication: 'no'
+  allow:
+    users: 'rlacko'
+runner:
+  name:
+  url:
+  token:
+  s3cache: 
+    server_address:
+    bucket_name:
+    access_key:
+    secret_key:
diff --git a/terraform/runner-tmp.tf b/terraform/runner-tmp.tf
index 99836243cc947003553fcab155d6ee9301f646e6..aa811d5354b6fae4dab48dbf20fd5c646528ecbf 100644
--- a/terraform/runner-tmp.tf
+++ b/terraform/runner-tmp.tf
@@ -23,9 +23,10 @@ resource "proxmox_vm_qemu" "runner-tmp" {
     network {
         model = "virtio"
         bridge = "vmbr211"
+        macaddr = "42:63:41:D8:F7:DE"
     }
 
-    ipconfig0 = "ip=152.66.211.122/24,gw=152.66.211.254"
+    ipconfig0 = "ip=152.66.211.9/24,gw=152.66.211.254"
 
     sshkeys = <<EOF
     ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXuXr/Mz1ENkvZ+Ntc9dF1r8VK62XaZtsMaV7N+CMZ8 rlacko@personal