diff --git a/hosts/monolith/monolith-gitlab-runner.nix b/hosts/monolith/monolith-gitlab-runner.nix
index 87983a1..64c68ea 100644
--- a/hosts/monolith/monolith-gitlab-runner.nix
+++ b/hosts/monolith/monolith-gitlab-runner.nix
@@ -15,27 +15,36 @@ in
   virtualisation.docker.enable = true;
   services.gitlab-runner = {
     enable = true;
-    settings.concurrent = 4;
+    settings = {
+      concurrent = 2;
+    };
     services = {
-      # runner for building in docker via host's nix-daemon
-      # nix store will be readable in runner, might be insecure
-      thoreb-telemetria-nix = mkNixRunner config.sops.secrets."gitlab-runners/thoreb-telemetria-nix".path;
-      thoreb-itinerario-nix = mkNixRunner config.sops.secrets."gitlab-runners/thoreb-itinerario-nix".path;
+      # # runner for building in docker via host's nix-daemon
+      # # nix store will be readable in runner, might be insecure
+      # thoreb-telemetria-nix = mkNixRunner config.sops.secrets."gitlab-runners/thoreb-telemetria-nix".path;
+      # thoreb-itinerario-nix = mkNixRunner config.sops.secrets."gitlab-runners/thoreb-itinerario-nix".path;
 
-      wopus-gitlab-nix = mkNixRunnerFull {
-        authenticationTokenConfigFile = config.sops.secrets."gitlab-runners/wopus-gitlab-nix".path;
-        # nixCacheSshPrivateKeyPath = config.sops.secrets."gitlab-runners/wopus-ssh-nix-cache-pk".path;
-        # nixCacheSshPublicKeyPath = config.sops.secrets."gitlab-runners/wopus-ssh-nix-cache-pub".path;
-      };
+      wopus-gitlab-nix =
+        (mkNixRunnerFull {
+          authenticationTokenConfigFile = config.sops.secrets."gitlab-runners/wopus-gitlab-nix".path;
+          # nixCacheSshPrivateKeyPath = config.sops.secrets."gitlab-runners/wopus-ssh-nix-cache-pk".path;
+          # nixCacheSshPublicKeyPath = config.sops.secrets."gitlab-runners/wopus-ssh-nix-cache-pub".path;
+        })
+        // {
+          requestConcurrency = 2;
+        };
 
-      default = {
-        # File should contain at least these two variables:
-        # `CI_SERVER_URL`
-        # `CI_SERVER_TOKEN`
-        authenticationTokenConfigFile = config.sops.secrets."gitlab-runners/docker-images-token".path;
-        dockerImage = "debian:stable";
-        dockerPullPolicy = "if-not-present";
-      };
+      # default = ({
+      #   # File should contain at least these two variables:
+      #   # `CI_SERVER_URL`
+      #   # `CI_SERVER_TOKEN`
+      #   authenticationTokenConfigFile = config.sops.secrets."gitlab-runners/docker-images-token".path;
+      #   dockerImage = "debian:stable";
+      #   dockerPullPolicy = "if-not-present";
+      # })
+      # // {
+      #   requestConcurrency = 4;
+      # };
     };
   };
   systemd.services.gitlab-runner.serviceConfig.Nice = 10;