diff --git a/m/hut/gitlab-runner.nix b/m/hut/gitlab-runner.nix
index 3cbe4f6..226099b 100644
--- a/m/hut/gitlab-runner.nix
+++ b/m/hut/gitlab-runner.nix
@@ -1,9 +1,8 @@
 { pkgs, lib, config, ... }:
 
 {
-  age.secrets.ovniToken.file = ../../secrets/ovni-token.age;
-  age.secrets.gitlabToken.file = ../../secrets/gitlab-bsc-es-token.age;
-  age.secrets.nosvToken.file = ../../secrets/nosv-token.age;
+  age.secrets.gitlabRunnerShellToken.file = ../../secrets/gitlab-runner-shell-token.age;
+  age.secrets.gitlabRunnerDockerToken.file = ../../secrets/gitlab-runner-docker-token.age;
 
   services.gitlab-runner = {
     enable = true;
@@ -11,20 +10,14 @@
     services = let
       common-shell = {
         executor = "shell";
-        tagList = [ "nix" "xeon" ];
-        registrationFlags = [
-          # Using space doesn't work, and causes it to misread the next flag
-          "--locked='false'"
-        ];
         environmentVariables = {
           SHELL = "${pkgs.bash}/bin/bash";
         };
       };
       common-docker = {
+        executor = "docker";
         dockerImage = "debian:stable";
-        tagList = [ "docker" "xeon" ];
         registrationFlags = [
-          "--locked='false'"
           "--docker-network-mode host"
         ];
         environmentVariables = {
@@ -33,19 +26,12 @@
         };
       };
     in {
-      # For gitlab.bsc.es
-      gitlab-bsc-es-shell = common-shell // {
-        registrationConfigFile = config.age.secrets.gitlabToken.path;
-      };
-      gitlab-bsc-es-docker = common-docker // {
-        registrationConfigFile = config.age.secrets.gitlabToken.path;
-      };
       # For pm.bsc.es/gitlab
       gitlab-pm-shell = common-shell // {
-        registrationConfigFile = config.age.secrets.ovniToken.path;
+        authenticationTokenConfigFile = config.age.secrets.gitlabRunnerShellToken.path;
       };
       gitlab-pm-docker = common-docker // {
-        registrationConfigFile = config.age.secrets.ovniToken.path;
+        authenticationTokenConfigFile = config.age.secrets.gitlabRunnerDockerToken.path;
       };
     };
   };
diff --git a/secrets/gitlab-bsc-es-token.age b/secrets/gitlab-bsc-es-token.age
deleted file mode 100644
index ffe7aaf..0000000
--- a/secrets/gitlab-bsc-es-token.age
+++ /dev/null
@@ -1,11 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 HY2yRg caTbx0NBmsTSmZH4HtBaxhsauWqWUDTesJqT08UsoEQ
-8ND31xuco+H8d5SKg8xsCFRPVDhU4d8UKwV1BnmKVjQ
--> ssh-ed25519 CAWG4Q 4ETYuhCwHHECkut4DWDknMMgpAvFqtzLWVC2Wi2L8FM
-BGMvRnAfd8qZG5hzLefmk32FkGvwzE9pqBUyx4JY0co
--> ssh-ed25519 MSF3dg hj5QL4ZfylN8/W/MXQHvVqtI7mRvlQOYr8HsaQEmPB0
-kvB7sljmmkswSGZDQnrwdTbTsN78EAwH3pz1pPe0Hu0
--> )Q-grease vHF} [8p1> @7z;C"/
-tgSUKFyyrf2jLXZp+pakigwB2fRO/WFj2Qnt1aPjtVPEK92JbJ4
---- xzM0AhV4gTQE0Q7inJNo9vFj+crJQxWeI7u9pl7bqAI
-á6nGJÖ0Bˆ’7F° –bßÙ½2®L³äÇ]²2zlÀ&e†KÄx®àé9SWNàV"MfŽ€ëÙKHUC:1b;9St‰ëõ±DuÑ§ç‹Ï¢žÌŸ¡èÐéîÀ–ÔfÕ7¨î1§I(õdÓþô‡ïó
\ No newline at end of file
diff --git a/secrets/gitlab-runner-docker-token.age b/secrets/gitlab-runner-docker-token.age
new file mode 100644
index 0000000..b11b2d2
--- /dev/null
+++ b/secrets/gitlab-runner-docker-token.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 HY2yRg WvKK6U1wQtx2pbUDfuaUIXTQiCulDkz7hgUCSwMfMzQ
+jLktUMqKuVxukqzz++pHOKvmucUQqeKYy5IwBma7KxY
+-> ssh-ed25519 CAWG4Q XKGuNNoYFl9bdZzsqYYTY7GsEt5sypLW4R+1uk78NmU
+8dIA2GzRAwTGM5CDHSM2BUBsbXzEAUssWUz2PY2PaTg
+-> ssh-ed25519 MSF3dg T630RsKuZIF/bp+KITnIIWWHsg6M/VQGqbWQZxqT+AA
+SraZcgZJVtmUzHF/XR9J7aK5t5EDNpkC/av/WJUT/G8
+--- /12G8pj9sbs591OM/ryhoLnSWWmzYcoqprk9uN/3g18
+ä·ù¼Â‡%å]yi"ô»LÓâùH`ªa$Æþ)¦9ve.0úmÉKvƒÀïu"|1cÞ-%ÔÕ"åWFï¡ÞA«hº$•ºj<eñ¶xÅLx«ç.?œÈâ:L…¬–ƒ,ëu»|³‹F|Õi²äÔ
\ No newline at end of file
diff --git a/secrets/gitlab-runner-shell-token.age b/secrets/gitlab-runner-shell-token.age
new file mode 100644
index 0000000..634320c
Binary files /dev/null and b/secrets/gitlab-runner-shell-token.age differ
diff --git a/secrets/nosv-token.age b/secrets/nosv-token.age
deleted file mode 100644
index 31a354b..0000000
--- a/secrets/nosv-token.age
+++ /dev/null
@@ -1,11 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 HY2yRg hrdS7Dl/j+u3XVfM79ZJpZSlre9TcD7DTQ+EEAT6kEE
-avUO96P1h7w2BYWgrQ7GpUgdaCV9AZL7eOTTcF9gfro
--> ssh-ed25519 CAWG4Q A5raRY1CAgFYZgoQ92GMyNejYNdHx/7Y6uTS+EjLPWA
-FRFqT2Jz7qRcybaxkQTKHGl797LVXoHpYG4RZSrX/70
--> ssh-ed25519 MSF3dg D+R80Bg7W9AuiOMAqtGFZQl994dRBIegYRLmmTaeZ3o
-BHvZsugRiuZ91b4jk91h30o3eF3hadSnVCwxXge95T8
--> BT/El`a-grease W{nq|Vm )bld 2Nl}4 N$#JGB4t
-oLG+0S1aGfO/ohCfgGmhDhwwLi4H
---- 2I5C+FvBG/K1ZHh7C5QD39feTSLoFGwcTeZAmeILNsI
-¹õW©o÷ ÙÄd;ËÐC¾.¹¡_(“uG¡€‰#ìvâœgÉ†õõy¹Y‰žl9ŒÈ¡Ïµ.Œé0xÞ½úN. /ütB×b‡ü¼K¼ì:Q×—È\¹ÀÍT_´»Átxïm’——_JñÞž-š
\ No newline at end of file
diff --git a/secrets/ovni-token.age b/secrets/ovni-token.age
deleted file mode 100644
index 4378c38..0000000
Binary files a/secrets/ovni-token.age and /dev/null differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 9844734..747b4aa 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -6,10 +6,9 @@ let
   safe = keys.hostGroup.safe ++ adminsKeys;
 in
 {
-  "gitlab-bsc-es-token.age".publicKeys = hut;
   "gitea-runner-token.age".publicKeys = hut;
-  "ovni-token.age".publicKeys = hut;
-  "nosv-token.age".publicKeys = hut;
+  "gitlab-runner-docker-token.age".publicKeys = hut;
+  "gitlab-runner-shell-token.age".publicKeys = hut;
   "nix-serve.age".publicKeys = hut;
   "jungle-robot-password.age".publicKeys = hut;