diff --git a/roles/gitlab_runner/files/daemon.json b/roles/gitlab_runner/files/daemon.json
new file mode 100644
index 0000000000000000000000000000000000000000..db0df4ba3457f845b7448c7c161e5a1f63556550
--- /dev/null
+++ b/roles/gitlab_runner/files/daemon.json
@@ -0,0 +1,4 @@
+{
+	"ipv6": true,
+	"fixed-cidr-v6": "fd00::/80"
+}
diff --git a/roles/gitlab_runner/handlers/main.yml b/roles/gitlab_runner/handlers/main.yml
index 6c495b84cdec3a4ac39c426e73865695e9c9955e..9666475653b1137dc6ecaef654addacf395b136e 100644
--- a/roles/gitlab_runner/handlers/main.yml
+++ b/roles/gitlab_runner/handlers/main.yml
@@ -1,2 +1,5 @@
 - name: restart gitlab-runner
   service: name=gitlab-runner state=restarted
+
+- name: restart docker
+  service: name=docker state=restarted
diff --git a/roles/gitlab_runner/tasks/main.yml b/roles/gitlab_runner/tasks/main.yml
index cebed672cbab8ebb6e8a520c5943bd9a3914e85c..0237083e6ca519a1e81158ed2226b59044b2b149 100644
--- a/roles/gitlab_runner/tasks/main.yml
+++ b/roles/gitlab_runner/tasks/main.yml
@@ -13,6 +13,25 @@
   tags:
     - firewall
 
+- name: configure Docker daemon for IPv6
+  copy: src=daemon.json dest=/etc/docker/daemon.json owner=root group=root mode=0644
+  notify: restart docker
+
+# We want to give our gitlab-runners full IPv6 capabilities. Sadly, IPv6 and Docker aren't friends. :(
+# https://medium.com/@skleeschulte/how-to-enable-ipv6-for-docker-containers-on-ubuntu-18-04-c68394a219a2
+# https://github.com/docker/docker.github.io/blob/c0eb65aabe4de94d56bbc20249179f626df5e8c3/engine/userguide/networking/default_network/ipv6.md
+# https://github.com/moby/moby/issues/36954
+- name: add IPv6 NAT for docker
+  ansible.posix.firewalld:
+    zone: public
+    permanent: true
+    state: enabled
+    immediate: yes
+    rich_rule: rule family="ipv6" destination not address="fd00::1/80" source address="fd00::/80" masquerade
+  when: configure_firewall
+  tags:
+    - firewall
+
 - name: register gitlab-runner
   command: >
     gitlab-runner register