diff --git a/hosts b/hosts
index 2c194fbcfb494857e66cd906131f334720a79b81..8f1e00e717140382a555234c5c6ee9648f0747e0 100644
--- a/hosts
+++ b/hosts
@@ -90,6 +90,10 @@ runner1.archlinux.org
 runner2.archlinux.org
 secure-runner1.archlinux.org
 
+[gitlab_vm_runners]
+runner1.archlinux.org
+secure-runner1.archlinux.org
+
 [reproduciblebuilds]
 repro1.pkgbuild.com
 
diff --git a/playbooks/gitlab-runners.yml b/playbooks/gitlab-runners.yml
index 072ccaf717a07b694eb5172ff48d09af1e105fd3..b943d70c95d08bd3ca0db9efcf2b0c47390060db 100644
--- a/playbooks/gitlab-runners.yml
+++ b/playbooks/gitlab-runners.yml
@@ -11,5 +11,5 @@
     - { role: fail2ban }
     - { role: prometheus_exporters }
     - { role: promtail }
-    - { role: libvirt }
+    - { role: libvirt, when: "'gitlab_vm_runners' in group_names" }
     - { role: gitlab_runner }
diff --git a/roles/gitlab_runner/tasks/main.yml b/roles/gitlab_runner/tasks/main.yml
index 980bbf4b790021373dec6b06174180673b34ab57..7f5321d2092cdff15436293d7dfd74fc9e7fdbba 100644
--- a/roles/gitlab_runner/tasks/main.yml
+++ b/roles/gitlab_runner/tasks/main.yml
@@ -1,5 +1,5 @@
 - name: install dependencies
-  pacman: name=docker,python-docker,python-gitlab,gitlab-runner,arch-install-scripts,sequoia-sq state=latest update_cache=yes
+  pacman: name=docker,python-docker,python-gitlab,gitlab-runner state=latest update_cache=yes
   notify: restart gitlab-runner
 
 - name: install docker.slice
@@ -60,30 +60,36 @@
 - name: enable and start gitlab runner service
   systemd: name=gitlab-runner state=started enabled=yes daemon_reload=yes
 
-- name: create libvirt-executor configuration and data directories
-  file: path={{ item }} state=directory owner=root group=root mode=0755
-  loop:
-    - /etc/libvirt-executor
-    - /usr/local/lib/libvirt-executor
+- name: setup libvirt-executor
+  block:
+    - name: install libvirt-executor-update-base-image dependencies
+      pacman: name=arch-install-scripts,sequoia-sq state=present
 
-- name: install libvirt-executor
-  copy: src={{ item.src }} dest={{ item.dest }} owner=root group=root mode={{ item.mode }}
-  loop:
-    - {src: arch-boxes.asc, dest: /usr/local/lib/libvirt-executor/, mode: 644}
-    - {src: domain_template.xml, dest: /usr/local/lib/libvirt-executor/, mode: 755}
-    - {src: libvirt-executor, dest: /usr/local/sbin/, mode: 755}
-    - {src: libvirt-executor-update-base-image, dest: /usr/local/sbin/, mode: 755}
+    - name: create libvirt-executor configuration and data directories
+      file: path={{ item }} state=directory owner=root group=root mode=0755
+      loop:
+        - /etc/libvirt-executor
+        - /usr/local/lib/libvirt-executor
 
-- name: create SSH keys for libvirt-executor
-  command: ssh-keygen -N "" -f /etc/libvirt-executor/id_rsa
-  args:
-    creates: /etc/libvirt-executor/id_rsa
+    - name: install libvirt-executor
+      copy: src={{ item.src }} dest={{ item.dest }} owner=root group=root mode={{ item.mode }}
+      loop:
+        - {src: arch-boxes.asc, dest: /usr/local/lib/libvirt-executor/, mode: 644}
+        - {src: domain_template.xml, dest: /usr/local/lib/libvirt-executor/, mode: 755}
+        - {src: libvirt-executor, dest: /usr/local/sbin/, mode: 755}
+        - {src: libvirt-executor-update-base-image, dest: /usr/local/sbin/, mode: 755}
 
-- name: install libvirt-executor-update-base-image.{service,timer}
-  copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
-  loop:
-    - libvirt-executor-update-base-image.service
-    - libvirt-executor-update-base-image.timer
+    - name: create SSH keys for libvirt-executor
+      command: ssh-keygen -N "" -f /etc/libvirt-executor/id_rsa
+      args:
+        creates: /etc/libvirt-executor/id_rsa
+
+    - name: install libvirt-executor-update-base-image.{service,timer}
+      copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
+      loop:
+        - libvirt-executor-update-base-image.service
+        - libvirt-executor-update-base-image.timer
 
-- name: enable and start libvirt-executor-update-base-image.timer
-  systemd: name=libvirt-executor-update-base-image.timer state=started enabled=yes daemon_reload=yes
+    - name: enable and start libvirt-executor-update-base-image.timer
+      systemd: name=libvirt-executor-update-base-image.timer state=started enabled=yes daemon_reload=yes
+  when: "'gitlab_vm_runners' in group_names"
diff --git a/roles/gitlab_runner/templates/config.toml.j2 b/roles/gitlab_runner/templates/config.toml.j2
index 7fcf8ef2cd0ccc16aafbb3968b800c0f2b6f7f6a..5a8fcf8e3c0939c36f414085c136d95232046a62 100644
--- a/roles/gitlab_runner/templates/config.toml.j2
+++ b/roles/gitlab_runner/templates/config.toml.j2
@@ -23,6 +23,7 @@ listen_address = ":9252"
     disable_cache = false
     volumes = ["/cache"]
     shm_size = 0
+{%- if 'gitlab_vm_runners' in group_names %}
 
 [[runners]]
   name = "{{ inventory_hostname }}"
@@ -42,3 +43,4 @@ listen_address = ":9252"
 
     cleanup_exec = "/usr/local/sbin/libvirt-executor"
     cleanup_args = [ "cleanup" ]
+{% endif %}