diff --git a/modules/services/git/runner.nix b/modules/services/git/runner.nix
index 0e4012ae..e02b07b5 100644
--- a/modules/services/git/runner.nix
+++ b/modules/services/git/runner.nix
@@ -13,7 +13,6 @@
       services = {
         nix = {
           registrationConfigFile = config.age.secrets."passwords/services/gitlab-runner/registration".path;
-          registrationFlags = [ "--docker-host" "tcp://127.0.0.1:2375" ];
           dockerImage = "alpine";
           dockerVolumes = [
             "/nix/store:/nix/store:ro"
@@ -48,7 +47,6 @@
         };
         docker-images = {
           registrationConfigFile = config.age.secrets."passwords/services/gitlab-runner/registration".path;
-          registrationFlags = [ "--docker-host" "tcp://127.0.0.1:2375" ];
           dockerImage = "docker:stable";
           dockerVolumes = [
             "/var/run/docker.sock:/var/run/docker.sock"
@@ -58,7 +56,6 @@
         };
         default = {
           registrationConfigFile = config.age.secrets."passwords/services/gitlab-runner/registration".path;
-          registrationFlags = [ "--docker-host" "tcp://127.0.0.1:2375" ];
           dockerImage = "debian:stable";
         };
       };
@@ -66,7 +63,6 @@
     virtualisation.docker = {
       enable = true;
       storageDriver = "zfs";
-      listenOptions = [ "/run/docker.sock" "127.0.0.1:2375" ];
     };
     age.secrets."passwords/services/gitlab-runner/registration" = {
       file = ../../../secrets/passwords/services/gitlab-runner/registration.age;
diff --git a/patches/249908.patch b/patches/249908.patch
new file mode 100644
index 00000000..f4aff746
--- /dev/null
+++ b/patches/249908.patch
@@ -0,0 +1,99 @@
+diff --git a/pkgs/development/tools/continuous-integration/gitlab-runner/default.nix b/pkgs/development/tools/continuous-integration/gitlab-runner/default.nix
+index df3fbbf4c6268..eff472c69aa1f 100644
+--- a/pkgs/development/tools/continuous-integration/gitlab-runner/default.nix
++++ b/pkgs/development/tools/continuous-integration/gitlab-runner/default.nix
+@@ -1,7 +1,7 @@
+ { lib, buildGoModule, fetchFromGitLab, fetchurl, bash }:
+ 
+ let
+-  version = "16.2.0";
++  version = "16.2.1";
+ in
+ buildGoModule rec {
+   inherit version;
+@@ -17,18 +17,19 @@ buildGoModule rec {
+   # For patchShebangs
+   buildInputs = [ bash ];
+ 
+-  vendorHash = "sha256-sP9lboy1M4+AB1Z0VsX5eNxZ9ckuJBgEPxavAbOSk8g=";
++  vendorHash = "sha256-Rzy4R4QR+rPqzhjZlqcuiP3DDLOu9Z2fb42WPaSPR/4=";
+ 
+   src = fetchFromGitLab {
+     owner = "gitlab-org";
+     repo = "gitlab-runner";
+     rev = "v${version}";
+-    sha256 = "sha256-gTjGf/WuMoGNvsiWWj3Y7l2MvSzBM12RY/Odolm4fNw=";
++    sha256 = "sha256-GMvBZ3H29F4XyisAt3J4VWRwaEIF7ZQ/tI0gKbDTS/E=";
+   };
+ 
+   patches = [
+     ./fix-shell-path.patch
+     ./remove-bash-test.patch
++    ./fix-invalid-host-header.patch # see https://gitlab.com/gitlab-org/gitlab-runner/-/merge_requests/4249
+   ];
+ 
+   prePatch = ''
+diff --git a/pkgs/development/tools/continuous-integration/gitlab-runner/fix-invalid-host-header.patch b/pkgs/development/tools/continuous-integration/gitlab-runner/fix-invalid-host-header.patch
+new file mode 100644
+index 0000000000000..291e94378a9a6
+--- /dev/null
++++ b/pkgs/development/tools/continuous-integration/gitlab-runner/fix-invalid-host-header.patch
+@@ -0,0 +1,58 @@
++From 0087ed1e060cab8341f20a4342c0f750d5bb328b Mon Sep 17 00:00:00 2001
++From: Michael Adler <therisen06@gmail.com>
++Date: Fri, 18 Aug 2023 14:42:49 +0200
++Subject: [PATCH] Backport fix for invalid Host header
++
++---
++ go.mod | 4 ++--
++ go.sum | 8 ++++----
++ 2 files changed, 6 insertions(+), 6 deletions(-)
++
++diff --git a/go.mod b/go.mod
++index d93029df7..23e8fd707 100644
++--- a/go.mod
+++++ b/go.mod
++@@ -15,12 +15,12 @@ require (
++ 	github.com/bmatcuk/doublestar/v4 v4.4.0
++ 	github.com/creack/pty v1.1.17
++ 	github.com/denisbrodbeck/machineid v1.0.1
++-	github.com/docker/cli v23.0.1+incompatible
+++	github.com/docker/cli v24.0.5+incompatible
++ 	github.com/docker/distribution v2.8.2+incompatible
++ 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.2.0
++ 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.0
++ 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.11.0
++-	github.com/docker/docker v23.0.6+incompatible
+++	github.com/docker/docker v24.0.5+incompatible
++ 	github.com/docker/go-connections v0.4.0
++ 	github.com/docker/go-units v0.5.0
++ 	github.com/docker/machine v0.7.1-0.20170120224952-7b7a141da844
++diff --git a/go.sum b/go.sum
++index fba5228da..0a9d36bef 100644
++--- a/go.sum
+++++ b/go.sum
++@@ -497,8 +497,8 @@ github.com/dnaeon/go-vcr v1.1.0/go.mod h1:M7tiix8f0r6mKKJ3Yq/kqU1OYf3MnfmBWVbPx/
++ github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
++ github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ=
++ github.com/docker/cli v0.0.0-20191017083524-a8ff7f821017/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
++-github.com/docker/cli v23.0.1+incompatible h1:LRyWITpGzl2C9e9uGxzisptnxAn1zfZKXy13Ul2Q5oM=
++-github.com/docker/cli v23.0.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+++github.com/docker/cli v24.0.5+incompatible h1:WeBimjvS0eKdH4Ygx+ihVq1Q++xg36M/rMi4aXAvodc=
+++github.com/docker/cli v24.0.5+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
++ github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY=
++ github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
++ github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
++@@ -507,8 +507,8 @@ github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4Kfc
++ github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
++ github.com/docker/docker v20.10.14+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
++ github.com/docker/docker v20.10.17+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
++-github.com/docker/docker v23.0.6+incompatible h1:aBD4np894vatVX99UTx/GyOUOK4uEcROwA3+bQhEcoU=
++-github.com/docker/docker v23.0.6+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+++github.com/docker/docker v24.0.5+incompatible h1:WmgcE4fxyI6EEXxBRxsHnZXrO1pQ3smi0k/jho4HLeY=
+++github.com/docker/docker v24.0.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
++ github.com/docker/docker-credential-helpers v0.6.3 h1:zI2p9+1NQYdnG6sMU26EX4aVGlqbInSQxQXLvzJ4RPQ=
++ github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y=
++ github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
++-- 
++2.41.0
++