diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..5abbdda
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+.idea/
+gitlab-runner.toml
diff --git a/Dockerfile b/Dockerfile
deleted file mode 100644
index ef4215b..0000000
--- a/Dockerfile
+++ /dev/null
@@ -1,10 +0,0 @@
-ARG NIX_TAG="latest"
-
-FROM nixos/nix:$NIX_TAG
-
-COPY entrypoint.sh /usr/local/bin/
-
-RUN mkdir -p ~/.config/nix && \
-    echo -e "experimental-features = nix-command flakes\naccept-flake-config = true" > ~/.config/nix/nix.conf
-
-ENTRYPOINT ["/bin/sh", "/usr/local/bin/entrypoint.sh"]
diff --git a/README.md b/README.md
index dbebe7e..01c6851 100644
--- a/README.md
+++ b/README.md
@@ -12,3 +12,6 @@ rec {
 };
 ...
 ```
+
+## Daemon
+For caching this uses a separate docker container where a nix-daemon runs in
\ No newline at end of file
diff --git a/ci-image/Dockerfile b/ci-image/Dockerfile
new file mode 100644
index 0000000..974526f
--- /dev/null
+++ b/ci-image/Dockerfile
@@ -0,0 +1,12 @@
+ARG NIX_TAG="latest"
+
+FROM nixos/nix:$NIX_TAG
+
+COPY entrypoint.sh /usr/local/bin/
+COPY nix.conf /etc/nix/nix.conf
+COPY nix.conf /root/.config/nix/nix.conf
+
+VOLUME "/mnt/nix/daemon-socket"
+VOLUME "/mnt/nix/store"
+
+ENTRYPOINT ["/bin/sh", "/usr/local/bin/entrypoint.sh"]
diff --git a/ci-image/entrypoint.sh b/ci-image/entrypoint.sh
new file mode 100644
index 0000000..18077a8
--- /dev/null
+++ b/ci-image/entrypoint.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+set -e
+
+cd "$CI_PROJECT_DIR"
+
+echo "Activating flake's CI shell..."
+nix develop .#ci --impure --command "bash"
diff --git a/ci-image/nix.conf b/ci-image/nix.conf
new file mode 100644
index 0000000..ac5b74f
--- /dev/null
+++ b/ci-image/nix.conf
@@ -0,0 +1,4 @@
+experimental-features = nix-command flakes
+accept-flake-config = true
+store = unix:///mnt/nix/daemon-socket/socket?real=/mnt/nix/store
+sandbox = true
diff --git a/daemon/Dockerfile b/daemon/Dockerfile
new file mode 100644
index 0000000..7c77730
--- /dev/null
+++ b/daemon/Dockerfile
@@ -0,0 +1,10 @@
+FROM nixos/nix:latest
+
+RUN nix-env -iA nixpkgs.mount
+
+VOLUME "/mnt/nix/store"
+
+COPY entrypoint.sh /usr/local/bin/
+COPY nix.conf /etc/nix/nix.conf
+
+ENTRYPOINT ["/bin/sh", "/usr/local/bin/entrypoint.sh"]
diff --git a/daemon/entrypoint.sh b/daemon/entrypoint.sh
new file mode 100644
index 0000000..9ffcad1
--- /dev/null
+++ b/daemon/entrypoint.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+#   this needs elevated permissions, as long as docker mounts a volume and not a hostpath the contents get kept without
+#   needing an overlay mount
+
+# mount -t overlay overlay -o \
+#  lowerdir=/nix/store,upperdir=/mnt/nix/store/upper,workdir=/mnt/nix/store/workdir \
+#  /nix/store
+
+nix-daemon
diff --git a/daemon/nix.conf b/daemon/nix.conf
new file mode 100644
index 0000000..7fda413
--- /dev/null
+++ b/daemon/nix.conf
@@ -0,0 +1,2 @@
+experimental-features = nix-command flakes
+sandbox = true
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..ca0c863
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,22 @@
+services:
+  gitlab-runner:
+    image: gitlab/gitlab-runner:latest
+    restart: unless-stopped
+    container_name: Gitlab-Runner
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./gitlab-runner.toml:/etc/gitlab-runner/config.toml
+
+  nix-ci-daemon:
+    # comment out build to use the dockerhub image
+    build: ./daemon
+    image: technofab/nix-ci-daemon
+    restart: unless-stopped
+    container_name: Nix-CI-Daemon
+    volumes:
+      - nix-daemon-socket:/nix/var/nix/daemon-socket
+      - nix-shared-store:/nix/store
+
+volumes:
+  nix-shared-store:
+  nix-daemon-socket:
diff --git a/entrypoint.sh b/entrypoint.sh
deleted file mode 100644
index 236eee2..0000000
--- a/entrypoint.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/sh
-set -e
-
-cd "$CI_PROJECT_DIR"
-
-echo "Activating flake's CI shell..."
-nix --extra-experimental-features "flakes nix-command" develop .#ci --accept-flake-config --impure --command "bash"
diff --git a/gitlab-runner-example.toml b/gitlab-runner-example.toml
new file mode 100644
index 0000000..0257f6a
--- /dev/null
+++ b/gitlab-runner-example.toml
@@ -0,0 +1,21 @@
+[[runners]]
+    name = "Nix CI Runner"
+    url = "https://gitlab.com"
+    token = ""
+    executor = "docker"
+    [runners.custom_build_dir]
+    [runners.docker]
+        tls_verify = false
+        image = "technofab/nix-gitlab-ci"
+        privileged = true
+        # we cant specify a json file here, so we need privileged for now
+        #security_opt = [ "seccomp=/usr/share/containers/seccomp.json" ]
+        disable_entrypoint_overwrite = false
+        oom_kill_disable = false
+        disable_cache = false
+        volumes = [
+            # prefixed with the docker-compose name
+            "nix-gitlab-ci_nix-shared-store:/mnt/nix/store:ro",
+            "nix-gitlab-ci_nix-daemon-socket:/mnt/nix/daemon-socket:ro"
+        ]
+        shm_size = 0