working towards woodpecker

hosts/profiles/woodpecker-agent/default.nix

@@ -1,12 +1,15 @@
+{ pkgs, config, self, ... }:
 {
-
   users.users.woodpecker-runner = {
     isSystemUser = true;
     group = "woodpecker-runner";
   };
   users.groups.woodpecker-runner = { };
   # Allow the exec runner to write to build with nix
-  nix.allowedUsers = [ "woodpecker-runner" ];
+  nix.settings.allowed-users = [ "woodpecker-runner" ];
+
+  age.secrets.woodpecker-agent-secret.owner = "woodpecker-runner";
+  age.secrets.woodpecker-agent-secret.file = "${self}/secrets/woodpecker-agent-secret.age";
 
   systemd.services.woodpecker-runner-exec = {
     enable = true;
@@ -55,7 +58,7 @@
         "/nix/"
       ];
       EnvironmentFile = [
-        # /run/agenix/woodpecker-agent-secret
+        /run/agenix/woodpecker-agent-secret
       ];
       ExecStart = "${pkgs.woodpecker-agent}/bin/woodpecker-agent";
       User = "woodpecker-runner";