more woodpecker updates

hosts/profiles/woodpecker-server/default.nix

@@ -1,6 +1,12 @@
+{ self, ... }:
 {
+  age.secrets.woodpecker-server-secrets.owner = "woodpecker";
+  age.secrets.woodpecker-server-secrets.file = "${self}/secrets/woodpecker-server-secrets.age";
+
+  age.secrets.woodpecker-agent-secret.owner = "woodpecker";
+  age.secrets.woodpecker-agent-secret.file = "${self}/secrets/woodpecker-agent-secret.age";
   users.users.woodpecker = {
-    group = woodpecker;
+    group = "woodpecker";
     description = "woodpecker user";
     home = "/var/lib/woodpecker";
     createHome = true;
@@ -28,12 +34,11 @@
     wantedBy = [ "multi-user.target" ];
     serviceConfig = {
       EnvironmentFile = [
-        # GITEA_CLIENT_SECRET etc
-        # /run/agenix/woodpecker
+        /run/agenix/woodpecker-server-secrets
+        /run/agenix/woodpecker-agent-secret
       ];
       Environment = [
         "WOODPECKER_OPEN=true"
-        "WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET}"
 
         "WOODPECKER_GITEA=true"
         "WOODPECKER_GITEA_URL=https://git.sealight.xyz"
@@ -42,6 +47,12 @@
         "WOODPECKER_DATABASE_DRIVER=postgres"
         "WOODPECKER_SERVER_PORT=:3030"
         "WOODPECKER_USER_CREATE=username:aynish,admin:true" # set your admin username
+        "${config.environment.etc."ssl/certs/ca-certificates.crt".source}:/etc/ssl/certs/ca-certificates.crt"
+        "${config.environment.etc."ssh/ssh_known_hosts".source}:/etc/ssh/ssh_known_hosts"
+        "${builtins.toFile "ssh_config" ''
+          Host git.sealight.xyz
+          ForwardAgent yes
+        ''}:/etc/ssh/ssh_config"
       ];
       ExecStart = "${pkgs.woodpecker-server}/bin/woodpecker-server";
       User = woodpecker;