diff --git a/machines/drone/configuration.nix b/machines/drone/configuration.nix
index a946023..944acdb 100644
--- a/machines/drone/configuration.nix
+++ b/machines/drone/configuration.nix
@@ -11,12 +11,13 @@
       enable = true;
       server = true;
     };
-    docker.enable = true;
-    drone.enable = true;
+    # docker.enable = true;
+    # drone.enable = true;
     nix-common = {
       enable = true;
       remote-builders = true;
     };
+    woodpecker.enable = true;
   };
 
   boot.isContainer = true;
@@ -54,9 +55,9 @@
 
   sops.defaultSopsFile = ./secrets.yaml;
   sops.secrets = {
-    drone = { };
-    drone-runner = { };
+    woodpecker-server = { };
+    woodpecker-agent = { };
   };
 
-  system.stateVersion = "21.11";
+  system.stateVersion = "23.11";
 }
diff --git a/machines/drone/secrets.yaml b/machines/drone/secrets.yaml
index 4e018fd..cd48f0a 100644
--- a/machines/drone/secrets.yaml
+++ b/machines/drone/secrets.yaml
@@ -1,5 +1,7 @@
 drone: ENC[AES256_GCM,data:PZPChq/iQDw7gOfdmSOB4ZvtWgnT55lMc1/kSKVoh5kTkIX+FdNE7uJlhKJQHryYWdrbyoRu09RhhPLr27oWeiCvN4Z0QmM9ofrM4CfuUPotp3niZIjfXrLIiX2s1JlxT2eElEwkX2h1UCIC+tNqFCL+ThLkP4iMmeXRXwFBIOahYscskwbmutbyraj/yQq3KcwUyFLd618pDT+0VWiBETQudauWdmJXFDW/rKW7STTVhe/7ixCIw3O5BYThOin9YhZSZxje225+bBB8vPM6NfdvNCHEtzAwxTjtm3n0beqsAAxd6hzQXk3L7a2X6Y+mmK1XMjmLhsGgI5B6Zssmv3/3oTSczn+YdtfT9bz0KxaZtJdQrYEfVowKEQMTcWO5H55F5Mv+qShweIAcWqKInFb6+EDjyPzABlN/S9/XJakQsPxcCwBKKusYr3P3IFjNnzdZD18ayhc6frs4TJmSGcQIkW/cCWNjwpct/yVbkIrIXZEWb7DoZ0M=,iv:F++KLxnqAtBhcSdj5rZhGpVvCKfI8y5HhvlejCfwi/k=,tag:YdiiZUN7wGn9yA1evMu5jg==,type:str]
 drone-runner: ENC[AES256_GCM,data:Uh7OQSDtV0M5j00oHHm4uz4zwi+1W1k2qd5uXoROj5tcgNs76YBcfkU7d+1qXj/Hma7++HOcga0LvF1+Dl/GJQyj47kVFi/+h6I9yiuoO5sW3nxh5pW5W1Ws1qchKqVhoyZLf0K4AnYE2puleKcYXfogJ1hjnB3vn5F/eOKA/QB+7KfaVPRUGZsUYQw3rHLdTbTFHXPv//z8xxYqY5JcG+vvWsHXiI/sKSTZBWoPJEZnKK2mo8+dbZn3nSj29luG,iv:40JTvOJ7isGcHGg9KI5ED8Ju5knmIWP1m/i/dwlpG/M=,tag:GHbkLIeuiGVlNsR2EW/PGw==,type:str]
+woodpecker-server: ENC[AES256_GCM,data:cW108wxYT2b65pCRcwZBoRi6eQsB4NrcUNLirfQkkqPPOymT4QFyE5Zmx6K1P33dUSAj5nA0Eh0HOsS8RhFQIOPZA9za4Ffs51Ex0HkQozduqusDGaENWR+zBOTgRhgIrwQlDSHh8UgLTzOgN8hpEqR8fFVsiWCcCAuOFjDNyczywtbbu2jNHzG6FMz2fdXy7p1dRmyTq1sFjoMEkJM5Ix8oRB8zWV+O3l6XE7Uw1vD3QbOsJiqcbWFoNw==,iv:VIlHVVvuBSZiO/tMgd/4HpT2uecn1WqJE60SkHaX+80=,tag:+xfTfq2FgSrPUVXeH4tJkQ==,type:str]
+woodpecker-agent: ENC[AES256_GCM,data:YO9MCMIPVOEU+6euiCHuAN+tFFs8JkRRmb9+AIhMEuQE2ObajfJZ3NN5LsccIT9z1axA/gfjLrxM,iv:UDimHs2cKyCvy0XGdDzgX2ry114qz3V1KaXlXL3yYgI=,tag:OGITUerrT0nWU85fxcpEig==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -33,8 +35,8 @@ sops:
             UHFBcS9PbGRkNzk1R1ppYUIwOGFhaTgKNOmhKLNm3HZ1xU/xY3ImDqiLDSqZvw/V
             w5IaQNmgUt/TDBCxkLcnyynHkmgwMUZjRihIukC7yvxncHc2hQrrDA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2021-12-29T21:03:09Z"
-    mac: ENC[AES256_GCM,data:WIoK7hdVGdIleSvlRO6OniQ8z94NtDOTw7g7bWDRL+M+fnaGwU7J5JeW6fuUyX45Kh/PbDVDWh8KSbbU/gCbhI6hhyFsccFI1imDvTJ4ryoLO8+yoRmBd9+aaIbjcrM8PfZITlJdyu7NewnuQ4kesfwWh07m2IxB2xerErrkayw=,iv:iBYU/PPe/NqIAUhEwSNVwHdeijs8sRZVx5d7qoNzAE8=,tag:D04BxYAjsS/+EXbjfIi1EQ==,type:str]
+    lastmodified: "2023-06-12T09:28:02Z"
+    mac: ENC[AES256_GCM,data:mE0O44Sa+RMqRoCqXftn3GuPFLHiyGn3tVlYgBGc973nP7mz5ZwClNgja1gk+MNolnztsrwgso5ZiNpriyI7pGKd/dG6DJQrGixqhRvgyNyIESGEuN9n6bfhYNNSzV1yRb9V6Z7iELkut03gvVU9by0MosJ7SJPMyDyZZ4tMFeA=,iv:rzrvGwJQAdbMcHQ7U/JFB08V7o2keLI1kUrUs9RaClA=,tag:UpE7ZeG7S32CNKsgT+rMMQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.7.1
+    version: 3.7.3
diff --git a/modules/woodpecker/default.nix b/modules/woodpecker/default.nix
new file mode 100644
index 0000000..87d317e
--- /dev/null
+++ b/modules/woodpecker/default.nix
@@ -0,0 +1,61 @@
+{ pkgs, config, lib, ... }:
+with lib;
+let
+  cfg = config.eboskma.woodpecker;
+in
+{
+  options.eboskma.woodpecker = { enable = mkEnableOption "Woodpecker CI"; };
+
+  config = mkIf cfg.enable {
+    services.woodpecker-server = {
+      enable = true;
+      environment = {
+        WOODPECKER_GITEA = "true";
+        WOODPECKER_GITEA_URL = "https://git.datarift.nl";
+        WOODPECKER_HOST = "https://drone.datarift.nl";
+        WOODPECKER_SERVER_ADDR = ":8100";
+        WOODPECKER_ADMIN = "erwin";
+        WOODPECKER_SESSION_EXPIRES = "48h";
+      };
+      environmentFile = config.sops.secrets.woodpecker-server.path;
+    };
+    services.woodpecker-agents.agents.local = {
+      enable = true;
+      environment = {
+        WOODPECKER_SERVER = "localhost:9000";
+        WOODPECKER_MAX_PROCS = "2";
+        WOODPECKER_BACKEND = "docker";
+        DOCKER_HOST = "unix:///run/podman/podman.sock";
+      };
+      environmentFile = [ config.sops.secrets.woodpecker-agent.path ];
+      extraGroups = [ "podman" ];
+    };
+
+    environment.systemPackages = [ pkgs.woodpecker-cli ];
+
+    # virtualisation.docker = {
+    #   enable = true;
+    #   autoPrune = {
+    #     enable = true;
+    #   };
+    # };
+
+    virtualisation.podman = {
+      enable = true;
+      dockerCompat = true;
+      autoPrune = {
+        enable = true;
+      };
+      defaultNetwork.settings.dns_enable = true;
+    };
+
+    networking.firewall = {
+      allowedTCPPorts = [ 8100 ];
+
+      interfaces."podman+" = {
+        allowedUDPPorts = [ 53 ];
+        allowedTCPPorts = [ 53 ];
+      };
+    };
+  };
+}