diff --git a/modules/services/server/woodpecker.nix b/modules/services/server/woodpecker.nix
index 27d1a9a..53ddbb8 100644
--- a/modules/services/server/woodpecker.nix
+++ b/modules/services/server/woodpecker.nix
@@ -25,37 +25,39 @@
     };
   };
 
-  woodpecker-server = {
-    description = "CI/CD Pipeline Server";
-    wantedBy = [ "multi-user.target"  ];
-    after = [ "network.target" "postgresql.service" ];
-    requires = [ "postgresql.service" ];
-    script = "${pkgs.woodpecker-server}/bin/woodpecker-server --server-host https://woodpecker.kabtop.de --server-addr localhost:8000 ";
-    # --environment ${config.age.secrets."services/woodpecker/environment.yml".path}";
-    serviceConfig = {
-      User = "woodpecker";
-      Group = "woodpecker";
-      Environment = "HOME=/var/lib/woodpecker";
-      ReadWritePaths="/var/log/woodpecker";
-      NoNewPrivileges=true;
-      MemoryDenyWriteExecute=true;
-      PrivateDevices=true;
-      PrivateTmp=true;
-      ProtectHome=true;
-      ProtectSystem="strict";
-      ProtectControlGroups=true;
-      RestrictSUIDSGID=true;
-      RestrictRealtime=true;
-      LockPersonality=true;
-      ProtectKernelLogs=true;
-      ProtectKernelTunables=true;
-      ProtectHostname=true;
-      ProtectKernelModules=true;
-      PrivateUsers=true;
-      ProtectClock=true;
-      SystemCallArchitectures="native";
-      SystemCallErrorNumber="EPERM";
-      SystemCallFilter="@system-service";
+  systemd.services = {
+    woodpecker-server = {
+      description = "CI/CD Pipeline Server";
+      wantedBy = [ "multi-user.target"  ];
+      after = [ "network.target" "postgresql.service" ];
+      requires = [ "postgresql.service" ];
+      script = "${pkgs.woodpecker-server}/bin/woodpecker-server";
+      serviceConfig = {
+        User="woodpecker";
+        Group="woodpecker";
+        Environment="HOME=/var/lib/woodpecker";
+        EnvironmentFile=config.age.secrets."services/woodpecker/environment".path;
+        ReadWritePaths="/var/lib/woodpecker /var/log/woodpecker";
+        NoNewPrivileges=true;
+        MemoryDenyWriteExecute=true;
+        PrivateDevices=true;
+        PrivateTmp=true;
+        ProtectHome=true;
+        ProtectSystem="strict";
+        ProtectControlGroups=true;
+        RestrictSUIDSGID=true;
+        RestrictRealtime=true;
+        LockPersonality=true;
+        ProtectKernelLogs=true;
+        ProtectKernelTunables=true;
+        ProtectHostname=true;
+        ProtectKernelModules=true;
+        PrivateUsers=true;
+        ProtectClock=true;
+        SystemCallArchitectures="native";
+        SystemCallErrorNumber="EPERM";
+        SystemCallFilter="@system-service";
+      };
     };
   };
 
@@ -70,7 +72,7 @@
     recommendedGzipSettings = true;
     recommendedProxySettings = true;
     virtualHosts = {
-      "woodpecker.kabtop.de" = {
+      "ci.kabtop.de" = {
         enableACME = true;
         forceSSL = true;
         locations."/".proxyPass = "http://localhost:8000";
@@ -78,10 +80,10 @@
     };
   };
 
-#  age.secrets."services/woodpecker/dbpassFile" = {
-#      file = ../../../secrets/services/nextcloud/dbpassFile.age;
-#      owner = "nextcloud";
-#  };
+  age.secrets."services/woodpecker/environment" = {
+      file = ../../../secrets/services/woodpecker/environment.age;
+      owner = "woodpecker";
+  };
 
 }
 
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index cebc20d..a807253 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -44,4 +44,5 @@ in
         "services/nextcloud/dbpassFile.age".publicKeys = servers ++ users;
         "services/gitea/databasePassword.age".publicKeys = servers ++ users;
         "services/gitea/mailerPassword.age".publicKeys = servers ++ users;
+        "services/woodpecker/environment.age".publicKeys = servers ++ users;
     }
diff --git a/secrets/services/woodpecker/environment.age b/secrets/services/woodpecker/environment.age
new file mode 100644
index 0000000..0e2f5dd
Binary files /dev/null and b/secrets/services/woodpecker/environment.age differ