diff --git a/dragonwell/default.nix b/dragonwell/default.nix
index 8bf8e1e852342c9fbec49845084b7c233c3510cb..5046cfd03dd00c75fea802e1b428550723d12814 100644
--- a/dragonwell/default.nix
+++ b/dragonwell/default.nix
@@ -70,10 +70,6 @@       automatic = true;
       randomizedDelaySec = "15m";
     };
     optimise.automatic = true;
-    settings.experimental-features = [
-      "flakes"
-      "nix-command"
-    ];
   };
 
   system.stateVersion = "22.11";
diff --git a/dragonwell/woodpecker.nix b/dragonwell/woodpecker.nix
index dd813702ffaece54c35c9bd03dc8f1185bd01456..bd96aff4674e604d4ebc064f58a897869223a7a4 100644
--- a/dragonwell/woodpecker.nix
+++ b/dragonwell/woodpecker.nix
@@ -25,15 +25,15 @@       enable = true;
       path = with pkgs; [
         git
         git-lfs
-        woodpecker-plugin-git
-
         bash
-        nix
-        uutils-coreutils-noprefix
-
-        cachix
+        coreutils
+        woodpecker-plugin-git
       ];
-      environment.WOODPECKER_BACKEND = "local";
+      environment = {
+        WOODPECKER_BACKEND = "docker";
+        DOCKER_HOST = "unix:///run/podman/podman.sock";
+      };
+      extraGroups = [ "podman" ];
       environmentFile = [ config.age.secrets.woodpecker.path ];
     };
     tailproxy.woodpecker = {
@@ -44,4 +44,17 @@       authKey = "tskey-auth-kgrGNGArZw11CNTRL-rA3rdahB1dEobvWZraPhcEpHp2BVBcYh"; # One-time key
     };
   };
   systemd.services.woodpecker-server.serviceConfig.SupplementaryGroups = [ "ugit" ];
+
+  virtualisation = {
+    containers.enable = true;
+    podman = {
+      enable = true;
+      dockerCompat = true;
+      defaultNetwork.settings.dns_enable = true;
+    };
+  };
+  networking.firewall.interfaces."podman+" = {
+    allowedUDPPorts = [ 53 ];
+    allowedTCPPorts = [ 53 ];
+  };
 }
diff --git a/secrets/woodpecker.age b/secrets/woodpecker.age
index 19e4061470d2a330d66143e99a051597e4d861f9..8d47f847258846ba9e68b508ab57f1d29a2e8719 100644
Binary files a/secrets/woodpecker.age and b/secrets/woodpecker.age differ