Add woodpecker host running a woodpecker-server and -agent for CI

config/hosts/woodpecker/woodpecker-agent/default.nix

@@ -0,0 +1,8 @@
+{ config, pkgs, ... }:
+
+{
+  imports = [
+    ./podman.nix
+    ./woodpecker-agent.nix
+  ];
+}

config/hosts/woodpecker/woodpecker-agent/podman.nix

@@ -0,0 +1,13 @@
+# Sources for this configuration:
+# - https://woodpecker-ci.org/docs/administration/deployment/nixos
+# - https://woodpecker-ci.org/docs/administration/backends/docker
+# - https://nixos.wiki/wiki/Podman
+
+{ config, pkgs, ... }:
+
+{
+  virtualisation.podman = {
+    enable = true;
+    defaultNetwork.settings.dns_enabled = true;
+  };
+}

config/hosts/woodpecker/woodpecker-agent/woodpecker-agent.nix

@@ -0,0 +1,27 @@
+# Sources for this configuration:
+# - https://woodpecker-ci.org/docs/administration/deployment/nixos
+# - https://woodpecker-ci.org/docs/administration/agent-config
+# - https://woodpecker-ci.org/docs/administration/backends/docker
+
+{ config, pkgs, pkgs-unstable, ... }:
+
+{
+  services.woodpecker-agents.agents."podman" = {
+    enable = true;
+    # Since we use woodpecker-server from unstable, use the agent from unstable as well.
+    package = pkgs-unstable.woodpecker-agent;
+    extraGroups = [ "podman" ];
+    environment = {
+      WOODPECKER_SERVER = "localhost${config.services.woodpecker-server.environment.WOODPECKER_GRPC_ADDR}";
+      WOODPECKER_MAX_WORKFLOWS = "4";
+      WOODPECKER_BACKEND = "docker";
+      DOCKER_HOST = "unix:///run/podman/podman.sock";
+      # Set via enviornmentFile:
+      # WOODPECKER_AGENT_SECRET
+    };
+    environmentFile = [ "/run/secrets/woodpecker_agent_secret_environment_file" ];
+  };
+
+  # Remainder defined in ../woodpecker-server/woodpecker-server.nix
+  sops.secrets."woodpecker_agent_secret_environment_file".restartUnits = [ "woodpecker-agent-podman.service" ];
+}