diff --git a/machines/dev/fedi203/woodpecker.nix b/machines/dev/fedi203/woodpecker.nix
index ed48c767..53d7e7c3 100644
--- a/machines/dev/fedi203/woodpecker.nix
+++ b/machines/dev/fedi203/woodpecker.nix
@@ -171,8 +171,8 @@
               ''
                 WOODPECKER_AGENT_SECRET=${config.vars.generators.woodpecker.files.woodpecker-agent-container.placeholder}
                 WOODPECKER_BACKEND=docker
-                DOCKER_HOST=unix:///run/podman/podman.sock
                 WOODPECKER_AGENT_LABELS=type=docker
+                DOCKER_HOST=unix:///run/podman/podman.sock
               ''
             ]
           );
@@ -278,7 +278,7 @@
 
         # container
 
-        podman = {
+        docker = {
           enable = true;
           environmentFile = [ config.vars.generators."templates".files."woodpecker-agent-podman.conf".path ];
           # # https://woodpecker-ci.org/docs/administration/configuration/backends/docker#environment-variables
@@ -295,7 +295,13 @@
       };
   };
 
-  virtualisation.docker = {
+  networking.firewall.allowedTCPPorts = [
+    22
+    80
+    443
+  ];
+
+  virtualisation.podman = {
     enable = true;
     autoPrune = {
       enable = true;
@@ -304,10 +310,8 @@
   };
 
   systemd.services.woodpecker-agent-docker = {
-    after = [ "docker.socket" ];
-    restartIfChanged = false;
-    serviceConfig = {
-      BindPaths = [ "/var/run/docker.sock" ];
-    };
+    wants = [ "podman.socket" ];
+    after = [ "podman.socket" ];
+    serviceConfig.SupplementaryGroups = [ "podman" ];
   };
 }