diff --git a/modules/services/woodpecker/agent-exec/default.nix b/modules/services/woodpecker/agent-exec/default.nix
index ad30188..7ae21c8 100644
--- a/modules/services/woodpecker/agent-exec/default.nix
+++ b/modules/services/woodpecker/agent-exec/default.nix
@@ -21,6 +21,17 @@ in
           PAGER = "cat";
         };
 
+        path = with pkgs; [
+          woodpecker-plugin-git
+          bash
+          coreutils
+          git
+          git-lfs
+          gnutar
+          gzip
+          nix
+        ];
+
         environmentFile = [ cfg.sharedSecretFile ];
       };
     };
@@ -30,17 +41,6 @@ in
       # Might break deployment
       restartIfChanged = false;
 
-      path = with pkgs; [
-        woodpecker-plugin-git
-        bash
-        coreutils
-        git
-        git-lfs
-        gnutar
-        gzip
-        nix
-      ];
-
       serviceConfig = {
         # Same option as upstream, without @setuid
         SystemCallFilter = lib.mkForce "~@clock @privileged @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap";