plumjam/nixos - Change 4B7V7XF3UOGCB2475RAXX7LDLLJ3LRZJIU7KNINGU27FXFSDDXYQC

dendritic: Migrate Forgejo and action runner.

Somehow this got lost yesterday after some weird jj issue.

Created by PlumJam on January 13, 2026

4B7V7XF3UOGCB2475RAXX7LDLLJ3LRZJIU7KNINGU27FXFSDDXYQC

Dependencies

In channels

main

Change contents

File move: forgejo.nix → forgejo.nix
BF:BFD[3.128] → [3.22933:22968]
BF:BF[3.22968] → [3.19750:19750]
[4.2]
[3.19750]

Replacement in modules/forgejo.nix at line 2 [3.19750]

B:BD[5.14415] → [5.14415:14461]

∅:D[5.14461] → [3.19789:19860]

B:BD[3.19789] → [3.19789:19860]

  pkgs,
  self,
  config,
  lib,
  ...
}:
let
  inherit (config.networking) domain;
  inherit (lib) enabled mkForce;

[5.14415]

[3.19860]

  config.flake.modules.nixos.forgejo =
    {
      pkgs,
      config,
      lib,
      ...
    }:
    let
      inherit (config.networking) domain;
      inherit (config.myLib) merge;
      inherit (lib) mkForce;

Replacement in modules/forgejo.nix at line 14 [3.19750]

B:BD[3.19861] → [3.19861:19902]

B:BD[3.19902] → [5.14462:14467]

∅:D[5.14467] → [3.19907:19942]

B:BD[3.19907] → [3.19907:19942]

  fqdn = "git.${domain}";
  port = 8001;
in
{
  imports = [
    ./nginx.nix
  ];

[3.19861]

[3.19942]

      fqdn = "git.${domain}";
      port = 8001;
    in
    {
      # combine AcceptEnv settings for SSH and Git protocol
      services.openssh.settings.AcceptEnv = mkForce [
        "SHELLS"
        "COLORTERM"
        "GIT_PROTOCOL"
      ];

Replacement in modules/forgejo.nix at line 25 [3.19750]

B:BD[3.19943] → [3.19943:20041]

B:BD[3.20041] → [5.14468:14491]

∅:D[5.14491] → [3.20068:20073]

B:BD[3.20068] → [3.20068:20073]

  age.secrets.forgejoAdminPassword = {
    rekeyFile = self + /secrets/plum-forgejo-password.age;
    owner = "forgejo";
  };

[3.19943]

[3.20073]

      # backup configuration for sqlite database and data
      systemd.services.forgejo-backup = {
        description = "Backup Forgejo data and database";
        after = [ "forgejo.service" ];

Replacement in modules/forgejo.nix at line 30 [3.19750]

B:BD[3.20074] → [3.20074:20130]

B:BD[3.20130] → [5.14492:14595]

  # combine AcceptEnv settings for SSH and Git protocol
  services.openssh.settings.AcceptEnv = mkForce [
    "SHELLS"
    "COLORTERM"
    "GIT_PROTOCOL"
  ];

[3.20074]

[3.20219]

        script = ''
          mkdir -p /var/backup/forgejo
          cp -r /var/lib/forgejo /var/backup/forgejo/$(date +%Y%m%d_%H%M%S)

Replacement in modules/forgejo.nix at line 34 [3.19750]

B:BD[3.20220] → [3.20220:20401]

  # backup configuration for sqlite database and data
  systemd.services.forgejo-backup = {
    description = "Backup Forgejo data and database";
    after = [ "forgejo.service" ];

[3.20220]

[3.20401]

          # keep only last 7 backups
          ls -1t /var/backup/forgejo/ | tail -n +8 | xargs -r rm -rf
        '';

Replacement in modules/forgejo.nix at line 38 [3.19750]

B:BD[3.20402] → [3.20402:20525]

    script = ''
      mkdir -p /var/backup/forgejo
      cp -r /var/lib/forgejo /var/backup/forgejo/$(date +%Y%m%d_%H%M%S)

[3.20402]

[3.20525]

        serviceConfig = {
          Type = "oneshot";
          User = "forgejo";
        };
      };

Replacement in modules/forgejo.nix at line 44 [3.19750]

B:BD[3.20526] → [3.20526:20632]

      # keep only last 7 backups
      ls -1t /var/backup/forgejo/ | tail -n +8 | xargs -r rm -rf
    '';

[3.20526]

[3.20632]

      systemd.timers.forgejo-backup = {
        description = "Run Forgejo backup daily";
        wantedBy = [ "timers.target" ];

Replacement in modules/forgejo.nix at line 48 [3.19750]

B:BD[3.20633] → [3.20633:20715]

    serviceConfig = {
      Type = "oneshot";
      User = "forgejo";
    };
  };

[3.20633]

[3.20715]

        timerConfig = {
          OnCalendar = "daily";
          Persistent = true;
        };
      };

Replacement in modules/forgejo.nix at line 54 [3.19750]

B:BD[3.20716] → [3.20716:20834]

  systemd.timers.forgejo-backup = {
    description = "Run Forgejo backup daily";
    wantedBy = [ "timers.target" ];

[3.20716]

[3.20834]

      services.forgejo = {
        enable = true;
        package = pkgs.forgejo; # The service version is ~11 so better to specify and get the latest.
        lfs.enable = true;

Replacement in modules/forgejo.nix at line 59 [3.19750]

B:BD[3.20835] → [3.20835:20920]

    timerConfig = {
      OnCalendar = "daily";
      Persistent = true;
    };
  };

[3.20835]

[3.20920]

        user = "forgejo";

Replacement in modules/forgejo.nix at line 61 [3.19750]

B:BD[3.20921] → [3.20921:21069]

  services.forgejo = enabled {
    package = pkgs.forgejo; # The service version is ~11 so better to specify and get the latest.
    lfs = enabled;

[3.20921]

[3.21069]

        database = {
          type = "sqlite3";
        };

Replacement in modules/forgejo.nix at line 65 [3.19750]

B:BD[3.21070] → [5.14596:14618]

    user = "forgejo";

[3.21070]

[3.21093]

        settings =
          let
            description = "PlumJam's Git Forge";
          in
          {
            default.APP_NAME = description;

Replacement in modules/forgejo.nix at line 72 [3.19750]

B:BD[3.21094] → [3.21094:21142]

    database = {
      type = "sqlite3";
    };

[3.21094]

[3.21142]

            attachment.ALLOWED_TYPES = "*/*";

Replacement in modules/forgejo.nix at line 74 [3.19750]

B:BD[3.21143] → [5.14619:14746]

    settings =
      let
        description = "PlumJam's Git Forge";
      in
      {
        default.APP_NAME = description;

[3.21143]

            cache.ENABLED = true;

Replacement in modules/forgejo.nix at line 76 [3.19750]

B:BD[3.21144] → [5.14747:14789]

        attachment.ALLOWED_TYPES = "*/*";

[3.21144]

[3.21253]

            # archive cleanup cron job
            "cron.archive_cleanup" =
              let
                interval = "4h";
              in
              {
                SCHEDULE = "@every ${interval}";
                OLDER_THAN = interval;
              };

Replacement in modules/forgejo.nix at line 86 [3.19750]

B:BD[3.21254] → [5.14790:14820]

        cache.ENABLED = true;

[3.21254]

[3.21294]

            other = {
              SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
              SHOW_FOOTER_VERSION = false;
            };

Replacement in modules/forgejo.nix at line 91 [3.19750]

B:BD[3.21295] → [5.14821:15050]

        # archive cleanup cron job
        "cron.archive_cleanup" =
          let
            interval = "4h";
          in
          {
            SCHEDULE = "@every ${interval}";
            OLDER_THAN = interval;
          };

[3.21295]

[3.21323]

            packages.ENABLED = true;

Replacement in modules/forgejo.nix at line 93 [3.19750]

B:BD[3.21324] → [5.15051:15169]

        other = {
          SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
          SHOW_FOOTER_VERSION = false;
        };

[3.21324]

[3.21521]

            repository = {
              DEFAULT_BRANCH = "master";
              DEFAULT_MERGE_STYLE = "rebase-merge";
              DEFAULT_REPO_UNITS = "repo.code, repo.issues, repo.pulls";

Replacement in modules/forgejo.nix at line 98 [3.19750]

B:BD[3.21522] → [5.15170:15203]

        packages.ENABLED = true;

[3.21522]

[3.21643]

              DEFAULT_PUSH_CREATE_PRIVATE = false;
              ENABLE_PUSH_CREATE_ORG = true;
              ENABLE_PUSH_CREATE_USER = true;

Replacement in modules/forgejo.nix at line 102 [3.19750]

B:BD[3.21644] → [5.15204:15381]

        repository = {
          DEFAULT_BRANCH = "master";
          DEFAULT_MERGE_STYLE = "rebase-merge";
          DEFAULT_REPO_UNITS = "repo.code, repo.issues, repo.pulls";

[3.21644]

[3.21851]

              DISABLE_STARS = true;
            };

Replacement in modules/forgejo.nix at line 105 [3.19750]

B:BD[3.21852] → [5.15382:15512]

          DEFAULT_PUSH_CREATE_PRIVATE = false;
          ENABLE_PUSH_CREATE_ORG = true;
          ENABLE_PUSH_CREATE_USER = true;

[3.21852]

[3.21985]

            "repository.upload" = {
              FILE_MAX_SIZE = 100;
              MAX_FILES = 10;
            };

Replacement in modules/forgejo.nix at line 110 [3.19750]

B:BD[3.21986] → [5.15513:15556]

          DISABLE_STARS = true;
        };

[3.21986]

[3.22025]

            server = {
              DOMAIN = domain;
              ROOT_URL = "https://${fqdn}/";
              LANDING_PAGE = "/explore";

Replacement in modules/forgejo.nix at line 115 [3.19750]

B:BD[3.22026] → [5.15557:15657]

        "repository.upload" = {
          FILE_MAX_SIZE = 100;
          MAX_FILES = 10;
        };

[3.22026]

[3.22122]

              HTTP_ADDR = "::1";
              HTTP_PORT = port;

Replacement in modules/forgejo.nix at line 118 [3.19750]

B:BD[3.22123] → [5.15658:15782]

        server = {
          DOMAIN = domain;
          ROOT_URL = "https://${fqdn}/";
          LANDING_PAGE = "/explore";

[3.22123]

[3.22249]

              SSH_DOMAIN = fqdn;
              SSH_PORT = 22;
              START_SSH_SERVER = false;

Replacement in modules/forgejo.nix at line 122 [3.19750]

B:BD[3.22250] → [5.15783:15840]

∅:D[5.15840] → [3.22303:22304]

B:BD[3.22303] → [3.22303:22304]

B:BD[3.22304] → [5.15841:15931]

∅:D[5.15931] → [3.22402:22403]

B:BD[3.22402] → [3.22402:22403]

B:BD[3.22403] → [5.15932:15980]

          HTTP_ADDR = "::1";
          HTTP_PORT = port;
          SSH_DOMAIN = fqdn;
          SSH_PORT = 22;
          START_SSH_SERVER = false;
          DISABLE_ROUTER_LOG = true;
        };

[3.22250]

[3.22447]

              DISABLE_ROUTER_LOG = true;
            };

Replacement in modules/forgejo.nix at line 125 [3.19750]

B:BD[3.22448] → [5.15981:16026]

        service.DISABLE_REGISTRATION = true;

[3.22448]

[3.22491]

            service.DISABLE_REGISTRATION = true;

Replacement in modules/forgejo.nix at line 127 [3.19750]

B:BD[3.22492] → [5.16027:16122]

        session = {
          COOKIE_SECURE = true;
          SAME_SITE = "strict";
        };

[3.22492]

[3.22583]

            session = {
              COOKIE_SECURE = true;
              SAME_SITE = "strict";
            };

Replacement in modules/forgejo.nix at line 132 [3.19750]

B:BD[3.22584] → [5.16123:16225]

        "ui.meta" = {
          AUTHOR = description;
          DESCRIPTION = description;
        };

[3.22584]

[3.22674]

            "ui.meta" = {
              AUTHOR = description;
              DESCRIPTION = description;
            };
          };

Deletion in modules/forgejo.nix at line 138 [3.19750]
B:BD[3.22690] → [3.22690:22695]
```
  };
```

Replacement in modules/forgejo.nix at line 139 [3.19750]

B:BD[3.22696] → [3.22696:22930]

  services.nginx.virtualHosts.${fqdn} = lib.merge config.services.nginx.sslTemplate {
    extraConfig = ''
      ${config.services.nginx.goatCounterTemplate}
    '';
    locations."/".proxyPass = "http://[::1]:${toString port}";
  };

[3.22696]

[3.22930]

      services.nginx.virtualHosts.${fqdn} = merge config.services.nginx.sslTemplate {
        extraConfig = ''
          ${config.services.nginx.goatCounterTemplate}
        '';
        locations."/".proxyPass = "http://[::1]:${toString port}";
      };
    };

File move: forgejo-action-runner.nix → forgejo-action-runner.nix
BF:BFD[3.128] → [3.25997:26046]
BF:BF[3.26046] → [3.22970:22970]
[4.2]
[3.22970]
Replacement in modules/forgejo-action-runner.nix at line 18 [3.22970]
B:BD[3.23207] → [3.23207:23235]
```
      options.ci-runner = {
```
[3.23207]
[3.23235]
```
      options.forgejo-action-runner = {
```

Replacement in modules/forgejo-action-runner.nix at line 51 [3.22970]

B:BD[3.24100] → [3.24100:24225]

      config = mkIf config.ci-runner.enable {
        age.secrets.forgejoRunnerToken.rekeyFile = config.ci-runner.tokenFile;

[3.24100]

[3.24225]

      config = mkIf config.forgejo-action-runner.enable {
        age.secrets.forgejoRunnerToken.rekeyFile = config.forgejo-action-runner.tokenFile;

Replacement in modules/forgejo-action-runner.nix at line 68 [3.22970]

B:BD[3.24701] → [2.1197:1288]

            inherit (config.ci-runner) url;
            inherit (config.ci-runner) labels;

[3.24701]

[3.24787]

            inherit (config.forgejo-action-runner) url;
            inherit (config.forgejo-action-runner) labels;

Deletion in modules/forgejo-action-runner.nix at line 84 [3.22970]

B:BD[3.25185] → [3.25185:25271]


              inputs.claude-code.packages.${pkgs.stdenv.hostPlatform.system}.default

Deletion in modules/forgejo-action-runner.nix at line 97 [3.22970]
B:BD[3.25569] → [3.25569:25597]
```
              pkgs.opencode
```

Replacement in modules/forgejo-action-runner.nix at line 104 [3.22970]

B:BD[3.25770] → [3.25770:25829]

            ++ lib.optionals config.ci-runner.withDocker [

[3.25770]

[3.25829]

            ++ lib.optionals config.forgejo-action-runner.withDocker [

Replacement in modules/forgejo-action-runner.nix at line 108 [3.22970]

B:BD[3.25903] → [3.25903:25954]

            ++ config.ci-runner.extraHostPackages;

[3.25903]

[3.25954]

            ++ config.forgejo-action-runner.extraHostPackages;