cryodev/docs/services/forgejo.md

Forgejo

Forgejo is a self-hosted Git service (fork of Gitea) with built-in CI/CD Actions.

References

• Forgejo Documentation
• Forgejo Actions

Setup

DNS

Set a CNAME record for git.cryodev.xyz pointing to your main domain.

Configuration

# hosts/cryodev-main/services/forgejo.nix
{ config, ... }:
{
  services.forgejo = {
    enable = true;
    settings = {
      server = {
        DOMAIN = "git.cryodev.xyz";
        ROOT_URL = "https://git.cryodev.xyz";
      };
      mailer = {
        ENABLED = true;
        FROM = "forgejo@cryodev.xyz";
      };
    };
  };
}

Forgejo Runner

The runner executes CI/CD pipelines defined in .forgejo/workflows/.

Get Runner Token

1. Go to Forgejo Admin Panel
2. Navigate to Actions > Runners
3. Create a new runner and copy the token

Add to Secrets

sops hosts/cryodev-main/secrets.yaml

forgejo-runner:
  token: "your-runner-token"

Configuration

{
  sops.secrets."forgejo-runner/token" = { };
  
  services.gitea-actions-runner = {
    instances.default = {
      enable = true;
      url = "https://git.cryodev.xyz";
      tokenFile = config.sops.secrets."forgejo-runner/token".path;
      labels = [ "ubuntu-latest:docker://node:20" ];
    };
  };
}

CI/CD Workflows

CI runs on every push to main via Forgejo Actions:

1. flake-check -- validates the flake
2. build-hosts -- builds all host configurations

Deployment is handled by Comin (pull-based), not by CI. See CD documentation for details.

Administration

Create Admin User

forgejo admin user create \
  --username <username> \
  --email <email>@<domain> \
  --password <password> \
  --admin

Reset User Password

sudo -u forgejo forgejo admin user change-password \
  --username USER \
  --password NEWPASS

Troubleshooting

Check Service Status

sudo systemctl status forgejo
sudo systemctl status gitea-runner-default

View Logs

sudo journalctl -u forgejo -f
sudo journalctl -u gitea-runner-default -f

Database Issues

Forgejo uses SQLite by default. Database location:

ls -la /var/lib/forgejo/data/