From a9cc7b19d859f92d33223ada68f63f71faabf494 Mon Sep 17 00:00:00 2001
From: TheGeneralist <180094941+thegeneralist01@users.noreply.github.com>
Date: Sat, 24 Jan 2026 17:18:59 +0100
Subject: [PATCH] forgejo: use static runner user + non-private state   dir

---
 hosts/thegeneralist-central/forgejo/default.nix | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/hosts/thegeneralist-central/forgejo/default.nix b/hosts/thegeneralist-central/forgejo/default.nix
index e5d17c0..00530e0 100644
--- a/hosts/thegeneralist-central/forgejo/default.nix
+++ b/hosts/thegeneralist-central/forgejo/default.nix
@@ -140,5 +140,13 @@ in
     StateDirectoryMode = "0755";
   };
 
+  users.groups.gitea-runner = { };
+  users.users.gitea-runner = {
+    isSystemUser = true;
+    group = "gitea-runner";
+    home = "/var/lib/gitea-runner/central";
+    createHome = true;
+  };
+
   networking.firewall.allowedTCPPorts = [ 2222 ];
 }