From f16a51225270437ee1c799a21a83557e3596ef46 Mon Sep 17 00:00:00 2001
From: lew <lew@ily.rs>
Date: Wed, 29 Apr 2026 14:00:43 +0100
Subject: [PATCH] clean on boot, limit journald, and precreate forgejo user

---
 hosts/lab/default.nix |  8 ++++++--
 hosts/lab/forgejo.nix | 12 ++++++++++--
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/hosts/lab/default.nix b/hosts/lab/default.nix
index 3935ab2..e8192ac 100644
--- a/hosts/lab/default.nix
+++ b/hosts/lab/default.nix
@@ -52,11 +52,15 @@
   sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
 
   environment.systemPackages = with pkgs; [
-    nodejs
-    pnpm
     sqlite
   ];
 
+  boot.tmp.cleanOnBoot = true;
+
+  services.journald.extraConfig = ''
+    SystemMaxUse=500M
+  '';
+
   services.caddy.enable = true;
   services.caddy.email = "lew@ily.rs";
 
diff --git a/hosts/lab/forgejo.nix b/hosts/lab/forgejo.nix
index e2f658b..26ed025 100644
--- a/hosts/lab/forgejo.nix
+++ b/hosts/lab/forgejo.nix
@@ -47,8 +47,16 @@ in
   systemd.services.forgejo.preStart = let
     adminCmd = "${lib.getExe cfg.package} admin user";
     pwd = config.sops.secrets.forgejo-admin-password;
+    marker = "${cfg.stateDir}/.admin-bootstrapped";
   in lib.mkAfter ''
-    ${adminCmd} create --admin --email "lew@ily.rs" \
-      --username lew --password "$(tr -d '\n' < ${pwd.path})" || true
+    if [ ! -e ${marker} ]; then
+      if ${adminCmd} list | grep -qE '^[0-9]+\s+lew\s'; then
+        echo "admin user 'lew' already exists, marking bootstrapped"
+      else
+        ${adminCmd} create --admin --email "lew@ily.rs" \
+          --username lew --password "$(tr -d '\n' < ${pwd.path})"
+      fi
+      touch ${marker}
+    fi
   '';
 }