nexveridian-web/content/blog/forgejo-setup.md

+++
title = "Setting Forgejo and Forgejo actions with `Docker Compose`, with `Nix` based actions"
date = 2025-08-26

[taxonomies]
tags = ["forgejo", "nix", "CI", "actions", "docker"]
+++

## Docker Compose Configuration
```yaml
traefik:
  # ...
  command:
    # ...
    - "--entrypoints.ssh.address=:222"
  ports:
    # ...
    - "222:222"
forgejo:
    container_name: forgejo
    image: codeberg.org/forgejo/forgejo:11
    environment:
        - USER_UID=1000
        - USER_GID=1000
        - FORGEJO__database__DB_TYPE=postgres
        - FORGEJO__database__HOST=pgforgejo:5432
        - FORGEJO__database__NAME=forgejo
        - FORGEJO__database__USER=forgejo
        - FORGEJO__database__PASSWD=forgejo
    restart: always
    networks:
        - forgejo
        - <network name>
    volumes:
        - ./forgejo:/data
        - /etc/timezone:/etc/timezone:ro
        - /etc/localtime:/etc/localtime:ro
    # ports:
    #     - "3000:3000"
    #     - "222:22"
    depends_on:
        - pgforgejo
    labels:
        - "traefik.enable=true"
        - "traefik.http.routers.forgejo.rule=Host(`git.example.com`)"
        - "traefik.http.routers.forgejo.entrypoints=websecure"
        - "traefik.http.routers.forgejo.tls.certresolver=myhttpchallenge"
        - "traefik.http.routers.forgejo.service=forgejo"

        - "traefik.http.routers.forgejo-http.rule=Host(`git.example.com`)"
        - "traefik.http.routers.forgejo-http.entrypoints=web"
        - "traefik.http.routers.forgejo-http.middlewares=forgejo-redirect"
        - "traefik.http.middlewares.forgejo-redirect.redirectscheme.scheme=https"
        - "traefik.http.middlewares.forgejo-redirect.redirectscheme.permanent=true"

        - "traefik.http.services.forgejo.loadbalancer.server.port=3000"
        - "traefik.docker.network=<network name>"
        - "traefik.tcp.routers.forgejo-ssh.entrypoints=ssh"
        - "traefik.tcp.routers.forgejo-ssh.rule=HostSNI(`*`)"
        - "traefik.tcp.routers.forgejo-ssh.service=forgejo-ssh"
        - "traefik.tcp.services.forgejo-ssh.loadbalancer.server.port=22"

pgforgejo:
    container_name: pgforgejo
    image: postgres:17.6-alpine
    restart: always
    environment:
        - POSTGRES_USER=forgejo
        - POSTGRES_PASSWORD=forgejo
        - POSTGRES_DB=forgejo
    networks:
        - forgejo
    volumes:
        - ./pgforgejo:/var/lib/postgresql/data

docker-in-docker:
    container_name: docker-dind
    image: docker:dind
    privileged: "true"
    command: ["dockerd", "-H", "tcp://0.0.0.0:2375", "--tls=false"]
    restart: "unless-stopped"
    networks:
        - forgejo

forgejo-action:
    container_name: "forgejo-action"
    image: "data.forgejo.org/forgejo/runner:9"
    links:
        - docker-in-docker
    depends_on:
        docker-in-docker:
            condition: service_started
    environment:
        DOCKER_HOST: tcp://docker-in-docker:2375
    networks:
        - forgejo
    # User without root privileges, but with access to `./data`.
    user: 1001:1001
    volumes:
        - ./forgejo-data:/data
    restart: "unless-stopped"
    # command: '/bin/sh -c "while : ; do sleep 1 ; done ;"'
    command: '/bin/sh -c "sleep 5; forgejo-runner daemon"'
```

## Forgejo Actions
```json
# .runner
{
  "WARNING": "This file is automatically generated by act-runner. Do not edit it manually unless you know what you are doing. Removing this file will cause act runner to re-register as a new runner.",
  "id": 1,
  "uuid": "****",
  "name": "<runner name>",
  "token": "****",
  "address": "https://git.example.com",
  "labels": [
    "bookworm:docker://node:24-bookworm",
    "nix-base:docker://docker.nix-community.org/nixpkgs/nix-unstable:latest",
    "nix:docker://git.nexveridian.com/nexveridian/action-attic:latest"
  ]
}
```

### Available runner images
- bookworm: closest to GitHub actions
- nix-base: for bootstrapping
- nix: custom image with packages pre installed, see [Creating custom runner images](../forgejo-github-to-forgejo-actions)

## Creating custom runner images
`git clone ssh://git@git.nexveridian.com:222/NexVeridian/docker-nixpkgs.git`

### Create a copy of `images/action-attic`
```nix
{
  docker-nixpkgs,
  pkgs,
  attic-client,
  nodejs_24,
  nix-fast-build,
  # add more packages here
}:
(docker-nixpkgs.nix.override {
  nix = pkgs.nixVersions.latest;

  extraContents = [
    attic-client
    nodejs_24
    nix-fast-build
    # and the corresponding packages here
  ];
}).overrideAttrs
  (prev: {
    meta = (prev.meta or { }) // {
      description = "Forgejo action image, with Nix and Attic client";
    };
  })
```

### Edit folder name in `.forgejo/workflows/nix.yaml`
```yaml
- name: Build Nix package
  run: nix-build -A action-attic
```