[nidaros] Added hostPackages

hosts/nidaros/default.nix

@@ -12,5 +12,6 @@
     ./security
   ];
 
+  # Removed at 25.11
   programs.nh.flake = lib.mkForce null;
 }

hosts/nidaros/forgejo.nix

@@ -22,13 +22,10 @@ in
       settings = {
         server = {
           DOMAIN = domain;
-          # You need to specify this to remove the port from URLs in the web UI.
           ROOT_URL = "https://${domain}/";
           HTTP_PORT = 8002;
         };
-        # You can temporarily allow registration to create an admin user.
         service.DISABLE_REGISTRATION = true;
-        # Add support for actions, based on act: https://github.com/nektos/act
         actions = {
           ENABLED = true;
           DEFAULT_ACTIONS_URL = "github";
@@ -42,6 +39,19 @@ in
         enable = true;
         name = "monolith";
         url = "https://${domain}";
+        hostPackages = with pkgs; [
+          bash
+          coreutils
+          curl
+          gawk
+          gitMinimal
+          gnused
+          nodejs
+          wget
+          podman
+          podman-compose
+        ];
+
         # Obtaining the path to the runner token file may differ
         # tokenFile should be in format TOKEN=<secret>, since it's EnvironmentFile for systemd
         tokenFile = config.sops.secrets.${runnerTokenKey}.path;
@@ -53,10 +63,14 @@ in
     };
   };
 
-  sops.secrets = {
+  sops.secrets =
-    ${passwordKey}.owner = "forgejo";
+    let
-    ${runnerTokenKey}.owner = "forgejo";
+      user = config.systemd.services.forgejo.serviceConfig.User;
-  };
+    in
+    {
+      ${passwordKey}.owner = user;
+      ${runnerTokenKey}.owner = user;
+    };
 
   # Create a single admin user / update password if exists
   systemd.services.forgejo.preStart =