feat: add GitHub mirror sync for Forgejo repos #426

Open

lytedev wants to merge 2 commits from github-mirror into main

pull from: github-mirror

merge into: lytedev:main

lytedev:main

lytedev:self-hosted-dns

lytedev:fix-runner-tmpfs-revert

lytedev:nix-darwin

lytedev:nix-on-droid

lytedev:stalwart-cors

lytedev:mail-phase1-beefcake

lytedev:beefcake-email

lytedev:beefcake-immich

lytedev:firefox-nightly-devedition

lytedev:opencode-jj-plugin

lytedev:fix-bun-baseline

lytedev:fix-user-env-manifest-perms

lytedev:cleanup-home-manager

lytedev:stale-symlink-cleanup

lytedev:flab-stuff

lytedev:printer-sftp

lytedev:dragon-vr-monado

lytedev:clever-vr-game-clamshell-mode-detection

lytedev:wireguard-mesh

Conversation 0 Commits 2 Files changed 4 +120 -4

lytedev commented 2026-03-23 15:20:38 -05:00

Owner

Copy link

Summary

• Adds a new NixOS module that mirrors an allowlist of Forgejo repos to GitHub on a 15-minute systemd timer
• Uses a GitHub App for authentication — generates short-lived installation tokens (1hr) instead of storing a long-lived PAT
• Includes failure notifications via Matrix webhook
• Removes the mirroring TODO from forgejo.nix

Setup Required Before Deploy

1. Create a GitHub App (Settings → Developer settings → GitHub Apps) with Contents: Read and write
2. Install on your account for the repos you want mirrored
3. Add sops secrets: github-app-id, github-app-key (PEM), github-app-installation-id, github-mirror-failure-webhook
4. Deploy to beefcake

Closes: #16

## Summary - Adds a new NixOS module that mirrors an allowlist of Forgejo repos to GitHub on a 15-minute systemd timer - Uses a GitHub App for authentication — generates short-lived installation tokens (1hr) instead of storing a long-lived PAT - Includes failure notifications via Matrix webhook - Removes the mirroring TODO from forgejo.nix ## Setup Required Before Deploy 1. Create a GitHub App (Settings → Developer settings → GitHub Apps) with `Contents: Read and write` 2. Install on your account for the repos you want mirrored 3. Add sops secrets: `github-app-id`, `github-app-key` (PEM), `github-app-installation-id`, `github-mirror-failure-webhook` 4. Deploy to beefcake Closes: https://git.lyte.dev/lytedev/nix/issues/16

lytedev added 1 commit 2026-03-23 15:20:38 -05:00

feat: add GitHub mirror sync for Forgejo repos via systemd timer ... bc2a49be37

Uses a GitHub App for short-lived token generation (no long-lived PAT).
Mirrors an allowlist of repos every 15 minutes with failure notifications
via Matrix webhook.

Closes: #16

lytedev force-pushed github-mirror from bc2a49be37 to 014b04a205 2026-03-23 15:32:51 -05:00 Compare

lytedev added 1 commit 2026-03-23 15:41:19 -05:00

chore: add placeholder sops secrets for GitHub mirror 9fd90232f6

All checks were successful

Hide all checks

/ check-format (push) Successful in 10s

Required

Details

/ build (push) Successful in 5m55s

Required

Details

This pull request has changes conflicting with the target branch.

• secrets/beefcake/secrets.yml

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin github-mirror:github-mirror

git switch github-mirror

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

bug

Something is wrong

  

enhancement

New feature

  

question

Awaiting information

  

scary

Potentially problematic change

  

upstream

Awaiting upstream changes

No labels

bug

enhancement

question

scary

upstream

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

lytedev/nix!426

No description provided.