diff --git a/nix/modules/hive-forge.nix b/nix/modules/hive-forge.nix
index 743834f..b5ded52 100644
--- a/nix/modules/hive-forge.nix
+++ b/nix/modules/hive-forge.nix
@@ -60,6 +60,21 @@ in
       '';
     };
 
+    package = lib.mkOption {
+      type = lib.types.package;
+      default = pkgs.forgejo;
+      defaultText = lib.literalExpression "pkgs.forgejo";
+      description = ''
+        Forgejo package to run inside the container. Defaults to
+        `pkgs.forgejo` (the latest release line) rather than the
+        nixpkgs-module default of `pkgs.forgejo-lts`, because LTS
+        lags far behind on schema and the DB easily ends up "newer
+        than the binary" if the operator ever ran a non-LTS forgejo
+        against the same state dir. Override to `pkgs.forgejo-lts`
+        if you actively want the slower release train.
+      '';
+    };
+
     openFirewall = lib.mkOption {
       type = lib.types.bool;
       default = true;
@@ -87,6 +102,7 @@ in
           system.stateVersion = "25.11";
           services.forgejo = {
             enable = true;
+            package = cfg.package;
             database.type = "sqlite3";
             lfs.enable = true;
             settings = {