add hive-forge module: private forgejo for agents

new `services.hive-forge.enable` (off by default) wraps `services.forgejo` with hyperhive-friendly defaults: sqlite (no extra db service), built-in ssh on 2222 so it doesn't fight the host's openssh, http on 3000 (outside hyperhive's 7000/8000/8100-8999 ranges), registration off (operator seeds agent users), private repos by default. exported as `nixosModules.hive-forge` — operator imports it on the host alongside hive-c0re. container-side wiring (MCP tools or a bind-mounted token) is deferred; containers already share the host netns so they can reach http://localhost:3000 today.
2026-05-16 20:50:36 +02:00 · 2026-05-16 20:50:36 +02:00 · c2d176ed13
commit c2d176ed13
parent 824acee134
2 changed files with 117 additions and 0 deletions
--- a/flake.nix
+++ b/flake.nix
@ -98,6 +98,7 @@
          hyperhivePackage = system: self.packages.${system}.default;
          hyperhiveFlake = "${self}";
        };
+        hive-forge = ./nix/modules/hive-forge.nix;
      };

      nixosConfigurations =