diff --git a/puter/030-vm-nixos-neru/specific-aspect/repo-website/forgejo-admin.nix b/puter/030-vm-nixos-neru/specific-aspect/repo-website/forgejo-admin.nix
new file mode 100644
index 0000000..3877ea1
--- /dev/null
+++ b/puter/030-vm-nixos-neru/specific-aspect/repo-website/forgejo-admin.nix
@@ -0,0 +1,21 @@
+{
+  den.aspects = {
+    neru = {
+      nixos =
+        { lib, pkgs, config, ... }:
+        {
+          sops.secrets.forgejo-admin-password.owner = "forgejo";
+          systemd.services.forgejo.preStart = 
+          let 
+            adminCmd = "${lib.getExe cfg.package} admin user";
+            pwd = config.sops.secrets.forgejo-admin-password;
+            user = "exp";
+          in ''
+            ${adminCmd} create --admin --email "root@localhost" --username ${user} --password "$(tr -d '\n' < ${pwd.path})" || true
+            ## uncomment this line to change an admin user which was already created
+            # ${adminCmd} change-password --username ${user} --password "$(tr -d '\n' < ${pwd.path})" || true
+          '';
+        };
+      };
+    };
+}
\ No newline at end of file
diff --git a/secret/secret.yaml b/secret/secret.yaml
index 6afc102..0a50d5e 100644
--- a/secret/secret.yaml
+++ b/secret/secret.yaml
@@ -1,9 +1,4 @@
-kirbara-email: ENC[AES256_GCM,data:G5gUJIycxkyASGHBW05gJGcOXT5O5A==,iv:xCwlE3UvImTMZHEvao2IxtkTuUDjDJ10IVbAZROLKBg=,tag:FoL9vJDg8m9m6BpBzL3lWA==,type:str]
-neru-ipv4: ENC[AES256_GCM,data:16GsXhofOQAH/Ywr,iv:o+hSO9Q/UKms2jnFxNtvGwzz9dPnVQeTNSnkoiukU1c=,tag:lC672a4ao/YMbKW+kUcphA==,type:str]
-neru-defaultGateway: ENC[AES256_GCM,data:HkkF3vM+shVrQWZJ/w==,iv:De9OjHwQhe/3m+9vWmbVkFz6RVFz1iD66B6GWiXATD8=,tag:KndSEJnlKFKhegs5MEyF3Q==,type:str]
-myservice:
-    my_subdir:
-        my_secret: ENC[AES256_GCM,data:YmkEwQzwS+IT,iv:LqBLQZUTS7U/4/bb956kaZ8SZmi0XrxxbLf+6mX8FDc=,tag:KERpDmgCry+LcTbBge4KhA==,type:str]
+forgejo-admin-password: ENC[AES256_GCM,data:i5VMwCVcTb0bN4UTGU72iTW8cxg2h4uiP/WBVN20N7GzUmipGL50OcYbjQejVWviZiv8k9fQO/4gERtMTy36g+WG,iv:gk4N6kpXyAgHiWAs3wkrYbgIXa6zF2TQWNADFBjylPw=,tag:5DtKBfEd673goJPxP9VJtA==,type:str]
 sops:
     age:
         - recipient: age1pj9v44sqvsk06jjs0jx092cdjwtm93nzk83875dw8nume88xnd9sevw75d
@@ -15,7 +10,7 @@ sops:
             T2tGYVdwQXJZaVN5Qmt4S1RDZHBUQ2MKluOtWmHeIv+LHJa+zcQ9cU43FaiYdHxD
             NcrfEOy4VC1c25lccOAubClCqlpnLsfRt0dQo36V+6S3ksCZDrbCNA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-12-01T02:16:51Z"
-    mac: ENC[AES256_GCM,data:WkeB6T2iNLPWQDsX6euvaiac4cuWvDOTiFpngrqVwgfs+FPLRLZTWUL4RHw8fvUsxBS9OU64UUwwsnkBJtQCGccI4BGHBsNhsr+XMsE2B9+tiMT9sAaHGPUyYDX3WQicI2QiovgIa2H4tYOk9nJoYtSV65MgielBpk8QKRzreMo=,iv:NiE68kBbbCj9AEp6RGjXNPhAhaj4g78nTzzL1kWCxoU=,tag:8wSx6qWCNjcdBY4VSVF89g==,type:str]
+    lastmodified: "2025-12-05T15:10:42Z"
+    mac: ENC[AES256_GCM,data:rpnhWWHYadB96d30QSk6aB055UA0wGqM+LRxWuNRJJL4vuNVtePjZvL0+ItgOchAda8Jh6M+uHnRMsM7GhPvwKtRIyoGU2ZM5ihC7TA7LG74l4VkgWDq1S46LM8lCmp1//EHFyOmZQyCNZWCrjbQr1iXhWat0uH2eDZo/wz+ezE=,iv:h5GwUdGcR8pRiYCTSmS9QWaF6HwturFK2DqOpzsyc3k=,tag:XkLqe9Q1AATIoFlDiWOkEQ==,type:str]
     unencrypted_suffix: _unencrypted
-    version: 3.11.0
\ No newline at end of file
+    version: 3.11.0