Make forgejo user setup more robust

modules/system/services/forgejo/default.nix

@@ -1,9 +1,4 @@
-{
+{ config, lib, ... }:
-  config,
-  pkgs,
-  lib,
-  ...
-}:
 let
   cfg = config.custom.services.forgejo;
 
@@ -53,10 +48,18 @@ in
 
     systemd.services.forgejo.preStart =
       let
-        createCmd = "${lib.getExe config.services.forgejo.package} admin user create";
+        userCmd = "${lib.getExe config.services.forgejo.package} admin user";
-        passwordPath = config.sops.secrets."forgejo/admin-password".path;
+        credentials = lib.concatStringsSep " " [
+          "--username SebastianStork"
+          "--password \"$PASSWORD\""
+        ];
       in
-      ''${createCmd} --username SebastianStork --password "$(cat ${passwordPath})" --email "sebastian.stork@pm.me" --admin || true'';
+      ''
+        PASSWORD="$(< ${config.sops.secrets."forgejo/admin-password".path})"
+
+        ${userCmd} create ${credentials} --email "sebastian.stork@pm.me" --admin \
+          || ${userCmd} change-password ${credentials} --must-change-password=false
+      '';
 
     systemd.tmpfiles.rules =
       let