diff --git a/git.nix b/git.nix
new file mode 100644
index 0000000..8fc63ba
--- /dev/null
+++ b/git.nix
@@ -0,0 +1,49 @@
+{ config, pkgs, lib, ... }:
+let
+  domain = "git.kamoshi.org";
+  user   = "forgejo";
+  state  = "/var/lib/forgejo";
+in
+{
+  users = {
+    users.${user} = {
+      description     = "Forgejo Service";
+      home            = state;
+      group           = user;
+      useDefaultShell = true;
+      isSystemUser    = true;
+    };
+    groups.${user} = {};
+  };
+
+  services = {
+    forgejo = {
+      enable = true;
+      user   = user;
+      group  = user;
+      stateDir = state;
+      # https://forgejo.org/docs/latest/admin/config-cheat-sheet/
+      settings = {
+        server = {
+          HTTP_PORT = 3200;
+          HTTP_ADDR = "127.0.0.1";
+          DOMAIN = domain;
+          ROOT_URL = "https://${domain}/";
+          LANDING_PAGE = "explore";
+        };
+
+        service = {
+          DISABLE_REGISTRATION = lib.mkForce true;
+        };
+      };
+    };
+
+    nginx.virtualHosts.${domain} = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://localhost:3200/";
+      };
+    };
+  };
+}
diff --git a/web.nix b/web.nix
index adfb696..0bbd172 100644
--- a/web.nix
+++ b/web.nix
@@ -23,12 +23,18 @@
       recommendedGzipSettings = true;
       recommendedOptimisation = true;
       recommendedProxySettings = true;
-      virtualHosts = {
-        "kamoshi.org" = {
-          root = "/var/www/kamoshi.org";
-          forceSSL = true;
-          enableACME = true;
-        };
+
+      virtualHosts."kamoshi.org" = {
+        root = "/var/www/kamoshi.org";
+        forceSSL = true;
+        enableACME = true;
+
+        listen = [
+          { addr = "[::]";    port = 80; ssl = false; }
+          { addr = "0.0.0.0"; port = 80; ssl = false; }
+          { addr = "[::]";    port = 443; ssl = true; }
+          { addr = "0.0.0.0"; port = 443; ssl = true; }
+        ];
       };
     };
   };