diff --git a/nixos/hosts/suwako-vie0/default.nix b/nixos/hosts/suwako-vie0/default.nix
index 01d29b5..ed0a75d 100644
--- a/nixos/hosts/suwako-vie0/default.nix
+++ b/nixos/hosts/suwako-vie0/default.nix
@@ -9,6 +9,7 @@
     suites.server
     ++ (with profiles; [
       services.caddy
+      services.forgejo
       services.keycloak
       services.matrix.heisenbridge
       services.matrix.mautrix-telegram
diff --git a/nixos/modules/networking/ports.nix b/nixos/modules/networking/ports.nix
index 269a570..47e0ad1 100644
--- a/nixos/modules/networking/ports.nix
+++ b/nixos/modules/networking/ports.nix
@@ -36,6 +36,7 @@ in
       prometheus-blackbox-exporter = 4071;
       prometheus-ping-exporter = 4072;
       vaultwarden = 4080;
+      forgejo = 4090;
 
       # public ports
       enthalpy-wireguard-reimu-aston = 13101;
diff --git a/nixos/profiles/services/forgejo/default.nix b/nixos/profiles/services/forgejo/default.nix
new file mode 100644
index 0000000..e65952e
--- /dev/null
+++ b/nixos/profiles/services/forgejo/default.nix
@@ -0,0 +1,65 @@
+{ config, ... }:
+{
+  services.forgejo = {
+    enable = true;
+    lfs.enable = true;
+    user = "git";
+    group = "git";
+    database = {
+      type = "postgres";
+      user = "git";
+      name = "git";
+    };
+    dump.enable = false;
+    settings = {
+      DEFAULT = {
+        APP_NAME = "rebmit's forge";
+      };
+      server = {
+        DOMAIN = "git.rebmit.moe";
+        HTTP_ADDR = "127.0.0.1";
+        HTTP_PORT = config.networking.ports.forgejo;
+        ROOT_URL = "https://git.rebmit.moe";
+        SSH_PORT = config.networking.ports.ssh;
+      };
+      service = {
+        DISABLE_REGISTRATION = true;
+      };
+      session = {
+        COOKIE_SECURE = true;
+      };
+      oauth2_client = {
+        ENABLE_AUTO_REGISTRATION = true;
+        USERNAME = "userid";
+      };
+    };
+  };
+
+  users.users.git = {
+    home = config.services.forgejo.stateDir;
+    useDefaultShell = true;
+    group = "git";
+    isSystemUser = true;
+  };
+
+  users.groups.git = { };
+
+  services.caddy.virtualHosts."git.rebmit.moe" = {
+    extraConfig = with config.services.forgejo.settings.server; ''
+      reverse_proxy ${HTTP_ADDR}:${toString HTTP_PORT}
+    '';
+  };
+
+  preservation.preserveAt."/persist".directories = [
+    {
+      directory = config.services.forgejo.stateDir;
+      mode = "-";
+      user = "-";
+      group = "-";
+    }
+  ];
+
+  services.restic.backups.b2.paths = [
+    "/persist${config.services.forgejo.stateDir}"
+  ];
+}
diff --git a/zones/rebmit.moe.nix b/zones/rebmit.moe.nix
index 13a9d74..fd4a768 100644
--- a/zones/rebmit.moe.nix
+++ b/zones/rebmit.moe.nix
@@ -45,6 +45,7 @@ dns.lib.toString "rebmit.moe" {
   TXT = [ (with spf; soft [ "mx" ]) ];
   subdomains = {
     chat.CNAME = [ "suwako-vie0.rebmit.link." ];
+    git.CNAME = [ "suwako-vie0.rebmit.link." ];
     id.CNAME = [ "suwako-vie0.rebmit.link." ];
     prom.CNAME = [ "fallback.workers.moe." ];
     push.CNAME = [ "suwako-vie1.rebmit.link." ];