diff --git a/hosts/mystra/default.nix b/hosts/mystra/default.nix
index d306cf5..81b2742 100644
--- a/hosts/mystra/default.nix
+++ b/hosts/mystra/default.nix
@@ -6,6 +6,7 @@
     ../../nixos/server.nix
     ./nginx.nix
     ./taskd.nix
+    ./forgejo.nix
   ];
 
   networking.firewall.allowedTCPPorts = [
diff --git a/hosts/mystra/forgejo.nix b/hosts/mystra/forgejo.nix
new file mode 100644
index 0000000..49535a1
--- /dev/null
+++ b/hosts/mystra/forgejo.nix
@@ -0,0 +1,31 @@
+{ lib, config, ... }:
+let
+  cfg = config.settings.forgejo;
+  srv = cfg.settings.server;
+in
+{
+  services.nginx.virtualHosts."git.henri-saudubray.fr" = {
+    forceSSL = true;
+    enableACME = true;
+    extraConfig = ''
+      client_max_body_size 512M;
+    '';
+    locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
+  };
+
+  services.forgejo = {
+    enable = true;
+    database.type = "postgres";
+    lfs.enable = true;
+    settings = {
+      server = {
+        DOMAIN = "git.henri-saudubray.fr";
+        ROOT_URL = "https://${srv.DOMAIN}/";
+        HTTP_PORT = 3000;
+        SSH_PORT = lib.head config.services.openssh.ports;
+      };
+
+      service.DISABLE_REGISTRATION = true;
+    };
+  };
+}