diff --git a/home/cli.nix b/home/cli.nix
index b1c99a7..20322a2 100644
--- a/home/cli.nix
+++ b/home/cli.nix
@@ -39,6 +39,13 @@
     dataLocation = "${config.home.homeDirectory}/.local/share/task";
     colorTheme = "light-256";
     config.editor = "hx";
+    config.taskd = {
+      server = "henri-saudubray.fr:53589";
+      certificate = "/home/hms/.task/keys/public.cert";
+      key = "/home/hms/.task/keys/private.key";
+      ca = "/home/hms/.task/keys/ca.cert";
+      credentials = "personal/hms/2f8f33f0-a0b3-4f61-aba7-4d2b8c9cfbc7";
+    };
   };
 
   programs.jujutsu = {
diff --git a/hosts/mystra/default.nix b/hosts/mystra/default.nix
index 4a33466..81b2742 100644
--- a/hosts/mystra/default.nix
+++ b/hosts/mystra/default.nix
@@ -4,24 +4,18 @@
     ./hardware-configuration.nix
     ./disk-config.nix
     ../../nixos/server.nix
+    ./nginx.nix
+    ./taskd.nix
+    ./forgejo.nix
   ];
 
-  services.nginx = {
-    enable = true;
-    virtualHosts."henri-saudubray.fr" = {
-      enableACME = true;
-      forceSSL = true;
-      root = "/home/hms/www";
-    };
-  };
-
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
-
-  security.acme = {
-    acceptTerms = true;
-    defaults.email = "henri.saudubray@proton.me";
-  };
+  networking.firewall.allowedTCPPorts = [
+    80 # HTTP (nginx)
+    443 # HTTPS (nginx)
+    53589 # Taskserver
+  ];
 
   networking.hostName = "mystra";
+  networking.fqdn = "henri-saudubray.fr";
   system.stateVersion = "25.11";
 }
diff --git a/hosts/mystra/forgejo.nix b/hosts/mystra/forgejo.nix
new file mode 100644
index 0000000..4ee0f52
--- /dev/null
+++ b/hosts/mystra/forgejo.nix
@@ -0,0 +1,31 @@
+{ lib, config, ... }:
+let
+  cfg = config.services.forgejo;
+  srv = cfg.settings.server;
+in
+{
+  services.nginx.virtualHosts."git.henri-saudubray.fr" = {
+    forceSSL = true;
+    enableACME = true;
+    extraConfig = ''
+      client_max_body_size 512M;
+    '';
+    locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
+  };
+
+  services.forgejo = {
+    enable = true;
+    database.type = "postgres";
+    lfs.enable = true;
+    settings = {
+      server = {
+        DOMAIN = "git.henri-saudubray.fr";
+        ROOT_URL = "https://${srv.DOMAIN}/";
+        HTTP_PORT = 3000;
+        SSH_PORT = lib.head config.services.openssh.ports;
+      };
+
+      service.DISABLE_REGISTRATION = true;
+    };
+  };
+}
diff --git a/hosts/mystra/nginx.nix b/hosts/mystra/nginx.nix
new file mode 100644
index 0000000..8042052
--- /dev/null
+++ b/hosts/mystra/nginx.nix
@@ -0,0 +1,16 @@
+{ ... }:
+{
+  services.nginx = {
+    enable = true;
+    virtualHosts."henri-saudubray.fr" = {
+      enableACME = true;
+      forceSSL = true;
+      root = "/var/www/html";
+    };
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "henri.saudubray@proton.me";
+  };
+}
diff --git a/hosts/mystra/taskd.nix b/hosts/mystra/taskd.nix
new file mode 100644
index 0000000..cbd7594
--- /dev/null
+++ b/hosts/mystra/taskd.nix
@@ -0,0 +1,27 @@
+{ ... }:
+{
+  # # NOTE:
+  # After server installation, you must synchronize the clients with
+  # taskd. To do so, export the user config as follows (on server):
+  # ```bash
+  # nixos-taskserver user export personal hms > hms_config.sh
+  # ```
+  # and copy it to the client machine. Run it (on client):
+  # ```bash
+  # sh hms_config.sh
+  # ```
+  # and initialize synchronization (on client):
+  # ```bash
+  # task sync init
+  # ``` 
+  # See [this link](https://wiki.kunzelma.de/taskwarrior) for more.
+  # 
+  # # TODO: find a better way than the mess above.
+
+  services.taskserver = {
+    enable = true;
+    fqdn = "henri-saudubray.fr";
+    listenHost = "::";
+    organisations.personal.users = [ "hms" ];
+  };
+}