diff --git a/hosts/Infini-DL360/default.nix b/hosts/Infini-DL360/default.nix
index 9c58ee4..a54f5ee 100644
--- a/hosts/Infini-DL360/default.nix
+++ b/hosts/Infini-DL360/default.nix
@@ -6,6 +6,7 @@
     ./web.nix
 
     ./factorio.nix
+    ./forgejo.nix
     ./freshrss.nix
     ./jellyfin.nix
     ./thelounge.nix
diff --git a/hosts/Infini-DL360/forgejo.nix b/hosts/Infini-DL360/forgejo.nix
new file mode 100644
index 0000000..940949a
--- /dev/null
+++ b/hosts/Infini-DL360/forgejo.nix
@@ -0,0 +1,70 @@
+{ config, ... }:
+let
+  cfg = config.services.forgejo;
+  domain = config.common.subdomain "git";
+in
+{
+  services.forgejo = {
+    enable = true;
+    user = "git";
+    stateDir = "/srv/forgejo";
+    mailerPasswordFile = config.secrets.smtp-password;
+    settings = {
+      server = {
+        ROOT_URL = "https://${domain}/";
+        SSH_DOMAIN = domain;
+        LANDING_PAGE = "explore";
+      };
+      mailer = with config.common.email; {
+        ENABLED = true;
+        PROTOCOL = "smtps";
+        SMTP_ADDR = smtp.address;
+        USER = outgoing;
+        FROM = withSubaddress "git";
+      };
+      session.COOKIE_SECURE = true;
+      security = {
+        LOGIN_REMEMBER_DAYS = 180;
+      };
+      repository = {
+        ENABLE_PUSH_CREATE_USER = true;
+        ENABLE_PUSH_CREATE_ORG = true;
+      };
+      "repository.issue" = {
+        MAX_PINNED = 5;
+      };
+      service = {
+        DISABLE_REGISTRATION = true;
+        OFFLINE_MODE = false;
+        NO_REPLY_ADDRESS = config.common.email.outgoing;
+      };
+      indexer = {
+        REPO_INDEXER_ENABLED = true;
+      };
+    };
+  };
+
+  services.nginx.virtualHosts.${domain} = config.common.nginx.ssl // {
+    locations."/" = {
+      proxyPass = "http://${cfg.settings.server.DOMAIN}:${toString cfg.settings.server.HTTP_PORT}";
+      extraConfig = ''
+        access_log /var/log/nginx/access.log combined if=$forgejo_access_log;
+      '';
+    };
+  };
+
+  services.nginx.appendHttpConfig = ''
+    map $uri $forgejo_access_log {
+      default 1;
+      /api/actions/runner.v1.RunnerService/FetchTask 0;
+    }
+  '';
+
+  users.users.${cfg.user} = {
+    home = cfg.stateDir;
+    useDefaultShell = true;
+    group = cfg.group;
+    extraGroups = [ "smtp" ];
+    isSystemUser = true;
+  };
+}
diff --git a/secrets/default.nix b/secrets/default.nix
index 590e2ac..7779160 100644
--- a/secrets/default.nix
+++ b/secrets/default.nix
@@ -41,6 +41,9 @@ in
       (mkIf config.services.freshrss.enable {
         "freshrss" = withOwnerGroup "freshrss" secrets."freshrss";
       })
+      (mkIf config.services.forgejo.enable {
+        "smtp-password" = withGroup "smtp" secrets."smtp-password";
+      })
     ];
   };
 }