diff --git a/hosts/servers/alexandria/default.nix b/hosts/servers/alexandria/default.nix
index cb7aaa0..c1f9c23 100644
--- a/hosts/servers/alexandria/default.nix
+++ b/hosts/servers/alexandria/default.nix
@@ -1,9 +1,20 @@
-{ ... }:
+{ lib, ... }:
+
+let
+  mkStringOption =
+    default:
+    lib.mkOption {
+      inherit default;
+      type = lib.types.str;
+    };
+
+in
 
 {
   imports = [
     ./changedetection.nix
     ./cinny.nix
+    ./forgejo.nix
     ./hardware-configuration.nix
     ./jellyfin.nix
     ./librespeed.nix
@@ -15,7 +26,26 @@
     ./services.nix
     ./pairdrop.nix
     ./users.nix
-    ./variables.nix
     ./vaultwarden.nix
   ];
+
+  options.ports = {
+    bazaar = mkStringOption "6767";
+    radarr = mkStringOption "7878";
+    vaultwarden = mkStringOption "8000";
+    changedetection-io = mkStringOption "8001";
+    cinny = mkStringOption "8002";
+    librespeed = mkStringOption "8003";
+    paperless = mkStringOption "8004";
+    yousable = mkStringOption "8005";
+    cinny2 = mkStringOption "8006";
+    searx = mkStringOption "8007";
+    qbittorrent = mkStringOption "8008";
+    actual = mkStringOption "8009";
+    pairdrop = mkStringOption "8010";
+    logseq = mkStringOption "8011";
+    jellyfin = mkStringOption "8096";
+    sonarr = mkStringOption "8989";
+    jackett = mkStringOption "9117";
+  };
 }
diff --git a/hosts/servers/alexandria/forgejo.nix b/hosts/servers/alexandria/forgejo.nix
new file mode 100644
index 0000000..9293d12
--- /dev/null
+++ b/hosts/servers/alexandria/forgejo.nix
@@ -0,0 +1,32 @@
+{ config, ... }:
+
+let
+  domain = "git.baduhai.dev";
+in
+
+{
+  services = {
+    forgejo = {
+      enable = true;
+      settings = {
+        session.COOKIE_SECURE = true;
+        server = {
+          PROTOCOL = "http+unix";
+          DOMAIN = domain;
+          SSH_DOMAIN = config.networking.domain;
+          ROOT_URL = "https://${domain}";
+          OFFLINE_MODE = true; # disable use of CDNs
+        };
+        log.LEVEL = "Warn";
+        mailer.ENABLED = false;
+        actions.ENABLED = false;
+      };
+    };
+    nginx.virtualHosts.${domain} = {
+      useACMEHost = "baduhai.dev";
+      forceSSL = true;
+      kTLS = true;
+      locations."/".proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/";
+    };
+  };
+}
diff --git a/hosts/servers/alexandria/variables.nix b/hosts/servers/alexandria/variables.nix
deleted file mode 100644
index 2ad93c6..0000000
--- a/hosts/servers/alexandria/variables.nix
+++ /dev/null
@@ -1,32 +0,0 @@
-{ lib, ... }:
-
-let
-  mkStringOption =
-    default:
-    lib.mkOption {
-      inherit default;
-      type = lib.types.str;
-    };
-
-in
-{
-  options.ports = {
-    bazaar = mkStringOption "6767";
-    radarr = mkStringOption "7878";
-    vaultwarden = mkStringOption "8000";
-    changedetection-io = mkStringOption "8001";
-    cinny = mkStringOption "8002";
-    librespeed = mkStringOption "8003";
-    paperless = mkStringOption "8004";
-    yousable = mkStringOption "8005";
-    cinny2 = mkStringOption "8006";
-    searx = mkStringOption "8007";
-    qbittorrent = mkStringOption "8008";
-    actual = mkStringOption "8009";
-    pairdrop = mkStringOption "8010";
-    logseq = mkStringOption "8011";
-    jellyfin = mkStringOption "8096";
-    sonarr = mkStringOption "8989";
-    jackett = mkStringOption "9117";
-  };
-}