diff --git a/configuration.nix b/configuration.nix
index 6a4e422..9aa6cbe 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -46,7 +46,6 @@
 		"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBC7NUaBJOYgMnT2uUUUSB7gKaqqbgxXDghBkRqSGuZrAZzZYHlHH7nM6Re7+yOYMSoJGLaB4iaUDLSBBnyA6pLI= nixos_gitea@secretive.MacBook-Pro-(2).local"
 	];
 	packages = with pkgs; [
-      	rclone
     ];
 };
 
@@ -75,7 +74,31 @@
 	};
 	openFirewall = true;
   };
-  	#enable qemu-guestagent
+  #Forgejo
+  services.forgejo = {
+    enable = true;
+    settings.server = {
+      ROOT_URL = "https://git.shibe.pro";
+      DOMAIN = "git.shibe.pro";
+      HTTP_PORT = 48540;
+      OFFLINE_MODE = true; # disable gravatar, CDN
+    };
+    settings.service.DISABLE_REGISTRATION = true;
+    database = {
+      user = "forgejo";
+      passwordFile = "/etc/nixos/forgejo-dbpassword";
+      name = "forgejodb";
+      type = "mysql";
+    };
+  };
+
+  # Allow forgejo user to adjust authorized_keys dynamically
+  services.openssh.extraConfig = ''
+    Match User forgejo
+      AuthorizedKeysFile ${config.users.users.forgejo.home}/.ssh/authorized_keys
+  '';
+
+  #enable qemu-guestagent
   services.qemuGuest.enable = true;
   # Disable password checking for wheel group users so we can solely rely on ssh keys
   security.sudo.wheelNeedsPassword = false;
@@ -83,9 +106,9 @@
   # Firewall stuff:
   networking.firewall.enable = true;
   networking.firewall.allowPing = true;
-  services.samba.openFirewall = true;
+ 
   # Open ports in the firewall.
-  # networking.firewall.allowedTCPPorts = [ ... ];
+  networking.firewall.allowedTCPPorts = [48540 ];
   # networking.firewall.allowedUDPPorts = [ ... ];
   # Or disable the firewall altogether.
   # networking.firewall.enable = false;