diff --git a/devices/oksys/modules/caddy.nix b/devices/oksys/modules/caddy.nix
index 95ecbc3..b8105ec 100644
--- a/devices/oksys/modules/caddy.nix
+++ b/devices/oksys/modules/caddy.nix
@@ -66,7 +66,7 @@ in {
 
           forgejo = {
             subDomainName = "git";
-            reverseProxy = "${dockerIP}:3000";
+            reverseProxy = "${servivi}:3000";
           };
 
           nix-binary-cache = {
diff --git a/devices/servivi/modules/arion/forgejo/compose.nix b/devices/servivi/modules/arion/forgejo/compose.nix
new file mode 100644
index 0000000..53fe7d4
--- /dev/null
+++ b/devices/servivi/modules/arion/forgejo/compose.nix
@@ -0,0 +1,69 @@
+{
+  config,
+  rwPath,
+  ...
+}: let
+  secrets = config.sops.secrets;
+in {
+  services = {
+    "forgejo" = {
+      image = "codeberg.org/forgejo/forgejo:1.21.3-0";
+      container_name = "forgejo";
+
+      ports = [
+        # Redirect WAN port 22 to this port
+        "2222:22"
+        "3000:3000"
+      ];
+
+      restart = "always";
+      privileged = true;
+      depends_on = ["forgejo-db"];
+
+      env_file = [secrets.forgejo.path];
+      environment = {
+        APP_NAME = "Gitea";
+
+        # TODO: change ids
+        USER_UID = "1000";
+        USER_GID = "1000";
+
+        ROOT_URL = "https://git.nelim.org";
+        SSH_DOMAIN = "git.nelim.org";
+        SSH_PORT = 22;
+        HTTP_PORT = 3000;
+      };
+
+      volumes = [
+        "${rwPath}/data:/data"
+        "/etc/timezone:/etc/timezone:ro"
+        "/etc/localtime:/etc/localtime:ro"
+      ];
+    };
+
+    "runner" = {
+      image = "gitea/act_runner";
+
+      # TODO: change name
+      container_name = "podman-runner";
+
+      restart = "always";
+      depends_on = ["forgejo"];
+
+      volumes = [
+        "${secrets.forgejo-runner.path}:/data/.runner"
+        "/var/run/docker.sock:/var/run/docker.sock"
+      ];
+    };
+
+    "forgejo-db" = {
+      image = "public.ecr.aws/docker/library/postgres:14";
+      container_name = "forgejo-db";
+      restart = "always";
+
+      env_file = [secrets.forgejo-db.path];
+
+      volumes = ["${rwPath}/db:/var/lib/postgresql/data"];
+    };
+  };
+}
diff --git a/flake.lock b/flake.lock
index bc8aa7d..074651b 100644
--- a/flake.lock
+++ b/flake.lock
@@ -914,11 +914,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1703950681,
-        "narHash": "sha256-veU5bE4eLOmi7aOzhE7LfZXcSOONRMay0BKv01WHojo=",
+        "lastModified": 1704290814,
+        "narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "0aad9113182747452dbfc68b93c86e168811fa6c",
+        "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421",
         "type": "github"
       },
       "original": {
@@ -1309,11 +1309,11 @@
         "sops-nix": "sops-nix"
       },
       "locked": {
-        "lastModified": 1704489655,
-        "narHash": "sha256-IdSc549wIwVKOk8QNn5F0JFyIT0Pe45zd6jC9kOWN7g=",
+        "lastModified": 1704604320,
+        "narHash": "sha256-tg8zrdwd4po2vaiGGm4mNmhnaEOWtbcAA05atam5LjM=",
         "ref": "refs/heads/main",
-        "rev": "a01a3508a5de7c50a226b3d028d74973b46649d6",
-        "revCount": 22,
+        "rev": "c9ed7f5dfe70d863e1f0553a9761b072c0a133b7",
+        "revCount": 25,
         "type": "git",
         "url": "ssh://git@git.nelim.org/matt1432/nixos-secrets"
       },
@@ -1331,11 +1331,11 @@
         "nixpkgs-stable": "nixpkgs-stable"
       },
       "locked": {
-        "lastModified": 1703991717,
-        "narHash": "sha256-XfBg2dmDJXPQEB8EdNBnzybvnhswaiAkUeeDj7fa/hQ=",
+        "lastModified": 1704596510,
+        "narHash": "sha256-tupdwwg1WeX2hNMOQrvtyafTaTVty0QC/gQp7yaYJic=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "cfdbaf68d00bc2f9e071f17ae77be4b27ff72fa6",
+        "rev": "f5fbcc0f50e7fc60c4f806fa7a09abccf0826d8a",
         "type": "github"
       },
       "original": {