diff --git a/hosts/chunk/Caddyfile b/hosts/chunk/Caddyfile
index a42032c..d2ba708 100644
--- a/hosts/chunk/Caddyfile
+++ b/hosts/chunk/Caddyfile
@@ -11,9 +11,14 @@
   header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
 }
 
-git.cy7.sh, git.cything.io {
+git.cything.io {
   import common
-  reverse_proxy unix//run/gitlab/gitlab-workhorse.socket
+  redir https://git.cy7.sh{uri} permanent
+}
+
+git.cy7.sh {
+  import common
+  reverse_proxy localhost:3000
 }
 
 rss.cything.io {
diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix
index 38fbaeb..563aa21 100644
--- a/hosts/chunk/default.nix
+++ b/hosts/chunk/default.nix
@@ -9,7 +9,6 @@
     ../common.nix
     ../zsh.nix
     ./hardware-configuration.nix
-    ./gitlab.nix
     ./backup.nix
     ./rclone.nix
     ./postgres.nix
@@ -25,6 +24,7 @@
     ./immich.nix
     ./element.nix
     ./attic.nix
+    ./forgejo.nix
   ];
 
   sops.age.keyFile = "/root/.config/sops/age/keys.txt";
@@ -59,26 +59,6 @@
     "miniflux/env" = {
       sopsFile = ../../secrets/services/miniflux.yaml;
     };
-    "gitlab/root" = {
-      sopsFile = ../../secrets/services/gitlab.yaml;
-      owner = config.users.users.git.name;
-    };
-    "gitlab/secret" = {
-      sopsFile = ../../secrets/services/gitlab.yaml;
-      owner = config.users.users.git.name;
-    };
-    "gitlab/jws" = {
-      sopsFile = ../../secrets/services/gitlab.yaml;
-      owner = config.users.users.git.name;
-    };
-    "gitlab/db" = {
-      sopsFile = ../../secrets/services/gitlab.yaml;
-      owner = config.users.users.git.name;
-    };
-    "gitlab/otp" = {
-      sopsFile = ../../secrets/services/gitlab.yaml;
-      owner = config.users.users.git.name;
-    };
     "rsyncnet/id_ed25519" = {
       sopsFile = ../../secrets/zh5061/chunk.yaml;
     };
@@ -157,6 +137,12 @@
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux"
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyn2+OoRN4nExti+vFQ1NHEZip0slAoCH9C5/FzvgZD yt@ytnix"
   ];
+  # for forgejo
+  users.users.git = {
+    isSystemUser = true;
+    group = "git";
+  };
+  users.groups.git = {};
 
   environment.systemPackages = with pkgs; [
     vim
diff --git a/hosts/chunk/forgejo.nix b/hosts/chunk/forgejo.nix
new file mode 100644
index 0000000..fd03e40
--- /dev/null
+++ b/hosts/chunk/forgejo.nix
@@ -0,0 +1,28 @@
+{...}:
+{
+  services.forgejo = {
+    enable = true;
+    user = "git";
+    group = "git";
+    settings = {
+      server = {
+        ROOT_URL = "https://git.cy7.sh";
+        HTTP_PORT = 3000;
+        HTTP_ADDR = "127.0.0.1";
+        DOMAIN = "git.cy7.sh";
+      };
+      session.COOKIE_SECURE = true;
+      service.DISABLE_REGISTRATION = true;
+      ui = {
+        AMBIGUOUS_UNICODE_DETECTION = false;
+        DEFAULT_THEME = "gitea-dark";
+      };
+    };
+    database = {
+      type = "postgres";
+      socket = "/run/postgresql";
+      user = "git";
+      name = "git";
+    };
+  };
+}