diff --git a/hosts/git/configuration.nix b/hosts/git/configuration.nix
index b07d77d..2882855 100644
--- a/hosts/git/configuration.nix
+++ b/hosts/git/configuration.nix
@@ -47,20 +47,6 @@
       ];
       extraGroups = ["wheel"];
     };
-    git = {
-      # createHome = true;
-      # isSystemUser = lib.mkForce false;
-      isNormalUser = true;
-      # shell = "${pkgs.git}/bin/git-shell";
-      openssh.authorizedKeys.keys = [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE7uSjbOgWMdaEzRGlEKM7kvT7q6jnAEZPQELAH6WAEM"
-      ];
-      group = "git";
-    };
-  };
-
-  users.groups = {
-    git = {};
   };
 
   services.openssh = {
@@ -120,40 +106,129 @@
   environment.systemPackages = with pkgs; [ 
     vim 
     htop
+    postgresql 
+    unzip
   ];
 
-  services.cgit."git.rs.ht" = {
-    enable = true;
-    # mirrors = {
-    #   dotfiles = { owner = "thedroneely"; url = "https://github.com/tdro/dotfiles.git"; };
-    #   "thedroneely.com" = { owner = "thedroneely"; url = "https://github.com/tdro/thedroneely.com"; };
-    # clones = {
-    #   cgit = { owner = "thedroneely"; url = "https://git.zx2c4.com/cgit"; };
-    # };
-    scanPath = "${config.services.gitolite.dataDir}/repositories";
-    extraConfig = ''
-      robots=noindex
-    '';
-    # user = "git";
-    # group = "git";
+  # Git
+  services = {
+    gitea = rec {
+      enable = true;
+      appName = "git.rs.ht";
+      domain = "git.rs.ht";
+      rootUrl = "https://${domain}/";
+      httpPort = 3003;
+      package = pkgs.unstable.gitea;
+
+      database.type = "postgres";
+
+      repositoryRoot = "/var/lib/gitea/repositories";
+
+      lfs.enable = true;
+
+      dump = {
+        # Is a nice feature once we have a dedicated backup storage.
+        # For now it is disabled, since it delays `nixos-rebuild switch`.
+        enable = false;
+        backupDir = "/var/lib/gitea/dump";
+      };
+
+      settings = {
+        actions = {
+          ENABLED = true;
+        };
+        cors = {
+          ALLOW_DOMAIN = config.services.gitea.domain;
+          ENABLED = true;
+          SCHEME = "https";
+        };
+        cron.ENABLED = true;
+        "cron.delete_generated_repository_avatars".ENABLED = true;
+        "cron.delete_old_actions".ENABLED = true;
+        "cron.delete_old_system_notices".ENABLED = true;
+        "cron.repo_health_check".TIMEOUT = "300s";
+        "cron.resync_all_sshkeys" = {
+          ENABLED = true;
+          RUN_AT_START = true;
+        };
+        database.LOG_SQL = false;
+        indexer.REPO_INDEXER_ENABLED = true;
+        log = {
+          LEVEL = "Info";
+          DISABLE_ROUTER_LOG = true;
+        };
+        mailer = {
+          ENABLED = false;
+          FROM = "git@rs.ht";
+          MAILER_TYPE = "sendmail";
+          SENDMAIL_PATH = "/run/wrappers/bin/sendmail";
+          SENDMAIL_ARGS = "--";
+        };
+        other.SHOW_FOOTER_VERSION = false;
+        picture = {
+          # this also disables libravatar
+          DISABLE_GRAVATAR = false;
+          ENABLE_FEDERATED_AVATAR = true;
+          GRAVATAR_SOURCE = "libravatar";
+          REPOSITORY_AVATAR_FALLBACK = "random";
+        };
+        server = {
+          ENABLE_GZIP = true;
+          SSH_AUTHORIZED_KEYS_BACKUP = false;
+          SSH_DOMAIN = domain;
+          START_SSH_SERVER = giteaSshPort != 22;
+          SSH_PORT = giteaSshPort;
+        };
+        service = {
+          DISABLE_REGISTRATION = true;
+          NO_REPLY_ADDRESS = "no-reply@rs.ht";
+          REGISTER_EMAIL_CONFIRM = true;
+          ENABLE_NOTIFY_MAIL = true;
+        };
+        session = {
+          COOKIE_SECURE = lib.mkForce true;
+          PROVIDER = "db";
+          SAME_SITE = "strict";
+        };
+        "ssh.minimum_key_sizes" = {
+          ECDSA = -1;
+          RSA = 4095;
+        };
+        time.DEFAULT_UI_LOCATION = config.time.timeZone;
+        ui = {
+          DEFAULT_THEME = "arc-green";
+          EXPLORE_PAGING_NUM = 25;
+          FEED_PAGING_NUM = 50;
+          ISSUE_PAGING_NUM = 25;
+        };
+      };
+    };
+
+    nginx = {
+      enable = true;
+      virtualHosts."git.rs.ht" = {
+        forceSSL = true;
+        enableACME = true;
+        locations."/".proxyPass = "http://localhost:${toString config.services.gitea.httpPort}";
+      };
+    };
+
+    openssh = {
+      enable = true;
+      extraConfig = ''
+        Match User gitea
+          AllowAgentForwarding no
+          AllowTcpForwarding no
+          PermitTTY no
+          X11Forwarding no
+      '';
+    };
+
+    postgresql = {
+      package = pkgs.postgresql_15;
+      upgrade.stopServices = [ "gitea" ];
+    };
   };
-
-  services.gitolite = {
-    enable = true;
-    adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE7uSjbOgWMdaEzRGlEKM7kvT7q6jnAEZPQELAH6WAEM";
-    # user = "git";
-    # group = "git";    
-  };
-
-  services.nginx.virtualHosts."git.rs.ht" = {
-    forceSSL = true;
-    enableACME = true;
-  };
-
-  security.acme = {
-    acceptTerms = true;
-    defaults.email = "rs@rs.ht";
-  }; 
-
+  
   system.stateVersion = "24.05";
 }