diff --git a/capytal/forgejo.nix b/capytal/forgejo.nix
index 4bdc796..6e97ab6 100644
--- a/capytal/forgejo.nix
+++ b/capytal/forgejo.nix
@@ -20,6 +20,12 @@ in {
         USER_DISABLED_FEATURES = "deletion manage_ssh_keys manage_gpg_keys";
         EXTERNAL_USER_DISABLED_FEATURES = "deletion manage_ssh_keys manage_gpg_keys";
       };
+      database = {
+        HOST = "127.0.0.1:${toString config.services.postgresql.settings.port}";
+        NAME = "forgejo";
+        USER = "forgejo";
+        SSL_MODE = "disable";
+      };
       repository = {
         DEFAULT_REPO_UNITS = initList [
           "repo.code"
@@ -57,6 +63,18 @@ in {
     };
   };
 
+  users.users."${cfg.user}".packages = [
+    (pkgs.symlinkJoin {
+      paths = [pkgs.forgejo];
+      buildInputs = [pkgs.makeWrapper];
+      postFixup = ''
+        wrapProgram $out/bin/gitea \
+          --add-flags --config '${cfg.customDir}/conf/app.ini'
+      '';
+      inherit (pkgs.forgejo) name pname meta;
+    })
+  ];
+
   services.anubis.instances."forgejo" = {
     settings = {
       BIND = ":${toString (cfg.settings.server.HTTP_PORT + 2)}";
diff --git a/common/postgresql.nix b/common/postgresql.nix
index bdf33cc..baf4312 100644
--- a/common/postgresql.nix
+++ b/common/postgresql.nix
@@ -18,9 +18,14 @@ in {
     '';
     enable = true;
     ensureDatabases = [
+      "forgejo"
       "nextcloud"
     ];
     ensureUsers = [
+      {
+        name = "forgejo";
+        ensureDBOwnership = true;
+      }
       {
         name = "nextcloud";
         ensureDBOwnership = true;