diff --git a/flake.nix b/flake.nix
index 6acd2d1..7c34515 100644
--- a/flake.nix
+++ b/flake.nix
@@ -20,6 +20,7 @@
 
         ./devShells/flake-module.nix
         ./machines/flake-module.nix
+        ./modules/flake-module.nix
       ];
 
       systems = [
diff --git a/machines/crocus/configuration.nix b/machines/crocus/configuration.nix
index 49fcce0..6adc61e 100644
--- a/machines/crocus/configuration.nix
+++ b/machines/crocus/configuration.nix
@@ -13,6 +13,7 @@
     ../../modules/remote-builder.nix
     ../../modules/borgbackup.nix
     ./topology.nix
+    self.nixosModules.gitea
   ];
 
   nixpkgs.hostPlatform = "x86_64-linux";
diff --git a/modules/flake-module.nix b/modules/flake-module.nix
new file mode 100644
index 0000000..56fad3f
--- /dev/null
+++ b/modules/flake-module.nix
@@ -0,0 +1,7 @@
+{
+  flake.nixosModules = {
+    gitea.imports = [
+      ./gitea.nix
+    ];
+  };
+}
diff --git a/modules/gitea.nix b/modules/gitea.nix
new file mode 100644
index 0000000..41a0749
--- /dev/null
+++ b/modules/gitea.nix
@@ -0,0 +1,69 @@
+{ config, ... }:
+{
+  services.gitea = {
+    enable = true;
+    lfs.enable = true;
+
+    settings = {
+      # storage = {
+      # };
+
+      server = {
+        ROOT_URL = "https://git.turifer.dev";
+        DOMAIN = "git.turifer.dev";
+      };
+
+      session.PROVIDER = "db";
+      session.COOKIE_SECURE = true;
+
+      service.DISABLE_REGISTRATION = true;
+
+      # Create a repository by pushing to it
+      repository.ENABLE_PUSH_CREATE_USER = true;
+    };
+  };
+
+  systemd.services.gitea.serviceConfig = {
+    EnvironmentFile = config.clan.core.vars.generators.gitea-s3-storage.files.gitea-env.path;
+  };
+
+  systemd.services.gitea.environment = {
+    GITEA__storage__STORAGE_TYPE = "minio";
+    GITEA__storage__MINIO_ENDPOINT = "localhost:3900";
+    GITEA__storage__MINIO_BUCKET = "gitea";
+    GITEA__storage__MINIO_LOCATION = "garage";
+    GITEA__storage__MINIO_USE_SSL = "false";
+  };
+
+  clan.core.vars.generators.gitea-s3-storage = {
+    prompts.access-key-id = {
+      description = "s3 access key id";
+      type = "line";
+    };
+    prompts.access-key-secret = {
+      description = "s3 access key secret";
+      type = "hidden";
+    };
+    files.gitea-env = {
+      secret = true;
+    };
+    script = ''
+      printf %s "GITEA__storage__MINIO_ACCESS_KEY_ID=" >> $out/gitea-env
+      cat $prompts/access-key-id >> $out/gitea-env
+      printf "\n%s" "GITEA__storage__MINIO_SECRET_ACCESS_KEY=" >> $out/gitea-env
+      cat $prompts/access-key-secret >> $out/gitea-env
+    '';
+  };
+
+  services.nginx.virtualHosts."git.turifer.dev" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      proxyPass = "http://localhost:${builtins.toString (config.services.gitea.settings.server.HTTP_PORT)}";
+    };
+  };
+
+  security.acme.certs."git.turifer.dev" = {
+    email = "admin@turifer.dev";
+  };
+}