diff --git a/nixos/boxes/cupsnet/default.nix b/nixos/boxes/cupsnet/default.nix
index 02209f6c..c0d2730c 100644
--- a/nixos/boxes/cupsnet/default.nix
+++ b/nixos/boxes/cupsnet/default.nix
@@ -1,10 +1,4 @@
-{
-  config,
-  pkgs,
-  inputs,
-  lib,
-  ...
-}: {
+{ config, pkgs, inputs, lib, ... }: {
   imports = [
     "${inputs.nixpkgs-stable}/nixos/modules/profiles/qemu-guest.nix"
     ../cli.nix
@@ -13,7 +7,7 @@
     ./cryptpad.nix
     ./disks.nix
     ./foundryvtt.nix
-    ./gitea.nix
+    ./forgejo.nix
     ./mastodon.nix
     ./rss.nix
     ./ssh.nix
diff --git a/nixos/boxes/cupsnet/forgejo.nix b/nixos/boxes/cupsnet/forgejo.nix
new file mode 100644
index 00000000..9275a189
--- /dev/null
+++ b/nixos/boxes/cupsnet/forgejo.nix
@@ -0,0 +1,103 @@
+{ config, pkgs, inputs, lib, system, ... }:
+let
+  unstable = inputs.nixpkgs-nixos-unstable;
+  package = unstable.legacyPackages."${system}".forgejo;
+  httpPort = 8083;
+  sshPort = 22;
+  domain = "git.cyplo.dev";
+  emailDomain = "peninsula.industries";
+  baseurl = "https://${domain}";
+  mailgunSmtpSecretName = "forgejo-mailgun-smtp-password";
+  mailgunSmtpPasswordPath = "/run/secrets/${mailgunSmtpSecretName}";
+  uid = 2051;
+  gid = 3051;
+  systemUserName = "forgejo";
+  systemGroupName = "forgejo";
+  users = {
+    users."${systemUserName}" = {
+      inherit uid;
+      isSystemUser = true;
+      isNormalUser = false;
+      group = systemGroupName;
+    };
+    groups."${systemGroupName}" = {
+      inherit gid;
+      members = [ "${systemUserName}" "nginx" ];
+    };
+  };
+in {
+  imports =
+    [ ../nginx.nix "${unstable}/nixos/modules/services/misc/forgejo.nix" ];
+  disabledModules = [ "services/misc/forgejo.nix" ];
+
+  inherit users;
+
+  boot.kernel.sysctl = { "net.ipv4.ip_unprivileged_port_start" = 0; };
+  systemd.services.systemd-sysctl.enable = lib.mkForce true;
+
+  networking.firewall.allowedTCPPorts = [ sshPort ];
+  services.nginx = {
+    virtualHosts = {
+      "${domain}" = {
+        forceSSL = true;
+        enableACME = true;
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:" + toString httpPort;
+        };
+      };
+    };
+  };
+
+  sops.secrets."${mailgunSmtpSecretName}" = {
+    sopsFile = ./mailgun.sops.yaml;
+    path = mailgunSmtpPasswordPath;
+    owner = systemUserName;
+    group = systemGroupName;
+  };
+
+  services.forgejo = {
+    enable = true;
+    inherit package;
+    user = systemUserName;
+    mailerPasswordFile = mailgunSmtpPasswordPath;
+    lfs.enable = true;
+    database.type = "sqlite3";
+    settings = {
+      service.DISABLE_REGISTRATION = true;
+      security.INSTALL_LOCK = true;
+      oauth2.ENABLE = false;
+      log.LEVEL = "Info";
+      actions.ENABLED = true;
+      "git.timeout" = {
+        DEFAULT = 600;
+        MIGRATE = 3600;
+        MIRROR = 3600;
+        CLONE = 600;
+        PULL = 600;
+        GC = 600;
+      };
+      "cron".ENABLED = true;
+      "cron.git_gc_repos".ENABLED = true;
+      "cron.delete_old_actions".ENABLED = true;
+      "cron.delete_old_system_notices".ENABLED = true;
+      "cron.gc_lfs".ENABLED = true;
+      server = {
+        ROOT_URL = baseurl;
+        DOMAIN = domain;
+        START_SSH_SERVER = true;
+        SSH_PORT = sshPort;
+        HTTP_PORT = httpPort;
+        SSH_LISTEN_PORT = sshPort;
+        DISABLE_SSH = false;
+      };
+      mailer = {
+        ENABLED = true;
+        FROM = "git.cyplo.dev <forgejo@${emailDomain}>";
+        PROTOCOL = "smtps";
+        SMTP_ADDR = "smtp.eu.mailgun.org";
+        SMTP_PORT = 465;
+        USER = "postmaster@${emailDomain}";
+      };
+    };
+  };
+}
diff --git a/nixos/boxes/cupsnet/gitea.nix b/nixos/boxes/cupsnet/gitea.nix
deleted file mode 100644
index 16318ee9..00000000
--- a/nixos/boxes/cupsnet/gitea.nix
+++ /dev/null
@@ -1,148 +0,0 @@
-{
-  config,
-  pkgs,
-  inputs,
-  lib,
-  system,
-  ...
-}: let
-  unstable = inputs.nixpkgs-nixos-unstable;
-  package = unstable.legacyPackages."${system}".forgejo;
-  httpPort = 8083;
-  sshPort = 22;
-  domain = "git.cyplo.dev";
-  emailDomain = "peninsula.industries";
-  baseurl = "https://${domain}";
-  path = "/var/lib/gitea";
-  mailgunSmtpSecretName = "gitea-mailgun-smtp-password";
-  mailgunSmtpPasswordPath = "/run/secrets/${mailgunSmtpSecretName}";
-  uid = 2051;
-  gid = 3051;
-  systemUserName = "gitea";
-  systemGroupName = "gitea";
-  users = {
-    users."${systemUserName}" = {
-      inherit uid;
-      isSystemUser = true;
-      isNormalUser = false;
-      group = systemGroupName;
-    };
-    groups."${systemGroupName}" = {
-      inherit gid;
-      members = ["${systemUserName}" "nginx"];
-    };
-  };
-in {
-  imports = [../nginx.nix];
-
-  inherit users;
-
-  boot.kernel.sysctl = {"net.ipv4.ip_unprivileged_port_start" = 0;};
-  systemd.services.systemd-sysctl.enable = lib.mkForce true;
-
-  networking.firewall.allowedTCPPorts = [sshPort];
-  services.nginx = {
-    virtualHosts = {
-      "${domain}" = {
-        forceSSL = true;
-        enableACME = true;
-        locations."/" = {
-          proxyPass = "http://127.0.0.1:" + toString httpPort;
-        };
-      };
-    };
-  };
-
-  sops.secrets."${mailgunSmtpSecretName}" = {
-    sopsFile = ./mailgun.sops.yaml;
-    path = mailgunSmtpPasswordPath;
-    owner = systemUserName;
-    group = systemGroupName;
-  };
-
-  containers.gitea = {
-    autoStart = true;
-    forwardPorts = [
-      {
-        inherit httpPort;
-        containerPort = httpPort;
-      }
-      {
-        containerPort = sshPort;
-        hostPort = sshPort;
-      }
-    ];
-    bindMounts = {
-      "${path}" = {
-        hostPath = "${path}";
-        isReadOnly = false;
-      };
-      "${mailgunSmtpPasswordPath}" = {
-        hostPath = "${mailgunSmtpPasswordPath}";
-        isReadOnly = true;
-      };
-    };
-    config = {
-      config,
-      pkgs,
-      lib,
-      ...
-    }: {
-      system.stateVersion = "23.11";
-      users =
-        users
-        // {
-          mutableUsers = false;
-          allowNoPasswordLogin = true;
-        };
-      disabledModules = ["services/misc/gitea.nix"];
-      imports = ["${unstable}/nixos/modules/services/misc/gitea.nix"];
-      services.forgejo = {
-        enable = true;
-        inherit package;
-        stateDir = path;
-        user = systemUserName;
-        mailerPasswordFile = mailgunSmtpPasswordPath;
-        lfs.enable = true;
-        database.type = "sqlite3";
-        settings = {
-          service.DISABLE_REGISTRATION = true;
-          security.INSTALL_LOCK = true;
-          oauth2.ENABLE = false;
-          log.LEVEL = "Info";
-          actions.ENABLED = true;
-          "git.timeout" = {
-            DEFAULT = 600;
-            MIGRATE = 3600;
-            MIRROR = 3600;
-            CLONE = 600;
-            PULL = 600;
-            GC = 600;
-          };
-          "cron".ENABLED = true;
-          "cron.git_gc_repos".ENABLED = true;
-          "cron.delete_old_actions".ENABLED = true;
-          "cron.delete_old_system_notices".ENABLED = true;
-          "cron.gc_lfs".ENABLED = true;
-          server = {
-            ROOT_URL = baseurl;
-            DOMAIN = domain;
-            START_SSH_SERVER = true;
-            SSH_PORT = sshPort;
-            HTTP_PORT = httpPort;
-            SSH_LISTEN_PORT = sshPort;
-            DISABLE_SSH = false;
-          };
-          mailer = {
-            ENABLED = true;
-            FROM = "git.cyplo.dev <gitea@${emailDomain}>";
-            PROTOCOL = "smtps";
-            SMTP_ADDR = "smtp.eu.mailgun.org";
-            SMTP_PORT = 465;
-            USER = "postmaster@${emailDomain}";
-          };
-        };
-      };
-    };
-  };
-}
diff --git a/nixos/boxes/cupsnet/mailgun.sops.yaml b/nixos/boxes/cupsnet/mailgun.sops.yaml
index a4030b62..8d37ee7d 100644
--- a/nixos/boxes/cupsnet/mailgun.sops.yaml
+++ b/nixos/boxes/cupsnet/mailgun.sops.yaml
@@ -1,4 +1,4 @@
-gitea-mailgun-smtp-password: ENC[AES256_GCM,data:dIfcxK5ZQGNqnOfTdVI7FzR9RgP3Ao/bk7XDZULHby58MJumhESELRCkHgKhOSqTAQE=,iv:xjtVQEILVl+XFel+thoS8OvF/fpFYSNtt5MTRUhgyrI=,tag:TJPBQG4xsbHrcdXCbDdejg==,type:str]
+forgejo-mailgun-smtp-password: ENC[AES256_GCM,data:bZfUTNOta/TuHpR1bsAHV8NFZSFgU1szzN9Ue/mzwMMGRqdh9ORUO8gIT+B3JMVEqNo=,iv:SVaMY2QK8lWGtLuUAXKWKxpfkRrvPBh3jhH9PFMFsuM=,tag:OwdGA0lieHTxe4GfDWqQXg==,type:str]
 mastodon-mailgun-smtp-password: ENC[AES256_GCM,data:h2SSa/053BBIo3Y03TB+1SW6C9DFighMVgY1jzGcUZLhiZ/jd2YbTYlq83Nbb5GBZAY=,iv:9BJuVSfOC48K69kDLUjr1oK3g0xSKAxlzDI/py3STt8=,tag:DTE2OemwbZ0U59wF/9NQjA==,type:str]
 sops:
     kms: []
@@ -96,8 +96,8 @@ sops:
             cHhHRGJIRDlsMEp2RzgxTWkyaWovbkEKnEzQrhYmdxjwa8bDGgVnHBoNXrdb8JDy
             EOkYPEiHlscMfsGnUhbujoLXEveIrLzukWgKcRNmS5fTyG4e2eP/cw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-01-01T16:13:02Z"
-    mac: ENC[AES256_GCM,data:YMQ2xiuiXoCAzuGGlm/KiEEjjZBHu7i+5Px2YibwSATBeEais9SZFqQx0qmIQw+VGdGAwVo8tQQ5Ikg5YJbHNEetanXbV1UJtMBBUb8m35lras+yXmeveOeKC/f46oa0DCPVuCDqkzEWOAk2NMZnfR5iuWBaZ6rvIhGnqlXodK8=,iv:UkTovxMi25Jfz8JzQE3W+Ar6w7ybBAJQG+9j6RWj/2M=,tag:RRSqNAv3OiMahG2oYZSJvA==,type:str]
+    lastmodified: "2024-03-16T11:03:13Z"
+    mac: ENC[AES256_GCM,data:XlpAHjvUnnz3NxZnNxlMGELsPjHL648fcs1mbP3KZQLthkLdERjT0BcuqKsY6X+s3CNEET18IKWGiBZPA+iFLAWAzHl+qNDm0WNZv05ECgz+BeNGH6e9FqqtSNIPmnSYfXqyHz/Psg1T5l+N6QK1dRl5PVeO8Bxs3G3H6iZgLOM=,iv:wswvHl6yK/BYW8zf53t18gYz5WNvULaRj2lyHVeuO2A=,tag:pJzh11seJQ64HCiIMhtzdQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.7.3
+    version: 3.8.1