From 490a77b67e11f9d9858794b43d7e9847abdf629b Mon Sep 17 00:00:00 2001
From: prescientmoon <git@moonythm.dev>
Date: Sat, 11 May 2024 01:09:43 +0200
Subject: [PATCH] Add basic forgejo config

---
 README.md                                     |   1 +
 common/icons/forgejo.svg                      | Bin 0 -> 24218 bytes
 docs/ports.md                                 |   1 +
 .../nixos/common/optional/services/gitea.nix  |  28 -----
 hosts/nixos/lapetus/default.nix               |   1 +
 hosts/nixos/lapetus/secrets.example.yaml      |   1 +
 hosts/nixos/lapetus/secrets.yaml              |   5 +-
 hosts/nixos/lapetus/services/forgejo.nix      |  52 +++++++++
 hosts/nixos/lapetus/services/homer.nix        | 106 +++++++++---------
 hosts/nixos/lapetus/services/microbin.nix     |   4 +-
 hosts/nixos/tethys/default.nix                |   1 +
 modules/nixos/cloudflared.nix                 |  33 ++++--
 scripts/dns/dns.txt                           |   3 +-
 13 files changed, 143 insertions(+), 93 deletions(-)
 create mode 100644 common/icons/forgejo.svg
 delete mode 100644 hosts/nixos/common/optional/services/gitea.nix
 create mode 100644 hosts/nixos/lapetus/services/forgejo.nix

diff --git a/README.md b/README.md
index c3c279e..3ddaebc 100644
--- a/README.md
+++ b/README.md
@@ -111,6 +111,7 @@ Most services are served over [tailscale](https://tailscale.com/), using certifi
 
 - [Actual](https://actualbudget.org/) — budgeting tool.
 - [Commafeed](https://github.com/Athou/commafeed) — rss reader
+- [Forgejo](https://forgejo.org/) — git forge
 - [Grafana](https://github.com/grafana/grafana) — pretty dashboards
 - [Homer](https://github.com/bastienwirtz/homer) — server homepage
 - [Intray](https://github.com/NorfairKing/intray) — GTD capture tool.
diff --git a/common/icons/forgejo.svg b/common/icons/forgejo.svg
new file mode 100644
index 0000000000000000000000000000000000000000..c2a74ee271d336e60c56e52e6b42e8c2e5c4ae4f
GIT binary patch
literal 24218
zcmc%xc{r5sA3qGw!i;_2_kG`YvV~+U#YBi0*-K1hZNgZSeP6SDED>2EOT-{Vwooa>
z*vmRdQPO?Q==(gs`*{9)j{7+7<8yqjX0AD}^L%gT`+P62OM>O4i?mc+R3H$D7GYw9
z1c9Ie#Q!N^z@0fX%nSI3%=5g(c@U^6mHNbm9QZEaYJ#)?fx^T<pvV{y=ofG+@+$}w
zr~m?Opg<t4JP?Q-UG&0A8~6cs!|b9F=r8fV(wC1jL7?kR2&41XA)mIt1m|71DLdWU
z)l#lupb+`aRpH^mWNIXtBOxUqkVE#8g)xJ&be8on_$5r*$&!U-m?7<kFeBM{Nug4G
zeG1Y1e1@Bl7%~&lz)zZ+KZiJ}*$t|S@|!2-7bXryqgkIVJbx4Bxedt>L1fHaj$$;)
zs1QkfteAA(dfFHz(C_Wa3QcI4Vys6cQzF<H5E&Kf@~oasI=8njeLYFoGEUi!OgA#d
z^@Km^B(!aUa-eT0WyGHqy*691qmU7KmIk5jzw4wHIt&p)WK21#T=Gy>bBz!RWZ|Hm
zVXP)^mFegAWW^c_S>SktlF9g}Y3qV3M5rH#AfCMHvznm8Et1g*`%9of*Bu5Va)a=U
zD7N(99Ju?7OiunHqQr5gHx~2sSsk9~X{LyxY0{xr6na9~+Vfvq)Gh70h}}+UaRaA|
zAXcS#olz8<nh#$a;U!RsEPgvuLTzcw*RFNQIwBJ9MUn>Hzphn<9Aip>ToUl-QILsN
z?4mkJ$L-qn-gXfS{YgV&!PH(`tV!9X$YezZWy^e=D{53<RS-v@E>@)@{T_Brt182l
za){}ehQKG_DaCCgKwuYQpT?CyjfB%>1TsWwqz9ILU~dO0jk;l5o<d)KsHB%PY0@ql
zsBy%T$ndk)zU0aQJ>p5901I1Gd~kw=_rc`oJ~WPNkR<cpfiN~Y-w3~n3lc;6zoBr{
zU%8<dBw?>Ff*A4LtM&w;#R#;C7klg=n0Vd}8S~114br?HCHXToqj0hMPrbi)ic??|
z&6g*P1xYdt-qXmu|2jZ$fFAy&F1k0F<;cIi=rOG!QQukh9lknH3QYRz4x9ipB8d$j
zU$^ob5bYr8*(WFacVKW!loq<wTjaf?zd2p*eyP=KqPnG;LyE=(t{w9cLQ6-Cm>Qt%
zprevW{mwgQzdpv8-_Y|v;nKjVNR9hE(U3fe5>GPl&QXRSGLV+q0<R=zGF@9&%WotL
zPn6$LDp97Y%$EiPXcKm<k?dl9ha8)lZ+!D4h1PuEY~xuZV7G4BsY{!I4RGT^<BieB
zxQl&v`P8W@6WUOS4C|UzS1Nwt3B#P!nNPVqKZk~SJXuH&?dPNpV^Ur}$0<ykJeQ^X
z%&?h%lf{(UuNP2N#={}&C!y(yltnIF`O1%YHI)HrN}L&sv+l-6rXwA6jJMnSlIpeP
zMW**$u_OiWjtu4dT!6PRY0Ro9`KduQlun9P&m=8%|2Xee&`LWmhbz~{caH5Yy_1Z}
ze?MJ6uJ(lE=`hpTPJX(YDHOT;|DDM(%vpCFB~Eq1JKL|)!gv{pf8?Si&mAij+pw4|
zBAKwde8tBQJ15KkDdy$yUha{%F~=Dlo~z5&amtYnd#%!e7QEY^87JJN%hSk>GDHF!
zFf+<o*w0ivUR)b-e})4LwX=KA$k@1coM)PXYlv*ij|;;;qFLF{cz68h%y4rEu0s53
z6o-9eIfU!3mKn!vGKdT&f%gaY_{U;pO!+)qdA>9xp?=6sMRdjUw1MAMl`(lg#@*|`
zyQ4@&G|{P^H$(PY25@@lTwa{%mZ+A7gk$fGa?6Y(8eliCO7VLtKcK5`##E>JTvk<H
zCWD;`mGauLB;jhbCBIhI;t7r;OJqJu6oKS?C5d_PnpUjrboL7c4|CO?CyBobnQ@qS
z6R+kPXf8kQ*RV7T2XocIGpp*)UF2pN6{j-%3>1zo$Ci3?IXpc{r~CFqGgtDUDiK7t
zoUf)y`LB37`TVK}b&g0)$*Zs+@`6a0sxqa}Y#!A`q>~C&b|TRV4@*kyb*()dkod=g
z0>n)u$u1tCgswwKfOWaV4_sU=J3@dN5cjVW?IeUsPosLp?iK6@EwGOzW)>U)uT(R^
zP4U<D*s^bHlwn*EmK_buTQQP9R5Gw;1hbyu*P4((u_?S}wC-z3bL~M(QYRbysrf_!
z%!y<h_h8uMIIk-FS~2Ri2}&fL5odxjTJM?9;E7KBE8YrvB2ho-_wl%mi;RZ6wBNCk
ziOU@Omt2f1_E#oxm7UzgFqq|lTubx0vIBS!+!%Z=m@R3{!t}|5kN7eduAkg7zldyB
zsLOEzj`J3W1*@u&abQkj1Y7c>;VY||F-R`Dpl;f(34xi2N46O&C(9~96%XI)(_*6|
zqa*K2%+rZVZu=+E=lZvuuhwe^+=0Cm7c<A}_dG^!5hxi;_zc7$FD1(*w40j8mtljx
zKGFnPKt1%)=R7r>S%XKT?!fcGuu0e>$S&=4$F#uA2S8vIDy%8fv*|bKpmgGBj;B2O
z1OzSOdfM_E6xeDZ0I+MR4s_8l-(9o__NSHO7lLcBX<{}GA|wxbLm?y1L|G@K)YWXq
z?!3w~o4sVl6vyqbdr5MIgITU}SYjrZxPWN^Z_x+}hSornX{HEFoIjO9NKP8Nv0?8~
zXzQacwP&$+-p3RHVpGn+&0&K<@%pj%+n;qo$h#?uJXkj7cr7xrwx;fg-Lu3~2wenS
zg!G$VkZi=_ELie-LB7<vjjby~m-aZTg(=O+bSWP3cg+-fR~CHf7wvK*IwRy&sv)u`
zvl+qZ%l(gHT`ym;dN>LXzr@``W&7;OLQ3uQ#{#KK5MAijszR5&9Y)x3ke<c>FkaJx
z!*D50wg3r*vI9@}6{`_#qm{X>S0(+{RPMU(Q=q4C4V+7;;lw1)34G>LyruavH6HLh
z2Ju6KR2VD$mAH?jrjHCW#9A03SMp3&v{AwF-vX6i3HPa--ee$>#$`I>c9X&!bO|zl
zL&&t|D*j&GN<451B<S#6c2|HN`{8SkaK9pcUH8H>lQx9S&2JiyzEm&W#j~K)nXN{2
zOz{;8$)T(PNtbTWXol0yXkkDt3J<pX2I|y^o}mUQrovo(Lt~k82FgEZTO!S^oLKTK
zszEIDooo4!&mGkjaU2VriK2+7YEL?v=*BX16Eq*`oLguO;A%`vkPyE1z?>>~Z}XvE
zoOl2i))@p<)~!;Hg{1_1$RUo_aM3J0-{Q|>N#FJ1pjOF4Q&X2kZnb-cXZkP+UN1i9
zZ0lE<y#4ziaG2=A)Kn4quOuKPf&>IACP5<FNoeSIU!_Xr&QblkK3)yw7U%h}gl4+^
z(-+6eEa1r6`1nfXeSoTFu?XS9n|P%SR;n)X<W;DE3W0*ahq@4SIf!T5w|?s9H3afQ
zegBo=rWksrV;M9s^|F&Fp<W?bvqta71Rh28nbIex_m0!BX)C4jaOayhz}ESrdaMDE
zeg~4?0REl-z~~&7KF<3@RCygM$z!%cuWz$vd~RsbJFNR6VzyEQ;itWL#4`6vvdB=H
z`hlbSaoXwX8+$2!kPDYO<FSX>#d8zsJNr`K_T0!azDGP9^4>C0b%u+9qb-cWl1IY@
z&l!{!b7NhVTfhB`htUOo$OVLFs?$;JDUvSFd?cgr%BbQ)XtCO$$MN&Jrs8y*BPyQe
zc93*olTCXXEgwXR95_1N_B0+nb=A3o^`t0rJx)^#YP2jl^fQQo<$yDlTR%qI^=r_B
zh)Qn@sA-<nzO=~mBm{QE))-r3!X0SQo-~&PHh@Mz>fg*J?I~Pzszlx<%TTh_2BJrp
zaspj9*yonel-N`7xMJMjv~@G<J1X|}inMGD+0Q0SkyjsH)PXL!=?*clF&rhV8g6X#
z_LG-kMPYmV2YYWq>5jbPeqf<IfyCv{eHb6+0c%g$Yqu&g*1XA4&MV>Q=YAca+o&b%
z(0N7s(No^Lz&P*e0oPrP*g}dE@@iGanz?W`x$#kvPKUnLI*{DhWL?v^6;VoRSG6y>
zhZK#5l5r*QxC$XtTQZiJTtlYwXD;a9Gj0t`g319W#h-;G#cao-K1rIDgmK#qIu+KM
z$8eSp@n)d|0%~%OBZ*|b<F8LGmmd&S|2On@(W`rQqvb~Reelsr<S3JzdW@U|`hqdl
zYd*SG)7}pR(<djlmh62l!`Z>i=7v)Fxpuu@1}Dj}bCIjK2U&jWJH%nE42W#tB+A!^
zTjbE!tYnUD_M7j+-o{pQdBIQfuohorF9q&MP(P@sV@p;3D12!x2nF;0`?TDej@(x<
zW~V5tT@~t}nRa38E2_2)I7X4~*Own7#}Y9G+6$tM9SJ7)|BD9Chrb)EId=9IhX}r#
z<D6x+TZyby2mGqF=Bg``tKDebcq-*J-HPr)w{gnc#`gj*7(Y(f(`grDEqK3q)wTg6
zvrd-w$m1GQ0wNohZv|F{YkbYSO`#*@OV7l48%zwJr9%0vC+6&iRB=vKf`<;^{96<{
zQ+e17cW^qn5z=&B@5=C=kSFwSVl5x?@5o+^;P>iwcR_XMUqG;0!Q#}v`7wLI(GdTr
zN-*19=;b6sm_TD>-mm+v)bMLBR}H^rWL(u11EpeD4W$al?0hJ6CJV5iA<;ZufDu%d
z1K})NQ*o_i_y<>M=JXMd>wv)zPC{+>r6!B_AxpANfa5Sd4@7u#-m8pwx9PMI-(<$`
zcYQC#Wc75n<Eb8mO?c{yWH*Gc=t&*PLY(1G%#BQAt_myksCxrJ2(X5Y7Z3!BBp%CR
zh0P6-4_T1i_vdwl0n#7J@WUY=pq=?~SsKu!Qd`(#%x_1*Oxdf**z8ovBFN`k$7xKr
z0))S2mwnSsaL@;0RBOo(b<LbCn;l87ZEy_C=}fm0HG0)~55H;$vlV9kU`;C`Hv$fi
zY_wJJtML{>Fe<~_gcW7hsv5)h71jB@WYRmJ6cB6H)~$D(U4=Z&lsrCM$bnJ1AoUnN
zi}8!@DCzqa&45ZW!g$4Ag>@Ta&j~<#ShJ=?8gm8n=8P}xyy5ja%mJK%^{>roGMG})
zo5(BXhEHB2JRS*tH(~R4SW^HjT+;p^NBQGJ?GNB(3&SUNaL)6oJbAxlM>`<@A-9Y(
zte@;FCRnX>OzaEVbhZ5wtMe`XyTMtI09m4X0Ibavu%{CpJ$y&6u>>IAkHX=2>4C3S
zkqqWlQ}h7cb6~^>5T|PvLxLCk*N_D~?qpy5-C(VX6E};4s{!V$=l2!!C%_-le>D6x
z{diy{{B<dm0YX@$@!42XnBI*9GL;%f_Ro~o1H+C+c=2Mh3hPhempmd|zeXXtXq5=t
zSvUi@10cm!Nn+soG#`QYnNCCMES_Wu-t|@syeZb&jDwIy`~e8zH04%jQohrP%?cC`
z?EZq_J||v0sDNkYl&ly_X$PqN_0!;<QXx1(WFI`8rsQ%9pE*bngDG&%3JH_D)f3%E
z#i=y^W2GX&6Y`J-Z<GA}0gZR`>^+O2dp<D6V~mHI#^ua%(y)%##l5XGD{^=SU?$JY
zPAe>~A<(Dhu%O}B@9Qb1?N>?x>DTN6(YViLY)_P5f4Y)1+IL+x@7H=qQ?V@8&%-No
zU4xidZTzO*`nF{Z{|S0tCFuTXoMyFlkifM-);c!%V}3V{IE~+%q5LgF)}Nqz1#u!m
z&WV{diWCnrIiMId*X4)?VR?Y=?#^*@7y13q7lL+f=d^f3hZS`;=_`hsIgL_kBf*@X
zwjl4c@q$1oUD4gqUOXUY<O>f{phYz3oF@e3xNUUAf4H^y+if?$eT_hUH4H@5%=dsq
z<=GrMV4ylJf?HDXFR!@gfrEZi@iHYwFuL$mJs1P*sl$QTKoRmCvLC9n2tTc0iW9L*
zE)C|7gcB!v9LZxwlSA-q!S{f1*)K3Yl%FBGD5)B=R<Zr{Bgxj`*P8xtNQ98Ivv$N&
zHlbkBaa@zd{=SUN7c!V1SK&LG2|f`m9)Dk>d$D)~ji12za`LWs8bUX}d?A`w0re(3
z2jsK)3U8HQ4SX<TIj1Ej4Vc(PAUI>2zA5Z?HlTFVyDm>XL7VyDB!CSaHjO-~orj){
zSDuWgKW^rR9&w}fbL3gA58%Q6L@MzQ4FvpI(_I1oK$%pAgWmDix=OX=HgC#G5BlwX
zazjztv5$IZo~XB%l9*JSIE?|4a@!o=tr43k6*hi-LIe^4Z=E=K0P|>fsPzkyMdULP
z<E1wi21x!F59!9~Y#Xbh9uDOgg)ho`o>uC^J7c8nd|0GZZS^Z;vQxtbnU7)-CL69L
z6$OJD`Q=hepEY9X!DBh8AKIt)%esM$nU%e-82i>}2O3uxR}p?!#|9&M66MJp>{K*5
zzjBm5(f@LhW^dVr>jPH|z<yXz`cokB1*2@I)2v~)$*MBf;VxQ<BjJ~{f%tLlFQX<a
z2cFP1t^{ieXwSP!%<zzxM}{ngf*FAXTO|AC1EcVZDT)0m9=VH{BQ=O8bH3MJ$QAZD
zShp838{Ie^2!hzqtZPB|m1q%^2OI=xl!q7oSoa)#aqkXG9z_w&4A<`}VPQ+|D#Zz6
zc0co{_BBiRr4^aXw5+d`@}uOw!v6Ho4m}`^*EubGr<{Qk#GOmPfU1?3d^=QCtOwsf
zfv2*%_U}-o*P0t3$-}TXZ7LZ70tB0zPzQ4oMGB-rTenU==De08`vJNsaNXHWzJHYP
zKq0w@B!U;Vy5o2d)n_=3A}s>RK30Z>8r-ol-B1pP8<{#B1F@7O`q8Rk#>`7<iggEF
zB8e|=0jWaunmSHmI!z?7|H{@%upaULb%(v^@pw5=#KsF;Tc5QSDM7f-_Lv}ue<LP{
z*r@UdLLVCb`4}u}6Mjsr`Wy%}#(JA%ya;AobX`=cSEc}rEO7h99k#;hUcJb-RlqZA
z<^*unoof1$T0I+Xto5Q+`_z6J)pM8~oeX&nv)!ewli|0fSk;xUp#4V+k&&-qrIr7+
zDqW;ar{2pAH!U{72jtKbXZ<r`HNk=}7b}ao2GfQTtAjk$e-9hx>^SP{8in2l1iu>Q
zxrBG!VKU9a*(@UYR45Mr){ECDy&3wpg<wsE6c)yf)bWN;dBN5gL-KgW7TL9LsXQ9m
zB-RrSuw_+cF?MF~-y~}V^#19)n+F8?vB2JlPKh?V*8uN?V#C@St;NDVCA%{Z-PTzk
z>%Pro`anJoCZ_^q-$0ot+e>4i6;s`_HimO0JH51`tJOZSkoRLU<s@<dLpHmhVC_NQ
zl#!Tpeig8CYwzY>L{~IVFxaN5O!rw1?hDRh<v1X3Tu4~*?cO~Y{0b^(s9~f!ng<TV
zb~8l7YWX(&1}F^`ci_f>y2vdde<+%|_UK|BV&3G}SB>Jn%MUQ)BGy&;3-o;|-7XAL
z;=t)Cg(x<Y;g>2S$64TP%CHxc%1c`IRbl&1rSBDHCJH!5f&p@NfpG>!qcvpV-b@>n
zo{<YyDC4|w$7PA>Jq%Et12$KwcXdgNCH^+wPvVyN<W^bS21*6;Q$wAC5Zoc|E?4_p
zYKrJu`>7PcFw;^`^PCDn+0~K>s9|J%N0{!hlTXX=Z(zkKPBPT$DSF&$?ud-0IO1;1
z1Id)a%wveUa&ifGOh&Vrsc8^6-#{nbTdYiO15_{UZ`Gb;KbTHf{!P<biR(Y|$^A7R
zK!YzO1mtiN%T#JQnl+yAht9e4BPuPFx3CKg$G{Wf$>sm09JGNWps@Tn)4EtleEc_U
z9~RS$B1V&hQ`X)IVznzbGGMsb!3*_pwH!i!06PU^dPQd7AJUp-_)XX9B_-3BSac0m
zv@$1+Wkd+quc9sT5QTRt@OcgEN~jD(wUHbZZMdKD@QUGAq>{Lh15?Lqk?$}z#*WCK
zs#s}n#T08z>RHy19;@nLcE;1uOPFDSENh@nF)Sl+DrWun0}`TlLxMe)`Xh=*Qs>8I
zSB`g|sgo3G4=07K59-mBw~~pe`SrrcqTWtP^y8t&T2INtK_?<Ajq@5xXu4`oTYNa`
z;<Tl@4xERH%kBoT0I>1t6|puv;)?68THFDh@E!Sk;X{{S&*DplbytqL8y|UBCpv-W
zS-JB3SWLARqC`az(hDsZio6Rex67~zIjKHWJ$On8Kj>;++zS+|W=adD`o{PjV*yda
zqE{0Bqfl6(vBygjytMgpa2ZgQnV|L)AKC^=pOeOQV*W<$N%2Vr*?p`GlA0Hn$#YV-
z#+9+RUMq{4FSq5;|GAPk4kb$gUoDKA$4NmhUemR{v#utb#-#AO&Qlxx7~wWG&63Ad
zb?!7QGvJj7ozT!zoXNE1W7ZW7DaVm$<1*7_VAJd*3|RY<jjJb&eiPU?{8ZhH@wx)k
zX~hU~s3vcU5Xz9YRbts$r#S`z?Ar(Cp)?u_j)Nag@=9Mg8dNE!O3g!M6q3#FQE6za
zOnR|AnLWs7G+AYy@SwgH3Ync(d8W968=zULUA%EE*-+<Gg6<f_rw*{jXBDOO@K48<
zN1|rQ2HB&m3^hg9j&fFom7T=)dna-0fN>`SCOJL$J8~i4IHy3o$5VO!*0H73xT~>1
z_P1-u35Q4zRGN3isrhgClYE}=asPhH;c-D?y0IWmuxVJAY~aK0DkRr*3tk53e<>>v
zL6)MLV0}xF(4mkFE4M6pWLAZiNw38&R;6pzCKPeWEz=WAt`+kZ9AbNX{wME5klUdU
ze%k50+bkOg0V8fd#L&E!x43E)*^f-T@SNqApMV;vHJy#QYK--7ZgM)Jr;2$Kl0iqe
z?MP|0dJ9C?gpqi@E+d@w%eJWRt<k9)(>ER`{EeU$GZ!h|!7`;suDZr<T#e7Yt&41o
z#%Xeoqrk+7!Z(Pkdi^}A$h%@(OQ?h<_s%1$>aFzxpz>J{n|J48U8d7Ia%=BPwHN_n
zu9nQG<=%M8D_=z+Lt$^SnF719I2JKxP5#+FBc@Fop@kdba&%WDIpT?d%{k8Mbt_bz
zcg2YIJ`b<lx@Nhh(1gz67U+cL=z+J0FI$ju=s3-^y&DH${8E2JP)f{{j<=X<w4&z`
z()_fx&qfri!57>hXmDe#ch;9?vTly5JLSZxc#WUj2~aJP=ED9l7gnvmA$kbZqKwNP
zYO>$Q3f8SR8=dkij2iv=qJ@Wi(vSywJjA9$&92<9D;f!}RmIY|)~9ir;n{Yq_bwH@
z8ecgA6P%AsPfydt(X`tqdi+YcG6Kj2=dX#i{9`!Xs`NPUYW$*7w+Dmiz>YQ$+H}K;
zycoZgD;wi4<09g{M-_?PpTiI2r&o;X6%ts?Mex#PSbok}WLrQ<FPKGxU1PB0Jc5Pd
zv&o7>8P<3?4VXS++zxuE0xq{GUwSjNZU|)uhQBPo>>@8z0v3ZBnpezyio8Wx#0~@{
z#Kw<xN@9nzP6H+s|9ui?V_Y^`)Vc8yi~DFK1{Jn&%gkZQH(v21HU@}Yq>)g@9%c?d
zrtEVuWaAXmUJ6w1`=C6We(RDU*(E`L7E5=jzev!I2%6R~pHt2)I^Begp{9#{M>0ut
zzk102!tZAj7?VfqEy^FG>2xpP$xsb67Zv&2b9ijy%<R7w3)<^ftT@(f9;*)6IzADC
zr}@RaIl`Vd@k580SH<CC#seJLMqUTtl5wMxxR*QN400pW`GJn3ls}$WaFtd1>T)L_
zO>YJyJ6-P5$m=G+tIUIGOnW^78IIwazCshc=Ie|-zlDKi+?>-Mqjl5e3ym%mvqo@L
z?S)3Cg`s!O70P<KYNrDwSO^>pmBy#eo4ToCe^Y!mV-1cqv)g=N3NWN3hXWd!H=RJO
zD#@nY+TjzIiWsVp3N$rj@iXikeO!a-%c#=&gU50E^%*S;UNA185lKHaxP=y#P00hK
zD0L8ZE?=HmV?jh}+z>~M>XQvN`U6(1pV+^0vTjl*4-y}e5Gs%Sg1sHd_}%wi1+5*d
z3nH_1Vy}+^YZkk4UXIUS;iUvjqjJ6PMV@Emb&K-<WJ+;@-965xuRFf0#HG86G^#3O
z;RO82g!=#f(YxWkZeA4&;f`cwv122)Tmd#D&#{jUW3q6&7XSTMSNhPfUp}NyLIkmK
z?;YToTBa^5#XOuc#V#900|8>iX@)YSMrFx<3(_?qBK1TeT+Mu)FFH*Gpuwh?P7G=T
zvr??51PlU($N+3`Ac46WqU+7Xx~!<?`cTm%gUIzXI;BtD+2$cD%aI9C;V>3N0Q!4k
zjvbD(WTYay1ngH7ONI!bn};lyT`%IjGOH;TD5u-safl#*ZJb?OaCuSssdTR)?q|~Z
z45H;W-Pm(2E>TK&<zR+?1vCJy&er+hHc#C(Ai%V%?80@KGg<^_FV{RHKYhc%wEF@u
z@j(I7x?Xo6Q0%gW&|5aERqhee65a|$KcNnsMp5Lt%;CMJXY5tF_@8^rz_c9<lsUQ1
zCR-Y4<|O0sWJ-7*1u0QK<5;W3pQW+#yvTcYVqf~-JtMy!(>mNE74-A-B+{nd>U856
zAVYaZLbnAbDnM@mc>}C{Yb>UR^wS6>Y^U+Zev?t4Ajz;mtYbbr+gx5LlK*U7Nu4j{
z#bvm+V(I!=zZf&STMQ&=sc_Q!c+ezB^V2s&dz8+e{RC7b5||S(y5^PtWZI%RMZx50
z?1gu7C26hF6iAwI4(38u`#9@=w=Sa(g|XqpAb{p<=KbSTH*a{i>)F?tgvUx8A&(Iv
zBl3pO2@aAhB=5uad{NcsMU1&M!%=7BT8NKzXgiJ={G0d6_sw<64DpH7WRl*p#&>{L
z2IyYC(T&d>a_ipz8-?AAOB29S)0_=*O7Eu;RP>1T{`@~`nj=Ln;4j9J)MxtCZo&j}
zDlA#-PX13Vk}o0g;9dbHMK)TXuO5BIW$r|T$OU+M?Z1_S*wWnE6;&Evo!L|k>x2gb
zx)dSeqR>9daHfm*;~J>O^I2aG>XzvKQRdJ)*T5u*&ZjRiBO3CQynnTz2#N)B<VZBb
zEJ|z}r@==Z2Ck6#f77x}+_;Cjmnrd6AN^GDO!E!VigA`f<WG)Xp6!NbrQ;MMJM(Bs
z`7`AXL;gEe=m(l`fIZkR%G#~kloo8B*?Csj9jSM?a51Z^^zmjP!)I%J`ziDr&p!D^
z8l8By!ZUyCkl!}PUv83-bXP|Jf8W10OvR^iW{YY@w)!JmtqPf4|JLtgP21o9Ax$zh
zwO3a-X|`@Kxd(PKlE{7LBG3u#6&P8|pTsepNx|I^6>KO`{`&rz0!F6DLb3$24wC?Z
z5WRr=$d0k4F*&hg3Ah%sF7n!<t4++Q+-FvDj*2bqS;8n4aDc~%AiiC_O*R#QCa);^
z`1>$GvR^1h+{K7GsX8hhY;1YLX&EU9h6SHqR)@Y1JdL>K-w5`C=UlXNid^MwJOSD9
z5pubRj(>k(*G&!Ds+#aD-<1sc;tTmZVHf#QIov!rC{=-K_GQNrZ57z&ubjx=XHCK7
z@qZ6`qL-fXLa`oRx1!i1V{uUw)ByxHKCbotE6jqs4@f5!tn-)ERhv;&GD#f|{dZo~
z<aF?PuEff67{@E_tR!6ph7hy$iJlQtIu2Udu}R0s4xAzG{`1L|hY2%!C-{Qz6V!`t
zDT3%sMApDHu34e)#~34I$s<ESb^1Z@MM(U`kaG%kQED!#3e@fN?N4ERt!XCr`&k*j
zEd*lJ4J90Y5R2&h+H}HHXt$X1!o@$h*HrUGvRZGZ({aHCi`gFSvVF4T?SV9PcV7W0
z73*v1+t-<89DeBj6|{M9(d7uFL6?^%pOb=>{4#S}xQM36k^ERJL;&}W8~^DJ;mN%y
zKv`k(3VjSCRc|ROR$fp)X^VEHLUR$YEV(J_EM-(0GJP)5i;t7h(&*!5bRvDT8Q?pE
z$zK&lj+Eo!6qO<c&~vuE2{?Q5*>^@D4jz06{^)IE1!cXQem_UZd#{T6J;Ru(o@AA%
zXZ9#Eq`yk<kyv{TRWWqDf4@ob9B6$7UnACD#yRgI0;q7~g%?;dQ(KdbGuqmz*+pOZ
z#8z0F<})SFvUZunK@I(dqkGIJ<&0wE67#L1fQ`MBECEZVUMRx`xu%T>8`N`((ZsD$
z^w6P8Yrc>4g6nx{FRL5AykG=uA-1%YvGA@xrc$nZdGG_F(bA(>|LpM{#;WAFK`{+c
zt##m(nz|+TO1zm<VOC_spY56#1@iCBxSuNh<%}LivqMI|X2Nkc7KF43qGfzrfc-kT
zc>JjZAX+}T(M;Kqcd-G-!Te1ROt*zGUa8Vl7%>8b`^*>Qz-{ocendA??y$*Tp@OrU
z9bYq^x><ussfk-N&ilneqeKTBadlFS$%0w3zboSe4j*}FV5mbx`qa^Vg%pf&WJgz}
zRaARJn1Rm2$l5y`Ynnf0odQ|ScaQ!Y3kBJ}1?+tbk@O#AJ6=&GWAQG7K&+o7YnWW>
zlf#L%z80{U)=QwUq$guWoH%Yx^G<#>B-UC#YB9mMqJZP}Zt(d)Ve_X^_ab%7EB@Pp
zeSSx_J{AWi%@Xt$f)pda`fQ4$V*XZ~P8;?&6eIm>uaoK}ixqj1GTG@5jV)gx;(@gm
zoxj>7H7epqgWOf=g9~d@Bq=9bv!omDD|AxoqPU1-R{euR+kXij`u@jNfG+|?khLnM
zTXTXxPm!%3vjSbR3KgpQ$Sg!6qlwM|i_cp!b?ADi&gH##l;hq}n`<}^5=mmZP^8>#
zV}Za0%xn|u4jsD1+wH$t9%u6AHK5i3u<i!7+O2=`G)^G!vT)M3NO&aFT=>eMbw6~h
zv4<GYSGo#q0p3(H9LTW0Op@_ap!pjUz1{Y*hA-j1gzH=foE0zmE5H{zT3iRGzo=$R
z0sDf~)RWC~(`2y@1&fBnMXW!1-laAPeOMwbfc!8rL<z2k!wTaf&og?c^baKg`8Z&l
zz$oMxp@!##%bC6Y0~g0)+ZdYE6t`J3nsqJH9%w*OOcmy&QsUghKRR+-(K@~(<5wqP
zSC9>((aXXogZpLb(;X3xUyhT~h+Y+;BgKD_9e?d%&ti_6yMAQ;7=iB}&c;kQNg78(
z_^1;222Y`W^oZEwK_GK==sMx;oU@}UGthpalbW}?uK)=kGSpTjXa9rxLRyt+5BmWA
z@~@vb0fGZoXb5JvZtJ53-?T6kwN&N^=YF&fu!6{#f31erRhSpCHn=zz?Z+JrBwZrk
zRJD2*389&mH5ZPInK3gWq!~b?v0A7Xi0V`_d~R}M2?<$*92|=)>sZ<hy1$(LYpM~{
zbDs*vNx}}f&k7tVHZ~xt`IByAcR5M(x?3yru$In?%s4|Zclda2GXchvk@a%FNe69n
z=aR&sGh7nqei>(S2Ep;^5b0AJELECqq7A=60tIC;juDzD_|+)0%_5l#@phTS9)3ku
zA+5ubUr9ENULk#d(s>|t&OrK5oJjOt5-TH{Ri$50g%M?DS`&&!#azyhVOp6^Rv6?U
z@+9egV{h9~@35dYW;@rW*8yT9286^2srbhzOFrWkww{?TO?_4x+DFbla=09@|0Cu~
zS*^d#z2G?OsUWrfQ`}-oJChei7}HL7iXwr*q{bl}U2MiSy_d*m#c&iTBe3zwfis+g
zGjTzX<L$5AsXh6ogLS>Xe<Dub(R-Ryvf`s2<0tN&uk|MC&os+}BQO3@txGCoi((73
z#psd>x>pzd1-e4zhvfQC(G<~qk=q;=?m=2>WXXy{mto_^o~L=_+cG<qpi$Nm&k$N$
z(TWkaMegRshj$w1RfudJ=69Bck!=-37f`^-IcR4<zX!&h7*BQ1r)N2xqroai@{<Z_
z6&Vj03Q*2?OMIgxMj=e)5k02!p`iOI&)(rN`eS$FAZfBdhxLuYSx`J&!-ucy98OJ4
z*jv~*2q%I!AgQed5rCQlqrGDKZ`{dt<xwD%{C(MGiP(seACD_Zjt(LX`p%_XdeeDU
z57(rrA=ZZ_->pDu$-vggyrghZQXz7E{-{tss&|cL&^T-M1-!P9Gv?)iFWC4(HTfVC
zV_5jYZ@rgbg%36cHmpd3X5($uE@}<6z9t+R9cY*>i<_coBWveve+(<$9sK*JM*SE4
zdarM22psJeDJ&TtZ+x9QRi4z~tVjwgw@LXb6+fjo{Dr~ABgT0w`kc5ycUHvTw*;Pn
z5@#UPnCoLC*N|k1=+v8KoNcFotM)Idq8mu+;+#BI-7AL>kvKG)MJy)X1cR8wPcFZ}
zjZgGWvCC!9cGmXioVwgD{*leXTPtXvmKgIv$bY&-w1-p!U}MZYb2PRM(Ya7Zddx}5
zs-daj9)&_B`8*QN{@wQYsOKi?g6s*yEcA$`@l{!<A^*LW1GdY=Z7Zn=eNwPU@Hq08
zmVumdEV`knr>!2=!A~EP|9FaxtLVC31N(GyaXoaF`bcha$@1mkBpCglVs!%%QFiG1
zZI*t%Fgk%zm&fH601^6PA35xb|5$Mf9_rJ=7Y5*MZP1(p@DDb3wFm*O#7!nO>DqWj
zwTP?;ytQ+{W7@%n-&7?`TMDMiC&!8lb#-<e!K!x&{0o!AjnFlmuInOYxn)f#aV;#T
zr7C@jR}|;FMg|S~*)MKc{)v#TTDEW|sjV-RV5;YYp4g>$?UDeAGOkMs<iJjqTr6;z
zFwWEBVq?L}<H#IuUxksi_t4VSVd2uD=LT{8;CZ^y@n3m^OLIp=IIHN`6@_X}F_k`N
zA#F~)15Qq?oTlTBMAy2$T|r!O4K{b5;ET^mO1)*FJkx%U2#KJ4OEIU~+veb66~hTm
z!O@dTxk4N}S#;H;-2F1Rs5c=z{CIkMz6A>YAbBDxW2BDrhfiF|8VXFXKvmR8lxI$J
zJ7F`m^nT=OsZO?*9r3&x<K$Z_|2z$J>?-zIQ~L{1Fa<rfo@(t^)>$sW>-d<KoYV*|
z_;zh#!+5wrVl)r__E@))BjBqx^ceju&_2SS`4{<61~F2ZR)aeBk*PEK4s2>aEN3kv
z>8&v3*WZt0ZOB7PI=cY(JTtV`-{^64BVbRhRxhZV^&(RpEg@a8QOS&3hs|lY_u??#
zb~?Jvg=i=DJ=JJ#$4ms`t}up^ZQYcbx`lZGD`;+CEMH{An{mnr?A~o7p>yguVQPkd
zP$5#d%aPmW7s4JbeCT^;Pge>HXT)E&|FlL?zSf_za|$?YB;{xv*aA&80Dtp%@xs+l
zd8~}OnTHIJS5npRtM1;N2k5-`NFtfkjQ(Q^E()X2`iBZ5))nf9&$U86a-f{;Xo?D(
z0@lh>NX#TIy`@PVT9OX@slw`=$yW%s<>>Euj+?+9bADPeJj2)&7A)$F5xhM2X6KA5
z>M04y32EvH5!~?YvLnH%y6WU{Zlc`ly<@HyEN)OlkPqfPn34Tkjde&`JT&eP#1$p^
z?06iY=q~~>03wVz0M%@q$AurJ5HEZ%BfQSt%T3K7?3k9lEvx^C*!dQDiKQr`yi^nQ
z7>c3h@R35MYU|PaD#Rt<ioJyu<;+)k5hVkR`r|x?Ml+8>>LIP_j5X^J$DL+=KVP1f
zi|tC(b6hU`7fI@!q3BfUd(Oy5K?q__57S#1bw4SO{*ssH{3w0<d*CWjpfQs)hu{Lh
zjYQR$h-$W;Hu1}-Bv^1?!SMQR@Eg-Nc9zQmMP73tPAgn&c;u|G&}USUaf!iKCDwP?
zz-bORfk`+8B|z6+Q2|0K01m=vgSn0C{0G)&>9!nXotmG3Wk#|((63P;EE@D2ZbHZs
zJ5{bVF2fJ9@$r$*IrB7j@LohH1+z#0q?kqn)eiWkxzWZIdNK(P!w<>vbPq*E-ccz`
zy#-)!$PLwgtLVi$58JNW<Ug2cgJ|EN(%JU{aH-S}!kz-)QqgxZ9M43H*cW{;o!K*f
zS|tt0pW^Elihl|<`_hRMNR35*qUcGm^yEVJT&^flj4fVeo9;<wV>m1TI%uX@6lILM
zwvq9&{K!xiyylg!Z;x-ez*^saAUq*rII}p$8t*HgDB;op1WrSQHr<<~vfpui(wkE~
z`A}Z(!yEu~$^^_X6}r#?fN&aY#SP{;Uih)JfHtpm=XakvzFebvQ1PsQ)-WDNFNAro
zQn63{twjIlbJ~g{wMrBT1tjXwmbVz~aw$f~!q7C1V!LXxmNLw2gx}~Vn+)KgY^rQa
z;szp?zZ_ksm-N;ayJw4sRbYO1=@9GotU-HHIO%4WkFJ;QR>bVH70x4mQ=P9h1WX2i
zw>I%P9Z}ase3Ypmo13Bt69ZD4R+9rY81(~F9Kier`=)c0XMGz6z|mML`}op)QRi<R
z!F_%*Mv~mpQw$H=ydzNx81mTxmeJe7z-K_DQSyVlgrzTyN5xCc{25Xn{*9fI->V~&
zMsObWcPoJ1k!7-d3)M^8xPfR+lbZArR%laaa;fRBo8K3_ixB<rjHkGV_0xy^SnIOP
zQN^ms`<m5>-xfw$Q(AzX%;Y|1V0YJZ4=5pIOXB9t%PtOVr_pS2*GE>fxL?mObq&3;
zr`ieRvrFPr_w*ohc}5>p+4%JrRH45Il`fL7Ej<DkLcFi;i5nlJAq8k+gp<k~=1XFe
zNBaZLAU01XtsD>S=H1wk1x81ul6T9Sdfx)k?V&3G6a!?sI@83*HgApDF+^^N%?yo2
z35qp&AGp{>mMb;ZP($0ti5q0!>pJDcJc#?`dS2Gm{?-`RB$w$=i${6bXKXHIq%HK!
z%N|DU8};M4hhQb9FZ6}vU2mnpFyqz(ZxWS%eEX4hN8+#B@?x{VyM^$3oc)8Uh88iw
z9u;Y7T1&tl+OXZs!SxjiF5F~8UR|SP>_*Y}X-WQ7VtCg0w3nC|RGhZ_2n{)9lV~Z7
z&1$0j@fgTm#P-5c`*&~=?rs6p`pqP0O?Z=sp!O~tR$0eY6#Z8%?!%k@4jc~fQc+xl
zVLiaY4qpNm#=aAor%o+d3n|j2ziF|wz~#b&MqX`I@9R%_0jTBI=aC_ox7Qh{Jp|ny
z1Hp0+IYZx<QD^S)pzjQ>S^d=9ClY++&3fO`JwoP{j8kt+bHge*iVvfOn^V3D%s~A8
zoOHorC4BV!)TU$J;fH;-{$j@NlBO}IPM)>)-$Y!_<+?DYoKYn>!q4kK+wn`$BY1<e
zD;rIM0`si4*&Od8b`O8c1PC&%!)n=aOFhfCZ8OxQaC5?rc>}i>AaY;;k(&2+K*t%-
zqG;Qirrmd2evRB2QBT!=&u1;Y$plvXj0{~6*!NB@a1J36PwzDy*Z{VKxc)OU6pdk1
zYoXNT!*?a69Q>!{<sVEOGh7$JS={qw7h|$fOkqQQbe$O^u)4Zzhu@%?$oHk4&jT>4
z6-aM;x`_oyY*2IBjBs=$cj02Yim#)xIVhZ-=Jf^$-v03m(LGm6@=K!@$I|?isSz*b
z1V5<v<$Hgs7R%#VRCoKH?EL5|eeB%l0bu{k+~VC_Ja!;zJ|j%tz$Vg+YcZ;`^hHLS
zJK%Mt!dJVnR0}!tROn?1uRHWaG8<SvEp|AR-hXOuB6S>dXf}u2K5!W_JvmVCua91o
zQ~D9tknALnijyR^m27XsTnJ_>`IA<mtJDo$Q|lj+`bPhStmFZK1D$6`fg9oZOnNV3
zBRh9TI(*kK<Jas13T5s^dZ0p)@wYSpWi5P?uynxZpn3Q2ejyh@@;uRqK0g~m4QL0X
z%|rkZ4Jw?u=r@Z`dWGIxxk49ZxFz`kglF69rSDc%VH99aVLpe=gnh#`ff|`O$lqzI
z3ANq`_5Sy(C;i%BVQ!ZVkR1p^%dy4qa(t^`Y1<1Z>L7pKwxg1tPcBK%u=W*>+%*d6
zrsOJE#GjtTtM`?Sp+n)?{6IX0j$cXc_*K>olmd}q&!5V5`?gKGuw^j0DnDG9&HGGt
z8KMmNtj)zoWhwDa&kbh1O$~=@sNsz8vZs7iW>;-kOX7*R%@^VeS216FhhWWVS$6lJ
ze|ZzzJY@Z%?7<%30LbXAs0+-33)#=CsLw%FLxIdfkY&MR)o}I8her82MPdRNIJeYu
zey$ea??w_RB^fQlvdhIwyKO-bBKXIsg0BXi+6wj&EHRDu9Z-)UG$4w#S?=4s=yXM*
ze&%v?A+_vz(bjTr6VNp@pdfhA-=5F{zmlWv(}6zmLrH#vT%^agkln9FO_SA?6+6~y
z%Se7w*88IJ{_Q=p^|#`(qKGfjW6DGN<p|=GZ*K58we#-FdI0d4tH-a|@s7lF7TG4#
z4Of#<h9i(|f2!#C)Jdd&eCT0!SfL4EY@YHSwJKKY0q@P!^gWH>bb7JClNDAg(e3zz
z*3K3YK>!K6?gcg>nXWrRFO!n_7a|Lg#GObx1!|iZ$bc<Ij;2weZ;IkgKw}-~jgU-3
z+$wIL&WjVW`7`Rh>B3i!S+0<WOU{)d*~^u;3A`kda%E4?wKOQhMaKj5U1J786KfCM
zT?Gjki#z1PSAZ0S8N+_m)EURL)<Z8*F9-CS5QVM&x^+%obW*iJcq_aj$~Us(_T<-?
zwZm(8&*(C~*$*mN45@1Ut3;T8g`Bs;b^yOrqAKGl__Hnf&-!@#Wz@?ipHCWICDe~s
z@lF_U(ny14<mJmTUBse;cjgT++aFe{ZI3eDHoA7^c2(ShasM(9g~x}XXg)8{&@zrI
z&}JWMLD*Bk5y?RHw4y%LUCqbtCf$be1SA-wP9HTlO<)Mgpos~%w#b3<oVLu@&W)})
zqsG3CEN4s+o^4I$aUm}~n)@a`RQTJud%YWC8q`PS-qk!q_hN>hH@+vKaS+F9A$#@X
z-~OAq2b3Pk>T9Aslgj_j^jTO;>hG1^tyv&zuVy>FK`eA^WQhLM@9b$t?rO8*AM%{|
z_AK4HV<RR@i0vg@!bs=*x_nSe2qb1($lSUxDyPHXnT<Wi+)eB^Rdg_#R+e$F_g5(T
zM%j@7L7&-*|5h@=Ild1-1uz{+=}Ru|%MzaLN?ECshd_?5ac^Ct7JuJ&Jtx(TlQxy?
zC=OBGaN!8UJE}@48VeM*`egITd1cp1<vQt)7QNa(_E|BCt_)eA(UA#NW!(&T+vn&S
zgaiTzEtq_^sR<j?Yo!)9snHg68#fmT*V>2otrRo+^P;D*9@CcmdClM|4q|!dMa3jt
z;;th6Wlc7?n;+H2rQxok!iiX|!9EW?l4$&-Vr?M3Pgn$s5=7C>h|24Ib!cd@x`pL$
z?dMY^{Jn`66|V7dT}%LpgLnaOlNY_h9T^z~V%;ooIL;QesvR)7Sx1ew;+scOJD&qx
z<wS(d;GP1?raVNFiM_))pW$UX{Z|$TdRX;rrNJ>vwaO7i^7SDYUzx5OQs1oMxp1Ht
zJCk@Y(D5Ao93e4`0nkYbX8h6bv)4)^Iy#`bn@?FjDspwdr#S~LQJ@WM#yA4s0Faj!
zfL$c>zE1vzPZ@q*CR}*w(Q|a&s&GK&>ppD_&OC46Ex1i*tYkNs7z2KJwo<$#Yd6y3
z&ZzrWgU1ot4VNt!Gtk8$7*Bn;HlpTWy%EVjMPWp<NO?z%`oa|O`Uxl$KlHBgBJauF
z8+!}V{WnXWvWgiUb$WZb3Vm+k<mq8=DTpJAIUGFP|K_hkJWXz@F@Eye(G*abG5UUa
z8FgQphy1fIR~WRd4!dl8K9RUtY8-OLV%7A{=Uk9w948-qhl?I8OU_OM4Z)70y}#<6
z++n~RO)fd?1BrA+{pKv_&03xz><jxMPAl&k^!8wx`W5JHZhQ>rLqS|*?RxLUu5Huo
z5#Wsh_aFOurTFj4W}k#HJ#5{)r6`__CwB(!uQOXH=;7MTMG7H~DqP)`o5v(9&f8}+
zS9RR!IQK&$nQtvxm0Qw_moVmiB9n*YhVV|z%&t?TgJe(oRII-N0iRU4Xfq*s`y&H3
zE@!EkFNgl{nye#?2YU3~POVNB7r!CHPZV4-5F#DQ=NrPhm=@cw<tfp<=Z-hEGw_wh
z%|#Ab2)`?)A^gxf$|Ol)h>923AKD{P_aI46qYIM_?z_;8@{{?&>(!I3f4Q3Nl~;@r
zt4S43_HW6yZ;c7AazS{kp!ESYm$%7lZ{b~Wf64Sv`E0z5-PfQ)snNE{M7CZcz2a8`
z#smkhK`>9)s*b|0ALfFZ*t(hVXuLghjTbdEsUi9x`Z6UE_QH~*ZV<mvXHolDxa%pb
z9(W6|-zx;gzyoYI0MFpj+7AZGN+e=M_Mg^=SIk}~*J!8Xamlt>m$etasKIIHA~ej7
z@{VD?>9PcFBsC$dmENoy%oqAkecb?EOu=RwmsM0pJFmL*fIj3I|2O6nTcDNaLaY@^
z)nKS){FLIe5*WvyVz1nvH$<qgIn`jV2=P#Np@b5iF=#wv6XT;WBk?8L=5uKee7Dk=
z8-0`4{P4V$=yl%DpCP}EHPmr1X35$^96faAT_5TF-3nbGr@4B>_H%|};KL0*durRl
zIH>^*J7@TnbEw_%xo0xte|FcTs%v5!-bKp05+kDp`yY0D%h9H>**N&kMY(cIQ7-Dl
zoA@lAF7Aca8Rwl8w4E$Zr}N%>X`qBrvwOELKKo!yP}C`fu)}o}Z&f{&9M|)q?;NB{
zxNpIt;=7PGh{x99q<%<-8Hf{*JwR())u}ov_*cR8N(<W04)9$_3Uo&~eV&@o2D<pJ
zSMWJHGlAFxTv%~%S!G@WUN9F<TA(jhp{lfz{cKGg&yI3jR~9<msJKUk8za|fscJ`t
z)spZn3r{hh)txJG)4b>qUTs&Fktjt1dcF4EPx5dY8RcyCL(|BEgGNtTo^!ArbtZuN
z><cnSYqczPS@A!2>E*d%pH<Nn*Tl+`&q@OE%^D~)6I{x$m;z#kZXu!0ywuc57d8rR
z0_dy3+RKK&wF0V94J`Qkm!z@+AMt-Iq8u%Pcd|ar+)2Q-CtYB~!l9!QxKS;=E#S@V
ziVFLAFBq$jO(cC1c)?lhPdre-MC+o%g}X%I%v6Ljo-S1bn@_Fk`rQW>S0n18IJ*sO
z0mDdm9>mxpqaIK7T&wT*%|*rXG`0GJj_QNR1HO31(2$78a-lB%+4?B;+mvXB7zb+f
z@4Th92qJXD&0#0;nzW5sr0Y$WRx6Y1ZTvFu@VVoD%&a1PJUAX2e?cR1MK}1Dk3@I)
zkrTfAt%Cefb_gI7n;Dv*3wOwkSjCO=9I1bD#Lk@i-FHK)gc}?})#?@d0`wd=Yj?6a
z|9#hVID_Icxfji3UVI0%%-h*+`2i8(@n6R;t9%HioGsj)3Hc4!pOW=TU2BH%%`RUV
zIBX)n1Sm-LsS#`MG3lDKQhgpc{fE*L4yQwkol<PJQrDn$^0*O@8FrO1Cw^)34m%5K
zajg->(xSmc>@`11IUHznu32)tdZjD(I#Q1dzKLBM=SOfZ2J2TaT{||~`_2DEqD?lo
z`5!dJUZ^gtk3-5lK-HXsp7$TrMdFroOzXQf%k%Gz^6=2=Gpq}Mw0UonL4kP!gmqMi
zj9<C*WoDvjepuCse8Wl#!XK{oaS;HO69M$EL>u=J4?+W~86s}S`TYa7+<3bGqt<lK
zk+n#Hu`ZD`<w#37WlOzMJP<nL#D7Mw{#)Hn7vrSZeGYc&aR$?PnC%z+j(W5VGU|)n
z{fBJ%@8vHQmXnz4Q%`9L33n!a&+s@Sasm^1=cmYzd}y_AGo6wBzKQRBj~g9juq*A!
z)EOj!b@!d8WcXzV#B(kB62*TI7>~Azg7X>VM<aH2ZvP(r&`tNg$A=EVy0}}usFZmI
z)acvrB>bpdxk)}wk&-5YNU#R-f}bxpwrvww@t?1Sd<JA-Dh8akzBiqzxt$c_V+wk}
za{tgqH;=YcSEvXV^fV-h&>qw5cWh}!578HCKi@c8a>fgIC@0^LDIRuI2jCyFFuE~v
zf&B&RV*&{f$EE0X;O&1HadNv&&+QDaP`+{1GxDFjg4Er6%ab97qaVbX{v&ndS8gf(
zcXo!yFzhJy3{8Rbd<p<fE=BI9Mjwiia80I<RCWKRtH{&Dy!nUX(AwTC4UE+kK}7EE
zkU#z3sOR!|=lf*H>d#;r0QL9faG|P`9{&j6JM09IJ!a0awH5{>u!$*9WA5s?bvX&*
z=r7@;KuN-HNIiA90i&FXTKJPDQu7~xrT@MLNEn7-#E)D<8v%dx0tHx4VPo$%U*s!@
zquW0?&&}(Up*<?;Nk71CGri0I2zm+}p68=3U8Su$!`TFb_kPq?gm^<wKK=uq$O+U(
ziWo$`89LvIAb~}YwXV>Xr)u$J56F)y|H)(QUFxeNGr$|3t#y~3q2#Yg3`K5X6bT>l
zhuCrzv1`^mdHX-e4E5x*&pactxa9KE0YKS+7pi&xL+VwRX4XrJKAJ0MR^s%AO4%gR
zCK?YQ0EnoQN~c<K5lY`#>TCZ1K4H3lt-=Ag4rzjXNr2R>xtsWg!82xFVz^rxRO6L8
z%VD4Xhpl-EfUL;cxUeL;n7jTwIe~okpduPM5dHjejHv=(J!kaf<E2C1gd<-Ju$;~Q
z_SqE8$mqHr>DxzO%SP=wNj-jFrts#Br~Jv*L7EYt9}-^wHiKA;gZ{|2t}uyo_c&>R
zRaO9^KvJtHK&Z`D<nMoMZ~|Z7U2$Dx{fE5)#=5U=+mg0k5^LIX4@)^PpBgzy`5wSg
zXb`WN)f73Z`tMHrFDoa;0`oH<6{l{b(^dHy9M%7Ku2tr;xBr;P@KcOdDsUx%hKLMr
z8m%1glh*P1))<*(5%c)pG?D;G6CgVjNi-EctZ7%3B{Bnl<COkQ`>+j_eev$0A&DJL
za)Vyhv}Y7RI7Ea4zQ5~((ob5mq+?_&I5PkTayQ;+^D-atvi1MXf16uIz`f<w83Zan
z!`TlknM?7;;*5!>kf}k?l}4a53=lb^mx=EhGU%}WO-q^|*foDdiGK?K_%MP3*C@p*
zWu@}O-gikpGtg%?`c!<>?wVlQ(y=qPKS~SCN7>XvrhL!X*<wxm+GI&5XsK`}!5>r)
z0PRQ$XaW^|;BX;=v(7;Qiy)dM&>sPwWh(>1H`0PPz<a7)z*t@A*>^ASo}I)+@E-Ax
zSOC0>QJaY50muuIMIruo1#B1ie0BvE06zcUuD~+DowF;z6!CB9{GV4K;0NxUU5Tw+
z1QC|@|G5GZ0zUt{5{drbqGzA~|6ZD?n*WEUB60Np3K#$9qW`}F{J)9rOpO1h00Gh6
zcHAoc#4?g`FI$r2{FGdQURqSZdwF;G^w$XPoTlslR~=U#4(0m(XEDY)NXFWz24$<U
z3*jUjqJxMCGucMAsbtC0*iT}dLUtu|tWgP-7#ztKMTm(}Ng)jmCenPLcbtEIfBdei
z>(ceU^FG^sKhN{I@B4G#;)Qzh$$7~NR_{d9OwRz42l^E{OgH_Z8&7mOHr8+FN_EUb
z8y;szCW;hTd|=#6(6a2j1g>cZ0}vh6#2+IkZzB4eq7_E%QMqG0bN%!=GjRRkolUd&
z2kKQRmlMPDEV_2TXq#hx0;iKUcqanhC9Nz!;LC6|Ryjcpw;%^5X4(MauA}?M^3Z&d
z&Xq2|qbGIKQ%&sMPoZv4Nsi`%5d!kd1zgJWRmxF2FPX|^Z;Y{lOn%xiP%UIu-NhR4
zlJ3JqT#X(4z9WDGMI5{U>*E*(g(f``W%mdA1KNIMVn6{i<@IWgf|W#%TYZ**Adz*Y
zS+j%x-i^GDNHf(!eavV9x2wu&Kx|u~;3>KO-menGXw?Zh>D(4a=0I@xE#*X_{k<FS
zGRNaF`sdY*NHUPBl^G8UmEsxjMWRgJh5+lAYpxeqKg9x(3sw6E5|H?x11lvbClTR;
z2~Dy|(0nS(@|pE~;Rw8~8HW@B4-QBUmjW+(z<jC>4zL>euEK$AbkD_5@c~T0rh&HL
znu~Z^dGpGH$NpsT1C7qBtSJpvy+2pFPlGUvr<|fcdl?SfNvaD1Q-iDvKpNQA;l16j
z-m**+i)_r^H|TdvE-+D`HD&2&KKE<7^2tu^1HeKZ0%V)W-N`#c`)WHtt-`Q{yZlVb
zimRkyV|tyYI|B$BA+u4GG^+}p7nbb2of~w@4qwP`14u1HpL}!Afm<{i07KOa25oE0
zdLUn<;-87Q<;RrU_S|9SA}3Evw7su?<X@4Y*3<r5Dd`$`F~R|6^EI)3&Q8%^7$AeP
z!3=kwR?LCUm4lP{%oFq|+hZ~6bTM0&IY2g*YGb6zpPzpVg5wZ?+_Y&GKs7thv<D-s
z<TNAhK6Ha6cmd<9FJ*K14qscbu-T6AG`;skA3j!ORUx!4D+EY20KsN75i4u*nYHkx
z3_BkgmCR#sj68A!T7;NE3DN8UcROJlP>6>y*RGPQE6WSX2P;}WuFKM4!ZPiim{-X1
zc<KOPvsnxpQj;O&z*d*xM8!Gp=6&eWjfA9oV53X}Q(-oLar@;;iNZBP88Vg(0MptJ
zBfELebPAao^`4V;92K!4#V!C>zz8T7VBePdS6{pNEfGa_Sp?}{1{W!QC5RZ~X7*;<
z#qR<CBY{<36TT`~8>@w^vM>{`uk$}RQ|uwI1wx(BGBiM~RK{hh%U6j;1-mgkL8YK;
zAfG%|LzY+QP-|GY$go{f1R$US_y)8zo2I&VUeb)I(3hgpADr|dmdmxR(iSrg5vbCJ
zw|<a)pkSr)W6f#aZ2-_c-E8hU7b8Ez2N8p47l9i7`gs%UDGJdgF(|Gmt_fBe_dcy|
z?jo!GHOmi@mUdOTX-qB5^WoR96KSl26gLTm>`a`D%j@B`cW1||WH3FQGjudUj@lOe
zW%So|aC?;9ys+!8v5w^YMZ%cE(@*xye4~Cj!Rwpz@|x(d`|<o@Cj}^X9)y2A9%(9U
zw1YphDCrb?>Lc58r4!U?Eb{}fYo!G~{C0#b#PXz@rg)Ves!Re7Wk`OC;~>6^YT*m?
zk*OP&DIviMn+~fT+K~4(UL1#mG9btVx#F=iZxM#+32V?v_njRkxt2#_Y4ml=ZpPr&
zs}ly5N}^$lg4Y9P7L69sKd1IxDFV^fc<y$vk5Bp#GQ1Wdh>yO5RZ2@jS^Y%Pl2DJk
zuC3poA4^%(QIZA#PB9N}T|UP53^@3_-gl?^Hkxh2Im;7_GC%<X2|IVDW{`VNx8t_X
z^aF!R!r64h*>LoD9~!oREOZnUSFMD)4>(V<J{T*^@RQ#gx;sQQi#s>lL~)xqb9#vm
zYr%Tz&sQd#61res$lj$fAmtBNRI*3qq?}NL-jN)Ep>d4mH_vE67nRUf<pnI!=GMk{
zM2nBj^7Vf~-7hrIpdP1AOHGepKjin5r+!dB6g)(vp>e${zxJeVHF3A5@_xCZnStA~
zOr%cz{&ZPqq^c`3rbI~I*2WHgq__0!%`y-76XkEdMqhfP`S6F+x4$QuLr9YUgx<em
z<Gy<tA}xvu9~q~G@f%4xxMfh23y>C7DveqWl+JpYOGFa{XOT=(7gwjVUtMpsKft+A
zH?A~5w03*M?uU_4*8Aw!w%Rk#Onlj9_P`EcQ{Ha_lKUA`M_%|;cKg6D4`D`r*YXl$
z>H9N4hA#^~Ygzs#0%6hEsVY5LhdV2flAc1Vp>4U_Jr`!6<qAs%XhHSvr-PqlDpY1c
zlMmf(ayqAc<u#Vspq3*-T^_Qh{(-0kS^5Mi%xXmrIF9dXrgkB2DstSA12m(wxF7IC
zFUNlc19$_y`r{?0r?-(eLPKQk$UJ8hZo;R$#lE}sj4P#ZO)Mg<XK20H5IcHgg`<ld
zHP6j2vBinU&`v@(SMSFQ;}TNEHwI!FQTIbfJnK;R5yd?(KVu36pBc{Y%rZ%+HWp@r
zLw}=fE?oY+^06i`<Z|PB6m;ZU)A%k+zZ-FibT*lCoSPrA-T;rmx_Qa~(#FrngRw17
zF4P-$)G@v*LTD{U$@`NB8}aka>#2sSw3=P!QnO_4I!Ahw_OJI#MU0nBHN0l=5vD(=
zL(Qu^`I{(OAH%D=W?=cuEx4bq8>}aotUm&cYb3*f*p#+-qRC*wUGmWl=kb<i&IxEr
zn<sE#Ae!HZi9bUN8xv06io4Yi;-|B?xYL!106`O3@Pp+sG*1q9_wx|(xkJsMG$?`_
zph8|k)6NvpA66EXHHpVkxKpVNDq0s#8~Q}ps3_ERg^(la_(}RxPt)RyWzXtVkWVDQ
zjl%8s{b%W1Z{s=e!)EnR4!Hb5k(>#7LkQC#qKC9}BZtA^E&}-2Z@Z+vowU>{Lq?9?
zi<C86HY?-;-vdO&$=1uXi*;p3O?FWB+9St0>Tz=TpHYh6<navv0)y2x`D4hdS5HH~
zx7cs$c>BIv3O(22Hk~KhM3>B7JO|ZA;&oG8pb-^Pv)^D}JN@M`oAWvS`q#ED8|bOp
z-t9p8Frgpxf23ZTpg()S-kFQyD{hx>W7Tx&G|Z(9;l!f<hN~#SeA^J>C9$~ld$=dg
zqC7^{i+BAhSNIb=fswq87d$PWTF!=sY=DPgaFqv$eVX;@UUL4ICSO{G=HY=Pfh|&@
zBHIR!t;WB{qyLUU3ho#|^Ber*Z$RVJ*BKoY%V!IK&21XQE6@z#dLYQi1Fl&~12xIZ
zkR0PTd}ri_F^BahcBG%5iYhz$ZBm*^2C5OcCoe9jzsawZdg7*I@50|BQ3I?%8;+`T
z&SN_5qo!Tsm4!nUQ@kELjkZ7T89Ohi=7Xetth1@(E-|b(QOgn&hnM?iJK30fYN8Jf
z#~N_^aKsJzmXV8=>_S}O#@RP)V_v)lOO3d@V$)xs`LMEkAZ5><<@5ryA&>slwg-1q
zIff2i7P^;B(S_gs3_07HJ4jax44^)tH7i)XZ;iEnzQL0gI7r_xHK<jg<GhIFc#i8O
zQuW#8u$GxK<5PT-W9@yk76mK!Ie|Z|&)xpeJ$}pE`%;Q?d(NJ<vFiB4H;P1bTLXVU
z2n`$wEON5$hTuSbb?L8=f%<^N!`|df`AZ{QO>SB0vwJ7wKwaIla&@8Ks{%R>fP%O6
z_r7_-n>)_aZLm1R*Ugig`(U{VDAmZLfC@($;1(phpoCry`5wL>ud&s>QbUWH6Xg5+
zSM8X1_$LzE#bxfsVJn9X0DW#sqZfKcFYSdHhSC4ceXS|Kuc33+`}^cUfVH_Nw)9f}
z1TR{@Rk}65tGyUK2kZ8s40Gm74nf+`lbgmlQaZW)+(KXJ#3bX%^XY*P5t7W)8DU(#
zqJnho)WJA!>%=NpTTpzHFDa@3K&M#Q5|sp>)whjl&na9BcvpZ?C@kDNbX5->oF{nM
zf9j=g1w8mGW2*lerCXo8LFS&Fi7)4aT#76{F<${%vvprLobFElvj#)yU;o8b&1<3f
zp<6TG<j+vsblcfk*%=$ho3%Q0rE!z%^B<s}fMYII#zpK=l<cU9FgiFWad^01Bb{<Z
zZ7NL1=;OyLmbcn|aLrucmUBHtBvQZH5`wTomH!CmqRjH|?4ySg?`-L4F=~O%t*tq#
zJbza|ON@|~@|J;VqxCC!an)HS6!A1vtnG5irQZS!1FxF$POm6gIVb}lWvqemK>Z@`
z;y8%UwEMC>-Z-22w*O_pHfH@b`%&i?c}E#|u2b@qTV7E4rpFPukVNrw9jEu=6P4I(
zEQm3U#lbP}0#@=MyM7JAkB1KgK8a+70^4Fa8F!sk<l4N?w50Ik2#>q~OC7M)zOG?M
z>2AG8zztCjqM-AAVQvTMvq}%_x6sY^r9bO+%;l370C&LzgE!zjSw)@=`4Mr-*#!t*
z<(-`Uyx}S_1)=tj-oeY}0f}yivy+&n^{!Rkj1CqYU^;PxT+(6wFRAMosmCTQWB>}m
zO$yIvS~D}1UaRk+o9zF2l)il=*HET-VQIQdIxL-_+p!Nm#or=ap*s~^q)-QfF*aNy
zN#&oj6@Be;8%-W=NHrMN!lgK2R%}J=G<tl$sT16SM+&}ZvHY$;J+0PxKgBfY0w)_f
zlbuqPnkCp&tBMYW#{vML4pu)zpKb<NKBMn;^uN1R3osMdew(&hj6E~%N+kjs)mV%c
z!0^_65~6E=b950;+N{ArcVp9Bm?6mU*;NJG7<pO;J+fDc9_Gsmg}0Kp9+WJ^V~RYb
z$m(Ew?DP}Y16)N)Fp5TzHTV_n0;qL6AhG<Vi;F0;8!+$<+IWkhEXhq;-Hg*2?at3)
z#jr4KVZ~40?EUp2!Zo0#4tNKU%XJwSS>`3BlCpzzKXu@kT006(veN^U7+^Xl_AY*Q
z)gJ}kw)rSPJ7Wm5hv_PrcG9&=RIMHNo+eRSjh{lZsz_60t8Pi&<^b37_N8yxy><M-
zJTxu-wMT9N%rD$L%z63y)PrIZ#9j6OD2!xy@UxWrQlKUD8H%gd?x@t4cI5micCs!m
zXU7cItOE6cV$biIN1IfF&>?q^Y6dGuD}w0Lu^2`AHoO(W(AnQy)f7+Q19K8m@QdCu
zDi3n1X70q09su*q5eGWFFwdMdvVl$5m?@6nh<8D%Ew~K+HSl7_GPRUSc5Q|VGyZd-
z>NyJLz)iIIv+0pVTbV%pv~I)g@0#=3Qf#T>wq{4QAMqOF?m*d|*#PlbUooQ<NSZi&
zsnwdl7NwVPN^QrfcSshcp1_o1?gIrPj80Rz0pT4>*XOXyd(3w<PDeP%I`N*0{yCu<
zZ6Ji3U4EvH_A;brc0cWArtX!b12V8-08<e%b|V3zGp|g@!MA9cmim7Y?jP)o`mdjx
zxBfC}5sVnp{#PCskPuEwGKWC_Md03087(D5!+!GXkANb!VG?pr<kg_K$ISr=QKuRt
z5rnE>dIc6?DE2ApGGKf`w)XAnxW}tZHlJjHg_7-66s<1qG1Qt53#(RcfsZ~!&rl!D
z6U9eA!`zeE@d5<qGhLYHiOv3HqbkfSKu$Oa9n`=3j0r_qG-E)K+)6Ez4$FDw1<0<`
zjI2&|0BHfQB&XBXWQTvxp8iBCgp!_n0VmX<mj5I?784jOBN26T!j4)u*8Yd>j*~M2
z5UeDA3baW&T=NA<aR4?$qcQ+wdWR4-HF8|IB^y3O+AmRpr*F71?I3mf3hKLPmW#dM
z$;Gt1)!r3wh){{eX@cp$>6Q@nvEI|~E|6luHmZMh{3f2B%s0myQ4I~m(Q~ytFkdjr
zu^lC594O;sBDTFx#1n@c1XZzsiYmXAnRyS7MWpGZ$Lg8TCC@WKH6sOOSpe4ZoYBBJ
zl7J`_W15S9mAsBGJR)))+DAU14C|Y#<m5PdrPw`$Veaoe>c~Sb!jgLgWYf6QQy^jj
zPor-0w!#8K_CH_WMIqs0jYm@et^*5s#cO~-=;)5CL+B{I3Hrm5{Z58V=>p#Ym(8J6
z(R{F{Zo{WC2LE`ThhXLKNse`J>r_L7txUls6jjYAFolTWpwM*}T_-YE7mJkws{<NV
z)J9gFXU2$~gwfE+euQKvx-k5HP;#41VoMa5EBHmsqO#P8z;_XXM#pRVsPYse8~$rI
z>BZjWn8W1DB4B@mE^I*ZW^4Ub3=Kv@VM<nROXr~(SqX-tozpLVdj^3tpj3#Xh)JR3
z&J{`o29r(^?fRas;1orDhst$AZ8Ub)JYc2bmAOAe<)h4!JIDFF_K%<{t`m62tAwr=
zX2U;QkOc^OBIyA$8lHJOX|%milkxVb@uRz^??0BUkD-d8q{N6kUAOPo6gMFI@M?V$
zoTqXw2qSsoZ;44rV!LtI;Y<LifsZkW0qo}^LQ6lJ+~BJ4(PP)EB_SU#_{a0}s!2%!
zb3*#SEGXx$7;5ek>P-suG4Q(R1OC7?37T5!1Pyf!Jx9V31DzuVngmq>!GJ&*s$OaT
fKOY2zc>DWC{{J78tXs!`4`5d2Cy(DhMvVU-h{k}X

literal 0
HcmV?d00001

diff --git a/docs/ports.md b/docs/ports.md
index 47c72ef..193d432 100644
--- a/docs/ports.md
+++ b/docs/ports.md
@@ -22,3 +22,4 @@ The idea is to always use consecutive ports, but never go back and try to recycl
 | 8416 | [redlib](../hosts/nixos/lapetus/services/redlib.nix)                        |
 | 8417 | [qbittorrent](../hosts/nixos/lapetus/services/qbittorrent.nix)              |
 | 8418 | [microbin](../hosts/nixos/lapetus/services/microbin.nix)                    |
+| 8419 | [forgejo](../hosts/nixos/lapetus/services/forgejo.nix)                      |
diff --git a/hosts/nixos/common/optional/services/gitea.nix b/hosts/nixos/common/optional/services/gitea.nix
deleted file mode 100644
index 43827b7..0000000
--- a/hosts/nixos/common/optional/services/gitea.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-{ lib, ... }: {
-  services.gitea = {
-    enable = true;
-    appName = "pinktea";
-    stateDir = "/persist/state/pinktea";
-    lfs.enable = true;
-
-    dump = {
-      enable = true;
-      type = "tar.gz";
-    };
-
-    # See [the cheatsheet](https://docs.gitea.com/next/administration/config-cheat-sheet)
-    settings = {
-      session.COOKIE_SECURE = false; # TODO: set to true when serving over https
-      repository = {
-        DISABLED_REPO_UNITS = "";
-        DEFAULT_REPO_UNITS = lib.strings.concatStringsSep "," [
-          "repo.code"
-          "repo.releases"
-          "repo.issues"
-          "repo.pulls"
-        ];
-        DISABLE_STARS = true;
-      };
-    };
-  };
-}
diff --git a/hosts/nixos/lapetus/default.nix b/hosts/nixos/lapetus/default.nix
index 561a158..3198d12 100644
--- a/hosts/nixos/lapetus/default.nix
+++ b/hosts/nixos/lapetus/default.nix
@@ -23,6 +23,7 @@
     ./services/jellyfin.nix
     ./services/qbittorrent.nix
     ./services/microbin.nix
+    ./services/forgejo.nix
     # ./services/ddclient.nix
     ./filesystems
     ./hardware
diff --git a/hosts/nixos/lapetus/secrets.example.yaml b/hosts/nixos/lapetus/secrets.example.yaml
index de61ef7..9f2aadb 100644
--- a/hosts/nixos/lapetus/secrets.example.yaml
+++ b/hosts/nixos/lapetus/secrets.example.yaml
@@ -11,3 +11,4 @@ cloudflare_tunnel_credentials: |
 microbin_env: |
     MICROBIN_ADMIN_PASSWORD=...
     MICROBIN_UPLOAD_PASSWORD=...
+forgejo_mail_password: ...
diff --git a/hosts/nixos/lapetus/secrets.yaml b/hosts/nixos/lapetus/secrets.yaml
index 05915ea..3783cfd 100644
--- a/hosts/nixos/lapetus/secrets.yaml
+++ b/hosts/nixos/lapetus/secrets.yaml
@@ -5,6 +5,7 @@ grafana_discord_webhook: ENC[AES256_GCM,data:y17UjlnfNmtvim9REkop4abcU6BX0P5JnJY
 invidious_hmac_key: ENC[AES256_GCM,data:eN3NNPYUSfPNnVz3aZK7IrnzoBA=,iv:eHEiB/TKL0W6TdWpXADCxEdhhGwUPwOLph2RjwTECh0=,tag:P5m6Uw8JkKVegQ840talPQ==,type:str]
 cloudflare_tunnel_credentials: ENC[AES256_GCM,data:XuXXzhGdxYsF1ik2g7yS2wbaI08/AF60P8CnIhjJlMd+jRk36QovuBRRjkfV8BjOg0K+2b4yNHT/nS/ZSV6eorj4sbczw6D+p7LxrQfeVqqhXWyCjbJwQTTDFU9XB2xUohmmC1PJ1/nwShfn1LocPxgwWQiNpqwhTJroojzqxTHUBzCuAMmcZ7jwvd0SlDpZIszhbTQoLRzedRZpCdoNnWTc,iv:2oBLU3SvNUwJ2OYfCmyKiocUw9zU+yixO+tY/AE9sxc=,tag:T3v+MII+kDzomiAQJ0zUdg==,type:str]
 microbin_env: ENC[AES256_GCM,data:nxiE9GIvEb0xgqomDdMyy2UtG25pt7h+6JUZkAgIejZbJfsKfpIJcG02WJoj07I2VeTtN10Wd8IbrW9QEt64mLzlG7hqJN0Uwq8bjL1j5IaK,iv:pCWmF52MhMfZtdtMsL7wwt+KB33E/UPNtXzkiJ7NOWE=,tag:79e0u2yyRYckivY85hLqpg==,type:str]
+forgejo_mail_password: ENC[AES256_GCM,data:linrpmA8b+8e1+tWNl0=,iv:Mk7suPq0Jt960Zl9s2jj3SSAKt4t8Lv4eKdIo0o8JbE=,tag:TZ0qGJIVSFSUt/0cqamvdw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -29,8 +30,8 @@ sops:
             RHZ6alYrUU5BZ2xlMkdGR1dWRG5aeGMKJdsdtVZ6Mk9Vo3a+tS+rzAgaF2wpH+8U
             lWhA+c0Kbe8EJT8hm7Vr8PqBmElz4V9AnXSCTp7D+Cu4pfWsHopLUQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-05-10T18:21:41Z"
-    mac: ENC[AES256_GCM,data:JbRf7sVZLNiIR2vy0+Et7PqpZIvxYa8ZbqLUNNUzjilfIxaRcwRTjbV+IryGOXBve1rJoK9I6Y4dnaQOM/YpddNO2Nxb4PKGcgnQc6v4wrHfHBFZJVo7Teyy6jFfxBYCu0DOqIzBeQg7YLs29PpVoOjxjXDLLFfCK1WAlng+Af8=,iv:2yIV0h3jp/JTPhWjfRLI+Nd8kkIheePIKOf6u59wWiw=,tag:eHswLPB7oDJ98jqnJv2V6g==,type:str]
+    lastmodified: "2024-05-10T22:27:23Z"
+    mac: ENC[AES256_GCM,data:pH8KM1JvO6OK1yGNT90kPfd7+zoUnyoTNfWhCXHBERzLmxHuI8VopCGfgxqYtjyBE4yYAIsRpzJBMPKSnazoL9EBWB+uoSE3UNXMgwTBK/Oq+aW1Bj7akOfCiR9U8yzgfqI7ReAtbioOVO3K/RlgCzpNFdfvToKwm7tUFrektB8=,iv:ltMnlbzIQumavl96q76sv9iYf4IgKrLS2yRZQ1xb83o=,tag:1PILpbzUR7LXaiuukrH3bw==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1
diff --git a/hosts/nixos/lapetus/services/forgejo.nix b/hosts/nixos/lapetus/services/forgejo.nix
new file mode 100644
index 0000000..9e6399f
--- /dev/null
+++ b/hosts/nixos/lapetus/services/forgejo.nix
@@ -0,0 +1,52 @@
+{ lib, config, ... }:
+let
+  port = 8419;
+  host = "git.moonythm.dev";
+in
+{
+  sops.secrets.forgejo_mail_password.sopsFile = ../secrets.yaml;
+  satellite.cloudflared.targets.${host}.port = port;
+
+  services.forgejo = {
+    enable = true;
+    appName = "moonforge";
+    stateDir = "/persist/state/var/lib/forgejo";
+    mailerPasswordFile = config.sops.secrets.forgejo_mail_password.path;
+
+    dump = {
+      enable = true;
+      type = "tar.gz";
+    };
+
+    lfs.enable = true;
+
+    # See [the cheatsheet](https://docs.gitea.com/next/administration/config-cheat-sheet)
+    settings = {
+      session.COOKIE_SECURE = true;
+      server = {
+        DOMAIN = host;
+        HTTP_PORT = port;
+        ROOT_URL = "https://${host}";
+        LANDING_PAGE = "prescientmoon"; # Make my profile the landing page
+      };
+
+      cron.ENABLED = true;
+      # service.DISABLE_REGISTRATION = true;
+
+      mailer = {
+        ENABLED = true;
+        SMTP_PORT = 465;
+        SMTP_ADDR = "smtp.migadu.com";
+        USER = "git";
+      };
+
+      repository = {
+        DISABLE_STARS = true;
+        DISABLED_REPO_UNITS = "";
+        DEFAULT_REPO_UNITS = lib.strings.concatStringsSep "," [
+          "repo.code"
+        ];
+      };
+    };
+  };
+}
diff --git a/hosts/nixos/lapetus/services/homer.nix b/hosts/nixos/lapetus/services/homer.nix
index da40258..e71f87e 100644
--- a/hosts/nixos/lapetus/services/homer.nix
+++ b/hosts/nixos/lapetus/services/homer.nix
@@ -63,6 +63,58 @@ in
             ];
           }
           # }}}
+          # {{{ External
+          {
+            name = "External";
+            icon = fa "arrow-up-right-from-square";
+            items = [
+              {
+                name = "Tailscale";
+                subtitle = "Access this homelab from anywhere";
+                logo = icon "tailscale.png";
+                url = "https://tailscale.com/";
+              }
+              {
+                name = "Dotfiles";
+                subtitle = "Configuration for all my machines";
+                logo = icon "github.png";
+                url = "https://github.com/mateiadrielrafael/everything-nix";
+              }
+              {
+                name = "Cloudflare";
+                subtitle = "Domain management";
+                logo = icon "cloudflare.png";
+                url = "https://dash.cloudflare.com/761d3e81b3e42551e33c4b73274ecc82/moonythm.dev/";
+              }
+            ];
+          }
+          # }}}
+          # {{{ Productivity
+          {
+            name = "Productivity";
+            icon = fa "rocket";
+            items = [
+              {
+                name = "Intray";
+                subtitle = "GTD capture tool";
+                icon = fa "inbox";
+                url = "https://intray.moonythm.dev";
+              }
+              {
+                name = "Smos";
+                subtitle = "A comprehensive self-management system.";
+                icon = fa "cubes-stacked";
+                url = "https://smos.moonythm.dev";
+              }
+              {
+                name = "Actual";
+                subtitle = "Budgeting tool";
+                logo = icon "actual.png";
+                url = "https://actual.moonythm.dev";
+              }
+            ];
+          }
+          # }}}
           # {{{ Pillars
           {
             name = "Tooling";
@@ -92,31 +144,11 @@ in
                 logo = icon "microbin.png";
                 url = "https://cal.moonythm.dev";
               }
-            ];
-          }
-          # }}}
-          # {{{ Productivity
-          {
-            name = "Productivity";
-            icon = fa "rocket";
-            items = [
               {
-                name = "Intray";
-                subtitle = "GTD capture tool";
-                icon = fa "inbox";
-                url = "https://intray.moonythm.dev";
-              }
-              {
-                name = "Smos";
-                subtitle = "A comprehensive self-management system.";
-                icon = fa "cubes-stacked";
-                url = "https://smos.moonythm.dev";
-              }
-              {
-                name = "Actual";
-                subtitle = "Budgeting tool";
-                logo = icon "actual.png";
-                url = "https://actual.moonythm.dev";
+                name = "Forgejo";
+                subtitle = "Git forge";
+                logo = icon "forgejo.svg";
+                url = "https://git.moonythm.dev";
               }
             ];
           }
@@ -165,32 +197,6 @@ in
             ];
           }
           # }}}
-          # {{{ External
-          {
-            name = "External";
-            icon = fa "arrow-up-right-from-square";
-            items = [
-              {
-                name = "Tailscale";
-                subtitle = "Access this homelab from anywhere";
-                logo = icon "tailscale.png";
-                url = "https://tailscale.com/";
-              }
-              {
-                name = "Dotfiles";
-                subtitle = "Configuration for all my machines";
-                logo = icon "github.png";
-                url = "https://github.com/mateiadrielrafael/everything-nix";
-              }
-              {
-                name = "Cloudflare";
-                subtitle = "Domain management";
-                logo = icon "cloudflare.png";
-                url = "https://dash.cloudflare.com/761d3e81b3e42551e33c4b73274ecc82/moonythm.dev/";
-              }
-            ];
-          }
-          # }}}
         ];
       };
     });
diff --git a/hosts/nixos/lapetus/services/microbin.nix b/hosts/nixos/lapetus/services/microbin.nix
index d966be6..0b857eb 100644
--- a/hosts/nixos/lapetus/services/microbin.nix
+++ b/hosts/nixos/lapetus/services/microbin.nix
@@ -7,9 +7,7 @@ in
   imports = [ ./cloudflared.nix ];
 
   sops.secrets.microbin_env.sopsFile = ../secrets.yaml;
-
-  services.cloudflared.tunnels =
-    config.satellite.cloudflared.proxy host;
+  satellite.cloudflared.targets.${host}.port = port;
 
   services.microbin = {
     enable = true;
diff --git a/hosts/nixos/tethys/default.nix b/hosts/nixos/tethys/default.nix
index b19a034..294692d 100644
--- a/hosts/nixos/tethys/default.nix
+++ b/hosts/nixos/tethys/default.nix
@@ -16,6 +16,7 @@
     ./hardware
     ./boot.nix
     ./services/syncthing.nix
+    ./services/forgejo.nix
   ];
   # }}}
 
diff --git a/modules/nixos/cloudflared.nix b/modules/nixos/cloudflared.nix
index ae71611..5ef4f08 100644
--- a/modules/nixos/cloudflared.nix
+++ b/modules/nixos/cloudflared.nix
@@ -5,18 +5,33 @@ in
   options.satellite.cloudflared = {
     tunnel = lib.mkOption {
       type = lib.types.string;
-      description = "Cloudflare tunnel id to use for the `satellite.cloudflared.proxy` helper";
+      description = "Cloudflare tunnel id to use for the `satellite.cloudflared.targets` helper";
     };
 
-    proxy = lib.mkOption {
-      type = lib.types.functionTo lib.types.anything;
-      description = "Helper function for generating a quick proxy config";
+    targets = lib.mkOption {
+      description = "List of hosts to set up ingress rules for";
+      default = { };
+      type = lib.types.attrsOf (lib.types.submodule ({ name, ... }: {
+        options = {
+          port = lib.mkOption {
+            type = lib.types.port;
+            description = "Localhost port to point the tunnel at";
+          };
+
+          host = lib.mkOption {
+            default = name;
+            type = lib.types.string;
+            description = "Host to direct traffic from";
+          };
+        };
+      }));
     };
   };
 
-  config.satellite.cloudflared.proxy = from: {
-    ${cfg.tunnel} = {
-      ingress.${from} = "http://localhost:8418";
-    };
-  };
+  config.services.cloudflared.tunnels.${cfg.tunnel}.ingress = lib.attrsets.mapAttrs'
+    (_: { port, host }: {
+      name = host;
+      value = "http://localhost:${toString port}";
+    })
+    cfg.targets;
 }
diff --git a/scripts/dns/dns.txt b/scripts/dns/dns.txt
index d80247d..9078523 100644
--- a/scripts/dns/dns.txt
+++ b/scripts/dns/dns.txt
@@ -13,7 +13,9 @@ actual             IN CNAME  lapetus
 api.intray         IN CNAME  lapetus
 api.smos           IN CNAME  lapetus
 cal                IN CNAME  lapetus
+diptime            IN CNAME  lapetus
 docs.smos          IN CNAME  lapetus
+git                IN CNAME  lapetus
 grafana            IN CNAME  lapetus
 intray             IN CNAME  lapetus
 irc                IN CNAME  lapetus
@@ -28,7 +30,6 @@ search             IN CNAME  lapetus
 smos               IN CNAME  lapetus
 warden             IN CNAME  lapetus
 yt                 IN CNAME  lapetus
-diptime            IN CNAME  lapetus
 *.irc              IN CNAME  irc
 
 ; Tunnel used by lapetus