diff --git a/modules/swarm/forgejo/main.tf b/modules/swarm/forgejo/main.tf
new file mode 100644
index 0000000..2f29ec7
--- /dev/null
+++ b/modules/swarm/forgejo/main.tf
@@ -0,0 +1,83 @@
+data "docker_registry_image" "forgejo" {
+  name = "codeberg.org/forgejo/forgejo:1.21"
+}
+
+data "docker_network" "traefik" {
+  name = "traefik"
+}
+
+locals {
+  labels = {
+    "shepherd.auto-update"                                   = "true",
+    "traefik.enable"                                         = "true"
+    "traefik.http.services.forgejo.loadbalancer.server.port" = "3000",
+    "traefik.http.routers.forgejo.rule"                      = "Host(`git.chaoswest.tv`)",
+    "traefik.http.routers.forgejo.tls"                       = "true",
+    "traefik.http.routers.forgejo.tls.certresolver"          = "default",
+  }
+}
+
+resource "docker_service" "forgejo" {
+  name = "forgejo"
+
+  dynamic "labels" {
+    for_each = local.labels
+    content {
+      label = labels.key
+      value = labels.value
+    }
+  }
+
+  task_spec {
+    networks_advanced {
+      name = data.docker_network.traefik.id
+    }
+
+    container_spec {
+      image = "${data.docker_registry_image.forgejo.name}@${data.docker_registry_image.forgejo.sha256_digest}"
+
+      env = {
+        USER_UID                = "1000"
+        USER_GID                = "1000"
+        FORGEJO__server__DOMAIN = "git.chaoswest.tv"
+        # Enabling checkouts via SSH through docker is possible, but not worth the effort
+        FORGEJO__server__DISABLE_SSH = "true"
+        FORGEJO__server__ROOT_URL    = "https://git.chaoswest.tv"
+        # Login only through Authentik
+        FORGEJO__service__DISABLE_REGISTRATION             = "false"
+        FORGEJO__service__ALLOW_ONLY_EXTERNAL_REGISTRATION = "true"
+        FORGEJO__openid__ENABLE_OPENID_SIGNIN              = "false"
+        FORGEJO__openid__ENABLE_OPENID_SIGNUP              = "false"
+        # Allow everyone to create an account through Authentik
+        FORGEJO__oauth2_client__ENABLE_AUTO_REGISTRATION = "true"
+        # Disable users from being able to create repos/orgs without admin intervention
+        FORGEJO__repository__MAX_CREATION_LIMIT      = "0"
+        FORGEJO__admin__DISABLE_REGULAR_ORG_CREATION = "true"
+      }
+
+      mounts {
+        target = "/data"
+        source = "/mnt/data/forgejo/"
+        type   = "bind"
+      }
+
+      mounts {
+        target    = "/etc/localtime"
+        source    = "/etc/localtime"
+        type      = "bind"
+        read_only = true
+      }
+    }
+  }
+}
+
+data "hetznerdns_zone" "primary" {
+  name = "chaoswest.tv"
+}
+
+resource "hetznerdns_record" "primary" {
+  zone_id = data.hetznerdns_zone.primary.id
+  name    = "git"
+  value   = "ax41-1.fsn.mon2.de."
+  type    = "CNAME"
+}
diff --git a/modules/swarm/forgejo/outputs.tf b/modules/swarm/forgejo/outputs.tf
new file mode 100644
index 0000000..e69de29
diff --git a/modules/swarm/forgejo/variables.tf b/modules/swarm/forgejo/variables.tf
new file mode 100644
index 0000000..e69de29
diff --git a/modules/swarm/forgejo/version.tf b/modules/swarm/forgejo/version.tf
new file mode 100644
index 0000000..be1d72e
--- /dev/null
+++ b/modules/swarm/forgejo/version.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_version = "1.5.5"
+  required_providers {
+    hetznerdns = {
+      source  = "timohirt/hetznerdns"
+      version = "~>2.2"
+    }
+    docker = {
+      source  = "kreuzwerker/docker"
+      version = "~>3.0"
+    }
+  }
+}
diff --git a/modules/swarm/shit/main.tf b/modules/swarm/shit/main.tf
index 5596d4f..bd46da8 100644
--- a/modules/swarm/shit/main.tf
+++ b/modules/swarm/shit/main.tf
@@ -44,3 +44,14 @@ resource "docker_service" "shit" {
     }
   }
 }
+
+data "hetznerdns_zone" "primary" {
+  name = "montage2.de"
+}
+
+resource "hetznerdns_record" "primary" {
+  zone_id = data.hetznerdns_zone.primary.id
+  name    = "shit"
+  value   = "ax41-1.fsn.mon2.de."
+  type    = "CNAME"
+}
diff --git a/modules/swarm/shit/version.tf b/modules/swarm/shit/version.tf
index 66da36d..be1d72e 100644
--- a/modules/swarm/shit/version.tf
+++ b/modules/swarm/shit/version.tf
@@ -11,14 +11,3 @@ terraform {
     }
   }
 }
-
-data "hetznerdns_zone" "primary" {
-  name = "montage2.de"
-}
-
-resource "hetznerdns_record" "primary" {
-  zone_id = data.hetznerdns_zone.primary.id
-  name    = "shit"
-  value   = "ax41-1.fsn.mon2.de."
-  type    = "CNAME"
-}
diff --git a/stacks/ax41-1/README.md b/stacks/ax41-1/README.md
index 7cd7123..d8a18ee 100644
--- a/stacks/ax41-1/README.md
+++ b/stacks/ax41-1/README.md
@@ -19,6 +19,7 @@
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_deckchores"></a> [deckchores](#module\_deckchores) | ../../modules/swarm/deckchores | n/a |
+| <a name="module_forgejo"></a> [forgejo](#module\_forgejo) | ../../modules/swarm/forgejo | n/a |
 | <a name="module_grafana"></a> [grafana](#module\_grafana) | ../../modules/swarm/grafana | n/a |
 | <a name="module_hedgedoc"></a> [hedgedoc](#module\_hedgedoc) | ../../modules/swarm/hedgedoc | n/a |
 | <a name="module_jitsi"></a> [jitsi](#module\_jitsi) | ../../modules/swarm/jitsi | n/a |
diff --git a/stacks/ax41-1/main.tf b/stacks/ax41-1/main.tf
index baffa9c..646544c 100644
--- a/stacks/ax41-1/main.tf
+++ b/stacks/ax41-1/main.tf
@@ -29,3 +29,7 @@ module "hedgedoc" {
 module "shit" {
   source = "../../modules/swarm/shit"
 }
+
+module "forgejo" {
+  source = "../../modules/swarm/forgejo"
+}