diff --git a/hosts/lab/default.nix b/hosts/lab/default.nix
index d409671..07a547b 100644
--- a/hosts/lab/default.nix
+++ b/hosts/lab/default.nix
@@ -12,13 +12,14 @@
 
   services.openssh = {
     enable = true;
+    ports = [ 4200 ];
     settings = {
       PasswordAuthentication = false;
       PermitRootLogin = "no";
     };
   };
 
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  networking.firewall.allowedTCPPorts = [ 80 443 4200 ];
 
   users.users.lew = {
     isNormalUser = true;
diff --git a/hosts/lab/forgejo.nix b/hosts/lab/forgejo.nix
index d301eee..1fcf379 100644
--- a/hosts/lab/forgejo.nix
+++ b/hosts/lab/forgejo.nix
@@ -12,26 +12,34 @@ in
   services.caddy.virtualHosts."git.ily.rs" = {
     extraConfig = ''
       reverse_proxy localhost:${toString srv.HTTP_PORT}
+      encode zstd gzip
     '';
   };
 
   services.forgejo = {
     enable = true;
+    database.type = "sqlite3";
     lfs.enable = true;
     settings = {
       server = {
         DOMAIN = "git.ily.rs";
         ROOT_URL = "https://git.ily.rs/";
         HTTP_PORT = 3000;
+        SSH_DOMAIN = "git.ily.rs";
         START_SSH_SERVER = true;
-        SSH_PORT = 2222;
-        SSH_LISTEN_PORT = 2222;
+        SSH_PORT = 4201;
+        SSH_LISTEN_PORT = 4201;
+        DISABLE_HTTP_GIT = true;
+      };
+      service = {
+        DISABLE_REGISTRATION = true;
+        REQUIRE_SIGNIN_VIEW = false;
       };
-      service.DISABLE_REGISTRATION = true;
     };
   };
 
-  networking.firewall.allowedTCPPorts = [ 2222 ];
+
+  networking.firewall.allowedTCPPorts = [ 4201 ];
 
   systemd.services.forgejo.preStart = let
     adminCmd = "${lib.getExe cfg.package} admin user";