diff --git a/assets/forgejo/apple-touch-icon.png b/assets/forgejo/apple-touch-icon.png
deleted file mode 100644
index 78da40f..0000000
Binary files a/assets/forgejo/apple-touch-icon.png and /dev/null differ
diff --git a/assets/forgejo/avatar_default.png b/assets/forgejo/avatar_default.png
deleted file mode 100644
index ce6f772..0000000
Binary files a/assets/forgejo/avatar_default.png and /dev/null differ
diff --git a/assets/forgejo/favicon.png b/assets/forgejo/favicon.png
deleted file mode 100644
index f6e48b9..0000000
Binary files a/assets/forgejo/favicon.png and /dev/null differ
diff --git a/assets/forgejo/favicon.svg b/assets/forgejo/favicon.svg
deleted file mode 100644
index 7cf10f5..0000000
--- a/assets/forgejo/favicon.svg
+++ /dev/null
@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" xml:space="preserve" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linecap:round;stroke-linejoin:round" viewBox="0 0 380 380" width="32" height="32"><path d="M149.575 234.069q-1.811-19.766-14.887-37.117l-3.95-2.915q11.298-2.199 20.018-8.145l2.017 2.236q9.436.497 18.673-2.59c-1.959-4.581-5.162-9.942-9.113-15.187 6.358-5.113 10.839-9.91 12.947-15.288q-10.332-.871-17.08.648l4.084-3.329c9.155-4.309 12.227-16.306 12.515-36.033.26-17.767-1.208-32.111-7.701-43.184q-34.73 24.961-35.481 42.674-13.548-18.255-35.253-18.564c.448 5.884 2.21 12.099 5.565 17.243-2.604.285-4.894 1.216-7.859 2.411-12.156-13.612-23.673-29.376-34.414-47.008-8.039 23.269-11.333 40.023-11.455 50.284-.185 15.523 2.061 27.432 8.313 35.773l3.091 3.727-16.713-1.928c2.54 8.707 7.805 10.601 12.388 14.2-3.162 5.672-6.712 11.419-5.2 16.186 4.853 1.053 10.244.317 15.543-.116q12.885 6.631 30.679 9.057c-3.911.199-8.614.271-18.699-1.928q1.927 7.567 10.869 12.33-5.961 4.674-7.947 10.518 5.58-.468 10.226-1.169-3.624 8.152-4.909 17.239" style="fill:#fff;fill-rule:nonzero" transform="translate(-96.92 -181.242)scale(2.62918)"/><path d="M85.842 234.094q1.285-9.087 4.909-17.239-4.646.701-10.226 1.169 1.986-5.844 7.947-10.518-8.942-4.763-10.869-12.33c10.085 2.199 14.788 2.127 18.699 1.928q-17.793-2.425-30.679-9.058c-5.299.434-10.69 1.17-15.543.117-1.512-4.767 2.038-10.514 5.2-16.186-4.583-3.6-9.848-5.493-12.388-14.2l16.713 1.928M56.514 155.978c-6.252-8.341-8.498-20.25-8.313-35.773.122-10.261 3.416-27.015 11.455-50.284q16.112 26.448 34.068 46.565" style="fill:none;fill-rule:nonzero;stroke:#000;stroke-width:1.59px" transform="translate(-96.92 -181.242)scale(2.62918)"/><path d="M108.929 122.454q-13.353 2.18-23.373.049c8.248-6.371 12.822-8.004 18.865-8.135" style="fill:none;fill-rule:nonzero;stroke:#000;stroke-width:1.59px" transform="translate(-96.92 -181.242)scale(2.62918)"/><path d="M102.706 115.642c-3.863-5.34-5.86-12.045-6.342-18.367q21.705.31 35.253 18.563.751-17.712 35.481-42.673c6.493 11.073 7.961 25.417 7.701 43.184-.288 19.727-3.36 31.724-12.515 36.033M158.2 155.711q6.748-1.52 17.08-.648c-2.108 5.378-6.589 10.175-12.947 15.288 3.951 5.245 7.154 10.606 9.113 15.187q-9.237 3.087-18.673 2.59M130.738 194.037q11.298-2.199 20.018-8.145M149.575 234.069q-1.811-19.766-14.887-37.117M65.551 146.77l29.868-1.53M70.019 170.273q-4.531-9.216 1.71-23.819" style="fill:none;fill-rule:nonzero;stroke:#000;stroke-width:1.59px" transform="translate(-96.92 -181.242)scale(2.62918)"/><path d="M82.462 145.904c-1.913 14.213.121 23.042 6.417 23.03 6.855-.014 8.935-9.064 6.54-23.694" style="fill-rule:nonzero;stroke:#000;stroke-width:1.59px" transform="translate(-96.92 -181.242)scale(2.62918)"/><path d="M122.796 145.382q13.86-3.124 28.791-1.607" style="fill:none;fill-rule:nonzero;stroke:#000;stroke-width:1.59px" transform="translate(-96.92 -181.242)scale(2.62918)"/><path d="M143.816 143.298c5.18 5.875 5.983 14.532 4.825 24.09" style="fill:none;fill-rule:nonzero;stroke:#000;stroke-width:1.59px" transform="translate(-96.92 -181.242)scale(2.62918)"/><path d="M122.796 145.382c-1.413 14.984.295 21.028 5.401 21.024 11.093-.008 5.742-13.933 6.606-22.844" style="fill-rule:nonzero;stroke:#000;stroke-width:1.59px" transform="translate(-96.92 -181.242)scale(2.62918)"/><path d="M100.913 170.171a31 31 0 0 1 7.467-.581M94.877 182.466c3.607 2.981 6.483 2.176 12.251-2.727 6.426 1.759 13.671 4.519 16.185-1.431" style="fill:none;fill-rule:nonzero;stroke:#000;stroke-width:1.59px" transform="translate(-96.92 -181.242)scale(2.62918)"/><path d="M60.711 175.474q2.568-2.85 6.354-2.742c-.29 2.933-.746 3.681-1.211 5.237-.775 2.588 6.18-1.728 9.088-3.278M140.128 175.257l4.115-3.759c.165 2.013-.146 5.293.486 6.06 2.44-.927 4.167-3.564 6.223-5.412" style="fill:none;fill-rule:nonzero;stroke:#c41818;stroke-width:1.59px" transform="translate(-96.92 -181.242)scale(2.62918)"/></svg>
\ No newline at end of file
diff --git a/assets/forgejo/logo.png b/assets/forgejo/logo.png
deleted file mode 100644
index ca1d390..0000000
Binary files a/assets/forgejo/logo.png and /dev/null differ
diff --git a/assets/forgejo/logo.svg b/assets/forgejo/logo.svg
deleted file mode 100644
index 7cf10f5..0000000
--- a/assets/forgejo/logo.svg
+++ /dev/null
@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" xml:space="preserve" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linecap:round;stroke-linejoin:round" viewBox="0 0 380 380" width="32" height="32"><path d="M149.575 234.069q-1.811-19.766-14.887-37.117l-3.95-2.915q11.298-2.199 20.018-8.145l2.017 2.236q9.436.497 18.673-2.59c-1.959-4.581-5.162-9.942-9.113-15.187 6.358-5.113 10.839-9.91 12.947-15.288q-10.332-.871-17.08.648l4.084-3.329c9.155-4.309 12.227-16.306 12.515-36.033.26-17.767-1.208-32.111-7.701-43.184q-34.73 24.961-35.481 42.674-13.548-18.255-35.253-18.564c.448 5.884 2.21 12.099 5.565 17.243-2.604.285-4.894 1.216-7.859 2.411-12.156-13.612-23.673-29.376-34.414-47.008-8.039 23.269-11.333 40.023-11.455 50.284-.185 15.523 2.061 27.432 8.313 35.773l3.091 3.727-16.713-1.928c2.54 8.707 7.805 10.601 12.388 14.2-3.162 5.672-6.712 11.419-5.2 16.186 4.853 1.053 10.244.317 15.543-.116q12.885 6.631 30.679 9.057c-3.911.199-8.614.271-18.699-1.928q1.927 7.567 10.869 12.33-5.961 4.674-7.947 10.518 5.58-.468 10.226-1.169-3.624 8.152-4.909 17.239" style="fill:#fff;fill-rule:nonzero" transform="translate(-96.92 -181.242)scale(2.62918)"/><path d="M85.842 234.094q1.285-9.087 4.909-17.239-4.646.701-10.226 1.169 1.986-5.844 7.947-10.518-8.942-4.763-10.869-12.33c10.085 2.199 14.788 2.127 18.699 1.928q-17.793-2.425-30.679-9.058c-5.299.434-10.69 1.17-15.543.117-1.512-4.767 2.038-10.514 5.2-16.186-4.583-3.6-9.848-5.493-12.388-14.2l16.713 1.928M56.514 155.978c-6.252-8.341-8.498-20.25-8.313-35.773.122-10.261 3.416-27.015 11.455-50.284q16.112 26.448 34.068 46.565" style="fill:none;fill-rule:nonzero;stroke:#000;stroke-width:1.59px" transform="translate(-96.92 -181.242)scale(2.62918)"/><path d="M108.929 122.454q-13.353 2.18-23.373.049c8.248-6.371 12.822-8.004 18.865-8.135" style="fill:none;fill-rule:nonzero;stroke:#000;stroke-width:1.59px" transform="translate(-96.92 -181.242)scale(2.62918)"/><path d="M102.706 115.642c-3.863-5.34-5.86-12.045-6.342-18.367q21.705.31 35.253 18.563.751-17.712 35.481-42.673c6.493 11.073 7.961 25.417 7.701 43.184-.288 19.727-3.36 31.724-12.515 36.033M158.2 155.711q6.748-1.52 17.08-.648c-2.108 5.378-6.589 10.175-12.947 15.288 3.951 5.245 7.154 10.606 9.113 15.187q-9.237 3.087-18.673 2.59M130.738 194.037q11.298-2.199 20.018-8.145M149.575 234.069q-1.811-19.766-14.887-37.117M65.551 146.77l29.868-1.53M70.019 170.273q-4.531-9.216 1.71-23.819" style="fill:none;fill-rule:nonzero;stroke:#000;stroke-width:1.59px" transform="translate(-96.92 -181.242)scale(2.62918)"/><path d="M82.462 145.904c-1.913 14.213.121 23.042 6.417 23.03 6.855-.014 8.935-9.064 6.54-23.694" style="fill-rule:nonzero;stroke:#000;stroke-width:1.59px" transform="translate(-96.92 -181.242)scale(2.62918)"/><path d="M122.796 145.382q13.86-3.124 28.791-1.607" style="fill:none;fill-rule:nonzero;stroke:#000;stroke-width:1.59px" transform="translate(-96.92 -181.242)scale(2.62918)"/><path d="M143.816 143.298c5.18 5.875 5.983 14.532 4.825 24.09" style="fill:none;fill-rule:nonzero;stroke:#000;stroke-width:1.59px" transform="translate(-96.92 -181.242)scale(2.62918)"/><path d="M122.796 145.382c-1.413 14.984.295 21.028 5.401 21.024 11.093-.008 5.742-13.933 6.606-22.844" style="fill-rule:nonzero;stroke:#000;stroke-width:1.59px" transform="translate(-96.92 -181.242)scale(2.62918)"/><path d="M100.913 170.171a31 31 0 0 1 7.467-.581M94.877 182.466c3.607 2.981 6.483 2.176 12.251-2.727 6.426 1.759 13.671 4.519 16.185-1.431" style="fill:none;fill-rule:nonzero;stroke:#000;stroke-width:1.59px" transform="translate(-96.92 -181.242)scale(2.62918)"/><path d="M60.711 175.474q2.568-2.85 6.354-2.742c-.29 2.933-.746 3.681-1.211 5.237-.775 2.588 6.18-1.728 9.088-3.278M140.128 175.257l4.115-3.759c.165 2.013-.146 5.293.486 6.06 2.44-.927 4.167-3.564 6.223-5.412" style="fill:none;fill-rule:nonzero;stroke:#c41818;stroke-width:1.59px" transform="translate(-96.92 -181.242)scale(2.62918)"/></svg>
\ No newline at end of file
diff --git a/flake.nix b/flake.nix
index 821117f..c49e260 100644
--- a/flake.nix
+++ b/flake.nix
@@ -65,10 +65,6 @@
               # racket
               "*.rkt"
               "**/rashrc"
-
-              # custom assets
-              "*.png"
-              "*.svg"
             ];
             settings.on-unmatched = "fatal";
           };
diff --git a/hosts/kazuki/default.nix b/hosts/kazuki/default.nix
index 8464cb5..df92f1c 100644
--- a/hosts/kazuki/default.nix
+++ b/hosts/kazuki/default.nix
@@ -15,6 +15,7 @@
         ./storage.nix
         ./ntfy.nix
         ./zitadel.nix
+        ./forgejo.nix
         ./prometheus.nix
       ];
 
diff --git a/hosts/kazuki/forgejo.nix b/hosts/kazuki/forgejo.nix
new file mode 100644
index 0000000..9f200e2
--- /dev/null
+++ b/hosts/kazuki/forgejo.nix
@@ -0,0 +1,62 @@
+{ config, ... }:
+{
+  age.secrets.rab-lol-cf = {
+    file = ../../secrets/rab-lol-cf.age;
+    owner = config.services.nginx.user;
+  };
+
+  services.forgejo = {
+    enable = true;
+    settings = {
+      server = {
+        DOMAIN = "git.rab.lol";
+        ROOT_URL = "https://git.rab.lol/";
+      };
+      oauth2_client = {
+        REGISTER_EMAIL_CONFIRM = false;
+        ENABLE_AUTO_REGISTRATION = true;
+        ACCOUNT_LINKING = "auto";
+        UPDATE_AVATAR = true;
+      };
+      service = {
+        DISABLE_REGISTRATION = false;
+        ALLOW_ONLY_INTERNAL_REGISTRATION = false;
+        ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
+      };
+      federation.ENABLED = true;
+    };
+    repositoryRoot = "/storage-box/forgejo/repos";
+    lfs = {
+      enable = true;
+      contentDir = "/storage-box/forgejo/lfs";
+    };
+  };
+
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedTlsSettings = true;
+    virtualHosts."git.rab.lol" = {
+      forceSSL = true;
+      enableACME = true;
+      acmeRoot = null;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:3000";
+        extraConfig = ''
+          proxy_set_header Connection $http_connection;
+          proxy_set_header Upgrade $http_upgrade;
+        '';
+      };
+    };
+  };
+
+  users.users.nginx.extraGroups = [ "acme" ];
+  security.acme.acceptTerms = true;
+  security.acme.certs."git.rab.lol" = {
+    dnsProvider = "cloudflare";
+    credentialsFile = config.age.secrets.rab-lol-cf.path;
+    email = "nikodem@rabulinski.com";
+  };
+}
diff --git a/modules/system/containers.nix b/modules/system/containers.nix
index 26e7e7e..a0942f9 100644
--- a/modules/system/containers.nix
+++ b/modules/system/containers.nix
@@ -85,12 +85,6 @@ let
 
           services.openssh.hostKeys = [ ];
           system.stateVersion = lib.mkDefault config.system.stateVersion;
-
-          networking.useHostResolvConf = false;
-          networking.nameservers = [
-            "1.1.1.1"
-            "1.0.0.1"
-          ];
         };
 
         bindMounts = {
@@ -101,11 +95,6 @@ let
         privateNetwork = lib.mkForce true;
       }
     ) config.settei.containers;
-
-    networking.nat = lib.mkIf (config.settei.containers != { }) {
-      enable = true;
-      internalInterfaces = [ "ve-+" ];
-    };
   };
 
   darwinConfig = lib.optionalAttrs (!isLinux) {
diff --git a/services/default.nix b/services/default.nix
index dfee582..1837462 100644
--- a/services/default.nix
+++ b/services/default.nix
@@ -2,6 +2,5 @@
   imports = [
     ./attic.nix
     ./forgejo-runner.nix
-    ./forgejo.nix
   ];
 }
diff --git a/services/forgejo.nix b/services/forgejo.nix
deleted file mode 100644
index 4b9ea02..0000000
--- a/services/forgejo.nix
+++ /dev/null
@@ -1,98 +0,0 @@
-{
-  services.forgejo = {
-    host = "kazuki";
-    ports = [ 3000 ];
-    config =
-      { config, pkgs, ... }:
-      {
-        age.secrets.rab-lol-cf = {
-          file = ../secrets/rab-lol-cf.age;
-          owner = config.services.nginx.user;
-        };
-
-        services.forgejo = {
-          enable = true;
-          package = pkgs.forgejo;
-          settings = {
-            server = {
-              DOMAIN = "git.rab.lol";
-              ROOT_URL = "https://git.rab.lol/";
-            };
-            security = {
-              DISABLE_GIT_HOOKS = false;
-            };
-            oauth2_client = {
-              REGISTER_EMAIL_CONFIRM = false;
-              ENABLE_AUTO_REGISTRATION = true;
-              ACCOUNT_LINKING = "auto";
-              UPDATE_AVATAR = true;
-            };
-            service = {
-              DISABLE_REGISTRATION = false;
-              ALLOW_ONLY_INTERNAL_REGISTRATION = false;
-              ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
-            };
-            session = {
-              SESSION_LIFE_TIME = 86400 * 30;
-            };
-            federation.ENABLED = true;
-          };
-          repositoryRoot = "/forgejo/repos";
-          lfs = {
-            enable = true;
-            contentDir = "/forgejo/lfs";
-          };
-        };
-
-        systemd.tmpfiles.rules =
-          let
-            cfg = config.services.forgejo;
-            imgDir = pkgs.runCommand "forgejo-img-dir" { } ''
-              cp -R ${../assets/forgejo} "$out"
-            '';
-          in
-          [
-            "d '${cfg.customDir}/public' 0750 ${cfg.user} ${cfg.group} - -"
-            "d '${cfg.customDir}/public/assets' 0750 ${cfg.user} ${cfg.group} - -"
-            "L+ '${cfg.customDir}/public/assets/img' - - - - ${imgDir}"
-          ];
-
-        services.nginx = {
-          enable = true;
-          recommendedProxySettings = true;
-          recommendedGzipSettings = true;
-          recommendedOptimisation = true;
-          recommendedTlsSettings = true;
-          virtualHosts."git.rab.lol" = {
-            forceSSL = true;
-            enableACME = true;
-            acmeRoot = null;
-            locations."/" = {
-              proxyPass = "http://127.0.0.1:3000";
-              extraConfig = ''
-                proxy_set_header Connection $http_connection;
-                proxy_set_header Upgrade $http_upgrade;
-              '';
-            };
-          };
-        };
-
-        users.users.nginx.extraGroups = [ "acme" ];
-        security.acme.acceptTerms = true;
-        security.acme.certs."git.rab.lol" = {
-          dnsProvider = "cloudflare";
-          credentialsFile = config.age.secrets.rab-lol-cf.path;
-          email = "nikodem@rabulinski.com";
-        };
-
-        fileSystems."/forgejo" = {
-          device = "/dev/disk/by-label/forgejo";
-          fsType = "btrfs";
-          options = [
-            "compress=zstd"
-            "noatime"
-          ];
-        };
-      };
-  };
-}