diff --git a/configuration/default.nix b/configuration/default.nix
index bbe474c..0e854c6 100644
--- a/configuration/default.nix
+++ b/configuration/default.nix
@@ -38,7 +38,7 @@
     useDHCP = false;
     interfaces.eth0.useDHCP = true;
 
-    firewall.allowedTCPPorts = [80 443 2222 2221 21025];
+    firewall.allowedTCPPorts = [80 443 2222 21025];
   };
 
   time.timeZone = "Europe/London";
@@ -82,7 +82,6 @@
       domain = config.services.nginx.domain;
     in {
       "${domain}" = proxyPassToPort 3002 {serverAliases = ["www.${domain}"];};
-      "gitea.${domain}" = proxyPassToPort 3000 {};
     };
   };
 
diff --git a/configuration/services/gitea.nix b/configuration/services/gitea.nix
index 5f9ebd0..cd99951 100644
--- a/configuration/services/gitea.nix
+++ b/configuration/services/gitea.nix
@@ -1,48 +1,31 @@
-{config, ...}: {
-  users = {
-    extraUsers.gitea = {
-      uid = config.ids.uids.git;
-      isSystemUser = true;
-      description = "Gitea Service";
-      group = config.users.extraGroups.gitea.name;
-    };
-    extraGroups.gitea = {gid = config.ids.gids.git;};
+{config, ...}: let
+  domain = "gitea.${config.services.nginx.domain}";
+in {
+  services.gitea = {
+    inherit domain;
+    enable = true;
+
+    httpAddress = "127.0.0.1";
+    database.type = "postgres";
+
+    ssh.clonePort = 2222;
+    rootUrl = "https://${domain}/";
+    cookieSecure = true;
+
+    appName = "Gitea: Git with a cup of tea";
+    disableRegistration = true;
   };
 
-  virtualisation.pods.gitea = {
-    hostname = "gitea.tlater.net";
-    publish = ["3000:3000" "2221:2221"];
-    network = "slirp4netns";
+  # Set up SSL
+  services.nginx.virtualHosts."${domain}" = let
+    inherit (config.services.gitea) httpAddress httpPort;
+  in {
+    forceSSL = true;
+    enableACME = true;
+    extraConfig = ''
+      add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
+    '';
 
-    containers = {
-      gitea = {
-        image = "gitea/gitea:latest";
-        volumes = ["gitea:/data:Z" "/etc/localtime:/etc/localtime:ro"];
-        dependsOn = ["postgres"];
-
-        environment = {
-          DB_TYPE = "postgres";
-          DB_HOST = "localhost:5432";
-          DB_NAME = "gitea";
-          DB_USER = "gitea";
-
-          USER_UID = toString config.users.extraUsers.gitea.uid;
-          USER_GID = toString config.users.extraGroups.gitea.gid;
-
-          RUN_MODE = "prod";
-          DOMAIN = "gitea.tlater.net";
-          SSH_PORT = "2221";
-        };
-      };
-
-      postgres = {
-        image = "postgres:alpine";
-        environment = {
-          POSTGRES_DB = "gitea";
-          POSTGRES_USER = "gitea";
-        };
-        volumes = ["gitea-postgres-14:/var/lib/postgresql/data"];
-      };
-    };
+    locations."/".proxyPass = "http://${httpAddress}:${toString httpPort}";
   };
 }