diff --git a/modules/forgejo.nix b/modules/forgejo.nix
index 9fce1fe..36d848e 100644
--- a/modules/forgejo.nix
+++ b/modules/forgejo.nix
@@ -14,6 +14,9 @@ in {
 
   services.forgejo = {
     enable = true;
+    user = "git";
+    group = cfg.user;
+    database.user = cfg.user;
     
     settings = {
       server = {
@@ -44,4 +47,15 @@ in {
       mirror.DEFAULT_INTERVAL = "1h";
     };
   };
+
+  users.users.${cfg.user} = {
+    home = cfg.stateDir;
+    useDefaultShell = true;
+    group = cfg.group;
+    isSystemUser = true;
+  };
+  users.groups.${cfg.group} = {};
+
+  services.openssh.enable = true;
+  services.openssh.settings.AcceptEnv = "GIT_PROTOCOL";
 }