diff --git a/clients/quadraticserver/forgejo.nix b/clients/quadraticserver/forgejo.nix
new file mode 100644
index 0000000..b8c0152
--- /dev/null
+++ b/clients/quadraticserver/forgejo.nix
@@ -0,0 +1,41 @@
+{
+  pkgs,
+  config,
+  ...
+}: {
+  services = let
+    domain = "git.henryhiles.com";
+    socket = "/run/forgejo/socket";
+  in {
+    forgejo = {
+      enable = true;
+      package = pkgs.forgejo; # Not LTS
+      settings = {
+        service.DISABLE_REGISTRATION = true;
+        repository.GO_GET_CLONE_URL_PROTOCOL = "ssh";
+
+        server = {
+          DOMAIN = domain;
+          ROOT_URL = "https://${domain}";
+          HTTP_ADDR = socket;
+          PROTOCOL = "http+unix";
+        };
+      };
+    };
+
+    gitea-actions-runner = {
+      package = pkgs.forgejo-actions-runner;
+      instances.default = {
+        enable = true;
+        name = "monolith";
+        url = "https://git.henryhiles.com";
+        tokenFile = config.age.secrets."runnerToken.age".path;
+        labels = [
+          "native:host"
+        ];
+      };
+    };
+
+    caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy unix/${socket}";
+  };
+}
diff --git a/flake.lock b/flake.lock
index 0c59384..b0650b5 100644
--- a/flake.lock
+++ b/flake.lock
@@ -131,11 +131,11 @@
     "firefox-gnome-theme": {
       "flake": false,
       "locked": {
-        "lastModified": 1742173552,
-        "narHash": "sha256-8EQS6zY47hVa3jWG9d2MuHK+1JmG/6vdp8gEd2eKFow=",
+        "lastModified": 1742826799,
+        "narHash": "sha256-v1uYWuOPpXgUxx8WPLtXyLLCBL2/lgMjqyg7K9RPirw=",
         "owner": "rafaelmardojai",
         "repo": "firefox-gnome-theme",
-        "rev": "072ee5d3e8b6f575a31cc294054537dc841d5049",
+        "rev": "26b99e51e7f15a62eb3f90aea536d9ba55f782df",
         "type": "github"
       },
       "original": {
@@ -343,11 +343,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1742508854,
-        "narHash": "sha256-vQQTIl4+slrcu7ftVKNBql9ngBdY0dcYGujdT7zIVp0=",
+        "lastModified": 1742871411,
+        "narHash": "sha256-F3xBdOs5m0SE6Gq3jz+JxDOPvsLs22vbGfD05uF6xEc=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "da0181819479ddc034a3db9a77ed21ea3bcc0668",
+        "rev": "869f2ec2add75ce2a70a6dbbf585b8399abec625",
         "type": "github"
       },
       "original": {
@@ -379,11 +379,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1742288794,
-        "narHash": "sha256-Txwa5uO+qpQXrNG4eumPSD+hHzzYi/CdaM80M9XRLCo=",
+        "lastModified": 1742669843,
+        "narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "b6eaf97c6960d97350c584de1b6dcff03c9daf42",
+        "rev": "1e5b653dff12029333a6546c11e108ede13052eb",
         "type": "github"
       },
       "original": {
@@ -470,11 +470,11 @@
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1742493140,
-        "narHash": "sha256-deeSwFTs5mAR0lHIccRrND/+YIhgJwdXwJE9iHIP8ec=",
+        "lastModified": 1742888184,
+        "narHash": "sha256-RQcDOflYvsl2BV3q2lFmjY1qnBIv2P1n8FVviVnL9Lo=",
         "owner": "wamserma",
         "repo": "flake-programs-sqlite",
-        "rev": "84d4a332c0f98637d504f9d5ad5610a263d271fe",
+        "rev": "4ba0fb3ef21aa09b1e951476f785cf746bad019a",
         "type": "github"
       },
       "original": {
@@ -538,11 +538,11 @@
         "tinted-zed": "tinted-zed"
       },
       "locked": {
-        "lastModified": 1742496983,
-        "narHash": "sha256-UpJrU0DEhNLVZwL/RPVOEUHCG6iDOVDoYelkmgS4V38=",
+        "lastModified": 1742856759,
+        "narHash": "sha256-IiHFsSC2xXD/RT4CW5ThaBybFQ+xha7HOTGbdD+TiXQ=",
         "owner": "danth",
         "repo": "stylix",
-        "rev": "7e9906679d384472849272e5a5eef7adbdb1d87f",
+        "rev": "b4feb69fd2c1b6ef02a6a81761a62af62ac7bf1b",
         "type": "github"
       },
       "original": {
diff --git a/modules/common/auto-cpufreq.nix b/modules/common/auto-cpufreq.nix
index a03af2d..f4098e1 100644
--- a/modules/common/auto-cpufreq.nix
+++ b/modules/common/auto-cpufreq.nix
@@ -1,4 +1,4 @@
 {
   services.power-profiles-daemon.enable = false;
-  services.auto-cpufreq.enable = true;
+  # services.auto-cpufreq.enable = true; TODO: Turn back on once https://github.com/NixOS/nixpkgs/pull/392666 is merged
 }
diff --git a/secrets/keys.nix b/secrets/keys.nix
index 44c14dc..b74aa4c 100644
--- a/secrets/keys.nix
+++ b/secrets/keys.nix
@@ -1,5 +1,5 @@
 with builtins;
   filter isString (split "\n" (readFile (fetchurl {
-    url = "https://github.com/Henry-Hiles.keys";
+    url = "https://git.henryhiles.com/Henry-Hiles.keys";
     sha256 = "1k73c228rgzq7ymf5vaj6wfqzkqm6yzq5lq0syb7mzbrvngvr2jc";
   })))
diff --git a/secrets/runnerToken.age b/secrets/runnerToken.age
new file mode 100644
index 0000000..146d569
Binary files /dev/null and b/secrets/runnerToken.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
deleted file mode 100644
index 103e3bf..0000000
--- a/secrets/secrets.nix
+++ /dev/null
@@ -1 +0,0 @@
-with builtins; filter isString (split "\n" (readFile (fetchurl "https://github.com/Henry-Hiles.keys")))