diff --git a/agenix/hosts/tanker/config.nix b/agenix/hosts/tanker/config.nix
index 5eeaa07..e3d3a24 100644
--- a/agenix/hosts/tanker/config.nix
+++ b/agenix/hosts/tanker/config.nix
@@ -16,6 +16,7 @@
 
     msmtp-password = {
       file = ./msmtp/password.age;
+      mode = "444";
     };
 
     atticd-environment = {
diff --git a/flake.lock b/flake.lock
index 035f101..3966fd8 100644
--- a/flake.lock
+++ b/flake.lock
@@ -574,11 +574,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1693718952,
-        "narHash": "sha256-+nGdJlgTk0MPN7NygopipmyylVuAVi7OItIwTlwtGnw=",
+        "lastModified": 1694432324,
+        "narHash": "sha256-bo3Gv6Cp40vAXDBPi2XiDejzp/kyz65wZg4AnEWxAcY=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "793de77d9f83418b428e8ba70d1e42c6507d0d35",
+        "rev": "ca41b8a227dd235b1b308217f116c7e6e84ad779",
         "type": "github"
       },
       "original": {
diff --git a/hardware/disko/tanker.nix b/hardware/disko/tanker.nix
index b47a003..98bd25a 100644
--- a/hardware/disko/tanker.nix
+++ b/hardware/disko/tanker.nix
@@ -162,6 +162,15 @@
               atime = "off";
             };
           };
+
+          forgejo = {
+            type = "zfs_fs";
+            mountpoint = "/var/lib/forgejo";
+            options = {
+              compression = "zstd";
+              atime = "off";
+            };
+          };
         };
       };
     };
diff --git a/home/config/nvim/plugins/lsp.fnl b/home/config/nvim/plugins/lsp.fnl
index 8e6d2f4..57f7587 100644
--- a/home/config/nvim/plugins/lsp.fnl
+++ b/home/config/nvim/plugins/lsp.fnl
@@ -28,6 +28,7 @@
                      :group augroup
                      :desc "Automatic LSP setup"})
   ;; Servers
+  (vim.lsp.set_log_level :OFF)
   (let [capabilities (cmp.default_capabilities)
         flags {:allow_incremental_sync true :debounce_text_changes 700}
         default-config {: capabilities : flags}
diff --git a/home/programs/git.nix b/home/programs/git.nix
index f8bb7af..48d69e6 100644
--- a/home/programs/git.nix
+++ b/home/programs/git.nix
@@ -58,6 +58,27 @@
 
     includes = [
       # Private
+      {
+        condition = "hasconfig:remote.*.url:gitea@git.kempkens.io:*/**";
+        contents = {
+          user = {
+            signingKey = "~/.ssh/GitHub.pub";
+          };
+
+          commit = {
+            gpgSign = true;
+          };
+
+          tag = {
+            gpgSign = true;
+          };
+
+          gpg = {
+            format = "ssh";
+          };
+        };
+      }
+
       {
         condition = "hasconfig:remote.*.url:git@github.com:*/**";
         contents = {
diff --git a/home/programs/nvim/plugins.nix b/home/programs/nvim/plugins.nix
index 021a9ff..ba90a09 100644
--- a/home/programs/nvim/plugins.nix
+++ b/home/programs/nvim/plugins.nix
@@ -30,12 +30,12 @@ in
   };
   nvim-web-devicons = buildVimPluginFrom2Nix {
     pname = "nvim-web-devicons";
-    version = "2023-09-09";
+    version = "2023-09-11";
     src = fetchFromGitHub {
       owner = "kyazdani42";
       repo = "nvim-web-devicons";
-      rev = "ecdeb4e2a4af34fc873bbfbf1f4c4e447e632255";
-      sha256 = "085mpnvj9j97rwnn4a91nf90ilclk4gagkgcralpjn6a9i4zvkr2";
+      rev = "925e2aa30dc9fe9332060199c19f132ec0f3d493";
+      sha256 = "0i2ixmmapld2j681z606g00ws17vwzmpb0cxvbzsx9bqhap3qgzr";
       fetchSubmodules = false;
     };
   };
@@ -242,12 +242,12 @@ in
   };
   nvim-lspconfig = buildVimPluginFrom2Nix {
     pname = "nvim-lspconfig";
-    version = "2023-09-09";
+    version = "2023-09-11";
     src = fetchFromGitHub {
       owner = "neovim";
       repo = "nvim-lspconfig";
-      rev = "d177ad277a638f262edb73c75ffe33e377b95dc5";
-      sha256 = "0sbd3bj0j5blg7998c2mf9pxp8sfj84dsa1rqbmsqz0isjjl0qay";
+      rev = "0d24eeafb5b531c7fac610a3508207f33c76ce6d";
+      sha256 = "08yf6sp26yfpfkqds0f5ld6vjbi5km5p6zsv7kr5fyn87r2rl2rf";
       fetchSubmodules = false;
     };
   };
diff --git a/home/programs/scripts/mp4concat b/home/programs/scripts/mp4concat
new file mode 100755
index 0000000..68d8309
--- /dev/null
+++ b/home/programs/scripts/mp4concat
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+set -eu
+
+tmpfile="_mp4-concat.tmp"
+printf '' >"$tmpfile"
+
+for f in "$@"; do
+  echo "file '$f'" >>"$tmpfile"
+done
+
+ffmpeg -f concat -safe 0 -i "$tmpfile" -c copy mp4concat_output.mp4
+rm -f "$tmpfile"
diff --git a/home/programs/ssh/shared/private.nix b/home/programs/ssh/shared/private.nix
index 73f0a4c..03d3e0a 100644
--- a/home/programs/ssh/shared/private.nix
+++ b/home/programs/ssh/shared/private.nix
@@ -16,6 +16,14 @@
       compression = true;
     };
 
+    "git.kempkens.io" = {
+      port = 22;
+      user = "gitea";
+      identityFile = "~/.ssh/GitHub.pub";
+      identitiesOnly = true;
+      compression = true;
+    };
+
     "router" = {
       hostname = "10.0.0.1";
       port = 22;
diff --git a/system/darwin/yabai.nix b/system/darwin/yabai.nix
index f3ccd1c..ee33686 100644
--- a/system/darwin/yabai.nix
+++ b/system/darwin/yabai.nix
@@ -36,6 +36,7 @@ in
 
     extraConfig = ''
       yabai -m rule --add app='^Dato$' manage=off
+      yabai -m rule --add app='^Dash$' manage=off
       yabai -m rule --add app='^Mona$' manage=off
       yabai -m rule --add app='^System.*einstellungen$' manage=off
 
@@ -67,10 +68,17 @@ in
     meh - f : ${yabai-bin} -m window --toggle zoom-fullscreen
 
     meh - t : ${yabai-bin} -m window --toggle float; ${yabai-bin} -m window --grid 6:6:1:1:4:4
+    meh - m : ${yabai-bin} -m window --grid 6:6:1:1:4:4
+    meh - left : ${yabai-bin} -m window --grid 1:2:0:0:1:1
+    meh - down : ${yabai-bin} -m window --grid 2:2:0:1:2:1
+    meh - up : ${yabai-bin} -m window --grid 2:2:0:0:2:1
+    meh - right : ${yabai-bin} -m window --grid 1:2:1:0:1:1
 
     meh - g : ${yabai-bin} -m window --resize bottom:0:40
     meh - s : ${yabai-bin} -m window --resize bottom:0:-40
 
+    meh - b : ${yabai-bin} -m space --balance
+
     hyper - h : ${yabai-bin} -m window --warp west
     hyper - j : ${yabai-bin} -m window --warp south
     hyper - k : ${yabai-bin} -m window --warp north
diff --git a/system/hosts/tanker.nix b/system/hosts/tanker.nix
index 6d61ef3..2bd0811 100644
--- a/system/hosts/tanker.nix
+++ b/system/hosts/tanker.nix
@@ -32,6 +32,8 @@ in
 
     ../nixos/fedifetcher.nix
 
+    ../nixos/forgejo.nix
+
     (import ../nixos/home-proxy.nix (args // { inherit secret; }))
 
     ../nixos/invidious.nix
diff --git a/system/nixos/forgejo.nix b/system/nixos/forgejo.nix
new file mode 100644
index 0000000..f37250d
--- /dev/null
+++ b/system/nixos/forgejo.nix
@@ -0,0 +1,66 @@
+{ pkgs, ... }:
+
+let
+  fqdn = "git.kempkens.io";
+in
+{
+  services.gitea = {
+    enable = true;
+    package = pkgs.forgejo;
+
+    stateDir = "/var/lib/forgejo";
+
+    database = {
+      type = "postgres";
+    };
+
+    lfs.enable = true;
+
+    appName = "kempkens.io Forge";
+
+    settings = {
+      server = {
+        PROTOCOL = "http+unix";
+        DOMAIN = fqdn;
+        ROOT_URL = "https://${fqdn}/";
+      };
+
+      service = {
+        DISABLE_REGISTRATION = true;
+      };
+
+      mailer = {
+        ENABLED = true;
+        PROTOCOL = "sendmail";
+        FROM = "forgejo@mg.kempkens.io";
+        SENDMAIL_PATH = "${pkgs.system-sendmail}/bin/sendmail";
+      };
+
+      session = {
+        COOKIE_SECURE = true;
+        SAME_SITE = "strict";
+      };
+
+      repository = {
+        DISABLE_HTTP_GIT = true;
+      };
+
+      other = {
+        SHOW_FOOTER_VERSION = false;
+      };
+    };
+  };
+
+  services.nginx.virtualHosts."${fqdn}" = {
+    quic = true;
+    http3 = true;
+
+    onlySSL = true;
+    useACMEHost = "kempkens.io";
+
+    locations."/" = {
+      recommendedProxySettings = true;
+      proxyPass = "http://unix:/run/gitea/gitea.sock";
+    };
+  };
+}