diff --git a/src/system/modules/forgejo/default.nix b/src/system/modules/forgejo/default.nix
index f9a3eca..f5063ae 100644
--- a/src/system/modules/forgejo/default.nix
+++ b/src/system/modules/forgejo/default.nix
@@ -40,10 +40,14 @@ in
       stateDir = "/var/lib/forgejo";
       
       settings = {
+        service.REQUIRE_SIGNIN_VIEW = false;
         server = {
           PROTOCOL = "http+unix";
-          DOMAIN = "127.0.0.1";
+          DOMAIN = "git.ramos.codes";
           HTTP_ADDR = "/run/forgejo/forgejo.sock";
+          SSH_DOMAIN = "git.ramos.codes";
+          SSH_PORT = 443;
+          START_SSH_SERVER = false;
         };
       };
 
diff --git a/src/system/modules/nginx/default.nix b/src/system/modules/nginx/default.nix
index bb35cca..587e583 100644
--- a/src/system/modules/nginx/default.nix
+++ b/src/system/modules/nginx/default.nix
@@ -54,9 +54,20 @@ in
       };
     };
 
+    services.sslh = {
+      enable = true;
+      settings = {
+        listen = [{ host = "0.0.0.0"; port = 443; }];
+        protocols = [
+          { name = "ssh"; host = "127.0.0.1"; port = 22; probe = "builtin"; }
+          { name = "tls"; host = "127.0.0.1"; port = 4443; probe = "builtin"; }
+        ];
+      };
+    };
+
     services.nginx = {
       enable = true;
-      virtualHosts = 
+      virtualHosts =
       let
         certPath = config.security.acme.certs."ramos.codes".directory;
         sslCertificate = "${certPath}/fullchain.pem";
@@ -64,6 +75,10 @@ in
 
         withSSL = hosts: mapAttrs (name: hostConfig: hostConfig // {
           inherit sslCertificate sslCertificateKey;
+          listen = [
+            { addr = "127.0.0.1"; port = 4443; ssl = true; }
+            { addr = "0.0.0.0"; port = 80; }
+          ];
           forceSSL = true;
         }) hosts;