diff --git a/group_vars/forgejo.yml b/group_vars/forgejo.yml
new file mode 100644
index 0000000..e80e98c
--- /dev/null
+++ b/group_vars/forgejo.yml
@@ -0,0 +1,8 @@
+---
+datadisks:
+  - {size: 10, type: nvme}
+
+firewall_in:
+  - {proto: tcp, port: 22, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 443, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 9100, from: [172.20.20.0/22]}
diff --git a/host_vars/forgejo02.home.foo.sh.yml b/host_vars/forgejo02.home.foo.sh.yml
new file mode 100644
index 0000000..72e305b
--- /dev/null
+++ b/host_vars/forgejo02.home.foo.sh.yml
@@ -0,0 +1,6 @@
+---
+vmhost: vmhost02.home.foo.sh
+network_interfaces:
+  - device: eth0
+    vlan: 20
+    mac: 52:54:00:ac:dc:80
diff --git a/hosts.yml b/hosts.yml
index 3a69313..517e1a1 100644
--- a/hosts.yml
+++ b/hosts.yml
@@ -16,6 +16,11 @@ dnagw:
   hosts:
     dna-gw01.home.foo.sh:
     dna-gw02.home.foo.sh:
+forgejo:
+  hosts:
+    forgejo02.home.foo.sh:
+  vars:
+    forgejo_version: "10.0.1"
 frigate:
   hosts:
     frigate02.home.foo.sh:
@@ -165,6 +170,7 @@ rocky9:
   children:
     adm:
     audiobooks:
+    forgejo:
     frigate:
     gitea:
     homeassistant:
diff --git a/playbooks/forgejo.yml b/playbooks/forgejo.yml
new file mode 100644
index 0000000..ab0ac1b
--- /dev/null
+++ b/playbooks/forgejo.yml
@@ -0,0 +1,28 @@
+---
+- name: Deploy KVM virtual machines
+  ansible.builtin.import_playbook: include/deploy-kvm-guest.yml
+  vars:
+    myhosts: forgejo
+
+- name: Configure instance
+  hosts: forgejo
+  user: root
+  gather_facts: true
+
+  vars_files:
+    - "{{ ansible_private }}/vars.yml"
+
+  pre_tasks:
+    - name: Mount /export
+      ansible.posix.mount:
+        name: /export
+        src: LABEL=/export
+        fstype: xfs
+        opts: noatime,noexec,nosuid,nodev
+        passno: "0"
+        dump: "0"
+        state: mounted
+
+  roles:
+    - base
+    - forgejo