diff --git a/host/roam/git.nix b/host/roam/git.nix
index 5d56b6a..9cd0aee 100644
--- a/host/roam/git.nix
+++ b/host/roam/git.nix
@@ -1,13 +1,34 @@
 { pkgs, var, ... }:
+let
+  gitpath = "/git";
+in
 {
   programs.git.enable = true;
   users.groups.git = { };
   users.users.git = {
     isSystemUser = true;
-    home = "/git";
+    home = gitpath;
+    homeMode = "755";
     createHome = true;
     group = "git";
     shell = "${pkgs.git}/bin/git-shell";
     openssh.authorizedKeys.keys = var.ssh-keys.hd;
+    password = "!";
   };
+
+  services =
+    let
+      cgit-host = "git.lan";
+    in
+    {
+      nginx = {
+        privateVirtualHosts.${cgit-host} = { };
+      };
+      cgit."git" = {
+        group = "git";
+        enable = true;
+        scanPath = gitpath;
+        nginx.virtualHost = cgit-host;
+      };
+    };
 }
diff --git a/var/lan-dns.nix b/var/lan-dns.nix
index 04dcd14..b7aa4d1 100644
--- a/var/lan-dns.nix
+++ b/var/lan-dns.nix
@@ -4,9 +4,11 @@ let
     name = "${name}.lan";
     inherit value;
   }) var.wg.ips;
-  custom-hosts = { };
+  custom-hosts = with var.wg.ips; {
+    "git.lan" = roam;
+  };
 in
 rec {
-  hostsFile = lib.concatStringsSep "\n" (lib.mapAttrsToList (n: v: "${v}\t${n}") hosts);
   hosts = lan-hosts // custom-hosts;
+  hostsFile = lib.concatStringsSep "\n" (lib.mapAttrsToList (n: v: "${v}\t${n}") hosts);
 }