diff --git a/modules/containers/forgejo.nix b/modules/containers/forgejo.nix
index 20801d9..00984df 100644
--- a/modules/containers/forgejo.nix
+++ b/modules/containers/forgejo.nix
@@ -127,6 +127,18 @@ in {
         ...
       }: {
         environment.systemPackages = [pkgs.forgejo];
+
+        services.openssh = {
+          enable = true;
+          ports = [cfg.sshPort];
+          settings = {
+            PermitRootLogin = "no";
+            PasswordAuthentication = false;
+            KbdInteractiveAuthentication = false;
+            # AllowUsers = ["git"];
+          };
+        };
+
         services.forgejo = {
           enable = true;
 
diff --git a/modules/containers/nginx.nix b/modules/containers/nginx.nix
index 6b0cc6d..6526eae 100644
--- a/modules/containers/nginx.nix
+++ b/modules/containers/nginx.nix
@@ -30,6 +30,13 @@ in {
     services.nginx = {
       enable = true;
 
+      streamConfig = ''
+        server {
+          listen ${toString config.horseman.containers.forgejo.sshPort};
+          proxy_pass ${config.containers.forgejo.localAddress}:${toString config.horseman.containers.forgejo.sshPort};
+        }
+      '';
+
       virtualHosts = {
         "${cfg.domain}" = {
           forceSSL = true;
@@ -72,7 +79,7 @@ in {
     networking = {
       firewall = {
         enable = true;
-        allowedTCPPorts = [80 443];
+        allowedTCPPorts = [80 443 config.horseman.containers.forgejo.sshPort];
       };
     };
   };