diff --git a/forgejo.nix b/forgejo.nix
index 8ecb51d..6a76a33 100644
--- a/forgejo.nix
+++ b/forgejo.nix
@@ -1,16 +1,18 @@
-{ config, ... }:
-
-let
-  domain = "git.sondell.org";
-	# derp = "hi";
-in
 {
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
+  domain = "git.sondell.org";
+  # derp = "hi";
+in {
   services.forgejo = {
     enable = true;
     stateDir = "/pool/var/lib/forgejo";
     settings = {
       service = {
-        # DISABLE_REGISTRATION = true;
+        DISABLE_REGISTRATION = true;
       };
       server = {
         ROOT_URL = "https://${domain}/";
@@ -19,6 +21,24 @@ in
     };
   };
 
+  environment.systemPackages = let
+    cfg = config.services.forgejo;
+    forgejo-cli = pkgs.writeScriptBin "forgejo-cli" ''
+      #!${pkgs.runtimeShell}
+      cd ${cfg.stateDir}
+      sudo=exec
+      if [[ "$USER" != forgejo ]]; then
+        sudo='exec /run/wrappers/bin/sudo -u ${cfg.user} -g ${cfg.group} --preserve-env=GITEA_WORK_DIR --preserve-env=GITEA_CUSTOM'
+      fi
+      # Note that these variable names will change
+      export GITEA_WORK_DIR=${cfg.stateDir}
+      export GITEA_CUSTOM=${cfg.customDir}
+      $sudo ${lib.getExe cfg.package} "$@"
+    '';
+  in [
+    forgejo-cli
+  ];
+
   services.nginx = {
     appendHttpConfig = ''
       map $uri $forgejo_access_log {
@@ -36,4 +56,3 @@ in
     };
   };
 }
-