diff --git a/infra/.env.example b/infra/.env.example
index 2001127..73eaa98 100644
--- a/infra/.env.example
+++ b/infra/.env.example
@@ -11,3 +11,7 @@ HIY_ADMIN_PASS=changeme
 # Postgres admin password — used by the shared cluster.
 # App schemas get their own scoped users; this password never leaves the server.
 POSTGRES_PASSWORD=changeme
+
+# Forgejo (optional — only needed if you add the forgejo service to docker-compose.yml).
+FORGEJO_DB_PASSWORD=changeme
+FORGEJO_DOMAIN=git.yourdomain.com
diff --git a/infra/docker-compose.yml b/infra/docker-compose.yml
index 33a0e52..17024e8 100644
--- a/infra/docker-compose.yml
+++ b/infra/docker-compose.yml
@@ -70,6 +70,30 @@ services:
       POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
     volumes:
       - hiy-pg-data:/var/lib/postgresql/data
+      # SQL files here run once on first init (ignored if data volume already exists).
+      - ./postgres-init:/docker-entrypoint-initdb.d:ro
+    networks:
+      - hiy-net
+
+  # ── Forgejo (self-hosted Git) ──────────────────────────────────────────────
+  forgejo:
+    image: docker.io/codeberg.org/forgejo/forgejo:10
+    restart: unless-stopped
+    environment:
+      USER_UID: 1000
+      USER_GID: 1000
+      FORGEJO__database__DB_TYPE: postgres
+      FORGEJO__database__HOST: postgres:5432
+      FORGEJO__database__NAME: forgejo
+      FORGEJO__database__USER: forgejo
+      FORGEJO__database__PASSWD: ${FORGEJO_DB_PASSWORD}
+      FORGEJO__server__DOMAIN: ${FORGEJO_DOMAIN}
+      FORGEJO__server__ROOT_URL: https://${FORGEJO_DOMAIN}/
+      FORGEJO__server__SSH_DOMAIN: ${FORGEJO_DOMAIN}
+    volumes:
+      - forgejo-data:/data
+    depends_on:
+      - postgres
     networks:
       - hiy-net
 
@@ -142,6 +166,7 @@ networks:
 
 volumes:
   hiy-data:
+  forgejo-data:
   caddy-data:
   caddy-config:
   hiy-pg-data:
diff --git a/infra/postgres-init/01-forgejo.sql b/infra/postgres-init/01-forgejo.sql
new file mode 100644
index 0000000..1031b90
--- /dev/null
+++ b/infra/postgres-init/01-forgejo.sql
@@ -0,0 +1,5 @@
+-- Create a dedicated database and user for Forgejo.
+-- This script runs once when the Postgres container is first initialised.
+-- If the container already has data it is skipped automatically.
+CREATE USER forgejo WITH PASSWORD 'CHANGE_ME';
+CREATE DATABASE forgejo OWNER forgejo;