diff --git a/hosts/containers/gitea/default.nix b/hosts/containers/gitea/default.nix
index 1d063e22..88ebd518 100644
--- a/hosts/containers/gitea/default.nix
+++ b/hosts/containers/gitea/default.nix
@@ -1,12 +1,153 @@
-{ config, pkgs, lib, ... }:
+{ config, pkgs, lib, zentralwerk, ... }:
 
 {
-  imports = [
-    ./modules/networking.nix
-    ./modules/gitea.nix
-    ./modules/nginx.nix
-    ./modules/ssh.nix
-  ];
+  networking = {
+    hostName = "gitea";
+    useDHCP = false;
+    interfaces.eth0 = {
+      useDHCP = false;
+      ipv4.addresses = [ {
+        address = config.c3d2.hosts."${config.networking.hostName}".ip4;
+        prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
+      } ];
+    };
+    defaultGateway = "172.20.73.1";
+    nameservers = [ "172.20.73.8" "9.9.9.9" ];
+    firewall.allowedTCPPorts = [ 80 443 2222 ];
+  };
+
+  services = {
+    gitea = rec {
+      enable = true;
+      appName = "Gitea: with a cup of Kolle Mate";
+      domain = "gitea.c3d2.de";
+      rootUrl = "https://${domain}/";
+
+      database = {
+        type = "postgres";
+        host = "127.0.0.1";
+        name = "gitea";
+        user = "gitea";
+        passwordFile = "/etc/giteaPassword";
+      };
+
+      repositoryRoot = "/var/lib/gitea/repositories";
+
+      disableRegistration = true;
+
+      lfs.enable = true;
+
+      log.level = "Info";
+
+      dump = {
+        ## Is a nice feature once we have a dedicated backup storage.
+        ## For now it is disabled, since it delays `nixos-rebuild switch`.
+        enable = false;
+        backupDir = "/var/lib/gitea/dump";
+      };
+
+      settings = {
+        cors = {
+          ALLOW_DOMAIN = config.services.gitea.domain;
+          ENABLED = true;
+          SCHEME = "https";
+        };
+        cron = {
+          ENABLED = true;
+        };
+        "cron.delete_generated_repository_avatars" = {
+          ENABLED = true;
+        };
+        "cron.delete_old_actions" = {
+          ENABLED = true;
+        };
+        "cron.delete_old_system_notices" = {
+          ENABLED = true;
+        };
+        "cron.repo_health_check" = {
+          TIMEOUT = "120s";
+        };
+        "cron.resync_all_sshkeys" = {
+          ENABLED = true;
+          RUN_AT_START = true;
+        };
+        database = {
+          LOG_SQL = false;
+        };
+        indexer = {
+          REPO_INDEXER_ENABLED = true;
+        };
+        log = {
+          LEVEL = "Info";
+          DISABLE_ROUTER_LOG = true;
+        };
+        mailer = {
+          ENABLED = true;
+          FROM = "gitea@c3d2.de";
+          MAILER_TYPE = "smtp";
+          HOST = "mail.c3d2.de:465";
+          IS_TLS_ENABLED = true;
+        };
+        other = {
+          SHOW_FOOTER_VERSION = false;
+        };
+        picture = {
+          # this also disables libravatar
+          DISABLE_GRAVATAR = false;
+          ENABLE_FEDERATED_AVATAR = true;
+          GRAVATAR_SOURCE = "libravatar";
+          REPOSITORY_AVATAR_FALLBACK = "random";
+        };
+        server = {
+          ENABLE_GZIP = true;
+          SSH_AUTHORIZED_KEYS_BACKUP = false;
+          SSH_DOMAIN = domain;
+        };
+        service = {
+          NO_REPLY_ADDRESS = "no_reply@c3d2.de";
+          REGISTER_EMAIL_CONFIRM = true;
+          ENABLE_NOTIFY_MAIL = true;
+        };
+        session = {
+          COOKIE_SECURE = lib.mkForce true;
+          PROVIDER = "db";
+          SAME_SITE = "strict";
+        };
+        "ssh.minimum_key_sizes" = {
+          ECDSA = -1;
+          RSA = 2048;
+        };
+        time = {
+          DEFAULT_UI_LOCATION = config.time.timeZone;
+        };
+        ui = {
+          DEFAULT_THEME = "arc-green";
+        };
+      };
+    };
+
+    nginx = {
+      enable = true;
+      virtualHosts."gitea.c3d2.de" = {
+        forceSSL = true;
+        enableACME = true;
+        locations."/".proxyPass = "http://localhost:3000";
+      };
+    };
+
+    openssh = {
+      enable = true;
+      extraConfig = ''
+        Match User gitea
+          AllowAgentForwarding no
+          AllowTcpForwarding no
+          PermitTTY no
+          X11Forwarding no
+      '';
+    };
+  };
+
+  environment.systemPackages = with pkgs; [ postgresql unzip ]; # used to restore database dumps
 
   system.stateVersion = "21.11";
 }
diff --git a/hosts/containers/gitea/modules/gitea.nix b/hosts/containers/gitea/modules/gitea.nix
deleted file mode 100644
index d33a94ba..00000000
--- a/hosts/containers/gitea/modules/gitea.nix
+++ /dev/null
@@ -1,67 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  services.gitea = rec {
-    enable = true;
-    domain = "gitea.c3d2.de";
-    rootUrl = "https://${domain}/";
-
-    database = {
-      type = "postgres";
-      host = "127.0.0.1";
-      name = "gitea";
-      user = "gitea";
-      passwordFile = "/etc/giteaPassword";
-    };
-    repositoryRoot = "/var/lib/gitea/repositories";
-
-    disableRegistration = true;
-
-    lfs.enable = true;
-    log.level = "Info";
-
-    dump = {
-      ## Is a nice feature once we have a dedicated backup storage.
-      ## For now it is disabled, since it delays `nixos-rebuild switch`.
-      enable = false;
-      backupDir = "/var/lib/gitea/dump";
-    };
-
-    settings = {
-      server = {
-        # START_SSH_SERVER = true;
-        # BUILTIN_SSH_SERVER_USER = "git";
-        SSH_DOMAIN = domain;
-        ENABLE_GZIP = true;
-      };
-      cron = {
-        ENABLED = true;
-      };
-      mailer = {
-        ENABLED = true;
-        FROM = "gitea@c3d2.de";
-        MAILER_TYPE = "smtp";
-        HOST = "mail.c3d2.de:465";
-        IS_TLS_ENABLED = true;
-      };
-      service = {
-        NO_REPLY_ADDRESS = "no_reply@c3d2.de";
-        REGISTER_EMAIL_CONFIRM = true;
-        ENABLE_NOTIFY_MAIL = true;
-      };
-      database = {
-        LOG_SQL = false;
-      };
-      time = {
-        DEFAULT_UI_LOCATION = config.time.timeZone;
-      };
-      ui = {
-        DEFAULT_THEME = "arc-green";
-      };
-    };
-  };
-
-  networking.firewall.allowedTCPPorts = [ 3000 2222 ];
-
-  environment.systemPackages = with pkgs; [ postgresql unzip ]; ## used to restore database dumps
-}
diff --git a/hosts/containers/gitea/modules/networking.nix b/hosts/containers/gitea/modules/networking.nix
deleted file mode 100644
index ff332f75..00000000
--- a/hosts/containers/gitea/modules/networking.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{ zentralwerk, config, pkgs, ... }:
-
-{
-  networking = {
-    hostName = "gitea";
-    useDHCP = false;
-    interfaces.eth0 = {
-      useDHCP = false;
-      ipv4.addresses = [ {
-        address = config.c3d2.hosts."${config.networking.hostName}".ip4;
-        prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
-      } ];
-    };
-    defaultGateway = "172.20.73.1";
-    nameservers = [ "172.20.73.8" "9.9.9.9" ];
-    firewall.allowedTCPPorts = [ 80 443 2222 ];
-  };
-}
diff --git a/hosts/containers/gitea/modules/nginx.nix b/hosts/containers/gitea/modules/nginx.nix
deleted file mode 100644
index 9ce38a10..00000000
--- a/hosts/containers/gitea/modules/nginx.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  services.nginx = {
-    enable = true;
-    virtualHosts."gitea.c3d2.de" = {
-      forceSSL = true;
-      enableACME = true;
-      locations."/".proxyPass = "http://localhost:3000";
-    };
-  };
-}
diff --git a/hosts/containers/gitea/modules/ssh.nix b/hosts/containers/gitea/modules/ssh.nix
deleted file mode 100644
index 68e3aa4e..00000000
--- a/hosts/containers/gitea/modules/ssh.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  services.openssh = {
-    enable = true;
-    extraConfig = ''
-      Match User gitea
-        AllowAgentForwarding no
-        AllowTcpForwarding no
-        PermitTTY no
-        X11Forwarding no
-    '';
-  };
-}