diff --git a/k8s/forgejo/config.yaml b/k8s/forgejo/config.yaml
new file mode 100644
index 0000000..7b9627e
--- /dev/null
+++ b/k8s/forgejo/config.yaml
@@ -0,0 +1,257 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: forgejo
+  namespace: forgejo
+data:
+  FORGEJO__repository__DEFAULT_REPO_UNITS: repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects,repo.packages,repo.actions # this is the default for 1.22, should be safe to remove when we get there
+  FORGEJO__repository__PREFERRED_LICENSES: AGPL-3.0-or-later,LGPL-3.0-or-later,GPL-3.0-or-later,Apache-2.0,MIT
+  FORGEJO__repository__ENABLE_PUSH_CREATE_USER: "true"
+  FORGEJO__metrics__ENABLED: "true"
+  FORGEJO__email.incoming__USERNAME: git@janky.solutions
+  FORGEJO__email.incoming__USE_TLS: "true"
+  FORGEJO__email.incoming__PORT: "993"
+  FORGEJO__email.incoming__HOST: mx1.janky.email
+  FORGEJO__email.incoming__REPLY_TO_ADDRESS: git+%{token}@janky.solutions
+  FORGEJO__email.incoming__ENABLED: "true"
+  FORGEJO__mailer__FROM: git@janky.solutions
+  FORGEJO__mailer__USER: git@janky.solutions
+  FORGEJO__mailer__SMTP_ADDR: mx1.janky.email
+  FORGEJO__mailer__PROTOCOL: smtps
+  FORGEJO__mailer__ENABLED: "true"
+  FORGEJO__service__NO_REPLY_ADDRESS: noreply.git.janky.solutions
+  FORGEJO__service__ALLOW_ONLY_EXTERNAL_REGISTRATION: "true"
+  FORGEJO__service__SHOW_REGISTRATION_BUTTON: "false"
+  FORGEJO__service__DEFAULT_KEEP_EMAIL_PRIVATE: "true"
+  FORGEJO__service__ENABLE_NOTIFY_MAIL: "true"
+  FORGEJO__oauth2_client__ENABLE_AUTO_REGISTRATION: "true"
+  FORGEJO__oauth2_client__REGISTER_EMAIL_CONFIRM: "true"
+  FORGEJO__openid__ENABLE_OPENID_SIGNUP: "false"
+  FORGEJO__server__ROOT_URL: https://git.janky.solutions/
+  FORGEJO__server__DOMAIN: git.janky.solutions
+  FORGEJO__DEFAULT__APP_NAME: Janky Solutions
+  # FORGEJO__storage__STORAGE_TYPE: minio
+  # FORGEJO__storage__MINIO_ENDPOINT: storage.home.finn.io
+  # FORGEJO__storage__MINIO_USE_SSL: "true"
+  # FORGEJO__storage__MINIO_LOCATION: us-sea-1
+  # FORGEJO__storage__MINIO_ACCESS_KEY_ID: aQ0zCsTpCSJ8eKLtGZ3C
+  # FORGEJO__storage__MINIO_BUCKET: forgejo
+  # FORGEJO__attachment__STORAGE_TYPE: minio
+  # FORGEJO__attachment__MINIO_ENDPOINT: storage.home.finn.io
+  # FORGEJO__attachment__MINIO_USE_SSL: "true"
+  # FORGEJO__attachment__MINIO_LOCATION: us-sea-1
+  # FORGEJO__attachment__MINIO_ACCESS_KEY_ID: aQ0zCsTpCSJ8eKLtGZ3C
+  # FORGEJO__attachment__MINIO_BUCKET: forgejo
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: forgejo-templates-base
+  namespace: forgejo
+data:
+  head_navbar.tmpl: |
+    {{$notificationUnreadCount := 0}}
+    {{if and .IsSigned .NotificationUnreadCount}}
+      {{$notificationUnreadCount = call .NotificationUnreadCount}}
+    {{end}}
+
+    <nav id="navbar" aria-label="{{ctx.Locale.Tr "aria.navbar"}}">
+      <div class="navbar-left ui secondary menu">
+        <!-- the logo -->
+        <a class="item" id="navbar-logo" href="{{AppSubUrl}}/" aria-label="{{if .IsSigned}}{{ctx.Locale.Tr "dashboard"}}{{else}}{{ctx.Locale.Tr "home"}}{{end}}">
+          <img width="30" height="30" src="{{AssetUrlPrefix}}/img/logo.svg" alt="{{ctx.Locale.Tr "logo"}}" aria-hidden="true">
+        </a>
+
+        <!-- mobile right menu, it must be here because in mobile view, each item is a flex column, the first item is a full row column -->
+        <div class="ui secondary menu item navbar-mobile-right">
+          {{if .IsSigned}}
+          <a id="mobile-notifications-icon" class="item gt-w-auto gt-p-3" href="{{AppSubUrl}}/notifications" data-tooltip-content="{{ctx.Locale.Tr "notifications"}}" aria-label="{{ctx.Locale.Tr "notifications"}}">
+            <div class="gt-relative">
+              {{svg "octicon-bell"}}
+              <span class="notification_count{{if not $notificationUnreadCount}} gt-hidden{{end}}">{{$notificationUnreadCount}}</span>
+            </div>
+          </a>
+          {{end}}
+          <button class="item gt-w-auto ui icon mini button gt-p-3 gt-m-0" id="navbar-expand-toggle">{{svg "octicon-three-bars"}}</button>
+        </div>
+
+        <!-- navbar links non-mobile -->
+        {{if and .IsSigned .MustChangePassword}}
+          {{/* No links */}}
+        {{else if .IsSigned}}
+          {{if not .UnitIssuesGlobalDisabled}}
+            <a class="item{{if .PageIsIssues}} active{{end}}" href="{{AppSubUrl}}/issues">{{ctx.Locale.Tr "issues"}}</a>
+          {{end}}
+          {{if not .UnitPullsGlobalDisabled}}
+            <a class="item{{if .PageIsPulls}} active{{end}}" href="{{AppSubUrl}}/pulls">{{ctx.Locale.Tr "pull_requests"}}</a>
+          {{end}}
+          {{if not (and .UnitIssuesGlobalDisabled .UnitPullsGlobalDisabled)}}
+            {{if .ShowMilestonesDashboardPage}}
+              <a class="item{{if .PageIsMilestonesDashboard}} active{{end}}" href="{{AppSubUrl}}/milestones">{{ctx.Locale.Tr "milestones"}}</a>
+            {{end}}
+          {{end}}
+          <a class="item{{if .PageIsExplore}} active{{end}}" href="{{AppSubUrl}}/explore/repos">{{ctx.Locale.Tr "explore"}}</a>
+        {{else if .IsLandingPageOrganizations}}
+          <a class="item{{if .PageIsExplore}} active{{end}}" href="{{AppSubUrl}}/explore/organizations">{{ctx.Locale.Tr "explore"}}</a>
+        {{else}}
+          <a class="item{{if .PageIsExplore}} active{{end}}" href="{{AppSubUrl}}/explore/repos">{{ctx.Locale.Tr "explore"}}</a>
+        {{end}}
+
+        {{template "custom/extra_links" .}}
+
+        {{if not .IsSigned}}
+          <a class="item" target="_blank" rel="noopener noreferrer" href="https://forgejo.org/docs/latest/">{{ctx.Locale.Tr "help"}}</a>
+        {{end}}
+      </div>
+
+      <!-- the full dropdown menus -->
+      <div class="navbar-right ui secondary menu">
+        {{if and .IsSigned .MustChangePassword}}
+          <div class="ui dropdown jump item" data-tooltip-content="{{ctx.Locale.Tr "user_profile_and_more"}}">
+            <span class="text gt-df gt-ac">
+              {{ctx.AvatarUtils.Avatar .SignedUser 24 "gt-mr-2"}}
+              <span class="mobile-only gt-ml-3">{{.SignedUser.Name}}</span>
+              <span class="not-mobile">{{svg "octicon-triangle-down"}}</span>
+            </span>
+            <div class="menu user-menu">
+              <div class="ui header">
+                {{ctx.Locale.Tr "signed_in_as"}} <strong>{{.SignedUser.Name}}</strong>
+              </div>
+
+              <div class="divider"></div>
+              <a class="item link-action" href data-url="{{AppSubUrl}}/user/logout">
+                {{svg "octicon-sign-out"}}
+                {{ctx.Locale.Tr "sign_out"}}
+              </a>
+            </div><!-- end content avatar menu -->
+          </div><!-- end dropdown avatar menu -->
+        {{else if .IsSigned}}
+          {{if EnableTimetracking}}
+          <a class="active-stopwatch-trigger item gt-mx-0{{if not .ActiveStopwatch}} gt-hidden{{end}}" href="{{.ActiveStopwatch.IssueLink}}" title="{{ctx.Locale.Tr "active_stopwatch"}}">
+            <div class="gt-relative">
+              {{svg "octicon-stopwatch"}}
+              <span class="header-stopwatch-dot"></span>
+            </div>
+            <span class="mobile-only gt-ml-3">{{ctx.Locale.Tr "active_stopwatch"}}</span>
+          </a>
+          <div class="active-stopwatch-popup item tippy-target gt-p-3">
+            <div class="gt-df gt-ac">
+              <a class="stopwatch-link gt-df gt-ac" href="{{.ActiveStopwatch.IssueLink}}">
+                {{svg "octicon-issue-opened" 16 "gt-mr-3"}}
+                <span class="stopwatch-issue">{{.ActiveStopwatch.RepoSlug}}#{{.ActiveStopwatch.IssueIndex}}</span>
+                <span class="ui primary label stopwatch-time gt-my-0 gt-mx-4" data-seconds="{{.ActiveStopwatch.Seconds}}">
+                  {{if .ActiveStopwatch}}{{Sec2Time .ActiveStopwatch.Seconds}}{{end}}
+                </span>
+              </a>
+              <form class="stopwatch-commit" method="post" action="{{.ActiveStopwatch.IssueLink}}/times/stopwatch/toggle">
+                {{.CsrfTokenHtml}}
+                <button
+                  type="submit"
+                  class="ui button mini compact basic icon"
+                  data-tooltip-content="{{ctx.Locale.Tr "repo.issues.stop_tracking"}}"
+                >{{svg "octicon-square-fill"}}</button>
+              </form>
+              <form class="stopwatch-cancel" method="post" action="{{.ActiveStopwatch.IssueLink}}/times/stopwatch/cancel">
+                {{.CsrfTokenHtml}}
+                <button
+                  type="submit"
+                  class="ui button mini compact basic icon"
+                  data-tooltip-content="{{ctx.Locale.Tr "repo.issues.cancel_tracking"}}"
+                >{{svg "octicon-trash"}}</button>
+              </form>
+            </div>
+          </div>
+          {{end}}
+
+          <a class="item not-mobile gt-mx-0" href="{{AppSubUrl}}/notifications" data-tooltip-content="{{ctx.Locale.Tr "notifications"}}" aria-label="{{ctx.Locale.Tr "notifications"}}">
+            <div class="gt-relative">
+              {{svg "octicon-bell"}}
+              <span class="notification_count{{if not $notificationUnreadCount}} gt-hidden{{end}}">{{$notificationUnreadCount}}</span>
+            </div>
+          </a>
+
+          <div class="ui dropdown jump item gt-mx-0 gt-pr-3" data-tooltip-content="{{ctx.Locale.Tr "create_new"}}">
+            <span class="text">
+              {{svg "octicon-plus"}}
+              <span class="not-mobile">{{svg "octicon-triangle-down"}}</span>
+              <span class="mobile-only">{{ctx.Locale.Tr "create_new"}}</span>
+            </span>
+            <div class="menu">
+              <a class="item" href="{{AppSubUrl}}/repo/create">
+                {{svg "octicon-plus"}} {{ctx.Locale.Tr "new_repo"}}
+              </a>
+              {{if not .DisableMigrations}}
+                <a class="item" href="{{AppSubUrl}}/repo/migrate">
+                  {{svg "octicon-repo-push"}} {{ctx.Locale.Tr "new_migrate"}}
+                </a>
+              {{end}}
+              {{if .SignedUser.CanCreateOrganization}}
+              <a class="item" href="{{AppSubUrl}}/org/create">
+                {{svg "octicon-organization"}} {{ctx.Locale.Tr "new_org"}}
+              </a>
+              {{end}}
+            </div><!-- end content create new menu -->
+          </div><!-- end dropdown menu create new -->
+
+          <div class="ui dropdown jump item gt-mx-0 gt-pr-3" data-tooltip-content="{{ctx.Locale.Tr "user_profile_and_more"}}">
+            <span class="text gt-df gt-ac">
+              {{ctx.AvatarUtils.Avatar .SignedUser 24 "gt-mr-2"}}
+              <span class="mobile-only gt-ml-3">{{.SignedUser.Name}}</span>
+              <span class="not-mobile">{{svg "octicon-triangle-down"}}</span>
+            </span>
+            <div class="menu user-menu">
+              <div class="ui header">
+                {{ctx.Locale.Tr "signed_in_as"}} <strong>{{.SignedUser.Name}}</strong>
+              </div>
+
+              <div class="divider"></div>
+              <a class="item" href="{{.SignedUser.HomeLink}}">
+                {{svg "octicon-person"}}
+                {{ctx.Locale.Tr "your_profile"}}
+              </a>
+              {{if not .DisableStars}}
+                <a class="item" href="{{.SignedUser.HomeLink}}?tab=stars">
+                  {{svg "octicon-star"}}
+                  {{ctx.Locale.Tr "your_starred"}}
+                </a>
+              {{end}}
+              <a class="item" href="{{AppSubUrl}}/notifications/subscriptions">
+                {{svg "octicon-bell"}}
+                {{ctx.Locale.Tr "notification.subscriptions"}}
+              </a>
+              <a class="{{if .PageIsUserSettings}}active {{end}}item" href="{{AppSubUrl}}/user/settings">
+                {{svg "octicon-tools"}}
+                {{ctx.Locale.Tr "your_settings"}}
+              </a>
+              <a class="item" target="_blank" rel="noopener noreferrer" href="https://forgejo.org/docs/latest/">
+                {{svg "octicon-question"}}
+                {{ctx.Locale.Tr "help"}}
+              </a>
+              {{if .IsAdmin}}
+                <div class="divider"></div>
+
+                <a class="{{if .PageIsAdmin}}active {{end}}item" href="{{AppSubUrl}}/admin">
+                  {{svg "octicon-server"}}
+                  {{ctx.Locale.Tr "admin_panel"}}
+                </a>
+              {{end}}
+
+              <div class="divider"></div>
+              <a class="item link-action" href data-url="{{AppSubUrl}}/user/logout">
+                {{svg "octicon-sign-out"}}
+                {{ctx.Locale.Tr "sign_out"}}
+              </a>
+            </div><!-- end content avatar menu -->
+          </div><!-- end dropdown avatar menu -->
+        {{else}}
+          {{if .ShowRegistrationButton}}
+            <a class="item{{if .PageIsSignUp}} active{{end}}" href="{{AppSubUrl}}/user/sign_up">
+              {{svg "octicon-person"}} {{ctx.Locale.Tr "register"}}
+            </a>
+          {{end}}
+          <a class="item{{if .PageIsSignIn}} active{{end}}" rel="nofollow" href="{{AppSubUrl}}/user/oauth2/Janky%20Solutions{{if not .PageIsSignIn}}?redirect_to={{.CurrentURL}}{{end}}">
+            {{svg "octicon-sign-in"}} {{ctx.Locale.Tr "sign_in"}}
+          </a>
+        {{end}}
+      </div><!-- end full right menu -->
+    </nav>
diff --git a/k8s/forgejo/oauth2-settings.txt b/k8s/forgejo/oauth2-settings.txt
deleted file mode 100644
index f078bbc..0000000
--- a/k8s/forgejo/oauth2-settings.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-client_id: forgejo
-client_secret: 3d8ef8de-4ab1-4690-8bff-3563c4060653
-discovery_url: https://auth.janky.solutions/auth/realms/janky.solutions/.well-known/openid-configuration
diff --git a/k8s/forgejo/statefulset.yaml b/k8s/forgejo/statefulset.yaml
index dfabb1d..e382814 100644
--- a/k8s/forgejo/statefulset.yaml
+++ b/k8s/forgejo/statefulset.yaml
@@ -21,65 +21,22 @@ spec:
         volumeMounts:
           - name: forgejo-data
             mountPath: /data
+          - name: forgejo-templates-base
+            mountPath: /data/gitea/templates/base
         envFrom:
           - secretRef:
               name: forgejo
-        env:
-          - name: FORGEJO__DEFAULT__APP_NAME
-            value: Janky Solutions
-          - name: FORGEJO__server__DOMAIN
-            value: git.janky.solutions
-          - name: FORGEJO__server__ROOT_URL
-            value: https://git.janky.solutions/
-          - name: FORGEJO__openid__ENABLE_OPENID_SIGNUP
-            value: "false"
-          - name: FORGEJO__oauth2_client__REGISTER_EMAIL_CONFIRM
-            value: "false"
-          - name: FORGEJO__oauth2_client__ENABLE_AUTO_REGISTRATION
-            value: "true"
-          - name: FORGEJO__service__ENABLE_NOTIFY_MAIL
-            value: "true"
-          - name: FORGEJO__service__DEFAULT_KEEP_EMAIL_PRIVATE
-            value: "true"
-          - name: FORGEJO__service__SHOW_REGISTRATION_BUTTON
-            value: "false"
-          - name: FORGEJO__service__ALLOW_ONLY_EXTERNAL_REGISTRATION
-            value: "true"
-          - name: FORGEJO__service__NO_REPLY_ADDRESS
-            value: noreply.git.janky.solutions
-          - name: FORGEJO__mailer__ENABLED
-            value: "true"
-          - name: FORGEJO__mailer__PROTOCOL
-            value: smtps
-          - name: FORGEJO__mailer__SMTP_ADDR
-            value: mx1.janky.email
-          - name: FORGEJO__mailer__USER
-            value: git@janky.solutions
-          - name: FORGEJO__mailer__FROM
-            value: git@janky.solutions
-          - name: FORGEJO__email.incoming__ENABLED
-            value: "true"
-          - name: FORGEJO__email.incoming__REPLY_TO_ADDRESS
-            value: git+%{token}@janky.solutions
-          - name: FORGEJO__email.incoming__HOST
-            value: mx1.janky.email
-          - name: FORGEJO__email.incoming__PORT
-            value: "993"
-          - name: FORGEJO__email.incoming__USE_TLS
-            value: "true"
-          - name: FORGEJO__email.incoming__USERNAME
-            value: git@janky.solutions
-          - name: FORGEJO__metrics__ENABLED
-            value: "true"
-          - name: FORGEJO__repository__ENABLE_PUSH_CREATE_USER
-            value: "true"
-          - name: FORGEJO__repository__PREFERRED_LICENSES
-            value: AGPL-3.0-or-later,LGPL-3.0-or-later,GPL-3.0-or-later,Apache-2.0,MIT
+          - configMapRef:
+              name: forgejo
         ports:
           - name: web
             containerPort: 3000
           - name: ssh
             containerPort: 22
+      volumes:
+        - name: forgejo-templates-base
+          configMap:
+            name: forgejo-templates-base
   volumeClaimTemplates:
   - metadata:
       name: forgejo-data