diff --git a/roles/base/tasks/firewall.yml b/roles/base/tasks/firewall.yml
index 37455a1..290d338 100644
--- a/roles/base/tasks/firewall.yml
+++ b/roles/base/tasks/firewall.yml
@@ -6,6 +6,13 @@
     proto: tcp
     comment: "SSH"
 
+- name: Allow Forgejo SSH
+  community.general.ufw:
+    rule: allow
+    port: "2222"
+    proto: tcp
+    comment: "Forgejo SSH"
+
 - name: Allow HTTP
   community.general.ufw:
     rule: allow
diff --git a/roles/services/templates/docker-compose.yml.j2 b/roles/services/templates/docker-compose.yml.j2
index 0851dc7..d2e4a55 100644
--- a/roles/services/templates/docker-compose.yml.j2
+++ b/roles/services/templates/docker-compose.yml.j2
@@ -108,7 +108,10 @@ services:
       - FORGEJO__server__DOMAIN={{ domain_git }}
       - FORGEJO__server__ROOT_URL=https://{{ domain_git }}
       - FORGEJO__server__SSH_DOMAIN={{ domain_git }}
+      - FORGEJO__server__SSH_PORT=2222
       - FORGEJO__service__DISABLE_REGISTRATION=true
+    ports:
+      - "2222:22"
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.forgejo.rule=Host(`{{ domain_git }}`)"