diff --git a/configuration/default.nix b/configuration/default.nix
index efea59e..efa0152 100644
--- a/configuration/default.nix
+++ b/configuration/default.nix
@@ -378,6 +378,14 @@ in {
 		systemd.services.gitea.serviceConfig.SystemCallArchitectures = lib.mkForce "";
 		systemd.services.gitea.serviceConfig.SystemCallFilter = lib.mkForce [];
 
+		# FIXME: This isn't really a secret... and should probably be a part of the Gitea module instead
+		deployment.secrets.gitea-header = {
+			source = builtins.toFile "header.tmpl" "<style> * { tab-size: 4; } </style>";
+			destination = "/var/lib/gitea/custom/templates/custom/header.tmpl";
+			owner = { user = "git"; };
+			action = [ "systemctl" "restart" "gitea.service" ];
+		};
+
 		# FIXME: Healthcheck for this!
 		services.gitea = {
 			enable = true;