diff --git a/inventory/group_vars/homeserver.yml b/inventory/group_vars/homeserver.yml
index 3f33826..11aa49f 100644
--- a/inventory/group_vars/homeserver.yml
+++ b/inventory/group_vars/homeserver.yml
@@ -6,5 +6,6 @@ jitsi_videobridge_port: 54562
 git_ssh_port: 56287
 prometheus_port: 8081
 traefik_api_port: 8080
+internal_forgejo_port: 3000 # Needed to pull from a repository from another docker container.
 
 domain_name_pim: pim.kunis.nl
diff --git a/roles/forgejo/templates/docker-compose.yml.j2 b/roles/forgejo/templates/docker-compose.yml.j2
index 91ecb6d..fcd41f5 100644
--- a/roles/forgejo/templates/docker-compose.yml.j2
+++ b/roles/forgejo/templates/docker-compose.yml.j2
@@ -14,6 +14,8 @@ services:
     restart: always
     networks:
       - traefik
+    ports:
+      - "{{ internal_forgejo_port }}:3000"
     volumes:
       - {{ data_dir }}:/data
       - {{ service_dir }}/conf:/data/gitea/conf
diff --git a/roles/static/templates/nginx.conf.j2 b/roles/static/templates/nginx.conf.j2
index 5267742..10a84d1 100644
--- a/roles/static/templates/nginx.conf.j2
+++ b/roles/static/templates/nginx.conf.j2
@@ -2,16 +2,11 @@ server {
 	listen 80 default_server;
 
 	location /security.txt {
-		return 301 https://$host/.well-known/security.txt;
+		return 301 https://{{ domain_name_pim }}/.well-known/security.txt;
 	}
 
 	location /.well-known/security.txt {
-		add_header Content-Type 'text/plain';
-		add_header Cache-Control 'no-cache, no-store, must-revalidate';
-		add_header Pragma 'no-cache';
-		add_header Expires '0';
-		add_header Vary '*';
-		return 200 "Contact: mailto:pim@kunis.nl\nExpires: 1970-01-01T00:00:00.000Z\nPreferred-Languages: en,nl\n";
+		return 301 https://{{ domain_name_pim }}/.well-known/security.txt;
 	}
 }
 
diff --git a/roles/static/vars/main.yml b/roles/static/vars/main.yml
index d0ee1bc..8838234 100644
--- a/roles/static/vars/main.yml
+++ b/roles/static/vars/main.yml
@@ -1,3 +1,3 @@
 service_name: static
 service_dir: "{{ base_service_dir }}/{{ service_name }}"
-git_origin: https://git.pim.kunis.nl/pim/static.git
+git_origin: "http://localhost:{{ internal_forgejo_port }}/pim/static.git"
diff --git a/util/secret-service-client.sh b/util/secret-service-client.sh
old mode 100644
new mode 100755