diff --git a/hosts/VEGAS/services/gitlab/default.nix b/hosts/VEGAS/services/gitlab/default.nix
index 8bba907..518c3dd 100644
--- a/hosts/VEGAS/services/gitlab/default.nix
+++ b/hosts/VEGAS/services/gitlab/default.nix
@@ -1,8 +1,10 @@
-{ config, lib, tools, ... }:
+{ cluster, config, lib, tools, ... }:
 
 let
   inherit (tools.meta) domain adminEmail;
 
+  patroni = cluster.config.links.patroni-pg-access;
+
   mkSecret = name: {
     owner = "gitlab";
     group = "gitlab";
@@ -17,6 +19,7 @@ in
 
 {
   age.secrets = lib.flip lib.genAttrs mkSecret [
+    "gitlab-db-credentials"
     "gitlab-initial-root-password"
     "gitlab-openid-secret"
     "gitlab-runner-registration"
@@ -32,6 +35,12 @@ in
     host = "git.${domain}";
     port = 443;
 
+    databaseCreateLocally = false;
+    databaseHost = patroni.ipv4;
+    extraDatabaseConfig = { inherit (patroni) port; };
+    databaseUsername = "gitlab";
+    databasePasswordFile = secrets.gitlab-db-credentials;
+
     initialRootEmail = adminEmail;
 
     statePath = "/srv/storage/private/gitlab/state";
diff --git a/secrets.nix b/secrets.nix
index 268f16c..66047f5 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -15,6 +15,7 @@ in with hosts;
   "cluster/services/wireguard/mesh-keys/VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
   "cluster/services/wireguard/mesh-keys/prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
   "secrets/coturn-static-auth.age".publicKeys = max ++ map systemKeys [ VEGAS ];
+  "secrets/gitlab-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
   "secrets/gitlab-initial-root-password.age".publicKeys = max ++ map systemKeys [ VEGAS ];
   "secrets/gitlab-openid-secret.age".publicKeys = max ++ map systemKeys [ VEGAS ];
   "secrets/gitlab-runner-registration.age".publicKeys = max ++ map systemKeys [ VEGAS ];
diff --git a/secrets/gitlab-db-credentials.age b/secrets/gitlab-db-credentials.age
new file mode 100644
index 0000000..485ac15
Binary files /dev/null and b/secrets/gitlab-db-credentials.age differ