diff --git a/hosts/by-name/servo/services/gitea.nix b/hosts/by-name/servo/services/gitea.nix
index 0b3499e8d..6687cce7e 100644
--- a/hosts/by-name/servo/services/gitea.nix
+++ b/hosts/by-name/servo/services/gitea.nix
@@ -11,15 +11,23 @@
 
   services.gitea.enable = true;
   services.gitea.user = "git";  # default is 'gitea'
-  services.gitea.database.type = "postgres";
-  services.gitea.database.user = "git";
   services.gitea.appName = "Perfectly Sane Git";
   # services.gitea.disableRegistration = true;
 
-  services.gitea.database.createDatabase = false;  #< silence warning which wants db user and name to be equal
-  # TODO: remove this after merge: <https://github.com/NixOS/nixpkgs/pull/268849>
+  services.gitea.database.createDatabase = false;  # can only createDatabase if user ("git") == dbname ("gitea")
+  services.gitea.database.type = "postgres";
+  services.gitea.database.user = "git";
+  # createDatabase=false means manually specify the connection; see: <https://github.com/NixOS/nixpkgs/pull/268849>
+  services.gitea.database.name = "gitea";
   services.gitea.database.socket = "/run/postgresql";  #< would have been set if createDatabase = true
 
+  services.postgresql.enable = true;
+  services.postgresql.ensureDatabases = [ "gitea" ];
+  services.postgresql.ensureUsers = [{
+    name = "git";
+    # ensureDBOwnership = true;  # not possible if db name ("gitea") != db username ("git"); one-time manual setup required to grant user ownership of the relevant db
+  }];
+
   # gitea doesn't create the git user
   users.users.git = {
     description = "Gitea Service";
@@ -96,6 +104,7 @@
     };
   };
 
+  systemd.services.gitea.requires = [ "postgresql.service" ];
   systemd.services.gitea.serviceConfig = {
     # nix default is AF_UNIX AF_INET AF_INET6.
     # we need more protos for sendmail to work. i thought it only needed +AF_LOCAL, but that didn't work.
diff --git a/pkgs/by-name/nixpkgs-bootstrap/patches.nix b/pkgs/by-name/nixpkgs-bootstrap/patches.nix
index 64e506d4a..aa23ad5e5 100644
--- a/pkgs/by-name/nixpkgs-bootstrap/patches.nix
+++ b/pkgs/by-name/nixpkgs-bootstrap/patches.nix
@@ -46,6 +46,14 @@ in
     hash = "sha256-Dur6EFuc3uqMuJyXBKKIaj2Y0jA227y8U6lK06cQ718=";
   })
 
+  (fetchpatch' {
+    # patch should be safe to remove; keeping it here to track the upstreaming status
+    name = "nixos/gitea: don't configure the database if `createDatabase == false`";
+    prUrl = "https://github.com/NixOS/nixpkgs/pull/268849";
+    # saneCommit = "92662a9920cf8b70ad8a061591dc37146123bde3";
+    hash = "sha256-3mvNFvOgUtzWwPEHGBSv9UEANxVfD1/fXbiV/mlq0l8=";
+  })
+
   (fetchpatch' {
     # TODO: send to upstream nixpkgs once tested (branch: lappy: pr-stepmania-wrapper)
     name = "stepmania: wrap the program so it knows where to find its data files";