diff --git a/inventory/my-cluster/group_vars/all.yml b/inventory/my-cluster/group_vars/all.yml
index c2a38e9..5e3138e 100644
--- a/inventory/my-cluster/group_vars/all.yml
+++ b/inventory/my-cluster/group_vars/all.yml
@@ -222,4 +222,14 @@ gmail_smtp_pass: !vault |
           3535373866653261303761396163373334383461323661380a376561663864346633646230633531
           35326435323434386564363037383961383934363163653635346233306139303664323037383435
           3763313639656566620a623639386437353662316631316638363862323334323838643037336464
-          64373730623035616464303230626462666166636236363033633132363236306132
\ No newline at end of file
+          64373730623035616464303230626462666166636236363033633132363236306132
+
+gitea_db_pwd: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          36393364326238666261663830353336616336653337666434343261666632346666663339616334
+          3631386161346362626236616239646430636532663531310a326462636364323664636134343432
+          31333231383132373131323131643866316331666663333062303865366539613338333662343530
+          3566396439376366640a643966376630656561643865653535363132343138393132343039346630
+          30616533336461396330353364656565633933613031643764343562383734373263633333346662
+          61383736386164366233386235336636613830313231336461636137643361383931363166336238
+          613733336339326564303964353238386264
diff --git a/inventory/my-cluster/host_vars/gitea b/inventory/my-cluster/host_vars/gitea
new file mode 100644
index 0000000..d40434c
--- /dev/null
+++ b/inventory/my-cluster/host_vars/gitea
@@ -0,0 +1,6 @@
+---
+
+ansible_user: root
+ansible_host: 10.0.2.28
+ansible_ssh_pass: "{{ proxmox_api_password }}"
+vmid: 619
diff --git a/inventory/my-cluster/hosts.ini b/inventory/my-cluster/hosts.ini
index 91d1aee..dea55ae 100644
--- a/inventory/my-cluster/hosts.ini
+++ b/inventory/my-cluster/hosts.ini
@@ -13,6 +13,7 @@ changedetection
 arr
 mealie
 vaultwarden
+gitea
 
 [baremetal]
 mipha
diff --git a/playbook-gitea.yml b/playbook-gitea.yml
new file mode 100644
index 0000000..ecb89fa
--- /dev/null
+++ b/playbook-gitea.yml
@@ -0,0 +1,23 @@
+---
+# - hosts: localhost
+#   become: yes
+#   roles:
+#     - role: gitea/provision/delete
+#     - role: gitea/provision/create
+#     - role: gitea/provision/start
+#       vars:
+#         vmid: 619
+
+# - hosts: impa
+#   become: yes
+#   roles:
+#     - role: gitea/enable-ssh
+#       vars:
+#         vmid: 619
+
+- hosts: gitea
+  become: yes
+  roles:
+#     - role: gitea/update
+#     - role: gitea/install-docker
+    - role: gitea/install-app
diff --git a/roles/gitea/enable-ssh/tasks/main.yml b/roles/gitea/enable-ssh/tasks/main.yml
new file mode 100644
index 0000000..f2882d3
--- /dev/null
+++ b/roles/gitea/enable-ssh/tasks/main.yml
@@ -0,0 +1,8 @@
+---
+# Unable to use ansible.builtin.lineinfile, because we need to run this through the proxmox host (because SSH is not enabled duh)
+
+- name: Allow SSH into LXC
+  ansible.builtin.command: lxc-attach -n 619 -- sed -i "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config
+
+- name: Restart SSH Service
+  ansible.builtin.command: lxc-attach -n 619 service ssh restart
diff --git a/roles/gitea/install-app/tasks/main.yml b/roles/gitea/install-app/tasks/main.yml
new file mode 100644
index 0000000..98d60c2
--- /dev/null
+++ b/roles/gitea/install-app/tasks/main.yml
@@ -0,0 +1,28 @@
+---
+- name: Create directory for docker-compose
+  ansible.builtin.file:
+    path: /root/docker/
+    state: directory
+    mode: "0755"
+
+- name: Copy .env file
+  template:
+    src: ".env"
+    dest: /root/docker/.env
+    owner: root
+    group: root
+    mode: 0755
+
+- name: Copy docker-compose file
+  template:
+    src: "docker-compose.yml"
+    dest: /root/docker/docker-compose.yml
+    owner: root
+    group: root
+    mode: 0755
+
+- name: Run docker-compose
+  ansible.builtin.shell:
+  args:
+    cmd: docker compose up -d
+    chdir: /root/docker/
diff --git a/roles/gitea/install-app/templates/.env b/roles/gitea/install-app/templates/.env
new file mode 100644
index 0000000..bae031f
--- /dev/null
+++ b/roles/gitea/install-app/templates/.env
@@ -0,0 +1,12 @@
+USER_UID=0
+USER_GID=0
+GITEA__database__DB_TYPE=mysql
+GITEA__database__HOST=gitea-db:3306
+GITEA__database__NAME=gitea
+GITEA__database__USER=gitea
+GITEA__database__PASSWD={{ gitea_db_pwd }}
+
+MYSQL_ROOT_PASSWORD=gitea
+MYSQL_USER=gitea
+MYSQL_PASSWORD={{ gitea_db_pwd }}
+MYSQL_DATABASE=gitea
diff --git a/roles/gitea/install-app/templates/docker-compose.yml b/roles/gitea/install-app/templates/docker-compose.yml
new file mode 100644
index 0000000..c9b0cc3
--- /dev/null
+++ b/roles/gitea/install-app/templates/docker-compose.yml
@@ -0,0 +1,23 @@
+version: "3"
+
+services:
+  server:
+    image: gitea/gitea
+    container_name: gitea
+    restart: always
+    ports:
+      - 3000:3000
+      - 222:22
+    volumes:
+      - /data/gitea/config:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    depends_on:
+       - db
+
+  db:
+     image: mysql:8
+     container_name: gitea-db
+     restart: always
+     volumes:
+       - /data/gitea/db:/var/lib/mysql
diff --git a/roles/gitea/install-docker/tasks/main.yml b/roles/gitea/install-docker/tasks/main.yml
new file mode 100644
index 0000000..d5baba9
--- /dev/null
+++ b/roles/gitea/install-docker/tasks/main.yml
@@ -0,0 +1,27 @@
+---
+- name: Get convenience script
+  uri:
+    url: "https://get.docker.com"
+    method: GET
+    dest: /tmp/get-docker.sh
+    mode: a+x
+    creates: /tmp/get-docker.sh
+
+- name: Execute script
+  ansible.builtin.shell: /tmp/get-docker.sh
+
+- name: Ensure group "docker" exists
+  ansible.builtin.group:
+    name: docker
+    state: present
+
+- name: Add root user to docker group
+  ansible.builtin.user:
+    name: root
+    groups: docker
+    append: yes
+
+- name: Enable docker on startup
+  ansible.builtin.shell: |
+    systemctl enable docker.service
+    systemctl enable containerd.service
diff --git a/roles/gitea/provision/create/tasks/main.yml b/roles/gitea/provision/create/tasks/main.yml
new file mode 100644
index 0000000..315df18
--- /dev/null
+++ b/roles/gitea/provision/create/tasks/main.yml
@@ -0,0 +1,30 @@
+---
+- name: Create container
+  community.general.proxmox:
+    vmid: 619
+    node: impa
+    api_user: root@pam
+    api_password: "{{ proxmox_api_password }}"
+    api_host: 10.0.2.2
+    password: "{{ lxc_password }}"
+    hostname: gitea
+    ostemplate: "hyrule-8tb-nfs:vztmpl/debian-11-standard_11.3-1_amd64.tar.zst"
+    netif: "{'net0':'name=eth0,\
+      gw=10.0.0.1,\
+      ip=10.0.2.28/21,\
+      hwaddr=cc:c6:cf:de:17:88,\
+      bridge=vmbr0'}"
+    cores: 4
+    memory: 4096
+    unprivileged: no
+    swap: 0
+    searchdomain: "home"
+    onboot: 1
+    features:
+      - nesting=1
+      - keyctl=1
+    mounts: '{
+      "mp0":"nvme:20,mp=/data,backup=1"
+      }'
+    disk: nvme:10
+    force: yes
diff --git a/roles/gitea/provision/delete/tasks/main.yml b/roles/gitea/provision/delete/tasks/main.yml
new file mode 100644
index 0000000..459b7a6
--- /dev/null
+++ b/roles/gitea/provision/delete/tasks/main.yml
@@ -0,0 +1,26 @@
+---
+- name: Stop container
+  community.general.proxmox:
+    vmid: "{{ vmid }}"
+    api_user: root@pam
+    api_password: "{{ proxmox_api_password }}"
+    api_host: 10.0.2.2
+    state: stopped
+  ignore_errors: true
+  timeout: 90
+
+- name: Remove containers
+  community.general.proxmox:
+    vmid: "{{ vmid }}"
+    api_user: root@pam
+    api_password: "{{ proxmox_api_password }}"
+    api_host: 10.0.2.2
+    state: absent
+  ignore_errors: true
+  timeout: 90
+
+- name: Remove .ssh/known_hosts lines
+  ansible.builtin.lineinfile:
+    path: /Users/lino.silva/.ssh/known_hosts
+    state: absent
+    regexp: "^10.0.2.28"
diff --git a/roles/gitea/provision/start/tasks/main.yml b/roles/gitea/provision/start/tasks/main.yml
new file mode 100644
index 0000000..de86b9b
--- /dev/null
+++ b/roles/gitea/provision/start/tasks/main.yml
@@ -0,0 +1,8 @@
+---
+- name: Start deployments
+  community.general.proxmox:
+    vmid: "{{ vmid }}"
+    api_user: root@pam
+    api_password: "{{ proxmox_api_password }}"
+    api_host: 10.0.2.2
+    state: started
diff --git a/roles/gitea/update/tasks/main.yml b/roles/gitea/update/tasks/main.yml
new file mode 100644
index 0000000..8227bf4
--- /dev/null
+++ b/roles/gitea/update/tasks/main.yml
@@ -0,0 +1,6 @@
+---
+- name: Update all packages to their latest version
+  become: true
+  ansible.builtin.apt:
+    update_cache: yes
+    upgrade: full
diff --git a/roles/swag/install-app/templates/gitea.subdomain.conf b/roles/swag/install-app/templates/gitea.subdomain.conf
index da46279..c37c39c 100644
--- a/roles/swag/install-app/templates/gitea.subdomain.conf
+++ b/roles/swag/install-app/templates/gitea.subdomain.conf
@@ -42,7 +42,7 @@ server {
 
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
-        set $upstream_app 10.0.2.1;
+        set $upstream_app 10.0.2.28;
         set $upstream_port 3000;
         set $upstream_proto http;
         proxy_pass $upstream_proto://$upstream_app:$upstream_port;