diff --git a/2-nomad-config/.terraform.lock.hcl b/2-nomad-config/.terraform.lock.hcl
index 1ce8322..51e754c 100644
--- a/2-nomad-config/.terraform.lock.hcl
+++ b/2-nomad-config/.terraform.lock.hcl
@@ -16,6 +16,27 @@ provider "registry.terraform.io/carlpett/sops" {
   ]
 }
 
+provider "registry.terraform.io/cyrilgdn/postgresql" {
+  version = "1.25.0"
+  hashes = [
+    "h1:4Hlupc8gYrPnFKisesXs9lypK6LXslU4L4tjBZOhmiE=",
+    "zh:0f9db6e1274603d642e96b58eaf6cc4223f7118f2d7ce909dc4812d332cc002a",
+    "zh:1819470f0304c6a60b2b51817cb43f6ff59a49e08cc9e50644b86b3a76c91601",
+    "zh:27bfb544983cac101a7c7c2e4cb9939a712dffcdd7ddcab83c2f8afc334e33c5",
+    "zh:46166f6f05771b0495df18459fdf3a63fae8b38e95a1b2754f03d006e17ea33d",
+    "zh:64d53afc52f26e8214990acc3e07f3b47bef628aa6b317595a8faec05b252209",
+    "zh:944d7ded418c022dd3ee513246677d601376fa38d76c9c4aecff2c2eefcaa35b",
+    "zh:9819551b61542a6d322d6a323bbb552ce02e769ce2222fd9bb1935473c7c4b3c",
+    "zh:c38bd73e208fe216efab48d099c85b8ad1e51ff102b3892443febc9778e7236e",
+    "zh:c73de133274dcc7a03e95f598550facc59315538f355e57e14b36e222b298826",
+    "zh:c7af02f5338bfe7f1976e01d3fcf82e05b3551893e732539a84c568d25571a84",
+    "zh:d1aa3d7432c7de883873f8f70e9a6207c7b536d874486d37aee0ca8c8853a890",
+    "zh:e17e9809fc7cc2d6f89078b8bfe6308930117b2270be8081820da40029b04828",
+    "zh:e1b21b7b7022e0d468d72f4534d226d57a7bfd8c96a4c7dc2c2fa0bb0b99298d",
+    "zh:f24b73645d8bc225f692bdf9c035411099ef57138569f45f3605ec79ac872e3b",
+  ]
+}
+
 provider "registry.terraform.io/hashicorp/nomad" {
   version = "2.5.0"
   hashes = [
diff --git a/2-nomad-config/1-infra.tf b/2-nomad-config/1-infra.tf
index d16696a..0b29b76 100644
--- a/2-nomad-config/1-infra.tf
+++ b/2-nomad-config/1-infra.tf
@@ -1,7 +1,3 @@
-provider "nomad" {
-  address = "http://jaglan-beta-m01:4646"
-}
-
 terraform {
   backend "local" {
     path = "./.tfstate/terraform.tfstate"
@@ -14,9 +10,16 @@ terraform {
       source  = "carlpett/sops"
       version = "~> 0.5"
     }
+    postgresql = {
+      source = "cyrilgdn/postgresql"
+    }
   }
 }
 
+provider "nomad" {
+  address = "http://jaglan-beta-m01:4646"
+}
+
 data "sops_file" "secrets" {
   source_file = "secrets.enc.json"
 }
@@ -72,6 +75,16 @@ resource "nomad_variable" "postgres" {
   }
 }
 
+provider "postgresql" {
+  host            = "jaglan-beta-m01"
+  port            = 5432
+  database        = "postgres"
+  username        = "postgres"
+  password        = data.sops_file.secrets.data["postgres.postgres"]
+  sslmode         = "disable"
+  connect_timeout = 15
+}
+
 resource "nomad_csi_volume_registration" "unraid_database_dump" {
   #Note: Before chaning the definition of this volume you need to stop the jobs that are using it
   depends_on = [data.nomad_plugin.smb]
diff --git a/2-nomad-config/2-services.tf b/2-nomad-config/2-services.tf
index a4e61f0..ba1210f 100644
--- a/2-nomad-config/2-services.tf
+++ b/2-nomad-config/2-services.tf
@@ -58,4 +58,53 @@ resource "nomad_csi_volume_registration" "unraid_appdata_transferfilebrowser" {
   }
 }
 
+resource "nomad_job" "gitea" {
+  jobspec = file("gitea.nomad.hcl")
+}
+
+resource "nomad_variable" "gitea" {
+  path = "nomad/jobs/gitea"
+  items = {
+    internal_token = data.sops_file.secrets.data["gitea.internal_token"]
+    jwt_secret     = data.sops_file.secrets.data["gitea.jwt_secret"]
+  }
+}
+
+resource "postgresql_role" "gitea" {
+  name     = "gitea"
+  password = "gitea"
+  login    = true
+}
+
+resource "postgresql_database" "gitea" {
+  name  = "gitea"
+  owner = postgresql_role.gitea.name
+}
+
+resource "nomad_csi_volume_registration" "unraid_appdata_gitea" {
+  #Note: Before chaning the definition of this volume you need to stop the jobs that are using it
+  depends_on = [data.nomad_plugin.smb]
+  plugin_id  = "smb"
+
+  volume_id = "unraid_appdata_gitea"
+  name      = "unraid_appdata_gitea"
+
+  external_id = "unraid_appdata_gitea"
+
+  capability {
+    access_mode     = "single-node-writer"
+    attachment_mode = "file-system"
+  }
+
+  context = {
+    source = "//192.168.1.192/appdata"
+    subDir = "gitea" # Note: Needs to be manually created on the share
+  }
+
+  secrets = {
+    "username" = "nomad"
+    "password" = data.sops_file.secrets.data["unraid.nomad"]
+  }
+}
+
 
diff --git a/2-nomad-config/gitea.nomad.hcl b/2-nomad-config/gitea.nomad.hcl
new file mode 100644
index 0000000..1bc1288
--- /dev/null
+++ b/2-nomad-config/gitea.nomad.hcl
@@ -0,0 +1,122 @@
+# TODOs
+#  - Map /data/ to unraid appdata
+#  - Move database config to /data/gitea/conf/app.ini (where it would be copied on first run)
+
+job "gitea" {
+  group "gitea" {
+    network {
+      mode = "bridge"
+      port "http" {
+        to = 3000
+      }
+    }
+
+    service {
+      connect {
+        sidecar_service {
+          proxy {
+            upstreams {
+              destination_name = "postgres"
+              local_bind_port  = 5432
+            }
+          }
+        }
+      }
+    }
+
+    service {
+      name = "code"
+      port = "http"
+
+      tags = [
+        "traefik.enable=true",
+        "traefik.http.routers.gitea.middlewares=auth@file",
+      ]
+
+      # check {
+      #   type     = "http"
+      #   path     = "/"
+      #   interval = "10s"
+      #   timeout  = "2s"
+      # }
+    }
+
+    task "gitea" {
+      driver = "docker"
+
+      config {
+        image = "gitea/gitea:latest"
+
+        ports = ["http"]
+
+        volumes = ["local/app.ini:/data/gitea/conf/app.ini"]
+      }
+
+      env = {
+        USER_UID = "1000"
+        USER_GID = "1000"
+      }
+
+      resources {
+        cpu    = 500
+        memory = 256
+      }
+
+      volume_mount {
+        volume      = "unraid_appdata_gitea"
+        destination = "/data"
+        read_only   = false
+      }
+
+      template {
+        data        = <<EOF
+# Gitea configuration file
+WORK_PATH = /data/
+
+[database]
+DB_TYPE = postgres
+HOST = localhost:5432
+NAME = gitea
+USER = gitea
+PASSWD = gitea
+
+[repository]
+ROOT = /data/git/repositories
+
+[server]
+DOMAIN = code.othrayte.one
+ROOT_URL = https://code.othrayte.one/
+
+[lfs]
+PATH = /data/git/lfs
+
+[log]
+MODE = console
+LEVEL = info
+ROOT_PATH = /data/gitea/log
+
+[security]
+INSTALL_LOCK = true
+INTERNAL_TOKEN = {{ with nomadVar "nomad/jobs/gitea" }}{{ .internal_token }}{{ end }}
+PASSWORD_HASH_ALGO = pbkdf2
+
+[oauth2]
+JWT_SECRET = {{ with nomadVar "nomad/jobs/gitea" }}{{ .jwt_secret }}{{ end }}
+EOF
+        destination = "local/app.ini"
+      }
+    }
+
+    volume "unraid_appdata_gitea" {
+      type            = "csi"
+      read_only       = false
+      source          = "unraid_appdata_gitea"
+      access_mode     = "single-node-writer"
+      attachment_mode = "file-system"
+
+      mount_options {
+        mount_flags = ["uid=1000", "gid=1000"]
+      }
+    }
+  }
+}
diff --git a/2-nomad-config/secrets.enc.json b/2-nomad-config/secrets.enc.json
index cff8584..b8e740f 100644
--- a/2-nomad-config/secrets.enc.json
+++ b/2-nomad-config/secrets.enc.json
@@ -10,6 +10,10 @@
 	"postgres": {
 		"postgres": "ENC[AES256_GCM,data:lKuLcVTuUbfrlVhRdCs=,iv:TsbtAbXYTysxuiCi08F0hJsgoolzzgE2EPdFdPMQ+NQ=,tag:9oNua06hHdeCzE7nB22c0g==,type:str]"
 	},
+	"gitea": {
+		"internal_token": "ENC[AES256_GCM,data:teIsV+6nUPWO9/amas3FmK6uv44YEZNpV780ncTwUkQDygDvQRr7A3KEbk/rYFcTjfxK6Kw8nmqi0rBrcBNX1bSVNg8jwfYHhY2TxFMgCo4tkQxLf3eSBUhlPGsfpsskACKIPnZ1RQ2m,iv:NAKPw0YVNtLlyEp7wld9ml4zQlVxo/takiOid6YQlfA=,tag:QIk+USh8MLZDzJkQsglJ+w==,type:str]",
+		"jwt_secret": "ENC[AES256_GCM,data:/dPDqJdn4Af3Wo005V7lU9b8RbN/wyF0Tx66827cdyaZfi4QPOSj23wNqw==,iv:yJW2PiAGGr97q0DoBr64X88eFNpuVPZX0SPyNDp5QjQ=,tag:p27XTUbMC0WDMTNJCscmGQ==,type:str]"
+	},
 	"sops": {
 		"age": [
 			{
@@ -17,8 +21,8 @@
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByUWM4ZDVVbGFrUGdMRHBX\nUFBmU3Nlc0RBSzhFK0tHNHpkQXUvUVdiZUZJCmpRN1lFdENpWW0rcThjVlVQNUl6\nWnlLU0RnQ3FZby81Ly8xTFBrek9nMncKLS0tIFQ4UTRNOC9CRmx4OFJWem1wckZz\nUDFTSzdWZldFK3FqcTNWTWRyNDhHQ2MKS811mR5xn7qiC/aVgPFYJ5c6Q3zxRfcr\nHcvxUvB01vNJKZpRg92vvKPkV6lQO3DXCT98OdfwiymlEOvYxg71Pg==\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
-		"lastmodified": "2025-05-18T13:38:16Z",
-		"mac": "ENC[AES256_GCM,data:9rGE16ZuAOQZN/h+qYx/RHHAlU3BewKvBWQFIRqIRwPT5mKfu1mwzWSZPGU7EnLWIVvX+iPUltf7RkZOBPzE90w7kcXBTxsA+hKNZKTa2Bz4/95UKX2BBR/J6t6Leayb+W8hKwQ9QF+UTXh2GOwx4yIvQXVPDxr7D9Hwzz9yDYY=,iv:9tBdheTDN3XrRbL+V6K5HBvhuvLkZ7Vn/bGpBkh+hGg=,tag:gCd6TJAOf1+gITaKzxQA7Q==,type:str]",
+		"lastmodified": "2025-05-19T12:11:30Z",
+		"mac": "ENC[AES256_GCM,data:BjUuMWp3bE0iHLZZ9lHh/sSKSDF3sBgRr4CmKKqjXaY1CJ6k9wESgZmxjT2FOTfzJ5tZaBXdm4WKwagE6frke0eNfYDIWC+FQfX/4geUe8OyQFW/22i7I60uS4bVv9PAO/JJKTNCZxOdtLsK7fZ8rS4Jve9mAdhEbKfPmQHIiy4=,iv:cqi4rpbJLxLr8zjKrx80mKJBbSuU1D0XjUbBg1CYDRk=,tag:+8Hl9WQ2ZUY6BPMw/GMtpQ==,type:str]",
 		"encrypted_regex": "^(.*)$",
 		"version": "3.10.2"
 	}