diff --git a/apps/00-namespace.yaml b/apps/00-namespace.yaml
new file mode 100644
index 0000000..f05026e
--- /dev/null
+++ b/apps/00-namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: apps
diff --git a/apps/gitea.yaml b/apps/gitea.yaml
new file mode 100644
index 0000000..9c6f799
--- /dev/null
+++ b/apps/gitea.yaml
@@ -0,0 +1,112 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: gitea-pvc
+  namespace: apps
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: longhorn
+  resources:
+    requests:
+      storage: 5Gi
+    limits:
+      storage: 5Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: gitea
+  namespace: apps
+spec:
+  ports:
+    - port: 3000
+      name: frontend
+      targetPort: 3000
+    - port: 30022
+      name: ssh
+      targetPort: 22
+  selector:
+    app: gitea
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gitea
+  namespace: apps
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: gitea
+  template:
+    metadata:
+      labels:
+        app: gitea
+    spec:
+      containers:
+        - name: gitea
+          image: gitea/gitea:1.21.1
+          env:
+            - name: USER_UID
+              value: "1000"
+            - name: USER_GID
+              value: "1000"
+            - name: DISABLE_REGISTRATION
+              value: "true"
+            - name: GITEA__database__DB_TYPE
+              value: "postgres"
+            - name: GITEA__database__HOST
+              value: "postgres.databases:5432"
+            - name: GITEA__database__NAME
+              value: "gitea"
+            - name: GITEA__database__USER
+              value: "postgres"
+            - name: GITEA__database__PASSWD
+              valueFrom:
+                secretKeyRef:
+                  name: secrets
+                  key: POSTGRES_PASSWORD
+          ports:
+            - containerPort: 3000
+            - containerPort: 22
+          volumeMounts:
+            - mountPath: /data
+              name: gitea-data
+            - mountPath: /etc/timezone
+              name: timezone
+              readOnly: true
+            - mountPath: /etc/localtime
+              name: localtime
+              readOnly: true
+      volumes:
+        - name: gitea-data
+          persistentVolumeClaim:
+            claimName: gitea-pvc
+        - name: timezone
+          hostPath:
+            path: /etc/timezone
+            type: File
+        - name: localtime
+          hostPath:
+            path: /etc/localtime
+            type: File
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: gitea
+  namespace: apps
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`gitea.nocodelytics.com`)
+      kind: Rule
+      services:
+        - name: gitea
+          port: 3000
+  tls:
+    certResolver: letsencrypt
+    domains:
+      - main: gitea.nocodelytics.com