diff --git a/configuration/default.nix b/configuration/default.nix
index d504e19..de10004 100644
--- a/configuration/default.nix
+++ b/configuration/default.nix
@@ -1,7 +1,7 @@
 { config, pkgs, ... }:
 
 {
-  imports = [ ];
+  imports = [ ./services/gitea.nix ];
 
   nix = {
     package = pkgs.nixFlakes;
@@ -44,6 +44,15 @@
     recommendedGzipSettings = true;
     recommendedProxySettings = true;
     clientMaxBodySize = "10G";
+
+    virtualHosts = let
+      host = port: extra:
+        {
+          forceSSL = true;
+          enableACME = true;
+          locations."/" = { proxyPass = "http://localhost:${toString port}"; };
+        } // extra;
+    in { "gitea.tlater.net" = host 3000 { }; };
   };
 
   security.acme = {
diff --git a/configuration/services/gitea.nix b/configuration/services/gitea.nix
new file mode 100644
index 0000000..0e603df
--- /dev/null
+++ b/configuration/services/gitea.nix
@@ -0,0 +1,38 @@
+{ config, ... }:
+
+{
+  virtualisation.pods.gitea = {
+    hostname = "gitea.tlater.net";
+    publish = [ "3000:3000" "2221:2221" ];
+
+    containers = {
+      gitea = {
+        image = "gitea/gitea:latest";
+        volumes = [ "gitea:/data:Z" "/etc/localtime:/etc/localtime:ro" ];
+        dependsOn = [ "postgres" ];
+
+        environment = {
+          DB_TYPE = "postgres";
+          DB_HOST = "gitea-postgres:5432";
+          DB_NAME = "gitea";
+          DB_USER = "gitea";
+          DB_PASSWD = "/qNDDK9WCMuubfA7D8DFwfl9T+Gy2IMDvPhiNpcxZjY=";
+
+          RUN_MODE = "prod";
+          DOMAIN = "gitea.tlater.net";
+          SSH_PORT = "2221";
+        };
+      };
+
+      postgres = {
+        image = "postgres:alpine";
+        environment = {
+          POSTGRES_DB = "gitea";
+          POSTGRES_USER = "gitea";
+          POSTGRES_PASSWORD = "/qNDDK9WCMuubfA7D8DFwfl9T+Gy2IMDvPhiNpcxZjY=";
+        };
+        volumes = [ "gitea-db-data-new:/var/lib/postgresql/data" ];
+      };
+    };
+  };
+}