diff --git a/external-services/git.yaml b/gitea/ingress.yaml
similarity index 51%
rename from external-services/git.yaml
rename to gitea/ingress.yaml
index e707033..9300105 100644
--- a/external-services/git.yaml
+++ b/gitea/ingress.yaml
@@ -1,21 +1,9 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: git
-  namespace: external-services
-spec:
-  externalName: noctowl.cascade.strudelline.net
-  type: ExternalName
-  ports:
-  - name: http
-    protocol: TCP
-    port: 57924
 ---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: git
-  namespace: external-services
+  name: gitea
+  namespace: gitea
 spec:
   ingressClassName: istio
   rules:
@@ -26,9 +14,9 @@ spec:
         pathType: Prefix
         backend:
           service:
-            name: git
+            name: gitea
             port:
-              number: 57924
+              number: 3000
   tls:
   - hosts:
     - git.strudelline.net
diff --git a/gitea/ns.yaml b/gitea/ns.yaml
new file mode 100644
index 0000000..503e8f1
--- /dev/null
+++ b/gitea/ns.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    kubernetes.io/metadata.name: gitea
+    wildcard-tls.kn8v.com/copy: "true"
+  name: gitea
diff --git a/gitea/sts.yaml b/gitea/sts.yaml
new file mode 100644
index 0000000..7b46663
--- /dev/null
+++ b/gitea/sts.yaml
@@ -0,0 +1,73 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  labels:
+    app: gitea
+  name: gitea
+  namespace: gitea
+spec:
+  podManagementPolicy: OrderedReady
+  replicas: 1
+  selector:
+    matchLabels:
+      app: gitea
+  serviceName: gitea
+  updateStrategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: gitea
+    spec:
+      containers:
+      - name: gitea
+        image: gitea/gitea:1.20.0-rc2
+        env:
+        - name: GITEA__actions__ENABLED
+          value: "true"
+        - name: MINIO__server__ROOT_URL
+          value: https://git.strudelline.net/
+        - name: MINIO__server__DOMAIN
+          value: git.strudelline.net
+        - name: GITEA__actions__DEFAULT_ACTIONS_URL
+          value: https://github.com
+        livenessProbe:
+          httpGet:
+            path: /api/healthz
+            port: 3000
+        readinessProbe:
+          httpGet:
+            path: /api/healthz
+            port: 3000
+        ports:
+        - containerPort: 22
+          protocol: TCP
+          name: ssh
+        - containerPort: 3000
+          protocol: TCP
+          name: http
+        volumeMounts:
+        - mountPath: /backup
+          name: gitea-backup
+        - mountPath: /data
+          name: gitea-data
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+  volumeClaimTemplates:
+  - metadata:
+      name: gitea-backup
+    spec:
+      accessModes: [ "ReadWriteMany" ]
+      storageClassName: nfs
+      resources:
+        requests:
+          storage: 10Gi
+  - metadata:
+      name: gitea-data
+    spec:
+      accessModes: [ "ReadWriteOnce" ]
+      storageClassName: local-path
+      resources:
+        requests:
+          storage: 10Gi
+
diff --git a/gitea/svc.yaml b/gitea/svc.yaml
new file mode 100644
index 0000000..cb3e0dd
--- /dev/null
+++ b/gitea/svc.yaml
@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: gitea
+  name: gitea-ssh
+  namespace: gitea
+  annotations:
+    metallb.universe.tf/allow-shared-ip: 172.16.17.16
+    metallb.universe.tf/loadBalancerIPs: 172.16.17.16
+spec:
+  ipFamilies:
+  - IPv4
+  ipFamilyPolicy: SingleStack
+  ports:
+  - port: 22
+    name: ssh
+    protocol: TCP
+    targetPort: 22
+  selector:
+    app: gitea
+  type: LoadBalancer