diff --git a/bxl-shp/apps/docker-compose.gitea.yaml b/bxl-shp/apps/docker-compose.gitea.yaml
new file mode 100644
index 0000000..beecedf
--- /dev/null
+++ b/bxl-shp/apps/docker-compose.gitea.yaml
@@ -0,0 +1,32 @@
+services:
+  gitea:
+    container_name: gitea
+    image: gitea/gitea:1
+    environment:
+    - USER_UID=1000
+    - USER_GID=1000
+    - GITEA__database__PASSWD=${POSTGRES_PASSWORD}
+    - GITEA__mailer__PASSWD=${SMTP_PASSWORD} 
+    restart: unless-stopped
+    volumes:
+    - $DATA/gitea:/data
+    - /etc/timezone:/etc/timezone:ro
+    - /etc/localtime:/etc/localtime:ro
+    depends_on:
+    - postgres
+    labels:
+    - "traefik.enable=true"
+    - "traefik.http.routers.gitea.rule=Host(`git.bhasher.com`)"
+    - "traefik.http.services.gitea.loadbalancer.server.port=3000"
+    - "traefik.http.routers.gitea.tls=true"
+    - "traefik.http.routers.gitea.tls.certresolver=http"
+    - "traefik.http.routers.gitea.entrypoints=internalsecure"
+    networks:
+    - external
+    - storage
+
+networks:
+  external:
+    external: true
+  storage:
+    external: true
diff --git a/bxl-shp/config/idp/authelia.configuration.yaml b/bxl-shp/config/idp/authelia.configuration.yaml
index e9f0a71..7f20439 100644
--- a/bxl-shp/config/idp/authelia.configuration.yaml
+++ b/bxl-shp/config/idp/authelia.configuration.yaml
@@ -193,3 +193,17 @@ identity_providers:
       - groups
       - email
       userinfo_signing_algorithm: none
+    - id: gitea
+      description: Gitea
+      secret: '$argon2id$v=19$m=65536,t=3,p=4$hVcRat4GdQSCfaikh6C7xQ$KydT/DYUVnazMHhhZgYN9+LMaAI9vpX9x53PcYgsrko'
+      public: false
+      authorization_policy: two_factor
+      redirect_uris:
+      - https://git.bhasher.com/user/oauth2/Authelia/callback
+      consent_mode: implicit
+      scopes:
+      - openid
+      - profile
+      - groups
+      - email
+      userinfo_signing_algorithm: none