diff --git a/deployment/stacks/gitea/docker-compose.yml b/deployment/stacks/gitea/docker-compose.yml
new file mode 100644
index 00000000..e831f95e
--- /dev/null
+++ b/deployment/stacks/gitea/docker-compose.yml
@@ -0,0 +1,114 @@
+version: '3.8'
+
+services:
+  gitea:
+    image: gitea/gitea:1.21
+    container_name: gitea
+    restart: unless-stopped
+    depends_on:
+      - postgres
+      - redis
+    networks:
+      - traefik-public
+      - gitea-internal
+    environment:
+      - TZ=Europe/Berlin
+      - USER_UID=1000
+      - USER_GID=1000
+      - GITEA__database__DB_TYPE=postgres
+      - GITEA__database__HOST=postgres:5432
+      - GITEA__database__NAME=${POSTGRES_DB:-gitea}
+      - GITEA__database__USER=${POSTGRES_USER:-gitea}
+      - GITEA__database__PASSWD=${POSTGRES_PASSWORD:-gitea_password}
+      - GITEA__cache__ENABLED=true
+      - GITEA__cache__ADAPTER=redis
+      - GITEA__cache__HOST=redis://:${REDIS_PASSWORD:-gitea_redis}@redis:6379/0
+      - GITEA__session__PROVIDER=redis
+      - GITEA__session__PROVIDER_CONFIG=redis://:${REDIS_PASSWORD:-gitea_redis}@redis:6379/1
+      - GITEA__queue__TYPE=redis
+      - GITEA__queue__CONN_STR=redis://:${REDIS_PASSWORD:-gitea_redis}@redis:6379/2
+      - GITEA__server__DOMAIN=${GITEA_DOMAIN:-git.michaelschiemer.de}
+      - GITEA__server__ROOT_URL=https://${GITEA_DOMAIN:-git.michaelschiemer.de}/
+      - GITEA__server__SSH_DOMAIN=${GITEA_DOMAIN:-git.michaelschiemer.de}
+      - GITEA__server__SSH_PORT=2222
+      - GITEA__service__DISABLE_REGISTRATION=${DISABLE_REGISTRATION:-true}
+      - GITEA__actions__ENABLED=true
+    volumes:
+      - gitea-data:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - "2222:22"  # SSH for Git operations
+    labels:
+      - "traefik.enable=true"
+
+      # HTTP Router
+      - "traefik.http.routers.gitea.rule=Host(`${GITEA_DOMAIN:-git.michaelschiemer.de}`)"
+      - "traefik.http.routers.gitea.entrypoints=websecure"
+      - "traefik.http.routers.gitea.tls=true"
+      - "traefik.http.routers.gitea.tls.certresolver=letsencrypt"
+
+      # Service
+      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
+
+      # Middleware
+      - "traefik.http.routers.gitea.middlewares=default-chain@file"
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:3000/api/healthz"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 30s
+
+  postgres:
+    image: postgres:16-alpine
+    container_name: gitea-postgres
+    restart: unless-stopped
+    networks:
+      - gitea-internal
+    environment:
+      - TZ=Europe/Berlin
+      - POSTGRES_DB=${POSTGRES_DB:-gitea}
+      - POSTGRES_USER=${POSTGRES_USER:-gitea}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-gitea_password}
+    volumes:
+      - postgres-data:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-gitea} -d ${POSTGRES_DB:-gitea}"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 30s
+
+  redis:
+    image: redis:7-alpine
+    container_name: gitea-redis
+    restart: unless-stopped
+    networks:
+      - gitea-internal
+    environment:
+      - TZ=Europe/Berlin
+    volumes:
+      - redis-data:/data
+    command: redis-server --appendonly yes --requirepass ${REDIS_PASSWORD:-gitea_redis}
+    healthcheck:
+      test: ["CMD", "redis-cli", "-a", "${REDIS_PASSWORD}", "ping"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 10s
+
+volumes:
+  gitea-data:
+    name: gitea-data
+  postgres-data:
+    name: gitea-postgres-data
+  redis-data:
+    name: gitea-redis-data
+
+networks:
+  traefik-public:
+    external: true
+  gitea-internal:
+    name: gitea-internal
+    driver: bridge