diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..f6e1422
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+secrets
\ No newline at end of file
diff --git a/Timeline.org b/Timeline.org
index 969d97b..8e16df9 100644
--- a/Timeline.org
+++ b/Timeline.org
@@ -36,10 +36,10 @@
     CLOSED: [2019-11-08 Fri 13:51]
     - [X] Harden password
 ** Web stack [1/7] [14%]
-*** IN-PROGRESS Nginx [2/5] [40%]
+*** IN-PROGRESS Nginx [3/4] [75%]
     - [X] Radicale reverse proxy
     - [X] Syncthing reverse proxy
-    - [ ] Gitea vhost
+    - [X] Gitea vhost
     - [ ] Miniflux vhost
 *** TODO PHP [0/1] [0%]
     - [ ] Php-fpm
diff --git a/configuration.nix b/configuration.nix
index dcef40e..0217050 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -102,6 +102,7 @@
     ./modules/datasync.nix
     ./modules/hardware-configuration.nix
     ./modules/webstack.nix
+    ./modules/devops.nix
   ];
 
 }
diff --git a/modules/devops.nix b/modules/devops.nix
new file mode 100644
index 0000000..9f6fc31
--- /dev/null
+++ b/modules/devops.nix
@@ -0,0 +1,23 @@
+# Software development configuration
+{ config, pkgs, lib, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    gitea
+  ];
+
+  # Gitea setup with daily backup
+  services.gitea = {
+    enable = true;
+    domain = "coolneng.duckdns.org/gitea";
+    rootUrl = "https://coolneng.duckdns.org/gitea";
+    database = {
+      type = "postgres";
+      passwordFile = "/var/keys/gitea/db";
+    };
+    cookieSecure = true;
+    #disableRegistration = true;
+    repositoryRoot = "/vault/git";
+    dump.enable = true;
+  };
+
+}
diff --git a/modules/webstack.nix b/modules/webstack.nix
index 868848d..f2d9b5f 100644
--- a/modules/webstack.nix
+++ b/modules/webstack.nix
@@ -62,6 +62,9 @@
         locations."/syncthing/" = {
           proxyPass = "http://localhost:8384/";
         };
+        locations."/gitea/" = {
+          proxyPass = "http://localhost:3000/";
+        };
       };
     };
   };
@@ -81,7 +84,27 @@
   };
 
   # Enable PostgreSQL with daily backup
-  services.postgresql.enable = true;
+  services.postgresql = {
+    enable = true;
+    package = pkgs.postgresql_11;
+    ensureDatabases = [ "gitea" ];
+    ensureUsers = [
+      {
+      name = "gitea";
+      ensurePermissions = {"DATABASE gitea" = "ALL PRIVILEGES";};
+      }
+    ];
+    authentication = lib.mkForce ''
+    # Generated file; do not edit!
+    # TYPE  DATABASE        USER            ADDRESS                 METHOD
+    local   all             all                                     trust
+    host    all             all             127.0.0.1/32            trust
+    host    all             all             ::1/128                 trust
+    '';
+    identMap = ''
+            gitea-users gitea gitea
+    '';
+  };
 
   services.postgresqlBackup = {
       enable = true;