diff --git a/apps/gitea/manifest.yml b/apps/gitea/manifest.yml
new file mode 100644
index 00000000..4af96688
--- /dev/null
+++ b/apps/gitea/manifest.yml
@@ -0,0 +1,42 @@
+id: gitea
+name: Gitea
+version: "1.23"
+description: Self-hosted Git service with built-in container registry, CI/CD, and package hosting.
+category: development
+icon: git-branch
+port: 3000
+ssh_port: 2222
+image: docker.io/gitea/gitea:1.23
+tier: optional
+
+requires:
+  memory_mb: 256
+  disk_mb: 500
+
+volumes:
+  - host: /var/lib/archipelago/gitea/data
+    container: /data
+  - host: /var/lib/archipelago/gitea/config
+    container: /etc/gitea
+
+environment:
+  GITEA__database__DB_TYPE: sqlite3
+  GITEA__server__SSH_PORT: "2222"
+  GITEA__server__SSH_LISTEN_PORT: "22"
+  GITEA__server__LFS_START_SERVER: "true"
+  GITEA__packages__ENABLED: "true"
+  GITEA__repository__ENABLE_PUSH_CREATE_USER: "true"
+  GITEA__repository__ENABLE_PUSH_CREATE_ORG: "true"
+
+health_check:
+  endpoint: /
+  interval: 120
+  timeout: 5
+  retries: 3
+
+features:
+  - Git repositories with web UI
+  - Built-in container/package registry
+  - Issue tracking and pull requests
+  - CI/CD via Gitea Actions
+  - Lightweight (SQLite, no external DB needed)
diff --git a/core/archipelago/src/api/rpc/package/config.rs b/core/archipelago/src/api/rpc/package/config.rs
index 67de0f43..2a54ed82 100644
--- a/core/archipelago/src/api/rpc/package/config.rs
+++ b/core/archipelago/src/api/rpc/package/config.rs
@@ -4,7 +4,7 @@ use anyhow::{Context, Result};
 
 /// Trusted Docker registries. Only images from these sources are allowed.
 #[allow(dead_code)]
-pub(super) const TRUSTED_REGISTRIES: &[&str] = &["docker.io/", "ghcr.io/", "localhost/", "git.tx1138.com/"];
+pub(super) const TRUSTED_REGISTRIES: &[&str] = &["docker.io/", "ghcr.io/", "localhost/", "git.tx1138.com/", "23.182.128.160:3000/"];
 
 /// Validate Docker image against trusted registry allowlist.
 pub(super) fn is_valid_docker_image(image: &str) -> bool {
@@ -21,7 +21,7 @@ pub(super) fn is_valid_docker_image(image: &str) -> bool {
         Some(r) => r,
         None => return false,
     };
-    matches!(registry, "docker.io" | "ghcr.io" | "localhost" | "git.tx1138.com")
+    matches!(registry, "docker.io" | "ghcr.io" | "localhost" | "git.tx1138.com" | "23.182.128.160:3000")
 }
 
 /// Per-app Linux capabilities needed beyond the default cap-drop=ALL.
@@ -894,6 +894,24 @@ pub(super) async fn get_app_config(
                 None,
             )
         }
+        "gitea" => (
+            vec!["3000:3000".to_string(), "2222:22".to_string()],
+            vec![
+                "/var/lib/archipelago/gitea/data:/data".to_string(),
+                "/var/lib/archipelago/gitea/config:/etc/gitea".to_string(),
+            ],
+            vec![
+                "GITEA__database__DB_TYPE=sqlite3".to_string(),
+                "GITEA__server__SSH_PORT=2222".to_string(),
+                "GITEA__server__SSH_LISTEN_PORT=22".to_string(),
+                "GITEA__server__LFS_START_SERVER=true".to_string(),
+                "GITEA__packages__ENABLED=true".to_string(),
+                "GITEA__repository__ENABLE_PUSH_CREATE_USER=true".to_string(),
+                "GITEA__repository__ENABLE_PUSH_CREATE_ORG=true".to_string(),
+            ],
+            None,
+            None,
+        ),
         _ => (vec![], vec![], vec![], None, None),
     }
 }
diff --git a/image-recipe/configs/nginx-archipelago.conf b/image-recipe/configs/nginx-archipelago.conf
index fd78feea..200a5ca1 100644
--- a/image-recipe/configs/nginx-archipelago.conf
+++ b/image-recipe/configs/nginx-archipelago.conf
@@ -477,6 +477,17 @@ server {
         sub_filter "src='/" "src='/app/botfights/";
         sub_filter '</head>' '<script src="/nostr-provider.js"></script></head>';
     }
+    location /app/gitea/ {
+        proxy_pass http://127.0.0.1:3000/;
+        proxy_http_version 1.1;
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_hide_header X-Frame-Options;
+        add_header X-Frame-Options "SAMEORIGIN" always;
+        client_max_body_size 1G;
+    }
     location /app/lnd/ {
         proxy_pass http://127.0.0.1:8081/;
         proxy_http_version 1.1;
diff --git a/neode-ui/public/assets/img/app-icons/gitea.svg b/neode-ui/public/assets/img/app-icons/gitea.svg
new file mode 100644
index 00000000..9df6b83b
--- /dev/null
+++ b/neode-ui/public/assets/img/app-icons/gitea.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<svg version="1.1" id="main_outline" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px"
+	 y="0px" viewBox="0 0 640 640" style="enable-background:new 0 0 640 640;" xml:space="preserve">
+<g>
+	<path id="teabag" style="fill:#FFFFFF" d="M395.9,484.2l-126.9-61c-12.5-6-17.9-21.2-11.8-33.8l61-126.9c6-12.5,21.2-17.9,33.8-11.8
+		c17.2,8.3,27.1,13,27.1,13l-0.1-109.2l16.7-0.1l0.1,117.1c0,0,57.4,24.2,83.1,40.1c3.7,2.3,10.2,6.8,12.9,14.4
+		c2.1,6.1,2,13.1-1,19.3l-61,126.9C423.6,484.9,408.4,490.3,395.9,484.2z"/>
+	<g>
+		<g>
+			<path style="fill:#609926" d="M622.7,149.8c-4.1-4.1-9.6-4-9.6-4s-117.2,6.6-177.9,8c-13.3,0.3-26.5,0.6-39.6,0.7c0,39.1,0,78.2,0,117.2
+				c-5.5-2.6-11.1-5.3-16.6-7.9c0-36.4-0.1-109.2-0.1-109.2c-29,0.4-89.2-2.2-89.2-2.2s-141.4-7.1-156.8-8.5
+				c-9.8-0.6-22.5-2.1-39,1.5c-8.7,1.8-33.5,7.4-53.8,26.9C-4.9,212.4,6.6,276.2,8,285.8c1.7,11.7,6.9,44.2,31.7,72.5
+				c45.8,56.1,144.4,54.8,144.4,54.8s12.1,28.9,30.6,55.5c25,33.1,50.7,58.9,75.7,62c63,0,188.9-0.1,188.9-0.1s12,0.1,28.3-10.3
+				c14-8.5,26.5-23.4,26.5-23.4s12.9-13.8,30.9-45.3c5.5-9.7,10.1-19.1,14.1-28c0,0,55.2-117.1,55.2-231.1
+				C633.2,157.9,624.7,151.8,622.7,149.8z M125.6,353.9c-25.9-8.5-36.9-18.7-36.9-18.7S69.6,321.8,60,295.4
+				c-16.5-44.2-1.4-71.2-1.4-71.2s8.4-22.5,38.5-30c13.8-3.7,31-3.1,31-3.1s7.1,59.4,15.7,94.2c7.2,29.2,24.8,77.7,24.8,77.7
+				S142.5,359.9,125.6,353.9z M425.9,461.5c0,0-6.1,14.5-19.6,15.4c-5.8,0.4-10.3-1.2-10.3-1.2s-0.3-0.1-5.3-2.1l-112.9-55
+				c0,0-10.9-5.7-12.8-15.6c-2.2-8.1,2.7-18.1,2.7-18.1L322,273c0,0,4.8-9.7,12.2-13c0.6-0.3,2.3-1,4.5-1.5c8.1-2.1,18,2.8,18,2.8
+				l110.7,53.7c0,0,12.6,5.7,15.3,16.2c1.9,7.4-0.5,14-1.8,17.2C474.6,363.8,425.9,461.5,425.9,461.5z"/>
+			<path style="fill:#609926" d="M326.8,380.1c-8.2,0.1-15.4,5.8-17.3,13.8c-1.9,8,2,16.3,9.1,20c7.7,4,17.5,1.8,22.7-5.4
+				c5.1-7.1,4.3-16.9-1.8-23.1l24-49.1c1.5,0.1,3.7,0.2,6.2-0.5c4.1-0.9,7.1-3.6,7.1-3.6c4.2,1.8,8.6,3.8,13.2,6.1
+				c4.8,2.4,9.3,4.9,13.4,7.3c0.9,0.5,1.8,1.1,2.8,1.9c1.6,1.3,3.4,3.1,4.7,5.5c1.9,5.5-1.9,14.9-1.9,14.9
+				c-2.3,7.6-18.4,40.6-18.4,40.6c-8.1-0.2-15.3,5-17.7,12.5c-2.6,8.1,1.1,17.3,8.9,21.3c7.8,4,17.4,1.7,22.5-5.3
+				c5-6.8,4.6-16.3-1.1-22.6c1.9-3.7,3.7-7.4,5.6-11.3c5-10.4,13.5-30.4,13.5-30.4c0.9-1.7,5.7-10.3,2.7-21.3
+				c-2.5-11.4-12.6-16.7-12.6-16.7c-12.2-7.9-29.2-15.2-29.2-15.2s0-4.1-1.1-7.1c-1.1-3.1-2.8-5.1-3.9-6.3c4.7-9.7,9.4-19.3,14.1-29
+				c-4.1-2-8.1-4-12.2-6.1c-4.8,9.8-9.7,19.7-14.5,29.5c-6.7-0.1-12.9,3.5-16.1,9.4c-3.4,6.3-2.7,14.1,1.9,19.8
+				C343.2,346.5,335,363.3,326.8,380.1z"/>
+		</g>
+	</g>
+</g>
+</svg>
diff --git a/neode-ui/src/views/appSession/appSessionConfig.ts b/neode-ui/src/views/appSession/appSessionConfig.ts
index 2d443b2b..43086509 100644
--- a/neode-ui/src/views/appSession/appSessionConfig.ts
+++ b/neode-ui/src/views/appSession/appSessionConfig.ts
@@ -43,6 +43,7 @@ export const APP_PORTS: Record<string, number> = {
   'routstr':       8200,
   'indeedhub':     7778,
   'botfights':     9100,
+  'gitea':         3000,
   'dwn':           3100,
   'endurain':      8080,
 }
@@ -88,6 +89,7 @@ export const HTTPS_PROXY_PATHS: Record<string, string> = {
   'grafana': '/app/grafana/',
   'indeedhub': '/app/indeedhub/',
   'botfights': '/app/botfights/',
+  'gitea': '/app/gitea/',
   'routstr': '/app/routstr/',
   'nostr-vpn': '/app/nostr-vpn/',
   'fips': '/app/fips/',
@@ -106,7 +108,7 @@ export const EXTERNAL_URLS: Record<string, string> = {
 
 export const APP_TITLES: Record<string, string> = {
   'bitcoin-knots': 'Bitcoin', 'btcpay-server': 'BTCPay Server', 'indeedhub': 'Indeehub',
-  'botfights': 'BotFights', '484-kitchen': '484 Kitchen', 'arch-presentation': 'Presentation',
+  'botfights': 'BotFights', 'gitea': 'Gitea', '484-kitchen': '484 Kitchen', 'arch-presentation': 'Presentation',
   'nostr-vpn': 'Nostr VPN', 'fips': 'FIPS', 'routstr': 'Routstr',
   'homeassistant': 'Home Assistant', 'uptime-kuma': 'Uptime Kuma',
   'nginx-proxy-manager': 'Nginx Proxy Manager', 'nostr-rs-relay': 'Nostr Relay',
diff --git a/neode-ui/src/views/marketplace/marketplaceData.ts b/neode-ui/src/views/marketplace/marketplaceData.ts
index d85c6acd..186dafe8 100644
--- a/neode-ui/src/views/marketplace/marketplaceData.ts
+++ b/neode-ui/src/views/marketplace/marketplaceData.ts
@@ -478,6 +478,18 @@ export function getCuratedAppList(): MarketplaceApp[] {
       manifestUrl: undefined,
       repoUrl: 'https://botfights.net',
     },
+    {
+      id: 'gitea',
+      title: 'Gitea',
+      version: '1.23',
+      category: 'data',
+      description: 'Self-hosted Git service with built-in container registry, CI/CD, issue tracking, and package hosting. Lightweight alternative to GitHub/GitLab.',
+      icon: '/assets/img/app-icons/gitea.svg',
+      author: 'Gitea',
+      dockerImage: 'docker.io/gitea/gitea:1.23',
+      manifestUrl: undefined,
+      repoUrl: 'https://gitea.com',
+    },
     {
       id: 'nwnn',
       title: 'Next Web News Network',
diff --git a/scripts/image-versions.sh b/scripts/image-versions.sh
index 2ff6096d..e4748c7f 100644
--- a/scripts/image-versions.sh
+++ b/scripts/image-versions.sh
@@ -82,6 +82,9 @@ MINIO_IMAGE="$ARCHY_REGISTRY/minio:RELEASE.2024-11-07T00-52-20Z"
 INDEEDHUB_POSTGRES_IMAGE="$ARCHY_REGISTRY/postgres:16.13-alpine"
 INDEEDHUB_REDIS_IMAGE="$ARCHY_REGISTRY/redis:7.4.8-alpine"
 
+# Gitea (Git + Container Registry)
+GITEA_IMAGE="docker.io/gitea/gitea:1.23"
+
 # DWN (Decentralized Web Node)
 DWN_SERVER_IMAGE="$ARCHY_REGISTRY/dwn-server:main"