diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
index ccbce5f..c769018 100644
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@@ -23,10 +23,12 @@ drone_secret: "{{ vault_drone_secret }}"
 dss_domain: dss.binary-kitchen.de
 dss_secret: "{{ vault_dss_secret }}"
 
-gogs_domain: git.binary-kitchen.de
-gogs_dbname: gogs
-gogs_dbuser: gogs
-gogs_dbpass: "{{ vault_gogs_dbpass }}"
+gitea_domain: git.binary-kitchen.de
+gitea_dbname: gogs
+gitea_dbuser: gogs
+gitea_dbpass: "{{ vault_gitea_dbpass }}"
+gitea_secret: "{{ vault_gitea_secret }}"
+gitea_jwt_secret: "{{ vault_gitea_jwt_secret }}"
 
 hackmd_domain: pad.binary-kitchen.de
 hackmd_dbname: hackmd
diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml
index cacd079..bb6cec4 100644
--- a/group_vars/all/vault.yml
+++ b/group_vars/all/vault.yml
@@ -1,44 +1,49 @@
 $ANSIBLE_VAULT;1.1;AES256
-30386437633139313730633863633362386233316337653461616364623334323339626533333939
-6466623963336361343337333831646635383437376435620a363836386664623430303836366666
-64356564333864643030636438636364646666633662306236666131653962653235623961376436
-6534623031633033360a343535653032366130343132646430393734613838303364613632366434
-36646438316131386536363834356438353034636362316535613362383362326133353937356437
-63643731333738653232613961663831663339333935393562656665343035343039636132346438
-32646633353238346335353436633363363365376564663736316365396330383337663030616165
-64313534346261663238613663356637363161663639386364366531623837633163616438326138
-37306134326165346238343535666336353931646236373364303866623335653330336364353536
-32393138656165393939323937633038633336653162666566623932333864383733656235633561
-32366364363463316665653835363063386138303866393065633637373936623433356565376130
-66323464656534386462663835373661326139356666353031363164393564323563326637626639
-37306336616533383235326433326631303463313665356431636366306533623438383566346463
-61363732316465643432376465356363356165383833666432353235363737303634626166366465
-33373332373166646365343232323962343531303565656165333662613238363731376264663130
-61316662646431633135633531646538616435323835346566623839336638333930333066663734
-62616166643362626565643566313161656265323561666533623664666263613034653038336465
-66326639323135333435326230663432656662386439653635303832386262373263306132383463
-36656535336231316462366636646564633835306331663466363165383564313838396264316637
-64336464636537653962366563303164623964366536633938366130353064303737363533656362
-63326663383438613264373635303864353237623436333631353337383865623162656265633930
-37653466393831303761386434363563313939313234623434633865356134663831376666656262
-33353265376138623834643430643139336566666634333834333839383234663964306636356365
-36643763353831376136636164373133303939373062643335316264396137363234383835383936
-38383630373432616131303231303662396132313562356532613538303234376235313330303734
-36323464373533336637393566626334343764336536323337643930393137643636346639656435
-61626465383436303131646436643437633836366265316437306331663537616236633336353236
-30386230633930356231376264313263646135306537353932656663643432363637316132303666
-66613531393562353735613136396432303430636131373163376562383066326430313639383038
-35643031613934663966343437616566346464336263326566353565346432633762646439373636
-36336232363261313862353465336332623432656239646331393661613730396163626166643233
-38636138663432313965613831333730626532376261636239303366383463633138393431616433
-62636333373765366436343663666637643032373662616166363634653430346361646535323834
-66393437363635393564353131343361373232336638633164396262366135643766653432303566
-34313432343965653138653634373966343337623865303937613363303237383632313334363532
-61393061616237623064333263373634373764313963396636633661623764363332333837613661
-35373730316463383835303837663136616262316161626362353437343661346266313937623931
-30316235626236383861333931353333383237623233373135613465623865313339373533323631
-35386337646539326531396438613233636561326231643030633536333635626132393463663032
-66343235626266333739366637336434306331626163316335633231656232343763323836396331
-65366434346635373865313562663666653166393631373864363934653535653265653534656266
-65303336653439336430373864343962396430623531623262326136616164633532616432663034
-363338326234396132643564306665303937
+61616165323233313361366635333363646636653837656664383166313435393339373265343064
+3432313033613134363266376239323638666663303434340a653366623135333234613932306361
+31623634356237333161343566613962346430313763386165303635626163316132333331396431
+3232663838306133350a613866316563363462633765303966646263316634363938633832643635
+31343030353134616663616161343532356265303764626639366638323331366162383636386361
+37333937623263396361316232396130376130633439303263323132633263333330303836656562
+39363464333036346331613162373638663036383835376561326638366461363464363739323733
+34386339383666646136303563353761386336646636396139626430386438306133643032396264
+62343738336561323765333863643162303433633338623833306339343436656435333531353639
+36353130653966633832343662366537353264613536616531363764323936313137663834613661
+32386365346566363366326637386536313064363166336265383738626130626432313339376564
+31303863363231383933643533393837656262633565323532616335383831663233386331653131
+63303030306433623237386234323431623539646231626636363962633431306330313463613532
+65633063366431373335396433623261643538323135343862323638613931336461346164333930
+64623130643939353732633035396438326664653330373361386537336461636363643662353738
+64303734366339366166333131353434343066326339346231356462383833333963633634363838
+62376231653363383137356136643139643534663837646261333565376234383335626137613930
+33633731383938343161313830376432653432616335303333656262353936353563633461393965
+39336263636361663064636431613565323433663535633136653663326138626534636563363931
+66323530316134353137303131356263306363316661366665313934303032313633646537393334
+39333562386533646239646362666436376334353730643864313535333562653361356431636437
+36313965336334333434613033366161333033626336393238386331653665633238353366336339
+33333465666437636362626330346335363439633132646636633565663432303437393236663965
+39376630386366363739616266653864613636316535323332666135366264316335623630663161
+66666265656664616365336662633532346662653662656361303633386265643433333463616332
+39363636333361323235393839383963656234346530383864326337323333323234643632323439
+34373664303639326331363865353562376630666464353534393432663161666634386430343330
+33356364616437306435396634343433353730316562613135363833663463616139323364663839
+38356232333337336138366538656337303765393934356531333432373532643964363838303235
+66346439333937633261376231336662623033623334646561373963653737646531363837316533
+30626532626664623335626531663762386663663732373537653361346638643833643365646330
+33383830343765346536383564663961656437383231653433613964643531316339653061346432
+62363533663234343237616461386333333632343063616530363363373834396661396365316631
+39363632643563386233316338626238386539393866346666616531663432383866313835646237
+35663339623061643138373864326139666438663464636665656235656435346561656535343562
+38323537376636333035616431643733386166636235646135653433386565663931356363656538
+31323339306261663664633137633235653362623434643633373534663237323864346466333233
+66343432346264643130363764373964326435383134353166363135303564303032353636326238
+35346638323764353062383130393264346435616465626633623938396333386362366465666539
+63646338623035643238633730656237313265633764613338366234323663333637623238646431
+34323638643734623634666662653639333165313166373932326434313238663666363937393862
+62326164636664336630616134316333623035663030636665396537623563323133363632613934
+32393163333737613965646630666433363333303265313561353534313335346563316265663464
+66303034356634633764663739353839626333316336313639393463363030393261313834653464
+38613363646161643661306137396262616436663838313437626530666336383637356365336366
+31336562303539333231626239346666646262386238353066323861363063353437326364653934
+32663762623732343565336535366361383232636636666438326462626339613933666633316366
+33386262323461653938
diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml
new file mode 100644
index 0000000..65d8f36
--- /dev/null
+++ b/roles/gitea/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+
+gitea_user: gogs
+gitea_group: gogs
+gitea_version: 1.11.6
+gitea_url: https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64
diff --git a/roles/gitea/handlers/main.yml b/roles/gitea/handlers/main.yml
new file mode 100644
index 0000000..2efdd59
--- /dev/null
+++ b/roles/gitea/handlers/main.yml
@@ -0,0 +1,13 @@
+---
+
+- name: Run acertmgr
+  command: /usr/bin/acertmgr
+
+- name: Restart gitea
+  service: name=gitea state=restarted
+
+- name: Restart nginx
+  service: name=nginx state=restarted
+
+- name: Reload systemd
+  command: systemctl daemon-reload
diff --git a/roles/gogs/meta/main.yml b/roles/gitea/meta/main.yml
similarity index 100%
rename from roles/gogs/meta/main.yml
rename to roles/gitea/meta/main.yml
diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml
new file mode 100644
index 0000000..92e928e
--- /dev/null
+++ b/roles/gitea/tasks/main.yml
@@ -0,0 +1,60 @@
+---
+
+- name: Create group
+  group: name={{ gitea_group }}
+
+- name: Create user
+  user: name={{ gitea_user }} home=/home/{{ gitea_user }} group={{ gitea_group }}
+
+- name: Create gitea directories
+  file: path={{ item }} state=directory owner={{ gitea_user }}
+  with_items:
+  - /opt/gitea
+  - /opt/gitea/custom
+  - /opt/gitea/custom/conf
+
+# TODO fetch gitea binary
+
+- name: Configure gitea
+  template: src=app.ini.j2 dest=/opt/gitea/custom/conf/app.ini force=no owner={{ gitea_user }}
+
+- name: Install systemd unit
+  template: src=gitea.service.j2 dest=/lib/systemd/system/gitea.service
+  notify:
+  - Reload systemd
+  - Restart gitea
+
+- name: Install PostgreSQL
+  apt: name={{ item }}
+  with_items:
+  - postgresql
+  - python-psycopg2
+
+- name: Configure PostgreSQL database
+  postgresql_db: name={{ gitea_dbname }}
+  become: true
+  become_user: postgres
+
+- name: Configure PostgreSQL user
+  postgresql_user: db={{ gitea_dbname }} name={{ gitea_dbuser }} password={{ gitea_dbpass }} priv=ALL state=present
+  become: true
+  become_user: postgres
+
+- name: Ensure certificates are available
+  command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ gitea_domain }}.key -out /etc/nginx/ssl/{{ gitea_domain }}.crt -days 730 -subj "/CN={{ gitea_domain }}" creates=/etc/nginx/ssl/{{ gitea_domain }}.crt
+  notify: Restart nginx
+
+- name: Configure certificate manager for gitea
+  template: src=certs.j2 dest=/etc/acertmgr/{{ gitea_domain }}.conf
+  notify: Run acertmgr
+
+- name: Configure vhost
+  template: src=vhost.j2 dest=/etc/nginx/sites-available/gitea
+  notify: Restart nginx
+
+- name: Enable vhost
+  file: src=/etc/nginx/sites-available/gitea dest=/etc/nginx/sites-enabled/gitea state=link
+  notify: Restart nginx
+
+- name: Enable gitea
+  service: name=gitea enabled=yes
diff --git a/roles/gitea/templates/app.ini.j2 b/roles/gitea/templates/app.ini.j2
new file mode 100644
index 0000000..2fed516
--- /dev/null
+++ b/roles/gitea/templates/app.ini.j2
@@ -0,0 +1,30 @@
+APP_NAME = Binary Kitchen Git Service
+RUN_USER = {{ gitea_user }}
+RUN_MODE = prod
+
+[repository]
+ROOT = /home/{{ gitea_user }}/repositories
+
+[server]
+PROTOCOL  = http
+DOMAIN    = localhost
+ROOT_URL  = https://{{ gitea_domain }}
+HTTP_ADDR = 127.0.0.1
+
+[database]
+DB_TYPE = postgres
+HOST    = localhost
+NAME    = {{ gitea_dbname }}
+USER    = {{ gitea_dbuser }}
+PASSWD  = {{ gitea_dbpass }}
+LOG_SQL = false
+
+[security]
+INSTALL_LOCK   = true
+SECRET_KEY     = {{ gitea_secret }}
+
+[service]
+DISABLE_REGISTRATION = true
+
+[oauth2]
+JWT_SECRET = {{ gitea_jwt_secret }}
diff --git a/roles/gogs/templates/certs.j2 b/roles/gitea/templates/certs.j2
similarity index 64%
rename from roles/gogs/templates/certs.j2
rename to roles/gitea/templates/certs.j2
index 3986848..449dd82 100644
--- a/roles/gogs/templates/certs.j2
+++ b/roles/gitea/templates/certs.j2
@@ -1,13 +1,13 @@
 ---
 
-{{ gogs_domain }}:
-- path: /etc/nginx/ssl/{{ gogs_domain }}.key
+{{ gitea_domain }}:
+- path: /etc/nginx/ssl/{{ gitea_domain }}.key
   user: root
   group: root
   perm: '400'
   format: key
   action: '/usr/sbin/service nginx restart'
-- path: /etc/nginx/ssl/{{ gogs_domain }}.crt
+- path: /etc/nginx/ssl/{{ gitea_domain }}.crt
   user: root
   group: root
   perm: '400'
diff --git a/roles/gitea/templates/gitea.service.j2 b/roles/gitea/templates/gitea.service.j2
new file mode 100644
index 0000000..b7493cf
--- /dev/null
+++ b/roles/gitea/templates/gitea.service.j2
@@ -0,0 +1,18 @@
+[Unit]
+Description=Gitea (Git with a cup of tea)
+After=syslog.target
+After=network.target
+Requires=postgresql.service
+
+[Service]
+RestartSec=2s
+Type=simple
+User={{ gitea_user }}
+Group={{ gitea_user }}
+WorkingDirectory=/opt/gitea/
+ExecStart=/opt/gitea/gitea web
+Restart=always
+Environment=USER={{ gitea_user }} HOME=/home/{{ gitea_user }} GITEA_WORK_DIR=/opt/gitea/
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/gogs/templates/vhost.j2 b/roles/gitea/templates/vhost.j2
similarity index 55%
rename from roles/gogs/templates/vhost.j2
rename to roles/gitea/templates/vhost.j2
index c72aa9b..b3bfeab 100644
--- a/roles/gogs/templates/vhost.j2
+++ b/roles/gitea/templates/vhost.j2
@@ -2,7 +2,7 @@ server {
 	listen 80;
 	listen [::]:80;
 
-	server_name {{ gogs_domain }};
+	server_name {{ gitea_domain }};
 
 	location /.well-known/acme-challenge {
 		default_type "text/plain";
@@ -10,7 +10,7 @@ server {
 	}
 
 	location / {
-		return 301 https://{{ gogs_domain }}$request_uri;
+		return 301 https://{{ gitea_domain }}$request_uri;
 	}
 }
 
@@ -18,13 +18,13 @@ server {
 	listen 443 ssl http2;
 	listen [::]:443 ssl http2;
 
-	server_name {{ gogs_domain }};
+	server_name {{ gitea_domain }};
 
-	ssl_certificate_key /etc/nginx/ssl/{{ gogs_domain }}.key;
-	ssl_certificate /etc/nginx/ssl/{{ gogs_domain }}.crt;
+	ssl_certificate_key /etc/nginx/ssl/{{ gitea_domain }}.key;
+	ssl_certificate /etc/nginx/ssl/{{ gitea_domain }}.crt;
 
 	location / {
-		client_max_body_size 128M;
+		client_max_body_size 1024M;
 		proxy_set_header X-Real-IP $remote_addr;
 		proxy_pass http://localhost:3000;
 	}
diff --git a/roles/gogs/handlers/main.yml b/roles/gogs/handlers/main.yml
deleted file mode 100644
index d707d25..0000000
--- a/roles/gogs/handlers/main.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-
-- name: Run acertmgr
-  command: /usr/bin/acertmgr
-
-- name: Restart nginx
-  service: name=nginx state=restarted
diff --git a/roles/gogs/tasks/main.yml b/roles/gogs/tasks/main.yml
deleted file mode 100644
index 60fe368..0000000
--- a/roles/gogs/tasks/main.yml
+++ /dev/null
@@ -1,45 +0,0 @@
----
-
-- name: Enable https for apt
-  apt: name=apt-transport-https
-
-- name: Enable gogs apt-key
-  apt_key: url="https://dl.packager.io/srv/pkgr/gogs/key"
-
-- name: Enable gogs repository
-  apt_repository: repo="deb https://dl.packager.io/srv/deb/gogs/gogs/master/debian 10 main"
-
-- name: Install gogs
-  apt: name=gogs
-
-- name: Install PostgreSQL
-  apt: name={{ item }}
-  with_items:
-  - postgresql
-  - python-psycopg2
-
-- name: Configure PostgreSQL database
-  postgresql_db: name={{ gogs_dbname }}
-  become: true
-  become_user: postgres
-
-- name: Configure PostgreSQL user
-  postgresql_user: db={{ gogs_dbname }} name={{ gogs_dbuser }} password={{ gogs_dbpass }} priv=ALL state=present
-  become: true
-  become_user: postgres
-
-- name: Ensure certificates are available
-  command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ gogs_domain }}.key -out /etc/nginx/ssl/{{ gogs_domain }}.crt -days 730 -subj "/CN={{ gogs_domain }}" creates=/etc/nginx/ssl/{{ gogs_domain }}.crt
-  notify: Restart nginx
-
-- name: Configure certificate manager for gogs
-  template: src=certs.j2 dest=/etc/acertmgr/{{ gogs_domain }}.conf
-  notify: Run acertmgr
-
-- name: Configure vhost
-  template: src=vhost.j2 dest=/etc/nginx/sites-available/gogs
-  notify: Restart nginx
-
-- name: Enable vhost
-  file: src=/etc/nginx/sites-available/gogs dest=/etc/nginx/sites-enabled/gogs state=link
-  notify: Restart nginx
diff --git a/site.yml b/site.yml
index 0b27b96..fe8c3fa 100644
--- a/site.yml
+++ b/site.yml
@@ -53,10 +53,10 @@
   roles:
   - web
 
-- name: Setup gogs server
+- name: Setup gitea server
   hosts: boron.binary-kitchen.net
   roles:
-  - gogs
+  - gitea
 
 - name: Setup jabber server
   hosts: carbon.binary-kitchen.net