diff --git a/containers/gitea/files/mariadb/log_level.cnf b/containers/gitea/files/mariadb/log_level.cnf
new file mode 100644
index 0000000..5f08af2
--- /dev/null
+++ b/containers/gitea/files/mariadb/log_level.cnf
@@ -0,0 +1,2 @@
+[mariadb]
+log_warnings = 3
diff --git a/containers/gitea/files/mariadb/name_resolve.cnf b/containers/gitea/files/mariadb/name_resolve.cnf
new file mode 100644
index 0000000..e5cb858
--- /dev/null
+++ b/containers/gitea/files/mariadb/name_resolve.cnf
@@ -0,0 +1,2 @@
+[mariadb]
+skip-name-resolve = ON
diff --git a/containers/gitea/tasks.yml b/containers/gitea/tasks.yml
new file mode 100644
index 0000000..718c65a
--- /dev/null
+++ b/containers/gitea/tasks.yml
@@ -0,0 +1,152 @@
+---
+- hosts: all
+  name: Gitea web server
+  tasks:
+    - name: Create podman volumes
+      containers.podman.podman_volume:
+        state: present
+        name: "{{ item }}"
+      become_user: containers
+      become: true
+      loop:
+        - gitea
+        - gitea-db
+
+    - name: Create podman networks
+      containers.podman.podman_network:
+        name: "{{ item }}"
+        recreate: false
+        state: "present"
+      become_user: containers
+      become: true
+      loop:
+        - traefik-gitea
+        - mariadb-gitea
+        - gitea-drone
+
+    - name: Pull container images
+      become_user: containers
+      become: true
+      containers.podman.podman_image:
+        name: docker.io/{{ item }}
+      loop:
+        - gitea/gitea:latest
+        - mariadb:latest
+
+    - name: Copy mariadb config directory
+      become: true
+      ansible.builtin.copy:
+        src: files/mariadb/
+        dest: /etc/gitea/mariadb/
+        owner: containers
+        group: containers
+        mode: 0600
+
+    - name: Create mariadb instance
+      become_user: containers
+      become: true
+      containers.podman.podman_container:
+        name: db_gitea
+        image: docker.io/mariadb:latest
+        state: present
+        command:
+          - "--transaction-isolation=READ-COMMITTED"
+          - "--binlog-format=ROW"
+        volume:
+          - gitea-db:/var/lib/mysql:Z
+          - /etc/gitea/mariadb/:/etc/mysql/conf.d:Z
+        network:
+          - mariadb-gitea
+        env:
+          MARIADB_ROOT_PASSWORD: "{{ vault_gitea_mariadb_root_password }}"
+          MARIADB_DATABASE: "{{ vault_gitea_mariadb_database }}"
+          MARIADB_USER: "{{ vault_gitea_mariadb_user }}"
+          MARIADB_PASSWORD: "{{ vault_gitea_mariadb_password }}"
+          MARIADB_AUTO_UPGRADE: "true"
+        generate_systemd:
+          path: /home/containers/.config/systemd/user/
+          restart_policy: on-failure
+          names: true
+          new: true
+
+    - name: Add a gitea container
+      become_user: containers
+      become: true
+      containers.podman.podman_container:
+        name: gitea
+        image: docker.io/gitea/gitea:latest
+        state: present
+        expose:
+          - 24
+        network:
+          - traefik-gitea
+          - mariadb-gitea
+          - gitea-drone
+        volume:
+          - gitea:/data:Z
+          - /etc/localtime:/etc/localtime:ro
+        label:
+          io.containers.autoupdate: "registry"
+          traefik.enable: "true"
+          traefik.http.routers.gitea.entrypoints: "https"
+          traefik.http.routers.gitea.rule: "PathPrefix(`/git`)"
+          traefik.http.routers.gitea.tls: "true"
+          traefik.http.routers.gitea.tls.certresolver: "wildcard"
+          traefik.http.routers.gitea.service: "gitea"
+          traefik.http.routers.gitea.middlewares: "authelia@file"
+          traefik.http.services.gitea.loadbalancer.server.port: "3000"
+          traefik.docker.network: "traefik-gitea"
+        env:
+          APP_NAME: "Git server"
+          RUN_MODE: "prod"
+          RUN_USER: "git"
+          DOMAIN: "{{ inventory_hostname }}"
+          SSH_DOMAIN: "{{ inventory_hostname }}"
+          ROOT_URL: "https://{{ inventory_hostname }}/git"
+          SSH_PORT: 24
+          DISABLE_REGISTRATION: true
+          # REQUIRE_SIGNIN_VIEW: true
+          REGISTER_EMAIL_CONFIRM: true
+          ENABLE_CAPTCHA: true
+          DEFAULT_KEEP_EMAIL_PRIVATE: true
+          DEFAULT_BRANCH: "main"
+          ALLOWED_HOST_LIST: "{{ inventory_hostname }}/drone"
+          GITEA__database__DB_TYPE: mysql
+          GITEA__database__HOST: db_gitea:3306
+          GITEA__database__NAME: "{{ vault_gitea_mariadb_database }}"
+          GITEA__database__USER: "{{ vault_gitea_mariadb_user }}"
+          GITEA__database__PASSWD: "{{ vault_gitea_mariadb_password }}"
+          GITEA__mailer__ENABLED: true
+          GITEA__mailer__FROM: "{{ vault_smtp_user }}"
+          GITEA__mailer__MAILER_TYPE: "smtp"
+          GITEA__mailer__SMTP_ADDR: "{{ vault_smtp_host }}"
+          GITEA__mailer__SMTP_PORT: "{{ vault_smtp_port }}"
+          GITEA__mailer__IS_TLS_ENABLED: true
+          GITEA__mailer__USER: "{{ vault_smtp_user }}"
+          GITEA__mailer__PASSWD: "{{ vault_smtp_password }}"
+          GITEA__log__MODE: "console"
+          GITEA__log__LEVEL: "info"
+          GITEA__service__DISABLE_REGISTRATION: true
+          GITEA__service__SIGNIN_VIEW: false
+          GITEA__service__REGISTER_EMAIL_CONFIRM: true
+          GITEA__service__ENABLE_CAPTCHA: true
+          GITEA__service__DEFAULT_KEEP_EMAIL_PRIVATE: true
+          GITEA__ui__THEMES: "auto,gitea,arc-green,gitea-modern"
+        generate_systemd:
+          path: /home/containers/.config/systemd/user/
+          restart_policy: on-failure
+          names: true
+          new: true
+
+    - name: Start containers at boot
+      become_user: containers
+      become: true
+      ansible.builtin.systemd:
+        scope: user
+        name: container-{{ item }}.service
+        enabled: true
+        state: started
+        daemon_reload: true
+      loop:
+        - gitea
+        - db_gitea
diff --git a/containers/traefik/tasks.yml b/containers/traefik/tasks.yml
index 8173638..902c287 100644
--- a/containers/traefik/tasks.yml
+++ b/containers/traefik/tasks.yml
@@ -2,123 +2,125 @@
 - hosts: all
   name: Traefik reverse proxy
   tasks:
-  - name: Get containers UID
-    ansible.builtin.command: "id -u containers"
-    register: uid_containers
-    changed_when: uid_containers.rc != 0
+    - name: Get containers UID
+      ansible.builtin.command: "id -u containers"
+      register: uid_containers
+      changed_when: uid_containers.rc != 0
 
-  - name: Permit traffic from any IP to http port
-    become: true
+    - name: Permit traffic from any IP to http port
+      become: true
       community.general.ufw:
-      direction: in
-      from_ip: any
-      proto: tcp
-      to_port: 80
-      rule: allow
+        direction: in
+        from_ip: any
+        proto: tcp
+        to_port: 80
+        rule: allow
 
-  - name: Permit traffic from any IP to https port
-    become: true
+    - name: Permit traffic from any IP to https port
+      become: true
       community.general.ufw:
-      direction: in
-      from_ip: any
-      proto: tcp
-      to_port: 443
-      rule: allow
+        direction: in
+        from_ip: any
+        proto: tcp
+        to_port: 443
+        rule: allow
 
-  - name: Pull traefik image
-    become_user: containers
-    become: true
-    containers.podman.podman_image:
-      name: docker.io/traefik:latest
+    - name: Pull traefik image
+      become_user: containers
+      become: true
+      containers.podman.podman_image:
+        name: docker.io/traefik:latest
 
-  - name: Change permission to traefik folder
-    become: true
-    ansible.builtin.file:
-      path: /etc/traefik
-      owner: containers
-      group: containers
-      mode: 0700
-      state: directory
+    - name: Change permission to traefik folder
+      become: true
+      ansible.builtin.file:
+        path: /etc/traefik
+        owner: containers
+        group: containers
+        mode: 0700
+        state: directory
 
-  - name: Copy config directory
-    become: true
-    ansible.builtin.copy:
-      src: files/
-      dest: /etc/traefik/
-      owner: containers
-      group: containers
-      mode: 0600
+    - name: Copy config directory
+      become: true
+      ansible.builtin.copy:
+        src: files/
+        dest: /etc/traefik/
+        owner: containers
+        group: containers
+        mode: 0600
 
-  - name: Copy config files from templates
-    become: true
-    ansible.builtin.template:
-      src: "templates/{{ item }}.j2"
-      dest: "/etc/traefik/{{ item }}"
-      owner: containers
-      group: containers
-      mode: 0600
-    loop:
-      - traefik.yml
-      - conf/cockpit.yml
+    - name: Copy config files from templates
+      become: true
+      ansible.builtin.template:
+        src: "templates/{{ item }}.j2"
+        dest: "/etc/traefik/{{ item }}"
+        owner: containers
+        group: containers
+        mode: 0600
+      loop:
+        - traefik.yml
+        - conf/cockpit.yml
 
-  - name: Create podman networks
-    containers.podman.podman_network:
-      name: "{{ item }}"
-      recreate: false
-      state: "present"
-    become_user: containers
-    become: true
-    loop:
-      - traefik
-      - traefik-portainer
-      - traefik-nextcloud
-
-  - name: Create traefik instance
-    become_user: containers
-    become: true
-    containers.podman.podman_container:
-      name: traefik
-      image: docker.io/traefik:latest
-      state: present
-      ports:
-        - 80:80
-        - 443:443
-      security_opt:
-        - label=type:container_runtime_t
-      volume:
-        - /run/user/{{ uid_containers.stdout }}/podman/podman.sock:/var/run/docker.sock:z
-        - /etc/traefik/:/etc/traefik:Z
-      network:
+    - name: Create podman networks
+      containers.podman.podman_network:
+        name: "{{ item }}"
+        recreate: false
+        state: "present"
+      become_user: containers
+      become: true
+      loop:
         - traefik
         - traefik-portainer
         - traefik-nextcloud
-      cap_add:
-        - NET_ADMIN
-      label:
-        io.containers.autoupdate: "registry"
-        traefik.enable: "true"
-        traefik.http.middlewares.traefik-auth.basicauth.users: "{{ vault_traefik_basic_auth }}"
-        traefik.http.routers.traefik.entrypoints: "https"
-          traefik.http.routers.traefik.rule: "PathPrefix(`/traefik`)"
-        traefik.http.routers.traefik.middlewares: "traefik-auth@docker"
-        traefik.http.routers.traefik.tls: "true"
-        traefik.http.routers.traefik.tls.certresolver: "wildcard"
-        traefik.http.routers.traefik.tls.domains[0].main: "{{ inventory_hostname }}"
-        traefik.http.routers.traefik.service: "api@internal"
-      generate_systemd:
-        path: /home/containers/.config/systemd/user/
-        restart_policy: on-failure
-        names: true
-        new: true
+        - traefik-gitea
 
-  - name: Start containers at boot
-    become_user: containers
-    become: true
-    ansible.builtin.systemd:
-      scope: user
-      name: container-{{ item }}.service
-      enabled: true
-      state: started
-      daemon_reload: true
-    loop:
-      - traefik
+    - name: Create traefik instance
+      become_user: containers
+      become: true
+      containers.podman.podman_container:
+        name: traefik
+        image: docker.io/traefik:latest
+        state: present
+        ports:
+          - 80:80
+          - 443:443
+        security_opt:
+          - label=type:container_runtime_t
+        volume:
+          - /run/user/{{ uid_containers.stdout }}/podman/podman.sock:/var/run/docker.sock:z
+          - /etc/traefik/:/etc/traefik:Z
+        network:
+          - traefik
+          - traefik-portainer
+          - traefik-nextcloud
+          - traefik-gitea
+        cap_add:
+          - NET_ADMIN
+        label:
+          io.containers.autoupdate: "registry"
+          traefik.enable: "true"
+          traefik.http.middlewares.traefik-auth.basicauth.users: "{{ vault_traefik_basic_auth }}"
+          traefik.http.routers.traefik.entrypoints: "https"
+          traefik.http.routers.traefik.rule: "PathPrefix(`/traefik`)"
+          traefik.http.routers.traefik.middlewares: "traefik-auth@docker"
+          traefik.http.routers.traefik.tls: "true"
+          traefik.http.routers.traefik.tls.certresolver: "wildcard"
+          traefik.http.routers.traefik.tls.domains[0].main: "{{ inventory_hostname }}"
+          traefik.http.routers.traefik.service: "api@internal"
+        generate_systemd:
+          path: /home/containers/.config/systemd/user/
+          restart_policy: on-failure
+          names: true
+          new: true
+
+    - name: Start containers at boot
+      become_user: containers
+      become: true
+      ansible.builtin.systemd:
+        scope: user
+        name: container-{{ item }}.service
+        enabled: true
+        state: started
+        daemon_reload: true
+      loop:
+        - traefik
diff --git a/host_vars/chef.heaplab.deib.polimi.it.yml b/host_vars/chef.heaplab.deib.polimi.it.yml
index eebc508..466e3c3 100644
--- a/host_vars/chef.heaplab.deib.polimi.it.yml
+++ b/host_vars/chef.heaplab.deib.polimi.it.yml
@@ -1,47 +1,65 @@
 $ANSIBLE_VAULT;1.1;AES256
-39383132633963393461656434316166323762353236333562383666376636623630333661646536
-6461626563656230336235666236666337626661636466610a346437623531656239666363373133
-65366336343630383866363737313063363936616565373932326566393565336565343431396639
-3966333534623331650a303965636265303562303336316131333730663164323433323038626361
-35396461653165303062316537346234656239336264353330306134373334306164343266653331
-61316162643731383738616538396334316163613962386463393134613539646566303838306335
-33323639663133326630643935306361636532313664396433356262376163356462323965646661
-63323231393162326333316532663131333665306133613032643138656562336235313533336137
-37326233653034313061646464343066303432346464623166633235383437306333363831376334
-63333639616639616539623764653831666233333533303437656133326434626564383662333736
-37336638653765643036303633613134313461313234346230303933363836376363393637636566
-37613033633033363934326438303736386233363033366361303736326230623934346636366637
-65346666366366623761326537316666633038633063646237396462643731623438623333633666
-62383635633637613062613230323663636638383131396165643862363765626366326335376536
-61356437636231333033303565336439616332303933333032653366303232363132646439343536
-61323130653736333636613933336431336630323566316465643834313033653061333463343437
-65376365626432663137613666376532353631303933326435663961306537633639343036343030
-34343536313235333636356164343334616564353761343238303366316534333436346539303663
-65643263303036343266383562643438303439343739633133623662306230653335373865343862
-39323338326238623465336563336662666362356633363566366361366366316236313531383438
-38326438373461643735343862373261646339633433326438303930373866386436346334646663
-38633933623132303766643733633065346563643035623936353730313265303730393032326532
-39663834303937396532633233333164666230623433353236303534313164663732336535663634
-35393032343930303431663931316164623634343066383935306166306637313264326263313839
-64356235396266376264613464386162353466346533323063623838396638333636343835333963
-32356462383831633764626331353233326436376332373362643461633232383735323536373865
-37656639343231616463343133386133353963323237333464393337366366306462343566386637
-62303433386530393266393033376536356162323432313661626362633566316230316364656366
-39353861386231643537646661386262306232356434386139313539353262646337333237343539
-32336334343733633761336139343962346635666437326663316431343639623335386436666465
-64633932313334323366313937323131633934666635386330303465613363303665393236393130
-65326664323339396233393565313862633530343662326436353661623932323430623539653862
-64613565366231333436333566376164366466613032663134323566663861636161326265626332
-36356166363038386566616535303831393437366462663732643933356331646161663034303631
-65353339613662336133393732373132383766376230383536393132316531356364643039653763
-61616636316465633637386439306136363536633136396364363835613434653362653832336662
-39616365373035333563336662653736396633623935323031393637316636353835623039353334
-36386236636134636132613464376465343064336464326630343736396431636464316231336565
-31623761623365643465616562336561663235396238626238366535646638316363643963326564
-37303764626561303130313932306664343632343038633063646262363334373963306462353863
-31336138383362636236616539306331623461366334326366393062623761396466393930636130
-31646333383064613533356433333133373436613036303739626435626136656239616465326438
-31613631336162366139396334323466323163333734646532386637373231623162653532313965
-36613635643265343539313834653062316532363538653739363664613434373133346332383931
-33613331333538383936353666366363663463386630306662353231633037613862636132343131
-3836636430313239393233383033316132353738396262303634
+33623036343533303266303533636462313831353064656232633462383461613066396363323133
+3238656662373464663162633134333665366262653566650a313837303238383431663264626532
+33323137653230323530383039343733386339613337333737363737383261656139643766646265
+3762616630643337660a306332613962333731633738353732383733633831653061653862633430
+33343866613130646566653334366564653636336165363738613234393161336363353664653134
+35366337613262363237343933363038636436613436306136643330336237626564386337613265
+61653138656338623961393137373935316538646530326333343831363264323430323535383936
+33613864356333303639613833383839313261613433326631303131636631326233653163616636
+39653834356435343464333132316234363037663637386263326435346633343736616365643630
+38333733316339633931643833623333306561626630363264343361363134323833396530386636
+66616263303935346264643733323763616366366464656131363831346337363563356437626364
+66666163636333363135306236313532306534343539303831643336323062633664356539626630
+38323930363330306530323765396665663964623938343332363532633261333934383333373837
+61316132363733343538316436373833663962306361363663326264623565653438363566333032
+61303434376230646234616131616365346534666631393562326662643037636461646266306232
+34313435646230353637616262383661373037653766643966643436343466333434383233666439
+35333262633663356137646231323762656538616235353434663830303866663862316532623638
+66333165646437626338303836643862613431363031333136333831646332316264396637353230
+30633066373361303265663164636362333437373036633237613763376663373939353730323866
+39396432386233396465366465353432633031633863656337343064353465363765643331636232
+66313964643734346235633838353165636636306333373135633231336366643231636231623364
+63353135353836373161373662356138326136346336343463616366346366626535616131323638
+38353564643665656335333364666165393138383633623339633738636634643566343964663939
+63306538613135366539343463383034346363663036363563323930633232633463393431393465
+35623930343135336430623931626434663932393466333139616331313438333066316562376532
+61653138656239373839373163633366313561613134623864376662366437316363346437383061
+62366430636365623137323662343562333132346534653637373432623363313562333666626266
+62613430663931383463353062643961366633323430653332353031323265343538376638373533
+32616436636263373862316133396230303365323465393065356134643765353565383365333234
+32373439336461393435326566353137653162613033616432633430333462613961616164353030
+64636163323632646533373535656665616661653039643462636537643437323837366364336532
+31626438373538363461336438333865343464353265353763653833386461356334373161626537
+36663865613737666532613033373039346434376430616531323534613361333134363263663238
+30616638303362336339626538303336613133316663646232313332366562663636313439386238
+31383538316432636535353734343235376136633463356531373862383335626666643434653263
+31396537653936346462356631376364303834393233636363313330353233663531303436623230
+39393433343464303038653539383962613232613538303838633066393537376131333861396234
+32363038343539646564316539366233313936306431653530363238333063633933656135343665
+32313237316238396464626561353864643461323830396133623632383264323964626236366164
+66333664623864326530316634663961343266623435613638356562643639646665383463396338
+61613931313737323862353833336535336264363135393362366233613730323463343064386664
+62313139633966643538396130633830336664393961316131363731393236666264613439616161
+64633033316361653539643161393331616231353930323238643963653637656661363635626263
+31623465333038656332313066643438646538613631356163663965363766653031323862333337
+32663235373661396330356531623139326231383632636664613431373331373266393438666138
+32626665396162653938386138316331633533316366393863303162633438333665303139643565
+31616564363330373862313236303263636663333438643035633837346463393630646437633866
+34366633313534386130326361643934633532343738373861626630666234666161346431383565
+39616335353837663235343237333434366439336231666233386561383266666138363963656330
+37646333666134393531363537653762366439343661393335373065353264363064303763316362
+30396363346262623137353139626636643731363663616333366436333033386463313738646635
+37646239666432643537633266313266383732373265303639356663653531363131343730653130
+38303830383235613862343733333236613933386565323561656532313932633365323662653438
+65336338616332353761613338303364656134656564303865343861386538663436396165316661
+35333061386432316665353532306164333564303130393530323665316661323535343237633533
+64396532643738376431346635333561306564356432326562636665613338393230303133303362
+64616330303362323130643061306563383761323331316438323331653033323431373236616235
+66323566303836646439373832646534333063646331323161643166656166633531363165383963
+37356463346333343463643361633931646664646539373861306235626536323164343930323736
+62383564363330373866336662623434616331333664326361633031346239386530353030366335
+31633231653061326565353730616161653061666364386638633536636362356166303832383139
+38613538323036303230646466343664656331333135363938306634643936373466326135356538
+33623734643338623039656563313566353466363565333536373161313161303464386635316439
+31613032363763636663