diff --git a/.gitignore b/.gitignore
index 72a4250..4243a45 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
+gitea-actions.git/**
 *.sensitive.yml
 *.sensitive.yaml
diff --git a/services/Gitea/supportingfiles/configmap-gitea-actions-act-runner-config.yaml b/services/Gitea/supportingfiles/configmap-gitea-actions-act-runner-config.yaml
new file mode 100644
index 0000000..3a1c628
--- /dev/null
+++ b/services/Gitea/supportingfiles/configmap-gitea-actions-act-runner-config.yaml
@@ -0,0 +1,26 @@
+# Source: gitea-actions/templates/config-act-runner.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: gitea-actions-act-runner-config
+  namespace: gitea
+  labels:
+    helm.sh/chart: gitea-actions-0.1.0
+    app: gitea-actions
+    app.kubernetes.io/name: gitea-actions
+    app.kubernetes.io/instance: gitea-actions
+    app.kubernetes.io/version: "1.24.2-rootless"
+    version: "1.24.2-rootless"
+    app.kubernetes.io/managed-by: Helm
+data:
+  config.yaml: |
+    log:
+      level: debug
+    cache:
+      enabled: true
+    container:
+      options: >
+        -v /dev/kvm:/dev/kvm
+      privileged: true
+      valid_volumes:
+        - /dev/kvm
diff --git a/services/Gitea/supportingfiles/gitea-actions.git b/services/Gitea/supportingfiles/gitea-actions.git
new file mode 160000
index 0000000..75bf520
--- /dev/null
+++ b/services/Gitea/supportingfiles/gitea-actions.git
@@ -0,0 +1 @@
+Subproject commit 75bf520697466147ad5de09e0ab53e4305eeec7f
diff --git a/services/Gitea/supportingfiles/persistentvolume-csismb-gitea-act.yaml b/services/Gitea/supportingfiles/persistentvolume-csismb-gitea-act.yaml
new file mode 100644
index 0000000..5469d7a
--- /dev/null
+++ b/services/Gitea/supportingfiles/persistentvolume-csismb-gitea-act.yaml
@@ -0,0 +1,34 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-gitea-act
+spec:
+  capacity:
+    storage: 5Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-gitea-act
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+    - uid=1000
+    - gid=1000
+    - nobrl
+    - cache=strict
+    - iocharset=utf8
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#gitea#act
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: gitea/act
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: gitea
diff --git a/services/Gitea/supportingfiles/persistentvolumeclaim-csismb-gitea-act.yaml b/services/Gitea/supportingfiles/persistentvolumeclaim-csismb-gitea-act.yaml
new file mode 100644
index 0000000..05d7f23
--- /dev/null
+++ b/services/Gitea/supportingfiles/persistentvolumeclaim-csismb-gitea-act.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: csismb-gitea-act
+  namespace: gitea
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: csismb-gitea-act
+  resources:
+    requests:
+      storage: 5Gi
diff --git a/services/Gitea/supportingfiles/statefulset-gitea-actions-act-runner.yaml b/services/Gitea/supportingfiles/statefulset-gitea-actions-act-runner.yaml
new file mode 100644
index 0000000..11ffe75
--- /dev/null
+++ b/services/Gitea/supportingfiles/statefulset-gitea-actions-act-runner.yaml
@@ -0,0 +1,96 @@
+# Source: gitea-actions/templates/statefulset.yaml
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  labels:
+    app: gitea-actions-act-runner
+    app.kubernetes.io/name: gitea-actions-act-runner
+    app.kubernetes.io/instance: gitea-actions
+    app.kubernetes.io/version: "1.24.2-rootless"
+    version: "1.24.2-rootless"
+  annotations:
+  name: gitea-actions-act-runner
+  namespace: gitea
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: gitea-actions-act-runner
+      app.kubernetes.io/instance: gitea-actions
+  template:
+    metadata:
+      annotations:
+        checksum/config: ad47af25f4f7946653b7371987b3a1aeda98d837c5c0c36a47c133c0fe0503c0
+      labels:
+        app: gitea-actions-act-runner
+        app.kubernetes.io/name: gitea-actions-act-runner
+        app.kubernetes.io/instance: gitea-actions
+        app.kubernetes.io/version: "1.24.2-rootless"
+        version: "1.24.2-rootless"
+    spec:
+      initContainers:
+        - name: init-gitea
+          image: "busybox:1.37.0"
+          command:
+            - sh
+            - -c
+            - |
+              while ! nc -z code.spamasaurus.com 443; do
+                sleep 5
+              done
+      containers:
+        - name: act-runner
+          image: "gitea/act_runner:0.2.12"
+          imagePullPolicy: IfNotPresent
+          command: ["sh", "-c", "while ! nc -z 127.0.0.1 2375 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; /sbin/tini -- run.sh"]
+          workingDir: /data
+          env:
+            - name: DOCKER_HOST
+              value: tcp://127.0.0.1:2375
+            - name: DOCKER_TLS_VERIFY
+              value: ""
+            - name: GITEA_RUNNER_REGISTRATION_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: "gitea-actions-registration-token"
+                  key: "token"
+            - name: GITEA_INSTANCE_URL
+              value: https://code.spamasaurus.com
+            - name: CONFIG_FILE
+              value: /actrunner/config.yaml
+          resources:
+            {}
+          securityContext:
+            privileged: true
+          volumeMounts:
+            - mountPath: /dev/kvm
+              name: dev-kvm
+            - mountPath: /actrunner/config.yaml
+              name: act-runner-config
+              subPath: config.yaml
+            - mountPath: /data
+              name: data-act-runner
+        - name: dind
+          image: "docker:28.3.2-dind"
+          imagePullPolicy: IfNotPresent
+          args:
+            - dockerd
+            - --host=tcp://127.0.0.1:2375
+            - --host=unix:///var/run/docker.sock
+          env:
+            - name: DOCKER_TLS_VERIFY
+              value: ""
+          securityContext:
+            privileged: true
+          resources:
+            {}
+      volumes:
+        - name: dev-kvm
+          hostPath:
+            path: /dev/kvm
+            type: CharDevice
+        - name: act-runner-config
+          configMap:
+            name: gitea-actions-act-runner-config
+        - name: data-act-runner
+          persistentVolumeClaim:
+            claimName: csismb-gitea-act
diff --git a/services/Gitea/supportingfiles/values.yaml b/services/Gitea/supportingfiles/values.yaml
new file mode 100644
index 0000000..b609794
--- /dev/null
+++ b/services/Gitea/supportingfiles/values.yaml
@@ -0,0 +1,41 @@
+enabled: true
+
+statefulset:
+  actRunner:
+    repository: gitea/act_runner
+    tag: 0.2.12
+  dind:
+    repository: docker
+    # tag: 25.0.2-dind
+    tag: 28.3.2-dind
+
+  persistence:
+    size: 1Gi
+
+init:
+  image:
+    repository: busybox
+    tag: "1.37.0"
+
+provisioning:
+  enabled: false
+
+  publish:
+    repository: bitnami/kubectl
+    # tag: 1.29.0
+    tag: 1.33.3
+
+existingSecret: "gitea-actions-registration-token"
+existingSecretKey: "token"
+
+giteaRootURL: "https://code.spamasaurus.com"
+
+persistence:
+  create: false
+  claimName: csismb-gitea-act
+  storageClass: csismb-gitea-act
+
+image:
+  registry: "docker.gitea.com"
+  repository: gitea
+  tag: "1.24.2-rootless"