Add Gitea - Git with a cup of teak

README.md

@@ -7,7 +7,8 @@ This repository contains the configuration for my personal homelab stack, includ
 | **Vaultwarden** | Self-hosted password manager (Bitwarden-compatible) | `https://vault.example.com` |
 | **2FAuth** | Self-hosted two-factor authentication manager | `https://auth.example.com` |
 | **Filebrowser** | Self-hosted file hosting service | `https://storage.example.com` |
-| **Wg-easy** | Wireguard VPN with management console | `https://vpn.example.com` |
+| **Wg-easy** | Git with a cup of tea! | `https://vpn.example.com` |
+| **Gitea** | Wireguard VPN with management console | `https://git.example.com` |
 | **Caddy** | Reverse proxy with automatic HTTPS | *No direct UI* |
 | **Portainer** | Makes Docker life 100x easier (visual container manager) | `https://<SERVER_IP>:9443` |
 | **Uptime Kuma** | Monitors homelab/domain uptime | `http://<SERVER_IP>:3001` |
@@ -27,6 +28,16 @@ The setup is built with Docker Compose and is designed to be simple, secure, and
     └── compose.yml       # Docker Compose stack for all services
 ```
 
+## Port Forwarding on Your Router
+
+| Service / Purpose            | External Port | Internal Port | Protocol | Required?                | Notes                                                |
+| ---------------------------- | ------------- | ------------- | -------- | ------------------------ | ---------------------------------------------------- |
+| **HTTPS (Caddy)**            | **443**       | 443           | TCP/UDP  | ✅ Yes                    | Needed for all domains + HTTP/3/QUIC                 |
+| **HTTP (Caddy, ACME)**       | **80**        | 80            | TCP      | ✅ Yes                    | Required for certificate issuance + redirect         |
+| **WireGuard VPN**            | **51820**     | 51820         | UDP      | ✅ Yes                    | Main WireGuard tunnel port                           |
+| **WG-Easy Web UI**           | 51821         | 51821         | TCP      | Optional                 | Only forward if you want to access admin UI remotely |
+| **Gitea SSH (Git over SSH)** | **222**       | 22            | TCP      | Optional but recommended | Required for `git clone ssh://...`                   |
+
 ## Secrets and Environment Variables
 
 Before deploying, you **must** replace all placeholder values in the config files. See `.env.example`.
@@ -68,6 +79,7 @@ The **homelab/** folder contains:
   - `https://<auth-domain>` → 2FAuth
   - `https://<storage-domain>` → Filebrowser
   - `https://<vpn-domain>` → Wireguard
+  - `https://<git-domain>` → Gitea
 
 ### Start the stack
 
@@ -85,8 +97,10 @@ mkdir -p services/vaultwarden \
          services/filebrowser/srv \
          services/filebrowser/database \
          services/filebrowser/config \
-         services/wg-easy/data
-ex```
+         services/wg-easy/data \
+         services/gitea/data \
+         services/gitea/postgres
+```
 
 ### Stop the stack
 
@@ -129,7 +143,7 @@ Then restart the containers:
 
 ```bash
 cd homelab
-docker compose restart vaultwarden 2fauth filebrowser portainer dozzle uptime-kuma netdata
+docker compose restart caddy vaultwarden 2fauth wg-easy gitea filebrowser portainer dozzle uptime-kuma netdata
 ```
 
 ## Updating