diff --git a/.gitignore b/.gitignore
index acd78d7..c122dc8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,6 +5,7 @@
 **/netdata/config/health_alarm_notify.conf
 **/netdata/config/.container-hostname
 **/traefik/credentials
+**/zot/credentials
 **/*.private
 **/_*/
 **/_*
diff --git a/services/gitea/.env.template b/services/gitea/.env.template
new file mode 100644
index 0000000..9100d71
--- /dev/null
+++ b/services/gitea/.env.template
@@ -0,0 +1,19 @@
+## Volume settings ##
+VOLUME_DIR=
+
+## Domain settings ##
+DOMAIN=
+
+# Database configuration #
+DB_USER=
+DB_PASSWORD=
+DB_NAME=
+
+## Email settings ##
+SMTP_HOST=
+SMTP_PORT=
+SMTP_USER=
+SMTP_PASSWORD=
+
+## Timezone configuration ##
+TZ=
diff --git a/services/gitea/Makefile b/services/gitea/Makefile
new file mode 100644
index 0000000..136df88
--- /dev/null
+++ b/services/gitea/Makefile
@@ -0,0 +1,15 @@
+ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST))))
+SERVICE := gitea
+include $(ROOT_DIR)/../../core/common.mk
+include .env
+
+.ONESHELL:
+
+.PHONY: install
+install: ## Start all containers in background
+	@$(DOCKER_COMPOSE) up -d
+
+.PHONY: uninstall
+uninstall: ## Stop all containers and remove all data
+	@$(DOCKER_COMPOSE) down -v
+	@sudo rm -rf $(VOLUME_DIR)
diff --git a/services/gitea/docker-compose.yml b/services/gitea/docker-compose.yml
new file mode 100644
index 0000000..9a12cba
--- /dev/null
+++ b/services/gitea/docker-compose.yml
@@ -0,0 +1,80 @@
+version: "3.7"
+
+services:
+  ### Gitea: A lightweight DevOps platform. ###
+  gitea:
+    image: gitea/gitea:1.20.2
+    container_name: gitea
+    restart: always
+    depends_on:
+      - gitea-postgresql
+    environment:
+      - USER=git
+      - USER_UID=1000
+      - USER_GID=1000
+      - GITEA__database__DB_TYPE=postgres
+      - GITEA__database__HOST=gitea-postgresql:5432
+      - GITEA__database__USER=${DB_USER}
+      - GITEA__database__PASSWD=${DB_PASSWORD}
+      - GITEA__database__NAME=${DB_NAME}
+      - GITEA__mailer__ENABLED=true
+      - GITEA__mailer__PROTOCOL=smtps
+      - GITEA__mailer__FROM=${MAIL}
+      - GITEA__mailer__SMTP_ADDR=${SMTP_HOST}
+      - GITEA__mailer__SMTP_PORT=${SMTP_PORT}
+      - GITEA__mailer__USER=${SMTP_USER}
+      - GITEA__mailer__PASSWD=${SMTP_PASSWORD}
+      - GITEA__service__DISABLE_REGISTRATION=true
+      - TZ=${TZ}
+    volumes:
+      - ${VOLUME_DIR}/data:/var/lib/gitea
+      - ${VOLUME_DIR}/config:/etc/gitea
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    networks:
+      - default
+      - traefik-network
+    labels:
+      ## Watchtower configuration ##
+      - com.centurylinklabs.watchtower.enable=true
+      - com.centurylinklabs.watchtower.monitor-only=true
+
+      ## Diun configuration ##
+      - diun.enable=true
+
+      ## Traefik configuration ##
+      # Enable Traefik #
+      - traefik.enable=true
+      - traefik.docker.network=traefik-network
+
+      # Set entrypoint port #
+      - traefik.http.services.gitea.loadbalancer.server.port=3000
+
+      # Set HTTP domain and HTTP -> HTTPS redirection #
+      - traefik.http.routers.gitea.rule=Host(`${DOMAIN}`)
+      - traefik.http.routers.gitea.entrypoints=web
+      - traefik.http.routers.gitea.middlewares=https-redirect@file
+
+      # Set HTTPS domain #
+      - traefik.http.routers.gitea-secure.rule=Host(`${DOMAIN}`)
+      - traefik.http.routers.gitea-secure.entrypoints=websecure
+
+  ### Gitea database: PostgreSQL ###
+  gitea-postgresql:
+    image: postgres:15
+    container_name: gitea-postgresql
+    restart: always
+    environment:
+      - POSTGRES_USER=${DB_USER}
+      - POSTGRES_PASSWORD=${DB_PASSWORD}
+      - POSTGRES_DB=${DB_NAME}
+      - TZ=${TZ}
+    volumes:
+      - ${VOLUME_DIR}/db:/var/lib/postgresql/data
+
+networks:
+  default:
+    name: gitea-network
+  traefik-network:
+    name: traefik-network
+    external: true
diff --git a/services/zot/.env.template b/services/zot/.env.template
new file mode 100644
index 0000000..c4aebd5
--- /dev/null
+++ b/services/zot/.env.template
@@ -0,0 +1,8 @@
+## Volume settings ##
+VOLUME_DIR=
+
+## Domain settings ##
+DOMAIN=
+
+## Timezone configuration ##
+TZ=
diff --git a/services/zot/Makefile b/services/zot/Makefile
new file mode 100644
index 0000000..9c5b8a3
--- /dev/null
+++ b/services/zot/Makefile
@@ -0,0 +1,24 @@
+ROOT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST))))
+SERVICE := zot
+include $(ROOT_DIR)/../../core/common.mk
+include .env
+
+.ONESHELL:
+
+.PHONY: install
+install: ## Start all containers in background
+	@mkdir -p credentials
+	@touch credentials/users-credentials
+	@$(DOCKER_COMPOSE) up -d
+
+.PHONY: uninstall
+uninstall: ## Stop all containers and remove all data
+	@$(DOCKER_COMPOSE) down -v
+	@sudo rm -rf $(VOLUME_DIR)
+
+.PHONY: add-user
+add-user: ## Add a new user for Zot Registry
+	@read -p "Enter username: " username
+	@read -p "Enter password: " password
+	@echo $$(htpasswd -bBn $${username} $${password}) >> credentials/users-credentials
+	@$(DOCKER_COMPOSE) restart
diff --git a/services/zot/config/config.json b/services/zot/config/config.json
new file mode 100755
index 0000000..5ba21af
--- /dev/null
+++ b/services/zot/config/config.json
@@ -0,0 +1,38 @@
+{
+  "distSpecVersion": "1.1.0-dev",
+  "storage": {
+    "rootDirectory": "/tmp/zot"
+  },
+  "http": {
+    "address": "0.0.0.0",
+    "port": "5000",
+    "auth": {
+      "htpasswd": {
+        "path": "/tmp/credentials"
+      }
+    }
+  },
+  "log": {
+    "level": "debug",
+    "output": "/tmp/logs/zot.log",
+    "audit": "/tmp/logs/zot-audit.log"
+  },
+  "extensions": {
+    "search": {
+      "enable": true,
+      "cve": {
+        "updateInterval": "2h"
+      }
+    },
+    "ui": {
+      "enable": true
+    },
+    "mgmt": {
+      "enable": true
+    },
+    "scrub": {
+      "enable": true,
+      "interval": "24h"
+    }
+  }
+}
diff --git a/services/zot/docker-compose.yml b/services/zot/docker-compose.yml
new file mode 100644
index 0000000..697907d
--- /dev/null
+++ b/services/zot/docker-compose.yml
@@ -0,0 +1,49 @@
+version: "3.7"
+
+services:
+  ### Zot: OCI-native container image registry, simplified. ###
+  zot:
+    image: ghcr.io/project-zot/zot-linux-amd64:v2.0.0-rc6
+    container_name: zot
+    restart: always
+    environment:
+      - TZ=${TZ}
+    volumes:
+      - ./config/config.json:/etc/zot/config.json:ro
+      - ./credentials/users-credentials:/tmp/credentials
+      - ${VOLUME_DIR}/data:/tmp/zot
+      - ${VOLUME_DIR}/logs:/tmp/logs
+    networks:
+      - default
+      - traefik-network
+    labels:
+      ## Watchtower configuration ##
+      - com.centurylinklabs.watchtower.enable=true
+      - com.centurylinklabs.watchtower.monitor-only=true
+
+      ## Diun configuration ##
+      - diun.enable=true
+
+      ## Traefik configuration ##
+      # Enable Traefik #
+      - traefik.enable=true
+      - traefik.docker.network=traefik-network
+
+      # Set entrypoint port #
+      - traefik.http.services.zot.loadbalancer.server.port=5000
+
+      # Set HTTP domain and HTTP -> HTTPS redirection #
+      - traefik.http.routers.zot.rule=Host(`${DOMAIN}`)
+      - traefik.http.routers.zot.entrypoints=web
+      - traefik.http.routers.zot.middlewares=https-redirect@file
+
+      # Set HTTPS domain #
+      - traefik.http.routers.zot-secure.rule=Host(`${DOMAIN}`)
+      - traefik.http.routers.zot-secure.entrypoints=websecure
+
+networks:
+  default:
+    name: zot-network
+  traefik-network:
+    name: traefik-network
+    external: true