diff --git a/basic/apps/stackspout/dev/gitea-oauth-client.yaml b/basic/apps/stackspout/dev/gitea-oauth-client.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..8e953da37c1f54b114224cff323f9a5e19c9cb5e
--- /dev/null
+++ b/basic/apps/stackspout/dev/gitea-oauth-client.yaml
@@ -0,0 +1,21 @@
+apiVersion: hydra.ory.sh/v1alpha1
+kind: OAuth2Client
+metadata:
+  name: gitea-oauth-client
+  # Has to live in the same namespace as the stackspin-wordpress-oauth-variables secret
+  namespace: flux-system
+spec:
+  # TODO copied from wekan: https://github.com/wekan/wekan/wiki/Keycloak
+  grantTypes:
+    - authorization_code
+    - refresh_token
+    - client_credentials
+    - implicit
+  responseTypes:
+    - id_token
+    - code
+  scope: "openid profile email stackspin_roles"
+  secretName: stackspin-gitea-oauth-variables
+  #redirectUris:
+  #  - https://dev.${domain}/oauth/openid/
+  #tokenEndpointAuthMethod: client_secret_post
diff --git a/basic/apps/stackspout/dev/gitea-release.yaml b/basic/apps/stackspout/dev/gitea-release.yaml
index 1184836ac6ce62de998134b12c13e9f55880142f..f33c05448d8affec8b71320d564a454084d2ce05 100644
--- a/basic/apps/stackspout/dev/gitea-release.yaml
+++ b/basic/apps/stackspout/dev/gitea-release.yaml
@@ -14,15 +14,14 @@ spec:
         name: gitea
         namespace: stackspout
   interval: 10m
-  values:
-    ingress:
-      enabled: true
-      hosts:
-        - host: dev.ftt.gmbh
-          paths:
-             - path: /
-               pathType: Prefix
-      tls:
-        - secretName: gitea
-          hosts:
-            - dev.ftt.gmbh
+  valuesFrom:
+    - kind: ConfigMap
+      name: stackspin-gitea-values
+      optional: false
+    # Allow overriding values by ConfigMap or Secret
+    - kind: ConfigMap
+      name: stackspin-gitea-override
+      optional: true
+    - kind: Secret
+      name: stackspin-gitea-override
+      optional: true
diff --git a/basic/apps/stackspout/dev/gitea-values-configmap.yaml b/basic/apps/stackspout/dev/gitea-values-configmap.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..8ee7f1d119ddf28db2dec3f2fea178bae001a400
--- /dev/null
+++ b/basic/apps/stackspout/dev/gitea-values-configmap.yaml
@@ -0,0 +1,21 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: stackspin-gitea-values
+  namespace: stackspout
+data:
+  values.yaml:
+    ingress:
+      enabled: true
+      annotations:
+        kubernetes.io/tls-acme: "true"
+      hosts:
+        - host: "dev.${domain}"
+          paths:
+             - path: /
+               pathType: Prefix
+      tls:
+        - secretName: gitea-tls
+          hosts:
+            - "dev.${domain}"