diff --git a/basic/apps/code/gitea-values-configmap.yaml b/basic/apps/code/gitea-values-configmap.yaml
index 8afaf0914b38b91e992b055d40ead58060f2b7e6..a45f9ffda1155cd181285a78005a9c6857f5d476 100644
--- a/basic/apps/code/gitea-values-configmap.yaml
+++ b/basic/apps/code/gitea-values-configmap.yaml
@@ -29,6 +29,9 @@ data:
       config:
         server:
           ROOT_URL: "https://code.${domain}"
+          # START_SSH_SERVER: true
+        service:
+          DISABLE_REGISTRATION: true
         log:
           LEVEL: "Trace"
     persistence:
diff --git a/basic/config/kube-system/metallb-gitea.yaml b/basic/config/kube-system/metallb-gitea.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..90759f954b4a88662e8d7a4ff1b6cca91ee50e61
--- /dev/null
+++ b/basic/config/kube-system/metallb-gitea.yaml
@@ -0,0 +1,20 @@
+---
+# https://metallb.org/usage/
+#apiVersion: metallb.io/v1beta1
+apiVersion: v1
+kind: Service
+metadata:
+  name: gitea-ssh
+  namespace: kube-system
+  annotations:
+    #metallb.universe.tf/allow-shared-ip: "key-to-share-1.2.3.4"
+spec:
+  type: LoadBalancer
+  loadBalancerIP: "${ip_address}"
+  ports:
+    - name: ssh
+      protocol: SSH
+      port: 22
+      targetPort: 22
+  selector:
+    app: gitea
diff --git a/basic/infrastructure/kustomizations/kube-system-config.yaml b/basic/infrastructure/kustomizations/kube-system-config.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..62b6cb1780ccfd284b0a0b3d8fce30d4bdf02242
--- /dev/null
+++ b/basic/infrastructure/kustomizations/kube-system-config.yaml
@@ -0,0 +1,19 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: kube-system-config
+  namespace: flux-system
+spec:
+  interval: 1h
+  timeout: 20m
+  dependsOn:
+    - name: metallb
+  sourceRef:
+    kind: GitRepository
+    name: stackspout
+  path: ./basic/config/kube-system
+  prune: true
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: stackspin-cluster-variables