diff --git a/apps/gitea.yaml b/apps/gitea.yaml
new file mode 100644
index 0000000..1a8bf60
--- /dev/null
+++ b/apps/gitea.yaml
@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: gitea
+  namespace: argocd
+spec:
+  project: default
+  sources:
+    - repoURL: https://dl.gitea.com/charts/
+      chart: gitea
+      targetRevision: "*"
+      helm:
+        valueFiles:
+          - $values/helm/gitea/values.yaml
+    - repoURL: https://gitea.uzbutterfly.com/admin/k8s-manifests
+      targetRevision: HEAD
+      ref: values
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: gitea
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
diff --git a/apps/ingress-nginx.yaml b/apps/ingress-nginx.yaml
new file mode 100644
index 0000000..3a92879
--- /dev/null
+++ b/apps/ingress-nginx.yaml
@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: ingress-nginx
+  namespace: argocd
+spec:
+  project: default
+  sources:
+    - repoURL: https://kubernetes.github.io/ingress-nginx
+      chart: ingress-nginx
+      targetRevision: "*"
+      helm:
+        valueFiles:
+          - $values/helm/ingress-nginx/values.yaml
+    - repoURL: https://gitea.uzbutterfly.com/admin/k8s-manifests
+      targetRevision: HEAD
+      ref: values
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: ingress-nginx
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
diff --git a/apps/ingress-private.yaml b/apps/ingress-private.yaml
new file mode 100644
index 0000000..778c8b6
--- /dev/null
+++ b/apps/ingress-private.yaml
@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: ingress-private
+  namespace: argocd
+spec:
+  project: default
+  sources:
+    - repoURL: https://kubernetes.github.io/ingress-nginx
+      chart: ingress-nginx
+      targetRevision: "*"
+      helm:
+        valueFiles:
+          - $values/helm/ingress-private/values.yaml
+    - repoURL: https://gitea.uzbutterfly.com/admin/k8s-manifests
+      targetRevision: HEAD
+      ref: values
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: ingress-private
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
diff --git a/helm/argocd/values.yaml b/helm/argocd/values.yaml
new file mode 100644
index 0000000..cc9901b
--- /dev/null
+++ b/helm/argocd/values.yaml
@@ -0,0 +1,14 @@
+server:
+  ingress:
+    enabled: true
+    ingressClassName: nginx
+    annotations:
+      cert-manager.io/cluster-issuer: letsencrypt-prod
+      nginx.ingress.kubernetes.io/ssl-passthrough: "true"
+      nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+    hosts:
+      - argocd.uzbutterfly.com
+    tls:
+      - secretName: argocd-tls
+        hosts:
+          - argocd.uzbutterfly.com
diff --git a/helm/gitea/values.yaml b/helm/gitea/values.yaml
new file mode 100644
index 0000000..3b890d2
--- /dev/null
+++ b/helm/gitea/values.yaml
@@ -0,0 +1,54 @@
+persistence:
+  storageClass: local-path
+
+ingress:
+  enabled: true
+  ingressClassName: nginx
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+  hosts:
+    - host: gitea.uzbutterfly.com
+      paths:
+        - path: /
+          pathType: Prefix
+  tls:
+    - secretName: gitea-tls
+      hosts:
+        - gitea.uzbutterfly.com
+
+gitea:
+  admin:
+    username: admin
+    password: _!Str0ngP@ssw0rd
+    email: admin@uzbutterfly.com
+  config:
+    database:
+      DB_TYPE: postgres
+      HOST: postgres-rw.database.svc.cluster.local:5432
+      NAME: gitea
+      USER: gitea
+      PASSWD: _!Str0ngP@ssw0rd
+    cache:
+      ADAPTER: redis
+      HOST: redis://gitea-redis-master.gitea.svc.cluster.local:6379/0
+    session:
+      PROVIDER: redis
+      PROVIDER_CONFIG: redis://gitea-redis-master.gitea.svc.cluster.local:6379/1
+    queue:
+      TYPE: redis
+      CONN_STR: redis://gitea-redis-master.gitea.svc.cluster.local:6379/2
+
+postgresql:
+  enabled: false
+
+postgresql-ha:
+  enabled: false
+
+redis-cluster:
+  enabled: false
+
+redis:
+  enabled: false
+
+valkey-cluster:
+  enabled: false
diff --git a/helm/ingress-nginx/values.yaml b/helm/ingress-nginx/values.yaml
new file mode 100644
index 0000000..66251b9
--- /dev/null
+++ b/helm/ingress-nginx/values.yaml
@@ -0,0 +1,12 @@
+USER-SUPPLIED VALUES:
+controller:
+  config:
+    ssl-reject-handshake: true
+  metrics:
+    enabled: true
+    serviceMonitor:
+      enabled: true
+      namespace: monitoring
+  service:
+    externalIPs:
+    - 89.39.95.192
diff --git a/helm/ingress-private/values.yaml b/helm/ingress-private/values.yaml
new file mode 100644
index 0000000..17a10ca
--- /dev/null
+++ b/helm/ingress-private/values.yaml
@@ -0,0 +1,15 @@
+USER-SUPPLIED VALUES:
+controller:
+  electionID: ingress-private-leader
+  ingressClass: nginx-private
+  ingressClassResource:
+    controllerValue: k8s.io/ingress-private
+    default: false
+    name: nginx-private
+  service:
+    annotations:
+      metallb.universe.tf/allow-shared-ip: private
+    externalIPs:
+    - 10.8.0.1
+    loadBalancerIP: 10.8.0.1
+    type: LoadBalancer