diff --git a/meta/domain-devspaces/index.yaml b/meta/domain-devspaces/index.yaml
index 1e8b4a8..ca9f4a3 100644
--- a/meta/domain-devspaces/index.yaml
+++ b/meta/domain-devspaces/index.yaml
@@ -250,6 +250,16 @@ options:
           type: string
       type: object
     type: array
+  gitea_ssh_port:
+    default: 2222
+    examples:
+    - 2222
+    type: integer
+  gitea_ssh_prefix:
+    default: git
+    examples:
+    - git
+    type: string
   haveFlux:
     default: false
     examples:
diff --git a/meta/domain-devspaces/organisations.tf b/meta/domain-devspaces/organisations.tf
index 3824bf4..b9b90da 100644
--- a/meta/domain-devspaces/organisations.tf
+++ b/meta/domain-devspaces/organisations.tf
@@ -32,6 +32,8 @@ resource "kubectl_manifest" "organisations" {
           "haveTekton" = var.haveTekton
           "haveFlux" = var.haveFlux
           "autoCD" = var.autoCD
+          "gitea_ssh_prefix" = var.gitea_ssh_prefix
+          "gitea_ssh_port" = var.gitea_ssh_port
         },
         { for k, v in local.sorted-organisations[count.index] : k => v if !contains(["name"], k) }
       ))}
diff --git a/share/gitea-tekton-org/auto-ci.tf b/share/gitea-tekton-org/auto-ci.tf
index aa9dcba..7d3f0fe 100644
--- a/share/gitea-tekton-org/auto-ci.tf
+++ b/share/gitea-tekton-org/auto-ci.tf
@@ -85,12 +85,49 @@ resource "kubectl_manifest" "auto-ci-detector" {
   EOF
 }
 
+resource "kubectl_manifest" "ci-git-repo" {
+  count = var.haveFlux?1:0
+  yaml_body  = <<-EOF
+    apiVersion: source.toolkit.fluxcd.io/v1
+    kind: GitRepository
+    metadata:
+      name: "${var.instance}-${var.component}-ci"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.push-labels)}
+    spec:
+      interval: 5m0s
+      ref:
+        branch: main
+      secretRef:
+        name: ssh-credentials
+      url: ssh://git@${var.gitea_ssh_prefix}.${var.domain_name}:${var.gitea_ssh_port}/${var.organization}/deploy.git
+  EOF
+}
+resource "kubectl_manifest" "ci-kustomization" {
+  count = var.haveFlux?1:0
+  yaml_body  = <<-EOF
+    apiVersion: kustomize.toolkit.fluxcd.io/v1
+    kind: Kustomization
+    metadata:
+      name: "${var.instance}-${var.component}-ci"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.push-labels)}
+    spec:
+      interval: 5m
+      path: ./ci
+      prune: true
+      sourceRef:
+        kind: GitRepository
+        name: "${var.instance}-${var.component}-ci"
+      timeout: 1m
+  EOF
+}
+
 resource "kubectl_manifest" "ci-trigger-push" {
   count = var.haveFlux?0:1
   yaml_body  = <<-EOF
     apiVersion: triggers.tekton.dev/v1beta1
     kind: Trigger
-    metadata:
     metadata:
       name: "${var.instance}-${var.component}-auto-push"
       namespace: "${var.namespace}"
diff --git a/share/gitea-tekton-org/index.yaml b/share/gitea-tekton-org/index.yaml
index c977ede..1597f90 100644
--- a/share/gitea-tekton-org/index.yaml
+++ b/share/gitea-tekton-org/index.yaml
@@ -21,6 +21,16 @@ options:
     examples:
     - your_company.com
     type: string
+  gitea_ssh_port:
+    default: 2222
+    examples:
+    - 2222
+    type: integer
+  gitea_ssh_prefix:
+    default: git
+    examples:
+    - git
+    type: string
   haveFlux:
     default: false
     examples:
diff --git a/share/gitea-tekton-org/v1_ConfigMap_auto-cd-templates.yaml b/share/gitea-tekton-org/v1_ConfigMap_auto-cd-templates.yaml
index 265d81d..42a84fa 100644
--- a/share/gitea-tekton-org/v1_ConfigMap_auto-cd-templates.yaml
+++ b/share/gitea-tekton-org/v1_ConfigMap_auto-cd-templates.yaml
@@ -96,6 +96,7 @@ data:
           template deploy-policy-default.yaml.tmpl "stages/${STAGE}/deploy/${PROJECT_NAME}/policy.yaml"
         fi
         copy empty-kusto.yaml "stages/${STAGE}/deploy/kustomization.yaml"
+        add_resources "../../../bases/deploy" "stages/${STAGE}/deploy/kustomization.yaml"
         template stage-kusto.yaml.tmpl "stages/${STAGE}/${PROJECT_NAME}/kustomization.yaml"
         template stage-ingress.yaml.tmpl "stages/${STAGE}/${PROJECT_NAME}/ingress.yaml"
         template stage-cert.yaml.tmpl "stages/${STAGE}/${PROJECT_NAME}/cert.yaml"
diff --git a/share/organisation/ci-space.tf b/share/organisation/ci-space.tf
index 9959c9f..6e9f86c 100644
--- a/share/organisation/ci-space.tf
+++ b/share/organisation/ci-space.tf
@@ -29,7 +29,8 @@ resource "kubectl_manifest" "tekton" {
         stages: ${jsonencode(local.sorted-stage-name)}
         haveFlux: ${jsonencode(var.haveFlux)}
         autoCD: ${jsonencode(var.autoCD)}
-
+        gitea_ssh_prefix: ${jsonencode(var.gitea_ssh_prefix)}
+        gitea_ssh_port: ${jsonencode(var.gitea_ssh_port)}
   EOF
 }
 
diff --git a/share/organisation/index.yaml b/share/organisation/index.yaml
index 373ee21..9c6321c 100644
--- a/share/organisation/index.yaml
+++ b/share/organisation/index.yaml
@@ -88,6 +88,16 @@ options:
     examples:
     - ''
     type: string
+  gitea_ssh_port:
+    default: 2222
+    examples:
+    - 2222
+    type: integer
+  gitea_ssh_prefix:
+    default: git
+    examples:
+    - git
+    type: string
   haveFlux:
     default: false
     examples: