diff --git a/karylab-entrance/gitea.yml b/karylab-entrance/gitea.yml
new file mode 100644
index 0000000..52eb61b
--- /dev/null
+++ b/karylab-entrance/gitea.yml
@@ -0,0 +1,94 @@
+version: "3"
+
+services:
+  # 1. 資料庫服務
+  db:
+    image: postgres:14
+    container_name: gitea_db
+    restart: always
+    environment:
+      - POSTGRES_USER=gitea
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - POSTGRES_DB=gitea
+    networks:
+      - gitea-net
+    volumes:
+      - postgres_db:/var/lib/postgresql/data
+
+  # 2. Gitea 主程式
+  server:
+    image: gitea/gitea:latest
+    container_name: gitea_server
+    restart: always
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+      # 資料庫連線設定
+      - GITEA__database__DB_TYPE=postgres
+      - GITEA__database__HOST=db:5432
+      - GITEA__database__NAME=gitea
+      - GITEA__database__USER=gitea
+      - GITEA__database__PASSWD=${POSTGRES_PASSWORD}
+      # 啟用 Actions (關鍵設定)
+      - GITEA__actions__ENABLED=true
+    networks:
+      - gitea-net
+      - webproxy
+    depends_on:
+      - db
+    ports:
+      - "7800:3000"  # 網頁瀏覽埠
+      - "7822:22"    # SSH Clone 埠
+    volumes:
+      - /mnt/data/External/gitea/gitea_data:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+      
+# 3. DinD Service (新增：獨立的 Docker Daemon)
+  docker:
+    image: docker:dind
+    container_name: gitea_dind
+    restart: always
+    privileged: true  # DinD 必須開啟此權限才能運作
+    environment:
+      - DOCKER_TLS_CERTDIR= # 設為空字串以關閉 TLS，簡化內部連線
+    networks:
+      - gitea-net
+    volumes:
+      - gitea_docker_certs:/certs/client
+      - gitea_docker_data:/var/lib/docker # 持久化，避免重啟後又要重新 pull image
+      
+  # 4. Actions Runner (負責跑自動化腳本)
+  runner:
+    image: gitea/act_runner:latest
+    container_name: gitea_runner
+    restart: always
+    depends_on:
+      - server
+      - docker
+    networks:
+      - gitea-net
+    volumes:
+      - /mnt/data/External/gitea/runner_data:/data
+
+    environment:
+      - CONFIG_FILE=/data/config.yaml
+      
+      # 注意：Runner 需要註冊 Token，我們在啟動後手動輸入一次即可
+      - GITEA_INSTANCE_URL=http://server:3000
+      
+      # 關鍵修改：告訴 Runner 不要找 Socket，而是用 TCP 連線到 docker 容器
+      - DOCKER_HOST=tcp://docker:2375
+
+volumes:
+  postgres_db:
+  gitea_docker_certs:
+  gitea_docker_data:
+
+networks:
+  gitea-net:
+    driver: bridge
+    
+  # npm bridge
+  webproxy:
+    external: true
\ No newline at end of file