diff --git a/template/edfbuilder.yaml b/template/edfbuilder.yaml
index 6afc8c2..4e9fabd 100644
--- a/template/edfbuilder.yaml
+++ b/template/edfbuilder.yaml
@@ -13,7 +13,7 @@ spec:
     namespace: argocd
   source:
     path: registry
-    repoURL: 'https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder'
+    repoURL: 'https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder'
     targetRevision: HEAD
   project: default
   syncPolicy:
diff --git a/template/registry/core.yaml b/template/registry/core.yaml
index aef343d..3a722ac 100644
--- a/template/registry/core.yaml
+++ b/template/registry/core.yaml
@@ -13,7 +13,7 @@ spec:
     namespace: argocd
   source:
     path: stacks/core
-    repoURL: 'https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder'
+    repoURL: 'https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder'
     targetRevision: HEAD
   project: default
   syncPolicy:
diff --git a/template/registry/local-backup.yaml b/template/registry/local-backup.yaml
index 5540134..a2ac46d 100644
--- a/template/registry/local-backup.yaml
+++ b/template/registry/local-backup.yaml
@@ -13,7 +13,7 @@ spec:
     namespace: argocd
   source:
     path: stacks/local-backup
-    repoURL: 'https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder'
+    repoURL: 'https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder'
     targetRevision: HEAD
   project: default
   syncPolicy:
diff --git a/template/registry/monitoring.yaml b/template/registry/monitoring.yaml
index 88b1af3..c9826bc 100644
--- a/template/registry/monitoring.yaml
+++ b/template/registry/monitoring.yaml
@@ -13,7 +13,7 @@ spec:
     namespace: argocd
   source:
     path: stacks/monitoring
-    repoURL: 'https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder'
+    repoURL: 'https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder'
     targetRevision: HEAD
   project: default
   syncPolicy:
diff --git a/template/registry/ref-implementation.yaml b/template/registry/ref-implementation.yaml
index 82bbeaf..3a6cf1a 100644
--- a/template/registry/ref-implementation.yaml
+++ b/template/registry/ref-implementation.yaml
@@ -13,7 +13,7 @@ spec:
     namespace: argocd
   source:
     path: stacks/ref-implementation
-    repoURL: 'https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder'
+    repoURL: 'https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder'
     targetRevision: HEAD
   project: default
   syncPolicy:
diff --git a/template/registry/second-cluster.yaml b/template/registry/second-cluster.yaml
index 6ff1357..98ddd40 100644
--- a/template/registry/second-cluster.yaml
+++ b/template/registry/second-cluster.yaml
@@ -13,7 +13,7 @@ spec:
     namespace: argocd
   source:
     path: stacks/second-cluster
-    repoURL: 'https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder'
+    repoURL: 'https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder'
     targetRevision: HEAD
   project: default
   syncPolicy:
diff --git a/template/stacks/core/argocd.yaml b/template/stacks/core/argocd.yaml
index 4f65e09..a79ef6c 100644
--- a/template/stacks/core/argocd.yaml
+++ b/template/stacks/core/argocd.yaml
@@ -18,13 +18,10 @@ spec:
   sources:
     - repoURL: https://github.com/argoproj/argo-helm
       path: charts/argo-cd
-      # TODO: RIRE Can be updated when https://github.com/argoproj/argo-cd/issues/20790 is fixed and merged
-      # As logout make problems, it is suggested to switch from path based routing to an own argocd domain,
-      # similar to the CNOE amazon reference implementation and in our case, Forgejo
       targetRevision: argo-cd-7.7.5
       helm:
         valueFiles:
           - $values/stacks/core/argocd/values.yaml
-    - repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder
+    - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
       targetRevision: HEAD
       ref: values
diff --git a/template/stacks/core/crossplane-compositions.yaml b/template/stacks/core/crossplane-compositions.yaml
index d5341c8..f6a6bc0 100644
--- a/template/stacks/core/crossplane-compositions.yaml
+++ b/template/stacks/core/crossplane-compositions.yaml
@@ -17,7 +17,7 @@ spec:
     namespace: crossplane-system
   source:
     path: stacks/core/crossplane-compositions
-    repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder
+    repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
     targetRevision: HEAD
     directory:
       recurse: true
diff --git a/template/stacks/core/crossplane-providers.yaml b/template/stacks/core/crossplane-providers.yaml
index 3fd69b7..760c33e 100644
--- a/template/stacks/core/crossplane-providers.yaml
+++ b/template/stacks/core/crossplane-providers.yaml
@@ -18,6 +18,6 @@ spec:
     namespace: crossplane-system
   source:
     path: stacks/core/crossplane-providers
-    repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder
+    repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
     targetRevision: HEAD
 {{{ end }}}
diff --git a/template/stacks/core/forgejo-runner.yaml b/template/stacks/core/forgejo-runner.yaml
deleted file mode 100644
index edff667..0000000
--- a/template/stacks/core/forgejo-runner.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: forgejo-runner
-  namespace: argocd
-  labels:
-    env: dev
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
-spec:
-  project: default
-  syncPolicy:
-    automated:
-      selfHeal: true
-    syncOptions:
-      - CreateNamespace=true
-  destination:
-    server: "https://kubernetes.default.svc"
-  source:
-    repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder
-    targetRevision: HEAD
-    path: "stacks/core/forgejo-runner"
diff --git a/template/stacks/core/forgejo-runner/dind-docker.yaml b/template/stacks/core/forgejo-runner/dind-docker.yaml
deleted file mode 100644
index 04b07a7..0000000
--- a/template/stacks/core/forgejo-runner/dind-docker.yaml
+++ /dev/null
@@ -1,105 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: forgejo-runner
-  name: forgejo-runner
-  namespace: gitea
-spec:
-  # Two replicas means that if one is busy, the other can pick up jobs.
-  replicas: 1
-  selector:
-    matchLabels:
-      app: forgejo-runner
-  strategy: {}
-  template:
-    metadata:
-      creationTimestamp: null
-      labels:
-        app: forgejo-runner
-    spec:
-      restartPolicy: Always
-      volumes:
-      - name: docker-certs
-        emptyDir: {}
-      - name: runner-data
-        emptyDir: {}
-      # Initialise our configuration file using offline registration
-      # https://forgejo.org/docs/v1.21/admin/actions/#offline-registration
-      initContainers:
-        - name: runner-register
-          image: code.forgejo.org/forgejo/runner:6.0.1
-          command: 
-            - "forgejo-runner"
-            - "register"
-            - "--no-interactive"
-            - "--token"
-            - $(RUNNER_SECRET)
-            - "--name"
-            - $(RUNNER_NAME)
-            - "--instance"
-            - $(FORGEJO_INSTANCE_URL)
-            - "--labels"
-            - "docker:docker://node:20-bookworm,ubuntu-22.04:docker://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/devfw-cicd/catthehackerubuntu:act-22.04,ubuntu-latest:docker://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/devfw-cicd/catthehackerubuntu:act-22.04"
-          env:
-            - name: RUNNER_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-            - name: RUNNER_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: forgejo-runner-token
-                  key: token
-            - name: FORGEJO_INSTANCE_URL
-              value: https://{{{ .Env.DOMAIN_GITEA }}}
-          volumeMounts:
-            - name: runner-data
-              mountPath: /data
-      containers:
-      - name: runner
-        image: code.forgejo.org/forgejo/runner:6.0.1
-        command: 
-          - "sh"
-          - "-c"
-          - |
-            while ! nc -z 127.0.0.1 2376 </dev/null; do
-              echo 'waiting for docker daemon...';
-              sleep 5;
-            done
-            forgejo-runner generate-config > config.yml ;
-            sed -i -e "s|privileged: .*|privileged: true|" config.yml
-            sed -i -e "s|network: .*|network: host|" config.yml ;
-            sed -i -e "s|^  envs:$$|  envs:\n    DOCKER_HOST: tcp://127.0.0.1:2376\n    DOCKER_TLS_VERIFY: 1\n    DOCKER_CERT_PATH: /certs/client|" config.yml ;
-            sed -i -e "s|^  options:|  options: -v /certs/client:/certs/client|" config.yml ;
-            sed -i -e "s|  valid_volumes: \[\]$$|  valid_volumes:\n    - /certs/client|" config.yml ;
-            /bin/forgejo-runner --config config.yml daemon
-        securityContext:
-          allowPrivilegeEscalation: true
-          privileged: true
-          readOnlyRootFilesystem: false
-          runAsGroup: 0
-          runAsNonRoot: false
-          runAsUser: 0
-        env:
-        - name: DOCKER_HOST
-          value: tcp://localhost:2376
-        - name: DOCKER_CERT_PATH
-          value: /certs/client
-        - name: DOCKER_TLS_VERIFY
-          value: "1"
-        volumeMounts:
-        - name: docker-certs
-          mountPath: /certs
-        - name: runner-data
-          mountPath: /data
-      - name: daemon
-        image: docker:27.4.1-dind
-        env:
-        - name: DOCKER_TLS_CERTDIR
-          value: /certs
-        securityContext:
-          privileged: true
-        volumeMounts:
-        - name: docker-certs
-          mountPath: /certs
diff --git a/template/stacks/core/forgejo.yaml b/template/stacks/core/forgejo.yaml
index 9b4aeae..c8328c0 100644
--- a/template/stacks/core/forgejo.yaml
+++ b/template/stacks/core/forgejo.yaml
@@ -22,6 +22,6 @@ spec:
       helm:
         valueFiles:
           - $values/stacks/core/forgejo/values.yaml
-    - repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder
+    - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
       targetRevision: HEAD
       ref: values
diff --git a/template/stacks/core/forgejo/values.yaml b/template/stacks/core/forgejo/values.yaml
index 1bf35c2..bfcd384 100644
--- a/template/stacks/core/forgejo/values.yaml
+++ b/template/stacks/core/forgejo/values.yaml
@@ -25,8 +25,8 @@ gitea:
     queue:
       TYPE: level
     server:
-      DOMAIN: '{{{ .Env.DOMAIN_GITEA }}}'
-      ROOT_URL: 'https://{{{ .Env.DOMAIN_GITEA }}}:443'
+      DOMAIN: 'gitea.{{{ .Env.DOMAIN }}}'
+      ROOT_URL: 'https://gitea.{{{ .Env.DOMAIN }}}:443'
 
 service:
   ssh:
@@ -53,4 +53,3 @@ forgejo:
           - docker:docker://node:16-bullseye
           - self-hosted:docker://ghcr.io/catthehacker/ubuntu:act-22.04
           - ubuntu-22.04:docker://ghcr.io/catthehacker/ubuntu:act-22.04
-          - ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-22.04
diff --git a/template/stacks/core/ingress-apps.yaml b/template/stacks/core/ingress-apps.yaml
index ec156c5..ae66d9f 100644
--- a/template/stacks/core/ingress-apps.yaml
+++ b/template/stacks/core/ingress-apps.yaml
@@ -11,7 +11,7 @@ spec:
   destination:
     server: "https://kubernetes.default.svc"
   source:
-    repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder
+    repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
     targetRevision: HEAD
     path: "stacks/core/ingress-apps"
   project: default
diff --git a/template/stacks/core/ingress-apps/forgejo.yaml b/template/stacks/core/ingress-apps/forgejo.yaml
index a5657ca..3143875 100644
--- a/template/stacks/core/ingress-apps/forgejo.yaml
+++ b/template/stacks/core/ingress-apps/forgejo.yaml
@@ -6,7 +6,7 @@ metadata:
     nginx.ingress.kubernetes.io/proxy-body-size: 512m
 {{{ if eq .Env.CLUSTER_TYPE "osc" }}}
     dns.gardener.cloud/class: garden
-    dns.gardener.cloud/dnsnames: {{{ .Env.DOMAIN_GITEA }}}
+    dns.gardener.cloud/dnsnames: gitea.{{{ .Env.DOMAIN }}}
     dns.gardener.cloud/ttl: "600"
 {{{ end }}}
   name: forgejo
@@ -14,7 +14,7 @@ metadata:
 spec:
   ingressClassName: nginx
   rules:
-  - host: {{{ .Env.DOMAIN_GITEA }}}
+  - host: gitea.{{{ .Env.DOMAIN }}}
     http:
       paths:
       - backend:
@@ -26,5 +26,5 @@ spec:
         pathType: Prefix
   tls:
   - hosts:
-    - {{{ .Env.DOMAIN_GITEA }}}
+    - gitea.{{{ .Env.DOMAIN }}}
     secretName: forgejo-net-tls
diff --git a/template/stacks/core/ingress-nginx.yaml b/template/stacks/core/ingress-nginx.yaml
index cb69681..4e1f1a8 100644
--- a/template/stacks/core/ingress-nginx.yaml
+++ b/template/stacks/core/ingress-nginx.yaml
@@ -22,6 +22,6 @@ spec:
       helm:
         valueFiles:
           - $values/stacks/core/ingress-nginx/values.yaml
-    - repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder
+    - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
       targetRevision: HEAD
       ref: values
diff --git a/template/stacks/local-backup/minio.yaml b/template/stacks/local-backup/minio.yaml
index 7de20cd..5163ef0 100644
--- a/template/stacks/local-backup/minio.yaml
+++ b/template/stacks/local-backup/minio.yaml
@@ -17,10 +17,10 @@ spec:
         valueFiles:
           - $values/stacks/local-backup/minio/helm/values.yaml
       chart: minio
-    - repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder
+    - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
       targetRevision: HEAD
       ref: values
-    - repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder
+    - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
       targetRevision: HEAD
       path: "stacks/local-backup/minio/manifests"
   destination:
diff --git a/template/stacks/local-backup/velero.yaml b/template/stacks/local-backup/velero.yaml
index e668cf6..a798f63 100644
--- a/template/stacks/local-backup/velero.yaml
+++ b/template/stacks/local-backup/velero.yaml
@@ -17,7 +17,7 @@ spec:
         valueFiles:
           - $values/stacks/local-backup/velero/helm/values.yaml
       chart: velero
-    - repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder
+    - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
       targetRevision: HEAD
       ref: values
   destination:
diff --git a/template/stacks/monitoring/alloy/values.yaml b/template/stacks/monitoring/alloy/values.yaml
deleted file mode 100644
index 3f038fa..0000000
--- a/template/stacks/monitoring/alloy/values.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-alloy:
-  create: false
-  name: alloy-config
-  key: config.alloy
diff --git a/template/stacks/monitoring/grafana-dashboards.yaml b/template/stacks/monitoring/grafana-dashboards.yaml
index 186f692..f27e669 100644
--- a/template/stacks/monitoring/grafana-dashboards.yaml
+++ b/template/stacks/monitoring/grafana-dashboards.yaml
@@ -10,7 +10,7 @@ metadata:
 spec:
   project: default
   source:
-    repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder
+    repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
     targetRevision: HEAD
     path: "stacks/monitoring/kube-prometheus/dashboards"
   destination:
diff --git a/template/stacks/monitoring/kube-prometheus-sso.yaml b/template/stacks/monitoring/kube-prometheus-sso.yaml
deleted file mode 100644
index 0e6e43a..0000000
--- a/template/stacks/monitoring/kube-prometheus-sso.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: kube-prometheus-sso
-  namespace: argocd
-  labels:
-    env: dev
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
-spec:
-  project: default
-  source:
-    repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder
-    targetRevision: HEAD
-    path: "stacks/monitoring/kube-prometheus-sso"
-  destination:
-    server: "https://kubernetes.default.svc"
-    namespace: monitoring
-  syncPolicy:
-    syncOptions:
-      - CreateNamespace=true
-    automated:
-      selfHeal: true
-    retry:
-      limit: -1
-      backoff:
-        duration: 15s
-        factor: 1
-        maxDuration: 15s
diff --git a/template/stacks/monitoring/kube-prometheus-sso/secret-grafana.yaml b/template/stacks/monitoring/kube-prometheus-sso/secret-grafana.yaml
deleted file mode 100644
index 896ec1b..0000000
--- a/template/stacks/monitoring/kube-prometheus-sso/secret-grafana.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: auth-generic-oauth-secret
-  namespace: monitoring
-spec:
-  secretStoreRef:
-    name: keycloak
-    kind: ClusterSecretStore
-  refreshInterval: "0"
-  target:
-    name: auth-generic-oauth-secret
-    template:
-      engineVersion: v2
-      data:
-        client_secret: "{{.GRAFANA_CLIENT_SECRET}}"
-  data:
-    - secretKey: GRAFANA_CLIENT_SECRET
-      remoteRef:
-        key: keycloak-clients
-        property: GRAFANA_CLIENT_SECRET
diff --git a/template/stacks/monitoring/kube-prometheus.yaml b/template/stacks/monitoring/kube-prometheus.yaml
index 7bcf3ca..f4f6ea5 100644
--- a/template/stacks/monitoring/kube-prometheus.yaml
+++ b/template/stacks/monitoring/kube-prometheus.yaml
@@ -15,12 +15,6 @@ spec:
     syncOptions:
       - CreateNamespace=true
       - ServerSideApply=true  # do not copy metdata, since (because of its large size) it can lead to sync failure
-    retry:
-      limit: -1
-      backoff:
-        duration: 15s
-        factor: 1
-        maxDuration: 15s
   destination:
     name: in-cluster
     namespace: monitoring
@@ -31,6 +25,6 @@ spec:
       helm:
         valueFiles:
           - $values/stacks/monitoring/kube-prometheus/values.yaml
-    - repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder
+    - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
       targetRevision: HEAD
       ref: values
diff --git a/template/stacks/monitoring/kube-prometheus/values.yaml b/template/stacks/monitoring/kube-prometheus/values.yaml
index 901345f..9c0ca32 100644
--- a/template/stacks/monitoring/kube-prometheus/values.yaml
+++ b/template/stacks/monitoring/kube-prometheus/values.yaml
@@ -33,33 +33,7 @@ grafana:
       domain: {{{ .Env.DOMAIN }}}
       root_url: "%(protocol)s://%(domain)s/grafana"
       serve_from_sub_path: true
-    auth:
-      disable_login: true
-      disable_login_form: true
-    auth.generic_oauth:
-      enabled: true
-      name: Keycloak-OAuth
-      allow_sign_up: true
-      use_refresh_token: true
-      client_id: grafana
-      client_secret: $__file{/etc/secrets/auth_generic_oauth/client_secret}
-      scopes: openid email profile offline_access roles
-      email_attribute_path: email
-      login_attribute_path: username
-      name_attribute_path: full_name
-      auth_url: https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe/protocol/openid-connect/auth
-      token_url: https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe/protocol/openid-connect/token
-      api_url: https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe/protocol/openid-connect/userinfo
-      redirect_uri: http://{{{ .Env.DOMAIN }}}/grafana/login/generic_oauth
-      role_attribute_path: "contains(groups[*], 'admin') && 'Admin' || contains(groups[*], 'editor') && 'Editor' || 'Viewer'"
       
-  extraSecretMounts:
-    - name: auth-generic-oauth-secret-mount
-      secretName: auth-generic-oauth-secret
-      defaultMode: 0440
-      mountPath: /etc/secrets/auth_generic_oauth
-      readOnly: true
-
   serviceMonitor:
     # If true, a ServiceMonitor CRD is created for a prometheus operator https://github.com/coreos/prometheus-operator
     enabled: true
diff --git a/template/stacks/monitoring/loki.yaml b/template/stacks/monitoring/loki.yaml
index a2f0238..8494955 100644
--- a/template/stacks/monitoring/loki.yaml
+++ b/template/stacks/monitoring/loki.yaml
@@ -24,7 +24,7 @@ spec:
       helm:
         valueFiles:
           - $values/stacks/monitoring/loki/values.yaml
-    - repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder
+    - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
       targetRevision: HEAD
       ref: values
 
diff --git a/template/stacks/monitoring/promtail.yaml b/template/stacks/monitoring/promtail.yaml
index 8f4af77..bc4682d 100644
--- a/template/stacks/monitoring/promtail.yaml
+++ b/template/stacks/monitoring/promtail.yaml
@@ -24,6 +24,6 @@ spec:
       helm:
         valueFiles:
           - $values/stacks/monitoring/promtail/values.yaml
-    - repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder
+    - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
       targetRevision: HEAD
       ref: values
\ No newline at end of file
diff --git a/template/stacks/ref-implementation/argo-workflows.yaml b/template/stacks/ref-implementation/argo-workflows.yaml
index ef23482..93cc7b1 100644
--- a/template/stacks/ref-implementation/argo-workflows.yaml
+++ b/template/stacks/ref-implementation/argo-workflows.yaml
@@ -10,7 +10,7 @@ metadata:
 spec:
   project: default
   source:
-    repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder
+    repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
     targetRevision: HEAD
     path: "stacks/ref-implementation/argo-workflows/manifests/dev"
   destination:
@@ -23,7 +23,3 @@ spec:
       selfHeal: true
     retry:
       limit: -1
-      backoff:
-        duration: 15s
-        factor: 1
-        maxDuration: 15s
diff --git a/template/stacks/ref-implementation/backstage-templates.yaml b/template/stacks/ref-implementation/backstage-templates.yaml
index 2749418..adb5f08 100644
--- a/template/stacks/ref-implementation/backstage-templates.yaml
+++ b/template/stacks/ref-implementation/backstage-templates.yaml
@@ -10,7 +10,7 @@ metadata:
 spec:
   project: default
   source:
-    repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder
+    repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
     targetRevision: HEAD
     path: "stacks/ref-implementation/backstage-templates/entities"
     directory:
diff --git a/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/skeleton/catalog-info.yaml b/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/skeleton/catalog-info.yaml
index dbe0264..bc52aa8 100644
--- a/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/skeleton/catalog-info.yaml
+++ b/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/skeleton/catalog-info.yaml
@@ -20,7 +20,7 @@ metadata:
     backstage.io/kubernetes-namespace: default
     argocd/app-name: ${{values.name | dump}}
   links:
-    - url: https://{{{ .Env.DOMAIN_GITEA }}}:443
+    - url: https://gitea.{{{ .Env.DOMAIN }}}:443
       title: Repo URL
       icon: github
 spec:
diff --git a/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/template.yaml b/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/template.yaml
index fd440d3..34ee8da 100644
--- a/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/template.yaml
+++ b/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/template.yaml
@@ -100,7 +100,7 @@ spec:
       input:
         description: This is an example app
         # Hard coded value for this demo purposes only.
-        repoUrl: {{{ .Env.DOMAIN_GITEA }}}:443/?repo=${{parameters.name}}
+        repoUrl: gitea.{{{ .Env.DOMAIN }}}:443/?repo=${{parameters.name}}
         defaultBranch: main
     - id: create-argocd-app
       name: Create ArgoCD App
@@ -111,7 +111,7 @@ spec:
         argoInstance: in-cluster
         projectName: default
         # necessary until we generate our own cert
-        repoUrl: https://{{{ .Env.DOMAIN_GITEA }}}:443/giteaAdmin/${{parameters.name}}
+        repoUrl: https://gitea.{{{ .Env.DOMAIN }}}:443/giteaAdmin/${{parameters.name}}
         path: "kustomize/base"
     - id: register
       name: Register
diff --git a/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/skeleton/catalog-info.yaml b/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/skeleton/catalog-info.yaml
index ccdf3d0..04416ba 100644
--- a/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/skeleton/catalog-info.yaml
+++ b/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/skeleton/catalog-info.yaml
@@ -14,7 +14,7 @@ metadata:
     apache-spark.cnoe.io/label-selector: env=dev,entity-id=${{values.name}}
     apache-spark.cnoe.io/cluster-name: local
   links:
-    - url: https://{{{ .Env.DOMAIN_GITEA }}}:443
+    - url: https://gitea.{{{ .Env.DOMAIN }}}:443
       title: Repo URL
       icon: github
 spec:
diff --git a/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/template.yaml b/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/template.yaml
index 12c68a3..f6e3083 100644
--- a/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/template.yaml
+++ b/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/template.yaml
@@ -35,7 +35,7 @@ spec:
       input:
         description: This is an example app
         # Hard coded value for this demo purposes only.
-        repoUrl: {{{ .Env.DOMAIN_GITEA }}}:443/?repo=${{parameters.name}}
+        repoUrl: gitea.{{{ .Env.DOMAIN }}}:443/?repo=${{parameters.name}}
         defaultBranch: main
     - id: create-argocd-app
       name: Create ArgoCD App
@@ -46,7 +46,7 @@ spec:
         argoInstance: in-cluster
         projectName: default
         # necessary until we generate our own cert
-        repoUrl: https://{{{ .Env.DOMAIN_GITEA }}}:443/giteaAdmin/${{parameters.name}}
+        repoUrl: https://gitea.{{{ .Env.DOMAIN }}}:443/giteaAdmin/${{parameters.name}}
         path: "manifests"
     - id: register
       name: Register
diff --git a/template/stacks/ref-implementation/backstage-templates/entities/basic/skeleton/catalog-info.yaml b/template/stacks/ref-implementation/backstage-templates/entities/basic/skeleton/catalog-info.yaml
index e583206..102ff01 100644
--- a/template/stacks/ref-implementation/backstage-templates/entities/basic/skeleton/catalog-info.yaml
+++ b/template/stacks/ref-implementation/backstage-templates/entities/basic/skeleton/catalog-info.yaml
@@ -10,7 +10,7 @@ metadata:
     backstage.io/kubernetes-namespace: default
     argocd/app-name: ${{values.name | dump}}
   links:
-    - url: https://{{{ .Env.DOMAIN_GITEA }}}:443
+    - url: https://gitea.{{{ .Env.DOMAIN }}}:443
       title: Repo URL
       icon: github
 spec:
diff --git a/template/stacks/ref-implementation/backstage-templates/entities/basic/template.yaml b/template/stacks/ref-implementation/backstage-templates/entities/basic/template.yaml
index e69d13c..7fb96a7 100644
--- a/template/stacks/ref-implementation/backstage-templates/entities/basic/template.yaml
+++ b/template/stacks/ref-implementation/backstage-templates/entities/basic/template.yaml
@@ -31,7 +31,7 @@ spec:
       input:
         description: This is an example app
         # Hard coded value for this demo purposes only.
-        repoUrl: {{{ .Env.DOMAIN_GITEA }}}:443/?repo=${{parameters.name}}
+        repoUrl: gitea.{{{ .Env.DOMAIN }}}:443/?repo=${{parameters.name}}
         defaultBranch: main
     - id: create-argocd-app
       name: Create ArgoCD App
@@ -42,7 +42,7 @@ spec:
         argoInstance: in-cluster
         projectName: default
         # necessary until we generate our own cert
-        repoUrl: https://{{{ .Env.DOMAIN_GITEA }}}:443/giteaAdmin/${{parameters.name}}
+        repoUrl: https://gitea.{{{ .Env.DOMAIN }}}:443/giteaAdmin/${{parameters.name}}
         path: "manifests"
     - id: register
       name: Register
diff --git a/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/skeleton/catalog-info.yaml b/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/skeleton/catalog-info.yaml
index 07090f2..f75a37f 100644
--- a/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/skeleton/catalog-info.yaml
+++ b/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/skeleton/catalog-info.yaml
@@ -9,7 +9,7 @@ metadata:
     backstage.io/kubernetes-label-selector: 'entity-id=${{ values.name }}'
     backstage.io/kubernetes-namespace: gitea
   links:
-    - url: https://{{{ .Env.DOMAIN_GITEA }}}:443
+    - url: https://gitea.{{{ .Env.DOMAIN }}}:443
       title: Repo URL
       icon: git
 spec:
@@ -26,7 +26,7 @@ metadata:
   annotations:
     backstage.io/techdocs-ref: dir:.
   links:
-    - url: https://{{{ .Env.DOMAIN_GITEA }}}:443
+    - url: https://gitea.{{{ .Env.DOMAIN }}}:443
       title: Gitea Repo
       icon: git
 spec:
diff --git a/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/template.yaml b/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/template.yaml
index 6e9421d..133e70e 100644
--- a/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/template.yaml
+++ b/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/template.yaml
@@ -33,7 +33,7 @@ spec:
       name: Publish to Gitea
       action: publish:gitea
       input:
-        repoUrl: {{{ .Env.DOMAIN_GITEA }}}:443/?repo=${{parameters.name}}
+        repoUrl: gitea.{{{ .Env.DOMAIN }}}:443/?repo=${{parameters.name}}
         description: This is the repository for ${{ parameters.name }}
         sourcePath: ./skeleton
         defaultBranch: main
diff --git a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/.github/workflows/gradle-build.yml b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/.github/workflows/gradle-build.yml
new file mode 100644
index 0000000..61fadfd
--- /dev/null
+++ b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/.github/workflows/gradle-build.yml
@@ -0,0 +1,32 @@
+# This workflow will build a Java project with Gradle, and cache/restore any dependencies to improve the workflow execution time
+# For more information see: https://docs.github.com/en/actions/use-cases-and-examples/building-and-testing/building-and-testing-java-with-gradle
+
+name: Java CI with Gradle
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        java: [ '17' ]
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up JDK {% raw %}${{matrix.java}}{% endraw %}
+        uses: https://github.com/actions/setup-java@v4
+        with:
+          java-version: '{% raw %}${{matrix.java}}{% endraw %}'
+          distribution: 'adopt'
+          cache: maven
+      - name: Setup Gradle
+        uses: https://github.com/gradle/actions/setup-gradle@v4
+      - name: Build with Gradle
+        run: ./gradlew build
+
diff --git a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/.github/workflows/maven-build.yml b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/.github/workflows/maven-build.yml
index 62cbd53..f04cf78 100644
--- a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/.github/workflows/maven-build.yml
+++ b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/.github/workflows/maven-build.yml
@@ -28,12 +28,12 @@ jobs:
           distribution: 'adopt'
           cache: maven
       - name: Build with Maven Wrapper
-        run: ./mvnw -B -DskipTests verify
+        run: ./mvnw -B verify
       - name: Build image
         #run: ./mvnw spring-boot:build-image # the original image build
         run: |
           export CONTAINER_REPO=$(echo {% raw %}${{ env.GITHUB_REPOSITORY }}{% endraw %} | tr '[:upper:]' '[:lower:]')
-          ./mvnw com.google.cloud.tools:jib-maven-plugin:3.4.4:build -Djib.allowInsecureRegistries=true -Dimage={{{ .Env.DOMAIN_GITEA }}}/${CONTAINER_REPO}:latest -Djib.to.auth.username={% raw %}${{ github.actor }}{% endraw %} -Djib.to.auth.password={% raw %}${{ secrets.PACKAGES_TOKEN }}{% endraw %} -Djib.from.platforms=linux/arm64,linux/amd64
+          ./mvnw com.google.cloud.tools:jib-maven-plugin:3.4.4:build -Djib.allowInsecureRegistries=true -Dimage=gitea.{{{ .Env.DOMAIN }}}/${CONTAINER_REPO}:latest -Djib.to.auth.username={% raw %}${{ github.actor }}{% endraw %} -Djib.to.auth.password={% raw %}${{ secrets.PACKAGES_TOKEN }}{% endraw %}
       - name: Build image as tar
         run: |
           ./mvnw com.google.cloud.tools:jib-maven-plugin:3.4.4:buildTar -Djib.allowInsecureRegistries=true
@@ -57,11 +57,7 @@ jobs:
           NODE_TLS_REJECT_UNAUTHORIZED: 0 # This is necessary due to self signed certs for forgejo, proper setups can skip this
       - name: install trivy from deb package
         run: |
-          if [[ "$(uname -m)" == "x86_64" ]]; then
-            wget -O trivy.deb https://github.com/aquasecurity/trivy/releases/download/v0.58.0/trivy_0.58.0_Linux-64bit.deb
-          else
-            wget -O trivy.deb https://github.com/aquasecurity/trivy/releases/download/v0.58.0/trivy_0.58.0_Linux-ARM64.deb
-          fi
+          wget -O trivy.deb https://github.com/aquasecurity/trivy/releases/download/v0.58.0/trivy_0.58.0_Linux-64bit.deb
           DEBIAN_FRONTEND=noninteractive dpkg -i trivy.deb
       - name: scan the image
         run: trivy image --input jib-image.tar
diff --git a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/catalog-info.yaml b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/catalog-info.yaml
index f9d4b3d..94a7880 100644
--- a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/catalog-info.yaml
+++ b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/catalog-info.yaml
@@ -9,7 +9,7 @@ metadata:
     backstage.io/kubernetes-label-selector: 'entity-id=${{ values.name }}'
     backstage.io/kubernetes-namespace: gitea
   links:
-    - url: https://{{{ .Env.DOMAIN_GITEA }}}:443
+    - url: https://gitea.{{{ .Env.DOMAIN }}}:443
       title: Repo URL
       icon: git
 spec:
@@ -26,7 +26,7 @@ metadata:
   annotations:
     backstage.io/techdocs-ref: dir:.
   links:
-    - url: https://{{{ .Env.DOMAIN_GITEA }}}:443
+    - url: https://gitea.{{{ .Env.DOMAIN }}}:443
       title: Gitea Repo
       icon: git
 spec:
diff --git a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/k8s/petclinic.yml b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/k8s/petclinic.yml
index aa6b3d4..5098ca3 100644
--- a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/k8s/petclinic.yml
+++ b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/k8s/petclinic.yml
@@ -58,7 +58,7 @@ spec:
     spec:
       containers:
         - name: workload
-          image: {{{ .Env.DOMAIN_GITEA }}}/giteaadmin/${{ values.name }}
+          image: gitea.{{{ .Env.DOMAIN }}}/giteaadmin/${{ values.name }}
           env:
             - name: SPRING_PROFILES_ACTIVE
               value: postgres
diff --git a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/template.yaml b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/template.yaml
index 84dc871..50afc43 100644
--- a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/template.yaml
+++ b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/template.yaml
@@ -50,7 +50,7 @@ spec:
       name: Publish to Gitea
       action: publish:gitea
       input:
-        repoUrl: {{{ .Env.DOMAIN_GITEA }}}:443/?repo=${{parameters.name}}
+        repoUrl: gitea.{{{ .Env.DOMAIN }}}:443/?repo=${{parameters.name}}
         description: This is the repository for ${{ parameters.name }}
         sourcePath: ./
         defaultBranch: main
@@ -64,7 +64,7 @@ spec:
         argoInstance: in-cluster
         projectName: default
         # necessary until we generate our own cert
-        repoUrl: https://{{{ .Env.DOMAIN_GITEA }}}:443/giteaAdmin/${{parameters.name}}
+        repoUrl: https://gitea.{{{ .Env.DOMAIN }}}:443/giteaAdmin/${{parameters.name}}
         path: "k8s"
 
     - id: register
diff --git a/template/stacks/ref-implementation/backstage.yaml b/template/stacks/ref-implementation/backstage.yaml
index 01932dc..f162001 100644
--- a/template/stacks/ref-implementation/backstage.yaml
+++ b/template/stacks/ref-implementation/backstage.yaml
@@ -10,7 +10,7 @@ metadata:
 spec:
   project: default
   source:
-    repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder
+    repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
     targetRevision: HEAD
     path: "stacks/ref-implementation/backstage/manifests"
   destination:
@@ -23,7 +23,3 @@ spec:
       selfHeal: true
     retry:
       limit: -1
-      backoff:
-        duration: 15s
-        factor: 1
-        maxDuration: 15s
diff --git a/template/stacks/ref-implementation/backstage/manifests/install.yaml b/template/stacks/ref-implementation/backstage/manifests/install.yaml
index b3bfd57..b46fbd4 100644
--- a/template/stacks/ref-implementation/backstage/manifests/install.yaml
+++ b/template/stacks/ref-implementation/backstage/manifests/install.yaml
@@ -106,12 +106,12 @@ data:
 
     integrations:
       gitea:
-        - baseUrl: https://{{{ .Env.DOMAIN_GITEA }}}:443
-          host: {{{ .Env.DOMAIN_GITEA }}}:443
+        - baseUrl: https://gitea.{{{ .Env.DOMAIN }}}:443
+          host: gitea.{{{ .Env.DOMAIN }}}:443
           username: ${GITEA_USERNAME}
           password: ${GITEA_PASSWORD}
-        - baseUrl: https://{{{ .Env.DOMAIN_GITEA }}}
-          host: {{{ .Env.DOMAIN_GITEA }}}
+        - baseUrl: https://gitea.{{{ .Env.DOMAIN }}}
+          host: gitea.{{{ .Env.DOMAIN }}}
           username: ${GITEA_USERNAME}
           password: ${GITEA_PASSWORD}
         - baseUrl: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live
@@ -167,7 +167,7 @@ data:
       locations:
         # Examples from a public GitHub repository.
         - type: url
-          target: https://{{{ .Env.DOMAIN_GITEA }}}:443/giteaAdmin/edfbuilder/raw/branch/main/stacks/ref-implementation/backstage-templates/entities/catalog-info.yaml
+          target: https://gitea.{{{ .Env.DOMAIN }}}:443/giteaAdmin/edfbuilder/raw/branch/main/stacks/ref-implementation/backstage-templates/entities/catalog-info.yaml
           rules:
             - allow: [Component, System, API, Resource, Location, Template, User, Group]
     kubernetes:
diff --git a/template/stacks/ref-implementation/external-secrets.yaml b/template/stacks/ref-implementation/external-secrets.yaml
index 37e8004..de2c53a 100644
--- a/template/stacks/ref-implementation/external-secrets.yaml
+++ b/template/stacks/ref-implementation/external-secrets.yaml
@@ -12,7 +12,7 @@ spec:
     namespace: external-secrets
     server: "https://kubernetes.default.svc"
   source:
-    repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder
+    repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
     targetRevision: HEAD
     path: "stacks/ref-implementation/external-secrets/manifests"
   project: default
diff --git a/template/stacks/ref-implementation/fibonacci-app.yaml b/template/stacks/ref-implementation/fibonacci-app.yaml
index 91b7b2f..b049686 100644
--- a/template/stacks/ref-implementation/fibonacci-app.yaml
+++ b/template/stacks/ref-implementation/fibonacci-app.yaml
@@ -10,7 +10,7 @@ metadata:
 spec:
   project: default
   source:
-    repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder
+    repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
     targetRevision: HEAD
     path: "stacks/ref-implementation/fibonacci-app"
   destination:
diff --git a/template/stacks/monitoring/alloy.yaml b/template/stacks/ref-implementation/forgejo-runner.yaml
similarity index 53%
rename from template/stacks/monitoring/alloy.yaml
rename to template/stacks/ref-implementation/forgejo-runner.yaml
index 7d4d614..bceefc7 100644
--- a/template/stacks/monitoring/alloy.yaml
+++ b/template/stacks/ref-implementation/forgejo-runner.yaml
@@ -1,7 +1,7 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: alloy
+  name: forgejo-runner
   namespace: argocd
   labels:
     env: dev
@@ -16,14 +16,14 @@ spec:
       - CreateNamespace=true
   destination:
     name: in-cluster
-    namespace: monitoring
+    namespace: gitea
   sources:
-    - repoURL: https://github.com/grafana/alloy.git
-      path: operations/helm/charts/alloy   
-      targetRevision: HEAD      
+    - repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/forgejo-runner.git
+      path: forgejo-runner
+      targetRevision: HEAD
       helm:
         valueFiles:
-          - $values/stacks/monitoring/alloy/values.yaml
-    - repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder
+          - $values/stacks/ref-implementation/forgejo-runner/values.yaml
+    - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
       targetRevision: HEAD
-      ref: values
\ No newline at end of file
+      ref: values
diff --git a/template/stacks/ref-implementation/forgejo-runner/values.yaml b/template/stacks/ref-implementation/forgejo-runner/values.yaml
new file mode 100644
index 0000000..7789e35
--- /dev/null
+++ b/template/stacks/ref-implementation/forgejo-runner/values.yaml
@@ -0,0 +1,14 @@
+replicaCount: 1
+
+image:
+  repository: code.forgejo.org/forgejo/runner
+  pullPolicy: IfNotPresent
+  tag: "3.5.1"
+
+resources:
+  limits:
+    memory: 2Gi
+  requests:
+    memory: 1Gi
+
+forgejoUrl: http://forgejo-http.gitea.svc.cluster.local:3000
diff --git a/template/stacks/ref-implementation/keycloak.yaml b/template/stacks/ref-implementation/keycloak.yaml
index 93d8db7..e4fb166 100644
--- a/template/stacks/ref-implementation/keycloak.yaml
+++ b/template/stacks/ref-implementation/keycloak.yaml
@@ -12,7 +12,7 @@ spec:
     namespace: keycloak
     server: "https://kubernetes.default.svc"
   source:
-    repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder
+    repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
     targetRevision: HEAD
     path: "stacks/ref-implementation/keycloak/manifests"
   project: default
diff --git a/template/stacks/ref-implementation/keycloak/manifests/keycloak-config.yaml b/template/stacks/ref-implementation/keycloak/manifests/keycloak-config.yaml
index 6c8d603..e2a0981 100644
--- a/template/stacks/ref-implementation/keycloak/manifests/keycloak-config.yaml
+++ b/template/stacks/ref-implementation/keycloak/manifests/keycloak-config.yaml
@@ -100,11 +100,11 @@ data:
   user-user1.json: |
     {
         "username": "user1",
-        "email": "user1@user.de",
+        "email": "",
         "firstName": "user",
         "lastName": "one",
         "requiredActions": [],
-        "emailVerified": true,
+        "emailVerified": false,
         "groups": [
           "/admin"
         ],
@@ -113,11 +113,11 @@ data:
   user-user2.json: |
     {
         "username": "user2",
-        "email": "user2@user.de",
+        "email": "",
         "firstName": "user",
         "lastName": "two",
         "requiredActions": [],
-        "emailVerified": true,
+        "emailVerified": false,
         "groups": [
           "/base-user"
         ],
@@ -181,44 +181,6 @@ data:
       ]
     }
 
-  grafana-client-payload.json: |
-    {
-      "clientId": "grafana",
-      "name": "Grafana Client",
-      "description": "Used for Grafana SSO",
-      "rootUrl": "https://{{{ .Env.DOMAIN }}}/grafana",
-      "adminUrl": "https://{{{ .Env.DOMAIN }}}/grafana",
-      "baseUrl": "https://{{{ .Env.DOMAIN }}}/grafana",
-      "alwaysDisplayInConsole": false,
-      "redirectUris": [
-        "http://{{{ .Env.DOMAIN }}}/grafana/*"
-      ],
-      "webOrigins": [
-        "https://{{{ .Env.DOMAIN }}}/grafana"
-      ],
-      "standardFlowEnabled": true,
-      "implicitFlowEnabled": false,
-      "directAccessGrantsEnabled": true,
-      "serviceAccountsEnabled": false,
-      "publicClient": false,
-      "frontchannelLogout": true,
-      "protocol": "openid-connect",
-      "attributes": {
-        "saml_idp_initiated_sso_url_name": "",
-        "oidc.ciba.grant.enabled": "false",
-        "oauth2.device.authorization.grant.enabled": "false"
-      },
-      "defaultClientScopes": [
-        "web-origins",
-        "acr",
-        "offline_access",
-        "roles",
-        "profile",
-        "groups",
-        "email"
-      ]
-    }
-
 ---
 apiVersion: batch/v1
 kind: Job
@@ -285,11 +247,7 @@ spec:
               fi
               set -e
               
-              if [[ "$(uname -m)" == "x86_64" ]]; then
-                curl -sS -LO "https://dl.k8s.io/release/v1.28.3//bin/linux/amd64/kubectl"
-              else
-                curl -sS -LO "https://dl.k8s.io/release/v1.28.3//bin/linux/arm64/kubectl"
-              fi
+              curl -sS -LO "https://dl.k8s.io/release/v1.28.3//bin/linux/amd64/kubectl"
               chmod +x kubectl
               
               echo "creating cnoe realm and groups"
@@ -372,24 +330,7 @@ spec:
               ARGO_WORKFLOWS_CLIENT_SECRET=$(curl -sS -H "Content-Type: application/json" \
               -H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
               -X GET ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID} | jq -e -r '.secret')
-
-              echo "creating Grafana client"
-              curl -sS -H "Content-Type: application/json" \
-                -H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
-                -X POST --data @/var/config/grafana-client-payload.json \
-                  ${KEYCLOAK_URL}/admin/realms/cnoe/clients
               
-              CLIENT_ID=$(curl -sS -H "Content-Type: application/json" \
-                -H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
-                -X GET ${KEYCLOAK_URL}/admin/realms/cnoe/clients | jq -e -r  '.[] | select(.clientId == "grafana") | .id')
-              
-              CLIENT_SCOPE_GROUPS_ID=$(curl -sS -H "Content-Type: application/json" -H "Authorization: bearer ${KEYCLOAK_TOKEN}" -X GET  ${KEYCLOAK_URL}/admin/realms/cnoe/client-scopes | jq -e -r  '.[] | select(.name == "groups") | .id')
-              curl -sS -H "Content-Type: application/json" -H "Authorization: bearer ${KEYCLOAK_TOKEN}" -X PUT  ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID}/default-client-scopes/${CLIENT_SCOPE_GROUPS_ID}
-              
-              GRAFANA_CLIENT_SECRET=$(curl -sS -H "Content-Type: application/json" \
-                -H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
-                -X GET ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID} | jq -e -r '.secret')
-
               echo "creating Backstage client"
               curl -sS -H "Content-Type: application/json" \
                 -H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
@@ -424,8 +365,6 @@ spec:
                 ARGOCD_SESSION_TOKEN: ${ARGOCD_SESSION_TOKEN}
                 BACKSTAGE_CLIENT_SECRET: ${BACKSTAGE_CLIENT_SECRET}
                 BACKSTAGE_CLIENT_ID: backstage
-                GRAFANA_CLIENT_SECRET: ${GRAFANA_CLIENT_SECRET}
-                GRAFANA_CLIENT_ID: grafana
               " > /tmp/secret.yaml
               
               ./kubectl apply -f /tmp/secret.yaml
diff --git a/template/stacks/ref-implementation/openbao.yaml b/template/stacks/ref-implementation/openbao.yaml
index ffc2923..a6f3ec8 100644
--- a/template/stacks/ref-implementation/openbao.yaml
+++ b/template/stacks/ref-implementation/openbao.yaml
@@ -24,7 +24,7 @@ spec:
       helm:
         valueFiles:
           - $values/stacks/ref-implementation/openbao/values.yaml
-    - repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder
+    - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
       targetRevision: HEAD
       ref: values
   ignoreDifferences:
diff --git a/template/stacks/second-cluster/create-new-cluster-guestbook.yaml b/template/stacks/second-cluster/create-new-cluster-guestbook.yaml
index 26a70eb..e71b4f0 100644
--- a/template/stacks/second-cluster/create-new-cluster-guestbook.yaml
+++ b/template/stacks/second-cluster/create-new-cluster-guestbook.yaml
@@ -19,5 +19,5 @@ spec:
     namespace: crossplane-system
   source:
     path: stacks/second-cluster/create-new-cluster-guestbook
-    repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder
+    repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
     targetRevision: HEAD