diff --git a/apps/base/gitea.yaml b/apps/base/gitea.yaml
index da5155c..4be5d28 100644
--- a/apps/base/gitea.yaml
+++ b/apps/base/gitea.yaml
@@ -164,6 +164,16 @@ spec:
 
     statefulset:
       replicas: 1
+      # Provide a Docker daemon via DinD so docker-based actions (buildx, login, etc.) work
+      dind:
+        repository: docker
+        tag: "27.5.1-dind"
+        pullPolicy: IfNotPresent
+        # Uncomment to force legacy iptables on some kernels
+        # extraEnvs:
+        #   - name: DOCKER_IPTABLES_LEGACY
+        #     value: "1"
+
       # Your custom runner config replicated here (labels, dind, volumes)
       actRunner:
         config: |
@@ -176,3 +186,9 @@ spec:
               - "ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest"
               - "ubuntu-22.04:docker://docker.gitea.com/runner-images:ubuntu-22.04"
               - "ubuntu-20.04:docker://docker.gitea.com/runner-images:ubuntu-20.04"
+          container:
+            # Ensure the runner and job containers use the DinD socket
+            docker_host: "unix:///var/run/docker.sock"
+            # Allow mounting the docker.sock into job containers
+            valid_volumes:
+              - "/var/run/docker.sock"