diff --git a/services/gitea.hcl b/services/gitea.hcl
index 72af3c5..c2c3da6 100644
--- a/services/gitea.hcl
+++ b/services/gitea.hcl
@@ -7,7 +7,7 @@ job "gitea" {
         to = 3000
       }
       port "ssh" {
-        static = 2222
+        to = 2222
       }
     }
 
@@ -50,6 +50,18 @@ job "gitea" {
           "traefik.http.routers.gitea.middlewares=authentik@file",
         ]
       }
+
+      service {
+        name = "gitea-ssh"
+        port = "ssh"
+
+        tags = [
+          "traefik.enable=true",
+          "traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`)",
+          "traefik.tcp.routers.gitea-ssh.entryPoints=ssh",
+          "traefik.tcp.routers.gitea-ssh.service=gitea-ssh",
+        ]
+      }
     }
   }
 }
diff --git a/services/traefik.hcl b/services/traefik.hcl
index d0e03e7..58c3e98 100644
--- a/services/traefik.hcl
+++ b/services/traefik.hcl
@@ -9,6 +9,9 @@ job "traefik" {
       port "https" {
         static = "443"
       }
+      port "ssh" {
+        static = "2222"
+      }
       port "admin" {
         #host_network = "tailscale"
         static = "9002"
@@ -117,6 +120,9 @@ entryPoints:
 
   admin:
     address: ":{{{ env "NOMAD_PORT_admin" }}}"
+
+  ssh:
+    address: ":{{{ env "NOMAD_PORT_ssh" }}}"
 EOH
         destination = "local/traefik.yml"
         change_mode = "noop"