diff --git a/charts/dns/Chart.yaml b/charts/dns/Chart.yaml
new file mode 100644
index 0000000..79489eb
--- /dev/null
+++ b/charts/dns/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v2
+name: home-server-dns
+description: Deploys the DNS setup
+type: application
+version: 0.1.0
diff --git a/deployments-old/dns/bind.yaml b/charts/dns/templates/bind-master.yaml
similarity index 98%
rename from deployments-old/dns/bind.yaml
rename to charts/dns/templates/bind-master.yaml
index 23eab06..4d3328c 100644
--- a/deployments-old/dns/bind.yaml
+++ b/charts/dns/templates/bind-master.yaml
@@ -3,7 +3,6 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: bind-master-config
-  namespace: dns
 data:
   named.conf: |
     include "/etc/bind/externaldns-key.conf";
@@ -52,7 +51,6 @@ apiVersion: apps/v1
 kind: DaemonSet
 metadata:
   name: bind-master
-  namespace: dns
 spec:
   selector:
     matchLabels:
@@ -122,8 +120,8 @@ apiVersion: v1
 kind: Service
 metadata:
   name: bind-master
-  namespace: dns
 spec:
+  type: ClusterIP
   selector:
     app: bind-master
   ports:
diff --git a/deployments/dns-ssl/bind.yaml b/charts/dns/templates/bind-slave.yaml
similarity index 93%
rename from deployments/dns-ssl/bind.yaml
rename to charts/dns/templates/bind-slave.yaml
index b77a3ba..091e96e 100644
--- a/deployments/dns-ssl/bind.yaml
+++ b/charts/dns/templates/bind-slave.yaml
@@ -2,8 +2,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: bind-master-config
-  namespace: home-server
+  name: bind-slave-config
 data:
   named.conf: |
     include "/etc/bind/externaldns-key.conf";
@@ -51,16 +50,15 @@ data:
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
-  name: bind-master
-  namespace: home-server
+  name: bind-slave
 spec:
   selector:
     matchLabels:
-      app: bind-master
+      app: bind-slave
   template:
     metadata:
       labels:
-        app: bind-master
+        app: bind-slave
     spec:
       hostNetwork: true
       dnsPolicy: ClusterFirstWithHostNet
@@ -79,7 +77,7 @@ spec:
             - mountPath: /usr/share/dns
               name: root-hints
       containers:
-        - name: bind-master
+        - name: bind-slave
           image: internetsystemsconsortium/bind9:9.18
           command: ["named", "-g", "-c", "/etc/bind/named.conf"]
           ports:
@@ -109,7 +107,7 @@ spec:
             secretName: dns-secrets
         - name: config
           configMap:
-            name: bind-master-config
+            name: bind-slave-config
         - name: bind-cache
           emptyDir: {}
         - name: bind-rundir
@@ -122,8 +120,10 @@ apiVersion: v1
 kind: Service
 metadata:
   name: bind-master
-  namespace: home-server
+  namespace: default
 spec:
+  type: LoadBalancer
+  externalTrafficPolicy: Local
   selector:
     app: bind-master
   ports:
diff --git a/deployments-old/dns/externaldns.yaml b/charts/dns/templates/externaldns.yaml
similarity index 92%
rename from deployments-old/dns/externaldns.yaml
rename to charts/dns/templates/externaldns.yaml
index ed64c21..814af6c 100644
--- a/deployments-old/dns/externaldns.yaml
+++ b/charts/dns/templates/externaldns.yaml
@@ -13,7 +13,6 @@ rules:
   - apiGroups: [""]
     resources: ["nodes"]
     verbs: ["list","watch"]
-  # Add DNS provider specific rules here if needed (e.g., for AWS IAM, GCP etc.)
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -26,19 +25,16 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: external-dns
-    namespace: dns
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: external-dns
-  namespace: dns
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: external-dns
-  namespace: dns
 spec:
   replicas: 1
   selector:
@@ -73,3 +69,4 @@ spec:
                   name: dns-secrets
                   key: externaldns-secret
 
+
diff --git a/charts/dns/values.yaml b/charts/dns/values.yaml
new file mode 100644
index 0000000..d36eb41
--- /dev/null
+++ b/charts/dns/values.yaml
@@ -0,0 +1,2 @@
+domain: "auth.dev.hxme.net"
+certSecretName: "wildcard-hxme-net"
diff --git a/deployments-old/ai/openweb.yaml b/deployments-old/ai/openweb.yaml
deleted file mode 100644
index e2c52ea..0000000
--- a/deployments-old/ai/openweb.yaml
+++ /dev/null
@@ -1,76 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: ai
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: openwebui
-  namespace: ai
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: openwebui
-  template:
-    metadata:
-      labels:
-        app: openwebui
-    spec:
-      containers:
-        - name: openwebui
-          image: ghcr.io/open-webui/open-webui:latest
-          ports:
-            - containerPort: 8080
-          env:
-            - name: OLLAMA_BASE_URL
-              value: http://ollama:11434
-          volumeMounts:
-            - name: ai-storage
-              mountPath: /app/backend/data
-      volumes:
-        - name: ai-storage
-          hostPath:
-            path: /dpool/files/ai/
-            type: Directory
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: openwebui
-  namespace: ai
-spec:
-  selector:
-    app: openwebui
-  ports:
-    - protocol: TCP
-      port: 80
-      targetPort: 8080
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: openwebui
-  namespace: ai
-  annotations:
-    kubernetes.io/ingress.class: "traefik" 
-    external-dns.alpha.kubernetes.io/hostname: nc.hxme.net
-spec:
-  rules:
-    - host: ai.hxme.net
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: openwebui
-                port:
-                  number: 80
-  tls:
-    - hosts:
-        - ai.hxme.net
-      secretName: openwebui-tls
-
diff --git a/deployments-old/auth/authentik.yaml b/deployments-old/auth/authentik.yaml
deleted file mode 100644
index ced40ed..0000000
--- a/deployments-old/auth/authentik.yaml
+++ /dev/null
@@ -1,54 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: authentik
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: authentik
-  namespace: flux-system
-spec:
-  url: https://charts.goauthentik.io/
-  interval: 1h
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: wildcard-hxme-net
-  namespace: authentik
-  annotations:
-    replicator.v1.mittwald.de/replicate-from: cert-manager/wildcard-hxme-net
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: authentik
-  namespace: authentik
-spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: authentik
-      version: 2024.4.2
-      sourceRef:
-        kind: HelmRepository
-        name: authentik
-        namespace: flux-system
-  install:
-    createNamespace: true
-  upgrade:
-    disableWait: false
-  timeout: 10m
-  valuesFrom:
-    - kind: Secret
-      name: authentik-values
-  values:
-    ingress:
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: auth.hxme.net
-      tls:
-        - secretName: wildcard-hxme-net
-          hosts:
-            - auth.hxme.net
diff --git a/deployments-old/dns/namespace.yaml b/deployments-old/dns/namespace.yaml
deleted file mode 100644
index 52c7228..0000000
--- a/deployments-old/dns/namespace.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: dns
diff --git a/deployments-old/files/nextcloud.yaml b/deployments-old/files/nextcloud.yaml
deleted file mode 100644
index 2ef2de0..0000000
--- a/deployments-old/files/nextcloud.yaml
+++ /dev/null
@@ -1,142 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: nextcloud
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: nextcloud-pv
-spec:
-  capacity:
-    storage: 10Gi
-  accessModes:
-    - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: local-path
-  hostPath:
-    path: /dpool/temp/Nextcloud
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: nextcloud-pvc
-  namespace: nextcloud
-spec:
-  accessModes:
-    - ReadWriteOnce
-  storageClassName: local-path 
-  resources:
-    requests:
-      storage: 10Gi
-  volumeName: nextcloud-pv
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: nextcloud
-  namespace: nextcloud
-spec:
-  ports:
-    - port: 80
-  selector:
-    app: nextcloud
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: nextcloud
-  namespace: nextcloud
-spec:
-  securityContext:
-    runAsUser:  1000
-    runAsGroup: 1000
-    fsGroup:    1000
-  selector:
-    matchLabels:
-      app: nextcloud
-  template:
-    metadata:
-      labels:
-        app: nextcloud
-    spec:
-      containers:
-        - name: nextcloud
-          image: nextcloud:29
-          env:
-            - name: MYSQL_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: nextcloud-secrets
-                  key: MYSQL_PASSWORD
-            - name: MYSQL_DATABASE
-              value: nextcloud
-            - name: MYSQL_USER
-              value: nextcloud
-            - name: MYSQL_HOST
-              value: mariadb
-          ports:
-            - containerPort: 80
-          volumeMounts:
-            - name: nextcloud-data
-              mountPath: /var/www/html
-          securityContext:
-            runAsUser:  1000
-            runAsGroup: 1000
-            fsGroup:    1000
-      volumes:
-        - name: nextcloud-data
-          persistentVolumeClaim:
-            claimName: nextcloud-pvc
----
-apiVersion: k8s.mariadb.com/v1alpha1
-kind: MariaDB
-metadata:
-  name: nextcloud-db
-  namespace: nextcloud
-spec:
-  rootPasswordSecretKeyRef:
-    name: nextcloud-secrets
-    key: MYSQL_ROOT_PASSWORD
-  database: nextcloud
-  username: nextcloud
-  passwordSecretKeyRef:
-    name: nextcloud-secrets
-    key: MYSQL_PASSWORD
-  image: mariadb:10.11
-  storage:
-    size: 5Gi
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: wildcard-hxme-net
-  namespace: nextcloud
-  annotations:
-    replicator.v1.mittwald.de/replicate-from: cert-manager/wildcard-hxme-net
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: nextcloud
-  namespace: nextcloud
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: nc.hxme.net
-spec:
-  tls:
-    - hosts:
-        - nc.hxme.net
-      secretName: wildcard-hxme-net
-  rules:
-    - host: nc.hxme.net
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: nextcloud
-                port:
-                  number: 80
-
diff --git a/deployments-old/files/syncthing.yaml b/deployments-old/files/syncthing.yaml
deleted file mode 100644
index a7279b2..0000000
--- a/deployments-old/files/syncthing.yaml
+++ /dev/null
@@ -1,109 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: syncthing
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: syncthing-data
-  namespace: syncthing
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 5Gi
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: syncthing-share-pv
-spec:
-  capacity:
-    storage: 1000Gi
-  accessModes:
-    - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Retain
-  hostPath:
-    path: /dpool/files
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: syncthing-share
-  namespace: syncthing
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 1000Gi
-  volumeName: syncthing-share-pv
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: syncthing
-  namespace: syncthing
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: syncthing
-  template:
-    metadata:
-      labels:
-        app: syncthing
-    spec:
-      containers:
-        - name: syncthing
-          image: syncthing/syncthing:latest
-          ports:
-            - containerPort: 8384 
-            - containerPort: 22000
-            - containerPort: 21027
-              protocol: UDP
-          volumeMounts:
-            - name: syncthing-data
-              mountPath: /var/syncthing
-            - name: syncthing-share
-              mountPath: /shared 
-          securityContext:
-            runAsUser:  1000
-            runAsGroup: 1000
-            fsGroup:    1000
-      volumes:
-        - name: syncthing-data
-          persistentVolumeClaim:
-            claimName: syncthing-data
-        - name: syncthing-share
-          persistentVolumeClaim:
-            claimName: syncthing-share
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: syncthing
-  namespace: syncthing
-spec:
-  selector:
-    app: syncthing
-  ports:
-    - name: web-ui
-      port: 8384
-      targetPort: 8384
-    - name: sync-tcp
-      port: 22000
-      targetPort: 22000
-    - name: sync-udp
-      port: 22000
-      protocol: UDP
-      targetPort: 22000
-    - name: discovery
-      port: 21027
-      protocol: UDP
-      targetPort: 21027
-  type: ClusterIP
-
diff --git a/deployments-old/kustomization.yaml b/deployments-old/kustomization.yaml
deleted file mode 100644
index 04b8189..0000000
--- a/deployments-old/kustomization.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind:       Kustomization
-
-resources:
-  - monitoring/provider.yaml
-  - monitoring/grafana.yaml
-  - monitoring/loki.yaml
-  - monitoring/prometheus.yaml
-  - operators/mariadb.yaml
-  - operators/replicator.yaml
-  - dns/namespace.yaml
-  - dns/bind.yaml
-  - dns/externaldns.yaml
-  - ssl/certmanager.yaml
-  - auth/authentik.yaml
-  - files/nextcloud.yaml
-  - files/syncthing.yaml
diff --git a/deployments-old/monitoring/grafana.yaml b/deployments-old/monitoring/grafana.yaml
deleted file mode 100644
index 47ed5e0..0000000
--- a/deployments-old/monitoring/grafana.yaml
+++ /dev/null
@@ -1,37 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: grafana
-  namespace: monitoring
-spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: grafana
-      version: 7.3.0
-      sourceRef:
-        kind: HelmRepository
-        name: grafana
-        namespace: flux-system
-  install:
-    createNamespace: true
-  values:
-    admin:
-      existingSecret: grafana-admin-secret
-      userKey: admin-user
-      passwordKey: admin-password
-    service:
-      type: LoadBalancer
-      annotations:
-        external-dns.alpha.kubernetes.io/hostname: "grafana.hxme.net"
-    datasources:
-      datasources.yaml:
-        apiVersion: 1
-        datasources:
-          - name: Loki
-            type: loki
-            access: proxy
-            url: http://loki:3100
-            isDefault: true
-
diff --git a/deployments-old/monitoring/loki.yaml b/deployments-old/monitoring/loki.yaml
deleted file mode 100644
index b327a8e..0000000
--- a/deployments-old/monitoring/loki.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: loki
-  namespace: monitoring
-spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: loki
-      version: 6.6.4
-      sourceRef:
-        kind: HelmRepository
-        name: grafana
-        namespace: flux-system
-  install:
-    createNamespace: true
-  values:
-    loki:
-      auth_enabled: false
-    singleBinary:
-      replicas: 1
-      service:
-        type: LoadBalancer
-        annotations:
-          external-dns.alpha.kubernetes.io/hostname: "loki.hxme.net"
-    write:
-      replicas: 1
-    read:
-      replicas: 1
-    backend:
-      replicas: 1
diff --git a/deployments-old/monitoring/prometheus.yaml b/deployments-old/monitoring/prometheus.yaml
deleted file mode 100644
index dd4d5a6..0000000
--- a/deployments-old/monitoring/prometheus.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: prometheus-community
-  namespace: flux-system
-spec:
-  url: https://prometheus-community.github.io/helm-charts
-  interval: 1h
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: prometheus-operator
-  namespace: monitoring
-spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: kube-prometheus-stack
-      version: 58.1.2
-      sourceRef:
-        kind: HelmRepository
-        name: prometheus-community
-        namespace: flux-system
-  install:
-    createNamespace: true
-  upgrade:
-    disableWait: true
-  timeout: 5m
-  values:
-    prometheus:
-      prometheusSpec:
-        serviceMonitorSelectorNilUsesHelmValues: false
-    # Optional: expose Prometheus/Grafana via NodePort, Ingress, etc.
-    grafana:
-      enabled: false
-    alertmanager:
-      enabled: true
-
diff --git a/deployments-old/monitoring/provider.yaml b/deployments-old/monitoring/provider.yaml
deleted file mode 100644
index 3af442a..0000000
--- a/deployments-old/monitoring/provider.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: monitoring
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: grafana
-  namespace: flux-system
-spec:
-  url: https://grafana.github.io/helm-charts
-  interval: 1h
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: wildcard-hxme-net
-  namespace: monitoring
-  annotations:
-    replicator.v1.mittwald.de/replicate-from: cert-manager/wildcard-hxme-net
diff --git a/deployments-old/operators/mariadb.yaml b/deployments-old/operators/mariadb.yaml
deleted file mode 100644
index 04febe6..0000000
--- a/deployments-old/operators/mariadb.yaml
+++ /dev/null
@@ -1,60 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: mariadb-system
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: mariadb-operator
-  namespace: flux-system
-spec:
-  url: https://helm.mariadb.com/mariadb-operator
-  interval: 1h
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: mariadb-operator-crds
-  namespace: mariadb-system
-spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: mariadb-operator-crds
-      version: 0.38.1
-      sourceRef:
-        kind: HelmRepository
-        name: mariadb-operator
-        namespace: flux-system
-  install:
-    createNamespace: true
-  upgrade:
-    disableWait: true
-  timeout: 5m
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: mariadb-operator
-  namespace: mariadb-system
-spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: mariadb-operator
-      version: 0.38.1
-      sourceRef:
-        kind: HelmRepository
-        name: mariadb-operator
-        namespace: flux-system
-  install:
-    createNamespace: true
-  dependsOn:
-    - name: mariadb-operator-crds
-      namespace: mariadb-system
-  values:
-    metrics:
-      enabled: true
-
diff --git a/deployments-old/operators/replicator.yaml b/deployments-old/operators/replicator.yaml
deleted file mode 100644
index e8ec276..0000000
--- a/deployments-old/operators/replicator.yaml
+++ /dev/null
@@ -1,98 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: kubernetes-replicator
-  namespace: kube-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: kubernetes-replicator
-rules:
-  - apiGroups: ["", "apps", "extensions"]
-    resources:
-      - secrets
-      - configmaps
-      - roles
-      - rolebindings
-      - cronjobs
-      - deployments
-      - events
-      - ingresses
-      - jobs
-      - pods
-      - pods/attach
-      - pods/exec
-      - pods/log
-      - pods/portforward
-      - services
-      - namespaces
-      - serviceaccounts
-    verbs: ["*"]
-  - apiGroups: ["batch"]
-    resources:
-      - configmaps
-      - cronjobs
-      - deployments
-      - events
-      - ingresses
-      - jobs
-      - pods
-      - pods/attach
-      - pods/exec
-      - pods/log
-      - pods/portforward
-      - services
-    verbs: ["*"]
-  - apiGroups: ["rbac.authorization.k8s.io"]
-    resources:
-      - roles
-      - rolebindings
-      - clusterrolebindings
-    verbs: ["get", "list", "watch"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: kubernetes-replicator
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: kubernetes-replicator
-subjects:
-  - kind: ServiceAccount
-    name: kubernetes-replicator
-    namespace: kube-system
----
-apiVersion: source.toolkit.fluxcd.io/v1beta2
-kind: HelmRepository
-metadata:
-  name: mittwald
-  namespace: flux-system
-spec:
-  url: https://helm.mittwald.de
-  interval: 1h
----
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
-  name: kubernetes-replicator
-  namespace: kube-system
-spec:
-  interval: 5m
-  chart:
-    spec:
-      chart: kubernetes-replicator
-      sourceRef:
-        kind: HelmRepository
-        name: mittwald
-        namespace: flux-system
-  install:
-    createNamespace: false
-  upgrade:
-    disableWait: false
-  values:
-    serviceAccount:
-      create: false
-      name: kubernetes-replicator
diff --git a/deployments-old/remote-access/rustdesk.yaml b/deployments-old/remote-access/rustdesk.yaml
deleted file mode 100644
index 47ec81d..0000000
--- a/deployments-old/remote-access/rustdesk.yaml
+++ /dev/null
@@ -1,77 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: rustdesk
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: rustdesk-charts
-  namespace: flux-system
-spec:
-  url: https://charts.rustdesk.com
-  interval: 1h
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: rustdesk-server
-  namespace: rustdesk
-spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: rustdesk-server
-      version: 0.5.0
-      sourceRef:
-        kind: HelmRepository
-        name: rustdesk-charts
-        namespace: flux-system
-  install:
-    createNamespace: true
-  values:
-    hbbs:
-      enabled: true
-      service:
-        type: ClusterIP
-        ports:
-          - name: tcp
-            port: 21115
-            targetPort: 21115
-          - name: tcp-hbbs
-            port: 21116
-            targetPort: 21116
-          - name: udp
-            port: 21116
-            targetPort: 21116
-            protocol: UDP
-
-    hbbr:
-      enabled: true
-      service:
-        type: ClusterIP
-        ports:
-          - name: tcp-hbbr
-            port: 21117
-            targetPort: 21117
-
-    ingress:
-      enabled: true
-      className: "traefik" # or nginx or your ingress class
-      annotations: {}
-      hosts:
-        - host: rd.hxme.net
-          paths:
-            - path: /
-              pathType: Prefix
-      tls:
-        - hosts:
-            - rd.hxme.net
-          secretName: rustdesk-tls
-
-    # Optional admin password – change this in production
-    env:
-      ENCRYPTED_ONLY: "false"
-      ENABLE_LOG: "true"
-
diff --git a/deployments-old/ssl/certmanager.yaml b/deployments-old/ssl/certmanager.yaml
deleted file mode 100644
index f238e14..0000000
--- a/deployments-old/ssl/certmanager.yaml
+++ /dev/null
@@ -1,72 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: jetstack
-  namespace: flux-system
-spec:
-  url: https://charts.jetstack.io
-  interval: 1h
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: cert-manager
-  namespace: cert-manager
-spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: cert-manager
-      version: v1.18.2
-      sourceRef:
-        kind: HelmRepository
-        name: jetstack
-        namespace: flux-system
-  install:
-    crds: CreateReplace
-    createNamespace: true
-  values:
-    installCRDs: true
-    extraArgs:
-      - --dns01-recursive-nameservers-only
-      - --dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53
----
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: letsencrypt-rfc2136
-spec:
-  acme:
-    email: admin@hxme.net
-    server: https://acme-v02.api.letsencrypt.org/directory
-    privateKeySecretRef:
-      name: letsencrypt-rfc2136
-    solvers:
-    - dns01:
-        rfc2136:
-          nameserver: hawke.hxst.com.au:53
-          tsigKeyName: "hxme-update-key"
-          tsigAlgorithm: HMACSHA512
-          tsigSecretSecretRef:
-            name: hxme-update-key
-            key:  hxme-update-key
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: wildcard-hxme-net
-  namespace: cert-manager
-spec:
-  secretName: wildcard-hxme-net
-  secretTemplate:
-    annotations:
-      replicator.v1.mittwald.de/replication-allowed: "true"
-      replicator.v1.mittwald.de/replicate-to: "monitoring,authentik,nextcloud"
-  issuerRef:
-    name: letsencrypt-rfc2136
-    kind: ClusterIssuer
-  commonName: "hxme.net"
-  dnsNames:
-    - "hxme.net"
-    - "*.hxme.net"
diff --git a/deployments-old/synctools/vaultwarden.yaml b/deployments-old/synctools/vaultwarden.yaml
deleted file mode 100644
index 93c3475..0000000
--- a/deployments-old/synctools/vaultwarden.yaml
+++ /dev/null
@@ -1,79 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: bitwarden
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: bjw-s-charts
-  namespace: flux-system
-spec:
-  url: https://bjw-s.github.io/helm-charts/
-  interval: 1h
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: vaultwarden
-  namespace: bitwarden
-spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: app-template
-      version: 2.4.0
-      sourceRef:
-        kind: HelmRepository
-        name: bjw-s-charts
-        namespace: flux-system
-  install:
-    createNamespace: true
-  values:
-    # Basic container config
-    image:
-      repository: vaultwarden/server
-      tag: 1.30.5
-      pullPolicy: IfNotPresent
-
-    env:
-      WEBSOCKET_ENABLED: "true"
-      SIGNUPS_ALLOWED: "false"
-      DOMAIN: "https://vw.hxme.net"
-      ADMIN_TOKEN: "CHANGEME_SUPER_SECRET"
-
-    service:
-      main:
-        ports:
-          http:
-            port: 80
-
-    ingress:
-      main:
-        enabled: true
-        annotations:
-          kubernetes.io/ingress.class: "traefik" # Or nginx or your ingress class
-        hosts:
-          - host: vw.hxme.net
-            paths:
-              - path: /
-                pathType: Prefix
-        tls:
-          - hosts:
-              - vw.hxme.net
-            secretName: bitwarden-tls
-
-    persistence:
-      data:
-        enabled: true
-        existingClaim: bitwarden-data # You must create a PVC or a StorageClass dynamic claim
-
-    resources:
-      requests:
-        cpu: 50m
-        memory: 128Mi
-      limits:
-        cpu: 250m
-        memory: 512Mi
-
diff --git a/deployments/dns-ssl/certmanager.yaml b/deployments/dns-ssl/certmanager.yaml
deleted file mode 100644
index 95511fd..0000000
--- a/deployments/dns-ssl/certmanager.yaml
+++ /dev/null
@@ -1,73 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: jetstack
-  namespace: flux-system
-spec:
-  url: https://charts.jetstack.io
-  interval: 1h
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: cert-manager
-  namespace: home-server
-spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: cert-manager
-      version: v1.18.2
-      sourceRef:
-        kind: HelmRepository
-        name: jetstack
-        namespace: flux-system
-  install:
-    crds: CreateReplace
-    createNamespace: true
-  values:
-    installCRDs: true
-    extraArgs:
-      - --dns01-recursive-nameservers-only
-      - --dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53
----
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: letsencrypt-rfc2136
-spec:
-  acme:
-    email: admin@hxme.net
-    server: https://acme-v02.api.letsencrypt.org/directory
-    #server: https://acme-staging-v02.api.letsencrypt.org/directory
-    privateKeySecretRef:
-      name: letsencrypt-rfc2136
-    solvers:
-    - dns01:
-        rfc2136:
-          nameserver: hawke.hxst.com.au:53
-          tsigKeyName: "hxme-update-key"
-          tsigAlgorithm: HMACSHA512
-          tsigSecretSecretRef:
-            name: hxme-update-key
-            key:  hxme-update-key
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: wildcard-hxme-net
-  namespace: home-server
-spec:
-  secretName: wildcard-hxme-net
-  secretTemplate:
-    annotations:
-      replicator.v1.mittwald.de/replication-allowed: "true"
-      replicator.v1.mittwald.de/replicate-to: "home-media"
-  issuerRef:
-    name: letsencrypt-rfc2136
-    kind: ClusterIssuer
-  commonName: "hxme.net"
-  dnsNames:
-    - "hxme.net"
-    - "*.hxme.net"
diff --git a/deployments/dns-ssl/externaldns.yaml b/deployments/dns-ssl/externaldns.yaml
deleted file mode 100644
index c3a9736..0000000
--- a/deployments/dns-ssl/externaldns.yaml
+++ /dev/null
@@ -1,78 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: external-dns
-rules:
-  - apiGroups: [""]
-    resources: ["services","endpoints","pods"]
-    verbs: ["get","watch","list"]
-  - apiGroups: ["extensions","networking.k8s.io"]
-    resources: ["ingresses"]
-    verbs: ["get","watch","list"]
-  - apiGroups: [""]
-    resources: ["nodes"]
-    verbs: ["list","watch"]
-  - apiGroups: ["discovery.k8s.io"]
-    resources: ["endpointslices"]
-    verbs: ["get", "watch", "list"]
-  # Add DNS provider specific rules here if needed (e.g., for AWS IAM, GCP etc.)
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: external-dns-viewer
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: external-dns
-subjects:
-  - kind: ServiceAccount
-    name: external-dns
-    namespace: home-server
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: external-dns
-  namespace: home-server
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: external-dns
-  namespace: home-server
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: external-dns
-  template:
-    metadata:
-      labels:
-        app: external-dns
-    spec:
-      serviceAccountName: external-dns
-      containers:
-      - name: external-dns
-        image: bitnami/external-dns:latest
-        args:
-          - --source=service
-          - --source=ingress
-          - --provider=rfc2136
-          - --rfc2136-host=bind-master.home-server.svc.cluster.local
-          - --rfc2136-port=53
-          - --rfc2136-zone=hxme.net
-          - --rfc2136-tsig-secret=$(RFC2136_TSIG_SECRET)
-          - --rfc2136-tsig-secret-alg=hmac-sha256
-          - --rfc2136-tsig-keyname=externaldns-key
-          - --policy=sync
-          - --registry=txt
-          - --txt-owner-id=my-cluster
-        env:
-            - name: RFC2136_TSIG_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: dns-secrets
-                  key: externaldns-secret
-
diff --git a/deployments/dns-ssl/kustomization.yaml b/deployments/dns-ssl/kustomization.yaml
deleted file mode 100644
index c9c356f..0000000
--- a/deployments/dns-ssl/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-resources:
-  - bind.yaml
-  - externaldns.yaml
-  - certmanager.yaml
diff --git a/deployments/home-server/authentik.yaml b/deployments/home-server/authentik.yaml
deleted file mode 100644
index 711680c..0000000
--- a/deployments/home-server/authentik.yaml
+++ /dev/null
@@ -1,42 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: authentik
-  namespace: flux-system
-spec:
-  url: https://charts.goauthentik.io/
-  interval: 1h
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: authentik
-  namespace: home-server
-spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: authentik
-      version: 2024.4.2
-      sourceRef:
-        kind: HelmRepository
-        name: authentik
-        namespace: flux-system
-  install:
-    createNamespace: true
-  upgrade:
-    disableWait: false
-  timeout: 10m
-  valuesFrom:
-    - kind: Secret
-      name: authentik-values
-  values:
-    server:
-      ingress:
-        annotations:
-          external-dns.alpha.kubernetes.io/hostname: auth.hxme.net
-        tls:
-          - secretName: wildcard-hxme-net
-            hosts:
-              - auth.hxme.net
diff --git a/deployments/home-server/dovecot.yaml b/deployments/home-server/dovecot.yaml
deleted file mode 100644
index facd31c..0000000
--- a/deployments/home-server/dovecot.yaml
+++ /dev/null
@@ -1,104 +0,0 @@
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: dovecot-config
-  namespace: home-server
-data:
-  dovecot.conf: |
-    log_path = /dev/stdout
-    info_log_path = /dev/stdout
-    debug_log_path = /dev/stdout
-    syslog_facility = local0
-    protocols = imap
-    listen = *
-    disable_plaintext_auth = yes
-    mail_location = maildir:/data/%u
-    base_dir = /var/run/dovecot/
-    ssl = required
-    ssl_cert = </etc/ssl/hxme/fullchain.pem
-    ssl_key  = </etc/ssl/hxme/privkey.pem
-    auth_mechanisms = plain login
-
-    passdb {
-      driver = ldap
-      args = /config/ldap.conf
-    }
-
-    userdb {
-      driver = static
-      args = uid=1000 gid=1000 home=/data/%u
-    }
-
-    service imap-login {
-      inet_listener imap {
-        port = 0
-      }
-      inet_listener imaps {
-        port = 993
-        ssl = yes
-      }
-    }
-  ldap.conf: |
-    hosts = ldap://auth.hxme.net
-    auth_bind = yes
-    base = dc=ldap,dc=goauthentik,dc=io
-    dn = cn=binduser,ou=service-accounts,dc=ldap,dc=goauthentik,dc=io
-    dnpass = FtaJpthRpKyhEEy69H5qxPymtSeSeuCT9SQCdXmWDeAe7cgTCnk6HXpSzTNS
-    user_attrs = =home=/data/%u
-    user_filter = (&(objectClass=person)(uid=%u))
-
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: dovecot
-  namespace: home-server
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: dovecot
-  template:
-    metadata:
-      labels:
-        app: dovecot
-    spec:
-      containers:
-        - name: dovecot
-          image: registry.gitlab.com/dxcker/dovecot:latest
-          ports:
-            - containerPort: 993
-              name: imaps
-          volumeMounts:
-            - name: config
-              mountPath: /config/
-            - name: certs
-              mountPath: /etc/ssl/hxme
-              readOnly: true
-      volumes:
-        - name: config
-          configMap:
-            name: dovecot-config
-        - name: ldap
-          configMap:
-            name: dovecot-ldap
-        - name: tls
-          secret:
-            secretName: wildcard-hxme-net
-
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: dovecot
-  namespace: home-server
-spec:
-  selector:
-    app: dovecot
-  ports:
-    - name: imaps
-      port: 993
-      targetPort: 993
-  type: ClusterIP
-
diff --git a/deployments/home-server/kustomization.yaml b/deployments/home-server/kustomization.yaml
deleted file mode 100644
index a9dfcc3..0000000
--- a/deployments/home-server/kustomization.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-resources:
-  - authentik.yaml
-  - nextcloud.yaml
-  - vaultwarden.yaml
-  - linkwarden.yaml
-  - samba.yaml
-  - dovecot.yaml
diff --git a/deployments/home-server/linkwarden.yaml b/deployments/home-server/linkwarden.yaml
deleted file mode 100644
index 38f70a5..0000000
--- a/deployments/home-server/linkwarden.yaml
+++ /dev/null
@@ -1,95 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: linkwarden-pv
-spec:
-  capacity:
-    storage: 5Gi
-  accessModes:
-    - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: local-path
-  hostPath:
-    path: /dpool/services/linkwarden/app
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: linkwarden-pvc
-  namespace: home-server
-spec:
-  accessModes:
-    - ReadWriteOnce
-  storageClassName: local-path
-  resources:
-    requests:
-      storage: 5Gi
-  volumeName: linkwarden-pv
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: linkwarden
-  namespace: home-server
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: linkwarden
-  template:
-    metadata:
-      labels:
-        app: linkwarden
-    spec:
-      initContainers:
-        - name: copy-linkwarden
-          image: ghcr.io/linkwarden/linkwarden:latest
-          command: ["/bin/sh", "-c"]
-          args:
-            - |
-              if [ -z "$(ls -A /new_data)" ]; then
-                echo "/new_data is empty, initializing..."
-                cp -r /data/. /new_data/
-              else
-                echo "/new_data already initialized, skipping copy."
-              fi
-          volumeMounts:
-            - name: linkwarden-data
-              mountPath: /new_data
-      containers:
-        - name: linkwarden
-          image: ghcr.io/linkwarden/linkwarden:latest
-          imagePullPolicy: Always
-          ports:
-            - containerPort: 3000
-          env:
-            - name: NODE_ENV
-              value: "production"
-            - name: TZ
-              value: "Australia/Brisbane"
-            - name: DATABASE_URL
-              valueFrom:
-                secretKeyRef:
-                  name: linkwarden-postgres-secret
-                  key: DATABASE_URL
-          volumeMounts:
-            - name: linkwarden-data
-              mountPath: /data
-      volumes:
-        - name: linkwarden-data
-          persistentVolumeClaim:
-            claimName: linkwarden-pvc
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: linkwarden
-  namespace: home-server
-spec:
-  selector:
-    app: linkwarden
-  ports:
-    - port: 3000
-      targetPort: 3000
-      protocol: TCP
diff --git a/deployments/home-server/nextcloud.yaml b/deployments/home-server/nextcloud.yaml
deleted file mode 100644
index 9e99229..0000000
--- a/deployments/home-server/nextcloud.yaml
+++ /dev/null
@@ -1,132 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: nextcloud-pv
-spec:
-  capacity:
-    storage: 10Gi
-  accessModes:
-    - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: local-path
-  hostPath:
-    path: /dpool/temp/Nextcloud
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: nextcloud-pvc
-  namespace: home-server
-spec:
-  accessModes:
-    - ReadWriteOnce
-  storageClassName: local-path 
-  resources:
-    requests:
-      storage: 10Gi
-  volumeName: nextcloud-pv
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: nextcloud
-  namespace: home-server
-spec:
-  ports:
-    - port: 80
-  selector:
-    app: nextcloud
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: nextcloud
-  namespace: home-server
-spec:
-  securityContext:
-    runAsUser:  1000
-    runAsGroup: 1000
-    fsGroup:    1000
-  selector:
-    matchLabels:
-      app: nextcloud
-  template:
-    metadata:
-      labels:
-        app: nextcloud
-    spec:
-      containers:
-        - name: nextcloud
-          image: nextcloud:29
-          env:
-            - name: MYSQL_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: nextcloud-secrets
-                  key: MYSQL_PASSWORD
-            - name: MYSQL_DATABASE
-              value: nextcloud
-            - name: MYSQL_USER
-              value: nextcloud
-            - name: MYSQL_HOST
-              value: nextcloud-db
-          ports:
-            - containerPort: 80
-          volumeMounts:
-            - name: nextcloud-data
-              mountPath: /var/www/html
-          securityContext:
-            runAsUser:  1000
-            runAsGroup: 1000
-            fsGroup:    1000
-      volumes:
-        - name: nextcloud-data
-          persistentVolumeClaim:
-            claimName: nextcloud-pvc
----
-apiVersion: k8s.mariadb.com/v1alpha1
-kind: MariaDB
-metadata:
-  name: nextcloud-db
-  namespace: home-server
-spec:
-  rootPasswordSecretKeyRef:
-    name: nextcloud-secrets
-    key: MYSQL_ROOT_PASSWORD
-  database: nextcloud
-  username: nextcloud
-  passwordSecretKeyRef:
-    name: nextcloud-secrets
-    key: MYSQL_PASSWORD
-  image: mariadb:10.11
-  storage:
-    size: 5Gi
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: nextcloud
-  namespace: home-server
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: nc.hxme.net
-    nginx.ingress.kubernetes.io/server-snippet: |
-      add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
-spec:
-  tls:
-    - hosts:
-        - nc.hxme.net
-      secretName: wildcard-hxme-net
-  rules:
-    - host: nc.hxme.net
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: nextcloud
-                port:
-                  number: 80
-
-
diff --git a/deployments/home-server/samba.yaml b/deployments/home-server/samba.yaml
deleted file mode 100644
index e409445..0000000
--- a/deployments/home-server/samba.yaml
+++ /dev/null
@@ -1,94 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: smb-share-pv
-spec:
-  capacity:
-    storage: 10Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: local-path
-  persistentVolumeReclaimPolicy: Retain
-  hostPath:
-    path: /dpool/
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: smb-share-pvc
-  namespace: home-server
-spec:
-  accessModes:
-    - ReadWriteMany
-  storageClassName: local-path
-  resources:
-    requests:
-      storage: 10Gi
-  volumeName: smb-share-pv
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: smb-server
-  namespace: home-server
-spec:
-  selector:
-    app: smb-server
-  ports:
-    - name: smb
-      port: 445
-      targetPort: 445
-    - name: netbios
-      port: 139
-      targetPort: 139
-  type: NodePort # Use ClusterIP or LoadBalancer depending on access requirements
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: smb-server
-  namespace: home-server
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: smb-server
-  template:
-    metadata:
-      labels:
-        app: smb-server
-    spec:
-      containers:
-        - name: samba
-          image: dperson/samba
-          env:
-            - name: SMB_USER
-              valueFrom:
-                secretKeyRef:
-                  name: smb-credentials
-                  key: username
-            - name: SMB_PASS
-              valueFrom:
-                secretKeyRef:
-                  name: smb-credentials
-                  key: password
-          args:
-            - -u
-            - "$(SMB_USER);$(SMB_PASS)"
-            - -s
-            - "share;/mount;yes;no;no;$(SMB_USER)"
-          ports:
-            - containerPort: 139
-            - containerPort: 445
-          securityContext:
-            capabilities:
-              add: ["NET_ADMIN"]
-          volumeMounts:
-            - name: share
-              mountPath: /mount
-      volumes:
-        - name: share
-          persistentVolumeClaim:
-            claimName: smb-share-pvc
-
diff --git a/deployments/home-server/vaultwarden.yaml b/deployments/home-server/vaultwarden.yaml
deleted file mode 100644
index d334cf8..0000000
--- a/deployments/home-server/vaultwarden.yaml
+++ /dev/null
@@ -1,109 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: vaultwarden-pv
-spec:
-  capacity:
-    storage: 5Gi
-  accessModes:
-    - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: local-path
-  hostPath:
-    path: /dpool/services/vaultwarden/data
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: vaultwarden-pvc
-  namespace: home-server
-spec:
-  accessModes:
-    - ReadWriteOnce
-  storageClassName: local-path
-  resources:
-    requests:
-      storage: 5Gi
-  volumeName: vaultwarden-pv
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: vaultwarden
-  namespace: home-server
-spec:
-  selector:
-    app: vaultwarden
-  ports:
-    - port: 80
-      targetPort: 80
-      protocol: TCP
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: vaultwarden
-  namespace: home-server
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: vaultwarden
-  template:
-    metadata:
-      labels:
-        app: vaultwarden
-    spec:
-      containers:
-        - name: vaultwarden
-          image: vaultwarden/server:latest
-          imagePullPolicy: Always
-          env:
-            - name: TZ
-              value: "Australia/Brisbane"
-            - name: WEBSOCKET_ENABLED
-              value: "true"
-            - name: SIGNUPS_ALLOWED
-              value: "false"
-            - name: DATABASE_URL
-              valueFrom:
-                secretKeyRef:
-                  name: vaultwarden-postgres-secret
-                  key: DATABASE_URL
-          ports:
-            - containerPort: 80
-          volumeMounts:
-            - name: vaultwarden-data
-              mountPath: /data
-      volumes:
-        - name: vaultwarden-data
-          persistentVolumeClaim:
-            claimName: vaultwarden-pvc
-
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: vaultwarden
-  namespace: home-server
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: vault.hxme.net
-    nginx.ingress.kubernetes.io/server-snippet: |
-      add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
-spec:
-  tls:
-    - hosts:
-        - vault.hxme.net
-      secretName: wildcard-hxme-net
-  rules:
-    - host: vault.hxme.net
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: vaultwarden
-                port:
-                  number: 80
diff --git a/deployments/kustomization.yaml b/deployments/kustomization.yaml
index 20cabb2..1451599 100644
--- a/deployments/kustomization.yaml
+++ b/deployments/kustomization.yaml
@@ -1,6 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
+kind:       Kustomization
+
 resources:
-- kusts/operators.yaml
-- kusts/dns-ssl.yaml
-- kusts/home-server.yaml
+  - manifests/00-namespaces.yaml
+  - manifests/10-repository.yaml
+  - manifests/20-dev.yaml
+  - manifests/20-prod.yaml
diff --git a/deployments/kusts/dns-ssl.yaml b/deployments/kusts/dns-ssl.yaml
deleted file mode 100644
index df4bdd8..0000000
--- a/deployments/kusts/dns-ssl.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-## I am so fucking mad with Flux right now I can't even begin explaining it.
-# I have to do this because it doesn't respect order in kusts...
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: GitRepository
-metadata:
-  name: dns-ssl
-  namespace: flux-system
-spec:
-  interval: 1m0s
-  ref:
-    branch: main
-  url: ssh://git@repobase.net/j/home-server.git
-  secretRef:
-    name: flux-ssh
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: dns-ssl
-  namespace: flux-system
-spec:
-  interval: 1m0s
-  path: ./deployments/dns-ssl
-  prune: true
-  sourceRef:
-    kind: GitRepository
-    name: dns-ssl
-
diff --git a/deployments/kusts/home-server.yaml b/deployments/kusts/home-server.yaml
deleted file mode 100644
index 963f535..0000000
--- a/deployments/kusts/home-server.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-## I am so fucking mad with Flux right now I can't even begin explaining it.
-# I have to do this because it doesn't respect order in kusts...
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: GitRepository
-metadata:
-  name: home-server-apps
-  namespace: flux-system
-spec:
-  interval: 1m0s
-  ref:
-    branch: main
-  url: ssh://git@repobase.net/j/home-server.git
-  secretRef:
-    name: flux-ssh
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: home-server-apps
-  namespace: flux-system
-spec:
-  interval: 1m0s
-  path: ./deployments/home-server
-  prune: true
-  sourceRef:
-    kind: GitRepository
-    name: home-server-apps
diff --git a/deployments/kusts/operators.yaml b/deployments/kusts/operators.yaml
deleted file mode 100644
index 07bef45..0000000
--- a/deployments/kusts/operators.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-## I am so fucking mad with Flux right now I can't even begin explaining it.
-# I have to do this because it doesn't respect order in kusts...
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: GitRepository
-metadata:
-  name: operators
-  namespace: flux-system
-spec:
-  interval: 1m0s
-  ref:
-    branch: main
-  url: ssh://git@repobase.net/j/home-server.git
-  secretRef:
-    name: flux-ssh
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: operators
-  namespace: flux-system
-spec:
-  interval: 1m0s
-  path: ./deployments/operators
-  prune: true
-  sourceRef:
-    kind: GitRepository
-    name: operators
-
diff --git a/deployments/manifests/00-namespaces.yaml b/deployments/manifests/00-namespaces.yaml
new file mode 100644
index 0000000..73496f4
--- /dev/null
+++ b/deployments/manifests/00-namespaces.yaml
@@ -0,0 +1,10 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: home-server
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: home-server-dev
diff --git a/deployments/manifests/10-repository.yaml b/deployments/manifests/10-repository.yaml
new file mode 100644
index 0000000..caab7b9
--- /dev/null
+++ b/deployments/manifests/10-repository.yaml
@@ -0,0 +1,27 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: GitRepository
+metadata:
+  name: home-server-prod
+  namespace: flux-system
+spec:
+  interval: 1m
+  url: ssh://git@repobase.net/j/home-server.git
+  secretRef:
+    name: flux-ssh
+  ref:
+    branch: main
+
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: GitRepository
+metadata:
+  name: home-server-dev
+  namespace: flux-system
+spec:
+  interval: 1m
+  url: ssh://git@repobase.net/j/home-server.git
+  secretRef:
+    name: flux-ssh
+  ref:
+    branch: dev
diff --git a/deployments/manifests/20-dev.yaml b/deployments/manifests/20-dev.yaml
new file mode 100644
index 0000000..0e1ebe5
--- /dev/null
+++ b/deployments/manifests/20-dev.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: home-server-dev
+  namespace: flux-system
+spec:
+  interval: 1m
+  path: ./deployments
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-server-dev
+  targetNamespace: home-server-dev
diff --git a/deployments/manifests/20-prod.yaml b/deployments/manifests/20-prod.yaml
new file mode 100644
index 0000000..1f5d4bd
--- /dev/null
+++ b/deployments/manifests/20-prod.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: home-server-prod
+  namespace: flux-system
+spec:
+  interval: 1m
+  path: ./deployments
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-server-prod
+  targetNamespace: home-server
diff --git a/deployments/operators/kustomization.yaml b/deployments/operators/kustomization.yaml
deleted file mode 100644
index 4745879..0000000
--- a/deployments/operators/kustomization.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-resources:
-  - mariadb.yaml
-  - redis.yaml
-  - postgresql.yaml
-  - replicator.yaml
-  - namespace.yaml
diff --git a/deployments/operators/mariadb.yaml b/deployments/operators/mariadb.yaml
deleted file mode 100644
index 576d0ce..0000000
--- a/deployments/operators/mariadb.yaml
+++ /dev/null
@@ -1,57 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: mariadb-system
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: mariadb-operator
-  namespace: flux-system
-spec:
-  url: https://helm.mariadb.com/mariadb-operator
-  interval: 1h
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: mariadb-operator-crds
-  namespace: mariadb-system
-spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: mariadb-operator-crds
-      version: 0.38.1
-      sourceRef:
-        kind: HelmRepository
-        name: mariadb-operator
-        namespace: flux-system
-  install:
-    createNamespace: true
-  upgrade:
-    disableWait: true
-  timeout: 5m
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: mariadb-operator
-  namespace: mariadb-system
-spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: mariadb-operator
-      version: 0.38.1
-      sourceRef:
-        kind: HelmRepository
-        name: mariadb-operator
-        namespace: flux-system
-  install:
-    createNamespace: true
-  dependsOn:
-    - name: mariadb-operator-crds
-      namespace: mariadb-system
-
diff --git a/deployments/operators/namespace.yaml b/deployments/operators/namespace.yaml
deleted file mode 100644
index f956aa2..0000000
--- a/deployments/operators/namespace.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: home-server
diff --git a/deployments/operators/postgresql.yaml b/deployments/operators/postgresql.yaml
deleted file mode 100644
index acd9c06..0000000
--- a/deployments/operators/postgresql.yaml
+++ /dev/null
@@ -1,148 +0,0 @@
-
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: postgres
-
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: postgres-pv
-  namespace: postgres
-spec:
-  capacity:
-    storage: 5Gi
-  accessModes:
-    - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: local-path
-  hostPath:
-    path: /dpool/services/postgres/data
-
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: postgres-pvc
-  namespace: postgres
-spec:
-  accessModes:
-    - ReadWriteOnce
-  storageClassName: local-path
-  resources:
-    requests:
-      storage: 5Gi
-  volumeName: postgres-pv
-
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: postgres
-  namespace: postgres
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: postgres
-  template:
-    metadata:
-      labels:
-        app: postgres
-    spec:
-      containers:
-        - name: postgres
-          image: postgres:15
-          ports:
-            - containerPort: 5432
-          envFrom:
-            - secretRef:
-                name: postgres-secret
-          volumeMounts:
-            - name: postgres-data
-              mountPath: /var/lib/postgresql/data
-      volumes:
-        - name: postgres-data
-          persistentVolumeClaim:
-            claimName: postgres-pvc
-
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: postgres
-  namespace: postgres
-spec:
-  selector:
-    app: postgres
-  ports:
-    - port: 5432
-      targetPort: 5432
-
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: postgres-backup-pv
-spec:
-  capacity:
-    storage: 5Gi
-  accessModes:
-    - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: local-path
-  hostPath:
-    path: /dpool/postgres/backup
-
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: postgres-backup-pvc
-  namespace: postgres
-spec:
-  accessModes:
-    - ReadWriteOnce
-  storageClassName: local-path
-  resources:
-    requests:
-      storage: 5Gi
-
-
----
-apiVersion: batch/v1
-kind: CronJob
-metadata:
-  name: postgres-backup
-  namespace: postgres
-spec:
-  schedule: "0 2 * * *"  # Every day at 2 AM
-  jobTemplate:
-    spec:
-      template:
-        spec:
-          restartPolicy: OnFailure
-          containers:
-            - name: pg-backup
-              image: postgres:15
-              envFrom:
-                - secretRef:
-                    name: postgres-secret
-              command:
-                - /bin/sh
-                - -c
-                - |
-                  mkdir -p /backup
-                  PGPASSWORD=$POSTGRES_PASSWORD pg_dump -U $POSTGRES_USER -h localhost $POSTGRES_DB > /backup/backup-$(date +'%Y-%m-%d').sql
-              volumeMounts:
-                - name: backup-volume
-                  mountPath: /backup
-          volumes:
-            - name: backup-volume
-              persistentVolumeClaim:
-                claimName: postgres-backup-pvc
-
-
-
diff --git a/deployments/operators/redis.yaml b/deployments/operators/redis.yaml
deleted file mode 100644
index b21967c..0000000
--- a/deployments/operators/redis.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: redis
-  namespace: home-server
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: redis
-  template:
-    metadata:
-      labels:
-        app: redis
-    spec:
-      containers:
-        - name: redis
-          image: redis:7
-          ports:
-            - containerPort: 6379
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: redis
-  namespace: home-server
-spec:
-  selector:
-    app: redis
-  ports:
-    - port: 6379
-
diff --git a/deployments/operators/replicator.yaml b/deployments/operators/replicator.yaml
deleted file mode 100644
index e8ec276..0000000
--- a/deployments/operators/replicator.yaml
+++ /dev/null
@@ -1,98 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: kubernetes-replicator
-  namespace: kube-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: kubernetes-replicator
-rules:
-  - apiGroups: ["", "apps", "extensions"]
-    resources:
-      - secrets
-      - configmaps
-      - roles
-      - rolebindings
-      - cronjobs
-      - deployments
-      - events
-      - ingresses
-      - jobs
-      - pods
-      - pods/attach
-      - pods/exec
-      - pods/log
-      - pods/portforward
-      - services
-      - namespaces
-      - serviceaccounts
-    verbs: ["*"]
-  - apiGroups: ["batch"]
-    resources:
-      - configmaps
-      - cronjobs
-      - deployments
-      - events
-      - ingresses
-      - jobs
-      - pods
-      - pods/attach
-      - pods/exec
-      - pods/log
-      - pods/portforward
-      - services
-    verbs: ["*"]
-  - apiGroups: ["rbac.authorization.k8s.io"]
-    resources:
-      - roles
-      - rolebindings
-      - clusterrolebindings
-    verbs: ["get", "list", "watch"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: kubernetes-replicator
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: kubernetes-replicator
-subjects:
-  - kind: ServiceAccount
-    name: kubernetes-replicator
-    namespace: kube-system
----
-apiVersion: source.toolkit.fluxcd.io/v1beta2
-kind: HelmRepository
-metadata:
-  name: mittwald
-  namespace: flux-system
-spec:
-  url: https://helm.mittwald.de
-  interval: 1h
----
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
-  name: kubernetes-replicator
-  namespace: kube-system
-spec:
-  interval: 5m
-  chart:
-    spec:
-      chart: kubernetes-replicator
-      sourceRef:
-        kind: HelmRepository
-        name: mittwald
-        namespace: flux-system
-  install:
-    createNamespace: false
-  upgrade:
-    disableWait: false
-  values:
-    serviceAccount:
-      create: false
-      name: kubernetes-replicator