diff --git a/apps/base/chat-ui-proxy/kustomization.yaml b/apps/base/chat-ui-proxy/kustomization.yaml
new file mode 100644
index 0000000..52b5ae4
--- /dev/null
+++ b/apps/base/chat-ui-proxy/kustomization.yaml
@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: chat-ui
+
+resources:
+  - namespace.yaml
+  - service.yaml
\ No newline at end of file
diff --git a/apps/base/chat-ui-proxy/namespace.yaml b/apps/base/chat-ui-proxy/namespace.yaml
new file mode 100644
index 0000000..b9c5c90
--- /dev/null
+++ b/apps/base/chat-ui-proxy/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: chat-ui
diff --git a/apps/base/chat-ui-proxy/service.yaml b/apps/base/chat-ui-proxy/service.yaml
new file mode 100644
index 0000000..39542a8
--- /dev/null
+++ b/apps/base/chat-ui-proxy/service.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: chat-ui-proxy
+  namespace: chat-ui
+  annotations:
+    tailscale.com/tailnet-fqdn: ${CHATUI_TAILNET_FQDN}
+spec:
+  type: ExternalName
+  externalName: placeholder
+  ports:
+  - port: ${CHATUI_INTERNAL_PORT}
+    name: http
diff --git a/apps/prod/chat-ui-proxy/ingress.yaml b/apps/prod/chat-ui-proxy/ingress.yaml
new file mode 100644
index 0000000..6bec019
--- /dev/null
+++ b/apps/prod/chat-ui-proxy/ingress.yaml
@@ -0,0 +1,14 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: chat-ui-ingress
+  namespace: chat-ui
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`${CHATUI_DOMAIN}`)
+    kind: Rule
+    services:
+    - name: chat-ui-proxy
+      port: ${CHATUI_INTERNAL_PORT}
\ No newline at end of file
diff --git a/apps/prod/chat-ui-proxy/kustomization.yaml b/apps/prod/chat-ui-proxy/kustomization.yaml
new file mode 100644
index 0000000..035e804
--- /dev/null
+++ b/apps/prod/chat-ui-proxy/kustomization.yaml
@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: chat-ui
+
+resources:
+  - ../../base/chat-ui-proxy
+  - ingress.yaml
\ No newline at end of file
diff --git a/apps/prod/llamactl-proxy/ingress.yaml b/apps/prod/llamactl-proxy/ingress.yaml
index a9ee6e2..ea036a9 100644
--- a/apps/prod/llamactl-proxy/ingress.yaml
+++ b/apps/prod/llamactl-proxy/ingress.yaml
@@ -11,6 +11,4 @@ spec:
     kind: Rule
     services:
     - name: llamactl-proxy
-      port: ${LLAMACTL_INTERNAL_PORT}
-    middlewares:
-      - name: "auth-authelia@kubernetescrd"
\ No newline at end of file
+      port: ${LLAMACTL_INTERNAL_PORT}
\ No newline at end of file
diff --git a/cluster-vars/prod/secret.enc.yaml b/cluster-vars/prod/secret.enc.yaml
index 3e56383..e4ee1e6 100644
--- a/cluster-vars/prod/secret.enc.yaml
+++ b/cluster-vars/prod/secret.enc.yaml
@@ -4,32 +4,35 @@ metadata:
     name: cluster-vars-prod
     namespace: flux-system
 stringData:
-    DOMAIN: ENC[AES256_GCM,data:UC8wBA1a6TGF,iv:LNtsSTQyu1DWAbdQZnZkb5Bq4NGHYtpMtOfCcyTGpA0=,tag:Pcgr2tSIKRLKGWx6FFQKeA==,type:str]
-    DOMAIN2: ENC[AES256_GCM,data:CtaMC71dKTWRXw==,iv:PnNTt0EA9vceEAc3y7zvd57BUrE4kY9QKY8eooioU6Q=,tag:M+Xx5VlouKA0QUC68YuYdA==,type:str]
-    GITEA_DOMAIN: ENC[AES256_GCM,data:eW1Fm5rtrxWhaNaVvw==,iv:HxXod52I3J6iQyPdjt5chxNlGg3gA7npm4giHuvf4Pg=,tag:PrTNj7ZPJ5XmAO5DKqeYaw==,type:str]
-    AUTHELIA_DOMAIN: ENC[AES256_GCM,data:oem8OXFyFG3l4S06M8Y=,iv:G4Gz5hYm2ujuXDIWNBZoSRJ8taVK2CWSe7JKbsClC/Q=,tag:z+8JAeLLl2YZSLwQ5riAJQ==,type:str]
-    TRAEFIK_DOMAIN: ENC[AES256_GCM,data:M1EDeklTN8wCfdGQtEisuns=,iv:idtbzAy2L4ci+B5zEfhwSEvsl7MpxJSO1RUwCO+3OUQ=,tag:3aJOPqVH4Op8v5fxm2JFiw==,type:str]
-    LEMMA_DOMAIN: ENC[AES256_GCM,data:+ir8Qk0jqMgM1x38IrnZ,iv:sIfzh621+33KpuMud+Kf+zNES9k62FJOeuf+S3stcXg=,tag:wD84JCtZltCvvKRdzezq+Q==,type:str]
-    GHOST_DOMAIN: ENC[AES256_GCM,data:EUS29AP8nqRFuIE31cVBDA==,iv:M8kYahl2JytxC6+ulxDTu8paw9Nx/HBHDguxLXmweUE=,tag:TNwHmVNkHv+ym0v6sVviUA==,type:str]
-    K8S_DASHBOARD_DOMAIN: ENC[AES256_GCM,data:RE/UBBPA7Bs9U947WA==,iv:gPBbMnBxWKbplbX+h7Dbs5ogUP3e+I3jnPWD0d1k2Es=,tag:hi82ecGXmhGGy8ySiV+59Q==,type:str]
-    LETSENCRYPT_EMAIL: ENC[AES256_GCM,data:GyRtXONEv7ZOer81GN0P5cnZsPzpUzs=,iv:hmWgRuZFL1Kj6wM9fxcPtLb3sSCcIBfxH4qUNWaL/uM=,tag:azTUxxXQRNrC//u2AYfvlQ==,type:str]
-    GITEA_ADMIN_EMAIL: ENC[AES256_GCM,data:WEmmUXu2MCBX9TDlzJnTxlw=,iv:YIyNWuw1lUzkUJaBjlIp0iCsKOxkqHk5L7NbcVOm0V4=,tag:1uxwC0tBWYM0hK6THPEwLA==,type:str]
-    GHOST_ADMIN_EMAIL: ENC[AES256_GCM,data:0ZU7R6cTO3HU2hH3vdPFxRU=,iv:lMFIVqFTtOyr5C/diVMsmZg8g0hlcdOYrMN5tswIo+4=,tag:SH4rbxMTJeYGftk8SoQ9iQ==,type:str]
-    LLAMACTL_DOMAIN: ENC[AES256_GCM,data:LTwS0F79eBJfEfJlVlt5dWId,iv:f44nOpUy4urJn7Ec6DyJvbSQPAvqifMdNoec73gUEgo=,tag:62GBgK7XmKukXwFcGojunw==,type:str]
-    LLAMACTL_TAILNET_FQDN: ENC[AES256_GCM,data:TcbuCH/UmyOjNFViflUGY1k1RmFGjHAeFPP5IJY=,iv:Xyt09ugLUUC+LzOsRUPQF7ugIdDR2aJ/hwP8Jblf0Lc=,tag:7YBzWJJHBn0sf/dDiPSdUw==,type:str]
-    LLAMACTL_INTERNAL_PORT: ENC[AES256_GCM,data:i+aZlg==,iv:G7OhoQJ44FVmq4nzRUc7QWeITCr1+DevZAOhs+QRcsg=,tag:sa9TylS3e3IMCQ+5+9Strw==,type:str]
+    DOMAIN: ENC[AES256_GCM,data:4SWJxyyiv9dG,iv:f4Ew+u0LY7IV6Jy/qn+ZbqcGwbZsAheeP2VpHD8SEbM=,tag:YRcZ+M6xduE9U1D8dlYArQ==,type:str]
+    DOMAIN2: ENC[AES256_GCM,data:DObhUFCYlxNczg==,iv:N4nkF1Bohj0Uph7ftHUD90gRkp0bPx83c0aQpaN3D6Y=,tag:RLYH2YHMtUkUsVDlI/6cXA==,type:str]
+    GITEA_DOMAIN: ENC[AES256_GCM,data:+2SCDOv3fs1spNGcrg==,iv:DVAYFPWnM7fTyg5tgEFVnVxO00C6fb2GMzBTJgeQuT8=,tag:RO4CzwMCiNHDOn1dKQ8wzA==,type:str]
+    AUTHELIA_DOMAIN: ENC[AES256_GCM,data:+CkeoHdG5qxEZWhZ3Y4=,iv:M4pL/iZRjIlxbsSNTnutQ1qEUPG0qHviJO5DkoG/H3o=,tag:f4GQSORrcR6jlWF8XT31Ug==,type:str]
+    TRAEFIK_DOMAIN: ENC[AES256_GCM,data:q5CWKoylk9yAsYv/NlmxYW4=,iv:1VnT7tEwGZiPzWXFJXjAaZNFsXG35KdLhi00LqMGjmk=,tag:BOJPtPa5PX7vqmo7CjCDmg==,type:str]
+    LEMMA_DOMAIN: ENC[AES256_GCM,data:giWjEOvuXAADm7vBdI/u,iv:61Re/87F+bWDF69hvmbyPwhrrS5KrW2gVWF7X5nCLbc=,tag:poZM9jXtaUHK/MBdY+X1iA==,type:str]
+    GHOST_DOMAIN: ENC[AES256_GCM,data:lZMm9WUnskZczxX4NF0cWg==,iv:G6wj108xeVkRXasEp4QpcM9JK/sHRT61FHryXCId6Mo=,tag:czHHmYHlYpR3+C3KT4zgVg==,type:str]
+    K8S_DASHBOARD_DOMAIN: ENC[AES256_GCM,data:GSVOBJrcAkU7DvIfWA==,iv:7luVGjNe+em+ivz9cQiGPjJXC9ol/cOrpfGV96ySaog=,tag:0WVrR2evmi3ovEJFa1Az0Q==,type:str]
+    LETSENCRYPT_EMAIL: ENC[AES256_GCM,data:Du49Fb6x2/NYP3i4RWbvJstgGuTwE+4=,iv:TFo3AP4tS4PcrRV1ULeuZuiO70EOJKTerNQ6g1KRdlU=,tag:FgYDLI4FD+VBGwkY9AiNmg==,type:str]
+    GITEA_ADMIN_EMAIL: ENC[AES256_GCM,data:pIy8Ti7uBQOt0rLi0v3Ykdk=,iv:7/Gbkn71yqk+TSwj8YS5ENhxeTFdvepBApLuxxkEkM0=,tag:2DG7aHgNO4VhGTTS7870uQ==,type:str]
+    GHOST_ADMIN_EMAIL: ENC[AES256_GCM,data:w8y5OsjdcSmPQo3KICTwh3k=,iv:Wr+hZUvRa7NYPrLbEvqdI1mivJ9YWk2x6Sw+M85fUY4=,tag:abcTL9AcEXr0ji7mV8bcew==,type:str]
+    LLAMACTL_DOMAIN: ENC[AES256_GCM,data:qPY7AqXqt3uOTC8ZQN7XUYZ1,iv:PPAiSuDo36HMCakzmuVQTRuH96DpMUg5vT+645cSnCQ=,tag:fVDZvQk3rys2C3cX0313jw==,type:str]
+    LLAMACTL_TAILNET_FQDN: ENC[AES256_GCM,data:ZzbGSpMM9WSg+T2VNqG5wgmKpbF+CWMkMn6xjKA=,iv:KtFq1GDSKSk6swgGHH9sl8SrWQjIwAy/xazS7YGj4B4=,tag:F/Rg/F+VFyTKDnItBLSBkg==,type:str]
+    LLAMACTL_INTERNAL_PORT: ENC[AES256_GCM,data:Y7o8AA==,iv:shZvcXJ8esfDNyhiTNiiq3hDkFsgJY29ON6jJQaTXY4=,tag:Au5NBVGPL7/+ZUZEVPcJuA==,type:str]
+    CHATUI_DOMAIN: ENC[AES256_GCM,data:A26N7dtrtVtFR+bXf153Vlk9ljI=,iv:h83Qa7IgZJ6UH727W8ygDkZmKh6KxzdRARtCYmn5Cl0=,tag:+DjShvjpb+KMZiTY0TwpRw==,type:str]
+    CHATUI_TAILNET_FQDN: ENC[AES256_GCM,data:ejLFj6/+yZSyPld48YfwEB9JsbAiL7ajGQBbMNU=,iv:t5JYr1JiJwwmlKN7OGcKdRzuliaVmffzqw14hUb485Q=,tag:0fEt+ad9uMom+BNRdPLLiA==,type:str]
+    CHATUI_INTERNAL_PORT: ENC[AES256_GCM,data:7+SjDQ==,iv:RqG91IpYNpd0v5gOycEA+YdKQ4fz/R7z8J0QbqEoQMI=,tag:GJovb5dRUC4v+u/Nrt9S8w==,type:str]
 sops:
     age:
         - recipient: age1jk99rtxq3ep2xj2w886cchddf7jypqpwkr3dszg5dzq93gn8cy9qyc786m
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWczlHeFY3RmM2MXJRR2N4
-            ZkpQWnVsMGZXeFBMejhCTm54TUExeVZlQlJnCmNuNTNiSFd5Q2l5WnBELzZ5Q0pQ
-            dlZXNzdqZFZQSzVTMnVxMDB6WmtiQVEKLS0tIG54T2puOHg0STFBK0kwUVU0VGlO
-            NXJnc3oxQWlrYU5hWWtPQTNHcXEwRUkKdSfkhWMsbrrpA8/M+81IfFteIuAw+iTe
-            QppqLe/5tohH4yzKhcrva4a9l2gNqSnx/IjhYaLZXmzVP5D8C9iN4A==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoT0tBZGIwUTNGVkxISTlC
+            MTFtbU1yZ1hYMm14WnZ1Wi8zR0NXN3o4TVU4CmFXb1lNSmpsemJTRnpHU3IzbGlF
+            T243MlgrOCtrRWVTeVdReFgxcXhWUXcKLS0tIFVLeCszbW1nWDhmQkFGejA2Vlpu
+            US83LzlsbXVDdGlmN2FZL08vSGNjU2cKGToW3xmXjMHmux3APfIRz/uOeoDG9qD7
+            25Su9PJfXNmE10D+wwA2ucYlLN7gP93yiDUHzKt/tgKorTBp4sriJg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-07-31T20:02:45Z"
-    mac: ENC[AES256_GCM,data:750Mq4YsIHBkOmjHGdOG64xVQA3Fc1Sk0RJT07GbDeOzUP4W4t/EPg2TySJUVHuxEjrixq8iodtRpMqnggKlUkjr6brpsVpIWxQ5Yki1ygWpKArkQCtfyNJ47C+6CFdDLd7scp5cF7iGfSqvKzV+ML/k907oSMmEVcv+KYw/jKw=,iv:JWNRjdWAVy74vXNVOM8DwgVgOnib6eWQfgExF9kU9+A=,tag:tcrVwB9fK/Volu303jZvvQ==,type:str]
+    lastmodified: "2025-07-31T20:29:01Z"
+    mac: ENC[AES256_GCM,data:FjQtSKbAGAiUJDjkJOAafLc9ZjH9XxoG1kd1Da8hqF/R4hyU3vAn6zSsAgvt1ae4xrtLOvyaT4JSNoIJyuOljA/i5ZyjtG3PT375uSTTn8q8fZjzwOhwhKKYpZAmKX9bvUeKPsfk7nQWt5aox0b81TH7726Z1ZtOD5h1O2LUtV4=,iv:f6SJp5uSqbPqNCmHwFcTznvJFoAy6T6xkIHKp0hHhJ0=,tag:Q/uweS39LEFheN2Pwt9hFg==,type:str]
     unencrypted_regex: ^(apiVersion|metadata|kind|type)$
     version: 3.10.2