diff --git a/apps/base/dashboard/kustomization.yaml b/apps/base/dashboard/kustomization.yaml
new file mode 100644
index 0000000..a386abf
--- /dev/null
+++ b/apps/base/dashboard/kustomization.yaml
@@ -0,0 +1,8 @@
+# /apps/base/dashboard/kustomization.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: dashboard
+
+resources:
+  - namespace.yaml
+  - repository.yaml
\ No newline at end of file
diff --git a/apps/base/dashboard/namespace.yaml b/apps/base/dashboard/namespace.yaml
new file mode 100644
index 0000000..14c2ea6
--- /dev/null
+++ b/apps/base/dashboard/namespace.yaml
@@ -0,0 +1,5 @@
+# /apps/base/dashboard/namespace.yaml
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: dashboard
diff --git a/apps/base/dashboard/repository.yaml b/apps/base/dashboard/repository.yaml
new file mode 100644
index 0000000..64058e1
--- /dev/null
+++ b/apps/base/dashboard/repository.yaml
@@ -0,0 +1,9 @@
+# /apps/base/dashboard/repository.yaml
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: dashboard
+  namespace: dashboard
+spec:
+  interval: 24h
+  url: https://kubernetes.github.io/dashboard/
\ No newline at end of file
diff --git a/apps/prod/dashboard/ingress.yaml b/apps/prod/dashboard/ingress.yaml
new file mode 100644
index 0000000..7a53b67
--- /dev/null
+++ b/apps/prod/dashboard/ingress.yaml
@@ -0,0 +1,18 @@
+# /apps/prod/dashboard/ingress.yaml
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: dashboard
+  namespace: dashboard
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`${K8S_DASHBOARD_DOMAIN}`)
+    kind: Rule
+    middlewares:
+    - name: authelia
+      namespace: auth
+    services:
+    - name: kubernetes-dashboard
+      port: 80
diff --git a/apps/prod/dashboard/kustomization.yaml b/apps/prod/dashboard/kustomization.yaml
new file mode 100644
index 0000000..71e7dbb
--- /dev/null
+++ b/apps/prod/dashboard/kustomization.yaml
@@ -0,0 +1,12 @@
+# /apps/prod/dashboard/kustomization.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: dashboard
+
+resources:
+  - ../../base/dashboard
+  - release.yaml
+  - ingress.yaml
+
+configurations:
+  - kustomizeconfig.yaml
diff --git a/apps/prod/dashboard/kustomizeconfig.yaml b/apps/prod/dashboard/kustomizeconfig.yaml
new file mode 100644
index 0000000..3cef90a
--- /dev/null
+++ b/apps/prod/dashboard/kustomizeconfig.yaml
@@ -0,0 +1,7 @@
+# /apps/prod/dashboard/kustomizeconfig.yaml
+nameReference:
+- kind: ConfigMap
+  version: v1
+  fieldSpecs:
+  - path: spec/valuesFrom/name
+    kind: HelmRelease
diff --git a/apps/prod/dashboard/release.yaml b/apps/prod/dashboard/release.yaml
new file mode 100644
index 0000000..e303355
--- /dev/null
+++ b/apps/prod/dashboard/release.yaml
@@ -0,0 +1,18 @@
+# /apps/prod/dashboard/release.yaml
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: dashboard
+  namespace: dashboard
+spec:
+  interval: 12h
+  chart:
+    spec:
+      chart: kubernetes-dashboard
+      version: "7.12.0"
+      sourceRef:
+        kind: HelmRepository
+        name: dashboard
+        namespace: dashboard
+      interval: 12h
+
diff --git a/apps/prod/kustomization.yaml b/apps/prod/kustomization.yaml
index ba8060a..a0008cb 100644
--- a/apps/prod/kustomization.yaml
+++ b/apps/prod/kustomization.yaml
@@ -6,4 +6,5 @@ resources:
   - gitea
   - k9s-web
   - lemma
-  - ghost
\ No newline at end of file
+  - ghost
+  - dashboard
\ No newline at end of file
diff --git a/cluster-vars/prod/secret.enc.yaml b/cluster-vars/prod/secret.enc.yaml
index 56fdaaf..2c700ae 100644
--- a/cluster-vars/prod/secret.enc.yaml
+++ b/cluster-vars/prod/secret.enc.yaml
@@ -4,34 +4,30 @@ metadata:
     name: cluster-vars-prod
     namespace: flux-system
 stringData:
-    DOMAIN: ENC[AES256_GCM,data:ARYm5V97hv8k,iv:A3DKLAo+YU3KqgGGBVzUmLxjCpXH/NcJ36A4VPrlM+8=,tag:FzBnb2azMd/fymkmF0Ehdw==,type:str]
-    DOMAIN2: ENC[AES256_GCM,data:1FuwAA2P7S0P0A==,iv:GjmO4gL4hf+5e6+OsSBDYIDFAUm0UpJqv6Czf82/gh4=,tag:djwOgz6Wuh2NMt77ewWjlA==,type:str]
-    GITEA_DOMAIN: ENC[AES256_GCM,data:gHNHYOA2Xz8k3AzDzA==,iv:Nm/0AVCrgzQTarGGAnk8OGlTyxSWiLCW3vrUQYDbwAQ=,tag:mHDNIYVIXNCHqk0BSFmeRQ==,type:str]
-    AUTHELIA_DOMAIN: ENC[AES256_GCM,data:DITHZ5koHGCEvcL6OlI=,iv:882jyaW9sTWs6NNdt4TAM01ITqpZ1vEVqt/Tycdi+EI=,tag:CpIOw7E+AROQCn+j5hhcaQ==,type:str]
-    TRAEFIK_DOMAIN: ENC[AES256_GCM,data:0JgETkCWkaN6EX/8nI8ynhc=,iv:6n49BhONemZhPjNYRHrgpAmjT4ZUgo02DyZG+1I8Md4=,tag:xHXdT8Jfn0vG+IkP5URqOQ==,type:str]
-    LEMMA_DOMAIN: ENC[AES256_GCM,data:KlG/UfogLseYeYcR8LZe,iv:yCGtYucHil2e2QVWt6lko38xi4kl0d0JkF/igir+/PE=,tag:nCWwdsLEYdoLZaXBAd98FA==,type:str]
-    K9S_DOMAIN: ENC[AES256_GCM,data:2msIU4arlghK3ENMaA==,iv:q3w5cMRqJLMZamgWBONOkKvcqaI+emDSneBlqtG9T/8=,tag:lm//CYghOeK2Te/HbBn7YA==,type:str]
-    GHOST_DOMAIN: ENC[AES256_GCM,data:YojwKE85R+VsgU9igqBWqw==,iv:CLMLAZbtSr5JhJfbSm4HbhXIT9yBfDOTvEMO7mP+oVY=,tag:+yyZHXLU9V0D7zrb52VTlw==,type:str]
-    LETSENCRYPT_EMAIL: ENC[AES256_GCM,data:oqpHEXz3EAvdMFLWGmlZPJhD+3VG0xs=,iv:rQk/87ol3A2jkM1LKreNa6JkJHvNCN8rbO1CwZkfC5k=,tag:Ea+2Sc1yFhv9VrOrVvClRg==,type:str]
-    GITEA_ADMIN_EMAIL: ENC[AES256_GCM,data:zHIcc3us+i6xSJU++cunu0M=,iv:K+SVsZcQnU+TjJRl3e77BrOgLPsc4ffXDwzjLcfhAVM=,tag:c5Qpfiz5aLXBf8ScG56tzw==,type:str]
-    GHOST_ADMIN_EMAIL: ENC[AES256_GCM,data:4l6d0YfqD15E9QLd9wgVrjI=,iv:+CSR9hJTbpRbrvEjFnyt8TqzBjnTu9HrHVsqfKq+Nxs=,tag:f+lqAkEhkzOO6DNtyPJtpw==,type:str]
+    DOMAIN: ENC[AES256_GCM,data:hFIqpzsdEwer,iv:TFFk9DHPFhhmVU0ESxfHOAdXCDNTZ/9YDcOVh9KYw1E=,tag:9do39N03ECIXY59FYHMyJw==,type:str]
+    DOMAIN2: ENC[AES256_GCM,data:YwBcMSKKjshARA==,iv:I27dPoltFYD4v6bdJv/VLyIFUabuiiSlyRdDuctS9+c=,tag:K5K5Vu37z80hj8N9rBhZaA==,type:str]
+    GITEA_DOMAIN: ENC[AES256_GCM,data:EQOO3S4YBJZacfPqLw==,iv:WLmG4KJcRpR0HwPdMHcskfnaA6hlcCkchoSkMm/B+VA=,tag:mOlTD1damX+HueuHAlRatg==,type:str]
+    AUTHELIA_DOMAIN: ENC[AES256_GCM,data:moFkw+FAZaiAMfzKYnw=,iv:bokTWHaMA8nMIkdb9l/MMWzbpH1WIe6lexqLHJv0mNY=,tag:CxtPRfwkQ6k9RmfYxi52Cg==,type:str]
+    TRAEFIK_DOMAIN: ENC[AES256_GCM,data:GZ0GuadSbBmfRy528mIoQJ4=,iv:+C2gW7d0l14LjakJ81ruHKjbEa/GRYngNP2VSQL5fog=,tag:Gt/MER5hwrtreqhRtSvrZg==,type:str]
+    LEMMA_DOMAIN: ENC[AES256_GCM,data:QA9QVfYjFoN2ktvgx0Fu,iv:u2xJMHk3bt4znfDoPhk0j7ar9ez00kZNa/NdwZCEQwk=,tag:U6JYps9NA3PCZZVNT566ow==,type:str]
+    K9S_DOMAIN: ENC[AES256_GCM,data:MBGL+viskCnSdrLVQw==,iv:iNPN6y/uzz/pDX3V0YOXX0Qbel/xO5ph8tiFjZ3s3/Y=,tag:Ru9yKFsUXw1OHZwlNcYahQ==,type:str]
+    GHOST_DOMAIN: ENC[AES256_GCM,data:3rEF0Oe6BFTgWWbfqsAQGw==,iv:P7l8MJRVKl53di/JWewhKT2MkYcSgzrDjARRQA9xKqM=,tag:SNpSDGuwy3rpQCwCFvxk2A==,type:str]
+    K8S_DASHBOARD_DOMAIN: ENC[AES256_GCM,data:13Fw+rZaldwhCrEPeg==,iv:vzHyS6q4Je9yuMeLAK+RrbVdYoHNQDuoTWePKHl6XPc=,tag:aM3Tt+2hlBkBqLAs8B52Rg==,type:str]
+    LETSENCRYPT_EMAIL: ENC[AES256_GCM,data:GAKZxot3wWtiVf+DjRozwfVl7SCaB2U=,iv:BiVIGHsnvgOHAjzOyCyPqV8lCsYXiLFi01KUdglYrlQ=,tag:pDrQU0wAL4JViW+E9YxkTw==,type:str]
+    GITEA_ADMIN_EMAIL: ENC[AES256_GCM,data:XkOt213mAXQJiWT78cywT+U=,iv:WwQ72wDYb9tsnsOzzzYt8DetmLijugtATMWh+uQoKeI=,tag:BzOh4aRYhA1fCnk0wIJVvg==,type:str]
+    GHOST_ADMIN_EMAIL: ENC[AES256_GCM,data:JCgL9NLNFx6YjkZCMw/oN0o=,iv:ofJ04ES+2g74kn9LA0hvQhRzfFAeXGO0NsCqpXWwPxI=,tag:WNzxyqCqJrOfU6+irQf8Zw==,type:str]
 sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
     age:
         - recipient: age1jk99rtxq3ep2xj2w886cchddf7jypqpwkr3dszg5dzq93gn8cy9qyc786m
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMUmJFMnJobUF0UzN6Z2RL
-            NGFjMDFOYXVFaytaMWZ5aXVnQXVBd05RQlRJCkRUaDhwOGhEYitZZkhaYUI1N01a
-            UHpmSGNmYmhTcWhzMG9NQUo2SlIyVWsKLS0tIENxNVJCcE0wdUExVlA1blpUVUZI
-            THRSdkFZL095MUtOTXY5ZEtZYXZod2MKS96q6H4UhhuxorCpLDbYGXEXRvakFY2Q
-            0tmJUKC1nUpaPWuuTlSpJUw0ZVdpgsAQwrvJ4eSWF7U0ohndgpFSKg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3QnFiTHpWV0IvcE93Wk1J
+            dlJ6TzZkOWdtTngzU1VLM2Izd0dYbzBDQW13CnExdzEveWthaUFTTFY0UHRhQXFr
+            U2VkK3lhWGNaa3JrTVc3VDlpRjdKUmMKLS0tIHA3MFRpNU9JSjNwOWgwL1EvamRx
+            QlBCZFAyNWIxV2dmZ2dzRUhtYUdPZ2MKVoVaNry+XrOToVX1S8qLpsNnh/fQ2MmI
+            4u1z4pFi1IFlrJUJ6oZfql8U0yOhg9L2Va5+a1cJVFppfE+MoFUQMQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-04-18T12:12:33Z"
-    mac: ENC[AES256_GCM,data:kx8d+dfSsYOBwHtt8cIUigGfVjYaoRovisAC4J+DBj9DKMqLDbCljWz2UZ99cxgED+Fd261358019JpNTU9inPLmF9B7NYoTHvHPUGzfgV9gXzeJhvxRT4+Gq3BcLtpwW5RztppHWMmupVnESOxeehS8QBSd2MbCA9LbQf6VJFU=,iv:iNKQUG6H5NFrDu8e+zdxh69UdHlT9kTYen4jW8iBpwc=,tag:MG47q3EqVMtxgQbd75GCEA==,type:str]
-    pgp: []
+    lastmodified: "2025-05-14T18:47:08Z"
+    mac: ENC[AES256_GCM,data:jg/oP7p1aXamyEEdSN2U73BSrKaV+9TKREWcjdTEinDKPlD8SWAnb9QeRet2RC/xEL3fwSkKPHpq5w6gVz4HHjFZRRubxAqYD+BkBuO1VC9VfzGgwRPY9JKVj/mAzPY4ETGkKvyu5yzIOCloGUajB+PtKilzRiidrRsioEQ6TTQ=,iv:PCNQycKkc2h3Rm6wlyQJTRpTS83XANU/HMsSc6Roh80=,tag:uvCxquYj/B4rAOWqcBVYQA==,type:str]
     unencrypted_regex: ^(apiVersion|metadata|kind|type)$
-    version: 3.9.0
+    version: 3.10.2