diff --git a/apps/prod/homelab-proxy/netdata.yaml b/apps/prod/homelab-proxy/netdata.yaml
new file mode 100644
index 0000000..2165059
--- /dev/null
+++ b/apps/prod/homelab-proxy/netdata.yaml
@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: netdata-proxy
+  namespace: homelab-proxy
+  annotations:
+    tailscale.com/tailnet-fqdn: ${NETDATA_TAILNET_FQDN}
+spec:
+  type: ExternalName
+  externalName: placeholder
+  ports:
+    - port: ${NETDATA_INTERNAL_PORT}
+      name: http
+
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: netdata-ingress
+  namespace: homelab-proxy
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`${NETDATA_DOMAIN}`)
+      kind: Rule
+      services:
+        - name: netdata-proxy
+          port: ${NETDATA_INTERNAL_PORT}
+      middlewares:
+        - name: "auth-authelia@kubernetescrd"
diff --git a/cluster-vars/prod/secret.enc.yaml b/cluster-vars/prod/secret.enc.yaml
index 5366e34..975ecf3 100644
--- a/cluster-vars/prod/secret.enc.yaml
+++ b/cluster-vars/prod/secret.enc.yaml
@@ -4,35 +4,42 @@ metadata:
     name: cluster-vars-prod
     namespace: flux-system
 stringData:
-    DOMAIN: ENC[AES256_GCM,data:DaJzJvyvBszV,iv:vfaF0taG3JOzHyovrMvLuuBhbtFJPUm1YjlxOElaVvg=,tag:IQk1xRmcY2HnDS56r68PeQ==,type:str]
-    DOMAIN2: ENC[AES256_GCM,data:pRtZTpmY7QDH5A==,iv:ofl+5BHYgpm+l7ozNIz7WtmgyDO6wWGXwH1Xe70OYTo=,tag:94qZ0pscpRiRTEeZpY9cLg==,type:str]
-    GITEA_DOMAIN: ENC[AES256_GCM,data:miMIRM0mYZNLOmP7Kw==,iv:7AUz/7SUNNo+mezpGwyYrvzTBY/cQT4oHArmQ2vM1M8=,tag:DJAgYgCl1cXCxg3hHXCPiw==,type:str]
-    AUTHELIA_DOMAIN: ENC[AES256_GCM,data:1OuzgNhAvKzFKIgwd4I=,iv:TlaKq5cNXANSL8B5tYoFJt/OPV604hIHHqR3Kgvkbfw=,tag:NkY7HUZetk6oUBVAAQZXPw==,type:str]
-    TRAEFIK_DOMAIN: ENC[AES256_GCM,data:7kI0emz4qvh0K1CveFw3o1U=,iv:KhAYvO9KwQTKgGYh3BA8JrPQui3KqbewAmnJls0Dwpk=,tag:NJU1TwjinwTm1vQTfny6Hw==,type:str]
-    LEMMA_DOMAIN: ENC[AES256_GCM,data:HzSDpws8Bvwbg/wfdgeV,iv:CzChYZk+cDwad3a06H/HJpD7SM33dfBXGSZXVjMFw/o=,tag:nmMFvOZEL6EFmoqmzKW5ZQ==,type:str]
-    GHOST_DOMAIN: ENC[AES256_GCM,data:/KScqDNmj4IJY90aLECK/w==,iv:7xObipuHr29Bzs1Ga9ZmuV58ql9GHZHKbZe5AGIGkqw=,tag:5yjuuGwvclfEn+w6Tnve7w==,type:str]
-    K8S_DASHBOARD_DOMAIN: ENC[AES256_GCM,data:ijLjSU8soDxrCMFyZg==,iv:kZ/ACkJRf6PjbRaZZsc3oFQfAae5vojZaAJ9/XkRWRQ=,tag:bF8utzDFYqINH6w6EYVwkw==,type:str]
-    LETSENCRYPT_EMAIL: ENC[AES256_GCM,data:lNjUON+CR3SAWJfhyrxBRJgMDgmzrwQ=,iv:TrbGq8jrpaIr+0lTZAOID4w+cqaBxhInmVFbwEuC4w8=,tag:uHp1zF6wUq8LnM1sF12KlA==,type:str]
-    GITEA_ADMIN_EMAIL: ENC[AES256_GCM,data:aD8INyqqrzdlzKzCfBeIjKM=,iv:yfS+7xvDGcsIWMdB/wqRIqN3XgVPuO2pd4ASRegvny4=,tag:5zZYuoae/7veN+HY6FLKvg==,type:str]
-    GHOST_ADMIN_EMAIL: ENC[AES256_GCM,data:IuAJ+UfksRcl6smTxwiucoo=,iv:m+sLHAczrCAfS1Ho0/K3apAedvNnGfOducWZe8ytRPc=,tag:fD9k0YS1AdJ7iEZvSljZyw==,type:str]
-    LLAMACTL_DOMAIN: ENC[AES256_GCM,data:SoYsZt4JjPn6z2BfJsl29bmd,iv:03N2Qe61KtVtfzynuQfEMfrZ8OiCMyyXQhEXUSS0q/k=,tag:86hxVpM1v914rLuZB5eeZA==,type:str]
-    LLAMACTL_TAILNET_FQDN: ENC[AES256_GCM,data:j37MDcFZJ32Q2pH6uBCfTQMM7l7cXd47GmdLelk=,iv:CdEs263807Kh5WO/1WzJtTGLiqHaWLX+fpsMI/O1dq0=,tag:wFZMf24JMjlkCXX/pSL9IQ==,type:str]
-    LLAMACTL_INTERNAL_PORT: ENC[AES256_GCM,data:q/amUQ==,iv:8+qejNNiPxcLEY2NhxjARdGSuzf7ubVqGwf889cPfis=,tag:DQAtYPR6aMLR/sk81dhBrQ==,type:str]
-    CHATUI_DOMAIN: ENC[AES256_GCM,data:LqeETtqKGUT+34o0QK0=,iv:ofE+LdBX6rlrMvmtIPdZOKIJ8tKZ3XWYOLhN207ehHQ=,tag:K95GCf/iGk4pU0godk+Ytw==,type:str]
-    CHATUI_TAILNET_FQDN: ENC[AES256_GCM,data:00qLbrrec54tFMAf68yqNB4Ky9LLXnUkO5+ZLcw=,iv:f1JKph9S7KahKyoXCj93hNn2u0HDBx2rkS+oBBnrKf8=,tag:ngv6UTY9vw2IEHVhRrfiIQ==,type:str]
-    CHATUI_INTERNAL_PORT: ENC[AES256_GCM,data:PFLWeg==,iv:7QlWSqUqw+zuNHdidK0XTfWz9HHqBj+ZXHzs7rOIf7c=,tag:29y54jRMedFWuK5lpNi+Mw==,type:str]
+    #ENC[AES256_GCM,data:a4k9ytmFx3E6c0X96gTOsA==,iv:gZ7IJpiNg5HWR9u443nxA8QfZ+4f9OBLCp9oKnWkY9U=,tag:y6q6WuLqqkHW+wALYRKvRA==,type:comment]
+    DOMAIN: ENC[AES256_GCM,data:feCqpoevCJJi,iv:YLaXqcMQwhAorw/q2RnFrxOtmOnsVluSkgQmpkr+y8A=,tag:SFn1HI0fEX978NDflOUJCQ==,type:str]
+    DOMAIN2: ENC[AES256_GCM,data:crZu3qv3/uTzCg==,iv:9bbWayyoPTJKz3uGRUAQACYdUFhIGrGwDvb1No6770g=,tag:f1c/pW9se26Sgs3oDajwAg==,type:str]
+    #ENC[AES256_GCM,data:QAELkaOZY2Bt5H0Rrb1FXg==,iv:ADGFMjGqhrgW+UYns+G9ceB/LHeveaihQPhNnkuaSCM=,tag:hV/d79qpfNWLfV7BbUbkfA==,type:comment]
+    GITEA_DOMAIN: ENC[AES256_GCM,data:HCnCK2JaiN+kcKBpCw==,iv:9QKrcXna06ibmBGTVkg09MjgkiezcxmTcmbvuJ3NdlY=,tag:rTZS0A4Gv0IioDzLqC+hvA==,type:str]
+    AUTHELIA_DOMAIN: ENC[AES256_GCM,data:a8SJrw/qTeGp5+11Ugg=,iv:C39fGuYbt3UiJrJIRuApNvGOGvlnvT8TI5W+Um5l7lY=,tag:ETpZ7571WY/ajciRACgRkg==,type:str]
+    TRAEFIK_DOMAIN: ENC[AES256_GCM,data:eoTuS7PwzvqdK2BM9EjNR/c=,iv:pb6U24JQLVws42N6A0zS+8ChqzEQHUqMaENdnMTyYzo=,tag:uOGpboCyMaRNcR7ocb/B4Q==,type:str]
+    LEMMA_DOMAIN: ENC[AES256_GCM,data:HPckcX2GhyImjsCjuM5P,iv:ribxs9prdQPjrbN+FEBqAO9mk0RZHV50e6oumml3sTs=,tag:aNFcgqWx8BZZFo29admXmA==,type:str]
+    GHOST_DOMAIN: ENC[AES256_GCM,data:73gxN3s2MF4ccptLSS9aCg==,iv:+xHZkk8b9vgKoDb8c91wGIF1K5nxCnLaka5zdTIzhZo=,tag:XLRKUlXIJXdX1PS8dIY6xQ==,type:str]
+    K8S_DASHBOARD_DOMAIN: ENC[AES256_GCM,data:Lus2ePB270IDzU1UiQ==,iv:hUnwLPB23XCM12e/WOWZgDOZLfTJSYR8jmSk7YHredo=,tag:pkMTgquvyTLOwV2BL+qNIQ==,type:str]
+    #ENC[AES256_GCM,data:G3DQM0n+TTI8NMn+Zyd7vHAaZG0=,iv:/+cNqR+qHP328olwvjckGNLtOPqDXUF+WoGS6t0kv1A=,tag:KJww1lwvVHGYPyN18YrCAg==,type:comment]
+    LETSENCRYPT_EMAIL: ENC[AES256_GCM,data:pHuATMlIA4qTQHsLnqjElS7iulLjDiA=,iv:3F1y47EipVJ/4kFy1Yu9nTp+r6Qi4unFSX6BNot1zs8=,tag:liDfdGI/29nfSHxd9jiEsA==,type:str]
+    GITEA_ADMIN_EMAIL: ENC[AES256_GCM,data:ffs8FiQpLhTjA8uHp0FU6SU=,iv:gBhBcUkbivxkYt04lRSuBrtI6aE0KbR6dVpsAPXFTxE=,tag:fZ/MN/YmsyephmHKW9+xbQ==,type:str]
+    GHOST_ADMIN_EMAIL: ENC[AES256_GCM,data:RMFYa+r4zn1rYarV1rTLmZo=,iv:DJunw+j+JAWLxWIrKeLD31hvG/f97ZZ9uM9St0CDPSE=,tag:3SM7YmSuKkt4gNGVAB8Dyg==,type:str]
+    #ENC[AES256_GCM,data:rr9sIYYmZgdSZfaTJQ6R4Gq7liSsxia5YddIlQTWHeGJ,iv:eHkgabDe2IY9yqww6a4K8bKSHYE7l8grzc3D7RohtNU=,tag:JBmnp1M57c/e7l7sVraUjA==,type:comment]
+    LLAMACTL_DOMAIN: ENC[AES256_GCM,data:2W43cQt4wu31dL7+xeYp0sKM,iv:O0HL/ixTh5sIuctvgtQMcigPSM2saCXvkprZSVJpL+I=,tag:aYY+YMmGkLhVwCvWXWInMA==,type:str]
+    LLAMACTL_TAILNET_FQDN: ENC[AES256_GCM,data:PEEY8q5D+UjdWE/7kAV+GE1gW9OwL8Bc5iGoFgI=,iv:e4MGRN9pPGzJCvku2qhWxtmMZDb7Mpwzf3oBXlLdgIc=,tag:wR7khC+QApQthovEegfHWQ==,type:str]
+    LLAMACTL_INTERNAL_PORT: ENC[AES256_GCM,data:AZMugg==,iv:1YUGM1VaDB3yGkIDEMIx1wkuml4xI2DubH/qAKomHmY=,tag:RiTrDc7QnRupGkjUIQe7+A==,type:str]
+    CHATUI_DOMAIN: ENC[AES256_GCM,data:/xF69d3out6gzBe2Kok=,iv:wbf3v5M5PXILO5+2++skjSI/OjygRlDgigY/JTXlttQ=,tag:dwZPIJ7+H9MYt+RLLGes0w==,type:str]
+    CHATUI_TAILNET_FQDN: ENC[AES256_GCM,data:hu9KzgHW6g0UpWSCXiOCviigLHlvuVEXKqLxGOQ=,iv:DEe7P45KX4jqyXIZ28HaKh8NWcOaQ9kzQGiR9ytsThE=,tag:tG3V0dKbIt8ENV8AlxDMvg==,type:str]
+    CHATUI_INTERNAL_PORT: ENC[AES256_GCM,data:GN1k8g==,iv:sf/Oy+VQ27hVBh4MugNfqOnmz0zA6dXhLNGolr++njk=,tag:ZnBUw5IscCDRDwhxElJ4LA==,type:str]
+    NETDATA_DOMAIN: ENC[AES256_GCM,data:7Jfq9uVTLP1LYloJh1xJRuw=,iv:DjJhML4HJHp4tRHN3LFcdvl+4W6LPbn9YDmjIRndAM0=,tag:s8B5jb+wt9QyXgBrW0diSQ==,type:str]
+    NETDATA_TAILNET_FQDN: ENC[AES256_GCM,data:XU7lvF5prJf4VEIhGQYh5oxc8GPzzDBSoc02RHM=,iv:2lUYtQn9UHtbNDnWxiWxDXkovpwdIzbOHe30C4uDqUw=,tag:OL0BeJ+WXZVaVSRhUbjccA==,type:str]
+    NETDATA_INTERNAL_PORT: ENC[AES256_GCM,data:hOij+JU=,iv:HIl2YbgxEYG6DZlIJ6RltlbinjqLQ4HpoSV5qIGogqk=,tag:UKanGAUOlcINoqLu90Ul7g==,type:str]
 sops:
     age:
         - recipient: age1jk99rtxq3ep2xj2w886cchddf7jypqpwkr3dszg5dzq93gn8cy9qyc786m
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3ZlB5Qy9QdE85ZS94QlJX
-            cWFpK09ybEFla1FtR0FQTmtHekpuNWFaZkNvClRwd3F4MTZTR2JnbnpZOEt3OERU
-            dnNBOFVlS3ZtSkd0YWZscXNLYUgrL0EKLS0tIEdFd2JZTmFWVXExWEczZmQ2M091
-            ZW1LVVY0TjBLYXo3cjRSWHk0RWJmcncK9NWSavLBbQ2lAnoFh4z0fzPT+9rFP+tx
-            c+GIbE32onS8yRIZl8k21XppEC+vq6C1Z/Urnfpuc61XnsdhCftrVA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMWUJ4TStIWWg3S1o0dHB2
+            ZlBNd1NjdUduUUNCMStwK1NHVkNCajdtOFNvCllpekE2cTZRT1U0a2JyeityVExR
+            MEJQa0luQlVCVU55ZEVZSU9FNFp5eGMKLS0tIGV1SWQxSUwxbmltakZUTXQxUEpk
+            bURvR0VvMkZrc09kWFF4L3BmTlk3WTAKBuPs0wVtdDbygS+r5sqOjjCBsytwq/sf
+            tyEaWypgBBr+HCI+R24X769zfOHC8tXyU/EqWSznm+CqlLtgYeOiyQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-08-08T19:57:01Z"
-    mac: ENC[AES256_GCM,data:rWdCM+Xl11H5vavUaUjYE7sZ8V9AUIXv7hEsepHZcvjy90TGx0ZrTQvI8fnqgOylWqn7fynFjvPWPufg7le/a+Fi1jV9QJTxS9yUVJry18+aLkcHYkhzkGVbJmqFQd3aPVxz9NB08UST6Z/ZBK6wF5k8xWXKzJvAhxp9+6uMd3Q=,iv:4v+fpSy4GI/huRUhL5umVul3CVmi3tFbmcj7tC+AlSs=,tag:bkrrlu+4hQFzNGh8S7cmOg==,type:str]
+    lastmodified: "2025-08-26T18:31:25Z"
+    mac: ENC[AES256_GCM,data:IM0762Q52R7NGXYt5uor/KXv1+QO6zVBSlyfpSznLwSnm25OTvwA+uKPc/PO5Joj/bNviXXkXmAIW8Sot3+6AnZK57NNg4vBcH7wdEcp6jHV3jRj6baRETgqqjF5JWyNFXk5sCDorqNGqZUJttELUjuziLjy+9pvjpqyx9DHSts=,iv:81RddYX3XD2ffgvR6YauftyuXXYAYQcfRJl4a4Z/Avc=,tag:B2oAtS0QKS4S/vW6nhR80w==,type:str]
     unencrypted_regex: ^(apiVersion|metadata|kind|type)$
     version: 3.10.2