From 4f5d7833fb5743d480206dd0eb11ce652306c596 Mon Sep 17 00:00:00 2001
From: Sebastian Wendel <s.wendel@fabcity.hamburg>
Date: Tue, 29 Nov 2022 14:16:04 +0100
Subject: [PATCH] integrated core and webpresence, cleaned up dir tree and
 notes

---
 .envrc                                        |   3 -
 .gitignore                                    |   1 +
 .gitlab-ci.yml                                |  38 +----
 .pre-commit-config.yaml                       |  22 ---
 Makefile                                      |  62 +++-----
 README.md                                     |  96 +++++-------
 .../charts => apps}/gitea/kustomization.yaml  |   5 +-
 {base/charts => apps}/gitea/namespace.yaml    |   0
 {base/charts => apps}/gitea/values.yaml       |  14 +-
 apps/interfacer-core/kustomization.yaml       |  10 ++
 .../interfacer-core}/namespace.yaml           |   2 +-
 apps/interfacer-webpresence/deployment.yaml   |  27 ++++
 .../interfacer-webpresence/kustomization.yaml |   6 +
 .../interfacer-webpresence}/namespace.yaml    |   2 +-
 apps/interfacer-webpresence/service.yaml      |  12 ++
 apps/kustomization.yaml                       |   5 +
 base/apps/cert-manager/letsencrypt.yaml       |  30 ----
 base/apps/keycloak/database.yaml              |  36 -----
 base/apps/keycloak/instance.yaml              |  16 --
 base/apps/keycloak/kustomization.yaml         |   6 -
 base/apps/kustomization.yaml                  |   4 -
 base/cert-manager/kustomization.yaml          |  11 ++
 .../cert-manager/namespace.yaml               |   0
 base/cert-manager/values.yaml                 |   2 +
 base/charts/external-dns/kustomization.yaml   |  11 --
 base/charts/external-dns/namespace.yaml       |   5 -
 base/charts/external-dns/values.yaml          |  11 --
 base/charts/kustomization.yaml                |   5 -
 .../ingress-nginx/kustomization.yaml          |   4 +-
 .../{charts => }/ingress-nginx/namespace.yaml |   0
 base/{charts => }/ingress-nginx/values.yaml   |   0
 base/kustomization.yaml                       |   5 +-
 .../operators/cert-manager/kustomization.yaml |   6 -
 .../operators/cert-manager/operatorgroup.yaml |   5 -
 base/operators/cert-manager/subscription.yaml |  11 --
 base/operators/keycloak/kustomization.yaml    |   6 -
 base/operators/keycloak/namespace.yaml        |   5 -
 base/operators/keycloak/operatorgroup.yaml    |   8 -
 base/operators/keycloak/subscription.yaml     |  11 --
 base/operators/kustomization.yaml             |   5 -
 base/operators/postgresql/kustomization.yaml  |   6 -
 base/operators/postgresql/operatorgroup.yaml  |   8 -
 base/operators/postgresql/subscription.yaml   |  11 --
 default.nix                                   |   6 -
 docs/applications/gitea.md                    |   7 -
 docs/applications/keycloak.md                 |  10 --
 docs/assets/fc_logo.ico                       | Bin 4286 -> 0 bytes
 docs/assets/fc_logo.svg                       |  51 -------
 docs/basics.md                                |   3 -
 docs/development/contributing.md              | 142 ------------------
 docs/getting-started.md                       |  11 --
 docs/index.md                                 | 113 --------------
 flake.lock                                    | 116 ++++++++++++--
 flake.nix                                     | 106 +++++++++++--
 ci/k3d-fcos-dev.yaml => k3s-dev.yaml          |   2 +-
 mkdocs.yml                                    |  34 -----
 overlays/dev/cert-manager/kustomization.yaml  |   2 +-
 overlays/dev/cert-manager/letsencrypt.yaml    |  15 ++
 overlays/dev/cert-manager/selfsigned.yaml     |  24 ---
 overlays/dev/gitea/ingress.yaml               |  22 +++
 overlays/dev/gitea/kustomization.yaml         |  24 +++
 overlays/dev/keycloak/certificate.yaml        |  26 ----
 overlays/dev/keycloak/kustomization.yaml      |   4 -
 overlays/dev/kustomization.yaml               |   3 +-
 .../prod}/cert-manager/kustomization.yaml     |   0
 overlays/prod/cert-manager/letsencrypt.yaml   |  15 ++
 overlays/prod/gitea/kustomization.yaml        |  24 ---
 .../prod/interfacer-webpresence/ingress.yaml  |  22 +++
 .../interfacer-webpresence/kustomization.yaml |   3 +
 overlays/prod/keycloak/kustomization.yaml     |  44 ------
 overlays/prod/kustomization.yaml              |  17 +--
 shell.nix                                     |  54 -------
 test/labels.rego                              |  20 ---
 test/run_as_root.rego                         |   7 -
 test/selector.rego                            |  11 --
 75 files changed, 448 insertions(+), 1023 deletions(-)
 delete mode 100644 .pre-commit-config.yaml
 rename {base/charts => apps}/gitea/kustomization.yaml (64%)
 rename {base/charts => apps}/gitea/namespace.yaml (100%)
 rename {base/charts => apps}/gitea/values.yaml (78%)
 create mode 100644 apps/interfacer-core/kustomization.yaml
 rename {base/operators/postgresql => apps/interfacer-core}/namespace.yaml (65%)
 create mode 100644 apps/interfacer-webpresence/deployment.yaml
 create mode 100644 apps/interfacer-webpresence/kustomization.yaml
 rename {base/apps/keycloak => apps/interfacer-webpresence}/namespace.yaml (59%)
 create mode 100644 apps/interfacer-webpresence/service.yaml
 create mode 100644 apps/kustomization.yaml
 delete mode 100644 base/apps/cert-manager/letsencrypt.yaml
 delete mode 100644 base/apps/keycloak/database.yaml
 delete mode 100644 base/apps/keycloak/instance.yaml
 delete mode 100644 base/apps/keycloak/kustomization.yaml
 delete mode 100644 base/apps/kustomization.yaml
 create mode 100644 base/cert-manager/kustomization.yaml
 rename base/{operators => }/cert-manager/namespace.yaml (100%)
 create mode 100644 base/cert-manager/values.yaml
 delete mode 100644 base/charts/external-dns/kustomization.yaml
 delete mode 100644 base/charts/external-dns/namespace.yaml
 delete mode 100644 base/charts/external-dns/values.yaml
 delete mode 100644 base/charts/kustomization.yaml
 rename base/{charts => }/ingress-nginx/kustomization.yaml (77%)
 rename base/{charts => }/ingress-nginx/namespace.yaml (100%)
 rename base/{charts => }/ingress-nginx/values.yaml (100%)
 delete mode 100644 base/operators/cert-manager/kustomization.yaml
 delete mode 100644 base/operators/cert-manager/operatorgroup.yaml
 delete mode 100644 base/operators/cert-manager/subscription.yaml
 delete mode 100644 base/operators/keycloak/kustomization.yaml
 delete mode 100644 base/operators/keycloak/namespace.yaml
 delete mode 100644 base/operators/keycloak/operatorgroup.yaml
 delete mode 100644 base/operators/keycloak/subscription.yaml
 delete mode 100644 base/operators/kustomization.yaml
 delete mode 100644 base/operators/postgresql/kustomization.yaml
 delete mode 100644 base/operators/postgresql/operatorgroup.yaml
 delete mode 100644 base/operators/postgresql/subscription.yaml
 delete mode 100644 default.nix
 delete mode 100644 docs/applications/gitea.md
 delete mode 100644 docs/applications/keycloak.md
 delete mode 100644 docs/assets/fc_logo.ico
 delete mode 100644 docs/assets/fc_logo.svg
 delete mode 100644 docs/basics.md
 delete mode 100644 docs/development/contributing.md
 delete mode 100644 docs/getting-started.md
 delete mode 100644 docs/index.md
 rename ci/k3d-fcos-dev.yaml => k3s-dev.yaml (93%)
 delete mode 100644 mkdocs.yml
 create mode 100644 overlays/dev/cert-manager/letsencrypt.yaml
 delete mode 100644 overlays/dev/cert-manager/selfsigned.yaml
 create mode 100644 overlays/dev/gitea/ingress.yaml
 create mode 100644 overlays/dev/gitea/kustomization.yaml
 delete mode 100644 overlays/dev/keycloak/certificate.yaml
 delete mode 100644 overlays/dev/keycloak/kustomization.yaml
 rename {base/apps => overlays/prod}/cert-manager/kustomization.yaml (100%)
 create mode 100644 overlays/prod/cert-manager/letsencrypt.yaml
 delete mode 100644 overlays/prod/gitea/kustomization.yaml
 create mode 100644 overlays/prod/interfacer-webpresence/ingress.yaml
 create mode 100644 overlays/prod/interfacer-webpresence/kustomization.yaml
 delete mode 100644 overlays/prod/keycloak/kustomization.yaml
 delete mode 100644 shell.nix
 delete mode 100644 test/labels.rego
 delete mode 100644 test/run_as_root.rego
 delete mode 100644 test/selector.rego

diff --git a/.envrc b/.envrc
index 9a170d3..1905046 100644
--- a/.envrc
+++ b/.envrc
@@ -1,7 +1,4 @@
 
 use flake
 
-watch_file ./nix/checks.nix
-watch_file ./nix/dev-shell.nix
-
 eval "$shellHook"
diff --git a/.gitignore b/.gitignore
index 92453a8..a8d2188 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,3 +9,4 @@ charts
 temp
 site
 !base/charts
+.pre-commit-config.yaml
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 6fc13de..8f46e20 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,47 +1,23 @@
 ---
-variables:
-  NIX_VERSION: "latest"
-  NIX_CONFIG: "experimental-features = nix-command flakes recursive-nix"
-
 default:
-  image: nixpkgs/nix-unstable:${NIX_VERSION}
-  timeout: 1 hours
+  tags:
+    - nix
   before_script:
-    # - nix flake show
-    # - nix profile install --inputs-from . 'nixpkgs#direnv'
-    # - direnv hook bash >> ~/.bashrc
-    # - . ~/.bashrc
-    # - . /etc/profile
-    # - env
-    # - direnv allow
-    # - direnv status
-    # - direnv reload
-    # - cd $(pwd)
-    - nix profile install --inputs-from . 'nixpkgs#yamllint'
-    - nix profile install --inputs-from . 'nixpkgs#mdl'
-    - nix profile install --inputs-from . 'nixpkgs#kubectl'
-    - nix profile install --inputs-from . 'nixpkgs#kubernetes-helm'
-    - nix profile install --inputs-from . 'nixpkgs#kustomize'
+    - nix develop
 
 stages:
   - test
   - build
-  - release
-  - deploy
 
 lint.yaml:
   stage: test
   script:
     - yamllint -f auto .
 
-lint.markdown:
-  stage: test
-  script: mdl .
-
-kustomize.dev:
-  stage: test
+lint.kustomize.dev:
+  stage: build
   script: kubectl kustomize overlays/dev --enable-helm
 
-kustomize.prod:
-  stage: test
+lint.kustomize.prod:
+  stage: build
   script: kubectl kustomize overlays/prod --enable-helm
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
deleted file mode 100644
index 97cb12f..0000000
--- a/.pre-commit-config.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-repos:
-  - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.3.0
-    hooks:
-      - id: check-added-large-files
-      - id: check-builtin-literals
-      - id: check-case-conflict
-      - id: check-docstring-first
-      - id: check-json
-      - id: check-merge-conflict
-      - id: check-yaml
-      - id: detect-private-key
-      - id: double-quote-string-fixer
-      - id: end-of-file-fixer
-      - id: trailing-whitespace
-
-  - repo: https://github.com/adrienverge/yamllint
-    rev: v1.27.1
-    hooks:
-      - id: yamllint
-        files: '.*(?<!\.yaml)$'
diff --git a/Makefile b/Makefile
index 443e7a8..f91c12e 100644
--- a/Makefile
+++ b/Makefile
@@ -16,20 +16,11 @@ help: ## Display this help.
 
 ##@ Setup
 
-up: k3d-create olm-install ## Create a local k3d development cluster with operator lifecycle manager.
-down: k3d-delete ## Delete the local k3d development cluster.
+up: ## Create a local K3D development cluster.
+	@k3d cluster create interfacer-swkit --config k3s-dev.yaml
 
-olm-install: ## Install the Operator Framework Lifecycle Manager.
-	@operator-sdk olm install
-
-olm-uninstall: ## Uninstall the Operator Framework Lifecycle Manager.
-	@operator-sdk olm uninstall
-
-k3d-create: ## Create a local K3D development cluster.
-	@k3d cluster create fcos-dev --config ci/k3d-fcos-dev.yaml
-
-k3d-delete: ## Delete the local K3D development cluster
-	@k3d cluster delete fcos-dev
+down: ## Delete the local K3D development cluster
+	@k3d cluster delete interfacer-swkit
 
 ##@ Lint
 
@@ -44,11 +35,6 @@ markdown-lint: ## Lint all Markdown files.
 manifest-lint: ## Lint the Kubenetes manifest.
 	@kubectl kustomize overlays/dev --enable-helm | kubeconform -ignore-missing-schemas -strict
 
-##@ Test
-
-conftest: ## Test the Kubernetes manifest against the policies.
-	@kubectl kustomize overlays/dev --enable-helm | conftest test -p test -
-
 ##@ Build
 
 doc: ## Build the documentation using mkdocs.
@@ -57,9 +43,21 @@ doc: ## Build the documentation using mkdocs.
 manifest: ## Build Kubernetes manifest using Kustomize and Helm.
 	@kubectl kustomize overlays/dev --enable-helm
 
-deploy: ## Apply the manifest to the local Kubernetes development cluster.
+deploy: deploy-dev ## Apply the manifest to the local Kubernetes development cluster.
+
+deploy-dev: ## Apply the manifest to the local Kubernetes development cluster.
 	@kubectl kustomize overlays/dev/ --enable-helm | kubectl apply --server-side=true -f -
 
+deploy-prod: ## Apply the manifest to the Kubernetes production cluster.
+	@kubectl kustomize overlays/prod/ --enable-helm | kubectl apply --server-side=true -f -
+
+remove: ## Remove the namespaces from the Kubernetes cluster.
+	@kubectl delete namespaces 	\
+		cert-manager 			\
+		gitea 					\
+		interfacer-core 		\
+		interfacer-webpresence
+
 clean: down up ## Clean the local Kubernetes development cluster.
 
 ##@ Show
@@ -85,36 +83,10 @@ get-node: ## Get all Kubernetes nodes.
 watch-all: ## Watch the state of all Kubernetes resources.
 	@watch -n 1 kubectl get all --all-namespaces
 
-get-olm-status: ## Get the state of the Operator Framework Lifecycle Manager.
-	@operator-sdk olm status
-
-get-olm-cat: ## Get the catalog sources of the Operator Framework Lifecycle Manager.
-	@kubectl get catalogsources.operators.coreos.com --all-namespaces
-
-get-olm-subs: ## Get the catalog subscriptions of the Operator Framework Lifecycle Manager.
-	@kubectl get subscriptions.operators.coreos.com --all-namespaces
-
-get-olm-pkgs: ## Get the package manifest of the Operator Framework Lifecycle Manager.
-	@kubectl get packagemanifest --all-namespaces
-
-get-olm-ip: ## Get the install plans of the Operator Framework Lifecycle Manager.
-	@kubectl get installplans.operators.coreos.com --all-namespaces
-
 ##@ Log
 
-olm: ## Show logs of the Operator Framework Lifecycle Manager.
-	@kubectl logs -f deployment.apps/olm-operator --all-containers -n olm
-
 events: ## Show all Kubernetes cluster events.
 	@kubectl get events --watch --all-namespaces
 
-##@ Tools
-
-nav: ## Start K9s to view and manage your Kubernetes clusters.
-	@k9s --all-namespaces --headless
-
-lens: ## Start Lens to view and manage your Kubernetes clusters.
-	@nohup lens > /dev/null 2>&1&
-
 %:
 	@true
diff --git a/README.md b/README.md
index 54906c8..cec608c 100644
--- a/README.md
+++ b/README.md
@@ -1,47 +1,36 @@
 <p align="center">
-  <img src="https://www.fabcity.hamburg/wp-content/uploads/2021/04/cropped-Fab_City_Hamburg@4x-192x192.png" alt="FabCity Hamburg" width="192" height="192" />
+  <img src="https://raw.githubusercontent.com/dyne/interfacer-docs/main/docs/_media/general/interfacer-logo.png" alt="Interfacer" />
 </p>
 
-<h1 align="center">FabCityOS Kubernetes Integration Repo</h1>
+<h1 align="center">Interfacer SWKit for Kubernetes ⚓️</h1>
 
 <h4 align="center">
-  <a href="https://github.com/FabCityOS Core/FabCityOS Core">Helm Chart</a> |
-  <a href="https://reflowos.dyne.org/docs/what_is_reflowOS">Documentation</a> |
-  <a href="https://matrix.to/#/#fcos:fabcity.hamburg">Element</a> |
   <a href="https://www.interfacerproject.eu/">Website</a> |
-  <a href="https://www.interfacerproject.eu/#news">Blog</a> |
+  <a href="https://www.interfacerproject.eu/#news">Blog</a>
 </h4>
 
 <p align="center">
-  <a href="https://gitlab.fabcity.hamburg/software/fabcity-os-core-chart/LICENSE"><img src="https://img.shields.io/badge/license-AGPL-informational" alt="License"></a>
-  <a href="https://gitlab.fabcity.hamburg/software/fabcity-os-core-chart/-/pipelines"><img src="https://gitlab.fabcity.hamburg/software/fabcity-os-core-chart/badges/main/pipeline.svg" alt="Build status"></a>
-  <a href="https://matrix.to/#/#fcos:fabcity.hamburg"><img src="https://img.shields.io/badge/Matrix-FCOS-blue.svg?logo=element" alt="Element"></a>
+  <a href="https://gitlab.fabcity.hamburg/software/interfacer-swkit/LICENSE"><img src="https://img.shields.io/badge/license-AGPL-informational" alt="License"></a>
+  <a href="https://gitlab.fabcity.hamburg/software/interfacer-swkit/-/pipelines"><img src="https://gitlab.fabcity.hamburg/software/interfacer-swkit/badges/main/pipeline.svg" alt="Pipeline"></a>
+  <a href="https://matrix.to/#/#fcos:fabcity.hamburg"><img src="https://img.shields.io/badge/Matrix-FCOS-blue.svg?logo=element" alt="Matrix"></a>
 </p>
 
-<p align="center">The FabCityOS Integration Repo for Kubernetes ⚓️</p>
-
-This Integration repo is designed to be a lightweight way to configure FabCityOS applications.
-
-**FabCityOS** is an operating system enabling a data-based circular economy via global collaboration and local production.
+This Repo is designed to be a lightweight way to configure the Interfacer SWKit applications. Interfacer SWKit is a bundle of Applications to enabling a data-based circular economy via global collaboration and local production.
 
 ## Table of Contents <!-- omit in toc -->
 
 - [📖 Documentation](#-documentation)
 - [🚀 Getting Started](#-getting-started)
   - [Repository structure](#repository-structure)
-- [🤖 Compatibility with FabCityOS](#-compatibility-with-fabcityos)
+  - [Install kubectl](#install-kubectl)
+  - [Install helm](#install-helm)
 - [⚙️ Development Workflow and Contributing](#️-development-workflow-and-contributing)
 
 ## 📖 Documentation
 
-- [k3d](https://k3d.io/)
 - [kubectl](https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands)
 - [kustomize](https://kubectl.docs.kubernetes.io/guides/)
 - [helm](https://helm.sh/docs/)
-- [kubectx](https://kubectx.dev/)
-- [kube-linter](https://github.com/stackrox/kube-linter)
-- [k9s](https://k9scli.io/)
-- [sops](https://github.com/mozilla/sops)
 - [cert-manager](https://cert-manager.io/docs/)y
 
 ## 🚀 Getting Started
@@ -53,59 +42,42 @@ First of all, you will need a Kubernetes cluster up and running. If you are not
 ### Repository structure
 
 ```yaml
-├── apps                                # kustomize global applications folder
-│   ├── wordpress                       # kustomize global application folder
-│   │   ├── kustomization.yaml          # kustomize global application definition
-│   │   ├── charts                      # helm global chart config folder
-│   │   └── ...                         # kustomize global application objects
-│   └── ...                             # kustomize global applications objects
-├── base                                # kustomize global objects folder
-│   ├── kustomization.yaml              # kustomize global application config
-│   └── ...                             # kustomize global cluster objects
-├── overlays                            # kustomize environment overrides
-│   ├── dev                             # kustomize environment folder
-│   │   ├── kustomization.yaml          # kustomize environment definition
-│   │   └── apps                        # kustomize applications folder
-│   │       └── cert-manager            # kustomize application folder
-│   │           ├── kustomization.yaml  # kustomize application config
-│   │           └── ...                 # kustomize application objects
-│   └── ...                             # kustomize environment folder
-├── .envrc                              # direnv support file
-├── default.nix                         # nixos flake legacy support file
-├── flake.lock                          # nixos flake versions lock file
-├── flake.nix                           # nixos local runtime dependency
-├── shell.nix                           # nixos local development shell
+├── base                           # kustomize global objects folder
+│   ├── kustomization.yaml         # kustomize global application config
+│   └── ...                        # kustomize global cluster objects
+├── apps                           # kustomize global applications folder
+│   ├── gitea                      # kustomize global application folder
+│   │   ├── kustomization.yaml     # kustomize global application definition
+│   │   ├── charts                 # helm global chart config folder
+│   │   └── ...                    # kustomize global application objects
+│   └── ...                        # kustomize global applications objects
+├── overlays                       # kustomize environment overrides
+│   ├── dev                        # kustomize environment specific
+│   │   ├── kustomization.yaml     # kustomize environment definition
+│   │   └── cert-manager           # kustomize applications folder
+│   │       ├── kustomization.yaml # kustomize application config
+│   │       └── ...                # kustomize application objects
+│   └── ...                        # kustomize environment folder
+├── .envrc                         # direnv support file
+└── flake.nix                      # nix flake for local runtime dependency
 ```
 
-### Install kubectl <!-- omit in toc -->
+### Install kubectl
 
 `kubectl` is the most commonly used CLI to manage a Kubernetes cluster. The installation instructions are [available here](https://kubernetes.io/docs/tasks/tools/install-kubectl/).
 
-### Deploy FabCityOS <!-- omit in toc -->
+### Install helm
 
-#### Install Kustomize <!-- omit in toc -->
+`helm` is a Command Line Interface which will automate chart management and installation on your Kubernetes cluster. To install Helm, follow the [Helm installation instructions](https://helm.sh/docs/intro/install/).
 
-Kustomize CLI is a Command Line Interface which will automate configuration management on your Kubernetes cluster. To install Kustomize, follow the [Kustomize installation instructions](https://kubectl.docs.kubernetes.io/installation/kustomize/).
-
-#### Install helm <!-- omit in toc -->
-
-Helm CLI is a Command Line Interface which will automate chart management and installation on your Kubernetes cluster. To install Helm, follow the [Helm installation instructions](https://helm.sh/docs/intro/install/).
-
-#### Deploy FabCityOS <!-- omit in toc -->
+#### Deploy the SWKit <!-- omit in toc -->
 
 ```sh
-kubectl kustomize overlays/prod --enable-helm | kubectl apply -f -
+git clone https://gitlab.fabcity.hamburg/software/interfacer-swkit.git
+cd interfacer-swkit
+kubectl kustomize --enable-helm | kubectl apply -f -
 ```
 
-## 🤖 Compatibility with FabCityOS
-
-We recommend that the Helm chart version is aligned to the version of the product you want to deploy. This will ensure that you are using a chart version that has been tested against the corresponding production version.
-This will also ensure that the documentation and examples for the chart will work with the version of the product, you are installing.
-
-For example, if you want to deploy an fcos `0.1.0` cluster, use the corresponding `0.1.0` [tag][fcos-010].
-
-The `master` version of these charts is intended to support the latest pre-release versions of our products, and therefore may or may not work with current released versions.
-
 ## ⚙️ Development Workflow and Contributing
 
 Any new contribution is more than welcome in this project!
diff --git a/base/charts/gitea/kustomization.yaml b/apps/gitea/kustomization.yaml
similarity index 64%
rename from base/charts/gitea/kustomization.yaml
rename to apps/gitea/kustomization.yaml
index c9e8456..dfe7bd9 100644
--- a/base/charts/gitea/kustomization.yaml
+++ b/apps/gitea/kustomization.yaml
@@ -4,8 +4,7 @@ resources:
   - namespace.yaml
 helmCharts:
   - name: gitea
-    version: v5.0.9
-    releaseName: fcos-gitea
+    version: 6.0.3
+    releaseName: interfacer-gitea
     namespace: gitea
     repo: https://dl.gitea.io/charts/
-    valuesFile: values.yaml
diff --git a/base/charts/gitea/namespace.yaml b/apps/gitea/namespace.yaml
similarity index 100%
rename from base/charts/gitea/namespace.yaml
rename to apps/gitea/namespace.yaml
diff --git a/base/charts/gitea/values.yaml b/apps/gitea/values.yaml
similarity index 78%
rename from base/charts/gitea/values.yaml
rename to apps/gitea/values.yaml
index 1e4e7da..7e89627 100644
--- a/base/charts/gitea/values.yaml
+++ b/apps/gitea/values.yaml
@@ -4,11 +4,11 @@ service:
   http:
     type: ClusterIP
     port: 3000
-    clusterIP:
+    clusterIP: ""
   ssh:
     type: ClusterIP
     port: 22
-    clusterIP:
+    clusterIP: ""
 ingress:
   enabled: true
   apiVersion: networking.k8s.io/v1
@@ -16,20 +16,20 @@ ingress:
     kubernetes.io/ingress.class: nginx
     kubernetes.io/tls-acme: "true"
   hosts:
-    - host: code.dev.fabcity-hamburg.de
+    - host: code.k8s.dev.fabcity-hamburg.de
       paths:
         - path: /
           pathType: Prefix
 resources:
-  limits:
-    cpu: 100m
-    memory: 128Mi
   requests:
     cpu: 100m
     memory: 128Mi
+  limits:
+    cpu: 250m
+    memory: 256Mi
 gitea:
   config:
-    APP_NAME: "Fab City Codebase"
+    APP_NAME: "Interfacer Codebase"
     log:
       ENABLE_ACCESS_LOG: true
   metrics:
diff --git a/apps/interfacer-core/kustomization.yaml b/apps/interfacer-core/kustomization.yaml
new file mode 100644
index 0000000..bd1b3cd
--- /dev/null
+++ b/apps/interfacer-core/kustomization.yaml
@@ -0,0 +1,10 @@
+---
+namespace: interfacer-core
+resources:
+  - namespace.yaml
+helmCharts:
+  - name: fcoscore
+    version: 0.1.0
+    releaseName: interfacer-core
+    namespace: interfacer-core
+    repo: https://gitlab.fabcity.hamburg/api/v4/projects/248/packages/helm/alpha
diff --git a/base/operators/postgresql/namespace.yaml b/apps/interfacer-core/namespace.yaml
similarity index 65%
rename from base/operators/postgresql/namespace.yaml
rename to apps/interfacer-core/namespace.yaml
index c018263..89e6091 100644
--- a/base/operators/postgresql/namespace.yaml
+++ b/apps/interfacer-core/namespace.yaml
@@ -2,4 +2,4 @@
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: postgresql
+  name: interfacer-core
diff --git a/apps/interfacer-webpresence/deployment.yaml b/apps/interfacer-webpresence/deployment.yaml
new file mode 100644
index 0000000..147b06b
--- /dev/null
+++ b/apps/interfacer-webpresence/deployment.yaml
@@ -0,0 +1,27 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: interfacer-webpresence-deployment
+spec:
+  selector:
+    matchLabels:
+      app: interfacer-webpresence
+  replicas: 2
+  template:
+    metadata:
+      labels:
+        app: interfacer-webpresence
+    spec:
+      containers:
+        - name: webpresence
+          image: fabcityhamburg/interfacer-webpresence:latest
+          ports:
+            - containerPort: 80
+          resources:
+            requests:
+              memory: "64Mi"
+              cpu: "250m"
+            limits:
+              memory: "128Mi"
+              cpu: "500m"
diff --git a/apps/interfacer-webpresence/kustomization.yaml b/apps/interfacer-webpresence/kustomization.yaml
new file mode 100644
index 0000000..67c151f
--- /dev/null
+++ b/apps/interfacer-webpresence/kustomization.yaml
@@ -0,0 +1,6 @@
+---
+namespace: interfacer-webpresence
+resources:
+  - namespace.yaml
+  - deployment.yaml
+  - service.yaml
diff --git a/base/apps/keycloak/namespace.yaml b/apps/interfacer-webpresence/namespace.yaml
similarity index 59%
rename from base/apps/keycloak/namespace.yaml
rename to apps/interfacer-webpresence/namespace.yaml
index bf1caaf..2b24e65 100644
--- a/base/apps/keycloak/namespace.yaml
+++ b/apps/interfacer-webpresence/namespace.yaml
@@ -2,4 +2,4 @@
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: keycloak
+  name: interfacer-webpresence
diff --git a/apps/interfacer-webpresence/service.yaml b/apps/interfacer-webpresence/service.yaml
new file mode 100644
index 0000000..4567c16
--- /dev/null
+++ b/apps/interfacer-webpresence/service.yaml
@@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: interfacer-webpresence
+spec:
+  type: ClusterIP
+  ports:
+    - name: http
+      port: 4141
+      targetPort: http
+      protocol: TCP
diff --git a/apps/kustomization.yaml b/apps/kustomization.yaml
new file mode 100644
index 0000000..4ce24be
--- /dev/null
+++ b/apps/kustomization.yaml
@@ -0,0 +1,5 @@
+---
+resources:
+  - gitea
+  - interfacer-webpresence
+  - interfacer-core
diff --git a/base/apps/cert-manager/letsencrypt.yaml b/base/apps/cert-manager/letsencrypt.yaml
deleted file mode 100644
index 1e91c7d..0000000
--- a/base/apps/cert-manager/letsencrypt.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
----
-apiVersion: cert-manager.io/v1
-kind: Issuer
-metadata:
-  name: letsencrypt-acme-staging
-spec:
-  acme:
-    email: hostmaster@fabcity-hamburg.de
-    server: https://acme-staging-v02.api.letsencrypt.org/directory
-    privateKeySecretRef:
-      name: letsencrypt-acme-key-staging
-    solvers:
-      - http01:
-          ingress:
-            class: nginx
----
-apiVersion: cert-manager.io/v1
-kind: Issuer
-metadata:
-  name: letsencrypt-acme
-spec:
-  acme:
-    email: hostmaster@fabcity-hamburg.de
-    server: https://acme-v02.api.letsencrypt.org/directory
-    privateKeySecretRef:
-      name: letsencrypt-acme-key
-    solvers:
-      - http01:
-          ingress:
-            class: nginx
diff --git a/base/apps/keycloak/database.yaml b/base/apps/keycloak/database.yaml
deleted file mode 100644
index 2043ca0..0000000
--- a/base/apps/keycloak/database.yaml
+++ /dev/null
@@ -1,36 +0,0 @@
----
-apiVersion: postgres-operator.crunchydata.com/v1beta1
-kind: PostgresCluster
-metadata:
-  name: fcos-keycloak-postgresql-cluster
-spec:
-  postgresVersion: 14
-  instances:
-    - replicas: 1
-      dataVolumeClaimSpec:
-        accessModes:
-          - "ReadWriteOnce"
-        resources:
-          requests:
-            storage: 1Gi
-      affinity:
-        podAntiAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-            - weight: 1
-              podAffinityTerm:
-                topologyKey: kubernetes.io/hostname
-                labelSelector:
-                  matchLabels:
-                    postgres-operator.crunchydata.com/cluster: keycloak-db
-                    postgres-operator.crunchydata.com/instance-set: "00"
-  backups:
-    pgbackrest:
-      repos:
-        - name: repo1
-          volume:
-            volumeClaimSpec:
-              accessModes:
-                - "ReadWriteOnce"
-              resources:
-                requests:
-                  storage: 1Gi
diff --git a/base/apps/keycloak/instance.yaml b/base/apps/keycloak/instance.yaml
deleted file mode 100644
index 7484846..0000000
--- a/base/apps/keycloak/instance.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: fcos-keycloak
-spec:
-  instances: 1
-  hostname: id.dev.fabcity-hamburg.de
-  serverConfiguration:
-    - name: db
-      value: postgres
-    - name: db-url
-      secret:
-        name: fcos-keycloak-postgresql-cluster-pguser-fcos-keycloak-postgresql-cluster
-        key: jdbc-uri
-  tlsSecret: tls-keycloak
diff --git a/base/apps/keycloak/kustomization.yaml b/base/apps/keycloak/kustomization.yaml
deleted file mode 100644
index a63d4bc..0000000
--- a/base/apps/keycloak/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-namespace: keycloak
-resources:
-  - database.yaml
-  - instance.yaml
-  - realm.yaml
diff --git a/base/apps/kustomization.yaml b/base/apps/kustomization.yaml
deleted file mode 100644
index 20e2acb..0000000
--- a/base/apps/kustomization.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
----
-resources:
-  - cert-manager
-  # - keycloak
diff --git a/base/cert-manager/kustomization.yaml b/base/cert-manager/kustomization.yaml
new file mode 100644
index 0000000..ee8a493
--- /dev/null
+++ b/base/cert-manager/kustomization.yaml
@@ -0,0 +1,11 @@
+---
+# namespace: cert-manager
+resources:
+  - namespace.yaml
+helmCharts:
+  - name: cert-manager
+    version: v1.10.1
+    releaseName: interfacer-cert-manager
+    repo: https://charts.jetstack.io
+    namespace: cert-manager
+    valuesFile: values.yaml
diff --git a/base/operators/cert-manager/namespace.yaml b/base/cert-manager/namespace.yaml
similarity index 100%
rename from base/operators/cert-manager/namespace.yaml
rename to base/cert-manager/namespace.yaml
diff --git a/base/cert-manager/values.yaml b/base/cert-manager/values.yaml
new file mode 100644
index 0000000..5313695
--- /dev/null
+++ b/base/cert-manager/values.yaml
@@ -0,0 +1,2 @@
+---
+installCRDs: true
diff --git a/base/charts/external-dns/kustomization.yaml b/base/charts/external-dns/kustomization.yaml
deleted file mode 100644
index c64c0c9..0000000
--- a/base/charts/external-dns/kustomization.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-namespace: external-dns
-resources:
-  - namespace.yaml
-helmCharts:
-  - name: external-dns
-    version: 1.11.0
-    releaseName: fcos-external-dns
-    namespace: external-dns
-    repo: https://kubernetes-sigs.github.io/external-dns/
-    valuesFile: values.yaml
diff --git a/base/charts/external-dns/namespace.yaml b/base/charts/external-dns/namespace.yaml
deleted file mode 100644
index 3e353b5..0000000
--- a/base/charts/external-dns/namespace.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: external-dns
diff --git a/base/charts/external-dns/values.yaml b/base/charts/external-dns/values.yaml
deleted file mode 100644
index 85c3213..0000000
--- a/base/charts/external-dns/values.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-provider: rfc2136
-extraArgs:
-  - --rfc2136-host=dns.svc.mesh.sourceindex.de
-  - --rfc2136-port=53
-  - --rfc2136-zone=dev.fabcity-hamburg.de
-  - --rfc2136-tsig-keyname=k8s
-  - --rfc2136-tsig-secret=vIGI59apswrajcLTuw3j9xX9/Y/LewNtxJwqXxI3sUEQYvxRjQH7PuVtcEEXu4vr
-  - --rfc2136-tsig-secret-alg=hmac-sha384
-  - --rfc2136-tsig-axfr
-  - --domain-filter=dev.fabcity-hamburg.de
diff --git a/base/charts/kustomization.yaml b/base/charts/kustomization.yaml
deleted file mode 100644
index 8d8ab55..0000000
--- a/base/charts/kustomization.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-resources:
-  - ingress-nginx
-  - external-dns
-  - gitea
diff --git a/base/charts/ingress-nginx/kustomization.yaml b/base/ingress-nginx/kustomization.yaml
similarity index 77%
rename from base/charts/ingress-nginx/kustomization.yaml
rename to base/ingress-nginx/kustomization.yaml
index a2b4088..94c634a 100644
--- a/base/charts/ingress-nginx/kustomization.yaml
+++ b/base/ingress-nginx/kustomization.yaml
@@ -4,8 +4,8 @@ resources:
   - namespace.yaml
 helmCharts:
   - name: ingress-nginx
-    version: 4.2.0
-    releaseName: fcos-ingress-nginx
+    version: 4.4.0
+    releaseName: interfacer-ingress-nginx
     repo: https://kubernetes.github.io/ingress-nginx
     namespace: ingress-nginx
     valuesFile: values.yaml
diff --git a/base/charts/ingress-nginx/namespace.yaml b/base/ingress-nginx/namespace.yaml
similarity index 100%
rename from base/charts/ingress-nginx/namespace.yaml
rename to base/ingress-nginx/namespace.yaml
diff --git a/base/charts/ingress-nginx/values.yaml b/base/ingress-nginx/values.yaml
similarity index 100%
rename from base/charts/ingress-nginx/values.yaml
rename to base/ingress-nginx/values.yaml
diff --git a/base/kustomization.yaml b/base/kustomization.yaml
index 3e38a5e..7bc9dc0 100644
--- a/base/kustomization.yaml
+++ b/base/kustomization.yaml
@@ -1,5 +1,4 @@
 ---
 resources:
-  - operators
-  - charts
-  - apps
+  - cert-manager
+  # - ingress-nginx
diff --git a/base/operators/cert-manager/kustomization.yaml b/base/operators/cert-manager/kustomization.yaml
deleted file mode 100644
index 57fdb23..0000000
--- a/base/operators/cert-manager/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-namespace: cert-manager
-resources:
-  - namespace.yaml
-  - subscription.yaml
-  - operatorgroup.yaml
diff --git a/base/operators/cert-manager/operatorgroup.yaml b/base/operators/cert-manager/operatorgroup.yaml
deleted file mode 100644
index 64f0444..0000000
--- a/base/operators/cert-manager/operatorgroup.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-apiVersion: operators.coreos.com/v1
-kind: OperatorGroup
-metadata:
-  name: cert-manager
diff --git a/base/operators/cert-manager/subscription.yaml b/base/operators/cert-manager/subscription.yaml
deleted file mode 100644
index 826de4b..0000000
--- a/base/operators/cert-manager/subscription.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-apiVersion: operators.coreos.com/v1alpha1
-kind: Subscription
-metadata:
-  name: cert-manager
-spec:
-  name: cert-manager
-  channel: stable
-  source: operatorhubio-catalog
-  sourceNamespace: olm
-  installPlanApproval: Automatic
diff --git a/base/operators/keycloak/kustomization.yaml b/base/operators/keycloak/kustomization.yaml
deleted file mode 100644
index 29b0254..0000000
--- a/base/operators/keycloak/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-namespace: keycloak
-resources:
-  - namespace.yaml
-  - subscription.yaml
-  - operatorgroup.yaml
diff --git a/base/operators/keycloak/namespace.yaml b/base/operators/keycloak/namespace.yaml
deleted file mode 100644
index bf1caaf..0000000
--- a/base/operators/keycloak/namespace.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: keycloak
diff --git a/base/operators/keycloak/operatorgroup.yaml b/base/operators/keycloak/operatorgroup.yaml
deleted file mode 100644
index 5fb477c..0000000
--- a/base/operators/keycloak/operatorgroup.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: operators.coreos.com/v1
-kind: OperatorGroup
-metadata:
-  name: keycloak
-spec:
-  targetNamespaces:
-    - keycloak
diff --git a/base/operators/keycloak/subscription.yaml b/base/operators/keycloak/subscription.yaml
deleted file mode 100644
index f40ede8..0000000
--- a/base/operators/keycloak/subscription.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-apiVersion: operators.coreos.com/v1alpha1
-kind: Subscription
-metadata:
-  name: keycloak
-spec:
-  name: keycloak-operator
-  channel: candidate
-  source: operatorhubio-catalog
-  sourceNamespace: olm
-  installPlanApproval: Automatic
diff --git a/base/operators/kustomization.yaml b/base/operators/kustomization.yaml
deleted file mode 100644
index 75f3cd8..0000000
--- a/base/operators/kustomization.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-resources:
-  - cert-manager
-  - postgresql
-  - keycloak
diff --git a/base/operators/postgresql/kustomization.yaml b/base/operators/postgresql/kustomization.yaml
deleted file mode 100644
index 3cb9700..0000000
--- a/base/operators/postgresql/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-namespace: postgresql
-resources:
-  - namespace.yaml
-  - subscription.yaml
-  - operatorgroup.yaml
diff --git a/base/operators/postgresql/operatorgroup.yaml b/base/operators/postgresql/operatorgroup.yaml
deleted file mode 100644
index 5c3c25c..0000000
--- a/base/operators/postgresql/operatorgroup.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: operators.coreos.com/v1
-kind: OperatorGroup
-metadata:
-  name: postgresql
-spec:
-  targetNamespaces:
-    - keycloak
diff --git a/base/operators/postgresql/subscription.yaml b/base/operators/postgresql/subscription.yaml
deleted file mode 100644
index f5a5546..0000000
--- a/base/operators/postgresql/subscription.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-apiVersion: operators.coreos.com/v1alpha1
-kind: Subscription
-metadata:
-  name: postgresql
-spec:
-  name: postgresql
-  channel: v5
-  source: operatorhubio-catalog
-  sourceNamespace: olm
-  installPlanApproval: Automatic
diff --git a/default.nix b/default.nix
deleted file mode 100644
index 80aeb43..0000000
--- a/default.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-(import (let lock = builtins.fromJSON (builtins.readFile ./flake.lock);
-in fetchTarball {
-  url =
-    "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
-  sha256 = lock.nodes.flake-compat.locked.narHash;
-}) { src = ./.; }).defaultNix
diff --git a/docs/applications/gitea.md b/docs/applications/gitea.md
deleted file mode 100644
index 344e171..0000000
--- a/docs/applications/gitea.md
+++ /dev/null
@@ -1,7 +0,0 @@
-# Gitea
-
-* <https://gitea.com/gitea/helm-chart/>
-
-```sh
-kubectl get secrets --namespace gitea fcos-gitea-inline-config -o jsonpath="{.data.admin}" | base64 --decode
-```
diff --git a/docs/applications/keycloak.md b/docs/applications/keycloak.md
deleted file mode 100644
index fa2d075..0000000
--- a/docs/applications/keycloak.md
+++ /dev/null
@@ -1,10 +0,0 @@
-# Keycloak
-
-```sh
-kubectl get secrets --namespace keycloak fcos-keycloak-initial-admin -o jsonpath="{.data.username}" | base64 --decode
-kubectl get secrets --namespace keycloak fcos-keycloak-initial-admin -o jsonpath="{.data.password}" | base64 --decode
-```
-
-```sh
-python -c 'import sys, yaml, json; print(yaml.dump(json.loads(sys.stdin.read())))' < realm-export.json > realm-export.yaml
-```
diff --git a/docs/assets/fc_logo.ico b/docs/assets/fc_logo.ico
deleted file mode 100644
index c770671d16a85368ba8afc3fcad126e70b058015..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 4286
zcmd5=>vK~@6u<rle)2Oje({qtYC(!R)3gO0+fd3#1qJH^VN}qTsb!eyp!HF!P=VUc
z$n-(gK2n(~t)#WF(m_f~Y73D*V$(o@=0WpLlia-Xb9Y1Ho%DuaXw=Q@-M#0W-QPK9
z&pCT19QOeEty#m-CntN5;~wHT?h(=niOV6K(pe+ChaZjhD1qZ3(t<%?Y|M|h-nOIk
zRT~t)_~7$JL?p#Y;eZd8Nd>Of?7;LFrLbK+k4P{eE-au%2*iyWA)Kgpp?IqWdHH76
z3#Ar(TC)tbI*4#supn_73B$9f#<lj3FnKT^<L_m&K6z*p7P@P}8?*og5otDC7%~};
zox5zv&5PpZZ#08;s)r=kjBO=WG&Q?nG_F*_Z@Ueh{3Na%mO}aN`Y3kU28`2A^q@3V
zbusjcHUymJxCT5Q!SJvT`}W)8STWqhG3JjqcH7X`=Y`W5LCE8TX|xwppYMv>%P?cu
z!jbxeywB9V4$H(KLS8pMtajr00t>S_5ii+$j>OE?balF+AL_(Jr3A|TYooRb@siA`
zFMhAcfu^Yv(#_FxPKG6<$LxP|j}7vEFI+BSKktHBDaZ7Y(zvga+Aq|H_+sLH35vF)
z#;3S6CQ4qkqV<#;OG_f>Z#O|V&<xcFMJvx=h%1;+9L!6JPjPAde^$GUxw%yFAAv`w
z!S&8hSp2g%6yPQLB^Cb0O=gspJ1{!xhu<%rH}OCgOlYn<W-dbA@D9eypGq1Rcf+SX
ze_@*yS}iF?X*S+)jpZY&10sG%g};4=6?#J`O?1F#HL#rjKjUvM5|4lC|BTyTnTtJp
z?eRLFnCltCzjH54)xHe9K7^JQ53B9Mx}O>Q={@iyE>{)cR&N8mOE+0;(K}83XOP`-
z1%(!N*HB$n&;Iocm)1LNTNPXjQ;3LMq%_AzM*Jv0;9z$Vt#|hw|D+y{mt|x2_+D65
z=Rm&=QZ;(7_4M$lsBpk=pZTY5*azde4g_7cRIn@fI=vl#%>4|H*Sdn2iopBqn4SL#
z&ZYTOqDlEKehIC8ThTT68Z<YD5Da;f%ElPMkPq{V!;mR<qqVmf%N}El^^ZpvZ$eA&
z799QVG1SYR#@P#pU@()|A>Ubvjna&k8T4PQ!dKnT;0RgMe5Q!t-%b?0=l3XnG3wf%
zz?U6sag>Z-_dJW=F4x21(#7|2x(ygnHR9wC&k>o&iEI{Iv)cGnhdQ=*7TV61;L2P#
zRGQQHM!r2tCp;>{<cO}Bz!&a+tYaOHb*_v1C&v3X@P$}nb9!c(v|kKUNLv+rkBQk3
zi$CH1spfP|(-|q2-Rb9FAn3v1ST#;`Z4f=<WI9mn<6YSp7(EPsz#Y$%bS8ly5B0(T
zItE^e$MxNCDX+bMCuXn93AQI4NYOQJ-VEjRDRLgtJHGfk*JAnJ^kX3|O*MnojZCx%
zBCt5L7*f`t@pLZHgVvcWG=49E;?l=3*)^m#-uriQx;lo!0caP`Ge3VTe+imfzakX!
Nr?p+|e}MmL{0sh*M(_Xt

diff --git a/docs/assets/fc_logo.svg b/docs/assets/fc_logo.svg
deleted file mode 100644
index 1ca4b6a..0000000
--- a/docs/assets/fc_logo.svg
+++ /dev/null
@@ -1,51 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<svg
-   width="64.6567"
-   height="64.999603"
-   viewBox="0 0 64.6567 64.999603"
-   fill="none"
-   version="1.1"
-   id="svg930"
-   sodipodi:docname="fchh-logo.svg"
-   inkscape:version="1.1.2 (0a00cf5339, 2022-02-04)"
-   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
-   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
-   xmlns="http://www.w3.org/2000/svg"
-   xmlns:svg="http://www.w3.org/2000/svg">
-  <defs
-     id="defs934" />
-  <sodipodi:namedview
-     id="namedview932"
-     pagecolor="#ffffff"
-     bordercolor="#666666"
-     borderopacity="1.0"
-     inkscape:pageshadow="2"
-     inkscape:pageopacity="0.0"
-     inkscape:pagecheckerboard="0"
-     showgrid="false"
-     fit-margin-top="0"
-     fit-margin-left="0"
-     fit-margin-right="0"
-     fit-margin-bottom="0"
-     inkscape:zoom="8.4"
-     inkscape:cx="62.619048"
-     inkscape:cy="32.440476"
-     inkscape:window-width="1910"
-     inkscape:window-height="1164"
-     inkscape:window-x="0"
-     inkscape:window-y="0"
-     inkscape:window-maximized="1"
-     inkscape:current-layer="svg930" />
-  <path
-     d="M 48.5249,27.8242 V 9.80015 C 48.5247,9.61602 48.4761,9.43519 48.384,9.27578 48.2918,9.11638 48.1594,8.984 47.9999,8.89194 L 32.8528,0.140666 C 32.6931,0.048514 32.5121,0 32.3278,0 32.1435,0 31.9624,0.048514 31.8028,0.140666 L 16.6539,8.89019 C 16.4944,8.98225 16.362,9.11463 16.2698,9.27403 16.1777,9.43344 16.1291,9.61427 16.1289,9.7984 v 18.0258 l 15.6739,-9.0575 c 0.1596,-0.0922 0.3407,-0.1407 0.525,-0.1407 0.1843,0 0.3653,0.0485 0.525,0.1407 z"
-     fill="#35a58e"
-     id="path910" />
-  <path
-     d="m 32.3271,55.8487 15.6057,9.0102 c 0.1596,0.0922 0.3407,0.1407 0.525,0.1407 0.1843,0 0.3653,-0.0485 0.525,-0.1407 l 15.1489,-8.7495 c 0.1594,-0.092 0.2919,-0.2244 0.384,-0.3838 0.0922,-0.1594 0.1408,-0.3403 0.141,-0.5244 v -17.499 c -2e-4,-0.1842 -0.0488,-0.365 -0.141,-0.5244 -0.0921,-0.1594 -0.2246,-0.2918 -0.384,-0.3838 L 48.5278,27.8047 v 18.0765 c -2e-4,0.1841 -0.0488,0.365 -0.141,0.5244 -0.0921,0.1594 -0.2245,0.2918 -0.384,0.3838 z"
-     fill="#3a70ca"
-     id="path912" />
-  <path
-     d="m 32.3278,55.8487 -15.6057,9.0102 c -0.1596,0.0922 -0.3407,0.1407 -0.525,0.1407 -0.1843,0 -0.3653,-0.0485 -0.5249,-0.1407 L 0.524972,56.1094 C 0.365518,56.0174 0.233077,55.885 0.140935,55.7256 0.0487924,55.5662 1.88854e-4,55.3853 0,55.2012 V 37.7022 C 1.88854e-4,37.518 0.0487924,37.3372 0.140935,37.1778 0.233077,37.0184 0.365518,36.886 0.524972,36.794 L 16.1289,27.8047 v 18.0765 c 2e-4,0.1841 0.0488,0.365 0.1409,0.5244 0.0922,0.1594 0.2246,0.2918 0.3841,0.3838 z"
-     fill="#eb4544"
-     id="path914" />
-</svg>
diff --git a/docs/basics.md b/docs/basics.md
deleted file mode 100644
index de4dbad..0000000
--- a/docs/basics.md
+++ /dev/null
@@ -1,3 +0,0 @@
-# Basics
-
-## Concepts
diff --git a/docs/development/contributing.md b/docs/development/contributing.md
deleted file mode 100644
index 34dac95..0000000
--- a/docs/development/contributing.md
+++ /dev/null
@@ -1,142 +0,0 @@
-# Contributing <!-- omit in toc -->
-
-First of all, thank you for contributing to FabCityOS! The goal of this document is to provide everything you need to know in order to contribute to FabCityOS and its different integrations.
-
-- [Assumptions](#assumptions)
-- [How to Contribute](#how-to-contribute)
-- [Development Workflow](#development-workflow)
-- [Git Guidelines](#git-guidelines)
-- [Release Process (for internal team only)](#release-process-for-internal-team-only)
-
-## Assumptions
-
-1. **You're familiar with [Gitlab](https://about.gitlab.com/learn/) and the [Merge Request](https://docs.gitlab.com/ee/user/project/merge_requests/creating_merge_requests.html)(PR) workflow.**
-2. **You've read the FabCityOS [documentation](https://www.interfacerproject.eu/) and the [README](/README.md).**
-3. **You know about the FabCityOS [community](https://matrix.to/#/#fcos:fabcity.hamburg). Please use this for help.**
-
-## How to Contribute
-
-1. Make sure that the contribution you want to make is explained or detailed in a GitHub issue! Find an [existing issue](https://gitlab.fabcity.hamburg/software/fabcity-os-core-chart/-/issues) or [open a new one](https://gitlab.fabcity.hamburg/software/fabcity-os-core-chart/-/issues/new).
-2. Once done, [fork the FabCityOS Core Chart repository](https://docs.gitlab.com/ee/user/project/repository/forking_workflow.html) in your Gitlab account. Ask a maintainer if you want your issue to be checked before making a PR.
-3. [Create a new Git branch](https://docs.gitlab.com/ee/user/project/repository/web_editor.html#create-a-new-branch).
-4. Review the [Development Workflow](#development-workflow) section that describes the steps to maintain the repository.
-5. Make the changes on your branch.
-6. [Submit the branch as a PR](https://docs.gitlab.com/ee/user/project/merge_requests/index.html) pointing to the `main` branch of the main fabcity-os-core-chart repository. A maintainer should comment and/or review your Pull Request within a few days. Although depending on the circumstances, it may take longer.<br>
-   We do not enforce a naming convention for the PRs, but **please use something descriptive of your changes**, having in mind that the title of your PR will be automatically added to the next [release changelog](https://gitlab.fabcity.hamburg/software/fabcity-os-core-chart/releases/).
-
-## Development Workflow
-
-### Setup <!-- omit in toc -->
-
-In order to use the different tools on this repository, you will first need to:
-
-- [Install Kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) on your machine. This will allow you to run commands against your Kubernetes cluster with the `kubectl` command.
-
-- [Install Helm](https://helm.sh/docs/intro/install/). This will allow you to run the `helm` command, enabling the installation and manipulation of Helm charts.
-
-- A Kubernetes cluster up and running. Any Kubernetes cluster can be used, on the cloud or locally installed on your machine. This can be easily achieved by [installing k3d](https://k3d.io/#installation), and creating a local cluster by running:
-
-- [Optional: Use the Nix Package Manager](https://nix.dev/tutorials/install-nix). This will allow you to make use of the [nixpkgs](https://github.com/NixOS/nixpkgs), automatically managing all required dependencies from the `nix shell env`. In addition you also need the [nixpkgs: direnv](https://search.nixos.org/packages?query=direnv) for automatic environment selection.
-
-#### Setup the development Cluster <!-- omit in toc -->
-
-```bash
-k3d cluster create --config test/k3d-fcos-dev.yaml
-k3d cluster list
-k3d node list
-kubectl get --output wide nodes
-kubectl get --all-namespaces pods
-```
-
-#### Deploy FabCityOS to the the development Cluster<!-- omit in toc -->
-
-```sh
-kubectl kustomize overlays/dev --enable-helm | kubectl apply -f -
-```
-
-#### Watch all resources <!-- omit in toc -->
-
-```sh
-watch -n 1 kubectl get all --all-namespaces
-```
-
-#### Remove the development Cluster <!-- omit in toc -->
-
-```sh
-k3d cluster delete --all
-```
-
-### Tests and Linter <!-- omit in toc -->
-
-Each PR should pass the linter to be accepted.
-
-```bash
-# Linter
-helm lint .
-```
-
-Each PR should also check if the generated file `manifests/fcos.yaml` is updated with the new modifications.
-You can generated the manifest with the command line:
-
-```bash
-helm template fcos . | grep -v 'helm.sh/chart:\|app.kubernetes.io/managed-by:' > manifests/FabCityOS.yaml
-```
-
-Or just by comment the PR:
-
-```txt
-@FabCityOS sync-manifest
-```
-
-Additionally, the CI will run a test to check if there are changes introduced to the charts. If changes were introduced, it will require you to update the Chart version.
-
-## Git Guidelines
-
-### Git Branches <!-- omit in toc -->
-
-All changes must be made in a branch and submitted as PR.
-We do not enforce any branch naming style, but please use something descriptive of your changes.
-
-### Git Commits <!-- omit in toc -->
-
-As minimal requirements, your commit message should:
-
-- be capitalized
-- not finish by a dot or any other punctuation character (!,?)
-- start with a verb so that we can read your commit message this way: "This commit will ...", where "..." is the commit message.
-  e.g.: "Fix the home page button" or "Add more tests for create_index method"
-
-We don't follow any other convention, but if you want to use one, we recommend [this one](https://chris.beams.io/posts/git-commit/).
-
-### Pull Requests <!-- omit in toc -->
-
-Some notes on PRs:
-
-<!-- TODO: fix links -->
-
-- [Convert your PR as a draft]() if your changes are a work in progress: no one will review it until you pass your PR as ready for review.<br>
-  The draft PR can be very useful if you want to show that you are working on something and make your work visible.
-- The branch related to the PR must be **up-to-date with `main`** before merging. Fortunately, this project [integrates a bot]() to automatically enforce this requirement without the PR author having to do it manually.
-- All PRs must be reviewed and approved by at least one maintainer.
-- The PR title should be accurate and descriptive of the changes. The title of the PR will be indeed automatically added to the next [release changelogs]().
-
-## Release Process (for internal team only)
-
-FabCityOS tools follow the [Semantic Versioning Convention](https://semver.org/).
-
-### Automation to Rebase and Merge the PRs <!-- omit in toc -->
-
-This project integrates a bot that helps us manage pull requests merging.<br>
-_[Read more about this]()._
-
-### How to Publish the Release <!-- omit in toc -->
-
-⚠️ Before doing anything, make sure you got through the guide about [Releasing an Integration]().
-
-⚠️ Every PR that is merged to `main` introducing changes to the Helm Chart needs to modify the file, by increasing the version of the chart accordingly.
-
-Every PR that is merged to `main` triggers the automated release process, as specified at [``](). A GitHub Action will be triggered and publish a new release on the GitHub repository [releases](). This will enable users to start using the new version of the chart immediately after publishing.
-
-<hr>
-
-Thank you again for reading this through, we can not wait to begin to work with you if you made your way through this contributing guide ❤️
diff --git a/docs/getting-started.md b/docs/getting-started.md
deleted file mode 100644
index b682fc3..0000000
--- a/docs/getting-started.md
+++ /dev/null
@@ -1,11 +0,0 @@
-# Getting Started
-
-## Overview
-
-## Features
-
-## Supported Providers
-
-## Resources
-
-## Security
diff --git a/docs/index.md b/docs/index.md
deleted file mode 100644
index 54906c8..0000000
--- a/docs/index.md
+++ /dev/null
@@ -1,113 +0,0 @@
-<p align="center">
-  <img src="https://www.fabcity.hamburg/wp-content/uploads/2021/04/cropped-Fab_City_Hamburg@4x-192x192.png" alt="FabCity Hamburg" width="192" height="192" />
-</p>
-
-<h1 align="center">FabCityOS Kubernetes Integration Repo</h1>
-
-<h4 align="center">
-  <a href="https://github.com/FabCityOS Core/FabCityOS Core">Helm Chart</a> |
-  <a href="https://reflowos.dyne.org/docs/what_is_reflowOS">Documentation</a> |
-  <a href="https://matrix.to/#/#fcos:fabcity.hamburg">Element</a> |
-  <a href="https://www.interfacerproject.eu/">Website</a> |
-  <a href="https://www.interfacerproject.eu/#news">Blog</a> |
-</h4>
-
-<p align="center">
-  <a href="https://gitlab.fabcity.hamburg/software/fabcity-os-core-chart/LICENSE"><img src="https://img.shields.io/badge/license-AGPL-informational" alt="License"></a>
-  <a href="https://gitlab.fabcity.hamburg/software/fabcity-os-core-chart/-/pipelines"><img src="https://gitlab.fabcity.hamburg/software/fabcity-os-core-chart/badges/main/pipeline.svg" alt="Build status"></a>
-  <a href="https://matrix.to/#/#fcos:fabcity.hamburg"><img src="https://img.shields.io/badge/Matrix-FCOS-blue.svg?logo=element" alt="Element"></a>
-</p>
-
-<p align="center">The FabCityOS Integration Repo for Kubernetes ⚓️</p>
-
-This Integration repo is designed to be a lightweight way to configure FabCityOS applications.
-
-**FabCityOS** is an operating system enabling a data-based circular economy via global collaboration and local production.
-
-## Table of Contents <!-- omit in toc -->
-
-- [📖 Documentation](#-documentation)
-- [🚀 Getting Started](#-getting-started)
-  - [Repository structure](#repository-structure)
-- [🤖 Compatibility with FabCityOS](#-compatibility-with-fabcityos)
-- [⚙️ Development Workflow and Contributing](#️-development-workflow-and-contributing)
-
-## 📖 Documentation
-
-- [k3d](https://k3d.io/)
-- [kubectl](https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands)
-- [kustomize](https://kubectl.docs.kubernetes.io/guides/)
-- [helm](https://helm.sh/docs/)
-- [kubectx](https://kubectx.dev/)
-- [kube-linter](https://github.com/stackrox/kube-linter)
-- [k9s](https://k9scli.io/)
-- [sops](https://github.com/mozilla/sops)
-- [cert-manager](https://cert-manager.io/docs/)y
-
-## 🚀 Getting Started
-
-Kubernetes (K8s), is an open-source system for automating deployment, scaling, and management of containerized applications. You can run a FabCityOS Core instance inside your Kubernetes cluster, either if you want to expose it to the outside world or just let some other applications use it inside your cluster and take advantage of the instant and powerful search engine.
-
-First of all, you will need a Kubernetes cluster up and running. If you are not familiar with how Kuberentes works or need some help with this step, please check the [Kubernetes documentation](https://kubernetes.io/docs/home/).
-
-### Repository structure
-
-```yaml
-├── apps                                # kustomize global applications folder
-│   ├── wordpress                       # kustomize global application folder
-│   │   ├── kustomization.yaml          # kustomize global application definition
-│   │   ├── charts                      # helm global chart config folder
-│   │   └── ...                         # kustomize global application objects
-│   └── ...                             # kustomize global applications objects
-├── base                                # kustomize global objects folder
-│   ├── kustomization.yaml              # kustomize global application config
-│   └── ...                             # kustomize global cluster objects
-├── overlays                            # kustomize environment overrides
-│   ├── dev                             # kustomize environment folder
-│   │   ├── kustomization.yaml          # kustomize environment definition
-│   │   └── apps                        # kustomize applications folder
-│   │       └── cert-manager            # kustomize application folder
-│   │           ├── kustomization.yaml  # kustomize application config
-│   │           └── ...                 # kustomize application objects
-│   └── ...                             # kustomize environment folder
-├── .envrc                              # direnv support file
-├── default.nix                         # nixos flake legacy support file
-├── flake.lock                          # nixos flake versions lock file
-├── flake.nix                           # nixos local runtime dependency
-├── shell.nix                           # nixos local development shell
-```
-
-### Install kubectl <!-- omit in toc -->
-
-`kubectl` is the most commonly used CLI to manage a Kubernetes cluster. The installation instructions are [available here](https://kubernetes.io/docs/tasks/tools/install-kubectl/).
-
-### Deploy FabCityOS <!-- omit in toc -->
-
-#### Install Kustomize <!-- omit in toc -->
-
-Kustomize CLI is a Command Line Interface which will automate configuration management on your Kubernetes cluster. To install Kustomize, follow the [Kustomize installation instructions](https://kubectl.docs.kubernetes.io/installation/kustomize/).
-
-#### Install helm <!-- omit in toc -->
-
-Helm CLI is a Command Line Interface which will automate chart management and installation on your Kubernetes cluster. To install Helm, follow the [Helm installation instructions](https://helm.sh/docs/intro/install/).
-
-#### Deploy FabCityOS <!-- omit in toc -->
-
-```sh
-kubectl kustomize overlays/prod --enable-helm | kubectl apply -f -
-```
-
-## 🤖 Compatibility with FabCityOS
-
-We recommend that the Helm chart version is aligned to the version of the product you want to deploy. This will ensure that you are using a chart version that has been tested against the corresponding production version.
-This will also ensure that the documentation and examples for the chart will work with the version of the product, you are installing.
-
-For example, if you want to deploy an fcos `0.1.0` cluster, use the corresponding `0.1.0` [tag][fcos-010].
-
-The `master` version of these charts is intended to support the latest pre-release versions of our products, and therefore may or may not work with current released versions.
-
-## ⚙️ Development Workflow and Contributing
-
-Any new contribution is more than welcome in this project!
-
-If you want to know more about the development workflow or want to contribute, please visit our [contributing guidelines](/CONTRIBUTING.md) for detailed instructions!
diff --git a/flake.lock b/flake.lock
index d589634..ea83da4 100644
--- a/flake.lock
+++ b/flake.lock
@@ -3,11 +3,11 @@
     "flake-compat": {
       "flake": false,
       "locked": {
-        "lastModified": 1650374568,
-        "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
+        "lastModified": 1668681692,
+        "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "b4a34015c698c7793d592d66adbab377907a2be8",
+        "rev": "009399224d5e398d03b22badca40a37ac85412a1",
         "type": "github"
       },
       "original": {
@@ -18,11 +18,11 @@
     },
     "flake-utils": {
       "locked": {
-        "lastModified": 1656928814,
-        "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
+        "lastModified": 1667395993,
+        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
+        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
         "type": "github"
       },
       "original": {
@@ -31,27 +31,117 @@
         "type": "github"
       }
     },
+    "gitignore": {
+      "inputs": {
+        "nixpkgs": [
+          "pre-commit-hooks",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1660459072,
+        "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1657425264,
-        "narHash": "sha256-3aHvoI2e8vJKw3hvnHECaBpSsL5mxVsVtaLCnTdNcH8=",
+        "lastModified": 1669542132,
+        "narHash": "sha256-DRlg++NJAwPh8io3ExBJdNW7Djs3plVI5jgYQ+iXAZQ=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "de5b3dd17034e6106e75746e81618e5bd408de8a",
+        "rev": "a115bb9bd56831941be3776c8a94005867f316a7",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-unstable-small",
+        "ref": "nixos-unstable",
         "repo": "nixpkgs",
         "type": "github"
       }
     },
+    "nixpkgs-stable": {
+      "locked": {
+        "lastModified": 1668984258,
+        "narHash": "sha256-0gDMJ2T3qf58xgcSbYoXiRGUkPWmKyr5C3vcathWhKs=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "cf63ade6f74bbc9d2a017290f1b2e33e8fbfa70a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-22.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1668994630,
+        "narHash": "sha256-1lqx6HLyw6fMNX/hXrrETG1vMvZRGm2XVC9O/Jt0T6c=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "af50806f7c6ab40df3e6b239099e8f8385f6c78b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "pre-commit-hooks": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "flake-utils": "flake-utils",
+        "gitignore": "gitignore",
+        "nixpkgs": "nixpkgs_2",
+        "nixpkgs-stable": "nixpkgs-stable"
+      },
+      "locked": {
+        "lastModified": 1669152228,
+        "narHash": "sha256-FEDReoTLWJHXcNso7aaAlAUU7uOqIR6Hc/C/nqlfooE=",
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
+        "rev": "078b0dee35e2da01334af682ec347463b70a9986",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
+        "type": "github"
+      }
+    },
     "root": {
       "inputs": {
-        "flake-compat": "flake-compat",
-        "flake-utils": "flake-utils",
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": "nixpkgs",
+        "pre-commit-hooks": "pre-commit-hooks",
+        "utils": "utils"
+      }
+    },
+    "utils": {
+      "locked": {
+        "lastModified": 1667395993,
+        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
       }
     }
   },
diff --git a/flake.nix b/flake.nix
index 5fc8461..2c21ce5 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,22 +1,96 @@
 {
-  description = "SRX frugal bioreactor";
+  description = "Interfacer SWKit";
   inputs = {
-    nixpkgs = { url = "github:NixOS/nixpkgs/nixos-unstable-small"; };
-    flake-compat = {
-      url = "github:edolstra/flake-compat";
-      flake = false;
-    };
-    flake-utils.url = "github:numtide/flake-utils";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+    utils.url = "github:numtide/flake-utils";
+    pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix";
   };
-  outputs = { self, nixpkgs, flake-utils, ... }@inputs:
-    flake-utils.lib.eachSystem [ "x86_64-linux" ] (system:
-      let
-        pkgs = import nixpkgs {
-          inherit system;
-          config = {
-            allowUnfree = true;
-            allowBroken = true;
+  outputs = {
+    self,
+    nixpkgs,
+    pre-commit-hooks,
+    utils,
+    ...
+  }:
+    utils.lib.eachDefaultSystem (
+      system: let
+        pkgs = nixpkgs.legacyPackages.${system};
+      in {
+        checks = {
+          pre-commit-check = pre-commit-hooks.lib.${system}.run {
+            src = utils.lib.cleanSource ./.;
+            hooks = {
+              alejandra.enable = true;
+              nix-linter.enable = true;
+              statix .enable = true;
+            };
+            settings.nix-linter.checks = [
+              "DIYInherit"
+              "EmptyInherit"
+              "EmptyLet"
+              "EtaReduce"
+              "LetInInheritRecset"
+              "ListLiteralConcat"
+              "NegateAtom"
+              "SequentialLet"
+              "SetLiteralUpdate"
+              "UnfortunateArgName"
+              "UnneededRec"
+              "UnusedArg"
+              "UnusedLetBind"
+              "UpdateEmptySet"
+              "BetaReduction"
+              "EmptyVariadicParamSet"
+              "UnneededAntiquote"
+              "no-FreeLetInFunc"
+              "no-AlphabeticalArgs"
+              "no-AlphabeticalBindings"
+            ];
           };
         };
-      in { devShells.default = import ./shell.nix { inherit pkgs; }; });
+        devShell = with pkgs;
+          mkShell {
+            name = "interfacer.swkit";
+            nativeBuildInputs = with pkgs; [
+              alejandra
+              cmctl
+              conftest
+              docker
+              dotenv-linter
+              editorconfig-checker
+              git
+              gnumake
+              k9s
+              kube3d
+              kubeconform
+              kubectl
+              kubectx
+              kubernetes-helm
+              kubeval
+              kubeval-schema
+              kustomize
+              mdl
+              mdsh
+              nix-linter
+              pre-commit
+              rnix-lsp
+              vscodium-fhs
+              yaml-language-server
+              yamllint
+              yq
+            ];
+
+            postInstall = ''
+              . <(helm completion $(basename $SHELL))
+              . <(k3d completion $(basename $SHELL))
+              . <(kubectl completion $(basename $SHELL))
+              . <(ct completion $(basename $SHELL))
+            '';
+
+            shellHook = ''
+              ${self.checks.${system}.pre-commit-check.shellHook}
+            '';
+          };
+      }
+    );
 }
diff --git a/ci/k3d-fcos-dev.yaml b/k3s-dev.yaml
similarity index 93%
rename from ci/k3d-fcos-dev.yaml
rename to k3s-dev.yaml
index 217e304..bfbaab5 100644
--- a/ci/k3d-fcos-dev.yaml
+++ b/k3s-dev.yaml
@@ -1,7 +1,7 @@
 ---
 apiVersion: k3d.io/v1alpha4
 kind: Simple
-image: docker.io/rancher/k3s:v1.23.8-k3s1
+image: docker.io/rancher/k3s:v1.23.14-k3s1
 servers: 1
 agents: 2
 ports:
diff --git a/mkdocs.yml b/mkdocs.yml
deleted file mode 100644
index 8d23747..0000000
--- a/mkdocs.yml
+++ /dev/null
@@ -1,34 +0,0 @@
-site_name: Fab City OS
-site_description: A Kubernetes environment to rollout the Fab City OS Core and Software Kit.
-site_author: Fab City Hamburg e. V.
-site_url: https://fabcityos.fabcity.hamburg/
-repo_url: https://gitlab.fabcity.hamburg/software/fabcity-os-integration/
-copyright: © 2022 <a href="https://www.interfacerproject.eu/">INTERFACER, All rights reserved.</a>.
-theme:
-  name: material
-  locale: en
-  logo: assets/fc_logo.svg
-  favicon: assets/fc_logo.ico
-nav:
-  - Home: index.md
-  - Getting started: getting-started.md
-  - Application:
-      - Keycloak: applications/keycloak.md
-      - Gitea: applications/gitea.md
-  - Development:
-      - Contributing: development/contributing.md
-markdown_extensions:
-  - attr_list
-  - md_in_html
-  - tables
-  - toc
-  - pymdownx.highlight:
-      anchor_linenums: true
-  - pymdownx.inlinehilite
-  - pymdownx.snippets
-  - pymdownx.superfences
-plugins:
-  - search
-extra:
-  generator: false
-  homepage: https://www.interfacerproject.eu/
diff --git a/overlays/dev/cert-manager/kustomization.yaml b/overlays/dev/cert-manager/kustomization.yaml
index 48fc7aa..c519dfe 100644
--- a/overlays/dev/cert-manager/kustomization.yaml
+++ b/overlays/dev/cert-manager/kustomization.yaml
@@ -1,4 +1,4 @@
 ---
 namespace: cert-manager
 resources:
-  - selfsigned.yaml
+  - letsencrypt.yaml
diff --git a/overlays/dev/cert-manager/letsencrypt.yaml b/overlays/dev/cert-manager/letsencrypt.yaml
new file mode 100644
index 0000000..8817a23
--- /dev/null
+++ b/overlays/dev/cert-manager/letsencrypt.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: letsencrypt
+spec:
+  acme:
+    email: hostmaster@fabcity-hamburg.de
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: letsencrypt-key
+    solvers:
+      - http01:
+          ingress:
+            class: nginx
diff --git a/overlays/dev/cert-manager/selfsigned.yaml b/overlays/dev/cert-manager/selfsigned.yaml
deleted file mode 100644
index 62be889..0000000
--- a/overlays/dev/cert-manager/selfsigned.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: selfsigned-issuer
-spec:
-  selfSigned: {}
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: selfsigned-issuer
-spec:
-  isCA: true
-  duration: 8760h
-  secretName: tls-selfsigned-issuer
-  commonName: selfsigned-issuer
-  subject:
-    organizations:
-      - k8s-local-dev
-  issuerRef:
-    name: selfsigned-issuer
-    kind: ClusterIssuer
-    group: cert-manager.io
diff --git a/overlays/dev/gitea/ingress.yaml b/overlays/dev/gitea/ingress.yaml
new file mode 100644
index 0000000..095111d
--- /dev/null
+++ b/overlays/dev/gitea/ingress.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: gitea
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    cert-manager.io/cluster-issuer: letsencrypt
+spec:
+  rules:
+    - http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: gitea
+                port:
+                  name: http
+  tls:
+    - hosts:
+        - code.k8s.dev.fabcity-hamburg.de
diff --git a/overlays/dev/gitea/kustomization.yaml b/overlays/dev/gitea/kustomization.yaml
new file mode 100644
index 0000000..90bcea2
--- /dev/null
+++ b/overlays/dev/gitea/kustomization.yaml
@@ -0,0 +1,24 @@
+---
+namespace: gitea
+# patches:
+#   - target:
+#       kind: Ingress
+#       group: networking.k8s.io
+#       version: v1
+#       labelSelector: "app=gitea"
+#     patch: |-
+#       - op: replace
+#         path: /spec/rules
+#         value:
+#           - host: code.k8s.dev.fabcity-hamburg.de
+#             http:
+#               paths:
+#                 - path: /
+#                   pathType: Prefix
+
+#       - op: replace
+#         path: /spec/tls
+#         value:
+#           - secretName: gitea-tls
+#             hosts:
+#               - code.k8s.dev.fabcity-hamburg.de
diff --git a/overlays/dev/keycloak/certificate.yaml b/overlays/dev/keycloak/certificate.yaml
deleted file mode 100644
index f182e71..0000000
--- a/overlays/dev/keycloak/certificate.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: tls-keycloak
-  labels:
-    app: keycloak
-spec:
-  secretName: tls-keycloak
-  isCA: false
-  privateKey:
-    algorithm: RSA
-    encoding: PKCS1
-    size: 2048
-    rotationPolicy: Always
-  subject:
-    organizations:
-      - keycloak
-  duration: 2160h
-  renewBefore: 360h
-  issuerRef:
-    name: selfsigned-issuer
-    kind: ClusterIssuer
-  commonName: "id.dev.fabcity-hamburg.de"
-  dnsNames:
-    - "id.dev.fabcity-hamburg.de"
diff --git a/overlays/dev/keycloak/kustomization.yaml b/overlays/dev/keycloak/kustomization.yaml
deleted file mode 100644
index b6b09cb..0000000
--- a/overlays/dev/keycloak/kustomization.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
----
-namespace: keycloak
-resources:
-  - certificate.yaml
diff --git a/overlays/dev/kustomization.yaml b/overlays/dev/kustomization.yaml
index 7ede3eb..d7fd0e9 100644
--- a/overlays/dev/kustomization.yaml
+++ b/overlays/dev/kustomization.yaml
@@ -1,5 +1,6 @@
 ---
 resources:
   - ../../base
+  - ../../apps
   - cert-manager
-  - keycloak
+  - gitea
diff --git a/base/apps/cert-manager/kustomization.yaml b/overlays/prod/cert-manager/kustomization.yaml
similarity index 100%
rename from base/apps/cert-manager/kustomization.yaml
rename to overlays/prod/cert-manager/kustomization.yaml
diff --git a/overlays/prod/cert-manager/letsencrypt.yaml b/overlays/prod/cert-manager/letsencrypt.yaml
new file mode 100644
index 0000000..895a9ec
--- /dev/null
+++ b/overlays/prod/cert-manager/letsencrypt.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: letsencrypt
+spec:
+  acme:
+    email: hostmaster@fabcity-hamburg.de
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: letsencrypt-key
+    solvers:
+      - http01:
+          ingress:
+            class: nginx
diff --git a/overlays/prod/gitea/kustomization.yaml b/overlays/prod/gitea/kustomization.yaml
deleted file mode 100644
index 97fc0ca..0000000
--- a/overlays/prod/gitea/kustomization.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-namespace: gitea
-patches:
-  - target:
-      kind: Ingress
-      group: networking.k8s.io
-      version: v1
-      labelSelector: "app=gitea"
-    patch: |-
-      - op: replace
-        path: /spec/rules
-        value:
-          - host: code.fabcity-hamburg.de
-            http:
-              paths:
-                - path: /
-                  pathType: Prefix
-
-      - op: replace
-        path: /spec/tls
-        value:
-          - secretName: gitea-tls
-            hosts:
-              - code.fabcity-hamburg.de
diff --git a/overlays/prod/interfacer-webpresence/ingress.yaml b/overlays/prod/interfacer-webpresence/ingress.yaml
new file mode 100644
index 0000000..56b05b2
--- /dev/null
+++ b/overlays/prod/interfacer-webpresence/ingress.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: interfacer-webpresence
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    cert-manager.io/cluster-issuer: letsencrypt
+spec:
+  rules:
+    - http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: interfacer-webpresence
+                port:
+                  name: http
+  tls:
+    - hosts:
+        - www.k8s.dev.fabcity-hamburg.de
diff --git a/overlays/prod/interfacer-webpresence/kustomization.yaml b/overlays/prod/interfacer-webpresence/kustomization.yaml
new file mode 100644
index 0000000..73ba776
--- /dev/null
+++ b/overlays/prod/interfacer-webpresence/kustomization.yaml
@@ -0,0 +1,3 @@
+---
+resources:
+  - ingress.yaml
diff --git a/overlays/prod/keycloak/kustomization.yaml b/overlays/prod/keycloak/kustomization.yaml
deleted file mode 100644
index dbe9364..0000000
--- a/overlays/prod/keycloak/kustomization.yaml
+++ /dev/null
@@ -1,44 +0,0 @@
----
-namespace: keycloak
-patches:
-  - target:
-      kind: PostgresCluster
-      group: postgres-operator.crunchydata.com
-      version: v1beta1
-    patch: |-
-      - op: replace
-        path: /spec/instances
-        value:
-          - replicas: 2
-            dataVolumeClaimSpec:
-              accessModes:
-                - "ReadWriteOnce"
-              resources:
-                requests:
-                  storage: 1Gi
-            affinity:
-              podAntiAffinity:
-                preferredDuringSchedulingIgnoredDuringExecution:
-                  - weight: 1
-                    podAffinityTerm:
-                      topologyKey: kubernetes.io/hostname
-                      labelSelector:
-                        matchLabels:
-                          postgres-operator.crunchydata.com/cluster: keycloak-db
-                          postgres-operator.crunchydata.com/instance-set: "00"
-  - target:
-      kind: Keycloak
-      group: k8s.keycloak.org
-      version: v2alpha1
-    patch: |-
-      - op: replace
-        path: /spec/instances
-        value: 2
-  - target:
-      kind: Keycloak
-      group: k8s.keycloak.org
-      version: v2alpha1
-    patch: |-
-      - op: replace
-        path: /spec/hostname
-        value: id.fabcity-hamburg.de
diff --git a/overlays/prod/kustomization.yaml b/overlays/prod/kustomization.yaml
index b0817ac..5d5093a 100644
--- a/overlays/prod/kustomization.yaml
+++ b/overlays/prod/kustomization.yaml
@@ -1,17 +1,6 @@
 ---
 resources:
   - ../../base
-  - keycloak
-  - gitea
-patches:
-  - target:
-      kind: Ingress
-      group: networking.k8s.io
-      version: v1
-    patch: |-
-      - op: replace
-        path: /metadata/annotations
-        value:
-          kubernetes.io/ingress.class: "nginx"
-          kubernetes.io/tls-acme: "true"
-          cert-manager.io/cluster-issuer: "letsencrypt-acme
+  - ../../apps
+  - cert-manager
+  - interfacer-webpresence
diff --git a/shell.nix b/shell.nix
deleted file mode 100644
index 396101d..0000000
--- a/shell.nix
+++ /dev/null
@@ -1,54 +0,0 @@
-{ pkgs ? import <nixpkgs> { } }:
-
-with pkgs;
-
-mkShell {
-  name = "fcos.integration";
-  buildInputs = with pkgs; [
-    cmctl
-    conftest
-    editorconfig-checker
-    git
-    gnumake
-    hadolint
-    k9s
-    krew
-    kube-score
-    kube3d
-    kubeconform
-    kubectl
-    kubectx
-    kubernetes-helm
-    kubeval
-    kubeval-schema
-    kustomize
-    lens
-    mdl
-    mdsh
-    minio
-    nix-linter
-    nixpkgs-fmt
-    open-policy-agent
-    operator-sdk
-    pre-commit
-    python310Packages.mkdocs
-    python310Packages.mkdocs-material
-    python310Packages.mkdocs-material-extensions
-    rnix-lsp
-    vscodium-fhs
-    yamale
-    yaml-language-server
-    yamllint
-    yq
-  ];
-
-  postInstall = ''
-    . <(helm completion $(basename $SHELL))
-    . <(k3d completion $(basename $SHELL))
-    . <(k9s completion $(basename $SHELL))
-    . <(kubectl completion $(basename $SHELL))
-    . <(kustomize completion $(basename $SHELL))
-    . <(opa completion $(basename $SHELL))
-    . <(operator-sdk completion $(basename $SHELL))
-  '';
-}
diff --git a/test/labels.rego b/test/labels.rego
deleted file mode 100644
index eb61790..0000000
--- a/test/labels.rego
+++ /dev/null
@@ -1,20 +0,0 @@
-package main
-
-import data.kubernetes
-
-name = input.metadata.name
-
-required_deployment_labels {
-	input.metadata.labels["app.kubernetes.io/name"]
-	input.metadata.labels["app.kubernetes.io/instance"]
-	input.metadata.labels["app.kubernetes.io/version"]
-	input.metadata.labels["app.kubernetes.io/component"]
-	input.metadata.labels["app.kubernetes.io/part-of"]
-	input.metadata.labels["app.kubernetes.io/managed-by"]
-}
-
-deny[msg] {
-	kubernetes.is_deployment
-	not required_deployment_labels
-	msg = sprintf("%s must include Kubernetes recommended labels: https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/#labels", [name])
-}
diff --git a/test/run_as_root.rego b/test/run_as_root.rego
deleted file mode 100644
index 51b36e9..0000000
--- a/test/run_as_root.rego
+++ /dev/null
@@ -1,7 +0,0 @@
-package main
-
-deny[msg] {
-	input.kind = "Deployment"
-	not input.spec.template.spec.securityContext.runAsNonRoot = true
-	msg = sprintf("%s Containers must not run as root", [name])
-}
diff --git a/test/selector.rego b/test/selector.rego
deleted file mode 100644
index f160d74..0000000
--- a/test/selector.rego
+++ /dev/null
@@ -1,11 +0,0 @@
-package main
-
-import data.kubernetes
-
-name = input.metadata.name
-
-deny[msg] {
-	input.kind = "Deployment"
-	not input.spec.selector.matchLabels.app
-	msg = sprintf("%s must provide app label for pod selectors: https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/#labels", [name])
-}