diff --git a/base/cryptpad/helm-release.yaml b/apps/base/cryptpad/helm-release.yaml
similarity index 100%
rename from base/cryptpad/helm-release.yaml
rename to apps/base/cryptpad/helm-release.yaml
diff --git a/base/cryptpad/helm-repository.yaml b/apps/base/cryptpad/helm-repository.yaml
similarity index 100%
rename from base/cryptpad/helm-repository.yaml
rename to apps/base/cryptpad/helm-repository.yaml
diff --git a/base/cryptpad/kustomization.yaml b/apps/base/cryptpad/kustomization.yaml
similarity index 100%
rename from base/cryptpad/kustomization.yaml
rename to apps/base/cryptpad/kustomization.yaml
diff --git a/base/cryptpad/namespace.yaml b/apps/base/cryptpad/namespace.yaml
similarity index 100%
rename from base/cryptpad/namespace.yaml
rename to apps/base/cryptpad/namespace.yaml
diff --git a/base/dendrite/helm-release.yaml b/apps/base/dendrite/helm-release.yaml
similarity index 100%
rename from base/dendrite/helm-release.yaml
rename to apps/base/dendrite/helm-release.yaml
diff --git a/base/dendrite/helm-repository.yaml b/apps/base/dendrite/helm-repository.yaml
similarity index 100%
rename from base/dendrite/helm-repository.yaml
rename to apps/base/dendrite/helm-repository.yaml
diff --git a/base/dendrite/kustomization.yaml b/apps/base/dendrite/kustomization.yaml
similarity index 100%
rename from base/dendrite/kustomization.yaml
rename to apps/base/dendrite/kustomization.yaml
diff --git a/base/dendrite/namespace.yaml b/apps/base/dendrite/namespace.yaml
similarity index 100%
rename from base/dendrite/namespace.yaml
rename to apps/base/dendrite/namespace.yaml
diff --git a/base/grafana/dashboards.yaml b/apps/base/grafana/dashboards.yaml
similarity index 100%
rename from base/grafana/dashboards.yaml
rename to apps/base/grafana/dashboards.yaml
diff --git a/base/grafana/helm-release.yaml b/apps/base/grafana/helm-release.yaml
similarity index 100%
rename from base/grafana/helm-release.yaml
rename to apps/base/grafana/helm-release.yaml
diff --git a/base/grafana/helm-repository.yaml b/apps/base/grafana/helm-repository.yaml
similarity index 100%
rename from base/grafana/helm-repository.yaml
rename to apps/base/grafana/helm-repository.yaml
diff --git a/base/grafana/kustomization.yaml b/apps/base/grafana/kustomization.yaml
similarity index 100%
rename from base/grafana/kustomization.yaml
rename to apps/base/grafana/kustomization.yaml
diff --git a/base/grafana/namespace.yaml b/apps/base/grafana/namespace.yaml
similarity index 100%
rename from base/grafana/namespace.yaml
rename to apps/base/grafana/namespace.yaml
diff --git a/base/jitsi/grafana-dashboard.json b/apps/base/jitsi/grafana-dashboard.json
similarity index 100%
rename from base/jitsi/grafana-dashboard.json
rename to apps/base/jitsi/grafana-dashboard.json
diff --git a/base/jitsi/grafana-datasource.yaml b/apps/base/jitsi/grafana-datasource.yaml
similarity index 100%
rename from base/jitsi/grafana-datasource.yaml
rename to apps/base/jitsi/grafana-datasource.yaml
diff --git a/base/jitsi/kustomization.yaml b/apps/base/jitsi/kustomization.yaml
similarity index 100%
rename from base/jitsi/kustomization.yaml
rename to apps/base/jitsi/kustomization.yaml
diff --git a/base/jitsi/namespace.yaml b/apps/base/jitsi/namespace.yaml
similarity index 100%
rename from base/jitsi/namespace.yaml
rename to apps/base/jitsi/namespace.yaml
diff --git a/base/prometheus/grafana-datasource.yaml b/apps/base/prometheus/grafana-datasource.yaml
similarity index 100%
rename from base/prometheus/grafana-datasource.yaml
rename to apps/base/prometheus/grafana-datasource.yaml
diff --git a/base/prometheus/helm-release.yaml b/apps/base/prometheus/helm-release.yaml
similarity index 100%
rename from base/prometheus/helm-release.yaml
rename to apps/base/prometheus/helm-release.yaml
diff --git a/base/prometheus/helm-repository.yaml b/apps/base/prometheus/helm-repository.yaml
similarity index 100%
rename from base/prometheus/helm-repository.yaml
rename to apps/base/prometheus/helm-repository.yaml
diff --git a/base/prometheus/kustomization.yaml b/apps/base/prometheus/kustomization.yaml
similarity index 100%
rename from base/prometheus/kustomization.yaml
rename to apps/base/prometheus/kustomization.yaml
diff --git a/base/prometheus/namespace.yaml b/apps/base/prometheus/namespace.yaml
similarity index 100%
rename from base/prometheus/namespace.yaml
rename to apps/base/prometheus/namespace.yaml
diff --git a/base/vault/helm-release.yaml b/apps/base/vault/helm-release.yaml
similarity index 100%
rename from base/vault/helm-release.yaml
rename to apps/base/vault/helm-release.yaml
diff --git a/base/vault/helm-repository.yaml b/apps/base/vault/helm-repository.yaml
similarity index 100%
rename from base/vault/helm-repository.yaml
rename to apps/base/vault/helm-repository.yaml
diff --git a/base/vault/kustomization.yaml b/apps/base/vault/kustomization.yaml
similarity index 100%
rename from base/vault/kustomization.yaml
rename to apps/base/vault/kustomization.yaml
diff --git a/base/vault/namespace.yaml b/apps/base/vault/namespace.yaml
similarity index 100%
rename from base/vault/namespace.yaml
rename to apps/base/vault/namespace.yaml
diff --git a/clusters/k3s1/dendrite-helm-release.yaml b/apps/prod/dendrite-values.yaml
similarity index 97%
rename from clusters/k3s1/dendrite-helm-release.yaml
rename to apps/prod/dendrite-values.yaml
index 061342b..2a13826 100644
--- a/clusters/k3s1/dendrite-helm-release.yaml
+++ b/apps/prod/dendrite-values.yaml
@@ -16,7 +16,6 @@ spec:
       annotations:
         cert-manager.io/cluster-issuer: letsencrypt-prod
       hostName: dendrite.ffddorf.net
-      tls: 
+      tls:
       - hosts: [ dendrite.ffddorf.net ]
         secretName: dendrite-tls
-
diff --git a/clusters/k3s1/grafana-helm-release.yaml b/apps/prod/grafana-values.yaml
similarity index 100%
rename from clusters/k3s1/grafana-helm-release.yaml
rename to apps/prod/grafana-values.yaml
diff --git a/apps/prod/kustomization.yaml b/apps/prod/kustomization.yaml
new file mode 100644
index 0000000..56c0e7f
--- /dev/null
+++ b/apps/prod/kustomization.yaml
@@ -0,0 +1,18 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ../base/cert-manager
+- ../base/dendrite
+- ../base/cryptpad
+- ../base/external-dns
+- ../base/grafana
+- ../base/prometheus
+- traefik-config.yaml
+patches:
+- path: dendrite-values.yaml
+  target:
+    kind: HelmRelease
+- path: grafana-values.yaml
+  target:
+    kind: HelmRelease
diff --git a/clusters/k3s1/traefik-config.yaml b/apps/prod/traefik-config.yaml
similarity index 100%
rename from clusters/k3s1/traefik-config.yaml
rename to apps/prod/traefik-config.yaml
diff --git a/base/external-dns/helm-repository.yaml b/base/external-dns/helm-repository.yaml
deleted file mode 100644
index 5eceef1..0000000
--- a/base/external-dns/helm-repository.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1beta2
-kind: HelmRepository
-metadata:
-  name: external-dns
-spec:
-  interval: 1h
-  url: https://kubernetes-sigs.github.io/external-dns/
diff --git a/base/external-dns/kustomization.yaml b/base/external-dns/kustomization.yaml
deleted file mode 100644
index e76db8f..0000000
--- a/base/external-dns/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: external-dns
-resources:
-- helm-release.yaml
-- helm-repository.yaml
-- namespace.yaml
diff --git a/base/external-dns/namespace.yaml b/base/external-dns/namespace.yaml
deleted file mode 100644
index 3e353b5..0000000
--- a/base/external-dns/namespace.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: external-dns
diff --git a/clusters/k3s1/apps.yaml b/clusters/k3s1/apps.yaml
index 5aaff15..d45043a 100644
--- a/clusters/k3s1/apps.yaml
+++ b/clusters/k3s1/apps.yaml
@@ -2,14 +2,16 @@
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
-  name: metallb
+  name: apps
   namespace: flux-system
 spec:
-  interval: 1h
-  retryInterval: 1m
-  timeout: 5m
+  interval: 10m0s
+  dependsOn:
+  - name: infra-configs
   sourceRef:
     kind: GitRepository
     name: flux-system
-  path: ./base/metallb
-  prune: false
+  path: ./base/production
+  prune: true
+  waitr: true
+  timeout: 5m
diff --git a/clusters/k3s1/infrastructure.yaml b/clusters/k3s1/infrastructure.yaml
new file mode 100644
index 0000000..7f53823
--- /dev/null
+++ b/clusters/k3s1/infrastructure.yaml
@@ -0,0 +1,34 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: infra-controllers
+  namespace: flux-system
+spec:
+  interval: 1h
+  retryInterval: 1m
+  timeout: 5m
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./infrastructure/controllers
+  prune: true
+  wait: true
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: infra-configs
+  namespace: flux-system
+spec:
+  dependsOn:
+  - name: infra-controllers
+  interval: 1h
+  retryInterval: 1m
+  timeout: 5m
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./infrastructure/configs
+  prune: true
+  wait: true
diff --git a/base/cert-manager/cluster-issuer-letsencrypt-prod.yaml b/infrastructure/configs/cluster-issuers.yaml
similarity index 100%
rename from base/cert-manager/cluster-issuer-letsencrypt-prod.yaml
rename to infrastructure/configs/cluster-issuers.yaml
diff --git a/infrastructure/controllers/cert-manager.yaml b/infrastructure/controllers/cert-manager.yaml
new file mode 100644
index 0000000..8b26a32
--- /dev/null
+++ b/infrastructure/controllers/cert-manager.yaml
@@ -0,0 +1,35 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cert-manager
+  labels:
+    toolkit.fluxcd.io/tenant: sre-team
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: cert-manager
+  namespace: cert-manager
+spec:
+  interval: 24h
+  url: https://charts.jetstack.io
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: cert-manager
+  namespace: cert-manager
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: cert-manager
+      version: "1.x"
+      sourceRef:
+        kind: HelmRepository
+        name: cert-manager
+        namespace: cert-manager
+      interval: 12h
+  values:
+    installCRDs: true
diff --git a/base/external-dns/helm-release.yaml b/infrastructure/controllers/external-dns.yaml
similarity index 66%
rename from base/external-dns/helm-release.yaml
rename to infrastructure/controllers/external-dns.yaml
index a17e893..5235317 100644
--- a/base/external-dns/helm-release.yaml
+++ b/infrastructure/controllers/external-dns.yaml
@@ -1,8 +1,23 @@
 ---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: external-dns
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: external-dns
+  namespace: external-dns
+spec:
+  interval: 24h
+  url: https://kubernetes-sigs.github.io/external-dns/
+---
 apiVersion: helm.toolkit.fluxcd.io/v2beta2
 kind: HelmRelease
 metadata:
   name: external-dns
+  namespace: external-dns
 spec:
   chart:
     spec:
diff --git a/infrastructure/controllers/kustomization.yaml b/infrastructure/controllers/kustomization.yaml
new file mode 100644
index 0000000..c3708c8
--- /dev/null
+++ b/infrastructure/controllers/kustomization.yaml
@@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- cert-manager.yaml
diff --git a/base/metallb/helm-release.yaml b/infrastructure/controllers/metallb.yaml
similarity index 50%
rename from base/metallb/helm-release.yaml
rename to infrastructure/controllers/metallb.yaml
index e80c73f..8daf51f 100644
--- a/base/metallb/helm-release.yaml
+++ b/infrastructure/controllers/metallb.yaml
@@ -1,15 +1,29 @@
 ---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: metallb-system
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: metallb
+spec:
+  url: https://metallb.github.io/metallb
+  interval: 1h
+---
 apiVersion: helm.toolkit.fluxcd.io/v2beta2
 kind: HelmRelease
 metadata:
   name: metallb
 spec:
-  interval: 1h
+  interval: 24h
   install:
     createNamespace: false
   chart:
     spec:
       chart: metallb
+      version: "0.x"
       sourceRef:
         kind: HelmRepository
         name: metallb