diff --git a/helm/values/authentik.values.yaml b/helm/values/authentik.values.yaml
deleted file mode 100644
index 57d228a..0000000
--- a/helm/values/authentik.values.yaml
+++ /dev/null
@@ -1,110 +0,0 @@
-global:
-  addPrometheusAnnotations: true
-  securityContext:
-    runAsUser: 1000
-    fsGroup: 1000
-  podLabels:
-    app: authentik
-  nodeSelector:
-    nodepool: worker
-  topologySpreadConstraints:
-    - maxSkew: 1
-      topologyKey: kubernetes.io/hostname
-      whenUnsatisfiable: DoNotSchedule
-      labelSelector:
-        matchLabels:
-          app: authentik
-  env:
-    - name: AUTHENTIK_SECRET_KEY
-      valueFrom:
-        secretKeyRef:
-          name: authentik-secret-key
-          key: password
-    - name: AUTHENTIK_EMAIL__USERNAME
-      valueFrom:
-        secretKeyRef:
-          name: smtp-token
-          key: authentik-username
-    - name: AUTHENTIK_EMAIL__PASSWORD
-      valueFrom:
-        secretKeyRef:
-          name: smtp-token
-          key: authentik-password
-    - name: AUTHENTIK_EMAIL__FROM
-      valueFrom:
-        secretKeyRef:
-          name: smtp-token
-          key: authentik-username
-    - name: AUTHENTIK_EMAIL__USE_TLS
-      value: "true"
-    - name: AUTHENTIK_POSTGRESQL__SSLMODE
-      value: verify-full
-    - name: AUTHENTIK_POSTGRESQL__SSLROOTCERT
-      value: "/opt/authentik/certs/ca.crt"
-    - name: AUTHENTIK_POSTGRESQL__SSLCERT
-      value: "/opt/authentik/certs/tls.crt"
-    - name: AUTHENTIK_POSTGRESQL__SSLKEY
-      value: "/opt/authentik/certs/tls.key"
-    - name: AUTHENTIK_REDIS__PASSWORD
-      valueFrom:
-        secretKeyRef:
-          name: valkey
-          key: password
-  volumes:
-    - name: ssl-bundle
-      projected:
-        sources:
-          - secret:
-              name: authentik-client-cert
-              items:
-                - key: tls.crt
-                  path: tls.crt
-                - key: tls.key
-                  path: tls.key
-                  mode: 0600
-          - secret:
-              name: postgres-server-cert
-              items:
-                - key: ca.crt
-                  path: ca.crt
-  volumeMounts:
-    - name: ssl-bundle
-      mountPath: /opt/authentik/certs
-      readOnly: true
-
-authentik:
-  error_reporting:
-    enabled: false
-  email:
-    host: "smtp.protonmail.ch"
-    port: 587
-  postgresql:
-    host: postgres-cluster-rw
-    user: authentik
-    name: authentik
-  redis:
-    host: valkey
-
-server:
-  replicas: 3
-  ingress:
-    enabled: true
-    annotations:
-      cert-manager.io/cluster-issuer: cloudflare-issuer
-      cert-manager.io/acme-challenge-type: dns01
-      cert-manager.io/private-key-size: "4096"
-    ingressClassName: traefik
-    hosts:
-      - auth.dogar.dev
-    tls:
-      - secretName: authentik-tls
-        hosts:
-          - auth.dogar.dev
-
-worker:
-  replicas: 3
-    
-postgresql:
-    enabled: false
-redis:
-    enabled: false
diff --git a/helm/values/gitea.values.yaml b/helm/values/gitea.values.yaml
deleted file mode 100644
index 2b2474f..0000000
--- a/helm/values/gitea.values.yaml
+++ /dev/null
@@ -1,161 +0,0 @@
-global:
-  storageClass: longhorn
-image:
-  rootless: false
-service:
-  http:
-    annotations:
-      metallb.universe.tf/allow-shared-ip: gitea
-  ssh:
-    annotations:
-      metallb.universe.tf/allow-shared-ip: gitea
-ingress:
-  enabled: true
-  annotations:
-    cert-manager.io/cluster-issuer: cloudflare-issuer
-    cert-manager.io/acme-challenge-type: dns01
-    cert-manager.io/private-key-size: 4096
-  className: traefik
-  hosts:
-    - host: git.dogar.dev
-      paths:
-        - path: /
-          pathType: Prefix
-  tls:
-    - secretName: gitea-tls
-      hosts:
-        - git.dogar.dev
-gitea:
-  podAnnotations:
-    prometheus.io/scrape: "true"
-    prometheus.io/port: "6060"
-  admin:
-    existingSecret: gitea-admin
-  metrics:
-    enabled: true
-    serviceMonitor:
-      enabled: true
-  config:
-    server:
-      ENABLE_PPROF: true
-      ENABLE_GZIP: true
-      LFS_START_SERVER: true
-      SSH_DOMAIN: git.dogar.dev
-    database:
-      DB_TYPE: postgres
-      HOST: postgres-cluster-rw
-      NAME: gitea
-      USER: gitea
-      SSL_MODE: verify-full
-    metrics:
-      ENABLED: true
-    cache:
-      ADAPTER: memory
-    session:
-      PROVIDER: db
-      PROVIDER_CONFIG: ""
-    queue:
-      TYPE: channel
-    storage:
-      STORAGE_TYPE: minio
-      MINIO_USE_SSL: true
-      MINIO_BUCKET_LOOKUP_STYLE: path
-      MINIO_LOCATION: auto
-    service:
-      DISABLE_REGISTRATION: true
-    oauth2_client:
-      ENABLE_AUTO_REGISTRATION: true
-    mailer:
-      ENABLED: true
-      PROTOCOL: smtp+starttls
-      SMTP_ADDR: smtp.protonmail.ch
-      SMTP_PORT: 587
-      FROM: git@dogar.dev
-    picture:
-      GRAVATAR_SOURCE: gravatar
-  oauth:
-    - name: "authentik"
-      provider: "openidConnect"
-      existingSecret: gitea-oauth
-      autoDiscoverUrl: "https://auth.dogar.dev/application/o/gitea/.well-known/openid-configuration"
-      iconUrl: "https://goauthentik.io/img/icon.png"
-      scopes: "email profile"
-  additionalConfigFromEnvs:
-    - name: GITEA__MAILER__PASSWD
-      valueFrom:
-        secretKeyRef:
-          name: smtp-token
-          key: gitea-password
-    - name: GITEA__PACKAGES__CHUNKED_UPLOAD_PATH
-      value: "/tmp/gitea-uploads"
-    - name: GITEA__PACKAGES__CHUNKED_UPLOAD_CONCURRENCY
-      value: "4"
-    - name: GITEA__STORAGE__MINIO_ACCESS_KEY_ID
-      valueFrom:
-        secretKeyRef:
-          name: cloudflare-token
-          key: access_key_id
-    - name: GITEA__STORAGE__MINIO_SECRET_ACCESS_KEY
-      valueFrom:
-        secretKeyRef:
-          name: cloudflare-token
-          key: secret_access_key
-persistence:
-  labels:
-    recurring-job.longhorn.io/source: "enabled"
-    recurring-job.longhorn.io/daily-backup: "enabled"
-  enabled: true
-  size: 50Gi
-  accessModes:
-    - ReadWriteMany
-deployment:
-  env:
-    - name: PGSSLMODE
-      value: verify-full
-    - name: PGSSLROOTCERT
-      value: /opt/gitea/.postgresql/root.crt
-    - name: PGSSLCERT
-      value: /opt/gitea/.postgresql/postgresql.crt
-    - name: PGSSLKEY
-      value: /opt/gitea/.postgresql/postgresql.key
-resources:
-  requests:
-    cpu: 100m
-    memory: 128Mi
-  limits:
-    cpu: 6
-    memory: 6Gi
-extraVolumes:
-  - name: ssl-bundle
-    projected:
-      sources:
-        - secret:
-            name: gitea-client-cert
-            items:
-              - key: tls.crt
-                path: postgresql.crt
-              - key: tls.key
-                path: postgresql.key
-                mode: 0600
-        - secret:
-            name: postgres-server-cert
-            items:
-              - key: ca.crt
-                path: root.crt
-  - name: gitea-temp
-    emptyDir: {}
-extraInitVolumeMounts:
-  - name: ssl-bundle
-    mountPath: /opt/gitea/.postgresql
-    readOnly: true
-extraContainerVolumeMounts:
-  - name: ssl-bundle
-    mountPath: /opt/gitea/.postgresql
-    readOnly: true
-    readOnly: true
-  - name: gitea-temp
-    mountPath: /tmp/gitea-uploads
-postgresql-ha:
-  enabled: false
-valkey-cluster:
-  enabled: false
diff --git a/k8s-operators/prometheus/index.ts b/k8s-operators/prometheus/index.ts
index f185021..47f5b7a 100644
--- a/k8s-operators/prometheus/index.ts
+++ b/k8s-operators/prometheus/index.ts
@@ -2,7 +2,7 @@ import * as fs from "fs";
 import * as path from "path";
 import { Release } from "@cdktf/provider-helm/lib/release";
 import { Construct } from "constructs";
-import { CloudflareCertificate, IngressRoute } from "../../utils";
+import { IngressRoute } from "../../utils";
 import { Providers } from "../../types";
 
 type PrometheusOptions = {
@@ -18,14 +18,6 @@ export class Prometheus extends Construct {
 
     const { helm, kubernetes } = options.providers;
 
-    new CloudflareCertificate(this, "certificate", {
-      provider: kubernetes,
-      name: "grafana",
-      namespace: options.namespace,
-      dnsNames: ["grafana.dogar.dev"],
-      secretName: "grafana-tls",
-    });
-
     new IngressRoute(this, "ingress", {
       provider: kubernetes,
       name: "grafana",
diff --git a/utility-services/authentik/index.ts b/utility-services/authentik/index.ts
index 477beee..b9779a9 100644
--- a/utility-services/authentik/index.ts
+++ b/utility-services/authentik/index.ts
@@ -2,7 +2,7 @@ import * as fs from "fs";
 import * as path from "path";
 import { Release } from "@cdktf/provider-helm/lib/release";
 import { Construct } from "constructs";
-import { OnePasswordSecret } from "../../utils";
+import { IngressRoute, OnePasswordSecret } from "../../utils";
 import { Providers } from "../../types";
 
 type AuthentikServerOptions = {
@@ -42,6 +42,16 @@ export class AuthentikServer extends Construct {
           encoding: "utf8",
         }),
       ],
-    }).importFrom("homelab/authentik");
+    });
+
+    new IngressRoute(this, "ingress", {
+      provider: kubernetes,
+      name: options.name,
+      namespace: options.namespace,
+      host: "auth.dogar.dev",
+      serviceName: `authentik-server`,
+      servicePort: 80,
+      tlsSecretName: "authentik-tls",
+    });
   }
 }
diff --git a/utility-services/authentik/values.yaml b/utility-services/authentik/values.yaml
index f839e89..a64182f 100644
--- a/utility-services/authentik/values.yaml
+++ b/utility-services/authentik/values.yaml
@@ -88,7 +88,7 @@ authentik:
 server:
   replicas: 3
   ingress:
-    enabled: true
+    enabled: false
     annotations:
       cert-manager.io/cluster-issuer: cloudflare-issuer
       cert-manager.io/acme-challenge-type: dns01