From 9e4f03fe3e92e560d7a376c78f12a4ad5830908c Mon Sep 17 00:00:00 2001
From: Dave Altena <daltena@ripe.net>
Date: Sat, 24 Aug 2024 11:43:54 +0200
Subject: [PATCH] feat(homelab): cleanup bootstrap files

---
 .devcontainer/ci/Dockerfile                   |   2 -
 .devcontainer/ci/devcontainer.json            |  26 ---
 .../ci/features/devcontainer-feature.json     |   6 -
 .devcontainer/ci/features/install.sh          |  77 -------
 .github/tests/config-talos.yaml               |  44 ----
 .github/workflows/devcontainer.yaml           |  58 -----
 .github/workflows/e2e.yaml                    |  91 --------
 bootstrap/overrides/readme.partial.yaml.j2    |   5 -
 bootstrap/scripts/plugin.py                   |  81 -------
 bootstrap/scripts/validation.py               | 113 ----------
 bootstrap/templates/.sops.yaml.j2             |  12 -
 .../cert-manager/app/helmrelease.yaml.j2      |  30 ---
 .../cert-manager/app/kustomization.yaml.j2    |   5 -
 .../cert-manager/issuers/.mjfilter.py         |   1 -
 .../cert-manager/issuers/issuers.yaml.j2      |  39 ----
 .../issuers/kustomization.yaml.j2             |   6 -
 .../cert-manager/issuers/secret.sops.yaml.j2  |   7 -
 .../apps/cert-manager/cert-manager/ks.yaml.j2 |  44 ----
 .../apps/cert-manager/kustomization.yaml.j2   |   6 -
 .../apps/cert-manager/namespace.yaml.j2       |   7 -
 .../apps/flux-system/kustomization.yaml.j2    |   6 -
 .../apps/flux-system/namespace.yaml.j2        |   7 -
 .../webhooks/app/github/ingress.yaml.j2       |  22 --
 .../webhooks/app/github/kustomization.yaml.j2 |   9 -
 .../webhooks/app/github/receiver.yaml.j2      |  25 ---
 .../webhooks/app/github/secret.sops.yaml.j2   |   7 -
 .../webhooks/app/kustomization.yaml.j2        |   5 -
 .../apps/flux-system/webhooks/ks.yaml.j2      |  20 --
 .../cilium/app/helm-values.yaml.j2            |  68 ------
 .../cilium/app/helmrelease.yaml.j2            |  76 -------
 .../cilium/app/kustomization.yaml.j2          |  11 -
 .../cilium/app/kustomizeconfig.yaml.j2        |   7 -
 .../cilium/config/cilium-l2.yaml.j2           |  26 ---
 .../cilium/config/cilium-l3.yaml.j2           |  41 ----
 .../cilium/config/kustomization.yaml.j2       |  11 -
 .../apps/kube-system/cilium/ks.yaml.j2        |  42 ----
 .../coredns/app/helm-values.yaml.j2           |  50 -----
 .../coredns/app/helmrelease.yaml.j2           |  26 ---
 .../coredns/app/kustomization.yaml.j2         |  11 -
 .../coredns/app/kustomizeconfig.yaml.j2       |   7 -
 .../apps/kube-system/coredns/ks.yaml.j2       |  20 --
 .../app/helm-values.yaml.j2                   |   3 -
 .../app/helmrelease.yaml.j2                   |  30 ---
 .../app/kustomization.yaml.j2                 |  11 -
 .../app/kustomizeconfig.yaml.j2               |   7 -
 .../kubelet-csr-approver/ks.yaml.j2           |  20 --
 .../apps/kube-system/kustomization.yaml.j2    |  11 -
 .../metrics-server/app/helmrelease.yaml.j2    |  31 ---
 .../metrics-server/app/kustomization.yaml.j2  |   5 -
 .../kube-system/metrics-server/ks.yaml.j2     |  20 --
 .../apps/kube-system/namespace.yaml.j2        |   7 -
 .../reloader/app/helmrelease.yaml.j2          |  29 ---
 .../reloader/app/kustomization.yaml.j2        |   5 -
 .../apps/kube-system/reloader/ks.yaml.j2      |  20 --
 .../spegel/app/helm-values.yaml.j2            |   7 -
 .../spegel/app/helmrelease.yaml.j2            |  30 ---
 .../spegel/app/kustomization.yaml.j2          |  11 -
 .../spegel/app/kustomizeconfig.yaml.j2        |   7 -
 .../apps/kube-system/spegel/ks.yaml.j2        |  20 --
 .../kubernetes/apps/network/.mjfilter.py      |   1 -
 .../cloudflared/app/configs/config.yaml.j2    |  10 -
 .../cloudflared/app/dnsendpoint.yaml.j2       |  10 -
 .../cloudflared/app/helmrelease.yaml.j2       | 109 ---------
 .../cloudflared/app/kustomization.yaml.j2     |  13 --
 .../cloudflared/app/secret.sops.yaml.j2       |  13 --
 .../apps/network/cloudflared/ks.yaml.j2       |  22 --
 .../echo-server/app/helmrelease.yaml.j2       |  91 --------
 .../echo-server/app/kustomization.yaml.j2     |   5 -
 .../apps/network/echo-server/ks.yaml.j2       |  20 --
 .../external-dns/app/helmrelease.yaml.j2      |  48 ----
 .../external-dns/app/kustomization.yaml.j2    |   6 -
 .../external-dns/app/secret.sops.yaml.j2      |   7 -
 .../apps/network/external-dns/ks.yaml.j2      |  20 --
 .../certificates/kustomization.yaml.j2        |   8 -
 .../certificates/production.yaml.j2           |  14 --
 .../certificates/staging.yaml.j2              |  14 --
 .../external/helmrelease.yaml.j2              |  79 -------
 .../external/kustomization.yaml.j2            |   5 -
 .../internal/helmrelease.yaml.j2              |  76 -------
 .../internal/kustomization.yaml.j2            |   5 -
 .../apps/network/ingress-nginx/ks.yaml.j2     |  66 ------
 .../k8s-gateway/app/helmrelease.yaml.j2       |  33 ---
 .../k8s-gateway/app/kustomization.yaml.j2     |   5 -
 .../apps/network/k8s-gateway/ks.yaml.j2       |  20 --
 .../apps/network/kustomization.yaml.j2        |  10 -
 .../kubernetes/apps/network/namespace.yaml.j2 |   7 -
 .../apps/observability/kustomization.yaml.j2  |   6 -
 .../apps/observability/namespace.yaml.j2      |   7 -
 .../app/helmrelease.yaml.j2                   |  22 --
 .../app/kustomization.yaml.j2                 |   5 -
 .../prometheus-operator-crds/ks.yaml.j2       |  20 --
 .../apps/openebs-system/kustomization.yaml.j2 |   6 -
 .../apps/openebs-system/namespace.yaml.j2     |   7 -
 .../openebs/app/helmrelease.yaml.j2           |  48 ----
 .../openebs/app/kustomization.yaml.j2         |   5 -
 .../apps/openebs-system/openebs/ks.yaml.j2    |  20 --
 .../flux/github-deploy-key.sops.yaml.j2       |  17 --
 .../bootstrap/flux/kustomization.yaml.j2      |  61 -----
 .../kubernetes/bootstrap/helmfile.yaml.j2     |  59 -----
 .../bootstrap/talos/patches/README.md.j2      |  15 --
 .../patches/controller/api-access.yaml.j2     |   8 -
 .../talos/patches/controller/cluster.yaml.j2  |  12 -
 .../disable-admission-controller.yaml.j2      |   2 -
 .../talos/patches/controller/etcd.yaml.j2     |   6 -
 .../patches/global/cluster-discovery.yaml.j2  |   7 -
 .../talos/patches/global/containerd.yaml.j2   |  12 -
 .../global/disable-search-domain.yaml.j2      |   3 -
 .../talos/patches/global/hostdns.yaml.j2      |   6 -
 .../talos/patches/global/kubelet.yaml.j2      |   7 -
 .../patches/global/openebs-local.yaml.j2      |  10 -
 .../talos/patches/global/sysctl.yaml.j2       |   7 -
 .../bootstrap/talos/talconfig.yaml.j2         | 178 ---------------
 .../templates/kubernetes/flux/apps.yaml.j2    |  56 -----
 .../kubernetes/flux/config/cluster.yaml.j2    |  44 ----
 .../kubernetes/flux/config/flux.yaml.j2       |  86 -------
 .../flux/config/kustomization.yaml.j2         |   6 -
 .../repositories/git/kustomization.yaml.j2    |   4 -
 .../flux/repositories/helm/bjw-s.yaml.j2      |  10 -
 .../flux/repositories/helm/cilium.yaml.j2     |   9 -
 .../flux/repositories/helm/coredns.yaml.j2    |   9 -
 .../repositories/helm/external-dns.yaml.j2    |  11 -
 .../repositories/helm/ingress-nginx.yaml.j2   |  11 -
 .../flux/repositories/helm/jetstack.yaml.j2   |   9 -
 .../repositories/helm/k8s-gateway.yaml.j2     |  11 -
 .../repositories/helm/kustomization.yaml.j2   |  19 --
 .../repositories/helm/metrics-server.yaml.j2  |   9 -
 .../flux/repositories/helm/openebs.yaml.j2    |   9 -
 .../repositories/helm/postfinance.yaml.j2     |   9 -
 .../helm/prometheus-community.yaml.j2         |  10 -
 .../flux/repositories/helm/spegel.yaml.j2     |  10 -
 .../flux/repositories/helm/stakater.yaml.j2   |  10 -
 .../flux/repositories/kustomization.yaml.j2   |   7 -
 .../repositories/oci/kustomization.yaml.j2    |   4 -
 .../flux/vars/cluster-secrets.sops.yaml.j2    |  14 --
 .../flux/vars/cluster-settings.yaml.j2        |   8 -
 .../flux/vars/kustomization.yaml.j2           |   5 -
 config.sample.yaml                            | 212 ------------------
 makejinja.toml                                |  18 --
 138 files changed, 3314 deletions(-)
 delete mode 100644 .devcontainer/ci/Dockerfile
 delete mode 100644 .devcontainer/ci/devcontainer.json
 delete mode 100644 .devcontainer/ci/features/devcontainer-feature.json
 delete mode 100644 .devcontainer/ci/features/install.sh
 delete mode 100644 .github/tests/config-talos.yaml
 delete mode 100644 .github/workflows/devcontainer.yaml
 delete mode 100644 .github/workflows/e2e.yaml
 delete mode 100644 bootstrap/overrides/readme.partial.yaml.j2
 delete mode 100644 bootstrap/scripts/plugin.py
 delete mode 100644 bootstrap/scripts/validation.py
 delete mode 100644 bootstrap/templates/.sops.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/cert-manager/cert-manager/app/helmrelease.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/cert-manager/cert-manager/app/kustomization.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/cert-manager/cert-manager/issuers/.mjfilter.py
 delete mode 100644 bootstrap/templates/kubernetes/apps/cert-manager/cert-manager/issuers/issuers.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/cert-manager/cert-manager/issuers/kustomization.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/cert-manager/cert-manager/issuers/secret.sops.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/cert-manager/cert-manager/ks.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/cert-manager/kustomization.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/cert-manager/namespace.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/flux-system/kustomization.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/flux-system/namespace.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/flux-system/webhooks/app/github/ingress.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/flux-system/webhooks/app/github/kustomization.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/flux-system/webhooks/app/github/receiver.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/flux-system/webhooks/app/github/secret.sops.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/flux-system/webhooks/app/kustomization.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/flux-system/webhooks/ks.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/kube-system/cilium/app/helm-values.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/kube-system/cilium/app/kustomization.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/kube-system/cilium/app/kustomizeconfig.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/kube-system/cilium/config/cilium-l2.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/kube-system/cilium/config/cilium-l3.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/kube-system/cilium/config/kustomization.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/kube-system/cilium/ks.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/kube-system/coredns/app/helm-values.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/kube-system/coredns/app/helmrelease.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/kube-system/coredns/app/kustomization.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/kube-system/coredns/app/kustomizeconfig.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/kube-system/coredns/ks.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/kube-system/kubelet-csr-approver/app/helm-values.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/kube-system/kubelet-csr-approver/app/helmrelease.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/kube-system/kubelet-csr-approver/app/kustomization.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/kube-system/kubelet-csr-approver/app/kustomizeconfig.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/kube-system/kubelet-csr-approver/ks.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/kube-system/kustomization.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/kube-system/metrics-server/app/helmrelease.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/kube-system/metrics-server/app/kustomization.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/kube-system/metrics-server/ks.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/kube-system/namespace.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/kube-system/reloader/app/helmrelease.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/kube-system/reloader/app/kustomization.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/kube-system/reloader/ks.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/kube-system/spegel/app/helm-values.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/kube-system/spegel/app/helmrelease.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/kube-system/spegel/app/kustomization.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/kube-system/spegel/app/kustomizeconfig.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/kube-system/spegel/ks.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/network/.mjfilter.py
 delete mode 100644 bootstrap/templates/kubernetes/apps/network/cloudflared/app/configs/config.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/network/cloudflared/app/dnsendpoint.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/network/cloudflared/app/helmrelease.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/network/cloudflared/app/kustomization.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/network/cloudflared/app/secret.sops.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/network/cloudflared/ks.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/network/echo-server/app/helmrelease.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/network/echo-server/app/kustomization.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/network/echo-server/ks.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/network/external-dns/app/helmrelease.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/network/external-dns/app/kustomization.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/network/external-dns/app/secret.sops.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/network/external-dns/ks.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/network/ingress-nginx/certificates/kustomization.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/network/ingress-nginx/certificates/production.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/network/ingress-nginx/certificates/staging.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/network/ingress-nginx/external/helmrelease.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/network/ingress-nginx/external/kustomization.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/network/ingress-nginx/internal/helmrelease.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/network/ingress-nginx/internal/kustomization.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/network/ingress-nginx/ks.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/network/k8s-gateway/app/helmrelease.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/network/k8s-gateway/app/kustomization.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/network/k8s-gateway/ks.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/network/kustomization.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/network/namespace.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/observability/kustomization.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/observability/namespace.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/observability/prometheus-operator-crds/app/helmrelease.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/observability/prometheus-operator-crds/app/kustomization.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/observability/prometheus-operator-crds/ks.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/openebs-system/kustomization.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/openebs-system/namespace.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/openebs-system/openebs/app/helmrelease.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/openebs-system/openebs/app/kustomization.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/apps/openebs-system/openebs/ks.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/bootstrap/flux/github-deploy-key.sops.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/bootstrap/flux/kustomization.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/bootstrap/helmfile.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/bootstrap/talos/patches/README.md.j2
 delete mode 100644 bootstrap/templates/kubernetes/bootstrap/talos/patches/controller/api-access.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/bootstrap/talos/patches/controller/cluster.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/bootstrap/talos/patches/controller/disable-admission-controller.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/bootstrap/talos/patches/controller/etcd.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/bootstrap/talos/patches/global/cluster-discovery.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/bootstrap/talos/patches/global/containerd.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/bootstrap/talos/patches/global/disable-search-domain.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/bootstrap/talos/patches/global/hostdns.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/bootstrap/talos/patches/global/kubelet.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/bootstrap/talos/patches/global/openebs-local.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/bootstrap/talos/patches/global/sysctl.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/bootstrap/talos/talconfig.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/flux/apps.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/flux/config/cluster.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/flux/config/flux.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/flux/config/kustomization.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/flux/repositories/git/kustomization.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/flux/repositories/helm/bjw-s.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/flux/repositories/helm/cilium.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/flux/repositories/helm/coredns.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/flux/repositories/helm/external-dns.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/flux/repositories/helm/ingress-nginx.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/flux/repositories/helm/jetstack.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/flux/repositories/helm/k8s-gateway.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/flux/repositories/helm/kustomization.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/flux/repositories/helm/metrics-server.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/flux/repositories/helm/openebs.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/flux/repositories/helm/postfinance.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/flux/repositories/helm/prometheus-community.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/flux/repositories/helm/spegel.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/flux/repositories/helm/stakater.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/flux/repositories/kustomization.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/flux/repositories/oci/kustomization.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/flux/vars/cluster-secrets.sops.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/flux/vars/cluster-settings.yaml.j2
 delete mode 100644 bootstrap/templates/kubernetes/flux/vars/kustomization.yaml.j2
 delete mode 100644 config.sample.yaml
 delete mode 100644 makejinja.toml

diff --git a/.devcontainer/ci/Dockerfile b/.devcontainer/ci/Dockerfile
deleted file mode 100644
index e6e945b4..00000000
--- a/.devcontainer/ci/Dockerfile
+++ /dev/null
@@ -1,2 +0,0 @@
-# Ref: https://github.com/devcontainers/ci/issues/191
-FROM mcr.microsoft.com/devcontainers/base:alpine
diff --git a/.devcontainer/ci/devcontainer.json b/.devcontainer/ci/devcontainer.json
deleted file mode 100644
index 2064da8c..00000000
--- a/.devcontainer/ci/devcontainer.json
+++ /dev/null
@@ -1,26 +0,0 @@
-{
-  "$schema": "https://raw.githubusercontent.com/devcontainers/spec/main/schemas/devContainer.schema.json",
-  "name": "Flux Cluster Template (CI)",
-  "build": {
-    "dockerfile": "./Dockerfile",
-    "context": "."
-  },
-  "features": {
-    "./features": {}
-  },
-  "customizations": {
-    "vscode": {
-      "settings": {
-        "terminal.integrated.profiles.linux": {
-          "bash": {
-            "path": "/usr/bin/fish"
-          }
-        },
-        "terminal.integrated.defaultProfile.linux": "fish"
-      },
-      "extensions": [
-        "redhat.vscode-yaml"
-      ]
-    }
-  }
-}
diff --git a/.devcontainer/ci/features/devcontainer-feature.json b/.devcontainer/ci/features/devcontainer-feature.json
deleted file mode 100644
index 5f771e34..00000000
--- a/.devcontainer/ci/features/devcontainer-feature.json
+++ /dev/null
@@ -1,6 +0,0 @@
-{
-  "name": "Flux Cluster Template (Tools)",
-  "id": "cluster-template",
-  "version": "1.0.0",
-  "description": "Install Tools"
-}
diff --git a/.devcontainer/ci/features/install.sh b/.devcontainer/ci/features/install.sh
deleted file mode 100644
index bbb27428..00000000
--- a/.devcontainer/ci/features/install.sh
+++ /dev/null
@@ -1,77 +0,0 @@
-#!/usr/bin/env bash
-set -e
-set -o noglob
-
-apk add --no-cache \
-    age bash bind-tools ca-certificates curl direnv gettext python3 \
-    py3-pip moreutils jq git iputils openssh-client \
-    starship fzf fish yq helm
-
-apk add --no-cache \
-    --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community \
-        kubectl sops
-
-apk add --no-cache \
-    --repository=https://dl-cdn.alpinelinux.org/alpine/edge/testing \
-        lsd
-
-for app in \
-    "budimanjojo/talhelper!!?as=talhelper&type=script" \
-    "cilium/cilium-cli!!?as=cilium&type=script" \
-    "cli/cli!!?as=gh&type=script" \
-    "cloudflare/cloudflared!!?as=cloudflared&type=script" \
-    "derailed/k9s!!?as=k9s&type=script" \
-    "fluxcd/flux2!!?as=flux&type=script" \
-    "go-task/task!!?as=task&type=script" \
-    "helmfile/helmfile!!?as=helmfile&type=script" \
-    "kubecolor/kubecolor!!?as=kubecolor&type=script" \
-    "kubernetes-sigs/krew!!?as=krew&type=script" \
-    "kubernetes-sigs/kustomize!!?as=kustomize&type=script" \
-    "stern/stern!!?as=stern&type=script" \
-    "siderolabs/talos!!?as=talosctl&type=script" \
-    "yannh/kubeconform!!?as=kubeconform&type=script"
-do
-    echo "=== Installing ${app} ==="
-    curl -fsSL "https://i.jpillora.com/${app}" | bash
-done
-
-# Create the fish configuration directory
-mkdir -p /home/vscode/.config/fish/{completions,conf.d}
-
-# Setup autocompletions for fish
-for tool in cilium flux helm helmfile k9s kubectl kustomize talhelper talosctl; do
-    $tool completion fish > /home/vscode/.config/fish/completions/$tool.fish
-done
-gh completion --shell fish > /home/vscode/.config/fish/completions/gh.fish
-stern --completion fish > /home/vscode/.config/fish/completions/stern.fish
-yq shell-completion fish > /home/vscode/.config/fish/completions/yq.fish
-
-# Add hooks into fish
-tee /home/vscode/.config/fish/conf.d/hooks.fish > /dev/null <<EOF
-if status is-interactive
-    direnv hook fish | source
-    starship init fish | source
-end
-EOF
-
-# Add aliases into fish
-tee /home/vscode/.config/fish/conf.d/aliases.fish > /dev/null <<EOF
-alias ls lsd
-alias kubectl kubecolor
-alias k kubectl
-EOF
-
-# Custom fish prompt
-tee /home/vscode/.config/fish/conf.d/fish_greeting.fish > /dev/null <<EOF
-set fish_greeting
-EOF
-
-# Add direnv whitelist for the workspace directory
-mkdir -p /home/vscode/.config/direnv
-tee /home/vscode/.config/direnv/direnv.toml > /dev/null <<EOF
-[whitelist]
-prefix = [ "/workspaces" ]
-EOF
-
-# Set ownership vscode .config directory to the vscode user
-chown -R vscode:vscode /home/vscode/.config
diff --git a/.github/tests/config-talos.yaml b/.github/tests/config-talos.yaml
deleted file mode 100644
index 3997f92b..00000000
--- a/.github/tests/config-talos.yaml
+++ /dev/null
@@ -1,44 +0,0 @@
----
-skip_tests: true
-
-boostrap_talos:
-  schematic_id: "376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba"
-bootstrap_node_network: 10.10.10.0/24
-bootstrap_node_default_gateway: 10.10.10.1
-bootstrap_node_inventory:
-  - name: k8s-controller-0
-    address: 10.10.10.100
-    controller: true
-    disk: fake
-    mac_addr: fake
-  - name: k8s-worker-0
-    address: 10.10.10.101
-    controller: false
-    disk: fake
-    mac_addr: fake
-bootstrap_dns_servers: ["1.1.1.1", "1.0.0.1"]
-bootstrap_ntp_servers: ["time.cloudflare.com"]
-bootstrap_pod_network: 10.69.0.0/16
-bootstrap_service_network: 10.96.0.0/16
-bootstrap_controller_vip: 10.10.10.254
-bootstrap_tls_sans: ["fake"]
-bootstrap_sops_age_pubkey: $BOOTSTRAP_AGE_PUBLIC_KEY
-bootstrap_bgp:
-  enabled: false
-bootstrap_github_address: https://github.com/ /cluster-template
-bootstrap_github_branch: main
-bootstrap_github_webhook_token: fake
-bootstrap_cloudflare:
-  enabled: true
-  domain: fake
-  token: take
-  acme:
-    email: fake@example.com
-    production: false
-  tunnel:
-    account_id: fake
-    id: fake
-    secret: fake
-    ingress_vip: 10.10.10.252
-  ingress_vip: 10.10.10.251
-  gateway_vip: 10.10.10.253
diff --git a/.github/workflows/devcontainer.yaml b/.github/workflows/devcontainer.yaml
deleted file mode 100644
index 9582cfa3..00000000
--- a/.github/workflows/devcontainer.yaml
+++ /dev/null
@@ -1,58 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
-name: "devcontainer"
-
-on:
-  workflow_dispatch:
-  push:
-    branches: ["main"]
-    paths: [".devcontainer/ci/**"]
-  pull_request:
-    branches: ["main"]
-    paths: [".devcontainer/ci/**"]
-  schedule:
-    - cron: "0 0 * * *"
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  devcontainer:
-    if: ${{ github.repository == 'onedr0p/cluster-template' }}
-    name: publish
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-        with:
-          platforms: linux/amd64 #,linux/arm64
-
-      - if: ${{ github.event_name != 'pull_request' }}
-        name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Build and push
-        uses: devcontainers/ci@v0.3
-        env:
-          BUILDX_NO_DEFAULT_ATTESTATIONS: true
-        with:
-          imageName: ghcr.io/${{ github.repository }}/devcontainer
-          # cacheFrom: ghcr.io/${{ github.repository }}/devcontainer
-          imageTag: base,latest
-          platform: linux/amd64 #,linux/arm64
-          configFile: .devcontainer/ci/devcontainer.json
-          push: ${{ github.event_name == 'pull_request' && 'never' || 'always' }}
diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
deleted file mode 100644
index 58b53e92..00000000
--- a/.github/workflows/e2e.yaml
+++ /dev/null
@@ -1,91 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
-name: "e2e"
-
-on:
-  workflow_dispatch:
-  pull_request:
-    branches: ["main"]
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  configure:
-    if: ${{ github.repository == 'onedr0p/cluster-template' }}
-    name: configure
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        config-files:
-          - talos
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Setup Homebrew
-        id: setup-homebrew
-        uses: Homebrew/actions/setup-homebrew@master
-
-      - name: Setup Python
-        uses: actions/setup-python@v5
-        id: setup-python
-        with:
-          python-version: "3.11" # minimum supported version
-
-      - name: Cache homebrew packages
-        if: ${{ github.event_name == 'pull_request' }}
-        uses: actions/cache@v4
-        id: cache-homebrew-packages
-        with:
-          key: homebrew-${{ runner.os }}-${{ steps.setup-homebrew.outputs.gems-hash }}-${{ hashFiles('.taskfiles/Workstation/Brewfile') }}
-          path: /home/linuxbrew/.linuxbrew
-
-      - name: Cache venv
-        if: ${{ github.event_name == 'pull_request' }}
-        uses: actions/cache@v4
-        with:
-          key: venv-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('requirements.txt', 'requirements.yaml') }}
-          path: .venv
-
-      - name: Setup Workflow Tools
-        if: ${{ github.event_name == 'pull_request' && steps.cache-homebrew-packages.outputs.cache-hit != 'true' }}
-        shell: bash
-        run: brew install go-task
-
-      - name: Run Workstation Brew tasks
-        if: ${{ github.event_name == 'pull_request' && steps.cache-homebrew-packages.outputs.cache-hit != 'true' }}
-        shell: bash
-        run: task workstation:brew
-
-      - name: Run Workstation venv tasks
-        shell: bash
-        run: task workstation:venv
-
-      - name: Run Workstation direnv tasks
-        shell: bash
-        run: task workstation:direnv
-
-      - name: Run Sops Age key task
-        shell: bash
-        run: task sops:age-keygen
-
-      - name: Run init tasks
-        shell: bash
-        run: |
-          task init
-          cp ./.github/tests/config-${{ matrix.config-files }}.yaml ./config.yaml
-          export BOOTSTRAP_AGE_PUBLIC_KEY=$(sed -n 's/# public key: //gp' age.key)
-          envsubst < ./config.yaml | sponge ./config.yaml
-
-      - name: Run configure task
-        shell: bash
-        run: task configure --yes
-
-      - name: Run repo clean and reset tasks
-        shell: bash
-        run: |
-          task repository:clean
-          task repository:reset --yes
diff --git a/bootstrap/overrides/readme.partial.yaml.j2 b/bootstrap/overrides/readme.partial.yaml.j2
deleted file mode 100644
index b73f7538..00000000
--- a/bootstrap/overrides/readme.partial.yaml.j2
+++ /dev/null
@@ -1,5 +0,0 @@
-#| Place user jinja template overrides in this file's directory |#
-#| Docs: https://mirkolenz.github.io/makejinja/makejinja.html |#
-#| Example: https://github.com/mirkolenz/makejinja/blob/main/tests/data/makejinja.toml |#
-#| Example: https://github.com/mirkolenz/makejinja/blob/main/tests/data/input1/not-empty.yaml.jinja |#
-#| Example: https://github.com/mirkolenz/makejinja/blob/main/tests/data/input2/not-empty.yaml.jinja |#
diff --git a/bootstrap/scripts/plugin.py b/bootstrap/scripts/plugin.py
deleted file mode 100644
index e8f1a288..00000000
--- a/bootstrap/scripts/plugin.py
+++ /dev/null
@@ -1,81 +0,0 @@
-import importlib.util
-import sys
-from collections.abc import Callable
-from pathlib import Path
-from typing import Any
-
-from typing import Any
-from netaddr import IPNetwork
-
-import makejinja
-import validation
-
-
-# Return the filename of a path without the j2 extension
-def basename(value: str) -> str:
-    return Path(value).stem
-
-
-# Return a list of files in the talos patches directory
-def talos_patches(value: str) -> list[str]:
-    path = Path(f'bootstrap/templates/kubernetes/bootstrap/talos/patches/{value}')
-    if not path.is_dir():
-        return []
-    return [str(f) for f in sorted(path.glob('*.yaml.j2')) if f.is_file()]
-
-
-# Return the nth host in a CIDR range
-def nthhost(value: str, query: int) -> str:
-    value = IPNetwork(value)
-    try:
-        nth = int(query)
-        if value.size > nth:
-            return str(value[nth])
-    except ValueError:
-        return False
-    return value
-
-
-def import_filter(file: Path) -> Callable[[dict[str, Any]], bool]:
-    module_path = file.relative_to(Path.cwd()).with_suffix("")
-    module_name = str(module_path).replace("/", ".")
-    spec = importlib.util.spec_from_file_location(module_name, file)
-    assert spec is not None
-    module = importlib.util.module_from_spec(spec)
-    sys.modules[module_name] = module
-    assert spec.loader is not None
-    spec.loader.exec_module(module)
-    return module.main
-
-
-class Plugin(makejinja.plugin.Plugin):
-    def __init__(self, data: dict[str, Any], config: makejinja.config.Config):
-        self._data = data
-        self._config = config
-
-        self._excluded_dirs: set[Path] = set()
-        for input_path in config.inputs:
-            for filter_file in input_path.rglob(".mjfilter.py"):
-                filter_func = import_filter(filter_file)
-                if filter_func(data) is False:
-                    self._excluded_dirs.add(filter_file.parent)
-
-        validation.validate(data)
-
-
-    def filters(self) -> makejinja.plugin.Filters:
-        return [basename, nthhost]
-
-
-    def functions(self) -> makejinja.plugin.Functions:
-        return [talos_patches]
-
-
-    def path_filters(self):
-        return [self._mjfilter_func]
-
-
-    def _mjfilter_func(self, path: Path) -> bool:
-        return not any(
-            path.is_relative_to(excluded_dir) for excluded_dir in self._excluded_dirs
-        )
diff --git a/bootstrap/scripts/validation.py b/bootstrap/scripts/validation.py
deleted file mode 100644
index b3a75a07..00000000
--- a/bootstrap/scripts/validation.py
+++ /dev/null
@@ -1,113 +0,0 @@
-from functools import wraps
-from shutil import which
-from typing import Callable, cast
-from zoneinfo import available_timezones
-import netaddr
-import re
-import socket
-import sys
-
-GLOBAL_CLI_TOOLS = ["age", "flux", "helmfile", "sops", "jq", "kubeconform", "kustomize", "talosctl", "talhelper"]
-CLOUDFLARE_TOOLS = ["cloudflared"]
-
-
-def required(*keys: str):
-    def wrapper_outter(func: Callable):
-        @wraps(func)
-        def wrapper(data: dict, *_, **kwargs) -> None:
-            for key in keys:
-                if data.get(key) is None:
-                    raise ValueError(f"Missing required key {key}")
-            return func(*[data[key] for key in keys], **kwargs)
-
-        return wrapper
-
-    return wrapper_outter
-
-
-def validate_python_version() -> None:
-    required_version = (3, 11, 0)
-    if sys.version_info < required_version:
-        raise ValueError(f"Python {sys.version_info} is below 3.11. Please upgrade.")
-
-
-def validate_ip(ip: str) -> str:
-    try:
-        netaddr.IPAddress(ip)
-    except netaddr.core.AddrFormatError as e:
-        raise ValueError(f"Invalid IP address {ip}") from e
-    return ip
-
-
-def validate_network(cidr: str, family: int) -> str:
-    try:
-        network = netaddr.IPNetwork(cidr)
-        if network.version != family:
-            raise ValueError(f"Invalid CIDR family {network.version}")
-    except netaddr.core.AddrFormatError as e:
-        raise ValueError(f"Invalid CIDR {cidr}") from e
-    return cidr
-
-
-def validate_node(node: dict, node_cidr: str) -> None:
-    if not node.get("name"):
-        raise ValueError(f"A node is missing a name")
-    if not re.match(r"^[a-z0-9-]+$", node.get('name')):
-        raise ValueError(f"Node {node.get('name')} has an invalid name")
-    if not node.get("disk"):
-        raise ValueError(f"Node {node.get('name')} is missing disk")
-    if not node.get("mac_addr"):
-        raise ValueError(f"Node {node.get('name')} is missing mac_addr")
-    if not re.match(r"(?:[0-9a-fA-F]:?){12}", node.get("mac_addr")):
-        raise ValueError(f"Node {node.get('name')} has an invalid mac_addr, is this a MAC address?")
-    if node.get("address"):
-        ip = validate_ip(node.get("address"))
-        if netaddr.IPAddress(ip, 4) not in netaddr.IPNetwork(node_cidr):
-            raise ValueError(f"Node {node.get('name')} is not in the node CIDR {node_cidr}")
-        with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock:
-            sock.settimeout(5)
-            result = sock.connect_ex((ip, 50000))
-            if result != 0:
-                raise ValueError(f"Node {node.get('name')} port 50000 is not open")
-
-
-@required("bootstrap_cloudflare")
-def validate_cli_tools(cloudflare: dict, **_) -> None:
-    for tool in GLOBAL_CLI_TOOLS:
-        if not which(tool):
-            raise ValueError(f"Missing required CLI tool {tool}")
-    for tool in CLOUDFLARE_TOOLS if cloudflare.get("enabled", False) else []:
-        if not which(tool):
-            raise ValueError(f"Missing required CLI tool {tool}")
-
-
-@required("bootstrap_sops_age_pubkey")
-def validate_age(key: str, **_) -> None:
-    if not re.match(r"^age1[a-z0-9]{0,58}$", key):
-        raise ValueError(f"Invalid Age public key {key}")
-
-
-@required("bootstrap_node_network", "bootstrap_node_inventory")
-def validate_nodes(node_cidr: str, nodes: dict[list], **_) -> None:
-    node_cidr = validate_network(node_cidr, 4)
-
-    controllers = [node for node in nodes if node.get('controller') == True]
-    if len(controllers) < 1:
-        raise ValueError(f"Must have at least one controller node")
-    if len(controllers) % 2 == 0:
-        raise ValueError(f"Must have an odd number of controller nodes")
-    for node in controllers:
-        validate_node(node, node_cidr)
-
-    workers = [node for node in nodes if node.get('controller') == False]
-    for node in workers:
-        validate_node(node, node_cidr)
-
-
-def validate(data: dict) -> None:
-    validate_python_version()
-    validate_cli_tools(data)
-    validate_age(data)
-
-    if not data.get("skip_tests", False):
-        validate_nodes(data)
diff --git a/bootstrap/templates/.sops.yaml.j2 b/bootstrap/templates/.sops.yaml.j2
deleted file mode 100644
index cb7aa764..00000000
--- a/bootstrap/templates/.sops.yaml.j2
+++ /dev/null
@@ -1,12 +0,0 @@
----
-creation_rules:
-  - # IMPORTANT: This rule MUST be above the others
-    path_regex: talos/.*\.sops\.ya?ml
-    key_groups:
-      - age:
-          - "#{ bootstrap_sops_age_pubkey }#"
-  - path_regex: kubernetes/.*\.sops\.ya?ml
-    encrypted_regex: "^(data|stringData)$"
-    key_groups:
-      - age:
-          - "#{ bootstrap_sops_age_pubkey }#"
diff --git a/bootstrap/templates/kubernetes/apps/cert-manager/cert-manager/app/helmrelease.yaml.j2 b/bootstrap/templates/kubernetes/apps/cert-manager/cert-manager/app/helmrelease.yaml.j2
deleted file mode 100644
index 9076302d..00000000
--- a/bootstrap/templates/kubernetes/apps/cert-manager/cert-manager/app/helmrelease.yaml.j2
+++ /dev/null
@@ -1,30 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: cert-manager
-spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: cert-manager
-      version: v1.15.1
-      sourceRef:
-        kind: HelmRepository
-        name: jetstack
-        namespace: flux-system
-  install:
-    remediation:
-      retries: 3
-  upgrade:
-    cleanupOnFail: true
-    remediation:
-      retries: 3
-  values:
-    installCRDs: true
-    dns01RecursiveNameservers: https://1.1.1.1:443/dns-query,https://1.0.0.1:443/dns-query
-    dns01RecursiveNameserversOnly: true
-    prometheus:
-      enabled: true
-      servicemonitor:
-        enabled: true
diff --git a/bootstrap/templates/kubernetes/apps/cert-manager/cert-manager/app/kustomization.yaml.j2 b/bootstrap/templates/kubernetes/apps/cert-manager/cert-manager/app/kustomization.yaml.j2
deleted file mode 100644
index 5dd7baca..00000000
--- a/bootstrap/templates/kubernetes/apps/cert-manager/cert-manager/app/kustomization.yaml.j2
+++ /dev/null
@@ -1,5 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./helmrelease.yaml
diff --git a/bootstrap/templates/kubernetes/apps/cert-manager/cert-manager/issuers/.mjfilter.py b/bootstrap/templates/kubernetes/apps/cert-manager/cert-manager/issuers/.mjfilter.py
deleted file mode 100644
index d9ae82b4..00000000
--- a/bootstrap/templates/kubernetes/apps/cert-manager/cert-manager/issuers/.mjfilter.py
+++ /dev/null
@@ -1 +0,0 @@
-main = lambda data: data.get("bootstrap_cloudflare", {}).get("enabled", False) == True
diff --git a/bootstrap/templates/kubernetes/apps/cert-manager/cert-manager/issuers/issuers.yaml.j2 b/bootstrap/templates/kubernetes/apps/cert-manager/cert-manager/issuers/issuers.yaml.j2
deleted file mode 100644
index 1cf7148a..00000000
--- a/bootstrap/templates/kubernetes/apps/cert-manager/cert-manager/issuers/issuers.yaml.j2
+++ /dev/null
@@ -1,39 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: letsencrypt-production
-spec:
-  acme:
-    server: https://acme-v02.api.letsencrypt.org/directory
-    email: "${SECRET_ACME_EMAIL}"
-    privateKeySecretRef:
-      name: letsencrypt-production
-    solvers:
-      - dns01:
-          cloudflare:
-            apiTokenSecretRef:
-              name: cert-manager-secret
-              key: api-token
-        selector:
-          dnsZones:
-            - "${SECRET_DOMAIN}"
----
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: letsencrypt-staging
-spec:
-  acme:
-    server: https://acme-staging-v02.api.letsencrypt.org/directory
-    email: "${SECRET_ACME_EMAIL}"
-    privateKeySecretRef:
-      name: letsencrypt-staging
-    solvers:
-      - dns01:
-          cloudflare:
-            apiTokenSecretRef:
-              name: cert-manager-secret
-              key: api-token
-        selector:
-          dnsZones:
-            - "${SECRET_DOMAIN}"
diff --git a/bootstrap/templates/kubernetes/apps/cert-manager/cert-manager/issuers/kustomization.yaml.j2 b/bootstrap/templates/kubernetes/apps/cert-manager/cert-manager/issuers/kustomization.yaml.j2
deleted file mode 100644
index 17754be6..00000000
--- a/bootstrap/templates/kubernetes/apps/cert-manager/cert-manager/issuers/kustomization.yaml.j2
+++ /dev/null
@@ -1,6 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./secret.sops.yaml
-  - ./issuers.yaml
diff --git a/bootstrap/templates/kubernetes/apps/cert-manager/cert-manager/issuers/secret.sops.yaml.j2 b/bootstrap/templates/kubernetes/apps/cert-manager/cert-manager/issuers/secret.sops.yaml.j2
deleted file mode 100644
index f5bf887f..00000000
--- a/bootstrap/templates/kubernetes/apps/cert-manager/cert-manager/issuers/secret.sops.yaml.j2
+++ /dev/null
@@ -1,7 +0,0 @@
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: cert-manager-secret
-stringData:
-  api-token: "#{ bootstrap_cloudflare.token }#"
diff --git a/bootstrap/templates/kubernetes/apps/cert-manager/cert-manager/ks.yaml.j2 b/bootstrap/templates/kubernetes/apps/cert-manager/cert-manager/ks.yaml.j2
deleted file mode 100644
index 3efe99d8..00000000
--- a/bootstrap/templates/kubernetes/apps/cert-manager/cert-manager/ks.yaml.j2
+++ /dev/null
@@ -1,44 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: &app cert-manager
-  namespace: flux-system
-spec:
-  targetNamespace: cert-manager
-  commonMetadata:
-    labels:
-      app.kubernetes.io/name: *app
-  path: ./kubernetes/apps/cert-manager/cert-manager/app
-  prune: true
-  sourceRef:
-    kind: GitRepository
-    name: home-kubernetes
-  wait: true
-  interval: 30m
-  retryInterval: 1m
-  timeout: 5m
-#% if bootstrap_cloudflare.enabled %#
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: &app cert-manager-issuers
-  namespace: flux-system
-spec:
-  targetNamespace: cert-manager
-  commonMetadata:
-    labels:
-      app.kubernetes.io/name: *app
-  dependsOn:
-    - name: cert-manager
-  path: ./kubernetes/apps/cert-manager/cert-manager/issuers
-  prune: true
-  sourceRef:
-    kind: GitRepository
-    name: home-kubernetes
-  wait: true
-  interval: 30m
-  retryInterval: 1m
-  timeout: 5m
-#% endif %#
diff --git a/bootstrap/templates/kubernetes/apps/cert-manager/kustomization.yaml.j2 b/bootstrap/templates/kubernetes/apps/cert-manager/kustomization.yaml.j2
deleted file mode 100644
index a0a3e5ed..00000000
--- a/bootstrap/templates/kubernetes/apps/cert-manager/kustomization.yaml.j2
+++ /dev/null
@@ -1,6 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./namespace.yaml
-  - ./cert-manager/ks.yaml
diff --git a/bootstrap/templates/kubernetes/apps/cert-manager/namespace.yaml.j2 b/bootstrap/templates/kubernetes/apps/cert-manager/namespace.yaml.j2
deleted file mode 100644
index ed788350..00000000
--- a/bootstrap/templates/kubernetes/apps/cert-manager/namespace.yaml.j2
+++ /dev/null
@@ -1,7 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: cert-manager
-  labels:
-    kustomize.toolkit.fluxcd.io/prune: disabled
diff --git a/bootstrap/templates/kubernetes/apps/flux-system/kustomization.yaml.j2 b/bootstrap/templates/kubernetes/apps/flux-system/kustomization.yaml.j2
deleted file mode 100644
index 10587f8c..00000000
--- a/bootstrap/templates/kubernetes/apps/flux-system/kustomization.yaml.j2
+++ /dev/null
@@ -1,6 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./namespace.yaml
-  - ./webhooks/ks.yaml
diff --git a/bootstrap/templates/kubernetes/apps/flux-system/namespace.yaml.j2 b/bootstrap/templates/kubernetes/apps/flux-system/namespace.yaml.j2
deleted file mode 100644
index b48db452..00000000
--- a/bootstrap/templates/kubernetes/apps/flux-system/namespace.yaml.j2
+++ /dev/null
@@ -1,7 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: flux-system
-  labels:
-    kustomize.toolkit.fluxcd.io/prune: disabled
diff --git a/bootstrap/templates/kubernetes/apps/flux-system/webhooks/app/github/ingress.yaml.j2 b/bootstrap/templates/kubernetes/apps/flux-system/webhooks/app/github/ingress.yaml.j2
deleted file mode 100644
index 17171674..00000000
--- a/bootstrap/templates/kubernetes/apps/flux-system/webhooks/app/github/ingress.yaml.j2
+++ /dev/null
@@ -1,22 +0,0 @@
-#% if bootstrap_cloudflare.enabled %#
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: flux-webhook
-  annotations:
-    external-dns.alpha.kubernetes.io/target: "external.${SECRET_DOMAIN}"
-spec:
-  ingressClassName: external
-  rules:
-    - host: "flux-webhook.${SECRET_DOMAIN}"
-      http:
-        paths:
-          - path: /hook/
-            pathType: Prefix
-            backend:
-              service:
-                name: webhook-receiver
-                port:
-                  number: 80
-#% endif %#
diff --git a/bootstrap/templates/kubernetes/apps/flux-system/webhooks/app/github/kustomization.yaml.j2 b/bootstrap/templates/kubernetes/apps/flux-system/webhooks/app/github/kustomization.yaml.j2
deleted file mode 100644
index 75fc5841..00000000
--- a/bootstrap/templates/kubernetes/apps/flux-system/webhooks/app/github/kustomization.yaml.j2
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./secret.sops.yaml
-  #% if bootstrap_cloudflare.enabled %#
-  - ./ingress.yaml
-  #% endif %#
-  - ./receiver.yaml
diff --git a/bootstrap/templates/kubernetes/apps/flux-system/webhooks/app/github/receiver.yaml.j2 b/bootstrap/templates/kubernetes/apps/flux-system/webhooks/app/github/receiver.yaml.j2
deleted file mode 100644
index cca5931b..00000000
--- a/bootstrap/templates/kubernetes/apps/flux-system/webhooks/app/github/receiver.yaml.j2
+++ /dev/null
@@ -1,25 +0,0 @@
----
-apiVersion: notification.toolkit.fluxcd.io/v1
-kind: Receiver
-metadata:
-  name: github-receiver
-spec:
-  type: github
-  events:
-    - ping
-    - push
-  secretRef:
-    name: github-webhook-token-secret
-  resources:
-    - apiVersion: source.toolkit.fluxcd.io/v1
-      kind: GitRepository
-      name: home-kubernetes
-      namespace: flux-system
-    - apiVersion: kustomize.toolkit.fluxcd.io/v1
-      kind: Kustomization
-      name: cluster
-      namespace: flux-system
-    - apiVersion: kustomize.toolkit.fluxcd.io/v1
-      kind: Kustomization
-      name: cluster-apps
-      namespace: flux-system
diff --git a/bootstrap/templates/kubernetes/apps/flux-system/webhooks/app/github/secret.sops.yaml.j2 b/bootstrap/templates/kubernetes/apps/flux-system/webhooks/app/github/secret.sops.yaml.j2
deleted file mode 100644
index 34ac7daf..00000000
--- a/bootstrap/templates/kubernetes/apps/flux-system/webhooks/app/github/secret.sops.yaml.j2
+++ /dev/null
@@ -1,7 +0,0 @@
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: github-webhook-token-secret
-stringData:
-  token: "#{ bootstrap_github_webhook_token }#"
diff --git a/bootstrap/templates/kubernetes/apps/flux-system/webhooks/app/kustomization.yaml.j2 b/bootstrap/templates/kubernetes/apps/flux-system/webhooks/app/kustomization.yaml.j2
deleted file mode 100644
index ccd8b3eb..00000000
--- a/bootstrap/templates/kubernetes/apps/flux-system/webhooks/app/kustomization.yaml.j2
+++ /dev/null
@@ -1,5 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./github
diff --git a/bootstrap/templates/kubernetes/apps/flux-system/webhooks/ks.yaml.j2 b/bootstrap/templates/kubernetes/apps/flux-system/webhooks/ks.yaml.j2
deleted file mode 100644
index e80c50b2..00000000
--- a/bootstrap/templates/kubernetes/apps/flux-system/webhooks/ks.yaml.j2
+++ /dev/null
@@ -1,20 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: &app flux-webhooks
-  namespace: flux-system
-spec:
-  targetNamespace: flux-system
-  commonMetadata:
-    labels:
-      app.kubernetes.io/name: *app
-  path: ./kubernetes/apps/flux-system/webhooks/app
-  prune: true
-  sourceRef:
-    kind: GitRepository
-    name: home-kubernetes
-  wait: true
-  interval: 30m
-  retryInterval: 1m
-  timeout: 5m
diff --git a/bootstrap/templates/kubernetes/apps/kube-system/cilium/app/helm-values.yaml.j2 b/bootstrap/templates/kubernetes/apps/kube-system/cilium/app/helm-values.yaml.j2
deleted file mode 100644
index 80b04662..00000000
--- a/bootstrap/templates/kubernetes/apps/kube-system/cilium/app/helm-values.yaml.j2
+++ /dev/null
@@ -1,68 +0,0 @@
----
-autoDirectNodeRoutes: true
-#% if bootstrap_bgp.enabled %#
-bgpControlPlane:
-  enabled: true
-#% endif %#
-bpf:
-  masquerade: false # Required for Talos `.machine.features.hostDNS.forwardKubeDNSToHost`
-cgroup:
-  automount:
-    enabled: false
-  hostRoot: /sys/fs/cgroup
-cluster:
-  id: 1
-  name: "#{ bootstrap_cluster_name|default('home-kubernetes', true) }#"
-cni:
-  exclusive: false
-# NOTE: devices might need to be set if you have more than one active NIC on your hosts
-# devices: eno+ eth+
-endpointRoutes:
-  enabled: true
-hubble:
-  enabled: false
-ipam:
-  mode: kubernetes
-ipv4NativeRoutingCIDR: "#{ bootstrap_pod_network.split(',')[0] }#"
-#% if bootstrap_feature_gates.dual_stack_ipv4_first %#
-ipv6NativeRoutingCIDR: "#{ bootstrap_pod_network.split(',')[1] }#"
-ipv6:
-  enabled: true
-#% endif %#
-k8sServiceHost: 127.0.0.1
-k8sServicePort: 7445
-kubeProxyReplacement: true
-kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256
-l2announcements:
-  #% if ((bootstrap_bgp.enabled) or (bootstrap_feature_gates.dual_stack_ipv4_first)) %#
-  enabled: false # https://github.com/cilium/cilium/issues/28985
-  #% else %#
-  enabled: true
-  #% endif %#
-loadBalancer:
-  algorithm: maglev
-  mode: snat
-localRedirectPolicy: true
-operator:
-  replicas: 1
-  rollOutPods: true
-rollOutCiliumPods: true
-routingMode: native
-securityContext:
-  capabilities:
-    ciliumAgent:
-      - CHOWN
-      - KILL
-      - NET_ADMIN
-      - NET_RAW
-      - IPC_LOCK
-      - SYS_ADMIN
-      - SYS_RESOURCE
-      - DAC_OVERRIDE
-      - FOWNER
-      - SETGID
-      - SETUID
-    cleanCiliumState:
-      - NET_ADMIN
-      - SYS_ADMIN
-      - SYS_RESOURCE
diff --git a/bootstrap/templates/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml.j2 b/bootstrap/templates/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml.j2
deleted file mode 100644
index 39da0fa6..00000000
--- a/bootstrap/templates/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml.j2
+++ /dev/null
@@ -1,76 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: cilium
-spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: cilium
-      version: 1.15.7
-      sourceRef:
-        kind: HelmRepository
-        name: cilium
-        namespace: flux-system
-  install:
-    remediation:
-      retries: 3
-  upgrade:
-    cleanupOnFail: true
-    remediation:
-      retries: 3
-  valuesFrom:
-    - kind: ConfigMap
-      name: cilium-helm-values
-  values:
-    #% if bootstrap_cloudflare.enabled %#
-    hubble:
-      enabled: true
-      metrics:
-        enabled:
-          - dns:query
-          - drop
-          - tcp
-          - flow
-          - port-distribution
-          - icmp
-          - http
-        serviceMonitor:
-          enabled: true
-        dashboards:
-          enabled: true
-          annotations:
-            grafana_folder: Cilium
-      relay:
-        enabled: true
-        rollOutPods: true
-        prometheus:
-          serviceMonitor:
-            enabled: true
-      ui:
-        enabled: true
-        rollOutPods: true
-        ingress:
-          enabled: true
-          className: internal
-          hosts: ["hubble.${SECRET_DOMAIN}"]
-    #% endif %#
-    operator:
-      prometheus:
-        enabled: true
-        serviceMonitor:
-          enabled: true
-      dashboards:
-        enabled: true
-        annotations:
-          grafana_folder: Cilium
-    prometheus:
-      enabled: true
-      serviceMonitor:
-        enabled: true
-        trustCRDsExist: true
-    dashboards:
-      enabled: true
-      annotations:
-        grafana_folder: Cilium
diff --git a/bootstrap/templates/kubernetes/apps/kube-system/cilium/app/kustomization.yaml.j2 b/bootstrap/templates/kubernetes/apps/kube-system/cilium/app/kustomization.yaml.j2
deleted file mode 100644
index b4f3860b..00000000
--- a/bootstrap/templates/kubernetes/apps/kube-system/cilium/app/kustomization.yaml.j2
+++ /dev/null
@@ -1,11 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./helmrelease.yaml
-configMapGenerator:
-  - name: cilium-helm-values
-    files:
-      - values.yaml=./helm-values.yaml
-configurations:
-  - kustomizeconfig.yaml
diff --git a/bootstrap/templates/kubernetes/apps/kube-system/cilium/app/kustomizeconfig.yaml.j2 b/bootstrap/templates/kubernetes/apps/kube-system/cilium/app/kustomizeconfig.yaml.j2
deleted file mode 100644
index 58f92ba1..00000000
--- a/bootstrap/templates/kubernetes/apps/kube-system/cilium/app/kustomizeconfig.yaml.j2
+++ /dev/null
@@ -1,7 +0,0 @@
----
-nameReference:
-  - kind: ConfigMap
-    version: v1
-    fieldSpecs:
-      - path: spec/valuesFrom/name
-        kind: HelmRelease
diff --git a/bootstrap/templates/kubernetes/apps/kube-system/cilium/config/cilium-l2.yaml.j2 b/bootstrap/templates/kubernetes/apps/kube-system/cilium/config/cilium-l2.yaml.j2
deleted file mode 100644
index db6cd461..00000000
--- a/bootstrap/templates/kubernetes/apps/kube-system/cilium/config/cilium-l2.yaml.j2
+++ /dev/null
@@ -1,26 +0,0 @@
-#% if ((not bootstrap_bgp.enabled) and (not bootstrap_feature_gates.dual_stack_ipv4_first)) %#
----
-# https://docs.cilium.io/en/latest/network/l2-announcements
-apiVersion: cilium.io/v2alpha1
-kind: CiliumL2AnnouncementPolicy
-metadata:
-  name: l2-policy
-spec:
-  loadBalancerIPs: true
-  # NOTE: interfaces might need to be set if you have more than one active NIC on your hosts
-  # interfaces:
-  #   - ^eno[0-9]+
-  #   - ^eth[0-9]+
-  nodeSelector:
-    matchLabels:
-      kubernetes.io/os: linux
----
-apiVersion: cilium.io/v2alpha1
-kind: CiliumLoadBalancerIPPool
-metadata:
-  name: l2-pool
-spec:
-  allowFirstLastIPs: "Yes"
-  blocks:
-    - cidr: "#{ bootstrap_node_network }#"
-#% endif %#
diff --git a/bootstrap/templates/kubernetes/apps/kube-system/cilium/config/cilium-l3.yaml.j2 b/bootstrap/templates/kubernetes/apps/kube-system/cilium/config/cilium-l3.yaml.j2
deleted file mode 100644
index 80427a1b..00000000
--- a/bootstrap/templates/kubernetes/apps/kube-system/cilium/config/cilium-l3.yaml.j2
+++ /dev/null
@@ -1,41 +0,0 @@
-#% if bootstrap_bgp.enabled %#
----
-# https://docs.cilium.io/en/latest/network/bgp-control-plane/
-apiVersion: cilium.io/v2alpha1
-kind: CiliumBGPPeeringPolicy
-metadata:
-  name: l3-policy
-spec:
-  nodeSelector:
-    matchLabels:
-      kubernetes.io/os: linux
-  virtualRouters:
-    - localASN: #{ bootstrap_bgp.local_asn }#
-      neighbors:
-        #% if bootstrap_bgp.peers %#
-        #% for item in bootstrap_bgp.peers %#
-        - peerAddress: "#{ item }#/32"
-          peerASN: #{ bootstrap_bgp.peer_asn }#
-          peerPort: #{ bootstrap_bgp.peer_port | default(179) }#
-        #% endfor %#
-        #% else %#
-        #% if bootstrap_node_default_gateway %#
-        - peerAddress: "#{ bootstrap_node_default_gateway }#/32"
-        #% else %#
-        - peerAddress: "#{ bootstrap_node_network | nthhost(1) }#/32"
-        #% endif %#
-          peerASN: #{ bootstrap_bgp.peer_asn }#
-        #% endif %#
-      serviceSelector:
-        matchExpressions:
-          - {key: somekey, operator: NotIn, values: ['never-used-value']}
----
-apiVersion: cilium.io/v2alpha1
-kind: CiliumLoadBalancerIPPool
-metadata:
-  name: l3-pool
-spec:
-  allowFirstLastIPs: "Yes"
-  blocks:
-    - cidr: "#{ bootstrap_bgp.advertised_network }#"
-#% endif %#
diff --git a/bootstrap/templates/kubernetes/apps/kube-system/cilium/config/kustomization.yaml.j2 b/bootstrap/templates/kubernetes/apps/kube-system/cilium/config/kustomization.yaml.j2
deleted file mode 100644
index 4fc169b4..00000000
--- a/bootstrap/templates/kubernetes/apps/kube-system/cilium/config/kustomization.yaml.j2
+++ /dev/null
@@ -1,11 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  #% if bootstrap_bgp.enabled %#
-  - ./cilium-l3.yaml
-  #% elif not bootstrap_feature_gates.dual_stack_ipv4_first %#
-  - ./cilium-l2.yaml
-  #% else %#
-  []
-  #% endif %#
diff --git a/bootstrap/templates/kubernetes/apps/kube-system/cilium/ks.yaml.j2 b/bootstrap/templates/kubernetes/apps/kube-system/cilium/ks.yaml.j2
deleted file mode 100644
index 2522f1df..00000000
--- a/bootstrap/templates/kubernetes/apps/kube-system/cilium/ks.yaml.j2
+++ /dev/null
@@ -1,42 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: &app cilium
-  namespace: flux-system
-spec:
-  targetNamespace: kube-system
-  commonMetadata:
-    labels:
-      app.kubernetes.io/name: *app
-  path: ./kubernetes/apps/kube-system/cilium/app
-  prune: false # never should be deleted
-  sourceRef:
-    kind: GitRepository
-    name: home-kubernetes
-  wait: true
-  interval: 30m
-  retryInterval: 1m
-  timeout: 5m
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: &app cilium-config
-  namespace: flux-system
-spec:
-  targetNamespace: kube-system
-  commonMetadata:
-    labels:
-      app.kubernetes.io/name: *app
-  dependsOn:
-    - name: cilium
-  path: ./kubernetes/apps/kube-system/cilium/config
-  prune: false # never should be deleted
-  sourceRef:
-    kind: GitRepository
-    name: home-kubernetes
-  wait: false
-  interval: 30m
-  retryInterval: 1m
-  timeout: 5m
diff --git a/bootstrap/templates/kubernetes/apps/kube-system/coredns/app/helm-values.yaml.j2 b/bootstrap/templates/kubernetes/apps/kube-system/coredns/app/helm-values.yaml.j2
deleted file mode 100644
index 2c358ee3..00000000
--- a/bootstrap/templates/kubernetes/apps/kube-system/coredns/app/helm-values.yaml.j2
+++ /dev/null
@@ -1,50 +0,0 @@
----
-fullnameOverride: coredns
-k8sAppLabelOverride: kube-dns
-serviceAccount:
-  create: true
-service:
-  name: kube-dns
-  clusterIP: "#{ bootstrap_service_network | nthhost(10) }#"
-servers:
-  - zones:
-      - zone: .
-        scheme: dns://
-        use_tcp: true
-    port: 53
-    plugins:
-      - name: errors
-      - name: health
-        configBlock: |-
-          lameduck 5s
-      - name: ready
-      - name: log
-        configBlock: |-
-          class error
-      - name: prometheus
-        parameters: 0.0.0.0:9153
-      - name: kubernetes
-        parameters: cluster.local in-addr.arpa ip6.arpa
-        configBlock: |-
-          pods insecure
-          fallthrough in-addr.arpa ip6.arpa
-      - name: forward
-        parameters: . /etc/resolv.conf
-      - name: cache
-        parameters: 30
-      - name: loop
-      - name: reload
-      - name: loadbalance
-affinity:
-  nodeAffinity:
-    requiredDuringSchedulingIgnoredDuringExecution:
-      nodeSelectorTerms:
-        - matchExpressions:
-            - key: node-role.kubernetes.io/control-plane
-              operator: Exists
-tolerations:
-  - key: CriticalAddonsOnly
-    operator: Exists
-  - key: node-role.kubernetes.io/control-plane
-    operator: Exists
-    effect: NoSchedule
diff --git a/bootstrap/templates/kubernetes/apps/kube-system/coredns/app/helmrelease.yaml.j2 b/bootstrap/templates/kubernetes/apps/kube-system/coredns/app/helmrelease.yaml.j2
deleted file mode 100644
index 5e34d698..00000000
--- a/bootstrap/templates/kubernetes/apps/kube-system/coredns/app/helmrelease.yaml.j2
+++ /dev/null
@@ -1,26 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: coredns
-spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: coredns
-      version: 1.31.0
-      sourceRef:
-        kind: HelmRepository
-        name: coredns
-        namespace: flux-system
-  install:
-    remediation:
-      retries: 3
-  upgrade:
-    cleanupOnFail: true
-    remediation:
-      strategy: rollback
-      retries: 3
-  valuesFrom:
-    - kind: ConfigMap
-      name: coredns-helm-values
diff --git a/bootstrap/templates/kubernetes/apps/kube-system/coredns/app/kustomization.yaml.j2 b/bootstrap/templates/kubernetes/apps/kube-system/coredns/app/kustomization.yaml.j2
deleted file mode 100644
index 691355b5..00000000
--- a/bootstrap/templates/kubernetes/apps/kube-system/coredns/app/kustomization.yaml.j2
+++ /dev/null
@@ -1,11 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./helmrelease.yaml
-configMapGenerator:
-  - name: coredns-helm-values
-    files:
-      - values.yaml=./helm-values.yaml
-configurations:
-  - kustomizeconfig.yaml
diff --git a/bootstrap/templates/kubernetes/apps/kube-system/coredns/app/kustomizeconfig.yaml.j2 b/bootstrap/templates/kubernetes/apps/kube-system/coredns/app/kustomizeconfig.yaml.j2
deleted file mode 100644
index 58f92ba1..00000000
--- a/bootstrap/templates/kubernetes/apps/kube-system/coredns/app/kustomizeconfig.yaml.j2
+++ /dev/null
@@ -1,7 +0,0 @@
----
-nameReference:
-  - kind: ConfigMap
-    version: v1
-    fieldSpecs:
-      - path: spec/valuesFrom/name
-        kind: HelmRelease
diff --git a/bootstrap/templates/kubernetes/apps/kube-system/coredns/ks.yaml.j2 b/bootstrap/templates/kubernetes/apps/kube-system/coredns/ks.yaml.j2
deleted file mode 100644
index bf2a537e..00000000
--- a/bootstrap/templates/kubernetes/apps/kube-system/coredns/ks.yaml.j2
+++ /dev/null
@@ -1,20 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: &app coredns
-  namespace: flux-system
-spec:
-  targetNamespace: kube-system
-  commonMetadata:
-    labels:
-      app.kubernetes.io/name: *app
-  path: ./kubernetes/apps/kube-system/coredns/app
-  prune: false # never should be deleted
-  sourceRef:
-    kind: GitRepository
-    name: home-kubernetes
-  wait: false
-  interval: 30m
-  retryInterval: 1m
-  timeout: 5m
diff --git a/bootstrap/templates/kubernetes/apps/kube-system/kubelet-csr-approver/app/helm-values.yaml.j2 b/bootstrap/templates/kubernetes/apps/kube-system/kubelet-csr-approver/app/helm-values.yaml.j2
deleted file mode 100644
index 09d17584..00000000
--- a/bootstrap/templates/kubernetes/apps/kube-system/kubelet-csr-approver/app/helm-values.yaml.j2
+++ /dev/null
@@ -1,3 +0,0 @@
----
-providerRegex: ^(#{ (bootstrap_node_inventory | map(attribute='name') | join('|')) }#)$
-bypassDnsResolution: true
diff --git a/bootstrap/templates/kubernetes/apps/kube-system/kubelet-csr-approver/app/helmrelease.yaml.j2 b/bootstrap/templates/kubernetes/apps/kube-system/kubelet-csr-approver/app/helmrelease.yaml.j2
deleted file mode 100644
index 4710855b..00000000
--- a/bootstrap/templates/kubernetes/apps/kube-system/kubelet-csr-approver/app/helmrelease.yaml.j2
+++ /dev/null
@@ -1,30 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: kubelet-csr-approver
-spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: kubelet-csr-approver
-      version: 1.2.2
-      sourceRef:
-        kind: HelmRepository
-        name: postfinance
-        namespace: flux-system
-  install:
-    remediation:
-      retries: 3
-  upgrade:
-    cleanupOnFail: true
-    remediation:
-      retries: 3
-  valuesFrom:
-    - kind: ConfigMap
-      name: kubelet-csr-approver-helm-values
-  values:
-    metrics:
-      enable: true
-      serviceMonitor:
-        enabled: true
diff --git a/bootstrap/templates/kubernetes/apps/kube-system/kubelet-csr-approver/app/kustomization.yaml.j2 b/bootstrap/templates/kubernetes/apps/kube-system/kubelet-csr-approver/app/kustomization.yaml.j2
deleted file mode 100644
index 30dddafc..00000000
--- a/bootstrap/templates/kubernetes/apps/kube-system/kubelet-csr-approver/app/kustomization.yaml.j2
+++ /dev/null
@@ -1,11 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./helmrelease.yaml
-configMapGenerator:
-  - name: kubelet-csr-approver-helm-values
-    files:
-      - values.yaml=./helm-values.yaml
-configurations:
-  - kustomizeconfig.yaml
diff --git a/bootstrap/templates/kubernetes/apps/kube-system/kubelet-csr-approver/app/kustomizeconfig.yaml.j2 b/bootstrap/templates/kubernetes/apps/kube-system/kubelet-csr-approver/app/kustomizeconfig.yaml.j2
deleted file mode 100644
index 58f92ba1..00000000
--- a/bootstrap/templates/kubernetes/apps/kube-system/kubelet-csr-approver/app/kustomizeconfig.yaml.j2
+++ /dev/null
@@ -1,7 +0,0 @@
----
-nameReference:
-  - kind: ConfigMap
-    version: v1
-    fieldSpecs:
-      - path: spec/valuesFrom/name
-        kind: HelmRelease
diff --git a/bootstrap/templates/kubernetes/apps/kube-system/kubelet-csr-approver/ks.yaml.j2 b/bootstrap/templates/kubernetes/apps/kube-system/kubelet-csr-approver/ks.yaml.j2
deleted file mode 100644
index adfb4940..00000000
--- a/bootstrap/templates/kubernetes/apps/kube-system/kubelet-csr-approver/ks.yaml.j2
+++ /dev/null
@@ -1,20 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: &app kubelet-csr-approver
-  namespace: flux-system
-spec:
-  targetNamespace: kube-system
-  commonMetadata:
-    labels:
-      app.kubernetes.io/name: *app
-  path: ./kubernetes/apps/kube-system/kubelet-csr-approver/app
-  prune: false # never should be deleted
-  sourceRef:
-    kind: GitRepository
-    name: home-kubernetes
-  wait: false
-  interval: 30m
-  retryInterval: 1m
-  timeout: 5m
diff --git a/bootstrap/templates/kubernetes/apps/kube-system/kustomization.yaml.j2 b/bootstrap/templates/kubernetes/apps/kube-system/kustomization.yaml.j2
deleted file mode 100644
index 7a71f70f..00000000
--- a/bootstrap/templates/kubernetes/apps/kube-system/kustomization.yaml.j2
+++ /dev/null
@@ -1,11 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./namespace.yaml
-  - ./cilium/ks.yaml
-  - ./coredns/ks.yaml
-  - ./metrics-server/ks.yaml
-  - ./reloader/ks.yaml
-  - ./kubelet-csr-approver/ks.yaml
-  - ./spegel/ks.yaml
diff --git a/bootstrap/templates/kubernetes/apps/kube-system/metrics-server/app/helmrelease.yaml.j2 b/bootstrap/templates/kubernetes/apps/kube-system/metrics-server/app/helmrelease.yaml.j2
deleted file mode 100644
index 60298df6..00000000
--- a/bootstrap/templates/kubernetes/apps/kube-system/metrics-server/app/helmrelease.yaml.j2
+++ /dev/null
@@ -1,31 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: metrics-server
-spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: metrics-server
-      version: 3.12.1
-      sourceRef:
-        kind: HelmRepository
-        name: metrics-server
-        namespace: flux-system
-  install:
-    remediation:
-      retries: 3
-  upgrade:
-    cleanupOnFail: true
-    remediation:
-      retries: 3
-  values:
-    args:
-      - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
-      - --kubelet-use-node-status-port
-      - --metric-resolution=15s
-    metrics:
-      enabled: true
-    serviceMonitor:
-      enabled: true
diff --git a/bootstrap/templates/kubernetes/apps/kube-system/metrics-server/app/kustomization.yaml.j2 b/bootstrap/templates/kubernetes/apps/kube-system/metrics-server/app/kustomization.yaml.j2
deleted file mode 100644
index 5dd7baca..00000000
--- a/bootstrap/templates/kubernetes/apps/kube-system/metrics-server/app/kustomization.yaml.j2
+++ /dev/null
@@ -1,5 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./helmrelease.yaml
diff --git a/bootstrap/templates/kubernetes/apps/kube-system/metrics-server/ks.yaml.j2 b/bootstrap/templates/kubernetes/apps/kube-system/metrics-server/ks.yaml.j2
deleted file mode 100644
index 244f53c1..00000000
--- a/bootstrap/templates/kubernetes/apps/kube-system/metrics-server/ks.yaml.j2
+++ /dev/null
@@ -1,20 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: &app metrics-server
-  namespace: flux-system
-spec:
-  targetNamespace: kube-system
-  commonMetadata:
-    labels:
-      app.kubernetes.io/name: *app
-  path: ./kubernetes/apps/kube-system/metrics-server/app
-  prune: true
-  sourceRef:
-    kind: GitRepository
-    name: home-kubernetes
-  wait: false
-  interval: 30m
-  retryInterval: 1m
-  timeout: 5m
diff --git a/bootstrap/templates/kubernetes/apps/kube-system/namespace.yaml.j2 b/bootstrap/templates/kubernetes/apps/kube-system/namespace.yaml.j2
deleted file mode 100644
index 5eeb2c91..00000000
--- a/bootstrap/templates/kubernetes/apps/kube-system/namespace.yaml.j2
+++ /dev/null
@@ -1,7 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: kube-system
-  labels:
-    kustomize.toolkit.fluxcd.io/prune: disabled
diff --git a/bootstrap/templates/kubernetes/apps/kube-system/reloader/app/helmrelease.yaml.j2 b/bootstrap/templates/kubernetes/apps/kube-system/reloader/app/helmrelease.yaml.j2
deleted file mode 100644
index 6dd7e43b..00000000
--- a/bootstrap/templates/kubernetes/apps/kube-system/reloader/app/helmrelease.yaml.j2
+++ /dev/null
@@ -1,29 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: reloader
-spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: reloader
-      version: 1.0.119
-      sourceRef:
-        kind: HelmRepository
-        name: stakater
-        namespace: flux-system
-  install:
-    remediation:
-      retries: 3
-  upgrade:
-    cleanupOnFail: true
-    remediation:
-      retries: 3
-  values:
-    fullnameOverride: reloader
-    reloader:
-      readOnlyRootFileSystem: true
-      podMonitor:
-        enabled: true
-        namespace: "{{ .Release.Namespace }}"
diff --git a/bootstrap/templates/kubernetes/apps/kube-system/reloader/app/kustomization.yaml.j2 b/bootstrap/templates/kubernetes/apps/kube-system/reloader/app/kustomization.yaml.j2
deleted file mode 100644
index 5dd7baca..00000000
--- a/bootstrap/templates/kubernetes/apps/kube-system/reloader/app/kustomization.yaml.j2
+++ /dev/null
@@ -1,5 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./helmrelease.yaml
diff --git a/bootstrap/templates/kubernetes/apps/kube-system/reloader/ks.yaml.j2 b/bootstrap/templates/kubernetes/apps/kube-system/reloader/ks.yaml.j2
deleted file mode 100644
index 9aa42993..00000000
--- a/bootstrap/templates/kubernetes/apps/kube-system/reloader/ks.yaml.j2
+++ /dev/null
@@ -1,20 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: &app reloader
-  namespace: flux-system
-spec:
-  targetNamespace: kube-system
-  commonMetadata:
-    labels:
-      app.kubernetes.io/name: *app
-  path: ./kubernetes/apps/kube-system/reloader/app
-  prune: true
-  sourceRef:
-    kind: GitRepository
-    name: home-kubernetes
-  wait: false
-  interval: 30m
-  retryInterval: 1m
-  timeout: 5m
diff --git a/bootstrap/templates/kubernetes/apps/kube-system/spegel/app/helm-values.yaml.j2 b/bootstrap/templates/kubernetes/apps/kube-system/spegel/app/helm-values.yaml.j2
deleted file mode 100644
index a4185ae3..00000000
--- a/bootstrap/templates/kubernetes/apps/kube-system/spegel/app/helm-values.yaml.j2
+++ /dev/null
@@ -1,7 +0,0 @@
----
-spegel:
-  containerdSock: /run/containerd/containerd.sock
-  containerdRegistryConfigPath: /etc/cri/conf.d/hosts
-service:
-  registry:
-    hostPort: 29999
diff --git a/bootstrap/templates/kubernetes/apps/kube-system/spegel/app/helmrelease.yaml.j2 b/bootstrap/templates/kubernetes/apps/kube-system/spegel/app/helmrelease.yaml.j2
deleted file mode 100644
index 05d3eeed..00000000
--- a/bootstrap/templates/kubernetes/apps/kube-system/spegel/app/helmrelease.yaml.j2
+++ /dev/null
@@ -1,30 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: spegel
-spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: spegel
-      version: v0.0.23
-      sourceRef:
-        kind: HelmRepository
-        name: spegel
-        namespace: flux-system
-  install:
-    remediation:
-      retries: 3
-  upgrade:
-    cleanupOnFail: true
-    remediation:
-      retries: 3
-  valuesFrom:
-    - kind: ConfigMap
-      name: spegel-helm-values
-  values:
-    grafanaDashboard:
-      enabled: true
-    serviceMonitor:
-      enabled: true
diff --git a/bootstrap/templates/kubernetes/apps/kube-system/spegel/app/kustomization.yaml.j2 b/bootstrap/templates/kubernetes/apps/kube-system/spegel/app/kustomization.yaml.j2
deleted file mode 100644
index 1e1aa1d1..00000000
--- a/bootstrap/templates/kubernetes/apps/kube-system/spegel/app/kustomization.yaml.j2
+++ /dev/null
@@ -1,11 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./helmrelease.yaml
-configMapGenerator:
-  - name: spegel-helm-values
-    files:
-      - values.yaml=./helm-values.yaml
-configurations:
-  - kustomizeconfig.yaml
diff --git a/bootstrap/templates/kubernetes/apps/kube-system/spegel/app/kustomizeconfig.yaml.j2 b/bootstrap/templates/kubernetes/apps/kube-system/spegel/app/kustomizeconfig.yaml.j2
deleted file mode 100644
index 58f92ba1..00000000
--- a/bootstrap/templates/kubernetes/apps/kube-system/spegel/app/kustomizeconfig.yaml.j2
+++ /dev/null
@@ -1,7 +0,0 @@
----
-nameReference:
-  - kind: ConfigMap
-    version: v1
-    fieldSpecs:
-      - path: spec/valuesFrom/name
-        kind: HelmRelease
diff --git a/bootstrap/templates/kubernetes/apps/kube-system/spegel/ks.yaml.j2 b/bootstrap/templates/kubernetes/apps/kube-system/spegel/ks.yaml.j2
deleted file mode 100644
index 83c730b0..00000000
--- a/bootstrap/templates/kubernetes/apps/kube-system/spegel/ks.yaml.j2
+++ /dev/null
@@ -1,20 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: &app spegel
-  namespace: flux-system
-spec:
-  targetNamespace: kube-system
-  commonMetadata:
-    labels:
-      app.kubernetes.io/name: *app
-  path: ./kubernetes/apps/kube-system/spegel/app
-  prune: true
-  sourceRef:
-    kind: GitRepository
-    name: home-kubernetes
-  wait: false
-  interval: 30m
-  retryInterval: 1m
-  timeout: 5m
diff --git a/bootstrap/templates/kubernetes/apps/network/.mjfilter.py b/bootstrap/templates/kubernetes/apps/network/.mjfilter.py
deleted file mode 100644
index d9ae82b4..00000000
--- a/bootstrap/templates/kubernetes/apps/network/.mjfilter.py
+++ /dev/null
@@ -1 +0,0 @@
-main = lambda data: data.get("bootstrap_cloudflare", {}).get("enabled", False) == True
diff --git a/bootstrap/templates/kubernetes/apps/network/cloudflared/app/configs/config.yaml.j2 b/bootstrap/templates/kubernetes/apps/network/cloudflared/app/configs/config.yaml.j2
deleted file mode 100644
index 05bcef5c..00000000
--- a/bootstrap/templates/kubernetes/apps/network/cloudflared/app/configs/config.yaml.j2
+++ /dev/null
@@ -1,10 +0,0 @@
----
-originRequest:
-  originServerName: "external.${SECRET_DOMAIN}"
-
-ingress:
-  - hostname: "${SECRET_DOMAIN}"
-    service: https://ingress-nginx-external-controller.network.svc.cluster.local:443
-  - hostname: "*.${SECRET_DOMAIN}"
-    service: https://ingress-nginx-external-controller.network.svc.cluster.local:443
-  - service: http_status:404
diff --git a/bootstrap/templates/kubernetes/apps/network/cloudflared/app/dnsendpoint.yaml.j2 b/bootstrap/templates/kubernetes/apps/network/cloudflared/app/dnsendpoint.yaml.j2
deleted file mode 100644
index 43d7d7b2..00000000
--- a/bootstrap/templates/kubernetes/apps/network/cloudflared/app/dnsendpoint.yaml.j2
+++ /dev/null
@@ -1,10 +0,0 @@
----
-apiVersion: externaldns.k8s.io/v1alpha1
-kind: DNSEndpoint
-metadata:
-  name: cloudflared
-spec:
-  endpoints:
-    - dnsName: "external.${SECRET_DOMAIN}"
-      recordType: CNAME
-      targets: ["${SECRET_CLOUDFLARE_TUNNEL_ID}.cfargotunnel.com"]
diff --git a/bootstrap/templates/kubernetes/apps/network/cloudflared/app/helmrelease.yaml.j2 b/bootstrap/templates/kubernetes/apps/network/cloudflared/app/helmrelease.yaml.j2
deleted file mode 100644
index 8066f721..00000000
--- a/bootstrap/templates/kubernetes/apps/network/cloudflared/app/helmrelease.yaml.j2
+++ /dev/null
@@ -1,109 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: cloudflared
-spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: app-template
-      version: 3.2.1
-      sourceRef:
-        kind: HelmRepository
-        name: bjw-s
-        namespace: flux-system
-  install:
-    remediation:
-      retries: 3
-  upgrade:
-    cleanupOnFail: true
-    remediation:
-      retries: 3
-  values:
-    controllers:
-      cloudflared:
-        strategy: RollingUpdate
-        annotations:
-          reloader.stakater.com/auto: "true"
-        containers:
-          app:
-            image:
-              repository: docker.io/cloudflare/cloudflared
-              tag: 2024.6.1
-            env:
-              NO_AUTOUPDATE: true
-              TUNNEL_CRED_FILE: /etc/cloudflared/creds/credentials.json
-              TUNNEL_METRICS: 0.0.0.0:8080
-              TUNNEL_ORIGIN_ENABLE_HTTP2: true
-              TUNNEL_TRANSPORT_PROTOCOL: quic
-              TUNNEL_POST_QUANTUM: true
-              TUNNEL_ID:
-                valueFrom:
-                  secretKeyRef:
-                    name: cloudflared-secret
-                    key: TUNNEL_ID
-            args:
-              - tunnel
-              - --config
-              - /etc/cloudflared/config/config.yaml
-              - run
-              - "$(TUNNEL_ID)"
-            probes:
-              liveness: &probes
-                enabled: true
-                custom: true
-                spec:
-                  httpGet:
-                    path: /ready
-                    port: &port 8080
-                  initialDelaySeconds: 0
-                  periodSeconds: 10
-                  timeoutSeconds: 1
-                  failureThreshold: 3
-              readiness: *probes
-            securityContext:
-              allowPrivilegeEscalation: false
-              readOnlyRootFilesystem: true
-              capabilities: { drop: ["ALL"] }
-            resources:
-              requests:
-                cpu: 10m
-              limits:
-                memory: 256Mi
-    defaultPodOptions:
-      securityContext:
-        runAsNonRoot: true
-        runAsUser: 65534
-        runAsGroup: 65534
-        seccompProfile: { type: RuntimeDefault }
-    service:
-      app:
-        controller: cloudflared
-        ports:
-          http:
-            port: *port
-    serviceMonitor:
-      app:
-        serviceName: cloudflared
-        endpoints:
-          - port: http
-            scheme: http
-            path: /metrics
-            interval: 1m
-            scrapeTimeout: 10s
-    persistence:
-      config:
-        type: configMap
-        name: cloudflared-configmap
-        globalMounts:
-          - path: /etc/cloudflared/config/config.yaml
-            subPath: config.yaml
-            readOnly: true
-      creds:
-        type: secret
-        name: cloudflared-secret
-        globalMounts:
-          - path: /etc/cloudflared/creds/credentials.json
-            subPath: credentials.json
-            readOnly: true
diff --git a/bootstrap/templates/kubernetes/apps/network/cloudflared/app/kustomization.yaml.j2 b/bootstrap/templates/kubernetes/apps/network/cloudflared/app/kustomization.yaml.j2
deleted file mode 100644
index 891a864a..00000000
--- a/bootstrap/templates/kubernetes/apps/network/cloudflared/app/kustomization.yaml.j2
+++ /dev/null
@@ -1,13 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./dnsendpoint.yaml
-  - ./secret.sops.yaml
-  - ./helmrelease.yaml
-configMapGenerator:
-  - name: cloudflared-configmap
-    files:
-      - ./configs/config.yaml
-generatorOptions:
-  disableNameSuffixHash: true
diff --git a/bootstrap/templates/kubernetes/apps/network/cloudflared/app/secret.sops.yaml.j2 b/bootstrap/templates/kubernetes/apps/network/cloudflared/app/secret.sops.yaml.j2
deleted file mode 100644
index 67d169ed..00000000
--- a/bootstrap/templates/kubernetes/apps/network/cloudflared/app/secret.sops.yaml.j2
+++ /dev/null
@@ -1,13 +0,0 @@
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: cloudflared-secret
-stringData:
-  TUNNEL_ID: "#{ bootstrap_cloudflare.tunnel.id }#"
-  credentials.json: |
-    {
-      "AccountTag": "#{ bootstrap_cloudflare.tunnel.account_id }#",
-      "TunnelSecret": "#{ bootstrap_cloudflare.tunnel.secret }#",
-      "TunnelID": "#{ bootstrap_cloudflare.tunnel.id }#"
-    }
diff --git a/bootstrap/templates/kubernetes/apps/network/cloudflared/ks.yaml.j2 b/bootstrap/templates/kubernetes/apps/network/cloudflared/ks.yaml.j2
deleted file mode 100644
index eb8d8da0..00000000
--- a/bootstrap/templates/kubernetes/apps/network/cloudflared/ks.yaml.j2
+++ /dev/null
@@ -1,22 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: &app cloudflared
-  namespace: flux-system
-spec:
-  targetNamespace: network
-  commonMetadata:
-    labels:
-      app.kubernetes.io/name: *app
-  dependsOn:
-    - name: external-dns
-  path: ./kubernetes/apps/network/cloudflared/app
-  prune: true
-  sourceRef:
-    kind: GitRepository
-    name: home-kubernetes
-  wait: false
-  interval: 30m
-  retryInterval: 1m
-  timeout: 5m
diff --git a/bootstrap/templates/kubernetes/apps/network/echo-server/app/helmrelease.yaml.j2 b/bootstrap/templates/kubernetes/apps/network/echo-server/app/helmrelease.yaml.j2
deleted file mode 100644
index 1052569d..00000000
--- a/bootstrap/templates/kubernetes/apps/network/echo-server/app/helmrelease.yaml.j2
+++ /dev/null
@@ -1,91 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: echo-server
-spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: app-template
-      version: 3.2.1
-      sourceRef:
-        kind: HelmRepository
-        name: bjw-s
-        namespace: flux-system
-  install:
-    remediation:
-      retries: 3
-  upgrade:
-    cleanupOnFail: true
-    remediation:
-      retries: 3
-  values:
-    controllers:
-      echo-server:
-        strategy: RollingUpdate
-        containers:
-          app:
-            image:
-              repository: ghcr.io/mendhak/http-https-echo
-              tag: 33
-            env:
-              HTTP_PORT: &port 8080
-              LOG_WITHOUT_NEWLINE: true
-              LOG_IGNORE_PATH: /healthz
-              PROMETHEUS_ENABLED: true
-            probes:
-              liveness: &probes
-                enabled: true
-                custom: true
-                spec:
-                  httpGet:
-                    path: /healthz
-                    port: *port
-                  initialDelaySeconds: 0
-                  periodSeconds: 10
-                  timeoutSeconds: 1
-                  failureThreshold: 3
-              readiness: *probes
-            securityContext:
-              allowPrivilegeEscalation: false
-              readOnlyRootFilesystem: true
-              capabilities: { drop: ["ALL"] }
-            resources:
-              requests:
-                cpu: 10m
-              limits:
-                memory: 64Mi
-    defaultPodOptions:
-      securityContext:
-        runAsNonRoot: true
-        runAsUser: 65534
-        runAsGroup: 65534
-        seccompProfile: { type: RuntimeDefault }
-    service:
-      app:
-        controller: echo-server
-        ports:
-          http:
-            port: *port
-    serviceMonitor:
-      app:
-        serviceName: echo-server
-        endpoints:
-          - port: http
-            scheme: http
-            path: /metrics
-            interval: 1m
-            scrapeTimeout: 10s
-    ingress:
-      app:
-        className: external
-        annotations:
-          external-dns.alpha.kubernetes.io/target: "external.${SECRET_DOMAIN}"
-        hosts:
-          - host: "{{ .Release.Name }}.${SECRET_DOMAIN}"
-            paths:
-              - path: /
-                service:
-                  identifier: app
-                  port: http
diff --git a/bootstrap/templates/kubernetes/apps/network/echo-server/app/kustomization.yaml.j2 b/bootstrap/templates/kubernetes/apps/network/echo-server/app/kustomization.yaml.j2
deleted file mode 100644
index 5dd7baca..00000000
--- a/bootstrap/templates/kubernetes/apps/network/echo-server/app/kustomization.yaml.j2
+++ /dev/null
@@ -1,5 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./helmrelease.yaml
diff --git a/bootstrap/templates/kubernetes/apps/network/echo-server/ks.yaml.j2 b/bootstrap/templates/kubernetes/apps/network/echo-server/ks.yaml.j2
deleted file mode 100644
index 2984f219..00000000
--- a/bootstrap/templates/kubernetes/apps/network/echo-server/ks.yaml.j2
+++ /dev/null
@@ -1,20 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: &app echo-server
-  namespace: flux-system
-spec:
-  targetNamespace: network
-  commonMetadata:
-    labels:
-      app.kubernetes.io/name: *app
-  path: ./kubernetes/apps/network/echo-server/app
-  prune: true
-  sourceRef:
-    kind: GitRepository
-    name: home-kubernetes
-  wait: false
-  interval: 30m
-  retryInterval: 1m
-  timeout: 5m
diff --git a/bootstrap/templates/kubernetes/apps/network/external-dns/app/helmrelease.yaml.j2 b/bootstrap/templates/kubernetes/apps/network/external-dns/app/helmrelease.yaml.j2
deleted file mode 100644
index 5b7dee10..00000000
--- a/bootstrap/templates/kubernetes/apps/network/external-dns/app/helmrelease.yaml.j2
+++ /dev/null
@@ -1,48 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: &app external-dns
-spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: external-dns
-      version: 1.14.5
-      sourceRef:
-        kind: HelmRepository
-        name: external-dns
-        namespace: flux-system
-  install:
-    crds: CreateReplace
-    remediation:
-      retries: 3
-  upgrade:
-    cleanupOnFail: true
-    crds: CreateReplace
-    remediation:
-      strategy: rollback
-      retries: 3
-  values:
-    fullnameOverride: *app
-    provider: cloudflare
-    env:
-      - name: CF_API_TOKEN
-        valueFrom:
-          secretKeyRef:
-            name: external-dns-secret
-            key: api-token
-    extraArgs:
-      - --ingress-class=external
-      - --cloudflare-proxied
-      - --crd-source-apiversion=externaldns.k8s.io/v1alpha1
-      - --crd-source-kind=DNSEndpoint
-    policy: sync
-    sources: ["crd", "ingress"]
-    txtPrefix: k8s.
-    txtOwnerId: default
-    domainFilters: ["${SECRET_DOMAIN}"]
-    serviceMonitor:
-      enabled: true
-    podAnnotations:
-      secret.reloader.stakater.com/reload: external-dns-secret
diff --git a/bootstrap/templates/kubernetes/apps/network/external-dns/app/kustomization.yaml.j2 b/bootstrap/templates/kubernetes/apps/network/external-dns/app/kustomization.yaml.j2
deleted file mode 100644
index 95bf4747..00000000
--- a/bootstrap/templates/kubernetes/apps/network/external-dns/app/kustomization.yaml.j2
+++ /dev/null
@@ -1,6 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./secret.sops.yaml
-  - ./helmrelease.yaml
diff --git a/bootstrap/templates/kubernetes/apps/network/external-dns/app/secret.sops.yaml.j2 b/bootstrap/templates/kubernetes/apps/network/external-dns/app/secret.sops.yaml.j2
deleted file mode 100644
index c067b329..00000000
--- a/bootstrap/templates/kubernetes/apps/network/external-dns/app/secret.sops.yaml.j2
+++ /dev/null
@@ -1,7 +0,0 @@
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: external-dns-secret
-stringData:
-  api-token: "#{ bootstrap_cloudflare.token }#"
diff --git a/bootstrap/templates/kubernetes/apps/network/external-dns/ks.yaml.j2 b/bootstrap/templates/kubernetes/apps/network/external-dns/ks.yaml.j2
deleted file mode 100644
index eaed4b56..00000000
--- a/bootstrap/templates/kubernetes/apps/network/external-dns/ks.yaml.j2
+++ /dev/null
@@ -1,20 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: &app external-dns
-  namespace: flux-system
-spec:
-  targetNamespace: network
-  commonMetadata:
-    labels:
-      app.kubernetes.io/name: *app
-  path: ./kubernetes/apps/network/external-dns/app
-  prune: true
-  sourceRef:
-    kind: GitRepository
-    name: home-kubernetes
-  wait: true
-  interval: 30m
-  retryInterval: 1m
-  timeout: 5m
diff --git a/bootstrap/templates/kubernetes/apps/network/ingress-nginx/certificates/kustomization.yaml.j2 b/bootstrap/templates/kubernetes/apps/network/ingress-nginx/certificates/kustomization.yaml.j2
deleted file mode 100644
index 94d1afbf..00000000
--- a/bootstrap/templates/kubernetes/apps/network/ingress-nginx/certificates/kustomization.yaml.j2
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./staging.yaml
-  #% if bootstrap_cloudflare.acme.production %#
-  - ./production.yaml
-  #% endif %#
diff --git a/bootstrap/templates/kubernetes/apps/network/ingress-nginx/certificates/production.yaml.j2 b/bootstrap/templates/kubernetes/apps/network/ingress-nginx/certificates/production.yaml.j2
deleted file mode 100644
index b5afdf41..00000000
--- a/bootstrap/templates/kubernetes/apps/network/ingress-nginx/certificates/production.yaml.j2
+++ /dev/null
@@ -1,14 +0,0 @@
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: "${SECRET_DOMAIN/./-}-production"
-spec:
-  secretName: "${SECRET_DOMAIN/./-}-production-tls"
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "${SECRET_DOMAIN}"
-  dnsNames:
-    - "${SECRET_DOMAIN}"
-    - "*.${SECRET_DOMAIN}"
diff --git a/bootstrap/templates/kubernetes/apps/network/ingress-nginx/certificates/staging.yaml.j2 b/bootstrap/templates/kubernetes/apps/network/ingress-nginx/certificates/staging.yaml.j2
deleted file mode 100644
index 9c869425..00000000
--- a/bootstrap/templates/kubernetes/apps/network/ingress-nginx/certificates/staging.yaml.j2
+++ /dev/null
@@ -1,14 +0,0 @@
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: "${SECRET_DOMAIN/./-}-staging"
-spec:
-  secretName: "${SECRET_DOMAIN/./-}-staging-tls"
-  issuerRef:
-    name: letsencrypt-staging
-    kind: ClusterIssuer
-  commonName: "${SECRET_DOMAIN}"
-  dnsNames:
-    - "${SECRET_DOMAIN}"
-    - "*.${SECRET_DOMAIN}"
diff --git a/bootstrap/templates/kubernetes/apps/network/ingress-nginx/external/helmrelease.yaml.j2 b/bootstrap/templates/kubernetes/apps/network/ingress-nginx/external/helmrelease.yaml.j2
deleted file mode 100644
index 462708fb..00000000
--- a/bootstrap/templates/kubernetes/apps/network/ingress-nginx/external/helmrelease.yaml.j2
+++ /dev/null
@@ -1,79 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: ingress-nginx-external
-spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: ingress-nginx
-      version: 4.11.1
-      sourceRef:
-        kind: HelmRepository
-        name: ingress-nginx
-        namespace: flux-system
-  install:
-    remediation:
-      retries: 3
-  upgrade:
-    cleanupOnFail: true
-    remediation:
-      retries: 3
-  dependsOn:
-    - name: cloudflared
-      namespace: network
-  values:
-    fullnameOverride: ingress-nginx-external
-    controller:
-      service:
-        annotations:
-          external-dns.alpha.kubernetes.io/hostname: "external.${SECRET_DOMAIN}"
-          io.cilium/lb-ipam-ips: "#{ bootstrap_cloudflare.tunnel.ingress_vip }#"
-        externalTrafficPolicy: Cluster
-      ingressClassResource:
-        name: external
-        default: false
-        controllerValue: k8s.io/external
-      admissionWebhooks:
-        objectSelector:
-          matchExpressions:
-            - key: ingress-class
-              operator: In
-              values: ["external"]
-      config:
-        client-body-buffer-size: 100M
-        client-body-timeout: 120
-        client-header-timeout: 120
-        enable-brotli: "true"
-        enable-real-ip: "true"
-        hsts-max-age: 31449600
-        keep-alive-requests: 10000
-        keep-alive: 120
-        log-format-escape-json: "true"
-        log-format-upstream: >
-          {"time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr", "x_forwarded_for": "$proxy_add_x_forwarded_for",
-          "request_id": "$req_id", "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time,
-          "status": $status, "vhost": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args",
-          "request_length": $request_length, "duration": $request_time, "method": "$request_method", "http_referrer": "$http_referer",
-          "http_user_agent": "$http_user_agent"}
-        proxy-body-size: 0
-        proxy-buffer-size: 16k
-        ssl-protocols: TLSv1.3 TLSv1.2
-      metrics:
-        enabled: true
-        serviceMonitor:
-          enabled: true
-          namespaceSelector:
-            any: true
-      extraArgs:
-        #% if bootstrap_cloudflare.acme.production %#
-        default-ssl-certificate: "network/${SECRET_DOMAIN/./-}-production-tls"
-        #% else %#
-        default-ssl-certificate: "network/${SECRET_DOMAIN/./-}-staging-tls"
-        #% endif %#
-      resources:
-        requests:
-          cpu: 100m
-        limits:
-          memory: 500Mi
diff --git a/bootstrap/templates/kubernetes/apps/network/ingress-nginx/external/kustomization.yaml.j2 b/bootstrap/templates/kubernetes/apps/network/ingress-nginx/external/kustomization.yaml.j2
deleted file mode 100644
index 5dd7baca..00000000
--- a/bootstrap/templates/kubernetes/apps/network/ingress-nginx/external/kustomization.yaml.j2
+++ /dev/null
@@ -1,5 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./helmrelease.yaml
diff --git a/bootstrap/templates/kubernetes/apps/network/ingress-nginx/internal/helmrelease.yaml.j2 b/bootstrap/templates/kubernetes/apps/network/ingress-nginx/internal/helmrelease.yaml.j2
deleted file mode 100644
index ab4011fb..00000000
--- a/bootstrap/templates/kubernetes/apps/network/ingress-nginx/internal/helmrelease.yaml.j2
+++ /dev/null
@@ -1,76 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: ingress-nginx-internal
-  namespace: network
-spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: ingress-nginx
-      version: 4.11.1
-      sourceRef:
-        kind: HelmRepository
-        name: ingress-nginx
-        namespace: flux-system
-  install:
-    remediation:
-      retries: 3
-  upgrade:
-    cleanupOnFail: true
-    remediation:
-      retries: 3
-  values:
-    fullnameOverride: ingress-nginx-internal
-    controller:
-      service:
-        annotations:
-          io.cilium/lb-ipam-ips: "#{ bootstrap_cloudflare.ingress_vip }#"
-        externalTrafficPolicy: Cluster
-      ingressClassResource:
-        name: internal
-        default: true
-        controllerValue: k8s.io/internal
-      admissionWebhooks:
-        objectSelector:
-          matchExpressions:
-            - key: ingress-class
-              operator: In
-              values: ["internal"]
-      config:
-        client-body-buffer-size: 100M
-        client-body-timeout: 120
-        client-header-timeout: 120
-        enable-brotli: "true"
-        enable-real-ip: "true"
-        hsts-max-age: 31449600
-        keep-alive-requests: 10000
-        keep-alive: 120
-        log-format-escape-json: "true"
-        log-format-upstream: >
-          {"time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr", "x_forwarded_for": "$proxy_add_x_forwarded_for",
-          "request_id": "$req_id", "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time,
-          "status": $status, "vhost": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args",
-          "request_length": $request_length, "duration": $request_time, "method": "$request_method", "http_referrer": "$http_referer",
-          "http_user_agent": "$http_user_agent"}
-        proxy-body-size: 0
-        proxy-buffer-size: 16k
-        ssl-protocols: TLSv1.3 TLSv1.2
-      metrics:
-        enabled: true
-        serviceMonitor:
-          enabled: true
-          namespaceSelector:
-            any: true
-      extraArgs:
-        #% if bootstrap_cloudflare.acme.production %#
-        default-ssl-certificate: "network/${SECRET_DOMAIN/./-}-production-tls"
-        #% else %#
-        default-ssl-certificate: "network/${SECRET_DOMAIN/./-}-staging-tls"
-        #% endif %#
-      resources:
-        requests:
-          cpu: 100m
-        limits:
-          memory: 500Mi
diff --git a/bootstrap/templates/kubernetes/apps/network/ingress-nginx/internal/kustomization.yaml.j2 b/bootstrap/templates/kubernetes/apps/network/ingress-nginx/internal/kustomization.yaml.j2
deleted file mode 100644
index 5dd7baca..00000000
--- a/bootstrap/templates/kubernetes/apps/network/ingress-nginx/internal/kustomization.yaml.j2
+++ /dev/null
@@ -1,5 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./helmrelease.yaml
diff --git a/bootstrap/templates/kubernetes/apps/network/ingress-nginx/ks.yaml.j2 b/bootstrap/templates/kubernetes/apps/network/ingress-nginx/ks.yaml.j2
deleted file mode 100644
index 99b1abb5..00000000
--- a/bootstrap/templates/kubernetes/apps/network/ingress-nginx/ks.yaml.j2
+++ /dev/null
@@ -1,66 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: &app ingress-nginx-certificates
-  namespace: flux-system
-spec:
-  targetNamespace: network
-  commonMetadata:
-    labels:
-      app.kubernetes.io/name: *app
-  dependsOn:
-    - name: cert-manager-issuers
-  path: ./kubernetes/apps/network/ingress-nginx/certificates
-  prune: true
-  sourceRef:
-    kind: GitRepository
-    name: home-kubernetes
-  wait: true
-  interval: 30m
-  retryInterval: 1m
-  timeout: 5m
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: &app ingress-nginx-internal
-  namespace: flux-system
-spec:
-  targetNamespace: network
-  commonMetadata:
-    labels:
-      app.kubernetes.io/name: *app
-  dependsOn:
-    - name: ingress-nginx-certificates
-  path: ./kubernetes/apps/network/ingress-nginx/internal
-  prune: true
-  sourceRef:
-    kind: GitRepository
-    name: home-kubernetes
-  wait: false
-  interval: 30m
-  retryInterval: 1m
-  timeout: 5m
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: &app ingress-nginx-external
-  namespace: flux-system
-spec:
-  targetNamespace: network
-  commonMetadata:
-    labels:
-      app.kubernetes.io/name: *app
-  dependsOn:
-    - name: ingress-nginx-certificates
-  path: ./kubernetes/apps/network/ingress-nginx/external
-  prune: true
-  sourceRef:
-    kind: GitRepository
-    name: home-kubernetes
-  wait: false
-  interval: 30m
-  retryInterval: 1m
-  timeout: 5m
diff --git a/bootstrap/templates/kubernetes/apps/network/k8s-gateway/app/helmrelease.yaml.j2 b/bootstrap/templates/kubernetes/apps/network/k8s-gateway/app/helmrelease.yaml.j2
deleted file mode 100644
index bf7b917f..00000000
--- a/bootstrap/templates/kubernetes/apps/network/k8s-gateway/app/helmrelease.yaml.j2
+++ /dev/null
@@ -1,33 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: k8s-gateway
-spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: k8s-gateway
-      version: 2.4.0
-      sourceRef:
-        kind: HelmRepository
-        name: k8s-gateway
-        namespace: flux-system
-  install:
-    remediation:
-      retries: 3
-  upgrade:
-    cleanupOnFail: true
-    remediation:
-      retries: 3
-  values:
-    fullnameOverride: k8s-gateway
-    domain: "${SECRET_DOMAIN}"
-    ttl: 1
-    service:
-      type: LoadBalancer
-      port: 53
-      annotations:
-        io.cilium/lb-ipam-ips: "#{ bootstrap_cloudflare.gateway_vip }#"
-      externalTrafficPolicy: Cluster
-    watchedResources: ["Ingress", "Service"]
diff --git a/bootstrap/templates/kubernetes/apps/network/k8s-gateway/app/kustomization.yaml.j2 b/bootstrap/templates/kubernetes/apps/network/k8s-gateway/app/kustomization.yaml.j2
deleted file mode 100644
index 5dd7baca..00000000
--- a/bootstrap/templates/kubernetes/apps/network/k8s-gateway/app/kustomization.yaml.j2
+++ /dev/null
@@ -1,5 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./helmrelease.yaml
diff --git a/bootstrap/templates/kubernetes/apps/network/k8s-gateway/ks.yaml.j2 b/bootstrap/templates/kubernetes/apps/network/k8s-gateway/ks.yaml.j2
deleted file mode 100644
index 06f44255..00000000
--- a/bootstrap/templates/kubernetes/apps/network/k8s-gateway/ks.yaml.j2
+++ /dev/null
@@ -1,20 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: &app k8s-gateway
-  namespace: flux-system
-spec:
-  targetNamespace: network
-  commonMetadata:
-    labels:
-      app.kubernetes.io/name: *app
-  path: ./kubernetes/apps/network/k8s-gateway/app
-  prune: true
-  sourceRef:
-    kind: GitRepository
-    name: home-kubernetes
-  wait: false
-  interval: 30m
-  retryInterval: 1m
-  timeout: 5m
diff --git a/bootstrap/templates/kubernetes/apps/network/kustomization.yaml.j2 b/bootstrap/templates/kubernetes/apps/network/kustomization.yaml.j2
deleted file mode 100644
index e6f8ddc1..00000000
--- a/bootstrap/templates/kubernetes/apps/network/kustomization.yaml.j2
+++ /dev/null
@@ -1,10 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./namespace.yaml
-  - ./cloudflared/ks.yaml
-  - ./echo-server/ks.yaml
-  - ./external-dns/ks.yaml
-  - ./ingress-nginx/ks.yaml
-  - ./k8s-gateway/ks.yaml
diff --git a/bootstrap/templates/kubernetes/apps/network/namespace.yaml.j2 b/bootstrap/templates/kubernetes/apps/network/namespace.yaml.j2
deleted file mode 100644
index 4d78d7b1..00000000
--- a/bootstrap/templates/kubernetes/apps/network/namespace.yaml.j2
+++ /dev/null
@@ -1,7 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: network
-  labels:
-    kustomize.toolkit.fluxcd.io/prune: disabled
diff --git a/bootstrap/templates/kubernetes/apps/observability/kustomization.yaml.j2 b/bootstrap/templates/kubernetes/apps/observability/kustomization.yaml.j2
deleted file mode 100644
index b213c83e..00000000
--- a/bootstrap/templates/kubernetes/apps/observability/kustomization.yaml.j2
+++ /dev/null
@@ -1,6 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./namespace.yaml
-  - ./prometheus-operator-crds/ks.yaml
diff --git a/bootstrap/templates/kubernetes/apps/observability/namespace.yaml.j2 b/bootstrap/templates/kubernetes/apps/observability/namespace.yaml.j2
deleted file mode 100644
index ce3a5bd2..00000000
--- a/bootstrap/templates/kubernetes/apps/observability/namespace.yaml.j2
+++ /dev/null
@@ -1,7 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: observability
-  labels:
-    kustomize.toolkit.fluxcd.io/prune: disabled
diff --git a/bootstrap/templates/kubernetes/apps/observability/prometheus-operator-crds/app/helmrelease.yaml.j2 b/bootstrap/templates/kubernetes/apps/observability/prometheus-operator-crds/app/helmrelease.yaml.j2
deleted file mode 100644
index b25de05c..00000000
--- a/bootstrap/templates/kubernetes/apps/observability/prometheus-operator-crds/app/helmrelease.yaml.j2
+++ /dev/null
@@ -1,22 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: prometheus-operator-crds
-spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: prometheus-operator-crds
-      version: 13.0.1
-      sourceRef:
-        kind: HelmRepository
-        name: prometheus-community
-        namespace: flux-system
-  install:
-    remediation:
-      retries: 3
-  upgrade:
-    cleanupOnFail: true
-    remediation:
-      retries: 3
diff --git a/bootstrap/templates/kubernetes/apps/observability/prometheus-operator-crds/app/kustomization.yaml.j2 b/bootstrap/templates/kubernetes/apps/observability/prometheus-operator-crds/app/kustomization.yaml.j2
deleted file mode 100644
index 5dd7baca..00000000
--- a/bootstrap/templates/kubernetes/apps/observability/prometheus-operator-crds/app/kustomization.yaml.j2
+++ /dev/null
@@ -1,5 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./helmrelease.yaml
diff --git a/bootstrap/templates/kubernetes/apps/observability/prometheus-operator-crds/ks.yaml.j2 b/bootstrap/templates/kubernetes/apps/observability/prometheus-operator-crds/ks.yaml.j2
deleted file mode 100644
index ffbb5dcb..00000000
--- a/bootstrap/templates/kubernetes/apps/observability/prometheus-operator-crds/ks.yaml.j2
+++ /dev/null
@@ -1,20 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: &app prometheus-operator-crds
-  namespace: flux-system
-spec:
-  targetNamespace: observability
-  commonMetadata:
-    labels:
-      app.kubernetes.io/name: *app
-  path: ./kubernetes/apps/observability/prometheus-operator-crds/app
-  prune: false # never should be deleted
-  sourceRef:
-    kind: GitRepository
-    name: home-kubernetes
-  wait: false
-  interval: 30m
-  retryInterval: 1m
-  timeout: 5m
diff --git a/bootstrap/templates/kubernetes/apps/openebs-system/kustomization.yaml.j2 b/bootstrap/templates/kubernetes/apps/openebs-system/kustomization.yaml.j2
deleted file mode 100644
index 9cd8d4e4..00000000
--- a/bootstrap/templates/kubernetes/apps/openebs-system/kustomization.yaml.j2
+++ /dev/null
@@ -1,6 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./namespace.yaml
-  - ./openebs/ks.yaml
diff --git a/bootstrap/templates/kubernetes/apps/openebs-system/namespace.yaml.j2 b/bootstrap/templates/kubernetes/apps/openebs-system/namespace.yaml.j2
deleted file mode 100644
index f173c6c9..00000000
--- a/bootstrap/templates/kubernetes/apps/openebs-system/namespace.yaml.j2
+++ /dev/null
@@ -1,7 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: openebs-system
-  labels:
-    kustomize.toolkit.fluxcd.io/prune: disabled
diff --git a/bootstrap/templates/kubernetes/apps/openebs-system/openebs/app/helmrelease.yaml.j2 b/bootstrap/templates/kubernetes/apps/openebs-system/openebs/app/helmrelease.yaml.j2
deleted file mode 100644
index 00cb1449..00000000
--- a/bootstrap/templates/kubernetes/apps/openebs-system/openebs/app/helmrelease.yaml.j2
+++ /dev/null
@@ -1,48 +0,0 @@
----
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: openebs
-spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: openebs
-      version: 4.1.0
-      sourceRef:
-        kind: HelmRepository
-        name: openebs
-        namespace: flux-system
-  install:
-    remediation:
-      retries: 3
-  upgrade:
-    cleanupOnFail: true
-    remediation:
-      retries: 3
-  values:
-    engines:
-      local:
-        lvm:
-          enabled: false
-        zfs:
-          enabled: false
-      replicated:
-        mayastor:
-          enabled: false
-    openebs-crds:
-      csi:
-        volumeSnapshots:
-          enabled: false
-    localpv-provisioner:
-      localpv:
-        image:
-          registry: quay.io/
-      helperPod:
-        image:
-          registry: quay.io/
-      hostpathClass:
-        enabled: true
-        name: openebs-hostpath
-        isDefaultClass: false
-        basePath: /var/openebs/local
diff --git a/bootstrap/templates/kubernetes/apps/openebs-system/openebs/app/kustomization.yaml.j2 b/bootstrap/templates/kubernetes/apps/openebs-system/openebs/app/kustomization.yaml.j2
deleted file mode 100644
index 5dd7baca..00000000
--- a/bootstrap/templates/kubernetes/apps/openebs-system/openebs/app/kustomization.yaml.j2
+++ /dev/null
@@ -1,5 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./helmrelease.yaml
diff --git a/bootstrap/templates/kubernetes/apps/openebs-system/openebs/ks.yaml.j2 b/bootstrap/templates/kubernetes/apps/openebs-system/openebs/ks.yaml.j2
deleted file mode 100644
index 170feca9..00000000
--- a/bootstrap/templates/kubernetes/apps/openebs-system/openebs/ks.yaml.j2
+++ /dev/null
@@ -1,20 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: &app openebs
-  namespace: flux-system
-spec:
-  targetNamespace: openebs-system
-  commonMetadata:
-    labels:
-      app.kubernetes.io/name: *app
-  path: ./kubernetes/apps/openebs-system/openebs/app
-  prune: true
-  sourceRef:
-    kind: GitRepository
-    name: home-kubernetes
-  wait: false
-  interval: 30m
-  retryInterval: 1m
-  timeout: 5m
diff --git a/bootstrap/templates/kubernetes/bootstrap/flux/github-deploy-key.sops.yaml.j2 b/bootstrap/templates/kubernetes/bootstrap/flux/github-deploy-key.sops.yaml.j2
deleted file mode 100644
index 0ef1f6e8..00000000
--- a/bootstrap/templates/kubernetes/bootstrap/flux/github-deploy-key.sops.yaml.j2
+++ /dev/null
@@ -1,17 +0,0 @@
-#% if bootstrap_github_private_key %#
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: github-deploy-key
-  namespace: flux-system
-stringData:
-  identity: |
-    #% filter indent(width=4, first=False) %#
-    #{ bootstrap_github_private_key }#
-    #%- endfilter %#
-  known_hosts: |
-    github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
-    github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
-    github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
-#% endif %#
diff --git a/bootstrap/templates/kubernetes/bootstrap/flux/kustomization.yaml.j2 b/bootstrap/templates/kubernetes/bootstrap/flux/kustomization.yaml.j2
deleted file mode 100644
index 4a669d63..00000000
--- a/bootstrap/templates/kubernetes/bootstrap/flux/kustomization.yaml.j2
+++ /dev/null
@@ -1,61 +0,0 @@
-# IMPORTANT: This file is not tracked by flux and should never be. Its
-# purpose is to only install the Flux components and CRDs into your cluster.
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - github.com/fluxcd/flux2/manifests/install?ref=v2.3.0
-patches:
-  # Remove the default network policies
-  - patch: |-
-      $patch: delete
-      apiVersion: networking.k8s.io/v1
-      kind: NetworkPolicy
-      metadata:
-        name: not-used
-    target:
-      group: networking.k8s.io
-      kind: NetworkPolicy
-  # Resources renamed to match those installed by oci://ghcr.io/fluxcd/flux-manifests
-  - target:
-      kind: ResourceQuota
-      name: critical-pods
-    patch: |
-      - op: replace
-        path: /metadata/name
-        value: critical-pods-flux-system
-  - target:
-      kind: ClusterRoleBinding
-      name: cluster-reconciler
-    patch: |
-      - op: replace
-        path: /metadata/name
-        value: cluster-reconciler-flux-system
-  - target:
-      kind: ClusterRoleBinding
-      name: crd-controller
-    patch: |
-      - op: replace
-        path: /metadata/name
-        value: crd-controller-flux-system
-  - target:
-      kind: ClusterRole
-      name: crd-controller
-    patch: |
-      - op: replace
-        path: /metadata/name
-        value: crd-controller-flux-system
-  - target:
-      kind: ClusterRole
-      name: flux-edit
-    patch: |
-      - op: replace
-        path: /metadata/name
-        value: flux-edit-flux-system
-  - target:
-      kind: ClusterRole
-      name: flux-view
-    patch: |
-      - op: replace
-        path: /metadata/name
-        value: flux-view-flux-system
diff --git a/bootstrap/templates/kubernetes/bootstrap/helmfile.yaml.j2 b/bootstrap/templates/kubernetes/bootstrap/helmfile.yaml.j2
deleted file mode 100644
index 427308c9..00000000
--- a/bootstrap/templates/kubernetes/bootstrap/helmfile.yaml.j2
+++ /dev/null
@@ -1,59 +0,0 @@
----
-helmDefaults:
-  wait: true
-  waitForJobs: true
-  timeout: 600
-  recreatePods: true
-  force: true
-
-repositories:
-  - name: cilium
-    url: https://helm.cilium.io
-  - name: coredns
-    url: https://coredns.github.io/helm
-  - name: postfinance
-    url: https://postfinance.github.io/kubelet-csr-approver
-
-releases:
-  - name: prometheus-operator-crds
-    namespace: observability
-    chart: oci://ghcr.io/prometheus-community/charts/prometheus-operator-crds
-    version: 13.0.1
-  - name: cilium
-    namespace: kube-system
-    chart: cilium/cilium
-    version: 1.15.7
-    values:
-      - ../apps/kube-system/cilium/app/helm-values.yaml
-    needs:
-      - observability/prometheus-operator-crds
-  - name: coredns
-    namespace: kube-system
-    chart: coredns/coredns
-    version: 1.31.0
-    values:
-      - ../apps/kube-system/coredns/app/helm-values.yaml
-    needs:
-      - observability/prometheus-operator-crds
-      - kube-system/cilium
-  - name: kubelet-csr-approver
-    namespace: kube-system
-    chart: postfinance/kubelet-csr-approver
-    version: 1.2.2
-    values:
-      - ../apps/kube-system/kubelet-csr-approver/app/helm-values.yaml
-    needs:
-      - observability/prometheus-operator-crds
-      - kube-system/cilium
-      - kube-system/coredns
-  - name: spegel
-    namespace: kube-system
-    chart: oci://ghcr.io/spegel-org/helm-charts/spegel
-    version: v0.0.23
-    values:
-      - ../apps/kube-system/spegel/app/helm-values.yaml
-    needs:
-      - observability/prometheus-operator-crds
-      - kube-system/cilium
-      - kube-system/coredns
-      - kube-system/kubelet-csr-approver
diff --git a/bootstrap/templates/kubernetes/bootstrap/talos/patches/README.md.j2 b/bootstrap/templates/kubernetes/bootstrap/talos/patches/README.md.j2
deleted file mode 100644
index b9681888..00000000
--- a/bootstrap/templates/kubernetes/bootstrap/talos/patches/README.md.j2
+++ /dev/null
@@ -1,15 +0,0 @@
-# Talos Patching
-
-This directory contains Kustomization patches that are added to the talhelper configuration file.
-
-<https://www.talos.dev/v1.7/talos-guides/configuration/patching/>
-
-## Patch Directories
-
-Under this `patches` directory, there are several sub-directories that can contain patches that are added to the talhelper configuration file.
-Each directory is optional and therefore might not created by default.
-
-- `global/`: patches that are applied to both the controller and worker configurations
-- `controller/`: patches that are applied to the controller configurations
-- `worker/`: patches that are applied to the worker configurations
-- `${node-hostname}/`: patches that are applied to the node with the specified name
diff --git a/bootstrap/templates/kubernetes/bootstrap/talos/patches/controller/api-access.yaml.j2 b/bootstrap/templates/kubernetes/bootstrap/talos/patches/controller/api-access.yaml.j2
deleted file mode 100644
index 77232844..00000000
--- a/bootstrap/templates/kubernetes/bootstrap/talos/patches/controller/api-access.yaml.j2
+++ /dev/null
@@ -1,8 +0,0 @@
-machine:
-  features:
-    kubernetesTalosAPIAccess:
-      enabled: true
-      allowedRoles:
-        - os:admin
-      allowedKubernetesNamespaces:
-        - system-upgrade
diff --git a/bootstrap/templates/kubernetes/bootstrap/talos/patches/controller/cluster.yaml.j2 b/bootstrap/templates/kubernetes/bootstrap/talos/patches/controller/cluster.yaml.j2
deleted file mode 100644
index aa3a9f22..00000000
--- a/bootstrap/templates/kubernetes/bootstrap/talos/patches/controller/cluster.yaml.j2
+++ /dev/null
@@ -1,12 +0,0 @@
-cluster:
-  allowSchedulingOnControlPlanes: true
-  controllerManager:
-    extraArgs:
-      bind-address: 0.0.0.0
-  coreDNS:
-    disabled: true
-  proxy:
-    disabled: true
-  scheduler:
-    extraArgs:
-      bind-address: 0.0.0.0
diff --git a/bootstrap/templates/kubernetes/bootstrap/talos/patches/controller/disable-admission-controller.yaml.j2 b/bootstrap/templates/kubernetes/bootstrap/talos/patches/controller/disable-admission-controller.yaml.j2
deleted file mode 100644
index e311789f..00000000
--- a/bootstrap/templates/kubernetes/bootstrap/talos/patches/controller/disable-admission-controller.yaml.j2
+++ /dev/null
@@ -1,2 +0,0 @@
-- op: remove
-  path: /cluster/apiServer/admissionControl
diff --git a/bootstrap/templates/kubernetes/bootstrap/talos/patches/controller/etcd.yaml.j2 b/bootstrap/templates/kubernetes/bootstrap/talos/patches/controller/etcd.yaml.j2
deleted file mode 100644
index df35aa5d..00000000
--- a/bootstrap/templates/kubernetes/bootstrap/talos/patches/controller/etcd.yaml.j2
+++ /dev/null
@@ -1,6 +0,0 @@
-cluster:
-  etcd:
-    extraArgs:
-      listen-metrics-urls: http://0.0.0.0:2381
-    advertisedSubnets:
-      - #{ bootstrap_node_network }#
diff --git a/bootstrap/templates/kubernetes/bootstrap/talos/patches/global/cluster-discovery.yaml.j2 b/bootstrap/templates/kubernetes/bootstrap/talos/patches/global/cluster-discovery.yaml.j2
deleted file mode 100644
index 586a07ab..00000000
--- a/bootstrap/templates/kubernetes/bootstrap/talos/patches/global/cluster-discovery.yaml.j2
+++ /dev/null
@@ -1,7 +0,0 @@
-cluster:
-  discovery:
-    registries:
-      kubernetes:
-        disabled: false
-      service:
-        disabled: false
diff --git a/bootstrap/templates/kubernetes/bootstrap/talos/patches/global/containerd.yaml.j2 b/bootstrap/templates/kubernetes/bootstrap/talos/patches/global/containerd.yaml.j2
deleted file mode 100644
index 2952d6b4..00000000
--- a/bootstrap/templates/kubernetes/bootstrap/talos/patches/global/containerd.yaml.j2
+++ /dev/null
@@ -1,12 +0,0 @@
-machine:
-  files:
-    - op: create
-      path: /etc/cri/conf.d/20-customization.part
-      content: |-
-        [plugins."io.containerd.grpc.v1.cri"]
-          enable_unprivileged_ports = true
-          enable_unprivileged_icmp = true
-        [plugins."io.containerd.grpc.v1.cri".containerd]
-          discard_unpacked_layers = false
-        [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
-          discard_unpacked_layers = false
diff --git a/bootstrap/templates/kubernetes/bootstrap/talos/patches/global/disable-search-domain.yaml.j2 b/bootstrap/templates/kubernetes/bootstrap/talos/patches/global/disable-search-domain.yaml.j2
deleted file mode 100644
index 8ba647c4..00000000
--- a/bootstrap/templates/kubernetes/bootstrap/talos/patches/global/disable-search-domain.yaml.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-machine:
-  network:
-    disableSearchDomain: true
diff --git a/bootstrap/templates/kubernetes/bootstrap/talos/patches/global/hostdns.yaml.j2 b/bootstrap/templates/kubernetes/bootstrap/talos/patches/global/hostdns.yaml.j2
deleted file mode 100644
index 6033ccd2..00000000
--- a/bootstrap/templates/kubernetes/bootstrap/talos/patches/global/hostdns.yaml.j2
+++ /dev/null
@@ -1,6 +0,0 @@
-machine:
-  features:
-    hostDNS:
-      enabled: true
-      resolveMemberNames: true
-      forwardKubeDNSToHost: true # Requires Cilium `bpf.masquerade: false`
diff --git a/bootstrap/templates/kubernetes/bootstrap/talos/patches/global/kubelet.yaml.j2 b/bootstrap/templates/kubernetes/bootstrap/talos/patches/global/kubelet.yaml.j2
deleted file mode 100644
index ee71c280..00000000
--- a/bootstrap/templates/kubernetes/bootstrap/talos/patches/global/kubelet.yaml.j2
+++ /dev/null
@@ -1,7 +0,0 @@
-machine:
-  kubelet:
-    extraArgs:
-      rotate-server-certificates: true
-    nodeIP:
-      validSubnets:
-        - #{ bootstrap_node_network }#
diff --git a/bootstrap/templates/kubernetes/bootstrap/talos/patches/global/openebs-local.yaml.j2 b/bootstrap/templates/kubernetes/bootstrap/talos/patches/global/openebs-local.yaml.j2
deleted file mode 100644
index e4095d17..00000000
--- a/bootstrap/templates/kubernetes/bootstrap/talos/patches/global/openebs-local.yaml.j2
+++ /dev/null
@@ -1,10 +0,0 @@
-machine:
-  kubelet:
-    extraMounts:
-      - destination: /var/openebs/local
-        type: bind
-        source: /var/openebs/local
-        options:
-          - bind
-          - rshared
-          - rw
diff --git a/bootstrap/templates/kubernetes/bootstrap/talos/patches/global/sysctl.yaml.j2 b/bootstrap/templates/kubernetes/bootstrap/talos/patches/global/sysctl.yaml.j2
deleted file mode 100644
index 90361d7b..00000000
--- a/bootstrap/templates/kubernetes/bootstrap/talos/patches/global/sysctl.yaml.j2
+++ /dev/null
@@ -1,7 +0,0 @@
-machine:
-  sysctls:
-    fs.inotify.max_queued_events: "65536"
-    fs.inotify.max_user_watches: "524288"
-    fs.inotify.max_user_instances: "8192"
-    net.core.rmem_max: "2500000"
-    net.core.wmem_max: "2500000"
diff --git a/bootstrap/templates/kubernetes/bootstrap/talos/talconfig.yaml.j2 b/bootstrap/templates/kubernetes/bootstrap/talos/talconfig.yaml.j2
deleted file mode 100644
index c5774a24..00000000
--- a/bootstrap/templates/kubernetes/bootstrap/talos/talconfig.yaml.j2
+++ /dev/null
@@ -1,178 +0,0 @@
-# yaml-language-server: $schema=https://raw.githubusercontent.com/budimanjojo/talhelper/master/pkg/config/schemas/talconfig.json
----
-# renovate: datasource=docker depName=ghcr.io/siderolabs/installer
-talosVersion: v1.7.5
-# renovate: datasource=docker depName=ghcr.io/siderolabs/kubelet
-kubernetesVersion: v1.30.3
-
-clusterName: "#{ bootstrap_cluster_name | default('home-kubernetes', true) }#"
-endpoint: https://#{ bootstrap_controller_vip }#:6443
-clusterPodNets:
-  - "#{ bootstrap_pod_network.split(',')[0] }#"
-clusterSvcNets:
-  - "#{ bootstrap_service_network.split(',')[0] }#"
-additionalApiServerCertSans: &sans
-  - "#{ bootstrap_controller_vip }#"
-  - 127.0.0.1 # KubePrism
-  #% for item in bootstrap_tls_sans %#
-  - "#{ item }#"
-  #% endfor %#
-additionalMachineCertSans: *sans
-
-# Disable built-in Flannel to use Cilium
-cniConfig:
-  name: none
-
-nodes:
-  #% for item in bootstrap_node_inventory %#
-  - hostname: "#{ item.name }#"
-    ipAddress: "#{ item.address }#"
-    #% if item.disk.startswith('/') %#
-    installDisk: "#{ item.disk }#"
-    #% else %#
-    installDiskSelector:
-      serial: "#{ item.disk }#"
-    #% endif %#
-    #% if bootstrap_secureboot.enabled %#
-    machineSpec:
-      secureboot: true
-    talosImageURL: factory.talos.dev/installer-secureboot/#{ item.schematic_id | default(bootstrap_schematic_id) }#
-    #% else %#
-    talosImageURL: factory.talos.dev/installer/#{ item.schematic_id | default(bootstrap_schematic_id) }#
-    #% endif %#
-    controlPlane: #{ (item.controller) | string | lower }#
-    networkInterfaces:
-      - deviceSelector:
-          hardwareAddr: "#{ item.mac_addr | lower }#"
-        #% if bootstrap_vlan %#
-        vlans:
-          - vlanId: #{ bootstrap_vlan }#
-            addresses:
-              - "#{ item.address }#/#{ bootstrap_node_network.split('/') | last }#"
-            mtu: #{ item.mtu | default(1500) }#
-            routes:
-              - network: 0.0.0.0/0
-                #% if bootstrap_node_default_gateway %#
-                gateway: "#{ bootstrap_node_default_gateway }#"
-                #% else %#
-                gateway: "#{ bootstrap_node_network | nthhost(1) }#"
-                #% endif %#
-            #% if item.controller %#
-            vip:
-              ip: "#{ bootstrap_controller_vip }#"
-            #% endif %#
-        #% else %#
-        #% if item.address %#
-        dhcp: false
-        addresses:
-          - "#{ item.address }#/#{ bootstrap_node_network.split('/') | last }#"
-        routes:
-          - network: 0.0.0.0/0
-            #% if bootstrap_node_default_gateway %#
-            gateway: "#{ bootstrap_node_default_gateway }#"
-            #% else %#
-            gateway: "#{ bootstrap_node_network | nthhost(1) }#"
-            #% endif %#
-        #% else %#
-        dhcp: true
-        #% endif %#
-        mtu: #{ item.mtu | default(1500) }#
-        #% if item.controller %#
-        vip:
-          ip: "#{ bootstrap_controller_vip }#"
-        #% endif %#
-        #% endif %#
-    #% if item.manifests %#
-    extraManifests:
-      #% for manifest in item.manifests %#
-      - #{ manifest }#
-      #% endfor %#
-    #% endif %#
-    #% if item.extension_services %#
-    extensionServices:
-      #% for es in item.extension_services %#
-      - name: #{ es.name }#
-        configFiles:
-        #% for cf in es.configFiles %#
-          - content: |-
-              #{ cf.content | indent(14, yes) }#
-            mountPath: #{ cf.mountPath }#
-        #% endfor %#
-        #% if es.environment %#
-        environment:
-          #% for env in es.environment %#
-          - #{ env }#
-          #% endfor %#
-        #% endif %#
-      #% endfor %#
-    #% endif %#
-    #% for file in talos_patches('%s' % (item.name)) %#
-    #% if loop.index == 1 %#
-    patches:
-    #% endif %#
-      - "@./patches/#{ item.name }#/#{ file | basename }#"
-    #% endfor %#
-  #% endfor %#
-
-# Global patches
-patches:
-  #% if bootstrap_dns_servers | length %#
-  - # Force nameserver
-    |-
-    machine:
-      network:
-        nameservers:
-          #% for item in bootstrap_dns_servers %#
-          - #{ item }#
-          #% endfor %#
-  #% endif %#
-  #% if bootstrap_ntp_servers | length %#
-  - # Configure NTP
-    |-
-    machine:
-      time:
-        disabled: false
-        servers:
-          #% for item in bootstrap_ntp_servers %#
-          - #{ item }#
-          #% endfor %#
-  #% endif %#
-  #% if bootstrap_secureboot.enabled and bootstrap_secureboot.encrypt_disk_with_tpm %#
-  - # Encrypt system disk with TPM
-    |-
-    machine:
-      systemDiskEncryption:
-        ephemeral:
-          provider: luks2
-          keys:
-            - slot: 0
-              tpm: {}
-        state:
-          provider: luks2
-          keys:
-            - slot: 0
-              tpm: {}
-  #% endif %#
-  #% for file in talos_patches('global') %#
-  - "@./patches/global/#{ file | basename }#"
-  #% endfor %#
-
-#% for file in talos_patches('controller') %#
-#% if loop.index == 1 %#
-# Controller patches
-controlPlane:
-  patches:
-#% endif %#
-    - "@./patches/controller/#{ file | basename }#"
-#% endfor %#
-
-#% if (bootstrap_node_inventory | selectattr('controller', 'equalto', False) | list | length) and (talos_patches('worker') | length) %#
-#% for file in talos_patches('worker') %#
-#% if loop.index == 1 %#
-# Worker patches
-worker:
-  patches:
-#% endif %#
-    - "@./patches/worker/#{ file | basename }#"
-#% endfor %#
-#% endif %#
diff --git a/bootstrap/templates/kubernetes/flux/apps.yaml.j2 b/bootstrap/templates/kubernetes/flux/apps.yaml.j2
deleted file mode 100644
index c4ebba99..00000000
--- a/bootstrap/templates/kubernetes/flux/apps.yaml.j2
+++ /dev/null
@@ -1,56 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: cluster-apps
-  namespace: flux-system
-spec:
-  interval: 30m
-  path: ./kubernetes/apps
-  prune: true
-  sourceRef:
-    kind: GitRepository
-    name: home-kubernetes
-  decryption:
-    provider: sops
-    secretRef:
-      name: sops-age
-  postBuild:
-    substituteFrom:
-      - kind: ConfigMap
-        name: cluster-settings
-      - kind: Secret
-        name: cluster-secrets
-      - kind: ConfigMap
-        name: cluster-user-settings
-        optional: true
-      - kind: Secret
-        name: cluster-user-secrets
-        optional: true
-  patches:
-    - patch: |-
-        apiVersion: kustomize.toolkit.fluxcd.io/v1
-        kind: Kustomization
-        metadata:
-          name: not-used
-        spec:
-          decryption:
-            provider: sops
-            secretRef:
-              name: sops-age
-          postBuild:
-            substituteFrom:
-              - kind: ConfigMap
-                name: cluster-settings
-              - kind: Secret
-                name: cluster-secrets
-              - kind: ConfigMap
-                name: cluster-user-settings
-                optional: true
-              - kind: Secret
-                name: cluster-user-secrets
-                optional: true
-      target:
-        group: kustomize.toolkit.fluxcd.io
-        kind: Kustomization
-        labelSelector: substitution.flux.home.arpa/disabled notin (true)
diff --git a/bootstrap/templates/kubernetes/flux/config/cluster.yaml.j2 b/bootstrap/templates/kubernetes/flux/config/cluster.yaml.j2
deleted file mode 100644
index bae21e83..00000000
--- a/bootstrap/templates/kubernetes/flux/config/cluster.yaml.j2
+++ /dev/null
@@ -1,44 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: GitRepository
-metadata:
-  name: home-kubernetes
-  namespace: flux-system
-spec:
-  interval: 30m
-  url: "#{ bootstrap_github_address }#"
-  #% if bootstrap_github_private_key %#
-  secretRef:
-    name: github-deploy-key
-  #% endif %#
-  ref:
-    branch: "#{ bootstrap_github_branch|default('main', true) }#"
-  ignore: |
-    # exclude all
-    /*
-    # include kubernetes directory
-    !/kubernetes
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: cluster
-  namespace: flux-system
-spec:
-  interval: 30m
-  path: ./kubernetes/flux
-  prune: true
-  wait: false
-  sourceRef:
-    kind: GitRepository
-    name: home-kubernetes
-  decryption:
-    provider: sops
-    secretRef:
-      name: sops-age
-  postBuild:
-    substituteFrom:
-      - kind: ConfigMap
-        name: cluster-settings
-      - kind: Secret
-        name: cluster-secrets
diff --git a/bootstrap/templates/kubernetes/flux/config/flux.yaml.j2 b/bootstrap/templates/kubernetes/flux/config/flux.yaml.j2
deleted file mode 100644
index 4f9bb975..00000000
--- a/bootstrap/templates/kubernetes/flux/config/flux.yaml.j2
+++ /dev/null
@@ -1,86 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1beta2
-kind: OCIRepository
-metadata:
-  name: flux-manifests
-  namespace: flux-system
-spec:
-  interval: 10m
-  url: oci://ghcr.io/fluxcd/flux-manifests
-  ref:
-    tag: v2.3.0
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: flux
-  namespace: flux-system
-spec:
-  interval: 10m
-  path: ./
-  prune: true
-  wait: true
-  sourceRef:
-    kind: OCIRepository
-    name: flux-manifests
-  patches:
-    # Remove the network policies
-    - patch: |
-        $patch: delete
-        apiVersion: networking.k8s.io/v1
-        kind: NetworkPolicy
-        metadata:
-          name: not-used
-      target:
-        group: networking.k8s.io
-        kind: NetworkPolicy
-    # Increase the number of reconciliations that can be performed in parallel and bump the resources limits
-    # https://fluxcd.io/flux/cheatsheets/bootstrap/#increase-the-number-of-workers
-    - patch: |
-        - op: add
-          path: /spec/template/spec/containers/0/args/-
-          value: --concurrent=8
-        - op: add
-          path: /spec/template/spec/containers/0/args/-
-          value: --kube-api-qps=500
-        - op: add
-          path: /spec/template/spec/containers/0/args/-
-          value: --kube-api-burst=1000
-        - op: add
-          path: /spec/template/spec/containers/0/args/-
-          value: --requeue-dependency=5s
-      target:
-        kind: Deployment
-        name: (kustomize-controller|helm-controller|source-controller)
-    - patch: |
-        apiVersion: apps/v1
-        kind: Deployment
-        metadata:
-          name: not-used
-        spec:
-          template:
-            spec:
-              containers:
-                - name: manager
-                  resources:
-                    limits:
-                      cpu: 2000m
-                      memory: 2Gi
-      target:
-        kind: Deployment
-        name: (kustomize-controller|helm-controller|source-controller)
-    # Enable Helm near OOM detection
-    # https://fluxcd.io/flux/cheatsheets/bootstrap/#enable-helm-near-oom-detection
-    - patch: |
-        - op: add
-          path: /spec/template/spec/containers/0/args/-
-          value: --feature-gates=OOMWatch=true
-        - op: add
-          path: /spec/template/spec/containers/0/args/-
-          value: --oom-watch-memory-threshold=95
-        - op: add
-          path: /spec/template/spec/containers/0/args/-
-          value: --oom-watch-interval=500ms
-      target:
-        kind: Deployment
-        name: helm-controller
diff --git a/bootstrap/templates/kubernetes/flux/config/kustomization.yaml.j2 b/bootstrap/templates/kubernetes/flux/config/kustomization.yaml.j2
deleted file mode 100644
index ef231746..00000000
--- a/bootstrap/templates/kubernetes/flux/config/kustomization.yaml.j2
+++ /dev/null
@@ -1,6 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./flux.yaml
-  - ./cluster.yaml
diff --git a/bootstrap/templates/kubernetes/flux/repositories/git/kustomization.yaml.j2 b/bootstrap/templates/kubernetes/flux/repositories/git/kustomization.yaml.j2
deleted file mode 100644
index fe0f332a..00000000
--- a/bootstrap/templates/kubernetes/flux/repositories/git/kustomization.yaml.j2
+++ /dev/null
@@ -1,4 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources: []
diff --git a/bootstrap/templates/kubernetes/flux/repositories/helm/bjw-s.yaml.j2 b/bootstrap/templates/kubernetes/flux/repositories/helm/bjw-s.yaml.j2
deleted file mode 100644
index a40b5d77..00000000
--- a/bootstrap/templates/kubernetes/flux/repositories/helm/bjw-s.yaml.j2
+++ /dev/null
@@ -1,10 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: bjw-s
-  namespace: flux-system
-spec:
-  type: oci
-  interval: 5m
-  url: oci://ghcr.io/bjw-s/helm
diff --git a/bootstrap/templates/kubernetes/flux/repositories/helm/cilium.yaml.j2 b/bootstrap/templates/kubernetes/flux/repositories/helm/cilium.yaml.j2
deleted file mode 100644
index 3aee3678..00000000
--- a/bootstrap/templates/kubernetes/flux/repositories/helm/cilium.yaml.j2
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: cilium
-  namespace: flux-system
-spec:
-  interval: 1h
-  url: https://helm.cilium.io
diff --git a/bootstrap/templates/kubernetes/flux/repositories/helm/coredns.yaml.j2 b/bootstrap/templates/kubernetes/flux/repositories/helm/coredns.yaml.j2
deleted file mode 100644
index 3bdbbafb..00000000
--- a/bootstrap/templates/kubernetes/flux/repositories/helm/coredns.yaml.j2
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: coredns
-  namespace: flux-system
-spec:
-  interval: 1h
-  url: https://coredns.github.io/helm
diff --git a/bootstrap/templates/kubernetes/flux/repositories/helm/external-dns.yaml.j2 b/bootstrap/templates/kubernetes/flux/repositories/helm/external-dns.yaml.j2
deleted file mode 100644
index b5b66a36..00000000
--- a/bootstrap/templates/kubernetes/flux/repositories/helm/external-dns.yaml.j2
+++ /dev/null
@@ -1,11 +0,0 @@
-#% if bootstrap_cloudflare.enabled %#
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: external-dns
-  namespace: flux-system
-spec:
-  interval: 1h
-  url: https://kubernetes-sigs.github.io/external-dns
-#% endif %#
diff --git a/bootstrap/templates/kubernetes/flux/repositories/helm/ingress-nginx.yaml.j2 b/bootstrap/templates/kubernetes/flux/repositories/helm/ingress-nginx.yaml.j2
deleted file mode 100644
index db1ddad3..00000000
--- a/bootstrap/templates/kubernetes/flux/repositories/helm/ingress-nginx.yaml.j2
+++ /dev/null
@@ -1,11 +0,0 @@
-#% if bootstrap_cloudflare.enabled %#
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: ingress-nginx
-  namespace: flux-system
-spec:
-  interval: 1h
-  url: https://kubernetes.github.io/ingress-nginx
-#% endif %#
diff --git a/bootstrap/templates/kubernetes/flux/repositories/helm/jetstack.yaml.j2 b/bootstrap/templates/kubernetes/flux/repositories/helm/jetstack.yaml.j2
deleted file mode 100644
index 737e06af..00000000
--- a/bootstrap/templates/kubernetes/flux/repositories/helm/jetstack.yaml.j2
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: jetstack
-  namespace: flux-system
-spec:
-  interval: 1h
-  url: https://charts.jetstack.io
diff --git a/bootstrap/templates/kubernetes/flux/repositories/helm/k8s-gateway.yaml.j2 b/bootstrap/templates/kubernetes/flux/repositories/helm/k8s-gateway.yaml.j2
deleted file mode 100644
index abfa8c14..00000000
--- a/bootstrap/templates/kubernetes/flux/repositories/helm/k8s-gateway.yaml.j2
+++ /dev/null
@@ -1,11 +0,0 @@
-#% if bootstrap_cloudflare.enabled %#
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: k8s-gateway
-  namespace: flux-system
-spec:
-  interval: 1h
-  url: https://ori-edge.github.io/k8s_gateway
-#% endif %#
diff --git a/bootstrap/templates/kubernetes/flux/repositories/helm/kustomization.yaml.j2 b/bootstrap/templates/kubernetes/flux/repositories/helm/kustomization.yaml.j2
deleted file mode 100644
index 71a5903c..00000000
--- a/bootstrap/templates/kubernetes/flux/repositories/helm/kustomization.yaml.j2
+++ /dev/null
@@ -1,19 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./bjw-s.yaml
-  - ./cilium.yaml
-  - ./coredns.yaml
-  - ./jetstack.yaml
-  - ./metrics-server.yaml
-  - ./openebs.yaml
-  - ./postfinance.yaml
-  - ./prometheus-community.yaml
-  - ./spegel.yaml
-  - ./stakater.yaml
-  #% if bootstrap_cloudflare.enabled %#
-  - ./external-dns.yaml
-  - ./ingress-nginx.yaml
-  - ./k8s-gateway.yaml
-  #% endif %#
diff --git a/bootstrap/templates/kubernetes/flux/repositories/helm/metrics-server.yaml.j2 b/bootstrap/templates/kubernetes/flux/repositories/helm/metrics-server.yaml.j2
deleted file mode 100644
index 27a44828..00000000
--- a/bootstrap/templates/kubernetes/flux/repositories/helm/metrics-server.yaml.j2
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: metrics-server
-  namespace: flux-system
-spec:
-  interval: 1h
-  url: https://kubernetes-sigs.github.io/metrics-server
diff --git a/bootstrap/templates/kubernetes/flux/repositories/helm/openebs.yaml.j2 b/bootstrap/templates/kubernetes/flux/repositories/helm/openebs.yaml.j2
deleted file mode 100644
index 4f48013e..00000000
--- a/bootstrap/templates/kubernetes/flux/repositories/helm/openebs.yaml.j2
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: openebs
-  namespace: flux-system
-spec:
-  interval: 1h
-  url: https://openebs.github.io/openebs
diff --git a/bootstrap/templates/kubernetes/flux/repositories/helm/postfinance.yaml.j2 b/bootstrap/templates/kubernetes/flux/repositories/helm/postfinance.yaml.j2
deleted file mode 100644
index b14a64d8..00000000
--- a/bootstrap/templates/kubernetes/flux/repositories/helm/postfinance.yaml.j2
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: postfinance
-  namespace: flux-system
-spec:
-  interval: 1h
-  url: https://postfinance.github.io/kubelet-csr-approver
diff --git a/bootstrap/templates/kubernetes/flux/repositories/helm/prometheus-community.yaml.j2 b/bootstrap/templates/kubernetes/flux/repositories/helm/prometheus-community.yaml.j2
deleted file mode 100644
index 318a1a51..00000000
--- a/bootstrap/templates/kubernetes/flux/repositories/helm/prometheus-community.yaml.j2
+++ /dev/null
@@ -1,10 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: prometheus-community
-  namespace: flux-system
-spec:
-  type: oci
-  interval: 5m
-  url: oci://ghcr.io/prometheus-community/charts
diff --git a/bootstrap/templates/kubernetes/flux/repositories/helm/spegel.yaml.j2 b/bootstrap/templates/kubernetes/flux/repositories/helm/spegel.yaml.j2
deleted file mode 100644
index d9a8b2cd..00000000
--- a/bootstrap/templates/kubernetes/flux/repositories/helm/spegel.yaml.j2
+++ /dev/null
@@ -1,10 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: spegel
-  namespace: flux-system
-spec:
-  type: oci
-  interval: 5m
-  url: oci://ghcr.io/spegel-org/helm-charts
diff --git a/bootstrap/templates/kubernetes/flux/repositories/helm/stakater.yaml.j2 b/bootstrap/templates/kubernetes/flux/repositories/helm/stakater.yaml.j2
deleted file mode 100644
index c727f37f..00000000
--- a/bootstrap/templates/kubernetes/flux/repositories/helm/stakater.yaml.j2
+++ /dev/null
@@ -1,10 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: stakater
-  namespace: flux-system
-spec:
-  type: oci
-  interval: 5m
-  url: oci://ghcr.io/stakater/charts
diff --git a/bootstrap/templates/kubernetes/flux/repositories/kustomization.yaml.j2 b/bootstrap/templates/kubernetes/flux/repositories/kustomization.yaml.j2
deleted file mode 100644
index d158d426..00000000
--- a/bootstrap/templates/kubernetes/flux/repositories/kustomization.yaml.j2
+++ /dev/null
@@ -1,7 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./git
-  - ./helm
-  - ./oci
diff --git a/bootstrap/templates/kubernetes/flux/repositories/oci/kustomization.yaml.j2 b/bootstrap/templates/kubernetes/flux/repositories/oci/kustomization.yaml.j2
deleted file mode 100644
index fe0f332a..00000000
--- a/bootstrap/templates/kubernetes/flux/repositories/oci/kustomization.yaml.j2
+++ /dev/null
@@ -1,4 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources: []
diff --git a/bootstrap/templates/kubernetes/flux/vars/cluster-secrets.sops.yaml.j2 b/bootstrap/templates/kubernetes/flux/vars/cluster-secrets.sops.yaml.j2
deleted file mode 100644
index 549fad34..00000000
--- a/bootstrap/templates/kubernetes/flux/vars/cluster-secrets.sops.yaml.j2
+++ /dev/null
@@ -1,14 +0,0 @@
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: cluster-secrets
-  namespace: flux-system
-stringData:
-  #% if bootstrap_cloudflare.enabled %#
-  SECRET_DOMAIN: "#{ bootstrap_cloudflare.domain }#"
-  SECRET_ACME_EMAIL: "#{ bootstrap_cloudflare.acme.email }#"
-  SECRET_CLOUDFLARE_TUNNEL_ID: "#{ bootstrap_cloudflare.tunnel.id }#"
-  #% else %#
-  SECRET_EXAMPLE: Global secrets for your cluster go in this file, this file is encrypted with sops
-  #% endif %#
diff --git a/bootstrap/templates/kubernetes/flux/vars/cluster-settings.yaml.j2 b/bootstrap/templates/kubernetes/flux/vars/cluster-settings.yaml.j2
deleted file mode 100644
index b64f194e..00000000
--- a/bootstrap/templates/kubernetes/flux/vars/cluster-settings.yaml.j2
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: cluster-settings
-  namespace: flux-system
-data:
-  SETTING_EXAMPLE: Global settings for your cluster go in this file, this file is NOT encrypted
diff --git a/bootstrap/templates/kubernetes/flux/vars/kustomization.yaml.j2 b/bootstrap/templates/kubernetes/flux/vars/kustomization.yaml.j2
deleted file mode 100644
index 8db2fe91..00000000
--- a/bootstrap/templates/kubernetes/flux/vars/kustomization.yaml.j2
+++ /dev/null
@@ -1,5 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./cluster-settings.yaml
-  - ./cluster-secrets.sops.yaml
diff --git a/config.sample.yaml b/config.sample.yaml
deleted file mode 100644
index 94171738..00000000
--- a/config.sample.yaml
+++ /dev/null
@@ -1,212 +0,0 @@
----
-
-#
-# 1. (Required) Cluster details - Cluster represents the Kubernetes cluster layer and any additional customizations
-#
-
-# (Optional) Cluster name; affects Cilium and Talos
-#   Default is "home-kubernetes"
-bootstrap_cluster_name: ""
-
-# (Required) Generated schematic id from https://factory.talos.dev/
-bootstrap_schematic_id: ""
-
-# (Required) The CIDR your nodes are on (e.g. 192.168.1.0/24)
-bootstrap_node_network: ""
-
-# (Required) Use only 1, 3 or more ODD number of controller nodes, recommended is 3
-#   Worker nodes are optional
-bootstrap_node_inventory: []
-    # - name: ""            # (Required) Name of the node (must match [a-z0-9-\]+)
-    #   address: ""         # (Optional) IP address of the node (Remove if node has a static DHCP reservation)
-    #   controller: true    # (Required) Set to true if this is a controller node
-    #   disk: ""            # (Required) Device path or serial number of the disk for this node (talosctl disks -n <ip> --insecure)
-    #   mac_addr: ""        # (Required) MAC address of the NIC for this node (talosctl get links -n <ip> --insecure)
-    #   schematic_id: ""    # (Optional) Override the 'bootstrap_schematic_id' with a node specific schematic ID from https://factory.talos.dev/
-    #   mtu: ""             # (Optional) MTU for the NIC, default is 1500
-    #   manifests:          # (Optional) Additional manifests to include after MachineConfig
-    #     - extra.yaml      #            See: https://www.talos.dev/v1.7/reference/configuration/extensions/extensionserviceconfig/
-    #   extension_services: # (Optional) Additional talhelper ExtensionServices (supports talenv.sops.yaml envsubst)
-    #     - name: name
-    #       configFiles:
-    #         - content: |-
-    #             ...
-    #       mountPath: ...
-    #       environment:
-    #         - key=value
-    # ...
-
-# (Optional) The DNS servers to use for the cluster nodes.
-#   Default is pulled from your DHCP server.
-# If using a local DNS server make sure it meets the following requirements:
-#   1. your nodes can reach it
-#   2. it is configured to forward requests to a public DNS server
-#   3. you are not force redirecting DNS requests to it - this will break cert generation over DNS01
-# If using multiple DNS servers make sure they are setup the same way, there is no
-#   guarantee that the first DNS server will always be used for every lookup.
-bootstrap_dns_servers: []
-
-# (Optional) The NTP servers to use for the cluster nodes.
-#   Default is pulled from your DHCP server.
-bootstrap_ntp_servers: []
-
-# (Required) The pod CIDR for the cluster, this must NOT overlap with any
-#   existing networks and is usually a /16 (64K IPs).
-# If you want to use IPv6 check the advanced flags below and be aware of
-# https://github.com/onedr0p/cluster-template/issues/1148
-bootstrap_pod_network: "10.69.0.0/16"
-
-# (Required) The service CIDR for the cluster, this must NOT overlap with any
-#   existing networks and is usually a /16 (64K IPs).
-# If you want to use IPv6 check the advanced flags below and be aware of
-# https://github.com/onedr0p/cluster-template/issues/1148
-bootstrap_service_network: "10.96.0.0/16"
-
-# (Required) The IP address of the Kube API, choose an available IP in
-#   your nodes host network that is NOT being used. This is announced over L2.
-bootstrap_controller_vip: ""
-
-# (Optional) Add additional SANs to the Kube API cert, this is useful
-#   if you want to call the Kube API by hostname rather than IP
-bootstrap_tls_sans: []
-
-# (Optional) The default gateway for the nodes
-#   Default is .1 which is derrived from bootstrap_node_network (e.g. 192.168.1.1)
-bootstrap_node_default_gateway: ""
-
-# (Optional) Add vlan tag to network master device, this is not needed if you tag ports on your switch with the VLAN
-#   See: https://www.talos.dev/latest/advanced/advanced-networking/#vlans
-bootstrap_vlan: ""
-
-# (Required) Age Public Key (e.g. age1...)
-# 1. Generate a new key with the following command:
-#    > task sops:age-keygen
-# 2. Copy the PUBLIC key and paste it below
-bootstrap_sops_age_pubkey: ""
-
-# (Optional) Use cilium BGP control plane when L2 announcements won't traverse VLAN network segments.
-#   Needs a BGP capable router setup with the node IPs as peers.
-#   See: https://docs.cilium.io/en/latest/network/bgp-control-plane/
-bootstrap_bgp:
-  enabled: false
-  # (Optional) If using multiple BGP peers add them here.
-  #   Default is .1 derrived from host_network: ['x.x.x.1']
-  peers: []
-  # (Required) Set the BGP Autonomous System Number for the router(s) and nodes.
-  #   If these match, iBGP will be used. If not, eBGP will be used.
-  peer_asn: ""   # Router(s) AS
-  local_asn: ""  # Node(s) AS
-  peer_port: 179 # BGP Port - default is TCP port 179
-  # (Required) The advertised CIDR for the cluster, this must NOT overlap with any
-  #   existing networks and is usually a /16 (64K IPs).
-  # If you want to use IPv6 check the advanced flags below
-  advertised_network: ""
-
-# (Optional) Secureboot and TPM-based disk encryption
-bootstrap_secureboot:
-  # (Optional) Enable secureboot on UEFI systems. Not supported on x86 platforms in BIOS mode.
-  #   See: https://www.talos.dev/latest/talos-guides/install/bare-metal-platforms/secureboot
-  enabled: false
-  # (Optional) Enable TPM-based disk encryption. Requires TPM 2.0
-  #   See: https://www.talos.dev/v1.6/talos-guides/install/bare-metal-platforms/secureboot/#disk-encryption-with-tpm
-  encrypt_disk_with_tpm: false
-
-#
-# 2. (Required) Flux details - Flux is used to manage the cluster configuration.
-#
-
-# (Required) GitHub repository URL
-#   For a public repo use the 'https://' URL (e.g. "https://github.com/onedr0p/cluster-template.git")
-#   For a private repo use the 'ssh://' URL (e.g. "ssh://git@github.com/onedr0p/cluster-template.git")
-#     If using a private repo make sure to following the instructions with the 'bootstrap_github_private_key' option below.
-bootstrap_github_address: ""
-
-# (Required) GitHub repository branch
-bootstrap_github_branch: "main"
-
-# (Required) Token for GitHub push-based sync
-# 1. Generate a new token with the following command:
-#    > openssl rand -hex 16
-# 2. Copy the token and paste it below
-bootstrap_github_webhook_token: ""
-
-# (Optional) Private key for Flux to access the GitHub repository
-#   1. Generate a new key with the following command:
-#      > ssh-keygen -t ecdsa -b 521 -C "github-deploy-key" -f github-deploy.key -q -P ""
-#   2. Make sure to paste public key from "github-deploy.key.pub" into
-#      the deploy keys section of your GitHub repository settings.
-#   3. Uncomment and paste the private key below
-#   4. Optionally set your repository on GitHub to private
-# bootstrap_github_private_key: |
-#   -----BEGIN OPENSSH PRIVATE KEY-----
-#   ...
-#   -----END OPENSSH PRIVATE KEY-----
-
-#
-# 3. (Optional) Cloudflare details - Cloudflare is used for DNS, TLS certificates and tunneling.
-#
-
-bootstrap_cloudflare:
-  # (Required) Disable to manually setup and use a different DNS provider - setting this
-  #   to false will not deploy a network namespace or the workloads contained within.
-  enabled: true
-  # (Required) Cloudflare Domain
-  domain: ""
-  # (Required) Cloudflare API Token (NOT API Key)
-  #   1. Head over to Cloudflare and create a API Token by going to
-  #      https://dash.cloudflare.com/profile/api-tokens
-  #   2. Under the `API Tokens` section click the blue `Create Token` button.
-  #   3. Click the blue `Use template` button for the `Edit zone DNS` template.
-  #   4. Name your token something like `home-kubernetes`
-  #   5. Under `Permissions`, click `+ Add More` and add each permission below:
-  #      `Zone - DNS - Edit`
-  #      `Account - Cloudflare Tunnel - Read`
-  #   6. Limit the permissions to a specific account and zone resources.
-  #   7. Click the blue `Continue to Summary` button and then the blue `Create Token` button.
-  #   8. Copy the token and paste it below.
-  token: ""
-  # (Required) Optionals for Cloudflare Acme
-  acme:
-    # (Required) Any email you want to be associated with the ACME account (used for TLS certs via letsencrypt.org)
-    email: ""
-    # (Required) Use the ACME production server when requesting the wildcard certificate.
-    #   By default the ACME staging server is used. This is to prevent being rate-limited.
-    #   Update this option to `true` when you have verified the staging certificate
-    #   works and then re-run `task configure` and push your changes to Github.
-    production: false
-  # (Required) Provide LAN access to the cluster ingresses for internal ingress classes
-  # The Load balancer IP for internal ingress, choose an available IP
-  #   in your nodes host network that is NOT being used. This is announced over L2.
-  ingress_vip: ""
-  # (Required) Gateway is used for providing DNS to your cluster on LAN
-  # The Load balancer IP for k8s_gateway, choose an available IP
-  #   in your nodes host network that is NOT being used. This is announced over L2.
-  gateway_vip: ""
-  # (Required) Options for Cloudflare Tunnel
-  # There's two methods to create a tunnel, via the CLI or the Cloudflare dashboard.
-  #   1. Authenticate cloudflared to your domain with the following command:
-  #     > cloudflared tunnel login
-  #   2. Create the tunnel with the following command:
-  #     > cloudflared tunnel create k8s
-  tunnel:
-    # (Required) Get the Cloudflared Tunnel ID with the following command:
-    #   > jq -r .TunnelID ~/.cloudflared/*.json
-    id: ""
-    # (Required) Get the Cloudflare Account ID with the following command:
-    #   > jq -r .AccountTag ~/.cloudflared/*.json
-    account_id: ""
-    # (Required) Get the Cloudflared Tunnel Secret with the following command:
-    #   > jq -r .TunnelSecret ~/.cloudflared/*.json
-    secret: ""
-    # (Required) Provide WAN access to the cluster ingresses for external ingress classes
-    # The Load balancer IP for external ingress, choose an available IP
-    #   in your nodes host network that is NOT being used. This is announced over L2.
-    ingress_vip: ""
-
-# (Optional) Feature gates are used to enable experimental features
-# bootstrap_feature_gates:
-#   # Enable Dual Stack IPv4 first
-#   # IMPORTANT: I am looking for people to help maintain IPv6 support since I cannot test it.
-#   #   Ref: https://github.com/onedr0p/cluster-template/issues/1148
-#   # Keep in mind that Cilium does not currently support IPv6 L2 announcements.
-#   dual_stack_ipv4_first: false
diff --git a/makejinja.toml b/makejinja.toml
deleted file mode 100644
index 52845a37..00000000
--- a/makejinja.toml
+++ /dev/null
@@ -1,18 +0,0 @@
-[makejinja]
-inputs = ["./bootstrap/overrides","./bootstrap/templates"]
-output = "./"
-exclude_patterns = [".mjfilter.py", "*.partial.yaml.j2"]
-data = ["./config.yaml"]
-import_paths = ["./bootstrap/scripts"]
-loaders = ["plugin:Plugin"]
-jinja_suffix = ".j2"
-force = true
-undefined = "chainable"
-
-[makejinja.delimiter]
-block_start = "#%"
-block_end = "%#"
-comment_start = "#|"
-comment_end = "#|"
-variable_start = "#{"
-variable_end = "}#"