diff --git a/.woodpecker.yml b/.woodpecker.yml
index 3189887..fb34ac6 100644
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@@ -20,7 +20,7 @@ steps:
       - hugo -s ./src
 
   - name: Build and push the docker image
-    image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:latest
+    image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:9665015b44590b7ce2139f7acbad23af6628fff3
     privileged: true
     depends_on:
       - Test a build
@@ -44,7 +44,7 @@ steps:
           privileged: true
 
   - name: Sync pictures from lfs to Minio
-    image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:latest
+    image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:9665015b44590b7ce2139f7acbad23af6628fff3
     depends_on:
       - Test a build
     secrets:
@@ -56,7 +56,7 @@ steps:
       - ./scripts/upload-media.pl
 
   - name: Deploy the application
-    image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:latest
+    image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:9665015b44590b7ce2139f7acbad23af6628fff3
     depends_on:
       - Build and push the docker image
       - Sync pictures from lfs to Minio
@@ -66,12 +66,12 @@ steps:
       - argo_github_oauth_key
       - argo_google_oauth_key
     environment:
-      ARGOCD_SERVER: https://argo.badhouseplants.net:443
+      ARGOCD_SERVER: argo.badhouseplants.net:443
     commands:
       - ./scripts/deploy-app.pl
 
   - name: Cleanup everything
-    image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:latest
+    image: git.badhouseplants.net/badhouseplants/badhouseplants-builder:9665015b44590b7ce2139f7acbad23af6628fff3
     depends_on:
       - Deploy the application
     secrets:
diff --git a/kube/application.yaml b/kube/application.yaml
index cc41ea1..6441ed5 100644
--- a/kube/application.yaml
+++ b/kube/application.yaml
@@ -6,10 +6,10 @@ metadata:
     branch: $ARGO_APP_BRANCH
     commit_sha: $ARGO_APP_IMAGE_TAG
   name: badhouseplants-$ARGO_APP_BRANCH
-  namespace: platform
+  namespace: argo-system
 spec:
   destination:
-    namespace: $ARGO_APP_NAMESPACE
+    namespace: badhouseplants-$ARGO_APP_NAMESPACE
     server: https://kubernetes.default.svc
   project: badhouseplants
   source:
diff --git a/kube/project.yaml b/kube/project.yaml
index f302767..fcb23c4 100644
--- a/kube/project.yaml
+++ b/kube/project.yaml
@@ -2,7 +2,7 @@ apiVersion: argoproj.io/v1alpha1
 kind: AppProject
 metadata:
   name: badhouseplants
-  namespace: platform
+  namespace: argo-system
   finalizers:
     - resources-finalizer.argocd.argoproj.io
 spec:
@@ -11,13 +11,15 @@ spec:
   - '*'
 
   destinations:
-  - namespace: development
-    server: https://kubernetes.default.svc
-    name: in-cluster
-  - namespace: production
+  - namespace: badhouseplants-*
     server: https://kubernetes.default.svc
     name: in-cluster
 
+  # Deny all cluster-scoped resources from being created, except for Namespace
+  clusterResourceWhitelist:
+  - group: ''
+    kind: Namespace
+
   # Allow all namespaced-scoped resources to be created, except for ResourceQuota, LimitRange, NetworkPolicy
   namespaceResourceBlacklist:
   - group: ''
@@ -29,4 +31,4 @@ spec:
 
   # Enables namespace orphaned resource monitoring.
   orphanedResources:
-    warn: false
+    warn: false
\ No newline at end of file
diff --git a/scripts/deploy-app.pl b/scripts/deploy-app.pl
index 7e53405..4a6602b 100755
--- a/scripts/deploy-app.pl
+++ b/scripts/deploy-app.pl
@@ -18,9 +18,9 @@ chomp($remark_secret);
 $ENV{'ARGO_APP_CHART_VERSION'} = $chart_version;
 $ENV{'ARGO_APP_BRANCH'} = $git_branch;
 if ($git_branch eq $main_branch) {
-	$ENV{'ARGO_APP_NAMESPACE'} = "production";
+	$ENV{'ARGO_APP_NAMESPACE'} = $git_branch;
 } else {
-	$ENV{'ARGO_APP_NAMESPACE'} = "development"
+	$ENV{'ARGO_APP_NAMESPACE'} = "preview"
 }
 $ENV{'ARGO_APP_HOSTNAME'} = "$git_branch-dev.badhouseplants.net";
 $ENV{'ARGO_APP_IMAGE_TAG'} = $git_commit_sha;
@@ -72,3 +72,4 @@ foreach my $app (@all_applications) {
 		}
 	}
 }
+