diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..aa15c7a
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+src/.faircamp_build/
+src/.faircamp_cache/
diff --git a/.woodpecker.yaml b/.woodpecker.yaml
new file mode 100644
index 0000000..83ebc06
--- /dev/null
+++ b/.woodpecker.yaml
@@ -0,0 +1,26 @@
+---
+when:
+  event:
+    - push
+
+steps:
+  - name: Build and push a container image
+    image: gitea.badhouseplants.net/badhouseplants/container-builder:latest
+    environment:
+      BUILDAH_REG: gitea.badhouseplants.net/badhouseplants/faircamp-site
+      REGISTRY_TOKEN:
+        from_secret: GITEA_REGISTRY_TOKEN
+      REGISTRY_USER: devops-bot
+    privileged: true
+    commands:
+      - build-container
+    backend_options:
+      kubernetes:
+        resources:
+          requests:
+            memory: 700Mi
+            cpu: 1000m
+          limits:
+            cpu: 1000m
+        securityContext:
+          privileged: true
diff --git a/Containerfile b/Containerfile
index f4134e4..10248fa 100644
--- a/Containerfile
+++ b/Containerfile
@@ -1,3 +1,2 @@
 FROM n3wjack/faircamp
-
 COPY ./src/ /data
diff --git a/helm/.helmignore b/helm/.helmignore
new file mode 100644
index 0000000..0e8a0eb
--- /dev/null
+++ b/helm/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/helm/Chart.yaml b/helm/Chart.yaml
new file mode 100644
index 0000000..bfa6090
--- /dev/null
+++ b/helm/Chart.yaml
@@ -0,0 +1,17 @@
+apiVersion: v2
+name: faircamp-site
+description: Badhouseplants faircamp
+type: application
+version: 0.1.0
+appVersion: 0.1.0
+maintainers:
+  - name: allanger
+    email: allanger@zohomail.com
+    url: https://badhouseplants.net
+dependencies:
+  - name: helm-library
+    version: 0.2.6
+    repository: oci://ghcr.io/allanger/allangers-helm-library
+annotations:
+  allowed_workload_kinds: "Deployment"
+home: https://badhouseplants.net
diff --git a/helm/templates/install.yaml b/helm/templates/install.yaml
new file mode 100644
index 0000000..1e26fb7
--- /dev/null
+++ b/helm/templates/install.yaml
@@ -0,0 +1,6 @@
+{{ include "lib.component.workload" (dict "ctx" .)}}
+{{ include "lib.component.service" (dict "ctx" .) }}
+{{ include "lib.component.ingress" (dict "ctx" .) }}
+{{ include "lib.component.environment" (dict "ctx" .) }}
+{{ include "lib.component.storage" (dict "ctx" .) }}
+{{ include "lib.component.templates" (dict "ctx" .) }}
diff --git a/helm/values.yaml b/helm/values.yaml
new file mode 100644
index 0000000..309bdca
--- /dev/null
+++ b/helm/values.yaml
@@ -0,0 +1,103 @@
+---
+shortcuts:
+  hostname: badhouseplants.net
+
+base:
+  workload:
+    kind: Deployment
+    strategy:
+      type: RollingUpdate
+    initContainer:
+      faircamp:
+        image:
+          registry: gitea.badhouseplants.net
+          repository: badhouseplants/faircamp-site
+          tag: latest
+          pullPolicy: Always
+        volumeMounts:
+          storage:
+            site:
+              path: /data/.faircamp_build
+    containers:
+      nginx:
+        image:
+          registry: registry.hub.docker.com
+          repository: nginxinc/nginx-unprivileged
+          tag: latest
+          pullPolicy: Always
+        ports:
+          main: 
+            - nginx
+        volumeMounts:
+          storage:
+            site:
+              path: /usr/share/nginx/html
+        livenessProbe:
+          httpGet:
+            path: /
+            port: 8080
+            httpHeaders:
+          initialDelaySeconds: 3
+          periodSeconds: 3
+        readinessProbe:
+          httpGet:
+            path: /
+            port: 8080
+            httpHeaders:
+          initialDelaySeconds: 3
+          periodSeconds: 3
+
+ingress:
+  main:
+    enabled: true
+    class: traefik
+    rules:
+      - host: '{{ .Values.shortcuts.hostname }}'
+        http:
+          paths:
+            - backend:
+                service:
+                  name: '{{ include "chart.fullname" $ }}-main'
+                  port:
+                    number: 8080
+              path: /
+              pathType: Prefix
+    tls:
+      - hosts:
+          - '{{ .Values.shortcuts.hostname }}'
+        secretName: '{{ .Values.shortcuts.hostname }}'
+extraVolumes:
+  logs: 
+    emptyDir: {}
+
+services:
+  main:
+    enabled: true
+    type: ClusterIP
+    ports:
+      nginx:
+        port: 8080
+        targetPort: 8080
+        protocol: TCP
+
+storage:
+  site:
+    enabled: true
+    storageClassName: default
+    size: 3Gi
+    accessModes:
+      - ReadWriteOnce
+
+config:
+  # -- Please have a look here: https://github.com/dani-garcia/vaultwarden/blob/main/.env.template
+  env:
+    main:
+      enabled: false
+      sensitive: false
+      remove: []
+      data: {}
+    secrets:
+      enabled: false
+      sensitive: true
+      remove: []
+      data: {}
diff --git a/renovate.json b/renovate.json
new file mode 100644
index 0000000..7190a60
--- /dev/null
+++ b/renovate.json
@@ -0,0 +1,3 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json"
+}