diff --git a/.sops.yaml b/.sops.yaml
index 4a815be..8953efe 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -8,3 +8,7 @@ creation_rules:
     key_groups:
       - age:
           - age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
+  - path_regex: common/values/secrets.*
+    key_groups:
+      - age:
+          - age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
diff --git a/common/environments.yaml b/common/environments.yaml
index b7b036b..c43d5a0 100644
--- a/common/environments.yaml
+++ b/common/environments.yaml
@@ -2,7 +2,7 @@ environments:
   badhouseplants:
     kubeContext: badhouseplants
     values:
-      #- ./common/values/values.badhouseplants.yaml
+      - ./common/values/values.badhouseplants.yaml
       - base:
           enabled: true
       - velero:
diff --git a/common/templates.yaml b/common/templates.yaml
index a7a5fe1..5b5e28c 100644
--- a/common/templates.yaml
+++ b/common/templates.yaml
@@ -1,3 +1,6 @@
+helmDefaults:
+  kubeContext: "{{ .StateValues.kubeContext }}"
+
 templates:
   # ---------------------------
   # -- Hooks
@@ -39,19 +42,19 @@ templates:
       - '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/secrets.{{ `{{ .Release.Name }}` }}.yaml'
   common-values:
     values:
-      - '{{ requiredEnv "PWD" }}/values/common/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.yaml'
+      - '../values/common/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.yaml'
   common-values-tpl:
     values:
-      - '{{ requiredEnv "PWD" }}/values/common/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.gotmpl'
+      - '../values/common/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.gotmpl'
   env-values:
     values:
-      - '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.yaml'
+      - '../values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.yaml'
   env-values-tpl:
     values:
-      - '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.gotmpl'
+      - '../values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.gotmpl'
   env-secrets:
     secrets:
-      - '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/secrets.yaml'
+      - '../values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/secrets.yaml'
   # ----------------------------
   # -- Extensions
   # ----------------------------
diff --git a/helmfile.yaml b/helmfile.yaml
deleted file mode 100644
index 7ad3f7c..0000000
--- a/helmfile.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-bases:
-  - ./common/environments.yaml
-  - ./common/templates.yaml
-  - ./helmfiles/base.yaml
-  - ./helmfiles/system.yaml
-  - ./helmfiles/platform.yaml
diff --git a/helmfile.yaml.gotmpl b/helmfile.yaml.gotmpl
new file mode 100644
index 0000000..0fc45c0
--- /dev/null
+++ b/helmfile.yaml.gotmpl
@@ -0,0 +1,22 @@
+---
+bases:
+  - ./common/environments.yaml
+
+---
+helmfiles:
+  - path: ./helmfiles/base.yaml
+    values:
+      - kubeContext: "{{ .Environment.KubeContext }}"
+      - {{ toYaml .Environment.Values | nindent 8 }}
+  - path: ./helmfiles/system.yaml
+    values:
+      - kubeContext: "{{ .Environment.KubeContext }}"
+      - {{ toYaml .Environment.Values | nindent 8 }}
+  - path: ./helmfiles/platform.yaml
+    values:
+      - kubeContext: "{{ .Environment.KubeContext }}"
+      - {{ toYaml .Environment.Values | nindent 8 }}
+  - path: ./helmfiles/databases.yaml
+    values:
+      - kubeContext: "{{ .Environment.KubeContext }}"
+      - {{ toYaml .Environment.Values | nindent 8 }}
diff --git a/helmfiles/base.yaml b/helmfiles/base.yaml
index 53e30bc..9d3c55a 100644
--- a/helmfiles/base.yaml
+++ b/helmfiles/base.yaml
@@ -1,7 +1,10 @@
+bases:
+  - ../common/templates.yaml
+
 releases:
   # -- This one must be executed with --take-ownership at least once
   - name: namespaces
-    chart: ./charts/namespaces
+    chart: ../charts/namespaces
     namespace: kube-system
     createNamespace: false
     inherit:
@@ -9,7 +12,7 @@ releases:
       - template: env-secrets
 
   - name: roles
-    chart: ./charts/roles
+    chart: ../charts/roles
     namespace: kube-system
     createNamespace: false
     needs:
diff --git a/helmfiles/databases.yaml b/helmfiles/databases.yaml
new file mode 100644
index 0000000..7621c42
--- /dev/null
+++ b/helmfiles/databases.yaml
@@ -0,0 +1,45 @@
+bases:
+  - ../common/templates.yaml
+
+repositories:
+  - name: bitnami
+    url: registry-1.docker.io/bitnamicharts
+    oci: true
+  - name: bedag
+    url: https://bedag.github.io/helm-charts/
+commonLabels:
+  installation: databases
+releases:
+  - name: redis
+    chart: bitnami/redis
+    namespace: databases
+    condition: redis.enabled
+    version: 20.11.3
+    inherit:
+      - template: common-values-tpl
+      - template: env-values
+      - template: env-secrets
+
+  - name: postgres16
+    labels:
+      bundle: postgres
+    namespace: databases
+    chart: bitnami/postgresql
+    condition: postgres16.enabled
+    version: 15.5.38
+    inherit:
+      - template: common-values-tpl
+      - template: env-values
+      - template: env-secrets
+
+  - name: postgres17
+    labels:
+      bundle: postgres
+    namespace: databases
+    chart: bitnami/postgresql
+    condition: postgres17.enabled
+    version: 16.3.4
+    inherit:
+      - template: common-values-tpl
+      - template: env-values
+      - template: env-secrets
diff --git a/helmfiles/platform.yaml b/helmfiles/platform.yaml
index bbde603..12e1abd 100644
--- a/helmfiles/platform.yaml
+++ b/helmfiles/platform.yaml
@@ -1,3 +1,6 @@
+bases:
+  - ../common/templates.yaml
+
 repositories:
   - name: keel
     url: https://keel-hq.github.io/keel/
diff --git a/helmfiles/system.yaml b/helmfiles/system.yaml
index e617b66..483c149 100644
--- a/helmfiles/system.yaml
+++ b/helmfiles/system.yaml
@@ -1,3 +1,6 @@
+bases:
+  - ../common/templates.yaml
+
 repositories:
   - name: coredns
     url: https://coredns.github.io/helm
@@ -54,7 +57,7 @@ releases:
       - template: common-values-tpl
 
   - name: issuer
-    chart: ./charts/issuer
+    chart: ../charts/issuer
     namespace: kube-system
     missingFileHandler: Warn
     needs:
@@ -85,7 +88,7 @@ releases:
       - kyverno/kyverno
 
   - name: custom-kyverno-policies
-    chart: ./kustomizations/kyverno/{{ .Environment.Name }}
+    chart: ../kustomizations/kyverno/{{ .Environment.Name }}
     namespace: kyverno
     needs:
       - kyverno/kyverno
@@ -102,7 +105,7 @@ releases:
       - template: common-values-tpl
 
   - name: metallb-resources
-    chart: ./charts/metallb-resources
+    chart: ../charts/metallb-resources
     version: 2.0.0
     condition: base.enabled
     namespace: kube-system
diff --git a/values/badhouseplants/secrets.postgres16.yaml b/values/badhouseplants/databases/postgres16/secrets.yaml
similarity index 100%
rename from values/badhouseplants/secrets.postgres16.yaml
rename to values/badhouseplants/databases/postgres16/secrets.yaml
diff --git a/values/badhouseplants/values.postgres16.yaml b/values/badhouseplants/databases/postgres16/values.yaml
similarity index 97%
rename from values/badhouseplants/values.postgres16.yaml
rename to values/badhouseplants/databases/postgres16/values.yaml
index a242852..9b86471 100644
--- a/values/badhouseplants/values.postgres16.yaml
+++ b/values/badhouseplants/databases/postgres16/values.yaml
@@ -9,7 +9,7 @@ metrics:
 primary:
   persistence:
     size: 2Gi
-  resources: 
+  resources:
     limits:
       ephemeral-storage: 1Gi
       memory: 512Mi
diff --git a/values/badhouseplants/secrets.postgres17.yaml b/values/badhouseplants/databases/postgres17/secrets.yaml
similarity index 100%
rename from values/badhouseplants/secrets.postgres17.yaml
rename to values/badhouseplants/databases/postgres17/secrets.yaml
diff --git a/values/badhouseplants/values.postgres17.yaml b/values/badhouseplants/databases/postgres17/values.yaml
similarity index 100%
rename from values/badhouseplants/values.postgres17.yaml
rename to values/badhouseplants/databases/postgres17/values.yaml
diff --git a/values/badhouseplants/secrets.redis.yaml b/values/badhouseplants/databases/redis/secrets.yaml
similarity index 100%
rename from values/badhouseplants/secrets.redis.yaml
rename to values/badhouseplants/databases/redis/secrets.yaml
diff --git a/values/badhouseplants/values.redis.yaml b/values/badhouseplants/databases/redis/values.yaml
similarity index 100%
rename from values/badhouseplants/values.redis.yaml
rename to values/badhouseplants/databases/redis/values.yaml
diff --git a/values/common/databases/postgres16/values.gotmpl b/values/common/databases/postgres16/values.gotmpl
new file mode 100644
index 0000000..02dd22a
--- /dev/null
+++ b/values/common/databases/postgres16/values.gotmpl
@@ -0,0 +1,6 @@
+global:
+  imageRegistry: {{ .Values.registry }}
+  imagePullSecrets:
+    - regcred
+  security:
+    allowInsecureImages: true
diff --git a/values/common/databases/postgres17/values.gotmpl b/values/common/databases/postgres17/values.gotmpl
new file mode 100644
index 0000000..02dd22a
--- /dev/null
+++ b/values/common/databases/postgres17/values.gotmpl
@@ -0,0 +1,6 @@
+global:
+  imageRegistry: {{ .Values.registry }}
+  imagePullSecrets:
+    - regcred
+  security:
+    allowInsecureImages: true
diff --git a/values/common/databases/redis/values.gotmpl b/values/common/databases/redis/values.gotmpl
new file mode 100644
index 0000000..045f569
--- /dev/null
+++ b/values/common/databases/redis/values.gotmpl
@@ -0,0 +1,6 @@
+global:
+  imageRegistry: {{ .Values.registry}}
+  imagePullSecrets:
+    - regcred
+  security:
+    allowInsecureImages: true