diff --git a/apps/opengist/deployment.yaml b/apps/opengist/deployment.yaml
new file mode 100644
index 0000000..29be0cc
--- /dev/null
+++ b/apps/opengist/deployment.yaml
@@ -0,0 +1,47 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: opengist
+  labels:
+    app.kubernetes.io/name: opengist
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: opengist
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: opengist
+    spec:
+      affinity:
+        nodeAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 1
+            preference:
+              matchExpressions:
+              - key: location
+                operator: In
+                values:
+                - fsn
+      volumes:
+        - name: opengist-data
+          persistentVolumeClaim:
+            claimName: opengist-data-pvc
+      containers:
+        - name: opengist
+          image: ghcr.io/thomiceli/opengist:1.10
+          ports:
+            - containerPort: 6157
+          volumeMounts:
+          - name: opengist-data
+            mountPath: "/opengist"
+          envFrom:
+            - secretRef:
+                name: opengist-secret
+          # livenessProbe:
+          #   httpGet:
+          #     path: /healthcheck
+          #     port: 6157
+          #   initialDelaySeconds: 3
+          #   periodSeconds: 3
\ No newline at end of file
diff --git a/apps/opengist/kustomization.yaml b/apps/opengist/kustomization.yaml
new file mode 100644
index 0000000..70ad41e
--- /dev/null
+++ b/apps/opengist/kustomization.yaml
@@ -0,0 +1,5 @@
+resources:
+  - deployment.yaml
+  - pvc.yaml
+  - services.yaml
+  - secrets.yaml
\ No newline at end of file
diff --git a/apps/opengist/pvc.yaml b/apps/opengist/pvc.yaml
new file mode 100644
index 0000000..fdf8c48
--- /dev/null
+++ b/apps/opengist/pvc.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: opengist-data-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: longhorn
+  resources:
+    requests:
+      storage: 2Gi
\ No newline at end of file
diff --git a/apps/opengist/secrets.sops.yaml b/apps/opengist/secrets.sops.yaml
new file mode 100644
index 0000000..1f30be4
--- /dev/null
+++ b/apps/opengist/secrets.sops.yaml
@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: opengist-secret
+type: Opaque
+data:
+    OG_DB_URI: ENC[AES256_GCM,data:tABwjm4xboh+rWK29RvrsrqFcjxZ8o2H6X7L5Df1Yq0u8csBYfyW9S00i8RCXuhLYlpzdBljqEziVQaM3CnS+1hBe25NH5F+AlfI1HHvyecYadJpu1eqnpamwx3U9cCvr61C6EU2t1Q=,iv:+eWcG8HmNepeuEIKJ2p5Tx6Tt35Gx+QIzuUIq13lev4=,tag:BXMGLxyEgPWWDeuB8H1Q+g==,type:str]
+    OG_SECRET_KEY: ENC[AES256_GCM,data:xkKFt5gY8QPiwgks/QBDinZpM1BMzF0vNjj1BYDdfi1dSxojtvWiMuIOW+UzUHMzvli57VP/uulQPSboSo0JjSHQkn9t/WcdpvkZcFqxhxOoemKbCeSBWQ==,iv:wbT9aJQBN+H061o4B8iYgZ07MVKs7PRIjJInRGp/gqU=,tag:QxJcRCovdL4ithHUEP9TUw==,type:str]
+    OG_OIDC_PROVIDER_NAME: ENC[AES256_GCM,data:mogs2Gsxqv58bucjAVK6RogzNm4=,iv:IjVZJrI7J8W2vzpnB3DQBz+eSMONMNXZkJeJL+BbrZQ=,tag:BQVXXdyt/X3fJB8yf120QA==,type:str]
+    OG_OIDC_CLIENT_KEY: ENC[AES256_GCM,data:HT2ZJdjGbHqWn6SbmB7lZrGe69kP6o9qR4Xh989DE3kWSveRMtI+VRASmyTXn2aw,iv:wQb9yX31KXKjuv0/jo9cGR2xAW209GAj2P0ncJWDCbw=,tag:fbx2GoUPHgM1fUd44LbZEw==,type:str]
+    OG_OIDC_SECRET: ENC[AES256_GCM,data:tw+3seU/EftAXwX98XzmrV2FB47/30Gk72vzTEi+b6PeCwGhZ5nURdWu91w=,iv:cCRmKiDEm3vbc8nS/q3JvpsvSFr2OYh39sTNazOtXSY=,tag:Mq1huCNxBvbsrc0FM3Cx1Q==,type:str]
+    OG_OIDC_DISCOVERY_URL: ENC[AES256_GCM,data:Zy2vHBcXXsUEnyoOy1ZaNbPIgw7a698YL57NGTjlu3vFid9ErXgVZUMFG6eTC5yZ0e+6Be6iflt5sn6DCpdWPHom7gtz+yedva+4qw==,iv:AwNxTG/CHT9mKiUxwIVAo4723SiJAG0qdiElgri6G+s=,tag:LC3GfVihBf8ejRAejigNEg==,type:str]
+sops:
+    age:
+        - recipient: age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIeEt4Z1hoQlYrc05kTVhY
+            WEZCMUIvbGZwVmpyNE1yOVhGN3RIUmFyUm1FCkYvUFFqd1BVV3Q2S1BrSk43cTBW
+            d245SkVRT1lyV0sveVBNdythb0prR1UKLS0tIFZqQXpjZDFMSFZQY2hLcFFFcVE3
+            SVVxN2QrOS9BdDRobFIyLyt0MFZkNGcKlCQBy2ilbTPhGzIME8bDSKkm6FTkKW1M
+            zAzWSWp7ZBQ6zeX7lj6p7kV/BAjFJx6Hk3mf7PPdE6BwOiH5vccD+g==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-06-03T19:37:07Z"
+    mac: ENC[AES256_GCM,data:4SVbt5KtH2JaAW1HomJiQ7WceYbNbrXJ75At6mK1C+vfEVcnJ/5V7LXciqg56o3A0+R4NedXRzDeHJaMDQafWArfW8nfOtScoKDCD6xGT58/qwf+S3qFt40U8j3+QEUwJyNLT6y4dORm1kQ64o9lan26fOC2GJhwDaHo2DgCoqU=,iv:HIjhe7BwV5bE6eaZzmJmOur0a5sjAhbtvhxyhJrWVK8=,tag:IrAR4Lzo7TbDEwlP7P7COQ==,type:str]
+    encrypted_regex: ^(data|stringData)$
+    version: 3.10.2
diff --git a/apps/opengist/services.yaml b/apps/opengist/services.yaml
new file mode 100644
index 0000000..b532283
--- /dev/null
+++ b/apps/opengist/services.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: opengist
+spec:
+  type: ClusterIP
+  selector:
+    app.kubernetes.io/name: opengist
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 6157
+      name: http
\ No newline at end of file