diff --git a/infrastructure/core/coredns-custom.yaml b/infrastructure/core/coredns-custom.yaml
new file mode 100644
index 0000000..ad07d2a
--- /dev/null
+++ b/infrastructure/core/coredns-custom.yaml
@@ -0,0 +1,42 @@
+# infrastructure/core/coredns-custom.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: coredns-custom
+  namespace: kube-system
+data:
+  bstein-dev.server: |
+    bstein.dev:53 {
+      errors
+      cache 30
+      hosts {
+        192.168.22.9 alerts.bstein.dev
+        192.168.22.9 auth.bstein.dev
+        192.168.22.9 bstein.dev
+        192.168.22.9 call.live.bstein.dev
+        192.168.22.9 cd.bstein.dev
+        192.168.22.9 chat.ai.bstein.dev
+        192.168.22.9 ci.bstein.dev
+        192.168.22.9 cloud.bstein.dev
+        192.168.22.9 health.bstein.dev
+        192.168.22.9 kit.live.bstein.dev
+        192.168.22.9 live.bstein.dev
+        192.168.22.9 logs.bstein.dev
+        192.168.22.9 longhorn.bstein.dev
+        192.168.22.9 mail.bstein.dev
+        192.168.22.9 matrix.live.bstein.dev
+        192.168.22.9 metrics.bstein.dev
+        192.168.22.9 monero.bstein.dev
+        192.168.22.9 notes.bstein.dev
+        192.168.22.9 office.bstein.dev
+        192.168.22.9 pegasus.bstein.dev
+        192.168.22.9 registry.bstein.dev
+        192.168.22.9 scm.bstein.dev
+        192.168.22.9 secret.bstein.dev
+        192.168.22.9 sso.bstein.dev
+        192.168.22.9 stream.bstein.dev
+        192.168.22.9 tasks.bstein.dev
+        192.168.22.9 vault.bstein.dev
+        fallthrough
+      }
+    }
diff --git a/infrastructure/core/kustomization.yaml b/infrastructure/core/kustomization.yaml
index 14d6a02..5e74d81 100644
--- a/infrastructure/core/kustomization.yaml
+++ b/infrastructure/core/kustomization.yaml
@@ -4,5 +4,6 @@ kind: Kustomization
 resources:
   - ../modules/base
   - ../modules/profiles/atlas-ha
+  - coredns-custom.yaml
   - ../sources/cert-manager/letsencrypt.yaml
   - ../sources/cert-manager/letsencrypt-prod.yaml
diff --git a/infrastructure/traefik/deployment.yaml b/infrastructure/traefik/deployment.yaml
index a34307a..600a504 100644
--- a/infrastructure/traefik/deployment.yaml
+++ b/infrastructure/traefik/deployment.yaml
@@ -27,6 +27,8 @@ items:
         creationTimestamp: null
         labels:
           app: traefik
+          app.kubernetes.io/instance: traefik-kube-system
+          app.kubernetes.io/name: traefik
       spec:
         containers:
         - args:
diff --git a/services/gitea/ingress.yaml b/services/gitea/ingress.yaml
index 0077ba4..b3cd845 100644
--- a/services/gitea/ingress.yaml
+++ b/services/gitea/ingress.yaml
@@ -7,6 +7,8 @@ metadata:
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt
     nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.tls: "true"
 spec:
   tls:
     - hosts: