diff --git a/apps/kustomization.yaml b/apps/kustomization.yaml
index 0975d84..8e1e7b5 100644
--- a/apps/kustomization.yaml
+++ b/apps/kustomization.yaml
@@ -1,7 +1,7 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - ./lldap
+  - ./lldap/bootstrap/
   - ./grafana
 
   - ./whoami.yaml
diff --git a/apps/lldap/bootstrap/kustomization.yaml b/apps/lldap/bootstrap/kustomization.yaml
index a5bf650..a1763af 100644
--- a/apps/lldap/bootstrap/kustomization.yaml
+++ b/apps/lldap/bootstrap/kustomization.yaml
@@ -1,5 +1,6 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
+namespace: lldap
 resources:
   - ./bootstrap-job.yaml
   - ../../../infra/authelia/secret-authelia-lldap.yaml
diff --git a/clusters/titan.lan.huizinga.dev/apps.yaml b/clusters/titan.lan.huizinga.dev/apps.yaml
index 0d5fb12..2fa54fe 100644
--- a/clusters/titan.lan.huizinga.dev/apps.yaml
+++ b/clusters/titan.lan.huizinga.dev/apps.yaml
@@ -10,6 +10,7 @@ spec:
     - name: dragonflydb
     - name: rook-ceph-cluster
     - name: akri
+    - name: lldap
   decryption:
     provider: sops
     secretRef:
diff --git a/clusters/titan.lan.huizinga.dev/infra/lldap.yaml b/clusters/titan.lan.huizinga.dev/infra/lldap.yaml
new file mode 100644
index 0000000..9d14cea
--- /dev/null
+++ b/clusters/titan.lan.huizinga.dev/infra/lldap.yaml
@@ -0,0 +1,26 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: lldap
+  namespace: flux-system
+spec:
+  interval: 15m
+  path: ./infra/lldap
+  dependsOn:
+    - name: traefik
+    - name: cnpg
+    - name: kyverno-policies
+  prune: true
+  timeout: 2m
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  wait: true
+  postBuild:
+    substituteFrom:
+      - kind: ConfigMap
+        name: domain-vars
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-gpg
diff --git a/apps/lldap/deployment.yaml b/infra/lldap/deployment.yaml
similarity index 85%
rename from apps/lldap/deployment.yaml
rename to infra/lldap/deployment.yaml
index b7d7807..d0b3435 100644
--- a/apps/lldap/deployment.yaml
+++ b/infra/lldap/deployment.yaml
@@ -1,9 +1,6 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  annotations:
-    lldap: https://github.com/nitnelave/lldap
-    k8s: https://github.com/Evantage-WS/lldap-kubernetes
   labels:
     app: lldap
   name: lldap
@@ -16,9 +13,6 @@ spec:
     type: Recreate
   template:
     metadata:
-      annotations:
-        lldap: https://github.com/nitnelave/lldap
-        k8s: https://github.com/Evantage-WS/lldap-kubernetes
       labels:
         app: lldap
     spec:
diff --git a/apps/lldap/ingress.yaml b/infra/lldap/ingress-route.yaml
similarity index 100%
rename from apps/lldap/ingress.yaml
rename to infra/lldap/ingress-route.yaml
diff --git a/apps/lldap/kustomization.yaml b/infra/lldap/kustomization.yaml
similarity index 74%
rename from apps/lldap/kustomization.yaml
rename to infra/lldap/kustomization.yaml
index cee71e9..b4d470f 100644
--- a/apps/lldap/kustomization.yaml
+++ b/infra/lldap/kustomization.yaml
@@ -3,9 +3,8 @@ kind: Kustomization
 namespace: lldap
 resources:
   - ./namespace.yaml
-  - ./secret.yaml
+  - ./secret-lldap-credentials.yaml
   - ./deployment.yaml
   - ./service.yaml
-  - ./ingress.yaml
-  - ./bootstrap
+  - ./ingress-route.yaml
   - ../../common/postgres
diff --git a/apps/lldap/namespace.yaml b/infra/lldap/namespace.yaml
similarity index 100%
rename from apps/lldap/namespace.yaml
rename to infra/lldap/namespace.yaml
diff --git a/apps/lldap/secret.yaml b/infra/lldap/secret-lldap-credentials.yaml
similarity index 89%
rename from apps/lldap/secret.yaml
rename to infra/lldap/secret-lldap-credentials.yaml
index 5e6ba04..5556eaa 100644
--- a/apps/lldap/secret.yaml
+++ b/infra/lldap/secret-lldap-credentials.yaml
@@ -12,8 +12,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2024-11-15T00:11:50Z"
-    mac: ENC[AES256_GCM,data:OzLVKH3dUInlnYZQV0qRyZqMOIMVAp9FMHf5Dl2abRzYJo67dBLErGqoYGfwSK5G1R6VLrIK0M9ibY6rL2kSHXTk7esjj404YAEBZgkNc7GBCnqLwUTiLu+XDk4lu+vqErP6hriem8/DK0w0E9KQSBsxPzIWJSMfk3vGyr1d+2I=,iv:1MDGsCx021d4Ob82Rq89JieTmkFbX6wxT1+taXI6H7o=,tag:e8LmFvLmB+rJb8xQ+DTFtg==,type:str]
+    lastmodified: "2025-03-06T23:49:59Z"
+    mac: ENC[AES256_GCM,data:ZOqHwRCaVup2NvSTgbE74T1tdCQl46pi3HSPCVGJBWpVTEdjjKs++X8g2EgXFPdJtOolhDrKYqx8EGpCeFXDdOvYolTfGNdTEMmddqeVAS9R/TBiga4HWM4cOu5utLSHgIFRVIrXvbcJzpR36zNy6qau9LStsaP4eXQ/U1Z+Ft8=,iv:j3aczsmvBge7i1AQZciVbSK6DU5wSkYamjpLhQYR5Zw=,tag:EZo+cThfGIiWkqGBA5JMow==,type:str]
     pgp:
         - created_at: "2024-11-14T23:59:47Z"
           enc: |-
@@ -57,4 +57,4 @@ sops:
             -----END PGP MESSAGE-----
           fp: 49F10679C425233EFB4B1B6F9D641BEFA42DEC28
     encrypted_regex: ^(data|stringData)$
-    version: 3.9.0
+    version: 3.9.1
diff --git a/apps/lldap/service.yaml b/infra/lldap/service.yaml
similarity index 64%
rename from apps/lldap/service.yaml
rename to infra/lldap/service.yaml
index 39c78d2..eff3e59 100644
--- a/apps/lldap/service.yaml
+++ b/infra/lldap/service.yaml
@@ -1,9 +1,6 @@
 apiVersion: v1
 kind: Service
 metadata:
-  annotations:
-    lldap: https://github.com/nitnelave/lldap
-    k8s: https://github.com/Evantage-WS/lldap-kubernetes
   name: lldap
 spec:
   ports: