diff --git a/apps-kustomized/fyldessh/configmap.yaml b/apps-kustomized/fyldessh/configmap.yaml
new file mode 100644
index 0000000..8cae750
--- /dev/null
+++ b/apps-kustomized/fyldessh/configmap.yaml
@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  creationTimestamp: null
+  name: ssh-config
+data:
+  config: |-
+    Host nas
+      Hostname 127.0.0.1
+      Port 6666
+      User nas
+      IdentityFile /ssh-keys/nas/nas
+      ProxyCommand ssh -W %h:%p jumphost
+      StrictHostKeyChecking no
+      UserKnownHostsFile /dev/null
+      SessionType none
+      LocalForward 0.0.0.0:8123 localhost:8123
+      LocalForward 0.0.0.0:22 localhost:22
+      LocalForward 0.0.0.0:1883 localhost:1883
+      DynamicForward 0.0.0.0:8080
+
+    Host jumphost
+      Hostname gunpoint.org.uk
+      Port 22
+      User remote
+      IdentityFile /ssh-keys/bounce/bounce
+      StrictHostKeyChecking no
+      UserKnownHostsFile /dev/null
+
+
diff --git a/apps-kustomized/fyldessh/deploy.yaml b/apps-kustomized/fyldessh/deploy.yaml
new file mode 100644
index 0000000..decf154
--- /dev/null
+++ b/apps-kustomized/fyldessh/deploy.yaml
@@ -0,0 +1,55 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: fyldessh
+  name: fyldessh
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: fyldessh
+  template:
+    metadata:
+      labels:
+        app: fyldessh
+    spec:
+      containers:
+      - command:
+        - ssh
+        - nas
+        image: kroniak/ssh-client
+        name: ssh-client
+        resources: {}
+        volumeMounts:
+        - mountPath: /ssh-keys/bounce
+          name: ssh-key-bounce
+        - mountPath: /ssh-keys/nas
+          name: ssh-key-nas
+        - mountPath: /root/.ssh/config
+          name: ssh-config
+          subPath: config
+        livenessProbe:
+          tcpSocket:
+            port: 22
+          initialDelaySeconds: 15
+          periodSeconds: 10
+        readinessProbe:
+          httpGet:
+            path: /manifest.json
+            port: 8123
+          initialDelaySeconds: 15
+          periodSeconds: 10
+      restartPolicy: Always
+      volumes:
+      - name: ssh-key-bounce
+        secret:
+          defaultMode: 256
+          secretName: ssh-key-bounce
+      - name: ssh-key-nas
+        secret:
+          defaultMode: 256
+          secretName: ssh-key-nas
+      - name: ssh-config
+        configMap:
+          name: ssh-config
diff --git a/apps-kustomized/fyldessh/svc-ha.yaml b/apps-kustomized/fyldessh/svc-ha.yaml
new file mode 100644
index 0000000..3bbb240
--- /dev/null
+++ b/apps-kustomized/fyldessh/svc-ha.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: ha.fylde.martyn.berlin
+  labels:
+    app: fyldessh
+  name: homeassistant
+spec:
+  ports:
+  - nodePort: 32321
+    port: 80
+    targetPort: 8123
+  selector:
+    app: fyldessh
+  type: LoadBalancer
diff --git a/apps-kustomized/fyldessh/svc-mqtt.yaml b/apps-kustomized/fyldessh/svc-mqtt.yaml
new file mode 100644
index 0000000..b5031c8
--- /dev/null
+++ b/apps-kustomized/fyldessh/svc-mqtt.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: ssh.fylde.martyn.berlin
+  labels:
+    app: fyldessh
+  name: mosquitto
+spec:
+  ports:
+  - nodePort: 32532
+    port: 1883
+  selector:
+    app: fyldessh
+  type: LoadBalancer
diff --git a/apps-kustomized/fyldessh/svc-socks.yaml b/apps-kustomized/fyldessh/svc-socks.yaml
new file mode 100644
index 0000000..f8ca1d2
--- /dev/null
+++ b/apps-kustomized/fyldessh/svc-socks.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: socks.fylde.martyn.berlin
+  labels:
+    app: fyldessh
+  name: socks
+spec:
+  ports:
+  - nodePort: 30313
+    port: 8080
+  selector:
+    app: fyldessh
+  type: LoadBalancer
diff --git a/apps-kustomized/fyldessh/svc-ssh.yaml b/apps-kustomized/fyldessh/svc-ssh.yaml
new file mode 100644
index 0000000..aa105dd
--- /dev/null
+++ b/apps-kustomized/fyldessh/svc-ssh.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: ssh.fylde.martyn.berlin
+  name: ssh
+spec:
+  ports:
+  - nodePort: 31774
+    port: 22
+  selector:
+    app: fyldessh
+  type: LoadBalancer
diff --git a/everything-app/fyldessh.yaml b/everything-app/fyldessh.yaml
new file mode 100644
index 0000000..ea2d336
--- /dev/null
+++ b/everything-app/fyldessh.yaml
@@ -0,0 +1,14 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: fyldessh
+  namespace: argocd
+spec:
+  destination:
+    namespace: fyldessh
+    server: https://kubernetes.default.svc
+  project: apps
+  source:
+    path: apps-kustomized/fyldessh
+    repoURL: http://forgejo.git.svc.cluster.local/martyn/infra4talos
+    targetRevision: HEAD