diff --git a/k8s-test/core/.terraform.lock.hcl b/k8s-test/core/.terraform.lock.hcl
new file mode 100644
index 0000000..8982790
--- /dev/null
+++ b/k8s-test/core/.terraform.lock.hcl
@@ -0,0 +1,38 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/helm" {
+  version = "2.4.1"
+  hashes = [
+    "h1:aFvUq5HOEwFV/3e7DGU45zDf6j2SThDRjaCAeY2Qfss=",
+    "zh:07517b24ea2ce4a1d3be3b88c3efc7fb452cd97aea8fac93ca37a08a8ec06e14",
+    "zh:11ef6118ed03a1b40ff66adfe21b8707ece0568dae1347ddfbcff8452c0655d5",
+    "zh:1ae07e9cc6b088a6a68421642c05e2fa7d00ed03e9401e78c258cf22a239f526",
+    "zh:1c5b4cd44033a0d7bf7546df930c55aa41db27b70b3bca6d145faf9b9a2da772",
+    "zh:256413132110ddcb0c3ea17c7b01123ad2d5b70565848a77c5ccc22a3f32b0dd",
+    "zh:4ab46fd9aadddef26604382bc9b49100586647e63ef6384e0c0c3f010ff2f66e",
+    "zh:5a35d23a9f08c36fceda3cef7ce2c7dc5eca32e5f36494de695e09a5007122f0",
+    "zh:8e9823a1e5b985b63fe283b755a821e5011a58112447d42fb969c7258ed57ed3",
+    "zh:8f79722eba9bf77d341edf48a1fd51a52d93ec31d9cac9ba8498a3a061ea4a7f",
+    "zh:b2ea782848b10a343f586ba8ee0cf4d7ff65aa2d4b144eea5bbd8f9801b54c67",
+    "zh:e72d1ccf8a75d8e8456c6bb4d843fd4deb0e962ad8f167fa84cf17f12c12304e",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/kubernetes" {
+  version = "2.8.0"
+  hashes = [
+    "h1:LZLKGKTlBmG8jtMBdZ4ZMe+r15OQLSMYV0DktfROk+Y=",
+    "zh:0cf42c17c05ae5f0f5eb4b2c375dd2068960b97392e50823e47b2cee7b5e01be",
+    "zh:29e3751eceae92c7400a17fe3a5394ed761627bcadfda66e7ac91d6485c37927",
+    "zh:2d95584504c651e1e2e49fbb5fae1736e32a505102c3dbd2c319b26884a7d3d5",
+    "zh:4a5f1d915c19e7c7b4f04d7d68f82db2c872dad75b9e6f33a6ddce43aa160405",
+    "zh:4b959187fd2c884a4c6606e1c4edc7b506ec4cadb2742831f37aca1463eb349d",
+    "zh:5e76a2b81c93d9904d50c2a703845f79d2b080c2f87c07ef8f168592033d638f",
+    "zh:c5aa21a7168f96afa4b4776cbd7eefd3e1f47d48430dce75c7f761f2d2fac77b",
+    "zh:d45e8bd98fc6752ea087e744efdafb209e7ec5a4224f9affee0a24fb51d26bb9",
+    "zh:d4739255076ed7f3ac2a06aef89e8e48a87667f3e470c514ce2185c0569cc1fb",
+    "zh:dbd2f11529a422ffd17040a70c0cc2802b7f1be2499e976dc22f1138d022b1b4",
+    "zh:dbd5357082b2485bb9978bce5b6d508d6b431d15c53bfa1fcc2781131826b5d8",
+  ]
+}
diff --git a/k8s-test/core/main.tf b/k8s-test/core/main.tf
new file mode 100644
index 0000000..aaf4f87
--- /dev/null
+++ b/k8s-test/core/main.tf
@@ -0,0 +1,15 @@
+resource "helm_release" "traefik" {
+  name = "traefik"
+  repository = "https://helm.traefik.io/traefik"
+  chart = "traefik"
+
+  set {
+    name = "ingressClass.enabled"
+    value = true
+  }
+
+  set {
+    name = "ingressClass.isDefaultClass"
+    value = true
+  }
+}
diff --git a/k8s-test/core/providers.tf b/k8s-test/core/providers.tf
new file mode 100644
index 0000000..051ddc5
--- /dev/null
+++ b/k8s-test/core/providers.tf
@@ -0,0 +1,22 @@
+variable "kube_config_path" {
+  type = string
+  default = "~/.kube/config"
+}
+
+variable "kube_config_context" {
+  type = string
+  default = "colima"
+}
+
+provider "kubernetes" {
+  config_path = var.kube_config_path
+  config_context = var.kube_config_context
+}
+
+provider "helm" {
+  kubernetes {
+    config_path = var.kube_config_path
+    config_context = var.kube_config_context
+  }
+}
+
diff --git a/k8s-test/services/.terraform.lock.hcl b/k8s-test/services/.terraform.lock.hcl
new file mode 100644
index 0000000..8982790
--- /dev/null
+++ b/k8s-test/services/.terraform.lock.hcl
@@ -0,0 +1,38 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/helm" {
+  version = "2.4.1"
+  hashes = [
+    "h1:aFvUq5HOEwFV/3e7DGU45zDf6j2SThDRjaCAeY2Qfss=",
+    "zh:07517b24ea2ce4a1d3be3b88c3efc7fb452cd97aea8fac93ca37a08a8ec06e14",
+    "zh:11ef6118ed03a1b40ff66adfe21b8707ece0568dae1347ddfbcff8452c0655d5",
+    "zh:1ae07e9cc6b088a6a68421642c05e2fa7d00ed03e9401e78c258cf22a239f526",
+    "zh:1c5b4cd44033a0d7bf7546df930c55aa41db27b70b3bca6d145faf9b9a2da772",
+    "zh:256413132110ddcb0c3ea17c7b01123ad2d5b70565848a77c5ccc22a3f32b0dd",
+    "zh:4ab46fd9aadddef26604382bc9b49100586647e63ef6384e0c0c3f010ff2f66e",
+    "zh:5a35d23a9f08c36fceda3cef7ce2c7dc5eca32e5f36494de695e09a5007122f0",
+    "zh:8e9823a1e5b985b63fe283b755a821e5011a58112447d42fb969c7258ed57ed3",
+    "zh:8f79722eba9bf77d341edf48a1fd51a52d93ec31d9cac9ba8498a3a061ea4a7f",
+    "zh:b2ea782848b10a343f586ba8ee0cf4d7ff65aa2d4b144eea5bbd8f9801b54c67",
+    "zh:e72d1ccf8a75d8e8456c6bb4d843fd4deb0e962ad8f167fa84cf17f12c12304e",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/kubernetes" {
+  version = "2.8.0"
+  hashes = [
+    "h1:LZLKGKTlBmG8jtMBdZ4ZMe+r15OQLSMYV0DktfROk+Y=",
+    "zh:0cf42c17c05ae5f0f5eb4b2c375dd2068960b97392e50823e47b2cee7b5e01be",
+    "zh:29e3751eceae92c7400a17fe3a5394ed761627bcadfda66e7ac91d6485c37927",
+    "zh:2d95584504c651e1e2e49fbb5fae1736e32a505102c3dbd2c319b26884a7d3d5",
+    "zh:4a5f1d915c19e7c7b4f04d7d68f82db2c872dad75b9e6f33a6ddce43aa160405",
+    "zh:4b959187fd2c884a4c6606e1c4edc7b506ec4cadb2742831f37aca1463eb349d",
+    "zh:5e76a2b81c93d9904d50c2a703845f79d2b080c2f87c07ef8f168592033d638f",
+    "zh:c5aa21a7168f96afa4b4776cbd7eefd3e1f47d48430dce75c7f761f2d2fac77b",
+    "zh:d45e8bd98fc6752ea087e744efdafb209e7ec5a4224f9affee0a24fb51d26bb9",
+    "zh:d4739255076ed7f3ac2a06aef89e8e48a87667f3e470c514ce2185c0569cc1fb",
+    "zh:dbd2f11529a422ffd17040a70c0cc2802b7f1be2499e976dc22f1138d022b1b4",
+    "zh:dbd5357082b2485bb9978bce5b6d508d6b431d15c53bfa1fcc2781131826b5d8",
+  ]
+}
diff --git a/k8s-test/services/authentik/main.tf b/k8s-test/services/authentik/main.tf
new file mode 100644
index 0000000..3e413d8
--- /dev/null
+++ b/k8s-test/services/authentik/main.tf
@@ -0,0 +1,23 @@
+locals {
+  authentik_chart_values = {
+    "ingress.enabled" = true,
+    "ingress.hosts[0].host" = "authentik.dev.homelab"
+    "ingress.hosts[0].paths[0].path" = "/"
+    "ingress.hosts[0].paths[0].pathType" = "Prefix"
+  }
+}
+
+resource "helm_release" "authentik" {
+  name = "authentik"
+  repository = "https://charts.goauthentik.io/"
+  chart = "authentik"
+  version = "5.2.2"
+
+  dynamic "set" {
+    for_each = local.authentik_chart_values
+    content {
+      name = set.key
+      value = set.value
+    }
+  }
+}
diff --git a/k8s-test/services/blocky/config.yml b/k8s-test/services/blocky/config.yml
new file mode 100644
index 0000000..6f6c4a5
--- /dev/null
+++ b/k8s-test/services/blocky/config.yml
@@ -0,0 +1,21 @@
+upstream:
+  default:
+    - 1.1.1.1
+    - 1.0.0.1
+blocking:
+  blackLists:
+    ads:
+      - https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
+  clientGroupsBlock:
+    default:
+      - ads
+
+customDNS:
+  customTTL: 1h
+  mapping:
+    # TODO: Use a variable for this
+    dev.homelab: 192.168.2.41
+
+port: 53
+httpPort: 4000
+
diff --git a/k8s-test/services/blocky/main.tf b/k8s-test/services/blocky/main.tf
new file mode 100644
index 0000000..8ad0032
--- /dev/null
+++ b/k8s-test/services/blocky/main.tf
@@ -0,0 +1,25 @@
+locals {
+  blocky_config = file("${path.module}/blocky_config.yml")
+}
+
+resource "helm_release" "blocky" {
+  name = "blocky"
+  repository = "https://k8s-at-home.com/charts/"
+  chart = "blocky"
+
+
+  set {
+    name = "env.TZ"
+    value = "America/Los_Angeles"
+  }
+
+  set {
+    name = "metrics.enabled"
+    value = true
+  }
+
+  set {
+    name = "config"
+    value = "${local.blocky_config}"
+  }
+}
diff --git a/k8s-test/services/blocky_config.yml b/k8s-test/services/blocky_config.yml
new file mode 100644
index 0000000..6f6c4a5
--- /dev/null
+++ b/k8s-test/services/blocky_config.yml
@@ -0,0 +1,21 @@
+upstream:
+  default:
+    - 1.1.1.1
+    - 1.0.0.1
+blocking:
+  blackLists:
+    ads:
+      - https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
+  clientGroupsBlock:
+    default:
+      - ads
+
+customDNS:
+  customTTL: 1h
+  mapping:
+    # TODO: Use a variable for this
+    dev.homelab: 192.168.2.41
+
+port: 53
+httpPort: 4000
+
diff --git a/k8s-test/main.tf b/k8s-test/services/main.tf
similarity index 55%
rename from k8s-test/main.tf
rename to k8s-test/services/main.tf
index 3633b14..84dd0d9 100644
--- a/k8s-test/main.tf
+++ b/k8s-test/services/main.tf
@@ -1,41 +1,3 @@
-variable "kube_config_path" {
-  type = string
-  default = "~/.kube/config"
-}
-
-variable "kube_config_context" {
-  type = string
-  default = "colima"
-}
-
-provider "kubernetes" {
-  config_path = var.kube_config_path
-  config_context = var.kube_config_context
-}
-
-provider "helm" {
-  kubernetes {
-    config_path = var.kube_config_path
-    config_context = var.kube_config_context
-  }
-}
-
-resource "helm_release" "traefik" {
-  name = "traefik"
-  repository = "https://helm.traefik.io/traefik"
-  chart = "traefik"
-
-  set {
-    name = "ingressClass.enabled"
-    value = true
-  }
-
-  set {
-    name = "ingressClass.isDefaultClass"
-    value = true
-  }
-}
-
 resource "kubernetes_manifest" "traefik_dashboard" {
   manifest = {
     apiVersion = "traefik.containo.us/v1alpha1"
@@ -92,13 +54,43 @@ module "whoami2-ingress" {
   match_route = "PathPrefix(`/whoami2`)"
 }
 
-resource "helm_release" "prom_stack" {
-  name = "kube-prom-stack"
-  repository = "https://prometheus-community.github.io/helm-charts"
-  chart = "kube-prometheus-stack"
-
-  set {
-    name = "alert_manager.enabled"
-    value = false
-  }
+module "authentik" {
+  source = "./authentik"
 }
+
+# locals {
+#   blocky_config = file("${path.module}/blocky_config.yml")
+# }
+#
+# resource "helm_release" "blocky" {
+#   name = "blocky"
+#   repository = "https://k8s-at-home.com/charts/"
+#   chart = "blocky"
+#
+#
+#   set {
+#     name = "env.TZ"
+#     value = "America/Los_Angeles"
+#   }
+#
+#   set {
+#     name = "metrics.enabled"
+#     value = true
+#   }
+#
+#   set {
+#     name = "config"
+#     value = "${local.blocky_config}"
+#   }
+# }
+
+# resource "helm_release" "prom_stack" {
+#   name = "kube-prom-stack"
+#   repository = "https://prometheus-community.github.io/helm-charts"
+#   chart = "kube-prometheus-stack"
+#
+#   set {
+#     name = "alert_manager.enabled"
+#     value = false
+#   }
+# }
diff --git a/k8s-test/services/providers.tf b/k8s-test/services/providers.tf
new file mode 100644
index 0000000..051ddc5
--- /dev/null
+++ b/k8s-test/services/providers.tf
@@ -0,0 +1,22 @@
+variable "kube_config_path" {
+  type = string
+  default = "~/.kube/config"
+}
+
+variable "kube_config_context" {
+  type = string
+  default = "colima"
+}
+
+provider "kubernetes" {
+  config_path = var.kube_config_path
+  config_context = var.kube_config_context
+}
+
+provider "helm" {
+  kubernetes {
+    config_path = var.kube_config_path
+    config_context = var.kube_config_context
+  }
+}
+
diff --git a/k8s-test/simple_service/main.tf b/k8s-test/services/simple_service/main.tf
similarity index 100%
rename from k8s-test/simple_service/main.tf
rename to k8s-test/services/simple_service/main.tf
diff --git a/k8s-test/traefik_ingress/main.tf b/k8s-test/services/traefik_ingress/main.tf
similarity index 100%
rename from k8s-test/traefik_ingress/main.tf
rename to k8s-test/services/traefik_ingress/main.tf
diff --git a/k8s-test/whoami/deployment.yaml b/k8s-test/services/whoami/deployment.yaml
similarity index 100%
rename from k8s-test/whoami/deployment.yaml
rename to k8s-test/services/whoami/deployment.yaml
diff --git a/k8s-test/whoami/ingress.yml b/k8s-test/services/whoami/ingress.yml
similarity index 100%
rename from k8s-test/whoami/ingress.yml
rename to k8s-test/services/whoami/ingress.yml