diff --git a/kubernetes/apps/default/kustomization.yaml b/kubernetes/apps/default/kustomization.yaml
index c927d92..4ab6e18 100644
--- a/kubernetes/apps/default/kustomization.yaml
+++ b/kubernetes/apps/default/kustomization.yaml
@@ -14,3 +14,4 @@ resources:
   - ./sabnzbd/ks.yaml
   - ./atuin/ks.yaml
   - ./prowlarr/ks.yaml
+  - ./unpackerr/ks.yaml
diff --git a/kubernetes/apps/default/unpackerr/app/externalsecret.yaml b/kubernetes/apps/default/unpackerr/app/externalsecret.yaml
new file mode 100644
index 0000000..ef51d83
--- /dev/null
+++ b/kubernetes/apps/default/unpackerr/app/externalsecret.yaml
@@ -0,0 +1,30 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: unpackerr
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  target:
+    name: unpackerr-secret
+    template:
+      engineVersion: v2
+      data:
+        UN_RADARR_0_API_KEY: "{{ .radarr_api_key }}"
+        UN_SONARR_0_API_KEY: "{{ .sonarr_api_key }}"
+  dataFrom:
+    - extract:
+        key: radarr
+      rewrite:
+        - regexp:
+            source: "(.*)"
+            target: "radarr_$1"
+    - extract:
+        key: sonarr
+      rewrite:
+        - regexp:
+            source: "(.*)"
+            target: "sonarr_$1"
diff --git a/kubernetes/apps/default/unpackerr/app/helmrelease.yaml b/kubernetes/apps/default/unpackerr/app/helmrelease.yaml
new file mode 100644
index 0000000..116dc2b
--- /dev/null
+++ b/kubernetes/apps/default/unpackerr/app/helmrelease.yaml
@@ -0,0 +1,84 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: unpackerr
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.4.0
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+      strategy: rollback
+  values:
+    controllers:
+      unpackerr:
+        annotations:
+          reloader.stakater.com/auto: "true"
+        containers:
+          app:
+            image:
+              repository: ghcr.io/unpackerr/unpackerr
+              tag: 0.14.5@sha256:dc72256942ce50d1c8a1aeb5aa85b6ae2680a36eefd2182129d8d210fce78044
+            env:
+              TZ: America/Chicago
+              UN_WEBSERVER_METRICS: "true"
+              UN_SONARR_0_URL: http://sonarr.default.svc.cluster.local
+              UN_SONARR_0_PATHS_0: /data/nas-media/qb/downloads/complete/sonarr/
+              UN_RADARR_0_URL: http://radarr.default.svc.cluster.local
+              UN_RADARR_0_PATHS_0: /data/nas-media/qb/downloads/complete/radarr/
+            envFrom:
+              - secretRef:
+                  name: unpackerr-secret
+            securityContext:
+              allowPrivilegeEscalation: false
+              readOnlyRootFilesystem: true
+              capabilities: { drop: ["ALL"] }
+            resources:
+              requests:
+                cpu: 10m
+              limits:
+                memory: 4Gi
+        pod:
+          securityContext:
+            runAsUser: 568
+            runAsGroup: 568
+            runAsNonRoot: true
+            fsGroup: 568
+            fsGroupChangePolicy: OnRootMismatch
+    service:
+      app:
+        controller: unpackerr
+        ports:
+          http:
+            port: 5656
+    serviceMonitor:
+      app:
+        serviceName: unpackerr
+        endpoints:
+          - port: http
+            scheme: http
+            path: /metrics
+            interval: 1m
+            scrapeTimeout: 10s
+    persistence:
+      media:
+        type: nfs
+        server: 10.1.1.13
+        path: /eru/media
+        advancedMounts:
+          unpackerr:
+            app:
+              - path: /data/nas-media
diff --git a/kubernetes/apps/default/unpackerr/app/kustomization.yaml b/kubernetes/apps/default/unpackerr/app/kustomization.yaml
new file mode 100644
index 0000000..4eed917
--- /dev/null
+++ b/kubernetes/apps/default/unpackerr/app/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./externalsecret.yaml
+  - ./helmrelease.yaml
diff --git a/kubernetes/apps/default/unpackerr/ks.yaml b/kubernetes/apps/default/unpackerr/ks.yaml
new file mode 100644
index 0000000..072e1f3
--- /dev/null
+++ b/kubernetes/apps/default/unpackerr/ks.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app unpackerr
+  namespace: flux-system
+spec:
+  targetNamespace: default
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  dependsOn:
+    - name: external-secrets-stores
+  path: ./kubernetes/apps/default/unpackerr/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: theshire
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m