diff --git a/kubernetes/apps/fediverse/peertube/app/externalsecret.yaml b/kubernetes/apps/fediverse/peertube/app/externalsecret.yaml
new file mode 100644
index 0000000..15319da
--- /dev/null
+++ b/kubernetes/apps/fediverse/peertube/app/externalsecret.yaml
@@ -0,0 +1,67 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: peertube
+  namespace: fediverse
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  target:
+    name: peertube-secret
+    creationPolicy: Owner
+    template:
+      engineVersion: v2
+      data:
+        PEERTUBE_DB_SSLMODE: "false"
+        PEERTUBE_WEBSERVER_HOSTNAME: "khazadtube.tv"
+        PEERTUBE_TRUST_PROXY: "['127.0.0.1', 'loopback', '10.2.0.0/16']"
+        PEERTUBE_SECRET: "{{ .peertube_secret }}"
+        PEERTUBE_SMTP_HOSTNAME: "{{ .mailgun_smtp_hostname }}"
+        PEERTUBE_SMTP_USERNAME: "{{ .mailgun_smtp_user }}"
+        PEERTUBE_SMTP_PASSWORD: "{{ .mailgun_smtp_password }}"
+        PEERTUBE_SMTP_PORT: "587"
+        PEERTUBE_SMTP_FROM: "noreply@khazadtube.tv"
+        PEERTUBE_SMTP_TLS: "false"
+        PEERTUBE_SMTP_DISABLE_STARTTLS: "false"
+        PEERTUBE_ADMIN_EMAIL: "joe@veri.dev"
+        PEERTUBE_REDIS_HOSTNAME: "redis-peertube.fediverse.svc.cluster.local"
+        PEERTUBE_REDIS_PORT: "6379"
+        PEERTUBE_OBJECT_STORAGE_ENABLED: "true"
+        PEERTUBE_OBJECT_STORAGE_ENDPOINT: "{{ .minio_s3_host }}"
+        PEERTUBE_OBJECT_STORAGE_REGION: "us-east-1"
+        PEERTUBE_OBJECT_STORAGE_CREDENTIALS_ACCESS_KEY_ID: "{{ .minio_khazadtube_access_key }}"
+        PEERTUBE_OBJECT_STORAGE_CREDENTIALS_SECRET_ACCESS_KEY: "{{ .minio_khazadtube_secret_key }}"
+        PEERTUBE_OBJECT_STORAGE_STREAMING_PLAYLISTS_BUCKET_NAME: "khazadtube-streaming"
+        PEERTUBE_OBJECT_STORAGE_STREAMING_PLAYLISTS_PREFIX: ""
+        PEERTUBE_OBJECT_STORAGE_VIDEOS_BUCKET_NAME: "khazadtube-videos"
+        PEERTUBE_OBJECT_STORAGE_VIDEOS_PREFIX: ""
+
+  dataFrom:
+    - extract:
+        key: minio
+      rewrite:
+        - regexp:
+            source: "(.*)"
+            target: "minio_$1"
+    - extract:
+        key: peertube
+      rewrite:
+        - regexp:
+            source: "(.*)"
+            target: "peertube_$1"
+  data:
+    - secretKey: mailgun_smtp_user
+      remoteRef:
+        key: mailgun
+        property: peertube_smtp_user
+    - secretKey: mailgun_smtp_password
+      remoteRef:
+        key: mailgun
+        property: peertube_smtp_password
+    - secretKey: mailgun_smtp_hostname
+      remoteRef:
+        key: mailgun
+        property: smtp_hostname
diff --git a/kubernetes/apps/fediverse/peertube/app/kustomization.yaml b/kubernetes/apps/fediverse/peertube/app/kustomization.yaml
index 251e7c1..212a1c9 100644
--- a/kubernetes/apps/fediverse/peertube/app/kustomization.yaml
+++ b/kubernetes/apps/fediverse/peertube/app/kustomization.yaml
@@ -4,5 +4,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: fediverse
 resources:
+  - ./externalsecret.yaml
   # - ./helmrelease.yaml
+  # - ./ingress.yaml
   - ./postgresCluster.yaml
+  - ./pvc.yaml
diff --git a/kubernetes/apps/fediverse/peertube/app/pvc.yaml b/kubernetes/apps/fediverse/peertube/app/pvc.yaml
new file mode 100644
index 0000000..2a199b6
--- /dev/null
+++ b/kubernetes/apps/fediverse/peertube/app/pvc.yaml
@@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: peertube-config
+  namespace: fediverse
+spec:
+  accessModes: ["ReadWriteMany"]
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: ceph-filesystem