diff --git a/dmz/internalproxy/templates/authentik.yaml b/dmz/internalproxy/templates/authentik.yaml
new file mode 100644
index 0000000..1835ded
--- /dev/null
+++ b/dmz/internalproxy/templates/authentik.yaml
@@ -0,0 +1,31 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: authentik-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`authentik.durp.info`) && PathPrefix(`/`) 
+    kind: Rule
+    services:
+    - name: infra-cluster
+      port: 443
+  tls:
+    secretName: authentik-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: authentik-tls
+spec:
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  secretName: authentik-tls
+  commonName: "authentik.durp.info"
+  dnsNames:
+  - "authentik.durp.info"
+
diff --git a/dmz/internalproxy/templates/endpoints.yaml b/dmz/internalproxy/templates/endpoints.yaml
new file mode 100644
index 0000000..c5d00c4
--- /dev/null
+++ b/dmz/internalproxy/templates/endpoints.yaml
@@ -0,0 +1,45 @@
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: master-cluster
+subsets:
+  - addresses:
+      - ip: 192.168.20.130
+    ports:
+      - port: 443
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: master-cluster
+spec:
+  ports:
+    - protocol: TCP
+      port: 443
+      targetPort: 443
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: infra-cluster
+subsets:
+  - addresses:
+      - ip: 192.168.12.130
+    ports:
+      - port: 443
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: infra-cluster
+spec:
+  ports:
+    - protocol: TCP
+      port: 443
+      targetPort: 443
diff --git a/dmz/traefik/templates/traefik-dashboard.yaml b/dmz/traefik/templates/traefik-dashboard.yaml
index 6b62845..8fee673 100644
--- a/dmz/traefik/templates/traefik-dashboard.yaml
+++ b/dmz/traefik/templates/traefik-dashboard.yaml
@@ -32,82 +32,3 @@ spec:
 
 ---
 
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: authentik-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`authentik.durp.info`) && PathPrefix(`/`) 
-    kind: Rule
-    services:
-    - name: infra-cluster
-      port: 443
-  tls:
-    secretName: authentik-tls
-
----
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: authentik-tls
-spec:
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  secretName: authentik-tls
-  commonName: "authentik.durp.info"
-  dnsNames:
-  - "authentik.durp.info"
-
-
----
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: master-cluster
-subsets:
-  - addresses:
-      - ip: 192.168.20.130
-    ports:
-      - port: 443
-
----
-
-apiVersion: v1
-kind: Service
-metadata:
-  name: master-cluster
-spec:
-  ports:
-    - protocol: TCP
-      port: 443
-      targetPort: 443
-
----
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: infra-cluster
-subsets:
-  - addresses:
-      - ip: 192.168.12.130
-    ports:
-      - port: 443
-
----
-
-apiVersion: v1
-kind: Service
-metadata:
-  name: infra-cluster
-spec:
-  ports:
-    - protocol: TCP
-      port: 443
-      targetPort: 443