diff --git a/docker-compose.yml b/docker-compose.yml
index d223bf3..865ae2b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -14,4 +14,4 @@ include:
   - shlink/docker-compose.yml
   - synapse/docker-compose.yml
 #  - updater/docker-compose.yml
-  - vaultwarden/docker-compose.yml
+#  - vaultwarden/docker-compose.yml
diff --git a/spliit/spliit.yaml b/spliit/spliit.yaml
new file mode 100644
index 0000000..6dbf27e
--- /dev/null
+++ b/spliit/spliit.yaml
@@ -0,0 +1,119 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: spliit
+---
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: spliit-db
+  namespace: spliit
+spec:
+  instances: 1
+  storage:
+    size: 2Gi
+  bootstrap:
+    initdb:
+      database: spliit
+      owner: spliit
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: spliit
+  namespace: spliit
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: spliit
+  template:
+    metadata:
+      labels:
+        app: spliit
+    spec:
+      containers:
+        - name: spliit
+          image: petersmit27/spliit:latest
+          ports:
+            - containerPort: 3000
+          env:
+            - name: POSTGRES_PRISMA_URL
+              valueFrom:
+                secretKeyRef:
+                  name: spliit-db-app
+                  key: uri
+            - name: POSTGRES_URL_NON_POOLING
+              valueFrom:
+                secretKeyRef:
+                  name: spliit-db-app
+                  key: uri
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: spliit
+  namespace: spliit
+spec:
+  selector:
+    app: spliit
+  ports:
+    - port: 3000
+      targetPort: 3000
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: spliit
+  namespace: spliit
+spec:
+  parentRefs:
+    - name: main
+      namespace: envoy-gateway-system
+      sectionName: https-smittenfeld
+  hostnames:
+    - split.smittenfeld.nl
+  rules:
+    - backendRefs:
+        - name: spliit
+          port: 3000
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: spliit-create-group
+  namespace: spliit
+spec:
+  parentRefs:
+    - name: main
+      namespace: envoy-gateway-system
+      sectionName: https-smittenfeld
+  hostnames:
+    - split.smittenfeld.nl
+  rules:
+    - matches:
+        - path:
+            type: PathPrefix
+            value: /groups/create
+      backendRefs:
+        - name: spliit
+          port: 3000
+---
+apiVersion: gateway.envoyproxy.io/v1alpha1
+kind: SecurityPolicy
+metadata:
+  name: spliit-create-ip-restriction
+  namespace: spliit
+spec:
+  targetRefs:
+    - group: gateway.networking.k8s.io
+      kind: HTTPRoute
+      name: spliit-create-group
+  authorization:
+    defaultAction: Deny
+    rules:
+      - action: Allow
+        principal:
+          clientCIDRs:
+            - 188.91.195.91/32