diff --git a/namespaces/core/backup-pvc.yaml b/namespaces/core/backup-pvc.yaml
new file mode 100644
index 0000000..501f5fd
--- /dev/null
+++ b/namespaces/core/backup-pvc.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: backup-pvc
+  namespace: core
+spec:
+  storageClassName: longhorn-private
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 20Gi
diff --git a/namespaces/core/namespace.yaml b/namespaces/core/namespace.yaml
new file mode 100644
index 0000000..d45d40c
--- /dev/null
+++ b/namespaces/core/namespace.yaml
@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    homelab-access: "true"
+  name: core
diff --git a/namespaces/core/pgdump/kustomization.yaml b/namespaces/core/pgdump/kustomization.yaml
new file mode 100644
index 0000000..09107be
--- /dev/null
+++ b/namespaces/core/pgdump/kustomization.yaml
@@ -0,0 +1,51 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+transformers:
+  - |-
+    apiVersion: builtin
+    kind: NamespaceTransformer
+    metadata:
+      name: notImportantHere
+      namespace: core
+    unsetOnly: true
+
+namePrefix: pgdump-
+resources:
+  - ../../../kustomize/backups/
+
+labels:
+  - includeSelectors: true
+    pairs:
+      app.kubernetes.io/appName: pgdump
+  - pairs:
+      app.kubernetes.io/appNamespace: core
+
+configMapGenerator:
+  - name: config
+    literals:
+      - HEALTHCHECK_BASE_URL="https://healthchecks.leechpepin.com"
+      - HEALTHCHECK_ID="ping/7iBSS9akyokIWq-sbfEjHQ/pgdump"
+      - ROTATE_PREFIX="pgdump"
+      - BACKUP_COMMAND="pg_dumpall -U postgres -h postgres.core -p 5432"
+
+patches:
+  - path: patches/batch.yaml
+    target:
+      kind: CronJob
+      name: backup
+
+replacements:
+  - source:
+      kind: CronJob
+      name: backup
+      fieldPath: metadata.labels.[app.kubernetes.io/appName]
+    targets:
+      - select:
+          kind: CronJob
+          name: backup
+        options:
+          delimiter: "-"
+          index: 0
+        fieldPaths:
+          - spec.jobTemplate.spec.template.spec.containers.0.envFrom.0.configMapRef.name
diff --git a/namespaces/core/pgdump/patches/batch.yaml b/namespaces/core/pgdump/patches/batch.yaml
new file mode 100644
index 0000000..f83370f
--- /dev/null
+++ b/namespaces/core/pgdump/patches/batch.yaml
@@ -0,0 +1,13 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: backup
+spec:
+  schedule: "0 2 * * *"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+            - name: backup
+              image: cimg/postgres:17.3
diff --git a/namespaces/core/postgres.yaml b/namespaces/core/postgres.yaml
new file mode 100644
index 0000000..3ab35c3
--- /dev/null
+++ b/namespaces/core/postgres.yaml
@@ -0,0 +1,108 @@
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: postgres
+  namespace: core
+spec:
+  serviceName: postgres
+  replicas: 1
+  selector:
+    matchLabels:
+      name: postgres
+  template:
+    metadata:
+      labels:
+        name: postgres
+    spec:
+      restartPolicy: Always
+      containers:
+        - name: postgres
+          image: postgres:17
+          ports:
+            - name: http
+              containerPort: 5432
+              protocol: TCP
+          volumeMounts:
+            - mountPath: /var/lib/postgresql/data
+              name: postgres-data
+              subPath: "data"
+          env:
+            - name: POSTGRES_USER
+              value: postgres
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: ROOT_PASSWORD
+                  name: postgres-secrets
+          startupProbe:
+            exec:
+              command:
+                - /bin/sh
+                - -c
+                - exec pg_isready -U ${POSTGRES_USER}
+          livenessProbe:
+            exec:
+              command:
+                - /bin/sh
+                - -c
+                - exec pg_isready -U ${POSTGRES_USER}
+          readinessProbe:
+            exec:
+              command:
+                - /bin/sh
+                - -c
+                - exec pg_isready -U ${POSTGRES_USER}
+  volumeClaimTemplates:
+    - metadata:
+        name: postgres-data
+        annotations:
+          name: postgres-data
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        storageClassName: longhorn-private
+        resources:
+          requests:
+            storage: 2Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgres
+  namespace: core
+spec:
+  type: ClusterIP
+  selector:
+    name: postgres
+  ports:
+    - port: 5432
+      name: http
+      targetPort: http
+      protocol: TCP
+---
+apiVersion: gateway.networking.k8s.io/v1alpha2
+kind: TCPRoute
+metadata:
+  name: postgres
+  namespace: core
+spec:
+  parentRefs:
+    - name: homelab-gateway
+      sectionName: postgres
+      kind: Gateway
+      namespace: homelab
+
+  # hostnames:
+  #   - postgres.leechpepin.local
+
+  rules:
+    # - matches:
+    #     - path:
+    #         type: PathPrefix
+    #         value: /
+
+    - backendRefs:
+        - name: postgres
+          namespace: core
+          port: 5432
diff --git a/namespaces/core/redis.yaml b/namespaces/core/redis.yaml
new file mode 100644
index 0000000..2a75cf7
--- /dev/null
+++ b/namespaces/core/redis.yaml
@@ -0,0 +1,82 @@
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: redis
+  namespace: core
+spec:
+  serviceName: redis
+  replicas: 1
+  selector:
+    matchLabels:
+      name: redis
+  template:
+    metadata:
+      labels:
+        name: redis
+    spec:
+      restartPolicy: Always
+      containers:
+        - name: redis
+          image: redis:latest
+          ports:
+            - name: http
+              containerPort: 6379
+              protocol: TCP
+          volumeMounts:
+            - mountPath: /data
+              name: redis-data
+              subPath: "data"
+  volumeClaimTemplates:
+    - metadata:
+        name: redis-data
+        annotations:
+          name: redis-data
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        storageClassName: longhorn-private
+        resources:
+          requests:
+            storage: 0.5Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: redis
+  namespace: core
+spec:
+  type: ClusterIP
+  selector:
+    name: redis
+  ports:
+    - port: 6379
+      name: http
+      targetPort: http
+      protocol: TCP
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: redis
+  namespace: core
+spec:
+  parentRefs:
+    - name: homelab-gateway
+      sectionName: redis
+      kind: Gateway
+      namespace: homelab
+
+  hostnames:
+    - redis.leechpepin.local
+
+  rules:
+    - matches:
+        - path:
+            type: PathPrefix
+            value: /
+
+      backendRefs:
+        - name: redis
+          namespace: core
+          port: 6379
diff --git a/namespaces/core/secrets.yaml b/namespaces/core/secrets.yaml
new file mode 100644
index 0000000..8e9bca6
--- /dev/null
+++ b/namespaces/core/secrets.yaml
@@ -0,0 +1,27 @@
+apiVersion: secrets.infisical.com/v1alpha1
+kind: InfisicalSecret
+metadata:
+  name: core-postgres-secrets
+  namespace: infisical
+  labels:
+    label-to-be-passed-to-managed-secret: homelab
+  annotations:
+    example.com/annotation-to-be-passed-to-managed-secret: "homelab"
+spec:
+  hostAPI: https://app.infisical.com/api
+  resyncInterval: 10
+  authentication:
+    # Universal Auth
+    universalAuth:
+      secretsScope:
+        projectSlug: homelab-n-f-yj
+        envSlug: prod
+        secretsPath: "/core/postgres" # Root is "/"
+        recursive: true # Whether or not to use recursive mode (Fetches all secrets in an environment from a given secret path, and all folders inside the path) / defaults to false
+      credentialsRef:
+        secretName: universal-auth-credentials
+        secretNamespace: infisical
+  managedSecretReference:
+    secretName: postgres-secrets
+    secretNamespace: core
+    creationPolicy: "Orphan" ## Owner | Orphan
diff --git a/namespaces/core/syncthing.yaml b/namespaces/core/syncthing.yaml
new file mode 100644
index 0000000..8a2e305
--- /dev/null
+++ b/namespaces/core/syncthing.yaml
@@ -0,0 +1,91 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: syncthing
+  namespace: core
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      name: syncthing
+  template:
+    metadata:
+      labels:
+        name: syncthing
+    spec:
+      restartPolicy: Always
+      containers:
+        - name: syncthing
+          image: syncthing/syncthing:latest
+          ports:
+            - name: http
+              containerPort: 8384
+              protocol: TCP
+          volumeMounts:
+            - mountPath: /var/syncthing
+              name: syncthing-data
+              subPath: "data"
+          env:
+            - name: PUID
+              value: "976"
+            - name: PGID
+              value: "976"
+      volumes:
+        - name: syncthing-data
+          persistentVolumeClaim:
+            claimName: syncthing-data
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: syncthing-data
+  namespace: core
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: longhorn-private
+  resources:
+    requests:
+      storage: 50Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: syncthing
+  namespace: core
+spec:
+  type: ClusterIP
+  selector:
+    name: syncthing
+  ports:
+    - port: 8384
+      name: http
+      targetPort: http
+      protocol: TCP
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: syncthing
+  namespace: core
+spec:
+  parentRefs:
+    - name: homelab-gateway
+      sectionName: web
+      kind: Gateway
+      namespace: homelab
+
+  hostnames:
+    - syncthing.leechpepin.local
+
+  rules:
+    - matches:
+        - path:
+            type: PathPrefix
+            value: /
+
+      backendRefs:
+        - name: syncthing
+          namespace: core
+          port: 8384