diff --git a/blog/.gitattributes b/blog/.gitattributes
new file mode 100644
index 0000000..3f791ca
--- /dev/null
+++ b/blog/.gitattributes
@@ -0,0 +1 @@
+config/* filter=age diff=age merge=age -text
diff --git a/blog/kustomization.yaml b/blog/kustomization.yaml
new file mode 100644
index 0000000..7ac2982
--- /dev/null
+++ b/blog/kustomization.yaml
@@ -0,0 +1,16 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: blog
+
+images:
+  - name: caddy
+    newName: code.icb4dc0.de/infrastructure/images/caddy
+    newTag: latest
+    digest: sha256:6942ec75b708e2b37d6903346ace5511ef6c6df043d1c670ee3515698adcd116
+
+resources:
+  - resources/namespace.yaml
+  - https://github.com/spinkube/spin-operator/releases/download/v0.3.0/spin-operator.shim-executor.yaml
+  - resources/spinapp.yaml
+  - resources/routes.yaml
diff --git a/blog/resources/namespace.yaml b/blog/resources/namespace.yaml
new file mode 100644
index 0000000..49c9d99
--- /dev/null
+++ b/blog/resources/namespace.yaml
@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: blog
diff --git a/blog/resources/routes.yaml b/blog/resources/routes.yaml
new file mode 100644
index 0000000..763e5e8
--- /dev/null
+++ b/blog/resources/routes.yaml
@@ -0,0 +1,31 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: blog-https
+spec:
+  parentRefs:
+    - name: contour
+      sectionName: https
+      namespace: projectcontour
+  hostnames:
+    - "www.icb4dc0.de"
+  rules:
+    - backendRefs:
+        - name: spin-proxy
+          port: 80
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: git-age-docs-https
+spec:
+  parentRefs:
+    - name: contour
+      sectionName: git-age-docs
+      namespace: projectcontour
+  hostnames:
+    - "docs.git-age.icb4dc0.de"
+  rules:
+    - backendRefs:
+        - name: spin-proxy
+          port: 80
diff --git a/blog/resources/spinapp.yaml b/blog/resources/spinapp.yaml
new file mode 100644
index 0000000..b07c420
--- /dev/null
+++ b/blog/resources/spinapp.yaml
@@ -0,0 +1,11 @@
+apiVersion: core.spinoperator.dev/v1alpha1
+kind: SpinApp
+metadata:
+  name: spin-proxy
+spec:
+  image: "code.icb4dc0.de/prskr/spin-proxy:latest"
+  executor: containerd-shim-spin
+  replicas: 2
+  variables:
+    - name: domain_mapping
+      value: '{"docs.git-age.icb4dc0.de":"1661580-git-age.fsn1.your-objectstorage.com","www.icb4dc0.de":"1661580-blog.fsn1.your-objectstorage.com"}'
diff --git a/contour/resources/default_gateway.yaml b/contour/resources/default_gateway.yaml
index b9cd907..22c6a23 100644
--- a/contour/resources/default_gateway.yaml
+++ b/contour/resources/default_gateway.yaml
@@ -9,13 +9,12 @@ metadata:
 spec:
   gatewayClassName: contour
   listeners:
-
     - name: snips-ssh
       protocol: TCP
       port: 2222
       allowedRoutes:
         kinds:
-        - kind: TCPRoute
+          - kind: TCPRoute
         namespaces:
           from: All
 
@@ -57,7 +56,7 @@ spec:
       port: 22
       allowedRoutes:
         kinds:
-        - kind: TCPRoute
+          - kind: TCPRoute
         namespaces:
           from: Selector
           selector:
@@ -178,8 +177,8 @@ spec:
           from: Selector
           selector:
             matchLabels:
-              kubernetes.io/metadata.name: garage
+              kubernetes.io/metadata.name: blog
       tls:
         mode: Terminate
         certificateRefs:
-          - name: git-age-docs-tls
\ No newline at end of file
+          - name: git-age-docs-tls
diff --git a/forgejo/config/values.forgejo.yaml b/forgejo/config/values.forgejo.yaml
index 0012918..2085c3a 100644
--- a/forgejo/config/values.forgejo.yaml
+++ b/forgejo/config/values.forgejo.yaml
@@ -81,10 +81,10 @@ gitea:
       MAX_SIZE: 30
       MAX_FILES: 15
       STORAGE_TYPE: minio
-      MINIO_ENDPOINT: garage.garage.svc:3900
+      MINIO_ENDPOINT: fsn1.your-objectstorage.com:443
       MINIO_BUCKET: forgejo
-      MINIO_LOCATION: hel1
-      MINIO_USE_SSL: "false"
+      MINIO_LOCATION: auto
+      MINIO_USE_SSL: "true"
     actions:
       ENABLED: "true"
       DEFAULT_ACTIONS_URL: github
diff --git a/garage/migrate/resources/job.migrate.yaml b/garage/migrate/resources/job.migrate.yaml
index 73c86c4..80d168b 100644
--- a/garage/migrate/resources/job.migrate.yaml
+++ b/garage/migrate/resources/job.migrate.yaml
@@ -2,7 +2,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: sync-garage-forgejo
+  name: sync-garage-csi
   namespace: garage
 spec:
   ttlSecondsAfterFinished: 100
@@ -20,8 +20,8 @@ spec:
             - --ignore-errors
             - -s3-upload-concurrency 64
             - -v
-            - garage:forgejo
-            - hcloud:1661580-forgejo
+            - garage:csi
+            - hcloud:1661580-csi
           volumeMounts:
             - name: rclone-config
               mountPath: /config/rclone