diff --git a/.github/renovate.json5 b/.github/renovate.json5
index 01eacaca6..64d88e6f1 100644
--- a/.github/renovate.json5
+++ b/.github/renovate.json5
@@ -86,7 +86,7 @@
     {
       "matchDatasources": ["docker"],
       "versioning": "loose",
-      "matchPackageNames": ["ghcr.io/onedr0p/qbittorrent"]
+      "matchPackageNames": ["ghcr.io/onedr0p/qbittorrent", "docker.io/zedeus/nitter", "quay.io/invidious/invidious"]
     }
   ]
 }
diff --git a/cluster/apps/web-tools/kustomization.yaml b/cluster/apps/web-tools/kustomization.yaml
index 81eaef1e5..724be2a89 100644
--- a/cluster/apps/web-tools/kustomization.yaml
+++ b/cluster/apps/web-tools/kustomization.yaml
@@ -9,6 +9,7 @@ resources:
   - invidious
   - joplin
   - music-transcode
+  - nitter
   - sharry
   - tandoor
   - theme-park
diff --git a/cluster/apps/web-tools/nitter/config/config.yml b/cluster/apps/web-tools/nitter/config/config.yml
new file mode 100644
index 000000000..55a1b5de9
--- /dev/null
+++ b/cluster/apps/web-tools/nitter/config/config.yml
@@ -0,0 +1,45 @@
+[Server]
+address = "0.0.0.0"
+port = 8080
+https = false  # disable to enable cookies when not using https
+httpMaxConnections = 100
+staticDir = "./public"
+title = "nitter"
+hostname = "nitter.${SECRET_CLUSTER_DOMAIN}"
+
+[Cache]
+listMinutes = 240  # how long to cache list info (not the tweets, so keep it high)
+rssMinutes = 10  # how long to cache rss queries
+redisHost = "redis.default.svc.cluster.local."  # Change to "nitter-redis" if using docker-compose
+redisPort = 6379
+redisPassword = ""
+redisConnections = 20  # connection pool size
+redisMaxConnections = 30
+# max, new connections are opened when none are available, but if the pool size
+# goes above this, they're closed when released. don't worry about this unless
+# you receive tons of requests per second
+
+[Config]
+hmacKey = "${SECRET_NITTER_HMAC}"  # random key for cryptographic signing of video urls
+base64Media = false  # use base64 encoding for proxied media urls
+enableRSS = true  # set this to false to disable RSS feeds
+enableDebug = false  # enable request logs and debug endpoints
+#proxy = ""  # http/https url, SOCKS proxies are not supported
+#proxyAuth = ""
+#tokenCount = 10
+# minimum amount of usable tokens. tokens are used to authorize API requests,
+# but they expire after ~1 hour, and have a limit of 187 requests.
+# the limit gets reset every 15 minutes, and the pool is filled up so there's
+# always at least $tokenCount usable tokens. again, only increase this if
+# you receive major bursts all the time
+
+# Change default preferences here, see src/prefs_impl.nim for a complete list
+[Preferences]
+theme = "Nitter"
+replaceTwitter = "nitter.${SECRET_CLUSTER_DOMAIN}"
+replaceYouTube = "invidious.${SECRET_CLUSTER_DOMAIN}"
+replaceReddit = "libreddit.${SECRET_CLUSTER_DOMAIN}"
+replaceInstagram = ""
+proxyVideos = true
+hlsPlayback = false
+infiniteScroll = true
\ No newline at end of file
diff --git a/cluster/apps/web-tools/nitter/helm-release.yaml b/cluster/apps/web-tools/nitter/helm-release.yaml
new file mode 100644
index 000000000..2d88b421e
--- /dev/null
+++ b/cluster/apps/web-tools/nitter/helm-release.yaml
@@ -0,0 +1,79 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: &app nitter
+  namespace: default
+spec:
+  interval: 15m
+  chart:
+    spec:
+      chart: app-template
+      version: 0.2.2
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s-charts
+        namespace: flux-system
+  install:
+    createNamespace: true
+    remediation:
+      retries: 5
+  upgrade:
+    remediation:
+      retries: 5
+  dependsOn:
+    - name: postgres
+      namespace: default
+  values:
+    image:
+      repository: docker.io/zedeus/nitter
+      tag: 2ac3afa5b273a502d7632e9346c7c3bc9283fb48
+    service:
+      main:
+        ports:
+          http:
+            port: &port 8080
+    probes:
+      liveness: &probes
+        enabled: true
+        custom: true
+        spec:
+          httpGet:
+            path: /Jack/status/20
+            port: *port
+          initialDelaySeconds: 0
+          periodSeconds: 10
+          timeoutSeconds: 1
+          failureThreshold: 3
+      readiness: *probes
+      startup:
+        enabled: false
+    ingress:
+      main:
+        enabled: true
+        ingressClassName: "nginx"
+        annotations:
+          auth.home.arpa/enabled: "true"
+          external-dns.home.arpa/enabled: "true"
+        hosts:
+          - host: &host "nitter.${SECRET_CLUSTER_DOMAIN}"
+            paths:
+              - path: /
+                pathType: Prefix
+        tls:
+          - hosts:
+              - *host
+    persistence:
+      config:
+        enabled: true
+        type: configMap
+        name: *app
+        subPath: config.yml
+        mountPath: /src/nitter.conf
+        readOnly: false
+    podAnnotations:
+      secret.reloader.stakater.com/reload: *app
+    resources:
+      requests:
+        cpu: 50m
+        memory: 256Mi
diff --git a/cluster/apps/web-tools/nitter/kustomization.yaml b/cluster/apps/web-tools/nitter/kustomization.yaml
new file mode 100644
index 000000000..0aa9be884
--- /dev/null
+++ b/cluster/apps/web-tools/nitter/kustomization.yaml
@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - helm-release.yaml
+configMapGenerator:
+  - name: nitter
+    files:
+      - config/config.yml
+generatorOptions:
+  disableNameSuffixHash: true
diff --git a/cluster/configuration/cluster-secrets.sops.yaml b/cluster/configuration/cluster-secrets.sops.yaml
index 02d981ef2..59f4a5b2a 100644
--- a/cluster/configuration/cluster-secrets.sops.yaml
+++ b/cluster/configuration/cluster-secrets.sops.yaml
@@ -25,6 +25,7 @@ stringData:
     SECRET_KUBE_PROMETHEUS_STACK_GRAFANA_ADMIN_PASSWORD: ENC[AES256_GCM,data:L7LS6+tuwPCyb5HN4zg=,iv:JM2KTtDN/VrKicjp5qwqusWiJKHRZnfTtsZE2hkLq6Q=,tag:XGF3L5P6JxVBrlGuKosdZA==,type:str]
     SECRET_MQTT_USER: ENC[AES256_GCM,data:Ggn82GysDHM2b/uNhQ==,iv:f5NXCE5/nfTqq1zdtBNH6Lu8ndf5YZKHgEWc9O0fB0I=,tag:z1OUzEeVgm+a9QRBxo9BEg==,type:str]
     SECRET_MQTT_PASSWORD: ENC[AES256_GCM,data:WBqLezPi1sbzyzfubG71KfR+tg==,iv:gKDgjpPwZ+fEWs+zn3aHiiKglsEl/kue/vx2FaSAtsA=,tag:jXECLxyekqmejJfi11DKsQ==,type:str]
+    SECRET_NITTER_HMAC: ENC[AES256_GCM,data:pOA1LqHV9rcY3xAv5JMuSCMz1rk=,iv:3LkFNu/M3r1K/xBE/f7Kbf526eA4cgyGr4Wu/c+gxD0=,tag:ibJ8U+Pa66B2UmWwP/ZhNQ==,type:str]
     SECRET_OUTLINE_OAUTH_CLIENT_SECRET: ENC[AES256_GCM,data:BB/eZQ/oLQ09AxGwKRddbiyiRMA=,iv:dhiyOUP3GyvHXUdPYqQKPQCMmqornj6WVWtfreq9T6A=,tag:WijFyu8XGk3dklYJR4/81A==,type:str]
     SECRET_RADARR_API_KEY: ENC[AES256_GCM,data:Mom5SOMHf7xUvvUkjLIRqMzOSSQshzWdKlSGIzZtIGM=,iv:4vrZFrsTCUW2e0bo2sA2iT+ZVKUDEuyferNJ5Q5klFY=,tag:xha/NKx2XN3Mpa0XPSMPvA==,type:str]
     SECRET_SONARR_API_KEY: ENC[AES256_GCM,data:JO5N+MeVeQmAlfv/dLJru5oHyVjpy9iUrfrTe4PLVXA=,iv:NjGstpjwFapd2LJNPy6nhXsp9UuCYTBuHRovmHdCSNc=,tag:BARsx6FBISHhxueBSDJSNw==,type:str]
@@ -47,8 +48,8 @@ sops:
             WG82VkdBMlNnRzBySFQzMk41cEtXSlEKBqOmq9UpO61C85+pj0ibdT31y4pmFsbm
             pTi4N0vv81kcf4ilqBU5h1gudNCb42Q2iL0eGNR4e3JzH4iaNsvnEg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2022-10-09T19:23:47Z"
-    mac: ENC[AES256_GCM,data:23guk0/68mWCnifHrVlTJUgnlFlkrsAbdaphVjQE/5auG7baRyTeOTUSNBNxGmkygOo2kLVR7fiprkP6w/OCkHjvNGXij3RL+MNxmwjYzIRURWeWmq86r2CAtE2sZF1DIllQr6pIJIC2WLy++PiRJPaMi64J9H9dkuvbSr5pPGU=,iv:5VX4iUe/0gMWh0+tQGxZpTg4YAzGq9/tLVpkT/7TcLU=,tag:VLRRg1sWBXw9JN+uiSSjqQ==,type:str]
+    lastmodified: "2022-10-23T13:46:34Z"
+    mac: ENC[AES256_GCM,data:xnKsHwtSone0aGvJSqTrFvYIepp+vJbok8OQfdjMZ+ZD/S9YQlGVcu6IIJ93p+ugEwUuj+w9PUAURxRsRUVliUaFSgWh8u8dpNv4U0Bj6cpdGngnLmWgQI+9Cv8s3xylSaavO9QW0mOPppS+SjbApvOLxerJheFt6F+keyCilNY=,iv:ZCxpLSKxC8Lmze9BkKP93dwS/AXIW1SJ3INRRgTI3OE=,tag:Papkz0D3tvzBRW8F9Wr0kg==,type:str]
     pgp: []
     encrypted_regex: ^(data|stringData)$
     version: 3.7.3