diff --git a/kubernetes/apps/flux-system/kustomization.yaml b/kubernetes/apps/flux-system/kustomization.yaml
index 14967ade6..031318648 100644
--- a/kubernetes/apps/flux-system/kustomization.yaml
+++ b/kubernetes/apps/flux-system/kustomization.yaml
@@ -7,5 +7,6 @@ resources:
   - ./namespace.yaml
   # Flux-Kustomizations
   - ./addons/ks.yaml
+  - ./tf-controller/ks.yaml
   - ./weave-gitops/ks.yaml
   # Standard Resources
diff --git a/kubernetes/apps/flux-system/tf-controller/app/externalsecret.yaml b/kubernetes/apps/flux-system/tf-controller/app/externalsecret.yaml
new file mode 100644
index 000000000..1092d48fa
--- /dev/null
+++ b/kubernetes/apps/flux-system/tf-controller/app/externalsecret.yaml
@@ -0,0 +1,38 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: tf-controller-sops
+  namespace: flux-system
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  target:
+    name: tf-controller-sops-secret
+    creationPolicy: Owner
+  data:
+    - secretKey: keys.txt
+      remoteRef:
+        key: tf-controller
+        property: sops_key
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: tf-controller-op
+  namespace: flux-system
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  target:
+    name: tf-controller-op-secret
+    creationPolicy: Owner
+  data:
+    - secretKey: OP_CONNECT_TOKEN
+      remoteRef:
+        key: tf-controller
+        property: 1password_connect_token
diff --git a/kubernetes/apps/flux-system/tf-controller/app/helmrelease.yaml b/kubernetes/apps/flux-system/tf-controller/app/helmrelease.yaml
new file mode 100644
index 000000000..202f2e9e6
--- /dev/null
+++ b/kubernetes/apps/flux-system/tf-controller/app/helmrelease.yaml
@@ -0,0 +1,33 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: tf-controller
+  namespace: flux-system
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: tf-controller
+      version: 0.15.1
+      sourceRef:
+        kind: HelmRepository
+        name: weaveworks
+        namespace: flux-system
+  maxHistory: 2
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+  uninstall:
+    keepHistory: false
+  values:
+    installCRDs: true
+    metrics:
+      enabled: true
+      serviceMonitor:
+        enabled: true
diff --git a/kubernetes/apps/flux-system/tf-controller/app/kustomization.yaml b/kubernetes/apps/flux-system/tf-controller/app/kustomization.yaml
new file mode 100644
index 000000000..8dd57db30
--- /dev/null
+++ b/kubernetes/apps/flux-system/tf-controller/app/kustomization.yaml
@@ -0,0 +1,8 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: flux-system
+resources:
+  - ./externalsecret.yaml
+  - ./helmrelease.yaml
diff --git a/kubernetes/apps/flux-system/tf-controller/ks.yaml b/kubernetes/apps/flux-system/tf-controller/ks.yaml
new file mode 100644
index 000000000..1f26ed27d
--- /dev/null
+++ b/kubernetes/apps/flux-system/tf-controller/ks.yaml
@@ -0,0 +1,43 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: cluster-apps-tf-controller
+  namespace: flux-system
+  labels:
+    substitution.flux.home.arpa/enabled: "true"
+spec:
+  dependsOn:
+    - name: cluster-apps-external-secrets-stores
+  path: ./kubernetes/apps/flux-system/tf-controller/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-ops-kubernetes
+  wait: true
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: cluster-apps-tf-controller-terraforms
+  namespace: flux-system
+  labels:
+    substitution.flux.home.arpa/enabled: "true"
+spec:
+  dependsOn:
+    - name: cluster-apps-external-secrets-stores
+    - name: cluster-apps-tf-controller
+  path: ./kubernetes/apps/flux-system/tf-controller/terraforms
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-ops-kubernetes
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
diff --git a/kubernetes/apps/flux-system/tf-controller/terraforms/kustomization.yaml b/kubernetes/apps/flux-system/tf-controller/terraforms/kustomization.yaml
new file mode 100644
index 000000000..b23cd6aaa
--- /dev/null
+++ b/kubernetes/apps/flux-system/tf-controller/terraforms/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./ocirepository.yaml
+  #- ./terraform.yaml
diff --git a/kubernetes/apps/flux-system/tf-controller/terraforms/ocirepository.yaml b/kubernetes/apps/flux-system/tf-controller/terraforms/ocirepository.yaml
new file mode 100644
index 000000000..909022d18
--- /dev/null
+++ b/kubernetes/apps/flux-system/tf-controller/terraforms/ocirepository.yaml
@@ -0,0 +1,12 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/source.toolkit.fluxcd.io/ocirepository_v1beta2.json
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: OCIRepository
+metadata:
+  name: terraform
+  namespace: flux-system
+spec:
+  interval: 1m
+  url: oci://ghcr.io/auricom/manifests/terraform
+  ref:
+    tag: main
diff --git a/kubernetes/apps/flux-system/tf-controller/terraforms/terraform.yaml b/kubernetes/apps/flux-system/tf-controller/terraforms/terraform.yaml
new file mode 100644
index 000000000..d98bdf1a7
--- /dev/null
+++ b/kubernetes/apps/flux-system/tf-controller/terraforms/terraform.yaml
@@ -0,0 +1,37 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/infra.contrib.fluxcd.io/terraform_v1alpha2.json
+apiVersion: infra.contrib.fluxcd.io/v1alpha2
+kind: Terraform
+metadata:
+  name: storage-apps
+  namespace: flux-system
+spec:
+  suspend: false
+  approvePlan: auto
+  interval: 12h
+  path: ./storage/apps
+  sourceRef:
+    kind: OCIRepository
+    name: terraform
+    namespace: flux-system
+  backendConfig:
+    disable: true
+  cliConfigSecretRef:
+    name: tf-controller-tfrc-secret
+  runnerPodTemplate:
+    spec:
+      env:
+        - name: OP_CONNECT_HOST
+          value: http://onepassword-connect.kube-system.svc.cluster.local:8080
+        - name: OP_CONNECT_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: tf-controller-op-secret
+              key: OP_CONNECT_TOKEN
+      volumeMounts:
+        - name: sops
+          mountPath: /home/runner/.config/sops/age/keys.txt
+          subPath: keys.txt
+      volumes:
+        - name: sops
+          secret:
+            secretName: tf-controller-sops-secret
diff --git a/kubernetes/apps/flux-system/weave-gitops/app/helmrelease.yaml b/kubernetes/apps/flux-system/weave-gitops/app/helmrelease.yaml
index a0153d4d1..2602959c1 100644
--- a/kubernetes/apps/flux-system/weave-gitops/app/helmrelease.yaml
+++ b/kubernetes/apps/flux-system/weave-gitops/app/helmrelease.yaml
@@ -14,7 +14,8 @@ spec:
       interval: 30m
       sourceRef:
         kind: HelmRepository
-        name: weave-gitops
+        name: weaveworks
+        namespace: flux-system
   maxHistory: 2
   install:
     createNamespace: true
diff --git a/kubernetes/flux/repositories/helm/kustomization.yaml b/kubernetes/flux/repositories/helm/kustomization.yaml
index 0f7b3f970..2b5eeebe5 100644
--- a/kubernetes/flux/repositories/helm/kustomization.yaml
+++ b/kubernetes/flux/repositories/helm/kustomization.yaml
@@ -32,4 +32,4 @@ resources:
   - ./rook-ceph.yaml
   - ./stakater.yaml
   - ./vector.yaml
-  - ./weave-gitops.yaml
+  - ./weaveworks.yaml
diff --git a/kubernetes/flux/repositories/helm/weave-gitops.yaml b/kubernetes/flux/repositories/helm/weaveworks.yaml
similarity index 55%
rename from kubernetes/flux/repositories/helm/weave-gitops.yaml
rename to kubernetes/flux/repositories/helm/weaveworks.yaml
index 360920119..34a6ca43a 100644
--- a/kubernetes/flux/repositories/helm/weave-gitops.yaml
+++ b/kubernetes/flux/repositories/helm/weaveworks.yaml
@@ -1,11 +1,11 @@
 ---
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrepository_v1beta2.json
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
 apiVersion: source.toolkit.fluxcd.io/v1beta2
 kind: HelmRepository
 metadata:
-  name: weave-gitops
+  name: weaveworks
   namespace: flux-system
 spec:
-  interval: 30m
-  url: https://helm.gitops.weave.works
-  timeout: 3m
+  type: oci
+  interval: 5m
+  url: oci://ghcr.io/weaveworks/charts