diff --git a/apps/portfolio/overlays/prod-sites/config.json.disabled b/apps/portfolio/overlays/prod-sites/config.json.disabled
index 0a72ff3..2f90999 100644
--- a/apps/portfolio/overlays/prod-sites/config.json.disabled
+++ b/apps/portfolio/overlays/prod-sites/config.json.disabled
@@ -1,9 +1,9 @@
 {
   "appName": "portfolio",
   "userGivenName": "portfolio",
-  "destNamespace": "staging-sites",
+  "destNamespace": "prod-sites",
   "destServer": "https://kubernetes.default.svc",
-  "srcPath": "apps/portfolio/overlays/staging-sites",
+  "srcPath": "apps/portfolio/overlays/prod-sites",
   "srcRepoURL": "ssh://git@gitea-ssh.gitops.svc.cluster.local:2222/davad/argo.git",
   "srcTargetRevision": "",
   "labels": null,
diff --git a/apps/portfolio/overlays/prod-sites/ingress.yaml b/apps/portfolio/overlays/prod-sites/ingress.yaml
index a070152..6689405 100644
--- a/apps/portfolio/overlays/prod-sites/ingress.yaml
+++ b/apps/portfolio/overlays/prod-sites/ingress.yaml
@@ -6,20 +6,23 @@ metadata:
     app.kubernetes.io/name: portfolio
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt-issuer
+
     nginx.ingress.kubernetes.io/whitelist-source-range: 192.168.1.1/16
+    nginx.ingress.kubernetes.io/enable-cors: "true"
+    nginx.ingress.kubernetes.io/cors-allow-origin: "https://us-assets.i.posthog.com"
 
     gethomepage.dev/enabled: "true"
     gethomepage.dev/name: Portfolio
     gethomepage.dev/group: Sites
-    gethomepage.dev/href: https://portfolio-test.int.nc.landry.land
-    # gethomepage.dev/description:
-    # gethomepage.dev/icon: syncthing
+    gethomepage.dev/href: https://davidlandry.me
 spec:
   tls:
     - hosts:
-        - "portfolio-test.int.nc.landry.land"
+        - "davidlandry.me"
+      secretName: prod-portfolio-tls
+
   rules:
-    - host: "portfolio-test.int.nc.landry.land"
+    - host: "davidlandry.me"
       http:
         paths:
           - path: "/"
diff --git a/apps/portfolio/overlays/prod-sites/kustomization.yaml b/apps/portfolio/overlays/prod-sites/kustomization.yaml
index d386e71..78243d9 100644
--- a/apps/portfolio/overlays/prod-sites/kustomization.yaml
+++ b/apps/portfolio/overlays/prod-sites/kustomization.yaml
@@ -10,4 +10,4 @@ generators:
 
 images:
   - name: registry.int.nc.landry.land/portfolio-site
-    newTag: latest
+    newTag: v1.0
diff --git a/apps/portfolio/overlays/prod-sites/secret-generator.yaml b/apps/portfolio/overlays/prod-sites/secret-generator.yaml
new file mode 100644
index 0000000..5585ab1
--- /dev/null
+++ b/apps/portfolio/overlays/prod-sites/secret-generator.yaml
@@ -0,0 +1,14 @@
+apiVersion: viaduct.ai/v1
+kind: ksops
+metadata:
+  # Specify a name
+  name: registry-credentials-secret-generator
+  annotations:
+    config.kubernetes.io/function: |
+      exec:
+        # if the binary is in your PATH, you can do
+        path: ksops
+        # otherwise, path should be relative to manifest files, like
+        # path: ../../../ksops
+files:
+  - ./secret.enc.yaml
diff --git a/apps/portfolio/overlays/prod-sites/secret.enc.yaml b/apps/portfolio/overlays/prod-sites/secret.enc.yaml
new file mode 100644
index 0000000..0998557
--- /dev/null
+++ b/apps/portfolio/overlays/prod-sites/secret.enc.yaml
@@ -0,0 +1,27 @@
+apiVersion: v1
+data:
+    .dockerconfigjson: ENC[AES256_GCM,data:RIimNUrojlf4Zpni6l0TICs9z02YbzCCgYZDPy6xOXtI3PTGWUYvE86pKTZCHAkqX6uLOr7fSIYlbjqfCPcVSGse94899ogREzYeg9T0Zp+WgDiZ6PekYbf3Z/rFElD5cFisbF/KR6Rjj1dcOOLQwdmJUBW9zAkub7f4cK9RvSuXIpLObpEW9E5Xn0W6clltsIW0FpZehpF/IHFb9j+IWvplStvP0j8TgqKgQw6CFBlINQpFHSFfcM5bveo=,iv:+XJZfDKZtmDcSBkB5xdm1LCy+Y1xh2decMBde68l1Ig=,tag:exTR3cIab5O3c01Y8XERiA==,type:str]
+kind: Secret
+metadata:
+    name: registry-credentials
+type: kubernetes.io/dockerconfigjson
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1y26vr5qt6th3wu92rnsgkqcpxxah3pqkqa4khcjjycm3kg40aqyqjgfzx9
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArNGRXSFo1dWVZM01Pbmwr
+            TXdPOFJkRFpXc1M3enJZN1pLM2pKVEpYRzNVCjY3bTBIUE1zYkFnZnF1cDFiVHo3
+            LzFJWUF1Uit4b0lnNjlaM1JKemhaalEKLS0tIGZwQVhBQTlwdWp3OHlNUzkxZTBa
+            TUZpMW5oUzZFNmVGS3JFQmtpVlduOUEKuFEpnT+4k3RyECGvNFQJnmTUdaHvKCdt
+            iJ0H9Ssjot7MeZZQoljwbyQiDeU1UH0iAIdVV7ldjErx34MKJRu79A==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-10-19T16:19:04Z"
+    mac: ENC[AES256_GCM,data:wqC8cswdI0vBcFtkUpkIIv9ywuxiU4uTdMUTstDDeqWnsvQumdhLmO5wffpOfqumekGDgqnJQJVj9c7XvDm3iyJmJ0rQ6zS8Rpgexn0X1C8X+D8yzapFAeScHL+5dbUgHgUlxhOAP4xBecGWCkauWf7vml4X1OjRt7QA13Bg214=,iv:4425rHJIP43zWTmBHmJlhOyk0ja1mb4b5P7dEs6Q9/w=,tag:oTSlNqYPFJt7wZ+uxWvLGA==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.9.1