diff --git a/clusters/cl01tl/applications/homepage/values.yaml b/clusters/cl01tl/applications/homepage/values.yaml
index 857d83281..3792e463b 100644
--- a/clusters/cl01tl/applications/homepage/values.yaml
+++ b/clusters/cl01tl/applications/homepage/values.yaml
@@ -181,7 +181,7 @@ homepage:
               - Email:
                   icon: roundcube.svg
                   description: Roundcube
-                  href: https://mail.alexlebens.dev
+                  href: https://mail.alexlebens.net
                   siteMonitor: http://roundcube.roundcube:80
                   statusStyle: dot
               - Chat:
diff --git a/clusters/cl01tl/applications/roundcube/Chart.yaml b/clusters/cl01tl/applications/roundcube/Chart.yaml
index 5b1110420..b72fbc2fb 100644
--- a/clusters/cl01tl/applications/roundcube/Chart.yaml
+++ b/clusters/cl01tl/applications/roundcube/Chart.yaml
@@ -21,10 +21,6 @@ dependencies:
     alias: roundcube
     repository: https://bjw-s.github.io/helm-charts/
     version: 3.3.2
-  - name: cloudflared
-    alias: cloudflared
-    repository: http://alexlebens.github.io/helm-charts
-    version: 1.4.1
   - name: postgres-cluster
     alias: postgres-16-cluster
     version: 3.8.4
diff --git a/clusters/cl01tl/applications/roundcube/templates/external-secret.yaml b/clusters/cl01tl/applications/roundcube/templates/external-secret.yaml
index 3ffb18910..02ef8cd29 100644
--- a/clusters/cl01tl/applications/roundcube/templates/external-secret.yaml
+++ b/clusters/cl01tl/applications/roundcube/templates/external-secret.yaml
@@ -22,31 +22,6 @@ spec:
         metadataPolicy: None
         property: DES_KEY
 
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: cloudflared-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: cloudflared-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: cf-tunnel-token
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cloudflare/tunnels/roundcube
-        metadataPolicy: None
-        property: token
-
 ---
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
diff --git a/clusters/cl01tl/applications/roundcube/values.yaml b/clusters/cl01tl/applications/roundcube/values.yaml
index e5e363033..40624241e 100644
--- a/clusters/cl01tl/applications/roundcube/values.yaml
+++ b/clusters/cl01tl/applications/roundcube/values.yaml
@@ -176,6 +176,26 @@ roundcube:
           port: 80
           targetPort: 80
           protocol: HTTP
+  ingress:
+    main:
+      enabled: true
+      className: traefik
+      annotations:
+        traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        traefik.ingress.kubernetes.io/router.tls: "true"
+        cert-manager.io/cluster-issuer: letsencrypt-issuer
+      hosts:
+        - host: mail.alexlebens.net
+          paths:
+            - path: /
+              pathType: Prefix
+              service:
+                name: roundcube
+                port: 80
+      tls:
+        - secretName: roundcube-secret-tls
+          hosts:
+            - mail.alexlebens.net
   persistence:
     data:
       storageClass: ceph-block
@@ -208,9 +228,6 @@ roundcube:
               readOnly: true
               mountPropagation: None
               subPath: default.conf
-cloudflared-roundcube:
-  existingSecretName: cloudflared-secret
-  name: cloudflared-roundcube
 postgres-16-cluster:
   mode: standalone
   cluster: