diff --git a/docker_swarm/roles/traefik/services.yml b/docker_swarm/roles/traefik/services.yml
index 5a99eed..5c26cc1 100644
--- a/docker_swarm/roles/traefik/services.yml
+++ b/docker_swarm/roles/traefik/services.yml
@@ -5,7 +5,7 @@ http:
         servers:
           # TODO: This WILL break when the cluster is reprovisioned and another IP addrss is chosen.
           # The load balancer service for Traefik is automatically provisioned by k3s, unsure how to statically assign the IP address.
-          - url: http://192.168.40.101
+          - url: http://192.168.30.128
     esrom:
       loadBalancer:
         servers:
diff --git a/nix/flake/kubenix/cyberchef.nix b/nix/flake/kubenix/cyberchef.nix
new file mode 100644
index 0000000..1f8ee15
--- /dev/null
+++ b/nix/flake/kubenix/cyberchef.nix
@@ -0,0 +1,51 @@
+{
+  kubernetes.resources = {
+    deployments.cyberchef.spec = {
+      replicas = 3;
+      selector.matchLabels.app = "cyberchef";
+
+      template = {
+        metadata.labels.app = "cyberchef";
+
+        spec = {
+          containers.cyberchef = {
+            image = "mpepping/cyberchef";
+
+            ports = [{
+              containerPort = 8000;
+              protocol = "TCP";
+            }];
+          };
+        };
+      };
+    };
+
+    services.cyberchef.spec = {
+      selector.app = "cyberchef";
+
+      ports = [{
+        protocol = "TCP";
+        port = 80;
+        targetPort = 8000;
+      }];
+    };
+
+    ingresses.cyberchef.spec = {
+      ingressClassName = "traefik";
+
+      rules = [{
+        host = "cyberchef.kun.is";
+
+        http.paths = [{
+          path = "/";
+          pathType = "Prefix";
+
+          backend.service = {
+            name = "cyberchef";
+            port.number = 80;
+          };
+        }];
+      }];
+    };
+  };
+}
diff --git a/nix/flake/kubenix/default.nix b/nix/flake/kubenix/default.nix
index 312fd52..3157a6d 100644
--- a/nix/flake/kubenix/default.nix
+++ b/nix/flake/kubenix/default.nix
@@ -8,6 +8,7 @@
           kubenix.modules.k8s
           kubenix.modules.helm
           # ./freshrss.nix
+          ./cyberchef.nix
         ];
         kubernetes.kubeconfig = "~/.kube/config";
         kubenix.project = "home";
@@ -46,57 +47,9 @@
             #   };
             # };
 
-            deployments.cyberchef.spec = {
-              replicas = 3;
-              selector.matchLabels.app = "cyberchef";
-
-              template = {
-                metadata.labels.app = "cyberchef";
-
-                spec = {
-                  containers.cyberchef = {
-                    image = "mpepping/cyberchef";
-
-                    ports = [{
-                      containerPort = 8000;
-                      protocol = "TCP";
-                    }];
-                  };
-                };
-              };
-            };
-
-            services.cyberchef.spec = {
-              selector.app = "cyberchef";
-
-              ports = [{
-                protocol = "TCP";
-                port = 80;
-                targetPort = 8000;
-              }];
-            };
-
-            ingresses.cyberchef.spec = {
-              ingressClassName = "traefik";
-
-              rules = [{
-                host = "cyberchef.kun.is";
-
-                http.paths = [{
-                  path = "/";
-                  pathType = "Prefix";
-
-                  backend.service = {
-                    name = "cyberchef";
-                    port.number = 80;
-                  };
-                }];
-              }];
-            };
-
             ipAddressPools.main = {
               # metadata.namespace = "metallb-system";
-              spec.addresses = [ "192.168.40.100-192.168.40.254" ];
+              spec.addresses = [ "192.168.30.128-192.168.30.200" ];
             };
 
             # l2Advertisements.main.metadata.namespace = "metallb-system";