diff --git a/homelab/protonbridge-values.yml b/homelab/protonbridge-values.yml
deleted file mode 100644
index 0d16c56..0000000
--- a/homelab/protonbridge-values.yml
+++ /dev/null
@@ -1,15 +0,0 @@
-image:
-  tag: 2.1.3-build
-service:
-  main:
-    ports:
-      http:
-        enabled: false
-      smtp:
-        enabled: true
-        protocol: TCP
-        port: 25
-      imap:
-        enabled: true
-        protocol: TCP
-        port: 143
\ No newline at end of file
diff --git a/homelab/protonbridge.yml b/homelab/protonbridge.yml
new file mode 100644
index 0000000..ec5b859
--- /dev/null
+++ b/homelab/protonbridge.yml
@@ -0,0 +1,71 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: protonmail-bridge
+spec:
+  selector:
+    matchLabels:
+      app: protonmail-bridge
+  template:
+    metadata:
+      labels:
+        app: protonmail-bridge
+    spec:
+      containers:
+      - name: protonmail-bridge
+        image: shenxn/protonmail-bridge:2.3.0-build
+        resources:
+          requests:
+            memory: "128Mi"
+            cpu: "500m"
+        ports:
+        - containerPort: 143
+          name: imap
+        - containerPort: 25
+          name: smtp
+        volumeMounts:
+        - name: data
+          mountPath: /root
+        readinessProbe:
+          tcpSocket:
+            port: 143
+          initialDelaySeconds: 3
+          periodSeconds: 10
+        livenessProbe:
+          tcpSocket:
+            port: 143
+          initialDelaySeconds: 15
+          periodSeconds: 20
+      volumes:
+      - name: data
+        persistentVolumeClaim:
+          claimName: protonmail-bridge
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: protonmail-bridge
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 5Gi
+  storageClassName: nfs-client
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: protonmail-bridge
+spec:
+  selector:
+    app: protonmail-bridge
+  ports:
+  - port: 1143
+    targetPort: 143
+    name: imap
+  - port: 1025
+    targetPort: 25
+    name: smtp
+  externalIPs:
+    - 100.120.232.77
\ No newline at end of file
diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl
index dc2291e..9196eb2 100644
--- a/terraform/.terraform.lock.hcl
+++ b/terraform/.terraform.lock.hcl
@@ -1,6 +1,29 @@
 # This file is maintained automatically by "terraform init".
 # Manual edits may be lost in future updates.
 
+provider "registry.terraform.io/fly-apps/fly" {
+  version     = "0.0.18"
+  constraints = "0.0.18"
+  hashes = [
+    "h1:BCeP9KDWm48DH59xeYKcRXW2rt3IpJaGdoJQC0q1nPg=",
+    "zh:0f03aedd71fee3ab12d1462b4deeb8dd12a765ca25e39298555546f0af58bef9",
+    "zh:109a1331585d8638aac232d522f0e8dfb95528a7d099ae3f45fd318a9afdf518",
+    "zh:338775290bb7ff15be9a45202dd0350e4e323aa9b8e23ea741e5b00320f336c8",
+    "zh:4435a24db609df5585c557274fab521ed6d7cdd079c97222cc9600554571b37b",
+    "zh:512ad9f77bd87b4c26c7eed03cf5cc862ecd731f1165231ba54e08c762f4ee8d",
+    "zh:713a37d014934c44656da1fccae75298242836021c8d7fad30e6df3fee82b2a3",
+    "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
+    "zh:94cb3bd3e4a77b013713b5902a13103f7a212c596d8c6681c7c980f0f0132c17",
+    "zh:9aae3b2c85718c127a423f8a5a25a20ac3abfeab4f160cdbdb5e711964fd4b52",
+    "zh:b7fff4f2bec04a2f57353890337abcaa14e19c1afdeada76e482cda3f98befa3",
+    "zh:c48b7b3bdfa6d529e7ce913cd07d2f9fa0b5c9a8018046bc2cf1a078f22d4255",
+    "zh:c5a4ef9de5a25a210a669b540991476947cc46b177396934e4c2e64c59d468a1",
+    "zh:db4ab42b799728502eafc46647a4a4a78a470937520898cfe02a2016aff0802b",
+    "zh:e0bac43de91d2e7d8ffd06a027731ea0e3dd8b88c5aee8a1a70b338a54e8ca38",
+    "zh:f0fbdd70696d14a9642f00b1801a4c398703f90e13460726965505c33321c8a1",
+  ]
+}
+
 provider "registry.terraform.io/hashicorp/aws" {
   version = "4.28.0"
   hashes = [
diff --git a/terraform/cloudfront.tf b/terraform/cloudfront.tf
index 0f806ed..254e18c 100644
--- a/terraform/cloudfront.tf
+++ b/terraform/cloudfront.tf
@@ -16,7 +16,7 @@ resource "aws_cloudfront_distribution" "api-by-becki" {
     target_origin_id           = "abb.gmem.ca"
     compress                   = true
     viewer_protocol_policy     = "redirect-to-https"
-    cache_policy_id            = aws_cloudfront_cache_policy.api-by-becki.id
+    cache_policy_id            = aws_cloudfront_cache_policy.api.id
     response_headers_policy_id = "eaab4381-ed33-4a86-88ca-d9558dc6cd63"
   }
 
@@ -40,10 +40,25 @@ resource "aws_cloudfront_distribution" "api-by-becki" {
   }
 }
 
-resource "aws_cloudfront_cache_policy" "api-by-becki" {
+resource "aws_cloudfront_cache_policy" "api" {
+  name        = "APIs"
   default_ttl = 300
   max_ttl     = 604800
   min_ttl     = 1
+  parameters_in_cache_key_and_forwarded_to_origin {
+    enable_accept_encoding_brotli = true
+    enable_accept_encoding_gzip   = true
+    cookies_config {
+      cookie_behavior = "none"
+    }
+    headers_config {
+      header_behavior = "none"
+    }
+    query_strings_config {
+      query_string_behavior = "all"
+    }
+  }
+
 }
 
 resource "aws_acm_certificate" "api-by-becki" {
diff --git a/terraform/main.tf b/terraform/main.tf
index 9ed502f..020e94f 100644
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -8,6 +8,10 @@ terraform {
       source  = "hashicorp/aws"
       version = "4.28.0"
     }
+    fly = {
+      source  = "fly-apps/fly"
+      version = "0.0.18"
+    }
   }
   backend "s3" {
     bucket = "gsimmer-terraform-state"
@@ -16,6 +20,8 @@ terraform {
   }
 }
 
+provider "fly" {}
+
 provider "aws" {
   alias  = "virginia"
   region = "us-east-1"