diff --git a/.bash_completions b/.bash_completions
deleted file mode 100644
index e5f15e5..0000000
--- a/.bash_completions
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/bash
-
-alias kc=kubectl
-
-source <(kubectl completion bash)
-complete -F __start_kubectl kc
-
-function use-namespace {
-  kubectl config set-context --current --namespace=$1
-}
diff --git a/.bazelrc b/.bazelrc
deleted file mode 100644
index 87b02e5..0000000
--- a/.bazelrc
+++ /dev/null
@@ -1,7 +0,0 @@
-build --incompatible_use_python_toolchains
-test --incompatible_use_python_toolchains
-
-build --@io_bazel_rules_go//go/config:static
-
-build --stamp
-build --workspace_status_command scripts/print-workspace-status.sh
\ No newline at end of file
diff --git a/.bazelversion b/.bazelversion
deleted file mode 100644
index f4965a3..0000000
--- a/.bazelversion
+++ /dev/null
@@ -1 +0,0 @@
-6.0.0
\ No newline at end of file
diff --git a/BUILD b/BUILD
deleted file mode 100644
index 1138e85..0000000
--- a/BUILD
+++ /dev/null
@@ -1,39 +0,0 @@
-load("@bazel_gazelle//:def.bzl", "gazelle")
-load("@io_bazel_rules_go//go:def.bzl", "go_path", "nogo")
-load("@io_bazel_rules_docker//container:bundle.bzl", "container_bundle")
-load("@io_bazel_rules_docker//contrib:push-all.bzl", "container_push")
-
-# gazelle:prefix github.com/monogon-dev/NetMeta
-# gazelle:exclude deploy
-# gazelle:exclude third_party/tools
-gazelle(name = "gazelle")
-
-# Shortcut for the Go SDK
-alias(
-    name = "go",
-    actual = "@go_sdk//:bin/go",
-    visibility = ["//visibility:public"],
-)
-
-_CONTAINERS = {
-    "helloworld": "//cmd/helloworld:helloworld",
-    "risinfo": "//cmd/risinfo:risinfo",
-    "portmirror": "//cmd/portmirror:portmirror",
-    "reconciler": "//cmd/reconciler:reconciler",
-    "goflow": "//third_party/goflow:goflow",
-    "grafana": "//third_party/grafana:grafana",
-}
-
-container_bundle(
-    name = "netmeta_containers",
-    images = {
-        ("ghcr.io/monogon-dev/netmeta/{}".format(k) + ":{COMMIT_GIT_SHA}"): v
-        for k, v in _CONTAINERS.items()
-    },
-)
-
-container_push(
-    name = "push",
-    bundle = ":netmeta_containers",
-    format = "Docker",
-)
diff --git a/WORKSPACE b/WORKSPACE
deleted file mode 100644
index f66917f..0000000
--- a/WORKSPACE
+++ /dev/null
@@ -1,136 +0,0 @@
-workspace(name = "NetMeta")
-
-load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive", "http_file")
-load("@bazel_tools//tools/build_defs/repo:git.bzl", "git_repository")
-
-# Import rules_go
-
-http_archive(
-    name = "io_bazel_rules_go",
-    sha256 = "099a9fb96a376ccbbb7d291ed4ecbdfd42f6bc822ab77ae6f1b5cb9e914e94fa",
-    urls = [
-        "https://mirror.bazel.build/github.com/bazelbuild/rules_go/releases/download/v0.35.0/rules_go-v0.35.0.zip",
-        "https://github.com/bazelbuild/rules_go/releases/download/v0.35.0/rules_go-v0.35.0.zip",
-    ],
-)
-
-load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains", "go_rules_dependencies")
-
-go_rules_dependencies()
-
-go_register_toolchains(version = "1.19.1")
-
-# Import Gazelle
-
-http_archive(
-    name = "bazel_gazelle",
-    sha256 = "5982e5463f171da99e3bdaeff8c0f48283a7a5f396ec5282910b9e8a49c0dd7e",
-    urls = [
-        "https://mirror.bazel.build/github.com/bazelbuild/bazel-gazelle/releases/download/v0.25.0/bazel-gazelle-v0.25.0.tar.gz",
-        "https://github.com/bazelbuild/bazel-gazelle/releases/download/v0.25.0/bazel-gazelle-v0.25.0.tar.gz",
-    ],
-)
-
-load("//:repositories.bzl", "go_repositories")
-
-# gazelle:repository_macro repositories.bzl%go_repositories
-go_repositories()
-
-load("@bazel_gazelle//:deps.bzl", "gazelle_dependencies")
-
-gazelle_dependencies()
-
-# Protobuf
-
-http_archive(
-    name = "rules_proto",
-    sha256 = "dc3fb206a2cb3441b485eb1e423165b231235a1ea9b031b4433cf7bc1fa460dd",
-    strip_prefix = "rules_proto-5.3.0-21.7",
-    urls = [
-        "https://github.com/bazelbuild/rules_proto/archive/refs/tags/5.3.0-21.7.tar.gz",
-    ],
-)
-
-load("@rules_proto//proto:repositories.bzl", "rules_proto_dependencies", "rules_proto_toolchains")
-
-rules_proto_dependencies()
-
-rules_proto_toolchains()
-
-# rules_docker
-
-http_archive(
-    name = "io_bazel_rules_docker",
-    sha256 = "b1e80761a8a8243d03ebca8845e9cc1ba6c82ce7c5179ce2b295cd36f7e394bf",
-    urls = ["https://github.com/bazelbuild/rules_docker/releases/download/v0.25.0/rules_docker-v0.25.0.tar.gz"],
-)
-
-load(
-    "@io_bazel_rules_docker//repositories:repositories.bzl",
-    container_repositories = "repositories",
-)
-load(
-    "@io_bazel_rules_docker//toolchains/docker:toolchain.bzl",
-    docker_toolchain_configure = "toolchain_configure",
-)
-
-docker_toolchain_configure(
-    name = "docker_config",
-    docker_path = "/usr/bin/docker",
-)
-
-container_repositories()
-
-load(
-    "@io_bazel_rules_docker//go:image.bzl",
-    go_image_repos = "repositories",
-)
-
-go_image_repos()
-
-load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
-
-BAZEL_TOOLCHAIN_TAG = "0.7.2"
-
-BAZEL_TOOLCHAIN_SHA = "f7aa8e59c9d3cafde6edb372d9bd25fb4ee7293ab20b916d867cd0baaa642529"
-
-http_archive(
-    name = "com_grail_bazel_toolchain",
-    canonical_id = BAZEL_TOOLCHAIN_TAG,
-    sha256 = BAZEL_TOOLCHAIN_SHA,
-    strip_prefix = "bazel-toolchain-{tag}".format(tag = BAZEL_TOOLCHAIN_TAG),
-    url = "https://github.com/grailbio/bazel-toolchain/archive/{tag}.tar.gz".format(tag = BAZEL_TOOLCHAIN_TAG),
-)
-
-load("@com_grail_bazel_toolchain//toolchain:deps.bzl", "bazel_toolchain_dependencies")
-
-bazel_toolchain_dependencies()
-
-load("@com_grail_bazel_toolchain//toolchain:rules.bzl", "llvm_toolchain")
-
-llvm_toolchain(
-    name = "llvm_toolchain",
-    llvm_version = "14.0.0",
-)
-
-load("@llvm_toolchain//:toolchains.bzl", "llvm_register_toolchains")
-
-llvm_register_toolchains()
-
-load("@io_bazel_rules_docker//container:container.bzl", "container_pull")
-
-container_pull(
-    name = "grafana",
-    digest = "sha256:cf66ad28334ee6d2349813f193e8a82e5aea6ae94916dd72df3d0a07b0660ccb",
-    registry = "index.docker.io",
-    repository = "grafana/grafana",
-    tag = "9.3.2",
-)
-
-load("//third_party/grafana:grafana_plugin.bzl", "grafana_plugin")
-load("//third_party/grafana:container.bzl", "PLUGINS")
-
-[grafana_plugin(
-    name = name,
-    version = version,
-) for name, version in PLUGINS.items()]
diff --git a/cmd/gendocs/main.go b/cmd/gendocs/main.go
new file mode 100644
index 0000000..18b8877
--- /dev/null
+++ b/cmd/gendocs/main.go
@@ -0,0 +1,46 @@
+package main
+
+import (
+	"fmt"
+	"log"
+
+	"cuelang.org/go/cue"
+	"cuelang.org/go/cue/ast"
+	"cuelang.org/go/cue/cuecontext"
+	"cuelang.org/go/cue/load"
+)
+
+var skeletonOptions = []cue.Option{
+	cue.Attributes(true),
+	cue.Concrete(false),
+	cue.Definitions(false),
+	cue.DisallowCycles(true),
+	cue.Docs(true),
+	cue.Hidden(true),
+	cue.Optional(true),
+}
+
+func main() {
+	ctx := cuecontext.New()
+	bis := load.Instances([]string{}, &load.Config{Dir: "../.."})
+	for _, bi := range bis {
+		if bi.Err != nil {
+			log.Fatal("Error during loading", "entrypoints", "error", bi.Err)
+		}
+		orgCue := ctx.BuildInstance(bi)
+		orgNode := orgCue.Syntax(skeletonOptions...)
+		beforeNode := func(v ast.Node) bool {
+			return true
+		}
+
+		debugNode := func(v ast.Node) {
+			for _, comment := range ast.Comments(v) {
+				for _, lines := range comment.List {
+					fmt.Println("debugging ast", "comment", lines.Text, "name", ast.Name(v))
+				}
+			}
+		}
+
+		ast.Walk(orgNode, beforeNode, debugNode)
+	}
+}
diff --git a/cmd/helloworld/BUILD b/cmd/helloworld/BUILD
deleted file mode 100644
index a1446da..0000000
--- a/cmd/helloworld/BUILD
+++ /dev/null
@@ -1,9 +0,0 @@
-load("@io_bazel_rules_docker//go:image.bzl", "go_image")
-
-go_image(
-    name = "helloworld",
-    srcs = ["helloworld.go"],
-    importpath = "github.com/monogon-dev/NetMeta/cmd/helloworld",
-    static = "on",
-    visibility = ["//visibility:public"],
-)
diff --git a/cmd/helloworld/helloworld.go b/cmd/helloworld/helloworld.go
deleted file mode 100644
index 4f22356..0000000
--- a/cmd/helloworld/helloworld.go
+++ /dev/null
@@ -1,13 +0,0 @@
-package main
-
-import (
-	"log"
-	"time"
-)
-
-func main() {
-	for {
-		log.Print("I bims 1 container")
-		time.Sleep(1 * time.Second)
-	}
-}
diff --git a/cmd/risinfo/BUILD.bazel b/cmd/risinfo/BUILD.bazel
deleted file mode 100644
index 104e1c1..0000000
--- a/cmd/risinfo/BUILD.bazel
+++ /dev/null
@@ -1,14 +0,0 @@
-load("@io_bazel_rules_docker//go:image.bzl", "go_image")
-
-go_image(
-    name = "risinfo",
-    srcs = ["risinfo.go"],
-    importpath = "github.com/monogon-dev/NetMeta/cmd/risinfo",
-    static = "on",
-    visibility = ["//visibility:public"],
-    deps = [
-        "@com_github_osrg_gobgp//pkg/packet/bgp",
-        "@com_github_osrg_gobgp//pkg/packet/mrt",
-        "@io_k8s_klog_v2//:klog",
-    ],
-)
diff --git a/cmd/risinfo/README.md b/cmd/risinfo/README.md
new file mode 100644
index 0000000..666b2e0
--- /dev/null
+++ b/cmd/risinfo/README.md
@@ -0,0 +1,6 @@
+# risinfo
+
+risinfo serves a prefix -> origin mapping derived from routeviews.org RIB dumps as a ClickHouse dictionary.
+This data is much more recent than Maxmind ASN data.
+
+It's quite expensive to fetch and process a full internet routing table (~60s). In the future, we may introduce a layer of server-side caching with prebuilt lookup tables available for download.
\ No newline at end of file
diff --git a/cmd/risinfo/risinfo.go b/cmd/risinfo/risinfo.go
index b1e9717..de33255 100644
--- a/cmd/risinfo/risinfo.go
+++ b/cmd/risinfo/risinfo.go
@@ -1,8 +1,3 @@
-// risinfo serves a prefix -> origin mapping derived from routeviews.org RIB dumps as a ClickHouse dictionary.
-// This data is much more recent than Maxmind ASN data.
-//
-// It's quite expensive to fetch and process a full internet routing table (~60s). In the future, we may introduce
-// a layer of server-side caching with prebuilt lookup tables available for download.
 package main
 
 import (
diff --git a/config.cue b/config.cue
new file mode 100644
index 0000000..a712cdb
--- /dev/null
+++ b/config.cue
@@ -0,0 +1,266 @@
+package NetMeta
+
+import (
+	"net"
+	"strconv"
+)
+
+#GoogleAuth: {
+	// Get credentials at https://console.cloud.google.com/apis/credentials
+	// See https://grafana.com/docs/grafana/latest/auth/google for instructions.
+	clientID:     string
+	clientSecret: string
+
+	// List of GSuite domains that may sign in.
+	allowedDomains: [string, ...string]
+
+	// Allow any user that can authenticate to sign up?
+	allowSignup: bool | *true
+}
+
+#Ports: {
+	// Frontend (HTTP is redirected to HTTPS)
+	http:       int | *80
+	https:      int | *443
+	clickhouse: int | *8123
+
+	// Netflow/IPFIX
+	netflow: int | *2055
+	// NetFlow V5
+	netflowLegacy: int | *2056
+	// sFlow
+	sflow: int | *6343
+}
+
+#DashboardDisplayConfig: {
+	// Minimum interval for all panels. By default, there's no minimum interval and the interval goes all the way down
+	// to minimum resolution (1s). For IPFIX, the minimum flow export interval may be a large multiple of that,
+	// resulting in misleading rendering when zooming in (spikes at multiples of the flow export resolution).
+	//
+	// For IPFIX, set minInterval to 2× the minimum flow timeout on the network device.
+	minInterval: string | null | *null
+
+	// Maximum packet size for heatmap panel. We set a fixed maximum value to filter out spurious oversizes packets from
+	// loopback interfaces and have the right scale when only small packets are visible.
+	maxPacketSize: *1500 | uint
+}
+
+// The config for the FastNetMon integration
+#FastNetMonConfig: {
+	// Name of a FastNetMon InfluxDB datasource. If you use NetMeta alongside FastNetMon, attack
+	// notifications can be shown in NetMeta. You have to manually create the FastNetMon
+	// datasource and connect it to your instance.
+	dataSource: string | *"FastNetMon InfluxDB"
+
+	// Size of the FastNetMon ingestion queue. Keeping
+	// a larger queue allows for backprocessing of longer periods of historical data.
+	topicRetention: *1_000_000_000 | int // GB
+}
+
+#PortMirrorConfig: {
+	// The address the instance use as SamplerAddress
+	samplerAddress: #DeviceAddress | *"::ffff:127.0.0.1"
+
+	// The Interfaces to listen to. Multiple interface pairs can be set by seperating them with a comma.
+	interfaces: string | *"tap_rx:tap_tx"
+
+	// The sample rate for the traffic sniffing. Defaults to every 1000th frame.
+	sampleRate: int | *1000
+}
+
+// IPv6 or pseudo-IPv4 mapped address like ::ffff:100.0.0.1
+#DeviceAddress: string & net.IP & !~"^:?:?[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}$"
+
+// A small test to verify that #DeviceAddress forbids the old IP mapping
+_deviceAddressTest: {
+	IN=in: {
+		// Key is the value to test
+		// Value is the parsing result
+		"2001:0DB8::1":     true
+		"::ffff:127.0.0.1": true
+		"::ffff:127.0.0.1": true
+		"::127.0.0.1":      false
+		"127.0.0.1":        false
+	}
+
+	out: {
+		for k, v in IN {
+			"\(k)": v
+			"\(k)": (k & #DeviceAddress) != _|_
+		}
+	}
+}
+
+// for COLUMN you can use the following columns:
+// SamplerAddress, SrcAddr, DstAddr, SrcAS, DstAS, FlowDirection
+// additionally it is possible to use these with a valid CIDR
+// SamplerAddressInRange, SrcAddrInRange, DstAddrInRange
+#ColumnExpression: [COLUMN=string]: string | int
+
+// A struct containing sampler specific config parameters
+#SamplerConfig: [DEVICE=string]: {
+	// Router source address
+	device: DEVICE & #DeviceAddress
+
+	// Sampling rate to override the sampling rate provided by the sampler
+	samplingRate: int | *0
+
+	// Human-readable host description to show in the frontend
+	description: string | *""
+
+	// anonymize the last 8byte for v6 addresses and 1byte for v4 addresses
+	anonymizeAddresses: bool | *false
+
+	// how to detect an incoming flow
+	// each array entry is connected by an OR statement
+	// everything inside a #ColumnExpression is connected with AND
+	isIncomingFlow: [...#ColumnExpression]
+
+	// Interface names for the data from this sampler
+	interface: [ID=string]: {
+		// Numeric interface Index (often known as the "SNMP ID")
+		id: *strconv.Atoi(ID) | int
+
+		// Human-readable interface description to show in the frontend
+		description: string
+
+		// Groups in which this interface should take place
+		groups: [...string]
+	}
+
+	vlan: [ID=string]: {
+		// Numeric VLAN ID
+		id: *strconv.Atoi(ID) | int
+
+		// Human-readable vlan description to show in the frontend
+		description: string
+	}
+
+	// Host names for the data from this sampler
+	host: [DEVICE=string]: {
+		// Host source address
+		device: DEVICE & #DeviceAddress
+
+		// Human-readable host description to show in the frontend
+		description: string
+	}
+}
+
+#UserData: {
+	// Custom ASNs
+	autnums: [ASN=string]: {
+		asn: *strconv.Atoi(ASN) | int
+		name: string
+		country: string
+	}
+}
+
+// Grafana specific config parameters
+#GrafanaConfig: {
+	// Deploy a local grafana instance
+	deployGrafana: bool | *true
+
+	// Dashboard display config - these settings only affect rendering of the Grafana dashboards.
+	dashboardDisplay: #DashboardDisplayConfig
+
+	// Initial Grafana admin password
+	// (after the first deployment, it can only be changed within Grafana)
+	grafanaInitialAdminPassword: string
+
+	// Enable Grafana basic authentication (you might to disable it after setting up third-party auth).
+	// OAuth auto login will be enabled if you disable basic auth.
+	//
+	// Note that the built-in admin user can authenticate even if basic auth is disabled.
+	grafanaBasicAuth: bool | *true
+
+	// Optional: configure GSuite authentication
+	grafanaGoogleAuth?: #GoogleAuth
+
+	// Default org role for new Grafana users
+	grafanaDefaultRole: string | *"Viewer"
+}
+
+#NetMetaConfig: {
+	// Allow the use of legacy config parameters
+	//#LegacyNetMetaConfig
+
+	// Allow the use of grafana config parameters
+	//#GrafanaConfig
+
+	// Size of the goflow sFlow/IPFIX ingestion queue. Keeping
+	// a larger queue allows for backprocessing of longer periods of historical data.
+	goflowTopicRetention: *1_000_000_000 | int // GB
+
+	// Kubernetes namespace
+	namespace: *"default" | string
+
+	// ClickHouse write credentials
+	clickhouseAdminPassword: string
+
+	// ClickHouse readonly credentials
+	clickhouseReadonlyPassword: string
+
+	// Session secret for Prometheus and Grafana
+	sessionSecret: string
+
+	// External ports
+	ports: #Ports
+
+	// Let's Encrypt Mode
+	//  - off: self-signed certificate (TODO, right now, it just disables certificates altogether)
+	//  - staging: staging Let's Encrypt server (recommended for testing!)
+	//  - production: production Let's Encrypt server (beware of rate limits)
+	//
+	// Switching between staging and production will not automatically
+	// delete the existing certificate - delete acme.json and restart Traefik.
+	letsencryptMode: *"staging" | "production" | "off"
+
+	// Let's Encrypt Account Email Address
+	letsencryptAccountMail: string
+	if letsencryptMode == "off" {
+		// setup a placeholder for letsencryptAccountMail
+		letsencryptAccountMail: "letsencrypt@example.com"
+	}
+
+	// Public hostname
+	publicHostname: string
+
+	// Expose the ClickHouse HTTP query API on the port defined above.
+	enableClickhouseIngress: bool | *false
+
+	// Expose Kafka on a Nodeport
+	enableExternalKafkaListener: bool | *false
+
+	// The URL to advertise to hosts connecting over the external Kafka listener
+	advertisedKafkaHost: string | *"127.0.0.1"
+
+	// When set to a PortMirrorConfig, the PortMirror Tool will be deployed and
+	// listen to the defined interfaces.
+	portMirror?: #PortMirrorConfig
+
+	// Defines if the goflow tool should be deployed
+	deployGoflow: bool | *true
+
+	// When set to a FastNetMonConfig, the FastNetMon integration for Grafana will be enabled
+	fastNetMon?: #FastNetMonConfig
+
+	// Config parameter like interface names. See #SamplerConfig
+	sampler: #SamplerConfig
+
+	// Userprovided data like custom ASNs
+	userData: #UserData
+}
+
+#Image: {
+	image:  string
+	digest: string
+}
+
+#NetMetaImages: {
+	helloworld: #Image
+	risinfo:    #Image
+	goflow:     #Image
+	portmirror: #Image
+	grafana:    #Image
+	reconciler: #Image
+}
diff --git a/deploy/cue.mod/gen/github.com/monogon-dev/NetMeta/reconciler/config_go_gen.cue b/cue.mod/gen/github.com/monogon-dev/NetMeta/reconciler/config_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/github.com/monogon-dev/NetMeta/reconciler/config_go_gen.cue
rename to cue.mod/gen/github.com/monogon-dev/NetMeta/reconciler/config_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue b/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue
rename to cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue b/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue
rename to cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue b/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue
rename to cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue b/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue
rename to cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue b/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue
rename to cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue b/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue
rename to cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue b/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue
rename to cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue b/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue
rename to cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/api/rbac/v1/register_go_gen.cue b/cue.mod/gen/k8s.io/api/rbac/v1/register_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/api/rbac/v1/register_go_gen.cue
rename to cue.mod/gen/k8s.io/api/rbac/v1/register_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/api/rbac/v1/types_go_gen.cue b/cue.mod/gen/k8s.io/api/rbac/v1/types_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/api/rbac/v1/types_go_gen.cue
rename to cue.mod/gen/k8s.io/api/rbac/v1/types_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/doc_go_gen.cue b/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/doc_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/doc_go_gen.cue
rename to cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/doc_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/register_go_gen.cue b/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/register_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/register_go_gen.cue
rename to cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/register_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_go_gen.cue b/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_go_gen.cue
rename to cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_jsonschema_go_gen.cue b/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_jsonschema_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_jsonschema_go_gen.cue
rename to cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_jsonschema_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue
rename to cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue
rename to cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue
rename to cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue
rename to cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue
rename to cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue
rename to cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue
rename to cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue
rename to cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue
rename to cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue
rename to cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue
rename to cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue
rename to cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue
rename to cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue
rename to cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue
rename to cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue
rename to cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue
rename to cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue
rename to cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue
rename to cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue
rename to cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue
rename to cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue
rename to cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue
rename to cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue
rename to cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue
rename to cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue
rename to cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue
rename to cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue
rename to cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue
rename to cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue
rename to cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue
rename to cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue
rename to cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue
rename to cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue
rename to cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue
rename to cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue
diff --git a/deploy/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue
similarity index 100%
rename from deploy/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue
rename to cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue
diff --git a/cue.mod/module.cue b/cue.mod/module.cue
new file mode 100644
index 0000000..7df95fa
--- /dev/null
+++ b/cue.mod/module.cue
@@ -0,0 +1 @@
+module: "github.com/monogon-dev/NetMeta"
diff --git a/deploy/cue.mod/pkg/netmeta.monogon.tech/xml/xml.cue b/cue.mod/pkg/netmeta.monogon.tech/xml/xml.cue
similarity index 100%
rename from deploy/cue.mod/pkg/netmeta.monogon.tech/xml/xml.cue
rename to cue.mod/pkg/netmeta.monogon.tech/xml/xml.cue
diff --git a/deploy/dashboards/General_Home.cue b/dashboards/General_Home.cue
similarity index 100%
rename from deploy/dashboards/General_Home.cue
rename to dashboards/General_Home.cue
diff --git a/deploy/dashboards/NetMeta_Overview.cue b/dashboards/NetMeta_Overview.cue
similarity index 100%
rename from deploy/dashboards/NetMeta_Overview.cue
rename to dashboards/NetMeta_Overview.cue
diff --git a/deploy/dashboards/NetMeta_Relations.cue b/dashboards/NetMeta_Relations.cue
similarity index 100%
rename from deploy/dashboards/NetMeta_Relations.cue
rename to dashboards/NetMeta_Relations.cue
diff --git a/dashboards/README.md b/dashboards/README.md
new file mode 100644
index 0000000..c9bafb1
--- /dev/null
+++ b/dashboards/README.md
@@ -0,0 +1,3 @@
+# Grafana Dashboards
+
+NetMeta is based on Grafana and with that brings a set of dashboards.
\ No newline at end of file
diff --git a/deploy/dashboards/base.cue b/dashboards/base.cue
similarity index 97%
rename from deploy/dashboards/base.cue
rename to dashboards/base.cue
index 0308236..1061857 100644
--- a/deploy/dashboards/base.cue
+++ b/dashboards/base.cue
@@ -1,8 +1,8 @@
 package dashboards
 
-#Config: {
+Config: {
 	// Minimum interval for all panels
-	minInterval: string | null
+	minInterval: string | *null
 
 	// Maximum packet size for heatmaps (filter out spurious oversized packet from loopback interfaces)
 	maxPacketSize: uint | *1500
@@ -175,7 +175,7 @@ dashboards: [string]: D={
 	_panels: [...#Panel]
 	panels: [ for i, v in D._panels {
 		id:       i
-		interval: #Config.minInterval
+		interval: Config.minInterval
 		for _, t in #PanelStructs if t.type == v.type {
 			(t & v)
 		}
@@ -199,13 +199,13 @@ dashboards: [string]: templating: _list: [{
 	query: "grafana-clickhouse-datasource"
 	type:  "datasource"
 },
-	if #Config.fastNetMon != _|_ {
+	if Config.fastNetMon != _|_ {
 		{
 			current: {
 				selected: false
 				// we wrap the variable into a string to enforce previous declared defaults to be evaluated
-				text:  "\(#Config.fastNetMon.dataSource)"
-				value: "\(#Config.fastNetMon.dataSource)"
+				text:  "\(Config.fastNetMon.dataSource)"
+				value: "\(Config.fastNetMon.dataSource)"
 			}
 			label: "Datasource"
 			name:  "datasource_fnm"
@@ -309,7 +309,7 @@ dashboards: [string]: {
 				}
 				type: "dashboard"
 			},
-			if #Config.fastNetMon != _|_ {
+			if Config.fastNetMon != _|_ {
 				{
 					datasource: {
 						type: "influxdb"
diff --git a/dashboards/dump_tool.cue b/dashboards/dump_tool.cue
new file mode 100644
index 0000000..d60ca5d
--- /dev/null
+++ b/dashboards/dump_tool.cue
@@ -0,0 +1,22 @@
+package dashboards
+
+import (
+	"encoding/json"
+	"strings"
+	"tool/file"
+)
+
+command: dump: {
+	outDir: file.MkdirAll & {
+		path: "out"
+	}
+
+	for k, v in dashboards {
+		let fileName = "\(strings.ToLower(strings.Replace(k, " ", "_", -1))).json"
+		"\(outDir.path)/\(fileName)": file.Create & {
+			$after:   outDir
+			filename: "\(outDir.path)/\(fileName)"
+			contents: json.Indent(json.Marshal(v), "", " ")
+		}
+	}
+}
diff --git a/deploy/dashboards/types.cue b/dashboards/types.cue
similarity index 100%
rename from deploy/dashboards/types.cue
rename to dashboards/types.cue
diff --git a/default.nix b/default.nix
new file mode 100644
index 0000000..4993465
--- /dev/null
+++ b/default.nix
@@ -0,0 +1,20 @@
+{ lib, buildGoModule }:
+buildGoModule {
+  name = "netmeta";
+
+  src = ./.;
+
+  subPackages = [
+    "cmd/portmirror"
+    "cmd/reconciler"
+    "cmd/risinfo"
+  ];
+
+  vendorHash = "sha256-qGDNKOsOxu+7y2ycgebNSDFzbXZF2h9xFoHIf3U14Ao=";
+
+  meta = with lib; {
+    description = "A scalable network observability toolkit optimized for performance";
+    homepage = "https://github.com/monogon-dev/NetMeta";
+    license = licenses.asl20;
+  };
+}
diff --git a/deploy/cue.mod/module.cue b/deploy/cue.mod/module.cue
deleted file mode 100644
index 1e82853..0000000
--- a/deploy/cue.mod/module.cue
+++ /dev/null
@@ -1 +0,0 @@
-module: "github.com/monogon-dev/NetMeta/deploy"
diff --git a/deploy/deps.go b/deploy/deps.go
deleted file mode 100644
index 90af707..0000000
--- a/deploy/deps.go
+++ /dev/null
@@ -1,12 +0,0 @@
-// go:build tools
-
-package deploy
-
-// Static imports for Cue definitions
-
-import (
-	_ "k8s.io/api/apps/v1"
-	_ "k8s.io/api/core/v1"
-	_ "k8s.io/api/rbac/v1"
-	_ "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
-)
diff --git a/deploy/generate.sh b/deploy/generate.sh
deleted file mode 100755
index 18ff948..0000000
--- a/deploy/generate.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/usr/bin/env bash
-# Regenerate all definition from latest releases, including the dummy Go module which is used to pin dependencies.
-
-rm -rf cue.mod/gen
-
-go mod tidy
-
-# Generate Cue definitions (see deps.go)
-cue get go k8s.io/api/apps/v1
-cue get go k8s.io/api/core/v1
-cue get go k8s.io/api/rbac/v1
-cue get go k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1
diff --git a/deploy/go.mod b/deploy/go.mod
deleted file mode 100644
index 63b54db..0000000
--- a/deploy/go.mod
+++ /dev/null
@@ -1,26 +0,0 @@
-module github.com/monogon-dev/NetMeta/deploy
-
-go 1.19
-
-require (
-	k8s.io/api v0.25.3
-	k8s.io/apiextensions-apiserver v0.25.3
-)
-
-require (
-	github.com/go-logr/logr v1.2.3 // indirect
-	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
-	github.com/modern-go/reflect2 v1.0.2 // indirect
-	golang.org/x/net v0.0.0-20220927171203-f486391704dc // indirect
-	golang.org/x/text v0.3.7 // indirect
-	gopkg.in/inf.v0 v0.9.1 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
-	k8s.io/apimachinery v0.25.3 // indirect
-	k8s.io/klog/v2 v2.70.1 // indirect
-	k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed // indirect
-	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
-)
diff --git a/deploy/go.sum b/deploy/go.sum
deleted file mode 100644
index acdf32a..0000000
--- a/deploy/go.sum
+++ /dev/null
@@ -1,86 +0,0 @@
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
-github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=
-github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
-github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
-github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
-github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
-github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
-github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
-github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
-github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
-github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
-github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
-github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20220927171203-f486391704dc h1:FxpXZdoBqT8RjqTy6i1E8nXHhW21wK7ptQ/EPIGxzPQ=
-golang.org/x/net v0.0.0-20220927171203-f486391704dc/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
-golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU=
-gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
-gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
-gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
-gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
-gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
-k8s.io/api v0.25.3 h1:Q1v5UFfYe87vi5H7NU0p4RXC26PPMT8KOpr1TLQbCMQ=
-k8s.io/api v0.25.3/go.mod h1:o42gKscFrEVjHdQnyRenACrMtbuJsVdP+WVjqejfzmI=
-k8s.io/apiextensions-apiserver v0.25.3 h1:bfI4KS31w2f9WM1KLGwnwuVlW3RSRPuIsfNF/3HzR0k=
-k8s.io/apiextensions-apiserver v0.25.3/go.mod h1:ZJqwpCkxIx9itilmZek7JgfUAM0dnTsA48I4krPqRmo=
-k8s.io/apimachinery v0.25.3 h1:7o9ium4uyUOM76t6aunP0nZuex7gDf8VGwkR5RcJnQc=
-k8s.io/apimachinery v0.25.3/go.mod h1:jaF9C/iPNM1FuLl7Zuy5b9v+n35HGSh6AQ4HYRkCqwo=
-k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
-k8s.io/klog/v2 v2.70.1 h1:7aaoSdahviPmR+XkS7FyxlkkXs6tHISSG03RxleQAVQ=
-k8s.io/klog/v2 v2.70.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
-k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed h1:jAne/RjBTyawwAy0utX5eqigAwz/lQhTmy+Hr/Cpue4=
-k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
-sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k=
-sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
-sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE=
-sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E=
-sigs.k8s.io/yaml v1.2.0 h1:kr/MCeFWJWTwyaHoR9c8EjH9OumOmoF9YGiZd7lFm/Q=
diff --git a/deploy/single-node/tests/README.md b/deploy/single-node/tests/README.md
deleted file mode 100644
index 81f402a..0000000
--- a/deploy/single-node/tests/README.md
+++ /dev/null
@@ -1,6 +0,0 @@
-# Config Tests
-
-To ensure we don't break existing configs, we validate the output against known values. To add a new one you can explore the result of the test configs with:
-```
-cue export ./tests -e 'test."empty sampler".out.k8s' --out cue
-``` 
\ No newline at end of file
diff --git a/deploy/single-node/tests/base.cue b/deploy/single-node/tests/base.cue
deleted file mode 100644
index b0aa0ef..0000000
--- a/deploy/single-node/tests/base.cue
+++ /dev/null
@@ -1,130 +0,0 @@
-package tests
-
-import netmeta "github.com/monogon-dev/NetMeta/deploy/single-node:k8s"
-
-test: [string]: T={
-	config:  netmeta.#NetMetaConfig
-	out:     (netmeta & {netmeta: config: T.config})
-	asserts: true
-}
-
-_requiredDefaults: {
-	grafanaInitialAdminPassword: "grafanaInitialAdminPassword"
-	clickhouseAdminPassword:     "clickhouseAdminPassword"
-	clickhouseReadonlyPassword:  "clickhouseReadonlyPassword"
-	sessionSecret:               "sessionSecret"
-
-	publicHostname: "publicHostname"
-}
-
-test: "traefik: letsencrypt: off": T={
-	config: {
-		_requiredDefaults
-		letsencryptMode: "off"
-	}
-
-	asserts: T.out.k8s.Deployment.traefik.spec.template.spec.containers[0].args == ["--accesslog", "--entrypoints.web.Address=:80", "--entrypoints.websecure.Address=:443", "--providers.kubernetescrd"]
-}
-
-test: "traefik: letsencrypt: staging": T={
-	config: {
-		_requiredDefaults
-		letsencryptMode: "staging"
-		letsencryptAccountMail: "letsencrypt@example.com"
-	}
-
-	asserts: T.out.k8s.Deployment.traefik.spec.template.spec.containers[0].args == ["--accesslog", "--entrypoints.web.Address=:80", "--entrypoints.websecure.Address=:443", "--providers.kubernetescrd", "--certificatesresolvers.publicHostnameResolver.acme.tlschallenge", "--certificatesresolvers.publicHostnameResolver.acme.email=letsencrypt@example.com", "--certificatesresolvers.publicHostnameResolver.acme.storage=/data/acme-staging.json", "--certificatesresolvers.publicHostnameResolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"]
-}
-
-test: "traefik: letsencrypt: production": T={
-	config: {
-		_requiredDefaults
-		letsencryptMode: "production"
-		letsencryptAccountMail: "letsencrypt@example.com"
-	}
-
-	asserts: T.out.k8s.Deployment.traefik.spec.template.spec.containers[0].args == ["--accesslog", "--entrypoints.web.Address=:80", "--entrypoints.websecure.Address=:443", "--providers.kubernetescrd", "--certificatesresolvers.publicHostnameResolver.acme.tlschallenge", "--certificatesresolvers.publicHostnameResolver.acme.email=letsencrypt@example.com", "--certificatesresolvers.publicHostnameResolver.acme.storage=/data/acme-production.json"]
-}
-
-
-test: "clickhouse: minimal config": T={
-	config: {
-		_requiredDefaults
-		letsencryptMode: "off"
-	}
-
-	asserts: T.out.k8s.ClickHouseInstallation.netmeta.spec.configuration.files."InterfaceNames.tsv" == ""
-	asserts: T.out.k8s.ClickHouseInstallation.netmeta.spec.configuration.files."SamplerConfig.tsv" == ""
-}
-
-test: "clickhouse: empty sampler": T={
-	config: {
-		_requiredDefaults
-		letsencryptMode: "off"
-
-		sampler: "::ffff:100.0.0.1": {
-		}
-	}
-
-	asserts: T.out.k8s.ClickHouseInstallation.netmeta.spec.configuration.files."InterfaceNames.tsv" == ""
-	asserts: T.out.k8s.ClickHouseInstallation.netmeta.spec.configuration.files."SamplerConfig.tsv" == "::ffff:100.0.0.1\tNULL\tNULL\tfalse"
-}
-
-test: "clickhouse: sampler with desc": T={
-	config: {
-		_requiredDefaults
-		letsencryptMode: "off"
-
-		sampler: "::ffff:100.0.0.1": {
-			description: "foo"
-		}
-	}
-
-	asserts: T.out.k8s.ClickHouseInstallation.netmeta.spec.configuration.files."InterfaceNames.tsv" == ""
-	asserts: T.out.k8s.ClickHouseInstallation.netmeta.spec.configuration.files."SamplerConfig.tsv" == "::ffff:100.0.0.1\tNULL\tfoo\tfalse"
-}
-
-test: "clickhouse: sampler with interface": T={
-	config: {
-		_requiredDefaults
-		letsencryptMode: "off"
-
-		sampler: "::ffff:100.0.0.1": {
-			interface: "858": description: "TRANSIT-ABC"
-		}
-
-	}
-	asserts: T.out.k8s.ClickHouseInstallation.netmeta.spec.configuration.files."InterfaceNames.tsv" == "::ffff:100.0.0.1\t858\tTRANSIT-ABC\t[]"
-	asserts: T.out.k8s.ClickHouseInstallation.netmeta.spec.configuration.files."SamplerConfig.tsv" == "::ffff:100.0.0.1\tNULL\tNULL\tfalse"
-}
-
-test: "clickhouse: sampler with desc and interfaces": T={
-	config: {
-		_requiredDefaults
-		letsencryptMode: "off"
-
-		sampler: "::ffff:100.0.0.1": {
-			description: "foo"
-			interface: "858": description: "TRANSIT-ABC"
-		}
-	}
-
-	asserts: T.out.k8s.ClickHouseInstallation.netmeta.spec.configuration.files."InterfaceNames.tsv" == "::ffff:100.0.0.1\t858\tTRANSIT-ABC\t[]"
-	asserts: T.out.k8s.ClickHouseInstallation.netmeta.spec.configuration.files."SamplerConfig.tsv" == "::ffff:100.0.0.1\tNULL\tfoo\tfalse"
-}
-
-
-test: "clickhouse: sampler with desc,interfaces,groups": T={
-	config: {
-		_requiredDefaults
-		letsencryptMode: "off"
-
-		sampler: "::ffff:100.0.0.1": {
-			description: "foo"
-			interface: "858": {description: "TRANSIT-ABC", groups: ["A", "B"]}
-		}
-	}
-
-	asserts: T.out.k8s.ClickHouseInstallation.netmeta.spec.configuration.files."InterfaceNames.tsv" == "::ffff:100.0.0.1\t858\tTRANSIT-ABC\t['A','B']"
-	asserts: T.out.k8s.ClickHouseInstallation.netmeta.spec.configuration.files."SamplerConfig.tsv" == "::ffff:100.0.0.1\tNULL\tfoo\tfalse"
-}
diff --git a/dump_tool.cue b/dump_tool.cue
new file mode 100644
index 0000000..15ac676
--- /dev/null
+++ b/dump_tool.cue
@@ -0,0 +1,7 @@
+package NetMeta
+
+import (
+	"github.com/monogon-dev/NetMeta/dashboards"
+)
+
+command: dump_dashboards: dashboards.command.dump
diff --git a/example-config.sh b/example-config.sh
deleted file mode 100755
index cca2909..0000000
--- a/example-config.sh
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/usr/bin/env bash
-# Generate an example deploy/single-node/config_local.cue file
-
-function mkpw() {
-  head -c $1 /dev/random | base64
-}
-
-# Don't forget to update the copy in README when changing this.
-
-cat <<EOF
-package k8s
-
-netmeta: config: {
-    grafanaInitialAdminPassword: "$(mkpw 18)"
-    clickhouseAdminPassword:     "$(mkpw 18)"
-    clickhouseReadonlyPassword:  "$(mkpw 18)"
-    sessionSecret:               "$(mkpw 32)"
-
-    publicHostname: "$(hostname -f)"
-
-    letsencryptMode:        "staging"  // change to "production" later
-    letsencryptAccountMail: "letsencrypt@example.com"
-}
-EOF
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..a96aa14
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,11 @@
+{
+  description = "A very basic flake";
+
+  outputs = { self, nixpkgs }: {
+
+    packages.x86_64-linux.hello = nixpkgs.legacyPackages.x86_64-linux.hello;
+
+    packages.x86_64-linux.default = self.packages.x86_64-linux.hello;
+
+  };
+}
diff --git a/go.mod b/go.mod
index 86fbcf9..939bf78 100644
--- a/go.mod
+++ b/go.mod
@@ -1,8 +1,9 @@
 module github.com/monogon-dev/NetMeta
 
-go 1.19
+go 1.21
 
 require (
+	cuelang.org/go v0.7.0
 	github.com/ClickHouse/clickhouse-go/v2 v2.7.0
 	github.com/emicklei/proto v1.11.1
 	github.com/google/gopacket v1.1.19
@@ -11,24 +12,30 @@ require (
 	github.com/osrg/gobgp v2.0.0+incompatible
 	github.com/sirupsen/logrus v1.9.0
 	github.com/vishvananda/netlink v1.2.1-beta.2
-	k8s.io/klog/v2 v2.90.1
+	k8s.io/api v0.29.0
+	k8s.io/apiextensions-apiserver v0.29.0
+	k8s.io/klog/v2 v2.110.1
 )
 
 require (
+	cuelabs.dev/go/oci/ociregistry v0.0.0-20231103182354-93e78c079a13 // indirect
 	github.com/ClickHouse/ch-go v0.53.0 // indirect
 	github.com/Shopify/sarama v1.38.1 // indirect
 	github.com/andybalholm/brotli v1.0.5 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/cockroachdb/apd/v3 v3.2.1 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/eapache/go-resiliency v1.3.0 // indirect
 	github.com/eapache/go-xerial-snappy v0.0.0-20230111030713-bf00bc1b83b6 // indirect
 	github.com/eapache/queue v1.1.0 // indirect
 	github.com/go-faster/city v1.0.1 // indirect
 	github.com/go-faster/errors v0.6.1 // indirect
-	github.com/go-logr/logr v1.2.3 // indirect
+	github.com/go-logr/logr v1.3.0 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
+	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/uuid v1.3.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
@@ -39,31 +46,44 @@ require (
 	github.com/jcmturner/gofork v1.7.6 // indirect
 	github.com/jcmturner/gokrb5/v8 v8.4.4 // indirect
 	github.com/jcmturner/rpc/v2 v2.0.3 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/compress v1.16.0 // indirect
 	github.com/libp2p/go-reuseport v0.2.0 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
+	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/mpvl/unique v0.0.0-20150818121801-cbe035fff7de // indirect
+	github.com/opencontainers/go-digest v1.0.0 // indirect
+	github.com/opencontainers/image-spec v1.1.0-rc4 // indirect
 	github.com/paulmach/orb v0.9.0 // indirect
 	github.com/pierrec/lz4/v4 v4.1.17 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	github.com/prometheus/client_golang v1.14.0 // indirect
-	github.com/prometheus/client_model v0.3.0 // indirect
-	github.com/prometheus/common v0.42.0 // indirect
-	github.com/prometheus/procfs v0.9.0 // indirect
+	github.com/prometheus/client_golang v1.16.0 // indirect
+	github.com/prometheus/client_model v0.4.0 // indirect
+	github.com/prometheus/common v0.44.0 // indirect
+	github.com/prometheus/procfs v0.10.1 // indirect
+	github.com/protocolbuffers/txtpbfmt v0.0.0-20230328191034-3462fbc510c0 // indirect
 	github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
-	github.com/rogpeppe/go-internal v1.9.0 // indirect
 	github.com/segmentio/asm v1.2.0 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
 	github.com/vishvananda/netns v0.0.4 // indirect
 	github.com/xdg-go/pbkdf2 v1.0.0 // indirect
 	github.com/xdg-go/scram v1.1.2 // indirect
 	github.com/xdg-go/stringprep v1.0.4 // indirect
-	go.opentelemetry.io/otel v1.14.0 // indirect
-	go.opentelemetry.io/otel/trace v1.14.0 // indirect
-	golang.org/x/crypto v0.7.0 // indirect
-	golang.org/x/net v0.8.0 // indirect
-	golang.org/x/sys v0.6.0 // indirect
-	golang.org/x/text v0.8.0 // indirect
-	google.golang.org/protobuf v1.29.0 // indirect
+	go.opentelemetry.io/otel v1.19.0 // indirect
+	go.opentelemetry.io/otel/trace v1.19.0 // indirect
+	golang.org/x/crypto v0.14.0 // indirect
+	golang.org/x/net v0.17.0 // indirect
+	golang.org/x/sync v0.4.0 // indirect
+	golang.org/x/sys v0.13.0 // indirect
+	golang.org/x/text v0.13.0 // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
+	k8s.io/apimachinery v0.29.0 // indirect
+	k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
+	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
 )
diff --git a/go.sum b/go.sum
index 3e472c4..d66cef1 100644
--- a/go.sum
+++ b/go.sum
@@ -1,3 +1,7 @@
+cuelabs.dev/go/oci/ociregistry v0.0.0-20231103182354-93e78c079a13 h1:zkiIe8AxZ/kDjqQN+mDKc5BxoVJOqioSdqApjc+eB1I=
+cuelabs.dev/go/oci/ociregistry v0.0.0-20231103182354-93e78c079a13/go.mod h1:XGKYSMtsJWfqQYPwq51ZygxAPqpEUj/9bdg16iDPTAA=
+cuelang.org/go v0.7.0 h1:gMztinxuKfJwMIxtboFsNc6s8AxwJGgsJV+3CuLffHI=
+cuelang.org/go v0.7.0/go.mod h1:ix+3dM/bSpdG9xg6qpCgnJnpeLtciZu+O/rDbywoMII=
 github.com/ClickHouse/ch-go v0.53.0 h1:gD9oP15FW+1oTTYyVzmuVfM+bk5cB5wqdscBIIw/mRA=
 github.com/ClickHouse/ch-go v0.53.0/go.mod h1:B9htMJ0hii/zrC2hljUKdnagRBuLqtRG/GrU3jqCwRk=
 github.com/ClickHouse/clickhouse-go/v2 v2.7.0 h1:KFRvFjnewYkJBwkfBvDYESwZtZmQipz/xRuaBz0oVNA=
@@ -5,12 +9,15 @@ github.com/ClickHouse/clickhouse-go/v2 v2.7.0/go.mod h1:6I79Gj2EPbV/DdlDShfCaxrj
 github.com/Shopify/sarama v1.38.1 h1:lqqPUPQZ7zPqYlWpTh+LQ9bhYNu2xJL6k1SJN4WVe2A=
 github.com/Shopify/sarama v1.38.1/go.mod h1:iwv9a67Ha8VNa+TifujYoWGxWnu2kNVAQdSdZ4X2o5g=
 github.com/Shopify/toxiproxy/v2 v2.5.0 h1:i4LPT+qrSlKNtQf5QliVjdP08GyAH8+BUIc9gT0eahc=
+github.com/Shopify/toxiproxy/v2 v2.5.0/go.mod h1:yhM2epWtAmel9CB8r2+L+PCmhH6yH2pITaPAo7jxJl0=
 github.com/andybalholm/brotli v1.0.5 h1:8uQZIdzKmjc/iuPu7O2ioW48L81FgatrcpfFmiq/cCs=
 github.com/andybalholm/brotli v1.0.5/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cockroachdb/apd/v3 v3.2.1 h1:U+8j7t0axsIgvQUqthuNm82HIrYXodOV2iWLWtEaIwg=
+github.com/cockroachdb/apd/v3 v3.2.1/go.mod h1:klXJcjp+FffLTHlhIG69tezTDvdP065naDsHzKhYSqc=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -23,16 +30,18 @@ github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFP
 github.com/emicklei/proto v1.11.1 h1:CBZwNVwPJvkdevxvsoCuFedF9ENiBz0saen3L9y0OTA=
 github.com/emicklei/proto v1.11.1/go.mod h1:rn1FgRS/FANiZdD2djyH7TMA9jdRDcYQ9IEN9yvjX0A=
 github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw=
+github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g=
 github.com/go-faster/city v1.0.1 h1:4WAxSZ3V2Ws4QRDrscLEDcibJY8uf41H6AhXDrNDcGw=
 github.com/go-faster/city v1.0.1/go.mod h1:jKcUJId49qdW3L1qKHH/3wPeUstCVpVSXTM6vO3VcTw=
 github.com/go-faster/errors v0.6.1 h1:nNIPOBkprlKzkThvS/0YaX8Zs9KewLCOSFQS5BU06FI=
 github.com/go-faster/errors v0.6.1/go.mod h1:5MGV2/2T9yvlrbhe9pD9LO5Z/2zCSq2T8j+Jpi2LAyY=
-github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=
-github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY=
+github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-quicktest/qt v1.101.0 h1:O1K29Txy5P2OK0dGo59b7b0LR6wKfIhttaAhHUyn7eI=
+github.com/go-quicktest/qt v1.101.0/go.mod h1:14Bz/f7NwaXPtdYEgzsx46kqSxVwTbzVZsDC26tQJow=
+github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
 github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
@@ -41,7 +50,12 @@ github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
 github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
+github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=
 github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
@@ -75,23 +89,44 @@ github.com/jcmturner/gokrb5/v8 v8.4.4 h1:x1Sv4HaTpepFkXbt2IkL29DXRf8sOfZXo8eRKh6
 github.com/jcmturner/gokrb5/v8 v8.4.4/go.mod h1:1btQEpgT6k+unzCwX1KdWMEwPPkkgBtP+F6aCACiMrs=
 github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZY=
 github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/klauspost/compress v1.16.0 h1:iULayQNOReoYUe+1qtKOqw9CwJv3aNQu8ivo7lw1HU4=
 github.com/klauspost/compress v1.16.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
+github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
+github.com/lib/pq v1.10.7 h1:p7ZhMD+KsSRozJr34udlUrhboJwWAgCg34+/ZZNvZZw=
+github.com/lib/pq v1.10.7/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/libp2p/go-reuseport v0.2.0 h1:18PRvIMlpY6ZK85nIAicSBuXXvrYoSw3dsBAR7zc560=
 github.com/libp2p/go-reuseport v0.2.0/go.mod h1:bvVho6eLMm6Bz5hmU0LYN3ixd3nPPvtIlaURZZgOY4k=
 github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
 github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
+github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0=
+github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc=
+github.com/mpvl/unique v0.0.0-20150818121801-cbe035fff7de h1:D5x39vF5KCwKQaw+OC9ZPiLVHXz3UFw2+psEX+gYcto=
+github.com/mpvl/unique v0.0.0-20150818121801-cbe035fff7de/go.mod h1:kJun4WP5gFuHZgRjZUWWuH1DTxCtxbHDOIJsudS8jzY=
 github.com/netsampler/goflow2 v1.1.1 h1:GpVlvPq4yRbyzoiz0Vp3XilNr5js/0UhHcQI7Ol/MDk=
 github.com/netsampler/goflow2 v1.1.1/go.mod h1:oNIeGj67SjwrRSTEukErjNT1zZ02W9+8M5mSgQCkZC8=
+github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
+github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
+github.com/opencontainers/image-spec v1.1.0-rc4 h1:oOxKUJWnFC4YGHCCMNql1x4YaDfYBTS5Y4x/Cgeo1E0=
+github.com/opencontainers/image-spec v1.1.0-rc4/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
 github.com/osrg/gobgp v2.0.0+incompatible h1:91ARQbE1AtO0U4TIxHPJ7wYVZIqduyBwS1+FjlHlmrY=
 github.com/osrg/gobgp v2.0.0+incompatible/go.mod h1:vGVJPLW6JFDD7WA1vJsjB8OKmbbC2TKwHtr90CZS/u4=
 github.com/paulmach/orb v0.9.0 h1:MwA1DqOKtvCgm7u9RZ/pnYejTeDJPnr0+0oFajBbJqk=
@@ -103,34 +138,40 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw=
-github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y=
-github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4=
-github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w=
-github.com/prometheus/common v0.42.0 h1:EKsfXEYo4JpWMHH5cg+KOUWeuJSov1Id8zGR8eeI1YM=
-github.com/prometheus/common v0.42.0/go.mod h1:xBwqVerjNdUDjgODMpudtOMwlOwf2SaTr1yjz4b7Zbc=
-github.com/prometheus/procfs v0.9.0 h1:wzCHvIvM5SxWqYvwgVL7yJY8Lz3PKn49KQtpgMYJfhI=
-github.com/prometheus/procfs v0.9.0/go.mod h1:+pB4zwohETzFnmlpe6yd2lSc+0/46IYZRB/chUwxUZY=
+github.com/prometheus/client_golang v1.16.0 h1:yk/hx9hDbrGHovbci4BY+pRMfSuuat626eFsHb7tmT8=
+github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc=
+github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY=
+github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU=
+github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY=
+github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY=
+github.com/prometheus/procfs v0.10.1 h1:kYK1Va/YMlutzCGazswoHKo//tZVlFpKYh+PymziUAg=
+github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM=
+github.com/protocolbuffers/txtpbfmt v0.0.0-20230328191034-3462fbc510c0 h1:sadMIsgmHpEOGbUs6VtHBXRR1OHevnj7hLx9ZcdNGW4=
+github.com/protocolbuffers/txtpbfmt v0.0.0-20230328191034-3462fbc510c0/go.mod h1:jgxiZysxFPM+iWKwQwPR+y+Jvo54ARd4EisXxKYpB5c=
 github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5XpJzTSTfLsJV/mx9Q9g7kxmchpfZyxgzM=
 github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
-github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
-github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
+github.com/rogpeppe/go-internal v1.11.1-0.20231026093722-fa6a31e0812c h1:fPpdjePK1atuOg28PXfNSqgwf9I/qD1Hlo39JFwKBXk=
+github.com/rogpeppe/go-internal v1.11.1-0.20231026093722-fa6a31e0812c/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
 github.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys=
 github.com/segmentio/asm v1.2.0/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs=
 github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8=
 github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
 github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
 github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
+github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
 github.com/vishvananda/netlink v1.2.1-beta.2 h1:Llsql0lnQEbHj0I1OuKyp8otXp0r3q0mPkuhwHfStVs=
 github.com/vishvananda/netlink v1.2.1-beta.2/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
@@ -150,23 +191,27 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 go.mongodb.org/mongo-driver v1.11.1/go.mod h1:s7p5vEtfbeR1gYi6pnj3c3/urpbLv2T5Sfd6Rp2HBB8=
-go.opentelemetry.io/otel v1.14.0 h1:/79Huy8wbf5DnIPhemGB+zEPVwnN6fuQybr/SRXa6hM=
-go.opentelemetry.io/otel v1.14.0/go.mod h1:o4buv+dJzx8rohcUeRmWUZhqupFvzWis188WlggnNeU=
-go.opentelemetry.io/otel/trace v1.14.0 h1:wp2Mmvj41tDsyAJXiWDWpfNsOiIyd38fy85pyKcFq/M=
-go.opentelemetry.io/otel/trace v1.14.0/go.mod h1:8avnQLK+CG77yNLUae4ea2JDQ6iT+gozhnZjy/rw9G8=
+go.opentelemetry.io/otel v1.19.0 h1:MuS/TNf4/j4IXsZuJegVzI1cwut7Qc00344rgH7p8bs=
+go.opentelemetry.io/otel v1.19.0/go.mod h1:i0QyjOq3UPoTzff0PJB2N66fb4S0+rSbSB15/oyH9fY=
+go.opentelemetry.io/otel/trace v1.19.0 h1:DFVQmlVbfVeOuBRrwdtaehRrWiL1JoVs9CPIQ1Dzxpg=
+go.opentelemetry.io/otel/trace v1.19.0/go.mod h1:mfaSyvGyEJEI0nyV2I4qhNQnbBOUUmYZpYojqMnX2vo=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
-golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A=
-golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
+golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
+golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo=
 golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY=
+golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -177,15 +222,16 @@ golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
-golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
+golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
+golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
+golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ=
+golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -198,8 +244,8 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
-golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
+golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
@@ -209,14 +255,16 @@ golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68=
-golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
+golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc=
+golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -224,16 +272,34 @@ golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8T
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.29.0 h1:44S3JjaKmLEE4YIkjzexaP+NzZsudE3Zin5Njn/pYX0=
-google.golang.org/protobuf v1.29.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
+google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
+gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-k8s.io/klog/v2 v2.90.1 h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw=
-k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
+k8s.io/api v0.29.0 h1:NiCdQMY1QOp1H8lfRyeEf8eOwV6+0xA6XEE44ohDX2A=
+k8s.io/api v0.29.0/go.mod h1:sdVmXoz2Bo/cb77Pxi71IPTSErEW32xa4aXwKH7gfBA=
+k8s.io/apiextensions-apiserver v0.29.0 h1:0VuspFG7Hj+SxyF/Z/2T0uFbI5gb5LRgEyUVE3Q4lV0=
+k8s.io/apiextensions-apiserver v0.29.0/go.mod h1:TKmpy3bTS0mr9pylH0nOt/QzQRrW7/h7yLdRForMZwc=
+k8s.io/apimachinery v0.29.0 h1:+ACVktwyicPz0oc6MTMLwa2Pw3ouLAfAon1wPLtG48o=
+k8s.io/apimachinery v0.29.0/go.mod h1:eVBxQ/cwiJxH58eK/jd/vAk4mrxmVlnpBH5J2GbMeis=
+k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0=
+k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo=
+k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI=
+k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
+sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
+sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
+sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=
diff --git a/hack.txt b/hack.txt
deleted file mode 100644
index 5829f6d..0000000
--- a/hack.txt
+++ /dev/null
@@ -1,72 +0,0 @@
-SQL console:
-kc exec -it chi-netmeta-netmeta-0-0-0 -- clickhouse-client -mn
-
-Kafka console consumer:
-kc exec netmeta-kafka-0 -c kafka -- bin/kafka-console-consumer.sh --bootstrap-server netmeta-kafka-bootstrap:9092 --topic flow-messages
-
-CentOS 8 iptables-legacy:
-```
-FROM fedora:32
-
-RUN INSTALL_PKGS="iptables" && \
-    dnf install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \
-    dnf clean all -y
-
-```
-podman build -t netmeta-toolbox:latest .
-podman run --privileged --rm --net=host netmeta-toolbox:latest iptables-legacy -S
-
-Show consumer groups:
-kc exec netmeta-kafka-0 -c kafka -- bin/kafka-consumer-groups.sh --bootstrap-server netmeta-kafka-bootstrap:9092 --describe --offsets --all-groups
-
-tcpdump pod:
-nsenter --net=/proc/$(pidof goflow)/ns/net tcpdump -i any
-
-Interactively run SQL migrations:
-kc exec -it chi-netmeta-netmeta-0-0-0 -- clickhouse-client -mn < schema/1_init.up.sql
-kc exec -it chi-netmeta-netmeta-0-0-0 -- clickhouse-client -mn < schema/1_init.down.sql
-
-Using kafkacat:
-kubectl run kafkacat -i --rm=true --image=confluentinc/cp-kafkacat:latest --restart=Never -- kafkacat -b netmeta-kafka-bootstrap:9092 -L
-
-goflow metrics debugging:
-curl -s [::1]:18080/metrics | grep -v ^#
-
-Remotely debug running goflow process:
-
-go get github.com/go-delve/delve/cmd/dlv
-cp /proc/$(pidof goflow)/exe /goflow
-go/bin/dlv --listen "10.42.0.1:2345" --headless --api-version=2 --accept-multiclient attach $(pidof goflow)
-rm /goflow
-
-Manually adjust TTL:
-alter table default.flows_raw modify ttl Date + toIntervalDay(20);
-
-List oldest partitions:h
-select distinct partition from system.parts limit 10;
-
-Drop partitions:
-alter table flows_raw drop partition '2020-06-15';
-alter table flows_raw drop partition '2020-06-16';
-alter table flows_raw drop partition '2020-06-17';
-...
-
-Rebuild services:
-scripts/build_containers.sh && (cd deploy/single-node/services && cue apply)
-
-risinfo queries:
-select dictGetUInt32('risinfo', 'asnum', tuple(reinterpretAsFixedString(toIPv6('::1.1.1.1'))));
-select dictGetUInt32('risinfo', 'asnum', tuple(reinterpretAsFixedString(SrcAddr))) AS SrcAsn, count(*) from flows_raw group by SrcAsn order by count(*) desc limit 20;
-
-select dictGetString('autnums', 'name', toUInt64(3320));
-select dictGetString('autnums', 'country', toUInt64(3320));
-
-Change portmirror sampleraddress data:
-create table flows_raw_old ENGINE = MergeTree() PARTITION BY Date ORDER BY (TimeReceived, FlowDirection, SamplerAddress, SrcAS, DstAS, SrcAddr, DstAddr) AS SELECT
-if(SamplerAddress == toIPv6('::OLD_ADDRESS'), toIPv6('::ffff:NEW_ADDRESS'), toIPv6('::0.0.0.0')) as SamplerAddress, * from flows_raw where SamplerAddress != toIPv6('::0.0.0.0');
-
-INSERT INTO flows_raw SELECT Date,FlowType,SequenceNum,TimeReceived,SamplingRate,FlowDirection,SamplerAddress,TimeFlowStart,TimeFlowEnd,Bytes,Packets,SrcAddr,DstAddr,EType,Proto,SrcPort,DstPort,InIf,OutIf,SrcMac,DstMac,SrcVlan,DstVlan,VlanId,IngressVrfId,EgressVrfId,IPTos,ForwardingStatus,IPTTL,TCPFlags,IcmpType,IcmpCode,IPv6FlowLabel,FragmentId,FragmentOffset,BiFlowDirection,SrcAS,DstAS,NextHop,NextHopAS,SrcNet,DstNet from flows_raw_old;
-
-ALTER TABLE flows_raw DELETE WHERE SamplerAddress = toIPv6('::OLD_ADDRESS') Settings mutations_sync=1;
-
-drop table flows_raw_old;
\ No newline at end of file
diff --git a/install.sh b/install.sh
deleted file mode 100755
index 47c645a..0000000
--- a/install.sh
+++ /dev/null
@@ -1,128 +0,0 @@
-#!/bin/bash
-set -euo pipefail
-#
-# Installer for a single-node NetMeta production deployment.
-#
-# Tested on amd64 with:
-#
-#   - CentOS 8
-#   - Debian 10
-#   - Ubuntu 18.04 LTS
-#
-# Idempotent, safe to run multiple times. A single-node deployment can be safely
-# upgraded by re-running the install script.
-#
-# This installer pulls in binaries from, and therefore trusts, third-party sources:
-#
-#  - k3s.io by Rancher Labs.
-#  - Go binary distribution by Google.
-#  - ClickHouse container images by Yandex.
-#  - Strimzi Kafka container images by Red Hat.
-#
-# All downloads happen via SSL and are fully open source.
-#
-# We build most dependencies from source, except for the larger binary dependencies
-# listed above. It's possible to build these from source as well. If you need this
-# for security or compliance reasons, please contact us so we can gauge interest.
-#
-# Might not eat existing data - we strongly recommend to run the NetMeta single
-# node deployment on a dedicated host for both security and performance reasons.
-#
-# Install Go binary. We need Go to build other dependencies.
-
-if [[ $EUID -ne 0 ]]; then
-  echo "This script must be run as root"
-  exit 1
-fi
-
-# check if jq is present
-if ! jq --version &>/dev/null; then
-  echo "jq could not be found. Please install it."
-  exit 1
-else
-  echo "jq is installed"
-fi
-
-# check if gcc is present
-if ! gcc --version &>/dev/null; then
-  echo "gcc could not be found. Please install it."
-  exit 1
-else
-  echo "gcc is installed"
-fi
-
-# Ensure that our binaries are not shadowed by the distribution.
-export PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/sbin:/bin
-
-ARCH=$(uname -m)
-case $ARCH in
-amd64)
-  ARCH=amd64
-  ;;
-x86_64)
-  ARCH=amd64
-  ;;
-arm64)
-  ARCH=arm64
-  ;;
-aarch64)
-  ARCH=arm64
-  ;;
-*)
-  fatal "Unsupported architecture $ARCH"
-  ;;
-esac
-
-GO=1.19.1
-
-(
-  if [[ -d /usr/local/go ]]; then
-    rm -rf /usr/local/go
-  fi
-
-  TMP=$(mktemp -d)
-
-  (
-    cd "$TMP"
-    curl -OJ "https://dl.google.com/go/go${GO}.linux-${ARCH}.tar.gz"
-    tar -C /usr/local -xzf "go${GO}.linux-${ARCH}.tar.gz"
-
-    echo 'PATH=/usr/local/go/bin:$PATH' >/etc/profile.d/local_go.sh
-  )
-
-  rm -rf "$TMP"
-)
-
-. /etc/profile.d/local_go.sh
-
-# Install Go dependencies. Dependency versions and hashes are pinned using the
-# Go module mechanism.
-
-(
-  cd third_party/tools
-  go build -mod=readonly -o /usr/local/bin/cue cuelang.org/go/cmd/cue
-  go build -mod=readonly -o /usr/local/bin/bazel github.com/bazelbuild/bazelisk
-  go build -mod=readonly -o /usr/local/bin/goose github.com/pressly/goose/v3/cmd/goose
-)
-
-# Install k3s. k3s is a minimal Kubernetes distribution we use to deploy the various pieces of NetMeta.
-#
-# We do not want to expose any unnecessary public services since users might disregard documentation
-# and forget about the host firewall. k3s defaults to run literally everything publicly - hammer it into shape.
-#
-# This leaves us with apiserver and kubelet on public ports, both of which are designed for public exposure.
-#
-curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION="v1.25.2+k3s1" INSTALL_K3S_EXEC="server
-  --disable traefik
-  --disable-cloud-controller
-  --kube-scheduler-arg=bind-address=127.0.0.1
-  --kube-controller-manager-arg=bind-address=127.0.0.1
-  --kubelet-arg=eviction-hard=imagefs.available<1%,nodefs.available<1%
-  --kubelet-arg=eviction-minimum-reclaim=imagefs.available=1%,nodefs.available=1%
-" sh -s -
-
-while ! k3s kubectl get all; do
-  echo "Waiting for k3s..."
-  systemctl status k3s.service
-  sleep 5
-done
diff --git a/netmeta.cue b/netmeta.cue
new file mode 100644
index 0000000..a5e2031
--- /dev/null
+++ b/netmeta.cue
@@ -0,0 +1,7 @@
+package NetMeta
+
+import (
+	"github.com/monogon-dev/NetMeta/dashboards"
+)
+
+netmeta: "dashboards": dashboards
diff --git a/deploy/single-node/README.md b/on/k3s/README.md
similarity index 100%
rename from deploy/single-node/README.md
rename to on/k3s/README.md
diff --git a/deploy/single-node/apply_tool.cue b/on/k3s/apply_tool.cue
similarity index 100%
rename from deploy/single-node/apply_tool.cue
rename to on/k3s/apply_tool.cue
diff --git a/deploy/k8s-base/clickhouse-operator/README.md b/on/k3s/clickhouse-operator/README.md
similarity index 100%
rename from deploy/k8s-base/clickhouse-operator/README.md
rename to on/k3s/clickhouse-operator/README.md
diff --git a/deploy/k8s-base/clickhouse-operator/clickhouse-operator.cue b/on/k3s/clickhouse-operator/clickhouse-operator.cue
similarity index 100%
rename from deploy/k8s-base/clickhouse-operator/clickhouse-operator.cue
rename to on/k3s/clickhouse-operator/clickhouse-operator.cue
diff --git a/deploy/single-node/k8s/clickhouse/clickhouse.cue b/on/k3s/clickhouse/clickhouse.cue
similarity index 100%
rename from deploy/single-node/k8s/clickhouse/clickhouse.cue
rename to on/k3s/clickhouse/clickhouse.cue
diff --git a/deploy/single-node/k8s/clickhouse/files.cue b/on/k3s/clickhouse/files.cue
similarity index 100%
rename from deploy/single-node/k8s/clickhouse/files.cue
rename to on/k3s/clickhouse/files.cue
diff --git a/deploy/single-node/k8s/clickhouse/static_files.cue b/on/k3s/clickhouse/static_files.cue
similarity index 100%
rename from deploy/single-node/k8s/clickhouse/static_files.cue
rename to on/k3s/clickhouse/static_files.cue
diff --git a/deploy/single-node/config.cue b/on/k3s/config.cue
similarity index 100%
rename from deploy/single-node/config.cue
rename to on/k3s/config.cue
diff --git a/deploy/single-node/config_legacy.cue b/on/k3s/config_legacy.cue
similarity index 100%
rename from deploy/single-node/config_legacy.cue
rename to on/k3s/config_legacy.cue
diff --git a/deploy/single-node/defs.cue b/on/k3s/defs.cue
similarity index 88%
rename from deploy/single-node/defs.cue
rename to on/k3s/defs.cue
index 66db72d..8fe816a 100644
--- a/deploy/single-node/defs.cue
+++ b/on/k3s/defs.cue
@@ -6,28 +6,27 @@ import (
 	rbac_v1 "k8s.io/api/rbac/v1"
 	apiextensions_v1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 
-	traefikBase "github.com/monogon-dev/NetMeta/deploy/k8s-base/traefik:k8s"
-	traefik "github.com/monogon-dev/NetMeta/deploy/single-node/k8s/traefik"
+	traefik "github.com/monogon-dev/NetMeta/on/k3s/traefik:k8s"
 
-	clickhouseOperator "github.com/monogon-dev/NetMeta/deploy/k8s-base/clickhouse-operator:k8s"
-	clickhouse "github.com/monogon-dev/NetMeta/deploy/single-node/k8s/clickhouse"
+	clickhouseOperator "github.com/monogon-dev/NetMeta/on/k3s/clickhouse-operator:k8s"
+	clickhouse "github.com/monogon-dev/NetMeta/on/k3s/clickhouse"
 
-	strimziKafkaOperator "github.com/monogon-dev/NetMeta/deploy/k8s-base/strimzi-kafka-operator:k8s"
-	kafka "github.com/monogon-dev/NetMeta/deploy/single-node/k8s/kafka"
+	strimziKafkaOperator "github.com/monogon-dev/NetMeta/on/k3s/strimzi-kafka-operator:k8s"
+	kafka "github.com/monogon-dev/NetMeta/on/k3s/kafka"
 
 	// Dashboards
 	grafana_dashboards "github.com/monogon-dev/NetMeta/deploy/dashboards"
 
-	grafana "github.com/monogon-dev/NetMeta/deploy/single-node/k8s/grafana"
+	grafana "github.com/monogon-dev/NetMeta/on/k3s/grafana"
 
 	schema "github.com/monogon-dev/NetMeta/deploy/single-node/schema"
-	reconciler "github.com/monogon-dev/NetMeta/deploy/single-node/k8s/reconciler"
+	reconciler "github.com/monogon-dev/NetMeta/on/k3s/reconciler"
 
-	risinfo "github.com/monogon-dev/NetMeta/deploy/single-node/k8s/risinfo"
+	risinfo "github.com/monogon-dev/NetMeta/on/k3s/risinfo"
 
-	goflow "github.com/monogon-dev/NetMeta/deploy/single-node/k8s/goflow"
+	goflow "github.com/monogon-dev/NetMeta/on/k3s/goflow"
 
-	portmirror "github.com/monogon-dev/NetMeta/deploy/single-node/k8s/portmirror"
+	portmirror "github.com/monogon-dev/NetMeta/on/k3s/portmirror"
 )
 
 netmeta: images: #NetMetaImages
diff --git a/deploy/single-node/diff_tool.cue b/on/k3s/diff_tool.cue
similarity index 100%
rename from deploy/single-node/diff_tool.cue
rename to on/k3s/diff_tool.cue
diff --git a/deploy/single-node/dump_tool.cue b/on/k3s/dump_tool.cue
similarity index 100%
rename from deploy/single-node/dump_tool.cue
rename to on/k3s/dump_tool.cue
diff --git a/deploy/single-node/k8s/goflow/deployment.cue b/on/k3s/goflow/deployment.cue
similarity index 100%
rename from deploy/single-node/k8s/goflow/deployment.cue
rename to on/k3s/goflow/deployment.cue
diff --git a/deploy/single-node/k8s/grafana/grafana.cue b/on/k3s/grafana/grafana.cue
similarity index 100%
rename from deploy/single-node/k8s/grafana/grafana.cue
rename to on/k3s/grafana/grafana.cue
diff --git a/deploy/single-node/k8s/grafana/routes.cue b/on/k3s/grafana/routes.cue
similarity index 100%
rename from deploy/single-node/k8s/grafana/routes.cue
rename to on/k3s/grafana/routes.cue
diff --git a/deploy/single-node/k8s/kafka/kafka.cue b/on/k3s/kafka/kafka.cue
similarity index 100%
rename from deploy/single-node/k8s/kafka/kafka.cue
rename to on/k3s/kafka/kafka.cue
diff --git a/deploy/single-node/k8s/kafka/metrics.cue b/on/k3s/kafka/metrics.cue
similarity index 100%
rename from deploy/single-node/k8s/kafka/metrics.cue
rename to on/k3s/kafka/metrics.cue
diff --git a/deploy/single-node/k8s/portmirror/deployment.cue b/on/k3s/portmirror/deployment.cue
similarity index 100%
rename from deploy/single-node/k8s/portmirror/deployment.cue
rename to on/k3s/portmirror/deployment.cue
diff --git a/deploy/single-node/k8s/reconciler/reconciler.cue b/on/k3s/reconciler/reconciler.cue
similarity index 100%
rename from deploy/single-node/k8s/reconciler/reconciler.cue
rename to on/k3s/reconciler/reconciler.cue
diff --git a/deploy/single-node/k8s/risinfo/risinfo.cue b/on/k3s/risinfo/risinfo.cue
similarity index 100%
rename from deploy/single-node/k8s/risinfo/risinfo.cue
rename to on/k3s/risinfo/risinfo.cue
diff --git a/deploy/k8s-base/strimzi-kafka-operator/README.md b/on/k3s/strimzi-kafka-operator/README.md
similarity index 100%
rename from deploy/k8s-base/strimzi-kafka-operator/README.md
rename to on/k3s/strimzi-kafka-operator/README.md
diff --git a/deploy/k8s-base/strimzi-kafka-operator/strimzi-cluster-operator.cue b/on/k3s/strimzi-kafka-operator/strimzi-cluster-operator.cue
similarity index 100%
rename from deploy/k8s-base/strimzi-kafka-operator/strimzi-cluster-operator.cue
rename to on/k3s/strimzi-kafka-operator/strimzi-cluster-operator.cue
diff --git a/deploy/k8s-base/traefik/README.md b/on/k3s/traefik/README.md
similarity index 100%
rename from deploy/k8s-base/traefik/README.md
rename to on/k3s/traefik/README.md
diff --git a/deploy/single-node/k8s/traefik/deployment.cue b/on/k3s/traefik/deployment.cue
similarity index 99%
rename from deploy/single-node/k8s/traefik/deployment.cue
rename to on/k3s/traefik/deployment.cue
index 825232d..7c40573 100644
--- a/deploy/single-node/k8s/traefik/deployment.cue
+++ b/on/k3s/traefik/deployment.cue
@@ -1,4 +1,4 @@
-package traefik
+package k8s
 
 import (
 	"list"
diff --git a/deploy/k8s-base/traefik/kubernetes-crd-definition-v1.cue b/on/k3s/traefik/kubernetes-crd-definition-v1.cue
similarity index 100%
rename from deploy/k8s-base/traefik/kubernetes-crd-definition-v1.cue
rename to on/k3s/traefik/kubernetes-crd-definition-v1.cue
diff --git a/deploy/k8s-base/traefik/kubernetes-crd-rbac.cue b/on/k3s/traefik/kubernetes-crd-rbac.cue
similarity index 100%
rename from deploy/k8s-base/traefik/kubernetes-crd-rbac.cue
rename to on/k3s/traefik/kubernetes-crd-rbac.cue
diff --git a/repositories.bzl b/repositories.bzl
deleted file mode 100644
index c6a6be3..0000000
--- a/repositories.bzl
+++ /dev/null
@@ -1,949 +0,0 @@
-load("@bazel_gazelle//:deps.bzl", "go_repository")
-
-def go_repositories():
-    go_repository(
-        name = "com_github_alecthomas_kingpin_v2",
-        importpath = "github.com/alecthomas/kingpin/v2",
-        sum = "h1:ANLJcKmQm4nIaog7xdr/id6FM6zm5hHnfZrvtKPxqGg=",
-        version = "v2.3.1",
-    )
-    go_repository(
-        name = "com_github_alecthomas_units",
-        importpath = "github.com/alecthomas/units",
-        sum = "h1:s6gZFSlWYmbqAuRjVTiNNhvNRfY2Wxp9nhfyel4rklc=",
-        version = "v0.0.0-20211218093645-b94a6e3cc137",
-    )
-
-    go_repository(
-        name = "com_github_andybalholm_brotli",
-        importpath = "github.com/andybalholm/brotli",
-        sum = "h1:8uQZIdzKmjc/iuPu7O2ioW48L81FgatrcpfFmiq/cCs=",
-        version = "v1.0.5",
-    )
-    go_repository(
-        name = "com_github_azure_go_ansiterm",
-        importpath = "github.com/Azure/go-ansiterm",
-        sum = "h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8=",
-        version = "v0.0.0-20210617225240-d185dfc1b5a1",
-    )
-    go_repository(
-        name = "com_github_benbjohnson_clock",
-        importpath = "github.com/benbjohnson/clock",
-        sum = "h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=",
-        version = "v1.1.0",
-    )
-
-    go_repository(
-        name = "com_github_beorn7_perks",
-        importpath = "github.com/beorn7/perks",
-        sum = "h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=",
-        version = "v1.0.1",
-    )
-    go_repository(
-        name = "com_github_cenkalti_backoff_v4",
-        importpath = "github.com/cenkalti/backoff/v4",
-        sum = "h1:HN5dHm3WBOgndBH6E8V0q2jIYIR3s9yglV8k/+MN3u4=",
-        version = "v4.2.0",
-    )
-    go_repository(
-        name = "com_github_cespare_xxhash_v2",
-        importpath = "github.com/cespare/xxhash/v2",
-        sum = "h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=",
-        version = "v2.2.0",
-    )
-
-    go_repository(
-        name = "com_github_clickhouse_ch_go",
-        importpath = "github.com/ClickHouse/ch-go",
-        sum = "h1:gD9oP15FW+1oTTYyVzmuVfM+bk5cB5wqdscBIIw/mRA=",
-        version = "v0.53.0",
-    )
-    go_repository(
-        name = "com_github_clickhouse_clickhouse_go",
-        importpath = "github.com/ClickHouse/clickhouse-go",
-        sum = "h1:cKjXeYLNWVJIx2J1K6H2CqyRmfwVJVY1OV1coaaFcI0=",
-        version = "v1.5.4",
-    )
-    go_repository(
-        name = "com_github_clickhouse_clickhouse_go_v2",
-        importpath = "github.com/ClickHouse/clickhouse-go/v2",
-        sum = "h1:KFRvFjnewYkJBwkfBvDYESwZtZmQipz/xRuaBz0oVNA=",
-        version = "v2.7.0",
-    )
-
-    go_repository(
-        name = "com_github_cloudflare_golz4",
-        importpath = "github.com/cloudflare/golz4",
-        sum = "h1:F1EaeKL/ta07PY/k9Os/UFtwERei2/XzGemhpGnBKNg=",
-        version = "v0.0.0-20150217214814-ef862a3cdc58",
-    )
-    go_repository(
-        name = "com_github_containerd_cgroups",
-        importpath = "github.com/containerd/cgroups",
-        sum = "h1:jN/mbWBEaz+T1pi5OFtnkQ+8qnmEbAr1Oo1FRm5B0dA=",
-        version = "v1.0.4",
-    )
-    go_repository(
-        name = "com_github_containerd_containerd",
-        importpath = "github.com/containerd/containerd",
-        sum = "h1:h4dOFDwzHmqFEP754PgfgTeVXFnLiRc6kiqC7tplDJs=",
-        version = "v1.6.8",
-    )
-
-    go_repository(
-        name = "com_github_davecgh_go_spew",
-        importpath = "github.com/davecgh/go-spew",
-        sum = "h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=",
-        version = "v1.1.1",
-    )
-    go_repository(
-        name = "com_github_dmarkham_enumer",
-        importpath = "github.com/dmarkham/enumer",
-        sum = "h1:xYJA/lGoniiuhZLASBUbpPjScUslfyDHUAMczeflCeg=",
-        version = "v1.5.7",
-    )
-    go_repository(
-        name = "com_github_docker_distribution",
-        importpath = "github.com/docker/distribution",
-        sum = "h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=",
-        version = "v2.8.1+incompatible",
-    )
-    go_repository(
-        name = "com_github_docker_docker",
-        importpath = "github.com/docker/docker",
-        sum = "h1:6jX4yB+NtcbldT90k7vBSaWJDB3i+zkVJT9BEK8kQkk=",
-        version = "v20.10.22+incompatible",
-    )
-    go_repository(
-        name = "com_github_docker_go_connections",
-        importpath = "github.com/docker/go-connections",
-        sum = "h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=",
-        version = "v0.4.0",
-    )
-    go_repository(
-        name = "com_github_docker_go_units",
-        importpath = "github.com/docker/go-units",
-        sum = "h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=",
-        version = "v0.5.0",
-    )
-    go_repository(
-        name = "com_github_dustin_go_humanize",
-        importpath = "github.com/dustin/go-humanize",
-        sum = "h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=",
-        version = "v1.0.1",
-    )
-
-    go_repository(
-        name = "com_github_eapache_go_resiliency",
-        importpath = "github.com/eapache/go-resiliency",
-        sum = "h1:RRL0nge+cWGlxXbUzJ7yMcq6w2XBEr19dCN6HECGaT0=",
-        version = "v1.3.0",
-    )
-    go_repository(
-        name = "com_github_eapache_go_xerial_snappy",
-        importpath = "github.com/eapache/go-xerial-snappy",
-        sum = "h1:8yY/I9ndfrgrXUbOGObLHKBR4Fl3nZXwM2c7OYTT8hM=",
-        version = "v0.0.0-20230111030713-bf00bc1b83b6",
-    )
-    go_repository(
-        name = "com_github_eapache_queue",
-        importpath = "github.com/eapache/queue",
-        sum = "h1:YOEu7KNc61ntiQlcEeUIoDTJ2o8mQznoNvUhiigpIqc=",
-        version = "v1.1.0",
-    )
-    go_repository(
-        name = "com_github_emicklei_proto",
-        importpath = "github.com/emicklei/proto",
-        sum = "h1:CBZwNVwPJvkdevxvsoCuFedF9ENiBz0saen3L9y0OTA=",
-        version = "v1.11.1",
-    )
-    go_repository(
-        name = "com_github_fortytw2_leaktest",
-        importpath = "github.com/fortytw2/leaktest",
-        sum = "h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw=",
-        version = "v1.3.0",
-    )
-
-    go_repository(
-        name = "com_github_go_faster_city",
-        importpath = "github.com/go-faster/city",
-        sum = "h1:4WAxSZ3V2Ws4QRDrscLEDcibJY8uf41H6AhXDrNDcGw=",
-        version = "v1.0.1",
-    )
-    go_repository(
-        name = "com_github_go_faster_errors",
-        importpath = "github.com/go-faster/errors",
-        sum = "h1:nNIPOBkprlKzkThvS/0YaX8Zs9KewLCOSFQS5BU06FI=",
-        version = "v0.6.1",
-    )
-    go_repository(
-        name = "com_github_go_kit_log",
-        importpath = "github.com/go-kit/log",
-        sum = "h1:MRVx0/zhvdseW+Gza6N9rVzU/IVzaeE1SFI4raAhmBU=",
-        version = "v0.2.1",
-    )
-    go_repository(
-        name = "com_github_go_logfmt_logfmt",
-        importpath = "github.com/go-logfmt/logfmt",
-        sum = "h1:otpy5pqBCBZ1ng9RQ0dPu4PN7ba75Y/aA+UpowDyNVA=",
-        version = "v0.5.1",
-    )
-
-    go_repository(
-        name = "com_github_go_logr_logr",
-        importpath = "github.com/go-logr/logr",
-        sum = "h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=",
-        version = "v1.2.3",
-    )
-    go_repository(
-        name = "com_github_go_logr_stdr",
-        importpath = "github.com/go-logr/stdr",
-        sum = "h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=",
-        version = "v1.2.2",
-    )
-    go_repository(
-        name = "com_github_go_ole_go_ole",
-        importpath = "github.com/go-ole/go-ole",
-        sum = "h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY=",
-        version = "v1.2.6",
-    )
-    go_repository(
-        name = "com_github_gogo_protobuf",
-        importpath = "github.com/gogo/protobuf",
-        sum = "h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=",
-        version = "v1.3.2",
-    )
-    go_repository(
-        name = "com_github_golang_groupcache",
-        importpath = "github.com/golang/groupcache",
-        sum = "h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=",
-        version = "v0.0.0-20210331224755-41bb18bfe9da",
-    )
-
-    go_repository(
-        name = "com_github_golang_protobuf",
-        importpath = "github.com/golang/protobuf",
-        sum = "h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=",
-        version = "v1.5.3",
-    )
-    go_repository(
-        name = "com_github_golang_snappy",
-        importpath = "github.com/golang/snappy",
-        sum = "h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=",
-        version = "v0.0.4",
-    )
-    go_repository(
-        name = "com_github_google_go_cmp",
-        importpath = "github.com/google/go-cmp",
-        sum = "h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=",
-        version = "v0.5.9",
-    )
-
-    go_repository(
-        name = "com_github_google_gopacket",
-        importpath = "github.com/google/gopacket",
-        sum = "h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=",
-        version = "v1.1.19",
-    )
-    go_repository(
-        name = "com_github_google_uuid",
-        importpath = "github.com/google/uuid",
-        sum = "h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=",
-        version = "v1.3.0",
-    )
-    go_repository(
-        name = "com_github_gorilla_securecookie",
-        importpath = "github.com/gorilla/securecookie",
-        sum = "h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=",
-        version = "v1.1.1",
-    )
-    go_repository(
-        name = "com_github_gorilla_sessions",
-        importpath = "github.com/gorilla/sessions",
-        sum = "h1:DHd3rPN5lE3Ts3D8rKkQ8x/0kqfeNmBAaiSi+o7FsgI=",
-        version = "v1.2.1",
-    )
-
-    go_repository(
-        name = "com_github_gorilla_websocket",
-        importpath = "github.com/gorilla/websocket",
-        sum = "h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc=",
-        version = "v1.4.2",
-    )
-    go_repository(
-        name = "com_github_hashicorp_errwrap",
-        importpath = "github.com/hashicorp/errwrap",
-        sum = "h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=",
-        version = "v1.1.0",
-    )
-    go_repository(
-        name = "com_github_hashicorp_go_multierror",
-        importpath = "github.com/hashicorp/go-multierror",
-        sum = "h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=",
-        version = "v1.1.1",
-    )
-    go_repository(
-        name = "com_github_hashicorp_go_uuid",
-        importpath = "github.com/hashicorp/go-uuid",
-        sum = "h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=",
-        version = "v1.0.3",
-    )
-
-    go_repository(
-        name = "com_github_hashicorp_go_version",
-        importpath = "github.com/hashicorp/go-version",
-        sum = "h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek=",
-        version = "v1.6.0",
-    )
-    go_repository(
-        name = "com_github_huandu_go_assert",
-        importpath = "github.com/huandu/go-assert",
-        sum = "h1:fjemmA7sSfYHJD7CUqs9qTwwfdNAx7/j2/ZlHXzNB3c=",
-        version = "v1.1.5",
-    )
-    go_repository(
-        name = "com_github_huandu_go_sqlbuilder",
-        importpath = "github.com/huandu/go-sqlbuilder",
-        sum = "h1:q/XSlHhRT/eIrasrYQEbe2VJvGoou3WMGShEjNkGUS8=",
-        version = "v1.20.0",
-    )
-    go_repository(
-        name = "com_github_huandu_xstrings",
-        importpath = "github.com/huandu/xstrings",
-        sum = "h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU=",
-        version = "v1.4.0",
-    )
-    go_repository(
-        name = "com_github_jackc_puddle_v2",
-        importpath = "github.com/jackc/puddle/v2",
-        sum = "h1:0f7vaaXINONKTsxYDn4otOAiJanX/BMeAtY//BXqzlg=",
-        version = "v2.1.2",
-    )
-    go_repository(
-        name = "com_github_jcmturner_aescts_v2",
-        importpath = "github.com/jcmturner/aescts/v2",
-        sum = "h1:9YKLH6ey7H4eDBXW8khjYslgyqG2xZikXP0EQFKrle8=",
-        version = "v2.0.0",
-    )
-    go_repository(
-        name = "com_github_jcmturner_dnsutils_v2",
-        importpath = "github.com/jcmturner/dnsutils/v2",
-        sum = "h1:lltnkeZGL0wILNvrNiVCR6Ro5PGU/SeBvVO/8c/iPbo=",
-        version = "v2.0.0",
-    )
-    go_repository(
-        name = "com_github_jcmturner_gofork",
-        importpath = "github.com/jcmturner/gofork",
-        sum = "h1:QH0l3hzAU1tfT3rZCnW5zXl+orbkNMMRGJfdJjHVETg=",
-        version = "v1.7.6",
-    )
-    go_repository(
-        name = "com_github_jcmturner_goidentity_v6",
-        importpath = "github.com/jcmturner/goidentity/v6",
-        sum = "h1:VKnZd2oEIMorCTsFBnJWbExfNN7yZr3EhJAxwOkZg6o=",
-        version = "v6.0.1",
-    )
-    go_repository(
-        name = "com_github_jcmturner_gokrb5_v8",
-        importpath = "github.com/jcmturner/gokrb5/v8",
-        sum = "h1:x1Sv4HaTpepFkXbt2IkL29DXRf8sOfZXo8eRKh687T8=",
-        version = "v8.4.4",
-    )
-    go_repository(
-        name = "com_github_jcmturner_rpc_v2",
-        importpath = "github.com/jcmturner/rpc/v2",
-        sum = "h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZY=",
-        version = "v2.0.3",
-    )
-    go_repository(
-        name = "com_github_jpillora_backoff",
-        importpath = "github.com/jpillora/backoff",
-        sum = "h1:uvFg412JmmHBHw7iwprIxkPMI+sGQ4kzOWsMeHnm2EA=",
-        version = "v1.0.0",
-    )
-    go_repository(
-        name = "com_github_json_iterator_go",
-        importpath = "github.com/json-iterator/go",
-        sum = "h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=",
-        version = "v1.1.12",
-    )
-    go_repository(
-        name = "com_github_julienschmidt_httprouter",
-        importpath = "github.com/julienschmidt/httprouter",
-        sum = "h1:U0609e9tgbseu3rBINet9P48AI/D3oJs4dN7jwJOQ1U=",
-        version = "v1.3.0",
-    )
-
-    go_repository(
-        name = "com_github_kisielk_errcheck",
-        importpath = "github.com/kisielk/errcheck",
-        sum = "h1:e8esj/e4R+SAOwFwN+n3zr0nYeCyeweozKfO23MvHzY=",
-        version = "v1.5.0",
-    )
-    go_repository(
-        name = "com_github_kisielk_gotool",
-        importpath = "github.com/kisielk/gotool",
-        sum = "h1:AV2c/EiW3KqPNT9ZKl07ehoAGi4C5/01Cfbblndcapg=",
-        version = "v1.0.0",
-    )
-    go_repository(
-        name = "com_github_klauspost_compress",
-        importpath = "github.com/klauspost/compress",
-        sum = "h1:iULayQNOReoYUe+1qtKOqw9CwJv3aNQu8ivo7lw1HU4=",
-        version = "v1.16.0",
-    )
-    go_repository(
-        name = "com_github_kr_pretty",
-        importpath = "github.com/kr/pretty",
-        sum = "h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=",
-        version = "v0.3.0",
-    )
-    go_repository(
-        name = "com_github_kr_pty",
-        importpath = "github.com/kr/pty",
-        sum = "h1:VkoXIwSboBpnk99O/KFauAEILuNHv5DVFKZMBN/gUgw=",
-        version = "v1.1.1",
-    )
-    go_repository(
-        name = "com_github_kr_text",
-        importpath = "github.com/kr/text",
-        sum = "h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=",
-        version = "v0.1.0",
-    )
-
-    go_repository(
-        name = "com_github_libp2p_go_reuseport",
-        importpath = "github.com/libp2p/go-reuseport",
-        sum = "h1:18PRvIMlpY6ZK85nIAicSBuXXvrYoSw3dsBAR7zc560=",
-        version = "v0.2.0",
-    )
-    go_repository(
-        name = "com_github_magiconair_properties",
-        importpath = "github.com/magiconair/properties",
-        sum = "h1:5ibWZ6iY0NctNGWo87LalDlEZ6R41TqbbDamhfG/Qzo=",
-        version = "v1.8.6",
-    )
-
-    go_repository(
-        name = "com_github_matttproud_golang_protobuf_extensions",
-        importpath = "github.com/matttproud/golang_protobuf_extensions",
-        sum = "h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=",
-        version = "v1.0.4",
-    )
-    go_repository(
-        name = "com_github_microsoft_go_winio",
-        importpath = "github.com/Microsoft/go-winio",
-        sum = "h1:a9IhgEQBCUEk6QCdml9CiJGhAws+YwffDHEMp1VMrpA=",
-        version = "v0.5.2",
-    )
-    go_repository(
-        name = "com_github_microsoft_hcsshim",
-        importpath = "github.com/Microsoft/hcsshim",
-        sum = "h1:mnUj0ivWy6UzbB1uLFqKR6F+ZyiDc7j4iGgHTpO+5+I=",
-        version = "v0.9.4",
-    )
-    go_repository(
-        name = "com_github_mkevac_debugcharts",
-        importpath = "github.com/mkevac/debugcharts",
-        sum = "h1:/mD+ABZyXD39BzJI2XyRJlqdZG11gXFo0SSynL+OFeU=",
-        version = "v0.0.0-20191222103121-ae1c48aa8615",
-    )
-    go_repository(
-        name = "com_github_moby_sys_mount",
-        importpath = "github.com/moby/sys/mount",
-        sum = "h1:fX1SVkXFJ47XWDoeFW4Sq7PdQJnV2QIDZAqjNqgEjUs=",
-        version = "v0.3.3",
-    )
-    go_repository(
-        name = "com_github_moby_sys_mountinfo",
-        importpath = "github.com/moby/sys/mountinfo",
-        sum = "h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78=",
-        version = "v0.6.2",
-    )
-    go_repository(
-        name = "com_github_moby_term",
-        importpath = "github.com/moby/term",
-        sum = "h1:dcztxKSvZ4Id8iPpHERQBbIJfabdt4wUm5qy3wOL2Zc=",
-        version = "v0.0.0-20210619224110-3f7ff695adc6",
-    )
-    go_repository(
-        name = "com_github_modern_go_concurrent",
-        importpath = "github.com/modern-go/concurrent",
-        sum = "h1:ZqeYNhU3OHLH3mGKHDcjJRFFRrJa6eAM5H+CtDdOsPc=",
-        version = "v0.0.0-20180228061459-e0a39a4cb421",
-    )
-    go_repository(
-        name = "com_github_modern_go_reflect2",
-        importpath = "github.com/modern-go/reflect2",
-        sum = "h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=",
-        version = "v1.0.2",
-    )
-    go_repository(
-        name = "com_github_montanaflynn_stats",
-        importpath = "github.com/montanaflynn/stats",
-        sum = "h1:iruDEfMl2E6fbMZ9s0scYfZQ84/6SPL6zC8ACM2oIL0=",
-        version = "v0.0.0-20171201202039-1bf9dbcd8cbe",
-    )
-
-    go_repository(
-        name = "com_github_morikuni_aec",
-        importpath = "github.com/morikuni/aec",
-        sum = "h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=",
-        version = "v1.0.0",
-    )
-    go_repository(
-        name = "com_github_mwitkow_go_conntrack",
-        importpath = "github.com/mwitkow/go-conntrack",
-        sum = "h1:KUppIJq7/+SVif2QVs3tOP0zanoHgBEVAwHxUSIzRqU=",
-        version = "v0.0.0-20190716064945-2f068394615f",
-    )
-    go_repository(
-        name = "com_github_netsampler_goflow2",
-        importpath = "github.com/netsampler/goflow2",
-        sum = "h1:GpVlvPq4yRbyzoiz0Vp3XilNr5js/0UhHcQI7Ol/MDk=",
-        version = "v1.1.1",
-    )
-
-    go_repository(
-        name = "com_github_opencontainers_go_digest",
-        importpath = "github.com/opencontainers/go-digest",
-        sum = "h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=",
-        version = "v1.0.0",
-    )
-    go_repository(
-        name = "com_github_opencontainers_image_spec",
-        importpath = "github.com/opencontainers/image-spec",
-        sum = "h1:rc3tiVYb5z54aKaDfakKn0dDjIyPpTtszkjuMzyt7ec=",
-        version = "v1.0.3-0.20211202183452-c5a74bcca799",
-    )
-    go_repository(
-        name = "com_github_opencontainers_runc",
-        importpath = "github.com/opencontainers/runc",
-        sum = "h1:vIXrkId+0/J2Ymu2m7VjGvbSlAId9XNRPhn2p4b+d8w=",
-        version = "v1.1.3",
-    )
-    go_repository(
-        name = "com_github_oschwald_geoip2_golang",
-        importpath = "github.com/oschwald/geoip2-golang",
-        sum = "h1:igg2yQIrrcRccB1ytFXqBfOHCjXWIoMv85lVJ1ONZzw=",
-        version = "v1.5.0",
-    )
-    go_repository(
-        name = "com_github_oschwald_maxminddb_golang",
-        importpath = "github.com/oschwald/maxminddb-golang",
-        sum = "h1:Uh/DSnGoxsyp/KYbY1AuP0tYEwfs0sCph9p/UMXK/Hk=",
-        version = "v1.8.0",
-    )
-
-    go_repository(
-        name = "com_github_osrg_gobgp",
-        build_file_proto_mode = "disable",
-        importpath = "github.com/osrg/gobgp",
-        sum = "h1:91ARQbE1AtO0U4TIxHPJ7wYVZIqduyBwS1+FjlHlmrY=",
-        version = "v2.0.0+incompatible",
-    )
-    go_repository(
-        name = "com_github_pascaldekloe_name",
-        importpath = "github.com/pascaldekloe/name",
-        sum = "h1:9lnXOHeqeHHnWLbKfH6X98+4+ETVqFqxN09UXSjcMb0=",
-        version = "v1.0.1",
-    )
-    go_repository(
-        name = "com_github_paulmach_orb",
-        importpath = "github.com/paulmach/orb",
-        sum = "h1:MwA1DqOKtvCgm7u9RZ/pnYejTeDJPnr0+0oFajBbJqk=",
-        version = "v0.9.0",
-    )
-    go_repository(
-        name = "com_github_paulmach_protoscan",
-        importpath = "github.com/paulmach/protoscan",
-        sum = "h1:rM0FpcTjUMvPUNk2BhPJrreDKetq43ChnL+x1sRg8O8=",
-        version = "v0.2.1",
-    )
-
-    go_repository(
-        name = "com_github_pierrec_lz4",
-        importpath = "github.com/pierrec/lz4",
-        sum = "h1:9UY3+iC23yxF0UfGaYrGplQ+79Rg+h/q9FV9ix19jjM=",
-        version = "v2.6.1+incompatible",
-    )
-    go_repository(
-        name = "com_github_pierrec_lz4_v4",
-        importpath = "github.com/pierrec/lz4/v4",
-        sum = "h1:kV4Ip+/hUBC+8T6+2EgburRtkE9ef4nbY3f4dFhGjMc=",
-        version = "v4.1.17",
-    )
-    go_repository(
-        name = "com_github_pkg_diff",
-        importpath = "github.com/pkg/diff",
-        sum = "h1:aoZm08cpOy4WuID//EZDgcC4zIxODThtZNPirFr42+A=",
-        version = "v0.0.0-20210226163009-20ebb0f2a09e",
-    )
-
-    go_repository(
-        name = "com_github_pkg_errors",
-        importpath = "github.com/pkg/errors",
-        sum = "h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=",
-        version = "v0.9.1",
-    )
-
-    go_repository(
-        name = "com_github_pmezard_go_difflib",
-        importpath = "github.com/pmezard/go-difflib",
-        sum = "h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=",
-        version = "v1.0.0",
-    )
-    go_repository(
-        name = "com_github_prometheus_client_golang",
-        importpath = "github.com/prometheus/client_golang",
-        sum = "h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw=",
-        version = "v1.14.0",
-    )
-    go_repository(
-        name = "com_github_prometheus_client_model",
-        importpath = "github.com/prometheus/client_model",
-        sum = "h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4=",
-        version = "v0.3.0",
-    )
-    go_repository(
-        name = "com_github_prometheus_common",
-        importpath = "github.com/prometheus/common",
-        sum = "h1:EKsfXEYo4JpWMHH5cg+KOUWeuJSov1Id8zGR8eeI1YM=",
-        version = "v0.42.0",
-    )
-    go_repository(
-        name = "com_github_prometheus_procfs",
-        importpath = "github.com/prometheus/procfs",
-        sum = "h1:wzCHvIvM5SxWqYvwgVL7yJY8Lz3PKn49KQtpgMYJfhI=",
-        version = "v0.9.0",
-    )
-    go_repository(
-        name = "com_github_rcrowley_go_metrics",
-        importpath = "github.com/rcrowley/go-metrics",
-        sum = "h1:N/ElC8H3+5XpJzTSTfLsJV/mx9Q9g7kxmchpfZyxgzM=",
-        version = "v0.0.0-20201227073835-cf1acfcdf475",
-    )
-    go_repository(
-        name = "com_github_rogpeppe_go_internal",
-        importpath = "github.com/rogpeppe/go-internal",
-        sum = "h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=",
-        version = "v1.9.0",
-    )
-
-    go_repository(
-        name = "com_github_satori_go_uuid",
-        importpath = "github.com/satori/go.uuid",
-        sum = "h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww=",
-        version = "v1.2.0",
-    )
-    go_repository(
-        name = "com_github_segmentio_asm",
-        importpath = "github.com/segmentio/asm",
-        sum = "h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys=",
-        version = "v1.2.0",
-    )
-    go_repository(
-        name = "com_github_shirou_gopsutil",
-        importpath = "github.com/shirou/gopsutil",
-        sum = "h1:+1+c1VGhc88SSonWP6foOcLhvnKlUeu/erjjvaPEYiI=",
-        version = "v3.21.11+incompatible",
-    )
-
-    go_repository(
-        name = "com_github_shopify_sarama",
-        importpath = "github.com/Shopify/sarama",
-        sum = "h1:lqqPUPQZ7zPqYlWpTh+LQ9bhYNu2xJL6k1SJN4WVe2A=",
-        version = "v1.38.1",
-    )
-    go_repository(
-        name = "com_github_shopify_toxiproxy_v2",
-        importpath = "github.com/Shopify/toxiproxy/v2",
-        sum = "h1:i4LPT+qrSlKNtQf5QliVjdP08GyAH8+BUIc9gT0eahc=",
-        version = "v2.5.0",
-    )
-
-    go_repository(
-        name = "com_github_shopspring_decimal",
-        importpath = "github.com/shopspring/decimal",
-        sum = "h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8=",
-        version = "v1.3.1",
-    )
-
-    go_repository(
-        name = "com_github_sirupsen_logrus",
-        importpath = "github.com/sirupsen/logrus",
-        sum = "h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=",
-        version = "v1.9.0",
-    )
-
-    go_repository(
-        name = "com_github_stretchr_objx",
-        importpath = "github.com/stretchr/objx",
-        sum = "h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=",
-        version = "v0.5.0",
-    )
-    go_repository(
-        name = "com_github_stretchr_testify",
-        importpath = "github.com/stretchr/testify",
-        sum = "h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=",
-        version = "v1.8.2",
-    )
-    go_repository(
-        name = "com_github_testcontainers_testcontainers_go",
-        importpath = "github.com/testcontainers/testcontainers-go",
-        sum = "h1:h0D5GaYG9mhOWr2qHdEKDXpkce/VlvaYOCzTRi6UBi8=",
-        version = "v0.14.0",
-    )
-    go_repository(
-        name = "com_github_tidwall_pretty",
-        importpath = "github.com/tidwall/pretty",
-        sum = "h1:HsD+QiTn7sK6flMKIvNmpqz1qrpP3Ps6jOKIKMooyg4=",
-        version = "v1.0.0",
-    )
-
-    go_repository(
-        name = "com_github_tklauser_go_sysconf",
-        importpath = "github.com/tklauser/go-sysconf",
-        sum = "h1:IJ1AZGZRWbY8T5Vfk04D9WOA5WSejdflXxP03OUqALw=",
-        version = "v0.3.10",
-    )
-    go_repository(
-        name = "com_github_tklauser_numcpus",
-        importpath = "github.com/tklauser/numcpus",
-        sum = "h1:E53Dm1HjH1/R2/aoCtXtPgzmElmn51aOkhCFSuZq//o=",
-        version = "v0.4.0",
-    )
-
-    go_repository(
-        name = "com_github_vishvananda_netlink",
-        importpath = "github.com/vishvananda/netlink",
-        sum = "h1:Llsql0lnQEbHj0I1OuKyp8otXp0r3q0mPkuhwHfStVs=",
-        version = "v1.2.1-beta.2",
-    )
-    go_repository(
-        name = "com_github_vishvananda_netns",
-        importpath = "github.com/vishvananda/netns",
-        sum = "h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8=",
-        version = "v0.0.4",
-    )
-    go_repository(
-        name = "com_github_xdg_go_pbkdf2",
-        importpath = "github.com/xdg-go/pbkdf2",
-        sum = "h1:Su7DPu48wXMwC3bs7MCNG+z4FhcyEuz5dlvchbq0B0c=",
-        version = "v1.0.0",
-    )
-    go_repository(
-        name = "com_github_xdg_go_scram",
-        importpath = "github.com/xdg-go/scram",
-        sum = "h1:FHX5I5B4i4hKRVRBCFRxq1iQRej7WO3hhBuJf+UUySY=",
-        version = "v1.1.2",
-    )
-    go_repository(
-        name = "com_github_xdg_go_stringprep",
-        importpath = "github.com/xdg-go/stringprep",
-        sum = "h1:XLI/Ng3O1Atzq0oBs3TWm+5ZVgkq2aqdlvP9JtoZ6c8=",
-        version = "v1.0.4",
-    )
-    go_repository(
-        name = "com_github_xhit_go_str2duration",
-        importpath = "github.com/xhit/go-str2duration",
-        sum = "h1:BcV5u025cITWxEQKGWr1URRzrcXtu7uk8+luz3Yuhwc=",
-        version = "v1.2.0",
-    )
-    go_repository(
-        name = "com_github_youmark_pkcs8",
-        importpath = "github.com/youmark/pkcs8",
-        sum = "h1:splanxYIlg+5LfHAM6xpdFEAYOk8iySO56hMFq6uLyA=",
-        version = "v0.0.0-20181117223130-1be2e3e5546d",
-    )
-
-    go_repository(
-        name = "com_github_yuin_goldmark",
-        importpath = "github.com/yuin/goldmark",
-        sum = "h1:fVcFKWvrslecOb/tg+Cc05dkeYx540o0FuFt3nUVDoE=",
-        version = "v1.4.13",
-    )
-    go_repository(
-        name = "com_github_yusufpapurcu_wmi",
-        importpath = "github.com/yusufpapurcu/wmi",
-        sum = "h1:KBNDSne4vP5mbSWnJbO+51IMOXJB67QiYCSBrubbPRg=",
-        version = "v1.2.2",
-    )
-
-    go_repository(
-        name = "in_gopkg_check_v1",
-        importpath = "gopkg.in/check.v1",
-        sum = "h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=",
-        version = "v1.0.0-20201130134442-10cb98267c6c",
-    )
-    go_repository(
-        name = "in_gopkg_yaml_v2",
-        importpath = "gopkg.in/yaml.v2",
-        sum = "h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=",
-        version = "v2.4.0",
-    )
-
-    go_repository(
-        name = "in_gopkg_yaml_v3",
-        importpath = "gopkg.in/yaml.v3",
-        sum = "h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=",
-        version = "v3.0.1",
-    )
-    go_repository(
-        name = "io_k8s_klog_v2",
-        importpath = "k8s.io/klog/v2",
-        sum = "h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw=",
-        version = "v2.90.1",
-    )
-    go_repository(
-        name = "io_opencensus_go",
-        importpath = "go.opencensus.io",
-        sum = "h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M=",
-        version = "v0.23.0",
-    )
-    go_repository(
-        name = "io_opentelemetry_go_otel",
-        importpath = "go.opentelemetry.io/otel",
-        sum = "h1:/79Huy8wbf5DnIPhemGB+zEPVwnN6fuQybr/SRXa6hM=",
-        version = "v1.14.0",
-    )
-    go_repository(
-        name = "io_opentelemetry_go_otel_metric",
-        importpath = "go.opentelemetry.io/otel/metric",
-        sum = "h1:t0lgGI+L68QWt3QtOIlqM9gXoxqxWLhZ3R/e5oOAY0Q=",
-        version = "v0.36.0",
-    )
-    go_repository(
-        name = "io_opentelemetry_go_otel_sdk",
-        importpath = "go.opentelemetry.io/otel/sdk",
-        sum = "h1:BHib5g8MvdqS65yo2vV1s6Le42Hm6rrw08qU6yz5JaM=",
-        version = "v1.13.0",
-    )
-    go_repository(
-        name = "io_opentelemetry_go_otel_trace",
-        importpath = "go.opentelemetry.io/otel/trace",
-        sum = "h1:wp2Mmvj41tDsyAJXiWDWpfNsOiIyd38fy85pyKcFq/M=",
-        version = "v1.14.0",
-    )
-    go_repository(
-        name = "org_golang_google_appengine",
-        importpath = "google.golang.org/appengine",
-        sum = "h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=",
-        version = "v1.6.7",
-    )
-
-    go_repository(
-        name = "org_golang_google_genproto",
-        importpath = "google.golang.org/genproto",
-        sum = "h1:kqrS+lhvaMHCxul6sKQvKJ8nAAhlVItmZV822hYFH/U=",
-        version = "v0.0.0-20220617124728-180714bec0ad",
-    )
-    go_repository(
-        name = "org_golang_google_grpc",
-        importpath = "google.golang.org/grpc",
-        sum = "h1:9n77onPX5F3qfFCqjy9dhn8PbNQsIKeVU04J9G7umt8=",
-        version = "v1.47.0",
-    )
-    go_repository(
-        name = "org_golang_google_protobuf",
-        importpath = "google.golang.org/protobuf",
-        sum = "h1:44S3JjaKmLEE4YIkjzexaP+NzZsudE3Zin5Njn/pYX0=",
-        version = "v1.29.0",
-    )
-
-    go_repository(
-        name = "org_golang_x_crypto",
-        importpath = "golang.org/x/crypto",
-        sum = "h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A=",
-        version = "v0.7.0",
-    )
-
-    go_repository(
-        name = "org_golang_x_lint",
-        importpath = "golang.org/x/lint",
-        sum = "h1:Wh+f8QHJXR411sJR8/vRBTZ7YapZaRvUcLFFJhusH0k=",
-        version = "v0.0.0-20200302205851-738671d3881b",
-    )
-
-    go_repository(
-        name = "org_golang_x_mod",
-        importpath = "golang.org/x/mod",
-        sum = "h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8=",
-        version = "v0.8.0",
-    )
-    go_repository(
-        name = "org_golang_x_net",
-        importpath = "golang.org/x/net",
-        sum = "h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=",
-        version = "v0.8.0",
-    )
-    go_repository(
-        name = "org_golang_x_oauth2",
-        importpath = "golang.org/x/oauth2",
-        sum = "h1:HuArIo48skDwlrvM3sEdHXElYslAMsf3KwRkkW4MC4s=",
-        version = "v0.5.0",
-    )
-
-    go_repository(
-        name = "org_golang_x_sync",
-        importpath = "golang.org/x/sync",
-        sum = "h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=",
-        version = "v0.1.0",
-    )
-    go_repository(
-        name = "org_golang_x_sys",
-        importpath = "golang.org/x/sys",
-        sum = "h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=",
-        version = "v0.6.0",
-    )
-    go_repository(
-        name = "org_golang_x_term",
-        importpath = "golang.org/x/term",
-        sum = "h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw=",
-        version = "v0.6.0",
-    )
-
-    go_repository(
-        name = "org_golang_x_text",
-        importpath = "golang.org/x/text",
-        sum = "h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68=",
-        version = "v0.8.0",
-    )
-
-    go_repository(
-        name = "org_golang_x_tools",
-        importpath = "golang.org/x/tools",
-        sum = "h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM=",
-        version = "v0.6.0",
-    )
-    go_repository(
-        name = "org_golang_x_xerrors",
-        importpath = "golang.org/x/xerrors",
-        sum = "h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=",
-        version = "v0.0.0-20200804184101-5ec99f83aff1",
-    )
-    go_repository(
-        name = "org_mongodb_go_mongo_driver",
-        importpath = "go.mongodb.org/mongo-driver",
-        sum = "h1:QP0znIRTuL0jf1oBQoAoM0C6ZJfBK4kx0Uumtv1A7w8=",
-        version = "v1.11.1",
-    )
-
-    go_repository(
-        name = "org_uber_go_atomic",
-        importpath = "go.uber.org/atomic",
-        sum = "h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ=",
-        version = "v1.10.0",
-    )
-    go_repository(
-        name = "org_uber_go_multierr",
-        importpath = "go.uber.org/multierr",
-        sum = "h1:7fIwc/ZtS0q++VgcfqFDxSBZVv/Xo49/SYnDFupUwlI=",
-        version = "v1.9.0",
-    )
-    go_repository(
-        name = "org_uber_go_zap",
-        importpath = "go.uber.org/zap",
-        sum = "h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60=",
-        version = "v1.24.0",
-    )
diff --git a/deploy/single-node/schema/0001_create_flows_raw.sql b/schema/0001_create_flows_raw.sql
similarity index 84%
rename from deploy/single-node/schema/0001_create_flows_raw.sql
rename to schema/0001_create_flows_raw.sql
index 4451fde..66cdffb 100644
--- a/deploy/single-node/schema/0001_create_flows_raw.sql
+++ b/schema/0001_create_flows_raw.sql
@@ -6,23 +6,22 @@ CREATE TABLE IF NOT EXISTS flows_raw
 
     -- Raw fields
 
-    FlowType         Enum8(
-    'FLOWUNKNOWN' = 0,
-    'SFLOW_5' = 1,
-    'NETFLOW_V5' = 2,
-    'NETFLOW_V9' = 3,
-    'IPFIX' = 4
-),
-
-    SequenceNum     UInt64,
-
+    FlowType Enum8(
+        'FLOWUNKNOWN' = 0,
+        'SFLOW_5' = 1,
+        'NETFLOW_V5' = 2,
+        'NETFLOW_V9' = 3,
+        'IPFIX' = 4
+        ),
+
+    SequenceNum      UInt64,
     TimeReceived     UInt64,
     SamplingRate     UInt64,
 
+
     FlowDirection    UInt8,
 
     SamplerAddress   IPv6,
-
     TimeFlowStart    UInt64,
     TimeFlowEnd      UInt64,
 
@@ -32,10 +31,10 @@ CREATE TABLE IF NOT EXISTS flows_raw
     SrcAddr          IPv6,
     DstAddr          IPv6,
 
+
     EType            UInt16,
 
     Proto            UInt8,
-
     SrcPort          UInt32,
     DstPort          UInt32,
 
@@ -47,8 +46,8 @@ CREATE TABLE IF NOT EXISTS flows_raw
 
     SrcVlan          UInt32,
     DstVlan          UInt32,
-    VlanId           UInt32,
 
+    VlanId           UInt32,
     IngressVrfId     UInt32,
     EgressVrfId      UInt32,
 
@@ -58,13 +57,13 @@ CREATE TABLE IF NOT EXISTS flows_raw
     TCPFlags         UInt8,
     IcmpType         UInt8,
     IcmpCode         UInt8,
-    IPv6FlowLabel    UInt32,
 
+    IPv6FlowLabel    UInt32,
     FragmentId       UInt32,
     FragmentOffset   UInt32,
 
-    BiFlowDirection  UInt8,
 
+    BiFlowDirection  UInt8,
     SrcAS            UInt32,
     DstAS            UInt32,
 
@@ -73,10 +72,11 @@ CREATE TABLE IF NOT EXISTS flows_raw
 
     SrcNet           UInt8,
     DstNet           UInt8
-    ) ENGINE = MergeTree()
-    PARTITION BY Date
+
+) ENGINE = MergeTree()
+      PARTITION BY Date
     ORDER BY (TimeReceived, FlowDirection, SamplerAddress, SrcAS, DstAS, SrcAddr, DstAddr)
-    TTL Date + INTERVAL 1 WEEK;
+     TTL Date + INTERVAL 1 WEEK;
 
 -- +goose Down
 DROP TABLE IF EXISTS flows_raw;
\ No newline at end of file
diff --git a/deploy/single-node/schema/0002_create_dictionaries_database.sql b/schema/0002_create_dictionaries_database.sql
similarity index 100%
rename from deploy/single-node/schema/0002_create_dictionaries_database.sql
rename to schema/0002_create_dictionaries_database.sql
diff --git a/schema/0002_optimize_part_dropping.sql b/schema/0002_optimize_part_dropping.sql
new file mode 100644
index 0000000..6f52dd6
--- /dev/null
+++ b/schema/0002_optimize_part_dropping.sql
@@ -0,0 +1,5 @@
+-- +goose Up
+ALTER TABLE flows_raw MODIFY SETTING ttl_only_drop_parts=1, materialize_ttl_recalculate_only=1;
+
+-- +goose Down
+ALTER TABLE flows_raw RESET SETTING ttl_only_drop_parts, materialize_ttl_recalculate_only;
\ No newline at end of file
diff --git a/deploy/single-node/schema/files.cue b/schema/files.cue
similarity index 100%
rename from deploy/single-node/schema/files.cue
rename to schema/files.cue
diff --git a/deploy/single-node/schema/functions.cue b/schema/functions.cue
similarity index 100%
rename from deploy/single-node/schema/functions.cue
rename to schema/functions.cue
diff --git a/deploy/single-node/schema/schema.cue b/schema/schema.cue
similarity index 100%
rename from deploy/single-node/schema/schema.cue
rename to schema/schema.cue
diff --git a/deploy/single-node/schema/tables.cue b/schema/tables.cue
similarity index 100%
rename from deploy/single-node/schema/tables.cue
rename to schema/tables.cue
diff --git a/deploy/single-node/schema/views.cue b/schema/views.cue
similarity index 99%
rename from deploy/single-node/schema/views.cue
rename to schema/views.cue
index 1289c9c..0913c47 100644
--- a/deploy/single-node/schema/views.cue
+++ b/schema/views.cue
@@ -3,7 +3,9 @@ package schema
 view: flows_raw_view: {
 	from: "flows_queue"
 	to:   "flows_raw"
-	query: #"""
+	query:
+	// language=clickhouse
+	#"""
 		SELECT * REPLACE (
 		    if(
 		            dictGet('SamplerConfig', 'AnonymizeAddresses', IPv6NumToString(SamplerAddress)),
diff --git a/scripts/build_containers.sh b/scripts/build_containers.sh
deleted file mode 100755
index cb2db5d..0000000
--- a/scripts/build_containers.sh
+++ /dev/null
@@ -1,38 +0,0 @@
-#!/usr/bin/env bash
-# Build container bundle using Bazel and import it to the local k3s image store.
-# This bypasses the need for a local registry for development, similar to the trickery minikube does.
-set -euo pipefail
-
-export PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/sbin:/bin
-
-# TODO(leo): replace with a Bazel rule
-
-function build() {
-  local target=$1
-
-  bazel build //${target}.tar
-
-  local location=$(bazel cquery ${target/:/\//}.tar \
-    --output starlark \
-    --starlark:expr="target.files.to_list()[0].path")
-
-  k3s ctr images import --digests ${location} 1>&2
-  local digest=$(crictl inspecti bazel/${target} 2>&1 | jq -r '.status.repoDigests[0] | split("@")[-1]')
-
-  # "docker.io/bazel" is hardcoded in rules_docker. Specifying a digest does not work with a local image, therefore, we
-  # need force the pod to redeploy when the digest changes by adding a digest annotation on the deployment.
-  echo "{image: \"docker.io/bazel/${target}\", digest: \"${digest}\"}"
-}
-
-cat <<EOF > deploy/single-node/images_local.cue
-package k8s
-
-netmeta: images: {
-  helloworld: $(build cmd/helloworld:helloworld)
-  risinfo: $(build cmd/risinfo:risinfo)
-  goflow: $(build third_party/goflow:goflow)
-  portmirror: $(build cmd/portmirror:portmirror)
-  reconciler: $(build cmd/reconciler:reconciler)
-  grafana: $(build third_party/grafana:grafana)
-}
-EOF
diff --git a/scripts/gazelle.sh b/scripts/gazelle.sh
deleted file mode 100755
index f989625..0000000
--- a/scripts/gazelle.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/bash
-# gazelle.sh regenerates BUILD.bazel files for Go source files.
-set -euo pipefail
-
-! bazel run //:go mod tidy
-bazel run //:gazelle -- update
-bazel run //:gazelle -- update-repos -from_file=go.mod -to_macro=repositories.bzl%go_repositories -prune=true
diff --git a/scripts/git-tree-hash.sh b/scripts/git-tree-hash.sh
deleted file mode 100755
index 658f517..0000000
--- a/scripts/git-tree-hash.sh
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/sh
-# https://stackoverflow.com/questions/23939988/git-get-a-hash-of-the-current-state-of-the-working-tree
-{   git diff-index --name-only HEAD
-    git ls-files -o --exclude-standard
-} \
-| while read path; do
-    test -f "$path" && printf "100644 blob %s\t$path\n" $(git hash-object -w "$path");
-    test -d "$path" && printf "160000 commit %s\t$path\n" $(cd "$path"; git rev-parse HEAD);
-done | sed 's,/,\\,g' | git mktree --missing
diff --git a/scripts/print-workspace-status.sh b/scripts/print-workspace-status.sh
deleted file mode 100755
index fbbbe1b..0000000
--- a/scripts/print-workspace-status.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/usr/bin/env bash
-set -o errexit
-set -o nounset
-set -o pipefail
-
-
-echo TREE_GIT_SHA "$(./scripts/git-tree-hash.sh)"
-echo COMMIT_GIT_SHA "$(git rev-parse --verify HEAD)"
\ No newline at end of file
diff --git a/third_party/goflow/BUILD b/third_party/goflow/BUILD
deleted file mode 100644
index 94b06f3..0000000
--- a/third_party/goflow/BUILD
+++ /dev/null
@@ -1,8 +0,0 @@
-load("@io_bazel_rules_docker//go:image.bzl", "go_image")
-
-go_image(
-    name = "goflow",
-    binary = "@com_github_netsampler_goflow2//cmd/goflow2:goflow2",
-    static = "on",
-    visibility = ["//visibility:public"],
-)
diff --git a/third_party/grafana/BUILD b/third_party/grafana/BUILD
deleted file mode 100644
index 11263be..0000000
--- a/third_party/grafana/BUILD
+++ /dev/null
@@ -1,3 +0,0 @@
-load(":container.bzl", "grafana_image")
-
-grafana_image()
diff --git a/third_party/grafana/container.bzl b/third_party/grafana/container.bzl
deleted file mode 100644
index 957c361..0000000
--- a/third_party/grafana/container.bzl
+++ /dev/null
@@ -1,26 +0,0 @@
-load("@io_bazel_rules_docker//container:container.bzl", "container_image", "container_layer")
-
-PLUGINS = {
-    "netsage-sankey-panel": "1.0.6",
-    "grafana-clickhouse-datasource": "2.0.7",
-}
-
-def grafana_plugin_layer(name):
-    container_layer(
-        name = name,
-        files = [
-            "@{}//:files".format(name),
-        ],
-        data_path = ".",
-        directory = "/var/lib/grafana/plugins/{}".format(name),
-    )
-
-    return ":{}".format(name)
-
-def grafana_image():
-    container_image(
-        name = "grafana",
-        base = "@grafana//image",
-        layers = [grafana_plugin_layer(name) for name, _ in PLUGINS.items()],
-        visibility = ["//visibility:public"],
-    )
diff --git a/third_party/grafana/grafana_plugin.bzl b/third_party/grafana/grafana_plugin.bzl
deleted file mode 100644
index 32dc2d6..0000000
--- a/third_party/grafana/grafana_plugin.bzl
+++ /dev/null
@@ -1,41 +0,0 @@
-load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
-load("@io_bazel_rules_docker//container:container.bzl", "container_layer")
-
-_grafana_plugin_attrs = {
-    "version": attr.string(
-        mandatory = True,
-        doc = "The plugin version to download and bundle",
-    ),
-}
-
-def _grafana_plugin_impl(ctx):
-    ctx.download_and_extract(
-        url = "https://grafana.com/api/plugins/%s/versions/%s/download?os=%s&arch=%s" % (ctx.name, ctx.attr.version, os(ctx), arch(ctx)),
-        type = "zip",
-    )
-
-    ctx.file("BUILD.bazel", """
-package(default_visibility = ["//visibility:public"])
-
-filegroup(
-    name = "files",
-    srcs = glob(["**"]),
-)
-    """)
-
-grafana_plugin = repository_rule(
-    attrs = _grafana_plugin_attrs,
-    implementation = _grafana_plugin_impl,
-)
-
-def os(rctx):
-    os = rctx.os.name.lower()
-    if os == "mac os x":
-        return "darwin"
-    return os
-
-def arch(rctx):
-    arch = rctx.os.arch.lower()
-    if arch == "aarch64":
-        return "arm64"
-    return arch
diff --git a/uninstall.sh b/uninstall.sh
deleted file mode 100755
index 1177914..0000000
--- a/uninstall.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/bash
-# Remove all pieces of NetMeta. No promises!
-
-rm -rf /usr/local/go
-rm /etc/profile.d/local_go.sh
-rm /usr/local/bin/cue
-rm /usr/local/bin/bazel
-
-k3s-uninstall.sh
-
-# Ok to fail on non-SELinux distros
-yum -y remove k3s-selinux