diff --git a/apps/kustomization.yaml b/apps/kustomization.yaml
index fa01a365aaf148fb1bd1d304a459dd2a65cdf93a..336ef78a475ad8736c791e26627d9189c4ef553e 100644
--- a/apps/kustomization.yaml
+++ b/apps/kustomization.yaml
@@ -8,3 +8,4 @@ resources:
   - flow-kustomization.yaml
   - meet-kustomization.yaml
   - status-kustomization.yaml
+  - sprint-kustomization.yaml
diff --git a/apps/sprint-kustomization.yaml b/apps/sprint-kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..c5cb0e183744eaf7a7830654ff96c1b8f38d194e
--- /dev/null
+++ b/apps/sprint-kustomization.yaml
@@ -0,0 +1,12 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: add-sprint
+  namespace: flux-system
+spec:
+  interval: 10m
+  prune: true
+  path: ./apps/sprint
+  sourceRef:
+    kind: GitRepository
+    name: stackspout
diff --git a/apps/sprint/kustomization.yaml b/apps/sprint/kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..9a78b1d1a5d0bdcc6090b0e8bb3d17a050cc434c
--- /dev/null
+++ b/apps/sprint/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - taiga-kustomization.yaml
+  - taiga-secrets-kustomization.yaml
diff --git a/apps/sprint/taiga-kustomization.yaml b/apps/sprint/taiga-kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..c341d8de185c4fd13a0f5e8a33a362475340f958
--- /dev/null
+++ b/apps/sprint/taiga-kustomization.yaml
@@ -0,0 +1,35 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: taiga
+  namespace: flux-system
+spec:
+  interval: 5m
+  retryInterval: 2m
+  timeout: 10m
+  wait: true
+  prune: true
+  path: ./apps/sprint/taiga
+  sourceRef:
+    kind: GitRepository
+    name: stackspout
+  dependsOn:
+    - name: flux
+    - name: local-path-provisioner
+    - name: taiga-secrets
+    - name: nginx
+    - name: single-sign-on
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: stackspin-cluster-variables
+      - kind: ConfigMap
+        name: stackspin-taiga-kustomization-variables
+      - kind: Secret
+        name: stackspin-taiga-variables
+      # OIDC
+      - kind: Secret
+        name: stackspin-taiga-oauth-variables
+      - kind: ConfigMap
+        name: stackspin-single-sign-on-kustomization-variables
diff --git a/apps/sprint/taiga-secrets-kustomization.yaml b/apps/sprint/taiga-secrets-kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..49dcf46d73ab8da567a7c94fbf44633fa0e713a2
--- /dev/null
+++ b/apps/sprint/taiga-secrets-kustomization.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: taiga-secrets
+  namespace: flux-system
+spec:
+  interval: 5m
+  timeout: 4m
+  wait: true
+  prune: true
+  path: ./apps/sprint/taiga-secrets
+  sourceRef:
+    kind: GitRepository
+    name: stackspout
+  dependsOn:
+    - name: flux
+    - name: secrets-controller
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: stackspin-cluster-variables
diff --git a/apps/sprint/taiga-secrets/taiga-kustomization-variables.yaml b/apps/sprint/taiga-secrets/taiga-kustomization-variables.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..3131eff54b851ca667af81734d709a68f57a24c6
--- /dev/null
+++ b/apps/sprint/taiga-secrets/taiga-kustomization-variables.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: stackspin-taiga-kustomization-variables
+  namespace: flux-system
+data:
+  taiga_domain: sprint.${domain}
diff --git a/apps/sprint/taiga-secrets/taiga-oauth-secret.yaml b/apps/sprint/taiga-secrets/taiga-oauth-secret.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..b42b230858eec4bbae621dd32e4a6cde1e74df96
--- /dev/null
+++ b/apps/sprint/taiga-secrets/taiga-oauth-secret.yaml
@@ -0,0 +1,12 @@
+---
+apiVersion: secretgenerator.mittwald.de/v1alpha1
+kind: StringSecret
+metadata:
+  name: stackspin-taiga-oauth-variables
+  namespace: flux-system
+spec:
+  data:
+    client_id: taiga
+  fields:
+  - fieldName: client_secret
+    length: "32"
diff --git a/apps/sprint/taiga-secrets/taiga-variables.yaml b/apps/sprint/taiga-secrets/taiga-variables.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..3aa650aaa87a0915dd1237cf344c94ed9aa36a8e
--- /dev/null
+++ b/apps/sprint/taiga-secrets/taiga-variables.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: secretgenerator.mittwald.de/v1alpha1
+kind: StringSecret
+metadata:
+  name: stackspin-taiga-variables
+  namespace: flux-system
+spec:
+  fields:
+  - fieldname: password
diff --git a/apps/sprint/taiga/taiga-oauth-client.yaml b/apps/sprint/taiga/taiga-oauth-client.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..0bc12ccdebe4c474680a6f67398d5d517253e541
--- /dev/null
+++ b/apps/sprint/taiga/taiga-oauth-client.yaml
@@ -0,0 +1,21 @@
+apiVersion: hydra.ory.sh/v1alpha1
+kind: OAuth2Client
+metadata:
+  name: taiga-oauth-client
+  # Has to live in the same namespace as the stackspin-taiga-oauth-variables secret
+  namespace: flux-system
+spec:
+  # TODO copied from wekan: https://github.com/wekan/wekan/wiki/Keycloak
+  grantTypes:
+    - authorization_code
+    - refresh_token
+    - client_credentials
+    - implicit
+  responseTypes:
+    - id_token
+    - code
+  scope: "openid profile email stackspin_roles"
+  secretName: stackspin-taiga-oauth-variables
+  #redirectUris:
+  #  - https://${taiga_domain}/oauth/openid/
+  #tokenEndpointAuthMethod: client_secret_post
diff --git a/apps/sprint/taiga/taiga-postgres-pvc.yaml b/apps/sprint/taiga/taiga-postgres-pvc.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..31144aaf75ea4b9e52f99ac5c24d5fe48762e179
--- /dev/null
+++ b/apps/sprint/taiga/taiga-postgres-pvc.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: taiga-postgres
+  namespace: stackspout
+  labels:
+    stackspin.net/backupSet: "taiga"
+spec:
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 2Gi
+  storageClassName: local-path
diff --git a/apps/sprint/taiga/taiga-release.yaml b/apps/sprint/taiga/taiga-release.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..b9ff3e6938b1c9519b2df7c2fd7a8d5dc8e0da56
--- /dev/null
+++ b/apps/sprint/taiga/taiga-release.yaml
@@ -0,0 +1,27 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: taiga
+  namespace: stackspout
+spec:
+  releaseName: taiga
+  chart:
+    spec:
+      chart: taiga
+      version: 1.0 # TODO
+      sourceRef:
+        kind: HelmRepository
+        name: nemonik
+        namespace: flux-system
+  interval: 5m
+  valuesFrom:
+    - kind: ConfigMap
+      name: stackspin-taiga-values
+      optional: false
+    # Allow overriding values by ConfigMap or Secret
+    - kind: ConfigMap
+      name: stackspin-taiga-override
+      optional: true
+    - kind: Secret
+      name: stackspin-taiga-override
+      optional: true
diff --git a/apps/sprint/taiga/taiga-values-configmap.yaml b/apps/sprint/taiga/taiga-values-configmap.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..19e9d01bb8e9357bc5fc2304ec6cd589b64faa8b
--- /dev/null
+++ b/apps/sprint/taiga/taiga-values-configmap.yaml
@@ -0,0 +1,51 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: stackspin-taiga-values
+  namespace: stackspout
+data:
+  values.yaml: |
+    # https://github.com/nemonik/taiga-helm/blob/master/values.yaml
+    # TODO verify structure matches chart
+    commonLabels:
+      stackspin.net/backupSet: "taiga"
+    podLabels:
+      stackspin.net/backupSet: "taiga"
+
+    taigaDB:
+      persistence:
+        enabled: true
+        existingClaim: taiga-postgres
+      podAnnotations:
+        backup.velero.io/backup-volumes: "data"
+
+    taigaGateway:
+      ingress:
+        enabled: true
+        annotations:
+          kubernetes.io/tls-acme: "true"
+        hosts:
+          - host: "${taiga_domain}"
+            paths:
+               - path: /
+                 pathType: Prefix
+        tls:
+          - secretName: taiga-tls
+            hosts:
+              - "${taiga_domain}"
+
+    env:
+      mailer:
+        enableEmail: "${outgoing_mail_enabled}"
+        emailHost: "${outgoing_mail_smtp_host}"
+        emailPort: "${outgoing_mail_smtp_port}"
+        emailHostUser: "${outgoing_mail_smtp_user}"
+        emailHostPassword: "${outgoing_mail_smtp_password}"
+        defaultFromEmail: "${outgoing_mail_from_address}"
+
+    # TODO Adjust taiga OpenID Connect Single Sign-On Configuration
+    #    - name: Stackspin
+    #      key: "${client_id}"
+    #      secret: "${client_secret}"
+    #      issuer: "https://${hydra_domain}"
+    #      autoDiscoverUrl: 'https://${hydra_domain}/.well-known/openid-configuration'
diff --git a/infrastructure/sources/nemonik.yaml b/infrastructure/sources/nemonik.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..958b1316297b086b3e1e07b8b44915fdc5a88bd0
--- /dev/null
+++ b/infrastructure/sources/nemonik.yaml
@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: HelmRepository
+metadata:
+  name: nemonik
+  namespace: flux-system
+spec:
+  interval: 60m
+  url: https://nemonik.github.io/helm-charts/