maybe we can remove helmsman with bazel
better managing of secrets (maybe we shouldnt have environment variables)
add db migrations
nixos-k3s repo