diff --git a/k8s-wheatley/romm/configmap.yaml b/k8s-wheatley/romm/configmap.yaml
new file mode 100644
index 0000000..e90220b
--- /dev/null
+++ b/k8s-wheatley/romm/configmap.yaml
@@ -0,0 +1,21 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: romm-db-envs
+data:
+  MARIADB_DATABASE: romm
+  MARIADB_USER: romm
+  TZ: Europe/Amsterdam
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: romm-envs
+data:
+  DB_HOST: 127.0.0.1
+  DB_NAME: romm
+  DB_USER: romm
+  ROMM_PORT: "8080"
+  HASHEOUS_API_ENABLED: "true"
+  TZ: Europe/Amsterdam
diff --git a/k8s-wheatley/romm/deployments.yaml b/k8s-wheatley/romm/deployments.yaml
new file mode 100644
index 0000000..79b7fd1
--- /dev/null
+++ b/k8s-wheatley/romm/deployments.yaml
@@ -0,0 +1,83 @@
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: romm
+  labels:
+    app: romm
+spec:
+  replicas: 1
+  serviceName: romm
+  selector:
+    matchLabels:
+      app: romm
+  template:
+    metadata:
+      labels:
+        app: romm
+    spec:
+      initContainers:
+        - name: romm-db
+          image: mariadb
+          envFrom:
+            - configMapRef:
+                name: romm-db-envs
+            - secretRef:
+                name: romm-db-env-secrets
+          volumeMounts:
+            - mountPath: /var/lib/mysql
+              name: romm-db-data
+          restartPolicy: Always
+          readinessProbe:
+            exec:
+              command:
+                - sh
+                - -c
+                - "healthcheck.sh --connect --innodb_initialized"
+            initialDelaySeconds: 5
+            periodSeconds: 3
+            timeoutSeconds: 2
+            failureThreshold: 3
+          livenessProbe:
+            exec:
+              command:
+                - sh
+                - -c
+                - "healthcheck.sh --connect --innodb_initialized"
+            initialDelaySeconds: 10
+            periodSeconds: 15
+            timeoutSeconds: 2
+            failureThreshold: 3
+      containers:
+        - name: romm
+          image: rommapp/romm
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 8080
+          envFrom:
+            - configMapRef:
+                name: romm-envs
+            - secretRef:
+                name: romm-env-secrets
+          volumeMounts:
+            - mountPath: /romm
+              name: romm-data
+            - mountPath: /romm/library
+              name: nfs-media-roms
+              readOnly: true
+            - mountPath: /romm/downloads
+              name: nfs-media-downloads
+              readOnly: true
+      volumes:
+        - name: romm-db-data
+          persistentVolumeClaim:
+            claimName: romm-db-storage
+        - name: romm-data
+          persistentVolumeClaim:
+            claimName: romm-storage
+        - name: nfs-media-roms
+          persistentVolumeClaim:
+            claimName: nfs-media-roms
+        - name: nfs-media-downloads
+          persistentVolumeClaim:
+            claimName: nfs-media-downloads
diff --git a/k8s-wheatley/romm/ingress.yaml b/k8s-wheatley/romm/ingress.yaml
new file mode 100644
index 0000000..8a7eae1
--- /dev/null
+++ b/k8s-wheatley/romm/ingress.yaml
@@ -0,0 +1,16 @@
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: romm-route
+spec:
+  parentRefs:
+    - name: internal
+      namespace: kube-system
+      sectionName: https
+  hostnames:
+    - "roms.wheatley.in"
+  rules:
+    - backendRefs:
+        - name: romm
+          port: 80
diff --git a/k8s-wheatley/romm/kustomization.yaml b/k8s-wheatley/romm/kustomization.yaml
new file mode 100644
index 0000000..3c4bb11
--- /dev/null
+++ b/k8s-wheatley/romm/kustomization.yaml
@@ -0,0 +1,53 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: romm
+
+resources:
+  - configmap.yaml
+  - deployments.yaml
+  - ingress.yaml
+  - pvc.yaml
+  - secrets.yaml
+  - services.yaml
+  - namespace.yaml
+
+components:
+  - ../../kustomize-bases/nfs-media/components/roms
+  - ../../kustomize-bases/nfs-media/components/downloads
+
+patches:
+  - target:
+      kind: PersistentVolume
+      name: nfs-media-roms
+    patch: |
+      - op: replace
+        path: /metadata/name
+        value: nfs-media-romm-roms
+  - target:
+      kind: PersistentVolume
+      name: nfs-media-downloads
+    patch: |
+      - op: replace
+        path: /metadata/name
+        value: nfs-media-romm-downloads
+  - target:
+      kind: PersistentVolumeClaim
+      name: nfs-media-roms
+    patch: |
+      - op: replace
+        path: /spec/volumeName
+        value: nfs-media-romm-roms
+  - target:
+      kind: PersistentVolumeClaim
+      name: nfs-media-downloads
+    patch: |
+      - op: replace
+        path: /spec/volumeName
+        value: nfs-media-romm-downloads
+
+images:
+  - name: mariadb
+    newTag: lts
+  - name: rommapp/romm
+    newTag: 4.8.1
diff --git a/k8s-wheatley/romm/namespace.yaml b/k8s-wheatley/romm/namespace.yaml
new file mode 100644
index 0000000..131f95c
--- /dev/null
+++ b/k8s-wheatley/romm/namespace.yaml
@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: romm
diff --git a/k8s-wheatley/romm/pvc.yaml b/k8s-wheatley/romm/pvc.yaml
new file mode 100644
index 0000000..3d64e4c
--- /dev/null
+++ b/k8s-wheatley/romm/pvc.yaml
@@ -0,0 +1,24 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: romm-db-storage
+spec:
+  storageClassName: piraeus-lvmthin
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 5Gi
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: romm-storage
+spec:
+  storageClassName: piraeus-lvmthin
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi
diff --git a/k8s-wheatley/romm/secrets.yaml b/k8s-wheatley/romm/secrets.yaml
new file mode 100644
index 0000000..e1a9d82
--- /dev/null
+++ b/k8s-wheatley/romm/secrets.yaml
@@ -0,0 +1,52 @@
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: romm-db-env-secrets
+spec:
+  secretStoreRef:
+    name: vault-wheatley
+    kind: ClusterSecretStore
+  target:
+    name: romm-db-env-secrets
+  data:
+    - secretKey: MARIADB_ROOT_PASSWORD
+      remoteRef:
+        key: secrets/managed/romm/romm-db
+        property: ROOT_PASSWORD
+    - secretKey: MARIADB_PASSWORD
+      remoteRef:
+        key: secrets/managed/romm/romm-db
+        property: PASSWORD
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: romm-env-secrets
+spec:
+  secretStoreRef:
+    name: vault-wheatley
+    kind: ClusterSecretStore
+  target:
+    name: romm-env-secrets
+  data:
+    - secretKey: DB_PASSWD
+      remoteRef:
+        key: secrets/managed/romm/romm-db
+        property: PASSWORD
+    - secretKey: ROMM_AUTH_SECRET_KEY
+      remoteRef:
+        key: secrets/managed/romm/romm
+        property: SECRET_KEY
+    - secretKey: IGDB_CLIENT_ID
+      remoteRef:
+        key: secrets/managed/romm/romm
+        property: IGDB_CLIENT_ID
+    - secretKey: IGDB_CLIENT_SECRET
+      remoteRef:
+        key: secrets/managed/romm/romm
+        property: IGDB_CLIENT_SECRET
+    - secretKey: STEAMGRIDDB_API_KEY
+      remoteRef:
+        key: secrets/managed/romm/romm
+        property: STEAMGRIDDB_API_KEY
diff --git a/k8s-wheatley/romm/services.yaml b/k8s-wheatley/romm/services.yaml
new file mode 100644
index 0000000..1d89402
--- /dev/null
+++ b/k8s-wheatley/romm/services.yaml
@@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: romm
+spec:
+  selector:
+    app: romm
+  ports:
+    - port: 80
+      protocol: TCP
+      targetPort: 8080