diff --git a/clusters/default/tools/gotenberg/gotenberg-svc.yml b/clusters/default/tools/gotenberg/gotenberg-svc.yml
new file mode 100644
index 0000000..df62f37
--- /dev/null
+++ b/clusters/default/tools/gotenberg/gotenberg-svc.yml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: gotenberg-service
+  namespace: tools
+spec:
+  selector:
+    app: gotenberg
+  type: ClusterIP
+  ports:
+  - port: 3000
+    targetPort: 3000
diff --git a/clusters/default/tools/gotenberg/gotenberg.yml b/clusters/default/tools/gotenberg/gotenberg.yml
new file mode 100644
index 0000000..ce35e30
--- /dev/null
+++ b/clusters/default/tools/gotenberg/gotenberg.yml
@@ -0,0 +1,30 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gotenberg
+  namespace: tools
+spec:
+  selector:
+    matchLabels:
+      app: gotenberg
+  template:
+    metadata:
+      labels:
+        app: gotenberg
+    spec:
+      securityContext:
+        runAsUser: 1001
+      containers:
+      - name: gotenberg
+        image: gotenberg/gotenberg:8.24
+        command:
+        - sh
+        - -c
+        - |
+          gotenberg --chromium-disable-javascript=true --chromium-allow-list=file:///tmp/.*
+        ports:
+        - containerPort: 3000
+        securityContext:
+          readOnlyRootFilesystem: false
+          allowPrivilegeEscalation: false
+          privileged: false
diff --git a/clusters/default/tools/paperless-ngx/paperless-ngx-svc.yml b/clusters/default/tools/paperless-ngx/paperless-ngx-svc.yml
new file mode 100644
index 0000000..8c4b718
--- /dev/null
+++ b/clusters/default/tools/paperless-ngx/paperless-ngx-svc.yml
@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: paperless-ngx-service
+  namespace: tools
+spec:
+  type: LoadBalancer
+  selector:
+    app: paperless-ngx
+  ports:
+  - port: 8001
+    targetPort: 8000
diff --git a/clusters/default/tools/paperless-ngx/paperless-ngx.yml b/clusters/default/tools/paperless-ngx/paperless-ngx.yml
new file mode 100644
index 0000000..d56e1e4
--- /dev/null
+++ b/clusters/default/tools/paperless-ngx/paperless-ngx.yml
@@ -0,0 +1,75 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: paperless-ngx
+  namespace: tools
+spec:
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: paperless-ngx
+  template:
+    metadata:
+      labels:
+        app: paperless-ngx
+    spec:
+      initContainers:
+      - name: paperless-ngx-db
+        image: docker.io/library/redis:8
+        restartPolicy: Always
+        ports:
+        - containerPort: 6379
+        volumeMounts:
+        - name: data
+          mountPath: /data
+          subPath: redis
+      containers:
+      - name: paperless-ngx
+        image: ghcr.io/paperless-ngx/paperless-ngx:2.18.4
+        ports:
+        - containerPort: 8000
+        env:
+        - name: PAPERLESS_REDIS
+          value: "redis://localhost:6379"
+        - name: PAPERLESS_URL
+          valueFrom:
+            secretKeyRef:
+              name: paperless-secrets
+              key: PAPERLESS_URL
+        - name: PAPERLESS_CSRF_TRUSTED_ORIGINS
+          valueFrom:
+            secretKeyRef:
+              name: paperless-secrets
+              key: PAPERLESS_CSRF_TRUSTED_ORIGINS
+        - name: PAPERLESS_CORS_ALLOWED_HOSTS
+          valueFrom:
+            secretKeyRef:
+              name: paperless-secrets
+              key: PAPERLESS_URL
+        - name: PAPERLESS_TIME_ZONE
+          value: "Asia/Kolkata"
+        - name: PAPERLESS_TIKA_ENABLED
+          value: "1"
+        - name: PAPERLESS_TIKA_ENDPOINT
+          value: "http://tika-service:9998"
+        - name: PAPERLESS_TIKA_GOTENBERG_ENDPOINT
+          value: "http://gotenberg-service:3000"
+        volumeMounts:
+        - name: data
+          mountPath: /usr/src/paperless/data
+          subPath: data
+        - name: data
+          mountPath: usr/src/paperless/media
+          subPath: media
+        - name: data
+          mountPath: /usr/src/paperless/export
+          subPath: export
+        - name: data
+          mountPath: /usr/src/paperless/consume
+          subPath: consume
+      volumes:
+      - name: data
+        persistentVolumeClaim:
+          claimName: paperless-longhorn
diff --git a/clusters/default/tools/paperless-ngx/paperless-pvc.yml b/clusters/default/tools/paperless-ngx/paperless-pvc.yml
new file mode 100644
index 0000000..2a7034c
--- /dev/null
+++ b/clusters/default/tools/paperless-ngx/paperless-pvc.yml
@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: paperless-longhorn
+  namespace: tools
+spec:
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: longhorn
diff --git a/clusters/default/tools/paperless-ngx/paperless-secrets.yml b/clusters/default/tools/paperless-ngx/paperless-secrets.yml
new file mode 100644
index 0000000..54a1092
--- /dev/null
+++ b/clusters/default/tools/paperless-ngx/paperless-secrets.yml
@@ -0,0 +1,15 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  name: paperless-secrets
+  namespace: tools
+spec:
+  encryptedData:
+    PAPERLESS_CSRF_TRUSTED_ORIGINS: AgCqUdNmoauRpXLN7InA9um+nM/FlY0NLlMxmxYcrZlNDQyDGsqGwZ7RfvviggSs9YU9zawUCPuhgk7yzKYEa+5FW0YBH7Opomh7XE5GHAKGffCbTTJL5u7VQHju5QdINRoHIVBqSmC5aFPSk85kBDDQC9OVOFKPJescrtaOHnzADy0HhPq8pfBOPi0WGcdB/BXL6JhHcGIncrwvtcu8iPZR3xG6ygLTYwcYl4dy6XKLsQg0n2dGruucbwNugtUTy9sXlrQ3euAEKRxJiYsgduRgtS1HCtddPhlYrjgohH7uHfCfffwPPi/1HAGMBwhWc1sw42X8ozL5pHvp+69eKrGJXyutj9gK7dwRtp0HPaNbtp7DVdf01N0w9Z6krDwx0NWgcKJw/AsDFI0LP89Get6d/uvLApV9iikCahyTuhXq5lbnRWbqz5ZNMuJ1zeJZSk5FOqlKrgXO5+Ai8QWSFHpAk+9spjkd3ijIWFitgheix+QMXAz14Be3tMjK7BCES7M6LrzsHYsW5Kd2IuPkT2373Nf8DvukHmsP3oH8BAfha4iZfUjpX63Jfa30wKORzorruNUQp9jr0hdA+pvzfHRppUi/hmTW8uF8R5GINPZWdgj5Q6N0R+0IWgP5/KD7CZ66XA5SLNAbsYsDzdnVp3z+OYnYv8mU7ktmQuTXBNfxLAs3+XRTWFbcealtiKk/fsNVeVLj2JJBA+gBoOzgE/Q=
+    PAPERLESS_URL: AgBzt1amIC1pcgjhasPiC6FiWRxP9pg+9QZcdqYeBY1Uv0rzyUSeEXH9ZAZCm9j5uhi26zC943HR5lxI2JKdjY5PYprj9OEQNQrL1HE8odFT6S9Ior5ids5D3AtpZtkV3AHfiHhU+hg6l0Utlq2jOlRBlcGVTZtodlmoRg8tJYYZx/pOJzxW78lOKou6y5Z7l56WCmZ8ZoEwk/GU+4Rqg1m7ccVy6SaDpr9KjfR0tXqwh1isy5wo/jqQXBL8xIqTdP73dglOGGyI88e4k3kqZHA0ZcF06SaMcaQ/c+l+EnM3iWqWcKccTd6NYRmTgoBsW4uf/i+iG448+n+cgW5rYV4Xor12NCDepkqMYOx0LV/vAmLicWf+c571g4GSzeKfPXal1OM5jE5avxWnK/7ei4xN2uFAdqrKIjnC6z8+Mfh+qzqcD1sOiS5ZpFpnbdrWQ3p7G7FdT6qc/m4gGVtgPtSo5hnS6FPTl/AzeZ4LyRaq9H4kCIvepDAVUWm20RdXw/P8/YTJMcL9pLzFClUFAEYFb5wf6PDWLbmhJhfXMtLIva2uZEIKDiYnFmsdGX/z9CT/JpDb18XSNTH0g5P19s5Q+nuvy0J4fVmL8Rug9KYcMx1T5IXWkgf5rJViIDdcA7tiVGddZY+WS4P1Mm9GmKzhSEzMXig/sn3mJmSSaWv4dxIJR75a5V1PjETVpZmRgeCC3GRMG/6IJX+7/VaoWBUgGA==
+  template:
+    metadata:
+      name: paperless-secrets
+      namespace: tools
+    type: Opaque
diff --git a/clusters/default/tools/tika/tika-service.yml b/clusters/default/tools/tika/tika-service.yml
new file mode 100644
index 0000000..0c666a5
--- /dev/null
+++ b/clusters/default/tools/tika/tika-service.yml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: tika-service
+  namespace: tools
+spec:
+  type: ClusterIP
+  selector:
+    app: tika
+  ports:
+  - port: 9998
+    targetPort: 9998
diff --git a/clusters/default/tools/tika/tika.yml b/clusters/default/tools/tika/tika.yml
new file mode 100644
index 0000000..ba4bff0
--- /dev/null
+++ b/clusters/default/tools/tika/tika.yml
@@ -0,0 +1,19 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: tika
+  namespace: tools
+spec:
+  selector:
+    matchLabels:
+      app: tika
+  template:
+    metadata:
+      labels:
+        app: tika
+    spec:
+      containers:
+      - name: tika
+        image: apache/tika:3.2.3.0
+        ports:
+        - containerPort: 9998