diff --git a/policies/default.nix b/policies/default.nix
deleted file mode 100644
index a745e10c..00000000
--- a/policies/default.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{ ... }:
-{
-  imports = [
-    ./oceanbox/network
-    # ./oceanbox/kyverno
-  ];
-}
diff --git a/policies/oceanbox/network/default.nix b/policies/oceanbox/network/default.nix
deleted file mode 100644
index ba5245d5..00000000
--- a/policies/oceanbox/network/default.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{ ... }:
-{
-  imports = [
-    ./external-ceph.nix
-    ./microsoftonline.nix
-  ];
-}
diff --git a/policies/oceanbox/network/external-ceph.nix b/policies/oceanbox/network/external-ceph.nix
deleted file mode 100644
index 5d88d90e..00000000
--- a/policies/oceanbox/network/external-ceph.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{ ... }:
-{
-  applications.netpol-external-ceph = {
-    resources = {
-      ciliumClusterwideNetworkPolicies = {
-        allow-external-ceph-egress.spec = {
-          egress = [
-            {
-              toCIDR = [
-                "10.255.241.30/32"
-                "10.255.241.31/32"
-                "10.255.241.32/32"
-                "10.255.244.0/24"
-              ];
-            }
-          ];
-          endpointSelector = { };
-        };
-      };
-    };
-  };
-}
diff --git a/policies/oceanbox/network/microsoftonline.nix b/policies/oceanbox/network/microsoftonline.nix
deleted file mode 100644
index 67e0b36e..00000000
--- a/policies/oceanbox/network/microsoftonline.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ ... }:
-{
-  applications.netpol-microsoftonline = {
-    project = "netpol";
-    resources = {
-      ciliumClusterwideNetworkPolicies = {
-        allow-microsoftonline.spec = {
-          endpointSelector = { };
-          egress = [
-            {
-              toFQDNs = [
-                { matchName = "login.microsoftonline.com"; }
-                { matchPattern = "*.microsoftonline.com"; }
-              ];
-            }
-          ];
-        };
-      };
-    };
-  };
-}
diff --git a/policies/oceanbox/network/templ.nix b/policies/oceanbox/network/templ.nix
deleted file mode 100644
index d22e976c..00000000
--- a/policies/oceanbox/network/templ.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ ... }:
-{
-  applications.xxx = {
-    resources = {
-      ciliumClusterwideNetworkPolicies = {
-        xxx.spec =
-          {
-          };
-      };
-    };
-  };
-}
diff --git a/policies/ekman/kyverno/add-ingress-whitelist.yaml b/values/system/ekman/kyverno/add-ingress-whitelist.yaml
similarity index 100%
rename from policies/ekman/kyverno/add-ingress-whitelist.yaml
rename to values/system/ekman/kyverno/add-ingress-whitelist.yaml
diff --git a/policies/ekman/kyverno/sync-keyvault-secret.yaml b/values/system/ekman/kyverno/sync-keyvault-secret.yaml
similarity index 100%
rename from policies/ekman/kyverno/sync-keyvault-secret.yaml
rename to values/system/ekman/kyverno/sync-keyvault-secret.yaml
diff --git a/policies/ekman/kyverno/sync-oceanbox-regcred.yaml b/values/system/ekman/kyverno/sync-oceanbox-regcred.yaml
similarity index 100%
rename from policies/ekman/kyverno/sync-oceanbox-regcred.yaml
rename to values/system/ekman/kyverno/sync-oceanbox-regcred.yaml
diff --git a/policies/ekman/kyverno/sync-sorcerer-secrets.yaml b/values/system/ekman/kyverno/sync-sorcerer-secrets.yaml
similarity index 100%
rename from policies/ekman/kyverno/sync-sorcerer-secrets.yaml
rename to values/system/ekman/kyverno/sync-sorcerer-secrets.yaml
diff --git a/values/system/oceanbox/empty.yaml b/values/system/oceanbox/empty.yaml
deleted file mode 100644
index e69de29b..00000000
diff --git a/resources/oceanbox/ingress/hubble-ui-ingress.yaml b/values/system/oceanbox/hubble-ui-ingress.yaml
similarity index 100%
rename from resources/oceanbox/ingress/hubble-ui-ingress.yaml
rename to values/system/oceanbox/hubble-ui-ingress.yaml
diff --git a/policies/oceanbox/kyverno/add-ingress-whitelist.yaml b/values/system/oceanbox/kyverno/add-ingress-whitelist.yaml
similarity index 100%
rename from policies/oceanbox/kyverno/add-ingress-whitelist.yaml
rename to values/system/oceanbox/kyverno/add-ingress-whitelist.yaml
diff --git a/policies/oceanbox/kyverno/add-openfga-secret.yaml b/values/system/oceanbox/kyverno/add-openfga-secret.yaml
similarity index 100%
rename from policies/oceanbox/kyverno/add-openfga-secret.yaml
rename to values/system/oceanbox/kyverno/add-openfga-secret.yaml
diff --git a/policies/oceanbox/kyverno/remove-argocd-tracking-id.yaml b/values/system/oceanbox/kyverno/remove-argocd-tracking-id.yaml
similarity index 100%
rename from policies/oceanbox/kyverno/remove-argocd-tracking-id.yaml
rename to values/system/oceanbox/kyverno/remove-argocd-tracking-id.yaml
diff --git a/policies/oceanbox/kyverno/sync-atlantis-secrets.yaml b/values/system/oceanbox/kyverno/sync-atlantis-secrets.yaml
similarity index 100%
rename from policies/oceanbox/kyverno/sync-atlantis-secrets.yaml
rename to values/system/oceanbox/kyverno/sync-atlantis-secrets.yaml
diff --git a/policies/oceanbox/kyverno/sync-keyvault-secret.yaml b/values/system/oceanbox/kyverno/sync-keyvault-secret.yaml
similarity index 100%
rename from policies/oceanbox/kyverno/sync-keyvault-secret.yaml
rename to values/system/oceanbox/kyverno/sync-keyvault-secret.yaml
diff --git a/policies/oceanbox/kyverno/sync-regcred.yaml b/values/system/oceanbox/kyverno/sync-regcred.yaml
similarity index 100%
rename from policies/oceanbox/kyverno/sync-regcred.yaml
rename to values/system/oceanbox/kyverno/sync-regcred.yaml
diff --git a/policies/oceanbox/network/allow-azure-egress.yaml b/values/system/oceanbox/network/allow-azure-egress.yaml
similarity index 100%
rename from policies/oceanbox/network/allow-azure-egress.yaml
rename to values/system/oceanbox/network/allow-azure-egress.yaml
diff --git a/policies/oceanbox/network/allow-ceph-egress.yaml b/values/system/oceanbox/network/allow-ceph-egress.yaml
similarity index 100%
rename from policies/oceanbox/network/allow-ceph-egress.yaml
rename to values/system/oceanbox/network/allow-ceph-egress.yaml
diff --git a/policies/oceanbox/network/allow-microsoft-oidc-login.yaml b/values/system/oceanbox/network/allow-microsoft-oidc-login.yaml
similarity index 100%
rename from policies/oceanbox/network/allow-microsoft-oidc-login.yaml
rename to values/system/oceanbox/network/allow-microsoft-oidc-login.yaml
diff --git a/policies/oceanbox/network/atlantis/allow-api-server.yaml b/values/system/oceanbox/network/atlantis/allow-api-server.yaml
similarity index 100%
rename from policies/oceanbox/network/atlantis/allow-api-server.yaml
rename to values/system/oceanbox/network/atlantis/allow-api-server.yaml
diff --git a/policies/oceanbox/network/atlantis/atlantis-policies.yaml b/values/system/oceanbox/network/atlantis/atlantis-policies.yaml
similarity index 100%
rename from policies/oceanbox/network/atlantis/atlantis-policies.yaml
rename to values/system/oceanbox/network/atlantis/atlantis-policies.yaml
diff --git a/policies/oceanbox/network/clusterpolicy-allow-api-server.yaml b/values/system/oceanbox/network/clusterpolicy-allow-api-server.yaml
similarity index 100%
rename from policies/oceanbox/network/clusterpolicy-allow-api-server.yaml
rename to values/system/oceanbox/network/clusterpolicy-allow-api-server.yaml
diff --git a/policies/oceanbox/network/clusterpolicy-allow-ekman-egress.yaml b/values/system/oceanbox/network/clusterpolicy-allow-ekman-egress.yaml
similarity index 100%
rename from policies/oceanbox/network/clusterpolicy-allow-ekman-egress.yaml
rename to values/system/oceanbox/network/clusterpolicy-allow-ekman-egress.yaml
diff --git a/policies/oceanbox/network/clusterpolicy-allow-namespace-traffic.yaml b/values/system/oceanbox/network/clusterpolicy-allow-namespace-traffic.yaml
similarity index 100%
rename from policies/oceanbox/network/clusterpolicy-allow-namespace-traffic.yaml
rename to values/system/oceanbox/network/clusterpolicy-allow-namespace-traffic.yaml
diff --git a/policies/oceanbox/network/clusterpolicy-allow-oceanboxio.yaml b/values/system/oceanbox/network/clusterpolicy-allow-oceanboxio.yaml
similarity index 100%
rename from policies/oceanbox/network/clusterpolicy-allow-oceanboxio.yaml
rename to values/system/oceanbox/network/clusterpolicy-allow-oceanboxio.yaml
diff --git a/policies/oceanbox/network/clusterpolicy-allow-remote-node.yaml b/values/system/oceanbox/network/clusterpolicy-allow-remote-node.yaml
similarity index 100%
rename from policies/oceanbox/network/clusterpolicy-allow-remote-node.yaml
rename to values/system/oceanbox/network/clusterpolicy-allow-remote-node.yaml
diff --git a/policies/oceanbox/network/csi-addons-controller/allow-9070-host.yaml b/values/system/oceanbox/network/csi-addons-controller/allow-9070-host.yaml
similarity index 100%
rename from policies/oceanbox/network/csi-addons-controller/allow-9070-host.yaml
rename to values/system/oceanbox/network/csi-addons-controller/allow-9070-host.yaml
diff --git a/policies/oceanbox/network/dapr/allow-api-server.yaml b/values/system/oceanbox/network/dapr/allow-api-server.yaml
similarity index 100%
rename from policies/oceanbox/network/dapr/allow-api-server.yaml
rename to values/system/oceanbox/network/dapr/allow-api-server.yaml
diff --git a/policies/oceanbox/network/dapr/allow-remote-node.yaml b/values/system/oceanbox/network/dapr/allow-remote-node.yaml
similarity index 100%
rename from policies/oceanbox/network/dapr/allow-remote-node.yaml
rename to values/system/oceanbox/network/dapr/allow-remote-node.yaml
diff --git a/policies/oceanbox/network/geoserver/allow-geoserver-ingress.yaml b/values/system/oceanbox/network/geoserver/allow-geoserver-ingress.yaml
similarity index 100%
rename from policies/oceanbox/network/geoserver/allow-geoserver-ingress.yaml
rename to values/system/oceanbox/network/geoserver/allow-geoserver-ingress.yaml
diff --git a/policies/oceanbox/network/idp/allow-api-server.yaml b/values/system/oceanbox/network/idp/allow-api-server.yaml
similarity index 100%
rename from policies/oceanbox/network/idp/allow-api-server.yaml
rename to values/system/oceanbox/network/idp/allow-api-server.yaml
diff --git a/policies/oceanbox/network/idp/allow-gitlab.yaml b/values/system/oceanbox/network/idp/allow-gitlab.yaml
similarity index 100%
rename from policies/oceanbox/network/idp/allow-gitlab.yaml
rename to values/system/oceanbox/network/idp/allow-gitlab.yaml
diff --git a/policies/oceanbox/network/idp/allow-idp-external-access.yaml b/values/system/oceanbox/network/idp/allow-idp-external-access.yaml
similarity index 100%
rename from policies/oceanbox/network/idp/allow-idp-external-access.yaml
rename to values/system/oceanbox/network/idp/allow-idp-external-access.yaml
diff --git a/policies/oceanbox/network/idp/allow-itp-smtpgw.yaml b/values/system/oceanbox/network/idp/allow-itp-smtpgw.yaml
similarity index 100%
rename from policies/oceanbox/network/idp/allow-itp-smtpgw.yaml
rename to values/system/oceanbox/network/idp/allow-itp-smtpgw.yaml
diff --git a/policies/oceanbox/network/idp/allow-keycloak.yaml b/values/system/oceanbox/network/idp/allow-keycloak.yaml
similarity index 100%
rename from policies/oceanbox/network/idp/allow-keycloak.yaml
rename to values/system/oceanbox/network/idp/allow-keycloak.yaml
diff --git a/policies/oceanbox/network/jaeger/allow-api-server.yaml b/values/system/oceanbox/network/jaeger/allow-api-server.yaml
similarity index 100%
rename from policies/oceanbox/network/jaeger/allow-api-server.yaml
rename to values/system/oceanbox/network/jaeger/allow-api-server.yaml
diff --git a/policies/oceanbox/network/jaeger/allow-remote-node.yaml b/values/system/oceanbox/network/jaeger/allow-remote-node.yaml
similarity index 100%
rename from policies/oceanbox/network/jaeger/allow-remote-node.yaml
rename to values/system/oceanbox/network/jaeger/allow-remote-node.yaml
diff --git a/policies/oceanbox/network/loki/CiliumNetworkPolicy-allow-loki-backend-to-api-server.yaml b/values/system/oceanbox/network/loki/CiliumNetworkPolicy-allow-loki-backend-to-api-server.yaml
similarity index 100%
rename from policies/oceanbox/network/loki/CiliumNetworkPolicy-allow-loki-backend-to-api-server.yaml
rename to values/system/oceanbox/network/loki/CiliumNetworkPolicy-allow-loki-backend-to-api-server.yaml
diff --git a/policies/oceanbox/network/loki/CiliumNetworkPolicy-allow-prometheus-metrics.yaml b/values/system/oceanbox/network/loki/CiliumNetworkPolicy-allow-prometheus-metrics.yaml
similarity index 100%
rename from policies/oceanbox/network/loki/CiliumNetworkPolicy-allow-prometheus-metrics.yaml
rename to values/system/oceanbox/network/loki/CiliumNetworkPolicy-allow-prometheus-metrics.yaml
diff --git a/policies/oceanbox/network/loki/CiliumNetworkPolicy-allow-promtail-to-api-server.yaml b/values/system/oceanbox/network/loki/CiliumNetworkPolicy-allow-promtail-to-api-server.yaml
similarity index 100%
rename from policies/oceanbox/network/loki/CiliumNetworkPolicy-allow-promtail-to-api-server.yaml
rename to values/system/oceanbox/network/loki/CiliumNetworkPolicy-allow-promtail-to-api-server.yaml
diff --git a/policies/oceanbox/network/loki/CiliumNetworkPolicy-allow-s3-traffic.yaml b/values/system/oceanbox/network/loki/CiliumNetworkPolicy-allow-s3-traffic.yaml
similarity index 100%
rename from policies/oceanbox/network/loki/CiliumNetworkPolicy-allow-s3-traffic.yaml
rename to values/system/oceanbox/network/loki/CiliumNetworkPolicy-allow-s3-traffic.yaml
diff --git a/policies/oceanbox/network/loki/CiliumNetworkPolicy-allow-s3.yaml b/values/system/oceanbox/network/loki/CiliumNetworkPolicy-allow-s3.yaml
similarity index 100%
rename from policies/oceanbox/network/loki/CiliumNetworkPolicy-allow-s3.yaml
rename to values/system/oceanbox/network/loki/CiliumNetworkPolicy-allow-s3.yaml
diff --git a/policies/oceanbox/network/loki/CiliumNetworkPolicy-allow-stats-grafana.yaml b/values/system/oceanbox/network/loki/CiliumNetworkPolicy-allow-stats-grafana.yaml
similarity index 100%
rename from policies/oceanbox/network/loki/CiliumNetworkPolicy-allow-stats-grafana.yaml
rename to values/system/oceanbox/network/loki/CiliumNetworkPolicy-allow-stats-grafana.yaml
diff --git a/policies/oceanbox/network/rabbitmq/policy-allow-rabbitmq.yaml b/values/system/oceanbox/network/rabbitmq/policy-allow-rabbitmq.yaml
similarity index 100%
rename from policies/oceanbox/network/rabbitmq/policy-allow-rabbitmq.yaml
rename to values/system/oceanbox/network/rabbitmq/policy-allow-rabbitmq.yaml
diff --git a/resources/oceanbox/redis-sso-sync-cronjob.yaml b/values/system/oceanbox/redis-sso-sync-cronjob.yaml
similarity index 100%
rename from resources/oceanbox/redis-sso-sync-cronjob.yaml
rename to values/system/oceanbox/redis-sso-sync-cronjob.yaml
diff --git a/resources/oceanbox/vcluster-rabc.yaml b/values/system/oceanbox/vcluster-rabc.yaml
similarity index 100%
rename from resources/oceanbox/vcluster-rabc.yaml
rename to values/system/oceanbox/vcluster-rabc.yaml