diff --git a/iac/README.md b/iac/README.md
index 0c70f38..42984b5 100644
--- a/iac/README.md
+++ b/iac/README.md
@@ -15,6 +15,35 @@ Since hcloud keeps (seriously, several times) making me wait for verification I'
 The long term goal is for this to be a mostly uninteractive, to completion set up of my cloud services. Since it'll be IaC should I ever choose down the road to migrate certain ones to local nodes I run then that effort should also be more or less feasible.
 
 
+### Initial requirements
+Pulumi and Node/NPM installed
+
+
+Then we need to set up the Pulumi stack 
+```
+pulumi stack init hetzner-k3s-cluster
+```
+
+Then we can move to setting our handful of Pulumi initializing secrets (right now we just set for local)
+
+If using hcloud then we need to get an API token from: https://console.hetzner.com/projects/<PROJECT-NUMBER-HERE>/security/tokens
+```
+pulumi config set hcloud:token <TOKEN-HERE>
+```
+
+
+If you don't have one you need to generate an SSH key.
+We need to also enter our SSH public keys onto hcloud for simplicity sake: https://console.hetzner.com/projects/<PROJECT-NUMBER-HERE>/security/sshkeys
+```
+pulumi config set sshKeyName <NAME-OF-SSH-KEY-IN-HCLOUD>
+```
+Need to supply Pulumi the private key which can be grabbed something like ```cat ~/.ssh/id_e25519 | pulumi config set privateKeySsh``` (didn't test just going off memory)
+
+
+If you have any others you want to add, you can add them in the same way
+I personally add one that is used in this like:
+```pulumi config set sshPersonalKeyName <PERSONAL-KEY-NAME-ON-HCLOUD>```
+
 
 
 ### Vault
diff --git a/iac/src/main/core.cljs b/iac/src/main/core.cljs
index 375faec..5449768 100644
--- a/iac/src/main/core.cljs
+++ b/iac/src/main/core.cljs
@@ -1,44 +1,57 @@
 (ns core
   (:require
    ["@pulumi/kubernetes" :as k8s]
-   [clojure.core.async :refer [go <!]]
-   [clojure.core.async.interop :refer [<p!]]
+   ["@pulumi/pulumi" :as pulumi]
    [infra.init :as init]
    [k8s.csi-driver.hetzner :as hetznercsi]
    [k8s.services.openbao.openbao :as vault]
-   [k8s.services.nextcloud.nextcloud :as nextcloud]
-   ))
+   [k8s.services.nextcloud.nextcloud :as nextcloud]))
 
-(defn app-deployments [provider] 
-     (let [
-           nextcloud-result (nextcloud/deploy-nextcloud-app provider)
-           vault-result (vault/deploy-vault provider)
-           ] 
-       {
-        :nextcloud nextcloud-result
-        :vault vault-result
-        }
-       ))
 
+(defn app-list [provider vault-params]
+  (let [nextcloud-result (nextcloud/deploy-nextcloud provider vault-params)]
+    {:nextcloud nextcloud-result}))
+
+(defn app-deployments
+  "Deploy applications with proper dependency chain"
+  [provider kubeconfig apps]
+  (let [vault-result (vault/deploy-vault provider kubeconfig)
+        vault-params {:address (aget vault-result "address") :token (aget vault-result "root_token") :vault-port-forward (aget vault-result "port_forward_manager")}
+        app-results (if (nil? apps) {} (apps provider vault-params))
+        ]
+    (assoc app-results :vault vault-result)
+    ))
+
+(defn init! [apps] 
+  (let [cluster (init/create-cluster) 
+        setup (.apply (get cluster :kubeconfig)
+                      (fn [kc]
+                        (js/Promise.
+                         (fn [resolve _reject]
+                           (let [provider (new k8s/Provider
+                                               "k8s-dynamic-provider"
+                                               (clj->js {:kubeconfig kc}))] 
+                             (hetznercsi/deploy-csi-driver provider)
+                             (resolve (app-deployments provider kc apps)))))))]
+    {cluster setup}
+    ))
 
 
 (defn main! []
-  (let [cluster (init/create-cluster)
-        app-outputs (.apply (get cluster :kubeconfig)
-                            (fn [kc]
-                              (js/Promise.
-                               (fn [resolve _reject]
-                                 (let [provider (k8s/Provider. "k8s-dynamic-provider" #js {:kubeconfig kc})]
-                                   (hetznercsi/deploy-csi-driver provider)
-                                   (resolve (app-deployments provider)))))))] 
+  (let [init (init! app-list)
+        cluster (get init :cluster)
+        app-outputs (get init :setup)]
     
-    
-(set! (.-exports js/module)
-      #js {
-           :kubeconfig (get cluster :kubeconfig)
-           :masterIp (get cluster :masterIp)          
-           :nextcloudUrl (.apply app-outputs #(get app-outputs :nextcloudUrl))})
-    
-  #_(set! (.-exports js/module)
-          #js {:nextcloudUrl (.apply app-outputs (fn [outputs] (.-nextcloudUrl outputs)))})
-  ))
+    (set! (.-exports js/module)
+          (clj->js {
+                    :kubeconfig (get cluster :kubeconfig)
+                    :masterIp (get cluster :masterIp)
+                    :workerDeIp (get cluster :workerDeIp)
+                    :workerUsIp (get cluster :workerUsIp)
+
+                    :vaultAddress (.apply app-outputs #(get-in % [:vault :address]))
+                    :vaultToken (.apply app-outputs #(get-in % [:vault :root-token]))
+
+                    :nextcloudUrl (.apply app-outputs
+                                          (fn [outputs]
+                                            (get-in outputs [:nextcloud :nextcloud-url])))}))))