diff --git a/.github/workflows/bulk-merge-prs.yaml b/.github/workflows/bulk-merge-prs.yaml
index e7fd222f6d..e126552359 100644
--- a/.github/workflows/bulk-merge-prs.yaml
+++ b/.github/workflows/bulk-merge-prs.yaml
@@ -32,8 +32,8 @@
           uses: actions/create-github-app-token@v1
           id: app-token
           with:
-            app-id: "$BOT_APP_ID"
-            private-key: "$BOT_APP_PRIVATE_KEY"
+            app-id: "${{ env.BOT_APP_ID }}"
+            private-key: "${{ env.BOT_APP_PRIVATE_KEY }}"
 
         - name: Checkout
           uses: actions/checkout@v4
diff --git a/.github/workflows/flux-diff.yaml b/.github/workflows/flux-diff.yaml
index 018d19a2c3..536f90cb94 100644
--- a/.github/workflows/flux-diff.yaml
+++ b/.github/workflows/flux-diff.yaml
@@ -30,8 +30,8 @@ jobs:
         uses: actions/create-github-app-token@v1
         id: app-token
         with:
-          app-id: "$BOT_APP_ID"
-          private-key: "$BOT_APP_PRIVATE_KEY"
+          app-id: "${{ env.BOT_APP_ID }}"
+          private-key: "${{ env.BOT_APP_PRIVATE_KEY }}"
 
       - name: Checkout Default Branch
         uses: actions/checkout@v4
@@ -69,8 +69,8 @@ jobs:
         uses: actions/create-github-app-token@v1
         id: app-token
         with:
-          app-id: "$BOT_APP_ID"
-          private-key: "$BOT_APP_PRIVATE_KEY"
+          app-id: "${{ env.BOT_APP_ID }}"
+          private-key: "${{ env.BOT_APP_PRIVATE_KEY }}"
 
       - name: Checkout
         uses: actions/checkout@v4
diff --git a/.github/workflows/flux-hr-sync.yaml b/.github/workflows/flux-hr-sync.yaml
index 377a723c72..f226d52f54 100644
--- a/.github/workflows/flux-hr-sync.yaml
+++ b/.github/workflows/flux-hr-sync.yaml
@@ -38,8 +38,8 @@ jobs:
         uses: actions/create-github-app-token@v1
         id: app-token
         with:
-          app-id: "$BOT_APP_ID"
-          private-key: "$BOT_APP_PRIVATE_KEY"
+          app-id: "${{ env.BOT_APP_ID }}"
+          private-key: "${{ env.BOT_APP_PRIVATE_KEY }}"
 
       - name: Checkout
         uses: actions/checkout@v4
diff --git a/.github/workflows/flux-image-test.yaml b/.github/workflows/flux-image-test.yaml
index 95e85ebd27..2cf7962959 100644
--- a/.github/workflows/flux-image-test.yaml
+++ b/.github/workflows/flux-image-test.yaml
@@ -30,8 +30,8 @@ jobs:
         uses: actions/create-github-app-token@v1
         id: app-token
         with:
-          app-id: "$BOT_APP_ID"
-          private-key: "$BOT_APP_PRIVATE_KEY"
+          app-id: "${{ env.BOT_APP_ID }}"
+          private-key: "${{ env.BOT_APP_PRIVATE_KEY }}"
 
       - name: Checkout
         uses: actions/checkout@v4
@@ -70,8 +70,8 @@ jobs:
         uses: actions/create-github-app-token@v1
         id: app-token
         with:
-          app-id: "$BOT_APP_ID"
-          private-key: "$BOT_APP_PRIVATE_KEY"
+          app-id: "${{ env.BOT_APP_ID }}"
+          private-key: "${{ env.BOT_APP_PRIVATE_KEY }}"
 
       - name: Setup Homebrew
         uses: Homebrew/actions/setup-homebrew@master
diff --git a/.github/workflows/flux-ks-sync.yaml b/.github/workflows/flux-ks-sync.yaml
index 4fd1df87bd..86c00a4b6d 100644
--- a/.github/workflows/flux-ks-sync.yaml
+++ b/.github/workflows/flux-ks-sync.yaml
@@ -28,8 +28,8 @@ jobs:
         uses: actions/create-github-app-token@v1
         id: app-token
         with:
-          app-id: "$BOT_APP_ID"
-          private-key: "$BOT_APP_PRIVATE_KEY"
+          app-id: "${{ env.BOT_APP_ID }}"
+          private-key: "${{ env.BOT_APP_PRIVATE_KEY }}"
 
       - name: Checkout
         uses: actions/checkout@v4
diff --git a/.github/workflows/label-sync.yaml b/.github/workflows/label-sync.yaml
index 479ae79c43..92fb00e53f 100644
--- a/.github/workflows/label-sync.yaml
+++ b/.github/workflows/label-sync.yaml
@@ -27,8 +27,8 @@ jobs:
         uses: actions/create-github-app-token@v1
         id: app-token
         with:
-          app-id: "$BOT_APP_ID"
-          private-key: "$BOT_APP_PRIVATE_KEY"
+          app-id: "${{ env.BOT_APP_ID }}"
+          private-key: "${{ env.BOT_APP_PRIVATE_KEY }}"
 
       - name: Checkout
         uses: actions/checkout@v4
diff --git a/.github/workflows/labeler.yaml b/.github/workflows/labeler.yaml
index 6a6a06735e..0d99b29302 100644
--- a/.github/workflows/labeler.yaml
+++ b/.github/workflows/labeler.yaml
@@ -27,8 +27,8 @@ jobs:
         uses: actions/create-github-app-token@v1
         id: app-token
         with:
-          app-id: "$BOT_APP_ID"
-          private-key: "$BOT_APP_PRIVATE_KEY"
+          app-id: "${{ env.BOT_APP_ID }}"
+          private-key: "${{ env.BOT_APP_PRIVATE_KEY }}"
 
       - name: Labeler
         uses: actions/labeler@v5
diff --git a/.github/workflows/nas-restart.yaml b/.github/workflows/nas-restart.yaml
new file mode 100644
index 0000000000..844a283fd5
--- /dev/null
+++ b/.github/workflows/nas-restart.yaml
@@ -0,0 +1,64 @@
+---
+  # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+  name: "Deployment Restart"
+
+  on:
+    workflow_dispatch:
+
+  jobs:
+    sync:
+      name: Deployment Restart
+      runs-on: ["arc-runner-set-home-ops"]
+      strategy:
+        matrix:
+          cluster: ["teyvat"]
+      steps:
+        - name: Get Secrets
+          uses: bitwarden/sm-action@v2
+          with:
+            access_token: ${{ secrets.BW_ACCESS_TOKEN }}
+            secrets: |
+              1c493889-1e30-4156-a937-b10100433300 > KUBECONFIG
+              e062dcb9-8cd7-471e-b9be-b10100497102 > BOT_APP_ID
+              5856238d-3fae-4a0f-9847-b1010049f697 > BOT_APP_PRIVATE_KEY
+
+        - name: Generate Token
+          uses: actions/create-github-app-token@v1
+          id: app-token
+          with:
+            app-id: "${{ env.BOT_APP_ID }}"
+            private-key: "${{ env.BOT_APP_PRIVATE_KEY }}"
+
+        - name: Checkout
+          uses: actions/checkout@v4
+          with:
+            token: "${{ steps.app-token.outputs.token }}"
+
+        - name: Setup Homebrew
+          uses: Homebrew/actions/setup-homebrew@master
+
+        - name: Setup Workflow Tools
+          shell: bash
+          run: brew install kubernetes-cli
+
+        - name: Write kubeconfig
+          id: kubeconfig
+          uses: timheuer/base64-to-file@v1
+          with:
+            encodedString: "$KUBECONFIG"
+            fileName: kubeconfig
+
+        - name: Restart NFS Deployments
+          env:
+            KUBECONFIG: "${{ steps.kubeconfig.outputs.filePath }}"
+          shell: bash
+          run: |
+            kubectl \
+                --context "${{ matrix.cluster }}" \
+                get deployments \
+                --all-namespaces \
+                -l nfsMount=true \
+                -o custom-columns="NAMESPACE:.metadata.namespace,NAME:.metadata.name" \
+                --no-headers | \
+                awk '{print "kubectl --context ${{ matrix.cluster }} rollout restart deployment/"$2" -n "$1}' | \
+                sh
diff --git a/.github/workflows/publish-terraform.yaml b/.github/workflows/publish-terraform.yaml
index 7521450881..d5b99ced3a 100644
--- a/.github/workflows/publish-terraform.yaml
+++ b/.github/workflows/publish-terraform.yaml
@@ -28,8 +28,8 @@ jobs:
         uses: actions/create-github-app-token@v1
         id: app-token
         with:
-          app-id: "$BOT_APP_ID"
-          private-key: "$BOT_APP_PRIVATE_KEY"
+          app-id: "${{ env.BOT_APP_ID }}"
+          private-key: "${{ env.BOT_APP_PRIVATE_KEY }}"
 
       - name: Checkout
         uses: actions/checkout@v4
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index f2c60786c0..3b8f0d9640 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -24,8 +24,8 @@ jobs:
         uses: actions/create-github-app-token@v1
         id: app-token
         with:
-          app-id: "$BOT_APP_ID"
-          private-key: "$BOT_APP_PRIVATE_KEY"
+          app-id: "${{ env.BOT_APP_ID }}"
+          private-key: "${{ env.BOT_APP_PRIVATE_KEY }}"
 
       - name: Checkout
         uses: actions/checkout@v4