diff --git a/.taskfiles/k8s/Taskfile.dist.yaml b/.taskfiles/k8s/Taskfile.dist.yaml
index aa36b5cb..e15dae7e 100644
--- a/.taskfiles/k8s/Taskfile.dist.yaml
+++ b/.taskfiles/k8s/Taskfile.dist.yaml
@@ -1,2 +1,26 @@
 ---
 version: "3"
+
+vars:
+  c: '{{ .c | default "biohazard" }}'
+
+tasks:
+  get-public-ingresses:
+    aliases: [gpi]
+    desc: |
+      TL;dr: Check which ingress resources are exposed publicly via DNS to specific target.
+      Long Description: Search through all ingress resources for names of which resources have specific external-dns annotation values.
+    vars:
+      dns: '{{ or .dns (fail "Missing search query!") }}'
+    cmds:
+      - kubectl get ingress,svc -A -o yaml | yq -r '.items | map(select(.metadata.annotations."external-dns.alpha.kubernetes.io/target"=="*{{.dns}}*").metadata.name)'
+
+  sops-apply:
+    aliases: [sa]
+    desc: Decrypt cluster secrets and vars to envsubst local resource, then apply substituted resource.
+    vars:
+      f: '{{ or .f (fail "Missing file (`f` var) to `envsubst && k apply`!") }}'
+      SECRETS_FILE: "{{.ROOT_DIR}}/kube/clusters/{{.c}}/config/secrets.sops.env"
+      VARS_FILE: "{{.ROOT_DIR}}/kube/clusters/{{.c}}/config/vars.sops.env"
+    cmds:
+      - sops exec-env {{.SECRETS_FILE}} "sops exec-env {{.VARS_FILE}} \"envsubst < <(cat {{.f}}) | kubectl apply -f -\""