diff --git a/manifests/firewall/iptables.pp b/manifests/firewall/iptables.pp
index 7f4b8b0..d52c19e 100644
--- a/manifests/firewall/iptables.pp
+++ b/manifests/firewall/iptables.pp
@@ -18,9 +18,9 @@ class puppet_cd::firewall::iptables (
       jump  => 'accept',
     }
     if $pt_use_r10k_webhook == true {
-      firewall { '38080 open port 8080':
+      firewall { '38088 open port 8088':
         proto => 'tcp',
-        dport => '8080',
+        dport => '8088',
         jump  => 'accept',
       }
     }
diff --git a/manifests/main/config.pp b/manifests/main/config.pp
index 68ce0df..69027ae 100644
--- a/manifests/main/config.pp
+++ b/manifests/main/config.pp
@@ -12,8 +12,8 @@ class puppet_cd::main::config (
     include puppet_cd::puppetdb::service
   }
 
-#  if $pt_use_r10k == true {
-#    include puppet_cd::r10k::install
-#    include puppet_cd::r10k::webhook
-#  }
+  if $pt_use_r10k == true {
+    include puppet_cd::r10k::install
+    include puppet_cd::r10k::webhook
+  }
 }
diff --git a/manifests/params.pp b/manifests/params.pp
index 3027126..de0641c 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -203,7 +203,7 @@ class puppet_cd::params (
   $pt_puppetdb_var_dir              = '/opt/puppetlabs/server/data/puppetdb'
 ## r10k
   $pt_r10k_dir                      = "${pt_main_dir}/r10k"
-  $pt_r10k_webhook_dir              = '/opt/r10k-webhook'
+  $pt_r10k_webhook_dir              = '/etc/r10k-webhook'
 
 # files
 ## puppet
@@ -236,8 +236,8 @@ class puppet_cd::params (
   $pt_r10k_webhook_erb              = 'puppet_cd/r10k/webhook.py.erb'
   $pt_r10k_req_file                 = "${pt_r10k_webhook_dir}/requirements.txt"
   $pt_r10k_req_erb                  = 'puppet_cd/r10k/requirements.txt.erb'
-  $pt_r10k_wh_service_file          = '/etc/systemd/system/r10k-webhook.service'
-  $pt_r10k_wh_service_erb           = 'puppet_cd/r10k/r10k_webhook_service.erb'
+  $pt_r10k_wh_config_file           =  "${pt_r10k_webhook_dir}/config.json"
+  $pt_r10k_wh_config_erb            = 'puppet_cd/r10k/r10k_webhook_config.erb'
 
 # service
   $pt_server_service                = 'puppetserver'
diff --git a/manifests/r10k/webhook.pp b/manifests/r10k/webhook.pp
index be78c05..3a5e9ef 100644
--- a/manifests/r10k/webhook.pp
+++ b/manifests/r10k/webhook.pp
@@ -13,27 +13,17 @@ class puppet_cd::r10k::webhook (
     }
 
     # create the webhook dir
-    file { '/opt/r10k-webhook':
+    file { $pt_r10k_webhook_dir:
       ensure   => directory,
-      path     => $pt_r10k_webhook_dir,
-      owner    => 'puppet',
-      group    => 'puppet',
+      owner    => 'root',
+      group    => 'root',
       mode     => '0755',
       selrange => s0,
       selrole  => object_r,
-      seltype  => puppet_etc_t,
+      seltype  => etc_t,
       seluser  => system_u,
     }
 
-    # create the log file
-    file { '/var/log/r10k-webhook.log':
-      ensure  => file,
-      owner   => 'puppet',
-      group   => 'puppet',
-      mode    => '0644',
-      require => File['/opt/r10k-webhook'],
-    }
-
     # create the requirements file
     file { $pt_r10k_req_file:
       ensure   => file,
@@ -42,26 +32,26 @@ class puppet_cd::r10k::webhook (
       mode     => '0644',
       selrange => s0,
       selrole  => object_r,
-      seltype  => puppet_etc_t,
+      seltype  => etc_t,
       seluser  => system_u,
       content  => template($pt_r10k_req_erb),
-      require  => File['/var/log/r10k-webhook.log'],
     }
 
-    # create the binary file
-    file { $pt_r10k_webhook_file:
+    # create the webhook config file
+    file { $pt_r10k_wh_config_file:
       ensure   => file,
-      owner    => 'puppet',
-      group    => 'puppet',
+      owner    => 'root',
+      group    => 'root',
       mode     => '0644',
       selrange => s0,
       selrole  => object_r,
-      seltype  => puppet_etc_t,
+      seltype  => etc_t,
       seluser  => system_u,
-      content  => template($pt_r10k_webhook_erb),
-      require  => File['/opt/r10k-webhook'],
+      content  => template($pt_r10k_wh_config_erb),
+      require  => File[$pt_r10k_webhook_dir],
     }
 
+
     # install pip dependencies
     exec { 'pip_install_r10k_webhook':
       command => 'pip3 install --user -r /opt/r10k-webhook/requirements.txt',
@@ -78,26 +68,11 @@ class puppet_cd::r10k::webhook (
       refreshonly => true,
     }
 
-    # install systemd service file
-    file { $pt_r10k_wh_service_file:
-      ensure   => file,
-      owner    => 'root',
-      group    => 'root',
-      mode     => '0644',
-      selrange => s0,
-      selrole  => object_r,
-      seltype  => systemd_unit_file_t,
-      seluser  => system_u,
-      content  => template($pt_r10k_wh_service_erb),
-      notify   => Exec['systemctl_daemon_reload'],
-    }
-
     # manage service
     service { 'r10k-webhook':
       ensure    => 'running',
       enable    => true,
-      require   => File[$pt_r10k_wh_service_file],
-      subscribe => File[$pt_r10k_webhook_file],
+      subscribe => File[$pt_r10k_wh_config_file],
     }
   }
 }
diff --git a/templates/r10k/r10k_webhook_config.erb b/templates/r10k/r10k_webhook_config.erb
new file mode 100644
index 0000000..7028563
--- /dev/null
+++ b/templates/r10k/r10k_webhook_config.erb
@@ -0,0 +1,8 @@
+{
+  "flush_env_cache": false,
+  "branch_to_env_map": {
+    "master": "production",
+    "^env_(.*)$": "\g<1>"
+  },
+  "allowed_branches": "^(env_[\w]+|master)$"
+}
\ No newline at end of file
diff --git a/templates/r10k/requirements.txt.erb b/templates/r10k/requirements.txt.erb
index 992201c..4d50e5b 100644
--- a/templates/r10k/requirements.txt.erb
+++ b/templates/r10k/requirements.txt.erb
@@ -1,3 +1,4 @@
-fastapi==0.115.0
-uvicorn==0.30.6
-pydantic==2.8.2
\ No newline at end of file
+#fastapi==0.115.0
+#uvicorn==0.30.6
+#pydantic==2.8.2
+r10k-webhook
\ No newline at end of file