From 321685822fb06c91fb036069a8137c79037c09b4 Mon Sep 17 00:00:00 2001
From: Mayne0213 <bluemayne0213@icloud.com>
Date: Sun, 4 Jan 2026 19:57:03 +0900
Subject: [PATCH] REFACTOR(repo): security repo structure

- Add application.yaml for ArgoCD app-of-apps
- Add kustomization.yaml with security components
- Add renovate.json for automated updates
- Update all component argocd.yaml repoURLs to security repo

Components: authelia, vault, external-secrets, falco, trivy
---
 application.yaml             | 33 +++++++++++++++++++++++++++++++++
 authelia/argocd.yaml         |  4 ++--
 external-secrets/argocd.yaml |  2 +-
 falco/argocd.yaml            |  4 ++--
 kustomization.yaml           | 10 ++++++++++
 renovate.json                | 26 ++++++++++++++++++++++++++
 trivy/argocd.yaml            |  4 ++--
 vault/argocd.yaml            |  4 ++--
 8 files changed, 78 insertions(+), 9 deletions(-)
 create mode 100644 application.yaml
 create mode 100644 kustomization.yaml
 create mode 100644 renovate.json

diff --git a/application.yaml b/application.yaml
new file mode 100644
index 0000000..12a4471
--- /dev/null
+++ b/application.yaml
@@ -0,0 +1,33 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: security
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+
+  source:
+    repoURL: https://github.com/K3S-HOME/security.git
+    targetRevision: main
+    path: .
+
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: argocd
+
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+    retry:
+      limit: 5
+      backoff:
+        duration: 5s
+        factor: 2
+        maxDuration: 3m
+
+  revisionHistoryLimit: 10
diff --git a/authelia/argocd.yaml b/authelia/argocd.yaml
index 24e69a8..d7b731d 100644
--- a/authelia/argocd.yaml
+++ b/authelia/argocd.yaml
@@ -14,10 +14,10 @@ spec:
     helm:
       valueFiles:
       - $values/authelia/helm-values.yaml
-  - repoURL: https://github.com/K3S-HOME/cluster-infrastructure.git
+  - repoURL: https://github.com/K3S-HOME/security.git
     targetRevision: main
     ref: values
-  - repoURL: https://github.com/K3S-HOME/cluster-infrastructure.git
+  - repoURL: https://github.com/K3S-HOME/security.git
     targetRevision: main
     path: authelia
   destination:
diff --git a/external-secrets/argocd.yaml b/external-secrets/argocd.yaml
index 138ed17..b871eff 100644
--- a/external-secrets/argocd.yaml
+++ b/external-secrets/argocd.yaml
@@ -20,7 +20,7 @@ spec:
     helm:
       valueFiles:
       - $values/external-secrets/helm-values.yaml
-  - repoURL: https://github.com/K3S-HOME/cluster-infrastructure.git
+  - repoURL: https://github.com/K3S-HOME/security.git
     targetRevision: main
     ref: values
   destination:
diff --git a/falco/argocd.yaml b/falco/argocd.yaml
index 27d6fe5..e49ec20 100644
--- a/falco/argocd.yaml
+++ b/falco/argocd.yaml
@@ -14,10 +14,10 @@ spec:
     helm:
       valueFiles:
       - $values/falco/helm-values.yaml
-  - repoURL: https://github.com/K3S-HOME/cluster-infrastructure.git
+  - repoURL: https://github.com/K3S-HOME/security.git
     targetRevision: main
     ref: values
-  - repoURL: https://github.com/K3S-HOME/cluster-infrastructure.git
+  - repoURL: https://github.com/K3S-HOME/security.git
     targetRevision: main
     path: falco
     kustomize: {}
diff --git a/kustomization.yaml b/kustomization.yaml
new file mode 100644
index 0000000..3abd398
--- /dev/null
+++ b/kustomization.yaml
@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - application.yaml
+  - authelia/argocd.yaml
+  - vault/argocd.yaml
+  - external-secrets/argocd.yaml
+  - falco/argocd.yaml
+  - trivy/argocd.yaml
diff --git a/renovate.json b/renovate.json
new file mode 100644
index 0000000..da70c9a
--- /dev/null
+++ b/renovate.json
@@ -0,0 +1,26 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:recommended"
+  ],
+  "customManagers": [
+    {
+      "customType": "regex",
+      "managerFilePatterns": ["argocd\\.yaml$"],
+      "matchStrings": [
+        "repoURL:\\s*(?<registryUrl>ghcr\\.io/[^\\s]+)\\n\\s+chart:\\s*(?<depName>[^\\s]+)\\n\\s+targetRevision:\\s*(?<currentValue>[^\\s]+)"
+      ],
+      "datasourceTemplate": "helm",
+      "registryUrlTemplate": "oci://{{registryUrl}}"
+    }
+  ],
+  "kubernetes": {
+    "fileMatch": ["\\.yaml$"]
+  },
+  "helmv3": {
+    "fileMatch": ["helm-values\\.yaml$"]
+  },
+  "argocd": {
+    "fileMatch": ["argocd\\.yaml$"]
+  }
+}
diff --git a/trivy/argocd.yaml b/trivy/argocd.yaml
index ef09b49..919cf09 100644
--- a/trivy/argocd.yaml
+++ b/trivy/argocd.yaml
@@ -14,10 +14,10 @@ spec:
     helm:
       valueFiles:
       - $values/trivy/helm-values.yaml
-  - repoURL: https://github.com/K3S-HOME/monitoring.git
+  - repoURL: https://github.com/K3S-HOME/security.git
     targetRevision: main
     ref: values
-  - repoURL: https://github.com/K3S-HOME/monitoring.git
+  - repoURL: https://github.com/K3S-HOME/security.git
     targetRevision: main
     path: trivy
   destination:
diff --git a/vault/argocd.yaml b/vault/argocd.yaml
index f719c4b..83ee33a 100644
--- a/vault/argocd.yaml
+++ b/vault/argocd.yaml
@@ -14,10 +14,10 @@ spec:
     helm:
       valueFiles:
       - $values/vault/helm-values.yaml
-  - repoURL: https://github.com/K3S-HOME/cluster-infrastructure.git
+  - repoURL: https://github.com/K3S-HOME/security.git
     targetRevision: main
     ref: values
-  - repoURL: https://github.com/K3S-HOME/cluster-infrastructure.git
+  - repoURL: https://github.com/K3S-HOME/security.git
     targetRevision: main
     path: vault
   destination: