diff --git a/.gitignore b/.gitignore
index e152f54..83bc8e9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,4 @@
+**/secret.yaml
 **/temp.yaml
 **/credentials
-**/.DS_Store
-*.agekey
+**/.DS_Store
\ No newline at end of file
diff --git a/.sops.yaml b/.sops.yaml
deleted file mode 100644
index 2d66535..0000000
--- a/.sops.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-keys:
-  - &argo age1mraede6gqxkh2rkeq5fjrcflp7emenl2qn885asxvtx5erga2pdqujuexz
-  - &tom age1s9nvc4rxj3kaj4apmzzn8fmjrudrvdhgu70rg04we9hyse5aadsq7kmckn
-  - &aaron age1z5wtjmk0jw0j9qz9k5rrnp30nzqxrl3v6wgl7eryvqus28zekp4qpx9jc2
-creation_rules:
-  - path_regex: .*
-    encrypted_regex: ^(data|stringData)$
-    key_groups:
-      - age:
-          - *argo
-          - *tom
-          - *aaron
diff --git a/app-files/core-deployments.yaml b/app-files/core-deployments.yaml
index 52a988f..3fe9d20 100644
--- a/app-files/core-deployments.yaml
+++ b/app-files/core-deployments.yaml
@@ -32,24 +32,14 @@ spec:
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: argocd
+  name: argocd-ingress
   namespace: argocd
 spec:
   project: default
-  sources:
-    - repoURL: https://argoproj.github.io/argo-helm
-      chart: argo-cd
-      targetRevision: 7.6.6
-      helm:
-        releaseName: argo
-        valueFiles:
-        - $values/argo/values.yaml
-    - repoURL: https://git.ar21.de/yolokube/core-deployments.git
-      targetRevision: HEAD
-      ref: values
-    - repoURL: https://git.ar21.de/yolokube/core-deployments.git
-      targetRevision: HEAD
-      path: argo
+  source:
+    repoURL: https://git.ar21.de/yolokube/core-deployments.git
+    targetRevision: HEAD
+    path: argo
   destination:
     server: https://kubernetes.default.svc
     namespace: argocd
@@ -57,8 +47,7 @@ spec:
     syncOptions:
     - CreateNamespace=true
     automated:
-      selfHeal: true
-      prune: false
+      prune: true
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: Application
diff --git a/argo/cm.yaml b/argo/cm.yaml
index 6189393..fafdd79 100644
--- a/argo/cm.yaml
+++ b/argo/cm.yaml
@@ -9,7 +9,6 @@ metadata:
     app.kubernetes.io/name: argocd-cm
     app.kubernetes.io/part-of: argocd
 data:
-  kustomize.buildOptions: "--enable-alpha-plugins --enable-exec"
   statusbadge.enabled: "true"
   resource.customizations: |
     networking.k8s.io/Ingress:
@@ -34,3 +33,28 @@ data:
     # Optional set of OIDC scopes to request. If omitted, defaults to: ["openid", "profile", "email", "groups"]
     requestedScopes: ["openid", "profile", "email"]
     logoutURL: https://auth.ar21.de/application/o/yolokube-argocd/end-session/
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: argocd-cmd-params-cm
+  namespace: argocd
+  labels:
+    app.kubernetes.io/instance: argocd-ingress
+    app.kubernetes.io/name: argocd-cm
+    app.kubernetes.io/part-of: argocd
+data:
+  server.insecure: "true"
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: argocd-rbac-cm
+  namespace: argocd
+  labels:
+    app.kubernetes.io/instance: argocd-ingress
+    app.kubernetes.io/name: argocd-cm
+    app.kubernetes.io/part-of: argocd
+data:
+  policy.csv: |
+    g, yolokube-general, role:admin
diff --git a/argo/ingress.yaml b/argo/ingress.yaml
new file mode 100644
index 0000000..906bb78
--- /dev/null
+++ b/argo/ingress.yaml
@@ -0,0 +1,24 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/tls-acme: "true"
+  name: argocd-ingress
+  namespace: argocd
+spec:
+  rules:
+  - host: "argo.services.yolokube.de"
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: argocd-server
+            port:
+              number: 80
+  tls:
+  - hosts:
+      - argo.services.yolokube.de
+    secretName: argocd-tls-key
diff --git a/argo/kustomization.yaml b/argo/kustomization.yaml
deleted file mode 100644
index dd98dfe..0000000
--- a/argo/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-generators:
-  - ./secret-generator.yaml
-resources:
-  - ./cm.yaml
diff --git a/argo/secret-generator.yaml b/argo/secret-generator.yaml
deleted file mode 100644
index 271743c..0000000
--- a/argo/secret-generator.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-apiVersion: viaduct.ai/v1
-kind: ksops
-metadata:
-  name: secret-generator
-  annotations:
-    config.kubernetes.io/function: |
-      exec:
-        path: ksops
-files:
-  - ./sops-secret.yaml
diff --git a/argo/sops-secret.yaml b/argo/sops-secret.yaml
deleted file mode 100644
index 3cafd8f..0000000
--- a/argo/sops-secret.yaml
+++ /dev/null
@@ -1,46 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-    name: sops-age
-    namespace: argocd
-type: Opaque
-data:
-    keys.txt: ENC[AES256_GCM,data:fY3isf0iaornjPYAGu7quWYC2O+LIm+gMvmjjhYgLWKK1YzIlOnW+ECaXRsmESr6F14rXayCGSlFzsEVJlVnaHvR+XgqX5Qj+ZUD8BCHW/cNcAcEWThVKZp6+CNIO9QsekkVv+huKpEZ/WPPr/dQZ/J8kuMHp7sCjoieG9tVXp0LbsGzMkodwrVKlE6kASKDsFZshtsQBhkx03MDLc/HC3z8eFwLV31fJ7MJTwZnhz9ONAexyFXwsjclWRR5nGizOCV0/tC8E3nOHugFX0Ae1GmWn69sTSf3lqNmT2RMm0iAZABJCdjcuBVZhegIyuGkrbL4GhKteNpqYVqe,iv:CuOiL/LTGp/W+7pOJPSb3b/UDewIusKs18MNKdsoC3s=,tag:ii1NFa2j4RxXgDfbMyJGjQ==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age1mraede6gqxkh2rkeq5fjrcflp7emenl2qn885asxvtx5erga2pdqujuexz
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3Z2lHdHB1bDBMNGFDb3gw
-            blJOU2RpTlRlTXM4OEdXL0oxczd4d2Y0TDNrCnFBWnluUDZhRVEyTVRoWC9HaXly
-            eTVsenRiTVFxU2h6VXFneEM0KzNWNFUKLS0tIDZLMHRNbm1rS04xUXBxdHlOVHAx
-            a0d1SW93TEROWkRpekt1VHlQZHhCRFEKsz8LUmpDrR7a7p7pd0FotGtxuEPwEeOY
-            L9lg0WJNJ9OAqJDBXoygedyQ4bWqFdDnr1U3RoPzbnOOgvAk9aPj3Q==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1s9nvc4rxj3kaj4apmzzn8fmjrudrvdhgu70rg04we9hyse5aadsq7kmckn
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzVkNZWFBIQnhxbEJ4T01J
-            aVlKa2NrcVAxdGNWY0JDaWk3UDlxeE90b2x3CjhMVm1Zb0ozdzB2VVlVckdwUUk5
-            dkZBeUo3aW1BM2ZmQVhpZ29TSm15RGsKLS0tIDZNc01xMVFnOGpLV3JGYytHTlgv
-            T3hQZHVZVDA1cjFNNEtBWkF2VkdFbjQKg4yy1rWCprRYmpXtMA0++x4VGJPEKAyx
-            b8+RC5TV82yWhqtF9pWpkIuzJ/5zKih49is9rSo5PoaL+QOpLYR5yw==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1z5wtjmk0jw0j9qz9k5rrnp30nzqxrl3v6wgl7eryvqus28zekp4qpx9jc2
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxMmZ6ekNxMEdCZXJKUCtp
-            YVV4RzBuQllGQlpZeDZ4UkpQV1l4Q0pIeWtjCjNlK3Y2Z21LRERVMkxZNVFYUHdU
-            NGhkdm9TSGtaNWo1ZEV0eTFNR2ZhNkkKLS0tIEpKOU44SU5EeC81aGRUektyUFl0
-            dE84M3JQeW1iY25ZaTdqMG8ySG9Cam8KQS8eKuIjhcTVBbcdkcyFezqoi9S6dc74
-            hWbNlP+BSHZD/Sx+6oYHIpJPYtJ8/IqZAwdQavyqj27AnsiKzY4rnw==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-09-30T18:24:55Z"
-    mac: ENC[AES256_GCM,data:4+/TztJYPPFOY/b9XEo3XfzDHD2tVZJc6/tDF0u5+DvTzGdp2/YvSTI/UPS2iEprsvG0lyveqPxdgweEgXMGcnpEcMhK6gzW1LVJmzFgWev0WjrmCxNNnMPMkU0hGG0WdgSAAlx4FLnms/gdEHDYnkXYqHH01N5EUSP9c8JpTIg=,iv:XJ+JuI5WjqXPTIgX1Jklc+kJzmIcEa6QAEGJISo4QBE=,tag:bMBGUfchsJE6I0h04aUB4Q==,type:str]
-    pgp: []
-    encrypted_regex: ^(data|stringData)$
-    version: 3.9.0
diff --git a/argo/values.yaml b/argo/values.yaml
deleted file mode 100644
index 7240092..0000000
--- a/argo/values.yaml
+++ /dev/null
@@ -1,51 +0,0 @@
-global:
-  domain: argo.services.yolokube.de
-configs:
-  cm:
-    create: false
-  params:
-    create: true
-    server.insecure: true
-  rbac:
-    create: true
-    policy.csv: |
-      g, yolokube-general, role:admin
-server:
-  ingress:
-    enabled: true
-    annotations:
-      kubernetes.io/tls-acme: "true"
-    tls: true
-repoServer:
-  volumes:
-    - name: custom-tools
-      emptyDir: {}
-    - name: sops-key
-      secret:
-        secretName: sops-age
-  initContainers:
-    - name: install-ksops
-      image: viaductoss/ksops:v4.3.2
-      command: ["/bin/sh", "-c"]
-      args:
-        - echo "Installing KSOPS...";
-          mv ksops /custom-tools/;
-          mv kustomize /custom-tools/;
-          echo "Done.";
-      volumeMounts:
-        - mountPath: /custom-tools
-          name: custom-tools
-  volumeMounts:
-    - mountPath: /usr/local/bin/kustomize
-      name: custom-tools
-      subPath: kustomize
-    - mountPath: /usr/local/bin/ksops
-      name: custom-tools
-      subPath: ksops
-    - mountPath: /.config/sops/age
-      name: sops-key
-  env:
-    - name: XDG_CONFIG_HOME
-      value: /.config
-    - name: SOPS_AGE_KEY_FILE
-      value: /.config/sops/age/keys.txt
diff --git a/renovate.json b/renovate.json
index 870240c..c522108 100644
--- a/renovate.json
+++ b/renovate.json
@@ -5,10 +5,6 @@
   "argocd": {
     "fileMatch": ["^app-files/core-deployments\\.yaml$"]
   },
-  "kubernetes": {
-    "enabled": true,
-    "fileMatch": ["\\.yaml$"]
-  },
   "packageRules": [
     {
       "matchPackageNames": ["kube-prometheus-stack"],