redaction (#1)

Add the redacted source file for demo purposes

Reviewed-on: https://source.michaeldileo.org/michael_dileo/Keybard-Vagabond-Demo/pulls/1
Co-authored-by: Michael DiLeo <michael_dileo@proton.me>
Co-committed-by: Michael DiLeo <michael_dileo@proton.me>

manifests/infrastructure/renovate/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - namespace.yaml
+  - secret.yaml
+  - renovate.yaml

manifests/infrastructure/renovate/namespace.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: renovate

manifests/infrastructure/renovate/renovate.yaml

@@ -0,0 +1,66 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: renovate
+  namespace: renovate
+spec:
+  interval: 5m0s
+  url: https://docs.renovatebot.com/helm-charts
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: renovate
+  namespace: renovate
+spec:
+  interval: 5m
+  chart:
+    spec:
+      chart: renovate
+      version: ">=37.0.0 <38.0.0"
+      sourceRef:
+        kind: HelmRepository
+        name: renovate
+        namespace: renovate
+      interval: 1m
+  values:
+    cronjob:
+      schedule: "0 2 * * *"
+      concurrencyPolicy: Forbid
+      startingDeadlineSeconds: 300
+      activeDeadlineSeconds: 600
+      backoffLimit: 0
+      successfulJobsHistoryLimit: 1
+      failedJobsHistoryLimit: 1
+    renovate:
+      config: |-
+        {
+          "extends": ["config:recommended"],
+          "labels": ["renovate", "dependencies"],
+          "platform": "gitea",
+          "endpoint": "https://<GITEA_INSTANCE>/",
+          "repositories": ["<USERNAME>/keyboard-vagabond"],
+          "gitAuthor": "Renovate Bot <renovate@<DOMAIN>>",
+          "kubernetes": {
+            "fileMatch": ["^manifests/.+\\.yaml$"]
+          },
+          "flux": {
+            "fileMatch": ["^manifests/.+\\.yaml$"]
+          }
+        }
+      securityContext:
+        runAsNonRoot: true
+        allowPrivilegeEscalation: false
+        seccompProfile:
+          type: RuntimeDefault
+        capabilities:
+          drop:
+            - ALL
+    envFrom:
+      - secretRef:
+          name: renovate-env
+    securityContext:
+      runAsUser: 12021
+      runAsGroup: 12021
+      fsGroup: 12021

manifests/infrastructure/renovate/secret.yaml

@@ -0,0 +1,39 @@
+# manifests/infrastructure/renovate/secret.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+    name: renovate-env
+    namespace: renovate
+type: Opaque
+stringData:
+    RENOVATE_TOKEN: ENC[AES256_GCM,data:NVcFbClXNfHArDM5zFSsDOBX5dz46KiR4bDZZTYg7gSdwYQvv8OEUw==,iv:WMNFH7ZWat3jOg+ogApZQ19kgJsE7NzwtRhgVjDpsXg=,tag:Hr5U7Tf6oQBNb9HGsPGD7g==,type:str]
+sops:
+    lastmodified: "2025-06-27T16:15:39Z"
+    mac: ENC[AES256_GCM,data:pniuVq1PuCxZYbqWcnf2cFOgmxnQS9SaNTvMaUSmn/jv6j/OE243ssELAMo25L1VaRcYeVXnQ6fOR8qZORUC3qxJMdvtdI+n6eenX5eTuWRrEITgsASbcdf7SO76aWkfm1W1voXEhuzaK3cm4oPSGivU0EYknclzXyQmJBU0N00=,iv:P74TJ6chnIYgrMBSxcLbceqvJ4bFdEPz5gqCe2RdKDM=,tag:uHd3x40b4HFPUxwUZ+XmHA==,type:str]
+    pgp:
+        - created_at: "2025-06-27T16:15:39Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hF4DZT3mpHTS/JgSAQdA+gTKduqkyqFWnaLKUpZp6bMsCG/EFb8eqlR9+o+cxF0w
+            sXvrAu2CeCMTL/z7kzM45lskiyRfkl0PNgyqgeLuOOtlVJlx6XhtlXnEAnw9akWf
+            1GYBCQIQ+hpZ37FRZl0ytP5ACdUy1THc/RdDThsDISyYeyE/pqFql9Nq95hxbPBG
+            mcW7xGR+RyM38Sas2xSmdnbWMOCLNEf+p1kdUK5e30/TxtUhhsmwE/KSqFl/R5M2
+            GY5JQxi0uUA=
+            =YLsa
+            -----END PGP MESSAGE-----
+          fp: B120595CA9A643B051731B32E67FF350227BA4E8
+        - created_at: "2025-06-27T16:15:39Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hF4DSXzd60P2RKISAQdAojv7Pf90HkerDzrywWKxGCegOF/prDAN5XoxQGUdcgYw
+            snNuhsmhKXMM7iQQkVD37BWiIx2O7Gls5pnSffUJ9hcbYza8wAWPrkiJ5RXTLXsJ
+            1GYBCQIQ2JrrjaarZf9wWapwxNi+HnxbuErohxVZfIGU1zGDpJJQPpwVi9fusPJC
+            toCK2/+9vRSQHiFn+rfRypHc2wEB907YKK0RqFGihj7T77bwDlOpQXqG5Haf/qpb
+            mpZuKvkEm0g=
+            =JOHU
+            -----END PGP MESSAGE-----
+          fp: 4A8AADB4EBAB9AF88EF7062373CECE06CC80D40C
+    encrypted_regex: ^(data|stringData)$
+    version: 3.10.2