diff --git a/.gitignore b/.gitignore
index 93a542c..14fcfd6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 **/_hold
+ignore/
\ No newline at end of file
diff --git a/apps/templates/prometheus.yaml b/apps/templates/prometheus.yaml
new file mode 100644
index 0000000..21b3a6e
--- /dev/null
+++ b/apps/templates/prometheus.yaml
@@ -0,0 +1,70 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: prometheus
+  namespace: argo-cd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: prometheus
+  project: default
+  source:
+    chart: kube-prometheus-stack
+    helm:
+      values: |
+
+        namespaceOverride: prometheus
+
+        alertmanager.enabled: true
+        kubeApiServer.enabled: false
+        kubelet.enabled: false
+        kubeControllerManager.enabled: false
+        coreDns.enabled: false
+        kubeDns.enabled: false
+        kubeEtcd.enabled: false
+        kubeScheduler.enabled: false
+        kubeProxy.enabled: false
+        kubeStateMetrics.enabled: false
+
+        grafana:
+          enabled: false
+          persistence:
+            enabled: true
+            storageClassName: longhorn
+          env:
+            GF_SERVER_ROOT_URL: https://%(domain)s/
+          #   GF_AUTH_GENERIC_OAUTH_ENABLED: "true"
+          #   GF_AUTH_GENERIC_OAUTH_NAME: authentik
+          #   GF_AUTH_GENERIC_OAUTH_SCOPES: openid profile email
+          #   GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://authentik.roxedus.com/application/o/authorize/
+          #   GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://authentik.roxedus.com/application/o/token/
+          #   GF_AUTH_GENERIC_OAUTH_API_URL: https://authentik.roxedus.com/application/o/userinfo/
+          #   GF_AUTH_SIGNOUT_REDIRECT_URL: https://authentik.roxedus.com/application/o/grafana/
+          #   GF_AUTH_OAUTH_AUTO_LOGIN: "true"
+          #   GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: "contains(groups[*], 'Grafana Admins') && 'Admin' || contains(groups[*], 'Grafana Editors') && 'Editor' || 'Viewer'"
+          # envFromSecrets:
+          #   - name: grafana-oauth
+          ingress:
+            enabled: true
+            ingressClassName: traefik
+            annotations:
+              cert-manager.io/acme-challenge-type: dns01
+              cert-manager.io/cluster-issuer: roxedus.com-cloudflare
+            hosts:
+              - grafana.roxedus.com
+            tls:
+              - hosts:
+                  - grafana.roxedus.com
+                secretName: grafana-roxedus-com-cert
+
+    repoURL: https://prometheus-community.github.io/helm-charts
+    targetRevision: 42.2.1
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true