diff --git a/app-of-apps/work-siyuan.yaml b/app-of-apps/work-siyuan.yaml
new file mode 100644
index 0000000..690c136
--- /dev/null
+++ b/app-of-apps/work-siyuan.yaml
@@ -0,0 +1,17 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: work-siyuan
+  namespace: argocd
+spec:
+  destination:
+    namespace: work-siyuan
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    path: apps-kustomized/siyuan
+    repoURL: http://forgejo.git.svc.cluster.local/martyn/infra4talos.git
+    targetRevision: HEAD
+  syncPolicy:
+    automated:
+      selfHeal: true
diff --git a/apps-kustomized/work-siyuan/deploy.yaml b/apps-kustomized/work-siyuan/deploy.yaml
new file mode 100644
index 0000000..adfe437
--- /dev/null
+++ b/apps-kustomized/work-siyuan/deploy.yaml
@@ -0,0 +1,54 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: siyuan
+  name: siyuan
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: siyuan
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app: siyuan
+    spec:
+      containers:
+      - args:
+        - --workspace=/data
+        - --accessAuthCode=siyuan
+        env:
+        - name: PUID
+          value: "1001"
+        - name: GUID
+          value: "1002"
+        - name: SIYUAN_ACCESS_AUTH_CODE_BYPASS
+          value: "true"
+        image: docker.io/b3log/siyuan:v3.3.2
+        imagePullPolicy: IfNotPresent
+        name: siyuan
+        ports:
+        - containerPort: 6806
+          name: http
+          protocol: TCP
+        resources:
+          requests:
+            cpu: 25m
+            memory: "920733364"
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        volumeMounts:
+        - mountPath: /data
+          name: data
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - name: data
+        persistentVolumeClaim:
+          claimName: siyuan-data
diff --git a/apps-kustomized/work-siyuan/ing.yaml b/apps-kustomized/work-siyuan/ing.yaml
new file mode 100644
index 0000000..f6d7902
--- /dev/null
+++ b/apps-kustomized/work-siyuan/ing.yaml
@@ -0,0 +1,27 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    external-dns.alpha.kubernetes.io/target: armnleg.martyn.berlin
+    nginx.ingress.kubernetes.io/auth-signin: https://homeauth.martyn.berlin/oauth2/start?rd=https://$host$escaped_request_uri
+    nginx.ingress.kubernetes.io/auth-url: https://homeauth.martyn.berlin/oauth2/auth
+  labels:
+    app.kubernetes.io/name: siyuan
+  name: siyuan
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: work-siyuan.martyn.berlin
+    http:
+      paths:
+      - backend:
+          service:
+            name: siyuan
+            port:
+              number: 6806
+        path: /
+        pathType: Prefix
+  tls:
+  - hosts:
+    - work-siyuan.martyn.berlin
diff --git a/apps-kustomized/work-siyuan/pvc.yaml b/apps-kustomized/work-siyuan/pvc.yaml
new file mode 100644
index 0000000..bab9dd4
--- /dev/null
+++ b/apps-kustomized/work-siyuan/pvc.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: siyuan-data
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi
+  storageClassName: longhorn-fast
diff --git a/apps-kustomized/work-siyuan/svc.yaml b/apps-kustomized/work-siyuan/svc.yaml
new file mode 100644
index 0000000..2b7546c
--- /dev/null
+++ b/apps-kustomized/work-siyuan/svc.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: siyuan
+  name: siyuan
+spec:
+  ports:
+  - port: 80
+    targetPort: 6806
+  selector:
+    app: siyuan
+  type: LoadBalancer