forked from evolix/ansible-roles
Compare commits
323 commits
Author | SHA1 | Date | |
---|---|---|---|
Jérémy Lecour | c17bb03535 | ||
Jérémy Lecour | d7d58bf158 | ||
Jérémy Lecour | e5dc503cfd | ||
Jérémy Lecour | 270d03b6a6 | ||
Jérémy Lecour | 1dc4d0e133 | ||
Jérémy Lecour | c8ef7e9b75 | ||
53af37e055 | |||
Jérémy Lecour | d9e95218ce | ||
Eric Morino | 6321f32e81 | ||
Ludovic Poujol | 69a9cb9591 | ||
Ludovic Poujol | 39949ea921 | ||
Ludovic Poujol | e79141d2d2 | ||
Jérémy Lecour | 799466788f | ||
Jérémy Dubois | 03c97f2d0f | ||
William Hirigoyen (Evolix) | 1fdc0f2566 | ||
Jérémy Dubois | f3c443d076 | ||
ebfa8df6bc | |||
William Hirigoyen (Evolix) | 68b4b0803e | ||
Ludovic Poujol | 9995fca35d | ||
William Hirigoyen (Evolix) | e080b37be2 | ||
Ludovic Poujol | a2f73bb7df | ||
Jérémy Dubois | 981128dc17 | ||
Jérémy Lecour | 0cbdda840d | ||
Jérémy Lecour | 9e27d9707b | ||
Jérémy Lecour | 5153b88d01 | ||
Jérémy Lecour | 25563ee0f0 | ||
Jérémy Lecour | 3dd78fbf7e | ||
Jérémy Lecour | cd4822488c | ||
Jérémy Lecour | fcb0b8c80f | ||
Jérémy Lecour | cd26081add | ||
Jérémy Lecour | 8beb1e7460 | ||
Jérémy Lecour | 6d5aa67045 | ||
Jérémy Lecour | 359719d0d0 | ||
Jérémy Lecour | bb30402df3 | ||
Jérémy Lecour | 6ccd0ea440 | ||
Jérémy Lecour | 88cd8a0976 | ||
Jérémy Lecour | 519228ff9f | ||
6dc17658a9 | |||
Jérémy Lecour | 2849039fad | ||
Jérémy Lecour | 80f8a94798 | ||
Eric Morino | 0a244894eb | ||
Jérémy Lecour | 2c6a3601de | ||
Jérémy Lecour | bff8fcfebb | ||
Jérémy Lecour | 93929864be | ||
Jérémy Lecour | 52fff750df | ||
Jérémy Lecour | 0e34d4cd4b | ||
Jérémy Lecour | 8f8c024163 | ||
Jérémy Lecour | 1f4ee2de79 | ||
Jérémy Lecour | 0fce412cf5 | ||
Jérémy Lecour | 544b213529 | ||
Jérémy Lecour | 266289c72e | ||
Jérémy Lecour | 51bc48623b | ||
Mathieu Trossevin | 7a969a0be2 | ||
1902c40c3c | |||
fec9e49c18 | |||
Jérémy Dubois | 3822696db6 | ||
Jérémy Dubois | 4effe91b9f | ||
168b0fa9b7 | |||
Jérémy Lecour | c4fab71d7a | ||
Ludovic Poujol | c8a862c5e7 | ||
Jérémy Lecour | ea382a1686 | ||
Jérémy Lecour | ca1f465aaa | ||
William Hirigoyen (Evolix) | bd39adaf68 | ||
William Hirigoyen (Evolix) | 14883aa95e | ||
4c6d30a52c | |||
Jérémy Lecour | 1893b6dea5 | ||
Jérémy Lecour | ec346a42a5 | ||
William Hirigoyen (Evolix) | 1c754f7eb0 | ||
Eric Morino | 7bb7b22d1f | ||
Ludovic Poujol | 7c7ccf07eb | ||
Ludovic Poujol | 64b632c000 | ||
Ludovic Poujol | 8b701e615f | ||
Ludovic Poujol | d27d6b69cd | ||
Ludovic Poujol | bd429275d1 | ||
Eric Morino | cd7c488713 | ||
Eric Morino | 7e36d03804 | ||
Eric Morino | 2ec026c2b3 | ||
Mathieu Trossevin | 53cd3ba342 | ||
d3eef71127 | |||
Ludovic Poujol | 82694ef5e9 | ||
Ludovic Poujol | a35139fcee | ||
Eric Morino | 8dca949564 | ||
Eric Morino | c9af7db827 | ||
Eric Morino | 21bd4021d3 | ||
Eric Morino | 4fb885a33b | ||
Jérémy Lecour | e4bb0c6f55 | ||
Jérémy Lecour | 039c740ef3 | ||
William Hirigoyen (Evolix) | 51aaac0cbc | ||
Jérémy Lecour | 6cf8195744 | ||
0247216429 | |||
Eric Morino | 2ea8d279d5 | ||
William Hirigoyen (Evolix) | b9c1e9eafe | ||
Jérémy Lecour | dcfea674a4 | ||
Jérémy Lecour | 646a7b1813 | ||
Jérémy Lecour | dd53c01027 | ||
Jérémy Lecour | 0e2b43a1e9 | ||
Jérémy Dubois | 90acb99c2a | ||
Jérémy Lecour | ca28df1b75 | ||
Jérémy Lecour | 1706361e8d | ||
Jérémy Lecour | 72e8200d5b | ||
Ludovic Poujol | 03f846b94b | ||
Jérémy Lecour | 7cb6dffd6f | ||
Jérémy Lecour | dcdde5f7f6 | ||
Ludovic Poujol | 9b3bb39bd0 | ||
Ludovic Poujol | b120a92203 | ||
Eric Morino | be5bb73675 | ||
Ludovic Poujol | a9d0d0958d | ||
Jérémy Dubois | d38119eb0f | ||
Jérémy Lecour | 7586881f4d | ||
Jérémy Lecour | bbd16dc5b4 | ||
Jérémy Lecour | 33cb1dd8ef | ||
Jérémy Lecour | 6a4b250b5d | ||
Jérémy Lecour | 520cba9c5b | ||
Jérémy Lecour | 9aff38c0a7 | ||
Eric Morino | 2dfd0c0706 | ||
Jérémy Lecour | 3e80c98a05 | ||
Jérémy Lecour | 2d11580a6e | ||
Jérémy Lecour | dfd6aa0315 | ||
Jérémy Lecour | 679875d00b | ||
Ludovic Poujol | 73d6979e72 | ||
616ead41d5 | |||
Jérémy Lecour | a6fe0397a6 | ||
Jérémy Lecour | 7d63f20336 | ||
Jérémy Lecour | 86e5df9c16 | ||
Jérémy Lecour | 7b14296503 | ||
Jérémy Lecour | 37cb18f676 | ||
Jérémy Lecour | e089ddf091 | ||
Jérémy Lecour | de843cb91f | ||
Jérémy Lecour | 6cb2c66924 | ||
Jérémy Lecour | b293cf2cf9 | ||
Jérémy Lecour | dc1a01ce37 | ||
Jérémy Lecour | 5cbfda8f52 | ||
Jérémy Lecour | b2f8095d14 | ||
Jérémy Lecour | 9b479f9c05 | ||
Jérémy Lecour | 4a035d248d | ||
Jérémy Lecour | 3de5de5304 | ||
Jérémy Lecour | 4c52719561 | ||
Jérémy Lecour | 437d2986ae | ||
Jérémy Lecour | 0eb7332a34 | ||
Jérémy Lecour | febc76b26c | ||
Ludovic Poujol | e130728034 | ||
Jérémy Lecour | 73efee9caa | ||
Eric Morino | 3fcb79a3a3 | ||
Eric Morino | ae2be6a009 | ||
Jérémy Lecour | 1d55965527 | ||
Jérémy Lecour | 8233264d2a | ||
Jérémy Lecour | ef1472cbba | ||
Ludovic Poujol | f75354bb84 | ||
Ludovic Poujol | de4d814d74 | ||
Ludovic Poujol | 6a2cd59e6d | ||
Ludovic Poujol | 51fd2337f0 | ||
Ludovic Poujol | fa0c668cec | ||
45b7ce3486 | |||
Jérémy Lecour | 2b549af7d9 | ||
Jérémy Lecour | e429f7aecb | ||
Jérémy Lecour | 0cab062431 | ||
Jérémy Lecour | e76f2fe448 | ||
Jérémy Lecour | b908fc6cee | ||
Jérémy Lecour | 51e414df31 | ||
Jérémy Lecour | 887c1552cb | ||
Jérémy Lecour | e45ee59801 | ||
Jérémy Lecour | 73f55a42fa | ||
Jérémy Lecour | 65750d2aa6 | ||
Jérémy Lecour | 74ab96d67f | ||
Eric Morino | d2ef3fe27f | ||
5e794cd2b6 | |||
Eric Morino | 6c21c3b505 | ||
Jérémy Lecour | ecba57ad75 | ||
Jérémy Lecour | 2c7380240c | ||
Eric Morino | 999efb3983 | ||
Eric Morino | 916138575a | ||
Jérémy Lecour | 5a83a30a4c | ||
Eric Morino | bd92ff95c8 | ||
2448168008 | |||
Ludovic Poujol | 42189ba613 | ||
Jérémy Lecour | 066baf3538 | ||
Eric Morino | ca7d8e9739 | ||
Jérémy Lecour | ad457dd7ba | ||
Jérémy Lecour | 969a5bce7d | ||
Jérémy Lecour | d186e21239 | ||
Jérémy Lecour | c9f25f4638 | ||
Jérémy Lecour | 139b342fbd | ||
491407953c | |||
Jérémy Lecour | bf49ec8df5 | ||
Jérémy Lecour | 32b5efa30e | ||
Jérémy Lecour | 73352f55d7 | ||
Ludovic Poujol | b362fadc80 | ||
Ludovic Poujol | 8e6c08b81b | ||
Ludovic Poujol | 7a089f88af | ||
Ludovic Poujol | 49cb5adf92 | ||
Jérémy Lecour | c77e0d73f8 | ||
Jérémy Lecour | 29ec7bdcf2 | ||
Jérémy Lecour | ffd7d0e504 | ||
Jérémy Lecour | 6f66ab8e93 | ||
Jérémy Lecour | ba3ed5e903 | ||
Jérémy Lecour | d1829e7000 | ||
Jérémy Lecour | 4167b6d2a9 | ||
Jérémy Lecour | 3721c2ab38 | ||
Jérémy Lecour | 04e41b5dc9 | ||
Jérémy Lecour | 5905751a82 | ||
Jérémy Lecour | b5bcd666c6 | ||
Jérémy Lecour | 58cd1fedfa | ||
Jérémy Lecour | a5658b7f26 | ||
Jérémy Lecour | 5c1ae6ed0c | ||
Jérémy Lecour | 8a784c39ab | ||
Jérémy Lecour | 9c8dd743c8 | ||
Jérémy Lecour | 6b87ead5b4 | ||
Jérémy Lecour | d40fad662f | ||
Jérémy Lecour | 613a11d119 | ||
Jérémy Lecour | a60189eb3e | ||
Jérémy Lecour | c80c354d65 | ||
Jérémy Lecour | e8a8e85819 | ||
Jérémy Lecour | c5ab0c0ff9 | ||
Jérémy Lecour | f673ea85d1 | ||
Jérémy Lecour | 2c441f176a | ||
Jérémy Lecour | c5bb8f06ae | ||
Jérémy Lecour | 51d4ec1bb2 | ||
Jérémy Lecour | 5e09906c8f | ||
Jérémy Lecour | 380c50b999 | ||
Jérémy Lecour | 008cb6a3c9 | ||
Jérémy Lecour | 52d06a3987 | ||
Jérémy Lecour | 4a158ac819 | ||
Jérémy Lecour | 2f68ae5339 | ||
Jérémy Lecour | 6bfef35729 | ||
Jérémy Lecour | b8ac36e673 | ||
Jérémy Lecour | 83e8a3d75a | ||
Jérémy Lecour | 27a09ce682 | ||
Jérémy Lecour | 90cbd17f9b | ||
Jérémy Lecour | b0b24744d6 | ||
Jérémy Lecour | 11813c31a4 | ||
Jérémy Lecour | 51462c724c | ||
Jérémy Lecour | 1b8de7c524 | ||
Jérémy Lecour | 2ed1dac16b | ||
Jérémy Lecour | f082cb652a | ||
Jérémy Lecour | f473e99d6d | ||
Jérémy Lecour | b8c5ac3097 | ||
Jérémy Lecour | 6d757f971e | ||
Jérémy Lecour | 55ad6882b5 | ||
Jérémy Lecour | 0fe0244116 | ||
Jérémy Lecour | 1890a79702 | ||
Jérémy Lecour | 4c1ef1bd56 | ||
Jérémy Lecour | 22145a29b2 | ||
Eric Morino | af9b1a4766 | ||
Eric Morino | cb257ef927 | ||
Jérémy Lecour | 6190c66445 | ||
Jérémy Lecour | dd32ab5688 | ||
Jérémy Lecour | dbc853a815 | ||
Jérémy Lecour | 81730de78b | ||
Jérémy Lecour | 4c7fed77c4 | ||
Jérémy Lecour | fe9b7ee5f7 | ||
Jérémy Lecour | 53eaf085f5 | ||
Jérémy Lecour | 9d0bfec87e | ||
Jérémy Lecour | edfcbbad0a | ||
Jérémy Lecour | 5d7d62b284 | ||
Jérémy Lecour | 4e8c622cc0 | ||
Jérémy Lecour | 7f3eebcfc6 | ||
Jérémy Lecour | 4d7e6fd271 | ||
Jérémy Lecour | 3d715bae35 | ||
Eric Morino | e75eeb8c3f | ||
Jérémy Lecour | ca40fad186 | ||
Jérémy Lecour | f6dcce239b | ||
Jérémy Lecour | 856d11aced | ||
965dc2d20b | |||
dbc06c1c59 | |||
Jérémy Lecour | 454d4c6d30 | ||
Jérémy Lecour | 2c47871fa7 | ||
Jérémy Dubois | 89b0bd5a2b | ||
Jérémy Lecour | dd42c3673c | ||
Jérémy Lecour | 06b8314211 | ||
Ludovic Poujol | 56c064d86b | ||
Eric Morino | 547272eefd | ||
Jérémy Lecour | 02451f1e67 | ||
Jérémy Lecour | 4d83f25ae6 | ||
Jérémy Lecour | cae0de17df | ||
Jérémy Lecour | 56af68e5b3 | ||
Jérémy Dubois | 60f2f19402 | ||
Jérémy Lecour | e65340cb56 | ||
Jérémy Lecour | 7dc6f0b849 | ||
Jérémy Lecour | 9ca68a16dd | ||
Jérémy Lecour | 9b2a3a6db2 | ||
Jérémy Lecour | d823c8116a | ||
Jérémy Lecour | 3c9be8d913 | ||
Jérémy Lecour | 2ed77c60f0 | ||
Jérémy Lecour | 3dde4ee6d3 | ||
Jérémy Lecour | 58bf79218f | ||
Jérémy Lecour | 403ea45eeb | ||
Jérémy Lecour | 7d08b0a30a | ||
Jérémy Lecour | b41a2fd04f | ||
Jérémy Lecour | b049ad79d6 | ||
Jérémy Lecour | 83705a48b8 | ||
Jérémy Lecour | 9f2125e287 | ||
Jérémy Lecour | e5e4dc95fa | ||
Jérémy Lecour | e7ddf9d46c | ||
Jérémy Lecour | 485ec39674 | ||
Jérémy Lecour | 07fd6451e1 | ||
Jérémy Lecour | 5138065059 | ||
Jérémy Lecour | debc4a82ca | ||
Jérémy Lecour | b3a62aa9d8 | ||
Jérémy Lecour | eacdd2c7f2 | ||
Jérémy Lecour | 9cdddd50a8 | ||
Jérémy Lecour | a7971abb04 | ||
Jérémy Lecour | 92f28d85fe | ||
Jérémy Lecour | 1caae2437a | ||
Jérémy Lecour | cc6acdbf34 | ||
Jérémy Lecour | 6eaeb90f6e | ||
Jérémy Lecour | 43c726e86a | ||
Jérémy Lecour | 8716ffbb1e | ||
Jérémy Lecour | 047605a2a2 | ||
Jérémy Lecour | 920cb7eaeb | ||
Jérémy Lecour | 66ea07ec29 | ||
Jérémy Lecour | 2386733231 | ||
Jérémy Lecour | 5b9d2a2776 | ||
Jérémy Lecour | 5d79c31dc3 | ||
f260fedbae | |||
75675a96b1 | |||
Jérémy Lecour | 94a5d7daa2 | ||
Jérémy Lecour | eab68545fe | ||
Ludovic Poujol | 3457b14fed | ||
Ludovic Poujol | d56c545183 | ||
Jérémy Lecour | 2f4b5b9448 | ||
Jérémy Lecour | 5e0ca0e3ff | ||
Ludovic Poujol | 0f8804a8ab | ||
Jérémy Lecour | a5a2c6e335 |
192
CHANGELOG.md
192
CHANGELOG.md
|
@ -4,9 +4,9 @@ All notable changes to this project will be documented in this file.
|
||||||
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
|
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
|
||||||
|
|
||||||
This project does not follow semantic versioning.
|
This project does not follow semantic versioning.
|
||||||
The **major** part of the version is aligned with the stable version of Debian.
|
The **major** part of the version is the year
|
||||||
The **minor** part changes with big changes (probably incompatible).
|
The **minor** part changes is the month
|
||||||
The **patch** part changes incrementally at each release.
|
The **patch** part changes is incremented if multiple releases happen the same month
|
||||||
|
|
||||||
## [Unreleased]
|
## [Unreleased]
|
||||||
|
|
||||||
|
@ -14,12 +14,194 @@ The **patch** part changes incrementally at each release.
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
|
|
||||||
|
* minifirewall: tail template follows symlinks
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
|
|
||||||
### Removed
|
### Removed
|
||||||
|
|
||||||
### Security
|
### Security
|
||||||
|
|
||||||
|
## [22.03] 2022-03-02
|
||||||
|
|
||||||
|
### Added
|
||||||
|
|
||||||
|
* apt: apt_hold_packages: broadcast message with wall, if present
|
||||||
|
* evolinux-base: option to bypass raid-related tasks
|
||||||
|
* Explicit permissions for systemd overrides
|
||||||
|
* generate-ldif: Add support for php-fpm in containers
|
||||||
|
* kvm-host: add missing default value
|
||||||
|
* lxc-php: preliminary support for PHP 8.1 container
|
||||||
|
* openvpn: now check that openvpn has been restarted since last certificates renewal
|
||||||
|
* redis: always install check_redis_instances
|
||||||
|
* redis: check_redis_instances tolerates absence of instances
|
||||||
|
|
||||||
|
### Changed
|
||||||
|
|
||||||
|
* elasticsearch: Use `/etc/elasticsearch/jvm.options.d/evolinux` instead of default `/etc/elasticsearch/jvm.options`
|
||||||
|
* evolinux-users: check permissions for /etc/sudoers.d
|
||||||
|
* evolinux-users: optimize sudo configuration
|
||||||
|
* lxc: Fail if /var is nosuid
|
||||||
|
* openvpn: make it compatible with OpenBSD and add some improvements
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## [22.01.3] 2022-01-31
|
||||||
|
|
||||||
|
### Changed
|
||||||
|
|
||||||
|
* rbenv: install Ruby 3.1.0 by default
|
||||||
|
* evolinux-base: backup-server-state: add "force" mode
|
||||||
|
|
||||||
|
### Fixed
|
||||||
|
|
||||||
|
* evolinux-base: backup-server-state: fix systemctl invocation
|
||||||
|
* varnish: update munin plugin to work with recent varnish versions
|
||||||
|
|
||||||
|
## [22.01.2] 2022-01-27
|
||||||
|
|
||||||
|
### Changed
|
||||||
|
|
||||||
|
* evolinux-base: many improvements for backup-server-state script
|
||||||
|
* remount-usr: use findmnt to find if usr is a readonly partition
|
||||||
|
|
||||||
|
## [22.01] 2022-01-25
|
||||||
|
|
||||||
|
### Added
|
||||||
|
|
||||||
|
* Support for Debian 11 « Bullseye » (with possible remaining blind spots)
|
||||||
|
* apache: new variable for MPM mode (+ updated default config accordingly)
|
||||||
|
* apache: prevent accessing Git or "env" related files
|
||||||
|
* certbot: add script for manual deploy hooks execution
|
||||||
|
* docker-host: install additional dependencies
|
||||||
|
* dovecot: switch to TLS 1.2+ and external DH params
|
||||||
|
* etc-git: centralize cron jobs in dedicated crontab
|
||||||
|
* etc-git: manage commits with an optimized shell script instead of many slow Ansible tasks
|
||||||
|
* evolinux-base: add script backup-server-state
|
||||||
|
* evolinux-base: configure top and htop to display the swap column
|
||||||
|
* evolinux-base: install molly-guard by default
|
||||||
|
* generate-ldif: detect RAID controller
|
||||||
|
* generate-ldif: detect mdadm
|
||||||
|
* listupgrade: crontab is configurable
|
||||||
|
* logstash: logging to syslog is configurable (default: True)
|
||||||
|
* mongodb: create munin plugins directory if missing
|
||||||
|
* munin: systemd override to unprotect home directory
|
||||||
|
* mysql: add evomariabackup 21.11
|
||||||
|
* mysql: improve Bullseye compatibility
|
||||||
|
* mysql: script "mysql_connections" to display a compact list of connections
|
||||||
|
* mysql: script "mysql-queries-killer.sh" to kill MySQL queries
|
||||||
|
* nagios-nrpe + evolinux-users: new check for ipmi
|
||||||
|
* nagios-nrpe + evolinux-users: new check for RAID (soft + hard)
|
||||||
|
* nagios-nrpe + evolinux-users: new checks for bkctld
|
||||||
|
* nagios-nrpe: new check influxdb
|
||||||
|
* openvpn: new role (beta)
|
||||||
|
* redis: instance service for Debian 11
|
||||||
|
* squid: add *.o.lencr.org to default whitelist
|
||||||
|
|
||||||
|
### Changed
|
||||||
|
|
||||||
|
* Change version pattern
|
||||||
|
* Install python 2 or 3 libraries according to running python version
|
||||||
|
* Remove embedded GPG keys only if legacy keyring is present
|
||||||
|
* apt: remove workaround for Evolix public repositories with Debian 11
|
||||||
|
* apt: upgrade packages after all the configuration is done
|
||||||
|
* apt: use the new security repository for Bullseye
|
||||||
|
* certbot: silence letsencrypt deprecation warnings
|
||||||
|
* elasticsearch: elastic_stack_version = 7.x
|
||||||
|
* evoacme: exclude renewal-hooks directory from cron
|
||||||
|
* evoadmin-web: simpler PHP packages lists
|
||||||
|
* evocheck: upstream release 21.10.4
|
||||||
|
* evolinux-base: alert5 comes after the network
|
||||||
|
* evolinux-base: force Debian version to buster for Evolix repository (temporary)
|
||||||
|
* evolinux-base: install freeipmi by default on dedicated hw
|
||||||
|
* evolinux-base: logs are rotated with dateext by default
|
||||||
|
* evolinux-base: split dpkg logrotate configuration
|
||||||
|
* evolinux-users + nagios-nrpe: Add support for php-fpm80 in lxc
|
||||||
|
* evomaintenance: extract a config.yml tasks file
|
||||||
|
* evomaintenance: upstream release 22.01
|
||||||
|
* filebeat/metricbeat: elastic_stack_version = 7.x
|
||||||
|
* kibana: elastic_stack_version = 7.x
|
||||||
|
* listupgrade: old-kernel-removal version 21.10
|
||||||
|
* listupgrade: upstream release 21.06.3
|
||||||
|
* logstash: elastic_stack_version = 7.x
|
||||||
|
* mongodb: Allow to specify a mongodb version for buster & bullseye
|
||||||
|
* mongodb: Deny the install on Debian 11 « Bullseye » when the version is unsupported
|
||||||
|
* mongodb: Support version 5.0 (for buster)
|
||||||
|
* mysql: use python3 and mariadb-client-10.5 with Debian 11 and later
|
||||||
|
* nodejs: default to version 16 LTS
|
||||||
|
* php: enforce Debian version with assert instead of fail
|
||||||
|
* squid: improve default whitelist (more specific patterns)
|
||||||
|
* squid: must be started in foreground mode for systemd
|
||||||
|
* squid: remove obsolete variable on Squid 4
|
||||||
|
|
||||||
|
### Fixed
|
||||||
|
|
||||||
|
* evolinux-base: fix alert5.service dependency syntax
|
||||||
|
* certbot: sync_remote excludes itself
|
||||||
|
* lxc-php: fix config for opensmtpd on bullseye containers
|
||||||
|
* mysql : Create a default ~root/.my.cnf for compatibility reasons
|
||||||
|
* nginx : fix variable name and debug to actually use nginx-light
|
||||||
|
* packweb-apache : Support php 8.0
|
||||||
|
* nagios-nrpe: Fix check_nfsserver for buster and bullseye
|
||||||
|
|
||||||
|
### Removed
|
||||||
|
|
||||||
|
* evocheck: package install is not supported anymore
|
||||||
|
* logstash: no more dependency on Java
|
||||||
|
* php: remove php-gettext for 7.4
|
||||||
|
|
||||||
|
## [10.6.0] 2021-06-28
|
||||||
|
|
||||||
|
### Added
|
||||||
|
|
||||||
|
* Add Elastic GPG key to kibana, filebeat, logstash, metricbeat roles
|
||||||
|
* apache: new variable for mpm mode (+ updated default config accordingly)
|
||||||
|
* evolinux-base: add default motd template
|
||||||
|
* kvm-host: add migrate-vm script
|
||||||
|
* mysql: variable to disable myadd script overwrite (default: True)
|
||||||
|
* nodejs: update apt cache before installing the package
|
||||||
|
* squid: add Yarn apt repository in default whitelist
|
||||||
|
|
||||||
|
### Changed
|
||||||
|
|
||||||
|
* Update Galaxy metadata (company, platforms and galaxy_tags)
|
||||||
|
* Use 'loop' syntax instead of 'with_first_found/with_items/with_dict/with_nested/with_list'
|
||||||
|
* Use Ansible syntax used in Ansible 2.8+
|
||||||
|
* apt: store keys in /etc/apt/trusted.gpg.d in ascii format
|
||||||
|
* certbot: sync_remote.sh is configurable
|
||||||
|
* evolinux-base: copy GPG key instead of using apt-key
|
||||||
|
* evomaintenance: upstream release 0.6.4
|
||||||
|
* kvm-host: replace the "kvm-tools" package with scripts deployed by Ansible
|
||||||
|
* listupgrade: upstream release 21.06.2
|
||||||
|
* nodejs: change GPG key name
|
||||||
|
* ntpd: Add leapfile configuration setting to ntpd on debian 10+
|
||||||
|
* packweb-apache: install phpMyAdmin from buster-backports
|
||||||
|
* spamassassin: change dependency on evomaintenance
|
||||||
|
* squid: remove obsolete variable on Squid 4
|
||||||
|
|
||||||
|
### Fixed
|
||||||
|
|
||||||
|
* add default (useless) value for file lookup (first_found)
|
||||||
|
* fix pipefail option for shell invocations
|
||||||
|
* elasticsearch: inline YAML formatting of seed_hosts and initial_master_nodes
|
||||||
|
* evolinux-base: fix motd lookup path
|
||||||
|
* ldap: fix edge cases where passwords were not set/get properly
|
||||||
|
* listupgrade: fix wget error + shellcheck cleanup
|
||||||
|
|
||||||
|
### Removed
|
||||||
|
|
||||||
|
* elasticsearch: recent versiond don't depend on external JRE
|
||||||
|
|
||||||
|
## [10.5.1] 2021-04-13
|
||||||
|
|
||||||
|
### Added
|
||||||
|
|
||||||
|
* haproxy: dedicated internal address/binding (without SSL)
|
||||||
|
|
||||||
|
### Changed
|
||||||
|
|
||||||
|
* etc-git: commit in /usr/share/scripts when there's an active repository
|
||||||
|
|
||||||
## [10.5.0] 2021-04-01
|
## [10.5.0] 2021-04-01
|
||||||
|
|
||||||
### Added
|
### Added
|
||||||
|
@ -27,7 +209,7 @@ The **patch** part changes incrementally at each release.
|
||||||
* apache: new variables for logrotate + server-status
|
* apache: new variables for logrotate + server-status
|
||||||
* filebeat: package can be upgraded to latest (default: False)
|
* filebeat: package can be upgraded to latest (default: False)
|
||||||
* haproxy: possible admin access with login/pass
|
* haproxy: possible admin access with login/pass
|
||||||
* lxc-php: Add PHP 7.4 support
|
* lxc-php: Add PHP 7.4 support
|
||||||
* metricbeat: package can be upgraded to latest (default: False)
|
* metricbeat: package can be upgraded to latest (default: False)
|
||||||
* metricbeat: new variables to configure SSL mode
|
* metricbeat: new variables to configure SSL mode
|
||||||
* nagios-nrpe: new script check_phpfpm_multi
|
* nagios-nrpe: new script check_phpfpm_multi
|
||||||
|
@ -100,7 +282,7 @@ The **patch** part changes incrementally at each release.
|
||||||
* tomcat-instance: fail if uid already exists
|
* tomcat-instance: fail if uid already exists
|
||||||
* varnish: change template name for better readability
|
* varnish: change template name for better readability
|
||||||
* varnish: no threadpool delay by default
|
* varnish: no threadpool delay by default
|
||||||
* varnish: no custom reload script for Debian 10 and later
|
* varnish: no custom reload script for Debian 10 and later
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
|
|
||||||
|
|
|
@ -21,11 +21,11 @@
|
||||||
groupname: launched-instances
|
groupname: launched-instances
|
||||||
ansible_user: admin
|
ansible_user: admin
|
||||||
ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
|
ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
|
||||||
with_items: "{{ec2.instances}}"
|
loop: "{{ec2.instances}}"
|
||||||
|
|
||||||
- debug:
|
- debug:
|
||||||
msg: "Your newly created instance is reachable at: {{item.public_dns_name}}"
|
msg: "Your newly created instance is reachable at: {{item.public_dns_name}}"
|
||||||
with_items: "{{ec2.instances}}"
|
loop: "{{ec2.instances}}"
|
||||||
|
|
||||||
- name: Wait for SSH to come up on all instances (give up after 2m)
|
- name: Wait for SSH to come up on all instances (give up after 2m)
|
||||||
wait_for:
|
wait_for:
|
||||||
|
@ -33,4 +33,4 @@
|
||||||
host: "{{item.public_dns_name}}"
|
host: "{{item.public_dns_name}}"
|
||||||
port: 22
|
port: 22
|
||||||
timeout: 120
|
timeout: 120
|
||||||
with_items: "{{ec2.instances}}"
|
loop: "{{ec2.instances}}"
|
||||||
|
|
|
@ -23,3 +23,5 @@ log2mail_alert_email: Null
|
||||||
|
|
||||||
apache_logrotate_frequency: daily
|
apache_logrotate_frequency: daily
|
||||||
apache_logrotate_rotate: 365
|
apache_logrotate_rotate: 365
|
||||||
|
|
||||||
|
apache_mpm: "itk"
|
|
@ -24,3 +24,6 @@ SetEnvIf User-Agent "ApacheBench" GoAway=1
|
||||||
#<FilesMatch ".(eot|ttf|otf|woff)">
|
#<FilesMatch ".(eot|ttf|otf|woff)">
|
||||||
# Header set Access-Control-Allow-Origin "*"
|
# Header set Access-Control-Allow-Origin "*"
|
||||||
#</FilesMatch>
|
#</FilesMatch>
|
||||||
|
|
||||||
|
# you need disable EnableCapabilities to use data on NFS mounts
|
||||||
|
#EnableCapabilities off
|
||||||
|
|
|
@ -3,12 +3,43 @@ Timeout 10
|
||||||
KeepAliveTimeout 2
|
KeepAliveTimeout 2
|
||||||
MaxKeepAliveRequests 10
|
MaxKeepAliveRequests 10
|
||||||
#MaxClients 250
|
#MaxClients 250
|
||||||
MaxRequestWorkers 250
|
|
||||||
ServerLimit 250
|
<IfModule mpm_prefork_module>
|
||||||
StartServers 50
|
MaxRequestWorkers 250
|
||||||
MinSpareServers 20
|
ServerLimit 250
|
||||||
MaxSpareServers 30
|
StartServers 50
|
||||||
MaxRequestsPerChild 0
|
MinSpareServers 20
|
||||||
|
MaxSpareServers 30
|
||||||
|
MaxRequestsPerChild 0
|
||||||
|
</IfModule>
|
||||||
|
|
||||||
|
<IfModule mpm_worker_module>
|
||||||
|
StartServers 3
|
||||||
|
MinSpareThreads 25
|
||||||
|
MaxSpareThreads 75
|
||||||
|
ThreadLimit 64
|
||||||
|
ThreadsPerChild 25
|
||||||
|
MaxRequestWorkers 150
|
||||||
|
MaxConnectionsPerChild 0
|
||||||
|
</IfModule>
|
||||||
|
|
||||||
|
<IfModule mpm_itk_module>
|
||||||
|
LimitUIDRange 0 6000
|
||||||
|
LimitGIDRange 0 6000
|
||||||
|
</IfModule>
|
||||||
|
|
||||||
|
<IfModule ssl_module>
|
||||||
|
SSLProtocol all -SSLv2 -SSLv3
|
||||||
|
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4
|
||||||
|
</IfModule>
|
||||||
|
|
||||||
|
<IfModule status_module>
|
||||||
|
ExtendedStatus On
|
||||||
|
<IfModule proxy_module>
|
||||||
|
ProxyStatus On
|
||||||
|
</IfModule>
|
||||||
|
</IfModule>
|
||||||
|
|
||||||
|
|
||||||
<Directory /home/>
|
<Directory /home/>
|
||||||
AllowOverride None
|
AllowOverride None
|
||||||
|
@ -17,27 +48,23 @@ MaxRequestsPerChild 0
|
||||||
Deny from env=GoAway
|
Deny from env=GoAway
|
||||||
</Directory>
|
</Directory>
|
||||||
|
|
||||||
<IfModule mod_ssl.c>
|
<DirectoryMatch "/\.git">
|
||||||
SSLProtocol all -SSLv2 -SSLv3
|
# We don't want to let the client know a file exist on the server,
|
||||||
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4
|
# so we return 404 "Not found" instead of 403 "Forbidden".
|
||||||
</IfModule>
|
Redirect 404
|
||||||
|
</DirectoryMatch>
|
||||||
|
|
||||||
<Files ~ "\.(inc|bak)$">
|
# File names starting with
|
||||||
Require all denied
|
<FilesMatch "^\.(git|env)">
|
||||||
</Files>
|
Redirect 404
|
||||||
|
</FilesMatch>
|
||||||
|
|
||||||
<IfModule mod_status.c>
|
# File names ending with
|
||||||
ExtendedStatus On
|
<FilesMatch "\.(inc|bak)$">
|
||||||
<IfModule mod_proxy.c>
|
Redirect 404
|
||||||
ProxyStatus On
|
</FilesMatch>
|
||||||
</IfModule>
|
|
||||||
</IfModule>
|
|
||||||
|
|
||||||
<IfModule mpm_itk.c>
|
|
||||||
LimitUIDRange 0 6000
|
|
||||||
LimitGIDRange 0 6000
|
|
||||||
</IfModule>
|
|
||||||
|
|
||||||
<LocationMatch "^/evolinux_fpm_status-.*">
|
<LocationMatch "^/evolinux_fpm_status-.*">
|
||||||
Require all denied
|
Require all denied
|
||||||
</LocationMatch>
|
</LocationMatch>
|
||||||
|
|
||||||
|
|
|
@ -4,7 +4,7 @@ set -e
|
||||||
|
|
||||||
DIR="/var/log/apache-status"
|
DIR="/var/log/apache-status"
|
||||||
URL="http://127.0.0.1/server-status"
|
URL="http://127.0.0.1/server-status"
|
||||||
TS=`date +%Y%m%d%H%M%S`
|
TS=$(date +%Y%m%d%H%M%S)
|
||||||
FILE="${DIR}/${TS}.html"
|
FILE="${DIR}/${TS}.html"
|
||||||
|
|
||||||
if [ ! -d "${DIR}" ]; then
|
if [ ! -d "${DIR}" ]; then
|
||||||
|
|
|
@ -1,18 +1,24 @@
|
||||||
|
---
|
||||||
galaxy_info:
|
galaxy_info:
|
||||||
author: Evolix
|
company: Evolix
|
||||||
description: Installation and basic configuration of Apache
|
description: Installation and basic configuration of Apache
|
||||||
|
|
||||||
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
|
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
|
||||||
|
|
||||||
license: GPLv2
|
license: GPLv2
|
||||||
|
|
||||||
min_ansible_version: 2.2
|
min_ansible_version: "2.2"
|
||||||
|
|
||||||
platforms:
|
platforms:
|
||||||
- name: Debian
|
- name: Debian
|
||||||
versions:
|
versions:
|
||||||
- jessie
|
- jessie
|
||||||
- stretch
|
- stretch
|
||||||
|
- buster
|
||||||
|
|
||||||
|
galaxy_tags: []
|
||||||
|
# Be sure to remove the '[]' above if you add dependencies
|
||||||
|
# to this list.
|
||||||
|
|
||||||
dependencies: []
|
dependencies: []
|
||||||
# List your role dependencies here, one per line.
|
# List your role dependencies here, one per line.
|
||||||
|
|
|
@ -10,7 +10,7 @@
|
||||||
force: no
|
force: no
|
||||||
tags:
|
tags:
|
||||||
- apache
|
- apache
|
||||||
|
|
||||||
- name: Load IP whitelist task
|
- name: Load IP whitelist task
|
||||||
include: ip_whitelist.yml
|
include: ip_whitelist.yml
|
||||||
|
|
||||||
|
@ -40,7 +40,7 @@
|
||||||
dest: /etc/apache2/private_htpasswd
|
dest: /etc/apache2/private_htpasswd
|
||||||
line: "{{ item }}"
|
line: "{{ item }}"
|
||||||
state: present
|
state: present
|
||||||
with_items: "{{ apache_private_htpasswd_present }}"
|
loop: "{{ apache_private_htpasswd_present }}"
|
||||||
notify: reload apache
|
notify: reload apache
|
||||||
tags:
|
tags:
|
||||||
- apache
|
- apache
|
||||||
|
@ -50,7 +50,7 @@
|
||||||
dest: /etc/apache2/private_htpasswd
|
dest: /etc/apache2/private_htpasswd
|
||||||
line: "{{ item }}"
|
line: "{{ item }}"
|
||||||
state: absent
|
state: absent
|
||||||
with_items: "{{ apache_private_htpasswd_absent }}"
|
loop: "{{ apache_private_htpasswd_absent }}"
|
||||||
notify: reload apache
|
notify: reload apache
|
||||||
tags:
|
tags:
|
||||||
- apache
|
- apache
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
dest: /etc/apache2/ipaddr_whitelist.conf
|
dest: /etc/apache2/ipaddr_whitelist.conf
|
||||||
line: "Require ip {{ item }}"
|
line: "Require ip {{ item }}"
|
||||||
state: present
|
state: present
|
||||||
with_items: "{{ apache_ipaddr_whitelist_present }}"
|
loop: "{{ apache_ipaddr_whitelist_present }}"
|
||||||
notify: reload apache
|
notify: reload apache
|
||||||
tags:
|
tags:
|
||||||
- apache
|
- apache
|
||||||
|
@ -16,7 +16,7 @@
|
||||||
dest: /etc/apache2/ipaddr_whitelist.conf
|
dest: /etc/apache2/ipaddr_whitelist.conf
|
||||||
line: "Require ip {{ item }}"
|
line: "Require ip {{ item }}"
|
||||||
state: absent
|
state: absent
|
||||||
with_items: "{{ apache_ipaddr_whitelist_absent }}"
|
loop: "{{ apache_ipaddr_whitelist_absent }}"
|
||||||
notify: reload apache
|
notify: reload apache
|
||||||
tags:
|
tags:
|
||||||
- apache
|
- apache
|
||||||
|
|
|
@ -4,7 +4,6 @@
|
||||||
apt:
|
apt:
|
||||||
name:
|
name:
|
||||||
- apache2
|
- apache2
|
||||||
- libapache2-mpm-itk
|
|
||||||
- libapache2-mod-evasive
|
- libapache2-mod-evasive
|
||||||
- apachetop
|
- apachetop
|
||||||
- libwww-perl
|
- libwww-perl
|
||||||
|
@ -14,6 +13,18 @@
|
||||||
- packages
|
- packages
|
||||||
when: ansible_distribution_major_version is version('9', '>=')
|
when: ansible_distribution_major_version is version('9', '>=')
|
||||||
|
|
||||||
|
- name: itk package is installed if required (Debian 9 or later)
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- libapache2-mpm-itk
|
||||||
|
state: present
|
||||||
|
tags:
|
||||||
|
- apache
|
||||||
|
- packages
|
||||||
|
when:
|
||||||
|
- ansible_distribution_major_version is version('9', '>=')
|
||||||
|
- apache_mpm == "itk"
|
||||||
|
|
||||||
- name: packages are installed (jessie)
|
- name: packages are installed (jessie)
|
||||||
apt:
|
apt:
|
||||||
name:
|
name:
|
||||||
|
@ -31,11 +42,10 @@
|
||||||
apache2_module:
|
apache2_module:
|
||||||
name: '{{ item }}'
|
name: '{{ item }}'
|
||||||
state: present
|
state: present
|
||||||
with_items:
|
loop:
|
||||||
- rewrite
|
- rewrite
|
||||||
- expires
|
- expires
|
||||||
- headers
|
- headers
|
||||||
- cgi
|
|
||||||
- ssl
|
- ssl
|
||||||
- include
|
- include
|
||||||
- negotiation
|
- negotiation
|
||||||
|
@ -44,6 +54,18 @@
|
||||||
tags:
|
tags:
|
||||||
- apache
|
- apache
|
||||||
|
|
||||||
|
- name: basic modules are enabled
|
||||||
|
apache2_module:
|
||||||
|
name: '{{ item }}'
|
||||||
|
state: present
|
||||||
|
loop:
|
||||||
|
- cgi
|
||||||
|
notify: reload apache
|
||||||
|
when: apache_mpm == "prefork" or apache_mpm == "itk"
|
||||||
|
tags:
|
||||||
|
- apache
|
||||||
|
|
||||||
|
|
||||||
- name: Copy Apache defaults config file
|
- name: Copy Apache defaults config file
|
||||||
copy:
|
copy:
|
||||||
src: evolinux-defaults.conf
|
src: evolinux-defaults.conf
|
||||||
|
@ -80,7 +102,7 @@
|
||||||
command: "a2enconf {{ item }}"
|
command: "a2enconf {{ item }}"
|
||||||
register: command_result
|
register: command_result
|
||||||
changed_when: "'Enabling' in command_result.stderr"
|
changed_when: "'Enabling' in command_result.stderr"
|
||||||
with_items:
|
loop:
|
||||||
- z-evolinux-defaults.conf
|
- z-evolinux-defaults.conf
|
||||||
- zzz-evolinux-custom.conf
|
- zzz-evolinux-custom.conf
|
||||||
notify: reload apache
|
notify: reload apache
|
||||||
|
@ -108,7 +130,7 @@
|
||||||
state: link
|
state: link
|
||||||
force: yes
|
force: yes
|
||||||
notify: reload apache
|
notify: reload apache
|
||||||
when: apache_evolinux_default_enabled
|
when: apache_evolinux_default_enabled | bool
|
||||||
tags:
|
tags:
|
||||||
- apache
|
- apache
|
||||||
|
|
||||||
|
@ -183,6 +205,6 @@
|
||||||
- apache
|
- apache
|
||||||
|
|
||||||
- include: munin.yml
|
- include: munin.yml
|
||||||
when: apache_munin_include
|
when: apache_munin_include | bool
|
||||||
tags:
|
tags:
|
||||||
- apache
|
- apache
|
||||||
|
|
|
@ -15,7 +15,7 @@
|
||||||
src: "/usr/share/munin/plugins/{{ item }}"
|
src: "/usr/share/munin/plugins/{{ item }}"
|
||||||
dest: "/etc/munin/plugins/{{ item }}"
|
dest: "/etc/munin/plugins/{{ item }}"
|
||||||
state: link
|
state: link
|
||||||
with_items:
|
loop:
|
||||||
- apache_accesses
|
- apache_accesses
|
||||||
- apache_processes
|
- apache_processes
|
||||||
- apache_volume
|
- apache_volume
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
# The last character "\u000A" is a line feed (LF), it's better to keep it
|
# The last character "\u000A" is a line feed (LF), it's better to keep it
|
||||||
content: "{{ apache_serverstatus_suffix }}\u000A"
|
content: "{{ apache_serverstatus_suffix }}\u000A"
|
||||||
force: yes
|
force: yes
|
||||||
when: apache_serverstatus_suffix != ""
|
when: apache_serverstatus_suffix | length > 0
|
||||||
|
|
||||||
- name: generate random string for server-status suffix
|
- name: generate random string for server-status suffix
|
||||||
shell: "apg -a 1 -M N -n 1 > {{ apache_serverstatus_suffix_file }}"
|
shell: "apg -a 1 -M N -n 1 > {{ apache_serverstatus_suffix_file }}"
|
||||||
|
@ -33,6 +33,7 @@
|
||||||
|
|
||||||
- debug:
|
- debug:
|
||||||
var: apache_serverstatus_suffix
|
var: apache_serverstatus_suffix
|
||||||
|
verbosity: 1
|
||||||
|
|
||||||
- name: replace server-status suffix in default site index
|
- name: replace server-status suffix in default site index
|
||||||
replace:
|
replace:
|
||||||
|
|
3
apt/files/bullseye_backports_preferences
Normal file
3
apt/files/bullseye_backports_preferences
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
Package: *
|
||||||
|
Pin: release a=bullseye-backports
|
||||||
|
Pin-Priority: 50
|
|
@ -21,7 +21,12 @@ if [ -f ${config_file} ]; then
|
||||||
if [ -n "${package}" ]; then
|
if [ -n "${package}" ]; then
|
||||||
if is_installed ${package} && ! is_held ${package}; then
|
if is_installed ${package} && ! is_held ${package}; then
|
||||||
apt-mark hold ${package}
|
apt-mark hold ${package}
|
||||||
>&2 echo "Package \`${package}' has been marked \`hold'."
|
msg="Package \`${package}' has been marked \`hold'."
|
||||||
|
>&2 echo "${msg}"
|
||||||
|
wall_bin=$(command -v wall)
|
||||||
|
if [ -n "${wall_bin}" ]; then
|
||||||
|
"${wall_bin}" --timeout 5 "${msg}"
|
||||||
|
fi
|
||||||
return_code=1
|
return_code=1
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
920
apt/files/reg.asc
Normal file
920
apt/files/reg.asc
Normal file
|
@ -0,0 +1,920 @@
|
||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
Version: SKS 1.1.6
|
||||||
|
Comment: Hostname: keyserver.ubuntu.com
|
||||||
|
|
||||||
|
mQINBEoHZ5kBEAC680PjynWTcP3ZtVfWWL6zQAcD8JoC+c5MbnpFScqtBc2MdlVZu6zED+B5
|
||||||
|
sw2SSLf1EZlfbTPc3GcWTwdiXj2GQKzjMra1MZKUnVOD/uMVkj0ZTszUQziW01O9sWPhxbMu
|
||||||
|
Qr7OD04jQ7TjtBBEJD+yf0HJsDVC7TCbpcNNtmhXByXqw7bgo0rzxeOB3hL88I7AcC7ve5iR
|
||||||
|
xwXoXJYs1hgJMPmZXJmhKb0a3pVk075yMsXnxlOqM7XBk++zodDR03Ym21GLFOu+3DLTX9aC
|
||||||
|
aU/AjXb/udtEBAHv+iVxZChzka/KkYMY+KX8A7niE/UN2PIfhWDTmLLcTyBAOuis6cUqDm2a
|
||||||
|
w0IbXh359dfBbgV4/QLoafcM841W47Menp9tb0Qz1uHYwV6jjDEmbpGgEJRGIqd143j/zGBP
|
||||||
|
xffmtPq1zn/QFVBQNltLiMyclAR1Yb4fksDkt8JGmvI+FwaHdx3dn1VU0hbdYR/5CHtsxN4V
|
||||||
|
P/juUOrjbagp5zBBXLlVIVceGoD0mNkNWPyZh8C3SHg2Y+Q7t+cz4xysQN5BUHL4DX6nEIJA
|
||||||
|
u0cZdBtr8dtkJToYlhSFaLFwZh/XmOgOndSNmeJz4ll29Xc3V2/hCQlllHXux5E79rRNRKK/
|
||||||
|
rSydUzYir755udPWw18+6mPUzT6NDaVDDAwSOLOn99OUJt6bBQARAQABtB9HcmVnb3J5IENv
|
||||||
|
bHBhcnQgPHJlZ0Bldm9saXguY2E+iQI3BBMBCAAhBQJWEagEAhsDBQsJCAcDBRUKCQgLBRYC
|
||||||
|
AwEAAh4BAheAAAoJEESXUni4YStdYDAQAKuwOHT+wDS6vL6Xqp/59eKLaB02lTQuTDFq55K4
|
||||||
|
dK9TNYOTmPoxvgeJigT3pHHfKQFS/wwigkOfv8VebBZAcjY03N+Joau1Vi+Er2VNR5Pt0jAf
|
||||||
|
ApwZqe+8NMAfefculZvO0g91g2lcqJoMUIaUemAqOD/CoAMMXGQSNlX4BLsI7dbvkLLjbPSa
|
||||||
|
wEODAMvuSLilI38dj7wBC30IAOQkOdkB34I/eL/sGruOxYSK7UFJfNU1aD2oQhTkYEQ5cgNK
|
||||||
|
vE325fOx7m/sZ5aAlNvtZ3jS4ym45feT9xrbG2qHTbJiVAhdtfHMXGOU6/0UHJ3+YHHdzZhu
|
||||||
|
0NCWinu18nDVeDWLmkqkZd77QtTpC/zw5s3+t8lpyqUAF+bN80ZHbB47bFphIupmWGDP2ihM
|
||||||
|
NBWBwwFZb7ry27mLyyXKVOFWrYZPrdlNheEjUP7x0GzEO0kuxYO4fyTic5lu594hxwt/LWV1
|
||||||
|
s48SV95dXqpQIRroV8ePZoJxlD4hXh1x23AgkWgG+SS3perIGypmouOdl9CQ3yAYSCfcTKw2
|
||||||
|
dOWOxGubseyBWw3EDlWKZLkrqbBGxfBz8XJ92iCJ27rRhtpd6XEbqhRfPR9TGTliIfaruTLp
|
||||||
|
MPrKZh74Hs7LAhHo0nkwcOoE/iYHhQpNXHMnj0hqMcwzzf6MlSrgJ/VPgQ721d5nTwrjtCBH
|
||||||
|
cmVnb3J5IENvbHBhcnQgPHJlZ0BkZWJpYW4ub3JnPohGBBARAgAGBQJMa+/FAAoJENXKmwTy
|
||||||
|
xCO8ggsAnAzhqo1IQ+3qwCWD9ifx4niyPiAFAKCo1ou0sB38EuQXnWCyp1ajblx37ohGBBAR
|
||||||
|
AgAGBQJQn+UPAAoJEHDzXiRtUx5z2B0An3U1rm/gCkoWtAcsC/IYQ2hMVaMDAJ9ddV8IywsM
|
||||||
|
vnKJ35rfg1PLT4KNFohGBBARCAAGBQJKB3HmAAoJEDIXXA3BAnoOiOgAn2tHyIuAGEY2ctJC
|
||||||
|
yM+C7hmyMNMKAJ9asA/uRkG4wiJwEP8DCnNB7Obfq4hGBBARCAAGBQJMXHEgAAoJEOFVF/Ir
|
||||||
|
CSDAnq0An2xcCMh6H6vIT9rmbxHgGbc8VfTEAKCopbM+QMAGQvOROMfqWJhiCB0fHIhGBBAR
|
||||||
|
CAAGBQJMXT8rAAoJENTl7azAFD0tTz4AmwaE8zBHaUWbUnsYwWXqxavmf8BCAKC1hL9GKk60
|
||||||
|
yXTEW1W1QUm8jIYILIhGBBARCAAGBQJMXzSgAAoJEPmF40AK/HR2eqoAni/Hvg2M4e4vrju5
|
||||||
|
wPT+dONsA9/vAKC1X1c4YL1XiJ0fXpT02U13r9e8AIhGBBARCAAGBQJMZ0yhAAoJEJ94+Dzo
|
||||||
|
xDRhLFYAnihJShfS/zRoG7iTNhgwqyLxGqczAJ0WIP7yfVZbP1N5oe6LwhQsZ1BdVohGBBAR
|
||||||
|
CgAGBQJMXlHCAAoJENoZYjcCOz9Pjd8AoMdNUjbpkScdndClI4EqT7tn6PI/AJ9Luiw8fIEs
|
||||||
|
iD5yM8NOkdykX1LPyYkBHAQTAQgABgUCSttnewAKCRAtDVq4fCU9UlJJCACTQKre8pA3ud/V
|
||||||
|
esa7/TmJI1S1cVWj8FlS/gatvLJndd90i50p9uGm1yA4g8iwMnGdcIWCuRfBlhjUnUJnTX4B
|
||||||
|
QdnUU6HCv9RQ/OlJ99k7vNhswtgoEGQWq1mH1opSviZ3xhMwFTiXISQ12i4TiGSiUfbXItzq
|
||||||
|
yxOf/gtjAMGrfnNB4MUYPrHL/lSMs24evYFR5DgOKDwVE3vVY2Wf2ytWKZJQNvKcm7sxIxKq
|
||||||
|
W3OlW4wzG2IMxMSTl6SHYOqIhRGS9xAj9hpIfD5XzZjl/iHmMZMcuRA1LPxQjqdZ5CeF391P
|
||||||
|
p6vEobkSyX0LyDvqcvy//VHn0l8cRuyEmgrTpdmTiQGcBBABCAAGBQJMdo7oAAoJECI64FW9
|
||||||
|
lOFUIpkMAJ/obi1HblArRgKmxiCIMD2/nTcj/ML3tL9HfZ8bpWZ6YJIUsFRcmHCVWaOaCBMJ
|
||||||
|
omiICZbcot3v7/1p0D/AE57i0IFPZpXXu4utC8B70JjWaMJT22kVi3hvhrChxlZYNZlkXr8G
|
||||||
|
mKhGJpzEfVlg3hp26jbj3jEEGmjJlii7uuSrV1VJjyZaDfTNbgXMbUL/3sISsKODINCLlgCG
|
||||||
|
iVqa6Xc8bIo54zQ1Rx30Ijn/6ElFvBMSdZPu4wQ9hKrJGhrqY9FZ/U0xfaawEzxbmdZKDxVO
|
||||||
|
Xdd/qD3lNAi8Jg6m6qQO9/A4c/Ln80ll8St6MrfLwJ58QRWawTQcl8wSTxouC/ag85VwW1lX
|
||||||
|
FfnulWVjqRAY41gVY2SaBb78A8pwuwy+ixBWGqAyGRVjahNj/uznD3kwQh1DUwjyDe9lV0TV
|
||||||
|
5IpQy4YfXjkukwt8kVvQUL/p9w3/gmPZ2lXBuEgMT/NKZWKszgp/JZ45qDUD8hgPlK9bICRm
|
||||||
|
iQ1KjcAV3mh6dYLwJ4kBnAQTAQIABgUCUipIgwAKCRDvc+baWDa4Gqa8C/9aWvMONUnoDGjS
|
||||||
|
H6gIsnJn0pGQ4zx/SU+Bt8MG0SPbtv8Zu1twofiX7xSV8p7/RmESaQyjbzOD9mMvXwl5mF2N
|
||||||
|
q8IbDhvJmEcCCgVolhM1g1YtF8uM/Az74tNLmI8gsIiX/Er8045jMANp+UozOLvrzx9NpVBj
|
||||||
|
InDRhXt5ZF4YeMdB44cZL2OH8juSbpZAPFAi3Lm39gSMj3eUiUavT6r0Ok7AC3qMiaTvvtb1
|
||||||
|
VU5vl/CcevaFE0DfZQ3+1iXsshnUu6ql2NvFPSn0tR1S8Ekk8NfItbAGComC4BF71MXxY9Af
|
||||||
|
RW21ROLzRR5Szm93E5DirjTC+vfxQYwEmemn9v8KWxMlmFTu08GbBhi54bBb0iuaRc9lf5E2
|
||||||
|
dixJqLU4JVUPxjOk6tFvQHtZQRj7e5fu/lusZ++WKXnZsH0AiRekbN/j1Qh65aDi17w0ebXX
|
||||||
|
lsKc1kqryHNTq4PBrhrKbNBa+tlFDcmn3yUReIxfcZ1Bm3N6PxNiQSxx9Wf6LL/1rPuJAhwE
|
||||||
|
EAECAAYFAkxccZ8ACgkQ8aab5CnA/+7HvQ//dhkVGegUq2TyePOTWBxK7EyLVEZEBr2HXa+y
|
||||||
|
Xqg2i8Fdou5smHNEd0q8dz9oMBEWcZtRYmGKzinGcmxzArdmVyXV4fEkUab9zfL8g6dGxo+N
|
||||||
|
wqoHt9DteuJEURwakSJ7oDW+DlfzxMJ924sg5cuUtqcnZwy73a58Y5fkPaZVf+/HrkadZT3f
|
||||||
|
7fM8pb7JgJSRhgmdi3MfbUQcDgbZ604MifdEVIbXX56ex/9OuthbQ3lp6jHsvHcXPG5qt9th
|
||||||
|
RXkztoyKcArSimHcOFrLqWAQsF8u8PIYNaTKyJO8uRDYjMGcJQv6B8HqV2eiLCZtIEdcoWev
|
||||||
|
Y/oeflGDh0PbGpswAiQzoSxjvVdPgPUTqNnsl/eWvup4govByKV4y8dxgyM5a68a2N2t4ki2
|
||||||
|
TwVu8LpCRzuiin0EvgkM4jKSFU/KPiZemdLq31D6o0dQorx+Im31XWv/H8XoI2jGbNeMVWHq
|
||||||
|
5WumzPhTfgFVajQEc94Te29vea9OV+mlgIDuTzqLD2Je5G6BDqu5EmTlO5sPDJAwM1c2ckJb
|
||||||
|
fHjtUih3Vw2B339NqF+aneOX9MH4blAlX2V5vuz0xtmEcd7Dy6wKjzmX1Tcec4VjDDgtCoH7
|
||||||
|
vWzCeQmlWLzf1tF9keUvRn7eUktyAqozvNdE4fs6+3igdFKoI1RHNkFO45AuFe1goN+uDFOJ
|
||||||
|
AhwEEAECAAYFAkxgK4sACgkQHnWacmqf3XRTUBAAtb4DXxkzn14Qo9JME9KfZ3QA1ZfoNffR
|
||||||
|
PgxHkLX3q/KzGvbQYQc86kh6b/19aV1ahcUBrpABOkV/0k6tASrs9N6V6KBcIQbJwRETyWU6
|
||||||
|
G/rG47h+4fWIMew5XwCzUzvqAD5GDp2XfivDQuVt1Ta2WcEAmKVYNlHYowpnEqxvLNSSbXuX
|
||||||
|
Afe+OK4XxaFr7i4zr8zS6S7NRigAdENCt2Mr4slo0ldnRn6uQ57ixfs23g8LO4/89zW+GxKG
|
||||||
|
PPUQbo9epE4hCewTAyWwrpVz9NxrodvDL6D1W7kY6caiOd5tArNKpwF/GCH/vsGPU3NsFISI
|
||||||
|
+P8GJUwtmM/47xgcteHthx2yC0HUArTV0w4+PnAaelpxzAyqd3KxLLUNJ3vjv3xpwV3eGWSG
|
||||||
|
zd3UZ4AYTJmSlbgzuJzQIwwyxHsA7ypUUsbdrsoQaTkACUOsHO1l/oT4P+z3/tWPuXqUmO+D
|
||||||
|
Ly/pBiCRrV7c4cHMzud/dKBXuAK/gS7VD4Is+K8/srdEJTrPB88zleiLOdffymHtCAmZPn93
|
||||||
|
bvPXUcJk1PiNQYRwQIuIjHJbbZL8rxqVo4NCmi2HwjqMaow4GLEPSEdqEu83LpSU0Ts0BJvF
|
||||||
|
/6UTUEs04zDjSXpAGrPhWoom2jxUllAJq5Aek+f662dZpxVLxzMHWrLly7Fb1WPLbCrWhqIl
|
||||||
|
k+SJAhwEEAECAAYFAkxgNzgACgkQ14hMRxjhj0QJqg/+LKFGM1orBnYv+DZeVGbcPrBJVkeK
|
||||||
|
nAVgX+HpIo9uY7F6rRMZU8BHmxqM66k/tPwwrVzrgrLScK6spQTUjxKbjGkktT+LPVdFdB9F
|
||||||
|
2QdEYCwX1AB+0InLVtrXF/yFFTqlxxgLCRamRziO6w/1QDFMsDdNbIgxErjMb7d0MqRFNlvR
|
||||||
|
fO/ElovAPWlf+4zA0xiCRVbV3tbNl1/ILh41C8gc1VoTYdmUP7W3F6xCpy4MirSkY8LLDcax
|
||||||
|
wF9blsfc+gj8mW5yegBZnEoZchasl1thZ7Jt05tMkcEFTVYMfeReo/5Ww/dEpSfhjhryq5MH
|
||||||
|
0sSBT/1YGwbdgBRVzmocrWtQJ9i22MY3RboKNeAFs/wx9L38z570rOdemtfuXzKmI8jlcfQI
|
||||||
|
BIrE0p1zHE0OzgdfAI/uiJMZ3dRZJXsr8iVWuER97QqYZZkgDMaSHxvuKcNKQol9AbnDWbpl
|
||||||
|
q0J7CBo5si41rXpUIb/18FydC3k2KzjkCAaZs7VUCguWU/YKVw68kfrksJB0gIGqh66wYda9
|
||||||
|
dpJVmjVNTR5bWbo8//ZHQXFfGccWoRImEZ7dD4xKTl1B1ihmgad0H7Bynd0IiORVs5zbdbIE
|
||||||
|
FCwnMjjB5nr4teU0wq20H8CaR36Rw38KgRrcJdSrJVDrmg+A4PPsW3aA1K3oCvREoR2+p322
|
||||||
|
8j2c0pyJAhwEEAECAAYFAkxljxgACgkQE8C1Zno4sLCijQ//VodIvktCD/rmvxmbby+tjTFp
|
||||||
|
yNPRgiIdLyXU0Wfoi0TqzLsATfOluWVpJqSqIQ36g0wYc9T8BemqcBepDhj5e9NpYe4oq5kF
|
||||||
|
IxIJHzH5jHSM32vPVxJU4PzYcZzAMEVWCEBx0CHgW2cYc/Sq+YNq8Y/c69R8WNjse0qOZP7g
|
||||||
|
zTInr4JqL181TVvGHt9Ak4KNakxEVLXGIXVSV9QDDGCpYMkfpEy7pwvtV68DFVj2nHHetzCp
|
||||||
|
3gYi90nsVvk3t8iowNUTlKkxnj4dZ2lFMJfZBBeNev31JLkhyqExUoBzZMDmW+c58nye8Ode
|
||||||
|
hXnvZ9nc0pe2Z6XWLuraYDqNDKGMWsOTG8gCPVrZL5BtHr4Qh5uuAwT44PzkdPCdw9NaHw1n
|
||||||
|
0s47Uuailgg+ZuZgFXxNcRD5A93Ovl6/skln7KyTr+kJ6BsDcdWzcXpgQ62/3ayxgaOEZlKE
|
||||||
|
VLJsngKhcjlINiIXc6t0AVZhAlgLrLAvi1G19ISqNPNBRGUWeCYjC++RCaC7i/vAFWIQOTLA
|
||||||
|
NfCtzwhF+kopF2tmmt0ubapaH2CycmWLr0EIvPUIJ7GAW6tkjjv8tfkn2VtT59+gE1WmwR4q
|
||||||
|
55XkJ8zbX9tJx62w84zkQA6nMnbBQ9nfWY1eThRk5IOXKElyk8cNIZlqIPPH8RVP/Ng9Pjj4
|
||||||
|
+vSOAjkT8LyJAhwEEAECAAYFAkxmx/gACgkQHAH0Q8nJPFo1uw/+Nu1AJqt6ifpA/EaWoDnU
|
||||||
|
9hSYcpVq3mGivwEE08U5/2trXl5fcAe8qvdPB8JIYRROTLSUIsTkERftzxMzsCIb+iMj7bKx
|
||||||
|
5Ip18GSmTOcJU32hin/l/DZlDxB9/bo8LqCurbpEDeZ84zV//F6AqMc0mUyxhdVA/y8gEp6x
|
||||||
|
YNnVHU+AmIxzHkE4n+Rrc6JdGUODOL4iZcewBl2IKcYzRzcELIFMzjnSNbA/uxKE9g1kTa0F
|
||||||
|
QUTTpy/y5f36ykfWWdrz9OZFR81/UlZ//gv+sr1UHs6uMs0QayF2QJW4iF0KX4IQWCcbSRyn
|
||||||
|
iHuOzpmJuTFu0KNmU2cfRFLgyer80glsqicj0MwI9shdtpp2+ulfi2itC/gGM00cynt2WP3d
|
||||||
|
arrohFDOwCuAVWjp5dtENk8LNCK2aYEXlHiW10kaGi9k67AVfrV55p8WVTWcpT9oQ76wafnp
|
||||||
|
jUb6XPou4DM0Z5ItJqvDQv8823b5BCnMeyG61x9qCTMhGMEzDLFFkXalViQtIjsS0tzF+S1I
|
||||||
|
B+dVVvCC0tMnPWoyyqYNqtC0rIS0I+89uQuDD/4jAf6hL7sKLUzdLs8NByjQoV9nIaXEHzp7
|
||||||
|
jBlgAZgx2SX+eK8wF/Lo4d0a0jddX8PRZEjkx0HOhaYcW59tui/ZXr2UDwlTTuyfsSpo35K0
|
||||||
|
+VdJ+mtz8gHZ2lCJAhwEEAECAAYFAkx25QoACgkQryKDqnbirHtS6w//Xt2HPPu9r9Lp4Z7C
|
||||||
|
U1EtWEDzBHZoiYrX8GBjfx7XJqX0kJWAXTHoN9HtGDwCil2bTb3WwopNrFUShR2yEs2Tbo8I
|
||||||
|
j1n4veQxx5japTb9b3gwh/8lRRPCfF++jn9q6927D+0jJde7hx3G/o0OoJP2H04kEM5wrzup
|
||||||
|
1nOkH/L5+bFerw4eYir+hl0oVfrnK40RKSnzy+6sD+FCFwLipOofDX+qVp1VguzwkfAwLTSD
|
||||||
|
PVxsjfvxKdRCj49RbI0Q1svMu8iS0Hu+i6e+pPVgvy2Bh9iPQiPNaGG9IeHy5mnq9T8yxKd3
|
||||||
|
KY0mj6ipuHm3c1HPJln5bFlt1K6mrysbZtxafo+O6XeIUoRNqKi9eyA9udgIdHPuMAypsYFq
|
||||||
|
M1Pn7TLdSnRCyuhG0UFlr/nx3VVH7PLOerxMCZf7ApfcWA/s/iBG2DLpeB698UKOSfogcbWO
|
||||||
|
JW7Dteg4ZCL9zLxRiTZHLsMHnW/aZAAwoh/zV2Kpd6qbrZSyqgn3Pys8kwiFnnf9aWdqXmls
|
||||||
|
oNswHZeh3JvMOgs2QyY9X/+Bz3k1vf4a2aU2gINvL55aRmtgd3VDvWVk41WcRAvOfBPCC9TL
|
||||||
|
0UKbIBT+/rxuse6UiS/lVRNngvOpuUBmd0Zo/PiXxsxq+aKX6FQzZs0HsqAR/Ov7bmbh7Z+c
|
||||||
|
WwE0ZEogPivsD97qv2aJAhwEEAECAAYFAlVxpVAACgkQ2oKDDjzMOjq1exAAo41+8W0VSibl
|
||||||
|
OmQWDesxI8T+Qlw1v3Luf1CexMx9UsEktH5yP+guCeVpADMupSeKis8q0ayOgqXim6gyRjHS
|
||||||
|
1HklDGwUnhUyfDu5VNqy7BOrbUKq32TOqudwtq5PEyohof89/hR0UwfC18hBkumW7NfCmEY+
|
||||||
|
kUkvlAVzVwbSAm1bjkFu3DLD3RKN4d4UG3kFc4tqY0BweC85UvJaFFnY362RLCBV4gTjXVgl
|
||||||
|
UIHXpDSt863NBTtbNJUTIf1tt5sFqknZh2N5UzgtkTz6t4N47+k0VZfxuk/f9MmuDEHAEBBp
|
||||||
|
lj4X+ofPXbxbr2iaAZjT/LjU76tYq7thkbU2NRB6RtDv+Tqfib5z5ecwNEKIgQ6BelCh7pRI
|
||||||
|
wnMYhx3wj2aeY28vJ9vE76NizPWiZpYzD3MHyWfN+kIuSDRZPBhSNLnfA5uUuBQNjS1Ad+QR
|
||||||
|
Xo6CtWZ1cE/7Xv6DCKmk0ThbGrvwkHKJGrpJeaaf8lP0fo0L9cIipqx3NSSKHGe+B7zhQZO0
|
||||||
|
QBlTfXRlErjuZ/j+V8MTZqsmlhdVi+hElTioj24MQJiXfB956RuOM+g4P9v2QT5RRD0C4XaS
|
||||||
|
+KSC3eejZGYEeJAmB0uRztsRntyryw2LF6WxcSyEg0pY+/SLFxMfRIPlcAxMM0SB7HSAFZ5V
|
||||||
|
nQJHc7bBkNpw179YqexsIKaJAhwEEAEIAAYFAkxccTMACgkQ8RQITAhhERF8zQ//R2Bls2xP
|
||||||
|
vxotETrAPF5MOjDqlK6aeOnSyI7shiWWXL+7ds52SWsmD7IL+7XW0t+fwvfEVOb+qNWIiVaS
|
||||||
|
Yg4nvZQnTkCqTnDxTzdxipEaiK0MC0bXmAikBQjZ0iiveOMYOeRx2PWuUOHrymcvJ+atlkq6
|
||||||
|
pk/mycZGpVitnO9crTb17SLsm71k5aV2u7EBCEUcbakmrx1mDvBoi/tSns5y9YEPTc6JcKtz
|
||||||
|
VqbyiSAY5dZSaLc8IW9Aqn533kPyIwYXnbxd8cPFDxDLhIeBmZnVTLURE3517RXZu1ngZEFh
|
||||||
|
pSoT3w0Xg0cgh7eJ4Vmo8MnW3p33+dSHbWRlgrNZcB0PBWZrByS/iS1b9REgFTyU4UeI7lH5
|
||||||
|
zLgPdxPKBvCNObRhKg/dAmqSDq5EHYgWxn50p3TCfhrDrkoD+3seeee+mNARjLP4EDyBF4/k
|
||||||
|
57SqT7ytj9TWQoQuGAodQqNXwMKNcldz4FRZ3rMFrUpJj3uD9x2tlT/3bCVKQ1QcPSzKcEcq
|
||||||
|
zq9AZzjH7cVEbgpKI5zBJlejWB6aGvHLIhYZb4EYuO03OgEDDj9AUvIBFBxKdRvCzeTZOCTM
|
||||||
|
/8oAgSSVmFewEI4E0yNxvZu7wjSV5LI0AiyhwnCWlfYM9Hgxbai3cv2osIK2p5GXbaRykhwc
|
||||||
|
jc4lPrIsEE3At2UzlzO4TTI202GJAhwEEAEIAAYFAkxdPzMACgkQhy9wLE1uJahHJA//a9iV
|
||||||
|
wDsx+OxFu8+vPEXmJCKt1o17+PyhskIvNSXlVPvpYIpqNKUJQXpqBkiNASrCOQSHrQtw6p28
|
||||||
|
9i011TMqmMZsUkjqk/Y3Yzx+SPT6KUfny7qQzGW2DpHL1qILDFMywzvt9djzWT6hmH5LCLSB
|
||||||
|
3aWMHIwPDvtvylzHPIN2XIABSBxnHgeEi+2ZZoLZE7HlQbwsAU7Xguj0K1DHe+urOBYvU0rq
|
||||||
|
ceqiJhnY8b71bwQRhFqVhoFkW/IPp7dujQxeJVvHZQLLNkB4RMqG+kR2Ku04U1Fxbh7oc0vr
|
||||||
|
e8EAYdMfutU3ZRWZ4D8Ltr+q/hxy6dm/bHrpFu6NIxox6KrR8zewcoGDQKI9BlQn8mrIof0W
|
||||||
|
YWNUusb//Vbz58iOh3POcjs7VkD7aPo9R/TaruBIWv77kbjszlQaKKHWV4aIVS9EXW0cPpeF
|
||||||
|
OQUaq91aAxB8Tw0Clx1TfVc/QZJB7/l6k8deXgo/+4JCU/BBmsplR6mG5mhY1Iq5PnuutU+W
|
||||||
|
+sHQRYSiq0EKdwmAaq3AIz7D+rWafv83Ea1cZaMph23ChqVX/e+YVI7rxxYCY1bubd7TtYWb
|
||||||
|
VG2W8ufTwemZBxWFq8HXc9d+Qm3LHV20Qxp5fAoYr6O67XYgQicIFW7f0lJ54igqH67wFjOf
|
||||||
|
zOTHfWK0izIeLVtp8xmj7hbFrXXd46+JAhwEEAEIAAYFAkxdRNoACgkQU5RHndNSTFGQ7Q//
|
||||||
|
YTQ8KFH7n9MYRpb83fTRfkyreyQyTdbcBsQw7R8Tksx/qbidiZZfI2cILweIqsumN2bF+ibQ
|
||||||
|
VYx/PpKEStaW1VQI5Crx/kSRmBaOlipbbfO+A3sbp98hpKMmaIxvV7IhN9qKhjcQR0YGXcam
|
||||||
|
5oVVwjIb2n89nqiS0qnGIUSTLzK5IR8Chob6tpnD3jQAnxE96wyhADedhCVMf799HSoQiiAH
|
||||||
|
TUarSv/HMIws34LRgZ2voFXADq+CE1Q2rBEapwrcDSkEQEZ79LImeuS/S1Be2ritRO+TFLzc
|
||||||
|
982LuHBxUa4MlcwWtWaQQ6PW/c5J7QJz0RiqaaL0DZxCw/Cr2e3MIfTCdK0zPg4A9BrNsQkR
|
||||||
|
/zYmePPTejvbsYpsWbpOknwZNqoYRc4cEaukAtdhZhFUDfL7jfh5HppCIM6EN3ovmTsRhauv
|
||||||
|
LeAI3J7JqrPp2yLDbL43U+1ejsD22+l2rmJQcQpRsdD8KlJX8bD3J0fCRhhIFNABjMmy3e4T
|
||||||
|
bij7ZM3ovNZLCgjHmNa5ASMyS3l/T2Rqu9rh/pZbPWS2hPTlmYTStpb2T+Ax/anpXSW3ZiAW
|
||||||
|
fHGOSjNrl9+LFqCdjyzvk/u2kbgd9VtjjFfpPS8xS1dGk7iIHHQQ1GZXc8s2WB9XkGGpD/j3
|
||||||
|
8bvLJG9EXtqVWwJLo6t/PMOgnHK9dneq4I+JAhwEEAEIAAYFAkxfI2cACgkQeo9J6LY0gL4z
|
||||||
|
KQ//YgbbsU+C4e9A4L+b9lOTh4ICrmYg0jD86oBtjTsomMO+UP3T+mVH/meHWTzr+6ib1vsu
|
||||||
|
Nz85E5OWHeHL1Mzj60gbZSn/PMcfL++kKVCMhJs/HN6z4t/hY+GkafkeZgglnqItkZGK85ME
|
||||||
|
SmpoecuYsExEj9fQaNjHuCOrp3c+B0PJ3PSQ3qTknsOnUwkOgAhgeni1RusUqckryre1pPrb
|
||||||
|
Oy9RrTroHGsbvzfbYEYS8IVoaMP1AJj6o1kb6vomTmWlh7r5UM5iZRcFrKK3qjQaTYr9f8vf
|
||||||
|
vpJZ0GlWT6T4szOmekTnYuZJGOumkLScn66qSihvxXXlurPP0XzVObz7YrZ+GEDNJxXwPJpw
|
||||||
|
fpYZHsuSXv9Pu8S1wjbvL1xq8WEjwd9q4kgch6r5SD4+syLydwLHiBXTc5dfVO5Xs6KzWtXE
|
||||||
|
MNsFBrDO3pgHtWvS2V6peL/yG7RJJztzZUc/IYZWuEJIU76rzU4YK/SC2Vse9lVA3I4s0knw
|
||||||
|
5TCFvZHTV9KIjqT95xOgdlZKmQc0uXSPNrVfoi28JOfcAGnSnRX52KFt6yBrhCBCWuVTZTgk
|
||||||
|
hKSIktI9PPC/C3xyLwxJjz1jPwEomhtnNx9B04W17G5c8nW1yCjxPxY4Q9LCYpMYXGB2Nena
|
||||||
|
YydDbgfA6ua1exRQ+ZkWpnHqsmCLL7B0C/7oTOeJAhwEEAEIAAYFAkxfNK8ACgkQ0V0xOIIA
|
||||||
|
QXMoXhAAs79q+JHo7ulKZvKDkh+OVOXrSh5eKGUmuqK4RJuxrHmthUFkNTsyNBEZc2+QWw4B
|
||||||
|
8q8ka0x2/1eIDqwsKwHOfcQdyMepGiKnGWm58vL5CeoV/pZW/Yzrs6Q13o6/mm02bcxiVlqs
|
||||||
|
ZGFiRaueY2QJ66viPY0TJPlK3CavKKgZQ4xQtfQ/MDg8sdEnu3G/1PWyyHfMVsq7fG6MXCdY
|
||||||
|
TisgHAEyQJXgpCnk1YIuwxZQPKbMhcjiGbkKBMeQi9uZDiDUtY6s6S5MZGsG5v0KTuoBt2Kw
|
||||||
|
XHbTgkFT9wKaQnK4rfMjGtZFuwiZw8MPsFgz2QAR+1s4mIkCbLPPl+jwL+F4UkEUJvpKWcPI
|
||||||
|
AHnDe2q82vOc5ToWfm/C1cSf7cuLi2hGuSKw8JHuJ4hBF5NaMhmsrBOxjS9BC1OrutNvjoa/
|
||||||
|
bBihJxX6pyz6Fhd3wnjtF8f+H2pxu9/9M6bv6lkHZDQxfnt2+muwsRncx/wU5JJcxzxUzcLl
|
||||||
|
wctSMFHmNU2egx6Kw+vPgPdkthrOZjkLQZZj9DZxHK2j2ENAm4jVF2Z6cUHHm5tVTsR7XF5t
|
||||||
|
CeFRNPUlhoEz4zdJiN2qflMY0pm9MjBpF44O8usWrEpUiPN53bIOpbPM08zYZ+BBGPOgxZbh
|
||||||
|
6Y68YUAq9XfVn9okE73HeyLLS/bpBj1QSe6QapV7sg+JAhwEEAEIAAYFAkxh7k8ACgkQcDc8
|
||||||
|
8SkNuc7NWg/+It0T/mHuye7+PG1kQbutyVw69/C7yyZkoICrcQQ+Oh81Ba+DENSKrPVkmt2o
|
||||||
|
U3HR1bL+QbFDjUa+hnLHXh4N9hlREDbsaYdYz3xLbXeGOPDt0QrLn3mdZ2cZrZwLjcqsu+bz
|
||||||
|
5sRZMbKKTXqKkMQaDcJa2CU60aEoH9d+QJkIhOHiqkNvVyrKbiMoGnJoKDppwG1e3+Ri/oXA
|
||||||
|
6Sx3cWwmdVrNlwNAKraTFlw5Xh0RUQ5NJstxX56PN7tMm+PEnY94bPTJHiyzG1obm2Ona7sg
|
||||||
|
+P3DIvqMFIkldhNz/DdeCjSN4qrB2u71tC7xwAneqqLpPuYhpMpFtD/JX2lOhoOvo43n+atM
|
||||||
|
jqIU7xhZ2W0L7n64Ym31+wqqz6NEx+aVp+OgYVJPH6MA6jel3/KFhHoWpdnLJIL3XLq3Op4U
|
||||||
|
tCio5JfouHfuHVdslmKlH/6rO8SFY4VZGF+RZURMze0I6b3HN3WQb9Qv78hg0ZrI4E7JIbhc
|
||||||
|
oQQDIXgASS575vjK63/WRuMDxEpLEUflESKBsG02GJWe6knx5lACdIyD/8kZ6MIV9mE31Nqd
|
||||||
|
zVKv+i7BBomu+ci/4B4LXn5LcPphmGPAvL1aabC7D/9lxLPA5Ur6LHDU08LA7S3j5Z7Iob4m
|
||||||
|
KbS7pKaBdYPLm+kfAlw88bDnPioZwkWSggD5/6iwEN2XseeJAhwEEAEIAAYFAkxh9TkACgkQ
|
||||||
|
dzH8zGPk4neH6A/+PTNKtYOQmFxM+1QJEqK8+4ZOyeIB74wHGI0VyFWRb6Bt6K7OIYAfp8Vr
|
||||||
|
F4kH3DYPqRYWZLyG8Krkff3HUwdgBdrsRRQKN5Q1YwpwpofCcdDY9l3fmlUNx4MQN4Cx9uBT
|
||||||
|
XY1OGTOMHHCog2eIOIkc3sT4xZ/zIcgFKM245lXl+fLvbJId8jZjYFwefNerUX1bucNoaloC
|
||||||
|
drmbUN2OItXISlczLhSZlXcOyxU2Q1DICK4EksZy0y6XRnYA4/7JK209AS5jIZb6UvV4kMGU
|
||||||
|
y0/CBTW9fJx1jZthN4bLxHMSVFHvG8oqRPmr7bO6KyvnxeGY/0bd30nA0hoVyDtKuIAuBYXL
|
||||||
|
nrnjHogjF5sl4LCXLNDmIqbYoXMCAuYrlGaGsLzqGqjPX22yb+5B3zYCB17nCP4/l84auAJL
|
||||||
|
6/EOrkOjTRPWIqsRO+dK8QENfp2zYfWmr0G7xBQPdeDvyFHbY6LO+PwzVfzESGranmiliTDq
|
||||||
|
fGUGT/F6F3eBhKb392zDllJgfeKLt8V00vqaY8jqXS4AB6ze7XkcEXKsshN2atVsstUmjLKZ
|
||||||
|
iSO73irt1X/Cg6SrKkjDgUhwTmOxywkHBYjsot2NSYcrdkYEfK3nPpesB19dgJYzPn0Mborc
|
||||||
|
vJ3ixf5c2mjT1GHIdrp6XEjqLs2zu8dKLDiTJPSV/Q1H1nEasMKJAhwEEAEIAAYFAkxi3k8A
|
||||||
|
CgkQd8b7Q+PTCCRE8A/+OY2000flzIxhqxc23BzEOXWxwZ+tH2r0UQTq8kwZiSsva+NIjN5G
|
||||||
|
bx3MMcT4IyGF3VaxKZRJDPGcK3ByJS8HnCv58OE2iF9sUT2BZJEIfgniHgDA6iLyyQDmM9N6
|
||||||
|
9UVoYYqIWff6Ve+4gPYebafy3UAgUJLHdrknfhE2fseE3jEtdsn9AizP7hc46xPkeuaAD474
|
||||||
|
4jtM8h0zVk36l3gdRwFZEWMsxATskct3hLjKv4R/EFdEgIo8x7hK0uxvc6JyyguOznrwAgP4
|
||||||
|
0LgXv+Ci2BWrf0awhOyuDJ+BiViKtEuzcqgwPR4GgOKkvzti8jkPNAvjCEIHTpWJwkIZ+SNW
|
||||||
|
aaIZVfbZdSTMf3tfVkUJ8tLImtfHwJ9b+BPxpiP1DENZtxmbOsKPKeH1SIGO2BUt/Y+i0KYM
|
||||||
|
rJmhQiL4k62PIRRhMKuYjQ5sasa9oyAACxg6nJMJoeJalJtcE0ZynCwdCFIkhYLXVPAgHCUo
|
||||||
|
/c5Wq20YMW0sqerdf/oLwTHe8Gyru8JfcRS1mLBuTPWQUGIt2h37WMysv4hCHT29N98w6zJL
|
||||||
|
jIGHH6Sd8PBw+WBxg6rpeGH8VVuLfHerB6XEMxoQM7FVAefDUCrHzWUrNHgSl5qG14HQ+46y
|
||||||
|
xxegb5XNGM+ku721W/t7YsA15ASgZi8ehaQ7iSl56TGu8vQCTaDqPmqJAhwEEAEIAAYFAkxn
|
||||||
|
Ti8ACgkQs0ZPiWqhWUgz+BAArOWNP1VqUSh1LpZ2mgjMLCW8cPChtEKI4/RHUElI9r6BVMGR
|
||||||
|
/35Ww1HMcayD+H7WZDXXiBqG/yPJJtmMfBW0xWH3dbo1pEn8IUZd6mWSlbhzxRkVr6AFhDKo
|
||||||
|
4T6QVQQ6nwJg9aBveBAXGnsr9/PieQNsp9IyACxZCvjoEh+2TV6xE4r0WaPKGLai5qPuvzSN
|
||||||
|
2efP1Fl6gtmoxgI0yiLDyMlQZPi+/jXC7qcae74qYFUqih1hAq3EaCfiUNCVCulAEYnzhu+Y
|
||||||
|
qJorF+Xl3vV/i/NT09k7GwvxLy1waPAi93yekg/QwkJMSrvehxXJlPdkUXUKCsgE9o+1CztW
|
||||||
|
iIK37utWFTnkApQaKUyHJA8T++ReyRXDCEq3Mu82ZMQDzsWRhJuWmX7/5MAw/1H6yG0HLxC8
|
||||||
|
sGH64oduKWZIlWwjkox0pUrA/ZkEDaznUxUK0ay0exYtcPJ9uUcmXsFvxCe0SOGwarNKbEjs
|
||||||
|
FkZ/lelB2LZprKk/10BqRg3AzPEix8IK9hRRM5jXK1ZDEYRGYw/c9VoQPf7eMpF52zAZ45h8
|
||||||
|
UjL/q6oAg3egW+ddbsEEXzsAgpcfNKhN/edoUKhQd5d2h0S8IpmPMrwvqrRaRSlOrqMhbqro
|
||||||
|
GQhFOV4+fO6zwkV0P6Y9QSIKibjZDS+QUZPXCLfpKRSYVQlkFwGVeVUcZzqJAhwEEAEIAAYF
|
||||||
|
Akxsv4oACgkQ5E+AFtNjD4l5ohAAtgotU7QYfbvY/6b2DKShrm0guTeROOi1imRMfMD5Nvy4
|
||||||
|
CazA7qm07G9Jxo/yFYHMaXXeG02vx0pSb6Gbx9Z/jtwrOALmtIUAajTFmcC1Koshn1KAlqtV
|
||||||
|
FriWzwAz/jYIK8BL8Db3LCgGP0SSyIaD86x3VXm4JE04AJeAtFUikQwBU6iNA8Mue0rmdIgz
|
||||||
|
vQ2Fg7qk11Nafx4xT7XU/K4BAy8U+6Ai4F8VPxdh94zc+Z5qVd5lRZ9fYsdzztYoc8xtOzjJ
|
||||||
|
YzDACo6j6covoSD56gQi9htJzraPtKaWu+gz4P0ijZ/naX/hsXlOnZ7IQzaByetVgXoU2Hg5
|
||||||
|
D6UN7YCrQ75TB+Q7Mh702dvihXCr2smUkBOBnEqKoxrLqLtrDYPLw7ELuM+bRzZb2nfBYzh7
|
||||||
|
/o5hEG3NO1rXIQ21cYvfPSggkI1fq8kOsWbd9uIXR4iHycohZ9DsSW4iQ7+IwVu1Giypf/R2
|
||||||
|
Fpz+cL6aGI5DKFRBuz5ucjyhJrl9wes8v1hsTDNAPSbOyd3I4PHa3N4gxWbFvV6TZfSwHKm2
|
||||||
|
fot2bglB+n9otZaPBVnHdsntQsRnS6K7Ptft/EZ1zJvWJcOnAjZEtj62mbrP2bQ48r+wkWy0
|
||||||
|
LbOoQZ20auH/YaqOO8ZdA3QGpvK2GCfYB6JzD3bQomsQWMlaAkx1wfFQUBQ5xtOJAhwEEAEI
|
||||||
|
AAYFAkxvKsUACgkQfFas/pR4l9iqyQ//el6hebIh5S7ekU/6R/msFAmuluGh03OAMYa+JwUm
|
||||||
|
YqXR6iGf0Ftw7XgYJt2NiY5ZtaOULtZe3zOslFio4KRAwjKgEOzSzEDc0wFtZnj0/LlSTk9c
|
||||||
|
zrrymcJQCAgKKV4WTffgiPpzDM1ajaHxY0WQfYJng/5pVxWb6QXjtB5mupf4T1Yv2blWAKpK
|
||||||
|
Fw67Fz/iN4DlWil21vx3FgpAHY+7JVB/129BnbdHtbzP2CiQxZ9PoQt40bhrinI4cHyPHcHk
|
||||||
|
EPKBD6GnyuyIoPGYRsILp76rH9vWQJWtY71DQwlB9+w/JTVP3TRinXJ0BSBvFGNcP4hqY5b+
|
||||||
|
8tKmSBPJM0umER6Q16HosZtI+8rY+4yvaHjtEIqau/AdBnCW/EBeG1YyjDOQAQzVdOR84PLf
|
||||||
|
Nyz+eqeZI17fZtokRjTg41J2b1+F0GbUOTQueqzlTK3spWYrPgDe54luHoYmgVqlsj71Zv7F
|
||||||
|
cWEf7L9RdcA7sqCQXpDggcOTRDVg+eR6eCLGJetBfq4fsX0ae10TRh/pGut8Vu6NTcFGw5c8
|
||||||
|
vt74h+WFIXPknpBeKl1HcKUXTLJxQP5CDrZF/HzUaLYI1SaKv1jVm36gV2YZvuZQyim4vBgg
|
||||||
|
V1/9K1EMgUW7GRnQoOpQP6zxFWnpPXPY3TDvdleaqeET3xET75mGgD0WIUreBaKjp+CJAhwE
|
||||||
|
EAEIAAYFAkxv+OAACgkQnQteWx7sjw4tUw/9FgAffwwit35JdS4S0LQqmkmGXlMvfZEkfezj
|
||||||
|
GH6ITG/YWri9QE0ktGJqyCbP9tnL3WCno8bs90tmrQyagjbp7EsADz8L36vbYrOU72mNHaeL
|
||||||
|
qbJcCoztUSWAe9aPJ4ESwTXbXCkl8xE0fm1zTF0MLq3T40Qqw67oMTBygYqhb8zeY43bKOzZ
|
||||||
|
f0fBLqFE8+LTZDEk00Ucc72M+W+J87rdiHUuJDFdAZbuAvBGT9p1YNkcqaRWSmgRddJ9nBTD
|
||||||
|
a/Qe9IBnAXBblouKiVvSTGpcyAyGKJ9cPtaviCLRXk17rGli43AymorBdGPpliZmMtrInMm4
|
||||||
|
FAhSoU3nwB6b8oI5gMh46Dze05PYkVVZylO4Vo2AILUkeo6tagy3t+BEFAmonnpluJKZkfcY
|
||||||
|
/FvvoaT8oej2U13tXStA0FXMOJd9fGLruJ+yZnAFPrVHZWA3ziyO/u9iprB7ZjqrT1OM1Nob
|
||||||
|
ZP7NwGxdqED3AYJAb3H97s4dMGAJO3WzGgHOfuZEMsH0/vIc3nWAkj9jsFcDxJ8uTVM6uy2R
|
||||||
|
oIfBM3/XspyZvm2MBTuEJvwhXW7JTnxsUEpZ7aJQVJLT9Z8PPj7rPLJCkDQsdwBw+e0heTl+
|
||||||
|
BspMqppnKw0mXmrRfnqGGxgLtlIRn8bNEp4K3AVuNP2iWp9rMSVPg0qLGSFgEH1DtoN2DsiJ
|
||||||
|
AhwEEAEIAAYFAlWS7hEACgkQ66DGxxwAJW8VIhAAtBkHOqKPOA4A5MKAzWSIYAfX6FiUfFaI
|
||||||
|
Edwqm5ZmxHItPQk+Ze8VN8jUEzzArrvGOZnctSZy7dMgT4WY+CNy3FUtg4WbmuvflcvCHlSr
|
||||||
|
ontSVeFjxL8qhkBgUzaxqohesB899mszzDyaM0GMD7FKt4UisOV4K9VqhXKHBhcKi0foQKgx
|
||||||
|
+VMD35N4+SqgSUF4+td913DNxdxvF5BKICwp9edYv6NpP/u9DMqG3lceVCy+rR3VEGTsFGNa
|
||||||
|
HpJI0Sny797FR3w4k18wKQGaGwUtdMz6GcmhnDxgiV2V1StLloK6wbAVA4YY3BfE4l7XmJZS
|
||||||
|
bStlL54h9tffDi0Dj1oJkSKXMdnI8FdpQEvGTGP9ARUz7MCxwiRzcJfOpfxATt3793o6fMLU
|
||||||
|
2dOzrCCl+09bgG5+wls8nda2RB2RE1EHksoaNyz4OGpq9seYGe0qhNLN+lvIJsv1BaZNdD0s
|
||||||
|
CaF+xbUGCoYQgvOh3DCiZbg+Ao138YEQw9eKE+Xifi8M36IeBTdq7S1OcRCwaDMmVchLFT5X
|
||||||
|
AHmFeO3L3zCO1C95WmNsFg04+4avHqgOp5MolLSrOEvKTnFW1Ebv2BJizs45d28VAI/JhgPx
|
||||||
|
T0w69M9Jpybd+Cbg93fHTXclLAPyQWXzhlfDPmKhukhSsG5JXIt0gyBUsq6lUygyWZcewBwa
|
||||||
|
uy2JAhwEEAEKAAYFAkxdthEACgkQXTKNCCqqsUB3ZA//S25k6cAkZpIddDahnJxDIon8VWhe
|
||||||
|
JzGmOMfb+hMbQ0y7xeCKRdNBa5yw3LKttLugofqcrGV3V6lmE9jWz5hK2we+ZAdCo/wXUWuL
|
||||||
|
FJQW8WKY7hmDBwxROJ4jgC0LTgeRZhYEvhKpCH/rtSQuymstcTJd+5jkEE2FU1AOsoAOsaPx
|
||||||
|
1DAb+uqSv2VefP/TG4sZ2vg0fdEuJd1+SiuTTLLEAnsG2yQT9brcXDvXPOckawFAM1KOwk7S
|
||||||
|
fkYekg0iSA4Ii9RlXOhpxNcW/zZf3WuS/wrCCVYoY6OgH/+rp8LkBG7hdeAfRsMjozqtBYUE
|
||||||
|
JwPSvLfRnG76neTa0DSi1bigpOMvHDIeATuS/hR7UdmTkSMwZ8AvQBOaSRHobjQwjfDY7WYM
|
||||||
|
kvErANQkevWiWA4WshsS/MpEKxiUe6SGlLVeJZfX1dy6Jmh1WzswqoQ9eXQXX8zBltPAfKFs
|
||||||
|
KRmf+OpHT94qYZsMhqAXOd51joUtCBmqeuzvdp9KM+R8cmuoPVqmZ8ZMdMbD2dQUap5yVxw5
|
||||||
|
yO3CfGMXGPGfvA/8fOav/3MwWXUL5Zqv/ZhdjpP/ZNEB4txLJk1rIg4kjKrZxz2PggbMcCGQ
|
||||||
|
0uf3SBZa6qXPVT0KbMjzvRKao473eNX2OPqk+K2hIYuZTVhAcKKuvN8qQu+o003Kzw1SWlLj
|
||||||
|
1zrwaX+JAhwEEAEKAAYFAkxeUcQACgkQORS1MvTfvpmBNg//eJFnqXakbedse6wPpmk56CxU
|
||||||
|
47abeG6ZCu/0FTwhwnagYfGXUKGTCepVjI/wLpevVeoXDbYmrUOT9zxqIL2Xssp/wz3Qb+HX
|
||||||
|
deft/drFmb4XMrdUGwi+N1nhvPCXjWOtyUrzuYXnpCz8e0vjSfn6RpJ6qdgTs3Psyca9kPPo
|
||||||
|
1Zgx29sumQMx7b0hcmRbSxNOmm/vGCpJKb43sHsYN2ESMCNzazQtpbt/HZ/xA/HqJCfEiKJm
|
||||||
|
GUQ5rboqvhpruhbUFnuLIpGRvLJqE3kRm2iq1XfnfjXqUVbX2aHxNXcNKa601Yla3HGisEAB
|
||||||
|
ILGvCRa12hrmh43EPpwLCnTOIB3Sejndl+8waKd0smV7Ox0oT1nSo5MHl/VtVLJzPnCX+EfB
|
||||||
|
bzOepXJ5HRRsX5sHOTPHjJTOUuQvzfKen5nAu6iKsQnawpwQvIN1C7/OtEhqDAjWFr+eqG49
|
||||||
|
bqN9a+EKu53bnXqM46N0/kRWXJAsHKfllki9e0bRKV5rIH0grsCN8P8qq5003cp/owAyySX+
|
||||||
|
Pu9jFs9Hw4nGmEkuZPYXkjg3wTYClaPjrmbKfWXgVl2BjW+N7xU1yJZaAJSpd8vqGtLK4qz4
|
||||||
|
wk0CrGr59EHPeAE9fAxNg+oonDQ7YcuDnHkVY7LNpIGXQkChrv1YgBzzAN6CFBI8GgG3C5Gv
|
||||||
|
bYCj+NsHFyaJAhwEEAEKAAYFAkxlr5QACgkQMiR/u0CtH6b0ZA//atTqqwPfQWupcXoA/doN
|
||||||
|
nXnBZDHUePFkCBan7YHitR0kPBVPP10dRfyd9ShKs25+DgAFTr2JKKk4ofc8ib+2SB4rTPIf
|
||||||
|
gvc1h3GgtI7CXzuwKdcHojmOYXQQsLaxcQDNqEJqS6oGh1oHd8DQJTn/OiARVUvxi6LkioOp
|
||||||
|
eE0KAkUOfZfnROz5E7ox2ImvMNvhy6VcD6q2q4E4nuWXaSVw13/MqZ8lGHRhytdrVLvVndSK
|
||||||
|
U9EP79Tm+nIRwgqeJ0CttcSESoKLngTAvHSwVpiMcO9rLfWqYZB6FmhEjCyPl7hV1e9jXf80
|
||||||
|
PLDihKscVEroxww4nflbIFOPsKP12vXuQs7cQr3BFE9yCowLz0X961WM2V4Cc6o6txY1MzU7
|
||||||
|
FY7mFrwIy9b/WNLBXJUB+dpnKzmY38ECLJQ+gTxahgumxaNe0wQclIrkrnGLszOrIgLyVAL6
|
||||||
|
/qD2qUywoNb3WWOHg6fOabKfTF3zBdzSYPNRXbhWNxt05EXARXRwYR/mkwpAdT3TUgbGlOcU
|
||||||
|
hNAqmtzEvT/Q/Cu0nPvwXnJ1Foix6S+zrFAM8gs6zeUc8Q3k0EQvi8m54jILnt5QqYFSGM40
|
||||||
|
FLgryKBF9hjwcPN1Hu1Qij8Z3H9MllV6Df36YSgKN1XpG3Jy9ktJcHvQPgHYVmXNsmQlmQxE
|
||||||
|
ei/ZYehdgLeU0Q+JAhwEEAEKAAYFAkxsD/QACgkQeFPaTUmIGtMxgw//TrRErKK8vl8VnvHO
|
||||||
|
8TK8KAMFi/GaRM0RKze4nJp72CGSrY5/bg2jAlS0hEKmSirlbLD8+U5/wWa5SrQT36AcyXYm
|
||||||
|
I3weWgzNSvbCS3N1WnefhlUhkaC1PRMX3AI7EqwyTUX7o8Q8A/HVTgbgHnIKxO1y1EhcfY1I
|
||||||
|
WEvA1wTR29928n63dmy03rKB2cJvQupGd/xRPXBx55h79NlLOJOadlYsUrk3B+RWBZHsn7xp
|
||||||
|
wWXn+38fwuIFs7DJye3Eh1ceDootTd6wlI7Km8Nh0+bCCVbeInxp3THavrz1ohGhQ8O6AmPx
|
||||||
|
wX7TN2EakX5mrwePFgHasLpgciOVRpDsaoQPF7taQg+d7knrrgbD9Xf6JkDl9/sxnlZ//t72
|
||||||
|
eQR3X+CGQFmfhl5rw+h28FkPxrFO+n6nk6opm1z1n8FFjQnTzFxp2taqVs3s58ondUiPWb2p
|
||||||
|
E8HOHQX9b4iYY5x6hrZehkSwoJOlwGssiJZSa9eCWs+yvJoJOG8yHunh48o91gY7kaqxGT9o
|
||||||
|
K+2MzW/uwh7ztZ/ElJj4Vg4XTOqHgSDmUKZjA6e8Z1xuXoVT7D7axP0NvgIj1jjeCD1ncQsf
|
||||||
|
Ay6tynZm/+Mz/PLwfe9uYGt5ZncwY9aKZRr8a9sUnaaIjeq7ywugKfQyxr1v4sjcQqELKfsM
|
||||||
|
NLrvOMjw2eLg+3UC9p6JAiIEEAEKAAwFAkxi3T4FgwlmAYAACgkQzNLtlNIXOemGQhAAo5Zp
|
||||||
|
Oa83tEIyfPOcj7HkQPTutAs8H+kgxzPMLYFhXSYKLPMsoH1TGMFC1JH6PjrzRdk6g7jmoUEK
|
||||||
|
2F6EL5QpFFKFNVWahRWY49F67jryslVdeZKvFMEY0qjqsJ9nEBIZW8wJ/7BNvYmZxBlWq7PU
|
||||||
|
0SKbbGNVexMagwctygY+mdnknS6vI3aom/yFByVcVXIdF52GJiAWA9nIx/poKS0ecCd4UuZr
|
||||||
|
eQd+d+x/z4Bww5E62k2mB9d+VDik1kjzL7bXfPV3+bWoyBmfl9zEYgNnQ3ICurKztkRmu1/k
|
||||||
|
1+68wHfU/0MR/1nJ9DkEfBi9Z7T3shtCiU+993wSHPeKgurkQwn+wzkthCNRNs3kOwee5Whs
|
||||||
|
/zD/dyZgH+lrJDHmW6C8zaa/K6Om9+AacXLId1xjQpmmkO83Tkf9qQvtC/UlocllGxHo3hAJ
|
||||||
|
dfxONF/jwY6Zs8NvRWPuswTEQOLCLeww5AhVfapOLBhcG7xZEye6VLArPNq4OsD2b8NyCd39
|
||||||
|
GxtBdxR6/8OQbGoEmrYf7aGS+ga6oygj/+ut1M6w4YkQCbLd+OjL2ZUG85tALP/1KdCp1pTg
|
||||||
|
YW/TmF0BeT7ICa/MmZeYyO0DUKqvsbH7Dyk0aiYgu+Gm3ob6JNC7MGadUkWIyjLUHkPNmnXV
|
||||||
|
rGT4KAkRtX+cQl/R+rR+ewB6RErUtCmJAjcEEwEIACECGwMCHgECF4AFAkoHaOQFCwkIBwMF
|
||||||
|
FQoJCAsFFgIDAQAACgkQRJdSeLhhK13PHBAAiyiTX8GMp3CgLyIiieHJnBIQS5fxBICbsSrO
|
||||||
|
j8OHWnNAVwkiRbtXZQ2g4D4NvyGBuPN2hskjuGOj7aCsqpE4Ln23RfBTAI3fF3JgMGwkqWh3
|
||||||
|
9a7Sjnw8DwxqaHB3zfs2AvPnolSUNyzc45VslNsE2j359UmvwZAGpqN0A1GfobFMWjmt3QoD
|
||||||
|
q58C8EyFOWx/Mzcl0qUrvGRbQjQ8najAYugpBjdRZ0MzGfro/pmoETJnTgrZimHNXvDtSTmZ
|
||||||
|
HTVYYbxj/99Iw5DeYschcK0yvbPFXGo12ndRrEs270LpOMmBpdBaW8bCj2uzATQLZbuaM/je
|
||||||
|
py3bzEFcCHUMkF+ekIf9zp6IUkSc2B3kkbQmVJKxOeiKWzCXvuu6pU1nRqrG/565CRkwWWol
|
||||||
|
p4TvlktQgHSZ6CoIxzDnYRE0eiGpsLxA10nE9VrUCjME5a+AYLQxj7ztDdDfb5r9Lq+1/bUN
|
||||||
|
gtiiQ0fbaNVXXe14+daezFw0sCGB14MWSPQz62rkG6piKB4ZMilRijiicWg/k/Rvlbi+QzH3
|
||||||
|
PGhqaVOV0JpCTfh3rolf54x3JN3bdlW8wcev0DLPJOAuhv8nXoBBdilH999RH0lGv1NzbAIy
|
||||||
|
7goaG+XOe/fmxiZwhUQhmTdfFnXEtR8UL9/7+dv9nfVY+kIZIdSN+Sa5+pGs7bik8dfi1xy0
|
||||||
|
IkdyZWdvcnkgQ29scGFydCA8cmVnQGdjb2xwYXJ0LmNvbT6IRgQQEQIABgUCTGvvxQAKCRDV
|
||||||
|
ypsE8sQjvNDlAKC18LdtboThQEnkx1lTvZZSZfApWgCfdj0UAdJxB9OLNqm3L8ukPYl8DW6I
|
||||||
|
RgQQEQIABgUCUJ/lDwAKCRBw814kbVMecylQAKCzW0oYdLbYjN2+VkMFlr9WWoeWugCfTyfX
|
||||||
|
Czqy8U9NJX0KMsEsVBmwB7yIRgQQEQgABgUCSgdx3wAKCRAyF1wNwQJ6DvPzAKCBblkNp8NA
|
||||||
|
k+lQwKAeqyjGAr+kawCfXlAQCvjXpRb6fYYu9X0S4r3gdfiIRgQQEQgABgUCTFxxIAAKCRDh
|
||||||
|
VRfyKwkgwGBWAKCXP+R5VvROrrh366WPoeX552dN6QCbB8aK562QKVhd4OGwbqhHAJzpE7KI
|
||||||
|
RgQQEQgABgUCTF0/KwAKCRDU5e2swBQ9LSl6AKCpl0Sd/zaVE+rXCmCg9lF4Z/DyJACfVE+x
|
||||||
|
FXdayyRPKh6cy6g1x+KeMQCIRgQQEQgABgUCTF80oAAKCRD5heNACvx0dlAxAJ9JA62AWyTp
|
||||||
|
1xpVLyxGchSp7G1I3ACeIJGHywtqpfbJfG6YiFjt2C5uVVeIRgQQEQgABgUCTGdMoQAKCRCf
|
||||||
|
ePg86MQ0YfqTAJ9hOim0VRfs5+pf6rsMNStUWZXksACeODXRe1BY90f2o28VOFpxoDQMhZmI
|
||||||
|
RgQQEQoABgUCTF5RwgAKCRDaGWI3Ajs/T8IZAKDCaii1ecrI+HP8NT7zero94/RE5QCdH9zl
|
||||||
|
k7ui4NR8EuEegYPvqFw7cI+JARwEEwEIAAYFAkrbZ3sACgkQLQ1auHwlPVLxQgf/Y5PQaqBd
|
||||||
|
FXEs9QkD2Ei7WaD1AZkGwpICpVmV1kA724sJ0uXgLavd1E9NtjhMVKWYwdjEl2556oZL2i/H
|
||||||
|
XfRz+VgRcysjLM/ICcGDxy6OygziguJRpwBWk0xMowNgWFGIDvTt+Hlc7f5UnBrSE4hGmWHQ
|
||||||
|
9Vxc4qFiADKL5IuiLssYgJY31xkwSyWcEnUe8WolOb4BOX7SLuuTIO6u/Ud+Zh+N3o2amWBn
|
||||||
|
3l/OBfi2lM/TTrjFEiJ0KOfyutiGV6a6/SkfGKBzhgdzWj4M8vIMthxFAapU++3WXF7qNQAX
|
||||||
|
f50EN2TKXKHgmidfpWFqmbPhIkEaoheUYYOCaiaXY/IKgIkBnAQQAQgABgUCTHaO6AAKCRAi
|
||||||
|
OuBVvZThVI98DACKydotmw0GE4sNu7CHhGMZJqvSu2MSMK7IyjoShr/JU9PO9yXEB6TQpfLw
|
||||||
|
E5b9bso87SouahOJV+bYvBaLx7JTT0awNSMRxlGnf4il8F0FOcl3RgXpgv14YxXxs8KJHLV4
|
||||||
|
GhHRwVxzJu8hdNltsTJ7JjJQS3kUYjBpIfJlyp4yNvZvUeRQJWTs1l31CkPwU6fXP6pxCP7s
|
||||||
|
loh/zL1zVGY2q0GrTkFlrCJIxceiPNll44Rl4PrIMTmBQHVipToRinsrFbyD5QTAjiorVol2
|
||||||
|
il078fK2IeavCxtRUR6jTiHx4/IWqt+kPycq11EK4bFMKQIAJeF0aBoAX4fWOoSPIFWI/Nz4
|
||||||
|
m+EecHCk5frctfxNV6VAB5Lf4XwjEho9HFZwqmSQ9snMi3zrEZnhnrCJ1/Gs/ALt9vu0Z6d2
|
||||||
|
ZoLFgxW2hdOyaXrE54rMKillYoTLZ5d8+uTQVoN8XFz5SliSNb1tu1//i8U9Y1tpSUUTD87G
|
||||||
|
SuNV6q49gYSeDqZ54EZEiHeJAZwEEwECAAYFAlIqSIMACgkQ73Pm2lg2uBpHzAv/dOSlPdQx
|
||||||
|
6o4MrM1lB6imRf4KPTmjkIwnO4N5iFrsZch+BNJ64PdGukhuAi1EXY7LBJlXRO9BPxdJI6IF
|
||||||
|
R91ELvM5VzNzZDdwZVPDV8wJwkpBTQTgNJXCjETePf6adpQ1ORMm6Kg40WIH67BLBN993Bfz
|
||||||
|
dQbskas89BxmEdqaz1eGDaBTHO2N39jOG4vTNouatsTsUlDxCxNW/razg0uLgMPpL8dJpZ0B
|
||||||
|
4cCi7z/+r+OYrV2DQlJo6Cc/vieROA2ElFa3p9unYRcuY4Mcn6Hl4gA3QnuQDsn00GPDTqBG
|
||||||
|
OEvhjcrHghhB0WzxAu+lc6te4vOTS0OCVTWMNU/ROaG7x8vQSFqaNWxEigkVlRDofxsyGQw7
|
||||||
|
CxNS1mwsYAc2kbA84N4OxMZ4sHkLnheoVjUYaXz3JmLMnlA0AerkZVQRfzm/+rlEwLW79G1G
|
||||||
|
tsVaRP0WmG9/nNZXAr2wfD8menJAIV1lB/pCSkNlHmEM4uGFAb1lA/EENQS8sz8NvvdvLNYs
|
||||||
|
iQIcBBABAgAGBQJMXHGfAAoJEPGmm+QpwP/ujggP/1V5FTQ8rwB8uw4u7Zg5EEta/aM4E8Pb
|
||||||
|
idUJ8KDr6p5Zad+hGWCPKT3nloPbN3iaYXblmxDuAYhHl1neH96tWYU6vygmiR2Xo53y06tY
|
||||||
|
EKQbdIF3+pfOCSFh9NnFlAqw72cMWsL0VqSoZL+SgY4IojwupFWPNIJbB0JaOSW21kFf6/U1
|
||||||
|
juAbtat4J8+l4j8mNgWCUeHBENN78lYD506VIuuJRlsWiUBhH0unzY33A1BoJwyXo0TmL3wd
|
||||||
|
0g2JIGT5sJmpeMkMlKminVjZCcY7AzoTS60QrCj2FCGBtfbUOH9OQvBojWOPz7ALmKj/aOl7
|
||||||
|
3UtGnvlscJPeilteNQFWEib1e85ufAG0Ry1AEDtR0GsdARJhqiG6jRn3v0lBxfG2dVWbHrFq
|
||||||
|
a5FkUm73c9r+xjDC5NquWhd4GHyG3IgVPMvkw8sciL33o9A/XhNdjQiZmpok77nswvbuNOEX
|
||||||
|
diQVnHcylh7bNaoXR6+3R8FVA/TThpW2EjxIg9TwAPfJFKWV0SWfyJSOZLFOiEYDEqBI190j
|
||||||
|
3WSJNV+p0+lN8CDu8jFHxehsTGOAALCSQq0mZTKJJh0GH7d2YD5BV9isUvsfne52GLx/xmoJ
|
||||||
|
+cKJfszaWq2FoMhIPD/tnVYA/LPodylTRC6/8C0WIMR0eAaF+ByCoU7aEMWJDEJfX2MoyQHa
|
||||||
|
fBV8iQIcBBABAgAGBQJMYCuLAAoJEB51mnJqn910WK8QAOJQVb/ihBQC0IsBpJwKyOH5B/XI
|
||||||
|
jwE6BeErvO0rnmcYTr57AXwKNYxOvtIV8uS8gFzfaZJM4YHsF5BNToT3l2UIrWGK+O5nUL7S
|
||||||
|
UM32plf7QPI/NSfyCtBxKWfXgbFQ8X/oNdwq7HMzCtRqZDoYv5btUajFsTP8gykqXqH9Ry4G
|
||||||
|
hCFmnP0UNUWwTq4D2/bImt+iOOw4C7MXyROQ8aZd69aUsAln340L7rXz/yGTGvabdLXKuVDE
|
||||||
|
QJtiZ1m/bewAw3A7zw3mKtMAA8Em8EJuTfmFvVQEpBBdacjwIn+ZpSzuY11arLIWNp78Yegp
|
||||||
|
mFsuCANZDr/V33Xxo2Bb+4cbuOzSlXw+mOx1WYo1Fkj5Ga2IGkTbijqByIPwnCB03T/3nG/u
|
||||||
|
hde1SS9YGGNL17Z2qDOlNtufKsbfPJf9xtiEN1vJ2cbOEDD+WbC2nvJQju4t4WaX06Kyok6b
|
||||||
|
HPqupuGSOaa9VMYk6TzPAOG9hzcD8SBjO6S59z/qtGNqKZOcTWpeXWI/4qdvWtAPmafB4fVt
|
||||||
|
2XS+vOwn1c4gNQFK+nCatlYywfuKxoQqGC+i/ld8wuniugtOjX4XbK2HzvuKMuCo0z6x/7Nx
|
||||||
|
pOJAOf1jgWuQWruIt5VEULh56mhglEV1vL93aCUxOE7kKAcas7Ojbve/EQruWlFbzxJW6VgE
|
||||||
|
1ncxHX5yiQIcBBABAgAGBQJMYDc4AAoJENeITEcY4Y9ExdYQANMHDBB1HSdVXEmkfVjMgW5O
|
||||||
|
BF0AphUt1r9ptI6NvzcuJ5lFTIXHDa263UBRpHb65EgaHYqKC5LKLSXmUoKXcTU9fBLWFRYG
|
||||||
|
N11qVpdoO1WSD7R7U7ZDbix76ujLCfOtPlqrh0TzHEzE3U22X3hxL+rHjDbvrLQuEhKbVYaB
|
||||||
|
WaY1THCJjB4SA4YcWOXUNNA1i+baXlDw2XKqZrEriv+zARTxlF1GzpXBoh9ymH9TsyPg1dg9
|
||||||
|
BbzzGy6r99LMMHmt/kB8BrOX6BfnzeLwSmg4VZ/aUWSAKK2cxbvmQFA5HkuFJ2sUc2VXmuPR
|
||||||
|
DRY+vurz9PHMF5WZI8ait4/2m+W4zvsYZdgOPPkGr63+DVKssczpZWSq4zX5Ykmd9e+bsCUn
|
||||||
|
E9jAI0iH4P4SKyFt1IkRWMAaUxQjN2v5/CIyydaavQGKM7AB0CjZL2835LwqiboOmptxzuWJ
|
||||||
|
5HJM5JSqr1HMHP8vokNKcbrU0taV9IuTuBjPl198TR1vxPhHYcACIt6TP4wr1ApAsax3yoDd
|
||||||
|
T/KrmCaczIeX6BmFFqXjDM/azhpQKIyFGgbDzrRAQ/CatG8Vy1baA5uJIsmiLxc7imwtUf5r
|
||||||
|
uJOlXSi72uQd9eBx55mlt+zNHbrxULPYBIL4zOe3g1SXb0leZsvPjVAWcj21AgH2QJx1IoV0
|
||||||
|
POwfFLEVCjTxiQIcBBABAgAGBQJMZY8YAAoJEBPAtWZ6OLCw8NEQALA9UfSTm/Zqc2pJn+nN
|
||||||
|
q4sfhPUhYlTUxE1D49FzF4GmUHDYzMlU8VVZub5LahrITDINOIidmf49wXc3BcjcEKCUjND2
|
||||||
|
aL/0JMtyMMORH+3g/Vz8HvktL3EnOiTw+Z9p1GNbEROI195VIWwNRjU/EYv78ErcrQ99MzJu
|
||||||
|
O5yz+Qibp6JUSIzMGVTAiGIPzdJvnbd9JQXfg+fhanWKIIzj0dqNmH7tqYuld0K1nD/5cf5j
|
||||||
|
o8Gc2L8GQgIStjUF5OwkElnO45iSYz4rgw2PfHVQBX8GsLBGRhKcxUK9psNBHIP0eWUk7sTG
|
||||||
|
4/cbLgkQow+u0ryitmu+IJ/Q79NUiRNrw6a0rf2FUY3Nh/AbVqLVdQChKrxGtDQuJtpwh+uV
|
||||||
|
RYTmc1rPmyPbsWj6xmgfvkLgX14E+5EPx8H1wyRsRpBPEW+Wb397I5eEt+gCEjfjrCprD/xX
|
||||||
|
eNSRMdOT9NVG1HJ3wmeTEddkpbDNhtY09ydMzS1O3auJReh0L7ZRn8gPmnXk4EPamDNzY8N2
|
||||||
|
OVByXKEPhb3bHD9RCHEaSe02BDcR1nbpbVAX3onquvK4ejZMuZIXXktbBcnqHz+zbRGRyoQO
|
||||||
|
Jsgh6bv3qun3fer12w22PJ8Q8ifhAmcS+Lhadvq4hskVprr5tRmvxHRKPgZF0ZqGOmqvikyV
|
||||||
|
YhFvZabdkKACAYCZiQIcBBABAgAGBQJMZsf4AAoJEBwB9EPJyTxaJbQP/1OgrWHtcJ39T7gf
|
||||||
|
wh+3lbFvmcQ4ggc45PfnM7jM+OZbkPZOMnTmXgDXIz+0SKbPUVH86XPbeZAXHXavtIFvqbPC
|
||||||
|
yC284oQeG0gzwS5yxygry5jj0fZmw2W0MfSQWEuUkj4HBkqEhgXGmbsYhCbbN6+O8XvBvIvY
|
||||||
|
EIYO5a7wSzi/21NPuG3hcGMFV2yzr6p2FtvXfO5biWGcf0yvkj0YeBzaCwdty4F+1qGAIHcH
|
||||||
|
oPhXCEggJKZtOYVZmsHz6/6RYghmRaSoGoG7Jj9+6udgZCycn6EKPVTE+p3tMiHxJzviEFRD
|
||||||
|
Ov6iNBC55cFhSbMplkW7fH/M6rkW/e6+1zhxP1K11gwNTtoMJelrePLRpf/w12lNJl9jhe6h
|
||||||
|
fw07mluEogjhXLVOQWSFjz3Y1Tfb0ez53ev/ooucvk9XT/svl2UM/K6RqyWYl1A8KCp5OgW5
|
||||||
|
nXzRZ6fc4Ht9OY0sxMNLTLZ3enwrVa857n2VrnOgRTe8bFqNSMcR39QMAD6h9qmJR7cNbFKn
|
||||||
|
IyQQiOtKCDFbZ7wyMroepw8wNLXPlvtMvS2zSBmMC/gJsdZVHK0u3O1Rpp1Jhq/qsve7D/fE
|
||||||
|
NhHih8FBKPH1YXUOILdR0zDkyBUdXHBUpZlcRovaznkigKX6LL7f2SbXZo/jO0L1FHDhYQs7
|
||||||
|
kl7OmWIXh8XW4m0ocB3IiQIcBBABAgAGBQJMduUKAAoJEK8ig6p24qx7z1gP/3wRRaEX7n5p
|
||||||
|
oZUnpEcNy3ZRQPAfVAAX07aBSnTuHzuphX0smAfJu5fqEuYP1XzBUV/WSxuQ6nGtFoVSLEpg
|
||||||
|
W3EX+KgLUGEv7Y4NI9LUNd47CNcZ3Fo26hQ1ur66c0asuLjseHbHl1aYwRgOarMy3X8JO1b8
|
||||||
|
x3z9edPan11kBIeLpjlBnnScZVB9EB2ezptxaXvyvyq/+SAfRMnGKKO6qx5vG9uK2g7GOPJk
|
||||||
|
dzS5LGeguixNjh7pN1ewiSHO/AqPyywVGYiYB9dnVWT0RwCZMXs3YmytZHfc58EpmKDoI19W
|
||||||
|
MFA4Hsdgwp9ucXJMfZZ1Xw0i02fJQKs911aw0dF/hVjHSOQfVAiNvBFn8u5l4hgFG3JkZ6Yl
|
||||||
|
rktrC6HThK3mo+KUNlynB70xSLXwxIHYkQUTxGr0HqZgRQJL03pPqk2Y+Lx4ndu4g0YwnInv
|
||||||
|
1arb5Yfg/y4IJ6GDY6W6gvPP4wUrxue1w6BwqRwO0rD0vRMJtJqzoIRNCE8aqtQP96OmH5iy
|
||||||
|
xAQo39Mvz5cntzaNMV9LOm7RgSaBvt/hLwxfhG2KX6Fca8hAXo0Q9dg5FbHSyLxF0mSZTRpO
|
||||||
|
NPFzMz5zc2yUpjW3Holt9+5n9pzi8EUVwfNnFzijagzbL9bwuyc37M9wnPp5x2wLx3MF2o/3
|
||||||
|
fNzpyo5Lh+IH7efZcG4XnUsYiQIcBBABAgAGBQJVcaVQAAoJENqCgw48zDo65e0P/2RDhlCL
|
||||||
|
zEUuut3KmGhBmPbiTX7CnpwFhatNFIb+C1EJ2giPmmrwn0O25ED8dJFC0GhZrwNatuRzSefI
|
||||||
|
yc75hGrTr/BFqRLAOD4xfMqOE5U4+z0frVTyuxB9Gdr31EmZ9miykKnfzcz1YY4MpQtzQOWj
|
||||||
|
SiYFgjofwcpI+b5MjnqG3T8q1PzONnvvx7BrXt0lRNqL5MyByaV51CPbENyhWeJMu5tX3hAR
|
||||||
|
rsuWoBP3kw6Df/ij5I71EfO4vD8C8F6AKWt8mBjyOfIpDmHkxNU0HYrmOnxzqXGqHTu+II83
|
||||||
|
vgJOurjZ7TnqEe9jB4XMNF7w6+SPL6u3bNfzH0KPpEjzBV7jQKFUhllkRbcf2PeLnmzex3+U
|
||||||
|
pEJjS5HLOkJt3B8wyANnZB358921snsv4LVJmgx1aVpeYWNo8vRgzKRMZT5Qk3ckXmuzHN3O
|
||||||
|
FGKwLJnHmnha6rXG0ShlYjNY2wJjfmwaed4wU9k7T73tFbzoWJ1NXP37iQuEnOINVbNCQdfK
|
||||||
|
cvL/82Q3LcpiapN1E/QYdfYjNju9NVpnSFICDEEYOfvodDlxbEQegZdd8zVHayYQJuc62sUd
|
||||||
|
zPvMYLvQTq+x5tk1vJD+VSJ1sAbVZ3gzAANyMyYQ4670RK9H8z4ygxa09lAunkcJ3cUHRFat
|
||||||
|
JyRM/u5NYxmCxxL5l0/UqOJg775tiQIcBBABCAAGBQJMXHEzAAoJEPEUCEwIYRERgesP/1xd
|
||||||
|
2SPeYmC5X4OpUDsbqQoe79ojCbmd+2CoFHm+GM0WbtJHFi3BEJcVW//QNQJRSE5dKXCHtIDb
|
||||||
|
jDhzlTKYT4q0f0p25mWMJFOXqb8sNiorXXdDz7k7GwrRZFsi/XlyiIrCwVHwLpyDGkY5IPBz
|
||||||
|
p5JMXuxViM/TYn9BIX58rP7eVwAcazSBIs+QpAvUi4pfxNdPhrHh3Pczllxg6DamsEPBZsjM
|
||||||
|
fz7pJxiddkJgAlDpIa8C3ZX4HdMnoPZhMh3JHxry4CIceMC8BOuX4c3GyXuFkKTMJSlRViKG
|
||||||
|
57WyN7eQe17UZni23QLifLYD7V1r4cY7cWj1s/qsGtLsvtuVL2brOvHeHVEE7s6dWpQea6lo
|
||||||
|
jLtlWjNXvb7WQ6XNFqpal5x7MG95QbBKWGHfifhVt7WrDSW6kbouXYYEgRhSZBkPPjSZXTEv
|
||||||
|
54YkBVwCsb9fykKLOTy+wyJ5Ttj1kxtrMWsaofhDYOo9OtywwKL4AnfBMhE3NcrZ5Yf5MHHx
|
||||||
|
NK/A95j9p8/HY1dKSHNDRub7PMM73Xp0fc/6cCyl9sTM9SFymKvvcMFChRcy1ZF9kVkXP3w4
|
||||||
|
ZzoJz2YSTK4zIRY/Qqc+Z+BhX/rRuhwiILuCH9hXhhvBx9rKBxxKcTw1Gl5hZ8nP2CGXNkAV
|
||||||
|
qSXL/0H8hschAtxw203KMvqbpSq7bYkniQIcBBABCAAGBQJMXT8zAAoJEIcvcCxNbiWo+oQP
|
||||||
|
/2mKGGHKVA63SdyOkyAaz+mV2y9jIw+0hf2D6eoQ/OJ2l6vQqc4atQ9NsMBH5SKo+kPLhfof
|
||||||
|
NcO6axy4ngb27YK1czUS0oyF+Vv618k+1WePw4Kh4afVZGrGsHBiv8DcKbeAoEn3gVORu5UY
|
||||||
|
ElINIsW9ZIuIypyFXhV/zf30zR8MOd1uuJjif4ac7V+n+O0GpBgzCkKZoCdO7NJ3QH7RmpJ/
|
||||||
|
TYAug0UMY9YvU1P2ffTvZuHxdY8adJGnieFnsLrO7yYHlva6Y2T47m0QwM6BXe673hj45H7s
|
||||||
|
rZpbvNIEyRiXpucEm7YBCboiA8vBTjXOo8D27Aa5MoZUHF+znB9gRKWKUnkCyCT409yo8qJI
|
||||||
|
5uSm5LWOa3Dsje3jlzfQh0BVLbq2f/g/kgm06Sb8jWzLYHUvA/+K774sOQu2gSG0FkV8BQJc
|
||||||
|
M9RMdImzIMpNpV9JYOWZCzVbTe2ZzzZuNXQJFG7reuZ8SoB8JyrLEqNbfzJ4G+pNbXZbrSA3
|
||||||
|
ybMgkaIvt5xDujQSwH/we/V3W296WHmVbU1U1W6lfW43KbOXriCrLl/j6qiy9ln/gkVc/Amx
|
||||||
|
Mh2RC5bKOCTRJ2TgPms2+a4tSpOrqapcpa0OnZJJTG/sifz9/3eDGPTKoVkN1fYZqTp+0s8m
|
||||||
|
NohYO6YMJsuqkYNr7UAHOTE1p8nhrq4RQlaIiQIcBBABCAAGBQJMXUTaAAoJEFOUR53TUkxR
|
||||||
|
rf4P/jp1G3yjSGwglzqEbvu4rzO6LrC8ZqnxOSWjKd8xN/CIje6naB5P3gRFLphJaDUgnlpx
|
||||||
|
nQYODkDZlMPsSmUY6+GrM+XDPIEnw2Yp2Vb6OVTSeDzgpjgNsdKptNGR2ENFpC5ReAKEKAUy
|
||||||
|
7bLcraD04IV35hnuHNevjq86VO+Dev/SQ2NJf0NrOuC3iW2YA5SEXcJYGp1vXAZjRUprOnxK
|
||||||
|
n/e04kTTA4b3cKzoEo/bQqk7C+7fLG1vHziDDPszsZ09G7eAhnhZmFVTk/jvBxJ9ra56Bo8l
|
||||||
|
ArknJ7A/LHvGe2SEd9MVcoKIHGpM3IPhJldZiXNeyz/HuUA+xKAY2Ox+p0vDlKUAF/koME7u
|
||||||
|
2wwx4ncMnRdbVOGNGDJTJhJGWk3VIUsicbQQ8M+wKnkJmLNI0ZGWdoNADdIR/xSIhL8bUaVu
|
||||||
|
PC8amQwK3VD7iNRcbNnIw0+Xbzev892lbBvav1Y/V6G9lBeS4KrLu1s5h+cmCq84RlW3xCzY
|
||||||
|
B3yZhWUeojvuplyNKPApJwkjWXGC1LK6VldZzYksXMb+9JxtoE6A/9F++NKqEmDilKl15YFV
|
||||||
|
Dy/beTjoSK1+6T6RrTKOPt6kFu2460PTa9KOqjpQ60hxOn/YpyAeEK/MtRuBjAT+wBCIX+NY
|
||||||
|
UIxHNX3mcl35l6Gb1nYtL4CxBG4h557CGM4s65IJiQIcBBABCAAGBQJMXyNnAAoJEHqPSei2
|
||||||
|
NIC+Za4P+gLihkZlHwFEM0pNSR9GoL6OsaEnsUebefwcLSrX10Ee+5mpODki11Sf1flIWJ7J
|
||||||
|
I+2Gj7U2NtFFXBvzNCUDN30Xb+QJBSU+pgJERtXThl8hKYuot79wg7FclsIo9P/NEQ60/tji
|
||||||
|
2iSQ/w12NIApczn6FmX/xVaKafJyf/QRnI0mxQvd5w7JEoeIKvaUVjt5Zz9fUhTiM/9kDCv7
|
||||||
|
E4a+PuVP7nyQdSCoduhFYQwLf+727mxtdLjK5OHXl1jYx5tcFdTyumZpB7bG/R6U2wb55kxd
|
||||||
|
iAltk4U+59p7NG7JSu5Lnexq+p5/281vVH33PrIINuZUhmpPovFNeDz6lFqEICQvaiS2STte
|
||||||
|
/BY6yBwIDx/1nUhiBF3yUU1TOQrtQUfRjox4QRj1g8YpGspsUXagBltN04l4tev6Hw8tCn7A
|
||||||
|
/f/RkdQ/7U6N24ZP3BdBx1R9nKvksE+C+v5QwlqpufU8Zaj1YpmPBn/yfSzSCvd9cE8pa4zO
|
||||||
|
KujACMEsPh0c/BDoiWsmxKLTzOoeKGwl15x6x1Y1yTKOLD0wXXvEM0TVF3x3RJgvpdnvonN6
|
||||||
|
c7URWq31zKcISwLOKCK1c0UK7hyD8zFISiPChiUUdGicZ1Jo0me+xp7R9b2QQnwVj4kO94gY
|
||||||
|
maw/3ouaDqOrU80N5pVC5vC8XSp/iGAY8wR0fc0qsPY6iQIcBBABCAAGBQJMXzSvAAoJENFd
|
||||||
|
MTiCAEFz+XAQAJo4XauT6qsxxS3i4ADlzeesoE5g+QPzg5mpVP8NA+kEXqLuvW7ZZjDzMClh
|
||||||
|
bpnhT9L6lgMdKOzODa8PzMMe8lMlQtGQsfby9Jy7c15wFwO3YLr0OesnS0gGMV0cxpu7XVmZ
|
||||||
|
ROPqOn1eVk25eaZHO3dHrc4ve2OMP3ZG+df3+kwQpiMgrl5x+9UHOWfqEtyT590yzofK3FCj
|
||||||
|
qHZwMUt2pYeCksErljI2hmrKDqp1zVcjE7OoQwc6M14i2HvhYwAtvEJTuqyIjFZL/XzGS4La
|
||||||
|
2q43fiLlAJalwlvIBEtRH7E5qWJEiS8gs47+Qcwigw16RhVp0FxhD7kT1vHrCoqwMFh5ULQB
|
||||||
|
fEYVQVbfVaXU9vL61LOvPfnE7QVCMnREwzCyYlD+FonI/LK1pqbzXgEJjh48rXEVuzic1G3Z
|
||||||
|
zipxiAbJNattO5aWuQjlEQv1ykWGIwh5Fa+LEQ6Idcxi32CsD7FFCYI4dg9GpZwM0NjJYrYN
|
||||||
|
sN+Nl8/o96LBGzCsminV+M+jXyGN7S08DoEyuuoAwmiY/48lAQJQChMH+M0M/UthALdcTooe
|
||||||
|
epFC3AiHiIaKUouRyqo60vNbAixbv1olxZpu12KlgCAg/ra9VcYjvt48msQTtmDQLz8/aY2L
|
||||||
|
eoFLm4L4NMqIQ5Dxywqen1MTKkk6GIx+7pAJH5Z3izmQJEYpiQIcBBABCAAGBQJMYe5MAAoJ
|
||||||
|
EHA3PPEpDbnOyQgQAJcCcEi6GZBjFHjNE3N2iLVUMItWSEdx93NabuJi7FpuhorwaJphZiYY
|
||||||
|
3ehgSa4t0/gNzkRkscCmbzjAr/auQsS+iSpINgCKUJ+dwOO7t03owH7ARXb4gmWY58poL+J5
|
||||||
|
ZgkqDok7ZtW09G+OenTaAccIpmb1IaGHDASwZ74EuH5M2P3iP42h7Q7Slhxer1GVloLD4SPs
|
||||||
|
8W/3Rslwh+/ccYfweNC3gLvU1q50bj6kvO6OWemcI1NAWtxEDTGjsS+BsXBPlYQRF3tqtoQF
|
||||||
|
Ht3xUKlGjHBO0DYymOMAlQzXfW7uqUYenrOXmOV048rqZxRtSdQwlXUHyaGIuyCRWqzzqYip
|
||||||
|
ArtquhHSSKedxe5wltdqeB9G/D/zwHR1fz4VFkECxRp0rWnnOnWJEp6+uxYPiIV/36qB7X9d
|
||||||
|
NFxlt0Vu3vZZiXgo9RMLjdQdYuBBJrshlwKkOlYPDzpYjHWmXJjKUIhDTqD5Kr2CTw3TrRyu
|
||||||
|
mHevt0nbqlnzoHd935ZssJdbYGDC+F9aUfcyzwJN+CH34zKz5gtteGP48DewptBF61Dyl0Pa
|
||||||
|
rHthrkwMqdZBA6cHE4lGpvrGh3GXASqf/rtAHwLM4brOhtH/LYYjvO81wThRmtjyjmSsokSl
|
||||||
|
0p496fHxPDuGr7kbBDMtdfVdty8zJ8IaWI11wTYExu/6VgY9dlhuiQIcBBABCAAGBQJMYfU5
|
||||||
|
AAoJEHcx/Mxj5OJ3X+MQAIdfUJP5Pmxv6T+yNRYSZ44Kx6cJJVvPtWkV+h5gx2sY/uTAS4/y
|
||||||
|
oiBrtnxilEr1D3MbWyElI6jZPlDXxl/Jx42kEEur5BkVOFmAmAJYRork7qCds2RAWGnhqlNH
|
||||||
|
vuMIz1/PfJlcB2hS5qo+JZLxTFk4ltOTUT6W8ENacKzcpzWGeQvqG/dY8H8FL2hnvNLiGITY
|
||||||
|
XZY6hWGvW5Ti5xzIBXj7QN1C3WZAmxTOt9C/t6PHHktfC+MNGN9zQEBAn9MLkE80oSwEX38q
|
||||||
|
/ukX1RpXCUTZmxIbXOaLc6deaTcxjJbBOX+YE1dSXrg3KxhXg1IUsMVBhQx96p+yhTUwznfE
|
||||||
|
F3pZQiWZhVP9/qGa56tR6pejRM8nfgZaLNcT7nVibIk/7Js+fXRYp5nWUKf3f0BoymQss9MU
|
||||||
|
cQLFs2Dm/l6iX1gFUgqoiOVIAX8DRc7MfJ+UTlHBOMGDKVok9nVsZegQYe6P/C88vfFlI1Qy
|
||||||
|
fV4KAdAb4YwD2HatpcjDcX5TRX49mD+pmK0bx4+L3toRG6W3OPvTcsaubE9peNfjwS5L6CF/
|
||||||
|
M0Fq6IhIUobcDRjmUNtiXk77WmI0ZM1RiaaknHHCHXGQgS+QPd82Htox2ndOwP0ScgbqlL4D
|
||||||
|
LT3ZJqRJVWgnWK/n2BrctT63KFAZa68Epm4v0GZtTjpJpL1DYnUd/J6OiQIcBBABCAAGBQJM
|
||||||
|
Yt5PAAoJEHfG+0Pj0wgkbVQP/1NGXS+oar0Y3GuQZ+HwYq4t7Sh8CbCIZlei01oDcC95Fl65
|
||||||
|
HtTZJcd8RTPCkTilZV4orC+gHppLVGi2GQdSJ6C4whlnliwDtgU6uJ9uuP6EKTsGh1jAoTlq
|
||||||
|
eSDx1n8/F4JG6A1xVOekZ8NzTIfpfdFlAYANe+z674ZrRPi6tL5euQ9/iJpi//bZJMVvmttM
|
||||||
|
2QJ+XxNn/CrGKGZbA1PjBYYol3s7DjZLhR3IhgK/rvmVCo+0waZzPqI0CD/axU2OXT8B4lIG
|
||||||
|
WvDcccX/8p1tzIjlXNNsDV804c+VtUVX3jZMISmVMWLfkShhnUEhfwi5CUNtctL1SPlqwvbK
|
||||||
|
q3bxZjol/OFu2KbW1IjhZ2dJ2e1hQ1V8jUjSYQ4xdDDwzS/Z6EWWn7cLycAR8xF4CQd92hCx
|
||||||
|
o5AIgkQGG1R6iraztY5H/fdhXjzySby6q9Zvfa+rw0GkXpJzffKwrjZu27+QCqvNGX/3b1f2
|
||||||
|
s0eZ3EkFam9cMD3df8PCPU7Wt/IN8Sxv7JQqkb6StQF3NjI/lnFLcb7qf4dhZItGZBbkWfwj
|
||||||
|
M2PMEIbCl66bi8XqviJUUskn2XWfhaodv13VyXGeGzVEw4+N4auDM1w3WZ5SnSXWrFazIXCw
|
||||||
|
IBWYFSyHlKawy+Rd3I9ueYyA7PqgwdczNxTwILXhB0+pBd0Z9FMxjL85C1N7iQIcBBABCAAG
|
||||||
|
BQJMZ04vAAoJELNGT4lqoVlI9tEP/0yGcqKoQuNUIsuMasD3zVuh5j77i4wo/FCqQvMQIlzd
|
||||||
|
PWl+gC9W0xDA7vILOcqZEErIi4PPGwqpQYGUgh9KynP4HQau+43qe2BrvdauFCIJPsmuwfER
|
||||||
|
OwrgdSkKyvdXA08WG77v0a1V+u6nsnmbXg5/xZZdwCAKt+kILPVemxeIy+f1AAHj2zLnDGfy
|
||||||
|
0JE1jN4w+JZrhdWtsYXWMnfRFQQqPbnVqi5BkFDeRalBn0R4mLTCCOZn/fGodA7EdmRL1dLN
|
||||||
|
X9FbnfD8AWMDEPMDZ/h8HdK7dD16XxW7i5o6ZbVvftyf/yaF+bhtOyTHabkdSlMJXHzl5mnW
|
||||||
|
mH8NVlTTQt05SJ86NhOjr98dhSvcQOxFT/fVajDcXAQbdKnylAWHEjnejGgt9QwpM99l/Mp4
|
||||||
|
8j2rLgqfexF54y53km5ssTub3QJ19FG0FPLvRB5fnXfzOvn8iDhcC5V7dA7q08afUjaLDTVG
|
||||||
|
6byCHe8TR9weCaCrV7vvGHzmEEPRNzu02C86SXGZw05eRMWFKJL0AG1avj6k24hsnatuoUke
|
||||||
|
6IA5zcx81GbkqPDiOiiYJOEZFY1Eokm6MhIQ30HwUO0TQ93TdNgD0pJdAiElPyhs6csf6/Jr
|
||||||
|
ijOSajEDcEOuKzqYnrmY2AmDgfyOrjoW44ADKOcRTnnhAF26ljBzwqa4xguz9HEUiQIcBBAB
|
||||||
|
CAAGBQJMbL+KAAoJEORPgBbTYw+Jb74QAIQ2ADLJSvn+c5MBWYwc2NcFrRHIc0JXwmn+wzG+
|
||||||
|
QLeFDGO9SV//LM9L0XIIbsFFn71Rv+/KqyFLn9SyeGdJakuL/AMC4qF1m6bCzwSMdoZeYBwK
|
||||||
|
2r3bgPU4xW94O8zKOfRF9kwxP+QK2adfR1y7j3X70rICZYAua2ugkZcIDkN549PBze+2LYnR
|
||||||
|
3CIhyOV6nYTArKhYuaDiNnS822l8VThOgk/Dmdof0+ExQfl7Nc2oAk7wljhmLX7nMonNZcDI
|
||||||
|
ct+fDsVS856UYg3aJR8EuDCAayZHZvo24/bKPwroxl26+tEEfsqks7epWZZRGY0lH+IY2qoP
|
||||||
|
oFhHPodpAw+faiafD5/06Vo3SzH2i/btYQEwwCCA21cRLwpv9432Ia4ekvjPQ2E3fjBWGyNs
|
||||||
|
UA49MYhtllX/8jk6LE+AIU43PFit6ZB2BzVBunsy/LH4ZLxdi5sLTA1f0dO9jNkqf3xGbRIp
|
||||||
|
PVXtQ6t/9PUXAy1evqWBQgRNHVScKL6pjuoLurSIenQCbcNQo1iNLB9DuenAHNUBP6Ny3cby
|
||||||
|
hqMpazBoCIb4HqtdeUBmzdDZ3okIdjXQaxsHZhDsLNQM1ggj9mu0vJWSkXfdXpew2Z/J3Cco
|
||||||
|
lOuTcTqfGi5kdoDHPLvFDEYyrGKiHTV6P7TxoIxml4A0rY6gHFYlF1b5SXmUiCt+cKMgiQIc
|
||||||
|
BBABCAAGBQJMbyrFAAoJEHxWrP6UeJfYj6EP/0SlRe8esTX01wSot7D9mZfjK/yvpA3g2YQi
|
||||||
|
3U86Nb2vvLvJAamLzV+Ka5GL34lPASAIgwfilQyVhmAsyTOQ1sIU+rPav4olOoUTBaORlzL6
|
||||||
|
1AmhtI5N0HpjgnIDLmtKF5F/kRxm7JmcgnHgiKoSZCzZH2tomVVIGA9/aSDznr4N/uJZ0yWT
|
||||||
|
6MxKbmS3udM8WAgKxNN8IB2Z/xVDJ2dXMt0a4IgHNAn7wgfaizOiOKaJ77c4c/LNRiyhomA3
|
||||||
|
VgHDBTP+WgDwEcJupo6RiXWyvd1yDTEsHCApieODSIlniWUePiuwjBPNNKwH0/yRo1fkK6cY
|
||||||
|
kqbCD8Dk10p7HUr1+BEGW2fns45mpwJH9PvbJ7e7VldPs7AKmEKC0HHKZ9BNa3AJiujwnaUj
|
||||||
|
EYt6hq+/DRUQp6iqTPDAKE1bNTA4JD55zd1gGthsGHKfTSAydT/kdvxWH8fK6F0vOssQy7iD
|
||||||
|
o+8VVoVpbl3qJ1MtvbJTxum4ElFhPYaG4Oh/JPK1vhWVXva9T1PX6sGskdC9DPgDLStCweq3
|
||||||
|
RqzAhjPvcqgpx39mZGU/SQzwVUFN7aqASNl0ZFUMmnZ/4aNNYXY9yEAvx8GetdZm8s+0gw4O
|
||||||
|
zecerDlVf6xykodTT9sK3qiiRF53P5A8HlgyXoewut6MyKGEwhItfUshFSp7MMMJcycl+I8Y
|
||||||
|
iQIcBBABCAAGBQJMb/jgAAoJEJ0LXlse7I8OrucP/jRV886elnIly0yuYX3ALXDPgGKFwbRZ
|
||||||
|
GWC1qjf3ESdrqjC+On7jMLnT3/A4l03F23bpHEAOnTl5Ounb1PrhDnvo7msJUH1ZdtqsoT16
|
||||||
|
sAPbq14Rsg4+n7f72KYKwcQaNVkgizg/W6a8VJDOxQQgkrZh3Lp90O8krIp6MDgd+XKEQRjV
|
||||||
|
HxyhzpHHyqAaY+/nhRY3VXATZ/5K4+pdyRt0aWlpvftYTvX/iZnGBrsfjgYkBZnix/+PfFtF
|
||||||
|
A2p0AXfiFfFuU3BlE/kG35gGDgbYf9SouHuYeR6TLgEMOekxeqPacbTTpM051Mq4tewfFQHM
|
||||||
|
raLLSMCucl+duu7kyDRXfwZ+zoQ7I74UT9gRkI/jSYecRKAoSYnoewDo2bNMEsnYjFwyf+Zt
|
||||||
|
MEV3glEDcE7FXgm20YYjFb7uMQIVbiuXnFho9RQFyu6z67cfIcJzEn1pttMdV0vmMfi872Cr
|
||||||
|
BKGHxYu4gP1a+yQWx6N4Xgm1eJVdAdzhmkX7mH5C2GKLPIWzwT+onyi3qCCUWp4NL+2QescH
|
||||||
|
IVkc8daU0AH4IGp0A83dpRDb91vYWFImVW2brurAsBwNtKRhpd6yG+ufE8+9PBzQ+hZD4+C0
|
||||||
|
jyR/T5HAsuMQNSfcDDEi70E6wRLEd/KYp0YePkoAKES5CB3n46XS+WESddBXfeK0OZpAbXye
|
||||||
|
45lyiQIcBBABCAAGBQJVku4RAAoJEOugxsccACVvHtQP/1218tsrXF0nLofFs9edddWw4NLo
|
||||||
|
ZYc3HvELTHfyq4/41ERGOQoevO5/3tMzSyAG5C2lmKOz8SDHjAwkLmbqiYI2EbwYxLg1lTzw
|
||||||
|
1jZGpjzBfKm+dll3SWroKiyesv/iPrExc6fJ1mxLWtP6G7R4m6ibmz46uywwreT6WvhKRKzs
|
||||||
|
IPQdf84W13y2ItpFe9n2U3/Sy50brOnqAiLj/zIP5PIaaHzrqUIevdINFgyIWee2s7tTDcNm
|
||||||
|
zV8TV6+cMs4jT8nqguNy0lBGjMsSm4BviQRZJON7h/v3/yf67TctHMWJxeD62STnXS6wjEIk
|
||||||
|
TTYSNSEZGvMw6Ti3lVB4nlx7WW8wLX9X5/1QdPc9jZyVpsh8QzqUtp+jDo6dfXPBYfUlwm1v
|
||||||
|
Q84BVfcknpMkVMDLX9EMS8M2HLWBGCOEa2/n88ocUnjX2ZL5C2MGlK1TTyxSWCA8D9beVpKa
|
||||||
|
PdYP8JfUiZpC5nLKKBvyEGJhUa2dOY6jdbPRZX+V2TWMIwGWq03kSv4VBHdErK+HUXXcFvue
|
||||||
|
OdQBEOcN4H78RPd20CNTEIE4bsxgT+riXcjUDDrfIH4EQsA4oh1Z5fXpE47y3ZMMJuWfRzrg
|
||||||
|
es5QTKNFKDfLsDwPvgyJV3iLbJeKp3G/Te+scm3UDYi9dCB0eu1MiKM6SIxrJIGzl068Xndh
|
||||||
|
QNLOTpCjiQIcBBABCgAGBQJMXbYRAAoJEF0yjQgqqrFAvAsQALNsAqgOJrnudiKERxnGU8dD
|
||||||
|
YlxWPADlESd/DfsoEFkyd87GXVzfOE3ZaGKW66PB/D8eEfiT3wWVNpmAfIoHePXkPsA7NSyD
|
||||||
|
CORROlpxXE9zFaiRYMzY3EdCsvSjSn2F3K7pymCC5yuYFXTW1J6x+CS8YCEautV5h6oIsGsD
|
||||||
|
4zqXyHLWM6Htm1J1Rk0vW9tJqtfO39CFD/McuOUC6QMNLeBlWri8VDFmdGixOmLNAtBoZkPv
|
||||||
|
i7AE3BFa4utWcLLjm5gMDsPW2xag21LAwX+xiZ/G0xkDfwKM6w01KcIp03wVzWBwtaUApsmu
|
||||||
|
6fsH6gFPFuqrAKadAJY/L/U0A5QI8Lw8joq152skYYwzwC0INYTw+gst4IJDWPtjd5sK80Q9
|
||||||
|
NJpnqLJv91KAn5+Ya/i+K3jjFQLwII8x1rX+B+hxsbofh95VdfPJW7W2ZMFAc5kpiN6Vmw6O
|
||||||
|
X5i0x407cMV2TslvGI5L0aQ1T9mnMipqMnQNX9sMjCUSRNVa1DTYPr4ANkPy4ssXxenRN6Y6
|
||||||
|
J1Y2KORYgm93FfUpQaUUHOPzBT8PlfuTn1rNZpIABEl7RB2qpsJIWytQjZ8U/9epUiiChMXk
|
||||||
|
1zmB8izRWAoX9NtLM7KttiFht1nRYgB+8Q9/Ta5mros/htAW4slcFzNwEqFFEYNpgdtfh+S5
|
||||||
|
50o9SeOpmQQqiQIcBBABCgAGBQJMXlHEAAoJEDkUtTL0376Zk/AP/2NHH69E18cRAOuET57I
|
||||||
|
oRZmJqa+a+cIdmXFIhWlxUtQfEBdXwSDDcCNVZCWWabiHieSEahXSbCQIpjsjfTLHVVmBBCY
|
||||||
|
a1XFHixF3tnR8auN/KONFQ5tl5IViAw0tYBX1zbx3FqZf/XMqzOr/twpKrbI2VaslvjPpu1E
|
||||||
|
sZ7KiXnqjWU1Dp9ydwK7sdb34V6w/N/uonaulFq6IZ4GzQzIaF7/SkOwm9am9TKON/OmE9HL
|
||||||
|
hz4kGimtnvztfaGQANF/YxBdjXEvtUp76y8QwXrxOD8f7EFQmascGPIJqgR9KLYp1Tsw6EFJ
|
||||||
|
eKpDGJjzevkBN8eeIDLOWfcG+qlhNHHtnbfXnv9Ojr8b1idvSsdqvwFBAjw2svZAK5f0wkrx
|
||||||
|
KU3U5/hTIz89EQuT0o/oJWBj67ONQYHyh4CYMZi3oTiqFWQH10utKi4kGnM8jaDA2No4q4xk
|
||||||
|
n6L99QIU+RClkamJVBQdmzoSYpjiFoAlXDIhwQGt+QmhbizZLp6NqxXJOOHJ8ictRpRlzHOq
|
||||||
|
ERlLNkmaaf4YTyBeEIH+GYad/xiqDQqm5NQHFBira2dZskxKC3SND1e5sTd0nYIur09wbJG+
|
||||||
|
z72oKoiPMCf4Lzawpi83Yz3Swks8hZ32fbObhuiAmfXqEfDlhbf6Hz9NqTxE57faXm8pWrRy
|
||||||
|
o1QgHe7WNpM8vth/iQIcBBABCgAGBQJMZa+UAAoJEDIkf7tArR+mQ54P/j192Qx1SS9xW+Ao
|
||||||
|
2V6IdWidRtV25Pkt4LckZAIJHfVEvjpM8z1uuY34YacjFeZWtfI3mpM9JUQ2Zx854oSX9z0S
|
||||||
|
iQ0u5XnPNBavYZ+DKgGygOyDQdNdjvdzR13IT3RIu+OAnAFkBfwS2r8i2rrWpeZxltPR1Uc8
|
||||||
|
J0ZtJ+DLgdbtWZxCGIl5eupdbf03oNQ0GHP/h4W9Ls2kvJOzILQx24+9tCZBIi6ZuHjlawhV
|
||||||
|
uZwTvhuc9HNhl5knHeyOZCFfBcNTWFnxuHIzYq0AU/12+WYuZ+SLll7+yA1yHpP7tQrz6oSY
|
||||||
|
rQGLzsBq0/kONM4WYmhMQVtgxuxjZV7DK8+1f1YlbKCGrk/R4lZ2JklJ2+qI2WMiiW4BdZ3o
|
||||||
|
CkEi8z5Z2vISsbTe9LujYnEbiTyCiEZlrz5bkavOgMP8T/0NlA0GSUt1Jo4hkLG9eWUfYgq/
|
||||||
|
7N9vMQd0ihpUVKciJyqaSixVZVX2OdUW0nCh2ftwOzfvjhBG3GydQDb6Q8tdiOeLL4kB/zpO
|
||||||
|
VfZu3UydE7CAtqzvNj9DRR6hfyuELHULoxkP7DHCJIx2k4ZZwgUmLHYIyni8ITsRUnapzqwO
|
||||||
|
Gy4wmQM9ZGvI1vFXINsV8FUKg55scO7baXwizGX6UQ4jwvCBkt7i/1lYhY5udn8vmQ0cRf9Z
|
||||||
|
HjKhTYfZ05hp1dAc9Z7piQIcBBABCgAGBQJMbA/0AAoJEHhT2k1JiBrTtIEP+wRhrJcz3w7K
|
||||||
|
y8F8xF7+ihU9k/lvDjqZLlYKuX6kJsTupTygmC7bNVw4uBfGzlujY5kroa375kGK0Q6Uh4PT
|
||||||
|
ffiySDUmKj4ap29rlLT3JzFuu5CIH2jskPEAYhqgaf1NZUKAcIncDtVGZWi5J/Gi8faVyRnn
|
||||||
|
tE86gVvHzlgsDoz4WLE/Wer/LUkotK66I9sn6t877lm948GIrJ0pknNHB1bCcR6YhNRS6fI5
|
||||||
|
n9W3bkHBBs+ilCd1GlWKl+a/NmBnr3yMKEYrM8hdh8RVJlHW1puyLruumoxolSToGvhAIPV5
|
||||||
|
E8D8dc92Pa5N0tELtw4a1Ao9zl4X980QQ9XPqp19LdgrN4ipqxgaxlVywzSq1fObqtSd5IYo
|
||||||
|
NuLz3PvoFeoDyP0degy+4PxXX+hERcpe224No/Oo6cPvyxblgftFpMlRVuxLJx79m2B0db/A
|
||||||
|
lIEN4RAa6mO77ZcJnAeInD6ZWnHw+bVPTbGnsz/9L8EJA/SjILpBcG9UO9pqUYu+aL80AgDF
|
||||||
|
FoWlq/Oy5YOjTIBBMcE9iN4V7RV0S7ygA7xXQ8JEon3lrgVNRQ3tyrqclXKw90ehPS8ntYJe
|
||||||
|
8rr7M7hw9SGC/UwLlZctG0BO/Le1aoRI7U6NTnfKgdhfn2UAPX7tgSAX/xgZDcuF3T8KeTwH
|
||||||
|
/GYjjUzgeoKuZMtfMjXtEOfxiQIiBBABCgAMBQJMYt0+BYMJZgGAAAoJEMzS7ZTSFznpEuUP
|
||||||
|
/ih8u8cHaYsnA0vQnfXUB3NDtKpwPA39yTh12Em2QWP9ezw9CizD9VRBmR3kksbxvFI7lNHF
|
||||||
|
bBR26jzHvz5wh0OFAoL0QpnwqO6YVDYAnDbwU+9Gyk9zFz5WAiTaj1AFMA2Y6tfq9M6eYOG8
|
||||||
|
7eNVVdRI6NOwmjO5cO1NNFO6fo4zxa93VLX8CS+4Xgt+qYnJc6bZDbwUPdmfSr0UgRVVbZAO
|
||||||
|
CGE4f2tSeLQwEOkO44XB1rgRilyGu9dRShgxLQoauAXzsQvqMzaNwjal2bz+yunhj14Q81xk
|
||||||
|
xJZ96I0w7IzMPmu5tjyPa/1Bhn+f8cHkqQQKcu4Bf2OEtANNU6M98reiS/K4cHEj0ChdFiHX
|
||||||
|
l2z4WxSsihbC3megEX96l9A2uVgJK0VsSPQQkGKzVsJkEAsld8tC4XK4OzukpXB184h68huy
|
||||||
|
TL1jdJkYcZoBQ/3Lo6Z7TJ5ZvnUhdpuvQdRfmBYK1AuRuNuhmPDYV2/qqmFOYBrpUY2/qv0k
|
||||||
|
xOYUduergCG6cI8zFK+KWn3S3sfxVt/032qe7oa9/VsloGBRwiaLl7MAwzHJfUgZCMIcfJgx
|
||||||
|
6sQRhrvZbwWg64UyG+xFuocSqTRkcCU2fezMZHhLA6B6CZgk0sY/VBQLBBOy4bmtb54AslmW
|
||||||
|
f39NNnD/VzkSqURypo3aDKn/f/v9+JNBfcCJiQI3BBMBCAAhAhsDAh4BAheABQJKB2jkBQsJ
|
||||||
|
CAcDBRUKCQgLBRYCAwEAAAoJEESXUni4YStd9mcP/AtRNozdY/n06hAVJCnI2W0U0/BknKBd
|
||||||
|
z8SXGItd3Mb++tWs8tMvZw40hB3C6oQJu9CdZ4tzZtf1jSUxoAJjGTGOiz0pooeINAuN0xRa
|
||||||
|
eLzUPyQNJpd1/CsZPFgtn4FeUa/T9WwHxZn/XzDBPd+N3uKzM63ZRpKU2lkSvSrh7fvqP13A
|
||||||
|
h8Zq/quMgOsCbQR6Dp1swJIm0s9gPfN4mEVXeknXnd2vRGrblJYL3u8V7cfjUjnCUlFmB7U5
|
||||||
|
TiROYZYeP3OIuDsAqv8+xweBswWxCxX0LYsuRHRxmLKWEYHAV6e0czRSJYKQdV90+URoOZin
|
||||||
|
Qdeo24cWK6caJEavAHFnDcKP5aMCrCtp9hM9EB1J5/w0zOEXLotwhD3cWVDv1k2s0w9wkNZp
|
||||||
|
PJKRdXL9f0en47MpqJqR9/8U9X9j8t8tTUbo9PcUcf3YB4hvmEBauBHrCBNslMx58uPYOFjV
|
||||||
|
YqbwHUzhTKHhUGVHbCkQrUOjD0z3sjKlzXFqO8Ba3sDAP+hs9+g3YUQX+A403rYJoI/b4Bvy
|
||||||
|
eZ4ryKanz4/zhskMDdSBZ/UvduPm+gHEyq8Xtj/jxRDX0EqLvkphDdUgZqnmanx3FkkH9EOx
|
||||||
|
fUxnqpdwJvAj6k3diWEuei7pSbTBlqi80fLRUm43135UP6AryHtUnraBSsaGskH4pznmwUfW
|
||||||
|
Kh5WtChHcmVnb3J5IENvbHBhcnQgKEV2b2xpeCkgPHJlZ0Bldm9saXguZnI+iEYEEBECAAYF
|
||||||
|
Akxr78UACgkQ1cqbBPLEI7xL7ACghnGFWacQR2ySOwHGcuP3y2NepV8AoLz9sWYoqYd0SL5T
|
||||||
|
192WWkJWAboKiEYEEBECAAYFAlCf5Q8ACgkQcPNeJG1THnOB7QCghdTeFj/8kaopb1WjUCof
|
||||||
|
BrrhzNQAnjYiGUchyKzDS++2vV4VPwxvMZZIiEYEEBEIAAYFAkoHceYACgkQMhdcDcECeg7B
|
||||||
|
0gCfXpPTRYvu8+YGBrnl3ryzbBrYCiIAnRMek3cGNpJrDT76nPCVkp9J7zqjiEYEEBEIAAYF
|
||||||
|
AkxccSAACgkQ4VUX8isJIMAYjQCfRZD7k69DKbhcMYOYWt5paHpg6SMAoIPdjQhnId+yPSTL
|
||||||
|
h05O6LtJU7XOiEYEEBEIAAYFAkxdPysACgkQ1OXtrMAUPS2JYACeP1vgz920Qbq9CMig1p7V
|
||||||
|
9Bve+7sAn0FIeNCiAGp7owWq6mZX4BOD0o/IiEYEEBEIAAYFAkxfNKAACgkQ+YXjQAr8dHYl
|
||||||
|
2QCfa1lGYuTcxswPc6nqR8P9G1KoS5gAoNsq+dtZCJmYMIflfGNOxlzLUsNziEYEEBEIAAYF
|
||||||
|
AkxnTKEACgkQn3j4POjENGFPMQCeNYzQIXlYtcurpdjQru//evWc084AnA4MQEEKUkVvRLOl
|
||||||
|
PvkCi847vss1iEYEEBEKAAYFAkxeUcIACgkQ2hliNwI7P0846ACgm2JlzfNk5w49MB4cGDwy
|
||||||
|
Aodz+MQAnjanm/JlttRZCU+zLaxHxEj4JovdiQEcBBMBCAAGBQJK22d7AAoJEC0NWrh8JT1S
|
||||||
|
LqwIAKQmrdBXWS2UmANTYLBfDuytJJm+mHj1YSJ8ro92xzst6WBmqxMwQ2EscOv7S0rI/LGr
|
||||||
|
8PfXBnpp7Mf3zhwEXeUts0ZUt/Vy6s8UAVPTGPSQlj/Ya8u0mFfXkdGsLMgMdds9Cz8fLbZr
|
||||||
|
SycslmVmLtK4S+rhjQhJ0vXt2sL5VJ3HRznCpmSP5+ZQOlH/PenHLmV0kC9KcOsrxgvV6Rls
|
||||||
|
HIZ7oiATogYm/kuwXwQ+0qQAMsTY3AGwE0yuMXvDuDUnGdUBzaZJJZ/wodDFYlDxTJb9NOh5
|
||||||
|
P7PDBQghiR0LrnU+Y4b4Oh6ne61EyGRhP5ULvZ8RZsvDCO27gjNxRH1nJkmJAZwEEAEIAAYF
|
||||||
|
Akx2jugACgkQIjrgVb2U4VSOeAwAsBhm8cj/o2YZPP0gFdUCUyr6ecydoD1d0ER8wwvOci64
|
||||||
|
bA6Xeu+i8LtcAHKowj0h1uVye9SXK7FpfyPlD3j6hbikG5CKXSwwEfEOUHmBIdY+UarL2Att
|
||||||
|
791yM3hADK/LjKObU/hEFs+b50xsug4pbYGbnDgitj4AG7mrqLLReCAV708jbizQyxizDl2w
|
||||||
|
/aXbgRvjjVczuxFeFYGlkIFv+da3NoeYCV1oH7Wcg2vrBb+TrxgIbAMW4V36v+fIPaTsderL
|
||||||
|
QQTv86Rq5Uv+FvZaoA1y7rXMpDbD8OJ1DdRv5BeDAGOAWUFYj+XDDdpfKt91zOlzfr74hikP
|
||||||
|
1NWx0NEyG09wxvkV/6P1zjbv8NVedwhDBs6QQsco/oYx25Pqsin+x0mnc1NiDpR+9Oe7c4ha
|
||||||
|
6JzzN3ufllxydLpK4D1RC/ITKhNhIrG26qSEtk9K6zM4QQbD/Ngh/hztcHMObLYv4MIz/Uus
|
||||||
|
K+CoJDI9kPAISK7zKTHfGTbM4O+gST0gqcFSiQGcBBMBAgAGBQJSKkiDAAoJEO9z5tpYNrga
|
||||||
|
fAoL/0E2pxy8oF9vH2d87G/tYfJB1sndWixltZtLYJMZ6HVAwYBsq6ju02893SllpZ6xp99x
|
||||||
|
xAss+xeJF8PlpH5nauQOn07IyUNTytxa6kJ/xHcIuVEVFEBU5SUaXStqfugM/EE/V8pbW5di
|
||||||
|
oIILQx52NKli/JhrBWlW4/1k8moyuCkZqYsdwwp2QgLrJhcTNB1nWx4DBgonAL7GOGy7s2DP
|
||||||
|
6zoQT2rDmlMY+Y0GrYkt6dwwed0y8mP/6c1ayLP/5E7ZlJK7Lj/3WFxYXeOOP3rU2xm+Brym
|
||||||
|
u1ND4gGC9P+p3rlEBJ/loSruk9bbviULqiO5s7dB4Xzr2joED4u0suutYtSPnuY1fNV0DGxG
|
||||||
|
qgYvhwxcuOHVD3zBMuAfYoGSRQNsMrpzBnfytP2pF2CcS9L7maaTBxyKF7UbpqdvDDh74i+A
|
||||||
|
/J2O0TmMuraSX6r/szqCS8B5UdetjxWHpaEViIy4TiFBMIzkhhJIn4nngn8lHniRT6ex+TWp
|
||||||
|
dM/vkeO5f9ea24kCHAQQAQIABgUCTFxxnwAKCRDxppvkKcD/7nyjD/wIQDebpZRkWpthmHaP
|
||||||
|
NtpU8vn2WWtxigo4D/crBIrhWCvJGqm9P9n33AXpGGc3T6VEJGyq4lxdwBP/K5FC8a3hgCXr
|
||||||
|
dXAA+V5knfURy8kya5FBGK34YtrGXBcNv77I9GdGdum+tooYNnNJERueRkBLA4aIImB/W3NL
|
||||||
|
eL1f8vWVi4vys8Utpj8+5pg5GLstbpmzewtc2LQFstMDeCjBsrDiuZZrsp3fO6zKnizg0SOS
|
||||||
|
jTkSdXwvCma9j4mlmU2Ry9QJf3EBqyDwhe5Rcrl8TopaP75wOKD3r5npo+e95Wjvxy06PjjK
|
||||||
|
1ntAYLMuEODWiKAhQ31YYYg8v0yMvBRFLfFmtgmSoFcIiGJw7azkxJefqIhQr6SWUF2G3keQ
|
||||||
|
iD3qNjrriIqxdJQqj1XZjbwwHMKlvtvokf0xCWltpqzgW9YBcKwqr80Sp5Z2M5wjeB9TWhSu
|
||||||
|
uoG44r8dtz7GEVllGwGd+hRYbyhdaEjdgFjZtJ/T2n5ESYQ5h3V3vjJbbxVZ3fOE4ksVNEkR
|
||||||
|
5cv/h1x631SuU/287bb/ObGieYIbaIxpaQPedcPuX1+hHbLCrtZ9FAx1COzhIJbXG/2mS+2b
|
||||||
|
hTUyax9RQ4n01fgsU/C6FPeGqfyrrfijS2XKQAGsigRGm7rIjENjXM2fGqNsWGEPt9v3YoAl
|
||||||
|
vVv216XE3sCRMz4Ua4kCHAQQAQIABgUCTGAriwAKCRAedZpyap/ddM2HEADRXZZx9vRiIKFC
|
||||||
|
taquk6DZB15B+CTJSe+rhtiiRiSH8GZcifbF2ARqZF00OctbKkbBNycNV8FuxRiaZZSZN1fu
|
||||||
|
ZckgOKwMK83Llj0tHd+BTrjmOiZqrZ20l9j4CMfvoTQZLOqxbf0XKpfkx+WEf8HaJ59+2GDy
|
||||||
|
CvqYrzYW4oQLdc1wwQ1mI/6XcP5YyTPaOai7WzrRhL0ClYj6/kKrcyzUm3G91SuC/AXPGs5n
|
||||||
|
8QVINq1hidCyEjuRO29Pi9YjOIRA0YSmWwmF1Jq0CAWDlSeWZf6oZZq232UM4OnDosjp58pj
|
||||||
|
ldIf8YS8TcNLjFZUSq3ilfIJgTLZIfMj0H+YZyBRvHL8071X6xmqcQXmZb2xGOJHu/Zn1qrq
|
||||||
|
BjN7HIOrohVvVqccR5rbmQp2m763vqGCPL8nxZszGvH7v5PFCTdrfa8tlqiugadUvYW+SCn7
|
||||||
|
RI1QMijJJjrlWolD6ZJLSiA21a9B/y8XmUluedCQ+RiJLzYBVSZhHI4j6EdavCKbTZfeUZEW
|
||||||
|
PiYbpjltZ5oOjoTzI/C7GKn/btPdY298tHPIRPJP2P4Ybi0Xzx1tsZIApFEn/uHxzxndigef
|
||||||
|
Q0EtTz/ikmVN3CAPo2i9dj1urBixB2QuoESumF2hjUHs9rZDtug6CuskojI0GAb2wPNf/U6x
|
||||||
|
ugU3APwb6c8O+66de8wHNYkCHAQQAQIABgUCTGA3OAAKCRDXiExHGOGPRLxnEADsBFKXFFK9
|
||||||
|
8wUfiWk8b5ov+XJRvYhrOQZz7fX0iIxUaZCLaSIViyOD8RYFXr9KKuhGc7pcEvU71ccRdmN3
|
||||||
|
SoHz+RQDrCJlRgBosEAY5hfIuqtuCEF/njo1cNSR7kjkYc5PKXpbHL2G+15X8aOBdsd/Wa0W
|
||||||
|
E6vLxMerhS5ILRbRs30W/VzcNnlb/3dhHSvJPVF9FGBeZuOahY1edZKU7xu8k+udND6lV1Xy
|
||||||
|
j25Ty0mb1WfQ6ORuqLhXPbfIycqLD2sNmpFBNVlRkRejEhJU9IiOrqkgECPjqKUMo9cnCCt1
|
||||||
|
rVO0EZYvJGD75wl1PySqbQus1MMLep6FJsqvnUpEh/HzS6+Q3/2AL3a9JLITDm2h0TkCeX6q
|
||||||
|
o7b27aoe+J4cjiApF5E643OduBA6Ox2iauEr1t5d1J8ewFWx929EQYHnLgHtBx0CzZGUAZqU
|
||||||
|
NJEqLwfgxZaN86Kdw1xP6qKCuCdkhrsLt7gsACvSpkIEEhVxoAHqJleWF4MqozwfpsEO9BSg
|
||||||
|
L071pyc0Czw0XJlNNq2sn/GomNRvXLbYeSpqzsLdOAYxsG2l7aNRHVb81ml/OEvIuxHZE4Ae
|
||||||
|
cjxfsvnONarc5jWIA7iFgk3sLaTVejP4Y8cbn4rXn+98QwseRPBMHRPx84W0Rx+YUXQSAvVG
|
||||||
|
2GboFMP1PvnEEv0Qqq6JsdMmZYkCHAQQAQIABgUCTGWPGAAKCRATwLVmejiwsLktD/9ALTT3
|
||||||
|
VOyGLPKCdTYn+kXo/R4x1+VpRdoLLkUnxKBzfTVqtHg6X9GAqMn4b8PIgIh+9ULPiK9OLV5k
|
||||||
|
bdko3T/cbP+Cl2iqSbVZoKuYpf/xd49oIdiJm/omruVotTDbz5vOHwxzmrSRcxXNzKrnmptr
|
||||||
|
f48dZjoDdrirUJNDlPE7yvM0IvBSwPv5R+t7gcti0/ZZFWDSEQ1fphx5q5fD47+t2Oqeyq9s
|
||||||
|
oIC1uO9xnzB7tTmQ4m1Up0mwRsf/r0JdTkcT2Q1PNOttWUY4aDncF+d8wCraPW7715C7iP/U
|
||||||
|
saAW2h+MwAVC3yMT6iu1dcufRJsgFg0iEd7G4Uxp4IcCfwSLWD1mh4NEXZ8Tis4hTnfpbICs
|
||||||
|
Go7qPAFDdPhWRw7ZGs/aLV0+E6hu0t5hE2CWaOCS7hfx8Z9W1heEuMBqDXZeSEfkiA6/sNHW
|
||||||
|
ocgNXiDXVMdyHm53xlswdbSDxDT6CPcdvzHsyNP9/pYd6+CFgTBAw60XqLrjYPr3tyTHBWgt
|
||||||
|
vFS0tmSq2h6zMht+yMu0WCoZgw4iTYKtwoE+8RE0aaqwxUcNw1w5h8TTFY0b0NyfD16pHX94
|
||||||
|
TruaZnlnpNWZtHgYEqtobMH6SKyOsy0G+BJ/XM3jLKczi1U5osqH0yBRCWxVk0uUAOT7Y8fi
|
||||||
|
wkUSNQl8wnUbDoRSOtwCn1AQ0LRgOokCHAQQAQIABgUCTGbH+AAKCRAcAfRDyck8Wux1D/4y
|
||||||
|
7uso609rTdbQTInHqA2XUshIOCgsk9aW9Vphgs4hY0VEhhfRyajEa6RrjdYs68BuWUWO8qs8
|
||||||
|
PKe3LhgTDv2ZmSBMdXEowYVY0CvvHhyHHZwdMl+6vRZX1uI3SHf3TKqT0eci7gNNvYnCbdMO
|
||||||
|
nXiBCM8nYUbbPOzSBKFEq3CE7EhNOvSMZwTu6pnOdH0qiVUvqNTx/hEo9qg+brPrPcLho7Yp
|
||||||
|
cGu/Kuqp30r2b/HVv4U5X5mOy/OebqzCAb8WEdWoY9V9sDo0bf4or5DZaY/JB6tozg7bQ4Zv
|
||||||
|
CTwyu4x9D1SqnySE9/wsu9xSlhni8e43o9ujv3jxABpbbOPqt00wA43wSoCbdfv4mWLsbGk4
|
||||||
|
byKR3eWEh1XcUwRfaPk08fh0ssskKBk8C4sUMIk5oTiT+VU7IZ50gh8+XgMxrwdMcWAQH/Qs
|
||||||
|
VtsYhDGA0UTw7C1Qp8mCmeqLVw9RA11d/S47UgYlXBQiv+3LXuYfmz/sALy/ktIpz/tp5CtY
|
||||||
|
PeP3CPuFMTlKpVScL7+DbeW4pwwR3pkm1QAVaG/lb3Dqc4QpYcucetSyfdof1E7ZQtCRTR+L
|
||||||
|
BXBHkfqQT4xnqYOU8ULraaLaUGOd3y17rlYUXlHijhNtytzSbn+GPDnbteQYqZPx16IS1H/6
|
||||||
|
buaSwB5ZRHBbfsF9O8JP9+ldLkbjaodxpIkCHAQQAQIABgUCTHblCgAKCRCvIoOqduKse+8L
|
||||||
|
EACKRmLci/pI12k8kF81SrF1TEZG4Mlqtij0vFQNTvaLJW9PSX5xE9ln/WcsLwUPf0ciV7bF
|
||||||
|
M92bdaPiiEDOzpC3MFEV8Kx/cBGPdGNx42SHbOrxzbriIt+OCFxylsqlElW+Wbo8chPtXWzi
|
||||||
|
/G39v1a/xHVxzBg4uUPFRL6zOOZ12M+l+TCijja4EKgctCb63t+x82GCW8UspmTTaEn8UT5F
|
||||||
|
STK+qp4+cQeIYBRBcHAGKyfzKJ6Chbv3MlNq+zhmg3b8NYLTKWOgpP4th1v44EeO/R8Oibnt
|
||||||
|
KJ9hqQF7a58hb2JLuoEmXXBJVk552hKD5UjKm1DrfZAapUTbWvVv9L5IdozaDph+GZzpXQ4C
|
||||||
|
Mxlwil3JVEe9sWPoT35iApFSgoWbDNYGW8M/CRiyLzYtCqcAzExJbU9KnKOV9kbebiZ8J7CZ
|
||||||
|
gxot5en0OaXrc/ALPHjYKrNmZEQ+B7dlUcN7KzFMEJHPC5Jb9xsV3Jje6T17lA+W4skejqPC
|
||||||
|
ZB1mi9D6SHTN0MYajeRLasFq7F1Vytd0H09MLkQ3i2lymE50Su7cOsMk1+KjA63C0JmMquMp
|
||||||
|
4rvuBt6Sh3qVaXDTPEUV5ZT5by7z6KCb4iYg7AB3IsCTsP9njUCZh19YE8IKxd4y1XXD+ymW
|
||||||
|
FwxcQs8Fak4HdGfmXLf7G55wI1E4GHFEwWMJ1YkCHAQQAQIABgUCVXGlUAAKCRDagoMOPMw6
|
||||||
|
OpY6D/9xPI7IEHZCcGdZV1C5JH93KmiqARv45K0p36nAxmGH16mpFYtTOuK9oJ3ZSAZtbGp2
|
||||||
|
oppbQX5AZHhRUvHcjwv33ME0RduosJqeMA8GT/xZKfXNGvQpn/ZG/pDyDLbL0LyEngRR1R+E
|
||||||
|
JCPNAna+op7ULQSQ/gf/HSwPI6ImnirMwXFAGOBSW0s29z0ilC/BYRlr4xt5uGwWugYnyhJK
|
||||||
|
/SSwrGBaDxB7hakk2LTeVOe18etFCno07VPoI8pUtNLBiLmySM2aK2Muy4NR+jZjU9x6oDoB
|
||||||
|
tTq40fkFln64nK82hqFoJP6kDPkzdQx5NaRiH4PAr1DOydHyXofs0MghS0UKlCZR6rkyAR2k
|
||||||
|
9r+b9+KUDEQYrHXXDqhpeCunQv9LGzTi9GmaCatNHJTwTmVk1+oydWiruYLQCQHETCzQrK2Y
|
||||||
|
FEonJnwJO8XremTXw+V3jyKZLee311I+ggQmtI5StRF7fFh7OGzdJXBVw5hI1VlISketFvAz
|
||||||
|
rllAI8Txt59l45NFNkZDZlJlJeadffen6GOXsWr5q5JfS9XlfLbGlzlrcZCG0uxGfKoYaUJM
|
||||||
|
0SNa5rvWO04pEK6AjBufkinWJBIJ1l9bz1uSkDY8g2tQWvdZrqGgih2DAXDhv+lu96U62fn6
|
||||||
|
k+UtKx1D2Y6JI+KEdeGffuVp+4SnydvYIAH4GgSaN4kCHAQQAQgABgUCTFxxMwAKCRDxFAhM
|
||||||
|
CGEREQw7EADTPt7E7JjfPg5B5r8xEQwvWnQ09/dE9xie4ohfzCOfGVpvTquyG3xKrbw9SKhh
|
||||||
|
akS8HPLGgBvvodqvZOqPGP6eZKfAAZmlER5fAEtw42deAGhL074S4XOeuPmRPnYlzPZW8cy8
|
||||||
|
HhcmjbuwXbhC7SJs1KtQ+sHZ6ihtTqXoqjsC1ArMOuA0Lsw9d4IOT5sXILtqnk92ynkX420i
|
||||||
|
yAiRU5RXlASnBNg5fAmMGZbW2/EGrHtfE+zzpqX0N38qKmBnE7kRgPM8OGYxYGpUl8x+M1zz
|
||||||
|
KY8BLhJx+gwCzI4L22uKwqv8dz3kzdWD1RBUUKJycCDzwrR+RI+xO9cQzaU/HOykH3HoRfIG
|
||||||
|
TmaewYDxl2vsVeHVDbGdZOmhVRzLqQIS259eRjQe6ZjdMiRJe15j+udFF/iVMgSgq93vWWNF
|
||||||
|
WB9Q7dKRZyPHjBuFuL9YP1VmxiNELX/BkQlDXcnlXHvK+KSFuEgV8RgQenmFtHy64YBC0MoS
|
||||||
|
ka4NtWkPl9EimPn3iAHNLBCfqqs83TaG9Fl8+V9se/B//AcsNoM0/3vBU/L/5F0PppPVO6fk
|
||||||
|
ELDY2V11zy7L5KcLJWm8f4YwOKCdyDYPYVTpl7xGM+30n5h3xto8Mz6f5NWVZbfxfErLU5iK
|
||||||
|
aeDdSebdqns+FUXmZYUlWJGCXEnY1aAzy/9MpRSz+mtXAokCHAQQAQgABgUCTF0/MwAKCRCH
|
||||||
|
L3AsTW4lqMf4D/9oxFxZbLh/kRIjys0wNgeiq0oBLh+KgN83Rf+vc74A2q2T9/XiopuEtk0T
|
||||||
|
ywbz3Xw9KlidyGr9Rrbl6O6aWpy0csxUOWvprE7jaTwjqZxqISNCcsPFbsWQieJ1bVv6upjE
|
||||||
|
j/wrTRh4IEC/P+K1OU0lWblbeDDEv2K8aj2uiO8g5Ckp9X8Y47Lh9VMPvSOPN6aFyX0s1DDV
|
||||||
|
fweQtoYGQOmteY/pFDP+K+FV8iBw/wjEVEWflqWUCIOAWBT4w2sJ49KDdi3RGmFk6PSp/JsU
|
||||||
|
SLGrwUU3YnRiVh2vsK0X5nukWk41jm/1XdvPzEEpMK/RYiSAzGXKvs+UUWFi8g7AHQNfJOl0
|
||||||
|
hmB8LYFV7mQOLdbNIVTRB/ImbexKtuLDxU35CIxrJFvg7Ry3ulIZgDgFZEM0D/xu+2tBd28X
|
||||||
|
GjppOjqp2W6Zwnn4uwqBXMrggtNRVSeGASTDs8WPdwR3PxYKxx237f8J/aC3o2k08q8KbjmR
|
||||||
|
QVRLlOo1huZxmXpn+SUUKUJ0dqrrQHIEyzGtS/VSRRI+Kj4wiThPOS6zmc/vFaLjl5T69sOA
|
||||||
|
LS5TJqoGZz7j+GDK2MINkWWNM61SNyzomtdQc2PIICR7TP9zJbOvad1QDfT7kyM1JuhpvV/6
|
||||||
|
7XIP/oxk6OfgMT7yHTF6rh+G8UUNt/ZBCYAipcFByCKDwNB5sIkCHAQQAQgABgUCTF1E2gAK
|
||||||
|
CRBTlEed01JMUcebD/9aEHlc3TtXSGHF/gxVl0zsi3mFM/wibd2n/2Zv2gRrL0Su7BunKEMc
|
||||||
|
l+7SECKbDzWC3LYucKhjgVuPHSgGakk3ANiXiDw4qFqiYil1Prf/MK8F6RWye00IIG7yZamG
|
||||||
|
+1kLA5ft7sjO/emappGvW7bicXqgoEsazImSi9ekfYhLFKHn64IR4UjynHibKjoXA+EatPnN
|
||||||
|
pT+IHnBRRHRq2uaU8ycQoxiwUT8WMPyjlIg7NT+IIYqQm7DRjSTsUoTwhdaMlH7YCbi/dX0y
|
||||||
|
SlfG0LF/5fdg+MV0h/hPqy6gq2oRouILZlfEGtvv0vBmqagmPP+m4KJ/6/Ikf5ysMtC/NlN7
|
||||||
|
exkyj4M8Nl1U07ijha5CQCvn6DyQmy7xT/rmbJ0i1zjZauFmPf1ZaqennMkz2ndC0glSAYIh
|
||||||
|
d76mDDWGjvszrYpbO7KdJJeiO0LkoSW7fKxgabNm6x5MaPVhcynmjlC8BFbn8xuZQst13Pit
|
||||||
|
VmFtIDX+SJVFQCK0Ypuw0NhkXx4sRqkBukASSwCRrDxPPWqlg9/Ji9uKjInS7M/y3RDZqwJK
|
||||||
|
UZqLw2pdlzdAStExWfA3YAX6lI7IrpHMuoPUt+aKNyO6XBLMOGmAGo6LUP8vOvwfkFI72nWL
|
||||||
|
IgHSbB7MzHLFcMxyb4CvGjpZQzu3VDt7sDIweT4ZqWMuMIxreik+M4kCHAQQAQgABgUCTF8j
|
||||||
|
ZwAKCRB6j0notjSAvpDND/4nzSbiS1pMCum5H8dhR6odBPIRanEa8fLaltUQCfwG+CXBfuH0
|
||||||
|
nguvR07j3oMWLZJ0YqZIfGWy+FRMAqFjkY9Wm35ddEO4fm5O7j662mJn32S7ouAWvMXeZa7i
|
||||||
|
uhz7pe5o5hxoN9dzr/jD0qNIUwWzCl8C1KC6Gm2Szhnzr4jMM6fxol3i1TIjzqcRACqIFM9k
|
||||||
|
rJdpHe18XEE0Ao/cNC4bPdPFEqFdDi+zoYXNrHqyCl0FqnWOkq9IVa6Sizy/8+ncgLt7mxpR
|
||||||
|
CeA6v/N4w55AGlxfS284QzDWUDzAoMzMibhnqoY/3p9xup1tMtOZe+2R6/AOfSa7nB3BSGDi
|
||||||
|
g3INNT37Xh3OiwYtiGoAPGnBvMdVQYeLd0ySC1cTls+HsXuhfediraNnzRRgioi+r7Ew29Dj
|
||||||
|
H4O0gWhunw0gqn5NO/0sqQyN5cW70iIjhJlXA2pJYXSLvONRzQ9GmvhYIq+UA89UmriycCBd
|
||||||
|
u12zi0NfEY85B8qqzFP1c0EJrHclHNm4SuSh/cXFlejRbIiSejp9uCHXQqELSRWzxRWOSy9T
|
||||||
|
4iARC/twBSE+rJYfCrTMLKZznBzz+FgY/NU91w+teGbKanrKLKjRJtlXanm5kMSVXpmeTnc4
|
||||||
|
x46OO8QjHGto4hyaILX+H0+jYcTFZXV1wXPqgevaGLL5fZ2EwfdURZOMI4kCHAQQAQgABgUC
|
||||||
|
TF80rwAKCRDRXTE4ggBBc1JWD/9xj+Vpx8DaFRrmDwND90I7bFDux0MrxxGZ1NJc0WhF03+t
|
||||||
|
1rqP5aoqgXTx6UxMHTTQXRk6dNKpqRdWCiacxd9LUpUIFj8QrSE6zwWweW+5e1lCa4cIC69y
|
||||||
|
AHRN7LwdWV/s8dTbBWxPuCspDXrb3wPNmNaouw76T2Ny5Qwt13PnkaHmoNGIDju8yOpVhcAM
|
||||||
|
mRIeAHgJn5X3WkMPi9dGfKr94Vv+K1dAKzl1VQ2DHUcS8dVUTqugYcaq1NXeZ8ipacQtTy6o
|
||||||
|
4+aiY1iBJDvKdH1MxJGsS2EvcXT14r5YzOz+KTwIExlrKK98+3XI/u1L3VkUHqY9rILN03Q+
|
||||||
|
cKxX/3dV3j9YDu3mUNL9at+cZ4FjZG/rJ0B/7frBxf9fy+7RnqKHsrr5H7jFK+mZlqyAWqLn
|
||||||
|
Lxi1kW9tliiEZ5RgqLsYQk/nvvA/hr01rAI/todTvFHV7RIByNQVrp8zBbpmSUhyGaycc3q0
|
||||||
|
aNStTXoy6dFS5WLAirq5o0W2zKRbWF6RAZLCwYAz8BAvKfbdDNAjTeXQ1X6kEYxEmsOJL3UQ
|
||||||
|
UYLUHm8Ko8pPeaFLjMfRNZYVdQhpyLQbKxEDWwmzuAxODTHPa+bWmD2QRP6g/be8ff43L+zW
|
||||||
|
Ti+1bglSk5xCncsGp5ydPfxYhAQiizIySbmVGV0u+hVPSB+vGJTelgw8p0PMeokCHAQQAQgA
|
||||||
|
BgUCTGHuTwAKCRBwNzzxKQ25zl+FD/0TkiEx7eq83NaPbkxw4fQGgIfV+ZQHHZPHZxQmWQe5
|
||||||
|
Nw+o6jBv4spK4iTQOgfcyZQ9vcNoxDyvFXTPxD1SA9VhJKY/pvZYgFk4chfIAwqsuLhL2B4x
|
||||||
|
fL7XRU044MIy12YG24mQ6wq4Yp4CLX0J7XTkqF4o5gZ53W2lZ8IBhGee13vY658Ie7OmSwXd
|
||||||
|
HZwLABOIck59PBOnDQmbIWHw2nO8esxPuCG7A1vJ9oX71PRYGe53310L/vqRWliGwgINI+Lc
|
||||||
|
ghnn/GIxdBNAQzvn1vrBtLvZB50Ck5WxRZdRyAh29i8IQKVt43X3CeXatFqPke30n1hudgXN
|
||||||
|
f5zu7aJAHA3TvIghig9L9uZtHUMIZzxSovTF75ACmxfqiCXxS2pxqzJacDpahog4rJ/AZbsG
|
||||||
|
3787vyhM2zjCiSZIrA2GE53M4M3TQpV8gKAZy54Gdjy2S8FcOiFARFGXVu/l6j3vf2dDrTdI
|
||||||
|
Hlr+Ta/f2eKfKhyCLT5ShZwem9O10mpDfP/Lznb4kPKygCjT24t/UdY21mvVKwAiXDtkeeSI
|
||||||
|
LhXVj+I4ddyx4xf5mrH7khCxwDiYKr/sPmzFUg6gHHPsxIMoV/8+DA/VU+x/r2thuSH2rdKp
|
||||||
|
IuPcN1fLI3R/Buy2Pv3KGHzzOHQyHv2UbfGK5ijKY/lF5Y3RWYynInUcjQLbx9g+V4kCHAQQ
|
||||||
|
AQgABgUCTGH1OQAKCRB3MfzMY+Tid/cSD/0XD2h3/YcPxSfN1Wc+CRkbtw/14V3lgDOa83Q1
|
||||||
|
Gr6GySQZMeZ9NeBIeC03fvlfmQl4EwFebqGR7jsuRRVZ03P9I9fKoPXJhlx/hpbavP8mkAAd
|
||||||
|
Ye/ziA5xjzIi6j7GIpID9ULMvAW9nwPtL6p0ritjvkfx7EOJ1D30ID5Gn0BzyhgPUKiqLsR9
|
||||||
|
zdP11Z4u85ja1cgkVXMl6IEMflMJ/qUonGX51sEGvAC9OfbshoASv9g1cohRJe0MAVG0arWj
|
||||||
|
KkxekFXTaChVOSuzfavExtlW2eCHy2IH4LVRT2VlOiPA+dyRZuhjBMaRr9raeYnNtB+7SLWu
|
||||||
|
XeRgMcAiwWdvKSJRIS1H1sVAlP02APy67wBeHEcMrURx0NzAZaw/7XeyPAt7+S00LJNp6qNQ
|
||||||
|
fnecBTF5LZkfKGIentqjKKN0Ns20lyMuo5TGb2mZSdhlYRixsY/z95STNhsGe3SNzgdSpbG1
|
||||||
|
2eB8j+uaoLj9Gjd4UF0uAhfS/xqDXF3MONZX+IjKbGnVx1MMwg/ECPjtfRu0nzm2o3jpYQgU
|
||||||
|
XlnM/kAjGDcHgWsWyWdKVeMB+bXOwGPl6wDmcAkaj2GoUJP2B2bDnd6QHmtBQSD0jiRmqoXb
|
||||||
|
ARisPDuTJ7VywYSND/zTkYfBpXh9YLikxYS+Vl+NtLuvILXsyOt9FV5pxNOoWKVbj3X03okC
|
||||||
|
HAQQAQgABgUCTGdOLwAKCRCzRk+JaqFZSNlnEADIAMz9GZZwdKchx9VqWzsHKetF7ASrZuv0
|
||||||
|
5DSzfPH9lxJQZskWDRnLLtTzpSkrMDqueu7bgKE5XIoRcPgIfKoBI/iJBZPQaoxN9aRyxrNa
|
||||||
|
HM/F3AF2H0hc3fqUyi5+s58C5/El8Bc8oq1ePKGrOWFAFoNTYIvQJ3CNbXfw3tm56TGVKKws
|
||||||
|
SMiH+9xk2fIBj1m8mSpAwZKo6CMjlVU3Mz3h7DNiEa0yCiESl3USCIBO1dmIRs08DNn+MZyE
|
||||||
|
oeXSXM+eJtw+GpWGwDflnwOlKDlDj42y4K6pH6BubyfXe9ylb5DI19TV1X3wtvsqyhE+nPuT
|
||||||
|
4V6j8Bli1YKm/KhwjkXw7KggkStS+6TMlT6EF9f7JiLbDjAqhCZ0eBvgCm/p0/TNL0lBwrf5
|
||||||
|
90vD8QpXfnxAprdGR8O9ZEyviUqpw4JRnlRiH7TMBHVDiNCJ0eX53oyFd/TuDSTcvfyp3i2J
|
||||||
|
GO38NQfoO0u880bpRbCiBsLcZfEAByaXp2hV/9oPEvBP+95GwbnMAR8PlmL8EDzygDElweDc
|
||||||
|
F11FvcD6pgKQdXPubxeM6vJgcrFEozzW0mLZxXLUlv0n64YUMy/7JVoETPIEFJqAKwsMvaJy
|
||||||
|
OHJH7ycbs2dTeWNT3KDigSM49VE8ERd7XzyncZUbRk3ZkhGgRAE0Fe1prHPDx86PClBV76hm
|
||||||
|
hIkCHAQQAQgABgUCTGy/igAKCRDkT4AW02MPibaTD/442P0Qwf27NHs5RV+n/M2CKeG4sZmB
|
||||||
|
epDU0XjnqjTZJYYcMtKvVJ3EPvB8qh3Y69d+pCy92pE9x+4TXj+59pSYxSaZFacW+3s1884K
|
||||||
|
BQYe4256NjbVnxQEIStYtS4wRL1xjYBoNnPu1hq+vj+zArQ1pCWjCcM9Wzpl2tUPu7Lat7Os
|
||||||
|
qB7HnDvgDB/HUbNgpni6EmfrWN3YlbGthnBXfGvAf3nyPwuM++GKs7a7R/6+it/dnPdke3Tb
|
||||||
|
/aJKAC8YXlUSo4mEqpuBzz4Sk+5wBv+xS0h2GF4z+mnwsMY7ChqlyX1eLqfx+WWdO7V5CuPM
|
||||||
|
sHMp0WxsCw4x8NPhzBzEPFlYSvYlS2z5M/RMie0g5JuXvs/ajDHZItZYJoVbeRAIVZ5q3ru4
|
||||||
|
jR2tuSLQNo8qoqll+u7qA01zeEh3heov+FZXqoe8I1z7XOS6i7ZP745+zdbyRhi2beqEQ6XB
|
||||||
|
7ub3jSSOUPM+x+LKxXC7bbhKLlAat5256wZnTTKRVNEUuoCFPtUR8FwzwRXl9AOl1Ekmqdfq
|
||||||
|
M1F9TKYq3dPATHCxw/vV1QrCaIbqdJBAtf7ZLHH9B0sAZ8kudVPQeB+Ghr4KYaSPyX8Vstx6
|
||||||
|
tl+qTyuVlkWd26OZo1mFUc9kPej7cjiXtf/XOp2mI73piU4bfTAOBHAopiNiKe25M/75bGso
|
||||||
|
bAWSh4kCHAQQAQgABgUCTG8qxQAKCRB8Vqz+lHiX2Nc0EACkkjvmLuJz2Wp9Lq0fvdjBhGCp
|
||||||
|
95dZFpvcBFJfX0rzifUEmbWRp9fiU9P2SJaCy392PL0gEhEi4P7Aos1rRfyXjGhxcy+TYSUA
|
||||||
|
HaP/jQF59XED6t2ElW8+NnZNQ3NE1NnZ2ivcig09GdxvfV/Ivi3dAjYXslsd0um4pVCEEBlc
|
||||||
|
lWw9lWRfm1V9/Zmz+/83CNuc6yVGmch9lckcq/1zxqcBE38WyP/cR6nvvuiC4NY9W6e3LobD
|
||||||
|
eLkagJqFtsThM06Hy2mI3pDsC33nu0Za1tOV1ihJCUTxArZBDqUYWBN7C7hfx6/+IO+as+2Z
|
||||||
|
hi8bav8mjY9j7chXREqnmJq5uTXGyI0LDuTABn+Sfr8861zPeev56GhS3/gBIsvhEik+Hym1
|
||||||
|
1qnvlFhICo6Gq8qtXiJ9KQE+XI/bWZgFuflJdDLWT7V+DUw5+Rdqo3Qay0vHvsto+EMQLCiL
|
||||||
|
8qLdw3eE5/lVOn9vHPccypGq5saMyS2hdS7yF8x+laj9xfIwMyp3CKTJ892K/NOh+dEhAo4J
|
||||||
|
ZNw5tHCviE2KVRxDWNjjBOcrpONkp8o/OPe5bxCXVnV5F9oZqHCfWtXc+MTlI4dkk2dPRB3P
|
||||||
|
JNUnKbSgX4x63th/m6oAB1JJ5DE1iT+fdDre4zBpSI3ILCxegWL4ve+hLHUWS/ubfkJtlO5z
|
||||||
|
4w4wiLmfPokCHAQQAQgABgUCTG/44AAKCRCdC15bHuyPDso6EADTyj6fKEvSzHFo4caqYOVX
|
||||||
|
d5kZir9ss0hzplt/csBDosMdW+wO+wxzt7jXXtfPlA0OGoFqCVEtxUGQG4qYHSbCKPd9PEHS
|
||||||
|
ruWlcqNFAqRBi6k0phM8GeKbE0+B1u0qiyEvuG8IuP+1DlXla3yG4yEUWqprBMjl46OnTd7u
|
||||||
|
ZKS24zOqnS4Hx9fId3s7bW1JwrVmodbx2rdHDyZKXqCpwXFJsVWe3cbh/h2lXYalDKzwbdcm
|
||||||
|
rgDZUJp75YxlxerMiTG9Xc/4e+XOs30DKGy2cHAMitswtjXm7ZKZ8yL5pmbmDeP99XASwByB
|
||||||
|
7Mm6KuvQSA+8ByLmkvu9XBrRq5WUG9Cx3m0Shxy7e74w5/u4LJkqrmr1wdw+gZIvWG3UuTWR
|
||||||
|
kqJw6rEoiv8WTjJSWE5rTFVaN6YH2OuOFsTWNaUH1bc01HpEKivhk3ZiOOg2Bhxbt7i7oYJc
|
||||||
|
Y+UHCbC3PwwktM3wEnANz9UMoIFxn/2OHdIWl09t50iaDErTmtgbfkENDdsXEcLA7qs+8vpr
|
||||||
|
8qY+M7ycCuRat7Vu2dqopwpkhRpKtddoMNYZ5/51vFcSuz9BdCk+y+q06Ri494UPVFJsHTvn
|
||||||
|
gjtEcxsJopZn4pddzk8g2z69BBWRv31c8xiV5X5QTf9zmRUFD06pux6dn1CUI4zoul5kW0ah
|
||||||
|
LwQysmqgG40apYkCHAQQAQgABgUCVZLuEQAKCRDroMbHHAAlb97dEAC8oQamwtIj/SWT2PJS
|
||||||
|
Kl3bdPdQaYI8+9ZL9xXLYyhOl8aduFVMlJ7rqkWSdwg/AGnp8nh/pQiaGsnRweqFoSte3poC
|
||||||
|
QkNmRR3pgsZ1qqWMxqVrE37R51MSGRBEZq50diQ0sG63tzX7GSnsHXyxDjVfR4J0/ohZzyXn
|
||||||
|
UubBB8X/C72E8CaxrFAzyrLY0zqJBMzub+b2zg5Ac0V+GK45Iz4duftmvnWf6d9aOvXsPqe9
|
||||||
|
/BPbix8l8lCWUjfAPh0sSskI48mIi+jK6rm7+JmsF+9zIoVxlnnlFcmDxMGtapUl73BzpCKI
|
||||||
|
tbplOogAKpA9/2pcSvf2JO26cjQm2gN7BHGfApB4qYFHb90fmSt7XUQEwxyCbsQyhS7Tb6bN
|
||||||
|
wI8mTqajGoRZydB8WZVjRgsnnCHa9ecY3Hs1IrTMKM3gl7Kmm1tzbtAK+NMSH0mxPG3dmTbv
|
||||||
|
NIkjOcgGTYo4r9Qt4Q6rV0zfm43dZs7AP6nECRYyMggEoHHBDh1PaPUjoUsJ4Q/b0R8yvNNC
|
||||||
|
8defastUYtUkepBJ90FzlIJeMLf/1t/1cYX0or5wfp7DPAGxTx3+5EtyKC2Vk3JltR5QkLaj
|
||||||
|
blZ2PIq8TTtdDprXJuOtucF33p3SwXRjA59DrxEofOf1B2cAcxvb42QgZ0ToJmfeTz9TfGDS
|
||||||
|
adTRh+oqbbjogv0A8okCHAQQAQoABgUCTF22EQAKCRBdMo0IKqqxQBAND/sHFnas21+PsxN5
|
||||||
|
Uo2Gr6ieI6NqP2347xT3ZAugQFDhobNJkdXexShpW/PAAxN8/JdndFtuF3nNCy6gSt9c+eLx
|
||||||
|
uZ1srzyE9nZeXne59TDI4+ubXhuu/oXIfj0n2j7m53st6+RI5JJ3SuI9kJTOhIYA+7AHBpZp
|
||||||
|
XUu+m8sS+Jhyy3h7tqJw4IrwwOfW9/WEwhp3Yb2zDoEBe2Na5whcjFRtCJkJub4YwL3L/D5G
|
||||||
|
w31dFnTFQV9C8BNmyPfoHiTWRQovejmORLdNOzaHKy9a0c4fF6C92j4s9wR3KM/eaVJxM5bD
|
||||||
|
NvP78usX8LQY5A6C/3+e7kRo1gzDoDhgYii3gDm5hItXXU0V6sTcFWWVSPGwrm+628G3VWmm
|
||||||
|
1b57mxWn6+7Yzw01R/CyqEzovFG+M1BZrJn2JqJ8Y4pM7T0oRpi0/Ee9Dqiw4+v5I8wKCTag
|
||||||
|
713ZLx2IdMQxIsMnmBq/819ZqjKkYpAbgteov/foku+Y8RvymE+afjxcE+aYQpYOyMPNRMRp
|
||||||
|
Dq6CKkVErPNpI758Eav7UqUi5KyfMQ6tMh09F+mKBZvAVE7AGIbrQWhHlTCOYdSRA7uFtgSX
|
||||||
|
TUQlMSsj/2xkorXaPoFqShOr1hiWIG78zduIGT5FxSG06j8h7j2h6W7nCj0rYaOzDNOBM9yt
|
||||||
|
3il8eu9SeAgl2cEosRL/4IkCHAQQAQoABgUCTF5RxAAKCRA5FLUy9N++mdKJD/9Lclk6nEQu
|
||||||
|
xlcgA/0ugEKmWn5JsNnq8ZUl78nZP6fKY0syx9v4bMA+ICQrokfwY4o6dMxcj2Us6JUp/FBV
|
||||||
|
Z5lo2T2iPE+ucxobFslNdpZtzOQGOsOJ0N7qirafFXJ7ACtydbnCUaPfzkPYwwplHFqT+yQH
|
||||||
|
k4RxBysHWw9a9YoBMl9KFjIwZ7Q8v0x4ywySwfRAKEzFp+ESP+hDwhlOqTBKFL1/P54lmbhG
|
||||||
|
JHDCNbwxGLIjiAeCjomyoxpg5YdSZVyWttmsy1rxMV+ndERK5vELfZYqdlhL0quVPzd1L+g0
|
||||||
|
m2iA4QdeGfqrCxex7olq1su60PFrMee2wFzH8YEYY70nCi6/JRTb/Vk0wNqgyNjKY434EzHn
|
||||||
|
liuyhFvsTkQy+ciegx1lQixRxJfVnyz1BkHNDd37qL9lbzPwVqLhhh7jkjW8koPbExQGjVcH
|
||||||
|
St2HCGDcAxyOJK9sG5a2GxPn1K/SzHXWwhVCSQN7sJSkpNmRNgjpJdOTnEtsfRC7keUEG853
|
||||||
|
cKtWtqJw38/ye6RbXXHM9y4oiLkSWLneGH3sQFtbmdtjubLQNXE7rfuUHarwCnVHV5FaeAn9
|
||||||
|
FNBoo9MCAZL1cuxe7CR/awAuH/JAkuZOanj2jFwvqeyfNgsB/LIlHIBTLPwVXDOZ3E7+KUMJ
|
||||||
|
lQ45DOfhGPOSzv3QTL4gP6lcvIkCHAQQAQoABgUCTGWvlAAKCRAyJH+7QK0fpgPsD/9gJRwY
|
||||||
|
37FXgq6tqiUO+q8H1m+VQ4y64cKNA/SMOGxV04h7o5tC3B9D/ZghAyfQ71Li88PIk8n7PAV0
|
||||||
|
Wnbv+V/9kawa7C7Bfq4OJOGzMU0Y0JPd6LnupBtq+jtE9H1TLneCiBu05bjeLSQde438Or9w
|
||||||
|
SV0sLwqKncwqRJY8iIjz9O44X+6+6p4CqdMYmsZV9nGM+cES6uytQ/sB/mh5PutZahslWurz
|
||||||
|
ouec1uqTY4uuGNwOz+MJvYUNPyajcgtpH8JNQ0phlUvV+nAOJuiNXBHw8MbxNzTdLfsdtdpy
|
||||||
|
zRH6NAMN3QHrtEGAQ8XgFnCtu6BEPpgOQIB1pMw9OiRMhkcu9uCNCY5p9NMhL1tEx92DkSyW
|
||||||
|
lmFIF/h1Ohd4yaxnn9jwTVxxhdAxqK0rIORy+sHUSuc5LrtItNe+AnTvQeY7MRgZwJuCCohQ
|
||||||
|
L3OLXULZajB98g6cZQJmNmtdUeqMY/QymIOH8IoY3SCOws4h4QZSSVxNczo2Ag5R5QKSpBA6
|
||||||
|
jjsFo/VHUX0wB/KbJTb1Hl2vtID20kR7MfzACFTI9AEbwvG6CX7oWsnciom7bHEiyHWR4Olp
|
||||||
|
tlpQk2RQ4T3RG8r9kDgJuX6KmDH6uI9CdYTuBxQgIfpEm+tfSki3LVfnOKgkRDqAJciBv+ua
|
||||||
|
qeW7KSjNDpBC4u8pn9tyX8RhpYUP7IkCHAQQAQoABgUCTGwP9AAKCRB4U9pNSYga09OUD/9X
|
||||||
|
xTiFFzcuev5k8MtYx7+T30Z549gFnOx6GdFgCK7GzW7ZjnofKt8e0NIQmzzCf0g1vxdulqeZ
|
||||||
|
7Oh8iFrxpPZyOKJoO2BDKS9VnYEANQf+quUJPTdyhGqdMSDQGbSEqjLF3oNp/+jdIIMjuo3Q
|
||||||
|
nShdK/BJPcluN7AoOFLQ3QH4Q5fEbtwc+bEJL9TfFqAhUhcY3TYnqWtsMRW3tkrgCvcp0Bo7
|
||||||
|
LMSJB6jH4Dx5q60Am4V1Zz7C9wxtZeZP+P0h0YYWCbOmQWhzT2aCRYDrp1o3SsuatHm/bPkv
|
||||||
|
rliBzslW8i5Hh3gv5Atn/P5bhMaXtJiGepkat/MGw1hP8BYaSb/mmy9XbdMlfDijcsAF2+w6
|
||||||
|
w1b782oCGXgz2ISqPLsFYWccS4GOAwSytep22iwsWpIx2JNNndg4GVfgBxx3QIhci7EVN5Pv
|
||||||
|
/586PwxTetIZmQ+FNNHcAzqBzi3oe6J8o7HlMEHjG6Dps/D2clTNHtD0vSk5ECfhSC3W8OAD
|
||||||
|
VSuB8NxZVfI2UfnyCsdjyDLUu06fMR4gNW+zlSHI1FJBSVuU8CCQOtMPJ5fHPq3hEc0DFyLx
|
||||||
|
8fPE02n8It0wm5RrdUkgOjiVK2n251SyAwSM6zATCFOIt6zdZWx6T/HrJw5wzI+wgsZHibVt
|
||||||
|
i0vOA0GsAXzobE5yyhhWTnhqJgW2vKNHjYkCIgQQAQoADAUCTGLdPgWDCWYBgAAKCRDM0u2U
|
||||||
|
0hc56aYKD/4gPLkcER4nlKdsMN5x4MuUjBbv/+Hab1+hSDxEiA0Ya2Lt3J64y03fz7J1RzIB
|
||||||
|
djH2QGhdvuZtEohiad44DUdLNGJ98q7PPll2KPeuuth+bDa3P4h8ynVbCJRSmIkSVCRG90eE
|
||||||
|
AibHWOgTNOmn48Rwq5zMEgwNvmgsX7ZRm7Mwggt24LIK93iBMqH7WqS1CujF+WqQygpk671e
|
||||||
|
GUIWSUc/iBmaHZ/yoElL5cSBSPHm+ePyQsPSN7ooaWfodXXTADpQN4d5Tl1WzwZT8G5cRVLP
|
||||||
|
4CZ4sqbzJ9EKWFMlohcf3ibT4r8H5ij8btgq0TvNcoMvCbO2P94KChQWxQSwJRftJ9/GPPo1
|
||||||
|
7zK7pXGK1QMZNMYhvbYSdcbxG/AsmC4qJb4NVdrrxBiEye41+M+nQiT7g2GbbJ9gBCv8k7lH
|
||||||
|
iw3B+KfNoAkQ2v2CaVMrguQuzxCs8Zpl7iKuFG+d3SGqnn8rRrRPE5AOlSk6bOr22jLyGsns
|
||||||
|
URt6Mvh5QyVrk0G/6YW/5IMIVNuS/i12m6ireKvpPBkUIkNlS938vNqZ4LnsZ/+gBlZqmY8H
|
||||||
|
sZEt6Wfq7efDBw8z1FLRW58xOqCY0vh4tteFJkcY1LgzK5GUddIHfYcO/Y6p/3/Vq1/ao4VJ
|
||||||
|
Jq+HSIsqrdW1nF3EDSbwyy96uAdxuhfZLxSgRugCKyyOk4kCNwQTAQgAIQIbAwIeAQIXgAUC
|
||||||
|
Sgdo4AULCQgHAwUVCgkICwUWAgMBAAAKCRBEl1J4uGErXaQAD/9wcX8JM24NI9mCjnHOGOuV
|
||||||
|
eo/1Z9sefzYvhlbbTWvJsEdt5eaL0FRl+kErHtwNyEqvOTAmt860GrpekjkFYQObCsmDOiEy
|
||||||
|
i+vJBScub9YK6TJSOQJ7f7zyIwzHgvilktujiS+/YDqd1IEyxD3QxQ9PTdjcQX/Z7enfBeei
|
||||||
|
sBFfgRwbH32p5EtdwovrmBYtgyXUqp+lSg9kG3vvdj0bt/Fkq7Es1eEW8Sp9QqaBpo2fuzNS
|
||||||
|
rojYfZu68coreRIV/nhuA7/ehjiVXlvzi3su+0ybJwGZXLXaM7kxXoYm5i8NDxp4p+7laXe2
|
||||||
|
J6HUuIQM5ea4NuPu9BKIpKGxqNXQE+n4tmX3lp6QwXuZShwOXjSFsKxXvipKI4sAkxPfrPFa
|
||||||
|
xzz/EDqUf9lzCBZ5nl6+OLv+GyTz6Meq1NGIX1N7u6XBPtdCujVbKzXd5PbEk0Y00skLFcQ4
|
||||||
|
9FwAwDFw1XIPljQ6WttsQlV6k0yoVJZc6HHovnV1zGDviSyUdegDX9uKBmgGG8ApliPLvZ6r
|
||||||
|
haU4yHykFHBMPfwBNBwrmthTShdPS7xh4bz5xYlay9wm2CzIVB6muK8PIyTrRfouuFivJuYA
|
||||||
|
zoEcPBbubalC3OCocLl2xv+Qb5G7cz2hTDx9JZXUD18IeG2A2mcLeGp1zTc1qz/7h9qa0TLe
|
||||||
|
fWpC75exhIgXVrkCDQRKB2tdARAAqsQbw2Qd1WfbJr9U1KRdwTKm2OsDODftgNv0zmfaiYCN
|
||||||
|
iOKEsrsJdtonmaisMi+Z+5/wrf3Q0bV54qmwOMTlCVvqnpxwbVik8VVGWgUcLJYYK5Lkn0dz
|
||||||
|
rtZs6AaT/sbFewir8q6m3ADbq9hTXxt9uUfe5Z/D4sdbhgbWtQa/DeJwWZr6VeyCHcY8BhR0
|
||||||
|
FXYmYDZ0c1rmbZZBt+vIF4UNTNU4x6me9va6QPW0nWTEjae9ExGSPwm1B4hQd63Nop6E2Vqu
|
||||||
|
ahdJqKVRYYmD/IqVXOxAhFRA/w9vqF95aV2BB/ZrF0FTA8iCEbFy3oNrZfq8KlJRCtcUH2qf
|
||||||
|
igMndOt8P65omM1DQhlvterVgm2PCb1GmwLEbMi+HtLntziFozYGLTlAMcUJt7Pyu/iinzx6
|
||||||
|
Sc4U108dmNTJLxqSZtvJFaRyHml9x7oP2gWjpuyVgo1KuEXKq2Z96S+sxE/YtPyB/cBpazZ+
|
||||||
|
+o/i7PLhxKa1RTIA8NgkDelWeNalvYzjNkB+tXeH0UnxtBTC+PW8dyUP8OmmM/2V1Dzcj9Tm
|
||||||
|
Ky/G04TFQyL1NjvFjzXyIUO5WpdEbSs04h5J3KM6YZJlicqB2aKAUslOi9wUIpKRK+UZBTSj
|
||||||
|
886jynsu+HA1Ob6tcTSlwtj95RV7nBTiTM6MpPuxTmZ2DR/vLE6c7yE+XgrOx9EAEQEAAYkC
|
||||||
|
HwQYAQgACQUCSgdrXQIbDAAKCRBEl1J4uGErXVFeD/9Q2vtN0FeOiveLwN4KAFbMLZP97bT/
|
||||||
|
sRJkQQUZoawfbINwzGDuFrZSsWipoBLam6BnMH6OfHkUOrCToZROHYagW/nv/WTjBTX8lJt8
|
||||||
|
SFhHh4ONPBaxF90z/YrpWlNcs/z/rqu+sm1KgCA9mkheENGOj3t97udZNfA1N4NZu67Lo6HZ
|
||||||
|
yUUCK+eJtX6BS2HgMGokHuGha/LokTor1lkl52Y3CVfds9YDrJmlSQVhxI/S6/IajLwKFyHd
|
||||||
|
pMiK/o8q3mYuZ7JKCBOooNnRpa4myUrBetf1p6xZqbhEAALMFJc7/8NXxesqvG7RQJ7VWyYO
|
||||||
|
5BhgzPutqTUOVZskc3r4cvaB7CT1CsKPdW+af/I8q/C7dhTWWthirPN4DCdcTIlK9ECpba+m
|
||||||
|
S7MQG/3ta7+/3lT3yyMKlhLkAaUlUNa/VbzUHOlVA1txJk6jcuEzWIzebEtoT/aYJZwNE+jL
|
||||||
|
CFOC75HTGlxp7/8ngHCXn1rcBS9TQJ7CGX31HhbmNak0LtzhAS4B+fWQLrFfShTREcYD+31z
|
||||||
|
yLns4jIKY8dehPner0Y8RX31/0eQOknRwRSl6uceu/6liJT23KHYzT3FPGHuK2QH6AHnORGS
|
||||||
|
g6FmBsbXSzosQOKWE3sO0dzjPIE6DRKwZIJmqQKvHqeAvPsC0U7JBWlKl0eMoIuDjp9qFDKz
|
||||||
|
BWcdiQ==
|
||||||
|
=iUyJ
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
Binary file not shown.
|
@ -1,17 +1,23 @@
|
||||||
galaxy_info:
|
galaxy_info:
|
||||||
author: Evolix
|
company: Evolix
|
||||||
description: Add repositories to APT sources list.
|
description: Add repositories to APT sources list.
|
||||||
|
|
||||||
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
|
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
|
||||||
|
|
||||||
license: GPLv2
|
license: GPLv2
|
||||||
|
|
||||||
min_ansible_version: 2.2
|
min_ansible_version: "2.2"
|
||||||
|
|
||||||
platforms:
|
platforms:
|
||||||
- name: Debian
|
- name: Debian
|
||||||
versions:
|
versions:
|
||||||
- jessie
|
- jessie
|
||||||
|
- stretch
|
||||||
|
- buster
|
||||||
|
|
||||||
|
galaxy_tags: []
|
||||||
|
# Be sure to remove the '[]' above if you add dependencies
|
||||||
|
# to this list.
|
||||||
|
|
||||||
dependencies: []
|
dependencies: []
|
||||||
# List your role dependencies here, one per line.
|
# List your role dependencies here, one per line.
|
||||||
|
|
|
@ -14,13 +14,14 @@
|
||||||
file:
|
file:
|
||||||
path: '{{ item }}'
|
path: '{{ item }}'
|
||||||
state: absent
|
state: absent
|
||||||
with_items:
|
loop:
|
||||||
- /etc/apt/sources.list.d/debian-security.list
|
- /etc/apt/sources.list.d/debian-security.list
|
||||||
- /etc/apt/sources.list.d/debian-jessie.list
|
- /etc/apt/sources.list.d/debian-jessie.list
|
||||||
- /etc/apt/sources.list.d/debian-stretch.list
|
- /etc/apt/sources.list.d/debian-stretch.list
|
||||||
- /etc/apt/sources.list.d/debian-buster.list
|
- /etc/apt/sources.list.d/debian-buster.list
|
||||||
|
- /etc/apt/sources.list.d/debian-bullseye.list
|
||||||
- /etc/apt/sources.list.d/debian-update.list
|
- /etc/apt/sources.list.d/debian-update.list
|
||||||
when: apt_clean_gandi_sourceslist
|
when: apt_clean_gandi_sourceslist | bool
|
||||||
tags:
|
tags:
|
||||||
- apt
|
- apt
|
||||||
|
|
||||||
|
|
|
@ -8,11 +8,11 @@
|
||||||
create: yes
|
create: yes
|
||||||
state: present
|
state: present
|
||||||
mode: "0640"
|
mode: "0640"
|
||||||
with_items:
|
loop:
|
||||||
- { line: "APT::Install-Recommends \"false\";", regexp: 'APT::Install-Recommends' }
|
- { line: "APT::Install-Recommends \"false\";", regexp: 'APT::Install-Recommends' }
|
||||||
- { line: "APT::Install-Suggests \"false\";", regexp: 'APT::Install-Suggests' }
|
- { line: "APT::Install-Suggests \"false\";", regexp: 'APT::Install-Suggests' }
|
||||||
- { line: "APT::Periodic::Enable \"0\";", regexp: 'APT::Periodic::Enable' }
|
- { line: "APT::Periodic::Enable \"0\";", regexp: 'APT::Periodic::Enable' }
|
||||||
when: apt_evolinux_config
|
when: apt_evolinux_config | bool
|
||||||
tags:
|
tags:
|
||||||
- apt
|
- apt
|
||||||
|
|
||||||
|
@ -23,12 +23,12 @@
|
||||||
create: yes
|
create: yes
|
||||||
state: present
|
state: present
|
||||||
mode: "0640"
|
mode: "0640"
|
||||||
with_items:
|
loop:
|
||||||
- "DPkg::Pre-Invoke { \"df /tmp | grep -q /tmp && mount -oremount,exec /tmp || true\"; };"
|
- "DPkg::Pre-Invoke { \"df /tmp | grep -q /tmp && mount -oremount,exec /tmp || true\"; };"
|
||||||
- "DPkg::Pre-Invoke { \"df /usr | grep -q /usr && mount -oremount,rw /usr || true\"; };"
|
- "DPkg::Pre-Invoke { \"df /usr | grep -q /usr && mount -oremount,rw /usr || true\"; };"
|
||||||
- "DPkg::Post-Invoke { \"df /tmp | grep -q /tmp && mount -oremount /tmp || true\"; };"
|
- "DPkg::Post-Invoke { \"df /tmp | grep -q /tmp && mount -oremount /tmp || true\"; };"
|
||||||
- "DPkg::Post-Invoke { \"df /usr | grep -q /usr && mount -oremount /usr || true\"; };"
|
- "DPkg::Post-Invoke { \"df /usr | grep -q /usr && mount -oremount /usr || true\"; };"
|
||||||
when: apt_hooks
|
when: apt_hooks | bool
|
||||||
tags:
|
tags:
|
||||||
- apt
|
- apt
|
||||||
|
|
||||||
|
@ -36,20 +36,6 @@
|
||||||
apt:
|
apt:
|
||||||
name: aptitude
|
name: aptitude
|
||||||
state: absent
|
state: absent
|
||||||
when: apt_remove_aptitude
|
when: apt_remove_aptitude | bool
|
||||||
tags:
|
|
||||||
- apt
|
|
||||||
|
|
||||||
- name: Updating APT cache
|
|
||||||
apt:
|
|
||||||
update_cache: yes
|
|
||||||
changed_when: False
|
|
||||||
tags:
|
|
||||||
- apt
|
|
||||||
|
|
||||||
- name: Upgrading system
|
|
||||||
apt:
|
|
||||||
upgrade: dist
|
|
||||||
when: apt_upgrade
|
|
||||||
tags:
|
tags:
|
||||||
- apt
|
- apt
|
||||||
|
|
|
@ -1,17 +1,29 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
# - name: Fail if distribution is not supported
|
- name: Look for legacy apt keyring
|
||||||
# fail:
|
stat:
|
||||||
# msg: "Error: Evolix public repository is not compatble with 'Debian Stretch' yet."
|
path: /etc/apt/trusted.gpg
|
||||||
# when: ansible_distribution_release == "stretch"
|
register: _trusted_gpg_keyring
|
||||||
# tags:
|
tags:
|
||||||
# - apt
|
- apt
|
||||||
|
|
||||||
|
- name: Evolix embedded GPG key is absent
|
||||||
|
apt_key:
|
||||||
|
id: "B8612B5D"
|
||||||
|
keyring: /etc/apt/trusted.gpg
|
||||||
|
state: absent
|
||||||
|
when: _trusted_gpg_keyring.stat.exists
|
||||||
|
tags:
|
||||||
|
- apt
|
||||||
|
|
||||||
- name: Add Evolix GPG key
|
- name: Add Evolix GPG key
|
||||||
apt_key:
|
copy:
|
||||||
#url: http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x44975278B8612B5D
|
src: reg.asc
|
||||||
data: "{{ lookup('file', 'reg.gpg') }}"
|
dest: /etc/apt/trusted.gpg.d/reg.asc
|
||||||
|
force: yes
|
||||||
|
mode: "0644"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
tags:
|
tags:
|
||||||
- apt
|
- apt
|
||||||
|
|
||||||
|
|
|
@ -1,10 +1,15 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: "hold packages (apt)"
|
- name: "hold packages (apt)"
|
||||||
shell: "(dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) || apt-mark hold {{ item }})"
|
shell: "set -o pipefail && (dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) || apt-mark hold {{ item }})"
|
||||||
|
args:
|
||||||
|
executable: /bin/bash
|
||||||
|
check_mode: no
|
||||||
register: apt_mark
|
register: apt_mark
|
||||||
changed_when: "item + ' set on hold.' in apt_mark.stdout"
|
changed_when: "item + ' set on hold.' in apt_mark.stdout"
|
||||||
failed_when: apt_mark.rc != 0 and not apt_mark.stdout == ''
|
failed_when:
|
||||||
|
- apt_mark.rc != 0
|
||||||
|
- apt_mark.stdout | length > 0
|
||||||
loop: "{{ apt_hold_packages }}"
|
loop: "{{ apt_hold_packages }}"
|
||||||
tags:
|
tags:
|
||||||
- apt
|
- apt
|
||||||
|
@ -28,7 +33,10 @@
|
||||||
- apt
|
- apt
|
||||||
|
|
||||||
- name: "unhold packages (apt)"
|
- name: "unhold packages (apt)"
|
||||||
shell: "(dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) && apt-mark unhold {{ item }})"
|
shell: "set -o pipefail && (dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) && apt-mark unhold {{ item }})"
|
||||||
|
args:
|
||||||
|
executable: /bin/bash
|
||||||
|
check_mode: no
|
||||||
register: apt_mark
|
register: apt_mark
|
||||||
changed_when: "'Canceled hold on' + item in apt_mark.stdout"
|
changed_when: "'Canceled hold on' + item in apt_mark.stdout"
|
||||||
failed_when: apt_mark.rc != 0 and not apt_mark.stdout = ''
|
failed_when: apt_mark.rc != 0 and not apt_mark.stdout = ''
|
||||||
|
|
|
@ -10,30 +10,44 @@
|
||||||
|
|
||||||
- name: Custom configuration
|
- name: Custom configuration
|
||||||
include: config.yml
|
include: config.yml
|
||||||
when: apt_config
|
when: apt_config | bool
|
||||||
tags:
|
tags:
|
||||||
- apt
|
- apt
|
||||||
|
|
||||||
- name: Install basics repositories
|
- name: Install basics repositories
|
||||||
include: basics.yml
|
include: basics.yml
|
||||||
when: apt_install_basics
|
when: apt_install_basics | bool
|
||||||
tags:
|
tags:
|
||||||
- apt
|
- apt
|
||||||
|
|
||||||
- name: Install APT Backports repository
|
- name: Install APT Backports repository
|
||||||
include: backports.yml
|
include: backports.yml
|
||||||
when: apt_install_backports
|
when: apt_install_backports | bool
|
||||||
tags:
|
tags:
|
||||||
- apt
|
- apt
|
||||||
|
|
||||||
- name: Install Evolix Public APT repository
|
- name: Install Evolix Public APT repository
|
||||||
include: evolix_public.yml
|
include: evolix_public.yml
|
||||||
when: apt_install_evolix_public
|
when: apt_install_evolix_public | bool
|
||||||
tags:
|
tags:
|
||||||
- apt
|
- apt
|
||||||
|
|
||||||
- name: Install check for packages marked hold
|
- name: Install check for packages marked hold
|
||||||
include: hold_packages.yml
|
include: hold_packages.yml
|
||||||
when: apt_install_hold_packages
|
when: apt_install_hold_packages | bool
|
||||||
tags:
|
tags:
|
||||||
- apt
|
- apt
|
||||||
|
|
||||||
|
- name: Updating APT cache
|
||||||
|
apt:
|
||||||
|
update_cache: yes
|
||||||
|
changed_when: False
|
||||||
|
tags:
|
||||||
|
- apt
|
||||||
|
|
||||||
|
- name: Upgrading system
|
||||||
|
apt:
|
||||||
|
upgrade: dist
|
||||||
|
when: apt_upgrade | bool
|
||||||
|
tags:
|
||||||
|
- apt
|
3
apt/templates/bullseye_backports.list.j2
Normal file
3
apt/templates/bullseye_backports.list.j2
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
deb http://mirror.evolix.org/debian bullseye-backports {{ apt_backports_components | mandatory }}
|
5
apt/templates/bullseye_basics.list.j2
Normal file
5
apt/templates/bullseye_basics.list.j2
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
deb http://mirror.evolix.org/debian bullseye {{ apt_basics_components | mandatory }}
|
||||||
|
deb http://mirror.evolix.org/debian/ bullseye-updates {{ apt_basics_components | mandatory }}
|
||||||
|
deb https://deb.debian.org/debian-security bullseye-security {{ apt_basics_components | mandatory }}
|
|
@ -1,17 +1,23 @@
|
||||||
galaxy_info:
|
galaxy_info:
|
||||||
author: Evolix
|
company: Evolix
|
||||||
description: Installation and basic configuration of bind9.
|
description: Installation and basic configuration of bind9.
|
||||||
|
|
||||||
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
|
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
|
||||||
|
|
||||||
license: GPLv2
|
license: GPLv2
|
||||||
|
|
||||||
min_ansible_version: 2.2
|
min_ansible_version: "2.2"
|
||||||
|
|
||||||
platforms:
|
platforms:
|
||||||
- name: Debian
|
- name: Debian
|
||||||
versions:
|
versions:
|
||||||
- jessie
|
- jessie
|
||||||
|
- stretch
|
||||||
|
- buster
|
||||||
|
|
||||||
|
galaxy_tags: []
|
||||||
|
# Be sure to remove the '[]' above if you add dependencies
|
||||||
|
# to this list.
|
||||||
|
|
||||||
dependencies: []
|
dependencies: []
|
||||||
# List your role dependencies here, one per line.
|
# List your role dependencies here, one per line.
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
bind_cache_dir: /var/cache/bind
|
bind_cache_dir: /var/cache/bind
|
||||||
bind_statistics_file: /var/run/named.stats
|
bind_statistics_file: /var/run/named.stats
|
||||||
bind_chroot_path: /var/chroot-bind
|
bind_chroot_path: /var/chroot-bind
|
||||||
when: bind_chroot_set
|
when: bind_chroot_set | bool
|
||||||
|
|
||||||
- name: configure apparmor
|
- name: configure apparmor
|
||||||
template:
|
template:
|
||||||
|
@ -34,7 +34,7 @@
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
force: yes
|
force: yes
|
||||||
notify: restart bind
|
notify: restart bind
|
||||||
when: bind_recursive_server
|
when: bind_recursive_server | bool
|
||||||
|
|
||||||
- name: enable zones.rfc1918 for recursive server
|
- name: enable zones.rfc1918 for recursive server
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -42,7 +42,7 @@
|
||||||
line: 'include "/etc/bind/zones.rfc1918";'
|
line: 'include "/etc/bind/zones.rfc1918";'
|
||||||
regexp: "zones.rfc1918"
|
regexp: "zones.rfc1918"
|
||||||
notify: restart bind
|
notify: restart bind
|
||||||
when: bind_recursive_server
|
when: bind_recursive_server | bool
|
||||||
|
|
||||||
- name: Set bind configuration for authoritative server
|
- name: Set bind configuration for authoritative server
|
||||||
template:
|
template:
|
||||||
|
@ -53,7 +53,7 @@
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
force: yes
|
force: yes
|
||||||
notify: restart bind
|
notify: restart bind
|
||||||
when: bind_authoritative_server
|
when: bind_authoritative_server | bool
|
||||||
|
|
||||||
- name: Create systemd service
|
- name: Create systemd service
|
||||||
template:
|
template:
|
||||||
|
@ -75,7 +75,7 @@
|
||||||
group: adm
|
group: adm
|
||||||
mode: "0640"
|
mode: "0640"
|
||||||
state: touch
|
state: touch
|
||||||
when: not bind_chroot_set
|
when: not (bind_chroot_set | bool)
|
||||||
|
|
||||||
- name: "touch {{ bind_query_file }} if non chroot"
|
- name: "touch {{ bind_query_file }} if non chroot"
|
||||||
file:
|
file:
|
||||||
|
@ -84,7 +84,7 @@
|
||||||
group: adm
|
group: adm
|
||||||
mode: "0640"
|
mode: "0640"
|
||||||
state: touch
|
state: touch
|
||||||
when: not bind_chroot_set
|
when: not (bind_chroot_set | bool)
|
||||||
|
|
||||||
- name: send chroot-bind.sh in /root
|
- name: send chroot-bind.sh in /root
|
||||||
copy:
|
copy:
|
||||||
|
@ -94,17 +94,19 @@
|
||||||
owner: root
|
owner: root
|
||||||
force: yes
|
force: yes
|
||||||
backup: yes
|
backup: yes
|
||||||
when: bind_chroot_set
|
when: bind_chroot_set | bool
|
||||||
|
|
||||||
- name: exec chroot-bind.sh
|
- name: exec chroot-bind.sh
|
||||||
command: "/root/chroot-bind.sh"
|
command: "/root/chroot-bind.sh"
|
||||||
register: chrootbind_run
|
register: chrootbind_run
|
||||||
changed_when: False
|
changed_when: False
|
||||||
when: bind_chroot_set
|
when: bind_chroot_set | bool
|
||||||
|
|
||||||
- debug:
|
- debug:
|
||||||
var: chrootbind_run.stdout_lines
|
var: chrootbind_run.stdout_lines
|
||||||
when: bind_chroot_set and chrootbind_run.stdout != ""
|
when:
|
||||||
|
- bind_chroot_set | bool
|
||||||
|
- chrootbind_run.stdout | length > 0
|
||||||
|
|
||||||
- name: Modify OPTIONS in /etc/default/bind9 for chroot
|
- name: Modify OPTIONS in /etc/default/bind9 for chroot
|
||||||
replace:
|
replace:
|
||||||
|
@ -112,7 +114,7 @@
|
||||||
regexp: '^OPTIONS=.*'
|
regexp: '^OPTIONS=.*'
|
||||||
replace: 'OPTIONS="-u bind -t {{ bind_chroot_path }}"'
|
replace: 'OPTIONS="-u bind -t {{ bind_chroot_path }}"'
|
||||||
notify: restart bind
|
notify: restart bind
|
||||||
when: bind_chroot_set
|
when: bind_chroot_set | bool
|
||||||
|
|
||||||
- name: logrotate for bind
|
- name: logrotate for bind
|
||||||
template:
|
template:
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
src: "/usr/share/munin/plugins/{{ item }}"
|
src: "/usr/share/munin/plugins/{{ item }}"
|
||||||
dest: "/etc/munin/plugins/{{ item }}"
|
dest: "/etc/munin/plugins/{{ item }}"
|
||||||
state: link
|
state: link
|
||||||
with_items:
|
loop:
|
||||||
- bind9
|
- bind9
|
||||||
- bind9_rndc
|
- bind9_rndc
|
||||||
notify: restart munin-node
|
notify: restart munin-node
|
||||||
|
@ -30,7 +30,7 @@
|
||||||
src: "/usr/share/munin/plugins/{{ item }}"
|
src: "/usr/share/munin/plugins/{{ item }}"
|
||||||
dest: "/etc/munin/plugins/{{ item }}"
|
dest: "/etc/munin/plugins/{{ item }}"
|
||||||
state: link
|
state: link
|
||||||
with_items:
|
loop:
|
||||||
- bind9
|
- bind9
|
||||||
- bind9_rndc
|
- bind9_rndc
|
||||||
notify: restart munin-node
|
notify: restart munin-node
|
||||||
|
|
8
bullseye-detect/tasks/main.yml
Normal file
8
bullseye-detect/tasks/main.yml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
# Force facts until Debian 11 is released because Ansible is dumb
|
||||||
|
- set_fact:
|
||||||
|
ansible_distribution_major_version: 11
|
||||||
|
ansible_distribution: "Debian"
|
||||||
|
ansible_distribution_release: "bullseye"
|
||||||
|
when: "ansible_lsb.codename == 'bullseye' or ansible_lsb.release == 'testing/unstable'"
|
|
@ -2,3 +2,5 @@
|
||||||
|
|
||||||
certbot_work_dir: /var/lib/letsencrypt
|
certbot_work_dir: /var/lib/letsencrypt
|
||||||
certbot_custom_crontab: True
|
certbot_custom_crontab: True
|
||||||
|
|
||||||
|
certbot_hooks_sync_remote_servers: []
|
81
certbot/files/hooks/deploy/sync_remote.sh
Normal file
81
certbot/files/hooks/deploy/sync_remote.sh
Normal file
|
@ -0,0 +1,81 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -u
|
||||||
|
|
||||||
|
error() {
|
||||||
|
>&2 echo "${PROGNAME}: $1"
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
debug() {
|
||||||
|
if [ "${VERBOSE}" = "1" ] && [ "${QUIET}" != "1" ]; then
|
||||||
|
>&2 echo "${PROGNAME}: $1"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
found_renewed_lineage() {
|
||||||
|
test -f "${RENEWED_LINEAGE}/fullchain.pem" && test -f "${RENEWED_LINEAGE}/privkey.pem"
|
||||||
|
}
|
||||||
|
cert_content() {
|
||||||
|
openssl x509 -text -in "${RENEWED_LINEAGE}/fullchain.pem"
|
||||||
|
}
|
||||||
|
domain_from_cert() {
|
||||||
|
if cert_content | grep -q "X509v3 Subject Alternative Name:" && cert_content | grep -q "DNS:"; then
|
||||||
|
cert_content | grep "DNS:" | sed -e 's/\s\+//g' -e 's/DNS://g'
|
||||||
|
else
|
||||||
|
cert_content | sed 's/^.*CN\ *=\ *//'
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
main() {
|
||||||
|
if [ -z "${RENEWED_LINEAGE}" ]; then
|
||||||
|
error "Missing RENEWED_LINEAGE environment variable (usually provided by certbot)."
|
||||||
|
fi
|
||||||
|
if [ -z "${servers}" ]; then
|
||||||
|
debug "Empty server list, skip."
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
if found_renewed_lineage; then
|
||||||
|
RENEWED_DOMAINS=${RENEWED_DOMAINS:-$(domain_from_cert)}
|
||||||
|
|
||||||
|
remote_lineage=${remote_dir}/renewed_lineage/$(basename "${RENEWED_LINEAGE}")
|
||||||
|
|
||||||
|
for server in ${servers}; do
|
||||||
|
remote_host="root@${server}"
|
||||||
|
# shellcheck disable=SC2029
|
||||||
|
ssh "${remote_host}" "mkdir -p ${remote_lineage}" \
|
||||||
|
|| error "Couldn't create ${remote_dir} directory ${server}"
|
||||||
|
|
||||||
|
rsync --archive --copy-links --delete "${RENEWED_LINEAGE}/" "${remote_host}:${remote_lineage}/" \
|
||||||
|
|| error "Couldn't sync certificate on ${server}"
|
||||||
|
|
||||||
|
rsync --archive --copy-links --delete --exclude "$(basename "$0")" --delete-excluded "${hooks_dir}/" "${remote_host}:${remote_dir}/hooks/" \
|
||||||
|
|| error "Couldn't sync hooks on ${server}"
|
||||||
|
|
||||||
|
# shellcheck disable=SC2029
|
||||||
|
ssh "${remote_host}" "export RENEWED_LINEAGE=\"${remote_lineage}/\" RENEWED_DOMAINS=\"${RENEWED_DOMAINS}\"; find ${remote_dir}/hooks/ -mindepth 1 -maxdepth 1 -type f -executable -exec {} \;" \
|
||||||
|
|| error "Something went wrong on ${server} for deploy hooks"
|
||||||
|
done
|
||||||
|
else
|
||||||
|
error "Couldn't find required files in \`${RENEWED_LINEAGE}'"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
PROGNAME=$(basename "$0")
|
||||||
|
VERBOSE=${VERBOSE:-"0"}
|
||||||
|
QUIET=${QUIET:-"0"}
|
||||||
|
|
||||||
|
hooks_dir="/etc/letsencrypt/renewal-hooks/deploy"
|
||||||
|
# The config file lust have the same name as the script, with a different extension (.cf instead of .sh)
|
||||||
|
config_file="${0%.*}.cf"
|
||||||
|
remote_dir="/root/cert_sync"
|
||||||
|
|
||||||
|
if [ -f "${config_file}" ]; then
|
||||||
|
. "${config_file}"
|
||||||
|
fi
|
||||||
|
servers=${servers:-""}
|
||||||
|
|
||||||
|
if [ -z "${servers}" ]; then
|
||||||
|
echo "${PROGNAME}: No server provided. Skip." >&2
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
main
|
40
certbot/files/hooks/manual-deploy.sh
Executable file
40
certbot/files/hooks/manual-deploy.sh
Executable file
|
@ -0,0 +1,40 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -u
|
||||||
|
|
||||||
|
error() {
|
||||||
|
>&2 echo "${PROGNAME}: $1"
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
debug() {
|
||||||
|
if [ "${VERBOSE}" = "1" ] && [ "${QUIET}" != "1" ]; then
|
||||||
|
>&2 echo "${PROGNAME}: $1"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
found_renewed_lineage() {
|
||||||
|
test -f "${RENEWED_LINEAGE}/fullchain.pem" && test -f "${RENEWED_LINEAGE}/privkey.pem"
|
||||||
|
}
|
||||||
|
main() {
|
||||||
|
if [ -z "${RENEWED_LINEAGE:-}" ]; then
|
||||||
|
error "Missing RENEWED_LINEAGE environment variable (usually provided by certbot)."
|
||||||
|
fi
|
||||||
|
if [ "${VERBOSE}" = "1" ]; then
|
||||||
|
xargs_verbose="--verbose"
|
||||||
|
else
|
||||||
|
xargs_verbose=""
|
||||||
|
fi
|
||||||
|
if found_renewed_lineage; then
|
||||||
|
find "${hooks_dir}" -mindepth 1 -maxdepth 1 -type f -executable -print0 | sort --zero-terminated --dictionary-order | xargs ${xargs_verbose} --no-run-if-empty --null --max-args=1 sh -c
|
||||||
|
else
|
||||||
|
error "Couldn't find required files in \`${RENEWED_LINEAGE}'"
|
||||||
|
fi
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
PROGNAME=$(basename "$0")
|
||||||
|
VERBOSE=${VERBOSE:-"0"}
|
||||||
|
QUIET=${QUIET:-"0"}
|
||||||
|
|
||||||
|
hooks_dir="/etc/letsencrypt/renewal-hooks/deploy"
|
||||||
|
|
||||||
|
main
|
|
@ -1,62 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
set -u
|
|
||||||
|
|
||||||
error() {
|
|
||||||
>&2 echo "${PROGNAME}: $1"
|
|
||||||
exit 1
|
|
||||||
}
|
|
||||||
debug() {
|
|
||||||
if [ "${VERBOSE}" = "1" ] && [ "${QUIET}" != "1" ]; then
|
|
||||||
>&2 echo "${PROGNAME}: $1"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
found_renewed_lineage() {
|
|
||||||
test -f "${RENEWED_LINEAGE}/fullchain.pem" && test -f "${RENEWED_LINEAGE}/privkey.pem"
|
|
||||||
}
|
|
||||||
domain_from_cert() {
|
|
||||||
openssl x509 -noout -subject -in "${RENEWED_LINEAGE}/fullchain.pem" | sed 's/^.*CN\ *=\ *//'
|
|
||||||
}
|
|
||||||
main() {
|
|
||||||
if [ -z "${RENEWED_LINEAGE}" ]; then
|
|
||||||
error "Missing RENEWED_LINEAGE environment variable (usually provided by certbot)."
|
|
||||||
fi
|
|
||||||
if [ -z "${servers}" ]; then
|
|
||||||
debug "Empty server list, skip."
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
if found_renewed_lineage; then
|
|
||||||
RENEWED_DOMAINS=${RENEWED_DOMAINS:-$(domain_from_cert)}
|
|
||||||
|
|
||||||
remore_lineage=${remote_dir}/renewed_lineage/$(basename ${RENEWED_LINEAGE})
|
|
||||||
|
|
||||||
for server in ${servers}; do
|
|
||||||
remote_host="root@${server}"
|
|
||||||
ssh ${remote_host} "mkdir -p ${remote_dir}" \
|
|
||||||
|| error "Couldn't create ${remote_dir} directory ${server}"
|
|
||||||
|
|
||||||
rsync --archive --copy-links --delete ${RENEWED_LINEAGE}/ ${remote_host}:${remore_lineage}/ \
|
|
||||||
|| error "Couldn't sync certificate on ${server}"
|
|
||||||
|
|
||||||
rsync --archive --copy-links --delete --exclude $0 --delete-excluded ${hooks_dir}/ ${remote_host}:${remote_dir}/hooks/ \
|
|
||||||
|| error "Couldn't sync hooks on ${server}"
|
|
||||||
|
|
||||||
ssh ${remote_host} "export RENEWED_LINEAGE=\"${remore_lineage}/\" RENEWED_DOMAINS=${RENEWED_DOMAINS}; find ${remote_dir}/hooks/ -mindepth 1 -maxdepth 1 -type f -executable -exec {} \;" \
|
|
||||||
|| error "Something went wrong on ${server} for deploy hooks"
|
|
||||||
done
|
|
||||||
else
|
|
||||||
error "Couldn't find required files in \`${RENEWED_LINEAGE}'"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
readonly PROGNAME=$(basename "$0")
|
|
||||||
readonly VERBOSE=${VERBOSE:-"0"}
|
|
||||||
readonly QUIET=${QUIET:-"0"}
|
|
||||||
|
|
||||||
readonly hooks_dir="/etc/letsencrypt/renewal-hooks/deploy"
|
|
||||||
readonly remote_dir="/root/cert_sync"
|
|
||||||
|
|
||||||
readonly servers=""
|
|
||||||
|
|
||||||
main
|
|
|
@ -31,7 +31,7 @@ if [ -z "$VENV_PATH" ]; then
|
||||||
fi
|
fi
|
||||||
VENV_BIN="$VENV_PATH/bin"
|
VENV_BIN="$VENV_PATH/bin"
|
||||||
BOOTSTRAP_VERSION_PATH="$VENV_PATH/certbot-auto-bootstrap-version.txt"
|
BOOTSTRAP_VERSION_PATH="$VENV_PATH/certbot-auto-bootstrap-version.txt"
|
||||||
LE_AUTO_VERSION="1.9.0"
|
LE_AUTO_VERSION="1.14.0"
|
||||||
BASENAME=$(basename $0)
|
BASENAME=$(basename $0)
|
||||||
USAGE="Usage: $BASENAME [OPTIONS]
|
USAGE="Usage: $BASENAME [OPTIONS]
|
||||||
A self-updating wrapper script for the Certbot ACME client. When run, updates
|
A self-updating wrapper script for the Certbot ACME client. When run, updates
|
||||||
|
@ -799,15 +799,15 @@ BootstrapMageiaCommon() {
|
||||||
# that function. If Bootstrap is set to a function that doesn't install any
|
# that function. If Bootstrap is set to a function that doesn't install any
|
||||||
# packages BOOTSTRAP_VERSION is not set.
|
# packages BOOTSTRAP_VERSION is not set.
|
||||||
if [ -f /etc/debian_version ]; then
|
if [ -f /etc/debian_version ]; then
|
||||||
Bootstrap() {
|
DEPRECATED_OS=1
|
||||||
BootstrapMessage "Debian-based OSes"
|
NO_SELF_UPGRADE=1
|
||||||
BootstrapDebCommon
|
|
||||||
}
|
|
||||||
BOOTSTRAP_VERSION="BootstrapDebCommon $BOOTSTRAP_DEB_COMMON_VERSION"
|
|
||||||
elif [ -f /etc/mageia-release ]; then
|
elif [ -f /etc/mageia-release ]; then
|
||||||
# Mageia has both /etc/mageia-release and /etc/redhat-release
|
# Mageia has both /etc/mageia-release and /etc/redhat-release
|
||||||
DEPRECATED_OS=1
|
DEPRECATED_OS=1
|
||||||
|
NO_SELF_UPGRADE=1
|
||||||
elif [ -f /etc/redhat-release ]; then
|
elif [ -f /etc/redhat-release ]; then
|
||||||
|
DEPRECATED_OS=1
|
||||||
|
NO_SELF_UPGRADE=1
|
||||||
# Run DeterminePythonVersion to decide on the basis of available Python versions
|
# Run DeterminePythonVersion to decide on the basis of available Python versions
|
||||||
# whether to use 2.x or 3.x on RedHat-like systems.
|
# whether to use 2.x or 3.x on RedHat-like systems.
|
||||||
# Then, revert LE_PYTHON to its previous state.
|
# Then, revert LE_PYTHON to its previous state.
|
||||||
|
@ -840,12 +840,7 @@ elif [ -f /etc/redhat-release ]; then
|
||||||
INTERACTIVE_BOOTSTRAP=1
|
INTERACTIVE_BOOTSTRAP=1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
Bootstrap() {
|
|
||||||
BootstrapMessage "Legacy RedHat-based OSes that will use Python3"
|
|
||||||
BootstrapRpmPython3Legacy
|
|
||||||
}
|
|
||||||
USE_PYTHON_3=1
|
USE_PYTHON_3=1
|
||||||
BOOTSTRAP_VERSION="BootstrapRpmPython3Legacy $BOOTSTRAP_RPM_PYTHON3_LEGACY_VERSION"
|
|
||||||
|
|
||||||
# Try now to enable SCL rh-python36 for systems already bootstrapped
|
# Try now to enable SCL rh-python36 for systems already bootstrapped
|
||||||
# NB: EnablePython36SCL has been defined along with BootstrapRpmPython3Legacy in certbot-auto
|
# NB: EnablePython36SCL has been defined along with BootstrapRpmPython3Legacy in certbot-auto
|
||||||
|
@ -864,43 +859,38 @@ elif [ -f /etc/redhat-release ]; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$RPM_USE_PYTHON_3" = 1 ]; then
|
if [ "$RPM_USE_PYTHON_3" = 1 ]; then
|
||||||
Bootstrap() {
|
|
||||||
BootstrapMessage "RedHat-based OSes that will use Python3"
|
|
||||||
BootstrapRpmPython3
|
|
||||||
}
|
|
||||||
USE_PYTHON_3=1
|
USE_PYTHON_3=1
|
||||||
BOOTSTRAP_VERSION="BootstrapRpmPython3 $BOOTSTRAP_RPM_PYTHON3_VERSION"
|
|
||||||
else
|
|
||||||
Bootstrap() {
|
|
||||||
BootstrapMessage "RedHat-based OSes"
|
|
||||||
BootstrapRpmCommon
|
|
||||||
}
|
|
||||||
BOOTSTRAP_VERSION="BootstrapRpmCommon $BOOTSTRAP_RPM_COMMON_VERSION"
|
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
LE_PYTHON="$prev_le_python"
|
LE_PYTHON="$prev_le_python"
|
||||||
elif [ -f /etc/os-release ] && `grep -q openSUSE /etc/os-release` ; then
|
elif [ -f /etc/os-release ] && `grep -q openSUSE /etc/os-release` ; then
|
||||||
DEPRECATED_OS=1
|
DEPRECATED_OS=1
|
||||||
|
NO_SELF_UPGRADE=1
|
||||||
elif [ -f /etc/arch-release ]; then
|
elif [ -f /etc/arch-release ]; then
|
||||||
DEPRECATED_OS=1
|
DEPRECATED_OS=1
|
||||||
|
NO_SELF_UPGRADE=1
|
||||||
elif [ -f /etc/manjaro-release ]; then
|
elif [ -f /etc/manjaro-release ]; then
|
||||||
DEPRECATED_OS=1
|
DEPRECATED_OS=1
|
||||||
|
NO_SELF_UPGRADE=1
|
||||||
elif [ -f /etc/gentoo-release ]; then
|
elif [ -f /etc/gentoo-release ]; then
|
||||||
DEPRECATED_OS=1
|
DEPRECATED_OS=1
|
||||||
|
NO_SELF_UPGRADE=1
|
||||||
elif uname | grep -iq FreeBSD ; then
|
elif uname | grep -iq FreeBSD ; then
|
||||||
DEPRECATED_OS=1
|
DEPRECATED_OS=1
|
||||||
|
NO_SELF_UPGRADE=1
|
||||||
elif uname | grep -iq Darwin ; then
|
elif uname | grep -iq Darwin ; then
|
||||||
DEPRECATED_OS=1
|
DEPRECATED_OS=1
|
||||||
|
NO_SELF_UPGRADE=1
|
||||||
elif [ -f /etc/issue ] && grep -iq "Amazon Linux" /etc/issue ; then
|
elif [ -f /etc/issue ] && grep -iq "Amazon Linux" /etc/issue ; then
|
||||||
Bootstrap() {
|
DEPRECATED_OS=1
|
||||||
ExperimentalBootstrap "Amazon Linux" BootstrapRpmCommon
|
NO_SELF_UPGRADE=1
|
||||||
}
|
|
||||||
BOOTSTRAP_VERSION="BootstrapRpmCommon $BOOTSTRAP_RPM_COMMON_VERSION"
|
|
||||||
elif [ -f /etc/product ] && grep -q "Joyent Instance" /etc/product ; then
|
elif [ -f /etc/product ] && grep -q "Joyent Instance" /etc/product ; then
|
||||||
DEPRECATED_OS=1
|
DEPRECATED_OS=1
|
||||||
|
NO_SELF_UPGRADE=1
|
||||||
else
|
else
|
||||||
DEPRECATED_OS=1
|
DEPRECATED_OS=1
|
||||||
|
NO_SELF_UPGRADE=1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# We handle this case after determining the normal bootstrap version to allow
|
# We handle this case after determining the normal bootstrap version to allow
|
||||||
|
@ -1122,15 +1112,17 @@ if [ "$1" = "--le-auto-phase2" ]; then
|
||||||
if [ "$DEPRECATED_OS" = 1 ]; then
|
if [ "$DEPRECATED_OS" = 1 ]; then
|
||||||
# Phase 2 damage control mode for deprecated OSes.
|
# Phase 2 damage control mode for deprecated OSes.
|
||||||
# In this situation, we bypass any bootstrap or certbot venv setup.
|
# In this situation, we bypass any bootstrap or certbot venv setup.
|
||||||
error "Your system is not supported by certbot-auto anymore."
|
# error "Your system is not supported by certbot-auto anymore."
|
||||||
|
|
||||||
if [ ! -d "$VENV_PATH" ] && OldVenvExists; then
|
if [ ! -d "$VENV_PATH" ] && OldVenvExists; then
|
||||||
VENV_BIN="$OLD_VENV_PATH/bin"
|
VENV_BIN="$OLD_VENV_PATH/bin"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -f "$VENV_BIN/letsencrypt" -a "$INSTALL_ONLY" != 1 ]; then
|
if [ -f "$VENV_BIN/letsencrypt" -a "$INSTALL_ONLY" != 1 ]; then
|
||||||
error "Certbot will no longer receive updates."
|
# error "certbot-auto and its Certbot installation will no longer receive updates."
|
||||||
error "Please visit https://certbot.eff.org/ to check for other alternatives."
|
# error "You will not receive any bug fixes including those fixing server compatibility"
|
||||||
|
# error "or security problems."
|
||||||
|
# error "Please visit https://certbot.eff.org/ to check for other alternatives."
|
||||||
"$VENV_BIN/letsencrypt" "$@"
|
"$VENV_BIN/letsencrypt" "$@"
|
||||||
exit 0
|
exit 0
|
||||||
else
|
else
|
||||||
|
@ -1497,18 +1489,18 @@ letsencrypt==0.7.0 \
|
||||||
--hash=sha256:105a5fb107e45bcd0722eb89696986dcf5f08a86a321d6aef25a0c7c63375ade \
|
--hash=sha256:105a5fb107e45bcd0722eb89696986dcf5f08a86a321d6aef25a0c7c63375ade \
|
||||||
--hash=sha256:c36e532c486a7e92155ee09da54b436a3c420813ec1c590b98f635d924720de9
|
--hash=sha256:c36e532c486a7e92155ee09da54b436a3c420813ec1c590b98f635d924720de9
|
||||||
|
|
||||||
certbot==1.9.0 \
|
certbot==1.14.0 \
|
||||||
--hash=sha256:d5a804d32e471050921f7b39ed9859e2e9de02824176ed78f57266222036b53a \
|
--hash=sha256:67b4d26ceaea6c7f8325d0d45169e7a165a2cabc7122c84bc971ba068ca19cca \
|
||||||
--hash=sha256:2ff9bf7d9af381c7efee22dec2dd6938d9d8fddcc9e11682b86e734164a30b57
|
--hash=sha256:959ea90c6bb8dca38eab9772722cb940972ef6afcd5f15deef08b3c3636841eb
|
||||||
acme==1.9.0 \
|
acme==1.14.0 \
|
||||||
--hash=sha256:d8061b396a22b21782c9b23ff9a945b23e50fca2573909a42f845e11d5658ac5 \
|
--hash=sha256:4f48c41261202f1a389ec2986b2580b58f53e0d5a1ae2463b34318d78b87fc66 \
|
||||||
--hash=sha256:38a1630c98e144136c62eec4d2c545a1bdb1a3cd4eca82214be6b83a1f5a161f
|
--hash=sha256:61daccfb0343628cbbca551a7fc4c82482113952c21db3fe0c585b7c98fa1c35
|
||||||
certbot-apache==1.9.0 \
|
certbot-apache==1.14.0 \
|
||||||
--hash=sha256:09528a820d57e54984d490100644cd8a6603db97bf5776f86e95795ecfacf23d \
|
--hash=sha256:b757038db23db707c44630fecb46e99172bd791f0db5a8e623c0842613c4d3d9 \
|
||||||
--hash=sha256:f47fb3f4a9bd927f4812121a0beefe56b163475a28f4db34c64dc838688d9e9e
|
--hash=sha256:887fe4a21af2de1e5c2c9428bacba6eb7c1219257bc70f1a1d8447c8a321adb0
|
||||||
certbot-nginx==1.9.0 \
|
certbot-nginx==1.14.0 \
|
||||||
--hash=sha256:bb2e3f7fe17f071f350a3efa48571b8ef40a8e4b6db9c6da72539206a20b70be \
|
--hash=sha256:8916a815437988d6c192df9f035bb7a176eab20eee0956677b335d0698d243fb \
|
||||||
--hash=sha256:ab26a4f49d53b0e8bf0f903e58e2a840cda233fe1cbbc54c36ff17f973e57d65
|
--hash=sha256:cc2a8a0de56d9bb6b2efbda6c80c647dad8db2bb90675cac03ade94bd5fc8597
|
||||||
|
|
||||||
UNLIKELY_EOF
|
UNLIKELY_EOF
|
||||||
# -------------------------------------------------------------------------
|
# -------------------------------------------------------------------------
|
||||||
|
|
|
@ -8,6 +8,7 @@
|
||||||
- include_role:
|
- include_role:
|
||||||
name: evolix/remount-usr
|
name: evolix/remount-usr
|
||||||
|
|
||||||
|
# copied and customized from https://raw.githubusercontent.com/certbot/certbot/v1.14.0/letsencrypt-auto
|
||||||
- name: Let's Encrypt script is present
|
- name: Let's Encrypt script is present
|
||||||
copy:
|
copy:
|
||||||
src: letsencrypt-auto
|
src: letsencrypt-auto
|
||||||
|
@ -48,12 +49,12 @@
|
||||||
src: cron_jessie
|
src: cron_jessie
|
||||||
dest: /etc/cron.d/certbot
|
dest: /etc/cron.d/certbot
|
||||||
force: yes
|
force: yes
|
||||||
when: certbot_custom_crontab
|
when: certbot_custom_crontab | bool
|
||||||
|
|
||||||
- name: disable self-upgrade
|
- name: disable self-upgrade
|
||||||
ini_file:
|
ini_file:
|
||||||
dest: "/etc/letsencrypt/cli.ini"
|
dest: "/etc/letsencrypt/cli.ini"
|
||||||
section: null
|
section: null
|
||||||
option: "no-self-upgrade"
|
option: "no-self-upgrade"
|
||||||
value: 0
|
value: "no"
|
||||||
state: present
|
state: present
|
||||||
|
|
|
@ -7,33 +7,50 @@
|
||||||
- ansible_distribution_major_version is version('8', '>=')
|
- ansible_distribution_major_version is version('8', '>=')
|
||||||
msg: only compatible with Debian 9+
|
msg: only compatible with Debian 9+
|
||||||
|
|
||||||
- name: Install legacy script on Debian 8 and 9
|
- name: Install legacy script on Debian 8
|
||||||
include: install-legacy.yml
|
include: install-legacy.yml
|
||||||
when:
|
when:
|
||||||
- ansible_distribution == "Debian"
|
- ansible_distribution == "Debian"
|
||||||
- ansible_distribution_major_version is version('10', '<')
|
- ansible_distribution_major_version is version('9', '<')
|
||||||
|
|
||||||
- name: Install package on Debian 10+
|
- name: Install package on Debian 9+
|
||||||
include: install-package.yml
|
include: install-package.yml
|
||||||
when:
|
when:
|
||||||
- ansible_distribution == "Debian"
|
- ansible_distribution == "Debian"
|
||||||
- ansible_distribution_major_version is version('10', '>=')
|
- ansible_distribution_major_version is version('9', '>=')
|
||||||
|
|
||||||
- include: acme-challenge.yml
|
- include: acme-challenge.yml
|
||||||
|
|
||||||
- name: Deploy hooks are present
|
- name: Deploy hooks are present
|
||||||
copy:
|
copy:
|
||||||
src: hooks/
|
src: hooks/deploy/
|
||||||
dest: /etc/letsencrypt/renewal-hooks/deploy/
|
dest: /etc/letsencrypt/renewal-hooks/deploy/
|
||||||
mode: "0700"
|
mode: "0700"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
|
|
||||||
- name: Move commit-etc.sh to z-commit-etc.sh if present
|
- name: Manual deploy hook is present
|
||||||
|
copy:
|
||||||
|
src: hooks/manual-deploy.sh
|
||||||
|
dest: /etc/letsencrypt/renewal-hooks/manual-deploy.sh
|
||||||
|
mode: "0700"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
|
||||||
|
- name: "sync_remote is configured with servers"
|
||||||
|
lineinfile:
|
||||||
|
dest: /etc/letsencrypt/renewal-hooks/deploy/sync_remote.cf
|
||||||
|
regexp: "^servers="
|
||||||
|
line: "servers=\"{{ certbot_hooks_sync_remote_servers | join(' ') }}\""
|
||||||
|
create: yes
|
||||||
|
|
||||||
|
# begining of backward compatibility tasks
|
||||||
|
- name: Move deploy/commit-etc.sh to deploy/z-commit-etc.sh if present
|
||||||
command: "mv /etc/letsencrypt/renewal-hooks/deploy/commit-etc.sh /etc/letsencrypt/renewal-hooks/deploy/z-commit-etc.sh"
|
command: "mv /etc/letsencrypt/renewal-hooks/deploy/commit-etc.sh /etc/letsencrypt/renewal-hooks/deploy/z-commit-etc.sh"
|
||||||
args:
|
args:
|
||||||
removes: /etc/letsencrypt/renewal-hooks/deploy/commit-etc.sh
|
removes: /etc/letsencrypt/renewal-hooks/deploy/commit-etc.sh
|
||||||
creates: /etc/letsencrypt/renewal-hooks/deploy/z-commit-etc.sh
|
creates: /etc/letsencrypt/renewal-hooks/deploy/z-commit-etc.sh
|
||||||
|
# end of backward compatibility tasks
|
||||||
|
|
||||||
- name: "certbot lock is ignored by Git"
|
- name: "certbot lock is ignored by Git"
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
|
|
@ -5,49 +5,49 @@
|
||||||
question: "{{ item.key }}"
|
question: "{{ item.key }}"
|
||||||
value: "{{ item.value }}"
|
value: "{{ item.value }}"
|
||||||
vtype: "{{ item.type }}"
|
vtype: "{{ item.type }}"
|
||||||
with_items:
|
loop:
|
||||||
- { key: 'clamav-daemon/debconf', type: 'boolean', value: 'true' }
|
- { key: 'clamav-daemon/debconf', type: 'boolean', value: 'true' }
|
||||||
- { key: 'clamav-daemon/MaxHTMLNormalize', type: 'string', value: '10M' }
|
- { key: 'clamav-daemon/MaxHTMLNormalize', type: 'string', value: '10M' }
|
||||||
- { key: 'clamav-daemon/StatsPEDisabled', type: 'boolean', value: 'true' }
|
- { key: 'clamav-daemon/StatsPEDisabled', type: 'boolean', value: 'true' }
|
||||||
- { key: 'clamav-daemon/FollowDirectorySymlinks', type: 'boolean', value: 'false' }
|
- { key: 'clamav-daemon/FollowDirectorySymlinks', type: 'boolean', value: 'false' }
|
||||||
- { key: 'clamav-daemon/StreamMaxLength', type: 'string', value: '25' }
|
- { key: 'clamav-daemon/StreamMaxLength', type: 'string', value: '25' }
|
||||||
- { key: 'clamav-daemon/ReadTimeout', type: 'string', value: '180' }
|
- { key: 'clamav-daemon/ReadTimeout', type: 'string', value: '180' }
|
||||||
- { key: 'clamav-daemon/StatsEnabled', type: 'boolean', value: 'false' }
|
- { key: 'clamav-daemon/StatsEnabled', type: 'boolean', value: 'false' }
|
||||||
- { key: 'clamav-daemon/MaxConnectionQueueLength', type: 'string', value: '15' }
|
- { key: 'clamav-daemon/MaxConnectionQueueLength', type: 'string', value: '15' }
|
||||||
- { key: 'clamav-daemon/LogRotate', type: 'boolean', value: 'true' }
|
- { key: 'clamav-daemon/LogRotate', type: 'boolean', value: 'true' }
|
||||||
- { key: 'clamav-daemon/AllowAllMatchScan', type: 'boolean', value: 'true' }
|
- { key: 'clamav-daemon/AllowAllMatchScan', type: 'boolean', value: 'true' }
|
||||||
- { key: 'clamav-daemon/ScanOnAccess', type: 'boolean', value: 'false' }
|
- { key: 'clamav-daemon/ScanOnAccess', type: 'boolean', value: 'false' }
|
||||||
- { key: 'clamav-daemon/LogFile', type: 'string', value: '/var/log/clamav/clamav.log' }
|
- { key: 'clamav-daemon/LogFile', type: 'string', value: '/var/log/clamav/clamav.log' }
|
||||||
- { key: 'clamav-daemon/ScanMail', type: 'boolean', value: 'true' }
|
- { key: 'clamav-daemon/ScanMail', type: 'boolean', value: 'true' }
|
||||||
- { key: 'clamav-daemon/BytecodeTimeout', type: 'string', value: '60000' }
|
- { key: 'clamav-daemon/BytecodeTimeout', type: 'string', value: '60000' }
|
||||||
- { key: 'clamav-daemon/LogTime', type: 'boolean', value: 'true' }
|
- { key: 'clamav-daemon/LogTime', type: 'boolean', value: 'true' }
|
||||||
- { key: 'clamav-daemon/OnAccessMaxFileSize', type: 'string', value: '5M' }
|
- { key: 'clamav-daemon/OnAccessMaxFileSize', type: 'string', value: '5M' }
|
||||||
- { key: 'clamav-daemon/TcpOrLocal', type: 'select', value: 'UNIX' }
|
- { key: 'clamav-daemon/TcpOrLocal', type: 'select', value: 'UNIX' }
|
||||||
- { key: 'clamav-daemon/MaxEmbeddedPE', type: 'string', value: '10M' }
|
- { key: 'clamav-daemon/MaxEmbeddedPE', type: 'string', value: '10M' }
|
||||||
- { key: 'clamav-daemon/FixStaleSocket', type: 'boolean', value: 'true' }
|
- { key: 'clamav-daemon/FixStaleSocket', type: 'boolean', value: 'true' }
|
||||||
- { key: 'clamav-daemon/User', type: 'string', value: 'clamav' }
|
- { key: 'clamav-daemon/User', type: 'string', value: 'clamav' }
|
||||||
- { key: 'clamav-daemon/BytecodeSecurity', type: 'select', value: 'TrustSigned' }
|
- { key: 'clamav-daemon/BytecodeSecurity', type: 'select', value: 'TrustSigned' }
|
||||||
- { key: 'clamav-daemon/ScanSWF', type: 'boolean', value: 'true' }
|
- { key: 'clamav-daemon/ScanSWF', type: 'boolean', value: 'true' }
|
||||||
- { key: 'clamav-daemon/MaxDirectoryRecursion', type: 'string', value: '0' }
|
- { key: 'clamav-daemon/MaxDirectoryRecursion', type: 'string', value: '0' }
|
||||||
- { key: 'clamav-daemon/MaxThreads', type: 'string', value: '12' }
|
- { key: 'clamav-daemon/MaxThreads', type: 'string', value: '12' }
|
||||||
- { key: 'clamav-daemon/LocalSocketGroup', type: 'string', value: 'clamav' }
|
- { key: 'clamav-daemon/LocalSocketGroup', type: 'string', value: 'clamav' }
|
||||||
- { key: 'clamav-daemon/MaxScriptNormalize', type: 'string', value: '5M' }
|
- { key: 'clamav-daemon/MaxScriptNormalize', type: 'string', value: '5M' }
|
||||||
- { key: 'clamav-daemon/ForceToDisk', type: 'boolean', value: 'false' }
|
- { key: 'clamav-daemon/ForceToDisk', type: 'boolean', value: 'false' }
|
||||||
- { key: 'clamav-daemon/StatsHostID', type: 'string', value: 'auto' }
|
- { key: 'clamav-daemon/StatsHostID', type: 'string', value: 'auto' }
|
||||||
- { key: 'clamav-daemon/FollowFileSymlinks', type: 'boolean', value: 'false' }
|
- { key: 'clamav-daemon/FollowFileSymlinks', type: 'boolean', value: 'false' }
|
||||||
- { key: 'clamav-daemon/TCPSocket', type: 'string', value: '3310' }
|
- { key: 'clamav-daemon/TCPSocket', type: 'string', value: '3310' }
|
||||||
- { key: 'clamav-daemon/TCPAddr', type: 'string', value: 'any' }
|
- { key: 'clamav-daemon/TCPAddr', type: 'string', value: 'any' }
|
||||||
- { key: 'clamav-daemon/DisableCertCheck', type: 'boolean', value: 'false' }
|
- { key: 'clamav-daemon/DisableCertCheck', type: 'boolean', value: 'false' }
|
||||||
- { key: 'clamav-daemon/SelfCheck', type: 'string', value: '3600' }
|
- { key: 'clamav-daemon/SelfCheck', type: 'string', value: '3600' }
|
||||||
- { key: 'clamav-daemon/LocalSocket', type: 'string', value: '/var/run/clamav/clamd.ctl' }
|
- { key: 'clamav-daemon/LocalSocket', type: 'string', value: '/var/run/clamav/clamd.ctl' }
|
||||||
- { key: 'clamav-daemon/LocalSocketMode', type: 'string', value: '666' }
|
- { key: 'clamav-daemon/LocalSocketMode', type: 'string', value: '666' }
|
||||||
- { key: 'clamav-daemon/StatsTimeout', type: 'string', value: '10' }
|
- { key: 'clamav-daemon/StatsTimeout', type: 'string', value: '10' }
|
||||||
- { key: 'clamav-daemon/MaxZipTypeRcg', type: 'string', value: '1M' }
|
- { key: 'clamav-daemon/MaxZipTypeRcg', type: 'string', value: '1M' }
|
||||||
- { key: 'clamav-daemon/MaxHTMLNoTags', type: 'string', value: '2M' }
|
- { key: 'clamav-daemon/MaxHTMLNoTags', type: 'string', value: '2M' }
|
||||||
- { key: 'clamav-daemon/LogSyslog', type: 'boolean', value: 'false' }
|
- { key: 'clamav-daemon/LogSyslog', type: 'boolean', value: 'false' }
|
||||||
- { key: 'clamav-daemon/AddGroups', type: 'string', value: '' }
|
- { key: 'clamav-daemon/AddGroups', type: 'string', value: '' }
|
||||||
- { key: 'clamav-daemon/Bytecode', type: 'boolean', value: 'true' }
|
- { key: 'clamav-daemon/Bytecode', type: 'boolean', value: 'true' }
|
||||||
- { key: 'clamav-daemon/ScanArchive', type: 'boolean', value: 'true' }
|
- { key: 'clamav-daemon/ScanArchive', type: 'boolean', value: 'true' }
|
||||||
tags:
|
tags:
|
||||||
- clamav
|
- clamav
|
||||||
|
|
||||||
|
@ -57,18 +57,18 @@
|
||||||
question: "{{ item.key }}"
|
question: "{{ item.key }}"
|
||||||
value: "{{ item.value }}"
|
value: "{{ item.value }}"
|
||||||
vtype: "{{ item.type }}"
|
vtype: "{{ item.type }}"
|
||||||
with_items:
|
loop:
|
||||||
- { key: 'clamav-freshclam/autoupdate_freshclam', type: 'select', value: 'daemon' }
|
- { key: 'clamav-freshclam/autoupdate_freshclam', type: 'select', value: 'daemon' }
|
||||||
- { key: 'clamav-freshclam/proxy_user', type: 'string', value: '' }
|
- { key: 'clamav-freshclam/proxy_user', type: 'string', value: '' }
|
||||||
- { key: 'clamav-freshclam/NotifyClamd', type: 'boolean', value: 'true' }
|
- { key: 'clamav-freshclam/NotifyClamd', type: 'boolean', value: 'true' }
|
||||||
- { key: 'clamav-freshclam/local_mirror', type: 'select', value: 'db.fr.clamav.net' }
|
- { key: 'clamav-freshclam/local_mirror', type: 'select', value: 'db.fr.clamav.net' }
|
||||||
- { key: 'clamav-freshclam/http_proxy', type: 'string', value: '' }
|
- { key: 'clamav-freshclam/http_proxy', type: 'string', value: '' }
|
||||||
- { key: 'clamav-freshclam/LogRotate', type: 'boolean', value: 'true' }
|
- { key: 'clamav-freshclam/LogRotate', type: 'boolean', value: 'true' }
|
||||||
- { key: 'clamav-freshclam/Bytecode', type: 'boolean', value: 'true' }
|
- { key: 'clamav-freshclam/Bytecode', type: 'boolean', value: 'true' }
|
||||||
- { key: 'clamav-freshclam/update_interval', type: 'string', value: '24' }
|
- { key: 'clamav-freshclam/update_interval', type: 'string', value: '24' }
|
||||||
- { key: 'clamav-freshclam/SafeBrowsing', type: 'boolean', value: 'false' }
|
- { key: 'clamav-freshclam/SafeBrowsing', type: 'boolean', value: 'false' }
|
||||||
- { key: 'clamav-freshclam/PrivateMirror', type: 'string', value: '' }
|
- { key: 'clamav-freshclam/PrivateMirror', type: 'string', value: '' }
|
||||||
- { key: 'clamav-freshclam/internet_interface', type: 'string', value: '' }
|
- { key: 'clamav-freshclam/internet_interface', type: 'string', value: '' }
|
||||||
tags:
|
tags:
|
||||||
- clamav
|
- clamav
|
||||||
|
|
||||||
|
|
|
@ -1,17 +1,23 @@
|
||||||
galaxy_info:
|
galaxy_info:
|
||||||
author: Evolix
|
company: Evolix
|
||||||
description: Installation and basic configuration of isc-dhcp-server.
|
description: Installation and basic configuration of isc-dhcp-server.
|
||||||
|
|
||||||
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
|
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
|
||||||
|
|
||||||
license: GPLv2
|
license: GPLv2
|
||||||
|
|
||||||
min_ansible_version: 2.2
|
min_ansible_version: "2.2"
|
||||||
|
|
||||||
platforms:
|
platforms:
|
||||||
- name: Debian
|
- name: Debian
|
||||||
versions:
|
versions:
|
||||||
- jessie
|
- jessie
|
||||||
|
- stretch
|
||||||
|
- buster
|
||||||
|
|
||||||
|
galaxy_tags: []
|
||||||
|
# Be sure to remove the '[]' above if you add dependencies
|
||||||
|
# to this list.
|
||||||
|
|
||||||
dependencies: []
|
dependencies: []
|
||||||
# List your role dependencies here, one per line.
|
# List your role dependencies here, one per line.
|
||||||
|
|
|
@ -28,17 +28,34 @@
|
||||||
when: ansible_distribution_release == 'jessie'
|
when: ansible_distribution_release == 'jessie'
|
||||||
|
|
||||||
- name: Add Docker's official GPG key
|
- name: Add Docker's official GPG key
|
||||||
apt_key:
|
copy:
|
||||||
#url: https://download.docker.com/linux/debian/gpg
|
src: docker-debian.asc
|
||||||
data: "{{ lookup('file', 'docker-debian.gpg') }}"
|
dest: /etc/apt/trusted.gpg.d/docker-debian.asc
|
||||||
|
force: yes
|
||||||
|
mode: "0644"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
|
||||||
- name: Install docker and python-docker
|
- name: Install Docker
|
||||||
apt:
|
apt:
|
||||||
name:
|
name:
|
||||||
- docker-ce
|
- docker-ce
|
||||||
- python-docker
|
- docker-ce-cli
|
||||||
|
- containerd.io
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
|
|
||||||
|
- name: python-docker is installed
|
||||||
|
apt:
|
||||||
|
name: python-docker
|
||||||
|
state: present
|
||||||
|
when: ansible_python_version is version('3', '<')
|
||||||
|
|
||||||
|
- name: python3-docker is installed
|
||||||
|
apt:
|
||||||
|
name: python3-docker
|
||||||
|
state: present
|
||||||
|
when: ansible_python_version is version('3', '>=')
|
||||||
|
|
||||||
- name: Copy Docker daemon configuration file
|
- name: Copy Docker daemon configuration file
|
||||||
template:
|
template:
|
||||||
src: daemon.json.j2
|
src: daemon.json.j2
|
||||||
|
@ -71,17 +88,17 @@
|
||||||
state: directory
|
state: directory
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
owner: root
|
owner: root
|
||||||
when: docker_tls_enabled
|
when: docker_tls_enabled | bool
|
||||||
|
|
||||||
- name: Copy shellpki utility to Docker TLS directory
|
- name: Copy shellpki utility to Docker TLS directory
|
||||||
template:
|
template:
|
||||||
src: "{{ item }}.j2"
|
src: "{{ item }}.j2"
|
||||||
dest: "{{ docker_tls_path }}/{{ item }}"
|
dest: "{{ docker_tls_path }}/{{ item }}"
|
||||||
mode: "0744"
|
mode: "0744"
|
||||||
with_items:
|
loop:
|
||||||
- shellpki.sh
|
- shellpki.sh
|
||||||
- openssl.cnf
|
- openssl.cnf
|
||||||
when: docker_tls_enabled
|
when: docker_tls_enabled | bool
|
||||||
|
|
||||||
- name: Check if certs are already created
|
- name: Check if certs are already created
|
||||||
stat:
|
stat:
|
||||||
|
@ -90,4 +107,6 @@
|
||||||
|
|
||||||
- name: Creating a CA, server key
|
- name: Creating a CA, server key
|
||||||
command: "{{ docker_tls_path }}/shellpki.sh init"
|
command: "{{ docker_tls_path }}/shellpki.sh init"
|
||||||
when: docker_tls_enabled and not tls_certs_stat.stat.isdir is defined
|
when:
|
||||||
|
- docker_tls_enabled | bool
|
||||||
|
- not tls_certs_stat.stat.isdir
|
||||||
|
|
|
@ -10,6 +10,11 @@
|
||||||
tags:
|
tags:
|
||||||
- dovecot
|
- dovecot
|
||||||
|
|
||||||
|
- name: Generate 4096 bits Diffie-Hellman parameters (may take several minutes)
|
||||||
|
openssl_dhparam:
|
||||||
|
path: /etc/ssl/dhparams.pem
|
||||||
|
size: 4096
|
||||||
|
|
||||||
- name: disable pam auth
|
- name: disable pam auth
|
||||||
replace:
|
replace:
|
||||||
dest: /etc/dovecot/conf.d/10-auth.conf
|
dest: /etc/dovecot/conf.d/10-auth.conf
|
||||||
|
@ -24,7 +29,7 @@
|
||||||
line: "{{ item.key }} = {{ item.value }}"
|
line: "{{ item.key }} = {{ item.value }}"
|
||||||
regexp: "^#*{{ item.key }}"
|
regexp: "^#*{{ item.key }}"
|
||||||
state: present
|
state: present
|
||||||
with_items:
|
loop:
|
||||||
- { key: 'hosts', value: '127.0.0.1' }
|
- { key: 'hosts', value: '127.0.0.1' }
|
||||||
- { key: 'auth_bind', value: 'yes' }
|
- { key: 'auth_bind', value: 'yes' }
|
||||||
- { key: 'ldap_version', value: 3 }
|
- { key: 'ldap_version', value: 3 }
|
||||||
|
@ -64,6 +69,15 @@
|
||||||
tags:
|
tags:
|
||||||
- dovecot
|
- dovecot
|
||||||
|
|
||||||
|
- name: deploy file for custom configuration
|
||||||
|
template:
|
||||||
|
src: zzz-evolinux-custom.conf.j2
|
||||||
|
dest: /etc/dovecot/conf.d/zzz-evolinux-custom.conf
|
||||||
|
mode: "0644"
|
||||||
|
notify: reload dovecot
|
||||||
|
tags:
|
||||||
|
- dovecot
|
||||||
|
|
||||||
- include: munin.yml
|
- include: munin.yml
|
||||||
tags:
|
tags:
|
||||||
- dovecot
|
- dovecot
|
||||||
|
|
|
@ -35,12 +35,27 @@ service login {
|
||||||
}
|
}
|
||||||
mail_max_userip_connections = 42
|
mail_max_userip_connections = 42
|
||||||
|
|
||||||
|
# Configuration pour stats dovecot
|
||||||
|
service stats {
|
||||||
|
unix_listener stats-reader {
|
||||||
|
user = vmail
|
||||||
|
group = vmail
|
||||||
|
mode = 0660
|
||||||
|
}
|
||||||
|
|
||||||
|
unix_listener stats-writer {
|
||||||
|
user = vmail
|
||||||
|
group = vmail
|
||||||
|
mode = 0660
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
# SSL/TLS
|
# SSL/TLS
|
||||||
ssl = yes
|
ssl = yes
|
||||||
ssl_prefer_server_ciphers = yes
|
ssl_prefer_server_ciphers = yes
|
||||||
ssl_dh_parameters_length = 2048
|
ssl_dh=</etc/ssl/dhparams.pem
|
||||||
ssl_options = no_compression no_ticket
|
ssl_options = no_compression no_ticket
|
||||||
ssl_protocols = !TLSv1 !TLSv1.1
|
ssl_min_protocol = TLSv1.2
|
||||||
ssl_cipher_list = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
|
ssl_cipher_list = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
|
||||||
ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem
|
ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem
|
||||||
ssl_key = </etc/ssl/private/ssl-cert-snakeoil.key
|
ssl_key = </etc/ssl/private/ssl-cert-snakeoil.key
|
||||||
|
|
1
dovecot/templates/zzz-evolinux-custom.conf.j2
Normal file
1
dovecot/templates/zzz-evolinux-custom.conf.j2
Normal file
|
@ -0,0 +1 @@
|
||||||
|
## Put your customized configuration here, verify configuration with "doveconf -n" and /var/log/mail.log
|
|
@ -1,17 +1,23 @@
|
||||||
galaxy_info:
|
galaxy_info:
|
||||||
author: Evolix
|
company: Evolix
|
||||||
description: Install tools to setup DRBD replication accross servers.
|
description: Install tools to setup DRBD replication accross servers.
|
||||||
|
|
||||||
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
|
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
|
||||||
|
|
||||||
license: GPLv2
|
license: GPLv2
|
||||||
|
|
||||||
min_ansible_version: 2.2
|
min_ansible_version: "2.2"
|
||||||
|
|
||||||
platforms:
|
platforms:
|
||||||
- name: Debian
|
- name: Debian
|
||||||
versions:
|
versions:
|
||||||
- jessie
|
- jessie
|
||||||
|
- stretch
|
||||||
|
- buster
|
||||||
|
|
||||||
|
galaxy_tags: []
|
||||||
|
# Be sure to remove the '[]' above if you add dependencies
|
||||||
|
# to this list.
|
||||||
|
|
||||||
dependencies: []
|
dependencies: []
|
||||||
# List your role dependencies here, one per line.
|
# List your role dependencies here, one per line.
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
elastic_stack_version: "6.x"
|
elastic_stack_version: "7.x"
|
||||||
|
|
||||||
elasticsearch_cluster_name: Null
|
elasticsearch_cluster_name: Null
|
||||||
elasticsearch_cluster_members: Null
|
elasticsearch_cluster_members: Null
|
||||||
|
|
BIN
elasticsearch/files/elastic.gpg
Normal file
BIN
elasticsearch/files/elastic.gpg
Normal file
Binary file not shown.
|
@ -1,20 +1,20 @@
|
||||||
---
|
---
|
||||||
galaxy_info:
|
galaxy_info:
|
||||||
author: Evolix
|
company: Evolix
|
||||||
description: Install Elasticsearch
|
description: Install Elasticsearch
|
||||||
|
|
||||||
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
|
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
|
||||||
|
|
||||||
license: GPLv2
|
license: GPLv2
|
||||||
|
|
||||||
min_ansible_version: 2.2
|
min_ansible_version: "2.2"
|
||||||
|
|
||||||
platforms:
|
platforms:
|
||||||
- name: Debian
|
- name: Debian
|
||||||
versions:
|
versions:
|
||||||
- jessie
|
- jessie
|
||||||
- stretch
|
- stretch
|
||||||
- buster
|
- buster
|
||||||
|
|
||||||
galaxy_tags: []
|
galaxy_tags: []
|
||||||
# List tags for your role here, one per line. A tag is
|
# List tags for your role here, one per line. A tag is
|
||||||
|
@ -24,6 +24,3 @@ galaxy_info:
|
||||||
#
|
#
|
||||||
# NOTE: A tag is limited to a single word comprised of
|
# NOTE: A tag is limited to a single word comprised of
|
||||||
# alphanumeric characters. Maximum 20 tags per role.
|
# alphanumeric characters. Maximum 20 tags per role.
|
||||||
|
|
||||||
dependencies:
|
|
||||||
- { role: evolix/java, alternative: 'openjdk' }
|
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
line: "cluster.name: {{ elasticsearch_cluster_name }}"
|
line: "cluster.name: {{ elasticsearch_cluster_name }}"
|
||||||
regexp: "^cluster.name:"
|
regexp: "^cluster.name:"
|
||||||
insertafter: "^# *cluster.name:"
|
insertafter: "^# *cluster.name:"
|
||||||
when: elasticsearch_cluster_name|default("", True)
|
when: elasticsearch_cluster_name | default("", True) | length > 0
|
||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
|
|
||||||
|
@ -25,7 +25,7 @@
|
||||||
line: "network.host: {{ elasticsearch_network_host }}"
|
line: "network.host: {{ elasticsearch_network_host }}"
|
||||||
regexp: "^network.host:"
|
regexp: "^network.host:"
|
||||||
insertafter: "^# *network.host:"
|
insertafter: "^# *network.host:"
|
||||||
when: elasticsearch_network_host|default("", True)
|
when: elasticsearch_network_host | default("", True) | length > 0
|
||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
|
|
||||||
|
@ -35,7 +35,7 @@
|
||||||
line: "network.publish_host: {{ elasticsearch_network_publish_host }}"
|
line: "network.publish_host: {{ elasticsearch_network_publish_host }}"
|
||||||
regexp: "^network.publish_host:"
|
regexp: "^network.publish_host:"
|
||||||
insertafter: "^network.host:"
|
insertafter: "^network.host:"
|
||||||
when: elasticsearch_network_publish_host|default("", True)
|
when: elasticsearch_network_publish_host | default("", True) | length > 0
|
||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
|
|
||||||
|
@ -45,25 +45,43 @@
|
||||||
line: "http.publish_host: {{ elasticsearch_http_publish_host }}"
|
line: "http.publish_host: {{ elasticsearch_http_publish_host }}"
|
||||||
regexp: "^http.publish_host:"
|
regexp: "^http.publish_host:"
|
||||||
insertafter: "^http.port:"
|
insertafter: "^http.port:"
|
||||||
when: elasticsearch_http_publish_host|default("", True)
|
when: elasticsearch_http_publish_host | default("", True) | length > 0
|
||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
|
|
||||||
- name: Configure discovery seed hosts
|
- name: Configure discovery seed hosts
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: /etc/elasticsearch/elasticsearch.yml
|
dest: /etc/elasticsearch/elasticsearch.yml
|
||||||
line: "discovery.seed_hosts: {{ elasticsearch_discovery_seed_hosts | to_yaml }}"
|
line: "discovery.seed_hosts: {{ elasticsearch_discovery_seed_hosts | to_yaml(default_flow_style=True) }}"
|
||||||
regexp: "^discovery.seed_hosts:"
|
regexp: "^discovery.seed_hosts:"
|
||||||
when: elasticsearch_discovery_seed_hosts
|
when: elasticsearch_discovery_seed_hosts | default([], True) | length > 0
|
||||||
|
tags:
|
||||||
|
- config
|
||||||
|
|
||||||
|
- name: Configure empty discovery seed hosts
|
||||||
|
lineinfile:
|
||||||
|
dest: /etc/elasticsearch/elasticsearch.yml
|
||||||
|
regexp: "^discovery.seed_hosts:"
|
||||||
|
state: absent
|
||||||
|
when: elasticsearch_discovery_seed_hosts | default([], True) | length <= 0
|
||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
|
|
||||||
- name: Configure initial master nodes
|
- name: Configure initial master nodes
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: /etc/elasticsearch/elasticsearch.yml
|
dest: /etc/elasticsearch/elasticsearch.yml
|
||||||
line: "cluster.initial_master_nodes: {{ elasticsearch_cluster_initial_master_nodes | to_yaml }}"
|
line: "cluster.initial_master_nodes: {{ elasticsearch_cluster_initial_master_nodes | to_yaml(default_flow_style=True) }}"
|
||||||
regexp: "^cluster.initial_master_nodes:"
|
regexp: "^cluster.initial_master_nodes:"
|
||||||
when: elasticsearch_cluster_initial_master_nodes
|
when: elasticsearch_cluster_initial_master_nodes | default([], True) | length > 0
|
||||||
|
tags:
|
||||||
|
- config
|
||||||
|
|
||||||
|
- name: Configure empty initial master nodes
|
||||||
|
lineinfile:
|
||||||
|
dest: /etc/elasticsearch/elasticsearch.yml
|
||||||
|
regexp: "^cluster.initial_master_nodes:"
|
||||||
|
state: absent
|
||||||
|
when: elasticsearch_cluster_initial_master_nodes | default([], True) | length <= 0
|
||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
|
|
||||||
|
@ -78,17 +96,25 @@
|
||||||
|
|
||||||
- name: JVM Heap size (min) is set
|
- name: JVM Heap size (min) is set
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: /etc/elasticsearch/jvm.options
|
dest: /etc/elasticsearch/jvm.options.d/evolinux.options
|
||||||
regexp: "^-Xms"
|
regexp: "^-Xms"
|
||||||
line: "-Xms{{ elasticsearch_jvm_xms }}"
|
line: "-Xms{{ elasticsearch_jvm_xms }}"
|
||||||
|
create: yes
|
||||||
|
owner: root
|
||||||
|
group: elasticsearch
|
||||||
|
mode: 0640
|
||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
|
|
||||||
- name: JVM Heap size (max) is set
|
- name: JVM Heap size (max) is set
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: /etc/elasticsearch/jvm.options
|
dest: /etc/elasticsearch/jvm.options.d/evolinux.options
|
||||||
regexp: "^-Xmx"
|
regexp: "^-Xmx"
|
||||||
line: "-Xmx{{ elasticsearch_jvm_xmx }}"
|
line: "-Xmx{{ elasticsearch_jvm_xmx }}"
|
||||||
|
create: yes
|
||||||
|
owner: root
|
||||||
|
group: elasticsearch
|
||||||
|
mode: 0640
|
||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
|
|
||||||
|
@ -98,7 +124,7 @@
|
||||||
line: "discovery.zen.ping.unicast.hosts: {{ elasticsearch_cluster_members }}"
|
line: "discovery.zen.ping.unicast.hosts: {{ elasticsearch_cluster_members }}"
|
||||||
regexp: "^discovery.zen.ping.unicast.hosts:"
|
regexp: "^discovery.zen.ping.unicast.hosts:"
|
||||||
insertafter: "^#discovery.zen.ping.unicast.hosts"
|
insertafter: "^#discovery.zen.ping.unicast.hosts"
|
||||||
when: elasticsearch_cluster_members|default("", True)
|
when: elasticsearch_cluster_members | default("", True) | length > 0
|
||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
|
|
||||||
|
@ -108,6 +134,6 @@
|
||||||
line: "discovery.zen.minimum_master_nodes: {{ elasticsearch_minimum_master_nodes }}"
|
line: "discovery.zen.minimum_master_nodes: {{ elasticsearch_minimum_master_nodes }}"
|
||||||
regexp: "^discovery.zen.minimum_master_nodes:"
|
regexp: "^discovery.zen.minimum_master_nodes:"
|
||||||
insertafter: "^#discovery.zen.minimum_master_nodes"
|
insertafter: "^#discovery.zen.minimum_master_nodes"
|
||||||
when: elasticsearch_minimum_master_nodes|default("", True)
|
when: elasticsearch_minimum_master_nodes | default("", True) | length > 0
|
||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
|
|
|
@ -16,8 +16,8 @@
|
||||||
tags:
|
tags:
|
||||||
- elasticsearch
|
- elasticsearch
|
||||||
when:
|
when:
|
||||||
- elasticsearch_custom_datadir != ''
|
- elasticsearch_custom_datadir is not none
|
||||||
- elasticsearch_custom_datadir != None
|
- elasticsearch_custom_datadir | length > 0
|
||||||
|
|
||||||
- name: Datadir is moved to custom path
|
- name: Datadir is moved to custom path
|
||||||
block:
|
block:
|
||||||
|
@ -44,7 +44,7 @@
|
||||||
tags:
|
tags:
|
||||||
- elasticsearch
|
- elasticsearch
|
||||||
when:
|
when:
|
||||||
- elasticsearch_custom_datadir != ''
|
- elasticsearch_custom_datadir is not none
|
||||||
- elasticsearch_custom_datadir != None
|
- elasticsearch_custom_datadir | length > 0
|
||||||
- elasticsearch_custom_datadir != elasticsearch_current_real_datadir_test.stdout
|
- elasticsearch_custom_datadir != elasticsearch_current_real_datadir_test.stdout
|
||||||
- not elasticsearch_custom_datadir_test.stat.exists
|
- not elasticsearch_custom_datadir_test.stat.exists
|
||||||
|
|
|
@ -1,7 +1,10 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Check if cron is installed
|
- name: Check if cron is installed
|
||||||
shell: "dpkg -l cron 2> /dev/null | grep -q -E '^(i|h)i'"
|
shell: "set -o pipefail && dpkg -l cron 2>/dev/null | grep -q -E '^(i|h)i'"
|
||||||
|
args:
|
||||||
|
executable: /bin/bash
|
||||||
|
check_mode: no
|
||||||
failed_when: False
|
failed_when: False
|
||||||
changed_when: False
|
changed_when: False
|
||||||
register: is_cron_installed
|
register: is_cron_installed
|
||||||
|
|
|
@ -15,7 +15,7 @@
|
||||||
- include: additional_scripts.yml
|
- include: additional_scripts.yml
|
||||||
|
|
||||||
- include: plugin_head.yml
|
- include: plugin_head.yml
|
||||||
when: elasticsearch_plugin_head
|
when: elasticsearch_plugin_head | bool
|
||||||
|
|
||||||
- include: curator.yml
|
- include: curator.yml
|
||||||
when: elasticsearch_curator
|
when: elasticsearch_curator | bool
|
||||||
|
|
|
@ -5,17 +5,38 @@
|
||||||
name: apt-transport-https
|
name: apt-transport-https
|
||||||
state: present
|
state: present
|
||||||
tags:
|
tags:
|
||||||
- elasticsearch
|
- elasticsearch
|
||||||
- packages
|
- packages
|
||||||
|
|
||||||
|
- name: Look for legacy apt keyring
|
||||||
|
stat:
|
||||||
|
path: /etc/apt/trusted.gpg
|
||||||
|
register: _trusted_gpg_keyring
|
||||||
|
tags:
|
||||||
|
- elasticsearch
|
||||||
|
- packages
|
||||||
|
|
||||||
|
- name: Elastic embedded GPG key is absent
|
||||||
|
apt_key:
|
||||||
|
id: "D88E42B4"
|
||||||
|
keyring: /etc/apt/trusted.gpg
|
||||||
|
state: absent
|
||||||
|
when: _trusted_gpg_keyring.stat.exists
|
||||||
|
tags:
|
||||||
|
- elasticsearch
|
||||||
|
- packages
|
||||||
|
|
||||||
- name: Elastic GPG key is installed
|
- name: Elastic GPG key is installed
|
||||||
apt_key:
|
copy:
|
||||||
# url: https://artifacts.elastic.co/GPG-KEY-elasticsearch
|
src: elastic.asc
|
||||||
data: "{{ lookup('file', 'elasticsearch.key') }}"
|
dest: /etc/apt/trusted.gpg.d/elastic.asc
|
||||||
state: present
|
force: yes
|
||||||
|
mode: "0644"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
tags:
|
tags:
|
||||||
- elasticsearch
|
- elasticsearch
|
||||||
- packages
|
- packages
|
||||||
|
|
||||||
- name: Elastic sources list is available
|
- name: Elastic sources list is available
|
||||||
apt_repository:
|
apt_repository:
|
||||||
|
@ -24,20 +45,20 @@
|
||||||
state: present
|
state: present
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
tags:
|
tags:
|
||||||
- elasticsearch
|
- elasticsearch
|
||||||
- packages
|
- packages
|
||||||
|
|
||||||
- name: Elasticsearch is installed
|
- name: Elasticsearch is installed
|
||||||
apt:
|
apt:
|
||||||
name: elasticsearch
|
name: elasticsearch
|
||||||
state: present
|
state: present
|
||||||
tags:
|
tags:
|
||||||
- elasticsearch
|
- elasticsearch
|
||||||
- packages
|
- packages
|
||||||
|
|
||||||
- name: Elasticsearch service is enabled
|
- name: Elasticsearch service is enabled
|
||||||
service:
|
service:
|
||||||
name: elasticsearch
|
name: elasticsearch
|
||||||
enabled: yes
|
enabled: yes
|
||||||
tags:
|
tags:
|
||||||
- elasticsearch
|
- elasticsearch
|
||||||
|
|
|
@ -9,9 +9,14 @@
|
||||||
|
|
||||||
- name: Tmpdir is moved to custom path
|
- name: Tmpdir is moved to custom path
|
||||||
block:
|
block:
|
||||||
- name: "Create {{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
|
- set_fact:
|
||||||
|
_elasticsearch_custom_tmpdir: "{{ elasticsearch_custom_tmpdir | default(elasticsearch_default_tmpdir, True) | mandatory }}"
|
||||||
|
tags:
|
||||||
|
- elasticsearch
|
||||||
|
|
||||||
|
- name: "Create {{ _elasticsearch_custom_tmpdir }}"
|
||||||
file:
|
file:
|
||||||
path: "{{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
|
path: "{{ _elasticsearch_custom_tmpdir }}"
|
||||||
owner: elasticsearch
|
owner: elasticsearch
|
||||||
group: elasticsearch
|
group: elasticsearch
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
@ -21,10 +26,13 @@
|
||||||
|
|
||||||
- name: change JVM tmpdir (< 6.x)
|
- name: change JVM tmpdir (< 6.x)
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: /etc/elasticsearch/jvm.options
|
dest: /etc/elasticsearch/jvm.options.d/evolinux.options
|
||||||
line: "-Djava.io.tmpdir={{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
|
line: "-Djava.io.tmpdir={{ _elasticsearch_custom_tmpdir }}"
|
||||||
regexp: "^-Djava.io.tmpdir="
|
regexp: "^-Djava.io.tmpdir="
|
||||||
insertafter: "## JVM configuration"
|
create: yes
|
||||||
|
owner: root
|
||||||
|
group: elasticsearch
|
||||||
|
mode: 0640
|
||||||
notify:
|
notify:
|
||||||
- restart elasticsearch
|
- restart elasticsearch
|
||||||
tags:
|
tags:
|
||||||
|
@ -34,7 +42,7 @@
|
||||||
- name: check if ES_TMPDIR is available (>= 6.x)
|
- name: check if ES_TMPDIR is available (>= 6.x)
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: /etc/default/elasticsearch
|
dest: /etc/default/elasticsearch
|
||||||
line: "ES_TMPDIR={{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
|
line: "ES_TMPDIR={{ _elasticsearch_custom_tmpdir }}"
|
||||||
regexp: "^ES_TMPDIR="
|
regexp: "^ES_TMPDIR="
|
||||||
insertafter: "JAVA_HOME"
|
insertafter: "JAVA_HOME"
|
||||||
notify:
|
notify:
|
||||||
|
@ -43,6 +51,7 @@
|
||||||
- elasticsearch
|
- elasticsearch
|
||||||
when: elastic_stack_version is version('6', '>=')
|
when: elastic_stack_version is version('6', '>=')
|
||||||
|
|
||||||
|
# Note : Should not do any changes as -Djava.io.tmpdir=${ES_TMPDIR} is already here in the default config.
|
||||||
- name: change JVM tmpdir (>= 6.x)
|
- name: change JVM tmpdir (>= 6.x)
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: /etc/elasticsearch/jvm.options
|
dest: /etc/elasticsearch/jvm.options
|
||||||
|
@ -54,4 +63,4 @@
|
||||||
tags:
|
tags:
|
||||||
- elasticsearch
|
- elasticsearch
|
||||||
when: elastic_stack_version is version('6', '>=')
|
when: elastic_stack_version is version('6', '>=')
|
||||||
when: (elasticsearch_custom_tmpdir != '' and elasticsearch_custom_tmpdir != None) or fstab_tmp_noexec.rc == 0
|
when: (elasticsearch_custom_tmpdir is not none and elasticsearch_custom_tmpdir | length > 0) or fstab_tmp_noexec.rc == 0
|
||||||
|
|
|
@ -1,4 +1,6 @@
|
||||||
---
|
---
|
||||||
commit_message: Ansible run
|
etc_git_default_commit_message: Ansible run
|
||||||
|
|
||||||
etc_git_monitor_status: True
|
etc_git_monitor_status: True
|
||||||
|
etc_git_purge_index_lock_enabled: True
|
||||||
|
etc_git_purge_index_lock_age: 86400
|
||||||
|
|
11
etc-git/files/etc-git-optimize
Normal file
11
etc-git/files/etc-git-optimize
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -u
|
||||||
|
|
||||||
|
repositories="/etc /etc/bind/ /usr/share/scripts"
|
||||||
|
|
||||||
|
for repository in ${repositories}; do
|
||||||
|
if [ -d "${repository}/.git" ]; then
|
||||||
|
git --git-dir="${repository}/.git" gc --quiet
|
||||||
|
fi
|
||||||
|
done
|
11
etc-git/files/etc-git-status
Normal file
11
etc-git/files/etc-git-status
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -u
|
||||||
|
|
||||||
|
repositories="/etc /etc/bind/ /usr/share/scripts"
|
||||||
|
|
||||||
|
for repository in ${repositories}; do
|
||||||
|
if [ -d "${repository}/.git" ]; then
|
||||||
|
git --git-dir="${repository}/.git" --work-tree="${repository}" status --short
|
||||||
|
fi
|
||||||
|
done
|
265
etc-git/files/evocommit
Normal file
265
etc-git/files/evocommit
Normal file
|
@ -0,0 +1,265 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -u
|
||||||
|
|
||||||
|
VERSION="21.10"
|
||||||
|
|
||||||
|
show_version() {
|
||||||
|
cat <<END
|
||||||
|
evocommit version ${VERSION}
|
||||||
|
|
||||||
|
Copyright 2021 Evolix <info@evolix.fr>,
|
||||||
|
Jérémy Lecour <jlecour@evolix.fr>
|
||||||
|
and others.
|
||||||
|
|
||||||
|
evocommit comes with ABSOLUTELY NO WARRANTY. This is free software,
|
||||||
|
and you are welcome to redistribute it under certain conditions.
|
||||||
|
See the GNU General Public Licence for details.
|
||||||
|
END
|
||||||
|
}
|
||||||
|
|
||||||
|
show_help() {
|
||||||
|
cat <<END
|
||||||
|
evocommit helps properly committing changes in a repository
|
||||||
|
|
||||||
|
END
|
||||||
|
show_usage
|
||||||
|
}
|
||||||
|
show_usage() {
|
||||||
|
cat <<END
|
||||||
|
Usage: evocommit --repository /path/to/repository --message "add new host"
|
||||||
|
|
||||||
|
Options
|
||||||
|
--repository PATH set the path for the repository
|
||||||
|
--message MESSAGE set the commit message
|
||||||
|
-V, --version print version number
|
||||||
|
-v, --verbose increase verbosity
|
||||||
|
-n, --dry-run actions are not executed
|
||||||
|
--help print this message and exit
|
||||||
|
--version print version and exit
|
||||||
|
END
|
||||||
|
}
|
||||||
|
|
||||||
|
syslog() {
|
||||||
|
if [ -x "${LOGGER_BIN}" ]; then
|
||||||
|
${LOGGER_BIN} -t "evocommit" "$1"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
get_system() {
|
||||||
|
uname -s
|
||||||
|
}
|
||||||
|
is_repository_readonly() {
|
||||||
|
if [ "$(get_system)" = "OpenBSD" ]; then
|
||||||
|
partition=$(stat -f '%Sd' $1)
|
||||||
|
mount | grep "${partition}" | grep -q "read-only"
|
||||||
|
elif command -v findmnt >/dev/null; then
|
||||||
|
mountpoint=$(stat -c '%m' $1)
|
||||||
|
findmnt "${mountpoint}" --noheadings --output OPTIONS -O ro
|
||||||
|
else
|
||||||
|
grep /usr /proc/mounts | grep -E '\bro\b'
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
remount_repository_readwrite() {
|
||||||
|
if [ "$(get_system)" = "OpenBSD" ]; then
|
||||||
|
partition=$(stat -f '%Sd' $1)
|
||||||
|
mount -u -w /dev/${partition} 2>/dev/null
|
||||||
|
else
|
||||||
|
mountpoint=$(stat -c '%m' $1)
|
||||||
|
mount -o remount,rw ${mountpoint}
|
||||||
|
syslog "Re-mount ${mountpoint} as read-write to commit in repository $1"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
remount_repository_readonly() {
|
||||||
|
if [ "$(get_system)" = "OpenBSD" ]; then
|
||||||
|
partition=$(stat -f '%Sd' $1)
|
||||||
|
mount -u -r /dev/${partition} 2>/dev/null
|
||||||
|
else
|
||||||
|
mountpoint=$(stat -c '%m' $1)
|
||||||
|
mount -o remount,ro ${mountpoint} 2>/dev/null
|
||||||
|
syslog "Re-mount ${mountpoint} as read-only after commit to repository $1"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
is_dry_run() {
|
||||||
|
test "${DRY_RUN}" = "1"
|
||||||
|
}
|
||||||
|
is_verbose() {
|
||||||
|
test "${VERBOSE}" = "1"
|
||||||
|
}
|
||||||
|
is_ansible() {
|
||||||
|
test "${ANSIBLE}" = "1"
|
||||||
|
}
|
||||||
|
main() {
|
||||||
|
rc=0
|
||||||
|
lock="${GIT_DIR}/index.lock"
|
||||||
|
if [ -f "${lock}" ]; then
|
||||||
|
limit=$(date +"%s" -d "now - 1 hour")
|
||||||
|
updated_at=$(stat -c "%Y" "${lock}")
|
||||||
|
if [ "$updated_at" -lt "$limit" ]; then
|
||||||
|
rm -f "${lock}"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
git_status=$(${GIT_BIN} status --porcelain)
|
||||||
|
|
||||||
|
if [ -n "${git_status}" ]; then
|
||||||
|
if is_dry_run; then
|
||||||
|
${GIT_BIN} status
|
||||||
|
else
|
||||||
|
readonly_orig=0
|
||||||
|
# remount mount point read-write if currently readonly
|
||||||
|
if is_repository_readonly "${REPOSITORY}"; then
|
||||||
|
readonly_orig=1;
|
||||||
|
remount_repository_readwrite "${REPOSITORY}";
|
||||||
|
fi
|
||||||
|
author=$(logname)
|
||||||
|
email=$(git config --get user.email)
|
||||||
|
email=${email:-"${author}@evolix.net"}
|
||||||
|
|
||||||
|
# commit changes
|
||||||
|
git_add_result=$(${GIT_BIN} add --all)
|
||||||
|
git_add_rc=$?
|
||||||
|
|
||||||
|
if is_ansible; then
|
||||||
|
if [ ${git_add_rc} -ne 0 ]; then
|
||||||
|
printf "FAILED: %s\n%s" "can't add changes in ${REPOSITORY}" "${git_add_result}"
|
||||||
|
rc=1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
git_commit_result=$(${GIT_BIN} commit --message "${MESSAGE}" --author "${author} <${email}>")
|
||||||
|
git_commit_rc=$?
|
||||||
|
|
||||||
|
if is_ansible; then
|
||||||
|
if [ ${git_commit_rc} -eq 0 ]; then
|
||||||
|
printf "CHANGED: %s\n" "commit done in ${REPOSITORY} with \`${MESSAGE}'"
|
||||||
|
else
|
||||||
|
printf "FAILED: %s\n%s" "can't commit in ${REPOSITORY} \`${MESSAGE}'" "${git_commit_result}"
|
||||||
|
rc=1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# remount mount point read-only if it was before
|
||||||
|
if [ ${readonly_orig} -eq 1 ]; then
|
||||||
|
remount_repository_readonly "${REPOSITORY}"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
if is_ansible; then
|
||||||
|
printf "INFO: %s\n" "no commit in ${REPOSITORY}'"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
unset GIT_DIR
|
||||||
|
unset GIT_WORK_TREE
|
||||||
|
|
||||||
|
exit ${rc}
|
||||||
|
}
|
||||||
|
# Parse options
|
||||||
|
# based on https://gist.github.com/deshion/10d3cb5f88a21671e17a
|
||||||
|
while :; do
|
||||||
|
case ${1:-''} in
|
||||||
|
-h|-\?|--help)
|
||||||
|
show_help
|
||||||
|
exit 0
|
||||||
|
;;
|
||||||
|
-V|--version)
|
||||||
|
show_version
|
||||||
|
exit 0
|
||||||
|
;;
|
||||||
|
--message)
|
||||||
|
# message options, with value speparated by space
|
||||||
|
if [ -n "$2" ]; then
|
||||||
|
MESSAGE=$2
|
||||||
|
shift
|
||||||
|
else
|
||||||
|
printf 'ERROR: "--message" requires a non-empty option argument.\n' >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
--message=?*)
|
||||||
|
# message options, with value speparated by =
|
||||||
|
MESSAGE=${1#*=}
|
||||||
|
;;
|
||||||
|
--message=)
|
||||||
|
# message options, without value
|
||||||
|
printf 'ERROR: "--message" requires a non-empty option argument.\n' >&2
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
--repository)
|
||||||
|
# repository options, with value speparated by space
|
||||||
|
if [ -n "$2" ]; then
|
||||||
|
REPOSITORY=$2
|
||||||
|
shift
|
||||||
|
else
|
||||||
|
printf 'ERROR: "--repository" requires a non-empty option argument.\n' >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
--repository=?*)
|
||||||
|
# repository options, with value speparated by =
|
||||||
|
REPOSITORY=${1#*=}
|
||||||
|
;;
|
||||||
|
--repository=)
|
||||||
|
# repository options, without value
|
||||||
|
printf 'ERROR: "--repository" requires a non-empty option argument.\n' >&2
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
-n|--dry-run)
|
||||||
|
# disable actual commands
|
||||||
|
DRY_RUN=1
|
||||||
|
;;
|
||||||
|
-v|--verbose)
|
||||||
|
# print verbose information
|
||||||
|
VERBOSE=1
|
||||||
|
;;
|
||||||
|
--ansible)
|
||||||
|
# print information for Ansible
|
||||||
|
ANSIBLE=1
|
||||||
|
;;
|
||||||
|
--)
|
||||||
|
# End of all options.
|
||||||
|
shift
|
||||||
|
break
|
||||||
|
;;
|
||||||
|
-?*|[[:alnum:]]*)
|
||||||
|
# ignore unknown options
|
||||||
|
printf 'WARN: Unknown option (ignored): %s\n' "$1" >&2
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
# Default case: If no more options then break out of the loop.
|
||||||
|
break
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
shift
|
||||||
|
done
|
||||||
|
|
||||||
|
if [ -z "${MESSAGE}" ]; then
|
||||||
|
echo "Error: missing message parameter" >&2
|
||||||
|
show_usage
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
if [ -z "${REPOSITORY}" ]; then
|
||||||
|
echo "Error: missing repository parameter" >&2
|
||||||
|
show_usage
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
DRY_RUN=${DRY_RUN:-0}
|
||||||
|
VERBOSE=${VERBOSE:-0}
|
||||||
|
ANSIBLE=${ANSIBLE:-0}
|
||||||
|
|
||||||
|
GIT_BIN=$(command -v git)
|
||||||
|
readonly GIT_BIN
|
||||||
|
|
||||||
|
LOGGER_BIN=$(command -v logger)
|
||||||
|
readonly LOGGER_BIN
|
||||||
|
|
||||||
|
export GIT_DIR="${REPOSITORY}/.git"
|
||||||
|
export GIT_WORK_TREE="${REPOSITORY}"
|
||||||
|
|
||||||
|
if [ -d "${GIT_DIR}" ]; then
|
||||||
|
main
|
||||||
|
else
|
||||||
|
echo "There is no Git repository in '${REPOSITORY}'" >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
|
@ -1,3 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
git --git-dir /etc/.git gc --quiet
|
|
|
@ -1,17 +1,28 @@
|
||||||
galaxy_info:
|
galaxy_info:
|
||||||
author: Evolix
|
company: Evolix
|
||||||
description: Put /etc under Git version control.
|
description: Put /etc under Git version control.
|
||||||
|
|
||||||
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
|
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
|
||||||
|
|
||||||
license: GPLv2
|
license: GPLv2
|
||||||
|
|
||||||
min_ansible_version: 2.2
|
min_ansible_version: "2.2"
|
||||||
|
|
||||||
platforms:
|
platforms:
|
||||||
- name: Debian
|
- name: Debian
|
||||||
versions:
|
versions:
|
||||||
- jessie
|
- jessie
|
||||||
|
- stretch
|
||||||
|
- buster
|
||||||
|
|
||||||
|
galaxy_tags: []
|
||||||
|
# List tags for your role here, one per line. A tag is
|
||||||
|
# a keyword that describes and categorizes the role.
|
||||||
|
# Users find roles by searching for tags. Be sure to
|
||||||
|
# remove the '[]' above if you add tags to this list.
|
||||||
|
#
|
||||||
|
# NOTE: A tag is limited to a single word comprised of
|
||||||
|
# alphanumeric characters. Maximum 20 tags per role.
|
||||||
|
|
||||||
dependencies: []
|
dependencies: []
|
||||||
# List your role dependencies here, one per line.
|
# List your role dependencies here, one per line.
|
||||||
|
|
|
@ -1,57 +1,52 @@
|
||||||
---
|
---
|
||||||
- name: is /etc clean?
|
|
||||||
command: git status --porcelain
|
# /etc
|
||||||
args:
|
- name: Is /etc a git repository
|
||||||
chdir: /etc
|
stat:
|
||||||
changed_when: False
|
path: /etc/.git
|
||||||
register: git_status
|
register: _etc_git
|
||||||
when: not ansible_check_mode
|
|
||||||
|
- name: "evocommit /etc"
|
||||||
|
command: "/usr/local/bin/evocommit --ansible --repository /etc --message \"{{ commit_message | mandatory }}\""
|
||||||
|
changed_when:
|
||||||
|
- _etc_git_commit.stdout
|
||||||
|
- "'CHANGED:' in _etc_git_commit.stdout"
|
||||||
ignore_errors: yes
|
ignore_errors: yes
|
||||||
tags:
|
register: _etc_git_commit
|
||||||
- etc-git
|
|
||||||
- commit-etc
|
|
||||||
|
|
||||||
- debug:
|
|
||||||
var: git_status
|
|
||||||
verbosity: 3
|
|
||||||
tags:
|
|
||||||
- etc-git
|
|
||||||
- commit-etc
|
|
||||||
|
|
||||||
- name: fetch current Git user.email
|
|
||||||
git_config:
|
|
||||||
name: user.email
|
|
||||||
repo: /etc
|
|
||||||
register: git_config_user_email
|
|
||||||
ignore_errors: yes
|
|
||||||
tags:
|
|
||||||
- etc-git
|
|
||||||
- commit-etc
|
|
||||||
|
|
||||||
- name: "set commit author"
|
|
||||||
set_fact:
|
|
||||||
commit_author: '{% if ansible_env.SUDO_USER is not defined %}root{% else %}{{ ansible_env.SUDO_USER }}{% endif %}'
|
|
||||||
commit_email: '{% if git_config_user_email.config_value is not defined or not git_config_user_email.config_value %}root@localhost{% else %}{{ git_config_user_email.config_value }}{% endif %}' # noqa 204
|
|
||||||
tags:
|
|
||||||
- etc-git
|
|
||||||
- commit-etc
|
|
||||||
|
|
||||||
- name: "/etc modifications are committed"
|
|
||||||
shell: "git add -A . && git commit -m \"{{ commit_message | mandatory }}\" --author \"{{ commit_author | mandatory }} <{{ commit_email | mandatory }}>\""
|
|
||||||
args:
|
|
||||||
chdir: /etc
|
|
||||||
register: etc_commit_end_run
|
|
||||||
when:
|
when:
|
||||||
- not ansible_check_mode
|
- _etc_git.stat.exists
|
||||||
- git_status.stdout
|
- _etc_git.stat.isdir
|
||||||
ignore_errors: yes
|
|
||||||
tags:
|
|
||||||
- etc-git
|
|
||||||
- commit-etc
|
|
||||||
|
|
||||||
- debug:
|
# /etc/bind
|
||||||
var: etc_commit_end_run
|
- name: Is /etc/bind a git repository
|
||||||
verbosity: 4
|
stat:
|
||||||
tags:
|
path: /etc/bind/.git
|
||||||
- etc-git
|
register: _etc_bind_git
|
||||||
- commit-etc
|
|
||||||
|
- name: "evocommit /etc/bind"
|
||||||
|
command: "/usr/local/bin/evocommit --ansible --repository /etc/bind --message \"{{ commit_message | mandatory }}\""
|
||||||
|
changed_when:
|
||||||
|
- _etc_bind_git_commit.stdout
|
||||||
|
- "'CHANGED:' in _etc_bind_git_commit.stdout"
|
||||||
|
ignore_errors: yes
|
||||||
|
register: _etc_bind_git_commit
|
||||||
|
when:
|
||||||
|
- _etc_bind_git.stat.exists
|
||||||
|
- _etc_bind_git.stat.isdir
|
||||||
|
|
||||||
|
# /usr/share/scripts
|
||||||
|
- name: Is /usr/share/scripts a git repository
|
||||||
|
stat:
|
||||||
|
path: /usr/share/scripts/.git
|
||||||
|
register: _usr_share_scripts_git
|
||||||
|
|
||||||
|
- name: "evocommit /usr/share/scripts"
|
||||||
|
command: "/usr/local/bin/evocommit --ansible --repository /usr/share/scripts --message \"{{ commit_message | mandatory }}\""
|
||||||
|
changed_when:
|
||||||
|
- _usr_share_scripts_git_commit.stdout
|
||||||
|
- "'CHANGED:' in _usr_share_scripts_git_commit.stdout"
|
||||||
|
ignore_errors: yes
|
||||||
|
register: _usr_share_scripts_git_commit
|
||||||
|
when:
|
||||||
|
- _usr_share_scripts_git.stat.exists
|
||||||
|
- _usr_share_scripts_git.stat.isdir
|
||||||
|
|
|
@ -7,6 +7,18 @@
|
||||||
tags:
|
tags:
|
||||||
- etc-git
|
- etc-git
|
||||||
|
|
||||||
|
- include_role:
|
||||||
|
name: evolix/remount-usr
|
||||||
|
|
||||||
|
- name: "evocommit script is installed"
|
||||||
|
copy:
|
||||||
|
src: evocommit
|
||||||
|
dest: /usr/local/bin/evocommit
|
||||||
|
mode: "0755"
|
||||||
|
force: yes
|
||||||
|
tags:
|
||||||
|
- etc-git
|
||||||
|
|
||||||
- include: repository.yml
|
- include: repository.yml
|
||||||
vars:
|
vars:
|
||||||
repository_path: "/etc"
|
repository_path: "/etc"
|
||||||
|
@ -32,36 +44,71 @@
|
||||||
- _usr_share_scripts.stat.isdir
|
- _usr_share_scripts.stat.isdir
|
||||||
- ansible_distribution_major_version is version('10', '>=')
|
- ansible_distribution_major_version is version('10', '>=')
|
||||||
|
|
||||||
|
- name: "etc-git-optimize script is installed"
|
||||||
|
copy:
|
||||||
|
src: etc-git-optimize
|
||||||
|
dest: /usr/share/scripts/etc-git-optimize
|
||||||
|
mode: "0755"
|
||||||
|
force: yes
|
||||||
|
tags:
|
||||||
|
- etc-git
|
||||||
|
|
||||||
|
- name: "etc-git-status script is installed"
|
||||||
|
copy:
|
||||||
|
src: etc-git-status
|
||||||
|
dest: /usr/share/scripts/etc-git-status
|
||||||
|
mode: "0755"
|
||||||
|
force: yes
|
||||||
|
tags:
|
||||||
|
- etc-git
|
||||||
|
|
||||||
- name: Check if cron is installed
|
- name: Check if cron is installed
|
||||||
shell: "dpkg -l cron 2> /dev/null | grep -q -E '^(i|h)i'"
|
shell: "set -o pipefail && dpkg -l cron 2>/dev/null | grep -q -E '^(i|h)i'"
|
||||||
|
args:
|
||||||
|
executable: /bin/bash
|
||||||
failed_when: False
|
failed_when: False
|
||||||
changed_when: False
|
changed_when: False
|
||||||
check_mode: no
|
check_mode: no
|
||||||
register: is_cron_installed
|
register: is_cron_installed
|
||||||
|
|
||||||
- name: Optimize script is installed in monthly crontab
|
- block:
|
||||||
copy:
|
- name: Legacy cron jobs for /etc/.git status are absent
|
||||||
src: optimize-etc-git
|
file:
|
||||||
dest: /etc/cron.monthly/optimize-etc-git
|
dest: "{{ item }}"
|
||||||
mode: "0750"
|
state: absent
|
||||||
force: no
|
loop:
|
||||||
|
- /etc/cron.monthly/optimize-etc-git
|
||||||
|
- /etc/cron.d/etc-git-status
|
||||||
|
|
||||||
|
- name: Cron job for monthly git optimization
|
||||||
|
cron:
|
||||||
|
name: "Monthly optimization"
|
||||||
|
cron_file: etc-git
|
||||||
|
special_time: "monthly"
|
||||||
|
user: root
|
||||||
|
job: "/usr/share/scripts/etc-git-optimize"
|
||||||
|
|
||||||
|
- name: Cron job for hourly git status
|
||||||
|
cron:
|
||||||
|
name: "Hourly warning for unclean Git repository if nobody is connected"
|
||||||
|
cron_file: etc-git
|
||||||
|
special_time: "hourly"
|
||||||
|
user: root
|
||||||
|
job: "who > /dev/null || /usr/share/scripts/etc-git-status"
|
||||||
|
state: "{{ etc_git_monitor_status | bool | ternary('present','absent') }}"
|
||||||
|
|
||||||
|
- name: Cron job for daily git status
|
||||||
|
cron:
|
||||||
|
name: "Daily warning for unclean Git repository"
|
||||||
|
cron_file: etc-git
|
||||||
|
user: root
|
||||||
|
job: "/usr/share/scripts/etc-git-status"
|
||||||
|
minute: "21"
|
||||||
|
hour: "21"
|
||||||
|
weekday: "*"
|
||||||
|
day: "*"
|
||||||
|
month: "*"
|
||||||
|
state: "{{ etc_git_monitor_status | bool | ternary('present','absent') }}"
|
||||||
when: is_cron_installed.rc == 0
|
when: is_cron_installed.rc == 0
|
||||||
tags:
|
tags:
|
||||||
- etc-git
|
- etc-git
|
||||||
|
|
||||||
- name: Cron job for /etc/.git status is installed
|
|
||||||
template:
|
|
||||||
src: etc-git-status.j2
|
|
||||||
dest: /etc/cron.d/etc-git-status
|
|
||||||
mode: "0644"
|
|
||||||
when: is_cron_installed.rc == 0 and etc_git_monitor_status
|
|
||||||
tags:
|
|
||||||
- etc-git
|
|
||||||
|
|
||||||
- name: Cron job for /etc/.git status is removed
|
|
||||||
file:
|
|
||||||
dest: /etc/cron.d/etc-git-status
|
|
||||||
state: absent
|
|
||||||
when: is_cron_installed.rc == 0 and not etc_git_monitor_status
|
|
||||||
tags:
|
|
||||||
- etc-git
|
|
|
@ -46,7 +46,7 @@
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: "{{ repository_path }}/.gitignore"
|
dest: "{{ repository_path }}/.gitignore"
|
||||||
line: "{{ item }}"
|
line: "{{ item }}"
|
||||||
with_items: "{{ gitignore_items | default([]) }}"
|
loop: "{{ gitignore_items | default([]) }}"
|
||||||
tags:
|
tags:
|
||||||
- etc-git
|
- etc-git
|
||||||
|
|
||||||
|
@ -68,6 +68,6 @@
|
||||||
chdir: "{{ repository_path }}"
|
chdir: "{{ repository_path }}"
|
||||||
warn: no
|
warn: no
|
||||||
register: git_commit
|
register: git_commit
|
||||||
when: git_log.rc != 0 or (git_init is defined and git_init.changed)
|
when: git_log.rc != 0 or (git_init is defined and git_init is changed)
|
||||||
tags:
|
tags:
|
||||||
- etc-git
|
- etc-git
|
|
@ -1,4 +0,0 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
|
|
||||||
@hourly root who > /dev/null || git --git-dir=/etc/.git --work-tree=/etc status --short
|
|
||||||
21 21 * * * root git --git-dir=/etc/.git --work-tree=/etc status --short
|
|
|
@ -15,12 +15,13 @@ find "${CRT_DIR}" \
|
||||||
-maxdepth 1 \
|
-maxdepth 1 \
|
||||||
-mindepth 1 \
|
-mindepth 1 \
|
||||||
-type d \
|
-type d \
|
||||||
! -path "*accounts" \
|
! -path "${CRT_DIR}/accounts" \
|
||||||
! -path "*archive" \
|
! -path "${CRT_DIR}/archive" \
|
||||||
! -path "*csr" \
|
! -path "${CRT_DIR}/csr" \
|
||||||
! -path "*hooks" \
|
! -path "${CRT_DIR}/hooks" \
|
||||||
! -path "*keys" \
|
! -path "${CRT_DIR}/keys" \
|
||||||
! -path "*live" \
|
! -path "${CRT_DIR}/live" \
|
||||||
! -path "*renewal" \
|
! -path "${CRT_DIR}/renewal" \
|
||||||
|
! -path "${CRT_DIR}/renewal-hooks" \
|
||||||
-printf "%f\n" \
|
-printf "%f\n" \
|
||||||
| xargs --max-args=1 --no-run-if-empty evoacme
|
| xargs --max-args=1 --no-run-if-empty evoacme
|
||||||
|
|
|
@ -112,9 +112,9 @@ openssl_selfsigned() {
|
||||||
[ -r "${key}" ] || error "File ${key} is not readable"
|
[ -r "${key}" ] || error "File ${key} is not readable"
|
||||||
[ -w "${crt_dir}" ] || error "Directory ${crt_dir} is not writable"
|
[ -w "${crt_dir}" ] || error "Directory ${crt_dir} is not writable"
|
||||||
if grep -q SAN "${cfg}"; then
|
if grep -q SAN "${cfg}"; then
|
||||||
"${OPENSSL_BIN}" x509 -req -sha256 -days 365 -in "${csr}" -extensions SAN -extfile "${cfg}" -signkey "${key}" -out "${crt}" 2> /dev/null
|
"${OPENSSL_BIN}" x509 -req -sha256 -days 365 -in "${csr}" -extensions SAN -extfile "${cfg}" -signkey "${key}" -out "${crt}" 2>/dev/null
|
||||||
else
|
else
|
||||||
"${OPENSSL_BIN}" x509 -req -sha256 -days 365 -in "${csr}" -signkey "${key}" -out "${crt}" 2> /dev/null
|
"${OPENSSL_BIN}" x509 -req -sha256 -days 365 -in "${csr}" -signkey "${key}" -out "${crt}" 2>/dev/null
|
||||||
fi
|
fi
|
||||||
|
|
||||||
[ -r "${crt}" ] || error "Something went wrong, ${crt} has not been generated"
|
[ -r "${crt}" ] || error "Something went wrong, ${crt} has not been generated"
|
||||||
|
@ -126,7 +126,7 @@ openssl_key(){
|
||||||
|
|
||||||
[ -w "${key_dir}" ] || error "Directory ${key_dir} is not writable"
|
[ -w "${key_dir}" ] || error "Directory ${key_dir} is not writable"
|
||||||
|
|
||||||
"${OPENSSL_BIN}" genrsa -out "${key}" "${size}" 2> /dev/null
|
"${OPENSSL_BIN}" genrsa -out "${key}" "${size}" 2>/dev/null
|
||||||
|
|
||||||
[ -r "${key}" ] || error "Something went wrong, ${key} has not been generated"
|
[ -r "${key}" ] || error "Something went wrong, ${key} has not been generated"
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,18 +1,28 @@
|
||||||
galaxy_info:
|
galaxy_info:
|
||||||
author: Evolix
|
company: Evolix
|
||||||
description: Install evoacme ; a wrapper for Certbot (Let's Encrypt)
|
description: Install evoacme ; a wrapper for Certbot (Let's Encrypt)
|
||||||
|
|
||||||
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
|
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
|
||||||
|
|
||||||
license: GPLv2
|
license: GPLv2
|
||||||
|
|
||||||
min_ansible_version: 2.2
|
min_ansible_version: "2.2"
|
||||||
|
|
||||||
platforms:
|
platforms:
|
||||||
- name: Debian
|
- name: Debian
|
||||||
versions:
|
versions:
|
||||||
- stretch
|
- jessie
|
||||||
- buster
|
- stretch
|
||||||
|
- buster
|
||||||
|
|
||||||
|
galaxy_tags: []
|
||||||
|
# List tags for your role here, one per line. A tag is
|
||||||
|
# a keyword that describes and categorizes the role.
|
||||||
|
# Users find roles by searching for tags. Be sure to
|
||||||
|
# remove the '[]' above if you add tags to this list.
|
||||||
|
#
|
||||||
|
# NOTE: A tag is limited to a single word comprised of
|
||||||
|
# alphanumeric characters. Maximum 20 tags per role.
|
||||||
|
|
||||||
dependencies: []
|
dependencies: []
|
||||||
# List your role dependencies here, one per line.
|
# List your role dependencies here, one per line.
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
section: 'req'
|
section: 'req'
|
||||||
option: "{{ item.name }}"
|
option: "{{ item.name }}"
|
||||||
value: "{{ item.var }}"
|
value: "{{ item.var }}"
|
||||||
with_items:
|
loop:
|
||||||
- { name: 'default_bits', var: "{{ evoacme_ssl_key_size }}" }
|
- { name: 'default_bits', var: "{{ evoacme_ssl_key_size }}" }
|
||||||
- { name: 'encrypt_key', var: 'yes' }
|
- { name: 'encrypt_key', var: 'yes' }
|
||||||
- { name: 'distinguished_name', var: 'req_dn' }
|
- { name: 'distinguished_name', var: 'req_dn' }
|
||||||
|
@ -16,7 +16,7 @@
|
||||||
section: 'req_dn'
|
section: 'req_dn'
|
||||||
option: "{{ item.name }}"
|
option: "{{ item.name }}"
|
||||||
value: "{{ item.var }}"
|
value: "{{ item.var }}"
|
||||||
with_items:
|
loop:
|
||||||
- { name: 'C', var: "{{ evoacme_ssl_ct }}" }
|
- { name: 'C', var: "{{ evoacme_ssl_ct }}" }
|
||||||
- { name: 'ST', var: "{{ evoacme_ssl_state }}" }
|
- { name: 'ST', var: "{{ evoacme_ssl_state }}" }
|
||||||
- { name: 'L', var: "{{ evoacme_ssl_loc }}" }
|
- { name: 'L', var: "{{ evoacme_ssl_loc }}" }
|
||||||
|
|
|
@ -16,4 +16,4 @@
|
||||||
src: "hooks/{{ hook_name }}"
|
src: "hooks/{{ hook_name }}"
|
||||||
dest: "{{ evoacme_hooks_dir }}/{{ hook_name }}"
|
dest: "{{ evoacme_hooks_dir }}/{{ hook_name }}"
|
||||||
mode: "0750"
|
mode: "0750"
|
||||||
when: _find_hook.stdout == ""
|
when: _find_hook.stdout | length == 0
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
- ansible_distribution == "Debian"
|
- ansible_distribution == "Debian"
|
||||||
- ansible_distribution_major_version is version('9', '>=')
|
- ansible_distribution_major_version is version('9', '>=')
|
||||||
msg: only compatible with Debian >= 9
|
msg: only compatible with Debian >= 9
|
||||||
when: not evoacme_disable_debian_check
|
when: not (evoacme_disable_debian_check | bool)
|
||||||
|
|
||||||
- include: certbot.yml
|
- include: certbot.yml
|
||||||
|
|
||||||
|
|
|
@ -39,6 +39,6 @@
|
||||||
file:
|
file:
|
||||||
path: "/usr/local/bin/{{ item }}"
|
path: "/usr/local/bin/{{ item }}"
|
||||||
state: absent
|
state: absent
|
||||||
with_items:
|
loop:
|
||||||
- 'make-csr'
|
- 'make-csr'
|
||||||
- 'evoacme'
|
- 'evoacme'
|
||||||
|
|
|
@ -13,4 +13,4 @@
|
||||||
command: "bkctld restart {{ evolinux_hostname }}"
|
command: "bkctld restart {{ evolinux_hostname }}"
|
||||||
# - "bkctld sync {{ evolinux_hostname }}"
|
# - "bkctld sync {{ evolinux_hostname }}"
|
||||||
delegate_to: "{{ evobackup_client__hosts[0].ip }}"
|
delegate_to: "{{ evobackup_client__hosts[0].ip }}"
|
||||||
when: evobackup_client__hosts|length > 1
|
when: evobackup_client__hosts | length > 1
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
marker: "# {mark} {{ item.name }}"
|
marker: "# {mark} {{ item.name }}"
|
||||||
block: |
|
block: |
|
||||||
/sbin/iptables -A INPUT -p tcp --sport {{ item.port }} --dport 1024:65535 -s {{ item.ip }} -m state --state ESTABLISHED,RELATED -j ACCEPT
|
/sbin/iptables -A INPUT -p tcp --sport {{ item.port }} --dport 1024:65535 -s {{ item.ip }} -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||||
with_items: "{{ evobackup_client__hosts }}"
|
loop: "{{ evobackup_client__hosts }}"
|
||||||
notify: restart minifirewall
|
notify: restart minifirewall
|
||||||
when: evobackup_client__minifirewall.stat.exists
|
when: evobackup_client__minifirewall.stat.exists
|
||||||
tags:
|
tags:
|
||||||
|
|
|
@ -6,11 +6,13 @@
|
||||||
dest: "{{ evobackup_client__cron_path }}"
|
dest: "{{ evobackup_client__cron_path }}"
|
||||||
force: true
|
force: true
|
||||||
mode: 0755
|
mode: 0755
|
||||||
with_first_found:
|
loop: "{{ query('first_found', templates) }}"
|
||||||
- "templates/evobackup-client/{{ evobackup_client__cron_template_name }}.{{ inventory_hostname }}.sh.j2"
|
vars:
|
||||||
- "templates/evobackup-client/{{ evobackup_client__cron_template_name }}.{{ host_group }}.sh.j2"
|
templates:
|
||||||
- "templates/evobackup-client/{{ evobackup_client__cron_template_name }}.sh.j2"
|
- "templates/evobackup-client/{{ evobackup_client__cron_template_name }}.{{ inventory_hostname }}.sh.j2"
|
||||||
- "zzz_evobackup.default.sh.j2"
|
- "templates/evobackup-client/{{ evobackup_client__cron_template_name }}.{{ host_group | default('all') }}.sh.j2"
|
||||||
|
- "templates/evobackup-client/{{ evobackup_client__cron_template_name }}.sh.j2"
|
||||||
|
- "templates/zzz_evobackup.default.sh.j2"
|
||||||
tags:
|
tags:
|
||||||
- evobackup_client
|
- evobackup_client
|
||||||
- evobackup_client_backup_scripts
|
- evobackup_client_backup_scripts
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
path: /root/.ssh/known_hosts
|
path: /root/.ssh/known_hosts
|
||||||
name: "[{{ item.name }}]:{{ item.port }}"
|
name: "[{{ item.name }}]:{{ item.port }}"
|
||||||
key: "[{{ item.name }}]:{{ item.port }} {{ item.fingerprint }}"
|
key: "[{{ item.name }}]:{{ item.port }} {{ item.fingerprint }}"
|
||||||
with_list: "{{ evobackup_client__hosts }}"
|
loop: "{{ evobackup_client__hosts }}"
|
||||||
tags:
|
tags:
|
||||||
- evobackup_client
|
- evobackup_client
|
||||||
- evobackup_client_backup_hosts
|
- evobackup_client_backup_hosts
|
||||||
|
|
|
@ -124,7 +124,7 @@ pick_server() {
|
||||||
if [ -e "${PIDFILE}" ]; then
|
if [ -e "${PIDFILE}" ]; then
|
||||||
pid=$(cat "${PIDFILE}")
|
pid=$(cat "${PIDFILE}")
|
||||||
# Does process still exist ?
|
# Does process still exist ?
|
||||||
if kill -0 "${pid}" 2> /dev/null; then
|
if kill -0 "${pid}" 2>/dev/null; then
|
||||||
# Killing the childs of evobackup.
|
# Killing the childs of evobackup.
|
||||||
for ppid in $(pgrep -P "${pid}"); do
|
for ppid in $(pgrep -P "${pid}"); do
|
||||||
kill -9 "${ppid}";
|
kill -9 "${ppid}";
|
||||||
|
|
|
@ -16,6 +16,4 @@ A separate `exec.yml` file can be imported manually in playbooks or roles to exe
|
||||||
## Variables
|
## Variables
|
||||||
|
|
||||||
We can force install via :
|
We can force install via :
|
||||||
* `evocheck_force_install: local` : will copy the script provided by the role
|
|
||||||
* `evocheck_force_install: package` : will install the package via repositories
|
|
||||||
* `evocheck_update_crontab` : will update the crontab (default: `True`)
|
* `evocheck_update_crontab` : will update the crontab (default: `True`)
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
---
|
---
|
||||||
evocheck_force_install: False
|
|
||||||
evocheck_update_crontab: True
|
evocheck_update_crontab: True
|
||||||
evocheck_bin_dir: /usr/share/scripts
|
evocheck_bin_dir: /usr/share/scripts
|
||||||
|
|
|
@ -4,7 +4,8 @@
|
||||||
# Script to verify compliance of a Debian/OpenBSD server
|
# Script to verify compliance of a Debian/OpenBSD server
|
||||||
# powered by Evolix
|
# powered by Evolix
|
||||||
|
|
||||||
readonly VERSION="20.12"
|
VERSION="21.10.4"
|
||||||
|
readonly VERSION
|
||||||
|
|
||||||
# base functions
|
# base functions
|
||||||
|
|
||||||
|
@ -12,7 +13,7 @@ show_version() {
|
||||||
cat <<END
|
cat <<END
|
||||||
evocheck version ${VERSION}
|
evocheck version ${VERSION}
|
||||||
|
|
||||||
Copyright 2009-2019 Evolix <info@evolix.fr>,
|
Copyright 2009-2021 Evolix <info@evolix.fr>,
|
||||||
Romain Dessort <rdessort@evolix.fr>,
|
Romain Dessort <rdessort@evolix.fr>,
|
||||||
Benoit SĂ©rie <bserie@evolix.fr>,
|
Benoit SĂ©rie <bserie@evolix.fr>,
|
||||||
Gregory Colpart <reg@evolix.fr>,
|
Gregory Colpart <reg@evolix.fr>,
|
||||||
|
@ -62,6 +63,8 @@ detect_os() {
|
||||||
8) DEBIAN_RELEASE="jessie";;
|
8) DEBIAN_RELEASE="jessie";;
|
||||||
9) DEBIAN_RELEASE="stretch";;
|
9) DEBIAN_RELEASE="stretch";;
|
||||||
10) DEBIAN_RELEASE="buster";;
|
10) DEBIAN_RELEASE="buster";;
|
||||||
|
11) DEBIAN_RELEASE="bullseye";;
|
||||||
|
12) DEBIAN_RELEASE="bookworm";;
|
||||||
esac
|
esac
|
||||||
fi
|
fi
|
||||||
elif [ "$(uname -s)" = "OpenBSD" ]; then
|
elif [ "$(uname -s)" = "OpenBSD" ]; then
|
||||||
|
@ -71,7 +74,7 @@ detect_os() {
|
||||||
}
|
}
|
||||||
|
|
||||||
is_debian() {
|
is_debian() {
|
||||||
test -n "${DEBIAN_RELEASE}"
|
test -n "${DEBIAN_RELEASE}"
|
||||||
}
|
}
|
||||||
is_debian_lenny() {
|
is_debian_lenny() {
|
||||||
test "${DEBIAN_RELEASE}" = "lenny"
|
test "${DEBIAN_RELEASE}" = "lenny"
|
||||||
|
@ -91,6 +94,12 @@ is_debian_stretch() {
|
||||||
is_debian_buster() {
|
is_debian_buster() {
|
||||||
test "${DEBIAN_RELEASE}" = "buster"
|
test "${DEBIAN_RELEASE}" = "buster"
|
||||||
}
|
}
|
||||||
|
is_debian_bullseye() {
|
||||||
|
test "${DEBIAN_RELEASE}" = "bullseye"
|
||||||
|
}
|
||||||
|
is_debian_bookworm() {
|
||||||
|
test "${DEBIAN_RELEASE}" = "bookworm"
|
||||||
|
}
|
||||||
debian_release() {
|
debian_release() {
|
||||||
printf "%s" "${DEBIAN_RELEASE}"
|
printf "%s" "${DEBIAN_RELEASE}"
|
||||||
}
|
}
|
||||||
|
@ -147,7 +156,7 @@ check_lsbrelease(){
|
||||||
## only the major version matters
|
## only the major version matters
|
||||||
lhs=$(${LSB_RELEASE_BIN} --release --short | cut -d "." -f 1)
|
lhs=$(${LSB_RELEASE_BIN} --release --short | cut -d "." -f 1)
|
||||||
rhs=$(cut -d "." -f 1 < /etc/debian_version)
|
rhs=$(cut -d "." -f 1 < /etc/debian_version)
|
||||||
test "$lhs" = "$rhs" || failed "IS_LSBRELEASE" "release is not consistent between lsb_release and /etc/debian_version"
|
test "$lhs" = "$rhs" || failed "IS_LSBRELEASE" "release is not consistent between lsb_release (${lhs}) and /etc/debian_version (${rhs})"
|
||||||
else
|
else
|
||||||
failed "IS_LSBRELEASE" "lsb_release is missing or not executable"
|
failed "IS_LSBRELEASE" "lsb_release is missing or not executable"
|
||||||
fi
|
fi
|
||||||
|
@ -165,7 +174,7 @@ check_dpkgwarning() {
|
||||||
test -e /etc/apt/apt.conf \
|
test -e /etc/apt/apt.conf \
|
||||||
&& failed "IS_DPKGWARNING" "/etc/apt/apt.conf is missing"
|
&& failed "IS_DPKGWARNING" "/etc/apt/apt.conf is missing"
|
||||||
fi
|
fi
|
||||||
elif is_debian_stretch || is_debian_buster; then
|
elif is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||||
test -e /etc/apt/apt.conf.d/z-evolinux.conf \
|
test -e /etc/apt/apt.conf.d/z-evolinux.conf \
|
||||||
|| failed "IS_DPKGWARNING" "/etc/apt/apt.conf.d/z-evolinux.conf is missing"
|
|| failed "IS_DPKGWARNING" "/etc/apt/apt.conf.d/z-evolinux.conf is missing"
|
||||||
fi
|
fi
|
||||||
|
@ -211,7 +220,6 @@ check_vartmpfs() {
|
||||||
else
|
else
|
||||||
df /var/tmp | grep -q tmpfs || failed "IS_VARTMPFS" "/var/tmp is not a tmpfs"
|
df /var/tmp | grep -q tmpfs || failed "IS_VARTMPFS" "/var/tmp is not a tmpfs"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
}
|
}
|
||||||
check_serveurbase() {
|
check_serveurbase() {
|
||||||
is_installed serveur-base || failed "IS_SERVEURBASE" "serveur-base package is not installed"
|
is_installed serveur-base || failed "IS_SERVEURBASE" "serveur-base package is not installed"
|
||||||
|
@ -224,8 +232,19 @@ check_syslogconf() {
|
||||||
|| failed "IS_SYSLOGCONF" "syslog evolix config file missing"
|
|| failed "IS_SYSLOGCONF" "syslog evolix config file missing"
|
||||||
}
|
}
|
||||||
check_debiansecurity() {
|
check_debiansecurity() {
|
||||||
grep -q "^deb.*security" /etc/apt/sources.list \
|
if is_debian_bullseye; then
|
||||||
|| failed "IS_DEBIANSECURITY" "missing debian security repository"
|
# https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.html#security-archive
|
||||||
|
pattern="^deb https://deb\.debian\.org/debian-security/? bullseye-security main"
|
||||||
|
elif is_debian_buster; then
|
||||||
|
pattern="^deb http://security\.debian\.org/debian-security/? buster/updates main"
|
||||||
|
elif is_debian_stretch; then
|
||||||
|
pattern="^deb http://security\.debian\.org/debian-security/? stretch/updates main"
|
||||||
|
else
|
||||||
|
pattern="^deb.*security"
|
||||||
|
fi
|
||||||
|
|
||||||
|
source_file="/etc/apt/sources.list"
|
||||||
|
grep -qE "${pattern}" "${source_file}" || failed "IS_DEBIANSECURITY" "missing debian security repository"
|
||||||
}
|
}
|
||||||
check_aptitudeonly() {
|
check_aptitudeonly() {
|
||||||
if is_debian_squeeze || is_debian_wheezy; then
|
if is_debian_squeeze || is_debian_wheezy; then
|
||||||
|
@ -234,13 +253,13 @@ check_aptitudeonly() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_aptitude() {
|
check_aptitude() {
|
||||||
if is_debian_jessie || is_debian_stretch || is_debian_buster; then
|
if is_debian_jessie || is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||||
test -e /usr/bin/aptitude && failed "IS_APTITUDE" "aptitude may not be installed on Debian >=8"
|
test -e /usr/bin/aptitude && failed "IS_APTITUDE" "aptitude may not be installed on Debian >=8"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_aptgetbak() {
|
check_aptgetbak() {
|
||||||
if is_debian_jessie || is_debian_stretch || is_debian_buster; then
|
if is_debian_jessie || is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||||
test -e /usr/bin/apt-get.bak && failed "IS_APTGETBAK" "missing dpkg-divert apt-get.bak"
|
test -e /usr/bin/apt-get.bak && failed "IS_APTGETBAK" "prohibit the installation of apt-get.bak with dpkg-divert(1)"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_apticron() {
|
check_apticron() {
|
||||||
|
@ -276,7 +295,7 @@ check_mountfstab() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_listchangesconf() {
|
check_listchangesconf() {
|
||||||
if is_debian_stretch || is_debian_buster; then
|
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||||
if is_installed apt-listchanges; then
|
if is_installed apt-listchanges; then
|
||||||
failed "IS_LISTCHANGESCONF" "apt-listchanges must not be installed on Debian >=9"
|
failed "IS_LISTCHANGESCONF" "apt-listchanges must not be installed on Debian >=9"
|
||||||
fi
|
fi
|
||||||
|
@ -296,7 +315,7 @@ check_customcrontab() {
|
||||||
test "$found_lines" = 4 && failed "IS_CUSTOMCRONTAB" "missing custom field in crontab"
|
test "$found_lines" = 4 && failed "IS_CUSTOMCRONTAB" "missing custom field in crontab"
|
||||||
}
|
}
|
||||||
check_sshallowusers() {
|
check_sshallowusers() {
|
||||||
grep -E -qi "(AllowUsers|AllowGroups)" /etc/ssh/sshd_config \
|
grep -E -qir "(AllowUsers|AllowGroups)" /etc/ssh/sshd_config /etc/ssh/sshd_config.d \
|
||||||
|| failed "IS_SSHALLOWUSERS" "missing AllowUsers or AllowGroups directive in sshd_config"
|
|| failed "IS_SSHALLOWUSERS" "missing AllowUsers or AllowGroups directive in sshd_config"
|
||||||
}
|
}
|
||||||
check_diskperf() {
|
check_diskperf() {
|
||||||
|
@ -307,7 +326,7 @@ check_tmoutprofile() {
|
||||||
grep -sq "TMOUT=" /etc/profile /etc/profile.d/evolinux.sh || failed "IS_TMOUTPROFILE" "TMOUT is not set"
|
grep -sq "TMOUT=" /etc/profile /etc/profile.d/evolinux.sh || failed "IS_TMOUTPROFILE" "TMOUT is not set"
|
||||||
}
|
}
|
||||||
check_alert5boot() {
|
check_alert5boot() {
|
||||||
if is_debian_buster; then
|
if is_debian_buster || is_debian_bullseye; then
|
||||||
grep -qs "^date" /usr/share/scripts/alert5.sh || failed "IS_ALERT5BOOT" "boot mail is not sent by alert5 init script"
|
grep -qs "^date" /usr/share/scripts/alert5.sh || failed "IS_ALERT5BOOT" "boot mail is not sent by alert5 init script"
|
||||||
test -f /etc/systemd/system/alert5.service || failed "IS_ALERT5BOOT" "alert5 unit file is missing"
|
test -f /etc/systemd/system/alert5.service || failed "IS_ALERT5BOOT" "alert5 unit file is missing"
|
||||||
systemctl is-enabled alert5 -q || failed "IS_ALERT5BOOT" "alert5 unit is not enabled"
|
systemctl is-enabled alert5 -q || failed "IS_ALERT5BOOT" "alert5 unit is not enabled"
|
||||||
|
@ -320,7 +339,7 @@ check_alert5boot() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_alert5minifw() {
|
check_alert5minifw() {
|
||||||
if is_debian_buster; then
|
if is_debian_buster || is_debian_bullseye; then
|
||||||
grep -qs "^/etc/init.d/minifirewall" /usr/share/scripts/alert5.sh \
|
grep -qs "^/etc/init.d/minifirewall" /usr/share/scripts/alert5.sh \
|
||||||
|| failed "IS_ALERT5MINIFW" "Minifirewall is not started by alert5 script or script is missing"
|
|| failed "IS_ALERT5MINIFW" "Minifirewall is not started by alert5 script or script is missing"
|
||||||
else
|
else
|
||||||
|
@ -336,6 +355,13 @@ check_minifw() {
|
||||||
/sbin/iptables -L -n | grep -q -E "^ACCEPT\s*all\s*--\s*31\.170\.8\.4\s*0\.0\.0\.0/0\s*$" \
|
/sbin/iptables -L -n | grep -q -E "^ACCEPT\s*all\s*--\s*31\.170\.8\.4\s*0\.0\.0\.0/0\s*$" \
|
||||||
|| failed "IS_MINIFW" "minifirewall seems not starded"
|
|| failed "IS_MINIFW" "minifirewall seems not starded"
|
||||||
}
|
}
|
||||||
|
check_minifw_includes() {
|
||||||
|
if is_debian_bullseye; then
|
||||||
|
if grep -q -e '/sbin/iptables' -e '/sbin/ip6tables' "${MINIFW_FILE}"; then
|
||||||
|
failed "IS_MINIFWINCLUDES" "minifirewall has direct iptables invocations in ${MINIFW_FILE} that should go in /etc/minifirewall.d/"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
check_nrpeperms() {
|
check_nrpeperms() {
|
||||||
if [ -d /etc/nagios ]; then
|
if [ -d /etc/nagios ]; then
|
||||||
nagiosDir="/etc/nagios"
|
nagiosDir="/etc/nagios"
|
||||||
|
@ -357,7 +383,11 @@ check_nrpedisks() {
|
||||||
test "$NRPEDISKS" = "$DFDISKS" || failed "IS_NRPEDISKS" "there must be $DFDISKS check_disk in nrpe.cfg"
|
test "$NRPEDISKS" = "$DFDISKS" || failed "IS_NRPEDISKS" "there must be $DFDISKS check_disk in nrpe.cfg"
|
||||||
}
|
}
|
||||||
check_nrpepid() {
|
check_nrpepid() {
|
||||||
if ! is_debian_squeeze; then
|
if is_debian_bullseye; then
|
||||||
|
{ test -e /etc/nagios/nrpe.cfg \
|
||||||
|
&& grep -q "^pid_file=/run/nagios/nrpe.pid" /etc/nagios/nrpe.cfg;
|
||||||
|
} || failed "IS_NRPEPID" "missing or wrong pid_file directive in nrpe.cfg"
|
||||||
|
elif ! is_debian_squeeze; then
|
||||||
{ test -e /etc/nagios/nrpe.cfg \
|
{ test -e /etc/nagios/nrpe.cfg \
|
||||||
&& grep -q "^pid_file=/var/run/nagios/nrpe.pid" /etc/nagios/nrpe.cfg;
|
&& grep -q "^pid_file=/var/run/nagios/nrpe.pid" /etc/nagios/nrpe.cfg;
|
||||||
} || failed "IS_NRPEPID" "missing or wrong pid_file directive in nrpe.cfg"
|
} || failed "IS_NRPEPID" "missing or wrong pid_file directive in nrpe.cfg"
|
||||||
|
@ -372,7 +402,7 @@ check_grsecprocs() {
|
||||||
}
|
}
|
||||||
check_apachemunin() {
|
check_apachemunin() {
|
||||||
if test -e /etc/apache2/apache2.conf; then
|
if test -e /etc/apache2/apache2.conf; then
|
||||||
if is_debian_stretch || is_debian_buster; then
|
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||||
{ test -h /etc/apache2/mods-enabled/status.load \
|
{ test -h /etc/apache2/mods-enabled/status.load \
|
||||||
&& test -h /etc/munin/plugins/apache_accesses \
|
&& test -h /etc/munin/plugins/apache_accesses \
|
||||||
&& test -h /etc/munin/plugins/apache_processes \
|
&& test -h /etc/munin/plugins/apache_processes \
|
||||||
|
@ -392,17 +422,20 @@ check_apachemunin() {
|
||||||
check_mysqlutils() {
|
check_mysqlutils() {
|
||||||
MYSQL_ADMIN=${MYSQL_ADMIN:-mysqladmin}
|
MYSQL_ADMIN=${MYSQL_ADMIN:-mysqladmin}
|
||||||
if is_installed mysql-server; then
|
if is_installed mysql-server; then
|
||||||
# You can configure MYSQL_ADMIN in evocheck.cf
|
# With Debian 11 and later, root can connect to MariaDB with the socket
|
||||||
if ! grep -qs "$MYSQL_ADMIN" /root/.my.cnf; then
|
if is_debian_wheezy || is_debian_jessie || is_debian_stretch || is_debian_buster; then
|
||||||
failed "IS_MYSQLUTILS" "mysqladmin missing in /root/.my.cnf"
|
# You can configure MYSQL_ADMIN in evocheck.cf
|
||||||
|
if ! grep -qs "^user *= *${MYSQL_ADMIN}" /root/.my.cnf; then
|
||||||
|
failed "IS_MYSQLUTILS" "${MYSQL_ADMIN} missing in /root/.my.cnf"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
if ! test -x /usr/bin/mytop; then
|
if ! test -x /usr/bin/mytop; then
|
||||||
if ! test -x /usr/local/bin/mytop; then
|
if ! test -x /usr/local/bin/mytop; then
|
||||||
failed "IS_MYSQLUTILS" "mytop binary missing"
|
failed "IS_MYSQLUTILS" "mytop binary missing"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
if ! grep -qs debian-sys-maint /root/.mytop; then
|
if ! grep -qs '^user *=' /root/.mytop; then
|
||||||
failed "IS_MYSQLUTILS" "debian-sys-maint missing in /root/.mytop"
|
failed "IS_MYSQLUTILS" "credentials missing in /root/.mytop"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
@ -431,7 +464,7 @@ check_muninlogrotate() {
|
||||||
}
|
}
|
||||||
# Verification de l'activation de Squid dans le cas d'un pack mail
|
# Verification de l'activation de Squid dans le cas d'un pack mail
|
||||||
check_squid() {
|
check_squid() {
|
||||||
if is_debian_stretch || is_debian_buster; then
|
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||||
squidconffile="/etc/squid/evolinux-custom.conf"
|
squidconffile="/etc/squid/evolinux-custom.conf"
|
||||||
else
|
else
|
||||||
squidconffile="/etc/squid*/squid.conf"
|
squidconffile="/etc/squid*/squid.conf"
|
||||||
|
@ -444,7 +477,8 @@ check_squid() {
|
||||||
&& grep -qE "^[^#]*iptables -t nat -A OUTPUT -p tcp --dport 80 -d $host -j ACCEPT" "$MINIFW_FILE" \
|
&& grep -qE "^[^#]*iptables -t nat -A OUTPUT -p tcp --dport 80 -d $host -j ACCEPT" "$MINIFW_FILE" \
|
||||||
&& grep -qE "^[^#]*iptables -t nat -A OUTPUT -p tcp --dport 80 -d 127.0.0.(1|0/8) -j ACCEPT" "$MINIFW_FILE" \
|
&& grep -qE "^[^#]*iptables -t nat -A OUTPUT -p tcp --dport 80 -d 127.0.0.(1|0/8) -j ACCEPT" "$MINIFW_FILE" \
|
||||||
&& grep -qE "^[^#]*iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port.* $http_port" "$MINIFW_FILE";
|
&& grep -qE "^[^#]*iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port.* $http_port" "$MINIFW_FILE";
|
||||||
} || failed "IS_SQUID" "missing squid rules in minifirewall"
|
} || grep -qE "^PROXY='?on'?" "$MINIFW_FILE" \
|
||||||
|
|| failed "IS_SQUID" "missing squid rules in minifirewall"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_evomaintenance_fw() {
|
check_evomaintenance_fw() {
|
||||||
|
@ -473,7 +507,7 @@ check_log2mailrunning() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_log2mailapache() {
|
check_log2mailapache() {
|
||||||
if is_debian_stretch || is_debian_buster; then
|
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||||
conf=/etc/log2mail/config/apache
|
conf=/etc/log2mail/config/apache
|
||||||
else
|
else
|
||||||
conf=/etc/log2mail/config/default
|
conf=/etc/log2mail/config/default
|
||||||
|
@ -532,10 +566,10 @@ check_network_interfaces() {
|
||||||
}
|
}
|
||||||
# Verify if all if are in auto
|
# Verify if all if are in auto
|
||||||
check_autoif() {
|
check_autoif() {
|
||||||
if is_debian_stretch || is_debian_buster; then
|
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||||
interfaces=$(/sbin/ip address show up | grep "^[0-9]*:" | grep -E -v "(lo|vnet|docker|veth|tun|tap|macvtap)" | cut -d " " -f 2 | tr -d : | cut -d@ -f1 | tr "\n" " ")
|
interfaces=$(/sbin/ip address show up | grep "^[0-9]*:" | grep -E -v "(lo|vnet|docker|veth|tun|tap|macvtap|vrrp)" | cut -d " " -f 2 | tr -d : | cut -d@ -f1 | tr "\n" " ")
|
||||||
else
|
else
|
||||||
interfaces=$(/sbin/ifconfig -s | tail -n +2 | grep -E -v "^(lo|vnet|docker|veth|tun|tap|macvtap)" | cut -d " " -f 1 |tr "\n" " ")
|
interfaces=$(/sbin/ifconfig -s | tail -n +2 | grep -E -v "^(lo|vnet|docker|veth|tun|tap|macvtap|vrrp)" | cut -d " " -f 1 |tr "\n" " ")
|
||||||
fi
|
fi
|
||||||
for interface in $interfaces; do
|
for interface in $interfaces; do
|
||||||
if ! grep -q "^auto $interface" /etc/network/interfaces; then
|
if ! grep -q "^auto $interface" /etc/network/interfaces; then
|
||||||
|
@ -569,6 +603,7 @@ check_evobackup_exclude_mount() {
|
||||||
failed "IS_EVOBACKUP_EXCLUDE_MOUNT" "${mount} is not excluded from ${evobackup_file} backup script"
|
failed "IS_EVOBACKUP_EXCLUDE_MOUNT" "${mount} is not excluded from ${evobackup_file} backup script"
|
||||||
done
|
done
|
||||||
done
|
done
|
||||||
|
rm -rf "${excludes_file}"
|
||||||
}
|
}
|
||||||
# Verification de la presence du userlogrotate
|
# Verification de la presence du userlogrotate
|
||||||
check_userlogrotate() {
|
check_userlogrotate() {
|
||||||
|
@ -681,6 +716,7 @@ check_backupuptodate() {
|
||||||
backup_dir="/home/backup"
|
backup_dir="/home/backup"
|
||||||
if [ -d "${backup_dir}" ]; then
|
if [ -d "${backup_dir}" ]; then
|
||||||
if [ -n "$(ls -A ${backup_dir})" ]; then
|
if [ -n "$(ls -A ${backup_dir})" ]; then
|
||||||
|
# shellcheck disable=SC2231
|
||||||
for file in ${backup_dir}/*; do
|
for file in ${backup_dir}/*; do
|
||||||
limit=$(date +"%s" -d "now - 2 day")
|
limit=$(date +"%s" -d "now - 2 day")
|
||||||
updated_at=$(stat -c "%Y" "$file")
|
updated_at=$(stat -c "%Y" "$file")
|
||||||
|
@ -771,7 +807,7 @@ check_tune2fs_m5() {
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
check_evolinuxsudogroup() {
|
check_evolinuxsudogroup() {
|
||||||
if is_debian_stretch || is_debian_buster; then
|
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||||
if grep -q "^evolinux-sudo:" /etc/group; then
|
if grep -q "^evolinux-sudo:" /etc/group; then
|
||||||
grep -qE '^%evolinux-sudo +ALL ?= ?\(ALL:ALL\) ALL' /etc/sudoers.d/evolinux \
|
grep -qE '^%evolinux-sudo +ALL ?= ?\(ALL:ALL\) ALL' /etc/sudoers.d/evolinux \
|
||||||
|| failed "IS_EVOLINUXSUDOGROUP" "missing evolinux-sudo directive in sudoers file"
|
|| failed "IS_EVOLINUXSUDOGROUP" "missing evolinux-sudo directive in sudoers file"
|
||||||
|
@ -779,7 +815,7 @@ check_evolinuxsudogroup() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_userinadmgroup() {
|
check_userinadmgroup() {
|
||||||
if is_debian_stretch || is_debian_buster; then
|
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||||
users=$(grep "^evolinux-sudo:" /etc/group | awk -F: '{print $4}' | tr ',' ' ')
|
users=$(grep "^evolinux-sudo:" /etc/group | awk -F: '{print $4}' | tr ',' ' ')
|
||||||
for user in $users; do
|
for user in $users; do
|
||||||
if ! groups "$user" | grep -q adm; then
|
if ! groups "$user" | grep -q adm; then
|
||||||
|
@ -790,7 +826,7 @@ check_userinadmgroup() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_apache2evolinuxconf() {
|
check_apache2evolinuxconf() {
|
||||||
if is_debian_stretch || is_debian_buster; then
|
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||||
if test -d /etc/apache2; then
|
if test -d /etc/apache2; then
|
||||||
{ test -L /etc/apache2/conf-enabled/z-evolinux-defaults.conf \
|
{ test -L /etc/apache2/conf-enabled/z-evolinux-defaults.conf \
|
||||||
&& test -L /etc/apache2/conf-enabled/zzz-evolinux-custom.conf \
|
&& test -L /etc/apache2/conf-enabled/zzz-evolinux-custom.conf \
|
||||||
|
@ -800,7 +836,7 @@ check_apache2evolinuxconf() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_backportsconf() {
|
check_backportsconf() {
|
||||||
if is_debian_stretch || is_debian_buster; then
|
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||||
grep -qsE "^[^#].*backports" /etc/apt/sources.list \
|
grep -qsE "^[^#].*backports" /etc/apt/sources.list \
|
||||||
&& failed "IS_BACKPORTSCONF" "backports can't be in main sources list"
|
&& failed "IS_BACKPORTSCONF" "backports can't be in main sources list"
|
||||||
if grep -qsE "^[^#].*backports" /etc/apt/sources.list.d/*.list; then
|
if grep -qsE "^[^#].*backports" /etc/apt/sources.list.d/*.list; then
|
||||||
|
@ -810,7 +846,7 @@ check_backportsconf() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_bind9munin() {
|
check_bind9munin() {
|
||||||
if is_debian_stretch || is_debian_buster; then
|
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||||
if is_installed bind9; then
|
if is_installed bind9; then
|
||||||
{ test -L /etc/munin/plugins/bind9 \
|
{ test -L /etc/munin/plugins/bind9 \
|
||||||
&& test -e /etc/munin/plugin-conf.d/bind9;
|
&& test -e /etc/munin/plugin-conf.d/bind9;
|
||||||
|
@ -819,7 +855,7 @@ check_bind9munin() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_bind9logrotate() {
|
check_bind9logrotate() {
|
||||||
if is_debian_stretch || is_debian_buster; then
|
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||||
if is_installed bind9; then
|
if is_installed bind9; then
|
||||||
test -e /etc/logrotate.d/bind9 || failed "IS_BIND9LOGROTATE" "missing bind logrotate file"
|
test -e /etc/logrotate.d/bind9 || failed "IS_BIND9LOGROTATE" "missing bind logrotate file"
|
||||||
fi
|
fi
|
||||||
|
@ -840,7 +876,7 @@ check_broadcomfirmware() {
|
||||||
check_hardwareraidtool() {
|
check_hardwareraidtool() {
|
||||||
LSPCI_BIN=$(command -v lspci)
|
LSPCI_BIN=$(command -v lspci)
|
||||||
if [ -x "${LSPCI_BIN}" ]; then
|
if [ -x "${LSPCI_BIN}" ]; then
|
||||||
if ${LSPCI_BIN} | grep -q 'MegaRAID SAS'; then
|
if ${LSPCI_BIN} | grep -q 'MegaRAID'; then
|
||||||
# shellcheck disable=SC2015
|
# shellcheck disable=SC2015
|
||||||
is_installed megacli && { is_installed megaclisas-status || is_installed megaraidsas-status; } \
|
is_installed megacli && { is_installed megaclisas-status || is_installed megaraidsas-status; } \
|
||||||
|| failed "IS_HARDWARERAIDTOOL" "Mega tools not found"
|
|| failed "IS_HARDWARERAIDTOOL" "Mega tools not found"
|
||||||
|
@ -853,7 +889,7 @@ check_hardwareraidtool() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_log2mailsystemdunit() {
|
check_log2mailsystemdunit() {
|
||||||
if is_debian_stretch || is_debian_buster; then
|
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||||
systemctl -q is-active log2mail.service \
|
systemctl -q is-active log2mail.service \
|
||||||
|| failed "IS_LOG2MAILSYSTEMDUNIT" "log2mail unit not running"
|
|| failed "IS_LOG2MAILSYSTEMDUNIT" "log2mail unit not running"
|
||||||
test -f /etc/systemd/system/log2mail.service \
|
test -f /etc/systemd/system/log2mail.service \
|
||||||
|
@ -869,7 +905,7 @@ check_listupgrade() {
|
||||||
|| failed "IS_LISTUPGRADE" "missing listupgrade script or not executable"
|
|| failed "IS_LISTUPGRADE" "missing listupgrade script or not executable"
|
||||||
}
|
}
|
||||||
check_mariadbevolinuxconf() {
|
check_mariadbevolinuxconf() {
|
||||||
if is_debian_stretch || is_debian_buster; then
|
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||||
if is_installed mariadb-server; then
|
if is_installed mariadb-server; then
|
||||||
{ test -f /etc/mysql/mariadb.conf.d/z-evolinux-defaults.cnf \
|
{ test -f /etc/mysql/mariadb.conf.d/z-evolinux-defaults.cnf \
|
||||||
&& test -f /etc/mysql/mariadb.conf.d/zzz-evolinux-custom.cnf;
|
&& test -f /etc/mysql/mariadb.conf.d/zzz-evolinux-custom.cnf;
|
||||||
|
@ -945,6 +981,7 @@ check_elastic_backup() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_mariadbsystemdunit() {
|
check_mariadbsystemdunit() {
|
||||||
|
# TODO: check if it is still needed for bullseye
|
||||||
if is_debian_stretch || is_debian_buster; then
|
if is_debian_stretch || is_debian_buster; then
|
||||||
if is_installed mariadb-server; then
|
if is_installed mariadb-server; then
|
||||||
if systemctl -q is-active mariadb.service; then
|
if systemctl -q is-active mariadb.service; then
|
||||||
|
@ -955,7 +992,7 @@ check_mariadbsystemdunit() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_mysqlmunin() {
|
check_mysqlmunin() {
|
||||||
if is_debian_stretch || is_debian_buster; then
|
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||||
if is_installed mariadb-server; then
|
if is_installed mariadb-server; then
|
||||||
for file in mysql_bytes mysql_queries mysql_slowqueries \
|
for file in mysql_bytes mysql_queries mysql_slowqueries \
|
||||||
mysql_threads mysql_connections mysql_files_tables \
|
mysql_threads mysql_connections mysql_files_tables \
|
||||||
|
@ -973,7 +1010,7 @@ check_mysqlmunin() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_mysqlnrpe() {
|
check_mysqlnrpe() {
|
||||||
if is_debian_stretch || is_debian_buster; then
|
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||||
if is_installed mariadb-server; then
|
if is_installed mariadb-server; then
|
||||||
nagios_file=~nagios/.my.cnf
|
nagios_file=~nagios/.my.cnf
|
||||||
if ! test -f ${nagios_file}; then
|
if ! test -f ${nagios_file}; then
|
||||||
|
@ -989,9 +1026,10 @@ check_mysqlnrpe() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_phpevolinuxconf() {
|
check_phpevolinuxconf() {
|
||||||
if is_debian_stretch || is_debian_buster; then
|
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||||
is_debian_stretch && phpVersion="7.0"
|
is_debian_stretch && phpVersion="7.0"
|
||||||
is_debian_buster && phpVersion="7.3"
|
is_debian_buster && phpVersion="7.3"
|
||||||
|
is_debian_bullseye && phpVersion="7.4"
|
||||||
if is_installed php; then
|
if is_installed php; then
|
||||||
{ test -f /etc/php/${phpVersion}/cli/conf.d/z-evolinux-defaults.ini \
|
{ test -f /etc/php/${phpVersion}/cli/conf.d/z-evolinux-defaults.ini \
|
||||||
&& test -f /etc/php/${phpVersion}/cli/conf.d/zzz-evolinux-custom.ini
|
&& test -f /etc/php/${phpVersion}/cli/conf.d/zzz-evolinux-custom.ini
|
||||||
|
@ -1000,15 +1038,15 @@ check_phpevolinuxconf() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_squidlogrotate() {
|
check_squidlogrotate() {
|
||||||
if is_debian_stretch || is_debian_buster; then
|
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||||
if is_installed squid; then
|
if is_installed squid; then
|
||||||
grep -q monthly /etc/logrotate.d/squid \
|
grep -q -e monthly -e daily /etc/logrotate.d/squid \
|
||||||
|| failed "IS_SQUIDLOGROTATE" "missing squid logrotate file"
|
|| failed "IS_SQUIDLOGROTATE" "missing squid logrotate file"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_squidevolinuxconf() {
|
check_squidevolinuxconf() {
|
||||||
if is_debian_stretch || is_debian_buster; then
|
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||||
if is_installed squid; then
|
if is_installed squid; then
|
||||||
{ grep -qs "^CONFIG=/etc/squid/evolinux-defaults.conf$" /etc/default/squid \
|
{ grep -qs "^CONFIG=/etc/squid/evolinux-defaults.conf$" /etc/default/squid \
|
||||||
&& test -f /etc/squid/evolinux-defaults.conf \
|
&& test -f /etc/squid/evolinux-defaults.conf \
|
||||||
|
@ -1044,7 +1082,7 @@ check_duplicate_fs_label() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_evolix_user() {
|
check_evolix_user() {
|
||||||
grep -q "evolix:" /etc/passwd \
|
grep -q -E "^evolix:" /etc/passwd \
|
||||||
&& failed "IS_EVOLIX_USER" "evolix user should be deleted, used only for install"
|
&& failed "IS_EVOLIX_USER" "evolix user should be deleted, used only for install"
|
||||||
}
|
}
|
||||||
check_evoacme_cron() {
|
check_evoacme_cron() {
|
||||||
|
@ -1083,7 +1121,7 @@ check_apache_confenabled() {
|
||||||
# Starting from Jessie and Apache 2.4, /etc/apache2/conf.d/
|
# Starting from Jessie and Apache 2.4, /etc/apache2/conf.d/
|
||||||
# must be replaced by conf-available/ and config files symlinked
|
# must be replaced by conf-available/ and config files symlinked
|
||||||
# to conf-enabled/
|
# to conf-enabled/
|
||||||
if is_debian_jessie || is_debian_stretch || is_debian_buster; then
|
if is_debian_jessie || is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||||
if [ -f /etc/apache2/apache2.conf ]; then
|
if [ -f /etc/apache2/apache2.conf ]; then
|
||||||
test -d /etc/apache2/conf.d/ \
|
test -d /etc/apache2/conf.d/ \
|
||||||
&& failed "IS_APACHE_CONFENABLED" "apache's conf.d directory must not exists"
|
&& failed "IS_APACHE_CONFENABLED" "apache's conf.d directory must not exists"
|
||||||
|
@ -1095,7 +1133,7 @@ check_apache_confenabled() {
|
||||||
check_meltdown_spectre() {
|
check_meltdown_spectre() {
|
||||||
# For Stretch, detection is easy as the kernel use
|
# For Stretch, detection is easy as the kernel use
|
||||||
# /sys/devices/system/cpu/vulnerabilities/
|
# /sys/devices/system/cpu/vulnerabilities/
|
||||||
if is_debian_stretch || is_debian_buster; then
|
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||||
for vuln in meltdown spectre_v1 spectre_v2; do
|
for vuln in meltdown spectre_v1 spectre_v2; do
|
||||||
test -f "/sys/devices/system/cpu/vulnerabilities/$vuln" \
|
test -f "/sys/devices/system/cpu/vulnerabilities/$vuln" \
|
||||||
|| failed "IS_MELTDOWN_SPECTRE" "vulnerable to $vuln"
|
|| failed "IS_MELTDOWN_SPECTRE" "vulnerable to $vuln"
|
||||||
|
@ -1148,7 +1186,7 @@ check_usrsharescripts() {
|
||||||
test "$expected" = "$actual" || failed "IS_USRSHARESCRIPTS" "/usr/share/scripts must be $expected"
|
test "$expected" = "$actual" || failed "IS_USRSHARESCRIPTS" "/usr/share/scripts must be $expected"
|
||||||
}
|
}
|
||||||
check_sshpermitrootno() {
|
check_sshpermitrootno() {
|
||||||
if is_debian_stretch || is_debian_buster; then
|
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||||
if grep -q "^PermitRoot" /etc/ssh/sshd_config; then
|
if grep -q "^PermitRoot" /etc/ssh/sshd_config; then
|
||||||
grep -E -qi "PermitRoot.*no" /etc/ssh/sshd_config \
|
grep -E -qi "PermitRoot.*no" /etc/ssh/sshd_config \
|
||||||
|| failed "IS_SSHPERMITROOTNO" "PermitRoot should be set at no"
|
|| failed "IS_SSHPERMITROOTNO" "PermitRoot should be set at no"
|
||||||
|
@ -1159,7 +1197,7 @@ check_sshpermitrootno() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
check_evomaintenanceusers() {
|
check_evomaintenanceusers() {
|
||||||
if is_debian_stretch || is_debian_buster; then
|
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||||
users=$(getent group evolinux-sudo | cut -d':' -f4 | tr ',' ' ')
|
users=$(getent group evolinux-sudo | cut -d':' -f4 | tr ',' ' ')
|
||||||
else
|
else
|
||||||
if [ -f /etc/sudoers.d/evolinux ]; then
|
if [ -f /etc/sudoers.d/evolinux ]; then
|
||||||
|
@ -1295,6 +1333,154 @@ check_nginx_letsencrypt_uptodate() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
check_lxc_container_resolv_conf() {
|
||||||
|
if is_installed lxc; then
|
||||||
|
container_list=$(lxc-ls)
|
||||||
|
current_resolvers=$(grep nameserver /etc/resolv.conf | sed 's/nameserver//g' )
|
||||||
|
|
||||||
|
for container in $container_list; do
|
||||||
|
if [ -f "/var/lib/lxc/${container}/rootfs/etc/resolv.conf" ]; then
|
||||||
|
|
||||||
|
while read -r resolver; do
|
||||||
|
if ! grep -qE "^nameserver\s+${resolver}" "/var/lib/lxc/${container}/rootfs/etc/resolv.conf"; then
|
||||||
|
failed "IS_LXC_CONTAINER_RESOLV_CONF" "resolv.conf miss-match beween host and container : missing nameserver ${resolver} in container ${container} resolv.conf"
|
||||||
|
fi
|
||||||
|
done <<< "${current_resolvers}"
|
||||||
|
|
||||||
|
else
|
||||||
|
failed "IS_LXC_CONTAINER_RESOLV_CONF" "resolv.conf missing in container ${container}"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
download_versions() {
|
||||||
|
local file
|
||||||
|
file=${1:-}
|
||||||
|
|
||||||
|
## The file is supposed to list programs : each on a line, then its latest version number
|
||||||
|
## Examples:
|
||||||
|
# evoacme 21.06
|
||||||
|
# evomaintenance 0.6.4
|
||||||
|
|
||||||
|
if is_debian; then
|
||||||
|
versions_url="https://upgrades.evolix.org/versions-${DEBIAN_RELEASE}"
|
||||||
|
elif is_openbsd; then
|
||||||
|
versions_url="https://upgrades.evolix.org/versions-${OPENBSD_RELEASE}"
|
||||||
|
else
|
||||||
|
failed "IS_VERSIONS_CHECK" "error determining os release"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# fetch timeout, in seconds
|
||||||
|
timeout=10
|
||||||
|
|
||||||
|
if command -v curl > /dev/null; then
|
||||||
|
curl --max-time ${timeout} --fail --silent --output "${versions_file}" "${versions_url}"
|
||||||
|
elif command -v wget > /dev/null; then
|
||||||
|
wget --timeout=${timeout} --quiet "${versions_url}" -O "${versions_file}"
|
||||||
|
elif command -v GET; then
|
||||||
|
GET -t ${timeout}s "${versions_url}" > "${versions_file}"
|
||||||
|
else
|
||||||
|
failed "IS_VERSIONS_CHECK" "failed to find curl, wget or GET"
|
||||||
|
fi
|
||||||
|
test "$?" -eq 0 || failed "IS_VERSIONS_CHECK" "failed to download ${versions_url} to ${versions_file}"
|
||||||
|
}
|
||||||
|
get_command() {
|
||||||
|
local program
|
||||||
|
program=${1:-}
|
||||||
|
|
||||||
|
case "${program}" in
|
||||||
|
## Special cases where the program name is different than the command name
|
||||||
|
evocheck) echo "${0}" ;;
|
||||||
|
evomaintenance) command -v "evomaintenance.sh" ;;
|
||||||
|
listupgrade) command -v "evolistupgrade.sh" ;;
|
||||||
|
old-kernel-autoremoval) command -v "old-kernel-autoremoval.sh" ;;
|
||||||
|
mysql-queries-killer) command -v "mysql-queries-killer.sh" ;;
|
||||||
|
|
||||||
|
## General case, where the program name is the same as the command name
|
||||||
|
*) command -v "${program}" ;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
get_version() {
|
||||||
|
local program
|
||||||
|
local command
|
||||||
|
program=${1:-}
|
||||||
|
command=${2:-}
|
||||||
|
|
||||||
|
case "${program}" in
|
||||||
|
## Special case if `command --version => 'command` is not the standard way to get the version
|
||||||
|
# my_command)
|
||||||
|
# /path/to/my_command --get-version
|
||||||
|
# ;;
|
||||||
|
|
||||||
|
add-vm)
|
||||||
|
grep '^VERSION=' "${command}" | head -1 | cut -d '=' -f 2
|
||||||
|
;;
|
||||||
|
## Let's try the --version flag before falling back to grep for the constant
|
||||||
|
kvmstats)
|
||||||
|
if ${command} --version > /dev/null 2> /dev/null; then
|
||||||
|
${command} --version 2> /dev/null | head -1 | cut -d ' ' -f 3
|
||||||
|
else
|
||||||
|
grep '^VERSION=' "${command}" | head -1 | cut -d '=' -f 2
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
|
||||||
|
## General case to get the version
|
||||||
|
*) ${command} --version 2> /dev/null | head -1 | cut -d ' ' -f 3 ;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
check_version() {
|
||||||
|
local program
|
||||||
|
local expected_version
|
||||||
|
program=${1:-}
|
||||||
|
expected_version=${2:-}
|
||||||
|
|
||||||
|
command=$(get_command "${program}")
|
||||||
|
if [ -n "${command}" ]; then
|
||||||
|
# shellcheck disable=SC2086
|
||||||
|
actual_version=$(get_version "${program}" "${command}")
|
||||||
|
# printf "program:%s expected:%s actual:%s\n" "${program}" "${expected_version}" "${actual_version}"
|
||||||
|
if [ -z "${actual_version}" ]; then
|
||||||
|
failed "IS_VERSIONS_CHECK" "failed to lookup actual version of ${program}"
|
||||||
|
elif dpkg --compare-versions "${actual_version}" lt "${expected_version}"; then
|
||||||
|
failed "IS_VERSIONS_CHECK" "${program} version ${actual_version} is older than expected version ${expected_version}"
|
||||||
|
elif dpkg --compare-versions "${actual_version}" gt "${expected_version}"; then
|
||||||
|
failed "IS_VERSIONS_CHECK" "${program} version ${actual_version} is newer than expected version ${expected_version}, you should update tour index."
|
||||||
|
else
|
||||||
|
: # Version check OK
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
add_to_path() {
|
||||||
|
local new_path
|
||||||
|
new_path=${1:-}
|
||||||
|
|
||||||
|
echo "$PATH" | grep -qF "${new_path}" || export PATH="${PATH}:${new_path}"
|
||||||
|
}
|
||||||
|
check_versions() {
|
||||||
|
versions_file=$(mktemp --tmpdir=/tmp "evocheck-versions.XXXXX")
|
||||||
|
# shellcheck disable=SC2064
|
||||||
|
trap "rm -f ${versions_file}" 0
|
||||||
|
download_versions "${versions_file}"
|
||||||
|
add_to_path "/usr/share/scripts"
|
||||||
|
|
||||||
|
grep -v '^ *#' < "${versions_file}" | while IFS= read -r line; do
|
||||||
|
local program
|
||||||
|
local version
|
||||||
|
program=$(echo "${line}" | cut -d ' ' -f 1)
|
||||||
|
version=$(echo "${line}" | cut -d ' ' -f 2)
|
||||||
|
|
||||||
|
if [ -n "${program}" ]; then
|
||||||
|
if [ -n "${version}" ]; then
|
||||||
|
check_version "${program}" "${version}"
|
||||||
|
else
|
||||||
|
failed "IS_VERSIONS_CHECK" "failed to lookup expected version for ${program}"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
rm -f "${versions_file}"
|
||||||
|
}
|
||||||
|
|
||||||
main() {
|
main() {
|
||||||
# Default return code : 0 = no error
|
# Default return code : 0 = no error
|
||||||
RC=0
|
RC=0
|
||||||
|
@ -1349,6 +1535,8 @@ main() {
|
||||||
test "${IS_ALERT5MINIFW:=1}" = 1 && test "${IS_MINIFW:=1}" = 1 && check_minifw
|
test "${IS_ALERT5MINIFW:=1}" = 1 && test "${IS_MINIFW:=1}" = 1 && check_minifw
|
||||||
test "${IS_NRPEPERMS:=1}" = 1 && check_nrpeperms
|
test "${IS_NRPEPERMS:=1}" = 1 && check_nrpeperms
|
||||||
test "${IS_MINIFWPERMS:=1}" = 1 && check_minifwperms
|
test "${IS_MINIFWPERMS:=1}" = 1 && check_minifwperms
|
||||||
|
# Enable when minifirewall is released
|
||||||
|
test "${IS_MINIFWINCLUDES:=0}" = 1 && check_minifw_includes
|
||||||
test "${IS_NRPEDISKS:=0}" = 1 && check_nrpedisks
|
test "${IS_NRPEDISKS:=0}" = 1 && check_nrpedisks
|
||||||
test "${IS_NRPEPID:=1}" = 1 && check_nrpepid
|
test "${IS_NRPEPID:=1}" = 1 && check_nrpepid
|
||||||
test "${IS_GRSECPROCS:=1}" = 1 && check_grsecprocs
|
test "${IS_GRSECPROCS:=1}" = 1 && check_grsecprocs
|
||||||
|
@ -1421,6 +1609,8 @@ main() {
|
||||||
test "${IS_APT_VALID_UNTIL:=1}" = 1 && check_apt_valid_until
|
test "${IS_APT_VALID_UNTIL:=1}" = 1 && check_apt_valid_until
|
||||||
test "${IS_CHROOTED_BINARY_UPTODATE:=1}" = 1 && check_chrooted_binary_uptodate
|
test "${IS_CHROOTED_BINARY_UPTODATE:=1}" = 1 && check_chrooted_binary_uptodate
|
||||||
test "${IS_NGINX_LETSENCRYPT_UPTODATE:=1}" = 1 && check_nginx_letsencrypt_uptodate
|
test "${IS_NGINX_LETSENCRYPT_UPTODATE:=1}" = 1 && check_nginx_letsencrypt_uptodate
|
||||||
|
test "${IS_LXC_CONTAINER_RESOLV_CONF:=1}" = 1 && check_lxc_container_resolv_conf
|
||||||
|
test "${IS_CHECK_VERSIONS:=1}" = 1 && check_versions
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#-----------------------------------------------------------
|
#-----------------------------------------------------------
|
||||||
|
@ -1528,10 +1718,13 @@ main() {
|
||||||
exit ${RC}
|
exit ${RC}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
PROGNAME=$(basename "$0")
|
||||||
# shellcheck disable=SC2034
|
# shellcheck disable=SC2034
|
||||||
readonly PROGNAME=$(basename "$0")
|
readonly PROGNAME
|
||||||
# shellcheck disable=2124
|
|
||||||
readonly ARGS=$@
|
# shellcheck disable=SC2124
|
||||||
|
ARGS=$@
|
||||||
|
readonly ARGS
|
||||||
|
|
||||||
# Disable LANG*
|
# Disable LANG*
|
||||||
export LANG=C
|
export LANG=C
|
||||||
|
@ -1557,6 +1750,7 @@ while :; do
|
||||||
IS_KERNELUPTODATE=0
|
IS_KERNELUPTODATE=0
|
||||||
IS_UPTIME=0
|
IS_UPTIME=0
|
||||||
IS_MELTDOWN_SPECTRE=0
|
IS_MELTDOWN_SPECTRE=0
|
||||||
|
IS_CHECK_VERSIONS=0
|
||||||
;;
|
;;
|
||||||
-v|--verbose)
|
-v|--verbose)
|
||||||
VERBOSE=1
|
VERBOSE=1
|
||||||
|
|
|
@ -7,13 +7,14 @@ galaxy_info:
|
||||||
|
|
||||||
license: GPLv2
|
license: GPLv2
|
||||||
|
|
||||||
min_ansible_version: 2.2
|
min_ansible_version: "2.2"
|
||||||
|
|
||||||
platforms:
|
platforms:
|
||||||
- name: Debian
|
- name: Debian
|
||||||
versions:
|
versions:
|
||||||
- jessie
|
- jessie
|
||||||
- squeeze
|
- stretch
|
||||||
|
- buster
|
||||||
|
|
||||||
galaxy_tags: []
|
galaxy_tags: []
|
||||||
# List tags for your role here, one per line. A tag is
|
# List tags for your role here, one per line. A tag is
|
||||||
|
|
|
@ -1,7 +1,9 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Check if cron is installed
|
- name: Check if cron is installed
|
||||||
shell: "dpkg -l cron 2> /dev/null | grep -q -E '^(i|h)i'"
|
shell: "set -o pipefail && dpkg -l cron 2>/dev/null | grep -q -E '^(i|h)i'"
|
||||||
|
args:
|
||||||
|
executable: /bin/bash
|
||||||
failed_when: False
|
failed_when: False
|
||||||
changed_when: False
|
changed_when: False
|
||||||
check_mode: no
|
check_mode: no
|
||||||
|
|
|
@ -10,6 +10,6 @@
|
||||||
|
|
||||||
- debug:
|
- debug:
|
||||||
var: evocheck_run.stdout_lines
|
var: evocheck_run.stdout_lines
|
||||||
when: evocheck_run.stdout != ""
|
when: evocheck_run.stdout | length > 0
|
||||||
tags:
|
tags:
|
||||||
- evocheck-exec
|
- evocheck-exec
|
||||||
|
|
|
@ -1,5 +0,0 @@
|
||||||
---
|
|
||||||
- name: install evocheck from package
|
|
||||||
apt:
|
|
||||||
name: evocheck
|
|
||||||
state: present
|
|
|
@ -1,10 +1,13 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- include: install_local.yml
|
- name: Package install is not supported anymore
|
||||||
when: evocheck_force_install == "local"
|
fail:
|
||||||
|
msg: Package install is not supported anymore
|
||||||
|
when:
|
||||||
|
- evocheck_force_install is defined
|
||||||
|
- evocheck_force_install == "package"
|
||||||
|
|
||||||
- include: install_package.yml
|
- include: install.yml
|
||||||
when: evocheck_force_install == "package"
|
|
||||||
|
|
||||||
- include: cron.yml
|
- include: cron.yml
|
||||||
when: evocheck_update_crontab
|
when: evocheck_update_crontab | bool
|
||||||
|
|
|
@ -51,7 +51,7 @@ evolinux_kernel_include: True
|
||||||
evolinux_kernel_reboot_after_panic: True
|
evolinux_kernel_reboot_after_panic: True
|
||||||
evolinux_kernel_disable_tcp_timestamps: True
|
evolinux_kernel_disable_tcp_timestamps: True
|
||||||
evolinux_kernel_customize_swappiness: True
|
evolinux_kernel_customize_swappiness: True
|
||||||
evolinux_kernel_swappiness: 20
|
evolinux_kernel_swappiness: "20"
|
||||||
evolinux_kernel_cve20165696: True
|
evolinux_kernel_cve20165696: True
|
||||||
|
|
||||||
# fstab
|
# fstab
|
||||||
|
@ -78,6 +78,7 @@ evolinux_packages_include: True
|
||||||
evolinux_packages_system: True
|
evolinux_packages_system: True
|
||||||
evolinux_packages_diagnostic: True
|
evolinux_packages_diagnostic: True
|
||||||
evolinux_packages_hardware: True
|
evolinux_packages_hardware: True
|
||||||
|
evolinux_packages_hardware_raid: True
|
||||||
evolinux_packages_common: True
|
evolinux_packages_common: True
|
||||||
evolinux_packages_stretch: True
|
evolinux_packages_stretch: True
|
||||||
evolinux_packages_buster: True
|
evolinux_packages_buster: True
|
||||||
|
@ -89,6 +90,7 @@ evolinux_packages_invalid_mta: True
|
||||||
evolinux_packages_delete_nfs: True
|
evolinux_packages_delete_nfs: True
|
||||||
evolinux_packages_listchanges: True
|
evolinux_packages_listchanges: True
|
||||||
evolinux_packages_logcheck_recipient: False
|
evolinux_packages_logcheck_recipient: False
|
||||||
|
evolinux_packages_delete_aptlistchanges: True
|
||||||
|
|
||||||
# system
|
# system
|
||||||
|
|
||||||
|
@ -164,8 +166,10 @@ evolinux_logs_include: True
|
||||||
|
|
||||||
evolinux_logs_logrotate_confs: True
|
evolinux_logs_logrotate_confs: True
|
||||||
evolinux_logs_default_rotate: True
|
evolinux_logs_default_rotate: True
|
||||||
|
evolinux_logs_default_dateext : True
|
||||||
evolinux_logs_disable_logrotate_rsyslog: True
|
evolinux_logs_disable_logrotate_rsyslog: True
|
||||||
evolinux_logs_rsyslog_conf: True
|
evolinux_logs_rsyslog_conf: True
|
||||||
|
evolinux_logrotate_dateformat: "-%Y%m%d%H"
|
||||||
|
|
||||||
# default www
|
# default www
|
||||||
|
|
||||||
|
@ -206,7 +210,6 @@ evolinux_fail2ban_include: False
|
||||||
# Evocheck
|
# Evocheck
|
||||||
|
|
||||||
evolinux_evocheck_include: True
|
evolinux_evocheck_include: True
|
||||||
evolinux_evocheck_force_install: "local"
|
|
||||||
|
|
||||||
# Listupgrade
|
# Listupgrade
|
||||||
|
|
||||||
|
@ -218,3 +221,6 @@ evolinux_generateldif_include: True
|
||||||
|
|
||||||
# Cron check_hpraid
|
# Cron check_hpraid
|
||||||
evolinux_cron_checkhpraid_frequency: daily
|
evolinux_cron_checkhpraid_frequency: daily
|
||||||
|
|
||||||
|
# Motd
|
||||||
|
evolinux_motd_include: True
|
|
@ -1,9 +1,10 @@
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Evolix alert5 script
|
Description=Evolix alert5 script
|
||||||
|
After=network.target
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
ExecStart=/usr/share/scripts/alert5.sh
|
ExecStart=/usr/share/scripts/alert5.sh
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
1019
evolinux-base/files/backup-server-state.sh
Normal file
1019
evolinux-base/files/backup-server-state.sh
Normal file
|
@ -0,0 +1,1019 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
PROGNAME="backup-server-state"
|
||||||
|
|
||||||
|
VERSION="22.01.3"
|
||||||
|
readonly VERSION
|
||||||
|
|
||||||
|
backup_dir=
|
||||||
|
rc=0
|
||||||
|
|
||||||
|
# base functions
|
||||||
|
|
||||||
|
show_version() {
|
||||||
|
cat <<END
|
||||||
|
${PROGNAME} version ${VERSION}
|
||||||
|
|
||||||
|
Copyright 2018-2022 Evolix <info@evolix.fr>,
|
||||||
|
Jérémy Lecour <jlecour@evolix.fr>
|
||||||
|
and others.
|
||||||
|
|
||||||
|
${PROGNAME} comes with ABSOLUTELY NO WARRANTY.This is free software,
|
||||||
|
and you are welcome to redistribute it under certain conditions.
|
||||||
|
See the GNU General Public License v3.0 for details.
|
||||||
|
END
|
||||||
|
}
|
||||||
|
show_help() {
|
||||||
|
cat <<END
|
||||||
|
${PROGNAME} is making backup copies of information related to the state of the server.
|
||||||
|
|
||||||
|
Usage: ${PROGNAME} --backup-dir=/path/to/backup/directory [OPTIONS]
|
||||||
|
|
||||||
|
Options
|
||||||
|
-d, --backup-dir path to the directory where the backup will be stored
|
||||||
|
-f, --force keep existing backup directory and its content
|
||||||
|
--etc backup copy of /etc
|
||||||
|
--no-etc no backup copy of /etc (default)
|
||||||
|
--dpkg backup copy of /var/lib/dpkg
|
||||||
|
--no-dpkg no backup copy of /var/lib/dpkg (default)
|
||||||
|
--apt-states backup copy of apt extended states (default)
|
||||||
|
--no-apt-states no backup copy of apt extended states
|
||||||
|
--apt-config backup copy of apt configuration (default)
|
||||||
|
--no-apt-config no backup copy of apt configuration
|
||||||
|
--packages backup copy of dpkg selections (default)
|
||||||
|
--no-packages no backup copy of dpkg selections
|
||||||
|
--processes backup copy of process list (default)
|
||||||
|
--no-processes no backup copy of process list
|
||||||
|
--uptime backup of uptime value (default)
|
||||||
|
--no-uptime no backup of uptime value
|
||||||
|
--netstat backup copy of netstat (default)
|
||||||
|
--no-netstat no backup copy of netstat
|
||||||
|
--netcfg backup copy of network configuration (default)
|
||||||
|
--no-netcfg no backup copy of network configuration
|
||||||
|
--iptables backup copy of iptables (default)
|
||||||
|
--no-iptables no backup copy of iptables
|
||||||
|
--sysctl backup copy of sysctl values (default)
|
||||||
|
--no-sysctl no backup copy of sysctl values
|
||||||
|
--virsh backup copy of virsh list (default)
|
||||||
|
--no-virsh no backup copy of virsh list
|
||||||
|
--lxc backup copy of lxc list (default)
|
||||||
|
--no-lxc no backup copy of lxc list
|
||||||
|
--disks backup copy of MBR and partitions (default)
|
||||||
|
--no-disks no backup copy of MBR and partitions
|
||||||
|
--mount backup copy of mount points (default)
|
||||||
|
--no-mount no backup copy of mount points
|
||||||
|
--df backup copy of disk usage (default)
|
||||||
|
--no-df no backup copy of disk usage
|
||||||
|
--dmesg backup copy of dmesg (default)
|
||||||
|
--no-dmesg no backup copy of dmesg
|
||||||
|
--mysql backup copy of mysql processes (default)
|
||||||
|
--no-mysql no backup copy of mysql processes
|
||||||
|
--services backup copy of services states (default)
|
||||||
|
--no-services no backup copy of services states
|
||||||
|
-v, --verbose print details about backup steps
|
||||||
|
-V, --version print version and exit
|
||||||
|
-h, --help print this message and exit
|
||||||
|
END
|
||||||
|
}
|
||||||
|
debug() {
|
||||||
|
if [ "${VERBOSE}" = "1" ]; then
|
||||||
|
echo "$1"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
create_backup_dir() {
|
||||||
|
debug "Create ${backup_dir}"
|
||||||
|
|
||||||
|
last_result=$(mkdir -p "${backup_dir}" && chmod -R 755 "${backup_dir}")
|
||||||
|
last_rc=$?
|
||||||
|
|
||||||
|
if [ ${last_rc} -eq 0 ]; then
|
||||||
|
debug "* mkdir/chmod OK"
|
||||||
|
else
|
||||||
|
debug "* mkdir/chmod ERROR :"
|
||||||
|
debug "${last_result}"
|
||||||
|
rc=10
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
backup_etc() {
|
||||||
|
debug "Backup /etc"
|
||||||
|
|
||||||
|
rsync_bin=$(command -v rsync)
|
||||||
|
|
||||||
|
if [ -n "${rsync_bin}" ]; then
|
||||||
|
last_result=$(${rsync_bin} -ah --itemize-changes --exclude=.git /etc "${backup_dir}/")
|
||||||
|
last_rc=$?
|
||||||
|
|
||||||
|
if [ ${last_rc} -eq 0 ]; then
|
||||||
|
debug "* rsync OK"
|
||||||
|
else
|
||||||
|
debug "* rsync ERROR :"
|
||||||
|
debug "${last_result}"
|
||||||
|
rc=10
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
debug "* rsync not found"
|
||||||
|
last_result=$(cp -r /etc "${backup_dir}/ && rm -rf ${backup_dir}/etc/.git")
|
||||||
|
last_rc=$?
|
||||||
|
|
||||||
|
if [ ${last_rc} -eq 0 ]; then
|
||||||
|
debug "* cp OK"
|
||||||
|
else
|
||||||
|
debug "* cp ERROR :"
|
||||||
|
debug "${last_result}"
|
||||||
|
rc=10
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
backup_apt_states() {
|
||||||
|
apt_dir="/"
|
||||||
|
apt_dir_state="var/lib/apt"
|
||||||
|
apt_dir_state_extended_states="extended_states"
|
||||||
|
|
||||||
|
apt_config_bin=$(command -v apt-config)
|
||||||
|
|
||||||
|
if [ -n "${apt_config_bin}" ]; then
|
||||||
|
eval "$(${apt_config_bin} shell apt_dir Dir)"
|
||||||
|
eval "$(${apt_config_bin} shell apt_dir_state Dir::State)"
|
||||||
|
eval "$(${apt_config_bin} shell apt_dir_state_extended_states Dir::State::extended_states)"
|
||||||
|
fi
|
||||||
|
extended_states="${apt_dir}/${apt_dir_state}/${apt_dir_state_extended_states}"
|
||||||
|
|
||||||
|
if [ -f "${extended_states}" ]; then
|
||||||
|
debug "Backup APT states"
|
||||||
|
|
||||||
|
last_result=$(cp -r "${extended_states}" "${backup_dir}/apt-extended-states.txt")
|
||||||
|
last_rc=$?
|
||||||
|
|
||||||
|
if [ ${last_rc} -eq 0 ]; then
|
||||||
|
debug "* cp OK"
|
||||||
|
else
|
||||||
|
debug "* cp ERROR :"
|
||||||
|
debug "${last_result}"
|
||||||
|
rc=10
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
backup_apt_config() {
|
||||||
|
debug "Backup APT config"
|
||||||
|
|
||||||
|
apt_config_bin=$(command -v apt-config)
|
||||||
|
|
||||||
|
if [ -n "${apt_config_bin}" ]; then
|
||||||
|
last_result=$(${apt_config_bin} dump > "${backup_dir}/apt-config.txt")
|
||||||
|
last_rc=$?
|
||||||
|
|
||||||
|
if [ ${last_rc} -eq 0 ]; then
|
||||||
|
debug "* apt-config OK"
|
||||||
|
else
|
||||||
|
debug "* apt-config ERROR"
|
||||||
|
debug "${last_result}"
|
||||||
|
rc=10
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
debug "* apt-config is not found"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
backup_dpkg_full() {
|
||||||
|
debug "Backup DPkg full state"
|
||||||
|
|
||||||
|
dir_state_status="/var/lib/dpkg/status"
|
||||||
|
|
||||||
|
apt_config_bin=$(command -v apt-config)
|
||||||
|
|
||||||
|
if [ -n "${apt_config_bin}" ]; then
|
||||||
|
eval "$(${apt_config_bin} shell dir_state_status Dir::State::status)"
|
||||||
|
fi
|
||||||
|
|
||||||
|
dpkg_dir=$(dirname "${dir_state_status}")
|
||||||
|
|
||||||
|
last_result=$(mkdir -p "${backup_dir}${dpkg_dir}" && chmod -R 755 "${backup_dir}${dpkg_dir}")
|
||||||
|
last_rc=$?
|
||||||
|
|
||||||
|
if [ ${last_rc} -eq 0 ]; then
|
||||||
|
debug "* mkdir/chmod OK"
|
||||||
|
else
|
||||||
|
debug "* mkdir/chmod ERROR"
|
||||||
|
debug "${last_result}"
|
||||||
|
rc=10
|
||||||
|
fi
|
||||||
|
|
||||||
|
rsync_bin=$(command -v rsync)
|
||||||
|
|
||||||
|
if [ -n "${rsync_bin}" ]; then
|
||||||
|
last_result=$(${rsync_bin} -ah --itemize-changes --exclude='*-old' "${dpkg_dir}/" "${backup_dir}${dpkg_dir}/")
|
||||||
|
last_rc=$?
|
||||||
|
|
||||||
|
if [ ${last_rc} -eq 0 ]; then
|
||||||
|
debug "* rsync OK"
|
||||||
|
else
|
||||||
|
debug "* rsync ERROR :"
|
||||||
|
debug "${last_result}"
|
||||||
|
rc=10
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
debug "* rsync not found"
|
||||||
|
|
||||||
|
last_result=$(cp -r "${dpkg_dir}/*" "${backup_dir}${dpkg_dir}/" && rm -rf "${backup_dir}${dpkg_dir}/*-old")
|
||||||
|
last_rc=$?
|
||||||
|
|
||||||
|
if [ ${last_rc} -eq 0 ]; then
|
||||||
|
debug "* cp OK"
|
||||||
|
else
|
||||||
|
debug "* cp ERROR :"
|
||||||
|
debug "${last_result}"
|
||||||
|
rc=10
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
backup_dpkg_status() {
|
||||||
|
debug "Backup DPkg status"
|
||||||
|
|
||||||
|
dir_state_status="/var/lib/dpkg/status"
|
||||||
|
|
||||||
|
apt_config_bin=$(command -v apt-config)
|
||||||
|
|
||||||
|
if [ -n "${apt_config_bin}" ]; then
|
||||||
|
eval "$(${apt_config_bin} shell dir_state_status Dir::State::status)"
|
||||||
|
fi
|
||||||
|
|
||||||
|
last_result=$(cp "${dir_state_status}" "${backup_dir}/dpkg-status.txt")
|
||||||
|
last_rc=$?
|
||||||
|
|
||||||
|
if [ ${last_rc} -eq 0 ]; then
|
||||||
|
debug "* cp OK"
|
||||||
|
else
|
||||||
|
debug "* cp ERROR :"
|
||||||
|
debug "${last_result}"
|
||||||
|
rc=10
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
backup_packages() {
|
||||||
|
debug "Backup list of installed package"
|
||||||
|
|
||||||
|
dpkg_bin=$(command -v dpkg)
|
||||||
|
|
||||||
|
if [ -n "${dpkg_bin}" ]; then
|
||||||
|
last_result=$(${dpkg_bin} --get-selections "*" > "${backup_dir}/current_packages.txt")
|
||||||
|
last_rc=$?
|
||||||
|
|
||||||
|
if [ ${last_rc} -eq 0 ]; then
|
||||||
|
debug "* dpkg OK"
|
||||||
|
else
|
||||||
|
debug "* dpkg ERROR :"
|
||||||
|
debug "${last_result}"
|
||||||
|
rc=10
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
debug "* dpkg not found"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
backup_uname() {
|
||||||
|
debug "Backup uname"
|
||||||
|
|
||||||
|
last_result=$(uname -a > "${backup_dir}/uname.txt")
|
||||||
|
last_rc=$?
|
||||||
|
|
||||||
|
if [ ${last_rc} -eq 0 ]; then
|
||||||
|
debug "* uname OK"
|
||||||
|
else
|
||||||
|
debug "* uname ERROR"
|
||||||
|
debug "${last_result}"
|
||||||
|
rc=10
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
backup_uptime() {
|
||||||
|
debug "Backup uptime"
|
||||||
|
|
||||||
|
last_result=$(uptime > "${backup_dir}/uptime.txt")
|
||||||
|
last_rc=$?
|
||||||
|
|
||||||
|
if [ ${last_rc} -eq 0 ]; then
|
||||||
|
debug "* uptime OK"
|
||||||
|
else
|
||||||
|
debug "* uptime ERROR"
|
||||||
|
debug "${last_result}"
|
||||||
|
rc=10
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
backup_processes() {
|
||||||
|
debug "Backup process list"
|
||||||
|
|
||||||
|
last_result=$(ps fauxw > "${backup_dir}/ps.txt")
|
||||||
|
last_rc=$?
|
||||||
|
|
||||||
|
if [ ${last_rc} -eq 0 ]; then
|
||||||
|
debug "* ps OK"
|
||||||
|
else
|
||||||
|
debug "* ps ERROR"
|
||||||
|
debug "${last_result}"
|
||||||
|
rc=10
|
||||||
|
fi
|
||||||
|
|
||||||
|
pstree_bin=$(command -v pstree)
|
||||||
|
|
||||||
|
if [ -n "${pstree_bin}" ]; then
|
||||||
|
last_result=$(${pstree_bin} -pan > "${backup_dir}/pstree.txt")
|
||||||
|
last_rc=$?
|
||||||
|
|
||||||
|
if [ ${last_rc} -eq 0 ]; then
|
||||||
|
debug "* pstree OK"
|
||||||
|
else
|
||||||
|
debug "* pstree ERROR"
|
||||||
|
debug "${last_result}"
|
||||||
|
rc=10
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
backup_netstat() {
|
||||||
|
debug "Backup network status"
|
||||||
|
|
||||||
|
ss_bin=$(command -v ss)
|
||||||
|
|
||||||
|
if [ -n "${ss_bin}" ]; then
|
||||||
|
last_result=$(${ss_bin} -tanpul > "${backup_dir}/netstat-ss.txt")
|
||||||
|
last_rc=$?
|
||||||
|
|
||||||
|
if [ ${last_rc} -eq 0 ]; then
|
||||||
|
debug "* ss OK"
|
||||||
|
else
|
||||||
|
debug "* ss ERROR"
|
||||||
|
debug "${last_result}"
|
||||||
|
rc=10
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
debug "* ss not found"
|
||||||
|
fi
|
||||||
|
|
||||||
|
netstat_bin=$(command -v netstat)
|
||||||
|
|
||||||
|
if [ -n "${netstat_bin}" ]; then
|
||||||
|
last_result=$(netstat -laputen > "${backup_dir}/netstat-legacy.txt")
|
||||||
|
last_rc=$?
|
||||||
|
|
||||||
|
if [ ${last_rc} -eq 0 ]; then
|
||||||
|
debug "* netstat OK"
|
||||||
|
else
|
||||||
|
debug "* netstat ERROR"
|
||||||
|
debug "${last_result}"
|
||||||
|
rc=10
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
debug "* netstat not found"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
backup_netcfg() {
|
||||||
|
debug "Backup network configuration"
|
||||||
|
|
||||||
|
ip_bin=$(command -v ip)
|
||||||
|
|
||||||
|
if [ -n "${ip_bin}" ]; then
|
||||||
|
last_result=$(${ip_bin} address show > "${backup_dir}/ip-address.txt")
|
||||||
|
last_rc=$?
|
||||||
|
|
||||||
|
if [ ${last_rc} -eq 0 ]; then
|
||||||
|
debug "* ip address OK"
|
||||||
|
else
|
||||||
|
debug "* ip address ERROR"
|
||||||
|
debug "${last_result}"
|
||||||
|
rc=10
|
||||||
|
fi
|
||||||
|
|
||||||
|
last_result=$(${ip_bin} route show > "${backup_dir}/ip-route.txt")
|
||||||
|
last_rc=$?
|
||||||
|
|
||||||
|
if [ ${last_rc} -eq 0 ]; then
|
||||||
|
debug "* ip route OK"
|
||||||
|
else
|
||||||
|
debug "* ip route ERROR"
|
||||||
|
debug "${last_result}"
|
||||||
|
rc=10
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
debug "* ip not found"
|
||||||
|
|
||||||
|
ifconfig_bin=$(command -v ifconfig)
|
||||||
|
|
||||||
|
if [ -n "${ifconfig_bin}" ]; then
|
||||||
|
last_result=$(${ifconfig_bin} > "${backup_dir}/ifconfig.txt")
|
||||||
|
last_rc=$?
|
||||||
|
|
||||||
|
if [ ${last_rc} -eq 0 ]; then
|
||||||
|
debug "* ifconfig OK"
|
||||||
|
else
|
||||||
|
debug "* ifconfig ERROR"
|
||||||
|
debug "${last_result}"
|
||||||
|
rc=10
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
debug "* ifconfig not found"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
backup_iptables() {
|
||||||
|
debug "Backup iptables"
|
||||||
|
|
||||||
|
iptables_bin=$(command -v iptables)
|
||||||
|
|
||||||
|
if [ -n "${iptables_bin}" ]; then
|
||||||
|
last_result=$({ ${iptables_bin} -L -n -v; ${iptables_bin} -t filter -L -n -v; } > "${backup_dir}/iptables.txt")
|
||||||
|
last_rc=$?
|
||||||
|
|
||||||
|
if [ ${last_rc} -eq 0 ]; then
|
||||||
|
debug "* iptables OK"
|
||||||
|
else
|
||||||
|
debug "* iptables ERROR"
|
||||||
|
debug "${last_result}"
|
||||||
|
rc=10
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
debug "* iptables not found"
|
||||||
|
fi
|
||||||
|
|
||||||
|
iptables_save_bin=$(command -v iptables-save)
|
||||||
|
|
||||||
|
if [ -n "${iptables_save_bin}" ]; then
|
||||||
|
last_result=$(${iptables_save_bin} > "${backup_dir}/iptables-save.txt")
|
||||||
|
last_rc=$?
|
||||||
|
|
||||||
|
if [ ${last_rc} -eq 0 ]; then
|
||||||
|
debug "* iptables-save OK"
|
||||||
|
else
|
||||||
|
debug "* iptables-save ERROR"
|
||||||
|
debug "${last_result}"
|
||||||
|
rc=10
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
debug "* iptables-save not found"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
backup_sysctl() {
|
||||||
|
debug "Backup sysctl values"
|
||||||
|
|
||||||
|
sysctl_bin=$(command -v sysctl)
|
||||||
|
|
||||||
|
if [ -n "${sysctl_bin}" ]; then
|
||||||
|
last_result=$(${sysctl_bin} -a | sort -h > "${backup_dir}/sysctl.txt")
|
||||||
|
last_rc=$?
|
||||||
|
|
||||||
|
if [ ${last_rc} -eq 0 ]; then
|
||||||
|
debug "* sysctl OK"
|
||||||
|
else
|
||||||
|
debug "* sysctl ERROR"
|
||||||
|
debug "${last_result}"
|
||||||
|
rc=10
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
debug "* sysctl not found"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
backup_virsh() {
|
||||||
|
debug "Backup virsh list"
|
||||||
|
|
||||||
|
virsh_bin=$(command -v virsh)
|
||||||
|
|
||||||
|
if [ -n "${virsh_bin}" ]; then
|
||||||
|
last_result=$(${virsh_bin} list --all > "${backup_dir}/virsh-list.txt")
|
||||||
|
last_rc=$?
|
||||||
|
|
||||||
|
if [ ${last_rc} -eq 0 ]; then
|
||||||
|
debug "* virsh list OK"
|
||||||
|
else
|
||||||
|
debug "* virsh list ERROR"
|
||||||
|
debug "${last_result}"
|
||||||
|
rc=10
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
debug "* virsh not found"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
backup_lxc() {
|
||||||
|
debug "Backup lxc list"
|
||||||
|
|
||||||
|
lxc_ls_bin=$(command -v lxc-ls)
|
||||||
|
|
||||||
|
if [ -n "${lxc_ls_bin}" ]; then
|
||||||
|
last_result=$(${lxc_ls_bin} --fancy > "${backup_dir}/lxc-list.txt")
|
||||||
|
last_rc=$?
|
||||||
|
|
||||||
|
if [ ${last_rc} -eq 0 ]; then
|
||||||
|
debug "* lxc list OK"
|
||||||
|
else
|
||||||
|
debug "* lxc list ERROR"
|
||||||
|
debug "${last_result}"
|
||||||
|
rc=10
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
debug "* lxc-ls not found"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
backup_disks() {
|
||||||
|
debug "Backup disks"
|
||||||
|
|
||||||
|
lsblk_bin=$(command -v lsblk)
|
||||||
|
awk_bin=$(command -v awk)
|
||||||
|
|
||||||
|
if [ -n "${lsblk_bin}" ] && [ -n "${awk_bin}" ]; then
|
||||||
|
disks=$(${lsblk_bin} -l | grep disk | grep -v -E '(drbd|fd[0-9]+)' | ${awk_bin} '{print $1}')
|
||||||
|
for disk in ${disks}; do
|
||||||
|
dd_bin=$(command -v dd)
|
||||||
|
if [ -n "${dd_bin}" ]; then
|
||||||
|
last_result=$(${dd_bin} if="/dev/${disk}" of="${backup_dir}/MBR-${disk}" bs=512 count=1 2>&1)
|
||||||
|
last_rc=$?
|
||||||
|
|
||||||
|
if [ ${last_rc} -eq 0 ]; then
|
||||||
|
debug "* dd ${disk} OK"
|
||||||
|
else
|
||||||
|
debug "* dd ${disk} ERROR"
|
||||||
|
debug "${last_result}"
|
||||||
|
rc=10
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
debug "* dd not found"
|
||||||
|
fi
|
||||||
|
fdisk_bin=$(command -v fdisk)
|
||||||
|
if [ -n "${fdisk_bin}" ]; then
|
||||||
|
last_result=$(${fdisk_bin} -l "/dev/${disk}" > "${backup_dir}/partitions-${disk}" 2>&1)
|
||||||
|
last_rc=$?
|
||||||
|
|
||||||
|
if [ ${last_rc} -eq 0 ]; then
|
||||||
|
debug "* fdisk ${disk} OK"
|
||||||
|
else
|
||||||
|
debug "* fdisk ${disk} ERROR"
|
||||||
|
debug "${last_result}"
|
||||||
|
rc=10
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
debug "* fdisk not found"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
cat "${backup_dir}"/partitions-* > "${backup_dir}/partitions"
|
||||||
|
else
|
||||||
|
if [ -n "${lsblk_bin}" ]; then
|
||||||
|
debug "* lsblk not found"
|
||||||
|
fi
|
||||||
|
if [ -n "${awk_bin}" ]; then
|
||||||
|
debug "* awk not found"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
backup_mount() {
|
||||||
|
debug "Backup mount points"
|
||||||
|
|
||||||
|
findmnt_bin=$(command -v findmnt)
|
||||||
|
|
||||||
|
if [ -n "${findmnt_bin}" ]; then
|
||||||
|
last_result=$(${findmnt_bin} > "${backup_dir}/mount.txt")
|
||||||
|
last_rc=$?
|
||||||
|
|
||||||
|
if [ ${last_rc} -eq 0 ]; then
|
||||||
|
debug "* mount points OK"
|
||||||
|
else
|
||||||
|
debug "* mount points ERROR"
|
||||||
|
debug "${last_result}"
|
||||||
|
rc=10
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
debug "* findmnt not found"
|
||||||
|
|
||||||
|
mount_bin=$(command -v mount)
|
||||||
|
|
||||||
|
if [ -n "${mount_bin}" ]; then
|
||||||
|
last_result=$(${mount_bin} > "${backup_dir}/mount.txt")
|
||||||
|
last_rc=$?
|
||||||
|
|
||||||
|
if [ ${last_rc} -eq 0 ]; then
|
||||||
|
debug "* mount points OK"
|
||||||
|
else
|
||||||
|
debug "* mount points ERROR"
|
||||||
|
debug "${last_result}"
|
||||||
|
rc=10
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
debug "* mount not found"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
backup_df() {
|
||||||
|
debug "Backup df"
|
||||||
|
|
||||||
|
df_bin=$(command -v df)
|
||||||
|
|
||||||
|
if [ -n "${df_bin}" ]; then
|
||||||
|
last_result=$(${df_bin} --portability > "${backup_dir}/df.txt")
|
||||||
|
last_rc=$?
|
||||||
|
|
||||||
|
if [ ${last_rc} -eq 0 ]; then
|
||||||
|
debug "* df OK"
|
||||||
|
else
|
||||||
|
debug "* df ERROR"
|
||||||
|
debug "${last_result}"
|
||||||
|
rc=10
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
debug "* df not found"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
backup_dmesg() {
|
||||||
|
debug "Backup dmesg"
|
||||||
|
|
||||||
|
dmesg_bin=$(command -v dmesg)
|
||||||
|
|
||||||
|
if [ -n "${dmesg_bin}" ]; then
|
||||||
|
last_result=$(${dmesg_bin} > "${backup_dir}/dmesg.txt")
|
||||||
|
last_rc=$?
|
||||||
|
|
||||||
|
if [ ${last_rc} -eq 0 ]; then
|
||||||
|
debug "* dmesg OK"
|
||||||
|
else
|
||||||
|
debug "* dmesg ERROR"
|
||||||
|
debug "${last_result}"
|
||||||
|
rc=10
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
debug "* dmesg not found"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
backup_mysql_processes() {
|
||||||
|
debug "Backup mysql processes"
|
||||||
|
|
||||||
|
mysqladmin_bin=$(command -v mysqladmin)
|
||||||
|
|
||||||
|
if [ -n "${mysqladmin_bin}" ]; then
|
||||||
|
last_result=$(${mysqladmin_bin} --verbose processlist > "${backup_dir}/mysql-processlist.txt")
|
||||||
|
last_rc=$?
|
||||||
|
|
||||||
|
if [ ${last_rc} -eq 0 ]; then
|
||||||
|
debug "* mysqladmin OK"
|
||||||
|
else
|
||||||
|
debug "* mysqladmin ERROR"
|
||||||
|
debug "${last_result}"
|
||||||
|
rc=10
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
debug "* mysqladmin not found"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
backup_systemctl() {
|
||||||
|
debug "Backup services"
|
||||||
|
|
||||||
|
systemctl_bin=$(command -v systemctl)
|
||||||
|
|
||||||
|
if [ -n "${systemctl_bin}" ]; then
|
||||||
|
last_result=$(${systemctl_bin} --no-legend --state=failed --type=service > "${backup_dir}/systemctl-failed-services.txt")
|
||||||
|
last_rc=$?
|
||||||
|
|
||||||
|
if [ ${last_rc} -eq 0 ]; then
|
||||||
|
debug "* failed services OK"
|
||||||
|
else
|
||||||
|
debug "* failed services ERROR"
|
||||||
|
debug "${last_result}"
|
||||||
|
rc=10
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
debug "* systemctl not found"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
main() {
|
||||||
|
if [ -z "${backup_dir}" ]; then
|
||||||
|
echo "ERROR: You must provide the --backup-dir argument" >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -d "${backup_dir}" ]; then
|
||||||
|
if [ "${FORCE}" != "1" ]; then
|
||||||
|
echo "ERROR: The backup directory ${backup_dir} already exists. Delete it first." >&2
|
||||||
|
exit 2
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
create_backup_dir
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "${DO_ETC}" -eq 1 ]; then
|
||||||
|
backup_etc
|
||||||
|
fi
|
||||||
|
if [ "${DO_DPKG_FULL}" -eq 1 ]; then
|
||||||
|
backup_dpkg_full
|
||||||
|
fi
|
||||||
|
if [ "${DO_DPKG_STATUS}" -eq 1 ]; then
|
||||||
|
backup_dpkg_status
|
||||||
|
fi
|
||||||
|
if [ "${DO_APT_STATES}" -eq 1 ]; then
|
||||||
|
backup_apt_states
|
||||||
|
fi
|
||||||
|
if [ "${DO_APT_CONFIG}" -eq 1 ]; then
|
||||||
|
backup_apt_config
|
||||||
|
fi
|
||||||
|
if [ "${DO_PACKAGES}" -eq 1 ]; then
|
||||||
|
backup_packages
|
||||||
|
fi
|
||||||
|
if [ "${DO_PROCESSES}" -eq 1 ]; then
|
||||||
|
backup_processes
|
||||||
|
fi
|
||||||
|
if [ "${DO_UPTIME}" -eq 1 ]; then
|
||||||
|
backup_uptime
|
||||||
|
fi
|
||||||
|
if [ "${DO_UNAME}" -eq 1 ]; then
|
||||||
|
backup_uname
|
||||||
|
fi
|
||||||
|
if [ "${DO_NETSTAT}" -eq 1 ]; then
|
||||||
|
backup_netstat
|
||||||
|
fi
|
||||||
|
if [ "${DO_NETCFG}" -eq 1 ]; then
|
||||||
|
backup_netcfg
|
||||||
|
fi
|
||||||
|
if [ "${DO_IPTABLES}" -eq 1 ]; then
|
||||||
|
backup_iptables
|
||||||
|
fi
|
||||||
|
if [ "${DO_SYSCTL}" -eq 1 ]; then
|
||||||
|
backup_sysctl
|
||||||
|
fi
|
||||||
|
if [ "${DO_VIRSH}" -eq 1 ]; then
|
||||||
|
backup_virsh
|
||||||
|
fi
|
||||||
|
if [ "${DO_LXC}" -eq 1 ]; then
|
||||||
|
backup_lxc
|
||||||
|
fi
|
||||||
|
if [ "${DO_DISKS}" -eq 1 ]; then
|
||||||
|
backup_disks
|
||||||
|
fi
|
||||||
|
if [ "${DO_MOUNT}" -eq 1 ]; then
|
||||||
|
backup_mount
|
||||||
|
fi
|
||||||
|
if [ "${DO_DF}" -eq 1 ]; then
|
||||||
|
backup_df
|
||||||
|
fi
|
||||||
|
if [ "${DO_DMESG}" -eq 1 ]; then
|
||||||
|
backup_dmesg
|
||||||
|
fi
|
||||||
|
if [ "${DO_MYSQL_PROCESSES}" -eq 1 ]; then
|
||||||
|
backup_mysql_processes
|
||||||
|
fi
|
||||||
|
if [ "${DO_SYSTEMCTL}" -eq 1 ]; then
|
||||||
|
backup_systemctl
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
debug "=> Your backup is available at ${backup_dir}"
|
||||||
|
exit ${rc}
|
||||||
|
}
|
||||||
|
|
||||||
|
# parse options
|
||||||
|
# based on https://gist.github.com/deshion/10d3cb5f88a21671e17a
|
||||||
|
while :; do
|
||||||
|
case $1 in
|
||||||
|
-h|-\?|--help)
|
||||||
|
show_help
|
||||||
|
exit 0
|
||||||
|
;;
|
||||||
|
-V|--version)
|
||||||
|
show_version
|
||||||
|
exit 0
|
||||||
|
;;
|
||||||
|
-v|--verbose)
|
||||||
|
VERBOSE=1
|
||||||
|
;;
|
||||||
|
|
||||||
|
-f|--force)
|
||||||
|
FORCE=1
|
||||||
|
;;
|
||||||
|
|
||||||
|
-d|--backup-dir)
|
||||||
|
# with value separated by space
|
||||||
|
if [ -n "$2" ]; then
|
||||||
|
backup_dir=$2
|
||||||
|
shift
|
||||||
|
else
|
||||||
|
printf 'ERROR: "-d|--backup-dir" requires a non-empty option argument.\n' >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
--backup-dir=?*)
|
||||||
|
# with value speparated by =
|
||||||
|
backup_dir=${1#*=}
|
||||||
|
;;
|
||||||
|
--backup-dir=)
|
||||||
|
# without value
|
||||||
|
printf 'ERROR: "--backup-dir" requires a non-empty option argument.\n' >&2
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
|
||||||
|
--etc)
|
||||||
|
DO_ETC=1
|
||||||
|
;;
|
||||||
|
--no-etc)
|
||||||
|
DO_ETC=0
|
||||||
|
;;
|
||||||
|
|
||||||
|
--dpkg-full)
|
||||||
|
DO_DPKG_FULL=1
|
||||||
|
;;
|
||||||
|
--no-dpkg-full)
|
||||||
|
DO_DPKG_FULL=0
|
||||||
|
;;
|
||||||
|
|
||||||
|
--dpkg-status)
|
||||||
|
DO_DPKG_STATUS=1
|
||||||
|
;;
|
||||||
|
--no-dpkg-status)
|
||||||
|
DO_DPKG_STATUS=0
|
||||||
|
;;
|
||||||
|
|
||||||
|
--apt-states)
|
||||||
|
DO_APT_STATES=1
|
||||||
|
;;
|
||||||
|
--no-apt-states)
|
||||||
|
DO_APT_STATES=0
|
||||||
|
;;
|
||||||
|
|
||||||
|
--apt-config)
|
||||||
|
DO_APT_CONFIG=1
|
||||||
|
;;
|
||||||
|
--no-apt-config)
|
||||||
|
DO_APT_CONFIG=0
|
||||||
|
;;
|
||||||
|
|
||||||
|
--packages)
|
||||||
|
DO_PACKAGES=1
|
||||||
|
;;
|
||||||
|
--no-packages)
|
||||||
|
DO_PACKAGES=0
|
||||||
|
;;
|
||||||
|
|
||||||
|
--processes)
|
||||||
|
DO_PROCESSES=1
|
||||||
|
;;
|
||||||
|
--no-processes)
|
||||||
|
DO_PROCESSES=0
|
||||||
|
;;
|
||||||
|
|
||||||
|
--uptime)
|
||||||
|
DO_UPTIME=1
|
||||||
|
;;
|
||||||
|
--no-uptime)
|
||||||
|
DO_UPTIME=0
|
||||||
|
;;
|
||||||
|
|
||||||
|
--uname)
|
||||||
|
DO_UNAME=1
|
||||||
|
;;
|
||||||
|
--no-uname)
|
||||||
|
DO_UNAME=0
|
||||||
|
;;
|
||||||
|
|
||||||
|
--netstat)
|
||||||
|
DO_NETSTAT=1
|
||||||
|
;;
|
||||||
|
--no-netstat)
|
||||||
|
DO_NETSTAT=0
|
||||||
|
;;
|
||||||
|
|
||||||
|
--netcfg)
|
||||||
|
DO_NETCFG=1
|
||||||
|
;;
|
||||||
|
--no-netcfg)
|
||||||
|
DO_NETCFG=0
|
||||||
|
;;
|
||||||
|
|
||||||
|
--iptables)
|
||||||
|
DO_IPTABLES=1
|
||||||
|
;;
|
||||||
|
--no-iptables)
|
||||||
|
DO_IPTABLES=0
|
||||||
|
;;
|
||||||
|
|
||||||
|
--sysctl)
|
||||||
|
DO_SYSCTL=1
|
||||||
|
;;
|
||||||
|
--no-sysctl)
|
||||||
|
DO_SYSCTL=0
|
||||||
|
;;
|
||||||
|
|
||||||
|
--virsh)
|
||||||
|
DO_VIRSH=1
|
||||||
|
;;
|
||||||
|
--no-virsh)
|
||||||
|
DO_VIRSH=0
|
||||||
|
;;
|
||||||
|
|
||||||
|
--lxc)
|
||||||
|
DO_LXC=1
|
||||||
|
;;
|
||||||
|
--no-lxc)
|
||||||
|
DO_LXC=0
|
||||||
|
;;
|
||||||
|
|
||||||
|
--disks)
|
||||||
|
DO_DISKS=1
|
||||||
|
;;
|
||||||
|
--no-disks)
|
||||||
|
DO_DISKS=0
|
||||||
|
;;
|
||||||
|
|
||||||
|
--mount)
|
||||||
|
DO_MOUNT=1
|
||||||
|
;;
|
||||||
|
--no-mount)
|
||||||
|
DO_MOUNT=0
|
||||||
|
;;
|
||||||
|
|
||||||
|
--df)
|
||||||
|
DO_DF=1
|
||||||
|
;;
|
||||||
|
--no-df)
|
||||||
|
DO_DF=0
|
||||||
|
;;
|
||||||
|
|
||||||
|
--dmesg)
|
||||||
|
DO_DMESG=1
|
||||||
|
;;
|
||||||
|
--no-dmesg)
|
||||||
|
DO_DMESG=0
|
||||||
|
;;
|
||||||
|
|
||||||
|
--mysql-processes)
|
||||||
|
DO_MYSQL_PROCESSES=1
|
||||||
|
;;
|
||||||
|
--no-mysql-processes)
|
||||||
|
DO_MYSQL_PROCESSES=0
|
||||||
|
;;
|
||||||
|
|
||||||
|
--systemctl)
|
||||||
|
DO_SYSTEMCTL=1
|
||||||
|
;;
|
||||||
|
--no-systemctl)
|
||||||
|
DO_SYSTEMCTL=0
|
||||||
|
;;
|
||||||
|
|
||||||
|
--)
|
||||||
|
# End of all options.
|
||||||
|
shift
|
||||||
|
break
|
||||||
|
;;
|
||||||
|
-?*)
|
||||||
|
# ignore unknown options
|
||||||
|
printf 'WARN: Unknown option : %s\n' "$1" >&2
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
# Default case: If no more options then break out of the loop.
|
||||||
|
break
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
shift
|
||||||
|
done
|
||||||
|
|
||||||
|
# Default values
|
||||||
|
: "${VERBOSE:=0}"
|
||||||
|
: "${FORCE:=0}"
|
||||||
|
: "${DO_ETC:=0}"
|
||||||
|
: "${DO_DPKG_FULL:=0}"
|
||||||
|
: "${DO_DPKG_STATUS:=1}"
|
||||||
|
: "${DO_APT_STATES:=1}"
|
||||||
|
: "${DO_APT_CONFIG:=1}"
|
||||||
|
: "${DO_PACKAGES:=1}"
|
||||||
|
: "${DO_PROCESSES:=1}"
|
||||||
|
: "${DO_UNAME:=1}"
|
||||||
|
: "${DO_UPTIME:=1}"
|
||||||
|
: "${DO_NETSTAT:=1}"
|
||||||
|
: "${DO_NETCFG:=1}"
|
||||||
|
: "${DO_IPTABLES:=1}"
|
||||||
|
: "${DO_SYSCTL:=1}"
|
||||||
|
: "${DO_VIRSH:=1}"
|
||||||
|
: "${DO_LXC:=1}"
|
||||||
|
: "${DO_DISKS:=1}"
|
||||||
|
: "${DO_MOUNT:=1}"
|
||||||
|
: "${DO_DF:=1}"
|
||||||
|
: "${DO_DMESG:=1}"
|
||||||
|
: "${DO_MYSQL_PROCESSES:=1}"
|
||||||
|
: "${DO_SYSTEMCTL:=1}"
|
||||||
|
|
||||||
|
export LC_ALL=C
|
||||||
|
|
||||||
|
set -u
|
||||||
|
|
||||||
|
main
|
2
evolinux-base/files/htoprc
Normal file
2
evolinux-base/files/htoprc
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
# Force the SWAP column to the right of the CPU one
|
||||||
|
fields=0 48 17 18 38 39 40 119 2 46 47 49 1
|
9
evolinux-base/files/logs/logrotate.d/alternatives
Normal file
9
evolinux-base/files/logs/logrotate.d/alternatives
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
/var/log/alternatives.log {
|
||||||
|
monthly
|
||||||
|
rotate 120
|
||||||
|
compress
|
||||||
|
delaycompress
|
||||||
|
missingok
|
||||||
|
notifempty
|
||||||
|
create 644 root root
|
||||||
|
}
|
|
@ -6,14 +6,4 @@
|
||||||
missingok
|
missingok
|
||||||
notifempty
|
notifempty
|
||||||
create 644 root root
|
create 644 root root
|
||||||
}
|
}
|
||||||
/var/log/alternatives.log {
|
|
||||||
monthly
|
|
||||||
rotate 120
|
|
||||||
compress
|
|
||||||
delaycompress
|
|
||||||
missingok
|
|
||||||
notifempty
|
|
||||||
create 644 root root
|
|
||||||
}
|
|
||||||
|
|
|
@ -2,8 +2,8 @@
|
||||||
weekly
|
weekly
|
||||||
missingok
|
missingok
|
||||||
rotate 3
|
rotate 3
|
||||||
compress
|
compress
|
||||||
notifempty
|
notifempty
|
||||||
create 640 root adm
|
create 640 root adm
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,11 +1,7 @@
|
||||||
/var/log/procmail.log {
|
/var/log/procmail.log {
|
||||||
daily
|
daily
|
||||||
rotate 365
|
rotate 365
|
||||||
dateext
|
|
||||||
dateyesterday
|
|
||||||
dateformat .%Y%m%d
|
|
||||||
missingok
|
missingok
|
||||||
rotate 365
|
|
||||||
create 640 root adm
|
create 640 root adm
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue