forked from evolix/ansible-roles
Compare commits
319 commits
Author | SHA1 | Date | |
---|---|---|---|
Jérémy Lecour | c17bb03535 | ||
Jérémy Lecour | d7d58bf158 | ||
Jérémy Lecour | e5dc503cfd | ||
Jérémy Lecour | 270d03b6a6 | ||
Jérémy Lecour | 1dc4d0e133 | ||
Jérémy Lecour | c8ef7e9b75 | ||
53af37e055 | |||
Jérémy Lecour | d9e95218ce | ||
Eric Morino | 6321f32e81 | ||
Ludovic Poujol | 69a9cb9591 | ||
Ludovic Poujol | 39949ea921 | ||
Ludovic Poujol | e79141d2d2 | ||
Jérémy Lecour | 799466788f | ||
Jérémy Dubois | 03c97f2d0f | ||
William Hirigoyen (Evolix) | 1fdc0f2566 | ||
Jérémy Dubois | f3c443d076 | ||
ebfa8df6bc | |||
William Hirigoyen (Evolix) | 68b4b0803e | ||
Ludovic Poujol | 9995fca35d | ||
William Hirigoyen (Evolix) | e080b37be2 | ||
Ludovic Poujol | a2f73bb7df | ||
Jérémy Dubois | 981128dc17 | ||
Jérémy Lecour | 0cbdda840d | ||
Jérémy Lecour | 9e27d9707b | ||
Jérémy Lecour | 5153b88d01 | ||
Jérémy Lecour | 25563ee0f0 | ||
Jérémy Lecour | 3dd78fbf7e | ||
Jérémy Lecour | cd4822488c | ||
Jérémy Lecour | fcb0b8c80f | ||
Jérémy Lecour | cd26081add | ||
Jérémy Lecour | 8beb1e7460 | ||
Jérémy Lecour | 6d5aa67045 | ||
Jérémy Lecour | 359719d0d0 | ||
Jérémy Lecour | bb30402df3 | ||
Jérémy Lecour | 6ccd0ea440 | ||
Jérémy Lecour | 88cd8a0976 | ||
Jérémy Lecour | 519228ff9f | ||
6dc17658a9 | |||
Jérémy Lecour | 2849039fad | ||
Jérémy Lecour | 80f8a94798 | ||
Eric Morino | 0a244894eb | ||
Jérémy Lecour | 2c6a3601de | ||
Jérémy Lecour | bff8fcfebb | ||
Jérémy Lecour | 93929864be | ||
Jérémy Lecour | 52fff750df | ||
Jérémy Lecour | 0e34d4cd4b | ||
Jérémy Lecour | 8f8c024163 | ||
Jérémy Lecour | 1f4ee2de79 | ||
Jérémy Lecour | 0fce412cf5 | ||
Jérémy Lecour | 544b213529 | ||
Jérémy Lecour | 266289c72e | ||
Jérémy Lecour | 51bc48623b | ||
Mathieu Trossevin | 7a969a0be2 | ||
1902c40c3c | |||
fec9e49c18 | |||
Jérémy Dubois | 3822696db6 | ||
Jérémy Dubois | 4effe91b9f | ||
168b0fa9b7 | |||
Jérémy Lecour | c4fab71d7a | ||
Ludovic Poujol | c8a862c5e7 | ||
Jérémy Lecour | ea382a1686 | ||
Jérémy Lecour | ca1f465aaa | ||
William Hirigoyen (Evolix) | bd39adaf68 | ||
William Hirigoyen (Evolix) | 14883aa95e | ||
4c6d30a52c | |||
Jérémy Lecour | 1893b6dea5 | ||
Jérémy Lecour | ec346a42a5 | ||
William Hirigoyen (Evolix) | 1c754f7eb0 | ||
Eric Morino | 7bb7b22d1f | ||
Ludovic Poujol | 7c7ccf07eb | ||
Ludovic Poujol | 64b632c000 | ||
Ludovic Poujol | 8b701e615f | ||
Ludovic Poujol | d27d6b69cd | ||
Ludovic Poujol | bd429275d1 | ||
Eric Morino | cd7c488713 | ||
Eric Morino | 7e36d03804 | ||
Eric Morino | 2ec026c2b3 | ||
Mathieu Trossevin | 53cd3ba342 | ||
d3eef71127 | |||
Ludovic Poujol | 82694ef5e9 | ||
Ludovic Poujol | a35139fcee | ||
Eric Morino | 8dca949564 | ||
Eric Morino | c9af7db827 | ||
Eric Morino | 21bd4021d3 | ||
Eric Morino | 4fb885a33b | ||
Jérémy Lecour | e4bb0c6f55 | ||
Jérémy Lecour | 039c740ef3 | ||
William Hirigoyen (Evolix) | 51aaac0cbc | ||
Jérémy Lecour | 6cf8195744 | ||
0247216429 | |||
Eric Morino | 2ea8d279d5 | ||
William Hirigoyen (Evolix) | b9c1e9eafe | ||
Jérémy Lecour | dcfea674a4 | ||
Jérémy Lecour | 646a7b1813 | ||
Jérémy Lecour | dd53c01027 | ||
Jérémy Lecour | 0e2b43a1e9 | ||
Jérémy Dubois | 90acb99c2a | ||
Jérémy Lecour | ca28df1b75 | ||
Jérémy Lecour | 1706361e8d | ||
Jérémy Lecour | 72e8200d5b | ||
Ludovic Poujol | 03f846b94b | ||
Jérémy Lecour | 7cb6dffd6f | ||
Jérémy Lecour | dcdde5f7f6 | ||
Ludovic Poujol | 9b3bb39bd0 | ||
Ludovic Poujol | b120a92203 | ||
Eric Morino | be5bb73675 | ||
Ludovic Poujol | a9d0d0958d | ||
Jérémy Dubois | d38119eb0f | ||
Jérémy Lecour | 7586881f4d | ||
Jérémy Lecour | bbd16dc5b4 | ||
Jérémy Lecour | 33cb1dd8ef | ||
Jérémy Lecour | 6a4b250b5d | ||
Jérémy Lecour | 520cba9c5b | ||
Jérémy Lecour | 9aff38c0a7 | ||
Eric Morino | 2dfd0c0706 | ||
Jérémy Lecour | 3e80c98a05 | ||
Jérémy Lecour | 2d11580a6e | ||
Jérémy Lecour | dfd6aa0315 | ||
Jérémy Lecour | 679875d00b | ||
Ludovic Poujol | 73d6979e72 | ||
616ead41d5 | |||
Jérémy Lecour | a6fe0397a6 | ||
Jérémy Lecour | 7d63f20336 | ||
Jérémy Lecour | 86e5df9c16 | ||
Jérémy Lecour | 7b14296503 | ||
Jérémy Lecour | 37cb18f676 | ||
Jérémy Lecour | e089ddf091 | ||
Jérémy Lecour | de843cb91f | ||
Jérémy Lecour | 6cb2c66924 | ||
Jérémy Lecour | b293cf2cf9 | ||
Jérémy Lecour | dc1a01ce37 | ||
Jérémy Lecour | 5cbfda8f52 | ||
Jérémy Lecour | b2f8095d14 | ||
Jérémy Lecour | 9b479f9c05 | ||
Jérémy Lecour | 4a035d248d | ||
Jérémy Lecour | 3de5de5304 | ||
Jérémy Lecour | 4c52719561 | ||
Jérémy Lecour | 437d2986ae | ||
Jérémy Lecour | 0eb7332a34 | ||
Jérémy Lecour | febc76b26c | ||
Ludovic Poujol | e130728034 | ||
Jérémy Lecour | 73efee9caa | ||
Eric Morino | 3fcb79a3a3 | ||
Eric Morino | ae2be6a009 | ||
Jérémy Lecour | 1d55965527 | ||
Jérémy Lecour | 8233264d2a | ||
Jérémy Lecour | ef1472cbba | ||
Ludovic Poujol | f75354bb84 | ||
Ludovic Poujol | de4d814d74 | ||
Ludovic Poujol | 6a2cd59e6d | ||
Ludovic Poujol | 51fd2337f0 | ||
Ludovic Poujol | fa0c668cec | ||
45b7ce3486 | |||
Jérémy Lecour | 2b549af7d9 | ||
Jérémy Lecour | e429f7aecb | ||
Jérémy Lecour | 0cab062431 | ||
Jérémy Lecour | e76f2fe448 | ||
Jérémy Lecour | b908fc6cee | ||
Jérémy Lecour | 51e414df31 | ||
Jérémy Lecour | 887c1552cb | ||
Jérémy Lecour | e45ee59801 | ||
Jérémy Lecour | 73f55a42fa | ||
Jérémy Lecour | 65750d2aa6 | ||
Jérémy Lecour | 74ab96d67f | ||
Eric Morino | d2ef3fe27f | ||
5e794cd2b6 | |||
Eric Morino | 6c21c3b505 | ||
Jérémy Lecour | ecba57ad75 | ||
Jérémy Lecour | 2c7380240c | ||
Eric Morino | 999efb3983 | ||
Eric Morino | 916138575a | ||
Jérémy Lecour | 5a83a30a4c | ||
Eric Morino | bd92ff95c8 | ||
2448168008 | |||
Ludovic Poujol | 42189ba613 | ||
Jérémy Lecour | 066baf3538 | ||
Eric Morino | ca7d8e9739 | ||
Jérémy Lecour | ad457dd7ba | ||
Jérémy Lecour | 969a5bce7d | ||
Jérémy Lecour | d186e21239 | ||
Jérémy Lecour | c9f25f4638 | ||
Jérémy Lecour | 139b342fbd | ||
491407953c | |||
Jérémy Lecour | bf49ec8df5 | ||
Jérémy Lecour | 32b5efa30e | ||
Jérémy Lecour | 73352f55d7 | ||
Ludovic Poujol | b362fadc80 | ||
Ludovic Poujol | 8e6c08b81b | ||
Ludovic Poujol | 7a089f88af | ||
Ludovic Poujol | 49cb5adf92 | ||
Jérémy Lecour | c77e0d73f8 | ||
Jérémy Lecour | 29ec7bdcf2 | ||
Jérémy Lecour | ffd7d0e504 | ||
Jérémy Lecour | 6f66ab8e93 | ||
Jérémy Lecour | ba3ed5e903 | ||
Jérémy Lecour | d1829e7000 | ||
Jérémy Lecour | 4167b6d2a9 | ||
Jérémy Lecour | 3721c2ab38 | ||
Jérémy Lecour | 04e41b5dc9 | ||
Jérémy Lecour | 5905751a82 | ||
Jérémy Lecour | b5bcd666c6 | ||
Jérémy Lecour | 58cd1fedfa | ||
Jérémy Lecour | a5658b7f26 | ||
Jérémy Lecour | 5c1ae6ed0c | ||
Jérémy Lecour | 8a784c39ab | ||
Jérémy Lecour | 9c8dd743c8 | ||
Jérémy Lecour | 6b87ead5b4 | ||
Jérémy Lecour | d40fad662f | ||
Jérémy Lecour | 613a11d119 | ||
Jérémy Lecour | a60189eb3e | ||
Jérémy Lecour | c80c354d65 | ||
Jérémy Lecour | e8a8e85819 | ||
Jérémy Lecour | c5ab0c0ff9 | ||
Jérémy Lecour | f673ea85d1 | ||
Jérémy Lecour | 2c441f176a | ||
Jérémy Lecour | c5bb8f06ae | ||
Jérémy Lecour | 51d4ec1bb2 | ||
Jérémy Lecour | 5e09906c8f | ||
Jérémy Lecour | 380c50b999 | ||
Jérémy Lecour | 008cb6a3c9 | ||
Jérémy Lecour | 52d06a3987 | ||
Jérémy Lecour | 4a158ac819 | ||
Jérémy Lecour | 2f68ae5339 | ||
Jérémy Lecour | 6bfef35729 | ||
Jérémy Lecour | b8ac36e673 | ||
Jérémy Lecour | 83e8a3d75a | ||
Jérémy Lecour | 27a09ce682 | ||
Jérémy Lecour | 90cbd17f9b | ||
Jérémy Lecour | b0b24744d6 | ||
Jérémy Lecour | 11813c31a4 | ||
Jérémy Lecour | 51462c724c | ||
Jérémy Lecour | 1b8de7c524 | ||
Jérémy Lecour | 2ed1dac16b | ||
Jérémy Lecour | f082cb652a | ||
Jérémy Lecour | f473e99d6d | ||
Jérémy Lecour | b8c5ac3097 | ||
Jérémy Lecour | 6d757f971e | ||
Jérémy Lecour | 55ad6882b5 | ||
Jérémy Lecour | 0fe0244116 | ||
Jérémy Lecour | 1890a79702 | ||
Jérémy Lecour | 4c1ef1bd56 | ||
Jérémy Lecour | 22145a29b2 | ||
Eric Morino | af9b1a4766 | ||
Eric Morino | cb257ef927 | ||
Jérémy Lecour | 6190c66445 | ||
Jérémy Lecour | dd32ab5688 | ||
Jérémy Lecour | dbc853a815 | ||
Jérémy Lecour | 81730de78b | ||
Jérémy Lecour | 4c7fed77c4 | ||
Jérémy Lecour | fe9b7ee5f7 | ||
Jérémy Lecour | 53eaf085f5 | ||
Jérémy Lecour | 9d0bfec87e | ||
Jérémy Lecour | edfcbbad0a | ||
Jérémy Lecour | 5d7d62b284 | ||
Jérémy Lecour | 4e8c622cc0 | ||
Jérémy Lecour | 7f3eebcfc6 | ||
Jérémy Lecour | 4d7e6fd271 | ||
Jérémy Lecour | 3d715bae35 | ||
Eric Morino | e75eeb8c3f | ||
Jérémy Lecour | ca40fad186 | ||
Jérémy Lecour | f6dcce239b | ||
Jérémy Lecour | 856d11aced | ||
965dc2d20b | |||
dbc06c1c59 | |||
Jérémy Lecour | 454d4c6d30 | ||
Jérémy Lecour | 2c47871fa7 | ||
Jérémy Dubois | 89b0bd5a2b | ||
Jérémy Lecour | dd42c3673c | ||
Jérémy Lecour | 06b8314211 | ||
Ludovic Poujol | 56c064d86b | ||
Eric Morino | 547272eefd | ||
Jérémy Lecour | 02451f1e67 | ||
Jérémy Lecour | 4d83f25ae6 | ||
Jérémy Lecour | cae0de17df | ||
Jérémy Lecour | 56af68e5b3 | ||
Jérémy Dubois | 60f2f19402 | ||
Jérémy Lecour | e65340cb56 | ||
Jérémy Lecour | 7dc6f0b849 | ||
Jérémy Lecour | 9ca68a16dd | ||
Jérémy Lecour | 9b2a3a6db2 | ||
Jérémy Lecour | d823c8116a | ||
Jérémy Lecour | 3c9be8d913 | ||
Jérémy Lecour | 2ed77c60f0 | ||
Jérémy Lecour | 3dde4ee6d3 | ||
Jérémy Lecour | 58bf79218f | ||
Jérémy Lecour | 403ea45eeb | ||
Jérémy Lecour | 7d08b0a30a | ||
Jérémy Lecour | b41a2fd04f | ||
Jérémy Lecour | b049ad79d6 | ||
Jérémy Lecour | 83705a48b8 | ||
Jérémy Lecour | 9f2125e287 | ||
Jérémy Lecour | e5e4dc95fa | ||
Jérémy Lecour | e7ddf9d46c | ||
Jérémy Lecour | 485ec39674 | ||
Jérémy Lecour | 07fd6451e1 | ||
Jérémy Lecour | 5138065059 | ||
Jérémy Lecour | debc4a82ca | ||
Jérémy Lecour | b3a62aa9d8 | ||
Jérémy Lecour | eacdd2c7f2 | ||
Jérémy Lecour | 9cdddd50a8 | ||
Jérémy Lecour | a7971abb04 | ||
Jérémy Lecour | 92f28d85fe | ||
Jérémy Lecour | 1caae2437a | ||
Jérémy Lecour | cc6acdbf34 | ||
Jérémy Lecour | 6eaeb90f6e | ||
Jérémy Lecour | 43c726e86a | ||
Jérémy Lecour | 8716ffbb1e | ||
Jérémy Lecour | 047605a2a2 | ||
Jérémy Lecour | 920cb7eaeb | ||
Jérémy Lecour | 66ea07ec29 | ||
Jérémy Lecour | 2386733231 | ||
Jérémy Lecour | 5b9d2a2776 | ||
Jérémy Lecour | 5d79c31dc3 | ||
f260fedbae | |||
75675a96b1 | |||
Jérémy Lecour | 94a5d7daa2 | ||
Jérémy Lecour | eab68545fe | ||
Ludovic Poujol | 3457b14fed | ||
Ludovic Poujol | d56c545183 |
182
CHANGELOG.md
182
CHANGELOG.md
|
@ -4,9 +4,9 @@ All notable changes to this project will be documented in this file.
|
|||
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
|
||||
|
||||
This project does not follow semantic versioning.
|
||||
The **major** part of the version is aligned with the stable version of Debian.
|
||||
The **minor** part changes with big changes (probably incompatible).
|
||||
The **patch** part changes incrementally at each release.
|
||||
The **major** part of the version is the year
|
||||
The **minor** part changes is the month
|
||||
The **patch** part changes is incremented if multiple releases happen the same month
|
||||
|
||||
## [Unreleased]
|
||||
|
||||
|
@ -14,12 +14,184 @@ The **patch** part changes incrementally at each release.
|
|||
|
||||
### Changed
|
||||
|
||||
* minifirewall: tail template follows symlinks
|
||||
|
||||
### Fixed
|
||||
|
||||
### Removed
|
||||
|
||||
### Security
|
||||
|
||||
## [22.03] 2022-03-02
|
||||
|
||||
### Added
|
||||
|
||||
* apt: apt_hold_packages: broadcast message with wall, if present
|
||||
* evolinux-base: option to bypass raid-related tasks
|
||||
* Explicit permissions for systemd overrides
|
||||
* generate-ldif: Add support for php-fpm in containers
|
||||
* kvm-host: add missing default value
|
||||
* lxc-php: preliminary support for PHP 8.1 container
|
||||
* openvpn: now check that openvpn has been restarted since last certificates renewal
|
||||
* redis: always install check_redis_instances
|
||||
* redis: check_redis_instances tolerates absence of instances
|
||||
|
||||
### Changed
|
||||
|
||||
* elasticsearch: Use `/etc/elasticsearch/jvm.options.d/evolinux` instead of default `/etc/elasticsearch/jvm.options`
|
||||
* evolinux-users: check permissions for /etc/sudoers.d
|
||||
* evolinux-users: optimize sudo configuration
|
||||
* lxc: Fail if /var is nosuid
|
||||
* openvpn: make it compatible with OpenBSD and add some improvements
|
||||
|
||||
|
||||
|
||||
## [22.01.3] 2022-01-31
|
||||
|
||||
### Changed
|
||||
|
||||
* rbenv: install Ruby 3.1.0 by default
|
||||
* evolinux-base: backup-server-state: add "force" mode
|
||||
|
||||
### Fixed
|
||||
|
||||
* evolinux-base: backup-server-state: fix systemctl invocation
|
||||
* varnish: update munin plugin to work with recent varnish versions
|
||||
|
||||
## [22.01.2] 2022-01-27
|
||||
|
||||
### Changed
|
||||
|
||||
* evolinux-base: many improvements for backup-server-state script
|
||||
* remount-usr: use findmnt to find if usr is a readonly partition
|
||||
|
||||
## [22.01] 2022-01-25
|
||||
|
||||
### Added
|
||||
|
||||
* Support for Debian 11 « Bullseye » (with possible remaining blind spots)
|
||||
* apache: new variable for MPM mode (+ updated default config accordingly)
|
||||
* apache: prevent accessing Git or "env" related files
|
||||
* certbot: add script for manual deploy hooks execution
|
||||
* docker-host: install additional dependencies
|
||||
* dovecot: switch to TLS 1.2+ and external DH params
|
||||
* etc-git: centralize cron jobs in dedicated crontab
|
||||
* etc-git: manage commits with an optimized shell script instead of many slow Ansible tasks
|
||||
* evolinux-base: add script backup-server-state
|
||||
* evolinux-base: configure top and htop to display the swap column
|
||||
* evolinux-base: install molly-guard by default
|
||||
* generate-ldif: detect RAID controller
|
||||
* generate-ldif: detect mdadm
|
||||
* listupgrade: crontab is configurable
|
||||
* logstash: logging to syslog is configurable (default: True)
|
||||
* mongodb: create munin plugins directory if missing
|
||||
* munin: systemd override to unprotect home directory
|
||||
* mysql: add evomariabackup 21.11
|
||||
* mysql: improve Bullseye compatibility
|
||||
* mysql: script "mysql_connections" to display a compact list of connections
|
||||
* mysql: script "mysql-queries-killer.sh" to kill MySQL queries
|
||||
* nagios-nrpe + evolinux-users: new check for ipmi
|
||||
* nagios-nrpe + evolinux-users: new check for RAID (soft + hard)
|
||||
* nagios-nrpe + evolinux-users: new checks for bkctld
|
||||
* nagios-nrpe: new check influxdb
|
||||
* openvpn: new role (beta)
|
||||
* redis: instance service for Debian 11
|
||||
* squid: add *.o.lencr.org to default whitelist
|
||||
|
||||
### Changed
|
||||
|
||||
* Change version pattern
|
||||
* Install python 2 or 3 libraries according to running python version
|
||||
* Remove embedded GPG keys only if legacy keyring is present
|
||||
* apt: remove workaround for Evolix public repositories with Debian 11
|
||||
* apt: upgrade packages after all the configuration is done
|
||||
* apt: use the new security repository for Bullseye
|
||||
* certbot: silence letsencrypt deprecation warnings
|
||||
* elasticsearch: elastic_stack_version = 7.x
|
||||
* evoacme: exclude renewal-hooks directory from cron
|
||||
* evoadmin-web: simpler PHP packages lists
|
||||
* evocheck: upstream release 21.10.4
|
||||
* evolinux-base: alert5 comes after the network
|
||||
* evolinux-base: force Debian version to buster for Evolix repository (temporary)
|
||||
* evolinux-base: install freeipmi by default on dedicated hw
|
||||
* evolinux-base: logs are rotated with dateext by default
|
||||
* evolinux-base: split dpkg logrotate configuration
|
||||
* evolinux-users + nagios-nrpe: Add support for php-fpm80 in lxc
|
||||
* evomaintenance: extract a config.yml tasks file
|
||||
* evomaintenance: upstream release 22.01
|
||||
* filebeat/metricbeat: elastic_stack_version = 7.x
|
||||
* kibana: elastic_stack_version = 7.x
|
||||
* listupgrade: old-kernel-removal version 21.10
|
||||
* listupgrade: upstream release 21.06.3
|
||||
* logstash: elastic_stack_version = 7.x
|
||||
* mongodb: Allow to specify a mongodb version for buster & bullseye
|
||||
* mongodb: Deny the install on Debian 11 « Bullseye » when the version is unsupported
|
||||
* mongodb: Support version 5.0 (for buster)
|
||||
* mysql: use python3 and mariadb-client-10.5 with Debian 11 and later
|
||||
* nodejs: default to version 16 LTS
|
||||
* php: enforce Debian version with assert instead of fail
|
||||
* squid: improve default whitelist (more specific patterns)
|
||||
* squid: must be started in foreground mode for systemd
|
||||
* squid: remove obsolete variable on Squid 4
|
||||
|
||||
### Fixed
|
||||
|
||||
* evolinux-base: fix alert5.service dependency syntax
|
||||
* certbot: sync_remote excludes itself
|
||||
* lxc-php: fix config for opensmtpd on bullseye containers
|
||||
* mysql : Create a default ~root/.my.cnf for compatibility reasons
|
||||
* nginx : fix variable name and debug to actually use nginx-light
|
||||
* packweb-apache : Support php 8.0
|
||||
* nagios-nrpe: Fix check_nfsserver for buster and bullseye
|
||||
|
||||
### Removed
|
||||
|
||||
* evocheck: package install is not supported anymore
|
||||
* logstash: no more dependency on Java
|
||||
* php: remove php-gettext for 7.4
|
||||
|
||||
## [10.6.0] 2021-06-28
|
||||
|
||||
### Added
|
||||
|
||||
* Add Elastic GPG key to kibana, filebeat, logstash, metricbeat roles
|
||||
* apache: new variable for mpm mode (+ updated default config accordingly)
|
||||
* evolinux-base: add default motd template
|
||||
* kvm-host: add migrate-vm script
|
||||
* mysql: variable to disable myadd script overwrite (default: True)
|
||||
* nodejs: update apt cache before installing the package
|
||||
* squid: add Yarn apt repository in default whitelist
|
||||
|
||||
### Changed
|
||||
|
||||
* Update Galaxy metadata (company, platforms and galaxy_tags)
|
||||
* Use 'loop' syntax instead of 'with_first_found/with_items/with_dict/with_nested/with_list'
|
||||
* Use Ansible syntax used in Ansible 2.8+
|
||||
* apt: store keys in /etc/apt/trusted.gpg.d in ascii format
|
||||
* certbot: sync_remote.sh is configurable
|
||||
* evolinux-base: copy GPG key instead of using apt-key
|
||||
* evomaintenance: upstream release 0.6.4
|
||||
* kvm-host: replace the "kvm-tools" package with scripts deployed by Ansible
|
||||
* listupgrade: upstream release 21.06.2
|
||||
* nodejs: change GPG key name
|
||||
* ntpd: Add leapfile configuration setting to ntpd on debian 10+
|
||||
* packweb-apache: install phpMyAdmin from buster-backports
|
||||
* spamassassin: change dependency on evomaintenance
|
||||
* squid: remove obsolete variable on Squid 4
|
||||
|
||||
### Fixed
|
||||
|
||||
* add default (useless) value for file lookup (first_found)
|
||||
* fix pipefail option for shell invocations
|
||||
* elasticsearch: inline YAML formatting of seed_hosts and initial_master_nodes
|
||||
* evolinux-base: fix motd lookup path
|
||||
* ldap: fix edge cases where passwords were not set/get properly
|
||||
* listupgrade: fix wget error + shellcheck cleanup
|
||||
|
||||
### Removed
|
||||
|
||||
* elasticsearch: recent versiond don't depend on external JRE
|
||||
|
||||
## [10.5.1] 2021-04-13
|
||||
|
||||
### Added
|
||||
|
@ -37,7 +209,7 @@ The **patch** part changes incrementally at each release.
|
|||
* apache: new variables for logrotate + server-status
|
||||
* filebeat: package can be upgraded to latest (default: False)
|
||||
* haproxy: possible admin access with login/pass
|
||||
* lxc-php: Add PHP 7.4 support
|
||||
* lxc-php: Add PHP 7.4 support
|
||||
* metricbeat: package can be upgraded to latest (default: False)
|
||||
* metricbeat: new variables to configure SSL mode
|
||||
* nagios-nrpe: new script check_phpfpm_multi
|
||||
|
@ -110,7 +282,7 @@ The **patch** part changes incrementally at each release.
|
|||
* tomcat-instance: fail if uid already exists
|
||||
* varnish: change template name for better readability
|
||||
* varnish: no threadpool delay by default
|
||||
* varnish: no custom reload script for Debian 10 and later
|
||||
* varnish: no custom reload script for Debian 10 and later
|
||||
|
||||
### Fixed
|
||||
|
||||
|
|
|
@ -21,11 +21,11 @@
|
|||
groupname: launched-instances
|
||||
ansible_user: admin
|
||||
ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
|
||||
with_items: "{{ec2.instances}}"
|
||||
loop: "{{ec2.instances}}"
|
||||
|
||||
- debug:
|
||||
msg: "Your newly created instance is reachable at: {{item.public_dns_name}}"
|
||||
with_items: "{{ec2.instances}}"
|
||||
loop: "{{ec2.instances}}"
|
||||
|
||||
- name: Wait for SSH to come up on all instances (give up after 2m)
|
||||
wait_for:
|
||||
|
@ -33,4 +33,4 @@
|
|||
host: "{{item.public_dns_name}}"
|
||||
port: 22
|
||||
timeout: 120
|
||||
with_items: "{{ec2.instances}}"
|
||||
loop: "{{ec2.instances}}"
|
||||
|
|
|
@ -23,3 +23,5 @@ log2mail_alert_email: Null
|
|||
|
||||
apache_logrotate_frequency: daily
|
||||
apache_logrotate_rotate: 365
|
||||
|
||||
apache_mpm: "itk"
|
|
@ -24,3 +24,6 @@ SetEnvIf User-Agent "ApacheBench" GoAway=1
|
|||
#<FilesMatch ".(eot|ttf|otf|woff)">
|
||||
# Header set Access-Control-Allow-Origin "*"
|
||||
#</FilesMatch>
|
||||
|
||||
# you need disable EnableCapabilities to use data on NFS mounts
|
||||
#EnableCapabilities off
|
||||
|
|
|
@ -3,12 +3,43 @@ Timeout 10
|
|||
KeepAliveTimeout 2
|
||||
MaxKeepAliveRequests 10
|
||||
#MaxClients 250
|
||||
MaxRequestWorkers 250
|
||||
ServerLimit 250
|
||||
StartServers 50
|
||||
MinSpareServers 20
|
||||
MaxSpareServers 30
|
||||
MaxRequestsPerChild 0
|
||||
|
||||
<IfModule mpm_prefork_module>
|
||||
MaxRequestWorkers 250
|
||||
ServerLimit 250
|
||||
StartServers 50
|
||||
MinSpareServers 20
|
||||
MaxSpareServers 30
|
||||
MaxRequestsPerChild 0
|
||||
</IfModule>
|
||||
|
||||
<IfModule mpm_worker_module>
|
||||
StartServers 3
|
||||
MinSpareThreads 25
|
||||
MaxSpareThreads 75
|
||||
ThreadLimit 64
|
||||
ThreadsPerChild 25
|
||||
MaxRequestWorkers 150
|
||||
MaxConnectionsPerChild 0
|
||||
</IfModule>
|
||||
|
||||
<IfModule mpm_itk_module>
|
||||
LimitUIDRange 0 6000
|
||||
LimitGIDRange 0 6000
|
||||
</IfModule>
|
||||
|
||||
<IfModule ssl_module>
|
||||
SSLProtocol all -SSLv2 -SSLv3
|
||||
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4
|
||||
</IfModule>
|
||||
|
||||
<IfModule status_module>
|
||||
ExtendedStatus On
|
||||
<IfModule proxy_module>
|
||||
ProxyStatus On
|
||||
</IfModule>
|
||||
</IfModule>
|
||||
|
||||
|
||||
<Directory /home/>
|
||||
AllowOverride None
|
||||
|
@ -17,27 +48,23 @@ MaxRequestsPerChild 0
|
|||
Deny from env=GoAway
|
||||
</Directory>
|
||||
|
||||
<IfModule mod_ssl.c>
|
||||
SSLProtocol all -SSLv2 -SSLv3
|
||||
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4
|
||||
</IfModule>
|
||||
<DirectoryMatch "/\.git">
|
||||
# We don't want to let the client know a file exist on the server,
|
||||
# so we return 404 "Not found" instead of 403 "Forbidden".
|
||||
Redirect 404
|
||||
</DirectoryMatch>
|
||||
|
||||
<Files ~ "\.(inc|bak)$">
|
||||
Require all denied
|
||||
</Files>
|
||||
# File names starting with
|
||||
<FilesMatch "^\.(git|env)">
|
||||
Redirect 404
|
||||
</FilesMatch>
|
||||
|
||||
<IfModule mod_status.c>
|
||||
ExtendedStatus On
|
||||
<IfModule mod_proxy.c>
|
||||
ProxyStatus On
|
||||
</IfModule>
|
||||
</IfModule>
|
||||
|
||||
<IfModule mpm_itk.c>
|
||||
LimitUIDRange 0 6000
|
||||
LimitGIDRange 0 6000
|
||||
</IfModule>
|
||||
# File names ending with
|
||||
<FilesMatch "\.(inc|bak)$">
|
||||
Redirect 404
|
||||
</FilesMatch>
|
||||
|
||||
<LocationMatch "^/evolinux_fpm_status-.*">
|
||||
Require all denied
|
||||
</LocationMatch>
|
||||
|
||||
|
|
|
@ -4,7 +4,7 @@ set -e
|
|||
|
||||
DIR="/var/log/apache-status"
|
||||
URL="http://127.0.0.1/server-status"
|
||||
TS=`date +%Y%m%d%H%M%S`
|
||||
TS=$(date +%Y%m%d%H%M%S)
|
||||
FILE="${DIR}/${TS}.html"
|
||||
|
||||
if [ ! -d "${DIR}" ]; then
|
||||
|
|
|
@ -1,18 +1,24 @@
|
|||
---
|
||||
galaxy_info:
|
||||
author: Evolix
|
||||
company: Evolix
|
||||
description: Installation and basic configuration of Apache
|
||||
|
||||
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
|
||||
|
||||
license: GPLv2
|
||||
|
||||
min_ansible_version: 2.2
|
||||
min_ansible_version: "2.2"
|
||||
|
||||
platforms:
|
||||
- name: Debian
|
||||
versions:
|
||||
- jessie
|
||||
- stretch
|
||||
- name: Debian
|
||||
versions:
|
||||
- jessie
|
||||
- stretch
|
||||
- buster
|
||||
|
||||
galaxy_tags: []
|
||||
# Be sure to remove the '[]' above if you add dependencies
|
||||
# to this list.
|
||||
|
||||
dependencies: []
|
||||
# List your role dependencies here, one per line.
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
force: no
|
||||
tags:
|
||||
- apache
|
||||
|
||||
|
||||
- name: Load IP whitelist task
|
||||
include: ip_whitelist.yml
|
||||
|
||||
|
@ -40,7 +40,7 @@
|
|||
dest: /etc/apache2/private_htpasswd
|
||||
line: "{{ item }}"
|
||||
state: present
|
||||
with_items: "{{ apache_private_htpasswd_present }}"
|
||||
loop: "{{ apache_private_htpasswd_present }}"
|
||||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
|
@ -50,7 +50,7 @@
|
|||
dest: /etc/apache2/private_htpasswd
|
||||
line: "{{ item }}"
|
||||
state: absent
|
||||
with_items: "{{ apache_private_htpasswd_absent }}"
|
||||
loop: "{{ apache_private_htpasswd_absent }}"
|
||||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
dest: /etc/apache2/ipaddr_whitelist.conf
|
||||
line: "Require ip {{ item }}"
|
||||
state: present
|
||||
with_items: "{{ apache_ipaddr_whitelist_present }}"
|
||||
loop: "{{ apache_ipaddr_whitelist_present }}"
|
||||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
|
@ -16,7 +16,7 @@
|
|||
dest: /etc/apache2/ipaddr_whitelist.conf
|
||||
line: "Require ip {{ item }}"
|
||||
state: absent
|
||||
with_items: "{{ apache_ipaddr_whitelist_absent }}"
|
||||
loop: "{{ apache_ipaddr_whitelist_absent }}"
|
||||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
|
|
|
@ -4,7 +4,6 @@
|
|||
apt:
|
||||
name:
|
||||
- apache2
|
||||
- libapache2-mpm-itk
|
||||
- libapache2-mod-evasive
|
||||
- apachetop
|
||||
- libwww-perl
|
||||
|
@ -14,6 +13,18 @@
|
|||
- packages
|
||||
when: ansible_distribution_major_version is version('9', '>=')
|
||||
|
||||
- name: itk package is installed if required (Debian 9 or later)
|
||||
apt:
|
||||
name:
|
||||
- libapache2-mpm-itk
|
||||
state: present
|
||||
tags:
|
||||
- apache
|
||||
- packages
|
||||
when:
|
||||
- ansible_distribution_major_version is version('9', '>=')
|
||||
- apache_mpm == "itk"
|
||||
|
||||
- name: packages are installed (jessie)
|
||||
apt:
|
||||
name:
|
||||
|
@ -31,11 +42,10 @@
|
|||
apache2_module:
|
||||
name: '{{ item }}'
|
||||
state: present
|
||||
with_items:
|
||||
loop:
|
||||
- rewrite
|
||||
- expires
|
||||
- headers
|
||||
- cgi
|
||||
- ssl
|
||||
- include
|
||||
- negotiation
|
||||
|
@ -44,6 +54,18 @@
|
|||
tags:
|
||||
- apache
|
||||
|
||||
- name: basic modules are enabled
|
||||
apache2_module:
|
||||
name: '{{ item }}'
|
||||
state: present
|
||||
loop:
|
||||
- cgi
|
||||
notify: reload apache
|
||||
when: apache_mpm == "prefork" or apache_mpm == "itk"
|
||||
tags:
|
||||
- apache
|
||||
|
||||
|
||||
- name: Copy Apache defaults config file
|
||||
copy:
|
||||
src: evolinux-defaults.conf
|
||||
|
@ -80,7 +102,7 @@
|
|||
command: "a2enconf {{ item }}"
|
||||
register: command_result
|
||||
changed_when: "'Enabling' in command_result.stderr"
|
||||
with_items:
|
||||
loop:
|
||||
- z-evolinux-defaults.conf
|
||||
- zzz-evolinux-custom.conf
|
||||
notify: reload apache
|
||||
|
@ -108,7 +130,7 @@
|
|||
state: link
|
||||
force: yes
|
||||
notify: reload apache
|
||||
when: apache_evolinux_default_enabled
|
||||
when: apache_evolinux_default_enabled | bool
|
||||
tags:
|
||||
- apache
|
||||
|
||||
|
@ -183,6 +205,6 @@
|
|||
- apache
|
||||
|
||||
- include: munin.yml
|
||||
when: apache_munin_include
|
||||
when: apache_munin_include | bool
|
||||
tags:
|
||||
- apache
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
src: "/usr/share/munin/plugins/{{ item }}"
|
||||
dest: "/etc/munin/plugins/{{ item }}"
|
||||
state: link
|
||||
with_items:
|
||||
loop:
|
||||
- apache_accesses
|
||||
- apache_processes
|
||||
- apache_volume
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
# The last character "\u000A" is a line feed (LF), it's better to keep it
|
||||
content: "{{ apache_serverstatus_suffix }}\u000A"
|
||||
force: yes
|
||||
when: apache_serverstatus_suffix != ""
|
||||
when: apache_serverstatus_suffix | length > 0
|
||||
|
||||
- name: generate random string for server-status suffix
|
||||
shell: "apg -a 1 -M N -n 1 > {{ apache_serverstatus_suffix_file }}"
|
||||
|
@ -33,6 +33,7 @@
|
|||
|
||||
- debug:
|
||||
var: apache_serverstatus_suffix
|
||||
verbosity: 1
|
||||
|
||||
- name: replace server-status suffix in default site index
|
||||
replace:
|
||||
|
|
3
apt/files/bullseye_backports_preferences
Normal file
3
apt/files/bullseye_backports_preferences
Normal file
|
@ -0,0 +1,3 @@
|
|||
Package: *
|
||||
Pin: release a=bullseye-backports
|
||||
Pin-Priority: 50
|
|
@ -21,7 +21,12 @@ if [ -f ${config_file} ]; then
|
|||
if [ -n "${package}" ]; then
|
||||
if is_installed ${package} && ! is_held ${package}; then
|
||||
apt-mark hold ${package}
|
||||
>&2 echo "Package \`${package}' has been marked \`hold'."
|
||||
msg="Package \`${package}' has been marked \`hold'."
|
||||
>&2 echo "${msg}"
|
||||
wall_bin=$(command -v wall)
|
||||
if [ -n "${wall_bin}" ]; then
|
||||
"${wall_bin}" --timeout 5 "${msg}"
|
||||
fi
|
||||
return_code=1
|
||||
fi
|
||||
fi
|
||||
|
|
920
apt/files/reg.asc
Normal file
920
apt/files/reg.asc
Normal file
|
@ -0,0 +1,920 @@
|
|||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: SKS 1.1.6
|
||||
Comment: Hostname: keyserver.ubuntu.com
|
||||
|
||||
mQINBEoHZ5kBEAC680PjynWTcP3ZtVfWWL6zQAcD8JoC+c5MbnpFScqtBc2MdlVZu6zED+B5
|
||||
sw2SSLf1EZlfbTPc3GcWTwdiXj2GQKzjMra1MZKUnVOD/uMVkj0ZTszUQziW01O9sWPhxbMu
|
||||
Qr7OD04jQ7TjtBBEJD+yf0HJsDVC7TCbpcNNtmhXByXqw7bgo0rzxeOB3hL88I7AcC7ve5iR
|
||||
xwXoXJYs1hgJMPmZXJmhKb0a3pVk075yMsXnxlOqM7XBk++zodDR03Ym21GLFOu+3DLTX9aC
|
||||
aU/AjXb/udtEBAHv+iVxZChzka/KkYMY+KX8A7niE/UN2PIfhWDTmLLcTyBAOuis6cUqDm2a
|
||||
w0IbXh359dfBbgV4/QLoafcM841W47Menp9tb0Qz1uHYwV6jjDEmbpGgEJRGIqd143j/zGBP
|
||||
xffmtPq1zn/QFVBQNltLiMyclAR1Yb4fksDkt8JGmvI+FwaHdx3dn1VU0hbdYR/5CHtsxN4V
|
||||
P/juUOrjbagp5zBBXLlVIVceGoD0mNkNWPyZh8C3SHg2Y+Q7t+cz4xysQN5BUHL4DX6nEIJA
|
||||
u0cZdBtr8dtkJToYlhSFaLFwZh/XmOgOndSNmeJz4ll29Xc3V2/hCQlllHXux5E79rRNRKK/
|
||||
rSydUzYir755udPWw18+6mPUzT6NDaVDDAwSOLOn99OUJt6bBQARAQABtB9HcmVnb3J5IENv
|
||||
bHBhcnQgPHJlZ0Bldm9saXguY2E+iQI3BBMBCAAhBQJWEagEAhsDBQsJCAcDBRUKCQgLBRYC
|
||||
AwEAAh4BAheAAAoJEESXUni4YStdYDAQAKuwOHT+wDS6vL6Xqp/59eKLaB02lTQuTDFq55K4
|
||||
dK9TNYOTmPoxvgeJigT3pHHfKQFS/wwigkOfv8VebBZAcjY03N+Joau1Vi+Er2VNR5Pt0jAf
|
||||
ApwZqe+8NMAfefculZvO0g91g2lcqJoMUIaUemAqOD/CoAMMXGQSNlX4BLsI7dbvkLLjbPSa
|
||||
wEODAMvuSLilI38dj7wBC30IAOQkOdkB34I/eL/sGruOxYSK7UFJfNU1aD2oQhTkYEQ5cgNK
|
||||
vE325fOx7m/sZ5aAlNvtZ3jS4ym45feT9xrbG2qHTbJiVAhdtfHMXGOU6/0UHJ3+YHHdzZhu
|
||||
0NCWinu18nDVeDWLmkqkZd77QtTpC/zw5s3+t8lpyqUAF+bN80ZHbB47bFphIupmWGDP2ihM
|
||||
NBWBwwFZb7ry27mLyyXKVOFWrYZPrdlNheEjUP7x0GzEO0kuxYO4fyTic5lu594hxwt/LWV1
|
||||
s48SV95dXqpQIRroV8ePZoJxlD4hXh1x23AgkWgG+SS3perIGypmouOdl9CQ3yAYSCfcTKw2
|
||||
dOWOxGubseyBWw3EDlWKZLkrqbBGxfBz8XJ92iCJ27rRhtpd6XEbqhRfPR9TGTliIfaruTLp
|
||||
MPrKZh74Hs7LAhHo0nkwcOoE/iYHhQpNXHMnj0hqMcwzzf6MlSrgJ/VPgQ721d5nTwrjtCBH
|
||||
cmVnb3J5IENvbHBhcnQgPHJlZ0BkZWJpYW4ub3JnPohGBBARAgAGBQJMa+/FAAoJENXKmwTy
|
||||
xCO8ggsAnAzhqo1IQ+3qwCWD9ifx4niyPiAFAKCo1ou0sB38EuQXnWCyp1ajblx37ohGBBAR
|
||||
AgAGBQJQn+UPAAoJEHDzXiRtUx5z2B0An3U1rm/gCkoWtAcsC/IYQ2hMVaMDAJ9ddV8IywsM
|
||||
vnKJ35rfg1PLT4KNFohGBBARCAAGBQJKB3HmAAoJEDIXXA3BAnoOiOgAn2tHyIuAGEY2ctJC
|
||||
yM+C7hmyMNMKAJ9asA/uRkG4wiJwEP8DCnNB7Obfq4hGBBARCAAGBQJMXHEgAAoJEOFVF/Ir
|
||||
CSDAnq0An2xcCMh6H6vIT9rmbxHgGbc8VfTEAKCopbM+QMAGQvOROMfqWJhiCB0fHIhGBBAR
|
||||
CAAGBQJMXT8rAAoJENTl7azAFD0tTz4AmwaE8zBHaUWbUnsYwWXqxavmf8BCAKC1hL9GKk60
|
||||
yXTEW1W1QUm8jIYILIhGBBARCAAGBQJMXzSgAAoJEPmF40AK/HR2eqoAni/Hvg2M4e4vrju5
|
||||
wPT+dONsA9/vAKC1X1c4YL1XiJ0fXpT02U13r9e8AIhGBBARCAAGBQJMZ0yhAAoJEJ94+Dzo
|
||||
xDRhLFYAnihJShfS/zRoG7iTNhgwqyLxGqczAJ0WIP7yfVZbP1N5oe6LwhQsZ1BdVohGBBAR
|
||||
CgAGBQJMXlHCAAoJENoZYjcCOz9Pjd8AoMdNUjbpkScdndClI4EqT7tn6PI/AJ9Luiw8fIEs
|
||||
iD5yM8NOkdykX1LPyYkBHAQTAQgABgUCSttnewAKCRAtDVq4fCU9UlJJCACTQKre8pA3ud/V
|
||||
esa7/TmJI1S1cVWj8FlS/gatvLJndd90i50p9uGm1yA4g8iwMnGdcIWCuRfBlhjUnUJnTX4B
|
||||
QdnUU6HCv9RQ/OlJ99k7vNhswtgoEGQWq1mH1opSviZ3xhMwFTiXISQ12i4TiGSiUfbXItzq
|
||||
yxOf/gtjAMGrfnNB4MUYPrHL/lSMs24evYFR5DgOKDwVE3vVY2Wf2ytWKZJQNvKcm7sxIxKq
|
||||
W3OlW4wzG2IMxMSTl6SHYOqIhRGS9xAj9hpIfD5XzZjl/iHmMZMcuRA1LPxQjqdZ5CeF391P
|
||||
p6vEobkSyX0LyDvqcvy//VHn0l8cRuyEmgrTpdmTiQGcBBABCAAGBQJMdo7oAAoJECI64FW9
|
||||
lOFUIpkMAJ/obi1HblArRgKmxiCIMD2/nTcj/ML3tL9HfZ8bpWZ6YJIUsFRcmHCVWaOaCBMJ
|
||||
omiICZbcot3v7/1p0D/AE57i0IFPZpXXu4utC8B70JjWaMJT22kVi3hvhrChxlZYNZlkXr8G
|
||||
mKhGJpzEfVlg3hp26jbj3jEEGmjJlii7uuSrV1VJjyZaDfTNbgXMbUL/3sISsKODINCLlgCG
|
||||
iVqa6Xc8bIo54zQ1Rx30Ijn/6ElFvBMSdZPu4wQ9hKrJGhrqY9FZ/U0xfaawEzxbmdZKDxVO
|
||||
Xdd/qD3lNAi8Jg6m6qQO9/A4c/Ln80ll8St6MrfLwJ58QRWawTQcl8wSTxouC/ag85VwW1lX
|
||||
FfnulWVjqRAY41gVY2SaBb78A8pwuwy+ixBWGqAyGRVjahNj/uznD3kwQh1DUwjyDe9lV0TV
|
||||
5IpQy4YfXjkukwt8kVvQUL/p9w3/gmPZ2lXBuEgMT/NKZWKszgp/JZ45qDUD8hgPlK9bICRm
|
||||
iQ1KjcAV3mh6dYLwJ4kBnAQTAQIABgUCUipIgwAKCRDvc+baWDa4Gqa8C/9aWvMONUnoDGjS
|
||||
H6gIsnJn0pGQ4zx/SU+Bt8MG0SPbtv8Zu1twofiX7xSV8p7/RmESaQyjbzOD9mMvXwl5mF2N
|
||||
q8IbDhvJmEcCCgVolhM1g1YtF8uM/Az74tNLmI8gsIiX/Er8045jMANp+UozOLvrzx9NpVBj
|
||||
InDRhXt5ZF4YeMdB44cZL2OH8juSbpZAPFAi3Lm39gSMj3eUiUavT6r0Ok7AC3qMiaTvvtb1
|
||||
VU5vl/CcevaFE0DfZQ3+1iXsshnUu6ql2NvFPSn0tR1S8Ekk8NfItbAGComC4BF71MXxY9Af
|
||||
RW21ROLzRR5Szm93E5DirjTC+vfxQYwEmemn9v8KWxMlmFTu08GbBhi54bBb0iuaRc9lf5E2
|
||||
dixJqLU4JVUPxjOk6tFvQHtZQRj7e5fu/lusZ++WKXnZsH0AiRekbN/j1Qh65aDi17w0ebXX
|
||||
lsKc1kqryHNTq4PBrhrKbNBa+tlFDcmn3yUReIxfcZ1Bm3N6PxNiQSxx9Wf6LL/1rPuJAhwE
|
||||
EAECAAYFAkxccZ8ACgkQ8aab5CnA/+7HvQ//dhkVGegUq2TyePOTWBxK7EyLVEZEBr2HXa+y
|
||||
Xqg2i8Fdou5smHNEd0q8dz9oMBEWcZtRYmGKzinGcmxzArdmVyXV4fEkUab9zfL8g6dGxo+N
|
||||
wqoHt9DteuJEURwakSJ7oDW+DlfzxMJ924sg5cuUtqcnZwy73a58Y5fkPaZVf+/HrkadZT3f
|
||||
7fM8pb7JgJSRhgmdi3MfbUQcDgbZ604MifdEVIbXX56ex/9OuthbQ3lp6jHsvHcXPG5qt9th
|
||||
RXkztoyKcArSimHcOFrLqWAQsF8u8PIYNaTKyJO8uRDYjMGcJQv6B8HqV2eiLCZtIEdcoWev
|
||||
Y/oeflGDh0PbGpswAiQzoSxjvVdPgPUTqNnsl/eWvup4govByKV4y8dxgyM5a68a2N2t4ki2
|
||||
TwVu8LpCRzuiin0EvgkM4jKSFU/KPiZemdLq31D6o0dQorx+Im31XWv/H8XoI2jGbNeMVWHq
|
||||
5WumzPhTfgFVajQEc94Te29vea9OV+mlgIDuTzqLD2Je5G6BDqu5EmTlO5sPDJAwM1c2ckJb
|
||||
fHjtUih3Vw2B339NqF+aneOX9MH4blAlX2V5vuz0xtmEcd7Dy6wKjzmX1Tcec4VjDDgtCoH7
|
||||
vWzCeQmlWLzf1tF9keUvRn7eUktyAqozvNdE4fs6+3igdFKoI1RHNkFO45AuFe1goN+uDFOJ
|
||||
AhwEEAECAAYFAkxgK4sACgkQHnWacmqf3XRTUBAAtb4DXxkzn14Qo9JME9KfZ3QA1ZfoNffR
|
||||
PgxHkLX3q/KzGvbQYQc86kh6b/19aV1ahcUBrpABOkV/0k6tASrs9N6V6KBcIQbJwRETyWU6
|
||||
G/rG47h+4fWIMew5XwCzUzvqAD5GDp2XfivDQuVt1Ta2WcEAmKVYNlHYowpnEqxvLNSSbXuX
|
||||
Afe+OK4XxaFr7i4zr8zS6S7NRigAdENCt2Mr4slo0ldnRn6uQ57ixfs23g8LO4/89zW+GxKG
|
||||
PPUQbo9epE4hCewTAyWwrpVz9NxrodvDL6D1W7kY6caiOd5tArNKpwF/GCH/vsGPU3NsFISI
|
||||
+P8GJUwtmM/47xgcteHthx2yC0HUArTV0w4+PnAaelpxzAyqd3KxLLUNJ3vjv3xpwV3eGWSG
|
||||
zd3UZ4AYTJmSlbgzuJzQIwwyxHsA7ypUUsbdrsoQaTkACUOsHO1l/oT4P+z3/tWPuXqUmO+D
|
||||
Ly/pBiCRrV7c4cHMzud/dKBXuAK/gS7VD4Is+K8/srdEJTrPB88zleiLOdffymHtCAmZPn93
|
||||
bvPXUcJk1PiNQYRwQIuIjHJbbZL8rxqVo4NCmi2HwjqMaow4GLEPSEdqEu83LpSU0Ts0BJvF
|
||||
/6UTUEs04zDjSXpAGrPhWoom2jxUllAJq5Aek+f662dZpxVLxzMHWrLly7Fb1WPLbCrWhqIl
|
||||
k+SJAhwEEAECAAYFAkxgNzgACgkQ14hMRxjhj0QJqg/+LKFGM1orBnYv+DZeVGbcPrBJVkeK
|
||||
nAVgX+HpIo9uY7F6rRMZU8BHmxqM66k/tPwwrVzrgrLScK6spQTUjxKbjGkktT+LPVdFdB9F
|
||||
2QdEYCwX1AB+0InLVtrXF/yFFTqlxxgLCRamRziO6w/1QDFMsDdNbIgxErjMb7d0MqRFNlvR
|
||||
fO/ElovAPWlf+4zA0xiCRVbV3tbNl1/ILh41C8gc1VoTYdmUP7W3F6xCpy4MirSkY8LLDcax
|
||||
wF9blsfc+gj8mW5yegBZnEoZchasl1thZ7Jt05tMkcEFTVYMfeReo/5Ww/dEpSfhjhryq5MH
|
||||
0sSBT/1YGwbdgBRVzmocrWtQJ9i22MY3RboKNeAFs/wx9L38z570rOdemtfuXzKmI8jlcfQI
|
||||
BIrE0p1zHE0OzgdfAI/uiJMZ3dRZJXsr8iVWuER97QqYZZkgDMaSHxvuKcNKQol9AbnDWbpl
|
||||
q0J7CBo5si41rXpUIb/18FydC3k2KzjkCAaZs7VUCguWU/YKVw68kfrksJB0gIGqh66wYda9
|
||||
dpJVmjVNTR5bWbo8//ZHQXFfGccWoRImEZ7dD4xKTl1B1ihmgad0H7Bynd0IiORVs5zbdbIE
|
||||
FCwnMjjB5nr4teU0wq20H8CaR36Rw38KgRrcJdSrJVDrmg+A4PPsW3aA1K3oCvREoR2+p322
|
||||
8j2c0pyJAhwEEAECAAYFAkxljxgACgkQE8C1Zno4sLCijQ//VodIvktCD/rmvxmbby+tjTFp
|
||||
yNPRgiIdLyXU0Wfoi0TqzLsATfOluWVpJqSqIQ36g0wYc9T8BemqcBepDhj5e9NpYe4oq5kF
|
||||
IxIJHzH5jHSM32vPVxJU4PzYcZzAMEVWCEBx0CHgW2cYc/Sq+YNq8Y/c69R8WNjse0qOZP7g
|
||||
zTInr4JqL181TVvGHt9Ak4KNakxEVLXGIXVSV9QDDGCpYMkfpEy7pwvtV68DFVj2nHHetzCp
|
||||
3gYi90nsVvk3t8iowNUTlKkxnj4dZ2lFMJfZBBeNev31JLkhyqExUoBzZMDmW+c58nye8Ode
|
||||
hXnvZ9nc0pe2Z6XWLuraYDqNDKGMWsOTG8gCPVrZL5BtHr4Qh5uuAwT44PzkdPCdw9NaHw1n
|
||||
0s47Uuailgg+ZuZgFXxNcRD5A93Ovl6/skln7KyTr+kJ6BsDcdWzcXpgQ62/3ayxgaOEZlKE
|
||||
VLJsngKhcjlINiIXc6t0AVZhAlgLrLAvi1G19ISqNPNBRGUWeCYjC++RCaC7i/vAFWIQOTLA
|
||||
NfCtzwhF+kopF2tmmt0ubapaH2CycmWLr0EIvPUIJ7GAW6tkjjv8tfkn2VtT59+gE1WmwR4q
|
||||
55XkJ8zbX9tJx62w84zkQA6nMnbBQ9nfWY1eThRk5IOXKElyk8cNIZlqIPPH8RVP/Ng9Pjj4
|
||||
+vSOAjkT8LyJAhwEEAECAAYFAkxmx/gACgkQHAH0Q8nJPFo1uw/+Nu1AJqt6ifpA/EaWoDnU
|
||||
9hSYcpVq3mGivwEE08U5/2trXl5fcAe8qvdPB8JIYRROTLSUIsTkERftzxMzsCIb+iMj7bKx
|
||||
5Ip18GSmTOcJU32hin/l/DZlDxB9/bo8LqCurbpEDeZ84zV//F6AqMc0mUyxhdVA/y8gEp6x
|
||||
YNnVHU+AmIxzHkE4n+Rrc6JdGUODOL4iZcewBl2IKcYzRzcELIFMzjnSNbA/uxKE9g1kTa0F
|
||||
QUTTpy/y5f36ykfWWdrz9OZFR81/UlZ//gv+sr1UHs6uMs0QayF2QJW4iF0KX4IQWCcbSRyn
|
||||
iHuOzpmJuTFu0KNmU2cfRFLgyer80glsqicj0MwI9shdtpp2+ulfi2itC/gGM00cynt2WP3d
|
||||
arrohFDOwCuAVWjp5dtENk8LNCK2aYEXlHiW10kaGi9k67AVfrV55p8WVTWcpT9oQ76wafnp
|
||||
jUb6XPou4DM0Z5ItJqvDQv8823b5BCnMeyG61x9qCTMhGMEzDLFFkXalViQtIjsS0tzF+S1I
|
||||
B+dVVvCC0tMnPWoyyqYNqtC0rIS0I+89uQuDD/4jAf6hL7sKLUzdLs8NByjQoV9nIaXEHzp7
|
||||
jBlgAZgx2SX+eK8wF/Lo4d0a0jddX8PRZEjkx0HOhaYcW59tui/ZXr2UDwlTTuyfsSpo35K0
|
||||
+VdJ+mtz8gHZ2lCJAhwEEAECAAYFAkx25QoACgkQryKDqnbirHtS6w//Xt2HPPu9r9Lp4Z7C
|
||||
U1EtWEDzBHZoiYrX8GBjfx7XJqX0kJWAXTHoN9HtGDwCil2bTb3WwopNrFUShR2yEs2Tbo8I
|
||||
j1n4veQxx5japTb9b3gwh/8lRRPCfF++jn9q6927D+0jJde7hx3G/o0OoJP2H04kEM5wrzup
|
||||
1nOkH/L5+bFerw4eYir+hl0oVfrnK40RKSnzy+6sD+FCFwLipOofDX+qVp1VguzwkfAwLTSD
|
||||
PVxsjfvxKdRCj49RbI0Q1svMu8iS0Hu+i6e+pPVgvy2Bh9iPQiPNaGG9IeHy5mnq9T8yxKd3
|
||||
KY0mj6ipuHm3c1HPJln5bFlt1K6mrysbZtxafo+O6XeIUoRNqKi9eyA9udgIdHPuMAypsYFq
|
||||
M1Pn7TLdSnRCyuhG0UFlr/nx3VVH7PLOerxMCZf7ApfcWA/s/iBG2DLpeB698UKOSfogcbWO
|
||||
JW7Dteg4ZCL9zLxRiTZHLsMHnW/aZAAwoh/zV2Kpd6qbrZSyqgn3Pys8kwiFnnf9aWdqXmls
|
||||
oNswHZeh3JvMOgs2QyY9X/+Bz3k1vf4a2aU2gINvL55aRmtgd3VDvWVk41WcRAvOfBPCC9TL
|
||||
0UKbIBT+/rxuse6UiS/lVRNngvOpuUBmd0Zo/PiXxsxq+aKX6FQzZs0HsqAR/Ov7bmbh7Z+c
|
||||
WwE0ZEogPivsD97qv2aJAhwEEAECAAYFAlVxpVAACgkQ2oKDDjzMOjq1exAAo41+8W0VSibl
|
||||
OmQWDesxI8T+Qlw1v3Luf1CexMx9UsEktH5yP+guCeVpADMupSeKis8q0ayOgqXim6gyRjHS
|
||||
1HklDGwUnhUyfDu5VNqy7BOrbUKq32TOqudwtq5PEyohof89/hR0UwfC18hBkumW7NfCmEY+
|
||||
kUkvlAVzVwbSAm1bjkFu3DLD3RKN4d4UG3kFc4tqY0BweC85UvJaFFnY362RLCBV4gTjXVgl
|
||||
UIHXpDSt863NBTtbNJUTIf1tt5sFqknZh2N5UzgtkTz6t4N47+k0VZfxuk/f9MmuDEHAEBBp
|
||||
lj4X+ofPXbxbr2iaAZjT/LjU76tYq7thkbU2NRB6RtDv+Tqfib5z5ecwNEKIgQ6BelCh7pRI
|
||||
wnMYhx3wj2aeY28vJ9vE76NizPWiZpYzD3MHyWfN+kIuSDRZPBhSNLnfA5uUuBQNjS1Ad+QR
|
||||
Xo6CtWZ1cE/7Xv6DCKmk0ThbGrvwkHKJGrpJeaaf8lP0fo0L9cIipqx3NSSKHGe+B7zhQZO0
|
||||
QBlTfXRlErjuZ/j+V8MTZqsmlhdVi+hElTioj24MQJiXfB956RuOM+g4P9v2QT5RRD0C4XaS
|
||||
+KSC3eejZGYEeJAmB0uRztsRntyryw2LF6WxcSyEg0pY+/SLFxMfRIPlcAxMM0SB7HSAFZ5V
|
||||
nQJHc7bBkNpw179YqexsIKaJAhwEEAEIAAYFAkxccTMACgkQ8RQITAhhERF8zQ//R2Bls2xP
|
||||
vxotETrAPF5MOjDqlK6aeOnSyI7shiWWXL+7ds52SWsmD7IL+7XW0t+fwvfEVOb+qNWIiVaS
|
||||
Yg4nvZQnTkCqTnDxTzdxipEaiK0MC0bXmAikBQjZ0iiveOMYOeRx2PWuUOHrymcvJ+atlkq6
|
||||
pk/mycZGpVitnO9crTb17SLsm71k5aV2u7EBCEUcbakmrx1mDvBoi/tSns5y9YEPTc6JcKtz
|
||||
VqbyiSAY5dZSaLc8IW9Aqn533kPyIwYXnbxd8cPFDxDLhIeBmZnVTLURE3517RXZu1ngZEFh
|
||||
pSoT3w0Xg0cgh7eJ4Vmo8MnW3p33+dSHbWRlgrNZcB0PBWZrByS/iS1b9REgFTyU4UeI7lH5
|
||||
zLgPdxPKBvCNObRhKg/dAmqSDq5EHYgWxn50p3TCfhrDrkoD+3seeee+mNARjLP4EDyBF4/k
|
||||
57SqT7ytj9TWQoQuGAodQqNXwMKNcldz4FRZ3rMFrUpJj3uD9x2tlT/3bCVKQ1QcPSzKcEcq
|
||||
zq9AZzjH7cVEbgpKI5zBJlejWB6aGvHLIhYZb4EYuO03OgEDDj9AUvIBFBxKdRvCzeTZOCTM
|
||||
/8oAgSSVmFewEI4E0yNxvZu7wjSV5LI0AiyhwnCWlfYM9Hgxbai3cv2osIK2p5GXbaRykhwc
|
||||
jc4lPrIsEE3At2UzlzO4TTI202GJAhwEEAEIAAYFAkxdPzMACgkQhy9wLE1uJahHJA//a9iV
|
||||
wDsx+OxFu8+vPEXmJCKt1o17+PyhskIvNSXlVPvpYIpqNKUJQXpqBkiNASrCOQSHrQtw6p28
|
||||
9i011TMqmMZsUkjqk/Y3Yzx+SPT6KUfny7qQzGW2DpHL1qILDFMywzvt9djzWT6hmH5LCLSB
|
||||
3aWMHIwPDvtvylzHPIN2XIABSBxnHgeEi+2ZZoLZE7HlQbwsAU7Xguj0K1DHe+urOBYvU0rq
|
||||
ceqiJhnY8b71bwQRhFqVhoFkW/IPp7dujQxeJVvHZQLLNkB4RMqG+kR2Ku04U1Fxbh7oc0vr
|
||||
e8EAYdMfutU3ZRWZ4D8Ltr+q/hxy6dm/bHrpFu6NIxox6KrR8zewcoGDQKI9BlQn8mrIof0W
|
||||
YWNUusb//Vbz58iOh3POcjs7VkD7aPo9R/TaruBIWv77kbjszlQaKKHWV4aIVS9EXW0cPpeF
|
||||
OQUaq91aAxB8Tw0Clx1TfVc/QZJB7/l6k8deXgo/+4JCU/BBmsplR6mG5mhY1Iq5PnuutU+W
|
||||
+sHQRYSiq0EKdwmAaq3AIz7D+rWafv83Ea1cZaMph23ChqVX/e+YVI7rxxYCY1bubd7TtYWb
|
||||
VG2W8ufTwemZBxWFq8HXc9d+Qm3LHV20Qxp5fAoYr6O67XYgQicIFW7f0lJ54igqH67wFjOf
|
||||
zOTHfWK0izIeLVtp8xmj7hbFrXXd46+JAhwEEAEIAAYFAkxdRNoACgkQU5RHndNSTFGQ7Q//
|
||||
YTQ8KFH7n9MYRpb83fTRfkyreyQyTdbcBsQw7R8Tksx/qbidiZZfI2cILweIqsumN2bF+ibQ
|
||||
VYx/PpKEStaW1VQI5Crx/kSRmBaOlipbbfO+A3sbp98hpKMmaIxvV7IhN9qKhjcQR0YGXcam
|
||||
5oVVwjIb2n89nqiS0qnGIUSTLzK5IR8Chob6tpnD3jQAnxE96wyhADedhCVMf799HSoQiiAH
|
||||
TUarSv/HMIws34LRgZ2voFXADq+CE1Q2rBEapwrcDSkEQEZ79LImeuS/S1Be2ritRO+TFLzc
|
||||
982LuHBxUa4MlcwWtWaQQ6PW/c5J7QJz0RiqaaL0DZxCw/Cr2e3MIfTCdK0zPg4A9BrNsQkR
|
||||
/zYmePPTejvbsYpsWbpOknwZNqoYRc4cEaukAtdhZhFUDfL7jfh5HppCIM6EN3ovmTsRhauv
|
||||
LeAI3J7JqrPp2yLDbL43U+1ejsD22+l2rmJQcQpRsdD8KlJX8bD3J0fCRhhIFNABjMmy3e4T
|
||||
bij7ZM3ovNZLCgjHmNa5ASMyS3l/T2Rqu9rh/pZbPWS2hPTlmYTStpb2T+Ax/anpXSW3ZiAW
|
||||
fHGOSjNrl9+LFqCdjyzvk/u2kbgd9VtjjFfpPS8xS1dGk7iIHHQQ1GZXc8s2WB9XkGGpD/j3
|
||||
8bvLJG9EXtqVWwJLo6t/PMOgnHK9dneq4I+JAhwEEAEIAAYFAkxfI2cACgkQeo9J6LY0gL4z
|
||||
KQ//YgbbsU+C4e9A4L+b9lOTh4ICrmYg0jD86oBtjTsomMO+UP3T+mVH/meHWTzr+6ib1vsu
|
||||
Nz85E5OWHeHL1Mzj60gbZSn/PMcfL++kKVCMhJs/HN6z4t/hY+GkafkeZgglnqItkZGK85ME
|
||||
SmpoecuYsExEj9fQaNjHuCOrp3c+B0PJ3PSQ3qTknsOnUwkOgAhgeni1RusUqckryre1pPrb
|
||||
Oy9RrTroHGsbvzfbYEYS8IVoaMP1AJj6o1kb6vomTmWlh7r5UM5iZRcFrKK3qjQaTYr9f8vf
|
||||
vpJZ0GlWT6T4szOmekTnYuZJGOumkLScn66qSihvxXXlurPP0XzVObz7YrZ+GEDNJxXwPJpw
|
||||
fpYZHsuSXv9Pu8S1wjbvL1xq8WEjwd9q4kgch6r5SD4+syLydwLHiBXTc5dfVO5Xs6KzWtXE
|
||||
MNsFBrDO3pgHtWvS2V6peL/yG7RJJztzZUc/IYZWuEJIU76rzU4YK/SC2Vse9lVA3I4s0knw
|
||||
5TCFvZHTV9KIjqT95xOgdlZKmQc0uXSPNrVfoi28JOfcAGnSnRX52KFt6yBrhCBCWuVTZTgk
|
||||
hKSIktI9PPC/C3xyLwxJjz1jPwEomhtnNx9B04W17G5c8nW1yCjxPxY4Q9LCYpMYXGB2Nena
|
||||
YydDbgfA6ua1exRQ+ZkWpnHqsmCLL7B0C/7oTOeJAhwEEAEIAAYFAkxfNK8ACgkQ0V0xOIIA
|
||||
QXMoXhAAs79q+JHo7ulKZvKDkh+OVOXrSh5eKGUmuqK4RJuxrHmthUFkNTsyNBEZc2+QWw4B
|
||||
8q8ka0x2/1eIDqwsKwHOfcQdyMepGiKnGWm58vL5CeoV/pZW/Yzrs6Q13o6/mm02bcxiVlqs
|
||||
ZGFiRaueY2QJ66viPY0TJPlK3CavKKgZQ4xQtfQ/MDg8sdEnu3G/1PWyyHfMVsq7fG6MXCdY
|
||||
TisgHAEyQJXgpCnk1YIuwxZQPKbMhcjiGbkKBMeQi9uZDiDUtY6s6S5MZGsG5v0KTuoBt2Kw
|
||||
XHbTgkFT9wKaQnK4rfMjGtZFuwiZw8MPsFgz2QAR+1s4mIkCbLPPl+jwL+F4UkEUJvpKWcPI
|
||||
AHnDe2q82vOc5ToWfm/C1cSf7cuLi2hGuSKw8JHuJ4hBF5NaMhmsrBOxjS9BC1OrutNvjoa/
|
||||
bBihJxX6pyz6Fhd3wnjtF8f+H2pxu9/9M6bv6lkHZDQxfnt2+muwsRncx/wU5JJcxzxUzcLl
|
||||
wctSMFHmNU2egx6Kw+vPgPdkthrOZjkLQZZj9DZxHK2j2ENAm4jVF2Z6cUHHm5tVTsR7XF5t
|
||||
CeFRNPUlhoEz4zdJiN2qflMY0pm9MjBpF44O8usWrEpUiPN53bIOpbPM08zYZ+BBGPOgxZbh
|
||||
6Y68YUAq9XfVn9okE73HeyLLS/bpBj1QSe6QapV7sg+JAhwEEAEIAAYFAkxh7k8ACgkQcDc8
|
||||
8SkNuc7NWg/+It0T/mHuye7+PG1kQbutyVw69/C7yyZkoICrcQQ+Oh81Ba+DENSKrPVkmt2o
|
||||
U3HR1bL+QbFDjUa+hnLHXh4N9hlREDbsaYdYz3xLbXeGOPDt0QrLn3mdZ2cZrZwLjcqsu+bz
|
||||
5sRZMbKKTXqKkMQaDcJa2CU60aEoH9d+QJkIhOHiqkNvVyrKbiMoGnJoKDppwG1e3+Ri/oXA
|
||||
6Sx3cWwmdVrNlwNAKraTFlw5Xh0RUQ5NJstxX56PN7tMm+PEnY94bPTJHiyzG1obm2Ona7sg
|
||||
+P3DIvqMFIkldhNz/DdeCjSN4qrB2u71tC7xwAneqqLpPuYhpMpFtD/JX2lOhoOvo43n+atM
|
||||
jqIU7xhZ2W0L7n64Ym31+wqqz6NEx+aVp+OgYVJPH6MA6jel3/KFhHoWpdnLJIL3XLq3Op4U
|
||||
tCio5JfouHfuHVdslmKlH/6rO8SFY4VZGF+RZURMze0I6b3HN3WQb9Qv78hg0ZrI4E7JIbhc
|
||||
oQQDIXgASS575vjK63/WRuMDxEpLEUflESKBsG02GJWe6knx5lACdIyD/8kZ6MIV9mE31Nqd
|
||||
zVKv+i7BBomu+ci/4B4LXn5LcPphmGPAvL1aabC7D/9lxLPA5Ur6LHDU08LA7S3j5Z7Iob4m
|
||||
KbS7pKaBdYPLm+kfAlw88bDnPioZwkWSggD5/6iwEN2XseeJAhwEEAEIAAYFAkxh9TkACgkQ
|
||||
dzH8zGPk4neH6A/+PTNKtYOQmFxM+1QJEqK8+4ZOyeIB74wHGI0VyFWRb6Bt6K7OIYAfp8Vr
|
||||
F4kH3DYPqRYWZLyG8Krkff3HUwdgBdrsRRQKN5Q1YwpwpofCcdDY9l3fmlUNx4MQN4Cx9uBT
|
||||
XY1OGTOMHHCog2eIOIkc3sT4xZ/zIcgFKM245lXl+fLvbJId8jZjYFwefNerUX1bucNoaloC
|
||||
drmbUN2OItXISlczLhSZlXcOyxU2Q1DICK4EksZy0y6XRnYA4/7JK209AS5jIZb6UvV4kMGU
|
||||
y0/CBTW9fJx1jZthN4bLxHMSVFHvG8oqRPmr7bO6KyvnxeGY/0bd30nA0hoVyDtKuIAuBYXL
|
||||
nrnjHogjF5sl4LCXLNDmIqbYoXMCAuYrlGaGsLzqGqjPX22yb+5B3zYCB17nCP4/l84auAJL
|
||||
6/EOrkOjTRPWIqsRO+dK8QENfp2zYfWmr0G7xBQPdeDvyFHbY6LO+PwzVfzESGranmiliTDq
|
||||
fGUGT/F6F3eBhKb392zDllJgfeKLt8V00vqaY8jqXS4AB6ze7XkcEXKsshN2atVsstUmjLKZ
|
||||
iSO73irt1X/Cg6SrKkjDgUhwTmOxywkHBYjsot2NSYcrdkYEfK3nPpesB19dgJYzPn0Mborc
|
||||
vJ3ixf5c2mjT1GHIdrp6XEjqLs2zu8dKLDiTJPSV/Q1H1nEasMKJAhwEEAEIAAYFAkxi3k8A
|
||||
CgkQd8b7Q+PTCCRE8A/+OY2000flzIxhqxc23BzEOXWxwZ+tH2r0UQTq8kwZiSsva+NIjN5G
|
||||
bx3MMcT4IyGF3VaxKZRJDPGcK3ByJS8HnCv58OE2iF9sUT2BZJEIfgniHgDA6iLyyQDmM9N6
|
||||
9UVoYYqIWff6Ve+4gPYebafy3UAgUJLHdrknfhE2fseE3jEtdsn9AizP7hc46xPkeuaAD474
|
||||
4jtM8h0zVk36l3gdRwFZEWMsxATskct3hLjKv4R/EFdEgIo8x7hK0uxvc6JyyguOznrwAgP4
|
||||
0LgXv+Ci2BWrf0awhOyuDJ+BiViKtEuzcqgwPR4GgOKkvzti8jkPNAvjCEIHTpWJwkIZ+SNW
|
||||
aaIZVfbZdSTMf3tfVkUJ8tLImtfHwJ9b+BPxpiP1DENZtxmbOsKPKeH1SIGO2BUt/Y+i0KYM
|
||||
rJmhQiL4k62PIRRhMKuYjQ5sasa9oyAACxg6nJMJoeJalJtcE0ZynCwdCFIkhYLXVPAgHCUo
|
||||
/c5Wq20YMW0sqerdf/oLwTHe8Gyru8JfcRS1mLBuTPWQUGIt2h37WMysv4hCHT29N98w6zJL
|
||||
jIGHH6Sd8PBw+WBxg6rpeGH8VVuLfHerB6XEMxoQM7FVAefDUCrHzWUrNHgSl5qG14HQ+46y
|
||||
xxegb5XNGM+ku721W/t7YsA15ASgZi8ehaQ7iSl56TGu8vQCTaDqPmqJAhwEEAEIAAYFAkxn
|
||||
Ti8ACgkQs0ZPiWqhWUgz+BAArOWNP1VqUSh1LpZ2mgjMLCW8cPChtEKI4/RHUElI9r6BVMGR
|
||||
/35Ww1HMcayD+H7WZDXXiBqG/yPJJtmMfBW0xWH3dbo1pEn8IUZd6mWSlbhzxRkVr6AFhDKo
|
||||
4T6QVQQ6nwJg9aBveBAXGnsr9/PieQNsp9IyACxZCvjoEh+2TV6xE4r0WaPKGLai5qPuvzSN
|
||||
2efP1Fl6gtmoxgI0yiLDyMlQZPi+/jXC7qcae74qYFUqih1hAq3EaCfiUNCVCulAEYnzhu+Y
|
||||
qJorF+Xl3vV/i/NT09k7GwvxLy1waPAi93yekg/QwkJMSrvehxXJlPdkUXUKCsgE9o+1CztW
|
||||
iIK37utWFTnkApQaKUyHJA8T++ReyRXDCEq3Mu82ZMQDzsWRhJuWmX7/5MAw/1H6yG0HLxC8
|
||||
sGH64oduKWZIlWwjkox0pUrA/ZkEDaznUxUK0ay0exYtcPJ9uUcmXsFvxCe0SOGwarNKbEjs
|
||||
FkZ/lelB2LZprKk/10BqRg3AzPEix8IK9hRRM5jXK1ZDEYRGYw/c9VoQPf7eMpF52zAZ45h8
|
||||
UjL/q6oAg3egW+ddbsEEXzsAgpcfNKhN/edoUKhQd5d2h0S8IpmPMrwvqrRaRSlOrqMhbqro
|
||||
GQhFOV4+fO6zwkV0P6Y9QSIKibjZDS+QUZPXCLfpKRSYVQlkFwGVeVUcZzqJAhwEEAEIAAYF
|
||||
Akxsv4oACgkQ5E+AFtNjD4l5ohAAtgotU7QYfbvY/6b2DKShrm0guTeROOi1imRMfMD5Nvy4
|
||||
CazA7qm07G9Jxo/yFYHMaXXeG02vx0pSb6Gbx9Z/jtwrOALmtIUAajTFmcC1Koshn1KAlqtV
|
||||
FriWzwAz/jYIK8BL8Db3LCgGP0SSyIaD86x3VXm4JE04AJeAtFUikQwBU6iNA8Mue0rmdIgz
|
||||
vQ2Fg7qk11Nafx4xT7XU/K4BAy8U+6Ai4F8VPxdh94zc+Z5qVd5lRZ9fYsdzztYoc8xtOzjJ
|
||||
YzDACo6j6covoSD56gQi9htJzraPtKaWu+gz4P0ijZ/naX/hsXlOnZ7IQzaByetVgXoU2Hg5
|
||||
D6UN7YCrQ75TB+Q7Mh702dvihXCr2smUkBOBnEqKoxrLqLtrDYPLw7ELuM+bRzZb2nfBYzh7
|
||||
/o5hEG3NO1rXIQ21cYvfPSggkI1fq8kOsWbd9uIXR4iHycohZ9DsSW4iQ7+IwVu1Giypf/R2
|
||||
Fpz+cL6aGI5DKFRBuz5ucjyhJrl9wes8v1hsTDNAPSbOyd3I4PHa3N4gxWbFvV6TZfSwHKm2
|
||||
fot2bglB+n9otZaPBVnHdsntQsRnS6K7Ptft/EZ1zJvWJcOnAjZEtj62mbrP2bQ48r+wkWy0
|
||||
LbOoQZ20auH/YaqOO8ZdA3QGpvK2GCfYB6JzD3bQomsQWMlaAkx1wfFQUBQ5xtOJAhwEEAEI
|
||||
AAYFAkxvKsUACgkQfFas/pR4l9iqyQ//el6hebIh5S7ekU/6R/msFAmuluGh03OAMYa+JwUm
|
||||
YqXR6iGf0Ftw7XgYJt2NiY5ZtaOULtZe3zOslFio4KRAwjKgEOzSzEDc0wFtZnj0/LlSTk9c
|
||||
zrrymcJQCAgKKV4WTffgiPpzDM1ajaHxY0WQfYJng/5pVxWb6QXjtB5mupf4T1Yv2blWAKpK
|
||||
Fw67Fz/iN4DlWil21vx3FgpAHY+7JVB/129BnbdHtbzP2CiQxZ9PoQt40bhrinI4cHyPHcHk
|
||||
EPKBD6GnyuyIoPGYRsILp76rH9vWQJWtY71DQwlB9+w/JTVP3TRinXJ0BSBvFGNcP4hqY5b+
|
||||
8tKmSBPJM0umER6Q16HosZtI+8rY+4yvaHjtEIqau/AdBnCW/EBeG1YyjDOQAQzVdOR84PLf
|
||||
Nyz+eqeZI17fZtokRjTg41J2b1+F0GbUOTQueqzlTK3spWYrPgDe54luHoYmgVqlsj71Zv7F
|
||||
cWEf7L9RdcA7sqCQXpDggcOTRDVg+eR6eCLGJetBfq4fsX0ae10TRh/pGut8Vu6NTcFGw5c8
|
||||
vt74h+WFIXPknpBeKl1HcKUXTLJxQP5CDrZF/HzUaLYI1SaKv1jVm36gV2YZvuZQyim4vBgg
|
||||
V1/9K1EMgUW7GRnQoOpQP6zxFWnpPXPY3TDvdleaqeET3xET75mGgD0WIUreBaKjp+CJAhwE
|
||||
EAEIAAYFAkxv+OAACgkQnQteWx7sjw4tUw/9FgAffwwit35JdS4S0LQqmkmGXlMvfZEkfezj
|
||||
GH6ITG/YWri9QE0ktGJqyCbP9tnL3WCno8bs90tmrQyagjbp7EsADz8L36vbYrOU72mNHaeL
|
||||
qbJcCoztUSWAe9aPJ4ESwTXbXCkl8xE0fm1zTF0MLq3T40Qqw67oMTBygYqhb8zeY43bKOzZ
|
||||
f0fBLqFE8+LTZDEk00Ucc72M+W+J87rdiHUuJDFdAZbuAvBGT9p1YNkcqaRWSmgRddJ9nBTD
|
||||
a/Qe9IBnAXBblouKiVvSTGpcyAyGKJ9cPtaviCLRXk17rGli43AymorBdGPpliZmMtrInMm4
|
||||
FAhSoU3nwB6b8oI5gMh46Dze05PYkVVZylO4Vo2AILUkeo6tagy3t+BEFAmonnpluJKZkfcY
|
||||
/FvvoaT8oej2U13tXStA0FXMOJd9fGLruJ+yZnAFPrVHZWA3ziyO/u9iprB7ZjqrT1OM1Nob
|
||||
ZP7NwGxdqED3AYJAb3H97s4dMGAJO3WzGgHOfuZEMsH0/vIc3nWAkj9jsFcDxJ8uTVM6uy2R
|
||||
oIfBM3/XspyZvm2MBTuEJvwhXW7JTnxsUEpZ7aJQVJLT9Z8PPj7rPLJCkDQsdwBw+e0heTl+
|
||||
BspMqppnKw0mXmrRfnqGGxgLtlIRn8bNEp4K3AVuNP2iWp9rMSVPg0qLGSFgEH1DtoN2DsiJ
|
||||
AhwEEAEIAAYFAlWS7hEACgkQ66DGxxwAJW8VIhAAtBkHOqKPOA4A5MKAzWSIYAfX6FiUfFaI
|
||||
Edwqm5ZmxHItPQk+Ze8VN8jUEzzArrvGOZnctSZy7dMgT4WY+CNy3FUtg4WbmuvflcvCHlSr
|
||||
ontSVeFjxL8qhkBgUzaxqohesB899mszzDyaM0GMD7FKt4UisOV4K9VqhXKHBhcKi0foQKgx
|
||||
+VMD35N4+SqgSUF4+td913DNxdxvF5BKICwp9edYv6NpP/u9DMqG3lceVCy+rR3VEGTsFGNa
|
||||
HpJI0Sny797FR3w4k18wKQGaGwUtdMz6GcmhnDxgiV2V1StLloK6wbAVA4YY3BfE4l7XmJZS
|
||||
bStlL54h9tffDi0Dj1oJkSKXMdnI8FdpQEvGTGP9ARUz7MCxwiRzcJfOpfxATt3793o6fMLU
|
||||
2dOzrCCl+09bgG5+wls8nda2RB2RE1EHksoaNyz4OGpq9seYGe0qhNLN+lvIJsv1BaZNdD0s
|
||||
CaF+xbUGCoYQgvOh3DCiZbg+Ao138YEQw9eKE+Xifi8M36IeBTdq7S1OcRCwaDMmVchLFT5X
|
||||
AHmFeO3L3zCO1C95WmNsFg04+4avHqgOp5MolLSrOEvKTnFW1Ebv2BJizs45d28VAI/JhgPx
|
||||
T0w69M9Jpybd+Cbg93fHTXclLAPyQWXzhlfDPmKhukhSsG5JXIt0gyBUsq6lUygyWZcewBwa
|
||||
uy2JAhwEEAEKAAYFAkxdthEACgkQXTKNCCqqsUB3ZA//S25k6cAkZpIddDahnJxDIon8VWhe
|
||||
JzGmOMfb+hMbQ0y7xeCKRdNBa5yw3LKttLugofqcrGV3V6lmE9jWz5hK2we+ZAdCo/wXUWuL
|
||||
FJQW8WKY7hmDBwxROJ4jgC0LTgeRZhYEvhKpCH/rtSQuymstcTJd+5jkEE2FU1AOsoAOsaPx
|
||||
1DAb+uqSv2VefP/TG4sZ2vg0fdEuJd1+SiuTTLLEAnsG2yQT9brcXDvXPOckawFAM1KOwk7S
|
||||
fkYekg0iSA4Ii9RlXOhpxNcW/zZf3WuS/wrCCVYoY6OgH/+rp8LkBG7hdeAfRsMjozqtBYUE
|
||||
JwPSvLfRnG76neTa0DSi1bigpOMvHDIeATuS/hR7UdmTkSMwZ8AvQBOaSRHobjQwjfDY7WYM
|
||||
kvErANQkevWiWA4WshsS/MpEKxiUe6SGlLVeJZfX1dy6Jmh1WzswqoQ9eXQXX8zBltPAfKFs
|
||||
KRmf+OpHT94qYZsMhqAXOd51joUtCBmqeuzvdp9KM+R8cmuoPVqmZ8ZMdMbD2dQUap5yVxw5
|
||||
yO3CfGMXGPGfvA/8fOav/3MwWXUL5Zqv/ZhdjpP/ZNEB4txLJk1rIg4kjKrZxz2PggbMcCGQ
|
||||
0uf3SBZa6qXPVT0KbMjzvRKao473eNX2OPqk+K2hIYuZTVhAcKKuvN8qQu+o003Kzw1SWlLj
|
||||
1zrwaX+JAhwEEAEKAAYFAkxeUcQACgkQORS1MvTfvpmBNg//eJFnqXakbedse6wPpmk56CxU
|
||||
47abeG6ZCu/0FTwhwnagYfGXUKGTCepVjI/wLpevVeoXDbYmrUOT9zxqIL2Xssp/wz3Qb+HX
|
||||
deft/drFmb4XMrdUGwi+N1nhvPCXjWOtyUrzuYXnpCz8e0vjSfn6RpJ6qdgTs3Psyca9kPPo
|
||||
1Zgx29sumQMx7b0hcmRbSxNOmm/vGCpJKb43sHsYN2ESMCNzazQtpbt/HZ/xA/HqJCfEiKJm
|
||||
GUQ5rboqvhpruhbUFnuLIpGRvLJqE3kRm2iq1XfnfjXqUVbX2aHxNXcNKa601Yla3HGisEAB
|
||||
ILGvCRa12hrmh43EPpwLCnTOIB3Sejndl+8waKd0smV7Ox0oT1nSo5MHl/VtVLJzPnCX+EfB
|
||||
bzOepXJ5HRRsX5sHOTPHjJTOUuQvzfKen5nAu6iKsQnawpwQvIN1C7/OtEhqDAjWFr+eqG49
|
||||
bqN9a+EKu53bnXqM46N0/kRWXJAsHKfllki9e0bRKV5rIH0grsCN8P8qq5003cp/owAyySX+
|
||||
Pu9jFs9Hw4nGmEkuZPYXkjg3wTYClaPjrmbKfWXgVl2BjW+N7xU1yJZaAJSpd8vqGtLK4qz4
|
||||
wk0CrGr59EHPeAE9fAxNg+oonDQ7YcuDnHkVY7LNpIGXQkChrv1YgBzzAN6CFBI8GgG3C5Gv
|
||||
bYCj+NsHFyaJAhwEEAEKAAYFAkxlr5QACgkQMiR/u0CtH6b0ZA//atTqqwPfQWupcXoA/doN
|
||||
nXnBZDHUePFkCBan7YHitR0kPBVPP10dRfyd9ShKs25+DgAFTr2JKKk4ofc8ib+2SB4rTPIf
|
||||
gvc1h3GgtI7CXzuwKdcHojmOYXQQsLaxcQDNqEJqS6oGh1oHd8DQJTn/OiARVUvxi6LkioOp
|
||||
eE0KAkUOfZfnROz5E7ox2ImvMNvhy6VcD6q2q4E4nuWXaSVw13/MqZ8lGHRhytdrVLvVndSK
|
||||
U9EP79Tm+nIRwgqeJ0CttcSESoKLngTAvHSwVpiMcO9rLfWqYZB6FmhEjCyPl7hV1e9jXf80
|
||||
PLDihKscVEroxww4nflbIFOPsKP12vXuQs7cQr3BFE9yCowLz0X961WM2V4Cc6o6txY1MzU7
|
||||
FY7mFrwIy9b/WNLBXJUB+dpnKzmY38ECLJQ+gTxahgumxaNe0wQclIrkrnGLszOrIgLyVAL6
|
||||
/qD2qUywoNb3WWOHg6fOabKfTF3zBdzSYPNRXbhWNxt05EXARXRwYR/mkwpAdT3TUgbGlOcU
|
||||
hNAqmtzEvT/Q/Cu0nPvwXnJ1Foix6S+zrFAM8gs6zeUc8Q3k0EQvi8m54jILnt5QqYFSGM40
|
||||
FLgryKBF9hjwcPN1Hu1Qij8Z3H9MllV6Df36YSgKN1XpG3Jy9ktJcHvQPgHYVmXNsmQlmQxE
|
||||
ei/ZYehdgLeU0Q+JAhwEEAEKAAYFAkxsD/QACgkQeFPaTUmIGtMxgw//TrRErKK8vl8VnvHO
|
||||
8TK8KAMFi/GaRM0RKze4nJp72CGSrY5/bg2jAlS0hEKmSirlbLD8+U5/wWa5SrQT36AcyXYm
|
||||
I3weWgzNSvbCS3N1WnefhlUhkaC1PRMX3AI7EqwyTUX7o8Q8A/HVTgbgHnIKxO1y1EhcfY1I
|
||||
WEvA1wTR29928n63dmy03rKB2cJvQupGd/xRPXBx55h79NlLOJOadlYsUrk3B+RWBZHsn7xp
|
||||
wWXn+38fwuIFs7DJye3Eh1ceDootTd6wlI7Km8Nh0+bCCVbeInxp3THavrz1ohGhQ8O6AmPx
|
||||
wX7TN2EakX5mrwePFgHasLpgciOVRpDsaoQPF7taQg+d7knrrgbD9Xf6JkDl9/sxnlZ//t72
|
||||
eQR3X+CGQFmfhl5rw+h28FkPxrFO+n6nk6opm1z1n8FFjQnTzFxp2taqVs3s58ondUiPWb2p
|
||||
E8HOHQX9b4iYY5x6hrZehkSwoJOlwGssiJZSa9eCWs+yvJoJOG8yHunh48o91gY7kaqxGT9o
|
||||
K+2MzW/uwh7ztZ/ElJj4Vg4XTOqHgSDmUKZjA6e8Z1xuXoVT7D7axP0NvgIj1jjeCD1ncQsf
|
||||
Ay6tynZm/+Mz/PLwfe9uYGt5ZncwY9aKZRr8a9sUnaaIjeq7ywugKfQyxr1v4sjcQqELKfsM
|
||||
NLrvOMjw2eLg+3UC9p6JAiIEEAEKAAwFAkxi3T4FgwlmAYAACgkQzNLtlNIXOemGQhAAo5Zp
|
||||
Oa83tEIyfPOcj7HkQPTutAs8H+kgxzPMLYFhXSYKLPMsoH1TGMFC1JH6PjrzRdk6g7jmoUEK
|
||||
2F6EL5QpFFKFNVWahRWY49F67jryslVdeZKvFMEY0qjqsJ9nEBIZW8wJ/7BNvYmZxBlWq7PU
|
||||
0SKbbGNVexMagwctygY+mdnknS6vI3aom/yFByVcVXIdF52GJiAWA9nIx/poKS0ecCd4UuZr
|
||||
eQd+d+x/z4Bww5E62k2mB9d+VDik1kjzL7bXfPV3+bWoyBmfl9zEYgNnQ3ICurKztkRmu1/k
|
||||
1+68wHfU/0MR/1nJ9DkEfBi9Z7T3shtCiU+993wSHPeKgurkQwn+wzkthCNRNs3kOwee5Whs
|
||||
/zD/dyZgH+lrJDHmW6C8zaa/K6Om9+AacXLId1xjQpmmkO83Tkf9qQvtC/UlocllGxHo3hAJ
|
||||
dfxONF/jwY6Zs8NvRWPuswTEQOLCLeww5AhVfapOLBhcG7xZEye6VLArPNq4OsD2b8NyCd39
|
||||
GxtBdxR6/8OQbGoEmrYf7aGS+ga6oygj/+ut1M6w4YkQCbLd+OjL2ZUG85tALP/1KdCp1pTg
|
||||
YW/TmF0BeT7ICa/MmZeYyO0DUKqvsbH7Dyk0aiYgu+Gm3ob6JNC7MGadUkWIyjLUHkPNmnXV
|
||||
rGT4KAkRtX+cQl/R+rR+ewB6RErUtCmJAjcEEwEIACECGwMCHgECF4AFAkoHaOQFCwkIBwMF
|
||||
FQoJCAsFFgIDAQAACgkQRJdSeLhhK13PHBAAiyiTX8GMp3CgLyIiieHJnBIQS5fxBICbsSrO
|
||||
j8OHWnNAVwkiRbtXZQ2g4D4NvyGBuPN2hskjuGOj7aCsqpE4Ln23RfBTAI3fF3JgMGwkqWh3
|
||||
9a7Sjnw8DwxqaHB3zfs2AvPnolSUNyzc45VslNsE2j359UmvwZAGpqN0A1GfobFMWjmt3QoD
|
||||
q58C8EyFOWx/Mzcl0qUrvGRbQjQ8najAYugpBjdRZ0MzGfro/pmoETJnTgrZimHNXvDtSTmZ
|
||||
HTVYYbxj/99Iw5DeYschcK0yvbPFXGo12ndRrEs270LpOMmBpdBaW8bCj2uzATQLZbuaM/je
|
||||
py3bzEFcCHUMkF+ekIf9zp6IUkSc2B3kkbQmVJKxOeiKWzCXvuu6pU1nRqrG/565CRkwWWol
|
||||
p4TvlktQgHSZ6CoIxzDnYRE0eiGpsLxA10nE9VrUCjME5a+AYLQxj7ztDdDfb5r9Lq+1/bUN
|
||||
gtiiQ0fbaNVXXe14+daezFw0sCGB14MWSPQz62rkG6piKB4ZMilRijiicWg/k/Rvlbi+QzH3
|
||||
PGhqaVOV0JpCTfh3rolf54x3JN3bdlW8wcev0DLPJOAuhv8nXoBBdilH999RH0lGv1NzbAIy
|
||||
7goaG+XOe/fmxiZwhUQhmTdfFnXEtR8UL9/7+dv9nfVY+kIZIdSN+Sa5+pGs7bik8dfi1xy0
|
||||
IkdyZWdvcnkgQ29scGFydCA8cmVnQGdjb2xwYXJ0LmNvbT6IRgQQEQIABgUCTGvvxQAKCRDV
|
||||
ypsE8sQjvNDlAKC18LdtboThQEnkx1lTvZZSZfApWgCfdj0UAdJxB9OLNqm3L8ukPYl8DW6I
|
||||
RgQQEQIABgUCUJ/lDwAKCRBw814kbVMecylQAKCzW0oYdLbYjN2+VkMFlr9WWoeWugCfTyfX
|
||||
Czqy8U9NJX0KMsEsVBmwB7yIRgQQEQgABgUCSgdx3wAKCRAyF1wNwQJ6DvPzAKCBblkNp8NA
|
||||
k+lQwKAeqyjGAr+kawCfXlAQCvjXpRb6fYYu9X0S4r3gdfiIRgQQEQgABgUCTFxxIAAKCRDh
|
||||
VRfyKwkgwGBWAKCXP+R5VvROrrh366WPoeX552dN6QCbB8aK562QKVhd4OGwbqhHAJzpE7KI
|
||||
RgQQEQgABgUCTF0/KwAKCRDU5e2swBQ9LSl6AKCpl0Sd/zaVE+rXCmCg9lF4Z/DyJACfVE+x
|
||||
FXdayyRPKh6cy6g1x+KeMQCIRgQQEQgABgUCTF80oAAKCRD5heNACvx0dlAxAJ9JA62AWyTp
|
||||
1xpVLyxGchSp7G1I3ACeIJGHywtqpfbJfG6YiFjt2C5uVVeIRgQQEQgABgUCTGdMoQAKCRCf
|
||||
ePg86MQ0YfqTAJ9hOim0VRfs5+pf6rsMNStUWZXksACeODXRe1BY90f2o28VOFpxoDQMhZmI
|
||||
RgQQEQoABgUCTF5RwgAKCRDaGWI3Ajs/T8IZAKDCaii1ecrI+HP8NT7zero94/RE5QCdH9zl
|
||||
k7ui4NR8EuEegYPvqFw7cI+JARwEEwEIAAYFAkrbZ3sACgkQLQ1auHwlPVLxQgf/Y5PQaqBd
|
||||
FXEs9QkD2Ei7WaD1AZkGwpICpVmV1kA724sJ0uXgLavd1E9NtjhMVKWYwdjEl2556oZL2i/H
|
||||
XfRz+VgRcysjLM/ICcGDxy6OygziguJRpwBWk0xMowNgWFGIDvTt+Hlc7f5UnBrSE4hGmWHQ
|
||||
9Vxc4qFiADKL5IuiLssYgJY31xkwSyWcEnUe8WolOb4BOX7SLuuTIO6u/Ud+Zh+N3o2amWBn
|
||||
3l/OBfi2lM/TTrjFEiJ0KOfyutiGV6a6/SkfGKBzhgdzWj4M8vIMthxFAapU++3WXF7qNQAX
|
||||
f50EN2TKXKHgmidfpWFqmbPhIkEaoheUYYOCaiaXY/IKgIkBnAQQAQgABgUCTHaO6AAKCRAi
|
||||
OuBVvZThVI98DACKydotmw0GE4sNu7CHhGMZJqvSu2MSMK7IyjoShr/JU9PO9yXEB6TQpfLw
|
||||
E5b9bso87SouahOJV+bYvBaLx7JTT0awNSMRxlGnf4il8F0FOcl3RgXpgv14YxXxs8KJHLV4
|
||||
GhHRwVxzJu8hdNltsTJ7JjJQS3kUYjBpIfJlyp4yNvZvUeRQJWTs1l31CkPwU6fXP6pxCP7s
|
||||
loh/zL1zVGY2q0GrTkFlrCJIxceiPNll44Rl4PrIMTmBQHVipToRinsrFbyD5QTAjiorVol2
|
||||
il078fK2IeavCxtRUR6jTiHx4/IWqt+kPycq11EK4bFMKQIAJeF0aBoAX4fWOoSPIFWI/Nz4
|
||||
m+EecHCk5frctfxNV6VAB5Lf4XwjEho9HFZwqmSQ9snMi3zrEZnhnrCJ1/Gs/ALt9vu0Z6d2
|
||||
ZoLFgxW2hdOyaXrE54rMKillYoTLZ5d8+uTQVoN8XFz5SliSNb1tu1//i8U9Y1tpSUUTD87G
|
||||
SuNV6q49gYSeDqZ54EZEiHeJAZwEEwECAAYFAlIqSIMACgkQ73Pm2lg2uBpHzAv/dOSlPdQx
|
||||
6o4MrM1lB6imRf4KPTmjkIwnO4N5iFrsZch+BNJ64PdGukhuAi1EXY7LBJlXRO9BPxdJI6IF
|
||||
R91ELvM5VzNzZDdwZVPDV8wJwkpBTQTgNJXCjETePf6adpQ1ORMm6Kg40WIH67BLBN993Bfz
|
||||
dQbskas89BxmEdqaz1eGDaBTHO2N39jOG4vTNouatsTsUlDxCxNW/razg0uLgMPpL8dJpZ0B
|
||||
4cCi7z/+r+OYrV2DQlJo6Cc/vieROA2ElFa3p9unYRcuY4Mcn6Hl4gA3QnuQDsn00GPDTqBG
|
||||
OEvhjcrHghhB0WzxAu+lc6te4vOTS0OCVTWMNU/ROaG7x8vQSFqaNWxEigkVlRDofxsyGQw7
|
||||
CxNS1mwsYAc2kbA84N4OxMZ4sHkLnheoVjUYaXz3JmLMnlA0AerkZVQRfzm/+rlEwLW79G1G
|
||||
tsVaRP0WmG9/nNZXAr2wfD8menJAIV1lB/pCSkNlHmEM4uGFAb1lA/EENQS8sz8NvvdvLNYs
|
||||
iQIcBBABAgAGBQJMXHGfAAoJEPGmm+QpwP/ujggP/1V5FTQ8rwB8uw4u7Zg5EEta/aM4E8Pb
|
||||
idUJ8KDr6p5Zad+hGWCPKT3nloPbN3iaYXblmxDuAYhHl1neH96tWYU6vygmiR2Xo53y06tY
|
||||
EKQbdIF3+pfOCSFh9NnFlAqw72cMWsL0VqSoZL+SgY4IojwupFWPNIJbB0JaOSW21kFf6/U1
|
||||
juAbtat4J8+l4j8mNgWCUeHBENN78lYD506VIuuJRlsWiUBhH0unzY33A1BoJwyXo0TmL3wd
|
||||
0g2JIGT5sJmpeMkMlKminVjZCcY7AzoTS60QrCj2FCGBtfbUOH9OQvBojWOPz7ALmKj/aOl7
|
||||
3UtGnvlscJPeilteNQFWEib1e85ufAG0Ry1AEDtR0GsdARJhqiG6jRn3v0lBxfG2dVWbHrFq
|
||||
a5FkUm73c9r+xjDC5NquWhd4GHyG3IgVPMvkw8sciL33o9A/XhNdjQiZmpok77nswvbuNOEX
|
||||
diQVnHcylh7bNaoXR6+3R8FVA/TThpW2EjxIg9TwAPfJFKWV0SWfyJSOZLFOiEYDEqBI190j
|
||||
3WSJNV+p0+lN8CDu8jFHxehsTGOAALCSQq0mZTKJJh0GH7d2YD5BV9isUvsfne52GLx/xmoJ
|
||||
+cKJfszaWq2FoMhIPD/tnVYA/LPodylTRC6/8C0WIMR0eAaF+ByCoU7aEMWJDEJfX2MoyQHa
|
||||
fBV8iQIcBBABAgAGBQJMYCuLAAoJEB51mnJqn910WK8QAOJQVb/ihBQC0IsBpJwKyOH5B/XI
|
||||
jwE6BeErvO0rnmcYTr57AXwKNYxOvtIV8uS8gFzfaZJM4YHsF5BNToT3l2UIrWGK+O5nUL7S
|
||||
UM32plf7QPI/NSfyCtBxKWfXgbFQ8X/oNdwq7HMzCtRqZDoYv5btUajFsTP8gykqXqH9Ry4G
|
||||
hCFmnP0UNUWwTq4D2/bImt+iOOw4C7MXyROQ8aZd69aUsAln340L7rXz/yGTGvabdLXKuVDE
|
||||
QJtiZ1m/bewAw3A7zw3mKtMAA8Em8EJuTfmFvVQEpBBdacjwIn+ZpSzuY11arLIWNp78Yegp
|
||||
mFsuCANZDr/V33Xxo2Bb+4cbuOzSlXw+mOx1WYo1Fkj5Ga2IGkTbijqByIPwnCB03T/3nG/u
|
||||
hde1SS9YGGNL17Z2qDOlNtufKsbfPJf9xtiEN1vJ2cbOEDD+WbC2nvJQju4t4WaX06Kyok6b
|
||||
HPqupuGSOaa9VMYk6TzPAOG9hzcD8SBjO6S59z/qtGNqKZOcTWpeXWI/4qdvWtAPmafB4fVt
|
||||
2XS+vOwn1c4gNQFK+nCatlYywfuKxoQqGC+i/ld8wuniugtOjX4XbK2HzvuKMuCo0z6x/7Nx
|
||||
pOJAOf1jgWuQWruIt5VEULh56mhglEV1vL93aCUxOE7kKAcas7Ojbve/EQruWlFbzxJW6VgE
|
||||
1ncxHX5yiQIcBBABAgAGBQJMYDc4AAoJENeITEcY4Y9ExdYQANMHDBB1HSdVXEmkfVjMgW5O
|
||||
BF0AphUt1r9ptI6NvzcuJ5lFTIXHDa263UBRpHb65EgaHYqKC5LKLSXmUoKXcTU9fBLWFRYG
|
||||
N11qVpdoO1WSD7R7U7ZDbix76ujLCfOtPlqrh0TzHEzE3U22X3hxL+rHjDbvrLQuEhKbVYaB
|
||||
WaY1THCJjB4SA4YcWOXUNNA1i+baXlDw2XKqZrEriv+zARTxlF1GzpXBoh9ymH9TsyPg1dg9
|
||||
BbzzGy6r99LMMHmt/kB8BrOX6BfnzeLwSmg4VZ/aUWSAKK2cxbvmQFA5HkuFJ2sUc2VXmuPR
|
||||
DRY+vurz9PHMF5WZI8ait4/2m+W4zvsYZdgOPPkGr63+DVKssczpZWSq4zX5Ykmd9e+bsCUn
|
||||
E9jAI0iH4P4SKyFt1IkRWMAaUxQjN2v5/CIyydaavQGKM7AB0CjZL2835LwqiboOmptxzuWJ
|
||||
5HJM5JSqr1HMHP8vokNKcbrU0taV9IuTuBjPl198TR1vxPhHYcACIt6TP4wr1ApAsax3yoDd
|
||||
T/KrmCaczIeX6BmFFqXjDM/azhpQKIyFGgbDzrRAQ/CatG8Vy1baA5uJIsmiLxc7imwtUf5r
|
||||
uJOlXSi72uQd9eBx55mlt+zNHbrxULPYBIL4zOe3g1SXb0leZsvPjVAWcj21AgH2QJx1IoV0
|
||||
POwfFLEVCjTxiQIcBBABAgAGBQJMZY8YAAoJEBPAtWZ6OLCw8NEQALA9UfSTm/Zqc2pJn+nN
|
||||
q4sfhPUhYlTUxE1D49FzF4GmUHDYzMlU8VVZub5LahrITDINOIidmf49wXc3BcjcEKCUjND2
|
||||
aL/0JMtyMMORH+3g/Vz8HvktL3EnOiTw+Z9p1GNbEROI195VIWwNRjU/EYv78ErcrQ99MzJu
|
||||
O5yz+Qibp6JUSIzMGVTAiGIPzdJvnbd9JQXfg+fhanWKIIzj0dqNmH7tqYuld0K1nD/5cf5j
|
||||
o8Gc2L8GQgIStjUF5OwkElnO45iSYz4rgw2PfHVQBX8GsLBGRhKcxUK9psNBHIP0eWUk7sTG
|
||||
4/cbLgkQow+u0ryitmu+IJ/Q79NUiRNrw6a0rf2FUY3Nh/AbVqLVdQChKrxGtDQuJtpwh+uV
|
||||
RYTmc1rPmyPbsWj6xmgfvkLgX14E+5EPx8H1wyRsRpBPEW+Wb397I5eEt+gCEjfjrCprD/xX
|
||||
eNSRMdOT9NVG1HJ3wmeTEddkpbDNhtY09ydMzS1O3auJReh0L7ZRn8gPmnXk4EPamDNzY8N2
|
||||
OVByXKEPhb3bHD9RCHEaSe02BDcR1nbpbVAX3onquvK4ejZMuZIXXktbBcnqHz+zbRGRyoQO
|
||||
Jsgh6bv3qun3fer12w22PJ8Q8ifhAmcS+Lhadvq4hskVprr5tRmvxHRKPgZF0ZqGOmqvikyV
|
||||
YhFvZabdkKACAYCZiQIcBBABAgAGBQJMZsf4AAoJEBwB9EPJyTxaJbQP/1OgrWHtcJ39T7gf
|
||||
wh+3lbFvmcQ4ggc45PfnM7jM+OZbkPZOMnTmXgDXIz+0SKbPUVH86XPbeZAXHXavtIFvqbPC
|
||||
yC284oQeG0gzwS5yxygry5jj0fZmw2W0MfSQWEuUkj4HBkqEhgXGmbsYhCbbN6+O8XvBvIvY
|
||||
EIYO5a7wSzi/21NPuG3hcGMFV2yzr6p2FtvXfO5biWGcf0yvkj0YeBzaCwdty4F+1qGAIHcH
|
||||
oPhXCEggJKZtOYVZmsHz6/6RYghmRaSoGoG7Jj9+6udgZCycn6EKPVTE+p3tMiHxJzviEFRD
|
||||
Ov6iNBC55cFhSbMplkW7fH/M6rkW/e6+1zhxP1K11gwNTtoMJelrePLRpf/w12lNJl9jhe6h
|
||||
fw07mluEogjhXLVOQWSFjz3Y1Tfb0ez53ev/ooucvk9XT/svl2UM/K6RqyWYl1A8KCp5OgW5
|
||||
nXzRZ6fc4Ht9OY0sxMNLTLZ3enwrVa857n2VrnOgRTe8bFqNSMcR39QMAD6h9qmJR7cNbFKn
|
||||
IyQQiOtKCDFbZ7wyMroepw8wNLXPlvtMvS2zSBmMC/gJsdZVHK0u3O1Rpp1Jhq/qsve7D/fE
|
||||
NhHih8FBKPH1YXUOILdR0zDkyBUdXHBUpZlcRovaznkigKX6LL7f2SbXZo/jO0L1FHDhYQs7
|
||||
kl7OmWIXh8XW4m0ocB3IiQIcBBABAgAGBQJMduUKAAoJEK8ig6p24qx7z1gP/3wRRaEX7n5p
|
||||
oZUnpEcNy3ZRQPAfVAAX07aBSnTuHzuphX0smAfJu5fqEuYP1XzBUV/WSxuQ6nGtFoVSLEpg
|
||||
W3EX+KgLUGEv7Y4NI9LUNd47CNcZ3Fo26hQ1ur66c0asuLjseHbHl1aYwRgOarMy3X8JO1b8
|
||||
x3z9edPan11kBIeLpjlBnnScZVB9EB2ezptxaXvyvyq/+SAfRMnGKKO6qx5vG9uK2g7GOPJk
|
||||
dzS5LGeguixNjh7pN1ewiSHO/AqPyywVGYiYB9dnVWT0RwCZMXs3YmytZHfc58EpmKDoI19W
|
||||
MFA4Hsdgwp9ucXJMfZZ1Xw0i02fJQKs911aw0dF/hVjHSOQfVAiNvBFn8u5l4hgFG3JkZ6Yl
|
||||
rktrC6HThK3mo+KUNlynB70xSLXwxIHYkQUTxGr0HqZgRQJL03pPqk2Y+Lx4ndu4g0YwnInv
|
||||
1arb5Yfg/y4IJ6GDY6W6gvPP4wUrxue1w6BwqRwO0rD0vRMJtJqzoIRNCE8aqtQP96OmH5iy
|
||||
xAQo39Mvz5cntzaNMV9LOm7RgSaBvt/hLwxfhG2KX6Fca8hAXo0Q9dg5FbHSyLxF0mSZTRpO
|
||||
NPFzMz5zc2yUpjW3Holt9+5n9pzi8EUVwfNnFzijagzbL9bwuyc37M9wnPp5x2wLx3MF2o/3
|
||||
fNzpyo5Lh+IH7efZcG4XnUsYiQIcBBABAgAGBQJVcaVQAAoJENqCgw48zDo65e0P/2RDhlCL
|
||||
zEUuut3KmGhBmPbiTX7CnpwFhatNFIb+C1EJ2giPmmrwn0O25ED8dJFC0GhZrwNatuRzSefI
|
||||
yc75hGrTr/BFqRLAOD4xfMqOE5U4+z0frVTyuxB9Gdr31EmZ9miykKnfzcz1YY4MpQtzQOWj
|
||||
SiYFgjofwcpI+b5MjnqG3T8q1PzONnvvx7BrXt0lRNqL5MyByaV51CPbENyhWeJMu5tX3hAR
|
||||
rsuWoBP3kw6Df/ij5I71EfO4vD8C8F6AKWt8mBjyOfIpDmHkxNU0HYrmOnxzqXGqHTu+II83
|
||||
vgJOurjZ7TnqEe9jB4XMNF7w6+SPL6u3bNfzH0KPpEjzBV7jQKFUhllkRbcf2PeLnmzex3+U
|
||||
pEJjS5HLOkJt3B8wyANnZB358921snsv4LVJmgx1aVpeYWNo8vRgzKRMZT5Qk3ckXmuzHN3O
|
||||
FGKwLJnHmnha6rXG0ShlYjNY2wJjfmwaed4wU9k7T73tFbzoWJ1NXP37iQuEnOINVbNCQdfK
|
||||
cvL/82Q3LcpiapN1E/QYdfYjNju9NVpnSFICDEEYOfvodDlxbEQegZdd8zVHayYQJuc62sUd
|
||||
zPvMYLvQTq+x5tk1vJD+VSJ1sAbVZ3gzAANyMyYQ4670RK9H8z4ygxa09lAunkcJ3cUHRFat
|
||||
JyRM/u5NYxmCxxL5l0/UqOJg775tiQIcBBABCAAGBQJMXHEzAAoJEPEUCEwIYRERgesP/1xd
|
||||
2SPeYmC5X4OpUDsbqQoe79ojCbmd+2CoFHm+GM0WbtJHFi3BEJcVW//QNQJRSE5dKXCHtIDb
|
||||
jDhzlTKYT4q0f0p25mWMJFOXqb8sNiorXXdDz7k7GwrRZFsi/XlyiIrCwVHwLpyDGkY5IPBz
|
||||
p5JMXuxViM/TYn9BIX58rP7eVwAcazSBIs+QpAvUi4pfxNdPhrHh3Pczllxg6DamsEPBZsjM
|
||||
fz7pJxiddkJgAlDpIa8C3ZX4HdMnoPZhMh3JHxry4CIceMC8BOuX4c3GyXuFkKTMJSlRViKG
|
||||
57WyN7eQe17UZni23QLifLYD7V1r4cY7cWj1s/qsGtLsvtuVL2brOvHeHVEE7s6dWpQea6lo
|
||||
jLtlWjNXvb7WQ6XNFqpal5x7MG95QbBKWGHfifhVt7WrDSW6kbouXYYEgRhSZBkPPjSZXTEv
|
||||
54YkBVwCsb9fykKLOTy+wyJ5Ttj1kxtrMWsaofhDYOo9OtywwKL4AnfBMhE3NcrZ5Yf5MHHx
|
||||
NK/A95j9p8/HY1dKSHNDRub7PMM73Xp0fc/6cCyl9sTM9SFymKvvcMFChRcy1ZF9kVkXP3w4
|
||||
ZzoJz2YSTK4zIRY/Qqc+Z+BhX/rRuhwiILuCH9hXhhvBx9rKBxxKcTw1Gl5hZ8nP2CGXNkAV
|
||||
qSXL/0H8hschAtxw203KMvqbpSq7bYkniQIcBBABCAAGBQJMXT8zAAoJEIcvcCxNbiWo+oQP
|
||||
/2mKGGHKVA63SdyOkyAaz+mV2y9jIw+0hf2D6eoQ/OJ2l6vQqc4atQ9NsMBH5SKo+kPLhfof
|
||||
NcO6axy4ngb27YK1czUS0oyF+Vv618k+1WePw4Kh4afVZGrGsHBiv8DcKbeAoEn3gVORu5UY
|
||||
ElINIsW9ZIuIypyFXhV/zf30zR8MOd1uuJjif4ac7V+n+O0GpBgzCkKZoCdO7NJ3QH7RmpJ/
|
||||
TYAug0UMY9YvU1P2ffTvZuHxdY8adJGnieFnsLrO7yYHlva6Y2T47m0QwM6BXe673hj45H7s
|
||||
rZpbvNIEyRiXpucEm7YBCboiA8vBTjXOo8D27Aa5MoZUHF+znB9gRKWKUnkCyCT409yo8qJI
|
||||
5uSm5LWOa3Dsje3jlzfQh0BVLbq2f/g/kgm06Sb8jWzLYHUvA/+K774sOQu2gSG0FkV8BQJc
|
||||
M9RMdImzIMpNpV9JYOWZCzVbTe2ZzzZuNXQJFG7reuZ8SoB8JyrLEqNbfzJ4G+pNbXZbrSA3
|
||||
ybMgkaIvt5xDujQSwH/we/V3W296WHmVbU1U1W6lfW43KbOXriCrLl/j6qiy9ln/gkVc/Amx
|
||||
Mh2RC5bKOCTRJ2TgPms2+a4tSpOrqapcpa0OnZJJTG/sifz9/3eDGPTKoVkN1fYZqTp+0s8m
|
||||
NohYO6YMJsuqkYNr7UAHOTE1p8nhrq4RQlaIiQIcBBABCAAGBQJMXUTaAAoJEFOUR53TUkxR
|
||||
rf4P/jp1G3yjSGwglzqEbvu4rzO6LrC8ZqnxOSWjKd8xN/CIje6naB5P3gRFLphJaDUgnlpx
|
||||
nQYODkDZlMPsSmUY6+GrM+XDPIEnw2Yp2Vb6OVTSeDzgpjgNsdKptNGR2ENFpC5ReAKEKAUy
|
||||
7bLcraD04IV35hnuHNevjq86VO+Dev/SQ2NJf0NrOuC3iW2YA5SEXcJYGp1vXAZjRUprOnxK
|
||||
n/e04kTTA4b3cKzoEo/bQqk7C+7fLG1vHziDDPszsZ09G7eAhnhZmFVTk/jvBxJ9ra56Bo8l
|
||||
ArknJ7A/LHvGe2SEd9MVcoKIHGpM3IPhJldZiXNeyz/HuUA+xKAY2Ox+p0vDlKUAF/koME7u
|
||||
2wwx4ncMnRdbVOGNGDJTJhJGWk3VIUsicbQQ8M+wKnkJmLNI0ZGWdoNADdIR/xSIhL8bUaVu
|
||||
PC8amQwK3VD7iNRcbNnIw0+Xbzev892lbBvav1Y/V6G9lBeS4KrLu1s5h+cmCq84RlW3xCzY
|
||||
B3yZhWUeojvuplyNKPApJwkjWXGC1LK6VldZzYksXMb+9JxtoE6A/9F++NKqEmDilKl15YFV
|
||||
Dy/beTjoSK1+6T6RrTKOPt6kFu2460PTa9KOqjpQ60hxOn/YpyAeEK/MtRuBjAT+wBCIX+NY
|
||||
UIxHNX3mcl35l6Gb1nYtL4CxBG4h557CGM4s65IJiQIcBBABCAAGBQJMXyNnAAoJEHqPSei2
|
||||
NIC+Za4P+gLihkZlHwFEM0pNSR9GoL6OsaEnsUebefwcLSrX10Ee+5mpODki11Sf1flIWJ7J
|
||||
I+2Gj7U2NtFFXBvzNCUDN30Xb+QJBSU+pgJERtXThl8hKYuot79wg7FclsIo9P/NEQ60/tji
|
||||
2iSQ/w12NIApczn6FmX/xVaKafJyf/QRnI0mxQvd5w7JEoeIKvaUVjt5Zz9fUhTiM/9kDCv7
|
||||
E4a+PuVP7nyQdSCoduhFYQwLf+727mxtdLjK5OHXl1jYx5tcFdTyumZpB7bG/R6U2wb55kxd
|
||||
iAltk4U+59p7NG7JSu5Lnexq+p5/281vVH33PrIINuZUhmpPovFNeDz6lFqEICQvaiS2STte
|
||||
/BY6yBwIDx/1nUhiBF3yUU1TOQrtQUfRjox4QRj1g8YpGspsUXagBltN04l4tev6Hw8tCn7A
|
||||
/f/RkdQ/7U6N24ZP3BdBx1R9nKvksE+C+v5QwlqpufU8Zaj1YpmPBn/yfSzSCvd9cE8pa4zO
|
||||
KujACMEsPh0c/BDoiWsmxKLTzOoeKGwl15x6x1Y1yTKOLD0wXXvEM0TVF3x3RJgvpdnvonN6
|
||||
c7URWq31zKcISwLOKCK1c0UK7hyD8zFISiPChiUUdGicZ1Jo0me+xp7R9b2QQnwVj4kO94gY
|
||||
maw/3ouaDqOrU80N5pVC5vC8XSp/iGAY8wR0fc0qsPY6iQIcBBABCAAGBQJMXzSvAAoJENFd
|
||||
MTiCAEFz+XAQAJo4XauT6qsxxS3i4ADlzeesoE5g+QPzg5mpVP8NA+kEXqLuvW7ZZjDzMClh
|
||||
bpnhT9L6lgMdKOzODa8PzMMe8lMlQtGQsfby9Jy7c15wFwO3YLr0OesnS0gGMV0cxpu7XVmZ
|
||||
ROPqOn1eVk25eaZHO3dHrc4ve2OMP3ZG+df3+kwQpiMgrl5x+9UHOWfqEtyT590yzofK3FCj
|
||||
qHZwMUt2pYeCksErljI2hmrKDqp1zVcjE7OoQwc6M14i2HvhYwAtvEJTuqyIjFZL/XzGS4La
|
||||
2q43fiLlAJalwlvIBEtRH7E5qWJEiS8gs47+Qcwigw16RhVp0FxhD7kT1vHrCoqwMFh5ULQB
|
||||
fEYVQVbfVaXU9vL61LOvPfnE7QVCMnREwzCyYlD+FonI/LK1pqbzXgEJjh48rXEVuzic1G3Z
|
||||
zipxiAbJNattO5aWuQjlEQv1ykWGIwh5Fa+LEQ6Idcxi32CsD7FFCYI4dg9GpZwM0NjJYrYN
|
||||
sN+Nl8/o96LBGzCsminV+M+jXyGN7S08DoEyuuoAwmiY/48lAQJQChMH+M0M/UthALdcTooe
|
||||
epFC3AiHiIaKUouRyqo60vNbAixbv1olxZpu12KlgCAg/ra9VcYjvt48msQTtmDQLz8/aY2L
|
||||
eoFLm4L4NMqIQ5Dxywqen1MTKkk6GIx+7pAJH5Z3izmQJEYpiQIcBBABCAAGBQJMYe5MAAoJ
|
||||
EHA3PPEpDbnOyQgQAJcCcEi6GZBjFHjNE3N2iLVUMItWSEdx93NabuJi7FpuhorwaJphZiYY
|
||||
3ehgSa4t0/gNzkRkscCmbzjAr/auQsS+iSpINgCKUJ+dwOO7t03owH7ARXb4gmWY58poL+J5
|
||||
ZgkqDok7ZtW09G+OenTaAccIpmb1IaGHDASwZ74EuH5M2P3iP42h7Q7Slhxer1GVloLD4SPs
|
||||
8W/3Rslwh+/ccYfweNC3gLvU1q50bj6kvO6OWemcI1NAWtxEDTGjsS+BsXBPlYQRF3tqtoQF
|
||||
Ht3xUKlGjHBO0DYymOMAlQzXfW7uqUYenrOXmOV048rqZxRtSdQwlXUHyaGIuyCRWqzzqYip
|
||||
ArtquhHSSKedxe5wltdqeB9G/D/zwHR1fz4VFkECxRp0rWnnOnWJEp6+uxYPiIV/36qB7X9d
|
||||
NFxlt0Vu3vZZiXgo9RMLjdQdYuBBJrshlwKkOlYPDzpYjHWmXJjKUIhDTqD5Kr2CTw3TrRyu
|
||||
mHevt0nbqlnzoHd935ZssJdbYGDC+F9aUfcyzwJN+CH34zKz5gtteGP48DewptBF61Dyl0Pa
|
||||
rHthrkwMqdZBA6cHE4lGpvrGh3GXASqf/rtAHwLM4brOhtH/LYYjvO81wThRmtjyjmSsokSl
|
||||
0p496fHxPDuGr7kbBDMtdfVdty8zJ8IaWI11wTYExu/6VgY9dlhuiQIcBBABCAAGBQJMYfU5
|
||||
AAoJEHcx/Mxj5OJ3X+MQAIdfUJP5Pmxv6T+yNRYSZ44Kx6cJJVvPtWkV+h5gx2sY/uTAS4/y
|
||||
oiBrtnxilEr1D3MbWyElI6jZPlDXxl/Jx42kEEur5BkVOFmAmAJYRork7qCds2RAWGnhqlNH
|
||||
vuMIz1/PfJlcB2hS5qo+JZLxTFk4ltOTUT6W8ENacKzcpzWGeQvqG/dY8H8FL2hnvNLiGITY
|
||||
XZY6hWGvW5Ti5xzIBXj7QN1C3WZAmxTOt9C/t6PHHktfC+MNGN9zQEBAn9MLkE80oSwEX38q
|
||||
/ukX1RpXCUTZmxIbXOaLc6deaTcxjJbBOX+YE1dSXrg3KxhXg1IUsMVBhQx96p+yhTUwznfE
|
||||
F3pZQiWZhVP9/qGa56tR6pejRM8nfgZaLNcT7nVibIk/7Js+fXRYp5nWUKf3f0BoymQss9MU
|
||||
cQLFs2Dm/l6iX1gFUgqoiOVIAX8DRc7MfJ+UTlHBOMGDKVok9nVsZegQYe6P/C88vfFlI1Qy
|
||||
fV4KAdAb4YwD2HatpcjDcX5TRX49mD+pmK0bx4+L3toRG6W3OPvTcsaubE9peNfjwS5L6CF/
|
||||
M0Fq6IhIUobcDRjmUNtiXk77WmI0ZM1RiaaknHHCHXGQgS+QPd82Htox2ndOwP0ScgbqlL4D
|
||||
LT3ZJqRJVWgnWK/n2BrctT63KFAZa68Epm4v0GZtTjpJpL1DYnUd/J6OiQIcBBABCAAGBQJM
|
||||
Yt5PAAoJEHfG+0Pj0wgkbVQP/1NGXS+oar0Y3GuQZ+HwYq4t7Sh8CbCIZlei01oDcC95Fl65
|
||||
HtTZJcd8RTPCkTilZV4orC+gHppLVGi2GQdSJ6C4whlnliwDtgU6uJ9uuP6EKTsGh1jAoTlq
|
||||
eSDx1n8/F4JG6A1xVOekZ8NzTIfpfdFlAYANe+z674ZrRPi6tL5euQ9/iJpi//bZJMVvmttM
|
||||
2QJ+XxNn/CrGKGZbA1PjBYYol3s7DjZLhR3IhgK/rvmVCo+0waZzPqI0CD/axU2OXT8B4lIG
|
||||
WvDcccX/8p1tzIjlXNNsDV804c+VtUVX3jZMISmVMWLfkShhnUEhfwi5CUNtctL1SPlqwvbK
|
||||
q3bxZjol/OFu2KbW1IjhZ2dJ2e1hQ1V8jUjSYQ4xdDDwzS/Z6EWWn7cLycAR8xF4CQd92hCx
|
||||
o5AIgkQGG1R6iraztY5H/fdhXjzySby6q9Zvfa+rw0GkXpJzffKwrjZu27+QCqvNGX/3b1f2
|
||||
s0eZ3EkFam9cMD3df8PCPU7Wt/IN8Sxv7JQqkb6StQF3NjI/lnFLcb7qf4dhZItGZBbkWfwj
|
||||
M2PMEIbCl66bi8XqviJUUskn2XWfhaodv13VyXGeGzVEw4+N4auDM1w3WZ5SnSXWrFazIXCw
|
||||
IBWYFSyHlKawy+Rd3I9ueYyA7PqgwdczNxTwILXhB0+pBd0Z9FMxjL85C1N7iQIcBBABCAAG
|
||||
BQJMZ04vAAoJELNGT4lqoVlI9tEP/0yGcqKoQuNUIsuMasD3zVuh5j77i4wo/FCqQvMQIlzd
|
||||
PWl+gC9W0xDA7vILOcqZEErIi4PPGwqpQYGUgh9KynP4HQau+43qe2BrvdauFCIJPsmuwfER
|
||||
OwrgdSkKyvdXA08WG77v0a1V+u6nsnmbXg5/xZZdwCAKt+kILPVemxeIy+f1AAHj2zLnDGfy
|
||||
0JE1jN4w+JZrhdWtsYXWMnfRFQQqPbnVqi5BkFDeRalBn0R4mLTCCOZn/fGodA7EdmRL1dLN
|
||||
X9FbnfD8AWMDEPMDZ/h8HdK7dD16XxW7i5o6ZbVvftyf/yaF+bhtOyTHabkdSlMJXHzl5mnW
|
||||
mH8NVlTTQt05SJ86NhOjr98dhSvcQOxFT/fVajDcXAQbdKnylAWHEjnejGgt9QwpM99l/Mp4
|
||||
8j2rLgqfexF54y53km5ssTub3QJ19FG0FPLvRB5fnXfzOvn8iDhcC5V7dA7q08afUjaLDTVG
|
||||
6byCHe8TR9weCaCrV7vvGHzmEEPRNzu02C86SXGZw05eRMWFKJL0AG1avj6k24hsnatuoUke
|
||||
6IA5zcx81GbkqPDiOiiYJOEZFY1Eokm6MhIQ30HwUO0TQ93TdNgD0pJdAiElPyhs6csf6/Jr
|
||||
ijOSajEDcEOuKzqYnrmY2AmDgfyOrjoW44ADKOcRTnnhAF26ljBzwqa4xguz9HEUiQIcBBAB
|
||||
CAAGBQJMbL+KAAoJEORPgBbTYw+Jb74QAIQ2ADLJSvn+c5MBWYwc2NcFrRHIc0JXwmn+wzG+
|
||||
QLeFDGO9SV//LM9L0XIIbsFFn71Rv+/KqyFLn9SyeGdJakuL/AMC4qF1m6bCzwSMdoZeYBwK
|
||||
2r3bgPU4xW94O8zKOfRF9kwxP+QK2adfR1y7j3X70rICZYAua2ugkZcIDkN549PBze+2LYnR
|
||||
3CIhyOV6nYTArKhYuaDiNnS822l8VThOgk/Dmdof0+ExQfl7Nc2oAk7wljhmLX7nMonNZcDI
|
||||
ct+fDsVS856UYg3aJR8EuDCAayZHZvo24/bKPwroxl26+tEEfsqks7epWZZRGY0lH+IY2qoP
|
||||
oFhHPodpAw+faiafD5/06Vo3SzH2i/btYQEwwCCA21cRLwpv9432Ia4ekvjPQ2E3fjBWGyNs
|
||||
UA49MYhtllX/8jk6LE+AIU43PFit6ZB2BzVBunsy/LH4ZLxdi5sLTA1f0dO9jNkqf3xGbRIp
|
||||
PVXtQ6t/9PUXAy1evqWBQgRNHVScKL6pjuoLurSIenQCbcNQo1iNLB9DuenAHNUBP6Ny3cby
|
||||
hqMpazBoCIb4HqtdeUBmzdDZ3okIdjXQaxsHZhDsLNQM1ggj9mu0vJWSkXfdXpew2Z/J3Cco
|
||||
lOuTcTqfGi5kdoDHPLvFDEYyrGKiHTV6P7TxoIxml4A0rY6gHFYlF1b5SXmUiCt+cKMgiQIc
|
||||
BBABCAAGBQJMbyrFAAoJEHxWrP6UeJfYj6EP/0SlRe8esTX01wSot7D9mZfjK/yvpA3g2YQi
|
||||
3U86Nb2vvLvJAamLzV+Ka5GL34lPASAIgwfilQyVhmAsyTOQ1sIU+rPav4olOoUTBaORlzL6
|
||||
1AmhtI5N0HpjgnIDLmtKF5F/kRxm7JmcgnHgiKoSZCzZH2tomVVIGA9/aSDznr4N/uJZ0yWT
|
||||
6MxKbmS3udM8WAgKxNN8IB2Z/xVDJ2dXMt0a4IgHNAn7wgfaizOiOKaJ77c4c/LNRiyhomA3
|
||||
VgHDBTP+WgDwEcJupo6RiXWyvd1yDTEsHCApieODSIlniWUePiuwjBPNNKwH0/yRo1fkK6cY
|
||||
kqbCD8Dk10p7HUr1+BEGW2fns45mpwJH9PvbJ7e7VldPs7AKmEKC0HHKZ9BNa3AJiujwnaUj
|
||||
EYt6hq+/DRUQp6iqTPDAKE1bNTA4JD55zd1gGthsGHKfTSAydT/kdvxWH8fK6F0vOssQy7iD
|
||||
o+8VVoVpbl3qJ1MtvbJTxum4ElFhPYaG4Oh/JPK1vhWVXva9T1PX6sGskdC9DPgDLStCweq3
|
||||
RqzAhjPvcqgpx39mZGU/SQzwVUFN7aqASNl0ZFUMmnZ/4aNNYXY9yEAvx8GetdZm8s+0gw4O
|
||||
zecerDlVf6xykodTT9sK3qiiRF53P5A8HlgyXoewut6MyKGEwhItfUshFSp7MMMJcycl+I8Y
|
||||
iQIcBBABCAAGBQJMb/jgAAoJEJ0LXlse7I8OrucP/jRV886elnIly0yuYX3ALXDPgGKFwbRZ
|
||||
GWC1qjf3ESdrqjC+On7jMLnT3/A4l03F23bpHEAOnTl5Ounb1PrhDnvo7msJUH1ZdtqsoT16
|
||||
sAPbq14Rsg4+n7f72KYKwcQaNVkgizg/W6a8VJDOxQQgkrZh3Lp90O8krIp6MDgd+XKEQRjV
|
||||
HxyhzpHHyqAaY+/nhRY3VXATZ/5K4+pdyRt0aWlpvftYTvX/iZnGBrsfjgYkBZnix/+PfFtF
|
||||
A2p0AXfiFfFuU3BlE/kG35gGDgbYf9SouHuYeR6TLgEMOekxeqPacbTTpM051Mq4tewfFQHM
|
||||
raLLSMCucl+duu7kyDRXfwZ+zoQ7I74UT9gRkI/jSYecRKAoSYnoewDo2bNMEsnYjFwyf+Zt
|
||||
MEV3glEDcE7FXgm20YYjFb7uMQIVbiuXnFho9RQFyu6z67cfIcJzEn1pttMdV0vmMfi872Cr
|
||||
BKGHxYu4gP1a+yQWx6N4Xgm1eJVdAdzhmkX7mH5C2GKLPIWzwT+onyi3qCCUWp4NL+2QescH
|
||||
IVkc8daU0AH4IGp0A83dpRDb91vYWFImVW2brurAsBwNtKRhpd6yG+ufE8+9PBzQ+hZD4+C0
|
||||
jyR/T5HAsuMQNSfcDDEi70E6wRLEd/KYp0YePkoAKES5CB3n46XS+WESddBXfeK0OZpAbXye
|
||||
45lyiQIcBBABCAAGBQJVku4RAAoJEOugxsccACVvHtQP/1218tsrXF0nLofFs9edddWw4NLo
|
||||
ZYc3HvELTHfyq4/41ERGOQoevO5/3tMzSyAG5C2lmKOz8SDHjAwkLmbqiYI2EbwYxLg1lTzw
|
||||
1jZGpjzBfKm+dll3SWroKiyesv/iPrExc6fJ1mxLWtP6G7R4m6ibmz46uywwreT6WvhKRKzs
|
||||
IPQdf84W13y2ItpFe9n2U3/Sy50brOnqAiLj/zIP5PIaaHzrqUIevdINFgyIWee2s7tTDcNm
|
||||
zV8TV6+cMs4jT8nqguNy0lBGjMsSm4BviQRZJON7h/v3/yf67TctHMWJxeD62STnXS6wjEIk
|
||||
TTYSNSEZGvMw6Ti3lVB4nlx7WW8wLX9X5/1QdPc9jZyVpsh8QzqUtp+jDo6dfXPBYfUlwm1v
|
||||
Q84BVfcknpMkVMDLX9EMS8M2HLWBGCOEa2/n88ocUnjX2ZL5C2MGlK1TTyxSWCA8D9beVpKa
|
||||
PdYP8JfUiZpC5nLKKBvyEGJhUa2dOY6jdbPRZX+V2TWMIwGWq03kSv4VBHdErK+HUXXcFvue
|
||||
OdQBEOcN4H78RPd20CNTEIE4bsxgT+riXcjUDDrfIH4EQsA4oh1Z5fXpE47y3ZMMJuWfRzrg
|
||||
es5QTKNFKDfLsDwPvgyJV3iLbJeKp3G/Te+scm3UDYi9dCB0eu1MiKM6SIxrJIGzl068Xndh
|
||||
QNLOTpCjiQIcBBABCgAGBQJMXbYRAAoJEF0yjQgqqrFAvAsQALNsAqgOJrnudiKERxnGU8dD
|
||||
YlxWPADlESd/DfsoEFkyd87GXVzfOE3ZaGKW66PB/D8eEfiT3wWVNpmAfIoHePXkPsA7NSyD
|
||||
CORROlpxXE9zFaiRYMzY3EdCsvSjSn2F3K7pymCC5yuYFXTW1J6x+CS8YCEautV5h6oIsGsD
|
||||
4zqXyHLWM6Htm1J1Rk0vW9tJqtfO39CFD/McuOUC6QMNLeBlWri8VDFmdGixOmLNAtBoZkPv
|
||||
i7AE3BFa4utWcLLjm5gMDsPW2xag21LAwX+xiZ/G0xkDfwKM6w01KcIp03wVzWBwtaUApsmu
|
||||
6fsH6gFPFuqrAKadAJY/L/U0A5QI8Lw8joq152skYYwzwC0INYTw+gst4IJDWPtjd5sK80Q9
|
||||
NJpnqLJv91KAn5+Ya/i+K3jjFQLwII8x1rX+B+hxsbofh95VdfPJW7W2ZMFAc5kpiN6Vmw6O
|
||||
X5i0x407cMV2TslvGI5L0aQ1T9mnMipqMnQNX9sMjCUSRNVa1DTYPr4ANkPy4ssXxenRN6Y6
|
||||
J1Y2KORYgm93FfUpQaUUHOPzBT8PlfuTn1rNZpIABEl7RB2qpsJIWytQjZ8U/9epUiiChMXk
|
||||
1zmB8izRWAoX9NtLM7KttiFht1nRYgB+8Q9/Ta5mros/htAW4slcFzNwEqFFEYNpgdtfh+S5
|
||||
50o9SeOpmQQqiQIcBBABCgAGBQJMXlHEAAoJEDkUtTL0376Zk/AP/2NHH69E18cRAOuET57I
|
||||
oRZmJqa+a+cIdmXFIhWlxUtQfEBdXwSDDcCNVZCWWabiHieSEahXSbCQIpjsjfTLHVVmBBCY
|
||||
a1XFHixF3tnR8auN/KONFQ5tl5IViAw0tYBX1zbx3FqZf/XMqzOr/twpKrbI2VaslvjPpu1E
|
||||
sZ7KiXnqjWU1Dp9ydwK7sdb34V6w/N/uonaulFq6IZ4GzQzIaF7/SkOwm9am9TKON/OmE9HL
|
||||
hz4kGimtnvztfaGQANF/YxBdjXEvtUp76y8QwXrxOD8f7EFQmascGPIJqgR9KLYp1Tsw6EFJ
|
||||
eKpDGJjzevkBN8eeIDLOWfcG+qlhNHHtnbfXnv9Ojr8b1idvSsdqvwFBAjw2svZAK5f0wkrx
|
||||
KU3U5/hTIz89EQuT0o/oJWBj67ONQYHyh4CYMZi3oTiqFWQH10utKi4kGnM8jaDA2No4q4xk
|
||||
n6L99QIU+RClkamJVBQdmzoSYpjiFoAlXDIhwQGt+QmhbizZLp6NqxXJOOHJ8ictRpRlzHOq
|
||||
ERlLNkmaaf4YTyBeEIH+GYad/xiqDQqm5NQHFBira2dZskxKC3SND1e5sTd0nYIur09wbJG+
|
||||
z72oKoiPMCf4Lzawpi83Yz3Swks8hZ32fbObhuiAmfXqEfDlhbf6Hz9NqTxE57faXm8pWrRy
|
||||
o1QgHe7WNpM8vth/iQIcBBABCgAGBQJMZa+UAAoJEDIkf7tArR+mQ54P/j192Qx1SS9xW+Ao
|
||||
2V6IdWidRtV25Pkt4LckZAIJHfVEvjpM8z1uuY34YacjFeZWtfI3mpM9JUQ2Zx854oSX9z0S
|
||||
iQ0u5XnPNBavYZ+DKgGygOyDQdNdjvdzR13IT3RIu+OAnAFkBfwS2r8i2rrWpeZxltPR1Uc8
|
||||
J0ZtJ+DLgdbtWZxCGIl5eupdbf03oNQ0GHP/h4W9Ls2kvJOzILQx24+9tCZBIi6ZuHjlawhV
|
||||
uZwTvhuc9HNhl5knHeyOZCFfBcNTWFnxuHIzYq0AU/12+WYuZ+SLll7+yA1yHpP7tQrz6oSY
|
||||
rQGLzsBq0/kONM4WYmhMQVtgxuxjZV7DK8+1f1YlbKCGrk/R4lZ2JklJ2+qI2WMiiW4BdZ3o
|
||||
CkEi8z5Z2vISsbTe9LujYnEbiTyCiEZlrz5bkavOgMP8T/0NlA0GSUt1Jo4hkLG9eWUfYgq/
|
||||
7N9vMQd0ihpUVKciJyqaSixVZVX2OdUW0nCh2ftwOzfvjhBG3GydQDb6Q8tdiOeLL4kB/zpO
|
||||
VfZu3UydE7CAtqzvNj9DRR6hfyuELHULoxkP7DHCJIx2k4ZZwgUmLHYIyni8ITsRUnapzqwO
|
||||
Gy4wmQM9ZGvI1vFXINsV8FUKg55scO7baXwizGX6UQ4jwvCBkt7i/1lYhY5udn8vmQ0cRf9Z
|
||||
HjKhTYfZ05hp1dAc9Z7piQIcBBABCgAGBQJMbA/0AAoJEHhT2k1JiBrTtIEP+wRhrJcz3w7K
|
||||
y8F8xF7+ihU9k/lvDjqZLlYKuX6kJsTupTygmC7bNVw4uBfGzlujY5kroa375kGK0Q6Uh4PT
|
||||
ffiySDUmKj4ap29rlLT3JzFuu5CIH2jskPEAYhqgaf1NZUKAcIncDtVGZWi5J/Gi8faVyRnn
|
||||
tE86gVvHzlgsDoz4WLE/Wer/LUkotK66I9sn6t877lm948GIrJ0pknNHB1bCcR6YhNRS6fI5
|
||||
n9W3bkHBBs+ilCd1GlWKl+a/NmBnr3yMKEYrM8hdh8RVJlHW1puyLruumoxolSToGvhAIPV5
|
||||
E8D8dc92Pa5N0tELtw4a1Ao9zl4X980QQ9XPqp19LdgrN4ipqxgaxlVywzSq1fObqtSd5IYo
|
||||
NuLz3PvoFeoDyP0degy+4PxXX+hERcpe224No/Oo6cPvyxblgftFpMlRVuxLJx79m2B0db/A
|
||||
lIEN4RAa6mO77ZcJnAeInD6ZWnHw+bVPTbGnsz/9L8EJA/SjILpBcG9UO9pqUYu+aL80AgDF
|
||||
FoWlq/Oy5YOjTIBBMcE9iN4V7RV0S7ygA7xXQ8JEon3lrgVNRQ3tyrqclXKw90ehPS8ntYJe
|
||||
8rr7M7hw9SGC/UwLlZctG0BO/Le1aoRI7U6NTnfKgdhfn2UAPX7tgSAX/xgZDcuF3T8KeTwH
|
||||
/GYjjUzgeoKuZMtfMjXtEOfxiQIiBBABCgAMBQJMYt0+BYMJZgGAAAoJEMzS7ZTSFznpEuUP
|
||||
/ih8u8cHaYsnA0vQnfXUB3NDtKpwPA39yTh12Em2QWP9ezw9CizD9VRBmR3kksbxvFI7lNHF
|
||||
bBR26jzHvz5wh0OFAoL0QpnwqO6YVDYAnDbwU+9Gyk9zFz5WAiTaj1AFMA2Y6tfq9M6eYOG8
|
||||
7eNVVdRI6NOwmjO5cO1NNFO6fo4zxa93VLX8CS+4Xgt+qYnJc6bZDbwUPdmfSr0UgRVVbZAO
|
||||
CGE4f2tSeLQwEOkO44XB1rgRilyGu9dRShgxLQoauAXzsQvqMzaNwjal2bz+yunhj14Q81xk
|
||||
xJZ96I0w7IzMPmu5tjyPa/1Bhn+f8cHkqQQKcu4Bf2OEtANNU6M98reiS/K4cHEj0ChdFiHX
|
||||
l2z4WxSsihbC3megEX96l9A2uVgJK0VsSPQQkGKzVsJkEAsld8tC4XK4OzukpXB184h68huy
|
||||
TL1jdJkYcZoBQ/3Lo6Z7TJ5ZvnUhdpuvQdRfmBYK1AuRuNuhmPDYV2/qqmFOYBrpUY2/qv0k
|
||||
xOYUduergCG6cI8zFK+KWn3S3sfxVt/032qe7oa9/VsloGBRwiaLl7MAwzHJfUgZCMIcfJgx
|
||||
6sQRhrvZbwWg64UyG+xFuocSqTRkcCU2fezMZHhLA6B6CZgk0sY/VBQLBBOy4bmtb54AslmW
|
||||
f39NNnD/VzkSqURypo3aDKn/f/v9+JNBfcCJiQI3BBMBCAAhAhsDAh4BAheABQJKB2jkBQsJ
|
||||
CAcDBRUKCQgLBRYCAwEAAAoJEESXUni4YStd9mcP/AtRNozdY/n06hAVJCnI2W0U0/BknKBd
|
||||
z8SXGItd3Mb++tWs8tMvZw40hB3C6oQJu9CdZ4tzZtf1jSUxoAJjGTGOiz0pooeINAuN0xRa
|
||||
eLzUPyQNJpd1/CsZPFgtn4FeUa/T9WwHxZn/XzDBPd+N3uKzM63ZRpKU2lkSvSrh7fvqP13A
|
||||
h8Zq/quMgOsCbQR6Dp1swJIm0s9gPfN4mEVXeknXnd2vRGrblJYL3u8V7cfjUjnCUlFmB7U5
|
||||
TiROYZYeP3OIuDsAqv8+xweBswWxCxX0LYsuRHRxmLKWEYHAV6e0czRSJYKQdV90+URoOZin
|
||||
Qdeo24cWK6caJEavAHFnDcKP5aMCrCtp9hM9EB1J5/w0zOEXLotwhD3cWVDv1k2s0w9wkNZp
|
||||
PJKRdXL9f0en47MpqJqR9/8U9X9j8t8tTUbo9PcUcf3YB4hvmEBauBHrCBNslMx58uPYOFjV
|
||||
YqbwHUzhTKHhUGVHbCkQrUOjD0z3sjKlzXFqO8Ba3sDAP+hs9+g3YUQX+A403rYJoI/b4Bvy
|
||||
eZ4ryKanz4/zhskMDdSBZ/UvduPm+gHEyq8Xtj/jxRDX0EqLvkphDdUgZqnmanx3FkkH9EOx
|
||||
fUxnqpdwJvAj6k3diWEuei7pSbTBlqi80fLRUm43135UP6AryHtUnraBSsaGskH4pznmwUfW
|
||||
Kh5WtChHcmVnb3J5IENvbHBhcnQgKEV2b2xpeCkgPHJlZ0Bldm9saXguZnI+iEYEEBECAAYF
|
||||
Akxr78UACgkQ1cqbBPLEI7xL7ACghnGFWacQR2ySOwHGcuP3y2NepV8AoLz9sWYoqYd0SL5T
|
||||
192WWkJWAboKiEYEEBECAAYFAlCf5Q8ACgkQcPNeJG1THnOB7QCghdTeFj/8kaopb1WjUCof
|
||||
BrrhzNQAnjYiGUchyKzDS++2vV4VPwxvMZZIiEYEEBEIAAYFAkoHceYACgkQMhdcDcECeg7B
|
||||
0gCfXpPTRYvu8+YGBrnl3ryzbBrYCiIAnRMek3cGNpJrDT76nPCVkp9J7zqjiEYEEBEIAAYF
|
||||
AkxccSAACgkQ4VUX8isJIMAYjQCfRZD7k69DKbhcMYOYWt5paHpg6SMAoIPdjQhnId+yPSTL
|
||||
h05O6LtJU7XOiEYEEBEIAAYFAkxdPysACgkQ1OXtrMAUPS2JYACeP1vgz920Qbq9CMig1p7V
|
||||
9Bve+7sAn0FIeNCiAGp7owWq6mZX4BOD0o/IiEYEEBEIAAYFAkxfNKAACgkQ+YXjQAr8dHYl
|
||||
2QCfa1lGYuTcxswPc6nqR8P9G1KoS5gAoNsq+dtZCJmYMIflfGNOxlzLUsNziEYEEBEIAAYF
|
||||
AkxnTKEACgkQn3j4POjENGFPMQCeNYzQIXlYtcurpdjQru//evWc084AnA4MQEEKUkVvRLOl
|
||||
PvkCi847vss1iEYEEBEKAAYFAkxeUcIACgkQ2hliNwI7P0846ACgm2JlzfNk5w49MB4cGDwy
|
||||
Aodz+MQAnjanm/JlttRZCU+zLaxHxEj4JovdiQEcBBMBCAAGBQJK22d7AAoJEC0NWrh8JT1S
|
||||
LqwIAKQmrdBXWS2UmANTYLBfDuytJJm+mHj1YSJ8ro92xzst6WBmqxMwQ2EscOv7S0rI/LGr
|
||||
8PfXBnpp7Mf3zhwEXeUts0ZUt/Vy6s8UAVPTGPSQlj/Ya8u0mFfXkdGsLMgMdds9Cz8fLbZr
|
||||
SycslmVmLtK4S+rhjQhJ0vXt2sL5VJ3HRznCpmSP5+ZQOlH/PenHLmV0kC9KcOsrxgvV6Rls
|
||||
HIZ7oiATogYm/kuwXwQ+0qQAMsTY3AGwE0yuMXvDuDUnGdUBzaZJJZ/wodDFYlDxTJb9NOh5
|
||||
P7PDBQghiR0LrnU+Y4b4Oh6ne61EyGRhP5ULvZ8RZsvDCO27gjNxRH1nJkmJAZwEEAEIAAYF
|
||||
Akx2jugACgkQIjrgVb2U4VSOeAwAsBhm8cj/o2YZPP0gFdUCUyr6ecydoD1d0ER8wwvOci64
|
||||
bA6Xeu+i8LtcAHKowj0h1uVye9SXK7FpfyPlD3j6hbikG5CKXSwwEfEOUHmBIdY+UarL2Att
|
||||
791yM3hADK/LjKObU/hEFs+b50xsug4pbYGbnDgitj4AG7mrqLLReCAV708jbizQyxizDl2w
|
||||
/aXbgRvjjVczuxFeFYGlkIFv+da3NoeYCV1oH7Wcg2vrBb+TrxgIbAMW4V36v+fIPaTsderL
|
||||
QQTv86Rq5Uv+FvZaoA1y7rXMpDbD8OJ1DdRv5BeDAGOAWUFYj+XDDdpfKt91zOlzfr74hikP
|
||||
1NWx0NEyG09wxvkV/6P1zjbv8NVedwhDBs6QQsco/oYx25Pqsin+x0mnc1NiDpR+9Oe7c4ha
|
||||
6JzzN3ufllxydLpK4D1RC/ITKhNhIrG26qSEtk9K6zM4QQbD/Ngh/hztcHMObLYv4MIz/Uus
|
||||
K+CoJDI9kPAISK7zKTHfGTbM4O+gST0gqcFSiQGcBBMBAgAGBQJSKkiDAAoJEO9z5tpYNrga
|
||||
fAoL/0E2pxy8oF9vH2d87G/tYfJB1sndWixltZtLYJMZ6HVAwYBsq6ju02893SllpZ6xp99x
|
||||
xAss+xeJF8PlpH5nauQOn07IyUNTytxa6kJ/xHcIuVEVFEBU5SUaXStqfugM/EE/V8pbW5di
|
||||
oIILQx52NKli/JhrBWlW4/1k8moyuCkZqYsdwwp2QgLrJhcTNB1nWx4DBgonAL7GOGy7s2DP
|
||||
6zoQT2rDmlMY+Y0GrYkt6dwwed0y8mP/6c1ayLP/5E7ZlJK7Lj/3WFxYXeOOP3rU2xm+Brym
|
||||
u1ND4gGC9P+p3rlEBJ/loSruk9bbviULqiO5s7dB4Xzr2joED4u0suutYtSPnuY1fNV0DGxG
|
||||
qgYvhwxcuOHVD3zBMuAfYoGSRQNsMrpzBnfytP2pF2CcS9L7maaTBxyKF7UbpqdvDDh74i+A
|
||||
/J2O0TmMuraSX6r/szqCS8B5UdetjxWHpaEViIy4TiFBMIzkhhJIn4nngn8lHniRT6ex+TWp
|
||||
dM/vkeO5f9ea24kCHAQQAQIABgUCTFxxnwAKCRDxppvkKcD/7nyjD/wIQDebpZRkWpthmHaP
|
||||
NtpU8vn2WWtxigo4D/crBIrhWCvJGqm9P9n33AXpGGc3T6VEJGyq4lxdwBP/K5FC8a3hgCXr
|
||||
dXAA+V5knfURy8kya5FBGK34YtrGXBcNv77I9GdGdum+tooYNnNJERueRkBLA4aIImB/W3NL
|
||||
eL1f8vWVi4vys8Utpj8+5pg5GLstbpmzewtc2LQFstMDeCjBsrDiuZZrsp3fO6zKnizg0SOS
|
||||
jTkSdXwvCma9j4mlmU2Ry9QJf3EBqyDwhe5Rcrl8TopaP75wOKD3r5npo+e95Wjvxy06PjjK
|
||||
1ntAYLMuEODWiKAhQ31YYYg8v0yMvBRFLfFmtgmSoFcIiGJw7azkxJefqIhQr6SWUF2G3keQ
|
||||
iD3qNjrriIqxdJQqj1XZjbwwHMKlvtvokf0xCWltpqzgW9YBcKwqr80Sp5Z2M5wjeB9TWhSu
|
||||
uoG44r8dtz7GEVllGwGd+hRYbyhdaEjdgFjZtJ/T2n5ESYQ5h3V3vjJbbxVZ3fOE4ksVNEkR
|
||||
5cv/h1x631SuU/287bb/ObGieYIbaIxpaQPedcPuX1+hHbLCrtZ9FAx1COzhIJbXG/2mS+2b
|
||||
hTUyax9RQ4n01fgsU/C6FPeGqfyrrfijS2XKQAGsigRGm7rIjENjXM2fGqNsWGEPt9v3YoAl
|
||||
vVv216XE3sCRMz4Ua4kCHAQQAQIABgUCTGAriwAKCRAedZpyap/ddM2HEADRXZZx9vRiIKFC
|
||||
taquk6DZB15B+CTJSe+rhtiiRiSH8GZcifbF2ARqZF00OctbKkbBNycNV8FuxRiaZZSZN1fu
|
||||
ZckgOKwMK83Llj0tHd+BTrjmOiZqrZ20l9j4CMfvoTQZLOqxbf0XKpfkx+WEf8HaJ59+2GDy
|
||||
CvqYrzYW4oQLdc1wwQ1mI/6XcP5YyTPaOai7WzrRhL0ClYj6/kKrcyzUm3G91SuC/AXPGs5n
|
||||
8QVINq1hidCyEjuRO29Pi9YjOIRA0YSmWwmF1Jq0CAWDlSeWZf6oZZq232UM4OnDosjp58pj
|
||||
ldIf8YS8TcNLjFZUSq3ilfIJgTLZIfMj0H+YZyBRvHL8071X6xmqcQXmZb2xGOJHu/Zn1qrq
|
||||
BjN7HIOrohVvVqccR5rbmQp2m763vqGCPL8nxZszGvH7v5PFCTdrfa8tlqiugadUvYW+SCn7
|
||||
RI1QMijJJjrlWolD6ZJLSiA21a9B/y8XmUluedCQ+RiJLzYBVSZhHI4j6EdavCKbTZfeUZEW
|
||||
PiYbpjltZ5oOjoTzI/C7GKn/btPdY298tHPIRPJP2P4Ybi0Xzx1tsZIApFEn/uHxzxndigef
|
||||
Q0EtTz/ikmVN3CAPo2i9dj1urBixB2QuoESumF2hjUHs9rZDtug6CuskojI0GAb2wPNf/U6x
|
||||
ugU3APwb6c8O+66de8wHNYkCHAQQAQIABgUCTGA3OAAKCRDXiExHGOGPRLxnEADsBFKXFFK9
|
||||
8wUfiWk8b5ov+XJRvYhrOQZz7fX0iIxUaZCLaSIViyOD8RYFXr9KKuhGc7pcEvU71ccRdmN3
|
||||
SoHz+RQDrCJlRgBosEAY5hfIuqtuCEF/njo1cNSR7kjkYc5PKXpbHL2G+15X8aOBdsd/Wa0W
|
||||
E6vLxMerhS5ILRbRs30W/VzcNnlb/3dhHSvJPVF9FGBeZuOahY1edZKU7xu8k+udND6lV1Xy
|
||||
j25Ty0mb1WfQ6ORuqLhXPbfIycqLD2sNmpFBNVlRkRejEhJU9IiOrqkgECPjqKUMo9cnCCt1
|
||||
rVO0EZYvJGD75wl1PySqbQus1MMLep6FJsqvnUpEh/HzS6+Q3/2AL3a9JLITDm2h0TkCeX6q
|
||||
o7b27aoe+J4cjiApF5E643OduBA6Ox2iauEr1t5d1J8ewFWx929EQYHnLgHtBx0CzZGUAZqU
|
||||
NJEqLwfgxZaN86Kdw1xP6qKCuCdkhrsLt7gsACvSpkIEEhVxoAHqJleWF4MqozwfpsEO9BSg
|
||||
L071pyc0Czw0XJlNNq2sn/GomNRvXLbYeSpqzsLdOAYxsG2l7aNRHVb81ml/OEvIuxHZE4Ae
|
||||
cjxfsvnONarc5jWIA7iFgk3sLaTVejP4Y8cbn4rXn+98QwseRPBMHRPx84W0Rx+YUXQSAvVG
|
||||
2GboFMP1PvnEEv0Qqq6JsdMmZYkCHAQQAQIABgUCTGWPGAAKCRATwLVmejiwsLktD/9ALTT3
|
||||
VOyGLPKCdTYn+kXo/R4x1+VpRdoLLkUnxKBzfTVqtHg6X9GAqMn4b8PIgIh+9ULPiK9OLV5k
|
||||
bdko3T/cbP+Cl2iqSbVZoKuYpf/xd49oIdiJm/omruVotTDbz5vOHwxzmrSRcxXNzKrnmptr
|
||||
f48dZjoDdrirUJNDlPE7yvM0IvBSwPv5R+t7gcti0/ZZFWDSEQ1fphx5q5fD47+t2Oqeyq9s
|
||||
oIC1uO9xnzB7tTmQ4m1Up0mwRsf/r0JdTkcT2Q1PNOttWUY4aDncF+d8wCraPW7715C7iP/U
|
||||
saAW2h+MwAVC3yMT6iu1dcufRJsgFg0iEd7G4Uxp4IcCfwSLWD1mh4NEXZ8Tis4hTnfpbICs
|
||||
Go7qPAFDdPhWRw7ZGs/aLV0+E6hu0t5hE2CWaOCS7hfx8Z9W1heEuMBqDXZeSEfkiA6/sNHW
|
||||
ocgNXiDXVMdyHm53xlswdbSDxDT6CPcdvzHsyNP9/pYd6+CFgTBAw60XqLrjYPr3tyTHBWgt
|
||||
vFS0tmSq2h6zMht+yMu0WCoZgw4iTYKtwoE+8RE0aaqwxUcNw1w5h8TTFY0b0NyfD16pHX94
|
||||
TruaZnlnpNWZtHgYEqtobMH6SKyOsy0G+BJ/XM3jLKczi1U5osqH0yBRCWxVk0uUAOT7Y8fi
|
||||
wkUSNQl8wnUbDoRSOtwCn1AQ0LRgOokCHAQQAQIABgUCTGbH+AAKCRAcAfRDyck8Wux1D/4y
|
||||
7uso609rTdbQTInHqA2XUshIOCgsk9aW9Vphgs4hY0VEhhfRyajEa6RrjdYs68BuWUWO8qs8
|
||||
PKe3LhgTDv2ZmSBMdXEowYVY0CvvHhyHHZwdMl+6vRZX1uI3SHf3TKqT0eci7gNNvYnCbdMO
|
||||
nXiBCM8nYUbbPOzSBKFEq3CE7EhNOvSMZwTu6pnOdH0qiVUvqNTx/hEo9qg+brPrPcLho7Yp
|
||||
cGu/Kuqp30r2b/HVv4U5X5mOy/OebqzCAb8WEdWoY9V9sDo0bf4or5DZaY/JB6tozg7bQ4Zv
|
||||
CTwyu4x9D1SqnySE9/wsu9xSlhni8e43o9ujv3jxABpbbOPqt00wA43wSoCbdfv4mWLsbGk4
|
||||
byKR3eWEh1XcUwRfaPk08fh0ssskKBk8C4sUMIk5oTiT+VU7IZ50gh8+XgMxrwdMcWAQH/Qs
|
||||
VtsYhDGA0UTw7C1Qp8mCmeqLVw9RA11d/S47UgYlXBQiv+3LXuYfmz/sALy/ktIpz/tp5CtY
|
||||
PeP3CPuFMTlKpVScL7+DbeW4pwwR3pkm1QAVaG/lb3Dqc4QpYcucetSyfdof1E7ZQtCRTR+L
|
||||
BXBHkfqQT4xnqYOU8ULraaLaUGOd3y17rlYUXlHijhNtytzSbn+GPDnbteQYqZPx16IS1H/6
|
||||
buaSwB5ZRHBbfsF9O8JP9+ldLkbjaodxpIkCHAQQAQIABgUCTHblCgAKCRCvIoOqduKse+8L
|
||||
EACKRmLci/pI12k8kF81SrF1TEZG4Mlqtij0vFQNTvaLJW9PSX5xE9ln/WcsLwUPf0ciV7bF
|
||||
M92bdaPiiEDOzpC3MFEV8Kx/cBGPdGNx42SHbOrxzbriIt+OCFxylsqlElW+Wbo8chPtXWzi
|
||||
/G39v1a/xHVxzBg4uUPFRL6zOOZ12M+l+TCijja4EKgctCb63t+x82GCW8UspmTTaEn8UT5F
|
||||
STK+qp4+cQeIYBRBcHAGKyfzKJ6Chbv3MlNq+zhmg3b8NYLTKWOgpP4th1v44EeO/R8Oibnt
|
||||
KJ9hqQF7a58hb2JLuoEmXXBJVk552hKD5UjKm1DrfZAapUTbWvVv9L5IdozaDph+GZzpXQ4C
|
||||
Mxlwil3JVEe9sWPoT35iApFSgoWbDNYGW8M/CRiyLzYtCqcAzExJbU9KnKOV9kbebiZ8J7CZ
|
||||
gxot5en0OaXrc/ALPHjYKrNmZEQ+B7dlUcN7KzFMEJHPC5Jb9xsV3Jje6T17lA+W4skejqPC
|
||||
ZB1mi9D6SHTN0MYajeRLasFq7F1Vytd0H09MLkQ3i2lymE50Su7cOsMk1+KjA63C0JmMquMp
|
||||
4rvuBt6Sh3qVaXDTPEUV5ZT5by7z6KCb4iYg7AB3IsCTsP9njUCZh19YE8IKxd4y1XXD+ymW
|
||||
FwxcQs8Fak4HdGfmXLf7G55wI1E4GHFEwWMJ1YkCHAQQAQIABgUCVXGlUAAKCRDagoMOPMw6
|
||||
OpY6D/9xPI7IEHZCcGdZV1C5JH93KmiqARv45K0p36nAxmGH16mpFYtTOuK9oJ3ZSAZtbGp2
|
||||
oppbQX5AZHhRUvHcjwv33ME0RduosJqeMA8GT/xZKfXNGvQpn/ZG/pDyDLbL0LyEngRR1R+E
|
||||
JCPNAna+op7ULQSQ/gf/HSwPI6ImnirMwXFAGOBSW0s29z0ilC/BYRlr4xt5uGwWugYnyhJK
|
||||
/SSwrGBaDxB7hakk2LTeVOe18etFCno07VPoI8pUtNLBiLmySM2aK2Muy4NR+jZjU9x6oDoB
|
||||
tTq40fkFln64nK82hqFoJP6kDPkzdQx5NaRiH4PAr1DOydHyXofs0MghS0UKlCZR6rkyAR2k
|
||||
9r+b9+KUDEQYrHXXDqhpeCunQv9LGzTi9GmaCatNHJTwTmVk1+oydWiruYLQCQHETCzQrK2Y
|
||||
FEonJnwJO8XremTXw+V3jyKZLee311I+ggQmtI5StRF7fFh7OGzdJXBVw5hI1VlISketFvAz
|
||||
rllAI8Txt59l45NFNkZDZlJlJeadffen6GOXsWr5q5JfS9XlfLbGlzlrcZCG0uxGfKoYaUJM
|
||||
0SNa5rvWO04pEK6AjBufkinWJBIJ1l9bz1uSkDY8g2tQWvdZrqGgih2DAXDhv+lu96U62fn6
|
||||
k+UtKx1D2Y6JI+KEdeGffuVp+4SnydvYIAH4GgSaN4kCHAQQAQgABgUCTFxxMwAKCRDxFAhM
|
||||
CGEREQw7EADTPt7E7JjfPg5B5r8xEQwvWnQ09/dE9xie4ohfzCOfGVpvTquyG3xKrbw9SKhh
|
||||
akS8HPLGgBvvodqvZOqPGP6eZKfAAZmlER5fAEtw42deAGhL074S4XOeuPmRPnYlzPZW8cy8
|
||||
HhcmjbuwXbhC7SJs1KtQ+sHZ6ihtTqXoqjsC1ArMOuA0Lsw9d4IOT5sXILtqnk92ynkX420i
|
||||
yAiRU5RXlASnBNg5fAmMGZbW2/EGrHtfE+zzpqX0N38qKmBnE7kRgPM8OGYxYGpUl8x+M1zz
|
||||
KY8BLhJx+gwCzI4L22uKwqv8dz3kzdWD1RBUUKJycCDzwrR+RI+xO9cQzaU/HOykH3HoRfIG
|
||||
TmaewYDxl2vsVeHVDbGdZOmhVRzLqQIS259eRjQe6ZjdMiRJe15j+udFF/iVMgSgq93vWWNF
|
||||
WB9Q7dKRZyPHjBuFuL9YP1VmxiNELX/BkQlDXcnlXHvK+KSFuEgV8RgQenmFtHy64YBC0MoS
|
||||
ka4NtWkPl9EimPn3iAHNLBCfqqs83TaG9Fl8+V9se/B//AcsNoM0/3vBU/L/5F0PppPVO6fk
|
||||
ELDY2V11zy7L5KcLJWm8f4YwOKCdyDYPYVTpl7xGM+30n5h3xto8Mz6f5NWVZbfxfErLU5iK
|
||||
aeDdSebdqns+FUXmZYUlWJGCXEnY1aAzy/9MpRSz+mtXAokCHAQQAQgABgUCTF0/MwAKCRCH
|
||||
L3AsTW4lqMf4D/9oxFxZbLh/kRIjys0wNgeiq0oBLh+KgN83Rf+vc74A2q2T9/XiopuEtk0T
|
||||
ywbz3Xw9KlidyGr9Rrbl6O6aWpy0csxUOWvprE7jaTwjqZxqISNCcsPFbsWQieJ1bVv6upjE
|
||||
j/wrTRh4IEC/P+K1OU0lWblbeDDEv2K8aj2uiO8g5Ckp9X8Y47Lh9VMPvSOPN6aFyX0s1DDV
|
||||
fweQtoYGQOmteY/pFDP+K+FV8iBw/wjEVEWflqWUCIOAWBT4w2sJ49KDdi3RGmFk6PSp/JsU
|
||||
SLGrwUU3YnRiVh2vsK0X5nukWk41jm/1XdvPzEEpMK/RYiSAzGXKvs+UUWFi8g7AHQNfJOl0
|
||||
hmB8LYFV7mQOLdbNIVTRB/ImbexKtuLDxU35CIxrJFvg7Ry3ulIZgDgFZEM0D/xu+2tBd28X
|
||||
GjppOjqp2W6Zwnn4uwqBXMrggtNRVSeGASTDs8WPdwR3PxYKxx237f8J/aC3o2k08q8KbjmR
|
||||
QVRLlOo1huZxmXpn+SUUKUJ0dqrrQHIEyzGtS/VSRRI+Kj4wiThPOS6zmc/vFaLjl5T69sOA
|
||||
LS5TJqoGZz7j+GDK2MINkWWNM61SNyzomtdQc2PIICR7TP9zJbOvad1QDfT7kyM1JuhpvV/6
|
||||
7XIP/oxk6OfgMT7yHTF6rh+G8UUNt/ZBCYAipcFByCKDwNB5sIkCHAQQAQgABgUCTF1E2gAK
|
||||
CRBTlEed01JMUcebD/9aEHlc3TtXSGHF/gxVl0zsi3mFM/wibd2n/2Zv2gRrL0Su7BunKEMc
|
||||
l+7SECKbDzWC3LYucKhjgVuPHSgGakk3ANiXiDw4qFqiYil1Prf/MK8F6RWye00IIG7yZamG
|
||||
+1kLA5ft7sjO/emappGvW7bicXqgoEsazImSi9ekfYhLFKHn64IR4UjynHibKjoXA+EatPnN
|
||||
pT+IHnBRRHRq2uaU8ycQoxiwUT8WMPyjlIg7NT+IIYqQm7DRjSTsUoTwhdaMlH7YCbi/dX0y
|
||||
SlfG0LF/5fdg+MV0h/hPqy6gq2oRouILZlfEGtvv0vBmqagmPP+m4KJ/6/Ikf5ysMtC/NlN7
|
||||
exkyj4M8Nl1U07ijha5CQCvn6DyQmy7xT/rmbJ0i1zjZauFmPf1ZaqennMkz2ndC0glSAYIh
|
||||
d76mDDWGjvszrYpbO7KdJJeiO0LkoSW7fKxgabNm6x5MaPVhcynmjlC8BFbn8xuZQst13Pit
|
||||
VmFtIDX+SJVFQCK0Ypuw0NhkXx4sRqkBukASSwCRrDxPPWqlg9/Ji9uKjInS7M/y3RDZqwJK
|
||||
UZqLw2pdlzdAStExWfA3YAX6lI7IrpHMuoPUt+aKNyO6XBLMOGmAGo6LUP8vOvwfkFI72nWL
|
||||
IgHSbB7MzHLFcMxyb4CvGjpZQzu3VDt7sDIweT4ZqWMuMIxreik+M4kCHAQQAQgABgUCTF8j
|
||||
ZwAKCRB6j0notjSAvpDND/4nzSbiS1pMCum5H8dhR6odBPIRanEa8fLaltUQCfwG+CXBfuH0
|
||||
nguvR07j3oMWLZJ0YqZIfGWy+FRMAqFjkY9Wm35ddEO4fm5O7j662mJn32S7ouAWvMXeZa7i
|
||||
uhz7pe5o5hxoN9dzr/jD0qNIUwWzCl8C1KC6Gm2Szhnzr4jMM6fxol3i1TIjzqcRACqIFM9k
|
||||
rJdpHe18XEE0Ao/cNC4bPdPFEqFdDi+zoYXNrHqyCl0FqnWOkq9IVa6Sizy/8+ncgLt7mxpR
|
||||
CeA6v/N4w55AGlxfS284QzDWUDzAoMzMibhnqoY/3p9xup1tMtOZe+2R6/AOfSa7nB3BSGDi
|
||||
g3INNT37Xh3OiwYtiGoAPGnBvMdVQYeLd0ySC1cTls+HsXuhfediraNnzRRgioi+r7Ew29Dj
|
||||
H4O0gWhunw0gqn5NO/0sqQyN5cW70iIjhJlXA2pJYXSLvONRzQ9GmvhYIq+UA89UmriycCBd
|
||||
u12zi0NfEY85B8qqzFP1c0EJrHclHNm4SuSh/cXFlejRbIiSejp9uCHXQqELSRWzxRWOSy9T
|
||||
4iARC/twBSE+rJYfCrTMLKZznBzz+FgY/NU91w+teGbKanrKLKjRJtlXanm5kMSVXpmeTnc4
|
||||
x46OO8QjHGto4hyaILX+H0+jYcTFZXV1wXPqgevaGLL5fZ2EwfdURZOMI4kCHAQQAQgABgUC
|
||||
TF80rwAKCRDRXTE4ggBBc1JWD/9xj+Vpx8DaFRrmDwND90I7bFDux0MrxxGZ1NJc0WhF03+t
|
||||
1rqP5aoqgXTx6UxMHTTQXRk6dNKpqRdWCiacxd9LUpUIFj8QrSE6zwWweW+5e1lCa4cIC69y
|
||||
AHRN7LwdWV/s8dTbBWxPuCspDXrb3wPNmNaouw76T2Ny5Qwt13PnkaHmoNGIDju8yOpVhcAM
|
||||
mRIeAHgJn5X3WkMPi9dGfKr94Vv+K1dAKzl1VQ2DHUcS8dVUTqugYcaq1NXeZ8ipacQtTy6o
|
||||
4+aiY1iBJDvKdH1MxJGsS2EvcXT14r5YzOz+KTwIExlrKK98+3XI/u1L3VkUHqY9rILN03Q+
|
||||
cKxX/3dV3j9YDu3mUNL9at+cZ4FjZG/rJ0B/7frBxf9fy+7RnqKHsrr5H7jFK+mZlqyAWqLn
|
||||
Lxi1kW9tliiEZ5RgqLsYQk/nvvA/hr01rAI/todTvFHV7RIByNQVrp8zBbpmSUhyGaycc3q0
|
||||
aNStTXoy6dFS5WLAirq5o0W2zKRbWF6RAZLCwYAz8BAvKfbdDNAjTeXQ1X6kEYxEmsOJL3UQ
|
||||
UYLUHm8Ko8pPeaFLjMfRNZYVdQhpyLQbKxEDWwmzuAxODTHPa+bWmD2QRP6g/be8ff43L+zW
|
||||
Ti+1bglSk5xCncsGp5ydPfxYhAQiizIySbmVGV0u+hVPSB+vGJTelgw8p0PMeokCHAQQAQgA
|
||||
BgUCTGHuTwAKCRBwNzzxKQ25zl+FD/0TkiEx7eq83NaPbkxw4fQGgIfV+ZQHHZPHZxQmWQe5
|
||||
Nw+o6jBv4spK4iTQOgfcyZQ9vcNoxDyvFXTPxD1SA9VhJKY/pvZYgFk4chfIAwqsuLhL2B4x
|
||||
fL7XRU044MIy12YG24mQ6wq4Yp4CLX0J7XTkqF4o5gZ53W2lZ8IBhGee13vY658Ie7OmSwXd
|
||||
HZwLABOIck59PBOnDQmbIWHw2nO8esxPuCG7A1vJ9oX71PRYGe53310L/vqRWliGwgINI+Lc
|
||||
ghnn/GIxdBNAQzvn1vrBtLvZB50Ck5WxRZdRyAh29i8IQKVt43X3CeXatFqPke30n1hudgXN
|
||||
f5zu7aJAHA3TvIghig9L9uZtHUMIZzxSovTF75ACmxfqiCXxS2pxqzJacDpahog4rJ/AZbsG
|
||||
3787vyhM2zjCiSZIrA2GE53M4M3TQpV8gKAZy54Gdjy2S8FcOiFARFGXVu/l6j3vf2dDrTdI
|
||||
Hlr+Ta/f2eKfKhyCLT5ShZwem9O10mpDfP/Lznb4kPKygCjT24t/UdY21mvVKwAiXDtkeeSI
|
||||
LhXVj+I4ddyx4xf5mrH7khCxwDiYKr/sPmzFUg6gHHPsxIMoV/8+DA/VU+x/r2thuSH2rdKp
|
||||
IuPcN1fLI3R/Buy2Pv3KGHzzOHQyHv2UbfGK5ijKY/lF5Y3RWYynInUcjQLbx9g+V4kCHAQQ
|
||||
AQgABgUCTGH1OQAKCRB3MfzMY+Tid/cSD/0XD2h3/YcPxSfN1Wc+CRkbtw/14V3lgDOa83Q1
|
||||
Gr6GySQZMeZ9NeBIeC03fvlfmQl4EwFebqGR7jsuRRVZ03P9I9fKoPXJhlx/hpbavP8mkAAd
|
||||
Ye/ziA5xjzIi6j7GIpID9ULMvAW9nwPtL6p0ritjvkfx7EOJ1D30ID5Gn0BzyhgPUKiqLsR9
|
||||
zdP11Z4u85ja1cgkVXMl6IEMflMJ/qUonGX51sEGvAC9OfbshoASv9g1cohRJe0MAVG0arWj
|
||||
KkxekFXTaChVOSuzfavExtlW2eCHy2IH4LVRT2VlOiPA+dyRZuhjBMaRr9raeYnNtB+7SLWu
|
||||
XeRgMcAiwWdvKSJRIS1H1sVAlP02APy67wBeHEcMrURx0NzAZaw/7XeyPAt7+S00LJNp6qNQ
|
||||
fnecBTF5LZkfKGIentqjKKN0Ns20lyMuo5TGb2mZSdhlYRixsY/z95STNhsGe3SNzgdSpbG1
|
||||
2eB8j+uaoLj9Gjd4UF0uAhfS/xqDXF3MONZX+IjKbGnVx1MMwg/ECPjtfRu0nzm2o3jpYQgU
|
||||
XlnM/kAjGDcHgWsWyWdKVeMB+bXOwGPl6wDmcAkaj2GoUJP2B2bDnd6QHmtBQSD0jiRmqoXb
|
||||
ARisPDuTJ7VywYSND/zTkYfBpXh9YLikxYS+Vl+NtLuvILXsyOt9FV5pxNOoWKVbj3X03okC
|
||||
HAQQAQgABgUCTGdOLwAKCRCzRk+JaqFZSNlnEADIAMz9GZZwdKchx9VqWzsHKetF7ASrZuv0
|
||||
5DSzfPH9lxJQZskWDRnLLtTzpSkrMDqueu7bgKE5XIoRcPgIfKoBI/iJBZPQaoxN9aRyxrNa
|
||||
HM/F3AF2H0hc3fqUyi5+s58C5/El8Bc8oq1ePKGrOWFAFoNTYIvQJ3CNbXfw3tm56TGVKKws
|
||||
SMiH+9xk2fIBj1m8mSpAwZKo6CMjlVU3Mz3h7DNiEa0yCiESl3USCIBO1dmIRs08DNn+MZyE
|
||||
oeXSXM+eJtw+GpWGwDflnwOlKDlDj42y4K6pH6BubyfXe9ylb5DI19TV1X3wtvsqyhE+nPuT
|
||||
4V6j8Bli1YKm/KhwjkXw7KggkStS+6TMlT6EF9f7JiLbDjAqhCZ0eBvgCm/p0/TNL0lBwrf5
|
||||
90vD8QpXfnxAprdGR8O9ZEyviUqpw4JRnlRiH7TMBHVDiNCJ0eX53oyFd/TuDSTcvfyp3i2J
|
||||
GO38NQfoO0u880bpRbCiBsLcZfEAByaXp2hV/9oPEvBP+95GwbnMAR8PlmL8EDzygDElweDc
|
||||
F11FvcD6pgKQdXPubxeM6vJgcrFEozzW0mLZxXLUlv0n64YUMy/7JVoETPIEFJqAKwsMvaJy
|
||||
OHJH7ycbs2dTeWNT3KDigSM49VE8ERd7XzyncZUbRk3ZkhGgRAE0Fe1prHPDx86PClBV76hm
|
||||
hIkCHAQQAQgABgUCTGy/igAKCRDkT4AW02MPibaTD/442P0Qwf27NHs5RV+n/M2CKeG4sZmB
|
||||
epDU0XjnqjTZJYYcMtKvVJ3EPvB8qh3Y69d+pCy92pE9x+4TXj+59pSYxSaZFacW+3s1884K
|
||||
BQYe4256NjbVnxQEIStYtS4wRL1xjYBoNnPu1hq+vj+zArQ1pCWjCcM9Wzpl2tUPu7Lat7Os
|
||||
qB7HnDvgDB/HUbNgpni6EmfrWN3YlbGthnBXfGvAf3nyPwuM++GKs7a7R/6+it/dnPdke3Tb
|
||||
/aJKAC8YXlUSo4mEqpuBzz4Sk+5wBv+xS0h2GF4z+mnwsMY7ChqlyX1eLqfx+WWdO7V5CuPM
|
||||
sHMp0WxsCw4x8NPhzBzEPFlYSvYlS2z5M/RMie0g5JuXvs/ajDHZItZYJoVbeRAIVZ5q3ru4
|
||||
jR2tuSLQNo8qoqll+u7qA01zeEh3heov+FZXqoe8I1z7XOS6i7ZP745+zdbyRhi2beqEQ6XB
|
||||
7ub3jSSOUPM+x+LKxXC7bbhKLlAat5256wZnTTKRVNEUuoCFPtUR8FwzwRXl9AOl1Ekmqdfq
|
||||
M1F9TKYq3dPATHCxw/vV1QrCaIbqdJBAtf7ZLHH9B0sAZ8kudVPQeB+Ghr4KYaSPyX8Vstx6
|
||||
tl+qTyuVlkWd26OZo1mFUc9kPej7cjiXtf/XOp2mI73piU4bfTAOBHAopiNiKe25M/75bGso
|
||||
bAWSh4kCHAQQAQgABgUCTG8qxQAKCRB8Vqz+lHiX2Nc0EACkkjvmLuJz2Wp9Lq0fvdjBhGCp
|
||||
95dZFpvcBFJfX0rzifUEmbWRp9fiU9P2SJaCy392PL0gEhEi4P7Aos1rRfyXjGhxcy+TYSUA
|
||||
HaP/jQF59XED6t2ElW8+NnZNQ3NE1NnZ2ivcig09GdxvfV/Ivi3dAjYXslsd0um4pVCEEBlc
|
||||
lWw9lWRfm1V9/Zmz+/83CNuc6yVGmch9lckcq/1zxqcBE38WyP/cR6nvvuiC4NY9W6e3LobD
|
||||
eLkagJqFtsThM06Hy2mI3pDsC33nu0Za1tOV1ihJCUTxArZBDqUYWBN7C7hfx6/+IO+as+2Z
|
||||
hi8bav8mjY9j7chXREqnmJq5uTXGyI0LDuTABn+Sfr8861zPeev56GhS3/gBIsvhEik+Hym1
|
||||
1qnvlFhICo6Gq8qtXiJ9KQE+XI/bWZgFuflJdDLWT7V+DUw5+Rdqo3Qay0vHvsto+EMQLCiL
|
||||
8qLdw3eE5/lVOn9vHPccypGq5saMyS2hdS7yF8x+laj9xfIwMyp3CKTJ892K/NOh+dEhAo4J
|
||||
ZNw5tHCviE2KVRxDWNjjBOcrpONkp8o/OPe5bxCXVnV5F9oZqHCfWtXc+MTlI4dkk2dPRB3P
|
||||
JNUnKbSgX4x63th/m6oAB1JJ5DE1iT+fdDre4zBpSI3ILCxegWL4ve+hLHUWS/ubfkJtlO5z
|
||||
4w4wiLmfPokCHAQQAQgABgUCTG/44AAKCRCdC15bHuyPDso6EADTyj6fKEvSzHFo4caqYOVX
|
||||
d5kZir9ss0hzplt/csBDosMdW+wO+wxzt7jXXtfPlA0OGoFqCVEtxUGQG4qYHSbCKPd9PEHS
|
||||
ruWlcqNFAqRBi6k0phM8GeKbE0+B1u0qiyEvuG8IuP+1DlXla3yG4yEUWqprBMjl46OnTd7u
|
||||
ZKS24zOqnS4Hx9fId3s7bW1JwrVmodbx2rdHDyZKXqCpwXFJsVWe3cbh/h2lXYalDKzwbdcm
|
||||
rgDZUJp75YxlxerMiTG9Xc/4e+XOs30DKGy2cHAMitswtjXm7ZKZ8yL5pmbmDeP99XASwByB
|
||||
7Mm6KuvQSA+8ByLmkvu9XBrRq5WUG9Cx3m0Shxy7e74w5/u4LJkqrmr1wdw+gZIvWG3UuTWR
|
||||
kqJw6rEoiv8WTjJSWE5rTFVaN6YH2OuOFsTWNaUH1bc01HpEKivhk3ZiOOg2Bhxbt7i7oYJc
|
||||
Y+UHCbC3PwwktM3wEnANz9UMoIFxn/2OHdIWl09t50iaDErTmtgbfkENDdsXEcLA7qs+8vpr
|
||||
8qY+M7ycCuRat7Vu2dqopwpkhRpKtddoMNYZ5/51vFcSuz9BdCk+y+q06Ri494UPVFJsHTvn
|
||||
gjtEcxsJopZn4pddzk8g2z69BBWRv31c8xiV5X5QTf9zmRUFD06pux6dn1CUI4zoul5kW0ah
|
||||
LwQysmqgG40apYkCHAQQAQgABgUCVZLuEQAKCRDroMbHHAAlb97dEAC8oQamwtIj/SWT2PJS
|
||||
Kl3bdPdQaYI8+9ZL9xXLYyhOl8aduFVMlJ7rqkWSdwg/AGnp8nh/pQiaGsnRweqFoSte3poC
|
||||
QkNmRR3pgsZ1qqWMxqVrE37R51MSGRBEZq50diQ0sG63tzX7GSnsHXyxDjVfR4J0/ohZzyXn
|
||||
UubBB8X/C72E8CaxrFAzyrLY0zqJBMzub+b2zg5Ac0V+GK45Iz4duftmvnWf6d9aOvXsPqe9
|
||||
/BPbix8l8lCWUjfAPh0sSskI48mIi+jK6rm7+JmsF+9zIoVxlnnlFcmDxMGtapUl73BzpCKI
|
||||
tbplOogAKpA9/2pcSvf2JO26cjQm2gN7BHGfApB4qYFHb90fmSt7XUQEwxyCbsQyhS7Tb6bN
|
||||
wI8mTqajGoRZydB8WZVjRgsnnCHa9ecY3Hs1IrTMKM3gl7Kmm1tzbtAK+NMSH0mxPG3dmTbv
|
||||
NIkjOcgGTYo4r9Qt4Q6rV0zfm43dZs7AP6nECRYyMggEoHHBDh1PaPUjoUsJ4Q/b0R8yvNNC
|
||||
8defastUYtUkepBJ90FzlIJeMLf/1t/1cYX0or5wfp7DPAGxTx3+5EtyKC2Vk3JltR5QkLaj
|
||||
blZ2PIq8TTtdDprXJuOtucF33p3SwXRjA59DrxEofOf1B2cAcxvb42QgZ0ToJmfeTz9TfGDS
|
||||
adTRh+oqbbjogv0A8okCHAQQAQoABgUCTF22EQAKCRBdMo0IKqqxQBAND/sHFnas21+PsxN5
|
||||
Uo2Gr6ieI6NqP2347xT3ZAugQFDhobNJkdXexShpW/PAAxN8/JdndFtuF3nNCy6gSt9c+eLx
|
||||
uZ1srzyE9nZeXne59TDI4+ubXhuu/oXIfj0n2j7m53st6+RI5JJ3SuI9kJTOhIYA+7AHBpZp
|
||||
XUu+m8sS+Jhyy3h7tqJw4IrwwOfW9/WEwhp3Yb2zDoEBe2Na5whcjFRtCJkJub4YwL3L/D5G
|
||||
w31dFnTFQV9C8BNmyPfoHiTWRQovejmORLdNOzaHKy9a0c4fF6C92j4s9wR3KM/eaVJxM5bD
|
||||
NvP78usX8LQY5A6C/3+e7kRo1gzDoDhgYii3gDm5hItXXU0V6sTcFWWVSPGwrm+628G3VWmm
|
||||
1b57mxWn6+7Yzw01R/CyqEzovFG+M1BZrJn2JqJ8Y4pM7T0oRpi0/Ee9Dqiw4+v5I8wKCTag
|
||||
713ZLx2IdMQxIsMnmBq/819ZqjKkYpAbgteov/foku+Y8RvymE+afjxcE+aYQpYOyMPNRMRp
|
||||
Dq6CKkVErPNpI758Eav7UqUi5KyfMQ6tMh09F+mKBZvAVE7AGIbrQWhHlTCOYdSRA7uFtgSX
|
||||
TUQlMSsj/2xkorXaPoFqShOr1hiWIG78zduIGT5FxSG06j8h7j2h6W7nCj0rYaOzDNOBM9yt
|
||||
3il8eu9SeAgl2cEosRL/4IkCHAQQAQoABgUCTF5RxAAKCRA5FLUy9N++mdKJD/9Lclk6nEQu
|
||||
xlcgA/0ugEKmWn5JsNnq8ZUl78nZP6fKY0syx9v4bMA+ICQrokfwY4o6dMxcj2Us6JUp/FBV
|
||||
Z5lo2T2iPE+ucxobFslNdpZtzOQGOsOJ0N7qirafFXJ7ACtydbnCUaPfzkPYwwplHFqT+yQH
|
||||
k4RxBysHWw9a9YoBMl9KFjIwZ7Q8v0x4ywySwfRAKEzFp+ESP+hDwhlOqTBKFL1/P54lmbhG
|
||||
JHDCNbwxGLIjiAeCjomyoxpg5YdSZVyWttmsy1rxMV+ndERK5vELfZYqdlhL0quVPzd1L+g0
|
||||
m2iA4QdeGfqrCxex7olq1su60PFrMee2wFzH8YEYY70nCi6/JRTb/Vk0wNqgyNjKY434EzHn
|
||||
liuyhFvsTkQy+ciegx1lQixRxJfVnyz1BkHNDd37qL9lbzPwVqLhhh7jkjW8koPbExQGjVcH
|
||||
St2HCGDcAxyOJK9sG5a2GxPn1K/SzHXWwhVCSQN7sJSkpNmRNgjpJdOTnEtsfRC7keUEG853
|
||||
cKtWtqJw38/ye6RbXXHM9y4oiLkSWLneGH3sQFtbmdtjubLQNXE7rfuUHarwCnVHV5FaeAn9
|
||||
FNBoo9MCAZL1cuxe7CR/awAuH/JAkuZOanj2jFwvqeyfNgsB/LIlHIBTLPwVXDOZ3E7+KUMJ
|
||||
lQ45DOfhGPOSzv3QTL4gP6lcvIkCHAQQAQoABgUCTGWvlAAKCRAyJH+7QK0fpgPsD/9gJRwY
|
||||
37FXgq6tqiUO+q8H1m+VQ4y64cKNA/SMOGxV04h7o5tC3B9D/ZghAyfQ71Li88PIk8n7PAV0
|
||||
Wnbv+V/9kawa7C7Bfq4OJOGzMU0Y0JPd6LnupBtq+jtE9H1TLneCiBu05bjeLSQde438Or9w
|
||||
SV0sLwqKncwqRJY8iIjz9O44X+6+6p4CqdMYmsZV9nGM+cES6uytQ/sB/mh5PutZahslWurz
|
||||
ouec1uqTY4uuGNwOz+MJvYUNPyajcgtpH8JNQ0phlUvV+nAOJuiNXBHw8MbxNzTdLfsdtdpy
|
||||
zRH6NAMN3QHrtEGAQ8XgFnCtu6BEPpgOQIB1pMw9OiRMhkcu9uCNCY5p9NMhL1tEx92DkSyW
|
||||
lmFIF/h1Ohd4yaxnn9jwTVxxhdAxqK0rIORy+sHUSuc5LrtItNe+AnTvQeY7MRgZwJuCCohQ
|
||||
L3OLXULZajB98g6cZQJmNmtdUeqMY/QymIOH8IoY3SCOws4h4QZSSVxNczo2Ag5R5QKSpBA6
|
||||
jjsFo/VHUX0wB/KbJTb1Hl2vtID20kR7MfzACFTI9AEbwvG6CX7oWsnciom7bHEiyHWR4Olp
|
||||
tlpQk2RQ4T3RG8r9kDgJuX6KmDH6uI9CdYTuBxQgIfpEm+tfSki3LVfnOKgkRDqAJciBv+ua
|
||||
qeW7KSjNDpBC4u8pn9tyX8RhpYUP7IkCHAQQAQoABgUCTGwP9AAKCRB4U9pNSYga09OUD/9X
|
||||
xTiFFzcuev5k8MtYx7+T30Z549gFnOx6GdFgCK7GzW7ZjnofKt8e0NIQmzzCf0g1vxdulqeZ
|
||||
7Oh8iFrxpPZyOKJoO2BDKS9VnYEANQf+quUJPTdyhGqdMSDQGbSEqjLF3oNp/+jdIIMjuo3Q
|
||||
nShdK/BJPcluN7AoOFLQ3QH4Q5fEbtwc+bEJL9TfFqAhUhcY3TYnqWtsMRW3tkrgCvcp0Bo7
|
||||
LMSJB6jH4Dx5q60Am4V1Zz7C9wxtZeZP+P0h0YYWCbOmQWhzT2aCRYDrp1o3SsuatHm/bPkv
|
||||
rliBzslW8i5Hh3gv5Atn/P5bhMaXtJiGepkat/MGw1hP8BYaSb/mmy9XbdMlfDijcsAF2+w6
|
||||
w1b782oCGXgz2ISqPLsFYWccS4GOAwSytep22iwsWpIx2JNNndg4GVfgBxx3QIhci7EVN5Pv
|
||||
/586PwxTetIZmQ+FNNHcAzqBzi3oe6J8o7HlMEHjG6Dps/D2clTNHtD0vSk5ECfhSC3W8OAD
|
||||
VSuB8NxZVfI2UfnyCsdjyDLUu06fMR4gNW+zlSHI1FJBSVuU8CCQOtMPJ5fHPq3hEc0DFyLx
|
||||
8fPE02n8It0wm5RrdUkgOjiVK2n251SyAwSM6zATCFOIt6zdZWx6T/HrJw5wzI+wgsZHibVt
|
||||
i0vOA0GsAXzobE5yyhhWTnhqJgW2vKNHjYkCIgQQAQoADAUCTGLdPgWDCWYBgAAKCRDM0u2U
|
||||
0hc56aYKD/4gPLkcER4nlKdsMN5x4MuUjBbv/+Hab1+hSDxEiA0Ya2Lt3J64y03fz7J1RzIB
|
||||
djH2QGhdvuZtEohiad44DUdLNGJ98q7PPll2KPeuuth+bDa3P4h8ynVbCJRSmIkSVCRG90eE
|
||||
AibHWOgTNOmn48Rwq5zMEgwNvmgsX7ZRm7Mwggt24LIK93iBMqH7WqS1CujF+WqQygpk671e
|
||||
GUIWSUc/iBmaHZ/yoElL5cSBSPHm+ePyQsPSN7ooaWfodXXTADpQN4d5Tl1WzwZT8G5cRVLP
|
||||
4CZ4sqbzJ9EKWFMlohcf3ibT4r8H5ij8btgq0TvNcoMvCbO2P94KChQWxQSwJRftJ9/GPPo1
|
||||
7zK7pXGK1QMZNMYhvbYSdcbxG/AsmC4qJb4NVdrrxBiEye41+M+nQiT7g2GbbJ9gBCv8k7lH
|
||||
iw3B+KfNoAkQ2v2CaVMrguQuzxCs8Zpl7iKuFG+d3SGqnn8rRrRPE5AOlSk6bOr22jLyGsns
|
||||
URt6Mvh5QyVrk0G/6YW/5IMIVNuS/i12m6ireKvpPBkUIkNlS938vNqZ4LnsZ/+gBlZqmY8H
|
||||
sZEt6Wfq7efDBw8z1FLRW58xOqCY0vh4tteFJkcY1LgzK5GUddIHfYcO/Y6p/3/Vq1/ao4VJ
|
||||
Jq+HSIsqrdW1nF3EDSbwyy96uAdxuhfZLxSgRugCKyyOk4kCNwQTAQgAIQIbAwIeAQIXgAUC
|
||||
Sgdo4AULCQgHAwUVCgkICwUWAgMBAAAKCRBEl1J4uGErXaQAD/9wcX8JM24NI9mCjnHOGOuV
|
||||
eo/1Z9sefzYvhlbbTWvJsEdt5eaL0FRl+kErHtwNyEqvOTAmt860GrpekjkFYQObCsmDOiEy
|
||||
i+vJBScub9YK6TJSOQJ7f7zyIwzHgvilktujiS+/YDqd1IEyxD3QxQ9PTdjcQX/Z7enfBeei
|
||||
sBFfgRwbH32p5EtdwovrmBYtgyXUqp+lSg9kG3vvdj0bt/Fkq7Es1eEW8Sp9QqaBpo2fuzNS
|
||||
rojYfZu68coreRIV/nhuA7/ehjiVXlvzi3su+0ybJwGZXLXaM7kxXoYm5i8NDxp4p+7laXe2
|
||||
J6HUuIQM5ea4NuPu9BKIpKGxqNXQE+n4tmX3lp6QwXuZShwOXjSFsKxXvipKI4sAkxPfrPFa
|
||||
xzz/EDqUf9lzCBZ5nl6+OLv+GyTz6Meq1NGIX1N7u6XBPtdCujVbKzXd5PbEk0Y00skLFcQ4
|
||||
9FwAwDFw1XIPljQ6WttsQlV6k0yoVJZc6HHovnV1zGDviSyUdegDX9uKBmgGG8ApliPLvZ6r
|
||||
haU4yHykFHBMPfwBNBwrmthTShdPS7xh4bz5xYlay9wm2CzIVB6muK8PIyTrRfouuFivJuYA
|
||||
zoEcPBbubalC3OCocLl2xv+Qb5G7cz2hTDx9JZXUD18IeG2A2mcLeGp1zTc1qz/7h9qa0TLe
|
||||
fWpC75exhIgXVrkCDQRKB2tdARAAqsQbw2Qd1WfbJr9U1KRdwTKm2OsDODftgNv0zmfaiYCN
|
||||
iOKEsrsJdtonmaisMi+Z+5/wrf3Q0bV54qmwOMTlCVvqnpxwbVik8VVGWgUcLJYYK5Lkn0dz
|
||||
rtZs6AaT/sbFewir8q6m3ADbq9hTXxt9uUfe5Z/D4sdbhgbWtQa/DeJwWZr6VeyCHcY8BhR0
|
||||
FXYmYDZ0c1rmbZZBt+vIF4UNTNU4x6me9va6QPW0nWTEjae9ExGSPwm1B4hQd63Nop6E2Vqu
|
||||
ahdJqKVRYYmD/IqVXOxAhFRA/w9vqF95aV2BB/ZrF0FTA8iCEbFy3oNrZfq8KlJRCtcUH2qf
|
||||
igMndOt8P65omM1DQhlvterVgm2PCb1GmwLEbMi+HtLntziFozYGLTlAMcUJt7Pyu/iinzx6
|
||||
Sc4U108dmNTJLxqSZtvJFaRyHml9x7oP2gWjpuyVgo1KuEXKq2Z96S+sxE/YtPyB/cBpazZ+
|
||||
+o/i7PLhxKa1RTIA8NgkDelWeNalvYzjNkB+tXeH0UnxtBTC+PW8dyUP8OmmM/2V1Dzcj9Tm
|
||||
Ky/G04TFQyL1NjvFjzXyIUO5WpdEbSs04h5J3KM6YZJlicqB2aKAUslOi9wUIpKRK+UZBTSj
|
||||
886jynsu+HA1Ob6tcTSlwtj95RV7nBTiTM6MpPuxTmZ2DR/vLE6c7yE+XgrOx9EAEQEAAYkC
|
||||
HwQYAQgACQUCSgdrXQIbDAAKCRBEl1J4uGErXVFeD/9Q2vtN0FeOiveLwN4KAFbMLZP97bT/
|
||||
sRJkQQUZoawfbINwzGDuFrZSsWipoBLam6BnMH6OfHkUOrCToZROHYagW/nv/WTjBTX8lJt8
|
||||
SFhHh4ONPBaxF90z/YrpWlNcs/z/rqu+sm1KgCA9mkheENGOj3t97udZNfA1N4NZu67Lo6HZ
|
||||
yUUCK+eJtX6BS2HgMGokHuGha/LokTor1lkl52Y3CVfds9YDrJmlSQVhxI/S6/IajLwKFyHd
|
||||
pMiK/o8q3mYuZ7JKCBOooNnRpa4myUrBetf1p6xZqbhEAALMFJc7/8NXxesqvG7RQJ7VWyYO
|
||||
5BhgzPutqTUOVZskc3r4cvaB7CT1CsKPdW+af/I8q/C7dhTWWthirPN4DCdcTIlK9ECpba+m
|
||||
S7MQG/3ta7+/3lT3yyMKlhLkAaUlUNa/VbzUHOlVA1txJk6jcuEzWIzebEtoT/aYJZwNE+jL
|
||||
CFOC75HTGlxp7/8ngHCXn1rcBS9TQJ7CGX31HhbmNak0LtzhAS4B+fWQLrFfShTREcYD+31z
|
||||
yLns4jIKY8dehPner0Y8RX31/0eQOknRwRSl6uceu/6liJT23KHYzT3FPGHuK2QH6AHnORGS
|
||||
g6FmBsbXSzosQOKWE3sO0dzjPIE6DRKwZIJmqQKvHqeAvPsC0U7JBWlKl0eMoIuDjp9qFDKz
|
||||
BWcdiQ==
|
||||
=iUyJ
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
Binary file not shown.
|
@ -1,17 +1,23 @@
|
|||
galaxy_info:
|
||||
author: Evolix
|
||||
company: Evolix
|
||||
description: Add repositories to APT sources list.
|
||||
|
||||
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
|
||||
|
||||
license: GPLv2
|
||||
|
||||
min_ansible_version: 2.2
|
||||
min_ansible_version: "2.2"
|
||||
|
||||
platforms:
|
||||
- name: Debian
|
||||
versions:
|
||||
- jessie
|
||||
- name: Debian
|
||||
versions:
|
||||
- jessie
|
||||
- stretch
|
||||
- buster
|
||||
|
||||
galaxy_tags: []
|
||||
# Be sure to remove the '[]' above if you add dependencies
|
||||
# to this list.
|
||||
|
||||
dependencies: []
|
||||
# List your role dependencies here, one per line.
|
||||
|
|
|
@ -14,13 +14,14 @@
|
|||
file:
|
||||
path: '{{ item }}'
|
||||
state: absent
|
||||
with_items:
|
||||
loop:
|
||||
- /etc/apt/sources.list.d/debian-security.list
|
||||
- /etc/apt/sources.list.d/debian-jessie.list
|
||||
- /etc/apt/sources.list.d/debian-stretch.list
|
||||
- /etc/apt/sources.list.d/debian-buster.list
|
||||
- /etc/apt/sources.list.d/debian-bullseye.list
|
||||
- /etc/apt/sources.list.d/debian-update.list
|
||||
when: apt_clean_gandi_sourceslist
|
||||
when: apt_clean_gandi_sourceslist | bool
|
||||
tags:
|
||||
- apt
|
||||
|
||||
|
|
|
@ -8,11 +8,11 @@
|
|||
create: yes
|
||||
state: present
|
||||
mode: "0640"
|
||||
with_items:
|
||||
loop:
|
||||
- { line: "APT::Install-Recommends \"false\";", regexp: 'APT::Install-Recommends' }
|
||||
- { line: "APT::Install-Suggests \"false\";", regexp: 'APT::Install-Suggests' }
|
||||
- { line: "APT::Periodic::Enable \"0\";", regexp: 'APT::Periodic::Enable' }
|
||||
when: apt_evolinux_config
|
||||
when: apt_evolinux_config | bool
|
||||
tags:
|
||||
- apt
|
||||
|
||||
|
@ -23,12 +23,12 @@
|
|||
create: yes
|
||||
state: present
|
||||
mode: "0640"
|
||||
with_items:
|
||||
loop:
|
||||
- "DPkg::Pre-Invoke { \"df /tmp | grep -q /tmp && mount -oremount,exec /tmp || true\"; };"
|
||||
- "DPkg::Pre-Invoke { \"df /usr | grep -q /usr && mount -oremount,rw /usr || true\"; };"
|
||||
- "DPkg::Post-Invoke { \"df /tmp | grep -q /tmp && mount -oremount /tmp || true\"; };"
|
||||
- "DPkg::Post-Invoke { \"df /usr | grep -q /usr && mount -oremount /usr || true\"; };"
|
||||
when: apt_hooks
|
||||
when: apt_hooks | bool
|
||||
tags:
|
||||
- apt
|
||||
|
||||
|
@ -36,20 +36,6 @@
|
|||
apt:
|
||||
name: aptitude
|
||||
state: absent
|
||||
when: apt_remove_aptitude
|
||||
tags:
|
||||
- apt
|
||||
|
||||
- name: Updating APT cache
|
||||
apt:
|
||||
update_cache: yes
|
||||
changed_when: False
|
||||
tags:
|
||||
- apt
|
||||
|
||||
- name: Upgrading system
|
||||
apt:
|
||||
upgrade: dist
|
||||
when: apt_upgrade
|
||||
when: apt_remove_aptitude | bool
|
||||
tags:
|
||||
- apt
|
||||
|
|
|
@ -1,17 +1,29 @@
|
|||
---
|
||||
|
||||
# - name: Fail if distribution is not supported
|
||||
# fail:
|
||||
# msg: "Error: Evolix public repository is not compatble with 'Debian Stretch' yet."
|
||||
# when: ansible_distribution_release == "stretch"
|
||||
# tags:
|
||||
# - apt
|
||||
- name: Look for legacy apt keyring
|
||||
stat:
|
||||
path: /etc/apt/trusted.gpg
|
||||
register: _trusted_gpg_keyring
|
||||
tags:
|
||||
- apt
|
||||
|
||||
- name: Evolix embedded GPG key is absent
|
||||
apt_key:
|
||||
id: "B8612B5D"
|
||||
keyring: /etc/apt/trusted.gpg
|
||||
state: absent
|
||||
when: _trusted_gpg_keyring.stat.exists
|
||||
tags:
|
||||
- apt
|
||||
|
||||
- name: Add Evolix GPG key
|
||||
apt_key:
|
||||
#url: http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x44975278B8612B5D
|
||||
data: "{{ lookup('file', 'reg.gpg') }}"
|
||||
copy:
|
||||
src: reg.asc
|
||||
dest: /etc/apt/trusted.gpg.d/reg.asc
|
||||
force: yes
|
||||
mode: "0644"
|
||||
owner: root
|
||||
group: root
|
||||
tags:
|
||||
- apt
|
||||
|
||||
|
|
|
@ -1,10 +1,15 @@
|
|||
---
|
||||
|
||||
- name: "hold packages (apt)"
|
||||
shell: "(dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) || apt-mark hold {{ item }})"
|
||||
shell: "set -o pipefail && (dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) || apt-mark hold {{ item }})"
|
||||
args:
|
||||
executable: /bin/bash
|
||||
check_mode: no
|
||||
register: apt_mark
|
||||
changed_when: "item + ' set on hold.' in apt_mark.stdout"
|
||||
failed_when: apt_mark.rc != 0 and not apt_mark.stdout == ''
|
||||
failed_when:
|
||||
- apt_mark.rc != 0
|
||||
- apt_mark.stdout | length > 0
|
||||
loop: "{{ apt_hold_packages }}"
|
||||
tags:
|
||||
- apt
|
||||
|
@ -28,7 +33,10 @@
|
|||
- apt
|
||||
|
||||
- name: "unhold packages (apt)"
|
||||
shell: "(dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) && apt-mark unhold {{ item }})"
|
||||
shell: "set -o pipefail && (dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) && apt-mark unhold {{ item }})"
|
||||
args:
|
||||
executable: /bin/bash
|
||||
check_mode: no
|
||||
register: apt_mark
|
||||
changed_when: "'Canceled hold on' + item in apt_mark.stdout"
|
||||
failed_when: apt_mark.rc != 0 and not apt_mark.stdout = ''
|
||||
|
|
|
@ -10,30 +10,44 @@
|
|||
|
||||
- name: Custom configuration
|
||||
include: config.yml
|
||||
when: apt_config
|
||||
when: apt_config | bool
|
||||
tags:
|
||||
- apt
|
||||
|
||||
- name: Install basics repositories
|
||||
include: basics.yml
|
||||
when: apt_install_basics
|
||||
when: apt_install_basics | bool
|
||||
tags:
|
||||
- apt
|
||||
|
||||
- name: Install APT Backports repository
|
||||
include: backports.yml
|
||||
when: apt_install_backports
|
||||
when: apt_install_backports | bool
|
||||
tags:
|
||||
- apt
|
||||
|
||||
- name: Install Evolix Public APT repository
|
||||
include: evolix_public.yml
|
||||
when: apt_install_evolix_public
|
||||
when: apt_install_evolix_public | bool
|
||||
tags:
|
||||
- apt
|
||||
|
||||
- name: Install check for packages marked hold
|
||||
include: hold_packages.yml
|
||||
when: apt_install_hold_packages
|
||||
when: apt_install_hold_packages | bool
|
||||
tags:
|
||||
- apt
|
||||
|
||||
- name: Updating APT cache
|
||||
apt:
|
||||
update_cache: yes
|
||||
changed_when: False
|
||||
tags:
|
||||
- apt
|
||||
|
||||
- name: Upgrading system
|
||||
apt:
|
||||
upgrade: dist
|
||||
when: apt_upgrade | bool
|
||||
tags:
|
||||
- apt
|
3
apt/templates/bullseye_backports.list.j2
Normal file
3
apt/templates/bullseye_backports.list.j2
Normal file
|
@ -0,0 +1,3 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
deb http://mirror.evolix.org/debian bullseye-backports {{ apt_backports_components | mandatory }}
|
5
apt/templates/bullseye_basics.list.j2
Normal file
5
apt/templates/bullseye_basics.list.j2
Normal file
|
@ -0,0 +1,5 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
deb http://mirror.evolix.org/debian bullseye {{ apt_basics_components | mandatory }}
|
||||
deb http://mirror.evolix.org/debian/ bullseye-updates {{ apt_basics_components | mandatory }}
|
||||
deb https://deb.debian.org/debian-security bullseye-security {{ apt_basics_components | mandatory }}
|
|
@ -1,17 +1,23 @@
|
|||
galaxy_info:
|
||||
author: Evolix
|
||||
company: Evolix
|
||||
description: Installation and basic configuration of bind9.
|
||||
|
||||
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
|
||||
|
||||
license: GPLv2
|
||||
|
||||
min_ansible_version: 2.2
|
||||
min_ansible_version: "2.2"
|
||||
|
||||
platforms:
|
||||
- name: Debian
|
||||
versions:
|
||||
- jessie
|
||||
- name: Debian
|
||||
versions:
|
||||
- jessie
|
||||
- stretch
|
||||
- buster
|
||||
|
||||
galaxy_tags: []
|
||||
# Be sure to remove the '[]' above if you add dependencies
|
||||
# to this list.
|
||||
|
||||
dependencies: []
|
||||
# List your role dependencies here, one per line.
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
bind_cache_dir: /var/cache/bind
|
||||
bind_statistics_file: /var/run/named.stats
|
||||
bind_chroot_path: /var/chroot-bind
|
||||
when: bind_chroot_set
|
||||
when: bind_chroot_set | bool
|
||||
|
||||
- name: configure apparmor
|
||||
template:
|
||||
|
@ -34,7 +34,7 @@
|
|||
mode: "0644"
|
||||
force: yes
|
||||
notify: restart bind
|
||||
when: bind_recursive_server
|
||||
when: bind_recursive_server | bool
|
||||
|
||||
- name: enable zones.rfc1918 for recursive server
|
||||
lineinfile:
|
||||
|
@ -42,7 +42,7 @@
|
|||
line: 'include "/etc/bind/zones.rfc1918";'
|
||||
regexp: "zones.rfc1918"
|
||||
notify: restart bind
|
||||
when: bind_recursive_server
|
||||
when: bind_recursive_server | bool
|
||||
|
||||
- name: Set bind configuration for authoritative server
|
||||
template:
|
||||
|
@ -53,7 +53,7 @@
|
|||
mode: "0644"
|
||||
force: yes
|
||||
notify: restart bind
|
||||
when: bind_authoritative_server
|
||||
when: bind_authoritative_server | bool
|
||||
|
||||
- name: Create systemd service
|
||||
template:
|
||||
|
@ -75,7 +75,7 @@
|
|||
group: adm
|
||||
mode: "0640"
|
||||
state: touch
|
||||
when: not bind_chroot_set
|
||||
when: not (bind_chroot_set | bool)
|
||||
|
||||
- name: "touch {{ bind_query_file }} if non chroot"
|
||||
file:
|
||||
|
@ -84,7 +84,7 @@
|
|||
group: adm
|
||||
mode: "0640"
|
||||
state: touch
|
||||
when: not bind_chroot_set
|
||||
when: not (bind_chroot_set | bool)
|
||||
|
||||
- name: send chroot-bind.sh in /root
|
||||
copy:
|
||||
|
@ -94,17 +94,19 @@
|
|||
owner: root
|
||||
force: yes
|
||||
backup: yes
|
||||
when: bind_chroot_set
|
||||
when: bind_chroot_set | bool
|
||||
|
||||
- name: exec chroot-bind.sh
|
||||
command: "/root/chroot-bind.sh"
|
||||
register: chrootbind_run
|
||||
changed_when: False
|
||||
when: bind_chroot_set
|
||||
when: bind_chroot_set | bool
|
||||
|
||||
- debug:
|
||||
var: chrootbind_run.stdout_lines
|
||||
when: bind_chroot_set and chrootbind_run.stdout != ""
|
||||
when:
|
||||
- bind_chroot_set | bool
|
||||
- chrootbind_run.stdout | length > 0
|
||||
|
||||
- name: Modify OPTIONS in /etc/default/bind9 for chroot
|
||||
replace:
|
||||
|
@ -112,7 +114,7 @@
|
|||
regexp: '^OPTIONS=.*'
|
||||
replace: 'OPTIONS="-u bind -t {{ bind_chroot_path }}"'
|
||||
notify: restart bind
|
||||
when: bind_chroot_set
|
||||
when: bind_chroot_set | bool
|
||||
|
||||
- name: logrotate for bind
|
||||
template:
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
src: "/usr/share/munin/plugins/{{ item }}"
|
||||
dest: "/etc/munin/plugins/{{ item }}"
|
||||
state: link
|
||||
with_items:
|
||||
loop:
|
||||
- bind9
|
||||
- bind9_rndc
|
||||
notify: restart munin-node
|
||||
|
@ -30,7 +30,7 @@
|
|||
src: "/usr/share/munin/plugins/{{ item }}"
|
||||
dest: "/etc/munin/plugins/{{ item }}"
|
||||
state: link
|
||||
with_items:
|
||||
loop:
|
||||
- bind9
|
||||
- bind9_rndc
|
||||
notify: restart munin-node
|
||||
|
|
8
bullseye-detect/tasks/main.yml
Normal file
8
bullseye-detect/tasks/main.yml
Normal file
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
|
||||
# Force facts until Debian 11 is released because Ansible is dumb
|
||||
- set_fact:
|
||||
ansible_distribution_major_version: 11
|
||||
ansible_distribution: "Debian"
|
||||
ansible_distribution_release: "bullseye"
|
||||
when: "ansible_lsb.codename == 'bullseye' or ansible_lsb.release == 'testing/unstable'"
|
|
@ -2,3 +2,5 @@
|
|||
|
||||
certbot_work_dir: /var/lib/letsencrypt
|
||||
certbot_custom_crontab: True
|
||||
|
||||
certbot_hooks_sync_remote_servers: []
|
81
certbot/files/hooks/deploy/sync_remote.sh
Normal file
81
certbot/files/hooks/deploy/sync_remote.sh
Normal file
|
@ -0,0 +1,81 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -u
|
||||
|
||||
error() {
|
||||
>&2 echo "${PROGNAME}: $1"
|
||||
exit 1
|
||||
}
|
||||
debug() {
|
||||
if [ "${VERBOSE}" = "1" ] && [ "${QUIET}" != "1" ]; then
|
||||
>&2 echo "${PROGNAME}: $1"
|
||||
fi
|
||||
}
|
||||
found_renewed_lineage() {
|
||||
test -f "${RENEWED_LINEAGE}/fullchain.pem" && test -f "${RENEWED_LINEAGE}/privkey.pem"
|
||||
}
|
||||
cert_content() {
|
||||
openssl x509 -text -in "${RENEWED_LINEAGE}/fullchain.pem"
|
||||
}
|
||||
domain_from_cert() {
|
||||
if cert_content | grep -q "X509v3 Subject Alternative Name:" && cert_content | grep -q "DNS:"; then
|
||||
cert_content | grep "DNS:" | sed -e 's/\s\+//g' -e 's/DNS://g'
|
||||
else
|
||||
cert_content | sed 's/^.*CN\ *=\ *//'
|
||||
fi
|
||||
}
|
||||
main() {
|
||||
if [ -z "${RENEWED_LINEAGE}" ]; then
|
||||
error "Missing RENEWED_LINEAGE environment variable (usually provided by certbot)."
|
||||
fi
|
||||
if [ -z "${servers}" ]; then
|
||||
debug "Empty server list, skip."
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if found_renewed_lineage; then
|
||||
RENEWED_DOMAINS=${RENEWED_DOMAINS:-$(domain_from_cert)}
|
||||
|
||||
remote_lineage=${remote_dir}/renewed_lineage/$(basename "${RENEWED_LINEAGE}")
|
||||
|
||||
for server in ${servers}; do
|
||||
remote_host="root@${server}"
|
||||
# shellcheck disable=SC2029
|
||||
ssh "${remote_host}" "mkdir -p ${remote_lineage}" \
|
||||
|| error "Couldn't create ${remote_dir} directory ${server}"
|
||||
|
||||
rsync --archive --copy-links --delete "${RENEWED_LINEAGE}/" "${remote_host}:${remote_lineage}/" \
|
||||
|| error "Couldn't sync certificate on ${server}"
|
||||
|
||||
rsync --archive --copy-links --delete --exclude "$(basename "$0")" --delete-excluded "${hooks_dir}/" "${remote_host}:${remote_dir}/hooks/" \
|
||||
|| error "Couldn't sync hooks on ${server}"
|
||||
|
||||
# shellcheck disable=SC2029
|
||||
ssh "${remote_host}" "export RENEWED_LINEAGE=\"${remote_lineage}/\" RENEWED_DOMAINS=\"${RENEWED_DOMAINS}\"; find ${remote_dir}/hooks/ -mindepth 1 -maxdepth 1 -type f -executable -exec {} \;" \
|
||||
|| error "Something went wrong on ${server} for deploy hooks"
|
||||
done
|
||||
else
|
||||
error "Couldn't find required files in \`${RENEWED_LINEAGE}'"
|
||||
fi
|
||||
}
|
||||
|
||||
PROGNAME=$(basename "$0")
|
||||
VERBOSE=${VERBOSE:-"0"}
|
||||
QUIET=${QUIET:-"0"}
|
||||
|
||||
hooks_dir="/etc/letsencrypt/renewal-hooks/deploy"
|
||||
# The config file lust have the same name as the script, with a different extension (.cf instead of .sh)
|
||||
config_file="${0%.*}.cf"
|
||||
remote_dir="/root/cert_sync"
|
||||
|
||||
if [ -f "${config_file}" ]; then
|
||||
. "${config_file}"
|
||||
fi
|
||||
servers=${servers:-""}
|
||||
|
||||
if [ -z "${servers}" ]; then
|
||||
echo "${PROGNAME}: No server provided. Skip." >&2
|
||||
exit 0
|
||||
fi
|
||||
|
||||
main
|
40
certbot/files/hooks/manual-deploy.sh
Executable file
40
certbot/files/hooks/manual-deploy.sh
Executable file
|
@ -0,0 +1,40 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -u
|
||||
|
||||
error() {
|
||||
>&2 echo "${PROGNAME}: $1"
|
||||
exit 1
|
||||
}
|
||||
debug() {
|
||||
if [ "${VERBOSE}" = "1" ] && [ "${QUIET}" != "1" ]; then
|
||||
>&2 echo "${PROGNAME}: $1"
|
||||
fi
|
||||
}
|
||||
found_renewed_lineage() {
|
||||
test -f "${RENEWED_LINEAGE}/fullchain.pem" && test -f "${RENEWED_LINEAGE}/privkey.pem"
|
||||
}
|
||||
main() {
|
||||
if [ -z "${RENEWED_LINEAGE:-}" ]; then
|
||||
error "Missing RENEWED_LINEAGE environment variable (usually provided by certbot)."
|
||||
fi
|
||||
if [ "${VERBOSE}" = "1" ]; then
|
||||
xargs_verbose="--verbose"
|
||||
else
|
||||
xargs_verbose=""
|
||||
fi
|
||||
if found_renewed_lineage; then
|
||||
find "${hooks_dir}" -mindepth 1 -maxdepth 1 -type f -executable -print0 | sort --zero-terminated --dictionary-order | xargs ${xargs_verbose} --no-run-if-empty --null --max-args=1 sh -c
|
||||
else
|
||||
error "Couldn't find required files in \`${RENEWED_LINEAGE}'"
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
PROGNAME=$(basename "$0")
|
||||
VERBOSE=${VERBOSE:-"0"}
|
||||
QUIET=${QUIET:-"0"}
|
||||
|
||||
hooks_dir="/etc/letsencrypt/renewal-hooks/deploy"
|
||||
|
||||
main
|
|
@ -1,62 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -u
|
||||
|
||||
error() {
|
||||
>&2 echo "${PROGNAME}: $1"
|
||||
exit 1
|
||||
}
|
||||
debug() {
|
||||
if [ "${VERBOSE}" = "1" ] && [ "${QUIET}" != "1" ]; then
|
||||
>&2 echo "${PROGNAME}: $1"
|
||||
fi
|
||||
}
|
||||
found_renewed_lineage() {
|
||||
test -f "${RENEWED_LINEAGE}/fullchain.pem" && test -f "${RENEWED_LINEAGE}/privkey.pem"
|
||||
}
|
||||
domain_from_cert() {
|
||||
openssl x509 -noout -subject -in "${RENEWED_LINEAGE}/fullchain.pem" | sed 's/^.*CN\ *=\ *//'
|
||||
}
|
||||
main() {
|
||||
if [ -z "${RENEWED_LINEAGE}" ]; then
|
||||
error "Missing RENEWED_LINEAGE environment variable (usually provided by certbot)."
|
||||
fi
|
||||
if [ -z "${servers}" ]; then
|
||||
debug "Empty server list, skip."
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if found_renewed_lineage; then
|
||||
RENEWED_DOMAINS=${RENEWED_DOMAINS:-$(domain_from_cert)}
|
||||
|
||||
remore_lineage=${remote_dir}/renewed_lineage/$(basename ${RENEWED_LINEAGE})
|
||||
|
||||
for server in ${servers}; do
|
||||
remote_host="root@${server}"
|
||||
ssh ${remote_host} "mkdir -p ${remote_dir}" \
|
||||
|| error "Couldn't create ${remote_dir} directory ${server}"
|
||||
|
||||
rsync --archive --copy-links --delete ${RENEWED_LINEAGE}/ ${remote_host}:${remore_lineage}/ \
|
||||
|| error "Couldn't sync certificate on ${server}"
|
||||
|
||||
rsync --archive --copy-links --delete --exclude $0 --delete-excluded ${hooks_dir}/ ${remote_host}:${remote_dir}/hooks/ \
|
||||
|| error "Couldn't sync hooks on ${server}"
|
||||
|
||||
ssh ${remote_host} "export RENEWED_LINEAGE=\"${remore_lineage}/\" RENEWED_DOMAINS=${RENEWED_DOMAINS}; find ${remote_dir}/hooks/ -mindepth 1 -maxdepth 1 -type f -executable -exec {} \;" \
|
||||
|| error "Something went wrong on ${server} for deploy hooks"
|
||||
done
|
||||
else
|
||||
error "Couldn't find required files in \`${RENEWED_LINEAGE}'"
|
||||
fi
|
||||
}
|
||||
|
||||
readonly PROGNAME=$(basename "$0")
|
||||
readonly VERBOSE=${VERBOSE:-"0"}
|
||||
readonly QUIET=${QUIET:-"0"}
|
||||
|
||||
readonly hooks_dir="/etc/letsencrypt/renewal-hooks/deploy"
|
||||
readonly remote_dir="/root/cert_sync"
|
||||
|
||||
readonly servers=""
|
||||
|
||||
main
|
|
@ -31,7 +31,7 @@ if [ -z "$VENV_PATH" ]; then
|
|||
fi
|
||||
VENV_BIN="$VENV_PATH/bin"
|
||||
BOOTSTRAP_VERSION_PATH="$VENV_PATH/certbot-auto-bootstrap-version.txt"
|
||||
LE_AUTO_VERSION="1.9.0"
|
||||
LE_AUTO_VERSION="1.14.0"
|
||||
BASENAME=$(basename $0)
|
||||
USAGE="Usage: $BASENAME [OPTIONS]
|
||||
A self-updating wrapper script for the Certbot ACME client. When run, updates
|
||||
|
@ -799,15 +799,15 @@ BootstrapMageiaCommon() {
|
|||
# that function. If Bootstrap is set to a function that doesn't install any
|
||||
# packages BOOTSTRAP_VERSION is not set.
|
||||
if [ -f /etc/debian_version ]; then
|
||||
Bootstrap() {
|
||||
BootstrapMessage "Debian-based OSes"
|
||||
BootstrapDebCommon
|
||||
}
|
||||
BOOTSTRAP_VERSION="BootstrapDebCommon $BOOTSTRAP_DEB_COMMON_VERSION"
|
||||
DEPRECATED_OS=1
|
||||
NO_SELF_UPGRADE=1
|
||||
elif [ -f /etc/mageia-release ]; then
|
||||
# Mageia has both /etc/mageia-release and /etc/redhat-release
|
||||
DEPRECATED_OS=1
|
||||
NO_SELF_UPGRADE=1
|
||||
elif [ -f /etc/redhat-release ]; then
|
||||
DEPRECATED_OS=1
|
||||
NO_SELF_UPGRADE=1
|
||||
# Run DeterminePythonVersion to decide on the basis of available Python versions
|
||||
# whether to use 2.x or 3.x on RedHat-like systems.
|
||||
# Then, revert LE_PYTHON to its previous state.
|
||||
|
@ -840,12 +840,7 @@ elif [ -f /etc/redhat-release ]; then
|
|||
INTERACTIVE_BOOTSTRAP=1
|
||||
fi
|
||||
|
||||
Bootstrap() {
|
||||
BootstrapMessage "Legacy RedHat-based OSes that will use Python3"
|
||||
BootstrapRpmPython3Legacy
|
||||
}
|
||||
USE_PYTHON_3=1
|
||||
BOOTSTRAP_VERSION="BootstrapRpmPython3Legacy $BOOTSTRAP_RPM_PYTHON3_LEGACY_VERSION"
|
||||
|
||||
# Try now to enable SCL rh-python36 for systems already bootstrapped
|
||||
# NB: EnablePython36SCL has been defined along with BootstrapRpmPython3Legacy in certbot-auto
|
||||
|
@ -864,43 +859,38 @@ elif [ -f /etc/redhat-release ]; then
|
|||
fi
|
||||
|
||||
if [ "$RPM_USE_PYTHON_3" = 1 ]; then
|
||||
Bootstrap() {
|
||||
BootstrapMessage "RedHat-based OSes that will use Python3"
|
||||
BootstrapRpmPython3
|
||||
}
|
||||
USE_PYTHON_3=1
|
||||
BOOTSTRAP_VERSION="BootstrapRpmPython3 $BOOTSTRAP_RPM_PYTHON3_VERSION"
|
||||
else
|
||||
Bootstrap() {
|
||||
BootstrapMessage "RedHat-based OSes"
|
||||
BootstrapRpmCommon
|
||||
}
|
||||
BOOTSTRAP_VERSION="BootstrapRpmCommon $BOOTSTRAP_RPM_COMMON_VERSION"
|
||||
fi
|
||||
fi
|
||||
|
||||
LE_PYTHON="$prev_le_python"
|
||||
elif [ -f /etc/os-release ] && `grep -q openSUSE /etc/os-release` ; then
|
||||
DEPRECATED_OS=1
|
||||
NO_SELF_UPGRADE=1
|
||||
elif [ -f /etc/arch-release ]; then
|
||||
DEPRECATED_OS=1
|
||||
NO_SELF_UPGRADE=1
|
||||
elif [ -f /etc/manjaro-release ]; then
|
||||
DEPRECATED_OS=1
|
||||
NO_SELF_UPGRADE=1
|
||||
elif [ -f /etc/gentoo-release ]; then
|
||||
DEPRECATED_OS=1
|
||||
NO_SELF_UPGRADE=1
|
||||
elif uname | grep -iq FreeBSD ; then
|
||||
DEPRECATED_OS=1
|
||||
NO_SELF_UPGRADE=1
|
||||
elif uname | grep -iq Darwin ; then
|
||||
DEPRECATED_OS=1
|
||||
NO_SELF_UPGRADE=1
|
||||
elif [ -f /etc/issue ] && grep -iq "Amazon Linux" /etc/issue ; then
|
||||
Bootstrap() {
|
||||
ExperimentalBootstrap "Amazon Linux" BootstrapRpmCommon
|
||||
}
|
||||
BOOTSTRAP_VERSION="BootstrapRpmCommon $BOOTSTRAP_RPM_COMMON_VERSION"
|
||||
DEPRECATED_OS=1
|
||||
NO_SELF_UPGRADE=1
|
||||
elif [ -f /etc/product ] && grep -q "Joyent Instance" /etc/product ; then
|
||||
DEPRECATED_OS=1
|
||||
NO_SELF_UPGRADE=1
|
||||
else
|
||||
DEPRECATED_OS=1
|
||||
NO_SELF_UPGRADE=1
|
||||
fi
|
||||
|
||||
# We handle this case after determining the normal bootstrap version to allow
|
||||
|
@ -1122,15 +1112,17 @@ if [ "$1" = "--le-auto-phase2" ]; then
|
|||
if [ "$DEPRECATED_OS" = 1 ]; then
|
||||
# Phase 2 damage control mode for deprecated OSes.
|
||||
# In this situation, we bypass any bootstrap or certbot venv setup.
|
||||
error "Your system is not supported by certbot-auto anymore."
|
||||
# error "Your system is not supported by certbot-auto anymore."
|
||||
|
||||
if [ ! -d "$VENV_PATH" ] && OldVenvExists; then
|
||||
VENV_BIN="$OLD_VENV_PATH/bin"
|
||||
fi
|
||||
|
||||
if [ -f "$VENV_BIN/letsencrypt" -a "$INSTALL_ONLY" != 1 ]; then
|
||||
error "Certbot will no longer receive updates."
|
||||
error "Please visit https://certbot.eff.org/ to check for other alternatives."
|
||||
# error "certbot-auto and its Certbot installation will no longer receive updates."
|
||||
# error "You will not receive any bug fixes including those fixing server compatibility"
|
||||
# error "or security problems."
|
||||
# error "Please visit https://certbot.eff.org/ to check for other alternatives."
|
||||
"$VENV_BIN/letsencrypt" "$@"
|
||||
exit 0
|
||||
else
|
||||
|
@ -1497,18 +1489,18 @@ letsencrypt==0.7.0 \
|
|||
--hash=sha256:105a5fb107e45bcd0722eb89696986dcf5f08a86a321d6aef25a0c7c63375ade \
|
||||
--hash=sha256:c36e532c486a7e92155ee09da54b436a3c420813ec1c590b98f635d924720de9
|
||||
|
||||
certbot==1.9.0 \
|
||||
--hash=sha256:d5a804d32e471050921f7b39ed9859e2e9de02824176ed78f57266222036b53a \
|
||||
--hash=sha256:2ff9bf7d9af381c7efee22dec2dd6938d9d8fddcc9e11682b86e734164a30b57
|
||||
acme==1.9.0 \
|
||||
--hash=sha256:d8061b396a22b21782c9b23ff9a945b23e50fca2573909a42f845e11d5658ac5 \
|
||||
--hash=sha256:38a1630c98e144136c62eec4d2c545a1bdb1a3cd4eca82214be6b83a1f5a161f
|
||||
certbot-apache==1.9.0 \
|
||||
--hash=sha256:09528a820d57e54984d490100644cd8a6603db97bf5776f86e95795ecfacf23d \
|
||||
--hash=sha256:f47fb3f4a9bd927f4812121a0beefe56b163475a28f4db34c64dc838688d9e9e
|
||||
certbot-nginx==1.9.0 \
|
||||
--hash=sha256:bb2e3f7fe17f071f350a3efa48571b8ef40a8e4b6db9c6da72539206a20b70be \
|
||||
--hash=sha256:ab26a4f49d53b0e8bf0f903e58e2a840cda233fe1cbbc54c36ff17f973e57d65
|
||||
certbot==1.14.0 \
|
||||
--hash=sha256:67b4d26ceaea6c7f8325d0d45169e7a165a2cabc7122c84bc971ba068ca19cca \
|
||||
--hash=sha256:959ea90c6bb8dca38eab9772722cb940972ef6afcd5f15deef08b3c3636841eb
|
||||
acme==1.14.0 \
|
||||
--hash=sha256:4f48c41261202f1a389ec2986b2580b58f53e0d5a1ae2463b34318d78b87fc66 \
|
||||
--hash=sha256:61daccfb0343628cbbca551a7fc4c82482113952c21db3fe0c585b7c98fa1c35
|
||||
certbot-apache==1.14.0 \
|
||||
--hash=sha256:b757038db23db707c44630fecb46e99172bd791f0db5a8e623c0842613c4d3d9 \
|
||||
--hash=sha256:887fe4a21af2de1e5c2c9428bacba6eb7c1219257bc70f1a1d8447c8a321adb0
|
||||
certbot-nginx==1.14.0 \
|
||||
--hash=sha256:8916a815437988d6c192df9f035bb7a176eab20eee0956677b335d0698d243fb \
|
||||
--hash=sha256:cc2a8a0de56d9bb6b2efbda6c80c647dad8db2bb90675cac03ade94bd5fc8597
|
||||
|
||||
UNLIKELY_EOF
|
||||
# -------------------------------------------------------------------------
|
||||
|
|
|
@ -8,6 +8,7 @@
|
|||
- include_role:
|
||||
name: evolix/remount-usr
|
||||
|
||||
# copied and customized from https://raw.githubusercontent.com/certbot/certbot/v1.14.0/letsencrypt-auto
|
||||
- name: Let's Encrypt script is present
|
||||
copy:
|
||||
src: letsencrypt-auto
|
||||
|
@ -48,12 +49,12 @@
|
|||
src: cron_jessie
|
||||
dest: /etc/cron.d/certbot
|
||||
force: yes
|
||||
when: certbot_custom_crontab
|
||||
when: certbot_custom_crontab | bool
|
||||
|
||||
- name: disable self-upgrade
|
||||
ini_file:
|
||||
dest: "/etc/letsencrypt/cli.ini"
|
||||
section: null
|
||||
option: "no-self-upgrade"
|
||||
value: 0
|
||||
value: "no"
|
||||
state: present
|
||||
|
|
|
@ -7,33 +7,50 @@
|
|||
- ansible_distribution_major_version is version('8', '>=')
|
||||
msg: only compatible with Debian 9+
|
||||
|
||||
- name: Install legacy script on Debian 8 and 9
|
||||
- name: Install legacy script on Debian 8
|
||||
include: install-legacy.yml
|
||||
when:
|
||||
- ansible_distribution == "Debian"
|
||||
- ansible_distribution_major_version is version('10', '<')
|
||||
- ansible_distribution_major_version is version('9', '<')
|
||||
|
||||
- name: Install package on Debian 10+
|
||||
- name: Install package on Debian 9+
|
||||
include: install-package.yml
|
||||
when:
|
||||
- ansible_distribution == "Debian"
|
||||
- ansible_distribution_major_version is version('10', '>=')
|
||||
- ansible_distribution_major_version is version('9', '>=')
|
||||
|
||||
- include: acme-challenge.yml
|
||||
|
||||
- name: Deploy hooks are present
|
||||
copy:
|
||||
src: hooks/
|
||||
src: hooks/deploy/
|
||||
dest: /etc/letsencrypt/renewal-hooks/deploy/
|
||||
mode: "0700"
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
- name: Move commit-etc.sh to z-commit-etc.sh if present
|
||||
- name: Manual deploy hook is present
|
||||
copy:
|
||||
src: hooks/manual-deploy.sh
|
||||
dest: /etc/letsencrypt/renewal-hooks/manual-deploy.sh
|
||||
mode: "0700"
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
- name: "sync_remote is configured with servers"
|
||||
lineinfile:
|
||||
dest: /etc/letsencrypt/renewal-hooks/deploy/sync_remote.cf
|
||||
regexp: "^servers="
|
||||
line: "servers=\"{{ certbot_hooks_sync_remote_servers | join(' ') }}\""
|
||||
create: yes
|
||||
|
||||
# begining of backward compatibility tasks
|
||||
- name: Move deploy/commit-etc.sh to deploy/z-commit-etc.sh if present
|
||||
command: "mv /etc/letsencrypt/renewal-hooks/deploy/commit-etc.sh /etc/letsencrypt/renewal-hooks/deploy/z-commit-etc.sh"
|
||||
args:
|
||||
removes: /etc/letsencrypt/renewal-hooks/deploy/commit-etc.sh
|
||||
creates: /etc/letsencrypt/renewal-hooks/deploy/z-commit-etc.sh
|
||||
# end of backward compatibility tasks
|
||||
|
||||
- name: "certbot lock is ignored by Git"
|
||||
lineinfile:
|
||||
|
|
|
@ -5,49 +5,49 @@
|
|||
question: "{{ item.key }}"
|
||||
value: "{{ item.value }}"
|
||||
vtype: "{{ item.type }}"
|
||||
with_items:
|
||||
- { key: 'clamav-daemon/debconf', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-daemon/MaxHTMLNormalize', type: 'string', value: '10M' }
|
||||
- { key: 'clamav-daemon/StatsPEDisabled', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-daemon/FollowDirectorySymlinks', type: 'boolean', value: 'false' }
|
||||
- { key: 'clamav-daemon/StreamMaxLength', type: 'string', value: '25' }
|
||||
- { key: 'clamav-daemon/ReadTimeout', type: 'string', value: '180' }
|
||||
- { key: 'clamav-daemon/StatsEnabled', type: 'boolean', value: 'false' }
|
||||
- { key: 'clamav-daemon/MaxConnectionQueueLength', type: 'string', value: '15' }
|
||||
- { key: 'clamav-daemon/LogRotate', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-daemon/AllowAllMatchScan', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-daemon/ScanOnAccess', type: 'boolean', value: 'false' }
|
||||
- { key: 'clamav-daemon/LogFile', type: 'string', value: '/var/log/clamav/clamav.log' }
|
||||
- { key: 'clamav-daemon/ScanMail', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-daemon/BytecodeTimeout', type: 'string', value: '60000' }
|
||||
- { key: 'clamav-daemon/LogTime', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-daemon/OnAccessMaxFileSize', type: 'string', value: '5M' }
|
||||
- { key: 'clamav-daemon/TcpOrLocal', type: 'select', value: 'UNIX' }
|
||||
- { key: 'clamav-daemon/MaxEmbeddedPE', type: 'string', value: '10M' }
|
||||
- { key: 'clamav-daemon/FixStaleSocket', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-daemon/User', type: 'string', value: 'clamav' }
|
||||
- { key: 'clamav-daemon/BytecodeSecurity', type: 'select', value: 'TrustSigned' }
|
||||
- { key: 'clamav-daemon/ScanSWF', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-daemon/MaxDirectoryRecursion', type: 'string', value: '0' }
|
||||
- { key: 'clamav-daemon/MaxThreads', type: 'string', value: '12' }
|
||||
- { key: 'clamav-daemon/LocalSocketGroup', type: 'string', value: 'clamav' }
|
||||
- { key: 'clamav-daemon/MaxScriptNormalize', type: 'string', value: '5M' }
|
||||
- { key: 'clamav-daemon/ForceToDisk', type: 'boolean', value: 'false' }
|
||||
- { key: 'clamav-daemon/StatsHostID', type: 'string', value: 'auto' }
|
||||
- { key: 'clamav-daemon/FollowFileSymlinks', type: 'boolean', value: 'false' }
|
||||
- { key: 'clamav-daemon/TCPSocket', type: 'string', value: '3310' }
|
||||
- { key: 'clamav-daemon/TCPAddr', type: 'string', value: 'any' }
|
||||
- { key: 'clamav-daemon/DisableCertCheck', type: 'boolean', value: 'false' }
|
||||
- { key: 'clamav-daemon/SelfCheck', type: 'string', value: '3600' }
|
||||
- { key: 'clamav-daemon/LocalSocket', type: 'string', value: '/var/run/clamav/clamd.ctl' }
|
||||
- { key: 'clamav-daemon/LocalSocketMode', type: 'string', value: '666' }
|
||||
- { key: 'clamav-daemon/StatsTimeout', type: 'string', value: '10' }
|
||||
- { key: 'clamav-daemon/MaxZipTypeRcg', type: 'string', value: '1M' }
|
||||
- { key: 'clamav-daemon/MaxHTMLNoTags', type: 'string', value: '2M' }
|
||||
- { key: 'clamav-daemon/LogSyslog', type: 'boolean', value: 'false' }
|
||||
- { key: 'clamav-daemon/AddGroups', type: 'string', value: '' }
|
||||
- { key: 'clamav-daemon/Bytecode', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-daemon/ScanArchive', type: 'boolean', value: 'true' }
|
||||
loop:
|
||||
- { key: 'clamav-daemon/debconf', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-daemon/MaxHTMLNormalize', type: 'string', value: '10M' }
|
||||
- { key: 'clamav-daemon/StatsPEDisabled', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-daemon/FollowDirectorySymlinks', type: 'boolean', value: 'false' }
|
||||
- { key: 'clamav-daemon/StreamMaxLength', type: 'string', value: '25' }
|
||||
- { key: 'clamav-daemon/ReadTimeout', type: 'string', value: '180' }
|
||||
- { key: 'clamav-daemon/StatsEnabled', type: 'boolean', value: 'false' }
|
||||
- { key: 'clamav-daemon/MaxConnectionQueueLength', type: 'string', value: '15' }
|
||||
- { key: 'clamav-daemon/LogRotate', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-daemon/AllowAllMatchScan', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-daemon/ScanOnAccess', type: 'boolean', value: 'false' }
|
||||
- { key: 'clamav-daemon/LogFile', type: 'string', value: '/var/log/clamav/clamav.log' }
|
||||
- { key: 'clamav-daemon/ScanMail', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-daemon/BytecodeTimeout', type: 'string', value: '60000' }
|
||||
- { key: 'clamav-daemon/LogTime', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-daemon/OnAccessMaxFileSize', type: 'string', value: '5M' }
|
||||
- { key: 'clamav-daemon/TcpOrLocal', type: 'select', value: 'UNIX' }
|
||||
- { key: 'clamav-daemon/MaxEmbeddedPE', type: 'string', value: '10M' }
|
||||
- { key: 'clamav-daemon/FixStaleSocket', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-daemon/User', type: 'string', value: 'clamav' }
|
||||
- { key: 'clamav-daemon/BytecodeSecurity', type: 'select', value: 'TrustSigned' }
|
||||
- { key: 'clamav-daemon/ScanSWF', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-daemon/MaxDirectoryRecursion', type: 'string', value: '0' }
|
||||
- { key: 'clamav-daemon/MaxThreads', type: 'string', value: '12' }
|
||||
- { key: 'clamav-daemon/LocalSocketGroup', type: 'string', value: 'clamav' }
|
||||
- { key: 'clamav-daemon/MaxScriptNormalize', type: 'string', value: '5M' }
|
||||
- { key: 'clamav-daemon/ForceToDisk', type: 'boolean', value: 'false' }
|
||||
- { key: 'clamav-daemon/StatsHostID', type: 'string', value: 'auto' }
|
||||
- { key: 'clamav-daemon/FollowFileSymlinks', type: 'boolean', value: 'false' }
|
||||
- { key: 'clamav-daemon/TCPSocket', type: 'string', value: '3310' }
|
||||
- { key: 'clamav-daemon/TCPAddr', type: 'string', value: 'any' }
|
||||
- { key: 'clamav-daemon/DisableCertCheck', type: 'boolean', value: 'false' }
|
||||
- { key: 'clamav-daemon/SelfCheck', type: 'string', value: '3600' }
|
||||
- { key: 'clamav-daemon/LocalSocket', type: 'string', value: '/var/run/clamav/clamd.ctl' }
|
||||
- { key: 'clamav-daemon/LocalSocketMode', type: 'string', value: '666' }
|
||||
- { key: 'clamav-daemon/StatsTimeout', type: 'string', value: '10' }
|
||||
- { key: 'clamav-daemon/MaxZipTypeRcg', type: 'string', value: '1M' }
|
||||
- { key: 'clamav-daemon/MaxHTMLNoTags', type: 'string', value: '2M' }
|
||||
- { key: 'clamav-daemon/LogSyslog', type: 'boolean', value: 'false' }
|
||||
- { key: 'clamav-daemon/AddGroups', type: 'string', value: '' }
|
||||
- { key: 'clamav-daemon/Bytecode', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-daemon/ScanArchive', type: 'boolean', value: 'true' }
|
||||
tags:
|
||||
- clamav
|
||||
|
||||
|
@ -57,18 +57,18 @@
|
|||
question: "{{ item.key }}"
|
||||
value: "{{ item.value }}"
|
||||
vtype: "{{ item.type }}"
|
||||
with_items:
|
||||
- { key: 'clamav-freshclam/autoupdate_freshclam', type: 'select', value: 'daemon' }
|
||||
- { key: 'clamav-freshclam/proxy_user', type: 'string', value: '' }
|
||||
- { key: 'clamav-freshclam/NotifyClamd', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-freshclam/local_mirror', type: 'select', value: 'db.fr.clamav.net' }
|
||||
- { key: 'clamav-freshclam/http_proxy', type: 'string', value: '' }
|
||||
- { key: 'clamav-freshclam/LogRotate', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-freshclam/Bytecode', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-freshclam/update_interval', type: 'string', value: '24' }
|
||||
- { key: 'clamav-freshclam/SafeBrowsing', type: 'boolean', value: 'false' }
|
||||
- { key: 'clamav-freshclam/PrivateMirror', type: 'string', value: '' }
|
||||
- { key: 'clamav-freshclam/internet_interface', type: 'string', value: '' }
|
||||
loop:
|
||||
- { key: 'clamav-freshclam/autoupdate_freshclam', type: 'select', value: 'daemon' }
|
||||
- { key: 'clamav-freshclam/proxy_user', type: 'string', value: '' }
|
||||
- { key: 'clamav-freshclam/NotifyClamd', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-freshclam/local_mirror', type: 'select', value: 'db.fr.clamav.net' }
|
||||
- { key: 'clamav-freshclam/http_proxy', type: 'string', value: '' }
|
||||
- { key: 'clamav-freshclam/LogRotate', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-freshclam/Bytecode', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-freshclam/update_interval', type: 'string', value: '24' }
|
||||
- { key: 'clamav-freshclam/SafeBrowsing', type: 'boolean', value: 'false' }
|
||||
- { key: 'clamav-freshclam/PrivateMirror', type: 'string', value: '' }
|
||||
- { key: 'clamav-freshclam/internet_interface', type: 'string', value: '' }
|
||||
tags:
|
||||
- clamav
|
||||
|
||||
|
|
|
@ -1,17 +1,23 @@
|
|||
galaxy_info:
|
||||
author: Evolix
|
||||
company: Evolix
|
||||
description: Installation and basic configuration of isc-dhcp-server.
|
||||
|
||||
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
|
||||
|
||||
license: GPLv2
|
||||
|
||||
min_ansible_version: 2.2
|
||||
min_ansible_version: "2.2"
|
||||
|
||||
platforms:
|
||||
- name: Debian
|
||||
versions:
|
||||
- jessie
|
||||
- name: Debian
|
||||
versions:
|
||||
- jessie
|
||||
- stretch
|
||||
- buster
|
||||
|
||||
galaxy_tags: []
|
||||
# Be sure to remove the '[]' above if you add dependencies
|
||||
# to this list.
|
||||
|
||||
dependencies: []
|
||||
# List your role dependencies here, one per line.
|
||||
|
|
|
@ -28,17 +28,34 @@
|
|||
when: ansible_distribution_release == 'jessie'
|
||||
|
||||
- name: Add Docker's official GPG key
|
||||
apt_key:
|
||||
#url: https://download.docker.com/linux/debian/gpg
|
||||
data: "{{ lookup('file', 'docker-debian.gpg') }}"
|
||||
copy:
|
||||
src: docker-debian.asc
|
||||
dest: /etc/apt/trusted.gpg.d/docker-debian.asc
|
||||
force: yes
|
||||
mode: "0644"
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
- name: Install docker and python-docker
|
||||
- name: Install Docker
|
||||
apt:
|
||||
name:
|
||||
- docker-ce
|
||||
- python-docker
|
||||
- docker-ce-cli
|
||||
- containerd.io
|
||||
update_cache: yes
|
||||
|
||||
- name: python-docker is installed
|
||||
apt:
|
||||
name: python-docker
|
||||
state: present
|
||||
when: ansible_python_version is version('3', '<')
|
||||
|
||||
- name: python3-docker is installed
|
||||
apt:
|
||||
name: python3-docker
|
||||
state: present
|
||||
when: ansible_python_version is version('3', '>=')
|
||||
|
||||
- name: Copy Docker daemon configuration file
|
||||
template:
|
||||
src: daemon.json.j2
|
||||
|
@ -71,17 +88,17 @@
|
|||
state: directory
|
||||
mode: "0644"
|
||||
owner: root
|
||||
when: docker_tls_enabled
|
||||
when: docker_tls_enabled | bool
|
||||
|
||||
- name: Copy shellpki utility to Docker TLS directory
|
||||
template:
|
||||
src: "{{ item }}.j2"
|
||||
dest: "{{ docker_tls_path }}/{{ item }}"
|
||||
mode: "0744"
|
||||
with_items:
|
||||
loop:
|
||||
- shellpki.sh
|
||||
- openssl.cnf
|
||||
when: docker_tls_enabled
|
||||
when: docker_tls_enabled | bool
|
||||
|
||||
- name: Check if certs are already created
|
||||
stat:
|
||||
|
@ -90,4 +107,6 @@
|
|||
|
||||
- name: Creating a CA, server key
|
||||
command: "{{ docker_tls_path }}/shellpki.sh init"
|
||||
when: docker_tls_enabled and not tls_certs_stat.stat.isdir is defined
|
||||
when:
|
||||
- docker_tls_enabled | bool
|
||||
- not tls_certs_stat.stat.isdir
|
||||
|
|
|
@ -10,6 +10,11 @@
|
|||
tags:
|
||||
- dovecot
|
||||
|
||||
- name: Generate 4096 bits Diffie-Hellman parameters (may take several minutes)
|
||||
openssl_dhparam:
|
||||
path: /etc/ssl/dhparams.pem
|
||||
size: 4096
|
||||
|
||||
- name: disable pam auth
|
||||
replace:
|
||||
dest: /etc/dovecot/conf.d/10-auth.conf
|
||||
|
@ -24,7 +29,7 @@
|
|||
line: "{{ item.key }} = {{ item.value }}"
|
||||
regexp: "^#*{{ item.key }}"
|
||||
state: present
|
||||
with_items:
|
||||
loop:
|
||||
- { key: 'hosts', value: '127.0.0.1' }
|
||||
- { key: 'auth_bind', value: 'yes' }
|
||||
- { key: 'ldap_version', value: 3 }
|
||||
|
@ -64,6 +69,15 @@
|
|||
tags:
|
||||
- dovecot
|
||||
|
||||
- name: deploy file for custom configuration
|
||||
template:
|
||||
src: zzz-evolinux-custom.conf.j2
|
||||
dest: /etc/dovecot/conf.d/zzz-evolinux-custom.conf
|
||||
mode: "0644"
|
||||
notify: reload dovecot
|
||||
tags:
|
||||
- dovecot
|
||||
|
||||
- include: munin.yml
|
||||
tags:
|
||||
- dovecot
|
||||
|
|
|
@ -35,12 +35,27 @@ service login {
|
|||
}
|
||||
mail_max_userip_connections = 42
|
||||
|
||||
# Configuration pour stats dovecot
|
||||
service stats {
|
||||
unix_listener stats-reader {
|
||||
user = vmail
|
||||
group = vmail
|
||||
mode = 0660
|
||||
}
|
||||
|
||||
unix_listener stats-writer {
|
||||
user = vmail
|
||||
group = vmail
|
||||
mode = 0660
|
||||
}
|
||||
}
|
||||
|
||||
# SSL/TLS
|
||||
ssl = yes
|
||||
ssl_prefer_server_ciphers = yes
|
||||
ssl_dh_parameters_length = 2048
|
||||
ssl_dh=</etc/ssl/dhparams.pem
|
||||
ssl_options = no_compression no_ticket
|
||||
ssl_protocols = !TLSv1 !TLSv1.1
|
||||
ssl_min_protocol = TLSv1.2
|
||||
ssl_cipher_list = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
|
||||
ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem
|
||||
ssl_key = </etc/ssl/private/ssl-cert-snakeoil.key
|
||||
|
|
1
dovecot/templates/zzz-evolinux-custom.conf.j2
Normal file
1
dovecot/templates/zzz-evolinux-custom.conf.j2
Normal file
|
@ -0,0 +1 @@
|
|||
## Put your customized configuration here, verify configuration with "doveconf -n" and /var/log/mail.log
|
|
@ -1,17 +1,23 @@
|
|||
galaxy_info:
|
||||
author: Evolix
|
||||
company: Evolix
|
||||
description: Install tools to setup DRBD replication accross servers.
|
||||
|
||||
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
|
||||
|
||||
license: GPLv2
|
||||
|
||||
min_ansible_version: 2.2
|
||||
min_ansible_version: "2.2"
|
||||
|
||||
platforms:
|
||||
- name: Debian
|
||||
versions:
|
||||
- jessie
|
||||
- name: Debian
|
||||
versions:
|
||||
- jessie
|
||||
- stretch
|
||||
- buster
|
||||
|
||||
galaxy_tags: []
|
||||
# Be sure to remove the '[]' above if you add dependencies
|
||||
# to this list.
|
||||
|
||||
dependencies: []
|
||||
# List your role dependencies here, one per line.
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
elastic_stack_version: "6.x"
|
||||
elastic_stack_version: "7.x"
|
||||
|
||||
elasticsearch_cluster_name: Null
|
||||
elasticsearch_cluster_members: Null
|
||||
|
|
BIN
elasticsearch/files/elastic.gpg
Normal file
BIN
elasticsearch/files/elastic.gpg
Normal file
Binary file not shown.
|
@ -1,20 +1,20 @@
|
|||
---
|
||||
galaxy_info:
|
||||
author: Evolix
|
||||
company: Evolix
|
||||
description: Install Elasticsearch
|
||||
|
||||
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
|
||||
|
||||
license: GPLv2
|
||||
|
||||
min_ansible_version: 2.2
|
||||
min_ansible_version: "2.2"
|
||||
|
||||
platforms:
|
||||
- name: Debian
|
||||
versions:
|
||||
- jessie
|
||||
- stretch
|
||||
- buster
|
||||
- name: Debian
|
||||
versions:
|
||||
- jessie
|
||||
- stretch
|
||||
- buster
|
||||
|
||||
galaxy_tags: []
|
||||
# List tags for your role here, one per line. A tag is
|
||||
|
@ -24,6 +24,3 @@ galaxy_info:
|
|||
#
|
||||
# NOTE: A tag is limited to a single word comprised of
|
||||
# alphanumeric characters. Maximum 20 tags per role.
|
||||
|
||||
dependencies:
|
||||
- { role: evolix/java, alternative: 'openjdk' }
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
line: "cluster.name: {{ elasticsearch_cluster_name }}"
|
||||
regexp: "^cluster.name:"
|
||||
insertafter: "^# *cluster.name:"
|
||||
when: elasticsearch_cluster_name|default("", True)
|
||||
when: elasticsearch_cluster_name | default("", True) | length > 0
|
||||
tags:
|
||||
- config
|
||||
|
||||
|
@ -25,7 +25,7 @@
|
|||
line: "network.host: {{ elasticsearch_network_host }}"
|
||||
regexp: "^network.host:"
|
||||
insertafter: "^# *network.host:"
|
||||
when: elasticsearch_network_host|default("", True)
|
||||
when: elasticsearch_network_host | default("", True) | length > 0
|
||||
tags:
|
||||
- config
|
||||
|
||||
|
@ -35,7 +35,7 @@
|
|||
line: "network.publish_host: {{ elasticsearch_network_publish_host }}"
|
||||
regexp: "^network.publish_host:"
|
||||
insertafter: "^network.host:"
|
||||
when: elasticsearch_network_publish_host|default("", True)
|
||||
when: elasticsearch_network_publish_host | default("", True) | length > 0
|
||||
tags:
|
||||
- config
|
||||
|
||||
|
@ -45,25 +45,43 @@
|
|||
line: "http.publish_host: {{ elasticsearch_http_publish_host }}"
|
||||
regexp: "^http.publish_host:"
|
||||
insertafter: "^http.port:"
|
||||
when: elasticsearch_http_publish_host|default("", True)
|
||||
when: elasticsearch_http_publish_host | default("", True) | length > 0
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: Configure discovery seed hosts
|
||||
lineinfile:
|
||||
dest: /etc/elasticsearch/elasticsearch.yml
|
||||
line: "discovery.seed_hosts: {{ elasticsearch_discovery_seed_hosts | to_yaml }}"
|
||||
line: "discovery.seed_hosts: {{ elasticsearch_discovery_seed_hosts | to_yaml(default_flow_style=True) }}"
|
||||
regexp: "^discovery.seed_hosts:"
|
||||
when: elasticsearch_discovery_seed_hosts
|
||||
when: elasticsearch_discovery_seed_hosts | default([], True) | length > 0
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: Configure empty discovery seed hosts
|
||||
lineinfile:
|
||||
dest: /etc/elasticsearch/elasticsearch.yml
|
||||
regexp: "^discovery.seed_hosts:"
|
||||
state: absent
|
||||
when: elasticsearch_discovery_seed_hosts | default([], True) | length <= 0
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: Configure initial master nodes
|
||||
lineinfile:
|
||||
dest: /etc/elasticsearch/elasticsearch.yml
|
||||
line: "cluster.initial_master_nodes: {{ elasticsearch_cluster_initial_master_nodes | to_yaml }}"
|
||||
line: "cluster.initial_master_nodes: {{ elasticsearch_cluster_initial_master_nodes | to_yaml(default_flow_style=True) }}"
|
||||
regexp: "^cluster.initial_master_nodes:"
|
||||
when: elasticsearch_cluster_initial_master_nodes
|
||||
when: elasticsearch_cluster_initial_master_nodes | default([], True) | length > 0
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: Configure empty initial master nodes
|
||||
lineinfile:
|
||||
dest: /etc/elasticsearch/elasticsearch.yml
|
||||
regexp: "^cluster.initial_master_nodes:"
|
||||
state: absent
|
||||
when: elasticsearch_cluster_initial_master_nodes | default([], True) | length <= 0
|
||||
tags:
|
||||
- config
|
||||
|
||||
|
@ -78,17 +96,25 @@
|
|||
|
||||
- name: JVM Heap size (min) is set
|
||||
lineinfile:
|
||||
dest: /etc/elasticsearch/jvm.options
|
||||
dest: /etc/elasticsearch/jvm.options.d/evolinux.options
|
||||
regexp: "^-Xms"
|
||||
line: "-Xms{{ elasticsearch_jvm_xms }}"
|
||||
create: yes
|
||||
owner: root
|
||||
group: elasticsearch
|
||||
mode: 0640
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: JVM Heap size (max) is set
|
||||
lineinfile:
|
||||
dest: /etc/elasticsearch/jvm.options
|
||||
dest: /etc/elasticsearch/jvm.options.d/evolinux.options
|
||||
regexp: "^-Xmx"
|
||||
line: "-Xmx{{ elasticsearch_jvm_xmx }}"
|
||||
create: yes
|
||||
owner: root
|
||||
group: elasticsearch
|
||||
mode: 0640
|
||||
tags:
|
||||
- config
|
||||
|
||||
|
@ -98,7 +124,7 @@
|
|||
line: "discovery.zen.ping.unicast.hosts: {{ elasticsearch_cluster_members }}"
|
||||
regexp: "^discovery.zen.ping.unicast.hosts:"
|
||||
insertafter: "^#discovery.zen.ping.unicast.hosts"
|
||||
when: elasticsearch_cluster_members|default("", True)
|
||||
when: elasticsearch_cluster_members | default("", True) | length > 0
|
||||
tags:
|
||||
- config
|
||||
|
||||
|
@ -108,6 +134,6 @@
|
|||
line: "discovery.zen.minimum_master_nodes: {{ elasticsearch_minimum_master_nodes }}"
|
||||
regexp: "^discovery.zen.minimum_master_nodes:"
|
||||
insertafter: "^#discovery.zen.minimum_master_nodes"
|
||||
when: elasticsearch_minimum_master_nodes|default("", True)
|
||||
when: elasticsearch_minimum_master_nodes | default("", True) | length > 0
|
||||
tags:
|
||||
- config
|
||||
|
|
|
@ -16,8 +16,8 @@
|
|||
tags:
|
||||
- elasticsearch
|
||||
when:
|
||||
- elasticsearch_custom_datadir != ''
|
||||
- elasticsearch_custom_datadir != None
|
||||
- elasticsearch_custom_datadir is not none
|
||||
- elasticsearch_custom_datadir | length > 0
|
||||
|
||||
- name: Datadir is moved to custom path
|
||||
block:
|
||||
|
@ -44,7 +44,7 @@
|
|||
tags:
|
||||
- elasticsearch
|
||||
when:
|
||||
- elasticsearch_custom_datadir != ''
|
||||
- elasticsearch_custom_datadir != None
|
||||
- elasticsearch_custom_datadir is not none
|
||||
- elasticsearch_custom_datadir | length > 0
|
||||
- elasticsearch_custom_datadir != elasticsearch_current_real_datadir_test.stdout
|
||||
- not elasticsearch_custom_datadir_test.stat.exists
|
||||
|
|
|
@ -1,7 +1,10 @@
|
|||
---
|
||||
|
||||
- name: Check if cron is installed
|
||||
shell: "dpkg -l cron 2> /dev/null | grep -q -E '^(i|h)i'"
|
||||
shell: "set -o pipefail && dpkg -l cron 2>/dev/null | grep -q -E '^(i|h)i'"
|
||||
args:
|
||||
executable: /bin/bash
|
||||
check_mode: no
|
||||
failed_when: False
|
||||
changed_when: False
|
||||
register: is_cron_installed
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
- include: additional_scripts.yml
|
||||
|
||||
- include: plugin_head.yml
|
||||
when: elasticsearch_plugin_head
|
||||
when: elasticsearch_plugin_head | bool
|
||||
|
||||
- include: curator.yml
|
||||
when: elasticsearch_curator
|
||||
when: elasticsearch_curator | bool
|
||||
|
|
|
@ -5,17 +5,38 @@
|
|||
name: apt-transport-https
|
||||
state: present
|
||||
tags:
|
||||
- elasticsearch
|
||||
- packages
|
||||
- elasticsearch
|
||||
- packages
|
||||
|
||||
- name: Look for legacy apt keyring
|
||||
stat:
|
||||
path: /etc/apt/trusted.gpg
|
||||
register: _trusted_gpg_keyring
|
||||
tags:
|
||||
- elasticsearch
|
||||
- packages
|
||||
|
||||
- name: Elastic embedded GPG key is absent
|
||||
apt_key:
|
||||
id: "D88E42B4"
|
||||
keyring: /etc/apt/trusted.gpg
|
||||
state: absent
|
||||
when: _trusted_gpg_keyring.stat.exists
|
||||
tags:
|
||||
- elasticsearch
|
||||
- packages
|
||||
|
||||
- name: Elastic GPG key is installed
|
||||
apt_key:
|
||||
# url: https://artifacts.elastic.co/GPG-KEY-elasticsearch
|
||||
data: "{{ lookup('file', 'elasticsearch.key') }}"
|
||||
state: present
|
||||
copy:
|
||||
src: elastic.asc
|
||||
dest: /etc/apt/trusted.gpg.d/elastic.asc
|
||||
force: yes
|
||||
mode: "0644"
|
||||
owner: root
|
||||
group: root
|
||||
tags:
|
||||
- elasticsearch
|
||||
- packages
|
||||
- elasticsearch
|
||||
- packages
|
||||
|
||||
- name: Elastic sources list is available
|
||||
apt_repository:
|
||||
|
@ -24,20 +45,20 @@
|
|||
state: present
|
||||
update_cache: yes
|
||||
tags:
|
||||
- elasticsearch
|
||||
- packages
|
||||
- elasticsearch
|
||||
- packages
|
||||
|
||||
- name: Elasticsearch is installed
|
||||
apt:
|
||||
name: elasticsearch
|
||||
state: present
|
||||
tags:
|
||||
- elasticsearch
|
||||
- packages
|
||||
- elasticsearch
|
||||
- packages
|
||||
|
||||
- name: Elasticsearch service is enabled
|
||||
service:
|
||||
name: elasticsearch
|
||||
enabled: yes
|
||||
tags:
|
||||
- elasticsearch
|
||||
- elasticsearch
|
||||
|
|
|
@ -9,9 +9,14 @@
|
|||
|
||||
- name: Tmpdir is moved to custom path
|
||||
block:
|
||||
- name: "Create {{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
|
||||
- set_fact:
|
||||
_elasticsearch_custom_tmpdir: "{{ elasticsearch_custom_tmpdir | default(elasticsearch_default_tmpdir, True) | mandatory }}"
|
||||
tags:
|
||||
- elasticsearch
|
||||
|
||||
- name: "Create {{ _elasticsearch_custom_tmpdir }}"
|
||||
file:
|
||||
path: "{{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
|
||||
path: "{{ _elasticsearch_custom_tmpdir }}"
|
||||
owner: elasticsearch
|
||||
group: elasticsearch
|
||||
mode: "0755"
|
||||
|
@ -21,10 +26,13 @@
|
|||
|
||||
- name: change JVM tmpdir (< 6.x)
|
||||
lineinfile:
|
||||
dest: /etc/elasticsearch/jvm.options
|
||||
line: "-Djava.io.tmpdir={{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
|
||||
dest: /etc/elasticsearch/jvm.options.d/evolinux.options
|
||||
line: "-Djava.io.tmpdir={{ _elasticsearch_custom_tmpdir }}"
|
||||
regexp: "^-Djava.io.tmpdir="
|
||||
insertafter: "## JVM configuration"
|
||||
create: yes
|
||||
owner: root
|
||||
group: elasticsearch
|
||||
mode: 0640
|
||||
notify:
|
||||
- restart elasticsearch
|
||||
tags:
|
||||
|
@ -34,7 +42,7 @@
|
|||
- name: check if ES_TMPDIR is available (>= 6.x)
|
||||
lineinfile:
|
||||
dest: /etc/default/elasticsearch
|
||||
line: "ES_TMPDIR={{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
|
||||
line: "ES_TMPDIR={{ _elasticsearch_custom_tmpdir }}"
|
||||
regexp: "^ES_TMPDIR="
|
||||
insertafter: "JAVA_HOME"
|
||||
notify:
|
||||
|
@ -43,6 +51,7 @@
|
|||
- elasticsearch
|
||||
when: elastic_stack_version is version('6', '>=')
|
||||
|
||||
# Note : Should not do any changes as -Djava.io.tmpdir=${ES_TMPDIR} is already here in the default config.
|
||||
- name: change JVM tmpdir (>= 6.x)
|
||||
lineinfile:
|
||||
dest: /etc/elasticsearch/jvm.options
|
||||
|
@ -54,4 +63,4 @@
|
|||
tags:
|
||||
- elasticsearch
|
||||
when: elastic_stack_version is version('6', '>=')
|
||||
when: (elasticsearch_custom_tmpdir != '' and elasticsearch_custom_tmpdir != None) or fstab_tmp_noexec.rc == 0
|
||||
when: (elasticsearch_custom_tmpdir is not none and elasticsearch_custom_tmpdir | length > 0) or fstab_tmp_noexec.rc == 0
|
||||
|
|
|
@ -1,4 +1,6 @@
|
|||
---
|
||||
commit_message: Ansible run
|
||||
etc_git_default_commit_message: Ansible run
|
||||
|
||||
etc_git_monitor_status: True
|
||||
etc_git_purge_index_lock_enabled: True
|
||||
etc_git_purge_index_lock_age: 86400
|
||||
|
|
11
etc-git/files/etc-git-optimize
Normal file
11
etc-git/files/etc-git-optimize
Normal file
|
@ -0,0 +1,11 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -u
|
||||
|
||||
repositories="/etc /etc/bind/ /usr/share/scripts"
|
||||
|
||||
for repository in ${repositories}; do
|
||||
if [ -d "${repository}/.git" ]; then
|
||||
git --git-dir="${repository}/.git" gc --quiet
|
||||
fi
|
||||
done
|
11
etc-git/files/etc-git-status
Normal file
11
etc-git/files/etc-git-status
Normal file
|
@ -0,0 +1,11 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -u
|
||||
|
||||
repositories="/etc /etc/bind/ /usr/share/scripts"
|
||||
|
||||
for repository in ${repositories}; do
|
||||
if [ -d "${repository}/.git" ]; then
|
||||
git --git-dir="${repository}/.git" --work-tree="${repository}" status --short
|
||||
fi
|
||||
done
|
265
etc-git/files/evocommit
Normal file
265
etc-git/files/evocommit
Normal file
|
@ -0,0 +1,265 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -u
|
||||
|
||||
VERSION="21.10"
|
||||
|
||||
show_version() {
|
||||
cat <<END
|
||||
evocommit version ${VERSION}
|
||||
|
||||
Copyright 2021 Evolix <info@evolix.fr>,
|
||||
Jérémy Lecour <jlecour@evolix.fr>
|
||||
and others.
|
||||
|
||||
evocommit comes with ABSOLUTELY NO WARRANTY. This is free software,
|
||||
and you are welcome to redistribute it under certain conditions.
|
||||
See the GNU General Public Licence for details.
|
||||
END
|
||||
}
|
||||
|
||||
show_help() {
|
||||
cat <<END
|
||||
evocommit helps properly committing changes in a repository
|
||||
|
||||
END
|
||||
show_usage
|
||||
}
|
||||
show_usage() {
|
||||
cat <<END
|
||||
Usage: evocommit --repository /path/to/repository --message "add new host"
|
||||
|
||||
Options
|
||||
--repository PATH set the path for the repository
|
||||
--message MESSAGE set the commit message
|
||||
-V, --version print version number
|
||||
-v, --verbose increase verbosity
|
||||
-n, --dry-run actions are not executed
|
||||
--help print this message and exit
|
||||
--version print version and exit
|
||||
END
|
||||
}
|
||||
|
||||
syslog() {
|
||||
if [ -x "${LOGGER_BIN}" ]; then
|
||||
${LOGGER_BIN} -t "evocommit" "$1"
|
||||
fi
|
||||
}
|
||||
get_system() {
|
||||
uname -s
|
||||
}
|
||||
is_repository_readonly() {
|
||||
if [ "$(get_system)" = "OpenBSD" ]; then
|
||||
partition=$(stat -f '%Sd' $1)
|
||||
mount | grep "${partition}" | grep -q "read-only"
|
||||
elif command -v findmnt >/dev/null; then
|
||||
mountpoint=$(stat -c '%m' $1)
|
||||
findmnt "${mountpoint}" --noheadings --output OPTIONS -O ro
|
||||
else
|
||||
grep /usr /proc/mounts | grep -E '\bro\b'
|
||||
fi
|
||||
}
|
||||
remount_repository_readwrite() {
|
||||
if [ "$(get_system)" = "OpenBSD" ]; then
|
||||
partition=$(stat -f '%Sd' $1)
|
||||
mount -u -w /dev/${partition} 2>/dev/null
|
||||
else
|
||||
mountpoint=$(stat -c '%m' $1)
|
||||
mount -o remount,rw ${mountpoint}
|
||||
syslog "Re-mount ${mountpoint} as read-write to commit in repository $1"
|
||||
fi
|
||||
}
|
||||
remount_repository_readonly() {
|
||||
if [ "$(get_system)" = "OpenBSD" ]; then
|
||||
partition=$(stat -f '%Sd' $1)
|
||||
mount -u -r /dev/${partition} 2>/dev/null
|
||||
else
|
||||
mountpoint=$(stat -c '%m' $1)
|
||||
mount -o remount,ro ${mountpoint} 2>/dev/null
|
||||
syslog "Re-mount ${mountpoint} as read-only after commit to repository $1"
|
||||
fi
|
||||
}
|
||||
is_dry_run() {
|
||||
test "${DRY_RUN}" = "1"
|
||||
}
|
||||
is_verbose() {
|
||||
test "${VERBOSE}" = "1"
|
||||
}
|
||||
is_ansible() {
|
||||
test "${ANSIBLE}" = "1"
|
||||
}
|
||||
main() {
|
||||
rc=0
|
||||
lock="${GIT_DIR}/index.lock"
|
||||
if [ -f "${lock}" ]; then
|
||||
limit=$(date +"%s" -d "now - 1 hour")
|
||||
updated_at=$(stat -c "%Y" "${lock}")
|
||||
if [ "$updated_at" -lt "$limit" ]; then
|
||||
rm -f "${lock}"
|
||||
fi
|
||||
fi
|
||||
|
||||
git_status=$(${GIT_BIN} status --porcelain)
|
||||
|
||||
if [ -n "${git_status}" ]; then
|
||||
if is_dry_run; then
|
||||
${GIT_BIN} status
|
||||
else
|
||||
readonly_orig=0
|
||||
# remount mount point read-write if currently readonly
|
||||
if is_repository_readonly "${REPOSITORY}"; then
|
||||
readonly_orig=1;
|
||||
remount_repository_readwrite "${REPOSITORY}";
|
||||
fi
|
||||
author=$(logname)
|
||||
email=$(git config --get user.email)
|
||||
email=${email:-"${author}@evolix.net"}
|
||||
|
||||
# commit changes
|
||||
git_add_result=$(${GIT_BIN} add --all)
|
||||
git_add_rc=$?
|
||||
|
||||
if is_ansible; then
|
||||
if [ ${git_add_rc} -ne 0 ]; then
|
||||
printf "FAILED: %s\n%s" "can't add changes in ${REPOSITORY}" "${git_add_result}"
|
||||
rc=1
|
||||
fi
|
||||
fi
|
||||
|
||||
git_commit_result=$(${GIT_BIN} commit --message "${MESSAGE}" --author "${author} <${email}>")
|
||||
git_commit_rc=$?
|
||||
|
||||
if is_ansible; then
|
||||
if [ ${git_commit_rc} -eq 0 ]; then
|
||||
printf "CHANGED: %s\n" "commit done in ${REPOSITORY} with \`${MESSAGE}'"
|
||||
else
|
||||
printf "FAILED: %s\n%s" "can't commit in ${REPOSITORY} \`${MESSAGE}'" "${git_commit_result}"
|
||||
rc=1
|
||||
fi
|
||||
fi
|
||||
|
||||
# remount mount point read-only if it was before
|
||||
if [ ${readonly_orig} -eq 1 ]; then
|
||||
remount_repository_readonly "${REPOSITORY}"
|
||||
fi
|
||||
fi
|
||||
else
|
||||
if is_ansible; then
|
||||
printf "INFO: %s\n" "no commit in ${REPOSITORY}'"
|
||||
fi
|
||||
fi
|
||||
|
||||
unset GIT_DIR
|
||||
unset GIT_WORK_TREE
|
||||
|
||||
exit ${rc}
|
||||
}
|
||||
# Parse options
|
||||
# based on https://gist.github.com/deshion/10d3cb5f88a21671e17a
|
||||
while :; do
|
||||
case ${1:-''} in
|
||||
-h|-\?|--help)
|
||||
show_help
|
||||
exit 0
|
||||
;;
|
||||
-V|--version)
|
||||
show_version
|
||||
exit 0
|
||||
;;
|
||||
--message)
|
||||
# message options, with value speparated by space
|
||||
if [ -n "$2" ]; then
|
||||
MESSAGE=$2
|
||||
shift
|
||||
else
|
||||
printf 'ERROR: "--message" requires a non-empty option argument.\n' >&2
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--message=?*)
|
||||
# message options, with value speparated by =
|
||||
MESSAGE=${1#*=}
|
||||
;;
|
||||
--message=)
|
||||
# message options, without value
|
||||
printf 'ERROR: "--message" requires a non-empty option argument.\n' >&2
|
||||
exit 1
|
||||
;;
|
||||
--repository)
|
||||
# repository options, with value speparated by space
|
||||
if [ -n "$2" ]; then
|
||||
REPOSITORY=$2
|
||||
shift
|
||||
else
|
||||
printf 'ERROR: "--repository" requires a non-empty option argument.\n' >&2
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--repository=?*)
|
||||
# repository options, with value speparated by =
|
||||
REPOSITORY=${1#*=}
|
||||
;;
|
||||
--repository=)
|
||||
# repository options, without value
|
||||
printf 'ERROR: "--repository" requires a non-empty option argument.\n' >&2
|
||||
exit 1
|
||||
;;
|
||||
-n|--dry-run)
|
||||
# disable actual commands
|
||||
DRY_RUN=1
|
||||
;;
|
||||
-v|--verbose)
|
||||
# print verbose information
|
||||
VERBOSE=1
|
||||
;;
|
||||
--ansible)
|
||||
# print information for Ansible
|
||||
ANSIBLE=1
|
||||
;;
|
||||
--)
|
||||
# End of all options.
|
||||
shift
|
||||
break
|
||||
;;
|
||||
-?*|[[:alnum:]]*)
|
||||
# ignore unknown options
|
||||
printf 'WARN: Unknown option (ignored): %s\n' "$1" >&2
|
||||
;;
|
||||
*)
|
||||
# Default case: If no more options then break out of the loop.
|
||||
break
|
||||
;;
|
||||
esac
|
||||
|
||||
shift
|
||||
done
|
||||
|
||||
if [ -z "${MESSAGE}" ]; then
|
||||
echo "Error: missing message parameter" >&2
|
||||
show_usage
|
||||
exit 1
|
||||
fi
|
||||
if [ -z "${REPOSITORY}" ]; then
|
||||
echo "Error: missing repository parameter" >&2
|
||||
show_usage
|
||||
exit 1
|
||||
fi
|
||||
DRY_RUN=${DRY_RUN:-0}
|
||||
VERBOSE=${VERBOSE:-0}
|
||||
ANSIBLE=${ANSIBLE:-0}
|
||||
|
||||
GIT_BIN=$(command -v git)
|
||||
readonly GIT_BIN
|
||||
|
||||
LOGGER_BIN=$(command -v logger)
|
||||
readonly LOGGER_BIN
|
||||
|
||||
export GIT_DIR="${REPOSITORY}/.git"
|
||||
export GIT_WORK_TREE="${REPOSITORY}"
|
||||
|
||||
if [ -d "${GIT_DIR}" ]; then
|
||||
main
|
||||
else
|
||||
echo "There is no Git repository in '${REPOSITORY}'" >&2
|
||||
exit 1
|
||||
fi
|
|
@ -1,3 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
git --git-dir /etc/.git gc --quiet
|
|
@ -1,17 +1,28 @@
|
|||
galaxy_info:
|
||||
author: Evolix
|
||||
company: Evolix
|
||||
description: Put /etc under Git version control.
|
||||
|
||||
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
|
||||
|
||||
license: GPLv2
|
||||
|
||||
min_ansible_version: 2.2
|
||||
min_ansible_version: "2.2"
|
||||
|
||||
platforms:
|
||||
- name: Debian
|
||||
versions:
|
||||
- jessie
|
||||
- name: Debian
|
||||
versions:
|
||||
- jessie
|
||||
- stretch
|
||||
- buster
|
||||
|
||||
galaxy_tags: []
|
||||
# List tags for your role here, one per line. A tag is
|
||||
# a keyword that describes and categorizes the role.
|
||||
# Users find roles by searching for tags. Be sure to
|
||||
# remove the '[]' above if you add tags to this list.
|
||||
#
|
||||
# NOTE: A tag is limited to a single word comprised of
|
||||
# alphanumeric characters. Maximum 20 tags per role.
|
||||
|
||||
dependencies: []
|
||||
# List your role dependencies here, one per line.
|
||||
|
|
|
@ -1,27 +1,52 @@
|
|||
---
|
||||
|
||||
# /etc
|
||||
- name: Is /etc a git repository
|
||||
stat:
|
||||
path: /etc/.git
|
||||
register: _etc_git
|
||||
|
||||
- include: do_commit.yml
|
||||
vars:
|
||||
git_folder: "/etc"
|
||||
when:
|
||||
- _etc_git.stat.exists
|
||||
- _etc_git.stat.isdir
|
||||
- name: "evocommit /etc"
|
||||
command: "/usr/local/bin/evocommit --ansible --repository /etc --message \"{{ commit_message | mandatory }}\""
|
||||
changed_when:
|
||||
- _etc_git_commit.stdout
|
||||
- "'CHANGED:' in _etc_git_commit.stdout"
|
||||
ignore_errors: yes
|
||||
register: _etc_git_commit
|
||||
when:
|
||||
- _etc_git.stat.exists
|
||||
- _etc_git.stat.isdir
|
||||
|
||||
# /etc/bind
|
||||
- name: Is /etc/bind a git repository
|
||||
stat:
|
||||
path: /etc/bind/.git
|
||||
register: _etc_bind_git
|
||||
|
||||
- name: "evocommit /etc/bind"
|
||||
command: "/usr/local/bin/evocommit --ansible --repository /etc/bind --message \"{{ commit_message | mandatory }}\""
|
||||
changed_when:
|
||||
- _etc_bind_git_commit.stdout
|
||||
- "'CHANGED:' in _etc_bind_git_commit.stdout"
|
||||
ignore_errors: yes
|
||||
register: _etc_bind_git_commit
|
||||
when:
|
||||
- _etc_bind_git.stat.exists
|
||||
- _etc_bind_git.stat.isdir
|
||||
|
||||
# /usr/share/scripts
|
||||
- name: Is /usr/share/scripts a git repository
|
||||
stat:
|
||||
path: /usr/share/scripts/.git
|
||||
register: _usr_share_scripts_git
|
||||
|
||||
- include: do_commit.yml
|
||||
vars:
|
||||
git_folder: "/usr/share/scripts"
|
||||
- name: "evocommit /usr/share/scripts"
|
||||
command: "/usr/local/bin/evocommit --ansible --repository /usr/share/scripts --message \"{{ commit_message | mandatory }}\""
|
||||
changed_when:
|
||||
- _usr_share_scripts_git_commit.stdout
|
||||
- "'CHANGED:' in _usr_share_scripts_git_commit.stdout"
|
||||
ignore_errors: yes
|
||||
register: _usr_share_scripts_git_commit
|
||||
when:
|
||||
- _usr_share_scripts_git.stat.exists
|
||||
- _usr_share_scripts_git.stat.isdir
|
||||
- _usr_share_scripts_git.stat.exists
|
||||
- _usr_share_scripts_git.stat.isdir
|
||||
|
|
|
@ -1,64 +0,0 @@
|
|||
---
|
||||
|
||||
- name: "Remount /usr if needed"
|
||||
include_role:
|
||||
name: remount-usr
|
||||
when: git_folder is match('/usr/.*')
|
||||
|
||||
|
||||
- name: "is {{ git_folder }} clean?"
|
||||
command: git status --porcelain
|
||||
args:
|
||||
chdir: "{{ git_folder }}"
|
||||
changed_when: False
|
||||
register: git_status
|
||||
when: not ansible_check_mode
|
||||
ignore_errors: yes
|
||||
tags:
|
||||
- etc-git
|
||||
- commit
|
||||
|
||||
- debug:
|
||||
var: git_status
|
||||
verbosity: 3
|
||||
tags:
|
||||
- etc-git
|
||||
- commit
|
||||
|
||||
- name: fetch current Git user.email
|
||||
git_config:
|
||||
name: user.email
|
||||
repo: "{{ git_folder }}"
|
||||
register: git_config_user_email
|
||||
ignore_errors: yes
|
||||
tags:
|
||||
- etc-git
|
||||
- commit
|
||||
|
||||
- name: "set commit author"
|
||||
set_fact:
|
||||
commit_author: '{% if ansible_env.SUDO_USER is not defined %}root{% else %}{{ ansible_env.SUDO_USER }}{% endif %}'
|
||||
commit_email: '{% if git_config_user_email.config_value is not defined or not git_config_user_email.config_value %}root@localhost{% else %}{{ git_config_user_email.config_value }}{% endif %}' # noqa 204
|
||||
tags:
|
||||
- etc-git
|
||||
- commit
|
||||
|
||||
- name: "{{ git_folder }} modifications are committed"
|
||||
shell: "git add -A . && git commit -m \"{{ commit_message | mandatory }}\" --author \"{{ commit_author | mandatory }} <{{ commit_email | mandatory }}>\""
|
||||
args:
|
||||
chdir: "{{ git_folder }}"
|
||||
register: commit_end_run
|
||||
when:
|
||||
- not ansible_check_mode
|
||||
- git_status.stdout
|
||||
ignore_errors: yes
|
||||
tags:
|
||||
- etc-git
|
||||
- commit
|
||||
|
||||
- debug:
|
||||
var: commit_end_run
|
||||
verbosity: 4
|
||||
tags:
|
||||
- etc-git
|
||||
- commit
|
|
@ -7,6 +7,18 @@
|
|||
tags:
|
||||
- etc-git
|
||||
|
||||
- include_role:
|
||||
name: evolix/remount-usr
|
||||
|
||||
- name: "evocommit script is installed"
|
||||
copy:
|
||||
src: evocommit
|
||||
dest: /usr/local/bin/evocommit
|
||||
mode: "0755"
|
||||
force: yes
|
||||
tags:
|
||||
- etc-git
|
||||
|
||||
- include: repository.yml
|
||||
vars:
|
||||
repository_path: "/etc"
|
||||
|
@ -32,36 +44,71 @@
|
|||
- _usr_share_scripts.stat.isdir
|
||||
- ansible_distribution_major_version is version('10', '>=')
|
||||
|
||||
- name: "etc-git-optimize script is installed"
|
||||
copy:
|
||||
src: etc-git-optimize
|
||||
dest: /usr/share/scripts/etc-git-optimize
|
||||
mode: "0755"
|
||||
force: yes
|
||||
tags:
|
||||
- etc-git
|
||||
|
||||
- name: "etc-git-status script is installed"
|
||||
copy:
|
||||
src: etc-git-status
|
||||
dest: /usr/share/scripts/etc-git-status
|
||||
mode: "0755"
|
||||
force: yes
|
||||
tags:
|
||||
- etc-git
|
||||
|
||||
- name: Check if cron is installed
|
||||
shell: "dpkg -l cron 2> /dev/null | grep -q -E '^(i|h)i'"
|
||||
shell: "set -o pipefail && dpkg -l cron 2>/dev/null | grep -q -E '^(i|h)i'"
|
||||
args:
|
||||
executable: /bin/bash
|
||||
failed_when: False
|
||||
changed_when: False
|
||||
check_mode: no
|
||||
register: is_cron_installed
|
||||
|
||||
- name: Optimize script is installed in monthly crontab
|
||||
copy:
|
||||
src: optimize-etc-git
|
||||
dest: /etc/cron.monthly/optimize-etc-git
|
||||
mode: "0750"
|
||||
force: no
|
||||
- block:
|
||||
- name: Legacy cron jobs for /etc/.git status are absent
|
||||
file:
|
||||
dest: "{{ item }}"
|
||||
state: absent
|
||||
loop:
|
||||
- /etc/cron.monthly/optimize-etc-git
|
||||
- /etc/cron.d/etc-git-status
|
||||
|
||||
- name: Cron job for monthly git optimization
|
||||
cron:
|
||||
name: "Monthly optimization"
|
||||
cron_file: etc-git
|
||||
special_time: "monthly"
|
||||
user: root
|
||||
job: "/usr/share/scripts/etc-git-optimize"
|
||||
|
||||
- name: Cron job for hourly git status
|
||||
cron:
|
||||
name: "Hourly warning for unclean Git repository if nobody is connected"
|
||||
cron_file: etc-git
|
||||
special_time: "hourly"
|
||||
user: root
|
||||
job: "who > /dev/null || /usr/share/scripts/etc-git-status"
|
||||
state: "{{ etc_git_monitor_status | bool | ternary('present','absent') }}"
|
||||
|
||||
- name: Cron job for daily git status
|
||||
cron:
|
||||
name: "Daily warning for unclean Git repository"
|
||||
cron_file: etc-git
|
||||
user: root
|
||||
job: "/usr/share/scripts/etc-git-status"
|
||||
minute: "21"
|
||||
hour: "21"
|
||||
weekday: "*"
|
||||
day: "*"
|
||||
month: "*"
|
||||
state: "{{ etc_git_monitor_status | bool | ternary('present','absent') }}"
|
||||
when: is_cron_installed.rc == 0
|
||||
tags:
|
||||
- etc-git
|
||||
|
||||
- name: Cron job for /etc/.git status is installed
|
||||
template:
|
||||
src: etc-git-status.j2
|
||||
dest: /etc/cron.d/etc-git-status
|
||||
mode: "0644"
|
||||
when: is_cron_installed.rc == 0 and etc_git_monitor_status
|
||||
tags:
|
||||
- etc-git
|
||||
|
||||
- name: Cron job for /etc/.git status is removed
|
||||
file:
|
||||
dest: /etc/cron.d/etc-git-status
|
||||
state: absent
|
||||
when: is_cron_installed.rc == 0 and not etc_git_monitor_status
|
||||
tags:
|
||||
- etc-git
|
||||
- etc-git
|
|
@ -46,7 +46,7 @@
|
|||
lineinfile:
|
||||
dest: "{{ repository_path }}/.gitignore"
|
||||
line: "{{ item }}"
|
||||
with_items: "{{ gitignore_items | default([]) }}"
|
||||
loop: "{{ gitignore_items | default([]) }}"
|
||||
tags:
|
||||
- etc-git
|
||||
|
||||
|
@ -68,6 +68,6 @@
|
|||
chdir: "{{ repository_path }}"
|
||||
warn: no
|
||||
register: git_commit
|
||||
when: git_log.rc != 0 or (git_init is defined and git_init.changed)
|
||||
when: git_log.rc != 0 or (git_init is defined and git_init is changed)
|
||||
tags:
|
||||
- etc-git
|
||||
- etc-git
|
|
@ -1,4 +0,0 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
@hourly root who > /dev/null || git --git-dir=/etc/.git --work-tree=/etc status --short
|
||||
21 21 * * * root git --git-dir=/etc/.git --work-tree=/etc status --short
|
|
@ -15,12 +15,13 @@ find "${CRT_DIR}" \
|
|||
-maxdepth 1 \
|
||||
-mindepth 1 \
|
||||
-type d \
|
||||
! -path "*accounts" \
|
||||
! -path "*archive" \
|
||||
! -path "*csr" \
|
||||
! -path "*hooks" \
|
||||
! -path "*keys" \
|
||||
! -path "*live" \
|
||||
! -path "*renewal" \
|
||||
! -path "${CRT_DIR}/accounts" \
|
||||
! -path "${CRT_DIR}/archive" \
|
||||
! -path "${CRT_DIR}/csr" \
|
||||
! -path "${CRT_DIR}/hooks" \
|
||||
! -path "${CRT_DIR}/keys" \
|
||||
! -path "${CRT_DIR}/live" \
|
||||
! -path "${CRT_DIR}/renewal" \
|
||||
! -path "${CRT_DIR}/renewal-hooks" \
|
||||
-printf "%f\n" \
|
||||
| xargs --max-args=1 --no-run-if-empty evoacme
|
||||
|
|
|
@ -112,9 +112,9 @@ openssl_selfsigned() {
|
|||
[ -r "${key}" ] || error "File ${key} is not readable"
|
||||
[ -w "${crt_dir}" ] || error "Directory ${crt_dir} is not writable"
|
||||
if grep -q SAN "${cfg}"; then
|
||||
"${OPENSSL_BIN}" x509 -req -sha256 -days 365 -in "${csr}" -extensions SAN -extfile "${cfg}" -signkey "${key}" -out "${crt}" 2> /dev/null
|
||||
"${OPENSSL_BIN}" x509 -req -sha256 -days 365 -in "${csr}" -extensions SAN -extfile "${cfg}" -signkey "${key}" -out "${crt}" 2>/dev/null
|
||||
else
|
||||
"${OPENSSL_BIN}" x509 -req -sha256 -days 365 -in "${csr}" -signkey "${key}" -out "${crt}" 2> /dev/null
|
||||
"${OPENSSL_BIN}" x509 -req -sha256 -days 365 -in "${csr}" -signkey "${key}" -out "${crt}" 2>/dev/null
|
||||
fi
|
||||
|
||||
[ -r "${crt}" ] || error "Something went wrong, ${crt} has not been generated"
|
||||
|
@ -126,7 +126,7 @@ openssl_key(){
|
|||
|
||||
[ -w "${key_dir}" ] || error "Directory ${key_dir} is not writable"
|
||||
|
||||
"${OPENSSL_BIN}" genrsa -out "${key}" "${size}" 2> /dev/null
|
||||
"${OPENSSL_BIN}" genrsa -out "${key}" "${size}" 2>/dev/null
|
||||
|
||||
[ -r "${key}" ] || error "Something went wrong, ${key} has not been generated"
|
||||
}
|
||||
|
|
|
@ -1,18 +1,28 @@
|
|||
galaxy_info:
|
||||
author: Evolix
|
||||
company: Evolix
|
||||
description: Install evoacme ; a wrapper for Certbot (Let's Encrypt)
|
||||
|
||||
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
|
||||
|
||||
license: GPLv2
|
||||
|
||||
min_ansible_version: 2.2
|
||||
min_ansible_version: "2.2"
|
||||
|
||||
platforms:
|
||||
- name: Debian
|
||||
versions:
|
||||
- stretch
|
||||
- buster
|
||||
- name: Debian
|
||||
versions:
|
||||
- jessie
|
||||
- stretch
|
||||
- buster
|
||||
|
||||
galaxy_tags: []
|
||||
# List tags for your role here, one per line. A tag is
|
||||
# a keyword that describes and categorizes the role.
|
||||
# Users find roles by searching for tags. Be sure to
|
||||
# remove the '[]' above if you add tags to this list.
|
||||
#
|
||||
# NOTE: A tag is limited to a single word comprised of
|
||||
# alphanumeric characters. Maximum 20 tags per role.
|
||||
|
||||
dependencies: []
|
||||
# List your role dependencies here, one per line.
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
section: 'req'
|
||||
option: "{{ item.name }}"
|
||||
value: "{{ item.var }}"
|
||||
with_items:
|
||||
loop:
|
||||
- { name: 'default_bits', var: "{{ evoacme_ssl_key_size }}" }
|
||||
- { name: 'encrypt_key', var: 'yes' }
|
||||
- { name: 'distinguished_name', var: 'req_dn' }
|
||||
|
@ -16,7 +16,7 @@
|
|||
section: 'req_dn'
|
||||
option: "{{ item.name }}"
|
||||
value: "{{ item.var }}"
|
||||
with_items:
|
||||
loop:
|
||||
- { name: 'C', var: "{{ evoacme_ssl_ct }}" }
|
||||
- { name: 'ST', var: "{{ evoacme_ssl_state }}" }
|
||||
- { name: 'L', var: "{{ evoacme_ssl_loc }}" }
|
||||
|
|
|
@ -16,4 +16,4 @@
|
|||
src: "hooks/{{ hook_name }}"
|
||||
dest: "{{ evoacme_hooks_dir }}/{{ hook_name }}"
|
||||
mode: "0750"
|
||||
when: _find_hook.stdout == ""
|
||||
when: _find_hook.stdout | length == 0
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
- ansible_distribution == "Debian"
|
||||
- ansible_distribution_major_version is version('9', '>=')
|
||||
msg: only compatible with Debian >= 9
|
||||
when: not evoacme_disable_debian_check
|
||||
when: not (evoacme_disable_debian_check | bool)
|
||||
|
||||
- include: certbot.yml
|
||||
|
||||
|
|
|
@ -39,6 +39,6 @@
|
|||
file:
|
||||
path: "/usr/local/bin/{{ item }}"
|
||||
state: absent
|
||||
with_items:
|
||||
loop:
|
||||
- 'make-csr'
|
||||
- 'evoacme'
|
||||
|
|
|
@ -13,4 +13,4 @@
|
|||
command: "bkctld restart {{ evolinux_hostname }}"
|
||||
# - "bkctld sync {{ evolinux_hostname }}"
|
||||
delegate_to: "{{ evobackup_client__hosts[0].ip }}"
|
||||
when: evobackup_client__hosts|length > 1
|
||||
when: evobackup_client__hosts | length > 1
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
marker: "# {mark} {{ item.name }}"
|
||||
block: |
|
||||
/sbin/iptables -A INPUT -p tcp --sport {{ item.port }} --dport 1024:65535 -s {{ item.ip }} -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
with_items: "{{ evobackup_client__hosts }}"
|
||||
loop: "{{ evobackup_client__hosts }}"
|
||||
notify: restart minifirewall
|
||||
when: evobackup_client__minifirewall.stat.exists
|
||||
tags:
|
||||
|
|
|
@ -6,11 +6,13 @@
|
|||
dest: "{{ evobackup_client__cron_path }}"
|
||||
force: true
|
||||
mode: 0755
|
||||
with_first_found:
|
||||
- "templates/evobackup-client/{{ evobackup_client__cron_template_name }}.{{ inventory_hostname }}.sh.j2"
|
||||
- "templates/evobackup-client/{{ evobackup_client__cron_template_name }}.{{ host_group }}.sh.j2"
|
||||
- "templates/evobackup-client/{{ evobackup_client__cron_template_name }}.sh.j2"
|
||||
- "zzz_evobackup.default.sh.j2"
|
||||
loop: "{{ query('first_found', templates) }}"
|
||||
vars:
|
||||
templates:
|
||||
- "templates/evobackup-client/{{ evobackup_client__cron_template_name }}.{{ inventory_hostname }}.sh.j2"
|
||||
- "templates/evobackup-client/{{ evobackup_client__cron_template_name }}.{{ host_group | default('all') }}.sh.j2"
|
||||
- "templates/evobackup-client/{{ evobackup_client__cron_template_name }}.sh.j2"
|
||||
- "templates/zzz_evobackup.default.sh.j2"
|
||||
tags:
|
||||
- evobackup_client
|
||||
- evobackup_client_backup_scripts
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
path: /root/.ssh/known_hosts
|
||||
name: "[{{ item.name }}]:{{ item.port }}"
|
||||
key: "[{{ item.name }}]:{{ item.port }} {{ item.fingerprint }}"
|
||||
with_list: "{{ evobackup_client__hosts }}"
|
||||
loop: "{{ evobackup_client__hosts }}"
|
||||
tags:
|
||||
- evobackup_client
|
||||
- evobackup_client_backup_hosts
|
||||
|
|
|
@ -124,7 +124,7 @@ pick_server() {
|
|||
if [ -e "${PIDFILE}" ]; then
|
||||
pid=$(cat "${PIDFILE}")
|
||||
# Does process still exist ?
|
||||
if kill -0 "${pid}" 2> /dev/null; then
|
||||
if kill -0 "${pid}" 2>/dev/null; then
|
||||
# Killing the childs of evobackup.
|
||||
for ppid in $(pgrep -P "${pid}"); do
|
||||
kill -9 "${ppid}";
|
||||
|
|
|
@ -16,6 +16,4 @@ A separate `exec.yml` file can be imported manually in playbooks or roles to exe
|
|||
## Variables
|
||||
|
||||
We can force install via :
|
||||
* `evocheck_force_install: local` : will copy the script provided by the role
|
||||
* `evocheck_force_install: package` : will install the package via repositories
|
||||
* `evocheck_update_crontab` : will update the crontab (default: `True`)
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
---
|
||||
evocheck_force_install: False
|
||||
|
||||
evocheck_update_crontab: True
|
||||
evocheck_bin_dir: /usr/share/scripts
|
||||
|
|
|
@ -4,7 +4,8 @@
|
|||
# Script to verify compliance of a Debian/OpenBSD server
|
||||
# powered by Evolix
|
||||
|
||||
readonly VERSION="20.12"
|
||||
VERSION="21.10.4"
|
||||
readonly VERSION
|
||||
|
||||
# base functions
|
||||
|
||||
|
@ -12,7 +13,7 @@ show_version() {
|
|||
cat <<END
|
||||
evocheck version ${VERSION}
|
||||
|
||||
Copyright 2009-2019 Evolix <info@evolix.fr>,
|
||||
Copyright 2009-2021 Evolix <info@evolix.fr>,
|
||||
Romain Dessort <rdessort@evolix.fr>,
|
||||
Benoit Série <bserie@evolix.fr>,
|
||||
Gregory Colpart <reg@evolix.fr>,
|
||||
|
@ -62,6 +63,8 @@ detect_os() {
|
|||
8) DEBIAN_RELEASE="jessie";;
|
||||
9) DEBIAN_RELEASE="stretch";;
|
||||
10) DEBIAN_RELEASE="buster";;
|
||||
11) DEBIAN_RELEASE="bullseye";;
|
||||
12) DEBIAN_RELEASE="bookworm";;
|
||||
esac
|
||||
fi
|
||||
elif [ "$(uname -s)" = "OpenBSD" ]; then
|
||||
|
@ -71,7 +74,7 @@ detect_os() {
|
|||
}
|
||||
|
||||
is_debian() {
|
||||
test -n "${DEBIAN_RELEASE}"
|
||||
test -n "${DEBIAN_RELEASE}"
|
||||
}
|
||||
is_debian_lenny() {
|
||||
test "${DEBIAN_RELEASE}" = "lenny"
|
||||
|
@ -91,6 +94,12 @@ is_debian_stretch() {
|
|||
is_debian_buster() {
|
||||
test "${DEBIAN_RELEASE}" = "buster"
|
||||
}
|
||||
is_debian_bullseye() {
|
||||
test "${DEBIAN_RELEASE}" = "bullseye"
|
||||
}
|
||||
is_debian_bookworm() {
|
||||
test "${DEBIAN_RELEASE}" = "bookworm"
|
||||
}
|
||||
debian_release() {
|
||||
printf "%s" "${DEBIAN_RELEASE}"
|
||||
}
|
||||
|
@ -147,7 +156,7 @@ check_lsbrelease(){
|
|||
## only the major version matters
|
||||
lhs=$(${LSB_RELEASE_BIN} --release --short | cut -d "." -f 1)
|
||||
rhs=$(cut -d "." -f 1 < /etc/debian_version)
|
||||
test "$lhs" = "$rhs" || failed "IS_LSBRELEASE" "release is not consistent between lsb_release and /etc/debian_version"
|
||||
test "$lhs" = "$rhs" || failed "IS_LSBRELEASE" "release is not consistent between lsb_release (${lhs}) and /etc/debian_version (${rhs})"
|
||||
else
|
||||
failed "IS_LSBRELEASE" "lsb_release is missing or not executable"
|
||||
fi
|
||||
|
@ -165,7 +174,7 @@ check_dpkgwarning() {
|
|||
test -e /etc/apt/apt.conf \
|
||||
&& failed "IS_DPKGWARNING" "/etc/apt/apt.conf is missing"
|
||||
fi
|
||||
elif is_debian_stretch || is_debian_buster; then
|
||||
elif is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||
test -e /etc/apt/apt.conf.d/z-evolinux.conf \
|
||||
|| failed "IS_DPKGWARNING" "/etc/apt/apt.conf.d/z-evolinux.conf is missing"
|
||||
fi
|
||||
|
@ -211,7 +220,6 @@ check_vartmpfs() {
|
|||
else
|
||||
df /var/tmp | grep -q tmpfs || failed "IS_VARTMPFS" "/var/tmp is not a tmpfs"
|
||||
fi
|
||||
|
||||
}
|
||||
check_serveurbase() {
|
||||
is_installed serveur-base || failed "IS_SERVEURBASE" "serveur-base package is not installed"
|
||||
|
@ -224,8 +232,19 @@ check_syslogconf() {
|
|||
|| failed "IS_SYSLOGCONF" "syslog evolix config file missing"
|
||||
}
|
||||
check_debiansecurity() {
|
||||
grep -q "^deb.*security" /etc/apt/sources.list \
|
||||
|| failed "IS_DEBIANSECURITY" "missing debian security repository"
|
||||
if is_debian_bullseye; then
|
||||
# https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.html#security-archive
|
||||
pattern="^deb https://deb\.debian\.org/debian-security/? bullseye-security main"
|
||||
elif is_debian_buster; then
|
||||
pattern="^deb http://security\.debian\.org/debian-security/? buster/updates main"
|
||||
elif is_debian_stretch; then
|
||||
pattern="^deb http://security\.debian\.org/debian-security/? stretch/updates main"
|
||||
else
|
||||
pattern="^deb.*security"
|
||||
fi
|
||||
|
||||
source_file="/etc/apt/sources.list"
|
||||
grep -qE "${pattern}" "${source_file}" || failed "IS_DEBIANSECURITY" "missing debian security repository"
|
||||
}
|
||||
check_aptitudeonly() {
|
||||
if is_debian_squeeze || is_debian_wheezy; then
|
||||
|
@ -234,13 +253,13 @@ check_aptitudeonly() {
|
|||
fi
|
||||
}
|
||||
check_aptitude() {
|
||||
if is_debian_jessie || is_debian_stretch || is_debian_buster; then
|
||||
if is_debian_jessie || is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||
test -e /usr/bin/aptitude && failed "IS_APTITUDE" "aptitude may not be installed on Debian >=8"
|
||||
fi
|
||||
}
|
||||
check_aptgetbak() {
|
||||
if is_debian_jessie || is_debian_stretch || is_debian_buster; then
|
||||
test -e /usr/bin/apt-get.bak && failed "IS_APTGETBAK" "missing dpkg-divert apt-get.bak"
|
||||
if is_debian_jessie || is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||
test -e /usr/bin/apt-get.bak && failed "IS_APTGETBAK" "prohibit the installation of apt-get.bak with dpkg-divert(1)"
|
||||
fi
|
||||
}
|
||||
check_apticron() {
|
||||
|
@ -276,7 +295,7 @@ check_mountfstab() {
|
|||
fi
|
||||
}
|
||||
check_listchangesconf() {
|
||||
if is_debian_stretch || is_debian_buster; then
|
||||
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||
if is_installed apt-listchanges; then
|
||||
failed "IS_LISTCHANGESCONF" "apt-listchanges must not be installed on Debian >=9"
|
||||
fi
|
||||
|
@ -296,7 +315,7 @@ check_customcrontab() {
|
|||
test "$found_lines" = 4 && failed "IS_CUSTOMCRONTAB" "missing custom field in crontab"
|
||||
}
|
||||
check_sshallowusers() {
|
||||
grep -E -qi "(AllowUsers|AllowGroups)" /etc/ssh/sshd_config \
|
||||
grep -E -qir "(AllowUsers|AllowGroups)" /etc/ssh/sshd_config /etc/ssh/sshd_config.d \
|
||||
|| failed "IS_SSHALLOWUSERS" "missing AllowUsers or AllowGroups directive in sshd_config"
|
||||
}
|
||||
check_diskperf() {
|
||||
|
@ -307,7 +326,7 @@ check_tmoutprofile() {
|
|||
grep -sq "TMOUT=" /etc/profile /etc/profile.d/evolinux.sh || failed "IS_TMOUTPROFILE" "TMOUT is not set"
|
||||
}
|
||||
check_alert5boot() {
|
||||
if is_debian_buster; then
|
||||
if is_debian_buster || is_debian_bullseye; then
|
||||
grep -qs "^date" /usr/share/scripts/alert5.sh || failed "IS_ALERT5BOOT" "boot mail is not sent by alert5 init script"
|
||||
test -f /etc/systemd/system/alert5.service || failed "IS_ALERT5BOOT" "alert5 unit file is missing"
|
||||
systemctl is-enabled alert5 -q || failed "IS_ALERT5BOOT" "alert5 unit is not enabled"
|
||||
|
@ -320,7 +339,7 @@ check_alert5boot() {
|
|||
fi
|
||||
}
|
||||
check_alert5minifw() {
|
||||
if is_debian_buster; then
|
||||
if is_debian_buster || is_debian_bullseye; then
|
||||
grep -qs "^/etc/init.d/minifirewall" /usr/share/scripts/alert5.sh \
|
||||
|| failed "IS_ALERT5MINIFW" "Minifirewall is not started by alert5 script or script is missing"
|
||||
else
|
||||
|
@ -336,6 +355,13 @@ check_minifw() {
|
|||
/sbin/iptables -L -n | grep -q -E "^ACCEPT\s*all\s*--\s*31\.170\.8\.4\s*0\.0\.0\.0/0\s*$" \
|
||||
|| failed "IS_MINIFW" "minifirewall seems not starded"
|
||||
}
|
||||
check_minifw_includes() {
|
||||
if is_debian_bullseye; then
|
||||
if grep -q -e '/sbin/iptables' -e '/sbin/ip6tables' "${MINIFW_FILE}"; then
|
||||
failed "IS_MINIFWINCLUDES" "minifirewall has direct iptables invocations in ${MINIFW_FILE} that should go in /etc/minifirewall.d/"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
check_nrpeperms() {
|
||||
if [ -d /etc/nagios ]; then
|
||||
nagiosDir="/etc/nagios"
|
||||
|
@ -357,7 +383,11 @@ check_nrpedisks() {
|
|||
test "$NRPEDISKS" = "$DFDISKS" || failed "IS_NRPEDISKS" "there must be $DFDISKS check_disk in nrpe.cfg"
|
||||
}
|
||||
check_nrpepid() {
|
||||
if ! is_debian_squeeze; then
|
||||
if is_debian_bullseye; then
|
||||
{ test -e /etc/nagios/nrpe.cfg \
|
||||
&& grep -q "^pid_file=/run/nagios/nrpe.pid" /etc/nagios/nrpe.cfg;
|
||||
} || failed "IS_NRPEPID" "missing or wrong pid_file directive in nrpe.cfg"
|
||||
elif ! is_debian_squeeze; then
|
||||
{ test -e /etc/nagios/nrpe.cfg \
|
||||
&& grep -q "^pid_file=/var/run/nagios/nrpe.pid" /etc/nagios/nrpe.cfg;
|
||||
} || failed "IS_NRPEPID" "missing or wrong pid_file directive in nrpe.cfg"
|
||||
|
@ -372,7 +402,7 @@ check_grsecprocs() {
|
|||
}
|
||||
check_apachemunin() {
|
||||
if test -e /etc/apache2/apache2.conf; then
|
||||
if is_debian_stretch || is_debian_buster; then
|
||||
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||
{ test -h /etc/apache2/mods-enabled/status.load \
|
||||
&& test -h /etc/munin/plugins/apache_accesses \
|
||||
&& test -h /etc/munin/plugins/apache_processes \
|
||||
|
@ -392,17 +422,20 @@ check_apachemunin() {
|
|||
check_mysqlutils() {
|
||||
MYSQL_ADMIN=${MYSQL_ADMIN:-mysqladmin}
|
||||
if is_installed mysql-server; then
|
||||
# You can configure MYSQL_ADMIN in evocheck.cf
|
||||
if ! grep -qs "$MYSQL_ADMIN" /root/.my.cnf; then
|
||||
failed "IS_MYSQLUTILS" "mysqladmin missing in /root/.my.cnf"
|
||||
# With Debian 11 and later, root can connect to MariaDB with the socket
|
||||
if is_debian_wheezy || is_debian_jessie || is_debian_stretch || is_debian_buster; then
|
||||
# You can configure MYSQL_ADMIN in evocheck.cf
|
||||
if ! grep -qs "^user *= *${MYSQL_ADMIN}" /root/.my.cnf; then
|
||||
failed "IS_MYSQLUTILS" "${MYSQL_ADMIN} missing in /root/.my.cnf"
|
||||
fi
|
||||
fi
|
||||
if ! test -x /usr/bin/mytop; then
|
||||
if ! test -x /usr/local/bin/mytop; then
|
||||
failed "IS_MYSQLUTILS" "mytop binary missing"
|
||||
fi
|
||||
fi
|
||||
if ! grep -qs debian-sys-maint /root/.mytop; then
|
||||
failed "IS_MYSQLUTILS" "debian-sys-maint missing in /root/.mytop"
|
||||
if ! grep -qs '^user *=' /root/.mytop; then
|
||||
failed "IS_MYSQLUTILS" "credentials missing in /root/.mytop"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
@ -431,7 +464,7 @@ check_muninlogrotate() {
|
|||
}
|
||||
# Verification de l'activation de Squid dans le cas d'un pack mail
|
||||
check_squid() {
|
||||
if is_debian_stretch || is_debian_buster; then
|
||||
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||
squidconffile="/etc/squid/evolinux-custom.conf"
|
||||
else
|
||||
squidconffile="/etc/squid*/squid.conf"
|
||||
|
@ -444,7 +477,8 @@ check_squid() {
|
|||
&& grep -qE "^[^#]*iptables -t nat -A OUTPUT -p tcp --dport 80 -d $host -j ACCEPT" "$MINIFW_FILE" \
|
||||
&& grep -qE "^[^#]*iptables -t nat -A OUTPUT -p tcp --dport 80 -d 127.0.0.(1|0/8) -j ACCEPT" "$MINIFW_FILE" \
|
||||
&& grep -qE "^[^#]*iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port.* $http_port" "$MINIFW_FILE";
|
||||
} || failed "IS_SQUID" "missing squid rules in minifirewall"
|
||||
} || grep -qE "^PROXY='?on'?" "$MINIFW_FILE" \
|
||||
|| failed "IS_SQUID" "missing squid rules in minifirewall"
|
||||
fi
|
||||
}
|
||||
check_evomaintenance_fw() {
|
||||
|
@ -473,7 +507,7 @@ check_log2mailrunning() {
|
|||
fi
|
||||
}
|
||||
check_log2mailapache() {
|
||||
if is_debian_stretch || is_debian_buster; then
|
||||
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||
conf=/etc/log2mail/config/apache
|
||||
else
|
||||
conf=/etc/log2mail/config/default
|
||||
|
@ -532,10 +566,10 @@ check_network_interfaces() {
|
|||
}
|
||||
# Verify if all if are in auto
|
||||
check_autoif() {
|
||||
if is_debian_stretch || is_debian_buster; then
|
||||
interfaces=$(/sbin/ip address show up | grep "^[0-9]*:" | grep -E -v "(lo|vnet|docker|veth|tun|tap|macvtap)" | cut -d " " -f 2 | tr -d : | cut -d@ -f1 | tr "\n" " ")
|
||||
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||
interfaces=$(/sbin/ip address show up | grep "^[0-9]*:" | grep -E -v "(lo|vnet|docker|veth|tun|tap|macvtap|vrrp)" | cut -d " " -f 2 | tr -d : | cut -d@ -f1 | tr "\n" " ")
|
||||
else
|
||||
interfaces=$(/sbin/ifconfig -s | tail -n +2 | grep -E -v "^(lo|vnet|docker|veth|tun|tap|macvtap)" | cut -d " " -f 1 |tr "\n" " ")
|
||||
interfaces=$(/sbin/ifconfig -s | tail -n +2 | grep -E -v "^(lo|vnet|docker|veth|tun|tap|macvtap|vrrp)" | cut -d " " -f 1 |tr "\n" " ")
|
||||
fi
|
||||
for interface in $interfaces; do
|
||||
if ! grep -q "^auto $interface" /etc/network/interfaces; then
|
||||
|
@ -569,6 +603,7 @@ check_evobackup_exclude_mount() {
|
|||
failed "IS_EVOBACKUP_EXCLUDE_MOUNT" "${mount} is not excluded from ${evobackup_file} backup script"
|
||||
done
|
||||
done
|
||||
rm -rf "${excludes_file}"
|
||||
}
|
||||
# Verification de la presence du userlogrotate
|
||||
check_userlogrotate() {
|
||||
|
@ -681,6 +716,7 @@ check_backupuptodate() {
|
|||
backup_dir="/home/backup"
|
||||
if [ -d "${backup_dir}" ]; then
|
||||
if [ -n "$(ls -A ${backup_dir})" ]; then
|
||||
# shellcheck disable=SC2231
|
||||
for file in ${backup_dir}/*; do
|
||||
limit=$(date +"%s" -d "now - 2 day")
|
||||
updated_at=$(stat -c "%Y" "$file")
|
||||
|
@ -771,7 +807,7 @@ check_tune2fs_m5() {
|
|||
done
|
||||
}
|
||||
check_evolinuxsudogroup() {
|
||||
if is_debian_stretch || is_debian_buster; then
|
||||
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||
if grep -q "^evolinux-sudo:" /etc/group; then
|
||||
grep -qE '^%evolinux-sudo +ALL ?= ?\(ALL:ALL\) ALL' /etc/sudoers.d/evolinux \
|
||||
|| failed "IS_EVOLINUXSUDOGROUP" "missing evolinux-sudo directive in sudoers file"
|
||||
|
@ -779,7 +815,7 @@ check_evolinuxsudogroup() {
|
|||
fi
|
||||
}
|
||||
check_userinadmgroup() {
|
||||
if is_debian_stretch || is_debian_buster; then
|
||||
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||
users=$(grep "^evolinux-sudo:" /etc/group | awk -F: '{print $4}' | tr ',' ' ')
|
||||
for user in $users; do
|
||||
if ! groups "$user" | grep -q adm; then
|
||||
|
@ -790,7 +826,7 @@ check_userinadmgroup() {
|
|||
fi
|
||||
}
|
||||
check_apache2evolinuxconf() {
|
||||
if is_debian_stretch || is_debian_buster; then
|
||||
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||
if test -d /etc/apache2; then
|
||||
{ test -L /etc/apache2/conf-enabled/z-evolinux-defaults.conf \
|
||||
&& test -L /etc/apache2/conf-enabled/zzz-evolinux-custom.conf \
|
||||
|
@ -800,7 +836,7 @@ check_apache2evolinuxconf() {
|
|||
fi
|
||||
}
|
||||
check_backportsconf() {
|
||||
if is_debian_stretch || is_debian_buster; then
|
||||
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||
grep -qsE "^[^#].*backports" /etc/apt/sources.list \
|
||||
&& failed "IS_BACKPORTSCONF" "backports can't be in main sources list"
|
||||
if grep -qsE "^[^#].*backports" /etc/apt/sources.list.d/*.list; then
|
||||
|
@ -810,7 +846,7 @@ check_backportsconf() {
|
|||
fi
|
||||
}
|
||||
check_bind9munin() {
|
||||
if is_debian_stretch || is_debian_buster; then
|
||||
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||
if is_installed bind9; then
|
||||
{ test -L /etc/munin/plugins/bind9 \
|
||||
&& test -e /etc/munin/plugin-conf.d/bind9;
|
||||
|
@ -819,7 +855,7 @@ check_bind9munin() {
|
|||
fi
|
||||
}
|
||||
check_bind9logrotate() {
|
||||
if is_debian_stretch || is_debian_buster; then
|
||||
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||
if is_installed bind9; then
|
||||
test -e /etc/logrotate.d/bind9 || failed "IS_BIND9LOGROTATE" "missing bind logrotate file"
|
||||
fi
|
||||
|
@ -840,7 +876,7 @@ check_broadcomfirmware() {
|
|||
check_hardwareraidtool() {
|
||||
LSPCI_BIN=$(command -v lspci)
|
||||
if [ -x "${LSPCI_BIN}" ]; then
|
||||
if ${LSPCI_BIN} | grep -q 'MegaRAID SAS'; then
|
||||
if ${LSPCI_BIN} | grep -q 'MegaRAID'; then
|
||||
# shellcheck disable=SC2015
|
||||
is_installed megacli && { is_installed megaclisas-status || is_installed megaraidsas-status; } \
|
||||
|| failed "IS_HARDWARERAIDTOOL" "Mega tools not found"
|
||||
|
@ -853,7 +889,7 @@ check_hardwareraidtool() {
|
|||
fi
|
||||
}
|
||||
check_log2mailsystemdunit() {
|
||||
if is_debian_stretch || is_debian_buster; then
|
||||
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||
systemctl -q is-active log2mail.service \
|
||||
|| failed "IS_LOG2MAILSYSTEMDUNIT" "log2mail unit not running"
|
||||
test -f /etc/systemd/system/log2mail.service \
|
||||
|
@ -869,7 +905,7 @@ check_listupgrade() {
|
|||
|| failed "IS_LISTUPGRADE" "missing listupgrade script or not executable"
|
||||
}
|
||||
check_mariadbevolinuxconf() {
|
||||
if is_debian_stretch || is_debian_buster; then
|
||||
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||
if is_installed mariadb-server; then
|
||||
{ test -f /etc/mysql/mariadb.conf.d/z-evolinux-defaults.cnf \
|
||||
&& test -f /etc/mysql/mariadb.conf.d/zzz-evolinux-custom.cnf;
|
||||
|
@ -945,6 +981,7 @@ check_elastic_backup() {
|
|||
fi
|
||||
}
|
||||
check_mariadbsystemdunit() {
|
||||
# TODO: check if it is still needed for bullseye
|
||||
if is_debian_stretch || is_debian_buster; then
|
||||
if is_installed mariadb-server; then
|
||||
if systemctl -q is-active mariadb.service; then
|
||||
|
@ -955,7 +992,7 @@ check_mariadbsystemdunit() {
|
|||
fi
|
||||
}
|
||||
check_mysqlmunin() {
|
||||
if is_debian_stretch || is_debian_buster; then
|
||||
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||
if is_installed mariadb-server; then
|
||||
for file in mysql_bytes mysql_queries mysql_slowqueries \
|
||||
mysql_threads mysql_connections mysql_files_tables \
|
||||
|
@ -973,7 +1010,7 @@ check_mysqlmunin() {
|
|||
fi
|
||||
}
|
||||
check_mysqlnrpe() {
|
||||
if is_debian_stretch || is_debian_buster; then
|
||||
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||
if is_installed mariadb-server; then
|
||||
nagios_file=~nagios/.my.cnf
|
||||
if ! test -f ${nagios_file}; then
|
||||
|
@ -989,9 +1026,10 @@ check_mysqlnrpe() {
|
|||
fi
|
||||
}
|
||||
check_phpevolinuxconf() {
|
||||
if is_debian_stretch || is_debian_buster; then
|
||||
is_debian_stretch && phpVersion="7.0"
|
||||
is_debian_buster && phpVersion="7.3"
|
||||
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||
is_debian_stretch && phpVersion="7.0"
|
||||
is_debian_buster && phpVersion="7.3"
|
||||
is_debian_bullseye && phpVersion="7.4"
|
||||
if is_installed php; then
|
||||
{ test -f /etc/php/${phpVersion}/cli/conf.d/z-evolinux-defaults.ini \
|
||||
&& test -f /etc/php/${phpVersion}/cli/conf.d/zzz-evolinux-custom.ini
|
||||
|
@ -1000,15 +1038,15 @@ check_phpevolinuxconf() {
|
|||
fi
|
||||
}
|
||||
check_squidlogrotate() {
|
||||
if is_debian_stretch || is_debian_buster; then
|
||||
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||
if is_installed squid; then
|
||||
grep -q monthly /etc/logrotate.d/squid \
|
||||
grep -q -e monthly -e daily /etc/logrotate.d/squid \
|
||||
|| failed "IS_SQUIDLOGROTATE" "missing squid logrotate file"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
check_squidevolinuxconf() {
|
||||
if is_debian_stretch || is_debian_buster; then
|
||||
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||
if is_installed squid; then
|
||||
{ grep -qs "^CONFIG=/etc/squid/evolinux-defaults.conf$" /etc/default/squid \
|
||||
&& test -f /etc/squid/evolinux-defaults.conf \
|
||||
|
@ -1044,7 +1082,7 @@ check_duplicate_fs_label() {
|
|||
fi
|
||||
}
|
||||
check_evolix_user() {
|
||||
grep -q "evolix:" /etc/passwd \
|
||||
grep -q -E "^evolix:" /etc/passwd \
|
||||
&& failed "IS_EVOLIX_USER" "evolix user should be deleted, used only for install"
|
||||
}
|
||||
check_evoacme_cron() {
|
||||
|
@ -1083,7 +1121,7 @@ check_apache_confenabled() {
|
|||
# Starting from Jessie and Apache 2.4, /etc/apache2/conf.d/
|
||||
# must be replaced by conf-available/ and config files symlinked
|
||||
# to conf-enabled/
|
||||
if is_debian_jessie || is_debian_stretch || is_debian_buster; then
|
||||
if is_debian_jessie || is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||
if [ -f /etc/apache2/apache2.conf ]; then
|
||||
test -d /etc/apache2/conf.d/ \
|
||||
&& failed "IS_APACHE_CONFENABLED" "apache's conf.d directory must not exists"
|
||||
|
@ -1095,7 +1133,7 @@ check_apache_confenabled() {
|
|||
check_meltdown_spectre() {
|
||||
# For Stretch, detection is easy as the kernel use
|
||||
# /sys/devices/system/cpu/vulnerabilities/
|
||||
if is_debian_stretch || is_debian_buster; then
|
||||
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||
for vuln in meltdown spectre_v1 spectre_v2; do
|
||||
test -f "/sys/devices/system/cpu/vulnerabilities/$vuln" \
|
||||
|| failed "IS_MELTDOWN_SPECTRE" "vulnerable to $vuln"
|
||||
|
@ -1148,7 +1186,7 @@ check_usrsharescripts() {
|
|||
test "$expected" = "$actual" || failed "IS_USRSHARESCRIPTS" "/usr/share/scripts must be $expected"
|
||||
}
|
||||
check_sshpermitrootno() {
|
||||
if is_debian_stretch || is_debian_buster; then
|
||||
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||
if grep -q "^PermitRoot" /etc/ssh/sshd_config; then
|
||||
grep -E -qi "PermitRoot.*no" /etc/ssh/sshd_config \
|
||||
|| failed "IS_SSHPERMITROOTNO" "PermitRoot should be set at no"
|
||||
|
@ -1159,7 +1197,7 @@ check_sshpermitrootno() {
|
|||
fi
|
||||
}
|
||||
check_evomaintenanceusers() {
|
||||
if is_debian_stretch || is_debian_buster; then
|
||||
if is_debian_stretch || is_debian_buster || is_debian_bullseye; then
|
||||
users=$(getent group evolinux-sudo | cut -d':' -f4 | tr ',' ' ')
|
||||
else
|
||||
if [ -f /etc/sudoers.d/evolinux ]; then
|
||||
|
@ -1295,6 +1333,154 @@ check_nginx_letsencrypt_uptodate() {
|
|||
fi
|
||||
}
|
||||
|
||||
check_lxc_container_resolv_conf() {
|
||||
if is_installed lxc; then
|
||||
container_list=$(lxc-ls)
|
||||
current_resolvers=$(grep nameserver /etc/resolv.conf | sed 's/nameserver//g' )
|
||||
|
||||
for container in $container_list; do
|
||||
if [ -f "/var/lib/lxc/${container}/rootfs/etc/resolv.conf" ]; then
|
||||
|
||||
while read -r resolver; do
|
||||
if ! grep -qE "^nameserver\s+${resolver}" "/var/lib/lxc/${container}/rootfs/etc/resolv.conf"; then
|
||||
failed "IS_LXC_CONTAINER_RESOLV_CONF" "resolv.conf miss-match beween host and container : missing nameserver ${resolver} in container ${container} resolv.conf"
|
||||
fi
|
||||
done <<< "${current_resolvers}"
|
||||
|
||||
else
|
||||
failed "IS_LXC_CONTAINER_RESOLV_CONF" "resolv.conf missing in container ${container}"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
}
|
||||
download_versions() {
|
||||
local file
|
||||
file=${1:-}
|
||||
|
||||
## The file is supposed to list programs : each on a line, then its latest version number
|
||||
## Examples:
|
||||
# evoacme 21.06
|
||||
# evomaintenance 0.6.4
|
||||
|
||||
if is_debian; then
|
||||
versions_url="https://upgrades.evolix.org/versions-${DEBIAN_RELEASE}"
|
||||
elif is_openbsd; then
|
||||
versions_url="https://upgrades.evolix.org/versions-${OPENBSD_RELEASE}"
|
||||
else
|
||||
failed "IS_VERSIONS_CHECK" "error determining os release"
|
||||
fi
|
||||
|
||||
# fetch timeout, in seconds
|
||||
timeout=10
|
||||
|
||||
if command -v curl > /dev/null; then
|
||||
curl --max-time ${timeout} --fail --silent --output "${versions_file}" "${versions_url}"
|
||||
elif command -v wget > /dev/null; then
|
||||
wget --timeout=${timeout} --quiet "${versions_url}" -O "${versions_file}"
|
||||
elif command -v GET; then
|
||||
GET -t ${timeout}s "${versions_url}" > "${versions_file}"
|
||||
else
|
||||
failed "IS_VERSIONS_CHECK" "failed to find curl, wget or GET"
|
||||
fi
|
||||
test "$?" -eq 0 || failed "IS_VERSIONS_CHECK" "failed to download ${versions_url} to ${versions_file}"
|
||||
}
|
||||
get_command() {
|
||||
local program
|
||||
program=${1:-}
|
||||
|
||||
case "${program}" in
|
||||
## Special cases where the program name is different than the command name
|
||||
evocheck) echo "${0}" ;;
|
||||
evomaintenance) command -v "evomaintenance.sh" ;;
|
||||
listupgrade) command -v "evolistupgrade.sh" ;;
|
||||
old-kernel-autoremoval) command -v "old-kernel-autoremoval.sh" ;;
|
||||
mysql-queries-killer) command -v "mysql-queries-killer.sh" ;;
|
||||
|
||||
## General case, where the program name is the same as the command name
|
||||
*) command -v "${program}" ;;
|
||||
esac
|
||||
}
|
||||
get_version() {
|
||||
local program
|
||||
local command
|
||||
program=${1:-}
|
||||
command=${2:-}
|
||||
|
||||
case "${program}" in
|
||||
## Special case if `command --version => 'command` is not the standard way to get the version
|
||||
# my_command)
|
||||
# /path/to/my_command --get-version
|
||||
# ;;
|
||||
|
||||
add-vm)
|
||||
grep '^VERSION=' "${command}" | head -1 | cut -d '=' -f 2
|
||||
;;
|
||||
## Let's try the --version flag before falling back to grep for the constant
|
||||
kvmstats)
|
||||
if ${command} --version > /dev/null 2> /dev/null; then
|
||||
${command} --version 2> /dev/null | head -1 | cut -d ' ' -f 3
|
||||
else
|
||||
grep '^VERSION=' "${command}" | head -1 | cut -d '=' -f 2
|
||||
fi
|
||||
;;
|
||||
|
||||
## General case to get the version
|
||||
*) ${command} --version 2> /dev/null | head -1 | cut -d ' ' -f 3 ;;
|
||||
esac
|
||||
}
|
||||
check_version() {
|
||||
local program
|
||||
local expected_version
|
||||
program=${1:-}
|
||||
expected_version=${2:-}
|
||||
|
||||
command=$(get_command "${program}")
|
||||
if [ -n "${command}" ]; then
|
||||
# shellcheck disable=SC2086
|
||||
actual_version=$(get_version "${program}" "${command}")
|
||||
# printf "program:%s expected:%s actual:%s\n" "${program}" "${expected_version}" "${actual_version}"
|
||||
if [ -z "${actual_version}" ]; then
|
||||
failed "IS_VERSIONS_CHECK" "failed to lookup actual version of ${program}"
|
||||
elif dpkg --compare-versions "${actual_version}" lt "${expected_version}"; then
|
||||
failed "IS_VERSIONS_CHECK" "${program} version ${actual_version} is older than expected version ${expected_version}"
|
||||
elif dpkg --compare-versions "${actual_version}" gt "${expected_version}"; then
|
||||
failed "IS_VERSIONS_CHECK" "${program} version ${actual_version} is newer than expected version ${expected_version}, you should update tour index."
|
||||
else
|
||||
: # Version check OK
|
||||
fi
|
||||
fi
|
||||
}
|
||||
add_to_path() {
|
||||
local new_path
|
||||
new_path=${1:-}
|
||||
|
||||
echo "$PATH" | grep -qF "${new_path}" || export PATH="${PATH}:${new_path}"
|
||||
}
|
||||
check_versions() {
|
||||
versions_file=$(mktemp --tmpdir=/tmp "evocheck-versions.XXXXX")
|
||||
# shellcheck disable=SC2064
|
||||
trap "rm -f ${versions_file}" 0
|
||||
download_versions "${versions_file}"
|
||||
add_to_path "/usr/share/scripts"
|
||||
|
||||
grep -v '^ *#' < "${versions_file}" | while IFS= read -r line; do
|
||||
local program
|
||||
local version
|
||||
program=$(echo "${line}" | cut -d ' ' -f 1)
|
||||
version=$(echo "${line}" | cut -d ' ' -f 2)
|
||||
|
||||
if [ -n "${program}" ]; then
|
||||
if [ -n "${version}" ]; then
|
||||
check_version "${program}" "${version}"
|
||||
else
|
||||
failed "IS_VERSIONS_CHECK" "failed to lookup expected version for ${program}"
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
rm -f "${versions_file}"
|
||||
}
|
||||
|
||||
main() {
|
||||
# Default return code : 0 = no error
|
||||
RC=0
|
||||
|
@ -1349,6 +1535,8 @@ main() {
|
|||
test "${IS_ALERT5MINIFW:=1}" = 1 && test "${IS_MINIFW:=1}" = 1 && check_minifw
|
||||
test "${IS_NRPEPERMS:=1}" = 1 && check_nrpeperms
|
||||
test "${IS_MINIFWPERMS:=1}" = 1 && check_minifwperms
|
||||
# Enable when minifirewall is released
|
||||
test "${IS_MINIFWINCLUDES:=0}" = 1 && check_minifw_includes
|
||||
test "${IS_NRPEDISKS:=0}" = 1 && check_nrpedisks
|
||||
test "${IS_NRPEPID:=1}" = 1 && check_nrpepid
|
||||
test "${IS_GRSECPROCS:=1}" = 1 && check_grsecprocs
|
||||
|
@ -1421,6 +1609,8 @@ main() {
|
|||
test "${IS_APT_VALID_UNTIL:=1}" = 1 && check_apt_valid_until
|
||||
test "${IS_CHROOTED_BINARY_UPTODATE:=1}" = 1 && check_chrooted_binary_uptodate
|
||||
test "${IS_NGINX_LETSENCRYPT_UPTODATE:=1}" = 1 && check_nginx_letsencrypt_uptodate
|
||||
test "${IS_LXC_CONTAINER_RESOLV_CONF:=1}" = 1 && check_lxc_container_resolv_conf
|
||||
test "${IS_CHECK_VERSIONS:=1}" = 1 && check_versions
|
||||
fi
|
||||
|
||||
#-----------------------------------------------------------
|
||||
|
@ -1528,10 +1718,13 @@ main() {
|
|||
exit ${RC}
|
||||
}
|
||||
|
||||
PROGNAME=$(basename "$0")
|
||||
# shellcheck disable=SC2034
|
||||
readonly PROGNAME=$(basename "$0")
|
||||
# shellcheck disable=2124
|
||||
readonly ARGS=$@
|
||||
readonly PROGNAME
|
||||
|
||||
# shellcheck disable=SC2124
|
||||
ARGS=$@
|
||||
readonly ARGS
|
||||
|
||||
# Disable LANG*
|
||||
export LANG=C
|
||||
|
@ -1557,6 +1750,7 @@ while :; do
|
|||
IS_KERNELUPTODATE=0
|
||||
IS_UPTIME=0
|
||||
IS_MELTDOWN_SPECTRE=0
|
||||
IS_CHECK_VERSIONS=0
|
||||
;;
|
||||
-v|--verbose)
|
||||
VERBOSE=1
|
||||
|
|
|
@ -7,13 +7,14 @@ galaxy_info:
|
|||
|
||||
license: GPLv2
|
||||
|
||||
min_ansible_version: 2.2
|
||||
min_ansible_version: "2.2"
|
||||
|
||||
platforms:
|
||||
- name: Debian
|
||||
versions:
|
||||
- jessie
|
||||
- squeeze
|
||||
- name: Debian
|
||||
versions:
|
||||
- jessie
|
||||
- stretch
|
||||
- buster
|
||||
|
||||
galaxy_tags: []
|
||||
# List tags for your role here, one per line. A tag is
|
||||
|
|
|
@ -1,7 +1,9 @@
|
|||
---
|
||||
|
||||
- name: Check if cron is installed
|
||||
shell: "dpkg -l cron 2> /dev/null | grep -q -E '^(i|h)i'"
|
||||
shell: "set -o pipefail && dpkg -l cron 2>/dev/null | grep -q -E '^(i|h)i'"
|
||||
args:
|
||||
executable: /bin/bash
|
||||
failed_when: False
|
||||
changed_when: False
|
||||
check_mode: no
|
||||
|
|
|
@ -10,6 +10,6 @@
|
|||
|
||||
- debug:
|
||||
var: evocheck_run.stdout_lines
|
||||
when: evocheck_run.stdout != ""
|
||||
when: evocheck_run.stdout | length > 0
|
||||
tags:
|
||||
- evocheck-exec
|
||||
|
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
- name: install evocheck from package
|
||||
apt:
|
||||
name: evocheck
|
||||
state: present
|
|
@ -1,10 +1,13 @@
|
|||
---
|
||||
|
||||
- include: install_local.yml
|
||||
when: evocheck_force_install == "local"
|
||||
- name: Package install is not supported anymore
|
||||
fail:
|
||||
msg: Package install is not supported anymore
|
||||
when:
|
||||
- evocheck_force_install is defined
|
||||
- evocheck_force_install == "package"
|
||||
|
||||
- include: install_package.yml
|
||||
when: evocheck_force_install == "package"
|
||||
- include: install.yml
|
||||
|
||||
- include: cron.yml
|
||||
when: evocheck_update_crontab
|
||||
when: evocheck_update_crontab | bool
|
||||
|
|
|
@ -51,7 +51,7 @@ evolinux_kernel_include: True
|
|||
evolinux_kernel_reboot_after_panic: True
|
||||
evolinux_kernel_disable_tcp_timestamps: True
|
||||
evolinux_kernel_customize_swappiness: True
|
||||
evolinux_kernel_swappiness: 20
|
||||
evolinux_kernel_swappiness: "20"
|
||||
evolinux_kernel_cve20165696: True
|
||||
|
||||
# fstab
|
||||
|
@ -78,6 +78,7 @@ evolinux_packages_include: True
|
|||
evolinux_packages_system: True
|
||||
evolinux_packages_diagnostic: True
|
||||
evolinux_packages_hardware: True
|
||||
evolinux_packages_hardware_raid: True
|
||||
evolinux_packages_common: True
|
||||
evolinux_packages_stretch: True
|
||||
evolinux_packages_buster: True
|
||||
|
@ -89,6 +90,7 @@ evolinux_packages_invalid_mta: True
|
|||
evolinux_packages_delete_nfs: True
|
||||
evolinux_packages_listchanges: True
|
||||
evolinux_packages_logcheck_recipient: False
|
||||
evolinux_packages_delete_aptlistchanges: True
|
||||
|
||||
# system
|
||||
|
||||
|
@ -164,8 +166,10 @@ evolinux_logs_include: True
|
|||
|
||||
evolinux_logs_logrotate_confs: True
|
||||
evolinux_logs_default_rotate: True
|
||||
evolinux_logs_default_dateext : True
|
||||
evolinux_logs_disable_logrotate_rsyslog: True
|
||||
evolinux_logs_rsyslog_conf: True
|
||||
evolinux_logrotate_dateformat: "-%Y%m%d%H"
|
||||
|
||||
# default www
|
||||
|
||||
|
@ -206,7 +210,6 @@ evolinux_fail2ban_include: False
|
|||
# Evocheck
|
||||
|
||||
evolinux_evocheck_include: True
|
||||
evolinux_evocheck_force_install: "local"
|
||||
|
||||
# Listupgrade
|
||||
|
||||
|
@ -218,3 +221,6 @@ evolinux_generateldif_include: True
|
|||
|
||||
# Cron check_hpraid
|
||||
evolinux_cron_checkhpraid_frequency: daily
|
||||
|
||||
# Motd
|
||||
evolinux_motd_include: True
|
|
@ -1,9 +1,10 @@
|
|||
[Unit]
|
||||
Description=Evolix alert5 script
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/usr/share/scripts/alert5.sh
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
WantedBy=multi-user.target
|
1019
evolinux-base/files/backup-server-state.sh
Normal file
1019
evolinux-base/files/backup-server-state.sh
Normal file
|
@ -0,0 +1,1019 @@
|
|||
#!/bin/sh
|
||||
|
||||
PROGNAME="backup-server-state"
|
||||
|
||||
VERSION="22.01.3"
|
||||
readonly VERSION
|
||||
|
||||
backup_dir=
|
||||
rc=0
|
||||
|
||||
# base functions
|
||||
|
||||
show_version() {
|
||||
cat <<END
|
||||
${PROGNAME} version ${VERSION}
|
||||
|
||||
Copyright 2018-2022 Evolix <info@evolix.fr>,
|
||||
Jérémy Lecour <jlecour@evolix.fr>
|
||||
and others.
|
||||
|
||||
${PROGNAME} comes with ABSOLUTELY NO WARRANTY.This is free software,
|
||||
and you are welcome to redistribute it under certain conditions.
|
||||
See the GNU General Public License v3.0 for details.
|
||||
END
|
||||
}
|
||||
show_help() {
|
||||
cat <<END
|
||||
${PROGNAME} is making backup copies of information related to the state of the server.
|
||||
|
||||
Usage: ${PROGNAME} --backup-dir=/path/to/backup/directory [OPTIONS]
|
||||
|
||||
Options
|
||||
-d, --backup-dir path to the directory where the backup will be stored
|
||||
-f, --force keep existing backup directory and its content
|
||||
--etc backup copy of /etc
|
||||
--no-etc no backup copy of /etc (default)
|
||||
--dpkg backup copy of /var/lib/dpkg
|
||||
--no-dpkg no backup copy of /var/lib/dpkg (default)
|
||||
--apt-states backup copy of apt extended states (default)
|
||||
--no-apt-states no backup copy of apt extended states
|
||||
--apt-config backup copy of apt configuration (default)
|
||||
--no-apt-config no backup copy of apt configuration
|
||||
--packages backup copy of dpkg selections (default)
|
||||
--no-packages no backup copy of dpkg selections
|
||||
--processes backup copy of process list (default)
|
||||
--no-processes no backup copy of process list
|
||||
--uptime backup of uptime value (default)
|
||||
--no-uptime no backup of uptime value
|
||||
--netstat backup copy of netstat (default)
|
||||
--no-netstat no backup copy of netstat
|
||||
--netcfg backup copy of network configuration (default)
|
||||
--no-netcfg no backup copy of network configuration
|
||||
--iptables backup copy of iptables (default)
|
||||
--no-iptables no backup copy of iptables
|
||||
--sysctl backup copy of sysctl values (default)
|
||||
--no-sysctl no backup copy of sysctl values
|
||||
--virsh backup copy of virsh list (default)
|
||||
--no-virsh no backup copy of virsh list
|
||||
--lxc backup copy of lxc list (default)
|
||||
--no-lxc no backup copy of lxc list
|
||||
--disks backup copy of MBR and partitions (default)
|
||||
--no-disks no backup copy of MBR and partitions
|
||||
--mount backup copy of mount points (default)
|
||||
--no-mount no backup copy of mount points
|
||||
--df backup copy of disk usage (default)
|
||||
--no-df no backup copy of disk usage
|
||||
--dmesg backup copy of dmesg (default)
|
||||
--no-dmesg no backup copy of dmesg
|
||||
--mysql backup copy of mysql processes (default)
|
||||
--no-mysql no backup copy of mysql processes
|
||||
--services backup copy of services states (default)
|
||||
--no-services no backup copy of services states
|
||||
-v, --verbose print details about backup steps
|
||||
-V, --version print version and exit
|
||||
-h, --help print this message and exit
|
||||
END
|
||||
}
|
||||
debug() {
|
||||
if [ "${VERBOSE}" = "1" ]; then
|
||||
echo "$1"
|
||||
fi
|
||||
}
|
||||
|
||||
create_backup_dir() {
|
||||
debug "Create ${backup_dir}"
|
||||
|
||||
last_result=$(mkdir -p "${backup_dir}" && chmod -R 755 "${backup_dir}")
|
||||
last_rc=$?
|
||||
|
||||
if [ ${last_rc} -eq 0 ]; then
|
||||
debug "* mkdir/chmod OK"
|
||||
else
|
||||
debug "* mkdir/chmod ERROR :"
|
||||
debug "${last_result}"
|
||||
rc=10
|
||||
fi
|
||||
}
|
||||
|
||||
backup_etc() {
|
||||
debug "Backup /etc"
|
||||
|
||||
rsync_bin=$(command -v rsync)
|
||||
|
||||
if [ -n "${rsync_bin}" ]; then
|
||||
last_result=$(${rsync_bin} -ah --itemize-changes --exclude=.git /etc "${backup_dir}/")
|
||||
last_rc=$?
|
||||
|
||||
if [ ${last_rc} -eq 0 ]; then
|
||||
debug "* rsync OK"
|
||||
else
|
||||
debug "* rsync ERROR :"
|
||||
debug "${last_result}"
|
||||
rc=10
|
||||
fi
|
||||
else
|
||||
debug "* rsync not found"
|
||||
last_result=$(cp -r /etc "${backup_dir}/ && rm -rf ${backup_dir}/etc/.git")
|
||||
last_rc=$?
|
||||
|
||||
if [ ${last_rc} -eq 0 ]; then
|
||||
debug "* cp OK"
|
||||
else
|
||||
debug "* cp ERROR :"
|
||||
debug "${last_result}"
|
||||
rc=10
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
backup_apt_states() {
|
||||
apt_dir="/"
|
||||
apt_dir_state="var/lib/apt"
|
||||
apt_dir_state_extended_states="extended_states"
|
||||
|
||||
apt_config_bin=$(command -v apt-config)
|
||||
|
||||
if [ -n "${apt_config_bin}" ]; then
|
||||
eval "$(${apt_config_bin} shell apt_dir Dir)"
|
||||
eval "$(${apt_config_bin} shell apt_dir_state Dir::State)"
|
||||
eval "$(${apt_config_bin} shell apt_dir_state_extended_states Dir::State::extended_states)"
|
||||
fi
|
||||
extended_states="${apt_dir}/${apt_dir_state}/${apt_dir_state_extended_states}"
|
||||
|
||||
if [ -f "${extended_states}" ]; then
|
||||
debug "Backup APT states"
|
||||
|
||||
last_result=$(cp -r "${extended_states}" "${backup_dir}/apt-extended-states.txt")
|
||||
last_rc=$?
|
||||
|
||||
if [ ${last_rc} -eq 0 ]; then
|
||||
debug "* cp OK"
|
||||
else
|
||||
debug "* cp ERROR :"
|
||||
debug "${last_result}"
|
||||
rc=10
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
backup_apt_config() {
|
||||
debug "Backup APT config"
|
||||
|
||||
apt_config_bin=$(command -v apt-config)
|
||||
|
||||
if [ -n "${apt_config_bin}" ]; then
|
||||
last_result=$(${apt_config_bin} dump > "${backup_dir}/apt-config.txt")
|
||||
last_rc=$?
|
||||
|
||||
if [ ${last_rc} -eq 0 ]; then
|
||||
debug "* apt-config OK"
|
||||
else
|
||||
debug "* apt-config ERROR"
|
||||
debug "${last_result}"
|
||||
rc=10
|
||||
fi
|
||||
else
|
||||
debug "* apt-config is not found"
|
||||
fi
|
||||
}
|
||||
|
||||
backup_dpkg_full() {
|
||||
debug "Backup DPkg full state"
|
||||
|
||||
dir_state_status="/var/lib/dpkg/status"
|
||||
|
||||
apt_config_bin=$(command -v apt-config)
|
||||
|
||||
if [ -n "${apt_config_bin}" ]; then
|
||||
eval "$(${apt_config_bin} shell dir_state_status Dir::State::status)"
|
||||
fi
|
||||
|
||||
dpkg_dir=$(dirname "${dir_state_status}")
|
||||
|
||||
last_result=$(mkdir -p "${backup_dir}${dpkg_dir}" && chmod -R 755 "${backup_dir}${dpkg_dir}")
|
||||
last_rc=$?
|
||||
|
||||
if [ ${last_rc} -eq 0 ]; then
|
||||
debug "* mkdir/chmod OK"
|
||||
else
|
||||
debug "* mkdir/chmod ERROR"
|
||||
debug "${last_result}"
|
||||
rc=10
|
||||
fi
|
||||
|
||||
rsync_bin=$(command -v rsync)
|
||||
|
||||
if [ -n "${rsync_bin}" ]; then
|
||||
last_result=$(${rsync_bin} -ah --itemize-changes --exclude='*-old' "${dpkg_dir}/" "${backup_dir}${dpkg_dir}/")
|
||||
last_rc=$?
|
||||
|
||||
if [ ${last_rc} -eq 0 ]; then
|
||||
debug "* rsync OK"
|
||||
else
|
||||
debug "* rsync ERROR :"
|
||||
debug "${last_result}"
|
||||
rc=10
|
||||
fi
|
||||
else
|
||||
debug "* rsync not found"
|
||||
|
||||
last_result=$(cp -r "${dpkg_dir}/*" "${backup_dir}${dpkg_dir}/" && rm -rf "${backup_dir}${dpkg_dir}/*-old")
|
||||
last_rc=$?
|
||||
|
||||
if [ ${last_rc} -eq 0 ]; then
|
||||
debug "* cp OK"
|
||||
else
|
||||
debug "* cp ERROR :"
|
||||
debug "${last_result}"
|
||||
rc=10
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
backup_dpkg_status() {
|
||||
debug "Backup DPkg status"
|
||||
|
||||
dir_state_status="/var/lib/dpkg/status"
|
||||
|
||||
apt_config_bin=$(command -v apt-config)
|
||||
|
||||
if [ -n "${apt_config_bin}" ]; then
|
||||
eval "$(${apt_config_bin} shell dir_state_status Dir::State::status)"
|
||||
fi
|
||||
|
||||
last_result=$(cp "${dir_state_status}" "${backup_dir}/dpkg-status.txt")
|
||||
last_rc=$?
|
||||
|
||||
if [ ${last_rc} -eq 0 ]; then
|
||||
debug "* cp OK"
|
||||
else
|
||||
debug "* cp ERROR :"
|
||||
debug "${last_result}"
|
||||
rc=10
|
||||
fi
|
||||
}
|
||||
|
||||
backup_packages() {
|
||||
debug "Backup list of installed package"
|
||||
|
||||
dpkg_bin=$(command -v dpkg)
|
||||
|
||||
if [ -n "${dpkg_bin}" ]; then
|
||||
last_result=$(${dpkg_bin} --get-selections "*" > "${backup_dir}/current_packages.txt")
|
||||
last_rc=$?
|
||||
|
||||
if [ ${last_rc} -eq 0 ]; then
|
||||
debug "* dpkg OK"
|
||||
else
|
||||
debug "* dpkg ERROR :"
|
||||
debug "${last_result}"
|
||||
rc=10
|
||||
fi
|
||||
else
|
||||
debug "* dpkg not found"
|
||||
fi
|
||||
}
|
||||
|
||||
backup_uname() {
|
||||
debug "Backup uname"
|
||||
|
||||
last_result=$(uname -a > "${backup_dir}/uname.txt")
|
||||
last_rc=$?
|
||||
|
||||
if [ ${last_rc} -eq 0 ]; then
|
||||
debug "* uname OK"
|
||||
else
|
||||
debug "* uname ERROR"
|
||||
debug "${last_result}"
|
||||
rc=10
|
||||
fi
|
||||
}
|
||||
|
||||
backup_uptime() {
|
||||
debug "Backup uptime"
|
||||
|
||||
last_result=$(uptime > "${backup_dir}/uptime.txt")
|
||||
last_rc=$?
|
||||
|
||||
if [ ${last_rc} -eq 0 ]; then
|
||||
debug "* uptime OK"
|
||||
else
|
||||
debug "* uptime ERROR"
|
||||
debug "${last_result}"
|
||||
rc=10
|
||||
fi
|
||||
}
|
||||
|
||||
backup_processes() {
|
||||
debug "Backup process list"
|
||||
|
||||
last_result=$(ps fauxw > "${backup_dir}/ps.txt")
|
||||
last_rc=$?
|
||||
|
||||
if [ ${last_rc} -eq 0 ]; then
|
||||
debug "* ps OK"
|
||||
else
|
||||
debug "* ps ERROR"
|
||||
debug "${last_result}"
|
||||
rc=10
|
||||
fi
|
||||
|
||||
pstree_bin=$(command -v pstree)
|
||||
|
||||
if [ -n "${pstree_bin}" ]; then
|
||||
last_result=$(${pstree_bin} -pan > "${backup_dir}/pstree.txt")
|
||||
last_rc=$?
|
||||
|
||||
if [ ${last_rc} -eq 0 ]; then
|
||||
debug "* pstree OK"
|
||||
else
|
||||
debug "* pstree ERROR"
|
||||
debug "${last_result}"
|
||||
rc=10
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
backup_netstat() {
|
||||
debug "Backup network status"
|
||||
|
||||
ss_bin=$(command -v ss)
|
||||
|
||||
if [ -n "${ss_bin}" ]; then
|
||||
last_result=$(${ss_bin} -tanpul > "${backup_dir}/netstat-ss.txt")
|
||||
last_rc=$?
|
||||
|
||||
if [ ${last_rc} -eq 0 ]; then
|
||||
debug "* ss OK"
|
||||
else
|
||||
debug "* ss ERROR"
|
||||
debug "${last_result}"
|
||||
rc=10
|
||||
fi
|
||||
else
|
||||
debug "* ss not found"
|
||||
fi
|
||||
|
||||
netstat_bin=$(command -v netstat)
|
||||
|
||||
if [ -n "${netstat_bin}" ]; then
|
||||
last_result=$(netstat -laputen > "${backup_dir}/netstat-legacy.txt")
|
||||
last_rc=$?
|
||||
|
||||
if [ ${last_rc} -eq 0 ]; then
|
||||
debug "* netstat OK"
|
||||
else
|
||||
debug "* netstat ERROR"
|
||||
debug "${last_result}"
|
||||
rc=10
|
||||
fi
|
||||
else
|
||||
debug "* netstat not found"
|
||||
fi
|
||||
}
|
||||
|
||||
backup_netcfg() {
|
||||
debug "Backup network configuration"
|
||||
|
||||
ip_bin=$(command -v ip)
|
||||
|
||||
if [ -n "${ip_bin}" ]; then
|
||||
last_result=$(${ip_bin} address show > "${backup_dir}/ip-address.txt")
|
||||
last_rc=$?
|
||||
|
||||
if [ ${last_rc} -eq 0 ]; then
|
||||
debug "* ip address OK"
|
||||
else
|
||||
debug "* ip address ERROR"
|
||||
debug "${last_result}"
|
||||
rc=10
|
||||
fi
|
||||
|
||||
last_result=$(${ip_bin} route show > "${backup_dir}/ip-route.txt")
|
||||
last_rc=$?
|
||||
|
||||
if [ ${last_rc} -eq 0 ]; then
|
||||
debug "* ip route OK"
|
||||
else
|
||||
debug "* ip route ERROR"
|
||||
debug "${last_result}"
|
||||
rc=10
|
||||
fi
|
||||
else
|
||||
debug "* ip not found"
|
||||
|
||||
ifconfig_bin=$(command -v ifconfig)
|
||||
|
||||
if [ -n "${ifconfig_bin}" ]; then
|
||||
last_result=$(${ifconfig_bin} > "${backup_dir}/ifconfig.txt")
|
||||
last_rc=$?
|
||||
|
||||
if [ ${last_rc} -eq 0 ]; then
|
||||
debug "* ifconfig OK"
|
||||
else
|
||||
debug "* ifconfig ERROR"
|
||||
debug "${last_result}"
|
||||
rc=10
|
||||
fi
|
||||
else
|
||||
debug "* ifconfig not found"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
backup_iptables() {
|
||||
debug "Backup iptables"
|
||||
|
||||
iptables_bin=$(command -v iptables)
|
||||
|
||||
if [ -n "${iptables_bin}" ]; then
|
||||
last_result=$({ ${iptables_bin} -L -n -v; ${iptables_bin} -t filter -L -n -v; } > "${backup_dir}/iptables.txt")
|
||||
last_rc=$?
|
||||
|
||||
if [ ${last_rc} -eq 0 ]; then
|
||||
debug "* iptables OK"
|
||||
else
|
||||
debug "* iptables ERROR"
|
||||
debug "${last_result}"
|
||||
rc=10
|
||||
fi
|
||||
else
|
||||
debug "* iptables not found"
|
||||
fi
|
||||
|
||||
iptables_save_bin=$(command -v iptables-save)
|
||||
|
||||
if [ -n "${iptables_save_bin}" ]; then
|
||||
last_result=$(${iptables_save_bin} > "${backup_dir}/iptables-save.txt")
|
||||
last_rc=$?
|
||||
|
||||
if [ ${last_rc} -eq 0 ]; then
|
||||
debug "* iptables-save OK"
|
||||
else
|
||||
debug "* iptables-save ERROR"
|
||||
debug "${last_result}"
|
||||
rc=10
|
||||
fi
|
||||
else
|
||||
debug "* iptables-save not found"
|
||||
fi
|
||||
}
|
||||
|
||||
backup_sysctl() {
|
||||
debug "Backup sysctl values"
|
||||
|
||||
sysctl_bin=$(command -v sysctl)
|
||||
|
||||
if [ -n "${sysctl_bin}" ]; then
|
||||
last_result=$(${sysctl_bin} -a | sort -h > "${backup_dir}/sysctl.txt")
|
||||
last_rc=$?
|
||||
|
||||
if [ ${last_rc} -eq 0 ]; then
|
||||
debug "* sysctl OK"
|
||||
else
|
||||
debug "* sysctl ERROR"
|
||||
debug "${last_result}"
|
||||
rc=10
|
||||
fi
|
||||
else
|
||||
debug "* sysctl not found"
|
||||
fi
|
||||
}
|
||||
|
||||
backup_virsh() {
|
||||
debug "Backup virsh list"
|
||||
|
||||
virsh_bin=$(command -v virsh)
|
||||
|
||||
if [ -n "${virsh_bin}" ]; then
|
||||
last_result=$(${virsh_bin} list --all > "${backup_dir}/virsh-list.txt")
|
||||
last_rc=$?
|
||||
|
||||
if [ ${last_rc} -eq 0 ]; then
|
||||
debug "* virsh list OK"
|
||||
else
|
||||
debug "* virsh list ERROR"
|
||||
debug "${last_result}"
|
||||
rc=10
|
||||
fi
|
||||
else
|
||||
debug "* virsh not found"
|
||||
fi
|
||||
}
|
||||
|
||||
backup_lxc() {
|
||||
debug "Backup lxc list"
|
||||
|
||||
lxc_ls_bin=$(command -v lxc-ls)
|
||||
|
||||
if [ -n "${lxc_ls_bin}" ]; then
|
||||
last_result=$(${lxc_ls_bin} --fancy > "${backup_dir}/lxc-list.txt")
|
||||
last_rc=$?
|
||||
|
||||
if [ ${last_rc} -eq 0 ]; then
|
||||
debug "* lxc list OK"
|
||||
else
|
||||
debug "* lxc list ERROR"
|
||||
debug "${last_result}"
|
||||
rc=10
|
||||
fi
|
||||
else
|
||||
debug "* lxc-ls not found"
|
||||
fi
|
||||
}
|
||||
|
||||
backup_disks() {
|
||||
debug "Backup disks"
|
||||
|
||||
lsblk_bin=$(command -v lsblk)
|
||||
awk_bin=$(command -v awk)
|
||||
|
||||
if [ -n "${lsblk_bin}" ] && [ -n "${awk_bin}" ]; then
|
||||
disks=$(${lsblk_bin} -l | grep disk | grep -v -E '(drbd|fd[0-9]+)' | ${awk_bin} '{print $1}')
|
||||
for disk in ${disks}; do
|
||||
dd_bin=$(command -v dd)
|
||||
if [ -n "${dd_bin}" ]; then
|
||||
last_result=$(${dd_bin} if="/dev/${disk}" of="${backup_dir}/MBR-${disk}" bs=512 count=1 2>&1)
|
||||
last_rc=$?
|
||||
|
||||
if [ ${last_rc} -eq 0 ]; then
|
||||
debug "* dd ${disk} OK"
|
||||
else
|
||||
debug "* dd ${disk} ERROR"
|
||||
debug "${last_result}"
|
||||
rc=10
|
||||
fi
|
||||
else
|
||||
debug "* dd not found"
|
||||
fi
|
||||
fdisk_bin=$(command -v fdisk)
|
||||
if [ -n "${fdisk_bin}" ]; then
|
||||
last_result=$(${fdisk_bin} -l "/dev/${disk}" > "${backup_dir}/partitions-${disk}" 2>&1)
|
||||
last_rc=$?
|
||||
|
||||
if [ ${last_rc} -eq 0 ]; then
|
||||
debug "* fdisk ${disk} OK"
|
||||
else
|
||||
debug "* fdisk ${disk} ERROR"
|
||||
debug "${last_result}"
|
||||
rc=10
|
||||
fi
|
||||
else
|
||||
debug "* fdisk not found"
|
||||
fi
|
||||
done
|
||||
cat "${backup_dir}"/partitions-* > "${backup_dir}/partitions"
|
||||
else
|
||||
if [ -n "${lsblk_bin}" ]; then
|
||||
debug "* lsblk not found"
|
||||
fi
|
||||
if [ -n "${awk_bin}" ]; then
|
||||
debug "* awk not found"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
backup_mount() {
|
||||
debug "Backup mount points"
|
||||
|
||||
findmnt_bin=$(command -v findmnt)
|
||||
|
||||
if [ -n "${findmnt_bin}" ]; then
|
||||
last_result=$(${findmnt_bin} > "${backup_dir}/mount.txt")
|
||||
last_rc=$?
|
||||
|
||||
if [ ${last_rc} -eq 0 ]; then
|
||||
debug "* mount points OK"
|
||||
else
|
||||
debug "* mount points ERROR"
|
||||
debug "${last_result}"
|
||||
rc=10
|
||||
fi
|
||||
else
|
||||
debug "* findmnt not found"
|
||||
|
||||
mount_bin=$(command -v mount)
|
||||
|
||||
if [ -n "${mount_bin}" ]; then
|
||||
last_result=$(${mount_bin} > "${backup_dir}/mount.txt")
|
||||
last_rc=$?
|
||||
|
||||
if [ ${last_rc} -eq 0 ]; then
|
||||
debug "* mount points OK"
|
||||
else
|
||||
debug "* mount points ERROR"
|
||||
debug "${last_result}"
|
||||
rc=10
|
||||
fi
|
||||
else
|
||||
debug "* mount not found"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
backup_df() {
|
||||
debug "Backup df"
|
||||
|
||||
df_bin=$(command -v df)
|
||||
|
||||
if [ -n "${df_bin}" ]; then
|
||||
last_result=$(${df_bin} --portability > "${backup_dir}/df.txt")
|
||||
last_rc=$?
|
||||
|
||||
if [ ${last_rc} -eq 0 ]; then
|
||||
debug "* df OK"
|
||||
else
|
||||
debug "* df ERROR"
|
||||
debug "${last_result}"
|
||||
rc=10
|
||||
fi
|
||||
else
|
||||
debug "* df not found"
|
||||
fi
|
||||
}
|
||||
|
||||
backup_dmesg() {
|
||||
debug "Backup dmesg"
|
||||
|
||||
dmesg_bin=$(command -v dmesg)
|
||||
|
||||
if [ -n "${dmesg_bin}" ]; then
|
||||
last_result=$(${dmesg_bin} > "${backup_dir}/dmesg.txt")
|
||||
last_rc=$?
|
||||
|
||||
if [ ${last_rc} -eq 0 ]; then
|
||||
debug "* dmesg OK"
|
||||
else
|
||||
debug "* dmesg ERROR"
|
||||
debug "${last_result}"
|
||||
rc=10
|
||||
fi
|
||||
else
|
||||
debug "* dmesg not found"
|
||||
fi
|
||||
}
|
||||
|
||||
backup_mysql_processes() {
|
||||
debug "Backup mysql processes"
|
||||
|
||||
mysqladmin_bin=$(command -v mysqladmin)
|
||||
|
||||
if [ -n "${mysqladmin_bin}" ]; then
|
||||
last_result=$(${mysqladmin_bin} --verbose processlist > "${backup_dir}/mysql-processlist.txt")
|
||||
last_rc=$?
|
||||
|
||||
if [ ${last_rc} -eq 0 ]; then
|
||||
debug "* mysqladmin OK"
|
||||
else
|
||||
debug "* mysqladmin ERROR"
|
||||
debug "${last_result}"
|
||||
rc=10
|
||||
fi
|
||||
else
|
||||
debug "* mysqladmin not found"
|
||||
fi
|
||||
}
|
||||
|
||||
backup_systemctl() {
|
||||
debug "Backup services"
|
||||
|
||||
systemctl_bin=$(command -v systemctl)
|
||||
|
||||
if [ -n "${systemctl_bin}" ]; then
|
||||
last_result=$(${systemctl_bin} --no-legend --state=failed --type=service > "${backup_dir}/systemctl-failed-services.txt")
|
||||
last_rc=$?
|
||||
|
||||
if [ ${last_rc} -eq 0 ]; then
|
||||
debug "* failed services OK"
|
||||
else
|
||||
debug "* failed services ERROR"
|
||||
debug "${last_result}"
|
||||
rc=10
|
||||
fi
|
||||
else
|
||||
debug "* systemctl not found"
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
main() {
|
||||
if [ -z "${backup_dir}" ]; then
|
||||
echo "ERROR: You must provide the --backup-dir argument" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -d "${backup_dir}" ]; then
|
||||
if [ "${FORCE}" != "1" ]; then
|
||||
echo "ERROR: The backup directory ${backup_dir} already exists. Delete it first." >&2
|
||||
exit 2
|
||||
fi
|
||||
else
|
||||
create_backup_dir
|
||||
fi
|
||||
|
||||
if [ "${DO_ETC}" -eq 1 ]; then
|
||||
backup_etc
|
||||
fi
|
||||
if [ "${DO_DPKG_FULL}" -eq 1 ]; then
|
||||
backup_dpkg_full
|
||||
fi
|
||||
if [ "${DO_DPKG_STATUS}" -eq 1 ]; then
|
||||
backup_dpkg_status
|
||||
fi
|
||||
if [ "${DO_APT_STATES}" -eq 1 ]; then
|
||||
backup_apt_states
|
||||
fi
|
||||
if [ "${DO_APT_CONFIG}" -eq 1 ]; then
|
||||
backup_apt_config
|
||||
fi
|
||||
if [ "${DO_PACKAGES}" -eq 1 ]; then
|
||||
backup_packages
|
||||
fi
|
||||
if [ "${DO_PROCESSES}" -eq 1 ]; then
|
||||
backup_processes
|
||||
fi
|
||||
if [ "${DO_UPTIME}" -eq 1 ]; then
|
||||
backup_uptime
|
||||
fi
|
||||
if [ "${DO_UNAME}" -eq 1 ]; then
|
||||
backup_uname
|
||||
fi
|
||||
if [ "${DO_NETSTAT}" -eq 1 ]; then
|
||||
backup_netstat
|
||||
fi
|
||||
if [ "${DO_NETCFG}" -eq 1 ]; then
|
||||
backup_netcfg
|
||||
fi
|
||||
if [ "${DO_IPTABLES}" -eq 1 ]; then
|
||||
backup_iptables
|
||||
fi
|
||||
if [ "${DO_SYSCTL}" -eq 1 ]; then
|
||||
backup_sysctl
|
||||
fi
|
||||
if [ "${DO_VIRSH}" -eq 1 ]; then
|
||||
backup_virsh
|
||||
fi
|
||||
if [ "${DO_LXC}" -eq 1 ]; then
|
||||
backup_lxc
|
||||
fi
|
||||
if [ "${DO_DISKS}" -eq 1 ]; then
|
||||
backup_disks
|
||||
fi
|
||||
if [ "${DO_MOUNT}" -eq 1 ]; then
|
||||
backup_mount
|
||||
fi
|
||||
if [ "${DO_DF}" -eq 1 ]; then
|
||||
backup_df
|
||||
fi
|
||||
if [ "${DO_DMESG}" -eq 1 ]; then
|
||||
backup_dmesg
|
||||
fi
|
||||
if [ "${DO_MYSQL_PROCESSES}" -eq 1 ]; then
|
||||
backup_mysql_processes
|
||||
fi
|
||||
if [ "${DO_SYSTEMCTL}" -eq 1 ]; then
|
||||
backup_systemctl
|
||||
fi
|
||||
|
||||
|
||||
debug "=> Your backup is available at ${backup_dir}"
|
||||
exit ${rc}
|
||||
}
|
||||
|
||||
# parse options
|
||||
# based on https://gist.github.com/deshion/10d3cb5f88a21671e17a
|
||||
while :; do
|
||||
case $1 in
|
||||
-h|-\?|--help)
|
||||
show_help
|
||||
exit 0
|
||||
;;
|
||||
-V|--version)
|
||||
show_version
|
||||
exit 0
|
||||
;;
|
||||
-v|--verbose)
|
||||
VERBOSE=1
|
||||
;;
|
||||
|
||||
-f|--force)
|
||||
FORCE=1
|
||||
;;
|
||||
|
||||
-d|--backup-dir)
|
||||
# with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
backup_dir=$2
|
||||
shift
|
||||
else
|
||||
printf 'ERROR: "-d|--backup-dir" requires a non-empty option argument.\n' >&2
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--backup-dir=?*)
|
||||
# with value speparated by =
|
||||
backup_dir=${1#*=}
|
||||
;;
|
||||
--backup-dir=)
|
||||
# without value
|
||||
printf 'ERROR: "--backup-dir" requires a non-empty option argument.\n' >&2
|
||||
exit 1
|
||||
;;
|
||||
|
||||
--etc)
|
||||
DO_ETC=1
|
||||
;;
|
||||
--no-etc)
|
||||
DO_ETC=0
|
||||
;;
|
||||
|
||||
--dpkg-full)
|
||||
DO_DPKG_FULL=1
|
||||
;;
|
||||
--no-dpkg-full)
|
||||
DO_DPKG_FULL=0
|
||||
;;
|
||||
|
||||
--dpkg-status)
|
||||
DO_DPKG_STATUS=1
|
||||
;;
|
||||
--no-dpkg-status)
|
||||
DO_DPKG_STATUS=0
|
||||
;;
|
||||
|
||||
--apt-states)
|
||||
DO_APT_STATES=1
|
||||
;;
|
||||
--no-apt-states)
|
||||
DO_APT_STATES=0
|
||||
;;
|
||||
|
||||
--apt-config)
|
||||
DO_APT_CONFIG=1
|
||||
;;
|
||||
--no-apt-config)
|
||||
DO_APT_CONFIG=0
|
||||
;;
|
||||
|
||||
--packages)
|
||||
DO_PACKAGES=1
|
||||
;;
|
||||
--no-packages)
|
||||
DO_PACKAGES=0
|
||||
;;
|
||||
|
||||
--processes)
|
||||
DO_PROCESSES=1
|
||||
;;
|
||||
--no-processes)
|
||||
DO_PROCESSES=0
|
||||
;;
|
||||
|
||||
--uptime)
|
||||
DO_UPTIME=1
|
||||
;;
|
||||
--no-uptime)
|
||||
DO_UPTIME=0
|
||||
;;
|
||||
|
||||
--uname)
|
||||
DO_UNAME=1
|
||||
;;
|
||||
--no-uname)
|
||||
DO_UNAME=0
|
||||
;;
|
||||
|
||||
--netstat)
|
||||
DO_NETSTAT=1
|
||||
;;
|
||||
--no-netstat)
|
||||
DO_NETSTAT=0
|
||||
;;
|
||||
|
||||
--netcfg)
|
||||
DO_NETCFG=1
|
||||
;;
|
||||
--no-netcfg)
|
||||
DO_NETCFG=0
|
||||
;;
|
||||
|
||||
--iptables)
|
||||
DO_IPTABLES=1
|
||||
;;
|
||||
--no-iptables)
|
||||
DO_IPTABLES=0
|
||||
;;
|
||||
|
||||
--sysctl)
|
||||
DO_SYSCTL=1
|
||||
;;
|
||||
--no-sysctl)
|
||||
DO_SYSCTL=0
|
||||
;;
|
||||
|
||||
--virsh)
|
||||
DO_VIRSH=1
|
||||
;;
|
||||
--no-virsh)
|
||||
DO_VIRSH=0
|
||||
;;
|
||||
|
||||
--lxc)
|
||||
DO_LXC=1
|
||||
;;
|
||||
--no-lxc)
|
||||
DO_LXC=0
|
||||
;;
|
||||
|
||||
--disks)
|
||||
DO_DISKS=1
|
||||
;;
|
||||
--no-disks)
|
||||
DO_DISKS=0
|
||||
;;
|
||||
|
||||
--mount)
|
||||
DO_MOUNT=1
|
||||
;;
|
||||
--no-mount)
|
||||
DO_MOUNT=0
|
||||
;;
|
||||
|
||||
--df)
|
||||
DO_DF=1
|
||||
;;
|
||||
--no-df)
|
||||
DO_DF=0
|
||||
;;
|
||||
|
||||
--dmesg)
|
||||
DO_DMESG=1
|
||||
;;
|
||||
--no-dmesg)
|
||||
DO_DMESG=0
|
||||
;;
|
||||
|
||||
--mysql-processes)
|
||||
DO_MYSQL_PROCESSES=1
|
||||
;;
|
||||
--no-mysql-processes)
|
||||
DO_MYSQL_PROCESSES=0
|
||||
;;
|
||||
|
||||
--systemctl)
|
||||
DO_SYSTEMCTL=1
|
||||
;;
|
||||
--no-systemctl)
|
||||
DO_SYSTEMCTL=0
|
||||
;;
|
||||
|
||||
--)
|
||||
# End of all options.
|
||||
shift
|
||||
break
|
||||
;;
|
||||
-?*)
|
||||
# ignore unknown options
|
||||
printf 'WARN: Unknown option : %s\n' "$1" >&2
|
||||
exit 1
|
||||
;;
|
||||
*)
|
||||
# Default case: If no more options then break out of the loop.
|
||||
break
|
||||
;;
|
||||
esac
|
||||
|
||||
shift
|
||||
done
|
||||
|
||||
# Default values
|
||||
: "${VERBOSE:=0}"
|
||||
: "${FORCE:=0}"
|
||||
: "${DO_ETC:=0}"
|
||||
: "${DO_DPKG_FULL:=0}"
|
||||
: "${DO_DPKG_STATUS:=1}"
|
||||
: "${DO_APT_STATES:=1}"
|
||||
: "${DO_APT_CONFIG:=1}"
|
||||
: "${DO_PACKAGES:=1}"
|
||||
: "${DO_PROCESSES:=1}"
|
||||
: "${DO_UNAME:=1}"
|
||||
: "${DO_UPTIME:=1}"
|
||||
: "${DO_NETSTAT:=1}"
|
||||
: "${DO_NETCFG:=1}"
|
||||
: "${DO_IPTABLES:=1}"
|
||||
: "${DO_SYSCTL:=1}"
|
||||
: "${DO_VIRSH:=1}"
|
||||
: "${DO_LXC:=1}"
|
||||
: "${DO_DISKS:=1}"
|
||||
: "${DO_MOUNT:=1}"
|
||||
: "${DO_DF:=1}"
|
||||
: "${DO_DMESG:=1}"
|
||||
: "${DO_MYSQL_PROCESSES:=1}"
|
||||
: "${DO_SYSTEMCTL:=1}"
|
||||
|
||||
export LC_ALL=C
|
||||
|
||||
set -u
|
||||
|
||||
main
|
2
evolinux-base/files/htoprc
Normal file
2
evolinux-base/files/htoprc
Normal file
|
@ -0,0 +1,2 @@
|
|||
# Force the SWAP column to the right of the CPU one
|
||||
fields=0 48 17 18 38 39 40 119 2 46 47 49 1
|
9
evolinux-base/files/logs/logrotate.d/alternatives
Normal file
9
evolinux-base/files/logs/logrotate.d/alternatives
Normal file
|
@ -0,0 +1,9 @@
|
|||
/var/log/alternatives.log {
|
||||
monthly
|
||||
rotate 120
|
||||
compress
|
||||
delaycompress
|
||||
missingok
|
||||
notifempty
|
||||
create 644 root root
|
||||
}
|
|
@ -6,14 +6,4 @@
|
|||
missingok
|
||||
notifempty
|
||||
create 644 root root
|
||||
}
|
||||
/var/log/alternatives.log {
|
||||
monthly
|
||||
rotate 120
|
||||
compress
|
||||
delaycompress
|
||||
missingok
|
||||
notifempty
|
||||
create 644 root root
|
||||
}
|
||||
|
||||
}
|
|
@ -2,8 +2,8 @@
|
|||
weekly
|
||||
missingok
|
||||
rotate 3
|
||||
compress
|
||||
notifempty
|
||||
compress
|
||||
notifempty
|
||||
create 640 root adm
|
||||
}
|
||||
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue