forked from evolix/ansible-roles
Compare commits
1022 commits
nagios-sud
...
stable
| Author | SHA1 | Date | |
|---|---|---|---|
 Jérémy Lecour
|
c17bb03535 | ||
|
Jérémy Lecour
|
d7d58bf158 | ||
|
Jérémy Lecour
|
e5dc503cfd | ||
|
Jérémy Lecour
|
270d03b6a6 | ||
|
Jérémy Lecour
|
1dc4d0e133 | ||
|
Jérémy Lecour
|
c8ef7e9b75 | ||
|
53af37e055 | ||
|
Jérémy Lecour
|
d9e95218ce | ||
 Eric Morino
|
6321f32e81 | ||
 Ludovic Poujol
|
69a9cb9591 | ||
|
Ludovic Poujol
|
39949ea921 | ||
|
Ludovic Poujol
|
e79141d2d2 | ||
|
Jérémy Lecour
|
799466788f | ||
 Jérémy Dubois
|
03c97f2d0f | ||
 William Hirigoyen (Evolix)
|
1fdc0f2566 | ||
|
Jérémy Dubois
|
f3c443d076 | ||
|
ebfa8df6bc | ||
|
William Hirigoyen (Evolix)
|
68b4b0803e | ||
|
Ludovic Poujol
|
9995fca35d | ||
|
William Hirigoyen (Evolix)
|
e080b37be2 | ||
|
Ludovic Poujol
|
a2f73bb7df | ||
|
Jérémy Dubois
|
981128dc17 | ||
|
Jérémy Lecour
|
0cbdda840d | ||
|
Jérémy Lecour
|
9e27d9707b | ||
|
Jérémy Lecour
|
5153b88d01 | ||
|
Jérémy Lecour
|
25563ee0f0 | ||
|
Jérémy Lecour
|
3dd78fbf7e | ||
|
Jérémy Lecour
|
cd4822488c | ||
|
Jérémy Lecour
|
fcb0b8c80f | ||
|
Jérémy Lecour
|
cd26081add | ||
|
Jérémy Lecour
|
8beb1e7460 | ||
|
Jérémy Lecour
|
6d5aa67045 | ||
|
Jérémy Lecour
|
359719d0d0 | ||
|
Jérémy Lecour
|
bb30402df3 | ||
|
Jérémy Lecour
|
6ccd0ea440 | ||
|
Jérémy Lecour
|
88cd8a0976 | ||
|
Jérémy Lecour
|
519228ff9f | ||
|
|
6dc17658a9 | ||
|
Jérémy Lecour
|
2849039fad | ||
|
Jérémy Lecour
|
80f8a94798 | ||
|
Eric Morino
|
0a244894eb | ||
|
Jérémy Lecour
|
2c6a3601de | ||
|
Jérémy Lecour
|
bff8fcfebb | ||
|
Jérémy Lecour
|
93929864be | ||
|
Jérémy Lecour
|
52fff750df | ||
|
Jérémy Lecour
|
0e34d4cd4b | ||
|
Jérémy Lecour
|
8f8c024163 | ||
|
Jérémy Lecour
|
1f4ee2de79 | ||
|
Jérémy Lecour
|
0fce412cf5 | ||
|
Jérémy Lecour
|
544b213529 | ||
|
Jérémy Lecour
|
266289c72e | ||
|
Jérémy Lecour
|
51bc48623b | ||
 Mathieu Trossevin
|
7a969a0be2 | ||
|
1902c40c3c
|
||
|
|
fec9e49c18
|
||
|
Jérémy Dubois
|
3822696db6 | ||
|
Jérémy Dubois
|
4effe91b9f | ||
|
|
168b0fa9b7 | ||
|
Jérémy Lecour
|
c4fab71d7a | ||
|
Ludovic Poujol
|
c8a862c5e7 | ||
|
Jérémy Lecour
|
ea382a1686 | ||
|
Jérémy Lecour
|
ca1f465aaa | ||
|
William Hirigoyen (Evolix)
|
bd39adaf68 | ||
|
William Hirigoyen (Evolix)
|
14883aa95e | ||
|
|
4c6d30a52c | ||
|
Jérémy Lecour
|
1893b6dea5 | ||
|
Jérémy Lecour
|
ec346a42a5 | ||
|
William Hirigoyen (Evolix)
|
1c754f7eb0 | ||
|
Eric Morino
|
7bb7b22d1f | ||
|
Ludovic Poujol
|
7c7ccf07eb | ||
|
Ludovic Poujol
|
64b632c000 | ||
|
Ludovic Poujol
|
8b701e615f | ||
|
Ludovic Poujol
|
d27d6b69cd | ||
|
Ludovic Poujol
|
bd429275d1 | ||
|
Eric Morino
|
cd7c488713 | ||
|
Eric Morino
|
7e36d03804 | ||
|
Eric Morino
|
2ec026c2b3 | ||
|
Mathieu Trossevin
|
53cd3ba342 | ||
|
|
d3eef71127
|
||
|
Ludovic Poujol
|
82694ef5e9 | ||
|
Ludovic Poujol
|
a35139fcee | ||
|
Eric Morino
|
8dca949564 | ||
|
Eric Morino
|
c9af7db827 | ||
|
Eric Morino
|
21bd4021d3 | ||
|
Eric Morino
|
4fb885a33b | ||
|
Jérémy Lecour
|
e4bb0c6f55 | ||
|
Jérémy Lecour
|
039c740ef3 | ||
|
William Hirigoyen (Evolix)
|
51aaac0cbc | ||
|
Jérémy Lecour
|
6cf8195744 | ||
|
0247216429 | ||
|
Eric Morino
|
2ea8d279d5 | ||
|
William Hirigoyen (Evolix)
|
b9c1e9eafe | ||
|
Jérémy Lecour
|
dcfea674a4 | ||
|
Jérémy Lecour
|
646a7b1813 | ||
|
Jérémy Lecour
|
dd53c01027 | ||
|
Jérémy Lecour
|
0e2b43a1e9 | ||
|
Jérémy Dubois
|
90acb99c2a | ||
|
Jérémy Lecour
|
ca28df1b75 | ||
|
Jérémy Lecour
|
1706361e8d | ||
|
Jérémy Lecour
|
72e8200d5b | ||
|
Ludovic Poujol
|
03f846b94b | ||
|
Jérémy Lecour
|
7cb6dffd6f | ||
|
Jérémy Lecour
|
dcdde5f7f6 | ||
|
Ludovic Poujol
|
9b3bb39bd0 | ||
|
Ludovic Poujol
|
b120a92203 | ||
|
Eric Morino
|
be5bb73675 | ||
|
Ludovic Poujol
|
a9d0d0958d | ||
|
Jérémy Dubois
|
d38119eb0f | ||
|
Jérémy Lecour
|
7586881f4d | ||
|
Jérémy Lecour
|
bbd16dc5b4 | ||
|
Jérémy Lecour
|
33cb1dd8ef | ||
|
Jérémy Lecour
|
6a4b250b5d | ||
|
Jérémy Lecour
|
520cba9c5b | ||
|
Jérémy Lecour
|
9aff38c0a7 | ||
|
Eric Morino
|
2dfd0c0706 | ||
|
Jérémy Lecour
|
3e80c98a05 | ||
|
Jérémy Lecour
|
2d11580a6e | ||
|
Jérémy Lecour
|
dfd6aa0315 | ||
|
Jérémy Lecour
|
679875d00b | ||
|
Ludovic Poujol
|
73d6979e72 | ||
|
|
616ead41d5 | ||
|
Jérémy Lecour
|
a6fe0397a6 | ||
|
Jérémy Lecour
|
7d63f20336 | ||
|
Jérémy Lecour
|
86e5df9c16 | ||
|
Jérémy Lecour
|
7b14296503 | ||
|
Jérémy Lecour
|
37cb18f676 | ||
|
Jérémy Lecour
|
e089ddf091 | ||
|
Jérémy Lecour
|
de843cb91f | ||
|
Jérémy Lecour
|
6cb2c66924 | ||
|
Jérémy Lecour
|
b293cf2cf9 | ||
|
Jérémy Lecour
|
dc1a01ce37 | ||
|
Jérémy Lecour
|
5cbfda8f52 | ||
|
Jérémy Lecour
|
b2f8095d14 | ||
|
Jérémy Lecour
|
9b479f9c05 | ||
|
Jérémy Lecour
|
4a035d248d | ||
|
Jérémy Lecour
|
3de5de5304 | ||
|
Jérémy Lecour
|
4c52719561 | ||
|
Jérémy Lecour
|
437d2986ae | ||
|
Jérémy Lecour
|
0eb7332a34 | ||
|
Jérémy Lecour
|
febc76b26c | ||
|
Ludovic Poujol
|
e130728034 | ||
|
Jérémy Lecour
|
73efee9caa | ||
|
Eric Morino
|
3fcb79a3a3 | ||
|
Eric Morino
|
ae2be6a009 | ||
|
Jérémy Lecour
|
1d55965527 | ||
|
Jérémy Lecour
|
8233264d2a | ||
|
Jérémy Lecour
|
ef1472cbba | ||
|
Ludovic Poujol
|
f75354bb84 | ||
|
Ludovic Poujol
|
de4d814d74 | ||
|
Ludovic Poujol
|
6a2cd59e6d | ||
|
Ludovic Poujol
|
51fd2337f0 | ||
|
Ludovic Poujol
|
fa0c668cec | ||
|
|
45b7ce3486 | ||
|
Jérémy Lecour
|
2b549af7d9 | ||
|
Jérémy Lecour
|
e429f7aecb | ||
|
Jérémy Lecour
|
0cab062431 | ||
|
Jérémy Lecour
|
e76f2fe448 | ||
|
Jérémy Lecour
|
b908fc6cee | ||
|
Jérémy Lecour
|
51e414df31 | ||
|
Jérémy Lecour
|
887c1552cb | ||
|
Jérémy Lecour
|
e45ee59801 | ||
|
Jérémy Lecour
|
73f55a42fa | ||
|
Jérémy Lecour
|
65750d2aa6 | ||
|
Jérémy Lecour
|
74ab96d67f | ||
|
Eric Morino
|
d2ef3fe27f | ||
|
|
5e794cd2b6 | ||
|
Eric Morino
|
6c21c3b505 | ||
|
Jérémy Lecour
|
ecba57ad75 | ||
|
Jérémy Lecour
|
2c7380240c | ||
|
Eric Morino
|
999efb3983 | ||
|
Eric Morino
|
916138575a | ||
|
Jérémy Lecour
|
5a83a30a4c | ||
|
Eric Morino
|
bd92ff95c8 | ||
|
|
2448168008 | ||
|
Ludovic Poujol
|
42189ba613 | ||
|
Jérémy Lecour
|
066baf3538 | ||
|
Eric Morino
|
ca7d8e9739 | ||
|
Jérémy Lecour
|
ad457dd7ba | ||
|
Jérémy Lecour
|
969a5bce7d | ||
|
Jérémy Lecour
|
d186e21239 | ||
|
Jérémy Lecour
|
c9f25f4638 | ||
|
Jérémy Lecour
|
139b342fbd | ||
|
|
491407953c | ||
|
Jérémy Lecour
|
bf49ec8df5 | ||
|
Jérémy Lecour
|
32b5efa30e | ||
|
Jérémy Lecour
|
73352f55d7 | ||
|
Ludovic Poujol
|
b362fadc80 | ||
|
Ludovic Poujol
|
8e6c08b81b | ||
|
Ludovic Poujol
|
7a089f88af | ||
|
Ludovic Poujol
|
49cb5adf92 | ||
|
Jérémy Lecour
|
c77e0d73f8 | ||
|
Jérémy Lecour
|
29ec7bdcf2 | ||
|
Jérémy Lecour
|
ffd7d0e504 | ||
|
Jérémy Lecour
|
6f66ab8e93 | ||
|
Jérémy Lecour
|
ba3ed5e903 | ||
|
Jérémy Lecour
|
d1829e7000 | ||
|
Jérémy Lecour
|
4167b6d2a9 | ||
|
Jérémy Lecour
|
3721c2ab38 | ||
|
Jérémy Lecour
|
04e41b5dc9 | ||
|
Jérémy Lecour
|
5905751a82 | ||
|
Jérémy Lecour
|
b5bcd666c6 | ||
|
Jérémy Lecour
|
58cd1fedfa | ||
|
Jérémy Lecour
|
a5658b7f26 | ||
|
Jérémy Lecour
|
5c1ae6ed0c | ||
|
Jérémy Lecour
|
8a784c39ab | ||
|
Jérémy Lecour
|
9c8dd743c8 | ||
|
Jérémy Lecour
|
6b87ead5b4 | ||
|
Jérémy Lecour
|
d40fad662f | ||
|
Jérémy Lecour
|
613a11d119 | ||
|
Jérémy Lecour
|
a60189eb3e | ||
|
Jérémy Lecour
|
c80c354d65 | ||
|
Jérémy Lecour
|
e8a8e85819 | ||
|
Jérémy Lecour
|
c5ab0c0ff9 | ||
|
Jérémy Lecour
|
f673ea85d1 | ||
|
Jérémy Lecour
|
2c441f176a | ||
|
Jérémy Lecour
|
c5bb8f06ae | ||
|
Jérémy Lecour
|
51d4ec1bb2 | ||
|
Jérémy Lecour
|
5e09906c8f | ||
|
Jérémy Lecour
|
380c50b999 | ||
|
Jérémy Lecour
|
008cb6a3c9 | ||
|
Jérémy Lecour
|
52d06a3987 | ||
|
Jérémy Lecour
|
4a158ac819 | ||
|
Jérémy Lecour
|
2f68ae5339 | ||
|
Jérémy Lecour
|
6bfef35729 | ||
|
Jérémy Lecour
|
b8ac36e673 | ||
|
Jérémy Lecour
|
83e8a3d75a | ||
|
Jérémy Lecour
|
27a09ce682 | ||
|
Jérémy Lecour
|
90cbd17f9b | ||
|
Jérémy Lecour
|
b0b24744d6 | ||
|
Jérémy Lecour
|
11813c31a4 | ||
|
Jérémy Lecour
|
51462c724c | ||
|
Jérémy Lecour
|
1b8de7c524 | ||
|
Jérémy Lecour
|
2ed1dac16b | ||
|
Jérémy Lecour
|
f082cb652a | ||
|
Jérémy Lecour
|
f473e99d6d | ||
|
Jérémy Lecour
|
b8c5ac3097 | ||
|
Jérémy Lecour
|
6d757f971e | ||
|
Jérémy Lecour
|
55ad6882b5 | ||
|
Jérémy Lecour
|
0fe0244116 | ||
|
Jérémy Lecour
|
1890a79702 | ||
|
Jérémy Lecour
|
4c1ef1bd56 | ||
|
Jérémy Lecour
|
22145a29b2 | ||
|
Eric Morino
|
af9b1a4766 | ||
|
Eric Morino
|
cb257ef927 | ||
|
Jérémy Lecour
|
6190c66445 | ||
|
Jérémy Lecour
|
dd32ab5688 | ||
|
Jérémy Lecour
|
dbc853a815 | ||
|
Jérémy Lecour
|
81730de78b | ||
|
Jérémy Lecour
|
4c7fed77c4 | ||
|
Jérémy Lecour
|
fe9b7ee5f7 | ||
|
Jérémy Lecour
|
53eaf085f5 | ||
|
Jérémy Lecour
|
9d0bfec87e | ||
|
Jérémy Lecour
|
edfcbbad0a | ||
|
Jérémy Lecour
|
5d7d62b284 | ||
|
Jérémy Lecour
|
4e8c622cc0 | ||
|
Jérémy Lecour
|
7f3eebcfc6 | ||
|
Jérémy Lecour
|
4d7e6fd271 | ||
|
Jérémy Lecour
|
3d715bae35 | ||
|
Eric Morino
|
e75eeb8c3f | ||
|
Jérémy Lecour
|
ca40fad186 | ||
|
Jérémy Lecour
|
f6dcce239b | ||
|
Jérémy Lecour
|
856d11aced | ||
|
|
965dc2d20b | ||
|
|
dbc06c1c59 | ||
|
Jérémy Lecour
|
454d4c6d30 | ||
|
Jérémy Lecour
|
2c47871fa7 | ||
|
Jérémy Dubois
|
89b0bd5a2b | ||
|
Jérémy Lecour
|
dd42c3673c | ||
|
Jérémy Lecour
|
06b8314211 | ||
|
Ludovic Poujol
|
56c064d86b | ||
|
Eric Morino
|
547272eefd | ||
|
Jérémy Lecour
|
02451f1e67 | ||
|
Jérémy Lecour
|
4d83f25ae6 | ||
|
Jérémy Lecour
|
cae0de17df | ||
|
Jérémy Lecour
|
56af68e5b3 | ||
|
Jérémy Dubois
|
60f2f19402 | ||
|
Jérémy Lecour
|
e65340cb56 | ||
|
Jérémy Lecour
|
7dc6f0b849 | ||
|
Jérémy Lecour
|
9ca68a16dd | ||
|
Jérémy Lecour
|
9b2a3a6db2 | ||
|
Jérémy Lecour
|
d823c8116a | ||
|
Jérémy Lecour
|
3c9be8d913 | ||
|
Jérémy Lecour
|
2ed77c60f0 | ||
|
Jérémy Lecour
|
3dde4ee6d3 | ||
|
Jérémy Lecour
|
58bf79218f | ||
|
Jérémy Lecour
|
403ea45eeb | ||
|
Jérémy Lecour
|
7d08b0a30a | ||
|
Jérémy Lecour
|
b41a2fd04f | ||
|
Jérémy Lecour
|
b049ad79d6 | ||
|
Jérémy Lecour
|
83705a48b8 | ||
|
Jérémy Lecour
|
9f2125e287 | ||
|
Jérémy Lecour
|
e5e4dc95fa | ||
|
Jérémy Lecour
|
e7ddf9d46c | ||
|
Jérémy Lecour
|
485ec39674 | ||
|
Jérémy Lecour
|
07fd6451e1 | ||
|
Jérémy Lecour
|
5138065059 | ||
|
Jérémy Lecour
|
debc4a82ca | ||
|
Jérémy Lecour
|
b3a62aa9d8 | ||
|
Jérémy Lecour
|
eacdd2c7f2 | ||
|
Jérémy Lecour
|
9cdddd50a8 | ||
|
Jérémy Lecour
|
a7971abb04 | ||
|
Jérémy Lecour
|
92f28d85fe | ||
|
Jérémy Lecour
|
1caae2437a | ||
|
Jérémy Lecour
|
cc6acdbf34 | ||
|
Jérémy Lecour
|
6eaeb90f6e | ||
|
Jérémy Lecour
|
43c726e86a | ||
|
Jérémy Lecour
|
8716ffbb1e | ||
|
Jérémy Lecour
|
047605a2a2 | ||
|
Jérémy Lecour
|
920cb7eaeb | ||
|
Jérémy Lecour
|
66ea07ec29 | ||
|
Jérémy Lecour
|
2386733231 | ||
|
Jérémy Lecour
|
5b9d2a2776 | ||
|
Jérémy Lecour
|
5d79c31dc3 | ||
|
|
f260fedbae | ||
|
|
75675a96b1 | ||
|
Jérémy Lecour
|
94a5d7daa2 | ||
|
Jérémy Lecour
|
eab68545fe | ||
|
Ludovic Poujol
|
3457b14fed | ||
|
Ludovic Poujol
|
d56c545183 | ||
|
Jérémy Lecour
|
2f4b5b9448 | ||
|
Jérémy Lecour
|
5e0ca0e3ff | ||
|
Ludovic Poujol
|
0f8804a8ab | ||
|
Jérémy Lecour
|
a5a2c6e335 | ||
|
Jérémy Lecour
|
c85864a6a5 | ||
|
Jérémy Lecour
|
2686eea2b1 | ||
|
Jérémy Lecour
|
7041a70eeb | ||
 Bruno TATU
|
33837844ee | ||
|
Ludovic Poujol
|
32f2a29161 | ||
|
Ludovic Poujol
|
f2ebe2d878 | ||
|
Jérémy Lecour
|
d7d057e435 | ||
|
Jérémy Lecour
|
2593784ab0 | ||
|
Jérémy Lecour
|
3a3cf1395e | ||
|
Jérémy Lecour
|
5a4bd28eaf | ||
|
Jérémy Lecour
|
5582d6e724 | ||
|
Ludovic Poujol
|
c7c75d3206 | ||
 Patrick Marchand
|
e5511eafc6 | ||
|
Patrick Marchand
|
ffd3ff97f1 | ||
|
Patrick Marchand
|
7da22e243e | ||
|
Jérémy Lecour
|
3103af67a7 | ||
|
Ludovic Poujol
|
3cb18faf28 | ||
|
Jérémy Lecour
|
1f4079b1b3 | ||
|
Jérémy Lecour
|
92b7ce0acd | ||
|
Ludovic Poujol
|
df9db31725 | ||
|
Jérémy Lecour
|
3709808fdc | ||
|
Ludovic Poujol
|
ddd3e1aa06 | ||
|
Jérémy Lecour
|
f862ffc42e | ||
|
22a19519b3 | ||
|
|
41e3fb0982 | ||
|
|
3e11b1d31f | ||
|
|
2889720902 | ||
|
Jérémy Lecour
|
0e3ecccb7f | ||
|
Jérémy Lecour
|
622bbca4c2 | ||
|
Ludovic Poujol
|
b0cb14eb5b | ||
|
Jérémy Lecour
|
2b328dc764 | ||
|
|
58f82046cc | ||
|
Jérémy Lecour
|
17f1a1a55e | ||
|
Jérémy Lecour
|
f940bc3866 | ||
|
Jérémy Lecour
|
dde2672715 | ||
|
Jérémy Lecour
|
cff309ff41 | ||
|
Jérémy Lecour
|
e1458e6a35 | ||
|
Jérémy Lecour
|
5588ed6009 | ||
|
Jérémy Lecour
|
6c84ada361 | ||
|
1785e6a500 | ||
|
Jérémy Dubois
|
02ba81884d | ||
|
Mathieu Trossevin
|
633d5644cb | ||
|
|
2e29dc2440 | ||
|
|
1576375417 | ||
|
Jérémy Lecour
|
024d30ea43 | ||
|
Jérémy Lecour
|
0e32e0d2aa | ||
|
Jérémy Lecour
|
8c54fd8c16 | ||
|
Jérémy Lecour
|
6e7acd1abd | ||
|
Jérémy Lecour
|
19da5ea1f7 | ||
|
Jérémy Lecour
|
7ec0748383 | ||
|
Jérémy Lecour
|
442e9bcda8 | ||
|
Jérémy Lecour
|
4dbd1b0bee | ||
|
Eric Morino
|
feda9a63d8 | ||
|
Eric Morino
|
dd8b989bbe | ||
|
Jérémy Lecour
|
1d56e002b4 | ||
|
Jérémy Lecour
|
51cec4bce1 | ||
|
Jérémy Lecour
|
6ee66d0a74 | ||
|
Jérémy Lecour
|
74ac4c7570 | ||
|
Jérémy Lecour
|
66a6e67de2 | ||
|
Jérémy Lecour
|
03b91177b1 | ||
|
Jérémy Lecour
|
1922b51fbe | ||
|
Jérémy Lecour
|
67ce8de85e | ||
|
Jérémy Lecour
|
0f5ce44186 | ||
|
Jérémy Lecour
|
d430dea043 | ||
|
Jérémy Lecour
|
3e72d6961c | ||
|
Jérémy Lecour
|
8861169a04 | ||
|
Jérémy Lecour
|
81fbd98a5f | ||
|
Jérémy Lecour
|
0b528f15da | ||
|
Jérémy Lecour
|
5b2d3b09d0 | ||
|
Jérémy Lecour
|
3c4986275c | ||
|
Jérémy Lecour
|
772bce8c0b | ||
|
Jérémy Lecour
|
4d6f88f0f4 | ||
|
Eric Morino
|
c324866cd2 | ||
|
Ludovic Poujol
|
1160a5e809 | ||
|
Eric Morino
|
0f7dcb57b1 | ||
|
Eric Morino
|
2a94a3bdf1 | ||
|
Eric Morino
|
5522f822f7 | ||
|
Jérémy Lecour
|
98f798b9fb | ||
|
Jérémy Lecour
|
84bd3372d5 | ||
|
Jérémy Lecour
|
fc71bb5945 | ||
|
Jérémy Lecour
|
9aa24f4cde | ||
|
Jérémy Lecour
|
b6817cb62c | ||
|
Jérémy Lecour
|
18ac1e7279 | ||
|
Eric Morino
|
ae07d508cf | ||
|
Eric Morino
|
aa62555e9e | ||
|
Jérémy Lecour
|
86d59cbb5f | ||
|
Ludovic Poujol
|
1d8b7c3bea | ||
|
Jérémy Lecour
|
592030ee9a | ||
|
Jérémy Lecour
|
b43d0f3629 | ||
|
Jérémy Dubois
|
6c202dcf4f | ||
|
Ludovic Poujol
|
15154169cf | ||
|
Ludovic Poujol
|
7a37167e20 | ||
|
Ludovic Poujol
|
4de33e41b5 | ||
|
Ludovic Poujol
|
82d9abca3d | ||
|
|
6b89fa18cb
|
||
|
|
71f85a5863
|
||
|
|
2ea4745f93
|
||
|
Ludovic Poujol
|
c8d4da532f | ||
|
Ludovic Poujol
|
9e5d041210 | ||
|
|
d7aed91043
|
||
|
Jérémy Lecour
|
d80461e39a | ||
|
|
d33b4baef1
|
||
|
|
672cb8a4ef
|
||
|
Ludovic Poujol
|
995cb6d9a2 | ||
|
Ludovic Poujol
|
45835d3349 | ||
|
Jérémy Lecour
|
9bb7379e32 | ||
|
Ludovic Poujol
|
929f258bf8 | ||
|
Eric Morino
|
4f7c0d6e69 | ||
|
Jérémy Lecour
|
f717c31acc | ||
|
Jérémy Lecour
|
8b48552e36 | ||
|
Jérémy Lecour
|
3e67d92fd3 | ||
|
Jérémy Lecour
|
48174ad618 | ||
|
Jérémy Lecour
|
4007b14c09 | ||
|
Jérémy Lecour
|
b818c348c2 | ||
|
Ludovic Poujol
|
f9d6fe0ad4 | ||
|
Jérémy Lecour
|
c7151a8de8 | ||
|
Jérémy Lecour
|
37ed5dd393 | ||
|
Jérémy Lecour
|
afa0fd35c8 | ||
|
Jérémy Lecour
|
d0622c6b20 | ||
|
Jérémy Lecour
|
8460938f35 | ||
|
Jérémy Lecour
|
fce6676eca | ||
|
Jérémy Lecour
|
24dd420aac | ||
|
Jérémy Lecour
|
82bd1ed49a | ||
|
Jérémy Lecour
|
ed45551a0c | ||
|
Jérémy Lecour
|
e5c759c7f0 | ||
|
Jérémy Lecour
|
bf0676cbf8 | ||
 Benoît S.
|
8ab79d5ece | ||
|
Jérémy Lecour
|
23cd57e9aa | ||
|
Jérémy Lecour
|
f68a79c022 | ||
|
Ludovic Poujol
|
08cdd0cd18 | ||
|
Jérémy Lecour
|
f55e5be2e5 | ||
|
Jérémy Lecour
|
c89d699518 | ||
|
Jérémy Lecour
|
43122a5ea9 | ||
|
Jérémy Lecour
|
f2f63eee36 | ||
|
Jérémy Lecour
|
1063d2dc1c | ||
|
Jérémy Lecour
|
ec95f9538f | ||
|
Benoît S.
|
0c9b9b2628 | ||
|
Benoît S.
|
63bfef13ee | ||
|
Benoît S.
|
8b34bec22b | ||
|
Benoît S.
|
5101547242 | ||
|
Benoît S.
|
fd57b17980 | ||
|
Benoît S.
|
fe1756d22a | ||
|
Jérémy Lecour
|
14d8eaac2f | ||
|
Benoît S.
|
10385ecf4d | ||
|
Benoît S.
|
952b0d4521 | ||
|
Jérémy Lecour
|
fa49369929 | ||
|
Benoît S.
|
8a4ae16d73 | ||
|
Benoît S.
|
0dee37a7e6 | ||
|
Benoît S.
|
215ecd6c2c | ||
|
Benoît S.
|
2dc7d22c13 | ||
|
Benoît S.
|
725b7ae77b | ||
|
Benoît S.
|
4f3e809b77 | ||
|
Benoît S.
|
0eecc1a4ca | ||
|
Benoît S.
|
2a065abf5f | ||
|
Benoît S.
|
39c8daacf4 | ||
|
Jérémy Lecour
|
d67be3cd91 | ||
|
Jérémy Lecour
|
2a5195078c | ||
|
Jérémy Lecour
|
4c4771b3ab | ||
|
Jérémy Lecour
|
d26d501b2c | ||
|
Jérémy Lecour
|
17b49ccc3d | ||
|
Jérémy Lecour
|
d9f8c4fc89 | ||
|
Jérémy Lecour
|
c2ae3de929 | ||
|
Jérémy Lecour
|
a381d23d1f | ||
|
Jérémy Lecour
|
e197f5c2ba | ||
|
Jérémy Lecour
|
d5b29a2fe0 | ||
|
Jérémy Lecour
|
39b8e9698d | ||
|
Patrick Marchand
|
9bfbbf08c4 | ||
|
Jérémy Lecour
|
7f65505f01 | ||
|
Jérémy Lecour
|
45731c7755 | ||
|
Patrick Marchand
|
f5d06ad0b1 | ||
|
Jérémy Lecour
|
99f0d9e178 | ||
|
Jérémy Lecour
|
968d19bb30 | ||
|
Eric Morino
|
413597cd59 | ||
|
Jérémy Lecour
|
e380fa5085 | ||
|
Ludovic Poujol
|
974bc653f3 | ||
|
Ludovic Poujol
|
5ce715d2ae | ||
|
Ludovic Poujol
|
c521c98a11 | ||
|
Ludovic Poujol
|
2dcf99a117 | ||
|
Ludovic Poujol
|
193b640226 | ||
|
Ludovic Poujol
|
72939c3e57 | ||
|
Ludovic Poujol
|
0dfe97d771 | ||
|
Jérémy Lecour
|
a841e60531 | ||
|
Jérémy Lecour
|
8d8e5f6998 | ||
|
Jérémy Lecour
|
cd29ee4d33 | ||
|
Jérémy Dubois
|
877a32bbf0 | ||
|
Benoît S.
|
bdb234c0cd | ||
|
Benoît S.
|
f963eaacf6 | ||
|
Benoît S.
|
35123f8189 | ||
|
Jérémy Lecour
|
6d31568a41 | ||
|
Jérémy Lecour
|
291ad2ba40 | ||
|
Jérémy Lecour
|
107f1f06e6 | ||
|
Jérémy Lecour
|
bd8a30a107 | ||
|
Jérémy Lecour
|
66b62c5629 | ||
|
Jérémy Lecour
|
f034e93b6e | ||
|
Patrick Marchand
|
0a4aeea481 | ||
|
Patrick Marchand
|
004b48eee7 | ||
|
Patrick Marchand
|
e713ad024b | ||
|
Patrick Marchand
|
c142af69f0 | ||
|
Patrick Marchand
|
18878d58e8 | ||
|
Patrick Marchand
|
8778d69102 | ||
|
Patrick Marchand
|
c39f63048c | ||
|
df99e9ac4f | ||
|
|
6a264a3179 | ||
|
Benoît S.
|
d0004ebacc | ||
|
Benoît S.
|
5bf7ba5c84 | ||
|
Benoît S.
|
d8a3bd0c01 | ||
|
Benoît S.
|
8d9d068a33 | ||
|
Ludovic Poujol
|
a9fe102f30 | ||
|
Jérémy Lecour
|
7413a242a8 | ||
|
Jérémy Lecour
|
44ddc8047d | ||
|
Jérémy Lecour
|
1e6d6cdd13 | ||
|
Jérémy Lecour
|
f49bf5c72d | ||
|
Jérémy Lecour
|
a60deb276b | ||
|
Jérémy Lecour
|
8ea1bac000 | ||
|
Benoît S.
|
a8095b1c36 | ||
|
Jérémy Lecour
|
5c4daf3691 | ||
|
Jérémy Lecour
|
d457b25c4b | ||
|
Jérémy Lecour
|
7eed6d0255 | ||
|
Jérémy Lecour
|
221e9edc10 | ||
|
Jérémy Lecour
|
57ac4e467c | ||
|
Jérémy Lecour
|
ce35f7292f | ||
|
Ludovic Poujol
|
edbc596511 | ||
|
Jérémy Lecour
|
eeeb20771a | ||
|
Jérémy Lecour
|
d3e69eeeb5 | ||
|
Jérémy Lecour
|
21b8104654 | ||
|
Jérémy Lecour
|
9270852349 | ||
|
Jérémy Lecour
|
cea5620568 | ||
|
Jérémy Lecour
|
8aa7f6cf33 | ||
|
Benoît S.
|
1c050b481a | ||
|
Benoît S.
|
0150e77041 | ||
|
Benoît S.
|
0fd8128f94 | ||
|
Benoît S.
|
0cd889e4fb | ||
|
Benoît S.
|
9a8f1979bc | ||
|
Benoît S.
|
a28b9558cb | ||
|
Jérémy Lecour
|
9bdd5ad9e7 | ||
|
|
5e13f8da4e | ||
|
|
49b20f9b12 | ||
|
|
1d9ab0f1f3 | ||
|
Benoît S.
|
de908ae5bd | ||
|
Benoît S.
|
1d7d2ce08d | ||
|
Jérémy Lecour
|
977c28c720 | ||
|
Benoît S.
|
766b4dfa82 | ||
|
Benoît S.
|
a74f4e1890 | ||
|
Benoît S.
|
4bec21a9f3 | ||
|
Benoît S.
|
241f50d27e | ||
|
Benoît S.
|
74229809ff | ||
|
Benoît S.
|
09e17ffe6c | ||
|
Benoît S.
|
b47d2b872c | ||
|
Benoît S.
|
d49da6954a | ||
|
Benoît S.
|
6126be95e3 | ||
|
Jérémy Lecour
|
ce7468816f | ||
|
Jérémy Lecour
|
30cdbae981 | ||
|
Jérémy Lecour
|
011761eb8f | ||
|
Jérémy Lecour
|
8465743973 | ||
|
Jérémy Lecour
|
01a486b20a | ||
|
Jérémy Lecour
|
ac4ef5ff96 | ||
|
Jérémy Lecour
|
4bf5b1daa6 | ||
|
Jérémy Lecour
|
f47af9f54f | ||
|
Jérémy Lecour
|
7f54b8ab60 | ||
|
Jérémy Lecour
|
e5d4ea3c18 | ||
|
Jérémy Lecour
|
ce0d61bcbd | ||
|
Patrick Marchand
|
0fee07f47e | ||
|
Jérémy Lecour
|
a8887aaa8e | ||
|
Jérémy Lecour
|
4c71ea2012 | ||
|
Patrick Marchand
|
c9daa8ba35 | ||
|
Jérémy Lecour
|
d9f9d03140 | ||
|
Jérémy Lecour
|
1ade990526 | ||
|
Eric Morino
|
2fbf1ff9f9 | ||
|
Jérémy Lecour
|
7f0931510f | ||
|
Ludovic Poujol
|
ebffccae59 | ||
|
Ludovic Poujol
|
186f3d90b9 | ||
|
Ludovic Poujol
|
0dfb92360f | ||
|
Ludovic Poujol
|
90704dc712 | ||
|
Ludovic Poujol
|
ead0b7fd88 | ||
|
Ludovic Poujol
|
8c883c44dd | ||
|
Ludovic Poujol
|
c7d456471b | ||
|
Jérémy Lecour
|
2ca7872eef | ||
|
Jérémy Lecour
|
3bd0a4ffb3 | ||
|
Jérémy Lecour
|
9aed38b637 | ||
|
Jérémy Dubois
|
1a0872c507 | ||
|
Benoît S.
|
342810362d | ||
|
Benoît S.
|
91dda2e1a2 | ||
|
Benoît S.
|
7b97702f15 | ||
|
Jérémy Lecour
|
1d5a30b144 | ||
|
Patrick Marchand
|
c8cd119a18 | ||
|
Jérémy Lecour
|
4cf438c8ff | ||
|
Jérémy Lecour
|
8a87fecbe4 | ||
|
Jérémy Lecour
|
47d11308ba | ||
|
Jérémy Lecour
|
86cab2ab94 | ||
|
Jérémy Lecour
|
3fe1138a98 | ||
|
Patrick Marchand
|
8c1e40c1a9 | ||
|
Patrick Marchand
|
5b9cc3af31 | ||
|
Patrick Marchand
|
1a96616f42 | ||
|
Patrick Marchand
|
b80f3993ae | ||
|
Patrick Marchand
|
d15819fb04 | ||
|
Patrick Marchand
|
6289c7fe1c | ||
|
Patrick Marchand
|
45fba1f878 | ||
|
|
c319be2542 | ||
|
|
31f002f9d9 | ||
|
Benoît S.
|
314cd2c1de | ||
|
Benoît S.
|
f35cbdbe30 | ||
|
Benoît S.
|
0307c0b066 | ||
|
Benoît S.
|
073f2b5b09 | ||
|
Ludovic Poujol
|
09371b095f | ||
|
Jérémy Lecour
|
3a26f18201 | ||
|
Jérémy Lecour
|
4016387ca8 | ||
|
Jérémy Lecour
|
ac7ee86a9c | ||
|
Jérémy Lecour
|
0da938223e | ||
|
Jérémy Lecour
|
849ec405d5 | ||
|
Jérémy Lecour
|
57e5791728 | ||
|
Jérémy Lecour
|
2f77100b47 | ||
|
Patrick Marchand
|
72736751ea | ||
|
Patrick Marchand
|
ebecda38b6 | ||
|
Patrick Marchand
|
53ae27b250 | ||
|
Eric Morino
|
9e0388c865 | ||
|
|
7173fc06ea | ||
|
Patrick Marchand
|
daa97a2314 | ||
|
Patrick Marchand
|
556b6a6f89 | ||
|
Patrick Marchand
|
6906c41818 | ||
|
Jérémy Lecour
|
f3111b42e5 | ||
|
Ludovic Poujol
|
b1b0072377 | ||
|
Jérémy Lecour
|
7a3e6cf61a | ||
|
Jérémy Lecour
|
968973d1f4 | ||
|
Jérémy Lecour
|
d013a65cf6 | ||
|
Jérémy Lecour
|
7a9624fcc2 | ||
|
Patrick Marchand
|
05c3629564 | ||
|
Jérémy Lecour
|
6764418e75 | ||
|
Jérémy Lecour
|
155c6a5a88 | ||
|
Jérémy Lecour
|
257a3476f1 | ||
|
Jérémy Lecour
|
e2f5094835 | ||
|
Jérémy Lecour
|
f2613e91aa | ||
|
Ludovic Poujol
|
6cf62aec11 | ||
|
Ludovic Poujol
|
4720329084 | ||
|
Ludovic Poujol
|
bd201e8791 | ||
|
Ludovic Poujol
|
93c043c8e0 | ||
|
Ludovic Poujol
|
bd63e7037f | ||
|
Jérémy Lecour
|
35549d2dea | ||
|
Jérémy Lecour
|
71a9ac8424 | ||
|
Ludovic Poujol
|
f135f67cd0
|
||
|
Ludovic Poujol
|
2a1d355192 | ||
|
Ludovic Poujol
|
7fc260a17b | ||
|
Ludovic Poujol
|
f442239cec | ||
|
Ludovic Poujol
|
135a089341 | ||
|
Ludovic Poujol
|
a21fcaf663 | ||
|
Ludovic Poujol
|
a680399608 | ||
|
Ludovic Poujol
|
8bc4ff4ada | ||
 Victor LABORIE
|
84ec361270 | ||
|
Victor LABORIE
|
3601e802d6 | ||
|
Victor LABORIE
|
47b263e411 | ||
|
Ludovic Poujol
|
9c420eec4f | ||
|
Ludovic Poujol
|
0f41638810 | ||
|
Ludovic Poujol
|
e6f2bbb331 | ||
|
Ludovic Poujol
|
8ef94a9798 | ||
|
Ludovic Poujol
|
9b80db3772 | ||
|
Patrick Marchand
|
04e1b96833 | ||
|
Patrick Marchand
|
d9517e8033 | ||
|
Jérémy Lecour
|
5b5b8944c5 | ||
|
Jérémy Lecour
|
288416f149 | ||
|
Jérémy Lecour
|
4718138eca | ||
|
Jérémy Lecour
|
69c98bf562 | ||
|
Patrick Marchand
|
9d7b4dd52d | ||
|
Jérémy Lecour
|
4ad785abaf | ||
|
Patrick Marchand
|
a18076e878 | ||
|
Patrick Marchand
|
d5731f90e0 | ||
|
Eric Morino
|
6c4f696ec5 | ||
|
Eric Morino
|
0bda633b0c | ||
|
Jérémy Lecour
|
ac98aa2d18 | ||
|
Jérémy Lecour
|
92dcbf1ab5 | ||
|
Jérémy Lecour
|
ac6414076c | ||
|
Eric Morino
|
61e007d22b | ||
|
Jérémy Lecour
|
1e3ac40167 | ||
|
Jérémy Lecour
|
ddef475778 | ||
|
Jérémy Lecour
|
ec54af596c | ||
|
Jérémy Lecour
|
783dcb9890 | ||
|
Jérémy Lecour
|
099691614e | ||
|
Jérémy Lecour
|
bc1a6f347a | ||
|
Jérémy Lecour
|
e510c44a4a | ||
|
Jérémy Lecour
|
68a1d4eb27 | ||
|
Jérémy Lecour
|
37b8d1fbc4 | ||
|
Jérémy Lecour
|
bb958b34b0 | ||
|
Jérémy Lecour
|
af53a6b2ec | ||
|
Jérémy Lecour
|
eb74bda22a | ||
|
Eric Morino
|
3a20f5f501 | ||
|
Jérémy Lecour
|
1b29f2d793 | ||
|
Jérémy Lecour
|
d31dddc9aa | ||
|
Jérémy Lecour
|
65bc2c657d | ||
|
Jérémy Lecour
|
7283e34077 | ||
|
Jérémy Lecour
|
ff7f8669ef | ||
|
|
c06fe36796 | ||
|
Ludovic Poujol
|
7a865b0ace
|
||
|
Ludovic Poujol
|
704b76e6de
|
||
|
Ludovic Poujol
|
02e8754d75
|
||
|
Patrick Marchand
|
fefd10ae2a | ||
|
Jérémy Lecour
|
ca4c4adb59 | ||
|
Jérémy Lecour
|
f57af13349 | ||
|
Jérémy Lecour
|
68b7a88e63 | ||
|
Patrick Marchand
|
896b8bd7e4 | ||
|
Patrick Marchand
|
c195806918 | ||
|
Jérémy Lecour
|
07fd68b6a4 | ||
|
Jérémy Lecour
|
72f5dc70f8 | ||
|
Jérémy Lecour
|
dc7358bc4c | ||
|
Jérémy Lecour
|
02858692bb | ||
|
Jérémy Lecour
|
71a2a19847 | ||
|
Eric Morino
|
3740a6782b | ||
|
Jérémy Lecour
|
adc1aad883 | ||
|
Ludovic Poujol
|
d3dc98a778 | ||
|
Ludovic Poujol
|
31df2d2fbc
|
||
|
Ludovic Poujol
|
ef5ed6911e
|
||
|
Ludovic Poujol
|
c9d3635cf8
|
||
|
Patrick Marchand
|
af61b7f97d | ||
|
Jérémy Lecour
|
80081aa26e | ||
|
Patrick Marchand
|
131004136e | ||
|
Eric Morino
|
c4ede03f3a | ||
|
Eric Morino
|
12cdf35126 | ||
|
Jérémy Lecour
|
65d914098c | ||
|
|
3ba846cc38 | ||
|
|
97719d28f2 | ||
|
Jérémy Lecour
|
e7952dc3c8 | ||
|
Jérémy Lecour
|
bf7de332ea | ||
|
Jérémy Lecour
|
f79b30eeb4 | ||
|
Jérémy Lecour
|
6801f4e00e | ||
|
Jérémy Lecour
|
3b258cc43e | ||
|
Jérémy Lecour
|
b8bdedaa2e | ||
|
Jérémy Lecour
|
27e217467e | ||
|
Jérémy Lecour
|
eded11f88f | ||
|
Jérémy Lecour
|
e04d881988 | ||
|
Jérémy Lecour
|
79bb6103b8 | ||
|
Jérémy Lecour
|
5b847ec91c | ||
|
Eric Morino
|
270e42ac77 | ||
|
Eric Morino
|
be2ea39158 | ||
|
Eric Morino
|
1bf271a4f4 | ||
|
Patrick Marchand
|
20191c8873 | ||
|
Patrick Marchand
|
0b4095d8dd | ||
|
Victor LABORIE
|
2a1e0b7ef6 | ||
|
Jérémy Lecour
|
ce45a39b8b | ||
|
Jérémy Lecour
|
607ee119ec | ||
|
Jérémy Lecour
|
e557a3eaae | ||
|
Eric Morino
|
8b6c1341f9 | ||
|
Victor LABORIE
|
1b74db194a | ||
|
Victor LABORIE
|
0873bb49e0 | ||
|
Victor LABORIE
|
6f5e13f8b8 | ||
|
Ludovic Poujol
|
6e918d166e
|
||
|
|
cf8cca745e | ||
|
|
5008b79ef5 | ||
|
|
7728f5f0c5 | ||
|
|
b7a223dbdd | ||
|
|
3ede484242 | ||
|
|
839db42c81 | ||
|
Ludovic Poujol
|
0e58f34e18
|
||
|
Ludovic Poujol
|
dc1c78e08a | ||
|
Jérémy Lecour
|
473bcb4cd6 | ||
|
Eric Morino
|
e20d95786a | ||
|
Eric Morino
|
d10441fb0b | ||
|
Eric Morino
|
9d5a272472 | ||
|
Eric Morino
|
c15f8963e4 | ||
|
Eric Morino
|
eb81c69327 | ||
|
Jérémy Lecour
|
26dd244ae0 | ||
|
Ludovic Poujol
|
174bfa5ba0 | ||
|
Eric Morino
|
dc162ec67f | ||
|
Jérémy Lecour
|
7f6ad406a5 | ||
|
Jérémy Lecour
|
767760cbe0 | ||
|
Jérémy Lecour
|
049d36ab8f | ||
|
Jérémy Lecour
|
6b77372f24 | ||
|
Jérémy Lecour
|
a55e29186f | ||
|
Jérémy Lecour
|
ab8c6b13b8 | ||
|
Jérémy Lecour
|
7e50a460a8 | ||
|
Jérémy Lecour
|
1c0e3af490 | ||
|
Jérémy Lecour
|
5476538eb1 | ||
|
Jérémy Lecour
|
f2dacac139 | ||
|
Jérémy Lecour
|
8679da4cb6 | ||
|
Jérémy Lecour
|
78ea4a61e1 | ||
|
Jérémy Lecour
|
772c333623 | ||
|
Jérémy Dubois
|
08a98e0bd5 | ||
|
Jérémy Lecour
|
cd9e17e8f6 | ||
|
Jérémy Lecour
|
e80e4197c2 | ||
|
Jérémy Lecour
|
d5a6487315 | ||
|
Jérémy Lecour
|
5eff84bc07 | ||
|
Jérémy Lecour
|
27adad616f | ||
|
Jérémy Lecour
|
a9b61161e0 | ||
|
Jérémy Lecour
|
85b0e36f33 | ||
|
Jérémy Lecour
|
76864f226e | ||
|
|
7deee9b1e6 | ||
|
Jérémy Lecour
|
ee72dd07ff | ||
|
Jérémy Lecour
|
2ea88dc385 | ||
|
Jérémy Lecour
|
24edbd680a | ||
|
Jérémy Lecour
|
bc5e19c002 | ||
|
Jérémy Lecour
|
16c44ab867 | ||
|
Jérémy Lecour
|
12cebfa71c | ||
|
Ludovic Poujol
|
2d2889ac16 | ||
|
Ludovic Poujol
|
0a7262081a | ||
|
Jérémy Lecour
|
beb39988e7 | ||
|
Jérémy Lecour
|
7fe89d2419 | ||
|
|
5178e99e7c | ||
|
Jérémy Lecour
|
edb5ace762 | ||
|
|
6118dda7c9 | ||
|
|
2bbebded9e | ||
|
|
c6804e73e7 | ||
|
|
5a20292ec9 | ||
|
|
d4742b411d | ||
|
|
daad12fdeb | ||
|
|
4851af7432 | ||
|
|
569ad4d38a | ||
|
Ludovic Poujol
|
4aaeb4590b | ||
|
Ludovic Poujol
|
e985f5778c | ||
|
Jérémy Lecour
|
429fc39b86 | ||
|
Ludovic Poujol
|
a5378c783e | ||
|
Ludovic Poujol
|
ae97276e13 | ||
|
|
f96c0b82ff | ||
|
Jérémy Lecour
|
a478c773eb | ||
|
Jérémy Lecour
|
eec8aef129 | ||
|
Jérémy Lecour
|
68e6d6cb23 | ||
|
Jérémy Lecour
|
44b2480e03 | ||
|
Jérémy Lecour
|
3521d4a765 | ||
|
Jérémy Lecour
|
86108999c1 | ||
|
Jérémy Lecour
|
394e28b815 | ||
|
Jérémy Lecour
|
0a8061bbd6 | ||
|
Jérémy Lecour
|
b6b0c7716c | ||
|
Jérémy Lecour
|
e3e908dd4c | ||
|
Jérémy Lecour
|
2cf5027df9 | ||
|
|
6fe86a76c5 | ||
|
Jérémy Lecour
|
f09a405d84 | ||
|
Jérémy Lecour
|
9ea567ee2d | ||
|
Jérémy Lecour
|
c98be7c864 | ||
|
Jérémy Lecour
|
732e26275e | ||
|
Jérémy Lecour
|
ce02a68a8d | ||
|
|
6a89f253e9 | ||
|
|
1b7f5bb46d | ||
|
|
87202fa264 | ||
|
Jérémy Lecour
|
bea11352be | ||
|
Jérémy Lecour
|
45d48eedb0 | ||
|
Jérémy Lecour
|
3999e7d4f8 | ||
|
Jérémy Lecour
|
0829efc8a6 | ||
|
Jérémy Lecour
|
9f619adf68 | ||
|
Jérémy Lecour
|
1a647d0546 | ||
|
Jérémy Lecour
|
b31159c9d2 | ||
|
Jérémy Lecour
|
8f868b8612 | ||
|
Jérémy Lecour
|
2d249f1815 | ||
|
|
a358db065b | ||
|
|
0009272462 | ||
|
Jérémy Lecour
|
508f725193 | ||
|
|
cf83732946 | ||
|
|
109191ccd8 | ||
|
|
b36202f8d1 | ||
|
|
11e006201a | ||
|
|
d226ce594a | ||
|
Jérémy Lecour
|
442353ce73 | ||
|
Jérémy Lecour
|
a57b734486 | ||
|
Jérémy Lecour
|
c6cba6d9e0 | ||
|
Jérémy Lecour
|
d05897fe93 | ||
|
Jérémy Lecour
|
961f50c1a6 | ||
|
Jérémy Lecour
|
3768f6553a | ||
|
Jérémy Lecour
|
795d397eab | ||
|
Jérémy Lecour
|
e0ec9e63cb | ||
|
Jérémy Lecour
|
244b2ef96b | ||
|
Jérémy Lecour
|
a3bbc6fe87 | ||
|
Jérémy Lecour
|
62e43f85d9 | ||
|
Jérémy Lecour
|
d972c6c794 | ||
|
Jérémy Lecour
|
d0111f9a4f | ||
|
Jérémy Lecour
|
415aedb78a | ||
|
|
f9b55c0c91 | ||
|
|
71bf970811 | ||
|
|
0f7d9e9f24 | ||
|
|
c773c901f2 | ||
|
|
7d6a552c09 | ||
|
Jérémy Lecour
|
13b7ca204f | ||
|
Jérémy Lecour
|
4acd61a072 | ||
|
|
1c12827c9c | ||
|
|
d75846ed28 | ||
|
|
02415b7a2c | ||
|
Jérémy Lecour
|
5925a12b3d | ||
|
Jérémy Lecour
|
6db519c2b0 | ||
|
Jérémy Lecour
|
2c2f13e17f | ||
|
Jérémy Lecour
|
921c0badb8 | ||
|
|
276177900b | ||
|
|
67664ec0e2 | ||
|
|
1ecc38f9c2 | ||
|
Ludovic Poujol
|
4695c07ffa | ||
|
Benoît S.
|
269c66365d | ||
|
Ludovic Poujol
|
ab00a46e19 | ||
|
Ludovic Poujol
|
8d71965ec9 | ||
|
Ludovic Poujol
|
e2fd56bdcd | ||
|
Jérémy Lecour
|
f5f4a82114 | ||
|
Ludovic Poujol
|
b116c47b58 | ||
|
Jérémy Lecour
|
c0ed2fa620 | ||
|
Ludovic Poujol
|
6d2db1341f | ||
|
b7844dd804 | ||
|
Ludovic Poujol
|
f630d93587 | ||
|
Victor LABORIE
|
cb8116fff0 | ||
|
Benoît S.
|
7a00ccfd3c | ||
|
Victor LABORIE
|
031c4c29b9 | ||
|
Benoît S.
|
755eaab60a | ||
|
Benoît S.
|
a7ef7be973 | ||
|
Benoît S.
|
4e02e8ee94 | ||
|
|
87d49d8e58 | ||
|
|
4d72c38e8a | ||
|
|
eaa229791a | ||
|
|
a9b56f3dfe | ||
|
|
d3a15d69d9 | ||
|
|
5708c701a7 | ||
|
|
a141847445 | ||
|
|
57e93eddd4 | ||
|
Benoît S.
|
62cd28c1f5 | ||
|
Benoît S.
|
bb288ca991 | ||
|
Benoît S.
|
d5751150af | ||
|
Benoît S.
|
771c75c1de | ||
|
Benoît S.
|
0b8681cf59 | ||
|
|
8de8736dbc | ||
|
Jérémy Lecour
|
f5ad70a2e4 | ||
|
Jérémy Lecour
|
11a039bfac | ||
|
Jérémy Lecour
|
2e83fc00cc | ||
|
Jérémy Lecour
|
5199a384c3 | ||
|
Jérémy Lecour
|
2b9354b549 | ||
|
Jérémy Lecour
|
b773e17560 | ||
|
Eric Morino
|
1b972caa83 | ||
|
Jérémy Lecour
|
c147a4674d | ||
|
Jérémy Lecour
|
a4236a0708 | ||
|
Ludovic Poujol
|
e13543bf07 | ||
|
Jérémy Lecour
|
bb6191d104 | ||
|
Jérémy Lecour
|
fecdbb0406 | ||
|
Jérémy Lecour
|
879c5c16cd | ||
|
Jérémy Lecour
|
77d0081cbe | ||
|
Jérémy Lecour
|
16bdd6893d | ||
|
Jérémy Lecour
|
a5ee2771ca | ||
|
Jérémy Lecour
|
4b84314b92 | ||
|
Jérémy Lecour
|
39d0167408 | ||
|
Jérémy Lecour
|
bb0189e5a4 | ||
|
Jérémy Lecour
|
1e28210834 | ||
|
Jérémy Lecour
|
8420791224 | ||
|
Jérémy Lecour
|
c2500827e1 | ||
|
Jérémy Lecour
|
ce12e32375 | ||
|
Jérémy Lecour
|
77246710b6 | ||
|
Jérémy Lecour
|
49d90fff09 | ||
|
Jérémy Lecour
|
a8ef97fcde | ||
|
|
93e2c81fb2 | ||
|
|
0401c01f36 | ||
|
Jérémy Lecour
|
b83574592f | ||
|
Jérémy Lecour
|
b362f422df | ||
|
|
b6d53bfae9 | ||
|
|
936ab9cbe6 | ||
|
Jérémy Lecour
|
bee57a0b3c | ||
|
|
6d3eaf891c | ||
|
Jérémy Lecour
|
8cb604aa93 | ||
|
Victor LABORIE
|
189fa87efb | ||
|
Ludovic Poujol
|
7b9cc7c2b1 | ||
|
Jérémy Lecour
|
65414d8ae7 | ||
|
Jérémy Lecour
|
9b2372720b | ||
|
Jérémy Lecour
|
a643c96cca | ||
|
Victor LABORIE
|
8314053506 | ||
|
|
317aac735f | ||
|
|
b2e079101e | ||
|
|
b6e6839419 | ||
|
|
c1b88d1eca | ||
|
Ludovic Poujol
|
8413fa137c | ||
|
Ludovic Poujol
|
890055753e | ||
|
Ludovic Poujol
|
75a8c90258 | ||
|
Ludovic Poujol
|
334b8a3f0d | ||
|
Ludovic Poujol
|
20a4c082d7 | ||
|
|
3e03358370 | ||
|
Victor LABORIE
|
e2ae37fa3d | ||
|
|
edad3a7ce7 | ||
|
Victor LABORIE
|
08ae9d73c4 | ||
|
|
1fc8b2b9f9 | ||
|
|
d8385bff84 | ||
|
Jérémy Lecour
|
2c11f02554 | ||
|
Jérémy Lecour
|
271746494c | ||
|
Jérémy Lecour
|
b883d63cc5 | ||
|
Jérémy Lecour
|
a84bc70b79 | ||
|
Jérémy Lecour
|
5cbad9911f | ||
|
Jérémy Lecour
|
48c2496deb | ||
|
Jérémy Lecour
|
588efc941e | ||
|
Jérémy Lecour
|
f2cfb85926 | ||
|
Jérémy Lecour
|
d997431518 | ||
|
Jérémy Lecour
|
d1efb10484 | ||
|
Jérémy Lecour
|
3e9f18ad54 | ||
|
Jérémy Lecour
|
e2d51e0e25 | ||
|
Jérémy Lecour
|
b0ef42db11 | ||
|
Bruno TATU
|
b14d15302d | ||
|
Bruno TATU
|
e9afd49373 | ||
|
Jérémy Lecour
|
c7d291c830 | ||
|
Jérémy Lecour
|
87d865508f | ||
|
Jérémy Lecour
|
c53403570a | ||
|
Jérémy Lecour
|
9102e35fe8 | ||
|
Jérémy Lecour
|
72695db53b | ||
|
Bruno TATU
|
516aafbaa4 | ||
|
Jérémy Lecour
|
8a027f9521 | ||
|
Jérémy Lecour
|
e4daf04110 | ||
|
Jérémy Lecour
|
eefde217b1 | ||
|
Jérémy Lecour
|
fbd4e741a0 | ||
|
Jérémy Lecour
|
9038beefd1 | ||
|
Jérémy Lecour
|
28b3243e5d | ||
|
|
c61c2c86e2 | ||
|
|
5bc0c597c7 | ||
|
|
62189dbca8 | ||
|
|
6ac4bdf734 | ||
|
|
ca795dc8c3 | ||
|
|
2cb9ae6081 | ||
|
Jérémy Lecour
|
6ff38593a0 | ||
|
Jérémy Lecour
|
7af0a89d69 | ||
|
Jérémy Lecour
|
bba59f4321 |
36
.drone.yml
Normal file
36
.drone.yml
Normal file
|
|
@ -0,0 +1,36 @@
|
|||
kind: pipeline
|
||||
name: default
|
||||
|
||||
steps:
|
||||
- name: build tagged docker image
|
||||
image: plugins/docker
|
||||
settings:
|
||||
username:
|
||||
from_secret: docker_username
|
||||
password:
|
||||
from_secret: docker_password
|
||||
dockerfile: Dockerfile
|
||||
repo: evolix/ansible-roles
|
||||
auto_tag: true
|
||||
environment:
|
||||
ROLES_VERSION: $DRONE_COMMIT_SHA
|
||||
when:
|
||||
event:
|
||||
- tag
|
||||
|
||||
- name: build latest docker image
|
||||
image: plugins/docker
|
||||
settings:
|
||||
username:
|
||||
from_secret: docker_username
|
||||
password:
|
||||
from_secret: docker_password
|
||||
dockerfile: Dockerfile
|
||||
repo: evolix/ansible-roles
|
||||
tags: latest
|
||||
environment:
|
||||
ROLES_VERSION: $DRONE_COMMIT_SHA
|
||||
when:
|
||||
branch:
|
||||
- unstable
|
||||
|
||||
1
.gitignore
vendored
1
.gitignore
vendored
|
|
@ -1,3 +1,4 @@
|
|||
.kitchen/
|
||||
.kateproject.d
|
||||
.vagrant/
|
||||
*.swp
|
||||
|
|
|
|||
497
CHANGELOG.md
497
CHANGELOG.md
|
|
@ -4,31 +4,514 @@ All notable changes to this project will be documented in this file.
|
|||
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
|
||||
|
||||
This project does not follow semantic versioning.
|
||||
The **major** part of the version is aligned with the stable version of Debian.
|
||||
The **minor** part changes with big changes (probably incompatible).
|
||||
The **patch** part changes incrementally at each release.
|
||||
The **major** part of the version is the year
|
||||
The **minor** part changes is the month
|
||||
The **patch** part changes is incremented if multiple releases happen the same month
|
||||
|
||||
## [Unreleased]
|
||||
|
||||
### Added
|
||||
|
||||
### Changed
|
||||
|
||||
* minifirewall: tail template follows symlinks
|
||||
|
||||
### Fixed
|
||||
|
||||
### Removed
|
||||
|
||||
### Security
|
||||
|
||||
## [22.03] 2022-03-02
|
||||
|
||||
### Added
|
||||
|
||||
* apt: apt_hold_packages: broadcast message with wall, if present
|
||||
* evolinux-base: option to bypass raid-related tasks
|
||||
* Explicit permissions for systemd overrides
|
||||
* generate-ldif: Add support for php-fpm in containers
|
||||
* kvm-host: add missing default value
|
||||
* lxc-php: preliminary support for PHP 8.1 container
|
||||
* openvpn: now check that openvpn has been restarted since last certificates renewal
|
||||
* redis: always install check_redis_instances
|
||||
* redis: check_redis_instances tolerates absence of instances
|
||||
|
||||
### Changed
|
||||
|
||||
* elasticsearch: Use `/etc/elasticsearch/jvm.options.d/evolinux` instead of default `/etc/elasticsearch/jvm.options`
|
||||
* evolinux-users: check permissions for /etc/sudoers.d
|
||||
* evolinux-users: optimize sudo configuration
|
||||
* lxc: Fail if /var is nosuid
|
||||
* openvpn: make it compatible with OpenBSD and add some improvements
|
||||
|
||||
|
||||
|
||||
## [22.01.3] 2022-01-31
|
||||
|
||||
### Changed
|
||||
|
||||
* rbenv: install Ruby 3.1.0 by default
|
||||
* evolinux-base: backup-server-state: add "force" mode
|
||||
|
||||
### Fixed
|
||||
|
||||
* evolinux-base: backup-server-state: fix systemctl invocation
|
||||
* varnish: update munin plugin to work with recent varnish versions
|
||||
|
||||
## [22.01.2] 2022-01-27
|
||||
|
||||
### Changed
|
||||
|
||||
* evolinux-base: many improvements for backup-server-state script
|
||||
* remount-usr: use findmnt to find if usr is a readonly partition
|
||||
|
||||
## [22.01] 2022-01-25
|
||||
|
||||
### Added
|
||||
|
||||
* Support for Debian 11 « Bullseye » (with possible remaining blind spots)
|
||||
* apache: new variable for MPM mode (+ updated default config accordingly)
|
||||
* apache: prevent accessing Git or "env" related files
|
||||
* certbot: add script for manual deploy hooks execution
|
||||
* docker-host: install additional dependencies
|
||||
* dovecot: switch to TLS 1.2+ and external DH params
|
||||
* etc-git: centralize cron jobs in dedicated crontab
|
||||
* etc-git: manage commits with an optimized shell script instead of many slow Ansible tasks
|
||||
* evolinux-base: add script backup-server-state
|
||||
* evolinux-base: configure top and htop to display the swap column
|
||||
* evolinux-base: install molly-guard by default
|
||||
* generate-ldif: detect RAID controller
|
||||
* generate-ldif: detect mdadm
|
||||
* listupgrade: crontab is configurable
|
||||
* logstash: logging to syslog is configurable (default: True)
|
||||
* mongodb: create munin plugins directory if missing
|
||||
* munin: systemd override to unprotect home directory
|
||||
* mysql: add evomariabackup 21.11
|
||||
* mysql: improve Bullseye compatibility
|
||||
* mysql: script "mysql_connections" to display a compact list of connections
|
||||
* mysql: script "mysql-queries-killer.sh" to kill MySQL queries
|
||||
* nagios-nrpe + evolinux-users: new check for ipmi
|
||||
* nagios-nrpe + evolinux-users: new check for RAID (soft + hard)
|
||||
* nagios-nrpe + evolinux-users: new checks for bkctld
|
||||
* nagios-nrpe: new check influxdb
|
||||
* openvpn: new role (beta)
|
||||
* redis: instance service for Debian 11
|
||||
* squid: add *.o.lencr.org to default whitelist
|
||||
|
||||
### Changed
|
||||
|
||||
* Change version pattern
|
||||
* Install python 2 or 3 libraries according to running python version
|
||||
* Remove embedded GPG keys only if legacy keyring is present
|
||||
* apt: remove workaround for Evolix public repositories with Debian 11
|
||||
* apt: upgrade packages after all the configuration is done
|
||||
* apt: use the new security repository for Bullseye
|
||||
* certbot: silence letsencrypt deprecation warnings
|
||||
* elasticsearch: elastic_stack_version = 7.x
|
||||
* evoacme: exclude renewal-hooks directory from cron
|
||||
* evoadmin-web: simpler PHP packages lists
|
||||
* evocheck: upstream release 21.10.4
|
||||
* evolinux-base: alert5 comes after the network
|
||||
* evolinux-base: force Debian version to buster for Evolix repository (temporary)
|
||||
* evolinux-base: install freeipmi by default on dedicated hw
|
||||
* evolinux-base: logs are rotated with dateext by default
|
||||
* evolinux-base: split dpkg logrotate configuration
|
||||
* evolinux-users + nagios-nrpe: Add support for php-fpm80 in lxc
|
||||
* evomaintenance: extract a config.yml tasks file
|
||||
* evomaintenance: upstream release 22.01
|
||||
* filebeat/metricbeat: elastic_stack_version = 7.x
|
||||
* kibana: elastic_stack_version = 7.x
|
||||
* listupgrade: old-kernel-removal version 21.10
|
||||
* listupgrade: upstream release 21.06.3
|
||||
* logstash: elastic_stack_version = 7.x
|
||||
* mongodb: Allow to specify a mongodb version for buster & bullseye
|
||||
* mongodb: Deny the install on Debian 11 « Bullseye » when the version is unsupported
|
||||
* mongodb: Support version 5.0 (for buster)
|
||||
* mysql: use python3 and mariadb-client-10.5 with Debian 11 and later
|
||||
* nodejs: default to version 16 LTS
|
||||
* php: enforce Debian version with assert instead of fail
|
||||
* squid: improve default whitelist (more specific patterns)
|
||||
* squid: must be started in foreground mode for systemd
|
||||
* squid: remove obsolete variable on Squid 4
|
||||
|
||||
### Fixed
|
||||
|
||||
* evolinux-base: fix alert5.service dependency syntax
|
||||
* certbot: sync_remote excludes itself
|
||||
* lxc-php: fix config for opensmtpd on bullseye containers
|
||||
* mysql : Create a default ~root/.my.cnf for compatibility reasons
|
||||
* nginx : fix variable name and debug to actually use nginx-light
|
||||
* packweb-apache : Support php 8.0
|
||||
* nagios-nrpe: Fix check_nfsserver for buster and bullseye
|
||||
|
||||
### Removed
|
||||
|
||||
* evocheck: package install is not supported anymore
|
||||
* logstash: no more dependency on Java
|
||||
* php: remove php-gettext for 7.4
|
||||
|
||||
## [10.6.0] 2021-06-28
|
||||
|
||||
### Added
|
||||
|
||||
* Add Elastic GPG key to kibana, filebeat, logstash, metricbeat roles
|
||||
* apache: new variable for mpm mode (+ updated default config accordingly)
|
||||
* evolinux-base: add default motd template
|
||||
* kvm-host: add migrate-vm script
|
||||
* mysql: variable to disable myadd script overwrite (default: True)
|
||||
* nodejs: update apt cache before installing the package
|
||||
* squid: add Yarn apt repository in default whitelist
|
||||
|
||||
### Changed
|
||||
|
||||
* Update Galaxy metadata (company, platforms and galaxy_tags)
|
||||
* Use 'loop' syntax instead of 'with_first_found/with_items/with_dict/with_nested/with_list'
|
||||
* Use Ansible syntax used in Ansible 2.8+
|
||||
* apt: store keys in /etc/apt/trusted.gpg.d in ascii format
|
||||
* certbot: sync_remote.sh is configurable
|
||||
* evolinux-base: copy GPG key instead of using apt-key
|
||||
* evomaintenance: upstream release 0.6.4
|
||||
* kvm-host: replace the "kvm-tools" package with scripts deployed by Ansible
|
||||
* listupgrade: upstream release 21.06.2
|
||||
* nodejs: change GPG key name
|
||||
* ntpd: Add leapfile configuration setting to ntpd on debian 10+
|
||||
* packweb-apache: install phpMyAdmin from buster-backports
|
||||
* spamassassin: change dependency on evomaintenance
|
||||
* squid: remove obsolete variable on Squid 4
|
||||
|
||||
### Fixed
|
||||
|
||||
* add default (useless) value for file lookup (first_found)
|
||||
* fix pipefail option for shell invocations
|
||||
* elasticsearch: inline YAML formatting of seed_hosts and initial_master_nodes
|
||||
* evolinux-base: fix motd lookup path
|
||||
* ldap: fix edge cases where passwords were not set/get properly
|
||||
* listupgrade: fix wget error + shellcheck cleanup
|
||||
|
||||
### Removed
|
||||
|
||||
* elasticsearch: recent versiond don't depend on external JRE
|
||||
|
||||
## [10.5.1] 2021-04-13
|
||||
|
||||
### Added
|
||||
|
||||
* haproxy: dedicated internal address/binding (without SSL)
|
||||
|
||||
### Changed
|
||||
|
||||
* etc-git: commit in /usr/share/scripts when there's an active repository
|
||||
|
||||
## [10.5.0] 2021-04-01
|
||||
|
||||
### Added
|
||||
|
||||
* apache: new variables for logrotate + server-status
|
||||
* filebeat: package can be upgraded to latest (default: False)
|
||||
* haproxy: possible admin access with login/pass
|
||||
* lxc-php: Add PHP 7.4 support
|
||||
* metricbeat: package can be upgraded to latest (default: False)
|
||||
* metricbeat: new variables to configure SSL mode
|
||||
* nagios-nrpe: new script check_phpfpm_multi
|
||||
* nginx: add access to server status on default VHost
|
||||
* postfix: add smtpd_relay_restrictions in configuration
|
||||
|
||||
### Changed
|
||||
|
||||
* apache: rotate logs daily instead of weekly
|
||||
* apache: deny requests to ^/evolinux_fpm_status-.*
|
||||
* certbot: use a fixed 1.9.0 version of the certbot-auto script (renamed "letsencrypt-auto")
|
||||
* certbot: use the legacy script on Debian 8 and 9
|
||||
* elasticsearch: log rotation is more readable/maintainable
|
||||
* evoacme: upstream release 21.01
|
||||
* evolinux-users: Add sudo rights for nagios for multi-php lxc
|
||||
* listupgrade: update script from upstream
|
||||
* minifirewall: change some defaults
|
||||
* nagios-nrpe: update check_phpfpm_status.pl & install perl dependencies
|
||||
* redis: use /run instead or /var/run
|
||||
* redis: escape password in Munin configuration
|
||||
|
||||
### Fixed
|
||||
|
||||
* bind9: added log files to apparmor definition so bind can run
|
||||
* filebeat: fix Ansible syntax error
|
||||
* nagios-nrpe: libfcgi-client-perl is not available before Debian 10
|
||||
* redis: socket/pid directories have the correct permissions
|
||||
|
||||
### Removed
|
||||
|
||||
* nginx: no more "minimal" mode, but the package remains customizable.
|
||||
|
||||
## [10.4.0] 2020-12-24
|
||||
|
||||
### Added
|
||||
|
||||
* certbot: detect domains if missing
|
||||
* certbot: new "sync_remote.sh" hook to sync certificates and execute hooks on remote servers
|
||||
* varnish: variable for jail configuration
|
||||
|
||||
### Changed
|
||||
|
||||
* certbot: disable auth for Let's Encrypt challenge
|
||||
* nginx: change from "nginx_status-XXX" to "server-status-XXX"
|
||||
|
||||
## [10.3.0] 2020-12-21
|
||||
|
||||
### Added
|
||||
|
||||
* dovecot: Update munin plugin & configure it
|
||||
* dovecot: vmail uid/gid are configurable
|
||||
* evoacme: variable to disable Debian version check (default: False)
|
||||
* kvm-host: Add drbd role dependency (toggleable with kvm_install_drbd)
|
||||
* minifirewall: upstream release 20.12
|
||||
* minifirewall: add variables to force upgrade the script and the config (default: False)
|
||||
* mysql: install save_mysql_processlist script
|
||||
* nextcloud: New role to setup a nextcloud instance
|
||||
* redis: variable to force use of port 6379 in instances mode
|
||||
* redis: check maxmemory in NRPE check
|
||||
* lxc-php: Allow php containers to contact local MySQL with localhost
|
||||
* varnish: config file name is configurable
|
||||
|
||||
### Changed
|
||||
|
||||
* Create system users for vmail (dovecot) and evoadmin
|
||||
* apt: disable APT Periodic
|
||||
* evoacme: upstream release 20.12
|
||||
* evocheck: upstream release 20.12
|
||||
* evolinux-users: improve uid/login checks
|
||||
* tomcat-instance: fail if uid already exists
|
||||
* varnish: change template name for better readability
|
||||
* varnish: no threadpool delay by default
|
||||
* varnish: no custom reload script for Debian 10 and later
|
||||
|
||||
### Fixed
|
||||
|
||||
* cerbot: parse HAProxy config file only if HAProxy is found
|
||||
|
||||
## [10.2.0] 2020-09-17
|
||||
|
||||
### Added
|
||||
|
||||
* evoacme: remount /usr if necessary
|
||||
* evolinux-base: swappiness is customizable
|
||||
* evolinux-base: install wget
|
||||
* tomcat: root directory owner/group are configurable
|
||||
|
||||
### Changed
|
||||
|
||||
* Change default public SSH/SFTP port from 2222 to 22222
|
||||
|
||||
### Fixed
|
||||
|
||||
* certbot: an empty change shouldn't raise an exception
|
||||
* certbot: fix "no-self-upgrade" option
|
||||
|
||||
### Removed
|
||||
|
||||
* evoacme: remove Debian 9 support
|
||||
|
||||
## [10.1.0] 2020-08-21
|
||||
|
||||
### Added
|
||||
|
||||
* certbot: detect HAProxy cert directory
|
||||
* filebeat: allow using a template
|
||||
* generate-ldif: add NVMe disk support
|
||||
* haproxy: add deny_ips file to reject connections
|
||||
* haproxy: add some comments to default config
|
||||
* haproxy: enable stats frontend with access lists
|
||||
* haproxy: preconfigure SSL with defaults
|
||||
* lxc-php: Don't disable putenv() by default in PHP settings
|
||||
* lxc-php: Install php-sqlite by default
|
||||
* metricbeat: allow using a template
|
||||
* mysql: activate binary logs by specifying log_bin path
|
||||
* mysql: option to define as read only
|
||||
* mysql: specify a custom server_id
|
||||
* nagios-nrpe/evolinux-base: brand new check for hardware raid on HP servers gen 10
|
||||
* nginx: make default vhost configurable
|
||||
* packweb-apache: Install zip & unzip by default
|
||||
* php: Don't disable putenv() by default in PHP settings
|
||||
* php: Install php-sqlite by default
|
||||
|
||||
### Changed
|
||||
|
||||
* certbot: fix haproxy hook (ssl cert directory detection)
|
||||
* certbot: install certbot dependencies non-interactively for jessie
|
||||
* elasticsearch: configure cluster with seed hosts and initial masters
|
||||
* elasticsearch: set tmpdir before datadir
|
||||
* evoacme: read values from environment before defaults file
|
||||
* evoacme: update for new certbot role
|
||||
* evoacme: upstream release 20.08
|
||||
* haproxy: adapt backports installed package list to distibution
|
||||
* haproxy: chroot and socket path are configurable
|
||||
* haproxy: deport SSL tuning to Mozilla SSL generator
|
||||
* haproxy: rotate logs with date extension and immediate compression
|
||||
* haproxy: split stats variables
|
||||
* lxc-php: Do --no-install-recommends for ssmtp/opensmtpd
|
||||
* mongodb: install custom munin plugins
|
||||
* nginx: read server-status values before changing the config
|
||||
* packweb-apache: Don't turn on mod-evasive emails by default
|
||||
* redis: create sudoers file if missing
|
||||
* redis: new syntax for match filter
|
||||
* redis: raise an error is port 6379 is used in "instance" mode
|
||||
|
||||
### Fixed
|
||||
|
||||
* certbot: restore compatibility with old Nginx
|
||||
* evobackup-client: fixed the ssh connection test
|
||||
* generate-ldif: better detection of computerOS field
|
||||
* generate-ldif: skip some odd ethernet devices
|
||||
* lxc-php: Install opensmtpd as intended
|
||||
* mongodb: fix logrotate patterm on Debian buster
|
||||
* nagios-nrpe: check_amavis: updated regex
|
||||
* squid: better regex to match sa-update domains
|
||||
* varnish: fix start command when multiple addresses are present
|
||||
|
||||
## [10.0.0] - 2020-05-13
|
||||
|
||||
### Added
|
||||
* apache: the default VHost doesn't redirect to https for ".well-known" paths
|
||||
* apt: added buster backports prerferences
|
||||
* apt: check if cron is installed before adding a cron job
|
||||
* apt: remove jessie/buster sources from Gandi servers
|
||||
* apt: verify that /etc/evolinux is present
|
||||
* certbot : new role to install and configure certbot
|
||||
* etc-git: add versioning for /usr/share/scripts on Debian 10+
|
||||
* evoacme: upstream version 19.11
|
||||
* evolinux-base: default value for "evolinux_ssh_group"
|
||||
* evolinux-base: install /sbin/deny
|
||||
* evolinux-base: install Evocheck (default: `True`)
|
||||
* evolinux-base: on debian 10 and later, add noexec on /dev/shm
|
||||
* evolinux-base: on debian 10 and later, add /usr/share/scripts in root's PATH
|
||||
* evolinux-base: remove the chrony package
|
||||
* evomaintenance: don't configure firewall for database if not necessary
|
||||
* generate-ldif: support MariaDB 10.3
|
||||
* haproxy: add a variable to keep the existing configuration
|
||||
* java: add Java 11 as possible version to install
|
||||
* listupgrade: install old-kernel-autoremoval script
|
||||
* minifirewall: add a variable to force the check scripts update
|
||||
* mongodb: mongodb: compatibility with Debian 10
|
||||
* mysql-oracle: backport tasks from mysql role
|
||||
* networkd-to-ifconfig: add variables for configuration by variables
|
||||
* packweb-apache: Deploy opcache.php to give some insights on PHP's opcache status
|
||||
* php: variable to install the mysqlnd module instead of the default mysql module
|
||||
* postgresql : variable to install PostGIS (default: `False`)
|
||||
* redis: rewrite of the role (separate instances, better systemd units…)
|
||||
* webapps/evoadmin-web Add an htpasswd to evoadmin if you cant use an apache IP whitelist
|
||||
* webapps/evoadmin-web Overload templates if needed
|
||||
* evolinux-base: install ssacli for HP Smart Array
|
||||
* evobackup-client role to configure a machine for backups with bkctld(8)
|
||||
* bind: enable query logging for recursive resolvers
|
||||
* bind: enable logrotate for recursive resolvers
|
||||
* bind: enable bind9 munin plugin for recursive resolvers
|
||||
|
||||
### Changed
|
||||
* replace version_compare() with version()s
|
||||
* removed some deprecations for Ansible 2.7
|
||||
* apache: improve permissions in save_apache_status script
|
||||
* apt: hold packages only if package is installed
|
||||
* bind: the munin task was present, but not included
|
||||
* bind: change name of logrotate file to bind9
|
||||
* certbot: commit hook must be executed at the end
|
||||
* elasticsearch: listen on local interface only by default
|
||||
* evocheck: upstream version 20.04.4
|
||||
* evocheck: cron jobs execute in verbose
|
||||
* evolinux-base: use "evolinux_internal_group" for SSH authentication
|
||||
* evolinux-base: Don't customize the logcheck recipient by default.
|
||||
* evolinux-base: configure cciss-vol-statusd in the proper file
|
||||
* evomaintenance: upstream release 0.6.3
|
||||
* evomaintenance: Turn on API by default (instead of DB)
|
||||
* evomaintenance: install PG dependencies only when needed
|
||||
* listupgrade: update from upstream
|
||||
* lxc: rely on lxc_container module instead of command module
|
||||
* lxc: remove useless loop in apt execution
|
||||
* lxc: update our default template to be compatible with Debian 10
|
||||
* lxc-php: refactor tasks for better maintainability
|
||||
* lxc-php: Use OpenSMTPD for Stretch/Buster containers, and ssmtp for Jessie containers
|
||||
* lxc-solr: changed default Solr version to 8.4.1
|
||||
* minifirewall: better alert5 activation
|
||||
* minifirewall: no http filtering by default
|
||||
* minifirewall: /bin/true command doesn't report "changed" anymore
|
||||
* nagios-nrpe: update check_redis_instances (same as redis role)
|
||||
* nagios-nrpe: change default haproxy socket path
|
||||
* nagios-nrpe: check_mode per cpu dynamically
|
||||
* nodejs: change default version to 12 (new LTS)
|
||||
* packweb-apache: Do the install & conffigure phpContainer script (instead of evoadmin-web role)
|
||||
* php: By default, allow 128M for OpCache (instead of 64M)
|
||||
* php: Don't set a chroot for the default fpm pool
|
||||
* php: Make sure the default pool we define can be fully functionnal witout debian's default pool file
|
||||
* php: Change the default pool names to something more explicit (and same for the variables names)
|
||||
* php: Add a task to remove Debian's default FPM pool file (off by default)
|
||||
* php: Cleanup CLI Settings. Also, allow url fopen and don't disable functions (in CLI only)
|
||||
* postgresql : changed logrotate config to 10 days (and fixed permissions)
|
||||
* rbenv: changed default Ruby version to 2.7.0
|
||||
* squid: Remove wait time when we turn off squid
|
||||
* squid: compatibility wit Debian 10
|
||||
* tomcat: package version derived from Debian version if missing
|
||||
* varnish: remove custom ExecReload= script for Debian 10+
|
||||
|
||||
### Fixed
|
||||
* etc-git: fix warnings ansible-lint
|
||||
* evoadmin-web: Put the php config at the right place for Buster
|
||||
* lxc: Don't stop the container if it already exists
|
||||
* lxc: Fix container existance check to be able to run in check_mode
|
||||
* lxc-php: Don't remove the default pool
|
||||
* minifirewall: fix warnings ansible-lint
|
||||
* nginx: fix munin fcgi not working (missing chmod 660 on logs)
|
||||
* php: add missing handler for php7.3-fpm
|
||||
* roundcube: fix typo for roundcube vhost
|
||||
* tomcat: fix typo for default tomcat_version
|
||||
* evolinux-base: Fix our zsyslog rotate config that doesn't work on Debian 10
|
||||
* certbot: Properly evaluate when apache is installed
|
||||
* evolinux-base: Don't make alert5.service executable as systemd will complain
|
||||
* webapps/evoadmin-web: Set default evoadmin_mail_tpl_force to True to fix a regression where the mail template would not get updated because the file is created before the role is first run.
|
||||
* minifirewall: Backport changes from minifirewall (properly open outgoing smtp(s))
|
||||
* minifirewall: Properly detect alert5.sh to turn on firewall at boot
|
||||
* packweb-apache: Add missing dependency to evoacme role
|
||||
* php: Chose the debian version repo archive for packages.sury.org
|
||||
* php: update surry_post.yml to match current latest PHP release
|
||||
* packweb-apache: Don't try to install PHPMyAdmin on Buster as it's not available
|
||||
|
||||
### Removed
|
||||
* clamav : do not install the zoo package anymore
|
||||
|
||||
## [9.10.1] - 2019-06-21
|
||||
|
||||
### Changed
|
||||
* evocheck : update (version 19.06) from upstream
|
||||
|
||||
## [9.10.0] - 2019-06-21
|
||||
|
||||
### Added
|
||||
* apache: add server status suffix in VHost (and default site) if missing
|
||||
* apache: add a variable to customize the server-status host
|
||||
* apt: add a script to manage packages with "hold" mark
|
||||
* etc-git: gitignore /etc/letsencrypt/.certbot.lock
|
||||
* evolinux-base: install "spectre-meltdown-checker" (Debian 10 and later)
|
||||
* evomaintenance: make hooks configurable
|
||||
* nginx: add server status suffix in VHost (and default site) if missing
|
||||
* redmine: enable gzip compression in nginx vhost
|
||||
|
||||
### Changed
|
||||
* evocheck : version 19.04 from upstream
|
||||
* evocheck : update (unreleased) from upstream
|
||||
* evomaintenance : use the web API instead of PG Insert
|
||||
* rbenv: update defaults rbenv version to 1.1.2 and ruby version to 2.5.5
|
||||
* fluentd: store gpg key locally
|
||||
* rbenv: update defaults rbenv version to 1.1.2 and ruby version to 2.6.3
|
||||
* redmine: update default version to 4.0.3
|
||||
* nagios-nrpe: change required status code for http and https check
|
||||
* redmine: use custom errors-pages in Nginx vhost
|
||||
* nagios-nrpe: check_load is now based on ansible_processor_vcpus
|
||||
* php: Stop enforcing /var/www/html as chroot while we use /var/www
|
||||
* apt: Add Debian Buster repositories
|
||||
|
||||
### Fixed
|
||||
* rbenv: add check_mode for check rbenv and ruby versions
|
||||
* nagios-nrpe: fix redis_instances check when Redis port equal 0
|
||||
|
||||
### Security
|
||||
* redmine: fix 500 error on logging
|
||||
* evolinux-base: Validate sshd config with "-t" instead of "-T"
|
||||
* evolinux-base: Ensure rename is present
|
||||
* evolinux-users: Validate sshd config with "-t" instead of "-T"
|
||||
* nagios-nrpe: Replace the dummy packages nagios-plugins-* with monitoring-plugins-*
|
||||
|
||||
## [9.9.0] - 2019-04-16
|
||||
|
||||
|
|
|
|||
22
Dockerfile
Normal file
22
Dockerfile
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
FROM debian:stretch-slim
|
||||
|
||||
ENV ROLES_VERSION=${ROLES_VERSION:-unstable}
|
||||
|
||||
RUN apt-get update \
|
||||
&& apt-get install -y --no-install-recommends \
|
||||
git \
|
||||
ansible \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
RUN ansible-galaxy install --force \
|
||||
--roles-path /etc/ansible \
|
||||
"git+https://gitea.evolix.org/evolix/ansible-roles.git,${ROLES_VERSION},roles"
|
||||
|
||||
ENV ANSIBLE_FORCE_COLOR=1
|
||||
ENV ANSIBLE_HOST_KEY_CHECKING=false
|
||||
ENV ANSIBLE_RETRY_FILES_ENABLED=false
|
||||
ENV PYTHONUNBUFFERED=1
|
||||
|
||||
WORKDIR /data
|
||||
|
||||
ENTRYPOINT ["ansible-playbook"]
|
||||
|
|
@ -50,6 +50,8 @@ Before starting anything of importance, we suggest contacting us to discuss what
|
|||
|
||||
Our conventions are available in the "ansible-public":https://gitea.evolix.org/evolix/ansible-public repository, in the CONVENTIONS.md file.
|
||||
|
||||
All modifications should be documented in the CHANGELOG file, to help review releases. We encourage atomic commits, on a single role, and with the CHANGELOG in the same commit.
|
||||
|
||||
## Workflow
|
||||
|
||||
The ideal and most typical workflow is to create a branch, based on the "unstable" branch. The branch should have a descriptive name (a ticket/issue number is great). The branch can be treated as a pull-request or merge-request. It should be propery tested and reviewed before merging into "unstable".
|
||||
|
|
|
|||
|
|
@ -1,11 +1,10 @@
|
|||
---
|
||||
- name: install Amavis
|
||||
apt:
|
||||
name: "{{ item }}"
|
||||
name:
|
||||
- postgrey
|
||||
- amavisd-new
|
||||
state: present
|
||||
with_items:
|
||||
- postgrey
|
||||
- amavisd-new
|
||||
tags:
|
||||
- amavis
|
||||
|
||||
|
|
|
|||
|
|
@ -52,7 +52,7 @@ In your main evolinux playbook put this play before Evolinux one:
|
|||
|
||||
tasks:
|
||||
- include_role:
|
||||
name: amazon-ec2
|
||||
name: evolix/amazon-ec2
|
||||
tasks_from: create-instance.yml
|
||||
```
|
||||
|
||||
|
|
|
|||
|
|
@ -10,10 +10,10 @@
|
|||
|
||||
tasks:
|
||||
- include_role:
|
||||
name: amazon-ec2
|
||||
name: evolix/amazon-ec2
|
||||
tasks_from: setup.yml
|
||||
- include_role:
|
||||
name: amazon-ec2
|
||||
name: evolix/amazon-ec2
|
||||
tasks_from: create-instance.yml
|
||||
|
||||
- name: Install Evolinux
|
||||
|
|
@ -52,11 +52,11 @@
|
|||
|
||||
post_tasks:
|
||||
- include_role:
|
||||
name: etc-git
|
||||
name: evolix/etc-git
|
||||
tasks_from: commit.yml
|
||||
vars:
|
||||
commit_message: "Ansible post-run Evolinux playbook"
|
||||
|
||||
- include_role:
|
||||
name: evocheck
|
||||
name: evolix/evocheck
|
||||
tasks_from: exec.yml
|
||||
|
|
|
|||
|
|
@ -122,6 +122,10 @@ ec2_evolinux_security_group:
|
|||
from_port: 2222
|
||||
to_port: 2222
|
||||
cidr_ip: 0.0.0.0/0
|
||||
- proto: tcp
|
||||
from_port: 22222
|
||||
to_port: 22222
|
||||
cidr_ip: 0.0.0.0/0
|
||||
- proto: tcp
|
||||
from_port: 2223
|
||||
to_port: 2223
|
||||
|
|
|
|||
|
|
@ -21,11 +21,11 @@
|
|||
groupname: launched-instances
|
||||
ansible_user: admin
|
||||
ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
|
||||
with_items: "{{ec2.instances}}"
|
||||
loop: "{{ec2.instances}}"
|
||||
|
||||
- debug:
|
||||
msg: "Your newly created instance is reachable at: {{item.public_dns_name}}"
|
||||
with_items: "{{ec2.instances}}"
|
||||
loop: "{{ec2.instances}}"
|
||||
|
||||
- name: Wait for SSH to come up on all instances (give up after 2m)
|
||||
wait_for:
|
||||
|
|
@ -33,4 +33,4 @@
|
|||
host: "{{item.public_dns_name}}"
|
||||
port: 22
|
||||
timeout: 120
|
||||
with_items: "{{ec2.instances}}"
|
||||
loop: "{{ec2.instances}}"
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ apache_evolinux_default_enabled: True
|
|||
apache_evolinux_default_ssl_cert: /etc/ssl/certs/ssl-cert-snakeoil.pem
|
||||
apache_evolinux_default_ssl_key: /etc/ssl/private/ssl-cert-snakeoil.key
|
||||
|
||||
apache_serverstatus_host: 127.0.0.1
|
||||
apache_serverstatus_suffix: ""
|
||||
apache_serverstatus_suffix_file: "/etc/evolinux/apache_serverstatus_suffix"
|
||||
|
||||
|
|
@ -19,3 +20,8 @@ apache_munin_include: True
|
|||
|
||||
general_alert_email: "root@localhost"
|
||||
log2mail_alert_email: Null
|
||||
|
||||
apache_logrotate_frequency: daily
|
||||
apache_logrotate_rotate: 365
|
||||
|
||||
apache_mpm: "itk"
|
||||
|
|
@ -24,3 +24,6 @@ SetEnvIf User-Agent "ApacheBench" GoAway=1
|
|||
#<FilesMatch ".(eot|ttf|otf|woff)">
|
||||
# Header set Access-Control-Allow-Origin "*"
|
||||
#</FilesMatch>
|
||||
|
||||
# you need disable EnableCapabilities to use data on NFS mounts
|
||||
#EnableCapabilities off
|
||||
|
|
|
|||
|
|
@ -3,34 +3,68 @@ Timeout 10
|
|||
KeepAliveTimeout 2
|
||||
MaxKeepAliveRequests 10
|
||||
#MaxClients 250
|
||||
MaxRequestWorkers 250
|
||||
ServerLimit 250
|
||||
StartServers 50
|
||||
MinSpareServers 20
|
||||
MaxSpareServers 30
|
||||
MaxRequestsPerChild 0
|
||||
|
||||
<IfModule mpm_prefork_module>
|
||||
MaxRequestWorkers 250
|
||||
ServerLimit 250
|
||||
StartServers 50
|
||||
MinSpareServers 20
|
||||
MaxSpareServers 30
|
||||
MaxRequestsPerChild 0
|
||||
</IfModule>
|
||||
|
||||
<IfModule mpm_worker_module>
|
||||
StartServers 3
|
||||
MinSpareThreads 25
|
||||
MaxSpareThreads 75
|
||||
ThreadLimit 64
|
||||
ThreadsPerChild 25
|
||||
MaxRequestWorkers 150
|
||||
MaxConnectionsPerChild 0
|
||||
</IfModule>
|
||||
|
||||
<IfModule mpm_itk_module>
|
||||
LimitUIDRange 0 6000
|
||||
LimitGIDRange 0 6000
|
||||
</IfModule>
|
||||
|
||||
<IfModule ssl_module>
|
||||
SSLProtocol all -SSLv2 -SSLv3
|
||||
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4
|
||||
</IfModule>
|
||||
|
||||
<IfModule status_module>
|
||||
ExtendedStatus On
|
||||
<IfModule proxy_module>
|
||||
ProxyStatus On
|
||||
</IfModule>
|
||||
</IfModule>
|
||||
|
||||
|
||||
<Directory /home/>
|
||||
AllowOverride None
|
||||
Require all granted
|
||||
# "Require not env XXX" is not supported :(
|
||||
Deny from env=GoAway
|
||||
</Directory>
|
||||
<IfModule mod_ssl.c>
|
||||
SSLProtocol all -SSLv2 -SSLv3
|
||||
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4
|
||||
</IfModule>
|
||||
<Files ~ "\.(inc|bak)$">
|
||||
|
||||
<DirectoryMatch "/\.git">
|
||||
# We don't want to let the client know a file exist on the server,
|
||||
# so we return 404 "Not found" instead of 403 "Forbidden".
|
||||
Redirect 404
|
||||
</DirectoryMatch>
|
||||
|
||||
# File names starting with
|
||||
<FilesMatch "^\.(git|env)">
|
||||
Redirect 404
|
||||
</FilesMatch>
|
||||
|
||||
# File names ending with
|
||||
<FilesMatch "\.(inc|bak)$">
|
||||
Redirect 404
|
||||
</FilesMatch>
|
||||
|
||||
<LocationMatch "^/evolinux_fpm_status-.*">
|
||||
Require all denied
|
||||
</Files>
|
||||
</LocationMatch>
|
||||
|
||||
<IfModule mod_status.c>
|
||||
ExtendedStatus On
|
||||
<IfModule mod_proxy.c>
|
||||
ProxyStatus On
|
||||
</IfModule>
|
||||
</IfModule>
|
||||
|
||||
<IfModule mpm_itk.c>
|
||||
LimitUIDRange 0 6000
|
||||
LimitGIDRange 0 6000
|
||||
</IfModule>
|
||||
|
|
|
|||
|
|
@ -4,14 +4,18 @@ set -e
|
|||
|
||||
DIR="/var/log/apache-status"
|
||||
URL="http://127.0.0.1/server-status"
|
||||
TS=`date +%Y%m%d%H%M%S`
|
||||
TS=$(date +%Y%m%d%H%M%S)
|
||||
FILE="${DIR}/${TS}.html"
|
||||
|
||||
mkdir -p "${DIR}"
|
||||
|
||||
wget -q -O "${FILE}" "${URL}"
|
||||
if [ ! -d "${DIR}" ]; then
|
||||
mkdir -p "${DIR}"
|
||||
chown root:adm "${DIR}"
|
||||
chmod 750 "${DIR}"
|
||||
fi
|
||||
|
||||
wget -q -U "save_apache_status" -O "${FILE}" "${URL}"
|
||||
chmod 640 "${FILE}"
|
||||
chown root:adm "${FILE}"
|
||||
|
||||
find "${DIR}" -type f -mtime +1 -delete
|
||||
|
||||
|
|
|
|||
|
|
@ -1,18 +1,24 @@
|
|||
---
|
||||
galaxy_info:
|
||||
author: Evolix
|
||||
company: Evolix
|
||||
description: Installation and basic configuration of Apache
|
||||
|
||||
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
|
||||
|
||||
license: GPLv2
|
||||
|
||||
min_ansible_version: 2.2
|
||||
min_ansible_version: "2.2"
|
||||
|
||||
platforms:
|
||||
- name: Debian
|
||||
versions:
|
||||
- jessie
|
||||
- stretch
|
||||
- name: Debian
|
||||
versions:
|
||||
- jessie
|
||||
- stretch
|
||||
- buster
|
||||
|
||||
galaxy_tags: []
|
||||
# Be sure to remove the '[]' above if you add dependencies
|
||||
# to this list.
|
||||
|
||||
dependencies: []
|
||||
# List your role dependencies here, one per line.
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@
|
|||
force: no
|
||||
tags:
|
||||
- apache
|
||||
|
||||
|
||||
- name: Load IP whitelist task
|
||||
include: ip_whitelist.yml
|
||||
|
||||
|
|
@ -40,7 +40,7 @@
|
|||
dest: /etc/apache2/private_htpasswd
|
||||
line: "{{ item }}"
|
||||
state: present
|
||||
with_items: "{{ apache_private_htpasswd_present }}"
|
||||
loop: "{{ apache_private_htpasswd_present }}"
|
||||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
|
|
@ -50,7 +50,7 @@
|
|||
dest: /etc/apache2/private_htpasswd
|
||||
line: "{{ item }}"
|
||||
state: absent
|
||||
with_items: "{{ apache_private_htpasswd_absent }}"
|
||||
loop: "{{ apache_private_htpasswd_absent }}"
|
||||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
dest: /etc/apache2/ipaddr_whitelist.conf
|
||||
line: "Require ip {{ item }}"
|
||||
state: present
|
||||
with_items: "{{ apache_ipaddr_whitelist_present }}"
|
||||
loop: "{{ apache_ipaddr_whitelist_present }}"
|
||||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
|
|
@ -16,7 +16,7 @@
|
|||
dest: /etc/apache2/ipaddr_whitelist.conf
|
||||
line: "Require ip {{ item }}"
|
||||
state: absent
|
||||
with_items: "{{ apache_ipaddr_whitelist_absent }}"
|
||||
loop: "{{ apache_ipaddr_whitelist_absent }}"
|
||||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
|
|
|
|||
|
|
@ -2,28 +2,37 @@
|
|||
|
||||
- name: packages are installed (Debian 9 or later)
|
||||
apt:
|
||||
name: '{{ item }}'
|
||||
name:
|
||||
- apache2
|
||||
- libapache2-mod-evasive
|
||||
- apachetop
|
||||
- libwww-perl
|
||||
state: present
|
||||
with_items:
|
||||
- apache2
|
||||
- libapache2-mpm-itk
|
||||
- libapache2-mod-evasive
|
||||
- apachetop
|
||||
- libwww-perl
|
||||
tags:
|
||||
- apache
|
||||
- packages
|
||||
when: ansible_distribution_major_version | version_compare('9', '>=')
|
||||
when: ansible_distribution_major_version is version('9', '>=')
|
||||
|
||||
- name: itk package is installed if required (Debian 9 or later)
|
||||
apt:
|
||||
name:
|
||||
- libapache2-mpm-itk
|
||||
state: present
|
||||
tags:
|
||||
- apache
|
||||
- packages
|
||||
when:
|
||||
- ansible_distribution_major_version is version('9', '>=')
|
||||
- apache_mpm == "itk"
|
||||
|
||||
- name: packages are installed (jessie)
|
||||
apt:
|
||||
name: '{{ item }}'
|
||||
name:
|
||||
- apache2-mpm-itk
|
||||
- libapache2-mod-evasive
|
||||
- apachetop
|
||||
- libwww-perl
|
||||
state: present
|
||||
with_items:
|
||||
- apache2-mpm-itk
|
||||
- libapache2-mod-evasive
|
||||
- apachetop
|
||||
- libwww-perl
|
||||
tags:
|
||||
- apache
|
||||
- packages
|
||||
|
|
@ -33,11 +42,10 @@
|
|||
apache2_module:
|
||||
name: '{{ item }}'
|
||||
state: present
|
||||
with_items:
|
||||
loop:
|
||||
- rewrite
|
||||
- expires
|
||||
- headers
|
||||
- cgi
|
||||
- ssl
|
||||
- include
|
||||
- negotiation
|
||||
|
|
@ -46,6 +54,18 @@
|
|||
tags:
|
||||
- apache
|
||||
|
||||
- name: basic modules are enabled
|
||||
apache2_module:
|
||||
name: '{{ item }}'
|
||||
state: present
|
||||
loop:
|
||||
- cgi
|
||||
notify: reload apache
|
||||
when: apache_mpm == "prefork" or apache_mpm == "itk"
|
||||
tags:
|
||||
- apache
|
||||
|
||||
|
||||
- name: Copy Apache defaults config file
|
||||
copy:
|
||||
src: evolinux-defaults.conf
|
||||
|
|
@ -82,7 +102,7 @@
|
|||
command: "a2enconf {{ item }}"
|
||||
register: command_result
|
||||
changed_when: "'Enabling' in command_result.stderr"
|
||||
with_items:
|
||||
loop:
|
||||
- z-evolinux-defaults.conf
|
||||
- zzz-evolinux-custom.conf
|
||||
notify: reload apache
|
||||
|
|
@ -110,7 +130,7 @@
|
|||
state: link
|
||||
force: yes
|
||||
notify: reload apache
|
||||
when: apache_evolinux_default_enabled
|
||||
when: apache_evolinux_default_enabled | bool
|
||||
tags:
|
||||
- apache
|
||||
|
||||
|
|
@ -140,7 +160,7 @@
|
|||
- apache
|
||||
|
||||
- include_role:
|
||||
name: remount-usr
|
||||
name: evolix/remount-usr
|
||||
tags:
|
||||
- apache
|
||||
|
||||
|
|
@ -163,19 +183,19 @@
|
|||
tags:
|
||||
- apache
|
||||
|
||||
- name: "logrotate: rotate weekly"
|
||||
- name: "logrotate: {{ apache_logrotate_frequency }}"
|
||||
replace:
|
||||
dest: /etc/logrotate.d/apache2
|
||||
regexp: "(daily|weekly|monthly)"
|
||||
replace: "weekly"
|
||||
replace: "{{ apache_logrotate_frequency }}"
|
||||
tags:
|
||||
- apache
|
||||
|
||||
- name: "logrotate: keep 52 files"
|
||||
- name: "logrotate: rotate {{ apache_logrotate_rotate }}"
|
||||
replace:
|
||||
dest: /etc/logrotate.d/apache2
|
||||
regexp: '^(\s+rotate) \d+$'
|
||||
replace: '\1 52'
|
||||
replace: '\1 {{ apache_logrotate_rotate }}'
|
||||
tags:
|
||||
- apache
|
||||
|
||||
|
|
@ -185,6 +205,6 @@
|
|||
- apache
|
||||
|
||||
- include: munin.yml
|
||||
when: apache_munin_include
|
||||
when: apache_munin_include | bool
|
||||
tags:
|
||||
- apache
|
||||
|
|
|
|||
|
|
@ -2,11 +2,10 @@
|
|||
|
||||
- name: "Install munin-node and core plugins packages"
|
||||
apt:
|
||||
name: "{{ item }}"
|
||||
name:
|
||||
- munin-node
|
||||
- munin-plugins-core
|
||||
state: present
|
||||
with_items:
|
||||
- munin-node
|
||||
- munin-plugins-core
|
||||
tags:
|
||||
- apache
|
||||
- munin
|
||||
|
|
@ -16,7 +15,7 @@
|
|||
src: "/usr/share/munin/plugins/{{ item }}"
|
||||
dest: "/etc/munin/plugins/{{ item }}"
|
||||
state: link
|
||||
with_items:
|
||||
loop:
|
||||
- apache_accesses
|
||||
- apache_processes
|
||||
- apache_volume
|
||||
|
|
@ -27,11 +26,10 @@
|
|||
|
||||
- name: "Install fcgi packages for Munin graphs"
|
||||
apt:
|
||||
name: "{{ item }}"
|
||||
name:
|
||||
- libapache2-mod-fcgid
|
||||
- libcgi-fast-perl
|
||||
state: present
|
||||
with_items:
|
||||
- libapache2-mod-fcgid
|
||||
- libcgi-fast-perl
|
||||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@
|
|||
# The last character "\u000A" is a line feed (LF), it's better to keep it
|
||||
content: "{{ apache_serverstatus_suffix }}\u000A"
|
||||
force: yes
|
||||
when: apache_serverstatus_suffix != ""
|
||||
when: apache_serverstatus_suffix | length > 0
|
||||
|
||||
- name: generate random string for server-status suffix
|
||||
shell: "apg -a 1 -M N -n 1 > {{ apache_serverstatus_suffix_file }}"
|
||||
|
|
@ -33,6 +33,7 @@
|
|||
|
||||
- debug:
|
||||
var: apache_serverstatus_suffix
|
||||
verbosity: 1
|
||||
|
||||
- name: replace server-status suffix in default site index
|
||||
replace:
|
||||
|
|
@ -62,7 +63,8 @@
|
|||
- name: apache-status URL is configured for Munin
|
||||
lineinfile:
|
||||
dest: /etc/munin/plugin-conf.d/munin-node
|
||||
line: "env.url http://127.0.0.1/server-status-{{ apache_serverstatus_suffix }}?auto"
|
||||
regexp: "env.url http://127.0.0.1/server-status"
|
||||
line: "env.url http://{{ apache_serverstatus_host }}/server-status-{{ apache_serverstatus_suffix }}?auto"
|
||||
regexp: 'env.url http://[^\\/]+/server-status'
|
||||
insertafter: "[apache_*]"
|
||||
create: no
|
||||
notify: restart munin-node
|
||||
|
|
|
|||
|
|
@ -43,6 +43,7 @@
|
|||
RewriteEngine on
|
||||
# Redirect to HTTPS, execpt for munin, because some plugins
|
||||
# can't handle HTTPS! :(
|
||||
RewriteCond %{REQUEST_URI} !^/.well-known.*$ [NC] [OR]
|
||||
RewriteCond %{REQUEST_URI} !^/server-status.*$ [NC] [OR]
|
||||
RewriteCond %{REQUEST_URI} !^/munin_opcache.php$ [NC]
|
||||
RewriteRule ^/(.*) https://{{ ansible_fqdn }}/$1 [L,R=permanent]
|
||||
|
|
@ -107,6 +108,15 @@
|
|||
Require all denied
|
||||
Include /etc/apache2/ipaddr_whitelist.conf
|
||||
</Directory>
|
||||
ScriptAlias /munin-cgi/munin-cgi-graph /usr/lib/munin/cgi/munin-cgi-graph
|
||||
<Location /munin-cgi/munin-cgi-graph>
|
||||
Options +ExecCGI
|
||||
<IfModule mod_fcgid.c>
|
||||
SetHandler fcgid-script
|
||||
</IfModule>
|
||||
Require all denied
|
||||
Include /etc/apache2/ipaddr_whitelist.conf
|
||||
</Location>
|
||||
|
||||
# BEGIN phpMyAdmin section
|
||||
# END phpMyAdmin section
|
||||
|
|
|
|||
3
apt/files/bullseye_backports_preferences
Normal file
3
apt/files/bullseye_backports_preferences
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
Package: *
|
||||
Pin: release a=bullseye-backports
|
||||
Pin-Priority: 50
|
||||
3
apt/files/buster_backports_preferences
Normal file
3
apt/files/buster_backports_preferences
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
Package: *
|
||||
Pin: release a=buster-backports
|
||||
Pin-Priority: 50
|
||||
|
|
@ -21,7 +21,12 @@ if [ -f ${config_file} ]; then
|
|||
if [ -n "${package}" ]; then
|
||||
if is_installed ${package} && ! is_held ${package}; then
|
||||
apt-mark hold ${package}
|
||||
>&2 echo "Package \`${package}' has been marked \`hold'."
|
||||
msg="Package \`${package}' has been marked \`hold'."
|
||||
>&2 echo "${msg}"
|
||||
wall_bin=$(command -v wall)
|
||||
if [ -n "${wall_bin}" ]; then
|
||||
"${wall_bin}" --timeout 5 "${msg}"
|
||||
fi
|
||||
return_code=1
|
||||
fi
|
||||
fi
|
||||
|
|
|
|||
920
apt/files/reg.asc
Normal file
920
apt/files/reg.asc
Normal file
|
|
@ -0,0 +1,920 @@
|
|||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: SKS 1.1.6
|
||||
Comment: Hostname: keyserver.ubuntu.com
|
||||
|
||||
mQINBEoHZ5kBEAC680PjynWTcP3ZtVfWWL6zQAcD8JoC+c5MbnpFScqtBc2MdlVZu6zED+B5
|
||||
sw2SSLf1EZlfbTPc3GcWTwdiXj2GQKzjMra1MZKUnVOD/uMVkj0ZTszUQziW01O9sWPhxbMu
|
||||
Qr7OD04jQ7TjtBBEJD+yf0HJsDVC7TCbpcNNtmhXByXqw7bgo0rzxeOB3hL88I7AcC7ve5iR
|
||||
xwXoXJYs1hgJMPmZXJmhKb0a3pVk075yMsXnxlOqM7XBk++zodDR03Ym21GLFOu+3DLTX9aC
|
||||
aU/AjXb/udtEBAHv+iVxZChzka/KkYMY+KX8A7niE/UN2PIfhWDTmLLcTyBAOuis6cUqDm2a
|
||||
w0IbXh359dfBbgV4/QLoafcM841W47Menp9tb0Qz1uHYwV6jjDEmbpGgEJRGIqd143j/zGBP
|
||||
xffmtPq1zn/QFVBQNltLiMyclAR1Yb4fksDkt8JGmvI+FwaHdx3dn1VU0hbdYR/5CHtsxN4V
|
||||
P/juUOrjbagp5zBBXLlVIVceGoD0mNkNWPyZh8C3SHg2Y+Q7t+cz4xysQN5BUHL4DX6nEIJA
|
||||
u0cZdBtr8dtkJToYlhSFaLFwZh/XmOgOndSNmeJz4ll29Xc3V2/hCQlllHXux5E79rRNRKK/
|
||||
rSydUzYir755udPWw18+6mPUzT6NDaVDDAwSOLOn99OUJt6bBQARAQABtB9HcmVnb3J5IENv
|
||||
bHBhcnQgPHJlZ0Bldm9saXguY2E+iQI3BBMBCAAhBQJWEagEAhsDBQsJCAcDBRUKCQgLBRYC
|
||||
AwEAAh4BAheAAAoJEESXUni4YStdYDAQAKuwOHT+wDS6vL6Xqp/59eKLaB02lTQuTDFq55K4
|
||||
dK9TNYOTmPoxvgeJigT3pHHfKQFS/wwigkOfv8VebBZAcjY03N+Joau1Vi+Er2VNR5Pt0jAf
|
||||
ApwZqe+8NMAfefculZvO0g91g2lcqJoMUIaUemAqOD/CoAMMXGQSNlX4BLsI7dbvkLLjbPSa
|
||||
wEODAMvuSLilI38dj7wBC30IAOQkOdkB34I/eL/sGruOxYSK7UFJfNU1aD2oQhTkYEQ5cgNK
|
||||
vE325fOx7m/sZ5aAlNvtZ3jS4ym45feT9xrbG2qHTbJiVAhdtfHMXGOU6/0UHJ3+YHHdzZhu
|
||||
0NCWinu18nDVeDWLmkqkZd77QtTpC/zw5s3+t8lpyqUAF+bN80ZHbB47bFphIupmWGDP2ihM
|
||||
NBWBwwFZb7ry27mLyyXKVOFWrYZPrdlNheEjUP7x0GzEO0kuxYO4fyTic5lu594hxwt/LWV1
|
||||
s48SV95dXqpQIRroV8ePZoJxlD4hXh1x23AgkWgG+SS3perIGypmouOdl9CQ3yAYSCfcTKw2
|
||||
dOWOxGubseyBWw3EDlWKZLkrqbBGxfBz8XJ92iCJ27rRhtpd6XEbqhRfPR9TGTliIfaruTLp
|
||||
MPrKZh74Hs7LAhHo0nkwcOoE/iYHhQpNXHMnj0hqMcwzzf6MlSrgJ/VPgQ721d5nTwrjtCBH
|
||||
cmVnb3J5IENvbHBhcnQgPHJlZ0BkZWJpYW4ub3JnPohGBBARAgAGBQJMa+/FAAoJENXKmwTy
|
||||
xCO8ggsAnAzhqo1IQ+3qwCWD9ifx4niyPiAFAKCo1ou0sB38EuQXnWCyp1ajblx37ohGBBAR
|
||||
AgAGBQJQn+UPAAoJEHDzXiRtUx5z2B0An3U1rm/gCkoWtAcsC/IYQ2hMVaMDAJ9ddV8IywsM
|
||||
vnKJ35rfg1PLT4KNFohGBBARCAAGBQJKB3HmAAoJEDIXXA3BAnoOiOgAn2tHyIuAGEY2ctJC
|
||||
yM+C7hmyMNMKAJ9asA/uRkG4wiJwEP8DCnNB7Obfq4hGBBARCAAGBQJMXHEgAAoJEOFVF/Ir
|
||||
CSDAnq0An2xcCMh6H6vIT9rmbxHgGbc8VfTEAKCopbM+QMAGQvOROMfqWJhiCB0fHIhGBBAR
|
||||
CAAGBQJMXT8rAAoJENTl7azAFD0tTz4AmwaE8zBHaUWbUnsYwWXqxavmf8BCAKC1hL9GKk60
|
||||
yXTEW1W1QUm8jIYILIhGBBARCAAGBQJMXzSgAAoJEPmF40AK/HR2eqoAni/Hvg2M4e4vrju5
|
||||
wPT+dONsA9/vAKC1X1c4YL1XiJ0fXpT02U13r9e8AIhGBBARCAAGBQJMZ0yhAAoJEJ94+Dzo
|
||||
xDRhLFYAnihJShfS/zRoG7iTNhgwqyLxGqczAJ0WIP7yfVZbP1N5oe6LwhQsZ1BdVohGBBAR
|
||||
CgAGBQJMXlHCAAoJENoZYjcCOz9Pjd8AoMdNUjbpkScdndClI4EqT7tn6PI/AJ9Luiw8fIEs
|
||||
iD5yM8NOkdykX1LPyYkBHAQTAQgABgUCSttnewAKCRAtDVq4fCU9UlJJCACTQKre8pA3ud/V
|
||||
esa7/TmJI1S1cVWj8FlS/gatvLJndd90i50p9uGm1yA4g8iwMnGdcIWCuRfBlhjUnUJnTX4B
|
||||
QdnUU6HCv9RQ/OlJ99k7vNhswtgoEGQWq1mH1opSviZ3xhMwFTiXISQ12i4TiGSiUfbXItzq
|
||||
yxOf/gtjAMGrfnNB4MUYPrHL/lSMs24evYFR5DgOKDwVE3vVY2Wf2ytWKZJQNvKcm7sxIxKq
|
||||
W3OlW4wzG2IMxMSTl6SHYOqIhRGS9xAj9hpIfD5XzZjl/iHmMZMcuRA1LPxQjqdZ5CeF391P
|
||||
p6vEobkSyX0LyDvqcvy//VHn0l8cRuyEmgrTpdmTiQGcBBABCAAGBQJMdo7oAAoJECI64FW9
|
||||
lOFUIpkMAJ/obi1HblArRgKmxiCIMD2/nTcj/ML3tL9HfZ8bpWZ6YJIUsFRcmHCVWaOaCBMJ
|
||||
omiICZbcot3v7/1p0D/AE57i0IFPZpXXu4utC8B70JjWaMJT22kVi3hvhrChxlZYNZlkXr8G
|
||||
mKhGJpzEfVlg3hp26jbj3jEEGmjJlii7uuSrV1VJjyZaDfTNbgXMbUL/3sISsKODINCLlgCG
|
||||
iVqa6Xc8bIo54zQ1Rx30Ijn/6ElFvBMSdZPu4wQ9hKrJGhrqY9FZ/U0xfaawEzxbmdZKDxVO
|
||||
Xdd/qD3lNAi8Jg6m6qQO9/A4c/Ln80ll8St6MrfLwJ58QRWawTQcl8wSTxouC/ag85VwW1lX
|
||||
FfnulWVjqRAY41gVY2SaBb78A8pwuwy+ixBWGqAyGRVjahNj/uznD3kwQh1DUwjyDe9lV0TV
|
||||
5IpQy4YfXjkukwt8kVvQUL/p9w3/gmPZ2lXBuEgMT/NKZWKszgp/JZ45qDUD8hgPlK9bICRm
|
||||
iQ1KjcAV3mh6dYLwJ4kBnAQTAQIABgUCUipIgwAKCRDvc+baWDa4Gqa8C/9aWvMONUnoDGjS
|
||||
H6gIsnJn0pGQ4zx/SU+Bt8MG0SPbtv8Zu1twofiX7xSV8p7/RmESaQyjbzOD9mMvXwl5mF2N
|
||||
q8IbDhvJmEcCCgVolhM1g1YtF8uM/Az74tNLmI8gsIiX/Er8045jMANp+UozOLvrzx9NpVBj
|
||||
InDRhXt5ZF4YeMdB44cZL2OH8juSbpZAPFAi3Lm39gSMj3eUiUavT6r0Ok7AC3qMiaTvvtb1
|
||||
VU5vl/CcevaFE0DfZQ3+1iXsshnUu6ql2NvFPSn0tR1S8Ekk8NfItbAGComC4BF71MXxY9Af
|
||||
RW21ROLzRR5Szm93E5DirjTC+vfxQYwEmemn9v8KWxMlmFTu08GbBhi54bBb0iuaRc9lf5E2
|
||||
dixJqLU4JVUPxjOk6tFvQHtZQRj7e5fu/lusZ++WKXnZsH0AiRekbN/j1Qh65aDi17w0ebXX
|
||||
lsKc1kqryHNTq4PBrhrKbNBa+tlFDcmn3yUReIxfcZ1Bm3N6PxNiQSxx9Wf6LL/1rPuJAhwE
|
||||
EAECAAYFAkxccZ8ACgkQ8aab5CnA/+7HvQ//dhkVGegUq2TyePOTWBxK7EyLVEZEBr2HXa+y
|
||||
Xqg2i8Fdou5smHNEd0q8dz9oMBEWcZtRYmGKzinGcmxzArdmVyXV4fEkUab9zfL8g6dGxo+N
|
||||
wqoHt9DteuJEURwakSJ7oDW+DlfzxMJ924sg5cuUtqcnZwy73a58Y5fkPaZVf+/HrkadZT3f
|
||||
7fM8pb7JgJSRhgmdi3MfbUQcDgbZ604MifdEVIbXX56ex/9OuthbQ3lp6jHsvHcXPG5qt9th
|
||||
RXkztoyKcArSimHcOFrLqWAQsF8u8PIYNaTKyJO8uRDYjMGcJQv6B8HqV2eiLCZtIEdcoWev
|
||||
Y/oeflGDh0PbGpswAiQzoSxjvVdPgPUTqNnsl/eWvup4govByKV4y8dxgyM5a68a2N2t4ki2
|
||||
TwVu8LpCRzuiin0EvgkM4jKSFU/KPiZemdLq31D6o0dQorx+Im31XWv/H8XoI2jGbNeMVWHq
|
||||
5WumzPhTfgFVajQEc94Te29vea9OV+mlgIDuTzqLD2Je5G6BDqu5EmTlO5sPDJAwM1c2ckJb
|
||||
fHjtUih3Vw2B339NqF+aneOX9MH4blAlX2V5vuz0xtmEcd7Dy6wKjzmX1Tcec4VjDDgtCoH7
|
||||
vWzCeQmlWLzf1tF9keUvRn7eUktyAqozvNdE4fs6+3igdFKoI1RHNkFO45AuFe1goN+uDFOJ
|
||||
AhwEEAECAAYFAkxgK4sACgkQHnWacmqf3XRTUBAAtb4DXxkzn14Qo9JME9KfZ3QA1ZfoNffR
|
||||
PgxHkLX3q/KzGvbQYQc86kh6b/19aV1ahcUBrpABOkV/0k6tASrs9N6V6KBcIQbJwRETyWU6
|
||||
G/rG47h+4fWIMew5XwCzUzvqAD5GDp2XfivDQuVt1Ta2WcEAmKVYNlHYowpnEqxvLNSSbXuX
|
||||
Afe+OK4XxaFr7i4zr8zS6S7NRigAdENCt2Mr4slo0ldnRn6uQ57ixfs23g8LO4/89zW+GxKG
|
||||
PPUQbo9epE4hCewTAyWwrpVz9NxrodvDL6D1W7kY6caiOd5tArNKpwF/GCH/vsGPU3NsFISI
|
||||
+P8GJUwtmM/47xgcteHthx2yC0HUArTV0w4+PnAaelpxzAyqd3KxLLUNJ3vjv3xpwV3eGWSG
|
||||
zd3UZ4AYTJmSlbgzuJzQIwwyxHsA7ypUUsbdrsoQaTkACUOsHO1l/oT4P+z3/tWPuXqUmO+D
|
||||
Ly/pBiCRrV7c4cHMzud/dKBXuAK/gS7VD4Is+K8/srdEJTrPB88zleiLOdffymHtCAmZPn93
|
||||
bvPXUcJk1PiNQYRwQIuIjHJbbZL8rxqVo4NCmi2HwjqMaow4GLEPSEdqEu83LpSU0Ts0BJvF
|
||||
/6UTUEs04zDjSXpAGrPhWoom2jxUllAJq5Aek+f662dZpxVLxzMHWrLly7Fb1WPLbCrWhqIl
|
||||
k+SJAhwEEAECAAYFAkxgNzgACgkQ14hMRxjhj0QJqg/+LKFGM1orBnYv+DZeVGbcPrBJVkeK
|
||||
nAVgX+HpIo9uY7F6rRMZU8BHmxqM66k/tPwwrVzrgrLScK6spQTUjxKbjGkktT+LPVdFdB9F
|
||||
2QdEYCwX1AB+0InLVtrXF/yFFTqlxxgLCRamRziO6w/1QDFMsDdNbIgxErjMb7d0MqRFNlvR
|
||||
fO/ElovAPWlf+4zA0xiCRVbV3tbNl1/ILh41C8gc1VoTYdmUP7W3F6xCpy4MirSkY8LLDcax
|
||||
wF9blsfc+gj8mW5yegBZnEoZchasl1thZ7Jt05tMkcEFTVYMfeReo/5Ww/dEpSfhjhryq5MH
|
||||
0sSBT/1YGwbdgBRVzmocrWtQJ9i22MY3RboKNeAFs/wx9L38z570rOdemtfuXzKmI8jlcfQI
|
||||
BIrE0p1zHE0OzgdfAI/uiJMZ3dRZJXsr8iVWuER97QqYZZkgDMaSHxvuKcNKQol9AbnDWbpl
|
||||
q0J7CBo5si41rXpUIb/18FydC3k2KzjkCAaZs7VUCguWU/YKVw68kfrksJB0gIGqh66wYda9
|
||||
dpJVmjVNTR5bWbo8//ZHQXFfGccWoRImEZ7dD4xKTl1B1ihmgad0H7Bynd0IiORVs5zbdbIE
|
||||
FCwnMjjB5nr4teU0wq20H8CaR36Rw38KgRrcJdSrJVDrmg+A4PPsW3aA1K3oCvREoR2+p322
|
||||
8j2c0pyJAhwEEAECAAYFAkxljxgACgkQE8C1Zno4sLCijQ//VodIvktCD/rmvxmbby+tjTFp
|
||||
yNPRgiIdLyXU0Wfoi0TqzLsATfOluWVpJqSqIQ36g0wYc9T8BemqcBepDhj5e9NpYe4oq5kF
|
||||
IxIJHzH5jHSM32vPVxJU4PzYcZzAMEVWCEBx0CHgW2cYc/Sq+YNq8Y/c69R8WNjse0qOZP7g
|
||||
zTInr4JqL181TVvGHt9Ak4KNakxEVLXGIXVSV9QDDGCpYMkfpEy7pwvtV68DFVj2nHHetzCp
|
||||
3gYi90nsVvk3t8iowNUTlKkxnj4dZ2lFMJfZBBeNev31JLkhyqExUoBzZMDmW+c58nye8Ode
|
||||
hXnvZ9nc0pe2Z6XWLuraYDqNDKGMWsOTG8gCPVrZL5BtHr4Qh5uuAwT44PzkdPCdw9NaHw1n
|
||||
0s47Uuailgg+ZuZgFXxNcRD5A93Ovl6/skln7KyTr+kJ6BsDcdWzcXpgQ62/3ayxgaOEZlKE
|
||||
VLJsngKhcjlINiIXc6t0AVZhAlgLrLAvi1G19ISqNPNBRGUWeCYjC++RCaC7i/vAFWIQOTLA
|
||||
NfCtzwhF+kopF2tmmt0ubapaH2CycmWLr0EIvPUIJ7GAW6tkjjv8tfkn2VtT59+gE1WmwR4q
|
||||
55XkJ8zbX9tJx62w84zkQA6nMnbBQ9nfWY1eThRk5IOXKElyk8cNIZlqIPPH8RVP/Ng9Pjj4
|
||||
+vSOAjkT8LyJAhwEEAECAAYFAkxmx/gACgkQHAH0Q8nJPFo1uw/+Nu1AJqt6ifpA/EaWoDnU
|
||||
9hSYcpVq3mGivwEE08U5/2trXl5fcAe8qvdPB8JIYRROTLSUIsTkERftzxMzsCIb+iMj7bKx
|
||||
5Ip18GSmTOcJU32hin/l/DZlDxB9/bo8LqCurbpEDeZ84zV//F6AqMc0mUyxhdVA/y8gEp6x
|
||||
YNnVHU+AmIxzHkE4n+Rrc6JdGUODOL4iZcewBl2IKcYzRzcELIFMzjnSNbA/uxKE9g1kTa0F
|
||||
QUTTpy/y5f36ykfWWdrz9OZFR81/UlZ//gv+sr1UHs6uMs0QayF2QJW4iF0KX4IQWCcbSRyn
|
||||
iHuOzpmJuTFu0KNmU2cfRFLgyer80glsqicj0MwI9shdtpp2+ulfi2itC/gGM00cynt2WP3d
|
||||
arrohFDOwCuAVWjp5dtENk8LNCK2aYEXlHiW10kaGi9k67AVfrV55p8WVTWcpT9oQ76wafnp
|
||||
jUb6XPou4DM0Z5ItJqvDQv8823b5BCnMeyG61x9qCTMhGMEzDLFFkXalViQtIjsS0tzF+S1I
|
||||
B+dVVvCC0tMnPWoyyqYNqtC0rIS0I+89uQuDD/4jAf6hL7sKLUzdLs8NByjQoV9nIaXEHzp7
|
||||
jBlgAZgx2SX+eK8wF/Lo4d0a0jddX8PRZEjkx0HOhaYcW59tui/ZXr2UDwlTTuyfsSpo35K0
|
||||
+VdJ+mtz8gHZ2lCJAhwEEAECAAYFAkx25QoACgkQryKDqnbirHtS6w//Xt2HPPu9r9Lp4Z7C
|
||||
U1EtWEDzBHZoiYrX8GBjfx7XJqX0kJWAXTHoN9HtGDwCil2bTb3WwopNrFUShR2yEs2Tbo8I
|
||||
j1n4veQxx5japTb9b3gwh/8lRRPCfF++jn9q6927D+0jJde7hx3G/o0OoJP2H04kEM5wrzup
|
||||
1nOkH/L5+bFerw4eYir+hl0oVfrnK40RKSnzy+6sD+FCFwLipOofDX+qVp1VguzwkfAwLTSD
|
||||
PVxsjfvxKdRCj49RbI0Q1svMu8iS0Hu+i6e+pPVgvy2Bh9iPQiPNaGG9IeHy5mnq9T8yxKd3
|
||||
KY0mj6ipuHm3c1HPJln5bFlt1K6mrysbZtxafo+O6XeIUoRNqKi9eyA9udgIdHPuMAypsYFq
|
||||
M1Pn7TLdSnRCyuhG0UFlr/nx3VVH7PLOerxMCZf7ApfcWA/s/iBG2DLpeB698UKOSfogcbWO
|
||||
JW7Dteg4ZCL9zLxRiTZHLsMHnW/aZAAwoh/zV2Kpd6qbrZSyqgn3Pys8kwiFnnf9aWdqXmls
|
||||
oNswHZeh3JvMOgs2QyY9X/+Bz3k1vf4a2aU2gINvL55aRmtgd3VDvWVk41WcRAvOfBPCC9TL
|
||||
0UKbIBT+/rxuse6UiS/lVRNngvOpuUBmd0Zo/PiXxsxq+aKX6FQzZs0HsqAR/Ov7bmbh7Z+c
|
||||
WwE0ZEogPivsD97qv2aJAhwEEAECAAYFAlVxpVAACgkQ2oKDDjzMOjq1exAAo41+8W0VSibl
|
||||
OmQWDesxI8T+Qlw1v3Luf1CexMx9UsEktH5yP+guCeVpADMupSeKis8q0ayOgqXim6gyRjHS
|
||||
1HklDGwUnhUyfDu5VNqy7BOrbUKq32TOqudwtq5PEyohof89/hR0UwfC18hBkumW7NfCmEY+
|
||||
kUkvlAVzVwbSAm1bjkFu3DLD3RKN4d4UG3kFc4tqY0BweC85UvJaFFnY362RLCBV4gTjXVgl
|
||||
UIHXpDSt863NBTtbNJUTIf1tt5sFqknZh2N5UzgtkTz6t4N47+k0VZfxuk/f9MmuDEHAEBBp
|
||||
lj4X+ofPXbxbr2iaAZjT/LjU76tYq7thkbU2NRB6RtDv+Tqfib5z5ecwNEKIgQ6BelCh7pRI
|
||||
wnMYhx3wj2aeY28vJ9vE76NizPWiZpYzD3MHyWfN+kIuSDRZPBhSNLnfA5uUuBQNjS1Ad+QR
|
||||
Xo6CtWZ1cE/7Xv6DCKmk0ThbGrvwkHKJGrpJeaaf8lP0fo0L9cIipqx3NSSKHGe+B7zhQZO0
|
||||
QBlTfXRlErjuZ/j+V8MTZqsmlhdVi+hElTioj24MQJiXfB956RuOM+g4P9v2QT5RRD0C4XaS
|
||||
+KSC3eejZGYEeJAmB0uRztsRntyryw2LF6WxcSyEg0pY+/SLFxMfRIPlcAxMM0SB7HSAFZ5V
|
||||
nQJHc7bBkNpw179YqexsIKaJAhwEEAEIAAYFAkxccTMACgkQ8RQITAhhERF8zQ//R2Bls2xP
|
||||
vxotETrAPF5MOjDqlK6aeOnSyI7shiWWXL+7ds52SWsmD7IL+7XW0t+fwvfEVOb+qNWIiVaS
|
||||
Yg4nvZQnTkCqTnDxTzdxipEaiK0MC0bXmAikBQjZ0iiveOMYOeRx2PWuUOHrymcvJ+atlkq6
|
||||
pk/mycZGpVitnO9crTb17SLsm71k5aV2u7EBCEUcbakmrx1mDvBoi/tSns5y9YEPTc6JcKtz
|
||||
VqbyiSAY5dZSaLc8IW9Aqn533kPyIwYXnbxd8cPFDxDLhIeBmZnVTLURE3517RXZu1ngZEFh
|
||||
pSoT3w0Xg0cgh7eJ4Vmo8MnW3p33+dSHbWRlgrNZcB0PBWZrByS/iS1b9REgFTyU4UeI7lH5
|
||||
zLgPdxPKBvCNObRhKg/dAmqSDq5EHYgWxn50p3TCfhrDrkoD+3seeee+mNARjLP4EDyBF4/k
|
||||
57SqT7ytj9TWQoQuGAodQqNXwMKNcldz4FRZ3rMFrUpJj3uD9x2tlT/3bCVKQ1QcPSzKcEcq
|
||||
zq9AZzjH7cVEbgpKI5zBJlejWB6aGvHLIhYZb4EYuO03OgEDDj9AUvIBFBxKdRvCzeTZOCTM
|
||||
/8oAgSSVmFewEI4E0yNxvZu7wjSV5LI0AiyhwnCWlfYM9Hgxbai3cv2osIK2p5GXbaRykhwc
|
||||
jc4lPrIsEE3At2UzlzO4TTI202GJAhwEEAEIAAYFAkxdPzMACgkQhy9wLE1uJahHJA//a9iV
|
||||
wDsx+OxFu8+vPEXmJCKt1o17+PyhskIvNSXlVPvpYIpqNKUJQXpqBkiNASrCOQSHrQtw6p28
|
||||
9i011TMqmMZsUkjqk/Y3Yzx+SPT6KUfny7qQzGW2DpHL1qILDFMywzvt9djzWT6hmH5LCLSB
|
||||
3aWMHIwPDvtvylzHPIN2XIABSBxnHgeEi+2ZZoLZE7HlQbwsAU7Xguj0K1DHe+urOBYvU0rq
|
||||
ceqiJhnY8b71bwQRhFqVhoFkW/IPp7dujQxeJVvHZQLLNkB4RMqG+kR2Ku04U1Fxbh7oc0vr
|
||||
e8EAYdMfutU3ZRWZ4D8Ltr+q/hxy6dm/bHrpFu6NIxox6KrR8zewcoGDQKI9BlQn8mrIof0W
|
||||
YWNUusb//Vbz58iOh3POcjs7VkD7aPo9R/TaruBIWv77kbjszlQaKKHWV4aIVS9EXW0cPpeF
|
||||
OQUaq91aAxB8Tw0Clx1TfVc/QZJB7/l6k8deXgo/+4JCU/BBmsplR6mG5mhY1Iq5PnuutU+W
|
||||
+sHQRYSiq0EKdwmAaq3AIz7D+rWafv83Ea1cZaMph23ChqVX/e+YVI7rxxYCY1bubd7TtYWb
|
||||
VG2W8ufTwemZBxWFq8HXc9d+Qm3LHV20Qxp5fAoYr6O67XYgQicIFW7f0lJ54igqH67wFjOf
|
||||
zOTHfWK0izIeLVtp8xmj7hbFrXXd46+JAhwEEAEIAAYFAkxdRNoACgkQU5RHndNSTFGQ7Q//
|
||||
YTQ8KFH7n9MYRpb83fTRfkyreyQyTdbcBsQw7R8Tksx/qbidiZZfI2cILweIqsumN2bF+ibQ
|
||||
VYx/PpKEStaW1VQI5Crx/kSRmBaOlipbbfO+A3sbp98hpKMmaIxvV7IhN9qKhjcQR0YGXcam
|
||||
5oVVwjIb2n89nqiS0qnGIUSTLzK5IR8Chob6tpnD3jQAnxE96wyhADedhCVMf799HSoQiiAH
|
||||
TUarSv/HMIws34LRgZ2voFXADq+CE1Q2rBEapwrcDSkEQEZ79LImeuS/S1Be2ritRO+TFLzc
|
||||
982LuHBxUa4MlcwWtWaQQ6PW/c5J7QJz0RiqaaL0DZxCw/Cr2e3MIfTCdK0zPg4A9BrNsQkR
|
||||
/zYmePPTejvbsYpsWbpOknwZNqoYRc4cEaukAtdhZhFUDfL7jfh5HppCIM6EN3ovmTsRhauv
|
||||
LeAI3J7JqrPp2yLDbL43U+1ejsD22+l2rmJQcQpRsdD8KlJX8bD3J0fCRhhIFNABjMmy3e4T
|
||||
bij7ZM3ovNZLCgjHmNa5ASMyS3l/T2Rqu9rh/pZbPWS2hPTlmYTStpb2T+Ax/anpXSW3ZiAW
|
||||
fHGOSjNrl9+LFqCdjyzvk/u2kbgd9VtjjFfpPS8xS1dGk7iIHHQQ1GZXc8s2WB9XkGGpD/j3
|
||||
8bvLJG9EXtqVWwJLo6t/PMOgnHK9dneq4I+JAhwEEAEIAAYFAkxfI2cACgkQeo9J6LY0gL4z
|
||||
KQ//YgbbsU+C4e9A4L+b9lOTh4ICrmYg0jD86oBtjTsomMO+UP3T+mVH/meHWTzr+6ib1vsu
|
||||
Nz85E5OWHeHL1Mzj60gbZSn/PMcfL++kKVCMhJs/HN6z4t/hY+GkafkeZgglnqItkZGK85ME
|
||||
SmpoecuYsExEj9fQaNjHuCOrp3c+B0PJ3PSQ3qTknsOnUwkOgAhgeni1RusUqckryre1pPrb
|
||||
Oy9RrTroHGsbvzfbYEYS8IVoaMP1AJj6o1kb6vomTmWlh7r5UM5iZRcFrKK3qjQaTYr9f8vf
|
||||
vpJZ0GlWT6T4szOmekTnYuZJGOumkLScn66qSihvxXXlurPP0XzVObz7YrZ+GEDNJxXwPJpw
|
||||
fpYZHsuSXv9Pu8S1wjbvL1xq8WEjwd9q4kgch6r5SD4+syLydwLHiBXTc5dfVO5Xs6KzWtXE
|
||||
MNsFBrDO3pgHtWvS2V6peL/yG7RJJztzZUc/IYZWuEJIU76rzU4YK/SC2Vse9lVA3I4s0knw
|
||||
5TCFvZHTV9KIjqT95xOgdlZKmQc0uXSPNrVfoi28JOfcAGnSnRX52KFt6yBrhCBCWuVTZTgk
|
||||
hKSIktI9PPC/C3xyLwxJjz1jPwEomhtnNx9B04W17G5c8nW1yCjxPxY4Q9LCYpMYXGB2Nena
|
||||
YydDbgfA6ua1exRQ+ZkWpnHqsmCLL7B0C/7oTOeJAhwEEAEIAAYFAkxfNK8ACgkQ0V0xOIIA
|
||||
QXMoXhAAs79q+JHo7ulKZvKDkh+OVOXrSh5eKGUmuqK4RJuxrHmthUFkNTsyNBEZc2+QWw4B
|
||||
8q8ka0x2/1eIDqwsKwHOfcQdyMepGiKnGWm58vL5CeoV/pZW/Yzrs6Q13o6/mm02bcxiVlqs
|
||||
ZGFiRaueY2QJ66viPY0TJPlK3CavKKgZQ4xQtfQ/MDg8sdEnu3G/1PWyyHfMVsq7fG6MXCdY
|
||||
TisgHAEyQJXgpCnk1YIuwxZQPKbMhcjiGbkKBMeQi9uZDiDUtY6s6S5MZGsG5v0KTuoBt2Kw
|
||||
XHbTgkFT9wKaQnK4rfMjGtZFuwiZw8MPsFgz2QAR+1s4mIkCbLPPl+jwL+F4UkEUJvpKWcPI
|
||||
AHnDe2q82vOc5ToWfm/C1cSf7cuLi2hGuSKw8JHuJ4hBF5NaMhmsrBOxjS9BC1OrutNvjoa/
|
||||
bBihJxX6pyz6Fhd3wnjtF8f+H2pxu9/9M6bv6lkHZDQxfnt2+muwsRncx/wU5JJcxzxUzcLl
|
||||
wctSMFHmNU2egx6Kw+vPgPdkthrOZjkLQZZj9DZxHK2j2ENAm4jVF2Z6cUHHm5tVTsR7XF5t
|
||||
CeFRNPUlhoEz4zdJiN2qflMY0pm9MjBpF44O8usWrEpUiPN53bIOpbPM08zYZ+BBGPOgxZbh
|
||||
6Y68YUAq9XfVn9okE73HeyLLS/bpBj1QSe6QapV7sg+JAhwEEAEIAAYFAkxh7k8ACgkQcDc8
|
||||
8SkNuc7NWg/+It0T/mHuye7+PG1kQbutyVw69/C7yyZkoICrcQQ+Oh81Ba+DENSKrPVkmt2o
|
||||
U3HR1bL+QbFDjUa+hnLHXh4N9hlREDbsaYdYz3xLbXeGOPDt0QrLn3mdZ2cZrZwLjcqsu+bz
|
||||
5sRZMbKKTXqKkMQaDcJa2CU60aEoH9d+QJkIhOHiqkNvVyrKbiMoGnJoKDppwG1e3+Ri/oXA
|
||||
6Sx3cWwmdVrNlwNAKraTFlw5Xh0RUQ5NJstxX56PN7tMm+PEnY94bPTJHiyzG1obm2Ona7sg
|
||||
+P3DIvqMFIkldhNz/DdeCjSN4qrB2u71tC7xwAneqqLpPuYhpMpFtD/JX2lOhoOvo43n+atM
|
||||
jqIU7xhZ2W0L7n64Ym31+wqqz6NEx+aVp+OgYVJPH6MA6jel3/KFhHoWpdnLJIL3XLq3Op4U
|
||||
tCio5JfouHfuHVdslmKlH/6rO8SFY4VZGF+RZURMze0I6b3HN3WQb9Qv78hg0ZrI4E7JIbhc
|
||||
oQQDIXgASS575vjK63/WRuMDxEpLEUflESKBsG02GJWe6knx5lACdIyD/8kZ6MIV9mE31Nqd
|
||||
zVKv+i7BBomu+ci/4B4LXn5LcPphmGPAvL1aabC7D/9lxLPA5Ur6LHDU08LA7S3j5Z7Iob4m
|
||||
KbS7pKaBdYPLm+kfAlw88bDnPioZwkWSggD5/6iwEN2XseeJAhwEEAEIAAYFAkxh9TkACgkQ
|
||||
dzH8zGPk4neH6A/+PTNKtYOQmFxM+1QJEqK8+4ZOyeIB74wHGI0VyFWRb6Bt6K7OIYAfp8Vr
|
||||
F4kH3DYPqRYWZLyG8Krkff3HUwdgBdrsRRQKN5Q1YwpwpofCcdDY9l3fmlUNx4MQN4Cx9uBT
|
||||
XY1OGTOMHHCog2eIOIkc3sT4xZ/zIcgFKM245lXl+fLvbJId8jZjYFwefNerUX1bucNoaloC
|
||||
drmbUN2OItXISlczLhSZlXcOyxU2Q1DICK4EksZy0y6XRnYA4/7JK209AS5jIZb6UvV4kMGU
|
||||
y0/CBTW9fJx1jZthN4bLxHMSVFHvG8oqRPmr7bO6KyvnxeGY/0bd30nA0hoVyDtKuIAuBYXL
|
||||
nrnjHogjF5sl4LCXLNDmIqbYoXMCAuYrlGaGsLzqGqjPX22yb+5B3zYCB17nCP4/l84auAJL
|
||||
6/EOrkOjTRPWIqsRO+dK8QENfp2zYfWmr0G7xBQPdeDvyFHbY6LO+PwzVfzESGranmiliTDq
|
||||
fGUGT/F6F3eBhKb392zDllJgfeKLt8V00vqaY8jqXS4AB6ze7XkcEXKsshN2atVsstUmjLKZ
|
||||
iSO73irt1X/Cg6SrKkjDgUhwTmOxywkHBYjsot2NSYcrdkYEfK3nPpesB19dgJYzPn0Mborc
|
||||
vJ3ixf5c2mjT1GHIdrp6XEjqLs2zu8dKLDiTJPSV/Q1H1nEasMKJAhwEEAEIAAYFAkxi3k8A
|
||||
CgkQd8b7Q+PTCCRE8A/+OY2000flzIxhqxc23BzEOXWxwZ+tH2r0UQTq8kwZiSsva+NIjN5G
|
||||
bx3MMcT4IyGF3VaxKZRJDPGcK3ByJS8HnCv58OE2iF9sUT2BZJEIfgniHgDA6iLyyQDmM9N6
|
||||
9UVoYYqIWff6Ve+4gPYebafy3UAgUJLHdrknfhE2fseE3jEtdsn9AizP7hc46xPkeuaAD474
|
||||
4jtM8h0zVk36l3gdRwFZEWMsxATskct3hLjKv4R/EFdEgIo8x7hK0uxvc6JyyguOznrwAgP4
|
||||
0LgXv+Ci2BWrf0awhOyuDJ+BiViKtEuzcqgwPR4GgOKkvzti8jkPNAvjCEIHTpWJwkIZ+SNW
|
||||
aaIZVfbZdSTMf3tfVkUJ8tLImtfHwJ9b+BPxpiP1DENZtxmbOsKPKeH1SIGO2BUt/Y+i0KYM
|
||||
rJmhQiL4k62PIRRhMKuYjQ5sasa9oyAACxg6nJMJoeJalJtcE0ZynCwdCFIkhYLXVPAgHCUo
|
||||
/c5Wq20YMW0sqerdf/oLwTHe8Gyru8JfcRS1mLBuTPWQUGIt2h37WMysv4hCHT29N98w6zJL
|
||||
jIGHH6Sd8PBw+WBxg6rpeGH8VVuLfHerB6XEMxoQM7FVAefDUCrHzWUrNHgSl5qG14HQ+46y
|
||||
xxegb5XNGM+ku721W/t7YsA15ASgZi8ehaQ7iSl56TGu8vQCTaDqPmqJAhwEEAEIAAYFAkxn
|
||||
Ti8ACgkQs0ZPiWqhWUgz+BAArOWNP1VqUSh1LpZ2mgjMLCW8cPChtEKI4/RHUElI9r6BVMGR
|
||||
/35Ww1HMcayD+H7WZDXXiBqG/yPJJtmMfBW0xWH3dbo1pEn8IUZd6mWSlbhzxRkVr6AFhDKo
|
||||
4T6QVQQ6nwJg9aBveBAXGnsr9/PieQNsp9IyACxZCvjoEh+2TV6xE4r0WaPKGLai5qPuvzSN
|
||||
2efP1Fl6gtmoxgI0yiLDyMlQZPi+/jXC7qcae74qYFUqih1hAq3EaCfiUNCVCulAEYnzhu+Y
|
||||
qJorF+Xl3vV/i/NT09k7GwvxLy1waPAi93yekg/QwkJMSrvehxXJlPdkUXUKCsgE9o+1CztW
|
||||
iIK37utWFTnkApQaKUyHJA8T++ReyRXDCEq3Mu82ZMQDzsWRhJuWmX7/5MAw/1H6yG0HLxC8
|
||||
sGH64oduKWZIlWwjkox0pUrA/ZkEDaznUxUK0ay0exYtcPJ9uUcmXsFvxCe0SOGwarNKbEjs
|
||||
FkZ/lelB2LZprKk/10BqRg3AzPEix8IK9hRRM5jXK1ZDEYRGYw/c9VoQPf7eMpF52zAZ45h8
|
||||
UjL/q6oAg3egW+ddbsEEXzsAgpcfNKhN/edoUKhQd5d2h0S8IpmPMrwvqrRaRSlOrqMhbqro
|
||||
GQhFOV4+fO6zwkV0P6Y9QSIKibjZDS+QUZPXCLfpKRSYVQlkFwGVeVUcZzqJAhwEEAEIAAYF
|
||||
Akxsv4oACgkQ5E+AFtNjD4l5ohAAtgotU7QYfbvY/6b2DKShrm0guTeROOi1imRMfMD5Nvy4
|
||||
CazA7qm07G9Jxo/yFYHMaXXeG02vx0pSb6Gbx9Z/jtwrOALmtIUAajTFmcC1Koshn1KAlqtV
|
||||
FriWzwAz/jYIK8BL8Db3LCgGP0SSyIaD86x3VXm4JE04AJeAtFUikQwBU6iNA8Mue0rmdIgz
|
||||
vQ2Fg7qk11Nafx4xT7XU/K4BAy8U+6Ai4F8VPxdh94zc+Z5qVd5lRZ9fYsdzztYoc8xtOzjJ
|
||||
YzDACo6j6covoSD56gQi9htJzraPtKaWu+gz4P0ijZ/naX/hsXlOnZ7IQzaByetVgXoU2Hg5
|
||||
D6UN7YCrQ75TB+Q7Mh702dvihXCr2smUkBOBnEqKoxrLqLtrDYPLw7ELuM+bRzZb2nfBYzh7
|
||||
/o5hEG3NO1rXIQ21cYvfPSggkI1fq8kOsWbd9uIXR4iHycohZ9DsSW4iQ7+IwVu1Giypf/R2
|
||||
Fpz+cL6aGI5DKFRBuz5ucjyhJrl9wes8v1hsTDNAPSbOyd3I4PHa3N4gxWbFvV6TZfSwHKm2
|
||||
fot2bglB+n9otZaPBVnHdsntQsRnS6K7Ptft/EZ1zJvWJcOnAjZEtj62mbrP2bQ48r+wkWy0
|
||||
LbOoQZ20auH/YaqOO8ZdA3QGpvK2GCfYB6JzD3bQomsQWMlaAkx1wfFQUBQ5xtOJAhwEEAEI
|
||||
AAYFAkxvKsUACgkQfFas/pR4l9iqyQ//el6hebIh5S7ekU/6R/msFAmuluGh03OAMYa+JwUm
|
||||
YqXR6iGf0Ftw7XgYJt2NiY5ZtaOULtZe3zOslFio4KRAwjKgEOzSzEDc0wFtZnj0/LlSTk9c
|
||||
zrrymcJQCAgKKV4WTffgiPpzDM1ajaHxY0WQfYJng/5pVxWb6QXjtB5mupf4T1Yv2blWAKpK
|
||||
Fw67Fz/iN4DlWil21vx3FgpAHY+7JVB/129BnbdHtbzP2CiQxZ9PoQt40bhrinI4cHyPHcHk
|
||||
EPKBD6GnyuyIoPGYRsILp76rH9vWQJWtY71DQwlB9+w/JTVP3TRinXJ0BSBvFGNcP4hqY5b+
|
||||
8tKmSBPJM0umER6Q16HosZtI+8rY+4yvaHjtEIqau/AdBnCW/EBeG1YyjDOQAQzVdOR84PLf
|
||||
Nyz+eqeZI17fZtokRjTg41J2b1+F0GbUOTQueqzlTK3spWYrPgDe54luHoYmgVqlsj71Zv7F
|
||||
cWEf7L9RdcA7sqCQXpDggcOTRDVg+eR6eCLGJetBfq4fsX0ae10TRh/pGut8Vu6NTcFGw5c8
|
||||
vt74h+WFIXPknpBeKl1HcKUXTLJxQP5CDrZF/HzUaLYI1SaKv1jVm36gV2YZvuZQyim4vBgg
|
||||
V1/9K1EMgUW7GRnQoOpQP6zxFWnpPXPY3TDvdleaqeET3xET75mGgD0WIUreBaKjp+CJAhwE
|
||||
EAEIAAYFAkxv+OAACgkQnQteWx7sjw4tUw/9FgAffwwit35JdS4S0LQqmkmGXlMvfZEkfezj
|
||||
GH6ITG/YWri9QE0ktGJqyCbP9tnL3WCno8bs90tmrQyagjbp7EsADz8L36vbYrOU72mNHaeL
|
||||
qbJcCoztUSWAe9aPJ4ESwTXbXCkl8xE0fm1zTF0MLq3T40Qqw67oMTBygYqhb8zeY43bKOzZ
|
||||
f0fBLqFE8+LTZDEk00Ucc72M+W+J87rdiHUuJDFdAZbuAvBGT9p1YNkcqaRWSmgRddJ9nBTD
|
||||
a/Qe9IBnAXBblouKiVvSTGpcyAyGKJ9cPtaviCLRXk17rGli43AymorBdGPpliZmMtrInMm4
|
||||
FAhSoU3nwB6b8oI5gMh46Dze05PYkVVZylO4Vo2AILUkeo6tagy3t+BEFAmonnpluJKZkfcY
|
||||
/FvvoaT8oej2U13tXStA0FXMOJd9fGLruJ+yZnAFPrVHZWA3ziyO/u9iprB7ZjqrT1OM1Nob
|
||||
ZP7NwGxdqED3AYJAb3H97s4dMGAJO3WzGgHOfuZEMsH0/vIc3nWAkj9jsFcDxJ8uTVM6uy2R
|
||||
oIfBM3/XspyZvm2MBTuEJvwhXW7JTnxsUEpZ7aJQVJLT9Z8PPj7rPLJCkDQsdwBw+e0heTl+
|
||||
BspMqppnKw0mXmrRfnqGGxgLtlIRn8bNEp4K3AVuNP2iWp9rMSVPg0qLGSFgEH1DtoN2DsiJ
|
||||
AhwEEAEIAAYFAlWS7hEACgkQ66DGxxwAJW8VIhAAtBkHOqKPOA4A5MKAzWSIYAfX6FiUfFaI
|
||||
Edwqm5ZmxHItPQk+Ze8VN8jUEzzArrvGOZnctSZy7dMgT4WY+CNy3FUtg4WbmuvflcvCHlSr
|
||||
ontSVeFjxL8qhkBgUzaxqohesB899mszzDyaM0GMD7FKt4UisOV4K9VqhXKHBhcKi0foQKgx
|
||||
+VMD35N4+SqgSUF4+td913DNxdxvF5BKICwp9edYv6NpP/u9DMqG3lceVCy+rR3VEGTsFGNa
|
||||
HpJI0Sny797FR3w4k18wKQGaGwUtdMz6GcmhnDxgiV2V1StLloK6wbAVA4YY3BfE4l7XmJZS
|
||||
bStlL54h9tffDi0Dj1oJkSKXMdnI8FdpQEvGTGP9ARUz7MCxwiRzcJfOpfxATt3793o6fMLU
|
||||
2dOzrCCl+09bgG5+wls8nda2RB2RE1EHksoaNyz4OGpq9seYGe0qhNLN+lvIJsv1BaZNdD0s
|
||||
CaF+xbUGCoYQgvOh3DCiZbg+Ao138YEQw9eKE+Xifi8M36IeBTdq7S1OcRCwaDMmVchLFT5X
|
||||
AHmFeO3L3zCO1C95WmNsFg04+4avHqgOp5MolLSrOEvKTnFW1Ebv2BJizs45d28VAI/JhgPx
|
||||
T0w69M9Jpybd+Cbg93fHTXclLAPyQWXzhlfDPmKhukhSsG5JXIt0gyBUsq6lUygyWZcewBwa
|
||||
uy2JAhwEEAEKAAYFAkxdthEACgkQXTKNCCqqsUB3ZA//S25k6cAkZpIddDahnJxDIon8VWhe
|
||||
JzGmOMfb+hMbQ0y7xeCKRdNBa5yw3LKttLugofqcrGV3V6lmE9jWz5hK2we+ZAdCo/wXUWuL
|
||||
FJQW8WKY7hmDBwxROJ4jgC0LTgeRZhYEvhKpCH/rtSQuymstcTJd+5jkEE2FU1AOsoAOsaPx
|
||||
1DAb+uqSv2VefP/TG4sZ2vg0fdEuJd1+SiuTTLLEAnsG2yQT9brcXDvXPOckawFAM1KOwk7S
|
||||
fkYekg0iSA4Ii9RlXOhpxNcW/zZf3WuS/wrCCVYoY6OgH/+rp8LkBG7hdeAfRsMjozqtBYUE
|
||||
JwPSvLfRnG76neTa0DSi1bigpOMvHDIeATuS/hR7UdmTkSMwZ8AvQBOaSRHobjQwjfDY7WYM
|
||||
kvErANQkevWiWA4WshsS/MpEKxiUe6SGlLVeJZfX1dy6Jmh1WzswqoQ9eXQXX8zBltPAfKFs
|
||||
KRmf+OpHT94qYZsMhqAXOd51joUtCBmqeuzvdp9KM+R8cmuoPVqmZ8ZMdMbD2dQUap5yVxw5
|
||||
yO3CfGMXGPGfvA/8fOav/3MwWXUL5Zqv/ZhdjpP/ZNEB4txLJk1rIg4kjKrZxz2PggbMcCGQ
|
||||
0uf3SBZa6qXPVT0KbMjzvRKao473eNX2OPqk+K2hIYuZTVhAcKKuvN8qQu+o003Kzw1SWlLj
|
||||
1zrwaX+JAhwEEAEKAAYFAkxeUcQACgkQORS1MvTfvpmBNg//eJFnqXakbedse6wPpmk56CxU
|
||||
47abeG6ZCu/0FTwhwnagYfGXUKGTCepVjI/wLpevVeoXDbYmrUOT9zxqIL2Xssp/wz3Qb+HX
|
||||
deft/drFmb4XMrdUGwi+N1nhvPCXjWOtyUrzuYXnpCz8e0vjSfn6RpJ6qdgTs3Psyca9kPPo
|
||||
1Zgx29sumQMx7b0hcmRbSxNOmm/vGCpJKb43sHsYN2ESMCNzazQtpbt/HZ/xA/HqJCfEiKJm
|
||||
GUQ5rboqvhpruhbUFnuLIpGRvLJqE3kRm2iq1XfnfjXqUVbX2aHxNXcNKa601Yla3HGisEAB
|
||||
ILGvCRa12hrmh43EPpwLCnTOIB3Sejndl+8waKd0smV7Ox0oT1nSo5MHl/VtVLJzPnCX+EfB
|
||||
bzOepXJ5HRRsX5sHOTPHjJTOUuQvzfKen5nAu6iKsQnawpwQvIN1C7/OtEhqDAjWFr+eqG49
|
||||
bqN9a+EKu53bnXqM46N0/kRWXJAsHKfllki9e0bRKV5rIH0grsCN8P8qq5003cp/owAyySX+
|
||||
Pu9jFs9Hw4nGmEkuZPYXkjg3wTYClaPjrmbKfWXgVl2BjW+N7xU1yJZaAJSpd8vqGtLK4qz4
|
||||
wk0CrGr59EHPeAE9fAxNg+oonDQ7YcuDnHkVY7LNpIGXQkChrv1YgBzzAN6CFBI8GgG3C5Gv
|
||||
bYCj+NsHFyaJAhwEEAEKAAYFAkxlr5QACgkQMiR/u0CtH6b0ZA//atTqqwPfQWupcXoA/doN
|
||||
nXnBZDHUePFkCBan7YHitR0kPBVPP10dRfyd9ShKs25+DgAFTr2JKKk4ofc8ib+2SB4rTPIf
|
||||
gvc1h3GgtI7CXzuwKdcHojmOYXQQsLaxcQDNqEJqS6oGh1oHd8DQJTn/OiARVUvxi6LkioOp
|
||||
eE0KAkUOfZfnROz5E7ox2ImvMNvhy6VcD6q2q4E4nuWXaSVw13/MqZ8lGHRhytdrVLvVndSK
|
||||
U9EP79Tm+nIRwgqeJ0CttcSESoKLngTAvHSwVpiMcO9rLfWqYZB6FmhEjCyPl7hV1e9jXf80
|
||||
PLDihKscVEroxww4nflbIFOPsKP12vXuQs7cQr3BFE9yCowLz0X961WM2V4Cc6o6txY1MzU7
|
||||
FY7mFrwIy9b/WNLBXJUB+dpnKzmY38ECLJQ+gTxahgumxaNe0wQclIrkrnGLszOrIgLyVAL6
|
||||
/qD2qUywoNb3WWOHg6fOabKfTF3zBdzSYPNRXbhWNxt05EXARXRwYR/mkwpAdT3TUgbGlOcU
|
||||
hNAqmtzEvT/Q/Cu0nPvwXnJ1Foix6S+zrFAM8gs6zeUc8Q3k0EQvi8m54jILnt5QqYFSGM40
|
||||
FLgryKBF9hjwcPN1Hu1Qij8Z3H9MllV6Df36YSgKN1XpG3Jy9ktJcHvQPgHYVmXNsmQlmQxE
|
||||
ei/ZYehdgLeU0Q+JAhwEEAEKAAYFAkxsD/QACgkQeFPaTUmIGtMxgw//TrRErKK8vl8VnvHO
|
||||
8TK8KAMFi/GaRM0RKze4nJp72CGSrY5/bg2jAlS0hEKmSirlbLD8+U5/wWa5SrQT36AcyXYm
|
||||
I3weWgzNSvbCS3N1WnefhlUhkaC1PRMX3AI7EqwyTUX7o8Q8A/HVTgbgHnIKxO1y1EhcfY1I
|
||||
WEvA1wTR29928n63dmy03rKB2cJvQupGd/xRPXBx55h79NlLOJOadlYsUrk3B+RWBZHsn7xp
|
||||
wWXn+38fwuIFs7DJye3Eh1ceDootTd6wlI7Km8Nh0+bCCVbeInxp3THavrz1ohGhQ8O6AmPx
|
||||
wX7TN2EakX5mrwePFgHasLpgciOVRpDsaoQPF7taQg+d7knrrgbD9Xf6JkDl9/sxnlZ//t72
|
||||
eQR3X+CGQFmfhl5rw+h28FkPxrFO+n6nk6opm1z1n8FFjQnTzFxp2taqVs3s58ondUiPWb2p
|
||||
E8HOHQX9b4iYY5x6hrZehkSwoJOlwGssiJZSa9eCWs+yvJoJOG8yHunh48o91gY7kaqxGT9o
|
||||
K+2MzW/uwh7ztZ/ElJj4Vg4XTOqHgSDmUKZjA6e8Z1xuXoVT7D7axP0NvgIj1jjeCD1ncQsf
|
||||
Ay6tynZm/+Mz/PLwfe9uYGt5ZncwY9aKZRr8a9sUnaaIjeq7ywugKfQyxr1v4sjcQqELKfsM
|
||||
NLrvOMjw2eLg+3UC9p6JAiIEEAEKAAwFAkxi3T4FgwlmAYAACgkQzNLtlNIXOemGQhAAo5Zp
|
||||
Oa83tEIyfPOcj7HkQPTutAs8H+kgxzPMLYFhXSYKLPMsoH1TGMFC1JH6PjrzRdk6g7jmoUEK
|
||||
2F6EL5QpFFKFNVWahRWY49F67jryslVdeZKvFMEY0qjqsJ9nEBIZW8wJ/7BNvYmZxBlWq7PU
|
||||
0SKbbGNVexMagwctygY+mdnknS6vI3aom/yFByVcVXIdF52GJiAWA9nIx/poKS0ecCd4UuZr
|
||||
eQd+d+x/z4Bww5E62k2mB9d+VDik1kjzL7bXfPV3+bWoyBmfl9zEYgNnQ3ICurKztkRmu1/k
|
||||
1+68wHfU/0MR/1nJ9DkEfBi9Z7T3shtCiU+993wSHPeKgurkQwn+wzkthCNRNs3kOwee5Whs
|
||||
/zD/dyZgH+lrJDHmW6C8zaa/K6Om9+AacXLId1xjQpmmkO83Tkf9qQvtC/UlocllGxHo3hAJ
|
||||
dfxONF/jwY6Zs8NvRWPuswTEQOLCLeww5AhVfapOLBhcG7xZEye6VLArPNq4OsD2b8NyCd39
|
||||
GxtBdxR6/8OQbGoEmrYf7aGS+ga6oygj/+ut1M6w4YkQCbLd+OjL2ZUG85tALP/1KdCp1pTg
|
||||
YW/TmF0BeT7ICa/MmZeYyO0DUKqvsbH7Dyk0aiYgu+Gm3ob6JNC7MGadUkWIyjLUHkPNmnXV
|
||||
rGT4KAkRtX+cQl/R+rR+ewB6RErUtCmJAjcEEwEIACECGwMCHgECF4AFAkoHaOQFCwkIBwMF
|
||||
FQoJCAsFFgIDAQAACgkQRJdSeLhhK13PHBAAiyiTX8GMp3CgLyIiieHJnBIQS5fxBICbsSrO
|
||||
j8OHWnNAVwkiRbtXZQ2g4D4NvyGBuPN2hskjuGOj7aCsqpE4Ln23RfBTAI3fF3JgMGwkqWh3
|
||||
9a7Sjnw8DwxqaHB3zfs2AvPnolSUNyzc45VslNsE2j359UmvwZAGpqN0A1GfobFMWjmt3QoD
|
||||
q58C8EyFOWx/Mzcl0qUrvGRbQjQ8najAYugpBjdRZ0MzGfro/pmoETJnTgrZimHNXvDtSTmZ
|
||||
HTVYYbxj/99Iw5DeYschcK0yvbPFXGo12ndRrEs270LpOMmBpdBaW8bCj2uzATQLZbuaM/je
|
||||
py3bzEFcCHUMkF+ekIf9zp6IUkSc2B3kkbQmVJKxOeiKWzCXvuu6pU1nRqrG/565CRkwWWol
|
||||
p4TvlktQgHSZ6CoIxzDnYRE0eiGpsLxA10nE9VrUCjME5a+AYLQxj7ztDdDfb5r9Lq+1/bUN
|
||||
gtiiQ0fbaNVXXe14+daezFw0sCGB14MWSPQz62rkG6piKB4ZMilRijiicWg/k/Rvlbi+QzH3
|
||||
PGhqaVOV0JpCTfh3rolf54x3JN3bdlW8wcev0DLPJOAuhv8nXoBBdilH999RH0lGv1NzbAIy
|
||||
7goaG+XOe/fmxiZwhUQhmTdfFnXEtR8UL9/7+dv9nfVY+kIZIdSN+Sa5+pGs7bik8dfi1xy0
|
||||
IkdyZWdvcnkgQ29scGFydCA8cmVnQGdjb2xwYXJ0LmNvbT6IRgQQEQIABgUCTGvvxQAKCRDV
|
||||
ypsE8sQjvNDlAKC18LdtboThQEnkx1lTvZZSZfApWgCfdj0UAdJxB9OLNqm3L8ukPYl8DW6I
|
||||
RgQQEQIABgUCUJ/lDwAKCRBw814kbVMecylQAKCzW0oYdLbYjN2+VkMFlr9WWoeWugCfTyfX
|
||||
Czqy8U9NJX0KMsEsVBmwB7yIRgQQEQgABgUCSgdx3wAKCRAyF1wNwQJ6DvPzAKCBblkNp8NA
|
||||
k+lQwKAeqyjGAr+kawCfXlAQCvjXpRb6fYYu9X0S4r3gdfiIRgQQEQgABgUCTFxxIAAKCRDh
|
||||
VRfyKwkgwGBWAKCXP+R5VvROrrh366WPoeX552dN6QCbB8aK562QKVhd4OGwbqhHAJzpE7KI
|
||||
RgQQEQgABgUCTF0/KwAKCRDU5e2swBQ9LSl6AKCpl0Sd/zaVE+rXCmCg9lF4Z/DyJACfVE+x
|
||||
FXdayyRPKh6cy6g1x+KeMQCIRgQQEQgABgUCTF80oAAKCRD5heNACvx0dlAxAJ9JA62AWyTp
|
||||
1xpVLyxGchSp7G1I3ACeIJGHywtqpfbJfG6YiFjt2C5uVVeIRgQQEQgABgUCTGdMoQAKCRCf
|
||||
ePg86MQ0YfqTAJ9hOim0VRfs5+pf6rsMNStUWZXksACeODXRe1BY90f2o28VOFpxoDQMhZmI
|
||||
RgQQEQoABgUCTF5RwgAKCRDaGWI3Ajs/T8IZAKDCaii1ecrI+HP8NT7zero94/RE5QCdH9zl
|
||||
k7ui4NR8EuEegYPvqFw7cI+JARwEEwEIAAYFAkrbZ3sACgkQLQ1auHwlPVLxQgf/Y5PQaqBd
|
||||
FXEs9QkD2Ei7WaD1AZkGwpICpVmV1kA724sJ0uXgLavd1E9NtjhMVKWYwdjEl2556oZL2i/H
|
||||
XfRz+VgRcysjLM/ICcGDxy6OygziguJRpwBWk0xMowNgWFGIDvTt+Hlc7f5UnBrSE4hGmWHQ
|
||||
9Vxc4qFiADKL5IuiLssYgJY31xkwSyWcEnUe8WolOb4BOX7SLuuTIO6u/Ud+Zh+N3o2amWBn
|
||||
3l/OBfi2lM/TTrjFEiJ0KOfyutiGV6a6/SkfGKBzhgdzWj4M8vIMthxFAapU++3WXF7qNQAX
|
||||
f50EN2TKXKHgmidfpWFqmbPhIkEaoheUYYOCaiaXY/IKgIkBnAQQAQgABgUCTHaO6AAKCRAi
|
||||
OuBVvZThVI98DACKydotmw0GE4sNu7CHhGMZJqvSu2MSMK7IyjoShr/JU9PO9yXEB6TQpfLw
|
||||
E5b9bso87SouahOJV+bYvBaLx7JTT0awNSMRxlGnf4il8F0FOcl3RgXpgv14YxXxs8KJHLV4
|
||||
GhHRwVxzJu8hdNltsTJ7JjJQS3kUYjBpIfJlyp4yNvZvUeRQJWTs1l31CkPwU6fXP6pxCP7s
|
||||
loh/zL1zVGY2q0GrTkFlrCJIxceiPNll44Rl4PrIMTmBQHVipToRinsrFbyD5QTAjiorVol2
|
||||
il078fK2IeavCxtRUR6jTiHx4/IWqt+kPycq11EK4bFMKQIAJeF0aBoAX4fWOoSPIFWI/Nz4
|
||||
m+EecHCk5frctfxNV6VAB5Lf4XwjEho9HFZwqmSQ9snMi3zrEZnhnrCJ1/Gs/ALt9vu0Z6d2
|
||||
ZoLFgxW2hdOyaXrE54rMKillYoTLZ5d8+uTQVoN8XFz5SliSNb1tu1//i8U9Y1tpSUUTD87G
|
||||
SuNV6q49gYSeDqZ54EZEiHeJAZwEEwECAAYFAlIqSIMACgkQ73Pm2lg2uBpHzAv/dOSlPdQx
|
||||
6o4MrM1lB6imRf4KPTmjkIwnO4N5iFrsZch+BNJ64PdGukhuAi1EXY7LBJlXRO9BPxdJI6IF
|
||||
R91ELvM5VzNzZDdwZVPDV8wJwkpBTQTgNJXCjETePf6adpQ1ORMm6Kg40WIH67BLBN993Bfz
|
||||
dQbskas89BxmEdqaz1eGDaBTHO2N39jOG4vTNouatsTsUlDxCxNW/razg0uLgMPpL8dJpZ0B
|
||||
4cCi7z/+r+OYrV2DQlJo6Cc/vieROA2ElFa3p9unYRcuY4Mcn6Hl4gA3QnuQDsn00GPDTqBG
|
||||
OEvhjcrHghhB0WzxAu+lc6te4vOTS0OCVTWMNU/ROaG7x8vQSFqaNWxEigkVlRDofxsyGQw7
|
||||
CxNS1mwsYAc2kbA84N4OxMZ4sHkLnheoVjUYaXz3JmLMnlA0AerkZVQRfzm/+rlEwLW79G1G
|
||||
tsVaRP0WmG9/nNZXAr2wfD8menJAIV1lB/pCSkNlHmEM4uGFAb1lA/EENQS8sz8NvvdvLNYs
|
||||
iQIcBBABAgAGBQJMXHGfAAoJEPGmm+QpwP/ujggP/1V5FTQ8rwB8uw4u7Zg5EEta/aM4E8Pb
|
||||
idUJ8KDr6p5Zad+hGWCPKT3nloPbN3iaYXblmxDuAYhHl1neH96tWYU6vygmiR2Xo53y06tY
|
||||
EKQbdIF3+pfOCSFh9NnFlAqw72cMWsL0VqSoZL+SgY4IojwupFWPNIJbB0JaOSW21kFf6/U1
|
||||
juAbtat4J8+l4j8mNgWCUeHBENN78lYD506VIuuJRlsWiUBhH0unzY33A1BoJwyXo0TmL3wd
|
||||
0g2JIGT5sJmpeMkMlKminVjZCcY7AzoTS60QrCj2FCGBtfbUOH9OQvBojWOPz7ALmKj/aOl7
|
||||
3UtGnvlscJPeilteNQFWEib1e85ufAG0Ry1AEDtR0GsdARJhqiG6jRn3v0lBxfG2dVWbHrFq
|
||||
a5FkUm73c9r+xjDC5NquWhd4GHyG3IgVPMvkw8sciL33o9A/XhNdjQiZmpok77nswvbuNOEX
|
||||
diQVnHcylh7bNaoXR6+3R8FVA/TThpW2EjxIg9TwAPfJFKWV0SWfyJSOZLFOiEYDEqBI190j
|
||||
3WSJNV+p0+lN8CDu8jFHxehsTGOAALCSQq0mZTKJJh0GH7d2YD5BV9isUvsfne52GLx/xmoJ
|
||||
+cKJfszaWq2FoMhIPD/tnVYA/LPodylTRC6/8C0WIMR0eAaF+ByCoU7aEMWJDEJfX2MoyQHa
|
||||
fBV8iQIcBBABAgAGBQJMYCuLAAoJEB51mnJqn910WK8QAOJQVb/ihBQC0IsBpJwKyOH5B/XI
|
||||
jwE6BeErvO0rnmcYTr57AXwKNYxOvtIV8uS8gFzfaZJM4YHsF5BNToT3l2UIrWGK+O5nUL7S
|
||||
UM32plf7QPI/NSfyCtBxKWfXgbFQ8X/oNdwq7HMzCtRqZDoYv5btUajFsTP8gykqXqH9Ry4G
|
||||
hCFmnP0UNUWwTq4D2/bImt+iOOw4C7MXyROQ8aZd69aUsAln340L7rXz/yGTGvabdLXKuVDE
|
||||
QJtiZ1m/bewAw3A7zw3mKtMAA8Em8EJuTfmFvVQEpBBdacjwIn+ZpSzuY11arLIWNp78Yegp
|
||||
mFsuCANZDr/V33Xxo2Bb+4cbuOzSlXw+mOx1WYo1Fkj5Ga2IGkTbijqByIPwnCB03T/3nG/u
|
||||
hde1SS9YGGNL17Z2qDOlNtufKsbfPJf9xtiEN1vJ2cbOEDD+WbC2nvJQju4t4WaX06Kyok6b
|
||||
HPqupuGSOaa9VMYk6TzPAOG9hzcD8SBjO6S59z/qtGNqKZOcTWpeXWI/4qdvWtAPmafB4fVt
|
||||
2XS+vOwn1c4gNQFK+nCatlYywfuKxoQqGC+i/ld8wuniugtOjX4XbK2HzvuKMuCo0z6x/7Nx
|
||||
pOJAOf1jgWuQWruIt5VEULh56mhglEV1vL93aCUxOE7kKAcas7Ojbve/EQruWlFbzxJW6VgE
|
||||
1ncxHX5yiQIcBBABAgAGBQJMYDc4AAoJENeITEcY4Y9ExdYQANMHDBB1HSdVXEmkfVjMgW5O
|
||||
BF0AphUt1r9ptI6NvzcuJ5lFTIXHDa263UBRpHb65EgaHYqKC5LKLSXmUoKXcTU9fBLWFRYG
|
||||
N11qVpdoO1WSD7R7U7ZDbix76ujLCfOtPlqrh0TzHEzE3U22X3hxL+rHjDbvrLQuEhKbVYaB
|
||||
WaY1THCJjB4SA4YcWOXUNNA1i+baXlDw2XKqZrEriv+zARTxlF1GzpXBoh9ymH9TsyPg1dg9
|
||||
BbzzGy6r99LMMHmt/kB8BrOX6BfnzeLwSmg4VZ/aUWSAKK2cxbvmQFA5HkuFJ2sUc2VXmuPR
|
||||
DRY+vurz9PHMF5WZI8ait4/2m+W4zvsYZdgOPPkGr63+DVKssczpZWSq4zX5Ykmd9e+bsCUn
|
||||
E9jAI0iH4P4SKyFt1IkRWMAaUxQjN2v5/CIyydaavQGKM7AB0CjZL2835LwqiboOmptxzuWJ
|
||||
5HJM5JSqr1HMHP8vokNKcbrU0taV9IuTuBjPl198TR1vxPhHYcACIt6TP4wr1ApAsax3yoDd
|
||||
T/KrmCaczIeX6BmFFqXjDM/azhpQKIyFGgbDzrRAQ/CatG8Vy1baA5uJIsmiLxc7imwtUf5r
|
||||
uJOlXSi72uQd9eBx55mlt+zNHbrxULPYBIL4zOe3g1SXb0leZsvPjVAWcj21AgH2QJx1IoV0
|
||||
POwfFLEVCjTxiQIcBBABAgAGBQJMZY8YAAoJEBPAtWZ6OLCw8NEQALA9UfSTm/Zqc2pJn+nN
|
||||
q4sfhPUhYlTUxE1D49FzF4GmUHDYzMlU8VVZub5LahrITDINOIidmf49wXc3BcjcEKCUjND2
|
||||
aL/0JMtyMMORH+3g/Vz8HvktL3EnOiTw+Z9p1GNbEROI195VIWwNRjU/EYv78ErcrQ99MzJu
|
||||
O5yz+Qibp6JUSIzMGVTAiGIPzdJvnbd9JQXfg+fhanWKIIzj0dqNmH7tqYuld0K1nD/5cf5j
|
||||
o8Gc2L8GQgIStjUF5OwkElnO45iSYz4rgw2PfHVQBX8GsLBGRhKcxUK9psNBHIP0eWUk7sTG
|
||||
4/cbLgkQow+u0ryitmu+IJ/Q79NUiRNrw6a0rf2FUY3Nh/AbVqLVdQChKrxGtDQuJtpwh+uV
|
||||
RYTmc1rPmyPbsWj6xmgfvkLgX14E+5EPx8H1wyRsRpBPEW+Wb397I5eEt+gCEjfjrCprD/xX
|
||||
eNSRMdOT9NVG1HJ3wmeTEddkpbDNhtY09ydMzS1O3auJReh0L7ZRn8gPmnXk4EPamDNzY8N2
|
||||
OVByXKEPhb3bHD9RCHEaSe02BDcR1nbpbVAX3onquvK4ejZMuZIXXktbBcnqHz+zbRGRyoQO
|
||||
Jsgh6bv3qun3fer12w22PJ8Q8ifhAmcS+Lhadvq4hskVprr5tRmvxHRKPgZF0ZqGOmqvikyV
|
||||
YhFvZabdkKACAYCZiQIcBBABAgAGBQJMZsf4AAoJEBwB9EPJyTxaJbQP/1OgrWHtcJ39T7gf
|
||||
wh+3lbFvmcQ4ggc45PfnM7jM+OZbkPZOMnTmXgDXIz+0SKbPUVH86XPbeZAXHXavtIFvqbPC
|
||||
yC284oQeG0gzwS5yxygry5jj0fZmw2W0MfSQWEuUkj4HBkqEhgXGmbsYhCbbN6+O8XvBvIvY
|
||||
EIYO5a7wSzi/21NPuG3hcGMFV2yzr6p2FtvXfO5biWGcf0yvkj0YeBzaCwdty4F+1qGAIHcH
|
||||
oPhXCEggJKZtOYVZmsHz6/6RYghmRaSoGoG7Jj9+6udgZCycn6EKPVTE+p3tMiHxJzviEFRD
|
||||
Ov6iNBC55cFhSbMplkW7fH/M6rkW/e6+1zhxP1K11gwNTtoMJelrePLRpf/w12lNJl9jhe6h
|
||||
fw07mluEogjhXLVOQWSFjz3Y1Tfb0ez53ev/ooucvk9XT/svl2UM/K6RqyWYl1A8KCp5OgW5
|
||||
nXzRZ6fc4Ht9OY0sxMNLTLZ3enwrVa857n2VrnOgRTe8bFqNSMcR39QMAD6h9qmJR7cNbFKn
|
||||
IyQQiOtKCDFbZ7wyMroepw8wNLXPlvtMvS2zSBmMC/gJsdZVHK0u3O1Rpp1Jhq/qsve7D/fE
|
||||
NhHih8FBKPH1YXUOILdR0zDkyBUdXHBUpZlcRovaznkigKX6LL7f2SbXZo/jO0L1FHDhYQs7
|
||||
kl7OmWIXh8XW4m0ocB3IiQIcBBABAgAGBQJMduUKAAoJEK8ig6p24qx7z1gP/3wRRaEX7n5p
|
||||
oZUnpEcNy3ZRQPAfVAAX07aBSnTuHzuphX0smAfJu5fqEuYP1XzBUV/WSxuQ6nGtFoVSLEpg
|
||||
W3EX+KgLUGEv7Y4NI9LUNd47CNcZ3Fo26hQ1ur66c0asuLjseHbHl1aYwRgOarMy3X8JO1b8
|
||||
x3z9edPan11kBIeLpjlBnnScZVB9EB2ezptxaXvyvyq/+SAfRMnGKKO6qx5vG9uK2g7GOPJk
|
||||
dzS5LGeguixNjh7pN1ewiSHO/AqPyywVGYiYB9dnVWT0RwCZMXs3YmytZHfc58EpmKDoI19W
|
||||
MFA4Hsdgwp9ucXJMfZZ1Xw0i02fJQKs911aw0dF/hVjHSOQfVAiNvBFn8u5l4hgFG3JkZ6Yl
|
||||
rktrC6HThK3mo+KUNlynB70xSLXwxIHYkQUTxGr0HqZgRQJL03pPqk2Y+Lx4ndu4g0YwnInv
|
||||
1arb5Yfg/y4IJ6GDY6W6gvPP4wUrxue1w6BwqRwO0rD0vRMJtJqzoIRNCE8aqtQP96OmH5iy
|
||||
xAQo39Mvz5cntzaNMV9LOm7RgSaBvt/hLwxfhG2KX6Fca8hAXo0Q9dg5FbHSyLxF0mSZTRpO
|
||||
NPFzMz5zc2yUpjW3Holt9+5n9pzi8EUVwfNnFzijagzbL9bwuyc37M9wnPp5x2wLx3MF2o/3
|
||||
fNzpyo5Lh+IH7efZcG4XnUsYiQIcBBABAgAGBQJVcaVQAAoJENqCgw48zDo65e0P/2RDhlCL
|
||||
zEUuut3KmGhBmPbiTX7CnpwFhatNFIb+C1EJ2giPmmrwn0O25ED8dJFC0GhZrwNatuRzSefI
|
||||
yc75hGrTr/BFqRLAOD4xfMqOE5U4+z0frVTyuxB9Gdr31EmZ9miykKnfzcz1YY4MpQtzQOWj
|
||||
SiYFgjofwcpI+b5MjnqG3T8q1PzONnvvx7BrXt0lRNqL5MyByaV51CPbENyhWeJMu5tX3hAR
|
||||
rsuWoBP3kw6Df/ij5I71EfO4vD8C8F6AKWt8mBjyOfIpDmHkxNU0HYrmOnxzqXGqHTu+II83
|
||||
vgJOurjZ7TnqEe9jB4XMNF7w6+SPL6u3bNfzH0KPpEjzBV7jQKFUhllkRbcf2PeLnmzex3+U
|
||||
pEJjS5HLOkJt3B8wyANnZB358921snsv4LVJmgx1aVpeYWNo8vRgzKRMZT5Qk3ckXmuzHN3O
|
||||
FGKwLJnHmnha6rXG0ShlYjNY2wJjfmwaed4wU9k7T73tFbzoWJ1NXP37iQuEnOINVbNCQdfK
|
||||
cvL/82Q3LcpiapN1E/QYdfYjNju9NVpnSFICDEEYOfvodDlxbEQegZdd8zVHayYQJuc62sUd
|
||||
zPvMYLvQTq+x5tk1vJD+VSJ1sAbVZ3gzAANyMyYQ4670RK9H8z4ygxa09lAunkcJ3cUHRFat
|
||||
JyRM/u5NYxmCxxL5l0/UqOJg775tiQIcBBABCAAGBQJMXHEzAAoJEPEUCEwIYRERgesP/1xd
|
||||
2SPeYmC5X4OpUDsbqQoe79ojCbmd+2CoFHm+GM0WbtJHFi3BEJcVW//QNQJRSE5dKXCHtIDb
|
||||
jDhzlTKYT4q0f0p25mWMJFOXqb8sNiorXXdDz7k7GwrRZFsi/XlyiIrCwVHwLpyDGkY5IPBz
|
||||
p5JMXuxViM/TYn9BIX58rP7eVwAcazSBIs+QpAvUi4pfxNdPhrHh3Pczllxg6DamsEPBZsjM
|
||||
fz7pJxiddkJgAlDpIa8C3ZX4HdMnoPZhMh3JHxry4CIceMC8BOuX4c3GyXuFkKTMJSlRViKG
|
||||
57WyN7eQe17UZni23QLifLYD7V1r4cY7cWj1s/qsGtLsvtuVL2brOvHeHVEE7s6dWpQea6lo
|
||||
jLtlWjNXvb7WQ6XNFqpal5x7MG95QbBKWGHfifhVt7WrDSW6kbouXYYEgRhSZBkPPjSZXTEv
|
||||
54YkBVwCsb9fykKLOTy+wyJ5Ttj1kxtrMWsaofhDYOo9OtywwKL4AnfBMhE3NcrZ5Yf5MHHx
|
||||
NK/A95j9p8/HY1dKSHNDRub7PMM73Xp0fc/6cCyl9sTM9SFymKvvcMFChRcy1ZF9kVkXP3w4
|
||||
ZzoJz2YSTK4zIRY/Qqc+Z+BhX/rRuhwiILuCH9hXhhvBx9rKBxxKcTw1Gl5hZ8nP2CGXNkAV
|
||||
qSXL/0H8hschAtxw203KMvqbpSq7bYkniQIcBBABCAAGBQJMXT8zAAoJEIcvcCxNbiWo+oQP
|
||||
/2mKGGHKVA63SdyOkyAaz+mV2y9jIw+0hf2D6eoQ/OJ2l6vQqc4atQ9NsMBH5SKo+kPLhfof
|
||||
NcO6axy4ngb27YK1czUS0oyF+Vv618k+1WePw4Kh4afVZGrGsHBiv8DcKbeAoEn3gVORu5UY
|
||||
ElINIsW9ZIuIypyFXhV/zf30zR8MOd1uuJjif4ac7V+n+O0GpBgzCkKZoCdO7NJ3QH7RmpJ/
|
||||
TYAug0UMY9YvU1P2ffTvZuHxdY8adJGnieFnsLrO7yYHlva6Y2T47m0QwM6BXe673hj45H7s
|
||||
rZpbvNIEyRiXpucEm7YBCboiA8vBTjXOo8D27Aa5MoZUHF+znB9gRKWKUnkCyCT409yo8qJI
|
||||
5uSm5LWOa3Dsje3jlzfQh0BVLbq2f/g/kgm06Sb8jWzLYHUvA/+K774sOQu2gSG0FkV8BQJc
|
||||
M9RMdImzIMpNpV9JYOWZCzVbTe2ZzzZuNXQJFG7reuZ8SoB8JyrLEqNbfzJ4G+pNbXZbrSA3
|
||||
ybMgkaIvt5xDujQSwH/we/V3W296WHmVbU1U1W6lfW43KbOXriCrLl/j6qiy9ln/gkVc/Amx
|
||||
Mh2RC5bKOCTRJ2TgPms2+a4tSpOrqapcpa0OnZJJTG/sifz9/3eDGPTKoVkN1fYZqTp+0s8m
|
||||
NohYO6YMJsuqkYNr7UAHOTE1p8nhrq4RQlaIiQIcBBABCAAGBQJMXUTaAAoJEFOUR53TUkxR
|
||||
rf4P/jp1G3yjSGwglzqEbvu4rzO6LrC8ZqnxOSWjKd8xN/CIje6naB5P3gRFLphJaDUgnlpx
|
||||
nQYODkDZlMPsSmUY6+GrM+XDPIEnw2Yp2Vb6OVTSeDzgpjgNsdKptNGR2ENFpC5ReAKEKAUy
|
||||
7bLcraD04IV35hnuHNevjq86VO+Dev/SQ2NJf0NrOuC3iW2YA5SEXcJYGp1vXAZjRUprOnxK
|
||||
n/e04kTTA4b3cKzoEo/bQqk7C+7fLG1vHziDDPszsZ09G7eAhnhZmFVTk/jvBxJ9ra56Bo8l
|
||||
ArknJ7A/LHvGe2SEd9MVcoKIHGpM3IPhJldZiXNeyz/HuUA+xKAY2Ox+p0vDlKUAF/koME7u
|
||||
2wwx4ncMnRdbVOGNGDJTJhJGWk3VIUsicbQQ8M+wKnkJmLNI0ZGWdoNADdIR/xSIhL8bUaVu
|
||||
PC8amQwK3VD7iNRcbNnIw0+Xbzev892lbBvav1Y/V6G9lBeS4KrLu1s5h+cmCq84RlW3xCzY
|
||||
B3yZhWUeojvuplyNKPApJwkjWXGC1LK6VldZzYksXMb+9JxtoE6A/9F++NKqEmDilKl15YFV
|
||||
Dy/beTjoSK1+6T6RrTKOPt6kFu2460PTa9KOqjpQ60hxOn/YpyAeEK/MtRuBjAT+wBCIX+NY
|
||||
UIxHNX3mcl35l6Gb1nYtL4CxBG4h557CGM4s65IJiQIcBBABCAAGBQJMXyNnAAoJEHqPSei2
|
||||
NIC+Za4P+gLihkZlHwFEM0pNSR9GoL6OsaEnsUebefwcLSrX10Ee+5mpODki11Sf1flIWJ7J
|
||||
I+2Gj7U2NtFFXBvzNCUDN30Xb+QJBSU+pgJERtXThl8hKYuot79wg7FclsIo9P/NEQ60/tji
|
||||
2iSQ/w12NIApczn6FmX/xVaKafJyf/QRnI0mxQvd5w7JEoeIKvaUVjt5Zz9fUhTiM/9kDCv7
|
||||
E4a+PuVP7nyQdSCoduhFYQwLf+727mxtdLjK5OHXl1jYx5tcFdTyumZpB7bG/R6U2wb55kxd
|
||||
iAltk4U+59p7NG7JSu5Lnexq+p5/281vVH33PrIINuZUhmpPovFNeDz6lFqEICQvaiS2STte
|
||||
/BY6yBwIDx/1nUhiBF3yUU1TOQrtQUfRjox4QRj1g8YpGspsUXagBltN04l4tev6Hw8tCn7A
|
||||
/f/RkdQ/7U6N24ZP3BdBx1R9nKvksE+C+v5QwlqpufU8Zaj1YpmPBn/yfSzSCvd9cE8pa4zO
|
||||
KujACMEsPh0c/BDoiWsmxKLTzOoeKGwl15x6x1Y1yTKOLD0wXXvEM0TVF3x3RJgvpdnvonN6
|
||||
c7URWq31zKcISwLOKCK1c0UK7hyD8zFISiPChiUUdGicZ1Jo0me+xp7R9b2QQnwVj4kO94gY
|
||||
maw/3ouaDqOrU80N5pVC5vC8XSp/iGAY8wR0fc0qsPY6iQIcBBABCAAGBQJMXzSvAAoJENFd
|
||||
MTiCAEFz+XAQAJo4XauT6qsxxS3i4ADlzeesoE5g+QPzg5mpVP8NA+kEXqLuvW7ZZjDzMClh
|
||||
bpnhT9L6lgMdKOzODa8PzMMe8lMlQtGQsfby9Jy7c15wFwO3YLr0OesnS0gGMV0cxpu7XVmZ
|
||||
ROPqOn1eVk25eaZHO3dHrc4ve2OMP3ZG+df3+kwQpiMgrl5x+9UHOWfqEtyT590yzofK3FCj
|
||||
qHZwMUt2pYeCksErljI2hmrKDqp1zVcjE7OoQwc6M14i2HvhYwAtvEJTuqyIjFZL/XzGS4La
|
||||
2q43fiLlAJalwlvIBEtRH7E5qWJEiS8gs47+Qcwigw16RhVp0FxhD7kT1vHrCoqwMFh5ULQB
|
||||
fEYVQVbfVaXU9vL61LOvPfnE7QVCMnREwzCyYlD+FonI/LK1pqbzXgEJjh48rXEVuzic1G3Z
|
||||
zipxiAbJNattO5aWuQjlEQv1ykWGIwh5Fa+LEQ6Idcxi32CsD7FFCYI4dg9GpZwM0NjJYrYN
|
||||
sN+Nl8/o96LBGzCsminV+M+jXyGN7S08DoEyuuoAwmiY/48lAQJQChMH+M0M/UthALdcTooe
|
||||
epFC3AiHiIaKUouRyqo60vNbAixbv1olxZpu12KlgCAg/ra9VcYjvt48msQTtmDQLz8/aY2L
|
||||
eoFLm4L4NMqIQ5Dxywqen1MTKkk6GIx+7pAJH5Z3izmQJEYpiQIcBBABCAAGBQJMYe5MAAoJ
|
||||
EHA3PPEpDbnOyQgQAJcCcEi6GZBjFHjNE3N2iLVUMItWSEdx93NabuJi7FpuhorwaJphZiYY
|
||||
3ehgSa4t0/gNzkRkscCmbzjAr/auQsS+iSpINgCKUJ+dwOO7t03owH7ARXb4gmWY58poL+J5
|
||||
ZgkqDok7ZtW09G+OenTaAccIpmb1IaGHDASwZ74EuH5M2P3iP42h7Q7Slhxer1GVloLD4SPs
|
||||
8W/3Rslwh+/ccYfweNC3gLvU1q50bj6kvO6OWemcI1NAWtxEDTGjsS+BsXBPlYQRF3tqtoQF
|
||||
Ht3xUKlGjHBO0DYymOMAlQzXfW7uqUYenrOXmOV048rqZxRtSdQwlXUHyaGIuyCRWqzzqYip
|
||||
ArtquhHSSKedxe5wltdqeB9G/D/zwHR1fz4VFkECxRp0rWnnOnWJEp6+uxYPiIV/36qB7X9d
|
||||
NFxlt0Vu3vZZiXgo9RMLjdQdYuBBJrshlwKkOlYPDzpYjHWmXJjKUIhDTqD5Kr2CTw3TrRyu
|
||||
mHevt0nbqlnzoHd935ZssJdbYGDC+F9aUfcyzwJN+CH34zKz5gtteGP48DewptBF61Dyl0Pa
|
||||
rHthrkwMqdZBA6cHE4lGpvrGh3GXASqf/rtAHwLM4brOhtH/LYYjvO81wThRmtjyjmSsokSl
|
||||
0p496fHxPDuGr7kbBDMtdfVdty8zJ8IaWI11wTYExu/6VgY9dlhuiQIcBBABCAAGBQJMYfU5
|
||||
AAoJEHcx/Mxj5OJ3X+MQAIdfUJP5Pmxv6T+yNRYSZ44Kx6cJJVvPtWkV+h5gx2sY/uTAS4/y
|
||||
oiBrtnxilEr1D3MbWyElI6jZPlDXxl/Jx42kEEur5BkVOFmAmAJYRork7qCds2RAWGnhqlNH
|
||||
vuMIz1/PfJlcB2hS5qo+JZLxTFk4ltOTUT6W8ENacKzcpzWGeQvqG/dY8H8FL2hnvNLiGITY
|
||||
XZY6hWGvW5Ti5xzIBXj7QN1C3WZAmxTOt9C/t6PHHktfC+MNGN9zQEBAn9MLkE80oSwEX38q
|
||||
/ukX1RpXCUTZmxIbXOaLc6deaTcxjJbBOX+YE1dSXrg3KxhXg1IUsMVBhQx96p+yhTUwznfE
|
||||
F3pZQiWZhVP9/qGa56tR6pejRM8nfgZaLNcT7nVibIk/7Js+fXRYp5nWUKf3f0BoymQss9MU
|
||||
cQLFs2Dm/l6iX1gFUgqoiOVIAX8DRc7MfJ+UTlHBOMGDKVok9nVsZegQYe6P/C88vfFlI1Qy
|
||||
fV4KAdAb4YwD2HatpcjDcX5TRX49mD+pmK0bx4+L3toRG6W3OPvTcsaubE9peNfjwS5L6CF/
|
||||
M0Fq6IhIUobcDRjmUNtiXk77WmI0ZM1RiaaknHHCHXGQgS+QPd82Htox2ndOwP0ScgbqlL4D
|
||||
LT3ZJqRJVWgnWK/n2BrctT63KFAZa68Epm4v0GZtTjpJpL1DYnUd/J6OiQIcBBABCAAGBQJM
|
||||
Yt5PAAoJEHfG+0Pj0wgkbVQP/1NGXS+oar0Y3GuQZ+HwYq4t7Sh8CbCIZlei01oDcC95Fl65
|
||||
HtTZJcd8RTPCkTilZV4orC+gHppLVGi2GQdSJ6C4whlnliwDtgU6uJ9uuP6EKTsGh1jAoTlq
|
||||
eSDx1n8/F4JG6A1xVOekZ8NzTIfpfdFlAYANe+z674ZrRPi6tL5euQ9/iJpi//bZJMVvmttM
|
||||
2QJ+XxNn/CrGKGZbA1PjBYYol3s7DjZLhR3IhgK/rvmVCo+0waZzPqI0CD/axU2OXT8B4lIG
|
||||
WvDcccX/8p1tzIjlXNNsDV804c+VtUVX3jZMISmVMWLfkShhnUEhfwi5CUNtctL1SPlqwvbK
|
||||
q3bxZjol/OFu2KbW1IjhZ2dJ2e1hQ1V8jUjSYQ4xdDDwzS/Z6EWWn7cLycAR8xF4CQd92hCx
|
||||
o5AIgkQGG1R6iraztY5H/fdhXjzySby6q9Zvfa+rw0GkXpJzffKwrjZu27+QCqvNGX/3b1f2
|
||||
s0eZ3EkFam9cMD3df8PCPU7Wt/IN8Sxv7JQqkb6StQF3NjI/lnFLcb7qf4dhZItGZBbkWfwj
|
||||
M2PMEIbCl66bi8XqviJUUskn2XWfhaodv13VyXGeGzVEw4+N4auDM1w3WZ5SnSXWrFazIXCw
|
||||
IBWYFSyHlKawy+Rd3I9ueYyA7PqgwdczNxTwILXhB0+pBd0Z9FMxjL85C1N7iQIcBBABCAAG
|
||||
BQJMZ04vAAoJELNGT4lqoVlI9tEP/0yGcqKoQuNUIsuMasD3zVuh5j77i4wo/FCqQvMQIlzd
|
||||
PWl+gC9W0xDA7vILOcqZEErIi4PPGwqpQYGUgh9KynP4HQau+43qe2BrvdauFCIJPsmuwfER
|
||||
OwrgdSkKyvdXA08WG77v0a1V+u6nsnmbXg5/xZZdwCAKt+kILPVemxeIy+f1AAHj2zLnDGfy
|
||||
0JE1jN4w+JZrhdWtsYXWMnfRFQQqPbnVqi5BkFDeRalBn0R4mLTCCOZn/fGodA7EdmRL1dLN
|
||||
X9FbnfD8AWMDEPMDZ/h8HdK7dD16XxW7i5o6ZbVvftyf/yaF+bhtOyTHabkdSlMJXHzl5mnW
|
||||
mH8NVlTTQt05SJ86NhOjr98dhSvcQOxFT/fVajDcXAQbdKnylAWHEjnejGgt9QwpM99l/Mp4
|
||||
8j2rLgqfexF54y53km5ssTub3QJ19FG0FPLvRB5fnXfzOvn8iDhcC5V7dA7q08afUjaLDTVG
|
||||
6byCHe8TR9weCaCrV7vvGHzmEEPRNzu02C86SXGZw05eRMWFKJL0AG1avj6k24hsnatuoUke
|
||||
6IA5zcx81GbkqPDiOiiYJOEZFY1Eokm6MhIQ30HwUO0TQ93TdNgD0pJdAiElPyhs6csf6/Jr
|
||||
ijOSajEDcEOuKzqYnrmY2AmDgfyOrjoW44ADKOcRTnnhAF26ljBzwqa4xguz9HEUiQIcBBAB
|
||||
CAAGBQJMbL+KAAoJEORPgBbTYw+Jb74QAIQ2ADLJSvn+c5MBWYwc2NcFrRHIc0JXwmn+wzG+
|
||||
QLeFDGO9SV//LM9L0XIIbsFFn71Rv+/KqyFLn9SyeGdJakuL/AMC4qF1m6bCzwSMdoZeYBwK
|
||||
2r3bgPU4xW94O8zKOfRF9kwxP+QK2adfR1y7j3X70rICZYAua2ugkZcIDkN549PBze+2LYnR
|
||||
3CIhyOV6nYTArKhYuaDiNnS822l8VThOgk/Dmdof0+ExQfl7Nc2oAk7wljhmLX7nMonNZcDI
|
||||
ct+fDsVS856UYg3aJR8EuDCAayZHZvo24/bKPwroxl26+tEEfsqks7epWZZRGY0lH+IY2qoP
|
||||
oFhHPodpAw+faiafD5/06Vo3SzH2i/btYQEwwCCA21cRLwpv9432Ia4ekvjPQ2E3fjBWGyNs
|
||||
UA49MYhtllX/8jk6LE+AIU43PFit6ZB2BzVBunsy/LH4ZLxdi5sLTA1f0dO9jNkqf3xGbRIp
|
||||
PVXtQ6t/9PUXAy1evqWBQgRNHVScKL6pjuoLurSIenQCbcNQo1iNLB9DuenAHNUBP6Ny3cby
|
||||
hqMpazBoCIb4HqtdeUBmzdDZ3okIdjXQaxsHZhDsLNQM1ggj9mu0vJWSkXfdXpew2Z/J3Cco
|
||||
lOuTcTqfGi5kdoDHPLvFDEYyrGKiHTV6P7TxoIxml4A0rY6gHFYlF1b5SXmUiCt+cKMgiQIc
|
||||
BBABCAAGBQJMbyrFAAoJEHxWrP6UeJfYj6EP/0SlRe8esTX01wSot7D9mZfjK/yvpA3g2YQi
|
||||
3U86Nb2vvLvJAamLzV+Ka5GL34lPASAIgwfilQyVhmAsyTOQ1sIU+rPav4olOoUTBaORlzL6
|
||||
1AmhtI5N0HpjgnIDLmtKF5F/kRxm7JmcgnHgiKoSZCzZH2tomVVIGA9/aSDznr4N/uJZ0yWT
|
||||
6MxKbmS3udM8WAgKxNN8IB2Z/xVDJ2dXMt0a4IgHNAn7wgfaizOiOKaJ77c4c/LNRiyhomA3
|
||||
VgHDBTP+WgDwEcJupo6RiXWyvd1yDTEsHCApieODSIlniWUePiuwjBPNNKwH0/yRo1fkK6cY
|
||||
kqbCD8Dk10p7HUr1+BEGW2fns45mpwJH9PvbJ7e7VldPs7AKmEKC0HHKZ9BNa3AJiujwnaUj
|
||||
EYt6hq+/DRUQp6iqTPDAKE1bNTA4JD55zd1gGthsGHKfTSAydT/kdvxWH8fK6F0vOssQy7iD
|
||||
o+8VVoVpbl3qJ1MtvbJTxum4ElFhPYaG4Oh/JPK1vhWVXva9T1PX6sGskdC9DPgDLStCweq3
|
||||
RqzAhjPvcqgpx39mZGU/SQzwVUFN7aqASNl0ZFUMmnZ/4aNNYXY9yEAvx8GetdZm8s+0gw4O
|
||||
zecerDlVf6xykodTT9sK3qiiRF53P5A8HlgyXoewut6MyKGEwhItfUshFSp7MMMJcycl+I8Y
|
||||
iQIcBBABCAAGBQJMb/jgAAoJEJ0LXlse7I8OrucP/jRV886elnIly0yuYX3ALXDPgGKFwbRZ
|
||||
GWC1qjf3ESdrqjC+On7jMLnT3/A4l03F23bpHEAOnTl5Ounb1PrhDnvo7msJUH1ZdtqsoT16
|
||||
sAPbq14Rsg4+n7f72KYKwcQaNVkgizg/W6a8VJDOxQQgkrZh3Lp90O8krIp6MDgd+XKEQRjV
|
||||
HxyhzpHHyqAaY+/nhRY3VXATZ/5K4+pdyRt0aWlpvftYTvX/iZnGBrsfjgYkBZnix/+PfFtF
|
||||
A2p0AXfiFfFuU3BlE/kG35gGDgbYf9SouHuYeR6TLgEMOekxeqPacbTTpM051Mq4tewfFQHM
|
||||
raLLSMCucl+duu7kyDRXfwZ+zoQ7I74UT9gRkI/jSYecRKAoSYnoewDo2bNMEsnYjFwyf+Zt
|
||||
MEV3glEDcE7FXgm20YYjFb7uMQIVbiuXnFho9RQFyu6z67cfIcJzEn1pttMdV0vmMfi872Cr
|
||||
BKGHxYu4gP1a+yQWx6N4Xgm1eJVdAdzhmkX7mH5C2GKLPIWzwT+onyi3qCCUWp4NL+2QescH
|
||||
IVkc8daU0AH4IGp0A83dpRDb91vYWFImVW2brurAsBwNtKRhpd6yG+ufE8+9PBzQ+hZD4+C0
|
||||
jyR/T5HAsuMQNSfcDDEi70E6wRLEd/KYp0YePkoAKES5CB3n46XS+WESddBXfeK0OZpAbXye
|
||||
45lyiQIcBBABCAAGBQJVku4RAAoJEOugxsccACVvHtQP/1218tsrXF0nLofFs9edddWw4NLo
|
||||
ZYc3HvELTHfyq4/41ERGOQoevO5/3tMzSyAG5C2lmKOz8SDHjAwkLmbqiYI2EbwYxLg1lTzw
|
||||
1jZGpjzBfKm+dll3SWroKiyesv/iPrExc6fJ1mxLWtP6G7R4m6ibmz46uywwreT6WvhKRKzs
|
||||
IPQdf84W13y2ItpFe9n2U3/Sy50brOnqAiLj/zIP5PIaaHzrqUIevdINFgyIWee2s7tTDcNm
|
||||
zV8TV6+cMs4jT8nqguNy0lBGjMsSm4BviQRZJON7h/v3/yf67TctHMWJxeD62STnXS6wjEIk
|
||||
TTYSNSEZGvMw6Ti3lVB4nlx7WW8wLX9X5/1QdPc9jZyVpsh8QzqUtp+jDo6dfXPBYfUlwm1v
|
||||
Q84BVfcknpMkVMDLX9EMS8M2HLWBGCOEa2/n88ocUnjX2ZL5C2MGlK1TTyxSWCA8D9beVpKa
|
||||
PdYP8JfUiZpC5nLKKBvyEGJhUa2dOY6jdbPRZX+V2TWMIwGWq03kSv4VBHdErK+HUXXcFvue
|
||||
OdQBEOcN4H78RPd20CNTEIE4bsxgT+riXcjUDDrfIH4EQsA4oh1Z5fXpE47y3ZMMJuWfRzrg
|
||||
es5QTKNFKDfLsDwPvgyJV3iLbJeKp3G/Te+scm3UDYi9dCB0eu1MiKM6SIxrJIGzl068Xndh
|
||||
QNLOTpCjiQIcBBABCgAGBQJMXbYRAAoJEF0yjQgqqrFAvAsQALNsAqgOJrnudiKERxnGU8dD
|
||||
YlxWPADlESd/DfsoEFkyd87GXVzfOE3ZaGKW66PB/D8eEfiT3wWVNpmAfIoHePXkPsA7NSyD
|
||||
CORROlpxXE9zFaiRYMzY3EdCsvSjSn2F3K7pymCC5yuYFXTW1J6x+CS8YCEautV5h6oIsGsD
|
||||
4zqXyHLWM6Htm1J1Rk0vW9tJqtfO39CFD/McuOUC6QMNLeBlWri8VDFmdGixOmLNAtBoZkPv
|
||||
i7AE3BFa4utWcLLjm5gMDsPW2xag21LAwX+xiZ/G0xkDfwKM6w01KcIp03wVzWBwtaUApsmu
|
||||
6fsH6gFPFuqrAKadAJY/L/U0A5QI8Lw8joq152skYYwzwC0INYTw+gst4IJDWPtjd5sK80Q9
|
||||
NJpnqLJv91KAn5+Ya/i+K3jjFQLwII8x1rX+B+hxsbofh95VdfPJW7W2ZMFAc5kpiN6Vmw6O
|
||||
X5i0x407cMV2TslvGI5L0aQ1T9mnMipqMnQNX9sMjCUSRNVa1DTYPr4ANkPy4ssXxenRN6Y6
|
||||
J1Y2KORYgm93FfUpQaUUHOPzBT8PlfuTn1rNZpIABEl7RB2qpsJIWytQjZ8U/9epUiiChMXk
|
||||
1zmB8izRWAoX9NtLM7KttiFht1nRYgB+8Q9/Ta5mros/htAW4slcFzNwEqFFEYNpgdtfh+S5
|
||||
50o9SeOpmQQqiQIcBBABCgAGBQJMXlHEAAoJEDkUtTL0376Zk/AP/2NHH69E18cRAOuET57I
|
||||
oRZmJqa+a+cIdmXFIhWlxUtQfEBdXwSDDcCNVZCWWabiHieSEahXSbCQIpjsjfTLHVVmBBCY
|
||||
a1XFHixF3tnR8auN/KONFQ5tl5IViAw0tYBX1zbx3FqZf/XMqzOr/twpKrbI2VaslvjPpu1E
|
||||
sZ7KiXnqjWU1Dp9ydwK7sdb34V6w/N/uonaulFq6IZ4GzQzIaF7/SkOwm9am9TKON/OmE9HL
|
||||
hz4kGimtnvztfaGQANF/YxBdjXEvtUp76y8QwXrxOD8f7EFQmascGPIJqgR9KLYp1Tsw6EFJ
|
||||
eKpDGJjzevkBN8eeIDLOWfcG+qlhNHHtnbfXnv9Ojr8b1idvSsdqvwFBAjw2svZAK5f0wkrx
|
||||
KU3U5/hTIz89EQuT0o/oJWBj67ONQYHyh4CYMZi3oTiqFWQH10utKi4kGnM8jaDA2No4q4xk
|
||||
n6L99QIU+RClkamJVBQdmzoSYpjiFoAlXDIhwQGt+QmhbizZLp6NqxXJOOHJ8ictRpRlzHOq
|
||||
ERlLNkmaaf4YTyBeEIH+GYad/xiqDQqm5NQHFBira2dZskxKC3SND1e5sTd0nYIur09wbJG+
|
||||
z72oKoiPMCf4Lzawpi83Yz3Swks8hZ32fbObhuiAmfXqEfDlhbf6Hz9NqTxE57faXm8pWrRy
|
||||
o1QgHe7WNpM8vth/iQIcBBABCgAGBQJMZa+UAAoJEDIkf7tArR+mQ54P/j192Qx1SS9xW+Ao
|
||||
2V6IdWidRtV25Pkt4LckZAIJHfVEvjpM8z1uuY34YacjFeZWtfI3mpM9JUQ2Zx854oSX9z0S
|
||||
iQ0u5XnPNBavYZ+DKgGygOyDQdNdjvdzR13IT3RIu+OAnAFkBfwS2r8i2rrWpeZxltPR1Uc8
|
||||
J0ZtJ+DLgdbtWZxCGIl5eupdbf03oNQ0GHP/h4W9Ls2kvJOzILQx24+9tCZBIi6ZuHjlawhV
|
||||
uZwTvhuc9HNhl5knHeyOZCFfBcNTWFnxuHIzYq0AU/12+WYuZ+SLll7+yA1yHpP7tQrz6oSY
|
||||
rQGLzsBq0/kONM4WYmhMQVtgxuxjZV7DK8+1f1YlbKCGrk/R4lZ2JklJ2+qI2WMiiW4BdZ3o
|
||||
CkEi8z5Z2vISsbTe9LujYnEbiTyCiEZlrz5bkavOgMP8T/0NlA0GSUt1Jo4hkLG9eWUfYgq/
|
||||
7N9vMQd0ihpUVKciJyqaSixVZVX2OdUW0nCh2ftwOzfvjhBG3GydQDb6Q8tdiOeLL4kB/zpO
|
||||
VfZu3UydE7CAtqzvNj9DRR6hfyuELHULoxkP7DHCJIx2k4ZZwgUmLHYIyni8ITsRUnapzqwO
|
||||
Gy4wmQM9ZGvI1vFXINsV8FUKg55scO7baXwizGX6UQ4jwvCBkt7i/1lYhY5udn8vmQ0cRf9Z
|
||||
HjKhTYfZ05hp1dAc9Z7piQIcBBABCgAGBQJMbA/0AAoJEHhT2k1JiBrTtIEP+wRhrJcz3w7K
|
||||
y8F8xF7+ihU9k/lvDjqZLlYKuX6kJsTupTygmC7bNVw4uBfGzlujY5kroa375kGK0Q6Uh4PT
|
||||
ffiySDUmKj4ap29rlLT3JzFuu5CIH2jskPEAYhqgaf1NZUKAcIncDtVGZWi5J/Gi8faVyRnn
|
||||
tE86gVvHzlgsDoz4WLE/Wer/LUkotK66I9sn6t877lm948GIrJ0pknNHB1bCcR6YhNRS6fI5
|
||||
n9W3bkHBBs+ilCd1GlWKl+a/NmBnr3yMKEYrM8hdh8RVJlHW1puyLruumoxolSToGvhAIPV5
|
||||
E8D8dc92Pa5N0tELtw4a1Ao9zl4X980QQ9XPqp19LdgrN4ipqxgaxlVywzSq1fObqtSd5IYo
|
||||
NuLz3PvoFeoDyP0degy+4PxXX+hERcpe224No/Oo6cPvyxblgftFpMlRVuxLJx79m2B0db/A
|
||||
lIEN4RAa6mO77ZcJnAeInD6ZWnHw+bVPTbGnsz/9L8EJA/SjILpBcG9UO9pqUYu+aL80AgDF
|
||||
FoWlq/Oy5YOjTIBBMcE9iN4V7RV0S7ygA7xXQ8JEon3lrgVNRQ3tyrqclXKw90ehPS8ntYJe
|
||||
8rr7M7hw9SGC/UwLlZctG0BO/Le1aoRI7U6NTnfKgdhfn2UAPX7tgSAX/xgZDcuF3T8KeTwH
|
||||
/GYjjUzgeoKuZMtfMjXtEOfxiQIiBBABCgAMBQJMYt0+BYMJZgGAAAoJEMzS7ZTSFznpEuUP
|
||||
/ih8u8cHaYsnA0vQnfXUB3NDtKpwPA39yTh12Em2QWP9ezw9CizD9VRBmR3kksbxvFI7lNHF
|
||||
bBR26jzHvz5wh0OFAoL0QpnwqO6YVDYAnDbwU+9Gyk9zFz5WAiTaj1AFMA2Y6tfq9M6eYOG8
|
||||
7eNVVdRI6NOwmjO5cO1NNFO6fo4zxa93VLX8CS+4Xgt+qYnJc6bZDbwUPdmfSr0UgRVVbZAO
|
||||
CGE4f2tSeLQwEOkO44XB1rgRilyGu9dRShgxLQoauAXzsQvqMzaNwjal2bz+yunhj14Q81xk
|
||||
xJZ96I0w7IzMPmu5tjyPa/1Bhn+f8cHkqQQKcu4Bf2OEtANNU6M98reiS/K4cHEj0ChdFiHX
|
||||
l2z4WxSsihbC3megEX96l9A2uVgJK0VsSPQQkGKzVsJkEAsld8tC4XK4OzukpXB184h68huy
|
||||
TL1jdJkYcZoBQ/3Lo6Z7TJ5ZvnUhdpuvQdRfmBYK1AuRuNuhmPDYV2/qqmFOYBrpUY2/qv0k
|
||||
xOYUduergCG6cI8zFK+KWn3S3sfxVt/032qe7oa9/VsloGBRwiaLl7MAwzHJfUgZCMIcfJgx
|
||||
6sQRhrvZbwWg64UyG+xFuocSqTRkcCU2fezMZHhLA6B6CZgk0sY/VBQLBBOy4bmtb54AslmW
|
||||
f39NNnD/VzkSqURypo3aDKn/f/v9+JNBfcCJiQI3BBMBCAAhAhsDAh4BAheABQJKB2jkBQsJ
|
||||
CAcDBRUKCQgLBRYCAwEAAAoJEESXUni4YStd9mcP/AtRNozdY/n06hAVJCnI2W0U0/BknKBd
|
||||
z8SXGItd3Mb++tWs8tMvZw40hB3C6oQJu9CdZ4tzZtf1jSUxoAJjGTGOiz0pooeINAuN0xRa
|
||||
eLzUPyQNJpd1/CsZPFgtn4FeUa/T9WwHxZn/XzDBPd+N3uKzM63ZRpKU2lkSvSrh7fvqP13A
|
||||
h8Zq/quMgOsCbQR6Dp1swJIm0s9gPfN4mEVXeknXnd2vRGrblJYL3u8V7cfjUjnCUlFmB7U5
|
||||
TiROYZYeP3OIuDsAqv8+xweBswWxCxX0LYsuRHRxmLKWEYHAV6e0czRSJYKQdV90+URoOZin
|
||||
Qdeo24cWK6caJEavAHFnDcKP5aMCrCtp9hM9EB1J5/w0zOEXLotwhD3cWVDv1k2s0w9wkNZp
|
||||
PJKRdXL9f0en47MpqJqR9/8U9X9j8t8tTUbo9PcUcf3YB4hvmEBauBHrCBNslMx58uPYOFjV
|
||||
YqbwHUzhTKHhUGVHbCkQrUOjD0z3sjKlzXFqO8Ba3sDAP+hs9+g3YUQX+A403rYJoI/b4Bvy
|
||||
eZ4ryKanz4/zhskMDdSBZ/UvduPm+gHEyq8Xtj/jxRDX0EqLvkphDdUgZqnmanx3FkkH9EOx
|
||||
fUxnqpdwJvAj6k3diWEuei7pSbTBlqi80fLRUm43135UP6AryHtUnraBSsaGskH4pznmwUfW
|
||||
Kh5WtChHcmVnb3J5IENvbHBhcnQgKEV2b2xpeCkgPHJlZ0Bldm9saXguZnI+iEYEEBECAAYF
|
||||
Akxr78UACgkQ1cqbBPLEI7xL7ACghnGFWacQR2ySOwHGcuP3y2NepV8AoLz9sWYoqYd0SL5T
|
||||
192WWkJWAboKiEYEEBECAAYFAlCf5Q8ACgkQcPNeJG1THnOB7QCghdTeFj/8kaopb1WjUCof
|
||||
BrrhzNQAnjYiGUchyKzDS++2vV4VPwxvMZZIiEYEEBEIAAYFAkoHceYACgkQMhdcDcECeg7B
|
||||
0gCfXpPTRYvu8+YGBrnl3ryzbBrYCiIAnRMek3cGNpJrDT76nPCVkp9J7zqjiEYEEBEIAAYF
|
||||
AkxccSAACgkQ4VUX8isJIMAYjQCfRZD7k69DKbhcMYOYWt5paHpg6SMAoIPdjQhnId+yPSTL
|
||||
h05O6LtJU7XOiEYEEBEIAAYFAkxdPysACgkQ1OXtrMAUPS2JYACeP1vgz920Qbq9CMig1p7V
|
||||
9Bve+7sAn0FIeNCiAGp7owWq6mZX4BOD0o/IiEYEEBEIAAYFAkxfNKAACgkQ+YXjQAr8dHYl
|
||||
2QCfa1lGYuTcxswPc6nqR8P9G1KoS5gAoNsq+dtZCJmYMIflfGNOxlzLUsNziEYEEBEIAAYF
|
||||
AkxnTKEACgkQn3j4POjENGFPMQCeNYzQIXlYtcurpdjQru//evWc084AnA4MQEEKUkVvRLOl
|
||||
PvkCi847vss1iEYEEBEKAAYFAkxeUcIACgkQ2hliNwI7P0846ACgm2JlzfNk5w49MB4cGDwy
|
||||
Aodz+MQAnjanm/JlttRZCU+zLaxHxEj4JovdiQEcBBMBCAAGBQJK22d7AAoJEC0NWrh8JT1S
|
||||
LqwIAKQmrdBXWS2UmANTYLBfDuytJJm+mHj1YSJ8ro92xzst6WBmqxMwQ2EscOv7S0rI/LGr
|
||||
8PfXBnpp7Mf3zhwEXeUts0ZUt/Vy6s8UAVPTGPSQlj/Ya8u0mFfXkdGsLMgMdds9Cz8fLbZr
|
||||
SycslmVmLtK4S+rhjQhJ0vXt2sL5VJ3HRznCpmSP5+ZQOlH/PenHLmV0kC9KcOsrxgvV6Rls
|
||||
HIZ7oiATogYm/kuwXwQ+0qQAMsTY3AGwE0yuMXvDuDUnGdUBzaZJJZ/wodDFYlDxTJb9NOh5
|
||||
P7PDBQghiR0LrnU+Y4b4Oh6ne61EyGRhP5ULvZ8RZsvDCO27gjNxRH1nJkmJAZwEEAEIAAYF
|
||||
Akx2jugACgkQIjrgVb2U4VSOeAwAsBhm8cj/o2YZPP0gFdUCUyr6ecydoD1d0ER8wwvOci64
|
||||
bA6Xeu+i8LtcAHKowj0h1uVye9SXK7FpfyPlD3j6hbikG5CKXSwwEfEOUHmBIdY+UarL2Att
|
||||
791yM3hADK/LjKObU/hEFs+b50xsug4pbYGbnDgitj4AG7mrqLLReCAV708jbizQyxizDl2w
|
||||
/aXbgRvjjVczuxFeFYGlkIFv+da3NoeYCV1oH7Wcg2vrBb+TrxgIbAMW4V36v+fIPaTsderL
|
||||
QQTv86Rq5Uv+FvZaoA1y7rXMpDbD8OJ1DdRv5BeDAGOAWUFYj+XDDdpfKt91zOlzfr74hikP
|
||||
1NWx0NEyG09wxvkV/6P1zjbv8NVedwhDBs6QQsco/oYx25Pqsin+x0mnc1NiDpR+9Oe7c4ha
|
||||
6JzzN3ufllxydLpK4D1RC/ITKhNhIrG26qSEtk9K6zM4QQbD/Ngh/hztcHMObLYv4MIz/Uus
|
||||
K+CoJDI9kPAISK7zKTHfGTbM4O+gST0gqcFSiQGcBBMBAgAGBQJSKkiDAAoJEO9z5tpYNrga
|
||||
fAoL/0E2pxy8oF9vH2d87G/tYfJB1sndWixltZtLYJMZ6HVAwYBsq6ju02893SllpZ6xp99x
|
||||
xAss+xeJF8PlpH5nauQOn07IyUNTytxa6kJ/xHcIuVEVFEBU5SUaXStqfugM/EE/V8pbW5di
|
||||
oIILQx52NKli/JhrBWlW4/1k8moyuCkZqYsdwwp2QgLrJhcTNB1nWx4DBgonAL7GOGy7s2DP
|
||||
6zoQT2rDmlMY+Y0GrYkt6dwwed0y8mP/6c1ayLP/5E7ZlJK7Lj/3WFxYXeOOP3rU2xm+Brym
|
||||
u1ND4gGC9P+p3rlEBJ/loSruk9bbviULqiO5s7dB4Xzr2joED4u0suutYtSPnuY1fNV0DGxG
|
||||
qgYvhwxcuOHVD3zBMuAfYoGSRQNsMrpzBnfytP2pF2CcS9L7maaTBxyKF7UbpqdvDDh74i+A
|
||||
/J2O0TmMuraSX6r/szqCS8B5UdetjxWHpaEViIy4TiFBMIzkhhJIn4nngn8lHniRT6ex+TWp
|
||||
dM/vkeO5f9ea24kCHAQQAQIABgUCTFxxnwAKCRDxppvkKcD/7nyjD/wIQDebpZRkWpthmHaP
|
||||
NtpU8vn2WWtxigo4D/crBIrhWCvJGqm9P9n33AXpGGc3T6VEJGyq4lxdwBP/K5FC8a3hgCXr
|
||||
dXAA+V5knfURy8kya5FBGK34YtrGXBcNv77I9GdGdum+tooYNnNJERueRkBLA4aIImB/W3NL
|
||||
eL1f8vWVi4vys8Utpj8+5pg5GLstbpmzewtc2LQFstMDeCjBsrDiuZZrsp3fO6zKnizg0SOS
|
||||
jTkSdXwvCma9j4mlmU2Ry9QJf3EBqyDwhe5Rcrl8TopaP75wOKD3r5npo+e95Wjvxy06PjjK
|
||||
1ntAYLMuEODWiKAhQ31YYYg8v0yMvBRFLfFmtgmSoFcIiGJw7azkxJefqIhQr6SWUF2G3keQ
|
||||
iD3qNjrriIqxdJQqj1XZjbwwHMKlvtvokf0xCWltpqzgW9YBcKwqr80Sp5Z2M5wjeB9TWhSu
|
||||
uoG44r8dtz7GEVllGwGd+hRYbyhdaEjdgFjZtJ/T2n5ESYQ5h3V3vjJbbxVZ3fOE4ksVNEkR
|
||||
5cv/h1x631SuU/287bb/ObGieYIbaIxpaQPedcPuX1+hHbLCrtZ9FAx1COzhIJbXG/2mS+2b
|
||||
hTUyax9RQ4n01fgsU/C6FPeGqfyrrfijS2XKQAGsigRGm7rIjENjXM2fGqNsWGEPt9v3YoAl
|
||||
vVv216XE3sCRMz4Ua4kCHAQQAQIABgUCTGAriwAKCRAedZpyap/ddM2HEADRXZZx9vRiIKFC
|
||||
taquk6DZB15B+CTJSe+rhtiiRiSH8GZcifbF2ARqZF00OctbKkbBNycNV8FuxRiaZZSZN1fu
|
||||
ZckgOKwMK83Llj0tHd+BTrjmOiZqrZ20l9j4CMfvoTQZLOqxbf0XKpfkx+WEf8HaJ59+2GDy
|
||||
CvqYrzYW4oQLdc1wwQ1mI/6XcP5YyTPaOai7WzrRhL0ClYj6/kKrcyzUm3G91SuC/AXPGs5n
|
||||
8QVINq1hidCyEjuRO29Pi9YjOIRA0YSmWwmF1Jq0CAWDlSeWZf6oZZq232UM4OnDosjp58pj
|
||||
ldIf8YS8TcNLjFZUSq3ilfIJgTLZIfMj0H+YZyBRvHL8071X6xmqcQXmZb2xGOJHu/Zn1qrq
|
||||
BjN7HIOrohVvVqccR5rbmQp2m763vqGCPL8nxZszGvH7v5PFCTdrfa8tlqiugadUvYW+SCn7
|
||||
RI1QMijJJjrlWolD6ZJLSiA21a9B/y8XmUluedCQ+RiJLzYBVSZhHI4j6EdavCKbTZfeUZEW
|
||||
PiYbpjltZ5oOjoTzI/C7GKn/btPdY298tHPIRPJP2P4Ybi0Xzx1tsZIApFEn/uHxzxndigef
|
||||
Q0EtTz/ikmVN3CAPo2i9dj1urBixB2QuoESumF2hjUHs9rZDtug6CuskojI0GAb2wPNf/U6x
|
||||
ugU3APwb6c8O+66de8wHNYkCHAQQAQIABgUCTGA3OAAKCRDXiExHGOGPRLxnEADsBFKXFFK9
|
||||
8wUfiWk8b5ov+XJRvYhrOQZz7fX0iIxUaZCLaSIViyOD8RYFXr9KKuhGc7pcEvU71ccRdmN3
|
||||
SoHz+RQDrCJlRgBosEAY5hfIuqtuCEF/njo1cNSR7kjkYc5PKXpbHL2G+15X8aOBdsd/Wa0W
|
||||
E6vLxMerhS5ILRbRs30W/VzcNnlb/3dhHSvJPVF9FGBeZuOahY1edZKU7xu8k+udND6lV1Xy
|
||||
j25Ty0mb1WfQ6ORuqLhXPbfIycqLD2sNmpFBNVlRkRejEhJU9IiOrqkgECPjqKUMo9cnCCt1
|
||||
rVO0EZYvJGD75wl1PySqbQus1MMLep6FJsqvnUpEh/HzS6+Q3/2AL3a9JLITDm2h0TkCeX6q
|
||||
o7b27aoe+J4cjiApF5E643OduBA6Ox2iauEr1t5d1J8ewFWx929EQYHnLgHtBx0CzZGUAZqU
|
||||
NJEqLwfgxZaN86Kdw1xP6qKCuCdkhrsLt7gsACvSpkIEEhVxoAHqJleWF4MqozwfpsEO9BSg
|
||||
L071pyc0Czw0XJlNNq2sn/GomNRvXLbYeSpqzsLdOAYxsG2l7aNRHVb81ml/OEvIuxHZE4Ae
|
||||
cjxfsvnONarc5jWIA7iFgk3sLaTVejP4Y8cbn4rXn+98QwseRPBMHRPx84W0Rx+YUXQSAvVG
|
||||
2GboFMP1PvnEEv0Qqq6JsdMmZYkCHAQQAQIABgUCTGWPGAAKCRATwLVmejiwsLktD/9ALTT3
|
||||
VOyGLPKCdTYn+kXo/R4x1+VpRdoLLkUnxKBzfTVqtHg6X9GAqMn4b8PIgIh+9ULPiK9OLV5k
|
||||
bdko3T/cbP+Cl2iqSbVZoKuYpf/xd49oIdiJm/omruVotTDbz5vOHwxzmrSRcxXNzKrnmptr
|
||||
f48dZjoDdrirUJNDlPE7yvM0IvBSwPv5R+t7gcti0/ZZFWDSEQ1fphx5q5fD47+t2Oqeyq9s
|
||||
oIC1uO9xnzB7tTmQ4m1Up0mwRsf/r0JdTkcT2Q1PNOttWUY4aDncF+d8wCraPW7715C7iP/U
|
||||
saAW2h+MwAVC3yMT6iu1dcufRJsgFg0iEd7G4Uxp4IcCfwSLWD1mh4NEXZ8Tis4hTnfpbICs
|
||||
Go7qPAFDdPhWRw7ZGs/aLV0+E6hu0t5hE2CWaOCS7hfx8Z9W1heEuMBqDXZeSEfkiA6/sNHW
|
||||
ocgNXiDXVMdyHm53xlswdbSDxDT6CPcdvzHsyNP9/pYd6+CFgTBAw60XqLrjYPr3tyTHBWgt
|
||||
vFS0tmSq2h6zMht+yMu0WCoZgw4iTYKtwoE+8RE0aaqwxUcNw1w5h8TTFY0b0NyfD16pHX94
|
||||
TruaZnlnpNWZtHgYEqtobMH6SKyOsy0G+BJ/XM3jLKczi1U5osqH0yBRCWxVk0uUAOT7Y8fi
|
||||
wkUSNQl8wnUbDoRSOtwCn1AQ0LRgOokCHAQQAQIABgUCTGbH+AAKCRAcAfRDyck8Wux1D/4y
|
||||
7uso609rTdbQTInHqA2XUshIOCgsk9aW9Vphgs4hY0VEhhfRyajEa6RrjdYs68BuWUWO8qs8
|
||||
PKe3LhgTDv2ZmSBMdXEowYVY0CvvHhyHHZwdMl+6vRZX1uI3SHf3TKqT0eci7gNNvYnCbdMO
|
||||
nXiBCM8nYUbbPOzSBKFEq3CE7EhNOvSMZwTu6pnOdH0qiVUvqNTx/hEo9qg+brPrPcLho7Yp
|
||||
cGu/Kuqp30r2b/HVv4U5X5mOy/OebqzCAb8WEdWoY9V9sDo0bf4or5DZaY/JB6tozg7bQ4Zv
|
||||
CTwyu4x9D1SqnySE9/wsu9xSlhni8e43o9ujv3jxABpbbOPqt00wA43wSoCbdfv4mWLsbGk4
|
||||
byKR3eWEh1XcUwRfaPk08fh0ssskKBk8C4sUMIk5oTiT+VU7IZ50gh8+XgMxrwdMcWAQH/Qs
|
||||
VtsYhDGA0UTw7C1Qp8mCmeqLVw9RA11d/S47UgYlXBQiv+3LXuYfmz/sALy/ktIpz/tp5CtY
|
||||
PeP3CPuFMTlKpVScL7+DbeW4pwwR3pkm1QAVaG/lb3Dqc4QpYcucetSyfdof1E7ZQtCRTR+L
|
||||
BXBHkfqQT4xnqYOU8ULraaLaUGOd3y17rlYUXlHijhNtytzSbn+GPDnbteQYqZPx16IS1H/6
|
||||
buaSwB5ZRHBbfsF9O8JP9+ldLkbjaodxpIkCHAQQAQIABgUCTHblCgAKCRCvIoOqduKse+8L
|
||||
EACKRmLci/pI12k8kF81SrF1TEZG4Mlqtij0vFQNTvaLJW9PSX5xE9ln/WcsLwUPf0ciV7bF
|
||||
M92bdaPiiEDOzpC3MFEV8Kx/cBGPdGNx42SHbOrxzbriIt+OCFxylsqlElW+Wbo8chPtXWzi
|
||||
/G39v1a/xHVxzBg4uUPFRL6zOOZ12M+l+TCijja4EKgctCb63t+x82GCW8UspmTTaEn8UT5F
|
||||
STK+qp4+cQeIYBRBcHAGKyfzKJ6Chbv3MlNq+zhmg3b8NYLTKWOgpP4th1v44EeO/R8Oibnt
|
||||
KJ9hqQF7a58hb2JLuoEmXXBJVk552hKD5UjKm1DrfZAapUTbWvVv9L5IdozaDph+GZzpXQ4C
|
||||
Mxlwil3JVEe9sWPoT35iApFSgoWbDNYGW8M/CRiyLzYtCqcAzExJbU9KnKOV9kbebiZ8J7CZ
|
||||
gxot5en0OaXrc/ALPHjYKrNmZEQ+B7dlUcN7KzFMEJHPC5Jb9xsV3Jje6T17lA+W4skejqPC
|
||||
ZB1mi9D6SHTN0MYajeRLasFq7F1Vytd0H09MLkQ3i2lymE50Su7cOsMk1+KjA63C0JmMquMp
|
||||
4rvuBt6Sh3qVaXDTPEUV5ZT5by7z6KCb4iYg7AB3IsCTsP9njUCZh19YE8IKxd4y1XXD+ymW
|
||||
FwxcQs8Fak4HdGfmXLf7G55wI1E4GHFEwWMJ1YkCHAQQAQIABgUCVXGlUAAKCRDagoMOPMw6
|
||||
OpY6D/9xPI7IEHZCcGdZV1C5JH93KmiqARv45K0p36nAxmGH16mpFYtTOuK9oJ3ZSAZtbGp2
|
||||
oppbQX5AZHhRUvHcjwv33ME0RduosJqeMA8GT/xZKfXNGvQpn/ZG/pDyDLbL0LyEngRR1R+E
|
||||
JCPNAna+op7ULQSQ/gf/HSwPI6ImnirMwXFAGOBSW0s29z0ilC/BYRlr4xt5uGwWugYnyhJK
|
||||
/SSwrGBaDxB7hakk2LTeVOe18etFCno07VPoI8pUtNLBiLmySM2aK2Muy4NR+jZjU9x6oDoB
|
||||
tTq40fkFln64nK82hqFoJP6kDPkzdQx5NaRiH4PAr1DOydHyXofs0MghS0UKlCZR6rkyAR2k
|
||||
9r+b9+KUDEQYrHXXDqhpeCunQv9LGzTi9GmaCatNHJTwTmVk1+oydWiruYLQCQHETCzQrK2Y
|
||||
FEonJnwJO8XremTXw+V3jyKZLee311I+ggQmtI5StRF7fFh7OGzdJXBVw5hI1VlISketFvAz
|
||||
rllAI8Txt59l45NFNkZDZlJlJeadffen6GOXsWr5q5JfS9XlfLbGlzlrcZCG0uxGfKoYaUJM
|
||||
0SNa5rvWO04pEK6AjBufkinWJBIJ1l9bz1uSkDY8g2tQWvdZrqGgih2DAXDhv+lu96U62fn6
|
||||
k+UtKx1D2Y6JI+KEdeGffuVp+4SnydvYIAH4GgSaN4kCHAQQAQgABgUCTFxxMwAKCRDxFAhM
|
||||
CGEREQw7EADTPt7E7JjfPg5B5r8xEQwvWnQ09/dE9xie4ohfzCOfGVpvTquyG3xKrbw9SKhh
|
||||
akS8HPLGgBvvodqvZOqPGP6eZKfAAZmlER5fAEtw42deAGhL074S4XOeuPmRPnYlzPZW8cy8
|
||||
HhcmjbuwXbhC7SJs1KtQ+sHZ6ihtTqXoqjsC1ArMOuA0Lsw9d4IOT5sXILtqnk92ynkX420i
|
||||
yAiRU5RXlASnBNg5fAmMGZbW2/EGrHtfE+zzpqX0N38qKmBnE7kRgPM8OGYxYGpUl8x+M1zz
|
||||
KY8BLhJx+gwCzI4L22uKwqv8dz3kzdWD1RBUUKJycCDzwrR+RI+xO9cQzaU/HOykH3HoRfIG
|
||||
TmaewYDxl2vsVeHVDbGdZOmhVRzLqQIS259eRjQe6ZjdMiRJe15j+udFF/iVMgSgq93vWWNF
|
||||
WB9Q7dKRZyPHjBuFuL9YP1VmxiNELX/BkQlDXcnlXHvK+KSFuEgV8RgQenmFtHy64YBC0MoS
|
||||
ka4NtWkPl9EimPn3iAHNLBCfqqs83TaG9Fl8+V9se/B//AcsNoM0/3vBU/L/5F0PppPVO6fk
|
||||
ELDY2V11zy7L5KcLJWm8f4YwOKCdyDYPYVTpl7xGM+30n5h3xto8Mz6f5NWVZbfxfErLU5iK
|
||||
aeDdSebdqns+FUXmZYUlWJGCXEnY1aAzy/9MpRSz+mtXAokCHAQQAQgABgUCTF0/MwAKCRCH
|
||||
L3AsTW4lqMf4D/9oxFxZbLh/kRIjys0wNgeiq0oBLh+KgN83Rf+vc74A2q2T9/XiopuEtk0T
|
||||
ywbz3Xw9KlidyGr9Rrbl6O6aWpy0csxUOWvprE7jaTwjqZxqISNCcsPFbsWQieJ1bVv6upjE
|
||||
j/wrTRh4IEC/P+K1OU0lWblbeDDEv2K8aj2uiO8g5Ckp9X8Y47Lh9VMPvSOPN6aFyX0s1DDV
|
||||
fweQtoYGQOmteY/pFDP+K+FV8iBw/wjEVEWflqWUCIOAWBT4w2sJ49KDdi3RGmFk6PSp/JsU
|
||||
SLGrwUU3YnRiVh2vsK0X5nukWk41jm/1XdvPzEEpMK/RYiSAzGXKvs+UUWFi8g7AHQNfJOl0
|
||||
hmB8LYFV7mQOLdbNIVTRB/ImbexKtuLDxU35CIxrJFvg7Ry3ulIZgDgFZEM0D/xu+2tBd28X
|
||||
GjppOjqp2W6Zwnn4uwqBXMrggtNRVSeGASTDs8WPdwR3PxYKxx237f8J/aC3o2k08q8KbjmR
|
||||
QVRLlOo1huZxmXpn+SUUKUJ0dqrrQHIEyzGtS/VSRRI+Kj4wiThPOS6zmc/vFaLjl5T69sOA
|
||||
LS5TJqoGZz7j+GDK2MINkWWNM61SNyzomtdQc2PIICR7TP9zJbOvad1QDfT7kyM1JuhpvV/6
|
||||
7XIP/oxk6OfgMT7yHTF6rh+G8UUNt/ZBCYAipcFByCKDwNB5sIkCHAQQAQgABgUCTF1E2gAK
|
||||
CRBTlEed01JMUcebD/9aEHlc3TtXSGHF/gxVl0zsi3mFM/wibd2n/2Zv2gRrL0Su7BunKEMc
|
||||
l+7SECKbDzWC3LYucKhjgVuPHSgGakk3ANiXiDw4qFqiYil1Prf/MK8F6RWye00IIG7yZamG
|
||||
+1kLA5ft7sjO/emappGvW7bicXqgoEsazImSi9ekfYhLFKHn64IR4UjynHibKjoXA+EatPnN
|
||||
pT+IHnBRRHRq2uaU8ycQoxiwUT8WMPyjlIg7NT+IIYqQm7DRjSTsUoTwhdaMlH7YCbi/dX0y
|
||||
SlfG0LF/5fdg+MV0h/hPqy6gq2oRouILZlfEGtvv0vBmqagmPP+m4KJ/6/Ikf5ysMtC/NlN7
|
||||
exkyj4M8Nl1U07ijha5CQCvn6DyQmy7xT/rmbJ0i1zjZauFmPf1ZaqennMkz2ndC0glSAYIh
|
||||
d76mDDWGjvszrYpbO7KdJJeiO0LkoSW7fKxgabNm6x5MaPVhcynmjlC8BFbn8xuZQst13Pit
|
||||
VmFtIDX+SJVFQCK0Ypuw0NhkXx4sRqkBukASSwCRrDxPPWqlg9/Ji9uKjInS7M/y3RDZqwJK
|
||||
UZqLw2pdlzdAStExWfA3YAX6lI7IrpHMuoPUt+aKNyO6XBLMOGmAGo6LUP8vOvwfkFI72nWL
|
||||
IgHSbB7MzHLFcMxyb4CvGjpZQzu3VDt7sDIweT4ZqWMuMIxreik+M4kCHAQQAQgABgUCTF8j
|
||||
ZwAKCRB6j0notjSAvpDND/4nzSbiS1pMCum5H8dhR6odBPIRanEa8fLaltUQCfwG+CXBfuH0
|
||||
nguvR07j3oMWLZJ0YqZIfGWy+FRMAqFjkY9Wm35ddEO4fm5O7j662mJn32S7ouAWvMXeZa7i
|
||||
uhz7pe5o5hxoN9dzr/jD0qNIUwWzCl8C1KC6Gm2Szhnzr4jMM6fxol3i1TIjzqcRACqIFM9k
|
||||
rJdpHe18XEE0Ao/cNC4bPdPFEqFdDi+zoYXNrHqyCl0FqnWOkq9IVa6Sizy/8+ncgLt7mxpR
|
||||
CeA6v/N4w55AGlxfS284QzDWUDzAoMzMibhnqoY/3p9xup1tMtOZe+2R6/AOfSa7nB3BSGDi
|
||||
g3INNT37Xh3OiwYtiGoAPGnBvMdVQYeLd0ySC1cTls+HsXuhfediraNnzRRgioi+r7Ew29Dj
|
||||
H4O0gWhunw0gqn5NO/0sqQyN5cW70iIjhJlXA2pJYXSLvONRzQ9GmvhYIq+UA89UmriycCBd
|
||||
u12zi0NfEY85B8qqzFP1c0EJrHclHNm4SuSh/cXFlejRbIiSejp9uCHXQqELSRWzxRWOSy9T
|
||||
4iARC/twBSE+rJYfCrTMLKZznBzz+FgY/NU91w+teGbKanrKLKjRJtlXanm5kMSVXpmeTnc4
|
||||
x46OO8QjHGto4hyaILX+H0+jYcTFZXV1wXPqgevaGLL5fZ2EwfdURZOMI4kCHAQQAQgABgUC
|
||||
TF80rwAKCRDRXTE4ggBBc1JWD/9xj+Vpx8DaFRrmDwND90I7bFDux0MrxxGZ1NJc0WhF03+t
|
||||
1rqP5aoqgXTx6UxMHTTQXRk6dNKpqRdWCiacxd9LUpUIFj8QrSE6zwWweW+5e1lCa4cIC69y
|
||||
AHRN7LwdWV/s8dTbBWxPuCspDXrb3wPNmNaouw76T2Ny5Qwt13PnkaHmoNGIDju8yOpVhcAM
|
||||
mRIeAHgJn5X3WkMPi9dGfKr94Vv+K1dAKzl1VQ2DHUcS8dVUTqugYcaq1NXeZ8ipacQtTy6o
|
||||
4+aiY1iBJDvKdH1MxJGsS2EvcXT14r5YzOz+KTwIExlrKK98+3XI/u1L3VkUHqY9rILN03Q+
|
||||
cKxX/3dV3j9YDu3mUNL9at+cZ4FjZG/rJ0B/7frBxf9fy+7RnqKHsrr5H7jFK+mZlqyAWqLn
|
||||
Lxi1kW9tliiEZ5RgqLsYQk/nvvA/hr01rAI/todTvFHV7RIByNQVrp8zBbpmSUhyGaycc3q0
|
||||
aNStTXoy6dFS5WLAirq5o0W2zKRbWF6RAZLCwYAz8BAvKfbdDNAjTeXQ1X6kEYxEmsOJL3UQ
|
||||
UYLUHm8Ko8pPeaFLjMfRNZYVdQhpyLQbKxEDWwmzuAxODTHPa+bWmD2QRP6g/be8ff43L+zW
|
||||
Ti+1bglSk5xCncsGp5ydPfxYhAQiizIySbmVGV0u+hVPSB+vGJTelgw8p0PMeokCHAQQAQgA
|
||||
BgUCTGHuTwAKCRBwNzzxKQ25zl+FD/0TkiEx7eq83NaPbkxw4fQGgIfV+ZQHHZPHZxQmWQe5
|
||||
Nw+o6jBv4spK4iTQOgfcyZQ9vcNoxDyvFXTPxD1SA9VhJKY/pvZYgFk4chfIAwqsuLhL2B4x
|
||||
fL7XRU044MIy12YG24mQ6wq4Yp4CLX0J7XTkqF4o5gZ53W2lZ8IBhGee13vY658Ie7OmSwXd
|
||||
HZwLABOIck59PBOnDQmbIWHw2nO8esxPuCG7A1vJ9oX71PRYGe53310L/vqRWliGwgINI+Lc
|
||||
ghnn/GIxdBNAQzvn1vrBtLvZB50Ck5WxRZdRyAh29i8IQKVt43X3CeXatFqPke30n1hudgXN
|
||||
f5zu7aJAHA3TvIghig9L9uZtHUMIZzxSovTF75ACmxfqiCXxS2pxqzJacDpahog4rJ/AZbsG
|
||||
3787vyhM2zjCiSZIrA2GE53M4M3TQpV8gKAZy54Gdjy2S8FcOiFARFGXVu/l6j3vf2dDrTdI
|
||||
Hlr+Ta/f2eKfKhyCLT5ShZwem9O10mpDfP/Lznb4kPKygCjT24t/UdY21mvVKwAiXDtkeeSI
|
||||
LhXVj+I4ddyx4xf5mrH7khCxwDiYKr/sPmzFUg6gHHPsxIMoV/8+DA/VU+x/r2thuSH2rdKp
|
||||
IuPcN1fLI3R/Buy2Pv3KGHzzOHQyHv2UbfGK5ijKY/lF5Y3RWYynInUcjQLbx9g+V4kCHAQQ
|
||||
AQgABgUCTGH1OQAKCRB3MfzMY+Tid/cSD/0XD2h3/YcPxSfN1Wc+CRkbtw/14V3lgDOa83Q1
|
||||
Gr6GySQZMeZ9NeBIeC03fvlfmQl4EwFebqGR7jsuRRVZ03P9I9fKoPXJhlx/hpbavP8mkAAd
|
||||
Ye/ziA5xjzIi6j7GIpID9ULMvAW9nwPtL6p0ritjvkfx7EOJ1D30ID5Gn0BzyhgPUKiqLsR9
|
||||
zdP11Z4u85ja1cgkVXMl6IEMflMJ/qUonGX51sEGvAC9OfbshoASv9g1cohRJe0MAVG0arWj
|
||||
KkxekFXTaChVOSuzfavExtlW2eCHy2IH4LVRT2VlOiPA+dyRZuhjBMaRr9raeYnNtB+7SLWu
|
||||
XeRgMcAiwWdvKSJRIS1H1sVAlP02APy67wBeHEcMrURx0NzAZaw/7XeyPAt7+S00LJNp6qNQ
|
||||
fnecBTF5LZkfKGIentqjKKN0Ns20lyMuo5TGb2mZSdhlYRixsY/z95STNhsGe3SNzgdSpbG1
|
||||
2eB8j+uaoLj9Gjd4UF0uAhfS/xqDXF3MONZX+IjKbGnVx1MMwg/ECPjtfRu0nzm2o3jpYQgU
|
||||
XlnM/kAjGDcHgWsWyWdKVeMB+bXOwGPl6wDmcAkaj2GoUJP2B2bDnd6QHmtBQSD0jiRmqoXb
|
||||
ARisPDuTJ7VywYSND/zTkYfBpXh9YLikxYS+Vl+NtLuvILXsyOt9FV5pxNOoWKVbj3X03okC
|
||||
HAQQAQgABgUCTGdOLwAKCRCzRk+JaqFZSNlnEADIAMz9GZZwdKchx9VqWzsHKetF7ASrZuv0
|
||||
5DSzfPH9lxJQZskWDRnLLtTzpSkrMDqueu7bgKE5XIoRcPgIfKoBI/iJBZPQaoxN9aRyxrNa
|
||||
HM/F3AF2H0hc3fqUyi5+s58C5/El8Bc8oq1ePKGrOWFAFoNTYIvQJ3CNbXfw3tm56TGVKKws
|
||||
SMiH+9xk2fIBj1m8mSpAwZKo6CMjlVU3Mz3h7DNiEa0yCiESl3USCIBO1dmIRs08DNn+MZyE
|
||||
oeXSXM+eJtw+GpWGwDflnwOlKDlDj42y4K6pH6BubyfXe9ylb5DI19TV1X3wtvsqyhE+nPuT
|
||||
4V6j8Bli1YKm/KhwjkXw7KggkStS+6TMlT6EF9f7JiLbDjAqhCZ0eBvgCm/p0/TNL0lBwrf5
|
||||
90vD8QpXfnxAprdGR8O9ZEyviUqpw4JRnlRiH7TMBHVDiNCJ0eX53oyFd/TuDSTcvfyp3i2J
|
||||
GO38NQfoO0u880bpRbCiBsLcZfEAByaXp2hV/9oPEvBP+95GwbnMAR8PlmL8EDzygDElweDc
|
||||
F11FvcD6pgKQdXPubxeM6vJgcrFEozzW0mLZxXLUlv0n64YUMy/7JVoETPIEFJqAKwsMvaJy
|
||||
OHJH7ycbs2dTeWNT3KDigSM49VE8ERd7XzyncZUbRk3ZkhGgRAE0Fe1prHPDx86PClBV76hm
|
||||
hIkCHAQQAQgABgUCTGy/igAKCRDkT4AW02MPibaTD/442P0Qwf27NHs5RV+n/M2CKeG4sZmB
|
||||
epDU0XjnqjTZJYYcMtKvVJ3EPvB8qh3Y69d+pCy92pE9x+4TXj+59pSYxSaZFacW+3s1884K
|
||||
BQYe4256NjbVnxQEIStYtS4wRL1xjYBoNnPu1hq+vj+zArQ1pCWjCcM9Wzpl2tUPu7Lat7Os
|
||||
qB7HnDvgDB/HUbNgpni6EmfrWN3YlbGthnBXfGvAf3nyPwuM++GKs7a7R/6+it/dnPdke3Tb
|
||||
/aJKAC8YXlUSo4mEqpuBzz4Sk+5wBv+xS0h2GF4z+mnwsMY7ChqlyX1eLqfx+WWdO7V5CuPM
|
||||
sHMp0WxsCw4x8NPhzBzEPFlYSvYlS2z5M/RMie0g5JuXvs/ajDHZItZYJoVbeRAIVZ5q3ru4
|
||||
jR2tuSLQNo8qoqll+u7qA01zeEh3heov+FZXqoe8I1z7XOS6i7ZP745+zdbyRhi2beqEQ6XB
|
||||
7ub3jSSOUPM+x+LKxXC7bbhKLlAat5256wZnTTKRVNEUuoCFPtUR8FwzwRXl9AOl1Ekmqdfq
|
||||
M1F9TKYq3dPATHCxw/vV1QrCaIbqdJBAtf7ZLHH9B0sAZ8kudVPQeB+Ghr4KYaSPyX8Vstx6
|
||||
tl+qTyuVlkWd26OZo1mFUc9kPej7cjiXtf/XOp2mI73piU4bfTAOBHAopiNiKe25M/75bGso
|
||||
bAWSh4kCHAQQAQgABgUCTG8qxQAKCRB8Vqz+lHiX2Nc0EACkkjvmLuJz2Wp9Lq0fvdjBhGCp
|
||||
95dZFpvcBFJfX0rzifUEmbWRp9fiU9P2SJaCy392PL0gEhEi4P7Aos1rRfyXjGhxcy+TYSUA
|
||||
HaP/jQF59XED6t2ElW8+NnZNQ3NE1NnZ2ivcig09GdxvfV/Ivi3dAjYXslsd0um4pVCEEBlc
|
||||
lWw9lWRfm1V9/Zmz+/83CNuc6yVGmch9lckcq/1zxqcBE38WyP/cR6nvvuiC4NY9W6e3LobD
|
||||
eLkagJqFtsThM06Hy2mI3pDsC33nu0Za1tOV1ihJCUTxArZBDqUYWBN7C7hfx6/+IO+as+2Z
|
||||
hi8bav8mjY9j7chXREqnmJq5uTXGyI0LDuTABn+Sfr8861zPeev56GhS3/gBIsvhEik+Hym1
|
||||
1qnvlFhICo6Gq8qtXiJ9KQE+XI/bWZgFuflJdDLWT7V+DUw5+Rdqo3Qay0vHvsto+EMQLCiL
|
||||
8qLdw3eE5/lVOn9vHPccypGq5saMyS2hdS7yF8x+laj9xfIwMyp3CKTJ892K/NOh+dEhAo4J
|
||||
ZNw5tHCviE2KVRxDWNjjBOcrpONkp8o/OPe5bxCXVnV5F9oZqHCfWtXc+MTlI4dkk2dPRB3P
|
||||
JNUnKbSgX4x63th/m6oAB1JJ5DE1iT+fdDre4zBpSI3ILCxegWL4ve+hLHUWS/ubfkJtlO5z
|
||||
4w4wiLmfPokCHAQQAQgABgUCTG/44AAKCRCdC15bHuyPDso6EADTyj6fKEvSzHFo4caqYOVX
|
||||
d5kZir9ss0hzplt/csBDosMdW+wO+wxzt7jXXtfPlA0OGoFqCVEtxUGQG4qYHSbCKPd9PEHS
|
||||
ruWlcqNFAqRBi6k0phM8GeKbE0+B1u0qiyEvuG8IuP+1DlXla3yG4yEUWqprBMjl46OnTd7u
|
||||
ZKS24zOqnS4Hx9fId3s7bW1JwrVmodbx2rdHDyZKXqCpwXFJsVWe3cbh/h2lXYalDKzwbdcm
|
||||
rgDZUJp75YxlxerMiTG9Xc/4e+XOs30DKGy2cHAMitswtjXm7ZKZ8yL5pmbmDeP99XASwByB
|
||||
7Mm6KuvQSA+8ByLmkvu9XBrRq5WUG9Cx3m0Shxy7e74w5/u4LJkqrmr1wdw+gZIvWG3UuTWR
|
||||
kqJw6rEoiv8WTjJSWE5rTFVaN6YH2OuOFsTWNaUH1bc01HpEKivhk3ZiOOg2Bhxbt7i7oYJc
|
||||
Y+UHCbC3PwwktM3wEnANz9UMoIFxn/2OHdIWl09t50iaDErTmtgbfkENDdsXEcLA7qs+8vpr
|
||||
8qY+M7ycCuRat7Vu2dqopwpkhRpKtddoMNYZ5/51vFcSuz9BdCk+y+q06Ri494UPVFJsHTvn
|
||||
gjtEcxsJopZn4pddzk8g2z69BBWRv31c8xiV5X5QTf9zmRUFD06pux6dn1CUI4zoul5kW0ah
|
||||
LwQysmqgG40apYkCHAQQAQgABgUCVZLuEQAKCRDroMbHHAAlb97dEAC8oQamwtIj/SWT2PJS
|
||||
Kl3bdPdQaYI8+9ZL9xXLYyhOl8aduFVMlJ7rqkWSdwg/AGnp8nh/pQiaGsnRweqFoSte3poC
|
||||
QkNmRR3pgsZ1qqWMxqVrE37R51MSGRBEZq50diQ0sG63tzX7GSnsHXyxDjVfR4J0/ohZzyXn
|
||||
UubBB8X/C72E8CaxrFAzyrLY0zqJBMzub+b2zg5Ac0V+GK45Iz4duftmvnWf6d9aOvXsPqe9
|
||||
/BPbix8l8lCWUjfAPh0sSskI48mIi+jK6rm7+JmsF+9zIoVxlnnlFcmDxMGtapUl73BzpCKI
|
||||
tbplOogAKpA9/2pcSvf2JO26cjQm2gN7BHGfApB4qYFHb90fmSt7XUQEwxyCbsQyhS7Tb6bN
|
||||
wI8mTqajGoRZydB8WZVjRgsnnCHa9ecY3Hs1IrTMKM3gl7Kmm1tzbtAK+NMSH0mxPG3dmTbv
|
||||
NIkjOcgGTYo4r9Qt4Q6rV0zfm43dZs7AP6nECRYyMggEoHHBDh1PaPUjoUsJ4Q/b0R8yvNNC
|
||||
8defastUYtUkepBJ90FzlIJeMLf/1t/1cYX0or5wfp7DPAGxTx3+5EtyKC2Vk3JltR5QkLaj
|
||||
blZ2PIq8TTtdDprXJuOtucF33p3SwXRjA59DrxEofOf1B2cAcxvb42QgZ0ToJmfeTz9TfGDS
|
||||
adTRh+oqbbjogv0A8okCHAQQAQoABgUCTF22EQAKCRBdMo0IKqqxQBAND/sHFnas21+PsxN5
|
||||
Uo2Gr6ieI6NqP2347xT3ZAugQFDhobNJkdXexShpW/PAAxN8/JdndFtuF3nNCy6gSt9c+eLx
|
||||
uZ1srzyE9nZeXne59TDI4+ubXhuu/oXIfj0n2j7m53st6+RI5JJ3SuI9kJTOhIYA+7AHBpZp
|
||||
XUu+m8sS+Jhyy3h7tqJw4IrwwOfW9/WEwhp3Yb2zDoEBe2Na5whcjFRtCJkJub4YwL3L/D5G
|
||||
w31dFnTFQV9C8BNmyPfoHiTWRQovejmORLdNOzaHKy9a0c4fF6C92j4s9wR3KM/eaVJxM5bD
|
||||
NvP78usX8LQY5A6C/3+e7kRo1gzDoDhgYii3gDm5hItXXU0V6sTcFWWVSPGwrm+628G3VWmm
|
||||
1b57mxWn6+7Yzw01R/CyqEzovFG+M1BZrJn2JqJ8Y4pM7T0oRpi0/Ee9Dqiw4+v5I8wKCTag
|
||||
713ZLx2IdMQxIsMnmBq/819ZqjKkYpAbgteov/foku+Y8RvymE+afjxcE+aYQpYOyMPNRMRp
|
||||
Dq6CKkVErPNpI758Eav7UqUi5KyfMQ6tMh09F+mKBZvAVE7AGIbrQWhHlTCOYdSRA7uFtgSX
|
||||
TUQlMSsj/2xkorXaPoFqShOr1hiWIG78zduIGT5FxSG06j8h7j2h6W7nCj0rYaOzDNOBM9yt
|
||||
3il8eu9SeAgl2cEosRL/4IkCHAQQAQoABgUCTF5RxAAKCRA5FLUy9N++mdKJD/9Lclk6nEQu
|
||||
xlcgA/0ugEKmWn5JsNnq8ZUl78nZP6fKY0syx9v4bMA+ICQrokfwY4o6dMxcj2Us6JUp/FBV
|
||||
Z5lo2T2iPE+ucxobFslNdpZtzOQGOsOJ0N7qirafFXJ7ACtydbnCUaPfzkPYwwplHFqT+yQH
|
||||
k4RxBysHWw9a9YoBMl9KFjIwZ7Q8v0x4ywySwfRAKEzFp+ESP+hDwhlOqTBKFL1/P54lmbhG
|
||||
JHDCNbwxGLIjiAeCjomyoxpg5YdSZVyWttmsy1rxMV+ndERK5vELfZYqdlhL0quVPzd1L+g0
|
||||
m2iA4QdeGfqrCxex7olq1su60PFrMee2wFzH8YEYY70nCi6/JRTb/Vk0wNqgyNjKY434EzHn
|
||||
liuyhFvsTkQy+ciegx1lQixRxJfVnyz1BkHNDd37qL9lbzPwVqLhhh7jkjW8koPbExQGjVcH
|
||||
St2HCGDcAxyOJK9sG5a2GxPn1K/SzHXWwhVCSQN7sJSkpNmRNgjpJdOTnEtsfRC7keUEG853
|
||||
cKtWtqJw38/ye6RbXXHM9y4oiLkSWLneGH3sQFtbmdtjubLQNXE7rfuUHarwCnVHV5FaeAn9
|
||||
FNBoo9MCAZL1cuxe7CR/awAuH/JAkuZOanj2jFwvqeyfNgsB/LIlHIBTLPwVXDOZ3E7+KUMJ
|
||||
lQ45DOfhGPOSzv3QTL4gP6lcvIkCHAQQAQoABgUCTGWvlAAKCRAyJH+7QK0fpgPsD/9gJRwY
|
||||
37FXgq6tqiUO+q8H1m+VQ4y64cKNA/SMOGxV04h7o5tC3B9D/ZghAyfQ71Li88PIk8n7PAV0
|
||||
Wnbv+V/9kawa7C7Bfq4OJOGzMU0Y0JPd6LnupBtq+jtE9H1TLneCiBu05bjeLSQde438Or9w
|
||||
SV0sLwqKncwqRJY8iIjz9O44X+6+6p4CqdMYmsZV9nGM+cES6uytQ/sB/mh5PutZahslWurz
|
||||
ouec1uqTY4uuGNwOz+MJvYUNPyajcgtpH8JNQ0phlUvV+nAOJuiNXBHw8MbxNzTdLfsdtdpy
|
||||
zRH6NAMN3QHrtEGAQ8XgFnCtu6BEPpgOQIB1pMw9OiRMhkcu9uCNCY5p9NMhL1tEx92DkSyW
|
||||
lmFIF/h1Ohd4yaxnn9jwTVxxhdAxqK0rIORy+sHUSuc5LrtItNe+AnTvQeY7MRgZwJuCCohQ
|
||||
L3OLXULZajB98g6cZQJmNmtdUeqMY/QymIOH8IoY3SCOws4h4QZSSVxNczo2Ag5R5QKSpBA6
|
||||
jjsFo/VHUX0wB/KbJTb1Hl2vtID20kR7MfzACFTI9AEbwvG6CX7oWsnciom7bHEiyHWR4Olp
|
||||
tlpQk2RQ4T3RG8r9kDgJuX6KmDH6uI9CdYTuBxQgIfpEm+tfSki3LVfnOKgkRDqAJciBv+ua
|
||||
qeW7KSjNDpBC4u8pn9tyX8RhpYUP7IkCHAQQAQoABgUCTGwP9AAKCRB4U9pNSYga09OUD/9X
|
||||
xTiFFzcuev5k8MtYx7+T30Z549gFnOx6GdFgCK7GzW7ZjnofKt8e0NIQmzzCf0g1vxdulqeZ
|
||||
7Oh8iFrxpPZyOKJoO2BDKS9VnYEANQf+quUJPTdyhGqdMSDQGbSEqjLF3oNp/+jdIIMjuo3Q
|
||||
nShdK/BJPcluN7AoOFLQ3QH4Q5fEbtwc+bEJL9TfFqAhUhcY3TYnqWtsMRW3tkrgCvcp0Bo7
|
||||
LMSJB6jH4Dx5q60Am4V1Zz7C9wxtZeZP+P0h0YYWCbOmQWhzT2aCRYDrp1o3SsuatHm/bPkv
|
||||
rliBzslW8i5Hh3gv5Atn/P5bhMaXtJiGepkat/MGw1hP8BYaSb/mmy9XbdMlfDijcsAF2+w6
|
||||
w1b782oCGXgz2ISqPLsFYWccS4GOAwSytep22iwsWpIx2JNNndg4GVfgBxx3QIhci7EVN5Pv
|
||||
/586PwxTetIZmQ+FNNHcAzqBzi3oe6J8o7HlMEHjG6Dps/D2clTNHtD0vSk5ECfhSC3W8OAD
|
||||
VSuB8NxZVfI2UfnyCsdjyDLUu06fMR4gNW+zlSHI1FJBSVuU8CCQOtMPJ5fHPq3hEc0DFyLx
|
||||
8fPE02n8It0wm5RrdUkgOjiVK2n251SyAwSM6zATCFOIt6zdZWx6T/HrJw5wzI+wgsZHibVt
|
||||
i0vOA0GsAXzobE5yyhhWTnhqJgW2vKNHjYkCIgQQAQoADAUCTGLdPgWDCWYBgAAKCRDM0u2U
|
||||
0hc56aYKD/4gPLkcER4nlKdsMN5x4MuUjBbv/+Hab1+hSDxEiA0Ya2Lt3J64y03fz7J1RzIB
|
||||
djH2QGhdvuZtEohiad44DUdLNGJ98q7PPll2KPeuuth+bDa3P4h8ynVbCJRSmIkSVCRG90eE
|
||||
AibHWOgTNOmn48Rwq5zMEgwNvmgsX7ZRm7Mwggt24LIK93iBMqH7WqS1CujF+WqQygpk671e
|
||||
GUIWSUc/iBmaHZ/yoElL5cSBSPHm+ePyQsPSN7ooaWfodXXTADpQN4d5Tl1WzwZT8G5cRVLP
|
||||
4CZ4sqbzJ9EKWFMlohcf3ibT4r8H5ij8btgq0TvNcoMvCbO2P94KChQWxQSwJRftJ9/GPPo1
|
||||
7zK7pXGK1QMZNMYhvbYSdcbxG/AsmC4qJb4NVdrrxBiEye41+M+nQiT7g2GbbJ9gBCv8k7lH
|
||||
iw3B+KfNoAkQ2v2CaVMrguQuzxCs8Zpl7iKuFG+d3SGqnn8rRrRPE5AOlSk6bOr22jLyGsns
|
||||
URt6Mvh5QyVrk0G/6YW/5IMIVNuS/i12m6ireKvpPBkUIkNlS938vNqZ4LnsZ/+gBlZqmY8H
|
||||
sZEt6Wfq7efDBw8z1FLRW58xOqCY0vh4tteFJkcY1LgzK5GUddIHfYcO/Y6p/3/Vq1/ao4VJ
|
||||
Jq+HSIsqrdW1nF3EDSbwyy96uAdxuhfZLxSgRugCKyyOk4kCNwQTAQgAIQIbAwIeAQIXgAUC
|
||||
Sgdo4AULCQgHAwUVCgkICwUWAgMBAAAKCRBEl1J4uGErXaQAD/9wcX8JM24NI9mCjnHOGOuV
|
||||
eo/1Z9sefzYvhlbbTWvJsEdt5eaL0FRl+kErHtwNyEqvOTAmt860GrpekjkFYQObCsmDOiEy
|
||||
i+vJBScub9YK6TJSOQJ7f7zyIwzHgvilktujiS+/YDqd1IEyxD3QxQ9PTdjcQX/Z7enfBeei
|
||||
sBFfgRwbH32p5EtdwovrmBYtgyXUqp+lSg9kG3vvdj0bt/Fkq7Es1eEW8Sp9QqaBpo2fuzNS
|
||||
rojYfZu68coreRIV/nhuA7/ehjiVXlvzi3su+0ybJwGZXLXaM7kxXoYm5i8NDxp4p+7laXe2
|
||||
J6HUuIQM5ea4NuPu9BKIpKGxqNXQE+n4tmX3lp6QwXuZShwOXjSFsKxXvipKI4sAkxPfrPFa
|
||||
xzz/EDqUf9lzCBZ5nl6+OLv+GyTz6Meq1NGIX1N7u6XBPtdCujVbKzXd5PbEk0Y00skLFcQ4
|
||||
9FwAwDFw1XIPljQ6WttsQlV6k0yoVJZc6HHovnV1zGDviSyUdegDX9uKBmgGG8ApliPLvZ6r
|
||||
haU4yHykFHBMPfwBNBwrmthTShdPS7xh4bz5xYlay9wm2CzIVB6muK8PIyTrRfouuFivJuYA
|
||||
zoEcPBbubalC3OCocLl2xv+Qb5G7cz2hTDx9JZXUD18IeG2A2mcLeGp1zTc1qz/7h9qa0TLe
|
||||
fWpC75exhIgXVrkCDQRKB2tdARAAqsQbw2Qd1WfbJr9U1KRdwTKm2OsDODftgNv0zmfaiYCN
|
||||
iOKEsrsJdtonmaisMi+Z+5/wrf3Q0bV54qmwOMTlCVvqnpxwbVik8VVGWgUcLJYYK5Lkn0dz
|
||||
rtZs6AaT/sbFewir8q6m3ADbq9hTXxt9uUfe5Z/D4sdbhgbWtQa/DeJwWZr6VeyCHcY8BhR0
|
||||
FXYmYDZ0c1rmbZZBt+vIF4UNTNU4x6me9va6QPW0nWTEjae9ExGSPwm1B4hQd63Nop6E2Vqu
|
||||
ahdJqKVRYYmD/IqVXOxAhFRA/w9vqF95aV2BB/ZrF0FTA8iCEbFy3oNrZfq8KlJRCtcUH2qf
|
||||
igMndOt8P65omM1DQhlvterVgm2PCb1GmwLEbMi+HtLntziFozYGLTlAMcUJt7Pyu/iinzx6
|
||||
Sc4U108dmNTJLxqSZtvJFaRyHml9x7oP2gWjpuyVgo1KuEXKq2Z96S+sxE/YtPyB/cBpazZ+
|
||||
+o/i7PLhxKa1RTIA8NgkDelWeNalvYzjNkB+tXeH0UnxtBTC+PW8dyUP8OmmM/2V1Dzcj9Tm
|
||||
Ky/G04TFQyL1NjvFjzXyIUO5WpdEbSs04h5J3KM6YZJlicqB2aKAUslOi9wUIpKRK+UZBTSj
|
||||
886jynsu+HA1Ob6tcTSlwtj95RV7nBTiTM6MpPuxTmZ2DR/vLE6c7yE+XgrOx9EAEQEAAYkC
|
||||
HwQYAQgACQUCSgdrXQIbDAAKCRBEl1J4uGErXVFeD/9Q2vtN0FeOiveLwN4KAFbMLZP97bT/
|
||||
sRJkQQUZoawfbINwzGDuFrZSsWipoBLam6BnMH6OfHkUOrCToZROHYagW/nv/WTjBTX8lJt8
|
||||
SFhHh4ONPBaxF90z/YrpWlNcs/z/rqu+sm1KgCA9mkheENGOj3t97udZNfA1N4NZu67Lo6HZ
|
||||
yUUCK+eJtX6BS2HgMGokHuGha/LokTor1lkl52Y3CVfds9YDrJmlSQVhxI/S6/IajLwKFyHd
|
||||
pMiK/o8q3mYuZ7JKCBOooNnRpa4myUrBetf1p6xZqbhEAALMFJc7/8NXxesqvG7RQJ7VWyYO
|
||||
5BhgzPutqTUOVZskc3r4cvaB7CT1CsKPdW+af/I8q/C7dhTWWthirPN4DCdcTIlK9ECpba+m
|
||||
S7MQG/3ta7+/3lT3yyMKlhLkAaUlUNa/VbzUHOlVA1txJk6jcuEzWIzebEtoT/aYJZwNE+jL
|
||||
CFOC75HTGlxp7/8ngHCXn1rcBS9TQJ7CGX31HhbmNak0LtzhAS4B+fWQLrFfShTREcYD+31z
|
||||
yLns4jIKY8dehPner0Y8RX31/0eQOknRwRSl6uceu/6liJT23KHYzT3FPGHuK2QH6AHnORGS
|
||||
g6FmBsbXSzosQOKWE3sO0dzjPIE6DRKwZIJmqQKvHqeAvPsC0U7JBWlKl0eMoIuDjp9qFDKz
|
||||
BWcdiQ==
|
||||
=iUyJ
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
Binary file not shown.
|
|
@ -1,17 +1,23 @@
|
|||
galaxy_info:
|
||||
author: Evolix
|
||||
company: Evolix
|
||||
description: Add repositories to APT sources list.
|
||||
|
||||
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
|
||||
|
||||
license: GPLv2
|
||||
|
||||
min_ansible_version: 2.2
|
||||
min_ansible_version: "2.2"
|
||||
|
||||
platforms:
|
||||
- name: Debian
|
||||
versions:
|
||||
- jessie
|
||||
- name: Debian
|
||||
versions:
|
||||
- jessie
|
||||
- stretch
|
||||
- buster
|
||||
|
||||
galaxy_tags: []
|
||||
# Be sure to remove the '[]' above if you add dependencies
|
||||
# to this list.
|
||||
|
||||
dependencies: []
|
||||
# List your role dependencies here, one per line.
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
regexp: "backports"
|
||||
state: absent
|
||||
tags:
|
||||
- apt
|
||||
- apt
|
||||
|
||||
- name: Backports sources list is installed
|
||||
template:
|
||||
|
|
@ -15,7 +15,7 @@
|
|||
mode: "0640"
|
||||
register: apt_backports_list
|
||||
tags:
|
||||
- apt
|
||||
- apt
|
||||
|
||||
- name: Backports configuration
|
||||
copy:
|
||||
|
|
@ -25,7 +25,7 @@
|
|||
mode: "0640"
|
||||
register: apt_backports_config
|
||||
tags:
|
||||
- apt
|
||||
- apt
|
||||
|
||||
- name: Archived backport are accepted (jessie)
|
||||
lineinfile:
|
||||
|
|
@ -34,10 +34,12 @@
|
|||
create: yes
|
||||
state: present
|
||||
when: ansible_distribution_release == "jessie"
|
||||
tags:
|
||||
- apt
|
||||
|
||||
- name: Apt update
|
||||
apt:
|
||||
update_cache: yes
|
||||
when: apt_backports_list | changed or apt_backports_config | changed
|
||||
when: apt_backports_list is changed or apt_backports_config is changed
|
||||
tags:
|
||||
- apt
|
||||
- apt
|
||||
|
|
|
|||
|
|
@ -8,21 +8,26 @@
|
|||
force: yes
|
||||
register: apt_basic_list
|
||||
tags:
|
||||
- apt
|
||||
- apt
|
||||
|
||||
- name: Clean GANDI sources.list.d/debian-security.list
|
||||
file:
|
||||
path: '{{ item }}'
|
||||
state: absent
|
||||
with_items:
|
||||
- /etc/apt/sources.list.d/debian-security.list
|
||||
- /etc/apt/sources.list.d/debian-stretch.list
|
||||
- /etc/apt/sources.list.d/debian-update.list
|
||||
when: apt_clean_gandi_sourceslist
|
||||
loop:
|
||||
- /etc/apt/sources.list.d/debian-security.list
|
||||
- /etc/apt/sources.list.d/debian-jessie.list
|
||||
- /etc/apt/sources.list.d/debian-stretch.list
|
||||
- /etc/apt/sources.list.d/debian-buster.list
|
||||
- /etc/apt/sources.list.d/debian-bullseye.list
|
||||
- /etc/apt/sources.list.d/debian-update.list
|
||||
when: apt_clean_gandi_sourceslist | bool
|
||||
tags:
|
||||
- apt
|
||||
|
||||
- name: Apt update
|
||||
apt:
|
||||
update_cache: yes
|
||||
when: apt_basic_list | changed
|
||||
when: apt_basic_list is changed
|
||||
tags:
|
||||
- apt
|
||||
- apt
|
||||
|
|
|
|||
|
|
@ -8,10 +8,13 @@
|
|||
create: yes
|
||||
state: present
|
||||
mode: "0640"
|
||||
with_items:
|
||||
- { line: "APT::Install-Recommends \"false\";", regexp: 'APT::Install-Recommends' }
|
||||
- { line: "APT::Install-Suggests \"false\";", regexp: 'APT::Install-Suggests' }
|
||||
when: apt_evolinux_config
|
||||
loop:
|
||||
- { line: "APT::Install-Recommends \"false\";", regexp: 'APT::Install-Recommends' }
|
||||
- { line: "APT::Install-Suggests \"false\";", regexp: 'APT::Install-Suggests' }
|
||||
- { line: "APT::Periodic::Enable \"0\";", regexp: 'APT::Periodic::Enable' }
|
||||
when: apt_evolinux_config | bool
|
||||
tags:
|
||||
- apt
|
||||
|
||||
- name: DPkg invoke hooks
|
||||
lineinfile:
|
||||
|
|
@ -20,25 +23,19 @@
|
|||
create: yes
|
||||
state: present
|
||||
mode: "0640"
|
||||
with_items:
|
||||
- "DPkg::Pre-Invoke { \"df /tmp | grep -q /tmp && mount -oremount,exec /tmp || true\"; };"
|
||||
- "DPkg::Pre-Invoke { \"df /usr | grep -q /usr && mount -oremount,rw /usr || true\"; };"
|
||||
- "DPkg::Post-Invoke { \"df /tmp | grep -q /tmp && mount -oremount /tmp || true\"; };"
|
||||
- "DPkg::Post-Invoke { \"df /usr | grep -q /usr && mount -oremount /usr || true\"; };"
|
||||
when: apt_hooks
|
||||
loop:
|
||||
- "DPkg::Pre-Invoke { \"df /tmp | grep -q /tmp && mount -oremount,exec /tmp || true\"; };"
|
||||
- "DPkg::Pre-Invoke { \"df /usr | grep -q /usr && mount -oremount,rw /usr || true\"; };"
|
||||
- "DPkg::Post-Invoke { \"df /tmp | grep -q /tmp && mount -oremount /tmp || true\"; };"
|
||||
- "DPkg::Post-Invoke { \"df /usr | grep -q /usr && mount -oremount /usr || true\"; };"
|
||||
when: apt_hooks | bool
|
||||
tags:
|
||||
- apt
|
||||
|
||||
- name: Remove Aptitude
|
||||
apt:
|
||||
name: aptitude
|
||||
state: absent
|
||||
when: apt_remove_aptitude
|
||||
|
||||
- name: Updating APT cache
|
||||
apt:
|
||||
update_cache: yes
|
||||
changed_when: False
|
||||
|
||||
- name: Upgrading system
|
||||
apt:
|
||||
upgrade: dist
|
||||
when: apt_upgrade
|
||||
when: apt_remove_aptitude | bool
|
||||
tags:
|
||||
- apt
|
||||
|
|
|
|||
|
|
@ -1,17 +1,31 @@
|
|||
---
|
||||
|
||||
# - name: Fail if distribution is not supported
|
||||
# fail:
|
||||
# msg: "Error: Evolix public repository is not compatble with 'Debian Stretch' yet."
|
||||
# when: ansible_distribution_release == "stretch"
|
||||
# tags:
|
||||
# - apt
|
||||
- name: Look for legacy apt keyring
|
||||
stat:
|
||||
path: /etc/apt/trusted.gpg
|
||||
register: _trusted_gpg_keyring
|
||||
tags:
|
||||
- apt
|
||||
|
||||
- name: Evolix embedded GPG key is absent
|
||||
apt_key:
|
||||
id: "B8612B5D"
|
||||
keyring: /etc/apt/trusted.gpg
|
||||
state: absent
|
||||
when: _trusted_gpg_keyring.stat.exists
|
||||
tags:
|
||||
- apt
|
||||
|
||||
- name: Add Evolix GPG key
|
||||
apt_key:
|
||||
#url: http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x44975278B8612B5D
|
||||
data: "{{ lookup('file', 'reg.gpg') }}"
|
||||
copy:
|
||||
src: reg.asc
|
||||
dest: /etc/apt/trusted.gpg.d/reg.asc
|
||||
force: yes
|
||||
mode: "0644"
|
||||
owner: root
|
||||
group: root
|
||||
tags:
|
||||
- apt
|
||||
|
||||
- name: Evolix public list is installed
|
||||
template:
|
||||
|
|
@ -21,11 +35,11 @@
|
|||
mode: "0640"
|
||||
register: apt_evolix_public
|
||||
tags:
|
||||
- apt
|
||||
- apt
|
||||
|
||||
- name: Apt update
|
||||
apt:
|
||||
update_cache: yes
|
||||
when: apt_evolix_public | changed
|
||||
when: apt_evolix_public is changed
|
||||
tags:
|
||||
- apt
|
||||
- apt
|
||||
|
|
|
|||
|
|
@ -1,10 +1,26 @@
|
|||
---
|
||||
|
||||
- name: "hold packages (apt)"
|
||||
shell: "(apt-mark showhold | grep --quiet {{ item }}) || apt-mark hold {{ item }}"
|
||||
shell: "set -o pipefail && (dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) || apt-mark hold {{ item }})"
|
||||
args:
|
||||
executable: /bin/bash
|
||||
check_mode: no
|
||||
register: apt_mark
|
||||
changed_when: "'{{ item }} set on hold.' in apt_mark.stdout"
|
||||
with_items: "{{ apt_hold_packages }}"
|
||||
changed_when: "item + ' set on hold.' in apt_mark.stdout"
|
||||
failed_when:
|
||||
- apt_mark.rc != 0
|
||||
- apt_mark.stdout | length > 0
|
||||
loop: "{{ apt_hold_packages }}"
|
||||
tags:
|
||||
- apt
|
||||
|
||||
- name: "/etc/evolinux is present"
|
||||
file:
|
||||
dest: /etc/evolinux
|
||||
mode: "0700"
|
||||
state: directory
|
||||
tags:
|
||||
- apt
|
||||
|
||||
- name: "hold packages (config)"
|
||||
lineinfile:
|
||||
|
|
@ -12,13 +28,21 @@
|
|||
line: "{{ item }}"
|
||||
create: True
|
||||
state: present
|
||||
with_items: "{{ apt_hold_packages }}"
|
||||
loop: "{{ apt_hold_packages }}"
|
||||
tags:
|
||||
- apt
|
||||
|
||||
- name: "unhold packages (apt)"
|
||||
shell: "(apt-mark showhold | grep --quiet {{ item }}) && apt-mark unhold {{ item }}"
|
||||
shell: "set -o pipefail && (dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) && apt-mark unhold {{ item }})"
|
||||
args:
|
||||
executable: /bin/bash
|
||||
check_mode: no
|
||||
register: apt_mark
|
||||
changed_when: "'Canceled hold on {{ item }}.' in apt_mark.stdout"
|
||||
with_items: "{{ apt_unhold_packages }}"
|
||||
changed_when: "'Canceled hold on' + item in apt_mark.stdout"
|
||||
failed_when: apt_mark.rc != 0 and not apt_mark.stdout = ''
|
||||
loop: "{{ apt_unhold_packages }}"
|
||||
tags:
|
||||
- apt
|
||||
|
||||
- name: "unhold packages (config)"
|
||||
lineinfile:
|
||||
|
|
@ -26,7 +50,19 @@
|
|||
line: "{{ item }}"
|
||||
create: True
|
||||
state: absent
|
||||
with_items: "{{ apt_unhold_packages }}"
|
||||
loop: "{{ apt_unhold_packages }}"
|
||||
tags:
|
||||
- apt
|
||||
|
||||
- name: /usr/share/scripts exists
|
||||
file:
|
||||
dest: /usr/share/scripts
|
||||
mode: "0700"
|
||||
owner: root
|
||||
group: root
|
||||
state: directory
|
||||
tags:
|
||||
- apt
|
||||
|
||||
- name: Check scripts is installed
|
||||
copy:
|
||||
|
|
@ -34,6 +70,17 @@
|
|||
dest: /usr/share/scripts/check_held_packages.sh
|
||||
force: yes
|
||||
mode: "0755"
|
||||
tags:
|
||||
- apt
|
||||
|
||||
- name: Check if Cron is installed
|
||||
shell: "dpkg --list 'cron' 2>/dev/null | grep -q -E '^(i|h)i'"
|
||||
register: is_cron
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
check_mode: no
|
||||
tags:
|
||||
- apt
|
||||
|
||||
- name: Check for held packages (script)
|
||||
cron:
|
||||
|
|
@ -47,3 +94,6 @@
|
|||
day: "{{ apt_check_hold_cron_day }}"
|
||||
month: "{{ apt_check_hold_cron_month }}"
|
||||
state: "present"
|
||||
when: is_cron.rc == 0
|
||||
tags:
|
||||
- apt
|
||||
|
|
|
|||
|
|
@ -4,36 +4,50 @@
|
|||
fail:
|
||||
msg: only compatible with Debian >= 8
|
||||
when:
|
||||
- ansible_distribution != "Debian" or ansible_distribution_major_version | version_compare('8', '<')
|
||||
- ansible_distribution != "Debian" or ansible_distribution_major_version is version('8', '<')
|
||||
tags:
|
||||
- apt
|
||||
- apt
|
||||
|
||||
- name: Custom configuration
|
||||
include: config.yml
|
||||
when: apt_config
|
||||
when: apt_config | bool
|
||||
tags:
|
||||
- apt
|
||||
- apt
|
||||
|
||||
- name: Install basics repositories
|
||||
include: basics.yml
|
||||
when: apt_install_basics
|
||||
when: apt_install_basics | bool
|
||||
tags:
|
||||
- apt
|
||||
- apt
|
||||
|
||||
- name: Install APT Backports repository
|
||||
include: backports.yml
|
||||
when: apt_install_backports
|
||||
when: apt_install_backports | bool
|
||||
tags:
|
||||
- apt
|
||||
- apt
|
||||
|
||||
- name: Install Evolix Public APT repository
|
||||
include: evolix_public.yml
|
||||
when: apt_install_evolix_public
|
||||
when: apt_install_evolix_public | bool
|
||||
tags:
|
||||
- apt
|
||||
- apt
|
||||
|
||||
- name: Install check for packages marked hold
|
||||
include: hold_packages.yml
|
||||
when: apt_install_hold_packages
|
||||
when: apt_install_hold_packages | bool
|
||||
tags:
|
||||
- apt
|
||||
- apt
|
||||
|
||||
- name: Updating APT cache
|
||||
apt:
|
||||
update_cache: yes
|
||||
changed_when: False
|
||||
tags:
|
||||
- apt
|
||||
|
||||
- name: Upgrading system
|
||||
apt:
|
||||
upgrade: dist
|
||||
when: apt_upgrade | bool
|
||||
tags:
|
||||
- apt
|
||||
3
apt/templates/bullseye_backports.list.j2
Normal file
3
apt/templates/bullseye_backports.list.j2
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
deb http://mirror.evolix.org/debian bullseye-backports {{ apt_backports_components | mandatory }}
|
||||
5
apt/templates/bullseye_basics.list.j2
Normal file
5
apt/templates/bullseye_basics.list.j2
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
deb http://mirror.evolix.org/debian bullseye {{ apt_basics_components | mandatory }}
|
||||
deb http://mirror.evolix.org/debian/ bullseye-updates {{ apt_basics_components | mandatory }}
|
||||
deb https://deb.debian.org/debian-security bullseye-security {{ apt_basics_components | mandatory }}
|
||||
3
apt/templates/buster_backports.list.j2
Normal file
3
apt/templates/buster_backports.list.j2
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
deb http://mirror.evolix.org/debian buster-backports {{ apt_backports_components | mandatory }}
|
||||
5
apt/templates/buster_basics.list.j2
Normal file
5
apt/templates/buster_basics.list.j2
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
deb http://mirror.evolix.org/debian buster {{ apt_basics_components | mandatory }}
|
||||
deb http://mirror.evolix.org/debian/ buster-updates {{ apt_basics_components | mandatory }}
|
||||
deb http://security.debian.org/debian-security buster/updates {{ apt_basics_components | mandatory }}
|
||||
|
|
@ -2,8 +2,10 @@
|
|||
bind_recursive_server: False
|
||||
bind_authoritative_server: True
|
||||
bind_chroot_set: True
|
||||
bind_chroot_path: /var/chroot-bind
|
||||
# Until chroot-bind.sh is migrated to ansible, we hardcode the chroot paths.
|
||||
#bind_chroot_path: /var/chroot-bind
|
||||
bind_systemd_service_path: /etc/systemd/system/bind9.service
|
||||
bind_statistics_file: /var/run/named.stats
|
||||
bind_log_file: /var/log/bind.log
|
||||
bind_query_file: /var/log/bind_queries.log
|
||||
bind_cache_dir: /var/cache/bind
|
||||
|
|
|
|||
|
|
@ -2,6 +2,11 @@
|
|||
- name: reload systemd
|
||||
command: systemctl daemon-reload
|
||||
|
||||
- name: restart apparmor
|
||||
service:
|
||||
name: apparmor
|
||||
state: restarted
|
||||
|
||||
- name: restart bind
|
||||
service:
|
||||
name: bind9
|
||||
|
|
|
|||
|
|
@ -1,17 +1,23 @@
|
|||
galaxy_info:
|
||||
author: Evolix
|
||||
company: Evolix
|
||||
description: Installation and basic configuration of bind9.
|
||||
|
||||
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
|
||||
|
||||
license: GPLv2
|
||||
|
||||
min_ansible_version: 2.2
|
||||
min_ansible_version: "2.2"
|
||||
|
||||
platforms:
|
||||
- name: Debian
|
||||
versions:
|
||||
- jessie
|
||||
- name: Debian
|
||||
versions:
|
||||
- jessie
|
||||
- stretch
|
||||
- buster
|
||||
|
||||
galaxy_tags: []
|
||||
# Be sure to remove the '[]' above if you add dependencies
|
||||
# to this list.
|
||||
|
||||
dependencies: []
|
||||
# List your role dependencies here, one per line.
|
||||
|
|
|
|||
|
|
@ -1,10 +1,29 @@
|
|||
# Until chroot-bind.sh is migrated to ansible, we hardcode the chroot paths.
|
||||
- name: set chroot variables
|
||||
set_fact:
|
||||
bind_log_file: /var/log/bind.log
|
||||
bind_query_file: /var/log/bind_queries.log
|
||||
bind_cache_dir: /var/cache/bind
|
||||
bind_statistics_file: /var/run/named.stats
|
||||
bind_chroot_path: /var/chroot-bind
|
||||
when: bind_chroot_set | bool
|
||||
|
||||
- name: configure apparmor
|
||||
template:
|
||||
src: apparmor.usr.sbin.named.j2
|
||||
dest: /etc/apparmor.d/usr.sbin.named
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
force: yes
|
||||
notify: restart apparmor
|
||||
|
||||
- name: package are installed
|
||||
apt:
|
||||
name: '{{ item }}'
|
||||
name:
|
||||
- bind9
|
||||
- dnstop
|
||||
state: present
|
||||
with_items:
|
||||
- bind9
|
||||
- dnstop
|
||||
|
||||
- name: Set bind configuration for recursive server
|
||||
template:
|
||||
|
|
@ -15,7 +34,7 @@
|
|||
mode: "0644"
|
||||
force: yes
|
||||
notify: restart bind
|
||||
when: bind_recursive_server
|
||||
when: bind_recursive_server | bool
|
||||
|
||||
- name: enable zones.rfc1918 for recursive server
|
||||
lineinfile:
|
||||
|
|
@ -23,7 +42,7 @@
|
|||
line: 'include "/etc/bind/zones.rfc1918";'
|
||||
regexp: "zones.rfc1918"
|
||||
notify: restart bind
|
||||
when: bind_recursive_server
|
||||
when: bind_recursive_server | bool
|
||||
|
||||
- name: Set bind configuration for authoritative server
|
||||
template:
|
||||
|
|
@ -34,7 +53,7 @@
|
|||
mode: "0644"
|
||||
force: yes
|
||||
notify: restart bind
|
||||
when: bind_authoritative_server
|
||||
when: bind_authoritative_server | bool
|
||||
|
||||
- name: Create systemd service
|
||||
template:
|
||||
|
|
@ -49,23 +68,23 @@
|
|||
- restart bind
|
||||
when: ansible_distribution_release == "jessie"
|
||||
|
||||
- name: touch /var/log/bind.log if non chroot
|
||||
- name: "touch {{ bind_log_file }} if non chroot"
|
||||
file:
|
||||
path: /var/log/bind.log
|
||||
path: "{{ bind_log_file }}"
|
||||
owner: bind
|
||||
group: adm
|
||||
mode: "0640"
|
||||
state: touch
|
||||
when: bind_chroot_set == False
|
||||
when: not (bind_chroot_set | bool)
|
||||
|
||||
- name: touch /var/log/bind_queries.log if non chroot
|
||||
- name: "touch {{ bind_query_file }} if non chroot"
|
||||
file:
|
||||
path: /var/log/bind_queries.log
|
||||
path: "{{ bind_query_file }}"
|
||||
owner: bind
|
||||
group: adm
|
||||
mode: "0640"
|
||||
state: touch
|
||||
when: bind_authoritative_server and bind_chroot_set == False
|
||||
when: not (bind_chroot_set | bool)
|
||||
|
||||
- name: send chroot-bind.sh in /root
|
||||
copy:
|
||||
|
|
@ -75,17 +94,19 @@
|
|||
owner: root
|
||||
force: yes
|
||||
backup: yes
|
||||
when: bind_chroot_set
|
||||
when: bind_chroot_set | bool
|
||||
|
||||
- name: exec chroot-bind.sh
|
||||
command: "/root/chroot-bind.sh"
|
||||
register: chrootbind_run
|
||||
changed_when: False
|
||||
when: bind_chroot_set
|
||||
when: bind_chroot_set | bool
|
||||
|
||||
- debug:
|
||||
var: chrootbind_run.stdout_lines
|
||||
when: bind_chroot_set and chrootbind_run.stdout != ""
|
||||
when:
|
||||
- bind_chroot_set | bool
|
||||
- chrootbind_run.stdout | length > 0
|
||||
|
||||
- name: Modify OPTIONS in /etc/default/bind9 for chroot
|
||||
replace:
|
||||
|
|
@ -93,26 +114,16 @@
|
|||
regexp: '^OPTIONS=.*'
|
||||
replace: 'OPTIONS="-u bind -t {{ bind_chroot_path }}"'
|
||||
notify: restart bind
|
||||
when: bind_chroot_set
|
||||
when: bind_chroot_set | bool
|
||||
|
||||
- name: logrotate for non chroot bind
|
||||
- name: logrotate for bind
|
||||
template:
|
||||
src: logrotate_bind
|
||||
dest: /etc/logrotate.d/bind
|
||||
src: logrotate_bind.j2
|
||||
dest: /etc/logrotate.d/bind9
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
force: yes
|
||||
notify: restart bind
|
||||
when: bind_chroot_set == False
|
||||
|
||||
- name: logrotate for chroot bind
|
||||
template:
|
||||
src: logrotate_bind_chroot.j2
|
||||
dest: /etc/logrotate.d/bind
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
force: yes
|
||||
notify: restart bind
|
||||
when: bind_chroot_set
|
||||
- include: munin.yml
|
||||
|
|
|
|||
|
|
@ -8,18 +8,35 @@
|
|||
tags:
|
||||
- bind
|
||||
- munin
|
||||
when: bind_authoritative_server
|
||||
|
||||
- name: Enable munin plugins
|
||||
- name: Enable munin plugins for authoritative server
|
||||
file:
|
||||
src: "/usr/share/munin/plugins/{{ item }}"
|
||||
dest: "/etc/munin/plugins/{{ item }}"
|
||||
state: link
|
||||
with_items:
|
||||
loop:
|
||||
- bind9
|
||||
- bind9_rndc
|
||||
notify: restart munin-node
|
||||
when: bind_authoritative_server and munin_node_plugins_config.stat.exists
|
||||
when:
|
||||
- bind_authoritative_server
|
||||
- munin_node_plugins_config.stat.exists
|
||||
tags:
|
||||
- bind
|
||||
- munin
|
||||
|
||||
- name: Enable munin plugins for recursive server
|
||||
file:
|
||||
src: "/usr/share/munin/plugins/{{ item }}"
|
||||
dest: "/etc/munin/plugins/{{ item }}"
|
||||
state: link
|
||||
loop:
|
||||
- bind9
|
||||
- bind9_rndc
|
||||
notify: restart munin-node
|
||||
when:
|
||||
- bind_recursive_server
|
||||
- munin_node_plugins_config.stat.exists
|
||||
tags:
|
||||
- bind
|
||||
- munin
|
||||
|
|
@ -33,7 +50,7 @@
|
|||
mode: "0644"
|
||||
force: yes
|
||||
notify: restart munin-node
|
||||
when: bind_authoritative_server and munin_node_plugins_config.stat.exists
|
||||
when: munin_node_plugins_config.stat.exists
|
||||
tags:
|
||||
- bind
|
||||
- munin
|
||||
|
|
|
|||
95
bind/templates/apparmor.usr.sbin.named.j2
Normal file
95
bind/templates/apparmor.usr.sbin.named.j2
Normal file
|
|
@ -0,0 +1,95 @@
|
|||
# vim:syntax=apparmor
|
||||
# Last Modified: Tue Mar 9 14:17:50 EST 2021
|
||||
#include <tunables/global>
|
||||
|
||||
/usr/sbin/named flags=(attach_disconnected) {
|
||||
#include <abstractions/base>
|
||||
#include <abstractions/nameservice>
|
||||
|
||||
capability net_bind_service,
|
||||
capability setgid,
|
||||
capability setuid,
|
||||
capability sys_chroot,
|
||||
capability sys_resource,
|
||||
|
||||
# /etc/bind should be read-only for bind
|
||||
# /var/lib/bind is for dynamically updated zone (and journal) files.
|
||||
# /var/cache/bind is for slave/stub data, since we're not the origin of it.
|
||||
# See /usr/share/doc/bind9/README.Debian.gz
|
||||
/etc/bind/** r,
|
||||
/var/lib/bind/** rw,
|
||||
/var/lib/bind/ rw,
|
||||
/var/cache/bind/** lrw,
|
||||
/var/cache/bind/ rw,
|
||||
|
||||
# Database file used by allow-new-zones
|
||||
/var/cache/bind/_default.nzd-lock rwk,
|
||||
|
||||
# gssapi
|
||||
/etc/krb5.keytab kr,
|
||||
/etc/bind/krb5.keytab kr,
|
||||
|
||||
# ssl
|
||||
/etc/ssl/openssl.cnf r,
|
||||
|
||||
# root hints from dns-data-root
|
||||
/usr/share/dns/root.* r,
|
||||
|
||||
# GeoIP data files for GeoIP ACLs
|
||||
/usr/share/GeoIP/** r,
|
||||
|
||||
# dnscvsutil package
|
||||
/var/lib/dnscvsutil/compiled/** rw,
|
||||
|
||||
# Allow changing worker thread names
|
||||
owner @{PROC}/@{pid}/task/@{tid}/comm rw,
|
||||
|
||||
@{PROC}/net/if_inet6 r,
|
||||
@{PROC}/*/net/if_inet6 r,
|
||||
@{PROC}/sys/net/ipv4/ip_local_port_range r,
|
||||
/usr/sbin/named mr,
|
||||
/{,var/}run/named/named.pid w,
|
||||
/{,var/}run/named/session.key w,
|
||||
# support for resolvconf
|
||||
/{,var/}run/named/named.options r,
|
||||
|
||||
# some people like to put logs in /var/log/named/ instead of having
|
||||
# syslog do the heavy lifting.
|
||||
{{ bind_log_file }} rw,
|
||||
{{ bind_query_file }} rw,
|
||||
|
||||
# gssapi
|
||||
/var/lib/sss/pubconf/krb5.include.d/** r,
|
||||
/var/lib/sss/pubconf/krb5.include.d/ r,
|
||||
/var/lib/sss/mc/initgroups r,
|
||||
/etc/gss/mech.d/ r,
|
||||
|
||||
# ldap
|
||||
/etc/ldap/ldap.conf r,
|
||||
/{,var/}run/slapd-*.socket rw,
|
||||
|
||||
# dynamic updates
|
||||
/var/tmp/DNS_* rw,
|
||||
|
||||
# dyndb backends
|
||||
/usr/lib/bind/*.so rm,
|
||||
|
||||
# Samba DLZ
|
||||
/{usr/,}lib/@{multiarch}/samba/bind9/*.so rm,
|
||||
/{usr/,}lib/@{multiarch}/samba/gensec/*.so rm,
|
||||
/{usr/,}lib/@{multiarch}/samba/ldb/*.so rm,
|
||||
/{usr/,}lib/@{multiarch}/ldb/modules/ldb/*.so rm,
|
||||
/var/lib/samba/bind-dns/dns.keytab rk,
|
||||
/var/lib/samba/bind-dns/named.conf r,
|
||||
/var/lib/samba/bind-dns/dns/** rwk,
|
||||
/var/lib/samba/private/dns.keytab rk,
|
||||
/var/lib/samba/private/named.conf r,
|
||||
/var/lib/samba/private/dns/** rwk,
|
||||
/etc/samba/smb.conf r,
|
||||
/dev/urandom rwmk,
|
||||
owner /var/tmp/krb5_* rwk,
|
||||
|
||||
# Site-specific additions and overrides. See local/README for details.
|
||||
#include <local/usr.sbin.named>
|
||||
}
|
||||
|
||||
|
|
@ -1,4 +1,8 @@
|
|||
/var/log/bind.log {
|
||||
{% if bind_chroot_set %}
|
||||
{{ bind_chroot_path }}{{bind_log_file}} {
|
||||
{% else %}
|
||||
{{bind_log_file}} {
|
||||
{% endif %}
|
||||
weekly
|
||||
missingok
|
||||
rotate 52
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
{{ bind_chroot_path }}/var/log/bind.log {
|
||||
weekly
|
||||
missingok
|
||||
rotate 52
|
||||
create 640 bind bind
|
||||
sharedscripts
|
||||
postrotate
|
||||
rndc reload > /dev/null
|
||||
endscript
|
||||
}
|
||||
|
|
@ -1,6 +1,9 @@
|
|||
[bind*]
|
||||
user root
|
||||
env.logfile {{ bind_query_file }}
|
||||
env.querystats {{ bind_chroot_path }}{{ bind_statistics_file }}
|
||||
|
||||
env.logfile {% if bind_chroot_set %}{{ bind_chroot_path }}{% endif %}{{ bind_query_file }}
|
||||
{% if bind_authoritative_server %}
|
||||
env.querystats {% if bind_chroot_set %}{{ bind_chroot_path }}{% endif %}{{ bind_statistics_file }}
|
||||
{% endif %}
|
||||
env.MUNIN_PLUGSTATE /var/lib/munin
|
||||
timeout 120
|
||||
|
|
|
|||
|
|
@ -4,11 +4,11 @@ acl "foo" {
|
|||
};
|
||||
|
||||
options {
|
||||
directory "/var/cache/bind";
|
||||
directory "{{ bind_cache_dir }}";
|
||||
version "Bingo";
|
||||
auth-nxdomain no;
|
||||
masterfile-format text;
|
||||
statistics-file "/var/run/named.stats";
|
||||
statistics-file "{{ bind_statistics_file }}";
|
||||
|
||||
listen-on-v6 { any; };
|
||||
listen-on { any; };
|
||||
|
|
@ -23,11 +23,11 @@ logging {
|
|||
category queries { query_logging; };
|
||||
|
||||
channel default_file {
|
||||
file "/var/log/bind.log";
|
||||
file "{{ bind_log_file }}";
|
||||
severity info;
|
||||
};
|
||||
channel query_logging {
|
||||
file "/var/log/bind_queries.log" versions 2 size 128M;
|
||||
file "{{ bind_query_file }}" versions 2 size 128M;
|
||||
print-category yes;
|
||||
print-severity yes;
|
||||
print-time yes;
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
options {
|
||||
directory "/var/cache/bind";
|
||||
directory "{{ bind_cache_dir }}";
|
||||
version "Bingo";
|
||||
auth-nxdomain no;
|
||||
listen-on-v6 { ::1; };
|
||||
|
|
@ -8,9 +8,17 @@ options {
|
|||
};
|
||||
|
||||
logging {
|
||||
category default { default_file; };
|
||||
channel default_file {
|
||||
file "/var/log/bind.log";
|
||||
severity info;
|
||||
};
|
||||
category default { default_file; };
|
||||
category queries { query_logging; };
|
||||
|
||||
channel default_file {
|
||||
file "{{ bind_log_file }}";
|
||||
severity info;
|
||||
};
|
||||
channel query_logging {
|
||||
file "{{ bind_query_file }}" versions 2 size 128M;
|
||||
print-category yes;
|
||||
print-severity yes;
|
||||
print-time yes;
|
||||
};
|
||||
};
|
||||
|
|
|
|||
8
bullseye-detect/tasks/main.yml
Normal file
8
bullseye-detect/tasks/main.yml
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
|
||||
# Force facts until Debian 11 is released because Ansible is dumb
|
||||
- set_fact:
|
||||
ansible_distribution_major_version: 11
|
||||
ansible_distribution: "Debian"
|
||||
ansible_distribution_release: "bullseye"
|
||||
when: "ansible_lsb.codename == 'bullseye' or ansible_lsb.release == 'testing/unstable'"
|
||||
6
certbot/defaults/main.yml
Normal file
6
certbot/defaults/main.yml
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
|
||||
certbot_work_dir: /var/lib/letsencrypt
|
||||
certbot_custom_crontab: True
|
||||
|
||||
certbot_hooks_sync_remote_servers: []
|
||||
11
certbot/files/cron_jessie
Normal file
11
certbot/files/cron_jessie
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
# /etc/cron.d/certbot: crontab entries for the certbot package
|
||||
#
|
||||
# Upstream recommends attempting renewal twice a day
|
||||
#
|
||||
# Eventually, this will be an opportunity to validate certificates
|
||||
# haven't been revoked, etc. Renewal will only occur if expiration
|
||||
# is within 30 days.
|
||||
SHELL=/bin/sh
|
||||
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
||||
|
||||
0 */12 * * * root test -x /usr/local/bin/certbot && perl -e 'sleep int(rand(3600))' && /usr/local/bin/certbot --no-self-upgrade -q renew
|
||||
44
certbot/files/hooks/deploy/apache.sh
Normal file
44
certbot/files/hooks/deploy/apache.sh
Normal file
|
|
@ -0,0 +1,44 @@
|
|||
#!/bin/sh
|
||||
|
||||
error() {
|
||||
>&2 echo "${PROGNAME}: $1"
|
||||
exit 1
|
||||
}
|
||||
debug() {
|
||||
if [ "${VERBOSE}" = "1" ] && [ "${QUIET}" != "1" ]; then
|
||||
>&2 echo "${PROGNAME}: $1"
|
||||
fi
|
||||
}
|
||||
daemon_found_and_running() {
|
||||
test -n "$(pidof apache2)" && test -n "${apache2ctl_bin}"
|
||||
}
|
||||
config_check() {
|
||||
${apache2ctl_bin} configtest > /dev/null 2>&1
|
||||
}
|
||||
letsencrypt_used() {
|
||||
grep -q -r -E "letsencrypt" /etc/apache2/
|
||||
}
|
||||
main() {
|
||||
if daemon_found_and_running; then
|
||||
if letsencrypt_used; then
|
||||
if config_check; then
|
||||
debug "Apache detected... reloading"
|
||||
systemctl reload apache2
|
||||
else
|
||||
error "Apache config is broken, you must fix it !"
|
||||
fi
|
||||
else
|
||||
debug "Apache doesn't use Let's Encrypt certificate. Skip."
|
||||
fi
|
||||
else
|
||||
debug "Apache is not running or missing. Skip."
|
||||
fi
|
||||
}
|
||||
|
||||
readonly PROGNAME=$(basename "$0")
|
||||
readonly VERBOSE=${VERBOSE:-"0"}
|
||||
readonly QUIET=${QUIET:-"0"}
|
||||
|
||||
readonly apache2ctl_bin=$(command -v apache2ctl)
|
||||
|
||||
main
|
||||
44
certbot/files/hooks/deploy/dovecot.sh
Normal file
44
certbot/files/hooks/deploy/dovecot.sh
Normal file
|
|
@ -0,0 +1,44 @@
|
|||
#!/bin/sh
|
||||
|
||||
error() {
|
||||
>&2 echo "${PROGNAME}: $1"
|
||||
exit 1
|
||||
}
|
||||
debug() {
|
||||
if [ "${VERBOSE}" = "1" ] && [ "${QUIET}" != "1" ]; then
|
||||
>&2 echo "${PROGNAME}: $1"
|
||||
fi
|
||||
}
|
||||
daemon_found_and_running() {
|
||||
test -n "$(pidof dovecot)" && test -n "${doveconf_bin}"
|
||||
}
|
||||
config_check() {
|
||||
${doveconf_bin} > /dev/null 2>&1
|
||||
}
|
||||
letsencrypt_used() {
|
||||
${doveconf_bin} | grep -E "^ssl_cert[^_]" | grep -q "letsencrypt"
|
||||
}
|
||||
main() {
|
||||
if daemon_found_and_running; then
|
||||
if letsencrypt_used; then
|
||||
if config_check; then
|
||||
debug "Dovecot detected... reloading"
|
||||
systemctl reload dovecot
|
||||
else
|
||||
error "Dovecot config is broken, you must fix it !"
|
||||
fi
|
||||
else
|
||||
debug "Dovecot doesn't use Let's Encrypt certificate. Skip."
|
||||
fi
|
||||
else
|
||||
debug "Dovecot is not running or missing. Skip."
|
||||
fi
|
||||
}
|
||||
|
||||
readonly PROGNAME=$(basename "$0")
|
||||
readonly VERBOSE=${VERBOSE:-"0"}
|
||||
readonly QUIET=${QUIET:-"0"}
|
||||
|
||||
readonly doveconf_bin=$(command -v doveconf)
|
||||
|
||||
main
|
||||
93
certbot/files/hooks/deploy/haproxy.sh
Normal file
93
certbot/files/hooks/deploy/haproxy.sh
Normal file
|
|
@ -0,0 +1,93 @@
|
|||
#!/bin/sh
|
||||
|
||||
error() {
|
||||
>&2 echo "${PROGNAME}: $1"
|
||||
exit 1
|
||||
}
|
||||
debug() {
|
||||
if [ "${VERBOSE}" = "1" ] && [ "${QUIET}" != "1" ]; then
|
||||
>&2 echo "${PROGNAME}: $1"
|
||||
fi
|
||||
}
|
||||
daemon_found_and_running() {
|
||||
test -n "$(pidof haproxy)" && test -n "${haproxy_bin}"
|
||||
}
|
||||
found_renewed_lineage() {
|
||||
test -f "${RENEWED_LINEAGE}/fullchain.pem" && test -f "${RENEWED_LINEAGE}/privkey.pem"
|
||||
}
|
||||
config_check() {
|
||||
${haproxy_bin} -c -f "${haproxy_config_file}" > /dev/null 2>&1
|
||||
}
|
||||
concat_files() {
|
||||
# shellcheck disable=SC2174
|
||||
mkdir --mode=700 --parents "${haproxy_cert_dir}"
|
||||
chown root: "${haproxy_cert_dir}"
|
||||
|
||||
debug "Concatenating certificate files to ${haproxy_cert_file}"
|
||||
cat "${RENEWED_LINEAGE}/fullchain.pem" "${RENEWED_LINEAGE}/privkey.pem" > "${haproxy_cert_file}"
|
||||
chmod 600 "${haproxy_cert_file}"
|
||||
chown root: "${haproxy_cert_file}"
|
||||
}
|
||||
cert_and_key_mismatch() {
|
||||
haproxy_cert_md5=$(openssl x509 -noout -modulus -in "${haproxy_cert_file}" | openssl md5)
|
||||
haproxy_key_md5=$(openssl rsa -noout -modulus -in "${haproxy_cert_file}" | openssl md5)
|
||||
|
||||
test "${haproxy_cert_md5}" != "${haproxy_key_md5}"
|
||||
}
|
||||
detect_haproxy_cert_dir() {
|
||||
# get last field or line wich defines the crt directory
|
||||
config_cert_dir=$(grep -r -o -E -h '^\s*bind .* crt /etc/\S+' "${haproxy_config_file}" | head -1 | awk '{ print $(NF)}')
|
||||
if [ -n "${config_cert_dir}" ]; then
|
||||
debug "Cert directory is configured with ${config_cert_dir}"
|
||||
echo "${config_cert_dir}"
|
||||
elif [ -d "/etc/haproxy/ssl" ]; then
|
||||
debug "No configured cert directory found, but /etc/haproxy/ssl exists"
|
||||
echo "/etc/haproxy/ssl"
|
||||
elif [ -d "/etc/ssl/haproxy" ]; then
|
||||
debug "No configured cert directory found, but /etc/ssl/haproxy exists"
|
||||
echo "/etc/ssl/haproxy"
|
||||
else
|
||||
error "Cert directory not found."
|
||||
fi
|
||||
}
|
||||
main() {
|
||||
if [ -z "${RENEWED_LINEAGE}" ]; then
|
||||
error "This script must be called only by certbot!"
|
||||
fi
|
||||
|
||||
if daemon_found_and_running; then
|
||||
readonly haproxy_config_file="/etc/haproxy/haproxy.cfg"
|
||||
readonly haproxy_cert_dir=$(detect_haproxy_cert_dir)
|
||||
|
||||
if found_renewed_lineage; then
|
||||
haproxy_cert_file="${haproxy_cert_dir}/$(basename "${RENEWED_LINEAGE}").pem"
|
||||
failed_cert_file="/root/$(basename "${RENEWED_LINEAGE}").failed.pem"
|
||||
|
||||
concat_files
|
||||
|
||||
if cert_and_key_mismatch; then
|
||||
mv "${haproxy_cert_file}" "${failed_cert_file}"
|
||||
error "Key and cert don't match, we moved the file to ${failed_cert_file} for inspection"
|
||||
fi
|
||||
|
||||
if config_check; then
|
||||
debug "HAProxy detected... reloading"
|
||||
systemctl reload haproxy
|
||||
else
|
||||
error "HAProxy config is broken, you must fix it !"
|
||||
fi
|
||||
else
|
||||
error "Couldn't find ${RENEWED_LINEAGE}/fullchain.pem or ${RENEWED_LINEAGE}/privkey.pem"
|
||||
fi
|
||||
else
|
||||
debug "HAProxy is not running or missing. Skip."
|
||||
fi
|
||||
}
|
||||
|
||||
readonly PROGNAME=$(basename "$0")
|
||||
readonly VERBOSE=${VERBOSE:-"0"}
|
||||
readonly QUIET=${QUIET:-"0"}
|
||||
|
||||
readonly haproxy_bin=$(command -v haproxy)
|
||||
|
||||
main
|
||||
44
certbot/files/hooks/deploy/nginx.sh
Normal file
44
certbot/files/hooks/deploy/nginx.sh
Normal file
|
|
@ -0,0 +1,44 @@
|
|||
#!/bin/sh
|
||||
|
||||
error() {
|
||||
>&2 echo "${PROGNAME}: $1"
|
||||
exit 1
|
||||
}
|
||||
debug() {
|
||||
if [ "${VERBOSE}" = "1" ] && [ "${QUIET}" != "1" ]; then
|
||||
>&2 echo "${PROGNAME}: $1"
|
||||
fi
|
||||
}
|
||||
daemon_found_and_running() {
|
||||
test -n "$(pidof nginx)" && test -n "${nginx_bin}"
|
||||
}
|
||||
config_check() {
|
||||
${nginx_bin} -t > /dev/null 2>&1
|
||||
}
|
||||
letsencrypt_used() {
|
||||
grep -q --dereference-recursive -E "letsencrypt" /etc/nginx/sites-enabled
|
||||
}
|
||||
main() {
|
||||
if daemon_found_and_running; then
|
||||
if letsencrypt_used; then
|
||||
if config_check; then
|
||||
debug "Nginx detected... reloading"
|
||||
systemctl reload nginx
|
||||
else
|
||||
error "Nginx config is broken, you must fix it !"
|
||||
fi
|
||||
else
|
||||
debug "Nginx doesn't use Let's Encrypt certificate. Skip."
|
||||
fi
|
||||
else
|
||||
debug "Nginx is not running or missing. Skip."
|
||||
fi
|
||||
}
|
||||
|
||||
readonly PROGNAME=$(basename "$0")
|
||||
readonly VERBOSE=${VERBOSE:-"0"}
|
||||
readonly QUIET=${QUIET:-"0"}
|
||||
|
||||
readonly nginx_bin=$(command -v nginx)
|
||||
|
||||
main
|
||||
44
certbot/files/hooks/deploy/postfix.sh
Normal file
44
certbot/files/hooks/deploy/postfix.sh
Normal file
|
|
@ -0,0 +1,44 @@
|
|||
#!/bin/sh
|
||||
|
||||
error() {
|
||||
>&2 echo "${PROGNAME}: $1"
|
||||
exit 1
|
||||
}
|
||||
debug() {
|
||||
if [ "${VERBOSE}" = "1" ] && [ "${QUIET}" != "1" ]; then
|
||||
>&2 echo "${PROGNAME}: $1"
|
||||
fi
|
||||
}
|
||||
daemon_found_and_running() {
|
||||
test -n "$(pidof master)" && test -n "${postconf_bin}"
|
||||
}
|
||||
config_check() {
|
||||
${postconf_bin} > /dev/null 2>&1
|
||||
}
|
||||
letsencrypt_used() {
|
||||
${postconf_bin} | grep -E "^smtpd_tls_cert_file" | grep -q "letsencrypt"
|
||||
}
|
||||
main() {
|
||||
if daemon_found_and_running; then
|
||||
if letsencrypt_used; then
|
||||
if config_check; then
|
||||
debug "Postfix detected... reloading"
|
||||
systemctl reload postfix
|
||||
else
|
||||
error "Postfix config is broken, you must fix it !"
|
||||
fi
|
||||
else
|
||||
debug "Postfix doesn't use Let's Encrypt certificate. Skip."
|
||||
fi
|
||||
else
|
||||
debug "Postfix is not running or missing. Skip."
|
||||
fi
|
||||
}
|
||||
|
||||
readonly PROGNAME=$(basename "$0")
|
||||
readonly VERBOSE=${VERBOSE:-"0"}
|
||||
readonly QUIET=${QUIET:-"0"}
|
||||
|
||||
readonly postconf_bin=$(command -v postconf)
|
||||
|
||||
main
|
||||
81
certbot/files/hooks/deploy/sync_remote.sh
Normal file
81
certbot/files/hooks/deploy/sync_remote.sh
Normal file
|
|
@ -0,0 +1,81 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -u
|
||||
|
||||
error() {
|
||||
>&2 echo "${PROGNAME}: $1"
|
||||
exit 1
|
||||
}
|
||||
debug() {
|
||||
if [ "${VERBOSE}" = "1" ] && [ "${QUIET}" != "1" ]; then
|
||||
>&2 echo "${PROGNAME}: $1"
|
||||
fi
|
||||
}
|
||||
found_renewed_lineage() {
|
||||
test -f "${RENEWED_LINEAGE}/fullchain.pem" && test -f "${RENEWED_LINEAGE}/privkey.pem"
|
||||
}
|
||||
cert_content() {
|
||||
openssl x509 -text -in "${RENEWED_LINEAGE}/fullchain.pem"
|
||||
}
|
||||
domain_from_cert() {
|
||||
if cert_content | grep -q "X509v3 Subject Alternative Name:" && cert_content | grep -q "DNS:"; then
|
||||
cert_content | grep "DNS:" | sed -e 's/\s\+//g' -e 's/DNS://g'
|
||||
else
|
||||
cert_content | sed 's/^.*CN\ *=\ *//'
|
||||
fi
|
||||
}
|
||||
main() {
|
||||
if [ -z "${RENEWED_LINEAGE}" ]; then
|
||||
error "Missing RENEWED_LINEAGE environment variable (usually provided by certbot)."
|
||||
fi
|
||||
if [ -z "${servers}" ]; then
|
||||
debug "Empty server list, skip."
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if found_renewed_lineage; then
|
||||
RENEWED_DOMAINS=${RENEWED_DOMAINS:-$(domain_from_cert)}
|
||||
|
||||
remote_lineage=${remote_dir}/renewed_lineage/$(basename "${RENEWED_LINEAGE}")
|
||||
|
||||
for server in ${servers}; do
|
||||
remote_host="root@${server}"
|
||||
# shellcheck disable=SC2029
|
||||
ssh "${remote_host}" "mkdir -p ${remote_lineage}" \
|
||||
|| error "Couldn't create ${remote_dir} directory ${server}"
|
||||
|
||||
rsync --archive --copy-links --delete "${RENEWED_LINEAGE}/" "${remote_host}:${remote_lineage}/" \
|
||||
|| error "Couldn't sync certificate on ${server}"
|
||||
|
||||
rsync --archive --copy-links --delete --exclude "$(basename "$0")" --delete-excluded "${hooks_dir}/" "${remote_host}:${remote_dir}/hooks/" \
|
||||
|| error "Couldn't sync hooks on ${server}"
|
||||
|
||||
# shellcheck disable=SC2029
|
||||
ssh "${remote_host}" "export RENEWED_LINEAGE=\"${remote_lineage}/\" RENEWED_DOMAINS=\"${RENEWED_DOMAINS}\"; find ${remote_dir}/hooks/ -mindepth 1 -maxdepth 1 -type f -executable -exec {} \;" \
|
||||
|| error "Something went wrong on ${server} for deploy hooks"
|
||||
done
|
||||
else
|
||||
error "Couldn't find required files in \`${RENEWED_LINEAGE}'"
|
||||
fi
|
||||
}
|
||||
|
||||
PROGNAME=$(basename "$0")
|
||||
VERBOSE=${VERBOSE:-"0"}
|
||||
QUIET=${QUIET:-"0"}
|
||||
|
||||
hooks_dir="/etc/letsencrypt/renewal-hooks/deploy"
|
||||
# The config file lust have the same name as the script, with a different extension (.cf instead of .sh)
|
||||
config_file="${0%.*}.cf"
|
||||
remote_dir="/root/cert_sync"
|
||||
|
||||
if [ -f "${config_file}" ]; then
|
||||
. "${config_file}"
|
||||
fi
|
||||
servers=${servers:-""}
|
||||
|
||||
if [ -z "${servers}" ]; then
|
||||
echo "${PROGNAME}: No server provided. Skip." >&2
|
||||
exit 0
|
||||
fi
|
||||
|
||||
main
|
||||
46
certbot/files/hooks/deploy/z-commit-etc.sh
Normal file
46
certbot/files/hooks/deploy/z-commit-etc.sh
Normal file
|
|
@ -0,0 +1,46 @@
|
|||
#!/bin/sh
|
||||
|
||||
error() {
|
||||
>&2 echo "${PROGNAME}: $1"
|
||||
exit 1
|
||||
}
|
||||
debug() {
|
||||
if [ "${VERBOSE}" = "1" ] && [ "${QUIET}" != "1" ]; then
|
||||
>&2 echo "${PROGNAME}: $1"
|
||||
fi
|
||||
}
|
||||
domain_from_cert() {
|
||||
if [ -f "${RENEWED_LINEAGE}/fullchain.pem" ]; then
|
||||
openssl x509 -noout -subject -in "${RENEWED_LINEAGE}/fullchain.pem" | sed 's/^.*CN\ *=\ *//'
|
||||
else
|
||||
debug "Unable to find \`${RENEWED_LINEAGE}/fullchain.pem', skip domain detection."
|
||||
fi
|
||||
}
|
||||
main() {
|
||||
export GIT_DIR="/etc/.git"
|
||||
export GIT_WORK_TREE="/etc"
|
||||
|
||||
if test -x "${git_bin}" && test -d "${GIT_DIR}" && test -d "${GIT_WORK_TREE}"; then
|
||||
changed_lines=$(${git_bin} status --porcelain | wc -l | tr -d ' ')
|
||||
|
||||
if [ "${changed_lines}" != "0" ]; then
|
||||
if [ -z "${RENEWED_DOMAINS}" ] && [ -n "${RENEWED_LINEAGE}" ]; then
|
||||
RENEWED_DOMAINS=$(domain_from_cert)
|
||||
fi
|
||||
debug "Committing for ${RENEWED_DOMAINS}"
|
||||
${git_bin} add --all
|
||||
message="[letsencrypt] certificates renewal (${RENEWED_DOMAINS})"
|
||||
${git_bin} commit --message "${message}" --quiet
|
||||
else
|
||||
debug "Weird, nothing has changed but the hook has been executed for '${RENEWED_DOMAINS}'"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
readonly PROGNAME=$(basename "$0")
|
||||
readonly VERBOSE=${VERBOSE:-"0"}
|
||||
readonly QUIET=${QUIET:-"0"}
|
||||
|
||||
readonly git_bin=$(command -v git)
|
||||
|
||||
main
|
||||
40
certbot/files/hooks/manual-deploy.sh
Executable file
40
certbot/files/hooks/manual-deploy.sh
Executable file
|
|
@ -0,0 +1,40 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -u
|
||||
|
||||
error() {
|
||||
>&2 echo "${PROGNAME}: $1"
|
||||
exit 1
|
||||
}
|
||||
debug() {
|
||||
if [ "${VERBOSE}" = "1" ] && [ "${QUIET}" != "1" ]; then
|
||||
>&2 echo "${PROGNAME}: $1"
|
||||
fi
|
||||
}
|
||||
found_renewed_lineage() {
|
||||
test -f "${RENEWED_LINEAGE}/fullchain.pem" && test -f "${RENEWED_LINEAGE}/privkey.pem"
|
||||
}
|
||||
main() {
|
||||
if [ -z "${RENEWED_LINEAGE:-}" ]; then
|
||||
error "Missing RENEWED_LINEAGE environment variable (usually provided by certbot)."
|
||||
fi
|
||||
if [ "${VERBOSE}" = "1" ]; then
|
||||
xargs_verbose="--verbose"
|
||||
else
|
||||
xargs_verbose=""
|
||||
fi
|
||||
if found_renewed_lineage; then
|
||||
find "${hooks_dir}" -mindepth 1 -maxdepth 1 -type f -executable -print0 | sort --zero-terminated --dictionary-order | xargs ${xargs_verbose} --no-run-if-empty --null --max-args=1 sh -c
|
||||
else
|
||||
error "Couldn't find required files in \`${RENEWED_LINEAGE}'"
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
PROGNAME=$(basename "$0")
|
||||
VERBOSE=${VERBOSE:-"0"}
|
||||
QUIET=${QUIET:-"0"}
|
||||
|
||||
hooks_dir="/etc/letsencrypt/renewal-hooks/deploy"
|
||||
|
||||
main
|
||||
1988
certbot/files/letsencrypt-auto
Normal file
1988
certbot/files/letsencrypt-auto
Normal file
|
|
@ -0,0 +1,1988 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# Download and run the latest release version of the Certbot client.
|
||||
#
|
||||
# NOTE: THIS SCRIPT IS AUTO-GENERATED AND SELF-UPDATING
|
||||
#
|
||||
# IF YOU WANT TO EDIT IT LOCALLY, *ALWAYS* RUN YOUR COPY WITH THE
|
||||
# "--no-self-upgrade" FLAG
|
||||
#
|
||||
# IF YOU WANT TO SEND PULL REQUESTS, THE REAL SOURCE FOR THIS FILE IS
|
||||
# letsencrypt-auto-source/letsencrypt-auto.template AND
|
||||
# letsencrypt-auto-source/pieces/bootstrappers/*
|
||||
|
||||
set -e # Work even if somebody does "sh thisscript.sh".
|
||||
|
||||
# Note: you can set XDG_DATA_HOME or VENV_PATH before running this script,
|
||||
# if you want to change where the virtual environment will be installed
|
||||
|
||||
# HOME might not be defined when being run through something like systemd
|
||||
if [ -z "$HOME" ]; then
|
||||
HOME=~root
|
||||
fi
|
||||
if [ -z "$XDG_DATA_HOME" ]; then
|
||||
XDG_DATA_HOME=~/.local/share
|
||||
fi
|
||||
if [ -z "$VENV_PATH" ]; then
|
||||
# We export these values so they are preserved properly if this script is
|
||||
# rerun with sudo/su where $HOME/$XDG_DATA_HOME may have a different value.
|
||||
export OLD_VENV_PATH="$XDG_DATA_HOME/letsencrypt"
|
||||
export VENV_PATH="/opt/eff.org/certbot/venv"
|
||||
fi
|
||||
VENV_BIN="$VENV_PATH/bin"
|
||||
BOOTSTRAP_VERSION_PATH="$VENV_PATH/certbot-auto-bootstrap-version.txt"
|
||||
LE_AUTO_VERSION="1.14.0"
|
||||
BASENAME=$(basename $0)
|
||||
USAGE="Usage: $BASENAME [OPTIONS]
|
||||
A self-updating wrapper script for the Certbot ACME client. When run, updates
|
||||
to both this script and certbot will be downloaded and installed. After
|
||||
ensuring you have the latest versions installed, certbot will be invoked with
|
||||
all arguments you have provided.
|
||||
|
||||
Help for certbot itself cannot be provided until it is installed.
|
||||
|
||||
--debug attempt experimental installation
|
||||
-h, --help print this help
|
||||
-n, --non-interactive, --noninteractive run without asking for user input
|
||||
--no-bootstrap do not install OS dependencies
|
||||
--no-permissions-check do not warn about file system permissions
|
||||
--no-self-upgrade do not download updates
|
||||
--os-packages-only install OS dependencies and exit
|
||||
--install-only install certbot, upgrade if needed, and exit
|
||||
-v, --verbose provide more output
|
||||
-q, --quiet provide only update/error output;
|
||||
implies --non-interactive
|
||||
|
||||
All arguments are accepted and forwarded to the Certbot client when run."
|
||||
export CERTBOT_AUTO="$0"
|
||||
|
||||
for arg in "$@" ; do
|
||||
case "$arg" in
|
||||
--debug)
|
||||
DEBUG=1;;
|
||||
--os-packages-only)
|
||||
OS_PACKAGES_ONLY=1;;
|
||||
--install-only)
|
||||
INSTALL_ONLY=1;;
|
||||
--no-self-upgrade)
|
||||
# Do not upgrade this script (also prevents client upgrades, because each
|
||||
# copy of the script pins a hash of the python client)
|
||||
NO_SELF_UPGRADE=1;;
|
||||
--no-permissions-check)
|
||||
NO_PERMISSIONS_CHECK=1;;
|
||||
--no-bootstrap)
|
||||
NO_BOOTSTRAP=1;;
|
||||
--help)
|
||||
HELP=1;;
|
||||
--noninteractive|--non-interactive)
|
||||
NONINTERACTIVE=1;;
|
||||
--quiet)
|
||||
QUIET=1;;
|
||||
renew)
|
||||
ASSUME_YES=1;;
|
||||
--verbose)
|
||||
VERBOSE=1;;
|
||||
-[!-]*)
|
||||
OPTIND=1
|
||||
while getopts ":hnvq" short_arg $arg; do
|
||||
case "$short_arg" in
|
||||
h)
|
||||
HELP=1;;
|
||||
n)
|
||||
NONINTERACTIVE=1;;
|
||||
q)
|
||||
QUIET=1;;
|
||||
v)
|
||||
VERBOSE=1;;
|
||||
esac
|
||||
done;;
|
||||
esac
|
||||
done
|
||||
|
||||
if [ $BASENAME = "letsencrypt-auto" ]; then
|
||||
# letsencrypt-auto does not respect --help or --yes for backwards compatibility
|
||||
NONINTERACTIVE=1
|
||||
HELP=0
|
||||
fi
|
||||
|
||||
# Set ASSUME_YES to 1 if QUIET or NONINTERACTIVE
|
||||
if [ "$QUIET" = 1 -o "$NONINTERACTIVE" = 1 ]; then
|
||||
ASSUME_YES=1
|
||||
fi
|
||||
|
||||
say() {
|
||||
if [ "$QUIET" != 1 ]; then
|
||||
echo "$@"
|
||||
fi
|
||||
}
|
||||
|
||||
error() {
|
||||
echo "$@"
|
||||
}
|
||||
|
||||
# Support for busybox and others where there is no "command",
|
||||
# but "which" instead
|
||||
if command -v command > /dev/null 2>&1 ; then
|
||||
export EXISTS="command -v"
|
||||
elif which which > /dev/null 2>&1 ; then
|
||||
export EXISTS="which"
|
||||
else
|
||||
error "Cannot find command nor which... please install one!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Certbot itself needs root access for almost all modes of operation.
|
||||
# certbot-auto needs root access to bootstrap OS dependencies and install
|
||||
# Certbot at a protected path so it can be safely run as root. To accomplish
|
||||
# this, this script will attempt to run itself as root if it doesn't have the
|
||||
# necessary privileges by using `sudo` or falling back to `su` if it is not
|
||||
# available. The mechanism used to obtain root access can be set explicitly by
|
||||
# setting the environment variable LE_AUTO_SUDO to 'sudo', 'su', 'su_sudo',
|
||||
# 'SuSudo', or '' as used below.
|
||||
|
||||
# Because the parameters in `su -c` has to be a string,
|
||||
# we need to properly escape it.
|
||||
SuSudo() {
|
||||
args=""
|
||||
# This `while` loop iterates over all parameters given to this function.
|
||||
# For each parameter, all `'` will be replace by `'"'"'`, and the escaped string
|
||||
# will be wrapped in a pair of `'`, then appended to `$args` string
|
||||
# For example, `echo "It's only 1\$\!"` will be escaped to:
|
||||
# 'echo' 'It'"'"'s only 1$!'
|
||||
# │ │└┼┘│
|
||||
# │ │ │ └── `'s only 1$!'` the literal string
|
||||
# │ │ └── `\"'\"` is a single quote (as a string)
|
||||
# │ └── `'It'`, to be concatenated with the strings following it
|
||||
# └── `echo` wrapped in a pair of `'`, it's totally fine for the shell command itself
|
||||
while [ $# -ne 0 ]; do
|
||||
args="$args'$(printf "%s" "$1" | sed -e "s/'/'\"'\"'/g")' "
|
||||
shift
|
||||
done
|
||||
su root -c "$args"
|
||||
}
|
||||
|
||||
# Sets the environment variable SUDO to be the name of the program or function
|
||||
# to call to get root access. If this script already has root privleges, SUDO
|
||||
# is set to an empty string. The value in SUDO should be run with the command
|
||||
# to called with root privileges as arguments.
|
||||
SetRootAuthMechanism() {
|
||||
SUDO=""
|
||||
if [ -n "${LE_AUTO_SUDO+x}" ]; then
|
||||
case "$LE_AUTO_SUDO" in
|
||||
SuSudo|su_sudo|su)
|
||||
SUDO=SuSudo
|
||||
;;
|
||||
sudo)
|
||||
SUDO="sudo -E"
|
||||
;;
|
||||
'')
|
||||
# If we're not running with root, don't check that this script can only
|
||||
# be modified by system users and groups.
|
||||
NO_PERMISSIONS_CHECK=1
|
||||
;;
|
||||
*)
|
||||
error "Error: unknown root authorization mechanism '$LE_AUTO_SUDO'."
|
||||
exit 1
|
||||
esac
|
||||
say "Using preset root authorization mechanism '$LE_AUTO_SUDO'."
|
||||
else
|
||||
if test "`id -u`" -ne "0" ; then
|
||||
if $EXISTS sudo 1>/dev/null 2>&1; then
|
||||
SUDO="sudo -E"
|
||||
else
|
||||
say \"sudo\" is not available, will use \"su\" for installation steps...
|
||||
SUDO=SuSudo
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
if [ "$1" = "--cb-auto-has-root" ]; then
|
||||
shift 1
|
||||
else
|
||||
SetRootAuthMechanism
|
||||
if [ -n "$SUDO" ]; then
|
||||
say "Requesting to rerun $0 with root privileges..."
|
||||
$SUDO "$0" --cb-auto-has-root "$@"
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
|
||||
# Runs this script again with the given arguments. --cb-auto-has-root is added
|
||||
# to the command line arguments to ensure we don't try to acquire root a
|
||||
# second time. After the script is rerun, we exit the current script.
|
||||
RerunWithArgs() {
|
||||
"$0" --cb-auto-has-root "$@"
|
||||
exit 0
|
||||
}
|
||||
|
||||
BootstrapMessage() {
|
||||
# Arguments: Platform name
|
||||
say "Bootstrapping dependencies for $1... (you can skip this with --no-bootstrap)"
|
||||
}
|
||||
|
||||
ExperimentalBootstrap() {
|
||||
# Arguments: Platform name, bootstrap function name
|
||||
if [ "$DEBUG" = 1 ]; then
|
||||
if [ "$2" != "" ]; then
|
||||
BootstrapMessage $1
|
||||
$2
|
||||
fi
|
||||
else
|
||||
error "FATAL: $1 support is very experimental at present..."
|
||||
error "if you would like to work on improving it, please ensure you have backups"
|
||||
error "and then run this script again with the --debug flag!"
|
||||
error "Alternatively, you can install OS dependencies yourself and run this script"
|
||||
error "again with --no-bootstrap."
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
DeprecationBootstrap() {
|
||||
# Arguments: Platform name, bootstrap function name
|
||||
if [ "$DEBUG" = 1 ]; then
|
||||
if [ "$2" != "" ]; then
|
||||
BootstrapMessage $1
|
||||
$2
|
||||
fi
|
||||
else
|
||||
error "WARNING: certbot-auto support for this $1 is DEPRECATED!"
|
||||
error "Please visit certbot.eff.org to learn how to download a version of"
|
||||
error "Certbot that is packaged for your system. While an existing version"
|
||||
error "of certbot-auto may work currently, we have stopped supporting updating"
|
||||
error "system packages for your system. Please switch to a packaged version"
|
||||
error "as soon as possible."
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
MIN_PYTHON_2_VERSION="2.7"
|
||||
MIN_PYVER2=$(echo "$MIN_PYTHON_2_VERSION" | sed 's/\.//')
|
||||
MIN_PYTHON_3_VERSION="3.6"
|
||||
MIN_PYVER3=$(echo "$MIN_PYTHON_3_VERSION" | sed 's/\.//')
|
||||
# Sets LE_PYTHON to Python version string and PYVER to the first two
|
||||
# digits of the python version.
|
||||
# MIN_PYVER and MIN_PYTHON_VERSION are also set by this function, and their
|
||||
# values depend on if we try to use Python 3 or Python 2.
|
||||
DeterminePythonVersion() {
|
||||
# Arguments: "NOCRASH" if we shouldn't crash if we don't find a good python
|
||||
#
|
||||
# If no Python is found, PYVER is set to 0.
|
||||
if [ "$USE_PYTHON_3" = 1 ]; then
|
||||
MIN_PYVER=$MIN_PYVER3
|
||||
MIN_PYTHON_VERSION=$MIN_PYTHON_3_VERSION
|
||||
for LE_PYTHON in "$LE_PYTHON" python3; do
|
||||
# Break (while keeping the LE_PYTHON value) if found.
|
||||
$EXISTS "$LE_PYTHON" > /dev/null && break
|
||||
done
|
||||
else
|
||||
MIN_PYVER=$MIN_PYVER2
|
||||
MIN_PYTHON_VERSION=$MIN_PYTHON_2_VERSION
|
||||
for LE_PYTHON in "$LE_PYTHON" python2.7 python27 python2 python; do
|
||||
# Break (while keeping the LE_PYTHON value) if found.
|
||||
$EXISTS "$LE_PYTHON" > /dev/null && break
|
||||
done
|
||||
fi
|
||||
if [ "$?" != "0" ]; then
|
||||
if [ "$1" != "NOCRASH" ]; then
|
||||
error "Cannot find any Pythons; please install one!"
|
||||
exit 1
|
||||
else
|
||||
PYVER=0
|
||||
return 0
|
||||
fi
|
||||
fi
|
||||
|
||||
PYVER=$("$LE_PYTHON" -V 2>&1 | cut -d" " -f 2 | cut -d. -f1,2 | sed 's/\.//')
|
||||
if [ "$PYVER" -lt "$MIN_PYVER" ]; then
|
||||
if [ "$1" != "NOCRASH" ]; then
|
||||
error "You have an ancient version of Python entombed in your operating system..."
|
||||
error "This isn't going to work; you'll need at least version $MIN_PYTHON_VERSION."
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
# If new packages are installed by BootstrapDebCommon below, this version
|
||||
# number must be increased.
|
||||
BOOTSTRAP_DEB_COMMON_VERSION=1
|
||||
|
||||
BootstrapDebCommon() {
|
||||
# Current version tested with:
|
||||
#
|
||||
# - Ubuntu
|
||||
# - 14.04 (x64)
|
||||
# - 15.04 (x64)
|
||||
# - Debian
|
||||
# - 7.9 "wheezy" (x64)
|
||||
# - sid (2015-10-21) (x64)
|
||||
|
||||
# Past versions tested with:
|
||||
#
|
||||
# - Debian 8.0 "jessie" (x64)
|
||||
# - Raspbian 7.8 (armhf)
|
||||
|
||||
# Believed not to work:
|
||||
#
|
||||
# - Debian 6.0.10 "squeeze" (x64)
|
||||
|
||||
if [ "$QUIET" = 1 ]; then
|
||||
QUIET_FLAG='-qq'
|
||||
fi
|
||||
|
||||
apt-get $QUIET_FLAG update || error apt-get update hit problems but continuing anyway...
|
||||
|
||||
# virtualenv binary can be found in different packages depending on
|
||||
# distro version (#346)
|
||||
|
||||
virtualenv=
|
||||
# virtual env is known to apt and is installable
|
||||
if apt-cache show virtualenv > /dev/null 2>&1 ; then
|
||||
if ! LC_ALL=C apt-cache --quiet=0 show virtualenv 2>&1 | grep -q 'No packages found'; then
|
||||
virtualenv="virtualenv"
|
||||
fi
|
||||
fi
|
||||
|
||||
if apt-cache show python-virtualenv > /dev/null 2>&1; then
|
||||
virtualenv="$virtualenv python-virtualenv"
|
||||
fi
|
||||
|
||||
augeas_pkg="libaugeas0 augeas-lenses"
|
||||
|
||||
if [ "$ASSUME_YES" = 1 ]; then
|
||||
YES_FLAG="-y"
|
||||
fi
|
||||
|
||||
apt-get install $QUIET_FLAG $YES_FLAG --no-install-recommends \
|
||||
python \
|
||||
python-dev \
|
||||
$virtualenv \
|
||||
gcc \
|
||||
$augeas_pkg \
|
||||
libssl-dev \
|
||||
openssl \
|
||||
libffi-dev \
|
||||
ca-certificates \
|
||||
|
||||
|
||||
if ! $EXISTS virtualenv > /dev/null ; then
|
||||
error Failed to install a working \"virtualenv\" command, exiting
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
# If new packages are installed by BootstrapRpmCommonBase below, version
|
||||
# numbers in rpm_common.sh and rpm_python3.sh must be increased.
|
||||
|
||||
# Sets TOOL to the name of the package manager
|
||||
# Sets appropriate values for YES_FLAG and QUIET_FLAG based on $ASSUME_YES and $QUIET_FLAG.
|
||||
# Note: this function is called both while selecting the bootstrap scripts and
|
||||
# during the actual bootstrap. Some things like prompting to user can be done in the latter
|
||||
# case, but not in the former one.
|
||||
InitializeRPMCommonBase() {
|
||||
if type dnf 2>/dev/null
|
||||
then
|
||||
TOOL=dnf
|
||||
elif type yum 2>/dev/null
|
||||
then
|
||||
TOOL=yum
|
||||
|
||||
else
|
||||
error "Neither yum nor dnf found. Aborting bootstrap!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "$ASSUME_YES" = 1 ]; then
|
||||
YES_FLAG="-y"
|
||||
fi
|
||||
if [ "$QUIET" = 1 ]; then
|
||||
QUIET_FLAG='--quiet'
|
||||
fi
|
||||
}
|
||||
|
||||
BootstrapRpmCommonBase() {
|
||||
# Arguments: whitespace-delimited python packages to install
|
||||
|
||||
InitializeRPMCommonBase # This call is superfluous in practice
|
||||
|
||||
pkgs="
|
||||
gcc
|
||||
augeas-libs
|
||||
openssl
|
||||
openssl-devel
|
||||
libffi-devel
|
||||
redhat-rpm-config
|
||||
ca-certificates
|
||||
"
|
||||
|
||||
# Add the python packages
|
||||
pkgs="$pkgs
|
||||
$1
|
||||
"
|
||||
|
||||
if $TOOL list installed "httpd" >/dev/null 2>&1; then
|
||||
pkgs="$pkgs
|
||||
mod_ssl
|
||||
"
|
||||
fi
|
||||
|
||||
if ! $TOOL install $YES_FLAG $QUIET_FLAG $pkgs; then
|
||||
error "Could not install OS dependencies. Aborting bootstrap!"
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
# If new packages are installed by BootstrapRpmCommon below, this version
|
||||
# number must be increased.
|
||||
BOOTSTRAP_RPM_COMMON_VERSION=1
|
||||
|
||||
BootstrapRpmCommon() {
|
||||
# Tested with:
|
||||
# - Fedora 20, 21, 22, 23 (x64)
|
||||
# - Centos 7 (x64: on DigitalOcean droplet)
|
||||
# - CentOS 7 Minimal install in a Hyper-V VM
|
||||
# - CentOS 6
|
||||
|
||||
InitializeRPMCommonBase
|
||||
|
||||
# Most RPM distros use the "python" or "python-" naming convention. Let's try that first.
|
||||
if $TOOL list python >/dev/null 2>&1; then
|
||||
python_pkgs="$python
|
||||
python-devel
|
||||
python-virtualenv
|
||||
python-tools
|
||||
python-pip
|
||||
"
|
||||
# Fedora 26 starts to use the prefix python2 for python2 based packages.
|
||||
# this elseif is theoretically for any Fedora over version 26:
|
||||
elif $TOOL list python2 >/dev/null 2>&1; then
|
||||
python_pkgs="$python2
|
||||
python2-libs
|
||||
python2-setuptools
|
||||
python2-devel
|
||||
python2-virtualenv
|
||||
python2-tools
|
||||
python2-pip
|
||||
"
|
||||
# Some distros and older versions of current distros use a "python27"
|
||||
# instead of the "python" or "python-" naming convention.
|
||||
else
|
||||
python_pkgs="$python27
|
||||
python27-devel
|
||||
python27-virtualenv
|
||||
python27-tools
|
||||
python27-pip
|
||||
"
|
||||
fi
|
||||
|
||||
BootstrapRpmCommonBase "$python_pkgs"
|
||||
}
|
||||
|
||||
# If new packages are installed by BootstrapRpmPython3 below, this version
|
||||
# number must be increased.
|
||||
BOOTSTRAP_RPM_PYTHON3_LEGACY_VERSION=1
|
||||
|
||||
# Checks if rh-python36 can be installed.
|
||||
Python36SclIsAvailable() {
|
||||
InitializeRPMCommonBase >/dev/null 2>&1;
|
||||
|
||||
if "${TOOL}" list rh-python36 >/dev/null 2>&1; then
|
||||
return 0
|
||||
fi
|
||||
if "${TOOL}" list centos-release-scl >/dev/null 2>&1; then
|
||||
return 0
|
||||
fi
|
||||
return 1
|
||||
}
|
||||
|
||||
# Try to enable rh-python36 from SCL if it is necessary and possible.
|
||||
EnablePython36SCL() {
|
||||
if "$EXISTS" python3.6 > /dev/null 2> /dev/null; then
|
||||
return 0
|
||||
fi
|
||||
if [ ! -f /opt/rh/rh-python36/enable ]; then
|
||||
return 0
|
||||
fi
|
||||
set +e
|
||||
if ! . /opt/rh/rh-python36/enable; then
|
||||
error 'Unable to enable rh-python36!'
|
||||
exit 1
|
||||
fi
|
||||
set -e
|
||||
}
|
||||
|
||||
# This bootstrap concerns old RedHat-based distributions that do not ship by default
|
||||
# with Python 2.7, but only Python 2.6. We bootstrap them by enabling SCL and installing
|
||||
# Python 3.6. Some of these distributions are: CentOS/RHEL/OL/SL 6.
|
||||
BootstrapRpmPython3Legacy() {
|
||||
# Tested with:
|
||||
# - CentOS 6
|
||||
|
||||
InitializeRPMCommonBase
|
||||
|
||||
if ! "${TOOL}" list rh-python36 >/dev/null 2>&1; then
|
||||
echo "To use Certbot on this operating system, packages from the SCL repository need to be installed."
|
||||
if ! "${TOOL}" list centos-release-scl >/dev/null 2>&1; then
|
||||
error "Enable the SCL repository and try running Certbot again."
|
||||
exit 1
|
||||
fi
|
||||
if [ "${ASSUME_YES}" = 1 ]; then
|
||||
/bin/echo -n "Enabling the SCL repository in 3 seconds... (Press Ctrl-C to cancel)"
|
||||
sleep 1s
|
||||
/bin/echo -ne "\e[0K\rEnabling the SCL repository in 2 seconds... (Press Ctrl-C to cancel)"
|
||||
sleep 1s
|
||||
/bin/echo -e "\e[0K\rEnabling the SCL repository in 1 second... (Press Ctrl-C to cancel)"
|
||||
sleep 1s
|
||||
fi
|
||||
if ! "${TOOL}" install "${YES_FLAG}" "${QUIET_FLAG}" centos-release-scl; then
|
||||
error "Could not enable SCL. Aborting bootstrap!"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
# CentOS 6 must use rh-python36 from SCL
|
||||
if "${TOOL}" list rh-python36 >/dev/null 2>&1; then
|
||||
python_pkgs="rh-python36-python
|
||||
rh-python36-python-virtualenv
|
||||
rh-python36-python-devel
|
||||
"
|
||||
else
|
||||
error "No supported Python package available to install. Aborting bootstrap!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
BootstrapRpmCommonBase "${python_pkgs}"
|
||||
|
||||
# Enable SCL rh-python36 after bootstrapping.
|
||||
EnablePython36SCL
|
||||
}
|
||||
|
||||
# If new packages are installed by BootstrapRpmPython3 below, this version
|
||||
# number must be increased.
|
||||
BOOTSTRAP_RPM_PYTHON3_VERSION=1
|
||||
|
||||
BootstrapRpmPython3() {
|
||||
# Tested with:
|
||||
# - Fedora 29
|
||||
|
||||
InitializeRPMCommonBase
|
||||
|
||||
# Fedora 29 must use python3-virtualenv
|
||||
if $TOOL list python3-virtualenv >/dev/null 2>&1; then
|
||||
python_pkgs="python3
|
||||
python3-virtualenv
|
||||
python3-devel
|
||||
"
|
||||
else
|
||||
error "No supported Python package available to install. Aborting bootstrap!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
BootstrapRpmCommonBase "$python_pkgs"
|
||||
}
|
||||
|
||||
# If new packages are installed by BootstrapSuseCommon below, this version
|
||||
# number must be increased.
|
||||
BOOTSTRAP_SUSE_COMMON_VERSION=1
|
||||
|
||||
BootstrapSuseCommon() {
|
||||
# SLE12 don't have python-virtualenv
|
||||
|
||||
if [ "$ASSUME_YES" = 1 ]; then
|
||||
zypper_flags="-nq"
|
||||
install_flags="-l"
|
||||
fi
|
||||
|
||||
if [ "$QUIET" = 1 ]; then
|
||||
QUIET_FLAG='-qq'
|
||||
fi
|
||||
|
||||
if zypper search -x python-virtualenv >/dev/null 2>&1; then
|
||||
OPENSUSE_VIRTUALENV_PACKAGES="python-virtualenv"
|
||||
else
|
||||
# Since Leap 15.0 (and associated Tumbleweed version), python-virtualenv
|
||||
# is a source package, and python2-virtualenv must be used instead.
|
||||
# Also currently python2-setuptools is not a dependency of python2-virtualenv,
|
||||
# while it should be. Installing it explicitly until upstream fix.
|
||||
OPENSUSE_VIRTUALENV_PACKAGES="python2-virtualenv python2-setuptools"
|
||||
fi
|
||||
|
||||
zypper $QUIET_FLAG $zypper_flags in $install_flags \
|
||||
python \
|
||||
python-devel \
|
||||
$OPENSUSE_VIRTUALENV_PACKAGES \
|
||||
gcc \
|
||||
augeas-lenses \
|
||||
libopenssl-devel \
|
||||
libffi-devel \
|
||||
ca-certificates
|
||||
}
|
||||
|
||||
# If new packages are installed by BootstrapArchCommon below, this version
|
||||
# number must be increased.
|
||||
BOOTSTRAP_ARCH_COMMON_VERSION=1
|
||||
|
||||
BootstrapArchCommon() {
|
||||
# Tested with:
|
||||
# - ArchLinux (x86_64)
|
||||
#
|
||||
# "python-virtualenv" is Python3, but "python2-virtualenv" provides
|
||||
# only "virtualenv2" binary, not "virtualenv".
|
||||
|
||||
deps="
|
||||
python2
|
||||
python-virtualenv
|
||||
gcc
|
||||
augeas
|
||||
openssl
|
||||
libffi
|
||||
ca-certificates
|
||||
pkg-config
|
||||
"
|
||||
|
||||
# pacman -T exits with 127 if there are missing dependencies
|
||||
missing=$(pacman -T $deps) || true
|
||||
|
||||
if [ "$ASSUME_YES" = 1 ]; then
|
||||
noconfirm="--noconfirm"
|
||||
fi
|
||||
|
||||
if [ "$missing" ]; then
|
||||
if [ "$QUIET" = 1 ]; then
|
||||
pacman -S --needed $missing $noconfirm > /dev/null
|
||||
else
|
||||
pacman -S --needed $missing $noconfirm
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
# If new packages are installed by BootstrapGentooCommon below, this version
|
||||
# number must be increased.
|
||||
BOOTSTRAP_GENTOO_COMMON_VERSION=1
|
||||
|
||||
BootstrapGentooCommon() {
|
||||
PACKAGES="
|
||||
dev-lang/python:2.7
|
||||
dev-python/virtualenv
|
||||
app-admin/augeas
|
||||
dev-libs/openssl
|
||||
dev-libs/libffi
|
||||
app-misc/ca-certificates
|
||||
virtual/pkgconfig"
|
||||
|
||||
ASK_OPTION="--ask"
|
||||
if [ "$ASSUME_YES" = 1 ]; then
|
||||
ASK_OPTION=""
|
||||
fi
|
||||
|
||||
case "$PACKAGE_MANAGER" in
|
||||
(paludis)
|
||||
cave resolve --preserve-world --keep-targets if-possible $PACKAGES -x
|
||||
;;
|
||||
(pkgcore)
|
||||
pmerge --noreplace --oneshot $ASK_OPTION $PACKAGES
|
||||
;;
|
||||
(portage|*)
|
||||
emerge --noreplace --oneshot $ASK_OPTION $PACKAGES
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
# If new packages are installed by BootstrapFreeBsd below, this version number
|
||||
# must be increased.
|
||||
BOOTSTRAP_FREEBSD_VERSION=1
|
||||
|
||||
BootstrapFreeBsd() {
|
||||
if [ "$QUIET" = 1 ]; then
|
||||
QUIET_FLAG="--quiet"
|
||||
fi
|
||||
|
||||
pkg install -Ay $QUIET_FLAG \
|
||||
python \
|
||||
py27-virtualenv \
|
||||
augeas \
|
||||
libffi
|
||||
}
|
||||
|
||||
# If new packages are installed by BootstrapMac below, this version number must
|
||||
# be increased.
|
||||
BOOTSTRAP_MAC_VERSION=1
|
||||
|
||||
BootstrapMac() {
|
||||
if hash brew 2>/dev/null; then
|
||||
say "Using Homebrew to install dependencies..."
|
||||
pkgman=brew
|
||||
pkgcmd="brew install"
|
||||
elif hash port 2>/dev/null; then
|
||||
say "Using MacPorts to install dependencies..."
|
||||
pkgman=port
|
||||
pkgcmd="port install"
|
||||
else
|
||||
say "No Homebrew/MacPorts; installing Homebrew..."
|
||||
ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
|
||||
pkgman=brew
|
||||
pkgcmd="brew install"
|
||||
fi
|
||||
|
||||
$pkgcmd augeas
|
||||
if [ "$(which python)" = "/System/Library/Frameworks/Python.framework/Versions/2.7/bin/python" \
|
||||
-o "$(which python)" = "/usr/bin/python" ]; then
|
||||
# We want to avoid using the system Python because it requires root to use pip.
|
||||
# python.org, MacPorts or HomeBrew Python installations should all be OK.
|
||||
say "Installing python..."
|
||||
$pkgcmd python
|
||||
fi
|
||||
|
||||
# Workaround for _dlopen not finding augeas on macOS
|
||||
if [ "$pkgman" = "port" ] && ! [ -e "/usr/local/lib/libaugeas.dylib" ] && [ -e "/opt/local/lib/libaugeas.dylib" ]; then
|
||||
say "Applying augeas workaround"
|
||||
mkdir -p /usr/local/lib/
|
||||
ln -s /opt/local/lib/libaugeas.dylib /usr/local/lib/
|
||||
fi
|
||||
|
||||
if ! hash pip 2>/dev/null; then
|
||||
say "pip not installed"
|
||||
say "Installing pip..."
|
||||
curl --silent --show-error --retry 5 https://bootstrap.pypa.io/get-pip.py | python
|
||||
fi
|
||||
|
||||
if ! hash virtualenv 2>/dev/null; then
|
||||
say "virtualenv not installed."
|
||||
say "Installing with pip..."
|
||||
pip install virtualenv
|
||||
fi
|
||||
}
|
||||
|
||||
# If new packages are installed by BootstrapSmartOS below, this version number
|
||||
# must be increased.
|
||||
BOOTSTRAP_SMARTOS_VERSION=1
|
||||
|
||||
BootstrapSmartOS() {
|
||||
pkgin update
|
||||
pkgin -y install 'gcc49' 'py27-augeas' 'py27-virtualenv'
|
||||
}
|
||||
|
||||
# If new packages are installed by BootstrapMageiaCommon below, this version
|
||||
# number must be increased.
|
||||
BOOTSTRAP_MAGEIA_COMMON_VERSION=1
|
||||
|
||||
BootstrapMageiaCommon() {
|
||||
if [ "$QUIET" = 1 ]; then
|
||||
QUIET_FLAG='--quiet'
|
||||
fi
|
||||
|
||||
if ! urpmi --force $QUIET_FLAG \
|
||||
python \
|
||||
libpython-devel \
|
||||
python-virtualenv
|
||||
then
|
||||
error "Could not install Python dependencies. Aborting bootstrap!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! urpmi --force $QUIET_FLAG \
|
||||
git \
|
||||
gcc \
|
||||
python-augeas \
|
||||
libopenssl-devel \
|
||||
libffi-devel \
|
||||
rootcerts
|
||||
then
|
||||
error "Could not install additional dependencies. Aborting bootstrap!"
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
# Set Bootstrap to the function that installs OS dependencies on this system
|
||||
# and BOOTSTRAP_VERSION to the unique identifier for the current version of
|
||||
# that function. If Bootstrap is set to a function that doesn't install any
|
||||
# packages BOOTSTRAP_VERSION is not set.
|
||||
if [ -f /etc/debian_version ]; then
|
||||
DEPRECATED_OS=1
|
||||
NO_SELF_UPGRADE=1
|
||||
elif [ -f /etc/mageia-release ]; then
|
||||
# Mageia has both /etc/mageia-release and /etc/redhat-release
|
||||
DEPRECATED_OS=1
|
||||
NO_SELF_UPGRADE=1
|
||||
elif [ -f /etc/redhat-release ]; then
|
||||
DEPRECATED_OS=1
|
||||
NO_SELF_UPGRADE=1
|
||||
# Run DeterminePythonVersion to decide on the basis of available Python versions
|
||||
# whether to use 2.x or 3.x on RedHat-like systems.
|
||||
# Then, revert LE_PYTHON to its previous state.
|
||||
prev_le_python="$LE_PYTHON"
|
||||
unset LE_PYTHON
|
||||
DeterminePythonVersion "NOCRASH"
|
||||
|
||||
RPM_DIST_NAME=`(. /etc/os-release 2> /dev/null && echo $ID) || echo "unknown"`
|
||||
|
||||
if [ "$PYVER" -eq 26 -a $(uname -m) != 'x86_64' ]; then
|
||||
# 32 bits CentOS 6 and affiliates are not supported anymore by certbot-auto.
|
||||
DEPRECATED_OS=1
|
||||
fi
|
||||
|
||||
# Set RPM_DIST_VERSION to VERSION_ID from /etc/os-release after splitting on
|
||||
# '.' characters (e.g. "8.0" becomes "8"). If the command exits with an
|
||||
# error, RPM_DIST_VERSION is set to "unknown".
|
||||
RPM_DIST_VERSION=$( (. /etc/os-release 2> /dev/null && echo "$VERSION_ID") | cut -d '.' -f1 || echo "unknown")
|
||||
|
||||
# If RPM_DIST_VERSION is an empty string or it contains any nonnumeric
|
||||
# characters, the value is unexpected so we set RPM_DIST_VERSION to 0.
|
||||
if [ -z "$RPM_DIST_VERSION" ] || [ -n "$(echo "$RPM_DIST_VERSION" | tr -d '[0-9]')" ]; then
|
||||
RPM_DIST_VERSION=0
|
||||
fi
|
||||
|
||||
# Handle legacy RPM distributions
|
||||
if [ "$PYVER" -eq 26 ]; then
|
||||
# Check if an automated bootstrap can be achieved on this system.
|
||||
if ! Python36SclIsAvailable; then
|
||||
INTERACTIVE_BOOTSTRAP=1
|
||||
fi
|
||||
|
||||
USE_PYTHON_3=1
|
||||
|
||||
# Try now to enable SCL rh-python36 for systems already bootstrapped
|
||||
# NB: EnablePython36SCL has been defined along with BootstrapRpmPython3Legacy in certbot-auto
|
||||
EnablePython36SCL
|
||||
else
|
||||
# Starting to Fedora 29, python2 is on a deprecation path. Let's move to python3 then.
|
||||
# RHEL 8 also uses python3 by default.
|
||||
if [ "$RPM_DIST_NAME" = "fedora" -a "$RPM_DIST_VERSION" -ge 29 ]; then
|
||||
RPM_USE_PYTHON_3=1
|
||||
elif [ "$RPM_DIST_NAME" = "rhel" -a "$RPM_DIST_VERSION" -ge 8 ]; then
|
||||
RPM_USE_PYTHON_3=1
|
||||
elif [ "$RPM_DIST_NAME" = "centos" -a "$RPM_DIST_VERSION" -ge 8 ]; then
|
||||
RPM_USE_PYTHON_3=1
|
||||
else
|
||||
RPM_USE_PYTHON_3=0
|
||||
fi
|
||||
|
||||
if [ "$RPM_USE_PYTHON_3" = 1 ]; then
|
||||
USE_PYTHON_3=1
|
||||
fi
|
||||
fi
|
||||
|
||||
LE_PYTHON="$prev_le_python"
|
||||
elif [ -f /etc/os-release ] && `grep -q openSUSE /etc/os-release` ; then
|
||||
DEPRECATED_OS=1
|
||||
NO_SELF_UPGRADE=1
|
||||
elif [ -f /etc/arch-release ]; then
|
||||
DEPRECATED_OS=1
|
||||
NO_SELF_UPGRADE=1
|
||||
elif [ -f /etc/manjaro-release ]; then
|
||||
DEPRECATED_OS=1
|
||||
NO_SELF_UPGRADE=1
|
||||
elif [ -f /etc/gentoo-release ]; then
|
||||
DEPRECATED_OS=1
|
||||
NO_SELF_UPGRADE=1
|
||||
elif uname | grep -iq FreeBSD ; then
|
||||
DEPRECATED_OS=1
|
||||
NO_SELF_UPGRADE=1
|
||||
elif uname | grep -iq Darwin ; then
|
||||
DEPRECATED_OS=1
|
||||
NO_SELF_UPGRADE=1
|
||||
elif [ -f /etc/issue ] && grep -iq "Amazon Linux" /etc/issue ; then
|
||||
DEPRECATED_OS=1
|
||||
NO_SELF_UPGRADE=1
|
||||
elif [ -f /etc/product ] && grep -q "Joyent Instance" /etc/product ; then
|
||||
DEPRECATED_OS=1
|
||||
NO_SELF_UPGRADE=1
|
||||
else
|
||||
DEPRECATED_OS=1
|
||||
NO_SELF_UPGRADE=1
|
||||
fi
|
||||
|
||||
# We handle this case after determining the normal bootstrap version to allow
|
||||
# variables like USE_PYTHON_3 to be properly set. As described above, if the
|
||||
# Bootstrap function doesn't install any packages, BOOTSTRAP_VERSION should not
|
||||
# be set so we unset it here.
|
||||
if [ "$NO_BOOTSTRAP" = 1 ]; then
|
||||
Bootstrap() {
|
||||
:
|
||||
}
|
||||
unset BOOTSTRAP_VERSION
|
||||
fi
|
||||
|
||||
if [ "$DEPRECATED_OS" = 1 ]; then
|
||||
Bootstrap() {
|
||||
error "Skipping bootstrap because certbot-auto is deprecated on this system."
|
||||
}
|
||||
unset BOOTSTRAP_VERSION
|
||||
fi
|
||||
|
||||
# Sets PREV_BOOTSTRAP_VERSION to the identifier for the bootstrap script used
|
||||
# to install OS dependencies on this system. PREV_BOOTSTRAP_VERSION isn't set
|
||||
# if it is unknown how OS dependencies were installed on this system.
|
||||
SetPrevBootstrapVersion() {
|
||||
if [ -f $BOOTSTRAP_VERSION_PATH ]; then
|
||||
PREV_BOOTSTRAP_VERSION=$(cat "$BOOTSTRAP_VERSION_PATH")
|
||||
# The list below only contains bootstrap version strings that existed before
|
||||
# we started writing them to disk.
|
||||
#
|
||||
# DO NOT MODIFY THIS LIST UNLESS YOU KNOW WHAT YOU'RE DOING!
|
||||
elif grep -Fqx "$BOOTSTRAP_VERSION" << "UNLIKELY_EOF"
|
||||
BootstrapDebCommon 1
|
||||
BootstrapMageiaCommon 1
|
||||
BootstrapRpmCommon 1
|
||||
BootstrapSuseCommon 1
|
||||
BootstrapArchCommon 1
|
||||
BootstrapGentooCommon 1
|
||||
BootstrapFreeBsd 1
|
||||
BootstrapMac 1
|
||||
BootstrapSmartOS 1
|
||||
UNLIKELY_EOF
|
||||
then
|
||||
# If there's no bootstrap version saved to disk, but the currently selected
|
||||
# bootstrap script is from before we started saving the version number,
|
||||
# return the currently selected version to prevent us from rebootstrapping
|
||||
# unnecessarily.
|
||||
PREV_BOOTSTRAP_VERSION="$BOOTSTRAP_VERSION"
|
||||
fi
|
||||
}
|
||||
|
||||
TempDir() {
|
||||
mktemp -d 2>/dev/null || mktemp -d -t 'le' # Linux || macOS
|
||||
}
|
||||
|
||||
# Returns 0 if a letsencrypt installation exists at $OLD_VENV_PATH, otherwise,
|
||||
# returns a non-zero number.
|
||||
OldVenvExists() {
|
||||
[ -n "$OLD_VENV_PATH" -a -f "$OLD_VENV_PATH/bin/letsencrypt" ]
|
||||
}
|
||||
|
||||
# Given python path, version 1 and version 2, check if version 1 is outdated compared to version 2.
|
||||
# An unofficial version provided as version 1 (eg. 0.28.0.dev0) will be treated
|
||||
# specifically by printing "UNOFFICIAL". Otherwise, print "OUTDATED" if version 1
|
||||
# is outdated, and "UP_TO_DATE" if not.
|
||||
# This function relies only on installed python environment (2.x or 3.x) by certbot-auto.
|
||||
CompareVersions() {
|
||||
"$1" - "$2" "$3" << "UNLIKELY_EOF"
|
||||
import sys
|
||||
from distutils.version import StrictVersion
|
||||
|
||||
try:
|
||||
current = StrictVersion(sys.argv[1])
|
||||
except ValueError:
|
||||
sys.stdout.write('UNOFFICIAL')
|
||||
sys.exit()
|
||||
|
||||
try:
|
||||
remote = StrictVersion(sys.argv[2])
|
||||
except ValueError:
|
||||
sys.stdout.write('UP_TO_DATE')
|
||||
sys.exit()
|
||||
|
||||
if current < remote:
|
||||
sys.stdout.write('OUTDATED')
|
||||
else:
|
||||
sys.stdout.write('UP_TO_DATE')
|
||||
UNLIKELY_EOF
|
||||
}
|
||||
|
||||
# Create a new virtual environment for Certbot. It will overwrite any existing one.
|
||||
# Parameters: LE_PYTHON, VENV_PATH, PYVER, VERBOSE
|
||||
CreateVenv() {
|
||||
"$1" - "$2" "$3" "$4" << "UNLIKELY_EOF"
|
||||
#!/usr/bin/env python
|
||||
import os
|
||||
import shutil
|
||||
import subprocess
|
||||
import sys
|
||||
|
||||
|
||||
def create_venv(venv_path, pyver, verbose):
|
||||
if os.path.exists(venv_path):
|
||||
shutil.rmtree(venv_path)
|
||||
|
||||
stdout = sys.stdout if verbose == '1' else open(os.devnull, 'w')
|
||||
|
||||
if int(pyver) <= 27:
|
||||
# Use virtualenv binary
|
||||
environ = os.environ.copy()
|
||||
environ['VIRTUALENV_NO_DOWNLOAD'] = '1'
|
||||
command = ['virtualenv', '--no-site-packages', '--python', sys.executable, venv_path]
|
||||
subprocess.check_call(command, stdout=stdout, env=environ)
|
||||
else:
|
||||
# Use embedded venv module in Python 3
|
||||
command = [sys.executable, '-m', 'venv', venv_path]
|
||||
subprocess.check_call(command, stdout=stdout)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
create_venv(*sys.argv[1:])
|
||||
|
||||
UNLIKELY_EOF
|
||||
}
|
||||
|
||||
# Check that the given PATH_TO_CHECK has secured permissions.
|
||||
# Parameters: LE_PYTHON, PATH_TO_CHECK
|
||||
CheckPathPermissions() {
|
||||
"$1" - "$2" << "UNLIKELY_EOF"
|
||||
"""Verifies certbot-auto cannot be modified by unprivileged users.
|
||||
|
||||
This script takes the path to certbot-auto as its only command line
|
||||
argument. It then checks that the file can only be modified by uid/gid
|
||||
< 1000 and if other users can modify the file, it prints a warning with
|
||||
a suggestion on how to solve the problem.
|
||||
|
||||
Permissions on symlinks in the absolute path of certbot-auto are ignored
|
||||
and only the canonical path to certbot-auto is checked. There could be
|
||||
permissions problems due to the symlinks that are unreported by this
|
||||
script, however, issues like this were not caused by our documentation
|
||||
and are ignored for the sake of simplicity.
|
||||
|
||||
All warnings are printed to stdout rather than stderr so all stderr
|
||||
output from this script can be suppressed to avoid printing messages if
|
||||
this script fails for some reason.
|
||||
|
||||
"""
|
||||
from __future__ import print_function
|
||||
|
||||
import os
|
||||
import stat
|
||||
import sys
|
||||
|
||||
|
||||
FORUM_POST_URL = 'https://community.letsencrypt.org/t/certbot-auto-deployment-best-practices/91979/'
|
||||
|
||||
|
||||
def has_safe_permissions(path):
|
||||
"""Returns True if the given path has secure permissions.
|
||||
|
||||
The permissions are considered safe if the file is only writable by
|
||||
uid/gid < 1000.
|
||||
|
||||
The reason we allow more IDs than 0 is because on some systems such
|
||||
as Debian, system users/groups other than uid/gid 0 are used for the
|
||||
path we recommend in our instructions which is /usr/local/bin. 1000
|
||||
was chosen because on Debian 0-999 is reserved for system IDs[1] and
|
||||
on RHEL either 0-499 or 0-999 is reserved depending on the
|
||||
version[2][3]. Due to these differences across different OSes, this
|
||||
detection isn't perfect so we only determine permissions are
|
||||
insecure when we can be reasonably confident there is a problem
|
||||
regardless of the underlying OS.
|
||||
|
||||
[1] https://www.debian.org/doc/debian-policy/ch-opersys.html#uid-and-gid-classes
|
||||
[2] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/ch-managing_users_and_groups
|
||||
[3] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-managing_users_and_groups
|
||||
|
||||
:param str path: filesystem path to check
|
||||
:returns: True if the path has secure permissions, otherwise, False
|
||||
:rtype: bool
|
||||
|
||||
"""
|
||||
# os.stat follows symlinks before obtaining information about a file.
|
||||
stat_result = os.stat(path)
|
||||
if stat_result.st_mode & stat.S_IWOTH:
|
||||
return False
|
||||
if stat_result.st_mode & stat.S_IWGRP and stat_result.st_gid >= 1000:
|
||||
return False
|
||||
if stat_result.st_mode & stat.S_IWUSR and stat_result.st_uid >= 1000:
|
||||
return False
|
||||
return True
|
||||
|
||||
|
||||
def main(certbot_auto_path):
|
||||
current_path = os.path.realpath(certbot_auto_path)
|
||||
last_path = None
|
||||
permissions_ok = True
|
||||
# This loop makes use of the fact that os.path.dirname('/') == '/'.
|
||||
while current_path != last_path and permissions_ok:
|
||||
permissions_ok = has_safe_permissions(current_path)
|
||||
last_path = current_path
|
||||
current_path = os.path.dirname(current_path)
|
||||
|
||||
if not permissions_ok:
|
||||
print('{0} has insecure permissions!'.format(certbot_auto_path))
|
||||
print('To learn how to fix them, visit {0}'.format(FORUM_POST_URL))
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main(sys.argv[1])
|
||||
|
||||
UNLIKELY_EOF
|
||||
}
|
||||
|
||||
if [ "$1" = "--le-auto-phase2" ]; then
|
||||
# Phase 2: Create venv, install LE, and run.
|
||||
|
||||
shift 1 # the --le-auto-phase2 arg
|
||||
|
||||
if [ "$DEPRECATED_OS" = 1 ]; then
|
||||
# Phase 2 damage control mode for deprecated OSes.
|
||||
# In this situation, we bypass any bootstrap or certbot venv setup.
|
||||
# error "Your system is not supported by certbot-auto anymore."
|
||||
|
||||
if [ ! -d "$VENV_PATH" ] && OldVenvExists; then
|
||||
VENV_BIN="$OLD_VENV_PATH/bin"
|
||||
fi
|
||||
|
||||
if [ -f "$VENV_BIN/letsencrypt" -a "$INSTALL_ONLY" != 1 ]; then
|
||||
# error "certbot-auto and its Certbot installation will no longer receive updates."
|
||||
# error "You will not receive any bug fixes including those fixing server compatibility"
|
||||
# error "or security problems."
|
||||
# error "Please visit https://certbot.eff.org/ to check for other alternatives."
|
||||
"$VENV_BIN/letsencrypt" "$@"
|
||||
exit 0
|
||||
else
|
||||
error "Certbot cannot be installed."
|
||||
error "Please visit https://certbot.eff.org/ to check for other alternatives."
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
SetPrevBootstrapVersion
|
||||
|
||||
if [ -z "$PHASE_1_VERSION" -a "$USE_PYTHON_3" = 1 ]; then
|
||||
unset LE_PYTHON
|
||||
fi
|
||||
|
||||
INSTALLED_VERSION="none"
|
||||
if [ -d "$VENV_PATH" ] || OldVenvExists; then
|
||||
# If the selected Bootstrap function isn't a noop and it differs from the
|
||||
# previously used version
|
||||
if [ -n "$BOOTSTRAP_VERSION" -a "$BOOTSTRAP_VERSION" != "$PREV_BOOTSTRAP_VERSION" ]; then
|
||||
# Check if we can rebootstrap without manual user intervention: this requires that
|
||||
# certbot-auto is in non-interactive mode AND selected bootstrap does not claim to
|
||||
# require a manual user intervention.
|
||||
if [ "$NONINTERACTIVE" = 1 -a "$INTERACTIVE_BOOTSTRAP" != 1 ]; then
|
||||
CAN_REBOOTSTRAP=1
|
||||
fi
|
||||
# Check if rebootstrap can be done non-interactively and current shell is non-interactive
|
||||
# (true if stdin and stdout are not attached to a terminal).
|
||||
if [ \( "$CAN_REBOOTSTRAP" = 1 \) -o \( \( -t 0 \) -a \( -t 1 \) \) ]; then
|
||||
if [ -d "$VENV_PATH" ]; then
|
||||
rm -rf "$VENV_PATH"
|
||||
fi
|
||||
# In the case the old venv was just a symlink to the new one,
|
||||
# OldVenvExists is now false because we deleted the venv at VENV_PATH.
|
||||
if OldVenvExists; then
|
||||
rm -rf "$OLD_VENV_PATH"
|
||||
ln -s "$VENV_PATH" "$OLD_VENV_PATH"
|
||||
fi
|
||||
RerunWithArgs "$@"
|
||||
# Otherwise bootstrap needs to be done manually by the user.
|
||||
else
|
||||
# If it is because bootstrapping is interactive, --non-interactive will be of no use.
|
||||
if [ "$INTERACTIVE_BOOTSTRAP" = 1 ]; then
|
||||
error "Skipping upgrade because new OS dependencies may need to be installed."
|
||||
error "This requires manual user intervention: please run this script again manually."
|
||||
# If this is because of the environment (eg. non interactive shell without
|
||||
# --non-interactive flag set), help the user in that direction.
|
||||
else
|
||||
error "Skipping upgrade because new OS dependencies may need to be installed."
|
||||
error
|
||||
error "To upgrade to a newer version, please run this script again manually so you can"
|
||||
error "approve changes or with --non-interactive on the command line to automatically"
|
||||
error "install any required packages."
|
||||
fi
|
||||
# Set INSTALLED_VERSION to be the same so we don't update the venv
|
||||
INSTALLED_VERSION="$LE_AUTO_VERSION"
|
||||
# Continue to use OLD_VENV_PATH if the new venv doesn't exist
|
||||
if [ ! -d "$VENV_PATH" ]; then
|
||||
VENV_BIN="$OLD_VENV_PATH/bin"
|
||||
fi
|
||||
fi
|
||||
elif [ -f "$VENV_BIN/letsencrypt" ]; then
|
||||
# --version output ran through grep due to python-cryptography DeprecationWarnings
|
||||
# grep for both certbot and letsencrypt until certbot and shim packages have been released
|
||||
INSTALLED_VERSION=$("$VENV_BIN/letsencrypt" --version 2>&1 | grep "^certbot\|^letsencrypt" | cut -d " " -f 2)
|
||||
if [ -z "$INSTALLED_VERSION" ]; then
|
||||
error "Error: couldn't get currently installed version for $VENV_BIN/letsencrypt: " 1>&2
|
||||
"$VENV_BIN/letsencrypt" --version
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "$LE_AUTO_VERSION" != "$INSTALLED_VERSION" ]; then
|
||||
say "Creating virtual environment..."
|
||||
DeterminePythonVersion
|
||||
CreateVenv "$LE_PYTHON" "$VENV_PATH" "$PYVER" "$VERBOSE"
|
||||
|
||||
if [ -n "$BOOTSTRAP_VERSION" ]; then
|
||||
echo "$BOOTSTRAP_VERSION" > "$BOOTSTRAP_VERSION_PATH"
|
||||
elif [ -n "$PREV_BOOTSTRAP_VERSION" ]; then
|
||||
echo "$PREV_BOOTSTRAP_VERSION" > "$BOOTSTRAP_VERSION_PATH"
|
||||
fi
|
||||
|
||||
say "Installing Python packages..."
|
||||
TEMP_DIR=$(TempDir)
|
||||
trap 'rm -rf "$TEMP_DIR"' EXIT
|
||||
# There is no $ interpolation due to quotes on starting heredoc delimiter.
|
||||
# -------------------------------------------------------------------------
|
||||
cat << "UNLIKELY_EOF" > "$TEMP_DIR/letsencrypt-auto-requirements.txt"
|
||||
# This is the flattened list of packages certbot-auto installs.
|
||||
# To generate this, do (with docker and package hashin installed):
|
||||
# ```
|
||||
# letsencrypt-auto-source/rebuild_dependencies.py \
|
||||
# letsencrypt-auto-source/pieces/dependency-requirements.txt
|
||||
# ```
|
||||
# If you want to update a single dependency, run commands similar to these:
|
||||
# ```
|
||||
# pip install hashin
|
||||
# hashin -r dependency-requirements.txt cryptography==1.5.2
|
||||
# ```
|
||||
ConfigArgParse==1.2.3 \
|
||||
--hash=sha256:edd17be986d5c1ba2e307150b8e5f5107aba125f3574dddd02c85d5cdcfd37dc
|
||||
certifi==2020.4.5.1 \
|
||||
--hash=sha256:1d987a998c75633c40847cc966fcf5904906c920a7f17ef374f5aa4282abd304 \
|
||||
--hash=sha256:51fcb31174be6e6664c5f69e3e1691a2d72a1a12e90f872cbdb1567eb47b6519
|
||||
cffi==1.14.0 \
|
||||
--hash=sha256:001bf3242a1bb04d985d63e138230802c6c8d4db3668fb545fb5005ddf5bb5ff \
|
||||
--hash=sha256:00789914be39dffba161cfc5be31b55775de5ba2235fe49aa28c148236c4e06b \
|
||||
--hash=sha256:028a579fc9aed3af38f4892bdcc7390508adabc30c6af4a6e4f611b0c680e6ac \
|
||||
--hash=sha256:14491a910663bf9f13ddf2bc8f60562d6bc5315c1f09c704937ef17293fb85b0 \
|
||||
--hash=sha256:1cae98a7054b5c9391eb3249b86e0e99ab1e02bb0cc0575da191aedadbdf4384 \
|
||||
--hash=sha256:2089ed025da3919d2e75a4d963d008330c96751127dd6f73c8dc0c65041b4c26 \
|
||||
--hash=sha256:2d384f4a127a15ba701207f7639d94106693b6cd64173d6c8988e2c25f3ac2b6 \
|
||||
--hash=sha256:337d448e5a725bba2d8293c48d9353fc68d0e9e4088d62a9571def317797522b \
|
||||
--hash=sha256:399aed636c7d3749bbed55bc907c3288cb43c65c4389964ad5ff849b6370603e \
|
||||
--hash=sha256:3b911c2dbd4f423b4c4fcca138cadde747abdb20d196c4a48708b8a2d32b16dd \
|
||||
--hash=sha256:3d311bcc4a41408cf5854f06ef2c5cab88f9fded37a3b95936c9879c1640d4c2 \
|
||||
--hash=sha256:62ae9af2d069ea2698bf536dcfe1e4eed9090211dbaafeeedf5cb6c41b352f66 \
|
||||
--hash=sha256:66e41db66b47d0d8672d8ed2708ba91b2f2524ece3dee48b5dfb36be8c2f21dc \
|
||||
--hash=sha256:675686925a9fb403edba0114db74e741d8181683dcf216be697d208857e04ca8 \
|
||||
--hash=sha256:7e63cbcf2429a8dbfe48dcc2322d5f2220b77b2e17b7ba023d6166d84655da55 \
|
||||
--hash=sha256:8a6c688fefb4e1cd56feb6c511984a6c4f7ec7d2a1ff31a10254f3c817054ae4 \
|
||||
--hash=sha256:8c0ffc886aea5df6a1762d0019e9cb05f825d0eec1f520c51be9d198701daee5 \
|
||||
--hash=sha256:95cd16d3dee553f882540c1ffe331d085c9e629499ceadfbda4d4fde635f4b7d \
|
||||
--hash=sha256:99f748a7e71ff382613b4e1acc0ac83bf7ad167fb3802e35e90d9763daba4d78 \
|
||||
--hash=sha256:b8c78301cefcf5fd914aad35d3c04c2b21ce8629b5e4f4e45ae6812e461910fa \
|
||||
--hash=sha256:c420917b188a5582a56d8b93bdd8e0f6eca08c84ff623a4c16e809152cd35793 \
|
||||
--hash=sha256:c43866529f2f06fe0edc6246eb4faa34f03fe88b64a0a9a942561c8e22f4b71f \
|
||||
--hash=sha256:cab50b8c2250b46fe738c77dbd25ce017d5e6fb35d3407606e7a4180656a5a6a \
|
||||
--hash=sha256:cef128cb4d5e0b3493f058f10ce32365972c554572ff821e175dbc6f8ff6924f \
|
||||
--hash=sha256:cf16e3cf6c0a5fdd9bc10c21687e19d29ad1fe863372b5543deaec1039581a30 \
|
||||
--hash=sha256:e56c744aa6ff427a607763346e4170629caf7e48ead6921745986db3692f987f \
|
||||
--hash=sha256:e577934fc5f8779c554639376beeaa5657d54349096ef24abe8c74c5d9c117c3 \
|
||||
--hash=sha256:f2b0fa0c01d8a0c7483afd9f31d7ecf2d71760ca24499c8697aeb5ca37dc090c
|
||||
chardet==3.0.4 \
|
||||
--hash=sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae \
|
||||
--hash=sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691
|
||||
configobj==5.0.6 \
|
||||
--hash=sha256:a2f5650770e1c87fb335af19a9b7eb73fc05ccf22144eb68db7d00cd2bcb0902
|
||||
cryptography==2.8 \
|
||||
--hash=sha256:02079a6addc7b5140ba0825f542c0869ff4df9a69c360e339ecead5baefa843c \
|
||||
--hash=sha256:1df22371fbf2004c6f64e927668734070a8953362cd8370ddd336774d6743595 \
|
||||
--hash=sha256:369d2346db5934345787451504853ad9d342d7f721ae82d098083e1f49a582ad \
|
||||
--hash=sha256:3cda1f0ed8747339bbdf71b9f38ca74c7b592f24f65cdb3ab3765e4b02871651 \
|
||||
--hash=sha256:44ff04138935882fef7c686878e1c8fd80a723161ad6a98da31e14b7553170c2 \
|
||||
--hash=sha256:4b1030728872c59687badcca1e225a9103440e467c17d6d1730ab3d2d64bfeff \
|
||||
--hash=sha256:58363dbd966afb4f89b3b11dfb8ff200058fbc3b947507675c19ceb46104b48d \
|
||||
--hash=sha256:6ec280fb24d27e3d97aa731e16207d58bd8ae94ef6eab97249a2afe4ba643d42 \
|
||||
--hash=sha256:7270a6c29199adc1297776937a05b59720e8a782531f1f122f2eb8467f9aab4d \
|
||||
--hash=sha256:73fd30c57fa2d0a1d7a49c561c40c2f79c7d6c374cc7750e9ac7c99176f6428e \
|
||||
--hash=sha256:7f09806ed4fbea8f51585231ba742b58cbcfbfe823ea197d8c89a5e433c7e912 \
|
||||
--hash=sha256:90df0cc93e1f8d2fba8365fb59a858f51a11a394d64dbf3ef844f783844cc793 \
|
||||
--hash=sha256:971221ed40f058f5662a604bd1ae6e4521d84e6cad0b7b170564cc34169c8f13 \
|
||||
--hash=sha256:a518c153a2b5ed6b8cc03f7ae79d5ffad7315ad4569b2d5333a13c38d64bd8d7 \
|
||||
--hash=sha256:b0de590a8b0979649ebeef8bb9f54394d3a41f66c5584fff4220901739b6b2f0 \
|
||||
--hash=sha256:b43f53f29816ba1db8525f006fa6f49292e9b029554b3eb56a189a70f2a40879 \
|
||||
--hash=sha256:d31402aad60ed889c7e57934a03477b572a03af7794fa8fb1780f21ea8f6551f \
|
||||
--hash=sha256:de96157ec73458a7f14e3d26f17f8128c959084931e8997b9e655a39c8fde9f9 \
|
||||
--hash=sha256:df6b4dca2e11865e6cfbfb708e800efb18370f5a46fd601d3755bc7f85b3a8a2 \
|
||||
--hash=sha256:ecadccc7ba52193963c0475ac9f6fa28ac01e01349a2ca48509667ef41ffd2cf \
|
||||
--hash=sha256:fb81c17e0ebe3358486cd8cc3ad78adbae58af12fc2bf2bc0bb84e8090fa5ce8
|
||||
distro==1.5.0 \
|
||||
--hash=sha256:0e58756ae38fbd8fc3020d54badb8eae17c5b9dcbed388b17bb55b8a5928df92 \
|
||||
--hash=sha256:df74eed763e18d10d0da624258524ae80486432cd17392d9c3d96f5e83cd2799
|
||||
enum34==1.1.10; python_version < '3.4' \
|
||||
--hash=sha256:a98a201d6de3f2ab3db284e70a33b0f896fbf35f8086594e8c9e74b909058d53 \
|
||||
--hash=sha256:c3858660960c984d6ab0ebad691265180da2b43f07e061c0f8dca9ef3cffd328 \
|
||||
--hash=sha256:cce6a7477ed816bd2542d03d53db9f0db935dd013b70f336a95c73979289f248
|
||||
funcsigs==1.0.2 \
|
||||
--hash=sha256:330cc27ccbf7f1e992e69fef78261dc7c6569012cf397db8d3de0234e6c937ca \
|
||||
--hash=sha256:a7bb0f2cf3a3fd1ab2732cb49eba4252c2af4240442415b4abce3b87022a8f50
|
||||
idna==2.9 \
|
||||
--hash=sha256:7588d1c14ae4c77d74036e8c22ff447b26d0fde8f007354fd48a7814db15b7cb \
|
||||
--hash=sha256:a068a21ceac8a4d63dbfd964670474107f541babbd2250d61922f029858365fa
|
||||
ipaddress==1.0.23 \
|
||||
--hash=sha256:6e0f4a39e66cb5bb9a137b00276a2eff74f93b71dcbdad6f10ff7df9d3557fcc \
|
||||
--hash=sha256:b7f8e0369580bb4a24d5ba1d7cc29660a4a6987763faf1d8a8046830e020e7e2
|
||||
josepy==1.3.0 \
|
||||
--hash=sha256:c341ffa403399b18e9eae9012f804843045764d1390f9cb4648980a7569b1619 \
|
||||
--hash=sha256:e54882c64be12a2a76533f73d33cba9e331950fda9e2731e843490b774e7a01c
|
||||
mock==1.3.0 \
|
||||
--hash=sha256:1e247dbecc6ce057299eb7ee019ad68314bb93152e81d9a6110d35f4d5eca0f6 \
|
||||
--hash=sha256:3f573a18be94de886d1191f27c168427ef693e8dcfcecf95b170577b2eb69cbb
|
||||
parsedatetime==2.5 \
|
||||
--hash=sha256:3b835fc54e472c17ef447be37458b400e3fefdf14bb1ffdedb5d2c853acf4ba1 \
|
||||
--hash=sha256:d2e9ddb1e463de871d32088a3f3cea3dc8282b1b2800e081bd0ef86900451667
|
||||
pbr==5.4.5 \
|
||||
--hash=sha256:07f558fece33b05caf857474a366dfcc00562bca13dd8b47b2b3e22d9f9bf55c \
|
||||
--hash=sha256:579170e23f8e0c2f24b0de612f71f648eccb79fb1322c814ae6b3c07b5ba23e8
|
||||
pyOpenSSL==19.1.0 \
|
||||
--hash=sha256:621880965a720b8ece2f1b2f54ea2071966ab00e2970ad2ce11d596102063504 \
|
||||
--hash=sha256:9a24494b2602aaf402be5c9e30a0b82d4a5c67528fe8fb475e3f3bc00dd69507
|
||||
pyRFC3339==1.1 \
|
||||
--hash=sha256:67196cb83b470709c580bb4738b83165e67c6cc60e1f2e4f286cfcb402a926f4 \
|
||||
--hash=sha256:81b8cbe1519cdb79bed04910dd6fa4e181faf8c88dff1e1b987b5f7ab23a5b1a
|
||||
pycparser==2.20 \
|
||||
--hash=sha256:2d475327684562c3a96cc71adf7dc8c4f0565175cf86b6d7a404ff4c771f15f0 \
|
||||
--hash=sha256:7582ad22678f0fcd81102833f60ef8d0e57288b6b5fb00323d101be910e35705
|
||||
pyparsing==2.4.7 \
|
||||
--hash=sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1 \
|
||||
--hash=sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b
|
||||
python-augeas==0.5.0 \
|
||||
--hash=sha256:67d59d66cdba8d624e0389b87b2a83a176f21f16a87553b50f5703b23f29bac2
|
||||
pytz==2020.1 \
|
||||
--hash=sha256:a494d53b6d39c3c6e44c3bec237336e14305e4f29bbf800b599253057fbb79ed \
|
||||
--hash=sha256:c35965d010ce31b23eeb663ed3cc8c906275d6be1a34393a1d73a41febf4a048
|
||||
requests==2.23.0 \
|
||||
--hash=sha256:43999036bfa82904b6af1d99e4882b560e5e2c68e5c4b0aa03b655f3d7d73fee \
|
||||
--hash=sha256:b3f43d496c6daba4493e7c431722aeb7dbc6288f52a6e04e7b6023b0247817e6
|
||||
requests-toolbelt==0.9.1 \
|
||||
--hash=sha256:380606e1d10dc85c3bd47bf5a6095f815ec007be7a8b69c878507068df059e6f \
|
||||
--hash=sha256:968089d4584ad4ad7c171454f0a5c6dac23971e9472521ea3b6d49d610aa6fc0
|
||||
six==1.15.0 \
|
||||
--hash=sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259 \
|
||||
--hash=sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced
|
||||
urllib3==1.25.9 \
|
||||
--hash=sha256:3018294ebefce6572a474f0604c2021e33b3fd8006ecd11d62107a5d2a963527 \
|
||||
--hash=sha256:88206b0eb87e6d677d424843ac5209e3fb9d0190d0ee169599165ec25e9d9115
|
||||
zope.component==4.6.1 \
|
||||
--hash=sha256:bfbe55d4a93e70a78b10edc3aad4de31bb8860919b7cbd8d66f717f7d7b279ac \
|
||||
--hash=sha256:d9c7c27673d787faff8a83797ce34d6ebcae26a370e25bddb465ac2182766aca
|
||||
zope.deferredimport==4.3.1 \
|
||||
--hash=sha256:57b2345e7b5eef47efcd4f634ff16c93e4265de3dcf325afc7315ade48d909e1 \
|
||||
--hash=sha256:9a0c211df44aa95f1c4e6d2626f90b400f56989180d3ef96032d708da3d23e0a
|
||||
zope.deprecation==4.4.0 \
|
||||
--hash=sha256:0d453338f04bacf91bbfba545d8bcdf529aa829e67b705eac8c1a7fdce66e2df \
|
||||
--hash=sha256:f1480b74995958b24ce37b0ef04d3663d2683e5d6debc96726eff18acf4ea113
|
||||
zope.event==4.4 \
|
||||
--hash=sha256:69c27debad9bdacd9ce9b735dad382142281ac770c4a432b533d6d65c4614bcf \
|
||||
--hash=sha256:d8e97d165fd5a0997b45f5303ae11ea3338becfe68c401dd88ffd2113fe5cae7
|
||||
zope.hookable==5.0.1 \
|
||||
--hash=sha256:0194b9b9e7f614abba60c90b231908861036578297515d3d6508eb10190f266d \
|
||||
--hash=sha256:0c2977473918bdefc6fa8dfb311f154e7f13c6133957fe649704deca79b92093 \
|
||||
--hash=sha256:17b8bdb3b77e03a152ca0d5ca185a7ae0156f5e5a2dbddf538676633a1f7380f \
|
||||
--hash=sha256:29d07681a78042cdd15b268ae9decffed9ace68a53eebeb61d65ae931d158841 \
|
||||
--hash=sha256:36fb1b35d1150267cb0543a1ddd950c0bc2c75ed0e6e92e3aaa6ac2e29416cb7 \
|
||||
--hash=sha256:3aed60c2bb5e812bbf9295c70f25b17ac37c233f30447a96c67913ba5073642f \
|
||||
--hash=sha256:3cac1565cc768911e72ca9ec4ddf5c5109e1fef0104f19f06649cf1874943b60 \
|
||||
--hash=sha256:3d4bc0cc4a37c3cd3081063142eeb2125511db3c13f6dc932d899c512690378e \
|
||||
--hash=sha256:3f73096f27b8c28be53ffb6604f7b570fbbb82f273c6febe5f58119009b59898 \
|
||||
--hash=sha256:522d1153d93f2d48aa0bd9fb778d8d4500be2e4dcf86c3150768f0e3adbbc4ef \
|
||||
--hash=sha256:523d2928fb7377bbdbc9af9c0b14ad73e6eaf226349f105733bdae27efd15b5a \
|
||||
--hash=sha256:5848309d4fc5c02150a45e8f8d2227e5bfda386a508bbd3160fed7c633c5a2fa \
|
||||
--hash=sha256:6781f86e6d54a110980a76e761eb54590630fd2af2a17d7edf02a079d2646c1d \
|
||||
--hash=sha256:6fd27921ebf3aaa945fa25d790f1f2046204f24dba4946f82f5f0a442577c3e9 \
|
||||
--hash=sha256:70d581862863f6bf9e175e85c9d70c2d7155f53fb04dcdb2f73cf288ca559a53 \
|
||||
--hash=sha256:81867c23b0dc66c8366f351d00923f2bc5902820a24c2534dfd7bf01a5879963 \
|
||||
--hash=sha256:81db29edadcbb740cd2716c95a297893a546ed89db1bfe9110168732d7f0afdd \
|
||||
--hash=sha256:86bd12624068cea60860a0759af5e2c3adc89c12aef6f71cf12f577e28deefe3 \
|
||||
--hash=sha256:9c184d8f9f7a76e1ced99855ccf390ffdd0ec3765e5cbf7b9cada600accc0a1e \
|
||||
--hash=sha256:acc789e8c29c13555e43fe4bf9fcd15a65512c9645e97bbaa5602e3201252b02 \
|
||||
--hash=sha256:afaa740206b7660d4cc3b8f120426c85761f51379af7a5b05451f624ad12b0af \
|
||||
--hash=sha256:b5f5fa323f878bb16eae68ea1ba7f6c0419d4695d0248bed4b18f51d7ce5ab85 \
|
||||
--hash=sha256:bd89e0e2c67bf4ac3aca2a19702b1a37269fb1923827f68324ac2e7afd6e3406 \
|
||||
--hash=sha256:c212de743283ec0735db24ec6ad913758df3af1b7217550ff270038062afd6ae \
|
||||
--hash=sha256:ca553f524293a0bdea05e7f44c3e685e4b7b022cb37d87bc4a3efa0f86587a8d \
|
||||
--hash=sha256:cab67065a3db92f636128d3157cc5424a145f82d96fb47159c539132833a6d36 \
|
||||
--hash=sha256:d3b3b3eedfdbf6b02898216e85aa6baf50207f4378a2a6803d6d47650cd37031 \
|
||||
--hash=sha256:d9f4a5a72f40256b686d31c5c0b1fde503172307beb12c1568296e76118e402c \
|
||||
--hash=sha256:df5067d87aaa111ed5d050e1ee853ba284969497f91806efd42425f5348f1c06 \
|
||||
--hash=sha256:e2587644812c6138f05b8a41594a8337c6790e3baf9a01915e52438c13fc6bef \
|
||||
--hash=sha256:e27fd877662db94f897f3fd532ef211ca4901eb1a70ba456f15c0866a985464a \
|
||||
--hash=sha256:e427ebbdd223c72e06ba94c004bb04e996c84dec8a0fa84e837556ae145c439e \
|
||||
--hash=sha256:e583ad4309c203ef75a09d43434cf9c2b4fa247997ecb0dcad769982c39411c7 \
|
||||
--hash=sha256:e760b2bc8ece9200804f0c2b64d10147ecaf18455a2a90827fbec4c9d84f3ad5 \
|
||||
--hash=sha256:ea9a9cc8bcc70e18023f30fa2f53d11ae069572a162791224e60cd65df55fb69 \
|
||||
--hash=sha256:ecb3f17dce4803c1099bd21742cd126b59817a4e76a6544d31d2cca6e30dbffd \
|
||||
--hash=sha256:ed794e3b3de42486d30444fb60b5561e724ee8a2d1b17b0c2e0f81e3ddaf7a87 \
|
||||
--hash=sha256:ee885d347279e38226d0a437b6a932f207f691c502ee565aba27a7022f1285df \
|
||||
--hash=sha256:fd5e7bc5f24f7e3d490698f7b854659a9851da2187414617cd5ed360af7efd63 \
|
||||
--hash=sha256:fe45f6870f7588ac7b2763ff1ce98cce59369717afe70cc353ec5218bc854bcc
|
||||
zope.interface==5.1.0 \
|
||||
--hash=sha256:0103cba5ed09f27d2e3de7e48bb320338592e2fabc5ce1432cf33808eb2dfd8b \
|
||||
--hash=sha256:14415d6979356629f1c386c8c4249b4d0082f2ea7f75871ebad2e29584bd16c5 \
|
||||
--hash=sha256:1ae4693ccee94c6e0c88a4568fb3b34af8871c60f5ba30cf9f94977ed0e53ddd \
|
||||
--hash=sha256:1b87ed2dc05cb835138f6a6e3595593fea3564d712cb2eb2de963a41fd35758c \
|
||||
--hash=sha256:269b27f60bcf45438e8683269f8ecd1235fa13e5411de93dae3b9ee4fe7f7bc7 \
|
||||
--hash=sha256:27d287e61639d692563d9dab76bafe071fbeb26818dd6a32a0022f3f7ca884b5 \
|
||||
--hash=sha256:39106649c3082972106f930766ae23d1464a73b7d30b3698c986f74bf1256a34 \
|
||||
--hash=sha256:40e4c42bd27ed3c11b2c983fecfb03356fae1209de10686d03c02c8696a1d90e \
|
||||
--hash=sha256:461d4339b3b8f3335d7e2c90ce335eb275488c587b61aca4b305196dde2ff086 \
|
||||
--hash=sha256:4f98f70328bc788c86a6a1a8a14b0ea979f81ae6015dd6c72978f1feff70ecda \
|
||||
--hash=sha256:558a20a0845d1a5dc6ff87cd0f63d7dac982d7c3be05d2ffb6322a87c17fa286 \
|
||||
--hash=sha256:562dccd37acec149458c1791da459f130c6cf8902c94c93b8d47c6337b9fb826 \
|
||||
--hash=sha256:5e86c66a6dea8ab6152e83b0facc856dc4d435fe0f872f01d66ce0a2131b7f1d \
|
||||
--hash=sha256:60a207efcd8c11d6bbeb7862e33418fba4e4ad79846d88d160d7231fcb42a5ee \
|
||||
--hash=sha256:645a7092b77fdbc3f68d3cc98f9d3e71510e419f54019d6e282328c0dd140dcd \
|
||||
--hash=sha256:6874367586c020705a44eecdad5d6b587c64b892e34305bb6ed87c9bbe22a5e9 \
|
||||
--hash=sha256:74bf0a4f9091131de09286f9a605db449840e313753949fe07c8d0fe7659ad1e \
|
||||
--hash=sha256:7b726194f938791a6691c7592c8b9e805fc6d1b9632a833b9c0640828cd49cbc \
|
||||
--hash=sha256:8149ded7f90154fdc1a40e0c8975df58041a6f693b8f7edcd9348484e9dc17fe \
|
||||
--hash=sha256:8cccf7057c7d19064a9e27660f5aec4e5c4001ffcf653a47531bde19b5aa2a8a \
|
||||
--hash=sha256:911714b08b63d155f9c948da2b5534b223a1a4fc50bb67139ab68b277c938578 \
|
||||
--hash=sha256:a5f8f85986197d1dd6444763c4a15c991bfed86d835a1f6f7d476f7198d5f56a \
|
||||
--hash=sha256:a744132d0abaa854d1aad50ba9bc64e79c6f835b3e92521db4235a1991176813 \
|
||||
--hash=sha256:af2c14efc0bb0e91af63d00080ccc067866fb8cbbaca2b0438ab4105f5e0f08d \
|
||||
--hash=sha256:b054eb0a8aa712c8e9030065a59b5e6a5cf0746ecdb5f087cca5ec7685690c19 \
|
||||
--hash=sha256:b0becb75418f8a130e9d465e718316cd17c7a8acce6fe8fe07adc72762bee425 \
|
||||
--hash=sha256:b1d2ed1cbda2ae107283befd9284e650d840f8f7568cb9060b5466d25dc48975 \
|
||||
--hash=sha256:ba4261c8ad00b49d48bbb3b5af388bb7576edfc0ca50a49c11dcb77caa1d897e \
|
||||
--hash=sha256:d1fe9d7d09bb07228650903d6a9dc48ea649e3b8c69b1d263419cc722b3938e8 \
|
||||
--hash=sha256:d7804f6a71fc2dda888ef2de266727ec2f3915373d5a785ed4ddc603bbc91e08 \
|
||||
--hash=sha256:da2844fba024dd58eaa712561da47dcd1e7ad544a257482392472eae1c86d5e5 \
|
||||
--hash=sha256:dcefc97d1daf8d55199420e9162ab584ed0893a109f45e438b9794ced44c9fd0 \
|
||||
--hash=sha256:dd98c436a1fc56f48c70882cc243df89ad036210d871c7427dc164b31500dc11 \
|
||||
--hash=sha256:e74671e43ed4569fbd7989e5eecc7d06dc134b571872ab1d5a88f4a123814e9f \
|
||||
--hash=sha256:eb9b92f456ff3ec746cd4935b73c1117538d6124b8617bc0fe6fda0b3816e345 \
|
||||
--hash=sha256:ebb4e637a1fb861c34e48a00d03cffa9234f42bef923aec44e5625ffb9a8e8f9 \
|
||||
--hash=sha256:ef739fe89e7f43fb6494a43b1878a36273e5924869ba1d866f752c5812ae8d58 \
|
||||
--hash=sha256:f40db0e02a8157d2b90857c24d89b6310f9b6c3642369852cdc3b5ac49b92afc \
|
||||
--hash=sha256:f68bf937f113b88c866d090fea0bc52a098695173fc613b055a17ff0cf9683b6 \
|
||||
--hash=sha256:fb55c182a3f7b84c1a2d6de5fa7b1a05d4660d866b91dbf8d74549c57a1499e8
|
||||
zope.proxy==4.3.5 \
|
||||
--hash=sha256:00573dfa755d0703ab84bb23cb6ecf97bb683c34b340d4df76651f97b0bab068 \
|
||||
--hash=sha256:092049280f2848d2ba1b57b71fe04881762a220a97b65288bcb0968bb199ec30 \
|
||||
--hash=sha256:0cbd27b4d3718b5ec74fc65ffa53c78d34c65c6fd9411b8352d2a4f855220cf1 \
|
||||
--hash=sha256:17fc7e16d0c81f833a138818a30f366696653d521febc8e892858041c4d88785 \
|
||||
--hash=sha256:19577dfeb70e8a67249ba92c8ad20589a1a2d86a8d693647fa8385408a4c17b0 \
|
||||
--hash=sha256:207aa914576b1181597a1516e1b90599dc690c095343ae281b0772e44945e6a4 \
|
||||
--hash=sha256:219a7db5ed53e523eb4a4769f13105118b6d5b04ed169a283c9775af221e231f \
|
||||
--hash=sha256:2b50ea79849e46b5f4f2b0247a3687505d32d161eeb16a75f6f7e6cd81936e43 \
|
||||
--hash=sha256:5903d38362b6c716e66bbe470f190579c530a5baf03dbc8500e5c2357aa569a5 \
|
||||
--hash=sha256:5c24903675e271bd688c6e9e7df5775ac6b168feb87dbe0e4bcc90805f21b28f \
|
||||
--hash=sha256:5ef6bc5ed98139e084f4e91100f2b098a0cd3493d4e76f9d6b3f7b95d7ad0f06 \
|
||||
--hash=sha256:61b55ae3c23a126a788b33ffb18f37d6668e79a05e756588d9e4d4be7246ab1c \
|
||||
--hash=sha256:63ddb992931a5e616c87d3d89f5a58db086e617548005c7f9059fac68c03a5cc \
|
||||
--hash=sha256:6943da9c09870490dcfd50c4909c0cc19f434fa6948f61282dc9cb07bcf08160 \
|
||||
--hash=sha256:6ad40f85c1207803d581d5d75e9ea25327cd524925699a83dfc03bf8e4ba72b7 \
|
||||
--hash=sha256:6b44433a79bdd7af0e3337bd7bbcf53dd1f9b0fa66bf21bcb756060ce32a96c1 \
|
||||
--hash=sha256:6bbaa245015d933a4172395baad7874373f162955d73612f0b66b6c2c33b6366 \
|
||||
--hash=sha256:7007227f4ea85b40a2f5e5a244479f6a6dfcf906db9b55e812a814a8f0e2c28d \
|
||||
--hash=sha256:74884a0aec1f1609190ec8b34b5d58fb3b5353cf22b96161e13e0e835f13518f \
|
||||
--hash=sha256:7d25fe5571ddb16369054f54cdd883f23de9941476d97f2b92eb6d7d83afe22d \
|
||||
--hash=sha256:7e162bdc5e3baad26b2262240be7d2bab36991d85a6a556e48b9dfb402370261 \
|
||||
--hash=sha256:814d62678dc3a30f4aa081982d830b7c342cf230ffc9d030b020cb154eeebf9e \
|
||||
--hash=sha256:8878a34c5313ee52e20aa50b03138af8d472bae465710fb954d133a9bfd3c38d \
|
||||
--hash=sha256:a66a0d94e5b081d5d695e66d6667e91e74d79e273eee95c1747717ba9cb70792 \
|
||||
--hash=sha256:a69f5cbf4addcfdf03dda564a671040127a6b7c34cf9fe4973582e68441b63fa \
|
||||
--hash=sha256:b00f9f0c334d07709d3f73a7cb8ae63c6ca1a90c790a63b5e7effa666ef96021 \
|
||||
--hash=sha256:b6ed71e4a7b4690447b626f499d978aa13197a0e592950e5d7020308f6054698 \
|
||||
--hash=sha256:bdf5041e5851526e885af579d2f455348dba68d74f14a32781933569a327fddf \
|
||||
--hash=sha256:be034360dd34e62608419f86e799c97d389c10a0e677a25f236a971b2f40dac9 \
|
||||
--hash=sha256:cc8f590a5eed30b314ae6b0232d925519ade433f663de79cc3783e4b10d662ba \
|
||||
--hash=sha256:cd7a318a15fe6cc4584bf3c4426f092ed08c0fd012cf2a9173114234fe193e11 \
|
||||
--hash=sha256:cf19b5f63a59c20306e034e691402b02055c8f4e38bf6792c23cad489162a642 \
|
||||
--hash=sha256:cfc781ce442ec407c841e9aa51d0e1024f72b6ec34caa8fdb6ef9576d549acf2 \
|
||||
--hash=sha256:dea9f6f8633571e18bc20cad83603072e697103a567f4b0738d52dd0211b4527 \
|
||||
--hash=sha256:e4a86a1d5eb2cce83c5972b3930c7c1eac81ab3508464345e2b8e54f119d5505 \
|
||||
--hash=sha256:e7106374d4a74ed9ff00c46cc00f0a9f06a0775f8868e423f85d4464d2333679 \
|
||||
--hash=sha256:e98a8a585b5668aa9e34d10f7785abf9545fe72663b4bfc16c99a115185ae6a5 \
|
||||
--hash=sha256:f64840e68483316eb58d82c376ad3585ca995e69e33b230436de0cdddf7363f9 \
|
||||
--hash=sha256:f8f4b0a9e6683e43889852130595c8854d8ae237f2324a053cdd884de936aa9b \
|
||||
--hash=sha256:fc45a53219ed30a7f670a6d8c98527af0020e6fd4ee4c0a8fb59f147f06d816c
|
||||
|
||||
# Contains the requirements for the letsencrypt package.
|
||||
#
|
||||
# Since the letsencrypt package depends on certbot and using pip with hashes
|
||||
# requires that all installed packages have hashes listed, this allows
|
||||
# dependency-requirements.txt to be used without requiring a hash for a
|
||||
# (potentially unreleased) Certbot package.
|
||||
|
||||
letsencrypt==0.7.0 \
|
||||
--hash=sha256:105a5fb107e45bcd0722eb89696986dcf5f08a86a321d6aef25a0c7c63375ade \
|
||||
--hash=sha256:c36e532c486a7e92155ee09da54b436a3c420813ec1c590b98f635d924720de9
|
||||
|
||||
certbot==1.14.0 \
|
||||
--hash=sha256:67b4d26ceaea6c7f8325d0d45169e7a165a2cabc7122c84bc971ba068ca19cca \
|
||||
--hash=sha256:959ea90c6bb8dca38eab9772722cb940972ef6afcd5f15deef08b3c3636841eb
|
||||
acme==1.14.0 \
|
||||
--hash=sha256:4f48c41261202f1a389ec2986b2580b58f53e0d5a1ae2463b34318d78b87fc66 \
|
||||
--hash=sha256:61daccfb0343628cbbca551a7fc4c82482113952c21db3fe0c585b7c98fa1c35
|
||||
certbot-apache==1.14.0 \
|
||||
--hash=sha256:b757038db23db707c44630fecb46e99172bd791f0db5a8e623c0842613c4d3d9 \
|
||||
--hash=sha256:887fe4a21af2de1e5c2c9428bacba6eb7c1219257bc70f1a1d8447c8a321adb0
|
||||
certbot-nginx==1.14.0 \
|
||||
--hash=sha256:8916a815437988d6c192df9f035bb7a176eab20eee0956677b335d0698d243fb \
|
||||
--hash=sha256:cc2a8a0de56d9bb6b2efbda6c80c647dad8db2bb90675cac03ade94bd5fc8597
|
||||
|
||||
UNLIKELY_EOF
|
||||
# -------------------------------------------------------------------------
|
||||
cat << "UNLIKELY_EOF" > "$TEMP_DIR/pipstrap.py"
|
||||
#!/usr/bin/env python
|
||||
"""A small script that can act as a trust root for installing pip >=8
|
||||
Embed this in your project, and your VCS checkout is all you have to trust. In
|
||||
a post-peep era, this lets you claw your way to a hash-checking version of pip,
|
||||
with which you can install the rest of your dependencies safely. All it assumes
|
||||
is Python 2.6 or better and *some* version of pip already installed. If
|
||||
anything goes wrong, it will exit with a non-zero status code.
|
||||
"""
|
||||
# This is here so embedded copies are MIT-compliant:
|
||||
# Copyright (c) 2016 Erik Rose
|
||||
#
|
||||
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
# of this software and associated documentation files (the "Software"), to
|
||||
# deal in the Software without restriction, including without limitation the
|
||||
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
|
||||
# sell copies of the Software, and to permit persons to whom the Software is
|
||||
# furnished to do so, subject to the following conditions:
|
||||
#
|
||||
# The above copyright notice and this permission notice shall be included in
|
||||
# all copies or substantial portions of the Software.
|
||||
from __future__ import print_function
|
||||
from distutils.version import StrictVersion
|
||||
from hashlib import sha256
|
||||
from os import environ
|
||||
from os.path import join
|
||||
from shutil import rmtree
|
||||
try:
|
||||
from subprocess import check_output
|
||||
except ImportError:
|
||||
from subprocess import CalledProcessError, PIPE, Popen
|
||||
|
||||
def check_output(*popenargs, **kwargs):
|
||||
if 'stdout' in kwargs:
|
||||
raise ValueError('stdout argument not allowed, it will be '
|
||||
'overridden.')
|
||||
process = Popen(stdout=PIPE, *popenargs, **kwargs)
|
||||
output, unused_err = process.communicate()
|
||||
retcode = process.poll()
|
||||
if retcode:
|
||||
cmd = kwargs.get("args")
|
||||
if cmd is None:
|
||||
cmd = popenargs[0]
|
||||
raise CalledProcessError(retcode, cmd)
|
||||
return output
|
||||
import sys
|
||||
from tempfile import mkdtemp
|
||||
try:
|
||||
from urllib2 import build_opener, HTTPHandler, HTTPSHandler
|
||||
except ImportError:
|
||||
from urllib.request import build_opener, HTTPHandler, HTTPSHandler
|
||||
try:
|
||||
from urlparse import urlparse
|
||||
except ImportError:
|
||||
from urllib.parse import urlparse # 3.4
|
||||
|
||||
|
||||
__version__ = 1, 5, 1
|
||||
PIP_VERSION = '9.0.1'
|
||||
DEFAULT_INDEX_BASE = 'https://pypi.python.org'
|
||||
|
||||
|
||||
# wheel has a conditional dependency on argparse:
|
||||
maybe_argparse = (
|
||||
[('18/dd/e617cfc3f6210ae183374cd9f6a26b20514bbb5a792af97949c5aacddf0f/'
|
||||
'argparse-1.4.0.tar.gz',
|
||||
'62b089a55be1d8949cd2bc7e0df0bddb9e028faefc8c32038cc84862aefdd6e4')]
|
||||
if sys.version_info < (2, 7, 0) else [])
|
||||
|
||||
|
||||
# Be careful when updating the pinned versions here, in particular for pip.
|
||||
# Indeed starting from 10.0, pip will build dependencies in isolation if the
|
||||
# related projects are compliant with PEP 517. This is not something we want
|
||||
# as of now, so the isolation build will need to be disabled wherever
|
||||
# pipstrap is used (see https://github.com/certbot/certbot/issues/8256).
|
||||
PACKAGES = maybe_argparse + [
|
||||
# Pip has no dependencies, as it vendors everything:
|
||||
('11/b6/abcb525026a4be042b486df43905d6893fb04f05aac21c32c638e939e447/'
|
||||
'pip-{0}.tar.gz'.format(PIP_VERSION),
|
||||
'09f243e1a7b461f654c26a725fa373211bb7ff17a9300058b205c61658ca940d'),
|
||||
# This version of setuptools has only optional dependencies:
|
||||
('37/1b/b25507861991beeade31473868463dad0e58b1978c209de27384ae541b0b/'
|
||||
'setuptools-40.6.3.zip',
|
||||
'3b474dad69c49f0d2d86696b68105f3a6f195f7ab655af12ef9a9c326d2b08f8'),
|
||||
('c9/1d/bd19e691fd4cfe908c76c429fe6e4436c9e83583c4414b54f6c85471954a/'
|
||||
'wheel-0.29.0.tar.gz',
|
||||
'1ebb8ad7e26b448e9caa4773d2357849bf80ff9e313964bcaf79cbf0201a1648')
|
||||
]
|
||||
|
||||
|
||||
class HashError(Exception):
|
||||
def __str__(self):
|
||||
url, path, actual, expected = self.args
|
||||
return ('{url} did not match the expected hash {expected}. Instead, '
|
||||
'it was {actual}. The file (left at {path}) may have been '
|
||||
'tampered with.'.format(**locals()))
|
||||
|
||||
|
||||
def hashed_download(url, temp, digest):
|
||||
"""Download ``url`` to ``temp``, make sure it has the SHA-256 ``digest``,
|
||||
and return its path."""
|
||||
# Based on pip 1.4.1's URLOpener but with cert verification removed. Python
|
||||
# >=2.7.9 verifies HTTPS certs itself, and, in any case, the cert
|
||||
# authenticity has only privacy (not arbitrary code execution)
|
||||
# implications, since we're checking hashes.
|
||||
def opener(using_https=True):
|
||||
opener = build_opener(HTTPSHandler())
|
||||
if using_https:
|
||||
# Strip out HTTPHandler to prevent MITM spoof:
|
||||
for handler in opener.handlers:
|
||||
if isinstance(handler, HTTPHandler):
|
||||
opener.handlers.remove(handler)
|
||||
return opener
|
||||
|
||||
def read_chunks(response, chunk_size):
|
||||
while True:
|
||||
chunk = response.read(chunk_size)
|
||||
if not chunk:
|
||||
break
|
||||
yield chunk
|
||||
|
||||
parsed_url = urlparse(url)
|
||||
response = opener(using_https=parsed_url.scheme == 'https').open(url)
|
||||
path = join(temp, parsed_url.path.split('/')[-1])
|
||||
actual_hash = sha256()
|
||||
with open(path, 'wb') as file:
|
||||
for chunk in read_chunks(response, 4096):
|
||||
file.write(chunk)
|
||||
actual_hash.update(chunk)
|
||||
|
||||
actual_digest = actual_hash.hexdigest()
|
||||
if actual_digest != digest:
|
||||
raise HashError(url, path, actual_digest, digest)
|
||||
return path
|
||||
|
||||
|
||||
def get_index_base():
|
||||
"""Return the URL to the dir containing the "packages" folder.
|
||||
Try to wring something out of PIP_INDEX_URL, if set. Hack "/simple" off the
|
||||
end if it's there; that is likely to give us the right dir.
|
||||
"""
|
||||
env_var = environ.get('PIP_INDEX_URL', '').rstrip('/')
|
||||
if env_var:
|
||||
SIMPLE = '/simple'
|
||||
if env_var.endswith(SIMPLE):
|
||||
return env_var[:-len(SIMPLE)]
|
||||
else:
|
||||
return env_var
|
||||
else:
|
||||
return DEFAULT_INDEX_BASE
|
||||
|
||||
|
||||
def main():
|
||||
python = sys.executable or 'python'
|
||||
pip_version = StrictVersion(check_output([python, '-m', 'pip', '--version'])
|
||||
.decode('utf-8').split()[1])
|
||||
has_pip_cache = pip_version >= StrictVersion('6.0')
|
||||
index_base = get_index_base()
|
||||
temp = mkdtemp(prefix='pipstrap-')
|
||||
try:
|
||||
downloads = [hashed_download(index_base + '/packages/' + path,
|
||||
temp,
|
||||
digest)
|
||||
for path, digest in PACKAGES]
|
||||
# Calling pip as a module is the preferred way to avoid problems about pip self-upgrade.
|
||||
command = [python, '-m', 'pip', 'install', '--no-index', '--no-deps', '-U']
|
||||
# Disable cache since it is not used and it otherwise sometimes throws permission warnings:
|
||||
command.extend(['--no-cache-dir'] if has_pip_cache else [])
|
||||
command.extend(downloads)
|
||||
check_output(command)
|
||||
except HashError as exc:
|
||||
print(exc)
|
||||
except Exception:
|
||||
rmtree(temp)
|
||||
raise
|
||||
else:
|
||||
rmtree(temp)
|
||||
return 0
|
||||
return 1
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
sys.exit(main())
|
||||
|
||||
UNLIKELY_EOF
|
||||
# -------------------------------------------------------------------------
|
||||
# Set PATH so pipstrap upgrades the right (v)env:
|
||||
PATH="$VENV_BIN:$PATH" "$VENV_BIN/python" "$TEMP_DIR/pipstrap.py"
|
||||
set +e
|
||||
if [ "$VERBOSE" = 1 ]; then
|
||||
"$VENV_BIN/pip" install --disable-pip-version-check --no-cache-dir --require-hashes -r "$TEMP_DIR/letsencrypt-auto-requirements.txt"
|
||||
else
|
||||
PIP_OUT=`"$VENV_BIN/pip" install --disable-pip-version-check --no-cache-dir --require-hashes -r "$TEMP_DIR/letsencrypt-auto-requirements.txt" 2>&1`
|
||||
fi
|
||||
PIP_STATUS=$?
|
||||
set -e
|
||||
if [ "$PIP_STATUS" != 0 ]; then
|
||||
# Report error. (Otherwise, be quiet.)
|
||||
error "Had a problem while installing Python packages."
|
||||
if [ "$VERBOSE" != 1 ]; then
|
||||
error
|
||||
error "pip prints the following errors: "
|
||||
error "====================================================="
|
||||
error "$PIP_OUT"
|
||||
error "====================================================="
|
||||
error
|
||||
error "Certbot has problem setting up the virtual environment."
|
||||
|
||||
if `echo $PIP_OUT | grep -q Killed` || `echo $PIP_OUT | grep -q "allocate memory"` ; then
|
||||
error
|
||||
error "Based on your pip output, the problem can likely be fixed by "
|
||||
error "increasing the available memory."
|
||||
else
|
||||
error
|
||||
error "We were not be able to guess the right solution from your pip "
|
||||
error "output."
|
||||
fi
|
||||
|
||||
error
|
||||
error "Consult https://certbot.eff.org/docs/install.html#problems-with-python-virtual-environment"
|
||||
error "for possible solutions."
|
||||
error "You may also find some support resources at https://certbot.eff.org/support/ ."
|
||||
fi
|
||||
rm -rf "$VENV_PATH"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -d "$OLD_VENV_PATH" -a ! -L "$OLD_VENV_PATH" ]; then
|
||||
rm -rf "$OLD_VENV_PATH"
|
||||
ln -s "$VENV_PATH" "$OLD_VENV_PATH"
|
||||
fi
|
||||
|
||||
say "Installation succeeded."
|
||||
fi
|
||||
|
||||
# If you're modifying any of the code after this point in this current `if` block, you
|
||||
# may need to update the "$DEPRECATED_OS" = 1 case at the beginning of phase 2 as well.
|
||||
|
||||
if [ "$INSTALL_ONLY" = 1 ]; then
|
||||
say "Certbot is installed."
|
||||
exit 0
|
||||
fi
|
||||
|
||||
"$VENV_BIN/letsencrypt" "$@"
|
||||
|
||||
else
|
||||
# Phase 1: Upgrade certbot-auto if necessary, then self-invoke.
|
||||
#
|
||||
# Each phase checks the version of only the thing it is responsible for
|
||||
# upgrading. Phase 1 checks the version of the latest release of
|
||||
# certbot-auto (which is always the same as that of the certbot
|
||||
# package). Phase 2 checks the version of the locally installed certbot.
|
||||
export PHASE_1_VERSION="$LE_AUTO_VERSION"
|
||||
|
||||
if [ ! -f "$VENV_BIN/letsencrypt" ]; then
|
||||
if ! OldVenvExists; then
|
||||
if [ "$HELP" = 1 ]; then
|
||||
echo "$USAGE"
|
||||
exit 0
|
||||
fi
|
||||
# If it looks like we've never bootstrapped before, bootstrap:
|
||||
Bootstrap
|
||||
fi
|
||||
fi
|
||||
if [ "$OS_PACKAGES_ONLY" = 1 ]; then
|
||||
say "OS packages installed."
|
||||
exit 0
|
||||
fi
|
||||
|
||||
DeterminePythonVersion "NOCRASH"
|
||||
# Don't warn about file permissions if the user disabled the check or we
|
||||
# can't find an up-to-date Python.
|
||||
if [ "$PYVER" -ge "$MIN_PYVER" -a "$NO_PERMISSIONS_CHECK" != 1 ]; then
|
||||
# If the script fails for some reason, don't break certbot-auto.
|
||||
set +e
|
||||
# Suppress unexpected error output.
|
||||
CHECK_PERM_OUT=$(CheckPathPermissions "$LE_PYTHON" "$0" 2>/dev/null)
|
||||
CHECK_PERM_STATUS="$?"
|
||||
set -e
|
||||
# Only print output if the script ran successfully and it actually produced
|
||||
# output. The latter check resolves
|
||||
# https://github.com/certbot/certbot/issues/7012.
|
||||
if [ "$CHECK_PERM_STATUS" = 0 -a -n "$CHECK_PERM_OUT" ]; then
|
||||
error "$CHECK_PERM_OUT"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "$NO_SELF_UPGRADE" != 1 ]; then
|
||||
TEMP_DIR=$(TempDir)
|
||||
trap 'rm -rf "$TEMP_DIR"' EXIT
|
||||
# ---------------------------------------------------------------------------
|
||||
cat << "UNLIKELY_EOF" > "$TEMP_DIR/fetch.py"
|
||||
"""Do downloading and JSON parsing without additional dependencies. ::
|
||||
|
||||
# Print latest released version of LE to stdout:
|
||||
python fetch.py --latest-version
|
||||
|
||||
# Download letsencrypt-auto script from git tag v1.2.3 into the folder I'm
|
||||
# in, and make sure its signature verifies:
|
||||
python fetch.py --le-auto-script v1.2.3
|
||||
|
||||
On failure, return non-zero.
|
||||
|
||||
"""
|
||||
|
||||
from __future__ import print_function, unicode_literals
|
||||
|
||||
from distutils.version import LooseVersion
|
||||
from json import loads
|
||||
from os import devnull, environ
|
||||
from os.path import dirname, join
|
||||
import re
|
||||
import ssl
|
||||
from subprocess import check_call, CalledProcessError
|
||||
from sys import argv, exit
|
||||
try:
|
||||
from urllib2 import build_opener, HTTPHandler, HTTPSHandler
|
||||
from urllib2 import HTTPError, URLError
|
||||
except ImportError:
|
||||
from urllib.request import build_opener, HTTPHandler, HTTPSHandler
|
||||
from urllib.error import HTTPError, URLError
|
||||
|
||||
PUBLIC_KEY = environ.get('LE_AUTO_PUBLIC_KEY', """-----BEGIN PUBLIC KEY-----
|
||||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6MR8W/galdxnpGqBsYbq
|
||||
OzQb2eyW15YFjDDEMI0ZOzt8f504obNs920lDnpPD2/KqgsfjOgw2K7xWDJIj/18
|
||||
xUvWPk3LDkrnokNiRkA3KOx3W6fHycKL+zID7zy+xZYBuh2fLyQtWV1VGQ45iNRp
|
||||
9+Zo7rH86cdfgkdnWTlNSHyTLW9NbXvyv/E12bppPcEvgCTAQXgnDVJ0/sqmeiij
|
||||
n9tTFh03aM+R2V/21h8aTraAS24qiPCz6gkmYGC8yr6mglcnNoYbsLNYZ69zF1XH
|
||||
cXPduCPdPdfLlzVlKK1/U7hkA28eG3BIAMh6uJYBRJTpiGgaGdPd7YekUB8S6cy+
|
||||
CQIDAQAB
|
||||
-----END PUBLIC KEY-----
|
||||
""")
|
||||
|
||||
class ExpectedError(Exception):
|
||||
"""A novice-readable exception that also carries the original exception for
|
||||
debugging"""
|
||||
|
||||
|
||||
class HttpsGetter(object):
|
||||
def __init__(self):
|
||||
"""Build an HTTPS opener."""
|
||||
# Based on pip 1.4.1's URLOpener
|
||||
# This verifies certs on only Python >=2.7.9, and when NO_CERT_VERIFY isn't set.
|
||||
if environ.get('NO_CERT_VERIFY') == '1' and hasattr(ssl, 'SSLContext'):
|
||||
self._opener = build_opener(HTTPSHandler(context=cert_none_context()))
|
||||
else:
|
||||
self._opener = build_opener(HTTPSHandler())
|
||||
# Strip out HTTPHandler to prevent MITM spoof:
|
||||
for handler in self._opener.handlers:
|
||||
if isinstance(handler, HTTPHandler):
|
||||
self._opener.handlers.remove(handler)
|
||||
|
||||
def get(self, url):
|
||||
"""Return the document contents pointed to by an HTTPS URL.
|
||||
|
||||
If something goes wrong (404, timeout, etc.), raise ExpectedError.
|
||||
|
||||
"""
|
||||
try:
|
||||
# socket module docs say default timeout is None: that is, no
|
||||
# timeout
|
||||
return self._opener.open(url, timeout=30).read()
|
||||
except (HTTPError, IOError) as exc:
|
||||
raise ExpectedError("Couldn't download %s." % url, exc)
|
||||
|
||||
|
||||
def write(contents, dir, filename):
|
||||
"""Write something to a file in a certain directory."""
|
||||
with open(join(dir, filename), 'wb') as file:
|
||||
file.write(contents)
|
||||
|
||||
|
||||
def latest_stable_version(get):
|
||||
"""Return the latest stable release of letsencrypt."""
|
||||
metadata = loads(get(
|
||||
environ.get('LE_AUTO_JSON_URL',
|
||||
'https://pypi.python.org/pypi/certbot/json')).decode('UTF-8'))
|
||||
# metadata['info']['version'] actually returns the latest of any kind of
|
||||
# release release, contrary to https://wiki.python.org/moin/PyPIJSON.
|
||||
# The regex is a sufficient regex for picking out prereleases for most
|
||||
# packages, LE included.
|
||||
return str(max(LooseVersion(r) for r
|
||||
in metadata['releases'].keys()
|
||||
if re.match('^[0-9.]+$', r)))
|
||||
|
||||
|
||||
def verified_new_le_auto(get, tag, temp_dir):
|
||||
"""Return the path to a verified, up-to-date letsencrypt-auto script.
|
||||
|
||||
If the download's signature does not verify or something else goes wrong
|
||||
with the verification process, raise ExpectedError.
|
||||
|
||||
"""
|
||||
le_auto_dir = environ.get(
|
||||
'LE_AUTO_DIR_TEMPLATE',
|
||||
'https://raw.githubusercontent.com/certbot/certbot/%s/'
|
||||
'letsencrypt-auto-source/') % tag
|
||||
write(get(le_auto_dir + 'letsencrypt-auto'), temp_dir, 'letsencrypt-auto')
|
||||
write(get(le_auto_dir + 'letsencrypt-auto.sig'), temp_dir, 'letsencrypt-auto.sig')
|
||||
write(PUBLIC_KEY.encode('UTF-8'), temp_dir, 'public_key.pem')
|
||||
try:
|
||||
with open(devnull, 'w') as dev_null:
|
||||
check_call(['openssl', 'dgst', '-sha256', '-verify',
|
||||
join(temp_dir, 'public_key.pem'),
|
||||
'-signature',
|
||||
join(temp_dir, 'letsencrypt-auto.sig'),
|
||||
join(temp_dir, 'letsencrypt-auto')],
|
||||
stdout=dev_null,
|
||||
stderr=dev_null)
|
||||
except CalledProcessError as exc:
|
||||
raise ExpectedError("Couldn't verify signature of downloaded "
|
||||
"certbot-auto.", exc)
|
||||
|
||||
|
||||
def cert_none_context():
|
||||
"""Create a SSLContext object to not check hostname."""
|
||||
# PROTOCOL_TLS isn't available before 2.7.13 but this code is for 2.7.9+, so use this.
|
||||
context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
|
||||
context.verify_mode = ssl.CERT_NONE
|
||||
return context
|
||||
|
||||
|
||||
def main():
|
||||
get = HttpsGetter().get
|
||||
flag = argv[1]
|
||||
try:
|
||||
if flag == '--latest-version':
|
||||
print(latest_stable_version(get))
|
||||
elif flag == '--le-auto-script':
|
||||
tag = argv[2]
|
||||
verified_new_le_auto(get, tag, dirname(argv[0]))
|
||||
except ExpectedError as exc:
|
||||
print(exc.args[0], exc.args[1])
|
||||
return 1
|
||||
else:
|
||||
return 0
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
exit(main())
|
||||
|
||||
UNLIKELY_EOF
|
||||
# ---------------------------------------------------------------------------
|
||||
if [ "$PYVER" -lt "$MIN_PYVER" ]; then
|
||||
error "WARNING: couldn't find Python $MIN_PYTHON_VERSION+ to check for updates."
|
||||
elif ! REMOTE_VERSION=`"$LE_PYTHON" "$TEMP_DIR/fetch.py" --latest-version` ; then
|
||||
error "WARNING: unable to check for updates."
|
||||
fi
|
||||
|
||||
# If for any reason REMOTE_VERSION is not set, let's assume certbot-auto is up-to-date,
|
||||
# and do not go into the self-upgrading process.
|
||||
if [ -n "$REMOTE_VERSION" ]; then
|
||||
LE_VERSION_STATE=`CompareVersions "$LE_PYTHON" "$LE_AUTO_VERSION" "$REMOTE_VERSION"`
|
||||
|
||||
if [ "$LE_VERSION_STATE" = "UNOFFICIAL" ]; then
|
||||
say "Unofficial certbot-auto version detected, self-upgrade is disabled: $LE_AUTO_VERSION"
|
||||
elif [ "$LE_VERSION_STATE" = "OUTDATED" ]; then
|
||||
say "Upgrading certbot-auto $LE_AUTO_VERSION to $REMOTE_VERSION..."
|
||||
|
||||
# Now we drop into Python so we don't have to install even more
|
||||
# dependencies (curl, etc.), for better flow control, and for the option of
|
||||
# future Windows compatibility.
|
||||
"$LE_PYTHON" "$TEMP_DIR/fetch.py" --le-auto-script "v$REMOTE_VERSION"
|
||||
|
||||
# Install new copy of certbot-auto.
|
||||
# TODO: Deal with quotes in pathnames.
|
||||
say "Replacing certbot-auto..."
|
||||
# Clone permissions with cp. chmod and chown don't have a --reference
|
||||
# option on macOS or BSD, and stat -c on Linux is stat -f on macOS and BSD:
|
||||
cp -p "$0" "$TEMP_DIR/letsencrypt-auto.permission-clone"
|
||||
cp "$TEMP_DIR/letsencrypt-auto" "$TEMP_DIR/letsencrypt-auto.permission-clone"
|
||||
# Using mv rather than cp leaves the old file descriptor pointing to the
|
||||
# original copy so the shell can continue to read it unmolested. mv across
|
||||
# filesystems is non-atomic, doing `rm dest, cp src dest, rm src`, but the
|
||||
# cp is unlikely to fail if the rm doesn't.
|
||||
mv -f "$TEMP_DIR/letsencrypt-auto.permission-clone" "$0"
|
||||
fi # A newer version is available.
|
||||
fi
|
||||
fi # Self-upgrading is allowed.
|
||||
|
||||
RerunWithArgs --le-auto-phase2 "$@"
|
||||
fi
|
||||
23
certbot/handlers/main.yml
Normal file
23
certbot/handlers/main.yml
Normal file
|
|
@ -0,0 +1,23 @@
|
|||
---
|
||||
|
||||
- name: reload nginx
|
||||
service:
|
||||
name: nginx
|
||||
state: reloaded
|
||||
|
||||
- name: reload apache
|
||||
service:
|
||||
name: apache2
|
||||
state: reloaded
|
||||
|
||||
- name: reload haproxy
|
||||
service:
|
||||
name: haproxy
|
||||
state: reloaded
|
||||
|
||||
- name: systemd daemon-reload
|
||||
systemd:
|
||||
daemon_reload: yes
|
||||
|
||||
- name: install letsencrypt-auto
|
||||
command: /usr/local/bin/letsencrypt-auto --noninteractive --install-only --no-self-upgrade
|
||||
51
certbot/tasks/acme-challenge.yml
Normal file
51
certbot/tasks/acme-challenge.yml
Normal file
|
|
@ -0,0 +1,51 @@
|
|||
---
|
||||
|
||||
- name: Certbot work directory is present
|
||||
file:
|
||||
dest: "{{ certbot_work_dir }}"
|
||||
state: directory
|
||||
mode: "0755"
|
||||
|
||||
- name: Check if Nginx is installed
|
||||
stat:
|
||||
path: /etc/nginx
|
||||
register: is_nginx
|
||||
|
||||
- name: ACME challenge for Nginx is installed
|
||||
template:
|
||||
src: acme-challenge/nginx.conf.j2
|
||||
dest: /etc/nginx/snippets/letsencrypt.conf
|
||||
force: yes
|
||||
notify: reload nginx
|
||||
when: is_nginx.stat.exists
|
||||
|
||||
- name: Check if Apache is installed
|
||||
stat:
|
||||
path: /usr/sbin/apachectl
|
||||
register: is_apache
|
||||
|
||||
- name: ACME challenge for Apache
|
||||
block:
|
||||
- name: ACME challenge for Apache is installed
|
||||
template:
|
||||
src: acme-challenge/apache.conf.j2
|
||||
dest: /etc/apache2/conf-available/letsencrypt.conf
|
||||
force: yes
|
||||
notify: reload apache
|
||||
|
||||
- name: ACME challenge for Apache is enabled
|
||||
command: "a2enconf letsencrypt"
|
||||
register: command_result
|
||||
changed_when: "'Enabling' in command_result.stderr"
|
||||
notify: reload apache
|
||||
when: is_apache.stat.exists
|
||||
|
||||
- name: Check if HAProxy is installed
|
||||
stat:
|
||||
path: /etc/haproxy
|
||||
register: is_haproxy
|
||||
|
||||
- name: ACME challenge for HAProxy is installed
|
||||
debug:
|
||||
msg: "ACME challenge configuration for HAProxy must be configured manually"
|
||||
when: is_haproxy.stat.exists
|
||||
60
certbot/tasks/install-legacy.yml
Normal file
60
certbot/tasks/install-legacy.yml
Normal file
|
|
@ -0,0 +1,60 @@
|
|||
---
|
||||
|
||||
- name: certbot package is removed
|
||||
apt:
|
||||
name: certbot
|
||||
state: absent
|
||||
|
||||
- include_role:
|
||||
name: evolix/remount-usr
|
||||
|
||||
# copied and customized from https://raw.githubusercontent.com/certbot/certbot/v1.14.0/letsencrypt-auto
|
||||
- name: Let's Encrypt script is present
|
||||
copy:
|
||||
src: letsencrypt-auto
|
||||
dest: /usr/local/bin/letsencrypt-auto
|
||||
mode: '0755'
|
||||
owner: root
|
||||
group: root
|
||||
force: yes
|
||||
notify: install letsencrypt-auto
|
||||
|
||||
- name: Check certbot script
|
||||
stat:
|
||||
path: /usr/local/bin/certbot
|
||||
register: certbot_path
|
||||
|
||||
- name: Rename certbot script if present
|
||||
command: "mv /usr/local/bin/certbot /usr/local/bin/certbot.bak"
|
||||
when: certbot_path.stat.exists
|
||||
|
||||
- name: Let's Encrypt script is symlinked as certbot
|
||||
file:
|
||||
src: "/usr/local/bin/letsencrypt-auto"
|
||||
dest: "/usr/local/bin/certbot"
|
||||
state: link
|
||||
|
||||
- name: systemd artefacts are absent
|
||||
file:
|
||||
dest: "{{ item }}"
|
||||
state: absent
|
||||
loop:
|
||||
- /etc/systemd/system/certbot.service
|
||||
- /etc/systemd/system/certbot.service.d
|
||||
- /etc/systemd/system/certbot.timer
|
||||
notify: systemd daemon-reload
|
||||
|
||||
- name: custom crontab is present
|
||||
copy:
|
||||
src: cron_jessie
|
||||
dest: /etc/cron.d/certbot
|
||||
force: yes
|
||||
when: certbot_custom_crontab | bool
|
||||
|
||||
- name: disable self-upgrade
|
||||
ini_file:
|
||||
dest: "/etc/letsencrypt/cli.ini"
|
||||
section: null
|
||||
option: "no-self-upgrade"
|
||||
value: "no"
|
||||
state: present
|
||||
6
certbot/tasks/install-package.yml
Normal file
6
certbot/tasks/install-package.yml
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
|
||||
- name: certbot package is installed
|
||||
apt:
|
||||
name: certbot
|
||||
state: latest
|
||||
61
certbot/tasks/main.yml
Normal file
61
certbot/tasks/main.yml
Normal file
|
|
@ -0,0 +1,61 @@
|
|||
---
|
||||
|
||||
- name: "System compatibility checks"
|
||||
assert:
|
||||
that:
|
||||
- ansible_distribution == "Debian"
|
||||
- ansible_distribution_major_version is version('8', '>=')
|
||||
msg: only compatible with Debian 9+
|
||||
|
||||
- name: Install legacy script on Debian 8
|
||||
include: install-legacy.yml
|
||||
when:
|
||||
- ansible_distribution == "Debian"
|
||||
- ansible_distribution_major_version is version('9', '<')
|
||||
|
||||
- name: Install package on Debian 9+
|
||||
include: install-package.yml
|
||||
when:
|
||||
- ansible_distribution == "Debian"
|
||||
- ansible_distribution_major_version is version('9', '>=')
|
||||
|
||||
- include: acme-challenge.yml
|
||||
|
||||
- name: Deploy hooks are present
|
||||
copy:
|
||||
src: hooks/deploy/
|
||||
dest: /etc/letsencrypt/renewal-hooks/deploy/
|
||||
mode: "0700"
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
- name: Manual deploy hook is present
|
||||
copy:
|
||||
src: hooks/manual-deploy.sh
|
||||
dest: /etc/letsencrypt/renewal-hooks/manual-deploy.sh
|
||||
mode: "0700"
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
- name: "sync_remote is configured with servers"
|
||||
lineinfile:
|
||||
dest: /etc/letsencrypt/renewal-hooks/deploy/sync_remote.cf
|
||||
regexp: "^servers="
|
||||
line: "servers=\"{{ certbot_hooks_sync_remote_servers | join(' ') }}\""
|
||||
create: yes
|
||||
|
||||
# begining of backward compatibility tasks
|
||||
- name: Move deploy/commit-etc.sh to deploy/z-commit-etc.sh if present
|
||||
command: "mv /etc/letsencrypt/renewal-hooks/deploy/commit-etc.sh /etc/letsencrypt/renewal-hooks/deploy/z-commit-etc.sh"
|
||||
args:
|
||||
removes: /etc/letsencrypt/renewal-hooks/deploy/commit-etc.sh
|
||||
creates: /etc/letsencrypt/renewal-hooks/deploy/z-commit-etc.sh
|
||||
# end of backward compatibility tasks
|
||||
|
||||
- name: "certbot lock is ignored by Git"
|
||||
lineinfile:
|
||||
dest: /etc/.gitignore
|
||||
line: letsencrypt/.certbot.lock
|
||||
create: yes
|
||||
owner: root
|
||||
mode: "0600"
|
||||
11
certbot/templates/acme-challenge/apache.conf.j2
Normal file
11
certbot/templates/acme-challenge/apache.conf.j2
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
<IfModule jk_module>
|
||||
SetEnvIf Request_URI "/.well-known/acme-challenge/*" no-jk
|
||||
</IfModule>
|
||||
<IfModule proxy_module>
|
||||
ProxyPass /.well-known/acme-challenge/ !
|
||||
</IfModule>
|
||||
Alias /.well-known/acme-challenge /var/lib/letsencrypt/.well-known/acme-challenge
|
||||
<Directory "/var/lib/letsencrypt/.well-known/acme-challenge">
|
||||
Options -Indexes
|
||||
Require all granted
|
||||
</Directory>
|
||||
10
certbot/templates/acme-challenge/nginx.conf.j2
Normal file
10
certbot/templates/acme-challenge/nginx.conf.j2
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
location ~ /.well-known/acme-challenge {
|
||||
{% if ansible_distribution == "Debian" and ansible_distribution_major_version is version('8', '<=') %}
|
||||
alias {{ certbot_work_dir }}/.well-known/acme-challenge;
|
||||
{% else %}
|
||||
alias {{ certbot_work_dir }}/;
|
||||
{% endif %}
|
||||
try_files $uri =404;
|
||||
auth_basic off;
|
||||
allow all;
|
||||
}
|
||||
|
|
@ -1,3 +1,3 @@
|
|||
---
|
||||
dependencies:
|
||||
- { role: amavis }
|
||||
- { role: evolix/amavis }
|
||||
|
|
|
|||
|
|
@ -5,49 +5,49 @@
|
|||
question: "{{ item.key }}"
|
||||
value: "{{ item.value }}"
|
||||
vtype: "{{ item.type }}"
|
||||
with_items:
|
||||
- { key: 'clamav-daemon/debconf', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-daemon/MaxHTMLNormalize', type: 'string', value: '10M' }
|
||||
- { key: 'clamav-daemon/StatsPEDisabled', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-daemon/FollowDirectorySymlinks', type: 'boolean', value: 'false' }
|
||||
- { key: 'clamav-daemon/StreamMaxLength', type: 'string', value: '25' }
|
||||
- { key: 'clamav-daemon/ReadTimeout', type: 'string', value: '180' }
|
||||
- { key: 'clamav-daemon/StatsEnabled', type: 'boolean', value: 'false' }
|
||||
- { key: 'clamav-daemon/MaxConnectionQueueLength', type: 'string', value: '15' }
|
||||
- { key: 'clamav-daemon/LogRotate', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-daemon/AllowAllMatchScan', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-daemon/ScanOnAccess', type: 'boolean', value: 'false' }
|
||||
- { key: 'clamav-daemon/LogFile', type: 'string', value: '/var/log/clamav/clamav.log' }
|
||||
- { key: 'clamav-daemon/ScanMail', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-daemon/BytecodeTimeout', type: 'string', value: '60000' }
|
||||
- { key: 'clamav-daemon/LogTime', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-daemon/OnAccessMaxFileSize', type: 'string', value: '5M' }
|
||||
- { key: 'clamav-daemon/TcpOrLocal', type: 'select', value: 'UNIX' }
|
||||
- { key: 'clamav-daemon/MaxEmbeddedPE', type: 'string', value: '10M' }
|
||||
- { key: 'clamav-daemon/FixStaleSocket', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-daemon/User', type: 'string', value: 'clamav' }
|
||||
- { key: 'clamav-daemon/BytecodeSecurity', type: 'select', value: 'TrustSigned' }
|
||||
- { key: 'clamav-daemon/ScanSWF', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-daemon/MaxDirectoryRecursion', type: 'string', value: '0' }
|
||||
- { key: 'clamav-daemon/MaxThreads', type: 'string', value: '12' }
|
||||
- { key: 'clamav-daemon/LocalSocketGroup', type: 'string', value: 'clamav' }
|
||||
- { key: 'clamav-daemon/MaxScriptNormalize', type: 'string', value: '5M' }
|
||||
- { key: 'clamav-daemon/ForceToDisk', type: 'boolean', value: 'false' }
|
||||
- { key: 'clamav-daemon/StatsHostID', type: 'string', value: 'auto' }
|
||||
- { key: 'clamav-daemon/FollowFileSymlinks', type: 'boolean', value: 'false' }
|
||||
- { key: 'clamav-daemon/TCPSocket', type: 'string', value: '3310' }
|
||||
- { key: 'clamav-daemon/TCPAddr', type: 'string', value: 'any' }
|
||||
- { key: 'clamav-daemon/DisableCertCheck', type: 'boolean', value: 'false' }
|
||||
- { key: 'clamav-daemon/SelfCheck', type: 'string', value: '3600' }
|
||||
- { key: 'clamav-daemon/LocalSocket', type: 'string', value: '/var/run/clamav/clamd.ctl' }
|
||||
- { key: 'clamav-daemon/LocalSocketMode', type: 'string', value: '666' }
|
||||
- { key: 'clamav-daemon/StatsTimeout', type: 'string', value: '10' }
|
||||
- { key: 'clamav-daemon/MaxZipTypeRcg', type: 'string', value: '1M' }
|
||||
- { key: 'clamav-daemon/MaxHTMLNoTags', type: 'string', value: '2M' }
|
||||
- { key: 'clamav-daemon/LogSyslog', type: 'boolean', value: 'false' }
|
||||
- { key: 'clamav-daemon/AddGroups', type: 'string', value: '' }
|
||||
- { key: 'clamav-daemon/Bytecode', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-daemon/ScanArchive', type: 'boolean', value: 'true' }
|
||||
loop:
|
||||
- { key: 'clamav-daemon/debconf', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-daemon/MaxHTMLNormalize', type: 'string', value: '10M' }
|
||||
- { key: 'clamav-daemon/StatsPEDisabled', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-daemon/FollowDirectorySymlinks', type: 'boolean', value: 'false' }
|
||||
- { key: 'clamav-daemon/StreamMaxLength', type: 'string', value: '25' }
|
||||
- { key: 'clamav-daemon/ReadTimeout', type: 'string', value: '180' }
|
||||
- { key: 'clamav-daemon/StatsEnabled', type: 'boolean', value: 'false' }
|
||||
- { key: 'clamav-daemon/MaxConnectionQueueLength', type: 'string', value: '15' }
|
||||
- { key: 'clamav-daemon/LogRotate', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-daemon/AllowAllMatchScan', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-daemon/ScanOnAccess', type: 'boolean', value: 'false' }
|
||||
- { key: 'clamav-daemon/LogFile', type: 'string', value: '/var/log/clamav/clamav.log' }
|
||||
- { key: 'clamav-daemon/ScanMail', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-daemon/BytecodeTimeout', type: 'string', value: '60000' }
|
||||
- { key: 'clamav-daemon/LogTime', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-daemon/OnAccessMaxFileSize', type: 'string', value: '5M' }
|
||||
- { key: 'clamav-daemon/TcpOrLocal', type: 'select', value: 'UNIX' }
|
||||
- { key: 'clamav-daemon/MaxEmbeddedPE', type: 'string', value: '10M' }
|
||||
- { key: 'clamav-daemon/FixStaleSocket', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-daemon/User', type: 'string', value: 'clamav' }
|
||||
- { key: 'clamav-daemon/BytecodeSecurity', type: 'select', value: 'TrustSigned' }
|
||||
- { key: 'clamav-daemon/ScanSWF', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-daemon/MaxDirectoryRecursion', type: 'string', value: '0' }
|
||||
- { key: 'clamav-daemon/MaxThreads', type: 'string', value: '12' }
|
||||
- { key: 'clamav-daemon/LocalSocketGroup', type: 'string', value: 'clamav' }
|
||||
- { key: 'clamav-daemon/MaxScriptNormalize', type: 'string', value: '5M' }
|
||||
- { key: 'clamav-daemon/ForceToDisk', type: 'boolean', value: 'false' }
|
||||
- { key: 'clamav-daemon/StatsHostID', type: 'string', value: 'auto' }
|
||||
- { key: 'clamav-daemon/FollowFileSymlinks', type: 'boolean', value: 'false' }
|
||||
- { key: 'clamav-daemon/TCPSocket', type: 'string', value: '3310' }
|
||||
- { key: 'clamav-daemon/TCPAddr', type: 'string', value: 'any' }
|
||||
- { key: 'clamav-daemon/DisableCertCheck', type: 'boolean', value: 'false' }
|
||||
- { key: 'clamav-daemon/SelfCheck', type: 'string', value: '3600' }
|
||||
- { key: 'clamav-daemon/LocalSocket', type: 'string', value: '/var/run/clamav/clamd.ctl' }
|
||||
- { key: 'clamav-daemon/LocalSocketMode', type: 'string', value: '666' }
|
||||
- { key: 'clamav-daemon/StatsTimeout', type: 'string', value: '10' }
|
||||
- { key: 'clamav-daemon/MaxZipTypeRcg', type: 'string', value: '1M' }
|
||||
- { key: 'clamav-daemon/MaxHTMLNoTags', type: 'string', value: '2M' }
|
||||
- { key: 'clamav-daemon/LogSyslog', type: 'boolean', value: 'false' }
|
||||
- { key: 'clamav-daemon/AddGroups', type: 'string', value: '' }
|
||||
- { key: 'clamav-daemon/Bytecode', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-daemon/ScanArchive', type: 'boolean', value: 'true' }
|
||||
tags:
|
||||
- clamav
|
||||
|
||||
|
|
@ -57,39 +57,37 @@
|
|||
question: "{{ item.key }}"
|
||||
value: "{{ item.value }}"
|
||||
vtype: "{{ item.type }}"
|
||||
with_items:
|
||||
- { key: 'clamav-freshclam/autoupdate_freshclam', type: 'select', value: 'daemon' }
|
||||
- { key: 'clamav-freshclam/proxy_user', type: 'string', value: '' }
|
||||
- { key: 'clamav-freshclam/NotifyClamd', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-freshclam/local_mirror', type: 'select', value: 'db.fr.clamav.net' }
|
||||
- { key: 'clamav-freshclam/http_proxy', type: 'string', value: '' }
|
||||
- { key: 'clamav-freshclam/LogRotate', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-freshclam/Bytecode', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-freshclam/update_interval', type: 'string', value: '24' }
|
||||
- { key: 'clamav-freshclam/SafeBrowsing', type: 'boolean', value: 'false' }
|
||||
- { key: 'clamav-freshclam/PrivateMirror', type: 'string', value: '' }
|
||||
- { key: 'clamav-freshclam/internet_interface', type: 'string', value: '' }
|
||||
loop:
|
||||
- { key: 'clamav-freshclam/autoupdate_freshclam', type: 'select', value: 'daemon' }
|
||||
- { key: 'clamav-freshclam/proxy_user', type: 'string', value: '' }
|
||||
- { key: 'clamav-freshclam/NotifyClamd', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-freshclam/local_mirror', type: 'select', value: 'db.fr.clamav.net' }
|
||||
- { key: 'clamav-freshclam/http_proxy', type: 'string', value: '' }
|
||||
- { key: 'clamav-freshclam/LogRotate', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-freshclam/Bytecode', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-freshclam/update_interval', type: 'string', value: '24' }
|
||||
- { key: 'clamav-freshclam/SafeBrowsing', type: 'boolean', value: 'false' }
|
||||
- { key: 'clamav-freshclam/PrivateMirror', type: 'string', value: '' }
|
||||
- { key: 'clamav-freshclam/internet_interface', type: 'string', value: '' }
|
||||
tags:
|
||||
- clamav
|
||||
|
||||
- name: install ClamAV
|
||||
apt:
|
||||
name: "{{ item }}"
|
||||
name:
|
||||
- clamav-daemon
|
||||
- clamav
|
||||
- clamdscan
|
||||
- clamav-freshclam
|
||||
- arc
|
||||
- arj
|
||||
- pax
|
||||
- bzip2
|
||||
- cabextract
|
||||
- rpm
|
||||
- lzop
|
||||
- razor
|
||||
state: present
|
||||
with_items:
|
||||
- clamav-daemon
|
||||
- clamav
|
||||
- clamdscan
|
||||
- clamav-freshclam
|
||||
- arc
|
||||
- arj
|
||||
- zoo
|
||||
- pax
|
||||
- bzip2
|
||||
- cabextract
|
||||
- rpm
|
||||
- lzop
|
||||
- razor
|
||||
tags:
|
||||
- clamav
|
||||
|
||||
|
|
|
|||
|
|
@ -1,17 +1,23 @@
|
|||
galaxy_info:
|
||||
author: Evolix
|
||||
company: Evolix
|
||||
description: Installation and basic configuration of isc-dhcp-server.
|
||||
|
||||
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
|
||||
|
||||
license: GPLv2
|
||||
|
||||
min_ansible_version: 2.2
|
||||
min_ansible_version: "2.2"
|
||||
|
||||
platforms:
|
||||
- name: Debian
|
||||
versions:
|
||||
- jessie
|
||||
- name: Debian
|
||||
versions:
|
||||
- jessie
|
||||
- stretch
|
||||
- buster
|
||||
|
||||
galaxy_tags: []
|
||||
# Be sure to remove the '[]' above if you add dependencies
|
||||
# to this list.
|
||||
|
||||
dependencies: []
|
||||
# List your role dependencies here, one per line.
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
- include_role:
|
||||
name: apt
|
||||
name: evolix/apt
|
||||
tasks_from: backports.yml
|
||||
tags:
|
||||
- packages
|
||||
|
|
@ -18,6 +18,6 @@
|
|||
- name: update apt
|
||||
apt:
|
||||
update_cache: yes
|
||||
when: docker_apt_preferences | changed
|
||||
when: docker_apt_preferences is changed
|
||||
tags:
|
||||
- packages
|
||||
|
|
|
|||
|
|
@ -2,22 +2,20 @@
|
|||
---
|
||||
- name: Remove older docker packages
|
||||
apt:
|
||||
name: '{{ item }}'
|
||||
name:
|
||||
- docker
|
||||
- docker-engine
|
||||
- docker.io
|
||||
state: absent
|
||||
with_items:
|
||||
- docker
|
||||
- docker-engine
|
||||
- docker.io
|
||||
|
||||
- name: Install source requirements
|
||||
apt:
|
||||
name: '{{ item }}'
|
||||
name:
|
||||
- apt-transport-https
|
||||
- ca-certificates
|
||||
- gnupg2
|
||||
state: present
|
||||
update_cache: yes
|
||||
with_items:
|
||||
- apt-transport-https
|
||||
- ca-certificates
|
||||
- gnupg2
|
||||
|
||||
- name: Add Docker repository
|
||||
apt_repository:
|
||||
|
|
@ -30,17 +28,33 @@
|
|||
when: ansible_distribution_release == 'jessie'
|
||||
|
||||
- name: Add Docker's official GPG key
|
||||
apt_key:
|
||||
#url: https://download.docker.com/linux/debian/gpg
|
||||
data: "{{ lookup('file', 'docker-debian.gpg') }}"
|
||||
copy:
|
||||
src: docker-debian.asc
|
||||
dest: /etc/apt/trusted.gpg.d/docker-debian.asc
|
||||
force: yes
|
||||
mode: "0644"
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
- name: Install docker and python-docker
|
||||
- name: Install Docker
|
||||
apt:
|
||||
name: "{{ item }}"
|
||||
name:
|
||||
- docker-ce
|
||||
- docker-ce-cli
|
||||
- containerd.io
|
||||
update_cache: yes
|
||||
with_items:
|
||||
- docker-ce
|
||||
- python-docker
|
||||
|
||||
- name: python-docker is installed
|
||||
apt:
|
||||
name: python-docker
|
||||
state: present
|
||||
when: ansible_python_version is version('3', '<')
|
||||
|
||||
- name: python3-docker is installed
|
||||
apt:
|
||||
name: python3-docker
|
||||
state: present
|
||||
when: ansible_python_version is version('3', '>=')
|
||||
|
||||
- name: Copy Docker daemon configuration file
|
||||
template:
|
||||
|
|
@ -74,17 +88,17 @@
|
|||
state: directory
|
||||
mode: "0644"
|
||||
owner: root
|
||||
when: docker_tls_enabled
|
||||
when: docker_tls_enabled | bool
|
||||
|
||||
- name: Copy shellpki utility to Docker TLS directory
|
||||
template:
|
||||
src: "{{ item }}.j2"
|
||||
dest: "{{ docker_tls_path }}/{{ item }}"
|
||||
mode: "0744"
|
||||
with_items:
|
||||
loop:
|
||||
- shellpki.sh
|
||||
- openssl.cnf
|
||||
when: docker_tls_enabled
|
||||
when: docker_tls_enabled | bool
|
||||
|
||||
- name: Check if certs are already created
|
||||
stat:
|
||||
|
|
@ -93,4 +107,6 @@
|
|||
|
||||
- name: Creating a CA, server key
|
||||
command: "{{ docker_tls_path }}/shellpki.sh init"
|
||||
when: docker_tls_enabled and not tls_certs_stat.stat.isdir is defined
|
||||
when:
|
||||
- docker_tls_enabled | bool
|
||||
- not tls_certs_stat.stat.isdir
|
||||
|
|
|
|||
|
|
@ -1,2 +1,4 @@
|
|||
---
|
||||
dovecot_foo: bar
|
||||
|
||||
dovecot_vmail_uid: 5000
|
||||
dovecot_vmail_gid: 5000
|
||||
|
|
|
|||
2
dovecot/files/munin_config
Normal file
2
dovecot/files/munin_config
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
[dovecot]
|
||||
group adm
|
||||
|
|
@ -2,21 +2,22 @@
|
|||
#
|
||||
# Munin Plugin
|
||||
# to count logins to your dovecot mailserver
|
||||
#
|
||||
#
|
||||
# Created by Dominik Schulz <lkml@ds.gauner.org>
|
||||
# http://developer.gauner.org/munin/
|
||||
# Contributions by:
|
||||
# - Stephane Enten <tuf@delyth.net>
|
||||
# - Steve Schnepp <steve.schnepp@pwkf.org>
|
||||
#
|
||||
# - pcy <pcy@ulyssis.org> (make 'Connected Users' DERIVE, check existence of logfile in autoconf)
|
||||
#
|
||||
# Parameters understood:
|
||||
#
|
||||
# config (required)
|
||||
# autoconf (optional - used by munin-config)
|
||||
#
|
||||
#
|
||||
# Config variables:
|
||||
#
|
||||
# logfile - Where to find the syslog file
|
||||
# logfile - Where to find the syslog file
|
||||
#
|
||||
# Add the following line to a file in /etc/munin/plugin-conf.d:
|
||||
# env.logfile /var/log/your/logfile.log
|
||||
|
|
@ -34,13 +35,13 @@ LOGFILE=${logfile:-/var/log/mail.log}
|
|||
######################
|
||||
|
||||
if [ "$1" = "autoconf" ]; then
|
||||
echo yes
|
||||
[ -f "$LOGFILE" ] && echo yes || echo "no (logfile $LOGFILE not found)"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if [ "$1" = "config" ]; then
|
||||
echo 'graph_title Dovecot Logins'
|
||||
echo 'graph_category Mail'
|
||||
echo 'graph_category mail'
|
||||
echo 'graph_args --base 1000 -l 0'
|
||||
echo 'graph_vlabel Login Counters'
|
||||
|
||||
|
|
@ -53,6 +54,7 @@ if [ "$1" = "config" ]; then
|
|||
done
|
||||
|
||||
echo 'connected.label Connected Users'
|
||||
echo "connected.type DERIVE"
|
||||
|
||||
exit 0
|
||||
fi
|
||||
|
|
@ -86,7 +88,7 @@ echo -n
|
|||
echo -en "login_tls.value "
|
||||
VALUE=$(egrep -c '[dovecot]?.*Login.*TLS' $LOGFILE)
|
||||
if [ ! -z "$VALUE" ]; then
|
||||
echo "$VALUE"
|
||||
echo "$VALUE"
|
||||
else
|
||||
echo "0"
|
||||
fi
|
||||
|
|
@ -97,7 +99,7 @@ echo -n
|
|||
echo -en "login_ssl.value "
|
||||
VALUE=$(egrep -c '[dovecot]?.*Login.*SSL' $LOGFILE)
|
||||
if [ ! -z "$VALUE" ]; then
|
||||
echo "$VALUE"
|
||||
echo "$VALUE"
|
||||
else
|
||||
echo "0"
|
||||
fi
|
||||
|
|
@ -108,7 +110,7 @@ echo -n
|
|||
echo -en "login_imap.value "
|
||||
VALUE=$(egrep -c '[dovecot]?.*imap.*Login' $LOGFILE)
|
||||
if [ ! -z "$VALUE" ]; then
|
||||
echo "$VALUE"
|
||||
echo "$VALUE"
|
||||
else
|
||||
echo "0"
|
||||
fi
|
||||
|
|
@ -119,7 +121,7 @@ echo -n
|
|||
echo -en "login_pop3.value "
|
||||
VALUE=$(egrep -c '[dovecot]?.*pop3.*Login' $LOGFILE)
|
||||
if [ ! -z "$VALUE" ]; then
|
||||
echo "$VALUE"
|
||||
echo "$VALUE"
|
||||
else
|
||||
echo "0"
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -1,16 +1,20 @@
|
|||
- name: ensure packages are installed
|
||||
apt:
|
||||
name: '{{ item }}'
|
||||
name:
|
||||
- dovecot-ldap
|
||||
- dovecot-imapd
|
||||
- dovecot-pop3d
|
||||
- dovecot-sieve
|
||||
- dovecot-managesieved
|
||||
state: present
|
||||
with_items:
|
||||
- dovecot-ldap
|
||||
- dovecot-imapd
|
||||
- dovecot-pop3d
|
||||
- dovecot-sieve
|
||||
- dovecot-managesieved
|
||||
tags:
|
||||
- dovecot
|
||||
|
||||
- name: Generate 4096 bits Diffie-Hellman parameters (may take several minutes)
|
||||
openssl_dhparam:
|
||||
path: /etc/ssl/dhparams.pem
|
||||
size: 4096
|
||||
|
||||
- name: disable pam auth
|
||||
replace:
|
||||
dest: /etc/dovecot/conf.d/10-auth.conf
|
||||
|
|
@ -25,14 +29,14 @@
|
|||
line: "{{ item.key }} = {{ item.value }}"
|
||||
regexp: "^#*{{ item.key }}"
|
||||
state: present
|
||||
with_items:
|
||||
- { key: 'hosts', value: '127.0.0.1' }
|
||||
- { key: 'auth_bind', value: 'yes' }
|
||||
- { key: 'ldap_version', value: 3 }
|
||||
- { key: 'base', value: "{{ ldap_suffix }}" }
|
||||
- { key: 'user_attrs', value: 'homeDirectory=home' }
|
||||
- { key: 'user_filter', value: '(&(isActive=TRUE)(uid=%u))' }
|
||||
- { key: 'pass_attrs', value: 'uid=user,userPassword=password' }
|
||||
loop:
|
||||
- { key: 'hosts', value: '127.0.0.1' }
|
||||
- { key: 'auth_bind', value: 'yes' }
|
||||
- { key: 'ldap_version', value: 3 }
|
||||
- { key: 'base', value: "{{ ldap_suffix }}" }
|
||||
- { key: 'user_attrs', value: 'homeDirectory=home' }
|
||||
- { key: 'user_filter', value: '(&(isActive=TRUE)(uid=%u))' }
|
||||
- { key: 'pass_attrs', value: 'uid=user,userPassword=password' }
|
||||
when: ldap_suffix is defined
|
||||
notify: reload dovecot
|
||||
tags:
|
||||
|
|
@ -41,7 +45,8 @@
|
|||
- name: create vmail group
|
||||
group:
|
||||
name: vmail
|
||||
gid: 5000
|
||||
gid: "{{ dovecot_vmail_gid }}"
|
||||
system: True
|
||||
tags:
|
||||
- dovecot
|
||||
|
||||
|
|
@ -49,8 +54,9 @@
|
|||
user:
|
||||
name: vmail
|
||||
group: vmail
|
||||
uid: 5000
|
||||
uid: "{{ dovecot_vmail_uid }}"
|
||||
shell: /bin/false
|
||||
system: True
|
||||
tags:
|
||||
- dovecot
|
||||
|
||||
|
|
@ -63,6 +69,15 @@
|
|||
tags:
|
||||
- dovecot
|
||||
|
||||
- name: deploy file for custom configuration
|
||||
template:
|
||||
src: zzz-evolinux-custom.conf.j2
|
||||
dest: /etc/dovecot/conf.d/zzz-evolinux-custom.conf
|
||||
mode: "0644"
|
||||
notify: reload dovecot
|
||||
tags:
|
||||
- dovecot
|
||||
|
||||
- include: munin.yml
|
||||
tags:
|
||||
- dovecot
|
||||
|
|
|
|||
|
|
@ -6,15 +6,18 @@
|
|||
check_mode: no
|
||||
register: munin_node_plugins_config
|
||||
|
||||
- block:
|
||||
- name: Install munin plugin
|
||||
copy:
|
||||
src: munin_plugin
|
||||
dest: /etc/munin/plugins/dovecot
|
||||
mode: "0755"
|
||||
- name: Munin plugins are present and configured
|
||||
block:
|
||||
- name: Install munin plugin
|
||||
copy:
|
||||
src: munin_plugin
|
||||
dest: /etc/munin/plugins/dovecot
|
||||
mode: "0755"
|
||||
|
||||
# TODO : add in /etc/munin/plugin-conf.d/munin-node
|
||||
# [dovecot]
|
||||
# group adm
|
||||
- name: Install munin config
|
||||
copy:
|
||||
src: munin_config
|
||||
dest: /etc/munin/plugin-conf.d/dovecot
|
||||
mode: "0644"
|
||||
|
||||
when: munin_node_plugins_config.stat.exists
|
||||
|
|
|
|||
|
|
@ -35,12 +35,27 @@ service login {
|
|||
}
|
||||
mail_max_userip_connections = 42
|
||||
|
||||
# Configuration pour stats dovecot
|
||||
service stats {
|
||||
unix_listener stats-reader {
|
||||
user = vmail
|
||||
group = vmail
|
||||
mode = 0660
|
||||
}
|
||||
|
||||
unix_listener stats-writer {
|
||||
user = vmail
|
||||
group = vmail
|
||||
mode = 0660
|
||||
}
|
||||
}
|
||||
|
||||
# SSL/TLS
|
||||
ssl = yes
|
||||
ssl_prefer_server_ciphers = yes
|
||||
ssl_dh_parameters_length = 2048
|
||||
ssl_dh=</etc/ssl/dhparams.pem
|
||||
ssl_options = no_compression no_ticket
|
||||
ssl_protocols = !TLSv1 !TLSv1.1
|
||||
ssl_min_protocol = TLSv1.2
|
||||
ssl_cipher_list = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
|
||||
ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem
|
||||
ssl_key = </etc/ssl/private/ssl-cert-snakeoil.key
|
||||
|
|
|
|||
1
dovecot/templates/zzz-evolinux-custom.conf.j2
Normal file
1
dovecot/templates/zzz-evolinux-custom.conf.j2
Normal file
|
|
@ -0,0 +1 @@
|
|||
## Put your customized configuration here, verify configuration with "doveconf -n" and /var/log/mail.log
|
||||
|
|
@ -1,17 +1,23 @@
|
|||
galaxy_info:
|
||||
author: Evolix
|
||||
company: Evolix
|
||||
description: Install tools to setup DRBD replication accross servers.
|
||||
|
||||
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
|
||||
|
||||
license: GPLv2
|
||||
|
||||
min_ansible_version: 2.2
|
||||
min_ansible_version: "2.2"
|
||||
|
||||
platforms:
|
||||
- name: Debian
|
||||
versions:
|
||||
- jessie
|
||||
- name: Debian
|
||||
versions:
|
||||
- jessie
|
||||
- stretch
|
||||
- buster
|
||||
|
||||
galaxy_tags: []
|
||||
# Be sure to remove the '[]' above if you add dependencies
|
||||
# to this list.
|
||||
|
||||
dependencies: []
|
||||
# List your role dependencies here, one per line.
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@
|
|||
- drbd
|
||||
|
||||
- include_role:
|
||||
name: remount-usr
|
||||
name: evolix/remount-usr
|
||||
tags:
|
||||
- drbd
|
||||
|
||||
|
|
|
|||
|
|
@ -1,9 +1,8 @@
|
|||
- name: Install dependency
|
||||
apt:
|
||||
name: "{{ item }}"
|
||||
with_items:
|
||||
- drbd-utils
|
||||
- lvm2
|
||||
name:
|
||||
- drbd-utils
|
||||
- lvm2
|
||||
tags:
|
||||
- drbd
|
||||
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ Tasks are extracted in several files, included in `tasks/main.yml` :
|
|||
* `elasticsearch_jvm_xmx`: maximum heap size reserved for the JVM (default: `2g`).
|
||||
* `elasticsearch_restart_on_upgrade`: restart the service after package upgrade (default: `true`)
|
||||
|
||||
By default, Elasticsearch will listen to the public interfaces (`_site_` cf. https://www.elastic.co/guide/en/elasticsearch/reference/5.0/important-settings.html#network.host), so you will have to secure it, with firewall rules for example.
|
||||
By default, Elasticsearch will listen to the local interface (`_local_` cf. https://www.elastic.co/guide/en/elasticsearch/reference/5.0/important-settings.html#network.host).
|
||||
|
||||
## Curator
|
||||
|
||||
|
|
|
|||
|
|
@ -1,13 +1,16 @@
|
|||
---
|
||||
elastic_stack_version: "6.x"
|
||||
elastic_stack_version: "7.x"
|
||||
|
||||
elasticsearch_cluster_name: Null
|
||||
elasticsearch_cluster_members: Null
|
||||
elasticsearch_minimum_master_nodes: Null
|
||||
elasticsearch_node_name: "${HOSTNAME}"
|
||||
elasticsearch_network_host: "[_site_, _local_]"
|
||||
elasticsearch_network_host:
|
||||
- "_local_"
|
||||
elasticsearch_network_publish_host: Null
|
||||
elasticsearch_http_publish_host: Null
|
||||
elasticsearch_discovery_seed_hosts: Null
|
||||
elasticsearch_cluster_initial_master_nodes: Null
|
||||
elasticsearch_custom_datadir: Null
|
||||
elasticsearch_custom_tmpdir: Null
|
||||
elasticsearch_default_tmpdir: /var/lib/elasticsearch/tmp
|
||||
|
|
|
|||
BIN
elasticsearch/files/elastic.gpg
Normal file
BIN
elasticsearch/files/elastic.gpg
Normal file
Binary file not shown.
|
|
@ -1,19 +1,20 @@
|
|||
---
|
||||
galaxy_info:
|
||||
author: Evolix
|
||||
company: Evolix
|
||||
description: Install Elasticsearch
|
||||
|
||||
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
|
||||
|
||||
license: GPLv2
|
||||
|
||||
min_ansible_version: 2.2
|
||||
min_ansible_version: "2.2"
|
||||
|
||||
platforms:
|
||||
- name: Debian
|
||||
versions:
|
||||
- jessie
|
||||
- stretch
|
||||
- name: Debian
|
||||
versions:
|
||||
- jessie
|
||||
- stretch
|
||||
- buster
|
||||
|
||||
galaxy_tags: []
|
||||
# List tags for your role here, one per line. A tag is
|
||||
|
|
@ -23,6 +24,3 @@ galaxy_info:
|
|||
#
|
||||
# NOTE: A tag is limited to a single word comprised of
|
||||
# alphanumeric characters. Maximum 20 tags per role.
|
||||
|
||||
dependencies:
|
||||
- { role: java, alternative: 'openjdk', java_version: 8 }
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
---
|
||||
|
||||
- include_role:
|
||||
name: remount-usr
|
||||
when: elasticsearch_additional_scripts_dir | search ("/usr")
|
||||
name: evolix/remount-usr
|
||||
when: elasticsearch_additional_scripts_dir is search ("/usr")
|
||||
|
||||
- name: "{{ elasticsearch_additional_scripts_dir }} exists"
|
||||
file:
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
line: "cluster.name: {{ elasticsearch_cluster_name }}"
|
||||
regexp: "^cluster.name:"
|
||||
insertafter: "^# *cluster.name:"
|
||||
when: elasticsearch_cluster_name|default("", True)
|
||||
when: elasticsearch_cluster_name | default("", True) | length > 0
|
||||
tags:
|
||||
- config
|
||||
|
||||
|
|
@ -22,30 +22,66 @@
|
|||
- name: Configure network host
|
||||
lineinfile:
|
||||
dest: /etc/elasticsearch/elasticsearch.yml
|
||||
line: "network.host: {{ elasticsearch_network_host }}"
|
||||
line: "network.host: {{ elasticsearch_network_host }}"
|
||||
regexp: "^network.host:"
|
||||
insertafter: "^# *network.host:"
|
||||
when: elasticsearch_network_host|default("", True)
|
||||
when: elasticsearch_network_host | default("", True) | length > 0
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: Configure network publish_host
|
||||
lineinfile:
|
||||
dest: /etc/elasticsearch/elasticsearch.yml
|
||||
line: "network.publish_host: {{ elasticsearch_network_publish_host }}"
|
||||
line: "network.publish_host: {{ elasticsearch_network_publish_host }}"
|
||||
regexp: "^network.publish_host:"
|
||||
insertafter: "^network.host:"
|
||||
when: elasticsearch_network_publish_host|default("", True)
|
||||
when: elasticsearch_network_publish_host | default("", True) | length > 0
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: Configure http publish_host
|
||||
lineinfile:
|
||||
dest: /etc/elasticsearch/elasticsearch.yml
|
||||
line: "http.publish_host: {{ elasticsearch_http_publish_host }}"
|
||||
line: "http.publish_host: {{ elasticsearch_http_publish_host }}"
|
||||
regexp: "^http.publish_host:"
|
||||
insertafter: "^http.port:"
|
||||
when: elasticsearch_http_publish_host|default("", True)
|
||||
when: elasticsearch_http_publish_host | default("", True) | length > 0
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: Configure discovery seed hosts
|
||||
lineinfile:
|
||||
dest: /etc/elasticsearch/elasticsearch.yml
|
||||
line: "discovery.seed_hosts: {{ elasticsearch_discovery_seed_hosts | to_yaml(default_flow_style=True) }}"
|
||||
regexp: "^discovery.seed_hosts:"
|
||||
when: elasticsearch_discovery_seed_hosts | default([], True) | length > 0
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: Configure empty discovery seed hosts
|
||||
lineinfile:
|
||||
dest: /etc/elasticsearch/elasticsearch.yml
|
||||
regexp: "^discovery.seed_hosts:"
|
||||
state: absent
|
||||
when: elasticsearch_discovery_seed_hosts | default([], True) | length <= 0
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: Configure initial master nodes
|
||||
lineinfile:
|
||||
dest: /etc/elasticsearch/elasticsearch.yml
|
||||
line: "cluster.initial_master_nodes: {{ elasticsearch_cluster_initial_master_nodes | to_yaml(default_flow_style=True) }}"
|
||||
regexp: "^cluster.initial_master_nodes:"
|
||||
when: elasticsearch_cluster_initial_master_nodes | default([], True) | length > 0
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: Configure empty initial master nodes
|
||||
lineinfile:
|
||||
dest: /etc/elasticsearch/elasticsearch.yml
|
||||
regexp: "^cluster.initial_master_nodes:"
|
||||
state: absent
|
||||
when: elasticsearch_cluster_initial_master_nodes | default([], True) | length <= 0
|
||||
tags:
|
||||
- config
|
||||
|
||||
|
|
@ -60,17 +96,25 @@
|
|||
|
||||
- name: JVM Heap size (min) is set
|
||||
lineinfile:
|
||||
dest: /etc/elasticsearch/jvm.options
|
||||
dest: /etc/elasticsearch/jvm.options.d/evolinux.options
|
||||
regexp: "^-Xms"
|
||||
line: "-Xms{{ elasticsearch_jvm_xms }}"
|
||||
create: yes
|
||||
owner: root
|
||||
group: elasticsearch
|
||||
mode: 0640
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: JVM Heap size (max) is set
|
||||
lineinfile:
|
||||
dest: /etc/elasticsearch/jvm.options
|
||||
dest: /etc/elasticsearch/jvm.options.d/evolinux.options
|
||||
regexp: "^-Xmx"
|
||||
line: "-Xmx{{ elasticsearch_jvm_xmx }}"
|
||||
create: yes
|
||||
owner: root
|
||||
group: elasticsearch
|
||||
mode: 0640
|
||||
tags:
|
||||
- config
|
||||
|
||||
|
|
@ -80,7 +124,7 @@
|
|||
line: "discovery.zen.ping.unicast.hosts: {{ elasticsearch_cluster_members }}"
|
||||
regexp: "^discovery.zen.ping.unicast.hosts:"
|
||||
insertafter: "^#discovery.zen.ping.unicast.hosts"
|
||||
when: elasticsearch_cluster_members|default("", True)
|
||||
when: elasticsearch_cluster_members | default("", True) | length > 0
|
||||
tags:
|
||||
- config
|
||||
|
||||
|
|
@ -90,8 +134,6 @@
|
|||
line: "discovery.zen.minimum_master_nodes: {{ elasticsearch_minimum_master_nodes }}"
|
||||
regexp: "^discovery.zen.minimum_master_nodes:"
|
||||
insertafter: "^#discovery.zen.minimum_master_nodes"
|
||||
when: elasticsearch_minimum_master_nodes|default("", True)
|
||||
when: elasticsearch_minimum_master_nodes | default("", True) | length > 0
|
||||
tags:
|
||||
- config
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,48 +1,50 @@
|
|||
---
|
||||
|
||||
- block:
|
||||
- name: "Is custom datadir present ?"
|
||||
stat:
|
||||
path: "{{ elasticsearch_custom_datadir }}"
|
||||
register: elasticsearch_custom_datadir_test
|
||||
check_mode: no
|
||||
- name: Set real datadir value when customized
|
||||
block:
|
||||
- name: "Is custom datadir present ?"
|
||||
stat:
|
||||
path: "{{ elasticsearch_custom_datadir }}"
|
||||
register: elasticsearch_custom_datadir_test
|
||||
check_mode: no
|
||||
|
||||
- name: "read the real datadir"
|
||||
command: readlink -f /var/lib/elasticsearch
|
||||
changed_when: false
|
||||
register: elasticsearch_current_real_datadir_test
|
||||
check_mode: no
|
||||
- name: "read the real datadir"
|
||||
command: readlink -f /var/lib/elasticsearch
|
||||
changed_when: false
|
||||
register: elasticsearch_current_real_datadir_test
|
||||
check_mode: no
|
||||
tags:
|
||||
- elasticsearch
|
||||
when:
|
||||
- elasticsearch_custom_datadir != ''
|
||||
- elasticsearch_custom_datadir != None
|
||||
- elasticsearch_custom_datadir is not none
|
||||
- elasticsearch_custom_datadir | length > 0
|
||||
|
||||
- block:
|
||||
- name: elasticsearch is stopped
|
||||
service:
|
||||
name: elasticsearch
|
||||
state: stopped
|
||||
- name: Datadir is moved to custom path
|
||||
block:
|
||||
- name: elasticsearch is stopped
|
||||
service:
|
||||
name: elasticsearch
|
||||
state: stopped
|
||||
|
||||
- name: Move elasticsearch datadir to custom datadir
|
||||
command: mv {{ elasticsearch_current_real_datadir_test.stdout }} {{ elasticsearch_custom_datadir }}
|
||||
args:
|
||||
creates: "{{ elasticsearch_custom_datadir }}"
|
||||
- name: Move elasticsearch datadir to custom datadir
|
||||
command: mv {{ elasticsearch_current_real_datadir_test.stdout }} {{ elasticsearch_custom_datadir }}
|
||||
args:
|
||||
creates: "{{ elasticsearch_custom_datadir }}"
|
||||
|
||||
- name: Symlink {{ elasticsearch_custom_datadir }} to /var/lib/elasticsearch
|
||||
file:
|
||||
src: "{{ elasticsearch_custom_datadir }}"
|
||||
dest: '/var/lib/elasticsearch'
|
||||
state: link
|
||||
- name: Symlink {{ elasticsearch_custom_datadir }} to /var/lib/elasticsearch
|
||||
file:
|
||||
src: "{{ elasticsearch_custom_datadir }}"
|
||||
dest: '/var/lib/elasticsearch'
|
||||
state: link
|
||||
|
||||
- name: elasticsearch is started
|
||||
service:
|
||||
name: elasticsearch
|
||||
state: started
|
||||
- name: elasticsearch is started
|
||||
service:
|
||||
name: elasticsearch
|
||||
state: started
|
||||
tags:
|
||||
- elasticsearch
|
||||
when:
|
||||
- elasticsearch_custom_datadir != ''
|
||||
- elasticsearch_custom_datadir != None
|
||||
- elasticsearch_custom_datadir is not none
|
||||
- elasticsearch_custom_datadir | length > 0
|
||||
- elasticsearch_custom_datadir != elasticsearch_current_real_datadir_test.stdout
|
||||
- not elasticsearch_custom_datadir_test.stat.exists
|
||||
|
|
|
|||
|
|
@ -1,5 +1,14 @@
|
|||
---
|
||||
|
||||
- name: Check if cron is installed
|
||||
shell: "set -o pipefail && dpkg -l cron 2>/dev/null | grep -q -E '^(i|h)i'"
|
||||
args:
|
||||
executable: /bin/bash
|
||||
check_mode: no
|
||||
failed_when: False
|
||||
changed_when: False
|
||||
register: is_cron_installed
|
||||
|
||||
- name: "log rotation script"
|
||||
template:
|
||||
src: rotate_elasticsearch_logs.j2
|
||||
|
|
@ -7,3 +16,4 @@
|
|||
owner: root
|
||||
group: root
|
||||
mode: "0750"
|
||||
when: is_cron_installed.rc == 0
|
||||
|
|
|
|||
|
|
@ -6,16 +6,16 @@
|
|||
|
||||
- include: bootstrap_checks.yml
|
||||
|
||||
- include: datadir.yml
|
||||
|
||||
- include: tmpdir.yml
|
||||
|
||||
- include: datadir.yml
|
||||
|
||||
- include: logs.yml
|
||||
|
||||
- include: additional_scripts.yml
|
||||
|
||||
- include: plugin_head.yml
|
||||
when: elasticsearch_plugin_head
|
||||
when: elasticsearch_plugin_head | bool
|
||||
|
||||
- include: curator.yml
|
||||
when: elasticsearch_curator
|
||||
when: elasticsearch_curator | bool
|
||||
|
|
|
|||
|
|
@ -5,17 +5,38 @@
|
|||
name: apt-transport-https
|
||||
state: present
|
||||
tags:
|
||||
- elasticsearch
|
||||
- packages
|
||||
- elasticsearch
|
||||
- packages
|
||||
|
||||
- name: Look for legacy apt keyring
|
||||
stat:
|
||||
path: /etc/apt/trusted.gpg
|
||||
register: _trusted_gpg_keyring
|
||||
tags:
|
||||
- elasticsearch
|
||||
- packages
|
||||
|
||||
- name: Elastic embedded GPG key is absent
|
||||
apt_key:
|
||||
id: "D88E42B4"
|
||||
keyring: /etc/apt/trusted.gpg
|
||||
state: absent
|
||||
when: _trusted_gpg_keyring.stat.exists
|
||||
tags:
|
||||
- elasticsearch
|
||||
- packages
|
||||
|
||||
- name: Elastic GPG key is installed
|
||||
apt_key:
|
||||
# url: https://artifacts.elastic.co/GPG-KEY-elasticsearch
|
||||
data: "{{ lookup('file', 'elasticsearch.key') }}"
|
||||
state: present
|
||||
copy:
|
||||
src: elastic.asc
|
||||
dest: /etc/apt/trusted.gpg.d/elastic.asc
|
||||
force: yes
|
||||
mode: "0644"
|
||||
owner: root
|
||||
group: root
|
||||
tags:
|
||||
- elasticsearch
|
||||
- packages
|
||||
- elasticsearch
|
||||
- packages
|
||||
|
||||
- name: Elastic sources list is available
|
||||
apt_repository:
|
||||
|
|
@ -24,20 +45,20 @@
|
|||
state: present
|
||||
update_cache: yes
|
||||
tags:
|
||||
- elasticsearch
|
||||
- packages
|
||||
- elasticsearch
|
||||
- packages
|
||||
|
||||
- name: Elasticsearch is installed
|
||||
apt:
|
||||
name: elasticsearch
|
||||
state: present
|
||||
tags:
|
||||
- elasticsearch
|
||||
- packages
|
||||
- elasticsearch
|
||||
- packages
|
||||
|
||||
- name: Elasticsearch service is enabled
|
||||
service:
|
||||
name: elasticsearch
|
||||
enabled: yes
|
||||
tags:
|
||||
- elasticsearch
|
||||
- elasticsearch
|
||||
|
|
|
|||
|
|
@ -8,28 +8,29 @@
|
|||
system: yes
|
||||
shell: /bin/false
|
||||
|
||||
- block:
|
||||
- name: Head repository is checked-out
|
||||
git:
|
||||
repo: "https://github.com/mobz/elasticsearch-head.git"
|
||||
dest: "{{ elasticsearch_plugin_head_clone_dir }}"
|
||||
clone: yes
|
||||
tags:
|
||||
- packages
|
||||
- name: Head plugin is installed
|
||||
block:
|
||||
- name: Head repository is checked-out
|
||||
git:
|
||||
repo: "https://github.com/mobz/elasticsearch-head.git"
|
||||
dest: "{{ elasticsearch_plugin_head_clone_dir }}"
|
||||
clone: yes
|
||||
tags:
|
||||
- packages
|
||||
|
||||
- name: Create tmpdir
|
||||
file:
|
||||
dest: "{{ elasticsearch_plugin_head_tmp_dir }}"
|
||||
state: directory
|
||||
- name: Create tmpdir
|
||||
file:
|
||||
dest: "{{ elasticsearch_plugin_head_tmp_dir }}"
|
||||
state: directory
|
||||
|
||||
- name: NPM packages for head are installed
|
||||
npm:
|
||||
path: "{{ elasticsearch_plugin_head_clone_dir }}"
|
||||
tags:
|
||||
- packages
|
||||
- npm
|
||||
environment:
|
||||
TMPDIR: "{{ elasticsearch_plugin_head_tmp_dir }}"
|
||||
- name: NPM packages for head are installed
|
||||
npm:
|
||||
path: "{{ elasticsearch_plugin_head_clone_dir }}"
|
||||
tags:
|
||||
- packages
|
||||
- npm
|
||||
environment:
|
||||
TMPDIR: "{{ elasticsearch_plugin_head_tmp_dir }}"
|
||||
become_user: "{{ elasticsearch_plugin_head_owner }}"
|
||||
become: yes
|
||||
|
||||
|
|
|
|||
|
|
@ -7,50 +7,60 @@
|
|||
changed_when: False
|
||||
check_mode: no
|
||||
|
||||
- block:
|
||||
- name: "Create {{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
|
||||
file:
|
||||
path: "{{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
|
||||
owner: elasticsearch
|
||||
group: elasticsearch
|
||||
mode: "0755"
|
||||
state: directory
|
||||
tags:
|
||||
- elasticsearch
|
||||
- name: Tmpdir is moved to custom path
|
||||
block:
|
||||
- set_fact:
|
||||
_elasticsearch_custom_tmpdir: "{{ elasticsearch_custom_tmpdir | default(elasticsearch_default_tmpdir, True) | mandatory }}"
|
||||
tags:
|
||||
- elasticsearch
|
||||
|
||||
- name: change JVM tmpdir (< 6.x)
|
||||
lineinfile:
|
||||
dest: /etc/elasticsearch/jvm.options
|
||||
line: "-Djava.io.tmpdir={{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
|
||||
regexp: "^-Djava.io.tmpdir="
|
||||
insertafter: "## JVM configuration"
|
||||
notify:
|
||||
- restart elasticsearch
|
||||
tags:
|
||||
- elasticsearch
|
||||
when: elastic_stack_version | version_compare('6', '<')
|
||||
- name: "Create {{ _elasticsearch_custom_tmpdir }}"
|
||||
file:
|
||||
path: "{{ _elasticsearch_custom_tmpdir }}"
|
||||
owner: elasticsearch
|
||||
group: elasticsearch
|
||||
mode: "0755"
|
||||
state: directory
|
||||
tags:
|
||||
- elasticsearch
|
||||
|
||||
- name: check if ES_TMPDIR is available (>= 6.x)
|
||||
lineinfile:
|
||||
dest: /etc/default/elasticsearch
|
||||
line: "ES_TMPDIR={{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
|
||||
regexp: "^ES_TMPDIR="
|
||||
insertafter: "JAVA_HOME"
|
||||
notify:
|
||||
- restart elasticsearch
|
||||
tags:
|
||||
- elasticsearch
|
||||
when: elastic_stack_version | version_compare('6', '>=')
|
||||
- name: change JVM tmpdir (< 6.x)
|
||||
lineinfile:
|
||||
dest: /etc/elasticsearch/jvm.options.d/evolinux.options
|
||||
line: "-Djava.io.tmpdir={{ _elasticsearch_custom_tmpdir }}"
|
||||
regexp: "^-Djava.io.tmpdir="
|
||||
create: yes
|
||||
owner: root
|
||||
group: elasticsearch
|
||||
mode: 0640
|
||||
notify:
|
||||
- restart elasticsearch
|
||||
tags:
|
||||
- elasticsearch
|
||||
when: elastic_stack_version is version('6', '<')
|
||||
|
||||
- name: change JVM tmpdir (>= 6.x)
|
||||
lineinfile:
|
||||
dest: /etc/elasticsearch/jvm.options
|
||||
line: "-Djava.io.tmpdir=${ES_TMPDIR}"
|
||||
regexp: "^-Djava.io.tmpdir="
|
||||
insertafter: "## JVM configuration"
|
||||
notify:
|
||||
- restart elasticsearch
|
||||
tags:
|
||||
- elasticsearch
|
||||
when: elastic_stack_version | version_compare('6', '>=')
|
||||
when: (elasticsearch_custom_tmpdir != '' and elasticsearch_custom_tmpdir != None) or fstab_tmp_noexec.rc == 0
|
||||
- name: check if ES_TMPDIR is available (>= 6.x)
|
||||
lineinfile:
|
||||
dest: /etc/default/elasticsearch
|
||||
line: "ES_TMPDIR={{ _elasticsearch_custom_tmpdir }}"
|
||||
regexp: "^ES_TMPDIR="
|
||||
insertafter: "JAVA_HOME"
|
||||
notify:
|
||||
- restart elasticsearch
|
||||
tags:
|
||||
- elasticsearch
|
||||
when: elastic_stack_version is version('6', '>=')
|
||||
|
||||
# Note : Should not do any changes as -Djava.io.tmpdir=${ES_TMPDIR} is already here in the default config.
|
||||
- name: change JVM tmpdir (>= 6.x)
|
||||
lineinfile:
|
||||
dest: /etc/elasticsearch/jvm.options
|
||||
line: "-Djava.io.tmpdir=${ES_TMPDIR}"
|
||||
regexp: "^-Djava.io.tmpdir="
|
||||
insertafter: "## JVM configuration"
|
||||
notify:
|
||||
- restart elasticsearch
|
||||
tags:
|
||||
- elasticsearch
|
||||
when: elastic_stack_version is version('6', '>=')
|
||||
when: (elasticsearch_custom_tmpdir is not none and elasticsearch_custom_tmpdir | length > 0) or fstab_tmp_noexec.rc == 0
|
||||
|
|
|
|||
|
|
@ -5,5 +5,10 @@ LOG_DIR=/var/log/elasticsearch
|
|||
USER=elasticsearch
|
||||
MAX_AGE={{ elasticsearch_log_rotate_days | mandatory }}
|
||||
|
||||
find ${LOG_DIR} -type f -user ${USER} \( -name "*.log.????-??-??" -o -name "*-????-??-??.log" \) -exec gzip --best {} \;
|
||||
find ${LOG_DIR} -type f -user ${USER} \( -name "*.log.????-??-??.gz" -o -name "*-????-??-??.log.gz" \) -ctime +${MAX_AGE} -delete
|
||||
# Compress logs
|
||||
find ${LOG_DIR} -type f -user ${USER} -name "*.log.????-??-??" -exec gzip --best {} \;
|
||||
find ${LOG_DIR} -type f -user ${USER} -name "*-????-??-??.log" -exec gzip --best {} \;
|
||||
find ${LOG_DIR} -type f -user ${USER} -name "*.log.??" -not -name "*.gz" -exec gzip --best {} \;
|
||||
|
||||
# Delete old logs
|
||||
find ${LOG_DIR} -type f -user ${USER} -name "*gz" -ctime +${MAX_AGE} -delete
|
||||
|
|
@ -14,7 +14,7 @@ There is also an independant task that can be executed to commit changes made in
|
|||
|
||||
pre_tasks:
|
||||
- include_role:
|
||||
name: etc-git
|
||||
name: evolix/etc-git
|
||||
tasks_from: commit.yml
|
||||
vars:
|
||||
commit_message: "Ansible pre-run my splendid playbook"
|
||||
|
|
@ -24,7 +24,7 @@ There is also an independant task that can be executed to commit changes made in
|
|||
|
||||
post_tasks:
|
||||
- include_role:
|
||||
name: etc-git
|
||||
name: evolix/etc-git
|
||||
tasks_from: commit.yml
|
||||
vars:
|
||||
commit_message: "Ansible post-run my splendid playbook"
|
||||
|
|
|
|||
|
|
@ -1,4 +1,6 @@
|
|||
---
|
||||
commit_message: Ansible run
|
||||
etc_git_default_commit_message: Ansible run
|
||||
|
||||
etc_git_monitor_status: True
|
||||
etc_git_purge_index_lock_enabled: True
|
||||
etc_git_purge_index_lock_age: 86400
|
||||
|
|
|
|||
11
etc-git/files/etc-git-optimize
Normal file
11
etc-git/files/etc-git-optimize
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -u
|
||||
|
||||
repositories="/etc /etc/bind/ /usr/share/scripts"
|
||||
|
||||
for repository in ${repositories}; do
|
||||
if [ -d "${repository}/.git" ]; then
|
||||
git --git-dir="${repository}/.git" gc --quiet
|
||||
fi
|
||||
done
|
||||
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue