public
/
stack
5
0
Fork 0
Code Issues 4 Pull Requests 2 Packages Projects Releases Wiki Activity

Compare commits

base: public:main
Branches Tags
public:main
public:ryansquared/use-stagex-bins
public:test/make-plan
public:add-anton-pgp-key
public:feat/nextcloud
public:add-anton-pgp
public:ryansquared/toolchain-go-1.20.4
..
compare: public:ryansquared/use-stagex-bins
Branches Tags
public:main
public:ryansquared/use-stagex-bins
public:test/make-plan
public:add-anton-pgp-key
public:feat/nextcloud
public:add-anton-pgp
public:ryansquared/toolchain-go-1.20.4

9 Commits
main ... ryansquare

Author SHA1 Message Date
Anton Livaja b278a3e072
feat: refactor functions to new container setup 2025-05-23 14:16:23 -07:00
Anton Livaja 32697576a0
feat: add plan command 2025-05-12 13:29:35 -07:00
Anton Livaja b71f711b3f
feat: use digest to keep track of state of tools image 2025-05-12 10:26:21 -07:00
Anton Livaja e757eb9363
fix: gpg socket agent path 2025-05-09 18:00:04 -07:00
Anton Livaja 6c95084aa2
feat: add k9s 2025-05-07 07:54:51 -07:00
Anton Livaja e899a0c11f
feat: update make shell command 2025-05-07 07:45:56 -07:00
Anton Livaja 46c9dbfa8e
feat: update tools container deps and add update script 2025-05-06 18:52:58 -07:00
Ryan Heywood 6f75bb991e
fix issue with concat'ing objects 2025-04-02 17:28:45 -04:00
Ryan Heywood 016dc52f8e
begin transition to stagex 2025-04-02 16:59:29 -04:00
16 changed files with 443 additions and 595 deletions
Show Stats Expand all files Collapse all files

1
.dockerignore Normal file
View File

@ -0,0 +1 @@
*

45
Containerfile.tools Normal file
View File

@ -0,0 +1,45 @@
# Tools used for managing the stagex stack
FROM stagex/core-busybox@sha256:cac5d773db1c69b832d022c469ccf5f52daf223b91166e6866d42d6983a3b374 AS core-busybox
FROM stagex/core-musl@sha256:d5f86324920cfc7fc34f0163502784b73161543ba0a312030a3ddff3ef8ab2f8 AS core-musl
FROM stagex/core-ca-certificates@sha256:d6fca6c0080e8e5360cd85fc1c4bd3eab71ce626f40602e38488bfd61fd3e89d AS core-ca-certificates
FROM stagex/core-zlib@sha256:b35b643642153b1620093cfe2963f5fa8e4d194fb2344a5786da5717018976c2 AS core-zlib
FROM stagex/user-gpg@sha256:92946bb4143ecbd53999cd520fbcb958aecacbac7a85bd58a758be1b57086a9c AS user-gpg
FROM stagex/user-npth@sha256:6ac9a90ca714ba01911c1f617553a5b23b96e9e37ec4a21e5ba132c4886a70e9 AS user-npth
FROM stagex/user-libksba@sha256:c165fb5b7949473cb00b0fe59add90663346b33c6c682309ca0fcccdcf78d569 AS user-libksba
FROM stagex/user-libgpg-error@sha256:6d7c09e3a7d055a6722910439c533f2babc8eda24b636bf4dfb2b29a3ed6327a AS user-libgpg-error
FROM stagex/user-libassuan@sha256:dea35799659be7b85e523312c55621007b1918ff3590631155ecf2c699ca470f AS user-libassuan
FROM stagex/user-libgcrypt@sha256:384f0e703afad6f8885ec77fb814ef182a08600a2032183d231fee5c048a7d2d AS user-libgcrypt
FROM stagex/user-opentofu@sha256:b5053a5966f7ec06ea894db315c4990b73e8bee69798889de747e9a99c32b041 AS user-opentofu
FROM stagex/user-sops@sha256:72b09ff439f422889af815f19a223b48b3b3fd0701d312a413069cbabcad7a12 AS user-sops
FROM stagex/user-talosctl@sha256:23ff2d686a0c251db4f8a8f07e9b18c81c64eaa07da97de5a75fccbea3e595c4 AS user-talosctl
FROM stagex/user-kubectl@sha256:6df028ecb71097c182276cad295f7a68a28f2c8d7fc82ea47fb22a451b11a4ff AS user-kubectl
FROM stagex/user-kustomize@sha256:9886d6c855f763398a8bf52cd16e07f78cb8dab75396903645612e9cd4094cfa AS user-kustomize
FROM stagex/user-kustomize-sops@sha256:25040e0adf7dc6806da9996a252dbf7f8f5bb4f0b9a9dd1835035eeaea3861d9 AS user-kustomize-sops
FROM stagex/user-helm@sha256:e7d2e13db8483f5356b96337308edbd5a0e602cc76c4c5ea5ed730ae6d2b2dcc AS user-helm
FROM stagex/user-k9s@sha256:eff325c4d000358b2f6ed0f63d61fcea8f98c081395437d0003e7429e0c334b4 AS user-k9s
FROM scratch
COPY --from=core-busybox . /
COPY --from=core-musl . /
COPY --from=core-ca-certificates . /
COPY --from=core-zlib . /
COPY --from=user-npth . /
COPY --from=user-libksba . /
COPY --from=user-libgpg-error . /
COPY --from=user-libassuan . /
COPY --from=user-libgcrypt . /
COPY --from=user-gpg . /
COPY --from=user-opentofu . /
COPY --from=user-sops . /
COPY --from=user-talosctl . /
COPY --from=user-kubectl . /
COPY --from=user-kustomize . /
COPY --from=user-kustomize-sops . /
COPY --from=user-sops . /
COPY --from=user-helm . /
COPY --from=user-k9s . /
RUN mkdir -p /root/.gnupg
RUN chmod 0700 /root/.gnupg

179
Makefile
View File

@ -1,14 +1,12 @@
include $(PWD)/src/toolchain/Makefile
include $(PWD)/src/make/tools.mk
# If using QubesOS, the smart card must be connected directly to the qube,
# rather than using a 'vault' qube.
BACKEND_TF := $(wildcard infra/backend/*.tf)
MAIN_TF := $(wildcard infra/main/*.tf)
ENVIRONMENT := production
REGION := sfo3
ROOT_DIR := $(shell pwd)
# TODO: automatically determine
TERRAFORM := $(ROOT_DIR)/out/tofu.linux-x86_64
SOPS := $(ROOT_DIR)/out/sops.linux-x86_64
OUT_DIGEST := out/tools-image.digest
KEYS := \
6B61ECD76088748C70590D55E90A401336C8AAA9 \
88823A75ECAA786B0FF38B148E401478A3FBEF72 \
@ -24,25 +22,22 @@ default: \
tools \
apply
.PHONY:
.PHONY: clean
clean:
rm -rf $(CACHE_DIR)
.PHONY:
.PHONY: update-tools
update-tools:
./src/make/update.sh
.PHONY: shell
shell: $(OUT_DIGEST)
$(call run-container, -v ./secrets:/secrets, $(shell cat $<), bin/sh)
.PHONY: credentials
credentials: \
$(CACHE_DIR)/secrets/credentials.tfvars
.PHONY:
shell: toolchain tools
$(call toolchain," \
HOST_OS=linux \
HOST_ARCH=x86_64 \
PREFIX=.local \
XDG_CONFIG_HOME=/home/build/.config \
make -f src/make/tools.mk tools-install \
&& PS1='build@distrust-stack\\$$ ' bash --norc \
",--interactive)
$(KEY_DIR)/%.asc:
$(call fetch_pgp_key,$(basename $(notdir $@)))
@ -70,68 +65,98 @@ $(CACHE_DIR)/website/index.html: \
&& cp -R _site/* /home/build/out/website/ \
")
infra/backend/.terraform: \
$(TERRAFORM) \
$(BACKEND_TF)
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
env -C infra/backend $(TERRAFORM) init -upgrade \
'
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
env -C infra/backend $(TERRAFORM) refresh \
-var environment=$(ENVIRONMENT) \
-var namespace=$(ENVIRONMENT) \
-var region=$(REGION) \
-state $(ENVIRONMENT).tfstate \
'
infra/backend/.terraform: out/tools-image.digest $(BACKEND_TF)
$(call run-container, \
-v $(PWD)/secrets:/secrets \
-v $(PWD)/infra:/infra, \
$(shell cat out/tools-image.digest), \
sops exec-env /secrets/$(ENVIRONMENT).enc.env -- '\
tofu -chdir=/infra/backend init -upgrade && \
tofu -chdir=/infra/backend refresh \
-var environment=$(ENVIRONMENT) \
-var namespace=$(ENVIRONMENT) \
-var region=$(REGION) \
-state $(ENVIRONMENT).tfstate' \
)
infra/main/.terraform: | \
$(TERRAFORM) \
config/$(ENVIRONMENT).tfbackend \
$(MAIN_TF)
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
env -C infra/main $(TERRAFORM) init -upgrade \
-backend-config="../../config/$(ENVIRONMENT).tfbackend" \
'
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
env -C infra/main $(TERRAFORM) refresh \
-var environment=$(ENVIRONMENT) \
-var namespace=$(ENVIRONMENT) \
-var region=$(REGION) \
-state $(ENVIRONMENT).tfstate \
'
infra/main/.terraform: out/tools-image.digest \
config/$(ENVIRONMENT).tfbackend \
$(MAIN_TF)
$(call run-container, \
-v $(PWD)/secrets:/secrets \
-v $(PWD)/infra:/infra, \
$(shell cat out/tools-image.digest), \
sops exec-env /secrets/$(ENVIRONMENT).enc.env -- '\
tofu -chdir=/infra/main init -upgrade \
-backend-config="../../config/$(ENVIRONMENT).tfbackend" && \
tofu -chdir=/infra/main refresh \
-var environment=$(ENVIRONMENT) \
-var namespace=$(ENVIRONMENT) \
-var region=$(REGION) \
-state $(ENVIRONMENT).tfstate' \
)
infra/backend/$(ENVIRONMENT).tfstate: \
$(TERRAFORM) \
$(SOPS) \
infra/backend/.terraform
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
env -C infra/backend \
$(TERRAFORM) apply \
-var environment=$(ENVIRONMENT) \
-var namespace=$(ENVIRONMENT) \
-var region=$(REGION) \
-state $@ \
'
infra/backend/$(ENVIRONMENT).tfstate: out/tools-image.digest infra/backend/.terraform
$(call run-container, \
-v $(PWD)/secrets:/secrets \
-v $(PWD)/infra:/infra, \
$(shell cat out/tools-image.digest), \
sops exec-env /secrets/$(ENVIRONMENT).enc.env -- '\
tofu -chdir=/infra/backend apply \
-var environment=$(ENVIRONMENT) \
-var namespace=$(ENVIRONMENT) \
-var region=$(REGION) \
-state $(ENVIRONMENT).tfstate' \
)
config/$(ENVIRONMENT).tfbackend: | \
$(TERRAFORM) \
$(SOPS) \
# File is not committed and this has no shared state
$(MAKE) infra/backend/$(ENVIRONMENT).tfstate
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
env -C infra/backend \
$(TERRAFORM) \
output -state $(ENVIRONMENT).tfstate \
> $@ \
'
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
env -C infra/backend \
$(TERRAFORM) refresh \
-var environment=$(ENVIRONMENT) \
-var namespace=$(ENVIRONMENT) \
-var region=$(REGION) \
-state $(ENVIRONMENT).tfstate \
'
config/$(ENVIRONMENT).tfbackend: $(OUT_DIGEST) infra/backend/$(ENVIRONMENT).tfstate
$(call run-container, \
-v $(PWD)/secrets:/secrets \
-v $(PWD)/infra:/infra, \
$(shell cat $(OUT_DIGEST)), \
sops exec-env /secrets/$(ENVIRONMENT).enc.env -- '\
tofu -chdir=/infra/backend output \
-state $(ENVIRONMENT).tfstate > $@ && \
tofu -chdir=/infra/backend refresh \
-var environment=$(ENVIRONMENT) \
-var namespace=$(ENVIRONMENT) \
-var region=$(REGION) \
-state $(ENVIRONMENT).tfstate' \
)
out/tools-image.digest: Containerfile.tools | out
docker build -f Containerfile.tools -q . > $@
GPG_TTY ?= $(shell tty)
define run-container
docker run -it $(1) \
-e GPG_TTY="$(GPG_TTY)" \
-v $(shell gpgconf --list-dirs agent-socket):/root/.gnupg/S.gpg-agent:ro \
-v $(shell gpgconf --list-dirs homedir):/root/.gnupg:rw \
$(2) \
$(3)
endef
.PHONY: plan
plan: out/tools-image.digest
$(call run-container, \
-v $(PWD)/secrets:/secrets -v $(PWD)/infra:/infra, \
$(shell cat $<), \
sops exec-env /secrets/$(ENVIRONMENT).enc.env -- \
'tofu -chdir=/infra/main plan \
-var environment=$(ENVIRONMENT) \
-var namespace=$(ENVIRONMENT) \
-var region=$(REGION)' \
)
.PHONY: new-apply
new-apply: out/tools-image.digest
$(call run-container,'\
echo $$GPG_AGENT_INFO; \
ls -l /S.gpg-agent; \
gpg --verbose --list-keys \
')
.PHONY:
apply: \

5
infra/main/main.tf
View File

@ -125,7 +125,10 @@ locals {
# `jq .database_users.value.forgejo | sops --encrypt`
output "database_users" {
value = {
for db_user in concat(module.digitalocean_database_cluster.database_users, module.digitalocean_mysql_database_cluster.database_users):
for db_user in concat(
values(module.digitalocean_database_cluster.database_users),
values(module.digitalocean_mysql_database_cluster.database_users),
):
db_user.name => {
apiVersion = "v1",
kind = "Secret",

20
kustomizations/cert-manager/cluster-issuer/issuer.yaml
View File

@ -4,7 +4,7 @@ metadata:
name: letsencrypt
spec:
acme:
email: team@distrust.co
email: ryan@distrust.co
privateKeySecretRef:
name: letsencrypt
server: https://acme-v02.api.letsencrypt.org/directory
@ -14,21 +14,3 @@ spec:
tokenSecretRef:
name: digitalocean
key: access-token
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-caution
spec:
acme:
email: team@distrust.co
privateKeySecretRef:
name: letsencrypt-caution
server: https://acme-v02.api.letsencrypt.org/directory
solvers:
- http01:
ingress:
ingressClassName: nginx
selector:
dnsZones:
- "caution.co"

2
kustomizations/cert-manager/kustomization.yaml
View File

@ -2,7 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: cert-manager
resources:
- https://github.com/james-callahan/cert-manager-kustomize?ref=039fc866e432953a5ceda9bc26155513b535eea4
- https://github.com/james-callahan/cert-manager-kustomize?ref=b9560b4603bffac901c99d7d9d16e5e2a07e44d8
- cluster-issuer
- namespace.yaml
replacements:

2
kustomizations/invoiceshelf/statefulset.yaml
View File

@ -32,13 +32,11 @@ spec:
path: /api/v1/app/version
port: http
livenessProbe:
initialDelaySeconds: 60
periodSeconds: 5
httpGet:
path: /api/v1/app/version
port: http
readinessProbe:
initialDelaySeconds: 60
periodSeconds: 5
httpGet:
path: /api/v1/app/version

119
kustomizations/website-beta/anubis-key.enc.yaml
View File

@ -1,119 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: anubis-key
stringData:
#ENC[AES256_GCM,data:Dc99W4dFJqiVBL9fRNOzMMU=,iv:2j2O+9OsutPALOfeg//dwg5mt0oPbBUpdftjWfxj7tE=,tag:xhzSUXFBTW1lZKDKtl4m9g==,type:comment]
#ENC[AES256_GCM,data:98k+fzZjuxguvoe/hpTHir6FTvE9,iv:lwwNyPk7gQm4os/aiCS7R26BmUTgmCaP7QQf8yP+cM8=,tag:Ob8FoM6jsXVLAG71EYEx5g==,type:comment]
ED25519_PRIVATE_KEY_HEX: ENC[AES256_GCM,data:kF4zpyJwQyBKuOTpIMYYFKcfTD2eElp2CpiNvpK8snkNHY/Wl/RCN+wnUT7igty/CU0xhqcpoSJj9om64UPKow==,iv:4vmPnSOia+aTm23HJ64EO2I2MoJ9rVRnnC+gugvPs+g=,tag:VVK6WFzRuunwcPVVh2p8DA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2025-04-21T22:07:46Z"
mac: ENC[AES256_GCM,data:fIpwCLUxp1ac+E0icLwKUVS/Y/8lyNcug/f3T3pzMkLSfdMoSCW0VHvqQ6COzmIaFlior0Tmetn458tAwbgglwnNS+vW842epRU8vVgbuAwc9qj1b1OncDn1kjSOVY4rHONAEh7sAZjptEl88w00fjAgJQFT/p8+QF3T/PYZ0js=,iv:urZ0ZnnCm4KdkYPwxqPda3GuSfMOTV77kZc7bR0YZL8=,tag:ayDP75zXQLnBbBbQWvQl/g==,type:str]
pgp:
- created_at: "2024-01-11T20:56:23Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMA82rPM2mSf/aAQ/+PJZZk8l5rIqLgeZzumY/oZYbgSLhB1+kfrQSFKuWlWU2
wO8dabV77egBrHrViU8ZryJeq9rEmAwEZPTlTbvGdP4YWkXuQvjcnG41a9047p4Y
t67hvZbqdrLhtpAbYYC4DqEJAlQIFC9CfCCHybU3NvxDOntmSoXJ1VRdDwxeT4k/
2/W/4XbzvrV3mK4pocHryFkWfitplt92TQS+N+Y5mrRZAHioQNvSjD+mB5qllIGE
OenplDUOR5K28lAhKwJi9YU+4Q+WwRILn4Anh2kbthkOKbR2V01XEE7rZZ7miSmJ
HSSebOokY0KEwc5TS4YJjz4VJ25UTcw74z9oZXFh5UOCCbiOHS3vRqd8ZvbAOtxg
N69bHW6I61EvAmNj34r8ZIPYDsAUmVWg3RODzrHv53XH+7TIRAVwtyf0sq49BJz7
NYOIoAh3gfdt6AcX1wzE3NPO6GaF9loccKHzjZlgPrcG+OIiCfWvLe/ZSdEfWOz3
2ts4TH2GCTt8y5A3YZv6TiJTqkeZp+aTKTWHZ8VPbb1f/K/LZCgy8xJtsdPAm76H
Hs0fra+/igXCcsTn1hy8ApBd0kQmtaLfMdABJ4rdeft8M8ZYUE3hx0nk6nAY73TM
vUdtLKYYTd+8ZY8e61Hop7MEsxnV1MRCmxQYNTBCCLXyEb7EXBAFI3Dd60C29ZXS
UQGgFne06+Ylj2sDkWOEVDe6YJJ9uQpFLuVS0wkZv5k1IkSgQn+vIZLqo5ltWFlN
5sovHvmmclSlC7m0G90ReoNpSWP7RbSddqI3ht6H5GVYCQ==
=HuH6
-----END PGP MESSAGE-----
fp: 6B61ECD76088748C70590D55E90A401336C8AAA9
- created_at: "2024-01-11T20:56:23Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMAw95Vf08z8oUARAA55KjH0BV0S3PzGBlbxNr2864BRPbHcupAj52Smdh/dwb
0GL64ULgfFoytddgYXeXVKPwBw1l8UIZnRDoMZyeTlUGKrwR6UgAtYcs/BId9/jF
B8yJzLk19d1ld017Pl/3zGE6/2YxnE56MMeX+4Az8K1z1EBVOI5XFBjYz+r8tG0q
9j2ypWtzLK9Az0g4V5kTrnGQwA3NN3siF1Uo8lvJzL+YDVV7d9cfB+slYM0xBOKn
6amxxwKwRZegSckPg+/UWXZOdj6NEDpiQz94hQMm4Bm3N0HtrulATAMjAiTFfzst
W2R9X7U9FCMwhX1wi9QMVOy5crbBMMc3wmv0b3Ya+5smnrr/91ZDwD8s0fHKk/ju
BVMI9DaA7usAvlziX8LQv8Be6EHQSnBF3cDVQSTyM8TFtbQMMKMFQszbsRnvRqs1
k4b3veNYev8fJOK5JaQTJ+Wm7uFm22tw7Q6orSoPuD2+gIzfWzPFU1q0I7ROdN9h
sMc+/ytwKCU3oGbSLQLAyXI5E5czRJJ2797uwLQ3a5aFUSP3/iR/qfu4/MzGDgnW
XNVYadheL5xdgwnugm2CeYNwskZZXgto/bwiL/+jzeTmX9GfKN0+Nl2VqZTSRw+0
o9MTmKsZfq7BBJ/eOJhD1xK5rF2bvduQ9re4LJ8+31RGTN0eXWvQ43jU5FA6tF3S
UQHrcMjwQaVpVMNRH5AjrMS2ZKfMf+Ehbjoby6c+7W/zkOgYkPLI8dKFpUZGjPAg
YifFb+hBtcJTNiNJjVU/QGEenfMho9X9Uu0QmjyEbbXnIA==
=upcn
-----END PGP MESSAGE-----
fp: 88823A75ECAA786B0FF38B148E401478A3FBEF72
- created_at: "2024-01-11T20:56:23Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMA0/D4ws+/KPtARAAt1m79BSP6vyV/zZNl+2tiI+1KLA4q+lMcWpzD4YAkWof
VDKGnr7sxDXA3EP5SZoCz9KJuKHMxc1cDgZ1AGNTNHYRVGyMNmWLbbqfX9XW6pZT
MuDr3W4wZc8aJP8sL8VjknbzuXTQPqdu8SYfHSPjXmNz3ai0h1dmYWJBF+2E7Uxa
r223JDz6TwS1VMk8TtJvlZgx+hCc1hroMmO5Su3CsbSum8ccRSPCOzXzURloM5Jv
xWZrmTWSsvg5lb8MQjnJ2ETG8alQDAZOgsK72Brq2baRZCcWJArFFMx7y0UlbBML
PYlC5QzsKFEnCC6lF+V1O1jUFgPYqs5Ck7H0kbfZbSCiF9fs7lhi2tQqRN1My7aX
cy5G+rbRg+4+TaA/xBssMiaCVSnI28zotrLX+Q5q+/laL+AdMSWTtfYbGpfEiLx0
ejWym/PJfgeozZsUXdcZsrVmMowksVyP0cnczNFBWbUVcSFRZ6+KaNBobjr2hiFC
NqX77VhkKnDsNE7HIo42yyqjU5ipqPaLp0qs6pQquWVNb/MBid07S4KBTQ2HJo79
tTki8djQBpBGPZJj1hwJvUtb+HuJTWEgI2Az6Pw9S70kmdWLSnp7aJtHAP9/GN+b
NainzJJ8mwv+03ohCxPHUercRtlSKjws6miCKQkxdGpqVCMrXlqx5XV1N3BX+PHS
UQGLbpsU8EovlP+jyc7WIqPAcGl6UGpHKuEJtk473eWKAwdoGdM2hug/83Iru6DI
pQN6SMixNNNpxvhoyaHhFyYFzC5Xj5YO/obEYpDfJa7tWA==
=TZtK
-----END PGP MESSAGE-----
fp: 3D7C8D39E8C4DF771583D3F0A8A091FD346001CA
- created_at: "2024-01-11T20:56:23Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMA5Wf+FyJ+zFJAQ/+OZlDJaJgpA0OZIXM4zRaDwztjdvrsmEkupUH/mC8sXsJ
1Q7/pVDJZqi5z/ewl2EJGyar7uvmgVVauvqOGVP8pIb04hL16M7p385U9VdBMa9V
IhBIYDKQi8Ia67xz6kQsMvT4zvzo52Z7opb6Rmxf3qQt919iOLdJRtJXUX0Vhjs3
m0zyBw4jji5zeBcfNWFxwLe8Ie5+0E2zZpyakQobTLrinEzTqwOpoEi6p18b6tWw
/tLHvi52TejXxkfBVsBzHMDz44WEOMu81BG13BY2JvSmOtj9+yPad5SMBy/4ugti
6YN974B7Dsetsm8UavMj9kU44nh14oZ8cPJ+sbf0POttSXJJY98+i5eUFptrIZ0X
4SyUo8wMkxHtDiL7rx3nkiglUkpG4H4+uzcaS0y/A9zlQas+igYL5YdE7CL/M5ET
V0UWNQEVqCk3EjCFYGR6Ccc3nGOtxnc3eWuBDBCd3oYINjqci6ZK+ds8yIqUY64B
Y29bvQvLSBGWkJs7ol86LyuQrFC7vvLZelsGvkSjwaRE/Be8AADgreZe1BHC91cn
eE0vr1rY8RcVvFjbLonzBhO9aMC5o1FkTbmKbpYcnrB7VyiierGMe9g7wRxcJrEh
SMvquMdOZxPgiB6e1yJ44WPsWHZMQvBjacCToX9LhIPe8QsebnrIHny0GYmYS5XS
UQGiVLKMnZJkACJGLtotqZWFPJi0oE1B+X3+wQch5aYTDWqtQqY9aDXSHbKSvZ+u
MU7a2nFCcMMrlM3Z/MzQNQxD5az/NivyIXjT1tOjc8PiLQ==
=3nk5
-----END PGP MESSAGE-----
fp: F4BF5C81EC78A5DD341C91EEDC4B7D1F52E0BA4D
- created_at: "2024-01-11T20:56:23Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMA8KRInHl7Vz+AQ//WXsaXLEl1BDCWBw0sDI02p8QKUosA9JOSr9Za5iO/G8v
Pn5JU1Fk5hAPvy874pk5jlGSSyXsO9b1PAY0i18kZ8/MMZgolyNgi/mK2B8QvixY
zOr6tQ2aG84tbVmBO9rt+AVkhggOx/gu3ZF3gWskjs3dY7/mD2krhNynIReQfTUc
MpOWmVsPh2x+8zJ7siECIkD4stNcgRGKAabQHRNig0Zg0dJhsL7z8tVuGzZGCDbu
q5fXPF0bM5Rb38g9DC0pXp1WAfdpCoSh8LoOrF7UbWsQFws4+looAoarFzk0tUM4
/XTZTzBEAhf/f/RX9yJku+14erwC7hnWnM7Yr2O19lfQ1ZNuOqkZKFLT8kV4PPcR
vB/3OD15HGvQD3T7DQUe9C1kFs3u1Kymk0SUocv5xTRTvbQQSEqe3KkEhh3yjb87
0ZsEczDafx9b6BSG7hEUyBhND9Rk1FjbGM0u1Kowy+oLMFrEQ0Z/wtm4bam5Nyho
5i7BBvFUquSfqh3zM+uzd/69G5AD4B+E3VDtz04cVqzNYbCmRP9Tof1czxiPYJ+1
kyqlk1Kd53zU2RtH1K66Dy3VNHtjVheccEHhRYCMv1q1g1+4LgdaBkouqfNld9Zc
9OfK8ZYeeH1iiTjgvSB2FN5ZBZYSEfs1Hnfw0XpyZcPXxPw+UA3h0awellWk7D3S
UQFE/ARKfbhBbLgbaCduwrF2sWLMAj5WlQv+z4QLJkWire4Z9A13qUEvUNvys+i7
/nOXorVH9UnvqXobQSAT8I91/LzkyGZB7lZrTnHzKQm6pQ==
=tZkd
-----END PGP MESSAGE-----
fp: C92FE5A3FBD58DD3EC5AA26BB10116B8193F2DBD
encrypted_regex: ^(data|stringData)$
version: 3.7.3

59
kustomizations/website-beta/anubis.yaml
View File

@ -1,59 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: anubis
spec:
replicas: 2
selector:
matchLabels:
app: anubis
template:
metadata:
labels:
app: anubis
spec:
containers:
- name: anubis
image: git.distrust.co/ryan/anubis@sha256:2660a2e873ae555380463faa3430495062c009fc6d1e641d3dbc273335235dd9
imagePullPolicy: Always
command: ["/usr/bin/anubis"]
env:
- name: "BIND"
value: ":8080"
- name: "DIFFICULTY"
value: "5"
- name: "SERVE_ROBOTS_TXT"
value: "true"
- name: "OG_PASSTHROUGH"
value: "true"
- name: "COOKIE_DOMAIN"
value: "distrust.co"
- name: "TARGET"
value: "http://website"
envFrom:
- secretRef:
name: anubis-key
ports:
- containerPort: 8080
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
---
apiVersion: v1
kind: Service
metadata:
name: anubis
spec:
ports:
- name: http
port: 80
targetPort: 8080
selector:
app: anubis

2
kustomizations/website-beta/ingress.yaml
View File

@ -16,7 +16,7 @@ spec:
pathType: Prefix
backend:
service:
name: anubis
name: website
port:
number: 80
- path: /submit-email

1
kustomizations/website-beta/kustomization.yaml
View File

@ -6,6 +6,5 @@ resources:
- ingress.yaml
- website.yaml
- docs.yaml
- anubis.yaml
generators:
- secret-generator.yaml

65
kustomizations/website/caution.yaml
View File

@ -1,65 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: website-caution
spec:
replicas: 2
selector:
matchLabels:
app: website-caution
template:
metadata:
labels:
app: website-caution
spec:
containers:
- name: website
image: git.distrust.co/caution/website
imagePullPolicy: Always
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: website-caution
spec:
ports:
- name: http
port: 80
targetPort: 80
selector:
app: website-caution
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: website-caution
annotations:
cert-manager.io/cluster-issuer: letsencrypt-caution
nginx.ingress.kubernetes.io/enable-cors: "true"
spec:
ingressClassName: nginx
rules:
- host: caution.co
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: website-caution
port:
number: 80
# NOTE: This makes use of distrust.co's web form
- path: /submit-email
pathType: Prefix
backend:
service:
name: web-form
port:
number: 80
tls:
- hosts:
- caution.co
secretName: website-caution-tls

54
kustomizations/website/ingress.yaml
View File

@ -73,40 +73,12 @@ spec:
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: docs-qvs-redirect
annotations:
cert-manager.io/cluster-issuer: letsencrypt
external-dns.alpha.kubernetes.io/hostname: docs.distrust.co
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/permanent-redirect: https://trove.distrust.co
spec:
ingressClassName: nginx
rules:
- host: docs.distrust.co
http:
paths:
- path: /qkm
pathType: Prefix
backend:
service:
name: docs
port:
number: 80
tls:
- hosts:
- docs.distrust.co
secretName: docs-tls
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: docs-qvs
annotations:
cert-manager.io/cluster-issuer: letsencrypt
external-dns.alpha.kubernetes.io/hostname: qvs.distrust.co
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/permanent-redirect: https://trove.distrust.co
spec:
ingressClassName: nginx
rules:
@ -124,29 +96,3 @@ spec:
- hosts:
- qvs.distrust.co
secretName: docs-qvs-tls
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: docs-trove
annotations:
cert-manager.io/cluster-issuer: letsencrypt
external-dns.alpha.kubernetes.io/hostname: trove.distrust.co
nginx.ingress.kubernetes.io/enable-cors: "true"
spec:
ingressClassName: nginx
rules:
- host: trove.distrust.co
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: docs-qvs
port:
number: 80
tls:
- hosts:
- trove.distrust.co
secretName: docs-trove-tls

414
kustomizations/website/keys/88823A75ECAA786B0FF38B148E401478A3FBEF72.asc
View File

@ -12,200 +12,224 @@ Uh5gKXDx3hgH33WubkQZdmM8GISEpUaD4IfCe9nw5Pv7cxB/kupnnQOsoDlcmrv7
b3QNxueZ861QRFdISKgxdn2ZqO5d9d70xZHuCfWEnckBXHJrCXSZLK7iH0f+xnTQ
wms9MqetXKTaACTN03P64eXoxgXAi2X/I22S33R9Ftnu6+QEbazLjIj5iwARAQAB
tC1SeWFuIEhleXdvb2QgKFJ5YW5TcXVhcmVkKSA8cnlhbkBoYXNoYmFuZy5zaD6J
AvsEEwEKAOUCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4BGFIAAAAAAEgArcHJv
b2ZAbWV0YWNvZGUuYml6aHR0cHM6Ly9naXRsYWIuY29tL1J5YW5TcXVhcmVkL2dp
dGxhYl9wcm9vZl8UgAAAAAASAERwcm9vZkBtZXRhY29kZS5iaXpodHRwczovL2dp
c3QuZ2l0aHViLmNvbS9SeWFuU3F1YXJlZC8xYTM1MGM3MTUxY2ZiYmNkOGI4ZjE4
ZmFlYmI0YmQ4NRYhBIiCOnXsqnhrD/OLFI5AFHij++9yBQJn7VKlBQkLTaxeAAoJ
EI5AFHij++9yJEsP/RltQCervG8etzQzpUaHkq/n8QHoIeuKPU6Z2O05xiRjDRPN
MsKWy2IZflHoELOcnh/IAoDWZOAv8PLjI48+NEWG1dDSR/lFQEHZPiUhZk2z2S3L
Pe/MdGeBUiAwhu2rhzc5qJoALtPzEYSD925E8yDdJ1GIqYX/kwMwODtClXq68awC
whWfPJgdEr9whevgyLlzyygniDEdc20nyhKxKf7f18WJWZgnsPRzRcgkEI7X20oo
6lvQoi7v0Kdr3GmPJECXCUc2BWxOIxmpwn9WdjkYPnd9CNEGBpIZVvQGMw15WhFO
3ejnt+mLT3zbm2wJ8kBl0SNxj8BBv0vQ4qK0pk6XTnDvyhSXKTGXpaIJmiVeUp/B
yGAVctNGtQZHOdevpdDXtU8tJtHJaAizqyiAodK9gJ6TTbeOqHuNzXplz7OQCjFd
g6iXogJBxUaPwBPT262luJgt8kc8JXiB3gcbLFGc1+v+NIeW6upu6zizOPwNdLzZ
mP5lCCtvbC7dK8T16JP1I+3krdpKYTBPj7VWurfJuzz1rN62tIw3CIa78B39xjP+
S6uUMHnc9GJMo3HfRarXCqiekbRO1Nm5CUiKoC/bIHM8SWyKu13BlnkguOEoYsz2
gVAzOVjGD3H4GDLKEhRXZ7xSeqilFT5S5fsNCYRFWjX0xRWi20ao2zDLAi2ciQK0
BBMBCgCeAhsDBQkDwmcABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEEiII6deyq
eGsP84sUjkAUeKP773IFAmDatRJfFIAAAAAAEgBEcHJvb2ZAbWV0YWNvZGUuYml6
AlQEEwEKAD4WIQSIgjp17Kp4aw/zixSOQBR4o/vvcgUCYGINQgIbAwUJA8JnAAUL
CQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRCOQBR4o/vvcpTSEACFge0zA8PsW5sy
A62NBoKEq5/NcpFrW5Q7HRwspmLq/HUppJ0FqjmYMaIuDkkiv3+P9Yz8LSml3OZX
Eqiq7/hj7SXiSZ0AVNyluRdGGIO/nX6xVDdS+LTtizBfN2JLwGWCsfVcxpUQl1Wg
QMZusni61/zb6O1VqWB6z+Os4jGLA92HNF5yVH6tR+D1pd0xFxMXczA8xux78E4H
YpjBnf/I8Lud9QS0z6t+KH+wZE5QTinYzADyCFAed9t+38CNJrQgbm64JAE9FoEH
uEvi/wF04SMqEJ+9cmjuEyAVvULUck5SgBMRPx5MyxvBjpZkasNha0OgoBRSEQ5h
tqea7CmKfWaWV79az2E53K8vDtr2NkYe4F3iS7w8hbeItfnrsQYMAGdjjXO9Aqmg
vRWivbtwMpGqU4cx+T+d7kVwKXYMPjcDrQ4G2CaU3SEibFyxPSwc9a+5OEvHP1Rl
7G/XkG2kbA7abgcTOpO1AMpUMvF5MQMr83AzlLDEz0onxQU3RR6UFcOHLd00XX9u
eV4YTbdSQK6Kb58uDVx08hDO8rqyJqXRWRhfA4pqA+2y/hEfbSEOmPV4tcpYoqro
+kAN19oFCOsddq7WfIaqkXyPlZMA0crqC5s53va29ULHmJkMtW7nqCKPp3WucyQT
R6+eF7rw+Zhc+jkX1nNefvUriMSlcokC+wQTAQoA5QIbAwUJA8JnAAULCQgHAgYV
CgkICwIEFgIDAQIeAQIXgBYhBIiCOnXsqnhrD/OLFI5AFHij++9yBQJg2re6RhSA
AAAAABIAK3Byb29mQG1ldGFjb2RlLmJpemh0dHBzOi8vZ2l0bGFiLmNvbS9SeWFu
U3F1YXJlZC9naXRsYWJfcHJvb2ZfFIAAAAAAEgBEcHJvb2ZAbWV0YWNvZGUuYml6
aHR0cHM6Ly9naXN0LmdpdGh1Yi5jb20vUnlhblNxdWFyZWQvMWEzNTBjNzE1MWNm
YmJjZDhiOGYxOGZhZWJiNGJkODUACgkQjkAUeKP773LKVg//bT5oqUqtwaeFddj8
069VNRaURvJls3KmVtgqTRkiCvQMRR9wjcgRvfwrwkrg89C4Mo5evYsaEChpWnHw
x0cj4ISa0c81eE04gaTJkZ6oIv0w5xK9Um/9oRcU9/1xWj301SHNyT5H0v8sEX+P
FDrd4BfwN/wplQzX0FlKVtPtWekHI5k318TYWFBfwqssmqX7gbhV+8CqGNTwWaZD
jqMnCpRMq7SY41kTAl+WQ9PY4VVSPL2tVFJsbIX6Jd8mqcRsJJ3a19qpyByW1cMC
a68a9ot4zJ6ePhKKSufHqUsdHfdb6hrLYiSQpejxweVybYcshWY+Q7LA8hT53+2N
UaL7F3KAVOky1BepNY5PVfrenNA/T0G+b1CU6ayDh5KgsycBrH5ciYi41oo5NJFD
eVw7FKfkansHiK/uaNBSNxyzhhOnGr0RVDc1zx0ywXQxVivEzx9yCfVnR5AFpMzw
87mKJFUfBwlUMoK58ypvorn691KTi77UiiNIXW36XgI9nzShMD6Cv10vwJI2qGzL
ocGAdcEv2Yl+5Qa1sVC2Cs3Qqdaj06g+SB59lDMNZJiO40nfP4LWKLB39nCrpHOb
hQjFI9JS2xyRqTlAkZ6QG2q8qWNIXh9xZNZwzVsLCn1/ocR0IEi5f0zv2AV3BAmE
p1qx5QD2c308sG3hUeZVu5/0IWqJAlQEEwEKAD4WIQSIgjp17Kp4aw/zixSOQBR4
o/vvcgUCYGINQgIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRCO
QBR4o/vvcpTSEACFge0zA8PsW5syA62NBoKEq5/NcpFrW5Q7HRwspmLq/HUppJ0F
qjmYMaIuDkkiv3+P9Yz8LSml3OZXEqiq7/hj7SXiSZ0AVNyluRdGGIO/nX6xVDdS
+LTtizBfN2JLwGWCsfVcxpUQl1WgQMZusni61/zb6O1VqWB6z+Os4jGLA92HNF5y
VH6tR+D1pd0xFxMXczA8xux78E4HYpjBnf/I8Lud9QS0z6t+KH+wZE5QTinYzADy
CFAed9t+38CNJrQgbm64JAE9FoEHuEvi/wF04SMqEJ+9cmjuEyAVvULUck5SgBMR
Px5MyxvBjpZkasNha0OgoBRSEQ5htqea7CmKfWaWV79az2E53K8vDtr2NkYe4F3i
S7w8hbeItfnrsQYMAGdjjXO9AqmgvRWivbtwMpGqU4cx+T+d7kVwKXYMPjcDrQ4G
2CaU3SEibFyxPSwc9a+5OEvHP1Rl7G/XkG2kbA7abgcTOpO1AMpUMvF5MQMr83Az
lLDEz0onxQU3RR6UFcOHLd00XX9ueV4YTbdSQK6Kb58uDVx08hDO8rqyJqXRWRhf
A4pqA+2y/hEfbSEOmPV4tcpYoqro+kAN19oFCOsddq7WfIaqkXyPlZMA0crqC5s5
3va29ULHmJkMtW7nqCKPp3WucyQTR6+eF7rw+Zhc+jkX1nNefvUriMSlcokC+wQT
AQoA5QIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBIiCOnXsqnhr
D/OLFI5AFHij++9yBQJg2re6RhSAAAAAABIAK3Byb29mQG1ldGFjb2RlLmJpemh0
dHBzOi8vZ2l0bGFiLmNvbS9SeWFuU3F1YXJlZC9naXRsYWJfcHJvb2ZfFIAAAAAA
EgBEcHJvb2ZAbWV0YWNvZGUuYml6aHR0cHM6Ly9naXN0LmdpdGh1Yi5jb20vUnlh
blNxdWFyZWQvMWEzNTBjNzE1MWNmYmJjZDhiOGYxOGZhZWJiNGJkODUACgkQjkAU
eKP773IZOBAAm95gnhIty2S1xvG1MhUWI7yUlCgKYu75SOVYnr5Pzgs3oKCB6lff
BTdtslqcsw32FzSSJ6ShVZX5QxVwspgxv+r46CQK0Dvh59GgvN6DhcLw3qtJJkgE
4PS5dN9wn3GIV2uJJOrnnqIRh1WgXdmMZfYVlazWqfgfJygZ+WHdk+5g8fTvYda0
qsYWZ0pnBcqC/zfEMwNDTN1bQEJ1YAvatNAw3KpUOHrsY1yBrgAIEyArf8DJ7BzL
F2V1n5Ee+YOEP66+9kEn7TDA0lV0xaNHInE5orNro/BFmwj0faCW9YZlB/xP+Q9H
bl1RGp9YPhVEkFTFASKqMwazMratwV7mW6MnaP+oMzcBHhJq5UVXtxSTUcPLav4G
7TLkO0iU/ztiPaIw0L5OpEYjW02iyYYWftauWqbkDtMjFJ9Elnud86/IO0ZTQXEL
LN+nnZVMU3lqw4VK2gmfytmlk9gMuE2mvTbnFWkQ80tUaYCy5fIde5Qg4vJxG26S
r0GfJiR0szav/9X9Bovc9I7xkmXWbGRtfgMFDY0K1GkvN2mk6uikZJu5iqd+x34s
tvbnAATpMLOhAWjbV4/dJDBRlY1Xjb1ojEdmAmI1FHT4d90y/jc7xNHY/wq4JF8b
QjSM3JeWc/RrC8rqElY27ERy27xeAJiNQyJt2S/hpBYMzJ6KagNodAC0Em1lQHJ5
YW5zcXVhcmVkLnB1YokCVAQTAQoAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIX
gBYhBIiCOnXsqnhrD/OLFI5AFHij++9yBQJn7VKgBQkLTaxeAAoJEI5AFHij++9y
3ZAQAJIDml2wbeJZZN/F79M9cyhpACw2lpTag9G1vBizqYltVekmp6khEMiNV8IP
lu2K1L5qIOdpthD7nX2HjtKmZvqc4Lh3e5gKt7jM0yXUSVOlhIeamUCzji3fAw/t
r6iZgoaPnshrywX0ZH9wN1OU+11oHY7EdJFfFTGLs1uQCjBFsPpuSvj+Av1uY3D7
aRp/NxyPcYEjke7b0L6ofOuZ/SzRHtF84B6lgg0LHBJsKrNjD/hCPa4TdU2dHnLH
fmvB3aBPJHrc3SWrVQVqMLqLvO1trPUTDaKFwrxj/r9TXjS+8QyQOPPkObkykCm6
zWBnP5gIT4c0jJzv/kzV0IsEAlOPRW9y2l8/uqWCYtizK2qCtYWb905b2qOCUIOB
j2QSHUiD719xQRWTygPAnpVeI+hMBIIkTHtexEdJ8pqryT546MzBpDp32QGm0hMj
xUE8kWJmY8wRMytRR3/j395De2VK9SIvwzw4YuNbXyw5wAfIeNefasFiTLjDaW2y
s4Gcdw45QcD0ivlNIo2f0OpAl1uYOhqc0R2pjF443+NmqwUc8dqFbPOfKhePHdaU
2TKsnZxMW1D/W6+6UMq2KAvI9+FMIzMN1cG4jxWUEwW9psWNI/RGKs9Xt/GPhzz8
Ea7GmEFFieLwFz4Lsnor7k5V/ePf37cqAw8nTX71uwE55cgbiQKIBBMBCgByAhsD
BQkDwmcABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEEiII6deyqeGsP84sUjkAU
eKP773IFAmNpgQ0zFIAAAAAAEgAYcHJvb2ZAbWV0YWNvZGUuYml6aHR0cHM6Ly90
aWxkZS56b25lL0ByeWFuAAoJEI5AFHij++9y2iwP/iAbkg1CwqOpRe8RDt9BUgyg
KPTdT7jZv/TaxpeM4NwljfjXhSQqJeM9aNdTk75HN/56D/WrVHib16CrwmV8s9LF
1Iit/iNwl8p4p6NqZUNh2rCtMt8I3VTj/ZxSgmX6HD/424itIoxFEcJCtJscs4/w
1bSamuvwGiGF9j32S2Bh9UzwhLLpzdEA3gyQnZEqIxv4czhCnlhTHLtFTPJbA1WC
suuOqqB8V5+8jrFQPHYAFAaRn66BzxUBXQqnqGUPRu+xtI9FchMJCMeVupxOxLFZ
Gh8pdhsY6kzX+BHcIypZU/p2yjlOJRWghLmUlJr1BOfrloaGFiC+86M9QY56IimG
C9B/hl6qnLgoSSKR/6iOVRolWcMGxLNLEizue3bdR1x0Vk0DR522LwjdXEKVQrtY
RDf60HjafwBq2THA8saSmSnDvNfbPCQJKz1ePRnJ+05hkgNY0mWY6bMwtCDmA+iZ
8b1mBCSN+2qzlhXHuuyXVJV8W+a+yTJ42+leJGPA0h9rELejW7DNgSvbnHi6H8NE
h38KAw64vucFCkDex38N8YpfVj35ZYEq7t2IjGnEvyrG14QBXt2giP4LsjXb44mf
x0hfq614A2d0ucE81zjyzFEZcPyRKgYa0RGuT+IANx4Tft1czXpi3BGKXbFVuVP0
2kU3PlOGzgd2lgKe0N+wiQJUBBMBCgA+FiEEiII6deyqeGsP84sUjkAUeKP773IF
AmF3L5gCGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQjkAUeKP7
73LXNg//aDkg9HAfoPSNAHkU5T8AmMmUwFieBySLVR3TzdnLPulVFe8+5fZ7x8jr
60StiWsdfDIwrYWADcCGAEGjG8pwCtHWs8QaNT27Vf9uA+Ec4J2ePZVwrx3rr7ZD
bjIG5cRi5WVYkLKL0Bddr/OrwI38f54Kh5YdW4efZ703vW7ZpDe41B8hBl20uLSy
2eJBZ9l1YlGeOYpm3KiJ2JwLdBaB6UD6wNeNRCVAWDf19F866nx5y8Chk2pp4vXf
H7U9/hV4t+2Ha2jxipSGArhzHx42G65CMI3l+xYPZ5+jpgKiJJ2mYZoTG4tK4VdT
XeXS8B6x3bHhLuQZzRcjTj67z5Np1cuNE6wI4ISHdAI/fjIDuknlnLP5R7TY1GoK
x43jQKC6iym8FV2jfpDTOSX95vTx/dJKQr/Mg3nBR7DUZoEvvgTXIt29L3+ZAfCB
09sQksmzMZK6Nd8KzJnsTiKJnbGwMiyg4h4ag92ZyHhheHeTC4eTtDZVRkN+kKEo
PXnG/c7gslCnwUPQ6UyER1fBF/Fpd5iTC/lcyD6TRtJRRYduzW4yx0LibVefn+n1
B7E1FdsbAZWE1ZyffouzfolcCvBRCL0srZvLGhY1SGYRNvGeQBZfWpH6mVdj3Npb
UElkWBrbSFX4SMYQTsfLhqTUCro2tiV6eQvj1Ng/IIb+d+mJLyS0H1J5YW4gSGV5
d29vZCA8cnlhbkBkaXN0cnVzdC5jbz6JAlQEEwEKAD4CGwMFCwkIBwIGFQoJCAsC
BBYCAwECHgECF4AWIQSIgjp17Kp4aw/zixSOQBR4o/vvcgUCZ+1SogUJC02sXgAK
CRCOQBR4o/vvckKDEACtpPWR9ohSZvDi/gvxxUdmMbmSk8BXXEbD0/UXYiI9eA40
cGH7S4+lbt4Dp1xUGKgTxytYCBUEM7VDxKtt17b/VQSCLo0Fctv0Xc3xkAvL7f8m
jJ6vESshQwVkpwJJ9KjIu50M8EaUl8YIhtS7XgTsArATplzO98MBJ/4S023+iYMt
2pXYYWKz6sO6FH+6xXv9hc6PCyTnWWPNvKh+vF/1OEfXl4nvMBXUs7QVCLEFNcFg
tEkxbTyyIGE48/IY66GWTw3RSO6hUIeiL049krRDXumIQmlVaitrLyUUZITGdq/r
/AJ8TE7pIAwr3FLc6j+5IJU5NYUtcmvsvaNrb560MPcGVsr9E8mZlv51L3tdFvZy
9YMrPV0oP4AQk5tpolXX68QF2at4Bb3OBsckl0UJUUkPDD4+A4Cs4QPv8H7VrqIY
faqPIqH3ffXV8PFj6vk3SPFe7GCcyNPMf8GxX12HROuOdddCS7ssCm2sK35MAiaX
XiIHWK6ZR3C9bApbb1q0GjGndPm2qhj9XwscmQxdy2MIcT1iEhZzWMYu5qvDLDgN
fiNQ7DoML2JGyp3rsl0V69pOuokpR6wsskmEP1Tht4Zp50x0mrsIlM3S6DAHjHgI
Icc5EMLsvwzVM/pLESZWAiewDZ+lAOEraDvg5zMOCO+/1E5RgH4P0fFc/uc+E4kC
VAQTAQoAPhYhBIiCOnXsqnhrD/OLFI5AFHij++9yBQJjzryqAhsDBQkDwmcABQsJ
CAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEI5AFHij++9yooEP/3OcUCJvtyliEy6a
1aR4CEv1H/kd2zGRApBkSdLpffdw76xdzF258uqzi6nt8B5AUtp5c4LH6VxmfwIg
zGOSN9/vE2XhCOvPqorum3wpnQoR0Q4B/w9T2c0NJWFOq9RVt2LKmHTBakq2rf5h
6fQkp8bVmyklL48kcFPcN1rWvjgtmFsMrEoSLDO4vZpZL/KoMBsmTR5kPCxPGEWf
5T8vWGjA0y6dTzcjRnSzfTqGJdkA+DRuBXlcCgfj+wjXKiknkm1MgdD79kkfYUIW
5t50HM5oR02fBVeOzA03baAsAHidIyz3/7BmzuKISLb479wjCNui768Dz/8A7KEU
zwRik1EwXHlzrWPX8eIMEquBI+NLFcnQD1g0LmMDt1rId+g6ZlSpAFqlCX9yBxyP
jCKxkcqzvDJn6FFZEme87FIK4H6rwpewlC6himXmAlhP5hbEmTIyaMLV/F8t5q5f
rQ6XrNSi+660IqY1NezZnN47Y42jmwviL3M9TXcmju1fBzZ/f7LECiv1PLVi+HtM
4pKo+JOTP+p3n0Oul7h8pABhX2nCLG6FPT5jp40gtkraTNmKec9SUFDC+ANAh7cr
NlpsxI5oXQj+120Qds3/5snu3I5k2SB4cVmmIrwZCzP/eFEZsuhOabyD+tf0wNsP
LkzMtYQrbqeL++4po8aVucRLlcUatBR2YW5kb3IyMDEyQGdtYWlsLmNvbYkCVAQT
AQoAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBIiCOnXsqnhrD/OLFI5A
FHij++9yBQJn7VKkBQkLTaxeAAoJEI5AFHij++9yDvcP/3oAovIReAFJz5p9vI72
Jd8kMy8Xze9POtoTkAySop3Tm4Zsuwa5iIO1+26aO8pgQj8QLsonEmMnEztRmmvD
oi1ToIIA09weI2Ht0pOm9/ZM5V3ZB3LTUQmNzHlCexZUxDA7gFUUsB9yfG0xsiY5
SjSzTWaI26lU+TKNnyIvufz9ZZGc6VvyHlvo9T3iCZs1ocb95yTde7EOo1XI6jPg
LufAtOmL+2ACYc5jLYnBBl7RsS+DDt6dPXx0isoEfjoPiqnnOAFuyCn+coJf5Aya
cnw7QaTMF74plgQ6byZpK1pADkdT9tNFVBqBaQ1xGOyPJ3CJBilwvfrMTm8Fr07k
wrIk8ykUbvMiU3kVpeAucIQXVsL8W6QD8ykF2cDQZIBHYxr9Qr5UEVTzpOzp/rDS
R20KxRpAEPpGdztRTeA7DvZLaUE5D0ULK64powoURpbF08S4dEJD0TOHTlVuT+5q
NEC50Ya6j+pPf/1J+gK7tG6TUigA6T6/m8XcsQS5ZfL2HxUjF9IFGirAMP4+SINl
YVlbz1lJ3ezN2M47zY6VYXQmC38tGbbLNHTSf9uZa0Kt2+HsANyAueaeveXNtTDv
rqMYhFSX03QCa/jo2RMBc2U7azsLLTlqvUYaTLU00nLgAcOa8Ubp/5ljsBOdUhol
EoI1WUxlWqk+eSQ9De++yr2EiQJUBBMBCgA+FiEEiII6deyqeGsP84sUjkAUeKP7
73IFAmF3L6cCGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQjkAU
eKP773JNkg/+PilR6Xl1UZ3X4lAC861fq79j1uBLU337SGpV1jZ/2jtd+4n816Cn
xsiTXr+S1yC1EHtIl0qNk5M+dmOoHnFcb8R+VktYUp+KvBEB63Wk4yojgajj3M7d
j3paDq36EIwQ1Vg/fhV5D22Y3gveRyxzHA5cWjexJhp7bOB0dbzCUs3u5R9/NvTV
H8FOQbuog85RO6FJTQgG3T1q5lat/1Zj0L4c8E4ykTPaixhC+ec3lXsJu9exS4Xc
zJpgpPKHdugP2PFDAG5XcxoAzmTI8ftecRK9JLJm+qdHs97GFRDDqUrxisgalgN7
yJQpOoHimGbK14teZTgX1bUhTwDjowxhYvKGd0/UTqLQgTVWXpi1TVPnZbcitVBx
V44qbGLggKPR3YpfwDZXEqJnwShp7/87wS7XCm+69HE/iH49YPdtH8bNXUkkkVp8
ddV5leMdQmdR3QmVAOT9ZBpf7akhLqwUV+CGObHdsOkpEaVNIeKCsYA49NzY17M3
BwqDIb74r+1tWynKMHiVmbn4OyWBIpSq23/CMjwjbJOu6ULBvLoXjJW6YxTmLbY8
mb1HdhPvQr484TbOwEK0I7x7/PNSx9+P05x39SRKaB9U41kQkm5Bxtr5tTMl8GnW
YIDadbH/aNvmE0polZk4sbl2jEjYveGXyK6nQB0fbH9u0jkYzE9ZWGW5Ag0EYGIN
gAEQAJUlQooH4Bx+OtBHHVgmQIJF9lz1fRzpZVoQE1elP7IC1arofXt75z3AHyxq
opoMlZV5kZELP+KJRkj3p2qdnQjWR9H9WrudjVE/VtmafhMD3FqC08xTZzaIxiF8
g2zll08eI2NTCSnNq9j9BRD/e8bnTlNusHJwIYmEdNR//nhDMKFd+NDqPZEj0Fx2
UGLtvpGzMoZXfFhuPTY1QFVXGzjMgiK1qnf/oEBVlWE/eiFbmCuBKSunl9wVso9z
NJ/o81+gb472sDRX54VZ84eA5IXm+PKGbK663GDa2l6V3+kqTRJm+fTu8jQLYIPL
YfG6duQnvoEsvu0s3aQOodfySRTQWbsxu2yV63nuCv9sxM+2DuE41nQgKVDM1hJN
4PKcdek6jj+hls5rknSaLgqZL3GDP2ZpXgYyfJCd9AO4soERFBwuLCD1t4ERCMQo
4GiilSCQtuk518oP2daq38zbtt9llJ/P2FB/soNXU4dkePLKX8PJrOWci66vQFCd
SYMGqyKdBag2Sn4Dwh/qYsJaK1+gvPDyi8xft2MkNOPaN3vzVpYa1hFGGjJRtG6Z
umGmcZxzDdS26jD0ccnrPwyEXlmE+dN2Hxv2+q3Z0mO8wGhpWnKo4jrWLxU2jLB1
RiAPQiiBTACq1KvC6Qy6qgJiRPLOLkAAIR6zwxY5CR4OMSW7ABEBAAGJAjwEGAEK
ACYCGyAWIQSIgjp17Kp4aw/zixSOQBR4o/vvcgUCZ+1TIgUJC02sogAKCRCOQBR4
o/vvcutGD/98DTudln9kypxgq2Cmt88NAErZoz/p+1qMLL4d1jozUTOmDPQy6fFP
TLvf5m4C9fyiJA9//XJKErXnGoaTIjuvRKJOOOkZoR/BIZ3xoagxcyDQI9hLJJc4
qbLi3KQeJ9AU/b2uWIdi4zG1hKOFo89TFrvTLez+geOGWfSOq3/JhxS8x5rlQ4HD
GpQ2r9aqo3g6I7plBcjyAd+qdMgI8cHns1lNxGLLRLOID7xOFYS7KzZ9WO545W6R
2lgzwQOfXpztI4nM8+CdgsQzojrq0Xtt0V2Zv1SIdZwGF2r4utnUn6m64+33Be68
jEk2nxaNHiMMO6TmOhrnGQNnvzrAg0tADsOCkewRU4h54lC3oFVrQl0bdsPc1pTX
3C29V+b4VsJD4edB2+g0rnxs9ctfhe+RyzBFNfJjXp9QCwXfdsY+NbgfjeE5/2Qf
XWk8YcZA68PK3sL/Fcsq5++Y1hyCtBjHT8XMN1SBAwME1SZu5gaFybz2NqABKmt8
zWHPLEOaB62g8dyjokyxzbbHV46EFEYnEvLinUVoOOFZuhjOWDNmURbDY7oApR9s
9WV/R13dgz6lKj8NlkvFfGDLExtQ+F2bqsiweUG/t3mdQeHfaX0q7AbSe+k+LR+i
GP9Nku+8b2pjnIskJZf4C0Hy8lYBIsnj+SL2wWB3bwMT52IUjBg5e7kCDQRgYg1k
ARAA8H5YDUeEXWZTZj6vcfjzIDnwT5cCKKeK0gq9r5zPmArYmkS5BWJZSfjtgQP1
OerzsNLZMI7Nnfcwny5orPyPJJ7Y+f2sVjBjs/vPv/n+Gu9VxWmtbHZYunp/3XZb
CHmvjbzwBDzbPUY05rUyOfm2gfYwdfYH5R+CbWg9FVAC6OO/pmIW/2b3BINxpg/t
zHKCZJvYsRNy5F8FemyK2nrWbW4aSKauwcHlWfkfoyhbPsIeCVnRGBENicN4AQA/
DSjDKv1FexvhBlLRkoFlm0o4CmSrNaZwBn2zlOPg4VGOGjvcGEWwozN+I4PNrWit
PfuK2u61IsoeukKMqq4xoD1W7Prw5yspG98e6gD1HWYL0jICGBhY5aU30kPx7Llb
ylsF9EaDI+xnUveNYRSoJt4OljhaK8S+cICRqxPuUZTwOA6rXEiBAZ4MnMazVIDS
kQCvnBNfmsKDsZJaXhTTyUSj49ZNrI1hp1qMJisIme/ac5Jm43+8TCZF+Jfd7HRM
LTZ4ZaYnKyJxB/924Fn9Hm0FAk5O7A48NuBOB0ng/lfmpn6q5gzNov5njlP5f1Au
ev68OFV7uB7/Ui5etLQGL6ZIMoF+Ug3swM6J/wFjPj7H7InWLzk3qDDqv4XnBNR5
kG0lubOp74jIYv2llwp7LyVtYfTrTxeLAwOAaCsX6PqLBXsAEQEAAYkCPAQYAQoA
JgIbDBYhBIiCOnXsqnhrD/OLFI5AFHij++9yBQJn7VMkBQkLTay+AAoJEI5AFHij
++9ySn0P/Rlpfy9eZPJlq7akIiC3trxLhHVUzUsaRWGB3HMZszeGHq2JLsIG8Etn
J9X5Y18vx75WWHVqq5OEFz1a2KNg6dgyvElHTxPtcQjItL3rKOqcJPSvpUxeSgbg
N8UhFQOb+qX4fE3smtC3vTCSxezSADWdKusvW6S2kxTSUi6SNu0fa5aRI4K73Paj
tqBgitSnCRLPXA7dDzk4chne95unjHLdGbOrFVIp9eA0C6hKUjTdO5yKTUuGA/46
hH4PROVr419ZQzNCBOCL6CdPD/b1b2IILBKEJVlNxZ2FDCnIz9XFt5WaIzbcMr0s
q68yxeda6MLTMxHbwqPB96rxsKmNA7LdOuI8je1N6p/BUZLFTHZj5ulJt8SwEXfQ
fwaygwyHvW9ivZvaIdzE7AyBEVYz/VumZt5AH7hAZn88KFQZ2NWNR6pxox1ItLUj
ZuGkxbeliINJt9u9i4iRubJOHARRS74Puo0furyooEbASrdsnMf/L3+6AfoRKI8g
jENr6ArBvGNGRWZ8roK5uMI3nHOk51erpxX2UsARePCB7ItOMnbSuRIR+t3PjXUW
KqMQ661Bl2bWizQZipJiBKpDHvWcZQqFqGn48g5QDkgsH1LQuHBUBJ2i5NrNbIKK
23bAPsI0XFk3dHRJ4PcBe1OzRPBs3JVtL/6aW0NnH5Alp2XRHBy2
=s5vg
YmJjZDhiOGYxOGZhZWJiNGJkODUACgkQjkAUeKP773IZOBAAm95gnhIty2S1xvG1
MhUWI7yUlCgKYu75SOVYnr5Pzgs3oKCB6lffBTdtslqcsw32FzSSJ6ShVZX5QxVw
spgxv+r46CQK0Dvh59GgvN6DhcLw3qtJJkgE4PS5dN9wn3GIV2uJJOrnnqIRh1Wg
XdmMZfYVlazWqfgfJygZ+WHdk+5g8fTvYda0qsYWZ0pnBcqC/zfEMwNDTN1bQEJ1
YAvatNAw3KpUOHrsY1yBrgAIEyArf8DJ7BzLF2V1n5Ee+YOEP66+9kEn7TDA0lV0
xaNHInE5orNro/BFmwj0faCW9YZlB/xP+Q9Hbl1RGp9YPhVEkFTFASKqMwazMrat
wV7mW6MnaP+oMzcBHhJq5UVXtxSTUcPLav4G7TLkO0iU/ztiPaIw0L5OpEYjW02i
yYYWftauWqbkDtMjFJ9Elnud86/IO0ZTQXELLN+nnZVMU3lqw4VK2gmfytmlk9gM
uE2mvTbnFWkQ80tUaYCy5fIde5Qg4vJxG26Sr0GfJiR0szav/9X9Bovc9I7xkmXW
bGRtfgMFDY0K1GkvN2mk6uikZJu5iqd+x34stvbnAATpMLOhAWjbV4/dJDBRlY1X
jb1ojEdmAmI1FHT4d90y/jc7xNHY/wq4JF8bQjSM3JeWc/RrC8rqElY27ERy27xe
AJiNQyJt2S/hpBYMzJ6KagNodACJArQEEwEKAJ4CGwMFCQPCZwAFCwkIBwIGFQoJ
CAsCBBYCAwECHgECF4AWIQSIgjp17Kp4aw/zixSOQBR4o/vvcgUCYNq1El8UgAAA
AAASAERwcm9vZkBtZXRhY29kZS5iaXpodHRwczovL2dpc3QuZ2l0aHViLmNvbS9S
eWFuU3F1YXJlZC8xYTM1MGM3MTUxY2ZiYmNkOGI4ZjE4ZmFlYmI0YmQ4NQAKCRCO
QBR4o/vvcspWD/9tPmipSq3Bp4V12PzTr1U1FpRG8mWzcqZW2CpNGSIK9AxFH3CN
yBG9/CvCSuDz0Lgyjl69ixoQKGlacfDHRyPghJrRzzV4TTiBpMmRnqgi/TDnEr1S
b/2hFxT3/XFaPfTVIc3JPkfS/ywRf48UOt3gF/A3/CmVDNfQWUpW0+1Z6QcjmTfX
xNhYUF/CqyyapfuBuFX7wKoY1PBZpkOOoycKlEyrtJjjWRMCX5ZD09jhVVI8va1U
Umxshfol3yapxGwkndrX2qnIHJbVwwJrrxr2i3jMnp4+EopK58epSx0d91vqGsti
JJCl6PHB5XJthyyFZj5DssDyFPnf7Y1RovsXcoBU6TLUF6k1jk9V+t6c0D9PQb5v
UJTprIOHkqCzJwGsflyJiLjWijk0kUN5XDsUp+RqeweIr+5o0FI3HLOGE6cavRFU
NzXPHTLBdDFWK8TPH3IJ9WdHkAWkzPDzuYokVR8HCVQygrnzKm+iufr3UpOLvtSK
I0hdbfpeAj2fNKEwPoK/XS/AkjaobMuhwYB1wS/ZiX7lBrWxULYKzdCp1qPTqD5I
Hn2UMw1kmI7jSd8/gtYosHf2cKukc5uFCMUj0lLbHJGpOUCRnpAbarypY0heH3Fk
1nDNWwsKfX+hxHQgSLl/TO/YBXcECYSnWrHlAPZzfTywbeFR5lW7n/QhaokC+wQT
AQoA5QIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgEYUgAAAAAASACtwcm9vZkBt
ZXRhY29kZS5iaXpodHRwczovL2dpdGxhYi5jb20vUnlhblNxdWFyZWQvZ2l0bGFi
X3Byb29mXxSAAAAAABIARHByb29mQG1ldGFjb2RlLmJpemh0dHBzOi8vZ2lzdC5n
aXRodWIuY29tL1J5YW5TcXVhcmVkLzFhMzUwYzcxNTFjZmJiY2Q4YjhmMThmYWVi
YjRiZDg1FiEEiII6deyqeGsP84sUjkAUeKP773IFAmQnALgFCQeHWm8ACgkQjkAU
eKP773Icog/8CFZpGlht/SAsWv3CPGotYVenSgZ4+j49tqyTA057bx1ihuzDVsjO
Epx9YoS0WUHd1oeWHWw4gZlNnYed9dYvUQLtbivTZ51eX6cCX4K82/CgX7sBKNQE
bpnLhifucye8YNJDKTcieB6RWo+wzTW++KiVXFwr51wQT1maq0/VJQnHZKKmyDgh
qHDT7qeTiu+kJ+l+cC5+inE038P74jq3PhQh6y06HR4qncgqEVaJqtVc8OyQalJn
yrUVcK+lZ3MW9sufFhVDL+z5WaIAZxIo2hVK4ZjmjTYZhD0EY2OoHPh5k3sfNJ85
2eHYnRRzltNyYkSweP+oeWIH3kzGg1WlAUCnE2axFiqSDp2b8KxDZ8JTyiZyOUf2
A06SoGTONGAQ792hbdP4kzwl42ICHL06efFImrO+13yKLmH15CAs7TPtGW6+PZWb
hkdMZ12azGftKe0Thg+zs8y7CNyQMCuConYi91tsrV7o+tRjSxKXeL+N542JNe6C
LvGkYyCM8DFDojikze30xZ7d1STaEfDpHab/9zHD7T+sJDl1PUxyjnoSqNj+6O1h
RiP4JiWI3fYRhP3rXKBLUJEBAqUciMvSIMhfqex9fKtmMHxSaVTY9Z0qIw3zRgI2
GNCn5GqmgzsTpxrU3ZSyH2L2AitGg3ealR+nC7PKkIEt8TY0y/hFsOC0H1J5YW4g
SGV5d29vZCA8cnlhbkBkaXN0cnVzdC5jbz6JAlQEEwEKAD4WIQSIgjp17Kp4aw/z
ixSOQBR4o/vvcgUCY868qgIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIX
gAAKCRCOQBR4o/vvcqKBD/9znFAib7cpYhMumtWkeAhL9R/5HdsxkQKQZEnS6X33
cO+sXcxdufLqs4up7fAeQFLaeXOCx+lcZn8CIMxjkjff7xNl4Qjrz6qK7pt8KZ0K
EdEOAf8PU9nNDSVhTqvUVbdiyph0wWpKtq3+Yen0JKfG1ZspJS+PJHBT3Dda1r44
LZhbDKxKEiwzuL2aWS/yqDAbJk0eZDwsTxhFn+U/L1howNMunU83I0Z0s306hiXZ
APg0bgV5XAoH4/sI1yopJ5JtTIHQ+/ZJH2FCFubedBzOaEdNnwVXjswNN22gLAB4
nSMs9/+wZs7iiEi2+O/cIwjbou+vA8//AOyhFM8EYpNRMFx5c61j1/HiDBKrgSPj
SxXJ0A9YNC5jA7dayHfoOmZUqQBapQl/cgccj4wisZHKs7wyZ+hRWRJnvOxSCuB+
q8KXsJQuoYpl5gJYT+YWxJkyMmjC1fxfLeauX60Ol6zUovuutCKmNTXs2ZzeO2ON
o5sL4i9zPU13Jo7tXwc2f3+yxAor9Ty1Yvh7TOKSqPiTkz/qd59Drpe4fKQAYV9p
wixuhT0+Y6eNILZK2kzZinnPUlBQwvgDQIe3KzZabMSOaF0I/tdtEHbN/+bJ7tyO
ZNkgeHFZpiK8GQsz/3hRGbLoTmm8g/rX9MDbDy5MzLWEK26ni/vuKaPGlbnES5XF
GokCVAQTAQoAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBIiCOnXsqnhr
D/OLFI5AFHij++9yBQJkJwCxBQkHh1pvAAoJEI5AFHij++9y32wP/2iqEiaPL25q
pWGWCCqnmm6NuXTZFrPcJ8FqYk276h0Erkmrs4jxlt4BqH6hZsOrypdWWJlBKnFm
fTY7LOlNAVp5ycnZutmfWT3Q/SabG7B7Z+2ZTRTynnYJ3wjbkHvNA0mbJLmywMFf
QQrbg/BDs8e2b6L1UY0UfBfmyIl/AVAhGVY1NUhVevkVF73566+SzBEjy3aNd4gI
PC4USE0MZn6jmts/hs0J+HGazMV1wRX0kmXyL+HOAi1jqohqOVUP+yQlOP4vWafO
u3csUWPmEAAJTbLTOpqBOeVrFSy7JWDL3SmDKPmLosjWXyrfPPmxlxwN3/gv7qD3
oGKRBFIPAJJIHzzY6pUJHGEPinYdsq6S0WiiH61FyNjH5+urobr/e7u/7IrJCrw1
S/Zoiw6ie+kz+2EUY2Oxb2mhAqcGcniv4wI4LV9plAsbjJRCzHCe0fF7+bglakj6
G2PsGrgtJjLUk+D+4oOFwRG12OgXJnAznQRMSDxioNab2YPKn5SIGf1Lb7/15eeI
wEfCMc6I8qbkscqA0EaHYqthFPY6nqTixDVq+QGRrWms8amLA5VPzLihEByJUVMY
27ztpIDhQYuMnu8UnfcLjkwF4F3la5hUJLE9Ct+8MpewOLJddTu/Nziy7SHe5gkw
RBgs0f78aKcNHgaM69RTgtNVdzAUU86htBJtZUByeWFuc3F1YXJlZC5wdWKJAogE
EwEKAHICGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQSIgjp17Kp4
aw/zixSOQBR4o/vvcgUCY2mBDTMUgAAAAAASABhwcm9vZkBtZXRhY29kZS5iaXpo
dHRwczovL3RpbGRlLnpvbmUvQHJ5YW4ACgkQjkAUeKP773LaLA/+IBuSDULCo6lF
7xEO30FSDKAo9N1PuNm/9NrGl4zg3CWN+NeFJCol4z1o11OTvkc3/noP9atUeJvX
oKvCZXyz0sXUiK3+I3CXynino2plQ2HasK0y3wjdVOP9nFKCZfocP/jbiK0ijEUR
wkK0mxyzj/DVtJqa6/AaIYX2PfZLYGH1TPCEsunN0QDeDJCdkSojG/hzOEKeWFMc
u0VM8lsDVYKy646qoHxXn7yOsVA8dgAUBpGfroHPFQFdCqeoZQ9G77G0j0VyEwkI
x5W6nE7EsVkaHyl2GxjqTNf4EdwjKllT+nbKOU4lFaCEuZSUmvUE5+uWhoYWIL7z
oz1BjnoiKYYL0H+GXqqcuChJIpH/qI5VGiVZwwbEs0sSLO57dt1HXHRWTQNHnbYv
CN1cQpVCu1hEN/rQeNp/AGrZMcDyxpKZKcO819s8JAkrPV49Gcn7TmGSA1jSZZjp
szC0IOYD6JnxvWYEJI37arOWFce67JdUlXxb5r7JMnjb6V4kY8DSH2sQt6NbsM2B
K9uceLofw0SHfwoDDri+5wUKQN7Hfw3xil9WPfllgSru3YiMacS/KsbXhAFe3aCI
/guyNdvjiZ/HSF+rrXgDZ3S5wTzXOPLMURlw/JEqBhrREa5P4gA3HhN+3VzNemLc
EYpdsVW5U/TaRTc+U4bOB3aWAp7Q37CJAlQEEwEKAD4WIQSIgjp17Kp4aw/zixSO
QBR4o/vvcgUCYXcvmAIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAK
CRCOQBR4o/vvctc2D/9oOSD0cB+g9I0AeRTlPwCYyZTAWJ4HJItVHdPN2cs+6VUV
7z7l9nvHyOvrRK2Jax18MjCthYANwIYAQaMbynAK0dazxBo1PbtV/24D4RzgnZ49
lXCvHeuvtkNuMgblxGLlZViQsovQF12v86vAjfx/ngqHlh1bh59nvTe9btmkN7jU
HyEGXbS4tLLZ4kFn2XViUZ45imbcqInYnAt0FoHpQPrA141EJUBYN/X0XzrqfHnL
wKGTamni9d8ftT3+FXi37YdraPGKlIYCuHMfHjYbrkIwjeX7Fg9nn6OmAqIknaZh
mhMbi0rhV1Nd5dLwHrHdseEu5BnNFyNOPrvPk2nVy40TrAjghId0Aj9+MgO6SeWc
s/lHtNjUagrHjeNAoLqLKbwVXaN+kNM5Jf3m9PH90kpCv8yDecFHsNRmgS++BNci
3b0vf5kB8IHT2xCSybMxkro13wrMmexOIomdsbAyLKDiHhqD3ZnIeGF4d5MLh5O0
NlVGQ36QoSg9ecb9zuCyUKfBQ9DpTIRHV8EX8Wl3mJML+VzIPpNG0lFFh27NbjLH
QuJtV5+f6fUHsTUV2xsBlYTVnJ9+i7N+iVwK8FEIvSytm8saFjVIZhE28Z5AFl9a
kfqZV2Pc2ltQSWRYGttIVfhIxhBOx8uGpNQKuja2JXp5C+PU2D8ghv536YkvJIkC
VAQTAQoAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBIiCOnXsqnhrD/OL
FI5AFHij++9yBQJkJwC5BQkHh1pvAAoJEI5AFHij++9y6kEQAJzHchSlC2t67qph
OAgDPAb3AyrUUn7kaUdBtbq7bEA3i2V1vwQRxL0G9gvmihbC8StFslb/sPPTjZOU
r4U8XxEp89FsaJYveDwBBbFni49XsNdqqcuNupOauIn4CrY3J0t7nTVYUNMMXqoV
ubkbvhDC1KR1RvBvX+xE/7kVGXicAlHmoDwAuOqq56rPpmxPgi7nCGsJq6YUuwpH
Uhq4GENp0DJdFxdSgKNW90tybWQNWY4jxFSeENW5cJoDo9Poq66gngTCjFGOBn2L
E3I12jFg/OI2ApfPJ+5+qKFYiJVfdKDVno9NsIGFjAGiBoC6cq+ULcsmOo4sSs4p
hYQfGj8czeem+CBsundWKZSOgbUmjgPKR9N5NhI35ccC3NDmzGfqh9B0vTHve51l
isQaMXqx9XI0Gyz1jtbE/sfU1wQyMktO/0xFopPRYLONpQiDwn6Kmy1CajItx7iW
+6B8MGbzKB+cnmz0uM22zGMstkOl7Q0mmrFBMMuwuwKuZkgdvquHlCoRg9pGr69l
OgXrl6m/TM5X0qEUd0ke/juS5XqcI8uFeTVoBjeWAYATxFrCvy+j5uBuPIEScVGc
0xiU53Uy/rlHtayHLzwWJMVNHBcpL5eTgQToxyL+Nf3ZZMQQuKnd8j9HuDw6jvh+
OJKOYX6uYCiPHn1m3Va1r/PgeoqqtBR2YW5kb3IyMDEyQGdtYWlsLmNvbYkCVAQT
AQoAPhYhBIiCOnXsqnhrD/OLFI5AFHij++9yBQJhdy+nAhsDBQkDwmcABQsJCAcC
BhUKCQgLAgQWAgMBAh4BAheAAAoJEI5AFHij++9yTZIP/j4pUel5dVGd1+JQAvOt
X6u/Y9bgS1N9+0hqVdY2f9o7XfuJ/Negp8bIk16/ktcgtRB7SJdKjZOTPnZjqB5x
XG/EflZLWFKfirwRAet1pOMqI4Go49zO3Y96Wg6t+hCMENVYP34VeQ9tmN4L3kcs
cxwOXFo3sSYae2zgdHW8wlLN7uUffzb01R/BTkG7qIPOUTuhSU0IBt09auZWrf9W
Y9C+HPBOMpEz2osYQvnnN5V7CbvXsUuF3MyaYKTyh3boD9jxQwBuV3MaAM5kyPH7
XnESvSSyZvqnR7PexhUQw6lK8YrIGpYDe8iUKTqB4phmyteLXmU4F9W1IU8A46MM
YWLyhndP1E6i0IE1Vl6YtU1T52W3IrVQcVeOKmxi4ICj0d2KX8A2VxKiZ8Eoae//
O8Eu1wpvuvRxP4h+PWD3bR/GzV1JJJFafHXVeZXjHUJnUd0JlQDk/WQaX+2pIS6s
FFfghjmx3bDpKRGlTSHigrGAOPTc2NezNwcKgyG++K/tbVspyjB4lZm5+DslgSKU
qtt/wjI8I2yTrulCwby6F4yVumMU5i22PJm9R3YT70K+POE2zsBCtCO8e/zzUsff
j9Ocd/UkSmgfVONZEJJuQcba+bUzJfBp1mCA2nWx/2jb5hNKaJWZOLG5doxI2L3h
l8iup0AdH2x/btI5GMxPWVhliQJUBBMBCgA+AhsDBQsJCAcCBhUKCQgLAgQWAgMB
Ah4BAheAFiEEiII6deyqeGsP84sUjkAUeKP773IFAmQnALQFCQeHWm8ACgkQjkAU
eKP773KwFhAAq6KNLx1gjhAptt5FJEWItON934oqLdUqrRRSZ8bTadPgmq4a70mE
yG0jywV6CkzCLMZR9lDmRYfS0mvxqO6pjrExkzSWgwXnImbtgESgltYmy5Cd+hTf
hNBnEtqTE9vUfvlVv93PQkUn1P6ELHGJwmqKB2hI3RTTW8P7dZ+6AShABTDgAVww
rI4HFugFbx97gmy8R6ldY7HFCUx+JrtC49QcPTOV8a9Bs0vZc6zz46dIP5orXndF
/CKnEKDgzn8l77nY8gUqF12QoKYHsiDHhlbIxuT3o8UqXhoq12HOyHFyvQh8017p
Cf6u5DY5LsZM7jrcKn6ECQ/6eSjSmXraUuKUVG311BV1uv9+2UnAGzWflI+UO6+2
Mtv2R8I+EVKmwpMyyldcTEjs35hX8uavjWSctCwurnE/ByyH4ZljpQHUZeoO9R93
YvExkg+VIzYCZmdxmCm527utxyzWCBFZDk9Ewb931Z5/aHWpNJUTFUuHRC9uy6u0
l89q8jBXGAvwQlgxhYwgD7biquIq26JQuiiSQb5RgD3D/dFhej2aBLjSo2C1hiac
e3HLGx63pINdEW9igRdTusGqVlDt7yQWssyRSNzGLhkLwNRfxoDeyEUmAG8FfpS8
3CCwa090iEocpU5crEus8ab1XGQmNxOEH1qD6JqQTfgIPCes6m5o6yS5Ag0EYGIN
ZAEQAPB+WA1HhF1mU2Y+r3H48yA58E+XAiinitIKva+cz5gK2JpEuQViWUn47YED
9Tnq87DS2TCOzZ33MJ8uaKz8jySe2Pn9rFYwY7P7z7/5/hrvVcVprWx2WLp6f912
Wwh5r4288AQ82z1GNOa1Mjn5toH2MHX2B+Ufgm1oPRVQAujjv6ZiFv9m9wSDcaYP
7cxygmSb2LETcuRfBXpsitp61m1uGkimrsHB5Vn5H6MoWz7CHglZ0RgRDYnDeAEA
Pw0owyr9RXsb4QZS0ZKBZZtKOApkqzWmcAZ9s5Tj4OFRjho73BhFsKMzfiODza1o
rT37itrutSLKHrpCjKquMaA9Vuz68OcrKRvfHuoA9R1mC9IyAhgYWOWlN9JD8ey5
W8pbBfRGgyPsZ1L3jWEUqCbeDpY4WivEvnCAkasT7lGU8DgOq1xIgQGeDJzGs1SA
0pEAr5wTX5rCg7GSWl4U08lEo+PWTayNYadajCYrCJnv2nOSZuN/vEwmRfiX3ex0
TC02eGWmJysicQf/duBZ/R5tBQJOTuwOPDbgTgdJ4P5X5qZ+quYMzaL+Z45T+X9Q
Lnr+vDhVe7ge/1IuXrS0Bi+mSDKBflIN7MDOif8BYz4+x+yJ1i85N6gw6r+F5wTU
eZBtJbmzqe+IyGL9pZcKey8lbWH0608XiwMDgGgrF+j6iwV7ABEBAAGJAjwEGAEK
ACYWIQSIgjp17Kp4aw/zixSOQBR4o/vvcgUCYGINZAIbDAUJA8JnAAAKCRCOQBR4
o/vvcrvwD/4g5y3QCT7ZMMxHmjraoBsH4cf0yLB+ynzd5ZtyY/VbwNCeI3Wizft5
Fh0FShfjQ+ZHWz7Qfk7LVxoo/40evZMKmD8jpEc7XuvxvqSK8bzGEdneSn2epsUX
mXw/+Lzti+3VeLN2GnI7FAM9IVUcWMSjC5cLlaVy5O1KaqHzo2C5JB6Z57Vdj+Rx
zk8d57yY1SiD/s12loLi457sCF3s/kRUzcDD00aJvaQmdRZDabz52qNBuNA7APph
gA7ZyyLXcjkcu3gRPFyz4+ulvSmNKyjKB4KOY3RPbGjQYhcfowGEWDvT2nOWreeQ
f12vwQJJMa6p1T4cBe1IT5sXhGuNw/klh4cGfdKyZy+sxrqs1KUAF4It1k56Cyuj
3eD2COBkzYMP3oO8GLd6sBrFGzMej1la/hyVg3aksSV2+UDfXj22YMQ6jdM67cGG
cNJKau1biKMF8gSDClzHEzQy+Im5x1ujGLNNw5VF1O6eBti05vkgftzgj7tv2FEs
lCp+HlDZ3+6IopNHVh8zMFWI9hgNH7d0wGXpvcOQWmIVt6nihatmqIYyCKt95SiA
zfPQ3U2nJ0U4Hh3mNeCC/J+/1KIAw1ggc6/z8CkGYzgYxvVXy2WXGxNSQmZIUnmU
BS1/LADooH99ElbMP/YrAqS626iWrQ/r4jxkXok1ArbHXgy1g7qXW4kCPAQYAQoA
JgIbDBYhBIiCOnXsqnhrD/OLFI5AFHij++9yBQJkJwDXBQkHh1pzAAoJEI5AFHij
++9yp6UP/ArULaAMU2bo40jetmjccavV8b/JT16NosTZmVgEvWILFgdILJkWdg8D
vDOcjFWduk2WgtqKW+/3y0A+u+Wp2bcN7SWsRdI6jLny3io+TtyOWdkb3JjXbAV6
9i0I8XzQST/NWCRt0zeSjwFPKJ09d9vlwl9LKAGYyM4Nz4iOr2dUOife/eD3zTq5
OihMeGo968vdA9hdzPiFhZhZ0a1iIlJmHqAEECKveBLCNHLy10FPVirv9+yLO8T/
oLB+RG74zm7EIgkwNCTKzAyGHrann8twMkGniMveZp411O8NfFV6TgJ9x/0Rxg0g
sHgXb+veHKX02L4zBNvrHNIdwBmdtyG5GjrbFx10Q1kiBxfkUkiNZDSfUeDjo93x
QcqpQk8+PT+PoJ7TALTLEw3e97KGXwWXcTXO2DIwc06l6ksaah2gv1aE1wxJ9dHO
RBePhu7No7XULzn83o3YW1L7JxZTicxrbL6xea7TRAcO5UGaoJii9a8FdFXwIbm3
0Uq9AIt0FGD9fgTDSIQTj1KaxCroKSf7sOOY0nBR20isl8Bahkh+mWB6K7YP+X2O
eW7sPJ131gmxfa8BGBN4MEqGEw1sGMgpVW60+XuAbk4J2pO5tbuLEOlXjSucFSeU
mzP60jD8Qx0xXTs5XyJNS+INdtm+WsspepgGkfJj7tl8rmiuZRy1uQINBGBiDYAB
EACVJUKKB+AcfjrQRx1YJkCCRfZc9X0c6WVaEBNXpT+yAtWq6H17e+c9wB8saqKa
DJWVeZGRCz/iiUZI96dqnZ0I1kfR/Vq7nY1RP1bZmn4TA9xagtPMU2c2iMYhfINs
5ZdPHiNjUwkpzavY/QUQ/3vG505TbrBycCGJhHTUf/54QzChXfjQ6j2RI9BcdlBi
7b6RszKGV3xYbj02NUBVVxs4zIIitap3/6BAVZVhP3ohW5grgSkrp5fcFbKPczSf
6PNfoG+O9rA0V+eFWfOHgOSF5vjyhmyuutxg2tpeld/pKk0SZvn07vI0C2CDy2Hx
unbkJ76BLL7tLN2kDqHX8kkU0Fm7Mbtslet57gr/bMTPtg7hONZ0IClQzNYSTeDy
nHXpOo4/oZbOa5J0mi4KmS9xgz9maV4GMnyQnfQDuLKBERQcLiwg9beBEQjEKOBo
opUgkLbpOdfKD9nWqt/M27bfZZSfz9hQf7KDV1OHZHjyyl/DyazlnIuur0BQnUmD
BqsinQWoNkp+A8If6mLCWitfoLzw8ovMX7djJDTj2jd781aWGtYRRhoyUbRumbph
pnGccw3Utuow9HHJ6z8MhF5ZhPnTdh8b9vqt2dJjvMBoaVpyqOI61i8VNoywdUYg
D0IogUwAqtSrwukMuqoCYkTyzi5AACEes8MWOQkeDjEluwARAQABiQI8BBgBCgAm
FiEEiII6deyqeGsP84sUjkAUeKP773IFAmBiDYACGyAFCQPCZwAACgkQjkAUeKP7
73JKFRAAgu1MAlEH6A+v3jOHSziPE9rIBXJTf056vsbx7acPx2fRCkYKsffyF+rz
w0wii12hK5usaNZxdvEhPEQ6rscr0g4bCKypfncg8fP0lr4nFaNoqr8PWzLjB6F5
qITonMxpEy7kLw0V4w6H/sgGMPKoj/tAhr8LuR3PJWR60M5vGUJG+8fcU3MO8OBK
ttlJ9pzYf8rrzhieup9eM0WCiITlgALabn10mwRrDF0dgzXRrOOu9F5zR1vfk7GD
HxmWdIWPdNFqZj4V03w48ggbzgFHqsiuU02T+bPWyLN9YGVysEid8HRLHo7MUHmT
A7bimsz7GAeJG8O7uoZHJkcOzeAUFUPrOTBlRJYTQURCXVLSTRaRS46gALzpt76P
HrshH0a6yVThSm5pFuvpIe1ztVI46POhts0F/OS80T611keC+xWvL4ZmVQUlGlzw
KAb6/oD9IZebVQWQSSiuGUCmHtNmJwqhtpjbdtTYaBPcBhe85fN0NDlwxoFdGlSP
TzVS/dx0JdfG2eDhPveWq5EuFgt4u7oFpnB//rawVRzPPaULc/+xx80KlIvUd0y7
gkH0mMgbg24sMWhsm8S1ziPcft/DTF5zaIO4sT5PILwFlZmOZGmVjleQ+BCnEwFT
IzYTtuCHvDCrdtF52oz3l3y03+z/S5D4MurIe+6cNH9P4AluR2yJAjwEGAEKACYC
GyAWIQSIgjp17Kp4aw/zixSOQBR4o/vvcgUCZCcAzgUJB4daTgAKCRCOQBR4o/vv
cuOHEACEn7EFrukkAvs0c9Bo3MsRFFvxxujBSxFawx24C9RUYoe+RJ1f499TeugK
tF12Nb77WYl4G2lR0IAaMNdoRUnCBLk4ir7EIPHlB33M0rjiIMfwxKMyKgHtEs/2
xJFTuy4oBPpGuJWQBjpOYAUY1aARaYe6Uf3reCGJRZIKHY7DwPOL4uvcM73G/7tT
7gwTveq1GmK5cPFmI2q/EZyM4/b8uG2EDQ6ppAc16yyBhZ32cfJKmBMHSwCeEGHS
wYMfj5u2QUcAOIbPd2yYEqlmpCh6WD9LjLr3Q8K6BIb/iKt9fKSkhuAEMmbMVVsI
7t4EywrIdxTunxGnm2JsWj+mAPIVgS6tu5uu6HLWl0AuEBq4SIODNx8G652QwVA4
s0jPh8h2VpvaEo2uAwULYFyzA9Y/pOKQ3/brgHAGX6xeLkzNcKN8pqV3ZGfcGcd6
s55jtqxprUbaivqUbQ9GZ45PIYLU2QCub1OdBR0/Uo2JDgQsakmjYggYk8DugPpG
/KzDb/1RUg7IwwifBLhQkH/8pXqBFzKxkClJqMkWZ7wtfiflqMltR2ehVygh23GV
Choj3XJE537Mz+IzW1X4jAV3t3L0KvSUF15yuEM+m/thzivhI7EXi8oBfjOtEIJu
OItIX8eO6HXdDjjThW5dAFcE499MK3IfYrwWCFY60E5sr1v+DQ==
=y7aU
-----END PGP PUBLIC KEY BLOCK-----

1
kustomizations/website/kustomization.yaml
View File

@ -7,7 +7,6 @@ resources:
- website.yaml
- docs.yaml
- wellknown.yaml
- caution.yaml
configMapGenerator:
- name: openpgp-keys
files:

69
src/make/update.sh Executable file
View File

@ -0,0 +1,69 @@
#!/bin/sh
TARGET="Containerfile.tools"
SOURCE="https://codeberg.org/stagex/stagex/raw/branch/main/digests"
STAGES="core user pallet bootstrap"
TMPFILE="$(mktemp)"
DIGESTS_TMP="$(mktemp)"
for stage in $STAGES; do
curl -fsSL "$SOURCE/$stage.txt" | while read -r digest name; do
echo "$name $digest" >> "$DIGESTS_TMP"
done
done
while IFS= read -r line; do
case "$line" in
FROM*stagex/*)
full_image="$(printf '%s' "$line" | awk '{print $2}')"
base="${full_image%@sha256:*}"
prefix="${base%%stagex/*}"
registry="${prefix%/}"
path="stagex/${base#*stagex/}"
rest="${path#stagex/}"
if echo "$rest" | grep -q ':'; then
name="${rest%%:*}"
tag="${rest#*:}"
else
name="$rest"
tag=""
fi
digest="$(awk -v n="$name" '$1==n{print $2; exit}' "$DIGESTS_TMP")"
if [ -z "$digest" ]; then
for stage in $STAGES; do
staged_name="$stage-$name"
digest="$(awk -v n="$staged_name" '$1==n{print $2; exit}' "$DIGESTS_TMP")"
if [ -n "$digest" ]; then
name="$staged_name"
break
fi
done
fi
if [ -n "$digest" ]; then
if [ -n "$registry" ]; then
image_ref="$registry/stagex/$name"
else
image_ref="stagex/$name"
fi
if [ -n "$tag" ]; then
image_ref="$image_ref:$tag"
fi
echo "FROM $image_ref@sha256:$digest AS $name" >> "$TMPFILE"
else
echo "$line" >> "$TMPFILE"
fi
;;
*)
echo "$line" >> "$TMPFILE"
;;
esac
done < "$TARGET"
mv "$TMPFILE" "$TARGET"
rm -f "$DIGESTS_TMP"