From b7d81aa0b093a6abf5231338f3892219f8d83a83 Mon Sep 17 00:00:00 2001 From: Christoph Califice Date: Thu, 18 Sep 2025 17:49:31 -0300 Subject: [PATCH] adjust for pangolin + glance homepage --- .gitignore | 3 +- caddy/Caddyfile | 12 ++ caddy/docker-compose.yml | 36 +++-- guacamole/docker-compose.yml | 146 +++-------------- immich-app/.env | 2 +- immich-app/docker-compose.yml | 9 ++ monitoring/.env | 6 + monitoring/docker-compose.yml | 15 ++ monitoring/glance/assets/sereiaguardia.webp | Bin 0 -> 9566 bytes monitoring/glance/assets/sgpro.png | Bin 0 -> 11221 bytes monitoring/glance/assets/user.css | 0 monitoring/glance/config/glance.yml | 16 ++ monitoring/glance/config/home.yml | 170 ++++++++++++++++++++ n8n/docker-compose.yml | 9 +- paperless/docker-compose.yml | 10 +- vaultwarden/.env | 2 +- vaultwarden/docker-compose.yml | 8 + 17 files changed, 288 insertions(+), 156 deletions(-) create mode 100644 monitoring/.env create mode 100644 monitoring/glance/assets/sereiaguardia.webp create mode 100644 monitoring/glance/assets/sgpro.png create mode 100644 monitoring/glance/assets/user.css create mode 100644 monitoring/glance/config/glance.yml create mode 100644 monitoring/glance/config/home.yml diff --git a/.gitignore b/.gitignore index bae30c5..d656be4 100644 --- a/.gitignore +++ b/.gitignore @@ -13,4 +13,5 @@ !monitoring/grafana/prometheus.yml !caddy/config/** !.gitea/**/* -!gitea/runner/config.yaml \ No newline at end of file +!gitea/runner/config.yaml +!monitoring/glance/**/* \ No newline at end of file diff --git a/caddy/Caddyfile b/caddy/Caddyfile index c71472f..c6c9260 100644 --- a/caddy/Caddyfile +++ b/caddy/Caddyfile @@ -54,6 +54,18 @@ ccalifice.com { respond "Hello ccalifice!" } +files.sereiaguardia.com { + redir https://files.sereiaguardia.com:8088{uri} permanent +} + +files.sereiaguardia.com:8088 { + reverse_proxy 192.168.1.67:8088 +} + +files.sereiaguardia.com:9021 { + reverse_proxy 192.168.1.67:9021 +} + *.bortolasosail.com.br, bortolasosail.com.br { header { Content-Security-Policy upgrade-insecure-requests diff --git a/caddy/docker-compose.yml b/caddy/docker-compose.yml index 2ad5a1c..041b643 100644 --- a/caddy/docker-compose.yml +++ b/caddy/docker-compose.yml @@ -13,6 +13,7 @@ services: - "443:443" - "443:443/udp" - "8282:8282" + - "8088:8088" volumes: - ./Caddyfile:/etc/caddy/Caddyfile - ./site/bortolaso-sail:/srv/bortolaso-sail @@ -22,18 +23,29 @@ services: networks: - caddy-net - cloudflared: - image: cloudflare/cloudflared:latest - container_name: cloudflared - user: "0:0" - volumes: - - ./config:/root/.cloudflared - #command: tunnel login - #command: tunnel create tunnel_ccalifice - command: tunnel --no-autoupdate run - restart: unless-stopped - networks: - - caddy-net + newt: + image: fosrl/newt + container_name: newt + restart: unless-stopped + environment: + - PANGOLIN_ENDPOINT=https://pangolin.sereiaguardia.com + - NEWT_ID=t9eefucz8uk0qds + - NEWT_SECRET=tqb7nl80iwqsmyox0nndb82k516egcc7ui4fkuigvesuui3f + networks: + - caddy-net + + # cloudflared: + # image: cloudflare/cloudflared:latest + # container_name: cloudflared + # user: "0:0" + # volumes: + # - ./config:/root/.cloudflared + # #command: tunnel login + # #command: tunnel create tunnel_ccalifice + # command: tunnel --no-autoupdate run + # restart: unless-stopped + # networks: + # - caddy-net networks: caddy-net: diff --git a/guacamole/docker-compose.yml b/guacamole/docker-compose.yml index 02b01dc..e564acb 100644 --- a/guacamole/docker-compose.yml +++ b/guacamole/docker-compose.yml @@ -1,123 +1,31 @@ -#################################################################################### -# docker-compose file for Apache Guacamole -# created by PCFreak 2017-06-28 -# -# Apache Guacamole is a clientless remote desktop gateway. It supports standard -# protocols like VNC, RDP, and SSH. We call it clientless because no plugins or -# client software are required. Thanks to HTML5, once Guacamole is installed on -# a server, all you need to access your desktops is a web browser. -#################################################################################### -# -# What does this file do? -# -# Using docker-compose it will: -# -# - create a network 'guacnetwork_compose' with the 'bridge' driver. -# - create a service 'guacd_compose' from 'guacamole/guacd' connected to 'guacnetwork_compose' -# - create a service 'postgres_guacamole_compose' (1) from 'postgres' connected to 'guacnetwork_compose' -# - create a service 'guacamole_compose' (2) from 'guacamole/guacamole/' conn. to 'guacnetwork_compose' -# - create a service 'nginx_guacamole_compose' (3) from 'nginx' connected to 'guacnetwork_compose' -# -# (1) -# DB-Init script is in './init/initdb.sql' it has been created executing -# 'docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --postgresql > ./init/initdb.sql' -# once. -# DATA-DIR is in './data' -# If you want to change the DB password change all lines with 'POSTGRES_PASSWORD:' and -# change it to your needs before first start. -# To start from scratch delete './data' dir completely -# './data' will hold all data after first start! -# The initdb.d scripts are only executed the first time the container is started -# (and the database files are empty). If the database files already exist then the initdb.d -# scripts are ignored (e.g. when you mount a local directory or when docker-compose saves -# the volume and reuses it for the new container). -# -# !!!!! MAKE SURE your folder './init' is executable (chmod +x ./init) -# !!!!! or 'initdb.sql' will be ignored! -# -# './data' will hold all data after first start! -# -# (2) -# Make sure you use the same value for 'POSTGRES_USER' and 'POSTGRES_PASSWORD' -# as configured under (1) -# -# (3) -# ./nginx/templates folder will be mapped read-only into the container at /etc/nginx/templates -# and according to the official nginx container docs the guacamole.conf.template will be -# placed in /etc/nginx/conf.d/guacamole.conf after container startup. -# ./nginx/ssl will be mapped into the container at /etc/nginx/ssl -# prepare.sh creates a a self-signed certificate. If you want to use your own certs -# just remove the part that generates the certs from prepare.sh and replace -# 'self-ssl.key' and 'self.cert' with your certificate. -# nginx will export port 8443 to the outside world, make sure that this port is reachable -# on your system from the "outside world". All other traffic is only internal. -# -# You could remove the entire 'nginx' service from this file if you want to use your own -# reverse proxy in front of guacamole. If doing so, make sure you change the line -# from - 8080/tcp -# to - 8080:8080/tcp -# within the 'guacamole' service. This will expose the guacamole webinterface directly -# on port 8080 and you can use it for your own purposes. -# Note: Guacamole is available on :8080/guacamole, not /. -# -# !!!!! FOR INITAL SETUP (after git clone) run ./prepare.sh once -# -# !!!!! FOR A FULL RESET (WILL ERASE YOUR DATABASE, YOUR FILES, YOUR RECORDS AND CERTS) DO A -# !!!!! ./reset.sh -# -# -# The initial login to the guacamole webinterface is: -# -# Username: guacadmin -# Password: guacadmin -# -# Make sure you change it immediately! -# -# version date comment -# 0.1 2017-06-28 initial release -# 0.2 2017-10-09 minor fixes + internal GIT push -# 0.3 2017-10-09 minor fixes + public GIT push -# 0.4 2019-08-14 creating of ssl certs now in prepare.sh -# simplified nginx startup commands -# 0.5 2023-02-24 nginx now uses a template + some minor changes -# 0.6 2023-03-23 switched to postgres 15.2-alpine -# 0.61 2024-07-27 fix networks + version 3.0 -# 0.62 2024-07-27 fix -##################################################################################### - -#the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion -#version: '3.0' - # networks # create a network 'guacnetwork_compose' in mode 'bridged' networks: - guacnetwork_compose: - driver: bridge + caddy-net: + name: caddy-net + external: true # services services: # guacd guacd: container_name: guacd_compose - image: guacamole/guacd - networks: - - guacnetwork_compose - restart: unless-stopped + image: guacamole/guacd:1.6.0 + restart: always volumes: - ./drive:/drive:rw - ./record:/record:rw + # postgres postgres: container_name: postgres_guacamole_compose environment: PGDATA: /var/lib/postgresql/data/guacamole POSTGRES_DB: guacamole_db - POSTGRES_PASSWORD: 'H4RD!PA$$word92753' + POSTGRES_PASSWORD: 'axfhj34sf098123jksf-19fnk120-34lkf983' POSTGRES_USER: guacamole_user image: postgres:15.2-alpine - networks: - - guacnetwork_compose - restart: unless-stopped + restart: always volumes: - ./init:/docker-entrypoint-initdb.d:z - ./data:/var/lib/postgresql/data:Z @@ -125,39 +33,27 @@ services: # guacamole guacamole: container_name: guacamole_compose + group_add: + - "1000" depends_on: - guacd - postgres environment: GUACD_HOSTNAME: guacd - POSTGRES_DATABASE: guacamole_db - POSTGRES_HOSTNAME: postgres - POSTGRES_PASSWORD: 'H4RD!PA$$word92753' - POSTGRES_USER: guacamole_user - image: guacamole/guacamole + POSTGRESQL_DATABASE: guacamole_db + POSTGRESQL_HOSTNAME: postgres + POSTGRESQL_PASSWORD: 'axfhj34sf098123jksf-19fnk120-34lkf983' + POSTGRESQL_USERNAME: guacamole_user + RECORDING_SEARCH_PATH: /record + image: guacamole/guacamole:1.6.0 networks: - - guacnetwork_compose + - caddy-net + - default volumes: - ./record:/record:rw ports: ## enable next line if not using nginx - - 8181:8080/tcp # Guacamole is on :8080/guacamole, not /. + - 8085:8080/tcp # Guacamole is on :8080/guacamole, not /. ## enable next line when using nginx -# - 8080/tcp - restart: unless-stopped - -########### optional ############## - # nginx -# nginx: -# container_name: nginx_guacamole_compose -# restart: unless-stopped -# image: nginx:latest -# volumes: -# - ./nginx/templates:/etc/nginx/templates:ro -# - ./nginx/ssl/self.cert:/etc/nginx/ssl/self.cert:ro -# - ./nginx/ssl/self-ssl.key:/etc/nginx/ssl/self-ssl.key:ro -# ports: -# - 8443:443 -# networks: -# - guacnetwork_compose -#################################################################################### + - 8080/tcp + restart: always \ No newline at end of file diff --git a/immich-app/.env b/immich-app/.env index 659db0c..44b2643 100644 --- a/immich-app/.env +++ b/immich-app/.env @@ -4,7 +4,7 @@ UPLOAD_LOCATION=/mnt/immich-library # The Immich version to use. You can pin this to a specific version like "v1.71.0" -IMMICH_VERSION=v1.142.0 +IMMICH_VERSION=v1.142.1 # Connection secret for postgres. You should change it to a random password DB_PASSWORD=asdf1234 diff --git a/immich-app/docker-compose.yml b/immich-app/docker-compose.yml index 5d9e050..aa8990c 100644 --- a/immich-app/docker-compose.yml +++ b/immich-app/docker-compose.yml @@ -14,6 +14,9 @@ services: - redis - database restart: unless-stopped + networks: + - caddy-net + - default immich-machine-learning: container_name: immich_machine_learning @@ -43,3 +46,9 @@ services: volumes: - ./pgdata:/var/lib/postgresql/data restart: unless-stopped + +networks: + caddy-net: + external: true + name: caddy-net + default: \ No newline at end of file diff --git a/monitoring/.env b/monitoring/.env new file mode 100644 index 0000000..0b719f0 --- /dev/null +++ b/monitoring/.env @@ -0,0 +1,6 @@ +# Variables defined here will be available to use anywhere in the config with the syntax ${MY_SECRET_TOKEN} +# Note: making changes to this file requires re-running docker compose up +MY_SECRET_TOKEN=09cjk13znm31asdnm36981238vasd52 + +UPTIME_KUMA_URL=http://192.168.1.202:3001 +UPTIME_KUMA_STATUS_SLUG=external \ No newline at end of file diff --git a/monitoring/docker-compose.yml b/monitoring/docker-compose.yml index ce4f54e..62090f5 100644 --- a/monitoring/docker-compose.yml +++ b/monitoring/docker-compose.yml @@ -92,6 +92,7 @@ services: restart: unless-stopped networks: - caddy-net + - default homepage: image: ghcr.io/gethomepage/homepage:latest @@ -108,6 +109,20 @@ services: - /mnt/hdd_1tb:/hdd_1tb restart: unless-stopped + glance: + container_name: glance + image: glanceapp/glance + restart: unless-stopped + volumes: + - ./glance/config:/app/config + - ./glance/assets:/app/assets + - /etc/localtime:/etc/localtime:ro + # Optionally, also mount docker socket if you want to use the docker containers widget + - /var/run/docker.sock:/var/run/docker.sock:ro + ports: + - 3099:8080 + env_file: .env + ##### Grafana diff --git a/monitoring/glance/assets/sereiaguardia.webp b/monitoring/glance/assets/sereiaguardia.webp new file mode 100644 index 0000000000000000000000000000000000000000..b5c550a7ac0e9cd69c27b76b63900a84cce21662 GIT binary patch literal 9566 zcmV-kC863(_dMM6+kP&iCUB>(^~O28NpRfmGMZKRk#?d={05itS!D+Bb* zc+e32H(|>E|D7W_+I99hXCugGpW-d&bj>;EoU=VSbWiHst=N*PBvq9v|9|11Q{_^t zOD*+C>byDr4=PFj))>HhZ^p1ZnuigXhmWRU9?M_=*dUC-K!(R4Su(>zAogZ%y7}yL zL-Bn%IikowjAdCk3=U&3gr+jI9PS3P5PZr67L=bw;7I@&MUrjXvhZ+sGdGk;GLX4v zWWn0ZynB0(V2^9hW%qcuXa?M4W-dsoOmEn>osG8t-#oT$+kE*f&r933joY^MOoJkA z(l)8xG|m~eG3xPL-m3c)t0hounyRx!s z=$M(AUkoao2(TqdHf^hl>SNos&1>7XjR{~dyMgEG_0>FftdcWsW5UbT%q}~z&mq=? z6FFipH?SeVy>GTZUln5IfbX2&B zrtO-!$t3?@v2LaAKRz`5tx|YpmGW`R4(mdY*ufr^Z(A*!r+OL|)`~S3p(O#MXD}6j zAJ^~p%C%!}Vo0S!0W^;XiJn}!d)kIZZV@pSnRcwyv}-O`3JQyhNqOz~Vg`=VYbBPZ zKlD2SVxnkRFARu{)50y}VuYYt%31CAF*$oj3Iekfa)mY8qpaIam*Q_@B%lOA1zUlq zZXd5|L;Fk-x|hFsItMe^qr zE2rer#eN$cswAI$cb6S5l`e__<9BkvE(BgRi592k;>Calk{Ol9H z#|ofub8NDqbyU?tNfkPe@0ypMjM^ck)xaimA*y9VY}~VQJzG;H%}f0srDa~7nJa>U z_WOTFbVIkD?kNaCQNrf&Mqnmb*tjOSlwn}?Q$4cBPMXjSk4iVBK#)C+Jg_rqA2(SO zP=1jV6mmdnt>UHiNbm0@x_b<*Sz2I-j_KviYDY8BRX1+$EDH}k-RbfzuU=7x)MH?Y z^I0hqK>KOgiwA$??h(fi{^NnjYq!z7@hU+hl0GpM`h}_7PTwu935cAhItn>plneDI z3-pmG7|goM+O@y!7vHf4d@5ag{x=JWn~6CxChVFH6oNnrf;nv7&L(DlDK~FOs>P~` z>1M%E@?bo1=xp+sOmvtGatj$Q5;KM-QJk9HAtKDpb0yCmglp*w3=PP4b4n)6Y)S35 z>Pgs~`zo|j%|l|$Ejb{RnEVPP>WvI|L|%VhwKU3+pUwDZFW^M22(zYNJ}-L;6S+4R zzHvGzU(!Kq>EuOOYt_fa{7}^q7<&Su;TU(reptDsAYWddo11k-oNC_zibfTe6HEF@+;aNY~Gtu$DH%Z0PX zfbma74<^vgLP2NFIb8a7*qLA~O7k*TkhnopD+#X%iQw{o*p+bX$~cgT^z!EId$>QJhC7b^lX62{|BCOCk5i=XGy3-yPYZJkv~5@ka$q zLD|?G>md2g0A?(`Lh!C=3B=fmnQPV@Pc+n-hflnH+0FX+3Acs!Yi~ZKw7$0_#%b z2TH1j->$Tr{Ji_8oFb-nNJ+vN35Y!bt6>O;e9(e=uL#LyN|Nfc<;c&(t9g+^qJB;A zo;QyWLq#R4TU5POkId8WzkS4k*(D@WeQfjS!ObB6W%U6%x8IbkIn}J$x3~5M)*=en zK3dJ4(=}{-S3L=1K$`Ap4D>VI#Hd zE`d;cj1+A5N?2n*VJK*iZw4#9GoL zPsf#+(=MfP-YN`D&$YIgyr5bpV_y~$l{mO^d|s~$^Q%wX)EGJf9Ba0;Dh^SxIIbAa z(<%91x0EEHm{O;gNk1;6CX?dIrV?+7bK{6^8N8q>h7!7_OI{r{-Y^n%Es^S5BCLfK=jprsT~QeeYK;r(`SE`&{mv`0mr8g;YC{X1ZSJsCx>sW-(^%;VhS; zU=RA>5`NL$b75`!H{ZO?7IJ;q`wXma1il~Zlui?Rf<|P!m_36+>YpJ||0njMns$iB zHa?o2ZyyAS%9tzQ+-{I^$yVuO7DaqSD+)VT=u0cYsqz(C}{9w`RJAJnW+O z1Q(1ua!tGWeP^BQ0Knq5u^AHeG@TXu=}~_;iHREVfb_j(zqVQTR-E~`8MU2OGCu?e zN^Q`>oUEn^Qi_c#p~B{=d~pwF#0ncfMh{M1Y#ce_YxjNi&rFsA8nS9_W?e)WR#FdGY*S0+JEWl#1UuDh0ld~|REgcgveG_(d%=AHQgTy9i zT39$(l|`*{m|;Km=ia>5lOyxJlnP^|RQ?DzD(t4eOa*-%v~QXyu&tx`jS)$*o}7w1E09i7no|#dM~P`Q0t} z)^S$4;lt;(5S}k4cl~UfF1+vdr5?<}gxH$n-c!>B;?^!RP%7^onmiH`wQ`;lYty3V zlXLv$!V>;mwL|@URMATcngBB0GWjV9=(9<*a$RY@}cle~aoftY& z6cU^7Q#X+qp{Xr|6*qnA3OPm;iHgnb)Al^~wA;TmZA|MebqtXeSGGV=W9FfweVs&|Pe9v`i8VcGwXCN_8FR4y z+g`uRmbvwi*y-u%JPICj^*Tz36W_h9P`+q8eL5i^*5eJ!n;ka@svajJM<(l&KqJCn zDXw0b^eTh&9FD%sw9)_BUBl#I$wIef4}cLMK+VS|0T#N?jPG76KSi28AMA(e`F3LG z65H?4gb4nkP&x`8@Vy0zvY77Xw)V}~zhj+vF)_zEi#3r&rg zJAjcF4P%!POtiEX{?JDR(%O$+#of@pzRm>P&|BsS!H`rxN~T}n|7Arkm(75?NA7O zpyYLiM@YLk?K#!WqVJ;K80xOeQ!BKAR|Pe zX*(YF(uXw*WW+IXn>Sa%|Aq6xP*|Vlqc&Ezc-0wLiW=GgjEDsI%&S)6{+OifFTZ};mhL>W9=#sL zoEl;2qmTF3%b$6AmIAD;vE}mW z{dv+@7g=*lkk)f$b_a ziwQX0X`n}w*616bAYN|p=xN1e0VFONO0;{w#d<7$D1J~?ORLG!hUOI=& z)j2$Wb@9-%US1rXyrra}1we)@!Y!OMI}P0!RJsJwI21*~SodOn`pvVQxO=*vb~RZk zim;sFL+TRFSf!{+vmM$o8l{EpL))ec{pQhefS?Fs$fY?V)|c4h+8k$JTU_XE?r)^v z$Wm0%21SoZluqR!8;b=rg3DkXbE<&Mp<=Xz{-iirA)4YsXPPPBoY&N)mDAI9+9Ya0 zG;Fl{N$ux0!)WX2u6yz_+u|+P=SXmMj;G(4V{EP-N@jEUVh&sOqmB*$BO=l8Dhq?< zeEi0td{RYBd-krA&dI|8%2uL z&L0~DC;7+TywQshbpw%NQ-m^UW%wGUg7Xd|)^pg#2I5H63bACpo0qhQzimeoQ{9|L z|GLS52HE`5DgN@ZbA-O0{Qji*^>zc6EZt}n+=)oky~?1D+NYNFB8p~n6)&?%g*4w{ zl}Zk`c;n1g2rW0XY*7hXyyol(y58P#(O4Kbqj*zWaPkn3_pm#&W5`f-p4H|&e*Kbj zgw5602gVC+Ie*c=-T5QCF-DZklE%9H{6%-~t;ju3Pf;pX1q1U!-=$V?W;YX3-87;_ zRiZ_r_J~dx-CVOnocD&_O{%uyOyr9Dazw2#TwZQJym~rslgx;o3QqR0@zHBjf>f5ocy|A>_IdO}+&bnGAI{$s5^(F9^x1; zCNm?xfO42J9KQr_ifxDv0KJuEw6duAmBAv6u8^p+C?&1J2MLeZa;CNrQm!bq?mPE> z2WQ{!`em}aL9tk_7OMkXR7Yfr?d@iL-<=KsEkX&+EJ=@4O%@#|%5)W_=YV12@CDPu zA8`DchsU40MrJpp)fibAiXjWYtesD$!5pVl2(W5NVuv&(oQW!-;ZlazdG1_$dK5SB zpXVB&8Ww{+`uAY=huQ1qAtEhs!f<`FP21LpBo)g)!Cqqy(H5sPUMZTwG{ZNjjW{C(QJF?3r|%#zJony@ z4Xo&JtzQI$BosGLGQ7gcHUQ~V)^I9kxP^sNIq4NviY7?a1fwD{GR=w}Pm^xU7nix~ zvsET1#;w^yLFQ1jg&iP2RJka?SP&JDm+5e($B`jLxAZy!_{)$e6--9%V5E)vgMv zJe-mrGV;5qmxdr0hls@?Xr;knygGYW9Vt#}W;0>Iu2sf-bl||(mRqYwENq5{n_s&I z8qWRCstiQ$t04-~tTe33NT)DTwLWC0p<53%VPs*5^0x~^!W8>!@Sk-V@P7V2rBcBI zqw^4*)2qUwCX69EjeL`Te5!h@Eh(2J(CUShIgG$3QOkQ`y)?Y>=CUxVu7dIAnsBlv ztSk>sR)odx%^g5ycc3loGBRu(<9fV-!3TrU+t}A*9=Z)6J8h^=OSAQ1G|o5zYwek! zh|@r!yl;ECw-C$PZCw4n<}U1r_12 zFo6F1xnhO_M9c{~C@s~=`l*WW`wezw45u=hT{&bSSU^+yBGHjqb{FBD`!6H-USQDW z9(9fXK4KFy$mp&sH??^F0LUId%N~lBITU01N|RGphBW#>s@6A*&Y;fv?+0(6vFGS= zLfxnn8(wjXlTmo`^l%S{g?(P(;4`QBh1cGiPthh`sk5BqDYbDRust?>5(5bfKd2M} z*m_1#m=1gkJUsc=Ggm6kUTGM=7&v`B(yJoqcB7?TX~QWzsy-NjLqM!}Q_xS!Y30T* ziJ0FSk%$;YEhb58W*H?nUCS$Vg_Epf#j!%WZ292u_p({RGot;yD|iU@>`&L}-ihW1 zPd6(f+ed{{yN!bA2nwsamDl~k!AJ0Cb~D0(~T zsOa^XtOSFTKoP$8ejHi}j}$>-8)sn(lubVmoO^B$+zz>1PlZ&}y{ zLYpX9$i|l$D-Z+nBUJ`?pMU&SQ7)R(1WoM#KsN!soit=2?)9XJyL9!m@ZR$i^$4=o zX4&f)ctZ}nssCx)L{Z;-^BQ{|eR_~mJfl=DbFIT>2$(9A-}ffP%x=fRoW|Xfban;Q z-MDWz8ge;kSPnY6(a7k!AhT@t_E2q#)3P@|u5ClCZ6p1n8EH>$Hq3crFNsw;A1?tSPs*dU+j( zY|dl#`ZU3fX@V=~DLUu1*T?769;7OOv7PsZCos1eDdJ49*AVeDU;Zy~^oxI_sHTLU zDzvlH@AZg!=bugI=}kt|3Z2|`8`ReI@nYGSJ-+Ps{DApY7M@PQ&utSHw(3=>`g;4# zw~JHHmyl5ItIY6l|3B}Xhp|3=}=>ErN*WzimHs&>E_YJHH2&r^d)EvtD=LxId zwfVy9wp#T<<*bRe^h5euNwF`;BcWBr(V=`;bm=QTI{ktDt?as-khl!M%xxw^; z)Y7VWt{AIOErVLPabDy)6;p&ImKe|f2bG=R1|@-kp1_jq&P1*n+KwY=1|nUp($6C`TI>~Z0<91v6? zOJ{<*q@JW6Zp+ErQj)N07D4Lmo&NgQ6g;XZi;|-4+?EzZNG?nke$$k8FW2|brC!wkGcx;`xv3Z`(vt>}{;)}!U#Gz>Wjak=Lb+cjls-rMsdjJkJ zUm8x`VU_%!XT*T<2c=TX{;uiJb(q>$1wNLR{n-nG%gKkQ-Fie+SD*|u0Rb1|jof(2 z&_zEP`S9t9hNRkphCXI`sl?j$wW0m<^k$8D?>8SbF}#&4f*^KB znmvUYwn88mBtZ>2V=C0R11!w*vS0r81!dUKDzUX)dwj<35hO`<9({(O?k%CAm2n5vv0Ea5`_hrMRaLQo%FMh0C`~54d>{5&r1A-W^R0D=;IA)zO zlVWZQXao^O4L}uxzp0Q<@s}Q z==;Gs)X4QZrNsaVMyiRsRk2(#5>PFNk~2HAagM8aRLK&8;1BGQFLhS016V=qqe?MD z^fW}xs|!KeKB7Ls01?nk6oh8FVNhH<1(elpg)k0Y#EIV8^ny<(3?@2-h!=uF47fxI zf*jT#efq0coAGk}kkvBqkh~rEK|N@U1iN0Qlo*U#%-C4iAO*#~!scBfr!*~X_Ds#? zN6&}>!75~CeI3_Ziifz5|S?XV`PP|7d!p8U$G7bgC~eCx}wMqi(4J zV?Z!#P8!;62Zi&Vv&B@T6bNF#(1nU$I30Sh)826{N+dg6KJH_EML^|E zb}2r2));WfFBuKPB+v&&)Vs|P=GH>hlaK>OoeDp`{_eOUF7z(D*f%>N*o z&}N@W5ili!ToX=i)3AY+$lnaAl@i+xQ)JBxb2SOtxiHYpl@KR2KbSQug~0N*1??NG z3S`EbmfjANDbMfgTKLe6^d58d{g57rZL}E@`MZZJSXBKW2LfXxurDQvKNA8$3`i`Va%tN%W07b4Y(+*p>LU%+g2-aCt3?GeyPZNc!E z@;h|NW72E0-v6)Pvnoe!n&=rRMgnFf47G%92vg5YxCAY%lF#`^-BTz>I{2ZdV^?Oh zL)*}F60`7h$K@s=1Ox} ziU+Dxn@2ac2bw*JI#)geRW2VDfa=F{5i02f+@C#*&Eb?9O?JY5V3vSl#oX+LPD_CnQ@c$>`4 z??3eaSJ=@F%s{JQIH*xEvYIRB?V8hUtRI|z^%85K>!sEqQ4wZte^!Oi4&FX$?Y1Em zk4u4J5*2&o_7Mjtc-2R?T#=LnM9b-Co!*jS>RS<{^5Xf}+72h?fY`C#hQzjKJYX8B z$HbBCE_(_G6{12$)b|yxJf3lOIiF^X1a!+GZ|uns#om#Xz8128NaT6BNvhpIb+ypx9re z>J?x@%dT+u;u5=UdyY5xZwxoWO`LOp0XIlQU_2kQ;YC7VltOPNG@-fcwh{={+R%5xL*)oL(lByrR^p2&Lgax`~vbkVFEuw?8e$|g*;9IrYDcqC>c&m(?l%)w;AfkafX#*XLFm+I zr`8y=W%UE2W^v3Lek>M3uLc|l_}R!9Bu#k09}=dd$dl8-&Q zIY7;LZ8damxPg7)PzhqJLUjal*tkcc5T=!S!>yWw6d0;us6y{SF$mjbN2L-3_0+u# z$-h@D4i`Qj$V%j#UT3~cY>og2Yj>p}5CZ9D#q#~wo!N$Vf1fG|6{j3qNX(|YH@78w z@D=7Pf)Q2ZBJ@_)Tdw%+M+4~1p%<44>{57c3<#>ko8CU=L#T-`GG zPm{B!JE7mlE&1%{Y8B7<-epmlYOY%m=JLP$T2NT2znA`tUlGKq&oH8%A>i1wMeN;d zqM4!f$j?w%d1n!osT2KNKqpA`G-OYsfbA=vee<-L3kz%KQQ?u%GB7HZZ9^^A)aE1r z!>e@uauvg`u(wYPyA07*naRCr$PU3q+*Mcx0-^XzVpHZ8qqK}rj#$RUb?=qrjv4)vuCyh=oBle9py z$vzvPig*+71ff9kYBTx0HO2(H}^8Rm+_|B94TXlwIe?t&4B^dvMl|D{-`%f~f!5GX&=VISGN`F;%JUaV<;Iq6bT zN^Er{#kBVEE7T5*R=f`tqpv|x;`$vox*Syo-4CgGW-(2Tk7ep2P=2Hn|4_A6WgliJ zyc~h%J0N$p0`yk(jGz}n*b9;1NI;>kB>+O8cnnh0B?Z|s`g6E_X9SWz_4?^pxFM&4 zOo(^F5kQHCD-DIFLlIsDAs$c)5OO01c3+2Ut{Fk7>oib$-I(L!$Hy1A4JYjWE}mI1 zV!T)q0?HbX7vgy*_7CjA--m{A%7QlmcmT2v({^2fx8@%JBd2(A{@`=5yX43t02tZX zmtiZUIzk*9UX05xf61|4x)nlQRQ0`L{{{Xqe&RX9m6%0jI+iwR z#)G_Y1d0fO(j%RY$QA_sb?At6fq>~Mh9LQ?A%_RlYXu>{MZkZ?IPrW01k0e%PlE^* z0R3!g?CE2m_&o?20HxQO^f;-S{uPq{#GJ0H+;s&&pMjS=j#0|I%%24Cet_(PLN`Fb zH^%!jts#*hHHC6I7A}k!g#$uAmoIO_9%*AghoIS4j?CF^l>0UUuzK%g{8M~-|5z@q>%ORGZZnFu!j5^{v; zeEwU-nPLZ|rnjTBvl>*q0syo0WeVk00N6E4cD)|?P}s_m?*ljufTqJCu^HI&%Mr{w zYuGWyj_ZN*iX4H$BTyQo!xX`++<0R(rp$1A$a{*b;hVuVGGsw$dG7NBCTb zo?TF4%*P62SIKJ-X#SRZ>d6Per8_=epCgb30>w`{YGk~<7XxHDC^lj5?t5|AVHB%Z zM-l2`5%Y|vA4NF>h(3;r3K669K+5NHJKz|JC<=R8PyXy~Z5M^)_hqpT#-?)Q1^_Iy z#g_mKV_L;5HH-x(oSZ?-1x+3T#Z5XLk;@-QpAkvJ;>L0zDIo@caavig+YQ z>|qdcJV5t>q7Qm2yc49pOhnh-QgQg$qHH2qgc!$=fEp zXO2Mb5GZcak;6ZR)chI4bmhp`;U#M^s{9)uv!KL2jn=?D=v+q)&X9T|%?5|LMSL^C z;E#afdmu=RL&J;)*MN|lKtaYGMBJZta!ERJco#sl7b`+nsD5L-a0JQ(f#N0|Cy+zo zMu6-_!2b|J;VVJOO-@Y=zcU{#LEH)teGZCpG-7Hfi7#SWMdw6RKGy=t8c0pfAw!+y zZQ0_(tNVu3YRRGoI?3R_a|DVQfzl-%x9$K;N5fpNm~W@i{lRWom~D*lncD5*5p*Ho zk6TE)ZKu}@ZCDDT^iPaap&vwRGxM|Jg(FZ_2$Ux2Ft>o%@S$jJ-2*wooFQizPcV1` zqH?sFFRHV17NX=+5U~*Zg)n>vMEI(o12EgrhLO|pySx@}bm!$}jCLQS=B3V6Q`C^d zs{pcrU8q25)K!ALtUBb4IRcY|KxvW=!>YY~-dISB=@2VkFzIq$gXEusP~-=o_<}vG z<5!{f_6qFVN3m#;fSo%>uwY>f(NXt$940(hx}5mQZJ%ne=oBkwa`p@Fl_QWf0;NYf z>(|f6aE!SI*cTSUlYn`Qzdvhq+z7}8>4d@$fRaxnbjQ;JyTP8HEeFXwugycV3{Vmj`6GpmoCh!twZ9EgB^i}IFpt~S7zb)h4!9uT6 zk%dRq%8cq7)YmghYF;=3Wr;w#A7JT$AV*l*mE+aeI~2#Nb~y3!CPtzk#+3tqL+9I$ z1!Ai}@v(SxL18&CvKPe5;_D<=FlTceVlQ#J?0kgCD7_WqBQA3U%Aa%+7ckMbC#IZ= z%Uf7rEc+tMa{vzu4CdxFi`fEw1c>fNAP{%MaN0bb>&}3pY@et`M~^`;_@YxY{yRsY zlo2Rz(pkH<3KiAA0VOAE)`8=}%y;ZP1lNC=>3)(BPC^FF%vP7VUYw2AmY=6=ZkH}6 zv;KH1jzGyEP~N1I$uh{{?*JrM0kU3!X)~R&T#eQbGD<)Yr1OLcEk20-SUb7gUZg9n6_|TVwr|E7d87 zon$s|W6%3qar%qj+s{bHIW2PDCY1xhz1vO)=&ucuoaUW_Zn=obL4cEvk#w@NEOxhs z>?Ad9qN@3syr=(a5PZ)y>D<2c0xYlHTGA&SHrby3ogi2^KJRa#e%Uqd;N-PR4FOI% z`ig}@?*$c~%HaZb0%&m|uM?6#9_RV4hbcye6Q1emBdD)E+l3rng(FZB2yoJwAe{sw zJ>$~dXfh~tx3F3Y;8f|4H92PAtves07#%U%1~KQ37oQTd_VIEz@?^ExUU6fylwB{p zb=f1pNrx?QVzj=*C1(zy!RG3;@`vl~b^T4E#j)LXGFvnEZtDl=dA2*x<0ZKGlbNmA z=53ngv;OSPWF6RlG%l-4ZH%~aV-37>{{f0BG}O+-9S=~%q8j){}F=+sHh|u9y}HGwNI4& zS6ku}%xnXf_@phvmm~L#oh+YHau>B>y3ne$CIv zc6i6=#aLN;m*Y|}MYDcF(LdxwWwj_0EdOu&eek27QVb7i1VicmvG~z7mi|cWOsu%z zmlOZ4k3Er)diw?dq6JN}Ba`jhJ=pn13j`rT8|z&pQIg zE947-;v*e7TnCCD0r)=l{^x52xl$yv&CyRG9g!B0G?MR`uS}uH!=SM0Whf0H*c`Mh zu6`+e8>52(MfQ^IG@iSLDE{ZsmFG}L|*i68&qu32bm z(yY4^|2=VBmKV9DB8xab-iGD&dXMGmW}erUhh}4Fgt?_?h2TqAv5Z}PwPGZs{it6y z(+zyQPT>(KKGIk-CQqmUWq3Zr}>W3BXCLWD~4+9^zg6!iC39pP`}K0 zl}h|j7uNW&WJ!F?z5VR;@==4#L?YqnMvz~r;J2s z{)nM`3-#y6pQ+8H<7D}qNE&RdRxC}ARNRmbBf6&5(TP)%4ovrtPk`Y2b5eqI1t70f zC6u9XY%MAV<1d7~SomZHo_c)pRo1jk){Y z&p{AV=e{zZ9^B}K5+^gghTwme#P@@lbf!%w`1G0f`=zJ!7Fa7a-(gmY?`ZC#~fuWaZ)|9lO&`A~Gy{XX|DE&I&9wW$`|in%G$E@{@OT zT@OO9a@C)%)6ogdC%g-*SF;Qh*_TvglK7#S>!s@|VJ01>NM^5BcIA%yDPpnsb9yR* zN``=2(%JG;ilK4kHj|~Dssw($%6@AVNCz?&C;4!DDFbTvWwM|B-iOU@5>^ok>18A^q}R)3+jgQcori%ZX04AgQ6@& zYs>u^4Xq>cdA40GZ3p+);Hs;Pj-R2(E1+25svpfTP`jF?QWo0@Yoh|%60UW2b$WZJ z0f+3j{FI7xDywFp?(F0-gv`RyA)TK7H$gDnAR>K|OXX#5B^64yqoMZW<9%|{akVjv zqf(KRPWU{4^s7f`i0=T6Cb^8C84nHv_|9v)%UI)Py2>9cKTRFwWet(M7{*vF^P+t65hY09q5AL$^Oj;5vYt76aA zzk&!X|5v=EA~R-{ooFqb4(YHS%;QOAba>m=g;;g|zYJqbMLNCPjs)lqPC8DTuQYxy zZqkv%%>W4*p(MQ^m3Z&hxP6NImdR?eYflZJTn(v3BcF7N z{_#}~O+#JXplwrTTjV=5(YDBV%F!Fy>3$UDDKylciU%L`;qk{u@y^qnBHRp6f}T9v$oYsCMOHMZDa#YsyE66?o7vG zAPPE)70W73VJpm6iG8SFHaF=I-8`M!y=>XFbNY~zJzpmdjw=5^!}%;LN4(s&^(=Ty z_DGbzg@)RAj{2UylR=0vkUpjRK=39&Z1RK=f{F?lEUhzHN8Tpq2oyW%B#&=HXcHi; zGo*$g*o=U`A!C%}2s6YxE93ThLlRqrK)`r?$V6yw-xd(zLi_YL^rxt={iG|;@7}(P z#?tTHX^FW*6$uUJvk)Bd(ze}$quxxOlyG!-F)po3owU&WgwCWVyKeRLrM5JG@#)zH z>+aj{r%)1}=Rvoleq5n^*FzK|x`#e}0`;|;n+GpNg+TF=j-L5ap;tj5_SY0G>t@2S zn-EA%+0E(Jt|K8RJ2MW7C3*;&FU@WYMYTovU^oJ~MWA>;j*jps2+_QSnPVg&Oo42S z=fZ4YVzIA})r)6E$n;uc##N47J?07-kKpGPcY>V=_>Xd1o!83)0_?PQ^!^cyj2?wc zKb`)oW*&ybMaB^*UeYnUCr~^90_Gz%$FP7RU5FToUu6Vg30hYFD(gk=>N*Ca^dITV zp-(_+=EwT=;##y*#Xc_5OSFM z?{?nXdDt{XCo;5UI%+EZ4Uo9vnGG@-=_D%2lLaEvC)wTCh1s(Y!yB*Ni51J@4!}hR zLg@^sSV`w^fSPyQTD;^?j3(Od0I2fL#NeoIZTnkD{?oHsf?Ff+fQV-;GE^f)+KJ(V z-#|shDS+o;3jyWodZ%~Z+s{(d#AEIxdqL{yy8(n~dD@*`nX&?>h#MzHHB3f2b|FJv zSn9D@f%o<^pFI0uV3fAwjh$B`7#ufm4$Yu3bHMC3?v(oq`-?*^23D1!kq9djp)_XZ*P6W>t!Lva5~#^-6EVh>KFD=U}f}?I48dfSCO3NT(xwCJ13k_tG!s zFs12B&|38Lzh%-}0d_&SGL>Jh?c9=%K7TbRSd%rhNh*ALx3+_l&%x{6g8`h3)=$M_ z0+lPSIi6SUNk@*b5SQ^l-N^^c%;1eqg6T|-DQu~zKZm{yfCc_$M3x=tBoCtQJUXUZ zy5th8_qTIPV~tEtIqCLOZuQe8opPIhiOeVWq{Aj|e?4Ie(fErL!E;b>gyk=~d*Ils zO<-J+%M`q?0fgyRvL&6T#{-4CABkR*lJ_9kWDJ{`u9UlfPBD1UnqMlLBm5TTFlkfj zmcBIcuWss?MfCQsg(zM*5x|S3wHXrjTw7nAI{`*nC?BiJ9Hy>4=-B4lx z9XbLHb?lFcv9Q2vo_SFmc#EBIscPvQi-u5ND;d(`uvTuK%$eRS(K|n}x88@Rq1y8n zh6Vvep=z{)ib^0lG!GXqwTY|kZpu@=R-Q;F{4y~9j2lPTnzU{anU0+}9UV)}lj8~AJzI`An!D~go`t|g6sDB8wV()~ix9RCS354i+xb5RP;I-9peLC0bjv0}y{xr3?E?=7k-p|D~v3n^cZ-B=hI#X_E(2uGeAGD$-*0|_c<%<*}5b00|YZ5 zfKcQqP`o$o@#qb*eKNNroyw|xs5{&FMbK%`PSN>TdrQa+6X~?yJ_Co$c-_!dvfyEC zeH&`ydyJh@l$lXu+GKU@Mj((1#G{<>i_R*e@l(@7w$Ui~-vd^e>%z3zyedy--*`9PL zLGQNI>1sCje-RWn*b>XHkx|MY9 zdYD>H4T*hO)6%30397YpI_a=FDslAx9rd-w7e;eZJyzFzMbi5C%UCk!<0poiPI?>G zC|Qts^A*yKMKY6TM`D||yd8?~t7tfXm0|fdZ(9RO<4OLKwNGcwr&!(mkq!egS%^>L z%aaEAh-WT*QRYLH>M7m0Jc+T0&7_k}Ky*303n23|+6$CkgJ2eJ7`E|m=swifCcj>p z1EcE$≪~0mC8>4pqht?DRS>3{|4dl)v0eI=;$(=PE=)ob%V{B&o9%{j$Qhibe73(Q`;r4Gs|@IG34rcrT5+2-w#1ps=n;#Cy>pi ztIG>dc`Qi<&7=ctS6{E}%I)|46^arMyGkk0P-~x8KG&qfu2PHl-viIY90@9iJO=#| zKk1~iyVbgxf0S;!k|Vzuv)i#ILsR{jgyTVD&lp5SW2eC*p6M#AL`*pqqA;#_q?ZC@ zgF#lHNz6Ddjvmj)?K~6f4IJx3TSAK7bYvt;C+wuKEEMV3U7->`Ja@!qyk4auou0k{ z5W;M*;w9fFo!cLn0VQfwmg`D!vr?OrPCC20K%~RE>0D>biutb zk+UKA*m2!zvl6fR9T0pT6pKLd0T4WHkdv)aSMGWrK%Yn(RZ72#U^B~;m42~%u647q z3q?9k{p6Z-HsAMG&;p-ytaIFn`ej;-Bs1x_IfbUb3(C4h{!cnOe5tN0F&t~_)vb_E zz!Q5ON|Gmarnga|m#JY(ryX031J4>0=N&q`(vaaGlckiq?gZ#((`>pIlHcghla2tp z5Bq<2RbX8TlYJ*LVEwxz1f#OqY^P&UG@G(en19dqdewXH3P9{}b<)X&BDs6((-4IB zB<;_7(n)QPl+LHwYOK`ki|x4R5t1RVa`Z(O2OjzCS{wpEiCd=M)A_P0#h|`m~`FA?1-flx)i|=A@(8^VI?T8Gx%wV^k~Eg zOFNvZu-HECQURN#w71WI;M0_eI)S9~qNONH(Att+*i`lmJyJb9@jArDVkQb^%Fj&t z&BgA+?6rI_nmnc?z4lsS$t}fX4h}6wQ(gQ7*>g`Vi058IcXVhW>g!&?Pky1`;9Djg z9Q_d}{R0}#zkZ^PCHHv+!A0jL-;2qV*Rhe~fzct%nE#^cizrs9ga7~wgGod|R3&o` ztEtAyB||V<^BU)xS~rr6c+|1SZbrieU%(F^u+Lql6YCxKD+U5j?4Q!-(NOzN^`DYm zZ`p4wUGhtB{v3p`XbSOS=f9<1q1psA4va#f-+(ZlK%iUJ)`*>a6y+@Rb~4|yDO22i zxcP&FK#s82p_9|=f^34+bP43h-2gtFvhBd`YP7Xkjn+~%Y7d_bfjp_601|C|`*wb}ewAtcocp*vZYT9o<5WeN)*x3C&aIruCY|_fNS{C+P-z5?JoPR-Td&23#Z;+0AQ0Y)BFS&N>|ctnAftt}t@?&sY)QAe9bH*$7kV_E)0o@-axph9 zBXa~k*5<+DfniWwiXM5BD?xgjO&uOwcBO)7RI!|3%z`dzSqLBbCwfCZOCNUEE>{C7 z%}T{ZI*Ay{@*I$9UMRz@5XG-JUZb4xe-e`a)Rfia2#d}94iM}?z;AWJcbMrHQQ|MAxIVKa7rzheM3Lob(ygvM6*2QnS55R_A)Eo~8)-E&@$ow=~_p-GgVIWd?$7 z%F~ei?{`y?*O^2F>H`}gkVYs}fX}l4N6gw|Ybo5=av2msMz36vJ5JU{WivkDm|$(b#t& z3SV(`TG3q?6#85AhCVVregZ~9ZV974Fa)pfaBRHU7-Nd*kha^1k zJO+e5mrysolTw*1O?i?ITO2ujBS6-;S|@_%5%6n%H;E;a&=&k^wuDfkrZ#Bj$>xQ{b)mJ#K4H{=K--4e29dC!V|Swhx2h zZqy}RtNclaEl)oDxy;Kxu-k{WHfvm)lHMLuVDOEB9iT);j~sUjHWLU_J|8uYMJq_Y zzS@h}0&MEoGX+q~YKl{XbQnZ#t%);%lk0IZL9IC2)VC~wAUuF>Sqt{1S{Z{mW}c`1 ze=t~q{q&%tqL{fwL}Sc4dCE9$X1ah=hjdtky--)~Pa-T=*Cm%|d9HaWO$33!->LO675J&#GugH+4uyj{F<|%N(ltS8Zym#DV#*0OXLgR%e7R#F}PneBiW% z@XAGnK!X$oQBO1?R!N5=iWec^F?7q;%(O){@X{R2R3aTMZY>c{K;W{!8J0`#Vvz#7 zQaX(0BD+Ir?ve5zwH|7e(ikZA;H7zs@Js#@nXiSP8l)pfSjv$PvVBKFPUxwsgm=6%S%rZcLDU(^u` zItaurL{Iqs(w<21kG_0K=hm*%A<|#-Q%>=3!lD>qWAHMF;yP@+rF_4Mq5zs%Tb66l zojfV7M9_b0xlWVMD~AZA<0+oQZl{{4@+2KOaua|n`6*|rZRafK%Sk6o0Nph&KhjBz z_9qDEpk+0)MCOGf;EX_{M7gbwGfdgmC?C?fW&M13Vu``6xkF~QyJM=gUlG^@5q0Pe zr8Xd)YPjThzU4zY9gz(nSe1a!uORuC@*thix>G@w{~O1N zSsZJdCeS2uW3N2!o^lkeri2-(!Mb$^%W-*Cz^2EYJh?dkwESkZtkWK-ikD@oEg)ikL=LnQO>9lR} zVeY;m12Pm6g8t5&qs0YI4FuQ~Yw=t!+S;st%%%ncd7WkHlg`@k+u$SrQcjPr7ikD}Bl%O%lUa>@VhTLc{rwd*Bq|*_(oVz*XbWd<$3;~u>CKek7OZ@Bec(Bn$ z_D+tRD+EfPbX-l7SK^@fA*ExxO3e=2CaFMBnWWQ;ah_vz!4}Y0-SUT3ODbJ zBft^hq{H_BM}Q+xPy{&X6cldW8ApI4z)6Si0geDipr8nF(kUq1yfcmfM}U(K-vb;0 zjzB>X;G|PfxOrzB0geDC9li%R0vv&YBEU(fpm6ifI0762PC9%Ka0EC41x0|9PC?=3 zopA&>0-SXC9^eRY1PY1(C!K=A%{$`=a0LDzqX!9p3!_=v00000NkvXXu0mjfoCkSP literal 0 HcmV?d00001 diff --git a/monitoring/glance/assets/user.css b/monitoring/glance/assets/user.css new file mode 100644 index 0000000..e69de29 diff --git a/monitoring/glance/config/glance.yml b/monitoring/glance/config/glance.yml new file mode 100644 index 0000000..aca518b --- /dev/null +++ b/monitoring/glance/config/glance.yml @@ -0,0 +1,16 @@ +server: + assets-path: /app/assets + +theme: + theme: + background-color: 240 21 15 + contrast-multiplier: 1.2 + primary-color: 217 92 83 + positive-color: 115 54 76 + negative-color: 347 70 65 + custom-css-file: /assets/user.css + +pages: + # It's not necessary to create a new file for each page and include it, you can simply + # put its contents here, though multiple pages are easier to manage when separated + - $include: home.yml diff --git a/monitoring/glance/config/home.yml b/monitoring/glance/config/home.yml new file mode 100644 index 0000000..4e3f801 --- /dev/null +++ b/monitoring/glance/config/home.yml @@ -0,0 +1,170 @@ +- name: Home + # Optionally, if you only have a single page you can hide the desktop navigation for a cleaner look + # hide-desktop-navigation: true + columns: + - size: small + widgets: + - type: calendar + first-day-of-week: monday + + - type: to-do + + - type: server-stats + servers: + - type: local + name: Services + hide-mountpoints-by-default: true + mountpoints: + "/": + hide: false + #- type: remote + # name: arr-stack + + + - size: full + widgets: + + - type: monitor + title: arr-stack + cache: 1m + sites: + - title: Jellyfin + url: http://192.168.1.201:8096/ + icon: di:jellyfin.svg + - title: Prowlarr + url: http://192.168.1.201:9696/ + icon: di:prowlarr.svg + #- title: Jackett + # url: http://192.168.1.201:9117/api/v2.0/ + # icon: di:jackett.svg + - title: Sonarr + url: http://192.168.1.201:8989/ + icon: di:sonarr.svg + - title: Radarr + url: http://192.168.1.201:7878/ + icon: di:radarr.svg + - title: Bazarr + url: http://192.168.1.201:6767/ + icon: di:bazarr.svg + - title: Stash + url: http://192.168.1.201:9999/ + icon: di:stash.svg + - title: Jellyseerr + url: http://192.168.1.201:5055/ + icon: di:jellyseerr.svg + - title: Kavita + url: http://192.168.1.201:5000/ + icon: di:kavita.svg + - title: Slskd + url: http://192.168.1.201:5030/ + icon: di:slskd.svg + + - type: monitor + title: Services - LAN + cache: 1m + sites: + - title: OpenMediaVault + url: http://192.168.1.67 + icon: di:openmediavault.svg + - title: Komodo + url: http://192.168.1.202:9120/ + icon: di:komodo.svg + - title: Gitea + url: http://192.168.1.202:3005/ + icon: di:gitea.svg + - title: Scrutiny + url: http://192.168.1.202:8081/ + icon: di:gitea.svg + + - type: monitor + title: Services - Internet + cache: 1m + sites: + - title: Vaultwarden + url: https://vaultwarden.ccalifice.com/#/login + icon: di:vaultwarden.svg + - title: Immich + url: https://immich.ccalifice.com + icon: di:immich.svg + - title: Ntfy + url: https://ntfy.ccalifice.com + icon: di:ntfy.svg + - title: n8 + url: https://n8n.ccalifice.com + icon: di:n8n.svg + - title: paperless + url: https://paperless.ccalifice.com + icon: di:paperless.svg + - title: Guacamole + url: https://remote.ccalifice.com/guacamole/#/ + icon: di:guacamole.svg + + - type: monitor + title: Utils + cache: 1m + sites: + - title: Cyberchef + url: http://192.168.1.202:8383 + icon: di:cyberchef.svg + - title: Stirling PDF + url: http://192.168.1.202:8585 + icon: di:stirling-pdf.svg + - title: Gitea + url: http://192.168.1.202:3005/ + icon: di:gitea.svg + - title: Scrutiny + url: http://192.168.1.202:8081/ + icon: di:gitea.svg + + - type: monitor + title: Sereia GuardiĆ£ + cache: 1m + sites: + - title: Pro + url: https://pro.sereiaguardia.com + icon: /assets/sereiaguardia.webp + - title: Files + url: https://files.sereiaguardia.com:8088 + icon: di:filebrowser.svg + - title: n8n + url: https://n8n.sereiaguardia.com + icon: di:n8n.svg + - title: Mautic + url: https://mautic.sereiaguardia.com/s/login + icon: di:mautic.svg + - title: Pangolin + url: https://pangolin.sereiaguardia.com + icon: di:pangolin.svg + + - size: small + widgets: + - type: weather + location: Porto Alegre, Brazil + units: metric # alternatively "imperial" + hour-format: 24h # alternatively "24h" + # Optionally hide the location from being displayed in the widget + # hide-location: true + + - type: markets + markets: + - symbol: SPY + name: S&P 500 + - symbol: BTC-USD + name: Bitcoin + - symbol: NVDA + name: NVIDIA + - symbol: AAPL + name: Apple + - symbol: MSFT + name: Microsoft + + - type: releases + cache: 1d + # Without authentication the Github API allows for up to 60 requests per hour. You can create a + # read-only token from your Github account settings and use it here to increase the limit. + token: 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 + repositories: + - glanceapp/glance + - go-gitea/gitea + - immich-app/immich + - syncthing/syncthing diff --git a/n8n/docker-compose.yml b/n8n/docker-compose.yml index d9eca7f..4630420 100644 --- a/n8n/docker-compose.yml +++ b/n8n/docker-compose.yml @@ -30,7 +30,7 @@ services: restart: unless-stopped networks: - caddy-net - - n8n-net + - default db: image: postgres:12 @@ -42,13 +42,8 @@ services: - POSTGRES_PASSWORD=n8n - POSTGRES_DB=n8n restart: unless-stopped - networks: - - n8n-net networks: caddy-net: external: true - name: caddy-net - n8n-net: - name: n8n-net - driver: bridge + name: caddy-net \ No newline at end of file diff --git a/paperless/docker-compose.yml b/paperless/docker-compose.yml index 9c3ac3e..d65db18 100644 --- a/paperless/docker-compose.yml +++ b/paperless/docker-compose.yml @@ -5,8 +5,6 @@ services: restart: unless-stopped volumes: - ./redisdata:/data - networks: - - paperless-net db: image: docker.io/library/postgres:15 @@ -17,8 +15,6 @@ services: POSTGRES_DB: paperless POSTGRES_USER: paperless POSTGRES_PASSWORD: paperless - networks: - - paperless-net container_name: paperless-db webserver: @@ -56,14 +52,12 @@ services: USERMAP_UID: 1000 USERMAP_GID: 1002 networks: - - paperless-net + - default - caddy-net gotenberg: image: docker.io/gotenberg/gotenberg:8.3.0 restart: unless-stopped - networks: - - paperless-net # The gotenberg chromium route is used to convert .eml files. We do not # want to allow external content like tracking pixels or even javascript. command: @@ -75,8 +69,6 @@ services: tika: image: ghcr.io/paperless-ngx/tika:latest restart: unless-stopped - networks: - - paperless-net container_name: tika networks: diff --git a/vaultwarden/.env b/vaultwarden/.env index 5df3611..5f482dd 100644 --- a/vaultwarden/.env +++ b/vaultwarden/.env @@ -1,4 +1,4 @@ -DOMAIN=http://vaultwarden.ccalifice.com/ +DOMAIN=https://vaultwarden.ccalifice.com/ ADMIN_TOKEN=yuioqzkjiouqeiu3948sdnasdnmk239!!!asdakj&& WEB_VAULT_ENABLED=true WEBSOCKET_ENABLED=true diff --git a/vaultwarden/docker-compose.yml b/vaultwarden/docker-compose.yml index 65790ea..a229813 100755 --- a/vaultwarden/docker-compose.yml +++ b/vaultwarden/docker-compose.yml @@ -9,3 +9,11 @@ services: - 8080:80 env_file: - .env + networks: + - caddy-net + + +networks: + caddy-net: + name: caddy-net + external: true \ No newline at end of file