changed mode on script

.gitignore

@@ -1 +1,5 @@
 *.pyc
+.terraform.lock.hcl
+.terraform/
+terraform.tfstate
+terraform.tfstate.backup

README.md

@@ -0,0 +1,111 @@
+# on new install:
+
+* `tofu apply` to create machines
+* change hostname to be fqdn with hostnamectl, changing with a running cluster will break the cluster
+* register dns with `knotctl add -z rut.sunet.se -n internal-sto4-test-k8sm-1.rut.sunet.se. -d 2001:6b0:6c::449 -r AAAA`
+* ./prepare-iaas-debian ${each host}
+* ./add-host -b {each host}
+* ./edit-secrets ${each controller host}
+
+```
+---
++microk8s_secrets:
++  kube-system:
++    cloud-config:
++        - key: cloud.conf
++          value: >
++            ENC[PKCS7,MIID7gYJKoZIhvcNAQcDoIID3zCCA9sCAQAxggKSMIICjgIBAD
++            B2MF4xCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRV
++            lBTUwxLzAtBgNVBAMMJmludGVybmFsLXN0bzQtdGVzdC1rOHNtLTIucnV0Ln
+```
+* Add to cosmos-rules:
+
+
+```
+
+'^internal-sto4-test-k8sc-[0-9].rut.sunet.se$':
+  rut::infra_ca_rp:
+  sunet::microk8s::node: 
+    channel: 1.31/stable
+  sunet::frontend::register_sites:
+    sites:
+      kubetest.rut.sunet.se:
+        frontends:
+        - se-fre-lb-1.sunet.se
+        - se-tug-lb-1.sunet.se
+        port: '30443'
+'^internal-sto4-test-k8sw-[0-9].rut.sunet.se$':
+  rut::infra_ca_rp:
+  sunet::microk8s::node: 
+    channel: 1.31/stable
+'^internal-sto4-test-k8spg-[0-9].rut.sunet.se$':
+  rut::infra_ca_rp:
+  sunet::microk8s::node: 
+    channel: 1.31/stable
+```
+
+* add nodes by adding a provisioning key on the first management node with `microk8s add-node` 
+* Add all other _Controller_ nodes with `microk8s join 89.46.21.119:25000/12345678987654345678976543/1234565`
+* Add all other _Worker_ nodes with `microk8s join 89.46.21.119:25000/12345678987654345678976543/1234565 --worker`
+* Taint controller nodes so they wont get workload:` microk8s.kubectl taint nodes --selector=node.kubernetes.io/microk8s-controlplane=microk8s-controlplane cp-node=true:NoExecute`
+* Taint Postgres  nodes so they wont get workload:` microk8s.kubectl taint nodes --selector=sunet.se/role=cnpg pg-node=true:NoExecute`
+* `kubectl get nodes` should show something like:
+
+```
+NAME                                     STATUS     ROLES    AGE   VERSION
+internal-sto4-test-k8sc-2.rut.sunet.se   NotReady   <none>   16d   v1.28.7
+internal-sto4-test-k8sw-5.rut.sunet.se   Ready      <none>   15m   v1.28.7
+internal-sto4-test-k8sw-1.rut.sunet.se   Ready      <none>   15m   v1.28.7
+internal-sto4-test-k8sw-2.rut.sunet.se   Ready      <none>   14m   v1.28.7
+internal-sto4-test-k8sc-3.rut.sunet.se   Ready      <none>   16d   v1.28.7
+internal-sto4-test-k8sw-3.rut.sunet.se   Ready      <none>   18m   v1.28.7
+internal-sto4-test-k8sw-4.rut.sunet.se   Ready      <none>   16m   v1.28.7
+internal-sto4-test-k8sw-0.rut.sunet.se   Ready      <none>   21m   v1.28.7
+internal-sto4-test-k8sc-1.rut.sunet.se   Ready      <none>   16d   v1.28.7
+```
+* Enable needed addons for rut: `microk8s enable ingress` `microk8s enable cert-manager` `microk8s enable community` `microk8s enable cloudnative-pg` `microk8s enable metrics-server`
+* `kubectl create namespace sunet-cnpg`
+* `kubectl label node internal-sto4-test-k8spg-0.rut.sunet.se sunet.se/role=cnpg`
+* `kubectl label node internal-sto4-test-k8spg-1.rut.sunet.se sunet.se/role=cnpg`
+* `kubectl label node internal-sto4-test-k8spg-2.rut.sunet.se sunet.se/role=cnpg`
+* Setup storage class: `rsync -a k8s internal-sto4-test-k8sc-0.rut.sunet.se: && ssh internal-sto4-test-k8sc-0.rut.sunet.se kubectl apply -f k8s`
+* **Profit**
+
+
+# Setting up auth (satosa) and monitoring with thruk+naemon+loki+influxdb
+* Get shib-sp metadata with `curl https://monitor-test.rut.sunet.se/Shibboleth.sso/Metadata > internal-sto4-test-satosa-1.rut.sunet.se/overlay/etc/satosa/metadata/monitor.xml`
+* Get satosa metadata with `curl https://idp-proxy-test.rut.sunet.se/Saml2IDP/proxy.xml > internal-sto4-test-monitor-1.rut.sunet.se/overlay/opt/naemon_monitor/satosa.xml`
+* Publish backend metadata to swamid. `ssh internal-sto4-test-satosa-1.rut.sunet.se cat /etc/satosa/metadata/backend.xml |xmllint --format - > rut.xml`
+
+
+## Day 2 operations:
+### Rolling upgrade:
+
+Drain one controller at the time with:
+
+    kubectl drain internal-sto4-test-k8sc-0.rut.sunet.se  --ignore-daemonset
+After the first node is drained and upgraded, restart the calico controller with:
+
+    kubectl rollout restart deployment calico-kube-controllers -n kube-system 
+After that restart the calico-node running on that host by deleting it. It should be automatically recreated by the controller. 
+
+    kubectl delete pod calico-node-???? -n kube-system
+Continue with the workers (Including PG nodes):
+
+    kubectl drain internal-sto4-test-k8sw-0.rut.sunet.se --force --ignore-daemonsets --delete-emptydir-data --disable-eviction
+    kubectl delete pod calico-node-???? -n kube-system ```
+
+### Calico problems
+Calico can get in a bad state. Look for problems like `Candidate IP leak handle` and `too old resource version` in calico-kube-controllers pod. If theese are found calico can be restarted with:
+
+    kubectl rollout restart deployment calico-kube-controllers -n kube-system
+    kubectl rollout restart daemonset calico-node -n kube-system
+
+This will disrupt the whole cluster for a few seconds.
+
+
+### Backup
+Install Velero backup from https://github.com/vmware-tanzu/velero/releases
+
+    velero install --provider aws --plugins velero/velero-plugin-for-aws:v1.2.1 --bucket velero --secret-file ./credentials-velero --use-volume-snapshots=false --backup-location-config region=sto3,s3ForcePathStyle="true",s3Url=https://s3.sto3.safedc.net
+    velero backup create rut-backup --selector 'backup notin (ignore)'

ansible/ansible.cfg

@@ -0,0 +1,2 @@
+[defaults]
+inventory_plugins=./plugins/inventory

ansible/cosmos_inventory.yaml

@@ -0,0 +1 @@
+plugin: cosmos_inventory

ansible/playbooks/cosmos_lock.yaml

@@ -0,0 +1,12 @@
+---
+- name: Create a file to pause Cosmos
+  hosts: all
+  become: yes
+  tasks:
+    - name: Ensure the file /etc/no-automatic-cosmos exists with specific content
+      ansible.builtin.copy:
+        dest: /etc/no-automatic-cosmos
+        content: "Cosmos paused by Ansible\n"
+        owner: root
+        group: root
+        mode: '0644'

ansible/playbooks/cosmos_unlock.yaml

@@ -0,0 +1,9 @@
+---
+- name: Remove the file to resume Cosmos
+  hosts: all
+  become: yes
+  tasks:
+    - name: Remove the file /etc/no-automatic-cosmos if it exists
+      ansible.builtin.file:
+        path: /etc/no-automatic-cosmos
+        state: absent

ansible/playbooks/cosmos_unlock_run.yaml

@@ -0,0 +1,13 @@
+---
+- name: Remove the no_automatic_cosmos and run cosmos.s
+  hosts: all
+  become: yes
+  serial: 1
+  tasks:
+    - name: Remove the file /etc/no-automatic-cosmos if it exists
+      ansible.builtin.file:
+        path: /etc/no-automatic-cosmos
+        state: absent
+
+    - name: Run cosmos
+      ansible.builtin.command: scriptherder --mode wrap --syslog --name cosmos -- /usr/local/bin/run-cosmos --random-sleep -v

ansible/plugins/inventory/cosmos_inventory.py

@@ -0,0 +1,68 @@
+from __future__ import (absolute_import, division, print_function)
+from ansible import constants as C
+from ansible.plugins.inventory import BaseInventoryPlugin
+from ansible.errors import AnsibleError, AnsibleParserError
+import os
+import yaml
+
+__metaclass__ = type
+
+DOCUMENTATION = r'''
+    name: cosmos_inventory
+    plugin_type: inventory
+    short_description: Returns Ansible inventory from CSV
+    description: Returns Ansible inventory from CSV
+    options:
+      plugin:
+          description: Name of the plugin
+          required: true
+          choices: ['cosmos_inventory']
+'''
+
+class InventoryModule(BaseInventoryPlugin):
+
+    NAME = 'cosmos_inventory'  # used internally by Ansible, it should match the file name but not required
+
+    def verify_file(self, path):
+      '''Return true/false if this is possibly a valid file for this plugin to consume
+
+      '''
+      valid = False
+      if super(InventoryModule, self).verify_file(path):
+          #base class verifies that file exists 
+          #and is readable by current user
+          if path.endswith(('cosmos_inventory.yaml',
+                            'cosmos_inventory.yml')):
+              valid = True
+      return valid
+    
+    def parse(self, inventory, loader, path, cache):
+      '''Return dynamic inventory from source '''
+      super(InventoryModule, self).parse(inventory, loader, path, cache)
+      # Read the inventory YAML file
+      self._read_config_data(path)
+      try:
+          # Store the options from the YAML file
+          self.plugin = self.get_option('plugin')
+      except Exception as e:
+          raise AnsibleParserError(
+              'All correct options required: {}'.format(e))
+      # Call our internal helper to populate the dynamic inventory
+      self._populate()
+
+    def _populate(self):
+      '''Return the hosts and groups'''
+      cosmos_rules = None
+      base_path = os.path.join(os.path.dirname(C.CONFIG_FILE),'..')
+      with open(f'{base_path}/cosmos-rules.yaml', 'r') as file:
+        cosmos_rules = yaml.safe_load(file)
+      for entry in os.listdir(base_path):
+        full_path = os.path.join(base_path, entry)
+        if not os.path.isdir(full_path):
+          continue
+        if entry == 'default':
+          continue
+        if '.' not in entry:
+          continue
+        if 'README' in os.listdir(full_path):
+          self.inventory.add_host(entry)

global/overlay/etc/cosmos/keys/berra-1FB22FB44926583BC740012249A4251C96E0A9D4.pub

@@ -0,0 +1,350 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Comment: GPGTools - https://gpgtools.org
+
+mQINBFpk+4kBEADeRoAvo+sbj6GFc7NOY0P1QasAiSTqYztHsfUk/dht8izxcd3G
+ba3QBX4CZlKZkpk8cYbmztOO2EroJWjKg6SDQUfCh+QE/Hx+f2xfVax3118cEbRo
+ClnfA1CD9+vMEvFRB39UrGckxHp0wxcUtSQXwxTSVhw1HxRVLPDj5xJ/W5H7GwEA
+Rmrj4S0OIRU9gJUlqLW8k18c8Di1asr0y99Fuek5Mw/oRZhkx8+41dRB0lG2BNOZ
+ncyDi9wSLi8sC4udCZuv0pVtTHR/onGrEYi71PpY7XYAL0YZnp6RB8ObdchMNZVH
+1WKED/aK2MVJoAMXmpA7SVRaGw+dUvJBwtnKqSUT1lNgX6dTyKdxPKdvzmcb1htM
+byx1mc1ruQy+sLQ+ZtWgRENvrPpYZ2vcQ3vSZ9YOXt5m75JzbfGNHyCAWhziwhVX
+u+UqPPKU8k8GVato3tB6PcAugG5OCqGE9EmJG7a+VFThDjJeWAGBolWydBeIqk7B
+NeM3zA/K0PwY/YlLc01bmiquCS5Z5MQwPHRGMKmuEtfJmSBOjv7CGnNFm4kkfRzr
+5TR6J9oWlFZXs0cJcJWxrwutYszBbNUgRebij5U6ju7QnJYH5zqctIYafpqotcoR
+I5VaZmeYhGBaZdf6ZW/bcDSQJYoi9wsfKU2Mcgb5GY3Aey6z9EYxNoqstQARAQAB
+tCBFcmlrIEJlcmdzdHJvbSA8YmVycmFAbm9yZHUubmV0PokCVwQTAQoAQQIbAwUL
+CQgHAwUVCgkICwUWAgMBAAIeAQIXgAIZARYhBB+yL7RJJlg7x0ABIkmkJRyW4KnU
+BQJbBAtPBQkTaxLGAAoJEEmkJRyW4KnUBrIP/0AlLjA+Q2N9c7JYOzAfAECFwkEw
+zeQHAOX4P3HM6ZvQlmBOdI3DqpmRC0OBee0jYJhGwzIpYvang5wwDGvj3bELfpRs
+C7152f/aKfktMJILHts4Z8uIgIlYFy6SIqL/JjffBuYWesh/06/8kMe+QUJe6IL/
+8lPZJ1ev1NqvSt9Np2M9GFiHrcxcarfdnPUZib+XZBkU+SGJ1LUeiUZFWdUImxci
+sh4Gcd+yw/P05oZrp5YzNs1lj+8hbl+BPJo4zG76tCaLnRBQ7A0cKUj2EHSwgHV4
+Ff8UMw/Rv44B4W5R05fmXiC0kY00e9cFzOml1QKJ9Ke1lBI7Kn0wRFIyIoZ9DdcT
+JAVCLmZkhLz6aLBloQPqu4vjmi07C5Fl93GGRHGUIfS0PSmQ2OGzr5aZAh7NJrHh
+SnxkocL55rtjycKyazBY+DdB2a5RZ8JD+UQLlznLlKuUFLdCx9ktbTo015Dp4P8R
+m4UrDadKR0O452cgxJTlH2MNKatYm43j/N9q4S6KZB9Vfpu5SpwTQNwxkS0xl+W6
+HqgekA6u82+OMmTqf6ULiDTbtj9kRpz349YQ/GKheEZZKCeFmDtxQ1zTENRuC5tq
+wDYe8orM5+6wmsnSkSlVMHp48NNnIeVnxDs2HGa1+Pq1RnSoHdFrVeQT9+uu1QPA
+LkKCskTxB0ngy34kiQIzBBABCgAdFiEENU1PghGRV/Ch1uInE6D159p8CZsFAlpq
++7sACgkQE6D159p8CZsTqRAA08a08z9Bu3kOqIU3+m8BLRCMX0Hyd6p0HbzcA0Aw
+OgsMLLTQolMJdwb21kJleJRa/Q30J33YZoS1J0qfTY1xuLjaRMvJEXX5ujnWS7s8
+X0VMx1SWG1Kj7/WFSuS1iNzTQjitaQrmixMFxwdflXK1CExWdeeA10MJD1mibaXh
+yhysOf2fnTvvkBy+FHOTOkAs0d8NRnitWOyRkoYwFnrTFTYUy/HCfGm7EOm3C4Fl
+pbeJUC9XSmqpdlTTtRqxMmDscx3Ou8lTs4m1bmu9jsAjssw79WokaBM845jtjcXQ
+4vhvqaUuTnJ/dV/KCdnABlnzWdDqmfIks5kacCmZ+5oRMR3OqV2arM/f0R3Bb4VW
+J1SvZJYENRlg4wPLWw1iXlR6kf0eXGpQ3qF5dnKjOU8QSmnJHuVh642/++9k3+71
+xttRfzsA7yjQOVJCc6YrZ2OSTZ+hy5xGQ9gkODFrRRHmw4ozh4+OTv0dsZJunOEW
+Ih5M+lI6zdjMfOUX80L4BhVZAZdBqG/g4VrLEUWdDPoF/9VSJuo/HaZyxEom8Z2i
+9939mJ+gtKAPfS9RxqHS7bGb44L2goFQQeRa2g4otx7HEaS3rtWoytjzlsQI5mHK
+uZXhYfCabjRHkMh/c/h3SGzSqgufMQ2fuqiR2JqgXW/j9krhLRzmlkg3GTuy/lp0
+eyyJAjMEEAEKAB0WIQR8IIKN3HGIvXMXDmHKWPvCG180XAUCWobCvAAKCRDKWPvC
+G180XM6MEADRshCqez3sQ48oeafWhxn+kYGIcm5W9LYCwCheom6AfW7yDJ+x+StI
+9Oi07aQVuqenqwjkp+lLsjTSnmb9bqeMP9d4zp9QDPK+C+NBsqy6T5FgAnOYg9yh
+KScNwTYlXpQGERBGJyTZesH4VibdeAmwn9OjqnntMVuDXPknS3gst+yRwJvKGDeF
+Ht6z0MfLk0/qMoutg0qDQsSz3zGNOaLQPn1d3IHeHwv9DsNF+2ZSqPWBIAzHmbbS
+0qZ1hUIt1KMCmteG07hRJkgw0FUC5STxwJVy2vwhUFhR4B6vsz6lTfRP2jMMH9Qy
+hJdNQD/DfloYOU+Z/i5laY3LTl5VUNUoOdicWi7zfnHrfGIRRb7oDINwbz6BntzO
+E92MAXWGBJ2/bSw2cCpiNJXjVHGWTGyF8GvvV9OsAztwgV1Nu46QEUVxJMz2e3Di
+2vyZA+qjRnV3AN/Nz8iF2acI+kKJllg2plYFn55MshbRFTpLJYVroJfLYCyDqsh4
+bOCetU08JkKdW1BMRD3IYNMxBI7e53qsyPYbLMXyO7jZYkLUZQHZ1qJ+K0IhbTrS
+By7zJj787d/Dmdd0qJgj8mLX45os0xXFHJJFunQZekUNUvo0NCF7MsOrg7cGdltV
+XKfRqzoc+4KOCtrj/eP4bO76ua3k6IWVZS7SXqTHvhmlk61HB7FX5YkCHAQQAQIA
+BgUCWtdrrAAKCRBqlHSqmtx07PB2D/9Byz6k41mtK+0CsYCVYuW1oDOHLS48Ne+V
+zbxtLrZWLysB6Fe9mZ6CA3cXsdJzF1j1q43/WwmNj3Eyia73swfAqIl3V29oCgCi
+oW+y8omgGlSJdPCPXIH8hxdrKRfimpWhr18oonZTXMNudYOggQ5qsbjzND3GWVTU
+UbDWsQHK1+HwGhNHKorJML42mLDY1su/emAzaTnhZ4hDy65UXDdp1GbMyNb3ysx0
+Hym16isvre2oLpjcPoxEjbOPeW+VRTiGH8f5yH6WZDaTyG9v9+JycoyPC5DCvCTO
+Use9rLhsM/pl9QKbnRXRaiOFL4ssSSGjxM8UW6eMbG5beaDMuGyZC676dW/jm1Bh
+KiuGmR66GOv7xpDMI14JWFCSqlPTMxzw7A1lZG0BlrOrlFRzSuGdIfHNiJ1sQKy1
+413H3Y7/Gzrv9/tUeXOXfYFBHERald9bPxvOmpqNBdS0+KxpJnHC4ilhlIArAYgp
+HKHrWsPQdbIGcjA3qdd4CyhZjh9wQ5d8v4GCRzh/qRAWeTpGghGaRKe3QhNKrZ/v
+Jx4Tu4QN/a/bShWrIwrpt/bYvTG8bq1zjtA46Va2sVcHAQUdZXzRIHZxK8o3ywKA
+IDkwaZtlUAmlYYK7P9np0N9suaRRj2L+t4nmtC6BqP6+xy3paP/EXEaOe20VXK+H
+XcUNOsu+ookCHAQTAQIABgUCWtehHgAKCRCi1Dq/l8s0RcNUD/0eYHM6pfQ4gqNx
+0wpoPwjcQthU9AGr/nthGr5Pa1rDLor9BgfimKDUOfHSUaEJfaz/mEKSKjCNRAlf
+1PFFidwgcwPDLFc39CtjPBKQo9lj73X9YB9WBCPl3b/Knr3IZdas27fca/vseY78
+Vmj3ynBfGm2H+4tkDTfy84F6hLIJ2c5gitNPKJ+C1fuldSaHU4enab3tADqE9443
+PiVPbUJSmxHW+iYEqs2ALyvIgEmFVPqfgyMXLISOjQboam8aFm8vdo7T8NcdXoZI
+vhzwq79iEFBEU9GpblyJGktueVHrWXTsqAOq/voIs57joMwZ8yNTwVhlG34KxZR7
+49e1Ha7RAQbRfuhC5tlQfE4iRX2uEwPw9ZkRMy2VFID7DrAPfUW9SvOZXFlGeoCU
+x8yf+9b6A9XCShRvck17jvADQq9WmHoiJTJgyh55Q8WzqW/7zsSr0WwxjhSu3ADG
+TXy94ZTSkvjM7TxrZ4W5aKApBgp9NoYj4i/iKOf1rA1CaddqAbiJGncygmWXI5AD
+E5oeTV156T4dKItyymPDZtT5G5JdYO01Ho3fX1I5/u05FFTOhMeQidtnWghHKmif
+b+GkHrV8p8lKPc8TuvbjPG7Wj+xViLCTnRuOuEIp/mmRyHicRlgDfswQcTdBrjTg
+PGidlrlHeCEqzs6l7G+QtSCE01rLUokCMwQQAQgAHRYhBBl/zlwTROqiPn/AajJO
+JO09WgAcBQJa2CxTAAoJEDJOJO09WgAcCpoP/3YqRdWBoZR9JVechCjGUqbwOXeK
+/IPxtUclYKUnQoGQ7UvXt+b00i4Vq7N6UY22fcja1yKFlccqq5toOVmX4OVZasIX
+SAITSSwiuY0yy5SOmNrU7deCaGwpiEvZP5U3NP17/h4dS360MwNOOUFgMXIvpPmu
++uHkXEN+VysxkGPfU6IkTGS/mjzJwu2/kHD4/gjPUiKGfTN1OfoJDSZh0qqRu/Xd
+s22wUsKaJHKHCGmZqx9fZRDLlw1ulG+yYh4e7y27Gp7hDZfuKCMR0ANGRguT1Ahd
+nhzxOhEz5gnwU/z6r/G6OWA+vtZQuq7hW8hVI0/1kXRJBhB+GQ1oZRRnG2ysfVal
+LB+N1z6/W0A5r0Nr4yfLXH87fFg10jQ93EtOcsmTg2FRCs2OKWG0HjaGrDTUFjn8
+kF5uFqRgcuYKYyzx3fqY1I89l+Kjj4JF/o7gF9xNy497xlJfN7SDUNAGWZpw02V5
+yygondXpVGHMuP6dB3tRg3au3lJgJflEIh4DOadpkZHg5XLkj4zPAoFS7AWqRwEV
+jDCnxy0kEPL/A/1uNJMMuRo307gJMG9diACBCtRrRARXaAoFnQwkNnkwCdtLL+mV
+mEcd3Lsj3jDeJHjq2YimcMiXKLerIyrRj6rnWe7qG3fT+N/b59YW/OftKFIr7+m+
+oznpZP3S1sMPMrz9iQIzBBABCgAdFiEEQyrFVeaoSJN1vFzSKpaP2Q4JqQEFAlrY
+Pn0ACgkQKpaP2Q4JqQF0wg/+J0utkOBJV7pZueQt+8JUQMvud3x7nTraviyAMKyP
+yPi9mF+GYxpqBmLpXP/Gwy5Mm1AIom5Rml8ZelSax7j09wlj3Q6isVSWtFCRruAl
+nRs058Key3EIO+i9IkuBPs9QOZOT9djaGpX5B14OE+ErAqbhqs1SX9x2CHYK2+Gb
+3If5uF2+tVKt37g0Z7az0GClv0YZFw7Sc1s9hXrUsSl9sh2Qki1fVtqYQtDR5Pix
+vbE5zdfvG3eQjS2fxif2E1YJVxcrLmDzocSZV/lLaO/uWP0yqumK1u7i2y+7s6Ye
+dUGjgEf7Lib1o8IuE1TgwXksvZDNhX+MU37LnAHckZd6RJGH8doyDoGIme0/HLV9
+s77T/7tapkx5QSOnXPkrjP9/KSJS3XAohMZdAUsipHphT/ZNjRbhRA2VgfjTaeha
+JnX8z+CcvUZUTofO/H35izk4nn2Bs1z0jhs+hymb2Z4QoBnuGhNLycP34vG/3nUO
+Sp7QD7hXCJHCA3mpfxh0s9YX5kKP9KWCuBgNY2ZzU3GonFwELo99Enmv0NYrbWRq
+8GDIhaw3dTriPtZf8GexWsE49e+oArpxO/bvH/K+8asnqapgXD7jkKgfMMP+iHZx
+JpzDWNiJFpBmu4G9UDU9x1vtFL8gNckuRckhFrORuVyB1YyZQEjmkidKgxmdIXGx
+fMuJAjMEEwEIAB0WIQRZis+gxN9b9JAAC16ajKfVlQ/z2AUCWtmWswAKCRCajKfV
+lQ/z2HWYEACvBm+6+uBwF+TbNPyTNkzBLkt8fDio0npDXm9862ZA2hvSxG7CeDnh
+WjsEtrIUCH2gQz/0FX90hPKa+xU8P7LihC6wcRwJ+n51tsThrK5LopblUgb/E2yn
+YFW2OCxz/1VPfJQ3pYJuiCraUClzsOMZyRkPkR3I3iwpl+gD8L6ZXVKshuaCzFjZ
+/i8MCgBtnmxMTov+gVDdo4xPPVxv0wpde7N0mgRztSdwtCC6onVyp9es9Li/n0TW
++/zJgokGCxRSRHABLwm1f4715Kbmkuf0l38N8HF3SAmFBrE9azTAim1XmYfVvSHG
+EIOoQcQRS/6focvWRxe3RHjJMEvvTU8i/gqyhQPLEf6fQz4TMTSnGV+9ltxC/etg
+4zhFwFx74SLlW87WDi4KIfaeNnTSKZ54hQ8nDVbKBv+AelJuvGjVAbZUEcYEU+jx
+zmXC/wxynQgCIN1FtpLe+g1EmbIiK/nhBILmlegHMOKGhLvC+0XVQTHki4dRB1FD
+ca4aks7HM/G9PU7HH80r0vtE9EZi/f02hYJStCerTtmPyZPNqf5ulq2KcgWEI52l
+EQEB9rHprd/cP5czwvKiDz2Oc3CELVbXmVGJhLWj/uJoH2FpZN6sPo9l5cqM2FKM
+u7Cx78sGTZ7UpcDCEhff+EvKJTskOyILiFqGpNAQW4uFmSNEO+KEkYkBOQQTAQgA
+IxYhBDHDr3PuPeAtcUmD+VgDNU0h/p8IBQJa2dCYBYMHhh+AAAoJEFgDNU0h/p8I
+MrUH/2npDWMIOChTblB7lxqG+BBt9JgP95gpJT6FQGp9c4Y4GahiicCGm9v2z1+p
+jid9vHnsb787LkBtt65z6ijIeIAhj0D21sbS6zVidRn85GUWvbimlnoks0reF1tG
+7SBRUcfmMh5tr3nb0N3NYrs4EKGVCv6CMQ1FHAbdxUQ2Annu9rXJUHZEYc8KRD2Z
+GK9h8ZXxWEMiqWlU9HlOLN1HdJyg6z0ymBHVmdlQtRDJULEKC/Cln8caBAxYu+vc
+fX8XvIhJs8qMM8IBodkJwDUxDngbOTAuVwN+BarBb+mqgC4LNhhsGQDsMumjXfLA
+H8a3KmF9tULRLRSJX5S7PXhttQaJAhwEEwECAAYFAlrgSisACgkQPWr7Q098QA/u
+/g/+PXizHzsLtbpxH9Get87H5OeH5DcObvLwVE8sKDYaZ20d1cMd3KAW7gq2aBWt
+Zp7jUmjjFjaEVkz3Of5OO8iU5teqFgo0Wkt8uSJNdNUyaqwfwsEXKUoC7QhSDPwI
+MCUnL0SbBFkb6kEqKSq8VR6UWnrHpH2XMuD9M6aL9DPGVuEivKHPwXXXIaOe1U42
+tEQk4TBrD0Ok/WlUH1U9yzYRH2HhEszKePpFGfZycgvmBxYVCmHSarDV2a+DwDN2
+yrT7zfYMmwpTv3NaURZRs+4g3D3+AbW2kiPI1yddgtoRG80M/gkKwdIUxPCw9/+K
+dwfq1tvre5Donu3ks2qMilWA2IghuTl1R1zNI93Hi8G1nYvlu9KtajzjVKtiYfZB
+D2HsNllqsRhbaS5LX9xTOnQpb2TXeUMDu3v/FEOob4pNqOVOrPwAscagbnsvShvr
+pWeCO7+X+9hvoaZOSqimGf7UOC9oLtOgJPXyLZVw+KGWIIBA2+tul49jJfmOCn84
+nxyo0F7oO/9LtjbXWRrFDIS+pUR7Zf2dsBQJytdXQ6AesyHuvHg76zWLJJkPCR82
+QCaDxUN2P5ZltmhnYekqLXpx4rppQOMyhUEwRWhnUhW7MXlOo7dYPFJo0g1zNYMj
+w5J4M16z2CvQ8KE0RUAhViXVFDVGBVfr+npNvzROQBHYuj2IRgQTEQIABgUCWvK6
+TwAKCRBYqdDzyTDbFsW8AKCGkFUnZJ7qMAY15kYsODXwBVdzKQCeJcsKFg9X8ny4
+H1FPp+LlhH6xVKGJATMEEwEIAB0WIQRBkFEu1zqayxIDQdcEDFEAfBqYLQUCWvlW
+VAAKCRAEDFEAfBqYLZGFB/0Z4nly7EJCcyrAbimNzuAZmfkVohgQ0vvrW/NVn6YA
+aLQHQoI/feAJCL6stqC3KxY3pTVcKUFZk/gBn3BT6FDptC9GPZ9mcnWEiUc1Czw2
+DK/lRobhMbrNzoQcEgsa/++uIrvJAuhW2zg9N5F6p1edRkBt6gyR2X65GeopNcm2
+vUP/vjmx7Lbr5JD+vhq8CuepO075T7y+aciDewijPj7I9m2zeuQmGBhlKiq37gV1
+WnKZ40NBm/7/9mRq95AXq7pdHOtGjqqjDtlobI8Nf+3gZgH9c1+1C82N2MhDEu3z
+CC2Lqp4U2wrsEZLzq7hhgur6r3dxgCiqQLOBl4GBfaMaiQIcBBMBAgAGBQJa8W7Z
+AAoJEKJ/4hHFKvzW/JIQAIh+YOtAVhWkj9iHlVe+me7S8A4DtCDK3RWJjuAIx2JC
+F9VbXxhqShP3V43LCbHVXaJEZ2eoT3iLx6qqHiSn03T33OQFbgscITkw79aF0Mn2
+M6MTmt9MXVTJ6Hb0X03sHu8bEYeyd3HR52eOOnl6qrhEE+7ZXU5QpuTkk2GOGE0G
+B/Th03AI46iami5nlLi5tsaOQR6CNtL9bBz0KALLHEAL1dHvZUTZ4tqiHAgEROH6
+BxWQ4HUi1uwAGUXC0Dn2tJ8/Z9xmFwZNRqRPYgcd62PXKXYr6O6Gt8cfbW579XJ4
+oBPh4QbQ65Oy9V/qV8UGP+xlufNnqNXv0nYDhuJcNL40pUHGX+50X9EVAp1Ocsba
+bd+84P0oYmI4Wfc/06VmGqgCP2bzPH6m0dmjemx0O9JXDa4ydhBwrzUg8RcooKE6
+xiLDOjdefR8iWsHCEFabM/oNv1xV/UR4H2DscOj20X421+U4HOpxCBsW54hKSPVC
+Wx27f4UZ565ZsmJl7w9B+6CJBB9fbI9Cc/tnFDIHkCWVr6dXCcGtMsP+fTo7GARb
+Z21XvtP8twzXnNZNXo7WB6sX9MdTXfyx1TGxv9smN3egLi7jwbG7VuzxVSP9OQR4
+tl1qYpGCkiiwLQ12ppoHavOzkdSd76WTp4oojx1G2Z2jgOHSmeDaLhXdVrFm1yjD
+iQIzBBABCAAdFiEEP38RmoiukSTBIo6eSKTSzT93sqMFAlrq1wIACgkQSKTSzT93
+sqMAYw//XPwLyCnPRIo9jdjtz62wvBX8wmi98iqDQgBB03ArJXD5oM06jT//htaS
+tOAaWbQzfQEDgB0mLJPeIOFYYP6sJSrIhOhR0/KQGYkMzAIpR4cIHN/Lm/FSapi6
+2J/60FX4wr55UZK2yVHrZxvkrUBjK+maYK8LQfjKIAkxTFJcvyDPeI7oF0emqibn
+sGuW/43zDQyaci/oYRa5mB86Zxo7MdrJymxLk2UXzWCIX0AAcXCai2DQMwjhMuyU
+v7YGJaCRMfx/vcnhtFcFMxw5ZJ8TGsRG0KGlHhjIB9He0tFuNFXwsbcqtnuMmrY0
+sijGqWyGa4//SNv1bzv7+APr4VMN5T/V8C70qFHg55pnpeR1tczLy2xqfbDHK1of
+WPInCB/H/ooca1U0B5PK5mQIigA6VeBHgdkyWd5AOaOsXaldywEgamcsrEGYljLd
+YxbRhBmxh/RsO5BZTCVauCG8J0kVcul9+Qdh6OixQn+UOdLqEOLONqdK04SM3ceZ
+WKpHg6PhnYOe+kGER74tCKy+R6bz5ig3HDks0vPraY/mlAoCSJ9i0QZdvZz/f7kq
+ISqgrdT7Oa7L7A0MXQbkOAbMo3AOyEDFgk7jH7hsIUntymvBLGxPtBsXV6Q7LSQO
+wHr3t6EFuY5ukBpbxJfr8dQbWLZTNuCRn/k63XdRpGr0035Ys4e0H0VyaWsgQmVy
+Z3N0cm9tIDxiZXJyYUBzdW5ldC5zZT6JAlQEEwEKAD4CGwMFCwkIBwMFFQoJCAsF
+FgIDAQACHgECF4AWIQQfsi+0SSZYO8dAASJJpCUcluCp1AUCWwQLVAUJE2sSxgAK
+CRBJpCUcluCp1D/WD/4xwPTlXKxH12D3vP/2wmkqbf2iudU+TlmcEERIEin2aBw5
++GzxY9l8rNi8HWz5c7xA67Gss81I6RJJ0yXvuMwrfRPE8/FRFLXfgsf0twbxUI9x
+krxXrqMho+zIXAXHA4K8ClKxJ62sp/IvxEZ8uuM/BAsoNOGWdDjxUWJutmgcwqKW
+t+6v16fz0R8/7W21F8J0aru3XTrygPsddx09LsUN5E0aenUrYq9XN6VnobQpserM
+Pd5lDc6wxrmlPPVNH+TP2Ne4QUKFhPvvNKqtafc1QBdpnttOHQ+xokN+KFDp5kht
+YRrXJnzSVRQgE4qvmddPxn0ihTC7Rb+JVinZUBEFfUDKK+cLJmsU4o3N6OeRpjbO
+qw7nlqOfqAS2iM4kabeqwUZ72fCSRk2cVkTJx+P30eztdLHISZBldFMV0iXyL1L7
+uNUxeA9zbKvy2XDsJqiuVh0v6saJunKs9Lbi7i+6R7strE2ixYqLP+gyOkJSNAhW
+EqCZf95rN86ymZkGHB7qDRjJP3KjPqtpqQnZIRFJsRlaVrTDu2v5XxqBVoITh/tk
+2tP7N0DPb5rDbl5e0ABGgagEAXeW6loWootI9Jy08Fh4MCWwKHwQhF+xtZVtKpP8
+N3AKf/rwNeK4320LhmqUJ+UtzaEuFN/EhK51uH8d948bA27GawVaKUOjHy4D5IkC
+MwQQAQoAHRYhBDVNT4IRkVfwodbiJxOg9efafAmbBQJaavu4AAoJEBOg9efafAmb
+yqAP/2rH578p7e7bvmsoPFBbdhzHhij0GVBPXt3nOvHrXLrQi+7uY7iNJoLW4MV2
+tSvHU6OTISzbmgura7GbtGsMRRx5U3Q8fvY6W1VKoiPhMBLGBLAFsp25e3C/CMYX
+2s8ymMnXlF4OiycdNDBQBkn7E5qhMLflkdVus2u5IGFKluNQJIi5Sm7Qseq/26Da
+pmiuSq+DgLYiOs6dpjxWbLLSocdVA0GAC1lJhCF3usjDAEe9Vs9VY3NG/IVMpOR8
+1kWeOWMJuQIzF0iCKyDbeoYIL075QnnrCXVeh60c/O9Op7t4J5VqLNINxeB2nRkp
+1sa7+Y8w8WDz4Rcx3No4lqusCKFTDRGBjjtzIDNGz9j+dslx2DCQlYWnO78JyM+U
+aBuKwuE5x/e8b68Vx0q1mhbEF3Kx3fsklmxmsmKPJo4BmPTD3m7Ah/sAEKHCQxjl
+qPbsc5bBgJESG6w2ex/EbbA5kDPfpN3ILSCd4l8Tb+YnX9hDmbjVT1Z1BwIf+sUm
+8h3cZkOt3VdJkF+/TeA7++G5wHb3MSgreMe9t87C7/mR6PsTcCS5DV6EJdpJoE4o
+DuDvX9/ttacOM8SDGPc+snI1DgwvsBZzF+Vy+NuKyh74eImJDN4EOE1kKbiiqD+R
+XQEuom8ypLHgPE5eKUoTlu+q+/Kugs0L5boNOnMyFVqtSFbHiQIzBBABCgAdFiEE
+fCCCjdxxiL1zFw5hylj7whtfNFwFAlqGwrMACgkQylj7whtfNFxOxA//WzvhwdID
+eLPJQSnHW8hLwA8R23aqOPL7A4uyDp40QWpt43fXGFKrOnHRvsOvp7VBq+kCRXbA
+eTV4pWQVwu2mKFnCpdHWS61FYegQGMwsBNHscsV5/OByctQ9grPrcQXyJmDv75vb
+PJGlnM/WYMEbuDlHTtiDY9l6aiTaQyxu5sPSe0FdEfT3+kIliy0xXBctUBaTrC8+
+nTIfnSIfXunXdujeHVpIWYOiGxuG9wCsA1UeznIqVj1eC9k2aAVYw7anJ2bGC4Wn
+CqJcTGWgZ+3z6PxzI3+c5OvqpVCdoeKTZSWpV/S+oqZPf8cAd46uZJmaJ+TExA2P
+qHzDYLm7xouHQldC7K+fJMEsPwa80erlKJAz9l5GEAuIJi/FZnn2Zd0nkYlUJjXR
+4t4Py3Rk5yMfowiyplyBS99DbmdI0STuIkAbrIP/TAxLTVr7XRgkX4McbawRK+7w
+By0v9f6mKWAVw9HgAwEQUB2Ytr2qv6WHev+4g0zdvYejLeh3wXSIVPG8YO2M1jwu
+RB3JFTSzSkQNPBDwDDS+Sn60Hv1jyiW0MoSnwuGEkDkBl1Ec5UmotExig8iaor/c
+tAabWrUxbcn732j+zPDu+FetdsIxj2UcJFUwxcolqv2mGBPcJvNjJbOBAhd3c44j
+qG98R3Srsd8ic6Hc6tDNzqhO4gO9K9lsmjKJAhwEEAECAAYFAlrXa7MACgkQapR0
+qprcdOzJvA/6AhNvUVyFvtaLy0B+1qhK6Oo1xz9r4ctW+582q53b+SzYcV+kIAiB
+fdkFFQO+ipeIxp9YAkLRroCoYcm7hgJWFV3YP5ZyhL63dWR548znWyZRn5/AW3Q3
+sSkkzscTsdM84MPFKoywXhL5QqMgoBZ+oNVgWALzwzHfCPBVHv++iD1/DA8PUovK
+eP0t6JmY1Kjm7TI/NL1hM9P/RjfPXjFVRscrQ9mDBKw0ZDxrZ1FflWfgujOMdzYe
+VtUet/tX8VpQ/zLAOYwxp/R15m9OfMfnIR3qpXai1EAEhnmwGXXtGCmFthHBoqlr
+0Pa5ZlzH4m4khpF3vCaATnw9LiA32xAaZtGuIVhur68QTp3pmz4gJsmIpSIe5vGE
+qJPslNKP1zOCyS4VibX8k5vVKxqu0ln4uOD8dPosYsyUjoDOICFVlTEpKUgtK5Sz
+ym1ZSeB71vvciMC7haaonyCnpVgsX1LG4hP9kY0dloXAuxl+z8rgphN99W22fPkL
+2GmR5nBpg/3/A5a73xFajzEWQPQ4aowk+LkgrXkNnqCt46gNq5s0vfg/STVsTsEd
+LbhKZZy9kZ73kuwgwrX3DzAfe28pJnWheazFEn8ClcVJQGVj60DqsTF0MRH7FKDY
+XInzZWMR926aPGIQnpPSb4GKEI4STJNTf/YfnUF2OfW1FqjjGAkcIiaJAhwEEwEC
+AAYFAlrXoR4ACgkQotQ6v5fLNEUa+w//csuigTGtWof0aZ8YpR502opz332kxNdQ
+NxRwxdMbISBZheapP50P/DRmIRqXJ+O9qRzs8Nlofhm/Rp4S4xi+Q7j9IfmJmMY2
+8e0ccpPxFLJl4YFhSNUJinuXvByj2yTlRExnIwb9toJu5zBfVK7F64etx1nAYU4j
+Ri2D8Ns+jv86wZBaeVdwUkxaoq+p4+tjr3f4XNOGPhzaaqv59c3LxPm8otpUaVox
+NoSlE+RpWlJ4+a6tfATRQhGg5fHKc6A0ygOPgWiMgySTqn6wUV9YAH/gp6yBB53d
+x110nNXZJVCIH/LOKm+OVoU8dRETOIkG0f2YJPF7/l75owZ3J8AhpwRpQbBDlQjz
+dtxrewqiyFhUD+3jq4mIxag3gB+Kkf8+bA8i7Br0Io5RGTkAD/eePNtCt/ONRKsb
+So7GxgdQaWsyJffhHgBBnf/Zy3iHnxJiyaQ8ju7WiITmG1jZdAUlQ95uNEatHrjU
+01Hpwp9kGz8BVcxeQxKiihXgp/XBpRnN0cMCqH5xH7V6nw1EcVdXvrq0dU6B8qKk
+D8IOBbTYZ+j5OAZO4knBJ/ZUYEVUET7ZVUD1coQ32Wa+MbbR9+O+8n3T73m/uBxy
+MHqpY6EZqwm7uzMkWJo1x3mBDOFHT95N5detTR1KfKAPyK+yM7cjhXb7pXcml4Mi
+109Zy53NVFuJAjMEEAEIAB0WIQQZf85cE0Tqoj5/wGoyTiTtPVoAHAUCWtgsUwAK
+CRAyTiTtPVoAHPXbD/47v1b9gNCTWTdR5mDF4Xgj4u3wc22YFXbcyDNyGrd4S2tP
+HkvGhT7zWfYs+T9zdtE5n7ZauObJN8NS6RyIkAwIxVVdfuJZLu3OCKjflCSGhwTf
+CS0Es8cFUqL6yGYZ2Fwq9tAwHLH8N0Bc2geY6dH9TlcI8RkeEocnj+ESKRAuwPF/
+9ancDpvI1/ZyYCduZeDbesXBHY2wV4fiWYxn2Np4DR7USqoEBHDgyQMg4trGDNcL
+Omym1JwCXEE+RK1Q2r7MiBbLUqR3tdCx3oUCypwbeFd8JTTZ23QBgLyi3BKoIZC+
+hgpFmDogYkHc+cHjpsYtycI0pRoZSTRKOs6Kayp9DBLhkkMnvMGjBCDqjPc/tmZH
+Q5gFvMQuagUT5gSEjNIyoTPBvuoWPsCZsAZgZ237DlIacwVoWc5zwMXDfFmYyJWt
+ZTiSpyTGPtRvBEzte/DiF1SqmL1G3TAvBq/ljzQmnBMaBY3oWIXuuR089zz/ZZhd
+pYg7c9eizM2G5ETYH/eM85M+b7QPBihOTButa709NuiE8WCszp4vXZ12PpLArBFc
+MKODMrnv4lrhEwzjq6qT8lk8rOVwj7q2YYqRGodaYPHm0MZIalZwlIBxqKRZPWpd
+ak2FT1eXIcS0Dfpt45hHBtdKuiVjIQzqCYHTh2rb+apjozzVvRzHm7eAENw5F4kC
+MwQQAQoAHRYhBEMqxVXmqEiTdbxc0iqWj9kOCakBBQJa2D59AAoJECqWj9kOCakB
+R5QP/iCvOUwkm5gYA1NRoI8p0YtKV6jVVr012o9dms16pBSHwSPR5VtVCe1CoV1C
+16QiImyh9ncECTbh5kFYyLpZ2anAQWlbbeEmznwSZ1X67kJawnL/yZ3Aq+35oh+3
+mzjO++B7J+uvhN44Go1qWKTO9iWfWlK74UEZYwdPgRwkPP+MPGfvna9Z/yh/Fbsx
+cuclk2oyevt0xIypNc9SHc6LxR2Nj5yIay6RURS7IQ3xtM4fejR5C3pJVYRxVgFI
+XpeAAg5+2HvsOXE+IqqiIPVOJiuM/KBQ4I3R0i0mlWbFzzct8VFXbRmpBI0HCwb8
+3FWX8QjLspMpyWTzZAHu98eyf8WRO1KqYhK51wiw02IkJC1MouXkcZHxpWJPNDsl
+Sr6dC8AlB11TfQ+s1eB0NVUYcvlK5lohbYL14rXz075ASYDsPxwMju0EebR6YDcS
+tq7CHGCCqs4Vm29cLcI0qvn2Z38HGnw29yTtfM6yThEBGPUq0IJ/xCJbpHQP4xlK
+jpROVmwFqxOdgIewxAoLpd8GOOIFaVDknCfqB6Z+m/GbPeDy53/Ux1aYlRyD6wYX
+jI1CrtaGGAlBtSS26Xm6yO5+Y5Zuz0XNQeafv8Q630wmZX8Y6LXVPhLN2s2TyUV0
+1ET85otSLX8veUg1VpkL73S8g9+MnVgn0RTcJJY2VH4DuZHpiQIzBBMBCAAdFiEE
+WYrPoMTfW/SQAAtemoyn1ZUP89gFAlrZlrMACgkQmoyn1ZUP89ipog//dZIRIsW6
+kamerPl+ZwKdOHsWGQ1BkJF63j79Qtykfqkt2eiQBYQdqs3wvyuDjMWyLi6fWAoF
+aSiLLdZtoAeBL2EvLV1SeZSgSyqLwYJCHEdnK2TcS6kJCV3h36ZZ0qlRS+ebfyjB
+01eV/jNQpZUUvZPzMaDGQT6YfZFo1mr9wsRyYVKo1WPfBTrBHaki0hR0cOL9uvGz
+N0Og58ikQNioVAzqGf4rfUlAZS555FDCdQkNTpPPO5bxr4IXIQ9Zsw2RvO5U6e4p
+5qVEO9zNsA0iwEyg4rLtpm+ZXVwn6DkU5rFwfn9aqZqme/cRLVwWFGHSgLiRPIJ7
+Th1Cs4L7rGhaYP92HHDZK2u5wPvnNUzbSDiWUgYyV9jTpjBIORS4zFD4AdbVFeMM
+ENOfQqYrlOrnHhbrLUtFltM8VUhJb25DnuZ3GG5uLS1cakxKgCAP9JC1ssMQZiB4
+/OhNyo9zSLp+8Hd+KKsQwu5abl2Bv6CzsS+rJomCjeYL6P95gCJOS0+PjZZ6nyTf
+uOMZegygyiKXqq0VHnxS/UL9M0vjdT786LtBODWiaJU+GPWNxa8LNSo890IqH4RJ
+RjkhF2/wWhYtrSt+Mhlqv2BErts2d00Lf1RK2G31mFXMNzuR8/PkRs9bBHHg+hur
+KCClEZetocS1QsBhlHxO6pWS+A8F9Sv8DxeJATkEEwEIACMWIQQxw69z7j3gLXFJ
+g/lYAzVNIf6fCAUCWtnQnwWDB4YfgAAKCRBYAzVNIf6fCFjXB/9+t3dUvOCOCBOT
+Z+WvNbMzka2zAmJTpqCdN8U4b4NwlKrvCdqNXHCtpSSQqlJa01O8liUpaoyCq0ZX
+uORYhjBtpNeDhZqtEOVrwc9LOfp6bwN1X/tElITgPAsXHOIe42RH+hVRvT5kwb1t
+WvxCSTlXYkkjGSkn47vnUSLhhhPKa2MIcR5xNMkvAXn3seTX1JBTcduRDkjeo89E
+8dEk7RuE1zdzoJ63sKv4FNL97lcS+U07IqzO9xN+45qgaIx05uskVBMqrBcWXr6I
+7azilkK4lil0atodzWRYM/buef3WMTUhrCauNZla8BYJTw8PBirIpwIulcQ9SyfL
+nalHLyROiQIcBBMBAgAGBQJa4EorAAoJED1q+0NPfEAPSxoP/R3i9I+V/GNszB0V
+JXWUVFBS2luxRV0Yhdj5duErVv80NOY33s2Z1irdavNw21KgB/YTUGCZqrSzEtDi
+vp9NwAUnWstQ1XKBtdxzajDjOU4YZKKwo08N+EH9YjCyvJrGrzd37jcp7abq9Gf1
+KNQXIrJ3UQoSsWYA8h8x0GSzNc+bIBoPJ/ccHOC7YHjxku6Q6lg0lyZB4lXYz8Xq
+WPTyuZ1A/qzMx8OaLO6EoF6i+VwmfNzvH2eiRxErfEpieC8ZJRTagq2m4JgrbGfG
+suHQUc0bqB/LcZi+fde5UkONvVMIn1IwsObBO0qYB9musuNIYF2nKr7F3j8PZTfK
+D2kj6+SoN8iN+EtHM4B6rGPGhwR0DndPKyIk1dxp1RPw31KEytImnyoFdreNLSdl
+hD6KL6XfPclZoz7e/+Nhs45FDqaTCrPetXZHbZchNp/lGIHxpNHzI7rks6AJh64X
+uhNLjGnzIshIhOsm+oBxLzEznpWPF/DaD8dDxbXD+6NMr2yUBMyY0Mu+bxLpaSII
+Fm/NFKygl5ETQSGJx1s/KXkd0z5dALgoyvEyr9O600z92nXZ0ZcRXdHaLTBOkjCp
+SJFkCm/phxHMAHC9pZS99bBGAFNlqSx6ACpjB6gDrPs5lQtitR+OMQPXNdiOv9HP
+WC0XrXgMCrllUS2hX7tT4P7dpbHwiEYEExECAAYFAlryulMACgkQWKnQ88kw2xYN
+lQCfRa2coErcne1WA3okQha/V0Ut1xYAmwUZ7Wr08ZH37oCNCjjEDNxpQ5tciQEz
+BBMBCAAdFiEEQZBRLtc6mssSA0HXBAxRAHwamC0FAlr5VlUACgkQBAxRAHwamC1D
+Mgf7BLmT5BrrY+2qs96UUnWE/fBKQLToJLjTHJQuNouTQjt4ELS/UBCqK8R/DK1W
+VKSuaOlv4Rwgfyti0Ft+YcnsMxulTfNgnsMEVMB+Nj8qNClP426RStNxj27m0CR5
+CBvgf/KOvinAsOwXbetl2VEbJCU8J4Dp385nRfuMN51OmTBYp0d3HSkSksPU1MbT
+dC9EuD9cu/n6ju5Rf04MUQHjl79q/YNPxJ1mc1UTOzzUVxS4g3epDImmsgwXO4eM
+K/RaaDHz/WYlMKfqjefONTeRfcRtf5MgfEjQ6F3aHnSZiSEHPef+Y3LMWfgmJccV
+9Ua/XJGUwg8hu81F5Kev8aNjeIkCHAQTAQIABgUCWvFu4gAKCRCif+IRxSr81j+Y
+EADSX5NU5AQsE7NkeIckQ/LuDH8W3OaY+IQRk3k5RTpFq0rnwfXdnwalLa0p0SMv
+k+IDYiXlhcjqq0B1pPBTVZzNftEpkEP766BNgjz/uL2Ual04DoLf53Dn0D5ySpLU
+Dd2XzeeEJAY54Zkjre2kLkkXCooxaZpkzuktKDVXp4R+rynDjWK7fMeJpZl7+BXh
+MDqQXK6S5MQJbQ6eNfJwz9ONu256DLVVvmAYB7RbBFItTgste8a5gBMnrlo+ydC1
+ud5nOrzQJjbt/tU00392iL3XDstaMLC2+eNAjxFKq8KSEEbaPMTkFgV330Tjd6Lu
+fJc7c+fTz5HCuHoyakRQ0yiUpVkXjpqmjSz99mhw6rC5/++bQLCHPHoJtIdjvfb+
+uzxIO8v3r5SfcGUZghTOzgKBE66QQYtXm0pv2r5B/OMi7Y3cpQEyh3ABntXzB+DP
+pu592DLDQblwBTBCYmZ6Tr8cCubGaOd6WY9YMOqUucGeKJRYhdZGJ47LRSjjILBw
+WeSAbUpmm6nqFUdRGDt6OhNeWqr4R5u77JCfwpVTVVUPtR75ypdZYpft/qNkTGMq
+JwLjIIeiNVNln3FEpIA7y+j7ub4bFqsvmpYy9DR2s2tTVs1P6xA8Yl5I3D9q/302
+k8YsqZagPA/gfh1jVpwu1+XrjfaGiTAM9kidxKKmGjnGTIkCMwQQAQgAHRYhBD9/
+EZqIrpEkwSKOnkik0s0/d7KjBQJa6tcCAAoJEEik0s0/d7Kj8kMP/286fEObmNvo
+9RK7K0v5K3qXxDycoCSScieTjSH6z4CX2k4agyMB16+OTa+u8cutPyZ1OCmLG/at
+eAnmFDkSsdfRqw6qdeO/FL9eFgRkZfT/3uLIkjdr2Sz7kirkvTOUgj28RC6+9HR7
+cH0eAKZbcIJvu8TLcfhktftve0JGAnWs0ag+m6N7mjNO4ROrfb8JX9xrKRgPNUjr
+Beyd8e8sptBSs63yDDXXXPcZCe5Wa9N4Cv0fxumyK3KmSfME4KozLzy+BtSBdQ/g
+/ZiJrzhGSNfpDlunz9/ffVxk+p7VbxDkAP+KxpnuGvSWQzdTtFO9/eSynwwPWVFS
+0aFwQsyvEqqeWD0zk5VJaeRfws7CYVJuD7EoHSBocHknmd4zsF17eeH7XGpstCIv
+LvFtKLuwau0CmGkYyy563GYJYA1sQkLTjeiQ5ebdrNMUIBRhigrQfERS2yt6ht7X
+LvfFRuMUqOhbku0Y3vXQ7+uoNum9pxnEHvPp6GQwd0HyfUREBQls/QQqRG4XB4l8
+H3/TJDqi1R3os6D0naXhvQcKX2gbGrogD5tNqKrCeMAZmJJSswmhijhEQFzKgTxD
+NRjCvY7UpyTwcbLQUsLwCmBEnlXBqYYfH3rsDWt9Waqv91Yap2tz44DS70U7XKsL
+PTTLlFZyeAV4ijxTsXnXF+UHrbwBlcsguQINBFpk+4kBEAC7yqRbae/se4eUF14+
+pePi+ZRNyTsdhc+vW2pRDQwtgSi6Rgs/cnTQnjKbxWhvmGxM6lKm+N59J+N9aGOM
+Sf+BGWabxfN/HIf4+slaI+89ErOnKUtXcXnhxPxLGfa1OpEeFSMihjNFoCTCEngt
+k+D2ng41GOKb/qh3IItbLasqev6Iy6A88L9UZt9Orznzd5vctR6nk+nJwnsbVE65
+HQuT7jiMr9oWKIqZpsB3va7kGwzcC8j1EGIFHxdT509exAaoAEco/aN7ywLD3JWP
+CYXEj1Xnq1GZHkh/2W9gHDQzLKEXdoJ0hOnmGHhRdC/MHZZYrTSkvb1byBJIamC7
+HTK4rkU3jDJZwXeCUpdxuxlh4KHv0OzvMwJ5r/yS4j5KhbUhTcJ41gSDIy3bH9/W
+guAKOY9TYLitBZBcOUNnA6Oc3iTZDex0Al2Iz0kYAJK4NJxJ6QIe7VwgXV/HwdBU
+hy9tGbfSYXzPDusfjv8Q5qtz42S1RPkP4w0ochb1KdD76i5N/HAknHvTbC626IQ+
+HAELyG94exy0mhjjzIVLdUfz05BtKirZPMqaNFpAeLJbJ4pW7iU3IHlb2Hj1oBKO
+fkZ/6T/sIqwigJZj4aFsrl1IcoAW8y2XHOMpQ20/PGf0PA0kbJ8jfmAn/2Qnpz09
+g656aSbiawkbgz8OR6+WtX6X9wARAQABiQI8BBgBCgAmAhsMFiEEH7IvtEkmWDvH
+QAEiSaQlHJbgqdQFAlsEC2sFCRNrEuIACgkQSaQlHJbgqdRSCg/+NtXKzjOKS+VD
+uW2u4lRcl8wm8QVIwFoLl0cEiLeCBTNnYqrvgaaLTcI3XL1N6wFvWHcIRGOoVX/7
+3pJUYfDlN8Xjgf9vDMEhAdELW/lYq/mgC9O0dPoNRuLlWhMMzKvfHIz0ntQ/TBUD
+ocl4Cz26NfeGCDBPoi1VOW+C5Wer65r10DT4C9WhDjSJXUS1p3jjzUw41LTBKNqw
+svmevMotadzSe2t8b8wGGFanYonXDJlMAZdaZj8kAjMnOWT50ws7GhxGmEr3HrLg
+J6B9Kcq21O3Oxl2Hb+QyYTXmaNaDs2vboe11z+/y8COMlKc+yHZVMsfoqgowhVEX
+f0A/nPMCqHDS+WrHza8SmKtdt9ECgI4nzTZycwBmNk9JrQs1M+PTezNB82RAxXYs
+WmPYJBKenJOoMLVZLHqydpHNR6c0pPPr3cOg4SZWEdX3nIZBDCilx1rRPPGOyS4m
+0ncKvpNsUqK9a37XrD5VBtqMJS4QcLcPwYDLzJoF1geB4ZBh48d9eOq/0uDgLIMs
+QQH0qnHyzAjTgTY8gU+w3fUVRlVvlf2tW90jtMtP6vvzx1rTh7uEW1BospGhly44
+PgjdLYK0aaD3QEal6SJBMN2h85UnJGivgm867+2icMCrCEV97vHeGBoBHpxw59Ok
+BnCrYW7FDz6A4xjXuY2RsynF+XpPNa+5Ag0EWmT82gEQANLhyooD5T8reN9yqakS
+OBnGoe5NqWbDwuObbrFFI/jiq8SV8MzDMOC4MRgRKSeR/gulj40r+fL5s8bs9QFa
+3WbK3galHerfQ9F+TPCJaVWc0GkH2M2P3yH7ANTugqnp+JENzPF3ybypht2c8Rue
+M8QIkcCUG1HTf4G2JYky6HppkcCgWgpQjoXVJ1foyPfxPDqwTITWPR9mgpYu89+e
+CV2eePZS+F7EcXGZPji3KGSISThDOpu0tBBTiLtS5fBmcrO0u1g7GNy9KVSwixvp
+HiCPsxeodjIH5o4Bg4/5OBlzoLsLfgdKQyQ8HHCP/VtmGwZIhVrAVT08lN3dI9cF
+osfYtpzLlE8C2suEhX0yGJHPnfel8qC1Ly5px5MDIAkWExssHPN/g9VEMsE0taZw
+hdPmkcHm8rhz1cxBA9mb2J2lBP6pOp+l2csLLIr5g2e2gV9KdNq4ognNWD+khWWS
+tKVp1x1Cy2CiJ64pYGzkFxFPFu89L9XG8Gjt0XwoYM01gn20K3qb3yrSvjFh3exy
+qfE51DuqUntAXxv3KmgITjs6/OCHd+qXjJKfWh7bEnNmywtQZHsfqC3p8Ob7juP9
+R0HuxlV3q72BVXsfGBPtWPnNeMHCszAQLoaoeoyznXTDddDye8BoBJvhcyI1fayL
+tOxD5nkXoW/ddk0ym+JlNBnNABEBAAGJAjwEGAEKACYCGyAWIQQfsi+0SSZYO8dA
+ASJJpCUcluCp1AUCWwQLjwUJE2sRtQAKCRBJpCUcluCp1HPlD/9MZaFi/ndpzRU2
+8U8ePpD1uzSaG8voOK9lWmVX1lTboliBZ11iqZC/nSVi2gGmlr1snFJ3Rp85C1Bu
+syWC17FtcSyJ0n9ZncfkA49RFJmYGoxd0ZhDWBRGbNugTMjEzopSKv/OQsmm+UBd
+IPdYAw8S4grfpDStTNFFAvs3Rg3c9WlLysGcr6swnsu2VmRhkQk8Ct5DD1sCA/mV
+d5+ib6P0UizD0GwvQyG2oUwDTwa53QU5ItJ7S7YkCWbsv73uvuU+se/JK9T16MJm
+PwOTuTQjXh09yvUU5Eqy+AZjTewZiV1ouLIZG2IPbBJeXyMbH7ZfcocjzCN1nlaS
+oMewhlaiSKLrS8JVKhIjGUhFgJWQZcgacBludhkiILmMsRaQak68pYAToS/RTjTc
+lUYo2xKeSLYH03NmxWa5D4WVXQUeVLmHFkI7wVPXXHsvBnXn+J+cG8mawDewNIv/
+TsVpMgqv/KX9LcKIrA09tmrQSPxcsxdJSl2Ar7UAkx/so5fFgC99C7UXGqcUFR6K
+7WpOuoDNii2BJLm+nNerbNOKAFdAbaotFavkjHVxOAIYwUH3wopDaQJ/Bf9SmGer
+0OALs9cStcG/MVrR7R7mf7YH/piTO1CjCKWluklHmEXAc09X9nD9TxxdO86DdNjq
+j12T4eep8d/jFKethdMgvtVy+k8V4g==
+=FFHM
+-----END PGP PUBLIC KEY BLOCK-----

global/overlay/etc/cosmos/keys/jocar-13376BF892B5871181A218E9BE4EC2EEADF2C31B.pub

@@ -0,0 +1,75 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGL/dDsBEADK7apJAq+EJ+0I2qmHDl3vZsS9z/e2x4tYCLDLXSDEnDvsmeZw
+3/Is555uDGgLYmY91K86l7ef/p7zRR2wbs3nguSo6KTbMiasi6HjvW+PcdW8SqVg
+cskocFX7rL44p09+Huesi7JbQZDN46nH+gn39u6Tk8Qpm3gZP9JwptoAZWcJzujW
+pY0Ni78KKbSFJjjL2YTisUlGButlFOYEwmvjVJ3+v6DIVeahqxvdtggy7sQZfRDc
+u48SMsre/xqHvnLEcAChqK3etIyWtee/CNcn2cOJoVlCZsK/a+btAWC3shL/g64C
+lFBjZU/EztXkwk9HPyxFoin985jINzdiWm8nJZeUxv+2KT/XNOLTU2nNSBtbz35L
+dhju/P3oRBmfYDzsppDskwlYMaMubWTlntn6GR6u+f89I7xeXsdUeKzprRGo9yO4
+Lm/5FsTmwUlkWsyjYt5KrLtCAZCoukc/1TOp8ZixgADO+fCPGixpYjlLSY2SiL/+
+zLCHXPJzNi4a4vrO3GrV+zHdnNGdJ4p+VWXACwhnFyLkOW4T/nF+f04BS+J9yFMw
+80bk8tC3Ok4HFWFG1XHaVoafpSoy04Zi5gHAAI+xcEPE4te2Gqb/CRZik0RdUzCg
+fJFXMJycS6YwuXwUrlgB17mBXHDt7Yg4hiMGziQa+pnDmrgQQwg5WQs4PwARAQAB
+tB9Kb2hhbiBXYXNzYmVyZyA8am9jYXJAc3VuZXQuc2U+iQJUBBMBCgA+AhsDBQsJ
+CAcDBRUKCQgLBRYCAwEAAh4FAheAFiEEEzdr+JK1hxGBohjpvk7C7q3ywxsFAmb6
+s+gFCQXlraQACgkQvk7C7q3ywxs+5BAAlXIVK4vapth7VX56SBE2y/HIRcrGjDlx
+N4iLaU16yfma3YYEh2LpWQz7yMTJj+3YUaMuMcozL72BiNAQbK9lKOAqoScaScEL
+DKLDg0ngnELKuo4ACFYTiKQ8Iy+Z15WHD2WV/Sf8CM2wuWrvEcYn377Y3qkOapwA
+9DcU8D24UjgB/zpPiNVIMJNmwZLljKgzdqA4jVjWQW0UGl1NWM7ynJdPA6H4EShv
+3ZAbyy47DO8inSdtCU172LZpONbVjone32tOGaT2yqNE89bRTFcN6/5LhJABaG4F
+DALPzSCZjCJ0cYWVNJAmrYmLm+WSuYagAvR4eR9/FClZiSFQ1k/hUakYYtpSxNFh
+MrYnps5xr63uFGJ4atVytA779dqy0Y6wwsUCnxq7gZxpAyq8afPdf3km14kb14ud
+9wfIZgYPa9j0LRX4AZRPkrRx7021vhCkgjLKRn0zP7FYyBeKJvv4GsuFFg+wCGHc
+oorRf8xuC0sxanwmRRkO/3iITNUVK6wYOyJzFiYAnNHZgHsepS7D7nrZf+27Rjp4
+eag86shxmhuvSH4yLvQ9L4FK0Oa/Myi3VWo7ckqLhrFe82zENRQ7MzVbZmBkHAdT
+NZxZFNOXwsMpsYat6Xb2erJ3ai0XGTqZ1ckdChS2M6FHohk/0H78LfWrZ5DteApr
+1PhC9KUrttG5Ag0EYv90OwEQAMsHA8GGcQksqV55xg0TfGqSWtHVhXlA5GK40LLd
+8gUn7/0d8ymlo3ZOJWjG9NIpnNQ9mLRW3TsDYC/8ToJ5tlwIS9/fRoCfc7TMFWLC
+GrxpyhxrJVzgxZVE9qlKjafKOg/7ojXN8zolNlcUHWH3ehj2Fl9bwsavFDlFphK4
+plS5xUUqkjZIq3e40YNSNL4Swt6HWMwQ0taPWVTwcaX5ruN8jV26kFGA4EbacvAy
+ezyXucx4dBZSaPhqIHWIKvGrWiNcPfkTxP4v+c6OAm9fXO8ybBVN7kOZKogRgLIM
+xsgE0siSt6nKH5k+zJwIhN4l/yaI1I6M/fIVJsLlikED52FdRfpSunh5yrskZ0gg
+cPXyyZ7pPF7f/jjIpNBeD4xror/Ejk7lm0WSbUhfiFpQ7sr4lhyq3cpJg5S0P3Hy
+WPTc81+8J6iEbdDImwDt/+aG5huBsyYYSWJwa/SKuFdWMZMemG1wundhbgzMvJPZ
+RyqvKjKH303AStqU1R7ROvxyGF5tJxlQWky990X1+DUo+YDmrgWgf9/owqWE8t89
+OmL7kNfXqD5sgzAKL7fluOfrohBim6KlyN40CWeiT7/xqd4NKZsDiKFqNLZhFTJB
+W1uHerqLj4p6T5wOv66yKcaAuHNq8XyP9ypiYZhLHPNc4mh2jUjSlbso4Xn1eRJ0
+QOxzABEBAAGJAjwEGAEKACYCGwwWIQQTN2v4krWHEYGiGOm+TsLurfLDGwUCZNoz
+TAUJA/s5JQAKCRC+TsLurfLDG+ywEACFvXSt22vx1p3ss8Zk+bZK7M2q46ld6FfN
+kxotGZFMGvLojs4Oqa04Wt2fLaZiYWgFtBfMkkYlbAJBFk5C5Q/5ikQkSxIs/Uow
+vGQ2F4zphFliqvUNUcuRkqHjCOc61jKygs/V1UaWkY1gjAu8XmqwSt+rGmKhh5Ob
+MFlRcgErD9e9KerCHuRmL7Tw12onhfuG5gK60DE0shrxkvZm5xPbjzysin32Pc9+
+sK09PDIn6nFv8kfYBYcpfeFxaj18cMZ5lqf3WNwRYJk4Znu7eZTsUiIgzZ5BBrpq
+OBX3LoOrb89s7PLSNfg+dzKQBj3rBCEvkklzZHcFH5u02DxepvyGnd6FljQbnjGU
+J0OPjn4jcpdFHpGCG5Z//01qlr8+xx7kQiXFv+ENwrAbsKI1RW243oi7qwR0h6+6
+RsNn/EESXAszeJNKDxAoLh477bM0FsZn5BpG6pDhNJMVQ7M55r/AE4xD1QaoyXtc
+HYHedGVYhofLw3vyv6hsPNJiS/s9LwXf/jMNAaM+p5gFbnKRL00/0ix0zYf6x6vc
+VbQhYLD0yTw3Boy6k9rHrfLNQdwkYWpk/JY1ruEGSMjbhiyvo6CH7EhLPI59Sj5S
+OrEXCYTUCVVU7PUvs7QVcx5GgzBtmuBg47Ep2w9RfYhdG/5hTF45zVhstPNB9jId
+/diBWsGA9bkCDQRi/3S9ARAAzZJjGVo7GtqGXyLCvvMDtMPDIDGtWllDmV2oYI+y
+YPggUsWN3lzWvAUaE/YLxxFknU/TegCGNCMQog7NCmZgeAlf5Od9nDALOattk/VN
+YyxD/BQOs11aMhBr4WP7+WkaaAjhMGaRwkadOMRIhLcOMplwNCZyOv9mKfptsHYZ
+MmAY67/8QnqHiIY7TB2lUJTMJfyy0kWmg92EXPYPFpp57WabM9gSAzBi4SPEBf63
+hfpfARTQMh0G7hYZH0IJja2tyrAKjSMFdmzGUY3vk5083hEYxsXjP5DoWARLpVXX
+8VDlRRN6Q80xtVPLK1XYnOPfj5X4aBSUSzaPkwE5F2ybhygiQOJIw7+xcN9mO3eq
+axGoah//FXQLI5r9muugQAY/+WJf6aepgwgPl8uuuwLIJOqiih+TQHqh0kMe7Ovk
+4IrV1DGZ+v0nuvpdVneN4lSvjefMStjDAPJQDWkmHXUyeJPMBRBXWI42sRqjzhBN
+s7ShQGU6eZwYvI0cS2dZny12ca7vBz1Zgkj8cfv+G2Xt88jDxxqm/HxHP57jZHZ6
+IKOKKV19sOuJgIhSWX7VkPpOVYoE9ZfQ1DdCO8Du6USNPEqPFvP24lJqGqPtA4CN
+5F1vTwpRHM9EHG7zgkHlZTRNlKMApoimfzrYJt1UxsvcpCO4mG8PuVGbOGdAKfvn
+RwEAEQEAAYkCPAQYAQoAJgIbIBYhBBM3a/iStYcRgaIY6b5Owu6t8sMbBQJk2jNd
+BQkD+zizAAoJEL5Owu6t8sMbhPMP/3SrFn1VTnVJW685T9bKDSOJDakBae4m1YAp
+CWLPQ+S2/MF/7d38MgpgM6c7gai9khfxgr0JvUR+gD1Y9GGCXU9cIWP0cYmLBhpu
+b5PEnbyZI6DUc0bKyAbfnAVWJv+toj71fLt+Lo7V9n38DafnKAg3YtxOxif9Th9t
+vRKQsa5q9VPj0OOFfj/PyubZgMRqZn7uamAOMRhtKX3x41K0At61QGzhecmw/6Xl
+APiJ+lbsjvX/Cgn/mKpKIw65q6ehABo1T0Ls+eVQRef+RDmfIGO4D8RUu3G+jt+I
+wOfY49vKxhi6rTuC18HyxPrs7uwjpxUj7CDM/LKt/tXQoffc63F9GtREdzmJHSE0
+9UZC2gcwYt4mziB9b7qbsrjubWC3b9ivcFdvWPmWgPcIgFJYroYKfn/DITnfjrlR
+8EbmyoCVmqgJ9hTvLU/0z6bW0sEIkpS5ameCau0X933G6TacAEQvdy7WonzUrPsy
+/GUZ3AFJqe7Eftvt0D2PTvPXetVnG6LJIp/OikEoNy7TDkFAS9yvB+KXaJ+iOg9x
+BCFc0lA0rh2PvbQQdyg2YPStg3o43hlKAl/RsyYCAvIUFWggHnrk/pLbBMxVnv+T
+/tm3SFDgtag4o/tI295NpFiroDu8zhPJTv2F2GxGPZmNawjw8hyqy2lF8oH9tD6N
+mhxC7iIM
+=P0dT
+-----END PGP PUBLIC KEY BLOCK-----

global/overlay/etc/cosmos/keys/kano-2292FB7701EC31F6B3A58DCE0DA0A7A5708FE257.pub

@@ -0,0 +1,86 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGDHZkgBEADTRYoZqk3uXBusvXTxT9bheOKzAvgOD9MVzn2+nQ79sUtvdosB
+FHmr737cutILHl6dzn7B6R6FPvLnoDIaoSpIdBUePLyvNg2/XjQOVfb5ONyXxXIf
+iDWLtHNa5aGmKXjGFagY+1LEEh6v4cDZnu/KSiOc5KhDQsiMohe0zR39KPraE1bu
+IylESf7VZb/HYqmXQqwae41vgIIZ3HkDfnDYfqWHsFBsF9nrCBqgJRQjQlh9eusd
+7hGsY5ZdXawvF2vDXx917asr6b+deNb072+bvM6GqnKg68Q4rhGN+y7eO4Jzm9To
+yhSggOig+dllwDzVT1Dx39jdSaHVGeQVmouym5jT3HkS9VKE9uKef/Oylf6Pjom5
+Z5XbrWd+mPZgZed61yxFCT4Gs53cqt02Ce5vDYU4aJhwiDPG9zlO9kQNf6P/veik
+Ni50gdnboC7Tb5Vhaud3s9CTSUPfJbv509X+anuJG+yFpbYxrKgIKHIvnT4O9XYR
+OwpaCc+VI2scXyfR+5qorya6aHguop9WsAk2xLpM2gxsDi4E07HURkOb7M+DAhEJ
+U3eHREaJOWcVBgArrKoMFbvfYmMZKxCJByJ9qQPhhqstmOzMseEUZlcTasiegYg5
+4P9KDW5QbEbnTBuA+ClS8dxU+XHp6KfDrAd2XQFT9CF7V/6VXhxYFSaFvwARAQAB
+tBxNaWNrZSBOb3JkaW4gPGthbm9Ac3VuZXQuc2U+iQJUBBMBCgA+AhsDBQsJCAcD
+BRUKCQgLBRYCAwEAAh4BAheAFiEEIpL7dwHsMfazpY3ODaCnpXCP4lcFAmY7fRUF
+CQk2fc0ACgkQDaCnpXCP4ldfTQ/+MnbkICnnGvEyTqv3Z6UN0InVhKxnGh0y6/q/
+10RR0bN6gmn79CV1BMbuIIpwTBMe47oQiVuvF+Qypf1AJoc5HSqF1V+yeDN+a0yf
+cj3CXTQ1Hr/zCBhUCy2jZQLYyL2oL961XPnXsrMV7gkjupAXPzG7u9CrTX5gfi5w
+RzmMGLJfYtN0h9DU8ShyUk1YFJKHlLCZZBgjwT6ikX69Kndl+PDTlW53hhsgwoAL
+vIJKH0dKL+LVh/AYY2hmkwwvbH8tocFAQnPEXS4v9loug4wRfVikwtro3/xlIHyG
+1oMzgB1cPJBoO/wIpe0WIypcQnqZSCnm9n/QZhRtHhZC1UNvb1RlfqJaL3ygXsM6
+L9BTyS23/lKBRApHuqkr8VfP0oi28Vygmg61Xokwh1oFMfd/2Vn2MJtRnPLVtimg
+JLEIfuuhz5rvXjIE+2oJCDHK7aoHPukdhTdmxjYPhbXHHm1hqm5vgbVUNHTsIKWi
+P94FDgFet8yxjGnnlvb3sfbOFRtaoEIiBaokBIVgX5ktjyBILplaWVEXUR4rOjpK
+DM0p3RICJFrkdVxxD9oG5OxQ6dGjxBpce4293VqBmNJILPyXPI1IZyA6gs42suu9
+cfqW90iOemO+rJ5y6kHrPTcYoxZuyBJHuqBSfvUO3pSM0JGonvrWOoPfN/tCl9JY
+vGsyQxOJAjMEEAEIAB0WIQST2nAGwucEPowz7RumwVJzjQPH0QUCYMxZ+QAKCRCm
+wVJzjQPH0Z0OD/0Z0aWXOwISYaws9RFbCdRvEADZKEnYZ+rgv30VLvrmcvk8VNrR
+4m2bLmnKzMEJrXu9jegbhRNwq6kgFyb/j1P62RnriWaSXytVgLTIO6fh/qNkj0S5
+Z2tB0+/Ndml7qpFM1iXNiF0g57q2LAHUyasLiOH0Kj9Q+og/EfMYtjRI027S4DCd
+ZgFKbautW+TyxnmuZkHpRMNg8RJYkp4S0GsjmPOR17C6B+Btwp2hhuhg6QRqk8+b
+REp+lvKGc+2AoHeaoe+/2qnDUFeNZQHCW4MADXi82EQgz874sXV8vAJzn2372Kaf
+uTcr65/qUX0aDmT0LUEFAO2TQm0ho/ysVd0SpJ4jyof8WSw5gSUdgFUI2KnGZUYj
+UzhZ6A5VjOKqRanamQ/Ja7ms+d+86KT0INX5QFz0F62CencEkPOoGDTsUAWrLLBR
+jOo1FxhXIrCtWjdY98TnGrQ0f7CgyncLJ6ST5Gt9zz2+GTfmRhwa88civD+5Kb1W
+jGnzjTP+CGqC1s7RRjsU9iLNAOsEzpGwL7vtRwVcWLSqBlVtK3j4BcUalsErvJAx
+T0S99EomPwJGKSWSbHw6SOYz7lxihxNJFdJrnLtH3+LZEL8XfJN275pN8INF3wJU
+AUB0CO18I94Ep0wXjkyqxNjf0PiCe8yrRyeafPZDufVD8TlV40Y9qiZQYLkCDQRg
+x2ZIARAA762zqX4J1+rk/JGDYH6guh3UMM4M8e6X0WHYxo/9V2dNW/N1fyk1GQR3
+PcrPmUALsrBb3bQvW76orZmSnoP2rt5b6uR+y14/WrG2r98Pa9dYnKDO9YeozcTh
+ZRj/1gcRwVHAhNLIwE5B5c5h65c4wR5/ZUrhYp7X4/ugC7m8CL17df/2sK+m33Ey
+IuyGzVkNMn9lxWH2V6k1As6HsPA028XsINpOXAPqGDGqAAWkU9bVx0GYCtF6BUpK
+E+0N/OG7MzfOvBxmrSP6NyoWx4XMKzRwqb57QnPnCbMVifi82o+n6G/00GlqDAJ9
+cHL/d+XA4XPmpL5bDYPPOdD+oU2xVNBgdcs6+wYs1vm3QdsPDNB+KRMCWbMJLxJZ
+CTtkDadqYjhTOd6fLQTpAshaA9RjSKvEZqnwr63lNDYcX03trAoD060N8HQxyVMG
+qx/YEcHJili3iIkiZwdCrQ9NISrEuAtIQzDnirTuxPx0Cjl7gL4yY3mEvJkQ2tWW
+3hm3vPe4AeUar+ai6t+RqLGoehu24ImYhrJjhOb3YYH2ZkgzS7bF9i5+xmbqFxfT
+W/dznKUBaFFvisA4JG52pT8VnYWyBo2Q6GjaL5m/azTN3CZtp5VAwUuQyRLasL8h
+io0e6x7G9rcrxpB2mEg/s/PVcCmGD1iTTrfgGIUz5hTxdCDivsEAEQEAAYkCPAQY
+AQoAJgIbDBYhBCKS+3cB7DH2s6WNzg2gp6Vwj+JXBQJmO31MBQkJNn4EAAoJEA2g
+p6Vwj+JX7OoP/2FoNVz+KT/QcGFm6xF6TKFMeVxuaBqilsa94xQSKZ55BaepBL00
+pEXM+38eIU2ogNhLE8m8T2BtarFphzhALkGEI/XVtqfqzatMt1TLlTTkWwmRO9lF
+2zkq9e2TCLebgOuZfNEK9bpIc+/+dRsUcaicf4e6xAEzP8IFeTxuzD1FussMNC4f
+c9RrZxA9BGisrXyNAezuiAtgHg6j3AKQhTG95NUacZIJyWcaOMGMBs2HcZ/ranpF
+xnfpTqUlEuY6jk97k71beORy3mvH9U2MmadaoOjuSeXRBe1IgNTkCa8AR+rkmW7d
+utkgTNe5SYjuxptz/Pqzi2i0MpJev6p3AT+x5dCET5TLVy1vJe06y/eSgmYvpGw9
+ITDdgHhT3OL8V3k08L7gXZXAyAAchSYgipAOL0qxosYyyxq4TGDu/3wzhRf6nZ64
+Hu1tXv3iSniqx5HAq0WCl4e4YPjOD7yZvCrauctgBf2Sus/lUwoCDaIlWJjw0BN/
+TkKhPsuD267ORioHpONCfjhxxjZYDsmShATIohq2nqEl8+/a+Rtsv5QisfPhr3js
+RSdSOSgOGZgDR0VSaX/NZUcolIOhq+db3IoDhwkM9YxGFX7TGLiASNJ1mYE8O3nZ
+YS+AOdohIL0NQ0OLgnWco0/TC4ziNxF0b9pb8+xlwImoRMrFQVkNu6UjuQINBGDH
+ZnkBEAC5Llc/yl585Uj1CcJPcImWKFRkLOL1OhHhIHcVgj90eqoYz0vtmaw+MzlA
+j7DgwdtXb1WRAjjoulLZhEkHQ6iL9VePMJFqxN+YKvl+YZnJuOIAoH0CvS8Ej0Tz
+ZV2wuhchrWo5YrhVqi9PfFEt5xSHq/B0EFl797R6bFF75g0OE0EdJxtd1UmKQLJx
+tn/6gZoa7Z4ZuZqm8lL8cpBdm4qWFUGaz8CpCVwuGK9mdoszU/74tWkEcKnYD2DE
+IC0B/lZ9BeluRgw3Qf1Grf8G9D44OjbB+QkuiO34ru2hVKjTrfCnDEq+pfPzoNXV
+VUIlAxvoOqjCAnKZv080cJq3fYwjMkMTfU4JaH9y+Byidft1wcgV0T2aayUBMEuF
+6FbblUhLfhi5C04IfnCWYarquNfLkGy1LnVcejDG17o77Vz8oLlJ8kThMPdOt8hb
+OZjrdO7y9+Olk0QPYme8AW0sQTthM4+5mlQ3bHIX40QRoA6xm4+gPISqZQhdEmHR
+9iialCsx4KV2qpBkeNsvnBuC54Ltwmr5/nNSpKkfPJ8t7wKe42DPhxvg1Tb+GV6Y
+IhDYJaHzbT1OVLO9X9YsjKGxtF6kxo46+0rOx3FDfYfG77qKKc3XmDaJLUcwVHO+
+PlBAWnfvMuWzSLWFduOHvm9gb49jsxw4rAB8iYLO8YHv4eqkhwARAQABiQI8BBgB
+CgAmAhsgFiEEIpL7dwHsMfazpY3ODaCnpXCP4lcFAmY7fU0FCQk2fdMACgkQDaCn
+pXCP4ldKOg/8CkqL/5C+hDeMVxPzFwlMuRoSuixS9odZjyQ/2R9Q63TVe570Ilv4
+GNdkylzNy6qLGKw1U7Qr2pYgunB84Ii7VZ5zjh9SY/MB8/vS9AYseAEzl2QoU23k
+00t6E+VQckbrz3BCKOv3vmLmb4L0PbADPYcYqj4hnXSwwXli5odn+f/AogEZmMrl
+UAA9iM5cBrgqEzjHjpKUXbsY4ms+evO86Ei5h1soWKuRGcc5JIkH9mswA3UxRPFL
+VVUgxfBUCjrAksKO5ke0lGVYRmOEzCrxWsQUH6fqE8rip6BdCCuB1CXHtyYu9q8a
+d26da6N97V/cfGCz6e6Yl/JMIU1NXr3N6mUnXNO4hUZVXX6Knz+NTdnP/phAZPCc
+AUUk0RrHvKIfYpEV66/MpTinc4rWHrS/5UJMwoFAafe8SemyHxqzK8b1Wz/IEN/E
+RmddBqeNK4Uzs7guea8aL53IBL3Z8Ja4quhhulOaCd6rdARWSZSY9wwEXoZEDjac
+IKKIHl5Po7shmWCnyIaTCqMPiJ9a1odvH89QEpJPgRsFxUw1TnQQHBm5extA8wcj
++mr/oi+rYGQlC1jZC9Up76ThE93BFcipFwanZx2lHC7j8gHj13aCYwqhiRO2nJsm
+7vv1agpa5q0Zod4KgxR+oevGelHfzuY9BHnErkvwWhq9aq4hkXiqWqA=
+=GNcK
+-----END PGP PUBLIC KEY BLOCK-----

global/overlay/etc/cosmos/keys/kano-D1BCFE917E2DA66AFA6C66AC4A10941FAD116B7E.pub

@@ -0,0 +1,75 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGbEcoMBEADWxmNylPT3szJWqDZtuA2rIHS1rTzLQBPT9UZ/XocKyttI7Z7k
+2Rmj51h+/zJjBi8Qjc7PtFf6lNCXY2wdsWg9JJ6NS9/PGn1i6PCjwTwbMcEqvyNd
+GRx6JRkPxXH2zt3/A/e3WaT5Cr5q9DYXPkWqitTtwQVaZaiTupOSkfNVGxHYKYi9
+KYLuKAWYP2nF8xF10JNMbzlKtaTE+MBJIhyDdOi6ltX8eLM6DVS3yBLZ/YZX3AQP
+yFyXR3PoQXA+RpFQWzYP/fCeIR1pcK+jcWm9yZKkZMHtQBJxsKiEqainQ+miEyzQ
+gvZuPQ4yT7BN6vHGhycW5NVDiqXW2gVKZPoTA8k8nZotuHa6pwPUQdlwx10uxShK
+I9HdJV21yTI6Bqc4YRFSy50dWQXK/upwO9fbEoxvc4oTxkVt6ELon7lU9FxsB1Se
+JOvuOJohLbeUIXKZGrUeJZFNDxwMtezW0beHqufDs/sXWmjx0q/eaFES5YOfnDTr
+WXnbwNTbFDH2L0SMByh/4H9cYOrnCmQezv3HuSBFdTFtTTDN4C6ZHWoXXKt4wXWm
+6L+oZuF07r3+F1+APy/v4WteSBTtofs/1WoCjXky3IgDWitf4Mmux/OnGTWSwDUE
+fEwMjiWtz0u5r76hWdeVXm51h6OHmmnByolKLS9prKomlfKsiSHD5z7gFwARAQAB
+tBxNaWNrZSBOb3JkaW4gPGthbm9Ac3VuZXQuc2U+iQJUBBMBCgA+FiEE0bz+kX4t
+pmr6bGasShCUH60Ra34FAmbEcoMCGwMFCQeEzgAFCwkIBwMFFQoJCAsFFgIDAQAC
+HgECF4AACgkQShCUH60Ra36X0BAAuJE3OeBwPjsi6Q+ld56FJ5k38+1Zr3vANUB0
+fh2Z04/D1SQOk1f/3VQs8IeEUxgwpXBI1aid81dJIph0l2TfXb1CS96BMhjAbjXK
+p44SqYFUOXXu5Xe1GemxXfpqAXEOH6mJvECjUDzeUH3hyA87JRuPlvMDoJZhHktG
+u4iqegATFCGz3OGwvtSIgDG/V6FeR67SDPZBEnhf5zhYUmV+h9UbGouc3MVH/O1x
+RA7onqT96wxkvDJSk4g+tDTGnBRbYzsFnm6qPfqXg+4LFg/5EvtzajLx9mPvQ93r
+JAAKofcg6bVV6gc4DtlJKkPw7urh8XkOR8yAz0ST7QeukTrkfFIUQ0nv6kbBGEEu
+EwZ9K+YFy5hz0qO7KfM1K53flYTWdLTGmDoImDMsuXotHXCSm4mlBJ/YTN07vhvV
+zJcWZkzlgYYw+MKYEzwVpPokXpvpNJ8/WoBBRzLUIzHVOvLb6HqwX5tSFjavMYTJ
+nlOWPqLuLX1BlYNk2TIkr+bc6mJuCIf1VXQ4Xp9TdliqwFCEJDTpyBX9wHDo03MS
+jT2Tbjlwj5K+mWwmuM75dFv9IX8AE0Gc+/vGvumxJrTp34uVZ5QMXgDnZaxpnCBH
+JJx15r1zVut2ZgL3pcQLBY+1Frh5RbuHce1ALRUtqJw4A6btsd/Nps1KUqnsulsw
+nOayGCy5Ag0EZsRygwEQAKwYDSDtO6NQ5vdS0EBUnt0zjr6U9o4nlKMekiQ3lL8O
+44AqF0qKAhEMO/sVNZc2M1Y/Rz00mgrOHyX2ydVGAl+lujh9jBV94Gc/hpyv/AFE
+2xYFE69wusKX6LuWKYhlYhim5WWd91vd4n3/fHK2b0is2P9SItic8aZ31l5oCxT7
+ff5bIvxXSqLleAV4uhsJ/TLnHWEzwRdZmJF5JLZw3gxluQNeeTv3e+oXfy3Mw1Xg
+sAPzNSuVOkI3W6VoIxRTfyWLm5fJI29ihlmvIpKsBm9QbqNVcrDNkoemKO4Mulcv
+gtMyFq/GdWwT3wSiUBra8E/XGqrWgt44l0cBFxLm8Z/Rxi5EqivwWPwPyCc+RYyo
+cBCu5TCh96+iM4VD7fkY+re8Vs01WlGg0WhyLNWThSPHw8KShKWaHUnTnvFfkI2m
+53Nv25YMTasmhx37lkT3/Vxwld/jQVHm83CKv64nO7SHDm05N6Nf3w35K6zZOA9G
+thy/oVbpfyniwy79n/5f4A3UVKxDaJho7b03cojWx82qsh7jILjRLq8NUoIFif92
+Q0pULq2/pEQ2ddtNrNr9pXWh+H5llsHvpaeaOWlOyzYO3sqvxqG9EIprrPNBmido
+0eLtJzTKAeGmP6Thvb/1RxwNgDYM+SjUHefgkOdZ+lvbZNY9XJc4K4qfZXydTAQd
+ABEBAAGJAjwEGAEKACYWIQTRvP6Rfi2mavpsZqxKEJQfrRFrfgUCZsRygwIbDAUJ
+B4TOAAAKCRBKEJQfrRFrfnhFD/96Lu2AAlN5k3OauwbL+rF5OcZ+veg/Tx3dWZoZ
+yLQ1PG5id+rIzQplsgzjzrz9xUsOsJFqMw8ehPEKZ6PSPvDPgYxYuwoxbo7JtnU4
+DuLtnRZWxacM8jpt7aw5kd+yE785ZzdBSWAn5+yLhHiQnLTLr3hS4x2AxedxUfQl
+vDixMX09hHJeD3tBQIEFa8Jyn2lW2l6zRCT3dKOke7dB+bmMT3uGVPYhkE8E44JP
+y9iVaJTfOHcGKAbD9nQ46X0zbfweufp1X/8LmqeqYQ+EZYOy85l/oq3EF8Gvelsi
+k5jDutPO2arByDIh0dBqzCRWFhr8+doc2ZlSdLEfVZkBKn0yutHy/1rH6rKCmemr
+IvfS8/RQndQKXeoniqx6wc3hhxIP9AAwGGWInPNjBXcYVI5ItHTu3MenbKb5mhFJ
+gDHpl7rDFvWofDAMfPe840S2EKCby3bzK8fZ7dgJpZTzr1nPUiiOKdHS3+W+p9/C
+pELgqFkLWrJF2q9MqcmrESYLV51O7hBv8YnKAYswEdBkwHBfBAoPUdDE0ugTocr7
+De5LwPtTLQxpZVZ34Tc6cXn6jXz7zVINDwuiGuaCQzELusExO37nEZc5QGCFP3VU
+oJ4zS7+sqJwEiqb3SpTaE6A2jaMYjBSlJWWxOCV/46Yu5DzxuhPzU2iK7GmGvnE3
+cwV+ibkCDQRmxHLPARAArPy3ci1d/jeB/HqqTxUTwuQiUewHqwAs63GYRe2vLiOI
+LyYqfR7JZU9FrjQNCoYhsy21BLTvQFQIiof3Hyyh3aWWOux9nETk6gQbyNwW78rm
+Tv3uTFCfXv2qVjyuOl0lC2cIdf8YfIJQZno0O5Y6b/3pgFiApNGcmXnQHFTg7WKe
+kbPDNrpDOn6xz0E8/UObJLYG6TFYfHBUQ5kQBPFqD8X5y0/wSjxABZ64dKXqMkFE
+4SAB0v/7zscsqGlw4GvsdGbIVA7grREKb61W6dyi8EuE5uqo1at5bMiXOQqHV9/v
+Lb4A+K9y+FAMSEr2YfpJ27hRh3KWOezPQdFxb79EtrwvPidLhBk2sCx4f+1jSH98
+2WToBv5OLPaGZd3stplN22/ASx3DW1PFeKXrleVltGAFoyiE+1d/S1mw7e8D6v00
+NtbNLCzF0Xx+P10uX6MgayLpsYOeo+KTky0MgG18jjjZ5g1s3tBaSjQPt6na5VS+
+eBI0IeRHCi6GpVCNlBNY1E9q/95ZqN3mxdpz4LXw/S9PARB8bYtI2EYLJFoAnHKN
+CcIYw2+qQkRhayOQ7dSAXot8KQK34X/6fY3WTlD7YqlGsN7PZd+aYZ+8gBIiUIS/
+W13Xv9crJzSG8qMP6wGG0AQtpLcBDVKIfy94Om9LyUXXULdXuroP9bHY7KSuCrMA
+EQEAAYkCPAQYAQoAJhYhBNG8/pF+LaZq+mxmrEoQlB+tEWt+BQJmxHLPAhsgBQkH
+hM4AAAoJEEoQlB+tEWt+SXgQAJ/lAYoe4MTIWGlil23VTD5LfkZ1Bcg3iwtibHLI
+Vkn3uzJzet1z55rb74nY3gBGsdvubJFnF9uZfz0RsQEJ+mEEi81KAAD8eEUtApXF
+9koQWMtN11Z15PhOo+jNy83uHvlk8AYoIHLZkXLDvDBTVElPAUxKTrDkf6EVzWDv
+giK8uKd4vA/dGlW4Pd/BT07KV0xhG5+GSqGCusbpUFDeyQt8B6wWHKTiAMoYWsFE
+J4jEVHgeuZC8hFbYggBUccUGqFyvxeoDNSzz37TwlFtDT2iHWbzIaEp1eizRC1Wr
+O2tc6IZFd6GFhlVBeEY0ia/lxEQ89BRC0wx7/awbgPtlMbA3JxUlpWviuv6RP1Qs
+oHqvNceNz5ljJqPvZ1okhFi/3etAGDaxZ09w8y029LScbyU2/34wqjZdjj0Yxw8f
+viR1fGB9oe32LWpfuIzCkcopZ5NpQwBKz5Vjiz/fKt/GF4Ejqsl6EMiNA7fTSN79
+Q8E53aFulG4Ea6HA7tZs28PTuTLbAj9utH70VTXv4xoDYJAuNi0ThhDHM3H30jJ2
+cKNNWopWuywuVuHIsz8FapEOXrvuqH7FkEmjGT219XhvdzlDHpEdNRQR/2iZbsxD
+vG33TBM8K/6tTdnEKiuOPhVUp7YGS0RB4uqLmsfTxYkoNEXKMdkmxb0Mr+sVh7+n
+JZmp
+=YQ5u
+-----END PGP PUBLIC KEY BLOCK-----

global/overlay/etc/cosmos/keys/maria-99E356F7CE61E39AE583654C6EF520A1829E8B1D.pub

@@ -0,0 +1,75 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGcexKIBEACuyRrie/zbg3spMb7ZLDXScYjuZ64CH4tOh1a99IR2ZYDoHzE0
+TTZLEG4EZps15d1r2Xg7sxbb76zdyIc/OuARfQXU0rjfw8BRAEj9TKbSVh6dyodK
+dNTorH6IeGuvrXk0w5TuDk8142XOkr+XppHQYjpVx5PK54ykhELJC0Xjs7OonEZ0
+/pxHouAK6Zrc+vATP4jedqxolILjfDgv0DDM9/6bNzlM3U96l82nFfTP96hWhvTl
+Hdpd3FwxLhjVtz2cLbGwjjxQkFbhwkF6eUnMhKPalcktP0frnZp587XCMKqmDZIb
+B+ZSLpR8D4IUo1v+wl7mVwQfdB9XPAiRhvzsQ0xZjExl0sK25EFChPkfUVFI69/D
+wZ/7ES6E7PUYvu15jTXPD2uT2zA3ssi7i5eova280C5MDKA/TGN4rdcdwoKFrHb4
+yy6eAgDG7gfl2TGDLxPmT5dRsVCn18XCH1KVtnN4H5i1xU650NLKSdPgPpXtEAgr
+Bn9qr+3HacpP9ZpE0DuCzDEOPyBV6HzK8+nYreCCn24zVWzVNgY1cU7Na7np7QOs
+dg0wZJXCma5IkeobOb33QOJZagAXFQViJcbgb+AKYSCr9hi5u6UBaMbecExBW18E
+CkYAO2Af57yeZb9nCrf8afWiw4iNn/f4L2l7DwVuviTzin+5I0Nkj7QT5wARAQAB
+tB5NYXJpYSBIYWlkZXIgPG1hcmlhaEBzdW5ldC5zZT6JAlQEEwEKAD4WIQSZ41b3
+zmHjmuWDZUxu9SChgp6LHQUCZx7EogIbAwUJA8JnAAULCQgHAwUVCgkICwUWAgMB
+AAIeBQIXgAAKCRBu9SChgp6LHW9xEACSLFaMEklw5TgfsS6kCeb3IW8kpszd1JCX
+yrOaeyvQaZova7LUxSgBP1aIi57fjqkdZj5JhVauVRe8p70x/fGMIDq4QxV5B4NC
+b+sGcLKVEi/jRw0esKzbgnMCivbD+Y7o43t16VsPOmxHp5qs8V3hJdPnks73MF5H
+AgBqGr38ygY7uThztRNso7HYswDSnoe1yu66SlPneaVeIqrmSYEcQ83eJXW2E4hM
+veMSuwuF5ct2Gj2WMAaRGss9WSYpQtnH5qDD1pwXRHphIeBPfiNxvyOJsowMg8Rg
+rWIChZ20C11jhhFvyCMe8r/cBLiZPELt+Kea2VtBM1CvS936BO/6vQxBgEt5LS1p
+9kWmTlHdsIJVz3Ql+66FALBlR1WA5AmW1pusdZpyqQDtQO/IA3YK2qM+kI04mcul
+8o8fnXSAo2Gi8/7ibkHLOwh4mWjyIiZAq3DJzxQ19AcFNm3TBBnbfaYx6PUsgt6a
+SI9ATIRgtyWd1lHZYYWMjft9k3ujr8ojyY7TV8w+VpkO2X/8Ew6X2lhbmZC2soNw
+Nsj22/gzDCyOnn+EQwIwvY95s7xJ7WjQuXOBwOyKyeUOJVbA1EKiZhWZS2yBtv8b
+0wPHdoNhOyK0pOiN5ygx9swDoiW3eXLmnlP2+ZkL4aDCDWGpAbLYFXkpae9huPV8
+0adC/BagsrkCDQRnHsSiARAAxm7Y79Ih76rD2eQeF9TLN+bzDMZSJMQ+wrE/0LP2
+3eSqtARNOvJ84A4AsUVvvmR4Sn0ne+qlr/u4dEuMmzRSoZebcDndpRntUDbo0ws0
+bSEHNGpTS1lMP5ChctzKLEsELS8saFQmjPtEP7c2VPhygfnFoYkwkjhq7Dtxo894
+1H3uttwGFFIDvyKdNr35u1W7g1qOdZQo4cVAfabPpoD0Dwe0pIbQPrNseJIqQKYn
+NiAA4/cbya6mykBqoM3Zl02GziB9GJI6+JuPprV2m20915IMGmtGKZejg0HmIrP9
+kj6dsuv9SIIPU+HrqxJ6eBLXmHxR2jBaOGIj6n4uzQkq6pU1YFD1tvm9aYxPAQ+Z
+LYXGQ7BSRd2lPpgY+BeumgqmzLDtj9e2oLNGGTuJJIKEqhB6hWcW61s0W6wrSVo8
+9ZPjUibl8qWjDPaTJ2szAsB7cv4AZLp4FvmSS7F3JX6Rv50XPBr3ZAOiU+7nXvVT
+Bt2L5393OptvtvJzvcfEkfuPa0vpUeYhAiThY51oAKhSMKZdQGIcT/oDMTrfrdNp
+azF6nyaSHZgJAVQRWOXlLGrLz2xTEEssPwHclKt/otJx/+C1hMkyTLsNnZT1Yrgv
+K55E0gV0o+T3GcNg6ZeRklcho6qm7fFGFAolc8CZe2pCzaYoPMDugOPdq2ea1JfZ
+vnEAEQEAAYkCPAQYAQoAJhYhBJnjVvfOYeOa5YNlTG71IKGCnosdBQJnHsSiAhsM
+BQkDwmcAAAoJEG71IKGCnosdlTIQAJSPLashc8dbhuY4ycEcMFr0xLjEEea7X4Z9
+pS9PZpE9F7aZ0L/ryDZKOx6SRXCAcTlrvLUV8OiUaVLmRfi1QR79gdeuTDsQK+pz
+X5uJHsoYpalBl3fsFkIX6xC9eNNl2xtGN2/hLxWgckKQNVkwESy9U3f+jcSXTSai
+pjopSv2Oh40VdYDreXiGtqVYH+EYNGKc2gPZEB3lcWXRs4a3skpyB+JobbGtP8JV
+5Yh584tLbiBDZaiZ6jgU+ayhwiAGQVhlLIzfh9oE3WNCMf0rmrxchIpGdRVO10ui
+nytzqLnjIWx+qwj9sjbZWOoCqSf/kxpu9p/k1msdG+PIjG+m5wDIbiirXlqFhzbc
+jt6CU7STdPAnOBuf6qSmxBOO0ZCDDIWZLzhqh42cMGBKysHwc0TaWeIwUJRiYwDL
+J27J4Z98nB2wbpuKxbElJ2/qQLqrRQEJ9lCEg8wmEl36dG3Jj0MSAZFIFpdYfdJU
+08JvnEOUO6U3MJTpAWefkoidcgyAVciUZh+VtrY3s1ijGBTy3dNTF7efA3wfxNyr
+9tnAbhlTPptRYNbt1Gtvt81d6ttDxsKxdhi3lFqtzRkFMQbxOWqqJxVWeu/cdUvj
+57J2qKUzD9CF/M4UUNh/1tqFlI3v4frJS/MZWYCGqtLpl0Elm8SHBcLZNp8eEOEV
+d3afhqnnuQINBGcex2gBEADO1dyeh5/UombbBIh3HFEUnzZiOxJP5Z1yyXDP9ELq
+CyyWxkY1qp7Q7nWCj6W4/KDcYDz5u8WGxFvPQLMim/KBD1gUXEjTKhnjZzH923kc
+ebrjncpv8ppAAP0RRRU6eJrVf8SBqTvIO4NpKsnvZinIosiSktoo791wVRRJn7D6
+oKkXuZZgRzx5q15nCSke8Jk1s0ok0VhJNVw9hRjmh9br3LDUPcd76/ccU5BswiTQ
+Kt8quUa7z79r/YRXJ6f/fxD1Ku5oeJqK90Uedp1liTk6JunLJifn7+Q6nS3sKBBM
+aYgkHHbdPBc8SIjb2xYJKA8OgZYQDsfF19qLdl1LI58XaAY+fRA6ht/932D04e9u
+NClock0jw8SbOCaGOsLSCVRWmuy11lXDJI9DST2SlgVfVyVC3TNOgbxIdHE3nAWR
+EuL6h58LQST/k/gzn6x3NphNEaEMYWiSt71oNiuIRNY/zWQdqQ2mdBcOXSUrW99a
+2G3rhdMeXyK+J4NZGsxR2s7OM094G/RGSTBbIAcjyliZlFE+hpch3PqguYR0bOQ8
+oJayHNr2GJ0abmwQ0AhlUghtpPyB8EmU5Idw7pEYPlqmUikUUdeLYDl35JCUC76f
+pEhGu37rv2gUL+jXZqHHf+R1Wm7I+lKslJkMWsnxUyRz1exBswCG46qOwkxsIHxu
+XQARAQABiQI8BBgBCgAmFiEEmeNW985h45rlg2VMbvUgoYKeix0FAmcex2gCGyAF
+CQPCZwAACgkQbvUgoYKeix2XyRAAm3t2QQLRrlCw0kK4MUzuPDbmE6RQfw/3FDCb
+ouT5BG7nkukkN+rVEnsFxo2NCuenJq0Uh1FrYJFuq9rsMcAw4ebh1a/Be6q8Kjz+
+l7Ti0SncPeMY3kdjlyK9TXKo75rDi30Rdt2MXhqAMeCimHwI9GCTW27dMQxaRZCh
+wFX+bzALgfm0ZXmrcx0DlSwhHeog3eqcMj61e+kzW18/4X9vbfdapIjQN+DKE6Pc
+xyWP8Duv3UcBAIljtMIXmY9o7HsY36U5uCIrXiud0YdPneQ7zrqJ+MHI4XLFn2ke
+il+F3hsQOipb9tOsPGoRWD0xXNahk84POBiuN6ov2/JZCDMPLV/nGrkasv8JjnQs
+TzzcTNre9xAzxHzCEm4GYP2i1OX4f0/gm8Og1TTYInb92MWc3DllRFQ//uQQjUA2
+26NYRhFK7/0EGic03IJBYKbwlojlVw3I/tVSAgoaLQpFE7iERtgUTa42SbmjSPqd
+DOTmBW6kDMQVFs8m0b+8UbHX+yhDltnxUX3s0+mdNH90pMhhciE6Bk0X2TJdUyxZ
++1DyuWUgFjX7TUgtkEKCLbAMyM2h93SL7QMFQzLoNEiGhf49f2U9CulrJnimz1gC
+ID1ErIdJAOqWG0siMOxjtQG5EVydLvdSmtMY0TfzYWlG5UAaY4j690YSynbzIug/
+QRsMZqQ=
+=3Uyk
+-----END PGP PUBLIC KEY BLOCK-----

global/overlay/etc/cosmos/keys/maria-F1CF760066837B824B5D60077414A760CA747E57.pub

@@ -0,0 +1,105 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBFYFJjUBCADEsu09ayc4rKGFBrheedf7ycTg30Ra3xCPsAYRCZeBXGuGT3RD
+WOjpd9vpxJULoGYKntpLuFRHjFmao4xi9DbYqZjf75NM1OaPoEeI2nEfKk8Nhyqf
+xxcvMKqrBehEkpErv70IRaybfDc/q+/UkAdPVTiP8MPYaH4jUCVIOH0dGXuyCTvP
+LwlcXnAdUkvG8WJKIBrLmsMaquFA6wZe6quAOyQA3xTi8p2LOamjg85Sn9i0wlcM
+9U3h/r8vbsrK2h6CD9WcrKgVqowGZdqBlRu8QtAIPbeLHm8Rxt3JDkkAvsB+863I
+ymeCX0eaWv4tGzz7i1GTTC2peCFTs2iSJJdhABEBAAG0H01hcmlhIEhhaWRlciA8
+bWFyaWFoQG5vcmR1Lm5ldD6JAVQEEwEKAD4CGwMFCwkIBwMFFQoJCAsFFgIDAQAC
+HgECF4AWIQTxz3YAZoN7gktdYAd0FKdgynR+VwUCZSO/YgUJEwpAOAAKCRB0FKdg
+ynR+V33RB/4vAjVfOX3v23pAAuCqzJZLhYWIwL+jEcv8K1YX6SebJwF/XE/ZGZZU
+l92zou33G2b1iU8PyNTTqBpxdKDWtISZckqWwg4ZMGs6EyoNztHB4Iuq1pkILA/1
+OfB1SXRrYg2atdJw37qPPPdAY1GLnAXpulxHcoP7yDdoPVwjYGr7qUYv3n1PPfoS
+zXO7oQIJYRlnMudDu1fUAG2fC4r4DRSKQi0uF5uTWFUEQuUn6zJI7Fa16dp1k3qD
+jBGVPAdrt9Pje+7mPuWr5BmGvj5d/3o5HeW3xO384ovptTjV7vvvFEgq6pNwo7/2
+kjrwL6zUp2glExHDvdf9kQXjcY2j+p65iQEcBBMBCgAGBQJXKIcBAAoJEPxjiDIB
+AtoOI70H/3hPK+KyEF9MYDvMjgWQFjf+x471S0VIbkZ/4/y4AN8prYdxsdulitSK
+bnED/JSMPrjVnMogO1CgYQb15OezW34wC9C1s6FRSWfdIrU7ukqSxEqHpPRsvRVD
+BVHXvQeue3fOpY5IXPgbcJ+M3KD+36hMwqvML5/3JuVOwMjLWuVysEnqlGZ3UPqk
+MKu8hM7hEsSvrmYwPjgn/imLI8T2eHYKe9nnc7t4Bwj4vlAKhrP20tkLl1tcraPU
+kzm1E/qKS1sZ+tAgjDW/MSqi9Mjn3YPHY74aFt9yXbXARwpC3bZ0UPSX+Y3KvJ1g
+v75royuplOf1FvzymmH4GnTsZedj7jeJAhwEEAEIAAYFAlayH1cACgkQgHpf1LMz
+e3eUZBAAydPhI0aHoNKzBaOj/5RD88UCHuAyBNaMJEA9TgUaTpR5OLw+Xx0oR7Uc
+HWtRh3ObQpLh/TXLNDoailMv96LXMAMy9f5nVHgAC1uIFaSC6XIowEWpHzXi8rMu
+BXhZe6OuGPRoLQBEjAywVCoUGnfdGwJa++qgVt5OG1K980e1274ATWPG9ateli2k
+frLAm+eLiRD+/ruD8UhqbG9cah7r+L0rAbnTVZoPOrA+NRKcB363xy7RZIN2QPo+
+9ZhFIdsO3QjItDG4urVLeQUhr1tEoSYVL5m5VltxzA4l2Lnmtfd/0tvqk41aQrKh
+8xLenJYUHmLzf4dam2Cu6UOrEh+evxQPWzNqlvj5Af1ajFBLsHRKCAkHypvRu2AF
+nL4vlN9mlaS58hVQEo67xgVNjgWxGOkDf9FTqp/o2GXKHlvEgfA8P8rXg1MBVTKl
+2aWHk/S7Islw1OHe29uumNLCzGw6eywWb8Oalay5HvKDq1c7ZcK+E0Q9kQe90rOr
+ZGpphzQqKypIaF4xdsF3pAnjNBplAPJ9ofJN7TdF8s6oH24Aui+w5J9PFPvrVYRe
++keF3dLICR2XLT0Zp9KeKrY0CNUVEBStg1XhryppYJ6nIiRRhrtV3aRhl9fiOJZ4
+xrLoi2xCNXDTDey4p0mG8XxefgNVXJibSSzBhFHZfdGUT82i2x6JAT0EEwEKACcC
+GwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AFAln4nrEFCQe133wACgkQdBSnYMp0
+fletsggAnLQ5NmQ1Q0B0rvsmqIGSkQpwEMkZpAOQf5whSJGoLIxP/8VfNgq+7sLm
+WFgAR0py0RqEnMty2xApaJBr25WyOihTg5FPD+R1YeJvvVfDP6z2fCSTv3DqVmuD
+OiJaPHYZZXO1nzaqbLciDRIyP7VuLDu1+WIrLmbfNMvHG0zjXWjiYhD8w2OvTaju
+5/4q8w90hUBTlzk3yE3MBMMRjdQZW3mv9o2gg9A4HcehKqswYsS5lNJXMg5cDIEX
+sTz946+sJUmrakomdrcUEdRNbUHs7LxkMjHgxPUZgy3Fq+K4EZZ7TOikC7M7tz3n
+HyDkS3gHBlW+7X7xy5LLN841P1RNFokBPQQTAQoAJwIbAwULCQgHAwUVCgkICwUW
+AgMBAAIeAQIXgAUCV/t44wUJA9eGLgAKCRB0FKdgynR+V4AiB/9D4mYghJEDOT0y
+lQh1eCdYSoihtvlNtXcP5L44PW0mSoEb7vyMUSbV1oahdzaKuvDBjDEs5rIwSBYg
+rH3pZnornkehSZT+8MAgJO+Zh8VKt5UQM4OVzXDIKqT77H7X0RlcQLGhmSpVLclJ
+CMRsDhn6qtKXTWqsnJnhTpw+3YSFewD5gd5ZFbQYtnguHH4tadmkFm9SZxNbm5P8
+7KBycuyc8F9J7GF25a1ONed+ExABGuWgsgr58i7EOLw2zhmoXq0NRL9hn4qTQpOw
+xCa6irQ4qxdtxEzj6vKKjS8YO2bZWxgThVBuowijwZNbliSJOjhSzn++LFCkTtKz
++UqnPpguiQE8BBMBCAAnBQJWBSY1AhsDBQkB4TOABQsJCAcDBRUKCQgLBRYCAwEA
+Ah4BAheAAAoJEHQUp2DKdH5XhK4H8wdLkTtCuIwYdX/PPLutyBCNLeu5FQeSqkdm
+zbqUtWjsMUekd7ONyMY2UApNsVXyC8nlAL9gVit7nhitoPY412fLmuQPVvt/lKb5
+V9uD9p+Q/41o3KnkTSuIHf8qDOkgC5k4ysLWKGYgtokQfDoB7fVmM85JHLmuStpF
+ROn8CUpT7HJ02IDUZFCcdmnstQ7kHuUgPYBiXDS8CBsfSOQCeyD9WIBV21UKyXIF
+km5AAiQ44liSO8HFe+j+6o9iElvcTAZuZcBrZ3lEKriEieMVyrr+A4K76S/ckoXk
+IvqffIjBs24KxkPuvlkNoNc/qPk+y99+yU22BdqIF/ga6eWsAIkBPQQTAQoAJwIb
+AwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAUCV/39VgUJBbs+IQAKCRB0FKdgynR+
+V2UsB/wLg1w9Q1SAadgSzH3VyOJtbs7Vl953Gt5ck+MZwIxbe0eWzLEBd4Cv7vZU
+Xrg5I4hvfIceMCvpkQOkpsI6Uy44PN3olMpZq1QK5h88jBCcmMOwkKJzdoOPfCyL
+lVxLtd1/EyXWQ6++HGAwj9oxnxYNxnZVC6fcIYuRy2Tlu7d3tiOU352Y7rz/1YAo
+a4xbz11eEy9e/rgcJOqbH+v70o1Ys6QyIBHVyS29NqNRQj9l9dbm8yVf1gRBCOMW
+JTqPlvteg1D4Q73BqMY4afjxvHPnlSKcpVxNvfwrUZI3fMr0x5CfJqW07YpfHRxg
+cryFCCsnf85aUHmgwYxr5v+2F4JPiQIiBBIBCAAMBQJZByF4BYMHhh+AAAoJEI8p
+stHVBanp2CEP/0BOFtGJBvU4LF+JbQp2zibQVI2vqg8dW3PCMmelRbaXJ7Kr69fl
+S9sR1u/O4EN8j0DyRjyrDanefK6I5qUI27zu6kKKat+qqFhQL0W6kQHtOxw4XLYi
+PUPujpn6JcGUpgx0j+VOH1OMKwYy1KNg2rPwhPRWkkdFqRVbf0tF1XJ2pqZcyVpm
+cKRaFKOtMGlNDhceJVMd2DTgqabOVkqkwoVfVflkEEuJ8wkJ15vrvsyqIn8RQ/Do
+0rXjwdLJWnU3M4b/1xQAR5f2FCg+9Kj9g0E6w1U0e8vTYBzRCuxm+DAUpTASk0AE
+uQ3ZMgeK1SZno+vIK6TmdgVEjzrKQjlnajEHm2BHo9Uygap5EI2pyTBxJYlnl/D7
+64TBkaqS3cTlr6tIdJPYdUm9di56DuuPwHcWqGHot4K6VCyEeEgWvOVRI6aOEbdq
+VaudEn+V4ZKg4D5BOdMzl/hjiUZ8iYITvlBlVemASZUPQsUmWAHEYno4KxJA68Gx
+wgIkY3XrFb5fSjz0vHzSEqg2M/VItwURiGJ+M/PSzN1pXA0JuB+iBaJlCatdQXdP
+lCDbZODntl0dYc+JHHUTAK+9NwsHVEyaptxAgv+bkeV4RMZAZzu8MhBz7MhTiURW
+/L8AKHcw43JSL0wfBjEXMNN+W7b7t1+tNijGB4Dr+6uSiAFK6MNwpq43iQFUBBMB
+CgA+AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAFiEE8c92AGaDe4JLXWAHdBSn
+YMp0flcFAl2bF8gFCQt6raMACgkQdBSnYMp0flfsjQgAiQBWZj5BV8SlTvg++E1n
+ZbO/UKi9Q2WfSuLVRyKNsr2j5ZBKzUV1j75Bi2oHMRlt2caUQ/bdQaNywpuN5bai
+Ibt8PgsF7bHyc3ARD/DDml4eA1KcfrZa7CSvQ5962e7GuMVMd39PxLFwn2LzkPlX
+vII8IFNy1BTmpP0Xk+ekVuvomNfk9FCofoO6q8crnX2A2HNfpP8nRNnv6+MaNbsp
+lVW+v9uqMQ0ENS2T3Kz9D+uKw6gUN+DMentfOYoJpqxSqHGhn17miNB0vQp20gUv
+CYAnE7eHyXPrsvAWz+dnNKAcvFAZEo09FGF2PedwUFlF7zXxjrhqez8/lSYyv09t
+zrkBDQRWBSY1AQgAoUzyHOY8kuC6apXSaMpBY8chHfJOqhb5dlS24me4XETz3pur
+K70ysiRAwxtDjEryjtkDbvarZ9unxjthHQAuVGJBUHQZrrbAuMP+OaiwCqH8pC3c
+5FScQFB5xVjFZ4f++SlrOMsgDcd/2O9JfQ4hT8prfZyD+zgHw3knNYO7aWMcOFow
+RQlTNWENRXXLgc+azgUOpkZZK5OnnCWu+p6Jd8tLa7QpHmRDQI6ZgIZcI2AKzRR6
+Dz8vnxm9TlYE+8lzu1SUrhojLpCQV3eAFVt8SqhAOR0/1Z0OLexsY77DCzEBhxdb
+GQdVZu7u1BoTenlqvBZC3UWOmFa4SVggJitBiQARAQABiQE8BBgBCgAmAhsMFiEE
+8c92AGaDe4JLXWAHdBSnYMp0flcFAmUkDh4FCRMKQJYACgkQdBSnYMp0fleEPwf7
+BzghiNX9pCFE2PozCZsnIl8jBpMLmEh7QMaxjijAN0g8sSVaP3BQec6vIlK2vTy2
+X6pTVpOJXvhpqUrAPpFlk4PPg29K5XWQ2uRqMwx6aYkJd1IOK4JCyeaRzORdd28I
+aBjOz/0mE4Ooso6hYoRQ6C6dk/ytaQcXWfjR8WUJ4RBB4jYREN3eEC4muNhSGn32
+kmSDfIaVLJ19wqsVfyEwfx+2z5TK8MC7USyhCsSFsHx6yZAdDSXTWwEGqa5Uwwo5
+jHhYVP3gGamN1tiqImprDo+imQenbaN0jW619ishYiRsHF3MNuf1AAMdCdgKGN4p
+ksHGAPOV6yWHc9QzLUzXE7kBDQRWBSaPAQgAy0Hy97mLKo85CjsZ/Z4Ywx3lnVkO
+UkcHD86u4CDXMCe6JgOXO8CeESg6gT4oSfbadq4DOgyihsbUsozuixYZBjWvOrrm
+9jy0tGq/mkaGz2erDngEqh2zt0tZpr2WVk0N9ABY7WPfI45b3yhCOV7tflCskCai
+vv1AVSpT2luhjEmC6/WeVLuF0v7AT3S/2bUfecwzvTimPDrU7n0IvGct6ZeEN8XD
+rEi2ayohCjGAwiz5ccrRw/BQw2C7IIrj5WxfP7lWGK7fyxxzJA+edsQvhIwO0HXt
+Yw1Ooh06bbZ+4/9xSqMbzPAV1BvkKW6hlBEowJQM/zzDQlGdJFWIfXnl6wARAQAB
+iQE8BBgBCgAmAhsgFiEE8c92AGaDe4JLXWAHdBSnYMp0flcFAmUkDjEFCRMKQEwA
+CgkQdBSnYMp0fleGsQgAo04nPGyqw/tNn9VVMHvvkqKrqE+j8PLDSxLEYOJekEG2
+Vrvlxu5jqa35cDtSMR7zp+6vXzPEwSpjTjXwuO/dAdfr0qi0kETOaWZfex+Mg4ZN
+F5ce+JSMHxYDMvb7ggewrX9wK2Xw5jJaKi7JhxIDoQiPGMEn/oKtQNo4joUBt7+o
+IPv8EbDMxcuhW/OYC6AI5tiVsSR0Kz+zqqi8OYLkPeVQJ50YiQihYT/g2OPjAm1M
+1NUEE9pCPDffLXAfesvL7xRcHZ5v1FYokqdt4iOGIIcpVTz5OJD4ivhOnTgqumZq
+nALjEnVcpjOslstA0HdQroDkMtZ9ZUcbsojDQHMYOg==
+=wtzC
+-----END PGP PUBLIC KEY BLOCK-----

global/overlay/etc/cosmos/keys/mikand-ED49651A84703FC3E7D03FBE184EEE05D37D72DF.pub

@@ -0,0 +1,106 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+xsFNBGeiCYoBEADxTcZBn7MNHpzSZcFBCOufmyrMQTMwKAG+2b1zXp74Z+zb1e10
+BNCi2TFipNK6502K0AUVRlYQlrgLEoKE4/yzd8qNGI6HEyP6vmhrDQqUZXxnt/ZT
+cEuU1Cv19yZldXv6u9bI2plrgaLb7RGUb74+SOuYBJuNuS5ohJS8KF8usOSkvw5F
+sqkeH3rKeT387v58GzyHP7upfe6T/byIUDpmmhLkwyJ1Pt/uEABcfiq3/m+idwLh
+2xM6WnH2eDNksywccqcGOXUzB3SNMP8pQlGIQbGLJ4HZixBJJmqp/ShdpdipgW5g
+zt6vpyzqJJIA0nTz31uplmADSbk/m2yvXawGGkIJqi/Kw7+TygnOBvGbNWMkYah9
+tXC6HO7a1gappZuI8vRQ2+65s0tAC/0/GVUQgIIGVEbvRXlIH1iUVAcOOehEmCZK
+miYPOiEHbk5dEeSlp2S2QnB3Eie+ChJShDiXeaYt9gTb/gJI6cjUvb8KabNU06Nl
+dwVG/SYHWWgRJQq7qbzX0kFciJk9sfwfSaHG1ZrRqzygoxE9K9dWisP/UtbgyWKn
+CHVEZ6r7QllTLGWMVQv6OvqzzcFBNqVKwDEuyp+Fx69ldhYnCRo6zEFLFud9lxbP
+GgYHWT34E1HEd2OiOtsQpFEtsYbJUH6cZRmeeAzq/gbvmqyj5ZPXvGDl2QARAQAB
+wsHPBB8BCgCDBYJnogmKBYkB4TOAAwsJBwkQGE7uBdN9ct9HFAAAAAAAHgAgc2Fs
+dEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnUT+HarWeldtW8kYbjss46i17BlTb
+G3yeAvfP+p4089kDFQoIApsDAh4BFiEE7UllGoRwP8Pn0D++GE7uBdN9ct8AAMaS
+D/9O++KyNw0Qsp3iSdQqZePZ94+zMvSBjkDIHJFbpqOAG5vi9VgYODcFPJ2j5gwZ
+bnqXNkE0vRj/tSTiviOA2lGDMnMyNkClBXAyeKPvBWLfBFJlYNZkvLiyZSkpeDT9
+/gOkcN5ly+C1rEVsXcf3zECjwbCFnliFigbtvSqan3MDuMAJ1HCl5iXHIiExCrOY
+mRRb1M7fzD/QG32Oz6AmzoYrBnvqsXqqDs3N34XJ+H9A+XBLIqxdTP9lWOafyxO5
+BwEN98mp5pE2qr4aVkow4veimxJS7logrMAHjeBwBbexfqVA4I/478rA4RmOB35V
+20IwFRyvC0MmfZQos6dGySLrRIQyQEyta1d6Ne3ejhKnxLfOgWaSdspNVvkwUdJd
+oPBZGKShv2DF6Sps8NMW+TBWL8OxwRrt1V6ot2O9j9n06IbVRbideITW51PjuaiL
+m0D1huze8twpgBvh3sRKXxos2tZ2D5bfaSheEDIUuHuY9lH8Jhs8bCE4utcsGtXB
+onYr7v/xXJdH6Ikaac3fswx+5w6X04I00gs03IMYbrlwjY953bCrYRjIq2RZB2t5
+NAs1uU96h6V8q7UD+BjYYZvOa369+IQpooRPAZ3G0HaYRiKH+vIsPLiiM2oNE+HH
+zeA3vfYbd0j7+HgyyRCMYOGmHkvQdNsMYUJWIHxhIqGzbs0iTWlrYWVsIEFuZGVy
+c3NvbiA8bWlrYW5kQHN1bmV0LnNlPsLB0gQTAQoAhgWCZ6IJigWJAeEzgAMLCQcJ
+EBhO7gXTfXLfRxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNlcXVvaWEtcGdwLm9y
+Z9iWfxqJnHBrlj09cZcAL5xdzNb7dXXUc1tGwhoqTr3IAxUKCAKZAQKbAwIeARYh
+BO1JZRqEcD/D59A/vhhO7gXTfXLfAACajxAA0bkgdWDjoTBf666RWm8IS6X7dWYe
+M1YumDreD+btWVavNZchrKI5M45nt1LNRn74uqMn5ahe3qca9v9+m6XwuiCucVOf
+etU8f6hfZNh8HN5BL75z6/cpLKNvMZL+mPXEpe0f5/16Ejv0htuYMokpSO2MKXvm
+o1stLpzBmQQz0LqJm5KODt7u6hkZ4y8pU2m/aeawGlZIced5Fjux6FypSyU2vNEk
+QTVdiO018EBBE6Pr23xHYdsyGcsFn59HvBzb6eBrfBuT+wQRXtAijTdB4KgobZbW
+CzjbXS203oytv3TcGapAuk0Z7fr58iJzWdJEZAQ6tWqcDFIGSDmAaKY7Aev3kznj
+S4JSZk49Sp/QkYILrg6mPYkQNl4w7hfo8b+HPpG4HtrXhPSrGgKBhDMb/o0xXZng
+x/2CNdzPQUpmbJu+uhvOkp1Tg4No+TvgGEZCJjusuvQPobKvsFFkZPko2b+zEyBI
+kzI7mBiWXIwT0DT7ZFVJPJcbklCFlvDxAGlqEGGeRxiiyrEYgaab+PBDrfw+QiLt
+zcTHXTKODZ7U3M0waBYO5ZTxc196j7Glzv7L4vxx5z+aOdhu8B52TES6HfzeKnP3
+j7PW2yLZ/04U90T8SgMTa3GIXJsYTXbV28x8zfeZM00UFmosCSz/h52vvCFTbF6M
+ehZwH4UGe1o2embOwU0EZ6IJigEQALcJEKVNQmzxSXIACPico/BiL6ZZ5QylQleT
+3fz61OUQ9KU33U1HnJzmLQcSL9lpr5Y/hBPkWDM0yO+Zva/u9XQkC+0KwQ9zg5/3
+doEZI3BXPfF7DBIW1Ld4M5R7cmKiT0IwW+NGMMPBqwLfiprnLLWEY2zhxQySaI+j
+MV/R6eEItu7CnF6KR5GuBYwpnPm/eWQLfKaiFb28vxGBLKZQKe2nY7cyLxE8KVlK
+Dmd6mJi2jBGjJeA6Cg6adDCrahOXfsjk19HQ6YEFdg8wvh0u6gPeHZWlgtk+tedi
+csT4KOi4CYAgmjaxIkv72S1M5n+pVqm5as85neR3pMI8ns/+dwCvX/rlOFVsrqFZ
+dvjj2TUlsLE7dvD2kRDGO3o1Pyfdyt08wevQ09JjdTv5f/FmVuEQ+7UoayHC0Jjk
+yjDUveUb6fCa53sAA8ZrUaB1mmhnvZKrqtaBAb+dBPlrlPPlDzPPo8+yw/SVMPLf
+sGxrivSFhxx+q+LpN5uUEv6D5lm+XMvzm9Vb2EExWNDDwJBSW2X/KkBPOGHdARua
+hWVOx7iQOk4OdC9CZwas3YIJRIpx6+zhTrlhIlY4WXwIdsN2JHovi2u6AjFblIrG
+uDdb3E1vF0vm4M4dMq9C52ROSbUcooke0IUtYYclytzMybrOHrh0iAqc0a+RGq4f
+wc/3CnadABEBAAHCxEIEGAEKAvYFgmeiCYoFiQHhM4AJEBhO7gXTfXLfRxQAAAAA
+AB4AIHNhbHRAbm90YXRpb25zLnNlcXVvaWEtcGdwLm9yZyOkpnVqruvmjxSq/r3J
+TxqVS8+aYUNQXxZYelc73s6vApsgwbygBBkBCgBvBYJnogmKCRD7Ri+7/4RAuUcU
+AAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmer7RKcNJiJH1gj
+5XVjyQ1yoJebCEbdJtKSt3IiLWzqjhYhBPOOqG3Z5E0lUX8kWvtGL7v/hEC5AAA2
+mw//STso9FnE9mwM1NOq/6lxZhAltNr6RDoFnP6wPtHgBNCXoJo8CzlcBGNeVPAk
+soqS2OILYlYh5FwVyz3gzfF/1wAmKzT1IP1KCTZd2kfXRgVwczbh1G2YPR8O3LBK
+ahCdgr0jbcvSjR2my/QFTX8IBBYt5Yr/8KfNEMtKoHEcfBm2WQIa26Adk5cyCmES
+iLHKfQboIcB4cg+RiqsSnkZf1SY5cUDO2InD3zUBe26yfUL/nJaz6oPLQkq+KEIJ
+fc7qSPvM4bQgk9uZDu+gto5Lr4SQ7wfXOmjd/HP/EONU8IQWEOH6C1oSK7XN7vaf
+T1gkz2Y7Kpr3BuJcHlx0K0AUmKGFQd8qKNrlzELd9wNzrR9G1rX07FmJ3GAJ9LWv
+uoMSTGSCmCGKrBRaW/peg7YDcTTU2gg34SJG9ePo0vZZU3cK3jqgJJYvwm9yb8Fw
+eUXur+CbhOG9ZXHSl5JrpQPCv2L1zoQVjs1PhizoNnJcI0K6oyK2onnmJiMiktU+
+Ljnk4TVMWySwm+K9iUr9lB0KLfWXvhw9pE7eamRpsun9IbOYdSiRkNGyI3JneZOQ
+4IiAhQ23rPOTTErafxOwy26tW2CizHIPBTjo6mZgunMIgl2GLdeuQiSOKzMKCdbs
+vVFwcBKX3ay9ZNEijcGwWVA20G+XpZtVXOgku/bIffC01wIWIQTtSWUahHA/w+fQ
+P74YTu4F031y3wAAMn0QALVpzWgnQGKiXwBLQBsX1GtbwoXs43Oh4uNOhbbBIs4x
+Hi5iyw9XqCnTV8GDmQweFuWdFNetwbQYOOAtlwO2kTxRSg3JEp/rCdZnVUILsZIx
+QBZF5rTXBNp/3320GXWW+vpQqPPqizRfwuLPpBQ6LAGcCvoNcABrJIziTfDA7T2E
+miqJLAnA1wkBcF1rymMAdoFXHfgoyHZxwAzGkIJXnCO8PjaXQTleTfVhIqdOz5NF
+LnQCz4r2fFinv66XIcEXJ4Rrb1Lj2lgH9GvXA+lWT7B4wZa53oW+YflOuj3Dmrrd
+dZeVyKsrM3abll9D6v/TY+uVy5UAWa2NQvqXiwcpN3NEBNEM+vR9AphY934UAkfx
+UGYKU5USeb0Y0CzCcsq4gpa4ePgonFqCKF4jKwkHS/IMcmL26SUMJXo3rjcwpNy8
+1eUKHVetASv2Kw1kb6iqTwYKKX+yWXY3YzikD2CMUS4Yf+JGJCk+NZgIEGbe46XP
+jnSiAOVDbTd4vvIZ1oK/u9lpVculzOE+W4y4WbwYRSqy0LTPm/OVsRwVSC3xt2Bg
+Q5t4ToXqe0haWuFdXfTCUS2JpfCR789fy+5FORjRyEiorHKgzaCzhBOjA9hzfHRf
+hn9yP8hBwyXJdpjTK8Bv7l5e6GdKwFXSqBF/dzrVPY6b91jHXjw2bzWbmDVl83mB
+zsFNBGeiCYoBEADK+fGnHrtT9Vf2Pos2vsfTyp2up0Ssiok21TKD2fXUJ5UMH5+F
+W6HrphcyN2Aw+M+tseQpKc96hdr/94Nj7eRI82DksFQV6tw+v2F6rwZqYwfXBNbu
+jINB5AbtwXh7GFQ0W3nFnus6dZWinI9m3L2x5VqmYokjp+9JARpKa408IHQRTwEv
+nK1YP3fhUgzKOOZ17T98p12MR6t3ptAvTg1fmKepn0shSHKxuf5w4U2URpv6j66B
+hToRHgH7o60h5sPnQcBOrk1gXUFhZ7rczwf2SrUfK1I44m3Xa3kpKqJSxVg6dFtf
+Tz4bnAmYLZyJQgtuk6WBUSWbPmPZrfakVHeTPX93a8I+B6RbGm1QcOVUmigao6u1
+kwtB7sDNEs3/aGdSmB+JnWa8N7T2hUy82UsLtLPrrmAArMiU7hrdTVboLBvnjfCV
+tDsoesKMgawQg3wfm7qRguu1eUpw+XMNwFyhWdjvM7PRLJ+oo68OQBNTMhxE59sq
+3jk9XvQno4/PkFbgFkYW8x5oW4a3Uqz9cPs2mQBUeL7DKWHBejJJ99sbXKETP7R6
+BmecMNm1Gx3VKkWXiy5Ys+42tNH4fiPzCAkXTmQMKlIQpkDPSjzFDTuOn/UW4MwR
+bAYhTgRPvkqn2wHM+dsWh3GQjGoBQV8hjYNOENoRuOt8n8Cw8wekIx0+FQARAQAB
+wsHEBBgBCgB4BYJnogmKBYkB4TOACRAYTu4F031y30cUAAAAAAAeACBzYWx0QG5v
+dGF0aW9ucy5zZXF1b2lhLXBncC5vcmcqFlNvXwQs9/4hsRnbKRhfJ0kJgeae9fDW
+vtbFxEv9NAKbDBYhBO1JZRqEcD/D59A/vhhO7gXTfXLfAAD02g//eFisBRNA62Cp
+MwWcqAa0SyStL9jPw4Uvf5rAxyph+JZuNk3CFwpMLr6QzsDKKIfVV+auqnHi/b+C
+TZUVbDKsTqcL+IxfZAQCKFvb7qQwF+kY7iXthVFvxunLdssM0ZxXSWxQdso3HfWr
+LFvM0yuR1+C+R39HKugyc2dQaniLmLcdJC3raB0UsuL0eNqcqGtKyLZWTD3LR9NJ
+ZosrR25oXAU5b3oTw5WCotcqCRK9Dt7dlKqr3Zatwqr5Ya0aN2PrgLbBR6hg7ajB
+fEBdMKT/jU5q4d8aZHZvCxXWlTqfgHMLYMk3s/h3wD0QKn6RhzGFsnv0NBYxx4VT
+xc5zVYUQI2MeK4Hb5gRMfAKtoYWMbXm/ywhhPqbd7lNtwyYD5+g/ZhEmo7x7IY7C
+mYzAyJygXVXSY75b79YzuPrqNpaq2oFN3bjBB+fn+KMjtoq9iuyQVm4oWWIBkC55
+o9Lfz0wTd6FdX+MWkiWUgGeQiTJ+DHx9YJ+wcS7QqsxVj9fzshyg7kuGszj3iDTz
+L5lZD9Iz/XoevUQe71VwhA/QqEmD/ZmnYB6wd4W98GQqo+IsCJXwZlDpmPIXmy8e
+Wuxi1iEov0uBK6ptfajWwQNbAmB/WaevhmCQwZPCfHUXcBGtSGovJgyot2ppV88b
+dlIwUW5Byk/apOlDAK8SCy9zbO/VZSs=
+=vzl8
+-----END PGP PUBLIC KEY BLOCK-----

global/overlay/etc/cosmos/keys/pahol-BF20AD5E35F67514F132A2185D5B0D4E93F77273.pub

@@ -0,0 +1,87 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGN3Tr8BEADCExODyx4/0i53qRaDrRSBiwOTV3cyCTWLBu6x9T0JZ3tBnYn2
+4KVj26GCuxxrUDXNi2LRwDantg7DD4pTCYCgym1nYZ/SlmgzHSSaK33UvOu0ySVf
+m1tlTcJugNiHq/plGPt35MZhbc6PVmug6ghFIcrqzzLy25Kpo6FwuaYDteBOPVwB
+CeVgRjVJb/4gMoARVF6JQRvCa0Pl7q3hFk1pG8F+X9Vh/m5TjEpzoGDB9F696TJ3
+84jAg5HiSvLlcarz4BCHJYM1PMstrdkS1M7PY/FeOzqBezhvYjZ74RLIl1mTomCd
+hgy4JntEATsBpJgv3HTULQOAaeGlNr1RIW+MvAkfzyoVSJ+gFuCo4xX4pHpzMFRJ
+VTuhw2NXSpIAhsOz0RycMLJ7lgYCakVh23tJlpEAvlXOAmWZu+/WZ/CzdvCFqMsh
+Wb7g+jWJuf0A0UC1O1WVkTwcKz0CqqRVPBr1zz8Q30AyFC0DCj7eI7LHZyHExIev
+dwRp2DzFvh8zNT3VdJB4cw2nz5L2ZjSBXyrE+f/qpFSMinD52B3psWiQNfhGzsr7
+EHDu9oPq86uq7EtI4kTccbg4Yv5Ujc4KT0A5ZDCXxZ5GCkR0dAjNviX1X48QIwbp
+sm/Q2b2a4c8p3Pqrh+5pp4lEmIEgZqmqtiR2B+Tu+kxwRAzjFXQ/lUuD9QARAQAB
+tCFQYXRyaWsgSG9sbXF2aXN0IDxwYWhvbEBzdW5ldC5zZT6JAlQEEwEKAD4CGwMF
+CwkIBwMFFQoJCAsFFgIDAQACHgUCF4AWIQS/IK1eNfZ1FPEyohhdWw1Ok/dycwUC
+Zyo6ewUJB4Y6JAAKCRBdWw1Ok/dyc5fyD/94kxREYoKKh0fpg8psY0pyR/H8LjHl
+nvlIV4sKA5PF3xbhE5pWFp9dB5UBA5ooI2c/UY6U5+RvhT/vvzYP8MR4m2SxQmpg
+uSy2Gq1izhgxRW/voCtv5LEMSoLY5hMOkAsFLa0wQVjPJtnc7KigiNIf8XegyuUe
+Kj29axU/Kg10d6PiUKfdcftpeL4LKY9HMnuFSfcQAYWTOA5nqnrq1Jii3vGOdTxe
+NF5R/We3GrWJIn6L0A+Nt03EKH75TnUBVs5ZQq2lWIRBFtA7jhcGZlo0coXZDVV5
+MhavO/16IPLjhMttl//CFzwk6oTCVOSHllwST4QpH2BpcX8Sw5k3xLaQL55bCnDR
+gjT7KgcsMYPlSW6AKfRi2uG4OLUepLvyYEnF8ICvKfdlF+moLY+27/Ro9vnILRDQ
+uQ6jPGP4S77iSsu3SPXQQb12HcHgAIqLPda/oC7HDZYn4/tTShmftWPgIK7FtEU7
+4DFdbrufQu2NNWkx0oB2B5No0p5S7src1pBHahUNuRd21HAql2VJTaX3XmioI/Zj
+zzaSXj6QavMKD9pKAbhkVhZ3bmN3R3Pkf67OBeuLUxDYDf0LNYtI6of/pB+kkXWI
+URUOtfQKuxKO0BNhXik++PdGlOppZbluYTtFJtjTlX5Znifg7yPA1ETM/wtPotBr
+37LFFILmMgmnEokCVAQTAQoAPhYhBL8grV419nUU8TKiGF1bDU6T93JzBQJjd06/
+AhsDBQkB4TOABQsJCAcDBRUKCQgLBRYCAwEAAh4FAheAAAoJEF1bDU6T93JzO0sP
+/0Zcq020vOzGUEz01suG44TmPUvHo1BupL0iV9+hd2VKotw3u7Gv+nr9oDf/sPBj
+qOnJvLK1WaMmLbMQ0BMDzL87G2uq7Wx+g0Oo4qEQB3B4dosfRshwV5wBXmXRAUe1
+oBEhCBlaeQq0RAst5s2LWCxFWxOTmAImyHqZYjz2p3orjTjdIWgiN5vz7J9Y8WZL
+wjlKCRUAd528aSo171kW9K8aCUFdAUd7RCYNGSckArBkY/1LjXtRD6T6oChwn3Ll
+rLBp3rVF7rpreGDMWoF9OulbSp//dHJKiocI8TjN7zCUTgA0RjNM12xBl5iem4cV
+JBfTS3s0Dk+y0N/p6uRBmUnMI2ND7a7h1EIzdHMNlFhKv9lv7qs3/zN4ZKvx487D
+qlKU8JY4TRlxUB2nGs5D+5MzpSLyfUK/T8niIqz+Kp4jUYq/yswYlQq9rf7IHone
+feyFeQr/5q/RRpGizyxsr/DBaoqm+wcfPKc39sTM74RUvHM5YRqiAMRJT41/LyCg
+m4DshiSLQsjkji6Ik+8VEMF8g1rt5f+to75uwuViHbrxaT7HU6g4PlPfAOhYrrjo
+Oi0lnn7NY04xpHYympk1yk9VwPsysapwKj5lnA6QAZ6Z341hZ5hBv0mlqaEixVuG
+2mKShxj+gEHXSNbpEZH/8FoUT7txcK3cSmRYiySb3RXUuQINBGN3Tr8BEADN2NU6
+WF2KyZFRadaCc+zmaKAPjcnbV90sHeROKhHkW9mJhiWOtoVySpowJJcki+cvIw4S
+yLZ1CMpy1WWOIyF5nSmmoYb+0fM6QrDETFzOxHkB0cQRVI1f33cpiCuNDrCj6S+n
+VLir20b6MlC1tGXEAReyQXNVLPwSnqHItFMC1pC423zmEcIHg/L3iAu6Rh+fS7QR
+F6JlIO0GXOZaFfpWuPFt/5Ib4WCQrKZdgzXTZDVSmB92Hr1SYxq9kXxj7T1nUP9w
+yeDcFkMY07rgIHzoIfbI/JdrE8hkCsbKEPr89vRpFhwolsVaA3GYXyT6gQYhLGhO
+2K+xumlpl9awADd4PzTZPBVlrAdIRWi+5wNlJi/Y9p4TXLClAn691veSN0sF+nXm
+VsB7WSBQ5UEIqtZiKtiT4qGt3WjdfbJhNTu3PCQbg6MKtYPbOXF/q7Hj3ucelTLy
+UHc6XQK5iG5bRazZLv9s9w39r2ZCiFgeC7oFlu1R/0N9d6ncUzfkau7sxavpjXz+
+lc1GSSLzj7KUQXEFjUg1zonTuB6radLPd0SRvPLdfclIKM7HE07Pw9GsGpEOdudZ
+Hcivvjcq6Db6RyDq8tZyHp/b+3gIiR9M1OhiocS/YixQd8nQXNHnZVmSVOhUIkJw
+BXY2uXHoSdYCAON+7t0s2Q1FffNGe2Ulw5dg4QARAQABiQI8BBgBCgAmAhsMFiEE
+vyCtXjX2dRTxMqIYXVsNTpP3cnMFAmcqOrsFCQeGH4AACgkQXVsNTpP3cnP6VBAA
+mgHBIwyu/NiFV2LgrBfEULb+TTvNAd1DXNRo/96pN76gnEhEHBy/1aj4xay/eDpe
+MTBS5UjxbDc22ZiimGwvWBjuCDVn/yyYl1P8bLYuTFgSS/h3XWnkVCNZJwgDU4l1
+vA1EjXht77rc82fX10XdL78VZkyhWawV5tgen/RlkFSFnnrcCCPWpVExy8r+OAPJ
+6B8mla4EwG7Amiu/7HUfR7lwudh/SNCRuqv16SLyCj8kFIJCM3ePqyrwTaUcvByo
+azCgI0tRlMInViDZib1BRvNTArpfl2A7KeDqJWHk0s4BwAheDCM3894+iQbrrryZ
+fCFE3VuwrLrad/T5FG0Ki0FDCQZcA0D0i4oF6fZiwuzrzVMR80uJMj2YHz4D1Hbg
+g04SfV2CRT9eZT7yXYjhaSzZBBlySAOUAkPIMHJ3JFLVJomiHTxZgynwZm6A4V1z
+EEg69qNvr9b7F1kpYEMVJFsTiMFRPmSkE4enQiFqgBd5RLsyTiL/uY7YFnOVOKWC
++JoiTXgSQBeUAik6NiGG7cWulw0+VmSdJn9mWrcRUbcJGXSlSeIgVgd8F5EofEvA
+8DYSvLnm72hBemxEqOlVfE3rrF5ATj/Mzc6pSVwtw1Bp+gVbBCADrzdqy4Fs/Qqa
+cq0kDa4nXBq8pZtLvle7PEaToJLtPbekhhhFRfoV1di5Ag0EY3dPTQEQALWO3y8o
+RVJftWNQ9E00oFL2hOV2dPchpnVeHyagYpfZ7NqhCe4tpoo6Qocw9VinAk0lwu04
+/du1I1gLR7rVoeYQ7YyKZJG+yRKx3d+g/nAOD1/gF6XRdmVr5J02Mcz8Uroyd0zk
+amlimAAyFV/7rFT3H05VNx3iMIUoHuj7diWlE1JLeRQMlwxQ8njWoCDfsJDJgJXT
+YznzW9iwJ7/ypgR6KF0ucRcEOJipnwJTgF0wvzf/G/umqxKzRlSSe6XYhwjCkSUo
+ymRvd1glwpoBpzZbIQMDC0XLAQ8ksage5oSaEPjbUX1iFVkOYYH2vrIZ1OUXkxhQ
+WGkfIH0h02bxW/y1aMjyoCivX1jbsfqQ0+adTHlkQ84e4G2WV2nJdmGLGyy609v3
+7QPTErPO9Hpo6BewC2lSeqL1bEXc4VmZHp8iTh3Qjid7Nq5fh+eXCuU3JDuFYC9E
+OFg16LyLGmwyun7Slyr3zsald74pMZJ5LgV3xpcGX+K7pkY8FDrM03AR+4OFU4kY
+7eZ/cwOUiUE9y1HJmV5gCloOo1cX5ubhuRNI+YXEFJ+49AjfhkQyZele4VLSYvqD
+HCAgv/RW5T0GqP62oaYxKLqO1pAKtMNzvz4Yya6mPeOXezkVhFxN0BKStJ/ZE0ub
+1/3qFzAunxqKXdROZK9VngjlBcxvB7hhZVxTABEBAAGJAjwEGAEKACYCGyAWIQS/
+IK1eNfZ1FPEyohhdWw1Ok/dycwUCZyo6xwUJB4YfgAAKCRBdWw1Ok/dycx2zEACD
+3DzJIBii3GiMQbozXDp0d9Ipf5OupkIC0R/EGgKqOenqETWBbGWRBjlaydQ5LOyy
+AT/YHy/+CdcgN9d2R8GXuBU7lMQu0zp2K/7AQPlxRhom/PauGXDFdb/7u7Xr1Wff
+An/ahI4ZB3joUOjqEo18/EcQk2E0jfE3hSOU0/CuxQ5jJHxNnRSMLVZsiT/qZwCL
+HaAqQnqZj3kRkcM1PTeBozkZXnADqer2/Hnz32nFK3M6keUsLqjMO57zVhR67IqI
+CfVrXo5xmUq5X0dr3qK3R1MXgjtuBrBdq/g/93Z3hpAuWiPJwgk4p67sWAov3QHd
+tg4kiuwb35mqqmq/J+EsHkn1M3UTbqJfreZeUsZ6Dmues+4LncMeRsGKy/ZSET0y
+VVFw4oW380/+qsq+zRjkqJKif+Sc8H8nNs4af7BVYiK7AeWNQ3K9Tf3Na/st1EnZ
+UAy2Sv1F3XgiAVa9FfhVWL1qY5UAV2Kk6WJf/PgUfSxY7sXyZnLqbbqjEU43GNiX
+s2JSvj2vwzoibzneqZRaIZ+hWE5BQ1xcb0kpsiJWKx4SzdhB+Wbte+xl6rCDPVJR
+IFWaHHgXNcBp5ipntCD07dpSwKMCD8Lq8RZegh3fIN0EURe7jfv92VoHHNtBy2g2
+eLgh6rTdN+4jD/kx/By1Yz/RujkJ0KoDllGelKBVxg==
+=kcjv
+-----END PGP PUBLIC KEY BLOCK-----

global/overlay/etc/cosmos/keys/thorslund-5A3BDE49B9A60AFF42E08F5D502D33332E9E305D.pub

@@ -24,52 +24,76 @@ LorWdtDli3mgcxjGIEqwK1i0JprbFsP4fcjGn+Wz0qj0EfqJ82U3WbiNYyx2Z4tH
 4jH+V8o8aDzBPR1z0Xo7tzawdEX6D6kbCsOprG1GP43UJ363MqrdkPiNeRJzUJLw
 mfE8BtEuMzcq13sy7wd4EGlBfoP5QhPpvipFJET0NMdLh3bCRR1eaPPECRiNh2XD
 Th+2aUEzWlvR4AifxqBFaBxDgCtF7CxT+Xywm+VgKsBLTOvJGnGz0n2dr0c4bYrd
-+wKXk+AG1fHhm0wbcOO5Ag0EZZQFjQEQANiloNdP85Tk4fqhJpIwvfOz/IiHMByy
-aiQvzuemQ7ZYjGLQPjLUOFIKIs34zHbEnoSAsuZHvpBezAXygEbteqiWMrEkQBns
-k4A2MEgLoURcc1tryLvwDzwI6IhgJJM9f14AgKLeNkAwQFWM1ua5qGXylPPZ/SDi
-dsP/d89BeqJee5aB23Wu24AhzP8Aj+6/6I2hVgE/nTITiwzzBeBL/KkGcp8e4zcD
-98VppM57eB+5OXUbxh/qDKo5elaLoSo0cGHXSyuXQgXZkt5HBRRETiejGQdva3AU
-OjebrlKwX0Rx7h8UwqNq1e48XRyH8BTv6yyGiHlDambasXHDCQZ0FHI85yOhUwjy
-Hv6maI9gBCueKKdxVR4sdGWXHfTBd286gLlcLICmP8SfTsF3xWyrc6iJLb58KYiA
-p2V6tdRfvbtgUOvPzZlJ3MeKUNi/WDgk7BpgrhG29x6Fck27NU7x096ayb1+XLV6
-8P7nkVQJjpWFJ8QkU5LfI9wNa7IgcNIFd9PSeNity4EKAlTKO27FIguBb2nZN2Ft
-nXSqgqbXOvHsm9v8UgExmEH8xo5Y0KcJs3kD8raz5YKkErz5H0C8lIT1BfwHtmLH
-yhDJi/eLa5U2atM2hv0rYUAhzVxc25ia7n46NJuwbhkNPVbAmAFAJtpSIg8PxOod
-xmlHJBOuHTBRABEBAAGJAjwEGAEKACYWIQRaO95JuaYK/0Lgj11QLTMzLp4wXQUC
-ZZQFjQIbDAUJAeEzgAAKCRBQLTMzLp4wXf39EACL8V5xCHkOatzOaMSAwb3TLU9E
-Gy1mciNBtEHS0bebL39UPp6468nbk46VpIGW3Dh2mQdAeKOpGsGTsXHPTxHp3ofG
-bNSiqJf7VIw+oMBCG6XQO1Vz6n1PACivwth4DE9Dx3JTkrhEsVv6aXB44kMK6O2y
-5N5k1U9VStv9FIjHoRE7IRLIKKNnAGX0AnMDKEAt3GJl/tX0DeOTH+YataxpPjs9
-+bZXJNRdoJewVqaPlWTwf6K5wSbNSovOd0J3IQgi4y4SMBmK1tVsjeElGED+nR1J
-u7vrEe132ZU9/cUCtJpBT49UcUiuhTA40eV3UYujIKYuRYFZwX1JbdeLshTHcFwq
-ZV/Tr3mEFASV5PQwiJ4fq7glpe7ZzoRJkw5Q//R7u1lhFuMvcfQhpQzYYns47Fwc
-Qe4d0MHA0A5rPiSNwlBb+3ocqGairHksIqmX84/bX8a9nEoHFyRH0JVgF0cvMil5
-9l6bVaQLYhuG5VetutvHZYufcNG3QKh5dJdRJ14q+nqV/ZX26y/Phla2RPyGyb2P
-ePHGOEbnPWdJKl3hYtkTRQFYMqDTr7lLvuKVoNHfv3yxKrZPmbRSq9twbqUyUtNC
-DsPg5IRqeOPYniFqNlN+gS6sSYNVQOXD5+WIotIwFpoy6ueizp+jTSXEWNyB2hhv
-bkCnMo64J8trMhy21bkCDQRllAieARAAloqIzIZDxjhvf+wMU4gfnFr9ECO0mUZk
-Uz5fr72E5NYi7fErSSVWejCczWRGwKn8LYW0STIVKDB2y1ey8YaOLrWRznjcEKfE
-Raz6DoQJALzfrWfqYrZz6orpSY6JrN/rmjttySTlp9HNlMjvfF3G2ClTGGlkSs/F
-uMXrhcunWbqTz/rvDALJEaluczRa28qrDyyGK6p0wcoomxFfSz94FAasLqamxBjy
-dg26H0BH5HSm+3ojp7OPLcN4wowD/l4XPf4xQHP8Aw5bwvIJu4D7YJkftSAj3QRM
-97d6w5WK/xcdV02V61pTaoGkZl7FgYPuYWCkdmgErUkoRX4C51AB7bI3dj9rnndi
-yo535E3RU81hJrWbGbG0G7QNwoZhbxkudr5P5zlrlJRyundLw7Qq6+suTA/b9EW9
-HEjJYbB91p3DLWNUGKuWuW0JbsMjOmgNgDWZ0V+j8/BpagmHSMmdREFVt1PMQArP
-W3m3Sl+jS33NZakp7EeBkmwO6ocy7sj86E+1JoaQPXWfmRgu6meIPEdXkIB/v0XD
-BBRReo7ttsYAMtAgEnYCRz0VxDoylSHOaUEHNIekUgh+9HLRhEzLBKwSk0hVYoDu
-jnnnPGPnUfoFgDpgyYAfL2Mps/E1mUUhdZUUBl6dyxGwVDXckNlmuSxhSPHmH6f3
-9ZF7lGDGVhkAEQEAAYkCMwQYAQoAJxYhBFo73km5pgr/QuCPXVAtMzMunjBdBQJl
-lAieAxsgBAUJAeEzgAAATkcP/RKKnqqvdmY1IfHZlWNCjrxZ3n04F1gSVZ2pQyx9
-QFGD9ExqfaSLxOUZE8z/ae4y5bPaiGIulXwVA+JoEkEiJJmdFJmP3DWPMPKuvWDm
-anjErhQ6Qjb+5HPE+AbB6+SdyBm+ZlcK/bwzMUxPFArl3Au9OcbS26guH0vqTaCM
-6n6h7JxnDDe63vcJ2ZMyMnf7a9wvMAvzVu6EfjDdTDRInm/u79NqMZUErKZ6BNnq
-nNZArKvKbrvYdHQ9EyBQ3Rl1G1kHnOK1VVVrrtzLB8EM0E7bZe6GUIQhemIdr9es
-OiQRp+bR00cYeWcwClaXqIEXiyKPwV4NXEV3zT9x0KHFpdrnAXFMgVGWd0OoseB4
-RiY/blm7uw9rwo5HF3J09ZMQQnADo7NFtO0cBwyfMplVFehNtUrJueo9AcjWKfrz
-himhjRdxsKEkMT85DR95Irz5K2yAaANOEGBqvgy5m0a4GjneZ6njV3ObWFZHWGRl
-CnyZA8pJXgIPfjyNAtlzzWfImguxM8wxZpo2EdNvVxcAp5XE+c58GkYoOLgLOWzY
-zCBrUdlnBAVvncFSLKEyn3Ox0U7Iocoto9LOrdc6F1F9Y55cSaIeZfK3+dDqn0Uc
-dpOdb1eVAOvBx6pvbp5F/b+mJOCurJ7x/3yyKKUTFtIy1H5Mh+BL40d6/MPcnkWz
-PdO5
-=i2Vv
++wKXk+AG1fHhm0wbcOOJAlQEEwEKAD4CGwMFCwkIBwMFFQoJCAsFFgIDAQACHgUC
+F4AWIQRaO95JuaYK/0Lgj11QLTMzLp4wXQUCZ02y/AUJA8JnAAAKCRBQLTMzLp4w
+XcEzD/wNb+1EVvYKY2dZZzehPG2zaCt6rCGkRknM9x8mhiZJ6lZQjVZaa4Vvj6K0
+zXiv/WBxIZoSekw5iFYME/pj8yBGQa6KPz3+N6akwgnKVd/r/PPaEJQ5rLX5kouw
+ryR+4FNNI949VzfKk0Ycp+KCCZbzytZWwWrTEG6Xpo9v9O3dlePLvck71ACDukpT
+v9PeZItgo80hOn6TiF+aARRpcmDisXrozRhLjaZsY/eIHbLpw0Lz5mLyF52v66ar
+O4xFhtlOg4zfDhMxgbMDP76MJtO+gdXVAPz953oYoXXQQZ7IoWco7tDVOdyhKHJG
+4klf+anmHslwkS/ARYA1DUs2l+5jBz/yR8Nk+xbnNtaus5ggzG6Oyn76RpkWkIA6
+v9YQ2gdRN1QTIHGjwIdRCAwNvJR3EmdxbvVGC/X/v/B6ccJdb2y+5alPGrLABAgj
+0FINeCyTO5m6nYPigX07b80fh7l+Ah2GIfMk07WEA1d7RgxjUdnjgpdE0iPSHo3r
+CpIE8RWkFjEqeJGbgjHrS2PNIJ9OzYmS4W4lGMjoVJWCZmpXl0FpqIGuIoeoA67M
+cwvBeR4PH/UVT6vzCfClCdB0iE/2UpfWjejxu2N8n4j19yMjDlCEnV3VNEzqt1a6
+ZdWK77Nkqi9/tOnmfs6pp3Y135JxFav4EWIIoB9zjpR+SsW/G7kCDQRllAWNARAA
+2KWg10/zlOTh+qEmkjC987P8iIcwHLJqJC/O56ZDtliMYtA+MtQ4UgoizfjMdsSe
+hICy5ke+kF7MBfKARu16qJYysSRAGeyTgDYwSAuhRFxzW2vIu/APPAjoiGAkkz1/
+XgCAot42QDBAVYzW5rmoZfKU89n9IOJ2w/93z0F6ol57loHbda7bgCHM/wCP7r/o
+jaFWAT+dMhOLDPMF4Ev8qQZynx7jNwP3xWmkznt4H7k5dRvGH+oMqjl6VouhKjRw
+YddLK5dCBdmS3kcFFEROJ6MZB29rcBQ6N5uuUrBfRHHuHxTCo2rV7jxdHIfwFO/r
+LIaIeUNqZtqxccMJBnQUcjznI6FTCPIe/qZoj2AEK54op3FVHix0ZZcd9MF3bzqA
+uVwsgKY/xJ9OwXfFbKtzqIktvnwpiICnZXq11F+9u2BQ68/NmUncx4pQ2L9YOCTs
+GmCuEbb3HoVyTbs1TvHT3prJvX5ctXrw/ueRVAmOlYUnxCRTkt8j3A1rsiBw0gV3
+09J42K3LgQoCVMo7bsUiC4Fvadk3YW2ddKqCptc68eyb2/xSATGYQfzGjljQpwmz
+eQPytrPlgqQSvPkfQLyUhPUF/Ae2YsfKEMmL94trlTZq0zaG/SthQCHNXFzbmJru
+fjo0m7BuGQ09VsCYAUAm2lIiDw/E6h3GaUckE64dMFEAEQEAAYkCPAQYAQoAJhYh
+BFo73km5pgr/QuCPXVAtMzMunjBdBQJllAWNAhsMBQkB4TOAAAoJEFAtMzMunjBd
+/f0QAIvxXnEIeQ5q3M5oxIDBvdMtT0QbLWZyI0G0QdLRt5svf1Q+nrjryduTjpWk
+gZbcOHaZB0B4o6kawZOxcc9PEeneh8Zs1KKol/tUjD6gwEIbpdA7VXPqfU8AKK/C
+2HgMT0PHclOSuESxW/ppcHjiQwro7bLk3mTVT1VK2/0UiMehETshEsgoo2cAZfQC
+cwMoQC3cYmX+1fQN45Mf5hq1rGk+Oz35tlck1F2gl7BWpo+VZPB/ornBJs1Ki853
+QnchCCLjLhIwGYrW1WyN4SUYQP6dHUm7u+sR7XfZlT39xQK0mkFPj1RxSK6FMDjR
+5XdRi6Mgpi5FgVnBfUlt14uyFMdwXCplX9OveYQUBJXk9DCInh+ruCWl7tnOhEmT
+DlD/9Hu7WWEW4y9x9CGlDNhiezjsXBxB7h3QwcDQDms+JI3CUFv7ehyoZqKseSwi
+qZfzj9tfxr2cSgcXJEfQlWAXRy8yKXn2XptVpAtiG4blV62628dli59w0bdAqHl0
+l1EnXir6epX9lfbrL8+GVrZE/IbJvY948cY4Ruc9Z0kqXeFi2RNFAVgyoNOvuUu+
+4pWg0d+/fLEqtk+ZtFKr23BupTJS00IOw+DkhGp449ieIWo2U36BLqxJg1VA5cPn
+5Yii0jAWmjLq56LOn6NNJcRY3IHaGG9uQKcyjrgny2syHLbViQI8BBgBCgAmAhsM
+FiEEWjveSbmmCv9C4I9dUC0zMy6eMF0FAmdNs8kFCQPCZwAACgkQUC0zMy6eMF1J
+7Q//agazMXxVQmNXypGLwj+no0eN8oxSB95kn9+v472AowatX+m4S/TRjUzfkZOk
+tswwDO+41wJ2r+CzcQICG/E5h/ohDy5s8bLf2YeV76zs8s49LQyxo5IoVMubtyAl
+jKrqRqB7tY5rTOsnd7GW2FfJe/GqlVBPk1d1SATReFg+asYV6DFSrgm0m11aLJPq
+sFpBNuBY4+rWLWVsOYcQRGVZILGm+VLroROAeh2KkR+ZVCWMDztPWsaadsKGUsEs
+XNTDNyoPdUe9srw5YQChpQreem9eUJbHY9lTJGsyyhwPNBY+wN0w7/5epgv7Y8Ii
+4qdJrAsA6rkyorgdePbgIauUyAG0O/1eowbIoGtf/X5U95PlsiDk4rl+rTcD9X81
+Ruz+PU1jNZqd36RnBGjy8o241mR/d6cn6xguTY3GtcIAFd4IW5CKe6qWpqjmJWmE
+YlzwO7CD59ILyqXy5tP0ZnibwrGDaRCGEo/7N0XaueRZlriPXc18Ah+0p/TJ6Krk
+Ad6drsB3nJgo1vjddKE4d58PUdM2MLvpc5kayMvM5MsHBWAX/DXUp+P6uyMihQmb
+qw3gpKPz2emL9DN1OVNImlFT1neQ/UcYFJnw4LSbX1pnUNzIPXKyF0y/QIsmXbJw
+ZU2Z3qmtpxI/0AIWaz4uoyxLHQ8QW5bYFvrFWCTXEfyUef25Ag0EZZQIngEQAJaK
+iMyGQ8Y4b3/sDFOIH5xa/RAjtJlGZFM+X6+9hOTWIu3xK0klVnownM1kRsCp/C2F
+tEkyFSgwdstXsvGGji61kc543BCnxEWs+g6ECQC8361n6mK2c+qK6UmOiazf65o7
+bckk5afRzZTI73xdxtgpUxhpZErPxbjF64XLp1m6k8/67wwCyRGpbnM0WtvKqw8s
+hiuqdMHKKJsRX0s/eBQGrC6mpsQY8nYNuh9AR+R0pvt6I6ezjy3DeMKMA/5eFz3+
+MUBz/AMOW8LyCbuA+2CZH7UgI90ETPe3esOViv8XHVdNletaU2qBpGZexYGD7mFg
+pHZoBK1JKEV+AudQAe2yN3Y/a553YsqOd+RN0VPNYSa1mxmxtBu0DcKGYW8ZLna+
+T+c5a5SUcrp3S8O0KuvrLkwP2/RFvRxIyWGwfdadwy1jVBirlrltCW7DIzpoDYA1
+mdFfo/PwaWoJh0jJnURBVbdTzEAKz1t5t0pfo0t9zWWpKexHgZJsDuqHMu7I/OhP
+tSaGkD11n5kYLupniDxHV5CAf79FwwQUUXqO7bbGADLQIBJ2Akc9FcQ6MpUhzmlB
+BzSHpFIIfvRy0YRMywSsEpNIVWKA7o555zxj51H6BYA6YMmAHy9jKbPxNZlFIXWV
+FAZencsRsFQ13JDZZrksYUjx5h+n9/WRe5RgxlYZABEBAAGJAj0EGAEKACcDGyAE
+FiEEWjveSbmmCv9C4I9dUC0zMy6eMF0FAmdNuQEFCQPQ8WMACgkQUC0zMy6eMF2N
+sw//ez/G9hXhgUW1AjJ9FnpFnPyZlg5/xp9wE6PXFt4tzrQKaz/9YgjBvlgeEf7e
+hGgNl7nxwQl8fFzbUdHho0k0kdOL5z/5lxlnio+YxTIBTjlG8jsDzgyB2KvweDWY
+Lg3n6ltfdq+INXjqET1TSJIpSJt1iCjStQDhJX/teCHYGsDFuHho2KGM/jpkUXav
+4y+c1tRCJ+VWxJA5mAdXZ878a++XlxiOwIJQMyWWPgWr7CKdHkkUq15V+U7XhjGJ
+4+y5boK+33UoPhCmhjxKv/kzuxncRAaCtOKs/o757flFVItm5C8TqQe1X9ZMsp3C
+M4JuNUIv95eo2IgyqxLh2rFUsDc7hZOMGvr+gDrdXAp1WfvKpSgmPPrLsQLs+PF8
+F4a2Ji3GVQTqxpTYEFAQFf8rYPE0NsrhGWUJ9dzNlDbl1BvVCkDHWPeFtPgz8nM1
+2lsbbAdl+RZu1lSQLMbE5iBlOZxra2r2FLLQ/1ywKtewM5Jwm+nXM+pQi8XQeM+R
+8IEAaRCnXP+Yd8M7dEPmYM2c76BxrplyS2k9po/1jMi9BjpX+31etSO4JBPu+gAc
+TX9drjnE3DTlP+2GzUStbCs9IEPg4b4Z/wuzo1QknxTnDONQiF/8nRLCMk8/Uah6
+avHN0foz5iZ8ICC8NKfw4YDrh/kAKLEGSB99VLONraX+kD0=
+=cNnu
 -----END PGP PUBLIC KEY BLOCK-----

global/overlay/etc/hiera/data/common.yaml

@@ -0,0 +1,85 @@
+---
+nrpe_clients:
+   - 127.0.0.1            # localhost
+   - 127.0.1.1            # localhost
+   - 172.16.0.0/12        # docker containers
+   - 109.105.111.111      # nagiosxi.nordu.net
+   - 2001:948:4:6::111    # nagiosxi.nordu.net
+   - 89.47.184.128        # watcher.sunet.se
+   - 2001:6b0:5a:4020::8e # watcher.sunet.se
+   - 89.46.21.190         # internal-sto4-prod-monitor-1.rut.sunet.se
+   - 2001:6b0:6c::37f     # internal-sto4-prod-monitor-1.rut.sunet.se
+
+syslog_servers:
+   - syslog.sunet.se:514
+
+mgmt_addresses:
+    - 130.242.125.68    # hoppjerka.sunet.se
+    - 2001:6b0:8:4::68  # hoppjerka.sunet.se
+    - 130.242.121.73    # joppherka.sunet.se
+    - 2001:6b0:7:6::73  # joppherka.sunet.se
+
+# Database of SSH keys. Presence of a key in this database does NOT mean it gets
+# installed anywhere. Real ACLs refer to keys in this database.
+sunet_ssh_keys:
+
+  'mariah+CA747E57':
+    name   : 'mariah+CA747E57@nordu.net'
+    key    : 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDLQfL3uYsqjzkKOxn9nhjDHeWdWQ5SRwcPzq7gINcwJ7omA5c7wJ4RKDqBPihJ9tp2rgM6DKKGxtSyjO6LFhkGNa86uub2PLS0ar+aRobPZ6sOeASqHbO3S1mmvZZWTQ30AFjtY98jjlvfKEI5Xu1+UKyQJqK+/UBVKlPaW6GMSYLr9Z5Uu4XS/sBPdL/ZtR95zDO9OKY8OtTufQi8Zy3pl4Q3xcOsSLZrKiEKMYDCLPlxytHD8FDDYLsgiuPlbF8/uVYYrt/LHHMkD552xC+EjA7Qde1jDU6iHTpttn7j/3FKoxvM8BXUG+QpbqGUESjAlAz/PMNCUZ0kVYh9eeXr'
+
+  'pahol+93F77273':
+    name  : 'pahol+93F77273@sunet.se'
+    key   : 'AAAAB3NzaC1yc2EAAAADAQABAAACAQC1jt8vKEVSX7VjUPRNNKBS9oTldnT3IaZ1Xh8moGKX2ezaoQnuLaaKOkKHMPVYpwJNJcLtOP3btSNYC0e61aHmEO2MimSRvskSsd3foP5wDg9f4Bel0XZla+SdNjHM/FK6MndM5GppYpgAMhVf+6xU9x9OVTcd4jCFKB7o+3YlpRNSS3kUDJcMUPJ41qAg37CQyYCV02M581vYsCe/8qYEeihdLnEXBDiYqZ8CU4BdML83/xv7pqsSs0ZUknul2IcIwpElKMpkb3dYJcKaAac2WyEDAwtFywEPJLGoHuaEmhD421F9YhVZDmGB9r6yGdTlF5MYUFhpHyB9IdNm8Vv8tWjI8qAor19Y27H6kNPmnUx5ZEPOHuBtlldpyXZhixssutPb9+0D0xKzzvR6aOgXsAtpUnqi9WxF3OFZmR6fIk4d0I4nezauX4fnlwrlNyQ7hWAvRDhYNei8ixpsMrp+0pcq987GpXe+KTGSeS4Fd8aXBl/iu6ZGPBQ6zNNwEfuDhVOJGO3mf3MDlIlBPctRyZleYApaDqNXF+bm4bkTSPmFxBSfuPQI34ZEMmXpXuFS0mL6gxwgIL/0VuU9Bqj+tqGmMSi6jtaQCrTDc78+GMmupj3jl3s5FYRcTdASkrSf2RNLm9f96hcwLp8ail3UTmSvVZ4I5QXMbwe4YWVcUw=='
+
+  'jonas-6CB01A0F':
+    name   : 'jonas-6CB01A0F@nordu.net'
+    key    : 'AAAAB3NzaC1yc2EAAAADAQABAAACAQDvuL8XCorTZ1VP5cgbcdN5gNumnZ8RkrS8Hs5b0QKLRwwBNFsl98xMKxzQfBYR610vMnW30iDt3dRnqhfp75yakvt5fvrnk11gSwGoEOeBr5T7jgnJQK/kBIikXfpqsvH/40cSkX3Lx86VzDps/8j5sVYmgWiRk7BKG2/aSVY22RdPliITy2N60BUdZE3blz/I2bpJ1gDzAlJJk/xYHluou7mUuEEMT681hhAC+D32ofTAFSUtvP2PfsOTJxfJ2Iy22cRpR5aA5OCImEmBim4T1vAJUn6xSbeGI4RDHURYveLUT46gE5diWDTmdRKp8P7IpEYhJ1QQtdbsjnt9N6xJUI9ZcujD7yH1Drt0mJH23UhmNtliPeC8nO+58iM9MIgvnqw01wmWG5YnOBJVFWPC90LNGwm29Y6kjxDyVmDXglyx5mBymiEt8l2twi8xVbv6rKAUCUxHpcdsThvyZ75YWpAj0Rpvm5+y76xKqqJ8tK8YUUlD/g/L8gGYsg9GcHdxkUHNF+NMkbzbARM11eALYFdRCM7Kzgf49xMtOcs4s1IcM6u1YX51FvdyWlHHmDTGazz6k/AnF4jqdD4+SBdo7BPdh+FTfNbA1AtOyV1YNLCFrhnSBoUgt+IJ4LZFiRuyak1uxM8zdz5iikzEY+ClEe0GolmG7qtY12DVPy+b+w=='
+# swamidops
+
+  'bjorn+8E2DA8EB05F646D7':
+    name  : 'bjorn+8E2DA8EB05F646D7'
+    key   : 'AAAAB3NzaC1yc2EAAAADAQABAAACAQDO1nktCA7fWcbmXAlcSEAeAxqlo2bobQblqqhvbjzmDfZdvhUYRXNjc2R4GjAU60yB/qqODE2km1z2xcIojlT/uHIXPx7jkSXvDZQFVDWplGiWKbOZS/apvva2vHBtfDBPSQnDSxr3sINAqehG58gL1coP95uWXodXSfv+BzGqQfYomlqU9f5qjXT2vFA+0XzoGTT9yG2utD3uhYd1k9EN+ED6NCXyCsUoihtEI8M8fF0Sps/QYpdyR34yP98lL+8DwZCtq0eQRMhF6mTcRcTDFdYdgS8jL+lSbw9DaPrWhGll0ie/Xk/v9RC+d3FGE6av0e8YDboNlduwy2iUbA1w1ll/VUOmXy6gudIZ91Edl+sOOyDVfLY3+Dz+RnmoSuCoWyJ00KovBIfgDOUDKe0QMHyVZ9ccMMihTUMUfJ7kYQ9EuidBLsy9GO+ar7FFPHYyVKiWYoxFBafAtIVDM79v9KvQeF2PAfuhSM3yIXeSb+8cp2ANVLX5dncoMPEgdfFRVie5HMwMct+BFwkyIuQ8++kCInGxbM5X1B3uhYTlkYyT3eAR3jHiwZoiBssCPXtmkXjJ0CFB1BcBlGSZktFoBRstGlEb/nEpTH/71JdA60a1eNwbhslNpAWfi3Jco3QPKBoRdwbeIsmDrK1hpJZG9Ke/jZxr3WSv39tu0l4JAw== cardno:000610116759'
+
+  'mifr+1467F9D69135C236':
+    name  : 'mifr+1467F9D69135C236'
+    key   : 'AAAAB3NzaC1yc2EAAAADAQABAAACAQCa/UyPWvjUCugWLJ+esCcZKKj60nvjKjrFZl7HnMZ0iQcn1nJ6gDJwcJ3VP14oeBpNREP7F/UZJDswI7WdmguZzGly1mRvMIOalwMkF3OOjJPRd+qZtetiPzBRmjg6THTwmWEvstqpikv4HcJ0EIKnG/vVjJFizzM6B0kkGKSy9HdtQTGYvyxhl5c6JngpCQfbF6EbiNbF5x502grr/9gFcNcscKc0mwTJnraIn9/tUcJqj08AHveb7U+E69t6WY98NlKbQEF5zn4xhn+SKW2Kb43FwAT7b8cO6AlWEEYSMStGcqubgPeOSZakwq6k+v6qmie8YvrK1JJLfPDpXQ5GgB+CjBLtCTwdJDkRMho7z8afhXNlFUaC/QPuRQBmzK77t1bJJBRjmK6rbcP82k1dObEvqDj5Dau+4OHXhYnUVARG8lgi7fK60Su+SEpn2b5K1wMsou8E21CTtykevtGaYNsTYGkBxHNIUSNYwxtiv6zfKcKfpENUf4PM07KaMJ0gEIbh3LzdDo229pJYRX6tGMLTCTxcYGIIv+Qm1OKm61r4SpExSgD3k9BH5MUcbkSXpwjjnn0xlz22H0alu+DjYE4I6ax5gkN2c6zERY+KE1m9uzSb9xr+cuJeEGRew8fIuI1ENbZV3ImEdwB6IeePnDll/C2Z8cTsPNmGSBHC8w== cardno:23 741 321'
+
+  'jocar':
+     key    : 'AAAAB3NzaC1yc2EAAAADAQABAAACAQDNkmMZWjsa2oZfIsK+8wO0w8MgMa1aWUOZXahgj7Jg+CBSxY3eXNa8BRoT9gvHEWSdT9N6AIY0IxCiDs0KZmB4CV/k532cMAs5q22T9U1jLEP8FA6zXVoyEGvhY/v5aRpoCOEwZpHCRp04xEiEtw4ymXA0JnI6/2Yp+m2wdhkyYBjrv/xCeoeIhjtMHaVQlMwl/LLSRaaD3YRc9g8WmnntZpsz2BIDMGLhI8QF/reF+l8BFNAyHQbuFhkfQgmNra3KsAqNIwV2bMZRje+TnTzeERjGxeM/kOhYBEulVdfxUOVFE3pDzTG1U8srVdic49+PlfhoFJRLNo+TATkXbJuHKCJA4kjDv7Fw32Y7d6prEahqH/8VdAsjmv2a66BABj/5Yl/pp6mDCA+Xy667Asgk6qKKH5NAeqHSQx7s6+TgitXUMZn6/Se6+l1Wd43iVK+N58xK2MMA8lANaSYddTJ4k8wFEFdYjjaxGqPOEE2ztKFAZTp5nBi8jRxLZ1mfLXZxru8HPVmCSPxx+/4bZe3zyMPHGqb8fEc/nuNkdnogo4opXX2w64mAiFJZftWQ+k5VigT1l9DUN0I7wO7pRI08So8W8/biUmoao+0DgI3kXW9PClEcz0QcbvOCQeVlNE2UowCmiKZ/Otgm3VTGy9ykI7iYbw+5UZs4Z0Ap++dHAQ=='
+     name   : 'jocar@sunet.se'
+
+  'rila':
+     key    : 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDTrVaOJpJ+VtonLhQ25oMB3rZL/vutNbDoj9uNAhrJ2lPaXS2dg2fJWi2IzXUZWwKrwSs0FqBr+qesGcGZnOCjZlKXHJmsuORWyX7VbC304xHPqbpm4wTqwE48lB2TpphLldV8Hp/ok1BesEGROfFqE9aAl0JKg2jFVqnvPV9unXLJdfz0z+TxXF6qvg2qDpvGLo9r+DFvHSaptHfFGNqr1Z3hziXyA63z6/4X69Uv+1nscnEHK7oW9VVjAMKO8yI9JVXsK7aqLt8uU7NxOGw61Uw2HaA3Niv4D9888SQ7U2xRdOtQoj5x8ME0KeBz4xrKUBCO04fGL0ypcexm2GE1'
+     name   : 'richard.lagerstrom@vr.se'
+
+  'thorslund':
+     key    : 'AAAAB3NzaC1yc2EAAAADAQABAAACAQCWiojMhkPGOG9/7AxTiB+cWv0QI7SZRmRTPl+vvYTk1iLt8StJJVZ6MJzNZEbAqfwthbRJMhUoMHbLV7Lxho4utZHOeNwQp8RFrPoOhAkAvN+tZ+pitnPqiulJjoms3+uaO23JJOWn0c2UyO98XcbYKVMYaWRKz8W4xeuFy6dZupPP+u8MAskRqW5zNFrbyqsPLIYrqnTByiibEV9LP3gUBqwupqbEGPJ2DbofQEfkdKb7eiOns48tw3jCjAP+Xhc9/jFAc/wDDlvC8gm7gPtgmR+1ICPdBEz3t3rDlYr/Fx1XTZXrWlNqgaRmXsWBg+5hYKR2aAStSShFfgLnUAHtsjd2P2ued2LKjnfkTdFTzWEmtZsZsbQbtA3ChmFvGS52vk/nOWuUlHK6d0vDtCrr6y5MD9v0Rb0cSMlhsH3WncMtY1QYq5a5bQluwyM6aA2ANZnRX6Pz8GlqCYdIyZ1EQVW3U8xACs9bebdKX6NLfc1lqSnsR4GSbA7qhzLuyPzoT7UmhpA9dZ+ZGC7qZ4g8R1eQgH+/RcMEFFF6ju22xgAy0CASdgJHPRXEOjKVIc5pQQc0h6RSCH70ctGETMsErBKTSFVigO6Oeec8Y+dR+gWAOmDJgB8vYymz8TWZRSF1lRQGXp3LEbBUNdyQ2Wa5LGFI8eYfp/f1kXuUYMZWGQ=='
+     name   : 'thorslund@sunet.se'
+
+  'mikand-FF8440B9':
+    name   : 'mikand-FF8440B9@sunet.se'
+    key    : 'AAAAB3NzaC1yc2EAAAADAQABAAACAQC3CRClTUJs8UlyAAj4nKPwYi+mWeUMpUJXk938+tTlEPSlN91NR5yc5i0HEi/Zaa+WP4QT5FgzNMjvmb2v7vV0JAvtCsEPc4Of93aBGSNwVz3xewwSFtS3eDOUe3Jiok9CMFvjRjDDwasC34qa5yy1hGNs4cUMkmiPozFf0enhCLbuwpxeikeRrgWMKZz5v3lkC3ymohW9vL8RgSymUCntp2O3Mi8RPClZSg5nepiYtowRoyXgOgoOmnQwq2oTl37I5NfR0OmBBXYPML4dLuoD3h2VpYLZPrXnYnLE+CjouAmAIJo2sSJL+9ktTOZ/qVapuWrPOZ3kd6TCPJ7P/ncAr1/65ThVbK6hWXb449k1JbCxO3bw9pEQxjt6NT8n3crdPMHr0NPSY3U7+X/xZlbhEPu1KGshwtCY5Mow1L3lG+nwmud7AAPGa1GgdZpoZ72Sq6rWgQG/nQT5a5Tz5Q8zz6PPssP0lTDy37Bsa4r0hYccfqvi6TeblBL+g+ZZvlzL85vVW9hBMVjQw8CQUltl/ypATzhh3QEbmoVlTse4kDpODnQvQmcGrN2CCUSKcevs4U65YSJWOFl8CHbDdiR6L4trugIxW5SKxrg3W9xNbxdL5uDOHTKvQudkTkm1HKKJHtCFLWGHJcrczMm6zh64dIgKnNGvkRquH8HP9wp2nQ=='
+
+  'acrn':
+    name    : 'acrn'
+    key     : 'AAAAB3NzaC1yc2EAAAADAQABAAACAQCt6iuXs5y2M4dyRSUqezL1fu95aO4nA1FOMX0fLXAw/S0NAgimWbd8TlQLebCeiTt/NevU+eaGjLLeTkONQ+h+NiZ3fIgh+onTBWFUw/MXqj/gaZ0d+0U5gcIDohaw0ixCAy1RCR1Iv32wkzqICQtIdNuQ9AhUp0YWkJdbadzbHxZVMlxcxJ4ribjHPwWbs47aIArahJ6j3TNwyScRmRzSlpYXIMckj3+wnWBOu1sHNSLZpCydFE6xkK67icuDPL4tYk8mC6ZhTZGyhw5LUdIEUIMWXdPiCzYiOQiT19Q9G6MUOxqom5g+Vl3mBSq+nuG8WEPhCkqBv209hsg2c/jRgAGeIETrsp0zBEf9zwaaiXD6sozLYjAnLwi5ikIcdhkle9SjeXkZtyDJIURG8seJ0JXnBER0p7XPXLbqLDXQgD16TtYO8nO7qfl6QskcKYrDDeg9hmdMban6Tu9A5CtlTMV1iZBuBgkuADl6skqhfK6SjoPEo4qUGyd1K91d+gyPbO40WIUDV9skMOZYj9KhR4px7WeCRwxU//x9bnQkX7oL5HT6loka2rQh8RXFKguUb1kJi2x6DNydZLxOBwaou/SEGMC9519O1gMQPv3a21MPTalb+kYGoCrfZ43rroX9nkk9steQaZMZrhw1tJq95VkaLmLC8ZtiukFCRK1l2w=='
+
+
+sunetops_ssh_keys:
+  'root':
+    - 'mariah+CA747E57'
+    - 'jonas-6CB01A0F'
+    - 'pahol+93F77273'
+
+rutops_ssh_keys:
+  'root':
+    - 'bjorn+8E2DA8EB05F646D7'
+    - 'mifr+1467F9D69135C236'
+    - 'jocar'
+    - 'rila'
+    - 'thorslund'
+    - 'mikand-FF8440B9'
+    - 'acrn'
+
+cosmos_fleetlock_config:
+  fleetlock_group: 'rut-prod'

global/overlay/etc/puppet/cosmos-rules.yaml

@@ -1,3 +1,94 @@
 # Note that the matching is done with re.match()
-'^ns[0-9]?.mnt.se$':
-   nameserver:
+.+:
+  sunet::server:
+    unattended_upgrades: true
+    install_scriptherder: true
+  rut:
+  sunet::nagios::nrpe:
+    checks:
+      - nrpe_check_memory
+      - nrpe_check_entropy
+      - nrpe_check_ntp_time
+      - nrpe_check_scriptherder
+      - nrpe_check_apt
+      - nrpe_check_dynamic_disk
+      - nrpe_check_users
+      - nrpe_check_uptime
+      - nrpe_check_reboot
+      - nrpe_check_load
+      - nrpe_check_zombie_procs
+      - nrpe_check_total_procs_lax
+
+'^internal-sto4-prod-k8sc-[0-9].rut.sunet.se$':
+  rut::infra_ca_rp:
+  rut::controller_nrpe:
+  sunet::microk8s::node: 
+    channel: 1.31/stable
+    drain_reboot_cron: true
+  sunet::frontend::register_sites:
+    sites:
+      kubeprod.rut.sunet.se:
+        frontends:
+        - sthb-lb-1.sunet.se
+        - tug-lb-1.sunet.se
+        port: '443'
+  sunet::otel::alloy:
+    otel_receiver: monitor-prod.rut.sunet.se
+  sunet::fleetlock_client:
+
+'^internal-sto4-prod-k8sw-[0-9].rut.sunet.se$':
+  rut::infra_ca_rp:
+  sunet::microk8s::node: 
+    channel: 1.31/stable
+    drain_reboot_cron: true
+  sunet::otel::alloy:
+    otel_receiver: monitor-prod.rut.sunet.se
+  sunet::fleetlock_client:
+
+'^internal-sto4-prod-monitor-[0-9].rut.sunet.se$':
+  sunet::dockerhost2:
+  rut::rut_mon:
+  sunet::naemon_monitor:
+    domain: monitor-prod.rut.sunet.se
+    naemon_tag: latest
+    thruk_tag: latest
+    histou_tag: latest
+    nagflux_tag: latest
+    loki_tag: latest
+    grafana_tag: latest
+    receive_otel: true
+    resolvers:
+      - 89.46.20.75
+      - 89.46.21.29
+      - 89.32.32.32
+    thruk_admins:
+      - thorslund@sunet.se
+      - mariah@sunet.se
+      - jonas@sunet.se
+      - pahol@sunet.se
+    thruk_users:
+      - mifr@sunet.se
+      - riwe@vr.se
+      - jofl@vr.se 
+      - guce@vr.se
+      - joma@vr.se
+      - RILA@vr.se
+    nrpe_group: rut
+    thruk_extra_volumes:
+      - /opt/naemon_monitor/shibboleth2.xml:/etc/shibboleth/shibboleth2.xml
+      - /opt/naemon_monitor/satosa.xml:/etc/shibboleth/satosa.xml
+      - /opt/naemon_monitor/attribute-policy.xml:/etc/shibboleth/attribute-policy.xml
+internal-sto4-prod-satosa-1.rut.sunet.se:
+  sunet::dockerhost2:
+  sunet::satosa:
+    satosa_tag: 8.4.0
+    dehydrated_name: idp-proxy-prod.rut.sunet.se
+
+'^internal-sto4-prod-k8spg-[0-9].rut.sunet.se$':
+  rut::infra_ca_rp:
+  sunet::microk8s::node: 
+    channel: 1.31/stable
+    drain_reboot_cron: true
+  sunet::otel::alloy:
+    otel_receiver: monitor-prod.rut.sunet.se
+  sunet::fleetlock_client:

global/overlay/etc/puppet/manifests/cosmos-site.pp

@@ -20,7 +20,9 @@ Exec {
 node default {
 
 }
-
+class infra_ca_rp {
+   sunet::ici_ca::rp { 'infra': }
+}
 # edit and uncomment to manage ssh root keys in a simple way
 
 #class { 'cosmos::access':

global/overlay/etc/puppet/modules/rut/manifests/controller_nrpe.pp

@@ -0,0 +1,17 @@
+class rut::controller_nrpe {
+    sunet::nagios::nrpe_command {'check_rut_pods':
+      command_line => '/usr/lib/nagios/plugins/check_rut_pods.sh'
+    }
+
+    file { "/usr/lib/nagios/plugins/check_rut_pods.sh":
+       ensure  => "file",
+       content => template("rut/check_rut_pods.sh.erb"),
+       mode    => '0755',
+    }
+
+    user { 'nagios':
+      ensure     => present,
+      groups     => ['microk8s'],
+      membership => minimum,
+    }
+}

global/overlay/etc/puppet/modules/rut/manifests/infra_ca_rp.pp

@@ -0,0 +1,4 @@
+# Everything is awesome!
+class rut::infra_ca_rp {
+   sunet::ici_ca::rp { 'infra': }
+}

global/overlay/etc/puppet/modules/rut/manifests/init.pp

@@ -0,0 +1,15 @@
+class rut {
+  include sunet::motd
+
+  sunet::ssh_keys { 'rutops':
+    config => safe_hiera('rutops_ssh_keys', {})
+  }
+
+  sunet::ssh_keys { 'sunetops':
+    config => safe_hiera('sunetops_ssh_keys', {})
+  }
+
+  include sunet::rsyslog
+  include sunet::nagios::nrpe
+}
+

global/overlay/etc/puppet/modules/rut/manifests/rut_mon.pp

@@ -0,0 +1,7 @@
+class rut::rut_mon {
+    nagioscfg::service {'check_rut_pods':
+    host_name      => ['internal-sto4-prod-k8sc-0.rut.sunet.se', 'internal-sto4-prod-k8sc-1.rut.sunet.se', 'internal-sto4-prod-k8sc-2.rut.sunet.se'],
+    check_command  => 'check_nrpe!check_rut_pods',
+    description    => 'Microk8s cluster health',
+    }
+}

global/overlay/etc/puppet/modules/rut/templates/check_rut_pods.sh.erb

@@ -0,0 +1,69 @@
+#!/bin/bash
+# This file is managed by puppet.
+
+STATUS=$(/snap/bin/kubectl get events --all-namespaces -o json)
+
+# number warnings required to make critical status (any warning makes warning and any critical makes critical)
+critical_warning_num_threshold=3
+
+num_warnings=$(echo "$STATUS" | jq '[.items[] | select(.type == "Warning")] | length')
+num_normal=$(echo "$STATUS" | jq '[.items[] | select(.type == "Normal")] | length')
+num_critical=$(echo "$STATUS" | jq '[.items[] | select(.type == "Critical")] | length')
+
+function print_info {
+#	echo "$msg: Criticals: $num_critical", "Warnings: $num_warnings"
+	output="$msg - "
+
+	if [[ $num_critical -gt 0 ]]; then
+	    output+="Criticals: $num_critical "
+	fi
+
+	if [[ $num_warnings -gt 0 ]]; then
+	    [[ $num_critical -gt 0 ]] && output+=", "  # Add a comma if both exist
+	    output+="Warnings: $num_warnings "
+	fi
+
+	echo "$output"
+	if [[ "$num_critical" -gt 0 ]]; then
+	    echo "----------------------------------------"
+	    echo "$STATUS" | jq -r '
+	        .items[] | select(.type == "Critical") |
+	        "Host: " + .source.host +
+	        "\nType: " + .type +
+		"\nPod: " + .involvedObject.name +
+	        "\nMessage: " + .message +
+	        "\n----------------------------------------"
+	    '
+	fi
+
+
+	if [[ "$num_warnings" -gt 0 ]]; then
+	    echo "----------------------------------------"
+	    echo "$STATUS" | jq -r '
+	        .items[] | select(.type == "Warning") |
+	        "Host: " + .source.host +
+	        "\nType: " + .type +
+		"\nPod: " + .involvedObject.name +
+	        "\nMessage: " + .message +
+	        "\n----------------------------------------"
+	    '
+	fi
+
+	echo "run \"kubectl get events --all-namespaces\" on $HOSTNAME to get more info"
+	}
+
+if [[ "$num_critical" -gt 0 || "$num_warnings" -ge "$critical_warning_num_threshold" ]]; then
+	msg="CRITICAL"
+	print_info
+	exit 2
+	fi
+
+if [[ "$num_warnings" -gt 0 ]]; then
+	msg="WARNING"
+	print_info
+	exit 1
+	fi
+
+msg="OK"
+print_info
+exit 0

global/overlay/etc/puppet/setup_cosmos_modules

@@ -0,0 +1,161 @@
+#!/usr/bin/env python3
+""" Write out a puppet cosmos-modules.conf """
+
+import hashlib
+import os
+import os.path
+import socket
+import sys
+
+try:
+    from configobj import ConfigObj
+
+    os_info = ConfigObj("/etc/os-release")
+except (IOError, ModuleNotFoundError):
+    os_info = None
+
+try:
+    fqdn = socket.getfqdn()
+    hostname = socket.gethostname()
+except OSError:
+    host_info = None
+else:
+
+    domainname = '.'.join([x for x in fqdn.split('.')[:1]])
+    hostname = fqdn.split('.')[0]
+    instance, location, environment, function, number = hostname.split('-')
+    service = fqdn.split('.')[1]
+
+    host_info = {
+        "domainname": domainname,
+        "environment": environment,
+        "fqdn": fqdn,
+        "function": function,
+        "hostname": hostname,
+        "instance": instance,
+        "location": location,
+        "number": number,
+    }
+
+
+def get_file_hash(modulesfile):
+    """
+    Based on https://github.com/python/cpython/pull/31930: should use
+    hashlib.file_digest() but it is only available in python 3.11
+    """
+    try:
+        with open(modulesfile, "rb") as fileobj:
+            digestobj = hashlib.sha256()
+            _bufsize = 2**18
+            buf = bytearray(_bufsize)  # Reusable buffer to reduce allocations.
+            view = memoryview(buf)
+            while True:
+                size = fileobj.readinto(buf)
+                if size == 0:
+                    break  # EOF
+                digestobj.update(view[:size])
+    except FileNotFoundError:
+        return ""
+
+    return digestobj.hexdigest()
+
+
+def get_list_hash(file_lines):
+    """Get hash of list contents"""
+
+    file_lines_hash = hashlib.sha256()
+    for line in file_lines:
+        file_lines_hash.update(line)
+
+    return file_lines_hash.hexdigest()
+
+
+def create_file_content(modules):
+    """
+    Write out the expected file contents to a list so we can check the
+    expected checksum before writing anything
+    """
+    file_lines = []
+    file_lines.append("# Generated by {}\n".format(  # pylint: disable=consider-using-f-string
+        os.path.basename(sys.argv[0])).encode("utf-8"))
+    for key in modules:
+        file_lines.append("{0:11} {1} {2} {3}\n".format(  # pylint: disable=consider-using-f-string
+            key,
+            modules[key]["repo"],
+            modules[key]["upgrade"],
+            modules[key]["tag"],
+        ).encode("utf-8"))
+
+    return file_lines
+
+
+def main():
+    """Starting point of the program"""
+
+    modulesfile: str = "/etc/puppet/cosmos-modules.conf"
+    modulesfile_tmp: str = modulesfile + ".tmp"
+
+    modules: dict = {
+        "apparmor": {
+            "repo": "https://github.com/SUNET/puppet-apparmor.git",
+            "upgrade": "yes",
+            "tag": "sunet-2*",
+        },
+        "bastion": {
+            "repo": "https://github.com/SUNET/puppet-bastion.git",
+            "upgrade": "yes",
+            "tag": "sunet-2*",
+        },
+        "nagioscfg": {
+            "repo": "https://github.com/SUNET/puppet-nagioscfg.git",
+            "upgrade": "yes",
+            "tag": "sunet-2*",
+        },
+        "sunet": {
+            "repo": "https://github.com/SUNET/puppet-sunet.git",
+            "upgrade": "yes",
+            "tag": "stable-2*",
+        },
+        "ufw": {
+            "repo": "https://github.com/SUNET/puppet-module-ufw.git",
+            "upgrade": "yes",
+           "tag": "sunet-2*",
+        },
+    }
+
+    # When/if we want we can do stuff to modules here
+#    if host_info:
+#       if host_info["fqdn"] == "internal-sto4-prod-k8sc-1.rut.sunet.se":
+#           modules["sunet"]["tag"] = "drainreboot*" 
+#
+    # if host_info:
+    #     if host_info["environment"] == "test":
+    #         modules["sunet"]["tag"] = "kano-mail-2*" 
+    # if os_info:
+    #     if os_info["ID"] == "debian" and os_info["VERSION_ID"] == "12":
+    #         modules["augeas"]["repo"] = "https://github.com/SUNET/puppetlabs-augeas_core"
+    # Build list of expected file content
+    file_lines = create_file_content(modules)
+
+    # Get hash of the list
+    list_hash = get_list_hash(file_lines)
+
+    # Get hash of the existing file on disk
+    file_hash = get_file_hash(modulesfile)
+
+    # Update the file if necessary
+    if list_hash != file_hash:
+        # Since we are reading the file with 'rb' when computing our hash use 'wb' when
+        # writing so we dont end up creating a file that does not match the
+        # expected hash
+        with open(modulesfile_tmp, "wb") as fileobj:
+            for line in file_lines:
+                fileobj.write(line)
+
+        # Rename it in place so the update is atomic for anything else trying to
+        # read the file
+        os.rename(modulesfile_tmp, modulesfile)
+
+
+if __name__ == "__main__":
+    main()

internal-sto4-prod-k8sc-0.rut.sunet.se/README

@@ -0,0 +1,3 @@
+
+The system documentation is in the docs directory of the multiverse repository.
+

internal-sto4-prod-k8sc-0.rut.sunet.se/overlay/etc/hiera/data/local.eyaml

@@ -0,0 +1,12 @@
+---
+
+microk8s_secrets:
+  kube-system:
+    cloud-config:
+      - key: cloud.conf
+        value: ENC[PKCS7,MIID3gYJKoZIhvcNAQcDoIIDzzCCA8sCAQAxggKSMIICjgIBADB2MF4xCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxLzAtBgNVBAMMJmludGVybmFsLXN0bzQtcHJvZC1rOHNjLTAucnV0LnN1bmV0LnNlAhQ+9WXJlyBiLyPV1Qwt5m2sao34yjANBgkqhkiG9w0BAQEFAASCAgCV2iul8s141kgxIkcG1vLFoMtOmBITZ9DsOHYb8V/vonx0wrPXHLjwdqj5qUcUACguAe0XRYHYHKf/IGF+1YyZgsvCHaKRHWxIb767Z8HziCvkeQ5aphPoQsIHDePRIT/oBpxsksXiWi13333AdXmnig/V7mpidUBT9f7wAA27qC2EMXotMKo84g2v1lzEjwbR8PjMVwscbBr/5Nh6nh4q9u/3x3QN1gIm/6kLurQqyCAXj1zTtIU9+5uOG9rlfuCYfVl3LRwe7Eh8NI1gKNLhU2QdHdmc6vjKY0WtMy5kB2ZIigndQ9akoZAbBIApVX+HXV1f0aWo/mY+zKyoCZSPIZZx9O3u1nZTbDm/P4JyOkUTgQxFJSDCDlODiqz4RDvCFNjwqwjT7bKvE1WTfmVDXScssj4ifnhGAbEYLu+O2gaiBgAaG4TmoBF/jxVDDGeD8cw3pqDankKT1sWHKAAr+DgkcvuK9VuMZLf1crUENgTJ1WLJsqZ1xhPZoymh613xYJ8Idnqkv+Mq3fOIzTneRUUUa5Xb4Br+Kw4DFI60GX/kujwC4Lk22a68qRxGC+uNt0kQaE7I4WeOPUYyZ7qMgoq8r0bgR869GCseaNlsS5vcGffFkZFoPHrpL2EQaFbyInbC/cCWD0wzEjqpbAWUK4DqsWaoo5EPUB9RTVF0dDCCAS4GCSqGSIb3DQEHATAdBglghkgBZQMEASoEEJW7oad/DamiCNvkPTOxWQ2AggEAbhULabbzJ8mRxl7ZwUCRHRoDzRpYGSdXatXzP3yPY6p4/1XGUcl7p1MPonjnWAEOknkI2OI3yvtnFmO3z44MgbeQ+LP3KSteZ+97zFcTu1aZyvq2gxvJTMHM3K7gaswwOC9IY2x7Igtb8iU4zUDUtnA8Szq2SoHFcjz7fpKEZPMtrTp5fh69n2mOqJdp4QhKbM66yMOgjKIP+3AXOKNT91l+Qdy+1QddVCYTfuE2vQvruACudcIn54q6pYeoTaUgKYcTfmY4yAUqwYaTLWJXXAizaAl2OZTZlEhWlwN/3/H51ZW78Ofrop4WUqQIM/wl2x0os2SIvZIPQAGjeKjD6Q==]
+
+fleetlock_config:
+  rut-prod:
+    server: "https://fl-prod.knubbis.sunet.se"
+    password: ENC[PKCS7,MIIC6gYJKoZIhvcNAQcDoIIC2zCCAtcCAQAxggKSMIICjgIBADB2MF4xCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxLzAtBgNVBAMMJmludGVybmFsLXN0bzQtcHJvZC1rOHNjLTAucnV0LnN1bmV0LnNlAhQ+9WXJlyBiLyPV1Qwt5m2sao34yjANBgkqhkiG9w0BAQEFAASCAgCmWSihrXJIoejTwGnTzl4TZNgtcwNnD6KYfhSPrwRAu3dPdClBaJIYODwqnnul5XuOUWYsAxQJ15l6dBJopoEsecL5a+wbtXgnaewPct0WTDciOBH9c9UM5wQMyfeIvH8Ir90yO50IAgg9UzzB1evsp9UjYewJflJHgOY6fp7Gz61PY1MTcDdnqmU3yLN7W/rfXpPtX7wM9b3MpCuPOLbYOMSB5mvpVPaMh7xnDzF3K8NQCY0AD0EvRFvc/2DtUWKOiZ8VcxfU/86AndN4vaEKQAmvP9ugODCWjLHXdH/xSpLNyxd+7uJ18gmTzyAR3I8RNnYhB0WsQXjxxrz9SiBR8HCIrqgrUU9ELOGk3prHmBXKaJ6QnksdHtFQ5nUNOTEhDkZwMMGsn9jSeZB1v0SmhcKM1SB/uJopbb2DgrlpfWluxPEyz2xzR+8AWQTjaiU7lN0XwVkh+NiUFU6GU1WKj/9FaA1jSVECZWf11nPzHmIZ5Pm30wgyzlqdQ+b0pa3qUtej6kZlbYzO4dOTWlrm21BW8q+4dB1L9Agu4jiwZ2Ru9x0xyXTx2Ph/M3iX1Ig6n2nbsPmV+GJ3eJOED1oVKSxGPwiEC3f+EpeCBaImG8CgJFV3ZoknNVI8SGyuy5C31Te+I8N1bipj6Os6fL5bzWdMybmqczwXWfjfw92kyjA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCw3uSGsGxPLwRdjqYSdZ/sgBAKfq6iIDXF87qaMfmwDB7y]

internal-sto4-prod-k8sc-0.rut.sunet.se/overlay/etc/nftables/conf.d/501.nft

@@ -0,0 +1 @@
+add rule inet filter input tcp dport { 80, 443 , 30080, 30443 } counter accept comment "nft_public" 

internal-sto4-prod-k8sc-1.rut.sunet.se/README

@@ -0,0 +1,3 @@
+
+The system documentation is in the docs directory of the multiverse repository.
+

internal-sto4-prod-k8sc-1.rut.sunet.se/overlay/etc/hiera/data/local.eyaml

@@ -0,0 +1,12 @@
+---
+
+microk8s_secrets:
+  kube-system:
+    cloud-config:
+      - key: cloud.conf
+        value: ENC[PKCS7,MIID3gYJKoZIhvcNAQcDoIIDzzCCA8sCAQAxggKSMIICjgIBADB2MF4xCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxLzAtBgNVBAMMJmludGVybmFsLXN0bzQtcHJvZC1rOHNjLTEucnV0LnN1bmV0LnNlAhQM76NcyGaIryqm5Hd2g/68KuJydjANBgkqhkiG9w0BAQEFAASCAgB1+2IzHcsXmWpc39JdvfZDT7ZcZtDkdZ/0Zz1rqz+NAt+C0/GYm0rfOcDF8YS6I8v5VguWMMesLW4rSptA2QZrfpNislqxaSJdIbNjvoRyQCMC205NApsBwVeoR4Cd+lGY7SwhHFx4gbfcdBn6/F3fPiJ5hG4vm1ntxUda6sFNFiNxt99uoWPgMlV5BXL9aLX0Ud7BS/tAaXaFjjAM91of1ujUmZcnHZPofzyuADrKKdYL1gK8jnk6UqaYew632A3tAFQ29av4fnJCzNOUZ0JyK80i5DGio0RJJwGXHvTNxv8Fxa8kXkQzlvSt/r6MwGa2Obfx+nmER/kPiohGN665kyfVxm4IRdF2FLNDQYi4yzcF3wuva8B6F0NQymTmkD6p4E3WDPPx0CKinS3UKwSCXuFIHl+Y52lYRNjTyAhC70fuR5thNbxhloNF7CfFP3IJEnMo6vlsVCmdy64S5oj00gcpIzKd7OEVbH7pgMJDhhvKxTFoS5FLrSwtF+QKLWQb9A+j/M6fZpn+7sIpNaiW6D4FluaMawi9IU3HaVFLP6UIWfrJYKBtXcWRVTp+3uhYB8rFjMUm61DMDkL1uf9YzZ2TmGMzsBwcj+stU0x8rAb2RA5pUhyMaWr9F+RcZR+I77SHPFEXoUD2m/V4GwUUQvqhhn4cyZ0tfjiB4HIfIzCCAS4GCSqGSIb3DQEHATAdBglghkgBZQMEASoEEMUEUQ7+1Gvvus95Q6J9JhyAggEANHA8r7bWbY+FvIJT7hWV2RO+McdEjUwPzwaMfukgFZaQtyhsbBBHs8t1sCyfrixZuvpFQj4ixkieEw7fVJeMB55thuveNhQ902Qj9OdsI3+Cj9z2uuX5kJKyZGb913iVcrzVkZbqq7zDVtYBLE4z+8i8QWoPlG2J9YeR9NqvMIeOupd8WRgRyLZMYmjAT7MZz1oSkgm5iyF9ccdPwoOqcYZxOj+o/G2BMSMzNkJVNoco5QcvB/8OUxRaLlzSAIrMBv00LrUANbTDm5R/S0/VdlaiSaEKP0XwTzNUbYOiwBRxlgc6qt9ve8iIQQxX2QeZ8ssQA3iy+3tQ42tmG5X9dA==]
+
+fleetlock_config:
+  rut-prod:
+    server: "https://fl-prod.knubbis.sunet.se"
+    password: ENC[PKCS7,MIIC6gYJKoZIhvcNAQcDoIIC2zCCAtcCAQAxggKSMIICjgIBADB2MF4xCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxLzAtBgNVBAMMJmludGVybmFsLXN0bzQtcHJvZC1rOHNjLTEucnV0LnN1bmV0LnNlAhQM76NcyGaIryqm5Hd2g/68KuJydjANBgkqhkiG9w0BAQEFAASCAgAQ7cq+hrQg4tYMKs/1BOi+Xuyj1BGRL9255vBRxT/46p/I2xnFKEsnmDwzhNx2wr0Yo9O2ALo7qVPjk0WjoSiHqeSWFBqAoTrvr7yD2emFOtVbikWTAykRMGPVCwQ9h2IRY2lDtZvG8vlHyl/z/K0yXAGI+vRHocUSMjPyvO/tMejp3e6WEDlSoLi4qiBsphbWczszwU0djJO5qdRTVGyBwOrrgFKK+C5QKueG5WeVf0TAa3WzblREIQD29oNZ19V6uRC1h+QOEh4SefmmQ0j5qzd4i/sSvQNjHbZ9vCBtIjN1zMp9MeYw7AE20QObcqk4RmRhb63jNUvXFRSBxvVoY1eto3jFPjPH8zYCKhAZef9W2k/IbykC2WSaDWyDRbdAkTTxxjo0AWEz4nQJaiPp7ndYdPvqh9oFcBtsW4r5SLYpWCaP+0jOMmShBkSoi8sKWz312R1v3qhVUa1nollQp2wnMd+UXqcBbXCF3t1neZpDEMrGu0Zrlpr5GgcqmZm4utECpiruBnB0mFHdSHAdU4dLlMNSLK/h/OG63JFcCp0AB4ilE5J24MoMXiemJIPNgcnxPf0zy+QidmRRusIsAmibN6HoxeC4Vf7B7BN1XNjASOWa5WlZ8e41R1to1TmkuaxCN0P+M1PA88rGReFP/el3HWtBB7jU7jlsLa+1pzA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBIJFB34RR3zZ5FRcOIRwLNgBDw3kCQ4sZhPkMmZRsvpesI]

internal-sto4-prod-k8sc-1.rut.sunet.se/overlay/etc/nftables/conf.d/501.nft

@@ -0,0 +1 @@
+add rule inet filter input tcp dport { 80, 443 , 30080, 30443 } counter accept comment "nft_public" 

internal-sto4-prod-k8sc-2.rut.sunet.se/README

@@ -0,0 +1,3 @@
+
+The system documentation is in the docs directory of the multiverse repository.
+

internal-sto4-prod-k8sc-2.rut.sunet.se/overlay/etc/hiera/data/local.eyaml

@@ -0,0 +1,12 @@
+---
+
+microk8s_secrets:
+  kube-system:
+    cloud-config:
+      - key: cloud.conf
+        value: ENC[PKCS7,MIID3gYJKoZIhvcNAQcDoIIDzzCCA8sCAQAxggKSMIICjgIBADB2MF4xCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxLzAtBgNVBAMMJmludGVybmFsLXN0bzQtcHJvZC1rOHNjLTIucnV0LnN1bmV0LnNlAhR2Zs11WzdQvvGzXOoOKjxkzLEarDANBgkqhkiG9w0BAQEFAASCAgBnsYsL1D7OaD4VKcPknEMRwAWZKr5la5EH73z4mCIy7ppN0u16LYzJ1g0M5FyettFJftMpDg7Zoc73stvOc9Q8yo4Z3kXV0HvPdqfZbA1IGubPX7IImtFIQ/bqkiBq4Y6CL1CInv0IajYFysl+s+B9wPngMrq1d6Isj4AJDlI3vIkghnNUFNh25WAZ7v6VfSU1XQwshv7kRVvtry7dCDIjVRKQ78ikmrOYgyT/0FGpB2SgVTIKfTnSSxTTMG2BTEJ3SZWUWJu1+4oR1peDHmH1PZz4fnfQxNeS4CKBuGDy8HEE56GpHq5DQFs8qQc6CeptKyXFmX+ia6Jej6Vn7kVFsFKIBCPPiqKY6erSml4EkkNXvQtOHKHZ1ksRB+CY+I2bQMc6+f6XGaXJnHed5MejLu/z/JmcW2w44u6MlkngRneri8qeMTo0STCCZQ5itNsQ5w5aBqvixkrjOnHUd9p0M/DiLYjAItRuNmZ9XkgjUPtZPqliFNF8R7WZ9e4Gwhjc5Wv7jxZ8c6cDjgnJRN5+Slmx3KlPX+tdAmIT7ElTtGogOIKk0mb39fkhc8QF9juHBHGBdxGPm7pyQx6b6Fua0WEJ/taycURvxIi6Rqr43gwkDxI+L6HLidaKNOmu19Pifndl8jfN++617rgzGPu9cUUvzF54znToYAaWjYM6kTCCAS4GCSqGSIb3DQEHATAdBglghkgBZQMEASoEEPZR4f1lYYaJjcvkxYrGi/GAggEAYn7NKuwGD41e+E1PVKUieInXVRzWyVFz/DnQsu9PZej1zJjGQ/tJFwZUiLZQtAweaea0J+ozuPnzcHkGI1GQYrqLMrNpvtS9XdcN5bUyQXYM7adiZ7peJstLPNJU7TRvALSXtfds7EqoVxFUP4xMpQ5TUBNcd+MV6ksyMA8uTVCUs2BFI9lJiD4sG1coSsYWVgRUwaydVDONFFK2n1wQpFMaQhAg9ij//E/TARMl4Zo6Yc0Ln6cxgPDLusot0IfOehREw/ebYIqOe4n455HMjHAmwn1Ahw4e++bNXIJ0xeADtM9yHgI3vn1nRxnqXka9iiZidIQ4eidrT3ClGM2TJw==]
+
+fleetlock_config:
+  rut-prod:
+    server: "https://fl-prod.knubbis.sunet.se"
+    password: ENC[PKCS7,MIIC6gYJKoZIhvcNAQcDoIIC2zCCAtcCAQAxggKSMIICjgIBADB2MF4xCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxLzAtBgNVBAMMJmludGVybmFsLXN0bzQtcHJvZC1rOHNjLTIucnV0LnN1bmV0LnNlAhR2Zs11WzdQvvGzXOoOKjxkzLEarDANBgkqhkiG9w0BAQEFAASCAgBlydTjOQzilmTqazaQTpxLY3np0Toy+3rE8JAUbRU6cd30orF2gwnHLGdBmIvPY09x1gZyrVFts75e7zT+21+M8W00hXgsk6JpMWRIDIcQIg9Ax6P+fr4Iy3cGyNE0mW1Jtf9YfoKojg53kCqW2OCtpgTzT6KUXihHD+f5BfMYiR5iR4zZtBVUPGk4Ij4ivgl+rqqd2oix/hg0askaYOWGiV66RGaPkwJ1wWMYXPpXOIlwNqdyOR8eDfzHRBl/MN6QmGzoq1Z099VpNzRvzt2cAGes3IiLTKqhghyvIc0rhmRYc3WG0AHVTgcDew9RQYuYzUIduuX+s2qM0ZdDEIrt53jLbtoxddk3fYKi01S/Mc1NqQEQwyGvt/SY/7eGezSge9wdI31WMzOsqDqVF9vkYZUHU01pgh7uF4juwilU0ghBUiOCkIOuSLSulvMh8TmDbpX2r+tywgDuNJxYKQtW8cfJCIaNJ/THNqLfhSOXpswQZn7XDiesd5iRL7IGvbCGFHDAVV6TO2wXd6xSaxbtQXtdCFqm0ZphCnUl2VMeiyp2Q217yqvMezmrq3rXGwk3kY8HTeuMaOeyY2gir2caP4NW5FgspFzwYjPaq/PFqK2L/Rh9/+cV76MsG2Bse+8qgFJp4sjgWbWEAe7oLtPdwTyMEjua+xkPSZlPragh1jA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCOeRRy/fy1U3yX9VIUtLsEgBB/ho7fYFUHQtu5MNgvghMI]

internal-sto4-prod-k8sc-2.rut.sunet.se/overlay/etc/nftables/conf.d/501.nft

@@ -0,0 +1 @@
+add rule inet filter input tcp dport { 80, 443 , 30080, 30443 } counter accept comment "nft_public"

internal-sto4-prod-k8spg-0.rut.sunet.se/README

@@ -0,0 +1,3 @@
+
+The system documentation is in the docs directory of the multiverse repository.
+

internal-sto4-prod-k8spg-0.rut.sunet.se/overlay/etc/hiera/data/local.eyaml

@@ -0,0 +1,6 @@
+---
+
+fleetlock_config:
+  rut-prod:
+    server: "https://fl-prod.knubbis.sunet.se"
+    password: ENC[PKCS7,MIIC6wYJKoZIhvcNAQcDoIIC3DCCAtgCAQAxggKTMIICjwIBADB3MF8xCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxMDAuBgNVBAMMJ2ludGVybmFsLXN0bzQtcHJvZC1rOHNwZy0wLnJ1dC5zdW5ldC5zZQIUDpGEfvkM52ClXDR7DHJJVKONtDcwDQYJKoZIhvcNAQEBBQAEggIAJXdzLQIySCdrVO7SOsXw0wHqbxzgmawGHrZ5Q2328Qf0JzKXUZdLZC1fzhfRnXFJ+GqWuoWxEnyLMYg57NW++J1LNQkiIsUmQUNDX9f0nIg+H9yJ22yKF1GCUiSCu3IO5KnWlU94koellQN3au4KFUbixxnF77COGd8Jpr6BcZv3aLtUWaHpvILY+9r/IBj/yF2oRJb1S3894C+qUd0l93oQMBYhaLGQUDXUBsm6kEcGDAMOU+3RHDSuU36t7kosocbzD3qG1EdPUXGxL3FGJib/OnLzNjZ3UUVOkiXvLDLzo2OPAEnyt2qYYXUNrhX0WQfFg758mFkpFH7kZ8DwIGYbbrzyiQl+BfdrxKofCYv5X1MdvGEulm5fu7qleqpwNPFlS9RqKizbXsECx5quXDmzt3jSld3RheAOxVMaR3yks02rUNgrTZ+yW3Hdzd9Qwds1ZvIocjMmCHBgaAy5BK2TtKoUjb4Tza0lEdyaQDD7wF2DPFsbLl1/o9dMezyPNZ1tU6Cbcs0m+MFRKEoFrgbKc8NMcN4l3L7FCiIJ+cV+ijGG/EquEK9DYeagALSUEy5Cr/ejiSrDn8Kro0MHnd/FemP67/xERuWqwqne/Cxx0RaLyMaTJsMjdEUk17za9iLOnJksYhcJdtkTx+62S5VEjZ7r2hppS1E6QnUnRQswPAYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBKgQQB5/w5NOCEHYjTclsaxDS8IAQH2SCmMga7pnfph1yhgcRNQ==]

internal-sto4-prod-k8spg-1.rut.sunet.se/README

@@ -0,0 +1,3 @@
+
+The system documentation is in the docs directory of the multiverse repository.
+

internal-sto4-prod-k8spg-1.rut.sunet.se/overlay/etc/hiera/data/local.eyaml

@@ -0,0 +1,6 @@
+---
+
+fleetlock_config:
+  rut-prod:
+    server: "https://fl-prod.knubbis.sunet.se"
+    password: ENC[PKCS7,MIIC6wYJKoZIhvcNAQcDoIIC3DCCAtgCAQAxggKTMIICjwIBADB3MF8xCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxMDAuBgNVBAMMJ2ludGVybmFsLXN0bzQtcHJvZC1rOHNwZy0xLnJ1dC5zdW5ldC5zZQIUFg3r3t/lyifsl3TEotWHEGdy+/YwDQYJKoZIhvcNAQEBBQAEggIAAt2k8hrQsaaZWaf/WfkELpwR/PYB39cX0mBEZ4gPhpbMj7eSbd4sHLH7qLXUlY1swrQDkzbovLTXvQa1DzCSHzPDxMgTojnhuPdTilzJzsKkYnBeZOvV5n7gUhWtMXeWNcV2+aE1t0SuPdsR+jN3ZN56GibXsFiyss9ZBTTpEtUUbirQt9OPJiU91veBlFC8ZAAWN5tIeFws98xxwl0yoTB4lkAAI/zx087wb87YmfTOIxkIIfRoNgon/9yHtSW4kPWNlwLz5KzSfKQJ5YtzHaK2FHJqq5EojVj4XLDqbdxQyTl9omGWK0P4T+b/EKTqTEMDCPA8QUEn0CBXBRb+R90BxaPCK73jyaBPeIdor78S0KWguc2nzoUlx1AIb36QI7UxHA7iauH4zYaL4nCX85EWv5UZZmEoTM7NkonWQlXBbocu6Oc487pvgc6Uxfc+JPjhvA70zORQ5hfgyzlLxqonmr/8NlZek4sN1Mdb4dEjQd4+/CKZqOfYw0WpcOxY0TkzB/5rYhup1j5fhkBB7+xygbufkcm/i07oW4noUZTVhJcHqov4JlFg8jVPsfehPdWR9ygbYMQ3M+2FtWcbBU9i3CeLVm+Pnzke+eLKPQ/230ZUnMZz3hY1lVf3/0I+VyNKe83o/DnDBm3387YCodMGS10Tgtx3z2qP2KuEgpkwPAYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBKgQQoO47ghc+Tb8F6vs5dJTIcIAQ1xPW/WxGhtno8cEWmhkKPA==]

internal-sto4-prod-k8spg-2.rut.sunet.se/README

@@ -0,0 +1,3 @@
+
+The system documentation is in the docs directory of the multiverse repository.
+

internal-sto4-prod-k8spg-2.rut.sunet.se/overlay/etc/hiera/data/local.eyaml

@@ -0,0 +1,6 @@
+---
+
+fleetlock_config:
+  rut-prod:
+    server: "https://fl-prod.knubbis.sunet.se"
+    password: ENC[PKCS7,MIIC6wYJKoZIhvcNAQcDoIIC3DCCAtgCAQAxggKTMIICjwIBADB3MF8xCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxMDAuBgNVBAMMJ2ludGVybmFsLXN0bzQtcHJvZC1rOHNwZy0yLnJ1dC5zdW5ldC5zZQIUBE0qTQH9w5Yty+UzJa/HrERZQfMwDQYJKoZIhvcNAQEBBQAEggIAK8RcDVuJnrhklxI+JNGIlBUgI4++QSCjhTANoZmw8rLdJzdht1xDlGFF7ZwxzeshAE3lgUskDbKRcGuZklrdEXd5HTDpEMXZnfZQWrQsl9R6fjbQ/8j/vog13ZKOUBaemSv9diSPZv1WD1bVPWwjnmgYyvWPxnpBlUq+7Jco+EklO+ksTx65/CVyWVMGeVf2lWNMrHvbv8hZNwK5Ycg973WYllMB+l6BpVyGxT+o80uaAAxTMoj9zOd9TW3ciqzU7TN2D6XrHSCfem6IBx3p7ubvwnowJ2CvVP2WOmjdkePWylosRrJCJiYzlbptZs3QbrtiHeAdbitMiaZ6nwfFdFoRprZ0MqzrqR4TCvtLC4o82fi3upQdPxf23YxapVVRWFBgGD5IZjxYTYl1+VJEcMFHmzY9fvO1YLQLN9Zt6mNZl8wWpjtsnl8Lzs68w+dVko+aGXymX1uLrBq0sypADjk7BQmLqG4NYgHwGhfpKnnrkye3SZdpfaGRrVInLEhQ6hEzijKeibJ+074DA7Rh0ey98kDjQ++vluIm+uk+H27/ESkdzJEQ6KK4Tx+X41uLLI2S4VEwb7lIWnJXpjHCrpEOMcOfAH8FT/Je2mEDhKN5cNcfxTQjKEGsvlfVMwclHbdSuXgMlNRcHcf0y+WpBadGfM0QJsHKYT/G4VLaWLQwPAYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBKgQQ8cnt5qBQ1zAmoSgrEqcHAIAQjf/bhYo+S0pGHiVTHj4mig==]

internal-sto4-prod-k8sw-0.rut.sunet.se/README

@@ -0,0 +1,3 @@
+
+The system documentation is in the docs directory of the multiverse repository.
+

internal-sto4-prod-k8sw-0.rut.sunet.se/overlay/etc/hiera/data/local.eyaml

@@ -0,0 +1,6 @@
+---
+
+fleetlock_config:
+  rut-prod:
+    server: "https://fl-prod.knubbis.sunet.se"
+    password: ENC[PKCS7,MIIC6gYJKoZIhvcNAQcDoIIC2zCCAtcCAQAxggKSMIICjgIBADB2MF4xCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxLzAtBgNVBAMMJmludGVybmFsLXN0bzQtcHJvZC1rOHN3LTAucnV0LnN1bmV0LnNlAhQglDr5RU9i5bfHM/4ZjzASCOivtDANBgkqhkiG9w0BAQEFAASCAgCjVViuTKwtaI02CDz7nXYO7mDw1G143IDQG6ZeHWRqAvDU2CaH5CW8xPJYI+iZi9WC7JX6FE5Rk+AcrTY4/6luj9C/IQv4F7v2Xz5AqU1x/PlXkht2D7r/thJJTkOqgHle0GfPL9P7nK5EjjUD0/hPYZTk5Gw6YBYMq81IBrQaqxZBCkLzBnUHBfrANmB9jDI/4rhh5pflPUHZWvMt9bUV/sIUpfp9AAsqQXgnnKsZkMFD3qVAqZNFL8w1PJdO8IuRNThxVk6CQwOtcKDvSOPmr8tsrVGM8CxhYbO91cXk/ImGUFbcsY3OP+XPpnmW90myTZj2NW2CBZsyPB4opFDW/xLMUR86b86XYhYA8sW/IzryDEQ31JabNY33mtnNK9r6x2hTpU7tCnc2EdRurWTaam17dBlZJ6qcQT78/gNhyK10655ZOOzqVzMSeudPI/ClOiNaz316XhBht8gOmd9lEzfBC+HoIFKgz8pxJsn79FKzL8OYjcHWWeqBWNa6BuwUwA66+uJRT48XVOhgxfkJX9PBfm63fzf6XwJ7CuIrcZLiuseN3aUCRfsXYtVKw8H4hXL+0cslwvMM5DyP5ih95P9NbYw5Xdvg5QNcJzSgRAdtlPnjOotg1iQX+cSDj9Y06W5VI68IW7n9A+NDZkQib/oaNBuSR2j7sV1hXhz0BTA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDA8xPk7Qh6ErALrGCYAtiYgBCO9OaoCCNm7eUbWtSMbHGI]

internal-sto4-prod-k8sw-1.rut.sunet.se/README

@@ -0,0 +1,3 @@
+
+The system documentation is in the docs directory of the multiverse repository.
+

internal-sto4-prod-k8sw-1.rut.sunet.se/overlay/etc/hiera/data/local.eyaml

@@ -0,0 +1,6 @@
+---
+
+fleetlock_config:
+  rut-prod:
+    server: "https://fl-prod.knubbis.sunet.se"
+    password: ENC[PKCS7,MIIC6gYJKoZIhvcNAQcDoIIC2zCCAtcCAQAxggKSMIICjgIBADB2MF4xCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxLzAtBgNVBAMMJmludGVybmFsLXN0bzQtcHJvZC1rOHN3LTEucnV0LnN1bmV0LnNlAhQFzf/OXCZrM/90dduWLcnqOHGzvTANBgkqhkiG9w0BAQEFAASCAgCAtykDc7Y1YeN9zUzHd+N6XBAppGN8NI36/78uA3kJN3XHmheox9dk5opkVCaRTXSWN9nsibIxEYVJrblbw6NGPC8naPcePEaPcWMXYGod1ApNaKk0IrqXubFKRo3YJRJVxUBZmscOdAlLufX61jbw+ht8/IsMRWciv0LDFOm1hCM1FpbEw2ti8YSRBI/TFVk/qZSXJ84gzgtcM4FwFT7y35v98KEJSJuGRTr8fL4dmPPKhsfIxTU8mXj9QgUM1dvX9jua0aM5QaRo64pJtQdtqKz0Kl4XmTXOAxRWmi3nIC/GiKVcXVeGq2gI9k81N1vfk03slocugN1t3YxkjKAQQZ4SRQwUf4XRt/+HMNza6qgueSLPUWZyYW8kaaKZHbSowFDdvdFkqWqd1MJBfzTDYZ0NGeYf9i26Bvg2sFjoc26QOfrepI90BxZb7gA0tvVTwuQ+30rxdShjb0Bjr5vhX6+i5neOd83uW55fMspY+YOnLTpDeQ3xE+RaPDp7P5NJpTHNxlJOoRWk29oOWCH9ARJRKtM5dFC8Aug16HCxMYlwSQAN23Sgr8nwMFlHcmdJfAtXABaANtTSI/ws8//MzKwKjxucKexWNhg2yOmmLXBW1bRkIYX9S8YU8lwSmmkROtU0mRYs/iIm3IcD+QUrIonbSk3uv43ZTu3wJSmVdDA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBC/VWvmV8lnAGSDsd/cPGKAgBAde4Rj9L4h4aNdvexobulF]

internal-sto4-prod-k8sw-2.rut.sunet.se/README

@@ -0,0 +1,3 @@
+
+The system documentation is in the docs directory of the multiverse repository.
+

internal-sto4-prod-k8sw-2.rut.sunet.se/overlay/etc/hiera/data/local.eyaml

@@ -0,0 +1,6 @@
+---
+
+fleetlock_config:
+  rut-prod:
+    server: "https://fl-prod.knubbis.sunet.se"
+    password: ENC[PKCS7,MIIC6gYJKoZIhvcNAQcDoIIC2zCCAtcCAQAxggKSMIICjgIBADB2MF4xCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxLzAtBgNVBAMMJmludGVybmFsLXN0bzQtcHJvZC1rOHN3LTIucnV0LnN1bmV0LnNlAhQJ2jyx9c8fLUCh66kTqt5X7fzhtTANBgkqhkiG9w0BAQEFAASCAgAySriKb55Mj9JtQWSy+M1d4fufh712Ocd+V412As0k0ZU5aAlQr19AGuRxUa18t1L2V1UgM8iItJUp1hWP+mT3XO046G6/2iY6gjM1Vycn9SNXYQvy7F1GLx9SnYqhwkYk8tEVU9uhsrLeYlyAwl/Z6F3TFhhUfzSftlZfZ2/D4MBFYkpwx51XbKlx1i00u5Kkop9hn5iKILxup/g1yM2uKvTj0ggie0zvdSVRUf9kH7FgN0TX15CboFHT87GSS2/ObMaf9/dernnX2I8eMmc++DIE4w71lfpNEAvg6p0JvNvtl82gWotyaT5k+e9Ll4hOFITiPr0INh+76ddT/U4DsT5XTqqy5Ao4Pd+xRy9/6OMnpftUHEb5rst4h3Y+h0TRXaNrij6SxX59a5iZbEEYrHPA8voqUFUo7tN9UseolwaCQxwcIdAECFA6rrDyQQbYBbx15TN1Q64rsD6tiFNUur8h4York3lPtY0SFWOPW8JX7TfsOPyLxpGKn5cHmLalOouwCrj5spEymUSsBg0EMpgiB5zuVprFmSu9rKgF6BsibiQsSu2+pjC6zzGqp6Qk4nURBcYBYrlkN3aOzfzDpa9JLsy/+4J4T8T4dZGRYcmRApks0K++ElZVDe3Fhs5PbuIWWF0iWs7z9i/6uQ5PI0V7YXgq2WvUAWeJMrcvvDA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDKNfk175Mm+OYlzkb261YsgBBro3GGhbf7e0uRwcRM1R7z]

internal-sto4-prod-k8sw-3.rut.sunet.se/README

@@ -0,0 +1,3 @@
+
+The system documentation is in the docs directory of the multiverse repository.
+

internal-sto4-prod-k8sw-3.rut.sunet.se/overlay/etc/hiera/data/local.eyaml

@@ -0,0 +1,6 @@
+---
+
+fleetlock_config:
+  rut-prod:
+    server: "https://fl-prod.knubbis.sunet.se"
+    password: ENC[PKCS7,MIIC6gYJKoZIhvcNAQcDoIIC2zCCAtcCAQAxggKSMIICjgIBADB2MF4xCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxLzAtBgNVBAMMJmludGVybmFsLXN0bzQtcHJvZC1rOHN3LTMucnV0LnN1bmV0LnNlAhQlY0sXLGNg7GjtEsar1K4U5qbVczANBgkqhkiG9w0BAQEFAASCAgAHaNq6lT01CeCKS42alaxmCoZrF6xgDeHsQQxZUlHxYwER/YC1Vhjy3LmUdC6DNlk8sQvKWmqGcj0Vz/7nBGcRA9lBcvFVTCWt7MhNuh1Sr+gCwAKxWF8sDtiCmP9cvkoTdafAwUHbBwU3LXWV/x5t836SSbi2HL0FO6rqdidS3iQZB8FSXqS2L8hlkHDgWuqr9iSidSnRJ+WmKdhgnLGKWY1FS4KH8SprwPLSFEh1ksjSRcXyBWQXiwag6fRK2ikxnMYQs3HFeHt1Si/iq44Ez83vDNibpIndNB/yLhmmMfTQ/VYzryqiu5msrtYlYcGrMUEgTFrP4uVwze0EzJ8KP0G5KSplPIiCJSX0I5QCqL/trKrw0SCeCa7/kRYEoIMKMdqRT94kLzV20lL/dL9UdLKkBZPLDhKsnJc+HihS7qfqfZtDJC+4wdDSnpA8baYFqAYRZj3QEoPBbAn+c2m/tybKc1RCZt9lS5g22ZSGyDOCVyLnjIrIvKlyQoq+9CuP0tKW27YJWK4oxm48Qou0Qvg9xCX1VoX8Fax2D8z45drT15EmvKScf7e7O7gkmyURIz4J7dMA2sZjsZoC2PyWUKnv0czJCOwWF1p0yyTkdDfsAx7On7fU0p0UPdEW5Us9L9vejPeKn9IWtgFO4Lz1gT4D76J1t+z5xIHNjAWqXjA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBVoyF5HCOCijw+9jY4/GrdgBBu3T7bDTKXRIZbZkxnd36U]

internal-sto4-prod-k8sw-4.rut.sunet.se/README

@@ -0,0 +1,3 @@
+
+The system documentation is in the docs directory of the multiverse repository.
+

internal-sto4-prod-k8sw-4.rut.sunet.se/overlay/etc/hiera/data/local.eyaml

@@ -0,0 +1,6 @@
+---
+
+fleetlock_config:
+  rut-prod:
+    server: "https://fl-prod.knubbis.sunet.se"
+    password: ENC[PKCS7,MIIC6gYJKoZIhvcNAQcDoIIC2zCCAtcCAQAxggKSMIICjgIBADB2MF4xCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxLzAtBgNVBAMMJmludGVybmFsLXN0bzQtcHJvZC1rOHN3LTQucnV0LnN1bmV0LnNlAhRX2xki/NRdpBwgbfIpQjSS2AkGTjANBgkqhkiG9w0BAQEFAASCAgCX0mpZBORAW9G4ujcl0QAG9SSsM0Y6pNhaEC0Qmyim/WWX9KkLr4jJoFgUFxSnx6l6wfXzcZTqj40io0j5FWNDMCh/9SSPoflBGEh33rqiFzbvk5Wid5CA9I8JkZ+X0FvykIhvY/1UDFzz/ZxDasgA7YckvksxM+lYXdoM49zoYot5JSHgLscXu2bggOV/As8Hhim4u1Z4LQs1/MDYZNXQLge18xRP2WevqJnONbnt3XM5PZywbuFuXqpZl+Wv4TLF3rsBYg41VO9M79KsOl8LqjyWzStIJhOmLLDkG91WnxX/FlPWBKOx4McxplQfO/jftqfiJk8ZLFOdC0uAS9IDntouuHrQEIE6e6/K/Dr0SL+qB5kMIHG/9pnlmVqI+mG8IJFQJowKXvSqHzCVz0mDFhHIGAG+zyYjCwd/QI0K682WjXMtRitkhq1EOswHUA2QgAPEYFFx8Qx+QjG6lzOcCBBV9iAeyVzxgrBGgOXov2ITSVG+Pu7kogB34VUj5hPruCOn8dAom00B1+q5fNKQXyR3yZp0ZsTISQCZy1moLiLtGEUfWphD+eojU3F6HMfoENLdsd//HGR1r5GWSCdFkc4Tz61Dtod2SdptUuWqBOSqMw9CHDpe6AK75GEV36wgKqHuBqp9Uu0J1iyRj/8rHx5AUc0aQgwrRmXeam8MLzA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBC0sEaU3Bn0g3TtOhDAlDQugBC50Aj1jwxL05BXiNDL3dRa]

internal-sto4-prod-k8sw-5.rut.sunet.se/README

@@ -0,0 +1,3 @@
+
+The system documentation is in the docs directory of the multiverse repository.
+

internal-sto4-prod-k8sw-5.rut.sunet.se/overlay/etc/hiera/data/local.eyaml

@@ -0,0 +1,6 @@
+---
+
+fleetlock_config:
+  rut-prod:
+    server: "https://fl-prod.knubbis.sunet.se"
+    password: ENC[PKCS7,MIIC6gYJKoZIhvcNAQcDoIIC2zCCAtcCAQAxggKSMIICjgIBADB2MF4xCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxLzAtBgNVBAMMJmludGVybmFsLXN0bzQtcHJvZC1rOHN3LTUucnV0LnN1bmV0LnNlAhRR03BIjcpQnTXIukj1MMDe3y0mNDANBgkqhkiG9w0BAQEFAASCAgAOKw4zWVi+NErZIImzXm2dBalPuhPKNiKZseDeS5oN2fxBxu25Mg8zz3LLc2ecH3wgbAvTZLrgD0AsDu3Sw8LgDbRdbOvVZd+1cNh2x1ZZsWQ0wzPY/eNirKN/asoYT+DXqCi31vgBLi7zY+1tjLDY3Rwi7DtSMI7gnjcjB4ks1QwA1+p5XbGQQM+TbID6FPyhM6LHuoVqJXyxvGCODvKXoC6s+0McABUmYn8uXywyhdl1pY112wB93hy+aU2baqcSLja03VFyKr9WEukhgYC2GckQUnuEGmuCWXwdk2LG7nBt6Yuksk+A8U7iUfGgT/vQugPGVTW2zKNXhsNqu1YnmZsU2FI6/QaPhjHuhUJwVTTTAqH5/vTB7fDbo7+pfyNjr8Pyn1itFcvGq893A4/yVlen4rM0z41liuLVNux8bb0Bl5KcK7bus1X4UdNks8iTF0nRBAK07oDdBio4RZ48qT4MbGcBWxBB6mo8j1Kw2nVq2MjoUpWNrOlddv8dZDvVNJu0ZRPa0FXUyWTlJqtnHOppAFNKZikkrj48We/U8nJtz4NHqAZzjerd4WYfGRnWTf/qrTCBNn1JXicABaDKBS5RnYC8MYjaWBBHjlu2EyFSjs7hQzTM9qFlxyGS3t1GGY80Vp8JuKBc8uL9PHbaxdZLBhJmVLs0NSpcCM+t1DA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBB11VQBki9oiud/cucK7XQDgBDKmDUE0W2IEPWUHts//ICt]

internal-sto4-prod-monitor-1.rut.sunet.se/overlay/etc/hiera/data/local.eyaml

@@ -0,0 +1,30 @@
+---
+influx_password: ENC[PKCS7,MIIC/QYJKoZIhvcNAQcDoIIC7jCCAuoCAQAxggKVMIICkQIBADB5MGExCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxMjAwBgNVBAMMKWludGVybmFsLXN0bzQtcHJvZC1tb25pdG9yLTEucnV0LnN1bmV0LnNlAhRX/Ef9eDvc3IGBl6WsU5Sc4SdLUzANBgkqhkiG9w0BAQEFAASCAgAE9p7ZdvMViv2Af+UUf7uVkeXAUSN0IIEYtJyDezpZW3XN/K5qfGe9DBuRgoyK01D6Xx4ncCz4MML1+BGQtSAmZl5kw+zesBsZMDjRxOF43cmdUJ5Dbc46+pgwugAseyB8fD0J3qoA/X+8tdKa8xFBfV1e2uy0md7fzsnifftC+bB2OD2BU0ay6meveA8EQhZGe8IKJUhZXZpmSwt9CPvlQBVy8F9tDAUo+/Wa2qqSUYqJ1v6Ybrq/Xynar8V774bkcJ9fSM3Zl0VCR/IjZqKSoT5JaI89Tsz4dRN0aFKvUzHBCrr90j0PYcQpSVT6jA9qQle+bgFbXDBMxVlVjgyhsverVVL8OtAg+MCSBsGpILvGLnedP4s68aa0v8XHLmUbgeJOGKHrX1G/bAI5sqKSjjWyg0e3BChd7mOQj2ztqiXsFLFZY00v2O1bJVQPJczccXc8MY+AyGKBtbj9d1MGxCfhzB4GiheMoOvfqi6qK4iuntV4UxbnxoxTT2biYQE+eXAKkjK1LjI8EQOA53weE/Ddi5GeFlj377gwF/FO6KnvyalqkE9P0aTp4+zBtKbDqpWQYaZHfItglO57ZhAoPR2SKMi84ZDoKqhbhuN2UzU0InWq9dlZlEPktq7Zat686ZvatyZ394sEkko0xV9FNrVl5pa31zwFs4O4rRGpuzBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBhHfIMaN7TaUI8NpFnPS3ggCDjK+70084EeAy+2g9i9OxMbAW3AIk3tDh0hXMZEuEQVA==]
+monitor-prod_rut_sunet_se_ssh_key: >
+     ENC[PKCS7,MIIEoQYJKoZIhvcNAQcDoIIEkjCCBI4CAQAxggKVMIICkQIBAD
+     B5MGExCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRV
+     lBTUwxMjAwBgNVBAMMKWludGVybmFsLXN0bzQtcHJvZC1tb25pdG9yLTEucn
+     V0LnN1bmV0LnNlAhRX/Ef9eDvc3IGBl6WsU5Sc4SdLUzANBgkqhkiG9w0BAQ
+     EFAASCAgAdwF3TG5Vhy4PRRoC5SVhew5YDgxsBhZ7uM+t5hvL0PLnfCQudRn
+     8wRnjrk6aYqMrpb15Yq1KKj648eAgiciiCguSWcp3Xe/LMDP9CBXteCGIkIB
+     koEMCvPS5qKmMTjFBCA+54EfOQDryDJvR0IogKzCR4YSOpUmQu3j7nSkbyUO
+     Cw7V64do1BbFBlNiw4TCNGobIdsjiFUfTylfH+Dl11KWC3Rrl+cBEJhv70of
+     yOn5vzrYVVQEn2+4jeL6cKG/a+fSKSj2oVbbfWhauVLCkUPzasWOSZ73QUPC
+     8g1B39exsqQoBbMaYFK/sLKXqk4NLm2qYMRtVaRcmFDiZ9NBwEhRRJaKQ6+v
+     tcgA05oViDbVvNg9NctuodfCz7gYMZKl1LNnh8sX0PeI58e5iIxJF2pAVfzn
+     R5O2aHbzqgBW+oM6mT3U+xos7jXgPVYEFOetl9gQOfy/IRNsi95dvookGuo9
+     JuKRP/E5bFTODXrC+4/94mZSW+p8izM5oPL7TvlLhvg64KsvCaWY4p5cbnpT
+     rNC5dpYRuWxTHlmoQ6A2N4QsKvAT9nfbrthMYbcfUqhru3jKJNgsyGBMFKZn
+     VJM4pL4LR1YVpa+yi24P55TkZtKpxEh0SRrEh0fSms9yHyifQdFXJLPUEgq3
+     zNunG07pGq5GXEVZ3MUh7x41iPg3TtGDCCAe4GCSqGSIb3DQEHATAdBglghk
+     gBZQMEASoEELLHXkN+tYqrUpTQjyUWFJ2AggHATMZpEzkTTkagHkcsH+X36S
+     0iaL4u/3M8BKEBGNtoxT6eh4pznlWyxQqN8KsyyJHPEGJViBYzVQLAOSEfoo
+     37DC4kripu7t7bnAuOY2NOo+CsIzE+0cwOa907XgpLGuMeeJcJIiBjGIyiuB
+     1QiUhz2Uv995wf3jsUf23Vqxv4hxitGfmSQYNwZV42dFsmDD2RnK1cQ2lZ6+
+     N3/0ntSZtEkSxS9uoXFkERZeM0Evi590hQWC77IU7dGXvF+TYSel8rb7bQK7
+     4olBWrcC1J1Adkfnjk0r5m8tGkPkosnr6KobM+MK1mtZ93IoFkoaRjH/cn4t
+     YtrbBISyLEOv2rXCEf4SRnTKsqUzp21VVCFhHHofipo7sNtVjFPrIqo0Vltb
+     xre5jw+L0SUUVqvJFSg4ayJ6tEgjirln1e7tUVr5AXj0pmhJNXIUeQaP+ApF
+     011e1IRQ3av9Cgtdi52Sqj7PBZ+IMIvnNs0937m9aX1v/gjDKXLcUFDV09I6
+     hUKE13Oa6nmBMJ7guBj6Obh+A9DLIv70LHnXvp5yGmtys1mZ3V1j1z5sebKW
+     cfCoZr+p4zRTD6r47Xu2ZyyiTrrSw6FupMHw==]

internal-sto4-prod-monitor-1.rut.sunet.se/overlay/opt/naemon_monitor/attribute-policy.xml

@@ -0,0 +1,75 @@
+<AttributeFilterPolicyGroup
+    xmlns="urn:mace:shibboleth:2.0:afp"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+
+    <!-- Shared rule for affiliation values. -->
+    <PermitValueRule id="eduPersonAffiliationValues" xsi:type="OR">
+        <Rule xsi:type="Value" value="faculty"/>
+        <Rule xsi:type="Value" value="student"/>
+        <Rule xsi:type="Value" value="staff"/>
+        <Rule xsi:type="Value" value="alum"/>
+        <Rule xsi:type="Value" value="member"/>
+        <Rule xsi:type="Value" value="affiliate"/>
+        <Rule xsi:type="Value" value="employee"/>
+        <Rule xsi:type="Value" value="library-walk-in"/>
+    </PermitValueRule>
+    
+    <!--
+    Shared rule for all "scoped" attributes, but you'll have to manually apply it inside
+    an AttributeRule for each attribute you want to check.
+    -->
+    <PermitValueRule id="ScopingRules" xsi:type="AND">
+        <Rule xsi:type="NOT">
+            <Rule xsi:type="ValueRegex" regex="@"/>
+        </Rule>
+        <Rule xsi:type="ScopeMatchesShibMDScope"/>
+    </PermitValueRule>
+
+    <AttributeFilterPolicy>
+        <!-- This policy is in effect in all cases. -->
+        <PolicyRequirementRule xsi:type="ANY"/>
+
+        <!-- Filter out undefined affiliations and ensure only one primary. -->
+        <AttributeRule attributeID="affiliation">
+            <PermitValueRule xsi:type="AND">
+                <RuleReference ref="eduPersonAffiliationValues"/>
+                <RuleReference ref="ScopingRules"/>
+            </PermitValueRule>
+        </AttributeRule>
+        <AttributeRule attributeID="unscoped-affiliation">
+            <PermitValueRuleReference ref="eduPersonAffiliationValues"/>
+        </AttributeRule>
+        <AttributeRule attributeID="primary-affiliation">
+            <PermitValueRuleReference ref="eduPersonAffiliationValues"/>
+        </AttributeRule>
+
+        <AttributeRule attributeID="subject-id" permitAny="true"/>
+
+        <AttributeRule attributeID="pairwise-id">
+            <PermitValueRuleReference ref="ScopingRules"/>
+        </AttributeRule>
+        
+        <AttributeRule attributeID="eppn">
+            <PermitValueRuleReference ref="ScopingRules"/>
+        </AttributeRule>
+
+        <AttributeRule attributeID="targeted-id">
+            <PermitValueRuleReference ref="ScopingRules"/>
+        </AttributeRule>
+
+        <!-- Require NameQualifier/SPNameQualifier match IdP and SP entityID respectively. -->
+        <AttributeRule attributeID="persistent-id">
+            <PermitValueRule xsi:type="NameIDQualifierString"/>
+        </AttributeRule>
+        
+        <!-- Enforce that the values of schacHomeOrganization are a valid Scope. -->
+        <AttributeRule attributeID="schacHomeOrganization">
+            <PermitValueRule xsi:type="ValueMatchesShibMDScope" />
+        </AttributeRule>
+
+        <!-- Catch-all that passes everything else through unmolested. -->
+        <AttributeRule attributeID="*" permitAny="true"/>
+        
+    </AttributeFilterPolicy>
+
+</AttributeFilterPolicyGroup>

internal-sto4-prod-monitor-1.rut.sunet.se/overlay/opt/naemon_monitor/satosa.xml

@@ -0,0 +1 @@
+<ns0:EntityDescriptor xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" entityID="https://idp-proxy-prod.rut.sunet.se/Saml2IDP/proxy.xml"><ns0:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" WantAuthnRequestsSigned="false"><ns0:KeyDescriptor use="signing"><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIIFFTCCAv2gAwIBAgIUMQ+lV7WVTj1J7u5i73hyrl4ff2cwDQYJKoZIhvcNAQELBQAwGjEYMBYGA1UEAwwPc2F0b3NhX2Zyb250ZW5kMB4XDTI1MDExNjA4MzcwNloXDTM1MDExNDA4MzcwNlowGjEYMBYGA1UEAwwPc2F0b3NhX2Zyb250ZW5kMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyV502QMl5YdJNmXU+RDy6tAH01V7Rq+9pzb3tDxGVU+gqX7rnYGuaISp2sVkSv4/QzUKrcCvDB4ZVlHtXFcaRVhjVuRwAInmFR3IwzRwjZNM06wEtC5tzzzSn8LeFBV0dACrQ36XZ1u8/OFDJOHLlvu2qgtVixDfHlMZF6k6FxlvmYjZaT+AGnCXad077iWcu2ByLpDjqtnbY+VJx0e0/SfcwI1TXLMYfxZ5fc1nwOvAEMrUPY2yWpL+rTS8t0dCXjC+SBJQVz3ZIYbNKswLICrQQ5xm+O6ZvRSk1D8mpekWZxrZ6+FvnjW5g8jfFCbo5+0S20w5jqVYS2RHPnf7xGhHmTjuckvWcRKyRw6FV3vqkzbgClrdYYySI4NySNhcvAnrqA0yefDa3GRwPqFXo1oErO7MrzAWKYkagt/HktemGvjkntEsWM/1IhgAoV/wkxXgIy7jgCEAUEU1SwgpMrREqBw2IQ+DRj48PLh6+lhc6VI//nlvh1YYH+08RWO4UCTwCYnSqcWB+Ra8qx77X4xCVBv1+L+e6ZoPbbxy6vexZLfGaha4raXLsXFuwUgDb0tqhlnWrH6GrIVoa10RRVI4YG30BDEJYRflI15L65qB0IRWNntxpx1ByhGDO1RTXtXPaloXLlrL0v7HzqDnxjkhcW/XV+VveAjZcv1HIckCAwEAAaNTMFEwHQYDVR0OBBYEFOSJSLUswUH1Hoz2U9zGrj/RXnpGMB8GA1UdIwQYMBaAFOSJSLUswUH1Hoz2U9zGrj/RXnpGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAEpJYUnhO3zjmKbqFarc95JhJ5Cwp2QjgNGnppDdyUHGGkNghpaF/LrjtEvVENihjGuepCJPv5H525R23elScHXlEyLM1uDYLXZbUD/qJzWM6kfz2j3oaAqAGxq3MBdTvX5cH2tny3lzA9Dxk+asVnc/Qsp8tWOlLYPK1A7S0bbR7kx3ZnD0VVi7YHA+Lujh6+SEF5wbajTFOP7d7BniQNrHGZAlF2FRcc3kBduuX6r0mG48XxUSmB77PrX9vb753DD5SbnPTvkn5L9jBVo9XPOxEWBU+n1SI1l5vM/WBS3vl34AtyWzqTKLFkfYoBQSHYOCst3y2CEA8VnObzLUGfzNh7fLUBk7WTk5uRUbxiprVaUmlaH93PQ1smTjM9RVdfGTmfirbw3dBgEHxBlokGXJJNCQNQNEiUiYyQlvKVhhjlcgsnePR2Eh6JTrfKo1KLmiDh1CT++9T/1o+8GvM1P+MpgtQrhmhjw6vjvvCTeXIcR6AQW5b+wLdQJ4Lh3jLzXtNkUVQKRvXK2UC6tphSnUBcRUP+hm8HNq4dNZUNUiQ3EhdigTJGP4/hbMagIycT4RSvzQR239QZT4TK4ZmJPXSLos0atorONbVGPuxYPNrzoZ3jW2HgJWe+E5wZOHgUs1LgaLV80JdZa3bI5n30CUwGW8wDZYPVePXbgmqAlz</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns0:KeyDescriptor><ns0:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</ns0:NameIDFormat><ns0:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</ns0:NameIDFormat><ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp-proxy-prod.rut.sunet.se/Saml2SP/sso/post" /><ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp-proxy-prod.rut.sunet.se/Saml2SP/sso/redirect" /></ns0:IDPSSODescriptor></ns0:EntityDescriptor>

internal-sto4-prod-monitor-1.rut.sunet.se/overlay/opt/naemon_monitor/shibboleth2.xml

@@ -0,0 +1,63 @@
+<SPConfig xmlns="urn:mace:shibboleth:3.0:native:sp:config"
+    xmlns:conf="urn:mace:shibboleth:3.0:native:sp:config"
+    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+    xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+    clockSkew="180">
+<ApplicationDefaults entityID="replaced-by-entityIDSelf"
+                         REMOTE_USER="subject-id eppn persistent-id targeted-id"
+                         metadataAttributePrefix="Meta-">
+
+        <Sessions lifetime="28800" timeout="36000" relayState="ss:mem"
+                   redirectLimit="exact"
+                  checkAddress="false" handlerSSL="true" cookieProps="http">
+            <Logout>SAML2 Local</Logout>
+
+       <SessionInitiator type="Chaining" Location="/satosa" id="satosa"
+		             entityID="https://idp-proxy-prod.rut.sunet.se/Saml2IDP/proxy.xml">
+             <SessionInitiator type="SAML2" template="bindingTemplate.html"/>
+            </SessionInitiator>
+
+    <SessionInitiator type="Chaining" Location="/DS/Login" id="swamid-ds-default" relayState="cookie">
+       <SessionInitiator type="SAML2" defaultACSIndex="1" acsByIndex="false" template="bindingTemplate.html"/>
+       <SessionInitiator type="Shib1" defaultACSIndex="5"/>
+       <SessionInitiator type="SAMLDS" URL="https://service.seamlessaccess.org/ds/"/>
+    </SessionInitiator>
+
+            <md:AssertionConsumerService Location="/SAML2/POST" index="1"
+                Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+                conf:ignoreNoPassive="true"/>
+
+            <Handler type="MetadataGenerator" Location="/Metadata" signing="false"/>
+            <Handler type="Status" Location="/Status" acl="127.0.0.1 ::1"/>
+            <Handler type="Session" Location="/Session" showAttributeValues="false"/>
+            <Handler type="DiscoveryFeed" Location="/DiscoFeed"/>
+
+            <md:ArtifactResolutionService Location="/Artifact/SOAP" index="1"
+                Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"/>
+
+        </Sessions>
+
+        <Errors supportContact="webmaster@example.org"
+            helpLocation="/about.html"
+            styleSheet="/shibboleth-sp/main.css"/>
+	<MetadataProvider type="XML" path="/etc/shibboleth/satosa.xml"/>
+        <MetadataProvider type="MDQ" id="mdq.swamid.se" ignoreTransport="true" cacheDirectory="mdq.swamid.se"
+		    baseUrl="https://mds.swamid.se/">
+            <MetadataFilter type="Signature" certificate="md-signer2.crt"/>
+            <MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/>
+        </MetadataProvider>
+
+       <AttributeExtractor type="XML" validate="true" reloadChanges="false" path="attribute-map.xml"/>
+
+        <AttributeResolver type="Query" subjectMatch="true"/>
+
+        <AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/>
+
+        <CredentialResolver type="File" key="certs/sp-key.pem" certificate="certs/sp-cert.pem"/>
+    </ApplicationDefaults>
+    <SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/>
+
+    <ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/>
+
+</SPConfig>

internal-sto4-prod-satosa-1.rut.sunet.se/README

@@ -0,0 +1,3 @@
+
+The system documentation is in the docs directory of the multiverse repository.
+

internal-sto4-prod-satosa-1.rut.sunet.se/overlay/etc/hiera/data/local.eyaml

@@ -0,0 +1,64 @@
+---
+satosa_state_encryption_key: ENC[PKCS7,MIIDDAYJKoZIhvcNAQcDoIIC/TCCAvkCAQAxggKUMIICkAIBADB4MGAxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxMTAvBgNVBAMMKGludGVybmFsLXN0bzQtcHJvZC1zYXRvc2EtMS5ydXQuc3VuZXQuc2UCFDilV3fdQUg0aPywPJJ0GM2uvsMDMA0GCSqGSIb3DQEBAQUABIICADgF/Yn8phsDke8RCJglzN780viX7d9x38a0HSEeiWSiQ7b0TnG15Yrb5diAk566Dk1lzOvUmRnFI1oGqtuPmDcOiwDkgMh8cYkOHmimEm5AbToPQDHIysnoKgqSZkXCmP7eQBN4df6mqogqbZvueDSbQbT7FJfF7rOBl9PmTi9FzYBa9XgeIBiaGQkkQ6SgsWE5dYW28nEWjzg3774VljY5cWctIUwZq8cXE2olCu3yd++KzkOrNnikVPfPvQL11YVRJdjCJraEG3HVtDqsotoqco33uAnCKqvm+axCNz69KT/n9/dMNhNdLVE39bKP8V22kTkVMS3oggid9QA4nasqHakjW4HPg+gpcpPqm9/YGc15U/lmle43eOTU+upA7kRSfKhpr9meRYZ22fsWo4j8qrIKBnREqgKrW2ppq1FV6h1xruNfai/UE2vg4/rqxbQ/vYqpPGi204T24kgOk6w6tryEGL9U0/Trk/tLOeeNX4/UiIojFbxBsiLSGq4DT93fUDhkxxLepWn+IEpR9bqK+O/MpOqdGqDVijl6A1Bk3p1ChSds/q251hD855ax0VSU9Z2B1T8IqucoA9lzVSAXO84gJl1UlbLjeox1oCEXckIgWPRmxhu58lV+H06qv4S3AB8mUsG3mkwrCvjZIF7TXz69JDM1pTaORdsD2o2bMFwGCSqGSIb3DQEHATAdBglghkgBZQMEASoEEPcj2V0vTC/RsBrzbq2HwEGAMIKZ7IQR3YGLuLUiC3QBrJ3YQ1n4Cw9oJlpsWlXpQt/zM5C1xCg+fAC6cMeHvZzyNg==]
+satosa_user_id_hash_salt: ENC[PKCS7,MIIDDAYJKoZIhvcNAQcDoIIC/TCCAvkCAQAxggKUMIICkAIBADB4MGAxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxMTAvBgNVBAMMKGludGVybmFsLXN0bzQtcHJvZC1zYXRvc2EtMS5ydXQuc3VuZXQuc2UCFDilV3fdQUg0aPywPJJ0GM2uvsMDMA0GCSqGSIb3DQEBAQUABIICAKhEPTtYeIKQ5l5L5zoQqT1lwcHXeSkmMl5Y4THFd9Wm5ydCywmMSsX/YuZF3hOkIIXlh4r03aC4BFlYkrBf1+SURsFjFsJu0VFBmmbIyZx5DKObuL9y5KUp7PJjJU/pcimaKNm4rYeGDEkIOI6igBJQyU/0KWrIf/1rJQ3eX+zCCZT14otwro/4ggpHAAAgHnWduif8Fb3X3ihLNHXgD/2qNpMEHyMn/S+USeGzo6QccNfVjxX04PMcz5EbFNoaYDhoPDf9EQR2JueozBN4vE10P6QnMdCkEGHWH40VquCld492y0NchTFuKR98eG66pSWi9FExlQfUk1LtPi0XYSdPvAhCRIpr22PnxW+IqBo6+KOR5eIEl8wcmCceJcGf9lDbIt3ub/Fw1IsiCBjRoXUvWbEjdTAfHmgEniozLPHUFDIXZLWJWLJpGqp39wpgg5gwvflD2ZlA1WHztQgy5/sDT3/nfAfJtdglruZ473WlkljO7LwUwUpO8Rw4qI6W8MXOQc++dxrl0NRN/hAIpLt0Y1gqn/W5wSaNinCVVf+qFPlIVN7gEfgC0Mf8vPJTDvO9QGYPOoa1L0Er0ZyOhbAGejCGsFqH9ER325pOUTYGJocpwJ5oA+f305vZt9FpOxrqVlwBBD0KKp8wpomgIf67s3ndRARDJR7hkqcUzhSsMFwGCSqGSIb3DQEHATAdBglghkgBZQMEASoEEHOa0MSShjukNFu+36Rh38+AMJgnqctATmTX3r26s6dh/JZ7qnE0tI+7tPyeZhzr0F8dljG+n+kB8MGSaZoDX9P91w==]
+
+cdb:
+  platform:
+    response_types:
+      - code
+      - id_token
+    client_id: ENC[PKCS7,MIIDDAYJKoZIhvcNAQcDoIIC/TCCAvkCAQAxggKUMIICkAIBADB4MGAxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxMTAvBgNVBAMMKGludGVybmFsLXN0bzQtcHJvZC1zYXRvc2EtMS5ydXQuc3VuZXQuc2UCFDilV3fdQUg0aPywPJJ0GM2uvsMDMA0GCSqGSIb3DQEBAQUABIICABy0a4B/sZi3akyQTRA4xhpwQ8Xob9mFFgXyc76qP+e6ifSpR5DG/54JcyBsAiguh0QcUWyV40QWfcnp/XW/EpEJlnD321q3Njk7ez6Y+2T9+OI0ij2nrCBh12u0kTsccjZPZ/IU7F/e7hEKtFEiSzg97/RTz9CCCAeytUBnPSRbeDA2FKSOsK0zZfww9NreO2j9QoQPAE6c0to4LktfxStk4XNHDmSnem8pAdnxknkeaoJbyBGGNDL/YwRCCSVGn2Xoj58ZEdPZbkmYNtbpqKnXI67hID6ONF+CK70UnMHYH4P5Xt4lODQV/c1SrxNenwOfqLEe2C/OGTyQUINE113wUXzQrol4NcNUbOpN6TWi6V3DFO2by+ZzAjx49K2nia2IOipz5cVyVJgBh14gSM+q8yQGTcmVJev7MADdLcNgqVJ4zGg7joJpZLmurmJqHYBe5CreUwrtRrpvE3F7ZLTlq3gXyyFHpfWPO+utBs39xhw593BKWglzoS8a6Rmio6nzl/HZubwB5ix5qvbGq5PlovpjqXKLqyDsmbaP95V4AccOHsmE2L/u4b+zAV/g4azn3gus/3iYfyiqx/y2yNfxkA646qAUdX6Je1lAmcksU2z43nFb7sbwt9z+uhc+q1V+Kh0+FR18qjxcdp8BrQSDuTmKuXxYftRSj3KB8hBbMFwGCSqGSIb3DQEHATAdBglghkgBZQMEASoEEFSNLHDLj+yg75iuRL01F5aAMIGcWKYcitnxZHfsq1JqcihmNakuzmEDY8IY1FPXJ2WuROhb9Uk8pZIaewQ3HWCLLw==]
+    client_secret: ENC[PKCS7,MIIDDAYJKoZIhvcNAQcDoIIC/TCCAvkCAQAxggKUMIICkAIBADB4MGAxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxMTAvBgNVBAMMKGludGVybmFsLXN0bzQtcHJvZC1zYXRvc2EtMS5ydXQuc3VuZXQuc2UCFDilV3fdQUg0aPywPJJ0GM2uvsMDMA0GCSqGSIb3DQEBAQUABIICAEpVg15gQp1C5V7lJXoC3b9hc5L69tif8Gl+FsCPbUw9Xd8Px/8vWpb/PitFw1N7KuLut5zLy9/hVgCJhtfkh/+XWmxoMjGj6QlJxNu8/IErRVsyqQvb9hsRoEkEGM1lwUu1mCCaLtzYBNS0gFCTSBK9snm1+hUH+Wv0BU/yDRDGvRdpMxROGx9mHO7Bgci+qvSMGwKgfVk8x6OYZqqIQHDtEQpGEpN1Blb9YwWkH8WmJP3Oha+iKjLkLIyf7ZtQJE/D6fNBFtYo7HoM5KQ4UoGq4NTjr11Zlhqk/tYv22fwXS+zRWLWnzcMUIQQz2n7+eKb5RqQesttbp7LKqpQcuLIh9Nn/8VohyCVFyjj3pTzO8hrDuDqgCoSE3WMW9x+hFh3YNN4+cleZDTJRQjbjNxZI0kYnPa3S533LAgM6H3m+EiU8eTMidMxNAkGAlduQRFuCqFQ5nLW1FxMDdQX6MJImKvfZqhzOdNVob8YEAEjBvpJoBEvRt1Ju9AZc61lewUs79HSRtM6020yFpCEZw3ZGDC0hfrAYv9aNX2kuF0aaJ+A68g7D2OYgweg0kBmZhNzH9Gd84fUOEVgPaPMTEv/ScT/2vEDOT1n7UJYdWmwmqavWFfMnA48ab6ghqhF78m6yKalzmkVrN/E2HJwb5c3mz0fnCszZROUVp48DGLNMFwGCSqGSIb3DQEHATAdBglghkgBZQMEASoEEBhFxYGgc8/1lcFZ4AQ5dj6AMJ+tBmKYLA+JtUeqtcy76v8hXdNgXa9x6WfLvCRNLEsSvlRQc2dWJL/MvsKTfv2/nw==]
+    claims_supported:
+      - id_token
+    redirect_uris:
+      - 'https://rut.sunet.se/user/oauth2/platform/callback'
+    allowed_scope_values:
+      - profile
+      - email
+
+oidc_frontend:
+  name: oidc-front
+  config:
+     db_uri: ENC[PKCS7,MIIDPQYJKoZIhvcNAQcDoIIDLjCCAyoCAQAxggKUMIICkAIBADB4MGAxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxMTAvBgNVBAMMKGludGVybmFsLXN0bzQtcHJvZC1zYXRvc2EtMS5ydXQuc3VuZXQuc2UCFDilV3fdQUg0aPywPJJ0GM2uvsMDMA0GCSqGSIb3DQEBAQUABIICAE8DqBazePM06MxyrL/nIWmm+BY3ReGoViCdVxwsa4qf3thsygeWW14NM54x44mpoYfYsBFn6tzj5s0vskjAcz9mTWEadNalX5kH1cJVX0qS5FA+7JgjqcJzEO/a85VZrlKa9+CnT6/zqHKyaeuwdnkcAVlzv9dgcBVMW1Exrpr2w+3YfHWG/imtppK7faK/+r9pfGKfCwD0B+01Kd6UvStAasxvu2VwVvM+GIuabIKMcaR1k2wTjszTb5OEkVZcuJ3XvYq0auSywAywzLeaEPmodH7/Vzh7JdpeHZmUWei8OfVGlVTQ4Vjwl1YXFffvI6eucT5AdV2W2QAl3nHUkSjH2EaMxy9d7AaJTKnABKrH0nZ2knDrjOO2/+J3JNgfQvh9FAdr/9kR8Fu9yiLkgr2Tru/05PdG2L+eFTzHMYAjc2MqdiPb+HQXDY9q3eSHuoLc/obIW+z/8zrBPv+8dqR2dYvmhZzVZWP8tf3uqoMlKISGvag88Rz0043BGjC5UR+cbBXnG7YXLNda9MsthPVU8iY9NAgkmPHO+TJ/vPyfMnZ2kuTG0iU/EE8CZ5o7zVfsu82wFymodjmeYiXV9+oC28POwHkLoQ5gLxwEMBEs7w9OqRy+ip8aMNETzhBYlUrBBOqgL10+fABfCAgIBIMb71xtfCEB0DMXYcbltG93MIGMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAKTI4cIh0210pIV0nouZ7FgGAEXsGpi7Gmt1o7dPcx6n0HT+IDQkl1YZGQ5WVTG4y8IKZhvFc/SwqAHXzOLXgCVleSwJ7EVDzyovzta+7VxJVqJF8pnRntIUkeQRieodJNGp9UtFPP0HPURVPDKdvDMXw=]
+     signing_key_path: frontend.key
+     client_db_path: cdb.json
+     backend_name: Saml2SP
+     provider:
+       client_registration_supported: Yes
+       response_types_supported: ["code", "id_token token"]
+       subject_types_supported: ["pairwise"]
+       scopes_supported: ["openid", "email"]
+       authorization_code_lifetime: 300
+       access_token_lifetime: 300
+  module: satosa.frontends.openid_connect.OpenIDConnectFrontend
+  plugin: FrontendModulePlugin
+
+idp-proxy-prod_rut_sunet_se_ssh_key: >
+     ENC[PKCS7,MIIEoAYJKoZIhvcNAQcDoIIEkTCCBI0CAQAxggKUMIICkAIBAD
+     B4MGAxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRV
+     lBTUwxMTAvBgNVBAMMKGludGVybmFsLXN0bzQtcHJvZC1zYXRvc2EtMS5ydX
+     Quc3VuZXQuc2UCFDilV3fdQUg0aPywPJJ0GM2uvsMDMA0GCSqGSIb3DQEBAQ
+     UABIICAL2GXaji+sD62C//AF5aoaP+SYym1LIhpcPHlHK2/QUExo/Wpe5gmu
+     JhCPcqMleIESMJqi76E1fxmJFPFcfeN734J4H0ARHxr7ajvZJocQrseaQe5J
+     dUHQxaX9EQ3yUFEIJgv63F3xoSePNsMfi6LzJHY6dda+1sFe6JxeiOAi6Twr
+     UqmwXOTz8COf4PWToZwmguXpmjJkWh+pKRSCPFHRqvFrIP+BBAgjujNuqsH5
+     4UbwW6zNqM0suB41rmQB4NNHUJyxPHbcgBBukUvHVl8TRirZ8dX2tY5WD5Dm
+     HYWtplrEN3RccKoxy4/1bS2wsi/t/CBOyR0ulDybDlQw0ilWmxRsGGqhTVzI
+     gz84mngOadEZtZ7qJVv32xkyBLT4cuO+MHThC+AAwQEKYdEyYzppuuQgcRWr
+     wt1nfmtdFbEWQfG3qBrn79CVWwXn/RgrGoUZYaJk/l9DmvDQxxZz30kLKAOa
+     gOaqD8T2yD84sjfg3sEW6lHdkMASJ2TfE7Pn6BVddMa/JALBEHBmg0LXB/5H
+     BlMNz+Aw9TfwBfUUVC2H4jDIlX8we8TfrnWfOn143Anc8YlqXMmo9ieNl/oa
+     GcQgWY/eKIxsAVUs/snan1rcz3nsQuV96+6nF2F0xtP4XW6Ca+lpRNGK22WY
+     sZC7bdfBs9VIWGjBCfFiSZzltXnG2SMIIB7gYJKoZIhvcNAQcBMB0GCWCGSA
+     FlAwQBKgQQIYTkg4FNCZemprlm5S/t24CCAcCyVizlNN+hfUtWIv/43bB+hf
+     hJh+3odQvMfA9urvvQH50xveIPtFEJmIvkVXwEhJFof+4+W1O/CkEuGc3WUX
+     G6mzMWJ1jtzsiG9P9B4/7hm7LPKNecRFYOZum8Rd+gz+41lv/Ixe6/vXnfdN
+     dgfmcMPmZGc+/GzEJi+u3jEt1QdLDw3FvTKUT3+8rnJgB4MQNN8/CVEtIAqF
+     L49Gx+rKRxol/+FhlL/hQP8i8n+uhjF8nBLQaz50oMqMr0kAsSfjbgFLlUsC
+     rLigcbH0i7bUrqcHEFSlr7Pgmt64+++/IXT+I4yYG/aSn5P6awoUlrRpyE0g
+     2bTSHCD/zyAj9JLA8ZrZdQMrFAcuOcJn/wM+uRTlcOgcDIvh0sgJ7BL+FptZ
+     nvI2KRB4sUeqiBGvepOEkwyejtCHp7/CTMUbxDE7jeYA/RuuUssSJLu5mjVS
+     IhycgM7auh+gdM+zxRD3uWMgEDd9vfGoRdJhPZmVBIbebmL/rXvDqOWTva12
+     7SVYvy9kvijZWbmdtO22CxhXYT0Lzbe4iPYzFgp5Jh2g6Lbcu3n1Bf3uB5vg
+     SYceaklMdlwsnha2OmS99wa4ClIlv9663K]

internal-sto4-prod-satosa-1.rut.sunet.se/overlay/etc/hiera/data/local.yaml

@@ -0,0 +1,169 @@
+---
+satosa_config:
+   saml2_backend: "/etc/satosa/plugins/saml2_backend.yaml"
+   oidc_frontend: "/etc/satosa/plugins/oidc_frontend.yaml"
+   saml2_frontend: "/etc/satosa/plugins/saml2_frontend.yaml"
+   internal_attributes: "/etc/satosa/internal_attributes.yaml"
+   attribute_authorization: "/etc/satosa/plugins/attribute_authorization.yaml"
+   healthcheck: "/etc/satosa/plugins/healthcheck.yaml"
+
+satosa_json_config:
+  cdb: "/etc/satosa/cdb.json"
+
+attribute_authorization:
+   module: satosa.micro_services.attribute_authorization.AttributeAuthorization
+   plugin: AttributeAuthorization
+   name: AttributeAuthorization
+   config:
+      force_attributes_presence_on_allow: true
+      attribute_allow:
+         default:
+            rut:
+               subject-id:
+                  - "."
+            default:
+               edupersonscopedaffiliation:
+                  - "member@"
+               subject-id:
+                  - "."
+healthcheck:
+   module: swamid_plugins.healthcheck.HealthCheck
+   name: HealthCheck
+internal_attributes:
+   attributes:
+      name:
+        openid: [name]
+        saml: [displayName]
+      givenname:
+         saml: [givenName]
+         openid: [given_name]
+      surname:
+        saml: [sn]
+        openid: [family_name]
+      mail:
+        openid: [email]
+        saml: [mail]
+      subject-id:
+        openid: [sub]
+        saml: [subject-id, eduPersonPrincipalName]
+      edupersonscopedaffiliation:
+        saml: [eduPersonScopedAffiliation]
+        openid: [scoped-affiliation]
+satosa_proxy_conf:
+   BASE: https://idp-proxy-prod.rut.sunet.se
+   INTERNAL_ATTRIBUTES: "internal_attributes.yaml"
+   BACKEND_MODULES:
+      - "plugins/saml2_backend.yaml"
+   FRONTEND_MODULES:
+      - "plugins/oidc_frontend.yaml"
+      - "plugins/saml2_frontend.yaml"
+   MICRO_SERVICES:
+      - "plugins/attribute_authorization.yaml"
+      - "plugins/healthcheck.yaml"
+   LOGGING:
+     version: 1
+     formatters:
+        default:
+           format: "%(asctime)s [%(process)d] [%(levelname)s] %(message)s"
+     handlers:
+        console:
+           class: logging.StreamHandler
+           level: DEBUG
+           formatter: default
+           stream: ext://sys.stdout
+     loggers:
+        satosa:
+           level: DEBUG
+           handlers: [console]
+        saml2:
+           level: DEBUG
+           handlers: [console]
+        swamid_plugins:
+           level: DEBUG
+           handlers: [console]
+saml2_backend:
+  config:
+    sp_config:
+      organization: {display_name: RUT services (Prod), name: RUT services (Prod), url: 'https://rut.sunet.se'}
+      contact_person:
+        - {contact_type: technical, email_address: noc@sunet.se, given_name: Technical}
+        - {contact_type: support, email_address: noc@sunet.se, given_name: Support}
+      key_file: backend.key
+      cert_file: backend.crt
+      encryption_keypairs:
+        - { key_file: backend.key, cert_file: backend.crt }
+      allow_unknown_attributes: true
+      metadata:
+        mdq:
+         - url: https://mds.swamid.se
+           cert: "/etc/satosa/md-signer2.crt"
+      entityid: https://idp-proxy-prod.rut.sunet.se/sp
+      accepted_time_diff: 180
+      service:
+        sp:
+          name_id_format: ['urn:oasis:names:tc:SAML:2.0:nameid-format:transient']
+          allow_unsolicited: true
+          endpoints:
+            assertion_consumer_service:
+              - [<base_url>/<name>/acs/post, 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST']
+              - [<base_url>/<name>/acs/redirect, 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect']
+            discovery_response:
+              - [<base_url>/<name>/disco, 'urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol']
+          want_response_signed: False
+          want_assertions_signed: False
+          want_assertions_or_response_signed: True
+      xmlsec_binary: /usr/bin/xmlsec1
+      # We can't find the unspecified map. Ivan recommended to remove this setting
+      # attribute_map_dir: attributemaps
+    disco_srv: https://service.seamlessaccess.org/ds/
+    attribute_profile: saml
+  module: satosa.backends.saml2.SAMLBackend
+  name: Saml2SP
+  plugin: BackendModulePlugin
+
+saml2_frontend:
+  module: satosa.frontends.saml2.SAMLFrontend
+  name: Saml2IDP
+  config:
+    #acr_mapping:
+    #  "": default-LoA
+    #  "https://accounts.google.com": LoA1
+
+    endpoints:
+      single_sign_on_service:
+        'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST': sso/post
+        'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect': sso/redirect
+
+    # If configured and not false or empty the common domain cookie _saml_idp will be set
+    # with or have appended the IdP used for authentication. The default is not to set the
+    # cookie. If the value is a dictionary with key 'domain' then the domain for the cookie
+    # will be set to the value for the 'domain' key. If no 'domain' is set then the domain
+    # from the BASE defined for the proxy will be used.
+    #common_domain_cookie:
+    #  domain: .example.com
+
+    entityid_endpoint: true
+    enable_metadata_reload: no
+
+    idp_config:
+      key_file: frontend.key
+      cert_file: frontend.crt
+      metadata:
+        local: [metadata/monitor.xml]
+
+      entityid: <base_url>/<name>/proxy.xml
+      accepted_time_diff: 60
+      service:
+        idp:
+          endpoints:
+            single_sign_on_service: []
+          name: Proxy IdP
+          name_id_format: ['urn:oasis:names:tc:SAML:2.0:nameid-format:persistent', 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient']
+          policy:
+            default:
+              attribute_restrictions: null
+              fail_on_missing_requested: false
+              lifetime: {minutes: 15}
+              name_form: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
+              encrypt_assertion: false
+              encrypted_advice_attributes: false 

internal-sto4-prod-satosa-1.rut.sunet.se/overlay/etc/satosa/metadata/monitor.xml

@@ -0,0 +1,85 @@
+<!--
+This is example metadata only. Do *NOT* supply it as is without review,
+and do *NOT* provide it in real time to your partners.
+ -->
+<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_ba1e79455f81f432242d9ad79bb2a45c219e648e" entityID="https://monitor-prod.rut.sunet.se">
+
+  <md:Extensions xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport">
+    <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
+    <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/>
+    <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+    <alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/>
+    <alg:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+    <alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
+  </md:Extensions>
+
+  <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+    <md:Extensions>
+      <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://monitor-prod.rut.sunet.se/Shibboleth.sso/satosa"/>
+      <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://monitor-prod.rut.sunet.se/Shibboleth.sso/DS/Login"/>
+      <idpdisc:DiscoveryResponse xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://monitor-prod.rut.sunet.se/Shibboleth.sso/DS/Login" index="1"/>
+    </md:Extensions>
+    <md:KeyDescriptor>
+      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+        <ds:KeyName>9a2910f9b411</ds:KeyName>
+        <ds:X509Data>
+          <ds:X509SubjectName>CN=9a2910f9b411</ds:X509SubjectName>
+          <ds:X509Certificate>MIIE9jCCAt6gAwIBAgIUQC2siQIhOLnUJaJejpRFrMN93vgwDQYJKoZIhvcNAQEL
+BQAwFzEVMBMGA1UEAxMMOWEyOTEwZjliNDExMB4XDTI1MDExNTA4NDEzMloXDTM1
+MDExMzA4NDEzMlowFzEVMBMGA1UEAxMMOWEyOTEwZjliNDExMIICIjANBgkqhkiG
+9w0BAQEFAAOCAg8AMIICCgKCAgEA2O94UukI29xxsHQLBt/vD5hnsHi8JEBjuTE9
+EgahpzyJ8mDKy9f64XAhlY/YoBvOMUSzaz3vilOWjRFr/Fhv2PyxhKEJH56PNWrf
+tcwbXn0br6wDHaZfCETST7ycAlfHKTGhJhhzabjZc7JGr2yHIwXvzuNnWCSsnrjX
+TnZ21IbYvWx+HP/pZGxU6VRhMMobY8IwS+Eidr0M8tsSwHFpvacfQvimis41oZpZ
+nZXtZVKLcjNiEGnKDyMekKcTnnqBqvvZLpkX+XqO9/LY1W6rUh0mGJv9p8vix0w+
+ghYhwQ681X4y2HuIjEKPV/8Y5Ki4quZnrP4mk4zoZujlz8203CvyFjIf+u/QYxEC
+2R0CbtFHqS78D9sOtdsv7dbP+0Zhtt50BEjuHXjhuoA4+yrnweNQ9ydy8lCkG4IW
+fofGZNP14prgd9JwMCRovDlsYeYvV2cxXUv2I2Zfb1pHgZkdcqVqK+0hp0QJJesZ
+lWsnXqi8PrmpZ9VXNqLc14Aswao9IBwzLs2AwP8IE2Ad1NOjtjpBGTt86kAw+mQ5
+Vm25Bd1cr1eiFN9+zUpelIdCpYvwM6yqKwwWsHc3yEWXhRULlNqVshgAktF+SeNY
+puCaehnZItJBwNuTBkh57fqe+STY6m2QiBrcCARVIfrjrVlZOaKbx22uB82y3jBc
+0RScu7sCAwEAAaM6MDgwFwYDVR0RBBAwDoIMOWEyOTEwZjliNDExMB0GA1UdDgQW
+BBR1WO59XdJjeoiH134cDqwMFqTYHDANBgkqhkiG9w0BAQsFAAOCAgEAxqcdvMsn
+Siihvvs8D93dKvUSFlkAYiKhVSclPJlTp/HqvNO/990ORawaUq5VpRYEEQKe9JLt
+J0xmCAa3f5X15xWO365eMBrzG9/qkODBpaG8ABXQM0K8FIu2kj/kNLD+qO3I62tL
+uQcrjkV4cWDRMpYPgUvIDYZv3dtVzmAFrMsteSDHz8AXc+WWiX1ZLNAtZOFJNQdJ
+88HSKDhPqGgLWGw6q+aG/qsUTNR5CbYAP7g3lm9580ct3M9ngUyen/HT0m2UzlXJ
+D3yTVSfhbaKpZ1C9eLmumfhFVnQpgxyTM8d71Ep6+68zYVEChiO4IbpfVC+loe76
+1WGAy4gKqLBFPJ957LCE7wYo0QjFhPxdvH58xxAiuQLIMNylA5bid3qMUWTt1VfS
+aM2QWccIO4z4jX5qYRllyQncPlJFQI3E79Y6xf/ryHoU4ejIjYFZ0mz2MdyMmvZW
+HsJ4ZjeJqwbhXMwGmEhnj2peJsbx9ot4dhzhhqoCzsCdE3z9ErNspAe6pEn+5zbK
+WEZUyyiSdet6Ct2LObiSpiQQH+/Nj+wDIdIiqWDi66vA0d7IcOJzVPlj3/DPQ9oq
+OgrMtDWPoLCWV+uiBW6sEimsNZ89lkmy64Zpfb7MiHpo3ZG3+zURBYGiGVyCfyau
+bl6IS2aF7kck4M3bEes9UBtd+6xfQBuE8Yg=
+</ds:X509Certificate>
+        </ds:X509Data>
+      </ds:KeyInfo>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes192-gcm"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep"/>
+      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
+    </md:KeyDescriptor>
+    <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://monitor-prod.rut.sunet.se/Shibboleth.sso/Artifact/SOAP" index="1"/>
+    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://monitor-prod.rut.sunet.se/Shibboleth.sso/SLO/SOAP"/>
+    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://monitor-prod.rut.sunet.se/Shibboleth.sso/SLO/Redirect"/>
+    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://monitor-prod.rut.sunet.se/Shibboleth.sso/SLO/POST"/>
+    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://monitor-prod.rut.sunet.se/Shibboleth.sso/SLO/Artifact"/>
+    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://monitor-prod.rut.sunet.se/Shibboleth.sso/SAML2/POST" index="1"/>
+  </md:SPSSODescriptor>
+
+</md:EntityDescriptor>

kubernetes.tf

@@ -0,0 +1,245 @@
+
+
+resource "openstack_compute_servergroup_v2" "workers" {
+  name     = "workers"
+  policies = ["anti-affinity"]
+}
+resource "openstack_compute_servergroup_v2" "controllers" {
+  name     = "controllers"
+  policies = ["anti-affinity"]
+}
+
+resource "openstack_networking_secgroup_v2" "microk8s" {
+  name        = "microk8s"
+  description = "Traffic to allow between microk8s hosts"
+}
+
+resource "openstack_networking_secgroup_rule_v2" "microk8s_rule1" {
+  #We never know where Richard is, so allow from all of the known internet
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 16443
+  port_range_max    = 16443
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = openstack_networking_secgroup_v2.microk8s.id
+}
+resource "openstack_networking_secgroup_rule_v2" "microk8s_rule2" {
+  #We never know where Richard is, so allow from all of the known internet
+  direction         = "ingress"
+  ethertype         = "IPv6"
+  protocol          = "tcp"
+  port_range_min    = 16443
+  port_range_max    = 16443
+  remote_ip_prefix  = "::/0"
+  security_group_id = openstack_networking_secgroup_v2.microk8s.id
+}
+resource "openstack_networking_secgroup_rule_v2" "microk8s_rule3" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 10250
+  port_range_max    = 10250
+  remote_group_id   = openstack_networking_secgroup_v2.microk8s.id
+  security_group_id = openstack_networking_secgroup_v2.microk8s.id
+}
+resource "openstack_networking_secgroup_rule_v2" "microk8s_rule4" {
+  direction         = "ingress"
+  ethertype         = "IPv6"
+  protocol          = "tcp"
+  port_range_min    = 10250
+  port_range_max    = 10250
+  remote_group_id   = openstack_networking_secgroup_v2.microk8s.id
+  security_group_id = openstack_networking_secgroup_v2.microk8s.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "microk8s_rule5" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 10255
+  port_range_max    = 10255
+  remote_group_id   = openstack_networking_secgroup_v2.microk8s.id
+  security_group_id = openstack_networking_secgroup_v2.microk8s.id
+}
+resource "openstack_networking_secgroup_rule_v2" "microk8s_rule6" {
+  direction         = "ingress"
+  ethertype         = "IPv6"
+  protocol          = "tcp"
+  port_range_min    = 10255
+  port_range_max    = 10255
+  remote_group_id   = openstack_networking_secgroup_v2.microk8s.id
+  security_group_id = openstack_networking_secgroup_v2.microk8s.id
+}
+resource "openstack_networking_secgroup_rule_v2" "microk8s_rule7" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 25000
+  port_range_max    = 25000
+  remote_group_id   = openstack_networking_secgroup_v2.microk8s.id
+  security_group_id = openstack_networking_secgroup_v2.microk8s.id
+}
+resource "openstack_networking_secgroup_rule_v2" "microk8s_rule8" {
+  direction         = "ingress"
+  ethertype         = "IPv6"
+  protocol          = "tcp"
+  port_range_min    = 25000
+  port_range_max    = 25000
+  remote_group_id   = openstack_networking_secgroup_v2.microk8s.id
+  security_group_id = openstack_networking_secgroup_v2.microk8s.id
+}
+resource "openstack_networking_secgroup_rule_v2" "microk8s_rule9" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 12379
+  port_range_max    = 12379
+  remote_group_id   = openstack_networking_secgroup_v2.microk8s.id
+  security_group_id = openstack_networking_secgroup_v2.microk8s.id
+}
+resource "openstack_networking_secgroup_rule_v2" "microk8s_rule10" {
+  direction         = "ingress"
+  ethertype         = "IPv6"
+  protocol          = "tcp"
+  port_range_min    = 12379
+  port_range_max    = 12379
+  remote_group_id   = openstack_networking_secgroup_v2.microk8s.id
+  security_group_id = openstack_networking_secgroup_v2.microk8s.id
+}
+resource "openstack_networking_secgroup_rule_v2" "microk8s_rule11" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 10257
+  port_range_max    = 10257
+  remote_group_id   = openstack_networking_secgroup_v2.microk8s.id
+  security_group_id = openstack_networking_secgroup_v2.microk8s.id
+}
+resource "openstack_networking_secgroup_rule_v2" "microk8s_rule12" {
+  direction         = "ingress"
+  ethertype         = "IPv6"
+  protocol          = "tcp"
+  port_range_min    = 10257
+  port_range_max    = 10257
+  remote_group_id   = openstack_networking_secgroup_v2.microk8s.id
+  security_group_id = openstack_networking_secgroup_v2.microk8s.id
+}
+resource "openstack_networking_secgroup_rule_v2" "microk8s_rule13" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 10259
+  port_range_max    = 10259
+  remote_group_id   = openstack_networking_secgroup_v2.microk8s.id
+  security_group_id = openstack_networking_secgroup_v2.microk8s.id
+}
+resource "openstack_networking_secgroup_rule_v2" "microk8s_rule14" {
+  direction         = "ingress"
+  ethertype         = "IPv6"
+  protocol          = "tcp"
+  port_range_min    = 10259
+  port_range_max    = 10259
+  remote_group_id   = openstack_networking_secgroup_v2.microk8s.id
+  security_group_id = openstack_networking_secgroup_v2.microk8s.id
+}
+resource "openstack_networking_secgroup_rule_v2" "microk8s_rule15" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 19001
+  port_range_max    = 19001
+  remote_group_id   = openstack_networking_secgroup_v2.microk8s.id
+  security_group_id = openstack_networking_secgroup_v2.microk8s.id
+}
+resource "openstack_networking_secgroup_rule_v2" "microk8s_rule16" {
+  direction         = "ingress"
+  ethertype         = "IPv6"
+  protocol          = "tcp"
+  port_range_min    = 19001
+  port_range_max    = 19001
+  remote_group_id   = openstack_networking_secgroup_v2.microk8s.id
+  security_group_id = openstack_networking_secgroup_v2.microk8s.id
+}
+resource "openstack_networking_secgroup_rule_v2" "microk8s_rule17" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "udp"
+  port_range_min    = 4789
+  port_range_max    = 4789
+  remote_group_id   = openstack_networking_secgroup_v2.microk8s.id
+  security_group_id = openstack_networking_secgroup_v2.microk8s.id
+}
+resource "openstack_networking_secgroup_rule_v2" "microk8s_rule18" {
+  direction         = "ingress"
+  ethertype         = "IPv6"
+  protocol          = "udp"
+  port_range_min    = 4789
+  port_range_max    = 4789
+  remote_group_id   = openstack_networking_secgroup_v2.microk8s.id
+  security_group_id = openstack_networking_secgroup_v2.microk8s.id
+}
+resource "openstack_networking_secgroup_rule_v2" "microk8s_rule19" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 16443
+  port_range_max    = 16443
+  remote_group_id   = openstack_networking_secgroup_v2.microk8s.id
+  security_group_id = openstack_networking_secgroup_v2.microk8s.id
+}
+resource "openstack_networking_secgroup_rule_v2" "microk8s_rule20" {
+  direction         = "ingress"
+  ethertype         = "IPv6"
+  protocol          = "tcp"
+  port_range_min    = 16443
+  port_range_max    = 16443
+  remote_group_id   = openstack_networking_secgroup_v2.microk8s.id
+  security_group_id = openstack_networking_secgroup_v2.microk8s.id
+}
+
+resource "openstack_compute_instance_v2" "controller-nodes" {
+  count           = var.controller_instance_count
+  name            = "${var.controller_name}-${count.index}.${var.dns_suffix}"
+  flavor_name     = "${var.controller_instance_type}"
+  key_pair        = "thorslund"
+  security_groups = ["https", "microk8s", "Allow SSH from SUNET jumphosts", "naemon"]
+  
+
+  block_device {
+    uuid                  = "5d24aca9-11be-4de1-9770-4a097d68f361"
+    source_type           = "image"
+    volume_size           = 20
+    boot_index            = 0
+    destination_type      = "volume"
+    delete_on_termination = true
+  }
+  scheduler_hints {
+    group = openstack_compute_servergroup_v2.controllers.id
+  }
+  network {
+    name = "public"
+  }
+}
+resource "openstack_compute_instance_v2" "worker-nodes" {
+  count           = var.worker_instance_count
+  name            = "${var.worker_name}-${count.index}.${var.dns_suffix}"
+  flavor_name     = "${var.worker_instance_type}"
+  key_pair        = "thorslund"
+  security_groups = ["microk8s", "Allow SSH from SUNET jumphosts", "naemon"]
+
+  block_device {
+    uuid                  = "5d24aca9-11be-4de1-9770-4a097d68f361"
+    source_type           = "image"
+    volume_size           = 20
+    boot_index            = 0
+    destination_type      = "volume"
+    delete_on_termination = true
+  }
+  scheduler_hints {
+    group = openstack_compute_servergroup_v2.workers.id
+  }
+  network {
+    name = "public"
+  }
+}

main.tf

@@ -0,0 +1,229 @@
+# Define required providers
+terraform {
+required_version = ">= 0.14.0"
+  required_providers {
+    openstack = {
+      source  = "terraform-provider-openstack/openstack"
+      version = "~> 1.53.0"
+    }
+  }
+}
+
+# Configure the OpenStack Provider
+provider "openstack" {
+  cloud = "sto4-rut"
+}
+
+resource "openstack_networking_secgroup_v2" "naemon" {
+  name        = "naemon"
+  description = "Rule to allow naemon traffic"
+}
+resource "openstack_networking_secgroup_rule_v2" "naemon_rule1" {
+  direction             = "ingress"
+  ethertype             = "IPv4"
+  protocol              = "tcp"
+  port_range_min        = 4317
+  port_range_max        = 4318
+  remote_group_id	= openstack_networking_secgroup_v2.naemon.id
+  security_group_id     = openstack_networking_secgroup_v2.naemon.id
+}
+resource "openstack_networking_secgroup_rule_v2" "naemon_rule2" {
+  direction             = "ingress"
+  ethertype             = "IPv6"
+  protocol              = "tcp"
+  port_range_min        = 4317
+  port_range_max        = 4318
+  remote_group_id	= openstack_networking_secgroup_v2.naemon.id
+  security_group_id     = openstack_networking_secgroup_v2.naemon.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "naemon_rule3" {
+  direction             = "ingress"
+  ethertype             = "IPv4"
+  protocol              = "icmp"
+  remote_group_id	= openstack_networking_secgroup_v2.naemon.id
+  security_group_id     = openstack_networking_secgroup_v2.naemon.id
+}
+resource "openstack_networking_secgroup_rule_v2" "naemon_rule4" {
+  direction             = "ingress"
+  ethertype             = "IPv6"
+  protocol              = "ipv6-icmp"
+  remote_group_id	= openstack_networking_secgroup_v2.naemon.id
+  security_group_id     = openstack_networking_secgroup_v2.naemon.id
+}
+resource "openstack_networking_secgroup_rule_v2" "naemon_rule5" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  remote_ip_prefix  = "109.105.111.111/32"
+  security_group_id = openstack_networking_secgroup_v2.naemon.id
+}
+resource "openstack_networking_secgroup_rule_v2" "naemon_rule6" {
+  direction         = "ingress"
+  ethertype         = "IPv6"
+  protocol          = "tcp"
+  remote_ip_prefix  = "2001:948:4:6::111/128"
+  security_group_id = openstack_networking_secgroup_v2.naemon.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "naemon_rule7" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 5666
+  port_range_max    = 5666
+  remote_ip_prefix  = "89.46.21.190/32"
+  security_group_id = openstack_networking_secgroup_v2.naemon.id
+}
+resource "openstack_networking_secgroup_rule_v2" "naemon_rule8" {
+  direction         = "ingress"
+  ethertype         = "IPv6"
+  protocol          = "tcp"
+  port_range_min    = 5666
+  port_range_max    = 5666
+  remote_ip_prefix  = "2001:6b0:6c::37f/128"
+  security_group_id = openstack_networking_secgroup_v2.naemon.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "naemon_rule9" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "icmp"
+  remote_ip_prefix  = "109.105.111.111/32"
+  security_group_id = openstack_networking_secgroup_v2.naemon.id
+}
+resource "openstack_networking_secgroup_rule_v2" "naemon_rule10" {
+  direction         = "ingress"
+  ethertype         = "IPv6"
+  protocol          = "ipv6-icmp"
+  remote_ip_prefix  = "2001:948:4:6::111/128"
+  security_group_id = openstack_networking_secgroup_v2.naemon.id
+}
+
+
+resource "openstack_networking_secgroup_v2" "https" {
+  name        = "https"
+  description = "Traffic to allow between microk8s hosts"
+}
+resource "openstack_networking_secgroup_rule_v2" "https_rule1" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 443
+  port_range_max    = 443
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = openstack_networking_secgroup_v2.https.id
+}
+resource "openstack_networking_secgroup_rule_v2" "https_rule2" {
+  direction         = "ingress"
+  ethertype         = "IPv6"
+  protocol          = "tcp"
+  port_range_min    = 443
+  port_range_max    = 443
+  remote_ip_prefix  = "::/0"
+  security_group_id = openstack_networking_secgroup_v2.https.id
+}
+resource "openstack_networking_secgroup_rule_v2" "https_rule3" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 80
+  port_range_max    = 80
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = openstack_networking_secgroup_v2.https.id
+}
+resource "openstack_networking_secgroup_rule_v2" "https_rule4" {
+  direction         = "ingress"
+  ethertype         = "IPv6"
+  protocol          = "tcp"
+  port_range_min    = 80
+  port_range_max    = 80
+  remote_ip_prefix  = "::/0"
+  security_group_id = openstack_networking_secgroup_v2.https.id
+}
+resource "openstack_networking_secgroup_v2" "jumphosts" {
+  name        = "Allow SSH from SUNET jumphosts"
+  description = "Traffic to allow ssh access from jumphosts"
+}
+resource "openstack_networking_secgroup_rule_v2" "jumphosts_rule1" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 22
+  port_range_max    = 22
+  remote_ip_prefix  = "130.242.125.68/32"
+  security_group_id = openstack_networking_secgroup_v2.jumphosts.id
+}
+resource "openstack_networking_secgroup_rule_v2" "jumphosts_rule2" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 22
+  port_range_max    = 22
+  remote_ip_prefix  = "130.242.121.73/32"
+  security_group_id = openstack_networking_secgroup_v2.jumphosts.id
+}
+resource "openstack_networking_secgroup_rule_v2" "jumphosts_rule3" {
+  direction         = "ingress"
+  ethertype         = "IPv6"
+  protocol          = "tcp"
+  port_range_min    = 22
+  port_range_max    = 22
+  remote_ip_prefix  = "2001:6b0:8:4::68/128"
+  security_group_id = openstack_networking_secgroup_v2.jumphosts.id
+}
+resource "openstack_networking_secgroup_rule_v2" "jumphosts_rule4" {
+  direction         = "ingress"
+  ethertype         = "IPv6"
+  protocol          = "tcp"
+  port_range_min    = 22
+  port_range_max    = 22
+  remote_ip_prefix  = "2001:6b0:7:6::73/128"
+  security_group_id = openstack_networking_secgroup_v2.jumphosts.id
+}
+resource "openstack_compute_instance_v2" "monitor-node" {
+  name            = "internal-sto4-prod-monitor-1.${var.dns_suffix}"
+  flavor_name     = "${var.monitor_instance_type}"
+  key_pair        = "thorslund"
+  security_groups = ["https", "Allow SSH from SUNET jumphosts", "naemon"]
+  
+
+  block_device {
+    uuid                  = "5d24aca9-11be-4de1-9770-4a097d68f361" #debian 12
+    source_type           = "image"
+    volume_size           = 200
+    boot_index            = 0
+    destination_type      = "volume"
+    delete_on_termination = false
+  }
+  network {
+    name = "public"
+  }
+    scheduler_hints {
+      #We want this server on another host than the controllers. We don't want to loose a controller and the monitoring at the same time. 
+      group = openstack_compute_servergroup_v2.controllers.id 
+  }
+}
+resource "openstack_compute_instance_v2" "satosa-node" {
+  name            = "internal-sto4-prod-satosa-1.${var.dns_suffix}"
+  flavor_name     = "${var.monitor_instance_type}"
+  key_pair        = "thorslund"
+  security_groups = ["https", "Allow SSH from SUNET jumphosts", "naemon"]
+  
+
+  block_device {
+    uuid                  = "5d24aca9-11be-4de1-9770-4a097d68f361" #debian 12
+    source_type           = "image"
+    volume_size           = 20
+    boot_index            = 0
+    destination_type      = "volume"
+    delete_on_termination = false
+  }
+  network {
+    name = "public"
+  }
+    scheduler_hints {
+      #We want this server on another host than the controllers. We don't want to loose a controller and the monitoring at the same time. 
+      group = openstack_compute_servergroup_v2.controllers.id 
+  }
+}

outputs.tf

@@ -0,0 +1,6 @@
+output "monitor_ip4_addr" {
+  value = openstack_compute_instance_v2.monitor-node.access_ip_v4
+}
+output "monitor_ip6_addr" {
+  value = openstack_compute_instance_v2.monitor-node.access_ip_v6
+}

pgcluster.tf

@@ -0,0 +1,23 @@
+resource "openstack_compute_instance_v2" "pg-nodes" {
+  count           = var.pgcluster_instance_count
+  name            = "${var.pgcluster_name}-${count.index}.${var.dns_suffix}"
+  flavor_name     = "${var.pgcluster_instance_type}"
+  key_pair        = "thorslund"
+  security_groups = ["https", "microk8s", "Allow SSH from SUNET jumphosts", "naemon"]
+  
+
+  block_device {
+    uuid                  = "5d24aca9-11be-4de1-9770-4a097d68f361"
+    source_type           = "image"
+    volume_size           = 20
+    boot_index            = 0
+    destination_type      = "volume"
+    delete_on_termination = true
+  }
+  scheduler_hints {
+    group = openstack_compute_servergroup_v2.controllers.id
+  }
+  network {
+    name = "public"
+  }
+}

reboot_cluster.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+for host in *{spg,sc,sw}*.sunet.se; do
+	echo "Rebooting $host"
+	ssh $host 'systemctl reboot'
+	done
+
+

scripts/ansible_inventory.ini

@@ -0,0 +1,35 @@
+[all]
+internal-sto4-prod-k8sw-0.rut.sunet.se
+internal-sto4-prod-k8sw-4.rut.sunet.se
+internal-sto4-prod-k8sw-5.rut.sunet.se
+internal-sto4-prod-k8sc-2.rut.sunet.se
+internal-sto4-prod-k8sw-1.rut.sunet.se
+internal-sto4-prod-satosa-1.rut.sunet.se
+internal-sto4-prod-k8sw-2.rut.sunet.se
+internal-sto4-prod-k8sw-3.rut.sunet.se
+internal-sto4-prod-k8sc-1.rut.sunet.se
+internal-sto4-prod-monitor-1.rut.sunet.se
+internal-sto4-prod-k8sc-0.rut.sunet.se
+
+[worker_nodes]
+internal-sto4-prod-k8sw-0.rut.sunet.se
+internal-sto4-prod-k8sw-4.rut.sunet.se
+internal-sto4-prod-k8sw-5.rut.sunet.se
+internal-sto4-prod-k8sw-1.rut.sunet.se
+internal-sto4-prod-k8sw-2.rut.sunet.se
+internal-sto4-prod-k8sw-3.rut.sunet.se
+
+
+[control_nodes]
+internal-sto4-prod-k8sc-2.rut.sunet.se
+internal-sto4-prod-k8sc-1.rut.sunet.se
+internal-sto4-prod-k8sc-0.rut.sunet.se
+
+
+[satosa]
+internal-sto4-prod-satosa-1.rut.sunet.se
+
+
+[monitor]
+internal-sto4-prod-monitor-1.rut.sunet.se
+

scripts/ansible_playbooks/cosmos_lock.yaml

@@ -0,0 +1,12 @@
+---
+- name: Create a file to pause Cosmos
+  hosts: all
+  become: yes
+  tasks:
+    - name: Ensure the file /etc/no-automatic-cosmos exists with specific content
+      ansible.builtin.copy:
+        dest: /etc/no-automatic-cosmos
+        content: "Cosmos paused by Ansible\n"
+        owner: root
+        group: root
+        mode: '0644'

scripts/ansible_playbooks/cosmos_unlock.yaml

@@ -0,0 +1,9 @@
+---
+- name: Remove the file to resume Cosmos
+  hosts: all
+  become: yes
+  tasks:
+    - name: Remove the file /etc/no-automatic-cosmos if it exists
+      ansible.builtin.file:
+        path: /etc/no-automatic-cosmos
+        state: absent

scripts/ansible_playbooks/remove_root_password.yaml

@@ -0,0 +1,8 @@
+---
+- name: Remove root password for hosts
+  hosts: all
+  become: yes
+  tasks:
+    - name: Remove root password
+      ansible.builtin.command:
+        cmd: passwd -d root

scripts/ansible_playbooks/set_root_password.yaml

@@ -0,0 +1,21 @@
+---
+- name: Set root password for hosts
+  hosts: all
+  become: yes
+  vars_prompt:
+    - name: "root_password"
+      prompt: "Enter the new root password"
+      private: yes
+
+  tasks:
+    - name: Hash the root password on localhost
+      delegate_to: localhost
+      run_once: true
+      become: false
+      set_fact:
+        hashed_password: "{{ root_password | password_hash('sha512') }}"
+
+    - name: Set root password on target hosts
+      ansible.builtin.user:
+        name: root
+        password: "{{ hashed_password }}"

scripts/change_ttl_on_host.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+SERVERNAME=$1
+DOMAIN=rut.sunet.se
+ipv4=$(dig -t a +short $SERVERNAME)
+ipv6=$(dig -t aaaa +short $SERVERNAME)
+
+knotctl update -z $DOMAIN -n ${SERVERNAME}. -a ttl=60 -r AAAA -d $ipv6
+knotctl update -z $DOMAIN -n ${SERVERNAME}. -a ttl=60 -r A -d $ipv4
+
+

scripts/get_host_ip.sh

@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+
+SERVERNAME=$1
+export OS_CLOUD=sto4-rut
+
+OLDIPV4=$(dig -t a +short $SERVERNAME)
+OLDIPV6=$(dig -t aaaa +short $SERVERNAME)
+
+# Pull the JSON for the server with the matching name
+SERVER_JSON="$(openstack server list -f json \
+              | jq -r ".[] | select(.Name==\"$SERVERNAME\")")"
+
+# Extract the public network list as a space-separated array
+ADDRESSES="$(echo "$SERVER_JSON" \
+             | jq -r '.Networks.public[]')"
+
+# Initialize empty variables
+IPV4=""
+IPV6=""
+
+# Loop through each address in the 'public' list
+# - If it contains a colon (:), assume it's IPv6
+# - Otherwise, assume it's IPv4
+for addr in $ADDRESSES; do
+    if [[ "$addr" == *:* ]]; then
+        IPV6="$addr"
+    else
+        IPV4="$addr"
+    fi
+done
+
+echo "SS IPv4: $IPV4" "DNS IPv4: $OLDIPV4"
+echo "SS IPv6: $IPV6" "DNS IPv6: $OLDIPV6"

scripts/get_knotctl_commands.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+export OS_CLOUD=sto4-rut
+SERVER_LIST=$(openstack server list -f json | jq -r '.[] | {Name: .Name, IPv4: .Networks.public[] | select(test("^[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+$")), IPv6: .Networks.public[] | select(test("^[0-9a-fA-F:]+$"))} | [ .Name, .IPv4, .IPv6 ] | @csv' | tr -d '"')
+
+DOMAIN="rut.sunet.se"
+
+while IFS=',' read -r name ipv4 ipv6; do
+	echo "knotctl add -r A -z $DOMAIN -n $name. -d $ipv4"
+	echo "knotctl add -r AAAA -z $DOMAIN -n $name. -d $ipv6"
+done <<< "$SERVER_LIST"

scripts/make_ansible_inventory.sh

@@ -0,0 +1,40 @@
+#!/bin/bash
+
+SERVER_LIST=$(openstack server list -f json | jq -r '.[] | .Name')
+
+INVENTORY_FILE="ansible_inventory.ini"
+
+rm -f $INVENTORY_FILE
+
+echo "[all]" > $INVENTORY_FILE
+
+WORKER_NODES_SECTION=""
+CONTROL_NODES_SECTION=""
+SATOSA_SECTION=""
+MONITOR_SECTION=""
+
+while read -r name; do
+    echo "$name" >> $INVENTORY_FILE
+
+    if [[ $name == *k8sw* ]]; then
+        WORKER_NODES_SECTION+="$name\n"
+    elif [[ $name == *k8sc* ]]; then
+        CONTROL_NODES_SECTION+="$name\n"
+    elif [[ $name == *satosa* ]]; then
+        SATOSA_SECTION+="$name\n"
+    elif [[ $name == *monitor* ]]; then
+        MONITOR_SECTION+="$name\n"
+    fi
+done <<< "$SERVER_LIST"
+
+# Append each section to the inventory file
+echo -e "\n[worker_nodes]" >> $INVENTORY_FILE
+echo -e "$WORKER_NODES_SECTION" >> $INVENTORY_FILE
+echo -e "\n[control_nodes]" >> $INVENTORY_FILE
+echo -e "$CONTROL_NODES_SECTION" >> $INVENTORY_FILE
+echo -e "\n[satosa]" >> $INVENTORY_FILE
+echo -e "$SATOSA_SECTION" >> $INVENTORY_FILE
+echo -e "\n[monitor]" >> $INVENTORY_FILE
+echo -e "$MONITOR_SECTION" >> $INVENTORY_FILE
+
+echo "Ansible inventory file created at $INVENTORY_FILE"

scripts/set_ip_on_host.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+
+SERVERNAME=$1
+DOMAIN=rut.sunet.se
+OS_CLOUD=sto4-rut
+
+SERVER_JSON="$(openstack server list -f json \
+              | jq -r ".[] | select(.Name==\"$SERVER_NAME\")")"
+
+ADDRESSES="$(echo "$SERVER_JSON" \
+             | jq -r '.Networks.public[]')"
+
+IPV4=""
+IPV6=""
+
+for addr in $ADDRESSES; do
+    if [[ "$addr" == *:* ]]; then
+        IPV6="$addr"
+    else
+        IPV4="$addr"
+    fi
+done
+
+knotctl add -r A -z $DOMAIN -n ${SERVERNAME}. -d $IPV4
+knotctl add -r AAAA -z $DOMAIN -n ${SERVERNAME}. -d $IPV6

scripts/update_ip_on_host.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+
+SERVERNAME=$1
+DOMAIN=rut.sunet.se
+OLDIPV4=$(dig -t a +short $SERVERNAME)
+OLDIPV6=$(dig -t aaaa +short $SERVERNAME)
+export OS_CLOUD=sto4-rut
+
+SERVER_JSON="$(openstack server list -f json \
+              | jq -r ".[] | select(.Name==\"$SERVERNAME\")")"
+
+ADDRESSES="$(echo "$SERVER_JSON" \
+             | jq -r '.Networks.public[]')"
+
+IPV4=""
+IPV6=""
+
+for addr in $ADDRESSES; do
+    if [[ "$addr" == *:* ]]; then
+        IPV6="$addr"
+    else
+        IPV4="$addr"
+    fi
+done
+
+knotctl update -z $DOMAIN -n ${SERVERNAME}. -a data=$IPV6 -r AAAA -d $OLDIPV6
+knotctl update -z $DOMAIN -n ${SERVERNAME}. -a data=$IPV4  -r A -d $OLDIPV4
+
+

ssh_command_cluster.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+COMMAND=$1
+
+for host in *{spg,sc,sw}*.sunet.se; do
+	echo "Running command: $COMMAND on  $host"
+	ssh $host $COMMAND
+	done
+
+

vars.tf

@@ -0,0 +1,35 @@
+variable "worker_instance_count" {
+  default = "8"
+}
+variable "controller_instance_count" {
+  default = "3"
+}
+variable "pgcluster_instance_count" {
+  default = "3"
+}
+
+variable "controller_instance_type" {
+  default = "b2.c4r16"
+}
+variable "monitor_instance_type" {
+  default = "b2.c2r4"
+}
+variable "worker_instance_type" {
+  default = "b2.c8r32"
+}
+variable "worker_name" {
+  default = "internal-sto4-prod-k8sw"
+}
+variable "controller_name" {
+  default = "internal-sto4-prod-k8sc"
+}
+variable "pgcluster_name" {
+  default = "internal-sto4-prod-k8spg"
+}
+variable "pgcluster_instance_type"{
+  default = "b2.c8r32"
+}
+
+variable "dns_suffix" {
+  default = "rut.sunet.se"
+}