From 3f582a1ea4f9f2e6dbf3d1c9b0d8aa3a1947d61e Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Wed, 29 Jan 2025 13:03:13 +0100
Subject: [PATCH 001/145] feat(migration): Add `ssl_certificates` table and
 model

---
 app/Models/SslCertificate.php                 | 32 +++++++++++++++++++
 ...7_153741_create_ssl_certificates_table.php | 29 +++++++++++++++++
 2 files changed, 61 insertions(+)
 create mode 100644 app/Models/SslCertificate.php
 create mode 100644 database/migrations/2025_01_27_153741_create_ssl_certificates_table.php

diff --git a/app/Models/SslCertificate.php b/app/Models/SslCertificate.php
new file mode 100644
index 000000000..5a1767ab5
--- /dev/null
+++ b/app/Models/SslCertificate.php
@@ -0,0 +1,32 @@
+<?php
+
+namespace App\Models;
+
+use Illuminate\Database\Eloquent\Model;
+
+class SslCertificate extends Model
+{
+    protected $fillable = [
+        'ssl_certificate',
+        'ssl_private_key',
+        'cert_file_path',
+        'key_file_path',
+        'resource_type',
+        'resource_id',
+        'mount_path',
+        'host_path',
+        'certificate_type',
+        'valid_until',
+    ];
+
+    protected $casts = [
+        'ssl_certificate' => 'encrypted',
+        'ssl_private_key' => 'encrypted',
+        'valid_until' => 'datetime',
+    ];
+
+    public function resource()
+    {
+        return $this->morphTo();
+    }
+}
diff --git a/database/migrations/2025_01_27_153741_create_ssl_certificates_table.php b/database/migrations/2025_01_27_153741_create_ssl_certificates_table.php
new file mode 100644
index 000000000..f10306ed7
--- /dev/null
+++ b/database/migrations/2025_01_27_153741_create_ssl_certificates_table.php
@@ -0,0 +1,29 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    public function up()
+    {
+        Schema::create('ssl_certificates', function (Blueprint $table) {
+            $table->id();
+            $table->text('ssl_certificate')->nullable();
+            $table->text('ssl_private_key')->nullable();
+            $table->string('resource_type')->nullable();
+            $table->unsignedBigInteger('resource_id')->nullable();
+            $table->enum('certificate_type', ['internal', 'external'])->default('internal');
+            $table->timestamp('valid_until')->nullable();
+            $table->timestamps();
+
+            $table->index(['resource_type', 'resource_id']);
+        });
+    }
+
+    public function down()
+    {
+        Schema::dropIfExists('ssl_certificates');
+    }
+};

From 214a7a089e29c84a4429fd15bde272202525b812 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Wed, 29 Jan 2025 13:04:27 +0100
Subject: [PATCH 002/145] feat(migration): Add ssl setting to
 `standalone_postgresqls` table

---
 ...d_ssl_fields_to_standalone_postgresqls.php | 30 +++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 database/migrations/2025_01_27_102616_add_ssl_fields_to_standalone_postgresqls.php

diff --git a/database/migrations/2025_01_27_102616_add_ssl_fields_to_standalone_postgresqls.php b/database/migrations/2025_01_27_102616_add_ssl_fields_to_standalone_postgresqls.php
new file mode 100644
index 000000000..409d6bb36
--- /dev/null
+++ b/database/migrations/2025_01_27_102616_add_ssl_fields_to_standalone_postgresqls.php
@@ -0,0 +1,30 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up()
+    {
+        Schema::table('standalone_postgresqls', function (Blueprint $table) {
+            $table->boolean('enable_ssl')->default(true);
+            $table->string('ssl_mode')->nullable()->default('verify-full');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down()
+    {
+        Schema::table('standalone_postgresqls', function (Blueprint $table) {
+            $table->dropColumn('enable_ssl');
+            $table->dropColumn('ssl_mode');
+        });
+    }
+};

From 875d1d49bbff862d6a05cbbc5d6de52c1e360205 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Wed, 29 Jan 2025 13:25:05 +0100
Subject: [PATCH 003/145] feat(ui): Add ssl settings to Postgres ui

---
 .../Project/Database/Postgresql/General.php   |  16 +++
 .../database/postgresql/general.blade.php     | 125 +++++++++++-------
 2 files changed, 90 insertions(+), 51 deletions(-)

diff --git a/app/Livewire/Project/Database/Postgresql/General.php b/app/Livewire/Project/Database/Postgresql/General.php
index 88dd5c1a8..25f3f4f30 100644
--- a/app/Livewire/Project/Database/Postgresql/General.php
+++ b/app/Livewire/Project/Database/Postgresql/General.php
@@ -48,6 +48,8 @@ class General extends Component
         'database.public_port' => 'nullable|integer',
         'database.is_log_drain_enabled' => 'nullable|boolean',
         'database.custom_docker_run_options' => 'nullable',
+        'database.enable_ssl' => 'boolean',
+        'database.ssl_mode' => 'nullable|string|in:allow,prefer,require,verify-ca,verify-full',
     ];
 
     protected $validationAttributes = [
@@ -65,6 +67,8 @@ class General extends Component
         'database.is_public' => 'Is Public',
         'database.public_port' => 'Public Port',
         'database.custom_docker_run_options' => 'Custom Docker Run Options',
+        'database.enable_ssl' => 'Enable SSL',
+        'database.ssl_mode' => 'SSL Mode',
     ];
 
     public function mount()
@@ -91,6 +95,18 @@ class General extends Component
         }
     }
 
+    public function instantSaveSSL()
+    {
+        try {
+            $this->database->enable_ssl = $this->database->enable_ssl;
+            $this->database->ssl_mode = $this->database->ssl_mode;
+            $this->database->save();
+            $this->dispatch('success', 'SSL configuration updated.');
+        } catch (Exception $e) {
+            return handleError($e, $this);
+        }
+    }
+
     public function instantSave()
     {
         try {
diff --git a/resources/views/livewire/project/database/postgresql/general.blade.php b/resources/views/livewire/project/database/postgresql/general.blade.php
index 5abde2b01..ec29584fe 100644
--- a/resources/views/livewire/project/database/postgresql/general.blade.php
+++ b/resources/views/livewire/project/database/postgresql/general.blade.php
@@ -73,58 +73,81 @@
                     type="password" readonly wire:model="db_url_public" />
             @endif
         </div>
-        <div>
-            <div class="flex flex-col py-2 w-64">
-                <div class="flex items-center gap-2 pb-2">
-                    <div class="flex items-center">
-                        <h3>Proxy</h3>
-                        <x-loading wire:loading wire:target="instantSave" />
-                    </div>
-                    @if (data_get($database, 'is_public'))
-                        <x-slide-over fullScreen>
-                            <x-slot:title>Proxy Logs</x-slot:title>
-                            <x-slot:content>
-                                <livewire:project.shared.get-logs :server="$server" :resource="$database"
-                                    container="{{ data_get($database, 'uuid') }}-proxy" lazy />
-                            </x-slot:content>
-                            <x-forms.button disabled="{{ !data_get($database, 'is_public') }}"
-                                @click="slideOverOpen=true">Logs</x-forms.button>
-                        </x-slide-over>
-                    @endif
-                </div>
-                <x-forms.checkbox instantSave id="database.is_public" label="Make it publicly available" />
-            </div>
-            <x-forms.input placeholder="5432" disabled="{{ data_get($database, 'is_public') }}"
-                id="database.public_port" label="Public Port" />
-        </div>
-        <x-forms.textarea label="Custom PostgreSQL Configuration" rows="10" id="database.postgres_conf" />
-    </form>
-    <h3 class="pt-4">Advanced</h3>
-    <div class="flex flex-col">
-        <x-forms.checkbox helper="Drain logs to your configured log drain endpoint in your Server settings."
-            instantSave="instantSaveAdvanced" id="database.is_log_drain_enabled" label="Drain Logs" />
-    </div>
-    <div class="pb-16">
-        <div class="flex gap-2 pt-4 pb-2">
-            <h3>Initialization scripts</h3>
-            <x-modal-input buttonTitle="+ Add" title="New Init Script">
-                <form class="flex flex-col w-full gap-2 rounded" wire:submit='save_new_init_script'>
-                    <x-forms.input placeholder="create_test_db.sql" id="new_filename" label="Filename" required />
-                    <x-forms.textarea rows="20" placeholder="CREATE DATABASE test;" id="new_content"
-                        label="Content" required />
-                    <x-forms.button type="submit">
-                        Save
-                    </x-forms.button>
-                </form>
-            </x-modal-input>
-        </div>
         <div class="flex flex-col gap-2">
-            @forelse(data_get($database,'init_scripts', []) as $script)
-                <livewire:project.database.init-script :script="$script" :wire:key="$script['index']" />
-            @empty
-                <div>No initialization scripts found.</div>
-            @endforelse
+            <h3 class="py-2">SSL Configuration</h3>
+            <div class="flex flex-col gap-2">
+                <x-forms.checkbox id="database.enable_ssl" label="Enable SSL" wire:model.live="database.enable_ssl" instantSave="instantSaveSSL" />
+                @if($database->enable_ssl)
+                    <x-forms.select id="database.ssl_mode" label="SSL Mode" wire:model.live="database.ssl_mode" instantSave="instantSaveSSL"
+                        helper="Choose the SSL verification mode for PostgreSQL connections">
+                        <option value="allow">allow</option>
+                        <option value="prefer">prefer</option>
+                        <option value="require">require</option>
+                        <option value="verify-ca">verify-ca</option>
+                        <option value="verify-full">verify-full</option>
+                    </x-forms.select>
+                @endif
+            </div>
+        </div>
+
+        <div class="flex flex-col gap-2">
+            <div class="flex items-center justify-between py-2">
+                <div class="flex items-center gap-2">
+                    <h3>Proxy</h3>
+                    <x-loading wire:loading wire:target="instantSave" />
+                </div>
+                @if (data_get($database, 'is_public'))
+                    <x-slide-over fullScreen>
+                        <x-slot:title>Proxy Logs</x-slot:title>
+                        <x-slot:content>
+                            <livewire:project.shared.get-logs :server="$server" :resource="$database"
+                                container="{{ data_get($database, 'uuid') }}-proxy" lazy />
+                        </x-slot:content>
+                        <x-forms.button disabled="{{ !data_get($database, 'is_public') }}"
+                            @click="slideOverOpen=true">Logs</x-forms.button>
+                    </x-slide-over>
+                @endif
+            </div>
+            <div class="flex flex-col gap-2">
+                <x-forms.checkbox instantSave id="database.is_public" label="Make it publicly available" />
+                <x-forms.input placeholder="5432" disabled="{{ data_get($database, 'is_public') }}"
+                    id="database.public_port" label="Public Port" />
+            </div>
+        </div>
+
+        <div class="flex flex-col gap-2">
+            <x-forms.textarea label="Custom PostgreSQL Configuration" rows="10" id="database.postgres_conf" />
+        </div>
+    </form>
+
+    <div class="flex flex-col gap-4 pt-4">
+        <h3>Advanced</h3>
+        <div class="flex flex-col">
+            <x-forms.checkbox helper="Drain logs to your configured log drain endpoint in your Server settings."
+                instantSave="instantSaveAdvanced" id="database.is_log_drain_enabled" label="Drain Logs" />
+        </div>
+
+        <div class="pb-16">
+            <div class="flex items-center gap-2 pb-2">
+                <h3>Initialization scripts</h3>
+                <x-modal-input buttonTitle="+ Add" title="New Init Script">
+                    <form class="flex flex-col w-full gap-2 rounded" wire:submit='save_new_init_script'>
+                        <x-forms.input placeholder="create_test_db.sql" id="new_filename" label="Filename" required />
+                        <x-forms.textarea rows="20" placeholder="CREATE DATABASE test;" id="new_content"
+                            label="Content" required />
+                        <x-forms.button type="submit">
+                            Save
+                        </x-forms.button>
+                    </form>
+                </x-modal-input>
+            </div>
+            <div class="flex flex-col gap-2">
+                @forelse(data_get($database,'init_scripts', []) as $script)
+                    <livewire:project.database.init-script :script="$script" :wire:key="$script['index']" />
+                @empty
+                    <div>No initialization scripts found.</div>
+                @endforelse
+            </div>
         </div>
     </div>
-
 </div>

From 92a4b5fce712cd714a41418038af55d6275c4352 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Wed, 29 Jan 2025 13:28:42 +0100
Subject: [PATCH 004/145] feat(db): add ssl mode to Postgres URLs

---
 app/Models/StandalonePostgresql.php | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/app/Models/StandalonePostgresql.php b/app/Models/StandalonePostgresql.php
index dd92ae7c9..7e8a071f3 100644
--- a/app/Models/StandalonePostgresql.php
+++ b/app/Models/StandalonePostgresql.php
@@ -219,7 +219,14 @@ class StandalonePostgresql extends BaseModel
     protected function internalDbUrl(): Attribute
     {
         return new Attribute(
-            get: fn () => "postgres://{$this->postgres_user}:{$this->postgres_password}@{$this->uuid}:5432/{$this->postgres_db}",
+            get: function () {
+                $url = "postgres://{$this->postgres_user}:{$this->postgres_password}@{$this->uuid}:5432/{$this->postgres_db}";
+                if ($this->enable_ssl) {
+                    $url .= "?sslmode={$this->ssl_mode}";
+                }
+
+                return $url;
+            },
         );
     }
 
@@ -228,7 +235,12 @@ class StandalonePostgresql extends BaseModel
         return new Attribute(
             get: function () {
                 if ($this->is_public && $this->public_port) {
-                    return "postgres://{$this->postgres_user}:{$this->postgres_password}@{$this->destination->server->getIp}:{$this->public_port}/{$this->postgres_db}";
+                    $url = "postgres://{$this->postgres_user}:{$this->postgres_password}@{$this->destination->server->getIp}:{$this->public_port}/{$this->postgres_db}";
+                    if ($this->enable_ssl) {
+                        $url .= "?sslmode={$this->ssl_mode}";
+                    }
+
+                    return $url;
                 }
 
                 return null;

From b1249042453153dfa5e95e16bf226133313666e4 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Wed, 29 Jan 2025 13:30:45 +0100
Subject: [PATCH 005/145] feat(db): setup ssl during Postgres start

- create ssl directory
- create a new certificate if one does not already exist
- add the certificates to the file store so that they are created as file mounts
- add SSL startup commands
---
 app/Actions/Database/StartPostgresql.php | 57 ++++++++++++++++++++++++
 1 file changed, 57 insertions(+)

diff --git a/app/Actions/Database/StartPostgresql.php b/app/Actions/Database/StartPostgresql.php
index 035849340..518639935 100644
--- a/app/Actions/Database/StartPostgresql.php
+++ b/app/Actions/Database/StartPostgresql.php
@@ -2,6 +2,8 @@
 
 namespace App\Actions\Database;
 
+use App\Helpers\SslHelper;
+use App\Models\SslCertificate;
 use App\Models\StandalonePostgresql;
 use Lorisleiva\Actions\Concerns\AsAction;
 use Symfony\Component\Yaml\Yaml;
@@ -18,6 +20,8 @@ class StartPostgresql
 
     public string $configuration_dir;
 
+    private ?SslCertificate $ssl_certificate = null;
+
     public function handle(StandalonePostgresql $database)
     {
         $this->database = $database;
@@ -31,8 +35,27 @@ class StartPostgresql
             "echo 'Starting database.'",
             "mkdir -p $this->configuration_dir",
             "mkdir -p $this->configuration_dir/docker-entrypoint-initdb.d/",
+            "mkdir -p $this->configuration_dir/ssl",
         ];
 
+        if ($this->database->enable_ssl) {
+            $this->commands[] = "echo 'Setting up SSL certificate.'";
+            $this->ssl_certificate = SslCertificate::where('resource_type', $this->database->getMorphClass())
+                ->where('resource_id', $this->database->id)
+                ->where('certificate_type', 'internal')
+                ->first();
+
+            if (! $this->ssl_certificate) {
+                $this->commands[] = "echo 'Generating new SSL certificate.'";
+                $this->ssl_certificate = SslHelper::generateSslCertificate(
+                    resourceType: $this->database->getMorphClass(),
+                    resourceId: $this->database->id,
+                    certificateType: 'internal',
+                );
+                $this->addSslFilesToFileStorage();
+            }
+        }
+
         $persistent_storages = $this->generate_local_persistent_volumes();
         $persistent_file_volumes = $this->database->fileStorages()->get();
         $volume_names = $this->generate_local_persistent_volumes_only_volume_names();
@@ -107,6 +130,17 @@ class StartPostgresql
                 ];
             }
         }
+        if ($this->database->enable_ssl) {
+            $docker_compose['services'][$container_name]['command'] = [
+                'postgres',
+                '-c',
+                'ssl=off', // temp for dev
+                '-c',
+                'ssl_cert_file=/etc/postgresql/ssl/internal.crt',
+                '-c',
+                'ssl_key_file=/etc/postgresql/ssl/internal.key',
+            ];
+        }
         if (filled($this->database->postgres_conf)) {
             $docker_compose['services'][$container_name]['volumes'][] = [
                 'type' => 'bind',
@@ -233,4 +267,27 @@ class StartPostgresql
         $content_base64 = base64_encode($content);
         $this->commands[] = "echo '{$content_base64}' | base64 -d | tee $config_file_path > /dev/null";
     }
+
+    private function addSslFilesToFileStorage()
+    {
+        if (! $this->ssl_certificate) {
+            return;
+        }
+
+        $this->database->fileStorages()->create([
+            'fs_path' => $this->configuration_dir.'/ssl/internal.crt',
+            'mount_path' => '/etc/postgresql/ssl/internal.crt',
+            'content' => $this->ssl_certificate->ssl_certificate,
+            'is_directory' => false,
+            'chmod' => '644',
+        ]);
+
+        $this->database->fileStorages()->create([
+            'fs_path' => $this->configuration_dir.'/ssl/internal.key',
+            'mount_path' => '/etc/postgresql/ssl/internal.key',
+            'content' => $this->ssl_certificate->ssl_private_key,
+            'is_directory' => false,
+            'chmod' => '600',
+        ]);
+    }
 }

From 9f9349925a13110b8b0bd936011a425f7d846c71 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Thu, 30 Jan 2025 12:58:48 +0100
Subject: [PATCH 006/145] fix(ssl): permission of ssl crt and key inside the
 container

---
 app/Actions/Database/StartPostgresql.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/app/Actions/Database/StartPostgresql.php b/app/Actions/Database/StartPostgresql.php
index 518639935..df516bbda 100644
--- a/app/Actions/Database/StartPostgresql.php
+++ b/app/Actions/Database/StartPostgresql.php
@@ -134,7 +134,7 @@ class StartPostgresql
             $docker_compose['services'][$container_name]['command'] = [
                 'postgres',
                 '-c',
-                'ssl=off', // temp for dev
+                'ssl=on',
                 '-c',
                 'ssl_cert_file=/etc/postgresql/ssl/internal.crt',
                 '-c',
@@ -166,6 +166,9 @@ class StartPostgresql
         $this->commands[] = "echo 'Pulling {$database->image} image.'";
         $this->commands[] = "docker compose -f $this->configuration_dir/docker-compose.yml pull";
         $this->commands[] = "docker compose -f $this->configuration_dir/docker-compose.yml up -d";
+        if ($this->database->enable_ssl) {
+            $this->commands[] = executeInDocker($this->database->uuid, "chown {$this->database->postgres_user}:{$this->database->postgres_user} /etc/postgresql/ssl/internal.key /etc/postgresql/ssl/internal.crt");
+        }
         $this->commands[] = "echo 'Database started.'";
 
         return remote_process($this->commands, $database->destination->server, callEventOnFinish: 'DatabaseStatusChanged');

From edddbc8536efa799a6ca7c6c1679e42838ac9acd Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Thu, 30 Jan 2025 13:54:00 +0100
Subject: [PATCH 007/145] feat(migration): encrypt local file volumes content
 and paths

---
 ...5223_encrypt_local_file_volumes_fields.php | 63 +++++++++++++++++++
 1 file changed, 63 insertions(+)
 create mode 100644 database/migrations/2025_01_30_125223_encrypt_local_file_volumes_fields.php

diff --git a/database/migrations/2025_01_30_125223_encrypt_local_file_volumes_fields.php b/database/migrations/2025_01_30_125223_encrypt_local_file_volumes_fields.php
new file mode 100644
index 000000000..f29cdaa23
--- /dev/null
+++ b/database/migrations/2025_01_30_125223_encrypt_local_file_volumes_fields.php
@@ -0,0 +1,63 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Crypt;
+use Illuminate\Support\Facades\DB;
+use Illuminate\Support\Facades\Log;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::table('local_file_volumes', function (Blueprint $table) {
+            $table->text('mount_path')->nullable()->change();
+        });
+
+        if (DB::table('local_file_volumes')->exists()) {
+            $volumes = DB::table('local_file_volumes')->get();
+            foreach ($volumes as $volume) {
+                try {
+                    DB::table('local_file_volumes')->where('id', $volume->id)->update([
+                        'fs_path' => $volume->fs_path ? Crypt::encryptString($volume->fs_path) : null,
+                        'mount_path' => $volume->mount_path ? Crypt::encryptString($volume->mount_path) : null,
+                        'content' => $volume->content ? Crypt::encryptString($volume->content) : null,
+                    ]);
+                } catch (\Exception $e) {
+                    Log::error('Error encrypting local file volume fields: '.$e->getMessage());
+                }
+            }
+        }
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::table('local_file_volumes', function (Blueprint $table) {
+            $table->string('fs_path')->change();
+            $table->string('mount_path')->nullable()->change();
+            $table->longText('content')->nullable()->change();
+        });
+
+        if (DB::table('local_file_volumes')->exists()) {
+            $volumes = DB::table('local_file_volumes')->get();
+            foreach ($volumes as $volume) {
+                try {
+                    DB::table('local_file_volumes')->where('id', $volume->id)->update([
+                        'fs_path' => $volume->fs_path ? Crypt::decryptString($volume->fs_path) : null,
+                        'mount_path' => $volume->mount_path ? Crypt::decryptString($volume->mount_path) : null,
+                        'content' => $volume->content ? Crypt::decryptString($volume->content) : null,
+                    ]);
+                } catch (\Exception $e) {
+                    Log::error('Error decrypting local file volume fields: '.$e->getMessage());
+                }
+            }
+        }
+    }
+};

From 429453af36ddf5e093907589077ee6b3a5b47573 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Thu, 30 Jan 2025 14:16:27 +0100
Subject: [PATCH 008/145] fix(ui): make sure file mounts do not showing the
 encrypted values

---
 app/Models/LocalFileVolume.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/app/Models/LocalFileVolume.php b/app/Models/LocalFileVolume.php
index 2c223be77..c1345c0fb 100644
--- a/app/Models/LocalFileVolume.php
+++ b/app/Models/LocalFileVolume.php
@@ -7,6 +7,12 @@ use Illuminate\Database\Eloquent\Factories\HasFactory;
 
 class LocalFileVolume extends BaseModel
 {
+    protected $casts = [
+        'fs_path' => 'encrypted',
+        'mount_path' => 'encrypted',
+        'content' => 'encrypted',
+    ];
+
     use HasFactory;
 
     protected $guarded = [];

From 2ac9147532c7cfd3435905415dcc598e83b93b08 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Thu, 30 Jan 2025 14:16:52 +0100
Subject: [PATCH 009/145] chore(migration): remove unused columns

---
 app/Models/SslCertificate.php                                | 5 -----
 .../2025_01_27_153741_create_ssl_certificates_table.php      | 1 -
 2 files changed, 6 deletions(-)

diff --git a/app/Models/SslCertificate.php b/app/Models/SslCertificate.php
index 5a1767ab5..f414e5eca 100644
--- a/app/Models/SslCertificate.php
+++ b/app/Models/SslCertificate.php
@@ -9,13 +9,8 @@ class SslCertificate extends Model
     protected $fillable = [
         'ssl_certificate',
         'ssl_private_key',
-        'cert_file_path',
-        'key_file_path',
         'resource_type',
         'resource_id',
-        'mount_path',
-        'host_path',
-        'certificate_type',
         'valid_until',
     ];
 
diff --git a/database/migrations/2025_01_27_153741_create_ssl_certificates_table.php b/database/migrations/2025_01_27_153741_create_ssl_certificates_table.php
index f10306ed7..1d5c6aa1a 100644
--- a/database/migrations/2025_01_27_153741_create_ssl_certificates_table.php
+++ b/database/migrations/2025_01_27_153741_create_ssl_certificates_table.php
@@ -14,7 +14,6 @@ return new class extends Migration
             $table->text('ssl_private_key')->nullable();
             $table->string('resource_type')->nullable();
             $table->unsignedBigInteger('resource_id')->nullable();
-            $table->enum('certificate_type', ['internal', 'external'])->default('internal');
             $table->timestamp('valid_until')->nullable();
             $table->timestamps();
 

From 3632f29af8d63f17218e6131d0476bfeec1fcded Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Thu, 30 Jan 2025 14:17:12 +0100
Subject: [PATCH 010/145] feat(ssl): ssl generation helper

---
 app/Helpers/SslHelper.php | 91 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 91 insertions(+)
 create mode 100644 app/Helpers/SslHelper.php

diff --git a/app/Helpers/SslHelper.php b/app/Helpers/SslHelper.php
new file mode 100644
index 000000000..7027d896c
--- /dev/null
+++ b/app/Helpers/SslHelper.php
@@ -0,0 +1,91 @@
+<?php
+
+namespace App\Helpers;
+
+use App\Models\SslCertificate;
+use Carbon\Carbon;
+
+class SslHelper
+{
+    private const DEFAULT_KEY_BITS = 4096;
+
+    private const DEFAULT_DIGEST_ALG = 'sha256';
+
+    private const DEFAULT_VALIDITY_YEARS = 10;
+
+    private const DEFAULT_ORG_NAME = 'Coolify';
+
+    public static function generateSslCertificate(
+        string $resourceType,
+        int $resourceId,
+        string $commonName,
+        ?Carbon $validUntil = null,
+        ?string $organizationName = null
+    ): SslCertificate {
+        $validUntil ??= Carbon::now()->addYears(self::DEFAULT_VALIDITY_YEARS);
+        $organizationName ??= self::DEFAULT_ORG_NAME;
+
+        try {
+            $privateKey = openssl_pkey_new([
+                'private_key_bits' => self::DEFAULT_KEY_BITS,
+                'private_key_type' => OPENSSL_KEYTYPE_RSA,
+                'encrypt_key' => true,
+            ]);
+
+            if ($privateKey === false) {
+                throw new \RuntimeException('Failed to generate private key: '.openssl_error_string());
+            }
+
+            if (! openssl_pkey_export($privateKey, $privateKeyStr)) {
+                throw new \RuntimeException('Failed to export private key: '.openssl_error_string());
+            }
+
+            $dn = [
+                'commonName' => $commonName,
+                'organizationName' => $organizationName,
+            ];
+
+            $csr = openssl_csr_new($dn, $privateKey, [
+                'digest_alg' => self::DEFAULT_DIGEST_ALG,
+                'config' => null,
+                'encrypt_key' => true,
+            ]);
+
+            if ($csr === false) {
+                throw new \RuntimeException('Failed to generate CSR: '.openssl_error_string());
+            }
+
+            $validityDays = max(1, Carbon::now()->diffInDays($validUntil));
+
+            $certificate = openssl_csr_sign(
+                $csr,
+                null,
+                $privateKey,
+                $validityDays,
+                [
+                    'digest_alg' => self::DEFAULT_DIGEST_ALG,
+                    'config' => null,
+                ],
+                random_int(PHP_INT_MIN, PHP_INT_MAX)
+            );
+
+            if ($certificate === false) {
+                throw new \RuntimeException('Failed to sign certificate: '.openssl_error_string());
+            }
+
+            if (! openssl_x509_export($certificate, $certificateStr)) {
+                throw new \RuntimeException('Failed to export certificate: '.openssl_error_string());
+            }
+
+            return SslCertificate::create([
+                'ssl_certificate' => $certificateStr,
+                'ssl_private_key' => $privateKeyStr,
+                'resource_type' => $resourceType,
+                'resource_id' => $resourceId,
+                'valid_until' => $validUntil,
+            ]);
+        } catch (\Throwable $e) {
+            throw new \RuntimeException('SSL Certificate generation failed: '.$e->getMessage(), 0, $e);
+        }
+    }
+}

From 546001890c8dd1bf46bafa987c134a320c8b5b74 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Thu, 30 Jan 2025 14:37:12 +0100
Subject: [PATCH 011/145] chore(ssl): improve code in ssl helper

---
 app/Helpers/SslHelper.php | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/app/Helpers/SslHelper.php b/app/Helpers/SslHelper.php
index 7027d896c..9f3a56f86 100644
--- a/app/Helpers/SslHelper.php
+++ b/app/Helpers/SslHelper.php
@@ -7,10 +7,6 @@ use Carbon\Carbon;
 
 class SslHelper
 {
-    private const DEFAULT_KEY_BITS = 4096;
-
-    private const DEFAULT_DIGEST_ALG = 'sha256';
-
     private const DEFAULT_VALIDITY_YEARS = 10;
 
     private const DEFAULT_ORG_NAME = 'Coolify';
@@ -27,9 +23,9 @@ class SslHelper
 
         try {
             $privateKey = openssl_pkey_new([
-                'private_key_bits' => self::DEFAULT_KEY_BITS,
                 'private_key_type' => OPENSSL_KEYTYPE_RSA,
-                'encrypt_key' => true,
+                'private_key_bits' => 4096,
+                'encrypt_key' => false,
             ]);
 
             if ($privateKey === false) {
@@ -46,9 +42,9 @@ class SslHelper
             ];
 
             $csr = openssl_csr_new($dn, $privateKey, [
-                'digest_alg' => self::DEFAULT_DIGEST_ALG,
+                'digest_alg' => 'sha512',
                 'config' => null,
-                'encrypt_key' => true,
+                'encrypt_key' => false,
             ]);
 
             if ($csr === false) {
@@ -63,7 +59,7 @@ class SslHelper
                 $privateKey,
                 $validityDays,
                 [
-                    'digest_alg' => self::DEFAULT_DIGEST_ALG,
+                    'digest_alg' => 'sha512',
                     'config' => null,
                 ],
                 random_int(PHP_INT_MIN, PHP_INT_MAX)

From b53d3d07d97470945f8db92caf7d3cbd6bc72190 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Thu, 30 Jan 2025 19:09:37 +0100
Subject: [PATCH 012/145] fix(ssl): make default ssl mode require not
 verify-full as it does not need a ca cert

---
 ...25_01_27_102616_add_ssl_fields_to_standalone_postgresqls.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/database/migrations/2025_01_27_102616_add_ssl_fields_to_standalone_postgresqls.php b/database/migrations/2025_01_27_102616_add_ssl_fields_to_standalone_postgresqls.php
index 409d6bb36..3b0ce8aa4 100644
--- a/database/migrations/2025_01_27_102616_add_ssl_fields_to_standalone_postgresqls.php
+++ b/database/migrations/2025_01_27_102616_add_ssl_fields_to_standalone_postgresqls.php
@@ -13,7 +13,7 @@ return new class extends Migration
     {
         Schema::table('standalone_postgresqls', function (Blueprint $table) {
             $table->boolean('enable_ssl')->default(true);
-            $table->string('ssl_mode')->nullable()->default('verify-full');
+            $table->string('ssl_mode')->nullable()->default('require');
         });
     }
 

From d280f11b6bddb85f595b0ec5b56ae54c2a71199d Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Thu, 30 Jan 2025 19:21:18 +0100
Subject: [PATCH 013/145] feat(ssl): migrate to `ECC`certificates using
 `secp521r1`

- Replace RSA 4096 with ECDSA secp521r1 for stronger security (256-bit vs 112-bit)
- Faster certificate generation (3-4x speed improvement)
- 75% smaller key sizes (0.8KB vs 3.2KB) improves storage and transmission
---
 app/Helpers/SslHelper.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/app/Helpers/SslHelper.php b/app/Helpers/SslHelper.php
index 9f3a56f86..b6632da52 100644
--- a/app/Helpers/SslHelper.php
+++ b/app/Helpers/SslHelper.php
@@ -23,9 +23,8 @@ class SslHelper
 
         try {
             $privateKey = openssl_pkey_new([
-                'private_key_type' => OPENSSL_KEYTYPE_RSA,
-                'private_key_bits' => 4096,
-                'encrypt_key' => false,
+                'private_key_type' => OPENSSL_KEYTYPE_EC,
+                'curve_name' => 'secp521r1',
             ]);
 
             if ($privateKey === false) {

From 34188450ebad34a21af0e6afe97bea01994e766a Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Thu, 30 Jan 2025 19:52:21 +0100
Subject: [PATCH 014/145] feat(ssl): improve SSL helper

- improve security by making certificates valid for only 90 days instead of 10 years
- add SubjectAltName
- remove unnecessary parameters
- use carbon immutable to make sure expiration date stays the same
---
 app/Helpers/SslHelper.php | 22 +++++++++-------------
 1 file changed, 9 insertions(+), 13 deletions(-)

diff --git a/app/Helpers/SslHelper.php b/app/Helpers/SslHelper.php
index b6632da52..3a8efd540 100644
--- a/app/Helpers/SslHelper.php
+++ b/app/Helpers/SslHelper.php
@@ -3,23 +3,20 @@
 namespace App\Helpers;
 
 use App\Models\SslCertificate;
-use Carbon\Carbon;
+use Carbon\CarbonImmutable;
 
 class SslHelper
 {
-    private const DEFAULT_VALIDITY_YEARS = 10;
-
-    private const DEFAULT_ORG_NAME = 'Coolify';
+    private const DEFAULT_ORGANIZATION_NAME = 'Coolify';
 
     public static function generateSslCertificate(
+        string $commonName,
+        array $additionalSans,
         string $resourceType,
         int $resourceId,
-        string $commonName,
-        ?Carbon $validUntil = null,
-        ?string $organizationName = null
+        ?string $organizationName = null,
     ): SslCertificate {
-        $validUntil ??= Carbon::now()->addYears(self::DEFAULT_VALIDITY_YEARS);
-        $organizationName ??= self::DEFAULT_ORG_NAME;
+        $organizationName ??= self::DEFAULT_ORGANIZATION_NAME;
 
         try {
             $privateKey = openssl_pkey_new([
@@ -38,6 +35,7 @@ class SslHelper
             $dn = [
                 'commonName' => $commonName,
                 'organizationName' => $organizationName,
+                'subjectAltName' => implode(', ', array_merge(["DNS:$commonName"], $additionalSans)),
             ];
 
             $csr = openssl_csr_new($dn, $privateKey, [
@@ -50,13 +48,11 @@ class SslHelper
                 throw new \RuntimeException('Failed to generate CSR: '.openssl_error_string());
             }
 
-            $validityDays = max(1, Carbon::now()->diffInDays($validUntil));
-
             $certificate = openssl_csr_sign(
                 $csr,
                 null,
                 $privateKey,
-                $validityDays,
+                90,
                 [
                     'digest_alg' => 'sha512',
                     'config' => null,
@@ -77,7 +73,7 @@ class SslHelper
                 'ssl_private_key' => $privateKeyStr,
                 'resource_type' => $resourceType,
                 'resource_id' => $resourceId,
-                'valid_until' => $validUntil,
+                'valid_until' => CarbonImmutable::now()->addDays(90),
             ]);
         } catch (\Throwable $e) {
             throw new \RuntimeException('SSL Certificate generation failed: '.$e->getMessage(), 0, $e);

From 22c26cdf786ea110979dd6a99cfdcef229fed30c Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Thu, 30 Jan 2025 19:52:49 +0100
Subject: [PATCH 015/145] chore(migration): ssl cert and key should not be
 nullable

---
 .../2025_01_27_153741_create_ssl_certificates_table.php       | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/database/migrations/2025_01_27_153741_create_ssl_certificates_table.php b/database/migrations/2025_01_27_153741_create_ssl_certificates_table.php
index 1d5c6aa1a..d7b02178d 100644
--- a/database/migrations/2025_01_27_153741_create_ssl_certificates_table.php
+++ b/database/migrations/2025_01_27_153741_create_ssl_certificates_table.php
@@ -10,8 +10,8 @@ return new class extends Migration
     {
         Schema::create('ssl_certificates', function (Blueprint $table) {
             $table->id();
-            $table->text('ssl_certificate')->nullable();
-            $table->text('ssl_private_key')->nullable();
+            $table->text('ssl_certificate');
+            $table->text('ssl_private_key');
             $table->string('resource_type')->nullable();
             $table->unsignedBigInteger('resource_id')->nullable();
             $table->timestamp('valid_until')->nullable();

From e1245f49f1161c5e4857137ec55a14385938b639 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Fri, 31 Jan 2025 11:57:30 +0100
Subject: [PATCH 016/145] fix(ui): select component should not always uses
 title case

---
 app/View/Components/Forms/Select.php | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/app/View/Components/Forms/Select.php b/app/View/Components/Forms/Select.php
index dd5ba66b7..86ae866c8 100644
--- a/app/View/Components/Forms/Select.php
+++ b/app/View/Components/Forms/Select.php
@@ -4,7 +4,6 @@ namespace App\View\Components\Forms;
 
 use Closure;
 use Illuminate\Contracts\View\View;
-use Illuminate\Support\Str;
 use Illuminate\View\Component;
 use Visus\Cuid2\Cuid2;
 
@@ -36,8 +35,6 @@ class Select extends Component
             $this->name = $this->id;
         }
 
-        $this->label = Str::title($this->label);
-
         return view('components.forms.select');
     }
 }

From 90a93ce7e0b80f3ff5d973597294130ab4c27669 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Fri, 31 Jan 2025 12:23:00 +0100
Subject: [PATCH 017/145] feat(ssl): add a Coolify CA Certificate to all
 servers

---
 database/seeders/CaSslCertSeeder.php | 40 ++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 database/seeders/CaSslCertSeeder.php

diff --git a/database/seeders/CaSslCertSeeder.php b/database/seeders/CaSslCertSeeder.php
new file mode 100644
index 000000000..75b78da21
--- /dev/null
+++ b/database/seeders/CaSslCertSeeder.php
@@ -0,0 +1,40 @@
+<?php
+
+namespace Database\Seeders;
+
+use App\Helpers\SslHelper;
+use App\Models\Server;
+use App\Models\SslCertificate;
+use Illuminate\Database\Seeder;
+
+class CaSslCertSeeder extends Seeder
+{
+    public function run()
+    {
+        Server::chunk(200, function ($servers) {
+            foreach ($servers as $server) {
+                $existingCert = SslCertificate::where('server_id', $server->id)->first();
+
+                if (! $existingCert) {
+                    $serverCert = SslHelper::generateSslCertificate(
+                        commonName: 'Coolify CA Certificate',
+                        serverId: $server->id,
+                        validityDays: 15 * 365
+                    );
+
+                    $serverCertPath = config('constants.coolify.base_config_path').'/ca/';
+
+                    $commands = collect([
+                        "mkdir -p $serverCertPath",
+                        "chown -R 9999:root $serverCertPath",
+                        "chmod -R 700 $serverCertPath",
+                        "echo '{$serverCert->ssl_certificate}' > $serverCertPath/ca.crt",
+                        "chmod 644 $serverCertPath/ca.crt",
+                    ]);
+
+                    remote_process($commands, $server);
+                }
+            }
+        });
+    }
+}

From 503e1ffb6781b30597055a548d208a94f02b65d9 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Fri, 31 Jan 2025 12:23:59 +0100
Subject: [PATCH 018/145] feat(seeder): Call CA SSL seeder in prod and dev

---
 database/seeders/DatabaseSeeder.php   | 1 +
 database/seeders/ProductionSeeder.php | 1 +
 2 files changed, 2 insertions(+)

diff --git a/database/seeders/DatabaseSeeder.php b/database/seeders/DatabaseSeeder.php
index 6e66c64f4..e0e7a3ba5 100644
--- a/database/seeders/DatabaseSeeder.php
+++ b/database/seeders/DatabaseSeeder.php
@@ -28,6 +28,7 @@ class DatabaseSeeder extends Seeder
             OauthSettingSeeder::class,
             DisableTwoStepConfirmationSeeder::class,
             SentinelSeeder::class,
+            CaSslCertSeeder::class,
         ]);
     }
 }
diff --git a/database/seeders/ProductionSeeder.php b/database/seeders/ProductionSeeder.php
index bbb9fcb75..058d4c8e4 100644
--- a/database/seeders/ProductionSeeder.php
+++ b/database/seeders/ProductionSeeder.php
@@ -193,5 +193,6 @@ uZx9iFkCELtxrh31QJ68AAAAEXNhaWxANzZmZjY2ZDJlMmRkAQIDBA==
         $this->call(PopulateSshKeysDirectorySeeder::class);
         $this->call(SentinelSeeder::class);
         $this->call(RootUserSeeder::class);
+        $this->call(CaSslCertSeeder::class);
     }
 }

From 0915303769230a4ee1547517176ab20e03239d55 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Fri, 31 Jan 2025 12:27:29 +0100
Subject: [PATCH 019/145] feat(ssl): Add Coolify CA Certificate when adding a
 new server

---
 app/Actions/Server/InstallDocker.php | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/app/Actions/Server/InstallDocker.php b/app/Actions/Server/InstallDocker.php
index cbcb20368..775de5ead 100644
--- a/app/Actions/Server/InstallDocker.php
+++ b/app/Actions/Server/InstallDocker.php
@@ -2,7 +2,9 @@
 
 namespace App\Actions\Server;
 
+use App\Helpers\SslHelper;
 use App\Models\Server;
+use App\Models\SslCertificate;
 use App\Models\StandaloneDocker;
 use Lorisleiva\Actions\Concerns\AsAction;
 
@@ -17,6 +19,25 @@ class InstallDocker
         if (! $supported_os_type) {
             throw new \Exception('Server OS type is not supported for automated installation. Please install Docker manually before continuing: <a target="_blank" class="underline" href="https://coolify.io/docs/installation#manually">documentation</a>.');
         }
+
+        if (! SslCertificate::where('server_id', $server->id)->exists()) {
+            $serverCert = SslHelper::generateSslCertificate(
+                commonName: 'Coolify CA Certificate',
+                serverId: $server->id,
+                validityDays: 15 * 365
+            );
+            $serverCertPath = config('constants.coolify.base_config_path').'/ca/';
+
+            $commands = collect([
+                "mkdir -p $serverCertPath",
+                "chown -R 9999:root $serverCertPath",
+                "chmod -R 700 $serverCertPath",
+                "echo '{$serverCert->ssl_certificate}' > $serverCertPath/ca.crt",
+                "chmod 644 $serverCertPath/ca.crt",
+            ]);
+            remote_process($commands, $server);
+        }
+
         $config = base64_encode('{
             "log-driver": "json-file",
             "log-opts": {

From 34216af497c21e25d79edf770e396097e58a04a9 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Fri, 31 Jan 2025 12:35:34 +0100
Subject: [PATCH 020/145] fix(db): SSL certificates table and model

- server_id is a foreign id
- server_id must be unique as each server can only have 1 CA cert
- resource_id must be unique as each resource can only have 1 SSL cert
---
 app/Models/SslCertificate.php                               | 6 ++++++
 .../2025_01_27_153741_create_ssl_certificates_table.php     | 6 ++++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/app/Models/SslCertificate.php b/app/Models/SslCertificate.php
index f414e5eca..d16860b22 100644
--- a/app/Models/SslCertificate.php
+++ b/app/Models/SslCertificate.php
@@ -11,6 +11,7 @@ class SslCertificate extends Model
         'ssl_private_key',
         'resource_type',
         'resource_id',
+        'server_id',
         'valid_until',
     ];
 
@@ -24,4 +25,9 @@ class SslCertificate extends Model
     {
         return $this->morphTo();
     }
+
+    public function server()
+    {
+        return $this->belongsTo(Server::class);
+    }
 }
diff --git a/database/migrations/2025_01_27_153741_create_ssl_certificates_table.php b/database/migrations/2025_01_27_153741_create_ssl_certificates_table.php
index d7b02178d..702f1f534 100644
--- a/database/migrations/2025_01_27_153741_create_ssl_certificates_table.php
+++ b/database/migrations/2025_01_27_153741_create_ssl_certificates_table.php
@@ -14,10 +14,12 @@ return new class extends Migration
             $table->text('ssl_private_key');
             $table->string('resource_type')->nullable();
             $table->unsignedBigInteger('resource_id')->nullable();
-            $table->timestamp('valid_until')->nullable();
+            $table->unsignedBigInteger('server_id')->nullable();
+            $table->timestamp('valid_until');
             $table->timestamps();
 
-            $table->index(['resource_type', 'resource_id']);
+            $table->foreign('server_id')->references('id')->on('servers');
+            $table->unique(['server_id', 'resource_id']);
         });
     }
 

From fab7300a5f5a1ca0ee2012436548b44226b31df3 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Fri, 31 Jan 2025 12:36:26 +0100
Subject: [PATCH 021/145] feat(installer): create CA folder during installation

---
 scripts/install.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/install.sh b/scripts/install.sh
index 1889ad355..6eb46ad09 100755
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -62,7 +62,7 @@ if [ "$WARNING_SPACE" = true ]; then
     sleep 5
 fi
 
-mkdir -p /data/coolify/{source,ssh,applications,databases,backups,services,proxy,webhooks-during-maintenance,sentinel}
+mkdir -p /data/coolify/{source,ssh,applications,databases,backups,services,proxy,ca,webhooks-during-maintenance,sentinel}
 mkdir -p /data/coolify/ssh/{keys,mux}
 mkdir -p /data/coolify/proxy/dynamic
 

From 02475c5232735f9cd5bea9afc8198c65c8be90aa Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Fri, 31 Jan 2025 13:37:34 +0100
Subject: [PATCH 022/145] feat(ssl): improve SSL helper

- improve function parameters
- set default validity to 1 year as resources need to be manually restarted to use the new certificates
- use the CA cert to sign certificates
---
 app/Helpers/SslHelper.php | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/app/Helpers/SslHelper.php b/app/Helpers/SslHelper.php
index 3a8efd540..4797113b7 100644
--- a/app/Helpers/SslHelper.php
+++ b/app/Helpers/SslHelper.php
@@ -11,10 +11,14 @@ class SslHelper
 
     public static function generateSslCertificate(
         string $commonName,
-        array $additionalSans,
-        string $resourceType,
-        int $resourceId,
+        array $additionalSans = [],
+        ?string $resourceType = null,
+        ?int $resourceId = null,
+        ?int $serverId = null,
         ?string $organizationName = null,
+        int $validityDays = 365,
+        ?string $caCert = null,
+        ?string $caKey = null
     ): SslCertificate {
         $organizationName ??= self::DEFAULT_ORGANIZATION_NAME;
 
@@ -50,9 +54,9 @@ class SslHelper
 
             $certificate = openssl_csr_sign(
                 $csr,
-                null,
-                $privateKey,
-                90,
+                $caCert ?? null,
+                $caKey ?? $privateKey,
+                $validityDays,
                 [
                     'digest_alg' => 'sha512',
                     'config' => null,
@@ -73,7 +77,8 @@ class SslHelper
                 'ssl_private_key' => $privateKeyStr,
                 'resource_type' => $resourceType,
                 'resource_id' => $resourceId,
-                'valid_until' => CarbonImmutable::now()->addDays(90),
+                'server_id' => $serverId,
+                'valid_until' => CarbonImmutable::now()->addDays($validityDays),
             ]);
         } catch (\Throwable $e) {
             throw new \RuntimeException('SSL Certificate generation failed: '.$e->getMessage(), 0, $e);

From 85c777d2a4b09c06f3e596a29fafb39ddc81a7b8 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Fri, 31 Jan 2025 13:56:20 +0100
Subject: [PATCH 023/145] feat(ssl): use new improved helper for SSL generation

- use CA cert and key for SSL cert generation
- remove unused parameters
- add a few more echo with log output
---
 app/Actions/Database/StartPostgresql.php | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/app/Actions/Database/StartPostgresql.php b/app/Actions/Database/StartPostgresql.php
index df516bbda..de33a0114 100644
--- a/app/Actions/Database/StartPostgresql.php
+++ b/app/Actions/Database/StartPostgresql.php
@@ -33,24 +33,30 @@ class StartPostgresql
 
         $this->commands = [
             "echo 'Starting database.'",
+            "echo 'Creating directories.'",
             "mkdir -p $this->configuration_dir",
             "mkdir -p $this->configuration_dir/docker-entrypoint-initdb.d/",
             "mkdir -p $this->configuration_dir/ssl",
+            "echo 'Directories created successfully.'",
         ];
 
         if ($this->database->enable_ssl) {
-            $this->commands[] = "echo 'Setting up SSL certificate.'";
-            $this->ssl_certificate = SslCertificate::where('resource_type', $this->database->getMorphClass())
-                ->where('resource_id', $this->database->id)
-                ->where('certificate_type', 'internal')
-                ->first();
+            $this->commands[] = "echo 'Setting up SSL for this database.'";
+            $server = $this->database->destination->server;
+
+            $caCert = SslCertificate::where('server_id', $server->id)->firstOrFail();
+
+            $this->ssl_certificate = SslCertificate::where('resource_type', $this->database->getMorphClass())->where('resource_id', $this->database->id)->first();
 
             if (! $this->ssl_certificate) {
-                $this->commands[] = "echo 'Generating new SSL certificate.'";
+                $this->commands[] = "echo 'No SSL certificate found, generating new SSL certificate for this database.'";
                 $this->ssl_certificate = SslHelper::generateSslCertificate(
+                    commonName: $this->database->uuid,
+                    // additionalSans: ["IP:{$server->ip_address}"], // Issue is the server IP can be also be a domain/ hostname and we need to be sure what it is before setting it.
                     resourceType: $this->database->getMorphClass(),
                     resourceId: $this->database->id,
-                    certificateType: 'internal',
+                    caCert: $caCert->ssl_certificate,
+                    caKey: $caCert->ssl_private_key,
                 );
                 $this->addSslFilesToFileStorage();
             }

From 7406ee67c2a76c8f2a801ecef027b6ab3e776dfb Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Fri, 31 Jan 2025 18:27:20 +0100
Subject: [PATCH 024/145] chore(ssl): rename CA cert to `coolify-ca.crt`
 because of conflicts

---
 app/Actions/Server/InstallDocker.php | 4 ++--
 database/seeders/CaSslCertSeeder.php | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/app/Actions/Server/InstallDocker.php b/app/Actions/Server/InstallDocker.php
index 775de5ead..993d38e5f 100644
--- a/app/Actions/Server/InstallDocker.php
+++ b/app/Actions/Server/InstallDocker.php
@@ -32,8 +32,8 @@ class InstallDocker
                 "mkdir -p $serverCertPath",
                 "chown -R 9999:root $serverCertPath",
                 "chmod -R 700 $serverCertPath",
-                "echo '{$serverCert->ssl_certificate}' > $serverCertPath/ca.crt",
-                "chmod 644 $serverCertPath/ca.crt",
+                "echo '{$serverCert->ssl_certificate}' > $serverCertPath/coolify-ca.crt",
+                "chmod 644 $serverCertPath/coolify-ca.crt",
             ]);
             remote_process($commands, $server);
         }
diff --git a/database/seeders/CaSslCertSeeder.php b/database/seeders/CaSslCertSeeder.php
index 75b78da21..9970e8fb5 100644
--- a/database/seeders/CaSslCertSeeder.php
+++ b/database/seeders/CaSslCertSeeder.php
@@ -28,8 +28,8 @@ class CaSslCertSeeder extends Seeder
                         "mkdir -p $serverCertPath",
                         "chown -R 9999:root $serverCertPath",
                         "chmod -R 700 $serverCertPath",
-                        "echo '{$serverCert->ssl_certificate}' > $serverCertPath/ca.crt",
-                        "chmod 644 $serverCertPath/ca.crt",
+                        "echo '{$serverCert->ssl_certificate}' > $serverCertPath/coolify-ca.crt",
+                        "chmod 644 $serverCertPath/coolify-ca.crt",
                     ]);
 
                     remote_process($commands, $server);

From ab1833b159f448d57f6551342b9cf9187cb2c314 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Fri, 31 Jan 2025 18:29:06 +0100
Subject: [PATCH 025/145] feat(ui): Add CA cert UI

- brief instructions and recommendations
- copy button to copy the CA file mount
- ability to display the CA certificate
- ability to save your own CA Cert or generate a new one
---
 .../views/livewire/server/advanced.blade.php  | 76 +++++++++++++++++++
 1 file changed, 76 insertions(+)

diff --git a/resources/views/livewire/server/advanced.blade.php b/resources/views/livewire/server/advanced.blade.php
index b6dcf0ea0..737f52bea 100644
--- a/resources/views/livewire/server/advanced.blade.php
+++ b/resources/views/livewire/server/advanced.blade.php
@@ -38,6 +38,82 @@
                     </div>
                 </div>
             </div>
+            
+            <div class="flex flex-col gap-4 pt-8">
+                <h3>CA SSL Certificate</h3>
+                <div class="flex gap-2">
+                    <x-modal-confirmation 
+                        title="Confirm changing of CA Certificate?" 
+                        buttonTitle="Save Certificate"
+                        submitAction="saveCaCertificate" 
+                        :actions="[
+                            'This will overwrite the existing CA certificate at /data/coolify/ca/coolify-ca.crt with your custom CA certificate.', 
+                            'This will regenerate all SSL certificates for databases on this server and it will sign them with your custom CA.',
+                            'You must manually redeploy all your databases to use the new SSL certificate.',
+                            'You proabley also need to redeploy all your resources using the CA certificate.'
+                        ]"
+                        confirmationText="/data/coolify/ca/coolify-ca.crt"
+                        shortConfirmationLabel="CA Certificate Path"
+                        step3ButtonText="Save Certificate">
+                    </x-modal-confirmation>
+                    <x-modal-confirmation 
+                        title="Confirm Regenerate Certificate?" 
+                        buttonTitle="Regenerate Certificate" 
+                        submitAction="regenerateCaCertificate" 
+                        :actions="[
+                            'This will generate a new CA certificate at /data/coolify/ca/coolify-ca.crt and replace the existing one.', 
+                            'This will regenerate all SSL certificates for databases on this server and it will sign them with your custom CA.',
+                            'You must manually redeploy all your databases to use the new SSL certificate.',
+                            'You proabley also need to redeploy all your resources using the CA certificate.'
+                        ]"
+                        confirmationText="/data/coolify/ca/coolify-ca.crt"
+                        shortConfirmationLabel="CA Certificate Path"
+                        step3ButtonText="Regenerate Certificate">
+                    </x-modal-confirmation>
+                </div>
+                <div class="space-y-4">
+                    <div class="text-sm">
+                        <p class="font-medium mb-2">Recommended Configuration:</p>
+                        <ul class="list-disc pl-5 space-y-1">
+                            <li>Mount this Coolify CA certificate into all containers that need to connect to a database over SSL.</li>
+                            <li>Use verify-full (recommended) or verify-ca when connecting to a database over SSL.</li>
+                        </ul>
+                    </div>
+                    <div class="relative">
+                        <x-forms.copy-button 
+                            text="- /data/coolify/ca/coolify-ca.crt:/etc/ssl/certs/coolify-ca.crt:ro" 
+                        />
+                    </div>
+                </div>
+                <div>
+                    <div class="flex items-center justify-between mb-2">
+                        <span class="text-sm">CA Certificate Content</span>
+                        <x-forms.button 
+                            wire:click="toggleCertificate" 
+                            type="button" 
+                            class="!py-1 !px-2 text-sm">
+                            {{ $showCertificate ? 'Hide' : 'Show' }}
+                        </x-forms.button>
+                    </div>
+                    @if($showCertificate)
+                        <textarea 
+                            class="w-full h-[370px] input"
+                            wire:model="certificateContent"
+                            placeholder="Paste or edit CA certificate content here..."></textarea>
+                    @else
+                        <div class="w-full h-[370px] input">
+                            <div class="h-full flex flex-col items-center justify-center text-gray-300">
+                                <div class="mb-2">
+                                    ━━━━━━━━ CERTIFICATE CONTENT ━━━━━━━━
+                                </div>
+                                <div class="text-sm">
+                                    Click "Show" to view or edit
+                                </div>
+                            </div>
+                        </div>
+                    @endif
+                </div>
+            </div>
         </form>
     </div>
 </div>

From 6d0291a66f47c44600d552ab218fd7ccfbb849dd Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Fri, 31 Jan 2025 18:31:02 +0100
Subject: [PATCH 026/145] feat(ui): new copy button component

---
 .../views/components/forms/copy-button.blade.php    | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 resources/views/components/forms/copy-button.blade.php

diff --git a/resources/views/components/forms/copy-button.blade.php b/resources/views/components/forms/copy-button.blade.php
new file mode 100644
index 000000000..2e5f64c1a
--- /dev/null
+++ b/resources/views/components/forms/copy-button.blade.php
@@ -0,0 +1,13 @@
+@props(['text'])
+
+<div class="relative" x-data="{ copied: false }">
+    <input type="text" value="{{ $text }}" readonly class="input">
+    <button @click="copied = true; navigator.clipboard.writeText('{{ $text }}'); setTimeout(() => copied = false, 1000)" class="absolute right-2 top-1/2 -translate-y-1/2 p-1.5 text-gray-400 hover:text-gray-300 transition-colors" title="Copy to clipboard">
+        <svg x-show="!copied" class="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M8 16H6a2 2 0 01-2-2V6a2 2 0 012-2h8a2 2 0 012 2v2m-6 12h8a2 2 0 002-2v-8a2 2 0 00-2-2h-8a2 2 0 00-2 2v8a2 2 0 002 2z" />
+        </svg>
+        <svg x-show="copied" class="w-5 h-5 text-green-500" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 13l4 4L19 7" />
+        </svg>
+    </button>
+</div>

From 4eba1d21303374ab8eb49cdff1122d3b1eeabbf6 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Fri, 31 Jan 2025 18:31:42 +0100
Subject: [PATCH 027/145] feat(ui): use new copy button component everywhere

---
 .../components/modal-confirmation.blade.php   | 34 ++----------
 .../views/livewire/profile/index.blade.php    | 52 +++----------------
 2 files changed, 10 insertions(+), 76 deletions(-)

diff --git a/resources/views/components/modal-confirmation.blade.php b/resources/views/components/modal-confirmation.blade.php
index e98a494c5..cc15de99e 100644
--- a/resources/views/components/modal-confirmation.blade.php
+++ b/resources/views/components/modal-confirmation.blade.php
@@ -40,7 +40,6 @@
     userConfirmationText: '',
     confirmWithText: @js($confirmWithText && !$disableTwoStepConfirmation),
     confirmWithPassword: @js($confirmWithPassword && !$disableTwoStepConfirmation),
-    copied: false,
     submitAction: @js($submitAction),
     passwordError: '',
     selectedActions: @js(collect($checkboxes)->pluck('id')->filter(fn($id) => $this->$id)->values()->all()),
@@ -91,13 +90,6 @@
                 }
             });
     },
-    copyConfirmationText() {
-        navigator.clipboard.writeText(this.confirmationText);
-        this.copied = true;
-        setTimeout(() => {
-            this.copied = false;
-        }, 2000);
-    },
     toggleAction(id) {
         const index = this.selectedActions.indexOf(id);
         if (index > -1) {
@@ -255,29 +247,9 @@
                                     <h4 class="mb-2 text-lg font-semibold">Confirm Actions</h4>
                                     <p class="mb-2 text-sm">{{ $confirmationLabel }}</p>
                                     <div class="relative mb-2">
-                                        <input type="text" x-model="confirmationText"
-                                            class="p-2 pr-10 w-full text-black rounded cursor-text input" readonly>
-                                        <button @click="copyConfirmationText()"
-                                            x-show="window.isSecureContext"
-                                            class="absolute right-2 top-1/2 text-gray-500 transform -translate-y-1/2 hover:text-gray-700"
-                                            title="Copy confirmation text" x-ref="copyButton">
-                                            <template x-if="!copied">
-                                                <svg xmlns="http://www.w3.org/2000/svg" class="w-5 h-5"
-                                                    viewBox="0 0 20 20" fill="currentColor">
-                                                    <path d="M8 3a1 1 0 011-1h2a1 1 0 110 2H9a1 1 0 01-1-1z" />
-                                                    <path
-                                                        d="M6 3a2 2 0 00-2 2v11a2 2 0 002 2h8a2 2 0 002-2V5a2 2 0 00-2-2 3 3 0 01-3 3H9a3 3 0 01-3-3z" />
-                                                </svg>
-                                            </template>
-                                            <template x-if="copied">
-                                                <svg xmlns="http://www.w3.org/2000/svg" class="w-5 h-5 text-green-500"
-                                                    viewBox="0 0 20 20" fill="currentColor">
-                                                    <path fill-rule="evenodd"
-                                                        d="M10 18a8 8 0 100-16 8 8 0 000 16zm3.707-9.293a1 1 0 00-1.414-1.414L9 10.586 7.707 9.293a1 1 0 00-1.414 1.414l2 2a1 1 0 001.414 0l4-4z"
-                                                        clip-rule="evenodd" />
-                                                </svg>
-                                            </template>
-                                        </button>
+                                        <x-forms.copy-button 
+                                            text="{{ $confirmationText }}"
+                                        />
                                     </div>
 
                                     <label for="userConfirmationText"
diff --git a/resources/views/livewire/profile/index.blade.php b/resources/views/livewire/profile/index.blade.php
index 087aba319..bc9f19f56 100644
--- a/resources/views/livewire/profile/index.blade.php
+++ b/resources/views/livewire/profile/index.blade.php
@@ -45,52 +45,14 @@
                 </div>
                 <div x-data="{
                     showCode: false,
-                    secretKey: '{{ decrypt(request()->user()->two_factor_secret) }}',
-                    otpUrl: '{{ request()->user()->twoFactorQrCodeUrl() }}',
-                    copiedSecretKey: false,
-                    copiedOtpUrl: false
                 }" class="py-4 w-full">
-                    <div class="flex flex-col gap-2" x-show="showCode">
-                        <div class="relative">
-                            <x-forms.input
-                                x-model="secretKey"
-                                label="Secret Key"
-                                readonly
-                                class="font-mono pr-10"
-                            />
-                            <button
-                                x-show="window.isSecureContext"
-                                @click="navigator.clipboard.writeText(secretKey); copiedSecretKey = true; setTimeout(() => copiedSecretKey = false, 2000)"
-                                class="absolute right-2 bottom-1 p-1 rounded hover:bg-gray-200 dark:hover:bg-gray-700"
-                            >
-                                <svg x-show="!copiedSecretKey" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class="w-5 h-5">
-                                    <path stroke-linecap="round" stroke-linejoin="round" d="M15.75 17.25v3.375c0 .621-.504 1.125-1.125 1.125h-9.75a1.125 1.125 0 01-1.125-1.125V7.875c0-.621.504-1.125 1.125-1.125H6.75a9.06 9.06 0 011.5.124m7.5 10.376h3.375c.621 0 1.125-.504 1.125-1.125V11.25c0-4.46-3.243-8.161-7.5-8.876a9.06 9.06 0 00-1.5-.124H9.375c-.621 0-1.125.504-1.125 1.125v3.5m7.5 10.375H9.375a1.125 1.125 0 01-1.125-1.125v-9.25m12 6.625v-1.875a3.375 3.375 0 00-3.375-3.375h-1.5a1.125 1.125 0 01-1.125-1.125v-1.5a3.375 3.375 0 00-3.375-3.375H9.75" />
-                                </svg>
-                                <svg x-show="copiedSecretKey" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class="w-5 h-5 text-green-500">
-                                    <path stroke-linecap="round" stroke-linejoin="round" d="M4.5 12.75l6 6 9-13.5" />
-                                </svg>
-                            </button>
-                        </div>
-                        <div class="relative" >
-                            <x-forms.input
-                                x-model="otpUrl"
-                                label="OTP URL"
-                                readonly
-                                class="font-mono pr-10"
-                            />
-                            <button
-                                x-show="window.isSecureContext"
-                                @click="navigator.clipboard.writeText(otpUrl); copiedOtpUrl = true; setTimeout(() => copiedOtpUrl = false, 2000)"
-                                class="absolute right-2 bottom-1 p-1 rounded hover:bg-gray-200 dark:hover:bg-gray-700"
-                            >
-                                <svg x-show="!copiedOtpUrl" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class="w-5 h-5">
-                                    <path stroke-linecap="round" stroke-linejoin="round" d="M15.75 17.25v3.375c0 .621-.504 1.125-1.125 1.125h-9.75a1.125 1.125 0 01-1.125-1.125V7.875c0-.621.504-1.125 1.125-1.125H6.75a9.06 9.06 0 011.5.124m7.5 10.376h3.375c.621 0 1.125-.504 1.125-1.125V11.25c0-4.46-3.243-8.161-7.5-8.876a9.06 9.06 0 00-1.5-.124H9.375c-.621 0-1.125.504-1.125 1.125v3.5m7.5 10.375H9.375a1.125 1.125 0 01-1.125-1.125v-9.25m12 6.625v-1.875a3.375 3.375 0 00-3.375-3.375h-1.5a1.125 1.125 0 01-1.125-1.125v-1.5a3.375 3.375 0 00-3.375-3.375H9.75" />
-                                </svg>
-                                <svg x-show="copiedOtpUrl" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class="w-5 h-5 text-green-500">
-                                    <path stroke-linecap="round" stroke-linejoin="round" d="M4.5 12.75l6 6 9-13.5" />
-                                </svg>
-                            </button>
-                        </div>
+                    <div class="flex flex-col gap-2 pb-2" x-show="showCode">
+                        <x-forms.copy-button 
+                            text="{{ decrypt(request()->user()->two_factor_secret) }}" 
+                        />
+                        <x-forms.copy-button 
+                            text="{{ request()->user()->twoFactorQrCodeUrl() }}" 
+                        />
                     </div>
                     <x-forms.button x-on:click="showCode = !showCode" class="mt-2">
                         <span x-text="showCode ? 'Hide Secret Key and OTP URL' : 'Show Secret Key and OTP URL'"></span>

From 4305ba5f0657d045ca2e715f1a8f820d93c23528 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Sun, 2 Feb 2025 14:56:26 +0100
Subject: [PATCH 028/145] fix(migration): ssl certificates table

- remove unique constraint
- add CA certificate boolean
- make sure that each certificate has a server_id so that we know which CA to use when renewing certificates
---
 .../2025_01_27_153741_create_ssl_certificates_table.php       | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/database/migrations/2025_01_27_153741_create_ssl_certificates_table.php b/database/migrations/2025_01_27_153741_create_ssl_certificates_table.php
index 702f1f534..5abd0f453 100644
--- a/database/migrations/2025_01_27_153741_create_ssl_certificates_table.php
+++ b/database/migrations/2025_01_27_153741_create_ssl_certificates_table.php
@@ -14,12 +14,12 @@ return new class extends Migration
             $table->text('ssl_private_key');
             $table->string('resource_type')->nullable();
             $table->unsignedBigInteger('resource_id')->nullable();
-            $table->unsignedBigInteger('server_id')->nullable();
+            $table->unsignedBigInteger('server_id');
             $table->timestamp('valid_until');
+            $table->boolean('is_ca_certificate')->default(false);
             $table->timestamps();
 
             $table->foreign('server_id')->references('id')->on('servers');
-            $table->unique(['server_id', 'resource_id']);
         });
     }
 

From 30343b0049a68fb24def3976daa37fb052211ab8 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Mon, 3 Feb 2025 21:40:41 +0100
Subject: [PATCH 029/145] feat(ui): improve server advanced view

- use new path for CA certificate
- fix grammar
- added link to the docs
- added "valid until" to show expiration date
---
 .../views/livewire/server/advanced.blade.php  | 39 ++++++++++++-------
 1 file changed, 26 insertions(+), 13 deletions(-)

diff --git a/resources/views/livewire/server/advanced.blade.php b/resources/views/livewire/server/advanced.blade.php
index 737f52bea..471f3767c 100644
--- a/resources/views/livewire/server/advanced.blade.php
+++ b/resources/views/livewire/server/advanced.blade.php
@@ -47,12 +47,12 @@
                         buttonTitle="Save Certificate"
                         submitAction="saveCaCertificate" 
                         :actions="[
-                            'This will overwrite the existing CA certificate at /data/coolify/ca/coolify-ca.crt with your custom CA certificate.', 
+                            'This will overwrite the existing CA certificate at /data/coolify/ssl/coolify-ca.crt with your custom CA certificate.', 
                             'This will regenerate all SSL certificates for databases on this server and it will sign them with your custom CA.',
-                            'You must manually redeploy all your databases to use the new SSL certificate.',
-                            'You proabley also need to redeploy all your resources using the CA certificate.'
+                            'You must manually redeploy all your databases on this server so that they use the new SSL certificates singned with your new CA certificate.',
+                            'Because of caching, you probably also need to redeploy all your resources on this server that are using this CA certificate.'
                         ]"
-                        confirmationText="/data/coolify/ca/coolify-ca.crt"
+                        confirmationText="/data/coolify/ssl/coolify-ca.crt"
                         shortConfirmationLabel="CA Certificate Path"
                         step3ButtonText="Save Certificate">
                     </x-modal-confirmation>
@@ -61,12 +61,12 @@
                         buttonTitle="Regenerate Certificate" 
                         submitAction="regenerateCaCertificate" 
                         :actions="[
-                            'This will generate a new CA certificate at /data/coolify/ca/coolify-ca.crt and replace the existing one.', 
-                            'This will regenerate all SSL certificates for databases on this server and it will sign them with your custom CA.',
-                            'You must manually redeploy all your databases to use the new SSL certificate.',
-                            'You proabley also need to redeploy all your resources using the CA certificate.'
+                            'This will generate a new CA certificate at /data/coolify/ssl/coolify-ca.crt and replace the existing one.', 
+                            'This will regenerate all SSL certificates for databases on this server and it will sign them with the new CA certificate.',
+                            'You must manually redeploy all your databases on this server so that they use the new SSL certificates singned with the new CA certificate.',
+                            'Because of caching, you probably also need to redeploy all your resources on this server that are using this CA certificate.'
                         ]"
-                        confirmationText="/data/coolify/ca/coolify-ca.crt"
+                        confirmationText="/data/coolify/ssl/coolify-ca.crt"
                         shortConfirmationLabel="CA Certificate Path"
                         step3ButtonText="Regenerate Certificate">
                     </x-modal-confirmation>
@@ -75,19 +75,32 @@
                     <div class="text-sm">
                         <p class="font-medium mb-2">Recommended Configuration:</p>
                         <ul class="list-disc pl-5 space-y-1">
-                            <li>Mount this Coolify CA certificate into all containers that need to connect to a database over SSL.</li>
-                            <li>Use verify-full (recommended) or verify-ca when connecting to a database over SSL.</li>
+                            <li>Mount this CA certificate of Coolify into all containers that need to connect to one of your databases over SSL. You can see and copy the bind mount below.</li>
+                            <li>Read more when and why this is needed <a class="underline" href="https://coolify.io/docs/databases/ssl" target="_blank">here</a>.</li>
                         </ul>
                     </div>
                     <div class="relative">
                         <x-forms.copy-button 
-                            text="- /data/coolify/ca/coolify-ca.crt:/etc/ssl/certs/coolify-ca.crt:ro" 
+                            text="- /data/coolify/ssl/coolify-ca.crt:/etc/ssl/certs/coolify-ca.crt:ro" 
                         />
                     </div>
                 </div>
                 <div>
                     <div class="flex items-center justify-between mb-2">
-                        <span class="text-sm">CA Certificate Content</span>
+                        <div class="flex items-center gap-2">
+                            <span class="text-sm">CA Certificate</span>
+                            @if($certificateValidUntil)
+                                <span class="text-sm">(Valid until: 
+                                    @if(now()->gt($certificateValidUntil))
+                                        <span class="text-red-500">{{ $certificateValidUntil->format('d.m.Y H:i:s') }} - Expired)</span>
+                                    @elseif(now()->addDays(30)->gt($certificateValidUntil))
+                                        <span class="text-red-500">{{ $certificateValidUntil->format('d.m.Y H:i:s') }} - Expiring soon)</span>
+                                    @else
+                                        <span>{{ $certificateValidUntil->format('d.m.Y H:i:s') }})</span>
+                                    @endif
+                                </span>
+                            @endif
+                        </div>
                         <x-forms.button 
                             wire:click="toggleCertificate" 
                             type="button" 

From a1e650e699757d0f2ea4461c50692f80f5cfd98e Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Mon, 3 Feb 2025 21:42:28 +0100
Subject: [PATCH 030/145] chore: rename ca crt folder to ssl

---
 app/Actions/Server/InstallDocker.php | 3 ++-
 database/seeders/CaSslCertSeeder.php | 5 +++--
 scripts/install.sh                   | 2 +-
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/app/Actions/Server/InstallDocker.php b/app/Actions/Server/InstallDocker.php
index 993d38e5f..2c07950f0 100644
--- a/app/Actions/Server/InstallDocker.php
+++ b/app/Actions/Server/InstallDocker.php
@@ -24,9 +24,10 @@ class InstallDocker
             $serverCert = SslHelper::generateSslCertificate(
                 commonName: 'Coolify CA Certificate',
                 serverId: $server->id,
+                isCaCertificate: true,
                 validityDays: 15 * 365
             );
-            $serverCertPath = config('constants.coolify.base_config_path').'/ca/';
+            $serverCertPath = config('constants.coolify.base_config_path').'/ssl/';
 
             $commands = collect([
                 "mkdir -p $serverCertPath",
diff --git a/database/seeders/CaSslCertSeeder.php b/database/seeders/CaSslCertSeeder.php
index 9970e8fb5..8e26bbdca 100644
--- a/database/seeders/CaSslCertSeeder.php
+++ b/database/seeders/CaSslCertSeeder.php
@@ -13,16 +13,17 @@ class CaSslCertSeeder extends Seeder
     {
         Server::chunk(200, function ($servers) {
             foreach ($servers as $server) {
-                $existingCert = SslCertificate::where('server_id', $server->id)->first();
+                $existingCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first();
 
                 if (! $existingCert) {
                     $serverCert = SslHelper::generateSslCertificate(
                         commonName: 'Coolify CA Certificate',
                         serverId: $server->id,
+                        isCaCertificate: true,
                         validityDays: 15 * 365
                     );
 
-                    $serverCertPath = config('constants.coolify.base_config_path').'/ca/';
+                    $serverCertPath = config('constants.coolify.base_config_path').'/ssl/';
 
                     $commands = collect([
                         "mkdir -p $serverCertPath",
diff --git a/scripts/install.sh b/scripts/install.sh
index 6eb46ad09..c73bbb580 100755
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -62,7 +62,7 @@ if [ "$WARNING_SPACE" = true ]; then
     sleep 5
 fi
 
-mkdir -p /data/coolify/{source,ssh,applications,databases,backups,services,proxy,ca,webhooks-during-maintenance,sentinel}
+mkdir -p /data/coolify/{source,ssh,applications,databases,backups,services,proxy,ssl,webhooks-during-maintenance,sentinel}
 mkdir -p /data/coolify/ssh/{keys,mux}
 mkdir -p /data/coolify/proxy/dynamic
 

From 3cf758e2d08662f13ac2db2e15f1089e8a21e274 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Mon, 3 Feb 2025 21:43:16 +0100
Subject: [PATCH 031/145] fix(databases): fix database name users new `uuid`
 instead of DB one

---
 bootstrap/helpers/databases.php | 29 ++++++++++++++++-------------
 1 file changed, 16 insertions(+), 13 deletions(-)

diff --git a/bootstrap/helpers/databases.php b/bootstrap/helpers/databases.php
index f2c069ac4..cedfa36d5 100644
--- a/bootstrap/helpers/databases.php
+++ b/bootstrap/helpers/databases.php
@@ -16,16 +16,12 @@ use Illuminate\Support\Collection;
 use Illuminate\Support\Facades\Storage;
 use Visus\Cuid2\Cuid2;
 
-function generate_database_name(string $type): string
-{
-    return $type.'-database-'.(new Cuid2);
-}
-
 function create_standalone_postgresql($environmentId, $destinationUuid, ?array $otherData = null, string $databaseImage = 'postgres:16-alpine'): StandalonePostgresql
 {
     $destination = StandaloneDocker::where('uuid', $destinationUuid)->firstOrFail();
     $database = new StandalonePostgresql;
-    $database->name = generate_database_name('postgresql');
+    $database->uuid = (new Cuid2);
+    $database->name = 'postgresql-database-'.$database->uuid;
     $database->image = $databaseImage;
     $database->postgres_password = \Illuminate\Support\Str::password(length: 64, symbols: false);
     $database->environment_id = $environmentId;
@@ -43,7 +39,8 @@ function create_standalone_redis($environment_id, $destination_uuid, ?array $oth
 {
     $destination = StandaloneDocker::where('uuid', $destination_uuid)->firstOrFail();
     $database = new StandaloneRedis;
-    $database->name = generate_database_name('redis');
+    $database->uuid = (new Cuid2);
+    $database->name = 'redis-database-'.$database->uuid;
     $redis_password = \Illuminate\Support\Str::password(length: 64, symbols: false);
     $database->environment_id = $environment_id;
     $database->destination_id = $destination->id;
@@ -76,7 +73,8 @@ function create_standalone_mongodb($environment_id, $destination_uuid, ?array $o
 {
     $destination = StandaloneDocker::where('uuid', $destination_uuid)->firstOrFail();
     $database = new StandaloneMongodb;
-    $database->name = generate_database_name('mongodb');
+    $database->uuid = (new Cuid2);
+    $database->name = 'mongodb-database-'.$database->uuid;
     $database->mongo_initdb_root_password = \Illuminate\Support\Str::password(length: 64, symbols: false);
     $database->environment_id = $environment_id;
     $database->destination_id = $destination->id;
@@ -93,7 +91,8 @@ function create_standalone_mysql($environment_id, $destination_uuid, ?array $oth
 {
     $destination = StandaloneDocker::where('uuid', $destination_uuid)->firstOrFail();
     $database = new StandaloneMysql;
-    $database->name = generate_database_name('mysql');
+    $database->uuid = (new Cuid2);
+    $database->name = 'mysql-database-'.$database->uuid;
     $database->mysql_root_password = \Illuminate\Support\Str::password(length: 64, symbols: false);
     $database->mysql_password = \Illuminate\Support\Str::password(length: 64, symbols: false);
     $database->environment_id = $environment_id;
@@ -111,7 +110,8 @@ function create_standalone_mariadb($environment_id, $destination_uuid, ?array $o
 {
     $destination = StandaloneDocker::where('uuid', $destination_uuid)->firstOrFail();
     $database = new StandaloneMariadb;
-    $database->name = generate_database_name('mariadb');
+    $database->uuid = (new Cuid2);
+    $database->name = 'mariadb-database-'.$database->uuid;
     $database->mariadb_root_password = \Illuminate\Support\Str::password(length: 64, symbols: false);
     $database->mariadb_password = \Illuminate\Support\Str::password(length: 64, symbols: false);
     $database->environment_id = $environment_id;
@@ -129,7 +129,8 @@ function create_standalone_keydb($environment_id, $destination_uuid, ?array $oth
 {
     $destination = StandaloneDocker::where('uuid', $destination_uuid)->firstOrFail();
     $database = new StandaloneKeydb;
-    $database->name = generate_database_name('keydb');
+    $database->uuid = (new Cuid2);
+    $database->name = 'keydb-database-'.$database->uuid;
     $database->keydb_password = \Illuminate\Support\Str::password(length: 64, symbols: false);
     $database->environment_id = $environment_id;
     $database->destination_id = $destination->id;
@@ -146,7 +147,8 @@ function create_standalone_dragonfly($environment_id, $destination_uuid, ?array
 {
     $destination = StandaloneDocker::where('uuid', $destination_uuid)->firstOrFail();
     $database = new StandaloneDragonfly;
-    $database->name = generate_database_name('dragonfly');
+    $database->uuid = (new Cuid2);
+    $database->name = 'dragonfly-database-'.$database->uuid;
     $database->dragonfly_password = \Illuminate\Support\Str::password(length: 64, symbols: false);
     $database->environment_id = $environment_id;
     $database->destination_id = $destination->id;
@@ -163,7 +165,8 @@ function create_standalone_clickhouse($environment_id, $destination_uuid, ?array
 {
     $destination = StandaloneDocker::where('uuid', $destination_uuid)->firstOrFail();
     $database = new StandaloneClickhouse;
-    $database->name = generate_database_name('clickhouse');
+    $database->uuid = (new Cuid2);
+    $database->name = 'clickhouse-database-'.$database->uuid;
     $database->clickhouse_admin_password = \Illuminate\Support\Str::password(length: 64, symbols: false);
     $database->environment_id = $environment_id;
     $database->destination_id = $destination->id;

From 5f357e3d925dc14c4014e45cbf06c1e29d5fcdb2 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Mon, 3 Feb 2025 22:03:45 +0100
Subject: [PATCH 032/145] fix(database): fix volume and file mounts and naming

- fix: Volume and file mounts are unmounted if there are more than 1
- rename the crt and key to server key and crt to follow best practices
- move crt and key to a more standardized location
---
 app/Actions/Database/StartPostgresql.php | 90 +++++++++++++++---------
 1 file changed, 57 insertions(+), 33 deletions(-)

diff --git a/app/Actions/Database/StartPostgresql.php b/app/Actions/Database/StartPostgresql.php
index de33a0114..7036b1a31 100644
--- a/app/Actions/Database/StartPostgresql.php
+++ b/app/Actions/Database/StartPostgresql.php
@@ -52,9 +52,9 @@ class StartPostgresql
                 $this->commands[] = "echo 'No SSL certificate found, generating new SSL certificate for this database.'";
                 $this->ssl_certificate = SslHelper::generateSslCertificate(
                     commonName: $this->database->uuid,
-                    // additionalSans: ["IP:{$server->ip_address}"], // Issue is the server IP can be also be a domain/ hostname and we need to be sure what it is before setting it.
                     resourceType: $this->database->getMorphClass(),
                     resourceId: $this->database->id,
+                    serverId: $server->id,
                     caCert: $caCert->ssl_certificate,
                     caKey: $caCert->ssl_private_key,
                 );
@@ -106,60 +106,84 @@ class StartPostgresql
                 ],
             ],
         ];
+
         if (filled($this->database->limits_cpuset)) {
             data_set($docker_compose, "services.{$container_name}.cpuset", $this->database->limits_cpuset);
         }
+
         if ($this->database->destination->server->isLogDrainEnabled() && $this->database->isLogDrainEnabled()) {
             $docker_compose['services'][$container_name]['logging'] = generate_fluentd_configuration();
         }
+
         if (count($this->database->ports_mappings_array) > 0) {
             $docker_compose['services'][$container_name]['ports'] = $this->database->ports_mappings_array;
         }
+
+        $docker_compose['services'][$container_name]['volumes'] ??= [];
+
         if (count($persistent_storages) > 0) {
-            $docker_compose['services'][$container_name]['volumes'] = $persistent_storages;
+            $docker_compose['services'][$container_name]['volumes'] = array_merge(
+                $docker_compose['services'][$container_name]['volumes'],
+                $persistent_storages
+            );
         }
+
         if (count($persistent_file_volumes) > 0) {
-            $docker_compose['services'][$container_name]['volumes'] = $persistent_file_volumes->map(function ($item) {
-                return "$item->fs_path:$item->mount_path";
-            })->toArray();
+            $docker_compose['services'][$container_name]['volumes'] = array_merge(
+                $docker_compose['services'][$container_name]['volumes'],
+                $persistent_file_volumes->map(function ($item) {
+                    return "$item->fs_path:$item->mount_path";
+                })->toArray()
+            );
         }
+
         if (count($volume_names) > 0) {
             $docker_compose['volumes'] = $volume_names;
         }
+
         if (count($this->init_scripts) > 0) {
             foreach ($this->init_scripts as $init_script) {
-                $docker_compose['services'][$container_name]['volumes'][] = [
-                    'type' => 'bind',
-                    'source' => $init_script,
-                    'target' => '/docker-entrypoint-initdb.d/'.basename($init_script),
-                    'read_only' => true,
-                ];
+                $docker_compose['services'][$container_name]['volumes'] = array_merge(
+                    $docker_compose['services'][$container_name]['volumes'],
+                    [[
+                        'type' => 'bind',
+                        'source' => $init_script,
+                        'target' => '/docker-entrypoint-initdb.d/'.basename($init_script),
+                        'read_only' => true,
+                    ]]
+                );
             }
         }
-        if ($this->database->enable_ssl) {
-            $docker_compose['services'][$container_name]['command'] = [
-                'postgres',
-                '-c',
-                'ssl=on',
-                '-c',
-                'ssl_cert_file=/etc/postgresql/ssl/internal.crt',
-                '-c',
-                'ssl_key_file=/etc/postgresql/ssl/internal.key',
-            ];
-        }
+
         if (filled($this->database->postgres_conf)) {
-            $docker_compose['services'][$container_name]['volumes'][] = [
-                'type' => 'bind',
-                'source' => $this->configuration_dir.'/custom-postgres.conf',
-                'target' => '/etc/postgresql/postgresql.conf',
-                'read_only' => true,
-            ];
+            $docker_compose['services'][$container_name]['volumes'] = array_merge(
+                $docker_compose['services'][$container_name]['volumes'],
+                [[
+                    'type' => 'bind',
+                    'source' => $this->configuration_dir.'/custom-postgres.conf',
+                    'target' => '/etc/postgresql/postgresql.conf',
+                    'read_only' => true,
+                ]]
+            );
             $docker_compose['services'][$container_name]['command'] = [
                 'postgres',
                 '-c',
                 'config_file=/etc/postgresql/postgresql.conf',
             ];
         }
+
+        if ($this->database->enable_ssl) {
+            $docker_compose['services'][$container_name]['command'] = [
+                'postgres',
+                '-c',
+                'ssl=on',
+                '-c',
+                'ssl_cert_file=/var/lib/postgresql/certs/server.crt',
+                '-c',
+                'ssl_key_file=/var/lib/postgresql/certs/server.key',
+            ];
+        }
+
         // Add custom docker run options
         $docker_run_options = convertDockerRunToCompose($this->database->custom_docker_run_options);
         $docker_compose = generateCustomDockerRunOptionsForDatabases($docker_run_options, $docker_compose, $container_name, $this->database->destination->network);
@@ -173,7 +197,7 @@ class StartPostgresql
         $this->commands[] = "docker compose -f $this->configuration_dir/docker-compose.yml pull";
         $this->commands[] = "docker compose -f $this->configuration_dir/docker-compose.yml up -d";
         if ($this->database->enable_ssl) {
-            $this->commands[] = executeInDocker($this->database->uuid, "chown {$this->database->postgres_user}:{$this->database->postgres_user} /etc/postgresql/ssl/internal.key /etc/postgresql/ssl/internal.crt");
+            $this->commands[] = executeInDocker($this->database->uuid, "chown {$this->database->postgres_user}:{$this->database->postgres_user} /var/lib/postgresql/certs/server.key /var/lib/postgresql/certs/server.crt");
         }
         $this->commands[] = "echo 'Database started.'";
 
@@ -284,16 +308,16 @@ class StartPostgresql
         }
 
         $this->database->fileStorages()->create([
-            'fs_path' => $this->configuration_dir.'/ssl/internal.crt',
-            'mount_path' => '/etc/postgresql/ssl/internal.crt',
+            'fs_path' => $this->configuration_dir.'/ssl/server.crt',
+            'mount_path' => '/var/lib/postgresql/certs/server.crt',
             'content' => $this->ssl_certificate->ssl_certificate,
             'is_directory' => false,
             'chmod' => '644',
         ]);
 
         $this->database->fileStorages()->create([
-            'fs_path' => $this->configuration_dir.'/ssl/internal.key',
-            'mount_path' => '/etc/postgresql/ssl/internal.key',
+            'fs_path' => $this->configuration_dir.'/ssl/server.key',
+            'mount_path' => '/var/lib/postgresql/certs/server.key',
             'content' => $this->ssl_certificate->ssl_private_key,
             'is_directory' => false,
             'chmod' => '600',

From 498bf045596d00889b8c7e7ab117fe5f85031a6b Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Mon, 3 Feb 2025 22:05:32 +0100
Subject: [PATCH 033/145] feat(migration): add CN and alternative names to DB

---
 app/Models/SslCertificate.php                                  | 3 +++
 .../2025_01_27_153741_create_ssl_certificates_table.php        | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/app/Models/SslCertificate.php b/app/Models/SslCertificate.php
index d16860b22..f1818f970 100644
--- a/app/Models/SslCertificate.php
+++ b/app/Models/SslCertificate.php
@@ -12,7 +12,10 @@ class SslCertificate extends Model
         'resource_type',
         'resource_id',
         'server_id',
+        'common_name',
+        'subject_alternative_names',
         'valid_until',
+        'is_ca_certificate',
     ];
 
     protected $casts = [
diff --git a/database/migrations/2025_01_27_153741_create_ssl_certificates_table.php b/database/migrations/2025_01_27_153741_create_ssl_certificates_table.php
index 5abd0f453..b19493b96 100644
--- a/database/migrations/2025_01_27_153741_create_ssl_certificates_table.php
+++ b/database/migrations/2025_01_27_153741_create_ssl_certificates_table.php
@@ -15,6 +15,8 @@ return new class extends Migration
             $table->string('resource_type')->nullable();
             $table->unsignedBigInteger('resource_id')->nullable();
             $table->unsignedBigInteger('server_id');
+            $table->text('common_name');
+            $table->text('subject_alternative_names')->nullable();
             $table->timestamp('valid_until');
             $table->boolean('is_ca_certificate')->default(false);
             $table->timestamps();

From 9d9fbd6859a1acf2ae78e0621f68cc55421b3c5d Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Mon, 3 Feb 2025 22:06:53 +0100
Subject: [PATCH 034/145] feat(databases): add CA SSL crt location to Postgres
 URLs

---
 app/Models/StandalonePostgresql.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/app/Models/StandalonePostgresql.php b/app/Models/StandalonePostgresql.php
index 7e8a071f3..b4b7ca59f 100644
--- a/app/Models/StandalonePostgresql.php
+++ b/app/Models/StandalonePostgresql.php
@@ -223,6 +223,9 @@ class StandalonePostgresql extends BaseModel
                 $url = "postgres://{$this->postgres_user}:{$this->postgres_password}@{$this->uuid}:5432/{$this->postgres_db}";
                 if ($this->enable_ssl) {
                     $url .= "?sslmode={$this->ssl_mode}";
+                    if (in_array($this->ssl_mode, ['verify-ca', 'verify-full'])) {
+                        $url .= '&sslrootcert=/etc/ssl/certs/coolify-ca.crt';
+                    }
                 }
 
                 return $url;
@@ -238,6 +241,9 @@ class StandalonePostgresql extends BaseModel
                     $url = "postgres://{$this->postgres_user}:{$this->postgres_password}@{$this->destination->server->getIp}:{$this->public_port}/{$this->postgres_db}";
                     if ($this->enable_ssl) {
                         $url .= "?sslmode={$this->ssl_mode}";
+                        if (in_array($this->ssl_mode, ['verify-ca', 'verify-full'])) {
+                            $url .= '&sslrootcert=/etc/ssl/certs/coolify-ca.crt';
+                        }
                     }
 
                     return $url;

From 72a2f79d888f6633b20b32489741dab2899e2dd5 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Mon, 3 Feb 2025 22:11:29 +0100
Subject: [PATCH 035/145] feat(ssl): improve ssl generation

- add default state and country
- rename parameters for more clarity
- set subjectAltName
- delete old certificate before creating new one
- Set CN and subjectAltNames in DB for automatic renewal
---
 app/Helpers/SslHelper.php | 45 ++++++++++++++++++++++++++++++++-------
 1 file changed, 37 insertions(+), 8 deletions(-)

diff --git a/app/Helpers/SslHelper.php b/app/Helpers/SslHelper.php
index 4797113b7..51ac3bffa 100644
--- a/app/Helpers/SslHelper.php
+++ b/app/Helpers/SslHelper.php
@@ -2,6 +2,7 @@
 
 namespace App\Helpers;
 
+use App\Models\Server;
 use App\Models\SslCertificate;
 use Carbon\CarbonImmutable;
 
@@ -9,18 +10,21 @@ class SslHelper
 {
     private const DEFAULT_ORGANIZATION_NAME = 'Coolify';
 
+    private const DEFAULT_COUNTRY_CODE = 'ZZ';
+
+    private const DEFAULT_STATE = 'Default';
+
     public static function generateSslCertificate(
         string $commonName,
-        array $additionalSans = [],
+        array $subjectAlternativeNames = [],
         ?string $resourceType = null,
         ?int $resourceId = null,
         ?int $serverId = null,
-        ?string $organizationName = null,
         int $validityDays = 365,
         ?string $caCert = null,
-        ?string $caKey = null
+        ?string $caKey = null,
+        bool $isCaCertificate = false
     ): SslCertificate {
-        $organizationName ??= self::DEFAULT_ORGANIZATION_NAME;
 
         try {
             $privateKey = openssl_pkey_new([
@@ -36,13 +40,29 @@ class SslHelper
                 throw new \RuntimeException('Failed to export private key: '.openssl_error_string());
             }
 
-            $dn = [
+            if (! is_null($serverId) && ! $isCaCertificate) {
+                $server = Server::find($serverId);
+                if ($server) {
+                    $ip = $server->getIp;
+                    if ($ip) {
+                        if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_IPV6)) {
+                            $subjectAlternativeNames[] = "IP:$ip";
+                        } else {
+                            $subjectAlternativeNames[] = "DNS:$ip";
+                        }
+                    }
+                }
+            }
+
+            $certificateSubject = [
                 'commonName' => $commonName,
-                'organizationName' => $organizationName,
-                'subjectAltName' => implode(', ', array_merge(["DNS:$commonName"], $additionalSans)),
+                'subjectAltName' => implode(', ', array_merge(["DNS:$commonName"], $subjectAlternativeNames)),
+                'organizationName' => self::DEFAULT_ORGANIZATION_NAME,
+                'countryName' => self::DEFAULT_COUNTRY_CODE,
+                'stateOrProvinceName' => self::DEFAULT_STATE,
             ];
 
-            $csr = openssl_csr_new($dn, $privateKey, [
+            $csr = openssl_csr_new($certificateSubject, $privateKey, [
                 'digest_alg' => 'sha512',
                 'config' => null,
                 'encrypt_key' => false,
@@ -72,6 +92,12 @@ class SslHelper
                 throw new \RuntimeException('Failed to export certificate: '.openssl_error_string());
             }
 
+            SslCertificate::query()
+                ->where('resource_type', $resourceType)
+                ->where('resource_id', $resourceId)
+                ->where('server_id', $serverId)
+                ->delete();
+
             return SslCertificate::create([
                 'ssl_certificate' => $certificateStr,
                 'ssl_private_key' => $privateKeyStr,
@@ -79,6 +105,9 @@ class SslHelper
                 'resource_id' => $resourceId,
                 'server_id' => $serverId,
                 'valid_until' => CarbonImmutable::now()->addDays($validityDays),
+                'is_ca_certificate' => $isCaCertificate,
+                'common_name' => $commonName,
+                'subject_alternative_names' => implode(', ', array_merge(["DNS:$commonName"], $subjectAlternativeNames)),
             ]);
         } catch (\Throwable $e) {
             throw new \RuntimeException('SSL Certificate generation failed: '.$e->getMessage(), 0, $e);

From fba95c372980f73faa3b8dc0e36fbbd7018c0123 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Mon, 3 Feb 2025 22:35:00 +0100
Subject: [PATCH 036/145] fix(migration): store subjectAlternativeNames as a
 json array in the db

---
 app/Helpers/SslHelper.php                                       | 2 +-
 app/Models/SslCertificate.php                                   | 1 +
 .../2025_01_27_153741_create_ssl_certificates_table.php         | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/app/Helpers/SslHelper.php b/app/Helpers/SslHelper.php
index 51ac3bffa..43df8114e 100644
--- a/app/Helpers/SslHelper.php
+++ b/app/Helpers/SslHelper.php
@@ -107,7 +107,7 @@ class SslHelper
                 'valid_until' => CarbonImmutable::now()->addDays($validityDays),
                 'is_ca_certificate' => $isCaCertificate,
                 'common_name' => $commonName,
-                'subject_alternative_names' => implode(', ', array_merge(["DNS:$commonName"], $subjectAlternativeNames)),
+                'subject_alternative_names' => $subjectAlternativeNames,
             ]);
         } catch (\Throwable $e) {
             throw new \RuntimeException('SSL Certificate generation failed: '.$e->getMessage(), 0, $e);
diff --git a/app/Models/SslCertificate.php b/app/Models/SslCertificate.php
index f1818f970..54a997dfb 100644
--- a/app/Models/SslCertificate.php
+++ b/app/Models/SslCertificate.php
@@ -21,6 +21,7 @@ class SslCertificate extends Model
     protected $casts = [
         'ssl_certificate' => 'encrypted',
         'ssl_private_key' => 'encrypted',
+        'subject_alternative_names' => 'array',
         'valid_until' => 'datetime',
     ];
 
diff --git a/database/migrations/2025_01_27_153741_create_ssl_certificates_table.php b/database/migrations/2025_01_27_153741_create_ssl_certificates_table.php
index b19493b96..023482055 100644
--- a/database/migrations/2025_01_27_153741_create_ssl_certificates_table.php
+++ b/database/migrations/2025_01_27_153741_create_ssl_certificates_table.php
@@ -16,7 +16,7 @@ return new class extends Migration
             $table->unsignedBigInteger('resource_id')->nullable();
             $table->unsignedBigInteger('server_id');
             $table->text('common_name');
-            $table->text('subject_alternative_names')->nullable();
+            $table->json('subject_alternative_names')->nullable();
             $table->timestamp('valid_until');
             $table->boolean('is_ca_certificate')->default(false);
             $table->timestamps();

From 2fbb898c892c954c4bfbf645c5ed732b325842e5 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Mon, 3 Feb 2025 22:37:12 +0100
Subject: [PATCH 037/145] feat(ssl): regenerate SSL certs job

---
 app/Jobs/RegenerateSslCertJob.php | 66 +++++++++++++++++++++++++++++++
 1 file changed, 66 insertions(+)
 create mode 100644 app/Jobs/RegenerateSslCertJob.php

diff --git a/app/Jobs/RegenerateSslCertJob.php b/app/Jobs/RegenerateSslCertJob.php
new file mode 100644
index 000000000..387408b89
--- /dev/null
+++ b/app/Jobs/RegenerateSslCertJob.php
@@ -0,0 +1,66 @@
+<?php
+
+namespace App\Jobs;
+
+use App\Helpers\SSLHelper;
+use App\Models\SslCertificate;
+use App\Models\Team;
+use App\Notifications\SslExpirationNotification;
+use Illuminate\Bus\Queueable;
+use Illuminate\Contracts\Queue\ShouldQueue;
+use Illuminate\Foundation\Bus\Dispatchable;
+use Illuminate\Queue\InteractsWithQueue;
+use Illuminate\Queue\SerializesModels;
+use Illuminate\Support\Facades\Log;
+
+class RegenerateSslCertJob implements ShouldQueue
+{
+    use Dispatchable, InteractsWithQueue, Queueable, SerializesModels;
+
+    public function __construct(
+        protected ?Team $team = null,
+        protected ?int $server_id = null,
+        protected bool $force_regeneration = false,
+    ) {}
+
+    public function handle()
+    {
+        $query = SslCertificate::query();
+
+        if ($this->server_id) {
+            $query->where('server_id', $this->server_id);
+        }
+
+        if (! $this->force_regeneration) {
+            $query->where('valid_until', '<=', now()->addDays(14));
+        }
+
+        $certificates = $query->get();
+
+        if ($certificates->isEmpty()) {
+            return;
+        }
+
+        $regenerated = collect();
+
+        foreach ($certificates as $certificate) {
+            try {
+                SSLHelper::generateSslCertificate(
+                    commonName: $certificate->common_name,
+                    subjectAlternativeNames: $certificate->subject_alternative_names,
+                    resourceType: $certificate->resource_type,
+                    resourceId: $certificate->resource_id,
+                    serverId: $certificate->server_id,
+                    validityDays: 365
+                );
+                $regenerated->push($certificate);
+            } catch (\Exception $e) {
+                Log::error('Failed to regenerate SSL certificate: '.$e->getMessage());
+            }
+        }
+
+        if ($regenerated->isNotEmpty()) {
+            $this->team?->notify(new SslExpirationNotification($regenerated));
+        }
+    }
+}

From cd335e9e00bf2ee71e7bf1f5c88e67d5569197e7 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Mon, 3 Feb 2025 22:42:15 +0100
Subject: [PATCH 038/145] fix(ssl): make sure the subjectAlternativeNames are
 unique and stored correctly

---
 app/Helpers/SslHelper.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/app/Helpers/SslHelper.php b/app/Helpers/SslHelper.php
index 43df8114e..ffa2279e8 100644
--- a/app/Helpers/SslHelper.php
+++ b/app/Helpers/SslHelper.php
@@ -54,9 +54,12 @@ class SslHelper
                 }
             }
 
+            $subjectAlternativeNames = array_unique(
+                array_merge(["DNS:$commonName"], $subjectAlternativeNames)
+            );
             $certificateSubject = [
                 'commonName' => $commonName,
-                'subjectAltName' => implode(', ', array_merge(["DNS:$commonName"], $subjectAlternativeNames)),
+                'subjectAltName' => $subjectAlternativeNames,
                 'organizationName' => self::DEFAULT_ORGANIZATION_NAME,
                 'countryName' => self::DEFAULT_COUNTRY_CODE,
                 'stateOrProvinceName' => self::DEFAULT_STATE,

From 53510928d2ac7dd6236ebbd5fb0550ea28d726ab Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Mon, 3 Feb 2025 22:54:31 +0100
Subject: [PATCH 039/145] feat(ssl): regenerate certificate and valid until UI

---
 .../Project/Database/Postgresql/General.php   | 41 +++++++++++++++++++
 .../database/postgresql/general.blade.php     | 34 ++++++++++++++-
 2 files changed, 74 insertions(+), 1 deletion(-)

diff --git a/app/Livewire/Project/Database/Postgresql/General.php b/app/Livewire/Project/Database/Postgresql/General.php
index 25f3f4f30..e52d8d65e 100644
--- a/app/Livewire/Project/Database/Postgresql/General.php
+++ b/app/Livewire/Project/Database/Postgresql/General.php
@@ -4,7 +4,9 @@ namespace App\Livewire\Project\Database\Postgresql;
 
 use App\Actions\Database\StartDatabaseProxy;
 use App\Actions\Database\StopDatabaseProxy;
+use App\Helpers\SslHelper;
 use App\Models\Server;
+use App\Models\SslCertificate;
 use App\Models\StandalonePostgresql;
 use Exception;
 use Livewire\Component;
@@ -107,6 +109,45 @@ class General extends Component
         }
     }
 
+    public function regenerateSslCertificate()
+    {
+        try {
+            if (! $this->database->enable_ssl) {
+                $this->dispatch('error', 'SSL is not enabled for this database.');
+
+                return;
+            }
+
+            $server = $this->database->destination->server;
+
+            $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass())
+                ->where('resource_id', $this->database->id)
+                ->first();
+
+            if (! $existingCert) {
+                $this->dispatch('error', 'No existing SSL certificate found for this database.');
+
+                return;
+            }
+
+            $caCert = SslCertificate::where('server_id', $server->id)->firstOrFail();
+
+            SslHelper::generateSslCertificate(
+                commonName: $existingCert->common_name,
+                subjectAlternativeNames: $existingCert->subject_alternative_names ?? [],
+                resourceType: $existingCert->resource_type,
+                resourceId: $existingCert->resource_id,
+                serverId: $existingCert->server_id,
+                caCert: $caCert->ssl_certificate,
+                caKey: $caCert->ssl_private_key,
+            );
+
+            $this->dispatch('success', 'SSL certificates have been regenerated. Please restart the database for changes to take effect.');
+        } catch (Exception $e) {
+            return handleError($e, $this);
+        }
+    }
+
     public function instantSave()
     {
         try {
diff --git a/resources/views/livewire/project/database/postgresql/general.blade.php b/resources/views/livewire/project/database/postgresql/general.blade.php
index ec29584fe..4ca4817ad 100644
--- a/resources/views/livewire/project/database/postgresql/general.blade.php
+++ b/resources/views/livewire/project/database/postgresql/general.blade.php
@@ -74,7 +74,39 @@
             @endif
         </div>
         <div class="flex flex-col gap-2">
-            <h3 class="py-2">SSL Configuration</h3>
+            <div class="flex items-center justify-between py-2">
+                <div class="flex flex-col gap-1">
+                    <h3>SSL Configuration</h3>
+                    @if($database->enable_ssl)
+                        @php
+                            $cert = \App\Models\SslCertificate::where('resource_type', $database->getMorphClass())
+                                ->where('resource_id', $database->id)
+                                ->first();
+                        @endphp
+                        @if($cert)
+                            <span class="text-sm">Valid until: 
+                                @if(now()->gt($cert->valid_until))
+                                    <span class="text-red-500">{{ $cert->valid_until->format('d.m.Y H:i:s') }} - Expired</span>
+                                @elseif(now()->addDays(30)->gt($cert->valid_until))
+                                    <span class="text-red-500">{{ $cert->valid_until->format('d.m.Y H:i:s') }} - Expiring soon</span>
+                                @else
+                                    <span>{{ $cert->valid_until->format('d.m.Y H:i:s') }}</span>
+                                @endif
+                            </span>
+                        @endif
+                    @endif
+                </div>
+                @if($database->enable_ssl)
+                    <x-modal-confirmation
+                        title="Regenerate SSL Certificates"
+                        buttonTitle="Regenerate SSL Certificates"
+                        :actions="['The SSL certificate of this database will be regenerated.','You must restart the database after regenerating the certificate to start using the new certificate.']"
+                        submitAction="regenerateSslCertificate"
+                        :confirmWithText="false"
+                        :confirmWithPassword="false"
+                    />
+                @endif
+            </div>
             <div class="flex flex-col gap-2">
                 <x-forms.checkbox id="database.enable_ssl" label="Enable SSL" wire:model.live="database.enable_ssl" instantSave="instantSaveSSL" />
                 @if($database->enable_ssl)

From fd5b7492f810424e3841d6644d871fe5e26f20f5 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Mon, 3 Feb 2025 23:21:09 +0100
Subject: [PATCH 040/145] chore(ui): improve valid until handling

---
 .../Project/Database/Postgresql/General.php   | 16 +++---
 .../database/postgresql/general.blade.php     | 49 +++++++++----------
 2 files changed, 32 insertions(+), 33 deletions(-)

diff --git a/app/Livewire/Project/Database/Postgresql/General.php b/app/Livewire/Project/Database/Postgresql/General.php
index e52d8d65e..f0e3d064e 100644
--- a/app/Livewire/Project/Database/Postgresql/General.php
+++ b/app/Livewire/Project/Database/Postgresql/General.php
@@ -25,6 +25,8 @@ class General extends Component
 
     public ?string $db_url_public = null;
 
+    public $certificateValidUntil = null;
+
     public function getListeners()
     {
         return [
@@ -78,6 +80,14 @@ class General extends Component
         $this->db_url = $this->database->internal_db_url;
         $this->db_url_public = $this->database->external_db_url;
         $this->server = data_get($this->database, 'destination.server');
+
+        $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass())
+            ->where('resource_id', $this->database->id)
+            ->first();
+
+        if ($existingCert) {
+            $this->certificateValidUntil = $existingCert->valid_until;
+        }
     }
 
     public function instantSaveAdvanced()
@@ -112,12 +122,6 @@ class General extends Component
     public function regenerateSslCertificate()
     {
         try {
-            if (! $this->database->enable_ssl) {
-                $this->dispatch('error', 'SSL is not enabled for this database.');
-
-                return;
-            }
-
             $server = $this->database->destination->server;
 
             $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass())
diff --git a/resources/views/livewire/project/database/postgresql/general.blade.php b/resources/views/livewire/project/database/postgresql/general.blade.php
index 4ca4817ad..8b9ca45f9 100644
--- a/resources/views/livewire/project/database/postgresql/general.blade.php
+++ b/resources/views/livewire/project/database/postgresql/general.blade.php
@@ -75,38 +75,33 @@
         </div>
         <div class="flex flex-col gap-2">
             <div class="flex items-center justify-between py-2">
-                <div class="flex flex-col gap-1">
+                <div class="flex items-center justify-between w-full">
                     <h3>SSL Configuration</h3>
                     @if($database->enable_ssl)
-                        @php
-                            $cert = \App\Models\SslCertificate::where('resource_type', $database->getMorphClass())
-                                ->where('resource_id', $database->id)
-                                ->first();
-                        @endphp
-                        @if($cert)
-                            <span class="text-sm">Valid until: 
-                                @if(now()->gt($cert->valid_until))
-                                    <span class="text-red-500">{{ $cert->valid_until->format('d.m.Y H:i:s') }} - Expired</span>
-                                @elseif(now()->addDays(30)->gt($cert->valid_until))
-                                    <span class="text-red-500">{{ $cert->valid_until->format('d.m.Y H:i:s') }} - Expiring soon</span>
-                                @else
-                                    <span>{{ $cert->valid_until->format('d.m.Y H:i:s') }}</span>
-                                @endif
-                            </span>
-                        @endif
+                        <x-modal-confirmation
+                            title="Regenerate SSL Certificates"
+                            buttonTitle="Regenerate SSL Certificates"
+                            :actions="['The SSL certificate of this database will be regenerated.','You must restart the database after regenerating the certificate to start using the new certificate.']"
+                            submitAction="regenerateSslCertificate"
+                            :confirmWithText="false"
+                            :confirmWithPassword="false"
+                        />
                     @endif
                 </div>
-                @if($database->enable_ssl)
-                    <x-modal-confirmation
-                        title="Regenerate SSL Certificates"
-                        buttonTitle="Regenerate SSL Certificates"
-                        :actions="['The SSL certificate of this database will be regenerated.','You must restart the database after regenerating the certificate to start using the new certificate.']"
-                        submitAction="regenerateSslCertificate"
-                        :confirmWithText="false"
-                        :confirmWithPassword="false"
-                    />
-                @endif
             </div>
+            @if($database->enable_ssl)
+                <span class="text-sm">Valid until: 
+                @if(now()->gt($certificateValidUntil))
+                    <span class="text-red-500">{{ $certificateValidUntil->format('d.m.Y H:i:s') }} - Expired</span>
+                @elseif(now()->addDays(30)->gt($certificateValidUntil))
+                    <span class="text-red-500">{{ $certificateValidUntil->format('d.m.Y H:i:s') }} - Expiring soon</span>
+                @else
+                    <span>{{ $certificateValidUntil->format('d.m.Y H:i:s') }}</span>
+                @endif
+                </span>
+            @endif
+        </div>
+        <div class="flex flex-col gap-2">
             <div class="flex flex-col gap-2">
                 <x-forms.checkbox id="database.enable_ssl" label="Enable SSL" wire:model.live="database.enable_ssl" instantSave="instantSaveSSL" />
                 @if($database->enable_ssl)

From c3a440a64e238b42714aab7fa99504848348f6a3 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Tue, 4 Feb 2025 14:37:35 +0100
Subject: [PATCH 041/145] fix(ui): certificate expiration data is null before
 starting the DB

---
 .../livewire/project/database/postgresql/general.blade.php      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/resources/views/livewire/project/database/postgresql/general.blade.php b/resources/views/livewire/project/database/postgresql/general.blade.php
index 8b9ca45f9..357f7ae99 100644
--- a/resources/views/livewire/project/database/postgresql/general.blade.php
+++ b/resources/views/livewire/project/database/postgresql/general.blade.php
@@ -89,7 +89,7 @@
                     @endif
                 </div>
             </div>
-            @if($database->enable_ssl)
+            @if($database->enable_ssl && $certificateValidUntil)
                 <span class="text-sm">Valid until: 
                 @if(now()->gt($certificateValidUntil))
                     <span class="text-red-500">{{ $certificateValidUntil->format('d.m.Y H:i:s') }} - Expired</span>

From 6de76ca3f839b35982b51eb88013af851c4133ad Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Tue, 4 Feb 2025 15:32:56 +0100
Subject: [PATCH 042/145] fix(deletion): fix DB deletion

- delete file mounts, volume mounts, envs, ssl crts, backups and detach tags correctly when deleting
---
 app/Jobs/DeleteResourceJob.php       | 19 ++++++++++++++-----
 app/Models/LocalPersistentVolume.php |  5 -----
 app/Models/SslCertificate.php        | 14 ++++++++++++--
 app/Models/StandalonePostgresql.php  | 27 ++++++++++++++++-----------
 4 files changed, 42 insertions(+), 23 deletions(-)

diff --git a/app/Jobs/DeleteResourceJob.php b/app/Jobs/DeleteResourceJob.php
index 8b9228e5f..9fd46db77 100644
--- a/app/Jobs/DeleteResourceJob.php
+++ b/app/Jobs/DeleteResourceJob.php
@@ -66,12 +66,9 @@ class DeleteResourceJob implements ShouldBeEncrypted, ShouldQueue
             }
 
             if ($this->deleteVolumes && $this->resource->type() !== 'service') {
-                $this->resource?->delete_volumes($persistentStorages);
+                $this->resource->delete_volumes($persistentStorages);
+                $this->resource->persistentStorages()->delete();
             }
-            if ($this->deleteConfigurations) {
-                $this->resource?->delete_configurations();
-            }
-
             $isDatabase = $this->resource instanceof StandalonePostgresql
                 || $this->resource instanceof StandaloneRedis
                 || $this->resource instanceof StandaloneMongodb
@@ -80,6 +77,18 @@ class DeleteResourceJob implements ShouldBeEncrypted, ShouldQueue
                 || $this->resource instanceof StandaloneKeydb
                 || $this->resource instanceof StandaloneDragonfly
                 || $this->resource instanceof StandaloneClickhouse;
+
+            if ($this->deleteConfigurations) {
+                $this->resource->delete_configurations(); // rename to FileStorages
+                $this->resource->fileStorages()->delete();
+            }
+            if ($isDatabase) {
+                $this->resource->sslCertificates()->delete();
+                $this->resource->scheduledBackups()->delete();
+                $this->resource->environment_variables()->delete();
+                $this->resource->tags()->detach();
+            }
+
             $server = data_get($this->resource, 'server') ?? data_get($this->resource, 'destination.server');
             if (($this->dockerCleanup || $isDatabase) && $server) {
                 CleanupDocker::dispatch($server, true);
diff --git a/app/Models/LocalPersistentVolume.php b/app/Models/LocalPersistentVolume.php
index 68e476365..b5dfd9663 100644
--- a/app/Models/LocalPersistentVolume.php
+++ b/app/Models/LocalPersistentVolume.php
@@ -24,11 +24,6 @@ class LocalPersistentVolume extends Model
         return $this->morphTo('resource');
     }
 
-    public function standalone_postgresql()
-    {
-        return $this->morphTo('resource');
-    }
-
     protected function name(): Attribute
     {
         return Attribute::make(
diff --git a/app/Models/SslCertificate.php b/app/Models/SslCertificate.php
index 54a997dfb..7298afd6c 100644
--- a/app/Models/SslCertificate.php
+++ b/app/Models/SslCertificate.php
@@ -25,9 +25,19 @@ class SslCertificate extends Model
         'valid_until' => 'datetime',
     ];
 
-    public function resource()
+    public function application()
     {
-        return $this->morphTo();
+        return $this->morphTo('resource');
+    }
+
+    public function service()
+    {
+        return $this->morphTo('resource');
+    }
+
+    public function database()
+    {
+        return $this->morphTo('resource');
     }
 
     public function server()
diff --git a/app/Models/StandalonePostgresql.php b/app/Models/StandalonePostgresql.php
index b4b7ca59f..51b9d2c31 100644
--- a/app/Models/StandalonePostgresql.php
+++ b/app/Models/StandalonePostgresql.php
@@ -259,11 +259,21 @@ class StandalonePostgresql extends BaseModel
         return $this->belongsTo(Environment::class);
     }
 
+    public function persistentStorages()
+    {
+        return $this->morphMany(LocalPersistentVolume::class, 'resource');
+    }
+
     public function fileStorages()
     {
         return $this->morphMany(LocalFileVolume::class, 'resource');
     }
 
+    public function sslCertificates()
+    {
+        return $this->morphMany(SslCertificate::class, 'resource');
+    }
+
     public function destination()
     {
         return $this->morphTo();
@@ -274,16 +284,17 @@ class StandalonePostgresql extends BaseModel
         return $this->morphMany(EnvironmentVariable::class, 'resourceable');
     }
 
-    public function persistentStorages()
-    {
-        return $this->morphMany(LocalPersistentVolume::class, 'resource');
-    }
-
     public function scheduledBackups()
     {
         return $this->morphMany(ScheduledDatabaseBackup::class, 'database');
     }
 
+    public function environment_variables()
+    {
+        return $this->morphMany(EnvironmentVariable::class, 'resourceable')
+            ->orderBy('key', 'asc');
+    }
+
     public function isBackupSolutionAvailable()
     {
         return true;
@@ -332,10 +343,4 @@ class StandalonePostgresql extends BaseModel
 
         return $parsedCollection->toArray();
     }
-
-    public function environment_variables()
-    {
-        return $this->morphMany(EnvironmentVariable::class, 'resourceable')
-            ->orderBy('key', 'asc');
-    }
 }

From 3c62130e869e28adb174eec936a608350956e83f Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Tue, 4 Feb 2025 16:34:24 +0100
Subject: [PATCH 043/145] fix(ssl): improve SSL cert file mounts

- If SSL is disabled, delete the SSL crt and file mounts in the DB
- If SSL is disabled, delete the SSL folder
- If SSL is enabled, make sure the file mounts are added inside the helper
- remove old file mounts first to make sure the ssl crt content is always up to date and no duplicates are added
---
 app/Actions/Database/StartPostgresql.php      | 50 +++++++++----------
 app/Helpers/SslHelper.php                     | 46 ++++++++++++++++-
 .../Project/Database/Postgresql/General.php   |  1 +
 app/Models/SslCertificate.php                 |  1 +
 ...7_153741_create_ssl_certificates_table.php |  1 +
 5 files changed, 71 insertions(+), 28 deletions(-)

diff --git a/app/Actions/Database/StartPostgresql.php b/app/Actions/Database/StartPostgresql.php
index 7036b1a31..29780f164 100644
--- a/app/Actions/Database/StartPostgresql.php
+++ b/app/Actions/Database/StartPostgresql.php
@@ -36,12 +36,33 @@ class StartPostgresql
             "echo 'Creating directories.'",
             "mkdir -p $this->configuration_dir",
             "mkdir -p $this->configuration_dir/docker-entrypoint-initdb.d/",
-            "mkdir -p $this->configuration_dir/ssl",
             "echo 'Directories created successfully.'",
         ];
 
-        if ($this->database->enable_ssl) {
+        if (! $this->database->enable_ssl) {
+            $this->commands[] = "rm -rf $this->configuration_dir/ssl";
+
+            SslCertificate::where('resource_type', $this->database->getMorphClass())
+                ->where('resource_id', $this->database->id)
+                ->delete();
+
+            $this->database->fileStorages()
+                ->where('resource_type', $this->database->getMorphClass())
+                ->where('resource_id', $this->database->id)
+                ->get()
+                ->filter(function ($storage) {
+                    return in_array($storage->mount_path, [
+                        '/var/lib/postgresql/certs/server.crt',
+                        '/var/lib/postgresql/certs/server.key',
+                    ]);
+                })
+                ->each(function ($storage) {
+                    $storage->delete();
+                });
+        } else {
             $this->commands[] = "echo 'Setting up SSL for this database.'";
+            $this->commands[] = "rm -rf $this->configuration_dir/ssl";
+            $this->commands[] = "mkdir -p $this->configuration_dir/ssl";
             $server = $this->database->destination->server;
 
             $caCert = SslCertificate::where('server_id', $server->id)->firstOrFail();
@@ -57,8 +78,8 @@ class StartPostgresql
                     serverId: $server->id,
                     caCert: $caCert->ssl_certificate,
                     caKey: $caCert->ssl_private_key,
+                    configurationDir: $this->configuration_dir,
                 );
-                $this->addSslFilesToFileStorage();
             }
         }
 
@@ -300,27 +321,4 @@ class StartPostgresql
         $content_base64 = base64_encode($content);
         $this->commands[] = "echo '{$content_base64}' | base64 -d | tee $config_file_path > /dev/null";
     }
-
-    private function addSslFilesToFileStorage()
-    {
-        if (! $this->ssl_certificate) {
-            return;
-        }
-
-        $this->database->fileStorages()->create([
-            'fs_path' => $this->configuration_dir.'/ssl/server.crt',
-            'mount_path' => '/var/lib/postgresql/certs/server.crt',
-            'content' => $this->ssl_certificate->ssl_certificate,
-            'is_directory' => false,
-            'chmod' => '644',
-        ]);
-
-        $this->database->fileStorages()->create([
-            'fs_path' => $this->configuration_dir.'/ssl/server.key',
-            'mount_path' => '/var/lib/postgresql/certs/server.key',
-            'content' => $this->ssl_certificate->ssl_private_key,
-            'is_directory' => false,
-            'chmod' => '600',
-        ]);
-    }
 }
diff --git a/app/Helpers/SslHelper.php b/app/Helpers/SslHelper.php
index ffa2279e8..960c90a1b 100644
--- a/app/Helpers/SslHelper.php
+++ b/app/Helpers/SslHelper.php
@@ -23,7 +23,8 @@ class SslHelper
         int $validityDays = 365,
         ?string $caCert = null,
         ?string $caKey = null,
-        bool $isCaCertificate = false
+        bool $isCaCertificate = false,
+        ?string $configurationDir = null
     ): SslCertificate {
 
         try {
@@ -101,17 +102,58 @@ class SslHelper
                 ->where('server_id', $serverId)
                 ->delete();
 
-            return SslCertificate::create([
+            $sslCertificate = SslCertificate::create([
                 'ssl_certificate' => $certificateStr,
                 'ssl_private_key' => $privateKeyStr,
                 'resource_type' => $resourceType,
                 'resource_id' => $resourceId,
                 'server_id' => $serverId,
+                'configuration_dir' => $configurationDir,
                 'valid_until' => CarbonImmutable::now()->addDays($validityDays),
                 'is_ca_certificate' => $isCaCertificate,
                 'common_name' => $commonName,
                 'subject_alternative_names' => $subjectAlternativeNames,
             ]);
+
+            if ($configurationDir && $resourceType && $resourceId) {
+                $model = app($resourceType)->find($resourceId);
+
+                $model->fileStorages()
+                    ->where('resource_type', $model->getMorphClass())
+                    ->where('resource_id', $model->id)
+                    ->get()
+                    ->filter(function ($storage) {
+                        return in_array($storage->mount_path, [
+                            '/var/lib/postgresql/certs/server.crt',
+                            '/var/lib/postgresql/certs/server.key',
+                        ]);
+                    })
+                    ->each(function ($storage) {
+                        $storage->delete();
+                    });
+
+                $model->fileStorages()->create([
+                    'fs_path' => $configurationDir.'/ssl/server.crt',
+                    'mount_path' => '/var/lib/postgresql/certs/server.crt',
+                    'content' => $certificateStr,
+                    'is_directory' => false,
+                    'chmod' => '644',
+                    'resource_type' => $resourceType,
+                    'resource_id' => $resourceId,
+                ]);
+
+                $model->fileStorages()->create([
+                    'fs_path' => $configurationDir.'/ssl/server.key',
+                    'mount_path' => '/var/lib/postgresql/certs/server.key',
+                    'content' => $privateKeyStr,
+                    'is_directory' => false,
+                    'chmod' => '600',
+                    'resource_type' => $resourceType,
+                    'resource_id' => $resourceId,
+                ]);
+            }
+
+            return $sslCertificate;
         } catch (\Throwable $e) {
             throw new \RuntimeException('SSL Certificate generation failed: '.$e->getMessage(), 0, $e);
         }
diff --git a/app/Livewire/Project/Database/Postgresql/General.php b/app/Livewire/Project/Database/Postgresql/General.php
index f0e3d064e..cb8cefc76 100644
--- a/app/Livewire/Project/Database/Postgresql/General.php
+++ b/app/Livewire/Project/Database/Postgresql/General.php
@@ -144,6 +144,7 @@ class General extends Component
                 serverId: $existingCert->server_id,
                 caCert: $caCert->ssl_certificate,
                 caKey: $caCert->ssl_private_key,
+                configurationDir: $existingCert->configuration_dir,
             );
 
             $this->dispatch('success', 'SSL certificates have been regenerated. Please restart the database for changes to take effect.');
diff --git a/app/Models/SslCertificate.php b/app/Models/SslCertificate.php
index 7298afd6c..cf9395a5d 100644
--- a/app/Models/SslCertificate.php
+++ b/app/Models/SslCertificate.php
@@ -9,6 +9,7 @@ class SslCertificate extends Model
     protected $fillable = [
         'ssl_certificate',
         'ssl_private_key',
+        'configuration_dir',
         'resource_type',
         'resource_id',
         'server_id',
diff --git a/database/migrations/2025_01_27_153741_create_ssl_certificates_table.php b/database/migrations/2025_01_27_153741_create_ssl_certificates_table.php
index 023482055..1e7da5eb0 100644
--- a/database/migrations/2025_01_27_153741_create_ssl_certificates_table.php
+++ b/database/migrations/2025_01_27_153741_create_ssl_certificates_table.php
@@ -12,6 +12,7 @@ return new class extends Migration
             $table->id();
             $table->text('ssl_certificate');
             $table->text('ssl_private_key');
+            $table->text('configuration_dir')->nullable();
             $table->string('resource_type')->nullable();
             $table->unsignedBigInteger('resource_id')->nullable();
             $table->unsignedBigInteger('server_id');

From da148f93a6d1b5b331f9f0e4e3aed9436070fb2c Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Tue, 4 Feb 2025 16:55:36 +0100
Subject: [PATCH 044/145] feat(ssl): regenerate CA cert and all other certs
 logic

---
 app/Jobs/RegenerateSslCertJob.php |  3 +-
 app/Livewire/Server/Advanced.php  | 98 +++++++++++++++++++++++++++++++
 2 files changed, 100 insertions(+), 1 deletion(-)

diff --git a/app/Jobs/RegenerateSslCertJob.php b/app/Jobs/RegenerateSslCertJob.php
index 387408b89..a623f696c 100644
--- a/app/Jobs/RegenerateSslCertJob.php
+++ b/app/Jobs/RegenerateSslCertJob.php
@@ -51,7 +51,8 @@ class RegenerateSslCertJob implements ShouldQueue
                     resourceType: $certificate->resource_type,
                     resourceId: $certificate->resource_id,
                     serverId: $certificate->server_id,
-                    validityDays: 365
+                    validityDays: 365,
+                    configurationDir: $certificate->configuration_dir,
                 );
                 $regenerated->push($certificate);
             } catch (\Exception $e) {
diff --git a/app/Livewire/Server/Advanced.php b/app/Livewire/Server/Advanced.php
index b269c916f..195b54d18 100644
--- a/app/Livewire/Server/Advanced.php
+++ b/app/Livewire/Server/Advanced.php
@@ -2,7 +2,10 @@
 
 namespace App\Livewire\Server;
 
+use App\Helpers\SslHelper;
+use App\Jobs\RegenerateSslCertJob;
 use App\Models\Server;
+use App\Models\SslCertificate;
 use Livewire\Attributes\Validate;
 use Livewire\Component;
 
@@ -10,6 +13,14 @@ class Advanced extends Component
 {
     public Server $server;
 
+    public ?SslCertificate $caCertificate = null;
+
+    public $showCertificate = false;
+
+    public $certificateContent = '';
+
+    public $certificateValidUntil = null;
+
     public array $parameters = [];
 
     #[Validate(['string'])]
@@ -30,11 +41,98 @@ class Advanced extends Component
             $this->server = Server::ownedByCurrentTeam()->whereUuid($server_uuid)->firstOrFail();
             $this->parameters = get_route_parameters();
             $this->syncData();
+            $this->loadCaCertificate();
         } catch (\Throwable) {
             return redirect()->route('server.index');
         }
     }
 
+    public function loadCaCertificate()
+    {
+        $this->caCertificate = SslCertificate::where('server_id', $this->server->id)
+            ->where('resource_type', null)
+            ->where('resource_id', null)
+            ->first();
+
+        if ($this->caCertificate) {
+            $this->certificateContent = $this->caCertificate->ssl_certificate;
+            $this->certificateValidUntil = $this->caCertificate->valid_until;
+        }
+    }
+
+    public function toggleCertificate()
+    {
+        $this->showCertificate = ! $this->showCertificate;
+    }
+
+    public function saveCaCertificate()
+    {
+        try {
+            if (! $this->certificateContent) {
+                throw new \Exception('Certificate content cannot be empty.');
+            }
+
+            if (! openssl_x509_read($this->certificateContent)) {
+                throw new \Exception('Invalid certificate format.');
+            }
+
+            if ($this->caCertificate) {
+                $this->caCertificate->ssl_certificate = $this->certificateContent;
+                $this->caCertificate->save();
+
+                $this->writeCertificateToServer();
+
+                dispatch(new RegenerateSslCertJob(
+                    server_id: $this->server->id,
+                    force_regeneration: true
+                ));
+            }
+            $this->dispatch('success', 'CA Certificate saved successfully.');
+        } catch (\Throwable $e) {
+            return handleError($e, $this);
+        }
+    }
+
+    public function regenerateCaCertificate()
+    {
+        try {
+            $caCert = SslHelper::generateSslCertificate(
+                commonName: 'Coolify CA Certificate',
+                serverId: $this->server->id,
+                isCaCertificate: true,
+                validityDays: 15 * 365
+            );
+
+            $this->writeCertificateToServer();
+
+            dispatch(new RegenerateSslCertJob(
+                server_id: $this->server->id,
+                force_regeneration: true
+            ));
+
+            $this->loadCaCertificate();
+            $this->dispatch('success', 'CA Certificate regenerated successfully.');
+        } catch (\Throwable $e) {
+            return handleError($e, $this);
+        }
+    }
+
+    private function writeCertificateToServer()
+    {
+        $serverCertPath = config('constants.coolify.base_config_path').'/ssl/';
+
+        $commands = collect([
+            "mkdir -p $serverCertPath",
+            "chown -R 9999:root $serverCertPath",
+            "chmod -R 700 $serverCertPath",
+            "rm -f $serverCertPath/coolify-ca.crt",
+            "echo '{$this->caCertificate->ssl_certificate}' > $serverCertPath/coolify-ca.crt",
+            "chmod 644 $serverCertPath/coolify-ca.crt",
+        ]);
+
+        remote_process($commands, $this->server);
+    }
+
     public function syncData(bool $toModel = false)
     {
         if ($toModel) {

From d6a39f2ed32694db6f392b172610b140b2d3e3bd Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Tue, 4 Feb 2025 16:57:40 +0100
Subject: [PATCH 045/145] fix(ssl): always create ca crt on disk even if it is
 already there

---
 app/Actions/Server/InstallDocker.php | 12 ++++++------
 app/Livewire/Server/Advanced.php     | 16 ++++++++--------
 database/seeders/CaSslCertSeeder.php | 28 +++++++++++++++-------------
 3 files changed, 29 insertions(+), 27 deletions(-)

diff --git a/app/Actions/Server/InstallDocker.php b/app/Actions/Server/InstallDocker.php
index 2c07950f0..7c681e22c 100644
--- a/app/Actions/Server/InstallDocker.php
+++ b/app/Actions/Server/InstallDocker.php
@@ -27,14 +27,14 @@ class InstallDocker
                 isCaCertificate: true,
                 validityDays: 15 * 365
             );
-            $serverCertPath = config('constants.coolify.base_config_path').'/ssl/';
+            $caCertPath = config('constants.coolify.base_config_path').'/ssl/';
 
             $commands = collect([
-                "mkdir -p $serverCertPath",
-                "chown -R 9999:root $serverCertPath",
-                "chmod -R 700 $serverCertPath",
-                "echo '{$serverCert->ssl_certificate}' > $serverCertPath/coolify-ca.crt",
-                "chmod 644 $serverCertPath/coolify-ca.crt",
+                "mkdir -p $caCertPath",
+                "chown -R 9999:root $caCertPath",
+                "chmod -R 700 $caCertPath",
+                "echo '{$serverCert->ssl_certificate}' > $caCertPath/coolify-ca.crt",
+                "chmod 644 $caCertPath/coolify-ca.crt",
             ]);
             remote_process($commands, $server);
         }
diff --git a/app/Livewire/Server/Advanced.php b/app/Livewire/Server/Advanced.php
index 195b54d18..4390d691e 100644
--- a/app/Livewire/Server/Advanced.php
+++ b/app/Livewire/Server/Advanced.php
@@ -96,7 +96,7 @@ class Advanced extends Component
     public function regenerateCaCertificate()
     {
         try {
-            $caCert = SslHelper::generateSslCertificate(
+            SslHelper::generateSslCertificate(
                 commonName: 'Coolify CA Certificate',
                 serverId: $this->server->id,
                 isCaCertificate: true,
@@ -119,15 +119,15 @@ class Advanced extends Component
 
     private function writeCertificateToServer()
     {
-        $serverCertPath = config('constants.coolify.base_config_path').'/ssl/';
+        $caCertPath = config('constants.coolify.base_config_path').'/ssl/';
 
         $commands = collect([
-            "mkdir -p $serverCertPath",
-            "chown -R 9999:root $serverCertPath",
-            "chmod -R 700 $serverCertPath",
-            "rm -f $serverCertPath/coolify-ca.crt",
-            "echo '{$this->caCertificate->ssl_certificate}' > $serverCertPath/coolify-ca.crt",
-            "chmod 644 $serverCertPath/coolify-ca.crt",
+            "mkdir -p $caCertPath",
+            "chown -R 9999:root $caCertPath",
+            "chmod -R 700 $caCertPath",
+            "rm -f $caCertPath/coolify-ca.crt",
+            "echo '{$this->caCertificate->ssl_certificate}' > $caCertPath/coolify-ca.crt",
+            "chmod 644 $caCertPath/coolify-ca.crt",
         ]);
 
         remote_process($commands, $this->server);
diff --git a/database/seeders/CaSslCertSeeder.php b/database/seeders/CaSslCertSeeder.php
index 8e26bbdca..e3672d053 100644
--- a/database/seeders/CaSslCertSeeder.php
+++ b/database/seeders/CaSslCertSeeder.php
@@ -16,25 +16,27 @@ class CaSslCertSeeder extends Seeder
                 $existingCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first();
 
                 if (! $existingCert) {
-                    $serverCert = SslHelper::generateSslCertificate(
+                    $caCert = SslHelper::generateSslCertificate(
                         commonName: 'Coolify CA Certificate',
                         serverId: $server->id,
                         isCaCertificate: true,
                         validityDays: 15 * 365
                     );
-
-                    $serverCertPath = config('constants.coolify.base_config_path').'/ssl/';
-
-                    $commands = collect([
-                        "mkdir -p $serverCertPath",
-                        "chown -R 9999:root $serverCertPath",
-                        "chmod -R 700 $serverCertPath",
-                        "echo '{$serverCert->ssl_certificate}' > $serverCertPath/coolify-ca.crt",
-                        "chmod 644 $serverCertPath/coolify-ca.crt",
-                    ]);
-
-                    remote_process($commands, $server);
+                } else {
+                    $caCert = $existingCert;
                 }
+                $caCertPath = config('constants.coolify.base_config_path').'/ssl/';
+
+                $commands = collect([
+                    "mkdir -p $caCertPath",
+                    "chown -R 9999:root $caCertPath",
+                    "chmod -R 700 $caCertPath",
+                    "rm -f $caCertPath/coolify-ca.crt",
+                    "echo '{$caCert->ssl_certificate}' > $caCertPath/coolify-ca.crt",
+                    "chmod 644 $caCertPath/coolify-ca.crt",
+                ]);
+
+                remote_process($commands, $server);
             }
         });
     }

From 3f857c6dac11ff2dafae3fea53baf2726e012497 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Tue, 4 Feb 2025 18:29:35 +0100
Subject: [PATCH 046/145] feat(ssl): Add full MySQL SSL Support

---
 app/Actions/Database/StartMysql.php           | 102 ++++++++++++++++--
 .../Project/Database/Mysql/General.php        |  62 +++++++++++
 app/Models/StandaloneMysql.php                |  22 +++-
 .../project/database/mysql/general.blade.php  |  44 ++++++++
 4 files changed, 218 insertions(+), 12 deletions(-)

diff --git a/app/Actions/Database/StartMysql.php b/app/Actions/Database/StartMysql.php
index 73db1512a..c122c8c6f 100644
--- a/app/Actions/Database/StartMysql.php
+++ b/app/Actions/Database/StartMysql.php
@@ -2,6 +2,8 @@
 
 namespace App\Actions\Database;
 
+use App\Helpers\SslHelper;
+use App\Models\SslCertificate;
 use App\Models\StandaloneMysql;
 use Lorisleiva\Actions\Concerns\AsAction;
 use Symfony\Component\Yaml\Yaml;
@@ -16,6 +18,8 @@ class StartMysql
 
     public string $configuration_dir;
 
+    private ?SslCertificate $ssl_certificate = null;
+
     public function handle(StandaloneMysql $database)
     {
         $this->database = $database;
@@ -25,9 +29,57 @@ class StartMysql
 
         $this->commands = [
             "echo 'Starting database.'",
+            "echo 'Creating directories.'",
             "mkdir -p $this->configuration_dir",
+            "echo 'Directories created successfully.'",
         ];
 
+        if (! $this->database->enable_ssl) {
+            $this->commands[] = "rm -rf $this->configuration_dir/ssl";
+
+            SslCertificate::where('resource_type', $this->database->getMorphClass())
+                ->where('resource_id', $this->database->id)
+                ->delete();
+
+            $this->database->fileStorages()
+                ->where('resource_type', $this->database->getMorphClass())
+                ->where('resource_id', $this->database->id)
+                ->get()
+                ->filter(function ($storage) {
+                    return in_array($storage->mount_path, [
+                        '/etc/mysql/certs/server.crt',
+                        '/etc/mysql/certs/server.key',
+                    ]);
+                })
+                ->each(function ($storage) {
+                    $storage->delete();
+                });
+        } else {
+            $this->commands[] = "echo 'Setting up SSL for this database.'";
+            $this->commands[] = "rm -rf $this->configuration_dir/ssl";
+            $this->commands[] = "mkdir -p $this->configuration_dir/ssl";
+            $server = $this->database->destination->server;
+            $caCert = SslCertificate::where('server_id', $server->id)->firstOrFail();
+
+            $this->ssl_certificate = SslCertificate::where('resource_type', $this->database->getMorphClass())
+                ->where('resource_id', $this->database->id)
+                ->first();
+
+            if (! $this->ssl_certificate) {
+                $this->commands[] = "echo 'No SSL certificate found, generating new SSL certificate for this database.'";
+                $this->ssl_certificate = SslHelper::generateSslCertificate(
+                    commonName: $this->database->uuid,
+                    resourceType: $this->database->getMorphClass(),
+                    resourceId: $this->database->id,
+                    serverId: $server->id,
+                    caCert: $caCert->ssl_certificate,
+                    caKey: $caCert->ssl_private_key,
+                    configurationDir: $this->configuration_dir,
+                    mountPath: '/etc/mysql/certs',
+                );
+            }
+        }
+
         $persistent_storages = $this->generate_local_persistent_volumes();
         $persistent_file_volumes = $this->database->fileStorages()->get();
         $volume_names = $this->generate_local_persistent_volumes_only_volume_names();
@@ -70,36 +122,61 @@ class StartMysql
         if (! is_null($this->database->limits_cpuset)) {
             data_set($docker_compose, "services.{$container_name}.cpuset", $this->database->limits_cpuset);
         }
+
         if ($this->database->destination->server->isLogDrainEnabled() && $this->database->isLogDrainEnabled()) {
             $docker_compose['services'][$container_name]['logging'] = generate_fluentd_configuration();
         }
+
         if (count($this->database->ports_mappings_array) > 0) {
             $docker_compose['services'][$container_name]['ports'] = $this->database->ports_mappings_array;
         }
+
+        $docker_compose['services'][$container_name]['volumes'] ??= [];
+
         if (count($persistent_storages) > 0) {
-            $docker_compose['services'][$container_name]['volumes'] = $persistent_storages;
+            $docker_compose['services'][$container_name]['volumes'] = array_merge(
+                $docker_compose['services'][$container_name]['volumes'] ?? [],
+                $persistent_storages
+            );
         }
         if (count($persistent_file_volumes) > 0) {
-            $docker_compose['services'][$container_name]['volumes'] = $persistent_file_volumes->map(function ($item) {
-                return "$item->fs_path:$item->mount_path";
-            })->toArray();
+            $docker_compose['services'][$container_name]['volumes'] = array_merge(
+                $docker_compose['services'][$container_name]['volumes'] ?? [],
+                $persistent_file_volumes->map(function ($item) {
+                    return "$item->fs_path:$item->mount_path";
+                })->toArray()
+            );
         }
         if (count($volume_names) > 0) {
             $docker_compose['volumes'] = $volume_names;
         }
         if (! is_null($this->database->mysql_conf) || ! empty($this->database->mysql_conf)) {
-            $docker_compose['services'][$container_name]['volumes'][] = [
-                'type' => 'bind',
-                'source' => $this->configuration_dir.'/custom-config.cnf',
-                'target' => '/etc/mysql/conf.d/custom-config.cnf',
-                'read_only' => true,
-            ];
+            $docker_compose['services'][$container_name]['volumes'] = array_merge(
+                $docker_compose['services'][$container_name]['volumes'] ?? [],
+                [
+                    [
+                        'type' => 'bind',
+                        'source' => $this->configuration_dir.'/custom-config.cnf',
+                        'target' => '/etc/mysql/conf.d/custom-config.cnf',
+                        'read_only' => true,
+                    ],
+                ]
+            );
         }
 
         // Add custom docker run options
         $docker_run_options = convertDockerRunToCompose($this->database->custom_docker_run_options);
         $docker_compose = generateCustomDockerRunOptionsForDatabases($docker_run_options, $docker_compose, $container_name, $this->database->destination->network);
 
+        if ($this->database->enable_ssl) {
+            $docker_compose['services'][$container_name]['command'] = [
+                'mysqld',
+                '--ssl-cert=/etc/mysql/certs/server.crt',
+                '--ssl-key=/etc/mysql/certs/server.key',
+                '--require-secure-transport=ON',
+            ];
+        }
+
         $docker_compose = Yaml::dump($docker_compose, 10);
         $docker_compose_base64 = base64_encode($docker_compose);
         $this->commands[] = "echo '{$docker_compose_base64}' | base64 -d | tee $this->configuration_dir/docker-compose.yml > /dev/null";
@@ -108,6 +185,11 @@ class StartMysql
         $this->commands[] = "echo 'Pulling {$database->image} image.'";
         $this->commands[] = "docker compose -f $this->configuration_dir/docker-compose.yml pull";
         $this->commands[] = "docker compose -f $this->configuration_dir/docker-compose.yml up -d";
+
+        if ($this->database->enable_ssl) {
+            $this->commands[] = executeInDocker($this->database->uuid, "chown {$this->database->mysql_user}:{$this->database->mysql_user} /etc/mysql/certs/server.crt /etc/mysql/certs/server.key");
+        }
+
         $this->commands[] = "echo 'Database started.'";
 
         return remote_process($this->commands, $database->destination->server, callEventOnFinish: 'DatabaseStatusChanged');
diff --git a/app/Livewire/Project/Database/Mysql/General.php b/app/Livewire/Project/Database/Mysql/General.php
index 7d5270ddf..9ae54e60a 100644
--- a/app/Livewire/Project/Database/Mysql/General.php
+++ b/app/Livewire/Project/Database/Mysql/General.php
@@ -4,7 +4,9 @@ namespace App\Livewire\Project\Database\Mysql;
 
 use App\Actions\Database\StartDatabaseProxy;
 use App\Actions\Database\StopDatabaseProxy;
+use App\Helpers\SslHelper;
 use App\Models\Server;
+use App\Models\SslCertificate;
 use App\Models\StandaloneMysql;
 use Exception;
 use Livewire\Component;
@@ -21,6 +23,8 @@ class General extends Component
 
     public ?string $db_url_public = null;
 
+    public $certificateValidUntil = null;
+
     protected $rules = [
         'database.name' => 'required',
         'database.description' => 'nullable',
@@ -35,6 +39,8 @@ class General extends Component
         'database.public_port' => 'nullable|integer',
         'database.is_log_drain_enabled' => 'nullable|boolean',
         'database.custom_docker_run_options' => 'nullable',
+        'database.enable_ssl' => 'boolean',
+        'database.ssl_mode' => 'nullable|string|in:PREFERRED,REQUIRED,VERIFY_CA,VERIFY_IDENTITY',
     ];
 
     protected $validationAttributes = [
@@ -50,6 +56,8 @@ class General extends Component
         'database.is_public' => 'Is Public',
         'database.public_port' => 'Public Port',
         'database.custom_docker_run_options' => 'Custom Docker Run Options',
+        'database.enable_ssl' => 'Enable SSL',
+        'database.ssl_mode' => 'SSL Mode',
     ];
 
     public function mount()
@@ -57,6 +65,14 @@ class General extends Component
         $this->db_url = $this->database->internal_db_url;
         $this->db_url_public = $this->database->external_db_url;
         $this->server = data_get($this->database, 'destination.server');
+
+        $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass())
+            ->where('resource_id', $this->database->id)
+            ->first();
+
+        if ($existingCert) {
+            $this->certificateValidUntil = $existingCert->valid_until;
+        }
     }
 
     public function instantSaveAdvanced()
@@ -127,6 +143,52 @@ class General extends Component
         }
     }
 
+    public function instantSaveSSL()
+    {
+        try {
+            $this->database->enable_ssl = $this->database->enable_ssl;
+            $this->database->ssl_mode = $this->database->ssl_mode;
+            $this->database->save();
+            $this->dispatch('success', 'SSL configuration updated.');
+        } catch (Exception $e) {
+            return handleError($e, $this);
+        }
+    }
+
+    public function regenerateSslCertificate()
+    {
+        try {
+            $server = $this->database->destination->server;
+
+            $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass())
+                ->where('resource_id', $this->database->id)
+                ->first();
+
+            if (! $existingCert) {
+                $this->dispatch('error', 'No existing SSL certificate found for this database.');
+
+                return;
+            }
+
+            $caCert = SslCertificate::where('server_id', $server->id)->firstOrFail();
+
+            SslHelper::generateSslCertificate(
+                commonName: $existingCert->common_name,
+                subjectAlternativeNames: $existingCert->subject_alternative_names ?? [],
+                resourceType: $existingCert->resource_type,
+                resourceId: $existingCert->resource_id,
+                serverId: $existingCert->server_id,
+                caCert: $caCert->ssl_certificate,
+                caKey: $caCert->ssl_private_key,
+                configurationDir: $existingCert->configuration_dir,
+            );
+
+            $this->dispatch('success', 'SSL certificates have been regenerated. Please restart the database for changes to take effect.');
+        } catch (Exception $e) {
+            return handleError($e, $this);
+        }
+    }
+
     public function refresh(): void
     {
         $this->database->refresh();
diff --git a/app/Models/StandaloneMysql.php b/app/Models/StandaloneMysql.php
index 9ae0fdcae..1bd75995c 100644
--- a/app/Models/StandaloneMysql.php
+++ b/app/Models/StandaloneMysql.php
@@ -219,7 +219,17 @@ class StandaloneMysql extends BaseModel
     protected function internalDbUrl(): Attribute
     {
         return new Attribute(
-            get: fn () => "mysql://{$this->mysql_user}:{$this->mysql_password}@{$this->uuid}:3306/{$this->mysql_database}",
+            get: function () {
+                $url = "mysql://{$this->mysql_user}:{$this->mysql_password}@{$this->uuid}:3306/{$this->mysql_database}";
+                if ($this->enable_ssl) {
+                    $url .= "?ssl-mode={$this->ssl_mode}";
+                    if (in_array($this->ssl_mode, ['VERIFY_CA', 'VERIFY_IDENTITY'])) {
+                        $url .= '&ssl-ca=/etc/ssl/certs/coolify-ca.crt';
+                    }
+                }
+
+                return $url;
+            },
         );
     }
 
@@ -228,7 +238,15 @@ class StandaloneMysql extends BaseModel
         return new Attribute(
             get: function () {
                 if ($this->is_public && $this->public_port) {
-                    return "mysql://{$this->mysql_user}:{$this->mysql_password}@{$this->destination->server->getIp}:{$this->public_port}/{$this->mysql_database}";
+                    $url = "mysql://{$this->mysql_user}:{$this->mysql_password}@{$this->destination->server->getIp}:{$this->public_port}/{$this->mysql_database}";
+                    if ($this->enable_ssl) {
+                        $url .= "?ssl-mode={$this->ssl_mode}";
+                        if (in_array($this->ssl_mode, ['VERIFY_CA', 'VERIFY_IDENTITY'])) {
+                            $url .= '&ssl-ca=/etc/ssl/certs/coolify-ca.crt';
+                        }
+                    }
+
+                    return $url;
                 }
 
                 return null;
diff --git a/resources/views/livewire/project/database/mysql/general.blade.php b/resources/views/livewire/project/database/mysql/general.blade.php
index c4ac7221a..8da378399 100644
--- a/resources/views/livewire/project/database/mysql/general.blade.php
+++ b/resources/views/livewire/project/database/mysql/general.blade.php
@@ -65,6 +65,50 @@
                     type="password" readonly wire:model="db_url_public" />
             @endif
         </div>
+
+        <div class="flex flex-col gap-2">
+            <div class="flex items-center justify-between py-2">
+                <div class="flex items-center justify-between w-full">
+                    <h3>SSL Configuration</h3>
+                    @if($database->enable_ssl)
+                        <x-modal-confirmation
+                            title="Regenerate SSL Certificates"
+                            buttonTitle="Regenerate SSL Certificates"
+                            :actions="['The SSL certificate of this database will be regenerated.','You must restart the database after regenerating the certificate to start using the new certificate.']"
+                            submitAction="regenerateSslCertificate"
+                            :confirmWithText="false"
+                            :confirmWithPassword="false"
+                        />
+                    @endif
+                </div>
+            </div>
+            @if($database->enable_ssl && $certificateValidUntil)
+                <span class="text-sm">Valid until: 
+                @if(now()->gt($certificateValidUntil))
+                    <span class="text-red-500">{{ $certificateValidUntil->format('d.m.Y H:i:s') }} - Expired</span>
+                @elseif(now()->addDays(30)->gt($certificateValidUntil))
+                    <span class="text-red-500">{{ $certificateValidUntil->format('d.m.Y H:i:s') }} - Expiring soon</span>
+                @else
+                    <span>{{ $certificateValidUntil->format('d.m.Y H:i:s') }}</span>
+                @endif
+                </span>
+            @endif
+        </div>
+        <div class="flex flex-col gap-2">
+            <div class="flex flex-col gap-2">
+                <x-forms.checkbox id="database.enable_ssl" label="Enable SSL" wire:model.live="database.enable_ssl" instantSave="instantSaveSSL" />
+                @if($database->enable_ssl)
+                    <x-forms.select id="database.ssl_mode" label="SSL Mode" wire:model.live="database.ssl_mode" instantSave="instantSaveSSL"
+                        helper="Choose the SSL verification mode for MySQL connections">
+                        <option value="PREFERRED">PREFERRED</option>
+                        <option value="REQUIRED">REQUIRED</option>
+                        <option value="VERIFY_CA">VERIFY_CA</option>
+                        <option value="VERIFY_IDENTITY">VERIFY_IDENTITY</option>
+                    </x-forms.select>
+                @endif
+            </div>
+        </div>
+
         <div>
             <div class="flex flex-col py-2 w-64">
                 <div class="flex items-center gap-2 pb-2">

From 80fc7c7b97faa2d450cd8bc520438859bbf99b23 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Tue, 4 Feb 2025 18:31:09 +0100
Subject: [PATCH 047/145] fix(ssl): use mountPath parameter not a hardcoded
 path

---
 app/Actions/Database/StartPostgresql.php |  1 +
 app/Helpers/SslHelper.php                | 15 ++++++++-------
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/app/Actions/Database/StartPostgresql.php b/app/Actions/Database/StartPostgresql.php
index 29780f164..9ce953491 100644
--- a/app/Actions/Database/StartPostgresql.php
+++ b/app/Actions/Database/StartPostgresql.php
@@ -79,6 +79,7 @@ class StartPostgresql
                     caCert: $caCert->ssl_certificate,
                     caKey: $caCert->ssl_private_key,
                     configurationDir: $this->configuration_dir,
+                    mountPath: '/var/lib/postgresql/certs',
                 );
             }
         }
diff --git a/app/Helpers/SslHelper.php b/app/Helpers/SslHelper.php
index 960c90a1b..b410cb4f8 100644
--- a/app/Helpers/SslHelper.php
+++ b/app/Helpers/SslHelper.php
@@ -24,7 +24,8 @@ class SslHelper
         ?string $caCert = null,
         ?string $caKey = null,
         bool $isCaCertificate = false,
-        ?string $configurationDir = null
+        ?string $configurationDir = null,
+        ?string $mountPath = null
     ): SslCertificate {
 
         try {
@@ -115,17 +116,17 @@ class SslHelper
                 'subject_alternative_names' => $subjectAlternativeNames,
             ]);
 
-            if ($configurationDir && $resourceType && $resourceId) {
+            if ($configurationDir && $mountPath && $resourceType && $resourceId) {
                 $model = app($resourceType)->find($resourceId);
 
                 $model->fileStorages()
                     ->where('resource_type', $model->getMorphClass())
                     ->where('resource_id', $model->id)
                     ->get()
-                    ->filter(function ($storage) {
+                    ->filter(function ($storage) use ($mountPath) {
                         return in_array($storage->mount_path, [
-                            '/var/lib/postgresql/certs/server.crt',
-                            '/var/lib/postgresql/certs/server.key',
+                            $mountPath.'/server.crt',
+                            $mountPath.'/server.key',
                         ]);
                     })
                     ->each(function ($storage) {
@@ -134,7 +135,7 @@ class SslHelper
 
                 $model->fileStorages()->create([
                     'fs_path' => $configurationDir.'/ssl/server.crt',
-                    'mount_path' => '/var/lib/postgresql/certs/server.crt',
+                    'mount_path' => $mountPath.'/server.crt',
                     'content' => $certificateStr,
                     'is_directory' => false,
                     'chmod' => '644',
@@ -144,7 +145,7 @@ class SslHelper
 
                 $model->fileStorages()->create([
                     'fs_path' => $configurationDir.'/ssl/server.key',
-                    'mount_path' => '/var/lib/postgresql/certs/server.key',
+                    'mount_path' => $mountPath.'/server.key',
                     'content' => $privateKeyStr,
                     'is_directory' => false,
                     'chmod' => '600',

From 8f2b45c8b501ef4bc0245207856e47aa980f2ea6 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Tue, 4 Feb 2025 20:52:23 +0100
Subject: [PATCH 048/145] fix(ssl): use 1 instead of on for mysql

---
 app/Actions/Database/StartMysql.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Actions/Database/StartMysql.php b/app/Actions/Database/StartMysql.php
index c122c8c6f..88fcfe911 100644
--- a/app/Actions/Database/StartMysql.php
+++ b/app/Actions/Database/StartMysql.php
@@ -173,7 +173,7 @@ class StartMysql
                 'mysqld',
                 '--ssl-cert=/etc/mysql/certs/server.crt',
                 '--ssl-key=/etc/mysql/certs/server.key',
-                '--require-secure-transport=ON',
+                '--require-secure-transport=1',
             ];
         }
 

From e81ed1aad8813c574c1d6bfff545ed5371f9a564 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Tue, 4 Feb 2025 21:08:20 +0100
Subject: [PATCH 049/145] feat(ssl): Add full MariaDB SSL support

---
 app/Actions/Database/StartMariadb.php         | 109 +++++++++++++++---
 .../Project/Database/Mariadb/General.php      |  62 ++++++++++
 app/Models/StandaloneMariadb.php              |  22 +++-
 .../database/mariadb/general.blade.php        |  44 +++++++
 4 files changed, 221 insertions(+), 16 deletions(-)

diff --git a/app/Actions/Database/StartMariadb.php b/app/Actions/Database/StartMariadb.php
index 299b07385..dd6f2d735 100644
--- a/app/Actions/Database/StartMariadb.php
+++ b/app/Actions/Database/StartMariadb.php
@@ -2,6 +2,8 @@
 
 namespace App\Actions\Database;
 
+use App\Helpers\SslHelper;
+use App\Models\SslCertificate;
 use App\Models\StandaloneMariadb;
 use Lorisleiva\Actions\Concerns\AsAction;
 use Symfony\Component\Yaml\Yaml;
@@ -16,6 +18,8 @@ class StartMariadb
 
     public string $configuration_dir;
 
+    private ?SslCertificate $ssl_certificate = null;
+
     public function handle(StandaloneMariadb $database)
     {
         $this->database = $database;
@@ -25,9 +29,57 @@ class StartMariadb
 
         $this->commands = [
             "echo 'Starting database.'",
+            "echo 'Creating directories.'",
             "mkdir -p $this->configuration_dir",
+            "echo 'Directories created successfully.'",
         ];
 
+        if (! $this->database->enable_ssl) {
+            $this->commands[] = "rm -rf $this->configuration_dir/ssl";
+
+            SslCertificate::where('resource_type', $this->database->getMorphClass())
+                ->where('resource_id', $this->database->id)
+                ->delete();
+
+            $this->database->fileStorages()
+                ->where('resource_type', $this->database->getMorphClass())
+                ->where('resource_id', $this->database->id)
+                ->get()
+                ->filter(function ($storage) {
+                    return in_array($storage->mount_path, [
+                        '/etc/mysql/certs/server.crt',
+                        '/etc/mysql/certs/server.key',
+                    ]);
+                })
+                ->each(function ($storage) {
+                    $storage->delete();
+                });
+        } else {
+            $this->commands[] = "echo 'Setting up SSL for this database.'";
+            $this->commands[] = "rm -rf $this->configuration_dir/ssl";
+            $this->commands[] = "mkdir -p $this->configuration_dir/ssl";
+            $server = $this->database->destination->server;
+            $caCert = SslCertificate::where('server_id', $server->id)->firstOrFail();
+
+            $this->ssl_certificate = SslCertificate::where('resource_type', $this->database->getMorphClass())
+                ->where('resource_id', $this->database->id)
+                ->first();
+
+            if (! $this->ssl_certificate) {
+                $this->commands[] = "echo 'No SSL certificate found, generating new SSL certificate for this database.'";
+                $this->ssl_certificate = SslHelper::generateSslCertificate(
+                    commonName: $this->database->uuid,
+                    resourceType: $this->database->getMorphClass(),
+                    resourceId: $this->database->id,
+                    serverId: $server->id,
+                    caCert: $caCert->ssl_certificate,
+                    caKey: $caCert->ssl_private_key,
+                    configurationDir: $this->configuration_dir,
+                    mountPath: '/etc/mysql/certs',
+                );
+            }
+        }
+
         $persistent_storages = $this->generate_local_persistent_volumes();
         $persistent_file_volumes = $this->database->fileStorages()->get();
         $volume_names = $this->generate_local_persistent_volumes_only_volume_names();
@@ -67,38 +119,64 @@ class StartMariadb
                 ],
             ],
         ];
+
         if (! is_null($this->database->limits_cpuset)) {
             data_set($docker_compose, "services.{$container_name}.cpuset", $this->database->limits_cpuset);
         }
+
         if ($this->database->destination->server->isLogDrainEnabled() && $this->database->isLogDrainEnabled()) {
             $docker_compose['services'][$container_name]['logging'] = generate_fluentd_configuration();
         }
+
         if (count($this->database->ports_mappings_array) > 0) {
             $docker_compose['services'][$container_name]['ports'] = $this->database->ports_mappings_array;
         }
-        if (count($persistent_storages) > 0) {
-            $docker_compose['services'][$container_name]['volumes'] = $persistent_storages;
-        }
-        if (count($persistent_file_volumes) > 0) {
-            $docker_compose['services'][$container_name]['volumes'] = $persistent_file_volumes->map(function ($item) {
-                return "$item->fs_path:$item->mount_path";
-            })->toArray();
-        }
+
         if (count($volume_names) > 0) {
             $docker_compose['volumes'] = $volume_names;
         }
+
+        $docker_compose['services'][$container_name]['volumes'] ??= [];
+
+        if (count($persistent_storages) > 0) {
+            $docker_compose['services'][$container_name]['volumes'] = array_merge(
+                $docker_compose['services'][$container_name]['volumes'],
+                $persistent_storages
+            );
+        }
+        if (count($persistent_file_volumes) > 0) {
+            $docker_compose['services'][$container_name]['volumes'] = array_merge(
+                $docker_compose['services'][$container_name]['volumes'],
+                $persistent_file_volumes->map(function ($item) {
+                    return "$item->fs_path:$item->mount_path";
+                })->toArray()
+            );
+        }
         if (! is_null($this->database->mariadb_conf) || ! empty($this->database->mariadb_conf)) {
-            $docker_compose['services'][$container_name]['volumes'][] = [
-                'type' => 'bind',
-                'source' => $this->configuration_dir.'/custom-config.cnf',
-                'target' => '/etc/mysql/conf.d/custom-config.cnf',
-                'read_only' => true,
-            ];
+            $docker_compose['services'][$container_name]['volumes'] = array_merge(
+                $docker_compose['services'][$container_name]['volumes'],
+                [
+                    [
+                        'type' => 'bind',
+                        'source' => $this->configuration_dir.'/custom-config.cnf',
+                        'target' => '/etc/mysql/conf.d/custom-config.cnf',
+                        'read_only' => true,
+                    ],
+                ]
+            );
         }
 
         // Add custom docker run options
         $docker_run_options = convertDockerRunToCompose($this->database->custom_docker_run_options);
         $docker_compose = generateCustomDockerRunOptionsForDatabases($docker_run_options, $docker_compose, $container_name, $this->database->destination->network);
+        if ($this->database->enable_ssl) {
+            $docker_compose['services'][$container_name]['command'] = [
+                'mysqld',
+                '--ssl-cert=/etc/mysql/certs/server.crt',
+                '--ssl-key=/etc/mysql/certs/server.key',
+                '--require-secure-transport=1',
+            ];
+        }
 
         $docker_compose = Yaml::dump($docker_compose, 10);
         $docker_compose_base64 = base64_encode($docker_compose);
@@ -109,6 +187,9 @@ class StartMariadb
         $this->commands[] = "docker compose -f $this->configuration_dir/docker-compose.yml pull";
         $this->commands[] = "docker compose -f $this->configuration_dir/docker-compose.yml up -d";
         $this->commands[] = "echo 'Database started.'";
+        if ($this->database->enable_ssl) {
+            $this->commands[] = executeInDocker($this->database->uuid, 'chown mariadb:mariadb /etc/mysql/certs/server.crt /etc/mysql/certs/server.key');
+        }
 
         return remote_process($this->commands, $database->destination->server, callEventOnFinish: 'DatabaseStatusChanged');
     }
diff --git a/app/Livewire/Project/Database/Mariadb/General.php b/app/Livewire/Project/Database/Mariadb/General.php
index c9d473223..ac6e79140 100644
--- a/app/Livewire/Project/Database/Mariadb/General.php
+++ b/app/Livewire/Project/Database/Mariadb/General.php
@@ -4,7 +4,9 @@ namespace App\Livewire\Project\Database\Mariadb;
 
 use App\Actions\Database\StartDatabaseProxy;
 use App\Actions\Database\StopDatabaseProxy;
+use App\Helpers\SslHelper;
 use App\Models\Server;
+use App\Models\SslCertificate;
 use App\Models\StandaloneMariadb;
 use Exception;
 use Livewire\Component;
@@ -21,6 +23,8 @@ class General extends Component
 
     public ?string $db_url_public = null;
 
+    public $certificateValidUntil = null;
+
     protected $rules = [
         'database.name' => 'required',
         'database.description' => 'nullable',
@@ -35,6 +39,8 @@ class General extends Component
         'database.public_port' => 'nullable|integer',
         'database.is_log_drain_enabled' => 'nullable|boolean',
         'database.custom_docker_run_options' => 'nullable',
+        'database.enable_ssl' => 'boolean',
+        'database.ssl_mode' => 'nullable|string|in:PREFERRED,REQUIRED,VERIFY_CA,VERIFY_IDENTITY',
     ];
 
     protected $validationAttributes = [
@@ -50,6 +56,8 @@ class General extends Component
         'database.is_public' => 'Is Public',
         'database.public_port' => 'Public Port',
         'database.custom_docker_run_options' => 'Custom Docker Options',
+        'database.enable_ssl' => 'Enable SSL',
+        'database.ssl_mode' => 'SSL Mode',
     ];
 
     public function mount()
@@ -57,6 +65,14 @@ class General extends Component
         $this->db_url = $this->database->internal_db_url;
         $this->db_url_public = $this->database->external_db_url;
         $this->server = data_get($this->database, 'destination.server');
+
+        $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass())
+            ->where('resource_id', $this->database->id)
+            ->first();
+
+        if ($existingCert) {
+            $this->certificateValidUntil = $existingCert->valid_until;
+        }
     }
 
     public function instantSaveAdvanced()
@@ -127,6 +143,52 @@ class General extends Component
         }
     }
 
+    public function instantSaveSSL()
+    {
+        try {
+            $this->database->enable_ssl = $this->database->enable_ssl;
+            $this->database->ssl_mode = $this->database->ssl_mode;
+            $this->database->save();
+            $this->dispatch('success', 'SSL configuration updated.');
+        } catch (Exception $e) {
+            return handleError($e, $this);
+        }
+    }
+
+    public function regenerateSslCertificate()
+    {
+        try {
+            $server = $this->database->destination->server;
+
+            $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass())
+                ->where('resource_id', $this->database->id)
+                ->first();
+
+            if (! $existingCert) {
+                $this->dispatch('error', 'No existing SSL certificate found for this database.');
+
+                return;
+            }
+
+            $caCert = SslCertificate::where('server_id', $server->id)->firstOrFail();
+
+            SslHelper::generateSslCertificate(
+                commonName: $existingCert->common_name,
+                subjectAlternativeNames: $existingCert->subject_alternative_names ?? [],
+                resourceType: $existingCert->resource_type,
+                resourceId: $existingCert->resource_id,
+                serverId: $existingCert->server_id,
+                caCert: $caCert->ssl_certificate,
+                caKey: $caCert->ssl_private_key,
+                configurationDir: $existingCert->configuration_dir,
+            );
+
+            $this->dispatch('success', 'SSL certificates have been regenerated. Please restart the database for changes to take effect.');
+        } catch (Exception $e) {
+            return handleError($e, $this);
+        }
+    }
+
     public function refresh(): void
     {
         $this->database->refresh();
diff --git a/app/Models/StandaloneMariadb.php b/app/Models/StandaloneMariadb.php
index 004ead4d9..3708c02a9 100644
--- a/app/Models/StandaloneMariadb.php
+++ b/app/Models/StandaloneMariadb.php
@@ -218,7 +218,17 @@ class StandaloneMariadb extends BaseModel
     protected function internalDbUrl(): Attribute
     {
         return new Attribute(
-            get: fn () => "mysql://{$this->mariadb_user}:{$this->mariadb_password}@{$this->uuid}:3306/{$this->mariadb_database}",
+            get: function () {
+                $url = "mysql://{$this->mariadb_user}:{$this->mariadb_password}@{$this->uuid}:3306/{$this->mariadb_database}";
+                if ($this->enable_ssl) {
+                    $url .= "?ssl-mode={$this->ssl_mode}";
+                    if (in_array($this->ssl_mode, ['VERIFY_CA', 'VERIFY_IDENTITY'])) {
+                        $url .= '&ssl-ca=/etc/ssl/certs/coolify-ca.crt';
+                    }
+                }
+
+                return $url;
+            },
         );
     }
 
@@ -227,7 +237,15 @@ class StandaloneMariadb extends BaseModel
         return new Attribute(
             get: function () {
                 if ($this->is_public && $this->public_port) {
-                    return "mysql://{$this->mariadb_user}:{$this->mariadb_password}@{$this->destination->server->getIp}:{$this->public_port}/{$this->mariadb_database}";
+                    $url = "mysql://{$this->mariadb_user}:{$this->mariadb_password}@{$this->destination->server->getIp}:{$this->public_port}/{$this->mariadb_database}";
+                    if ($this->enable_ssl) {
+                        $url .= "?ssl-mode={$this->ssl_mode}";
+                        if (in_array($this->ssl_mode, ['VERIFY_CA', 'VERIFY_IDENTITY'])) {
+                            $url .= '&ssl-ca=/etc/ssl/certs/coolify-ca.crt';
+                        }
+                    }
+
+                    return $url;
                 }
 
                 return null;
diff --git a/resources/views/livewire/project/database/mariadb/general.blade.php b/resources/views/livewire/project/database/mariadb/general.blade.php
index 4cad81749..673868667 100644
--- a/resources/views/livewire/project/database/mariadb/general.blade.php
+++ b/resources/views/livewire/project/database/mariadb/general.blade.php
@@ -65,6 +65,50 @@
                     type="password" readonly wire:model="db_url_public" />
             @endif
         </div>
+
+        <div class="flex flex-col gap-2">
+            <div class="flex items-center justify-between py-2">
+                <div class="flex items-center justify-between w-full">
+                    <h3>SSL Configuration</h3>
+                    @if($database->enable_ssl && $certificateValidUntil)
+                        <x-modal-confirmation
+                            title="Regenerate SSL Certificates"
+                            buttonTitle="Regenerate SSL Certificates"
+                            :actions="['The SSL certificate of this database will be regenerated.','You must restart the database after regenerating the certificate to start using the new certificate.']"
+                            submitAction="regenerateSslCertificate"
+                            :confirmWithText="false"
+                            :confirmWithPassword="false"
+                        />
+                    @endif
+                </div>
+            </div>
+            @if($database->enable_ssl && $certificateValidUntil)
+                <span class="text-sm">Valid until: 
+                @if(now()->gt($certificateValidUntil))
+                    <span class="text-red-500">{{ $certificateValidUntil->format('d.m.Y H:i:s') }} - Expired</span>
+                @elseif(now()->addDays(30)->gt($certificateValidUntil))
+                    <span class="text-red-500">{{ $certificateValidUntil->format('d.m.Y H:i:s') }} - Expiring soon</span>
+                @else
+                    <span>{{ $certificateValidUntil->format('d.m.Y H:i:s') }}</span>
+                @endif
+                </span>
+            @endif
+        </div>
+        <div class="flex flex-col gap-2">
+            <div class="flex flex-col gap-2">
+                <x-forms.checkbox id="database.enable_ssl" label="Enable SSL" wire:model.live="database.enable_ssl" instantSave="instantSaveSSL" />
+                @if($database->enable_ssl)
+                    <x-forms.select id="database.ssl_mode" label="SSL Mode" wire:model.live="database.ssl_mode" instantSave="instantSaveSSL"
+                        helper="Choose the SSL verification mode for MariaDB connections">
+                        <option value="PREFERRED">PREFERRED</option>
+                        <option value="REQUIRED">REQUIRED</option>
+                        <option value="VERIFY_CA">VERIFY_CA</option>
+                        <option value="VERIFY_IDENTITY">VERIFY_IDENTITY</option>
+                    </x-forms.select>
+                @endif
+            </div>
+        </div>
+        
         <div>
             <div class="flex flex-col py-2 w-64">
                 <div class="flex items-center gap-2 pb-2">

From a3c4f86e809ecd508c8d46f272af0754563044db Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Wed, 5 Feb 2025 18:03:55 +0100
Subject: [PATCH 050/145] fix(ssl): do not remove SSL directory

---
 app/Actions/Database/StartMariadb.php    | 3 +--
 app/Actions/Database/StartMysql.php      | 1 -
 app/Actions/Database/StartPostgresql.php | 1 -
 3 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/app/Actions/Database/StartMariadb.php b/app/Actions/Database/StartMariadb.php
index dd6f2d735..cd001ae45 100644
--- a/app/Actions/Database/StartMariadb.php
+++ b/app/Actions/Database/StartMariadb.php
@@ -56,7 +56,6 @@ class StartMariadb
                 });
         } else {
             $this->commands[] = "echo 'Setting up SSL for this database.'";
-            $this->commands[] = "rm -rf $this->configuration_dir/ssl";
             $this->commands[] = "mkdir -p $this->configuration_dir/ssl";
             $server = $this->database->destination->server;
             $caCert = SslCertificate::where('server_id', $server->id)->firstOrFail();
@@ -188,7 +187,7 @@ class StartMariadb
         $this->commands[] = "docker compose -f $this->configuration_dir/docker-compose.yml up -d";
         $this->commands[] = "echo 'Database started.'";
         if ($this->database->enable_ssl) {
-            $this->commands[] = executeInDocker($this->database->uuid, 'chown mariadb:mariadb /etc/mysql/certs/server.crt /etc/mysql/certs/server.key');
+            $this->commands[] = executeInDocker($this->database->uuid, "chown {$this->database->mariadb_user}:{$this->database->mariadb_user} /etc/mysql/certs/server.crt /etc/mysql/certs/server.key");
         }
 
         return remote_process($this->commands, $database->destination->server, callEventOnFinish: 'DatabaseStatusChanged');
diff --git a/app/Actions/Database/StartMysql.php b/app/Actions/Database/StartMysql.php
index 88fcfe911..b7b18361e 100644
--- a/app/Actions/Database/StartMysql.php
+++ b/app/Actions/Database/StartMysql.php
@@ -56,7 +56,6 @@ class StartMysql
                 });
         } else {
             $this->commands[] = "echo 'Setting up SSL for this database.'";
-            $this->commands[] = "rm -rf $this->configuration_dir/ssl";
             $this->commands[] = "mkdir -p $this->configuration_dir/ssl";
             $server = $this->database->destination->server;
             $caCert = SslCertificate::where('server_id', $server->id)->firstOrFail();
diff --git a/app/Actions/Database/StartPostgresql.php b/app/Actions/Database/StartPostgresql.php
index 9ce953491..b582136a3 100644
--- a/app/Actions/Database/StartPostgresql.php
+++ b/app/Actions/Database/StartPostgresql.php
@@ -61,7 +61,6 @@ class StartPostgresql
                 });
         } else {
             $this->commands[] = "echo 'Setting up SSL for this database.'";
-            $this->commands[] = "rm -rf $this->configuration_dir/ssl";
             $this->commands[] = "mkdir -p $this->configuration_dir/ssl";
             $server = $this->database->destination->server;
 

From 10038586328ab193603fb98bb10833e2d0b5bbd6 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Wed, 5 Feb 2025 18:06:38 +0100
Subject: [PATCH 051/145] feat(ssl): Add `openssl.conf` to configure SSL
 extension properly

---
 app/Helpers/SslHelper.php | 58 +++++++++++++++++++++++++++++++++------
 1 file changed, 50 insertions(+), 8 deletions(-)

diff --git a/app/Helpers/SslHelper.php b/app/Helpers/SslHelper.php
index b410cb4f8..b1731d2ce 100644
--- a/app/Helpers/SslHelper.php
+++ b/app/Helpers/SslHelper.php
@@ -59,17 +59,56 @@ class SslHelper
             $subjectAlternativeNames = array_unique(
                 array_merge(["DNS:$commonName"], $subjectAlternativeNames)
             );
-            $certificateSubject = [
+
+            $countryCode = self::DEFAULT_COUNTRY_CODE;
+            $state = self::DEFAULT_STATE;
+            $organization = self::DEFAULT_ORGANIZATION_NAME;
+
+            $altNames = [];
+            foreach ($subjectAlternativeNames as $index => $san) {
+                [$type, $value] = explode(':', $san, 2);
+                $altNames[] = "{$type}.".($index + 1)." = $value";
+            }
+            $altNamesSection = implode("\n", $altNames);
+
+            $basicConstraints = $isCaCertificate ? 'CA:TRUE' : 'CA:FALSE';
+            $keyUsage = $isCaCertificate ? 'keyCertSign, cRLSign' : 'digitalSignature, keyEncipherment';
+            $extendedKeyUsage = $isCaCertificate ? '' : 'extendedKeyUsage = serverAuth';
+
+            $config = <<<CONF
+                [req]
+                prompt = no
+                distinguished_name = req_distinguished_name
+                req_extensions = v3_req
+
+                [req_distinguished_name]
+                C = $countryCode
+                ST = $state
+                O = $organization
+                CN = $commonName
+
+                [v3_req]
+                basicConstraints = $basicConstraints
+                keyUsage = $keyUsage
+                $extendedKeyUsage
+                subjectAltName = @alt_names
+
+                [alt_names]
+                $altNamesSection
+            CONF;
+
+            $tempConfig = tmpfile();
+            fwrite($tempConfig, $config);
+            $tempConfigPath = stream_get_meta_data($tempConfig)['uri'];
+
+            $csr = openssl_csr_new([
                 'commonName' => $commonName,
-                'subjectAltName' => $subjectAlternativeNames,
                 'organizationName' => self::DEFAULT_ORGANIZATION_NAME,
                 'countryName' => self::DEFAULT_COUNTRY_CODE,
                 'stateOrProvinceName' => self::DEFAULT_STATE,
-            ];
-
-            $csr = openssl_csr_new($certificateSubject, $privateKey, [
+            ], $privateKey, [
                 'digest_alg' => 'sha512',
-                'config' => null,
+                'config' => $tempConfigPath,
                 'encrypt_key' => false,
             ]);
 
@@ -84,9 +123,10 @@ class SslHelper
                 $validityDays,
                 [
                     'digest_alg' => 'sha512',
-                    'config' => null,
+                    'config' => $tempConfigPath,
+                    'x509_extensions' => 'v3_req',
                 ],
-                random_int(PHP_INT_MIN, PHP_INT_MAX)
+                random_int(1, PHP_INT_MAX)
             );
 
             if ($certificate === false) {
@@ -154,6 +194,8 @@ class SslHelper
                 ]);
             }
 
+            fclose($tempConfig);
+
             return $sslCertificate;
         } catch (\Throwable $e) {
             throw new \RuntimeException('SSL Certificate generation failed: '.$e->getMessage(), 0, $e);

From 7666cec462075854f0719274b42e6a90b1c5a90b Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Wed, 5 Feb 2025 21:10:37 +0100
Subject: [PATCH 052/145] fix(ssl): wrong ssl cert is loaded to the server and
 UI error when regenerating SSL

---
 app/Livewire/Server/Advanced.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/app/Livewire/Server/Advanced.php b/app/Livewire/Server/Advanced.php
index 4390d691e..04d45620e 100644
--- a/app/Livewire/Server/Advanced.php
+++ b/app/Livewire/Server/Advanced.php
@@ -80,6 +80,8 @@ class Advanced extends Component
                 $this->caCertificate->ssl_certificate = $this->certificateContent;
                 $this->caCertificate->save();
 
+                $this->loadCaCertificate();
+
                 $this->writeCertificateToServer();
 
                 dispatch(new RegenerateSslCertJob(
@@ -103,6 +105,8 @@ class Advanced extends Component
                 validityDays: 15 * 365
             );
 
+            $this->loadCaCertificate();
+
             $this->writeCertificateToServer();
 
             dispatch(new RegenerateSslCertJob(
@@ -126,7 +130,7 @@ class Advanced extends Component
             "chown -R 9999:root $caCertPath",
             "chmod -R 700 $caCertPath",
             "rm -f $caCertPath/coolify-ca.crt",
-            "echo '{$this->caCertificate->ssl_certificate}' > $caCertPath/coolify-ca.crt",
+            "echo '{$this->certificateContent}' > $caCertPath/coolify-ca.crt",
             "chmod 644 $caCertPath/coolify-ca.crt",
         ]);
 

From ba24630c28ec72999a646f42708f540ff92885ae Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Wed, 5 Feb 2025 21:13:30 +0100
Subject: [PATCH 053/145] fix(ssl): make sure when regenerating the CA cert it
 is not overwritten with a server cert

---
 app/Jobs/RegenerateSslCertJob.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app/Jobs/RegenerateSslCertJob.php b/app/Jobs/RegenerateSslCertJob.php
index a623f696c..541e53b7e 100644
--- a/app/Jobs/RegenerateSslCertJob.php
+++ b/app/Jobs/RegenerateSslCertJob.php
@@ -35,6 +35,8 @@ class RegenerateSslCertJob implements ShouldQueue
             $query->where('valid_until', '<=', now()->addDays(14));
         }
 
+        $query->where('is_ca_certificate', false);
+
         $certificates = $query->get();
 
         if ($certificates->isEmpty()) {

From 951a454cbceac78a8246d496ae59c0250bc9c0f6 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Wed, 5 Feb 2025 21:22:54 +0100
Subject: [PATCH 054/145] fix(ssl): regenerating certs for a specific DB

- fix: add mount path to make file mounts work correctly
- fix: get CA cert of the server not some random cert
---
 app/Livewire/Project/Database/Mariadb/General.php   | 13 ++++++++-----
 app/Livewire/Project/Database/Mysql/General.php     | 13 ++++++++-----
 .../Project/Database/Postgresql/General.php         | 13 ++++++++-----
 3 files changed, 24 insertions(+), 15 deletions(-)

diff --git a/app/Livewire/Project/Database/Mariadb/General.php b/app/Livewire/Project/Database/Mariadb/General.php
index ac6e79140..63bfd16cd 100644
--- a/app/Livewire/Project/Database/Mariadb/General.php
+++ b/app/Livewire/Project/Database/Mariadb/General.php
@@ -158,10 +158,9 @@ class General extends Component
     public function regenerateSslCertificate()
     {
         try {
-            $server = $this->database->destination->server;
-
             $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass())
                 ->where('resource_id', $this->database->id)
+                ->where('server_id', $this->server->id)
                 ->first();
 
             if (! $existingCert) {
@@ -170,7 +169,10 @@ class General extends Component
                 return;
             }
 
-            $caCert = SslCertificate::where('server_id', $server->id)->firstOrFail();
+            $caCertificate = SslCertificate::where('server_id', $this->server->id)
+                ->where('resource_type', null)
+                ->where('resource_id', null)
+                ->first();
 
             SslHelper::generateSslCertificate(
                 commonName: $existingCert->common_name,
@@ -178,9 +180,10 @@ class General extends Component
                 resourceType: $existingCert->resource_type,
                 resourceId: $existingCert->resource_id,
                 serverId: $existingCert->server_id,
-                caCert: $caCert->ssl_certificate,
-                caKey: $caCert->ssl_private_key,
+                caCert: $caCertificate->ssl_certificate,
+                caKey: $caCertificate->ssl_private_key,
                 configurationDir: $existingCert->configuration_dir,
+                mountPath: '/var/lib/mysql/certs',
             );
 
             $this->dispatch('success', 'SSL certificates have been regenerated. Please restart the database for changes to take effect.');
diff --git a/app/Livewire/Project/Database/Mysql/General.php b/app/Livewire/Project/Database/Mysql/General.php
index 9ae54e60a..d7d34c2e1 100644
--- a/app/Livewire/Project/Database/Mysql/General.php
+++ b/app/Livewire/Project/Database/Mysql/General.php
@@ -158,10 +158,9 @@ class General extends Component
     public function regenerateSslCertificate()
     {
         try {
-            $server = $this->database->destination->server;
-
             $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass())
                 ->where('resource_id', $this->database->id)
+                ->where('server_id', $this->server->id)
                 ->first();
 
             if (! $existingCert) {
@@ -170,7 +169,10 @@ class General extends Component
                 return;
             }
 
-            $caCert = SslCertificate::where('server_id', $server->id)->firstOrFail();
+            $caCertificate = SslCertificate::where('server_id', $this->server->id)
+                ->where('resource_type', null)
+                ->where('resource_id', null)
+                ->first();
 
             SslHelper::generateSslCertificate(
                 commonName: $existingCert->common_name,
@@ -178,9 +180,10 @@ class General extends Component
                 resourceType: $existingCert->resource_type,
                 resourceId: $existingCert->resource_id,
                 serverId: $existingCert->server_id,
-                caCert: $caCert->ssl_certificate,
-                caKey: $caCert->ssl_private_key,
+                caCert: $caCertificate->ssl_certificate,
+                caKey: $caCertificate->ssl_private_key,
                 configurationDir: $existingCert->configuration_dir,
+                mountPath: '/var/lib/mysql/certs',
             );
 
             $this->dispatch('success', 'SSL certificates have been regenerated. Please restart the database for changes to take effect.');
diff --git a/app/Livewire/Project/Database/Postgresql/General.php b/app/Livewire/Project/Database/Postgresql/General.php
index cb8cefc76..534b66a6d 100644
--- a/app/Livewire/Project/Database/Postgresql/General.php
+++ b/app/Livewire/Project/Database/Postgresql/General.php
@@ -122,10 +122,9 @@ class General extends Component
     public function regenerateSslCertificate()
     {
         try {
-            $server = $this->database->destination->server;
-
             $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass())
                 ->where('resource_id', $this->database->id)
+                ->where('server_id', $this->server->id)
                 ->first();
 
             if (! $existingCert) {
@@ -134,7 +133,10 @@ class General extends Component
                 return;
             }
 
-            $caCert = SslCertificate::where('server_id', $server->id)->firstOrFail();
+            $caCertificate = SslCertificate::where('server_id', $this->server->id)
+                ->where('resource_type', null)
+                ->where('resource_id', null)
+                ->first();
 
             SslHelper::generateSslCertificate(
                 commonName: $existingCert->common_name,
@@ -142,9 +144,10 @@ class General extends Component
                 resourceType: $existingCert->resource_type,
                 resourceId: $existingCert->resource_id,
                 serverId: $existingCert->server_id,
-                caCert: $caCert->ssl_certificate,
-                caKey: $caCert->ssl_private_key,
+                caCert: $caCertificate->ssl_certificate,
+                caKey: $caCertificate->ssl_private_key,
                 configurationDir: $existingCert->configuration_dir,
+                mountPath: '/var/lib/postgresql/certs',
             );
 
             $this->dispatch('success', 'SSL certificates have been regenerated. Please restart the database for changes to take effect.');

From 806d9af5690aaf5c60641c8f19fa18602324df03 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Wed, 5 Feb 2025 22:09:37 +0100
Subject: [PATCH 055/145] feat(ssl): improve SSL generation and security a lot

- rename some variables for better clarity
- format subjectAltNames correctly
- setup extensions more securely and improve them a lot
- use finally block to remove tempConfig
---
 app/Helpers/SslHelper.php | 60 +++++++++++++++++++++------------------
 1 file changed, 32 insertions(+), 28 deletions(-)

diff --git a/app/Helpers/SslHelper.php b/app/Helpers/SslHelper.php
index b1731d2ce..955976366 100644
--- a/app/Helpers/SslHelper.php
+++ b/app/Helpers/SslHelper.php
@@ -10,9 +10,9 @@ class SslHelper
 {
     private const DEFAULT_ORGANIZATION_NAME = 'Coolify';
 
-    private const DEFAULT_COUNTRY_CODE = 'ZZ';
+    private const DEFAULT_COUNTRY_NAME = 'ZZ';
 
-    private const DEFAULT_STATE = 'Default';
+    private const DEFAULT_STATE_NAME = 'Default';
 
     public static function generateSslCertificate(
         string $commonName,
@@ -27,6 +27,9 @@ class SslHelper
         ?string $configurationDir = null,
         ?string $mountPath = null
     ): SslCertificate {
+        $organizationName = self::DEFAULT_ORGANIZATION_NAME;
+        $countryName = self::DEFAULT_COUNTRY_NAME;
+        $stateName = self::DEFAULT_STATE_NAME;
 
         try {
             $privateKey = openssl_pkey_new([
@@ -60,41 +63,42 @@ class SslHelper
                 array_merge(["DNS:$commonName"], $subjectAlternativeNames)
             );
 
-            $countryCode = self::DEFAULT_COUNTRY_CODE;
-            $state = self::DEFAULT_STATE;
-            $organization = self::DEFAULT_ORGANIZATION_NAME;
-
-            $altNames = [];
+            $formattedSubjectAltNames = [];
             foreach ($subjectAlternativeNames as $index => $san) {
                 [$type, $value] = explode(':', $san, 2);
-                $altNames[] = "{$type}.".($index + 1)." = $value";
+                $formattedSubjectAltNames[] = "{$type}.".($index + 1)." = $value";
             }
-            $altNamesSection = implode("\n", $altNames);
+            $formattedSubjectAltNamesSection = implode("\n", $formattedSubjectAltNames);
 
-            $basicConstraints = $isCaCertificate ? 'CA:TRUE' : 'CA:FALSE';
-            $keyUsage = $isCaCertificate ? 'keyCertSign, cRLSign' : 'digitalSignature, keyEncipherment';
-            $extendedKeyUsage = $isCaCertificate ? '' : 'extendedKeyUsage = serverAuth';
+            $basicConstraints = $isCaCertificate ? 'critical, CA:TRUE, pathlen:0' : 'critical, CA:FALSE';
+            $keyUsage = $isCaCertificate ? 'critical, keyCertSign, cRLSign' : 'critical, digitalSignature';
+            $authorityKeyIdentifierLine = $isCaCertificate ? '' : "authorityKeyIdentifier = critical,keyid,issuer\n";
 
             $config = <<<CONF
                 [req]
                 prompt = no
-                distinguished_name = req_distinguished_name
-                req_extensions = v3_req
+                distinguished_name = distinguished_name
+                req_extensions = req_ext
 
-                [req_distinguished_name]
-                C = $countryCode
-                ST = $state
-                O = $organization
+                [distinguished_name]
+                C = $countryName
+                ST = $stateName
+                O = $organizationName
                 CN = $commonName
 
+                [req_ext]
+                basicConstraints = $basicConstraints
+                keyUsage = $keyUsage
+
                 [v3_req]
                 basicConstraints = $basicConstraints
                 keyUsage = $keyUsage
-                $extendedKeyUsage
-                subjectAltName = @alt_names
+                subjectKeyIdentifier = critical,hash
+                {$authorityKeyIdentifierLine}
+                subjectAltName = critical,@subject_alt_names
 
-                [alt_names]
-                $altNamesSection
+                [subject_alt_names]
+                $formattedSubjectAltNamesSection
             CONF;
 
             $tempConfig = tmpfile();
@@ -103,13 +107,13 @@ class SslHelper
 
             $csr = openssl_csr_new([
                 'commonName' => $commonName,
-                'organizationName' => self::DEFAULT_ORGANIZATION_NAME,
-                'countryName' => self::DEFAULT_COUNTRY_CODE,
-                'stateOrProvinceName' => self::DEFAULT_STATE,
+                'organizationName' => $organizationName,
+                'countryName' => $countryName,
+                'stateOrProvinceName' => $stateName,
             ], $privateKey, [
                 'digest_alg' => 'sha512',
                 'config' => $tempConfigPath,
-                'encrypt_key' => false,
+                'req_extensions' => 'req_ext',
             ]);
 
             if ($csr === false) {
@@ -194,11 +198,11 @@ class SslHelper
                 ]);
             }
 
-            fclose($tempConfig);
-
             return $sslCertificate;
         } catch (\Throwable $e) {
             throw new \RuntimeException('SSL Certificate generation failed: '.$e->getMessage(), 0, $e);
+        } finally {
+            fclose($tempConfig);
         }
     }
 }

From 852be5fd93c356fb0c6e0896daf5e24e574daa6a Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Wed, 5 Feb 2025 22:11:10 +0100
Subject: [PATCH 056/145] feat(ssl): check for SSL renewal twice daily

---
 app/Console/Kernel.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/app/Console/Kernel.php b/app/Console/Kernel.php
index 8b4240412..a63f67857 100644
--- a/app/Console/Kernel.php
+++ b/app/Console/Kernel.php
@@ -10,6 +10,7 @@ use App\Jobs\CleanupStaleMultiplexedConnections;
 use App\Jobs\DatabaseBackupJob;
 use App\Jobs\DockerCleanupJob;
 use App\Jobs\PullTemplatesFromCDN;
+use App\Jobs\RegenerateSslCertJob;
 use App\Jobs\ScheduledTaskJob;
 use App\Jobs\ServerCheckJob;
 use App\Jobs\ServerCleanupMux;
@@ -84,6 +85,8 @@ class Kernel extends ConsoleKernel
             $this->checkScheduledBackups();
             $this->checkScheduledTasks();
 
+            $this->scheduleInstance->job(new RegenerateSslCertJob)->twiceDaily();
+
             $this->scheduleInstance->command('cleanup:database --yes')->daily();
             $this->scheduleInstance->command('uploads:clear')->everyTwoMinutes();
         }

From 844f40188afe79877dee810bfb3b8718fe63940f Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Wed, 5 Feb 2025 22:19:13 +0100
Subject: [PATCH 057/145] feat(ssl): Add SSL relationships to all DBs

---
 app/Models/StandaloneClickhouse.php | 5 +++++
 app/Models/StandaloneDragonfly.php  | 5 +++++
 app/Models/StandaloneKeydb.php      | 5 +++++
 app/Models/StandaloneMariadb.php    | 5 +++++
 app/Models/StandaloneMongodb.php    | 5 +++++
 app/Models/StandaloneMysql.php      | 5 +++++
 app/Models/StandaloneRedis.php      | 5 +++++
 7 files changed, 35 insertions(+)

diff --git a/app/Models/StandaloneClickhouse.php b/app/Models/StandaloneClickhouse.php
index 60198115d..2f86c2060 100644
--- a/app/Models/StandaloneClickhouse.php
+++ b/app/Models/StandaloneClickhouse.php
@@ -163,6 +163,11 @@ class StandaloneClickhouse extends BaseModel
         return data_get($this, 'environment.project');
     }
 
+    public function sslCertificates()
+    {
+        return $this->morphMany(SslCertificate::class, 'resource');
+    }
+
     public function link()
     {
         if (data_get($this, 'environment.project.uuid')) {
diff --git a/app/Models/StandaloneDragonfly.php b/app/Models/StandaloneDragonfly.php
index 3c1127d8d..6e7915faa 100644
--- a/app/Models/StandaloneDragonfly.php
+++ b/app/Models/StandaloneDragonfly.php
@@ -168,6 +168,11 @@ class StandaloneDragonfly extends BaseModel
         return data_get($this, 'environment.project.team');
     }
 
+    public function sslCertificates()
+    {
+        return $this->morphMany(SslCertificate::class, 'resource');
+    }
+
     public function link()
     {
         if (data_get($this, 'environment.project.uuid')) {
diff --git a/app/Models/StandaloneKeydb.php b/app/Models/StandaloneKeydb.php
index ebf1c22e9..3e80408ef 100644
--- a/app/Models/StandaloneKeydb.php
+++ b/app/Models/StandaloneKeydb.php
@@ -168,6 +168,11 @@ class StandaloneKeydb extends BaseModel
         return data_get($this, 'environment.project.team');
     }
 
+    public function sslCertificates()
+    {
+        return $this->morphMany(SslCertificate::class, 'resource');
+    }
+
     public function link()
     {
         if (data_get($this, 'environment.project.uuid')) {
diff --git a/app/Models/StandaloneMariadb.php b/app/Models/StandaloneMariadb.php
index 3708c02a9..24f011f12 100644
--- a/app/Models/StandaloneMariadb.php
+++ b/app/Models/StandaloneMariadb.php
@@ -289,6 +289,11 @@ class StandaloneMariadb extends BaseModel
         return $this->morphMany(ScheduledDatabaseBackup::class, 'database');
     }
 
+    public function sslCertificates()
+    {
+        return $this->morphMany(SslCertificate::class, 'resource');
+    }
+
     public function getCpuMetrics(int $mins = 5)
     {
         $server = $this->destination->server;
diff --git a/app/Models/StandaloneMongodb.php b/app/Models/StandaloneMongodb.php
index aba0f6123..dfc6ec13b 100644
--- a/app/Models/StandaloneMongodb.php
+++ b/app/Models/StandaloneMongodb.php
@@ -177,6 +177,11 @@ class StandaloneMongodb extends BaseModel
         return data_get($this, 'is_log_drain_enabled', false);
     }
 
+    public function sslCertificates()
+    {
+        return $this->morphMany(SslCertificate::class, 'resource');
+    }
+
     public function link()
     {
         if (data_get($this, 'environment.project.uuid')) {
diff --git a/app/Models/StandaloneMysql.php b/app/Models/StandaloneMysql.php
index 1bd75995c..cf45df578 100644
--- a/app/Models/StandaloneMysql.php
+++ b/app/Models/StandaloneMysql.php
@@ -169,6 +169,11 @@ class StandaloneMysql extends BaseModel
         return data_get($this, 'environment.project.team');
     }
 
+    public function sslCertificates()
+    {
+        return $this->morphMany(SslCertificate::class, 'resource');
+    }
+
     public function link()
     {
         if (data_get($this, 'environment.project.uuid')) {
diff --git a/app/Models/StandaloneRedis.php b/app/Models/StandaloneRedis.php
index ed5cf9870..ebb0fbe30 100644
--- a/app/Models/StandaloneRedis.php
+++ b/app/Models/StandaloneRedis.php
@@ -164,6 +164,11 @@ class StandaloneRedis extends BaseModel
         return data_get($this, 'environment.project.team');
     }
 
+    public function sslCertificates()
+    {
+        return $this->morphMany(SslCertificate::class, 'resource');
+    }
+
     public function link()
     {
         if (data_get($this, 'environment.project.uuid')) {

From 367eebc9fcddaef46a10a20b061f9b46351d5ebd Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Wed, 5 Feb 2025 22:56:29 +0100
Subject: [PATCH 058/145] feat: Add full SSL support to MongoDB

---
 app/Actions/Database/StartMongodb.php         | 141 +++++++++++++++---
 .../Project/Database/Mongodb/General.php      |  65 ++++++++
 app/Models/StandaloneMongodb.php              |  28 +++-
 .../database/mongodb/general.blade.php        |  47 ++++++
 4 files changed, 260 insertions(+), 21 deletions(-)

diff --git a/app/Actions/Database/StartMongodb.php b/app/Actions/Database/StartMongodb.php
index 89d35ca7b..bf36d3802 100644
--- a/app/Actions/Database/StartMongodb.php
+++ b/app/Actions/Database/StartMongodb.php
@@ -2,6 +2,8 @@
 
 namespace App\Actions\Database;
 
+use App\Helpers\SslHelper;
+use App\Models\SslCertificate;
 use App\Models\StandaloneMongodb;
 use Lorisleiva\Actions\Concerns\AsAction;
 use Symfony\Component\Yaml\Yaml;
@@ -16,6 +18,8 @@ class StartMongodb
 
     public string $configuration_dir;
 
+    private ?SslCertificate $ssl_certificate = null;
+
     public function handle(StandaloneMongodb $database)
     {
         $this->database = $database;
@@ -24,16 +28,62 @@ class StartMongodb
 
         $container_name = $this->database->uuid;
         $this->configuration_dir = database_configuration_dir().'/'.$container_name;
-
         if (isDev()) {
             $this->configuration_dir = '/var/lib/docker/volumes/coolify_dev_coolify_data/_data/databases/'.$container_name;
         }
 
         $this->commands = [
             "echo 'Starting database.'",
+            "echo 'Creating directories.'",
             "mkdir -p $this->configuration_dir",
+            "echo 'Directories created successfully.'",
         ];
 
+        if (! $this->database->enable_ssl) {
+            $this->commands[] = "rm -rf $this->configuration_dir/ssl";
+
+            SslCertificate::where('resource_type', $this->database->getMorphClass())
+                ->where('resource_id', $this->database->id)
+                ->delete();
+
+            $this->database->fileStorages()
+                ->where('resource_type', $this->database->getMorphClass())
+                ->where('resource_id', $this->database->id)
+                ->get()
+                ->filter(function ($storage) {
+                    return in_array($storage->mount_path, [
+                        '/etc/mongo/certs/server.crt',
+                        '/etc/mongo/certs/server.key',
+                    ]);
+                })
+                ->each(function ($storage) {
+                    $storage->delete();
+                });
+        } else {
+            $this->commands[] = "echo 'Setting up SSL for this database.'";
+            $this->commands[] = "mkdir -p $this->configuration_dir/ssl";
+            $server = $this->database->destination->server;
+
+            $caCert = SslCertificate::where('server_id', $server->id)->firstOrFail();
+            $this->ssl_certificate = SslCertificate::where('resource_type', $this->database->getMorphClass())
+                ->where('resource_id', $this->database->id)
+                ->first();
+
+            if (! $this->ssl_certificate) {
+                $this->commands[] = "echo 'No SSL certificate found, generating new SSL certificate for this database.'";
+                $this->ssl_certificate = SslHelper::generateSslCertificate(
+                    commonName: $this->database->uuid,
+                    resourceType: $this->database->getMorphClass(),
+                    resourceId: $this->database->id,
+                    serverId: $server->id,
+                    caCert: $caCert->ssl_certificate,
+                    caKey: $caCert->ssl_private_key,
+                    configurationDir: $this->configuration_dir,
+                    mountPath: '/etc/mongo/certs',
+                );
+            }
+        }
+
         $persistent_storages = $this->generate_local_persistent_volumes();
         $persistent_file_volumes = $this->database->fileStorages()->get();
         $volume_names = $this->generate_local_persistent_volumes_only_volume_names();
@@ -79,47 +129,97 @@ class StartMongodb
                 ],
             ],
         ];
+
         if (! is_null($this->database->limits_cpuset)) {
             data_set($docker_compose, "services.{$container_name}.cpuset", $this->database->limits_cpuset);
         }
+
         if ($this->database->destination->server->isLogDrainEnabled() && $this->database->isLogDrainEnabled()) {
             $docker_compose['services'][$container_name]['logging'] = generate_fluentd_configuration();
         }
+
         if (count($this->database->ports_mappings_array) > 0) {
             $docker_compose['services'][$container_name]['ports'] = $this->database->ports_mappings_array;
         }
+
+        $docker_compose['services'][$container_name]['volumes'] ??= [];
+
         if (count($persistent_storages) > 0) {
-            $docker_compose['services'][$container_name]['volumes'] = $persistent_storages;
+            $docker_compose['services'][$container_name]['volumes'] = array_merge(
+                $docker_compose['services'][$container_name]['volumes'] ?? [],
+                $persistent_storages
+            );
         }
+
         if (count($persistent_file_volumes) > 0) {
-            $docker_compose['services'][$container_name]['volumes'] = $persistent_file_volumes->map(function ($item) {
-                return "$item->fs_path:$item->mount_path";
-            })->toArray();
+            $docker_compose['services'][$container_name]['volumes'] = array_merge(
+                $docker_compose['services'][$container_name]['volumes'] ?? [],
+                $persistent_file_volumes->map(function ($item) {
+                    return "$item->fs_path:$item->mount_path";
+                })->toArray()
+            );
         }
+
         if (count($volume_names) > 0) {
             $docker_compose['volumes'] = $volume_names;
         }
-        if (! is_null($this->database->mongo_conf) || ! empty($this->database->mongo_conf)) {
-            $docker_compose['services'][$container_name]['volumes'][] = [
-                'type' => 'bind',
-                'source' => $this->configuration_dir.'/mongod.conf',
-                'target' => '/etc/mongo/mongod.conf',
-                'read_only' => true,
-            ];
-            $docker_compose['services'][$container_name]['command'] = $startCommand.' --config /etc/mongo/mongod.conf';
+
+        if (! empty($this->database->mongo_conf)) {
+            $docker_compose['services'][$container_name]['volumes'] = array_merge(
+                $docker_compose['services'][$container_name]['volumes'] ?? [],
+                [[
+                    'type' => 'bind',
+                    'source' => $this->configuration_dir.'/mongod.conf',
+                    'target' => '/etc/mongo/mongod.conf',
+                    'read_only' => true,
+                ]]
+            );
         }
+
         $this->add_default_database();
-        $docker_compose['services'][$container_name]['volumes'][] = [
-            'type' => 'bind',
-            'source' => $this->configuration_dir.'/docker-entrypoint-initdb.d',
-            'target' => '/docker-entrypoint-initdb.d',
-            'read_only' => true,
-        ];
+
+        $docker_compose['services'][$container_name]['volumes'] = array_merge(
+            $docker_compose['services'][$container_name]['volumes'] ?? [],
+            [[
+                'type' => 'bind',
+                'source' => $this->configuration_dir.'/docker-entrypoint-initdb.d',
+                'target' => '/docker-entrypoint-initdb.d',
+                'read_only' => true,
+            ]]
+        );
 
         // Add custom docker run options
         $docker_run_options = convertDockerRunToCompose($this->database->custom_docker_run_options);
         $docker_compose = generateCustomDockerRunOptionsForDatabases($docker_run_options, $docker_compose, $container_name, $this->database->destination->network);
 
+        if ($this->database->enable_ssl) {
+            $commandParts = ['mongod'];
+
+            $commandParts[] = '--sslPEMKeyFile';
+            $commandParts[] = '/etc/mongo/certs/server.pem';
+            $commandParts[] = '--sslCAFile';
+            $commandParts[] = '/etc/mongo/certs/ca.pem';
+
+            $sslConfig = match ($this->database->ssl_mode) {
+                'verifyCA' => [
+                    '--sslMode=requireSSL',
+                    '--tlsAllowInvalidCertificates=false',
+                ],
+                'verifyFull' => [
+                    '--sslMode=requireSSL',
+                    '--tlsAllowInvalidCertificates=false',
+                    '--tlsAllowInvalidHostnames=false',
+                ],
+                'requireSSL' => ['--sslMode=requireSSL'],
+                'preferSSL' => ['--sslMode=preferSSL'],
+                'allowSSL' => ['--sslMode=allowSSL'],
+                default => []
+            };
+
+            $commandParts = [...$commandParts, ...$sslConfig];
+            $docker_compose['services'][$container_name]['command'] = $commandParts;
+        }
+
         $docker_compose = Yaml::dump($docker_compose, 10);
         $docker_compose_base64 = base64_encode($docker_compose);
         $this->commands[] = "echo '{$docker_compose_base64}' | base64 -d | tee $this->configuration_dir/docker-compose.yml > /dev/null";
@@ -128,6 +228,9 @@ class StartMongodb
         $this->commands[] = "echo 'Pulling {$database->image} image.'";
         $this->commands[] = "docker compose -f $this->configuration_dir/docker-compose.yml pull";
         $this->commands[] = "docker compose -f $this->configuration_dir/docker-compose.yml up -d";
+        if ($this->database->enable_ssl) {
+            $this->commands[] = executeInDocker($this->database->uuid, "chown {$this->database->mongo_initdb_root_username}:{$this->database->mongo_initdb_root_username} /etc/mongo/certs/server.pem /etc/mongo/certs/ca.pem");
+        }
         $this->commands[] = "echo 'Database started.'";
 
         return remote_process($this->commands, $database->destination->server, callEventOnFinish: 'DatabaseStatusChanged');
diff --git a/app/Livewire/Project/Database/Mongodb/General.php b/app/Livewire/Project/Database/Mongodb/General.php
index e19895dae..911b74f55 100644
--- a/app/Livewire/Project/Database/Mongodb/General.php
+++ b/app/Livewire/Project/Database/Mongodb/General.php
@@ -4,7 +4,9 @@ namespace App\Livewire\Project\Database\Mongodb;
 
 use App\Actions\Database\StartDatabaseProxy;
 use App\Actions\Database\StopDatabaseProxy;
+use App\Helpers\SslHelper;
 use App\Models\Server;
+use App\Models\SslCertificate;
 use App\Models\StandaloneMongodb;
 use Exception;
 use Livewire\Component;
@@ -21,6 +23,8 @@ class General extends Component
 
     public ?string $db_url_public = null;
 
+    public $certificateValidUntil = null;
+
     protected $rules = [
         'database.name' => 'required',
         'database.description' => 'nullable',
@@ -34,6 +38,8 @@ class General extends Component
         'database.public_port' => 'nullable|integer',
         'database.is_log_drain_enabled' => 'nullable|boolean',
         'database.custom_docker_run_options' => 'nullable',
+        'database.enable_ssl' => 'boolean',
+        'database.ssl_mode' => 'nullable|string|in:allowSSL,preferSSL,requireSSL,verifyCA,verifyFull',
     ];
 
     protected $validationAttributes = [
@@ -48,6 +54,8 @@ class General extends Component
         'database.is_public' => 'Is Public',
         'database.public_port' => 'Public Port',
         'database.custom_docker_run_options' => 'Custom Docker Run Options',
+        'database.enable_ssl' => 'Enable SSL',
+        'database.ssl_mode' => 'SSL Mode',
     ];
 
     public function mount()
@@ -55,6 +63,14 @@ class General extends Component
         $this->db_url = $this->database->internal_db_url;
         $this->db_url_public = $this->database->external_db_url;
         $this->server = data_get($this->database, 'destination.server');
+
+        $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass())
+            ->where('resource_id', $this->database->id)
+            ->first();
+
+        if ($existingCert) {
+            $this->certificateValidUntil = $existingCert->valid_until;
+        }
     }
 
     public function instantSaveAdvanced()
@@ -128,6 +144,55 @@ class General extends Component
         }
     }
 
+    public function instantSaveSSL()
+    {
+        try {
+            $this->database->enable_ssl = $this->database->enable_ssl;
+            $this->database->ssl_mode = $this->database->ssl_mode;
+            $this->database->save();
+            $this->dispatch('success', 'SSL configuration updated.');
+        } catch (Exception $e) {
+            return handleError($e, $this);
+        }
+    }
+
+    public function regenerateSslCertificate()
+    {
+        try {
+            $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass())
+                ->where('resource_id', $this->database->id)
+                ->where('server_id', $this->server->id)
+                ->first();
+
+            if (! $existingCert) {
+                $this->dispatch('error', 'No existing SSL certificate found for this database.');
+
+                return;
+            }
+
+            $caCertificate = SslCertificate::where('server_id', $this->server->id)
+                ->where('resource_type', null)
+                ->where('resource_id', null)
+                ->first();
+
+            SslHelper::generateSslCertificate(
+                commonName: $existingCert->common_name,
+                subjectAlternativeNames: $existingCert->subject_alternative_names ?? [],
+                resourceType: $existingCert->resource_type,
+                resourceId: $existingCert->resource_id,
+                serverId: $existingCert->server_id,
+                caCert: $caCertificate->ssl_certificate,
+                caKey: $caCertificate->ssl_private_key,
+                configurationDir: $existingCert->configuration_dir,
+                mountPath: '/etc/mongo/certs',
+            );
+
+            $this->dispatch('success', 'SSL certificates have been regenerated. Please restart the database for changes to take effect.');
+        } catch (Exception $e) {
+            return handleError($e, $this);
+        }
+    }
+
     public function refresh(): void
     {
         $this->database->refresh();
diff --git a/app/Models/StandaloneMongodb.php b/app/Models/StandaloneMongodb.php
index dfc6ec13b..0b282eea1 100644
--- a/app/Models/StandaloneMongodb.php
+++ b/app/Models/StandaloneMongodb.php
@@ -243,7 +243,20 @@ class StandaloneMongodb extends BaseModel
     protected function internalDbUrl(): Attribute
     {
         return new Attribute(
-            get: fn () => "mongodb://{$this->mongo_initdb_root_username}:{$this->mongo_initdb_root_password}@{$this->uuid}:27017/?directConnection=true",
+            get: function () {
+                $url = "mongodb://{$this->mongo_initdb_root_username}:{$this->mongo_initdb_root_password}@{$this->uuid}:27017/?directConnection=true";
+                if ($this->enable_ssl) {
+                    $url .= '&ssl=true';
+                    if (in_array($this->ssl_mode, ['verifyCA', 'verifyFull'])) {
+                        $url .= '&tlsAllowInvalidCertificates=false';
+                    }
+                    if ($this->ssl_mode === 'verifyFull') {
+                        $url .= '&tlsAllowInvalidHostnames=false';
+                    }
+                }
+
+                return $url;
+            },
         );
     }
 
@@ -252,7 +265,18 @@ class StandaloneMongodb extends BaseModel
         return new Attribute(
             get: function () {
                 if ($this->is_public && $this->public_port) {
-                    return "mongodb://{$this->mongo_initdb_root_username}:{$this->mongo_initdb_root_password}@{$this->destination->server->getIp}:{$this->public_port}/?directConnection=true";
+                    $url = "mongodb://{$this->mongo_initdb_root_username}:{$this->mongo_initdb_root_password}@{$this->destination->server->getIp}:{$this->public_port}/?directConnection=true";
+                    if ($this->enable_ssl) {
+                        $url .= '&ssl=true';
+                        if (in_array($this->ssl_mode, ['verifyCA', 'verifyFull'])) {
+                            $url .= '&tlsAllowInvalidCertificates=false';
+                        }
+                        if ($this->ssl_mode === 'verifyFull') {
+                            $url .= '&tlsAllowInvalidHostnames=false';
+                        }
+                    }
+
+                    return $url;
                 }
 
                 return null;
diff --git a/resources/views/livewire/project/database/mongodb/general.blade.php b/resources/views/livewire/project/database/mongodb/general.blade.php
index 72fd2f75d..b64884525 100644
--- a/resources/views/livewire/project/database/mongodb/general.blade.php
+++ b/resources/views/livewire/project/database/mongodb/general.blade.php
@@ -55,6 +55,53 @@
                     type="password" readonly wire:model="db_url_public" />
             @endif
         </div>
+
+        <div class="flex flex-col gap-2">
+            <div class="flex items-center justify-between py-2">
+                <div class="flex items-center justify-between w-full">
+                    <h3>SSL Configuration</h3>
+                    @if($database->enable_ssl)
+                        <x-modal-confirmation
+                            title="Regenerate SSL Certificates"
+                            buttonTitle="Regenerate SSL Certificates"
+                            :actions="['The SSL certificate of this database will be regenerated.','You must restart the database after regenerating the certificate to start using the new certificate.']"
+                            submitAction="regenerateSslCertificate"
+                            :confirmWithText="false"
+                            :confirmWithPassword="false"
+                        />
+                    @endif
+                </div>
+            </div>
+            @if($database->enable_ssl && $certificateValidUntil)
+                <span class="text-sm">Valid until: 
+                @if(now()->gt($certificateValidUntil))
+                    <span class="text-red-500">{{ $certificateValidUntil->format('d.m.Y H:i:s') }} - Expired</span>
+                @elseif(now()->addDays(30)->gt($certificateValidUntil))
+                    <span class="text-red-500">{{ $certificateValidUntil->format('d.m.Y H:i:s') }} - Expiring soon</span>
+                @else
+                    <span>{{ $certificateValidUntil->format('d.m.Y H:i:s') }}</span>
+                @endif
+                </span>
+            @endif
+        </div>
+        <div class="flex flex-col gap-2">
+            <div class="flex flex-col gap-2">
+                <x-forms.checkbox id="database.enable_ssl" label="Enable SSL" 
+                    wire:model.live="database.enable_ssl" instantSave="instantSaveSSL" />
+                @if($database->enable_ssl)
+                    <x-forms.select id="database.ssl_mode" label="SSL Mode" 
+                        wire:model.live="database.ssl_mode" instantSave="instantSaveSSL"
+                        helper="Choose the SSL verification mode for MongoDB connections">
+                        <option value="allowSSL">allowSSL</option>
+                        <option value="preferSSL">preferSSL</option>
+                        <option value="requireSSL">requireSSL</option>
+                        <option value="verifyCA">verifyCA</option>
+                        <option value="verifyFull">verifyFull</option>
+                    </x-forms.select>
+                @endif
+            </div>
+        </div>
+
         <div>
             <div class="flex flex-col py-2 w-64">
                 <div class="flex items-center gap-2 pb-2">

From 6eabfd5c8e4e8aebf0f31b9d5ea667fc72243f19 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Thu, 6 Feb 2025 15:13:08 +0100
Subject: [PATCH 059/145] feat/fix(ssl): fix some issues and improve ssl
 generation helper

- set default country to XX
- fix array handling of the subjectAlternativeNames so that no indexes are added or skipped
- add extendedKeyUsage to server certs to make them more secure
- add keyAgreement to server certs
- remove authorityKeyIdentifier as it caused the following issue: unable to get local issuer certificate
- removed duplicated distinguished_name entries
- improved formatting
---
 app/Helpers/SslHelper.php | 76 ++++++++++++++++++++++-----------------
 1 file changed, 43 insertions(+), 33 deletions(-)

diff --git a/app/Helpers/SslHelper.php b/app/Helpers/SslHelper.php
index 955976366..440815b80 100644
--- a/app/Helpers/SslHelper.php
+++ b/app/Helpers/SslHelper.php
@@ -10,7 +10,7 @@ class SslHelper
 {
     private const DEFAULT_ORGANIZATION_NAME = 'Coolify';
 
-    private const DEFAULT_COUNTRY_NAME = 'ZZ';
+    private const DEFAULT_COUNTRY_NAME = 'XX';
 
     private const DEFAULT_STATE_NAME = 'Default';
 
@@ -50,55 +50,65 @@ class SslHelper
                 if ($server) {
                     $ip = $server->getIp;
                     if ($ip) {
-                        if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_IPV6)) {
-                            $subjectAlternativeNames[] = "IP:$ip";
-                        } else {
-                            $subjectAlternativeNames[] = "DNS:$ip";
-                        }
+                        $type = filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_IPV6)
+                            ? 'IP'
+                            : 'DNS';
+                        $subjectAlternativeNames = array_unique(
+                            array_merge($subjectAlternativeNames, ["$type:$ip"])
+                        );
                     }
                 }
             }
 
-            $subjectAlternativeNames = array_unique(
-                array_merge(["DNS:$commonName"], $subjectAlternativeNames)
-            );
-
-            $formattedSubjectAltNames = [];
-            foreach ($subjectAlternativeNames as $index => $san) {
-                [$type, $value] = explode(':', $san, 2);
-                $formattedSubjectAltNames[] = "{$type}.".($index + 1)." = $value";
-            }
-            $formattedSubjectAltNamesSection = implode("\n", $formattedSubjectAltNames);
-
             $basicConstraints = $isCaCertificate ? 'critical, CA:TRUE, pathlen:0' : 'critical, CA:FALSE';
-            $keyUsage = $isCaCertificate ? 'critical, keyCertSign, cRLSign' : 'critical, digitalSignature';
-            $authorityKeyIdentifierLine = $isCaCertificate ? '' : "authorityKeyIdentifier = critical,keyid,issuer\n";
+            $keyUsage = $isCaCertificate ? 'critical, keyCertSign, cRLSign' : 'critical, digitalSignature, keyAgreement';
+
+            $subjectAltNameSection = '';
+            $extendedKeyUsageSection = '';
+
+            if (! $isCaCertificate) {
+                $extendedKeyUsageSection = "\nextendedKeyUsage = serverAuth";
+
+                $subjectAlternativeNames = array_values(
+                    array_unique(
+                        array_merge(["DNS:$commonName"], $subjectAlternativeNames)
+                    )
+                );
+
+                $formattedSubjectAltNames = array_map(
+                    function ($index, $san) {
+                        [$type, $value] = explode(':', $san, 2);
+
+                        return "{$type}.".($index + 1)." = $value";
+                    },
+                    array_keys($subjectAlternativeNames),
+                    $subjectAlternativeNames
+                );
+
+                $subjectAltNameSection = "subjectAltName = @subject_alt_names\n\n[ subject_alt_names ]\n"
+                    .implode("\n", $formattedSubjectAltNames);
+            }
 
             $config = <<<CONF
-                [req]
+                [ req ]
                 prompt = no
                 distinguished_name = distinguished_name
                 req_extensions = req_ext
 
-                [distinguished_name]
-                C = $countryName
-                ST = $stateName
-                O = $organizationName
+                [ distinguished_name ]
                 CN = $commonName
-
-                [req_ext]
+                
+                [ req_ext ]
                 basicConstraints = $basicConstraints
                 keyUsage = $keyUsage
+                {$extendedKeyUsageSection}
 
-                [v3_req]
+                [ v3_req ]
                 basicConstraints = $basicConstraints
                 keyUsage = $keyUsage
-                subjectKeyIdentifier = critical,hash
-                {$authorityKeyIdentifierLine}
-                subjectAltName = critical,@subject_alt_names
-
-                [subject_alt_names]
-                $formattedSubjectAltNamesSection
+                {$extendedKeyUsageSection}
+                subjectKeyIdentifier = hash
+                {$subjectAltNameSection}
             CONF;
 
             $tempConfig = tmpfile();

From 1a4c2c3dc90ffdbda635bd3c0c4fad1ef2d4f3b0 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Thu, 6 Feb 2025 15:14:57 +0100
Subject: [PATCH 060/145] fix(ssl): fix MariaDB and MySQL need CA cert

---
 app/Actions/Database/StartMariadb.php | 17 +++++++++++++++++
 app/Actions/Database/StartMysql.php   | 19 +++++++++++++++++++
 2 files changed, 36 insertions(+)

diff --git a/app/Actions/Database/StartMariadb.php b/app/Actions/Database/StartMariadb.php
index cd001ae45..f97d732c9 100644
--- a/app/Actions/Database/StartMariadb.php
+++ b/app/Actions/Database/StartMariadb.php
@@ -143,6 +143,7 @@ class StartMariadb
                 $persistent_storages
             );
         }
+
         if (count($persistent_file_volumes) > 0) {
             $docker_compose['services'][$container_name]['volumes'] = array_merge(
                 $docker_compose['services'][$container_name]['volumes'],
@@ -151,6 +152,21 @@ class StartMariadb
                 })->toArray()
             );
         }
+
+        if ($this->database->enable_ssl) {
+            $docker_compose['services'][$container_name]['volumes'] = array_merge(
+                $docker_compose['services'][$container_name]['volumes'] ?? [],
+                [
+                    [
+                        'type' => 'bind',
+                        'source' => '/data/coolify/ssl/coolify-ca.crt',
+                        'target' => '/etc/mysql/certs/ca.crt',
+                        'read_only' => true,
+                    ],
+                ]
+            );
+        }
+
         if (! is_null($this->database->mariadb_conf) || ! empty($this->database->mariadb_conf)) {
             $docker_compose['services'][$container_name]['volumes'] = array_merge(
                 $docker_compose['services'][$container_name]['volumes'],
@@ -173,6 +189,7 @@ class StartMariadb
                 'mysqld',
                 '--ssl-cert=/etc/mysql/certs/server.crt',
                 '--ssl-key=/etc/mysql/certs/server.key',
+                '--ssl-ca=/etc/mysql/certs/ca.crt',
                 '--require-secure-transport=1',
             ];
         }
diff --git a/app/Actions/Database/StartMysql.php b/app/Actions/Database/StartMysql.php
index b7b18361e..cbdda3381 100644
--- a/app/Actions/Database/StartMysql.php
+++ b/app/Actions/Database/StartMysql.php
@@ -118,6 +118,7 @@ class StartMysql
                 ],
             ],
         ];
+
         if (! is_null($this->database->limits_cpuset)) {
             data_set($docker_compose, "services.{$container_name}.cpuset", $this->database->limits_cpuset);
         }
@@ -138,6 +139,7 @@ class StartMysql
                 $persistent_storages
             );
         }
+
         if (count($persistent_file_volumes) > 0) {
             $docker_compose['services'][$container_name]['volumes'] = array_merge(
                 $docker_compose['services'][$container_name]['volumes'] ?? [],
@@ -146,9 +148,25 @@ class StartMysql
                 })->toArray()
             );
         }
+
         if (count($volume_names) > 0) {
             $docker_compose['volumes'] = $volume_names;
         }
+
+        if ($this->database->enable_ssl) {
+            $docker_compose['services'][$container_name]['volumes'] = array_merge(
+                $docker_compose['services'][$container_name]['volumes'] ?? [],
+                [
+                    [
+                        'type' => 'bind',
+                        'source' => '/data/coolify/ssl/coolify-ca.crt',
+                        'target' => '/etc/mysql/certs/ca.crt',
+                        'read_only' => true,
+                    ],
+                ]
+            );
+        }
+
         if (! is_null($this->database->mysql_conf) || ! empty($this->database->mysql_conf)) {
             $docker_compose['services'][$container_name]['volumes'] = array_merge(
                 $docker_compose['services'][$container_name]['volumes'] ?? [],
@@ -172,6 +190,7 @@ class StartMysql
                 'mysqld',
                 '--ssl-cert=/etc/mysql/certs/server.crt',
                 '--ssl-key=/etc/mysql/certs/server.key',
+                '--ssl-ca=/etc/mysql/certs/ca.crt',
                 '--require-secure-transport=1',
             ];
         }

From f92c170db11bab1c45812dc19b36187753c1838d Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Fri, 7 Feb 2025 18:07:55 +0100
Subject: [PATCH 061/145] feat(ssl): ability to create `.pem` certs and add
 `clientAuth` to `extendedKeyUsage`

---
 app/Helpers/SslHelper.php | 54 ++++++++++++++++++++++++---------------
 1 file changed, 34 insertions(+), 20 deletions(-)

diff --git a/app/Helpers/SslHelper.php b/app/Helpers/SslHelper.php
index 440815b80..82c0a4553 100644
--- a/app/Helpers/SslHelper.php
+++ b/app/Helpers/SslHelper.php
@@ -25,7 +25,8 @@ class SslHelper
         ?string $caKey = null,
         bool $isCaCertificate = false,
         ?string $configurationDir = null,
-        ?string $mountPath = null
+        ?string $mountPath = null,
+        bool $isPemKeyFileRequired = false,
     ): SslCertificate {
         $organizationName = self::DEFAULT_ORGANIZATION_NAME;
         $countryName = self::DEFAULT_COUNTRY_NAME;
@@ -67,7 +68,7 @@ class SslHelper
             $extendedKeyUsageSection = '';
 
             if (! $isCaCertificate) {
-                $extendedKeyUsageSection = "\nextendedKeyUsage = serverAuth";
+                $extendedKeyUsageSection = "\nextendedKeyUsage = serverAuth, clientAuth";
 
                 $subjectAlternativeNames = array_values(
                     array_unique(
@@ -181,31 +182,44 @@ class SslHelper
                         return in_array($storage->mount_path, [
                             $mountPath.'/server.crt',
                             $mountPath.'/server.key',
+                            $mountPath.'/server.pem',
                         ]);
                     })
                     ->each(function ($storage) {
                         $storage->delete();
                     });
 
-                $model->fileStorages()->create([
-                    'fs_path' => $configurationDir.'/ssl/server.crt',
-                    'mount_path' => $mountPath.'/server.crt',
-                    'content' => $certificateStr,
-                    'is_directory' => false,
-                    'chmod' => '644',
-                    'resource_type' => $resourceType,
-                    'resource_id' => $resourceId,
-                ]);
+                if ($isPemKeyFileRequired) {
+                    $model->fileStorages()->create([
+                        'fs_path' => $configurationDir.'/ssl/server.pem',
+                        'mount_path' => $mountPath.'/server.pem',
+                        'content' => $certificateStr."\n".$privateKeyStr,
+                        'is_directory' => false,
+                        'chmod' => '600',
+                        'resource_type' => $resourceType,
+                        'resource_id' => $resourceId,
+                    ]);
+                } else {
+                    $model->fileStorages()->create([
+                        'fs_path' => $configurationDir.'/ssl/server.crt',
+                        'mount_path' => $mountPath.'/server.crt',
+                        'content' => $certificateStr,
+                        'is_directory' => false,
+                        'chmod' => '644',
+                        'resource_type' => $resourceType,
+                        'resource_id' => $resourceId,
+                    ]);
 
-                $model->fileStorages()->create([
-                    'fs_path' => $configurationDir.'/ssl/server.key',
-                    'mount_path' => $mountPath.'/server.key',
-                    'content' => $privateKeyStr,
-                    'is_directory' => false,
-                    'chmod' => '600',
-                    'resource_type' => $resourceType,
-                    'resource_id' => $resourceId,
-                ]);
+                    $model->fileStorages()->create([
+                        'fs_path' => $configurationDir.'/ssl/server.key',
+                        'mount_path' => $mountPath.'/server.key',
+                        'content' => $privateKeyStr,
+                        'is_directory' => false,
+                        'chmod' => '600',
+                        'resource_type' => $resourceType,
+                        'resource_id' => $resourceId,
+                    ]);
+                }
             }
 
             return $sslCertificate;

From 35cd9573ab3626b790b16de13aaf4b4c444b3a57 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Fri, 7 Feb 2025 18:11:26 +0100
Subject: [PATCH 062/145] fix(ssl): add mount path to DB to fix regeneration of
 certs

---
 app/Helpers/SslHelper.php                                        | 1 +
 .../2025_01_27_153741_create_ssl_certificates_table.php          | 1 +
 2 files changed, 2 insertions(+)

diff --git a/app/Helpers/SslHelper.php b/app/Helpers/SslHelper.php
index 82c0a4553..6397c330d 100644
--- a/app/Helpers/SslHelper.php
+++ b/app/Helpers/SslHelper.php
@@ -165,6 +165,7 @@ class SslHelper
                 'resource_id' => $resourceId,
                 'server_id' => $serverId,
                 'configuration_dir' => $configurationDir,
+                'mount_path' => $mountPath,
                 'valid_until' => CarbonImmutable::now()->addDays($validityDays),
                 'is_ca_certificate' => $isCaCertificate,
                 'common_name' => $commonName,
diff --git a/database/migrations/2025_01_27_153741_create_ssl_certificates_table.php b/database/migrations/2025_01_27_153741_create_ssl_certificates_table.php
index 1e7da5eb0..7907fb090 100644
--- a/database/migrations/2025_01_27_153741_create_ssl_certificates_table.php
+++ b/database/migrations/2025_01_27_153741_create_ssl_certificates_table.php
@@ -13,6 +13,7 @@ return new class extends Migration
             $table->text('ssl_certificate');
             $table->text('ssl_private_key');
             $table->text('configuration_dir')->nullable();
+            $table->text('mount_path')->nullable();
             $table->string('resource_type')->nullable();
             $table->unsignedBigInteger('resource_id')->nullable();
             $table->unsignedBigInteger('server_id');

From 69a6010839f9022b7faa6ee910e00dd4b6fd25f4 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Fri, 7 Feb 2025 18:12:55 +0100
Subject: [PATCH 063/145] fix(ssl): fix SSL regeneration to sign with CA cert
 and use mount path

---
 app/Jobs/RegenerateSslCertJob.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/app/Jobs/RegenerateSslCertJob.php b/app/Jobs/RegenerateSslCertJob.php
index 541e53b7e..0155ee798 100644
--- a/app/Jobs/RegenerateSslCertJob.php
+++ b/app/Jobs/RegenerateSslCertJob.php
@@ -47,14 +47,21 @@ class RegenerateSslCertJob implements ShouldQueue
 
         foreach ($certificates as $certificate) {
             try {
+                $caCert = SslCertificate::where('server_id', $certificate->server_id)
+                    ->where('resource_type', null)
+                    ->where('resource_id', null)
+                    ->first();
+
                 SSLHelper::generateSslCertificate(
                     commonName: $certificate->common_name,
                     subjectAlternativeNames: $certificate->subject_alternative_names,
                     resourceType: $certificate->resource_type,
                     resourceId: $certificate->resource_id,
                     serverId: $certificate->server_id,
-                    validityDays: 365,
                     configurationDir: $certificate->configuration_dir,
+                    mountPath: $certificate->mount_path,
+                    caCert: $caCert->ssl_certificate,
+                    caKey: $caCert->ssl_private_key,
                 );
                 $regenerated->push($certificate);
             } catch (\Exception $e) {

From 6a52f518515f26a2b6be7b5ae5f24ba96c8928db Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Fri, 7 Feb 2025 18:27:30 +0100
Subject: [PATCH 064/145] fix(ssl): get caCert correctly

---
 app/Actions/Database/StartMariadb.php    | 9 ++++-----
 app/Actions/Database/StartMysql.php      | 9 ++++-----
 app/Actions/Database/StartPostgresql.php | 4 ++--
 app/Jobs/RegenerateSslCertJob.php        | 5 +----
 4 files changed, 11 insertions(+), 16 deletions(-)

diff --git a/app/Actions/Database/StartMariadb.php b/app/Actions/Database/StartMariadb.php
index f97d732c9..50fd1ab00 100644
--- a/app/Actions/Database/StartMariadb.php
+++ b/app/Actions/Database/StartMariadb.php
@@ -57,12 +57,11 @@ class StartMariadb
         } else {
             $this->commands[] = "echo 'Setting up SSL for this database.'";
             $this->commands[] = "mkdir -p $this->configuration_dir/ssl";
-            $server = $this->database->destination->server;
-            $caCert = SslCertificate::where('server_id', $server->id)->firstOrFail();
 
-            $this->ssl_certificate = SslCertificate::where('resource_type', $this->database->getMorphClass())
-                ->where('resource_id', $this->database->id)
-                ->first();
+            $server = $this->database->destination->server;
+            $caCert = SslCertificate::where('server_id', $server->server_id)->where('is_ca_certificate', true)->first();
+
+            $this->ssl_certificate = SslCertificate::where('resource_type', $this->database->getMorphClass())->where('resource_id', $this->database->id)->first();
 
             if (! $this->ssl_certificate) {
                 $this->commands[] = "echo 'No SSL certificate found, generating new SSL certificate for this database.'";
diff --git a/app/Actions/Database/StartMysql.php b/app/Actions/Database/StartMysql.php
index cbdda3381..bec1c7fb1 100644
--- a/app/Actions/Database/StartMysql.php
+++ b/app/Actions/Database/StartMysql.php
@@ -57,12 +57,11 @@ class StartMysql
         } else {
             $this->commands[] = "echo 'Setting up SSL for this database.'";
             $this->commands[] = "mkdir -p $this->configuration_dir/ssl";
-            $server = $this->database->destination->server;
-            $caCert = SslCertificate::where('server_id', $server->id)->firstOrFail();
 
-            $this->ssl_certificate = SslCertificate::where('resource_type', $this->database->getMorphClass())
-                ->where('resource_id', $this->database->id)
-                ->first();
+            $server = $this->database->destination->server;
+            $caCert = SslCertificate::where('server_id', $server->server_id)->where('is_ca_certificate', true)->first();
+
+            $this->ssl_certificate = SslCertificate::where('resource_type', $this->database->getMorphClass())->where('resource_id', $this->database->id)->first();
 
             if (! $this->ssl_certificate) {
                 $this->commands[] = "echo 'No SSL certificate found, generating new SSL certificate for this database.'";
diff --git a/app/Actions/Database/StartPostgresql.php b/app/Actions/Database/StartPostgresql.php
index b582136a3..75f43a5ee 100644
--- a/app/Actions/Database/StartPostgresql.php
+++ b/app/Actions/Database/StartPostgresql.php
@@ -62,9 +62,9 @@ class StartPostgresql
         } else {
             $this->commands[] = "echo 'Setting up SSL for this database.'";
             $this->commands[] = "mkdir -p $this->configuration_dir/ssl";
-            $server = $this->database->destination->server;
 
-            $caCert = SslCertificate::where('server_id', $server->id)->firstOrFail();
+            $server = $this->database->destination->server;
+            $caCert = SslCertificate::where('server_id', $server->server_id)->where('is_ca_certificate', true)->first();
 
             $this->ssl_certificate = SslCertificate::where('resource_type', $this->database->getMorphClass())->where('resource_id', $this->database->id)->first();
 
diff --git a/app/Jobs/RegenerateSslCertJob.php b/app/Jobs/RegenerateSslCertJob.php
index 0155ee798..3e4bf9070 100644
--- a/app/Jobs/RegenerateSslCertJob.php
+++ b/app/Jobs/RegenerateSslCertJob.php
@@ -47,10 +47,7 @@ class RegenerateSslCertJob implements ShouldQueue
 
         foreach ($certificates as $certificate) {
             try {
-                $caCert = SslCertificate::where('server_id', $certificate->server_id)
-                    ->where('resource_type', null)
-                    ->where('resource_id', null)
-                    ->first();
+                $caCert = SslCertificate::where('server_id', $certificate->server_id)->where('is_ca_certificate', true)->first();
 
                 SSLHelper::generateSslCertificate(
                     commonName: $certificate->common_name,

From 836006798fdbadced7daebc3d2236bf75f8d2d23 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Fri, 7 Feb 2025 18:28:58 +0100
Subject: [PATCH 065/145] fix(ssl): remove caCert even if it is a folder by
 accident

---
 app/Actions/Server/InstallDocker.php | 5 +++--
 app/Livewire/Server/Advanced.php     | 7 ++-----
 database/seeders/CaSslCertSeeder.php | 8 ++++----
 3 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/app/Actions/Server/InstallDocker.php b/app/Actions/Server/InstallDocker.php
index 7c681e22c..122371cf6 100644
--- a/app/Actions/Server/InstallDocker.php
+++ b/app/Actions/Server/InstallDocker.php
@@ -20,10 +20,10 @@ class InstallDocker
             throw new \Exception('Server OS type is not supported for automated installation. Please install Docker manually before continuing: <a target="_blank" class="underline" href="https://coolify.io/docs/installation#manually">documentation</a>.');
         }
 
-        if (! SslCertificate::where('server_id', $server->id)->exists()) {
+        if (! SslCertificate::where('server_id', $server->server_id)->where('is_ca_certificate', true)->exists()) {
             $serverCert = SslHelper::generateSslCertificate(
                 commonName: 'Coolify CA Certificate',
-                serverId: $server->id,
+                serverId: $server->server_id,
                 isCaCertificate: true,
                 validityDays: 15 * 365
             );
@@ -33,6 +33,7 @@ class InstallDocker
                 "mkdir -p $caCertPath",
                 "chown -R 9999:root $caCertPath",
                 "chmod -R 700 $caCertPath",
+                "rm -rf $caCertPath/coolify-ca.crt",
                 "echo '{$serverCert->ssl_certificate}' > $caCertPath/coolify-ca.crt",
                 "chmod 644 $caCertPath/coolify-ca.crt",
             ]);
diff --git a/app/Livewire/Server/Advanced.php b/app/Livewire/Server/Advanced.php
index 04d45620e..73a4391e6 100644
--- a/app/Livewire/Server/Advanced.php
+++ b/app/Livewire/Server/Advanced.php
@@ -49,10 +49,7 @@ class Advanced extends Component
 
     public function loadCaCertificate()
     {
-        $this->caCertificate = SslCertificate::where('server_id', $this->server->id)
-            ->where('resource_type', null)
-            ->where('resource_id', null)
-            ->first();
+        $this->caCertificate = SslCertificate::where('server_id', $this->server->server_id)->where('is_ca_certificate', true)->first();
 
         if ($this->caCertificate) {
             $this->certificateContent = $this->caCertificate->ssl_certificate;
@@ -129,7 +126,7 @@ class Advanced extends Component
             "mkdir -p $caCertPath",
             "chown -R 9999:root $caCertPath",
             "chmod -R 700 $caCertPath",
-            "rm -f $caCertPath/coolify-ca.crt",
+            "rm -rf $caCertPath/coolify-ca.crt",
             "echo '{$this->certificateContent}' > $caCertPath/coolify-ca.crt",
             "chmod 644 $caCertPath/coolify-ca.crt",
         ]);
diff --git a/database/seeders/CaSslCertSeeder.php b/database/seeders/CaSslCertSeeder.php
index e3672d053..4a9d59eb2 100644
--- a/database/seeders/CaSslCertSeeder.php
+++ b/database/seeders/CaSslCertSeeder.php
@@ -13,9 +13,9 @@ class CaSslCertSeeder extends Seeder
     {
         Server::chunk(200, function ($servers) {
             foreach ($servers as $server) {
-                $existingCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first();
+                $existingCaCert = SslCertificate::where('server_id', $server->server_id)->where('is_ca_certificate', true)->first();
 
-                if (! $existingCert) {
+                if (! $existingCaCert) {
                     $caCert = SslHelper::generateSslCertificate(
                         commonName: 'Coolify CA Certificate',
                         serverId: $server->id,
@@ -23,7 +23,7 @@ class CaSslCertSeeder extends Seeder
                         validityDays: 15 * 365
                     );
                 } else {
-                    $caCert = $existingCert;
+                    $caCert = $existingCaCert;
                 }
                 $caCertPath = config('constants.coolify.base_config_path').'/ssl/';
 
@@ -31,7 +31,7 @@ class CaSslCertSeeder extends Seeder
                     "mkdir -p $caCertPath",
                     "chown -R 9999:root $caCertPath",
                     "chmod -R 700 $caCertPath",
-                    "rm -f $caCertPath/coolify-ca.crt",
+                    "rm -rf $caCertPath/coolify-ca.crt",
                     "echo '{$caCert->ssl_certificate}' > $caCertPath/coolify-ca.crt",
                     "chmod 644 $caCertPath/coolify-ca.crt",
                 ]);

From 62fb2c2877b77fd0638a355fac9203a8755a005e Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Fri, 7 Feb 2025 18:30:07 +0100
Subject: [PATCH 066/145] fix(ssl): ger caCert and `mountPath` correctly

---
 app/Livewire/Project/Database/Mariadb/General.php    | 11 ++++-------
 app/Livewire/Project/Database/Mysql/General.php      | 11 ++++-------
 app/Livewire/Project/Database/Postgresql/General.php | 11 ++++-------
 3 files changed, 12 insertions(+), 21 deletions(-)

diff --git a/app/Livewire/Project/Database/Mariadb/General.php b/app/Livewire/Project/Database/Mariadb/General.php
index 63bfd16cd..1eda804c9 100644
--- a/app/Livewire/Project/Database/Mariadb/General.php
+++ b/app/Livewire/Project/Database/Mariadb/General.php
@@ -169,10 +169,7 @@ class General extends Component
                 return;
             }
 
-            $caCertificate = SslCertificate::where('server_id', $this->server->id)
-                ->where('resource_type', null)
-                ->where('resource_id', null)
-                ->first();
+            $caCert = SslCertificate::where('server_id', $existingCert->server_id)->where('is_ca_certificate', true)->first();
 
             SslHelper::generateSslCertificate(
                 commonName: $existingCert->common_name,
@@ -180,10 +177,10 @@ class General extends Component
                 resourceType: $existingCert->resource_type,
                 resourceId: $existingCert->resource_id,
                 serverId: $existingCert->server_id,
-                caCert: $caCertificate->ssl_certificate,
-                caKey: $caCertificate->ssl_private_key,
+                caCert: $caCert->ssl_certificate,
+                caKey: $caCert->ssl_private_key,
                 configurationDir: $existingCert->configuration_dir,
-                mountPath: '/var/lib/mysql/certs',
+                mountPath: $existingCert->mount_path,
             );
 
             $this->dispatch('success', 'SSL certificates have been regenerated. Please restart the database for changes to take effect.');
diff --git a/app/Livewire/Project/Database/Mysql/General.php b/app/Livewire/Project/Database/Mysql/General.php
index d7d34c2e1..ad19db2a3 100644
--- a/app/Livewire/Project/Database/Mysql/General.php
+++ b/app/Livewire/Project/Database/Mysql/General.php
@@ -169,10 +169,7 @@ class General extends Component
                 return;
             }
 
-            $caCertificate = SslCertificate::where('server_id', $this->server->id)
-                ->where('resource_type', null)
-                ->where('resource_id', null)
-                ->first();
+            $caCert = SslCertificate::where('server_id', $existingCert->server_id)->where('is_ca_certificate', true)->first();
 
             SslHelper::generateSslCertificate(
                 commonName: $existingCert->common_name,
@@ -180,10 +177,10 @@ class General extends Component
                 resourceType: $existingCert->resource_type,
                 resourceId: $existingCert->resource_id,
                 serverId: $existingCert->server_id,
-                caCert: $caCertificate->ssl_certificate,
-                caKey: $caCertificate->ssl_private_key,
+                caCert: $caCert->ssl_certificate,
+                caKey: $caCert->ssl_private_key,
                 configurationDir: $existingCert->configuration_dir,
-                mountPath: '/var/lib/mysql/certs',
+                mountPath: $existingCert->mount_path,
             );
 
             $this->dispatch('success', 'SSL certificates have been regenerated. Please restart the database for changes to take effect.');
diff --git a/app/Livewire/Project/Database/Postgresql/General.php b/app/Livewire/Project/Database/Postgresql/General.php
index 534b66a6d..f5ea25865 100644
--- a/app/Livewire/Project/Database/Postgresql/General.php
+++ b/app/Livewire/Project/Database/Postgresql/General.php
@@ -133,10 +133,7 @@ class General extends Component
                 return;
             }
 
-            $caCertificate = SslCertificate::where('server_id', $this->server->id)
-                ->where('resource_type', null)
-                ->where('resource_id', null)
-                ->first();
+            $caCert = SslCertificate::where('server_id', $existingCert->server_id)->where('is_ca_certificate', true)->first();
 
             SslHelper::generateSslCertificate(
                 commonName: $existingCert->common_name,
@@ -144,10 +141,10 @@ class General extends Component
                 resourceType: $existingCert->resource_type,
                 resourceId: $existingCert->resource_id,
                 serverId: $existingCert->server_id,
-                caCert: $caCertificate->ssl_certificate,
-                caKey: $caCertificate->ssl_private_key,
+                caCert: $caCert->ssl_certificate,
+                caKey: $caCert->ssl_private_key,
                 configurationDir: $existingCert->configuration_dir,
-                mountPath: '/var/lib/postgresql/certs',
+                mountPath: $existingCert->mount_path,
             );
 
             $this->dispatch('success', 'SSL certificates have been regenerated. Please restart the database for changes to take effect.');

From 8a45c24dc246fa375848fdcdb6c05b34d6d60d3e Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Fri, 7 Feb 2025 18:30:44 +0100
Subject: [PATCH 067/145] fix(ui): only show Regenerate SSL Certificates button
 when there is a cert

---
 .../views/livewire/project/database/mysql/general.blade.php     | 2 +-
 .../livewire/project/database/postgresql/general.blade.php      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/resources/views/livewire/project/database/mysql/general.blade.php b/resources/views/livewire/project/database/mysql/general.blade.php
index 8da378399..7bef88441 100644
--- a/resources/views/livewire/project/database/mysql/general.blade.php
+++ b/resources/views/livewire/project/database/mysql/general.blade.php
@@ -70,7 +70,7 @@
             <div class="flex items-center justify-between py-2">
                 <div class="flex items-center justify-between w-full">
                     <h3>SSL Configuration</h3>
-                    @if($database->enable_ssl)
+                    @if($database->enable_ssl && $certificateValidUntil)
                         <x-modal-confirmation
                             title="Regenerate SSL Certificates"
                             buttonTitle="Regenerate SSL Certificates"
diff --git a/resources/views/livewire/project/database/postgresql/general.blade.php b/resources/views/livewire/project/database/postgresql/general.blade.php
index 357f7ae99..e396b59c4 100644
--- a/resources/views/livewire/project/database/postgresql/general.blade.php
+++ b/resources/views/livewire/project/database/postgresql/general.blade.php
@@ -77,7 +77,7 @@
             <div class="flex items-center justify-between py-2">
                 <div class="flex items-center justify-between w-full">
                     <h3>SSL Configuration</h3>
-                    @if($database->enable_ssl)
+                    @if($database->enable_ssl && $certificateValidUntil)
                         <x-modal-confirmation
                             title="Regenerate SSL Certificates"
                             buttonTitle="Regenerate SSL Certificates"

From bd33f65c0a26958c228745fdd779d2c385d83327 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Fri, 7 Feb 2025 18:31:41 +0100
Subject: [PATCH 068/145] feat(ssl): new modes for MongoDB and get `caCert` and
 `mountPath` correctly

---
 app/Livewire/Project/Database/Mongodb/General.php   | 13 +++++--------
 .../project/database/mongodb/general.blade.php      | 10 +++++-----
 2 files changed, 10 insertions(+), 13 deletions(-)

diff --git a/app/Livewire/Project/Database/Mongodb/General.php b/app/Livewire/Project/Database/Mongodb/General.php
index 911b74f55..08d45a4ee 100644
--- a/app/Livewire/Project/Database/Mongodb/General.php
+++ b/app/Livewire/Project/Database/Mongodb/General.php
@@ -39,7 +39,7 @@ class General extends Component
         'database.is_log_drain_enabled' => 'nullable|boolean',
         'database.custom_docker_run_options' => 'nullable',
         'database.enable_ssl' => 'boolean',
-        'database.ssl_mode' => 'nullable|string|in:allowSSL,preferSSL,requireSSL,verifyCA,verifyFull',
+        'database.ssl_mode' => 'nullable|string|in:allow,prefer,require,verify-ca,verify-full',
     ];
 
     protected $validationAttributes = [
@@ -170,10 +170,7 @@ class General extends Component
                 return;
             }
 
-            $caCertificate = SslCertificate::where('server_id', $this->server->id)
-                ->where('resource_type', null)
-                ->where('resource_id', null)
-                ->first();
+            $caCert = SslCertificate::where('server_id', $existingCert->server_id)->where('is_ca_certificate', true)->first();
 
             SslHelper::generateSslCertificate(
                 commonName: $existingCert->common_name,
@@ -181,10 +178,10 @@ class General extends Component
                 resourceType: $existingCert->resource_type,
                 resourceId: $existingCert->resource_id,
                 serverId: $existingCert->server_id,
-                caCert: $caCertificate->ssl_certificate,
-                caKey: $caCertificate->ssl_private_key,
+                caCert: $caCert->ssl_certificate,
+                caKey: $caCert->ssl_private_key,
                 configurationDir: $existingCert->configuration_dir,
-                mountPath: '/etc/mongo/certs',
+                mountPath: $existingCert->mount_path,
             );
 
             $this->dispatch('success', 'SSL certificates have been regenerated. Please restart the database for changes to take effect.');
diff --git a/resources/views/livewire/project/database/mongodb/general.blade.php b/resources/views/livewire/project/database/mongodb/general.blade.php
index b64884525..c2dcea140 100644
--- a/resources/views/livewire/project/database/mongodb/general.blade.php
+++ b/resources/views/livewire/project/database/mongodb/general.blade.php
@@ -92,11 +92,11 @@
                     <x-forms.select id="database.ssl_mode" label="SSL Mode" 
                         wire:model.live="database.ssl_mode" instantSave="instantSaveSSL"
                         helper="Choose the SSL verification mode for MongoDB connections">
-                        <option value="allowSSL">allowSSL</option>
-                        <option value="preferSSL">preferSSL</option>
-                        <option value="requireSSL">requireSSL</option>
-                        <option value="verifyCA">verifyCA</option>
-                        <option value="verifyFull">verifyFull</option>
+                        <option value="allow">allow</option>
+                        <option value="prefer">prefer</option>
+                        <option value="require">require</option>
+                        <option value="verify-ca">verify-ca</option>
+                        <option value="verify-full">verify-full</option>
                     </x-forms.select>
                 @endif
             </div>

From a539bfd765ef0aa6c97919aa47df314659c9c377 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Fri, 7 Feb 2025 18:45:12 +0100
Subject: [PATCH 069/145] fix(ssl): server id

---
 app/Actions/Database/StartMariadb.php    | 2 +-
 app/Actions/Database/StartMysql.php      | 2 +-
 app/Actions/Database/StartPostgresql.php | 2 +-
 app/Actions/Server/InstallDocker.php     | 4 ++--
 app/Livewire/Server/Advanced.php         | 2 +-
 database/seeders/CaSslCertSeeder.php     | 2 +-
 6 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/app/Actions/Database/StartMariadb.php b/app/Actions/Database/StartMariadb.php
index 50fd1ab00..b10ae3fde 100644
--- a/app/Actions/Database/StartMariadb.php
+++ b/app/Actions/Database/StartMariadb.php
@@ -59,7 +59,7 @@ class StartMariadb
             $this->commands[] = "mkdir -p $this->configuration_dir/ssl";
 
             $server = $this->database->destination->server;
-            $caCert = SslCertificate::where('server_id', $server->server_id)->where('is_ca_certificate', true)->first();
+            $caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first();
 
             $this->ssl_certificate = SslCertificate::where('resource_type', $this->database->getMorphClass())->where('resource_id', $this->database->id)->first();
 
diff --git a/app/Actions/Database/StartMysql.php b/app/Actions/Database/StartMysql.php
index bec1c7fb1..bda01dc1d 100644
--- a/app/Actions/Database/StartMysql.php
+++ b/app/Actions/Database/StartMysql.php
@@ -59,7 +59,7 @@ class StartMysql
             $this->commands[] = "mkdir -p $this->configuration_dir/ssl";
 
             $server = $this->database->destination->server;
-            $caCert = SslCertificate::where('server_id', $server->server_id)->where('is_ca_certificate', true)->first();
+            $caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first();
 
             $this->ssl_certificate = SslCertificate::where('resource_type', $this->database->getMorphClass())->where('resource_id', $this->database->id)->first();
 
diff --git a/app/Actions/Database/StartPostgresql.php b/app/Actions/Database/StartPostgresql.php
index 75f43a5ee..8f4bcb0d9 100644
--- a/app/Actions/Database/StartPostgresql.php
+++ b/app/Actions/Database/StartPostgresql.php
@@ -64,7 +64,7 @@ class StartPostgresql
             $this->commands[] = "mkdir -p $this->configuration_dir/ssl";
 
             $server = $this->database->destination->server;
-            $caCert = SslCertificate::where('server_id', $server->server_id)->where('is_ca_certificate', true)->first();
+            $caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first();
 
             $this->ssl_certificate = SslCertificate::where('resource_type', $this->database->getMorphClass())->where('resource_id', $this->database->id)->first();
 
diff --git a/app/Actions/Server/InstallDocker.php b/app/Actions/Server/InstallDocker.php
index 122371cf6..bbb3ea066 100644
--- a/app/Actions/Server/InstallDocker.php
+++ b/app/Actions/Server/InstallDocker.php
@@ -20,10 +20,10 @@ class InstallDocker
             throw new \Exception('Server OS type is not supported for automated installation. Please install Docker manually before continuing: <a target="_blank" class="underline" href="https://coolify.io/docs/installation#manually">documentation</a>.');
         }
 
-        if (! SslCertificate::where('server_id', $server->server_id)->where('is_ca_certificate', true)->exists()) {
+        if (! SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->exists()) {
             $serverCert = SslHelper::generateSslCertificate(
                 commonName: 'Coolify CA Certificate',
-                serverId: $server->server_id,
+                serverId: $server->id,
                 isCaCertificate: true,
                 validityDays: 15 * 365
             );
diff --git a/app/Livewire/Server/Advanced.php b/app/Livewire/Server/Advanced.php
index 73a4391e6..497ec697e 100644
--- a/app/Livewire/Server/Advanced.php
+++ b/app/Livewire/Server/Advanced.php
@@ -49,7 +49,7 @@ class Advanced extends Component
 
     public function loadCaCertificate()
     {
-        $this->caCertificate = SslCertificate::where('server_id', $this->server->server_id)->where('is_ca_certificate', true)->first();
+        $this->caCertificate = SslCertificate::where('server_id', $this->server->id)->where('is_ca_certificate', true)->first();
 
         if ($this->caCertificate) {
             $this->certificateContent = $this->caCertificate->ssl_certificate;
diff --git a/database/seeders/CaSslCertSeeder.php b/database/seeders/CaSslCertSeeder.php
index 4a9d59eb2..b869ff96a 100644
--- a/database/seeders/CaSslCertSeeder.php
+++ b/database/seeders/CaSslCertSeeder.php
@@ -13,7 +13,7 @@ class CaSslCertSeeder extends Seeder
     {
         Server::chunk(200, function ($servers) {
             foreach ($servers as $server) {
-                $existingCaCert = SslCertificate::where('server_id', $server->server_id)->where('is_ca_certificate', true)->first();
+                $existingCaCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first();
 
                 if (! $existingCaCert) {
                     $caCert = SslHelper::generateSslCertificate(

From cd637607704ca3a72ca37c7291b78fac818fc9a6 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Fri, 7 Feb 2025 19:36:52 +0100
Subject: [PATCH 070/145] fix(ssl): when regenerating SSL certs the cert is not
 singed with the new CN

---
 app/Models/SslCertificate.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/Models/SslCertificate.php b/app/Models/SslCertificate.php
index cf9395a5d..eb2175d44 100644
--- a/app/Models/SslCertificate.php
+++ b/app/Models/SslCertificate.php
@@ -10,6 +10,7 @@ class SslCertificate extends Model
         'ssl_certificate',
         'ssl_private_key',
         'configuration_dir',
+        'mount_path',
         'resource_type',
         'resource_id',
         'server_id',

From c1e7a5721e9481155af0f267bb25b17a6f0ed9d3 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Fri, 7 Feb 2025 20:09:11 +0100
Subject: [PATCH 071/145] fix(ssl): adjust ca paths for MySQL

---
 app/Actions/Database/StartMysql.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/Actions/Database/StartMysql.php b/app/Actions/Database/StartMysql.php
index bda01dc1d..2a9e37f9c 100644
--- a/app/Actions/Database/StartMysql.php
+++ b/app/Actions/Database/StartMysql.php
@@ -159,7 +159,7 @@ class StartMysql
                     [
                         'type' => 'bind',
                         'source' => '/data/coolify/ssl/coolify-ca.crt',
-                        'target' => '/etc/mysql/certs/ca.crt',
+                        'target' => '/etc/mysql/certs/coolify-ca.crt',
                         'read_only' => true,
                     ],
                 ]
@@ -189,7 +189,7 @@ class StartMysql
                 'mysqld',
                 '--ssl-cert=/etc/mysql/certs/server.crt',
                 '--ssl-key=/etc/mysql/certs/server.key',
-                '--ssl-ca=/etc/mysql/certs/ca.crt',
+                '--ssl-ca=/etc/mysql/certs/coolify-ca.crt',
                 '--require-secure-transport=1',
             ];
         }

From 5b347f3d0fce9459b96d3062f0dca566f93deb74 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Fri, 7 Feb 2025 21:07:40 +0100
Subject: [PATCH 072/145] fix(ssl): remove mode selection for MariaDB as it is
 not supported

---
 .../Project/Database/Mariadb/General.php      |  3 ---
 app/Models/StandaloneMariadb.php              | 22 ++-----------------
 .../database/mariadb/general.blade.php        |  9 --------
 3 files changed, 2 insertions(+), 32 deletions(-)

diff --git a/app/Livewire/Project/Database/Mariadb/General.php b/app/Livewire/Project/Database/Mariadb/General.php
index 1eda804c9..a963e0ca3 100644
--- a/app/Livewire/Project/Database/Mariadb/General.php
+++ b/app/Livewire/Project/Database/Mariadb/General.php
@@ -40,7 +40,6 @@ class General extends Component
         'database.is_log_drain_enabled' => 'nullable|boolean',
         'database.custom_docker_run_options' => 'nullable',
         'database.enable_ssl' => 'boolean',
-        'database.ssl_mode' => 'nullable|string|in:PREFERRED,REQUIRED,VERIFY_CA,VERIFY_IDENTITY',
     ];
 
     protected $validationAttributes = [
@@ -57,7 +56,6 @@ class General extends Component
         'database.public_port' => 'Public Port',
         'database.custom_docker_run_options' => 'Custom Docker Options',
         'database.enable_ssl' => 'Enable SSL',
-        'database.ssl_mode' => 'SSL Mode',
     ];
 
     public function mount()
@@ -147,7 +145,6 @@ class General extends Component
     {
         try {
             $this->database->enable_ssl = $this->database->enable_ssl;
-            $this->database->ssl_mode = $this->database->ssl_mode;
             $this->database->save();
             $this->dispatch('success', 'SSL configuration updated.');
         } catch (Exception $e) {
diff --git a/app/Models/StandaloneMariadb.php b/app/Models/StandaloneMariadb.php
index 24f011f12..523fde3c5 100644
--- a/app/Models/StandaloneMariadb.php
+++ b/app/Models/StandaloneMariadb.php
@@ -218,17 +218,7 @@ class StandaloneMariadb extends BaseModel
     protected function internalDbUrl(): Attribute
     {
         return new Attribute(
-            get: function () {
-                $url = "mysql://{$this->mariadb_user}:{$this->mariadb_password}@{$this->uuid}:3306/{$this->mariadb_database}";
-                if ($this->enable_ssl) {
-                    $url .= "?ssl-mode={$this->ssl_mode}";
-                    if (in_array($this->ssl_mode, ['VERIFY_CA', 'VERIFY_IDENTITY'])) {
-                        $url .= '&ssl-ca=/etc/ssl/certs/coolify-ca.crt';
-                    }
-                }
-
-                return $url;
-            },
+            get: fn () => "mysql://{$this->mariadb_user}:{$this->mariadb_password}@{$this->uuid}:3306/{$this->mariadb_database}",
         );
     }
 
@@ -237,15 +227,7 @@ class StandaloneMariadb extends BaseModel
         return new Attribute(
             get: function () {
                 if ($this->is_public && $this->public_port) {
-                    $url = "mysql://{$this->mariadb_user}:{$this->mariadb_password}@{$this->destination->server->getIp}:{$this->public_port}/{$this->mariadb_database}";
-                    if ($this->enable_ssl) {
-                        $url .= "?ssl-mode={$this->ssl_mode}";
-                        if (in_array($this->ssl_mode, ['VERIFY_CA', 'VERIFY_IDENTITY'])) {
-                            $url .= '&ssl-ca=/etc/ssl/certs/coolify-ca.crt';
-                        }
-                    }
-
-                    return $url;
+                    return "mysql://{$this->mariadb_user}:{$this->mariadb_password}@{$this->destination->server->getIp}:{$this->public_port}/{$this->mariadb_database}";
                 }
 
                 return null;
diff --git a/resources/views/livewire/project/database/mariadb/general.blade.php b/resources/views/livewire/project/database/mariadb/general.blade.php
index 673868667..96ba3a06a 100644
--- a/resources/views/livewire/project/database/mariadb/general.blade.php
+++ b/resources/views/livewire/project/database/mariadb/general.blade.php
@@ -97,15 +97,6 @@
         <div class="flex flex-col gap-2">
             <div class="flex flex-col gap-2">
                 <x-forms.checkbox id="database.enable_ssl" label="Enable SSL" wire:model.live="database.enable_ssl" instantSave="instantSaveSSL" />
-                @if($database->enable_ssl)
-                    <x-forms.select id="database.ssl_mode" label="SSL Mode" wire:model.live="database.ssl_mode" instantSave="instantSaveSSL"
-                        helper="Choose the SSL verification mode for MariaDB connections">
-                        <option value="PREFERRED">PREFERRED</option>
-                        <option value="REQUIRED">REQUIRED</option>
-                        <option value="VERIFY_CA">VERIFY_CA</option>
-                        <option value="VERIFY_IDENTITY">VERIFY_IDENTITY</option>
-                    </x-forms.select>
-                @endif
             </div>
         </div>
         

From aad717d22fe50be9e6ffe1c954778f58d0c38ca2 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Fri, 7 Feb 2025 21:08:14 +0100
Subject: [PATCH 073/145] fix(ssl): permission issue with MariDB cert and key
 and paths

---
 app/Actions/Database/StartMariadb.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/Actions/Database/StartMariadb.php b/app/Actions/Database/StartMariadb.php
index b10ae3fde..87185d064 100644
--- a/app/Actions/Database/StartMariadb.php
+++ b/app/Actions/Database/StartMariadb.php
@@ -159,7 +159,7 @@ class StartMariadb
                     [
                         'type' => 'bind',
                         'source' => '/data/coolify/ssl/coolify-ca.crt',
-                        'target' => '/etc/mysql/certs/ca.crt',
+                        'target' => '/etc/mysql/certs/coolify-ca.crt',
                         'read_only' => true,
                     ],
                 ]
@@ -188,7 +188,7 @@ class StartMariadb
                 'mysqld',
                 '--ssl-cert=/etc/mysql/certs/server.crt',
                 '--ssl-key=/etc/mysql/certs/server.key',
-                '--ssl-ca=/etc/mysql/certs/ca.crt',
+                '--ssl-ca=/etc/mysql/certs/coolify-ca.crt',
                 '--require-secure-transport=1',
             ];
         }
@@ -203,7 +203,7 @@ class StartMariadb
         $this->commands[] = "docker compose -f $this->configuration_dir/docker-compose.yml up -d";
         $this->commands[] = "echo 'Database started.'";
         if ($this->database->enable_ssl) {
-            $this->commands[] = executeInDocker($this->database->uuid, "chown {$this->database->mariadb_user}:{$this->database->mariadb_user} /etc/mysql/certs/server.crt /etc/mysql/certs/server.key");
+            $this->commands[] = executeInDocker($this->database->uuid, 'chown mysql:mysql /etc/mysql/certs/server.crt /etc/mysql/certs/server.key');
         }
 
         return remote_process($this->commands, $database->destination->server, callEventOnFinish: 'DatabaseStatusChanged');

From 7b30b1aff1863fb90fcf5d901d66529f3abdf577 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Fri, 7 Feb 2025 22:36:36 +0100
Subject: [PATCH 074/145] feat(ssl): Full SSL support for Redis

---
 app/Actions/Database/StartRedis.php           | 133 ++++++++++++++++--
 .../Project/Database/Redis/General.php        |  61 ++++++++
 app/Models/StandaloneRedis.php                |  17 ++-
 .../project/database/redis/general.blade.php  |  41 ++++++
 4 files changed, 241 insertions(+), 11 deletions(-)

diff --git a/app/Actions/Database/StartRedis.php b/app/Actions/Database/StartRedis.php
index 1beebd134..11534e87d 100644
--- a/app/Actions/Database/StartRedis.php
+++ b/app/Actions/Database/StartRedis.php
@@ -2,6 +2,8 @@
 
 namespace App\Actions\Database;
 
+use App\Helpers\SslHelper;
+use App\Models\SslCertificate;
 use App\Models\StandaloneRedis;
 use Illuminate\Support\Facades\Storage;
 use Lorisleiva\Actions\Concerns\AsAction;
@@ -17,6 +19,8 @@ class StartRedis
 
     public string $configuration_dir;
 
+    private ?SslCertificate $ssl_certificate = null;
+
     public function handle(StandaloneRedis $database)
     {
         $this->database = $database;
@@ -26,9 +30,53 @@ class StartRedis
 
         $this->commands = [
             "echo 'Starting database.'",
+            "echo 'Creating directories.'",
             "mkdir -p $this->configuration_dir",
+            "echo 'Directories created successfully.'",
         ];
 
+        if (! $this->database->enable_ssl) {
+            $this->commands[] = "rm -rf $this->configuration_dir/ssl";
+            SslCertificate::where('resource_type', $this->database->getMorphClass())
+                ->where('resource_id', $this->database->id)
+                ->delete();
+            $this->database->fileStorages()
+                ->where('resource_type', $this->database->getMorphClass())
+                ->where('resource_id', $this->database->id)
+                ->get()
+                ->filter(function ($storage) {
+                    return in_array($storage->mount_path, [
+                        '/etc/redis/certs/server.crt',
+                        '/etc/redis/certs/server.key',
+                    ]);
+                })
+                ->each(function ($storage) {
+                    $storage->delete();
+                });
+        } else {
+            $this->commands[] = "echo 'Setting up SSL for this database.'";
+            $this->commands[] = "mkdir -p $this->configuration_dir/ssl";
+
+            $server = $this->database->destination->server;
+            $caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first();
+
+            $this->ssl_certificate = SslCertificate::where('resource_type', $this->database->getMorphClass())->where('resource_id', $this->database->id)->first();
+
+            if (! $this->ssl_certificate) {
+                $this->commands[] = "echo 'No SSL certificate found, generating new SSL certificate for this database.'";
+                $this->ssl_certificate = SslHelper::generateSslCertificate(
+                    commonName: $this->database->uuid,
+                    resourceType: $this->database->getMorphClass(),
+                    resourceId: $this->database->id,
+                    serverId: $server->id,
+                    caCert: $caCert->ssl_certificate,
+                    caKey: $caCert->ssl_private_key,
+                    configurationDir: $this->configuration_dir,
+                    mountPath: '/etc/redis/certs',
+                );
+            }
+        }
+
         $persistent_storages = $this->generate_local_persistent_volumes();
         $persistent_file_volumes = $this->database->fileStorages()->get();
         $volume_names = $this->generate_local_persistent_volumes_only_volume_names();
@@ -50,11 +98,22 @@ class StartRedis
                     ],
                     'labels' => defaultDatabaseLabels($this->database)->toArray(),
                     'healthcheck' => [
-                        'test' => [
-                            'CMD-SHELL',
-                            'redis-cli',
-                            'ping',
-                        ],
+                        'test' => $this->database->enable_ssl
+                            ? [
+                                'CMD-SHELL',
+                                'redis-cli',
+                                '--tls',
+                                '--cacert /etc/redis/certs/coolify-ca.crt',
+                                '--cert /etc/redis/certs/server.crt',
+                                '--key /etc/redis/certs/server.key',
+                                '-p 6380',
+                                'ping',
+                            ]
+                            : [
+                                'CMD-SHELL',
+                                'redis-cli',
+                                'ping',
+                            ],
                         'interval' => '5s',
                         'timeout' => '5s',
                         'retries' => 10,
@@ -76,26 +135,55 @@ class StartRedis
                 ],
             ],
         ];
+
         if (! is_null($this->database->limits_cpuset)) {
             data_set($docker_compose, "services.{$container_name}.cpuset", $this->database->limits_cpuset);
         }
+
         if ($this->database->destination->server->isLogDrainEnabled() && $this->database->isLogDrainEnabled()) {
             $docker_compose['services'][$container_name]['logging'] = generate_fluentd_configuration();
         }
+
         if (count($this->database->ports_mappings_array) > 0) {
             $docker_compose['services'][$container_name]['ports'] = $this->database->ports_mappings_array;
         }
+
+        $docker_compose['services'][$container_name]['volumes'] ??= [];
+
         if (count($persistent_storages) > 0) {
-            $docker_compose['services'][$container_name]['volumes'] = $persistent_storages;
+            $docker_compose['services'][$container_name]['volumes'] = array_merge(
+                $docker_compose['services'][$container_name]['volumes'],
+                $persistent_storages
+            );
         }
+
         if (count($persistent_file_volumes) > 0) {
-            $docker_compose['services'][$container_name]['volumes'] = $persistent_file_volumes->map(function ($item) {
-                return "$item->fs_path:$item->mount_path";
-            })->toArray();
+            $docker_compose['services'][$container_name]['volumes'] = array_merge(
+                $docker_compose['services'][$container_name]['volumes'],
+                $persistent_file_volumes->map(function ($item) {
+                    return "$item->fs_path:$item->mount_path";
+                })->toArray()
+            );
         }
+
         if (count($volume_names) > 0) {
             $docker_compose['volumes'] = $volume_names;
         }
+
+        if ($this->database->enable_ssl) {
+            $docker_compose['services'][$container_name]['volumes'] = array_merge(
+                $docker_compose['services'][$container_name]['volumes'] ?? [],
+                [
+                    [
+                        'type' => 'bind',
+                        'source' => '/data/coolify/ssl/coolify-ca.crt',
+                        'target' => '/etc/redis/certs/coolify-ca.crt',
+                        'read_only' => true,
+                    ],
+                ]
+            );
+        }
+
         if (! is_null($this->database->redis_conf) || ! empty($this->database->redis_conf)) {
             $docker_compose['services'][$container_name]['volumes'][] = [
                 'type' => 'bind',
@@ -116,6 +204,9 @@ class StartRedis
         $this->commands[] = "echo '{$readme}' > $this->configuration_dir/README.md";
         $this->commands[] = "echo 'Pulling {$database->image} image.'";
         $this->commands[] = "docker compose -f $this->configuration_dir/docker-compose.yml pull";
+        if ($this->database->enable_ssl) {
+            $this->commands[] = "chown -R 999:999 $this->configuration_dir/ssl/server.key $this->configuration_dir/ssl/server.crt";
+        }
         $this->commands[] = "docker compose -f $this->configuration_dir/docker-compose.yml up -d";
         $this->commands[] = "echo 'Database started.'";
 
@@ -202,6 +293,30 @@ class StartRedis
             $command = "redis-server --requirepass {$this->database->redis_password} --appendonly yes";
         }
 
+        if ($this->database->enable_ssl) {
+            $sslArgs = match ($this->database->ssl_mode) {
+                'require' => [
+                    '--tls-port 6380',
+                    '--tls-cert-file /etc/redis/certs/server.crt',
+                    '--tls-key-file /etc/redis/certs/server.key',
+                    '--tls-ca-cert-file /etc/redis/certs/coolify-ca.crt',
+                    '--tls-auth-clients no',
+                ],
+                'verify-full' => [
+                    '--tls-port 6380',
+                    '--tls-cert-file /etc/redis/certs/server.crt',
+                    '--tls-key-file /etc/redis/certs/server.key',
+                    '--tls-ca-cert-file /etc/redis/certs/coolify-ca.crt',
+                    '--tls-auth-clients yes',
+                ],
+                default => []
+            };
+        }
+
+        if (! empty($sslArgs)) {
+            $command .= ' '.implode(' ', $sslArgs);
+        }
+
         return $command;
     }
 
diff --git a/app/Livewire/Project/Database/Redis/General.php b/app/Livewire/Project/Database/Redis/General.php
index 05babeaec..32ba0a9ad 100644
--- a/app/Livewire/Project/Database/Redis/General.php
+++ b/app/Livewire/Project/Database/Redis/General.php
@@ -4,7 +4,9 @@ namespace App\Livewire\Project\Database\Redis;
 
 use App\Actions\Database\StartDatabaseProxy;
 use App\Actions\Database\StopDatabaseProxy;
+use App\Helpers\SslHelper;
 use App\Models\Server;
+use App\Models\SslCertificate;
 use App\Models\StandaloneRedis;
 use Exception;
 use Livewire\Component;
@@ -30,6 +32,8 @@ class General extends Component
 
     public ?string $db_url_public = null;
 
+    public $certificateValidUntil = null;
+
     protected $rules = [
         'database.name' => 'required',
         'database.description' => 'nullable',
@@ -42,6 +46,8 @@ class General extends Component
         'database.custom_docker_run_options' => 'nullable',
         'redis_username' => 'required',
         'redis_password' => 'required',
+        'database.enable_ssl' => 'boolean',
+        'database.ssl_mode' => 'nullable|string|in:require,verify-full',
     ];
 
     protected $validationAttributes = [
@@ -55,12 +61,21 @@ class General extends Component
         'database.custom_docker_run_options' => 'Custom Docker Options',
         'redis_username' => 'Redis Username',
         'redis_password' => 'Redis Password',
+        'database.enable_ssl' => 'Enable SSL',
+        'database.ssl_mode' => 'SSL Mode',
     ];
 
     public function mount()
     {
         $this->server = data_get($this->database, 'destination.server');
         $this->refreshView();
+        $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass())
+            ->where('resource_id', $this->database->id)
+            ->first();
+
+        if ($existingCert) {
+            $this->certificateValidUntil = $existingCert->valid_until;
+        }
     }
 
     public function instantSaveAdvanced()
@@ -136,6 +151,52 @@ class General extends Component
         }
     }
 
+    public function instantSaveSSL()
+    {
+        try {
+            $this->database->enable_ssl = $this->database->enable_ssl;
+            $this->database->ssl_mode = $this->database->ssl_mode;
+            $this->database->save();
+            $this->dispatch('success', 'SSL configuration updated.');
+        } catch (Exception $e) {
+            return handleError($e, $this);
+        }
+    }
+
+    public function regenerateSslCertificate()
+    {
+        try {
+            $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass())
+                ->where('resource_id', $this->database->id)
+                ->where('server_id', $this->server->id)
+                ->first();
+
+            if (! $existingCert) {
+                $this->dispatch('error', 'No existing SSL certificate found for this database.');
+
+                return;
+            }
+
+            $caCert = SslCertificate::where('server_id', $existingCert->server_id)->where('is_ca_certificate', true)->first();
+
+            SslHelper::generateSslCertificate(
+                commonName: $existingCert->commonName,
+                subjectAlternativeNames: $existingCert->subjectAlternativeNames ?? [],
+                resourceType: $existingCert->resource_type,
+                resourceId: $existingCert->resource_id,
+                serverId: $existingCert->server_id,
+                caCert: $caCert->ssl_certificate,
+                caKey: $caCert->ssl_private_key,
+                configurationDir: $existingCert->configuration_dir,
+                mountPath: $existingCert->mount_path,
+            );
+
+            $this->dispatch('success', 'SSL certificates regenerated. Restart database to apply changes.');
+        } catch (Exception $e) {
+            handleError($e, $this);
+        }
+    }
+
     public function refresh(): void
     {
         $this->database->refresh();
diff --git a/app/Models/StandaloneRedis.php b/app/Models/StandaloneRedis.php
index ebb0fbe30..b7835b4c9 100644
--- a/app/Models/StandaloneRedis.php
+++ b/app/Models/StandaloneRedis.php
@@ -222,8 +222,15 @@ class StandaloneRedis extends BaseModel
             get: function () {
                 $redis_version = $this->getRedisVersion();
                 $username_part = version_compare($redis_version, '6.0', '>=') ? "{$this->redis_username}:" : '';
+                $scheme = $this->enable_ssl ? 'rediss' : 'redis';
+                $port = $this->enable_ssl ? 6380 : 6379;
+                $url = "{$scheme}://{$username_part}{$this->redis_password}@{$this->uuid}:{$port}/0";
 
-                return "redis://{$username_part}{$this->redis_password}@{$this->uuid}:6379/0";
+                if ($this->enable_ssl && $this->ssl_mode === 'verify-full') {
+                    $url .= '?cacert=/etc/ssl/certs/coolify-ca.crt';
+                }
+
+                return $url;
             }
         );
     }
@@ -235,8 +242,14 @@ class StandaloneRedis extends BaseModel
                 if ($this->is_public && $this->public_port) {
                     $redis_version = $this->getRedisVersion();
                     $username_part = version_compare($redis_version, '6.0', '>=') ? "{$this->redis_username}:" : '';
+                    $scheme = $this->enable_ssl ? 'rediss' : 'redis';
+                    $url = "{$scheme}://{$username_part}{$this->redis_password}@{$this->destination->server->getIp}:{$this->public_port}/0";
 
-                    return "redis://{$username_part}{$this->redis_password}@{$this->destination->server->getIp}:{$this->public_port}/0";
+                    if ($this->enable_ssl && $this->ssl_mode === 'verify-full') {
+                        $url .= '?cacert=/etc/ssl/certs/coolify-ca.crt';
+                    }
+
+                    return $url;
                 }
 
                 return null;
diff --git a/resources/views/livewire/project/database/redis/general.blade.php b/resources/views/livewire/project/database/redis/general.blade.php
index a274fa62e..eb9d7af23 100644
--- a/resources/views/livewire/project/database/redis/general.blade.php
+++ b/resources/views/livewire/project/database/redis/general.blade.php
@@ -49,6 +49,47 @@
                     type="password" readonly wire:model="db_url_public" />
             @endif
         </div>
+        <div class="flex flex-col gap-2">
+            <div class="flex items-center justify-between py-2">
+                <div class="flex items-center justify-between w-full">
+                    <h3>SSL Configuration</h3>
+                    @if($database->enable_ssl && $certificateValidUntil)
+                        <x-modal-confirmation
+                            title="Regenerate SSL Certificates"
+                            buttonTitle="Regenerate SSL Certificates"
+                            :actions="[
+                                'The SSL certificate of this database will be regenerated.',
+                                'You must restart the database after regenerating the certificate to start using the new certificate.'
+                            ]"
+                            submitAction="regenerateSslCertificate"
+                            :confirmWithText="false"
+                            :confirmWithPassword="false"
+                        />
+                    @endif
+                </div>
+            </div>
+            @if($database->enable_ssl && $certificateValidUntil)
+                <span class="text-sm">Valid until: 
+                @if(now()->gt($certificateValidUntil))
+                    <span class="text-red-500">{{ $certificateValidUntil->format('d.m.Y H:i:s') }} - Expired</span>
+                @elseif(now()->addDays(30)->gt($certificateValidUntil))
+                    <span class="text-red-500">{{ $certificateValidUntil->format('d.m.Y H:i:s') }} - Expiring soon</span>
+                @else
+                    <span>{{ $certificateValidUntil->format('d.m.Y H:i:s') }}</span>
+                @endif
+                </span>
+            @endif
+            <div class="flex flex-col gap-2">
+                <x-forms.checkbox id="database.enable_ssl" label="Enable SSL" wire:model.live="database.enable_ssl" instantSave="instantSaveSSL" />
+                @if($database->enable_ssl)
+                    <x-forms.select id="database.ssl_mode" label="SSL Mode" wire:model.live="database.ssl_mode" instantSave="instantSaveSSL"
+                        helper="Choose the SSL verification mode for Redis connections">
+                        <option value="require">require</option>
+                        <option value="verify-full">verify-full</option>
+                    </x-forms.select>
+                @endif
+            </div>
+        </div>
         <div>
             <div class="flex flex-col py-2 w-64">
                 <div class="flex items-center gap-2 pb-2">

From 484fc5140b4ef4924d8941036969e5faea60eced Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Sat, 8 Feb 2025 16:43:15 +0100
Subject: [PATCH 075/145] fix(ssl): rename Redis mode to verify-ca as it is not
 verify-full

---
 app/Actions/Database/StartRedis.php                           | 2 +-
 app/Livewire/Project/Database/Redis/General.php               | 2 +-
 app/Models/StandaloneRedis.php                                | 4 ++--
 .../views/livewire/project/database/redis/general.blade.php   | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/app/Actions/Database/StartRedis.php b/app/Actions/Database/StartRedis.php
index 11534e87d..fee80be2b 100644
--- a/app/Actions/Database/StartRedis.php
+++ b/app/Actions/Database/StartRedis.php
@@ -302,7 +302,7 @@ class StartRedis
                     '--tls-ca-cert-file /etc/redis/certs/coolify-ca.crt',
                     '--tls-auth-clients no',
                 ],
-                'verify-full' => [
+                'verify-ca' => [
                     '--tls-port 6380',
                     '--tls-cert-file /etc/redis/certs/server.crt',
                     '--tls-key-file /etc/redis/certs/server.key',
diff --git a/app/Livewire/Project/Database/Redis/General.php b/app/Livewire/Project/Database/Redis/General.php
index 32ba0a9ad..71fbd5887 100644
--- a/app/Livewire/Project/Database/Redis/General.php
+++ b/app/Livewire/Project/Database/Redis/General.php
@@ -47,7 +47,7 @@ class General extends Component
         'redis_username' => 'required',
         'redis_password' => 'required',
         'database.enable_ssl' => 'boolean',
-        'database.ssl_mode' => 'nullable|string|in:require,verify-full',
+        'database.ssl_mode' => 'nullable|string|in:require,verify-ca',
     ];
 
     protected $validationAttributes = [
diff --git a/app/Models/StandaloneRedis.php b/app/Models/StandaloneRedis.php
index b7835b4c9..2b565aa4f 100644
--- a/app/Models/StandaloneRedis.php
+++ b/app/Models/StandaloneRedis.php
@@ -226,7 +226,7 @@ class StandaloneRedis extends BaseModel
                 $port = $this->enable_ssl ? 6380 : 6379;
                 $url = "{$scheme}://{$username_part}{$this->redis_password}@{$this->uuid}:{$port}/0";
 
-                if ($this->enable_ssl && $this->ssl_mode === 'verify-full') {
+                if ($this->enable_ssl && $this->ssl_mode === 'verify-ca') {
                     $url .= '?cacert=/etc/ssl/certs/coolify-ca.crt';
                 }
 
@@ -245,7 +245,7 @@ class StandaloneRedis extends BaseModel
                     $scheme = $this->enable_ssl ? 'rediss' : 'redis';
                     $url = "{$scheme}://{$username_part}{$this->redis_password}@{$this->destination->server->getIp}:{$this->public_port}/0";
 
-                    if ($this->enable_ssl && $this->ssl_mode === 'verify-full') {
+                    if ($this->enable_ssl && $this->ssl_mode === 'verify-ca') {
                         $url .= '?cacert=/etc/ssl/certs/coolify-ca.crt';
                     }
 
diff --git a/resources/views/livewire/project/database/redis/general.blade.php b/resources/views/livewire/project/database/redis/general.blade.php
index eb9d7af23..28aa8dbba 100644
--- a/resources/views/livewire/project/database/redis/general.blade.php
+++ b/resources/views/livewire/project/database/redis/general.blade.php
@@ -85,7 +85,7 @@
                     <x-forms.select id="database.ssl_mode" label="SSL Mode" wire:model.live="database.ssl_mode" instantSave="instantSaveSSL"
                         helper="Choose the SSL verification mode for Redis connections">
                         <option value="require">require</option>
-                        <option value="verify-full">verify-full</option>
+                        <option value="verify-ca">verify-ca</option>
                     </x-forms.select>
                 @endif
             </div>

From 5c12f7273ef392b8201726536fc6b9a72d688aa2 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Mon, 10 Feb 2025 15:18:29 +0100
Subject: [PATCH 076/145] feat: New mode implementation for MongoDB

---
 app/Actions/Database/StartMongodb.php | 68 +++++++++++++++++----------
 app/Models/StandaloneMongodb.php      | 19 +++-----
 2 files changed, 51 insertions(+), 36 deletions(-)

diff --git a/app/Actions/Database/StartMongodb.php b/app/Actions/Database/StartMongodb.php
index bf36d3802..250cb321d 100644
--- a/app/Actions/Database/StartMongodb.php
+++ b/app/Actions/Database/StartMongodb.php
@@ -52,8 +52,7 @@ class StartMongodb
                 ->get()
                 ->filter(function ($storage) {
                     return in_array($storage->mount_path, [
-                        '/etc/mongo/certs/server.crt',
-                        '/etc/mongo/certs/server.key',
+                        '/etc/mongo/certs/server.pem',
                     ]);
                 })
                 ->each(function ($storage) {
@@ -62,12 +61,11 @@ class StartMongodb
         } else {
             $this->commands[] = "echo 'Setting up SSL for this database.'";
             $this->commands[] = "mkdir -p $this->configuration_dir/ssl";
-            $server = $this->database->destination->server;
 
-            $caCert = SslCertificate::where('server_id', $server->id)->firstOrFail();
-            $this->ssl_certificate = SslCertificate::where('resource_type', $this->database->getMorphClass())
-                ->where('resource_id', $this->database->id)
-                ->first();
+            $server = $this->database->destination->server;
+            $caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first();
+
+            $this->ssl_certificate = SslCertificate::where('resource_type', $this->database->getMorphClass())->where('resource_id', $this->database->id)->first();
 
             if (! $this->ssl_certificate) {
                 $this->commands[] = "echo 'No SSL certificate found, generating new SSL certificate for this database.'";
@@ -80,6 +78,7 @@ class StartMongodb
                     caKey: $caCert->ssl_private_key,
                     configurationDir: $this->configuration_dir,
                     mountPath: '/etc/mongo/certs',
+                    isPemKeyFileRequired: true,
                 );
             }
         }
@@ -188,6 +187,20 @@ class StartMongodb
             ]]
         );
 
+        if ($this->database->enable_ssl) {
+            $docker_compose['services'][$container_name]['volumes'] = array_merge(
+                $docker_compose['services'][$container_name]['volumes'] ?? [],
+                [
+                    [
+                        'type' => 'bind',
+                        'source' => '/data/coolify/ssl/coolify-ca.crt',
+                        'target' => '/etc/mongo/certs/ca.pem',
+                        'read_only' => true,
+                    ],
+                ]
+            );
+        }
+
         // Add custom docker run options
         $docker_run_options = convertDockerRunToCompose($this->database->custom_docker_run_options);
         $docker_compose = generateCustomDockerRunOptionsForDatabases($docker_run_options, $docker_compose, $container_name, $this->database->destination->network);
@@ -195,28 +208,35 @@ class StartMongodb
         if ($this->database->enable_ssl) {
             $commandParts = ['mongod'];
 
-            $commandParts[] = '--sslPEMKeyFile';
-            $commandParts[] = '/etc/mongo/certs/server.pem';
-            $commandParts[] = '--sslCAFile';
-            $commandParts[] = '/etc/mongo/certs/ca.pem';
-
             $sslConfig = match ($this->database->ssl_mode) {
-                'verifyCA' => [
-                    '--sslMode=requireSSL',
-                    '--tlsAllowInvalidCertificates=false',
+                'allow' => [
+                    '--tlsMode=allowTLS',
+                    '--tlsAllowConnectionsWithoutCertificates',
+                    '--tlsAllowInvalidHostnames',
                 ],
-                'verifyFull' => [
-                    '--sslMode=requireSSL',
-                    '--tlsAllowInvalidCertificates=false',
-                    '--tlsAllowInvalidHostnames=false',
+                'prefer' => [
+                    '--tlsMode=preferTLS',
+                    '--tlsAllowConnectionsWithoutCertificates',
+                    '--tlsAllowInvalidHostnames',
                 ],
-                'requireSSL' => ['--sslMode=requireSSL'],
-                'preferSSL' => ['--sslMode=preferSSL'],
-                'allowSSL' => ['--sslMode=allowSSL'],
-                default => []
+                'require' => [
+                    '--tlsMode=requireTLS',
+                    '--tlsAllowConnectionsWithoutCertificates',
+                    '--tlsAllowInvalidHostnames',
+                ],
+                'verify-full' => [
+                    '--tlsMode=requireTLS',
+                    '--tlsAllowInvalidHostnames',
+                ],
+                default => [],
             };
 
             $commandParts = [...$commandParts, ...$sslConfig];
+            $commandParts[] = '--tlsCAFile';
+            $commandParts[] = '/etc/mongo/certs/ca.pem';
+            $commandParts[] = '--tlsCertificateKeyFile';
+            $commandParts[] = '/etc/mongo/certs/server.pem';
+
             $docker_compose['services'][$container_name]['command'] = $commandParts;
         }
 
@@ -229,7 +249,7 @@ class StartMongodb
         $this->commands[] = "docker compose -f $this->configuration_dir/docker-compose.yml pull";
         $this->commands[] = "docker compose -f $this->configuration_dir/docker-compose.yml up -d";
         if ($this->database->enable_ssl) {
-            $this->commands[] = executeInDocker($this->database->uuid, "chown {$this->database->mongo_initdb_root_username}:{$this->database->mongo_initdb_root_username} /etc/mongo/certs/server.pem /etc/mongo/certs/ca.pem");
+            $this->commands[] = executeInDocker($this->database->uuid, 'chown mongodb:mongodb /etc/mongo/certs/server.pem');
         }
         $this->commands[] = "echo 'Database started.'";
 
diff --git a/app/Models/StandaloneMongodb.php b/app/Models/StandaloneMongodb.php
index 0b282eea1..0367b8650 100644
--- a/app/Models/StandaloneMongodb.php
+++ b/app/Models/StandaloneMongodb.php
@@ -246,13 +246,11 @@ class StandaloneMongodb extends BaseModel
             get: function () {
                 $url = "mongodb://{$this->mongo_initdb_root_username}:{$this->mongo_initdb_root_password}@{$this->uuid}:27017/?directConnection=true";
                 if ($this->enable_ssl) {
-                    $url .= '&ssl=true';
-                    if (in_array($this->ssl_mode, ['verifyCA', 'verifyFull'])) {
-                        $url .= '&tlsAllowInvalidCertificates=false';
-                    }
-                    if ($this->ssl_mode === 'verifyFull') {
-                        $url .= '&tlsAllowInvalidHostnames=false';
+                    $url .= '&tls=true';
+                    if (in_array($this->ssl_mode, ['verify-full'])) {
+                        $url .= '&tlsCAFile=/etc/ssl/certs/coolify-ca.crt';
                     }
+
                 }
 
                 return $url;
@@ -267,12 +265,9 @@ class StandaloneMongodb extends BaseModel
                 if ($this->is_public && $this->public_port) {
                     $url = "mongodb://{$this->mongo_initdb_root_username}:{$this->mongo_initdb_root_password}@{$this->destination->server->getIp}:{$this->public_port}/?directConnection=true";
                     if ($this->enable_ssl) {
-                        $url .= '&ssl=true';
-                        if (in_array($this->ssl_mode, ['verifyCA', 'verifyFull'])) {
-                            $url .= '&tlsAllowInvalidCertificates=false';
-                        }
-                        if ($this->ssl_mode === 'verifyFull') {
-                            $url .= '&tlsAllowInvalidHostnames=false';
+                        $url .= '&tls=true';
+                        if (in_array($this->ssl_mode, ['verify-full'])) {
+                            $url .= '&tlsCAFile=/etc/ssl/certs/coolify-ca.crt';
                         }
                     }
 

From 6b6a9f57f34a903eba7ad2afef7fe894b51bdc2a Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Mon, 10 Feb 2025 15:26:05 +0100
Subject: [PATCH 077/145] fix(ui): remove unused mode for MongoDB

---
 app/Livewire/Project/Database/Mongodb/General.php               | 2 +-
 .../views/livewire/project/database/mongodb/general.blade.php   | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/app/Livewire/Project/Database/Mongodb/General.php b/app/Livewire/Project/Database/Mongodb/General.php
index 08d45a4ee..526aae9ea 100644
--- a/app/Livewire/Project/Database/Mongodb/General.php
+++ b/app/Livewire/Project/Database/Mongodb/General.php
@@ -39,7 +39,7 @@ class General extends Component
         'database.is_log_drain_enabled' => 'nullable|boolean',
         'database.custom_docker_run_options' => 'nullable',
         'database.enable_ssl' => 'boolean',
-        'database.ssl_mode' => 'nullable|string|in:allow,prefer,require,verify-ca,verify-full',
+        'database.ssl_mode' => 'nullable|string|in:allow,prefer,require,verify-full',
     ];
 
     protected $validationAttributes = [
diff --git a/resources/views/livewire/project/database/mongodb/general.blade.php b/resources/views/livewire/project/database/mongodb/general.blade.php
index c2dcea140..b060bca54 100644
--- a/resources/views/livewire/project/database/mongodb/general.blade.php
+++ b/resources/views/livewire/project/database/mongodb/general.blade.php
@@ -95,7 +95,6 @@
                         <option value="allow">allow</option>
                         <option value="prefer">prefer</option>
                         <option value="require">require</option>
-                        <option value="verify-ca">verify-ca</option>
                         <option value="verify-full">verify-full</option>
                     </x-forms.select>
                 @endif

From 792b1b889fb11cc7267af0399fbae5b0b67f69b8 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Mon, 10 Feb 2025 15:32:05 +0100
Subject: [PATCH 078/145] faet(migration): Add SSL fields to database tables

---
 ...2616_add_ssl_fields_to_database_tables.php | 70 +++++++++++++++++++
 ...d_ssl_fields_to_standalone_postgresqls.php | 30 --------
 2 files changed, 70 insertions(+), 30 deletions(-)
 create mode 100644 database/migrations/2025_01_27_102616_add_ssl_fields_to_database_tables.php
 delete mode 100644 database/migrations/2025_01_27_102616_add_ssl_fields_to_standalone_postgresqls.php

diff --git a/database/migrations/2025_01_27_102616_add_ssl_fields_to_database_tables.php b/database/migrations/2025_01_27_102616_add_ssl_fields_to_database_tables.php
new file mode 100644
index 000000000..361e2fd32
--- /dev/null
+++ b/database/migrations/2025_01_27_102616_add_ssl_fields_to_database_tables.php
@@ -0,0 +1,70 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up()
+    {
+        Schema::table('standalone_postgresqls', function (Blueprint $table) {
+            $table->boolean('enable_ssl')->default(true);
+            $table->enum('ssl_mode', ['allow', 'prefer', 'require', 'verify-ca', 'verify-full'])->default('require');
+        });
+        Schema::table('standalone_mysqls', function (Blueprint $table) {
+            $table->boolean('enable_ssl')->default(true);
+            $table->enum('ssl_mode', ['PREFERRED', 'REQUIRED', 'VERIFY_CA', 'VERIFY_IDENTITY'])->default('REQUIRED');
+        });
+        Schema::table('standalone_mariadbs', function (Blueprint $table) {
+            $table->boolean('enable_ssl')->default(true);
+        });
+        Schema::table('standalone_redis', function (Blueprint $table) {
+            $table->boolean('enable_ssl')->default(false);
+        });
+        Schema::table('standalone_keydbs', function (Blueprint $table) {
+            $table->boolean('enable_ssl')->default(false);
+        });
+        Schema::table('standalone_dragonflies', function (Blueprint $table) {
+            $table->boolean('enable_ssl')->default(false);
+        });
+        Schema::table('standalone_mongodbs', function (Blueprint $table) {
+            $table->boolean('enable_ssl')->default(true);
+            $table->enum('ssl_mode', ['allow', 'prefer', 'require', 'verify-full'])->default('require');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down()
+    {
+        Schema::table('standalone_postgresqls', function (Blueprint $table) {
+            $table->dropColumn('enable_ssl');
+            $table->dropColumn('ssl_mode');
+        });
+        Schema::table('standalone_mysqls', function (Blueprint $table) {
+            $table->dropColumn('enable_ssl');
+            $table->dropColumn('ssl_mode');
+        });
+        Schema::table('standalone_mariadbs', function (Blueprint $table) {
+            $table->dropColumn('enable_ssl');
+        });
+        Schema::table('standalone_redis', function (Blueprint $table) {
+            $table->dropColumn('enable_ssl');
+        });
+        Schema::table('standalone_keydbs', function (Blueprint $table) {
+            $table->dropColumn('enable_ssl');
+        });
+        Schema::table('standalone_dragonflies', function (Blueprint $table) {
+            $table->dropColumn('enable_ssl');
+        });
+        Schema::table('standalone_mongodbs', function (Blueprint $table) {
+            $table->dropColumn('enable_ssl');
+            $table->dropColumn('ssl_mode');
+        });
+    }
+};
diff --git a/database/migrations/2025_01_27_102616_add_ssl_fields_to_standalone_postgresqls.php b/database/migrations/2025_01_27_102616_add_ssl_fields_to_standalone_postgresqls.php
deleted file mode 100644
index 3b0ce8aa4..000000000
--- a/database/migrations/2025_01_27_102616_add_ssl_fields_to_standalone_postgresqls.php
+++ /dev/null
@@ -1,30 +0,0 @@
-<?php
-
-use Illuminate\Database\Migrations\Migration;
-use Illuminate\Database\Schema\Blueprint;
-use Illuminate\Support\Facades\Schema;
-
-return new class extends Migration
-{
-    /**
-     * Run the migrations.
-     */
-    public function up()
-    {
-        Schema::table('standalone_postgresqls', function (Blueprint $table) {
-            $table->boolean('enable_ssl')->default(true);
-            $table->string('ssl_mode')->nullable()->default('require');
-        });
-    }
-
-    /**
-     * Reverse the migrations.
-     */
-    public function down()
-    {
-        Schema::table('standalone_postgresqls', function (Blueprint $table) {
-            $table->dropColumn('enable_ssl');
-            $table->dropColumn('ssl_mode');
-        });
-    }
-};

From 4547647e983e2186cca0af35202f0eb083e77c56 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Mon, 10 Feb 2025 19:23:39 +0100
Subject: [PATCH 079/145] feat(ssl): improve Redis and remove modes

---
 app/Actions/Database/StartRedis.php           | 45 +++++--------------
 .../Project/Database/Redis/General.php        |  3 --
 .../project/database/redis/general.blade.php  |  7 ---
 3 files changed, 12 insertions(+), 43 deletions(-)

diff --git a/app/Actions/Database/StartRedis.php b/app/Actions/Database/StartRedis.php
index fee80be2b..edc7e0cce 100644
--- a/app/Actions/Database/StartRedis.php
+++ b/app/Actions/Database/StartRedis.php
@@ -98,22 +98,11 @@ class StartRedis
                     ],
                     'labels' => defaultDatabaseLabels($this->database)->toArray(),
                     'healthcheck' => [
-                        'test' => $this->database->enable_ssl
-                            ? [
-                                'CMD-SHELL',
-                                'redis-cli',
-                                '--tls',
-                                '--cacert /etc/redis/certs/coolify-ca.crt',
-                                '--cert /etc/redis/certs/server.crt',
-                                '--key /etc/redis/certs/server.key',
-                                '-p 6380',
-                                'ping',
-                            ]
-                            : [
-                                'CMD-SHELL',
-                                'redis-cli',
-                                'ping',
-                            ],
+                        'test' => [
+                            'CMD-SHELL',
+                            'redis-cli',
+                            'ping',
+                        ],
                         'interval' => '5s',
                         'timeout' => '5s',
                         'retries' => 10,
@@ -294,23 +283,13 @@ class StartRedis
         }
 
         if ($this->database->enable_ssl) {
-            $sslArgs = match ($this->database->ssl_mode) {
-                'require' => [
-                    '--tls-port 6380',
-                    '--tls-cert-file /etc/redis/certs/server.crt',
-                    '--tls-key-file /etc/redis/certs/server.key',
-                    '--tls-ca-cert-file /etc/redis/certs/coolify-ca.crt',
-                    '--tls-auth-clients no',
-                ],
-                'verify-ca' => [
-                    '--tls-port 6380',
-                    '--tls-cert-file /etc/redis/certs/server.crt',
-                    '--tls-key-file /etc/redis/certs/server.key',
-                    '--tls-ca-cert-file /etc/redis/certs/coolify-ca.crt',
-                    '--tls-auth-clients yes',
-                ],
-                default => []
-            };
+            $sslArgs = [
+                '--tls-port 6380',
+                '--tls-cert-file /etc/redis/certs/server.crt',
+                '--tls-key-file /etc/redis/certs/server.key',
+                '--tls-ca-cert-file /etc/redis/certs/coolify-ca.crt',
+                '--tls-auth-clients optional',
+            ];
         }
 
         if (! empty($sslArgs)) {
diff --git a/app/Livewire/Project/Database/Redis/General.php b/app/Livewire/Project/Database/Redis/General.php
index 71fbd5887..ea896e294 100644
--- a/app/Livewire/Project/Database/Redis/General.php
+++ b/app/Livewire/Project/Database/Redis/General.php
@@ -47,7 +47,6 @@ class General extends Component
         'redis_username' => 'required',
         'redis_password' => 'required',
         'database.enable_ssl' => 'boolean',
-        'database.ssl_mode' => 'nullable|string|in:require,verify-ca',
     ];
 
     protected $validationAttributes = [
@@ -62,7 +61,6 @@ class General extends Component
         'redis_username' => 'Redis Username',
         'redis_password' => 'Redis Password',
         'database.enable_ssl' => 'Enable SSL',
-        'database.ssl_mode' => 'SSL Mode',
     ];
 
     public function mount()
@@ -155,7 +153,6 @@ class General extends Component
     {
         try {
             $this->database->enable_ssl = $this->database->enable_ssl;
-            $this->database->ssl_mode = $this->database->ssl_mode;
             $this->database->save();
             $this->dispatch('success', 'SSL configuration updated.');
         } catch (Exception $e) {
diff --git a/resources/views/livewire/project/database/redis/general.blade.php b/resources/views/livewire/project/database/redis/general.blade.php
index 28aa8dbba..a6cae8e38 100644
--- a/resources/views/livewire/project/database/redis/general.blade.php
+++ b/resources/views/livewire/project/database/redis/general.blade.php
@@ -81,13 +81,6 @@
             @endif
             <div class="flex flex-col gap-2">
                 <x-forms.checkbox id="database.enable_ssl" label="Enable SSL" wire:model.live="database.enable_ssl" instantSave="instantSaveSSL" />
-                @if($database->enable_ssl)
-                    <x-forms.select id="database.ssl_mode" label="SSL Mode" wire:model.live="database.ssl_mode" instantSave="instantSaveSSL"
-                        helper="Choose the SSL verification mode for Redis connections">
-                        <option value="require">require</option>
-                        <option value="verify-ca">verify-ca</option>
-                    </x-forms.select>
-                @endif
             </div>
         </div>
         <div>

From 90e681e24b3d515731675405341cad65c83f0a78 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Mon, 10 Feb 2025 21:29:20 +0100
Subject: [PATCH 080/145] feat: Full SSL support for DrangonflyDB

---
 app/Actions/Database/StartDragonfly.php       | 111 +++++++++++++++++-
 .../Project/Database/Dragonfly/General.php    |  63 ++++++++++
 app/Models/StandaloneDragonfly.php            |  21 +++-
 .../database/dragonfly/general.blade.php      |  34 ++++++
 4 files changed, 221 insertions(+), 8 deletions(-)

diff --git a/app/Actions/Database/StartDragonfly.php b/app/Actions/Database/StartDragonfly.php
index 4f9f45b7c..c9a2f173c 100644
--- a/app/Actions/Database/StartDragonfly.php
+++ b/app/Actions/Database/StartDragonfly.php
@@ -2,6 +2,8 @@
 
 namespace App\Actions\Database;
 
+use App\Helpers\SslHelper;
+use App\Models\SslCertificate;
 use App\Models\StandaloneDragonfly;
 use Lorisleiva\Actions\Concerns\AsAction;
 use Symfony\Component\Yaml\Yaml;
@@ -16,24 +18,74 @@ class StartDragonfly
 
     public string $configuration_dir;
 
+    private ?SslCertificate $ssl_certificate = null;
+
     public function handle(StandaloneDragonfly $database)
     {
         $this->database = $database;
 
-        $startCommand = "dragonfly --requirepass {$this->database->dragonfly_password}";
-
         $container_name = $this->database->uuid;
         $this->configuration_dir = database_configuration_dir().'/'.$container_name;
 
         $this->commands = [
             "echo 'Starting database.'",
+            "echo 'Creating directories.'",
             "mkdir -p $this->configuration_dir",
+            "echo 'Directories created successfully.'",
         ];
 
+        if (! $this->database->enable_ssl) {
+            $this->commands[] = "rm -rf $this->configuration_dir/ssl";
+            SslCertificate::where('resource_type', $this->database->getMorphClass())
+                ->where('resource_id', $this->database->id)
+                ->delete();
+            $this->database->fileStorages()
+                ->where('resource_type', $this->database->getMorphClass())
+                ->where('resource_id', $this->database->id)
+                ->get()
+                ->filter(function ($storage) {
+                    return in_array($storage->mount_path, [
+                        '/etc/dragonfly/certs/server.crt',
+                        '/etc/dragonfly/certs/server.key',
+                    ]);
+                })
+                ->each(function ($storage) {
+                    $storage->delete();
+                });
+        } else {
+            $this->commands[] = "echo 'Setting up SSL for this database.'";
+            $this->commands[] = "mkdir -p $this->configuration_dir/ssl";
+
+            $server = $this->database->destination->server;
+            $caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first();
+
+            $this->ssl_certificate = SslCertificate::where('resource_type', $this->database->getMorphClass())
+                ->where('resource_id', $this->database->id)
+                ->first();
+
+            if (! $this->ssl_certificate) {
+                $this->commands[] = "echo 'No SSL certificate found, generating new SSL certificate for this database.'";
+                $this->ssl_certificate = SslHelper::generateSslCertificate(
+                    commonName: $this->database->uuid,
+                    resourceType: $this->database->getMorphClass(),
+                    resourceId: $this->database->id,
+                    serverId: $server->id,
+                    caCert: $caCert->ssl_certificate,
+                    caKey: $caCert->ssl_private_key,
+                    configurationDir: $this->configuration_dir,
+                    mountPath: '/etc/dragonfly/certs',
+                );
+            }
+        }
+
+        $container_name = $this->database->uuid;
+        $this->configuration_dir = database_configuration_dir().'/'.$container_name;
+
         $persistent_storages = $this->generate_local_persistent_volumes();
         $persistent_file_volumes = $this->database->fileStorages()->get();
         $volume_names = $this->generate_local_persistent_volumes_only_volume_names();
         $environment_variables = $this->generate_environment_variables();
+        $startCommand = $this->buildStartCommand();
 
         $docker_compose = [
             'services' => [
@@ -70,27 +122,55 @@ class StartDragonfly
                 ],
             ],
         ];
+
         if (! is_null($this->database->limits_cpuset)) {
             data_set($docker_compose, "services.{$container_name}.cpuset", $this->database->limits_cpuset);
         }
+
         if ($this->database->destination->server->isLogDrainEnabled() && $this->database->isLogDrainEnabled()) {
             $docker_compose['services'][$container_name]['logging'] = generate_fluentd_configuration();
         }
+
         if (count($this->database->ports_mappings_array) > 0) {
             $docker_compose['services'][$container_name]['ports'] = $this->database->ports_mappings_array;
         }
+
+        $docker_compose['services'][$container_name]['volumes'] ??= [];
+
         if (count($persistent_storages) > 0) {
-            $docker_compose['services'][$container_name]['volumes'] = $persistent_storages;
+            $docker_compose['services'][$container_name]['volumes'] = array_merge(
+                $docker_compose['services'][$container_name]['volumes'],
+                $persistent_storages
+            );
         }
+
         if (count($persistent_file_volumes) > 0) {
-            $docker_compose['services'][$container_name]['volumes'] = $persistent_file_volumes->map(function ($item) {
-                return "$item->fs_path:$item->mount_path";
-            })->toArray();
+            $docker_compose['services'][$container_name]['volumes'] = array_merge(
+                $docker_compose['services'][$container_name]['volumes'],
+                $persistent_file_volumes->map(function ($item) {
+                    return "$item->fs_path:$item->mount_path";
+                })->toArray()
+            );
         }
+
         if (count($volume_names) > 0) {
             $docker_compose['volumes'] = $volume_names;
         }
 
+        if ($this->database->enable_ssl) {
+            $docker_compose['services'][$container_name]['volumes'] = array_merge(
+                $docker_compose['services'][$container_name]['volumes'] ?? [],
+                [
+                    [
+                        'type' => 'bind',
+                        'source' => '/data/coolify/ssl/coolify-ca.crt',
+                        'target' => '/etc/dragonfly/certs/coolify-ca.crt',
+                        'read_only' => true,
+                    ],
+                ]
+            );
+        }
+
         // Add custom docker run options
         $docker_run_options = convertDockerRunToCompose($this->database->custom_docker_run_options);
         $docker_compose = generateCustomDockerRunOptionsForDatabases($docker_run_options, $docker_compose, $container_name, $this->database->destination->network);
@@ -102,12 +182,31 @@ class StartDragonfly
         $this->commands[] = "echo '{$readme}' > $this->configuration_dir/README.md";
         $this->commands[] = "echo 'Pulling {$database->image} image.'";
         $this->commands[] = "docker compose -f $this->configuration_dir/docker-compose.yml pull";
+        if ($this->database->enable_ssl) {
+            $this->commands[] = "chown -R 999:999 $this->configuration_dir/ssl/server.key $this->configuration_dir/ssl/server.crt";
+        }
         $this->commands[] = "docker compose -f $this->configuration_dir/docker-compose.yml up -d";
         $this->commands[] = "echo 'Database started.'";
 
         return remote_process($this->commands, $database->destination->server, callEventOnFinish: 'DatabaseStatusChanged');
     }
 
+    private function buildStartCommand(): string
+    {
+        $command = "dragonfly --requirepass {$this->database->dragonfly_password}";
+
+        if ($this->database->enable_ssl) {
+            $sslArgs = [
+                '--tls_cert_file /etc/dragonfly/certs/server.crt',
+                '--tls_key_file /etc/dragonfly/certs/server.key',
+                '--tls_ca_cert_file /etc/dragonfly/certs/coolify-ca.crt',
+            ];
+            $command .= ' '.implode(' ', $sslArgs);
+        }
+
+        return $command;
+    }
+
     private function generate_local_persistent_volumes()
     {
         $local_persistent_volumes = [];
diff --git a/app/Livewire/Project/Database/Dragonfly/General.php b/app/Livewire/Project/Database/Dragonfly/General.php
index ea6cd46b0..bd04e4d38 100644
--- a/app/Livewire/Project/Database/Dragonfly/General.php
+++ b/app/Livewire/Project/Database/Dragonfly/General.php
@@ -4,7 +4,9 @@ namespace App\Livewire\Project\Database\Dragonfly;
 
 use App\Actions\Database\StartDatabaseProxy;
 use App\Actions\Database\StopDatabaseProxy;
+use App\Helpers\SslHelper;
 use App\Models\Server;
+use App\Models\SslCertificate;
 use App\Models\StandaloneDragonfly;
 use Exception;
 use Illuminate\Support\Facades\Auth;
@@ -50,6 +52,11 @@ class General extends Component
     #[Validate(['nullable', 'boolean'])]
     public bool $isLogDrainEnabled = false;
 
+    public $certificateValidUntil = null;
+
+    #[Validate(['nullable', 'boolean'])]
+    public bool $enable_ssl = false;
+
     public function getListeners()
     {
         $teamId = Auth::user()->currentTeam()->id;
@@ -64,6 +71,14 @@ class General extends Component
         try {
             $this->syncData();
             $this->server = data_get($this->database, 'destination.server');
+
+            $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass())
+                ->where('resource_id', $this->database->id)
+                ->first();
+
+            if ($existingCert) {
+                $this->certificateValidUntil = $existingCert->valid_until;
+            }
         } catch (\Throwable $e) {
             return handleError($e, $this);
         }
@@ -82,6 +97,7 @@ class General extends Component
             $this->database->public_port = $this->publicPort;
             $this->database->custom_docker_run_options = $this->customDockerRunOptions;
             $this->database->is_log_drain_enabled = $this->isLogDrainEnabled;
+            $this->database->enable_ssl = $this->enable_ssl;
             $this->database->save();
 
             $this->dbUrl = $this->database->internal_db_url;
@@ -96,6 +112,7 @@ class General extends Component
             $this->publicPort = $this->database->public_port;
             $this->customDockerRunOptions = $this->database->custom_docker_run_options;
             $this->isLogDrainEnabled = $this->database->is_log_drain_enabled;
+            $this->enable_ssl = $this->database->enable_ssl;
             $this->dbUrl = $this->database->internal_db_url;
             $this->dbUrlPublic = $this->database->external_db_url;
         }
@@ -174,4 +191,50 @@ class General extends Component
             }
         }
     }
+
+    public function instantSaveSSL()
+    {
+        try {
+            $this->syncData(true);
+            $this->dispatch('success', 'SSL configuration updated.');
+        } catch (Exception $e) {
+            return handleError($e, $this);
+        }
+    }
+
+    public function regenerateSslCertificate()
+    {
+        try {
+            $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass())
+                ->where('resource_id', $this->database->id)
+                ->where('server_id', $this->server->id)
+                ->first();
+
+            if (! $existingCert) {
+                $this->dispatch('error', 'No existing SSL certificate found for this database.');
+
+                return;
+            }
+
+            $caCert = SslCertificate::where('server_id', $existingCert->server_id)
+                ->where('is_ca_certificate', true)
+                ->first();
+
+            SslHelper::generateSslCertificate(
+                commonName: $existingCert->commonName,
+                subjectAlternativeNames: $existingCert->subjectAlternativeNames ?? [],
+                resourceType: $existingCert->resource_type,
+                resourceId: $existingCert->resource_id,
+                serverId: $existingCert->server_id,
+                caCert: $caCert->ssl_certificate,
+                caKey: $caCert->ssl_private_key,
+                configurationDir: $existingCert->configuration_dir,
+                mountPath: $existingCert->mount_path,
+            );
+
+            $this->dispatch('success', 'SSL certificates regenerated. Restart database to apply changes.');
+        } catch (Exception $e) {
+            handleError($e, $this);
+        }
+    }
 }
diff --git a/app/Models/StandaloneDragonfly.php b/app/Models/StandaloneDragonfly.php
index 6e7915faa..3aaedfc52 100644
--- a/app/Models/StandaloneDragonfly.php
+++ b/app/Models/StandaloneDragonfly.php
@@ -223,7 +223,17 @@ class StandaloneDragonfly extends BaseModel
     protected function internalDbUrl(): Attribute
     {
         return new Attribute(
-            get: fn () => "redis://:{$this->dragonfly_password}@{$this->uuid}:6379/0",
+            get: function () {
+                $scheme = $this->enable_ssl ? 'rediss' : 'redis';
+                $port = $this->enable_ssl ? 6380 : 6379;
+                $url = "{$scheme}://:{$this->dragonfly_password}@{$this->uuid}:{$port}/0";
+
+                if ($this->enable_ssl && $this->ssl_mode === 'verify-ca') {
+                    $url .= '?cacert=/etc/ssl/certs/coolify-ca.crt';
+                }
+
+                return $url;
+            }
         );
     }
 
@@ -232,7 +242,14 @@ class StandaloneDragonfly extends BaseModel
         return new Attribute(
             get: function () {
                 if ($this->is_public && $this->public_port) {
-                    return "redis://:{$this->dragonfly_password}@{$this->destination->server->getIp}:{$this->public_port}/0";
+                    $scheme = $this->enable_ssl ? 'rediss' : 'redis';
+                    $url = "{$scheme}://:{$this->dragonfly_password}@{$this->destination->server->getIp}:{$this->public_port}/0";
+
+                    if ($this->enable_ssl && $this->ssl_mode === 'verify-ca') {
+                        $url .= '?cacert=/etc/ssl/certs/coolify-ca.crt';
+                    }
+
+                    return $url;
                 }
 
                 return null;
diff --git a/resources/views/livewire/project/database/dragonfly/general.blade.php b/resources/views/livewire/project/database/dragonfly/general.blade.php
index aa24db860..44765ae13 100644
--- a/resources/views/livewire/project/database/dragonfly/general.blade.php
+++ b/resources/views/livewire/project/database/dragonfly/general.blade.php
@@ -49,6 +49,40 @@
                     readonly value="Starting the database will generate this." />
             @endif
         </div>
+        <div class="flex flex-col gap-2">
+            <div class="flex items-center justify-between py-2">
+                <div class="flex items-center justify-between w-full">
+                    <h3>SSL Configuration</h3>
+                    @if($database->enable_ssl && $certificateValidUntil)
+                        <x-modal-confirmation
+                            title="Regenerate SSL Certificates"
+                            buttonTitle="Regenerate SSL Certificates"
+                            :actions="[
+                                'The SSL certificate of this database will be regenerated.',
+                                'You must restart the database after regenerating the certificate to start using the new certificate.'
+                            ]"
+                            submitAction="regenerateSslCertificate"
+                            :confirmWithText="false"
+                            :confirmWithPassword="false"
+                        />
+                    @endif
+                </div>
+            </div>
+            @if($database->enable_ssl && $certificateValidUntil)
+                <span class="text-sm">Valid until: 
+                @if(now()->gt($certificateValidUntil))
+                    <span class="text-red-500">{{ $certificateValidUntil->format('d.m.Y H:i:s') }} - Expired</span>
+                @elseif(now()->addDays(30)->gt($certificateValidUntil))
+                    <span class="text-red-500">{{ $certificateValidUntil->format('d.m.Y H:i:s') }} - Expiring soon</span>
+                @else
+                    <span>{{ $certificateValidUntil->format('d.m.Y H:i:s') }}</span>
+                @endif
+                </span>
+            @endif
+            <div class="flex flex-col gap-2">
+                <x-forms.checkbox id="enable_ssl" label="Enable SSL" wire:model.live="enable_ssl" instantSave="instantSaveSSL" />
+            </div>
+        </div>
         <div>
             <div class="flex flex-col py-2 w-64">
                 <div class="flex items-center gap-2 pb-2">

From 3e95387e101a187f310f626439ce80c92036258c Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Mon, 10 Feb 2025 21:29:45 +0100
Subject: [PATCH 081/145] Full: SSL Support for KeyDB

---
 app/Actions/Database/StartKeydb.php           | 145 ++++++++++++++++--
 .../Project/Database/Keydb/General.php        |  63 ++++++++
 app/Models/StandaloneKeydb.php                |  21 ++-
 .../project/database/keydb/general.blade.php  |  34 ++++
 4 files changed, 248 insertions(+), 15 deletions(-)

diff --git a/app/Actions/Database/StartKeydb.php b/app/Actions/Database/StartKeydb.php
index 6c733d318..1e601e689 100644
--- a/app/Actions/Database/StartKeydb.php
+++ b/app/Actions/Database/StartKeydb.php
@@ -2,6 +2,8 @@
 
 namespace App\Actions\Database;
 
+use App\Helpers\SslHelper;
+use App\Models\SslCertificate;
 use App\Models\StandaloneKeydb;
 use Illuminate\Support\Facades\Storage;
 use Lorisleiva\Actions\Concerns\AsAction;
@@ -17,26 +19,77 @@ class StartKeydb
 
     public string $configuration_dir;
 
+    private ?SslCertificate $ssl_certificate = null;
+
     public function handle(StandaloneKeydb $database)
     {
         $this->database = $database;
 
-        $startCommand = "keydb-server --requirepass {$this->database->keydb_password} --appendonly yes";
-
         $container_name = $this->database->uuid;
         $this->configuration_dir = database_configuration_dir().'/'.$container_name;
 
         $this->commands = [
             "echo 'Starting database.'",
+            "echo 'Creating directories.'",
             "mkdir -p $this->configuration_dir",
+            "echo 'Directories created successfully.'",
         ];
 
+        if (! $this->database->enable_ssl) {
+            $this->commands[] = "rm -rf $this->configuration_dir/ssl";
+            SslCertificate::where('resource_type', $this->database->getMorphClass())
+                ->where('resource_id', $this->database->id)
+                ->delete();
+            $this->database->fileStorages()
+                ->where('resource_type', $this->database->getMorphClass())
+                ->where('resource_id', $this->database->id)
+                ->get()
+                ->filter(function ($storage) {
+                    return in_array($storage->mount_path, [
+                        '/etc/keydb/certs/server.crt',
+                        '/etc/keydb/certs/server.key',
+                    ]);
+                })
+                ->each(function ($storage) {
+                    $storage->delete();
+                });
+        } else {
+            $this->commands[] = "echo 'Setting up SSL for this database.'";
+            $this->commands[] = "mkdir -p $this->configuration_dir/ssl";
+
+            $server = $this->database->destination->server;
+            $caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first();
+
+            $this->ssl_certificate = SslCertificate::where('resource_type', $this->database->getMorphClass())
+                ->where('resource_id', $this->database->id)
+                ->first();
+
+            if (! $this->ssl_certificate) {
+                $this->commands[] = "echo 'No SSL certificate found, generating new SSL certificate for this database.'";
+                $this->ssl_certificate = SslHelper::generateSslCertificate(
+                    commonName: $this->database->uuid,
+                    resourceType: $this->database->getMorphClass(),
+                    resourceId: $this->database->id,
+                    serverId: $server->id,
+                    caCert: $caCert->ssl_certificate,
+                    caKey: $caCert->ssl_private_key,
+                    configurationDir: $this->configuration_dir,
+                    mountPath: '/etc/keydb/certs',
+                );
+            }
+        }
+
+        $container_name = $this->database->uuid;
+        $this->configuration_dir = database_configuration_dir().'/'.$container_name;
+
         $persistent_storages = $this->generate_local_persistent_volumes();
         $persistent_file_volumes = $this->database->fileStorages()->get();
         $volume_names = $this->generate_local_persistent_volumes_only_volume_names();
         $environment_variables = $this->generate_environment_variables();
         $this->add_custom_keydb();
 
+        $startCommand = $this->buildStartCommand();
+
         $docker_compose = [
             'services' => [
                 $container_name => [
@@ -72,34 +125,67 @@ class StartKeydb
                 ],
             ],
         ];
+
         if (! is_null($this->database->limits_cpuset)) {
             data_set($docker_compose, "services.{$container_name}.cpuset", $this->database->limits_cpuset);
         }
+
         if ($this->database->destination->server->isLogDrainEnabled() && $this->database->isLogDrainEnabled()) {
             $docker_compose['services'][$container_name]['logging'] = generate_fluentd_configuration();
         }
+
         if (count($this->database->ports_mappings_array) > 0) {
             $docker_compose['services'][$container_name]['ports'] = $this->database->ports_mappings_array;
         }
+
+        $docker_compose['services'][$container_name]['volumes'] ??= [];
+
         if (count($persistent_storages) > 0) {
-            $docker_compose['services'][$container_name]['volumes'] = $persistent_storages;
+            $docker_compose['services'][$container_name]['volumes'] = array_merge(
+                $docker_compose['services'][$container_name]['volumes'] ?? [],
+                $persistent_storages
+            );
         }
+
         if (count($persistent_file_volumes) > 0) {
-            $docker_compose['services'][$container_name]['volumes'] = $persistent_file_volumes->map(function ($item) {
-                return "$item->fs_path:$item->mount_path";
-            })->toArray();
+            $docker_compose['services'][$container_name]['volumes'] = array_merge(
+                $docker_compose['services'][$container_name]['volumes'] ?? [],
+                $persistent_file_volumes->map(function ($item) {
+                    return "$item->fs_path:$item->mount_path";
+                })->toArray()
+            );
         }
+
         if (count($volume_names) > 0) {
             $docker_compose['volumes'] = $volume_names;
         }
+
         if (! is_null($this->database->keydb_conf) || ! empty($this->database->keydb_conf)) {
-            $docker_compose['services'][$container_name]['volumes'][] = [
-                'type' => 'bind',
-                'source' => $this->configuration_dir.'/keydb.conf',
-                'target' => '/etc/keydb/keydb.conf',
-                'read_only' => true,
-            ];
-            $docker_compose['services'][$container_name]['command'] = "keydb-server /etc/keydb/keydb.conf --requirepass {$this->database->keydb_password} --appendonly yes";
+            $docker_compose['services'][$container_name]['volumes'] = array_merge(
+                $docker_compose['services'][$container_name]['volumes'] ?? [],
+                [
+                    [
+                        'type' => 'bind',
+                        'source' => $this->configuration_dir.'/keydb.conf',
+                        'target' => '/etc/keydb/keydb.conf',
+                        'read_only' => true,
+                    ],
+                ]
+            );
+        }
+
+        if ($this->database->enable_ssl) {
+            $docker_compose['services'][$container_name]['volumes'] = array_merge(
+                $docker_compose['services'][$container_name]['volumes'] ?? [],
+                [
+                    [
+                        'type' => 'bind',
+                        'source' => '/data/coolify/ssl/coolify-ca.crt',
+                        'target' => '/etc/keydb/certs/coolify-ca.crt',
+                        'read_only' => true,
+                    ],
+                ]
+            );
         }
 
         // Add custom docker run options
@@ -112,6 +198,9 @@ class StartKeydb
         $this->commands[] = "echo '{$readme}' > $this->configuration_dir/README.md";
         $this->commands[] = "echo 'Pulling {$database->image} image.'";
         $this->commands[] = "docker compose -f $this->configuration_dir/docker-compose.yml pull";
+        if ($this->database->enable_ssl) {
+            $this->commands[] = "chown -R 999:999 $this->configuration_dir/ssl/server.key $this->configuration_dir/ssl/server.crt";
+        }
         $this->commands[] = "docker compose -f $this->configuration_dir/docker-compose.yml up -d";
         $this->commands[] = "echo 'Database started.'";
 
@@ -177,4 +266,34 @@ class StartKeydb
         instant_scp($path, "{$this->configuration_dir}/{$filename}", $this->database->destination->server);
         Storage::disk('local')->delete("tmp/keydb.conf_{$this->database->uuid}");
     }
+
+    private function buildStartCommand(): string
+    {
+        $hasKeydbConf = ! is_null($this->database->keydb_conf) && ! empty($this->database->keydb_conf);
+        $keydbConfPath = '/etc/keydb/keydb.conf';
+
+        if ($hasKeydbConf) {
+            $confContent = $this->database->keydb_conf;
+            $hasRequirePass = str_contains($confContent, 'requirepass');
+
+            if ($hasRequirePass) {
+                $command = "keydb-server $keydbConfPath";
+            } else {
+                $command = "keydb-server $keydbConfPath --requirepass {$this->database->keydb_password}";
+            }
+        } else {
+            $command = "keydb-server --requirepass {$this->database->keydb_password} --appendonly yes";
+        }
+
+        if ($this->database->enable_ssl) {
+            $sslArgs = [
+                '--tls-cert-file /etc/keydb/certs/server.crt',
+                '--tls-key-file /etc/keydb/certs/server.key',
+                '--tls-ca-cert-file /etc/keydb/certs/coolify-ca.crt',
+            ];
+            $command .= ' '.implode(' ', $sslArgs);
+        }
+
+        return $command;
+    }
 }
diff --git a/app/Livewire/Project/Database/Keydb/General.php b/app/Livewire/Project/Database/Keydb/General.php
index e768495eb..58db162a8 100644
--- a/app/Livewire/Project/Database/Keydb/General.php
+++ b/app/Livewire/Project/Database/Keydb/General.php
@@ -4,7 +4,9 @@ namespace App\Livewire\Project\Database\Keydb;
 
 use App\Actions\Database\StartDatabaseProxy;
 use App\Actions\Database\StopDatabaseProxy;
+use App\Helpers\SslHelper;
 use App\Models\Server;
+use App\Models\SslCertificate;
 use App\Models\StandaloneKeydb;
 use Exception;
 use Illuminate\Support\Facades\Auth;
@@ -53,6 +55,11 @@ class General extends Component
     #[Validate(['nullable', 'boolean'])]
     public bool $isLogDrainEnabled = false;
 
+    public $certificateValidUntil = null;
+
+    #[Validate(['nullable', 'boolean'])]
+    public bool $enable_ssl = false;
+
     public function getListeners()
     {
         $teamId = Auth::user()->currentTeam()->id;
@@ -67,6 +74,14 @@ class General extends Component
         try {
             $this->syncData();
             $this->server = data_get($this->database, 'destination.server');
+
+            $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass())
+                ->where('resource_id', $this->database->id)
+                ->first();
+
+            if ($existingCert) {
+                $this->certificateValidUntil = $existingCert->valid_until;
+            }
         } catch (\Throwable $e) {
             return handleError($e, $this);
         }
@@ -86,6 +101,7 @@ class General extends Component
             $this->database->public_port = $this->publicPort;
             $this->database->custom_docker_run_options = $this->customDockerRunOptions;
             $this->database->is_log_drain_enabled = $this->isLogDrainEnabled;
+            $this->database->enable_ssl = $this->enable_ssl;
             $this->database->save();
 
             $this->dbUrl = $this->database->internal_db_url;
@@ -101,6 +117,7 @@ class General extends Component
             $this->publicPort = $this->database->public_port;
             $this->customDockerRunOptions = $this->database->custom_docker_run_options;
             $this->isLogDrainEnabled = $this->database->is_log_drain_enabled;
+            $this->enable_ssl = $this->database->enable_ssl;
             $this->dbUrl = $this->database->internal_db_url;
             $this->dbUrlPublic = $this->database->external_db_url;
         }
@@ -179,4 +196,50 @@ class General extends Component
             }
         }
     }
+
+    public function instantSaveSSL()
+    {
+        try {
+            $this->syncData(true);
+            $this->dispatch('success', 'SSL configuration updated.');
+        } catch (Exception $e) {
+            return handleError($e, $this);
+        }
+    }
+
+    public function regenerateSslCertificate()
+    {
+        try {
+            $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass())
+                ->where('resource_id', $this->database->id)
+                ->where('server_id', $this->server->id)
+                ->first();
+
+            if (! $existingCert) {
+                $this->dispatch('error', 'No existing SSL certificate found for this database.');
+
+                return;
+            }
+
+            $caCert = SslCertificate::where('server_id', $existingCert->server_id)
+                ->where('is_ca_certificate', true)
+                ->first();
+
+            SslHelper::generateSslCertificate(
+                commonName: $existingCert->commonName,
+                subjectAlternativeNames: $existingCert->subjectAlternativeNames ?? [],
+                resourceType: $existingCert->resource_type,
+                resourceId: $existingCert->resource_id,
+                serverId: $existingCert->server_id,
+                caCert: $caCert->ssl_certificate,
+                caKey: $caCert->ssl_private_key,
+                configurationDir: $existingCert->configuration_dir,
+                mountPath: $existingCert->mount_path,
+            );
+
+            $this->dispatch('success', 'SSL certificates regenerated. Restart database to apply changes.');
+        } catch (Exception $e) {
+            handleError($e, $this);
+        }
+    }
 }
diff --git a/app/Models/StandaloneKeydb.php b/app/Models/StandaloneKeydb.php
index 3e80408ef..af95d58e5 100644
--- a/app/Models/StandaloneKeydb.php
+++ b/app/Models/StandaloneKeydb.php
@@ -223,7 +223,17 @@ class StandaloneKeydb extends BaseModel
     protected function internalDbUrl(): Attribute
     {
         return new Attribute(
-            get: fn () => "redis://:{$this->keydb_password}@{$this->uuid}:6379/0",
+            get: function () {
+                $scheme = $this->enable_ssl ? 'rediss' : 'redis';
+                $port = $this->enable_ssl ? 6380 : 6379;
+                $url = "{$scheme}://:{$this->keydb_password}@{$this->uuid}:{$port}/0";
+
+                if ($this->enable_ssl && $this->ssl_mode === 'verify-ca') {
+                    $url .= '?cacert=/etc/ssl/certs/coolify-ca.crt';
+                }
+
+                return $url;
+            }
         );
     }
 
@@ -232,7 +242,14 @@ class StandaloneKeydb extends BaseModel
         return new Attribute(
             get: function () {
                 if ($this->is_public && $this->public_port) {
-                    return "redis://:{$this->keydb_password}@{$this->destination->server->getIp}:{$this->public_port}/0";
+                    $scheme = $this->enable_ssl ? 'rediss' : 'redis';
+                    $url = "{$scheme}://:{$this->keydb_password}@{$this->destination->server->getIp}:{$this->public_port}/0";
+
+                    if ($this->enable_ssl && $this->ssl_mode === 'verify-ca') {
+                        $url .= '?cacert=/etc/ssl/certs/coolify-ca.crt';
+                    }
+
+                    return $url;
                 }
 
                 return null;
diff --git a/resources/views/livewire/project/database/keydb/general.blade.php b/resources/views/livewire/project/database/keydb/general.blade.php
index 362b7b363..8939bd00d 100644
--- a/resources/views/livewire/project/database/keydb/general.blade.php
+++ b/resources/views/livewire/project/database/keydb/general.blade.php
@@ -49,6 +49,40 @@
                     readonly value="Starting the database will generate this." />
             @endif
         </div>
+        <div class="flex flex-col gap-2">
+            <div class="flex items-center justify-between py-2">
+                <div class="flex items-center justify-between w-full">
+                    <h3>SSL Configuration</h3>
+                    @if($database->enable_ssl && $certificateValidUntil)
+                        <x-modal-confirmation
+                            title="Regenerate SSL Certificates"
+                            buttonTitle="Regenerate SSL Certificates"
+                            :actions="[
+                                'The SSL certificate of this database will be regenerated.',
+                                'You must restart the database after regenerating the certificate to start using the new certificate.'
+                            ]"
+                            submitAction="regenerateSslCertificate"
+                            :confirmWithText="false"
+                            :confirmWithPassword="false"
+                        />
+                    @endif
+                </div>
+            </div>
+            @if($database->enable_ssl && $certificateValidUntil)
+                <span class="text-sm">Valid until: 
+                @if(now()->gt($certificateValidUntil))
+                    <span class="text-red-500">{{ $certificateValidUntil->format('d.m.Y H:i:s') }} - Expired</span>
+                @elseif(now()->addDays(30)->gt($certificateValidUntil))
+                    <span class="text-red-500">{{ $certificateValidUntil->format('d.m.Y H:i:s') }} - Expiring soon</span>
+                @else
+                    <span>{{ $certificateValidUntil->format('d.m.Y H:i:s') }}</span>
+                @endif
+                </span>
+            @endif
+            <div class="flex flex-col gap-2">
+                <x-forms.checkbox id="database.enable_ssl" label="Enable SSL" wire:model.live="database.enable_ssl" instantSave="instantSaveSSL" />
+            </div>
+        </div>
         <div>
             <div class="flex flex-col py-2 w-64">
                 <div class="flex items-center gap-2 pb-2">

From 268fca3477a5ce594f96ba17a4d9ec94e9f21c31 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Mon, 10 Feb 2025 21:31:31 +0100
Subject: [PATCH 082/145] feat: SSL notification

---
 .../SslExpirationNotification.php             | 151 ++++++++++++++++++
 .../emails/ssl-certificate-renewed.blade.php  |  28 ++++
 2 files changed, 179 insertions(+)
 create mode 100644 app/Notifications/SslExpirationNotification.php
 create mode 100644 resources/views/emails/ssl-certificate-renewed.blade.php

diff --git a/app/Notifications/SslExpirationNotification.php b/app/Notifications/SslExpirationNotification.php
new file mode 100644
index 000000000..78e1e8be9
--- /dev/null
+++ b/app/Notifications/SslExpirationNotification.php
@@ -0,0 +1,151 @@
+<?php
+
+namespace App\Notifications;
+
+use App\Notifications\Dto\DiscordMessage;
+use App\Notifications\Dto\PushoverMessage;
+use App\Notifications\Dto\SlackMessage;
+use Illuminate\Notifications\Messages\MailMessage;
+use Illuminate\Support\Collection;
+use Spatie\Url\Url;
+
+class SslExpirationNotification extends CustomEmailNotification
+{
+    protected Collection $resources;
+
+    protected array $urls = [];
+
+    public function __construct(array|Collection $resources)
+    {
+        $this->onQueue('high');
+        $this->resources = collect($resources);
+
+        // Collect URLs for each resource
+        $this->resources->each(function ($resource) {
+            if (data_get($resource, 'environment.project.uuid')) {
+                $routeName = match ($resource->type()) {
+                    'application' => 'project.application.configuration',
+                    'database' => 'project.database.configuration',
+                    'service' => 'project.service.configuration',
+                    default => null
+                };
+
+                if ($routeName) {
+                    $route = route($routeName, [
+                        'project_uuid' => data_get($resource, 'environment.project.uuid'),
+                        'environment_uuid' => data_get($resource, 'environment.uuid'),
+                        $resource->type().'_uuid' => data_get($resource, 'uuid'),
+                    ]);
+
+                    $settings = instanceSettings();
+                    if (data_get($settings, 'fqdn')) {
+                        $url = Url::fromString($route);
+                        $url = $url->withPort(null);
+                        $fqdn = data_get($settings, 'fqdn');
+                        $fqdn = str_replace(['http://', 'https://'], '', $fqdn);
+                        $url = $url->withHost($fqdn);
+
+                        $this->urls[$resource->name] = $url->__toString();
+                    } else {
+                        $this->urls[$resource->name] = $route;
+                    }
+                }
+            }
+        });
+    }
+
+    public function via(object $notifiable): array
+    {
+        return $notifiable->getEnabledChannels('ssl_certificate_renewal');
+    }
+
+    public function toMail(): MailMessage
+    {
+        $mail = new MailMessage;
+        $mail->subject('Coolify: [Action Required] SSL Certificates Renewed - Manual Redeployment Needed');
+        $mail->view('emails.ssl-certificate-renewed', [
+            'resources' => $this->resources,
+            'urls' => $this->urls,
+        ]);
+
+        return $mail;
+    }
+
+    public function toDiscord(): DiscordMessage
+    {
+        $resourceNames = $this->resources->pluck('name')->join(', ');
+
+        $message = new DiscordMessage(
+            title: '🔒 SSL Certificates Renewed',
+            description: "SSL certificates have been renewed for: {$resourceNames}.\n\n**Action Required:** These resources need to be redeployed manually.",
+            color: DiscordMessage::warningColor(),
+        );
+
+        foreach ($this->urls as $name => $url) {
+            $message->addField($name, "[View Resource]({$url})");
+        }
+
+        return $message;
+    }
+
+    public function toTelegram(): array
+    {
+        $resourceNames = $this->resources->pluck('name')->join(', ');
+        $message = "Coolify: SSL certificates have been renewed for: {$resourceNames}.\n\nAction Required: These resources need to be redeployed manually for the new SSL certificates to take effect.";
+
+        $buttons = [];
+        foreach ($this->urls as $name => $url) {
+            $buttons[] = [
+                'text' => "View {$name}",
+                'url' => $url,
+            ];
+        }
+
+        return [
+            'message' => $message,
+            'buttons' => $buttons,
+        ];
+    }
+
+    public function toPushover(): PushoverMessage
+    {
+        $resourceNames = $this->resources->pluck('name')->join(', ');
+        $message = "SSL certificates have been renewed for: {$resourceNames}<br/><br/>";
+        $message .= '<b>Action Required:</b> These resources need to be redeployed manually for the new SSL certificates to take effect.';
+
+        $buttons = [];
+        foreach ($this->urls as $name => $url) {
+            $buttons[] = [
+                'text' => "View {$name}",
+                'url' => $url,
+            ];
+        }
+
+        return new PushoverMessage(
+            title: 'SSL Certificates Renewed',
+            level: 'warning',
+            message: $message,
+            buttons: $buttons,
+        );
+    }
+
+    public function toSlack(): SlackMessage
+    {
+        $resourceNames = $this->resources->pluck('name')->join(', ');
+        $description = "SSL certificates have been renewed for: {$resourceNames}\n\n";
+        $description .= '**Action Required:** These resources need to be redeployed manually for the new SSL certificates to take effect.';
+
+        if (! empty($this->urls)) {
+            $description .= "\n\n**Resource URLs:**\n";
+            foreach ($this->urls as $name => $url) {
+                $description .= "• {$name}: {$url}\n";
+            }
+        }
+
+        return new SlackMessage(
+            title: '🔒 SSL Certificates Renewed',
+            description: $description,
+            color: SlackMessage::warningColor()
+        );
+    }
+}
diff --git a/resources/views/emails/ssl-certificate-renewed.blade.php b/resources/views/emails/ssl-certificate-renewed.blade.php
new file mode 100644
index 000000000..3d0d7a7b2
--- /dev/null
+++ b/resources/views/emails/ssl-certificate-renewed.blade.php
@@ -0,0 +1,28 @@
+<x-emails.layout>
+<h2>SSL Certificates Renewed</h2>
+
+<p>SSL certificates have been renewed for the following resources:</p>
+
+<ul>
+@foreach($resources as $resource)
+    <li>{{ $resource->name }}</li>
+@endforeach
+</ul>
+
+<div style="margin: 20px 0; padding: 15px; background-color: #fff3cd; border: 1px solid #ffeeba; border-radius: 4px;">
+    <strong>⚠️ Action Required:</strong> These resources need to be redeployed manually for the new SSL certificates to take effect. Please do this in the next few days to ensure your database connections remain accessible.
+</div>
+
+<p>The old SSL certificates will remain valid for approximately 14 more days, as we renew certificates 14 days before their expiration.</p>
+
+@if(isset($urls) && count($urls) > 0)
+<div style="margin-top: 20px;">
+    <p>You can redeploy these resources here:</p>
+    <ul>
+    @foreach($urls as $name => $url)
+        <li><a href="{{ $url }}">{{ $name }}</a></li>
+    @endforeach
+    </ul>
+</div>
+@endif
+</x-emails.layout> 

From 0a738e6bff5a25f553214c3d8c3756f91eec26b4 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Tue, 11 Feb 2025 20:18:19 +0100
Subject: [PATCH 083/145] fix(ssl): KeyDB port and caCert args are missing

---
 app/Actions/Database/StartKeydb.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app/Actions/Database/StartKeydb.php b/app/Actions/Database/StartKeydb.php
index 1e601e689..8ec076dd2 100644
--- a/app/Actions/Database/StartKeydb.php
+++ b/app/Actions/Database/StartKeydb.php
@@ -287,9 +287,11 @@ class StartKeydb
 
         if ($this->database->enable_ssl) {
             $sslArgs = [
+                '--tls-port 6380',
                 '--tls-cert-file /etc/keydb/certs/server.crt',
                 '--tls-key-file /etc/keydb/certs/server.key',
                 '--tls-ca-cert-file /etc/keydb/certs/coolify-ca.crt',
+                '--tls-auth-clients optional',
             ];
             $command .= ' '.implode(' ', $sslArgs);
         }

From 4fdd5679c9ea417e1aecded3c2074e3812de369b Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Tue, 11 Feb 2025 20:18:42 +0100
Subject: [PATCH 084/145] fix(ui): enable SSL is not working correctly for
 KeyDB

---
 app/Livewire/Project/Database/Keydb/General.php                 | 2 +-
 .../views/livewire/project/database/keydb/general.blade.php     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/Livewire/Project/Database/Keydb/General.php b/app/Livewire/Project/Database/Keydb/General.php
index 58db162a8..fd7737343 100644
--- a/app/Livewire/Project/Database/Keydb/General.php
+++ b/app/Livewire/Project/Database/Keydb/General.php
@@ -57,7 +57,7 @@ class General extends Component
 
     public $certificateValidUntil = null;
 
-    #[Validate(['nullable', 'boolean'])]
+    #[Validate(['boolean'])]
     public bool $enable_ssl = false;
 
     public function getListeners()
diff --git a/resources/views/livewire/project/database/keydb/general.blade.php b/resources/views/livewire/project/database/keydb/general.blade.php
index 8939bd00d..58a41c289 100644
--- a/resources/views/livewire/project/database/keydb/general.blade.php
+++ b/resources/views/livewire/project/database/keydb/general.blade.php
@@ -80,7 +80,7 @@
                 </span>
             @endif
             <div class="flex flex-col gap-2">
-                <x-forms.checkbox id="database.enable_ssl" label="Enable SSL" wire:model.live="database.enable_ssl" instantSave="instantSaveSSL" />
+                <x-forms.checkbox id="enable_ssl" label="Enable SSL" wire:model.live="enable_ssl" instantSave="instantSaveSSL" />
             </div>
         </div>
         <div>

From d74c578a4a7fc6be460de6141a66e9d85217e9d8 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Tue, 11 Feb 2025 20:34:45 +0100
Subject: [PATCH 085/145] fix(ssl): add `--tls` arg to DrangflyDB

---
 app/Actions/Database/StartDragonfly.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/Actions/Database/StartDragonfly.php b/app/Actions/Database/StartDragonfly.php
index c9a2f173c..99bb5fa89 100644
--- a/app/Actions/Database/StartDragonfly.php
+++ b/app/Actions/Database/StartDragonfly.php
@@ -197,6 +197,7 @@ class StartDragonfly
 
         if ($this->database->enable_ssl) {
             $sslArgs = [
+                '--tls',
                 '--tls_cert_file /etc/dragonfly/certs/server.crt',
                 '--tls_key_file /etc/dragonfly/certs/server.key',
                 '--tls_ca_cert_file /etc/dragonfly/certs/coolify-ca.crt',

From f2888527534bdadeb3b3d16bc672c3569e6585a7 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Tue, 11 Feb 2025 20:55:33 +0100
Subject: [PATCH 086/145] fix(notification): always send SSL notifications

---
 app/Traits/HasNotificationSettings.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/Traits/HasNotificationSettings.php b/app/Traits/HasNotificationSettings.php
index ef858d0b6..236e4d97c 100644
--- a/app/Traits/HasNotificationSettings.php
+++ b/app/Traits/HasNotificationSettings.php
@@ -4,9 +4,9 @@ namespace App\Traits;
 
 use App\Notifications\Channels\DiscordChannel;
 use App\Notifications\Channels\EmailChannel;
+use App\Notifications\Channels\PushoverChannel;
 use App\Notifications\Channels\SlackChannel;
 use App\Notifications\Channels\TelegramChannel;
-use App\Notifications\Channels\PushoverChannel;
 use Illuminate\Database\Eloquent\Model;
 
 trait HasNotificationSettings
@@ -16,6 +16,7 @@ trait HasNotificationSettings
         'server_force_disabled',
         'general',
         'test',
+        'ssl_certificate_renewal',
     ];
 
     /**

From e86e96a29a261b6b52e08460274137fd0c146ec8 Mon Sep 17 00:00:00 2001
From: bopad <borisdelord@proton.me>
Date: Wed, 12 Feb 2025 14:43:50 +0100
Subject: [PATCH 087/145] add yaml + svg

---
 public/svgs/denoKV.svg        |  1 +
 templates/compose/denoKV.yaml | 25 +++++++++++++++++++++++++
 2 files changed, 26 insertions(+)
 create mode 100644 public/svgs/denoKV.svg
 create mode 100644 templates/compose/denoKV.yaml

diff --git a/public/svgs/denoKV.svg b/public/svgs/denoKV.svg
new file mode 100644
index 000000000..799fcf865
--- /dev/null
+++ b/public/svgs/denoKV.svg
@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 4410 4410"><circle cx="2200" cy="2200" r="2200" fill="#fff"/><path d="M384 3039a1991 1991 0 0 1-184-839c0-78 4-154 13-229a2007 2007 0 0 1 39-224A2000 2000 0 0 1 871 706a2001 2001 0 0 1 910-462 2004 2004 0 0 1 571-38 1994 1994 0 0 1 680 175 2003 2003 0 0 1 463 295 2004 2004 0 0 1 676 1180 2009 2009 0 0 1 29 344 2025 2025 0 0 1-6 152 1998 1998 0 0 1-121 551 2001 2001 0 0 1-397 646 1035 1035 0 0 1-738 323 722 722 0 0 1-688-910c17-64 62-186 127-240a762 762 0 0 1-205-138c-7-8-6-22 1-31a26 26 0 0 1 29-8 1458 1458 0 0 0 228 58c111 18 248 42 387 48 338 17 692-135 802-437 109-303 67-602-327-781-394-180-576-393-894-522-208-84-439-34-676 98-640 353-1213 1470-949 2505a32 32 0 0 1-52 31 2011 2011 0 0 1-209-272 2003 2003 0 0 1-128-234zm1745-1989c107-8 202 84 218 206 21 163-39 332-235 336-169 3-220-166-208-269 11-103 95-263 224-273z"/></svg>
\ No newline at end of file
diff --git a/templates/compose/denoKV.yaml b/templates/compose/denoKV.yaml
new file mode 100644
index 000000000..8709fc657
--- /dev/null
+++ b/templates/compose/denoKV.yaml
@@ -0,0 +1,25 @@
+# documentation: https://docs.deno.com/deploy/kv/manual/
+# slogan: The Denoland key-value database
+# tags: deno, kv, key-value, database
+# logo: svgs/deno.svg
+# port: 4512
+
+services:
+  denokv:
+    image: ghcr.io/denoland/denokv:latest
+    environment:
+      - 'ACCESS_TOKEN=${SERVICE_PASSWORD_DENOKV}'
+      - SERVICE_FQDN_DENOKV_4512
+    volumes:
+      - '${COOLIFY_VOLUME_APP}:/data'
+    command: '--sqlite-path /data/denokv.sqlite serve --access-token ${SERVICE_PASSWORD_DENOKV}'
+    healthcheck:
+      test:
+        - CMD
+        - nc
+        - '-zv'
+        - 127.0.0.1
+        - '4512'
+      interval: 5s
+      timeout: 5s
+      retries: 3

From e5bf2cc3900ee123f4943b346ebb67c863403053 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Urs=20Kr=C3=B6ll?=
 <109229014+UrsKroell@users.noreply.github.com>
Date: Sun, 16 Feb 2025 15:05:24 +0100
Subject: [PATCH 088/145] Add wakapi template

Adds a template to create a wakapi instance
---
 templates/compose/wakapi.yaml | 60 +++++++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)
 create mode 100644 templates/compose/wakapi.yaml

diff --git a/templates/compose/wakapi.yaml b/templates/compose/wakapi.yaml
new file mode 100644
index 000000000..45cc205ff
--- /dev/null
+++ b/templates/compose/wakapi.yaml
@@ -0,0 +1,60 @@
+# documentation: https://wakapi.dev/
+# slogan: A minimalist, self-hosted WakaTime-compatible backend for coding statistics 
+# tags: productivity, self-hosted, developer-tools, time-tracker, wakatime, wakatime-api, coding-statistics, statistics, timetracking, analytics
+# logo: svgs/wakapi.svg
+# port: 3000
+
+services:
+  wakapi:
+    image: ghcr.io/muety/wakapi:latest
+    environment:
+      - SERVICE_FQDN_WAKAPI_3000
+      - TZ=${TIMEZONE:-Europe/Berlin}
+
+      - WAKAPI_SERVER_LISTEN_IPV6="-"
+      - WAKAPI_ENV=${WAKAPI_ENVIRONMENT:-production}
+      - WAKAPI_SECURITY_PASSWORD_SALT=${SERVICE_BASE64_64_PASSWORDSALT}
+      - WAKAPI_SECURITY_EXPOSE_METRICS=${WAKAPI_SECURITY_EXPOSE_METRICS:-false}
+
+      # Database configuration
+      - WAKAPI_DB_TYPE=postgres
+      - WAKAPI_DB_NAME=${WAKAPI_DB_NAME:-wakapi}
+      - WAKAPI_DB_USER=${SERVICE_USER_DATABASE}
+      - WAKAPI_DB_PASSWORD=${SERVICE_PASSWORD_DATABASE}
+      - WAKAPI_DB_HOST=${WAKAPI_DB_HOST:-postgres}
+      - WAKAPI_DB_PORT=${WAKAPI_DB_PORT:-5432}
+
+      # SMTP configuration
+      - WAKAPI_MAIL_ENABLED=${WAKAPI_MAIL_ENABLED:-false}
+      - WAKAPI_MAIL_PROVIDER=smtp #only smtp supported
+      - WAKAPI_MAIL_SENDER=${WAKAPI_MAIL_SENDER}
+      - WAKAPI_MAIL_SMTP_HOST=${WAKAPI_MAIL_SMTP_HOST}
+      - WAKAPI_MAIL_SMTP_PORT=${WAKAPI_MAIL_SMTP_PORT:-587}
+      - WAKAPI_MAIL_SMTP_USERNAME=${WAKAPI_MAIL_SMTP_USERNAME}
+      - WAKAPI_MAIL_SMTP_PASSWORD=${WAKAPI_MAIL_SMTP_PASSWORD} 
+    
+    volumes:
+      - wakapi-data:/data
+    depends_on:
+      postgres:
+        condition: service_healthy
+    healthcheck:
+      test: ["CMD-SHELL", "wget -qO- http://127.0.0.1:3000/"]
+      interval: 2s
+      timeout: 10s
+      retries: 15
+
+  postgres:
+    image: postgres:16-alpine
+    volumes:
+      - wakapi-postgres-data:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_USER=${SERVICE_USER_DATABASE}
+      - POSTGRES_PASSWORD=${SERVICE_PASSWORD_DATABASE}
+      - POSTGRES_DB=${WAKAPI_DB_NAME:-wakapi}
+      - POSTGRES_PORT=${WAKAPI_DB_PORT:-5432}
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"]
+      interval: 5s
+      timeout: 20s
+      retries: 10

From cd51b94d733708db9fe359638e86545a3278ae2c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Urs=20Kr=C3=B6ll?=
 <109229014+UrsKroell@users.noreply.github.com>
Date: Sun, 16 Feb 2025 15:06:14 +0100
Subject: [PATCH 089/145] Add wakapi logo

Add the svg logo for wakapi
---
 public/svgs/wakapi.svg | 150 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 150 insertions(+)
 create mode 100644 public/svgs/wakapi.svg

diff --git a/public/svgs/wakapi.svg b/public/svgs/wakapi.svg
new file mode 100644
index 000000000..1f5dfb0c0
--- /dev/null
+++ b/public/svgs/wakapi.svg
@@ -0,0 +1,150 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="275.9418mm"
+   height="107.06042mm"
+   viewBox="0 0 275.9418 107.06042"
+   version="1.1"
+   id="svg900"
+   inkscape:version="1.0.1 (3bc2e813f5, 2020-09-07)"
+   sodipodi:docname="logo-dark-bg.svg">
+  <defs
+     id="defs894">
+    <clipPath
+       clipPathUnits="userSpaceOnUse"
+       id="clipPath20">
+      <path
+         d="M 0,700 H 1100 V 0 H 0 Z"
+         id="path18" />
+    </clipPath>
+  </defs>
+  <sodipodi:namedview
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0.0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="0.35"
+     inkscape:cx="501.46484"
+     inkscape:cy="865.17604"
+     inkscape:document-units="mm"
+     inkscape:current-layer="layer1"
+     inkscape:document-rotation="0"
+     showgrid="false"
+     inkscape:window-width="1346"
+     inkscape:window-height="1198"
+     inkscape:window-x="149"
+     inkscape:window-y="113"
+     inkscape:window-maximized="0" />
+  <metadata
+     id="metadata897">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title></dc:title>
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <g
+     inkscape:label="Layer 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(26.845906,80.744493)">
+    <g
+       id="g14"
+       transform="matrix(0.35277777,0,0,-0.35277777,-100.60779,96.696294)">
+      <g
+         id="g16"
+         clip-path="url(#clipPath20)">
+        <g
+           id="g22"
+           transform="translate(600.9092,345.958)" />
+        <g
+           id="g26"
+           transform="translate(706.707,299.5566)" />
+        <g
+           id="g30"
+           transform="translate(810.2764,345.958)" />
+        <g
+           id="g34"
+           transform="translate(930.5527,345.958)" />
+        <g
+           id="g40"
+           transform="translate(503.8398,367.5195)">
+          <path
+             d="m 8.7266003,-16.286056 c 0,-3.170064 -0.10674,-6.340128 -0.32021,-9.492657 -0.85541,-13.857403 -3.56194,-27.197135 -7.89009005,-39.789715 C -18.95161,-122.31318 -71.13644,-163.86557 -133.5283,-167.69511 c -3.13424,-0.23101 -6.30506,-0.32097 -9.49342,-0.32097 -3.1876,0 -6.33937,0.09 -9.4919,0.32097 -76.24773,4.68419 -137.23296,65.6679 -141.91639,141.916397 -0.23101,3.152529 -0.32098,6.322593 -0.32098,9.492657 0,3.188361 0.09,6.358425 0.32098,9.493419 4.68343,76.22944 65.66866,137.249737 141.91639,141.933927 3.15253,0.21348 6.3043,0.32098 9.4919,0.32098 3.18836,0 6.35918,-0.1075 9.49342,-0.32098 V 94.354359 h -18.98532 V 110.75818 C -215.22645,106.14489 -265.43361,55.901133 -270.06444,-6.792637 h 14.65793 v -18.986076 h -14.65793 c 4.63083,-62.712067 54.83799,-112.920757 117.55082,-117.551577 v 16.72479 h 18.98532 v -16.72479 c 46.32654,3.42013 85.86619,31.73876 105.20907,71.59937 6.83873,14.070117 11.14859,29.584217 12.34251,45.952207 h -0.0358 l 8.8697703,18.986076 h 15.54917 c 0.21347,-3.134994 0.32021,-6.305058 0.32021,-9.493419"
+             style="fill:#2f855a;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.762401"
+             id="path42" />
+        </g>
+        <g
+           id="g44"
+           transform="translate(504.2754,431.2373)">
+          <path
+             d="m 11.6231,-31.425333 -17.1029497,8.252992 -4.6666503,-9.703842 -9.61922,-20.006168 -37.98968,-78.855149 -0.0572,-0.0854 h -37.47886 l -0.0282,0.0572 0.0282,0.0854 14.77,30.64853 3.78456,7.85425 0.19898,0.42618 19.2087,39.869009 7.37013,15.25336 2.27653,4.752808 11.72497,24.386926 -5.77672,2.761416 -9.59024,4.638449 49.9708203,23.249422 z"
+             style="fill:#2f855a;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.762401"
+             id="path46" />
+        </g>
+        <g
+           id="g48"
+           transform="translate(258.5654,361.2139)">
+          <path
+             d="m 65.50352,-19.287853 v -0.0183 L 46.73396,-58.308305 12.56848,12.654468 2.9523203,32.646912 H 40.49066 l 9.63446,-19.992444 z"
+             style="fill:#2f855a;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.762401"
+             id="path50" />
+        </g>
+        <g
+           id="g52"
+           transform="translate(320.9248,367.3867)">
+          <path
+             d="M 52.18699,-16.254503 27.28545,-67.966647 v -0.01906 h -37.57494 v 0.01906 l 18.7870903,39.002155 19.2506297,39.94677 5.65168,11.764611 5.66921,-11.764611 9.2647,-19.232331 z"
+             style="fill:#2f855a;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.762401"
+             id="path54" />
+        </g>
+        <g
+           id="g56"
+           transform="translate(383.7656,359.833)">
+          <path
+             d="m 38.75609,-18.959752 -3.78456,-7.854257 -14.7982,-30.591345 -0.0282,-0.08539 -25.2979997,52.560696 -9.1358503,18.95253 -9.61769,20.005406 h 37.10759 z"
+             style="fill:#2f855a;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.762401"
+             id="path58" />
+        </g>
+      </g>
+    </g>
+    <g
+       aria-label="akapi"
+       transform="matrix(0.35277777,0,0,0.35277777,-84.30991,101.5377)"
+       id="text856"
+       style="font-style:normal;font-variant:normal;font-weight:500;font-stretch:normal;font-size:176px;line-height:1.25;font-family:Roboto;-inkscape-font-specification:'Roboto, Medium';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;letter-spacing:7.5px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.75">
+      <path
+         d="m 565.57956,-313.41107 q -1.375,-2.66406 -2.40625,-8.67969 -9.96875,10.39844 -24.40625,10.39844 -14.00781,0 -22.85938,-7.99219 -8.85156,-7.99219 -8.85156,-19.76562 0,-14.86719 11,-22.77344 11.08594,-7.99219 31.625,-7.99219 h 12.80469 v -6.10156 q 0,-7.21875 -4.03906,-11.51563 -4.03907,-4.38281 -12.28907,-4.38281 -7.13281,0 -11.6875,3.60938 -4.55468,3.52343 -4.55468,9.02343 h -20.88282 q 0,-7.64843 5.07032,-14.26562 5.07031,-6.70313 13.75,-10.48438 8.76562,-3.78125 19.50781,-3.78125 16.32812,0 26.03906,8.25 9.71094,8.16407 9.96875,23.03125 v 41.9375 q 0,12.54688 3.52344,20.02344 v 1.46094 z m -22.94531,-15.03906 q 6.1875,0 11.60156,-3.00782 5.5,-3.00781 8.25,-8.07812 v -17.53125 H 551.228 q -11.60157,0 -17.44532,4.03906 -5.84375,4.03906 -5.84375,11.42969 0,6.01562 3.95313,9.625 4.03906,3.52344 10.74219,3.52344 z"
+         style="font-style:normal;font-variant:normal;font-weight:500;font-stretch:normal;font-size:176px;font-family:Roboto;-inkscape-font-specification:'Roboto, Medium';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;fill:#ffffff;fill-opacity:1;stroke-width:0.75"
+         id="path851" />
+      <path
+         d="m 642.94675,-353.28607 -9.28125,9.53906 v 30.33594 h -20.88282 v -132 h 20.88282 v 76.14062 l 6.53125,-8.16406 25.69531,-28.96094 h 25.09375 l -34.54688,38.75782 38.24219,54.22656 h -24.14844 z"
+         style="font-style:normal;font-variant:normal;font-weight:500;font-stretch:normal;font-size:176px;font-family:Roboto;-inkscape-font-specification:'Roboto, Medium';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;fill:#ffffff;fill-opacity:1;stroke-width:0.75"
+         id="path853" />
+      <path
+         d="m 767.6655,-313.41107 q -1.375,-2.66406 -2.40625,-8.67969 -9.96875,10.39844 -24.40625,10.39844 -14.00782,0 -22.85938,-7.99219 -8.85156,-7.99219 -8.85156,-19.76562 0,-14.86719 11,-22.77344 11.08594,-7.99219 31.625,-7.99219 h 12.80469 v -6.10156 q 0,-7.21875 -4.03907,-11.51563 -4.03906,-4.38281 -12.28906,-4.38281 -7.13281,0 -11.6875,3.60938 -4.55469,3.52343 -4.55469,9.02343 h -20.88281 q 0,-7.64843 5.07031,-14.26562 5.07032,-6.70313 13.75,-10.48438 8.76563,-3.78125 19.50782,-3.78125 16.32812,0 26.03906,8.25 9.71094,8.16407 9.96875,23.03125 v 41.9375 q 0,12.54688 3.52344,20.02344 v 1.46094 z m -22.94532,-15.03906 q 6.1875,0 11.60157,-3.00782 5.5,-3.00781 8.25,-8.07812 v -17.53125 h -11.25782 q -11.60156,0 -17.44531,4.03906 -5.84375,4.03906 -5.84375,11.42969 0,6.01562 3.95313,9.625 4.03906,3.52344 10.74218,3.52344 z"
+         style="font-style:normal;font-variant:normal;font-weight:500;font-stretch:normal;font-size:176px;font-family:Roboto;-inkscape-font-specification:'Roboto, Medium';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;fill:#ffffff;fill-opacity:1;stroke-width:0.75"
+         id="path855" />
+      <path
+         d="m 896.25143,-358.95795 q 0,21.57032 -9.79687,34.46094 -9.79688,12.80469 -26.29688,12.80469 -15.29687,0 -24.49218,-10.05469 v 44.08594 h -20.88282 v -128.73438 h 19.25 l 0.85938,9.45313 q 9.19531,-11.17188 25.00781,-11.17188 17.01563,0 26.64063,12.71875 9.71093,12.63282 9.71093,35.14844 z m -20.79687,-1.80468 q 0,-13.92188 -5.58594,-22.08594 -5.5,-8.16406 -15.8125,-8.16406 -12.80469,0 -18.39062,10.57031 v 41.25 q 5.67187,10.82812 18.5625,10.82812 9.96875,0 15.55468,-7.99218 5.67188,-8.07813 5.67188,-24.40625 z"
+         style="font-style:normal;font-variant:normal;font-weight:500;font-stretch:normal;font-size:176px;font-family:Roboto;-inkscape-font-specification:'Roboto, Medium';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;fill:#ffffff;fill-opacity:1;stroke-width:0.75"
+         id="path857" />
+      <path
+         d="m 943.62643,-313.41107 h -20.88281 v -92.98438 h 20.88281 z m -22.17187,-117.13281 q 0,-4.8125 3.00781,-7.99219 3.09375,-3.17969 8.76563,-3.17969 5.67187,0 8.76562,3.17969 3.09375,3.17969 3.09375,7.99219 0,4.72656 -3.09375,7.90625 -3.09375,3.09375 -8.76562,3.09375 -5.67188,0 -8.76563,-3.09375 -3.00781,-3.17969 -3.00781,-7.90625 z"
+         style="font-style:normal;font-variant:normal;font-weight:500;font-stretch:normal;font-size:176px;font-family:Roboto;-inkscape-font-specification:'Roboto, Medium';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;fill:#ffffff;fill-opacity:1;stroke-width:0.75"
+         id="path859" />
+    </g>
+  </g>
+</svg>

From 4a0cab8be3320e83a7f79defc8ab2e7b4b9c91bc Mon Sep 17 00:00:00 2001
From: Mike M <mikester70387@gmail.com>
Date: Sun, 16 Feb 2025 16:44:22 -0800
Subject: [PATCH 090/145] Added support for passing hd parameter to Google via
 existing tenant column in oauth_settings

---
 app/Providers/EventServiceProvider.php        |  2 +
 bootstrap/helpers/socialite.php               | 13 +++++-
 composer.json                                 |  3 +-
 composer.lock                                 | 43 ++++++++++++++++++-
 config/services.php                           |  8 ++++
 .../views/livewire/settings-oauth.blade.php   |  5 +++
 6 files changed, 71 insertions(+), 3 deletions(-)

diff --git a/app/Providers/EventServiceProvider.php b/app/Providers/EventServiceProvider.php
index 428f78cb5..d76ec3037 100644
--- a/app/Providers/EventServiceProvider.php
+++ b/app/Providers/EventServiceProvider.php
@@ -11,6 +11,7 @@ use Illuminate\Foundation\Events\MaintenanceModeEnabled;
 use Illuminate\Foundation\Support\Providers\EventServiceProvider as ServiceProvider;
 use SocialiteProviders\Authentik\AuthentikExtendSocialite;
 use SocialiteProviders\Azure\AzureExtendSocialite;
+use SocialiteProviders\Google\GoogleExtendSocialite;
 use SocialiteProviders\Infomaniak\InfomaniakExtendSocialite;
 use SocialiteProviders\Manager\SocialiteWasCalled;
 
@@ -26,6 +27,7 @@ class EventServiceProvider extends ServiceProvider
         SocialiteWasCalled::class => [
             AzureExtendSocialite::class.'@handle',
             AuthentikExtendSocialite::class.'@handle',
+            GoogleExtendSocialite::class.'@handle',
             InfomaniakExtendSocialite::class.'@handle',
         ],
         ProxyStarted::class => [
diff --git a/bootstrap/helpers/socialite.php b/bootstrap/helpers/socialite.php
index 09dffb78a..16870e33d 100644
--- a/bootstrap/helpers/socialite.php
+++ b/bootstrap/helpers/socialite.php
@@ -29,6 +29,18 @@ function get_socialite_provider(string $provider)
         return Socialite::driver('authentik')->setConfig($authentik_config);
     }
 
+    if ($provider == 'google') {
+        $google_config = new \SocialiteProviders\Manager\Config(
+            $oauth_setting->client_id,
+            $oauth_setting->client_secret,
+            $oauth_setting->redirect_uri
+        );
+
+        return Socialite::driver('google')
+            ->setConfig($google_config)
+            ->with(['hd' => $oauth_setting->tenant]);
+    }
+
     $config = [
         'client_id' => $oauth_setting->client_id,
         'client_secret' => $oauth_setting->client_secret,
@@ -39,7 +51,6 @@ function get_socialite_provider(string $provider)
         'bitbucket' => \Laravel\Socialite\Two\BitbucketProvider::class,
         'github' => \Laravel\Socialite\Two\GithubProvider::class,
         'gitlab' => \Laravel\Socialite\Two\GitlabProvider::class,
-        'google' => \Laravel\Socialite\Two\GoogleProvider::class,
         'infomaniak' => \SocialiteProviders\Infomaniak\Provider::class,
     ];
 
diff --git a/composer.json b/composer.json
index f01913b5f..e5aeb6126 100644
--- a/composer.json
+++ b/composer.json
@@ -40,6 +40,7 @@
         "resend/resend-laravel": "^0.15.0",
         "sentry/sentry-laravel": "^4.6",
         "socialiteproviders/authentik": "^5.2",
+        "socialiteproviders/google": "^4.1",
         "socialiteproviders/infomaniak": "^4.0",
         "socialiteproviders/microsoft-azure": "^5.1",
         "spatie/laravel-activitylog": "^4.7.3",
@@ -125,4 +126,4 @@
             "@php artisan key:generate --ansi"
         ]
     }
-}
\ No newline at end of file
+}
diff --git a/composer.lock b/composer.lock
index 97b40f7c7..5a7e04bbc 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "9c1a0833be38d1f058f216dcaa522077",
+    "content-hash": "dcf6b2f554372a570628d7f85184df7b",
     "packages": [
         {
             "name": "3sidedcube/laravel-redoc",
@@ -7474,6 +7474,47 @@
             },
             "time": "2023-11-07T22:21:16+00:00"
         },
+        {
+            "name": "socialiteproviders/google",
+            "version": "4.1.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/SocialiteProviders/Google-Plus.git",
+                "reference": "1cb8f6fb2c0dd0fc8b34e95f69865663fdf0b401"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/SocialiteProviders/Google-Plus/zipball/1cb8f6fb2c0dd0fc8b34e95f69865663fdf0b401",
+                "reference": "1cb8f6fb2c0dd0fc8b34e95f69865663fdf0b401",
+                "shasum": ""
+            },
+            "require": {
+                "ext-json": "*",
+                "php": "^7.2 || ^8.0",
+                "socialiteproviders/manager": "~4.0"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "SocialiteProviders\\Google\\": ""
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "xstoop",
+                    "email": "myenglishnameisx@gmail.com"
+                }
+            ],
+            "description": "Google OAuth2 Provider for Laravel Socialite",
+            "support": {
+                "source": "https://github.com/SocialiteProviders/Google-Plus/tree/4.1.0"
+            },
+            "time": "2020-12-01T23:10:59+00:00"
+        },
         {
             "name": "socialiteproviders/infomaniak",
             "version": "4.0.0",
diff --git a/config/services.php b/config/services.php
index 46fd12ec3..d1c4a3699 100644
--- a/config/services.php
+++ b/config/services.php
@@ -45,4 +45,12 @@ return [
         'client_secret' => env('AUTHENTIK_CLIENT_SECRET'),
         'redirect' => env('AUTHENTIK_REDIRECT_URI'),
     ],
+
+    'google' => [
+        'client_id' => env('GOOGLE_CLIENT_ID'),
+        'client_secret' => env('GOOGLE_CLIENT_SECRET'),
+        'redirect' => env('GOOGLE_REDIRECT_URI'),
+        'tenant' => env('GOOGLE_TENANT'),
+    ],
+
 ];
diff --git a/resources/views/livewire/settings-oauth.blade.php b/resources/views/livewire/settings-oauth.blade.php
index 2f0d28cfc..7062ef4d4 100644
--- a/resources/views/livewire/settings-oauth.blade.php
+++ b/resources/views/livewire/settings-oauth.blade.php
@@ -32,6 +32,11 @@
                             <x-forms.input id="oauth_settings_map.{{ $oauth_setting->provider }}.tenant"
                                 label="Tenant" />
                         @endif
+                        @if ($oauth_setting->provider == 'google')
+                            <x-forms.input id="oauth_settings_map.{{ $oauth_setting->provider }}.tenant"
+                                helper="Optional parameter that supplies a hosted domain (HD) to Google, which<br>triggers a login hint to be displayed on the OAuth screen with this domain.<br><br><a class='underline dark:text-warning text-coollabs' href='https://developers.google.com/identity/openid-connect/openid-connect#hd-param' target='_blank'>Google Documentation</a>"
+                                label="Tenant" />
+                        @endif
                         @if ($oauth_setting->provider == 'authentik')
                             <x-forms.input id="oauth_settings_map.{{ $oauth_setting->provider }}.base_url"
                                 label="Base URL" />

From ee130da0ccd1b8ea9bf6ee1e9ab9b3df9ab13051 Mon Sep 17 00:00:00 2001
From: phenomen <phenomen@pm.me>
Date: Sun, 16 Feb 2025 20:36:04 -0600
Subject: [PATCH 091/145] Update Foundry VTT template

---
 templates/compose/foundryvtt.yaml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/templates/compose/foundryvtt.yaml b/templates/compose/foundryvtt.yaml
index 5cf961a37..75b86841f 100644
--- a/templates/compose/foundryvtt.yaml
+++ b/templates/compose/foundryvtt.yaml
@@ -39,12 +39,17 @@ services:
     - FOUNDRY_MINIFY_STATIC_FILES=${FOUNDRY_MINIFY_STATIC_FILES:-true}
     # The world ID to startup at system start.
     - FOUNDRY_WORLD=${FOUNDRY_WORLD}
+    # Optional telemetry.
     - FOUNDRY_TELEMETRY=${FOUNDRY_TELEMETRY:-false}
+    # The timezone to use for the server.
     - TIMEZONE=${TIMEZONE:-UTC}
     # Set a path to cache downloads of the Foundry distribution archive and speed up subsequent container startups.
     - CONTAINER_CACHE=/data/container_cache
     volumes:
-    - foundryvtt-data:/data
+      - type: bind
+        source: ${FOUNDRY_DATA:-/data/foundryvtt}
+        target: /data
+        is_directory: true
     healthcheck:
       test: ["CMD", "curl", "-f", "http://127.0.0.1:30000"]
       timeout: 5s

From ca380213d51499394f2dad2f29f142b7d53137dd Mon Sep 17 00:00:00 2001
From: Manish Gupta <59428681+mguptahub@users.noreply.github.com>
Date: Mon, 17 Feb 2025 15:49:19 +0530
Subject: [PATCH 092/145] updated 'plane.yaml' to use APP_RELEASE environment
 variable

---
 templates/compose/plane.yaml | 22 ++++++++++------------
 1 file changed, 10 insertions(+), 12 deletions(-)

diff --git a/templates/compose/plane.yaml b/templates/compose/plane.yaml
index fc62cb122..d1fcf78fa 100644
--- a/templates/compose/plane.yaml
+++ b/templates/compose/plane.yaml
@@ -5,6 +5,7 @@
 
 x-app-env: &app-env
   environment:
+    - APP_RELEASE=${APP_RELEASE:-v0.24.1}
     - WEB_URL=${SERVICE_FQDN_PLANE}
     - DEBUG=${DEBUG:-0}
     - CORS_ALLOWED_ORIGINS=${CORS_ALLOWED_ORIGIN:-http://localhost}
@@ -54,7 +55,7 @@ services:
       - SERVICE_FQDN_PLANE
       - FILE_SIZE_LIMIT=${FILE_SIZE_LIMIT:-5242880}
       - BUCKET_NAME=${BUCKET_NAME:-uploads}
-    image: makeplane/plane-proxy:stable
+    image: makeplane/plane-proxy:${APP_RELEASE:-v0.24.1}
     depends_on:
       - web
       - api
@@ -66,8 +67,7 @@ services:
       retries: 15
 
   web:
-    <<: *app-env
-    image: makeplane/plane-frontend:stable
+    image: makeplane/plane-frontend:${APP_RELEASE:-v0.24.1}
     command: node web/server.js web
     depends_on:
       - api
@@ -78,8 +78,7 @@ services:
       timeout: 10s
       retries: 15
   space:
-    <<: *app-env
-    image: makeplane/plane-space:stable
+    image: makeplane/plane-space:${APP_RELEASE:-v0.24.1}
     command: node space/server.js space
     depends_on:
       - api
@@ -92,8 +91,7 @@ services:
       retries: 15
 
   admin:
-    <<: *app-env
-    image: makeplane/plane-admin:stable
+    image: makeplane/plane-admin:${APP_RELEASE:-v0.24.1}
     command: node admin/server.js admin
     depends_on:
       - api
@@ -106,7 +104,7 @@ services:
 
   live:
     <<: *app-env
-    image: makeplane/plane-live:stable
+    image: makeplane/plane-live:${APP_RELEASE:-v0.24.1}
     command: node live/dist/server.js live
     depends_on:
       - api
@@ -119,7 +117,7 @@ services:
 
   api:
     <<: *app-env
-    image: makeplane/plane-backend:stable
+    image: makeplane/plane-backend:${APP_RELEASE:-v0.24.1}
     command: ./bin/docker-entrypoint-api.sh
     volumes:
       - logs_api:/code/plane/logs
@@ -134,7 +132,7 @@ services:
 
   worker:
     <<: *app-env
-    image: makeplane/plane-backend:stable
+    image: makeplane/plane-backend:${APP_RELEASE:-v0.24.1}
     command: ./bin/docker-entrypoint-worker.sh
     volumes:
       - logs_worker:/code/plane/logs
@@ -150,7 +148,7 @@ services:
 
   beat-worker:
     <<: *app-env
-    image: makeplane/plane-backend:stable
+    image: makeplane/plane-backend:${APP_RELEASE:-v0.24.1}
     command: ./bin/docker-entrypoint-beat.sh
     volumes:
       - logs_beat-worker:/code/plane/logs
@@ -166,7 +164,7 @@ services:
 
   migrator:
     <<: *app-env
-    image: makeplane/plane-backend:stable
+    image: makeplane/plane-backend:${APP_RELEASE:-v0.24.1}
     restart: "no"
     command: ./bin/docker-entrypoint-migrator.sh
     volumes:

From 0d12b8296e4d4f91517a4a7d4518df2b169787de Mon Sep 17 00:00:00 2001
From: "Gauthier A." <gauthier.andre@protonmail.com>
Date: Mon, 17 Feb 2025 23:10:21 +0100
Subject: [PATCH 093/145] fix wrong database container name + code
 simplification

---
 app/Actions/Database/StartDatabaseProxy.php | 68 ++++-----------------
 1 file changed, 11 insertions(+), 57 deletions(-)

diff --git a/app/Actions/Database/StartDatabaseProxy.php b/app/Actions/Database/StartDatabaseProxy.php
index d9272356c..14be9d2bc 100644
--- a/app/Actions/Database/StartDatabaseProxy.php
+++ b/app/Actions/Database/StartDatabaseProxy.php
@@ -22,74 +22,28 @@ class StartDatabaseProxy
 
     public function handle(StandaloneRedis|StandalonePostgresql|StandaloneMongodb|StandaloneMysql|StandaloneMariadb|StandaloneKeydb|StandaloneDragonfly|StandaloneClickhouse|ServiceDatabase $database)
     {
-        $internalPort = null;
-        $type = $database->getMorphClass();
+        $databaseType = $database->database_type;
         $network = data_get($database, 'destination.network');
         $server = data_get($database, 'destination.server');
         $containerName = data_get($database, 'uuid');
         $proxyContainerName = "{$database->uuid}-proxy";
+
         if ($database->getMorphClass() === \App\Models\ServiceDatabase::class) {
             $databaseType = $database->databaseType();
             // $connectPredefined = data_get($database, 'service.connect_to_docker_network');
             $network = $database->service->uuid;
             $server = data_get($database, 'service.destination.server');
             $proxyContainerName = "{$database->service->uuid}-proxy";
-            switch ($databaseType) {
-                case 'standalone-mariadb':
-                    $type = \App\Models\StandaloneMariadb::class;
-                    $containerName = "mariadb-{$database->service->uuid}";
-                    break;
-                case 'standalone-mongodb':
-                    $type = \App\Models\StandaloneMongodb::class;
-                    $containerName = "mongodb-{$database->service->uuid}";
-                    break;
-                case 'standalone-mysql':
-                    $type = \App\Models\StandaloneMysql::class;
-                    $containerName = "mysql-{$database->service->uuid}";
-                    break;
-                case 'standalone-postgresql':
-                    $type = \App\Models\StandalonePostgresql::class;
-                    $containerName = "postgresql-{$database->service->uuid}";
-                    break;
-                case 'standalone-redis':
-                    $type = \App\Models\StandaloneRedis::class;
-                    $containerName = "redis-{$database->service->uuid}";
-                    break;
-                case 'standalone-keydb':
-                    $type = \App\Models\StandaloneKeydb::class;
-                    $containerName = "keydb-{$database->service->uuid}";
-                    break;
-                case 'standalone-dragonfly':
-                    $type = \App\Models\StandaloneDragonfly::class;
-                    $containerName = "dragonfly-{$database->service->uuid}";
-                    break;
-                case 'standalone-clickhouse':
-                    $type = \App\Models\StandaloneClickhouse::class;
-                    $containerName = "clickhouse-{$database->service->uuid}";
-                    break;
-                case 'standalone-supabase/postgres':
-                    $type = \App\Models\StandalonePostgresql::class;
-                    $containerName = "supabase-db-{$database->service->uuid}";
-                    break;
-            }
-        }
-        if ($type === \App\Models\StandaloneRedis::class) {
-            $internalPort = 6379;
-        } elseif ($type === \App\Models\StandalonePostgresql::class) {
-            $internalPort = 5432;
-        } elseif ($type === \App\Models\StandaloneMongodb::class) {
-            $internalPort = 27017;
-        } elseif ($type === \App\Models\StandaloneMysql::class) {
-            $internalPort = 3306;
-        } elseif ($type === \App\Models\StandaloneMariadb::class) {
-            $internalPort = 3306;
-        } elseif ($type === \App\Models\StandaloneKeydb::class) {
-            $internalPort = 6379;
-        } elseif ($type === \App\Models\StandaloneDragonfly::class) {
-            $internalPort = 6379;
-        } elseif ($type === \App\Models\StandaloneClickhouse::class) {
-            $internalPort = 9000;
+            $containerName = "{$database->name}-{$database->service->uuid}";
         }
+
+        $internalPort = match ($databaseType) {
+            'standalone-mariadb', 'standalone-mysql' => 3306,
+            'standalone-postgresql', 'standalone-supabase/postgres' => 5432,
+            'standalone-redis', 'standalone-keydb', 'standalone-dragonfly' => 6379,
+            'standalone-clickhouse' => 9000,
+        };
+
         $configuration_dir = database_proxy_dir($database->uuid);
         $nginxconf = <<<EOF
     user  nginx;

From 225f24e6507405c3bb39f0db835d37486e907b08 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Wed, 19 Feb 2025 18:04:58 +0100
Subject: [PATCH 094/145] chore: improve code quality suggested by code rabbit

---
 app/Actions/Database/StartDragonfly.php       |  8 +--
 app/Actions/Database/StartKeydb.php           |  8 +--
 app/Actions/Database/StartMariadb.php         |  6 +--
 app/Actions/Database/StartMongodb.php         |  6 +--
 app/Actions/Database/StartMysql.php           |  6 +--
 app/Actions/Database/StartPostgresql.php      |  6 +--
 app/Actions/Database/StartRedis.php           |  6 +--
 app/Actions/Server/InstallDocker.php          |  2 +-
 app/Jobs/RegenerateSslCertJob.php             | 18 +++----
 .../Project/Database/Dragonfly/General.php    | 12 ++---
 .../Project/Database/Keydb/General.php        | 12 ++---
 .../Project/Database/Mariadb/General.php      | 12 ++---
 .../Project/Database/Mongodb/General.php      | 12 ++---
 .../Project/Database/Mysql/General.php        | 12 ++---
 .../Project/Database/Postgresql/General.php   | 12 ++---
 .../Project/Database/Redis/General.php        | 12 ++---
 app/Livewire/Server/Advanced.php              |  5 +-
 app/Models/StandaloneClickhouse.php           | 12 ++++-
 app/Models/StandaloneDragonfly.php            |  6 ++-
 app/Models/StandaloneKeydb.php                |  6 ++-
 app/Models/StandaloneMariadb.php              | 12 ++++-
 app/Models/StandaloneMongodb.php              |  9 ++--
 app/Models/StandaloneMysql.php                |  8 ++-
 app/Models/StandalonePostgresql.php           |  8 ++-
 app/Models/StandaloneRedis.php                | 10 ++--
 ...5223_encrypt_local_file_volumes_fields.php | 54 ++++++++++---------
 database/seeders/CaSslCertSeeder.php          |  2 +-
 27 files changed, 138 insertions(+), 144 deletions(-)

diff --git a/app/Actions/Database/StartDragonfly.php b/app/Actions/Database/StartDragonfly.php
index 99bb5fa89..882ed3c2e 100644
--- a/app/Actions/Database/StartDragonfly.php
+++ b/app/Actions/Database/StartDragonfly.php
@@ -36,9 +36,7 @@ class StartDragonfly
 
         if (! $this->database->enable_ssl) {
             $this->commands[] = "rm -rf $this->configuration_dir/ssl";
-            SslCertificate::where('resource_type', $this->database->getMorphClass())
-                ->where('resource_id', $this->database->id)
-                ->delete();
+            $this->database->sslCertificates()->delete();
             $this->database->fileStorages()
                 ->where('resource_type', $this->database->getMorphClass())
                 ->where('resource_id', $this->database->id)
@@ -59,9 +57,7 @@ class StartDragonfly
             $server = $this->database->destination->server;
             $caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first();
 
-            $this->ssl_certificate = SslCertificate::where('resource_type', $this->database->getMorphClass())
-                ->where('resource_id', $this->database->id)
-                ->first();
+            $this->ssl_certificate = $this->database->sslCertificates()->first();
 
             if (! $this->ssl_certificate) {
                 $this->commands[] = "echo 'No SSL certificate found, generating new SSL certificate for this database.'";
diff --git a/app/Actions/Database/StartKeydb.php b/app/Actions/Database/StartKeydb.php
index 8ec076dd2..311b5094a 100644
--- a/app/Actions/Database/StartKeydb.php
+++ b/app/Actions/Database/StartKeydb.php
@@ -37,9 +37,7 @@ class StartKeydb
 
         if (! $this->database->enable_ssl) {
             $this->commands[] = "rm -rf $this->configuration_dir/ssl";
-            SslCertificate::where('resource_type', $this->database->getMorphClass())
-                ->where('resource_id', $this->database->id)
-                ->delete();
+            $this->database->sslCertificates()->delete();
             $this->database->fileStorages()
                 ->where('resource_type', $this->database->getMorphClass())
                 ->where('resource_id', $this->database->id)
@@ -60,9 +58,7 @@ class StartKeydb
             $server = $this->database->destination->server;
             $caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first();
 
-            $this->ssl_certificate = SslCertificate::where('resource_type', $this->database->getMorphClass())
-                ->where('resource_id', $this->database->id)
-                ->first();
+            $this->ssl_certificate = $this->database->sslCertificates()->first();
 
             if (! $this->ssl_certificate) {
                 $this->commands[] = "echo 'No SSL certificate found, generating new SSL certificate for this database.'";
diff --git a/app/Actions/Database/StartMariadb.php b/app/Actions/Database/StartMariadb.php
index 87185d064..14df9b017 100644
--- a/app/Actions/Database/StartMariadb.php
+++ b/app/Actions/Database/StartMariadb.php
@@ -37,9 +37,7 @@ class StartMariadb
         if (! $this->database->enable_ssl) {
             $this->commands[] = "rm -rf $this->configuration_dir/ssl";
 
-            SslCertificate::where('resource_type', $this->database->getMorphClass())
-                ->where('resource_id', $this->database->id)
-                ->delete();
+            $this->database->sslCertificates()->delete();
 
             $this->database->fileStorages()
                 ->where('resource_type', $this->database->getMorphClass())
@@ -61,7 +59,7 @@ class StartMariadb
             $server = $this->database->destination->server;
             $caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first();
 
-            $this->ssl_certificate = SslCertificate::where('resource_type', $this->database->getMorphClass())->where('resource_id', $this->database->id)->first();
+            $this->ssl_certificate = $this->database->sslCertificates()->first();
 
             if (! $this->ssl_certificate) {
                 $this->commands[] = "echo 'No SSL certificate found, generating new SSL certificate for this database.'";
diff --git a/app/Actions/Database/StartMongodb.php b/app/Actions/Database/StartMongodb.php
index 250cb321d..3ea8287ac 100644
--- a/app/Actions/Database/StartMongodb.php
+++ b/app/Actions/Database/StartMongodb.php
@@ -42,9 +42,7 @@ class StartMongodb
         if (! $this->database->enable_ssl) {
             $this->commands[] = "rm -rf $this->configuration_dir/ssl";
 
-            SslCertificate::where('resource_type', $this->database->getMorphClass())
-                ->where('resource_id', $this->database->id)
-                ->delete();
+            $this->database->sslCertificates()->delete();
 
             $this->database->fileStorages()
                 ->where('resource_type', $this->database->getMorphClass())
@@ -65,7 +63,7 @@ class StartMongodb
             $server = $this->database->destination->server;
             $caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first();
 
-            $this->ssl_certificate = SslCertificate::where('resource_type', $this->database->getMorphClass())->where('resource_id', $this->database->id)->first();
+            $this->ssl_certificate = $this->database->sslCertificates()->first();
 
             if (! $this->ssl_certificate) {
                 $this->commands[] = "echo 'No SSL certificate found, generating new SSL certificate for this database.'";
diff --git a/app/Actions/Database/StartMysql.php b/app/Actions/Database/StartMysql.php
index 2a9e37f9c..a2e08c316 100644
--- a/app/Actions/Database/StartMysql.php
+++ b/app/Actions/Database/StartMysql.php
@@ -37,9 +37,7 @@ class StartMysql
         if (! $this->database->enable_ssl) {
             $this->commands[] = "rm -rf $this->configuration_dir/ssl";
 
-            SslCertificate::where('resource_type', $this->database->getMorphClass())
-                ->where('resource_id', $this->database->id)
-                ->delete();
+            $this->database->sslCertificates()->delete();
 
             $this->database->fileStorages()
                 ->where('resource_type', $this->database->getMorphClass())
@@ -61,7 +59,7 @@ class StartMysql
             $server = $this->database->destination->server;
             $caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first();
 
-            $this->ssl_certificate = SslCertificate::where('resource_type', $this->database->getMorphClass())->where('resource_id', $this->database->id)->first();
+            $this->ssl_certificate = $this->database->sslCertificates()->first();
 
             if (! $this->ssl_certificate) {
                 $this->commands[] = "echo 'No SSL certificate found, generating new SSL certificate for this database.'";
diff --git a/app/Actions/Database/StartPostgresql.php b/app/Actions/Database/StartPostgresql.php
index 8f4bcb0d9..97e565ec8 100644
--- a/app/Actions/Database/StartPostgresql.php
+++ b/app/Actions/Database/StartPostgresql.php
@@ -42,9 +42,7 @@ class StartPostgresql
         if (! $this->database->enable_ssl) {
             $this->commands[] = "rm -rf $this->configuration_dir/ssl";
 
-            SslCertificate::where('resource_type', $this->database->getMorphClass())
-                ->where('resource_id', $this->database->id)
-                ->delete();
+            $this->database->sslCertificates()->delete();
 
             $this->database->fileStorages()
                 ->where('resource_type', $this->database->getMorphClass())
@@ -66,7 +64,7 @@ class StartPostgresql
             $server = $this->database->destination->server;
             $caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first();
 
-            $this->ssl_certificate = SslCertificate::where('resource_type', $this->database->getMorphClass())->where('resource_id', $this->database->id)->first();
+            $this->ssl_certificate = $this->database->sslCertificates()->first();
 
             if (! $this->ssl_certificate) {
                 $this->commands[] = "echo 'No SSL certificate found, generating new SSL certificate for this database.'";
diff --git a/app/Actions/Database/StartRedis.php b/app/Actions/Database/StartRedis.php
index edc7e0cce..9e7a2a084 100644
--- a/app/Actions/Database/StartRedis.php
+++ b/app/Actions/Database/StartRedis.php
@@ -37,9 +37,7 @@ class StartRedis
 
         if (! $this->database->enable_ssl) {
             $this->commands[] = "rm -rf $this->configuration_dir/ssl";
-            SslCertificate::where('resource_type', $this->database->getMorphClass())
-                ->where('resource_id', $this->database->id)
-                ->delete();
+            $this->database->sslCertificates()->delete();
             $this->database->fileStorages()
                 ->where('resource_type', $this->database->getMorphClass())
                 ->where('resource_id', $this->database->id)
@@ -60,7 +58,7 @@ class StartRedis
             $server = $this->database->destination->server;
             $caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first();
 
-            $this->ssl_certificate = SslCertificate::where('resource_type', $this->database->getMorphClass())->where('resource_id', $this->database->id)->first();
+            $this->ssl_certificate = $this->database->sslCertificates()->first();
 
             if (! $this->ssl_certificate) {
                 $this->commands[] = "echo 'No SSL certificate found, generating new SSL certificate for this database.'";
diff --git a/app/Actions/Server/InstallDocker.php b/app/Actions/Server/InstallDocker.php
index bbb3ea066..5410b1cbd 100644
--- a/app/Actions/Server/InstallDocker.php
+++ b/app/Actions/Server/InstallDocker.php
@@ -25,7 +25,7 @@ class InstallDocker
                 commonName: 'Coolify CA Certificate',
                 serverId: $server->id,
                 isCaCertificate: true,
-                validityDays: 15 * 365
+                validityDays: 10 * 365
             );
             $caCertPath = config('constants.coolify.base_config_path').'/ssl/';
 
diff --git a/app/Jobs/RegenerateSslCertJob.php b/app/Jobs/RegenerateSslCertJob.php
index 3e4bf9070..0570227b6 100644
--- a/app/Jobs/RegenerateSslCertJob.php
+++ b/app/Jobs/RegenerateSslCertJob.php
@@ -17,6 +17,10 @@ class RegenerateSslCertJob implements ShouldQueue
 {
     use Dispatchable, InteractsWithQueue, Queueable, SerializesModels;
 
+    public $tries = 3;
+
+    public $backoff = 60;
+
     public function __construct(
         protected ?Team $team = null,
         protected ?int $server_id = null,
@@ -37,17 +41,13 @@ class RegenerateSslCertJob implements ShouldQueue
 
         $query->where('is_ca_certificate', false);
 
-        $certificates = $query->get();
-
-        if ($certificates->isEmpty()) {
-            return;
-        }
-
         $regenerated = collect();
 
-        foreach ($certificates as $certificate) {
+        $query->cursor()->each(function ($certificate) use ($regenerated) {
             try {
-                $caCert = SslCertificate::where('server_id', $certificate->server_id)->where('is_ca_certificate', true)->first();
+                $caCert = SslCertificate::where('server_id', $certificate->server_id)
+                    ->where('is_ca_certificate', true)
+                    ->first();
 
                 SSLHelper::generateSslCertificate(
                     commonName: $certificate->common_name,
@@ -64,7 +64,7 @@ class RegenerateSslCertJob implements ShouldQueue
             } catch (\Exception $e) {
                 Log::error('Failed to regenerate SSL certificate: '.$e->getMessage());
             }
-        }
+        });
 
         if ($regenerated->isNotEmpty()) {
             $this->team?->notify(new SslExpirationNotification($regenerated));
diff --git a/app/Livewire/Project/Database/Dragonfly/General.php b/app/Livewire/Project/Database/Dragonfly/General.php
index bd04e4d38..51f8b5a66 100644
--- a/app/Livewire/Project/Database/Dragonfly/General.php
+++ b/app/Livewire/Project/Database/Dragonfly/General.php
@@ -8,6 +8,7 @@ use App\Helpers\SslHelper;
 use App\Models\Server;
 use App\Models\SslCertificate;
 use App\Models\StandaloneDragonfly;
+use Carbon\Carbon;
 use Exception;
 use Illuminate\Support\Facades\Auth;
 use Livewire\Attributes\Validate;
@@ -52,7 +53,7 @@ class General extends Component
     #[Validate(['nullable', 'boolean'])]
     public bool $isLogDrainEnabled = false;
 
-    public $certificateValidUntil = null;
+    public ?Carbon $certificateValidUntil = null;
 
     #[Validate(['nullable', 'boolean'])]
     public bool $enable_ssl = false;
@@ -72,9 +73,7 @@ class General extends Component
             $this->syncData();
             $this->server = data_get($this->database, 'destination.server');
 
-            $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass())
-                ->where('resource_id', $this->database->id)
-                ->first();
+            $existingCert = $this->database->sslCertificates()->first();
 
             if ($existingCert) {
                 $this->certificateValidUntil = $existingCert->valid_until;
@@ -205,10 +204,7 @@ class General extends Component
     public function regenerateSslCertificate()
     {
         try {
-            $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass())
-                ->where('resource_id', $this->database->id)
-                ->where('server_id', $this->server->id)
-                ->first();
+            $existingCert = $this->database->sslCertificates()->first();
 
             if (! $existingCert) {
                 $this->dispatch('error', 'No existing SSL certificate found for this database.');
diff --git a/app/Livewire/Project/Database/Keydb/General.php b/app/Livewire/Project/Database/Keydb/General.php
index fd7737343..213b0d2d3 100644
--- a/app/Livewire/Project/Database/Keydb/General.php
+++ b/app/Livewire/Project/Database/Keydb/General.php
@@ -8,6 +8,7 @@ use App\Helpers\SslHelper;
 use App\Models\Server;
 use App\Models\SslCertificate;
 use App\Models\StandaloneKeydb;
+use Carbon\Carbon;
 use Exception;
 use Illuminate\Support\Facades\Auth;
 use Livewire\Attributes\Validate;
@@ -55,7 +56,7 @@ class General extends Component
     #[Validate(['nullable', 'boolean'])]
     public bool $isLogDrainEnabled = false;
 
-    public $certificateValidUntil = null;
+    public ?Carbon $certificateValidUntil = null;
 
     #[Validate(['boolean'])]
     public bool $enable_ssl = false;
@@ -75,9 +76,7 @@ class General extends Component
             $this->syncData();
             $this->server = data_get($this->database, 'destination.server');
 
-            $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass())
-                ->where('resource_id', $this->database->id)
-                ->first();
+            $existingCert = $this->database->sslCertificates()->first();
 
             if ($existingCert) {
                 $this->certificateValidUntil = $existingCert->valid_until;
@@ -210,10 +209,7 @@ class General extends Component
     public function regenerateSslCertificate()
     {
         try {
-            $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass())
-                ->where('resource_id', $this->database->id)
-                ->where('server_id', $this->server->id)
-                ->first();
+            $existingCert = $this->database->sslCertificates()->first();
 
             if (! $existingCert) {
                 $this->dispatch('error', 'No existing SSL certificate found for this database.');
diff --git a/app/Livewire/Project/Database/Mariadb/General.php b/app/Livewire/Project/Database/Mariadb/General.php
index a963e0ca3..b0c4f5d3e 100644
--- a/app/Livewire/Project/Database/Mariadb/General.php
+++ b/app/Livewire/Project/Database/Mariadb/General.php
@@ -8,6 +8,7 @@ use App\Helpers\SslHelper;
 use App\Models\Server;
 use App\Models\SslCertificate;
 use App\Models\StandaloneMariadb;
+use Carbon\Carbon;
 use Exception;
 use Livewire\Component;
 
@@ -23,7 +24,7 @@ class General extends Component
 
     public ?string $db_url_public = null;
 
-    public $certificateValidUntil = null;
+    public ?Carbon $certificateValidUntil = null;
 
     protected $rules = [
         'database.name' => 'required',
@@ -64,9 +65,7 @@ class General extends Component
         $this->db_url_public = $this->database->external_db_url;
         $this->server = data_get($this->database, 'destination.server');
 
-        $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass())
-            ->where('resource_id', $this->database->id)
-            ->first();
+        $existingCert = $this->database->sslCertificates()->first();
 
         if ($existingCert) {
             $this->certificateValidUntil = $existingCert->valid_until;
@@ -155,10 +154,7 @@ class General extends Component
     public function regenerateSslCertificate()
     {
         try {
-            $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass())
-                ->where('resource_id', $this->database->id)
-                ->where('server_id', $this->server->id)
-                ->first();
+            $existingCert = $this->database->sslCertificates()->first();
 
             if (! $existingCert) {
                 $this->dispatch('error', 'No existing SSL certificate found for this database.');
diff --git a/app/Livewire/Project/Database/Mongodb/General.php b/app/Livewire/Project/Database/Mongodb/General.php
index 526aae9ea..28be1c69d 100644
--- a/app/Livewire/Project/Database/Mongodb/General.php
+++ b/app/Livewire/Project/Database/Mongodb/General.php
@@ -8,6 +8,7 @@ use App\Helpers\SslHelper;
 use App\Models\Server;
 use App\Models\SslCertificate;
 use App\Models\StandaloneMongodb;
+use Carbon\Carbon;
 use Exception;
 use Livewire\Component;
 
@@ -23,7 +24,7 @@ class General extends Component
 
     public ?string $db_url_public = null;
 
-    public $certificateValidUntil = null;
+    public ?Carbon $certificateValidUntil = null;
 
     protected $rules = [
         'database.name' => 'required',
@@ -64,9 +65,7 @@ class General extends Component
         $this->db_url_public = $this->database->external_db_url;
         $this->server = data_get($this->database, 'destination.server');
 
-        $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass())
-            ->where('resource_id', $this->database->id)
-            ->first();
+        $existingCert = $this->database->sslCertificates()->first();
 
         if ($existingCert) {
             $this->certificateValidUntil = $existingCert->valid_until;
@@ -159,10 +158,7 @@ class General extends Component
     public function regenerateSslCertificate()
     {
         try {
-            $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass())
-                ->where('resource_id', $this->database->id)
-                ->where('server_id', $this->server->id)
-                ->first();
+            $existingCert = $this->database->sslCertificates()->first();
 
             if (! $existingCert) {
                 $this->dispatch('error', 'No existing SSL certificate found for this database.');
diff --git a/app/Livewire/Project/Database/Mysql/General.php b/app/Livewire/Project/Database/Mysql/General.php
index ad19db2a3..3e164d885 100644
--- a/app/Livewire/Project/Database/Mysql/General.php
+++ b/app/Livewire/Project/Database/Mysql/General.php
@@ -8,6 +8,7 @@ use App\Helpers\SslHelper;
 use App\Models\Server;
 use App\Models\SslCertificate;
 use App\Models\StandaloneMysql;
+use Carbon\Carbon;
 use Exception;
 use Livewire\Component;
 
@@ -23,7 +24,7 @@ class General extends Component
 
     public ?string $db_url_public = null;
 
-    public $certificateValidUntil = null;
+    public ?Carbon $certificateValidUntil = null;
 
     protected $rules = [
         'database.name' => 'required',
@@ -66,9 +67,7 @@ class General extends Component
         $this->db_url_public = $this->database->external_db_url;
         $this->server = data_get($this->database, 'destination.server');
 
-        $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass())
-            ->where('resource_id', $this->database->id)
-            ->first();
+        $existingCert = $this->database->sslCertificates()->first();
 
         if ($existingCert) {
             $this->certificateValidUntil = $existingCert->valid_until;
@@ -158,10 +157,7 @@ class General extends Component
     public function regenerateSslCertificate()
     {
         try {
-            $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass())
-                ->where('resource_id', $this->database->id)
-                ->where('server_id', $this->server->id)
-                ->first();
+            $existingCert = $this->database->sslCertificates()->first();
 
             if (! $existingCert) {
                 $this->dispatch('error', 'No existing SSL certificate found for this database.');
diff --git a/app/Livewire/Project/Database/Postgresql/General.php b/app/Livewire/Project/Database/Postgresql/General.php
index f5ea25865..881c74d53 100644
--- a/app/Livewire/Project/Database/Postgresql/General.php
+++ b/app/Livewire/Project/Database/Postgresql/General.php
@@ -8,6 +8,7 @@ use App\Helpers\SslHelper;
 use App\Models\Server;
 use App\Models\SslCertificate;
 use App\Models\StandalonePostgresql;
+use Carbon\Carbon;
 use Exception;
 use Livewire\Component;
 
@@ -25,7 +26,7 @@ class General extends Component
 
     public ?string $db_url_public = null;
 
-    public $certificateValidUntil = null;
+    public ?Carbon $certificateValidUntil = null;
 
     public function getListeners()
     {
@@ -81,9 +82,7 @@ class General extends Component
         $this->db_url_public = $this->database->external_db_url;
         $this->server = data_get($this->database, 'destination.server');
 
-        $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass())
-            ->where('resource_id', $this->database->id)
-            ->first();
+        $existingCert = $this->database->sslCertificates()->first();
 
         if ($existingCert) {
             $this->certificateValidUntil = $existingCert->valid_until;
@@ -122,10 +121,7 @@ class General extends Component
     public function regenerateSslCertificate()
     {
         try {
-            $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass())
-                ->where('resource_id', $this->database->id)
-                ->where('server_id', $this->server->id)
-                ->first();
+            $existingCert = $this->database->sslCertificates()->first();
 
             if (! $existingCert) {
                 $this->dispatch('error', 'No existing SSL certificate found for this database.');
diff --git a/app/Livewire/Project/Database/Redis/General.php b/app/Livewire/Project/Database/Redis/General.php
index ea896e294..a3916277d 100644
--- a/app/Livewire/Project/Database/Redis/General.php
+++ b/app/Livewire/Project/Database/Redis/General.php
@@ -8,6 +8,7 @@ use App\Helpers\SslHelper;
 use App\Models\Server;
 use App\Models\SslCertificate;
 use App\Models\StandaloneRedis;
+use Carbon\Carbon;
 use Exception;
 use Livewire\Component;
 
@@ -32,7 +33,7 @@ class General extends Component
 
     public ?string $db_url_public = null;
 
-    public $certificateValidUntil = null;
+    public ?Carbon $certificateValidUntil = null;
 
     protected $rules = [
         'database.name' => 'required',
@@ -67,9 +68,7 @@ class General extends Component
     {
         $this->server = data_get($this->database, 'destination.server');
         $this->refreshView();
-        $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass())
-            ->where('resource_id', $this->database->id)
-            ->first();
+        $existingCert = $this->database->sslCertificates()->first();
 
         if ($existingCert) {
             $this->certificateValidUntil = $existingCert->valid_until;
@@ -163,10 +162,7 @@ class General extends Component
     public function regenerateSslCertificate()
     {
         try {
-            $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass())
-                ->where('resource_id', $this->database->id)
-                ->where('server_id', $this->server->id)
-                ->first();
+            $existingCert = $this->database->sslCertificates()->first();
 
             if (! $existingCert) {
                 $this->dispatch('error', 'No existing SSL certificate found for this database.');
diff --git a/app/Livewire/Server/Advanced.php b/app/Livewire/Server/Advanced.php
index 497ec697e..b2b8b1518 100644
--- a/app/Livewire/Server/Advanced.php
+++ b/app/Livewire/Server/Advanced.php
@@ -6,6 +6,7 @@ use App\Helpers\SslHelper;
 use App\Jobs\RegenerateSslCertJob;
 use App\Models\Server;
 use App\Models\SslCertificate;
+use Carbon\Carbon;
 use Livewire\Attributes\Validate;
 use Livewire\Component;
 
@@ -19,7 +20,7 @@ class Advanced extends Component
 
     public $certificateContent = '';
 
-    public $certificateValidUntil = null;
+    public ?Carbon $certificateValidUntil = null;
 
     public array $parameters = [];
 
@@ -99,7 +100,7 @@ class Advanced extends Component
                 commonName: 'Coolify CA Certificate',
                 serverId: $this->server->id,
                 isCaCertificate: true,
-                validityDays: 15 * 365
+                validityDays: 10 * 365
             );
 
             $this->loadCaCertificate();
diff --git a/app/Models/StandaloneClickhouse.php b/app/Models/StandaloneClickhouse.php
index 2f86c2060..bc1f9b4b3 100644
--- a/app/Models/StandaloneClickhouse.php
+++ b/app/Models/StandaloneClickhouse.php
@@ -223,7 +223,12 @@ class StandaloneClickhouse extends BaseModel
     protected function internalDbUrl(): Attribute
     {
         return new Attribute(
-            get: fn () => "clickhouse://{$this->clickhouse_admin_user}:{$this->clickhouse_admin_password}@{$this->uuid}:9000/{$this->clickhouse_db}",
+            get: function () {
+                $encodedUser = rawurlencode($this->clickhouse_admin_user);
+                $encodedPass = rawurlencode($this->clickhouse_admin_password);
+
+                return "clickhouse://{$encodedUser}:{$encodedPass}@{$this->uuid}:9000/{$this->clickhouse_db}";
+            },
         );
     }
 
@@ -232,7 +237,10 @@ class StandaloneClickhouse extends BaseModel
         return new Attribute(
             get: function () {
                 if ($this->is_public && $this->public_port) {
-                    return "clickhouse://{$this->clickhouse_admin_user}:{$this->clickhouse_admin_password}@{$this->destination->server->getIp}:{$this->public_port}/{$this->clickhouse_db}";
+                    $encodedUser = rawurlencode($this->clickhouse_admin_user);
+                    $encodedPass = rawurlencode($this->clickhouse_admin_password);
+
+                    return "clickhouse://{$encodedUser}:{$encodedPass}@{$this->destination->server->getIp}:{$this->public_port}/{$this->clickhouse_db}";
                 }
 
                 return null;
diff --git a/app/Models/StandaloneDragonfly.php b/app/Models/StandaloneDragonfly.php
index 3aaedfc52..a14c5e378 100644
--- a/app/Models/StandaloneDragonfly.php
+++ b/app/Models/StandaloneDragonfly.php
@@ -226,7 +226,8 @@ class StandaloneDragonfly extends BaseModel
             get: function () {
                 $scheme = $this->enable_ssl ? 'rediss' : 'redis';
                 $port = $this->enable_ssl ? 6380 : 6379;
-                $url = "{$scheme}://:{$this->dragonfly_password}@{$this->uuid}:{$port}/0";
+                $encodedPass = rawurlencode($this->dragonfly_password);
+                $url = "{$scheme}://:{$encodedPass}@{$this->uuid}:{$port}/0";
 
                 if ($this->enable_ssl && $this->ssl_mode === 'verify-ca') {
                     $url .= '?cacert=/etc/ssl/certs/coolify-ca.crt';
@@ -243,7 +244,8 @@ class StandaloneDragonfly extends BaseModel
             get: function () {
                 if ($this->is_public && $this->public_port) {
                     $scheme = $this->enable_ssl ? 'rediss' : 'redis';
-                    $url = "{$scheme}://:{$this->dragonfly_password}@{$this->destination->server->getIp}:{$this->public_port}/0";
+                    $encodedPass = rawurlencode($this->dragonfly_password);
+                    $url = "{$scheme}://:{$encodedPass}@{$this->destination->server->getIp}:{$this->public_port}/0";
 
                     if ($this->enable_ssl && $this->ssl_mode === 'verify-ca') {
                         $url .= '?cacert=/etc/ssl/certs/coolify-ca.crt';
diff --git a/app/Models/StandaloneKeydb.php b/app/Models/StandaloneKeydb.php
index af95d58e5..2d3aea755 100644
--- a/app/Models/StandaloneKeydb.php
+++ b/app/Models/StandaloneKeydb.php
@@ -226,7 +226,8 @@ class StandaloneKeydb extends BaseModel
             get: function () {
                 $scheme = $this->enable_ssl ? 'rediss' : 'redis';
                 $port = $this->enable_ssl ? 6380 : 6379;
-                $url = "{$scheme}://:{$this->keydb_password}@{$this->uuid}:{$port}/0";
+                $encodedPass = rawurlencode($this->keydb_password);
+                $url = "{$scheme}://:{$encodedPass}@{$this->uuid}:{$port}/0";
 
                 if ($this->enable_ssl && $this->ssl_mode === 'verify-ca') {
                     $url .= '?cacert=/etc/ssl/certs/coolify-ca.crt';
@@ -243,7 +244,8 @@ class StandaloneKeydb extends BaseModel
             get: function () {
                 if ($this->is_public && $this->public_port) {
                     $scheme = $this->enable_ssl ? 'rediss' : 'redis';
-                    $url = "{$scheme}://:{$this->keydb_password}@{$this->destination->server->getIp}:{$this->public_port}/0";
+                    $encodedPass = rawurlencode($this->keydb_password);
+                    $url = "{$scheme}://:{$encodedPass}@{$this->destination->server->getIp}:{$this->public_port}/0";
 
                     if ($this->enable_ssl && $this->ssl_mode === 'verify-ca') {
                         $url .= '?cacert=/etc/ssl/certs/coolify-ca.crt';
diff --git a/app/Models/StandaloneMariadb.php b/app/Models/StandaloneMariadb.php
index 523fde3c5..7549ace3e 100644
--- a/app/Models/StandaloneMariadb.php
+++ b/app/Models/StandaloneMariadb.php
@@ -218,7 +218,12 @@ class StandaloneMariadb extends BaseModel
     protected function internalDbUrl(): Attribute
     {
         return new Attribute(
-            get: fn () => "mysql://{$this->mariadb_user}:{$this->mariadb_password}@{$this->uuid}:3306/{$this->mariadb_database}",
+            get: function () {
+                $encodedUser = rawurlencode($this->mariadb_user);
+                $encodedPass = rawurlencode($this->mariadb_password);
+
+                return "mysql://{$encodedUser}:{$encodedPass}@{$this->uuid}:3306/{$this->mariadb_database}";
+            },
         );
     }
 
@@ -227,7 +232,10 @@ class StandaloneMariadb extends BaseModel
         return new Attribute(
             get: function () {
                 if ($this->is_public && $this->public_port) {
-                    return "mysql://{$this->mariadb_user}:{$this->mariadb_password}@{$this->destination->server->getIp}:{$this->public_port}/{$this->mariadb_database}";
+                    $encodedUser = rawurlencode($this->mariadb_user);
+                    $encodedPass = rawurlencode($this->mariadb_password);
+
+                    return "mysql://{$encodedUser}:{$encodedPass}@{$this->destination->server->getIp}:{$this->public_port}/{$this->mariadb_database}";
                 }
 
                 return null;
diff --git a/app/Models/StandaloneMongodb.php b/app/Models/StandaloneMongodb.php
index 0367b8650..1b181e7d5 100644
--- a/app/Models/StandaloneMongodb.php
+++ b/app/Models/StandaloneMongodb.php
@@ -244,13 +244,14 @@ class StandaloneMongodb extends BaseModel
     {
         return new Attribute(
             get: function () {
-                $url = "mongodb://{$this->mongo_initdb_root_username}:{$this->mongo_initdb_root_password}@{$this->uuid}:27017/?directConnection=true";
+                $encodedUser = rawurlencode($this->mongo_initdb_root_username);
+                $encodedPass = rawurlencode($this->mongo_initdb_root_password);
+                $url = "mongodb://{$encodedUser}:{$encodedPass}@{$this->uuid}:27017/?directConnection=true";
                 if ($this->enable_ssl) {
                     $url .= '&tls=true';
                     if (in_array($this->ssl_mode, ['verify-full'])) {
                         $url .= '&tlsCAFile=/etc/ssl/certs/coolify-ca.crt';
                     }
-
                 }
 
                 return $url;
@@ -263,7 +264,9 @@ class StandaloneMongodb extends BaseModel
         return new Attribute(
             get: function () {
                 if ($this->is_public && $this->public_port) {
-                    $url = "mongodb://{$this->mongo_initdb_root_username}:{$this->mongo_initdb_root_password}@{$this->destination->server->getIp}:{$this->public_port}/?directConnection=true";
+                    $encodedUser = rawurlencode($this->mongo_initdb_root_username);
+                    $encodedPass = rawurlencode($this->mongo_initdb_root_password);
+                    $url = "mongodb://{$encodedUser}:{$encodedPass}@{$this->destination->server->getIp}:{$this->public_port}/?directConnection=true";
                     if ($this->enable_ssl) {
                         $url .= '&tls=true';
                         if (in_array($this->ssl_mode, ['verify-full'])) {
diff --git a/app/Models/StandaloneMysql.php b/app/Models/StandaloneMysql.php
index cf45df578..dbb5b1ae6 100644
--- a/app/Models/StandaloneMysql.php
+++ b/app/Models/StandaloneMysql.php
@@ -225,7 +225,9 @@ class StandaloneMysql extends BaseModel
     {
         return new Attribute(
             get: function () {
-                $url = "mysql://{$this->mysql_user}:{$this->mysql_password}@{$this->uuid}:3306/{$this->mysql_database}";
+                $encodedUser = rawurlencode($this->mysql_user);
+                $encodedPass = rawurlencode($this->mysql_password);
+                $url = "mysql://{$encodedUser}:{$encodedPass}@{$this->uuid}:3306/{$this->mysql_database}";
                 if ($this->enable_ssl) {
                     $url .= "?ssl-mode={$this->ssl_mode}";
                     if (in_array($this->ssl_mode, ['VERIFY_CA', 'VERIFY_IDENTITY'])) {
@@ -243,7 +245,9 @@ class StandaloneMysql extends BaseModel
         return new Attribute(
             get: function () {
                 if ($this->is_public && $this->public_port) {
-                    $url = "mysql://{$this->mysql_user}:{$this->mysql_password}@{$this->destination->server->getIp}:{$this->public_port}/{$this->mysql_database}";
+                    $encodedUser = rawurlencode($this->mysql_user);
+                    $encodedPass = rawurlencode($this->mysql_password);
+                    $url = "mysql://{$encodedUser}:{$encodedPass}@{$this->destination->server->getIp}:{$this->public_port}/{$this->mysql_database}";
                     if ($this->enable_ssl) {
                         $url .= "?ssl-mode={$this->ssl_mode}";
                         if (in_array($this->ssl_mode, ['VERIFY_CA', 'VERIFY_IDENTITY'])) {
diff --git a/app/Models/StandalonePostgresql.php b/app/Models/StandalonePostgresql.php
index 51b9d2c31..a74d567a0 100644
--- a/app/Models/StandalonePostgresql.php
+++ b/app/Models/StandalonePostgresql.php
@@ -220,7 +220,9 @@ class StandalonePostgresql extends BaseModel
     {
         return new Attribute(
             get: function () {
-                $url = "postgres://{$this->postgres_user}:{$this->postgres_password}@{$this->uuid}:5432/{$this->postgres_db}";
+                $encodedUser = rawurlencode($this->postgres_user);
+                $encodedPass = rawurlencode($this->postgres_password);
+                $url = "postgres://{$encodedUser}:{$encodedPass}@{$this->uuid}:5432/{$this->postgres_db}";
                 if ($this->enable_ssl) {
                     $url .= "?sslmode={$this->ssl_mode}";
                     if (in_array($this->ssl_mode, ['verify-ca', 'verify-full'])) {
@@ -238,7 +240,9 @@ class StandalonePostgresql extends BaseModel
         return new Attribute(
             get: function () {
                 if ($this->is_public && $this->public_port) {
-                    $url = "postgres://{$this->postgres_user}:{$this->postgres_password}@{$this->destination->server->getIp}:{$this->public_port}/{$this->postgres_db}";
+                    $encodedUser = rawurlencode($this->postgres_user);
+                    $encodedPass = rawurlencode($this->postgres_password);
+                    $url = "postgres://{$encodedUser}:{$encodedPass}@{$this->destination->server->getIp}:{$this->public_port}/{$this->postgres_db}";
                     if ($this->enable_ssl) {
                         $url .= "?sslmode={$this->ssl_mode}";
                         if (in_array($this->ssl_mode, ['verify-ca', 'verify-full'])) {
diff --git a/app/Models/StandaloneRedis.php b/app/Models/StandaloneRedis.php
index 2b565aa4f..b40d8bb9d 100644
--- a/app/Models/StandaloneRedis.php
+++ b/app/Models/StandaloneRedis.php
@@ -221,10 +221,11 @@ class StandaloneRedis extends BaseModel
         return new Attribute(
             get: function () {
                 $redis_version = $this->getRedisVersion();
-                $username_part = version_compare($redis_version, '6.0', '>=') ? "{$this->redis_username}:" : '';
+                $username_part = version_compare($redis_version, '6.0', '>=') ? rawurlencode($this->redis_username).':' : '';
+                $encodedPass = rawurlencode($this->redis_password);
                 $scheme = $this->enable_ssl ? 'rediss' : 'redis';
                 $port = $this->enable_ssl ? 6380 : 6379;
-                $url = "{$scheme}://{$username_part}{$this->redis_password}@{$this->uuid}:{$port}/0";
+                $url = "{$scheme}://{$username_part}{$encodedPass}@{$this->uuid}:{$port}/0";
 
                 if ($this->enable_ssl && $this->ssl_mode === 'verify-ca') {
                     $url .= '?cacert=/etc/ssl/certs/coolify-ca.crt';
@@ -241,9 +242,10 @@ class StandaloneRedis extends BaseModel
             get: function () {
                 if ($this->is_public && $this->public_port) {
                     $redis_version = $this->getRedisVersion();
-                    $username_part = version_compare($redis_version, '6.0', '>=') ? "{$this->redis_username}:" : '';
+                    $username_part = version_compare($redis_version, '6.0', '>=') ? rawurlencode($this->redis_username).':' : '';
+                    $encodedPass = rawurlencode($this->redis_password);
                     $scheme = $this->enable_ssl ? 'rediss' : 'redis';
-                    $url = "{$scheme}://{$username_part}{$this->redis_password}@{$this->destination->server->getIp}:{$this->public_port}/0";
+                    $url = "{$scheme}://{$username_part}{$encodedPass}@{$this->destination->server->getIp}:{$this->public_port}/0";
 
                     if ($this->enable_ssl && $this->ssl_mode === 'verify-ca') {
                         $url .= '?cacert=/etc/ssl/certs/coolify-ca.crt';
diff --git a/database/migrations/2025_01_30_125223_encrypt_local_file_volumes_fields.php b/database/migrations/2025_01_30_125223_encrypt_local_file_volumes_fields.php
index f29cdaa23..c6b4f8514 100644
--- a/database/migrations/2025_01_30_125223_encrypt_local_file_volumes_fields.php
+++ b/database/migrations/2025_01_30_125223_encrypt_local_file_volumes_fields.php
@@ -19,18 +19,21 @@ return new class extends Migration
         });
 
         if (DB::table('local_file_volumes')->exists()) {
-            $volumes = DB::table('local_file_volumes')->get();
-            foreach ($volumes as $volume) {
-                try {
-                    DB::table('local_file_volumes')->where('id', $volume->id)->update([
-                        'fs_path' => $volume->fs_path ? Crypt::encryptString($volume->fs_path) : null,
-                        'mount_path' => $volume->mount_path ? Crypt::encryptString($volume->mount_path) : null,
-                        'content' => $volume->content ? Crypt::encryptString($volume->content) : null,
-                    ]);
-                } catch (\Exception $e) {
-                    Log::error('Error encrypting local file volume fields: '.$e->getMessage());
-                }
-            }
+            DB::table('local_file_volumes')
+                ->orderBy('id')
+                ->chunk(100, function ($volumes) {
+                    foreach ($volumes as $volume) {
+                        try {
+                            DB::table('local_file_volumes')->where('id', $volume->id)->update([
+                                'fs_path' => $volume->fs_path ? Crypt::encryptString($volume->fs_path) : null,
+                                'mount_path' => $volume->mount_path ? Crypt::encryptString($volume->mount_path) : null,
+                                'content' => $volume->content ? Crypt::encryptString($volume->content) : null,
+                            ]);
+                        } catch (\Exception $e) {
+                            Log::error('Error encrypting local file volume fields: '.$e->getMessage());
+                        }
+                    }
+                });
         }
     }
 
@@ -46,18 +49,21 @@ return new class extends Migration
         });
 
         if (DB::table('local_file_volumes')->exists()) {
-            $volumes = DB::table('local_file_volumes')->get();
-            foreach ($volumes as $volume) {
-                try {
-                    DB::table('local_file_volumes')->where('id', $volume->id)->update([
-                        'fs_path' => $volume->fs_path ? Crypt::decryptString($volume->fs_path) : null,
-                        'mount_path' => $volume->mount_path ? Crypt::decryptString($volume->mount_path) : null,
-                        'content' => $volume->content ? Crypt::decryptString($volume->content) : null,
-                    ]);
-                } catch (\Exception $e) {
-                    Log::error('Error decrypting local file volume fields: '.$e->getMessage());
-                }
-            }
+            DB::table('local_file_volumes')
+                ->orderBy('id')
+                ->chunk(100, function ($volumes) {
+                    foreach ($volumes as $volume) {
+                        try {
+                            DB::table('local_file_volumes')->where('id', $volume->id)->update([
+                                'fs_path' => $volume->fs_path ? Crypt::decryptString($volume->fs_path) : null,
+                                'mount_path' => $volume->mount_path ? Crypt::decryptString($volume->mount_path) : null,
+                                'content' => $volume->content ? Crypt::decryptString($volume->content) : null,
+                            ]);
+                        } catch (\Exception $e) {
+                            Log::error('Error decrypting local file volume fields: '.$e->getMessage());
+                        }
+                    }
+                });
         }
     }
 };
diff --git a/database/seeders/CaSslCertSeeder.php b/database/seeders/CaSslCertSeeder.php
index b869ff96a..09f6cc984 100644
--- a/database/seeders/CaSslCertSeeder.php
+++ b/database/seeders/CaSslCertSeeder.php
@@ -20,7 +20,7 @@ class CaSslCertSeeder extends Seeder
                         commonName: 'Coolify CA Certificate',
                         serverId: $server->id,
                         isCaCertificate: true,
-                        validityDays: 15 * 365
+                        validityDays: 10 * 365
                     );
                 } else {
                     $caCert = $existingCaCert;

From 2df6b344d47680da187bba455ade42f4a22f1c5d Mon Sep 17 00:00:00 2001
From: Manish Gupta <59428681+mguptahub@users.noreply.github.com>
Date: Tue, 25 Feb 2025 14:32:13 +0530
Subject: [PATCH 095/145] updated plane version to v0.25.0

---
 templates/compose/plane.yaml | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/templates/compose/plane.yaml b/templates/compose/plane.yaml
index d1fcf78fa..c90e15a1a 100644
--- a/templates/compose/plane.yaml
+++ b/templates/compose/plane.yaml
@@ -5,7 +5,7 @@
 
 x-app-env: &app-env
   environment:
-    - APP_RELEASE=${APP_RELEASE:-v0.24.1}
+    - APP_RELEASE=${APP_RELEASE:-v0.25.0}
     - WEB_URL=${SERVICE_FQDN_PLANE}
     - DEBUG=${DEBUG:-0}
     - CORS_ALLOWED_ORIGINS=${CORS_ALLOWED_ORIGIN:-http://localhost}
@@ -55,7 +55,7 @@ services:
       - SERVICE_FQDN_PLANE
       - FILE_SIZE_LIMIT=${FILE_SIZE_LIMIT:-5242880}
       - BUCKET_NAME=${BUCKET_NAME:-uploads}
-    image: makeplane/plane-proxy:${APP_RELEASE:-v0.24.1}
+    image: makeplane/plane-proxy:${APP_RELEASE:-v0.25.0}
     depends_on:
       - web
       - api
@@ -67,7 +67,7 @@ services:
       retries: 15
 
   web:
-    image: makeplane/plane-frontend:${APP_RELEASE:-v0.24.1}
+    image: makeplane/plane-frontend:${APP_RELEASE:-v0.25.0}
     command: node web/server.js web
     depends_on:
       - api
@@ -78,7 +78,7 @@ services:
       timeout: 10s
       retries: 15
   space:
-    image: makeplane/plane-space:${APP_RELEASE:-v0.24.1}
+    image: makeplane/plane-space:${APP_RELEASE:-v0.25.0}
     command: node space/server.js space
     depends_on:
       - api
@@ -91,7 +91,7 @@ services:
       retries: 15
 
   admin:
-    image: makeplane/plane-admin:${APP_RELEASE:-v0.24.1}
+    image: makeplane/plane-admin:${APP_RELEASE:-v0.25.0}
     command: node admin/server.js admin
     depends_on:
       - api
@@ -104,7 +104,7 @@ services:
 
   live:
     <<: *app-env
-    image: makeplane/plane-live:${APP_RELEASE:-v0.24.1}
+    image: makeplane/plane-live:${APP_RELEASE:-v0.25.0}
     command: node live/dist/server.js live
     depends_on:
       - api
@@ -117,7 +117,7 @@ services:
 
   api:
     <<: *app-env
-    image: makeplane/plane-backend:${APP_RELEASE:-v0.24.1}
+    image: makeplane/plane-backend:${APP_RELEASE:-v0.25.0}
     command: ./bin/docker-entrypoint-api.sh
     volumes:
       - logs_api:/code/plane/logs
@@ -132,7 +132,7 @@ services:
 
   worker:
     <<: *app-env
-    image: makeplane/plane-backend:${APP_RELEASE:-v0.24.1}
+    image: makeplane/plane-backend:${APP_RELEASE:-v0.25.0}
     command: ./bin/docker-entrypoint-worker.sh
     volumes:
       - logs_worker:/code/plane/logs
@@ -148,7 +148,7 @@ services:
 
   beat-worker:
     <<: *app-env
-    image: makeplane/plane-backend:${APP_RELEASE:-v0.24.1}
+    image: makeplane/plane-backend:${APP_RELEASE:-v0.25.0}
     command: ./bin/docker-entrypoint-beat.sh
     volumes:
       - logs_beat-worker:/code/plane/logs
@@ -164,7 +164,7 @@ services:
 
   migrator:
     <<: *app-env
-    image: makeplane/plane-backend:${APP_RELEASE:-v0.24.1}
+    image: makeplane/plane-backend:${APP_RELEASE:-v0.25.0}
     restart: "no"
     command: ./bin/docker-entrypoint-migrator.sh
     volumes:

From 37553e79b7a3f8bb72f42efee410213ad08d3f52 Mon Sep 17 00:00:00 2001
From: janwiebe-jump <64576907+janwiebe-jump@users.noreply.github.com>
Date: Thu, 27 Feb 2025 17:25:33 +0100
Subject: [PATCH 096/145] Gitea webhook sends action synchronized

---
 app/Http/Controllers/Webhook/Gitea.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Http/Controllers/Webhook/Gitea.php b/app/Http/Controllers/Webhook/Gitea.php
index cc53f2034..b5ad5607e 100644
--- a/app/Http/Controllers/Webhook/Gitea.php
+++ b/app/Http/Controllers/Webhook/Gitea.php
@@ -152,7 +152,7 @@ class Gitea extends Controller
                     }
                 }
                 if ($x_gitea_event === 'pull_request') {
-                    if ($action === 'opened' || $action === 'synchronize' || $action === 'reopened') {
+                    if ($action === 'opened' || $action === 'synchronized' || $action === 'reopened') {
                         if ($application->isPRDeployable()) {
                             $deployment_uuid = new Cuid2;
                             $found = ApplicationPreview::where('application_id', $application->id)->where('pull_request_id', $pull_request_id)->first();

From e3b419257d1b5733ead1204647ea08d335f3f767 Mon Sep 17 00:00:00 2001
From: think <31487797+ThinkFar@users.noreply.github.com>
Date: Sun, 2 Mar 2025 22:23:02 -0700
Subject: [PATCH 097/145] fix(ui): Correct grammatical error in 404 page

---
 resources/views/errors/404.blade.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/resources/views/errors/404.blade.php b/resources/views/errors/404.blade.php
index 3b84bafd8..569488d19 100644
--- a/resources/views/errors/404.blade.php
+++ b/resources/views/errors/404.blade.php
@@ -2,7 +2,7 @@
 <div class="flex flex-col items-center justify-center h-full">
     <div>
         <p class="font-mono font-semibold text-7xl dark:text-warning">404</p>
-        <h1 class="mt-4 font-bold tracking-tight dark:text-white">How did you got here?</h1>
+        <h1 class="mt-4 font-bold tracking-tight dark:text-white">How did you get here?</h1>
         <p class="text-base leading-7 text-neutral-300">Sorry, we couldn’t find the page you’re looking
             for.
         </p>

From 1ef84f973634cecf3b619b4706adb39c1e1dd1d3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 5 Mar 2025 23:47:08 +0000
Subject: [PATCH 098/145] chore(deps): bump laravel/framework from 11.44.0 to
 11.44.1

Bumps [laravel/framework](https://github.com/laravel/framework) from 11.44.0 to 11.44.1.
- [Release notes](https://github.com/laravel/framework/releases)
- [Changelog](https://github.com/laravel/framework/blob/12.x/CHANGELOG.md)
- [Commits](https://github.com/laravel/framework/compare/v11.44.0...v11.44.1)

---
updated-dependencies:
- dependency-name: laravel/framework
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 composer.lock | 145 +++++++++++++++++++++++---------------------------
 1 file changed, 66 insertions(+), 79 deletions(-)

diff --git a/composer.lock b/composer.lock
index 65271cb1a..d070b919f 100644
--- a/composer.lock
+++ b/composer.lock
@@ -1079,16 +1079,16 @@
         },
         {
             "name": "brick/math",
-            "version": "0.12.1",
+            "version": "0.12.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/brick/math.git",
-                "reference": "f510c0a40911935b77b86859eb5223d58d660df1"
+                "reference": "866551da34e9a618e64a819ee1e01c20d8a588ba"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/brick/math/zipball/f510c0a40911935b77b86859eb5223d58d660df1",
-                "reference": "f510c0a40911935b77b86859eb5223d58d660df1",
+                "url": "https://api.github.com/repos/brick/math/zipball/866551da34e9a618e64a819ee1e01c20d8a588ba",
+                "reference": "866551da34e9a618e64a819ee1e01c20d8a588ba",
                 "shasum": ""
             },
             "require": {
@@ -1097,7 +1097,7 @@
             "require-dev": {
                 "php-coveralls/php-coveralls": "^2.2",
                 "phpunit/phpunit": "^10.1",
-                "vimeo/psalm": "5.16.0"
+                "vimeo/psalm": "6.8.8"
             },
             "type": "library",
             "autoload": {
@@ -1127,7 +1127,7 @@
             ],
             "support": {
                 "issues": "https://github.com/brick/math/issues",
-                "source": "https://github.com/brick/math/tree/0.12.1"
+                "source": "https://github.com/brick/math/tree/0.12.3"
             },
             "funding": [
                 {
@@ -1135,7 +1135,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2023-11-29T23:19:16+00:00"
+            "time": "2025-02-28T13:11:00+00:00"
         },
         {
             "name": "carbonphp/carbon-doctrine-types",
@@ -2732,16 +2732,16 @@
         },
         {
             "name": "laravel/framework",
-            "version": "v11.44.0",
+            "version": "v11.44.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/laravel/framework.git",
-                "reference": "e9a33da34815ac1ed46c7e4c477a775f4592f0a7"
+                "reference": "0883d4175f4e2b5c299e7087ad3c74f2ce195c6d"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/laravel/framework/zipball/e9a33da34815ac1ed46c7e4c477a775f4592f0a7",
-                "reference": "e9a33da34815ac1ed46c7e4c477a775f4592f0a7",
+                "url": "https://api.github.com/repos/laravel/framework/zipball/0883d4175f4e2b5c299e7087ad3c74f2ce195c6d",
+                "reference": "0883d4175f4e2b5c299e7087ad3c74f2ce195c6d",
                 "shasum": ""
             },
             "require": {
@@ -2849,7 +2849,7 @@
                 "league/flysystem-read-only": "^3.25.1",
                 "league/flysystem-sftp-v3": "^3.25.1",
                 "mockery/mockery": "^1.6.10",
-                "orchestra/testbench-core": "^9.9.4",
+                "orchestra/testbench-core": "^9.11.2",
                 "pda/pheanstalk": "^5.0.6",
                 "php-http/discovery": "^1.15",
                 "phpstan/phpstan": "^2.0",
@@ -2943,7 +2943,7 @@
                 "issues": "https://github.com/laravel/framework/issues",
                 "source": "https://github.com/laravel/framework"
             },
-            "time": "2025-02-24T13:08:54+00:00"
+            "time": "2025-03-05T15:34:10+00:00"
         },
         {
             "name": "laravel/horizon",
@@ -6944,16 +6944,16 @@
         },
         {
             "name": "ramsey/collection",
-            "version": "2.0.0",
+            "version": "2.1.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/ramsey/collection.git",
-                "reference": "a4b48764bfbb8f3a6a4d1aeb1a35bb5e9ecac4a5"
+                "reference": "3c5990b8a5e0b79cd1cf11c2dc1229e58e93f109"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/ramsey/collection/zipball/a4b48764bfbb8f3a6a4d1aeb1a35bb5e9ecac4a5",
-                "reference": "a4b48764bfbb8f3a6a4d1aeb1a35bb5e9ecac4a5",
+                "url": "https://api.github.com/repos/ramsey/collection/zipball/3c5990b8a5e0b79cd1cf11c2dc1229e58e93f109",
+                "reference": "3c5990b8a5e0b79cd1cf11c2dc1229e58e93f109",
                 "shasum": ""
             },
             "require": {
@@ -6961,25 +6961,22 @@
             },
             "require-dev": {
                 "captainhook/plugin-composer": "^5.3",
-                "ergebnis/composer-normalize": "^2.28.3",
-                "fakerphp/faker": "^1.21",
+                "ergebnis/composer-normalize": "^2.45",
+                "fakerphp/faker": "^1.24",
                 "hamcrest/hamcrest-php": "^2.0",
-                "jangregor/phpstan-prophecy": "^1.0",
-                "mockery/mockery": "^1.5",
+                "jangregor/phpstan-prophecy": "^2.1",
+                "mockery/mockery": "^1.6",
                 "php-parallel-lint/php-console-highlighter": "^1.0",
-                "php-parallel-lint/php-parallel-lint": "^1.3",
-                "phpcsstandards/phpcsutils": "^1.0.0-rc1",
-                "phpspec/prophecy-phpunit": "^2.0",
-                "phpstan/extension-installer": "^1.2",
-                "phpstan/phpstan": "^1.9",
-                "phpstan/phpstan-mockery": "^1.1",
-                "phpstan/phpstan-phpunit": "^1.3",
-                "phpunit/phpunit": "^9.5",
-                "psalm/plugin-mockery": "^1.1",
-                "psalm/plugin-phpunit": "^0.18.4",
-                "ramsey/coding-standard": "^2.0.3",
-                "ramsey/conventional-commits": "^1.3",
-                "vimeo/psalm": "^5.4"
+                "php-parallel-lint/php-parallel-lint": "^1.4",
+                "phpspec/prophecy-phpunit": "^2.3",
+                "phpstan/extension-installer": "^1.4",
+                "phpstan/phpstan": "^2.1",
+                "phpstan/phpstan-mockery": "^2.0",
+                "phpstan/phpstan-phpunit": "^2.0",
+                "phpunit/phpunit": "^10.5",
+                "ramsey/coding-standard": "^2.3",
+                "ramsey/conventional-commits": "^1.6",
+                "roave/security-advisories": "dev-latest"
             },
             "type": "library",
             "extra": {
@@ -7017,19 +7014,9 @@
             ],
             "support": {
                 "issues": "https://github.com/ramsey/collection/issues",
-                "source": "https://github.com/ramsey/collection/tree/2.0.0"
+                "source": "https://github.com/ramsey/collection/tree/2.1.0"
             },
-            "funding": [
-                {
-                    "url": "https://github.com/ramsey",
-                    "type": "github"
-                },
-                {
-                    "url": "https://tidelift.com/funding/github/packagist/ramsey/collection",
-                    "type": "tidelift"
-                }
-            ],
-            "time": "2022-12-31T21:50:55+00:00"
+            "time": "2025-03-02T04:48:29+00:00"
         },
         {
             "name": "ramsey/uuid",
@@ -8887,16 +8874,16 @@
         },
         {
             "name": "symfony/error-handler",
-            "version": "v7.2.3",
+            "version": "v7.2.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/error-handler.git",
-                "reference": "959a74d044a6db21f4caa6d695648dcb5584cb49"
+                "reference": "aabf79938aa795350c07ce6464dd1985607d95d5"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/error-handler/zipball/959a74d044a6db21f4caa6d695648dcb5584cb49",
-                "reference": "959a74d044a6db21f4caa6d695648dcb5584cb49",
+                "url": "https://api.github.com/repos/symfony/error-handler/zipball/aabf79938aa795350c07ce6464dd1985607d95d5",
+                "reference": "aabf79938aa795350c07ce6464dd1985607d95d5",
                 "shasum": ""
             },
             "require": {
@@ -8942,7 +8929,7 @@
             "description": "Provides tools to manage errors and ease debugging PHP code",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/error-handler/tree/v7.2.3"
+                "source": "https://github.com/symfony/error-handler/tree/v7.2.4"
             },
             "funding": [
                 {
@@ -8958,7 +8945,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-01-07T09:39:55+00:00"
+            "time": "2025-02-02T20:27:07+00:00"
         },
         {
             "name": "symfony/event-dispatcher",
@@ -9260,16 +9247,16 @@
         },
         {
             "name": "symfony/http-kernel",
-            "version": "v7.2.3",
+            "version": "v7.2.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/http-kernel.git",
-                "reference": "caae9807f8e25a9b43ce8cc6fafab6cf91f0cc9b"
+                "reference": "9f1103734c5789798fefb90e91de4586039003ed"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/http-kernel/zipball/caae9807f8e25a9b43ce8cc6fafab6cf91f0cc9b",
-                "reference": "caae9807f8e25a9b43ce8cc6fafab6cf91f0cc9b",
+                "url": "https://api.github.com/repos/symfony/http-kernel/zipball/9f1103734c5789798fefb90e91de4586039003ed",
+                "reference": "9f1103734c5789798fefb90e91de4586039003ed",
                 "shasum": ""
             },
             "require": {
@@ -9354,7 +9341,7 @@
             "description": "Provides a structured process for converting a Request into a Response",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/http-kernel/tree/v7.2.3"
+                "source": "https://github.com/symfony/http-kernel/tree/v7.2.4"
             },
             "funding": [
                 {
@@ -9370,7 +9357,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-01-29T07:40:13+00:00"
+            "time": "2025-02-26T11:01:22+00:00"
         },
         {
             "name": "symfony/mailer",
@@ -9454,16 +9441,16 @@
         },
         {
             "name": "symfony/mime",
-            "version": "v7.2.3",
+            "version": "v7.2.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/mime.git",
-                "reference": "2fc3b4bd67e4747e45195bc4c98bea4628476204"
+                "reference": "87ca22046b78c3feaff04b337f33b38510fd686b"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/mime/zipball/2fc3b4bd67e4747e45195bc4c98bea4628476204",
-                "reference": "2fc3b4bd67e4747e45195bc4c98bea4628476204",
+                "url": "https://api.github.com/repos/symfony/mime/zipball/87ca22046b78c3feaff04b337f33b38510fd686b",
+                "reference": "87ca22046b78c3feaff04b337f33b38510fd686b",
                 "shasum": ""
             },
             "require": {
@@ -9518,7 +9505,7 @@
                 "mime-type"
             ],
             "support": {
-                "source": "https://github.com/symfony/mime/tree/v7.2.3"
+                "source": "https://github.com/symfony/mime/tree/v7.2.4"
             },
             "funding": [
                 {
@@ -9534,7 +9521,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-01-27T11:08:17+00:00"
+            "time": "2025-02-19T08:51:20+00:00"
         },
         {
             "name": "symfony/options-resolver",
@@ -10321,16 +10308,16 @@
         },
         {
             "name": "symfony/process",
-            "version": "v7.2.0",
+            "version": "v7.2.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/process.git",
-                "reference": "d34b22ba9390ec19d2dd966c40aa9e8462f27a7e"
+                "reference": "d8f411ff3c7ddc4ae9166fb388d1190a2df5b5cf"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/process/zipball/d34b22ba9390ec19d2dd966c40aa9e8462f27a7e",
-                "reference": "d34b22ba9390ec19d2dd966c40aa9e8462f27a7e",
+                "url": "https://api.github.com/repos/symfony/process/zipball/d8f411ff3c7ddc4ae9166fb388d1190a2df5b5cf",
+                "reference": "d8f411ff3c7ddc4ae9166fb388d1190a2df5b5cf",
                 "shasum": ""
             },
             "require": {
@@ -10362,7 +10349,7 @@
             "description": "Executes commands in sub-processes",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/process/tree/v7.2.0"
+                "source": "https://github.com/symfony/process/tree/v7.2.4"
             },
             "funding": [
                 {
@@ -10378,7 +10365,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-11-06T14:24:19+00:00"
+            "time": "2025-02-05T08:33:46+00:00"
         },
         {
             "name": "symfony/psr-http-message-bridge",
@@ -10778,16 +10765,16 @@
         },
         {
             "name": "symfony/translation",
-            "version": "v7.2.2",
+            "version": "v7.2.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/translation.git",
-                "reference": "e2674a30132b7cc4d74540d6c2573aa363f05923"
+                "reference": "283856e6981286cc0d800b53bd5703e8e363f05a"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/translation/zipball/e2674a30132b7cc4d74540d6c2573aa363f05923",
-                "reference": "e2674a30132b7cc4d74540d6c2573aa363f05923",
+                "url": "https://api.github.com/repos/symfony/translation/zipball/283856e6981286cc0d800b53bd5703e8e363f05a",
+                "reference": "283856e6981286cc0d800b53bd5703e8e363f05a",
                 "shasum": ""
             },
             "require": {
@@ -10853,7 +10840,7 @@
             "description": "Provides tools to internationalize your application",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/translation/tree/v7.2.2"
+                "source": "https://github.com/symfony/translation/tree/v7.2.4"
             },
             "funding": [
                 {
@@ -10869,7 +10856,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-12-07T08:18:10+00:00"
+            "time": "2025-02-13T10:27:23+00:00"
         },
         {
             "name": "symfony/translation-contracts",
@@ -15569,12 +15556,12 @@
     ],
     "aliases": [],
     "minimum-stability": "stable",
-    "stability-flags": {},
+    "stability-flags": [],
     "prefer-stable": true,
     "prefer-lowest": false,
     "platform": {
         "php": "^8.4"
     },
-    "platform-dev": {},
-    "plugin-api-version": "2.6.0"
+    "platform-dev": [],
+    "plugin-api-version": "2.3.0"
 }

From 291e7d0a9cc0524cc83de690dd0a9969bf1c518c Mon Sep 17 00:00:00 2001
From: Manish Gupta <59428681+mguptahub@users.noreply.github.com>
Date: Mon, 10 Mar 2025 11:04:28 +0530
Subject: [PATCH 099/145] updated version to v0.25.1

---
 templates/compose/plane.yaml | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/templates/compose/plane.yaml b/templates/compose/plane.yaml
index c90e15a1a..f765015da 100644
--- a/templates/compose/plane.yaml
+++ b/templates/compose/plane.yaml
@@ -5,7 +5,7 @@
 
 x-app-env: &app-env
   environment:
-    - APP_RELEASE=${APP_RELEASE:-v0.25.0}
+    - APP_RELEASE=${APP_RELEASE:-v0.25.1}
     - WEB_URL=${SERVICE_FQDN_PLANE}
     - DEBUG=${DEBUG:-0}
     - CORS_ALLOWED_ORIGINS=${CORS_ALLOWED_ORIGIN:-http://localhost}
@@ -55,7 +55,7 @@ services:
       - SERVICE_FQDN_PLANE
       - FILE_SIZE_LIMIT=${FILE_SIZE_LIMIT:-5242880}
       - BUCKET_NAME=${BUCKET_NAME:-uploads}
-    image: makeplane/plane-proxy:${APP_RELEASE:-v0.25.0}
+    image: makeplane/plane-proxy:${APP_RELEASE:-v0.25.1}
     depends_on:
       - web
       - api
@@ -67,7 +67,7 @@ services:
       retries: 15
 
   web:
-    image: makeplane/plane-frontend:${APP_RELEASE:-v0.25.0}
+    image: makeplane/plane-frontend:${APP_RELEASE:-v0.25.1}
     command: node web/server.js web
     depends_on:
       - api
@@ -78,7 +78,7 @@ services:
       timeout: 10s
       retries: 15
   space:
-    image: makeplane/plane-space:${APP_RELEASE:-v0.25.0}
+    image: makeplane/plane-space:${APP_RELEASE:-v0.25.1}
     command: node space/server.js space
     depends_on:
       - api
@@ -91,7 +91,7 @@ services:
       retries: 15
 
   admin:
-    image: makeplane/plane-admin:${APP_RELEASE:-v0.25.0}
+    image: makeplane/plane-admin:${APP_RELEASE:-v0.25.1}
     command: node admin/server.js admin
     depends_on:
       - api
@@ -104,7 +104,7 @@ services:
 
   live:
     <<: *app-env
-    image: makeplane/plane-live:${APP_RELEASE:-v0.25.0}
+    image: makeplane/plane-live:${APP_RELEASE:-v0.25.1}
     command: node live/dist/server.js live
     depends_on:
       - api
@@ -117,7 +117,7 @@ services:
 
   api:
     <<: *app-env
-    image: makeplane/plane-backend:${APP_RELEASE:-v0.25.0}
+    image: makeplane/plane-backend:${APP_RELEASE:-v0.25.1}
     command: ./bin/docker-entrypoint-api.sh
     volumes:
       - logs_api:/code/plane/logs
@@ -132,7 +132,7 @@ services:
 
   worker:
     <<: *app-env
-    image: makeplane/plane-backend:${APP_RELEASE:-v0.25.0}
+    image: makeplane/plane-backend:${APP_RELEASE:-v0.25.1}
     command: ./bin/docker-entrypoint-worker.sh
     volumes:
       - logs_worker:/code/plane/logs
@@ -148,7 +148,7 @@ services:
 
   beat-worker:
     <<: *app-env
-    image: makeplane/plane-backend:${APP_RELEASE:-v0.25.0}
+    image: makeplane/plane-backend:${APP_RELEASE:-v0.25.1}
     command: ./bin/docker-entrypoint-beat.sh
     volumes:
       - logs_beat-worker:/code/plane/logs
@@ -164,7 +164,7 @@ services:
 
   migrator:
     <<: *app-env
-    image: makeplane/plane-backend:${APP_RELEASE:-v0.25.0}
+    image: makeplane/plane-backend:${APP_RELEASE:-v0.25.1}
     restart: "no"
     command: ./bin/docker-entrypoint-migrator.sh
     volumes:

From 1160b3312ec4827d329efc92a5d5550ddc60f1fb Mon Sep 17 00:00:00 2001
From: Andras Bacsai <andras.bacsai@gmail.com>
Date: Tue, 11 Mar 2025 13:28:26 +0100
Subject: [PATCH 100/145] fix(seeder): Update GitHub app name in
 GithubAppSeeder

---
 database/seeders/GithubAppSeeder.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/database/seeders/GithubAppSeeder.php b/database/seeders/GithubAppSeeder.php
index 3cfb82e64..b34c00473 100644
--- a/database/seeders/GithubAppSeeder.php
+++ b/database/seeders/GithubAppSeeder.php
@@ -21,7 +21,7 @@ class GithubAppSeeder extends Seeder
             'team_id' => 0,
         ]);
         GithubApp::create([
-            'name' => 'coolify-laravel-development-public',
+            'name' => 'coolify-laravel-dev-public',
             'uuid' => '69420',
             'organization' => 'coollabsio',
             'api_url' => 'https://api.github.com',

From f73c74bd4409d94f5b07b25a93baaffabd0e21fa Mon Sep 17 00:00:00 2001
From: Andras Bacsai <andras.bacsai@gmail.com>
Date: Tue, 11 Mar 2025 14:15:22 +0100
Subject: [PATCH 101/145] feat(github-source): Enhance GitHub App configuration
 with manual and private key support

- Add support for manual GitHub App configuration
- Introduce private key selection for GitHub Apps
- Enable editing of previously disabled GitHub App fields
- Add error handling for permission checks
- Implement a manual GitHub App creation method
---
 app/Livewire/Source/Github/Change.php         |  24 +-
 .../livewire/source/github/change.blade.php   | 267 +++++++++---------
 2 files changed, 162 insertions(+), 129 deletions(-)

diff --git a/app/Livewire/Source/Github/Change.php b/app/Livewire/Source/Github/Change.php
index 20f52c322..e73c9dc73 100644
--- a/app/Livewire/Source/Github/Change.php
+++ b/app/Livewire/Source/Github/Change.php
@@ -37,6 +37,8 @@ class Change extends Component
 
     public $applications;
 
+    public $privateKeys;
+
     protected $rules = [
         'github_app.name' => 'required|string',
         'github_app.organization' => 'nullable|string',
@@ -54,6 +56,7 @@ class Change extends Component
         'github_app.metadata' => 'nullable|string',
         'github_app.pull_requests' => 'nullable|string',
         'github_app.administration' => 'nullable|string',
+        'github_app.private_key_id' => 'required|int',
     ];
 
     public function boot()
@@ -65,9 +68,13 @@ class Change extends Component
 
     public function checkPermissions()
     {
-        GithubAppPermissionJob::dispatchSync($this->github_app);
-        $this->github_app->refresh()->makeVisible('client_secret')->makeVisible('webhook_secret');
-        $this->dispatch('success', 'Github App permissions updated.');
+        try {
+            GithubAppPermissionJob::dispatchSync($this->github_app);
+            $this->github_app->refresh()->makeVisible('client_secret')->makeVisible('webhook_secret');
+            $this->dispatch('success', 'Github App permissions updated.');
+        } catch (\Throwable $e) {
+            return handleError($e, $this);
+        }
     }
 
     // public function check()
@@ -109,6 +116,7 @@ class Change extends Component
             $github_app_uuid = request()->github_app_uuid;
             $this->github_app = GithubApp::ownedByCurrentTeam()->whereUuid($github_app_uuid)->firstOrFail();
             $this->github_app->makeVisible(['client_secret', 'webhook_secret']);
+            $this->privateKeys = PrivateKey::ownedByCurrentTeam()->get();
 
             $this->applications = $this->github_app->applications;
             $settings = instanceSettings();
@@ -243,6 +251,7 @@ class Change extends Component
                 'github_app.client_secret' => 'required|string',
                 'github_app.webhook_secret' => 'required|string',
                 'github_app.is_system_wide' => 'required|bool',
+                'github_app.private_key_id' => 'required|int',
             ]);
             $this->github_app->save();
             $this->dispatch('success', 'Github App updated.');
@@ -251,6 +260,15 @@ class Change extends Component
         }
     }
 
+    public function createGithubAppManually()
+    {
+        $this->github_app->makeVisible('client_secret')->makeVisible('webhook_secret');
+        $this->github_app->app_id = '1234567890';
+        $this->github_app->installation_id = '1234567890';
+        $this->github_app->save();
+        $this->dispatch('success', 'Github App updated.');
+    }
+
     public function instantSave()
     {
         try {
diff --git a/resources/views/livewire/source/github/change.blade.php b/resources/views/livewire/source/github/change.blade.php
index 5a37fa47a..1b5493c58 100644
--- a/resources/views/livewire/source/github/change.blade.php
+++ b/resources/views/livewire/source/github/change.blade.php
@@ -27,6 +27,7 @@
                             confirmationText="{{ data_get($github_app, 'name') }}" :confirmWithPassword="false"
                             step2ButtonText="Permanently Delete" />
                     @endif
+
                 </div>
             </div>
             <div class="subtitle">Your Private GitHub App for private repositories.</div>
@@ -46,7 +47,7 @@
                 <div class="flex flex-col gap-2">
                     <div class="flex gap-2">
                         <div class="flex items-end gap-2 w-full">
-                            <x-forms.input id="github_app.name" label="App Name" disabled />
+                            <x-forms.input id="github_app.name" label="App Name" />
                             <x-forms.button wire:click.prevent="updateGithubAppName" class="bg-coollabs">
                                 Sync Name
                             </x-forms.button>
@@ -57,7 +58,7 @@
                                 </x-forms.button>
                             </a>
                         </div>
-                        <x-forms.input id="github_app.organization" label="Organization" disabled
+                        <x-forms.input id="github_app.organization" label="Organization"
                             placeholder="If empty, personal user will be used" />
                     </div>
                     @if (!isCloud())
@@ -68,27 +69,32 @@
                         </div>
                     @endif
                     <div class="flex gap-2">
-                        <x-forms.input id="github_app.html_url" label="HTML Url" disabled />
-                        <x-forms.input id="github_app.api_url" label="API Url" disabled />
+                        <x-forms.input id="github_app.html_url" label="HTML Url" />
+                        <x-forms.input id="github_app.api_url" label="API Url" />
                     </div>
                     <div class="flex gap-2">
-                        @if ($github_app->html_url === 'https://github.com')
-                            <x-forms.input id="github_app.custom_user" label="User" disabled />
-                            <x-forms.input type="number" id="github_app.custom_port" label="Port" disabled />
-                        @else
-                            <x-forms.input id="github_app.custom_user" label="User" required />
-                            <x-forms.input type="number" id="github_app.custom_port" label="Port" required />
-                        @endif
+                        <x-forms.input id="github_app.custom_user" label="User" required />
+                        <x-forms.input type="number" id="github_app.custom_port" label="Port" required />
                     </div>
                     <div class="flex gap-2">
-                        <x-forms.input type="number" id="github_app.app_id" label="App Id" disabled />
+                        <x-forms.input type="number" id="github_app.app_id" label="App Id" required />
                         <x-forms.input type="number" id="github_app.installation_id" label="Installation Id"
-                            disabled />
+                            required />
                     </div>
                     <div class="flex gap-2">
-                        <x-forms.input id="github_app.client_id" label="Client Id" type="password" disabled />
-                        <x-forms.input id="github_app.client_secret" label="Client Secret" type="password" />
-                        <x-forms.input id="github_app.webhook_secret" label="Webhook Secret" type="password" />
+                        <x-forms.input id="github_app.client_id" label="Client Id" type="password" required />
+                        <x-forms.input id="github_app.client_secret" label="Client Secret" type="password" required />
+                        <x-forms.input id="github_app.webhook_secret" label="Webhook Secret" type="password" required />
+                    </div>
+                    <div class="flex gap-2">
+                        <x-forms.select id="github_app.private_key_id" label="Private Key" required>
+                            @if (blank($github_app->private_key_id))
+                                <option value="0" selected>Select a private key</option>
+                            @endif
+                            @foreach ($privateKeys as $privateKey)
+                                <option value="{{ $privateKey->id }}">{{ $privateKey->name }}</option>
+                            @endforeach
+                        </x-forms.select>
                     </div>
                     <div class="flex items-end gap-2 ">
                         <h2 class="pt-4">Permissions</h2>
@@ -182,120 +188,129 @@
                     shortConfirmationLabel="GitHub App Name" :confirmWithPassword="false" step2ButtonText="Permanently Delete" />
             </div>
         </div>
-        <div class=" pb-5 rounded alert-error">
-            <svg xmlns="http://www.w3.org/2000/svg" class="w-6 h-6 stroke-current shrink-0" fill="none"
-                viewBox="0 0 24 24">
-                <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2"
-                    d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" />
-            </svg>
-            <span>You must complete this step before you can use this source!</span>
-        </div>
-        <div class="flex flex-col">
-            <div class="pb-10">
-                @if (!isCloud() || isDev())
-                    <div class="flex items-end gap-2">
-                        <x-forms.select wire:model.live='webhook_endpoint' label="Webhook Endpoint"
-                            helper="All Git webhooks will be sent to this endpoint. <br><br>If you would like to use domain instead of IP address, set your Coolify instance's FQDN in the Settings menu.">
-                            @if ($ipv4)
-                                <option value="{{ $ipv4 }}">Use {{ $ipv4 }}</option>
-                            @endif
-                            @if ($ipv6)
-                                <option value="{{ $ipv6 }}">Use {{ $ipv6 }}</option>
-                            @endif
-                            @if ($fqdn)
-                                <option value="{{ $fqdn }}">Use {{ $fqdn }}</option>
-                            @endif
-                            @if (config('app.url'))
-                                <option value="{{ config('app.url') }}">Use {{ config('app.url') }}</option>
-                            @endif
-                        </x-forms.select>
-                        <x-forms.button isHighlighted
-                            x-on:click.prevent="createGithubApp('{{ $webhook_endpoint }}','{{ $preview_deployment_permissions }}',{{ $administration }})">
-                            Register Now
-                        </x-forms.button>
-                    </div>
-                @else
-                    <div class="flex gap-2">
-                        <h2>Register a GitHub App</h2>
-                        <x-forms.button isHighlighted
-                            x-on:click.prevent="createGithubApp('{{ $webhook_endpoint }}','{{ $preview_deployment_permissions }}',{{ $administration }})">
-                            Register Now
-                        </x-forms.button>
-                    </div>
-                    <div>You need to register a GitHub App before using this source.</div>
-                @endif
+        <div class="flex flex-col gap-2">
+            <h3>Manual Installation</h3>
+            <div class="flex gap-2 items-center">
+                If you want to fill the form manually, you can continue below. Only for advanced users.
+                <x-forms.button wire:click.prevent="createGithubAppManually">
+                    Continue
+                </x-forms.button>
+            </div>
+            <h3>Automated Installation</h3>
+            <div class=" pb-5 rounded alert-error">
+                <svg xmlns="http://www.w3.org/2000/svg" class="w-6 h-6 stroke-current shrink-0" fill="none"
+                    viewBox="0 0 24 24">
+                    <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2"
+                        d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" />
+                </svg>
+                <span>You must complete this step before you can use this source!</span>
+            </div>
+            <div class="flex flex-col">
+                <div class="pb-10">
+                    @if (!isCloud() || isDev())
+                        <div class="flex items-end gap-2">
+                            <x-forms.select wire:model.live='webhook_endpoint' label="Webhook Endpoint"
+                                helper="All Git webhooks will be sent to this endpoint. <br><br>If you would like to use domain instead of IP address, set your Coolify instance's FQDN in the Settings menu.">
+                                @if ($ipv4)
+                                    <option value="{{ $ipv4 }}">Use {{ $ipv4 }}</option>
+                                @endif
+                                @if ($ipv6)
+                                    <option value="{{ $ipv6 }}">Use {{ $ipv6 }}</option>
+                                @endif
+                                @if ($fqdn)
+                                    <option value="{{ $fqdn }}">Use {{ $fqdn }}</option>
+                                @endif
+                                @if (config('app.url'))
+                                    <option value="{{ config('app.url') }}">Use {{ config('app.url') }}</option>
+                                @endif
+                            </x-forms.select>
+                            <x-forms.button isHighlighted
+                                x-on:click.prevent="createGithubApp('{{ $webhook_endpoint }}','{{ $preview_deployment_permissions }}',{{ $administration }})">
+                                Register Now
+                            </x-forms.button>
+                        </div>
+                    @else
+                        <div class="flex gap-2">
+                            <h2>Register a GitHub App</h2>
+                            <x-forms.button isHighlighted
+                                x-on:click.prevent="createGithubApp('{{ $webhook_endpoint }}','{{ $preview_deployment_permissions }}',{{ $administration }})">
+                                Register Now
+                            </x-forms.button>
+                        </div>
+                        <div>You need to register a GitHub App before using this source.</div>
+                    @endif
 
-                <div class="flex flex-col gap-2 pt-4 w-96">
-                    <x-forms.checkbox disabled instantSave id="default_permissions" label="Mandatory"
-                        helper="Contents: read<br>Metadata: read<br>Email: read" />
-                    <x-forms.checkbox instantSave id="preview_deployment_permissions" label="Preview Deployments "
-                        helper="Necessary for updating pull requests with useful comments (deployment status, links, etc.)<br><br>Pull Request: read & write" />
-                    {{-- <x-forms.checkbox instantSave id="administration" label="Administration (for Github Runners)"
+                    <div class="flex flex-col gap-2 pt-4 w-96">
+                        <x-forms.checkbox disabled instantSave id="default_permissions" label="Mandatory"
+                            helper="Contents: read<br>Metadata: read<br>Email: read" />
+                        <x-forms.checkbox instantSave id="preview_deployment_permissions" label="Preview Deployments "
+                            helper="Necessary for updating pull requests with useful comments (deployment status, links, etc.)<br><br>Pull Request: read & write" />
+                        {{-- <x-forms.checkbox instantSave id="administration" label="Administration (for Github Runners)"
                         helper="Necessary for adding Github Runners to repositories.<br><br>Administration: read & write" /> --}}
+                    </div>
                 </div>
             </div>
-        </div>
-        <script>
-            function createGithubApp(webhook_endpoint, preview_deployment_permissions, administration) {
-                const {
-                    organization,
-                    uuid,
-                    html_url
-                } = @json($github_app);
-                if (!webhook_endpoint) {
-                    alert('Please select a webhook endpoint.');
-                    return;
+            <script>
+                function createGithubApp(webhook_endpoint, preview_deployment_permissions, administration) {
+                    const {
+                        organization,
+                        uuid,
+                        html_url
+                    } = @json($github_app);
+                    if (!webhook_endpoint) {
+                        alert('Please select a webhook endpoint.');
+                        return;
+                    }
+                    let baseUrl = webhook_endpoint;
+                    const name = @js($name);
+                    const isDev = @js(config('app.env')) ===
+                        'local';
+                    const devWebhook = @js(config('constants.webhooks.dev_webhook'));
+                    if (isDev && devWebhook) {
+                        baseUrl = devWebhook;
+                    }
+                    const webhookBaseUrl = `${baseUrl}/webhooks`;
+                    const path = organization ? `organizations/${organization}/settings/apps/new` : 'settings/apps/new';
+                    const default_permissions = {
+                        contents: 'read',
+                        metadata: 'read',
+                        emails: 'read',
+                        administration: 'read'
+                    };
+                    if (preview_deployment_permissions) {
+                        default_permissions.pull_requests = 'write';
+                    }
+                    if (administration) {
+                        default_permissions.administration = 'write';
+                    }
+                    const data = {
+                        name,
+                        url: baseUrl,
+                        hook_attributes: {
+                            url: `${webhookBaseUrl}/source/github/events`,
+                            active: true,
+                        },
+                        redirect_url: `${webhookBaseUrl}/source/github/redirect`,
+                        callback_urls: [`${baseUrl}/login/github/app`],
+                        public: false,
+                        request_oauth_on_install: false,
+                        setup_url: `${webhookBaseUrl}/source/github/install?source=${uuid}`,
+                        setup_on_update: true,
+                        default_permissions,
+                        default_events: ['pull_request', 'push']
+                    };
+                    const form = document.createElement('form');
+                    form.setAttribute('method', 'post');
+                    form.setAttribute('action', `${html_url}/${path}?state=${uuid}`);
+                    const input = document.createElement('input');
+                    input.setAttribute('id', 'manifest');
+                    input.setAttribute('name', 'manifest');
+                    input.setAttribute('type', 'hidden');
+                    input.setAttribute('value', JSON.stringify(data));
+                    form.appendChild(input);
+                    document.getElementsByTagName('body')[0].appendChild(form);
+                    form.submit();
                 }
-                let baseUrl = webhook_endpoint;
-                const name = @js($name);
-                const isDev = @js(config('app.env')) ===
-                    'local';
-                const devWebhook = @js(config('constants.webhooks.dev_webhook'));
-                if (isDev && devWebhook) {
-                    baseUrl = devWebhook;
-                }
-                const webhookBaseUrl = `${baseUrl}/webhooks`;
-                const path = organization ? `organizations/${organization}/settings/apps/new` : 'settings/apps/new';
-                const default_permissions = {
-                    contents: 'read',
-                    metadata: 'read',
-                    emails: 'read',
-                    administration: 'read'
-                };
-                if (preview_deployment_permissions) {
-                    default_permissions.pull_requests = 'write';
-                }
-                if (administration) {
-                    default_permissions.administration = 'write';
-                }
-                const data = {
-                    name,
-                    url: baseUrl,
-                    hook_attributes: {
-                        url: `${webhookBaseUrl}/source/github/events`,
-                        active: true,
-                    },
-                    redirect_url: `${webhookBaseUrl}/source/github/redirect`,
-                    callback_urls: [`${baseUrl}/login/github/app`],
-                    public: false,
-                    request_oauth_on_install: false,
-                    setup_url: `${webhookBaseUrl}/source/github/install?source=${uuid}`,
-                    setup_on_update: true,
-                    default_permissions,
-                    default_events: ['pull_request', 'push']
-                };
-                const form = document.createElement('form');
-                form.setAttribute('method', 'post');
-                form.setAttribute('action', `${html_url}/${path}?state=${uuid}`);
-                const input = document.createElement('input');
-                input.setAttribute('id', 'manifest');
-                input.setAttribute('name', 'manifest');
-                input.setAttribute('type', 'hidden');
-                input.setAttribute('value', JSON.stringify(data));
-                form.appendChild(input);
-                document.getElementsByTagName('body')[0].appendChild(form);
-                form.submit();
-            }
-        </script>
+            </script>
     @endif
 </div>

From 911957ff66d7053116e04c9b3f3bd38b6bb23594 Mon Sep 17 00:00:00 2001
From: Andras Bacsai <andras.bacsai@gmail.com>
Date: Tue, 11 Mar 2025 18:41:03 +0100
Subject: [PATCH 102/145] chore(supabase): Update Supabase service template and
 Postgres image version

- Bump Supabase Postgres image from 15.6.1.146 to 15.8.1.048
---
 templates/compose/supabase.yaml  | 2 +-
 templates/service-templates.json | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/compose/supabase.yaml b/templates/compose/supabase.yaml
index b60870f8a..9ec7c1dea 100644
--- a/templates/compose/supabase.yaml
+++ b/templates/compose/supabase.yaml
@@ -318,7 +318,7 @@ services:
       # NEXT_ANALYTICS_BACKEND_PROVIDER=bigquery
       - 'OPENAI_API_KEY=${OPENAI_API_KEY}'
   supabase-db:
-    image: supabase/postgres:15.6.1.146
+    image: supabase/postgres:15.8.1.048
     healthcheck:
       test: pg_isready -U postgres -h 127.0.0.1
       interval: 5s
diff --git a/templates/service-templates.json b/templates/service-templates.json
index 112748c1a..d88ad79fa 100644
--- a/templates/service-templates.json
+++ b/templates/service-templates.json
@@ -2821,7 +2821,7 @@
     "supabase": {
         "documentation": "https://supabase.io?utm_source=coolify.io",
         "slogan": "The open source Firebase alternative.",
-        "compose": "c2VydmljZXM6CiAgc3VwYWJhc2Uta29uZzoKICAgIGltYWdlOiAna29uZzoyLjguMScKICAgIGVudHJ5cG9pbnQ6ICdiYXNoIC1jICcnZXZhbCAiZWNobyBcIiQkKGNhdCB+L3RlbXAueW1sKVwiIiA+IH4va29uZy55bWwgJiYgL2RvY2tlci1lbnRyeXBvaW50LnNoIGtvbmcgZG9ja2VyLXN0YXJ0JycnCiAgICBkZXBlbmRzX29uOgogICAgICBzdXBhYmFzZS1hbmFseXRpY3M6CiAgICAgICAgY29uZGl0aW9uOiBzZXJ2aWNlX2hlYWx0aHkKICAgIGVudmlyb25tZW50OgogICAgICAtIFNFUlZJQ0VfRlFETl9TVVBBQkFTRUtPTkdfODAwMAogICAgICAtICdLT05HX1BPUlRfTUFQUz00NDM6ODAwMCcKICAgICAgLSAnSldUX1NFQ1JFVD0ke1NFUlZJQ0VfUEFTU1dPUkRfSldUfScKICAgICAgLSBLT05HX0RBVEFCQVNFPW9mZgogICAgICAtIEtPTkdfREVDTEFSQVRJVkVfQ09ORklHPS9ob21lL2tvbmcva29uZy55bWwKICAgICAgLSAnS09OR19ETlNfT1JERVI9TEFTVCxBLENOQU1FJwogICAgICAtICdLT05HX1BMVUdJTlM9cmVxdWVzdC10cmFuc2Zvcm1lcixjb3JzLGtleS1hdXRoLGFjbCxiYXNpYy1hdXRoJwogICAgICAtIEtPTkdfTkdJTlhfUFJPWFlfUFJPWFlfQlVGRkVSX1NJWkU9MTYwawogICAgICAtICdLT05HX05HSU5YX1BST1hZX1BST1hZX0JVRkZFUlM9NjQgMTYwaycKICAgICAgLSAnU1VQQUJBU0VfQU5PTl9LRVk9JHtTRVJWSUNFX1NVUEFCQVNFQU5PTl9LRVl9JwogICAgICAtICdTVVBBQkFTRV9TRVJWSUNFX0tFWT0ke1NFUlZJQ0VfU1VQQUJBU0VTRVJWSUNFX0tFWX0nCiAgICAgIC0gJ0RBU0hCT0FSRF9VU0VSTkFNRT0ke1NFUlZJQ0VfVVNFUl9BRE1JTn0nCiAgICAgIC0gJ0RBU0hCT0FSRF9QQVNTV09SRD0ke1NFUlZJQ0VfUEFTU1dPUkRfQURNSU59JwogICAgdm9sdW1lczoKICAgICAgLQogICAgICAgIHR5cGU6IGJpbmQKICAgICAgICBzb3VyY2U6IC4vdm9sdW1lcy9hcGkva29uZy55bWwKICAgICAgICB0YXJnZXQ6IC9ob21lL2tvbmcvdGVtcC55bWwKICAgICAgICBjb250ZW50OiAiX2Zvcm1hdF92ZXJzaW9uOiAnMi4xJ1xuX3RyYW5zZm9ybTogdHJ1ZVxuXG4jIyNcbiMjIyBDb25zdW1lcnMgLyBVc2Vyc1xuIyMjXG5jb25zdW1lcnM6XG4gIC0gdXNlcm5hbWU6IERBU0hCT0FSRFxuICAtIHVzZXJuYW1lOiBhbm9uXG4gICAga2V5YXV0aF9jcmVkZW50aWFsczpcbiAgICAgIC0ga2V5OiAkU1VQQUJBU0VfQU5PTl9LRVlcbiAgLSB1c2VybmFtZTogc2VydmljZV9yb2xlXG4gICAga2V5YXV0aF9jcmVkZW50aWFsczpcbiAgICAgIC0ga2V5OiAkU1VQQUJBU0VfU0VSVklDRV9LRVlcblxuIyMjXG4jIyMgQWNjZXNzIENvbnRyb2wgTGlzdFxuIyMjXG5hY2xzOlxuICAtIGNvbnN1bWVyOiBhbm9uXG4gICAgZ3JvdXA6IGFub25cbiAgLSBjb25zdW1lcjogc2VydmljZV9yb2xlXG4gICAgZ3JvdXA6IGFkbWluXG5cbiMjI1xuIyMjIERhc2hib2FyZCBjcmVkZW50aWFsc1xuIyMjXG5iYXNpY2F1dGhfY3JlZGVudGlhbHM6XG4tIGNvbnN1bWVyOiBEQVNIQk9BUkRcbiAgdXNlcm5hbWU6ICREQVNIQk9BUkRfVVNFUk5BTUVcbiAgcGFzc3dvcmQ6ICREQVNIQk9BUkRfUEFTU1dPUkRcblxuXG4jIyNcbiMjIyBBUEkgUm91dGVzXG4jIyNcbnNlcnZpY2VzOlxuXG4gICMjIE9wZW4gQXV0aCByb3V0ZXNcbiAgLSBuYW1lOiBhdXRoLXYxLW9wZW5cbiAgICB1cmw6IGh0dHA6Ly9zdXBhYmFzZS1hdXRoOjk5OTkvdmVyaWZ5XG4gICAgcm91dGVzOlxuICAgICAgLSBuYW1lOiBhdXRoLXYxLW9wZW5cbiAgICAgICAgc3RyaXBfcGF0aDogdHJ1ZVxuICAgICAgICBwYXRoczpcbiAgICAgICAgICAtIC9hdXRoL3YxL3ZlcmlmeVxuICAgIHBsdWdpbnM6XG4gICAgICAtIG5hbWU6IGNvcnNcbiAgLSBuYW1lOiBhdXRoLXYxLW9wZW4tY2FsbGJhY2tcbiAgICB1cmw6IGh0dHA6Ly9zdXBhYmFzZS1hdXRoOjk5OTkvY2FsbGJhY2tcbiAgICByb3V0ZXM6XG4gICAgICAtIG5hbWU6IGF1dGgtdjEtb3Blbi1jYWxsYmFja1xuICAgICAgICBzdHJpcF9wYXRoOiB0cnVlXG4gICAgICAgIHBhdGhzOlxuICAgICAgICAgIC0gL2F1dGgvdjEvY2FsbGJhY2tcbiAgICBwbHVnaW5zOlxuICAgICAgLSBuYW1lOiBjb3JzXG4gIC0gbmFtZTogYXV0aC12MS1vcGVuLWF1dGhvcml6ZVxuICAgIHVybDogaHR0cDovL3N1cGFiYXNlLWF1dGg6OTk5OS9hdXRob3JpemVcbiAgICByb3V0ZXM6XG4gICAgICAtIG5hbWU6IGF1dGgtdjEtb3Blbi1hdXRob3JpemVcbiAgICAgICAgc3RyaXBfcGF0aDogdHJ1ZVxuICAgICAgICBwYXRoczpcbiAgICAgICAgICAtIC9hdXRoL3YxL2F1dGhvcml6ZVxuICAgIHBsdWdpbnM6XG4gICAgICAtIG5hbWU6IGNvcnNcblxuICAjIyBTZWN1cmUgQXV0aCByb3V0ZXNcbiAgLSBuYW1lOiBhdXRoLXYxXG4gICAgX2NvbW1lbnQ6ICdHb1RydWU6IC9hdXRoL3YxLyogLT4gaHR0cDovL3N1cGFiYXNlLWF1dGg6OTk5OS8qJ1xuICAgIHVybDogaHR0cDovL3N1cGFiYXNlLWF1dGg6OTk5OS9cbiAgICByb3V0ZXM6XG4gICAgICAtIG5hbWU6IGF1dGgtdjEtYWxsXG4gICAgICAgIHN0cmlwX3BhdGg6IHRydWVcbiAgICAgICAgcGF0aHM6XG4gICAgICAgICAgLSAvYXV0aC92MS9cbiAgICBwbHVnaW5zOlxuICAgICAgLSBuYW1lOiBjb3JzXG4gICAgICAtIG5hbWU6IGtleS1hdXRoXG4gICAgICAgIGNvbmZpZzpcbiAgICAgICAgICBoaWRlX2NyZWRlbnRpYWxzOiBmYWxzZVxuICAgICAgLSBuYW1lOiBhY2xcbiAgICAgICAgY29uZmlnOlxuICAgICAgICAgIGhpZGVfZ3JvdXBzX2hlYWRlcjogdHJ1ZVxuICAgICAgICAgIGFsbG93OlxuICAgICAgICAgICAgLSBhZG1pblxuICAgICAgICAgICAgLSBhbm9uXG5cbiAgIyMgU2VjdXJlIFJFU1Qgcm91dGVzXG4gIC0gbmFtZTogcmVzdC12MVxuICAgIF9jb21tZW50OiAnUG9zdGdSRVNUOiAvcmVzdC92MS8qIC0+IGh0dHA6Ly9zdXBhYmFzZS1yZXN0OjMwMDAvKidcbiAgICB1cmw6IGh0dHA6Ly9zdXBhYmFzZS1yZXN0OjMwMDAvXG4gICAgcm91dGVzOlxuICAgICAgLSBuYW1lOiByZXN0LXYxLWFsbFxuICAgICAgICBzdHJpcF9wYXRoOiB0cnVlXG4gICAgICAgIHBhdGhzOlxuICAgICAgICAgIC0gL3Jlc3QvdjEvXG4gICAgcGx1Z2luczpcbiAgICAgIC0gbmFtZTogY29yc1xuICAgICAgLSBuYW1lOiBrZXktYXV0aFxuICAgICAgICBjb25maWc6XG4gICAgICAgICAgaGlkZV9jcmVkZW50aWFsczogdHJ1ZVxuICAgICAgLSBuYW1lOiBhY2xcbiAgICAgICAgY29uZmlnOlxuICAgICAgICAgIGhpZGVfZ3JvdXBzX2hlYWRlcjogdHJ1ZVxuICAgICAgICAgIGFsbG93OlxuICAgICAgICAgICAgLSBhZG1pblxuICAgICAgICAgICAgLSBhbm9uXG5cbiAgIyMgU2VjdXJlIEdyYXBoUUwgcm91dGVzXG4gIC0gbmFtZTogZ3JhcGhxbC12MVxuICAgIF9jb21tZW50OiAnUG9zdGdSRVNUOiAvZ3JhcGhxbC92MS8qIC0+IGh0dHA6Ly9zdXBhYmFzZS1yZXN0OjMwMDAvcnBjL2dyYXBocWwnXG4gICAgdXJsOiBodHRwOi8vc3VwYWJhc2UtcmVzdDozMDAwL3JwYy9ncmFwaHFsXG4gICAgcm91dGVzOlxuICAgICAgLSBuYW1lOiBncmFwaHFsLXYxLWFsbFxuICAgICAgICBzdHJpcF9wYXRoOiB0cnVlXG4gICAgICAgIHBhdGhzOlxuICAgICAgICAgIC0gL2dyYXBocWwvdjFcbiAgICBwbHVnaW5zOlxuICAgICAgLSBuYW1lOiBjb3JzXG4gICAgICAtIG5hbWU6IGtleS1hdXRoXG4gICAgICAgIGNvbmZpZzpcbiAgICAgICAgICBoaWRlX2NyZWRlbnRpYWxzOiB0cnVlXG4gICAgICAtIG5hbWU6IHJlcXVlc3QtdHJhbnNmb3JtZXJcbiAgICAgICAgY29uZmlnOlxuICAgICAgICAgIGFkZDpcbiAgICAgICAgICAgIGhlYWRlcnM6XG4gICAgICAgICAgICAgIC0gQ29udGVudC1Qcm9maWxlOmdyYXBocWxfcHVibGljXG4gICAgICAtIG5hbWU6IGFjbFxuICAgICAgICBjb25maWc6XG4gICAgICAgICAgaGlkZV9ncm91cHNfaGVhZGVyOiB0cnVlXG4gICAgICAgICAgYWxsb3c6XG4gICAgICAgICAgICAtIGFkbWluXG4gICAgICAgICAgICAtIGFub25cblxuICAjIyBTZWN1cmUgUmVhbHRpbWUgcm91dGVzXG4gIC0gbmFtZTogcmVhbHRpbWUtdjEtd3NcbiAgICBfY29tbWVudDogJ1JlYWx0aW1lOiAvcmVhbHRpbWUvdjEvKiAtPiB3czovL3JlYWx0aW1lOjQwMDAvc29ja2V0LyonXG4gICAgdXJsOiBodHRwOi8vcmVhbHRpbWUtZGV2OjQwMDAvc29ja2V0XG4gICAgcHJvdG9jb2w6IHdzXG4gICAgcm91dGVzOlxuICAgICAgLSBuYW1lOiByZWFsdGltZS12MS13c1xuICAgICAgICBzdHJpcF9wYXRoOiB0cnVlXG4gICAgICAgIHBhdGhzOlxuICAgICAgICAgIC0gL3JlYWx0aW1lL3YxL1xuICAgIHBsdWdpbnM6XG4gICAgICAtIG5hbWU6IGNvcnNcbiAgICAgIC0gbmFtZToga2V5LWF1dGhcbiAgICAgICAgY29uZmlnOlxuICAgICAgICAgIGhpZGVfY3JlZGVudGlhbHM6IGZhbHNlXG4gICAgICAtIG5hbWU6IGFjbFxuICAgICAgICBjb25maWc6XG4gICAgICAgICAgaGlkZV9ncm91cHNfaGVhZGVyOiB0cnVlXG4gICAgICAgICAgYWxsb3c6XG4gICAgICAgICAgICAtIGFkbWluXG4gICAgICAgICAgICAtIGFub25cbiAgLSBuYW1lOiByZWFsdGltZS12MS1yZXN0XG4gICAgX2NvbW1lbnQ6ICdSZWFsdGltZTogL3JlYWx0aW1lL3YxLyogLT4gd3M6Ly9yZWFsdGltZTo0MDAwL3NvY2tldC8qJ1xuICAgIHVybDogaHR0cDovL3JlYWx0aW1lLWRldjo0MDAwL2FwaVxuICAgIHByb3RvY29sOiBodHRwXG4gICAgcm91dGVzOlxuICAgICAgLSBuYW1lOiByZWFsdGltZS12MS1yZXN0XG4gICAgICAgIHN0cmlwX3BhdGg6IHRydWVcbiAgICAgICAgcGF0aHM6XG4gICAgICAgICAgLSAvcmVhbHRpbWUvdjEvYXBpXG4gICAgcGx1Z2luczpcbiAgICAgIC0gbmFtZTogY29yc1xuICAgICAgLSBuYW1lOiBrZXktYXV0aFxuICAgICAgICBjb25maWc6XG4gICAgICAgICAgaGlkZV9jcmVkZW50aWFsczogZmFsc2VcbiAgICAgIC0gbmFtZTogYWNsXG4gICAgICAgIGNvbmZpZzpcbiAgICAgICAgICBoaWRlX2dyb3Vwc19oZWFkZXI6IHRydWVcbiAgICAgICAgICBhbGxvdzpcbiAgICAgICAgICAgIC0gYWRtaW5cbiAgICAgICAgICAgIC0gYW5vblxuXG4gICMjIFN0b3JhZ2Ugcm91dGVzOiB0aGUgc3RvcmFnZSBzZXJ2ZXIgbWFuYWdlcyBpdHMgb3duIGF1dGhcbiAgLSBuYW1lOiBzdG9yYWdlLXYxXG4gICAgX2NvbW1lbnQ6ICdTdG9yYWdlOiAvc3RvcmFnZS92MS8qIC0+IGh0dHA6Ly9zdXBhYmFzZS1zdG9yYWdlOjUwMDAvKidcbiAgICB1cmw6IGh0dHA6Ly9zdXBhYmFzZS1zdG9yYWdlOjUwMDAvXG4gICAgcm91dGVzOlxuICAgICAgLSBuYW1lOiBzdG9yYWdlLXYxLWFsbFxuICAgICAgICBzdHJpcF9wYXRoOiB0cnVlXG4gICAgICAgIHBhdGhzOlxuICAgICAgICAgIC0gL3N0b3JhZ2UvdjEvXG4gICAgcGx1Z2luczpcbiAgICAgIC0gbmFtZTogY29yc1xuXG4gICMjIEVkZ2UgRnVuY3Rpb25zIHJvdXRlc1xuICAtIG5hbWU6IGZ1bmN0aW9ucy12MVxuICAgIF9jb21tZW50OiAnRWRnZSBGdW5jdGlvbnM6IC9mdW5jdGlvbnMvdjEvKiAtPiBodHRwOi8vc3VwYWJhc2UtZWRnZS1mdW5jdGlvbnM6OTAwMC8qJ1xuICAgIHVybDogaHR0cDovL3N1cGFiYXNlLWVkZ2UtZnVuY3Rpb25zOjkwMDAvXG4gICAgcm91dGVzOlxuICAgICAgLSBuYW1lOiBmdW5jdGlvbnMtdjEtYWxsXG4gICAgICAgIHN0cmlwX3BhdGg6IHRydWVcbiAgICAgICAgcGF0aHM6XG4gICAgICAgICAgLSAvZnVuY3Rpb25zL3YxL1xuICAgIHBsdWdpbnM6XG4gICAgICAtIG5hbWU6IGNvcnNcblxuICAjIyBBbmFseXRpY3Mgcm91dGVzXG4gIC0gbmFtZTogYW5hbHl0aWNzLXYxXG4gICAgX2NvbW1lbnQ6ICdBbmFseXRpY3M6IC9hbmFseXRpY3MvdjEvKiAtPiBodHRwOi8vbG9nZmxhcmU6NDAwMC8qJ1xuICAgIHVybDogaHR0cDovL3N1cGFiYXNlLWFuYWx5dGljczo0MDAwL1xuICAgIHJvdXRlczpcbiAgICAgIC0gbmFtZTogYW5hbHl0aWNzLXYxLWFsbFxuICAgICAgICBzdHJpcF9wYXRoOiB0cnVlXG4gICAgICAgIHBhdGhzOlxuICAgICAgICAgIC0gL2FuYWx5dGljcy92MS9cblxuICAjIyBTZWN1cmUgRGF0YWJhc2Ugcm91dGVzXG4gIC0gbmFtZTogbWV0YVxuICAgIF9jb21tZW50OiAncGctbWV0YTogL3BnLyogLT4gaHR0cDovL3N1cGFiYXNlLW1ldGE6ODA4MC8qJ1xuICAgIHVybDogaHR0cDovL3N1cGFiYXNlLW1ldGE6ODA4MC9cbiAgICByb3V0ZXM6XG4gICAgICAtIG5hbWU6IG1ldGEtYWxsXG4gICAgICAgIHN0cmlwX3BhdGg6IHRydWVcbiAgICAgICAgcGF0aHM6XG4gICAgICAgICAgLSAvcGcvXG4gICAgcGx1Z2luczpcbiAgICAgIC0gbmFtZToga2V5LWF1dGhcbiAgICAgICAgY29uZmlnOlxuICAgICAgICAgIGhpZGVfY3JlZGVudGlhbHM6IGZhbHNlXG4gICAgICAtIG5hbWU6IGFjbFxuICAgICAgICBjb25maWc6XG4gICAgICAgICAgaGlkZV9ncm91cHNfaGVhZGVyOiB0cnVlXG4gICAgICAgICAgYWxsb3c6XG4gICAgICAgICAgICAtIGFkbWluXG5cbiAgIyMgUHJvdGVjdGVkIERhc2hib2FyZCAtIGNhdGNoIGFsbCByZW1haW5pbmcgcm91dGVzXG4gIC0gbmFtZTogZGFzaGJvYXJkXG4gICAgX2NvbW1lbnQ6ICdTdHVkaW86IC8qIC0+IGh0dHA6Ly9zdHVkaW86MzAwMC8qJ1xuICAgIHVybDogaHR0cDovL3N1cGFiYXNlLXN0dWRpbzozMDAwL1xuICAgIHJvdXRlczpcbiAgICAgIC0gbmFtZTogZGFzaGJvYXJkLWFsbFxuICAgICAgICBzdHJpcF9wYXRoOiB0cnVlXG4gICAgICAgIHBhdGhzOlxuICAgICAgICAgIC0gL1xuICAgIHBsdWdpbnM6XG4gICAgICAtIG5hbWU6IGNvcnNcbiAgICAgIC0gbmFtZTogYmFzaWMtYXV0aFxuICAgICAgICBjb25maWc6XG4gICAgICAgICAgaGlkZV9jcmVkZW50aWFsczogdHJ1ZVxuIgogIHN1cGFiYXNlLXN0dWRpbzoKICAgIGltYWdlOiAnc3VwYWJhc2Uvc3R1ZGlvOjIwMjQxMjAyLTcxZTUyNDAnCiAgICBoZWFsdGhjaGVjazoKICAgICAgdGVzdDoKICAgICAgICAtIENNRAogICAgICAgIC0gbm9kZQogICAgICAgIC0gJy1lJwogICAgICAgIC0gInJlcXVpcmUoJ2h0dHAnKS5nZXQoJ2h0dHA6Ly8xMjcuMC4wLjE6MzAwMC9hcGkvcHJvZmlsZScsIChyKSA9PiB7aWYgKHIuc3RhdHVzQ29kZSAhPT0gMjAwKSBwcm9jZXNzLmV4aXQoMSk7IGVsc2UgcHJvY2Vzcy5leGl0KDApOyB9KS5vbignZXJyb3InLCAoKSA9PiBwcm9jZXNzLmV4aXQoMSkpIgogICAgICB0aW1lb3V0OiA1cwogICAgICBpbnRlcnZhbDogNXMKICAgICAgcmV0cmllczogMwogICAgZGVwZW5kc19vbjoKICAgICAgc3VwYWJhc2UtYW5hbHl0aWNzOgogICAgICAgIGNvbmRpdGlvbjogc2VydmljZV9oZWFsdGh5CiAgICBlbnZpcm9ubWVudDoKICAgICAgLSBIT1NUTkFNRT0wLjAuMC4wCiAgICAgIC0gJ1NUVURJT19QR19NRVRBX1VSTD1odHRwOi8vc3VwYWJhc2UtbWV0YTo4MDgwJwogICAgICAtICdQT1NUR1JFU19QQVNTV09SRD0ke1NFUlZJQ0VfUEFTU1dPUkRfUE9TVEdSRVN9JwogICAgICAtICdERUZBVUxUX09SR0FOSVpBVElPTl9OQU1FPSR7U1RVRElPX0RFRkFVTFRfT1JHQU5JWkFUSU9OOi1EZWZhdWx0IE9yZ2FuaXphdGlvbn0nCiAgICAgIC0gJ0RFRkFVTFRfUFJPSkVDVF9OQU1FPSR7U1RVRElPX0RFRkFVTFRfUFJPSkVDVDotRGVmYXVsdCBQcm9qZWN0fScKICAgICAgLSAnU1VQQUJBU0VfVVJMPWh0dHA6Ly9zdXBhYmFzZS1rb25nOjgwMDAnCiAgICAgIC0gJ1NVUEFCQVNFX1BVQkxJQ19VUkw9JHtTRVJWSUNFX0ZRRE5fU1VQQUJBU0VLT05HfScKICAgICAgLSAnU1VQQUJBU0VfQU5PTl9LRVk9JHtTRVJWSUNFX1NVUEFCQVNFQU5PTl9LRVl9JwogICAgICAtICdTVVBBQkFTRV9TRVJWSUNFX0tFWT0ke1NFUlZJQ0VfU1VQQUJBU0VTRVJWSUNFX0tFWX0nCiAgICAgIC0gJ0FVVEhfSldUX1NFQ1JFVD0ke1NFUlZJQ0VfUEFTU1dPUkRfSldUfScKICAgICAgLSAnTE9HRkxBUkVfQVBJX0tFWT0ke1NFUlZJQ0VfUEFTU1dPUkRfTE9HRkxBUkV9JwogICAgICAtICdMT0dGTEFSRV9VUkw9aHR0cDovL3N1cGFiYXNlLWFuYWx5dGljczo0MDAwJwogICAgICAtICdTVVBBQkFTRV9QVUJMSUNfQVBJPSR7U0VSVklDRV9GUUROX1NVUEFCQVNFS09OR30nCiAgICAgIC0gTkVYVF9QVUJMSUNfRU5BQkxFX0xPR1M9dHJ1ZQogICAgICAtIE5FWFRfQU5BTFlUSUNTX0JBQ0tFTkRfUFJPVklERVI9cG9zdGdyZXMKICAgICAgLSAnT1BFTkFJX0FQSV9LRVk9JHtPUEVOQUlfQVBJX0tFWX0nCiAgc3VwYWJhc2UtZGI6CiAgICBpbWFnZTogJ3N1cGFiYXNlL3Bvc3RncmVzOjE1LjYuMS4xNDYnCiAgICBoZWFsdGhjaGVjazoKICAgICAgdGVzdDogJ3BnX2lzcmVhZHkgLVUgcG9zdGdyZXMgLWggMTI3LjAuMC4xJwogICAgICBpbnRlcnZhbDogNXMKICAgICAgdGltZW91dDogNXMKICAgICAgcmV0cmllczogMTAKICAgIGRlcGVuZHNfb246CiAgICAgIHN1cGFiYXNlLXZlY3RvcjoKICAgICAgICBjb25kaXRpb246IHNlcnZpY2VfaGVhbHRoeQogICAgY29tbWFuZDoKICAgICAgLSBwb3N0Z3JlcwogICAgICAtICctYycKICAgICAgLSBjb25maWdfZmlsZT0vZXRjL3Bvc3RncmVzcWwvcG9zdGdyZXNxbC5jb25mCiAgICAgIC0gJy1jJwogICAgICAtIGxvZ19taW5fbWVzc2FnZXM9ZmF0YWwKICAgIGVudmlyb25tZW50OgogICAgICAtIFBPU1RHUkVTX0hPU1Q9L3Zhci9ydW4vcG9zdGdyZXNxbAogICAgICAtICdQR1BPUlQ9JHtQT1NUR1JFU19QT1JUOi01NDMyfScKICAgICAgLSAnUE9TVEdSRVNfUE9SVD0ke1BPU1RHUkVTX1BPUlQ6LTU0MzJ9JwogICAgICAtICdQR1BBU1NXT1JEPSR7U0VSVklDRV9QQVNTV09SRF9QT1NUR1JFU30nCiAgICAgIC0gJ1BPU1RHUkVTX1BBU1NXT1JEPSR7U0VSVklDRV9QQVNTV09SRF9QT1NUR1JFU30nCiAgICAgIC0gJ1BHREFUQUJBU0U9JHtQT1NUR1JFU19EQjotcG9zdGdyZXN9JwogICAgICAtICdQT1NUR1JFU19EQj0ke1BPU1RHUkVTX0RCOi1wb3N0Z3Jlc30nCiAgICAgIC0gJ0pXVF9TRUNSRVQ9JHtTRVJWSUNFX1BBU1NXT1JEX0pXVH0nCiAgICAgIC0gJ0pXVF9FWFA9JHtKV1RfRVhQSVJZOi0zNjAwfScKICAgIHZvbHVtZXM6CiAgICAgIC0gJ3N1cGFiYXNlLWRiLWRhdGE6L3Zhci9saWIvcG9zdGdyZXNxbC9kYXRhJwogICAgICAtCiAgICAgICAgdHlwZTogYmluZAogICAgICAgIHNvdXJjZTogLi92b2x1bWVzL2RiL3JlYWx0aW1lLnNxbAogICAgICAgIHRhcmdldDogL2RvY2tlci1lbnRyeXBvaW50LWluaXRkYi5kL21pZ3JhdGlvbnMvOTktcmVhbHRpbWUuc3FsCiAgICAgICAgY29udGVudDogIlxcc2V0IHBndXNlciBgZWNobyBcInN1cGFiYXNlX2FkbWluXCJgXG5cbmNyZWF0ZSBzY2hlbWEgaWYgbm90IGV4aXN0cyBfcmVhbHRpbWU7XG5hbHRlciBzY2hlbWEgX3JlYWx0aW1lIG93bmVyIHRvIDpwZ3VzZXI7XG4iCiAgICAgIC0KICAgICAgICB0eXBlOiBiaW5kCiAgICAgICAgc291cmNlOiAuL3ZvbHVtZXMvZGIvX3N1cGFiYXNlLnNxbAogICAgICAgIHRhcmdldDogL2RvY2tlci1lbnRyeXBvaW50LWluaXRkYi5kL21pZ3JhdGlvbnMvOTctX3N1cGFiYXNlLnNxbAogICAgICAgIGNvbnRlbnQ6ICJcXHNldCBwZ3VzZXIgYGVjaG8gXCIkUE9TVEdSRVNfVVNFUlwiYFxuXG5DUkVBVEUgREFUQUJBU0UgX3N1cGFiYXNlIFdJVEggT1dORVIgOnBndXNlcjtcbiIKICAgICAgLQogICAgICAgIHR5cGU6IGJpbmQKICAgICAgICBzb3VyY2U6IC4vdm9sdW1lcy9kYi9wb29sZXIuc3FsCiAgICAgICAgdGFyZ2V0OiAvZG9ja2VyLWVudHJ5cG9pbnQtaW5pdGRiLmQvbWlncmF0aW9ucy85OS1wb29sZXIuc3FsCiAgICAgICAgY29udGVudDogIlxcc2V0IHBndXNlciBgZWNobyBcInN1cGFiYXNlX2FkbWluXCJgXG5cXGMgX3N1cGFiYXNlXG5jcmVhdGUgc2NoZW1hIGlmIG5vdCBleGlzdHMgX3N1cGF2aXNvcjtcbmFsdGVyIHNjaGVtYSBfc3VwYXZpc29yIG93bmVyIHRvIDpwZ3VzZXI7XG5cXGMgcG9zdGdyZXNcbiIKICAgICAgLQogICAgICAgIHR5cGU6IGJpbmQKICAgICAgICBzb3VyY2U6IC4vdm9sdW1lcy9kYi93ZWJob29rcy5zcWwKICAgICAgICB0YXJnZXQ6IC9kb2NrZXItZW50cnlwb2ludC1pbml0ZGIuZC9pbml0LXNjcmlwdHMvOTgtd2ViaG9va3Muc3FsCiAgICAgICAgY29udGVudDogIkJFR0lOO1xuLS0gQ3JlYXRlIHBnX25ldCBleHRlbnNpb25cbkNSRUFURSBFWFRFTlNJT04gSUYgTk9UIEVYSVNUUyBwZ19uZXQgU0NIRU1BIGV4dGVuc2lvbnM7XG4tLSBDcmVhdGUgc3VwYWJhc2VfZnVuY3Rpb25zIHNjaGVtYVxuQ1JFQVRFIFNDSEVNQSBzdXBhYmFzZV9mdW5jdGlvbnMgQVVUSE9SSVpBVElPTiBzdXBhYmFzZV9hZG1pbjtcbkdSQU5UIFVTQUdFIE9OIFNDSEVNQSBzdXBhYmFzZV9mdW5jdGlvbnMgVE8gcG9zdGdyZXMsIGFub24sIGF1dGhlbnRpY2F0ZWQsIHNlcnZpY2Vfcm9sZTtcbkFMVEVSIERFRkFVTFQgUFJJVklMRUdFUyBJTiBTQ0hFTUEgc3VwYWJhc2VfZnVuY3Rpb25zIEdSQU5UIEFMTCBPTiBUQUJMRVMgVE8gcG9zdGdyZXMsIGFub24sIGF1dGhlbnRpY2F0ZWQsIHNlcnZpY2Vfcm9sZTtcbkFMVEVSIERFRkFVTFQgUFJJVklMRUdFUyBJTiBTQ0hFTUEgc3VwYWJhc2VfZnVuY3Rpb25zIEdSQU5UIEFMTCBPTiBGVU5DVElPTlMgVE8gcG9zdGdyZXMsIGFub24sIGF1dGhlbnRpY2F0ZWQsIHNlcnZpY2Vfcm9sZTtcbkFMVEVSIERFRkFVTFQgUFJJVklMRUdFUyBJTiBTQ0hFTUEgc3VwYWJhc2VfZnVuY3Rpb25zIEdSQU5UIEFMTCBPTiBTRVFVRU5DRVMgVE8gcG9zdGdyZXMsIGFub24sIGF1dGhlbnRpY2F0ZWQsIHNlcnZpY2Vfcm9sZTtcbi0tIHN1cGFiYXNlX2Z1bmN0aW9ucy5taWdyYXRpb25zIGRlZmluaXRpb25cbkNSRUFURSBUQUJMRSBzdXBhYmFzZV9mdW5jdGlvbnMubWlncmF0aW9ucyAoXG4gIHZlcnNpb24gdGV4dCBQUklNQVJZIEtFWSxcbiAgaW5zZXJ0ZWRfYXQgdGltZXN0YW1wdHogTk9UIE5VTEwgREVGQVVMVCBOT1coKVxuKTtcbi0tIEluaXRpYWwgc3VwYWJhc2VfZnVuY3Rpb25zIG1pZ3JhdGlvblxuSU5TRVJUIElOVE8gc3VwYWJhc2VfZnVuY3Rpb25zLm1pZ3JhdGlvbnMgKHZlcnNpb24pIFZBTFVFUyAoJ2luaXRpYWwnKTtcbi0tIHN1cGFiYXNlX2Z1bmN0aW9ucy5ob29rcyBkZWZpbml0aW9uXG5DUkVBVEUgVEFCTEUgc3VwYWJhc2VfZnVuY3Rpb25zLmhvb2tzIChcbiAgaWQgYmlnc2VyaWFsIFBSSU1BUlkgS0VZLFxuICBob29rX3RhYmxlX2lkIGludGVnZXIgTk9UIE5VTEwsXG4gIGhvb2tfbmFtZSB0ZXh0IE5PVCBOVUxMLFxuICBjcmVhdGVkX2F0IHRpbWVzdGFtcHR6IE5PVCBOVUxMIERFRkFVTFQgTk9XKCksXG4gIHJlcXVlc3RfaWQgYmlnaW50XG4pO1xuQ1JFQVRFIElOREVYIHN1cGFiYXNlX2Z1bmN0aW9uc19ob29rc19yZXF1ZXN0X2lkX2lkeCBPTiBzdXBhYmFzZV9mdW5jdGlvbnMuaG9va3MgVVNJTkcgYnRyZWUgKHJlcXVlc3RfaWQpO1xuQ1JFQVRFIElOREVYIHN1cGFiYXNlX2Z1bmN0aW9uc19ob29rc19oX3RhYmxlX2lkX2hfbmFtZV9pZHggT04gc3VwYWJhc2VfZnVuY3Rpb25zLmhvb2tzIFVTSU5HIGJ0cmVlIChob29rX3RhYmxlX2lkLCBob29rX25hbWUpO1xuQ09NTUVOVCBPTiBUQUJMRSBzdXBhYmFzZV9mdW5jdGlvbnMuaG9va3MgSVMgJ1N1cGFiYXNlIEZ1bmN0aW9ucyBIb29rczogQXVkaXQgdHJhaWwgZm9yIHRyaWdnZXJlZCBob29rcy4nO1xuQ1JFQVRFIEZVTkNUSU9OIHN1cGFiYXNlX2Z1bmN0aW9ucy5odHRwX3JlcXVlc3QoKVxuICBSRVRVUk5TIHRyaWdnZXJcbiAgTEFOR1VBR0UgcGxwZ3NxbFxuICBBUyAkZnVuY3Rpb24kXG4gIERFQ0xBUkVcbiAgICByZXF1ZXN0X2lkIGJpZ2ludDtcbiAgICBwYXlsb2FkIGpzb25iO1xuICAgIHVybCB0ZXh0IDo9IFRHX0FSR1ZbMF06OnRleHQ7XG4gICAgbWV0aG9kIHRleHQgOj0gVEdfQVJHVlsxXTo6dGV4dDtcbiAgICBoZWFkZXJzIGpzb25iIERFRkFVTFQgJ3t9Jzo6anNvbmI7XG4gICAgcGFyYW1zIGpzb25iIERFRkFVTFQgJ3t9Jzo6anNvbmI7XG4gICAgdGltZW91dF9tcyBpbnRlZ2VyIERFRkFVTFQgMTAwMDtcbiAgQkVHSU5cbiAgICBJRiB1cmwgSVMgTlVMTCBPUiB1cmwgPSAnbnVsbCcgVEhFTlxuICAgICAgUkFJU0UgRVhDRVBUSU9OICd1cmwgYXJndW1lbnQgaXMgbWlzc2luZyc7XG4gICAgRU5EIElGO1xuXG4gICAgSUYgbWV0aG9kIElTIE5VTEwgT1IgbWV0aG9kID0gJ251bGwnIFRIRU5cbiAgICAgIFJBSVNFIEVYQ0VQVElPTiAnbWV0aG9kIGFyZ3VtZW50IGlzIG1pc3NpbmcnO1xuICAgIEVORCBJRjtcblxuICAgIElGIFRHX0FSR1ZbMl0gSVMgTlVMTCBPUiBUR19BUkdWWzJdID0gJ251bGwnIFRIRU5cbiAgICAgIGhlYWRlcnMgPSAne1wiQ29udGVudC1UeXBlXCI6IFwiYXBwbGljYXRpb24vanNvblwifSc6Ompzb25iO1xuICAgIEVMU0VcbiAgICAgIGhlYWRlcnMgPSBUR19BUkdWWzJdOjpqc29uYjtcbiAgICBFTkQgSUY7XG5cbiAgICBJRiBUR19BUkdWWzNdIElTIE5VTEwgT1IgVEdfQVJHVlszXSA9ICdudWxsJyBUSEVOXG4gICAgICBwYXJhbXMgPSAne30nOjpqc29uYjtcbiAgICBFTFNFXG4gICAgICBwYXJhbXMgPSBUR19BUkdWWzNdOjpqc29uYjtcbiAgICBFTkQgSUY7XG5cbiAgICBJRiBUR19BUkdWWzRdIElTIE5VTEwgT1IgVEdfQVJHVls0XSA9ICdudWxsJyBUSEVOXG4gICAgICB0aW1lb3V0X21zID0gMTAwMDtcbiAgICBFTFNFXG4gICAgICB0aW1lb3V0X21zID0gVEdfQVJHVls0XTo6aW50ZWdlcjtcbiAgICBFTkQgSUY7XG5cbiAgICBDQVNFXG4gICAgICBXSEVOIG1ldGhvZCA9ICdHRVQnIFRIRU5cbiAgICAgICAgU0VMRUNUIGh0dHBfZ2V0IElOVE8gcmVxdWVzdF9pZCBGUk9NIG5ldC5odHRwX2dldChcbiAgICAgICAgICB1cmwsXG4gICAgICAgICAgcGFyYW1zLFxuICAgICAgICAgIGhlYWRlcnMsXG4gICAgICAgICAgdGltZW91dF9tc1xuICAgICAgICApO1xuICAgICAgV0hFTiBtZXRob2QgPSAnUE9TVCcgVEhFTlxuICAgICAgICBwYXlsb2FkID0ganNvbmJfYnVpbGRfb2JqZWN0KFxuICAgICAgICAgICdvbGRfcmVjb3JkJywgT0xELFxuICAgICAgICAgICdyZWNvcmQnLCBORVcsXG4gICAgICAgICAgJ3R5cGUnLCBUR19PUCxcbiAgICAgICAgICAndGFibGUnLCBUR19UQUJMRV9OQU1FLFxuICAgICAgICAgICdzY2hlbWEnLCBUR19UQUJMRV9TQ0hFTUFcbiAgICAgICAgKTtcblxuICAgICAgICBTRUxFQ1QgaHR0cF9wb3N0IElOVE8gcmVxdWVzdF9pZCBGUk9NIG5ldC5odHRwX3Bvc3QoXG4gICAgICAgICAgdXJsLFxuICAgICAgICAgIHBheWxvYWQsXG4gICAgICAgICAgcGFyYW1zLFxuICAgICAgICAgIGhlYWRlcnMsXG4gICAgICAgICAgdGltZW91dF9tc1xuICAgICAgICApO1xuICAgICAgRUxTRVxuICAgICAgICBSQUlTRSBFWENFUFRJT04gJ21ldGhvZCBhcmd1bWVudCAlIGlzIGludmFsaWQnLCBtZXRob2Q7XG4gICAgRU5EIENBU0U7XG5cbiAgICBJTlNFUlQgSU5UTyBzdXBhYmFzZV9mdW5jdGlvbnMuaG9va3NcbiAgICAgIChob29rX3RhYmxlX2lkLCBob29rX25hbWUsIHJlcXVlc3RfaWQpXG4gICAgVkFMVUVTXG4gICAgICAoVEdfUkVMSUQsIFRHX05BTUUsIHJlcXVlc3RfaWQpO1xuXG4gICAgUkVUVVJOIE5FVztcbiAgRU5EXG4kZnVuY3Rpb24kO1xuLS0gU3VwYWJhc2Ugc3VwZXIgYWRtaW5cbkRPXG4kJFxuQkVHSU5cbiAgSUYgTk9UIEVYSVNUUyAoXG4gICAgU0VMRUNUIDFcbiAgICBGUk9NIHBnX3JvbGVzXG4gICAgV0hFUkUgcm9sbmFtZSA9ICdzdXBhYmFzZV9mdW5jdGlvbnNfYWRtaW4nXG4gIClcbiAgVEhFTlxuICAgIENSRUFURSBVU0VSIHN1cGFiYXNlX2Z1bmN0aW9uc19hZG1pbiBOT0lOSEVSSVQgQ1JFQVRFUk9MRSBMT0dJTiBOT1JFUExJQ0FUSU9OO1xuICBFTkQgSUY7XG5FTkRcbiQkO1xuR1JBTlQgQUxMIFBSSVZJTEVHRVMgT04gU0NIRU1BIHN1cGFiYXNlX2Z1bmN0aW9ucyBUTyBzdXBhYmFzZV9mdW5jdGlvbnNfYWRtaW47XG5HUkFOVCBBTEwgUFJJVklMRUdFUyBPTiBBTEwgVEFCTEVTIElOIFNDSEVNQSBzdXBhYmFzZV9mdW5jdGlvbnMgVE8gc3VwYWJhc2VfZnVuY3Rpb25zX2FkbWluO1xuR1JBTlQgQUxMIFBSSVZJTEVHRVMgT04gQUxMIFNFUVVFTkNFUyBJTiBTQ0hFTUEgc3VwYWJhc2VfZnVuY3Rpb25zIFRPIHN1cGFiYXNlX2Z1bmN0aW9uc19hZG1pbjtcbkFMVEVSIFVTRVIgc3VwYWJhc2VfZnVuY3Rpb25zX2FkbWluIFNFVCBzZWFyY2hfcGF0aCA9IFwic3VwYWJhc2VfZnVuY3Rpb25zXCI7XG5BTFRFUiB0YWJsZSBcInN1cGFiYXNlX2Z1bmN0aW9uc1wiLm1pZ3JhdGlvbnMgT1dORVIgVE8gc3VwYWJhc2VfZnVuY3Rpb25zX2FkbWluO1xuQUxURVIgdGFibGUgXCJzdXBhYmFzZV9mdW5jdGlvbnNcIi5ob29rcyBPV05FUiBUTyBzdXBhYmFzZV9mdW5jdGlvbnNfYWRtaW47XG5BTFRFUiBmdW5jdGlvbiBcInN1cGFiYXNlX2Z1bmN0aW9uc1wiLmh0dHBfcmVxdWVzdCgpIE9XTkVSIFRPIHN1cGFiYXNlX2Z1bmN0aW9uc19hZG1pbjtcbkdSQU5UIHN1cGFiYXNlX2Z1bmN0aW9uc19hZG1pbiBUTyBwb3N0Z3Jlcztcbi0tIFJlbW92ZSB1bnVzZWQgc3VwYWJhc2VfcGdfbmV0X2FkbWluIHJvbGVcbkRPXG4kJFxuQkVHSU5cbiAgSUYgRVhJU1RTIChcbiAgICBTRUxFQ1QgMVxuICAgIEZST00gcGdfcm9sZXNcbiAgICBXSEVSRSByb2xuYW1lID0gJ3N1cGFiYXNlX3BnX25ldF9hZG1pbidcbiAgKVxuICBUSEVOXG4gICAgUkVBU1NJR04gT1dORUQgQlkgc3VwYWJhc2VfcGdfbmV0X2FkbWluIFRPIHN1cGFiYXNlX2FkbWluO1xuICAgIERST1AgT1dORUQgQlkgc3VwYWJhc2VfcGdfbmV0X2FkbWluO1xuICAgIERST1AgUk9MRSBzdXBhYmFzZV9wZ19uZXRfYWRtaW47XG4gIEVORCBJRjtcbkVORFxuJCQ7XG4tLSBwZ19uZXQgZ3JhbnRzIHdoZW4gZXh0ZW5zaW9uIGlzIGFscmVhZHkgZW5hYmxlZFxuRE9cbiQkXG5CRUdJTlxuICBJRiBFWElTVFMgKFxuICAgIFNFTEVDVCAxXG4gICAgRlJPTSBwZ19leHRlbnNpb25cbiAgICBXSEVSRSBleHRuYW1lID0gJ3BnX25ldCdcbiAgKVxuICBUSEVOXG4gICAgR1JBTlQgVVNBR0UgT04gU0NIRU1BIG5ldCBUTyBzdXBhYmFzZV9mdW5jdGlvbnNfYWRtaW4sIHBvc3RncmVzLCBhbm9uLCBhdXRoZW50aWNhdGVkLCBzZXJ2aWNlX3JvbGU7XG4gICAgQUxURVIgZnVuY3Rpb24gbmV0Lmh0dHBfZ2V0KHVybCB0ZXh0LCBwYXJhbXMganNvbmIsIGhlYWRlcnMganNvbmIsIHRpbWVvdXRfbWlsbGlzZWNvbmRzIGludGVnZXIpIFNFQ1VSSVRZIERFRklORVI7XG4gICAgQUxURVIgZnVuY3Rpb24gbmV0Lmh0dHBfcG9zdCh1cmwgdGV4dCwgYm9keSBqc29uYiwgcGFyYW1zIGpzb25iLCBoZWFkZXJzIGpzb25iLCB0aW1lb3V0X21pbGxpc2Vjb25kcyBpbnRlZ2VyKSBTRUNVUklUWSBERUZJTkVSO1xuICAgIEFMVEVSIGZ1bmN0aW9uIG5ldC5odHRwX2dldCh1cmwgdGV4dCwgcGFyYW1zIGpzb25iLCBoZWFkZXJzIGpzb25iLCB0aW1lb3V0X21pbGxpc2Vjb25kcyBpbnRlZ2VyKSBTRVQgc2VhcmNoX3BhdGggPSBuZXQ7XG4gICAgQUxURVIgZnVuY3Rpb24gbmV0Lmh0dHBfcG9zdCh1cmwgdGV4dCwgYm9keSBqc29uYiwgcGFyYW1zIGpzb25iLCBoZWFkZXJzIGpzb25iLCB0aW1lb3V0X21pbGxpc2Vjb25kcyBpbnRlZ2VyKSBTRVQgc2VhcmNoX3BhdGggPSBuZXQ7XG4gICAgUkVWT0tFIEFMTCBPTiBGVU5DVElPTiBuZXQuaHR0cF9nZXQodXJsIHRleHQsIHBhcmFtcyBqc29uYiwgaGVhZGVycyBqc29uYiwgdGltZW91dF9taWxsaXNlY29uZHMgaW50ZWdlcikgRlJPTSBQVUJMSUM7XG4gICAgUkVWT0tFIEFMTCBPTiBGVU5DVElPTiBuZXQuaHR0cF9wb3N0KHVybCB0ZXh0LCBib2R5IGpzb25iLCBwYXJhbXMganNvbmIsIGhlYWRlcnMganNvbmIsIHRpbWVvdXRfbWlsbGlzZWNvbmRzIGludGVnZXIpIEZST00gUFVCTElDO1xuICAgIEdSQU5UIEVYRUNVVEUgT04gRlVOQ1RJT04gbmV0Lmh0dHBfZ2V0KHVybCB0ZXh0LCBwYXJhbXMganNvbmIsIGhlYWRlcnMganNvbmIsIHRpbWVvdXRfbWlsbGlzZWNvbmRzIGludGVnZXIpIFRPIHN1cGFiYXNlX2Z1bmN0aW9uc19hZG1pbiwgcG9zdGdyZXMsIGFub24sIGF1dGhlbnRpY2F0ZWQsIHNlcnZpY2Vfcm9sZTtcbiAgICBHUkFOVCBFWEVDVVRFIE9OIEZVTkNUSU9OIG5ldC5odHRwX3Bvc3QodXJsIHRleHQsIGJvZHkganNvbmIsIHBhcmFtcyBqc29uYiwgaGVhZGVycyBqc29uYiwgdGltZW91dF9taWxsaXNlY29uZHMgaW50ZWdlcikgVE8gc3VwYWJhc2VfZnVuY3Rpb25zX2FkbWluLCBwb3N0Z3JlcywgYW5vbiwgYXV0aGVudGljYXRlZCwgc2VydmljZV9yb2xlO1xuICBFTkQgSUY7XG5FTkRcbiQkO1xuLS0gRXZlbnQgdHJpZ2dlciBmb3IgcGdfbmV0XG5DUkVBVEUgT1IgUkVQTEFDRSBGVU5DVElPTiBleHRlbnNpb25zLmdyYW50X3BnX25ldF9hY2Nlc3MoKVxuUkVUVVJOUyBldmVudF90cmlnZ2VyXG5MQU5HVUFHRSBwbHBnc3FsXG5BUyAkJFxuQkVHSU5cbiAgSUYgRVhJU1RTIChcbiAgICBTRUxFQ1QgMVxuICAgIEZST00gcGdfZXZlbnRfdHJpZ2dlcl9kZGxfY29tbWFuZHMoKSBBUyBldlxuICAgIEpPSU4gcGdfZXh0ZW5zaW9uIEFTIGV4dFxuICAgIE9OIGV2Lm9iamlkID0gZXh0Lm9pZFxuICAgIFdIRVJFIGV4dC5leHRuYW1lID0gJ3BnX25ldCdcbiAgKVxuICBUSEVOXG4gICAgR1JBTlQgVVNBR0UgT04gU0NIRU1BIG5ldCBUTyBzdXBhYmFzZV9mdW5jdGlvbnNfYWRtaW4sIHBvc3RncmVzLCBhbm9uLCBhdXRoZW50aWNhdGVkLCBzZXJ2aWNlX3JvbGU7XG4gICAgQUxURVIgZnVuY3Rpb24gbmV0Lmh0dHBfZ2V0KHVybCB0ZXh0LCBwYXJhbXMganNvbmIsIGhlYWRlcnMganNvbmIsIHRpbWVvdXRfbWlsbGlzZWNvbmRzIGludGVnZXIpIFNFQ1VSSVRZIERFRklORVI7XG4gICAgQUxURVIgZnVuY3Rpb24gbmV0Lmh0dHBfcG9zdCh1cmwgdGV4dCwgYm9keSBqc29uYiwgcGFyYW1zIGpzb25iLCBoZWFkZXJzIGpzb25iLCB0aW1lb3V0X21pbGxpc2Vjb25kcyBpbnRlZ2VyKSBTRUNVUklUWSBERUZJTkVSO1xuICAgIEFMVEVSIGZ1bmN0aW9uIG5ldC5odHRwX2dldCh1cmwgdGV4dCwgcGFyYW1zIGpzb25iLCBoZWFkZXJzIGpzb25iLCB0aW1lb3V0X21pbGxpc2Vjb25kcyBpbnRlZ2VyKSBTRVQgc2VhcmNoX3BhdGggPSBuZXQ7XG4gICAgQUxURVIgZnVuY3Rpb24gbmV0Lmh0dHBfcG9zdCh1cmwgdGV4dCwgYm9keSBqc29uYiwgcGFyYW1zIGpzb25iLCBoZWFkZXJzIGpzb25iLCB0aW1lb3V0X21pbGxpc2Vjb25kcyBpbnRlZ2VyKSBTRVQgc2VhcmNoX3BhdGggPSBuZXQ7XG4gICAgUkVWT0tFIEFMTCBPTiBGVU5DVElPTiBuZXQuaHR0cF9nZXQodXJsIHRleHQsIHBhcmFtcyBqc29uYiwgaGVhZGVycyBqc29uYiwgdGltZW91dF9taWxsaXNlY29uZHMgaW50ZWdlcikgRlJPTSBQVUJMSUM7XG4gICAgUkVWT0tFIEFMTCBPTiBGVU5DVElPTiBuZXQuaHR0cF9wb3N0KHVybCB0ZXh0LCBib2R5IGpzb25iLCBwYXJhbXMganNvbmIsIGhlYWRlcnMganNvbmIsIHRpbWVvdXRfbWlsbGlzZWNvbmRzIGludGVnZXIpIEZST00gUFVCTElDO1xuICAgIEdSQU5UIEVYRUNVVEUgT04gRlVOQ1RJT04gbmV0Lmh0dHBfZ2V0KHVybCB0ZXh0LCBwYXJhbXMganNvbmIsIGhlYWRlcnMganNvbmIsIHRpbWVvdXRfbWlsbGlzZWNvbmRzIGludGVnZXIpIFRPIHN1cGFiYXNlX2Z1bmN0aW9uc19hZG1pbiwgcG9zdGdyZXMsIGFub24sIGF1dGhlbnRpY2F0ZWQsIHNlcnZpY2Vfcm9sZTtcbiAgICBHUkFOVCBFWEVDVVRFIE9OIEZVTkNUSU9OIG5ldC5odHRwX3Bvc3QodXJsIHRleHQsIGJvZHkganNvbmIsIHBhcmFtcyBqc29uYiwgaGVhZGVycyBqc29uYiwgdGltZW91dF9taWxsaXNlY29uZHMgaW50ZWdlcikgVE8gc3VwYWJhc2VfZnVuY3Rpb25zX2FkbWluLCBwb3N0Z3JlcywgYW5vbiwgYXV0aGVudGljYXRlZCwgc2VydmljZV9yb2xlO1xuICBFTkQgSUY7XG5FTkQ7XG4kJDtcbkNPTU1FTlQgT04gRlVOQ1RJT04gZXh0ZW5zaW9ucy5ncmFudF9wZ19uZXRfYWNjZXNzIElTICdHcmFudHMgYWNjZXNzIHRvIHBnX25ldCc7XG5ET1xuJCRcbkJFR0lOXG4gIElGIE5PVCBFWElTVFMgKFxuICAgIFNFTEVDVCAxXG4gICAgRlJPTSBwZ19ldmVudF90cmlnZ2VyXG4gICAgV0hFUkUgZXZ0bmFtZSA9ICdpc3N1ZV9wZ19uZXRfYWNjZXNzJ1xuICApIFRIRU5cbiAgICBDUkVBVEUgRVZFTlQgVFJJR0dFUiBpc3N1ZV9wZ19uZXRfYWNjZXNzIE9OIGRkbF9jb21tYW5kX2VuZCBXSEVOIFRBRyBJTiAoJ0NSRUFURSBFWFRFTlNJT04nKVxuICAgIEVYRUNVVEUgUFJPQ0VEVVJFIGV4dGVuc2lvbnMuZ3JhbnRfcGdfbmV0X2FjY2VzcygpO1xuICBFTkQgSUY7XG5FTkRcbiQkO1xuSU5TRVJUIElOVE8gc3VwYWJhc2VfZnVuY3Rpb25zLm1pZ3JhdGlvbnMgKHZlcnNpb24pIFZBTFVFUyAoJzIwMjEwODA5MTgzNDIzX3VwZGF0ZV9ncmFudHMnKTtcbkFMVEVSIGZ1bmN0aW9uIHN1cGFiYXNlX2Z1bmN0aW9ucy5odHRwX3JlcXVlc3QoKSBTRUNVUklUWSBERUZJTkVSO1xuQUxURVIgZnVuY3Rpb24gc3VwYWJhc2VfZnVuY3Rpb25zLmh0dHBfcmVxdWVzdCgpIFNFVCBzZWFyY2hfcGF0aCA9IHN1cGFiYXNlX2Z1bmN0aW9ucztcblJFVk9LRSBBTEwgT04gRlVOQ1RJT04gc3VwYWJhc2VfZnVuY3Rpb25zLmh0dHBfcmVxdWVzdCgpIEZST00gUFVCTElDO1xuR1JBTlQgRVhFQ1VURSBPTiBGVU5DVElPTiBzdXBhYmFzZV9mdW5jdGlvbnMuaHR0cF9yZXF1ZXN0KCkgVE8gcG9zdGdyZXMsIGFub24sIGF1dGhlbnRpY2F0ZWQsIHNlcnZpY2Vfcm9sZTtcbkNPTU1JVDtcbiIKICAgICAgLQogICAgICAgIHR5cGU6IGJpbmQKICAgICAgICBzb3VyY2U6IC4vdm9sdW1lcy9kYi9yb2xlcy5zcWwKICAgICAgICB0YXJnZXQ6IC9kb2NrZXItZW50cnlwb2ludC1pbml0ZGIuZC9pbml0LXNjcmlwdHMvOTktcm9sZXMuc3FsCiAgICAgICAgY29udGVudDogIi0tIE5PVEU6IGNoYW5nZSB0byB5b3VyIG93biBwYXNzd29yZHMgZm9yIHByb2R1Y3Rpb24gZW52aXJvbm1lbnRzXG4gXFxzZXQgcGdwYXNzIGBlY2hvIFwiJFBPU1RHUkVTX1BBU1NXT1JEXCJgXG5cbiBBTFRFUiBVU0VSIGF1dGhlbnRpY2F0b3IgV0lUSCBQQVNTV09SRCA6J3BncGFzcyc7XG4gQUxURVIgVVNFUiBwZ2JvdW5jZXIgV0lUSCBQQVNTV09SRCA6J3BncGFzcyc7XG4gQUxURVIgVVNFUiBzdXBhYmFzZV9hdXRoX2FkbWluIFdJVEggUEFTU1dPUkQgOidwZ3Bhc3MnO1xuIEFMVEVSIFVTRVIgc3VwYWJhc2VfZnVuY3Rpb25zX2FkbWluIFdJVEggUEFTU1dPUkQgOidwZ3Bhc3MnO1xuIEFMVEVSIFVTRVIgc3VwYWJhc2Vfc3RvcmFnZV9hZG1pbiBXSVRIIFBBU1NXT1JEIDoncGdwYXNzJztcbiIKICAgICAgLQogICAgICAgIHR5cGU6IGJpbmQKICAgICAgICBzb3VyY2U6IC4vdm9sdW1lcy9kYi9qd3Quc3FsCiAgICAgICAgdGFyZ2V0OiAvZG9ja2VyLWVudHJ5cG9pbnQtaW5pdGRiLmQvaW5pdC1zY3JpcHRzLzk5LWp3dC5zcWwKICAgICAgICBjb250ZW50OiAiXFxzZXQgand0X3NlY3JldCBgZWNobyBcIiRKV1RfU0VDUkVUXCJgXG5cXHNldCBqd3RfZXhwIGBlY2hvIFwiJEpXVF9FWFBcImBcblxcc2V0IGRiX25hbWUgYGVjaG8gXCIke1BPU1RHUkVTX0RCOi1wb3N0Z3Jlc31cImBcblxuQUxURVIgREFUQUJBU0UgOmRiX25hbWUgU0VUIFwiYXBwLnNldHRpbmdzLmp3dF9zZWNyZXRcIiBUTyA6J2p3dF9zZWNyZXQnO1xuQUxURVIgREFUQUJBU0UgOmRiX25hbWUgU0VUIFwiYXBwLnNldHRpbmdzLmp3dF9leHBcIiBUTyA6J2p3dF9leHAnO1xuIgogICAgICAtCiAgICAgICAgdHlwZTogYmluZAogICAgICAgIHNvdXJjZTogLi92b2x1bWVzL2RiL2xvZ3Muc3FsCiAgICAgICAgdGFyZ2V0OiAvZG9ja2VyLWVudHJ5cG9pbnQtaW5pdGRiLmQvbWlncmF0aW9ucy85OS1sb2dzLnNxbAogICAgICAgIGNvbnRlbnQ6ICJcXHNldCBwZ3VzZXIgYGVjaG8gXCJzdXBhYmFzZV9hZG1pblwiYFxuXFxjIF9zdXBhYmFzZVxuY3JlYXRlIHNjaGVtYSBpZiBub3QgZXhpc3RzIF9hbmFseXRpY3M7XG5hbHRlciBzY2hlbWEgX2FuYWx5dGljcyBvd25lciB0byA6cGd1c2VyO1xuXFxjIHBvc3RncmVzXG4iCiAgICAgIC0gJ3N1cGFiYXNlLWRiLWNvbmZpZzovZXRjL3Bvc3RncmVzcWwtY3VzdG9tJwogIHN1cGFiYXNlLWFuYWx5dGljczoKICAgIGltYWdlOiAnc3VwYWJhc2UvbG9nZmxhcmU6MS40LjAnCiAgICBoZWFsdGhjaGVjazoKICAgICAgdGVzdDoKICAgICAgICAtIENNRAogICAgICAgIC0gY3VybAogICAgICAgIC0gJ2h0dHA6Ly8xMjcuMC4wLjE6NDAwMC9oZWFsdGgnCiAgICAgIHRpbWVvdXQ6IDVzCiAgICAgIGludGVydmFsOiA1cwogICAgICByZXRyaWVzOiAxMAogICAgZGVwZW5kc19vbjoKICAgICAgc3VwYWJhc2UtZGI6CiAgICAgICAgY29uZGl0aW9uOiBzZXJ2aWNlX2hlYWx0aHkKICAgIGVudmlyb25tZW50OgogICAgICAtIExPR0ZMQVJFX05PREVfSE9TVD0xMjcuMC4wLjEKICAgICAgLSBEQl9VU0VSTkFNRT1zdXBhYmFzZV9hZG1pbgogICAgICAtIERCX0RBVEFCQVNFPV9zdXBhYmFzZQogICAgICAtICdEQl9IT1NUTkFNRT0ke1BPU1RHUkVTX0hPU1ROQU1FOi1zdXBhYmFzZS1kYn0nCiAgICAgIC0gJ0RCX1BPUlQ9JHtQT1NUR1JFU19QT1JUOi01NDMyfScKICAgICAgLSAnREJfUEFTU1dPUkQ9JHtTRVJWSUNFX1BBU1NXT1JEX1BPU1RHUkVTfScKICAgICAgLSBEQl9TQ0hFTUE9X2FuYWx5dGljcwogICAgICAtICdMT0dGTEFSRV9BUElfS0VZPSR7U0VSVklDRV9QQVNTV09SRF9MT0dGTEFSRX0nCiAgICAgIC0gTE9HRkxBUkVfU0lOR0xFX1RFTkFOVD10cnVlCiAgICAgIC0gTE9HRkxBUkVfU0lOR0xFX1RFTkFOVF9NT0RFPXRydWUKICAgICAgLSBMT0dGTEFSRV9TVVBBQkFTRV9NT0RFPXRydWUKICAgICAgLSBMT0dGTEFSRV9NSU5fQ0xVU1RFUl9TSVpFPTEKICAgICAgLSAnUE9TVEdSRVNfQkFDS0VORF9VUkw9cG9zdGdyZXNxbDovL3N1cGFiYXNlX2FkbWluOiR7U0VSVklDRV9QQVNTV09SRF9QT1NUR1JFU31AJHtQT1NUR1JFU19IT1NUTkFNRTotc3VwYWJhc2UtZGJ9OiR7UE9TVEdSRVNfUE9SVDotNTQzMn0vX3N1cGFiYXNlJwogICAgICAtIFBPU1RHUkVTX0JBQ0tFTkRfU0NIRU1BPV9hbmFseXRpY3MKICAgICAgLSBMT0dGTEFSRV9GRUFUVVJFX0ZMQUdfT1ZFUlJJREU9bXVsdGliYWNrZW5kPXRydWUKICBzdXBhYmFzZS12ZWN0b3I6CiAgICBpbWFnZTogJ3RpbWJlcmlvL3ZlY3RvcjowLjI4LjEtYWxwaW5lJwogICAgaGVhbHRoY2hlY2s6CiAgICAgIHRlc3Q6CiAgICAgICAgLSBDTUQKICAgICAgICAtIHdnZXQKICAgICAgICAtICctLW5vLXZlcmJvc2UnCiAgICAgICAgLSAnLS10cmllcz0xJwogICAgICAgIC0gJy0tc3BpZGVyJwogICAgICAgIC0gJ2h0dHA6Ly9zdXBhYmFzZS12ZWN0b3I6OTAwMS9oZWFsdGgnCiAgICAgIHRpbWVvdXQ6IDVzCiAgICAgIGludGVydmFsOiA1cwogICAgICByZXRyaWVzOiAzCiAgICB2b2x1bWVzOgogICAgICAtCiAgICAgICAgdHlwZTogYmluZAogICAgICAgIHNvdXJjZTogLi92b2x1bWVzL2xvZ3MvdmVjdG9yLnltbAogICAgICAgIHRhcmdldDogL2V0Yy92ZWN0b3IvdmVjdG9yLnltbAogICAgICAgIHJlYWRfb25seTogdHJ1ZQogICAgICAgIGNvbnRlbnQ6ICJhcGk6XG4gIGVuYWJsZWQ6IHRydWVcbiAgYWRkcmVzczogMC4wLjAuMDo5MDAxXG5cbnNvdXJjZXM6XG4gIGRvY2tlcl9ob3N0OlxuICAgIHR5cGU6IGRvY2tlcl9sb2dzXG4gICAgZXhjbHVkZV9jb250YWluZXJzOlxuICAgICAgLSBzdXBhYmFzZS12ZWN0b3JcblxudHJhbnNmb3JtczpcbiAgcHJvamVjdF9sb2dzOlxuICAgIHR5cGU6IHJlbWFwXG4gICAgaW5wdXRzOlxuICAgICAgLSBkb2NrZXJfaG9zdFxuICAgIHNvdXJjZTogfC1cbiAgICAgIC5wcm9qZWN0ID0gXCJkZWZhdWx0XCJcbiAgICAgIC5ldmVudF9tZXNzYWdlID0gZGVsKC5tZXNzYWdlKVxuICAgICAgLmFwcG5hbWUgPSBkZWwoLmNvbnRhaW5lcl9uYW1lKVxuICAgICAgZGVsKC5jb250YWluZXJfY3JlYXRlZF9hdClcbiAgICAgIGRlbCguY29udGFpbmVyX2lkKVxuICAgICAgZGVsKC5zb3VyY2VfdHlwZSlcbiAgICAgIGRlbCguc3RyZWFtKVxuICAgICAgZGVsKC5sYWJlbClcbiAgICAgIGRlbCguaW1hZ2UpXG4gICAgICBkZWwoLmhvc3QpXG4gICAgICBkZWwoLnN0cmVhbSlcbiAgcm91dGVyOlxuICAgIHR5cGU6IHJvdXRlXG4gICAgaW5wdXRzOlxuICAgICAgLSBwcm9qZWN0X2xvZ3NcbiAgICByb3V0ZTpcbiAgICAgIGtvbmc6ICdzdGFydHNfd2l0aChzdHJpbmchKC5hcHBuYW1lKSwgXCJzdXBhYmFzZS1rb25nXCIpJ1xuICAgICAgYXV0aDogJ3N0YXJ0c193aXRoKHN0cmluZyEoLmFwcG5hbWUpLCBcInN1cGFiYXNlLWF1dGhcIiknXG4gICAgICByZXN0OiAnc3RhcnRzX3dpdGgoc3RyaW5nISguYXBwbmFtZSksIFwic3VwYWJhc2UtcmVzdFwiKSdcbiAgICAgIHJlYWx0aW1lOiAnc3RhcnRzX3dpdGgoc3RyaW5nISguYXBwbmFtZSksIFwicmVhbHRpbWUtZGV2XCIpJ1xuICAgICAgc3RvcmFnZTogJ3N0YXJ0c193aXRoKHN0cmluZyEoLmFwcG5hbWUpLCBcInN1cGFiYXNlLXN0b3JhZ2VcIiknXG4gICAgICBmdW5jdGlvbnM6ICdzdGFydHNfd2l0aChzdHJpbmchKC5hcHBuYW1lKSwgXCJzdXBhYmFzZS1mdW5jdGlvbnNcIiknXG4gICAgICBkYjogJ3N0YXJ0c193aXRoKHN0cmluZyEoLmFwcG5hbWUpLCBcInN1cGFiYXNlLWRiXCIpJ1xuICAjIElnbm9yZXMgbm9uIG5naW54IGVycm9ycyBzaW5jZSB0aGV5IGFyZSByZWxhdGVkIHdpdGgga29uZyBib290aW5nIHVwXG4gIGtvbmdfbG9nczpcbiAgICB0eXBlOiByZW1hcFxuICAgIGlucHV0czpcbiAgICAgIC0gcm91dGVyLmtvbmdcbiAgICBzb3VyY2U6IHwtXG4gICAgICByZXEsIGVyciA9IHBhcnNlX25naW54X2xvZyguZXZlbnRfbWVzc2FnZSwgXCJjb21iaW5lZFwiKVxuICAgICAgaWYgZXJyID09IG51bGwge1xuICAgICAgICAgIC50aW1lc3RhbXAgPSByZXEudGltZXN0YW1wXG4gICAgICAgICAgLm1ldGFkYXRhLnJlcXVlc3QuaGVhZGVycy5yZWZlcmVyID0gcmVxLnJlZmVyZXJcbiAgICAgICAgICAubWV0YWRhdGEucmVxdWVzdC5oZWFkZXJzLnVzZXJfYWdlbnQgPSByZXEuYWdlbnRcbiAgICAgICAgICAubWV0YWRhdGEucmVxdWVzdC5oZWFkZXJzLmNmX2Nvbm5lY3RpbmdfaXAgPSByZXEuY2xpZW50XG4gICAgICAgICAgLm1ldGFkYXRhLnJlcXVlc3QubWV0aG9kID0gcmVxLm1ldGhvZFxuICAgICAgICAgIC5tZXRhZGF0YS5yZXF1ZXN0LnBhdGggPSByZXEucGF0aFxuICAgICAgICAgIC5tZXRhZGF0YS5yZXF1ZXN0LnByb3RvY29sID0gcmVxLnByb3RvY29sXG4gICAgICAgICAgLm1ldGFkYXRhLnJlc3BvbnNlLnN0YXR1c19jb2RlID0gcmVxLnN0YXR1c1xuICAgICAgfVxuICAgICAgaWYgZXJyICE9IG51bGwge1xuICAgICAgICBhYm9ydFxuICAgICAgfVxuICAjIElnbm9yZXMgbm9uIG5naW54IGVycm9ycyBzaW5jZSB0aGV5IGFyZSByZWxhdGVkIHdpdGgga29uZyBib290aW5nIHVwXG4gIGtvbmdfZXJyOlxuICAgIHR5cGU6IHJlbWFwXG4gICAgaW5wdXRzOlxuICAgICAgLSByb3V0ZXIua29uZ1xuICAgIHNvdXJjZTogfC1cbiAgICAgIC5tZXRhZGF0YS5yZXF1ZXN0Lm1ldGhvZCA9IFwiR0VUXCJcbiAgICAgIC5tZXRhZGF0YS5yZXNwb25zZS5zdGF0dXNfY29kZSA9IDIwMFxuICAgICAgcGFyc2VkLCBlcnIgPSBwYXJzZV9uZ2lueF9sb2coLmV2ZW50X21lc3NhZ2UsIFwiZXJyb3JcIilcbiAgICAgIGlmIGVyciA9PSBudWxsIHtcbiAgICAgICAgICAudGltZXN0YW1wID0gcGFyc2VkLnRpbWVzdGFtcFxuICAgICAgICAgIC5zZXZlcml0eSA9IHBhcnNlZC5zZXZlcml0eVxuICAgICAgICAgIC5tZXRhZGF0YS5yZXF1ZXN0Lmhvc3QgPSBwYXJzZWQuaG9zdFxuICAgICAgICAgIC5tZXRhZGF0YS5yZXF1ZXN0LmhlYWRlcnMuY2ZfY29ubmVjdGluZ19pcCA9IHBhcnNlZC5jbGllbnRcbiAgICAgICAgICB1cmwsIGVyciA9IHNwbGl0KHBhcnNlZC5yZXF1ZXN0LCBcIiBcIilcbiAgICAgICAgICBpZiBlcnIgPT0gbnVsbCB7XG4gICAgICAgICAgICAgIC5tZXRhZGF0YS5yZXF1ZXN0Lm1ldGhvZCA9IHVybFswXVxuICAgICAgICAgICAgICAubWV0YWRhdGEucmVxdWVzdC5wYXRoID0gdXJsWzFdXG4gICAgICAgICAgICAgIC5tZXRhZGF0YS5yZXF1ZXN0LnByb3RvY29sID0gdXJsWzJdXG4gICAgICAgICAgfVxuICAgICAgfVxuICAgICAgaWYgZXJyICE9IG51bGwge1xuICAgICAgICBhYm9ydFxuICAgICAgfVxuICAjIEdvdHJ1ZSBsb2dzIGFyZSBzdHJ1Y3R1cmVkIGpzb24gc3RyaW5ncyB3aGljaCBmcm9udGVuZCBwYXJzZXMgZGlyZWN0bHkuIEJ1dCB3ZSBrZWVwIG1ldGFkYXRhIGZvciBjb25zaXN0ZW5jeS5cbiAgYXV0aF9sb2dzOlxuICAgIHR5cGU6IHJlbWFwXG4gICAgaW5wdXRzOlxuICAgICAgLSByb3V0ZXIuYXV0aFxuICAgIHNvdXJjZTogfC1cbiAgICAgIHBhcnNlZCwgZXJyID0gcGFyc2VfanNvbiguZXZlbnRfbWVzc2FnZSlcbiAgICAgIGlmIGVyciA9PSBudWxsIHtcbiAgICAgICAgICAubWV0YWRhdGEudGltZXN0YW1wID0gcGFyc2VkLnRpbWVcbiAgICAgICAgICAubWV0YWRhdGEgPSBtZXJnZSEoLm1ldGFkYXRhLCBwYXJzZWQpXG4gICAgICB9XG4gICMgUG9zdGdSRVNUIGxvZ3MgYXJlIHN0cnVjdHVyZWQgc28gd2Ugc2VwYXJhdGUgdGltZXN0YW1wIGZyb20gbWVzc2FnZSB1c2luZyByZWdleFxuICByZXN0X2xvZ3M6XG4gICAgdHlwZTogcmVtYXBcbiAgICBpbnB1dHM6XG4gICAgICAtIHJvdXRlci5yZXN0XG4gICAgc291cmNlOiB8LVxuICAgICAgcGFyc2VkLCBlcnIgPSBwYXJzZV9yZWdleCguZXZlbnRfbWVzc2FnZSwgcideKD9QPHRpbWU+LiopOiAoP1A8bXNnPi4qKSQnKVxuICAgICAgaWYgZXJyID09IG51bGwge1xuICAgICAgICAgIC5ldmVudF9tZXNzYWdlID0gcGFyc2VkLm1zZ1xuICAgICAgICAgIC50aW1lc3RhbXAgPSB0b190aW1lc3RhbXAhKHBhcnNlZC50aW1lKVxuICAgICAgICAgIC5tZXRhZGF0YS5ob3N0ID0gLnByb2plY3RcbiAgICAgIH1cbiAgIyBSZWFsdGltZSBsb2dzIGFyZSBzdHJ1Y3R1cmVkIHNvIHdlIHBhcnNlIHRoZSBzZXZlcml0eSBsZXZlbCB1c2luZyByZWdleCAoaWdub3JlIHRpbWUgYmVjYXVzZSBpdCBoYXMgbm8gZGF0ZSlcbiAgcmVhbHRpbWVfbG9nczpcbiAgICB0eXBlOiByZW1hcFxuICAgIGlucHV0czpcbiAgICAgIC0gcm91dGVyLnJlYWx0aW1lXG4gICAgc291cmNlOiB8LVxuICAgICAgLm1ldGFkYXRhLnByb2plY3QgPSBkZWwoLnByb2plY3QpXG4gICAgICAubWV0YWRhdGEuZXh0ZXJuYWxfaWQgPSAubWV0YWRhdGEucHJvamVjdFxuICAgICAgcGFyc2VkLCBlcnIgPSBwYXJzZV9yZWdleCguZXZlbnRfbWVzc2FnZSwgcideKD9QPHRpbWU+XFxkKzpcXGQrOlxcZCtcXC5cXGQrKSBcXFsoP1A8bGV2ZWw+XFx3KylcXF0gKD9QPG1zZz4uKikkJylcbiAgICAgIGlmIGVyciA9PSBudWxsIHtcbiAgICAgICAgICAuZXZlbnRfbWVzc2FnZSA9IHBhcnNlZC5tc2dcbiAgICAgICAgICAubWV0YWRhdGEubGV2ZWwgPSBwYXJzZWQubGV2ZWxcbiAgICAgIH1cbiAgIyBTdG9yYWdlIGxvZ3MgbWF5IGNvbnRhaW4ganNvbiBvYmplY3RzIHNvIHdlIHBhcnNlIHRoZW0gZm9yIGNvbXBsZXRlbmVzc1xuICBzdG9yYWdlX2xvZ3M6XG4gICAgdHlwZTogcmVtYXBcbiAgICBpbnB1dHM6XG4gICAgICAtIHJvdXRlci5zdG9yYWdlXG4gICAgc291cmNlOiB8LVxuICAgICAgLm1ldGFkYXRhLnByb2plY3QgPSBkZWwoLnByb2plY3QpXG4gICAgICAubWV0YWRhdGEudGVuYW50SWQgPSAubWV0YWRhdGEucHJvamVjdFxuICAgICAgcGFyc2VkLCBlcnIgPSBwYXJzZV9qc29uKC5ldmVudF9tZXNzYWdlKVxuICAgICAgaWYgZXJyID09IG51bGwge1xuICAgICAgICAgIC5ldmVudF9tZXNzYWdlID0gcGFyc2VkLm1zZ1xuICAgICAgICAgIC5tZXRhZGF0YS5sZXZlbCA9IHBhcnNlZC5sZXZlbFxuICAgICAgICAgIC5tZXRhZGF0YS50aW1lc3RhbXAgPSBwYXJzZWQudGltZVxuICAgICAgICAgIC5tZXRhZGF0YS5jb250ZXh0WzBdLmhvc3QgPSBwYXJzZWQuaG9zdG5hbWVcbiAgICAgICAgICAubWV0YWRhdGEuY29udGV4dFswXS5waWQgPSBwYXJzZWQucGlkXG4gICAgICB9XG4gICMgUG9zdGdyZXMgbG9ncyBzb21lIG1lc3NhZ2VzIHRvIHN0ZGVyciB3aGljaCB3ZSBtYXAgdG8gd2FybmluZyBzZXZlcml0eSBsZXZlbFxuICBkYl9sb2dzOlxuICAgIHR5cGU6IHJlbWFwXG4gICAgaW5wdXRzOlxuICAgICAgLSByb3V0ZXIuZGJcbiAgICBzb3VyY2U6IHwtXG4gICAgICAubWV0YWRhdGEuaG9zdCA9IFwiZGItZGVmYXVsdFwiXG4gICAgICAubWV0YWRhdGEucGFyc2VkLnRpbWVzdGFtcCA9IC50aW1lc3RhbXBcblxuICAgICAgcGFyc2VkLCBlcnIgPSBwYXJzZV9yZWdleCguZXZlbnRfbWVzc2FnZSwgcicuKig/UDxsZXZlbD5JTkZPfE5PVElDRXxXQVJOSU5HfEVSUk9SfExPR3xGQVRBTHxQQU5JQz8pOi4qJywgbnVtZXJpY19ncm91cHM6IHRydWUpXG5cbiAgICAgIGlmIGVyciAhPSBudWxsIHx8IHBhcnNlZCA9PSBudWxsIHtcbiAgICAgICAgLm1ldGFkYXRhLnBhcnNlZC5lcnJvcl9zZXZlcml0eSA9IFwiaW5mb1wiXG4gICAgICB9XG4gICAgICBpZiBwYXJzZWQgIT0gbnVsbCB7XG4gICAgICAubWV0YWRhdGEucGFyc2VkLmVycm9yX3NldmVyaXR5ID0gcGFyc2VkLmxldmVsXG4gICAgICB9XG4gICAgICBpZiAubWV0YWRhdGEucGFyc2VkLmVycm9yX3NldmVyaXR5ID09IFwiaW5mb1wiIHtcbiAgICAgICAgICAubWV0YWRhdGEucGFyc2VkLmVycm9yX3NldmVyaXR5ID0gXCJsb2dcIlxuICAgICAgfVxuICAgICAgLm1ldGFkYXRhLnBhcnNlZC5lcnJvcl9zZXZlcml0eSA9IHVwY2FzZSEoLm1ldGFkYXRhLnBhcnNlZC5lcnJvcl9zZXZlcml0eSlcblxuc2lua3M6XG4gIGxvZ2ZsYXJlX2F1dGg6XG4gICAgdHlwZTogJ2h0dHAnXG4gICAgaW5wdXRzOlxuICAgICAgLSBhdXRoX2xvZ3NcbiAgICBlbmNvZGluZzpcbiAgICAgIGNvZGVjOiAnanNvbidcbiAgICBtZXRob2Q6ICdwb3N0J1xuICAgIHJlcXVlc3Q6XG4gICAgICByZXRyeV9tYXhfZHVyYXRpb25fc2VjczogMTBcbiAgICB1cmk6ICdodHRwOi8vc3VwYWJhc2UtYW5hbHl0aWNzOjQwMDAvYXBpL2xvZ3M/c291cmNlX25hbWU9Z290cnVlLmxvZ3MucHJvZCZhcGlfa2V5PSR7TE9HRkxBUkVfQVBJX0tFWT9MT0dGTEFSRV9BUElfS0VZIGlzIHJlcXVpcmVkfSdcbiAgbG9nZmxhcmVfcmVhbHRpbWU6XG4gICAgdHlwZTogJ2h0dHAnXG4gICAgaW5wdXRzOlxuICAgICAgLSByZWFsdGltZV9sb2dzXG4gICAgZW5jb2Rpbmc6XG4gICAgICBjb2RlYzogJ2pzb24nXG4gICAgbWV0aG9kOiAncG9zdCdcbiAgICByZXF1ZXN0OlxuICAgICAgcmV0cnlfbWF4X2R1cmF0aW9uX3NlY3M6IDEwXG4gICAgdXJpOiAnaHR0cDovL3N1cGFiYXNlLWFuYWx5dGljczo0MDAwL2FwaS9sb2dzP3NvdXJjZV9uYW1lPXJlYWx0aW1lLmxvZ3MucHJvZCZhcGlfa2V5PSR7TE9HRkxBUkVfQVBJX0tFWT9MT0dGTEFSRV9BUElfS0VZIGlzIHJlcXVpcmVkfSdcbiAgbG9nZmxhcmVfcmVzdDpcbiAgICB0eXBlOiAnaHR0cCdcbiAgICBpbnB1dHM6XG4gICAgICAtIHJlc3RfbG9nc1xuICAgIGVuY29kaW5nOlxuICAgICAgY29kZWM6ICdqc29uJ1xuICAgIG1ldGhvZDogJ3Bvc3QnXG4gICAgcmVxdWVzdDpcbiAgICAgIHJldHJ5X21heF9kdXJhdGlvbl9zZWNzOiAxMFxuICAgIHVyaTogJ2h0dHA6Ly9zdXBhYmFzZS1hbmFseXRpY3M6NDAwMC9hcGkvbG9ncz9zb3VyY2VfbmFtZT1wb3N0Z1JFU1QubG9ncy5wcm9kJmFwaV9rZXk9JHtMT0dGTEFSRV9BUElfS0VZP0xPR0ZMQVJFX0FQSV9LRVkgaXMgcmVxdWlyZWR9J1xuICBsb2dmbGFyZV9kYjpcbiAgICB0eXBlOiAnaHR0cCdcbiAgICBpbnB1dHM6XG4gICAgICAtIGRiX2xvZ3NcbiAgICBlbmNvZGluZzpcbiAgICAgIGNvZGVjOiAnanNvbidcbiAgICBtZXRob2Q6ICdwb3N0J1xuICAgIHJlcXVlc3Q6XG4gICAgICByZXRyeV9tYXhfZHVyYXRpb25fc2VjczogMTBcbiAgICAjIFdlIG11c3Qgcm91dGUgdGhlIHNpbmsgdGhyb3VnaCBrb25nIGJlY2F1c2UgaW5nZXN0aW5nIGxvZ3MgYmVmb3JlIGxvZ2ZsYXJlIGlzIGZ1bGx5IGluaXRpYWxpc2VkIHdpbGxcbiAgICAjIGxlYWQgdG8gYnJva2VuIHF1ZXJpZXMgZnJvbSBzdHVkaW8uIFRoaXMgd29ya3MgYnkgdGhlIGFzc3VtcHRpb24gdGhhdCBjb250YWluZXJzIGFyZSBzdGFydGVkIGluIHRoZVxuICAgICMgZm9sbG93aW5nIG9yZGVyOiB2ZWN0b3IgPiBkYiA+IGxvZ2ZsYXJlID4ga29uZ1xuICAgIHVyaTogJ2h0dHA6Ly9zdXBhYmFzZS1rb25nOjgwMDAvYW5hbHl0aWNzL3YxL2FwaS9sb2dzP3NvdXJjZV9uYW1lPXBvc3RncmVzLmxvZ3MmYXBpX2tleT0ke0xPR0ZMQVJFX0FQSV9LRVk/TE9HRkxBUkVfQVBJX0tFWSBpcyByZXF1aXJlZH0nXG4gIGxvZ2ZsYXJlX2Z1bmN0aW9uczpcbiAgICB0eXBlOiAnaHR0cCdcbiAgICBpbnB1dHM6XG4gICAgICAtIHJvdXRlci5mdW5jdGlvbnNcbiAgICBlbmNvZGluZzpcbiAgICAgIGNvZGVjOiAnanNvbidcbiAgICBtZXRob2Q6ICdwb3N0J1xuICAgIHJlcXVlc3Q6XG4gICAgICByZXRyeV9tYXhfZHVyYXRpb25fc2VjczogMTBcbiAgICB1cmk6ICdodHRwOi8vc3VwYWJhc2UtYW5hbHl0aWNzOjQwMDAvYXBpL2xvZ3M/c291cmNlX25hbWU9ZGVuby1yZWxheS1sb2dzJmFwaV9rZXk9JHtMT0dGTEFSRV9BUElfS0VZP0xPR0ZMQVJFX0FQSV9LRVkgaXMgcmVxdWlyZWR9J1xuICBsb2dmbGFyZV9zdG9yYWdlOlxuICAgIHR5cGU6ICdodHRwJ1xuICAgIGlucHV0czpcbiAgICAgIC0gc3RvcmFnZV9sb2dzXG4gICAgZW5jb2Rpbmc6XG4gICAgICBjb2RlYzogJ2pzb24nXG4gICAgbWV0aG9kOiAncG9zdCdcbiAgICByZXF1ZXN0OlxuICAgICAgcmV0cnlfbWF4X2R1cmF0aW9uX3NlY3M6IDEwXG4gICAgdXJpOiAnaHR0cDovL3N1cGFiYXNlLWFuYWx5dGljczo0MDAwL2FwaS9sb2dzP3NvdXJjZV9uYW1lPXN0b3JhZ2UubG9ncy5wcm9kLjImYXBpX2tleT0ke0xPR0ZMQVJFX0FQSV9LRVk/TE9HRkxBUkVfQVBJX0tFWSBpcyByZXF1aXJlZH0nXG4gIGxvZ2ZsYXJlX2tvbmc6XG4gICAgdHlwZTogJ2h0dHAnXG4gICAgaW5wdXRzOlxuICAgICAgLSBrb25nX2xvZ3NcbiAgICAgIC0ga29uZ19lcnJcbiAgICBlbmNvZGluZzpcbiAgICAgIGNvZGVjOiAnanNvbidcbiAgICBtZXRob2Q6ICdwb3N0J1xuICAgIHJlcXVlc3Q6XG4gICAgICByZXRyeV9tYXhfZHVyYXRpb25fc2VjczogMTBcbiAgICB1cmk6ICdodHRwOi8vc3VwYWJhc2UtYW5hbHl0aWNzOjQwMDAvYXBpL2xvZ3M/c291cmNlX25hbWU9Y2xvdWRmbGFyZS5sb2dzLnByb2QmYXBpX2tleT0ke0xPR0ZMQVJFX0FQSV9LRVk/TE9HRkxBUkVfQVBJX0tFWSBpcyByZXF1aXJlZH0nXG4iCiAgICAgIC0gJy92YXIvcnVuL2RvY2tlci5zb2NrOi92YXIvcnVuL2RvY2tlci5zb2NrOnJvJwogICAgZW52aXJvbm1lbnQ6CiAgICAgIC0gJ0xPR0ZMQVJFX0FQSV9LRVk9JHtTRVJWSUNFX1BBU1NXT1JEX0xPR0ZMQVJFfScKICAgIGNvbW1hbmQ6CiAgICAgIC0gJy0tY29uZmlnJwogICAgICAtIGV0Yy92ZWN0b3IvdmVjdG9yLnltbAogIHN1cGFiYXNlLXJlc3Q6CiAgICBpbWFnZTogJ3Bvc3RncmVzdC9wb3N0Z3Jlc3Q6djEyLjIuMCcKICAgIGRlcGVuZHNfb246CiAgICAgIHN1cGFiYXNlLWRiOgogICAgICAgIGNvbmRpdGlvbjogc2VydmljZV9oZWFsdGh5CiAgICAgIHN1cGFiYXNlLWFuYWx5dGljczoKICAgICAgICBjb25kaXRpb246IHNlcnZpY2VfaGVhbHRoeQogICAgZW52aXJvbm1lbnQ6CiAgICAgIC0gJ1BHUlNUX0RCX1VSST1wb3N0Z3JlczovL2F1dGhlbnRpY2F0b3I6JHtTRVJWSUNFX1BBU1NXT1JEX1BPU1RHUkVTfUAke1BPU1RHUkVTX0hPU1ROQU1FOi1zdXBhYmFzZS1kYn06JHtQT1NUR1JFU19QT1JUOi01NDMyfS8ke1BPU1RHUkVTX0RCOi1wb3N0Z3Jlc30nCiAgICAgIC0gJ1BHUlNUX0RCX1NDSEVNQVM9JHtQR1JTVF9EQl9TQ0hFTUFTOi1wdWJsaWMsc3RvcmFnZSxncmFwaHFsX3B1YmxpY30nCiAgICAgIC0gUEdSU1RfREJfQU5PTl9ST0xFPWFub24KICAgICAgLSAnUEdSU1RfSldUX1NFQ1JFVD0ke1NFUlZJQ0VfUEFTU1dPUkRfSldUfScKICAgICAgLSBQR1JTVF9EQl9VU0VfTEVHQUNZX0dVQ1M9ZmFsc2UKICAgICAgLSAnUEdSU1RfQVBQX1NFVFRJTkdTX0pXVF9TRUNSRVQ9JHtTRVJWSUNFX1BBU1NXT1JEX0pXVH0nCiAgICAgIC0gJ1BHUlNUX0FQUF9TRVRUSU5HU19KV1RfRVhQPSR7SldUX0VYUElSWTotMzYwMH0nCiAgICBjb21tYW5kOiBwb3N0Z3Jlc3QKICAgIGV4Y2x1ZGVfZnJvbV9oYzogdHJ1ZQogIHN1cGFiYXNlLWF1dGg6CiAgICBpbWFnZTogJ3N1cGFiYXNlL2dvdHJ1ZTp2Mi4xNjQuMCcKICAgIGRlcGVuZHNfb246CiAgICAgIHN1cGFiYXNlLWRiOgogICAgICAgIGNvbmRpdGlvbjogc2VydmljZV9oZWFsdGh5CiAgICAgIHN1cGFiYXNlLWFuYWx5dGljczoKICAgICAgICBjb25kaXRpb246IHNlcnZpY2VfaGVhbHRoeQogICAgaGVhbHRoY2hlY2s6CiAgICAgIHRlc3Q6CiAgICAgICAgLSBDTUQKICAgICAgICAtIHdnZXQKICAgICAgICAtICctLW5vLXZlcmJvc2UnCiAgICAgICAgLSAnLS10cmllcz0xJwogICAgICAgIC0gJy0tc3BpZGVyJwogICAgICAgIC0gJ2h0dHA6Ly8xMjcuMC4wLjE6OTk5OS9oZWFsdGgnCiAgICAgIHRpbWVvdXQ6IDVzCiAgICAgIGludGVydmFsOiA1cwogICAgICByZXRyaWVzOiAzCiAgICBlbnZpcm9ubWVudDoKICAgICAgLSBHT1RSVUVfQVBJX0hPU1Q9MC4wLjAuMAogICAgICAtIEdPVFJVRV9BUElfUE9SVD05OTk5CiAgICAgIC0gJ0FQSV9FWFRFUk5BTF9VUkw9JHtBUElfRVhURVJOQUxfVVJMOi1odHRwOi8vc3VwYWJhc2Uta29uZzo4MDAwfScKICAgICAgLSBHT1RSVUVfREJfRFJJVkVSPXBvc3RncmVzCiAgICAgIC0gJ0dPVFJVRV9EQl9EQVRBQkFTRV9VUkw9cG9zdGdyZXM6Ly9zdXBhYmFzZV9hdXRoX2FkbWluOiR7U0VSVklDRV9QQVNTV09SRF9QT1NUR1JFU31AJHtQT1NUR1JFU19IT1NUTkFNRTotc3VwYWJhc2UtZGJ9OiR7UE9TVEdSRVNfUE9SVDotNTQzMn0vJHtQT1NUR1JFU19EQjotcG9zdGdyZXN9JwogICAgICAtICdHT1RSVUVfU0lURV9VUkw9JHtTRVJWSUNFX0ZRRE5fU1VQQUJBU0VLT05HfScKICAgICAgLSAnR09UUlVFX1VSSV9BTExPV19MSVNUPSR7QURESVRJT05BTF9SRURJUkVDVF9VUkxTfScKICAgICAgLSAnR09UUlVFX0RJU0FCTEVfU0lHTlVQPSR7RElTQUJMRV9TSUdOVVA6LWZhbHNlfScKICAgICAgLSBHT1RSVUVfSldUX0FETUlOX1JPTEVTPXNlcnZpY2Vfcm9sZQogICAgICAtIEdPVFJVRV9KV1RfQVVEPWF1dGhlbnRpY2F0ZWQKICAgICAgLSBHT1RSVUVfSldUX0RFRkFVTFRfR1JPVVBfTkFNRT1hdXRoZW50aWNhdGVkCiAgICAgIC0gJ0dPVFJVRV9KV1RfRVhQPSR7SldUX0VYUElSWTotMzYwMH0nCiAgICAgIC0gJ0dPVFJVRV9KV1RfU0VDUkVUPSR7U0VSVklDRV9QQVNTV09SRF9KV1R9JwogICAgICAtICdHT1RSVUVfRVhURVJOQUxfRU1BSUxfRU5BQkxFRD0ke0VOQUJMRV9FTUFJTF9TSUdOVVA6LXRydWV9JwogICAgICAtICdHT1RSVUVfRVhURVJOQUxfQU5PTllNT1VTX1VTRVJTX0VOQUJMRUQ9JHtFTkFCTEVfQU5PTllNT1VTX1VTRVJTOi1mYWxzZX0nCiAgICAgIC0gJ0dPVFJVRV9NQUlMRVJfQVVUT0NPTkZJUk09JHtFTkFCTEVfRU1BSUxfQVVUT0NPTkZJUk06LWZhbHNlfScKICAgICAgLSAnR09UUlVFX1NNVFBfQURNSU5fRU1BSUw9JHtTTVRQX0FETUlOX0VNQUlMfScKICAgICAgLSAnR09UUlVFX1NNVFBfSE9TVD0ke1NNVFBfSE9TVH0nCiAgICAgIC0gJ0dPVFJVRV9TTVRQX1BPUlQ9JHtTTVRQX1BPUlQ6LTU4N30nCiAgICAgIC0gJ0dPVFJVRV9TTVRQX1VTRVI9JHtTTVRQX1VTRVJ9JwogICAgICAtICdHT1RSVUVfU01UUF9QQVNTPSR7U01UUF9QQVNTfScKICAgICAgLSAnR09UUlVFX1NNVFBfU0VOREVSX05BTUU9JHtTTVRQX1NFTkRFUl9OQU1FfScKICAgICAgLSAnR09UUlVFX01BSUxFUl9VUkxQQVRIU19JTlZJVEU9JHtNQUlMRVJfVVJMUEFUSFNfSU5WSVRFOi0vYXV0aC92MS92ZXJpZnl9JwogICAgICAtICdHT1RSVUVfTUFJTEVSX1VSTFBBVEhTX0NPTkZJUk1BVElPTj0ke01BSUxFUl9VUkxQQVRIU19DT05GSVJNQVRJT046LS9hdXRoL3YxL3ZlcmlmeX0nCiAgICAgIC0gJ0dPVFJVRV9NQUlMRVJfVVJMUEFUSFNfUkVDT1ZFUlk9JHtNQUlMRVJfVVJMUEFUSFNfUkVDT1ZFUlk6LS9hdXRoL3YxL3ZlcmlmeX0nCiAgICAgIC0gJ0dPVFJVRV9NQUlMRVJfVVJMUEFUSFNfRU1BSUxfQ0hBTkdFPSR7TUFJTEVSX1VSTFBBVEhTX0VNQUlMX0NIQU5HRTotL2F1dGgvdjEvdmVyaWZ5fScKICAgICAgLSAnR09UUlVFX01BSUxFUl9URU1QTEFURVNfSU5WSVRFPSR7TUFJTEVSX1RFTVBMQVRFU19JTlZJVEV9JwogICAgICAtICdHT1RSVUVfTUFJTEVSX1RFTVBMQVRFU19DT05GSVJNQVRJT049JHtNQUlMRVJfVEVNUExBVEVTX0NPTkZJUk1BVElPTn0nCiAgICAgIC0gJ0dPVFJVRV9NQUlMRVJfVEVNUExBVEVTX1JFQ09WRVJZPSR7TUFJTEVSX1RFTVBMQVRFU19SRUNPVkVSWX0nCiAgICAgIC0gJ0dPVFJVRV9NQUlMRVJfVEVNUExBVEVTX01BR0lDX0xJTks9JHtNQUlMRVJfVEVNUExBVEVTX01BR0lDX0xJTkt9JwogICAgICAtICdHT1RSVUVfTUFJTEVSX1RFTVBMQVRFU19FTUFJTF9DSEFOR0U9JHtNQUlMRVJfVEVNUExBVEVTX0VNQUlMX0NIQU5HRX0nCiAgICAgIC0gJ0dPVFJVRV9NQUlMRVJfU1VCSkVDVFNfQ09ORklSTUFUSU9OPSR7TUFJTEVSX1NVQkpFQ1RTX0NPTkZJUk1BVElPTn0nCiAgICAgIC0gJ0dPVFJVRV9NQUlMRVJfU1VCSkVDVFNfUkVDT1ZFUlk9JHtNQUlMRVJfU1VCSkVDVFNfUkVDT1ZFUll9JwogICAgICAtICdHT1RSVUVfTUFJTEVSX1NVQkpFQ1RTX01BR0lDX0xJTks9JHtNQUlMRVJfU1VCSkVDVFNfTUFHSUNfTElOS30nCiAgICAgIC0gJ0dPVFJVRV9NQUlMRVJfU1VCSkVDVFNfRU1BSUxfQ0hBTkdFPSR7TUFJTEVSX1NVQkpFQ1RTX0VNQUlMX0NIQU5HRX0nCiAgICAgIC0gJ0dPVFJVRV9NQUlMRVJfU1VCSkVDVFNfSU5WSVRFPSR7TUFJTEVSX1NVQkpFQ1RTX0lOVklURX0nCiAgICAgIC0gJ0dPVFJVRV9FWFRFUk5BTF9QSE9ORV9FTkFCTEVEPSR7RU5BQkxFX1BIT05FX1NJR05VUDotdHJ1ZX0nCiAgICAgIC0gJ0dPVFJVRV9TTVNfQVVUT0NPTkZJUk09JHtFTkFCTEVfUEhPTkVfQVVUT0NPTkZJUk06LXRydWV9JwogIHJlYWx0aW1lLWRldjoKICAgIGltYWdlOiAnc3VwYWJhc2UvcmVhbHRpbWU6djIuMzMuNzAnCiAgICBjb250YWluZXJfbmFtZTogcmVhbHRpbWUtZGV2LnN1cGFiYXNlLXJlYWx0aW1lCiAgICBkZXBlbmRzX29uOgogICAgICBzdXBhYmFzZS1kYjoKICAgICAgICBjb25kaXRpb246IHNlcnZpY2VfaGVhbHRoeQogICAgICBzdXBhYmFzZS1hbmFseXRpY3M6CiAgICAgICAgY29uZGl0aW9uOiBzZXJ2aWNlX2hlYWx0aHkKICAgIGhlYWx0aGNoZWNrOgogICAgICB0ZXN0OgogICAgICAgIC0gQ01ECiAgICAgICAgLSBjdXJsCiAgICAgICAgLSAnLXNTZkwnCiAgICAgICAgLSAnLS1oZWFkJwogICAgICAgIC0gJy1vJwogICAgICAgIC0gL2Rldi9udWxsCiAgICAgICAgLSAnLUgnCiAgICAgICAgLSAnQXV0aG9yaXphdGlvbjogQmVhcmVyICR7U0VSVklDRV9TVVBBQkFTRUFOT05fS0VZfScKICAgICAgICAtICdodHRwOi8vMTI3LjAuMC4xOjQwMDAvYXBpL3RlbmFudHMvcmVhbHRpbWUtZGV2L2hlYWx0aCcKICAgICAgdGltZW91dDogNXMKICAgICAgaW50ZXJ2YWw6IDVzCiAgICAgIHJldHJpZXM6IDMKICAgIGVudmlyb25tZW50OgogICAgICAtIFBPUlQ9NDAwMAogICAgICAtICdEQl9IT1NUPSR7UE9TVEdSRVNfSE9TVE5BTUU6LXN1cGFiYXNlLWRifScKICAgICAgLSAnREJfUE9SVD0ke1BPU1RHUkVTX1BPUlQ6LTU0MzJ9JwogICAgICAtIERCX1VTRVI9c3VwYWJhc2VfYWRtaW4KICAgICAgLSAnREJfUEFTU1dPUkQ9JHtTRVJWSUNFX1BBU1NXT1JEX1BPU1RHUkVTfScKICAgICAgLSAnREJfTkFNRT0ke1BPU1RHUkVTX0RCOi1wb3N0Z3Jlc30nCiAgICAgIC0gJ0RCX0FGVEVSX0NPTk5FQ1RfUVVFUlk9U0VUIHNlYXJjaF9wYXRoIFRPIF9yZWFsdGltZScKICAgICAgLSBEQl9FTkNfS0VZPXN1cGFiYXNlcmVhbHRpbWUKICAgICAgLSAnQVBJX0pXVF9TRUNSRVQ9JHtTRVJWSUNFX1BBU1NXT1JEX0pXVH0nCiAgICAgIC0gRkxZX0FMTE9DX0lEPWZseTEyMwogICAgICAtIEZMWV9BUFBfTkFNRT1yZWFsdGltZQogICAgICAtICdTRUNSRVRfS0VZX0JBU0U9JHtTRUNSRVRfUEFTU1dPUkRfUkVBTFRJTUV9JwogICAgICAtICdFUkxfQUZMQUdTPS1wcm90b19kaXN0IGluZXRfdGNwJwogICAgICAtIEVOQUJMRV9UQUlMU0NBTEU9ZmFsc2UKICAgICAgLSAiRE5TX05PREVTPScnIgogICAgICAtIFJMSU1JVF9OT0ZJTEU9MTAwMDAKICAgICAgLSBBUFBfTkFNRT1yZWFsdGltZQogICAgICAtIFNFRURfU0VMRl9IT1NUPXRydWUKICAgICAgLSBMT0dfTEVWRUw9ZXJyb3IKICAgICAgLSBSVU5fSkFOSVRPUj10cnVlCiAgICAgIC0gSkFOSVRPUl9JTlRFUlZBTD02MDAwMAogICAgY29tbWFuZDogInNoIC1jIFwiL2FwcC9iaW4vbWlncmF0ZSAmJiAvYXBwL2Jpbi9yZWFsdGltZSBldmFsICdSZWFsdGltZS5SZWxlYXNlLnNlZWRzKFJlYWx0aW1lLlJlcG8pJyAmJiAvYXBwL2Jpbi9zZXJ2ZXJcIlxuIgogIHN1cGFiYXNlLW1pbmlvOgogICAgaW1hZ2U6IG1pbmlvL21pbmlvCiAgICBlbnZpcm9ubWVudDoKICAgICAgLSAnTUlOSU9fUk9PVF9VU0VSPSR7U0VSVklDRV9VU0VSX01JTklPfScKICAgICAgLSAnTUlOSU9fUk9PVF9QQVNTV09SRD0ke1NFUlZJQ0VfUEFTU1dPUkRfTUlOSU99JwogICAgY29tbWFuZDogJ3NlcnZlciAtLWNvbnNvbGUtYWRkcmVzcyAiOjkwMDEiIC9kYXRhJwogICAgaGVhbHRoY2hlY2s6CiAgICAgIHRlc3Q6ICdzbGVlcCA1ICYmIGV4aXQgMCcKICAgICAgaW50ZXJ2YWw6IDJzCiAgICAgIHRpbWVvdXQ6IDEwcwogICAgICByZXRyaWVzOiA1CiAgICB2b2x1bWVzOgogICAgICAtICcuL3ZvbHVtZXMvc3RvcmFnZTovZGF0YScKICBtaW5pby1jcmVhdGVidWNrZXQ6CiAgICBpbWFnZTogbWluaW8vbWMKICAgIHJlc3RhcnQ6ICdubycKICAgIGVudmlyb25tZW50OgogICAgICAtICdNSU5JT19ST09UX1VTRVI9JHtTRVJWSUNFX1VTRVJfTUlOSU99JwogICAgICAtICdNSU5JT19ST09UX1BBU1NXT1JEPSR7U0VSVklDRV9QQVNTV09SRF9NSU5JT30nCiAgICBkZXBlbmRzX29uOgogICAgICBzdXBhYmFzZS1taW5pbzoKICAgICAgICBjb25kaXRpb246IHNlcnZpY2VfaGVhbHRoeQogICAgZW50cnlwb2ludDoKICAgICAgLSAvZW50cnlwb2ludC5zaAogICAgdm9sdW1lczoKICAgICAgLQogICAgICAgIHR5cGU6IGJpbmQKICAgICAgICBzb3VyY2U6IC4vZW50cnlwb2ludC5zaAogICAgICAgIHRhcmdldDogL2VudHJ5cG9pbnQuc2gKICAgICAgICBjb250ZW50OiAiIyEvYmluL3NoXG4vdXNyL2Jpbi9tYyBhbGlhcyBzZXQgc3VwYWJhc2UtbWluaW8gaHR0cDovL3N1cGFiYXNlLW1pbmlvOjkwMDAgJHtNSU5JT19ST09UX1VTRVJ9ICR7TUlOSU9fUk9PVF9QQVNTV09SRH07XG4vdXNyL2Jpbi9tYyBtYiAtLWlnbm9yZS1leGlzdGluZyBzdXBhYmFzZS1taW5pby9zdHViO1xuZXhpdCAwXG4iCiAgc3VwYWJhc2Utc3RvcmFnZToKICAgIGltYWdlOiAnc3VwYWJhc2Uvc3RvcmFnZS1hcGk6djEuMTQuNicKICAgIGRlcGVuZHNfb246CiAgICAgIHN1cGFiYXNlLWRiOgogICAgICAgIGNvbmRpdGlvbjogc2VydmljZV9oZWFsdGh5CiAgICAgIHN1cGFiYXNlLXJlc3Q6CiAgICAgICAgY29uZGl0aW9uOiBzZXJ2aWNlX3N0YXJ0ZWQKICAgICAgaW1ncHJveHk6CiAgICAgICAgY29uZGl0aW9uOiBzZXJ2aWNlX3N0YXJ0ZWQKICAgIGhlYWx0aGNoZWNrOgogICAgICB0ZXN0OgogICAgICAgIC0gQ01ECiAgICAgICAgLSB3Z2V0CiAgICAgICAgLSAnLS1uby12ZXJib3NlJwogICAgICAgIC0gJy0tdHJpZXM9MScKICAgICAgICAtICctLXNwaWRlcicKICAgICAgICAtICdodHRwOi8vMTI3LjAuMC4xOjUwMDAvc3RhdHVzJwogICAgICB0aW1lb3V0OiA1cwogICAgICBpbnRlcnZhbDogNXMKICAgICAgcmV0cmllczogMwogICAgZW52aXJvbm1lbnQ6CiAgICAgIC0gU0VSVkVSX1BPUlQ9NTAwMAogICAgICAtIFNFUlZFUl9SRUdJT049bG9jYWwKICAgICAgLSBNVUxUSV9URU5BTlQ9ZmFsc2UKICAgICAgLSAnQVVUSF9KV1RfU0VDUkVUPSR7U0VSVklDRV9QQVNTV09SRF9KV1R9JwogICAgICAtICdEQVRBQkFTRV9VUkw9cG9zdGdyZXM6Ly9zdXBhYmFzZV9zdG9yYWdlX2FkbWluOiR7U0VSVklDRV9QQVNTV09SRF9QT1NUR1JFU31AJHtQT1NUR1JFU19IT1NUTkFNRTotc3VwYWJhc2UtZGJ9OiR7UE9TVEdSRVNfUE9SVDotNTQzMn0vJHtQT1NUR1JFU19EQjotcG9zdGdyZXN9JwogICAgICAtIERCX0lOU1RBTExfUk9MRVM9ZmFsc2UKICAgICAgLSBTVE9SQUdFX0JBQ0tFTkQ9czMKICAgICAgLSBTVE9SQUdFX1MzX0JVQ0tFVD1zdHViCiAgICAgIC0gJ1NUT1JBR0VfUzNfRU5EUE9JTlQ9aHR0cDovL3N1cGFiYXNlLW1pbmlvOjkwMDAnCiAgICAgIC0gU1RPUkFHRV9TM19GT1JDRV9QQVRIX1NUWUxFPXRydWUKICAgICAgLSBTVE9SQUdFX1MzX1JFR0lPTj11cy1lYXN0LTEKICAgICAgLSAnQVdTX0FDQ0VTU19LRVlfSUQ9JHtTRVJWSUNFX1VTRVJfTUlOSU99JwogICAgICAtICdBV1NfU0VDUkVUX0FDQ0VTU19LRVk9JHtTRVJWSUNFX1BBU1NXT1JEX01JTklPfScKICAgICAgLSBVUExPQURfRklMRV9TSVpFX0xJTUlUPTUyNDI4ODAwMAogICAgICAtIFVQTE9BRF9GSUxFX1NJWkVfTElNSVRfU1RBTkRBUkQ9NTI0Mjg4MDAwCiAgICAgIC0gVVBMT0FEX1NJR05FRF9VUkxfRVhQSVJBVElPTl9USU1FPTEyMAogICAgICAtIFRVU19VUkxfUEFUSD11cGxvYWQvcmVzdW1hYmxlCiAgICAgIC0gVFVTX01BWF9TSVpFPTM2MDAwMDAKICAgICAgLSBFTkFCTEVfSU1BR0VfVFJBTlNGT1JNQVRJT049dHJ1ZQogICAgICAtICdJTUdQUk9YWV9VUkw9aHR0cDovL2ltZ3Byb3h5OjgwODAnCiAgICAgIC0gSU1HUFJPWFlfUkVRVUVTVF9USU1FT1VUPTE1CiAgICAgIC0gREFUQUJBU0VfU0VBUkNIX1BBVEg9c3RvcmFnZQogICAgICAtIE5PREVfRU5WPXByb2R1Y3Rpb24KICAgICAgLSBSRVFVRVNUX0FMTE9XX1hfRk9SV0FSREVEX1BBVEg9dHJ1ZQogICAgdm9sdW1lczoKICAgICAgLSAnLi92b2x1bWVzL3N0b3JhZ2U6L3Zhci9saWIvc3RvcmFnZScKICBpbWdwcm94eToKICAgIGltYWdlOiAnZGFydGhzaW0vaW1ncHJveHk6djMuOC4wJwogICAgaGVhbHRoY2hlY2s6CiAgICAgIHRlc3Q6CiAgICAgICAgLSBDTUQKICAgICAgICAtIGltZ3Byb3h5CiAgICAgICAgLSBoZWFsdGgKICAgICAgdGltZW91dDogNXMKICAgICAgaW50ZXJ2YWw6IDVzCiAgICAgIHJldHJpZXM6IDMKICAgIGVudmlyb25tZW50OgogICAgICAtIElNR1BST1hZX0xPQ0FMX0ZJTEVTWVNURU1fUk9PVD0vCiAgICAgIC0gSU1HUFJPWFlfVVNFX0VUQUc9dHJ1ZQogICAgICAtICdJTUdQUk9YWV9FTkFCTEVfV0VCUF9ERVRFQ1RJT049JHtJTUdQUk9YWV9FTkFCTEVfV0VCUF9ERVRFQ1RJT046LXRydWV9JwogICAgdm9sdW1lczoKICAgICAgLSAnLi92b2x1bWVzL3N0b3JhZ2U6L3Zhci9saWIvc3RvcmFnZScKICBzdXBhYmFzZS1tZXRhOgogICAgaW1hZ2U6ICdzdXBhYmFzZS9wb3N0Z3Jlcy1tZXRhOnYwLjg0LjInCiAgICBkZXBlbmRzX29uOgogICAgICBzdXBhYmFzZS1kYjoKICAgICAgICBjb25kaXRpb246IHNlcnZpY2VfaGVhbHRoeQogICAgICBzdXBhYmFzZS1hbmFseXRpY3M6CiAgICAgICAgY29uZGl0aW9uOiBzZXJ2aWNlX2hlYWx0aHkKICAgIGVudmlyb25tZW50OgogICAgICAtIFBHX01FVEFfUE9SVD04MDgwCiAgICAgIC0gJ1BHX01FVEFfREJfSE9TVD0ke1BPU1RHUkVTX0hPU1ROQU1FOi1zdXBhYmFzZS1kYn0nCiAgICAgIC0gJ1BHX01FVEFfREJfUE9SVD0ke1BPU1RHUkVTX1BPUlQ6LTU0MzJ9JwogICAgICAtICdQR19NRVRBX0RCX05BTUU9JHtQT1NUR1JFU19EQjotcG9zdGdyZXN9JwogICAgICAtIFBHX01FVEFfREJfVVNFUj1zdXBhYmFzZV9hZG1pbgogICAgICAtICdQR19NRVRBX0RCX1BBU1NXT1JEPSR7U0VSVklDRV9QQVNTV09SRF9QT1NUR1JFU30nCiAgc3VwYWJhc2UtZWRnZS1mdW5jdGlvbnM6CiAgICBpbWFnZTogJ3N1cGFiYXNlL2VkZ2UtcnVudGltZTp2MS42NS4zJwogICAgZGVwZW5kc19vbjoKICAgICAgc3VwYWJhc2UtYW5hbHl0aWNzOgogICAgICAgIGNvbmRpdGlvbjogc2VydmljZV9oZWFsdGh5CiAgICBoZWFsdGhjaGVjazoKICAgICAgdGVzdDoKICAgICAgICAtIENNRAogICAgICAgIC0gZWNobwogICAgICAgIC0gJ0VkZ2UgRnVuY3Rpb25zIGlzIGhlYWx0aHknCiAgICAgIHRpbWVvdXQ6IDVzCiAgICAgIGludGVydmFsOiA1cwogICAgICByZXRyaWVzOiAzCiAgICBlbnZpcm9ubWVudDoKICAgICAgLSAnSldUX1NFQ1JFVD0ke1NFUlZJQ0VfUEFTU1dPUkRfSldUfScKICAgICAgLSAnU1VQQUJBU0VfVVJMPSR7U0VSVklDRV9GUUROX1NVUEFCQVNFS09OR30nCiAgICAgIC0gJ1NVUEFCQVNFX0FOT05fS0VZPSR7U0VSVklDRV9TVVBBQkFTRUFOT05fS0VZfScKICAgICAgLSAnU1VQQUJBU0VfU0VSVklDRV9ST0xFX0tFWT0ke1NFUlZJQ0VfU1VQQUJBU0VTRVJWSUNFX0tFWX0nCiAgICAgIC0gJ1NVUEFCQVNFX0RCX1VSTD1wb3N0Z3Jlc3FsOi8vcG9zdGdyZXM6JHtTRVJWSUNFX1BBU1NXT1JEX1BPU1RHUkVTfUAke1BPU1RHUkVTX0hPU1ROQU1FOi1zdXBhYmFzZS1kYn06JHtQT1NUR1JFU19QT1JUOi01NDMyfS8ke1BPU1RHUkVTX0RCOi1wb3N0Z3Jlc30nCiAgICAgIC0gJ1ZFUklGWV9KV1Q9JHtGVU5DVElPTlNfVkVSSUZZX0pXVDotZmFsc2V9JwogICAgdm9sdW1lczoKICAgICAgLSAnLi92b2x1bWVzL2Z1bmN0aW9uczovaG9tZS9kZW5vL2Z1bmN0aW9ucycKICAgICAgLQogICAgICAgIHR5cGU6IGJpbmQKICAgICAgICBzb3VyY2U6IC4vdm9sdW1lcy9mdW5jdGlvbnMvbWFpbi9pbmRleC50cwogICAgICAgIHRhcmdldDogL2hvbWUvZGVuby9mdW5jdGlvbnMvbWFpbi9pbmRleC50cwogICAgICAgIGNvbnRlbnQ6ICJpbXBvcnQgeyBzZXJ2ZSB9IGZyb20gJ2h0dHBzOi8vZGVuby5sYW5kL3N0ZEAwLjEzMS4wL2h0dHAvc2VydmVyLnRzJ1xuaW1wb3J0ICogYXMgam9zZSBmcm9tICdodHRwczovL2Rlbm8ubGFuZC94L2pvc2VAdjQuMTQuNC9pbmRleC50cydcblxuY29uc29sZS5sb2coJ21haW4gZnVuY3Rpb24gc3RhcnRlZCcpXG5cbmNvbnN0IEpXVF9TRUNSRVQgPSBEZW5vLmVudi5nZXQoJ0pXVF9TRUNSRVQnKVxuY29uc3QgVkVSSUZZX0pXVCA9IERlbm8uZW52LmdldCgnVkVSSUZZX0pXVCcpID09PSAndHJ1ZSdcblxuZnVuY3Rpb24gZ2V0QXV0aFRva2VuKHJlcTogUmVxdWVzdCkge1xuICBjb25zdCBhdXRoSGVhZGVyID0gcmVxLmhlYWRlcnMuZ2V0KCdhdXRob3JpemF0aW9uJylcbiAgaWYgKCFhdXRoSGVhZGVyKSB7XG4gICAgdGhyb3cgbmV3IEVycm9yKCdNaXNzaW5nIGF1dGhvcml6YXRpb24gaGVhZGVyJylcbiAgfVxuICBjb25zdCBbYmVhcmVyLCB0b2tlbl0gPSBhdXRoSGVhZGVyLnNwbGl0KCcgJylcbiAgaWYgKGJlYXJlciAhPT0gJ0JlYXJlcicpIHtcbiAgICB0aHJvdyBuZXcgRXJyb3IoYEF1dGggaGVhZGVyIGlzIG5vdCAnQmVhcmVyIHt0b2tlbn0nYClcbiAgfVxuICByZXR1cm4gdG9rZW5cbn1cblxuYXN5bmMgZnVuY3Rpb24gdmVyaWZ5SldUKGp3dDogc3RyaW5nKTogUHJvbWlzZTxib29sZWFuPiB7XG4gIGNvbnN0IGVuY29kZXIgPSBuZXcgVGV4dEVuY29kZXIoKVxuICBjb25zdCBzZWNyZXRLZXkgPSBlbmNvZGVyLmVuY29kZShKV1RfU0VDUkVUKVxuICB0cnkge1xuICAgIGF3YWl0IGpvc2Uuand0VmVyaWZ5KGp3dCwgc2VjcmV0S2V5KVxuICB9IGNhdGNoIChlcnIpIHtcbiAgICBjb25zb2xlLmVycm9yKGVycilcbiAgICByZXR1cm4gZmFsc2VcbiAgfVxuICByZXR1cm4gdHJ1ZVxufVxuXG5zZXJ2ZShhc3luYyAocmVxOiBSZXF1ZXN0KSA9PiB7XG4gIGlmIChyZXEubWV0aG9kICE9PSAnT1BUSU9OUycgJiYgVkVSSUZZX0pXVCkge1xuICAgIHRyeSB7XG4gICAgICBjb25zdCB0b2tlbiA9IGdldEF1dGhUb2tlbihyZXEpXG4gICAgICBjb25zdCBpc1ZhbGlkSldUID0gYXdhaXQgdmVyaWZ5SldUKHRva2VuKVxuXG4gICAgICBpZiAoIWlzVmFsaWRKV1QpIHtcbiAgICAgICAgcmV0dXJuIG5ldyBSZXNwb25zZShKU09OLnN0cmluZ2lmeSh7IG1zZzogJ0ludmFsaWQgSldUJyB9KSwge1xuICAgICAgICAgIHN0YXR1czogNDAxLFxuICAgICAgICAgIGhlYWRlcnM6IHsgJ0NvbnRlbnQtVHlwZSc6ICdhcHBsaWNhdGlvbi9qc29uJyB9LFxuICAgICAgICB9KVxuICAgICAgfVxuICAgIH0gY2F0Y2ggKGUpIHtcbiAgICAgIGNvbnNvbGUuZXJyb3IoZSlcbiAgICAgIHJldHVybiBuZXcgUmVzcG9uc2UoSlNPTi5zdHJpbmdpZnkoeyBtc2c6IGUudG9TdHJpbmcoKSB9KSwge1xuICAgICAgICBzdGF0dXM6IDQwMSxcbiAgICAgICAgaGVhZGVyczogeyAnQ29udGVudC1UeXBlJzogJ2FwcGxpY2F0aW9uL2pzb24nIH0sXG4gICAgICB9KVxuICAgIH1cbiAgfVxuXG4gIGNvbnN0IHVybCA9IG5ldyBVUkwocmVxLnVybClcbiAgY29uc3QgeyBwYXRobmFtZSB9ID0gdXJsXG4gIGNvbnN0IHBhdGhfcGFydHMgPSBwYXRobmFtZS5zcGxpdCgnLycpXG4gIGNvbnN0IHNlcnZpY2VfbmFtZSA9IHBhdGhfcGFydHNbMV1cblxuICBpZiAoIXNlcnZpY2VfbmFtZSB8fCBzZXJ2aWNlX25hbWUgPT09ICcnKSB7XG4gICAgY29uc3QgZXJyb3IgPSB7IG1zZzogJ21pc3NpbmcgZnVuY3Rpb24gbmFtZSBpbiByZXF1ZXN0JyB9XG4gICAgcmV0dXJuIG5ldyBSZXNwb25zZShKU09OLnN0cmluZ2lmeShlcnJvciksIHtcbiAgICAgIHN0YXR1czogNDAwLFxuICAgICAgaGVhZGVyczogeyAnQ29udGVudC1UeXBlJzogJ2FwcGxpY2F0aW9uL2pzb24nIH0sXG4gICAgfSlcbiAgfVxuXG4gIGNvbnN0IHNlcnZpY2VQYXRoID0gYC9ob21lL2Rlbm8vZnVuY3Rpb25zLyR7c2VydmljZV9uYW1lfWBcbiAgY29uc29sZS5lcnJvcihgc2VydmluZyB0aGUgcmVxdWVzdCB3aXRoICR7c2VydmljZVBhdGh9YClcblxuICBjb25zdCBtZW1vcnlMaW1pdE1iID0gMTUwXG4gIGNvbnN0IHdvcmtlclRpbWVvdXRNcyA9IDEgKiA2MCAqIDEwMDBcbiAgY29uc3Qgbm9Nb2R1bGVDYWNoZSA9IGZhbHNlXG4gIGNvbnN0IGltcG9ydE1hcFBhdGggPSBudWxsXG4gIGNvbnN0IGVudlZhcnNPYmogPSBEZW5vLmVudi50b09iamVjdCgpXG4gIGNvbnN0IGVudlZhcnMgPSBPYmplY3Qua2V5cyhlbnZWYXJzT2JqKS5tYXAoKGspID0+IFtrLCBlbnZWYXJzT2JqW2tdXSlcblxuICB0cnkge1xuICAgIGNvbnN0IHdvcmtlciA9IGF3YWl0IEVkZ2VSdW50aW1lLnVzZXJXb3JrZXJzLmNyZWF0ZSh7XG4gICAgICBzZXJ2aWNlUGF0aCxcbiAgICAgIG1lbW9yeUxpbWl0TWIsXG4gICAgICB3b3JrZXJUaW1lb3V0TXMsXG4gICAgICBub01vZHVsZUNhY2hlLFxuICAgICAgaW1wb3J0TWFwUGF0aCxcbiAgICAgIGVudlZhcnMsXG4gICAgfSlcbiAgICByZXR1cm4gYXdhaXQgd29ya2VyLmZldGNoKHJlcSlcbiAgfSBjYXRjaCAoZSkge1xuICAgIGNvbnN0IGVycm9yID0geyBtc2c6IGUudG9TdHJpbmcoKSB9XG4gICAgcmV0dXJuIG5ldyBSZXNwb25zZShKU09OLnN0cmluZ2lmeShlcnJvciksIHtcbiAgICAgIHN0YXR1czogNTAwLFxuICAgICAgaGVhZGVyczogeyAnQ29udGVudC1UeXBlJzogJ2FwcGxpY2F0aW9uL2pzb24nIH0sXG4gICAgfSlcbiAgfVxufSlcbiIKICAgICAgLQogICAgICAgIHR5cGU6IGJpbmQKICAgICAgICBzb3VyY2U6IC4vdm9sdW1lcy9mdW5jdGlvbnMvaGVsbG8vaW5kZXgudHMKICAgICAgICB0YXJnZXQ6IC9ob21lL2Rlbm8vZnVuY3Rpb25zL2hlbGxvL2luZGV4LnRzCiAgICAgICAgY29udGVudDogIi8vIEZvbGxvdyB0aGlzIHNldHVwIGd1aWRlIHRvIGludGVncmF0ZSB0aGUgRGVubyBsYW5ndWFnZSBzZXJ2ZXIgd2l0aCB5b3VyIGVkaXRvcjpcbi8vIGh0dHBzOi8vZGVuby5sYW5kL21hbnVhbC9nZXR0aW5nX3N0YXJ0ZWQvc2V0dXBfeW91cl9lbnZpcm9ubWVudFxuLy8gVGhpcyBlbmFibGVzIGF1dG9jb21wbGV0ZSwgZ28gdG8gZGVmaW5pdGlvbiwgZXRjLlxuXG5pbXBvcnQgeyBzZXJ2ZSB9IGZyb20gXCJodHRwczovL2Rlbm8ubGFuZC9zdGRAMC4xNzcuMS9odHRwL3NlcnZlci50c1wiXG5cbnNlcnZlKGFzeW5jICgpID0+IHtcbiAgcmV0dXJuIG5ldyBSZXNwb25zZShcbiAgICBgXCJIZWxsbyBmcm9tIEVkZ2UgRnVuY3Rpb25zIVwiYCxcbiAgICB7IGhlYWRlcnM6IHsgXCJDb250ZW50LVR5cGVcIjogXCJhcHBsaWNhdGlvbi9qc29uXCIgfSB9LFxuICApXG59KVxuXG4vLyBUbyBpbnZva2U6XG4vLyBjdXJsICdodHRwOi8vbG9jYWxob3N0OjxLT05HX0hUVFBfUE9SVD4vZnVuY3Rpb25zL3YxL2hlbGxvJyBcXFxuLy8gICAtLWhlYWRlciAnQXV0aG9yaXphdGlvbjogQmVhcmVyIDxhbm9uL3NlcnZpY2Vfcm9sZSBBUEkga2V5PidcbiIKICAgIGNvbW1hbmQ6CiAgICAgIC0gc3RhcnQKICAgICAgLSAnLS1tYWluLXNlcnZpY2UnCiAgICAgIC0gL2hvbWUvZGVuby9mdW5jdGlvbnMvbWFpbgogIHN1cGFiYXNlLXN1cGF2aXNvcjoKICAgIGltYWdlOiAnc3VwYWJhc2Uvc3VwYXZpc29yOjEuMS41NicKICAgIGhlYWx0aGNoZWNrOgogICAgICB0ZXN0OgogICAgICAgIC0gQ01ECiAgICAgICAgLSBjdXJsCiAgICAgICAgLSAnLXNTZkwnCiAgICAgICAgLSAnLW8nCiAgICAgICAgLSAvZGV2L251bGwKICAgICAgICAtICdodHRwOi8vMTI3LjAuMC4xOjQwMDAvYXBpL2hlYWx0aCcKICAgICAgdGltZW91dDogNXMKICAgICAgaW50ZXJ2YWw6IDVzCiAgICAgIHJldHJpZXM6IDEwCiAgICBkZXBlbmRzX29uOgogICAgICBzdXBhYmFzZS1kYjoKICAgICAgICBjb25kaXRpb246IHNlcnZpY2VfaGVhbHRoeQogICAgICBzdXBhYmFzZS1hbmFseXRpY3M6CiAgICAgICAgY29uZGl0aW9uOiBzZXJ2aWNlX2hlYWx0aHkKICAgIGVudmlyb25tZW50OgogICAgICAtIFBPT0xFUl9URU5BTlRfSUQ9ZGV2X3RlbmFudAogICAgICAtIFBPT0xFUl9QT09MX01PREU9dHJhbnNhY3Rpb24KICAgICAgLSAnUE9PTEVSX0RFRkFVTFRfUE9PTF9TSVpFPSR7UE9PTEVSX0RFRkFVTFRfUE9PTF9TSVpFOi0yMH0nCiAgICAgIC0gJ1BPT0xFUl9NQVhfQ0xJRU5UX0NPTk49JHtQT09MRVJfTUFYX0NMSUVOVF9DT05OOi0xMDB9JwogICAgICAtIFBPUlQ9NDAwMAogICAgICAtICdQT1NUR1JFU19QT1JUPSR7UE9TVEdSRVNfUE9SVDotNTQzMn0nCiAgICAgIC0gJ1BPU1RHUkVTX0hPU1ROQU1FPSR7UE9TVEdSRVNfSE9TVE5BTUU6LXN1cGFiYXNlLWRifScKICAgICAgLSAnUE9TVEdSRVNfREI9JHtQT1NUR1JFU19EQjotcG9zdGdyZXN9JwogICAgICAtICdQT1NUR1JFU19QQVNTV09SRD0ke1NFUlZJQ0VfUEFTU1dPUkRfUE9TVEdSRVN9JwogICAgICAtICdEQVRBQkFTRV9VUkw9ZWN0bzovL3N1cGFiYXNlX2FkbWluOiR7U0VSVklDRV9QQVNTV09SRF9QT1NUR1JFU31AJHtQT1NUR1JFU19IT1NUTkFNRTotc3VwYWJhc2UtZGJ9OiR7UE9TVEdSRVNfUE9SVDotNTQzMn0vX3N1cGFiYXNlJwogICAgICAtIENMVVNURVJfUE9TVEdSRVM9dHJ1ZQogICAgICAtICdTRUNSRVRfS0VZX0JBU0U9JHtTRVJWSUNFX1BBU1NXT1JEX1NVUEFWSVNPUlNFQ1JFVH0nCiAgICAgIC0gJ1ZBVUxUX0VOQ19LRVk9JHtTRVJWSUNFX1BBU1NXT1JEX1ZBVUxURU5DfScKICAgICAgLSAnQVBJX0pXVF9TRUNSRVQ9JHtTRVJWSUNFX1BBU1NXT1JEX0pXVH0nCiAgICAgIC0gJ01FVFJJQ1NfSldUX1NFQ1JFVD0ke1NFUlZJQ0VfUEFTU1dPUkRfSldUfScKICAgICAgLSBSRUdJT049bG9jYWwKICAgICAgLSAnRVJMX0FGTEFHUz0tcHJvdG9fZGlzdCBpbmV0X3RjcCcKICAgIGNvbW1hbmQ6CiAgICAgIC0gL2Jpbi9zaAogICAgICAtICctYycKICAgICAgLSAnL2FwcC9iaW4vbWlncmF0ZSAmJiAvYXBwL2Jpbi9zdXBhdmlzb3IgZXZhbCAiJCQoY2F0IC9ldGMvcG9vbGVyL3Bvb2xlci5leHMpIiAmJiAvYXBwL2Jpbi9zZXJ2ZXInCiAgICB2b2x1bWVzOgogICAgICAtCiAgICAgICAgdHlwZTogYmluZAogICAgICAgIHNvdXJjZTogLi92b2x1bWVzL3Bvb2xlci9wb29sZXIuZXhzCiAgICAgICAgdGFyZ2V0OiAvZXRjL3Bvb2xlci9wb29sZXIuZXhzCiAgICAgICAgY29udGVudDogIns6b2ssIF99ID0gQXBwbGljYXRpb24uZW5zdXJlX2FsbF9zdGFydGVkKDpzdXBhdmlzb3IpXG57Om9rLCB2ZXJzaW9ufSA9XG4gICAgY2FzZSBTdXBhdmlzb3IuUmVwby5xdWVyeSEoXCJzZWxlY3QgdmVyc2lvbigpXCIpIGRvXG4gICAgJXtyb3dzOiBbW3Zlcl1dfSAtPiBTdXBhdmlzb3IuSGVscGVycy5wYXJzZV9wZ192ZXJzaW9uKHZlcilcbiAgICBfIC0+IG5pbFxuICAgIGVuZFxucGFyYW1zID0gJXtcbiAgICBcImV4dGVybmFsX2lkXCIgPT4gU3lzdGVtLmdldF9lbnYoXCJQT09MRVJfVEVOQU5UX0lEXCIpLFxuICAgIFwiZGJfaG9zdFwiID0+IFN5c3RlbS5nZXRfZW52KFwiUE9TVEdSRVNfSE9TVE5BTUVcIiksXG4gICAgXCJkYl9wb3J0XCIgPT4gU3lzdGVtLmdldF9lbnYoXCJQT1NUR1JFU19QT1JUXCIpIHw+IFN0cmluZy50b19pbnRlZ2VyKCksXG4gICAgXCJkYl9kYXRhYmFzZVwiID0+IFN5c3RlbS5nZXRfZW52KFwiUE9TVEdSRVNfREJcIiksXG4gICAgXCJyZXF1aXJlX3VzZXJcIiA9PiBmYWxzZSxcbiAgICBcImF1dGhfcXVlcnlcIiA9PiBcIlNFTEVDVCAqIEZST00gcGdib3VuY2VyLmdldF9hdXRoKCQxKVwiLFxuICAgIFwiZGVmYXVsdF9tYXhfY2xpZW50c1wiID0+IFN5c3RlbS5nZXRfZW52KFwiUE9PTEVSX01BWF9DTElFTlRfQ09OTlwiKSxcbiAgICBcImRlZmF1bHRfcG9vbF9zaXplXCIgPT4gU3lzdGVtLmdldF9lbnYoXCJQT09MRVJfREVGQVVMVF9QT09MX1NJWkVcIiksXG4gICAgXCJkZWZhdWx0X3BhcmFtZXRlcl9zdGF0dXNcIiA9PiAle1wic2VydmVyX3ZlcnNpb25cIiA9PiB2ZXJzaW9ufSxcbiAgICBcInVzZXJzXCIgPT4gWyV7XG4gICAgXCJkYl91c2VyXCIgPT4gXCJwZ2JvdW5jZXJcIixcbiAgICBcImRiX3Bhc3N3b3JkXCIgPT4gU3lzdGVtLmdldF9lbnYoXCJQT1NUR1JFU19QQVNTV09SRFwiKSxcbiAgICBcIm1vZGVfdHlwZVwiID0+IFN5c3RlbS5nZXRfZW52KFwiUE9PTEVSX1BPT0xfTU9ERVwiKSxcbiAgICBcInBvb2xfc2l6ZVwiID0+IFN5c3RlbS5nZXRfZW52KFwiUE9PTEVSX0RFRkFVTFRfUE9PTF9TSVpFXCIpLFxuICAgIFwiaXNfbWFuYWdlclwiID0+IHRydWVcbiAgICB9XVxufVxuXG50ZW5hbnQgPSBTdXBhdmlzb3IuVGVuYW50cy5nZXRfdGVuYW50X2J5X2V4dGVybmFsX2lkKHBhcmFtc1tcImV4dGVybmFsX2lkXCJdKVxuXG5pZiB0ZW5hbnQgZG9cbiAgezpvaywgX30gPSBTdXBhdmlzb3IuVGVuYW50cy51cGRhdGVfdGVuYW50KHRlbmFudCwgcGFyYW1zKVxuZWxzZVxuICB7Om9rLCBffSA9IFN1cGF2aXNvci5UZW5hbnRzLmNyZWF0ZV90ZW5hbnQocGFyYW1zKVxuZW5kXG4iCg==",
+        "compose": "c2VydmljZXM6CiAgc3VwYWJhc2Uta29uZzoKICAgIGltYWdlOiAna29uZzoyLjguMScKICAgIGVudHJ5cG9pbnQ6ICdiYXNoIC1jICcnZXZhbCAiZWNobyBcIiQkKGNhdCB+L3RlbXAueW1sKVwiIiA+IH4va29uZy55bWwgJiYgL2RvY2tlci1lbnRyeXBvaW50LnNoIGtvbmcgZG9ja2VyLXN0YXJ0JycnCiAgICBkZXBlbmRzX29uOgogICAgICBzdXBhYmFzZS1hbmFseXRpY3M6CiAgICAgICAgY29uZGl0aW9uOiBzZXJ2aWNlX2hlYWx0aHkKICAgIGVudmlyb25tZW50OgogICAgICAtIFNFUlZJQ0VfRlFETl9TVVBBQkFTRUtPTkdfODAwMAogICAgICAtICdLT05HX1BPUlRfTUFQUz00NDM6ODAwMCcKICAgICAgLSAnSldUX1NFQ1JFVD0ke1NFUlZJQ0VfUEFTU1dPUkRfSldUfScKICAgICAgLSBLT05HX0RBVEFCQVNFPW9mZgogICAgICAtIEtPTkdfREVDTEFSQVRJVkVfQ09ORklHPS9ob21lL2tvbmcva29uZy55bWwKICAgICAgLSAnS09OR19ETlNfT1JERVI9TEFTVCxBLENOQU1FJwogICAgICAtICdLT05HX1BMVUdJTlM9cmVxdWVzdC10cmFuc2Zvcm1lcixjb3JzLGtleS1hdXRoLGFjbCxiYXNpYy1hdXRoJwogICAgICAtIEtPTkdfTkdJTlhfUFJPWFlfUFJPWFlfQlVGRkVSX1NJWkU9MTYwawogICAgICAtICdLT05HX05HSU5YX1BST1hZX1BST1hZX0JVRkZFUlM9NjQgMTYwaycKICAgICAgLSAnU1VQQUJBU0VfQU5PTl9LRVk9JHtTRVJWSUNFX1NVUEFCQVNFQU5PTl9LRVl9JwogICAgICAtICdTVVBBQkFTRV9TRVJWSUNFX0tFWT0ke1NFUlZJQ0VfU1VQQUJBU0VTRVJWSUNFX0tFWX0nCiAgICAgIC0gJ0RBU0hCT0FSRF9VU0VSTkFNRT0ke1NFUlZJQ0VfVVNFUl9BRE1JTn0nCiAgICAgIC0gJ0RBU0hCT0FSRF9QQVNTV09SRD0ke1NFUlZJQ0VfUEFTU1dPUkRfQURNSU59JwogICAgdm9sdW1lczoKICAgICAgLQogICAgICAgIHR5cGU6IGJpbmQKICAgICAgICBzb3VyY2U6IC4vdm9sdW1lcy9hcGkva29uZy55bWwKICAgICAgICB0YXJnZXQ6IC9ob21lL2tvbmcvdGVtcC55bWwKICAgICAgICBjb250ZW50OiAiX2Zvcm1hdF92ZXJzaW9uOiAnMi4xJ1xuX3RyYW5zZm9ybTogdHJ1ZVxuXG4jIyNcbiMjIyBDb25zdW1lcnMgLyBVc2Vyc1xuIyMjXG5jb25zdW1lcnM6XG4gIC0gdXNlcm5hbWU6IERBU0hCT0FSRFxuICAtIHVzZXJuYW1lOiBhbm9uXG4gICAga2V5YXV0aF9jcmVkZW50aWFsczpcbiAgICAgIC0ga2V5OiAkU1VQQUJBU0VfQU5PTl9LRVlcbiAgLSB1c2VybmFtZTogc2VydmljZV9yb2xlXG4gICAga2V5YXV0aF9jcmVkZW50aWFsczpcbiAgICAgIC0ga2V5OiAkU1VQQUJBU0VfU0VSVklDRV9LRVlcblxuIyMjXG4jIyMgQWNjZXNzIENvbnRyb2wgTGlzdFxuIyMjXG5hY2xzOlxuICAtIGNvbnN1bWVyOiBhbm9uXG4gICAgZ3JvdXA6IGFub25cbiAgLSBjb25zdW1lcjogc2VydmljZV9yb2xlXG4gICAgZ3JvdXA6IGFkbWluXG5cbiMjI1xuIyMjIERhc2hib2FyZCBjcmVkZW50aWFsc1xuIyMjXG5iYXNpY2F1dGhfY3JlZGVudGlhbHM6XG4tIGNvbnN1bWVyOiBEQVNIQk9BUkRcbiAgdXNlcm5hbWU6ICREQVNIQk9BUkRfVVNFUk5BTUVcbiAgcGFzc3dvcmQ6ICREQVNIQk9BUkRfUEFTU1dPUkRcblxuXG4jIyNcbiMjIyBBUEkgUm91dGVzXG4jIyNcbnNlcnZpY2VzOlxuXG4gICMjIE9wZW4gQXV0aCByb3V0ZXNcbiAgLSBuYW1lOiBhdXRoLXYxLW9wZW5cbiAgICB1cmw6IGh0dHA6Ly9zdXBhYmFzZS1hdXRoOjk5OTkvdmVyaWZ5XG4gICAgcm91dGVzOlxuICAgICAgLSBuYW1lOiBhdXRoLXYxLW9wZW5cbiAgICAgICAgc3RyaXBfcGF0aDogdHJ1ZVxuICAgICAgICBwYXRoczpcbiAgICAgICAgICAtIC9hdXRoL3YxL3ZlcmlmeVxuICAgIHBsdWdpbnM6XG4gICAgICAtIG5hbWU6IGNvcnNcbiAgLSBuYW1lOiBhdXRoLXYxLW9wZW4tY2FsbGJhY2tcbiAgICB1cmw6IGh0dHA6Ly9zdXBhYmFzZS1hdXRoOjk5OTkvY2FsbGJhY2tcbiAgICByb3V0ZXM6XG4gICAgICAtIG5hbWU6IGF1dGgtdjEtb3Blbi1jYWxsYmFja1xuICAgICAgICBzdHJpcF9wYXRoOiB0cnVlXG4gICAgICAgIHBhdGhzOlxuICAgICAgICAgIC0gL2F1dGgvdjEvY2FsbGJhY2tcbiAgICBwbHVnaW5zOlxuICAgICAgLSBuYW1lOiBjb3JzXG4gIC0gbmFtZTogYXV0aC12MS1vcGVuLWF1dGhvcml6ZVxuICAgIHVybDogaHR0cDovL3N1cGFiYXNlLWF1dGg6OTk5OS9hdXRob3JpemVcbiAgICByb3V0ZXM6XG4gICAgICAtIG5hbWU6IGF1dGgtdjEtb3Blbi1hdXRob3JpemVcbiAgICAgICAgc3RyaXBfcGF0aDogdHJ1ZVxuICAgICAgICBwYXRoczpcbiAgICAgICAgICAtIC9hdXRoL3YxL2F1dGhvcml6ZVxuICAgIHBsdWdpbnM6XG4gICAgICAtIG5hbWU6IGNvcnNcblxuICAjIyBTZWN1cmUgQXV0aCByb3V0ZXNcbiAgLSBuYW1lOiBhdXRoLXYxXG4gICAgX2NvbW1lbnQ6ICdHb1RydWU6IC9hdXRoL3YxLyogLT4gaHR0cDovL3N1cGFiYXNlLWF1dGg6OTk5OS8qJ1xuICAgIHVybDogaHR0cDovL3N1cGFiYXNlLWF1dGg6OTk5OS9cbiAgICByb3V0ZXM6XG4gICAgICAtIG5hbWU6IGF1dGgtdjEtYWxsXG4gICAgICAgIHN0cmlwX3BhdGg6IHRydWVcbiAgICAgICAgcGF0aHM6XG4gICAgICAgICAgLSAvYXV0aC92MS9cbiAgICBwbHVnaW5zOlxuICAgICAgLSBuYW1lOiBjb3JzXG4gICAgICAtIG5hbWU6IGtleS1hdXRoXG4gICAgICAgIGNvbmZpZzpcbiAgICAgICAgICBoaWRlX2NyZWRlbnRpYWxzOiBmYWxzZVxuICAgICAgLSBuYW1lOiBhY2xcbiAgICAgICAgY29uZmlnOlxuICAgICAgICAgIGhpZGVfZ3JvdXBzX2hlYWRlcjogdHJ1ZVxuICAgICAgICAgIGFsbG93OlxuICAgICAgICAgICAgLSBhZG1pblxuICAgICAgICAgICAgLSBhbm9uXG5cbiAgIyMgU2VjdXJlIFJFU1Qgcm91dGVzXG4gIC0gbmFtZTogcmVzdC12MVxuICAgIF9jb21tZW50OiAnUG9zdGdSRVNUOiAvcmVzdC92MS8qIC0+IGh0dHA6Ly9zdXBhYmFzZS1yZXN0OjMwMDAvKidcbiAgICB1cmw6IGh0dHA6Ly9zdXBhYmFzZS1yZXN0OjMwMDAvXG4gICAgcm91dGVzOlxuICAgICAgLSBuYW1lOiByZXN0LXYxLWFsbFxuICAgICAgICBzdHJpcF9wYXRoOiB0cnVlXG4gICAgICAgIHBhdGhzOlxuICAgICAgICAgIC0gL3Jlc3QvdjEvXG4gICAgcGx1Z2luczpcbiAgICAgIC0gbmFtZTogY29yc1xuICAgICAgLSBuYW1lOiBrZXktYXV0aFxuICAgICAgICBjb25maWc6XG4gICAgICAgICAgaGlkZV9jcmVkZW50aWFsczogdHJ1ZVxuICAgICAgLSBuYW1lOiBhY2xcbiAgICAgICAgY29uZmlnOlxuICAgICAgICAgIGhpZGVfZ3JvdXBzX2hlYWRlcjogdHJ1ZVxuICAgICAgICAgIGFsbG93OlxuICAgICAgICAgICAgLSBhZG1pblxuICAgICAgICAgICAgLSBhbm9uXG5cbiAgIyMgU2VjdXJlIEdyYXBoUUwgcm91dGVzXG4gIC0gbmFtZTogZ3JhcGhxbC12MVxuICAgIF9jb21tZW50OiAnUG9zdGdSRVNUOiAvZ3JhcGhxbC92MS8qIC0+IGh0dHA6Ly9zdXBhYmFzZS1yZXN0OjMwMDAvcnBjL2dyYXBocWwnXG4gICAgdXJsOiBodHRwOi8vc3VwYWJhc2UtcmVzdDozMDAwL3JwYy9ncmFwaHFsXG4gICAgcm91dGVzOlxuICAgICAgLSBuYW1lOiBncmFwaHFsLXYxLWFsbFxuICAgICAgICBzdHJpcF9wYXRoOiB0cnVlXG4gICAgICAgIHBhdGhzOlxuICAgICAgICAgIC0gL2dyYXBocWwvdjFcbiAgICBwbHVnaW5zOlxuICAgICAgLSBuYW1lOiBjb3JzXG4gICAgICAtIG5hbWU6IGtleS1hdXRoXG4gICAgICAgIGNvbmZpZzpcbiAgICAgICAgICBoaWRlX2NyZWRlbnRpYWxzOiB0cnVlXG4gICAgICAtIG5hbWU6IHJlcXVlc3QtdHJhbnNmb3JtZXJcbiAgICAgICAgY29uZmlnOlxuICAgICAgICAgIGFkZDpcbiAgICAgICAgICAgIGhlYWRlcnM6XG4gICAgICAgICAgICAgIC0gQ29udGVudC1Qcm9maWxlOmdyYXBocWxfcHVibGljXG4gICAgICAtIG5hbWU6IGFjbFxuICAgICAgICBjb25maWc6XG4gICAgICAgICAgaGlkZV9ncm91cHNfaGVhZGVyOiB0cnVlXG4gICAgICAgICAgYWxsb3c6XG4gICAgICAgICAgICAtIGFkbWluXG4gICAgICAgICAgICAtIGFub25cblxuICAjIyBTZWN1cmUgUmVhbHRpbWUgcm91dGVzXG4gIC0gbmFtZTogcmVhbHRpbWUtdjEtd3NcbiAgICBfY29tbWVudDogJ1JlYWx0aW1lOiAvcmVhbHRpbWUvdjEvKiAtPiB3czovL3JlYWx0aW1lOjQwMDAvc29ja2V0LyonXG4gICAgdXJsOiBodHRwOi8vcmVhbHRpbWUtZGV2OjQwMDAvc29ja2V0XG4gICAgcHJvdG9jb2w6IHdzXG4gICAgcm91dGVzOlxuICAgICAgLSBuYW1lOiByZWFsdGltZS12MS13c1xuICAgICAgICBzdHJpcF9wYXRoOiB0cnVlXG4gICAgICAgIHBhdGhzOlxuICAgICAgICAgIC0gL3JlYWx0aW1lL3YxL1xuICAgIHBsdWdpbnM6XG4gICAgICAtIG5hbWU6IGNvcnNcbiAgICAgIC0gbmFtZToga2V5LWF1dGhcbiAgICAgICAgY29uZmlnOlxuICAgICAgICAgIGhpZGVfY3JlZGVudGlhbHM6IGZhbHNlXG4gICAgICAtIG5hbWU6IGFjbFxuICAgICAgICBjb25maWc6XG4gICAgICAgICAgaGlkZV9ncm91cHNfaGVhZGVyOiB0cnVlXG4gICAgICAgICAgYWxsb3c6XG4gICAgICAgICAgICAtIGFkbWluXG4gICAgICAgICAgICAtIGFub25cbiAgLSBuYW1lOiByZWFsdGltZS12MS1yZXN0XG4gICAgX2NvbW1lbnQ6ICdSZWFsdGltZTogL3JlYWx0aW1lL3YxLyogLT4gd3M6Ly9yZWFsdGltZTo0MDAwL3NvY2tldC8qJ1xuICAgIHVybDogaHR0cDovL3JlYWx0aW1lLWRldjo0MDAwL2FwaVxuICAgIHByb3RvY29sOiBodHRwXG4gICAgcm91dGVzOlxuICAgICAgLSBuYW1lOiByZWFsdGltZS12MS1yZXN0XG4gICAgICAgIHN0cmlwX3BhdGg6IHRydWVcbiAgICAgICAgcGF0aHM6XG4gICAgICAgICAgLSAvcmVhbHRpbWUvdjEvYXBpXG4gICAgcGx1Z2luczpcbiAgICAgIC0gbmFtZTogY29yc1xuICAgICAgLSBuYW1lOiBrZXktYXV0aFxuICAgICAgICBjb25maWc6XG4gICAgICAgICAgaGlkZV9jcmVkZW50aWFsczogZmFsc2VcbiAgICAgIC0gbmFtZTogYWNsXG4gICAgICAgIGNvbmZpZzpcbiAgICAgICAgICBoaWRlX2dyb3Vwc19oZWFkZXI6IHRydWVcbiAgICAgICAgICBhbGxvdzpcbiAgICAgICAgICAgIC0gYWRtaW5cbiAgICAgICAgICAgIC0gYW5vblxuXG4gICMjIFN0b3JhZ2Ugcm91dGVzOiB0aGUgc3RvcmFnZSBzZXJ2ZXIgbWFuYWdlcyBpdHMgb3duIGF1dGhcbiAgLSBuYW1lOiBzdG9yYWdlLXYxXG4gICAgX2NvbW1lbnQ6ICdTdG9yYWdlOiAvc3RvcmFnZS92MS8qIC0+IGh0dHA6Ly9zdXBhYmFzZS1zdG9yYWdlOjUwMDAvKidcbiAgICB1cmw6IGh0dHA6Ly9zdXBhYmFzZS1zdG9yYWdlOjUwMDAvXG4gICAgcm91dGVzOlxuICAgICAgLSBuYW1lOiBzdG9yYWdlLXYxLWFsbFxuICAgICAgICBzdHJpcF9wYXRoOiB0cnVlXG4gICAgICAgIHBhdGhzOlxuICAgICAgICAgIC0gL3N0b3JhZ2UvdjEvXG4gICAgcGx1Z2luczpcbiAgICAgIC0gbmFtZTogY29yc1xuXG4gICMjIEVkZ2UgRnVuY3Rpb25zIHJvdXRlc1xuICAtIG5hbWU6IGZ1bmN0aW9ucy12MVxuICAgIF9jb21tZW50OiAnRWRnZSBGdW5jdGlvbnM6IC9mdW5jdGlvbnMvdjEvKiAtPiBodHRwOi8vc3VwYWJhc2UtZWRnZS1mdW5jdGlvbnM6OTAwMC8qJ1xuICAgIHVybDogaHR0cDovL3N1cGFiYXNlLWVkZ2UtZnVuY3Rpb25zOjkwMDAvXG4gICAgcm91dGVzOlxuICAgICAgLSBuYW1lOiBmdW5jdGlvbnMtdjEtYWxsXG4gICAgICAgIHN0cmlwX3BhdGg6IHRydWVcbiAgICAgICAgcGF0aHM6XG4gICAgICAgICAgLSAvZnVuY3Rpb25zL3YxL1xuICAgIHBsdWdpbnM6XG4gICAgICAtIG5hbWU6IGNvcnNcblxuICAjIyBBbmFseXRpY3Mgcm91dGVzXG4gIC0gbmFtZTogYW5hbHl0aWNzLXYxXG4gICAgX2NvbW1lbnQ6ICdBbmFseXRpY3M6IC9hbmFseXRpY3MvdjEvKiAtPiBodHRwOi8vbG9nZmxhcmU6NDAwMC8qJ1xuICAgIHVybDogaHR0cDovL3N1cGFiYXNlLWFuYWx5dGljczo0MDAwL1xuICAgIHJvdXRlczpcbiAgICAgIC0gbmFtZTogYW5hbHl0aWNzLXYxLWFsbFxuICAgICAgICBzdHJpcF9wYXRoOiB0cnVlXG4gICAgICAgIHBhdGhzOlxuICAgICAgICAgIC0gL2FuYWx5dGljcy92MS9cblxuICAjIyBTZWN1cmUgRGF0YWJhc2Ugcm91dGVzXG4gIC0gbmFtZTogbWV0YVxuICAgIF9jb21tZW50OiAncGctbWV0YTogL3BnLyogLT4gaHR0cDovL3N1cGFiYXNlLW1ldGE6ODA4MC8qJ1xuICAgIHVybDogaHR0cDovL3N1cGFiYXNlLW1ldGE6ODA4MC9cbiAgICByb3V0ZXM6XG4gICAgICAtIG5hbWU6IG1ldGEtYWxsXG4gICAgICAgIHN0cmlwX3BhdGg6IHRydWVcbiAgICAgICAgcGF0aHM6XG4gICAgICAgICAgLSAvcGcvXG4gICAgcGx1Z2luczpcbiAgICAgIC0gbmFtZToga2V5LWF1dGhcbiAgICAgICAgY29uZmlnOlxuICAgICAgICAgIGhpZGVfY3JlZGVudGlhbHM6IGZhbHNlXG4gICAgICAtIG5hbWU6IGFjbFxuICAgICAgICBjb25maWc6XG4gICAgICAgICAgaGlkZV9ncm91cHNfaGVhZGVyOiB0cnVlXG4gICAgICAgICAgYWxsb3c6XG4gICAgICAgICAgICAtIGFkbWluXG5cbiAgIyMgUHJvdGVjdGVkIERhc2hib2FyZCAtIGNhdGNoIGFsbCByZW1haW5pbmcgcm91dGVzXG4gIC0gbmFtZTogZGFzaGJvYXJkXG4gICAgX2NvbW1lbnQ6ICdTdHVkaW86IC8qIC0+IGh0dHA6Ly9zdHVkaW86MzAwMC8qJ1xuICAgIHVybDogaHR0cDovL3N1cGFiYXNlLXN0dWRpbzozMDAwL1xuICAgIHJvdXRlczpcbiAgICAgIC0gbmFtZTogZGFzaGJvYXJkLWFsbFxuICAgICAgICBzdHJpcF9wYXRoOiB0cnVlXG4gICAgICAgIHBhdGhzOlxuICAgICAgICAgIC0gL1xuICAgIHBsdWdpbnM6XG4gICAgICAtIG5hbWU6IGNvcnNcbiAgICAgIC0gbmFtZTogYmFzaWMtYXV0aFxuICAgICAgICBjb25maWc6XG4gICAgICAgICAgaGlkZV9jcmVkZW50aWFsczogdHJ1ZVxuIgogIHN1cGFiYXNlLXN0dWRpbzoKICAgIGltYWdlOiAnc3VwYWJhc2Uvc3R1ZGlvOjIwMjQxMjAyLTcxZTUyNDAnCiAgICBoZWFsdGhjaGVjazoKICAgICAgdGVzdDoKICAgICAgICAtIENNRAogICAgICAgIC0gbm9kZQogICAgICAgIC0gJy1lJwogICAgICAgIC0gInJlcXVpcmUoJ2h0dHAnKS5nZXQoJ2h0dHA6Ly8xMjcuMC4wLjE6MzAwMC9hcGkvcHJvZmlsZScsIChyKSA9PiB7aWYgKHIuc3RhdHVzQ29kZSAhPT0gMjAwKSBwcm9jZXNzLmV4aXQoMSk7IGVsc2UgcHJvY2Vzcy5leGl0KDApOyB9KS5vbignZXJyb3InLCAoKSA9PiBwcm9jZXNzLmV4aXQoMSkpIgogICAgICB0aW1lb3V0OiA1cwogICAgICBpbnRlcnZhbDogNXMKICAgICAgcmV0cmllczogMwogICAgZGVwZW5kc19vbjoKICAgICAgc3VwYWJhc2UtYW5hbHl0aWNzOgogICAgICAgIGNvbmRpdGlvbjogc2VydmljZV9oZWFsdGh5CiAgICBlbnZpcm9ubWVudDoKICAgICAgLSBIT1NUTkFNRT0wLjAuMC4wCiAgICAgIC0gJ1NUVURJT19QR19NRVRBX1VSTD1odHRwOi8vc3VwYWJhc2UtbWV0YTo4MDgwJwogICAgICAtICdQT1NUR1JFU19QQVNTV09SRD0ke1NFUlZJQ0VfUEFTU1dPUkRfUE9TVEdSRVN9JwogICAgICAtICdERUZBVUxUX09SR0FOSVpBVElPTl9OQU1FPSR7U1RVRElPX0RFRkFVTFRfT1JHQU5JWkFUSU9OOi1EZWZhdWx0IE9yZ2FuaXphdGlvbn0nCiAgICAgIC0gJ0RFRkFVTFRfUFJPSkVDVF9OQU1FPSR7U1RVRElPX0RFRkFVTFRfUFJPSkVDVDotRGVmYXVsdCBQcm9qZWN0fScKICAgICAgLSAnU1VQQUJBU0VfVVJMPWh0dHA6Ly9zdXBhYmFzZS1rb25nOjgwMDAnCiAgICAgIC0gJ1NVUEFCQVNFX1BVQkxJQ19VUkw9JHtTRVJWSUNFX0ZRRE5fU1VQQUJBU0VLT05HfScKICAgICAgLSAnU1VQQUJBU0VfQU5PTl9LRVk9JHtTRVJWSUNFX1NVUEFCQVNFQU5PTl9LRVl9JwogICAgICAtICdTVVBBQkFTRV9TRVJWSUNFX0tFWT0ke1NFUlZJQ0VfU1VQQUJBU0VTRVJWSUNFX0tFWX0nCiAgICAgIC0gJ0FVVEhfSldUX1NFQ1JFVD0ke1NFUlZJQ0VfUEFTU1dPUkRfSldUfScKICAgICAgLSAnTE9HRkxBUkVfQVBJX0tFWT0ke1NFUlZJQ0VfUEFTU1dPUkRfTE9HRkxBUkV9JwogICAgICAtICdMT0dGTEFSRV9VUkw9aHR0cDovL3N1cGFiYXNlLWFuYWx5dGljczo0MDAwJwogICAgICAtICdTVVBBQkFTRV9QVUJMSUNfQVBJPSR7U0VSVklDRV9GUUROX1NVUEFCQVNFS09OR30nCiAgICAgIC0gTkVYVF9QVUJMSUNfRU5BQkxFX0xPR1M9dHJ1ZQogICAgICAtIE5FWFRfQU5BTFlUSUNTX0JBQ0tFTkRfUFJPVklERVI9cG9zdGdyZXMKICAgICAgLSAnT1BFTkFJX0FQSV9LRVk9JHtPUEVOQUlfQVBJX0tFWX0nCiAgc3VwYWJhc2UtZGI6CiAgICBpbWFnZTogJ3N1cGFiYXNlL3Bvc3RncmVzOjE1LjguMS4wNDgnCiAgICBoZWFsdGhjaGVjazoKICAgICAgdGVzdDogJ3BnX2lzcmVhZHkgLVUgcG9zdGdyZXMgLWggMTI3LjAuMC4xJwogICAgICBpbnRlcnZhbDogNXMKICAgICAgdGltZW91dDogNXMKICAgICAgcmV0cmllczogMTAKICAgIGRlcGVuZHNfb246CiAgICAgIHN1cGFiYXNlLXZlY3RvcjoKICAgICAgICBjb25kaXRpb246IHNlcnZpY2VfaGVhbHRoeQogICAgY29tbWFuZDoKICAgICAgLSBwb3N0Z3JlcwogICAgICAtICctYycKICAgICAgLSBjb25maWdfZmlsZT0vZXRjL3Bvc3RncmVzcWwvcG9zdGdyZXNxbC5jb25mCiAgICAgIC0gJy1jJwogICAgICAtIGxvZ19taW5fbWVzc2FnZXM9ZmF0YWwKICAgIGVudmlyb25tZW50OgogICAgICAtIFBPU1RHUkVTX0hPU1Q9L3Zhci9ydW4vcG9zdGdyZXNxbAogICAgICAtICdQR1BPUlQ9JHtQT1NUR1JFU19QT1JUOi01NDMyfScKICAgICAgLSAnUE9TVEdSRVNfUE9SVD0ke1BPU1RHUkVTX1BPUlQ6LTU0MzJ9JwogICAgICAtICdQR1BBU1NXT1JEPSR7U0VSVklDRV9QQVNTV09SRF9QT1NUR1JFU30nCiAgICAgIC0gJ1BPU1RHUkVTX1BBU1NXT1JEPSR7U0VSVklDRV9QQVNTV09SRF9QT1NUR1JFU30nCiAgICAgIC0gJ1BHREFUQUJBU0U9JHtQT1NUR1JFU19EQjotcG9zdGdyZXN9JwogICAgICAtICdQT1NUR1JFU19EQj0ke1BPU1RHUkVTX0RCOi1wb3N0Z3Jlc30nCiAgICAgIC0gJ0pXVF9TRUNSRVQ9JHtTRVJWSUNFX1BBU1NXT1JEX0pXVH0nCiAgICAgIC0gJ0pXVF9FWFA9JHtKV1RfRVhQSVJZOi0zNjAwfScKICAgIHZvbHVtZXM6CiAgICAgIC0gJ3N1cGFiYXNlLWRiLWRhdGE6L3Zhci9saWIvcG9zdGdyZXNxbC9kYXRhJwogICAgICAtCiAgICAgICAgdHlwZTogYmluZAogICAgICAgIHNvdXJjZTogLi92b2x1bWVzL2RiL3JlYWx0aW1lLnNxbAogICAgICAgIHRhcmdldDogL2RvY2tlci1lbnRyeXBvaW50LWluaXRkYi5kL21pZ3JhdGlvbnMvOTktcmVhbHRpbWUuc3FsCiAgICAgICAgY29udGVudDogIlxcc2V0IHBndXNlciBgZWNobyBcInN1cGFiYXNlX2FkbWluXCJgXG5cbmNyZWF0ZSBzY2hlbWEgaWYgbm90IGV4aXN0cyBfcmVhbHRpbWU7XG5hbHRlciBzY2hlbWEgX3JlYWx0aW1lIG93bmVyIHRvIDpwZ3VzZXI7XG4iCiAgICAgIC0KICAgICAgICB0eXBlOiBiaW5kCiAgICAgICAgc291cmNlOiAuL3ZvbHVtZXMvZGIvX3N1cGFiYXNlLnNxbAogICAgICAgIHRhcmdldDogL2RvY2tlci1lbnRyeXBvaW50LWluaXRkYi5kL21pZ3JhdGlvbnMvOTctX3N1cGFiYXNlLnNxbAogICAgICAgIGNvbnRlbnQ6ICJcXHNldCBwZ3VzZXIgYGVjaG8gXCIkUE9TVEdSRVNfVVNFUlwiYFxuXG5DUkVBVEUgREFUQUJBU0UgX3N1cGFiYXNlIFdJVEggT1dORVIgOnBndXNlcjtcbiIKICAgICAgLQogICAgICAgIHR5cGU6IGJpbmQKICAgICAgICBzb3VyY2U6IC4vdm9sdW1lcy9kYi9wb29sZXIuc3FsCiAgICAgICAgdGFyZ2V0OiAvZG9ja2VyLWVudHJ5cG9pbnQtaW5pdGRiLmQvbWlncmF0aW9ucy85OS1wb29sZXIuc3FsCiAgICAgICAgY29udGVudDogIlxcc2V0IHBndXNlciBgZWNobyBcInN1cGFiYXNlX2FkbWluXCJgXG5cXGMgX3N1cGFiYXNlXG5jcmVhdGUgc2NoZW1hIGlmIG5vdCBleGlzdHMgX3N1cGF2aXNvcjtcbmFsdGVyIHNjaGVtYSBfc3VwYXZpc29yIG93bmVyIHRvIDpwZ3VzZXI7XG5cXGMgcG9zdGdyZXNcbiIKICAgICAgLQogICAgICAgIHR5cGU6IGJpbmQKICAgICAgICBzb3VyY2U6IC4vdm9sdW1lcy9kYi93ZWJob29rcy5zcWwKICAgICAgICB0YXJnZXQ6IC9kb2NrZXItZW50cnlwb2ludC1pbml0ZGIuZC9pbml0LXNjcmlwdHMvOTgtd2ViaG9va3Muc3FsCiAgICAgICAgY29udGVudDogIkJFR0lOO1xuLS0gQ3JlYXRlIHBnX25ldCBleHRlbnNpb25cbkNSRUFURSBFWFRFTlNJT04gSUYgTk9UIEVYSVNUUyBwZ19uZXQgU0NIRU1BIGV4dGVuc2lvbnM7XG4tLSBDcmVhdGUgc3VwYWJhc2VfZnVuY3Rpb25zIHNjaGVtYVxuQ1JFQVRFIFNDSEVNQSBzdXBhYmFzZV9mdW5jdGlvbnMgQVVUSE9SSVpBVElPTiBzdXBhYmFzZV9hZG1pbjtcbkdSQU5UIFVTQUdFIE9OIFNDSEVNQSBzdXBhYmFzZV9mdW5jdGlvbnMgVE8gcG9zdGdyZXMsIGFub24sIGF1dGhlbnRpY2F0ZWQsIHNlcnZpY2Vfcm9sZTtcbkFMVEVSIERFRkFVTFQgUFJJVklMRUdFUyBJTiBTQ0hFTUEgc3VwYWJhc2VfZnVuY3Rpb25zIEdSQU5UIEFMTCBPTiBUQUJMRVMgVE8gcG9zdGdyZXMsIGFub24sIGF1dGhlbnRpY2F0ZWQsIHNlcnZpY2Vfcm9sZTtcbkFMVEVSIERFRkFVTFQgUFJJVklMRUdFUyBJTiBTQ0hFTUEgc3VwYWJhc2VfZnVuY3Rpb25zIEdSQU5UIEFMTCBPTiBGVU5DVElPTlMgVE8gcG9zdGdyZXMsIGFub24sIGF1dGhlbnRpY2F0ZWQsIHNlcnZpY2Vfcm9sZTtcbkFMVEVSIERFRkFVTFQgUFJJVklMRUdFUyBJTiBTQ0hFTUEgc3VwYWJhc2VfZnVuY3Rpb25zIEdSQU5UIEFMTCBPTiBTRVFVRU5DRVMgVE8gcG9zdGdyZXMsIGFub24sIGF1dGhlbnRpY2F0ZWQsIHNlcnZpY2Vfcm9sZTtcbi0tIHN1cGFiYXNlX2Z1bmN0aW9ucy5taWdyYXRpb25zIGRlZmluaXRpb25cbkNSRUFURSBUQUJMRSBzdXBhYmFzZV9mdW5jdGlvbnMubWlncmF0aW9ucyAoXG4gIHZlcnNpb24gdGV4dCBQUklNQVJZIEtFWSxcbiAgaW5zZXJ0ZWRfYXQgdGltZXN0YW1wdHogTk9UIE5VTEwgREVGQVVMVCBOT1coKVxuKTtcbi0tIEluaXRpYWwgc3VwYWJhc2VfZnVuY3Rpb25zIG1pZ3JhdGlvblxuSU5TRVJUIElOVE8gc3VwYWJhc2VfZnVuY3Rpb25zLm1pZ3JhdGlvbnMgKHZlcnNpb24pIFZBTFVFUyAoJ2luaXRpYWwnKTtcbi0tIHN1cGFiYXNlX2Z1bmN0aW9ucy5ob29rcyBkZWZpbml0aW9uXG5DUkVBVEUgVEFCTEUgc3VwYWJhc2VfZnVuY3Rpb25zLmhvb2tzIChcbiAgaWQgYmlnc2VyaWFsIFBSSU1BUlkgS0VZLFxuICBob29rX3RhYmxlX2lkIGludGVnZXIgTk9UIE5VTEwsXG4gIGhvb2tfbmFtZSB0ZXh0IE5PVCBOVUxMLFxuICBjcmVhdGVkX2F0IHRpbWVzdGFtcHR6IE5PVCBOVUxMIERFRkFVTFQgTk9XKCksXG4gIHJlcXVlc3RfaWQgYmlnaW50XG4pO1xuQ1JFQVRFIElOREVYIHN1cGFiYXNlX2Z1bmN0aW9uc19ob29rc19yZXF1ZXN0X2lkX2lkeCBPTiBzdXBhYmFzZV9mdW5jdGlvbnMuaG9va3MgVVNJTkcgYnRyZWUgKHJlcXVlc3RfaWQpO1xuQ1JFQVRFIElOREVYIHN1cGFiYXNlX2Z1bmN0aW9uc19ob29rc19oX3RhYmxlX2lkX2hfbmFtZV9pZHggT04gc3VwYWJhc2VfZnVuY3Rpb25zLmhvb2tzIFVTSU5HIGJ0cmVlIChob29rX3RhYmxlX2lkLCBob29rX25hbWUpO1xuQ09NTUVOVCBPTiBUQUJMRSBzdXBhYmFzZV9mdW5jdGlvbnMuaG9va3MgSVMgJ1N1cGFiYXNlIEZ1bmN0aW9ucyBIb29rczogQXVkaXQgdHJhaWwgZm9yIHRyaWdnZXJlZCBob29rcy4nO1xuQ1JFQVRFIEZVTkNUSU9OIHN1cGFiYXNlX2Z1bmN0aW9ucy5odHRwX3JlcXVlc3QoKVxuICBSRVRVUk5TIHRyaWdnZXJcbiAgTEFOR1VBR0UgcGxwZ3NxbFxuICBBUyAkZnVuY3Rpb24kXG4gIERFQ0xBUkVcbiAgICByZXF1ZXN0X2lkIGJpZ2ludDtcbiAgICBwYXlsb2FkIGpzb25iO1xuICAgIHVybCB0ZXh0IDo9IFRHX0FSR1ZbMF06OnRleHQ7XG4gICAgbWV0aG9kIHRleHQgOj0gVEdfQVJHVlsxXTo6dGV4dDtcbiAgICBoZWFkZXJzIGpzb25iIERFRkFVTFQgJ3t9Jzo6anNvbmI7XG4gICAgcGFyYW1zIGpzb25iIERFRkFVTFQgJ3t9Jzo6anNvbmI7XG4gICAgdGltZW91dF9tcyBpbnRlZ2VyIERFRkFVTFQgMTAwMDtcbiAgQkVHSU5cbiAgICBJRiB1cmwgSVMgTlVMTCBPUiB1cmwgPSAnbnVsbCcgVEhFTlxuICAgICAgUkFJU0UgRVhDRVBUSU9OICd1cmwgYXJndW1lbnQgaXMgbWlzc2luZyc7XG4gICAgRU5EIElGO1xuXG4gICAgSUYgbWV0aG9kIElTIE5VTEwgT1IgbWV0aG9kID0gJ251bGwnIFRIRU5cbiAgICAgIFJBSVNFIEVYQ0VQVElPTiAnbWV0aG9kIGFyZ3VtZW50IGlzIG1pc3NpbmcnO1xuICAgIEVORCBJRjtcblxuICAgIElGIFRHX0FSR1ZbMl0gSVMgTlVMTCBPUiBUR19BUkdWWzJdID0gJ251bGwnIFRIRU5cbiAgICAgIGhlYWRlcnMgPSAne1wiQ29udGVudC1UeXBlXCI6IFwiYXBwbGljYXRpb24vanNvblwifSc6Ompzb25iO1xuICAgIEVMU0VcbiAgICAgIGhlYWRlcnMgPSBUR19BUkdWWzJdOjpqc29uYjtcbiAgICBFTkQgSUY7XG5cbiAgICBJRiBUR19BUkdWWzNdIElTIE5VTEwgT1IgVEdfQVJHVlszXSA9ICdudWxsJyBUSEVOXG4gICAgICBwYXJhbXMgPSAne30nOjpqc29uYjtcbiAgICBFTFNFXG4gICAgICBwYXJhbXMgPSBUR19BUkdWWzNdOjpqc29uYjtcbiAgICBFTkQgSUY7XG5cbiAgICBJRiBUR19BUkdWWzRdIElTIE5VTEwgT1IgVEdfQVJHVls0XSA9ICdudWxsJyBUSEVOXG4gICAgICB0aW1lb3V0X21zID0gMTAwMDtcbiAgICBFTFNFXG4gICAgICB0aW1lb3V0X21zID0gVEdfQVJHVls0XTo6aW50ZWdlcjtcbiAgICBFTkQgSUY7XG5cbiAgICBDQVNFXG4gICAgICBXSEVOIG1ldGhvZCA9ICdHRVQnIFRIRU5cbiAgICAgICAgU0VMRUNUIGh0dHBfZ2V0IElOVE8gcmVxdWVzdF9pZCBGUk9NIG5ldC5odHRwX2dldChcbiAgICAgICAgICB1cmwsXG4gICAgICAgICAgcGFyYW1zLFxuICAgICAgICAgIGhlYWRlcnMsXG4gICAgICAgICAgdGltZW91dF9tc1xuICAgICAgICApO1xuICAgICAgV0hFTiBtZXRob2QgPSAnUE9TVCcgVEhFTlxuICAgICAgICBwYXlsb2FkID0ganNvbmJfYnVpbGRfb2JqZWN0KFxuICAgICAgICAgICdvbGRfcmVjb3JkJywgT0xELFxuICAgICAgICAgICdyZWNvcmQnLCBORVcsXG4gICAgICAgICAgJ3R5cGUnLCBUR19PUCxcbiAgICAgICAgICAndGFibGUnLCBUR19UQUJMRV9OQU1FLFxuICAgICAgICAgICdzY2hlbWEnLCBUR19UQUJMRV9TQ0hFTUFcbiAgICAgICAgKTtcblxuICAgICAgICBTRUxFQ1QgaHR0cF9wb3N0IElOVE8gcmVxdWVzdF9pZCBGUk9NIG5ldC5odHRwX3Bvc3QoXG4gICAgICAgICAgdXJsLFxuICAgICAgICAgIHBheWxvYWQsXG4gICAgICAgICAgcGFyYW1zLFxuICAgICAgICAgIGhlYWRlcnMsXG4gICAgICAgICAgdGltZW91dF9tc1xuICAgICAgICApO1xuICAgICAgRUxTRVxuICAgICAgICBSQUlTRSBFWENFUFRJT04gJ21ldGhvZCBhcmd1bWVudCAlIGlzIGludmFsaWQnLCBtZXRob2Q7XG4gICAgRU5EIENBU0U7XG5cbiAgICBJTlNFUlQgSU5UTyBzdXBhYmFzZV9mdW5jdGlvbnMuaG9va3NcbiAgICAgIChob29rX3RhYmxlX2lkLCBob29rX25hbWUsIHJlcXVlc3RfaWQpXG4gICAgVkFMVUVTXG4gICAgICAoVEdfUkVMSUQsIFRHX05BTUUsIHJlcXVlc3RfaWQpO1xuXG4gICAgUkVUVVJOIE5FVztcbiAgRU5EXG4kZnVuY3Rpb24kO1xuLS0gU3VwYWJhc2Ugc3VwZXIgYWRtaW5cbkRPXG4kJFxuQkVHSU5cbiAgSUYgTk9UIEVYSVNUUyAoXG4gICAgU0VMRUNUIDFcbiAgICBGUk9NIHBnX3JvbGVzXG4gICAgV0hFUkUgcm9sbmFtZSA9ICdzdXBhYmFzZV9mdW5jdGlvbnNfYWRtaW4nXG4gIClcbiAgVEhFTlxuICAgIENSRUFURSBVU0VSIHN1cGFiYXNlX2Z1bmN0aW9uc19hZG1pbiBOT0lOSEVSSVQgQ1JFQVRFUk9MRSBMT0dJTiBOT1JFUExJQ0FUSU9OO1xuICBFTkQgSUY7XG5FTkRcbiQkO1xuR1JBTlQgQUxMIFBSSVZJTEVHRVMgT04gU0NIRU1BIHN1cGFiYXNlX2Z1bmN0aW9ucyBUTyBzdXBhYmFzZV9mdW5jdGlvbnNfYWRtaW47XG5HUkFOVCBBTEwgUFJJVklMRUdFUyBPTiBBTEwgVEFCTEVTIElOIFNDSEVNQSBzdXBhYmFzZV9mdW5jdGlvbnMgVE8gc3VwYWJhc2VfZnVuY3Rpb25zX2FkbWluO1xuR1JBTlQgQUxMIFBSSVZJTEVHRVMgT04gQUxMIFNFUVVFTkNFUyBJTiBTQ0hFTUEgc3VwYWJhc2VfZnVuY3Rpb25zIFRPIHN1cGFiYXNlX2Z1bmN0aW9uc19hZG1pbjtcbkFMVEVSIFVTRVIgc3VwYWJhc2VfZnVuY3Rpb25zX2FkbWluIFNFVCBzZWFyY2hfcGF0aCA9IFwic3VwYWJhc2VfZnVuY3Rpb25zXCI7XG5BTFRFUiB0YWJsZSBcInN1cGFiYXNlX2Z1bmN0aW9uc1wiLm1pZ3JhdGlvbnMgT1dORVIgVE8gc3VwYWJhc2VfZnVuY3Rpb25zX2FkbWluO1xuQUxURVIgdGFibGUgXCJzdXBhYmFzZV9mdW5jdGlvbnNcIi5ob29rcyBPV05FUiBUTyBzdXBhYmFzZV9mdW5jdGlvbnNfYWRtaW47XG5BTFRFUiBmdW5jdGlvbiBcInN1cGFiYXNlX2Z1bmN0aW9uc1wiLmh0dHBfcmVxdWVzdCgpIE9XTkVSIFRPIHN1cGFiYXNlX2Z1bmN0aW9uc19hZG1pbjtcbkdSQU5UIHN1cGFiYXNlX2Z1bmN0aW9uc19hZG1pbiBUTyBwb3N0Z3Jlcztcbi0tIFJlbW92ZSB1bnVzZWQgc3VwYWJhc2VfcGdfbmV0X2FkbWluIHJvbGVcbkRPXG4kJFxuQkVHSU5cbiAgSUYgRVhJU1RTIChcbiAgICBTRUxFQ1QgMVxuICAgIEZST00gcGdfcm9sZXNcbiAgICBXSEVSRSByb2xuYW1lID0gJ3N1cGFiYXNlX3BnX25ldF9hZG1pbidcbiAgKVxuICBUSEVOXG4gICAgUkVBU1NJR04gT1dORUQgQlkgc3VwYWJhc2VfcGdfbmV0X2FkbWluIFRPIHN1cGFiYXNlX2FkbWluO1xuICAgIERST1AgT1dORUQgQlkgc3VwYWJhc2VfcGdfbmV0X2FkbWluO1xuICAgIERST1AgUk9MRSBzdXBhYmFzZV9wZ19uZXRfYWRtaW47XG4gIEVORCBJRjtcbkVORFxuJCQ7XG4tLSBwZ19uZXQgZ3JhbnRzIHdoZW4gZXh0ZW5zaW9uIGlzIGFscmVhZHkgZW5hYmxlZFxuRE9cbiQkXG5CRUdJTlxuICBJRiBFWElTVFMgKFxuICAgIFNFTEVDVCAxXG4gICAgRlJPTSBwZ19leHRlbnNpb25cbiAgICBXSEVSRSBleHRuYW1lID0gJ3BnX25ldCdcbiAgKVxuICBUSEVOXG4gICAgR1JBTlQgVVNBR0UgT04gU0NIRU1BIG5ldCBUTyBzdXBhYmFzZV9mdW5jdGlvbnNfYWRtaW4sIHBvc3RncmVzLCBhbm9uLCBhdXRoZW50aWNhdGVkLCBzZXJ2aWNlX3JvbGU7XG4gICAgQUxURVIgZnVuY3Rpb24gbmV0Lmh0dHBfZ2V0KHVybCB0ZXh0LCBwYXJhbXMganNvbmIsIGhlYWRlcnMganNvbmIsIHRpbWVvdXRfbWlsbGlzZWNvbmRzIGludGVnZXIpIFNFQ1VSSVRZIERFRklORVI7XG4gICAgQUxURVIgZnVuY3Rpb24gbmV0Lmh0dHBfcG9zdCh1cmwgdGV4dCwgYm9keSBqc29uYiwgcGFyYW1zIGpzb25iLCBoZWFkZXJzIGpzb25iLCB0aW1lb3V0X21pbGxpc2Vjb25kcyBpbnRlZ2VyKSBTRUNVUklUWSBERUZJTkVSO1xuICAgIEFMVEVSIGZ1bmN0aW9uIG5ldC5odHRwX2dldCh1cmwgdGV4dCwgcGFyYW1zIGpzb25iLCBoZWFkZXJzIGpzb25iLCB0aW1lb3V0X21pbGxpc2Vjb25kcyBpbnRlZ2VyKSBTRVQgc2VhcmNoX3BhdGggPSBuZXQ7XG4gICAgQUxURVIgZnVuY3Rpb24gbmV0Lmh0dHBfcG9zdCh1cmwgdGV4dCwgYm9keSBqc29uYiwgcGFyYW1zIGpzb25iLCBoZWFkZXJzIGpzb25iLCB0aW1lb3V0X21pbGxpc2Vjb25kcyBpbnRlZ2VyKSBTRVQgc2VhcmNoX3BhdGggPSBuZXQ7XG4gICAgUkVWT0tFIEFMTCBPTiBGVU5DVElPTiBuZXQuaHR0cF9nZXQodXJsIHRleHQsIHBhcmFtcyBqc29uYiwgaGVhZGVycyBqc29uYiwgdGltZW91dF9taWxsaXNlY29uZHMgaW50ZWdlcikgRlJPTSBQVUJMSUM7XG4gICAgUkVWT0tFIEFMTCBPTiBGVU5DVElPTiBuZXQuaHR0cF9wb3N0KHVybCB0ZXh0LCBib2R5IGpzb25iLCBwYXJhbXMganNvbmIsIGhlYWRlcnMganNvbmIsIHRpbWVvdXRfbWlsbGlzZWNvbmRzIGludGVnZXIpIEZST00gUFVCTElDO1xuICAgIEdSQU5UIEVYRUNVVEUgT04gRlVOQ1RJT04gbmV0Lmh0dHBfZ2V0KHVybCB0ZXh0LCBwYXJhbXMganNvbmIsIGhlYWRlcnMganNvbmIsIHRpbWVvdXRfbWlsbGlzZWNvbmRzIGludGVnZXIpIFRPIHN1cGFiYXNlX2Z1bmN0aW9uc19hZG1pbiwgcG9zdGdyZXMsIGFub24sIGF1dGhlbnRpY2F0ZWQsIHNlcnZpY2Vfcm9sZTtcbiAgICBHUkFOVCBFWEVDVVRFIE9OIEZVTkNUSU9OIG5ldC5odHRwX3Bvc3QodXJsIHRleHQsIGJvZHkganNvbmIsIHBhcmFtcyBqc29uYiwgaGVhZGVycyBqc29uYiwgdGltZW91dF9taWxsaXNlY29uZHMgaW50ZWdlcikgVE8gc3VwYWJhc2VfZnVuY3Rpb25zX2FkbWluLCBwb3N0Z3JlcywgYW5vbiwgYXV0aGVudGljYXRlZCwgc2VydmljZV9yb2xlO1xuICBFTkQgSUY7XG5FTkRcbiQkO1xuLS0gRXZlbnQgdHJpZ2dlciBmb3IgcGdfbmV0XG5DUkVBVEUgT1IgUkVQTEFDRSBGVU5DVElPTiBleHRlbnNpb25zLmdyYW50X3BnX25ldF9hY2Nlc3MoKVxuUkVUVVJOUyBldmVudF90cmlnZ2VyXG5MQU5HVUFHRSBwbHBnc3FsXG5BUyAkJFxuQkVHSU5cbiAgSUYgRVhJU1RTIChcbiAgICBTRUxFQ1QgMVxuICAgIEZST00gcGdfZXZlbnRfdHJpZ2dlcl9kZGxfY29tbWFuZHMoKSBBUyBldlxuICAgIEpPSU4gcGdfZXh0ZW5zaW9uIEFTIGV4dFxuICAgIE9OIGV2Lm9iamlkID0gZXh0Lm9pZFxuICAgIFdIRVJFIGV4dC5leHRuYW1lID0gJ3BnX25ldCdcbiAgKVxuICBUSEVOXG4gICAgR1JBTlQgVVNBR0UgT04gU0NIRU1BIG5ldCBUTyBzdXBhYmFzZV9mdW5jdGlvbnNfYWRtaW4sIHBvc3RncmVzLCBhbm9uLCBhdXRoZW50aWNhdGVkLCBzZXJ2aWNlX3JvbGU7XG4gICAgQUxURVIgZnVuY3Rpb24gbmV0Lmh0dHBfZ2V0KHVybCB0ZXh0LCBwYXJhbXMganNvbmIsIGhlYWRlcnMganNvbmIsIHRpbWVvdXRfbWlsbGlzZWNvbmRzIGludGVnZXIpIFNFQ1VSSVRZIERFRklORVI7XG4gICAgQUxURVIgZnVuY3Rpb24gbmV0Lmh0dHBfcG9zdCh1cmwgdGV4dCwgYm9keSBqc29uYiwgcGFyYW1zIGpzb25iLCBoZWFkZXJzIGpzb25iLCB0aW1lb3V0X21pbGxpc2Vjb25kcyBpbnRlZ2VyKSBTRUNVUklUWSBERUZJTkVSO1xuICAgIEFMVEVSIGZ1bmN0aW9uIG5ldC5odHRwX2dldCh1cmwgdGV4dCwgcGFyYW1zIGpzb25iLCBoZWFkZXJzIGpzb25iLCB0aW1lb3V0X21pbGxpc2Vjb25kcyBpbnRlZ2VyKSBTRVQgc2VhcmNoX3BhdGggPSBuZXQ7XG4gICAgQUxURVIgZnVuY3Rpb24gbmV0Lmh0dHBfcG9zdCh1cmwgdGV4dCwgYm9keSBqc29uYiwgcGFyYW1zIGpzb25iLCBoZWFkZXJzIGpzb25iLCB0aW1lb3V0X21pbGxpc2Vjb25kcyBpbnRlZ2VyKSBTRVQgc2VhcmNoX3BhdGggPSBuZXQ7XG4gICAgUkVWT0tFIEFMTCBPTiBGVU5DVElPTiBuZXQuaHR0cF9nZXQodXJsIHRleHQsIHBhcmFtcyBqc29uYiwgaGVhZGVycyBqc29uYiwgdGltZW91dF9taWxsaXNlY29uZHMgaW50ZWdlcikgRlJPTSBQVUJMSUM7XG4gICAgUkVWT0tFIEFMTCBPTiBGVU5DVElPTiBuZXQuaHR0cF9wb3N0KHVybCB0ZXh0LCBib2R5IGpzb25iLCBwYXJhbXMganNvbmIsIGhlYWRlcnMganNvbmIsIHRpbWVvdXRfbWlsbGlzZWNvbmRzIGludGVnZXIpIEZST00gUFVCTElDO1xuICAgIEdSQU5UIEVYRUNVVEUgT04gRlVOQ1RJT04gbmV0Lmh0dHBfZ2V0KHVybCB0ZXh0LCBwYXJhbXMganNvbmIsIGhlYWRlcnMganNvbmIsIHRpbWVvdXRfbWlsbGlzZWNvbmRzIGludGVnZXIpIFRPIHN1cGFiYXNlX2Z1bmN0aW9uc19hZG1pbiwgcG9zdGdyZXMsIGFub24sIGF1dGhlbnRpY2F0ZWQsIHNlcnZpY2Vfcm9sZTtcbiAgICBHUkFOVCBFWEVDVVRFIE9OIEZVTkNUSU9OIG5ldC5odHRwX3Bvc3QodXJsIHRleHQsIGJvZHkganNvbmIsIHBhcmFtcyBqc29uYiwgaGVhZGVycyBqc29uYiwgdGltZW91dF9taWxsaXNlY29uZHMgaW50ZWdlcikgVE8gc3VwYWJhc2VfZnVuY3Rpb25zX2FkbWluLCBwb3N0Z3JlcywgYW5vbiwgYXV0aGVudGljYXRlZCwgc2VydmljZV9yb2xlO1xuICBFTkQgSUY7XG5FTkQ7XG4kJDtcbkNPTU1FTlQgT04gRlVOQ1RJT04gZXh0ZW5zaW9ucy5ncmFudF9wZ19uZXRfYWNjZXNzIElTICdHcmFudHMgYWNjZXNzIHRvIHBnX25ldCc7XG5ET1xuJCRcbkJFR0lOXG4gIElGIE5PVCBFWElTVFMgKFxuICAgIFNFTEVDVCAxXG4gICAgRlJPTSBwZ19ldmVudF90cmlnZ2VyXG4gICAgV0hFUkUgZXZ0bmFtZSA9ICdpc3N1ZV9wZ19uZXRfYWNjZXNzJ1xuICApIFRIRU5cbiAgICBDUkVBVEUgRVZFTlQgVFJJR0dFUiBpc3N1ZV9wZ19uZXRfYWNjZXNzIE9OIGRkbF9jb21tYW5kX2VuZCBXSEVOIFRBRyBJTiAoJ0NSRUFURSBFWFRFTlNJT04nKVxuICAgIEVYRUNVVEUgUFJPQ0VEVVJFIGV4dGVuc2lvbnMuZ3JhbnRfcGdfbmV0X2FjY2VzcygpO1xuICBFTkQgSUY7XG5FTkRcbiQkO1xuSU5TRVJUIElOVE8gc3VwYWJhc2VfZnVuY3Rpb25zLm1pZ3JhdGlvbnMgKHZlcnNpb24pIFZBTFVFUyAoJzIwMjEwODA5MTgzNDIzX3VwZGF0ZV9ncmFudHMnKTtcbkFMVEVSIGZ1bmN0aW9uIHN1cGFiYXNlX2Z1bmN0aW9ucy5odHRwX3JlcXVlc3QoKSBTRUNVUklUWSBERUZJTkVSO1xuQUxURVIgZnVuY3Rpb24gc3VwYWJhc2VfZnVuY3Rpb25zLmh0dHBfcmVxdWVzdCgpIFNFVCBzZWFyY2hfcGF0aCA9IHN1cGFiYXNlX2Z1bmN0aW9ucztcblJFVk9LRSBBTEwgT04gRlVOQ1RJT04gc3VwYWJhc2VfZnVuY3Rpb25zLmh0dHBfcmVxdWVzdCgpIEZST00gUFVCTElDO1xuR1JBTlQgRVhFQ1VURSBPTiBGVU5DVElPTiBzdXBhYmFzZV9mdW5jdGlvbnMuaHR0cF9yZXF1ZXN0KCkgVE8gcG9zdGdyZXMsIGFub24sIGF1dGhlbnRpY2F0ZWQsIHNlcnZpY2Vfcm9sZTtcbkNPTU1JVDtcbiIKICAgICAgLQogICAgICAgIHR5cGU6IGJpbmQKICAgICAgICBzb3VyY2U6IC4vdm9sdW1lcy9kYi9yb2xlcy5zcWwKICAgICAgICB0YXJnZXQ6IC9kb2NrZXItZW50cnlwb2ludC1pbml0ZGIuZC9pbml0LXNjcmlwdHMvOTktcm9sZXMuc3FsCiAgICAgICAgY29udGVudDogIi0tIE5PVEU6IGNoYW5nZSB0byB5b3VyIG93biBwYXNzd29yZHMgZm9yIHByb2R1Y3Rpb24gZW52aXJvbm1lbnRzXG4gXFxzZXQgcGdwYXNzIGBlY2hvIFwiJFBPU1RHUkVTX1BBU1NXT1JEXCJgXG5cbiBBTFRFUiBVU0VSIGF1dGhlbnRpY2F0b3IgV0lUSCBQQVNTV09SRCA6J3BncGFzcyc7XG4gQUxURVIgVVNFUiBwZ2JvdW5jZXIgV0lUSCBQQVNTV09SRCA6J3BncGFzcyc7XG4gQUxURVIgVVNFUiBzdXBhYmFzZV9hdXRoX2FkbWluIFdJVEggUEFTU1dPUkQgOidwZ3Bhc3MnO1xuIEFMVEVSIFVTRVIgc3VwYWJhc2VfZnVuY3Rpb25zX2FkbWluIFdJVEggUEFTU1dPUkQgOidwZ3Bhc3MnO1xuIEFMVEVSIFVTRVIgc3VwYWJhc2Vfc3RvcmFnZV9hZG1pbiBXSVRIIFBBU1NXT1JEIDoncGdwYXNzJztcbiIKICAgICAgLQogICAgICAgIHR5cGU6IGJpbmQKICAgICAgICBzb3VyY2U6IC4vdm9sdW1lcy9kYi9qd3Quc3FsCiAgICAgICAgdGFyZ2V0OiAvZG9ja2VyLWVudHJ5cG9pbnQtaW5pdGRiLmQvaW5pdC1zY3JpcHRzLzk5LWp3dC5zcWwKICAgICAgICBjb250ZW50OiAiXFxzZXQgand0X3NlY3JldCBgZWNobyBcIiRKV1RfU0VDUkVUXCJgXG5cXHNldCBqd3RfZXhwIGBlY2hvIFwiJEpXVF9FWFBcImBcblxcc2V0IGRiX25hbWUgYGVjaG8gXCIke1BPU1RHUkVTX0RCOi1wb3N0Z3Jlc31cImBcblxuQUxURVIgREFUQUJBU0UgOmRiX25hbWUgU0VUIFwiYXBwLnNldHRpbmdzLmp3dF9zZWNyZXRcIiBUTyA6J2p3dF9zZWNyZXQnO1xuQUxURVIgREFUQUJBU0UgOmRiX25hbWUgU0VUIFwiYXBwLnNldHRpbmdzLmp3dF9leHBcIiBUTyA6J2p3dF9leHAnO1xuIgogICAgICAtCiAgICAgICAgdHlwZTogYmluZAogICAgICAgIHNvdXJjZTogLi92b2x1bWVzL2RiL2xvZ3Muc3FsCiAgICAgICAgdGFyZ2V0OiAvZG9ja2VyLWVudHJ5cG9pbnQtaW5pdGRiLmQvbWlncmF0aW9ucy85OS1sb2dzLnNxbAogICAgICAgIGNvbnRlbnQ6ICJcXHNldCBwZ3VzZXIgYGVjaG8gXCJzdXBhYmFzZV9hZG1pblwiYFxuXFxjIF9zdXBhYmFzZVxuY3JlYXRlIHNjaGVtYSBpZiBub3QgZXhpc3RzIF9hbmFseXRpY3M7XG5hbHRlciBzY2hlbWEgX2FuYWx5dGljcyBvd25lciB0byA6cGd1c2VyO1xuXFxjIHBvc3RncmVzXG4iCiAgICAgIC0gJ3N1cGFiYXNlLWRiLWNvbmZpZzovZXRjL3Bvc3RncmVzcWwtY3VzdG9tJwogIHN1cGFiYXNlLWFuYWx5dGljczoKICAgIGltYWdlOiAnc3VwYWJhc2UvbG9nZmxhcmU6MS40LjAnCiAgICBoZWFsdGhjaGVjazoKICAgICAgdGVzdDoKICAgICAgICAtIENNRAogICAgICAgIC0gY3VybAogICAgICAgIC0gJ2h0dHA6Ly8xMjcuMC4wLjE6NDAwMC9oZWFsdGgnCiAgICAgIHRpbWVvdXQ6IDVzCiAgICAgIGludGVydmFsOiA1cwogICAgICByZXRyaWVzOiAxMAogICAgZGVwZW5kc19vbjoKICAgICAgc3VwYWJhc2UtZGI6CiAgICAgICAgY29uZGl0aW9uOiBzZXJ2aWNlX2hlYWx0aHkKICAgIGVudmlyb25tZW50OgogICAgICAtIExPR0ZMQVJFX05PREVfSE9TVD0xMjcuMC4wLjEKICAgICAgLSBEQl9VU0VSTkFNRT1zdXBhYmFzZV9hZG1pbgogICAgICAtIERCX0RBVEFCQVNFPV9zdXBhYmFzZQogICAgICAtICdEQl9IT1NUTkFNRT0ke1BPU1RHUkVTX0hPU1ROQU1FOi1zdXBhYmFzZS1kYn0nCiAgICAgIC0gJ0RCX1BPUlQ9JHtQT1NUR1JFU19QT1JUOi01NDMyfScKICAgICAgLSAnREJfUEFTU1dPUkQ9JHtTRVJWSUNFX1BBU1NXT1JEX1BPU1RHUkVTfScKICAgICAgLSBEQl9TQ0hFTUE9X2FuYWx5dGljcwogICAgICAtICdMT0dGTEFSRV9BUElfS0VZPSR7U0VSVklDRV9QQVNTV09SRF9MT0dGTEFSRX0nCiAgICAgIC0gTE9HRkxBUkVfU0lOR0xFX1RFTkFOVD10cnVlCiAgICAgIC0gTE9HRkxBUkVfU0lOR0xFX1RFTkFOVF9NT0RFPXRydWUKICAgICAgLSBMT0dGTEFSRV9TVVBBQkFTRV9NT0RFPXRydWUKICAgICAgLSBMT0dGTEFSRV9NSU5fQ0xVU1RFUl9TSVpFPTEKICAgICAgLSAnUE9TVEdSRVNfQkFDS0VORF9VUkw9cG9zdGdyZXNxbDovL3N1cGFiYXNlX2FkbWluOiR7U0VSVklDRV9QQVNTV09SRF9QT1NUR1JFU31AJHtQT1NUR1JFU19IT1NUTkFNRTotc3VwYWJhc2UtZGJ9OiR7UE9TVEdSRVNfUE9SVDotNTQzMn0vX3N1cGFiYXNlJwogICAgICAtIFBPU1RHUkVTX0JBQ0tFTkRfU0NIRU1BPV9hbmFseXRpY3MKICAgICAgLSBMT0dGTEFSRV9GRUFUVVJFX0ZMQUdfT1ZFUlJJREU9bXVsdGliYWNrZW5kPXRydWUKICBzdXBhYmFzZS12ZWN0b3I6CiAgICBpbWFnZTogJ3RpbWJlcmlvL3ZlY3RvcjowLjI4LjEtYWxwaW5lJwogICAgaGVhbHRoY2hlY2s6CiAgICAgIHRlc3Q6CiAgICAgICAgLSBDTUQKICAgICAgICAtIHdnZXQKICAgICAgICAtICctLW5vLXZlcmJvc2UnCiAgICAgICAgLSAnLS10cmllcz0xJwogICAgICAgIC0gJy0tc3BpZGVyJwogICAgICAgIC0gJ2h0dHA6Ly9zdXBhYmFzZS12ZWN0b3I6OTAwMS9oZWFsdGgnCiAgICAgIHRpbWVvdXQ6IDVzCiAgICAgIGludGVydmFsOiA1cwogICAgICByZXRyaWVzOiAzCiAgICB2b2x1bWVzOgogICAgICAtCiAgICAgICAgdHlwZTogYmluZAogICAgICAgIHNvdXJjZTogLi92b2x1bWVzL2xvZ3MvdmVjdG9yLnltbAogICAgICAgIHRhcmdldDogL2V0Yy92ZWN0b3IvdmVjdG9yLnltbAogICAgICAgIHJlYWRfb25seTogdHJ1ZQogICAgICAgIGNvbnRlbnQ6ICJhcGk6XG4gIGVuYWJsZWQ6IHRydWVcbiAgYWRkcmVzczogMC4wLjAuMDo5MDAxXG5cbnNvdXJjZXM6XG4gIGRvY2tlcl9ob3N0OlxuICAgIHR5cGU6IGRvY2tlcl9sb2dzXG4gICAgZXhjbHVkZV9jb250YWluZXJzOlxuICAgICAgLSBzdXBhYmFzZS12ZWN0b3JcblxudHJhbnNmb3JtczpcbiAgcHJvamVjdF9sb2dzOlxuICAgIHR5cGU6IHJlbWFwXG4gICAgaW5wdXRzOlxuICAgICAgLSBkb2NrZXJfaG9zdFxuICAgIHNvdXJjZTogfC1cbiAgICAgIC5wcm9qZWN0ID0gXCJkZWZhdWx0XCJcbiAgICAgIC5ldmVudF9tZXNzYWdlID0gZGVsKC5tZXNzYWdlKVxuICAgICAgLmFwcG5hbWUgPSBkZWwoLmNvbnRhaW5lcl9uYW1lKVxuICAgICAgZGVsKC5jb250YWluZXJfY3JlYXRlZF9hdClcbiAgICAgIGRlbCguY29udGFpbmVyX2lkKVxuICAgICAgZGVsKC5zb3VyY2VfdHlwZSlcbiAgICAgIGRlbCguc3RyZWFtKVxuICAgICAgZGVsKC5sYWJlbClcbiAgICAgIGRlbCguaW1hZ2UpXG4gICAgICBkZWwoLmhvc3QpXG4gICAgICBkZWwoLnN0cmVhbSlcbiAgcm91dGVyOlxuICAgIHR5cGU6IHJvdXRlXG4gICAgaW5wdXRzOlxuICAgICAgLSBwcm9qZWN0X2xvZ3NcbiAgICByb3V0ZTpcbiAgICAgIGtvbmc6ICdzdGFydHNfd2l0aChzdHJpbmchKC5hcHBuYW1lKSwgXCJzdXBhYmFzZS1rb25nXCIpJ1xuICAgICAgYXV0aDogJ3N0YXJ0c193aXRoKHN0cmluZyEoLmFwcG5hbWUpLCBcInN1cGFiYXNlLWF1dGhcIiknXG4gICAgICByZXN0OiAnc3RhcnRzX3dpdGgoc3RyaW5nISguYXBwbmFtZSksIFwic3VwYWJhc2UtcmVzdFwiKSdcbiAgICAgIHJlYWx0aW1lOiAnc3RhcnRzX3dpdGgoc3RyaW5nISguYXBwbmFtZSksIFwicmVhbHRpbWUtZGV2XCIpJ1xuICAgICAgc3RvcmFnZTogJ3N0YXJ0c193aXRoKHN0cmluZyEoLmFwcG5hbWUpLCBcInN1cGFiYXNlLXN0b3JhZ2VcIiknXG4gICAgICBmdW5jdGlvbnM6ICdzdGFydHNfd2l0aChzdHJpbmchKC5hcHBuYW1lKSwgXCJzdXBhYmFzZS1mdW5jdGlvbnNcIiknXG4gICAgICBkYjogJ3N0YXJ0c193aXRoKHN0cmluZyEoLmFwcG5hbWUpLCBcInN1cGFiYXNlLWRiXCIpJ1xuICAjIElnbm9yZXMgbm9uIG5naW54IGVycm9ycyBzaW5jZSB0aGV5IGFyZSByZWxhdGVkIHdpdGgga29uZyBib290aW5nIHVwXG4gIGtvbmdfbG9nczpcbiAgICB0eXBlOiByZW1hcFxuICAgIGlucHV0czpcbiAgICAgIC0gcm91dGVyLmtvbmdcbiAgICBzb3VyY2U6IHwtXG4gICAgICByZXEsIGVyciA9IHBhcnNlX25naW54X2xvZyguZXZlbnRfbWVzc2FnZSwgXCJjb21iaW5lZFwiKVxuICAgICAgaWYgZXJyID09IG51bGwge1xuICAgICAgICAgIC50aW1lc3RhbXAgPSByZXEudGltZXN0YW1wXG4gICAgICAgICAgLm1ldGFkYXRhLnJlcXVlc3QuaGVhZGVycy5yZWZlcmVyID0gcmVxLnJlZmVyZXJcbiAgICAgICAgICAubWV0YWRhdGEucmVxdWVzdC5oZWFkZXJzLnVzZXJfYWdlbnQgPSByZXEuYWdlbnRcbiAgICAgICAgICAubWV0YWRhdGEucmVxdWVzdC5oZWFkZXJzLmNmX2Nvbm5lY3RpbmdfaXAgPSByZXEuY2xpZW50XG4gICAgICAgICAgLm1ldGFkYXRhLnJlcXVlc3QubWV0aG9kID0gcmVxLm1ldGhvZFxuICAgICAgICAgIC5tZXRhZGF0YS5yZXF1ZXN0LnBhdGggPSByZXEucGF0aFxuICAgICAgICAgIC5tZXRhZGF0YS5yZXF1ZXN0LnByb3RvY29sID0gcmVxLnByb3RvY29sXG4gICAgICAgICAgLm1ldGFkYXRhLnJlc3BvbnNlLnN0YXR1c19jb2RlID0gcmVxLnN0YXR1c1xuICAgICAgfVxuICAgICAgaWYgZXJyICE9IG51bGwge1xuICAgICAgICBhYm9ydFxuICAgICAgfVxuICAjIElnbm9yZXMgbm9uIG5naW54IGVycm9ycyBzaW5jZSB0aGV5IGFyZSByZWxhdGVkIHdpdGgga29uZyBib290aW5nIHVwXG4gIGtvbmdfZXJyOlxuICAgIHR5cGU6IHJlbWFwXG4gICAgaW5wdXRzOlxuICAgICAgLSByb3V0ZXIua29uZ1xuICAgIHNvdXJjZTogfC1cbiAgICAgIC5tZXRhZGF0YS5yZXF1ZXN0Lm1ldGhvZCA9IFwiR0VUXCJcbiAgICAgIC5tZXRhZGF0YS5yZXNwb25zZS5zdGF0dXNfY29kZSA9IDIwMFxuICAgICAgcGFyc2VkLCBlcnIgPSBwYXJzZV9uZ2lueF9sb2coLmV2ZW50X21lc3NhZ2UsIFwiZXJyb3JcIilcbiAgICAgIGlmIGVyciA9PSBudWxsIHtcbiAgICAgICAgICAudGltZXN0YW1wID0gcGFyc2VkLnRpbWVzdGFtcFxuICAgICAgICAgIC5zZXZlcml0eSA9IHBhcnNlZC5zZXZlcml0eVxuICAgICAgICAgIC5tZXRhZGF0YS5yZXF1ZXN0Lmhvc3QgPSBwYXJzZWQuaG9zdFxuICAgICAgICAgIC5tZXRhZGF0YS5yZXF1ZXN0LmhlYWRlcnMuY2ZfY29ubmVjdGluZ19pcCA9IHBhcnNlZC5jbGllbnRcbiAgICAgICAgICB1cmwsIGVyciA9IHNwbGl0KHBhcnNlZC5yZXF1ZXN0LCBcIiBcIilcbiAgICAgICAgICBpZiBlcnIgPT0gbnVsbCB7XG4gICAgICAgICAgICAgIC5tZXRhZGF0YS5yZXF1ZXN0Lm1ldGhvZCA9IHVybFswXVxuICAgICAgICAgICAgICAubWV0YWRhdGEucmVxdWVzdC5wYXRoID0gdXJsWzFdXG4gICAgICAgICAgICAgIC5tZXRhZGF0YS5yZXF1ZXN0LnByb3RvY29sID0gdXJsWzJdXG4gICAgICAgICAgfVxuICAgICAgfVxuICAgICAgaWYgZXJyICE9IG51bGwge1xuICAgICAgICBhYm9ydFxuICAgICAgfVxuICAjIEdvdHJ1ZSBsb2dzIGFyZSBzdHJ1Y3R1cmVkIGpzb24gc3RyaW5ncyB3aGljaCBmcm9udGVuZCBwYXJzZXMgZGlyZWN0bHkuIEJ1dCB3ZSBrZWVwIG1ldGFkYXRhIGZvciBjb25zaXN0ZW5jeS5cbiAgYXV0aF9sb2dzOlxuICAgIHR5cGU6IHJlbWFwXG4gICAgaW5wdXRzOlxuICAgICAgLSByb3V0ZXIuYXV0aFxuICAgIHNvdXJjZTogfC1cbiAgICAgIHBhcnNlZCwgZXJyID0gcGFyc2VfanNvbiguZXZlbnRfbWVzc2FnZSlcbiAgICAgIGlmIGVyciA9PSBudWxsIHtcbiAgICAgICAgICAubWV0YWRhdGEudGltZXN0YW1wID0gcGFyc2VkLnRpbWVcbiAgICAgICAgICAubWV0YWRhdGEgPSBtZXJnZSEoLm1ldGFkYXRhLCBwYXJzZWQpXG4gICAgICB9XG4gICMgUG9zdGdSRVNUIGxvZ3MgYXJlIHN0cnVjdHVyZWQgc28gd2Ugc2VwYXJhdGUgdGltZXN0YW1wIGZyb20gbWVzc2FnZSB1c2luZyByZWdleFxuICByZXN0X2xvZ3M6XG4gICAgdHlwZTogcmVtYXBcbiAgICBpbnB1dHM6XG4gICAgICAtIHJvdXRlci5yZXN0XG4gICAgc291cmNlOiB8LVxuICAgICAgcGFyc2VkLCBlcnIgPSBwYXJzZV9yZWdleCguZXZlbnRfbWVzc2FnZSwgcideKD9QPHRpbWU+LiopOiAoP1A8bXNnPi4qKSQnKVxuICAgICAgaWYgZXJyID09IG51bGwge1xuICAgICAgICAgIC5ldmVudF9tZXNzYWdlID0gcGFyc2VkLm1zZ1xuICAgICAgICAgIC50aW1lc3RhbXAgPSB0b190aW1lc3RhbXAhKHBhcnNlZC50aW1lKVxuICAgICAgICAgIC5tZXRhZGF0YS5ob3N0ID0gLnByb2plY3RcbiAgICAgIH1cbiAgIyBSZWFsdGltZSBsb2dzIGFyZSBzdHJ1Y3R1cmVkIHNvIHdlIHBhcnNlIHRoZSBzZXZlcml0eSBsZXZlbCB1c2luZyByZWdleCAoaWdub3JlIHRpbWUgYmVjYXVzZSBpdCBoYXMgbm8gZGF0ZSlcbiAgcmVhbHRpbWVfbG9nczpcbiAgICB0eXBlOiByZW1hcFxuICAgIGlucHV0czpcbiAgICAgIC0gcm91dGVyLnJlYWx0aW1lXG4gICAgc291cmNlOiB8LVxuICAgICAgLm1ldGFkYXRhLnByb2plY3QgPSBkZWwoLnByb2plY3QpXG4gICAgICAubWV0YWRhdGEuZXh0ZXJuYWxfaWQgPSAubWV0YWRhdGEucHJvamVjdFxuICAgICAgcGFyc2VkLCBlcnIgPSBwYXJzZV9yZWdleCguZXZlbnRfbWVzc2FnZSwgcideKD9QPHRpbWU+XFxkKzpcXGQrOlxcZCtcXC5cXGQrKSBcXFsoP1A8bGV2ZWw+XFx3KylcXF0gKD9QPG1zZz4uKikkJylcbiAgICAgIGlmIGVyciA9PSBudWxsIHtcbiAgICAgICAgICAuZXZlbnRfbWVzc2FnZSA9IHBhcnNlZC5tc2dcbiAgICAgICAgICAubWV0YWRhdGEubGV2ZWwgPSBwYXJzZWQubGV2ZWxcbiAgICAgIH1cbiAgIyBTdG9yYWdlIGxvZ3MgbWF5IGNvbnRhaW4ganNvbiBvYmplY3RzIHNvIHdlIHBhcnNlIHRoZW0gZm9yIGNvbXBsZXRlbmVzc1xuICBzdG9yYWdlX2xvZ3M6XG4gICAgdHlwZTogcmVtYXBcbiAgICBpbnB1dHM6XG4gICAgICAtIHJvdXRlci5zdG9yYWdlXG4gICAgc291cmNlOiB8LVxuICAgICAgLm1ldGFkYXRhLnByb2plY3QgPSBkZWwoLnByb2plY3QpXG4gICAgICAubWV0YWRhdGEudGVuYW50SWQgPSAubWV0YWRhdGEucHJvamVjdFxuICAgICAgcGFyc2VkLCBlcnIgPSBwYXJzZV9qc29uKC5ldmVudF9tZXNzYWdlKVxuICAgICAgaWYgZXJyID09IG51bGwge1xuICAgICAgICAgIC5ldmVudF9tZXNzYWdlID0gcGFyc2VkLm1zZ1xuICAgICAgICAgIC5tZXRhZGF0YS5sZXZlbCA9IHBhcnNlZC5sZXZlbFxuICAgICAgICAgIC5tZXRhZGF0YS50aW1lc3RhbXAgPSBwYXJzZWQudGltZVxuICAgICAgICAgIC5tZXRhZGF0YS5jb250ZXh0WzBdLmhvc3QgPSBwYXJzZWQuaG9zdG5hbWVcbiAgICAgICAgICAubWV0YWRhdGEuY29udGV4dFswXS5waWQgPSBwYXJzZWQucGlkXG4gICAgICB9XG4gICMgUG9zdGdyZXMgbG9ncyBzb21lIG1lc3NhZ2VzIHRvIHN0ZGVyciB3aGljaCB3ZSBtYXAgdG8gd2FybmluZyBzZXZlcml0eSBsZXZlbFxuICBkYl9sb2dzOlxuICAgIHR5cGU6IHJlbWFwXG4gICAgaW5wdXRzOlxuICAgICAgLSByb3V0ZXIuZGJcbiAgICBzb3VyY2U6IHwtXG4gICAgICAubWV0YWRhdGEuaG9zdCA9IFwiZGItZGVmYXVsdFwiXG4gICAgICAubWV0YWRhdGEucGFyc2VkLnRpbWVzdGFtcCA9IC50aW1lc3RhbXBcblxuICAgICAgcGFyc2VkLCBlcnIgPSBwYXJzZV9yZWdleCguZXZlbnRfbWVzc2FnZSwgcicuKig/UDxsZXZlbD5JTkZPfE5PVElDRXxXQVJOSU5HfEVSUk9SfExPR3xGQVRBTHxQQU5JQz8pOi4qJywgbnVtZXJpY19ncm91cHM6IHRydWUpXG5cbiAgICAgIGlmIGVyciAhPSBudWxsIHx8IHBhcnNlZCA9PSBudWxsIHtcbiAgICAgICAgLm1ldGFkYXRhLnBhcnNlZC5lcnJvcl9zZXZlcml0eSA9IFwiaW5mb1wiXG4gICAgICB9XG4gICAgICBpZiBwYXJzZWQgIT0gbnVsbCB7XG4gICAgICAubWV0YWRhdGEucGFyc2VkLmVycm9yX3NldmVyaXR5ID0gcGFyc2VkLmxldmVsXG4gICAgICB9XG4gICAgICBpZiAubWV0YWRhdGEucGFyc2VkLmVycm9yX3NldmVyaXR5ID09IFwiaW5mb1wiIHtcbiAgICAgICAgICAubWV0YWRhdGEucGFyc2VkLmVycm9yX3NldmVyaXR5ID0gXCJsb2dcIlxuICAgICAgfVxuICAgICAgLm1ldGFkYXRhLnBhcnNlZC5lcnJvcl9zZXZlcml0eSA9IHVwY2FzZSEoLm1ldGFkYXRhLnBhcnNlZC5lcnJvcl9zZXZlcml0eSlcblxuc2lua3M6XG4gIGxvZ2ZsYXJlX2F1dGg6XG4gICAgdHlwZTogJ2h0dHAnXG4gICAgaW5wdXRzOlxuICAgICAgLSBhdXRoX2xvZ3NcbiAgICBlbmNvZGluZzpcbiAgICAgIGNvZGVjOiAnanNvbidcbiAgICBtZXRob2Q6ICdwb3N0J1xuICAgIHJlcXVlc3Q6XG4gICAgICByZXRyeV9tYXhfZHVyYXRpb25fc2VjczogMTBcbiAgICB1cmk6ICdodHRwOi8vc3VwYWJhc2UtYW5hbHl0aWNzOjQwMDAvYXBpL2xvZ3M/c291cmNlX25hbWU9Z290cnVlLmxvZ3MucHJvZCZhcGlfa2V5PSR7TE9HRkxBUkVfQVBJX0tFWT9MT0dGTEFSRV9BUElfS0VZIGlzIHJlcXVpcmVkfSdcbiAgbG9nZmxhcmVfcmVhbHRpbWU6XG4gICAgdHlwZTogJ2h0dHAnXG4gICAgaW5wdXRzOlxuICAgICAgLSByZWFsdGltZV9sb2dzXG4gICAgZW5jb2Rpbmc6XG4gICAgICBjb2RlYzogJ2pzb24nXG4gICAgbWV0aG9kOiAncG9zdCdcbiAgICByZXF1ZXN0OlxuICAgICAgcmV0cnlfbWF4X2R1cmF0aW9uX3NlY3M6IDEwXG4gICAgdXJpOiAnaHR0cDovL3N1cGFiYXNlLWFuYWx5dGljczo0MDAwL2FwaS9sb2dzP3NvdXJjZV9uYW1lPXJlYWx0aW1lLmxvZ3MucHJvZCZhcGlfa2V5PSR7TE9HRkxBUkVfQVBJX0tFWT9MT0dGTEFSRV9BUElfS0VZIGlzIHJlcXVpcmVkfSdcbiAgbG9nZmxhcmVfcmVzdDpcbiAgICB0eXBlOiAnaHR0cCdcbiAgICBpbnB1dHM6XG4gICAgICAtIHJlc3RfbG9nc1xuICAgIGVuY29kaW5nOlxuICAgICAgY29kZWM6ICdqc29uJ1xuICAgIG1ldGhvZDogJ3Bvc3QnXG4gICAgcmVxdWVzdDpcbiAgICAgIHJldHJ5X21heF9kdXJhdGlvbl9zZWNzOiAxMFxuICAgIHVyaTogJ2h0dHA6Ly9zdXBhYmFzZS1hbmFseXRpY3M6NDAwMC9hcGkvbG9ncz9zb3VyY2VfbmFtZT1wb3N0Z1JFU1QubG9ncy5wcm9kJmFwaV9rZXk9JHtMT0dGTEFSRV9BUElfS0VZP0xPR0ZMQVJFX0FQSV9LRVkgaXMgcmVxdWlyZWR9J1xuICBsb2dmbGFyZV9kYjpcbiAgICB0eXBlOiAnaHR0cCdcbiAgICBpbnB1dHM6XG4gICAgICAtIGRiX2xvZ3NcbiAgICBlbmNvZGluZzpcbiAgICAgIGNvZGVjOiAnanNvbidcbiAgICBtZXRob2Q6ICdwb3N0J1xuICAgIHJlcXVlc3Q6XG4gICAgICByZXRyeV9tYXhfZHVyYXRpb25fc2VjczogMTBcbiAgICAjIFdlIG11c3Qgcm91dGUgdGhlIHNpbmsgdGhyb3VnaCBrb25nIGJlY2F1c2UgaW5nZXN0aW5nIGxvZ3MgYmVmb3JlIGxvZ2ZsYXJlIGlzIGZ1bGx5IGluaXRpYWxpc2VkIHdpbGxcbiAgICAjIGxlYWQgdG8gYnJva2VuIHF1ZXJpZXMgZnJvbSBzdHVkaW8uIFRoaXMgd29ya3MgYnkgdGhlIGFzc3VtcHRpb24gdGhhdCBjb250YWluZXJzIGFyZSBzdGFydGVkIGluIHRoZVxuICAgICMgZm9sbG93aW5nIG9yZGVyOiB2ZWN0b3IgPiBkYiA+IGxvZ2ZsYXJlID4ga29uZ1xuICAgIHVyaTogJ2h0dHA6Ly9zdXBhYmFzZS1rb25nOjgwMDAvYW5hbHl0aWNzL3YxL2FwaS9sb2dzP3NvdXJjZV9uYW1lPXBvc3RncmVzLmxvZ3MmYXBpX2tleT0ke0xPR0ZMQVJFX0FQSV9LRVk/TE9HRkxBUkVfQVBJX0tFWSBpcyByZXF1aXJlZH0nXG4gIGxvZ2ZsYXJlX2Z1bmN0aW9uczpcbiAgICB0eXBlOiAnaHR0cCdcbiAgICBpbnB1dHM6XG4gICAgICAtIHJvdXRlci5mdW5jdGlvbnNcbiAgICBlbmNvZGluZzpcbiAgICAgIGNvZGVjOiAnanNvbidcbiAgICBtZXRob2Q6ICdwb3N0J1xuICAgIHJlcXVlc3Q6XG4gICAgICByZXRyeV9tYXhfZHVyYXRpb25fc2VjczogMTBcbiAgICB1cmk6ICdodHRwOi8vc3VwYWJhc2UtYW5hbHl0aWNzOjQwMDAvYXBpL2xvZ3M/c291cmNlX25hbWU9ZGVuby1yZWxheS1sb2dzJmFwaV9rZXk9JHtMT0dGTEFSRV9BUElfS0VZP0xPR0ZMQVJFX0FQSV9LRVkgaXMgcmVxdWlyZWR9J1xuICBsb2dmbGFyZV9zdG9yYWdlOlxuICAgIHR5cGU6ICdodHRwJ1xuICAgIGlucHV0czpcbiAgICAgIC0gc3RvcmFnZV9sb2dzXG4gICAgZW5jb2Rpbmc6XG4gICAgICBjb2RlYzogJ2pzb24nXG4gICAgbWV0aG9kOiAncG9zdCdcbiAgICByZXF1ZXN0OlxuICAgICAgcmV0cnlfbWF4X2R1cmF0aW9uX3NlY3M6IDEwXG4gICAgdXJpOiAnaHR0cDovL3N1cGFiYXNlLWFuYWx5dGljczo0MDAwL2FwaS9sb2dzP3NvdXJjZV9uYW1lPXN0b3JhZ2UubG9ncy5wcm9kLjImYXBpX2tleT0ke0xPR0ZMQVJFX0FQSV9LRVk/TE9HRkxBUkVfQVBJX0tFWSBpcyByZXF1aXJlZH0nXG4gIGxvZ2ZsYXJlX2tvbmc6XG4gICAgdHlwZTogJ2h0dHAnXG4gICAgaW5wdXRzOlxuICAgICAgLSBrb25nX2xvZ3NcbiAgICAgIC0ga29uZ19lcnJcbiAgICBlbmNvZGluZzpcbiAgICAgIGNvZGVjOiAnanNvbidcbiAgICBtZXRob2Q6ICdwb3N0J1xuICAgIHJlcXVlc3Q6XG4gICAgICByZXRyeV9tYXhfZHVyYXRpb25fc2VjczogMTBcbiAgICB1cmk6ICdodHRwOi8vc3VwYWJhc2UtYW5hbHl0aWNzOjQwMDAvYXBpL2xvZ3M/c291cmNlX25hbWU9Y2xvdWRmbGFyZS5sb2dzLnByb2QmYXBpX2tleT0ke0xPR0ZMQVJFX0FQSV9LRVk/TE9HRkxBUkVfQVBJX0tFWSBpcyByZXF1aXJlZH0nXG4iCiAgICAgIC0gJy92YXIvcnVuL2RvY2tlci5zb2NrOi92YXIvcnVuL2RvY2tlci5zb2NrOnJvJwogICAgZW52aXJvbm1lbnQ6CiAgICAgIC0gJ0xPR0ZMQVJFX0FQSV9LRVk9JHtTRVJWSUNFX1BBU1NXT1JEX0xPR0ZMQVJFfScKICAgIGNvbW1hbmQ6CiAgICAgIC0gJy0tY29uZmlnJwogICAgICAtIGV0Yy92ZWN0b3IvdmVjdG9yLnltbAogIHN1cGFiYXNlLXJlc3Q6CiAgICBpbWFnZTogJ3Bvc3RncmVzdC9wb3N0Z3Jlc3Q6djEyLjIuMCcKICAgIGRlcGVuZHNfb246CiAgICAgIHN1cGFiYXNlLWRiOgogICAgICAgIGNvbmRpdGlvbjogc2VydmljZV9oZWFsdGh5CiAgICAgIHN1cGFiYXNlLWFuYWx5dGljczoKICAgICAgICBjb25kaXRpb246IHNlcnZpY2VfaGVhbHRoeQogICAgZW52aXJvbm1lbnQ6CiAgICAgIC0gJ1BHUlNUX0RCX1VSST1wb3N0Z3JlczovL2F1dGhlbnRpY2F0b3I6JHtTRVJWSUNFX1BBU1NXT1JEX1BPU1RHUkVTfUAke1BPU1RHUkVTX0hPU1ROQU1FOi1zdXBhYmFzZS1kYn06JHtQT1NUR1JFU19QT1JUOi01NDMyfS8ke1BPU1RHUkVTX0RCOi1wb3N0Z3Jlc30nCiAgICAgIC0gJ1BHUlNUX0RCX1NDSEVNQVM9JHtQR1JTVF9EQl9TQ0hFTUFTOi1wdWJsaWMsc3RvcmFnZSxncmFwaHFsX3B1YmxpY30nCiAgICAgIC0gUEdSU1RfREJfQU5PTl9ST0xFPWFub24KICAgICAgLSAnUEdSU1RfSldUX1NFQ1JFVD0ke1NFUlZJQ0VfUEFTU1dPUkRfSldUfScKICAgICAgLSBQR1JTVF9EQl9VU0VfTEVHQUNZX0dVQ1M9ZmFsc2UKICAgICAgLSAnUEdSU1RfQVBQX1NFVFRJTkdTX0pXVF9TRUNSRVQ9JHtTRVJWSUNFX1BBU1NXT1JEX0pXVH0nCiAgICAgIC0gJ1BHUlNUX0FQUF9TRVRUSU5HU19KV1RfRVhQPSR7SldUX0VYUElSWTotMzYwMH0nCiAgICBjb21tYW5kOiBwb3N0Z3Jlc3QKICAgIGV4Y2x1ZGVfZnJvbV9oYzogdHJ1ZQogIHN1cGFiYXNlLWF1dGg6CiAgICBpbWFnZTogJ3N1cGFiYXNlL2dvdHJ1ZTp2Mi4xNjQuMCcKICAgIGRlcGVuZHNfb246CiAgICAgIHN1cGFiYXNlLWRiOgogICAgICAgIGNvbmRpdGlvbjogc2VydmljZV9oZWFsdGh5CiAgICAgIHN1cGFiYXNlLWFuYWx5dGljczoKICAgICAgICBjb25kaXRpb246IHNlcnZpY2VfaGVhbHRoeQogICAgaGVhbHRoY2hlY2s6CiAgICAgIHRlc3Q6CiAgICAgICAgLSBDTUQKICAgICAgICAtIHdnZXQKICAgICAgICAtICctLW5vLXZlcmJvc2UnCiAgICAgICAgLSAnLS10cmllcz0xJwogICAgICAgIC0gJy0tc3BpZGVyJwogICAgICAgIC0gJ2h0dHA6Ly8xMjcuMC4wLjE6OTk5OS9oZWFsdGgnCiAgICAgIHRpbWVvdXQ6IDVzCiAgICAgIGludGVydmFsOiA1cwogICAgICByZXRyaWVzOiAzCiAgICBlbnZpcm9ubWVudDoKICAgICAgLSBHT1RSVUVfQVBJX0hPU1Q9MC4wLjAuMAogICAgICAtIEdPVFJVRV9BUElfUE9SVD05OTk5CiAgICAgIC0gJ0FQSV9FWFRFUk5BTF9VUkw9JHtBUElfRVhURVJOQUxfVVJMOi1odHRwOi8vc3VwYWJhc2Uta29uZzo4MDAwfScKICAgICAgLSBHT1RSVUVfREJfRFJJVkVSPXBvc3RncmVzCiAgICAgIC0gJ0dPVFJVRV9EQl9EQVRBQkFTRV9VUkw9cG9zdGdyZXM6Ly9zdXBhYmFzZV9hdXRoX2FkbWluOiR7U0VSVklDRV9QQVNTV09SRF9QT1NUR1JFU31AJHtQT1NUR1JFU19IT1NUTkFNRTotc3VwYWJhc2UtZGJ9OiR7UE9TVEdSRVNfUE9SVDotNTQzMn0vJHtQT1NUR1JFU19EQjotcG9zdGdyZXN9JwogICAgICAtICdHT1RSVUVfU0lURV9VUkw9JHtTRVJWSUNFX0ZRRE5fU1VQQUJBU0VLT05HfScKICAgICAgLSAnR09UUlVFX1VSSV9BTExPV19MSVNUPSR7QURESVRJT05BTF9SRURJUkVDVF9VUkxTfScKICAgICAgLSAnR09UUlVFX0RJU0FCTEVfU0lHTlVQPSR7RElTQUJMRV9TSUdOVVA6LWZhbHNlfScKICAgICAgLSBHT1RSVUVfSldUX0FETUlOX1JPTEVTPXNlcnZpY2Vfcm9sZQogICAgICAtIEdPVFJVRV9KV1RfQVVEPWF1dGhlbnRpY2F0ZWQKICAgICAgLSBHT1RSVUVfSldUX0RFRkFVTFRfR1JPVVBfTkFNRT1hdXRoZW50aWNhdGVkCiAgICAgIC0gJ0dPVFJVRV9KV1RfRVhQPSR7SldUX0VYUElSWTotMzYwMH0nCiAgICAgIC0gJ0dPVFJVRV9KV1RfU0VDUkVUPSR7U0VSVklDRV9QQVNTV09SRF9KV1R9JwogICAgICAtICdHT1RSVUVfRVhURVJOQUxfRU1BSUxfRU5BQkxFRD0ke0VOQUJMRV9FTUFJTF9TSUdOVVA6LXRydWV9JwogICAgICAtICdHT1RSVUVfRVhURVJOQUxfQU5PTllNT1VTX1VTRVJTX0VOQUJMRUQ9JHtFTkFCTEVfQU5PTllNT1VTX1VTRVJTOi1mYWxzZX0nCiAgICAgIC0gJ0dPVFJVRV9NQUlMRVJfQVVUT0NPTkZJUk09JHtFTkFCTEVfRU1BSUxfQVVUT0NPTkZJUk06LWZhbHNlfScKICAgICAgLSAnR09UUlVFX1NNVFBfQURNSU5fRU1BSUw9JHtTTVRQX0FETUlOX0VNQUlMfScKICAgICAgLSAnR09UUlVFX1NNVFBfSE9TVD0ke1NNVFBfSE9TVH0nCiAgICAgIC0gJ0dPVFJVRV9TTVRQX1BPUlQ9JHtTTVRQX1BPUlQ6LTU4N30nCiAgICAgIC0gJ0dPVFJVRV9TTVRQX1VTRVI9JHtTTVRQX1VTRVJ9JwogICAgICAtICdHT1RSVUVfU01UUF9QQVNTPSR7U01UUF9QQVNTfScKICAgICAgLSAnR09UUlVFX1NNVFBfU0VOREVSX05BTUU9JHtTTVRQX1NFTkRFUl9OQU1FfScKICAgICAgLSAnR09UUlVFX01BSUxFUl9VUkxQQVRIU19JTlZJVEU9JHtNQUlMRVJfVVJMUEFUSFNfSU5WSVRFOi0vYXV0aC92MS92ZXJpZnl9JwogICAgICAtICdHT1RSVUVfTUFJTEVSX1VSTFBBVEhTX0NPTkZJUk1BVElPTj0ke01BSUxFUl9VUkxQQVRIU19DT05GSVJNQVRJT046LS9hdXRoL3YxL3ZlcmlmeX0nCiAgICAgIC0gJ0dPVFJVRV9NQUlMRVJfVVJMUEFUSFNfUkVDT1ZFUlk9JHtNQUlMRVJfVVJMUEFUSFNfUkVDT1ZFUlk6LS9hdXRoL3YxL3ZlcmlmeX0nCiAgICAgIC0gJ0dPVFJVRV9NQUlMRVJfVVJMUEFUSFNfRU1BSUxfQ0hBTkdFPSR7TUFJTEVSX1VSTFBBVEhTX0VNQUlMX0NIQU5HRTotL2F1dGgvdjEvdmVyaWZ5fScKICAgICAgLSAnR09UUlVFX01BSUxFUl9URU1QTEFURVNfSU5WSVRFPSR7TUFJTEVSX1RFTVBMQVRFU19JTlZJVEV9JwogICAgICAtICdHT1RSVUVfTUFJTEVSX1RFTVBMQVRFU19DT05GSVJNQVRJT049JHtNQUlMRVJfVEVNUExBVEVTX0NPTkZJUk1BVElPTn0nCiAgICAgIC0gJ0dPVFJVRV9NQUlMRVJfVEVNUExBVEVTX1JFQ09WRVJZPSR7TUFJTEVSX1RFTVBMQVRFU19SRUNPVkVSWX0nCiAgICAgIC0gJ0dPVFJVRV9NQUlMRVJfVEVNUExBVEVTX01BR0lDX0xJTks9JHtNQUlMRVJfVEVNUExBVEVTX01BR0lDX0xJTkt9JwogICAgICAtICdHT1RSVUVfTUFJTEVSX1RFTVBMQVRFU19FTUFJTF9DSEFOR0U9JHtNQUlMRVJfVEVNUExBVEVTX0VNQUlMX0NIQU5HRX0nCiAgICAgIC0gJ0dPVFJVRV9NQUlMRVJfU1VCSkVDVFNfQ09ORklSTUFUSU9OPSR7TUFJTEVSX1NVQkpFQ1RTX0NPTkZJUk1BVElPTn0nCiAgICAgIC0gJ0dPVFJVRV9NQUlMRVJfU1VCSkVDVFNfUkVDT1ZFUlk9JHtNQUlMRVJfU1VCSkVDVFNfUkVDT1ZFUll9JwogICAgICAtICdHT1RSVUVfTUFJTEVSX1NVQkpFQ1RTX01BR0lDX0xJTks9JHtNQUlMRVJfU1VCSkVDVFNfTUFHSUNfTElOS30nCiAgICAgIC0gJ0dPVFJVRV9NQUlMRVJfU1VCSkVDVFNfRU1BSUxfQ0hBTkdFPSR7TUFJTEVSX1NVQkpFQ1RTX0VNQUlMX0NIQU5HRX0nCiAgICAgIC0gJ0dPVFJVRV9NQUlMRVJfU1VCSkVDVFNfSU5WSVRFPSR7TUFJTEVSX1NVQkpFQ1RTX0lOVklURX0nCiAgICAgIC0gJ0dPVFJVRV9FWFRFUk5BTF9QSE9ORV9FTkFCTEVEPSR7RU5BQkxFX1BIT05FX1NJR05VUDotdHJ1ZX0nCiAgICAgIC0gJ0dPVFJVRV9TTVNfQVVUT0NPTkZJUk09JHtFTkFCTEVfUEhPTkVfQVVUT0NPTkZJUk06LXRydWV9JwogIHJlYWx0aW1lLWRldjoKICAgIGltYWdlOiAnc3VwYWJhc2UvcmVhbHRpbWU6djIuMzMuNzAnCiAgICBjb250YWluZXJfbmFtZTogcmVhbHRpbWUtZGV2LnN1cGFiYXNlLXJlYWx0aW1lCiAgICBkZXBlbmRzX29uOgogICAgICBzdXBhYmFzZS1kYjoKICAgICAgICBjb25kaXRpb246IHNlcnZpY2VfaGVhbHRoeQogICAgICBzdXBhYmFzZS1hbmFseXRpY3M6CiAgICAgICAgY29uZGl0aW9uOiBzZXJ2aWNlX2hlYWx0aHkKICAgIGhlYWx0aGNoZWNrOgogICAgICB0ZXN0OgogICAgICAgIC0gQ01ECiAgICAgICAgLSBjdXJsCiAgICAgICAgLSAnLXNTZkwnCiAgICAgICAgLSAnLS1oZWFkJwogICAgICAgIC0gJy1vJwogICAgICAgIC0gL2Rldi9udWxsCiAgICAgICAgLSAnLUgnCiAgICAgICAgLSAnQXV0aG9yaXphdGlvbjogQmVhcmVyICR7U0VSVklDRV9TVVBBQkFTRUFOT05fS0VZfScKICAgICAgICAtICdodHRwOi8vMTI3LjAuMC4xOjQwMDAvYXBpL3RlbmFudHMvcmVhbHRpbWUtZGV2L2hlYWx0aCcKICAgICAgdGltZW91dDogNXMKICAgICAgaW50ZXJ2YWw6IDVzCiAgICAgIHJldHJpZXM6IDMKICAgIGVudmlyb25tZW50OgogICAgICAtIFBPUlQ9NDAwMAogICAgICAtICdEQl9IT1NUPSR7UE9TVEdSRVNfSE9TVE5BTUU6LXN1cGFiYXNlLWRifScKICAgICAgLSAnREJfUE9SVD0ke1BPU1RHUkVTX1BPUlQ6LTU0MzJ9JwogICAgICAtIERCX1VTRVI9c3VwYWJhc2VfYWRtaW4KICAgICAgLSAnREJfUEFTU1dPUkQ9JHtTRVJWSUNFX1BBU1NXT1JEX1BPU1RHUkVTfScKICAgICAgLSAnREJfTkFNRT0ke1BPU1RHUkVTX0RCOi1wb3N0Z3Jlc30nCiAgICAgIC0gJ0RCX0FGVEVSX0NPTk5FQ1RfUVVFUlk9U0VUIHNlYXJjaF9wYXRoIFRPIF9yZWFsdGltZScKICAgICAgLSBEQl9FTkNfS0VZPXN1cGFiYXNlcmVhbHRpbWUKICAgICAgLSAnQVBJX0pXVF9TRUNSRVQ9JHtTRVJWSUNFX1BBU1NXT1JEX0pXVH0nCiAgICAgIC0gRkxZX0FMTE9DX0lEPWZseTEyMwogICAgICAtIEZMWV9BUFBfTkFNRT1yZWFsdGltZQogICAgICAtICdTRUNSRVRfS0VZX0JBU0U9JHtTRUNSRVRfUEFTU1dPUkRfUkVBTFRJTUV9JwogICAgICAtICdFUkxfQUZMQUdTPS1wcm90b19kaXN0IGluZXRfdGNwJwogICAgICAtIEVOQUJMRV9UQUlMU0NBTEU9ZmFsc2UKICAgICAgLSAiRE5TX05PREVTPScnIgogICAgICAtIFJMSU1JVF9OT0ZJTEU9MTAwMDAKICAgICAgLSBBUFBfTkFNRT1yZWFsdGltZQogICAgICAtIFNFRURfU0VMRl9IT1NUPXRydWUKICAgICAgLSBMT0dfTEVWRUw9ZXJyb3IKICAgICAgLSBSVU5fSkFOSVRPUj10cnVlCiAgICAgIC0gSkFOSVRPUl9JTlRFUlZBTD02MDAwMAogICAgY29tbWFuZDogInNoIC1jIFwiL2FwcC9iaW4vbWlncmF0ZSAmJiAvYXBwL2Jpbi9yZWFsdGltZSBldmFsICdSZWFsdGltZS5SZWxlYXNlLnNlZWRzKFJlYWx0aW1lLlJlcG8pJyAmJiAvYXBwL2Jpbi9zZXJ2ZXJcIlxuIgogIHN1cGFiYXNlLW1pbmlvOgogICAgaW1hZ2U6IG1pbmlvL21pbmlvCiAgICBlbnZpcm9ubWVudDoKICAgICAgLSAnTUlOSU9fUk9PVF9VU0VSPSR7U0VSVklDRV9VU0VSX01JTklPfScKICAgICAgLSAnTUlOSU9fUk9PVF9QQVNTV09SRD0ke1NFUlZJQ0VfUEFTU1dPUkRfTUlOSU99JwogICAgY29tbWFuZDogJ3NlcnZlciAtLWNvbnNvbGUtYWRkcmVzcyAiOjkwMDEiIC9kYXRhJwogICAgaGVhbHRoY2hlY2s6CiAgICAgIHRlc3Q6ICdzbGVlcCA1ICYmIGV4aXQgMCcKICAgICAgaW50ZXJ2YWw6IDJzCiAgICAgIHRpbWVvdXQ6IDEwcwogICAgICByZXRyaWVzOiA1CiAgICB2b2x1bWVzOgogICAgICAtICcuL3ZvbHVtZXMvc3RvcmFnZTovZGF0YScKICBtaW5pby1jcmVhdGVidWNrZXQ6CiAgICBpbWFnZTogbWluaW8vbWMKICAgIHJlc3RhcnQ6ICdubycKICAgIGVudmlyb25tZW50OgogICAgICAtICdNSU5JT19ST09UX1VTRVI9JHtTRVJWSUNFX1VTRVJfTUlOSU99JwogICAgICAtICdNSU5JT19ST09UX1BBU1NXT1JEPSR7U0VSVklDRV9QQVNTV09SRF9NSU5JT30nCiAgICBkZXBlbmRzX29uOgogICAgICBzdXBhYmFzZS1taW5pbzoKICAgICAgICBjb25kaXRpb246IHNlcnZpY2VfaGVhbHRoeQogICAgZW50cnlwb2ludDoKICAgICAgLSAvZW50cnlwb2ludC5zaAogICAgdm9sdW1lczoKICAgICAgLQogICAgICAgIHR5cGU6IGJpbmQKICAgICAgICBzb3VyY2U6IC4vZW50cnlwb2ludC5zaAogICAgICAgIHRhcmdldDogL2VudHJ5cG9pbnQuc2gKICAgICAgICBjb250ZW50OiAiIyEvYmluL3NoXG4vdXNyL2Jpbi9tYyBhbGlhcyBzZXQgc3VwYWJhc2UtbWluaW8gaHR0cDovL3N1cGFiYXNlLW1pbmlvOjkwMDAgJHtNSU5JT19ST09UX1VTRVJ9ICR7TUlOSU9fUk9PVF9QQVNTV09SRH07XG4vdXNyL2Jpbi9tYyBtYiAtLWlnbm9yZS1leGlzdGluZyBzdXBhYmFzZS1taW5pby9zdHViO1xuZXhpdCAwXG4iCiAgc3VwYWJhc2Utc3RvcmFnZToKICAgIGltYWdlOiAnc3VwYWJhc2Uvc3RvcmFnZS1hcGk6djEuMTQuNicKICAgIGRlcGVuZHNfb246CiAgICAgIHN1cGFiYXNlLWRiOgogICAgICAgIGNvbmRpdGlvbjogc2VydmljZV9oZWFsdGh5CiAgICAgIHN1cGFiYXNlLXJlc3Q6CiAgICAgICAgY29uZGl0aW9uOiBzZXJ2aWNlX3N0YXJ0ZWQKICAgICAgaW1ncHJveHk6CiAgICAgICAgY29uZGl0aW9uOiBzZXJ2aWNlX3N0YXJ0ZWQKICAgIGhlYWx0aGNoZWNrOgogICAgICB0ZXN0OgogICAgICAgIC0gQ01ECiAgICAgICAgLSB3Z2V0CiAgICAgICAgLSAnLS1uby12ZXJib3NlJwogICAgICAgIC0gJy0tdHJpZXM9MScKICAgICAgICAtICctLXNwaWRlcicKICAgICAgICAtICdodHRwOi8vMTI3LjAuMC4xOjUwMDAvc3RhdHVzJwogICAgICB0aW1lb3V0OiA1cwogICAgICBpbnRlcnZhbDogNXMKICAgICAgcmV0cmllczogMwogICAgZW52aXJvbm1lbnQ6CiAgICAgIC0gU0VSVkVSX1BPUlQ9NTAwMAogICAgICAtIFNFUlZFUl9SRUdJT049bG9jYWwKICAgICAgLSBNVUxUSV9URU5BTlQ9ZmFsc2UKICAgICAgLSAnQVVUSF9KV1RfU0VDUkVUPSR7U0VSVklDRV9QQVNTV09SRF9KV1R9JwogICAgICAtICdEQVRBQkFTRV9VUkw9cG9zdGdyZXM6Ly9zdXBhYmFzZV9zdG9yYWdlX2FkbWluOiR7U0VSVklDRV9QQVNTV09SRF9QT1NUR1JFU31AJHtQT1NUR1JFU19IT1NUTkFNRTotc3VwYWJhc2UtZGJ9OiR7UE9TVEdSRVNfUE9SVDotNTQzMn0vJHtQT1NUR1JFU19EQjotcG9zdGdyZXN9JwogICAgICAtIERCX0lOU1RBTExfUk9MRVM9ZmFsc2UKICAgICAgLSBTVE9SQUdFX0JBQ0tFTkQ9czMKICAgICAgLSBTVE9SQUdFX1MzX0JVQ0tFVD1zdHViCiAgICAgIC0gJ1NUT1JBR0VfUzNfRU5EUE9JTlQ9aHR0cDovL3N1cGFiYXNlLW1pbmlvOjkwMDAnCiAgICAgIC0gU1RPUkFHRV9TM19GT1JDRV9QQVRIX1NUWUxFPXRydWUKICAgICAgLSBTVE9SQUdFX1MzX1JFR0lPTj11cy1lYXN0LTEKICAgICAgLSAnQVdTX0FDQ0VTU19LRVlfSUQ9JHtTRVJWSUNFX1VTRVJfTUlOSU99JwogICAgICAtICdBV1NfU0VDUkVUX0FDQ0VTU19LRVk9JHtTRVJWSUNFX1BBU1NXT1JEX01JTklPfScKICAgICAgLSBVUExPQURfRklMRV9TSVpFX0xJTUlUPTUyNDI4ODAwMAogICAgICAtIFVQTE9BRF9GSUxFX1NJWkVfTElNSVRfU1RBTkRBUkQ9NTI0Mjg4MDAwCiAgICAgIC0gVVBMT0FEX1NJR05FRF9VUkxfRVhQSVJBVElPTl9USU1FPTEyMAogICAgICAtIFRVU19VUkxfUEFUSD11cGxvYWQvcmVzdW1hYmxlCiAgICAgIC0gVFVTX01BWF9TSVpFPTM2MDAwMDAKICAgICAgLSBFTkFCTEVfSU1BR0VfVFJBTlNGT1JNQVRJT049dHJ1ZQogICAgICAtICdJTUdQUk9YWV9VUkw9aHR0cDovL2ltZ3Byb3h5OjgwODAnCiAgICAgIC0gSU1HUFJPWFlfUkVRVUVTVF9USU1FT1VUPTE1CiAgICAgIC0gREFUQUJBU0VfU0VBUkNIX1BBVEg9c3RvcmFnZQogICAgICAtIE5PREVfRU5WPXByb2R1Y3Rpb24KICAgICAgLSBSRVFVRVNUX0FMTE9XX1hfRk9SV0FSREVEX1BBVEg9dHJ1ZQogICAgdm9sdW1lczoKICAgICAgLSAnLi92b2x1bWVzL3N0b3JhZ2U6L3Zhci9saWIvc3RvcmFnZScKICBpbWdwcm94eToKICAgIGltYWdlOiAnZGFydGhzaW0vaW1ncHJveHk6djMuOC4wJwogICAgaGVhbHRoY2hlY2s6CiAgICAgIHRlc3Q6CiAgICAgICAgLSBDTUQKICAgICAgICAtIGltZ3Byb3h5CiAgICAgICAgLSBoZWFsdGgKICAgICAgdGltZW91dDogNXMKICAgICAgaW50ZXJ2YWw6IDVzCiAgICAgIHJldHJpZXM6IDMKICAgIGVudmlyb25tZW50OgogICAgICAtIElNR1BST1hZX0xPQ0FMX0ZJTEVTWVNURU1fUk9PVD0vCiAgICAgIC0gSU1HUFJPWFlfVVNFX0VUQUc9dHJ1ZQogICAgICAtICdJTUdQUk9YWV9FTkFCTEVfV0VCUF9ERVRFQ1RJT049JHtJTUdQUk9YWV9FTkFCTEVfV0VCUF9ERVRFQ1RJT046LXRydWV9JwogICAgdm9sdW1lczoKICAgICAgLSAnLi92b2x1bWVzL3N0b3JhZ2U6L3Zhci9saWIvc3RvcmFnZScKICBzdXBhYmFzZS1tZXRhOgogICAgaW1hZ2U6ICdzdXBhYmFzZS9wb3N0Z3Jlcy1tZXRhOnYwLjg0LjInCiAgICBkZXBlbmRzX29uOgogICAgICBzdXBhYmFzZS1kYjoKICAgICAgICBjb25kaXRpb246IHNlcnZpY2VfaGVhbHRoeQogICAgICBzdXBhYmFzZS1hbmFseXRpY3M6CiAgICAgICAgY29uZGl0aW9uOiBzZXJ2aWNlX2hlYWx0aHkKICAgIGVudmlyb25tZW50OgogICAgICAtIFBHX01FVEFfUE9SVD04MDgwCiAgICAgIC0gJ1BHX01FVEFfREJfSE9TVD0ke1BPU1RHUkVTX0hPU1ROQU1FOi1zdXBhYmFzZS1kYn0nCiAgICAgIC0gJ1BHX01FVEFfREJfUE9SVD0ke1BPU1RHUkVTX1BPUlQ6LTU0MzJ9JwogICAgICAtICdQR19NRVRBX0RCX05BTUU9JHtQT1NUR1JFU19EQjotcG9zdGdyZXN9JwogICAgICAtIFBHX01FVEFfREJfVVNFUj1zdXBhYmFzZV9hZG1pbgogICAgICAtICdQR19NRVRBX0RCX1BBU1NXT1JEPSR7U0VSVklDRV9QQVNTV09SRF9QT1NUR1JFU30nCiAgc3VwYWJhc2UtZWRnZS1mdW5jdGlvbnM6CiAgICBpbWFnZTogJ3N1cGFiYXNlL2VkZ2UtcnVudGltZTp2MS42NS4zJwogICAgZGVwZW5kc19vbjoKICAgICAgc3VwYWJhc2UtYW5hbHl0aWNzOgogICAgICAgIGNvbmRpdGlvbjogc2VydmljZV9oZWFsdGh5CiAgICBoZWFsdGhjaGVjazoKICAgICAgdGVzdDoKICAgICAgICAtIENNRAogICAgICAgIC0gZWNobwogICAgICAgIC0gJ0VkZ2UgRnVuY3Rpb25zIGlzIGhlYWx0aHknCiAgICAgIHRpbWVvdXQ6IDVzCiAgICAgIGludGVydmFsOiA1cwogICAgICByZXRyaWVzOiAzCiAgICBlbnZpcm9ubWVudDoKICAgICAgLSAnSldUX1NFQ1JFVD0ke1NFUlZJQ0VfUEFTU1dPUkRfSldUfScKICAgICAgLSAnU1VQQUJBU0VfVVJMPSR7U0VSVklDRV9GUUROX1NVUEFCQVNFS09OR30nCiAgICAgIC0gJ1NVUEFCQVNFX0FOT05fS0VZPSR7U0VSVklDRV9TVVBBQkFTRUFOT05fS0VZfScKICAgICAgLSAnU1VQQUJBU0VfU0VSVklDRV9ST0xFX0tFWT0ke1NFUlZJQ0VfU1VQQUJBU0VTRVJWSUNFX0tFWX0nCiAgICAgIC0gJ1NVUEFCQVNFX0RCX1VSTD1wb3N0Z3Jlc3FsOi8vcG9zdGdyZXM6JHtTRVJWSUNFX1BBU1NXT1JEX1BPU1RHUkVTfUAke1BPU1RHUkVTX0hPU1ROQU1FOi1zdXBhYmFzZS1kYn06JHtQT1NUR1JFU19QT1JUOi01NDMyfS8ke1BPU1RHUkVTX0RCOi1wb3N0Z3Jlc30nCiAgICAgIC0gJ1ZFUklGWV9KV1Q9JHtGVU5DVElPTlNfVkVSSUZZX0pXVDotZmFsc2V9JwogICAgdm9sdW1lczoKICAgICAgLSAnLi92b2x1bWVzL2Z1bmN0aW9uczovaG9tZS9kZW5vL2Z1bmN0aW9ucycKICAgICAgLQogICAgICAgIHR5cGU6IGJpbmQKICAgICAgICBzb3VyY2U6IC4vdm9sdW1lcy9mdW5jdGlvbnMvbWFpbi9pbmRleC50cwogICAgICAgIHRhcmdldDogL2hvbWUvZGVuby9mdW5jdGlvbnMvbWFpbi9pbmRleC50cwogICAgICAgIGNvbnRlbnQ6ICJpbXBvcnQgeyBzZXJ2ZSB9IGZyb20gJ2h0dHBzOi8vZGVuby5sYW5kL3N0ZEAwLjEzMS4wL2h0dHAvc2VydmVyLnRzJ1xuaW1wb3J0ICogYXMgam9zZSBmcm9tICdodHRwczovL2Rlbm8ubGFuZC94L2pvc2VAdjQuMTQuNC9pbmRleC50cydcblxuY29uc29sZS5sb2coJ21haW4gZnVuY3Rpb24gc3RhcnRlZCcpXG5cbmNvbnN0IEpXVF9TRUNSRVQgPSBEZW5vLmVudi5nZXQoJ0pXVF9TRUNSRVQnKVxuY29uc3QgVkVSSUZZX0pXVCA9IERlbm8uZW52LmdldCgnVkVSSUZZX0pXVCcpID09PSAndHJ1ZSdcblxuZnVuY3Rpb24gZ2V0QXV0aFRva2VuKHJlcTogUmVxdWVzdCkge1xuICBjb25zdCBhdXRoSGVhZGVyID0gcmVxLmhlYWRlcnMuZ2V0KCdhdXRob3JpemF0aW9uJylcbiAgaWYgKCFhdXRoSGVhZGVyKSB7XG4gICAgdGhyb3cgbmV3IEVycm9yKCdNaXNzaW5nIGF1dGhvcml6YXRpb24gaGVhZGVyJylcbiAgfVxuICBjb25zdCBbYmVhcmVyLCB0b2tlbl0gPSBhdXRoSGVhZGVyLnNwbGl0KCcgJylcbiAgaWYgKGJlYXJlciAhPT0gJ0JlYXJlcicpIHtcbiAgICB0aHJvdyBuZXcgRXJyb3IoYEF1dGggaGVhZGVyIGlzIG5vdCAnQmVhcmVyIHt0b2tlbn0nYClcbiAgfVxuICByZXR1cm4gdG9rZW5cbn1cblxuYXN5bmMgZnVuY3Rpb24gdmVyaWZ5SldUKGp3dDogc3RyaW5nKTogUHJvbWlzZTxib29sZWFuPiB7XG4gIGNvbnN0IGVuY29kZXIgPSBuZXcgVGV4dEVuY29kZXIoKVxuICBjb25zdCBzZWNyZXRLZXkgPSBlbmNvZGVyLmVuY29kZShKV1RfU0VDUkVUKVxuICB0cnkge1xuICAgIGF3YWl0IGpvc2Uuand0VmVyaWZ5KGp3dCwgc2VjcmV0S2V5KVxuICB9IGNhdGNoIChlcnIpIHtcbiAgICBjb25zb2xlLmVycm9yKGVycilcbiAgICByZXR1cm4gZmFsc2VcbiAgfVxuICByZXR1cm4gdHJ1ZVxufVxuXG5zZXJ2ZShhc3luYyAocmVxOiBSZXF1ZXN0KSA9PiB7XG4gIGlmIChyZXEubWV0aG9kICE9PSAnT1BUSU9OUycgJiYgVkVSSUZZX0pXVCkge1xuICAgIHRyeSB7XG4gICAgICBjb25zdCB0b2tlbiA9IGdldEF1dGhUb2tlbihyZXEpXG4gICAgICBjb25zdCBpc1ZhbGlkSldUID0gYXdhaXQgdmVyaWZ5SldUKHRva2VuKVxuXG4gICAgICBpZiAoIWlzVmFsaWRKV1QpIHtcbiAgICAgICAgcmV0dXJuIG5ldyBSZXNwb25zZShKU09OLnN0cmluZ2lmeSh7IG1zZzogJ0ludmFsaWQgSldUJyB9KSwge1xuICAgICAgICAgIHN0YXR1czogNDAxLFxuICAgICAgICAgIGhlYWRlcnM6IHsgJ0NvbnRlbnQtVHlwZSc6ICdhcHBsaWNhdGlvbi9qc29uJyB9LFxuICAgICAgICB9KVxuICAgICAgfVxuICAgIH0gY2F0Y2ggKGUpIHtcbiAgICAgIGNvbnNvbGUuZXJyb3IoZSlcbiAgICAgIHJldHVybiBuZXcgUmVzcG9uc2UoSlNPTi5zdHJpbmdpZnkoeyBtc2c6IGUudG9TdHJpbmcoKSB9KSwge1xuICAgICAgICBzdGF0dXM6IDQwMSxcbiAgICAgICAgaGVhZGVyczogeyAnQ29udGVudC1UeXBlJzogJ2FwcGxpY2F0aW9uL2pzb24nIH0sXG4gICAgICB9KVxuICAgIH1cbiAgfVxuXG4gIGNvbnN0IHVybCA9IG5ldyBVUkwocmVxLnVybClcbiAgY29uc3QgeyBwYXRobmFtZSB9ID0gdXJsXG4gIGNvbnN0IHBhdGhfcGFydHMgPSBwYXRobmFtZS5zcGxpdCgnLycpXG4gIGNvbnN0IHNlcnZpY2VfbmFtZSA9IHBhdGhfcGFydHNbMV1cblxuICBpZiAoIXNlcnZpY2VfbmFtZSB8fCBzZXJ2aWNlX25hbWUgPT09ICcnKSB7XG4gICAgY29uc3QgZXJyb3IgPSB7IG1zZzogJ21pc3NpbmcgZnVuY3Rpb24gbmFtZSBpbiByZXF1ZXN0JyB9XG4gICAgcmV0dXJuIG5ldyBSZXNwb25zZShKU09OLnN0cmluZ2lmeShlcnJvciksIHtcbiAgICAgIHN0YXR1czogNDAwLFxuICAgICAgaGVhZGVyczogeyAnQ29udGVudC1UeXBlJzogJ2FwcGxpY2F0aW9uL2pzb24nIH0sXG4gICAgfSlcbiAgfVxuXG4gIGNvbnN0IHNlcnZpY2VQYXRoID0gYC9ob21lL2Rlbm8vZnVuY3Rpb25zLyR7c2VydmljZV9uYW1lfWBcbiAgY29uc29sZS5lcnJvcihgc2VydmluZyB0aGUgcmVxdWVzdCB3aXRoICR7c2VydmljZVBhdGh9YClcblxuICBjb25zdCBtZW1vcnlMaW1pdE1iID0gMTUwXG4gIGNvbnN0IHdvcmtlclRpbWVvdXRNcyA9IDEgKiA2MCAqIDEwMDBcbiAgY29uc3Qgbm9Nb2R1bGVDYWNoZSA9IGZhbHNlXG4gIGNvbnN0IGltcG9ydE1hcFBhdGggPSBudWxsXG4gIGNvbnN0IGVudlZhcnNPYmogPSBEZW5vLmVudi50b09iamVjdCgpXG4gIGNvbnN0IGVudlZhcnMgPSBPYmplY3Qua2V5cyhlbnZWYXJzT2JqKS5tYXAoKGspID0+IFtrLCBlbnZWYXJzT2JqW2tdXSlcblxuICB0cnkge1xuICAgIGNvbnN0IHdvcmtlciA9IGF3YWl0IEVkZ2VSdW50aW1lLnVzZXJXb3JrZXJzLmNyZWF0ZSh7XG4gICAgICBzZXJ2aWNlUGF0aCxcbiAgICAgIG1lbW9yeUxpbWl0TWIsXG4gICAgICB3b3JrZXJUaW1lb3V0TXMsXG4gICAgICBub01vZHVsZUNhY2hlLFxuICAgICAgaW1wb3J0TWFwUGF0aCxcbiAgICAgIGVudlZhcnMsXG4gICAgfSlcbiAgICByZXR1cm4gYXdhaXQgd29ya2VyLmZldGNoKHJlcSlcbiAgfSBjYXRjaCAoZSkge1xuICAgIGNvbnN0IGVycm9yID0geyBtc2c6IGUudG9TdHJpbmcoKSB9XG4gICAgcmV0dXJuIG5ldyBSZXNwb25zZShKU09OLnN0cmluZ2lmeShlcnJvciksIHtcbiAgICAgIHN0YXR1czogNTAwLFxuICAgICAgaGVhZGVyczogeyAnQ29udGVudC1UeXBlJzogJ2FwcGxpY2F0aW9uL2pzb24nIH0sXG4gICAgfSlcbiAgfVxufSlcbiIKICAgICAgLQogICAgICAgIHR5cGU6IGJpbmQKICAgICAgICBzb3VyY2U6IC4vdm9sdW1lcy9mdW5jdGlvbnMvaGVsbG8vaW5kZXgudHMKICAgICAgICB0YXJnZXQ6IC9ob21lL2Rlbm8vZnVuY3Rpb25zL2hlbGxvL2luZGV4LnRzCiAgICAgICAgY29udGVudDogIi8vIEZvbGxvdyB0aGlzIHNldHVwIGd1aWRlIHRvIGludGVncmF0ZSB0aGUgRGVubyBsYW5ndWFnZSBzZXJ2ZXIgd2l0aCB5b3VyIGVkaXRvcjpcbi8vIGh0dHBzOi8vZGVuby5sYW5kL21hbnVhbC9nZXR0aW5nX3N0YXJ0ZWQvc2V0dXBfeW91cl9lbnZpcm9ubWVudFxuLy8gVGhpcyBlbmFibGVzIGF1dG9jb21wbGV0ZSwgZ28gdG8gZGVmaW5pdGlvbiwgZXRjLlxuXG5pbXBvcnQgeyBzZXJ2ZSB9IGZyb20gXCJodHRwczovL2Rlbm8ubGFuZC9zdGRAMC4xNzcuMS9odHRwL3NlcnZlci50c1wiXG5cbnNlcnZlKGFzeW5jICgpID0+IHtcbiAgcmV0dXJuIG5ldyBSZXNwb25zZShcbiAgICBgXCJIZWxsbyBmcm9tIEVkZ2UgRnVuY3Rpb25zIVwiYCxcbiAgICB7IGhlYWRlcnM6IHsgXCJDb250ZW50LVR5cGVcIjogXCJhcHBsaWNhdGlvbi9qc29uXCIgfSB9LFxuICApXG59KVxuXG4vLyBUbyBpbnZva2U6XG4vLyBjdXJsICdodHRwOi8vbG9jYWxob3N0OjxLT05HX0hUVFBfUE9SVD4vZnVuY3Rpb25zL3YxL2hlbGxvJyBcXFxuLy8gICAtLWhlYWRlciAnQXV0aG9yaXphdGlvbjogQmVhcmVyIDxhbm9uL3NlcnZpY2Vfcm9sZSBBUEkga2V5PidcbiIKICAgIGNvbW1hbmQ6CiAgICAgIC0gc3RhcnQKICAgICAgLSAnLS1tYWluLXNlcnZpY2UnCiAgICAgIC0gL2hvbWUvZGVuby9mdW5jdGlvbnMvbWFpbgogIHN1cGFiYXNlLXN1cGF2aXNvcjoKICAgIGltYWdlOiAnc3VwYWJhc2Uvc3VwYXZpc29yOjEuMS41NicKICAgIGhlYWx0aGNoZWNrOgogICAgICB0ZXN0OgogICAgICAgIC0gQ01ECiAgICAgICAgLSBjdXJsCiAgICAgICAgLSAnLXNTZkwnCiAgICAgICAgLSAnLW8nCiAgICAgICAgLSAvZGV2L251bGwKICAgICAgICAtICdodHRwOi8vMTI3LjAuMC4xOjQwMDAvYXBpL2hlYWx0aCcKICAgICAgdGltZW91dDogNXMKICAgICAgaW50ZXJ2YWw6IDVzCiAgICAgIHJldHJpZXM6IDEwCiAgICBkZXBlbmRzX29uOgogICAgICBzdXBhYmFzZS1kYjoKICAgICAgICBjb25kaXRpb246IHNlcnZpY2VfaGVhbHRoeQogICAgICBzdXBhYmFzZS1hbmFseXRpY3M6CiAgICAgICAgY29uZGl0aW9uOiBzZXJ2aWNlX2hlYWx0aHkKICAgIGVudmlyb25tZW50OgogICAgICAtIFBPT0xFUl9URU5BTlRfSUQ9ZGV2X3RlbmFudAogICAgICAtIFBPT0xFUl9QT09MX01PREU9dHJhbnNhY3Rpb24KICAgICAgLSAnUE9PTEVSX0RFRkFVTFRfUE9PTF9TSVpFPSR7UE9PTEVSX0RFRkFVTFRfUE9PTF9TSVpFOi0yMH0nCiAgICAgIC0gJ1BPT0xFUl9NQVhfQ0xJRU5UX0NPTk49JHtQT09MRVJfTUFYX0NMSUVOVF9DT05OOi0xMDB9JwogICAgICAtIFBPUlQ9NDAwMAogICAgICAtICdQT1NUR1JFU19QT1JUPSR7UE9TVEdSRVNfUE9SVDotNTQzMn0nCiAgICAgIC0gJ1BPU1RHUkVTX0hPU1ROQU1FPSR7UE9TVEdSRVNfSE9TVE5BTUU6LXN1cGFiYXNlLWRifScKICAgICAgLSAnUE9TVEdSRVNfREI9JHtQT1NUR1JFU19EQjotcG9zdGdyZXN9JwogICAgICAtICdQT1NUR1JFU19QQVNTV09SRD0ke1NFUlZJQ0VfUEFTU1dPUkRfUE9TVEdSRVN9JwogICAgICAtICdEQVRBQkFTRV9VUkw9ZWN0bzovL3N1cGFiYXNlX2FkbWluOiR7U0VSVklDRV9QQVNTV09SRF9QT1NUR1JFU31AJHtQT1NUR1JFU19IT1NUTkFNRTotc3VwYWJhc2UtZGJ9OiR7UE9TVEdSRVNfUE9SVDotNTQzMn0vX3N1cGFiYXNlJwogICAgICAtIENMVVNURVJfUE9TVEdSRVM9dHJ1ZQogICAgICAtICdTRUNSRVRfS0VZX0JBU0U9JHtTRVJWSUNFX1BBU1NXT1JEX1NVUEFWSVNPUlNFQ1JFVH0nCiAgICAgIC0gJ1ZBVUxUX0VOQ19LRVk9JHtTRVJWSUNFX1BBU1NXT1JEX1ZBVUxURU5DfScKICAgICAgLSAnQVBJX0pXVF9TRUNSRVQ9JHtTRVJWSUNFX1BBU1NXT1JEX0pXVH0nCiAgICAgIC0gJ01FVFJJQ1NfSldUX1NFQ1JFVD0ke1NFUlZJQ0VfUEFTU1dPUkRfSldUfScKICAgICAgLSBSRUdJT049bG9jYWwKICAgICAgLSAnRVJMX0FGTEFHUz0tcHJvdG9fZGlzdCBpbmV0X3RjcCcKICAgIGNvbW1hbmQ6CiAgICAgIC0gL2Jpbi9zaAogICAgICAtICctYycKICAgICAgLSAnL2FwcC9iaW4vbWlncmF0ZSAmJiAvYXBwL2Jpbi9zdXBhdmlzb3IgZXZhbCAiJCQoY2F0IC9ldGMvcG9vbGVyL3Bvb2xlci5leHMpIiAmJiAvYXBwL2Jpbi9zZXJ2ZXInCiAgICB2b2x1bWVzOgogICAgICAtCiAgICAgICAgdHlwZTogYmluZAogICAgICAgIHNvdXJjZTogLi92b2x1bWVzL3Bvb2xlci9wb29sZXIuZXhzCiAgICAgICAgdGFyZ2V0OiAvZXRjL3Bvb2xlci9wb29sZXIuZXhzCiAgICAgICAgY29udGVudDogIns6b2ssIF99ID0gQXBwbGljYXRpb24uZW5zdXJlX2FsbF9zdGFydGVkKDpzdXBhdmlzb3IpXG57Om9rLCB2ZXJzaW9ufSA9XG4gICAgY2FzZSBTdXBhdmlzb3IuUmVwby5xdWVyeSEoXCJzZWxlY3QgdmVyc2lvbigpXCIpIGRvXG4gICAgJXtyb3dzOiBbW3Zlcl1dfSAtPiBTdXBhdmlzb3IuSGVscGVycy5wYXJzZV9wZ192ZXJzaW9uKHZlcilcbiAgICBfIC0+IG5pbFxuICAgIGVuZFxucGFyYW1zID0gJXtcbiAgICBcImV4dGVybmFsX2lkXCIgPT4gU3lzdGVtLmdldF9lbnYoXCJQT09MRVJfVEVOQU5UX0lEXCIpLFxuICAgIFwiZGJfaG9zdFwiID0+IFN5c3RlbS5nZXRfZW52KFwiUE9TVEdSRVNfSE9TVE5BTUVcIiksXG4gICAgXCJkYl9wb3J0XCIgPT4gU3lzdGVtLmdldF9lbnYoXCJQT1NUR1JFU19QT1JUXCIpIHw+IFN0cmluZy50b19pbnRlZ2VyKCksXG4gICAgXCJkYl9kYXRhYmFzZVwiID0+IFN5c3RlbS5nZXRfZW52KFwiUE9TVEdSRVNfREJcIiksXG4gICAgXCJyZXF1aXJlX3VzZXJcIiA9PiBmYWxzZSxcbiAgICBcImF1dGhfcXVlcnlcIiA9PiBcIlNFTEVDVCAqIEZST00gcGdib3VuY2VyLmdldF9hdXRoKCQxKVwiLFxuICAgIFwiZGVmYXVsdF9tYXhfY2xpZW50c1wiID0+IFN5c3RlbS5nZXRfZW52KFwiUE9PTEVSX01BWF9DTElFTlRfQ09OTlwiKSxcbiAgICBcImRlZmF1bHRfcG9vbF9zaXplXCIgPT4gU3lzdGVtLmdldF9lbnYoXCJQT09MRVJfREVGQVVMVF9QT09MX1NJWkVcIiksXG4gICAgXCJkZWZhdWx0X3BhcmFtZXRlcl9zdGF0dXNcIiA9PiAle1wic2VydmVyX3ZlcnNpb25cIiA9PiB2ZXJzaW9ufSxcbiAgICBcInVzZXJzXCIgPT4gWyV7XG4gICAgXCJkYl91c2VyXCIgPT4gXCJwZ2JvdW5jZXJcIixcbiAgICBcImRiX3Bhc3N3b3JkXCIgPT4gU3lzdGVtLmdldF9lbnYoXCJQT1NUR1JFU19QQVNTV09SRFwiKSxcbiAgICBcIm1vZGVfdHlwZVwiID0+IFN5c3RlbS5nZXRfZW52KFwiUE9PTEVSX1BPT0xfTU9ERVwiKSxcbiAgICBcInBvb2xfc2l6ZVwiID0+IFN5c3RlbS5nZXRfZW52KFwiUE9PTEVSX0RFRkFVTFRfUE9PTF9TSVpFXCIpLFxuICAgIFwiaXNfbWFuYWdlclwiID0+IHRydWVcbiAgICB9XVxufVxuXG50ZW5hbnQgPSBTdXBhdmlzb3IuVGVuYW50cy5nZXRfdGVuYW50X2J5X2V4dGVybmFsX2lkKHBhcmFtc1tcImV4dGVybmFsX2lkXCJdKVxuXG5pZiB0ZW5hbnQgZG9cbiAgezpvaywgX30gPSBTdXBhdmlzb3IuVGVuYW50cy51cGRhdGVfdGVuYW50KHRlbmFudCwgcGFyYW1zKVxuZWxzZVxuICB7Om9rLCBffSA9IFN1cGF2aXNvci5UZW5hbnRzLmNyZWF0ZV90ZW5hbnQocGFyYW1zKVxuZW5kXG4iCg==",
         "tags": [
             "firebase",
             "alternative",

From e8b3f68e66083eeacaa0b3d9b7fd2d68b4446a45 Mon Sep 17 00:00:00 2001
From: Andras Bacsai <andras.bacsai@gmail.com>
Date: Tue, 11 Mar 2025 22:29:17 +0100
Subject: [PATCH 103/145] feat(ui): Improve GitHub repository selection and
 styling

---
 resources/css/app.css                         | 11 +++----
 .../new/github-private-repository.blade.php   | 31 ++++++++++---------
 2 files changed, 22 insertions(+), 20 deletions(-)

diff --git a/resources/css/app.css b/resources/css/app.css
index f89d65d80..175ac3259 100644
--- a/resources/css/app.css
+++ b/resources/css/app.css
@@ -25,11 +25,6 @@ body {
     @apply hidden !important;
 }
 
-.input,
-.select {
-    @apply text-black dark:bg-coolgray-100 dark:text-white ring-neutral-200 dark:ring-coolgray-300;
-}
-
 .input-sticky {
     @apply text-black dark:bg-coolgray-100 dark:text-white ring-neutral-200 dark:ring-coolgray-300 focus:ring-2 dark:focus:ring-coolgray-300 focus:ring-neutral-400 block w-full py-1.5 rounded border-0 text-sm ring-1 ring-inset;
 }
@@ -51,7 +46,11 @@ body {
 
 .input,
 .select {
-    @apply block w-full py-1.5 rounded border-0 text-sm ring-1 ring-inset;
+    @apply text-black dark:bg-coolgray-100 dark:text-white ring-neutral-200 dark:ring-coolgray-300 block w-full py-1.5 rounded border-0 text-sm ring-1 ring-inset;
+}
+
+.select {
+    @apply w-full;
 }
 
 .input[type="password"] {
diff --git a/resources/views/livewire/project/new/github-private-repository.blade.php b/resources/views/livewire/project/new/github-private-repository.blade.php
index 94779e714..f4175cf21 100644
--- a/resources/views/livewire/project/new/github-private-repository.blade.php
+++ b/resources/views/livewire/project/new/github-private-repository.blade.php
@@ -15,9 +15,9 @@
     </div>
     <div class="pb-4">Deploy any public or private Git repositories through a GitHub App.</div>
     @if ($github_apps->count() !== 0)
-        <h2 class="pt-4 pb-4">Select a Github App</h2>
         <div class="flex flex-col gap-2">
             @if ($current_step === 'github_apps')
+                <h2 class="pt-4 pb-4">Select a Github App</h2>
                 <div class="flex flex-col justify-center gap-2 text-left">
                     @foreach ($github_apps as $ghapp)
                         <div class="flex">
@@ -43,25 +43,28 @@
             @endif
             @if ($current_step === 'repository')
                 @if ($repositories->count() > 0)
-                    <div class="flex items-end gap-2">
-                        <x-forms.select class="w-full" label="Repository" wire:model="selected_repository_id">
-                            @foreach ($repositories as $repo)
-                                @if ($loop->first)
-                                    <option selected value="{{ data_get($repo, 'id') }}">
-                                        {{ data_get($repo, 'name') }}
-                                    </option>
-                                @else
-                                    <option value="{{ data_get($repo, 'id') }}">{{ data_get($repo, 'name') }}
-                                    </option>
-                                @endif
-                            @endforeach
-                        </x-forms.select>
+                    <div class="flex flex-col gap-2 pb-6">
+                        <div class="flex gap-2">
+                            <x-forms.select class="w-full" label="Repository" wire:model="selected_repository_id">
+                                @foreach ($repositories as $repo)
+                                    @if ($loop->first)
+                                        <option selected value="{{ data_get($repo, 'id') }}">
+                                            {{ data_get($repo, 'name') }}
+                                        </option>
+                                    @else
+                                        <option value="{{ data_get($repo, 'id') }}">{{ data_get($repo, 'name') }}
+                                        </option>
+                                    @endif
+                                @endforeach
+                            </x-forms.select>
+                        </div>
                         <x-forms.button wire:click.prevent="loadBranches"> Load Repository </x-forms.button>
                     </div>
                 @else
                     <div>No repositories found. Check your GitHub App configuration.</div>
                 @endif
                 @if ($branches->count() > 0)
+                    <h2 class="text-lg font-bold">Configuration</h2>
                     <div class="flex flex-col gap-2 pb-6">
                         <form class="flex flex-col" wire:submit='submit'>
                             <div class="flex flex-col gap-2 pb-6">

From 79d4169eb1beafb5ecc245e16637c4e86b4e3091 Mon Sep 17 00:00:00 2001
From: Ben Hybert <ben.hybert@dualtone.co.uk>
Date: Wed, 12 Mar 2025 10:21:20 +0000
Subject: [PATCH 104/145] dont hide logs for now as it doesnt work

---
 resources/views/livewire/project/application/advanced.blade.php | 2 --
 1 file changed, 2 deletions(-)

diff --git a/resources/views/livewire/project/application/advanced.blade.php b/resources/views/livewire/project/application/advanced.blade.php
index de84f2230..0ea29b48e 100644
--- a/resources/views/livewire/project/application/advanced.blade.php
+++ b/resources/views/livewire/project/application/advanced.blade.php
@@ -58,11 +58,9 @@
                 <x-forms.checkbox instantSave id="isConnectToDockerNetworkEnabled" label="Connect To Predefined Network"
                     helper="By default, you do not reach the Coolify defined networks.<br>Starting a docker compose based resource will have an internal network. <br>If you connect to a Coolify defined network, you maybe need to use different internal DNS names to connect to a resource.<br><br>For more information, check <a class='underline dark:text-white' target='_blank' href='https://coolify.io/docs/knowledge-base/docker/compose#connect-to-predefined-networks'>this</a>." />
             @endif
-            @if ($isLogDrainEnabled === false)
                 <h3 class="pt-4">Logs</h3>
                 <x-forms.checkbox helper="Drain logs to your configured log drain endpoint in your Server settings."
                     instantSave id="isLogDrainEnabled" label="Drain Logs" />
-            @endif
 
             @if ($application->git_based())
                 <h3>Git</h3>

From f648653e107628edc760047352751febc5e95d78 Mon Sep 17 00:00:00 2001
From: Ben Hybert <ben.hybert@dualtone.co.uk>
Date: Wed, 12 Mar 2025 10:48:33 +0000
Subject: [PATCH 105/145] implement correct IF statement

---
 resources/views/livewire/project/application/advanced.blade.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/resources/views/livewire/project/application/advanced.blade.php b/resources/views/livewire/project/application/advanced.blade.php
index 0ea29b48e..ff55f297f 100644
--- a/resources/views/livewire/project/application/advanced.blade.php
+++ b/resources/views/livewire/project/application/advanced.blade.php
@@ -58,9 +58,11 @@
                 <x-forms.checkbox instantSave id="isConnectToDockerNetworkEnabled" label="Connect To Predefined Network"
                     helper="By default, you do not reach the Coolify defined networks.<br>Starting a docker compose based resource will have an internal network. <br>If you connect to a Coolify defined network, you maybe need to use different internal DNS names to connect to a resource.<br><br>For more information, check <a class='underline dark:text-white' target='_blank' href='https://coolify.io/docs/knowledge-base/docker/compose#connect-to-predefined-networks'>this</a>." />
             @endif
+            @if ($application?->destination?->server?->isLogDrainEnabled())
                 <h3 class="pt-4">Logs</h3>
                 <x-forms.checkbox helper="Drain logs to your configured log drain endpoint in your Server settings."
                     instantSave id="isLogDrainEnabled" label="Drain Logs" />
+            @endif
 
             @if ($application->git_based())
                 <h3>Git</h3>

From 3634d7d889e99a32aa2dfdf23ede527729e5a0fd Mon Sep 17 00:00:00 2001
From: Andras Bacsai <andras.bacsai@gmail.com>
Date: Wed, 12 Mar 2025 14:46:08 +0100
Subject: [PATCH 106/145] refactor(ui): Unhide log toggle in application
 settings

---
 .../livewire/project/application/advanced.blade.php      | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/resources/views/livewire/project/application/advanced.blade.php b/resources/views/livewire/project/application/advanced.blade.php
index ff55f297f..82b154bcb 100644
--- a/resources/views/livewire/project/application/advanced.blade.php
+++ b/resources/views/livewire/project/application/advanced.blade.php
@@ -58,12 +58,9 @@
                 <x-forms.checkbox instantSave id="isConnectToDockerNetworkEnabled" label="Connect To Predefined Network"
                     helper="By default, you do not reach the Coolify defined networks.<br>Starting a docker compose based resource will have an internal network. <br>If you connect to a Coolify defined network, you maybe need to use different internal DNS names to connect to a resource.<br><br>For more information, check <a class='underline dark:text-white' target='_blank' href='https://coolify.io/docs/knowledge-base/docker/compose#connect-to-predefined-networks'>this</a>." />
             @endif
-            @if ($application?->destination?->server?->isLogDrainEnabled())
-                <h3 class="pt-4">Logs</h3>
-                <x-forms.checkbox helper="Drain logs to your configured log drain endpoint in your Server settings."
-                    instantSave id="isLogDrainEnabled" label="Drain Logs" />
-            @endif
-
+            <h3 class="pt-4">Logs</h3>
+            <x-forms.checkbox helper="Drain logs to your configured log drain endpoint in your Server settings."
+                instantSave id="isLogDrainEnabled" label="Drain Logs" />
             @if ($application->git_based())
                 <h3>Git</h3>
                 <x-forms.checkbox instantSave id="isGitSubmodulesEnabled" label="Submodules"

From aaba690d5ebcb9cda76acc4af81d68387381184d Mon Sep 17 00:00:00 2001
From: Andras Bacsai <andras.bacsai@gmail.com>
Date: Wed, 12 Mar 2025 15:26:48 +0100
Subject: [PATCH 107/145] fix(plane): update APP_RELEASE to v0.25.2 in
 environment configuration

---
 templates/compose/plane.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/compose/plane.yaml b/templates/compose/plane.yaml
index f765015da..9904a1c8d 100644
--- a/templates/compose/plane.yaml
+++ b/templates/compose/plane.yaml
@@ -5,7 +5,7 @@
 
 x-app-env: &app-env
   environment:
-    - APP_RELEASE=${APP_RELEASE:-v0.25.1}
+    - APP_RELEASE=${APP_RELEASE:-v0.25.2}
     - WEB_URL=${SERVICE_FQDN_PLANE}
     - DEBUG=${DEBUG:-0}
     - CORS_ALLOWED_ORIGINS=${CORS_ALLOWED_ORIGIN:-http://localhost}

From a7318c2d77fcf16aea5b2c186cc993c620492558 Mon Sep 17 00:00:00 2001
From: Andras Bacsai <andras.bacsai@gmail.com>
Date: Wed, 12 Mar 2025 15:37:06 +0100
Subject: [PATCH 108/145] fix(domain): dispatch refreshStatus event after
 successful domain update

---
 app/Livewire/Project/Service/EditDomain.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/app/Livewire/Project/Service/EditDomain.php b/app/Livewire/Project/Service/EditDomain.php
index e89aeda85..fb1c05255 100644
--- a/app/Livewire/Project/Service/EditDomain.php
+++ b/app/Livewire/Project/Service/EditDomain.php
@@ -43,12 +43,11 @@ class EditDomain extends Component
             updateCompose($this->application);
             if (str($this->application->fqdn)->contains(',')) {
                 $this->dispatch('warning', 'Some services do not support multiple domains, which can lead to problems and is NOT RECOMMENDED.<br><br>Only use multiple domains if you know what you are doing.');
-            } else {
-                ! $warning && $this->dispatch('success', 'Service saved.');
             }
             $this->application->service->parse();
             $this->dispatch('refresh');
             $this->dispatch('configurationChanged');
+            $this->dispatch('refreshStatus');
         } catch (\Throwable $e) {
             $originalFqdn = $this->application->getOriginal('fqdn');
             if ($originalFqdn !== $this->application->fqdn) {

From fa619550c210641d3f81980320c2c05fab5fc046 Mon Sep 17 00:00:00 2001
From: Andras Bacsai <andras.bacsai@gmail.com>
Date: Wed, 12 Mar 2025 16:33:00 +0100
Subject: [PATCH 109/145] fix(database): correct container name generation for
 service databases

---
 app/Actions/Database/StartDatabaseProxy.php | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/app/Actions/Database/StartDatabaseProxy.php b/app/Actions/Database/StartDatabaseProxy.php
index 14be9d2bc..c16a5638a 100644
--- a/app/Actions/Database/StartDatabaseProxy.php
+++ b/app/Actions/Database/StartDatabaseProxy.php
@@ -27,21 +27,19 @@ class StartDatabaseProxy
         $server = data_get($database, 'destination.server');
         $containerName = data_get($database, 'uuid');
         $proxyContainerName = "{$database->uuid}-proxy";
-
         if ($database->getMorphClass() === \App\Models\ServiceDatabase::class) {
             $databaseType = $database->databaseType();
-            // $connectPredefined = data_get($database, 'service.connect_to_docker_network');
             $network = $database->service->uuid;
             $server = data_get($database, 'service.destination.server');
             $proxyContainerName = "{$database->service->uuid}-proxy";
-            $containerName = "{$database->name}-{$database->service->uuid}";
+            $containerName = str($database->name)->slug().'-'.$database->s˝ervice->uuid;
         }
-
         $internalPort = match ($databaseType) {
             'standalone-mariadb', 'standalone-mysql' => 3306,
             'standalone-postgresql', 'standalone-supabase/postgres' => 5432,
             'standalone-redis', 'standalone-keydb', 'standalone-dragonfly' => 6379,
             'standalone-clickhouse' => 9000,
+            'standalone-mongodb' => 27017,
         };
 
         $configuration_dir = database_proxy_dir($database->uuid);

From d894c3d9036b11a0071bc7cf6855e80623199100 Mon Sep 17 00:00:00 2001
From: Andras Bacsai <andras.bacsai@gmail.com>
Date: Wed, 12 Mar 2025 16:33:35 +0100
Subject: [PATCH 110/145] feat(database): implement two-step confirmation for
 database deletion

Added a new delete method in the Database component that includes a two-step confirmation process requiring the user to enter their password. If two-step confirmation is disabled, the deletion proceeds without password verification. Additionally, a confirmation modal has been integrated into the database view to prompt users before deletion, enhancing the safety of this critical operation.
---
 app/Livewire/Project/Service/Database.php     | 26 +++++++++++++++++++
 .../project/service/database.blade.php        |  4 +++
 .../livewire/project/service/index.blade.php  |  8 +++---
 3 files changed, 34 insertions(+), 4 deletions(-)

diff --git a/app/Livewire/Project/Service/Database.php b/app/Livewire/Project/Service/Database.php
index 9f02db05c..c3b7577e9 100644
--- a/app/Livewire/Project/Service/Database.php
+++ b/app/Livewire/Project/Service/Database.php
@@ -4,7 +4,10 @@ namespace App\Livewire\Project\Service;
 
 use App\Actions\Database\StartDatabaseProxy;
 use App\Actions\Database\StopDatabaseProxy;
+use App\Models\InstanceSettings;
 use App\Models\ServiceDatabase;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Hash;
 use Livewire\Component;
 
 class Database extends Component
@@ -15,6 +18,8 @@ class Database extends Component
 
     public $fileStorages;
 
+    public $parameters;
+
     protected $listeners = ['refreshFileStorages'];
 
     protected $rules = [
@@ -34,12 +39,33 @@ class Database extends Component
 
     public function mount()
     {
+        $this->parameters = get_route_parameters();
         if ($this->database->is_public) {
             $this->db_url_public = $this->database->getServiceDatabaseUrl();
         }
         $this->refreshFileStorages();
     }
 
+    public function delete($password)
+    {
+        if (! data_get(InstanceSettings::get(), 'disable_two_step_confirmation')) {
+            if (! Hash::check($password, Auth::user()->password)) {
+                $this->addError('password', 'The provided password is incorrect.');
+
+                return;
+            }
+        }
+
+        try {
+            $this->database->delete();
+            $this->dispatch('success', 'Database deleted.');
+
+            return redirect()->route('project.service.configuration', $this->parameters);
+        } catch (\Throwable $e) {
+            return handleError($e, $this);
+        }
+    }
+
     public function instantSaveExclude()
     {
         $this->submit();
diff --git a/resources/views/livewire/project/service/database.blade.php b/resources/views/livewire/project/service/database.blade.php
index c18473a14..8ec73b4de 100644
--- a/resources/views/livewire/project/service/database.blade.php
+++ b/resources/views/livewire/project/service/database.blade.php
@@ -7,6 +7,10 @@
                 <h2>{{ Str::headline($database->name) }}</h2>
             @endif
             <x-forms.button type="submit">Save</x-forms.button>
+            <x-modal-confirmation title="Confirm Service Database Deletion?" buttonTitle="Delete" isErrorButton
+                submitAction="delete" :actions="['The selected service database container will be stopped and permanently deleted.']" confirmationText="{{ Str::headline($database->name) }}"
+                confirmationLabel="Please confirm the execution of the actions by entering the Service Database Name below"
+                shortConfirmationLabel="Service Database Name" step3ButtonText="Permanently Delete" />
         </div>
         <div class="flex flex-col gap-2">
             <div class="flex gap-2">
diff --git a/resources/views/livewire/project/service/index.blade.php b/resources/views/livewire/project/service/index.blade.php
index 8796be966..d5c0c4778 100644
--- a/resources/views/livewire/project/service/index.blade.php
+++ b/resources/views/livewire/project/service/index.blade.php
@@ -3,8 +3,8 @@
     <div class="flex flex-col h-full gap-8 pt-6 sm:flex-row">
         <div class="flex flex-col items-start gap-2 min-w-fit">
             <a class="menu-item"
-                class="{{ request()->routeIs('project.service.configuration') ? 'menu-item-active' : '' }}"
-                wire:navigate href="{{ route('project.service.configuration', [...$parameters, 'stack_service_uuid' => null]) }}">
+                class="{{ request()->routeIs('project.service.configuration') ? 'menu-item-active' : '' }}" wire:navigate
+                href="{{ route('project.service.configuration', [...$parameters, 'stack_service_uuid' => null]) }}">
                 <button><- Back</button>
             </a>
             <a class="menu-item" :class="activeTab === 'general' && 'menu-item-active'"
@@ -12,8 +12,8 @@
                 wire:navigate href="#">General</a>
             @if ($serviceDatabase?->isBackupSolutionAvailable())
                 <a :class="activeTab === 'backups' && 'menu-item-active'" class="menu-item"
-                    @click.prevent="activeTab = 'backups'; window.location.hash = 'backups'"
-                    wire:navigate href="#backups">Backups</a>
+                    @click.prevent="activeTab = 'backups'; window.location.hash = 'backups'" wire:navigate
+                    href="#backups">Backups</a>
             @endif
         </div>
         <div class="w-full">

From 18fe524cdbd578d0f9f8bb8b787771f8f80f380c Mon Sep 17 00:00:00 2001
From: Andras Bacsai <andras.bacsai@gmail.com>
Date: Wed, 12 Mar 2025 16:34:42 +0100
Subject: [PATCH 111/145] fix(database): limit container name length for
 database proxy

Updated the container name generation logic in StartDatabaseProxy to ensure the resulting name does not exceed 32 characters. This change prevents potential issues with container name length restrictions, enhancing the robustness of the database proxy setup.
---
 app/Actions/Database/StartDatabaseProxy.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Actions/Database/StartDatabaseProxy.php b/app/Actions/Database/StartDatabaseProxy.php
index c16a5638a..8d7d1ce2e 100644
--- a/app/Actions/Database/StartDatabaseProxy.php
+++ b/app/Actions/Database/StartDatabaseProxy.php
@@ -32,7 +32,7 @@ class StartDatabaseProxy
             $network = $database->service->uuid;
             $server = data_get($database, 'service.destination.server');
             $proxyContainerName = "{$database->service->uuid}-proxy";
-            $containerName = str($database->name)->slug().'-'.$database->s˝ervice->uuid;
+            $containerName = substr(str($database->name)->slug().'-'.$database->service->uuid, 0, 32);
         }
         $internalPort = match ($databaseType) {
             'standalone-mariadb', 'standalone-mysql' => 3306,

From 078ef62eb87fd27bef1494779777cd807a852501 Mon Sep 17 00:00:00 2001
From: Andras Bacsai <andras.bacsai@gmail.com>
Date: Wed, 12 Mar 2025 16:35:47 +0100
Subject: [PATCH 112/145] fix(database): handle unsupported database types in
 StartDatabaseProxy

Added a default case to the switch statement in StartDatabaseProxy to throw an exception for unsupported database types. This change improves error handling and ensures that only valid database types are processed, enhancing the robustness of the database proxy functionality.
---
 app/Actions/Database/StartDatabaseProxy.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/Actions/Database/StartDatabaseProxy.php b/app/Actions/Database/StartDatabaseProxy.php
index 8d7d1ce2e..3b36e9b70 100644
--- a/app/Actions/Database/StartDatabaseProxy.php
+++ b/app/Actions/Database/StartDatabaseProxy.php
@@ -40,6 +40,7 @@ class StartDatabaseProxy
             'standalone-redis', 'standalone-keydb', 'standalone-dragonfly' => 6379,
             'standalone-clickhouse' => 9000,
             'standalone-mongodb' => 27017,
+            default => throw new \Exception("Unsupported database type: $databaseType"),
         };
 
         $configuration_dir = database_proxy_dir($database->uuid);

From a07b581478acfc039c051e343d0e96ae054cbee3 Mon Sep 17 00:00:00 2001
From: Andras Bacsai <andras.bacsai@gmail.com>
Date: Wed, 12 Mar 2025 16:46:31 +0100
Subject: [PATCH 113/145] fix(database): simplify container name generation in
 StartDatabaseProxy

---
 app/Actions/Database/StartDatabaseProxy.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Actions/Database/StartDatabaseProxy.php b/app/Actions/Database/StartDatabaseProxy.php
index 3b36e9b70..c4a40f020 100644
--- a/app/Actions/Database/StartDatabaseProxy.php
+++ b/app/Actions/Database/StartDatabaseProxy.php
@@ -32,7 +32,7 @@ class StartDatabaseProxy
             $network = $database->service->uuid;
             $server = data_get($database, 'service.destination.server');
             $proxyContainerName = "{$database->service->uuid}-proxy";
-            $containerName = substr(str($database->name)->slug().'-'.$database->service->uuid, 0, 32);
+            $containerName = "{$database->name}-{$database->service->uuid}";
         }
         $internalPort = match ($databaseType) {
             'standalone-mariadb', 'standalone-mysql' => 3306,

From 81ecbec1b6445413a36d11147f350b383b0b7bf3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 12 Mar 2025 22:46:41 +0000
Subject: [PATCH 114/145] chore(deps): bump laravel/framework from 11.44.0 to
 11.44.1

Bumps [laravel/framework](https://github.com/laravel/framework) from 11.44.0 to 11.44.1.
- [Release notes](https://github.com/laravel/framework/releases)
- [Changelog](https://github.com/laravel/framework/blob/12.x/CHANGELOG.md)
- [Commits](https://github.com/laravel/framework/compare/v11.44.0...v11.44.1)

---
updated-dependencies:
- dependency-name: laravel/framework
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 composer.lock | 145 +++++++++++++++++++++++---------------------------
 1 file changed, 66 insertions(+), 79 deletions(-)

diff --git a/composer.lock b/composer.lock
index 65271cb1a..d070b919f 100644
--- a/composer.lock
+++ b/composer.lock
@@ -1079,16 +1079,16 @@
         },
         {
             "name": "brick/math",
-            "version": "0.12.1",
+            "version": "0.12.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/brick/math.git",
-                "reference": "f510c0a40911935b77b86859eb5223d58d660df1"
+                "reference": "866551da34e9a618e64a819ee1e01c20d8a588ba"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/brick/math/zipball/f510c0a40911935b77b86859eb5223d58d660df1",
-                "reference": "f510c0a40911935b77b86859eb5223d58d660df1",
+                "url": "https://api.github.com/repos/brick/math/zipball/866551da34e9a618e64a819ee1e01c20d8a588ba",
+                "reference": "866551da34e9a618e64a819ee1e01c20d8a588ba",
                 "shasum": ""
             },
             "require": {
@@ -1097,7 +1097,7 @@
             "require-dev": {
                 "php-coveralls/php-coveralls": "^2.2",
                 "phpunit/phpunit": "^10.1",
-                "vimeo/psalm": "5.16.0"
+                "vimeo/psalm": "6.8.8"
             },
             "type": "library",
             "autoload": {
@@ -1127,7 +1127,7 @@
             ],
             "support": {
                 "issues": "https://github.com/brick/math/issues",
-                "source": "https://github.com/brick/math/tree/0.12.1"
+                "source": "https://github.com/brick/math/tree/0.12.3"
             },
             "funding": [
                 {
@@ -1135,7 +1135,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2023-11-29T23:19:16+00:00"
+            "time": "2025-02-28T13:11:00+00:00"
         },
         {
             "name": "carbonphp/carbon-doctrine-types",
@@ -2732,16 +2732,16 @@
         },
         {
             "name": "laravel/framework",
-            "version": "v11.44.0",
+            "version": "v11.44.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/laravel/framework.git",
-                "reference": "e9a33da34815ac1ed46c7e4c477a775f4592f0a7"
+                "reference": "0883d4175f4e2b5c299e7087ad3c74f2ce195c6d"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/laravel/framework/zipball/e9a33da34815ac1ed46c7e4c477a775f4592f0a7",
-                "reference": "e9a33da34815ac1ed46c7e4c477a775f4592f0a7",
+                "url": "https://api.github.com/repos/laravel/framework/zipball/0883d4175f4e2b5c299e7087ad3c74f2ce195c6d",
+                "reference": "0883d4175f4e2b5c299e7087ad3c74f2ce195c6d",
                 "shasum": ""
             },
             "require": {
@@ -2849,7 +2849,7 @@
                 "league/flysystem-read-only": "^3.25.1",
                 "league/flysystem-sftp-v3": "^3.25.1",
                 "mockery/mockery": "^1.6.10",
-                "orchestra/testbench-core": "^9.9.4",
+                "orchestra/testbench-core": "^9.11.2",
                 "pda/pheanstalk": "^5.0.6",
                 "php-http/discovery": "^1.15",
                 "phpstan/phpstan": "^2.0",
@@ -2943,7 +2943,7 @@
                 "issues": "https://github.com/laravel/framework/issues",
                 "source": "https://github.com/laravel/framework"
             },
-            "time": "2025-02-24T13:08:54+00:00"
+            "time": "2025-03-05T15:34:10+00:00"
         },
         {
             "name": "laravel/horizon",
@@ -6944,16 +6944,16 @@
         },
         {
             "name": "ramsey/collection",
-            "version": "2.0.0",
+            "version": "2.1.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/ramsey/collection.git",
-                "reference": "a4b48764bfbb8f3a6a4d1aeb1a35bb5e9ecac4a5"
+                "reference": "3c5990b8a5e0b79cd1cf11c2dc1229e58e93f109"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/ramsey/collection/zipball/a4b48764bfbb8f3a6a4d1aeb1a35bb5e9ecac4a5",
-                "reference": "a4b48764bfbb8f3a6a4d1aeb1a35bb5e9ecac4a5",
+                "url": "https://api.github.com/repos/ramsey/collection/zipball/3c5990b8a5e0b79cd1cf11c2dc1229e58e93f109",
+                "reference": "3c5990b8a5e0b79cd1cf11c2dc1229e58e93f109",
                 "shasum": ""
             },
             "require": {
@@ -6961,25 +6961,22 @@
             },
             "require-dev": {
                 "captainhook/plugin-composer": "^5.3",
-                "ergebnis/composer-normalize": "^2.28.3",
-                "fakerphp/faker": "^1.21",
+                "ergebnis/composer-normalize": "^2.45",
+                "fakerphp/faker": "^1.24",
                 "hamcrest/hamcrest-php": "^2.0",
-                "jangregor/phpstan-prophecy": "^1.0",
-                "mockery/mockery": "^1.5",
+                "jangregor/phpstan-prophecy": "^2.1",
+                "mockery/mockery": "^1.6",
                 "php-parallel-lint/php-console-highlighter": "^1.0",
-                "php-parallel-lint/php-parallel-lint": "^1.3",
-                "phpcsstandards/phpcsutils": "^1.0.0-rc1",
-                "phpspec/prophecy-phpunit": "^2.0",
-                "phpstan/extension-installer": "^1.2",
-                "phpstan/phpstan": "^1.9",
-                "phpstan/phpstan-mockery": "^1.1",
-                "phpstan/phpstan-phpunit": "^1.3",
-                "phpunit/phpunit": "^9.5",
-                "psalm/plugin-mockery": "^1.1",
-                "psalm/plugin-phpunit": "^0.18.4",
-                "ramsey/coding-standard": "^2.0.3",
-                "ramsey/conventional-commits": "^1.3",
-                "vimeo/psalm": "^5.4"
+                "php-parallel-lint/php-parallel-lint": "^1.4",
+                "phpspec/prophecy-phpunit": "^2.3",
+                "phpstan/extension-installer": "^1.4",
+                "phpstan/phpstan": "^2.1",
+                "phpstan/phpstan-mockery": "^2.0",
+                "phpstan/phpstan-phpunit": "^2.0",
+                "phpunit/phpunit": "^10.5",
+                "ramsey/coding-standard": "^2.3",
+                "ramsey/conventional-commits": "^1.6",
+                "roave/security-advisories": "dev-latest"
             },
             "type": "library",
             "extra": {
@@ -7017,19 +7014,9 @@
             ],
             "support": {
                 "issues": "https://github.com/ramsey/collection/issues",
-                "source": "https://github.com/ramsey/collection/tree/2.0.0"
+                "source": "https://github.com/ramsey/collection/tree/2.1.0"
             },
-            "funding": [
-                {
-                    "url": "https://github.com/ramsey",
-                    "type": "github"
-                },
-                {
-                    "url": "https://tidelift.com/funding/github/packagist/ramsey/collection",
-                    "type": "tidelift"
-                }
-            ],
-            "time": "2022-12-31T21:50:55+00:00"
+            "time": "2025-03-02T04:48:29+00:00"
         },
         {
             "name": "ramsey/uuid",
@@ -8887,16 +8874,16 @@
         },
         {
             "name": "symfony/error-handler",
-            "version": "v7.2.3",
+            "version": "v7.2.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/error-handler.git",
-                "reference": "959a74d044a6db21f4caa6d695648dcb5584cb49"
+                "reference": "aabf79938aa795350c07ce6464dd1985607d95d5"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/error-handler/zipball/959a74d044a6db21f4caa6d695648dcb5584cb49",
-                "reference": "959a74d044a6db21f4caa6d695648dcb5584cb49",
+                "url": "https://api.github.com/repos/symfony/error-handler/zipball/aabf79938aa795350c07ce6464dd1985607d95d5",
+                "reference": "aabf79938aa795350c07ce6464dd1985607d95d5",
                 "shasum": ""
             },
             "require": {
@@ -8942,7 +8929,7 @@
             "description": "Provides tools to manage errors and ease debugging PHP code",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/error-handler/tree/v7.2.3"
+                "source": "https://github.com/symfony/error-handler/tree/v7.2.4"
             },
             "funding": [
                 {
@@ -8958,7 +8945,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-01-07T09:39:55+00:00"
+            "time": "2025-02-02T20:27:07+00:00"
         },
         {
             "name": "symfony/event-dispatcher",
@@ -9260,16 +9247,16 @@
         },
         {
             "name": "symfony/http-kernel",
-            "version": "v7.2.3",
+            "version": "v7.2.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/http-kernel.git",
-                "reference": "caae9807f8e25a9b43ce8cc6fafab6cf91f0cc9b"
+                "reference": "9f1103734c5789798fefb90e91de4586039003ed"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/http-kernel/zipball/caae9807f8e25a9b43ce8cc6fafab6cf91f0cc9b",
-                "reference": "caae9807f8e25a9b43ce8cc6fafab6cf91f0cc9b",
+                "url": "https://api.github.com/repos/symfony/http-kernel/zipball/9f1103734c5789798fefb90e91de4586039003ed",
+                "reference": "9f1103734c5789798fefb90e91de4586039003ed",
                 "shasum": ""
             },
             "require": {
@@ -9354,7 +9341,7 @@
             "description": "Provides a structured process for converting a Request into a Response",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/http-kernel/tree/v7.2.3"
+                "source": "https://github.com/symfony/http-kernel/tree/v7.2.4"
             },
             "funding": [
                 {
@@ -9370,7 +9357,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-01-29T07:40:13+00:00"
+            "time": "2025-02-26T11:01:22+00:00"
         },
         {
             "name": "symfony/mailer",
@@ -9454,16 +9441,16 @@
         },
         {
             "name": "symfony/mime",
-            "version": "v7.2.3",
+            "version": "v7.2.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/mime.git",
-                "reference": "2fc3b4bd67e4747e45195bc4c98bea4628476204"
+                "reference": "87ca22046b78c3feaff04b337f33b38510fd686b"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/mime/zipball/2fc3b4bd67e4747e45195bc4c98bea4628476204",
-                "reference": "2fc3b4bd67e4747e45195bc4c98bea4628476204",
+                "url": "https://api.github.com/repos/symfony/mime/zipball/87ca22046b78c3feaff04b337f33b38510fd686b",
+                "reference": "87ca22046b78c3feaff04b337f33b38510fd686b",
                 "shasum": ""
             },
             "require": {
@@ -9518,7 +9505,7 @@
                 "mime-type"
             ],
             "support": {
-                "source": "https://github.com/symfony/mime/tree/v7.2.3"
+                "source": "https://github.com/symfony/mime/tree/v7.2.4"
             },
             "funding": [
                 {
@@ -9534,7 +9521,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-01-27T11:08:17+00:00"
+            "time": "2025-02-19T08:51:20+00:00"
         },
         {
             "name": "symfony/options-resolver",
@@ -10321,16 +10308,16 @@
         },
         {
             "name": "symfony/process",
-            "version": "v7.2.0",
+            "version": "v7.2.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/process.git",
-                "reference": "d34b22ba9390ec19d2dd966c40aa9e8462f27a7e"
+                "reference": "d8f411ff3c7ddc4ae9166fb388d1190a2df5b5cf"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/process/zipball/d34b22ba9390ec19d2dd966c40aa9e8462f27a7e",
-                "reference": "d34b22ba9390ec19d2dd966c40aa9e8462f27a7e",
+                "url": "https://api.github.com/repos/symfony/process/zipball/d8f411ff3c7ddc4ae9166fb388d1190a2df5b5cf",
+                "reference": "d8f411ff3c7ddc4ae9166fb388d1190a2df5b5cf",
                 "shasum": ""
             },
             "require": {
@@ -10362,7 +10349,7 @@
             "description": "Executes commands in sub-processes",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/process/tree/v7.2.0"
+                "source": "https://github.com/symfony/process/tree/v7.2.4"
             },
             "funding": [
                 {
@@ -10378,7 +10365,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-11-06T14:24:19+00:00"
+            "time": "2025-02-05T08:33:46+00:00"
         },
         {
             "name": "symfony/psr-http-message-bridge",
@@ -10778,16 +10765,16 @@
         },
         {
             "name": "symfony/translation",
-            "version": "v7.2.2",
+            "version": "v7.2.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/translation.git",
-                "reference": "e2674a30132b7cc4d74540d6c2573aa363f05923"
+                "reference": "283856e6981286cc0d800b53bd5703e8e363f05a"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/translation/zipball/e2674a30132b7cc4d74540d6c2573aa363f05923",
-                "reference": "e2674a30132b7cc4d74540d6c2573aa363f05923",
+                "url": "https://api.github.com/repos/symfony/translation/zipball/283856e6981286cc0d800b53bd5703e8e363f05a",
+                "reference": "283856e6981286cc0d800b53bd5703e8e363f05a",
                 "shasum": ""
             },
             "require": {
@@ -10853,7 +10840,7 @@
             "description": "Provides tools to internationalize your application",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/translation/tree/v7.2.2"
+                "source": "https://github.com/symfony/translation/tree/v7.2.4"
             },
             "funding": [
                 {
@@ -10869,7 +10856,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-12-07T08:18:10+00:00"
+            "time": "2025-02-13T10:27:23+00:00"
         },
         {
             "name": "symfony/translation-contracts",
@@ -15569,12 +15556,12 @@
     ],
     "aliases": [],
     "minimum-stability": "stable",
-    "stability-flags": {},
+    "stability-flags": [],
     "prefer-stable": true,
     "prefer-lowest": false,
     "platform": {
         "php": "^8.4"
     },
-    "platform-dev": {},
-    "plugin-api-version": "2.6.0"
+    "platform-dev": [],
+    "plugin-api-version": "2.3.0"
 }

From 6d90ed2f8f0537477c94186e0e8bc1ff33d8a79d Mon Sep 17 00:00:00 2001
From: Andras Bacsai <andras.bacsai@gmail.com>
Date: Thu, 13 Mar 2025 08:43:53 +0100
Subject: [PATCH 115/145] feat(assets): add new SVG logo for Coolify

---
 public/coolify-logo.svg | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 public/coolify-logo.svg

diff --git a/public/coolify-logo.svg b/public/coolify-logo.svg
new file mode 100644
index 000000000..6f4f641f5
--- /dev/null
+++ b/public/coolify-logo.svg
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg version="1.1" viewBox="0 0 2048 2048" width="512" height="512" xmlns="http://www.w3.org/2000/svg">
+<path transform="translate(257,640)" d="m0 0h254l1 1v127h127l1 1v639h895l1 1v127h127l1 1v254l-5 1h-1018l-1-1v-127h-127l-1-1v-127h-127l-1-1v-127h-127l-1-1v-766z" fill="#8550FC"/>
+<path transform="translate(513,384)" d="m0 0h1022l1 1v127h127l1 1v254l-5 1h-1018l-1-1v-127h-127l-1-1v-254z" fill="#8550FC"/>
+<path transform="translate(1537,1536)" d="m0 0h126l1 1v254l-5 1h-1018l-1-1v-126l896-1v-29z" fill="#452E72"/>
+<path transform="translate(1537,512)" d="m0 0h126l1 1v254l-5 1h-1018l-1-1v-126l896-1v-29z" fill="#452E72"/>
+<path transform="translate(513,768)" d="m0 0h126l1 1v638l-7 1-108-1-12-1z" fill="#452E72"/>
+<path transform="translate(478,1408)" d="m0 0h32l1 1v127h-126l-1-1v-126z" fill="#452E72"/>
+</svg>

From 46f55c946362d50448e64454b6a01377424446f4 Mon Sep 17 00:00:00 2001
From: Andras Bacsai <andras.bacsai@gmail.com>
Date: Thu, 13 Mar 2025 08:44:04 +0100
Subject: [PATCH 116/145] feat(install): enhance Docker address pool
 configuration and validation

Updated the install scripts to include support for custom Docker address pool configurations via environment variables. Added validation for the address pool base and size, with default values provided. The script now checks for existing configurations in the .env file and merges them appropriately, ensuring a more flexible and user-friendly installation process. Additionally, the version has been bumped to 1.8 to reflect these enhancements.
---
 other/nightly/install.sh | 270 +++++++++++++++++++++++++++++++++------
 scripts/install.sh       | 264 ++++++++++++++++++++++++++++++++------
 2 files changed, 457 insertions(+), 77 deletions(-)

diff --git a/other/nightly/install.sh b/other/nightly/install.sh
index 31d0a1759..d9a3656eb 100755
--- a/other/nightly/install.sh
+++ b/other/nightly/install.sh
@@ -1,6 +1,14 @@
 #!/bin/bash
 ## Do not modify this file. You will lose the ability to install and auto-update!
 
+## Environment variables that can be set:
+## ROOT_USERNAME - Predefined root username
+## ROOT_USER_EMAIL - Predefined root user email
+## ROOT_USER_PASSWORD - Predefined root user password
+## DOCKER_ADDRESS_POOL_BASE - Custom Docker address pool base (default: 10.0.0.0/8)
+## DOCKER_ADDRESS_POOL_SIZE - Custom Docker address pool size (default: 24)
+## AUTOUPDATE - Set to "false" to disable auto-updates
+
 set -e # Exit immediately if a command exits with a non-zero status
 ## $1 could be empty, so we need to disable this check
 #set -u # Treat unset variables as an error and exit
@@ -8,7 +16,7 @@ set -o pipefail # Cause a pipeline to return the status of the last command that
 CDN="https://cdn.coollabs.io/coolify-nightly"
 DATE=$(date +"%Y%m%d-%H%M%S")
 
-VERSION="1.7"
+VERSION="1.8"
 DOCKER_VERSION="27.0"
 # TODO: Ask for a user
 CURRENT_USER=$USER
@@ -27,6 +35,80 @@ ROOT_USERNAME=${ROOT_USERNAME:-}
 ROOT_USER_EMAIL=${ROOT_USER_EMAIL:-}
 ROOT_USER_PASSWORD=${ROOT_USER_PASSWORD:-}
 
+# Docker address pool configuration defaults
+DOCKER_ADDRESS_POOL_BASE_DEFAULT="10.0.0.0/8"
+DOCKER_ADDRESS_POOL_SIZE_DEFAULT=24
+
+# Check if environment variables were explicitly provided
+DOCKER_POOL_BASE_PROVIDED=false
+DOCKER_POOL_SIZE_PROVIDED=false
+
+if [ -n "${DOCKER_ADDRESS_POOL_BASE+x}" ]; then
+    DOCKER_POOL_BASE_PROVIDED=true
+fi
+
+if [ -n "${DOCKER_ADDRESS_POOL_SIZE+x}" ]; then
+    DOCKER_POOL_SIZE_PROVIDED=true
+fi
+
+# Function to compare address pools
+compare_address_pools() {
+    local base1="$1"
+    local size1="$2"
+    local base2="$3"
+    local size2="$4"
+    
+    # Normalize CIDR notation for comparison
+    local ip1=$(echo "$base1" | cut -d'/' -f1)
+    local prefix1=$(echo "$base1" | cut -d'/' -f2)
+    local ip2=$(echo "$base2" | cut -d'/' -f1)
+    local prefix2=$(echo "$base2" | cut -d'/' -f2)
+    
+    # Compare IPs and prefixes
+    if [ "$ip1" = "$ip2" ] && [ "$prefix1" = "$prefix2" ] && [ "$size1" = "$size2" ]; then
+        return 0  # Pools are the same
+    else
+        return 1  # Pools are different
+    fi
+}
+
+# Docker address pool configuration
+DOCKER_ADDRESS_POOL_BASE=${DOCKER_ADDRESS_POOL_BASE:-"$DOCKER_ADDRESS_POOL_BASE_DEFAULT"}
+DOCKER_ADDRESS_POOL_SIZE=${DOCKER_ADDRESS_POOL_SIZE:-$DOCKER_ADDRESS_POOL_SIZE_DEFAULT}
+
+# Load Docker address pool configuration from .env file if it exists and environment variables were not provided
+if [ -f "/data/coolify/source/.env" ] && [ "$DOCKER_POOL_BASE_PROVIDED" = false ] && [ "$DOCKER_POOL_SIZE_PROVIDED" = false ]; then
+    ENV_DOCKER_ADDRESS_POOL_BASE=$(grep -E "^DOCKER_ADDRESS_POOL_BASE=" /data/coolify/source/.env | cut -d '=' -f2)
+    ENV_DOCKER_ADDRESS_POOL_SIZE=$(grep -E "^DOCKER_ADDRESS_POOL_SIZE=" /data/coolify/source/.env | cut -d '=' -f2)
+    
+    if [ -n "$ENV_DOCKER_ADDRESS_POOL_BASE" ] || [ -n "$ENV_DOCKER_ADDRESS_POOL_SIZE" ]; then
+        echo "Found custom docker address pool configuration in .env file."
+    fi
+
+    if [ -n "$ENV_DOCKER_ADDRESS_POOL_BASE" ]; then
+        echo "Using Docker address pool base: $ENV_DOCKER_ADDRESS_POOL_BASE"
+        DOCKER_ADDRESS_POOL_BASE="$ENV_DOCKER_ADDRESS_POOL_BASE"
+    fi
+    
+    if [ -n "$ENV_DOCKER_ADDRESS_POOL_SIZE" ]; then
+        echo "Using Docker address pool size: $ENV_DOCKER_ADDRESS_POOL_SIZE"
+        DOCKER_ADDRESS_POOL_SIZE="$ENV_DOCKER_ADDRESS_POOL_SIZE"
+    fi
+fi
+
+# Validate Docker address pool configuration
+if ! [[ $DOCKER_ADDRESS_POOL_BASE =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/[0-9]+$ ]]; then
+    echo "Warning: Invalid DOCKER_ADDRESS_POOL_BASE format: $DOCKER_ADDRESS_POOL_BASE"
+    echo "Using default value: $DOCKER_ADDRESS_POOL_BASE_DEFAULT"
+    DOCKER_ADDRESS_POOL_BASE="$DOCKER_ADDRESS_POOL_BASE_DEFAULT"
+fi
+
+if ! [[ $DOCKER_ADDRESS_POOL_SIZE =~ ^[0-9]+$ ]] || [ "$DOCKER_ADDRESS_POOL_SIZE" -lt 16 ] || [ "$DOCKER_ADDRESS_POOL_SIZE" -gt 28 ]; then
+    echo "Warning: Invalid DOCKER_ADDRESS_POOL_SIZE: $DOCKER_ADDRESS_POOL_SIZE (must be a number between 16 and 28)"
+    echo "Using default value: $DOCKER_ADDRESS_POOL_SIZE_DEFAULT"
+    DOCKER_ADDRESS_POOL_SIZE=$DOCKER_ADDRESS_POOL_SIZE_DEFAULT
+fi
+
 TOTAL_SPACE=$(df -BG / | awk 'NR==2 {print $2}' | sed 's/G//')
 AVAILABLE_SPACE=$(df -BG / | awk 'NR==2 {print $4}' | sed 's/G//')
 REQUIRED_TOTAL_SPACE=30
@@ -160,6 +242,7 @@ echo "| Docker            | $DOCKER_VERSION"
 echo "| Coolify           | $LATEST_VERSION"
 echo "| Helper            | $LATEST_HELPER_VERSION"
 echo "| Realtime          | $LATEST_REALTIME_VERSION"
+echo "| Docker Pool       | $DOCKER_ADDRESS_POOL_BASE (size $DOCKER_ADDRESS_POOL_SIZE)"
 echo -e "---------------------------------------------\n"
 echo -e "1. Installing required packages (curl, wget, git, jq, openssl). "
 
@@ -336,13 +419,13 @@ if ! [ -x "$(command -v docker)" ]; then
                 exit 1
             fi
             ;;
-        "fedora")
+        "centos" | "fedora" | "rhel")
             if [ -x "$(command -v dnf5)" ]; then
                 # dnf5 is available
-                dnf config-manager addrepo --from-repofile=https://download.docker.com/linux/fedora/docker-ce.repo --overwrite >/dev/null 2>&1
+                dnf config-manager addrepo --from-repofile=https://download.docker.com/linux/$OS_TYPE/docker-ce.repo --overwrite >/dev/null 2>&1
             else
                 # dnf5 is not available, use dnf
-                dnf config-manager --add-repo=https://download.docker.com/linux/fedora/docker-ce.repo >/dev/null 2>&1
+                dnf config-manager --add-repo=https://download.docker.com/linux/$OS_TYPE/docker-ce.repo >/dev/null 2>&1
             fi
             dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin >/dev/null 2>&1
             if ! [ -x "$(command -v docker)" ]; then
@@ -375,38 +458,109 @@ else
 fi
 
 echo -e "4. Check Docker Configuration. "
-mkdir -p /etc/docker
-# shellcheck disable=SC2015
-test -s /etc/docker/daemon.json && cp /etc/docker/daemon.json /etc/docker/daemon.json.original-"$DATE" || cat >/etc/docker/daemon.json <<EOL
-{
-  "log-driver": "json-file",
-  "log-opts": {
-    "max-size": "10m",
-    "max-file": "3"
-  },
-  "default-address-pools": [
-    {"base":"10.0.0.0/8","size":24}
-  ]
-}
-EOL
-cat >/etc/docker/daemon.json.coolify <<EOL
-{
-  "log-driver": "json-file",
-  "log-opts": {
-    "max-size": "10m",
-    "max-file": "3"
-  },
-  "default-address-pools": [
-    {"base":"10.0.0.0/8","size":24}
-  ]
-}
-EOL
-TEMP_FILE=$(mktemp)
-if ! jq -s '.[0] * .[1]' /etc/docker/daemon.json /etc/docker/daemon.json.coolify >"$TEMP_FILE"; then
-    echo "Error merging JSON files"
-    exit 1
+
+# Check if daemon.json exists and extract existing address pool configuration
+if [ -f /etc/docker/daemon.json ]; then
+    echo " - Existing Docker configuration found."
+    if jq -e '.["default-address-pools"]' /etc/docker/daemon.json >/dev/null 2>&1; then
+        EXISTING_POOL_BASE=$(jq -r '.["default-address-pools"][0].base' /etc/docker/daemon.json 2>/dev/null)
+        EXISTING_POOL_SIZE=$(jq -r '.["default-address-pools"][0].size' /etc/docker/daemon.json 2>/dev/null)
+        
+        if [ -n "$EXISTING_POOL_BASE" ] && [ -n "$EXISTING_POOL_SIZE" ] && [ "$EXISTING_POOL_BASE" != "null" ] && [ "$EXISTING_POOL_SIZE" != "null" ]; then
+            echo " - Found existing Docker address pool: $EXISTING_POOL_BASE (size $EXISTING_POOL_SIZE)"
+            
+            # Check if environment variables were explicitly provided
+            if [ "$DOCKER_POOL_BASE_PROVIDED" = false ] && [ "$DOCKER_POOL_SIZE_PROVIDED" = false ]; then
+                echo " - No custom Docker address pool provided. Using existing configuration."
+                DOCKER_ADDRESS_POOL_BASE="$EXISTING_POOL_BASE"
+                DOCKER_ADDRESS_POOL_SIZE="$EXISTING_POOL_SIZE"
+            else
+                # Check if the provided values are different from existing ones
+                if compare_address_pools "$DOCKER_ADDRESS_POOL_BASE" "$DOCKER_ADDRESS_POOL_SIZE" "$EXISTING_POOL_BASE" "$EXISTING_POOL_SIZE"; then
+                    echo " - Provided Docker address pool is identical to existing configuration."
+                else
+                    echo " - Custom Docker address pool provided: $DOCKER_ADDRESS_POOL_BASE (size $DOCKER_ADDRESS_POOL_SIZE)"
+                    echo " - This will override the existing configuration in daemon.json: $EXISTING_POOL_BASE (size $EXISTING_POOL_SIZE)"
+                fi
+            fi
+        fi
+    fi
+fi
+
+echo " - Using Docker address pool: ${DOCKER_ADDRESS_POOL_BASE} (size ${DOCKER_ADDRESS_POOL_SIZE})"
+echo "   To override, set DOCKER_ADDRESS_POOL_BASE and DOCKER_ADDRESS_POOL_SIZE environment variables."
+
+mkdir -p /etc/docker
+
+# Backup original daemon.json if it exists
+if [ -f /etc/docker/daemon.json ]; then
+    cp /etc/docker/daemon.json /etc/docker/daemon.json.original-"$DATE"
+fi
+
+# Create coolify configuration with or without address pools based on whether they were explicitly provided
+if [ "$DOCKER_POOL_BASE_PROVIDED" = true ] || [ "$DOCKER_POOL_SIZE_PROVIDED" = true ] || ! [ -f /etc/docker/daemon.json ]; then
+    # If environment variables were explicitly provided or daemon.json doesn't exist,
+    # create a new configuration with the specified address pools
+    cat >/etc/docker/daemon.json.coolify <<EOL
+{
+  "log-driver": "json-file",
+  "log-opts": {
+    "max-size": "10m",
+    "max-file": "3"
+  },
+  "default-address-pools": [
+    {"base":"${DOCKER_ADDRESS_POOL_BASE}","size":${DOCKER_ADDRESS_POOL_SIZE}}
+  ]
+}
+EOL
+    NEED_MERGE=true
+else
+    # Check if we need to update log settings
+    if [ -f /etc/docker/daemon.json ] && jq -e '.["log-driver"] == "json-file" and .["log-opts"]["max-size"] == "10m" and .["log-opts"]["max-file"] == "3"' /etc/docker/daemon.json >/dev/null 2>&1; then
+        echo " - Docker log configuration is already set correctly."
+        NEED_MERGE=false
+    else
+        # If no environment variables were provided and daemon.json exists,
+        # create a configuration without address pools to preserve existing ones
+        cat >/etc/docker/daemon.json.coolify <<EOL
+{
+  "log-driver": "json-file",
+  "log-opts": {
+    "max-size": "10m",
+    "max-file": "3"
+  }
+}
+EOL
+        NEED_MERGE=true
+    fi
+fi
+
+# If daemon.json doesn't exist, create it
+if ! [ -f /etc/docker/daemon.json ]; then
+    cat >/etc/docker/daemon.json <<EOL
+{
+  "log-driver": "json-file",
+  "log-opts": {
+    "max-size": "10m",
+    "max-file": "3"
+  },
+  "default-address-pools": [
+    {"base":"${DOCKER_ADDRESS_POOL_BASE}","size":${DOCKER_ADDRESS_POOL_SIZE}}
+  ]
+}
+EOL
+    NEED_MERGE=false
+fi
+
+# Merge the configurations if needed
+if [ "$NEED_MERGE" = true ]; then
+    TEMP_FILE=$(mktemp)
+    if ! jq -s '.[0] * .[1]' /etc/docker/daemon.json /etc/docker/daemon.json.coolify >"$TEMP_FILE"; then
+        echo "Error merging JSON files"
+        exit 1
+    fi
+    mv "$TEMP_FILE" /etc/docker/daemon.json
 fi
-mv "$TEMP_FILE" /etc/docker/daemon.json
 
 restart_docker_service() {
     # Check if systemctl is available
@@ -443,14 +597,30 @@ restart_docker_service() {
 if [ -s /etc/docker/daemon.json.original-"$DATE" ]; then
     DIFF=$(diff <(jq --sort-keys . /etc/docker/daemon.json) <(jq --sort-keys . /etc/docker/daemon.json.original-"$DATE"))
     if [ "$DIFF" != "" ]; then
+        echo " - Docker configuration updated, checking changes..."
+        
+        # Check if address pools were changed
+        if echo "$DIFF" | grep -q "default-address-pools"; then
+            if [ "$DOCKER_POOL_BASE_PROVIDED" = true ] || [ "$DOCKER_POOL_SIZE_PROVIDED" = true ]; then
+                echo " - Docker address pools were explicitly changed by user request."
+            else
+                echo " - Warning: Docker address pools were changed but not by user request."
+                echo "   This might be due to a configuration issue. Please check your Docker configuration."
+            fi
+        fi
+        
+        echo " - Restarting Docker daemon..."
+        restart_docker_service
+    else
+        echo " - Docker configuration is up to date, no restart needed."
+    fi
+else
+    if [ "$NEED_MERGE" = true ]; then
         echo " - Docker configuration updated, restart docker daemon..."
         restart_docker_service
     else
-        echo " - Docker configuration is up to date."
+        echo " - Docker configuration is up to date, no restart needed."
     fi
-else
-    echo " - Docker configuration updated, restart docker daemon..."
-    restart_docker_service
 fi
 
 echo -e "5. Download required files from CDN. "
@@ -510,6 +680,26 @@ if [ "$AUTOUPDATE" = "false" ]; then
         sed -i "s|AUTOUPDATE=.*|AUTOUPDATE=false|g" /data/coolify/source/.env
     fi
 fi
+
+# Save Docker address pool configuration to .env file
+if ! grep -q "DOCKER_ADDRESS_POOL_BASE=" /data/coolify/source/.env; then
+    echo "DOCKER_ADDRESS_POOL_BASE=$DOCKER_ADDRESS_POOL_BASE" >>/data/coolify/source/.env
+else
+    # Only update if explicitly provided
+    if [ "$DOCKER_POOL_BASE_PROVIDED" = true ]; then
+        sed -i "s|DOCKER_ADDRESS_POOL_BASE=.*|DOCKER_ADDRESS_POOL_BASE=$DOCKER_ADDRESS_POOL_BASE|g" /data/coolify/source/.env
+    fi
+fi
+
+if ! grep -q "DOCKER_ADDRESS_POOL_SIZE=" /data/coolify/source/.env; then
+    echo "DOCKER_ADDRESS_POOL_SIZE=$DOCKER_ADDRESS_POOL_SIZE" >>/data/coolify/source/.env
+else
+    # Only update if explicitly provided
+    if [ "$DOCKER_POOL_SIZE_PROVIDED" = true ]; then
+        sed -i "s|DOCKER_ADDRESS_POOL_SIZE=.*|DOCKER_ADDRESS_POOL_SIZE=$DOCKER_ADDRESS_POOL_SIZE|g" /data/coolify/source/.env
+    fi
+fi
+
 echo -e "8. Checking for SSH key for localhost access."
 if [ ! -f ~/.ssh/authorized_keys ]; then
     mkdir -p ~/.ssh
@@ -572,4 +762,4 @@ if [ -n "$PRIVATE_IPS" ]; then
     done
 fi
 echo -e "\nWARNING: It is highly recommended to backup your Environment variables file (/data/coolify/source/.env) to a safe location, outside of this server (e.g. into a Password Manager).\n"
-cp /data/coolify/source/.env /data/coolify/source/.env.backup
+cp /data/coolify/source/.env /data/coolify/source/.env.backup
\ No newline at end of file
diff --git a/scripts/install.sh b/scripts/install.sh
index 2162c0bf4..42bdb91b2 100755
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -1,6 +1,14 @@
 #!/bin/bash
 ## Do not modify this file. You will lose the ability to install and auto-update!
 
+## Environment variables that can be set:
+## ROOT_USERNAME - Predefined root username
+## ROOT_USER_EMAIL - Predefined root user email
+## ROOT_USER_PASSWORD - Predefined root user password
+## DOCKER_ADDRESS_POOL_BASE - Custom Docker address pool base (default: 10.0.0.0/8)
+## DOCKER_ADDRESS_POOL_SIZE - Custom Docker address pool size (default: 24)
+## AUTOUPDATE - Set to "false" to disable auto-updates
+
 set -e # Exit immediately if a command exits with a non-zero status
 ## $1 could be empty, so we need to disable this check
 #set -u # Treat unset variables as an error and exit
@@ -8,7 +16,7 @@ set -o pipefail # Cause a pipeline to return the status of the last command that
 CDN="https://cdn.coollabs.io/coolify"
 DATE=$(date +"%Y%m%d-%H%M%S")
 
-VERSION="1.7"
+VERSION="1.8"
 DOCKER_VERSION="27.0"
 # TODO: Ask for a user
 CURRENT_USER=$USER
@@ -27,6 +35,80 @@ ROOT_USERNAME=${ROOT_USERNAME:-}
 ROOT_USER_EMAIL=${ROOT_USER_EMAIL:-}
 ROOT_USER_PASSWORD=${ROOT_USER_PASSWORD:-}
 
+# Docker address pool configuration defaults
+DOCKER_ADDRESS_POOL_BASE_DEFAULT="10.0.0.0/8"
+DOCKER_ADDRESS_POOL_SIZE_DEFAULT=24
+
+# Check if environment variables were explicitly provided
+DOCKER_POOL_BASE_PROVIDED=false
+DOCKER_POOL_SIZE_PROVIDED=false
+
+if [ -n "${DOCKER_ADDRESS_POOL_BASE+x}" ]; then
+    DOCKER_POOL_BASE_PROVIDED=true
+fi
+
+if [ -n "${DOCKER_ADDRESS_POOL_SIZE+x}" ]; then
+    DOCKER_POOL_SIZE_PROVIDED=true
+fi
+
+# Function to compare address pools
+compare_address_pools() {
+    local base1="$1"
+    local size1="$2"
+    local base2="$3"
+    local size2="$4"
+    
+    # Normalize CIDR notation for comparison
+    local ip1=$(echo "$base1" | cut -d'/' -f1)
+    local prefix1=$(echo "$base1" | cut -d'/' -f2)
+    local ip2=$(echo "$base2" | cut -d'/' -f1)
+    local prefix2=$(echo "$base2" | cut -d'/' -f2)
+    
+    # Compare IPs and prefixes
+    if [ "$ip1" = "$ip2" ] && [ "$prefix1" = "$prefix2" ] && [ "$size1" = "$size2" ]; then
+        return 0  # Pools are the same
+    else
+        return 1  # Pools are different
+    fi
+}
+
+# Docker address pool configuration
+DOCKER_ADDRESS_POOL_BASE=${DOCKER_ADDRESS_POOL_BASE:-"$DOCKER_ADDRESS_POOL_BASE_DEFAULT"}
+DOCKER_ADDRESS_POOL_SIZE=${DOCKER_ADDRESS_POOL_SIZE:-$DOCKER_ADDRESS_POOL_SIZE_DEFAULT}
+
+# Load Docker address pool configuration from .env file if it exists and environment variables were not provided
+if [ -f "/data/coolify/source/.env" ] && [ "$DOCKER_POOL_BASE_PROVIDED" = false ] && [ "$DOCKER_POOL_SIZE_PROVIDED" = false ]; then
+    ENV_DOCKER_ADDRESS_POOL_BASE=$(grep -E "^DOCKER_ADDRESS_POOL_BASE=" /data/coolify/source/.env | cut -d '=' -f2)
+    ENV_DOCKER_ADDRESS_POOL_SIZE=$(grep -E "^DOCKER_ADDRESS_POOL_SIZE=" /data/coolify/source/.env | cut -d '=' -f2)
+    
+    if [ -n "$ENV_DOCKER_ADDRESS_POOL_BASE" ] || [ -n "$ENV_DOCKER_ADDRESS_POOL_SIZE" ]; then
+        echo "Found custom docker address pool configuration in .env file."
+    fi
+
+    if [ -n "$ENV_DOCKER_ADDRESS_POOL_BASE" ]; then
+        echo "Using Docker address pool base: $ENV_DOCKER_ADDRESS_POOL_BASE"
+        DOCKER_ADDRESS_POOL_BASE="$ENV_DOCKER_ADDRESS_POOL_BASE"
+    fi
+    
+    if [ -n "$ENV_DOCKER_ADDRESS_POOL_SIZE" ]; then
+        echo "Using Docker address pool size: $ENV_DOCKER_ADDRESS_POOL_SIZE"
+        DOCKER_ADDRESS_POOL_SIZE="$ENV_DOCKER_ADDRESS_POOL_SIZE"
+    fi
+fi
+
+# Validate Docker address pool configuration
+if ! [[ $DOCKER_ADDRESS_POOL_BASE =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/[0-9]+$ ]]; then
+    echo "Warning: Invalid DOCKER_ADDRESS_POOL_BASE format: $DOCKER_ADDRESS_POOL_BASE"
+    echo "Using default value: $DOCKER_ADDRESS_POOL_BASE_DEFAULT"
+    DOCKER_ADDRESS_POOL_BASE="$DOCKER_ADDRESS_POOL_BASE_DEFAULT"
+fi
+
+if ! [[ $DOCKER_ADDRESS_POOL_SIZE =~ ^[0-9]+$ ]] || [ "$DOCKER_ADDRESS_POOL_SIZE" -lt 16 ] || [ "$DOCKER_ADDRESS_POOL_SIZE" -gt 28 ]; then
+    echo "Warning: Invalid DOCKER_ADDRESS_POOL_SIZE: $DOCKER_ADDRESS_POOL_SIZE (must be a number between 16 and 28)"
+    echo "Using default value: $DOCKER_ADDRESS_POOL_SIZE_DEFAULT"
+    DOCKER_ADDRESS_POOL_SIZE=$DOCKER_ADDRESS_POOL_SIZE_DEFAULT
+fi
+
 TOTAL_SPACE=$(df -BG / | awk 'NR==2 {print $2}' | sed 's/G//')
 AVAILABLE_SPACE=$(df -BG / | awk 'NR==2 {print $4}' | sed 's/G//')
 REQUIRED_TOTAL_SPACE=30
@@ -160,6 +242,7 @@ echo "| Docker            | $DOCKER_VERSION"
 echo "| Coolify           | $LATEST_VERSION"
 echo "| Helper            | $LATEST_HELPER_VERSION"
 echo "| Realtime          | $LATEST_REALTIME_VERSION"
+echo "| Docker Pool       | $DOCKER_ADDRESS_POOL_BASE (size $DOCKER_ADDRESS_POOL_SIZE)"
 echo -e "---------------------------------------------\n"
 echo -e "1. Installing required packages (curl, wget, git, jq, openssl). "
 
@@ -375,38 +458,109 @@ else
 fi
 
 echo -e "4. Check Docker Configuration. "
-mkdir -p /etc/docker
-# shellcheck disable=SC2015
-test -s /etc/docker/daemon.json && cp /etc/docker/daemon.json /etc/docker/daemon.json.original-"$DATE" || cat >/etc/docker/daemon.json <<EOL
-{
-  "log-driver": "json-file",
-  "log-opts": {
-    "max-size": "10m",
-    "max-file": "3"
-  },
-  "default-address-pools": [
-    {"base":"10.0.0.0/8","size":24}
-  ]
-}
-EOL
-cat >/etc/docker/daemon.json.coolify <<EOL
-{
-  "log-driver": "json-file",
-  "log-opts": {
-    "max-size": "10m",
-    "max-file": "3"
-  },
-  "default-address-pools": [
-    {"base":"10.0.0.0/8","size":24}
-  ]
-}
-EOL
-TEMP_FILE=$(mktemp)
-if ! jq -s '.[0] * .[1]' /etc/docker/daemon.json /etc/docker/daemon.json.coolify >"$TEMP_FILE"; then
-    echo "Error merging JSON files"
-    exit 1
+
+# Check if daemon.json exists and extract existing address pool configuration
+if [ -f /etc/docker/daemon.json ]; then
+    echo " - Existing Docker configuration found."
+    if jq -e '.["default-address-pools"]' /etc/docker/daemon.json >/dev/null 2>&1; then
+        EXISTING_POOL_BASE=$(jq -r '.["default-address-pools"][0].base' /etc/docker/daemon.json 2>/dev/null)
+        EXISTING_POOL_SIZE=$(jq -r '.["default-address-pools"][0].size' /etc/docker/daemon.json 2>/dev/null)
+        
+        if [ -n "$EXISTING_POOL_BASE" ] && [ -n "$EXISTING_POOL_SIZE" ] && [ "$EXISTING_POOL_BASE" != "null" ] && [ "$EXISTING_POOL_SIZE" != "null" ]; then
+            echo " - Found existing Docker address pool: $EXISTING_POOL_BASE (size $EXISTING_POOL_SIZE)"
+            
+            # Check if environment variables were explicitly provided
+            if [ "$DOCKER_POOL_BASE_PROVIDED" = false ] && [ "$DOCKER_POOL_SIZE_PROVIDED" = false ]; then
+                echo " - No custom Docker address pool provided. Using existing configuration."
+                DOCKER_ADDRESS_POOL_BASE="$EXISTING_POOL_BASE"
+                DOCKER_ADDRESS_POOL_SIZE="$EXISTING_POOL_SIZE"
+            else
+                # Check if the provided values are different from existing ones
+                if compare_address_pools "$DOCKER_ADDRESS_POOL_BASE" "$DOCKER_ADDRESS_POOL_SIZE" "$EXISTING_POOL_BASE" "$EXISTING_POOL_SIZE"; then
+                    echo " - Provided Docker address pool is identical to existing configuration."
+                else
+                    echo " - Custom Docker address pool provided: $DOCKER_ADDRESS_POOL_BASE (size $DOCKER_ADDRESS_POOL_SIZE)"
+                    echo " - This will override the existing configuration in daemon.json: $EXISTING_POOL_BASE (size $EXISTING_POOL_SIZE)"
+                fi
+            fi
+        fi
+    fi
+fi
+
+echo " - Using Docker address pool: ${DOCKER_ADDRESS_POOL_BASE} (size ${DOCKER_ADDRESS_POOL_SIZE})"
+echo "   To override, set DOCKER_ADDRESS_POOL_BASE and DOCKER_ADDRESS_POOL_SIZE environment variables."
+
+mkdir -p /etc/docker
+
+# Backup original daemon.json if it exists
+if [ -f /etc/docker/daemon.json ]; then
+    cp /etc/docker/daemon.json /etc/docker/daemon.json.original-"$DATE"
+fi
+
+# Create coolify configuration with or without address pools based on whether they were explicitly provided
+if [ "$DOCKER_POOL_BASE_PROVIDED" = true ] || [ "$DOCKER_POOL_SIZE_PROVIDED" = true ] || ! [ -f /etc/docker/daemon.json ]; then
+    # If environment variables were explicitly provided or daemon.json doesn't exist,
+    # create a new configuration with the specified address pools
+    cat >/etc/docker/daemon.json.coolify <<EOL
+{
+  "log-driver": "json-file",
+  "log-opts": {
+    "max-size": "10m",
+    "max-file": "3"
+  },
+  "default-address-pools": [
+    {"base":"${DOCKER_ADDRESS_POOL_BASE}","size":${DOCKER_ADDRESS_POOL_SIZE}}
+  ]
+}
+EOL
+    NEED_MERGE=true
+else
+    # Check if we need to update log settings
+    if [ -f /etc/docker/daemon.json ] && jq -e '.["log-driver"] == "json-file" and .["log-opts"]["max-size"] == "10m" and .["log-opts"]["max-file"] == "3"' /etc/docker/daemon.json >/dev/null 2>&1; then
+        echo " - Docker log configuration is already set correctly."
+        NEED_MERGE=false
+    else
+        # If no environment variables were provided and daemon.json exists,
+        # create a configuration without address pools to preserve existing ones
+        cat >/etc/docker/daemon.json.coolify <<EOL
+{
+  "log-driver": "json-file",
+  "log-opts": {
+    "max-size": "10m",
+    "max-file": "3"
+  }
+}
+EOL
+        NEED_MERGE=true
+    fi
+fi
+
+# If daemon.json doesn't exist, create it
+if ! [ -f /etc/docker/daemon.json ]; then
+    cat >/etc/docker/daemon.json <<EOL
+{
+  "log-driver": "json-file",
+  "log-opts": {
+    "max-size": "10m",
+    "max-file": "3"
+  },
+  "default-address-pools": [
+    {"base":"${DOCKER_ADDRESS_POOL_BASE}","size":${DOCKER_ADDRESS_POOL_SIZE}}
+  ]
+}
+EOL
+    NEED_MERGE=false
+fi
+
+# Merge the configurations if needed
+if [ "$NEED_MERGE" = true ]; then
+    TEMP_FILE=$(mktemp)
+    if ! jq -s '.[0] * .[1]' /etc/docker/daemon.json /etc/docker/daemon.json.coolify >"$TEMP_FILE"; then
+        echo "Error merging JSON files"
+        exit 1
+    fi
+    mv "$TEMP_FILE" /etc/docker/daemon.json
 fi
-mv "$TEMP_FILE" /etc/docker/daemon.json
 
 restart_docker_service() {
     # Check if systemctl is available
@@ -443,14 +597,30 @@ restart_docker_service() {
 if [ -s /etc/docker/daemon.json.original-"$DATE" ]; then
     DIFF=$(diff <(jq --sort-keys . /etc/docker/daemon.json) <(jq --sort-keys . /etc/docker/daemon.json.original-"$DATE"))
     if [ "$DIFF" != "" ]; then
+        echo " - Docker configuration updated, checking changes..."
+        
+        # Check if address pools were changed
+        if echo "$DIFF" | grep -q "default-address-pools"; then
+            if [ "$DOCKER_POOL_BASE_PROVIDED" = true ] || [ "$DOCKER_POOL_SIZE_PROVIDED" = true ]; then
+                echo " - Docker address pools were explicitly changed by user request."
+            else
+                echo " - Warning: Docker address pools were changed but not by user request."
+                echo "   This might be due to a configuration issue. Please check your Docker configuration."
+            fi
+        fi
+        
+        echo " - Restarting Docker daemon..."
+        restart_docker_service
+    else
+        echo " - Docker configuration is up to date, no restart needed."
+    fi
+else
+    if [ "$NEED_MERGE" = true ]; then
         echo " - Docker configuration updated, restart docker daemon..."
         restart_docker_service
     else
-        echo " - Docker configuration is up to date."
+        echo " - Docker configuration is up to date, no restart needed."
     fi
-else
-    echo " - Docker configuration updated, restart docker daemon..."
-    restart_docker_service
 fi
 
 echo -e "5. Download required files from CDN. "
@@ -510,6 +680,26 @@ if [ "$AUTOUPDATE" = "false" ]; then
         sed -i "s|AUTOUPDATE=.*|AUTOUPDATE=false|g" /data/coolify/source/.env
     fi
 fi
+
+# Save Docker address pool configuration to .env file
+if ! grep -q "DOCKER_ADDRESS_POOL_BASE=" /data/coolify/source/.env; then
+    echo "DOCKER_ADDRESS_POOL_BASE=$DOCKER_ADDRESS_POOL_BASE" >>/data/coolify/source/.env
+else
+    # Only update if explicitly provided
+    if [ "$DOCKER_POOL_BASE_PROVIDED" = true ]; then
+        sed -i "s|DOCKER_ADDRESS_POOL_BASE=.*|DOCKER_ADDRESS_POOL_BASE=$DOCKER_ADDRESS_POOL_BASE|g" /data/coolify/source/.env
+    fi
+fi
+
+if ! grep -q "DOCKER_ADDRESS_POOL_SIZE=" /data/coolify/source/.env; then
+    echo "DOCKER_ADDRESS_POOL_SIZE=$DOCKER_ADDRESS_POOL_SIZE" >>/data/coolify/source/.env
+else
+    # Only update if explicitly provided
+    if [ "$DOCKER_POOL_SIZE_PROVIDED" = true ]; then
+        sed -i "s|DOCKER_ADDRESS_POOL_SIZE=.*|DOCKER_ADDRESS_POOL_SIZE=$DOCKER_ADDRESS_POOL_SIZE|g" /data/coolify/source/.env
+    fi
+fi
+
 echo -e "8. Checking for SSH key for localhost access."
 if [ ! -f ~/.ssh/authorized_keys ]; then
     mkdir -p ~/.ssh
@@ -572,4 +762,4 @@ if [ -n "$PRIVATE_IPS" ]; then
     done
 fi
 echo -e "\nWARNING: It is highly recommended to backup your Environment variables file (/data/coolify/source/.env) to a safe location, outside of this server (e.g. into a Password Manager).\n"
-cp /data/coolify/source/.env /data/coolify/source/.env.backup
+cp /data/coolify/source/.env /data/coolify/source/.env.backup
\ No newline at end of file

From d0b8a20564c15a8c948fe4ce6c1c2bf342ada3b0 Mon Sep 17 00:00:00 2001
From: Andras Bacsai <andras.bacsai@gmail.com>
Date: Thu, 13 Mar 2025 10:47:27 +0100
Subject: [PATCH 117/145] feat(install): improve Docker address pool management
 and service restart logic

Enhanced the install script to support a force override for Docker address pool configurations, allowing users to update existing settings if desired. The script now checks for existing configurations in the daemon.json file and provides clearer messaging regarding the use of custom pools versus existing configurations. Additionally, the restart logic for the Docker service has been streamlined, ensuring that unnecessary restarts are avoided when configurations remain unchanged. This update improves the flexibility and usability of the installation process.
---
 other/nightly/install.sh | 233 ++++++++++++++++++++++-----------------
 scripts/install.sh       | 233 ++++++++++++++++++++++-----------------
 2 files changed, 260 insertions(+), 206 deletions(-)

diff --git a/other/nightly/install.sh b/other/nightly/install.sh
index d9a3656eb..af28baee1 100755
--- a/other/nightly/install.sh
+++ b/other/nightly/install.sh
@@ -42,6 +42,7 @@ DOCKER_ADDRESS_POOL_SIZE_DEFAULT=24
 # Check if environment variables were explicitly provided
 DOCKER_POOL_BASE_PROVIDED=false
 DOCKER_POOL_SIZE_PROVIDED=false
+DOCKER_POOL_FORCE_OVERRIDE=${DOCKER_POOL_FORCE_OVERRIDE:-false}
 
 if [ -n "${DOCKER_ADDRESS_POOL_BASE+x}" ]; then
     DOCKER_POOL_BASE_PROVIDED=true
@@ -51,6 +52,32 @@ if [ -n "${DOCKER_ADDRESS_POOL_SIZE+x}" ]; then
     DOCKER_POOL_SIZE_PROVIDED=true
 fi
 
+restart_docker_service() {
+    # Check if systemctl is available
+    if command -v systemctl >/dev/null 2>&1; then
+        systemctl restart docker
+        if [ $? -eq 0 ]; then
+            echo " - Docker daemon restarted successfully"
+        else
+            echo " - Failed to restart Docker daemon"
+            return 1
+        fi
+    # Check if service command is available
+    elif command -v service >/dev/null 2>&1; then
+        service docker restart
+        if [ $? -eq 0 ]; then
+            echo " - Docker daemon restarted successfully"
+        else
+            echo " - Failed to restart Docker daemon"
+            return 1
+        fi
+    # If neither systemctl nor service is available
+    else
+        echo " - Error: No service management system found"
+        return 1
+    fi
+}
+
 # Function to compare address pools
 compare_address_pools() {
     local base1="$1"
@@ -81,32 +108,69 @@ if [ -f "/data/coolify/source/.env" ] && [ "$DOCKER_POOL_BASE_PROVIDED" = false
     ENV_DOCKER_ADDRESS_POOL_BASE=$(grep -E "^DOCKER_ADDRESS_POOL_BASE=" /data/coolify/source/.env | cut -d '=' -f2)
     ENV_DOCKER_ADDRESS_POOL_SIZE=$(grep -E "^DOCKER_ADDRESS_POOL_SIZE=" /data/coolify/source/.env | cut -d '=' -f2)
     
-    if [ -n "$ENV_DOCKER_ADDRESS_POOL_BASE" ] || [ -n "$ENV_DOCKER_ADDRESS_POOL_SIZE" ]; then
-        echo "Found custom docker address pool configuration in .env file."
-    fi
-
     if [ -n "$ENV_DOCKER_ADDRESS_POOL_BASE" ]; then
-        echo "Using Docker address pool base: $ENV_DOCKER_ADDRESS_POOL_BASE"
         DOCKER_ADDRESS_POOL_BASE="$ENV_DOCKER_ADDRESS_POOL_BASE"
     fi
     
     if [ -n "$ENV_DOCKER_ADDRESS_POOL_SIZE" ]; then
-        echo "Using Docker address pool size: $ENV_DOCKER_ADDRESS_POOL_SIZE"
         DOCKER_ADDRESS_POOL_SIZE="$ENV_DOCKER_ADDRESS_POOL_SIZE"
     fi
 fi
 
+# Check if daemon.json exists and extract existing address pool configuration
+EXISTING_POOL_CONFIGURED=false
+if [ -f /etc/docker/daemon.json ]; then
+    if jq -e '.["default-address-pools"]' /etc/docker/daemon.json >/dev/null 2>&1; then
+        EXISTING_POOL_BASE=$(jq -r '.["default-address-pools"][0].base' /etc/docker/daemon.json 2>/dev/null)
+        EXISTING_POOL_SIZE=$(jq -r '.["default-address-pools"][0].size' /etc/docker/daemon.json 2>/dev/null)
+        
+        if [ -n "$EXISTING_POOL_BASE" ] && [ -n "$EXISTING_POOL_SIZE" ] && [ "$EXISTING_POOL_BASE" != "null" ] && [ "$EXISTING_POOL_SIZE" != "null" ]; then
+            echo "Found existing Docker network pool: $EXISTING_POOL_BASE/$EXISTING_POOL_SIZE"
+            EXISTING_POOL_CONFIGURED=true
+            
+            # Check if environment variables were explicitly provided
+            if [ "$DOCKER_POOL_BASE_PROVIDED" = false ] && [ "$DOCKER_POOL_SIZE_PROVIDED" = false ]; then
+                DOCKER_ADDRESS_POOL_BASE="$EXISTING_POOL_BASE"
+                DOCKER_ADDRESS_POOL_SIZE="$EXISTING_POOL_SIZE"
+            else
+                # Check if force override is enabled
+                if [ "$DOCKER_POOL_FORCE_OVERRIDE" = true ]; then
+                    echo "Force override enabled - network pool will be updated with $DOCKER_ADDRESS_POOL_BASE/$DOCKER_ADDRESS_POOL_SIZE."
+                else
+                    echo "Custom pool provided but force override not enabled - using existing configuration."
+                    echo "To force override, set DOCKER_POOL_FORCE_OVERRIDE=true"
+                    echo "This won't change the existing docker networks, only the pool configuration for the newly created networks."
+                    DOCKER_ADDRESS_POOL_BASE="$EXISTING_POOL_BASE"
+                    DOCKER_ADDRESS_POOL_SIZE="$EXISTING_POOL_SIZE"
+                    DOCKER_POOL_BASE_PROVIDED=false
+                    DOCKER_POOL_SIZE_PROVIDED=false
+                fi
+            fi
+        fi
+    fi
+fi
+
 # Validate Docker address pool configuration
 if ! [[ $DOCKER_ADDRESS_POOL_BASE =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/[0-9]+$ ]]; then
-    echo "Warning: Invalid DOCKER_ADDRESS_POOL_BASE format: $DOCKER_ADDRESS_POOL_BASE"
-    echo "Using default value: $DOCKER_ADDRESS_POOL_BASE_DEFAULT"
-    DOCKER_ADDRESS_POOL_BASE="$DOCKER_ADDRESS_POOL_BASE_DEFAULT"
+    echo "Warning: Invalid network pool base format: $DOCKER_ADDRESS_POOL_BASE"
+    if [ "$EXISTING_POOL_CONFIGURED" = true ]; then
+        echo "Using existing configuration: $EXISTING_POOL_BASE"
+        DOCKER_ADDRESS_POOL_BASE="$EXISTING_POOL_BASE"
+    else
+        echo "Using default configuration: $DOCKER_ADDRESS_POOL_BASE_DEFAULT"
+        DOCKER_ADDRESS_POOL_BASE="$DOCKER_ADDRESS_POOL_BASE_DEFAULT"
+    fi
 fi
 
 if ! [[ $DOCKER_ADDRESS_POOL_SIZE =~ ^[0-9]+$ ]] || [ "$DOCKER_ADDRESS_POOL_SIZE" -lt 16 ] || [ "$DOCKER_ADDRESS_POOL_SIZE" -gt 28 ]; then
-    echo "Warning: Invalid DOCKER_ADDRESS_POOL_SIZE: $DOCKER_ADDRESS_POOL_SIZE (must be a number between 16 and 28)"
-    echo "Using default value: $DOCKER_ADDRESS_POOL_SIZE_DEFAULT"
-    DOCKER_ADDRESS_POOL_SIZE=$DOCKER_ADDRESS_POOL_SIZE_DEFAULT
+    echo "Warning: Invalid network pool size: $DOCKER_ADDRESS_POOL_SIZE (must be 16-28)"
+    if [ "$EXISTING_POOL_CONFIGURED" = true ]; then
+        echo "Using existing configuration: $EXISTING_POOL_SIZE"
+        DOCKER_ADDRESS_POOL_SIZE="$EXISTING_POOL_SIZE"
+    else
+        echo "Using default configuration: $DOCKER_ADDRESS_POOL_SIZE_DEFAULT"
+        DOCKER_ADDRESS_POOL_SIZE=$DOCKER_ADDRESS_POOL_SIZE_DEFAULT
+    fi
 fi
 
 TOTAL_SPACE=$(df -BG / | awk 'NR==2 {print $2}' | sed 's/G//')
@@ -459,36 +523,8 @@ fi
 
 echo -e "4. Check Docker Configuration. "
 
-# Check if daemon.json exists and extract existing address pool configuration
-if [ -f /etc/docker/daemon.json ]; then
-    echo " - Existing Docker configuration found."
-    if jq -e '.["default-address-pools"]' /etc/docker/daemon.json >/dev/null 2>&1; then
-        EXISTING_POOL_BASE=$(jq -r '.["default-address-pools"][0].base' /etc/docker/daemon.json 2>/dev/null)
-        EXISTING_POOL_SIZE=$(jq -r '.["default-address-pools"][0].size' /etc/docker/daemon.json 2>/dev/null)
-        
-        if [ -n "$EXISTING_POOL_BASE" ] && [ -n "$EXISTING_POOL_SIZE" ] && [ "$EXISTING_POOL_BASE" != "null" ] && [ "$EXISTING_POOL_SIZE" != "null" ]; then
-            echo " - Found existing Docker address pool: $EXISTING_POOL_BASE (size $EXISTING_POOL_SIZE)"
-            
-            # Check if environment variables were explicitly provided
-            if [ "$DOCKER_POOL_BASE_PROVIDED" = false ] && [ "$DOCKER_POOL_SIZE_PROVIDED" = false ]; then
-                echo " - No custom Docker address pool provided. Using existing configuration."
-                DOCKER_ADDRESS_POOL_BASE="$EXISTING_POOL_BASE"
-                DOCKER_ADDRESS_POOL_SIZE="$EXISTING_POOL_SIZE"
-            else
-                # Check if the provided values are different from existing ones
-                if compare_address_pools "$DOCKER_ADDRESS_POOL_BASE" "$DOCKER_ADDRESS_POOL_SIZE" "$EXISTING_POOL_BASE" "$EXISTING_POOL_SIZE"; then
-                    echo " - Provided Docker address pool is identical to existing configuration."
-                else
-                    echo " - Custom Docker address pool provided: $DOCKER_ADDRESS_POOL_BASE (size $DOCKER_ADDRESS_POOL_SIZE)"
-                    echo " - This will override the existing configuration in daemon.json: $EXISTING_POOL_BASE (size $EXISTING_POOL_SIZE)"
-                fi
-            fi
-        fi
-    fi
-fi
-
-echo " - Using Docker address pool: ${DOCKER_ADDRESS_POOL_BASE} (size ${DOCKER_ADDRESS_POOL_SIZE})"
-echo "   To override, set DOCKER_ADDRESS_POOL_BASE and DOCKER_ADDRESS_POOL_SIZE environment variables."
+echo " - Network pool configuration: ${DOCKER_ADDRESS_POOL_BASE}/${DOCKER_ADDRESS_POOL_SIZE}"
+echo " - To override existing configuration: DOCKER_POOL_FORCE_OVERRIDE=true"
 
 mkdir -p /etc/docker
 
@@ -498,10 +534,20 @@ if [ -f /etc/docker/daemon.json ]; then
 fi
 
 # Create coolify configuration with or without address pools based on whether they were explicitly provided
-if [ "$DOCKER_POOL_BASE_PROVIDED" = true ] || [ "$DOCKER_POOL_SIZE_PROVIDED" = true ] || ! [ -f /etc/docker/daemon.json ]; then
-    # If environment variables were explicitly provided or daemon.json doesn't exist,
-    # create a new configuration with the specified address pools
-    cat >/etc/docker/daemon.json.coolify <<EOL
+if [ "$DOCKER_POOL_FORCE_OVERRIDE" = true ] || [ "$EXISTING_POOL_CONFIGURED" = false ]; then
+    # First check if the configuration would actually change anything
+    if [ -f /etc/docker/daemon.json ]; then
+        CURRENT_POOL_BASE=$(jq -r '.["default-address-pools"][0].base' /etc/docker/daemon.json 2>/dev/null)
+        CURRENT_POOL_SIZE=$(jq -r '.["default-address-pools"][0].size' /etc/docker/daemon.json 2>/dev/null)
+        
+        if [ "$CURRENT_POOL_BASE" = "$DOCKER_ADDRESS_POOL_BASE" ] && [ "$CURRENT_POOL_SIZE" = "$DOCKER_ADDRESS_POOL_SIZE" ]; then
+            echo " - Network pool configuration unchanged, skipping update"
+            NEED_MERGE=false
+        else
+            # If force override is enabled or no existing configuration exists,
+            # create a new configuration with the specified address pools
+            echo " - Creating new Docker configuration with network pool: ${DOCKER_ADDRESS_POOL_BASE}/${DOCKER_ADDRESS_POOL_SIZE}"
+            cat >/etc/docker/daemon.json <<EOL
 {
   "log-driver": "json-file",
   "log-opts": {
@@ -513,15 +559,32 @@ if [ "$DOCKER_POOL_BASE_PROVIDED" = true ] || [ "$DOCKER_POOL_SIZE_PROVIDED" = t
   ]
 }
 EOL
-    NEED_MERGE=true
+            NEED_MERGE=true
+        fi
+    else
+        # No existing configuration, create new one
+        echo " - Creating new Docker configuration with network pool: ${DOCKER_ADDRESS_POOL_BASE}/${DOCKER_ADDRESS_POOL_SIZE}"
+        cat >/etc/docker/daemon.json <<EOL
+{
+  "log-driver": "json-file",
+  "log-opts": {
+    "max-size": "10m",
+    "max-file": "3"
+  },
+  "default-address-pools": [
+    {"base":"${DOCKER_ADDRESS_POOL_BASE}","size":${DOCKER_ADDRESS_POOL_SIZE}}
+  ]
+}
+EOL
+        NEED_MERGE=true
+    fi
 else
     # Check if we need to update log settings
     if [ -f /etc/docker/daemon.json ] && jq -e '.["log-driver"] == "json-file" and .["log-opts"]["max-size"] == "10m" and .["log-opts"]["max-file"] == "3"' /etc/docker/daemon.json >/dev/null 2>&1; then
-        echo " - Docker log configuration is already set correctly."
+        echo " - Log configuration is up to date"
         NEED_MERGE=false
     else
-        # If no environment variables were provided and daemon.json exists,
-        # create a configuration without address pools to preserve existing ones
+        # Create a configuration without address pools to preserve existing ones
         cat >/etc/docker/daemon.json.coolify <<EOL
 {
   "log-driver": "json-file",
@@ -535,8 +598,9 @@ EOL
     fi
 fi
 
-# If daemon.json doesn't exist, create it
+# Remove the duplicate daemon.json creation since we handle it above
 if ! [ -f /etc/docker/daemon.json ]; then
+    # If no daemon.json exists, create it with default settings
     cat >/etc/docker/daemon.json <<EOL
 {
   "log-driver": "json-file",
@@ -552,74 +616,37 @@ EOL
     NEED_MERGE=false
 fi
 
-# Merge the configurations if needed
-if [ "$NEED_MERGE" = true ]; then
-    TEMP_FILE=$(mktemp)
-    if ! jq -s '.[0] * .[1]' /etc/docker/daemon.json /etc/docker/daemon.json.coolify >"$TEMP_FILE"; then
-        echo "Error merging JSON files"
-        exit 1
-    fi
-    mv "$TEMP_FILE" /etc/docker/daemon.json
-fi
-
-restart_docker_service() {
-    # Check if systemctl is available
-    if command -v systemctl >/dev/null 2>&1; then
-        echo " - Using systemctl to restart Docker."
-        systemctl restart docker
-
-        if [ $? -eq 0 ]; then
-            echo " - Docker restarted successfully using systemctl."
-        else
-            echo " - Failed to restart Docker using systemctl."
-            return 1
-        fi
-
-    # Check if service command is available
-    elif command -v service >/dev/null 2>&1; then
-        echo " - Using service command to restart Docker."
-        service docker restart
-
-        if [ $? -eq 0 ]; then
-            echo " - Docker restarted successfully using service."
-        else
-            echo " - Failed to restart Docker using service."
-            return 1
-        fi
-
-    # If neither systemctl nor service is available
-    else
-        echo " - Neither systemctl nor service command is available on this system."
-        return 1
-    fi
-}
-
 if [ -s /etc/docker/daemon.json.original-"$DATE" ]; then
-    DIFF=$(diff <(jq --sort-keys . /etc/docker/daemon.json) <(jq --sort-keys . /etc/docker/daemon.json.original-"$DATE"))
+    DIFF=$(diff <(jq --sort-keys . /etc/docker/daemon.json) <(jq --sort-keys . /etc/docker/daemon.json.original-"$DATE") || true)
     if [ "$DIFF" != "" ]; then
-        echo " - Docker configuration updated, checking changes..."
+        echo " - Checking configuration changes..."
         
         # Check if address pools were changed
         if echo "$DIFF" | grep -q "default-address-pools"; then
             if [ "$DOCKER_POOL_BASE_PROVIDED" = true ] || [ "$DOCKER_POOL_SIZE_PROVIDED" = true ]; then
-                echo " - Docker address pools were explicitly changed by user request."
+                echo " - Network pool updated per user request"
             else
-                echo " - Warning: Docker address pools were changed but not by user request."
-                echo "   This might be due to a configuration issue. Please check your Docker configuration."
+                echo " - Warning: Network pool modified without explicit request"
             fi
         fi
         
-        echo " - Restarting Docker daemon..."
-        restart_docker_service
+        # Remove this redundant restart since we already restarted when writing the config
+        echo " - Configuration changes confirmed"
+        if [ "$NEED_MERGE" = true ]; then
+            echo " - Configuration updated - restarting Docker daemon..."
+            restart_docker_service
+        else
+            echo " - Configuration is up to date"
+        fi
     else
-        echo " - Docker configuration is up to date, no restart needed."
+        echo " - Configuration is up to date"
     fi
 else
     if [ "$NEED_MERGE" = true ]; then
-        echo " - Docker configuration updated, restart docker daemon..."
+        echo " - Configuration updated - restarting Docker daemon..."
         restart_docker_service
     else
-        echo " - Docker configuration is up to date, no restart needed."
+        echo " - Configuration is up to date"
     fi
 fi
 
diff --git a/scripts/install.sh b/scripts/install.sh
index 42bdb91b2..2c10174df 100755
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -42,6 +42,7 @@ DOCKER_ADDRESS_POOL_SIZE_DEFAULT=24
 # Check if environment variables were explicitly provided
 DOCKER_POOL_BASE_PROVIDED=false
 DOCKER_POOL_SIZE_PROVIDED=false
+DOCKER_POOL_FORCE_OVERRIDE=${DOCKER_POOL_FORCE_OVERRIDE:-false}
 
 if [ -n "${DOCKER_ADDRESS_POOL_BASE+x}" ]; then
     DOCKER_POOL_BASE_PROVIDED=true
@@ -51,6 +52,32 @@ if [ -n "${DOCKER_ADDRESS_POOL_SIZE+x}" ]; then
     DOCKER_POOL_SIZE_PROVIDED=true
 fi
 
+restart_docker_service() {
+    # Check if systemctl is available
+    if command -v systemctl >/dev/null 2>&1; then
+        systemctl restart docker
+        if [ $? -eq 0 ]; then
+            echo " - Docker daemon restarted successfully"
+        else
+            echo " - Failed to restart Docker daemon"
+            return 1
+        fi
+    # Check if service command is available
+    elif command -v service >/dev/null 2>&1; then
+        service docker restart
+        if [ $? -eq 0 ]; then
+            echo " - Docker daemon restarted successfully"
+        else
+            echo " - Failed to restart Docker daemon"
+            return 1
+        fi
+    # If neither systemctl nor service is available
+    else
+        echo " - Error: No service management system found"
+        return 1
+    fi
+}
+
 # Function to compare address pools
 compare_address_pools() {
     local base1="$1"
@@ -81,32 +108,69 @@ if [ -f "/data/coolify/source/.env" ] && [ "$DOCKER_POOL_BASE_PROVIDED" = false
     ENV_DOCKER_ADDRESS_POOL_BASE=$(grep -E "^DOCKER_ADDRESS_POOL_BASE=" /data/coolify/source/.env | cut -d '=' -f2)
     ENV_DOCKER_ADDRESS_POOL_SIZE=$(grep -E "^DOCKER_ADDRESS_POOL_SIZE=" /data/coolify/source/.env | cut -d '=' -f2)
     
-    if [ -n "$ENV_DOCKER_ADDRESS_POOL_BASE" ] || [ -n "$ENV_DOCKER_ADDRESS_POOL_SIZE" ]; then
-        echo "Found custom docker address pool configuration in .env file."
-    fi
-
     if [ -n "$ENV_DOCKER_ADDRESS_POOL_BASE" ]; then
-        echo "Using Docker address pool base: $ENV_DOCKER_ADDRESS_POOL_BASE"
         DOCKER_ADDRESS_POOL_BASE="$ENV_DOCKER_ADDRESS_POOL_BASE"
     fi
     
     if [ -n "$ENV_DOCKER_ADDRESS_POOL_SIZE" ]; then
-        echo "Using Docker address pool size: $ENV_DOCKER_ADDRESS_POOL_SIZE"
         DOCKER_ADDRESS_POOL_SIZE="$ENV_DOCKER_ADDRESS_POOL_SIZE"
     fi
 fi
 
+# Check if daemon.json exists and extract existing address pool configuration
+EXISTING_POOL_CONFIGURED=false
+if [ -f /etc/docker/daemon.json ]; then
+    if jq -e '.["default-address-pools"]' /etc/docker/daemon.json >/dev/null 2>&1; then
+        EXISTING_POOL_BASE=$(jq -r '.["default-address-pools"][0].base' /etc/docker/daemon.json 2>/dev/null)
+        EXISTING_POOL_SIZE=$(jq -r '.["default-address-pools"][0].size' /etc/docker/daemon.json 2>/dev/null)
+        
+        if [ -n "$EXISTING_POOL_BASE" ] && [ -n "$EXISTING_POOL_SIZE" ] && [ "$EXISTING_POOL_BASE" != "null" ] && [ "$EXISTING_POOL_SIZE" != "null" ]; then
+            echo "Found existing Docker network pool: $EXISTING_POOL_BASE/$EXISTING_POOL_SIZE"
+            EXISTING_POOL_CONFIGURED=true
+            
+            # Check if environment variables were explicitly provided
+            if [ "$DOCKER_POOL_BASE_PROVIDED" = false ] && [ "$DOCKER_POOL_SIZE_PROVIDED" = false ]; then
+                DOCKER_ADDRESS_POOL_BASE="$EXISTING_POOL_BASE"
+                DOCKER_ADDRESS_POOL_SIZE="$EXISTING_POOL_SIZE"
+            else
+                # Check if force override is enabled
+                if [ "$DOCKER_POOL_FORCE_OVERRIDE" = true ]; then
+                    echo "Force override enabled - network pool will be updated with $DOCKER_ADDRESS_POOL_BASE/$DOCKER_ADDRESS_POOL_SIZE."
+                else
+                    echo "Custom pool provided but force override not enabled - using existing configuration."
+                    echo "To force override, set DOCKER_POOL_FORCE_OVERRIDE=true"
+                    echo "This won't change the existing docker networks, only the pool configuration for the newly created networks."
+                    DOCKER_ADDRESS_POOL_BASE="$EXISTING_POOL_BASE"
+                    DOCKER_ADDRESS_POOL_SIZE="$EXISTING_POOL_SIZE"
+                    DOCKER_POOL_BASE_PROVIDED=false
+                    DOCKER_POOL_SIZE_PROVIDED=false
+                fi
+            fi
+        fi
+    fi
+fi
+
 # Validate Docker address pool configuration
 if ! [[ $DOCKER_ADDRESS_POOL_BASE =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/[0-9]+$ ]]; then
-    echo "Warning: Invalid DOCKER_ADDRESS_POOL_BASE format: $DOCKER_ADDRESS_POOL_BASE"
-    echo "Using default value: $DOCKER_ADDRESS_POOL_BASE_DEFAULT"
-    DOCKER_ADDRESS_POOL_BASE="$DOCKER_ADDRESS_POOL_BASE_DEFAULT"
+    echo "Warning: Invalid network pool base format: $DOCKER_ADDRESS_POOL_BASE"
+    if [ "$EXISTING_POOL_CONFIGURED" = true ]; then
+        echo "Using existing configuration: $EXISTING_POOL_BASE"
+        DOCKER_ADDRESS_POOL_BASE="$EXISTING_POOL_BASE"
+    else
+        echo "Using default configuration: $DOCKER_ADDRESS_POOL_BASE_DEFAULT"
+        DOCKER_ADDRESS_POOL_BASE="$DOCKER_ADDRESS_POOL_BASE_DEFAULT"
+    fi
 fi
 
 if ! [[ $DOCKER_ADDRESS_POOL_SIZE =~ ^[0-9]+$ ]] || [ "$DOCKER_ADDRESS_POOL_SIZE" -lt 16 ] || [ "$DOCKER_ADDRESS_POOL_SIZE" -gt 28 ]; then
-    echo "Warning: Invalid DOCKER_ADDRESS_POOL_SIZE: $DOCKER_ADDRESS_POOL_SIZE (must be a number between 16 and 28)"
-    echo "Using default value: $DOCKER_ADDRESS_POOL_SIZE_DEFAULT"
-    DOCKER_ADDRESS_POOL_SIZE=$DOCKER_ADDRESS_POOL_SIZE_DEFAULT
+    echo "Warning: Invalid network pool size: $DOCKER_ADDRESS_POOL_SIZE (must be 16-28)"
+    if [ "$EXISTING_POOL_CONFIGURED" = true ]; then
+        echo "Using existing configuration: $EXISTING_POOL_SIZE"
+        DOCKER_ADDRESS_POOL_SIZE="$EXISTING_POOL_SIZE"
+    else
+        echo "Using default configuration: $DOCKER_ADDRESS_POOL_SIZE_DEFAULT"
+        DOCKER_ADDRESS_POOL_SIZE=$DOCKER_ADDRESS_POOL_SIZE_DEFAULT
+    fi
 fi
 
 TOTAL_SPACE=$(df -BG / | awk 'NR==2 {print $2}' | sed 's/G//')
@@ -459,36 +523,8 @@ fi
 
 echo -e "4. Check Docker Configuration. "
 
-# Check if daemon.json exists and extract existing address pool configuration
-if [ -f /etc/docker/daemon.json ]; then
-    echo " - Existing Docker configuration found."
-    if jq -e '.["default-address-pools"]' /etc/docker/daemon.json >/dev/null 2>&1; then
-        EXISTING_POOL_BASE=$(jq -r '.["default-address-pools"][0].base' /etc/docker/daemon.json 2>/dev/null)
-        EXISTING_POOL_SIZE=$(jq -r '.["default-address-pools"][0].size' /etc/docker/daemon.json 2>/dev/null)
-        
-        if [ -n "$EXISTING_POOL_BASE" ] && [ -n "$EXISTING_POOL_SIZE" ] && [ "$EXISTING_POOL_BASE" != "null" ] && [ "$EXISTING_POOL_SIZE" != "null" ]; then
-            echo " - Found existing Docker address pool: $EXISTING_POOL_BASE (size $EXISTING_POOL_SIZE)"
-            
-            # Check if environment variables were explicitly provided
-            if [ "$DOCKER_POOL_BASE_PROVIDED" = false ] && [ "$DOCKER_POOL_SIZE_PROVIDED" = false ]; then
-                echo " - No custom Docker address pool provided. Using existing configuration."
-                DOCKER_ADDRESS_POOL_BASE="$EXISTING_POOL_BASE"
-                DOCKER_ADDRESS_POOL_SIZE="$EXISTING_POOL_SIZE"
-            else
-                # Check if the provided values are different from existing ones
-                if compare_address_pools "$DOCKER_ADDRESS_POOL_BASE" "$DOCKER_ADDRESS_POOL_SIZE" "$EXISTING_POOL_BASE" "$EXISTING_POOL_SIZE"; then
-                    echo " - Provided Docker address pool is identical to existing configuration."
-                else
-                    echo " - Custom Docker address pool provided: $DOCKER_ADDRESS_POOL_BASE (size $DOCKER_ADDRESS_POOL_SIZE)"
-                    echo " - This will override the existing configuration in daemon.json: $EXISTING_POOL_BASE (size $EXISTING_POOL_SIZE)"
-                fi
-            fi
-        fi
-    fi
-fi
-
-echo " - Using Docker address pool: ${DOCKER_ADDRESS_POOL_BASE} (size ${DOCKER_ADDRESS_POOL_SIZE})"
-echo "   To override, set DOCKER_ADDRESS_POOL_BASE and DOCKER_ADDRESS_POOL_SIZE environment variables."
+echo " - Network pool configuration: ${DOCKER_ADDRESS_POOL_BASE}/${DOCKER_ADDRESS_POOL_SIZE}"
+echo " - To override existing configuration: DOCKER_POOL_FORCE_OVERRIDE=true"
 
 mkdir -p /etc/docker
 
@@ -498,10 +534,20 @@ if [ -f /etc/docker/daemon.json ]; then
 fi
 
 # Create coolify configuration with or without address pools based on whether they were explicitly provided
-if [ "$DOCKER_POOL_BASE_PROVIDED" = true ] || [ "$DOCKER_POOL_SIZE_PROVIDED" = true ] || ! [ -f /etc/docker/daemon.json ]; then
-    # If environment variables were explicitly provided or daemon.json doesn't exist,
-    # create a new configuration with the specified address pools
-    cat >/etc/docker/daemon.json.coolify <<EOL
+if [ "$DOCKER_POOL_FORCE_OVERRIDE" = true ] || [ "$EXISTING_POOL_CONFIGURED" = false ]; then
+    # First check if the configuration would actually change anything
+    if [ -f /etc/docker/daemon.json ]; then
+        CURRENT_POOL_BASE=$(jq -r '.["default-address-pools"][0].base' /etc/docker/daemon.json 2>/dev/null)
+        CURRENT_POOL_SIZE=$(jq -r '.["default-address-pools"][0].size' /etc/docker/daemon.json 2>/dev/null)
+        
+        if [ "$CURRENT_POOL_BASE" = "$DOCKER_ADDRESS_POOL_BASE" ] && [ "$CURRENT_POOL_SIZE" = "$DOCKER_ADDRESS_POOL_SIZE" ]; then
+            echo " - Network pool configuration unchanged, skipping update"
+            NEED_MERGE=false
+        else
+            # If force override is enabled or no existing configuration exists,
+            # create a new configuration with the specified address pools
+            echo " - Creating new Docker configuration with network pool: ${DOCKER_ADDRESS_POOL_BASE}/${DOCKER_ADDRESS_POOL_SIZE}"
+            cat >/etc/docker/daemon.json <<EOL
 {
   "log-driver": "json-file",
   "log-opts": {
@@ -513,15 +559,32 @@ if [ "$DOCKER_POOL_BASE_PROVIDED" = true ] || [ "$DOCKER_POOL_SIZE_PROVIDED" = t
   ]
 }
 EOL
-    NEED_MERGE=true
+            NEED_MERGE=true
+        fi
+    else
+        # No existing configuration, create new one
+        echo " - Creating new Docker configuration with network pool: ${DOCKER_ADDRESS_POOL_BASE}/${DOCKER_ADDRESS_POOL_SIZE}"
+        cat >/etc/docker/daemon.json <<EOL
+{
+  "log-driver": "json-file",
+  "log-opts": {
+    "max-size": "10m",
+    "max-file": "3"
+  },
+  "default-address-pools": [
+    {"base":"${DOCKER_ADDRESS_POOL_BASE}","size":${DOCKER_ADDRESS_POOL_SIZE}}
+  ]
+}
+EOL
+        NEED_MERGE=true
+    fi
 else
     # Check if we need to update log settings
     if [ -f /etc/docker/daemon.json ] && jq -e '.["log-driver"] == "json-file" and .["log-opts"]["max-size"] == "10m" and .["log-opts"]["max-file"] == "3"' /etc/docker/daemon.json >/dev/null 2>&1; then
-        echo " - Docker log configuration is already set correctly."
+        echo " - Log configuration is up to date"
         NEED_MERGE=false
     else
-        # If no environment variables were provided and daemon.json exists,
-        # create a configuration without address pools to preserve existing ones
+        # Create a configuration without address pools to preserve existing ones
         cat >/etc/docker/daemon.json.coolify <<EOL
 {
   "log-driver": "json-file",
@@ -535,8 +598,9 @@ EOL
     fi
 fi
 
-# If daemon.json doesn't exist, create it
+# Remove the duplicate daemon.json creation since we handle it above
 if ! [ -f /etc/docker/daemon.json ]; then
+    # If no daemon.json exists, create it with default settings
     cat >/etc/docker/daemon.json <<EOL
 {
   "log-driver": "json-file",
@@ -552,74 +616,37 @@ EOL
     NEED_MERGE=false
 fi
 
-# Merge the configurations if needed
-if [ "$NEED_MERGE" = true ]; then
-    TEMP_FILE=$(mktemp)
-    if ! jq -s '.[0] * .[1]' /etc/docker/daemon.json /etc/docker/daemon.json.coolify >"$TEMP_FILE"; then
-        echo "Error merging JSON files"
-        exit 1
-    fi
-    mv "$TEMP_FILE" /etc/docker/daemon.json
-fi
-
-restart_docker_service() {
-    # Check if systemctl is available
-    if command -v systemctl >/dev/null 2>&1; then
-        echo " - Using systemctl to restart Docker."
-        systemctl restart docker
-
-        if [ $? -eq 0 ]; then
-            echo " - Docker restarted successfully using systemctl."
-        else
-            echo " - Failed to restart Docker using systemctl."
-            return 1
-        fi
-
-    # Check if service command is available
-    elif command -v service >/dev/null 2>&1; then
-        echo " - Using service command to restart Docker."
-        service docker restart
-
-        if [ $? -eq 0 ]; then
-            echo " - Docker restarted successfully using service."
-        else
-            echo " - Failed to restart Docker using service."
-            return 1
-        fi
-
-    # If neither systemctl nor service is available
-    else
-        echo " - Neither systemctl nor service command is available on this system."
-        return 1
-    fi
-}
-
 if [ -s /etc/docker/daemon.json.original-"$DATE" ]; then
-    DIFF=$(diff <(jq --sort-keys . /etc/docker/daemon.json) <(jq --sort-keys . /etc/docker/daemon.json.original-"$DATE"))
+    DIFF=$(diff <(jq --sort-keys . /etc/docker/daemon.json) <(jq --sort-keys . /etc/docker/daemon.json.original-"$DATE") || true)
     if [ "$DIFF" != "" ]; then
-        echo " - Docker configuration updated, checking changes..."
+        echo " - Checking configuration changes..."
         
         # Check if address pools were changed
         if echo "$DIFF" | grep -q "default-address-pools"; then
             if [ "$DOCKER_POOL_BASE_PROVIDED" = true ] || [ "$DOCKER_POOL_SIZE_PROVIDED" = true ]; then
-                echo " - Docker address pools were explicitly changed by user request."
+                echo " - Network pool updated per user request"
             else
-                echo " - Warning: Docker address pools were changed but not by user request."
-                echo "   This might be due to a configuration issue. Please check your Docker configuration."
+                echo " - Warning: Network pool modified without explicit request"
             fi
         fi
         
-        echo " - Restarting Docker daemon..."
-        restart_docker_service
+        # Remove this redundant restart since we already restarted when writing the config
+        echo " - Configuration changes confirmed"
+        if [ "$NEED_MERGE" = true ]; then
+            echo " - Configuration updated - restarting Docker daemon..."
+            restart_docker_service
+        else
+            echo " - Configuration is up to date"
+        fi
     else
-        echo " - Docker configuration is up to date, no restart needed."
+        echo " - Configuration is up to date"
     fi
 else
     if [ "$NEED_MERGE" = true ]; then
-        echo " - Docker configuration updated, restart docker daemon..."
+        echo " - Configuration updated - restarting Docker daemon..."
         restart_docker_service
     else
-        echo " - Docker configuration is up to date, no restart needed."
+        echo " - Configuration is up to date"
     fi
 fi
 

From 546b07c477fcb0ea6ef83de462b35e6422f94cd2 Mon Sep 17 00:00:00 2001
From: georgetasioulis <george@tasioulis.com>
Date: Thu, 13 Mar 2025 11:48:20 +0200
Subject: [PATCH 118/145] Update correct services URL

---
 resources/views/livewire/project/new/select.blade.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/resources/views/livewire/project/new/select.blade.php b/resources/views/livewire/project/new/select.blade.php
index 730ced42a..000a3304d 100644
--- a/resources/views/livewire/project/new/select.blade.php
+++ b/resources/views/livewire/project/new/select.blade.php
@@ -80,7 +80,7 @@
                         respective
                         companies, and use of them does not imply any affiliation or endorsement.<br>Find more services
                         <a class="dark:text-white underline" target="_blank"
-                            href="https://coolify.io/docs/services">here</a>.
+                            href="https://coolify.io/docs/services/overview">here</a>.
                     </div>
 
                     <div class="grid justify-start grid-cols-1 gap-4 text-left xl:grid-cols-2">

From 815a2701fc8cffb8926c445244779faffe1c51ed Mon Sep 17 00:00:00 2001
From: Andras Bacsai <andras.bacsai@gmail.com>
Date: Thu, 13 Mar 2025 18:10:57 +0100
Subject: [PATCH 119/145] feat(install): add missing env variable to install
 script

---
 scripts/install-1.7.sh | 575 +++++++++++++++++++++++++++++++++++++++++
 scripts/install.sh     |   1 +
 2 files changed, 576 insertions(+)
 create mode 100644 scripts/install-1.7.sh

diff --git a/scripts/install-1.7.sh b/scripts/install-1.7.sh
new file mode 100644
index 000000000..4c6eba4d6
--- /dev/null
+++ b/scripts/install-1.7.sh
@@ -0,0 +1,575 @@
+#!/bin/bash
+## Do not modify this file. You will lose the ability to install and auto-update!
+
+set -e # Exit immediately if a command exits with a non-zero status
+## $1 could be empty, so we need to disable this check
+#set -u # Treat unset variables as an error and exit
+set -o pipefail # Cause a pipeline to return the status of the last command that exited with a non-zero status
+CDN="https://cdn.coollabs.io/coolify"
+DATE=$(date +"%Y%m%d-%H%M%S")
+
+VERSION="1.7"
+DOCKER_VERSION="27.0"
+# TODO: Ask for a user
+CURRENT_USER=$USER
+
+if [ $EUID != 0 ]; then
+    echo "Please run this script as root or with sudo"
+    exit
+fi
+
+echo -e "Welcome to Coolify Installer!"
+echo -e "This script will install everything for you. Sit back and relax."
+echo -e "Source code: https://github.com/coollabsio/coolify/blob/main/scripts/install.sh\n"
+
+# Predefined root user
+ROOT_USERNAME=${ROOT_USERNAME:-}
+ROOT_USER_EMAIL=${ROOT_USER_EMAIL:-}
+ROOT_USER_PASSWORD=${ROOT_USER_PASSWORD:-}
+
+TOTAL_SPACE=$(df -BG / | awk 'NR==2 {print $2}' | sed 's/G//')
+AVAILABLE_SPACE=$(df -BG / | awk 'NR==2 {print $4}' | sed 's/G//')
+REQUIRED_TOTAL_SPACE=30
+REQUIRED_AVAILABLE_SPACE=20
+WARNING_SPACE=false
+
+if [ "$TOTAL_SPACE" -lt "$REQUIRED_TOTAL_SPACE" ]; then
+    WARNING_SPACE=true
+    cat << EOF
+WARNING: Insufficient total disk space!
+
+Total disk space:     ${TOTAL_SPACE}GB
+Required disk space:  ${REQUIRED_TOTAL_SPACE}GB
+
+==================
+EOF
+fi
+
+if [ "$AVAILABLE_SPACE" -lt "$REQUIRED_AVAILABLE_SPACE" ]; then
+    cat << EOF
+WARNING: Insufficient available disk space!
+
+Available disk space:   ${AVAILABLE_SPACE}GB
+Required available space: ${REQUIRED_AVAILABLE_SPACE}GB
+
+==================
+EOF
+WARNING_SPACE=true
+fi
+
+if [ "$WARNING_SPACE" = true ]; then
+    echo "Sleeping for 5 seconds."
+    sleep 5
+fi
+
+mkdir -p /data/coolify/{source,ssh,applications,databases,backups,services,proxy,webhooks-during-maintenance,sentinel}
+mkdir -p /data/coolify/ssh/{keys,mux}
+mkdir -p /data/coolify/proxy/dynamic
+
+chown -R 9999:root /data/coolify
+chmod -R 700 /data/coolify
+
+INSTALLATION_LOG_WITH_DATE="/data/coolify/source/installation-${DATE}.log"
+
+exec > >(tee -a $INSTALLATION_LOG_WITH_DATE) 2>&1
+
+getAJoke() {
+    JOKES=$(curl -s --max-time 2 "https://v2.jokeapi.dev/joke/Programming?blacklistFlags=nsfw,religious,political,racist,sexist,explicit&format=txt&type=single" || true)
+    if [ "$JOKES" != "" ]; then
+        echo -e " - Until then, here's a joke for you:\n"
+        echo -e "$JOKES\n"
+    fi
+}
+OS_TYPE=$(grep -w "ID" /etc/os-release | cut -d "=" -f 2 | tr -d '"')
+ENV_FILE="/data/coolify/source/.env"
+
+# Check if the OS is manjaro, if so, change it to arch
+if [ "$OS_TYPE" = "manjaro" ] || [ "$OS_TYPE" = "manjaro-arm" ]; then
+    OS_TYPE="arch"
+fi
+
+# Check if the OS is Endeavour OS, if so, change it to arch
+if [ "$OS_TYPE" = "endeavouros" ]; then
+    OS_TYPE="arch"
+fi
+
+# Check if the OS is Asahi Linux, if so, change it to fedora
+if [ "$OS_TYPE" = "fedora-asahi-remix" ]; then
+    OS_TYPE="fedora"
+fi
+
+# Check if the OS is popOS, if so, change it to ubuntu
+if [ "$OS_TYPE" = "pop" ]; then
+    OS_TYPE="ubuntu"
+fi
+
+# Check if the OS is linuxmint, if so, change it to ubuntu
+if [ "$OS_TYPE" = "linuxmint" ]; then
+    OS_TYPE="ubuntu"
+fi
+
+#Check if the OS is zorin, if so, change it to ubuntu
+if [ "$OS_TYPE" = "zorin" ]; then
+    OS_TYPE="ubuntu"
+fi
+
+if [ "$OS_TYPE" = "arch" ] || [ "$OS_TYPE" = "archarm" ]; then
+    OS_VERSION="rolling"
+else
+    OS_VERSION=$(grep -w "VERSION_ID" /etc/os-release | cut -d "=" -f 2 | tr -d '"')
+fi
+
+# Install xargs on Amazon Linux 2023 - lol
+if [ "$OS_TYPE" = 'amzn' ]; then
+    dnf install -y findutils >/dev/null
+fi
+
+LATEST_VERSION=$(curl --silent $CDN/versions.json | grep -i version | xargs | awk '{print $2}' | tr -d ',')
+LATEST_HELPER_VERSION=$(curl --silent $CDN/versions.json | grep -i version | xargs | awk '{print $6}' | tr -d ',')
+LATEST_REALTIME_VERSION=$(curl --silent $CDN/versions.json | grep -i version | xargs | awk '{print $8}' | tr -d ',')
+
+if [ -z "$LATEST_HELPER_VERSION" ]; then
+    LATEST_HELPER_VERSION=latest
+fi
+
+if [ -z "$LATEST_REALTIME_VERSION" ]; then
+    LATEST_REALTIME_VERSION=latest
+fi
+
+
+case "$OS_TYPE" in
+arch | ubuntu | debian | raspbian | centos | fedora | rhel | ol | rocky | sles | opensuse-leap | opensuse-tumbleweed | almalinux | amzn | alpine) ;;
+*)
+    echo "This script only supports Debian, Redhat, Arch Linux, Alpine Linux, or SLES based operating systems for now."
+    exit
+    ;;
+esac
+
+# Overwrite LATEST_VERSION if user pass a version number
+if [ "$1" != "" ]; then
+    LATEST_VERSION=$1
+    LATEST_VERSION="${LATEST_VERSION,,}"
+    LATEST_VERSION="${LATEST_VERSION#v}"
+fi
+
+
+
+echo -e "---------------------------------------------"
+echo "| Operating System  | $OS_TYPE $OS_VERSION"
+echo "| Docker            | $DOCKER_VERSION"
+echo "| Coolify           | $LATEST_VERSION"
+echo "| Helper            | $LATEST_HELPER_VERSION"
+echo "| Realtime          | $LATEST_REALTIME_VERSION"
+echo -e "---------------------------------------------\n"
+echo -e "1. Installing required packages (curl, wget, git, jq, openssl). "
+
+case "$OS_TYPE" in
+arch)
+    pacman -Sy --noconfirm --needed curl wget git jq openssl >/dev/null || true
+    ;;
+alpine)
+    sed -i '/^#.*\/community/s/^#//' /etc/apk/repositories
+    apk update >/dev/null
+    apk add curl wget git jq openssl >/dev/null
+    ;;
+ubuntu | debian | raspbian)
+    apt-get update -y >/dev/null
+    apt-get install -y curl wget git jq openssl >/dev/null
+    ;;
+centos | fedora | rhel | ol | rocky | almalinux | amzn)
+    if [ "$OS_TYPE" = "amzn" ]; then
+        dnf install -y wget git jq openssl >/dev/null
+    else
+        if ! command -v dnf >/dev/null; then
+            yum install -y dnf >/dev/null
+        fi
+        if ! command -v curl >/dev/null; then
+            dnf install -y curl >/dev/null
+        fi
+        dnf install -y wget git jq openssl >/dev/null
+    fi
+    ;;
+sles | opensuse-leap | opensuse-tumbleweed)
+    zypper refresh >/dev/null
+    zypper install -y curl wget git jq openssl >/dev/null
+    ;;
+*)
+    echo "This script only supports Debian, Redhat, Arch Linux, or SLES based operating systems for now."
+    exit
+    ;;
+esac
+
+
+echo -e "2. Check OpenSSH server configuration. "
+
+# Detect OpenSSH server
+SSH_DETECTED=false
+if [ -x "$(command -v systemctl)" ]; then
+    if systemctl status sshd >/dev/null 2>&1; then
+        echo " - OpenSSH server is installed."
+        SSH_DETECTED=true
+    elif systemctl status ssh >/dev/null 2>&1; then
+        echo " - OpenSSH server is installed."
+        SSH_DETECTED=true
+    fi
+elif [ -x "$(command -v service)" ]; then
+    if service sshd status >/dev/null 2>&1; then
+        echo " - OpenSSH server is installed."
+        SSH_DETECTED=true
+    elif service ssh status >/dev/null 2>&1; then
+        echo " - OpenSSH server is installed."
+        SSH_DETECTED=true
+    fi
+fi
+
+
+if [ "$SSH_DETECTED" = "false" ]; then
+    echo " - OpenSSH server not detected. Installing OpenSSH server."
+    case "$OS_TYPE" in
+    arch)
+        pacman -Sy --noconfirm openssh >/dev/null
+        systemctl enable sshd >/dev/null 2>&1
+        systemctl start sshd >/dev/null 2>&1
+        ;;
+    alpine)
+        apk add openssh >/dev/null
+        rc-update add sshd default >/dev/null 2>&1
+        service sshd start >/dev/null 2>&1
+        ;;
+    ubuntu | debian | raspbian)
+        apt-get update -y >/dev/null
+        apt-get install -y openssh-server >/dev/null
+        systemctl enable ssh >/dev/null 2>&1
+        systemctl start ssh >/dev/null 2>&1
+        ;;
+    centos | fedora | rhel | ol | rocky | almalinux | amzn)
+        if [ "$OS_TYPE" = "amzn" ]; then
+            dnf install -y openssh-server >/dev/null
+        else
+            dnf install -y openssh-server >/dev/null
+        fi
+        systemctl enable sshd >/dev/null 2>&1
+        systemctl start sshd >/dev/null 2>&1
+        ;;
+    sles | opensuse-leap | opensuse-tumbleweed)
+        zypper install -y openssh >/dev/null
+        systemctl enable sshd >/dev/null 2>&1
+        systemctl start sshd >/dev/null 2>&1
+        ;;
+    *)
+        echo "###############################################################################"
+        echo "WARNING: Could not detect and install OpenSSH server - this does not mean that it is not installed or not running, just that we could not detect it."
+        echo -e "Please make sure it is installed and running, otherwise Coolify cannot connect to the host system. \n"
+        echo "###############################################################################"
+        exit 1
+        ;;
+    esac
+    echo " - OpenSSH server installed successfully."
+    SSH_DETECTED=true
+fi
+
+# Detect SSH PermitRootLogin
+SSH_PERMIT_ROOT_LOGIN=$(sshd -T | grep -i "permitrootlogin" | awk '{print $2}') || true
+if [ "$SSH_PERMIT_ROOT_LOGIN" = "yes" ] || [ "$SSH_PERMIT_ROOT_LOGIN" = "without-password" ] || [ "$SSH_PERMIT_ROOT_LOGIN" = "prohibit-password" ]; then
+    echo " - SSH PermitRootLogin is enabled."
+else
+    echo " - SSH PermitRootLogin is disabled."
+    echo "   If you have problems with SSH, please read this: https://coolify.io/docs/knowledge-base/server/openssh"
+fi
+
+# Detect if docker is installed via snap
+if [ -x "$(command -v snap)" ]; then
+    SNAP_DOCKER_INSTALLED=$(snap list docker >/dev/null 2>&1 && echo "true" || echo "false")
+    if [ "$SNAP_DOCKER_INSTALLED" = "true" ]; then
+        echo " - Docker is installed via snap."
+        echo "   Please note that Coolify does not support Docker installed via snap."
+        echo "   Please remove Docker with snap (snap remove docker) and reexecute this script."
+        exit 1
+    fi
+fi
+
+echo -e "3. Check Docker Installation. "
+if ! [ -x "$(command -v docker)" ]; then
+    echo " - Docker is not installed. Installing Docker. It may take a while."
+    getAJoke
+    case "$OS_TYPE" in
+        "almalinux")
+            dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo >/dev/null 2>&1
+            dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin >/dev/null 2>&1
+            if ! [ -x "$(command -v docker)" ]; then
+                echo " - Docker could not be installed automatically. Please visit https://docs.docker.com/engine/install/ and install Docker manually to continue."
+                exit 1
+            fi
+            systemctl start docker >/dev/null 2>&1
+            systemctl enable docker >/dev/null 2>&1
+            ;;
+        "alpine")
+            apk add docker docker-cli-compose >/dev/null 2>&1
+            rc-update add docker default >/dev/null 2>&1
+            service docker start >/dev/null 2>&1
+            if ! [ -x "$(command -v docker)" ]; then
+                echo " - Failed to install Docker with apk. Try to install it manually."
+                echo "   Please visit https://wiki.alpinelinux.org/wiki/Docker for more information."
+                exit 1
+            fi
+            ;;
+        "arch")
+            pacman -Sy docker docker-compose --noconfirm >/dev/null 2>&1
+            systemctl enable docker.service >/dev/null 2>&1
+            if ! [ -x "$(command -v docker)" ]; then
+                echo " - Failed to install Docker with pacman. Try to install it manually."
+                echo "   Please visit https://wiki.archlinux.org/title/docker for more information."
+                exit 1
+            fi
+            ;;
+        "amzn")
+            dnf install docker -y >/dev/null 2>&1
+            DOCKER_CONFIG=${DOCKER_CONFIG:-/usr/local/lib/docker}
+            mkdir -p $DOCKER_CONFIG/cli-plugins >/dev/null 2>&1
+            curl -sL https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m) -o $DOCKER_CONFIG/cli-plugins/docker-compose >/dev/null 2>&1
+            chmod +x $DOCKER_CONFIG/cli-plugins/docker-compose >/dev/null 2>&1
+            systemctl start docker >/dev/null 2>&1
+            systemctl enable docker >/dev/null 2>&1
+            if ! [ -x "$(command -v docker)" ]; then
+                echo " - Failed to install Docker with dnf. Try to install it manually."
+                echo "   Please visit https://www.cyberciti.biz/faq/how-to-install-docker-on-amazon-linux-2/ for more information."
+                exit 1
+            fi
+            ;;
+        "fedora")
+            if [ -x "$(command -v dnf5)" ]; then
+                # dnf5 is available
+                dnf config-manager addrepo --from-repofile=https://download.docker.com/linux/fedora/docker-ce.repo --overwrite >/dev/null 2>&1
+            else
+                # dnf5 is not available, use dnf
+                dnf config-manager --add-repo=https://download.docker.com/linux/fedora/docker-ce.repo >/dev/null 2>&1
+            fi
+            dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin >/dev/null 2>&1
+            if ! [ -x "$(command -v docker)" ]; then
+                echo " - Docker could not be installed automatically. Please visit https://docs.docker.com/engine/install/ and install Docker manually to continue."
+                exit 1
+            fi
+            systemctl start docker >/dev/null 2>&1
+            systemctl enable docker >/dev/null 2>&1
+            ;;
+        *)
+            if [ "$OS_TYPE" = "ubuntu" ] && [ "$OS_VERSION" = "24.10" ]; then
+                echo "Docker automated installation is not supported on Ubuntu 24.10 (non-LTS release)."
+                    echo "Please install Docker manually."
+                exit 1
+            fi
+            curl -s https://releases.rancher.com/install-docker/${DOCKER_VERSION}.sh | sh 2>&1
+            if ! [ -x "$(command -v docker)" ]; then
+                curl -s https://get.docker.com | sh -s -- --version ${DOCKER_VERSION} 2>&1
+                if ! [ -x "$(command -v docker)" ]; then
+                    echo " - Docker installation failed."
+                    echo "   Maybe your OS is not supported?"
+                    echo " - Please visit https://docs.docker.com/engine/install/ and install Docker manually to continue."
+                    exit 1
+                fi
+            fi
+    esac
+    echo " - Docker installed successfully."
+else
+    echo " - Docker is installed."
+fi
+
+echo -e "4. Check Docker Configuration. "
+mkdir -p /etc/docker
+# shellcheck disable=SC2015
+test -s /etc/docker/daemon.json && cp /etc/docker/daemon.json /etc/docker/daemon.json.original-"$DATE" || cat >/etc/docker/daemon.json <<EOL
+{
+  "log-driver": "json-file",
+  "log-opts": {
+    "max-size": "10m",
+    "max-file": "3"
+  },
+  "default-address-pools": [
+    {"base":"10.0.0.0/8","size":24}
+  ]
+}
+EOL
+cat >/etc/docker/daemon.json.coolify <<EOL
+{
+  "log-driver": "json-file",
+  "log-opts": {
+    "max-size": "10m",
+    "max-file": "3"
+  },
+  "default-address-pools": [
+    {"base":"10.0.0.0/8","size":24}
+  ]
+}
+EOL
+TEMP_FILE=$(mktemp)
+if ! jq -s '.[0] * .[1]' /etc/docker/daemon.json /etc/docker/daemon.json.coolify >"$TEMP_FILE"; then
+    echo "Error merging JSON files"
+    exit 1
+fi
+mv "$TEMP_FILE" /etc/docker/daemon.json
+
+restart_docker_service() {
+    # Check if systemctl is available
+    if command -v systemctl >/dev/null 2>&1; then
+        echo " - Using systemctl to restart Docker."
+        systemctl restart docker
+
+        if [ $? -eq 0 ]; then
+            echo " - Docker restarted successfully using systemctl."
+        else
+            echo " - Failed to restart Docker using systemctl."
+            return 1
+        fi
+
+    # Check if service command is available
+    elif command -v service >/dev/null 2>&1; then
+        echo " - Using service command to restart Docker."
+        service docker restart
+
+        if [ $? -eq 0 ]; then
+            echo " - Docker restarted successfully using service."
+        else
+            echo " - Failed to restart Docker using service."
+            return 1
+        fi
+
+    # If neither systemctl nor service is available
+    else
+        echo " - Neither systemctl nor service command is available on this system."
+        return 1
+    fi
+}
+
+if [ -s /etc/docker/daemon.json.original-"$DATE" ]; then
+    DIFF=$(diff <(jq --sort-keys . /etc/docker/daemon.json) <(jq --sort-keys . /etc/docker/daemon.json.original-"$DATE"))
+    if [ "$DIFF" != "" ]; then
+        echo " - Docker configuration updated, restart docker daemon..."
+        restart_docker_service
+    else
+        echo " - Docker configuration is up to date."
+    fi
+else
+    echo " - Docker configuration updated, restart docker daemon..."
+    restart_docker_service
+fi
+
+echo -e "5. Download required files from CDN. "
+curl -fsSL $CDN/docker-compose.yml -o /data/coolify/source/docker-compose.yml
+curl -fsSL $CDN/docker-compose.prod.yml -o /data/coolify/source/docker-compose.prod.yml
+curl -fsSL $CDN/.env.production -o /data/coolify/source/.env.production
+curl -fsSL $CDN/upgrade.sh -o /data/coolify/source/upgrade.sh
+
+echo -e "6. Make backup of .env to .env-$DATE"
+
+# Copy .env.example if .env does not exist
+if [ -f $ENV_FILE ]; then
+    cp $ENV_FILE $ENV_FILE-$DATE
+else
+    echo " - File does not exist: $ENV_FILE"
+    echo " - Copying .env.production to .env-$DATE"
+    cp /data/coolify/source/.env.production $ENV_FILE-$DATE
+    # Generate a secure APP_ID and APP_KEY
+    sed -i "s|^APP_ID=.*|APP_ID=$(openssl rand -hex 16)|" "$ENV_FILE-$DATE"
+    sed -i "s|^APP_KEY=.*|APP_KEY=base64:$(openssl rand -base64 32)|" "$ENV_FILE-$DATE"
+
+    # Generate a secure Postgres DB username and password
+    # Causes issues: database "random-user" does not exist
+    # sed -i "s|^DB_USERNAME=.*|DB_USERNAME=$(openssl rand -hex 16)|" "$ENV_FILE-$DATE"
+    sed -i "s|^DB_PASSWORD=.*|DB_PASSWORD=$(openssl rand -base64 32)|" "$ENV_FILE-$DATE"
+
+    # Generate a secure Redis password
+    sed -i "s|^REDIS_PASSWORD=.*|REDIS_PASSWORD=$(openssl rand -base64 32)|" "$ENV_FILE-$DATE"
+
+    # Generate secure Pusher credentials
+    sed -i "s|^PUSHER_APP_ID=.*|PUSHER_APP_ID=$(openssl rand -hex 32)|" "$ENV_FILE-$DATE"
+    sed -i "s|^PUSHER_APP_KEY=.*|PUSHER_APP_KEY=$(openssl rand -hex 32)|" "$ENV_FILE-$DATE"
+    sed -i "s|^PUSHER_APP_SECRET=.*|PUSHER_APP_SECRET=$(openssl rand -hex 32)|" "$ENV_FILE-$DATE"
+fi
+
+# Add default root user credentials from environment variables
+if [ -n "$ROOT_USERNAME" ] && [ -n "$ROOT_USER_EMAIL" ] && [ -n "$ROOT_USER_PASSWORD" ]; then
+    if grep -q "^ROOT_USERNAME=" "$ENV_FILE-$DATE"; then
+        sed -i "s|^ROOT_USERNAME=.*|ROOT_USERNAME=$ROOT_USERNAME|" "$ENV_FILE-$DATE"
+    fi
+    if grep -q "^ROOT_USER_EMAIL=" "$ENV_FILE-$DATE"; then
+        sed -i "s|^ROOT_USER_EMAIL=.*|ROOT_USER_EMAIL=$ROOT_USER_EMAIL|" "$ENV_FILE-$DATE"
+    fi
+    if grep -q "^ROOT_USER_PASSWORD=" "$ENV_FILE-$DATE"; then
+        sed -i "s|^ROOT_USER_PASSWORD=.*|ROOT_USER_PASSWORD=$ROOT_USER_PASSWORD|" "$ENV_FILE-$DATE"
+    fi
+fi
+
+# Merge .env and .env.production. New values will be added to .env
+echo -e "7. Propagating .env with new values - if necessary."
+awk -F '=' '!seen[$1]++' "$ENV_FILE-$DATE" /data/coolify/source/.env.production > $ENV_FILE
+
+if [ "$AUTOUPDATE" = "false" ]; then
+    if ! grep -q "AUTOUPDATE=" /data/coolify/source/.env; then
+        echo "AUTOUPDATE=false" >>/data/coolify/source/.env
+    else
+        sed -i "s|AUTOUPDATE=.*|AUTOUPDATE=false|g" /data/coolify/source/.env
+    fi
+fi
+echo -e "8. Checking for SSH key for localhost access."
+if [ ! -f ~/.ssh/authorized_keys ]; then
+    mkdir -p ~/.ssh
+    chmod 700 ~/.ssh
+    touch ~/.ssh/authorized_keys
+    chmod 600 ~/.ssh/authorized_keys
+fi
+
+set +e
+IS_COOLIFY_VOLUME_EXISTS=$(docker volume ls | grep coolify-db | wc -l)
+set -e
+
+if [ "$IS_COOLIFY_VOLUME_EXISTS" -eq 0 ]; then
+    echo " - Generating SSH key."
+    ssh-keygen -t ed25519 -a 100 -f /data/coolify/ssh/keys/id.$CURRENT_USER@host.docker.internal -q -N "" -C coolify
+    chown 9999 /data/coolify/ssh/keys/id.$CURRENT_USER@host.docker.internal
+    sed -i "/coolify/d" ~/.ssh/authorized_keys
+    cat /data/coolify/ssh/keys/id.$CURRENT_USER@host.docker.internal.pub >> ~/.ssh/authorized_keys
+    rm -f /data/coolify/ssh/keys/id.$CURRENT_USER@host.docker.internal.pub
+fi
+
+chown -R 9999:root /data/coolify
+chmod -R 700 /data/coolify
+
+echo -e "9. Installing Coolify ($LATEST_VERSION)"
+echo -e " - It could take a while based on your server's performance, network speed, stars, etc."
+echo -e " - Please wait."
+getAJoke
+
+bash /data/coolify/source/upgrade.sh "${LATEST_VERSION:-latest}" "${LATEST_HELPER_VERSION:-latest}"
+echo " - Coolify installed successfully."
+rm -f $ENV_FILE-$DATE
+
+echo " - Waiting for 20 seconds for Coolify (database migrations) to be ready."
+getAJoke
+
+sleep 20
+echo -e "\033[0;35m
+   ____                            _         _       _   _                 _
+  / ___|___  _ __   __ _ _ __ __ _| |_ _   _| | __ _| |_(_) ___  _ __  ___| |
+ | |   / _ \| '_ \ / _\` | '__/ _\` | __| | | | |/ _\` | __| |/ _ \| '_ \/ __| |
+ | |__| (_) | | | | (_| | | | (_| | |_| |_| | | (_| | |_| | (_) | | | \__ \_|
+  \____\___/|_| |_|\__, |_|  \__,_|\__|\__,_|_|\__,_|\__|_|\___/|_| |_|___(_)
+                   |___/
+\033[0m"
+echo -e "\nYour instance is ready to use!\n"
+echo -e "You can access Coolify through your Public IP: http://$(curl -4s https://ifconfig.io):8000"
+
+set +e
+DEFAULT_PRIVATE_IP=$(ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p')
+PRIVATE_IPS=$(hostname -I 2>/dev/null || ip -o addr show scope global | awk '{print $4}' | cut -d/ -f1)
+set -e
+
+if [ -n "$PRIVATE_IPS" ]; then
+    echo -e "\nIf your Public IP is not accessible, you can use the following Private IPs:\n"
+    for IP in $PRIVATE_IPS; do
+        if [ "$IP" != "$DEFAULT_PRIVATE_IP" ]; then
+            echo -e "http://$IP:8000"
+        fi
+    done
+fi
+echo -e "\nWARNING: It is highly recommended to backup your Environment variables file (/data/coolify/source/.env) to a safe location, outside of this server (e.g. into a Password Manager).\n"
+cp /data/coolify/source/.env /data/coolify/source/.env.backup
\ No newline at end of file
diff --git a/scripts/install.sh b/scripts/install.sh
index 2c10174df..292af38d2 100755
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -7,6 +7,7 @@
 ## ROOT_USER_PASSWORD - Predefined root user password
 ## DOCKER_ADDRESS_POOL_BASE - Custom Docker address pool base (default: 10.0.0.0/8)
 ## DOCKER_ADDRESS_POOL_SIZE - Custom Docker address pool size (default: 24)
+## DOCKER_POOL_FORCE_OVERRIDE - Force override Docker address pool configuration (default: false)
 ## AUTOUPDATE - Set to "false" to disable auto-updates
 
 set -e # Exit immediately if a command exits with a non-zero status

From 2c845461c95700920b794c7b5eb43c9eb546a532 Mon Sep 17 00:00:00 2001
From: Andras Bacsai <andras.bacsai@gmail.com>
Date: Thu, 13 Mar 2025 20:30:22 +0100
Subject: [PATCH 120/145] refactor(nginx): streamline default Nginx
 configuration and improve error handling

Updated the default Nginx configuration function to enhance clarity and maintainability. Removed unnecessary redirection logic and added explicit handling for 404 errors, ensuring a more robust error management strategy. This refactor simplifies the configuration while maintaining essential functionality, contributing to a cleaner and more efficient setup.
---
 bootstrap/helpers/shared.php | 27 +++++++++++----------------
 1 file changed, 11 insertions(+), 16 deletions(-)

diff --git a/bootstrap/helpers/shared.php b/bootstrap/helpers/shared.php
index 17ddcbda0..db3085649 100644
--- a/bootstrap/helpers/shared.php
+++ b/bootstrap/helpers/shared.php
@@ -4054,29 +4054,24 @@ function defaultNginxConfiguration(): string
 {
     return 'server {
     location / {
-        root   /usr/share/nginx/html;
-        index  index.html index.htm;
-        try_files $uri $uri.html $uri/index.html $uri/index.htm $uri/ /index.html /index.htm =404;
+        root /usr/share/nginx/html;
+        index index.html index.htm;
+        try_files $uri $uri.html $uri/index.html $uri/index.htm $uri/ =404;
     }
 
+    # Handle 404 errors
+    error_page 404 /404.html;
+    location = /404.html {
+        root /usr/share/nginx/html;
+        internal;
+    }
+
+    # Handle server errors (50x)
     error_page 500 502 503 504 /50x.html;
     location = /50x.html {
         root /usr/share/nginx/html;
-        try_files $uri @redirect_to_index;
         internal;
     }
-
-    error_page 404 = @handle_404;
-
-    location @handle_404 {
-        root /usr/share/nginx/html;
-        try_files /404.html @redirect_to_index;
-        internal;
-    }
-
-    location @redirect_to_index {
-        return 302 /;
-    }
 }';
 }
 

From 0b40ff6ade61802d45987c846e24ab10e41ce7c1 Mon Sep 17 00:00:00 2001
From: Bastian <b.widmer@dasrecht.net>
Date: Fri, 14 Mar 2025 00:49:14 +0100
Subject: [PATCH 121/145] use kimai/kimai2:apache instead of the not updated
 kimai/kimai2:apache-latest container image

reference: https://hub.docker.com/r/kimai/kimai2/tags?name=apache
---
 templates/compose/kimai.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/compose/kimai.yaml b/templates/compose/kimai.yaml
index ba73ba980..c2edf0b62 100644
--- a/templates/compose/kimai.yaml
+++ b/templates/compose/kimai.yaml
@@ -21,7 +21,7 @@ services:
       timeout: 20s
       retries: 10
   kimai:
-    image: kimai/kimai2:apache-latest
+    image: kimai/kimai2:apache
     container_name: kimai
     depends_on:
       mysql:

From 08f06617573b15496f2e754207ad63539cb25495 Mon Sep 17 00:00:00 2001
From: DekraIt <denni.k96@gmx.de>
Date: Fri, 14 Mar 2025 05:14:18 +0100
Subject: [PATCH 122/145] fix(issue#4746): Do not use setGitImportSettings
 inside of generateGitLsRemoteCommands

---
 app/Models/Application.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/app/Models/Application.php b/app/Models/Application.php
index 3913ce37a..ad688c93f 100644
--- a/app/Models/Application.php
+++ b/app/Models/Application.php
@@ -1065,7 +1065,6 @@ class Application extends BaseModel
         if ($this->deploymentType() === 'other') {
             $fullRepoUrl = $customRepository;
             $base_command = "{$base_command} {$customRepository}";
-            $base_command = $this->setGitImportSettings($deployment_uuid, $base_command, public: true);
 
             if ($exec_in_docker) {
                 $commands->push(executeInDocker($deployment_uuid, $base_command));

From 9dbe221ad58c10ebd466aafea3991d70416d4dd1 Mon Sep 17 00:00:00 2001
From: Andras Bacsai <andras.bacsai@gmail.com>
Date: Fri, 14 Mar 2025 13:20:45 +0100
Subject: [PATCH 123/145] refactor(install): clean up install script and
 enhance Docker installation logic

Refactored the install script to improve readability by removing unnecessary whitespace and consolidating Docker installation logic into a dedicated function. This change enhances maintainability and clarity, particularly for the installation process across different operating systems. Additionally, the script now includes specific handling for Ubuntu 24.10, ensuring users receive appropriate guidance for installation. Overall, these updates contribute to a more streamlined and user-friendly installation experience.
---
 scripts/install.sh | 209 +++++++++++++++++++++++++--------------------
 1 file changed, 115 insertions(+), 94 deletions(-)

diff --git a/scripts/install.sh b/scripts/install.sh
index 292af38d2..a19236974 100755
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -85,18 +85,18 @@ compare_address_pools() {
     local size1="$2"
     local base2="$3"
     local size2="$4"
-    
+
     # Normalize CIDR notation for comparison
     local ip1=$(echo "$base1" | cut -d'/' -f1)
     local prefix1=$(echo "$base1" | cut -d'/' -f2)
     local ip2=$(echo "$base2" | cut -d'/' -f1)
     local prefix2=$(echo "$base2" | cut -d'/' -f2)
-    
+
     # Compare IPs and prefixes
     if [ "$ip1" = "$ip2" ] && [ "$prefix1" = "$prefix2" ] && [ "$size1" = "$size2" ]; then
-        return 0  # Pools are the same
+        return 0 # Pools are the same
     else
-        return 1  # Pools are different
+        return 1 # Pools are different
     fi
 }
 
@@ -108,11 +108,11 @@ DOCKER_ADDRESS_POOL_SIZE=${DOCKER_ADDRESS_POOL_SIZE:-$DOCKER_ADDRESS_POOL_SIZE_D
 if [ -f "/data/coolify/source/.env" ] && [ "$DOCKER_POOL_BASE_PROVIDED" = false ] && [ "$DOCKER_POOL_SIZE_PROVIDED" = false ]; then
     ENV_DOCKER_ADDRESS_POOL_BASE=$(grep -E "^DOCKER_ADDRESS_POOL_BASE=" /data/coolify/source/.env | cut -d '=' -f2)
     ENV_DOCKER_ADDRESS_POOL_SIZE=$(grep -E "^DOCKER_ADDRESS_POOL_SIZE=" /data/coolify/source/.env | cut -d '=' -f2)
-    
+
     if [ -n "$ENV_DOCKER_ADDRESS_POOL_BASE" ]; then
         DOCKER_ADDRESS_POOL_BASE="$ENV_DOCKER_ADDRESS_POOL_BASE"
     fi
-    
+
     if [ -n "$ENV_DOCKER_ADDRESS_POOL_SIZE" ]; then
         DOCKER_ADDRESS_POOL_SIZE="$ENV_DOCKER_ADDRESS_POOL_SIZE"
     fi
@@ -124,11 +124,11 @@ if [ -f /etc/docker/daemon.json ]; then
     if jq -e '.["default-address-pools"]' /etc/docker/daemon.json >/dev/null 2>&1; then
         EXISTING_POOL_BASE=$(jq -r '.["default-address-pools"][0].base' /etc/docker/daemon.json 2>/dev/null)
         EXISTING_POOL_SIZE=$(jq -r '.["default-address-pools"][0].size' /etc/docker/daemon.json 2>/dev/null)
-        
+
         if [ -n "$EXISTING_POOL_BASE" ] && [ -n "$EXISTING_POOL_SIZE" ] && [ "$EXISTING_POOL_BASE" != "null" ] && [ "$EXISTING_POOL_SIZE" != "null" ]; then
             echo "Found existing Docker network pool: $EXISTING_POOL_BASE/$EXISTING_POOL_SIZE"
             EXISTING_POOL_CONFIGURED=true
-            
+
             # Check if environment variables were explicitly provided
             if [ "$DOCKER_POOL_BASE_PROVIDED" = false ] && [ "$DOCKER_POOL_SIZE_PROVIDED" = false ]; then
                 DOCKER_ADDRESS_POOL_BASE="$EXISTING_POOL_BASE"
@@ -182,7 +182,7 @@ WARNING_SPACE=false
 
 if [ "$TOTAL_SPACE" -lt "$REQUIRED_TOTAL_SPACE" ]; then
     WARNING_SPACE=true
-    cat << EOF
+    cat <<EOF
 WARNING: Insufficient total disk space!
 
 Total disk space:     ${TOTAL_SPACE}GB
@@ -193,7 +193,7 @@ EOF
 fi
 
 if [ "$AVAILABLE_SPACE" -lt "$REQUIRED_AVAILABLE_SPACE" ]; then
-    cat << EOF
+    cat <<EOF
 WARNING: Insufficient available disk space!
 
 Available disk space:   ${AVAILABLE_SPACE}GB
@@ -201,7 +201,7 @@ Required available space: ${REQUIRED_AVAILABLE_SPACE}GB
 
 ==================
 EOF
-WARNING_SPACE=true
+    WARNING_SPACE=true
 fi
 
 if [ "$WARNING_SPACE" = true ]; then
@@ -283,7 +283,6 @@ if [ -z "$LATEST_REALTIME_VERSION" ]; then
     LATEST_REALTIME_VERSION=latest
 fi
 
-
 case "$OS_TYPE" in
 arch | ubuntu | debian | raspbian | centos | fedora | rhel | ol | rocky | sles | opensuse-leap | opensuse-tumbleweed | almalinux | amzn | alpine) ;;
 *)
@@ -299,8 +298,6 @@ if [ "$1" != "" ]; then
     LATEST_VERSION="${LATEST_VERSION#v}"
 fi
 
-
-
 echo -e "---------------------------------------------"
 echo "| Operating System  | $OS_TYPE $OS_VERSION"
 echo "| Docker            | $DOCKER_VERSION"
@@ -347,7 +344,6 @@ sles | opensuse-leap | opensuse-tumbleweed)
     ;;
 esac
 
-
 echo -e "2. Check OpenSSH server configuration. "
 
 # Detect OpenSSH server
@@ -370,7 +366,6 @@ elif [ -x "$(command -v service)" ]; then
     fi
 fi
 
-
 if [ "$SSH_DETECTED" = "false" ]; then
     echo " - OpenSSH server not detected. Installing OpenSSH server."
     case "$OS_TYPE" in
@@ -436,86 +431,112 @@ if [ -x "$(command -v snap)" ]; then
     fi
 fi
 
+install_docker() {
+    curl -s https://releases.rancher.com/install-docker/${DOCKER_VERSION}.sh | sh 2>&1
+    if ! [ -x "$(command -v docker)" ]; then
+        curl -s https://get.docker.com | sh -s -- --version ${DOCKER_VERSION} 2>&1
+        if ! [ -x "$(command -v docker)" ]; then
+            echo " - Docker installation failed."
+            echo "   Maybe your OS is not supported?"
+            echo " - Please visit https://docs.docker.com/engine/install/ and install Docker manually to continue."
+            exit 1
+        fi
+    fi
+}
 echo -e "3. Check Docker Installation. "
 if ! [ -x "$(command -v docker)" ]; then
     echo " - Docker is not installed. Installing Docker. It may take a while."
     getAJoke
     case "$OS_TYPE" in
-        "almalinux")
-            dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo >/dev/null 2>&1
-            dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin >/dev/null 2>&1
+    "almalinux")
+        dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo >/dev/null 2>&1
+        dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin >/dev/null 2>&1
+        if ! [ -x "$(command -v docker)" ]; then
+            echo " - Docker could not be installed automatically. Please visit https://docs.docker.com/engine/install/ and install Docker manually to continue."
+            exit 1
+        fi
+        systemctl start docker >/dev/null 2>&1
+        systemctl enable docker >/dev/null 2>&1
+        ;;
+    "alpine")
+        apk add docker docker-cli-compose >/dev/null 2>&1
+        rc-update add docker default >/dev/null 2>&1
+        service docker start >/dev/null 2>&1
+        if ! [ -x "$(command -v docker)" ]; then
+            echo " - Failed to install Docker with apk. Try to install it manually."
+            echo "   Please visit https://wiki.alpinelinux.org/wiki/Docker for more information."
+            exit 1
+        fi
+        ;;
+    "arch")
+        pacman -Sy docker docker-compose --noconfirm >/dev/null 2>&1
+        systemctl enable docker.service >/dev/null 2>&1
+        if ! [ -x "$(command -v docker)" ]; then
+            echo " - Failed to install Docker with pacman. Try to install it manually."
+            echo "   Please visit https://wiki.archlinux.org/title/docker for more information."
+            exit 1
+        fi
+        ;;
+    "amzn")
+        dnf install docker -y >/dev/null 2>&1
+        DOCKER_CONFIG=${DOCKER_CONFIG:-/usr/local/lib/docker}
+        mkdir -p $DOCKER_CONFIG/cli-plugins >/dev/null 2>&1
+        curl -sL https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m) -o $DOCKER_CONFIG/cli-plugins/docker-compose >/dev/null 2>&1
+        chmod +x $DOCKER_CONFIG/cli-plugins/docker-compose >/dev/null 2>&1
+        systemctl start docker >/dev/null 2>&1
+        systemctl enable docker >/dev/null 2>&1
+        if ! [ -x "$(command -v docker)" ]; then
+            echo " - Failed to install Docker with dnf. Try to install it manually."
+            echo "   Please visit https://www.cyberciti.biz/faq/how-to-install-docker-on-amazon-linux-2/ for more information."
+            exit 1
+        fi
+        ;;
+    "centos" | "fedora" | "rhel")
+        if [ -x "$(command -v dnf5)" ]; then
+            # dnf5 is available
+            dnf config-manager addrepo --from-repofile=https://download.docker.com/linux/$OS_TYPE/docker-ce.repo --overwrite >/dev/null 2>&1
+        else
+            # dnf5 is not available, use dnf
+            dnf config-manager --add-repo=https://download.docker.com/linux/$OS_TYPE/docker-ce.repo >/dev/null 2>&1
+        fi
+        dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin >/dev/null 2>&1
+        if ! [ -x "$(command -v docker)" ]; then
+            echo " - Docker could not be installed automatically. Please visit https://docs.docker.com/engine/install/ and install Docker manually to continue."
+            exit 1
+        fi
+        systemctl start docker >/dev/null 2>&1
+        systemctl enable docker >/dev/null 2>&1
+        ;;
+    "ubuntu" | "debian" | "raspbian")
+        if [ "$OS_TYPE" = "ubuntu" ] && [ "$OS_VERSION" = "24.10" ]; then
+            echo " - Installing Docker for Ubuntu 24.10..."
+            apt-get update >/dev/null
+            apt-get install -y ca-certificates curl >/dev/null
+            install -m 0755 -d /etc/apt/keyrings
+            curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
+            chmod a+r /etc/apt/keyrings/docker.asc
+
+            # Add the repository to Apt sources
+            echo \
+                "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
+                  $(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" |
+                tee /etc/apt/sources.list.d/docker.list >/dev/null
+            apt-get update >/dev/null
+            apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin >/dev/null
+
             if ! [ -x "$(command -v docker)" ]; then
-                echo " - Docker could not be installed automatically. Please visit https://docs.docker.com/engine/install/ and install Docker manually to continue."
+                echo " - Docker installation failed."
+                echo "   Please visit https://docs.docker.com/engine/install/ubuntu/ and install Docker manually to continue."
                 exit 1
             fi
-            systemctl start docker >/dev/null 2>&1
-            systemctl enable docker >/dev/null 2>&1
-            ;;
-        "alpine")
-            apk add docker docker-cli-compose >/dev/null 2>&1
-            rc-update add docker default >/dev/null 2>&1
-            service docker start >/dev/null 2>&1
-            if ! [ -x "$(command -v docker)" ]; then
-                echo " - Failed to install Docker with apk. Try to install it manually."
-                echo "   Please visit https://wiki.alpinelinux.org/wiki/Docker for more information."
-                exit 1
-            fi
-            ;;
-        "arch")
-            pacman -Sy docker docker-compose --noconfirm >/dev/null 2>&1
-            systemctl enable docker.service >/dev/null 2>&1
-            if ! [ -x "$(command -v docker)" ]; then
-                echo " - Failed to install Docker with pacman. Try to install it manually."
-                echo "   Please visit https://wiki.archlinux.org/title/docker for more information."
-                exit 1
-            fi
-            ;;
-        "amzn")
-            dnf install docker -y >/dev/null 2>&1
-            DOCKER_CONFIG=${DOCKER_CONFIG:-/usr/local/lib/docker}
-            mkdir -p $DOCKER_CONFIG/cli-plugins >/dev/null 2>&1
-            curl -sL https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m) -o $DOCKER_CONFIG/cli-plugins/docker-compose >/dev/null 2>&1
-            chmod +x $DOCKER_CONFIG/cli-plugins/docker-compose >/dev/null 2>&1
-            systemctl start docker >/dev/null 2>&1
-            systemctl enable docker >/dev/null 2>&1
-            if ! [ -x "$(command -v docker)" ]; then
-                echo " - Failed to install Docker with dnf. Try to install it manually."
-                echo "   Please visit https://www.cyberciti.biz/faq/how-to-install-docker-on-amazon-linux-2/ for more information."
-                exit 1
-            fi
-            ;;
-        "centos" | "fedora" | "rhel")
-            if [ -x "$(command -v dnf5)" ]; then
-                # dnf5 is available
-                dnf config-manager addrepo --from-repofile=https://download.docker.com/linux/$OS_TYPE/docker-ce.repo --overwrite >/dev/null 2>&1
-            else
-                # dnf5 is not available, use dnf
-                dnf config-manager --add-repo=https://download.docker.com/linux/$OS_TYPE/docker-ce.repo >/dev/null 2>&1
-            fi
-            dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin >/dev/null 2>&1
-            if ! [ -x "$(command -v docker)" ]; then
-                echo " - Docker could not be installed automatically. Please visit https://docs.docker.com/engine/install/ and install Docker manually to continue."
-                exit 1
-            fi
-            systemctl start docker >/dev/null 2>&1
-            systemctl enable docker >/dev/null 2>&1
-            ;;
-        *)
-            if [ "$OS_TYPE" = "ubuntu" ] && [ "$OS_VERSION" = "24.10" ]; then
-                echo "Docker automated installation is not supported on Ubuntu 24.10 (non-LTS release)."
-                    echo "Please install Docker manually."
-                exit 1
-            fi
-            curl -s https://releases.rancher.com/install-docker/${DOCKER_VERSION}.sh | sh 2>&1
-            if ! [ -x "$(command -v docker)" ]; then
-                curl -s https://get.docker.com | sh -s -- --version ${DOCKER_VERSION} 2>&1
-                if ! [ -x "$(command -v docker)" ]; then
-                    echo " - Docker installation failed."
-                    echo "   Maybe your OS is not supported?"
-                    echo " - Please visit https://docs.docker.com/engine/install/ and install Docker manually to continue."
-                    exit 1
-                fi
-            fi
+            echo " - Docker installed successfully for Ubuntu 24.10."
+        else
+            install_docker
+        fi
+        ;;
+    *)
+        install_docker
+        ;;
     esac
     echo " - Docker installed successfully."
 else
@@ -540,7 +561,7 @@ if [ "$DOCKER_POOL_FORCE_OVERRIDE" = true ] || [ "$EXISTING_POOL_CONFIGURED" = f
     if [ -f /etc/docker/daemon.json ]; then
         CURRENT_POOL_BASE=$(jq -r '.["default-address-pools"][0].base' /etc/docker/daemon.json 2>/dev/null)
         CURRENT_POOL_SIZE=$(jq -r '.["default-address-pools"][0].size' /etc/docker/daemon.json 2>/dev/null)
-        
+
         if [ "$CURRENT_POOL_BASE" = "$DOCKER_ADDRESS_POOL_BASE" ] && [ "$CURRENT_POOL_SIZE" = "$DOCKER_ADDRESS_POOL_SIZE" ]; then
             echo " - Network pool configuration unchanged, skipping update"
             NEED_MERGE=false
@@ -621,7 +642,7 @@ if [ -s /etc/docker/daemon.json.original-"$DATE" ]; then
     DIFF=$(diff <(jq --sort-keys . /etc/docker/daemon.json) <(jq --sort-keys . /etc/docker/daemon.json.original-"$DATE") || true)
     if [ "$DIFF" != "" ]; then
         echo " - Checking configuration changes..."
-        
+
         # Check if address pools were changed
         if echo "$DIFF" | grep -q "default-address-pools"; then
             if [ "$DOCKER_POOL_BASE_PROVIDED" = true ] || [ "$DOCKER_POOL_SIZE_PROVIDED" = true ]; then
@@ -630,7 +651,7 @@ if [ -s /etc/docker/daemon.json.original-"$DATE" ]; then
                 echo " - Warning: Network pool modified without explicit request"
             fi
         fi
-        
+
         # Remove this redundant restart since we already restarted when writing the config
         echo " - Configuration changes confirmed"
         if [ "$NEED_MERGE" = true ]; then
@@ -699,7 +720,7 @@ fi
 
 # Merge .env and .env.production. New values will be added to .env
 echo -e "7. Propagating .env with new values - if necessary."
-awk -F '=' '!seen[$1]++' "$ENV_FILE-$DATE" /data/coolify/source/.env.production > $ENV_FILE
+awk -F '=' '!seen[$1]++' "$ENV_FILE-$DATE" /data/coolify/source/.env.production >$ENV_FILE
 
 if [ "$AUTOUPDATE" = "false" ]; then
     if ! grep -q "AUTOUPDATE=" /data/coolify/source/.env; then
@@ -745,7 +766,7 @@ if [ "$IS_COOLIFY_VOLUME_EXISTS" -eq 0 ]; then
     ssh-keygen -t ed25519 -a 100 -f /data/coolify/ssh/keys/id.$CURRENT_USER@host.docker.internal -q -N "" -C coolify
     chown 9999 /data/coolify/ssh/keys/id.$CURRENT_USER@host.docker.internal
     sed -i "/coolify/d" ~/.ssh/authorized_keys
-    cat /data/coolify/ssh/keys/id.$CURRENT_USER@host.docker.internal.pub >> ~/.ssh/authorized_keys
+    cat /data/coolify/ssh/keys/id.$CURRENT_USER@host.docker.internal.pub >>~/.ssh/authorized_keys
     rm -f /data/coolify/ssh/keys/id.$CURRENT_USER@host.docker.internal.pub
 fi
 
@@ -790,4 +811,4 @@ if [ -n "$PRIVATE_IPS" ]; then
     done
 fi
 echo -e "\nWARNING: It is highly recommended to backup your Environment variables file (/data/coolify/source/.env) to a safe location, outside of this server (e.g. into a Password Manager).\n"
-cp /data/coolify/source/.env /data/coolify/source/.env.backup
\ No newline at end of file
+cp /data/coolify/source/.env /data/coolify/source/.env.backup

From 3cf4d6364c5c32edc84be2414b30435c63f2cd78 Mon Sep 17 00:00:00 2001
From: Andras Bacsai <andras.bacsai@gmail.com>
Date: Fri, 14 Mar 2025 13:20:48 +0100
Subject: [PATCH 124/145] fix

---
 other/nightly/install.sh | 210 +++++++-------
 scripts/install-1.6.sh   | 571 +++++++++++++++++++++++++++++++++++++++
 scripts/install-1.7.sh   | 514 +++++++++++++++++++++++++----------
 3 files changed, 1051 insertions(+), 244 deletions(-)
 create mode 100644 scripts/install-1.6.sh
 mode change 100644 => 100755 scripts/install-1.7.sh

diff --git a/other/nightly/install.sh b/other/nightly/install.sh
index af28baee1..72780e045 100755
--- a/other/nightly/install.sh
+++ b/other/nightly/install.sh
@@ -7,6 +7,7 @@
 ## ROOT_USER_PASSWORD - Predefined root user password
 ## DOCKER_ADDRESS_POOL_BASE - Custom Docker address pool base (default: 10.0.0.0/8)
 ## DOCKER_ADDRESS_POOL_SIZE - Custom Docker address pool size (default: 24)
+## DOCKER_POOL_FORCE_OVERRIDE - Force override Docker address pool configuration (default: false)
 ## AUTOUPDATE - Set to "false" to disable auto-updates
 
 set -e # Exit immediately if a command exits with a non-zero status
@@ -84,18 +85,18 @@ compare_address_pools() {
     local size1="$2"
     local base2="$3"
     local size2="$4"
-    
+
     # Normalize CIDR notation for comparison
     local ip1=$(echo "$base1" | cut -d'/' -f1)
     local prefix1=$(echo "$base1" | cut -d'/' -f2)
     local ip2=$(echo "$base2" | cut -d'/' -f1)
     local prefix2=$(echo "$base2" | cut -d'/' -f2)
-    
+
     # Compare IPs and prefixes
     if [ "$ip1" = "$ip2" ] && [ "$prefix1" = "$prefix2" ] && [ "$size1" = "$size2" ]; then
-        return 0  # Pools are the same
+        return 0 # Pools are the same
     else
-        return 1  # Pools are different
+        return 1 # Pools are different
     fi
 }
 
@@ -107,11 +108,11 @@ DOCKER_ADDRESS_POOL_SIZE=${DOCKER_ADDRESS_POOL_SIZE:-$DOCKER_ADDRESS_POOL_SIZE_D
 if [ -f "/data/coolify/source/.env" ] && [ "$DOCKER_POOL_BASE_PROVIDED" = false ] && [ "$DOCKER_POOL_SIZE_PROVIDED" = false ]; then
     ENV_DOCKER_ADDRESS_POOL_BASE=$(grep -E "^DOCKER_ADDRESS_POOL_BASE=" /data/coolify/source/.env | cut -d '=' -f2)
     ENV_DOCKER_ADDRESS_POOL_SIZE=$(grep -E "^DOCKER_ADDRESS_POOL_SIZE=" /data/coolify/source/.env | cut -d '=' -f2)
-    
+
     if [ -n "$ENV_DOCKER_ADDRESS_POOL_BASE" ]; then
         DOCKER_ADDRESS_POOL_BASE="$ENV_DOCKER_ADDRESS_POOL_BASE"
     fi
-    
+
     if [ -n "$ENV_DOCKER_ADDRESS_POOL_SIZE" ]; then
         DOCKER_ADDRESS_POOL_SIZE="$ENV_DOCKER_ADDRESS_POOL_SIZE"
     fi
@@ -123,11 +124,11 @@ if [ -f /etc/docker/daemon.json ]; then
     if jq -e '.["default-address-pools"]' /etc/docker/daemon.json >/dev/null 2>&1; then
         EXISTING_POOL_BASE=$(jq -r '.["default-address-pools"][0].base' /etc/docker/daemon.json 2>/dev/null)
         EXISTING_POOL_SIZE=$(jq -r '.["default-address-pools"][0].size' /etc/docker/daemon.json 2>/dev/null)
-        
+
         if [ -n "$EXISTING_POOL_BASE" ] && [ -n "$EXISTING_POOL_SIZE" ] && [ "$EXISTING_POOL_BASE" != "null" ] && [ "$EXISTING_POOL_SIZE" != "null" ]; then
             echo "Found existing Docker network pool: $EXISTING_POOL_BASE/$EXISTING_POOL_SIZE"
             EXISTING_POOL_CONFIGURED=true
-            
+
             # Check if environment variables were explicitly provided
             if [ "$DOCKER_POOL_BASE_PROVIDED" = false ] && [ "$DOCKER_POOL_SIZE_PROVIDED" = false ]; then
                 DOCKER_ADDRESS_POOL_BASE="$EXISTING_POOL_BASE"
@@ -181,7 +182,7 @@ WARNING_SPACE=false
 
 if [ "$TOTAL_SPACE" -lt "$REQUIRED_TOTAL_SPACE" ]; then
     WARNING_SPACE=true
-    cat << EOF
+    cat <<EOF
 WARNING: Insufficient total disk space!
 
 Total disk space:     ${TOTAL_SPACE}GB
@@ -192,7 +193,7 @@ EOF
 fi
 
 if [ "$AVAILABLE_SPACE" -lt "$REQUIRED_AVAILABLE_SPACE" ]; then
-    cat << EOF
+    cat <<EOF
 WARNING: Insufficient available disk space!
 
 Available disk space:   ${AVAILABLE_SPACE}GB
@@ -200,7 +201,7 @@ Required available space: ${REQUIRED_AVAILABLE_SPACE}GB
 
 ==================
 EOF
-WARNING_SPACE=true
+    WARNING_SPACE=true
 fi
 
 if [ "$WARNING_SPACE" = true ]; then
@@ -282,7 +283,6 @@ if [ -z "$LATEST_REALTIME_VERSION" ]; then
     LATEST_REALTIME_VERSION=latest
 fi
 
-
 case "$OS_TYPE" in
 arch | ubuntu | debian | raspbian | centos | fedora | rhel | ol | rocky | sles | opensuse-leap | opensuse-tumbleweed | almalinux | amzn | alpine) ;;
 *)
@@ -298,8 +298,6 @@ if [ "$1" != "" ]; then
     LATEST_VERSION="${LATEST_VERSION#v}"
 fi
 
-
-
 echo -e "---------------------------------------------"
 echo "| Operating System  | $OS_TYPE $OS_VERSION"
 echo "| Docker            | $DOCKER_VERSION"
@@ -346,7 +344,6 @@ sles | opensuse-leap | opensuse-tumbleweed)
     ;;
 esac
 
-
 echo -e "2. Check OpenSSH server configuration. "
 
 # Detect OpenSSH server
@@ -369,7 +366,6 @@ elif [ -x "$(command -v service)" ]; then
     fi
 fi
 
-
 if [ "$SSH_DETECTED" = "false" ]; then
     echo " - OpenSSH server not detected. Installing OpenSSH server."
     case "$OS_TYPE" in
@@ -435,86 +431,112 @@ if [ -x "$(command -v snap)" ]; then
     fi
 fi
 
+install_docker() {
+    curl -s https://releases.rancher.com/install-docker/${DOCKER_VERSION}.sh | sh 2>&1
+    if ! [ -x "$(command -v docker)" ]; then
+        curl -s https://get.docker.com | sh -s -- --version ${DOCKER_VERSION} 2>&1
+        if ! [ -x "$(command -v docker)" ]; then
+            echo " - Docker installation failed."
+            echo "   Maybe your OS is not supported?"
+            echo " - Please visit https://docs.docker.com/engine/install/ and install Docker manually to continue."
+            exit 1
+        fi
+    fi
+}
 echo -e "3. Check Docker Installation. "
 if ! [ -x "$(command -v docker)" ]; then
     echo " - Docker is not installed. Installing Docker. It may take a while."
     getAJoke
     case "$OS_TYPE" in
-        "almalinux")
-            dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo >/dev/null 2>&1
-            dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin >/dev/null 2>&1
+    "almalinux")
+        dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo >/dev/null 2>&1
+        dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin >/dev/null 2>&1
+        if ! [ -x "$(command -v docker)" ]; then
+            echo " - Docker could not be installed automatically. Please visit https://docs.docker.com/engine/install/ and install Docker manually to continue."
+            exit 1
+        fi
+        systemctl start docker >/dev/null 2>&1
+        systemctl enable docker >/dev/null 2>&1
+        ;;
+    "alpine")
+        apk add docker docker-cli-compose >/dev/null 2>&1
+        rc-update add docker default >/dev/null 2>&1
+        service docker start >/dev/null 2>&1
+        if ! [ -x "$(command -v docker)" ]; then
+            echo " - Failed to install Docker with apk. Try to install it manually."
+            echo "   Please visit https://wiki.alpinelinux.org/wiki/Docker for more information."
+            exit 1
+        fi
+        ;;
+    "arch")
+        pacman -Sy docker docker-compose --noconfirm >/dev/null 2>&1
+        systemctl enable docker.service >/dev/null 2>&1
+        if ! [ -x "$(command -v docker)" ]; then
+            echo " - Failed to install Docker with pacman. Try to install it manually."
+            echo "   Please visit https://wiki.archlinux.org/title/docker for more information."
+            exit 1
+        fi
+        ;;
+    "amzn")
+        dnf install docker -y >/dev/null 2>&1
+        DOCKER_CONFIG=${DOCKER_CONFIG:-/usr/local/lib/docker}
+        mkdir -p $DOCKER_CONFIG/cli-plugins >/dev/null 2>&1
+        curl -sL https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m) -o $DOCKER_CONFIG/cli-plugins/docker-compose >/dev/null 2>&1
+        chmod +x $DOCKER_CONFIG/cli-plugins/docker-compose >/dev/null 2>&1
+        systemctl start docker >/dev/null 2>&1
+        systemctl enable docker >/dev/null 2>&1
+        if ! [ -x "$(command -v docker)" ]; then
+            echo " - Failed to install Docker with dnf. Try to install it manually."
+            echo "   Please visit https://www.cyberciti.biz/faq/how-to-install-docker-on-amazon-linux-2/ for more information."
+            exit 1
+        fi
+        ;;
+    "centos" | "fedora" | "rhel")
+        if [ -x "$(command -v dnf5)" ]; then
+            # dnf5 is available
+            dnf config-manager addrepo --from-repofile=https://download.docker.com/linux/$OS_TYPE/docker-ce.repo --overwrite >/dev/null 2>&1
+        else
+            # dnf5 is not available, use dnf
+            dnf config-manager --add-repo=https://download.docker.com/linux/$OS_TYPE/docker-ce.repo >/dev/null 2>&1
+        fi
+        dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin >/dev/null 2>&1
+        if ! [ -x "$(command -v docker)" ]; then
+            echo " - Docker could not be installed automatically. Please visit https://docs.docker.com/engine/install/ and install Docker manually to continue."
+            exit 1
+        fi
+        systemctl start docker >/dev/null 2>&1
+        systemctl enable docker >/dev/null 2>&1
+        ;;
+    "ubuntu" | "debian" | "raspbian")
+        if [ "$OS_TYPE" = "ubuntu" ] && [ "$OS_VERSION" = "24.10" ]; then
+            echo " - Installing Docker for Ubuntu 24.10..."
+            apt-get update >/dev/null
+            apt-get install -y ca-certificates curl >/dev/null
+            install -m 0755 -d /etc/apt/keyrings
+            curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
+            chmod a+r /etc/apt/keyrings/docker.asc
+
+            # Add the repository to Apt sources
+            echo \
+                "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
+                  $(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" |
+                tee /etc/apt/sources.list.d/docker.list >/dev/null
+            apt-get update >/dev/null
+            apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin >/dev/null
+
             if ! [ -x "$(command -v docker)" ]; then
-                echo " - Docker could not be installed automatically. Please visit https://docs.docker.com/engine/install/ and install Docker manually to continue."
+                echo " - Docker installation failed."
+                echo "   Please visit https://docs.docker.com/engine/install/ubuntu/ and install Docker manually to continue."
                 exit 1
             fi
-            systemctl start docker >/dev/null 2>&1
-            systemctl enable docker >/dev/null 2>&1
-            ;;
-        "alpine")
-            apk add docker docker-cli-compose >/dev/null 2>&1
-            rc-update add docker default >/dev/null 2>&1
-            service docker start >/dev/null 2>&1
-            if ! [ -x "$(command -v docker)" ]; then
-                echo " - Failed to install Docker with apk. Try to install it manually."
-                echo "   Please visit https://wiki.alpinelinux.org/wiki/Docker for more information."
-                exit 1
-            fi
-            ;;
-        "arch")
-            pacman -Sy docker docker-compose --noconfirm >/dev/null 2>&1
-            systemctl enable docker.service >/dev/null 2>&1
-            if ! [ -x "$(command -v docker)" ]; then
-                echo " - Failed to install Docker with pacman. Try to install it manually."
-                echo "   Please visit https://wiki.archlinux.org/title/docker for more information."
-                exit 1
-            fi
-            ;;
-        "amzn")
-            dnf install docker -y >/dev/null 2>&1
-            DOCKER_CONFIG=${DOCKER_CONFIG:-/usr/local/lib/docker}
-            mkdir -p $DOCKER_CONFIG/cli-plugins >/dev/null 2>&1
-            curl -sL https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m) -o $DOCKER_CONFIG/cli-plugins/docker-compose >/dev/null 2>&1
-            chmod +x $DOCKER_CONFIG/cli-plugins/docker-compose >/dev/null 2>&1
-            systemctl start docker >/dev/null 2>&1
-            systemctl enable docker >/dev/null 2>&1
-            if ! [ -x "$(command -v docker)" ]; then
-                echo " - Failed to install Docker with dnf. Try to install it manually."
-                echo "   Please visit https://www.cyberciti.biz/faq/how-to-install-docker-on-amazon-linux-2/ for more information."
-                exit 1
-            fi
-            ;;
-        "centos" | "fedora" | "rhel")
-            if [ -x "$(command -v dnf5)" ]; then
-                # dnf5 is available
-                dnf config-manager addrepo --from-repofile=https://download.docker.com/linux/$OS_TYPE/docker-ce.repo --overwrite >/dev/null 2>&1
-            else
-                # dnf5 is not available, use dnf
-                dnf config-manager --add-repo=https://download.docker.com/linux/$OS_TYPE/docker-ce.repo >/dev/null 2>&1
-            fi
-            dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin >/dev/null 2>&1
-            if ! [ -x "$(command -v docker)" ]; then
-                echo " - Docker could not be installed automatically. Please visit https://docs.docker.com/engine/install/ and install Docker manually to continue."
-                exit 1
-            fi
-            systemctl start docker >/dev/null 2>&1
-            systemctl enable docker >/dev/null 2>&1
-            ;;
-        *)
-            if [ "$OS_TYPE" = "ubuntu" ] && [ "$OS_VERSION" = "24.10" ]; then
-                echo "Docker automated installation is not supported on Ubuntu 24.10 (non-LTS release)."
-                    echo "Please install Docker manually."
-                exit 1
-            fi
-            curl -s https://releases.rancher.com/install-docker/${DOCKER_VERSION}.sh | sh 2>&1
-            if ! [ -x "$(command -v docker)" ]; then
-                curl -s https://get.docker.com | sh -s -- --version ${DOCKER_VERSION} 2>&1
-                if ! [ -x "$(command -v docker)" ]; then
-                    echo " - Docker installation failed."
-                    echo "   Maybe your OS is not supported?"
-                    echo " - Please visit https://docs.docker.com/engine/install/ and install Docker manually to continue."
-                    exit 1
-                fi
-            fi
+            echo " - Docker installed successfully for Ubuntu 24.10."
+        else
+            install_docker
+        fi
+        ;;
+    *)
+        install_docker
+        ;;
     esac
     echo " - Docker installed successfully."
 else
@@ -539,7 +561,7 @@ if [ "$DOCKER_POOL_FORCE_OVERRIDE" = true ] || [ "$EXISTING_POOL_CONFIGURED" = f
     if [ -f /etc/docker/daemon.json ]; then
         CURRENT_POOL_BASE=$(jq -r '.["default-address-pools"][0].base' /etc/docker/daemon.json 2>/dev/null)
         CURRENT_POOL_SIZE=$(jq -r '.["default-address-pools"][0].size' /etc/docker/daemon.json 2>/dev/null)
-        
+
         if [ "$CURRENT_POOL_BASE" = "$DOCKER_ADDRESS_POOL_BASE" ] && [ "$CURRENT_POOL_SIZE" = "$DOCKER_ADDRESS_POOL_SIZE" ]; then
             echo " - Network pool configuration unchanged, skipping update"
             NEED_MERGE=false
@@ -620,7 +642,7 @@ if [ -s /etc/docker/daemon.json.original-"$DATE" ]; then
     DIFF=$(diff <(jq --sort-keys . /etc/docker/daemon.json) <(jq --sort-keys . /etc/docker/daemon.json.original-"$DATE") || true)
     if [ "$DIFF" != "" ]; then
         echo " - Checking configuration changes..."
-        
+
         # Check if address pools were changed
         if echo "$DIFF" | grep -q "default-address-pools"; then
             if [ "$DOCKER_POOL_BASE_PROVIDED" = true ] || [ "$DOCKER_POOL_SIZE_PROVIDED" = true ]; then
@@ -629,7 +651,7 @@ if [ -s /etc/docker/daemon.json.original-"$DATE" ]; then
                 echo " - Warning: Network pool modified without explicit request"
             fi
         fi
-        
+
         # Remove this redundant restart since we already restarted when writing the config
         echo " - Configuration changes confirmed"
         if [ "$NEED_MERGE" = true ]; then
@@ -698,7 +720,7 @@ fi
 
 # Merge .env and .env.production. New values will be added to .env
 echo -e "7. Propagating .env with new values - if necessary."
-awk -F '=' '!seen[$1]++' "$ENV_FILE-$DATE" /data/coolify/source/.env.production > $ENV_FILE
+awk -F '=' '!seen[$1]++' "$ENV_FILE-$DATE" /data/coolify/source/.env.production >$ENV_FILE
 
 if [ "$AUTOUPDATE" = "false" ]; then
     if ! grep -q "AUTOUPDATE=" /data/coolify/source/.env; then
@@ -744,7 +766,7 @@ if [ "$IS_COOLIFY_VOLUME_EXISTS" -eq 0 ]; then
     ssh-keygen -t ed25519 -a 100 -f /data/coolify/ssh/keys/id.$CURRENT_USER@host.docker.internal -q -N "" -C coolify
     chown 9999 /data/coolify/ssh/keys/id.$CURRENT_USER@host.docker.internal
     sed -i "/coolify/d" ~/.ssh/authorized_keys
-    cat /data/coolify/ssh/keys/id.$CURRENT_USER@host.docker.internal.pub >> ~/.ssh/authorized_keys
+    cat /data/coolify/ssh/keys/id.$CURRENT_USER@host.docker.internal.pub >>~/.ssh/authorized_keys
     rm -f /data/coolify/ssh/keys/id.$CURRENT_USER@host.docker.internal.pub
 fi
 
@@ -789,4 +811,4 @@ if [ -n "$PRIVATE_IPS" ]; then
     done
 fi
 echo -e "\nWARNING: It is highly recommended to backup your Environment variables file (/data/coolify/source/.env) to a safe location, outside of this server (e.g. into a Password Manager).\n"
-cp /data/coolify/source/.env /data/coolify/source/.env.backup
\ No newline at end of file
+cp /data/coolify/source/.env /data/coolify/source/.env.backup
diff --git a/scripts/install-1.6.sh b/scripts/install-1.6.sh
new file mode 100644
index 000000000..50bce4e55
--- /dev/null
+++ b/scripts/install-1.6.sh
@@ -0,0 +1,571 @@
+#!/bin/bash
+## Do not modify this file. You will lose the ability to install and auto-update!
+
+set -e # Exit immediately if a command exits with a non-zero status
+## $1 could be empty, so we need to disable this check
+#set -u # Treat unset variables as an error and exit
+set -o pipefail # Cause a pipeline to return the status of the last command that exited with a non-zero status
+CDN="https://cdn.coollabs.io/coolify"
+DATE=$(date +"%Y%m%d-%H%M%S")
+
+VERSION="1.6"
+DOCKER_VERSION="27.0"
+# TODO: Ask for a user
+CURRENT_USER=$USER
+
+if [ $EUID != 0 ]; then
+    echo "Please run this script as root or with sudo"
+    exit
+fi
+
+echo -e "Welcome to Coolify Installer!"
+echo -e "This script will install everything for you. Sit back and relax."
+echo -e "Source code: https://github.com/coollabsio/coolify/blob/main/scripts/install.sh\n"
+
+# Predefined root user
+ROOT_USERNAME=${ROOT_USERNAME:-}
+ROOT_USER_EMAIL=${ROOT_USER_EMAIL:-}
+ROOT_USER_PASSWORD=${ROOT_USER_PASSWORD:-}
+
+TOTAL_SPACE=$(df -BG / | awk 'NR==2 {print $2}' | sed 's/G//')
+AVAILABLE_SPACE=$(df -BG / | awk 'NR==2 {print $4}' | sed 's/G//')
+REQUIRED_TOTAL_SPACE=30
+REQUIRED_AVAILABLE_SPACE=20
+WARNING_SPACE=false
+
+if [ "$TOTAL_SPACE" -lt "$REQUIRED_TOTAL_SPACE" ]; then
+    WARNING_SPACE=true
+    cat <<EOF
+WARNING: Insufficient total disk space!
+
+Total disk space:     ${TOTAL_SPACE}GB
+Required disk space:  ${REQUIRED_TOTAL_SPACE}GB
+
+==================
+EOF
+fi
+
+if [ "$AVAILABLE_SPACE" -lt "$REQUIRED_AVAILABLE_SPACE" ]; then
+    cat <<EOF
+WARNING: Insufficient available disk space!
+
+Available disk space:   ${AVAILABLE_SPACE}GB
+Required available space: ${REQUIRED_AVAILABLE_SPACE}GB
+
+==================
+EOF
+    WARNING_SPACE=true
+fi
+
+if [ "$WARNING_SPACE" = true ]; then
+    echo "Sleeping for 5 seconds."
+    sleep 5
+fi
+
+mkdir -p /data/coolify/{source,ssh,applications,databases,backups,services,proxy,webhooks-during-maintenance,sentinel}
+mkdir -p /data/coolify/ssh/{keys,mux}
+mkdir -p /data/coolify/proxy/dynamic
+
+chown -R 9999:root /data/coolify
+chmod -R 700 /data/coolify
+
+INSTALLATION_LOG_WITH_DATE="/data/coolify/source/installation-${DATE}.log"
+
+exec > >(tee -a $INSTALLATION_LOG_WITH_DATE) 2>&1
+
+getAJoke() {
+    JOKES=$(curl -s --max-time 2 "https://v2.jokeapi.dev/joke/Programming?blacklistFlags=nsfw,religious,political,racist,sexist,explicit&format=txt&type=single" || true)
+    if [ "$JOKES" != "" ]; then
+        echo -e " - Until then, here's a joke for you:\n"
+        echo -e "$JOKES\n"
+    fi
+}
+OS_TYPE=$(grep -w "ID" /etc/os-release | cut -d "=" -f 2 | tr -d '"')
+ENV_FILE="/data/coolify/source/.env"
+
+# Check if the OS is manjaro, if so, change it to arch
+if [ "$OS_TYPE" = "manjaro" ] || [ "$OS_TYPE" = "manjaro-arm" ]; then
+    OS_TYPE="arch"
+fi
+
+# Check if the OS is Endeavour OS, if so, change it to arch
+if [ "$OS_TYPE" = "endeavouros" ]; then
+    OS_TYPE="arch"
+fi
+
+# Check if the OS is Asahi Linux, if so, change it to fedora
+if [ "$OS_TYPE" = "fedora-asahi-remix" ]; then
+    OS_TYPE="fedora"
+fi
+
+# Check if the OS is popOS, if so, change it to ubuntu
+if [ "$OS_TYPE" = "pop" ]; then
+    OS_TYPE="ubuntu"
+fi
+
+# Check if the OS is linuxmint, if so, change it to ubuntu
+if [ "$OS_TYPE" = "linuxmint" ]; then
+    OS_TYPE="ubuntu"
+fi
+
+#Check if the OS is zorin, if so, change it to ubuntu
+if [ "$OS_TYPE" = "zorin" ]; then
+    OS_TYPE="ubuntu"
+fi
+
+if [ "$OS_TYPE" = "arch" ] || [ "$OS_TYPE" = "archarm" ]; then
+    OS_VERSION="rolling"
+else
+    OS_VERSION=$(grep -w "VERSION_ID" /etc/os-release | cut -d "=" -f 2 | tr -d '"')
+fi
+
+# Install xargs on Amazon Linux 2023 - lol
+if [ "$OS_TYPE" = 'amzn' ]; then
+    dnf install -y findutils >/dev/null
+fi
+
+LATEST_VERSION=$(curl --silent $CDN/versions.json | grep -i version | xargs | awk '{print $2}' | tr -d ',')
+LATEST_HELPER_VERSION=$(curl --silent $CDN/versions.json | grep -i version | xargs | awk '{print $6}' | tr -d ',')
+LATEST_REALTIME_VERSION=$(curl --silent $CDN/versions.json | grep -i version | xargs | awk '{print $8}' | tr -d ',')
+
+if [ -z "$LATEST_HELPER_VERSION" ]; then
+    LATEST_HELPER_VERSION=latest
+fi
+
+if [ -z "$LATEST_REALTIME_VERSION" ]; then
+    LATEST_REALTIME_VERSION=latest
+fi
+
+case "$OS_TYPE" in
+arch | ubuntu | debian | raspbian | centos | fedora | rhel | ol | rocky | sles | opensuse-leap | opensuse-tumbleweed | almalinux | amzn | alpine) ;;
+*)
+    echo "This script only supports Debian, Redhat, Arch Linux, Alpine Linux, or SLES based operating systems for now."
+    exit
+    ;;
+esac
+
+# Overwrite LATEST_VERSION if user pass a version number
+if [ "$1" != "" ]; then
+    LATEST_VERSION=$1
+    LATEST_VERSION="${LATEST_VERSION,,}"
+    LATEST_VERSION="${LATEST_VERSION#v}"
+fi
+
+echo -e "---------------------------------------------"
+echo "| Operating System  | $OS_TYPE $OS_VERSION"
+echo "| Docker            | $DOCKER_VERSION"
+echo "| Coolify           | $LATEST_VERSION"
+echo "| Helper            | $LATEST_HELPER_VERSION"
+echo "| Realtime          | $LATEST_REALTIME_VERSION"
+echo -e "---------------------------------------------\n"
+echo -e "1. Installing required packages (curl, wget, git, jq, openssl). "
+
+case "$OS_TYPE" in
+arch)
+    pacman -Sy --noconfirm --needed curl wget git jq openssl >/dev/null || true
+    ;;
+alpine)
+    sed -i '/^#.*\/community/s/^#//' /etc/apk/repositories
+    apk update >/dev/null
+    apk add curl wget git jq openssl >/dev/null
+    ;;
+ubuntu | debian | raspbian)
+    apt-get update -y >/dev/null
+    apt-get install -y curl wget git jq openssl >/dev/null
+    ;;
+centos | fedora | rhel | ol | rocky | almalinux | amzn)
+    if [ "$OS_TYPE" = "amzn" ]; then
+        dnf install -y wget git jq openssl >/dev/null
+    else
+        if ! command -v dnf >/dev/null; then
+            yum install -y dnf >/dev/null
+        fi
+        if ! command -v curl >/dev/null; then
+            dnf install -y curl >/dev/null
+        fi
+        dnf install -y wget git jq openssl >/dev/null
+    fi
+    ;;
+sles | opensuse-leap | opensuse-tumbleweed)
+    zypper refresh >/dev/null
+    zypper install -y curl wget git jq openssl >/dev/null
+    ;;
+*)
+    echo "This script only supports Debian, Redhat, Arch Linux, or SLES based operating systems for now."
+    exit
+    ;;
+esac
+
+echo -e "2. Check OpenSSH server configuration. "
+
+# Detect OpenSSH server
+SSH_DETECTED=false
+if [ -x "$(command -v systemctl)" ]; then
+    if systemctl status sshd >/dev/null 2>&1; then
+        echo " - OpenSSH server is installed."
+        SSH_DETECTED=true
+    elif systemctl status ssh >/dev/null 2>&1; then
+        echo " - OpenSSH server is installed."
+        SSH_DETECTED=true
+    fi
+elif [ -x "$(command -v service)" ]; then
+    if service sshd status >/dev/null 2>&1; then
+        echo " - OpenSSH server is installed."
+        SSH_DETECTED=true
+    elif service ssh status >/dev/null 2>&1; then
+        echo " - OpenSSH server is installed."
+        SSH_DETECTED=true
+    fi
+fi
+
+if [ "$SSH_DETECTED" = "false" ]; then
+    echo " - OpenSSH server not detected. Installing OpenSSH server."
+    case "$OS_TYPE" in
+    arch)
+        pacman -Sy --noconfirm openssh >/dev/null
+        systemctl enable sshd >/dev/null 2>&1
+        systemctl start sshd >/dev/null 2>&1
+        ;;
+    alpine)
+        apk add openssh >/dev/null
+        rc-update add sshd default >/dev/null 2>&1
+        service sshd start >/dev/null 2>&1
+        ;;
+    ubuntu | debian | raspbian)
+        apt-get update -y >/dev/null
+        apt-get install -y openssh-server >/dev/null
+        systemctl enable ssh >/dev/null 2>&1
+        systemctl start ssh >/dev/null 2>&1
+        ;;
+    centos | fedora | rhel | ol | rocky | almalinux | amzn)
+        if [ "$OS_TYPE" = "amzn" ]; then
+            dnf install -y openssh-server >/dev/null
+        else
+            dnf install -y openssh-server >/dev/null
+        fi
+        systemctl enable sshd >/dev/null 2>&1
+        systemctl start sshd >/dev/null 2>&1
+        ;;
+    sles | opensuse-leap | opensuse-tumbleweed)
+        zypper install -y openssh >/dev/null
+        systemctl enable sshd >/dev/null 2>&1
+        systemctl start sshd >/dev/null 2>&1
+        ;;
+    *)
+        echo "###############################################################################"
+        echo "WARNING: Could not detect and install OpenSSH server - this does not mean that it is not installed or not running, just that we could not detect it."
+        echo -e "Please make sure it is installed and running, otherwise Coolify cannot connect to the host system. \n"
+        echo "###############################################################################"
+        exit 1
+        ;;
+    esac
+    echo " - OpenSSH server installed successfully."
+    SSH_DETECTED=true
+fi
+
+# Detect SSH PermitRootLogin
+SSH_PERMIT_ROOT_LOGIN=$(sshd -T | grep -i "permitrootlogin" | awk '{print $2}') || true
+if [ "$SSH_PERMIT_ROOT_LOGIN" = "yes" ] || [ "$SSH_PERMIT_ROOT_LOGIN" = "without-password" ] || [ "$SSH_PERMIT_ROOT_LOGIN" = "prohibit-password" ]; then
+    echo " - SSH PermitRootLogin is enabled."
+else
+    echo " - SSH PermitRootLogin is disabled."
+    echo "   If you have problems with SSH, please read this: https://coolify.io/docs/knowledge-base/server/openssh"
+fi
+
+# Detect if docker is installed via snap
+if [ -x "$(command -v snap)" ]; then
+    SNAP_DOCKER_INSTALLED=$(snap list docker >/dev/null 2>&1 && echo "true" || echo "false")
+    if [ "$SNAP_DOCKER_INSTALLED" = "true" ]; then
+        echo " - Docker is installed via snap."
+        echo "   Please note that Coolify does not support Docker installed via snap."
+        echo "   Please remove Docker with snap (snap remove docker) and reexecute this script."
+        exit 1
+    fi
+fi
+
+echo -e "3. Check Docker Installation. "
+if ! [ -x "$(command -v docker)" ]; then
+    echo " - Docker is not installed. Installing Docker. It may take a while."
+    getAJoke
+    case "$OS_TYPE" in
+    "almalinux")
+        dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo >/dev/null 2>&1
+        dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin >/dev/null 2>&1
+        if ! [ -x "$(command -v docker)" ]; then
+            echo " - Docker could not be installed automatically. Please visit https://docs.docker.com/engine/install/ and install Docker manually to continue."
+            exit 1
+        fi
+        systemctl start docker >/dev/null 2>&1
+        systemctl enable docker >/dev/null 2>&1
+        ;;
+    "alpine")
+        apk add docker docker-cli-compose >/dev/null 2>&1
+        rc-update add docker default >/dev/null 2>&1
+        service docker start >/dev/null 2>&1
+        if ! [ -x "$(command -v docker)" ]; then
+            echo " - Failed to install Docker with apk. Try to install it manually."
+            echo "   Please visit https://wiki.alpinelinux.org/wiki/Docker for more information."
+            exit 1
+        fi
+        ;;
+    "arch")
+        pacman -Sy docker docker-compose --noconfirm >/dev/null 2>&1
+        systemctl enable docker.service >/dev/null 2>&1
+        if ! [ -x "$(command -v docker)" ]; then
+            echo " - Failed to install Docker with pacman. Try to install it manually."
+            echo "   Please visit https://wiki.archlinux.org/title/docker for more information."
+            exit 1
+        fi
+        ;;
+    "amzn")
+        dnf install docker -y >/dev/null 2>&1
+        DOCKER_CONFIG=${DOCKER_CONFIG:-/usr/local/lib/docker}
+        mkdir -p $DOCKER_CONFIG/cli-plugins >/dev/null 2>&1
+        curl -sL https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m) -o $DOCKER_CONFIG/cli-plugins/docker-compose >/dev/null 2>&1
+        chmod +x $DOCKER_CONFIG/cli-plugins/docker-compose >/dev/null 2>&1
+        systemctl start docker >/dev/null 2>&1
+        systemctl enable docker >/dev/null 2>&1
+        if ! [ -x "$(command -v docker)" ]; then
+            echo " - Failed to install Docker with dnf. Try to install it manually."
+            echo "   Please visit https://www.cyberciti.biz/faq/how-to-install-docker-on-amazon-linux-2/ for more information."
+            exit 1
+        fi
+        ;;
+    "fedora")
+        if [ -x "$(command -v dnf5)" ]; then
+            # dnf5 is available
+            dnf config-manager addrepo --from-repofile=https://download.docker.com/linux/fedora/docker-ce.repo --overwrite >/dev/null 2>&1
+        else
+            # dnf5 is not available, use dnf
+            dnf config-manager --add-repo=https://download.docker.com/linux/fedora/docker-ce.repo >/dev/null 2>&1
+        fi
+        dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin >/dev/null 2>&1
+        if ! [ -x "$(command -v docker)" ]; then
+            echo " - Docker could not be installed automatically. Please visit https://docs.docker.com/engine/install/ and install Docker manually to continue."
+            exit 1
+        fi
+        systemctl start docker >/dev/null 2>&1
+        systemctl enable docker >/dev/null 2>&1
+        ;;
+    *)
+        if [ "$OS_TYPE" = "ubuntu" ] && [ "$OS_VERSION" = "24.10" ]; then
+            echo "Docker automated installation is not supported on Ubuntu 24.10 (non-LTS release)."
+            echo "Please install Docker manually."
+            exit 1
+        fi
+        curl -s https://releases.rancher.com/install-docker/${DOCKER_VERSION}.sh | sh 2>&1
+        if ! [ -x "$(command -v docker)" ]; then
+            curl -s https://get.docker.com | sh -s -- --version ${DOCKER_VERSION} 2>&1
+            if ! [ -x "$(command -v docker)" ]; then
+                echo " - Docker installation failed."
+                echo "   Maybe your OS is not supported?"
+                echo " - Please visit https://docs.docker.com/engine/install/ and install Docker manually to continue."
+                exit 1
+            fi
+        fi
+        ;;
+    esac
+    echo " - Docker installed successfully."
+else
+    echo " - Docker is installed."
+fi
+
+echo -e "4. Check Docker Configuration. "
+mkdir -p /etc/docker
+# shellcheck disable=SC2015
+test -s /etc/docker/daemon.json && cp /etc/docker/daemon.json /etc/docker/daemon.json.original-"$DATE" || cat >/etc/docker/daemon.json <<EOL
+{
+  "log-driver": "json-file",
+  "log-opts": {
+    "max-size": "10m",
+    "max-file": "3"
+  },
+  "default-address-pools": [
+    {"base":"10.0.0.0/8","size":24}
+  ]
+}
+EOL
+cat >/etc/docker/daemon.json.coolify <<EOL
+{
+  "log-driver": "json-file",
+  "log-opts": {
+    "max-size": "10m",
+    "max-file": "3"
+  },
+  "default-address-pools": [
+    {"base":"10.0.0.0/8","size":24}
+  ]
+}
+EOL
+TEMP_FILE=$(mktemp)
+if ! jq -s '.[0] * .[1]' /etc/docker/daemon.json /etc/docker/daemon.json.coolify >"$TEMP_FILE"; then
+    echo "Error merging JSON files"
+    exit 1
+fi
+mv "$TEMP_FILE" /etc/docker/daemon.json
+
+restart_docker_service() {
+    # Check if systemctl is available
+    if command -v systemctl >/dev/null 2>&1; then
+        echo " - Using systemctl to restart Docker."
+        systemctl restart docker
+
+        if [ $? -eq 0 ]; then
+            echo " - Docker restarted successfully using systemctl."
+        else
+            echo " - Failed to restart Docker using systemctl."
+            return 1
+        fi
+
+    # Check if service command is available
+    elif command -v service >/dev/null 2>&1; then
+        echo " - Using service command to restart Docker."
+        service docker restart
+
+        if [ $? -eq 0 ]; then
+            echo " - Docker restarted successfully using service."
+        else
+            echo " - Failed to restart Docker using service."
+            return 1
+        fi
+
+    # If neither systemctl nor service is available
+    else
+        echo " - Neither systemctl nor service command is available on this system."
+        return 1
+    fi
+}
+
+if [ -s /etc/docker/daemon.json.original-"$DATE" ]; then
+    DIFF=$(diff <(jq --sort-keys . /etc/docker/daemon.json) <(jq --sort-keys . /etc/docker/daemon.json.original-"$DATE"))
+    if [ "$DIFF" != "" ]; then
+        echo " - Docker configuration updated, restart docker daemon..."
+        restart_docker_service
+    else
+        echo " - Docker configuration is up to date."
+    fi
+else
+    echo " - Docker configuration updated, restart docker daemon..."
+    restart_docker_service
+fi
+
+echo -e "5. Download required files from CDN. "
+curl -fsSL $CDN/docker-compose.yml -o /data/coolify/source/docker-compose.yml
+curl -fsSL $CDN/docker-compose.prod.yml -o /data/coolify/source/docker-compose.prod.yml
+curl -fsSL $CDN/.env.production -o /data/coolify/source/.env.production
+curl -fsSL $CDN/upgrade.sh -o /data/coolify/source/upgrade.sh
+
+echo -e "6. Make backup of .env to .env-$DATE"
+
+# Copy .env.example if .env does not exist
+if [ -f $ENV_FILE ]; then
+    cp $ENV_FILE $ENV_FILE-$DATE
+else
+    echo " - File does not exist: $ENV_FILE"
+    echo " - Copying .env.production to .env-$DATE"
+    cp /data/coolify/source/.env.production $ENV_FILE-$DATE
+    # Generate a secure APP_ID and APP_KEY
+    sed -i "s|^APP_ID=.*|APP_ID=$(openssl rand -hex 16)|" "$ENV_FILE-$DATE"
+    sed -i "s|^APP_KEY=.*|APP_KEY=base64:$(openssl rand -base64 32)|" "$ENV_FILE-$DATE"
+
+    # Generate a secure Postgres DB username and password
+    # Causes issues: database "random-user" does not exist
+    # sed -i "s|^DB_USERNAME=.*|DB_USERNAME=$(openssl rand -hex 16)|" "$ENV_FILE-$DATE"
+    sed -i "s|^DB_PASSWORD=.*|DB_PASSWORD=$(openssl rand -base64 32)|" "$ENV_FILE-$DATE"
+
+    # Generate a secure Redis password
+    sed -i "s|^REDIS_PASSWORD=.*|REDIS_PASSWORD=$(openssl rand -base64 32)|" "$ENV_FILE-$DATE"
+
+    # Generate secure Pusher credentials
+    sed -i "s|^PUSHER_APP_ID=.*|PUSHER_APP_ID=$(openssl rand -hex 32)|" "$ENV_FILE-$DATE"
+    sed -i "s|^PUSHER_APP_KEY=.*|PUSHER_APP_KEY=$(openssl rand -hex 32)|" "$ENV_FILE-$DATE"
+    sed -i "s|^PUSHER_APP_SECRET=.*|PUSHER_APP_SECRET=$(openssl rand -hex 32)|" "$ENV_FILE-$DATE"
+fi
+
+# Add default root user credentials from environment variables
+if [ -n "$ROOT_USERNAME" ] && [ -n "$ROOT_USER_EMAIL" ] && [ -n "$ROOT_USER_PASSWORD" ]; then
+    if grep -q "^ROOT_USERNAME=" "$ENV_FILE-$DATE"; then
+        sed -i "s|^ROOT_USERNAME=.*|ROOT_USERNAME=$ROOT_USERNAME|" "$ENV_FILE-$DATE"
+    fi
+    if grep -q "^ROOT_USER_EMAIL=" "$ENV_FILE-$DATE"; then
+        sed -i "s|^ROOT_USER_EMAIL=.*|ROOT_USER_EMAIL=$ROOT_USER_EMAIL|" "$ENV_FILE-$DATE"
+    fi
+    if grep -q "^ROOT_USER_PASSWORD=" "$ENV_FILE-$DATE"; then
+        sed -i "s|^ROOT_USER_PASSWORD=.*|ROOT_USER_PASSWORD=$ROOT_USER_PASSWORD|" "$ENV_FILE-$DATE"
+    fi
+fi
+
+# Merge .env and .env.production. New values will be added to .env
+echo -e "7. Propagating .env with new values - if necessary."
+awk -F '=' '!seen[$1]++' "$ENV_FILE-$DATE" /data/coolify/source/.env.production >$ENV_FILE
+
+if [ "$AUTOUPDATE" = "false" ]; then
+    if ! grep -q "AUTOUPDATE=" /data/coolify/source/.env; then
+        echo "AUTOUPDATE=false" >>/data/coolify/source/.env
+    else
+        sed -i "s|AUTOUPDATE=.*|AUTOUPDATE=false|g" /data/coolify/source/.env
+    fi
+fi
+echo -e "8. Checking for SSH key for localhost access."
+if [ ! -f ~/.ssh/authorized_keys ]; then
+    mkdir -p ~/.ssh
+    chmod 700 ~/.ssh
+    touch ~/.ssh/authorized_keys
+    chmod 600 ~/.ssh/authorized_keys
+fi
+
+set +e
+IS_COOLIFY_VOLUME_EXISTS=$(docker volume ls | grep coolify-db | wc -l)
+set -e
+
+if [ "$IS_COOLIFY_VOLUME_EXISTS" -eq 0 ]; then
+    echo " - Generating SSH key."
+    ssh-keygen -t ed25519 -a 100 -f /data/coolify/ssh/keys/id.$CURRENT_USER@host.docker.internal -q -N "" -C coolify
+    chown 9999 /data/coolify/ssh/keys/id.$CURRENT_USER@host.docker.internal
+    sed -i "/coolify/d" ~/.ssh/authorized_keys
+    cat /data/coolify/ssh/keys/id.$CURRENT_USER@host.docker.internal.pub >>~/.ssh/authorized_keys
+    rm -f /data/coolify/ssh/keys/id.$CURRENT_USER@host.docker.internal.pub
+fi
+
+chown -R 9999:root /data/coolify
+chmod -R 700 /data/coolify
+
+echo -e "9. Installing Coolify ($LATEST_VERSION)"
+echo -e " - It could take a while based on your server's performance, network speed, stars, etc."
+echo -e " - Please wait."
+getAJoke
+
+bash /data/coolify/source/upgrade.sh "${LATEST_VERSION:-latest}" "${LATEST_HELPER_VERSION:-latest}"
+echo " - Coolify installed successfully."
+rm -f $ENV_FILE-$DATE
+
+echo " - Waiting for 20 seconds for Coolify (database migrations) to be ready."
+getAJoke
+
+sleep 20
+echo -e "\033[0;35m
+   ____                            _         _       _   _                 _
+  / ___|___  _ __   __ _ _ __ __ _| |_ _   _| | __ _| |_(_) ___  _ __  ___| |
+ | |   / _ \| '_ \ / _\` | '__/ _\` | __| | | | |/ _\` | __| |/ _ \| '_ \/ __| |
+ | |__| (_) | | | | (_| | | | (_| | |_| |_| | | (_| | |_| | (_) | | | \__ \_|
+  \____\___/|_| |_|\__, |_|  \__,_|\__|\__,_|_|\__,_|\__|_|\___/|_| |_|___(_)
+                   |___/
+\033[0m"
+echo -e "\nYour instance is ready to use!\n"
+echo -e "You can access Coolify through your Public IP: http://$(curl -4s https://ifconfig.io):8000"
+
+set +e
+DEFAULT_PRIVATE_IP=$(ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p')
+PRIVATE_IPS=$(hostname -I 2>/dev/null || ip -o addr show scope global | awk '{print $4}' | cut -d/ -f1)
+set -e
+
+if [ -n "$PRIVATE_IPS" ]; then
+    echo -e "\nIf your Public IP is not accessible, you can use the following Private IPs:\n"
+    for IP in $PRIVATE_IPS; do
+        if [ "$IP" != "$DEFAULT_PRIVATE_IP" ]; then
+            echo -e "http://$IP:8000"
+        fi
+    done
+fi
+echo -e "\nWARNING: It is highly recommended to backup your Environment variables file (/data/coolify/source/.env) to a safe location, outside of this server (e.g. into a Password Manager).\n"
+cp /data/coolify/source/.env /data/coolify/source/.env.backup
diff --git a/scripts/install-1.7.sh b/scripts/install-1.7.sh
old mode 100644
new mode 100755
index 4c6eba4d6..282ecc669
--- a/scripts/install-1.7.sh
+++ b/scripts/install-1.7.sh
@@ -1,6 +1,15 @@
 #!/bin/bash
 ## Do not modify this file. You will lose the ability to install and auto-update!
 
+## Environment variables that can be set:
+## ROOT_USERNAME - Predefined root username
+## ROOT_USER_EMAIL - Predefined root user email
+## ROOT_USER_PASSWORD - Predefined root user password
+## DOCKER_ADDRESS_POOL_BASE - Custom Docker address pool base (default: 10.0.0.0/8)
+## DOCKER_ADDRESS_POOL_SIZE - Custom Docker address pool size (default: 24)
+## DOCKER_POOL_FORCE_OVERRIDE - Force override Docker address pool configuration (default: false)
+## AUTOUPDATE - Set to "false" to disable auto-updates
+
 set -e # Exit immediately if a command exits with a non-zero status
 ## $1 could be empty, so we need to disable this check
 #set -u # Treat unset variables as an error and exit
@@ -27,6 +36,144 @@ ROOT_USERNAME=${ROOT_USERNAME:-}
 ROOT_USER_EMAIL=${ROOT_USER_EMAIL:-}
 ROOT_USER_PASSWORD=${ROOT_USER_PASSWORD:-}
 
+# Docker address pool configuration defaults
+DOCKER_ADDRESS_POOL_BASE_DEFAULT="10.0.0.0/8"
+DOCKER_ADDRESS_POOL_SIZE_DEFAULT=24
+
+# Check if environment variables were explicitly provided
+DOCKER_POOL_BASE_PROVIDED=false
+DOCKER_POOL_SIZE_PROVIDED=false
+DOCKER_POOL_FORCE_OVERRIDE=${DOCKER_POOL_FORCE_OVERRIDE:-false}
+
+if [ -n "${DOCKER_ADDRESS_POOL_BASE+x}" ]; then
+    DOCKER_POOL_BASE_PROVIDED=true
+fi
+
+if [ -n "${DOCKER_ADDRESS_POOL_SIZE+x}" ]; then
+    DOCKER_POOL_SIZE_PROVIDED=true
+fi
+
+restart_docker_service() {
+    # Check if systemctl is available
+    if command -v systemctl >/dev/null 2>&1; then
+        systemctl restart docker
+        if [ $? -eq 0 ]; then
+            echo " - Docker daemon restarted successfully"
+        else
+            echo " - Failed to restart Docker daemon"
+            return 1
+        fi
+    # Check if service command is available
+    elif command -v service >/dev/null 2>&1; then
+        service docker restart
+        if [ $? -eq 0 ]; then
+            echo " - Docker daemon restarted successfully"
+        else
+            echo " - Failed to restart Docker daemon"
+            return 1
+        fi
+    # If neither systemctl nor service is available
+    else
+        echo " - Error: No service management system found"
+        return 1
+    fi
+}
+
+# Function to compare address pools
+compare_address_pools() {
+    local base1="$1"
+    local size1="$2"
+    local base2="$3"
+    local size2="$4"
+
+    # Normalize CIDR notation for comparison
+    local ip1=$(echo "$base1" | cut -d'/' -f1)
+    local prefix1=$(echo "$base1" | cut -d'/' -f2)
+    local ip2=$(echo "$base2" | cut -d'/' -f1)
+    local prefix2=$(echo "$base2" | cut -d'/' -f2)
+
+    # Compare IPs and prefixes
+    if [ "$ip1" = "$ip2" ] && [ "$prefix1" = "$prefix2" ] && [ "$size1" = "$size2" ]; then
+        return 0 # Pools are the same
+    else
+        return 1 # Pools are different
+    fi
+}
+
+# Docker address pool configuration
+DOCKER_ADDRESS_POOL_BASE=${DOCKER_ADDRESS_POOL_BASE:-"$DOCKER_ADDRESS_POOL_BASE_DEFAULT"}
+DOCKER_ADDRESS_POOL_SIZE=${DOCKER_ADDRESS_POOL_SIZE:-$DOCKER_ADDRESS_POOL_SIZE_DEFAULT}
+
+# Load Docker address pool configuration from .env file if it exists and environment variables were not provided
+if [ -f "/data/coolify/source/.env" ] && [ "$DOCKER_POOL_BASE_PROVIDED" = false ] && [ "$DOCKER_POOL_SIZE_PROVIDED" = false ]; then
+    ENV_DOCKER_ADDRESS_POOL_BASE=$(grep -E "^DOCKER_ADDRESS_POOL_BASE=" /data/coolify/source/.env | cut -d '=' -f2)
+    ENV_DOCKER_ADDRESS_POOL_SIZE=$(grep -E "^DOCKER_ADDRESS_POOL_SIZE=" /data/coolify/source/.env | cut -d '=' -f2)
+
+    if [ -n "$ENV_DOCKER_ADDRESS_POOL_BASE" ]; then
+        DOCKER_ADDRESS_POOL_BASE="$ENV_DOCKER_ADDRESS_POOL_BASE"
+    fi
+
+    if [ -n "$ENV_DOCKER_ADDRESS_POOL_SIZE" ]; then
+        DOCKER_ADDRESS_POOL_SIZE="$ENV_DOCKER_ADDRESS_POOL_SIZE"
+    fi
+fi
+
+# Check if daemon.json exists and extract existing address pool configuration
+EXISTING_POOL_CONFIGURED=false
+if [ -f /etc/docker/daemon.json ]; then
+    if jq -e '.["default-address-pools"]' /etc/docker/daemon.json >/dev/null 2>&1; then
+        EXISTING_POOL_BASE=$(jq -r '.["default-address-pools"][0].base' /etc/docker/daemon.json 2>/dev/null)
+        EXISTING_POOL_SIZE=$(jq -r '.["default-address-pools"][0].size' /etc/docker/daemon.json 2>/dev/null)
+
+        if [ -n "$EXISTING_POOL_BASE" ] && [ -n "$EXISTING_POOL_SIZE" ] && [ "$EXISTING_POOL_BASE" != "null" ] && [ "$EXISTING_POOL_SIZE" != "null" ]; then
+            echo "Found existing Docker network pool: $EXISTING_POOL_BASE/$EXISTING_POOL_SIZE"
+            EXISTING_POOL_CONFIGURED=true
+
+            # Check if environment variables were explicitly provided
+            if [ "$DOCKER_POOL_BASE_PROVIDED" = false ] && [ "$DOCKER_POOL_SIZE_PROVIDED" = false ]; then
+                DOCKER_ADDRESS_POOL_BASE="$EXISTING_POOL_BASE"
+                DOCKER_ADDRESS_POOL_SIZE="$EXISTING_POOL_SIZE"
+            else
+                # Check if force override is enabled
+                if [ "$DOCKER_POOL_FORCE_OVERRIDE" = true ]; then
+                    echo "Force override enabled - network pool will be updated with $DOCKER_ADDRESS_POOL_BASE/$DOCKER_ADDRESS_POOL_SIZE."
+                else
+                    echo "Custom pool provided but force override not enabled - using existing configuration."
+                    echo "To force override, set DOCKER_POOL_FORCE_OVERRIDE=true"
+                    echo "This won't change the existing docker networks, only the pool configuration for the newly created networks."
+                    DOCKER_ADDRESS_POOL_BASE="$EXISTING_POOL_BASE"
+                    DOCKER_ADDRESS_POOL_SIZE="$EXISTING_POOL_SIZE"
+                    DOCKER_POOL_BASE_PROVIDED=false
+                    DOCKER_POOL_SIZE_PROVIDED=false
+                fi
+            fi
+        fi
+    fi
+fi
+
+# Validate Docker address pool configuration
+if ! [[ $DOCKER_ADDRESS_POOL_BASE =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/[0-9]+$ ]]; then
+    echo "Warning: Invalid network pool base format: $DOCKER_ADDRESS_POOL_BASE"
+    if [ "$EXISTING_POOL_CONFIGURED" = true ]; then
+        echo "Using existing configuration: $EXISTING_POOL_BASE"
+        DOCKER_ADDRESS_POOL_BASE="$EXISTING_POOL_BASE"
+    else
+        echo "Using default configuration: $DOCKER_ADDRESS_POOL_BASE_DEFAULT"
+        DOCKER_ADDRESS_POOL_BASE="$DOCKER_ADDRESS_POOL_BASE_DEFAULT"
+    fi
+fi
+
+if ! [[ $DOCKER_ADDRESS_POOL_SIZE =~ ^[0-9]+$ ]] || [ "$DOCKER_ADDRESS_POOL_SIZE" -lt 16 ] || [ "$DOCKER_ADDRESS_POOL_SIZE" -gt 28 ]; then
+    echo "Warning: Invalid network pool size: $DOCKER_ADDRESS_POOL_SIZE (must be 16-28)"
+    if [ "$EXISTING_POOL_CONFIGURED" = true ]; then
+        echo "Using existing configuration: $EXISTING_POOL_SIZE"
+        DOCKER_ADDRESS_POOL_SIZE="$EXISTING_POOL_SIZE"
+    else
+        echo "Using default configuration: $DOCKER_ADDRESS_POOL_SIZE_DEFAULT"
+        DOCKER_ADDRESS_POOL_SIZE=$DOCKER_ADDRESS_POOL_SIZE_DEFAULT
+    fi
+fi
+
 TOTAL_SPACE=$(df -BG / | awk 'NR==2 {print $2}' | sed 's/G//')
 AVAILABLE_SPACE=$(df -BG / | awk 'NR==2 {print $4}' | sed 's/G//')
 REQUIRED_TOTAL_SPACE=30
@@ -35,7 +182,7 @@ WARNING_SPACE=false
 
 if [ "$TOTAL_SPACE" -lt "$REQUIRED_TOTAL_SPACE" ]; then
     WARNING_SPACE=true
-    cat << EOF
+    cat <<EOF
 WARNING: Insufficient total disk space!
 
 Total disk space:     ${TOTAL_SPACE}GB
@@ -46,7 +193,7 @@ EOF
 fi
 
 if [ "$AVAILABLE_SPACE" -lt "$REQUIRED_AVAILABLE_SPACE" ]; then
-    cat << EOF
+    cat <<EOF
 WARNING: Insufficient available disk space!
 
 Available disk space:   ${AVAILABLE_SPACE}GB
@@ -54,7 +201,7 @@ Required available space: ${REQUIRED_AVAILABLE_SPACE}GB
 
 ==================
 EOF
-WARNING_SPACE=true
+    WARNING_SPACE=true
 fi
 
 if [ "$WARNING_SPACE" = true ]; then
@@ -136,7 +283,6 @@ if [ -z "$LATEST_REALTIME_VERSION" ]; then
     LATEST_REALTIME_VERSION=latest
 fi
 
-
 case "$OS_TYPE" in
 arch | ubuntu | debian | raspbian | centos | fedora | rhel | ol | rocky | sles | opensuse-leap | opensuse-tumbleweed | almalinux | amzn | alpine) ;;
 *)
@@ -152,14 +298,13 @@ if [ "$1" != "" ]; then
     LATEST_VERSION="${LATEST_VERSION#v}"
 fi
 
-
-
 echo -e "---------------------------------------------"
 echo "| Operating System  | $OS_TYPE $OS_VERSION"
 echo "| Docker            | $DOCKER_VERSION"
 echo "| Coolify           | $LATEST_VERSION"
 echo "| Helper            | $LATEST_HELPER_VERSION"
 echo "| Realtime          | $LATEST_REALTIME_VERSION"
+echo "| Docker Pool       | $DOCKER_ADDRESS_POOL_BASE (size $DOCKER_ADDRESS_POOL_SIZE)"
 echo -e "---------------------------------------------\n"
 echo -e "1. Installing required packages (curl, wget, git, jq, openssl). "
 
@@ -199,7 +344,6 @@ sles | opensuse-leap | opensuse-tumbleweed)
     ;;
 esac
 
-
 echo -e "2. Check OpenSSH server configuration. "
 
 # Detect OpenSSH server
@@ -222,7 +366,6 @@ elif [ -x "$(command -v service)" ]; then
     fi
 fi
 
-
 if [ "$SSH_DETECTED" = "false" ]; then
     echo " - OpenSSH server not detected. Installing OpenSSH server."
     case "$OS_TYPE" in
@@ -293,81 +436,82 @@ if ! [ -x "$(command -v docker)" ]; then
     echo " - Docker is not installed. Installing Docker. It may take a while."
     getAJoke
     case "$OS_TYPE" in
-        "almalinux")
-            dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo >/dev/null 2>&1
-            dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin >/dev/null 2>&1
+    "almalinux")
+        dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo >/dev/null 2>&1
+        dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin >/dev/null 2>&1
+        if ! [ -x "$(command -v docker)" ]; then
+            echo " - Docker could not be installed automatically. Please visit https://docs.docker.com/engine/install/ and install Docker manually to continue."
+            exit 1
+        fi
+        systemctl start docker >/dev/null 2>&1
+        systemctl enable docker >/dev/null 2>&1
+        ;;
+    "alpine")
+        apk add docker docker-cli-compose >/dev/null 2>&1
+        rc-update add docker default >/dev/null 2>&1
+        service docker start >/dev/null 2>&1
+        if ! [ -x "$(command -v docker)" ]; then
+            echo " - Failed to install Docker with apk. Try to install it manually."
+            echo "   Please visit https://wiki.alpinelinux.org/wiki/Docker for more information."
+            exit 1
+        fi
+        ;;
+    "arch")
+        pacman -Sy docker docker-compose --noconfirm >/dev/null 2>&1
+        systemctl enable docker.service >/dev/null 2>&1
+        if ! [ -x "$(command -v docker)" ]; then
+            echo " - Failed to install Docker with pacman. Try to install it manually."
+            echo "   Please visit https://wiki.archlinux.org/title/docker for more information."
+            exit 1
+        fi
+        ;;
+    "amzn")
+        dnf install docker -y >/dev/null 2>&1
+        DOCKER_CONFIG=${DOCKER_CONFIG:-/usr/local/lib/docker}
+        mkdir -p $DOCKER_CONFIG/cli-plugins >/dev/null 2>&1
+        curl -sL https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m) -o $DOCKER_CONFIG/cli-plugins/docker-compose >/dev/null 2>&1
+        chmod +x $DOCKER_CONFIG/cli-plugins/docker-compose >/dev/null 2>&1
+        systemctl start docker >/dev/null 2>&1
+        systemctl enable docker >/dev/null 2>&1
+        if ! [ -x "$(command -v docker)" ]; then
+            echo " - Failed to install Docker with dnf. Try to install it manually."
+            echo "   Please visit https://www.cyberciti.biz/faq/how-to-install-docker-on-amazon-linux-2/ for more information."
+            exit 1
+        fi
+        ;;
+    "centos" | "fedora" | "rhel")
+        if [ -x "$(command -v dnf5)" ]; then
+            # dnf5 is available
+            dnf config-manager addrepo --from-repofile=https://download.docker.com/linux/$OS_TYPE/docker-ce.repo --overwrite >/dev/null 2>&1
+        else
+            # dnf5 is not available, use dnf
+            dnf config-manager --add-repo=https://download.docker.com/linux/$OS_TYPE/docker-ce.repo >/dev/null 2>&1
+        fi
+        dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin >/dev/null 2>&1
+        if ! [ -x "$(command -v docker)" ]; then
+            echo " - Docker could not be installed automatically. Please visit https://docs.docker.com/engine/install/ and install Docker manually to continue."
+            exit 1
+        fi
+        systemctl start docker >/dev/null 2>&1
+        systemctl enable docker >/dev/null 2>&1
+        ;;
+    *)
+        if [ "$OS_TYPE" = "ubuntu" ] && [ "$OS_VERSION" = "24.10" ]; then
+            echo "Docker automated installation is not supported on Ubuntu 24.10 (non-LTS release)."
+            echo "Please install Docker manually."
+            exit 1
+        fi
+        curl -s https://releases.rancher.com/install-docker/${DOCKER_VERSION}.sh | sh 2>&1
+        if ! [ -x "$(command -v docker)" ]; then
+            curl -s https://get.docker.com | sh -s -- --version ${DOCKER_VERSION} 2>&1
             if ! [ -x "$(command -v docker)" ]; then
-                echo " - Docker could not be installed automatically. Please visit https://docs.docker.com/engine/install/ and install Docker manually to continue."
+                echo " - Docker installation failed."
+                echo "   Maybe your OS is not supported?"
+                echo " - Please visit https://docs.docker.com/engine/install/ and install Docker manually to continue."
                 exit 1
             fi
-            systemctl start docker >/dev/null 2>&1
-            systemctl enable docker >/dev/null 2>&1
-            ;;
-        "alpine")
-            apk add docker docker-cli-compose >/dev/null 2>&1
-            rc-update add docker default >/dev/null 2>&1
-            service docker start >/dev/null 2>&1
-            if ! [ -x "$(command -v docker)" ]; then
-                echo " - Failed to install Docker with apk. Try to install it manually."
-                echo "   Please visit https://wiki.alpinelinux.org/wiki/Docker for more information."
-                exit 1
-            fi
-            ;;
-        "arch")
-            pacman -Sy docker docker-compose --noconfirm >/dev/null 2>&1
-            systemctl enable docker.service >/dev/null 2>&1
-            if ! [ -x "$(command -v docker)" ]; then
-                echo " - Failed to install Docker with pacman. Try to install it manually."
-                echo "   Please visit https://wiki.archlinux.org/title/docker for more information."
-                exit 1
-            fi
-            ;;
-        "amzn")
-            dnf install docker -y >/dev/null 2>&1
-            DOCKER_CONFIG=${DOCKER_CONFIG:-/usr/local/lib/docker}
-            mkdir -p $DOCKER_CONFIG/cli-plugins >/dev/null 2>&1
-            curl -sL https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m) -o $DOCKER_CONFIG/cli-plugins/docker-compose >/dev/null 2>&1
-            chmod +x $DOCKER_CONFIG/cli-plugins/docker-compose >/dev/null 2>&1
-            systemctl start docker >/dev/null 2>&1
-            systemctl enable docker >/dev/null 2>&1
-            if ! [ -x "$(command -v docker)" ]; then
-                echo " - Failed to install Docker with dnf. Try to install it manually."
-                echo "   Please visit https://www.cyberciti.biz/faq/how-to-install-docker-on-amazon-linux-2/ for more information."
-                exit 1
-            fi
-            ;;
-        "fedora")
-            if [ -x "$(command -v dnf5)" ]; then
-                # dnf5 is available
-                dnf config-manager addrepo --from-repofile=https://download.docker.com/linux/fedora/docker-ce.repo --overwrite >/dev/null 2>&1
-            else
-                # dnf5 is not available, use dnf
-                dnf config-manager --add-repo=https://download.docker.com/linux/fedora/docker-ce.repo >/dev/null 2>&1
-            fi
-            dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin >/dev/null 2>&1
-            if ! [ -x "$(command -v docker)" ]; then
-                echo " - Docker could not be installed automatically. Please visit https://docs.docker.com/engine/install/ and install Docker manually to continue."
-                exit 1
-            fi
-            systemctl start docker >/dev/null 2>&1
-            systemctl enable docker >/dev/null 2>&1
-            ;;
-        *)
-            if [ "$OS_TYPE" = "ubuntu" ] && [ "$OS_VERSION" = "24.10" ]; then
-                echo "Docker automated installation is not supported on Ubuntu 24.10 (non-LTS release)."
-                    echo "Please install Docker manually."
-                exit 1
-            fi
-            curl -s https://releases.rancher.com/install-docker/${DOCKER_VERSION}.sh | sh 2>&1
-            if ! [ -x "$(command -v docker)" ]; then
-                curl -s https://get.docker.com | sh -s -- --version ${DOCKER_VERSION} 2>&1
-                if ! [ -x "$(command -v docker)" ]; then
-                    echo " - Docker installation failed."
-                    echo "   Maybe your OS is not supported?"
-                    echo " - Please visit https://docs.docker.com/engine/install/ and install Docker manually to continue."
-                    exit 1
-                fi
-            fi
+        fi
+        ;;
     esac
     echo " - Docker installed successfully."
 else
@@ -375,82 +519,132 @@ else
 fi
 
 echo -e "4. Check Docker Configuration. "
+
+echo " - Network pool configuration: ${DOCKER_ADDRESS_POOL_BASE}/${DOCKER_ADDRESS_POOL_SIZE}"
+echo " - To override existing configuration: DOCKER_POOL_FORCE_OVERRIDE=true"
+
 mkdir -p /etc/docker
-# shellcheck disable=SC2015
-test -s /etc/docker/daemon.json && cp /etc/docker/daemon.json /etc/docker/daemon.json.original-"$DATE" || cat >/etc/docker/daemon.json <<EOL
-{
-  "log-driver": "json-file",
-  "log-opts": {
-    "max-size": "10m",
-    "max-file": "3"
-  },
-  "default-address-pools": [
-    {"base":"10.0.0.0/8","size":24}
-  ]
-}
-EOL
-cat >/etc/docker/daemon.json.coolify <<EOL
-{
-  "log-driver": "json-file",
-  "log-opts": {
-    "max-size": "10m",
-    "max-file": "3"
-  },
-  "default-address-pools": [
-    {"base":"10.0.0.0/8","size":24}
-  ]
-}
-EOL
-TEMP_FILE=$(mktemp)
-if ! jq -s '.[0] * .[1]' /etc/docker/daemon.json /etc/docker/daemon.json.coolify >"$TEMP_FILE"; then
-    echo "Error merging JSON files"
-    exit 1
+
+# Backup original daemon.json if it exists
+if [ -f /etc/docker/daemon.json ]; then
+    cp /etc/docker/daemon.json /etc/docker/daemon.json.original-"$DATE"
 fi
-mv "$TEMP_FILE" /etc/docker/daemon.json
 
-restart_docker_service() {
-    # Check if systemctl is available
-    if command -v systemctl >/dev/null 2>&1; then
-        echo " - Using systemctl to restart Docker."
-        systemctl restart docker
+# Create coolify configuration with or without address pools based on whether they were explicitly provided
+if [ "$DOCKER_POOL_FORCE_OVERRIDE" = true ] || [ "$EXISTING_POOL_CONFIGURED" = false ]; then
+    # First check if the configuration would actually change anything
+    if [ -f /etc/docker/daemon.json ]; then
+        CURRENT_POOL_BASE=$(jq -r '.["default-address-pools"][0].base' /etc/docker/daemon.json 2>/dev/null)
+        CURRENT_POOL_SIZE=$(jq -r '.["default-address-pools"][0].size' /etc/docker/daemon.json 2>/dev/null)
 
-        if [ $? -eq 0 ]; then
-            echo " - Docker restarted successfully using systemctl."
+        if [ "$CURRENT_POOL_BASE" = "$DOCKER_ADDRESS_POOL_BASE" ] && [ "$CURRENT_POOL_SIZE" = "$DOCKER_ADDRESS_POOL_SIZE" ]; then
+            echo " - Network pool configuration unchanged, skipping update"
+            NEED_MERGE=false
         else
-            echo " - Failed to restart Docker using systemctl."
-            return 1
-        fi
-
-    # Check if service command is available
-    elif command -v service >/dev/null 2>&1; then
-        echo " - Using service command to restart Docker."
-        service docker restart
-
-        if [ $? -eq 0 ]; then
-            echo " - Docker restarted successfully using service."
-        else
-            echo " - Failed to restart Docker using service."
-            return 1
-        fi
-
-    # If neither systemctl nor service is available
-    else
-        echo " - Neither systemctl nor service command is available on this system."
-        return 1
-    fi
+            # If force override is enabled or no existing configuration exists,
+            # create a new configuration with the specified address pools
+            echo " - Creating new Docker configuration with network pool: ${DOCKER_ADDRESS_POOL_BASE}/${DOCKER_ADDRESS_POOL_SIZE}"
+            cat >/etc/docker/daemon.json <<EOL
+{
+  "log-driver": "json-file",
+  "log-opts": {
+    "max-size": "10m",
+    "max-file": "3"
+  },
+  "default-address-pools": [
+    {"base":"${DOCKER_ADDRESS_POOL_BASE}","size":${DOCKER_ADDRESS_POOL_SIZE}}
+  ]
 }
-
-if [ -s /etc/docker/daemon.json.original-"$DATE" ]; then
-    DIFF=$(diff <(jq --sort-keys . /etc/docker/daemon.json) <(jq --sort-keys . /etc/docker/daemon.json.original-"$DATE"))
-    if [ "$DIFF" != "" ]; then
-        echo " - Docker configuration updated, restart docker daemon..."
-        restart_docker_service
+EOL
+            NEED_MERGE=true
+        fi
     else
-        echo " - Docker configuration is up to date."
+        # No existing configuration, create new one
+        echo " - Creating new Docker configuration with network pool: ${DOCKER_ADDRESS_POOL_BASE}/${DOCKER_ADDRESS_POOL_SIZE}"
+        cat >/etc/docker/daemon.json <<EOL
+{
+  "log-driver": "json-file",
+  "log-opts": {
+    "max-size": "10m",
+    "max-file": "3"
+  },
+  "default-address-pools": [
+    {"base":"${DOCKER_ADDRESS_POOL_BASE}","size":${DOCKER_ADDRESS_POOL_SIZE}}
+  ]
+}
+EOL
+        NEED_MERGE=true
     fi
 else
-    echo " - Docker configuration updated, restart docker daemon..."
-    restart_docker_service
+    # Check if we need to update log settings
+    if [ -f /etc/docker/daemon.json ] && jq -e '.["log-driver"] == "json-file" and .["log-opts"]["max-size"] == "10m" and .["log-opts"]["max-file"] == "3"' /etc/docker/daemon.json >/dev/null 2>&1; then
+        echo " - Log configuration is up to date"
+        NEED_MERGE=false
+    else
+        # Create a configuration without address pools to preserve existing ones
+        cat >/etc/docker/daemon.json.coolify <<EOL
+{
+  "log-driver": "json-file",
+  "log-opts": {
+    "max-size": "10m",
+    "max-file": "3"
+  }
+}
+EOL
+        NEED_MERGE=true
+    fi
+fi
+
+# Remove the duplicate daemon.json creation since we handle it above
+if ! [ -f /etc/docker/daemon.json ]; then
+    # If no daemon.json exists, create it with default settings
+    cat >/etc/docker/daemon.json <<EOL
+{
+  "log-driver": "json-file",
+  "log-opts": {
+    "max-size": "10m",
+    "max-file": "3"
+  },
+  "default-address-pools": [
+    {"base":"${DOCKER_ADDRESS_POOL_BASE}","size":${DOCKER_ADDRESS_POOL_SIZE}}
+  ]
+}
+EOL
+    NEED_MERGE=false
+fi
+
+if [ -s /etc/docker/daemon.json.original-"$DATE" ]; then
+    DIFF=$(diff <(jq --sort-keys . /etc/docker/daemon.json) <(jq --sort-keys . /etc/docker/daemon.json.original-"$DATE") || true)
+    if [ "$DIFF" != "" ]; then
+        echo " - Checking configuration changes..."
+
+        # Check if address pools were changed
+        if echo "$DIFF" | grep -q "default-address-pools"; then
+            if [ "$DOCKER_POOL_BASE_PROVIDED" = true ] || [ "$DOCKER_POOL_SIZE_PROVIDED" = true ]; then
+                echo " - Network pool updated per user request"
+            else
+                echo " - Warning: Network pool modified without explicit request"
+            fi
+        fi
+
+        # Remove this redundant restart since we already restarted when writing the config
+        echo " - Configuration changes confirmed"
+        if [ "$NEED_MERGE" = true ]; then
+            echo " - Configuration updated - restarting Docker daemon..."
+            restart_docker_service
+        else
+            echo " - Configuration is up to date"
+        fi
+    else
+        echo " - Configuration is up to date"
+    fi
+else
+    if [ "$NEED_MERGE" = true ]; then
+        echo " - Configuration updated - restarting Docker daemon..."
+        restart_docker_service
+    else
+        echo " - Configuration is up to date"
+    fi
 fi
 
 echo -e "5. Download required files from CDN. "
@@ -501,7 +695,7 @@ fi
 
 # Merge .env and .env.production. New values will be added to .env
 echo -e "7. Propagating .env with new values - if necessary."
-awk -F '=' '!seen[$1]++' "$ENV_FILE-$DATE" /data/coolify/source/.env.production > $ENV_FILE
+awk -F '=' '!seen[$1]++' "$ENV_FILE-$DATE" /data/coolify/source/.env.production >$ENV_FILE
 
 if [ "$AUTOUPDATE" = "false" ]; then
     if ! grep -q "AUTOUPDATE=" /data/coolify/source/.env; then
@@ -510,6 +704,26 @@ if [ "$AUTOUPDATE" = "false" ]; then
         sed -i "s|AUTOUPDATE=.*|AUTOUPDATE=false|g" /data/coolify/source/.env
     fi
 fi
+
+# Save Docker address pool configuration to .env file
+if ! grep -q "DOCKER_ADDRESS_POOL_BASE=" /data/coolify/source/.env; then
+    echo "DOCKER_ADDRESS_POOL_BASE=$DOCKER_ADDRESS_POOL_BASE" >>/data/coolify/source/.env
+else
+    # Only update if explicitly provided
+    if [ "$DOCKER_POOL_BASE_PROVIDED" = true ]; then
+        sed -i "s|DOCKER_ADDRESS_POOL_BASE=.*|DOCKER_ADDRESS_POOL_BASE=$DOCKER_ADDRESS_POOL_BASE|g" /data/coolify/source/.env
+    fi
+fi
+
+if ! grep -q "DOCKER_ADDRESS_POOL_SIZE=" /data/coolify/source/.env; then
+    echo "DOCKER_ADDRESS_POOL_SIZE=$DOCKER_ADDRESS_POOL_SIZE" >>/data/coolify/source/.env
+else
+    # Only update if explicitly provided
+    if [ "$DOCKER_POOL_SIZE_PROVIDED" = true ]; then
+        sed -i "s|DOCKER_ADDRESS_POOL_SIZE=.*|DOCKER_ADDRESS_POOL_SIZE=$DOCKER_ADDRESS_POOL_SIZE|g" /data/coolify/source/.env
+    fi
+fi
+
 echo -e "8. Checking for SSH key for localhost access."
 if [ ! -f ~/.ssh/authorized_keys ]; then
     mkdir -p ~/.ssh
@@ -527,7 +741,7 @@ if [ "$IS_COOLIFY_VOLUME_EXISTS" -eq 0 ]; then
     ssh-keygen -t ed25519 -a 100 -f /data/coolify/ssh/keys/id.$CURRENT_USER@host.docker.internal -q -N "" -C coolify
     chown 9999 /data/coolify/ssh/keys/id.$CURRENT_USER@host.docker.internal
     sed -i "/coolify/d" ~/.ssh/authorized_keys
-    cat /data/coolify/ssh/keys/id.$CURRENT_USER@host.docker.internal.pub >> ~/.ssh/authorized_keys
+    cat /data/coolify/ssh/keys/id.$CURRENT_USER@host.docker.internal.pub >>~/.ssh/authorized_keys
     rm -f /data/coolify/ssh/keys/id.$CURRENT_USER@host.docker.internal.pub
 fi
 
@@ -572,4 +786,4 @@ if [ -n "$PRIVATE_IPS" ]; then
     done
 fi
 echo -e "\nWARNING: It is highly recommended to backup your Environment variables file (/data/coolify/source/.env) to a safe location, outside of this server (e.g. into a Password Manager).\n"
-cp /data/coolify/source/.env /data/coolify/source/.env.backup
\ No newline at end of file
+cp /data/coolify/source/.env /data/coolify/source/.env.backup

From 57f0a7d4007e5aecd5c0ac5cff81a499274c327d Mon Sep 17 00:00:00 2001
From: Meghea Iulian <iulian.meghea@gmail.com>
Date: Fri, 14 Mar 2025 08:53:24 +0200
Subject: [PATCH 125/145] fix(api): use name from request payload

In POST `/applications/dockercompose`  the `name` parameter is required.
The API thou ignores it and generates its own name for the service.
---
 app/Http/Controllers/Api/ApplicationsController.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/app/Http/Controllers/Api/ApplicationsController.php b/app/Http/Controllers/Api/ApplicationsController.php
index aef19af23..2aa656320 100644
--- a/app/Http/Controllers/Api/ApplicationsController.php
+++ b/app/Http/Controllers/Api/ApplicationsController.php
@@ -1310,7 +1310,6 @@ class ApplicationsController extends Controller
             $service->destination_type = $destination->getMorphClass();
             $service->save();
 
-            $service->name = "service-$service->uuid";
             $service->parse(isNew: true);
             if ($instantDeploy) {
                 StartService::dispatch($service);

From 595370df926b722769b453003b54602e1cbb5f22 Mon Sep 17 00:00:00 2001
From: Andras Bacsai <andras.bacsai@gmail.com>
Date: Fri, 14 Mar 2025 14:55:38 +0100
Subject: [PATCH 126/145] feat(LocalFileVolume): add binary file detection and
 update UI logic

Implemented a new attribute to detect binary files in the LocalFileVolume model, enhancing the file handling capabilities. The isBinary method checks for binary content based on specific criteria, allowing for better management of file types. Additionally, updated the file storage UI to conditionally display conversion options based on the binary status of the file, improving user experience and preventing unintended actions on binary files. These changes contribute to a more robust and user-friendly file management system.
---
 app/Models/LocalFileVolume.php                | 16 ++++++++++++++++
 .../project/service/file-storage.blade.php    | 19 +++++++++++--------
 2 files changed, 27 insertions(+), 8 deletions(-)

diff --git a/app/Models/LocalFileVolume.php b/app/Models/LocalFileVolume.php
index 2c223be77..d96f7125e 100644
--- a/app/Models/LocalFileVolume.php
+++ b/app/Models/LocalFileVolume.php
@@ -3,6 +3,7 @@
 namespace App\Models;
 
 use App\Events\FileStorageChanged;
+use Illuminate\Database\Eloquent\Casts\Attribute;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 
 class LocalFileVolume extends BaseModel
@@ -11,6 +12,8 @@ class LocalFileVolume extends BaseModel
 
     protected $guarded = [];
 
+    public $appends = ['is_binary'];
+
     protected static function booted()
     {
         static::created(function (LocalFileVolume $fileVolume) {
@@ -19,6 +22,15 @@ class LocalFileVolume extends BaseModel
         });
     }
 
+    protected function isBinary(): Attribute
+    {
+        return Attribute::make(
+            get: function () {
+                return $this->content === '[binary file]';
+            }
+        );
+    }
+
     public function service()
     {
         return $this->morphTo('resource');
@@ -44,6 +56,10 @@ class LocalFileVolume extends BaseModel
         $isFile = instant_remote_process(["test -f $path && echo OK || echo NOK"], $server);
         if ($isFile === 'OK') {
             $content = instant_remote_process(["cat $path"], $server, false);
+            // Check if content contains binary data by looking for null bytes or non-printable characters
+            if (str_contains($content, "\0") || preg_match('/[\x00-\x08\x0B\x0C\x0E-\x1F]/', $content)) {
+                $content = '[binary file]';
+            }
             $this->content = $content;
             $this->is_directory = false;
             $this->save();
diff --git a/resources/views/livewire/project/service/file-storage.blade.php b/resources/views/livewire/project/service/file-storage.blade.php
index 550b43c20..e17835429 100644
--- a/resources/views/livewire/project/service/file-storage.blade.php
+++ b/resources/views/livewire/project/service/file-storage.blade.php
@@ -28,12 +28,15 @@
                     confirmationLabel="Please confirm the execution of the actions by entering the Filepath below"
                     shortConfirmationLabel="Filepath" step3ButtonText="Permanently Delete" />
             @else
-                <x-modal-confirmation title="Confirm File Conversion to Directory?" buttonTitle="Convert to directory"
-                    submitAction="convertToDirectory" :actions="[
-                        'The selected file will be permanently deleted and an empty directory will be created in its place.',
-                    ]" confirmationText="{{ $fs_path }}"
-                    confirmationLabel="Please confirm the execution of the actions by entering the Filepath below"
-                    shortConfirmationLabel="Filepath" :confirmWithPassword="false" step2ButtonText="Convert to directory" />
+                @if (!$fileStorage->is_binary)
+                    <x-modal-confirmation title="Confirm File Conversion to Directory?"
+                        buttonTitle="Convert to directory" submitAction="convertToDirectory" :actions="[
+                            'The selected file will be permanently deleted and an empty directory will be created in its place.',
+                        ]"
+                        confirmationText="{{ $fs_path }}"
+                        confirmationLabel="Please confirm the execution of the actions by entering the Filepath below"
+                        shortConfirmationLabel="Filepath" :confirmWithPassword="false" step2ButtonText="Convert to directory" />
+                @endif
                 <x-modal-confirmation title="Confirm File Deletion?" buttonTitle="Delete File" isErrorButton
                     submitAction="delete" :checkboxes="$fileDeletionCheckboxes" :actions="['The selected file will be permanently deleted from the container.']" confirmationText="{{ $fs_path }}"
                     confirmationLabel="Please confirm the execution of the actions by entering the Filepath below"
@@ -66,8 +69,8 @@
             <x-forms.textarea
                 label="{{ $fileStorage->is_based_on_git ? 'Content (refreshed after a successful deployment)' : 'Content' }}"
                 rows="20" id="fileStorage.content"
-                readonly="{{ $fileStorage->is_based_on_git }}"></x-forms.textarea>
-            @if (!$fileStorage->is_based_on_git)
+                readonly="{{ $fileStorage->is_based_on_git || $fileStorage->is_binary }}"></x-forms.textarea>
+            @if (!$fileStorage->is_based_on_git && !$fileStorage->is_binary)
                 <x-forms.button class="w-full" type="submit">Save</x-forms.button>
             @endif
         @endif

From b6cb32c0375a62ebdde318ab53889847a071d284 Mon Sep 17 00:00:00 2001
From: Andras Bacsai <andras.bacsai@gmail.com>
Date: Fri, 14 Mar 2025 15:23:17 +0100
Subject: [PATCH 127/145] fix(install): handle potential errors in Docker
 address pool configuration

---
 other/nightly/install.sh | 8 ++++----
 scripts/install.sh       | 8 ++++----
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/other/nightly/install.sh b/other/nightly/install.sh
index 72780e045..944012f86 100755
--- a/other/nightly/install.sh
+++ b/other/nightly/install.sh
@@ -106,8 +106,8 @@ DOCKER_ADDRESS_POOL_SIZE=${DOCKER_ADDRESS_POOL_SIZE:-$DOCKER_ADDRESS_POOL_SIZE_D
 
 # Load Docker address pool configuration from .env file if it exists and environment variables were not provided
 if [ -f "/data/coolify/source/.env" ] && [ "$DOCKER_POOL_BASE_PROVIDED" = false ] && [ "$DOCKER_POOL_SIZE_PROVIDED" = false ]; then
-    ENV_DOCKER_ADDRESS_POOL_BASE=$(grep -E "^DOCKER_ADDRESS_POOL_BASE=" /data/coolify/source/.env | cut -d '=' -f2)
-    ENV_DOCKER_ADDRESS_POOL_SIZE=$(grep -E "^DOCKER_ADDRESS_POOL_SIZE=" /data/coolify/source/.env | cut -d '=' -f2)
+    ENV_DOCKER_ADDRESS_POOL_BASE=$(grep -E "^DOCKER_ADDRESS_POOL_BASE=" /data/coolify/source/.env | cut -d '=' -f2 || true)
+    ENV_DOCKER_ADDRESS_POOL_SIZE=$(grep -E "^DOCKER_ADDRESS_POOL_SIZE=" /data/coolify/source/.env | cut -d '=' -f2 || true)
 
     if [ -n "$ENV_DOCKER_ADDRESS_POOL_BASE" ]; then
         DOCKER_ADDRESS_POOL_BASE="$ENV_DOCKER_ADDRESS_POOL_BASE"
@@ -122,8 +122,8 @@ fi
 EXISTING_POOL_CONFIGURED=false
 if [ -f /etc/docker/daemon.json ]; then
     if jq -e '.["default-address-pools"]' /etc/docker/daemon.json >/dev/null 2>&1; then
-        EXISTING_POOL_BASE=$(jq -r '.["default-address-pools"][0].base' /etc/docker/daemon.json 2>/dev/null)
-        EXISTING_POOL_SIZE=$(jq -r '.["default-address-pools"][0].size' /etc/docker/daemon.json 2>/dev/null)
+        EXISTING_POOL_BASE=$(jq -r '.["default-address-pools"][0].base' /etc/docker/daemon.json 2>/dev/null || true)
+        EXISTING_POOL_SIZE=$(jq -r '.["default-address-pools"][0].size' /etc/docker/daemon.json 2>/dev/null || true)
 
         if [ -n "$EXISTING_POOL_BASE" ] && [ -n "$EXISTING_POOL_SIZE" ] && [ "$EXISTING_POOL_BASE" != "null" ] && [ "$EXISTING_POOL_SIZE" != "null" ]; then
             echo "Found existing Docker network pool: $EXISTING_POOL_BASE/$EXISTING_POOL_SIZE"
diff --git a/scripts/install.sh b/scripts/install.sh
index a19236974..ba5d4ea14 100755
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -106,8 +106,8 @@ DOCKER_ADDRESS_POOL_SIZE=${DOCKER_ADDRESS_POOL_SIZE:-$DOCKER_ADDRESS_POOL_SIZE_D
 
 # Load Docker address pool configuration from .env file if it exists and environment variables were not provided
 if [ -f "/data/coolify/source/.env" ] && [ "$DOCKER_POOL_BASE_PROVIDED" = false ] && [ "$DOCKER_POOL_SIZE_PROVIDED" = false ]; then
-    ENV_DOCKER_ADDRESS_POOL_BASE=$(grep -E "^DOCKER_ADDRESS_POOL_BASE=" /data/coolify/source/.env | cut -d '=' -f2)
-    ENV_DOCKER_ADDRESS_POOL_SIZE=$(grep -E "^DOCKER_ADDRESS_POOL_SIZE=" /data/coolify/source/.env | cut -d '=' -f2)
+    ENV_DOCKER_ADDRESS_POOL_BASE=$(grep -E "^DOCKER_ADDRESS_POOL_BASE=" /data/coolify/source/.env | cut -d '=' -f2 || true)
+    ENV_DOCKER_ADDRESS_POOL_SIZE=$(grep -E "^DOCKER_ADDRESS_POOL_SIZE=" /data/coolify/source/.env | cut -d '=' -f2 || true)
 
     if [ -n "$ENV_DOCKER_ADDRESS_POOL_BASE" ]; then
         DOCKER_ADDRESS_POOL_BASE="$ENV_DOCKER_ADDRESS_POOL_BASE"
@@ -122,8 +122,8 @@ fi
 EXISTING_POOL_CONFIGURED=false
 if [ -f /etc/docker/daemon.json ]; then
     if jq -e '.["default-address-pools"]' /etc/docker/daemon.json >/dev/null 2>&1; then
-        EXISTING_POOL_BASE=$(jq -r '.["default-address-pools"][0].base' /etc/docker/daemon.json 2>/dev/null)
-        EXISTING_POOL_SIZE=$(jq -r '.["default-address-pools"][0].size' /etc/docker/daemon.json 2>/dev/null)
+        EXISTING_POOL_BASE=$(jq -r '.["default-address-pools"][0].base' /etc/docker/daemon.json 2>/dev/null || true)
+        EXISTING_POOL_SIZE=$(jq -r '.["default-address-pools"][0].size' /etc/docker/daemon.json 2>/dev/null || true)
 
         if [ -n "$EXISTING_POOL_BASE" ] && [ -n "$EXISTING_POOL_SIZE" ] && [ "$EXISTING_POOL_BASE" != "null" ] && [ "$EXISTING_POOL_SIZE" != "null" ]; then
             echo "Found existing Docker network pool: $EXISTING_POOL_BASE/$EXISTING_POOL_SIZE"

From ee93ccd8e7446a6e4d8f531821313bcd5de285e2 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Fri, 14 Mar 2025 15:28:12 +0100
Subject: [PATCH 128/145] fix(backups): retention settings

- If you set a low local backup retention, for example 2 backups for local backup retention and 10 backups for S3, then the S3 backups were never deleted, not even after 10 days. This was because we check the file paths based on the backup executions table, and as soon as a backup was deleted locally, the execution was removed, which meant after 10 days for s3 there where no backups older then 10 days just the 2 local backups which is just wrong. Now we only delete a backup execution if it has been removed from both locations.
- Also added a nice little UI element to see where your backup is available.
---
 bootstrap/helpers/databases.php               | 28 +++++++++---
 ...deletion_tracking_to_backup_executions.php | 19 ++++++++
 .../database/backup-executions.blade.php      | 43 +++++++++++++++++++
 3 files changed, 84 insertions(+), 6 deletions(-)
 create mode 100644 database/migrations/2025_03_14_140150_add_storage_deletion_tracking_to_backup_executions.php

diff --git a/bootstrap/helpers/databases.php b/bootstrap/helpers/databases.php
index f2c069ac4..2fd85337d 100644
--- a/bootstrap/helpers/databases.php
+++ b/bootstrap/helpers/databases.php
@@ -233,15 +233,29 @@ function deleteEmptyBackupFolder($folderPath, Server $server): void
 function removeOldBackups($backup): void
 {
     try {
-        $processedBackups = deleteOldBackupsLocally($backup);
-
-        if ($backup->save_s3) {
-            $processedBackups = $processedBackups->merge(deleteOldBackupsFromS3($backup));
+        if ($backup->executions) {
+            $localBackupsToDelete = deleteOldBackupsLocally($backup);
+            if ($localBackupsToDelete->isNotEmpty()) {
+                $backup->executions()
+                    ->whereIn('id', $localBackupsToDelete->pluck('id'))
+                    ->update(['local_storage_deleted' => true]);
+            }
         }
 
-        if ($processedBackups->isNotEmpty()) {
-            $backup->executions()->whereIn('id', $processedBackups->pluck('id'))->delete();
+        if ($backup->save_s3 && $backup->executions) {
+            $s3BackupsToDelete = deleteOldBackupsFromS3($backup);
+            if ($s3BackupsToDelete->isNotEmpty()) {
+                $backup->executions()
+                    ->whereIn('id', $s3BackupsToDelete->pluck('id'))
+                    ->update(['s3_storage_deleted' => true]);
+            }
         }
+
+        $backup->executions()
+            ->where('local_storage_deleted', true)
+            ->where('s3_storage_deleted', true)
+            ->delete();
+
     } catch (\Exception $e) {
         throw $e;
     }
@@ -255,6 +269,7 @@ function deleteOldBackupsLocally($backup): Collection
 
     $successfulBackups = $backup->executions()
         ->where('status', 'success')
+        ->where('local_storage_deleted', false)
         ->orderBy('created_at', 'desc')
         ->get();
 
@@ -338,6 +353,7 @@ function deleteOldBackupsFromS3($backup): Collection
 
     $successfulBackups = $backup->executions()
         ->where('status', 'success')
+        ->where('s3_storage_deleted', false)
         ->orderBy('created_at', 'desc')
         ->get();
 
diff --git a/database/migrations/2025_03_14_140150_add_storage_deletion_tracking_to_backup_executions.php b/database/migrations/2025_03_14_140150_add_storage_deletion_tracking_to_backup_executions.php
new file mode 100644
index 000000000..c6af6fc49
--- /dev/null
+++ b/database/migrations/2025_03_14_140150_add_storage_deletion_tracking_to_backup_executions.php
@@ -0,0 +1,19 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::table('scheduled_database_backup_executions', function (Blueprint $table) {
+            $table->boolean('local_storage_deleted')->default(false);
+            $table->boolean('s3_storage_deleted')->default(false);
+        });
+    }
+};
diff --git a/resources/views/livewire/project/database/backup-executions.blade.php b/resources/views/livewire/project/database/backup-executions.blade.php
index d13f88e37..6420eb040 100644
--- a/resources/views/livewire/project/database/backup-executions.blade.php
+++ b/resources/views/livewire/project/database/backup-executions.blade.php
@@ -54,6 +54,49 @@
                     <div class="text-gray-600 dark:text-gray-400 text-sm">
                         Location: {{ data_get($execution, 'filename', 'N/A') }}
                     </div>
+                    <div class="flex items-center gap-3 mt-2">
+                        <div class="text-gray-600 dark:text-gray-400 text-sm">
+                            Backup Availability:
+                        </div>
+                        <span @class([
+                            'px-2 py-1 rounded text-xs font-medium',
+                            'bg-green-100 text-green-800 dark:bg-green-900/30 dark:text-green-200' => !data_get($execution, 'local_storage_deleted', false),
+                            'bg-gray-100 text-gray-600 dark:bg-gray-800/50 dark:text-gray-400' => data_get($execution, 'local_storage_deleted', false),
+                        ])>
+                            <span class="flex items-center gap-1">
+                                @if(!data_get($execution, 'local_storage_deleted', false))
+                                    <svg class="w-3 h-3" fill="currentColor" viewBox="0 0 20 20" xmlns="http://www.w3.org/2000/svg">
+                                        <path fill-rule="evenodd" d="M10 18a8 8 0 100-16 8 8 0 000 16zm3.707-9.293a1 1 0 00-1.414-1.414L9 10.586 7.707 9.293a1 1 0 00-1.414 1.414l2 2a1 1 0 001.414 0l4-4z" clip-rule="evenodd"></path>
+                                    </svg>
+                                @else
+                                    <svg class="w-3 h-3" fill="currentColor" viewBox="0 0 20 20" xmlns="http://www.w3.org/2000/svg">
+                                        <path fill-rule="evenodd" d="M10 18a8 8 0 100-16 8 8 0 000 16zM8.707 7.293a1 1 0 00-1.414 1.414L8.586 10l-1.293 1.293a1 1 0 101.414 1.414L10 11.414l1.293 1.293a1 1 0 001.414-1.414L11.414 10l1.293-1.293a1 1 0 00-1.414-1.414L10 8.586 8.707 7.293z" clip-rule="evenodd"></path>
+                                    </svg>
+                                @endif
+                                Local Storage
+                            </span>
+                        </span>
+                        @if($backup->save_s3)
+                            <span @class([
+                                'px-2 py-1 rounded text-xs font-medium',
+                                'bg-green-100 text-green-800 dark:bg-green-900/30 dark:text-green-200' => !data_get($execution, 's3_storage_deleted', false),
+                                'bg-gray-100 text-gray-600 dark:bg-gray-800/50 dark:text-gray-400' => data_get($execution, 's3_storage_deleted', false),
+                            ])>
+                                <span class="flex items-center gap-1">
+                                    @if(!data_get($execution, 's3_storage_deleted', false))
+                                        <svg class="w-3 h-3" fill="currentColor" viewBox="0 0 20 20" xmlns="http://www.w3.org/2000/svg">
+                                            <path fill-rule="evenodd" d="M10 18a8 8 0 100-16 8 8 0 000 16zm3.707-9.293a1 1 0 00-1.414-1.414L9 10.586 7.707 9.293a1 1 0 00-1.414 1.414l2 2a1 1 0 001.414 0l4-4z" clip-rule="evenodd"></path>
+                                        </svg>
+                                    @else
+                                        <svg class="w-3 h-3" fill="currentColor" viewBox="0 0 20 20" xmlns="http://www.w3.org/2000/svg">
+                                            <path fill-rule="evenodd" d="M10 18a8 8 0 100-16 8 8 0 000 16zM8.707 7.293a1 1 0 00-1.414 1.414L8.586 10l-1.293 1.293a1 1 0 101.414 1.414L10 11.414l1.293 1.293a1 1 0 001.414-1.414L11.414 10l1.293-1.293a1 1 0 00-1.414-1.414L10 8.586 8.707 7.293z" clip-rule="evenodd"></path>
+                                        </svg>
+                                    @endif
+                                    S3 Storage
+                                </span>
+                            </span>
+                        @endif
+                    </div>
                     @if (data_get($execution, 'message'))
                         <div class="mt-2 p-2 bg-gray-100 dark:bg-coolgray-200 rounded">
                             <pre class="whitespace-pre-wrap text-sm">{{ data_get($execution, 'message') }}</pre>

From 282bb5c4cdcc1cf4080ea6c013040d955a4bcbd5 Mon Sep 17 00:00:00 2001
From: Andras Bacsai <andras.bacsai@gmail.com>
Date: Fri, 14 Mar 2025 16:11:31 +0100
Subject: [PATCH 129/145] fix(redis): set default redis_username for new
 instances

Added functionality to automatically assign a default 'redis_username' of 'default' when a StandaloneRedis instance is retrieved without an existing username. This ensures that all instances have a valid username, improving consistency and reducing potential errors in subsequent operations. Additionally, updated the redisUsername method to create a runtime environment variable for 'REDIS_USERNAME' with a default value if it does not already exist, enhancing the robustness of the configuration management.
---
 app/Models/StandaloneRedis.php | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/app/Models/StandaloneRedis.php b/app/Models/StandaloneRedis.php
index ed5cf9870..6037364fe 100644
--- a/app/Models/StandaloneRedis.php
+++ b/app/Models/StandaloneRedis.php
@@ -38,6 +38,12 @@ class StandaloneRedis extends BaseModel
                 $database->forceFill(['last_online_at' => now()]);
             }
         });
+
+        static::retrieved(function ($database) {
+            if (! $database->redis_username) {
+                $database->redis_username = 'default';
+            }
+        });
     }
 
     protected function serverStatus(): Attribute
@@ -193,8 +199,8 @@ class StandaloneRedis extends BaseModel
     {
         return Attribute::make(
             get: fn () => is_null($this->ports_mappings)
-                ? []
-                : explode(',', $this->ports_mappings),
+            ? []
+            : explode(',', $this->ports_mappings),
 
         );
     }
@@ -346,7 +352,12 @@ class StandaloneRedis extends BaseModel
             get: function () {
                 $username = $this->runtime_environment_variables()->where('key', 'REDIS_USERNAME')->first();
                 if (! $username) {
-                    return null;
+                    $this->runtime_environment_variables()->create([
+                        'key' => 'REDIS_USERNAME',
+                        'value' => 'default',
+                    ]);
+
+                    return 'default';
                 }
 
                 return $username->value;

From 798aab69559e3373fdf5170a642895ed3bdf4c42 Mon Sep 17 00:00:00 2001
From: Andras Bacsai <andras.bacsai@gmail.com>
Date: Fri, 14 Mar 2025 16:11:41 +0100
Subject: [PATCH 130/145] refactor(ScheduledTask): clean up code formatting and
 remove unused import

---
 app/Livewire/Project/Shared/ScheduledTask/Add.php | 2 +-
 app/Livewire/Project/Shared/ScheduledTask/All.php | 2 --
 app/Notifications/Channels/EmailChannel.php       | 1 +
 3 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/app/Livewire/Project/Shared/ScheduledTask/Add.php b/app/Livewire/Project/Shared/ScheduledTask/Add.php
index 8ab5f9f27..c286fee5a 100644
--- a/app/Livewire/Project/Shared/ScheduledTask/Add.php
+++ b/app/Livewire/Project/Shared/ScheduledTask/Add.php
@@ -75,7 +75,7 @@ class Add extends Component
     public function saveScheduledTask()
     {
         try {
-            $task = new ScheduledTask();
+            $task = new ScheduledTask;
             $task->name = $this->name;
             $task->command = $this->command;
             $task->frequency = $this->frequency;
diff --git a/app/Livewire/Project/Shared/ScheduledTask/All.php b/app/Livewire/Project/Shared/ScheduledTask/All.php
index 1782f3f27..b58e4f97a 100644
--- a/app/Livewire/Project/Shared/ScheduledTask/All.php
+++ b/app/Livewire/Project/Shared/ScheduledTask/All.php
@@ -2,7 +2,6 @@
 
 namespace App\Livewire\Project\Shared\ScheduledTask;
 
-use App\Models\ScheduledTask;
 use Illuminate\Support\Collection;
 use Livewire\Attributes\Locked;
 use Livewire\Attributes\On;
@@ -42,5 +41,4 @@ class All extends Component
     {
         $this->resource->refresh();
     }
-
 }
diff --git a/app/Notifications/Channels/EmailChannel.php b/app/Notifications/Channels/EmailChannel.php
index b8589cd8e..215fae4ea 100644
--- a/app/Notifications/Channels/EmailChannel.php
+++ b/app/Notifications/Channels/EmailChannel.php
@@ -53,6 +53,7 @@ class EmailChannel
             if (blank($type)) {
                 throw new Exception('No email settings found.');
             }
+
             return;
         }
 

From cc27fa13b83a9c6e345eb59a6ac1b191b5053baa Mon Sep 17 00:00:00 2001
From: Daniel Andraszewski <masermen@gmail.com>
Date: Sat, 15 Mar 2025 09:39:01 +0100
Subject: [PATCH 131/145] Add Freescout template.

---
 public/svgs/freescout.png        | Bin 0 -> 10089 bytes
 templates/compose/freescout.yaml |  47 +++++++++++++++++++++++++++++++
 2 files changed, 47 insertions(+)
 create mode 100644 public/svgs/freescout.png
 create mode 100644 templates/compose/freescout.yaml

diff --git a/public/svgs/freescout.png b/public/svgs/freescout.png
new file mode 100644
index 0000000000000000000000000000000000000000..ff282fbc419e1f2009b1897f8dddbad19fef29d1
GIT binary patch
literal 10089
zcmbWdWl&sA)GkVJcM0z91eXaeA!u-y3;}`!mzm%)!Gc3@m*7rtcMAlE8Jq+g7zh&V
z&U;SX`|sAN@BG-+ySi6*ukO8<J!^f@)m9_GrNKo(K_SpkSJp>CdBOMJgN=#o3HY4g
zgKVh1RZP6!xjT6K*?Iy|6yCer0hu&hZ9f3@fwu1hJjQ{tC@7qG8p;X={%a?>1etUy
z-$r3#xVYG8*bvA!6ds;LoFHYutJoNIbn!!~Ee#HyiHwXr1M*ofzrRvHLBBRJ(D&yy
zDJb;XUE~uBHnh?2bcM;}@wdK>d-xY{g(KLRK!4}mn{pi-Iy%a~cYqF_L3uYCz8}gv
z{?&XBHa0ZwUX*zCN(lue5i1Xk3I&D91j%$iDvEqPvJJyPK_NyS2_5hMFhCrBIDql*
zDz~99!#!9ND5!t!3GC!vw=`8)C7ftYo6XawOfde%Ni=ew_NcO&pC*>NS#!bw^c(*W
zd~7&6lk-D@h6)|eyH9-LTF<wjvFPD>kwts<6}W~|dC1M!H@mT;@p%84sE`ZEO2q1$
zp+7c2EG|&-RhC5`YJ03n@Yc-+ZKvKU!9*<?2?$*UqaU>!hv+zgG$}CqDz6b8?_k@G
zt-GG_i@&A7pa$}ImVjTN@<#TF1l?AZ1jJ0(KdS~|pfR_3=?N)5JqW9d{e*x}-#4#O
zYhomgKKE4vZd2sOVEe{Gfah1_rFc#?Oq2m%`siaue=ZBO;vARLo|HqwrX0iZO8qRq
z8VID~=DnHg&e+dejwL!Mke08P_ci@~LI|YdTCa<Ktk1vQBD}x}u?fY$AOwm5$tJEN
zWb$lvE;O{j=u9R|D$oKKf&ll4gF$-!Z-M|bRsb3?-xhI@=Cuk?;^&DpJMr}PPLm+<
zK^v1vpK0-~#{R-~%n(>{wT2jkO<6y=DpK9=wmK7#c8hRnM-9W6(%1KGYFyaD-Ob_X
z;qRv)=9`n6OnuZ}efktBc1^`77|x5_RjO-$FFOLqj%td;Iv>jz$+N7lL2G&!KW865
z=NGtN#D7FIdAf&^y3qp^l^zwTFRa{<RJ4*1hB~q}yju0#?h-!2|H!sh`HXz|f5cwl
z6s;Ofycf1eA|UP)q@^oA>6Dtfv7cZt@~vyUACrmLshfCW%7<5<L?Uc9G=iXc2#VO)
z%O@q^XbKe$s(d|@k<=I`9_eV#&LB%r`AOSeuK!@eGUMXg-MhWvx-2#59~n@hUpq#$
z6O?`T2A)Bpj2E`pMEA|MAy9r*C-w2|su+uQF2nG!Tq7*@k?;JTU!@PKY_&Hhp{c_c
zTlBY}kyp=$*`ymYU)#%c1Tl1o;hE!|kP#G#e`C?7=%4*^^dl^*D}XgYX7=I`j~YRe
zvC6!cdw{0@G9T^cJn{EvYA!~h>@S(5u2<Nwx|4gt;qTN$nha3E0BJo$CdPsK>a>zr
zl+9n%hXbdYE0*~KeZ&mv9>XAp$i_Gg(HkgXQkPX$sH`hL5F*h*TwNPIyR<HcrZ}u{
zdOKF<oB%dXlZEHM*j}@oAeFE0NWbLXjD#$Y{r&M1mTdpJHU%W9e8$aBm@0ySoEy&i
zA}4dc1<nD#<qf)D(n=X#9+#u%y~)J1D3kn+8n$TImE5I{;v}R1<rbmxYX}xh2j!^$
z`3EjIp46LWHrX6FBCoyUL};rW<XIMDfj1ICa%N|n?4KtD)Wo7~e9#Wni6+^>sECiC
zW)e$*8$hn2;6FM8KWwACZH?`B^wyVrz-aFEUxPs~Hh|>hg^x~}2o`a*#ZDk>b$lXy
z@N~A`0z5wrB<x33y-jZ1q_d1IX2a*Yr`dSo>*44LnE3g(eX19`O{pG%uJ-+*LaBl0
zoiy2ffNjg|Sej$5HpB?Ge}aTclCtXKHbTADhtG_vZ~s7{8T0Z}YG^o}#UXs}v_{js
zx|Kyx2xb9XPok=*(*b1bU8^Ck(Gbd#Sl1vnv?4>F^Ll{#(Ex=bDRDL5?$P4)Pwp=i
zqtb_q`}fIhj7iY|x+iuX1UepHUD{fKi(G)(uvb?Ntc=M_w%q4iaR*9&m<=$UYz!~j
zjusFz0VI}!x;$wA5k8^)tuP#l;i~p0fR6lk=q6A6KT=??r}yiOSR&Wn60SG7x0G2?
z)c+hD9JVklKjbzrzj+82RAO1zIsGcxzImu_e_v3{EHDT{>t!a`7`9kg-J>^jCu1P(
zRbEZ0d9pcpJ2g96nc9aB_hK@VkR;`G8=@l(*eEm+#+np^dor=H^)z==gE=c{QNq%=
zpB6p;5hY2u15<9sh~q&FppxH{a%@CxZ}MC`n{UNuebB-%?D{=MU8AS=qd>i-&9Qr0
ziorUo0BXcBAh~>U47#!PNT}?Q_lpFje*!(fG3P1ry?b)*SL!Nm8J@u>xi<*^oYJd0
za>m0S3G($Jlz6G#Gj{*F$hVZz=MQkefDY$Qy4wJm@v0giD<ey%t-lqg4~Bfb{yzES
zA1~#}QT+1pXs&abig#YW-DfTr_vj~_lSjvblvm!(SumM64a6Uq#QuRPL;ta*oSRkT
zr}#NKSp~#4T90*S?vY;n;7@2_Y9{6@AkZmsvlo6OGAFJ&9+zPNz)x6j8tq3uGrXrA
z*por$Rne}`6wmMLf_`#Oq`l?s7<&c_g7+RT@yo^my~q!W8HQoj7~43=Ul!c4eN}rR
z(ty~W8#1QWzO<*j1hxO7N9p&Ru#0`VXa2TH4i*SVqVGr>++)!4C{GQo5pR1rjTN?^
z)n@h<G-qQ5=eV&ATiAO4!}uNke)E}peP7dx;wlO9KH99yiYU(`t|H|O1gMgKXxwIx
zTU|j|O9)?Jr<3`ooVBLUi~kTp$jB`TwI+hZhcipTZoEF&^7T2NDoVWr$j*rHOIu3R
zq8Z%Ty)?0c<gdk58DkvK`#o0&8(%P{pI3x>OZGuc<tzXn^ctDMZ5h}>(V&88jDF7n
zyj1??)YeMF)2`3^rE(Ukg6v-F2?7nNqmlX<DCm<s?2Szwk9F@kSkR(b7^Xt<=Lvz6
z03j08hd11`3ofiaI72AHo4c2Rnt!Z{Pdw26(AAx&Bz$hvrn#oKqx&18M0dF-;$FCo
zQKgo=?uc=MW_57BNw^STG2zgsZ`tue3pWgyVr=@xFTT+GX|+&L^7`N1p6geq$X?N{
z1rhum2u5vdIrvwI%^mPnVsS?VGqZn`vDup&X*8#kUB^t1;zp%Z{&?alA&GH6%8>^v
z{cFxwBnEYprj}tgp&uTAyO5Oo)W<b>X}Hf;cpZ;S!Jz8Ywku(Jvy1%zXK%WQ$TZY3
zoR}~Be7)R~zhqL6{Ow!)bwJ6^TM<weLAjWV)GP;BgcbNc%d)Z!cA!|#XMfE04fayq
zUZ;`v@JP0iECZ}Q-#T11EMdyUn&E>RhT$lo`NvHtF>2ZoUzV+r8k(_S<u3gA6qlMb
zDUI|xbn>@8hQp}U?F)zR0nkwQ=bv_Kc(3$T1&+zl@l0^KMlM;i@d-Y=d`fCGr@Ort
z|B+r}Yg_KZA`@#%GDQ>yjHfbFPk{k8*KKL&SXPWge+o)o)zy6L4wEJ-p4#^g);>b6
zBO4!odEZVVyJ}0*nUcGB+9r8qiBb2#Uf@_|r&!xxah1_izZ_|Wzs0!Ikj2~hY2I{l
zU@$(9>348|y{-TE64NmLk~@Q_{CSD;Eqil!ytYYo(;pS@i1}=42C^XN^(m$Io0(x>
z;mxUM+SJ^<NI4i;qMUyy4i){!w+Tn%zP(k@{F8P5lW`8|u>|al$EEk<AF&}_8lkV|
z>P>=!H=UoUEEggw;Bg#C4MO%=&bRln<98NE6x8Gu@}8*6eyJ>jg^Evsgx{&r@iMnv
zExo5Z2}*43X{R469EhuBFO;J$#jRI^66z#i$z0w%CS5I~BXmpQj;P4N2K$lA8;$5?
z=}r9(KN^3bPw<J6@7~p?VK%0NBPAf_-5W67w=b~_7>r{!ym8Z~nDdz*D<9xWO<^{x
z10#XuvRwiHTEjnrXYJM`sMQCJ-p|2`O%>{0E;#X=dU6_{%OHnoGcB2ba#ycfmo<4B
zkom;AoTCvjpZUs4Rzoqwh*S2@7F35r@TtQoip|yh{L^_a0fDLOxr`_;b~^uAYw8)T
z^uyD;gtPpw!LLVc0uR-*#D7f5)5!Yy6hwAC<~Kg8{Kt!3N~w2-_w6Gq-M=jZ#0;Bk
zLAdCH7lDpXA`JdgeOK)L2ZANcXd+r{BO=evQtz*N*NqXdeKd`)ekal4V>0FL`cI69
zpcKSrINjc*@!oI@JT;tuA5JJ*=`Twq0I}@%XPCS~Rb=o4o33`+1-XAvQpzjIVQST0
zP1|8?jk=<1Wp~#=A2oQbzlu6~ci&j(4Rz)Y?o~)Z@)l97^rTOd?*y$pQ3gI2-raO*
z+&aJEEK<zG&>C`#n&0G`sao%KXUgSI?H<=>2oB|lWG-}dYtFpBo0yrq?Hn98H*YqM
zdQA0wA8RXed7a9rExt4%S5h5y5W$e{8dQDKM7i+Xh2JD#=v#%a5Wq+~y0fOR+L_jk
zH9SWdba`zUE@w@9j&`U=PJuqDLKK@JapHDC)1`i4y>&G7K=y4l?Hm<h1zFjWCMS!E
zs5QZ$dY>+aIT>vo=3>vC|5`;)q259mhw42kgLv<<P2eQ|{-xk=TV&_JF-XWZOAe}b
za1H7)T761K1W>F>F(Ms%GXzFE)4LoshjiiFl?{<*%wePwogRMgUPTBQ4d#{^wh8PS
zIpxv}*vDuwE*L{vs!x~}iPBw-&?~EnI+H0u!E2Q{0Jag2MahXnJF}SNl`vdGl$t8P
zjg-J->atDOg}7Q&>V<$h2K3hyv-MjnLs^(zUVx8G`Vi7MMzTtRY1}^H!o~f&F&cIZ
zPq9p<B%(uu@Q1Pb-(&}~zOwbVyo8wKNyc_{r<Tz^U1|jH2I$YIybHAfMg}v1NHkpa
zI0VxJ8J1En?mpAqOfK1JGvKbt_Ct!n)k?3BR2T^_S|BHM2DWH!4|LFo-CQrnOhKSz
zT}Fyu#G^|3{2>G%-UKGfS0h6b$H%|_z_P+dw{U!_Me{tG#?J<C0U2$5`D>p>UsLV&
zhXyQpG)#De!LiP4@@-F>q^46OQv!hYl{3wp-{L_k;HOvs;x3B(a-4G<ti0MoI26I!
z>SljOldseiVgs~nzGchdbM4>CTllCUII&;K(jjZ`Pv=kCj}QrTL00%mlNX%@+@<l}
zDDkei5$`7(lZk2cVY5HRwc7a1m!BTD?N>Qx@ps*f+@NS|Y#3HAj@S>Uj7QJd##btD
ziS)!3+_aPL>Khl3j-mbD!Nyo#fxCkPrq!I!5;bjdkPjm@CBEd02;NNj*ok>x2IRI|
zRXK|2<^G^eahSrBrE*SgdtR60_t$#Y>*O&Ab<d{!I&Emr(DnDv2T(_gET)|bT7N|5
zEQ72?-jSMVkCkB{zc|NS0E3I{`DOZE?y7|Gs_%razBuPx_zp9PpvG4G4&9m5sgLzW
zte4OHoKwX=q#E;TdD&a^T0799PAK&{Kdpwtz0PcLTkcV7^%(-pRT`2IC{qklg-oFI
zACWrS<r81*FjMA-48GXCW`ox(=0LU=2SvJeFvr|)YLj81SHm%POcsRwM-CT=RkJ9=
z^$FeB$jSVOg9R^thTjZ`nN1M(*@9gIKAPp1#ooz5bYw`87ya{{$b`n83aihs+`Jbi
zWnUxa+%$N&!9;kp|Ma)*3u3Gw`#UXQv{a7(BQ%hIgQy=>p2|vOU{b)>8*E9q7zf0E
zNs3yaq7ZS^NIv8oby8P@3|8mZyP~`J0cokVv-gZ}MPVeE;5gd9=L+AR8|*Ak#Y)hR
zN$F!Y=@T*ElZ4ZKIwwVNw8K*E0JX-~%m(cL#jvqJ>_JX;!706-Nfv`%7Qq<htWT0B
zZG}8PFx+uKDRtbSZ!4W+>#$o_l5n+G>C2~VUp0Z)nHc`Ig3*Idc;89U@m3<+D(T4n
zZEoAqE$4>cT$F8o<mzUvY)uDy$_giV>Ww8n-_9+yB~o3#M7ppl{!r(l=|dS_8PmA0
z?+*RVB$6Z=y1z{2)zd{N{rZ$BpZ9eqB?ngRav%3EF+*@8<U4vl>NPbhd=7)&f7eGP
zZkhUmL5k3JDmzf>Ksq|~AV3HjQbQYgg~6hHsa$Zad+khpbefFze4(NAQ8ykLxdZ6z
zpGqQNr|+)y5!&@Q1O2xQsnC^2L}za@RRvs%MUhY6YwuZh^;vP^koFB_RqX$oMF49_
zJTS8B^lgAiHWM+vin0MC!2!r@BGpUcp>P-~Vm|VCJH{o%$7GXemW*JKpkaGZm{PGC
zxgme1-<MgPwC*HgG4e2soPm@R_YhjU{#fS#z2Es;F(;u?)n}0zf^q!>Yv=t8obv~2
znJ=&@KMkSpgTk9M{oQx4#!f<;P?Qu4aC)Px@g*ER2m?4xl#oj^VYCj_tH#0-{TTMt
zws5g2)rkPuwpi_j{MH7of&qFwNZ6(X-JR|UWn+$%lFQ2cuLgo+Rbi&D1a#8}y81L^
z;I+hiPZv<=g%W7Ogm#`M0gxm=j&|5CZsVDFL(GeWRw(H(F6}3*DqRx0J_&W><`-Nl
z0P9%jh+p)hev1N`<QukTG`>r%IW7d%CHomXfPpY3!2~L#LqgZL9Y6c7^>x5;<1JV9
zXy-ZL`7P9!h7ff{@CK)Y{B6e#W=8C(DzvcJ-Po5aAoMQ+8xL+cVU*<eX+(+34x92f
zz~Aba*N(0%lgQt{39`H-^;^Ru?(SF_3|H__te1z^3o}`*$A0S8UbWpDHihx*KX{yX
z(T>ZUhpNQv>dS@Mh1<M14{2nC2+KhH8z|CF)u4qW;EnV@0kfPXH{P9%>#2(>Ic|fx
zM9BZ}?EKhy4SXEK*qMtFM^v(PSMOTt*IEp*XtMA7r@VKTVMSKH$pqhf&#<(~p8rVT
zhNX8kJ+(D0h{D8ZV~X}a!0i6#DBu6@3~WjZ6qGT%SuI5ADOGS;(bKnMq5SMrt%7!u
z;gH6=i3x<4)VZmasgkKB5*>So2u2a#4dn%Vw5})DRHFDLZisEf!Np}>>k|3UOHn#E
z%gSP6ub)8BPHLl$?J~g9qPMCWVbW5>H8AXi&+!%w*(?9P&e<X=q-@^)=dM#Ey9gNl
zu6*OY0a7MshMhaciD%I_cFoFNsH5(GL@~av%6jM_Qc~Q?BGI(N=!o7I5X9_9J<ZFZ
zm|U(X@=F8d0Oni>a00CCO8c+Qjkt56X$f0zliOUFEmVQPQONI>EE~qCY_HeAt*iYn
z{Qb^}r5X}j=#<~=hG6GtPNIra-&x*Frz;xhsm*l`Bob$CWkP17S%!EX&h36?QN4Ux
zB)I8Qkmf@MEquBO#03oz-EKjwE1Wx#`}lX|zyF0HHD)zwYj(zY+a^i~GxP86a*hz2
zKgpw!#gUW=-`^b*v{E1rfH8<on&~swDvp-|{K?+9T8Mh9`D)WzuAHxTTIglW%T}7*
z!j+pdR6$?o1XDV;Z7*4VI5Zt2{`xOG8AQv?D@F+YBHJ+jmDsyvOG8|(i;?SgVH#YK
zgn%VTaGxi?tP`6zO`4?elxhi9fmO47+c+^#JQiI3jX{9U1B=)zcAI;SOpT6=ln)@c
z7v-y^9i+z&$O+uC_RDd|2!8vr7CuEhY|St)(EYu+`26$b<5XI3EKN}Um)ovYpFlVD
z_GS$QzcttW_>Qi~_ZY+GUIQ4?EU?onCsC$9aYJ;C6l}1dC!Y%E5~(~p>L!!h?D}0o
z>q&jiGP2vBuy*=3hTCO&2?MHmXXD+SOV6wY%uNoH;Y1S^!|Fg~c1yMKVlwngQLS;~
zcrO*xMO*d@+ML=s<-a4~7e1yQp9|^AXQ+77*`K9pJ2ZtctjpU()ltGI9OXOGI-nf6
z@$Y^0J!C^2Ygn7s?Rm0_3>RI%wC4CfTp^3iw$|i(3PJ_ULS>NwT>Dl$=)6i{Vk@?2
z2;Rnotwl%Q;no@Deg8P-&|2bOXaRF1SurDIfEnqk80=$Jv>x}!8m*PT;(&$IQa{A`
zn5NFhcSa)f@!LS7q3U{%$S}@qwNgEaEQqCnvbJ_`-iVy?Uk;A3Y?qogC;VY?o!fD7
zxwqDkNnx;Qs&_QoCif53Y59PotLpEe$BU>+y+x@SO(K@6HP#HjujY^Si5}W!{`QGc
zIqhYCPK$2)L56^D=+g75Ze)9qoMeCd_T}+E`E-yj5?QXiw7jj^Y0s#9G*2)}TeUv_
z-MepRPW_!v&uO_NSxs!9qTH+Vr7p&w8uB&l0}&GRTw8-mEp`h^X8B|MD<S9kij*$s
zS41TID?3em4<CyGzG%g^IEz#fv-lwW5?XJ~RP0#WpSFlsB(5rlr<SRhj>ChV6bqI&
zPU|>^Xhjn2MFz_c_x+HlLRO<7R?GRaB7)W*ZTln?;L<3QySr2Og)Ls!K*u1ZBMBis
zL`Hg?`mCt-u30U!(PI`+pTf3c?51oDvRCk;0dcI5N)(%1j)R)yefj1FhlIegfk#bN
zSk<1;eQlbX!u$%1OQN*a&T>X%Z7y7}x^;v(F-R2Om2h=fToh%%ONKAS$$}mnQq;yV
zOk$a<t2v2t)oioK5+yTjLUR$2OwgM`f=b=ikU2BRqGc_>^!OWJT23HWA_$Gdi;bg<
zKKWNTn{XEgi*m0r<Ya9jERD@uL#pUQ%6p(6f0>Cg&X_@%?638`Zo1;~R{bagrC)bE
ze!*IXm1x5BO}g&5<lU}79^18d^uJ!u4TmkdajCjSISxZaQ?9Sp#1h(zG@>p^{M^0^
z$i<xk+vR>1`nQ+^^yj%gEUa`LtU+d}NPe64$7l-gc%2zeu{BFB^Qp>)rW_P*^mn%%
z3-gg(9F^aCfuCA3I8QuQRxEnPcEmo?FDb~cCj2?`^m3(1E6q&8H7}XrTnz7CONQwF
z0_W&N?#$wqQase9V5I5+M(B)U!qVC@&%EBXJFv2b0sr-H^`6_1&=mfbNK(lnxGO%!
zGbd`QI9_6=eo1=G(;_g7CE*sF#~Y&`6_{Os1v1&>65z-`ibo$T=!oQe$V7vAxL46J
zV|wWgqo8Z%S4c?m(&Kv+&*v9B<n4}<UGd`o8*rdbT?bpqzw1vFB6`1_<|Q@y^wIl^
z;KAXT8gaD%$I%z733))r9shhdf7JFVm)Y28VC-@nsVN-@vp+_KA5G_~BC;%iqDC?7
zzP5aBa{kLeQmQEBfMR`MbH+X+ifwkq4^iXn_m4HN%8I~*Z0C<h5IA4UCzwwR^fIG4
zgTg24I#5&r+lY>X72rogFT&$s5V_G6XwAONgB8L1$EO$}OL2MA&tNpJPn}tdrShgn
zt)Xli3)|=`Ax;%Znt&7CS&@Nvt^`m|kHmXWLgHAgCJ{`|5~#G#5pQQ1HZl=LN`dX}
z6Q+8SQX<Rq3qW(6IdZd$3p4<5vJ6#|Fq;g&^yxF?3*dD(U^dBqRjp^bOWrQ%`P5(_
z&AA+>Vlda<F!C7UO}qb3$+ZVot9XA=Ev_nhyY*R3g|9|UbcyTYJRFTubkZ)%;cJ!i
zet3l}$*>GSfF~hXX%|q18DTC_t&@WV=3GFg_s|T)c+^yATuZf-sIjpPOUG|`Nhtgc
ziV-R}(Xh^o;l_fWm(;%;ABICdxt6SYJ%QI(c6w4|nZDC>SL3$4Zk(h#IsX=N8aOpb
zLPYTT!CU6}Uae5&&Nj8kT1a{NFl`;;$bEh;Bo&ch79~uIXoI;)<9538mdO}52Wb}V
zP-*i<RWxCwOM46r>SU>gNkw9i=v4lB>9nYn)>HEBIgQyv)UvYpASV5#z*mRS>I^Y-
zdth|;pZe!X;iDPUSO6D0G1g`)?IK}uRG$vk%G8^;H?q5<ILq|DX{1)HG3>%o3@UHL
zxfy2EdPV17Oac<fNLm$6cXy*{eWe_%mfD;Qx^%rG*`Jr~WPd%@Sg@vp6TL;})mO}S
zqWjs{O(sH_ZSN=E+yC{*y&}|xc=aig7CQTSeibC-9fwXFv-Q;IKO`<oH_LR7!9xjw
zLs-S{9cq@yeHi|6XO@@5vE7lP^LBJviDe#CjOf;XbBw2%QZhsc6(-H%3<Btry;C6D
z5#Tnr--U&s;6auhf^Z+EKZBn%qKWGDH0&qly7B$y05KYYNFSjaI@d@@iz^WqfCCZ;
zlKuNcIJ}UbJtv1zE^s6FRhlUB1QuML-S!wgraSO}4(HY$%rBbRUA=#Tm)vAsy)eSF
zSie!))TPy633;a>gQmf`S)4#9LE_O&q4yEQF%G46e^8c;Dx%_F8pf*PUVTxdr&Cr+
z{+Z8|H5H4DBK5G9(rKeN{-Z>8RVDgFv8Cl+RKt?ZY!T_XlCWZl%UwvF%nAoleBWPA
zv*uz4_sEpi%@>s!Xe9eWlvgSn8aK*e6r^=lXQ32IX{Fj{#rjb<FU7|;RoCoNM(m`0
zP3F7Wr_^p;b3QUg9Lv-Et<QaJc3qN#M~Q;cj_QR>N@FA6{!2>#myZsydGWuK(#S;h
z|K&h4N0ZtjQO>6~-@1xZIm&x{+`5Nh=fW!4T+jxqCt=&N1hguy?Df4HFnVCxNp7Cq
z4nPtPerpu!@YN<J#ae(BuvW<hGuO<{w>3$cy<4d;Q>|KSjv{&#S&}kt;JWEb-^uN4
zQ#`sCxv*aGD?2`2sA!F3NM~+8kE(e5;jW}#;lZV@l>Lz_Uz442KQW#c6hg`{e!2xv
zW&8Sc=R@Jt75UO`H25_!>6}lf=)oHXJnGsH(txW;|47xqT|`@~-GRL>*wlGjX5lZT
zTs1>^@9?{Y*WRtKl>+$Hp;4&am_eTI<jgVBrtMq=DUkyHah<STXKyEJBK`Y!^^ehp
zr0ME%l||h9P0@=4ac?qu_|oKfZ*?wOLSYy6pwNR)gYdsm(TRrC^WLmJB>(nF!i;n>
zgOISH0#W}F>H~DJc?CC~dAvY$r|1e&R*I!3!e;iDV-P17oX*DhaL42P8Q(wgg>w*k
zK%$w=3jNdP9H^e~2+T<FX06&!Wd6WvG89fAu2Iec%TD)>;ja~D;DXt`?ay+2rKOj2
z6}`Uk?4R9X_~k+u4?3zI+b9ryq|I({gPEN+*oRYYkXoZ_6k_w^kCaPlxs9RAkCBZj
z-2#$ZozBJw7scl9&37I<(sz90VBI7KPWUKm6kSm9CONY#ffJaQ6q+yS!n)H|5%pR?
zY1nxS#HuyKC&^|;;j9~r3adgtD`pC!A<?VE1RFbh#(Od`E(pUxCOr}>JB7xsKb7dI
zipB3P568V3)OS7W#GC;)zwr#)&)#A^jKp!-(qKc<1U+S`^T%yJGaS^fRCdhJCJmSn
zbEP(fNaCx>wosyXTs`H?6if+vOXn2Gm(GtLdfxF#-n2Bv6W{5a18D|36#L5dX<8D`
zCD!oWAHX%qs^V-g#*ZGS4RfD9m?1hvm_kl=EBj#8WQ=jGT;-}2eqBtThz3KUYP}nW
z5O5Du;!=qPr?ynW#G^LmkWVB;scQS&`9gtz>nqmY(+*)FZ6U~n{`|1wwp=lLR_9;v
z;cIl&{ibq^H!XF}^1sVcO@O|RS<wte{Bw9X=KlWrgtGk;cI=go!1&`|N@-2srSN0J
z-2jhJB`E__ElAq)l_fE8qP{vGrs#v1;HPQ33eKM{*feJzn6LA3AEyms^VUC&5mDR)
zg^CAj(p~{g0gSO@8HD!9*EWv+i`Ckg@KQ>iQRgXUr#ZjrAOOb|+$2Tz7h3*1dA?D!
z1?+Em;ZsUPvCFn%HP}bvLciVvN`IBGh>{x3@URCTFSyi}ld$FwhT2xb3OKW`0;5m^
za_7ckpO-xIN){P24^4=PNiBo5AT{{1e~cwam^PW^);Gk1+(j>3yN89Q>m)9f<TkY(
z)mP(UD`vm`oO{Gt@C^lL7tkPVtD?<s`z<p(FBwHN8>PvoQf!7PB}HypOC7m#J>}yj
zvhJ=rpU@Bn7R;0kJzD62G!z6sX%ca*h_F)x%@#suzvIv}3YuNo;~Ht8rzi%*F5p@3
z)F)_-eVWPd&4!G5v5Ss6n2}49^!^Bif;T(|6X*KgIrQ|4YGUSvJw1##4uG}C7eILi
z-|e$x#WKcW@wy0&tDy127^IY0K0sH?GGW<-1j5nw*baufdCRmxC`k}6?(=6~A4iKb
zr_hJf`hKXPUNz-+>tV`(Z@7=L%1xJ^N+K78{hmXP1?38bQc=mO{ZxuN!=yf~1OwKR
zW~I}d@;(Ua86EP;5|ZkeTd0AJ<9tjhiPJ6bTC5fVrasrn6A>66`Eo!;wdwN1wv`t9
z9E5hB7q?gIc<+Uja+A5!+TYqir4u`>9qQ{zn}Sh>2Z^qY{^tOZE&EztLos|hhZNa_
z4?Y@75`;L>XgZ?L{N~)}sWmEBgbW4K8BA{zp-;lS8FSUl3E}~$$9rC~iCDqzrmVW#
zSp?(hki_buCEnw3FZ(BD7mcWxV$pl?@nFzOwXj>!YAJP#{1YAxLAxouRy(^+i54Op
zEzW*trO=de+QWn&8CA6#Dx0wfiYGkI)_!_$)g=?XpJ#U>s$%}zOxZpQd=Y#ncb3%G
zjrk}{LELe^k^Q=aG48im*+@=dVc}bz*&8FvpPVz+pp)d`c*@|x=V}7-CHwgTV=P?w
z@zu$6+motg?|eO(Tgj^N7Hx^h5q|tX)OZ0$@Ma2H08UYg&eMrP<%UX@rHYli7vsYv
z4RAIC4qY!A(3v=NPi>Y^w|dlg6hpLiwh|}M?z>CXP))*X^?fZIxo+N4M@2B-f}X9U
za=V8m!1+{@&&#SMD#@_%KDjzd>smsb-I5YhqSWcnh{OuD)QiBFo1GCss@}L5&tS11
zz1e$fExK~fe!Wi-&(7TTuWOuBqWhMeeC42Px|UarW7fuURkV+SmA*#Ct}*bYzUS}x
zjFVXcNKk2NuS2u6qmCo_TaqH26D1H^`6IF>Y|7RY2-)dfMMXivFeoTU^!NX(8T((R
q`2VdL`_D%IkBZ6UZ!Vuv@lkp(X3Qt!E@+Tjp=hXRE7vO8g#AB9RT2;Y

literal 0
HcmV?d00001

diff --git a/templates/compose/freescout.yaml b/templates/compose/freescout.yaml
new file mode 100644
index 000000000..bb86b1c45
--- /dev/null
+++ b/templates/compose/freescout.yaml
@@ -0,0 +1,47 @@
+# documentation: https://github.com/tiredofit/docker-freescout
+# slogan: FreeScout is the super lightweight and powerful free open source help desk and shared inbox written in PHP (Laravel framework).
+# tags: helpdesk, support, ticketing, customer-support
+# logo: svgs/freescout.png
+# port: 80
+
+services:
+  freescout:
+    image: tiredofit/freescout:latest
+    volumes:
+      - freescout-data:/data
+      - freescout-logs:/www/logs
+    depends_on:
+      mariadb:
+        condition: service_healthy
+    environment:
+      - SERVICE_FQDN_FREESCOUT_80
+      - DB_HOST=mariadb
+      - DB_NAME=${DATABASE_NAME:-freescout}
+      - DB_USER=${SERVICE_USER_MARIADB:-freescout}
+      - DB_PASS=${SERVICE_PASSWORD_DATABASE}
+      - SITE_URL=${SERVICE_FQDN_FREESCOUT}
+      - ADMIN_EMAIL=${SERVICE_EMAIL_ADMIN:-admin@freescout.local}
+      - ADMIN_PASS=${SERVICE_PASSWORD_ADMIN}
+      - DISPLAY_ERRORS=${DISPLAY_ERRORS:-FALSE}
+      - TIMEZONE=${TIMEZONE:-UTC}
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://127.0.0.1"]
+      start_period: 10s
+      interval: 5s
+      timeout: 10s
+      retries: 15
+  mariadb:
+    image: mariadb
+    volumes:
+      - mariadb-data:/var/lib/mysql
+    environment:
+      - MARIADB_ROOT_PASSWORD=${SERVICE_PASSWORD_DBROOT}
+      - MARIADB_DATABASE=${DATABASE_NAME}
+      - MARIADB_USER=${SERVICE_USER_MARIADB}
+      - MARIADB_PASSWORD=${SERVICE_PASSWORD_DATABASE}
+    healthcheck:
+      test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"]
+      start_period: 10s
+      interval: 5s
+      timeout: 10s
+      retries: 15
\ No newline at end of file

From cbc325b71cefc14cddd09578dafae5181f240918 Mon Sep 17 00:00:00 2001
From: Daniel Andraszewski <masermen@gmail.com>
Date: Sat, 15 Mar 2025 10:04:44 +0100
Subject: [PATCH 132/145] Fixes.

---
 templates/compose/freescout.yaml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/templates/compose/freescout.yaml b/templates/compose/freescout.yaml
index bb86b1c45..4f6a91211 100644
--- a/templates/compose/freescout.yaml
+++ b/templates/compose/freescout.yaml
@@ -16,11 +16,11 @@ services:
     environment:
       - SERVICE_FQDN_FREESCOUT_80
       - DB_HOST=mariadb
-      - DB_NAME=${DATABASE_NAME:-freescout}
+      - DB_NAME=${MARIADB_DATABASE:-freescout}
       - DB_USER=${SERVICE_USER_MARIADB:-freescout}
-      - DB_PASS=${SERVICE_PASSWORD_DATABASE}
+      - DB_PASS=${SERVICE_PASSWORD_MARIADB}
       - SITE_URL=${SERVICE_FQDN_FREESCOUT}
-      - ADMIN_EMAIL=${SERVICE_EMAIL_ADMIN:-admin@freescout.local}
+      - ADMIN_EMAIL=${ADMIN_EMAIL:-admin@example.com}
       - ADMIN_PASS=${SERVICE_PASSWORD_ADMIN}
       - DISPLAY_ERRORS=${DISPLAY_ERRORS:-FALSE}
       - TIMEZONE=${TIMEZONE:-UTC}
@@ -35,10 +35,10 @@ services:
     volumes:
       - mariadb-data:/var/lib/mysql
     environment:
-      - MARIADB_ROOT_PASSWORD=${SERVICE_PASSWORD_DBROOT}
-      - MARIADB_DATABASE=${DATABASE_NAME}
+      - MARIADB_ROOT_PASSWORD=${SERVICE_PASSWORD_ROOT}
+      - MARIADB_DATABASE=${MARIADB_DATABASE}
       - MARIADB_USER=${SERVICE_USER_MARIADB}
-      - MARIADB_PASSWORD=${SERVICE_PASSWORD_DATABASE}
+      - MARIADB_PASSWORD=${SERVICE_PASSWORD_MARIADB}
     healthcheck:
       test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"]
       start_period: 10s

From edbe07ba59a7291154a051e4afee6e98acd865f2 Mon Sep 17 00:00:00 2001
From: Daniel Andraszewski <masermen@gmail.com>
Date: Sat, 15 Mar 2025 10:07:36 +0100
Subject: [PATCH 133/145] Change documentation link.

---
 templates/compose/freescout.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/compose/freescout.yaml b/templates/compose/freescout.yaml
index 4f6a91211..4d6a87950 100644
--- a/templates/compose/freescout.yaml
+++ b/templates/compose/freescout.yaml
@@ -1,4 +1,4 @@
-# documentation: https://github.com/tiredofit/docker-freescout
+# documentation: https://github.com/freescout-help-desk/freescout/wiki/Installation-Guide
 # slogan: FreeScout is the super lightweight and powerful free open source help desk and shared inbox written in PHP (Laravel framework).
 # tags: helpdesk, support, ticketing, customer-support
 # logo: svgs/freescout.png

From 85def88fc90932b2d8ec386a033b7e008592b3dc Mon Sep 17 00:00:00 2001
From: Daniel Andraszewski <masermen@gmail.com>
Date: Sat, 15 Mar 2025 10:08:18 +0100
Subject: [PATCH 134/145] Change link again.

---
 templates/compose/freescout.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/compose/freescout.yaml b/templates/compose/freescout.yaml
index 4d6a87950..c03e112f0 100644
--- a/templates/compose/freescout.yaml
+++ b/templates/compose/freescout.yaml
@@ -1,4 +1,4 @@
-# documentation: https://github.com/freescout-help-desk/freescout/wiki/Installation-Guide
+# documentation: https://github.com/freescout-help-desk/freescout/wiki/
 # slogan: FreeScout is the super lightweight and powerful free open source help desk and shared inbox written in PHP (Laravel framework).
 # tags: helpdesk, support, ticketing, customer-support
 # logo: svgs/freescout.png

From 8a11de9b1a8b7cbfdd9ec60cbd419c1cb22ca88c Mon Sep 17 00:00:00 2001
From: Andras Bacsai <andras.bacsai@gmail.com>
Date: Sat, 15 Mar 2025 22:26:59 +0100
Subject: [PATCH 135/145] fix(core): improve instantSave logic and error
 handling

---
 app/Livewire/SettingsEmail.php | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/app/Livewire/SettingsEmail.php b/app/Livewire/SettingsEmail.php
index 15e68306f..4205594a5 100644
--- a/app/Livewire/SettingsEmail.php
+++ b/app/Livewire/SettingsEmail.php
@@ -114,19 +114,24 @@ class SettingsEmail extends Component
     public function instantSave(string $type)
     {
         try {
+            $currentSmtpEnabled = $this->settings->smtp_enabled;
+            $currentResendEnabled = $this->settings->resend_enabled;
             $this->resetErrorBag();
 
             if ($type === 'SMTP') {
                 $this->submitSmtp();
+                $this->resendEnabled = $this->settings->resend_enabled = false;
             } elseif ($type === 'Resend') {
                 $this->submitResend();
+                $this->smtpEnabled = $this->settings->smtp_enabled = false;
             }
+            $this->settings->save();
 
         } catch (\Throwable $e) {
             if ($type === 'SMTP') {
-                $this->smtpEnabled = false;
+                $this->smtpEnabled = $currentSmtpEnabled;
             } elseif ($type === 'Resend') {
-                $this->resendEnabled = false;
+                $this->resendEnabled = $currentResendEnabled;
             }
 
             return handleError($e, $this);
@@ -156,9 +161,6 @@ class SettingsEmail extends Component
                 'smtpEncryption.required' => 'Encryption type is required.',
             ]);
 
-            $this->resendEnabled = false;
-            $this->settings->resend_enabled = false;
-
             $this->settings->smtp_enabled = $this->smtpEnabled;
             $this->settings->smtp_host = $this->smtpHost;
             $this->settings->smtp_port = $this->smtpPort;
@@ -194,9 +196,6 @@ class SettingsEmail extends Component
                 'smtpFromName.required' => 'From Name is required.',
             ]);
 
-            $this->smtpEnabled = false;
-            $this->settings->smtp_enabled = false;
-
             $this->settings->resend_enabled = $this->resendEnabled;
             $this->settings->resend_api_key = $this->resendApiKey;
             $this->settings->smtp_from_address = $this->smtpFromAddress;

From 76cbc2bcc9f0cab47e7b6b87509ba16b339af4aa Mon Sep 17 00:00:00 2001
From: Nandan Varma <74198723+nandan-varma@users.noreply.github.com>
Date: Sun, 16 Mar 2025 18:24:11 -0700
Subject: [PATCH 136/145] Update glance template for 0.7.0

updated template according to https://github.com/glanceapp/glance/blob/main/docs/v0.7.0-upgrade.md
---
 templates/compose/glance.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/compose/glance.yaml b/templates/compose/glance.yaml
index d989e3f0c..2a21bc50c 100644
--- a/templates/compose/glance.yaml
+++ b/templates/compose/glance.yaml
@@ -11,8 +11,8 @@ services:
       - SERVICE_FQDN_GLANCE_8080
     volumes:
       - type: bind
-        source: ./glance-settings
-        target: /app/glance.yml
+        source: ./config
+        target: /app/config/glance.yml
         content: |
           pages:
             - name: Home

From f77ee1f4ba31d15d9a9875c2f4578e1ebe06bed8 Mon Sep 17 00:00:00 2001
From: Andras Bacsai <5845193+andrasbacsai@users.noreply.github.com>
Date: Mon, 17 Mar 2025 11:15:49 +0100
Subject: [PATCH 137/145] fix(general): correct link to framework specific
 documentation

---
 resources/views/livewire/project/application/general.blade.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/resources/views/livewire/project/application/general.blade.php b/resources/views/livewire/project/application/general.blade.php
index da806f916..280af2256 100644
--- a/resources/views/livewire/project/application/general.blade.php
+++ b/resources/views/livewire/project/application/general.blade.php
@@ -185,7 +185,7 @@
                             </div>
                             <div class="pt-1 text-xs">Nixpacks will detect the required configuration
                                 automatically.
-                                <a class="underline" href="https://coolify.io/docs/applications">Framework
+                                <a class="underline" href="https://coolify.io/docs/applications/">Framework
                                     Specific Docs</a>
                             </div>
                         @endif

From b8f99bbda0d3d222c8402e5f15a43865c76535bf Mon Sep 17 00:00:00 2001
From: Andras Bacsai <5845193+andrasbacsai@users.noreply.github.com>
Date: Mon, 17 Mar 2025 11:28:43 +0100
Subject: [PATCH 138/145] fix(core): redirect healthcheck route for
 dockercompose applications

---
 .../Project/Application/Configuration.php        |  4 ++++
 .../project/application/configuration.blade.php  | 16 ++++++++--------
 2 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/app/Livewire/Project/Application/Configuration.php b/app/Livewire/Project/Application/Configuration.php
index 56e0caf75..267ca72ad 100644
--- a/app/Livewire/Project/Application/Configuration.php
+++ b/app/Livewire/Project/Application/Configuration.php
@@ -22,6 +22,7 @@ class Configuration extends Component
     public function mount()
     {
         $this->currentRoute = request()->route()->getName();
+
         $project = currentTeam()
             ->projects()
             ->select('id', 'uuid', 'team_id')
@@ -39,6 +40,9 @@ class Configuration extends Component
         $this->project = $project;
         $this->environment = $environment;
         $this->application = $application;
+        if ($this->application->build_pack === 'dockercompose' && $this->currentRoute === 'project.application.healthcheck') {
+            return redirect()->route('project.application.configuration', ['project_uuid' => $project->uuid, 'environment_uuid' => $environment->uuid, 'application_uuid' => $application->uuid]);
+        }
     }
 
     public function render()
diff --git a/resources/views/livewire/project/application/configuration.blade.php b/resources/views/livewire/project/application/configuration.blade.php
index 7fcbbd691..3d56a7e8d 100644
--- a/resources/views/livewire/project/application/configuration.blade.php
+++ b/resources/views/livewire/project/application/configuration.blade.php
@@ -15,8 +15,7 @@
                 href="{{ route('project.application.advanced', ['project_uuid' => $project->uuid, 'environment_uuid' => $environment->uuid, 'application_uuid' => $application->uuid]) }}"
                 wire:navigate>Advanced</a>
             @if ($application->destination->server->isSwarm())
-                <a class="menu-item"
-                    wire:current.exact="menu-item-active"
+                <a class="menu-item" wire:current.exact="menu-item-active"
                     href="{{ route('project.application.swarm', ['project_uuid' => $project->uuid, 'environment_uuid' => $environment->uuid, 'application_uuid' => $application->uuid]) }}"
                     wire:navigate>Swarm Configuration</a>
             @endif
@@ -60,21 +59,22 @@
             <a class="menu-item" wire:current.exact="menu-item-active"
                 href="{{ route('project.application.preview-deployments', ['project_uuid' => $project->uuid, 'environment_uuid' => $environment->uuid, 'application_uuid' => $application->uuid]) }}"
                 wire:navigate>Preview Deployments</a>
-            <a class="menu-item" wire:current.exact="menu-item-active"
-                href="{{ route('project.application.healthcheck', ['project_uuid' => $project->uuid, 'environment_uuid' => $environment->uuid, 'application_uuid' => $application->uuid]) }}"
-                wire:navigate>Healthcheck</a>
+            @if ($application->build_pack !== 'dockercompose')
+                <a class="menu-item" wire:current.exact="menu-item-active"
+                    href="{{ route('project.application.healthcheck', ['project_uuid' => $project->uuid, 'environment_uuid' => $environment->uuid, 'application_uuid' => $application->uuid]) }}"
+                    wire:navigate>Healthcheck</a>
+            @endif
             <a class="menu-item" wire:current.exact="menu-item-active"
                 href="{{ route('project.application.rollback', ['project_uuid' => $project->uuid, 'environment_uuid' => $environment->uuid, 'application_uuid' => $application->uuid]) }}"
                 wire:navigate>Rollback</a>
             <a class="menu-item" wire:current.exact="menu-item-active"
                 href="{{ route('project.application.resource-limits', ['project_uuid' => $project->uuid, 'environment_uuid' => $environment->uuid, 'application_uuid' => $application->uuid]) }}"
                 wire:navigate>Resource Limits</a>
-
             <a class="menu-item" wire:current.exact="menu-item-active"
                 href="{{ route('project.application.resource-operations', ['project_uuid' => $project->uuid, 'environment_uuid' => $environment->uuid, 'application_uuid' => $application->uuid]) }}"
                 wire:navigate>Resource Operations</a>
             <a class="menu-item" wire:current.exact="menu-item-active"
-                href="{{ route('project.application.metrics', ['project_uuid' => $project->uuid, 'environment_uuid' => $environment->uuid, 'application_uuid' => $application->uuid]) }}" >Metrics</a>
+                href="{{ route('project.application.metrics', ['project_uuid' => $project->uuid, 'environment_uuid' => $environment->uuid, 'application_uuid' => $application->uuid]) }}">Metrics</a>
             <a class="menu-item" wire:current.exact="menu-item-active"
                 href="{{ route('project.application.tags', ['project_uuid' => $project->uuid, 'environment_uuid' => $environment->uuid, 'application_uuid' => $application->uuid]) }}"
                 wire:navigate>Tags</a>
@@ -103,7 +103,7 @@
                 <livewire:project.shared.webhooks :resource="$application" />
             @elseif ($currentRoute === 'project.application.preview-deployments')
                 <livewire:project.application.previews :application="$application" />
-            @elseif ($currentRoute === 'project.application.healthcheck')
+            @elseif ($currentRoute === 'project.application.healthcheck' && $application->build_pack !== 'dockercompose')
                 <livewire:project.shared.health-checks :resource="$application" />
             @elseif ($currentRoute === 'project.application.rollback')
                 <livewire:project.application.rollback :application="$application" />

From 8ebbe396f4f0fb0dec52e3f5ed135a76207967a7 Mon Sep 17 00:00:00 2001
From: Andras Bacsai <5845193+andrasbacsai@users.noreply.github.com>
Date: Mon, 17 Mar 2025 13:58:31 +0100
Subject: [PATCH 139/145] fix(database): change default value of enable_ssl to
 false for multiple tables

---
 .../2025_01_27_102616_add_ssl_fields_to_database_tables.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/database/migrations/2025_01_27_102616_add_ssl_fields_to_database_tables.php b/database/migrations/2025_01_27_102616_add_ssl_fields_to_database_tables.php
index 361e2fd32..14162133a 100644
--- a/database/migrations/2025_01_27_102616_add_ssl_fields_to_database_tables.php
+++ b/database/migrations/2025_01_27_102616_add_ssl_fields_to_database_tables.php
@@ -12,15 +12,15 @@ return new class extends Migration
     public function up()
     {
         Schema::table('standalone_postgresqls', function (Blueprint $table) {
-            $table->boolean('enable_ssl')->default(true);
+            $table->boolean('enable_ssl')->default(false);
             $table->enum('ssl_mode', ['allow', 'prefer', 'require', 'verify-ca', 'verify-full'])->default('require');
         });
         Schema::table('standalone_mysqls', function (Blueprint $table) {
-            $table->boolean('enable_ssl')->default(true);
+            $table->boolean('enable_ssl')->default(false);
             $table->enum('ssl_mode', ['PREFERRED', 'REQUIRED', 'VERIFY_CA', 'VERIFY_IDENTITY'])->default('REQUIRED');
         });
         Schema::table('standalone_mariadbs', function (Blueprint $table) {
-            $table->boolean('enable_ssl')->default(true);
+            $table->boolean('enable_ssl')->default(false);
         });
         Schema::table('standalone_redis', function (Blueprint $table) {
             $table->boolean('enable_ssl')->default(false);

From 54db7523d5798223c2859e17cf99af06ec4c2bea Mon Sep 17 00:00:00 2001
From: Andras Bacsai <5845193+andrasbacsai@users.noreply.github.com>
Date: Mon, 17 Mar 2025 14:27:07 +0100
Subject: [PATCH 140/145] refactor(app): remove unused MagicBar component and
 related code

---
 resources/js/app.js                  |   7 -
 resources/js/components/MagicBar.vue | 682 ---------------------------
 2 files changed, 689 deletions(-)
 delete mode 100644 resources/js/components/MagicBar.vue

diff --git a/resources/js/app.js b/resources/js/app.js
index 613b80069..4dcae5f8e 100644
--- a/resources/js/app.js
+++ b/resources/js/app.js
@@ -1,10 +1,3 @@
-// import { createApp } from "vue";
-// import MagicBar from "./components/MagicBar.vue";
-
-// const app = createApp({});
-// app.component("magic-bar", MagicBar);
-// app.mount("#vue");
-
 import { initializeTerminalComponent } from './terminal.js';
 
 ['livewire:navigated', 'alpine:init'].forEach((event) => {
diff --git a/resources/js/components/MagicBar.vue b/resources/js/components/MagicBar.vue
deleted file mode 100644
index 22af9dff4..000000000
--- a/resources/js/components/MagicBar.vue
+++ /dev/null
@@ -1,682 +0,0 @@
-<template>
-    <Transition name="fade">
-        <div>
-            <div class="flex items-center p-1 px-2 overflow-hidden transition-all transform rounded cursor-pointer bg-coolgray-100"
-                @click="showCommandPalette = true">
-                <svg xmlns="http://www.w3.org/2000/svg" class="w-6 h-6 icon" viewBox="0 0 24 24" stroke-width="2"
-                    stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round">
-                    <path stroke="none" d="M0 0h24v24H0z" fill="none" />
-                    <path d="M10 10m-7 0a7 7 0 1 0 14 0a7 7 0 1 0 -14 0" />
-                    <path d="M21 21l-6 -6" />
-                </svg>
-                <span class="flex-1"></span>
-                <span class="ml-2 kbd-custom">/</span>
-            </div>
-            <div class="relative" role="dialog" aria-modal="true" v-if="showCommandPalette" @keyup.esc="resetState">
-                <div class="fixed inset-0 transition-opacity bg-opacity-90 bg-coolgray-100" @click.self="resetState">
-                </div>
-                <div class="fixed inset-0 p-4 mx-auto overflow-y-auto lg:w-[70rem] sm:p-10 md:px-20"
-                    @click.self="resetState">
-                    <div class="overflow-hidden transition-all transform bg-coolgray-200 ring-1 ring-black ring-opacity-5">
-                        <div class="relative">
-                            <svg class="absolute w-5 h-5 text-gray-400 pointer-events-none left-3 top-2.5"
-                                viewBox="0 0 20 20" fill="currentColor" aria-hidden="true">
-                                <path fill-rule="evenodd"
-                                    d="M9 3.5a5.5 5.5 0 100 11 5.5 5.5 0 000-11zM2 9a7 7 0 1112.452 4.391l3.328 3.329a.75.75 0 11-1.06 1.06l-3.329-3.328A7 7 0 012 9z"
-                                    clip-rule="evenodd" />
-                            </svg>
-                            <input type="text" v-model="search" ref="searchInput" @keydown.down="focusNext(magic.length)"
-                                @keydown.up="focusPrev(magic.length)" @keyup.enter="callAction"
-                                class="w-full h-10 pr-4 rounded outline-none dark:text-white bg-coolgray-400 pl-11 placeholder:text-neutral-700 sm:text-sm focus:outline-none"
-                                placeholder="Search, jump or create... magically... 🪄" role="combobox"
-                                aria-expanded="false" aria-controls="options">
-                        </div>
-
-                        <ul class="px-4 pb-2 overflow-y-auto max-h-96 scroll-py-10 scroll-pb-2 scrollbar" id="options"
-                            role="listbox">
-                            <li v-if="sequenceState.sequence.length !== 0">
-                                <h2 v-if="sequenceState.sequence[sequenceState.currentActionIndex] && possibleSequences[sequenceState.sequence[sequenceState.currentActionIndex]]"
-                                    class="mt-4 mb-2 text-xs font-semibold text-neutral-500">{{
-                                        possibleSequences[sequenceState.sequence[sequenceState.currentActionIndex]].newTitle }}
-                                </h2>
-                                <ul class="mt-2 -mx-4 dark:text-white">
-                                    <li class="flex items-center px-4 py-2 cursor-pointer select-none group hover:bg-coolgray-400"
-                                        id="option-1" role="option" tabindex="-1"
-                                        @click="addNew(sequenceState.sequence[sequenceState.currentActionIndex])">
-                                        <svg xmlns=" http://www.w3.org/2000/svg" class="w-6 h-6" viewBox="0 0 24 24"
-                                            stroke-width="1.5" stroke="currentColor" fill="none" stroke-linecap="round"
-                                            stroke-linejoin="round">
-                                            <path stroke="none" d="M0 0h24v24H0z" fill="none" />
-                                            <path d="M12 5l0 14" />
-                                            <path d="M5 12l14 0" />
-                                        </svg>
-                                        <span class="flex-auto ml-3 truncate">
-                                            <span v-if="search"><span class="capitalize ">{{
-                                                sequenceState.sequence[sequenceState.currentActionIndex] }}</span> name
-                                                will be:
-                                                <span class="inline-block dark:text-warning">{{ search }}</span>
-                                            </span>
-                                            <span v-else><span class="capitalize ">{{
-                                                sequenceState.sequence[sequenceState.currentActionIndex] }}</span> name
-                                                will be:
-                                                <span class="inline-block dark:text-warning">randomly generated (type to
-                                                    change)</span>
-                                            </span>
-                                        </span>
-                                    </li>
-                                </ul>
-                            </li>
-                            <li>
-                                <ul v-if="magic.length == 0" class="mt-2 -mx-4 dark:text-white">
-                                    <li class="flex items-center px-4 py-2 select-none group">
-                                        <svg xmlns="http://www.w3.org/2000/svg" class="w-6 h-6 icon" viewBox="0 0 24 24"
-                                            stroke-width="1.5" stroke="currentColor" fill="none" stroke-linecap="round"
-                                            stroke-linejoin="round">
-                                            <path stroke="none" d="M0 0h24v24H0z" fill="none" />
-                                            <path d="M12 12m-9 0a9 9 0 1 0 18 0a9 9 0 1 0 -18 0" />
-                                            <path d="M9 10l.01 0" />
-                                            <path d="M15 10l.01 0" />
-                                            <path d="M9 15l6 0" />
-                                        </svg>
-                                        <span class="flex-auto ml-3 truncate">Nothing found. Ooops.</span>
-                                    </li>
-                                </ul>
-                                <h2 v-if="magic.length !== 0 && sequenceState.sequence[sequenceState.currentActionIndex] && possibleSequences[sequenceState.sequence[sequenceState.currentActionIndex]]"
-                                    class="mt-4 mb-2 text-xs font-semibold text-neutral-500">{{
-                                        possibleSequences[sequenceState.sequence[sequenceState.currentActionIndex]].title }}
-                                </h2>
-                                <ul v-if="magic.length != 0" class="mt-2 -mx-4 dark:text-white">
-                                    <li class="flex items-center px-4 py-2 transition-all cursor-pointer select-none group hover:bg-coolgray-400"
-                                        :class="{ 'bg-coollabs': currentFocus === index }" id="option-1" role="option"
-                                        tabindex="-1" v-for="action, index in magic" @click="goThroughSequence(index)"
-                                        ref="magicItems">
-                                        <div class="relative">
-                                            <svg xmlns="http://www.w3.org/2000/svg" class="w-6 h-6 icon" viewBox="0 0 24 24"
-                                                stroke-width="1.5" stroke="currentColor" fill="none" stroke-linecap="round"
-                                                stroke-linejoin="round">
-                                                <template
-                                                    v-if="action.icon === 'git' || sequenceState.sequence[sequenceState.currentActionIndex] === 'git'">
-                                                    <path stroke="none" d="M0 0h24v24H0z" fill="none" />
-                                                    <path d="M16 12m-1 0a1 1 0 1 0 2 0a1 1 0 1 0 -2 0" />
-                                                    <path d="M12 8m-1 0a1 1 0 1 0 2 0a1 1 0 1 0 -2 0" />
-                                                    <path d="M12 16m-1 0a1 1 0 1 0 2 0a1 1 0 1 0 -2 0" />
-                                                    <path d="M12 15v-6" />
-                                                    <path d="M15 11l-2 -2" />
-                                                    <path d="M11 7l-1.9 -1.9" />
-                                                    <path
-                                                        d="M13.446 2.6l7.955 7.954a2.045 2.045 0 0 1 0 2.892l-7.955 7.955a2.045 2.045 0 0 1 -2.892 0l-7.955 -7.955a2.045 2.045 0 0 1 0 -2.892l7.955 -7.955a2.045 2.045 0 0 1 2.892 0z" />
-                                                </template>
-                                                <template
-                                                    v-if="action.icon === 'server' || sequenceState.sequence[sequenceState.currentActionIndex] === 'server'">
-                                                    <path stroke="none" d="M0 0h24v24H0z" fill="none" />
-                                                    <path
-                                                        d="M3 4m0 3a3 3 0 0 1 3 -3h12a3 3 0 0 1 3 3v2a3 3 0 0 1 -3 3h-12a3 3 0 0 1 -3 -3z" />
-                                                    <path d="M15 20h-9a3 3 0 0 1 -3 -3v-2a3 3 0 0 1 3 -3h12" />
-                                                    <path d="M7 8v.01" />
-                                                    <path d="M7 16v.01" />
-                                                    <path d="M20 15l-2 3h3l-2 3" />
-                                                </template>
-                                                <template
-                                                    v-if="action.icon === 'destination' || sequenceState.sequence[sequenceState.currentActionIndex] === 'destination'">
-                                                    <path stroke="none" d="M0 0h24v24H0z" fill="none" />
-                                                    <path
-                                                        d="M22 12.54c-1.804 -.345 -2.701 -1.08 -3.523 -2.94c-.487 .696 -1.102 1.568 -.92 2.4c.028 .238 -.32 1 -.557 1h-14c0 5.208 3.164 7 6.196 7c4.124 .022 7.828 -1.376 9.854 -5c1.146 -.101 2.296 -1.505 2.95 -2.46z" />
-                                                    <path d="M5 10h3v3h-3z" />
-                                                    <path d="M8 10h3v3h-3z" />
-                                                    <path d="M11 10h3v3h-3z" />
-                                                    <path d="M8 7h3v3h-3z" />
-                                                    <path d="M11 7h3v3h-3z" />
-                                                    <path d="M11 4h3v3h-3z" />
-                                                    <path d="M4.571 18c1.5 0 2.047 -.074 2.958 -.78" />
-                                                    <path d="M10 16l0 .01" />
-                                                </template>
-                                                <template
-                                                    v-if="action.icon === 'storage' || sequenceState.sequence[sequenceState.currentActionIndex] === 'storage'">
-                                                    <g fill="none" stroke="currentColor" stroke-linecap="round"
-                                                        stroke-linejoin="round" stroke-width="2">
-                                                        <path d="M4 6a8 3 0 1 0 16 0A8 3 0 1 0 4 6" />
-                                                        <path d="M4 6v6a8 3 0 0 0 16 0V6" />
-                                                        <path d="M4 12v6a8 3 0 0 0 16 0v-6" />
-                                                    </g>
-                                                </template>
-                                                <template
-                                                    v-if="action.icon === 'project' || sequenceState.sequence[sequenceState.currentActionIndex] === 'project'">
-                                                    <path stroke="none" d="M0 0h24v24H0z" fill="none" />
-                                                    <path
-                                                        d="M9 4h3l2 2h5a2 2 0 0 1 2 2v7a2 2 0 0 1 -2 2h-10a2 2 0 0 1 -2 -2v-9a2 2 0 0 1 2 -2" />
-                                                    <path
-                                                        d="M17 17v2a2 2 0 0 1 -2 2h-10a2 2 0 0 1 -2 -2v-9a2 2 0 0 1 2 -2h2" />
-                                                </template>
-                                                <template
-                                                    v-if="action.icon === 'environment' || sequenceState.sequence[sequenceState.currentActionIndex] === 'environment'">
-                                                    <path stroke="none" d="M0 0h24v24H0z" fill="none" />
-                                                    <path d="M16 5l3 3l-2 1l4 4l-3 1l4 4h-9" />
-                                                    <path d="M15 21l0 -3" />
-                                                    <path d="M8 13l-2 -2" />
-                                                    <path d="M8 12l2 -2" />
-                                                    <path d="M8 21v-13" />
-                                                    <path
-                                                        d="M5.824 16a3 3 0 0 1 -2.743 -3.69a3 3 0 0 1 .304 -4.833a3 3 0 0 1 4.615 -3.707a3 3 0 0 1 4.614 3.707a3 3 0 0 1 .305 4.833a3 3 0 0 1 -2.919 3.695h-4z" />
-                                                </template>
-                                                <template
-                                                    v-if="action.icon === 'key' || sequenceState.sequence[sequenceState.currentActionIndex] === 'key'">
-                                                    <path stroke="none" d="M0 0h24v24H0z" fill="none" />
-                                                    <path d="M14 10m-2 0a2 2 0 1 0 4 0a2 2 0 1 0 -4 0" />
-                                                    <path d="M21 12a9 9 0 1 1 -18 0a9 9 0 0 1 18 0z" />
-                                                    <path d="M12.5 11.5l-4 4l1.5 1.5" />
-                                                    <path d="M12 15l-1.5 -1.5" />
-                                                </template>
-                                                <template
-                                                    v-if="action.icon === 'goto' || sequenceState.sequence[sequenceState.currentActionIndex] === 'goto'">
-                                                    <path stroke="none" d="M0 0h24v24H0z" fill="none" />
-                                                    <path d="M10 18h4" />
-                                                    <path
-                                                        d="M3 8a9 9 0 0 1 9 9v1l1.428 -4.285a12 12 0 0 1 6.018 -6.938l.554 -.277" />
-                                                    <path d="M15 6h5v5" />
-                                                </template>
-                                                <template
-                                                    v-if="action.icon === 'team' || sequenceState.sequence[sequenceState.currentActionIndex] === 'team'">
-                                                    <path stroke="none" d="M0 0h24v24H0z" fill="none" />
-                                                    <path d="M10 13a2 2 0 1 0 4 0a2 2 0 0 0 -4 0" />
-                                                    <path d="M8 21v-1a2 2 0 0 1 2 -2h4a2 2 0 0 1 2 2v1" />
-                                                    <path d="M15 5a2 2 0 1 0 4 0a2 2 0 0 0 -4 0" />
-                                                    <path d="M17 10h2a2 2 0 0 1 2 2v1" />
-                                                    <path d="M5 5a2 2 0 1 0 4 0a2 2 0 0 0 -4 0" />
-                                                    <path d="M3 13v-1a2 2 0 0 1 2 -2h2" />
-                                                </template>
-                                            </svg>
-                                            <div v-if="action.new"
-                                                class="absolute top-0 right-0 -mt-2 -mr-2 font-bold dark:text-warning">+
-                                            </div>
-                                        </div>
-                                        <span class="flex-auto ml-3 truncate">{{ action.name }}</span>
-                                    </li>
-                                </ul>
-                            </li>
-                        </ul>
-                    </div>
-                </div>
-            </div>
-        </div>
-    </Transition>
-</template>
-<script setup>
-import { ref, computed, onMounted, onUnmounted, watch, nextTick } from 'vue'
-import axios from "axios";
-const currentFocus = ref(0)
-const magicItems = ref()
-function focusNext(length) {
-    if (currentFocus.value === undefined) {
-        currentFocus.value = 0
-    } else {
-        if (length > currentFocus.value + 1) {
-            currentFocus.value = currentFocus.value + 1
-        }
-    }
-    if (currentFocus.value > 4) {
-        magicItems.value[currentFocus.value].scrollIntoView({ block: "center", inline: "center", behavior: 'auto' })
-    }
-}
-function focusPrev(length) {
-    if (currentFocus.value === undefined) {
-        currentFocus.value = length - 1
-    } else {
-        if (currentFocus.value > 0) {
-            currentFocus.value = currentFocus.value - 1
-        }
-    }
-    if (currentFocus.value < length - 4) {
-        magicItems.value[currentFocus.value].scrollIntoView({ block: "center", inline: "center", behavior: 'auto' })
-    }
-}
-async function callAction() {
-    await goThroughSequence(currentFocus.value)
-}
-const showCommandPalette = ref(false)
-const search = ref()
-const searchInput = ref()
-
-const baseUrl = '/magic'
-
-const uuidSelector = ['project', 'destination']
-const nameSelector = ['environment']
-const possibleSequences = {
-    server: {
-        newTitle: 'Create a new Server',
-        title: 'Select a server'
-    },
-    destination: {
-        newTitle: 'Create a new Destination',
-        title: 'Select a destination'
-    },
-    project: {
-        newTitle: 'Create a new Project',
-        title: 'Select a project'
-    },
-    environment: {
-        newTitle: 'Create a new Environment',
-        title: 'Select an environment'
-    },
-}
-const magicActions = [{
-    id: 1,
-    name: 'Deploy: Public Repository',
-    tags: 'git,github,public',
-    icon: 'git',
-    new: true,
-    sequence: ['main', 'server', 'destination', 'project', 'environment', 'redirect']
-},
-{
-    id: 2,
-    name: 'Deploy: Private Repository (with GitHub Apps)',
-    tags: 'git,github,private',
-    icon: 'git',
-    new: true,
-    sequence: ['main', 'server', 'destination', 'project', 'environment', 'redirect']
-},
-{
-    id: 3,
-    name: 'Deploy: Private Repository (with Deploy Key)',
-    tags: 'git,github,private,deploy,key',
-    icon: 'git',
-    new: true,
-    sequence: ['main', 'server', 'destination', 'project', 'environment', 'redirect']
-},
-{
-    id: 4,
-    name: 'Deploy: Dockerfile',
-    tags: 'dockerfile,deploy',
-    icon: 'destination',
-    new: true,
-    sequence: ['main', 'server', 'destination', 'project', 'environment', 'redirect']
-},
-{
-    id: 5,
-    name: 'Create: Server',
-    tags: 'server,ssh,new,create',
-    icon: 'server',
-    new: true,
-    sequence: ['main', 'redirect']
-},
-{
-    id: 6,
-    name: 'Create: Source',
-    tags: 'source,git,gitlab,github,bitbucket,gitea,new,create',
-    icon: 'git',
-    new: true,
-    sequence: ['main', 'redirect']
-},
-{
-    id: 7,
-    name: 'Create: Private Key',
-    tags: 'private,key,ssh,new,create',
-    icon: 'key',
-    new: true,
-    sequence: ['main', 'redirect']
-},
-{
-    id: 8,
-    name: 'Create: Destination',
-    tags: 'destination,docker,network,new,create',
-    icon: 'destination',
-    new: true,
-    sequence: ['main', 'server', 'redirect']
-},
-{
-    id: 9,
-    name: 'Create: Team',
-    tags: 'team,member,new,create',
-    icon: 'team',
-    new: true,
-    sequence: ['main', 'redirect']
-},
-{
-    id: 10,
-    name: 'Create: S3 Storage',
-    tags: 's3,storage,new,create',
-    icon: 'storage',
-    new: true,
-    sequence: ['main', 'redirect']
-},
-{
-    id: 11,
-    name: 'Goto: S3 Storage',
-    tags: 's3,storage',
-    icon: 'goto',
-    sequence: ['main', 'redirect']
-},
-{
-    id: 12,
-    name: 'Goto: Dashboard',
-    icon: 'goto',
-    sequence: ['main', 'redirect']
-},
-{
-    id: 13,
-    name: 'Goto: Servers',
-    icon: 'goto',
-    sequence: ['main', 'redirect']
-},
-{
-    id: 14,
-    name: 'Goto: Private Keys',
-    tags: 'destination,docker,network,new,create,ssh,private,key',
-    icon: 'goto',
-    sequence: ['main', 'redirect']
-},
-{
-    id: 15,
-    name: 'Goto: Projects',
-    icon: 'goto',
-    sequence: ['main', 'redirect']
-},
-{
-    id: 16,
-    name: 'Goto: Sources',
-    icon: 'goto',
-    sequence: ['main', 'redirect']
-},
-{
-    id: 17,
-    name: 'Goto: Destinations',
-    icon: 'goto',
-    sequence: ['main', 'redirect']
-},
-{
-    id: 18,
-    name: 'Goto: Settings',
-    icon: 'goto',
-    sequence: ['main', 'redirect']
-},
-{
-    id: 19,
-    name: 'Goto: Terminal',
-    icon: 'goto',
-    sequence: ['main', 'redirect']
-},
-{
-    id: 20,
-    name: 'Goto: Notifications',
-    icon: 'goto',
-    sequence: ['main', 'redirect']
-},
-{
-    id: 21,
-    name: 'Goto: Profile',
-    icon: 'goto',
-    sequence: ['main', 'redirect']
-},
-{
-    id: 22,
-    name: 'Goto: Teams',
-    icon: 'goto',
-    sequence: ['main', 'redirect']
-},
-{
-    id: 23,
-    name: 'Goto: Switch Teams',
-    icon: 'goto',
-    sequence: ['main', 'redirect']
-},
-{
-    id: 24,
-    name: 'Goto: Onboarding process',
-    icon: 'goto',
-    sequence: ['main', 'redirect']
-},
-{
-    id: 25,
-    name: 'Goto: API Tokens',
-    tags: 'api,tokens,rest',
-    icon: 'goto',
-    sequence: ['main', 'redirect']
-},
-{
-    id: 26,
-    name: 'Goto: Team Shared Variables',
-    tags: 'team,shared,variables',
-    icon: 'goto',
-    sequence: ['main', 'redirect']
-}
-]
-const initialState = {
-    sequence: [],
-    currentActionIndex: 0,
-    magicActions,
-    selected: {}
-}
-const sequenceState = ref({ ...initialState })
-
-function focusSearch(event) {
-    if (event.target.nodeName === 'BODY') {
-        if (event.key === '/') {
-            event.preventDefault();
-            showCommandPalette.value = true;
-        }
-    }
-}
-
-onMounted(() => {
-    window.addEventListener("keydown", focusSearch);
-})
-onUnmounted(() => {
-    window.removeEventListener("keydown", focusSearch);
-})
-
-watch(showCommandPalette, async (value) => {
-    if (value) {
-        await nextTick();
-        searchInput.value.focus();
-    }
-})
-watch(search, async () => {
-    currentFocus.value = 0
-})
-const magic = computed(() => {
-    if (search.value) {
-        return sequenceState.value.magicActions.filter(action => {
-            return action.name.toLowerCase().includes(search.value.toLowerCase()) || action.tags?.toLowerCase().includes(search.value.toLowerCase())
-        })
-    }
-    return sequenceState.value.magicActions
-})
-async function addNew(name) {
-    let targetUrl = new URL(window.location.origin)
-    let newUrl = new URL(`${window.location.origin}${baseUrl}/${name}/new`);
-    if (search.value) {
-        targetUrl.searchParams.append('name', search.value)
-        newUrl.searchParams.append('name', search.value)
-    }
-    switch (name) {
-        case 'server':
-            targetUrl.pathname = '/server/new'
-            window.location.href = targetUrl.href
-            break;
-        case 'destination':
-            targetUrl.pathname = '/destination/new'
-            window.location.href = targetUrl.href
-            break;
-        case 'project':
-            const { data: { project_uuid } } = await axios(newUrl.href)
-            search.value = ''
-            sequenceState.value.selected['project'] = project_uuid
-            sequenceState.value.magicActions = await getEnvironments(project_uuid)
-            sequenceState.value.currentActionIndex += 1
-            break;
-        case 'environment':
-            newUrl.searchParams.append('project_uuid', sequenceState.value.selected.project)
-            const { data: { environment_name } } = await axios(newUrl.href)
-            search.value = ''
-            sequenceState.value.selected['environment'] = environment_name
-            redirect()
-            break;
-    }
-}
-function resetState() {
-    showCommandPalette.value = false
-    sequenceState.value = { ...initialState }
-    search.value = ''
-}
-async function goThroughSequence(actionId) {
-    let currentSequence = null;
-    let nextSequence = null;
-    if (sequenceState.value.selected.main === undefined) {
-        const { sequence, id } = magic.value[actionId];
-        currentSequence = sequence[sequenceState.value.currentActionIndex]
-        nextSequence = sequence[sequenceState.value.currentActionIndex + 1]
-        sequenceState.value.sequence = sequence
-        sequenceState.value.selected = {
-            main: id
-        }
-    } else {
-        currentSequence = sequenceState.value.sequence[sequenceState.value.currentActionIndex]
-        nextSequence = sequenceState.value.sequence[sequenceState.value.currentActionIndex + 1]
-        let selectedId = sequenceState.value.magicActions[actionId].id
-        if (uuidSelector.includes(currentSequence)) {
-            selectedId = sequenceState.value.magicActions[actionId].uuid
-        }
-        if (nameSelector.includes(currentSequence)) {
-            selectedId = sequenceState.value.magicActions[actionId].name
-        }
-        sequenceState.value.selected = {
-            ...sequenceState.value.selected,
-            [currentSequence]: selectedId
-        }
-    }
-    switch (nextSequence) {
-        case 'server':
-            sequenceState.value.magicActions = await getServers();
-            break;
-        case 'destination':
-            sequenceState.value.magicActions = await getDestinations(sequenceState.value.selected[currentSequence]);
-            break;
-        case 'project':
-            sequenceState.value.magicActions = await getProjects()
-            break;
-        case 'environment':
-            sequenceState.value.magicActions = await getEnvironments(sequenceState.value.selected[currentSequence])
-            break;
-        case 'redirect':
-            redirect()
-            break;
-        default:
-            break;
-    }
-    sequenceState.value.currentActionIndex += 1
-    search.value = ''
-    searchInput.value.focus()
-    currentFocus.value = 0
-}
-async function getServers() {
-    const { data: { servers } } = await axios.get(`${baseUrl}/servers`);
-    return servers;
-}
-async function getDestinations(serverId) {
-    const { data: { destinations } } = await axios.get(`${baseUrl}/destinations?server_id=${serverId}`);
-    return destinations;
-}
-async function getProjects() {
-    const { data: { projects } } = await axios.get(`${baseUrl}/projects`);
-    return projects;
-}
-async function getEnvironments(project_uuid) {
-    const { data: { environments } } = await axios.get(`${baseUrl}/environments?project_uuid=${project_uuid}`);
-    return environments;
-}
-
-async function redirect() {
-    let targetUrl = new URL(window.location.origin)
-    const selected = sequenceState.value.selected
-    const { main, destination = null, project = null, environment = null, server = null } = selected
-    switch (main) {
-        case 1:
-            targetUrl.pathname = `/project/${project}/${environment}/new`
-            targetUrl.searchParams.append('type', 'public')
-            targetUrl.searchParams.append('destination', destination)
-            break;
-        case 2:
-            targetUrl.pathname = `/project/${project}/${environment}/new`
-            targetUrl.searchParams.append('type', 'private-gh-app')
-            targetUrl.searchParams.append('destination', destination)
-            break;
-        case 3:
-            targetUrl.pathname = `/project/${project}/${environment}/new`
-            targetUrl.searchParams.append('type', 'private-deploy-key')
-            targetUrl.searchParams.append('destination', destination)
-            break;
-        case 4:
-            targetUrl.pathname = `/project/${project}/${environment}/new`
-            targetUrl.searchParams.append('type', 'dockerfile')
-            targetUrl.searchParams.append('destination', destination)
-            break;
-        case 5:
-            targetUrl.pathname = `/server/new`
-            break;
-        case 6:
-            targetUrl.pathname = `/source/new`
-            break;
-        case 7:
-            targetUrl.pathname = `/security/private-key/new`
-            break;
-        case 8:
-            targetUrl.pathname = `/destination/new`
-            targetUrl.searchParams.append('server', server)
-            break;
-        case 9:
-            targetUrl.pathname = `/team/new`
-            break;
-        case 10:
-            targetUrl.pathname = `/team/storages/new`
-            break;
-        case 11:
-            targetUrl.pathname = `/team/storages/`
-            break;
-        case 12:
-            targetUrl.pathname = `/`
-            break;
-        case 13:
-            targetUrl.pathname = `/servers`
-            break;
-        case 14:
-            targetUrl.pathname = `/security/private-key`
-            break;
-        case 15:
-            targetUrl.pathname = `/projects`
-            break;
-        case 16:
-            targetUrl.pathname = `/sources`
-            break;
-        case 17:
-            targetUrl.pathname = `/destinations`
-            break;
-        case 18:
-            targetUrl.pathname = `/settings`
-            break;
-        case 19:
-            targetUrl.pathname = `/terminal`
-            break;
-        case 20:
-            targetUrl.pathname = `/team/notifications`
-            break;
-        case 21:
-            targetUrl.pathname = `/profile`
-            break;
-        case 22:
-            targetUrl.pathname = `/team`
-            break;
-        case 23:
-            targetUrl.pathname = `/team`
-            break;
-        case 24:
-            targetUrl.pathname = `/onboarding`
-            break;
-        case 25:
-            targetUrl.pathname = `/security/api-tokens`
-            break;
-        case 26:
-            targetUrl.pathname = `/team/shared-variables`
-            break;
-    }
-    window.location.href = targetUrl;
-}
-</script>

From 950acffe0b3715bb72997afb9e390eea5e1bd925 Mon Sep 17 00:00:00 2001
From: Andras Bacsai <5845193+andrasbacsai@users.noreply.github.com>
Date: Mon, 17 Mar 2025 15:15:40 +0100
Subject: [PATCH 141/145] refactor(database): streamline SSL configuration
 handling across database types

---
 .../Project/Database/Mariadb/General.php      |  1 -
 .../Project/Database/Mongodb/General.php      |  7 ++-
 .../Project/Database/Mysql/General.php        |  7 ++-
 .../Project/Database/Postgresql/General.php   |  7 ++-
 .../Project/Database/Redis/General.php        |  1 -
 app/View/Components/Forms/Select.php          |  2 +-
 .../components/forms/copy-button.blade.php    |  8 ++-
 .../views/components/server/sidebar.blade.php |  8 ++-
 .../database/dragonfly/general.blade.php      | 37 +++++------
 .../database/mongodb/general.blade.php        | 59 +++++++++---------
 .../project/database/mysql/general.blade.php  | 58 +++++++++--------
 .../database/postgresql/general.blade.php     | 62 ++++++++++---------
 12 files changed, 138 insertions(+), 119 deletions(-)

diff --git a/app/Livewire/Project/Database/Mariadb/General.php b/app/Livewire/Project/Database/Mariadb/General.php
index b0c4f5d3e..06dffdc22 100644
--- a/app/Livewire/Project/Database/Mariadb/General.php
+++ b/app/Livewire/Project/Database/Mariadb/General.php
@@ -143,7 +143,6 @@ class General extends Component
     public function instantSaveSSL()
     {
         try {
-            $this->database->enable_ssl = $this->database->enable_ssl;
             $this->database->save();
             $this->dispatch('success', 'SSL configuration updated.');
         } catch (Exception $e) {
diff --git a/app/Livewire/Project/Database/Mongodb/General.php b/app/Livewire/Project/Database/Mongodb/General.php
index 28be1c69d..282547283 100644
--- a/app/Livewire/Project/Database/Mongodb/General.php
+++ b/app/Livewire/Project/Database/Mongodb/General.php
@@ -143,11 +143,14 @@ class General extends Component
         }
     }
 
+    public function updatedDatabaseSslMode()
+    {
+        $this->instantSaveSSL();
+    }
+
     public function instantSaveSSL()
     {
         try {
-            $this->database->enable_ssl = $this->database->enable_ssl;
-            $this->database->ssl_mode = $this->database->ssl_mode;
             $this->database->save();
             $this->dispatch('success', 'SSL configuration updated.');
         } catch (Exception $e) {
diff --git a/app/Livewire/Project/Database/Mysql/General.php b/app/Livewire/Project/Database/Mysql/General.php
index 3e164d885..c9424b506 100644
--- a/app/Livewire/Project/Database/Mysql/General.php
+++ b/app/Livewire/Project/Database/Mysql/General.php
@@ -142,11 +142,14 @@ class General extends Component
         }
     }
 
+    public function updatedDatabaseSslMode()
+    {
+        $this->instantSaveSSL();
+    }
+
     public function instantSaveSSL()
     {
         try {
-            $this->database->enable_ssl = $this->database->enable_ssl;
-            $this->database->ssl_mode = $this->database->ssl_mode;
             $this->database->save();
             $this->dispatch('success', 'SSL configuration updated.');
         } catch (Exception $e) {
diff --git a/app/Livewire/Project/Database/Postgresql/General.php b/app/Livewire/Project/Database/Postgresql/General.php
index 881c74d53..3057f5316 100644
--- a/app/Livewire/Project/Database/Postgresql/General.php
+++ b/app/Livewire/Project/Database/Postgresql/General.php
@@ -106,11 +106,14 @@ class General extends Component
         }
     }
 
+    public function updatedDatabaseSslMode()
+    {
+        $this->instantSaveSSL();
+    }
+
     public function instantSaveSSL()
     {
         try {
-            $this->database->enable_ssl = $this->database->enable_ssl;
-            $this->database->ssl_mode = $this->database->ssl_mode;
             $this->database->save();
             $this->dispatch('success', 'SSL configuration updated.');
         } catch (Exception $e) {
diff --git a/app/Livewire/Project/Database/Redis/General.php b/app/Livewire/Project/Database/Redis/General.php
index a3916277d..16519e287 100644
--- a/app/Livewire/Project/Database/Redis/General.php
+++ b/app/Livewire/Project/Database/Redis/General.php
@@ -151,7 +151,6 @@ class General extends Component
     public function instantSaveSSL()
     {
         try {
-            $this->database->enable_ssl = $this->database->enable_ssl;
             $this->database->save();
             $this->dispatch('success', 'SSL configuration updated.');
         } catch (Exception $e) {
diff --git a/app/View/Components/Forms/Select.php b/app/View/Components/Forms/Select.php
index 86ae866c8..b75cedaae 100644
--- a/app/View/Components/Forms/Select.php
+++ b/app/View/Components/Forms/Select.php
@@ -18,7 +18,7 @@ class Select extends Component
         public ?string $label = null,
         public ?string $helper = null,
         public bool $required = false,
-        public string $defaultClass = 'select'
+        public string $defaultClass = 'select w-full'
     ) {
         //
     }
diff --git a/resources/views/components/forms/copy-button.blade.php b/resources/views/components/forms/copy-button.blade.php
index 2e5f64c1a..5ed41fe1a 100644
--- a/resources/views/components/forms/copy-button.blade.php
+++ b/resources/views/components/forms/copy-button.blade.php
@@ -2,9 +2,13 @@
 
 <div class="relative" x-data="{ copied: false }">
     <input type="text" value="{{ $text }}" readonly class="input">
-    <button @click="copied = true; navigator.clipboard.writeText('{{ $text }}'); setTimeout(() => copied = false, 1000)" class="absolute right-2 top-1/2 -translate-y-1/2 p-1.5 text-gray-400 hover:text-gray-300 transition-colors" title="Copy to clipboard">
+    <button
+        @click.prevent="copied = true; navigator.clipboard.writeText('{{ $text }}'); setTimeout(() => copied = false, 1000)"
+        class="absolute right-2 top-1/2 -translate-y-1/2 p-1.5 text-gray-400 hover:text-gray-300 transition-colors"
+        title="Copy to clipboard">
         <svg x-show="!copied" class="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M8 16H6a2 2 0 01-2-2V6a2 2 0 012-2h8a2 2 0 012 2v2m-6 12h8a2 2 0 002-2v-8a2 2 0 00-2-2h-8a2 2 0 00-2 2v8a2 2 0 002 2z" />
+            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2"
+                d="M8 16H6a2 2 0 01-2-2V6a2 2 0 012-2h8a2 2 0 012 2v2m-6 12h8a2 2 0 002-2v-8a2 2 0 00-2-2h-8a2 2 0 00-2 2v8a2 2 0 002 2z" />
         </svg>
         <svg x-show="copied" class="w-5 h-5 text-green-500" fill="none" stroke="currentColor" viewBox="0 0 24 24">
             <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 13l4 4L19 7" />
diff --git a/resources/views/components/server/sidebar.blade.php b/resources/views/components/server/sidebar.blade.php
index ecc5785aa..922995a1e 100644
--- a/resources/views/components/server/sidebar.blade.php
+++ b/resources/views/components/server/sidebar.blade.php
@@ -1,6 +1,11 @@
 <div class="flex flex-col items-start gap-2 min-w-fit">
     <a wire:navigate class="menu-item {{ $activeMenu === 'general' ? 'menu-item-active' : '' }}"
         href="{{ route('server.show', ['server_uuid' => $server->uuid]) }}">General</a>
+    @if ($server->isFunctional())
+        <a wire:navigate class="menu-item {{ $activeMenu === 'advanced' ? 'menu-item-active' : '' }}"
+            href="{{ route('server.advanced', ['server_uuid' => $server->uuid]) }}">Advanced
+        </a>
+    @endif
     <a wire:navigate class="menu-item {{ $activeMenu === 'private-key' ? 'menu-item-active' : '' }}"
         href="{{ route('server.private-key', ['server_uuid' => $server->uuid]) }}">Private Key
     </a>
@@ -16,9 +21,6 @@
         <a wire:navigate class="menu-item {{ $activeMenu === 'destinations' ? 'menu-item-active' : '' }}"
             href="{{ route('server.destinations', ['server_uuid' => $server->uuid]) }}">Destinations
         </a>
-        <a wire:navigate class="menu-item {{ $activeMenu === 'advanced' ? 'menu-item-active' : '' }}"
-            href="{{ route('server.advanced', ['server_uuid' => $server->uuid]) }}">Advanced
-        </a>
         <a wire:navigate class="menu-item {{ $activeMenu === 'log-drains' ? 'menu-item-active' : '' }}"
             href="{{ route('server.log-drains', ['server_uuid' => $server->uuid]) }}">Log
             Drains</a>
diff --git a/resources/views/livewire/project/database/dragonfly/general.blade.php b/resources/views/livewire/project/database/dragonfly/general.blade.php
index 44765ae13..b08162cb6 100644
--- a/resources/views/livewire/project/database/dragonfly/general.blade.php
+++ b/resources/views/livewire/project/database/dragonfly/general.blade.php
@@ -53,34 +53,31 @@
             <div class="flex items-center justify-between py-2">
                 <div class="flex items-center justify-between w-full">
                     <h3>SSL Configuration</h3>
-                    @if($database->enable_ssl && $certificateValidUntil)
-                        <x-modal-confirmation
-                            title="Regenerate SSL Certificates"
-                            buttonTitle="Regenerate SSL Certificates"
-                            :actions="[
+                    @if ($database->enable_ssl && $certificateValidUntil)
+                        <x-modal-confirmation title="Regenerate SSL Certificates"
+                            buttonTitle="Regenerate SSL Certificates" :actions="[
                                 'The SSL certificate of this database will be regenerated.',
-                                'You must restart the database after regenerating the certificate to start using the new certificate.'
+                                'You must restart the database after regenerating the certificate to start using the new certificate.',
                             ]"
-                            submitAction="regenerateSslCertificate"
-                            :confirmWithText="false"
-                            :confirmWithPassword="false"
-                        />
+                            submitAction="regenerateSslCertificate" :confirmWithText="false" :confirmWithPassword="false" />
                     @endif
                 </div>
             </div>
-            @if($database->enable_ssl && $certificateValidUntil)
-                <span class="text-sm">Valid until: 
-                @if(now()->gt($certificateValidUntil))
-                    <span class="text-red-500">{{ $certificateValidUntil->format('d.m.Y H:i:s') }} - Expired</span>
-                @elseif(now()->addDays(30)->gt($certificateValidUntil))
-                    <span class="text-red-500">{{ $certificateValidUntil->format('d.m.Y H:i:s') }} - Expiring soon</span>
-                @else
-                    <span>{{ $certificateValidUntil->format('d.m.Y H:i:s') }}</span>
-                @endif
+            @if ($database->enable_ssl && $certificateValidUntil)
+                <span class="text-sm">Valid until:
+                    @if (now()->gt($certificateValidUntil))
+                        <span class="text-red-500">{{ $certificateValidUntil->format('d.m.Y H:i:s') }} - Expired</span>
+                    @elseif(now()->addDays(30)->gt($certificateValidUntil))
+                        <span class="text-red-500">{{ $certificateValidUntil->format('d.m.Y H:i:s') }} - Expiring
+                            soon</span>
+                    @else
+                        <span>{{ $certificateValidUntil->format('d.m.Y H:i:s') }}</span>
+                    @endif
                 </span>
             @endif
             <div class="flex flex-col gap-2">
-                <x-forms.checkbox id="enable_ssl" label="Enable SSL" wire:model.live="enable_ssl" instantSave="instantSaveSSL" />
+                <x-forms.checkbox id="enable_ssl" label="Enable SSL" wire:model.live="enable_ssl"
+                    instantSave="instantSaveSSL" />
             </div>
         </div>
         <div>
diff --git a/resources/views/livewire/project/database/mongodb/general.blade.php b/resources/views/livewire/project/database/mongodb/general.blade.php
index b060bca54..4e353306a 100644
--- a/resources/views/livewire/project/database/mongodb/general.blade.php
+++ b/resources/views/livewire/project/database/mongodb/general.blade.php
@@ -60,43 +60,44 @@
             <div class="flex items-center justify-between py-2">
                 <div class="flex items-center justify-between w-full">
                     <h3>SSL Configuration</h3>
-                    @if($database->enable_ssl)
-                        <x-modal-confirmation
-                            title="Regenerate SSL Certificates"
-                            buttonTitle="Regenerate SSL Certificates"
-                            :actions="['The SSL certificate of this database will be regenerated.','You must restart the database after regenerating the certificate to start using the new certificate.']"
-                            submitAction="regenerateSslCertificate"
-                            :confirmWithText="false"
-                            :confirmWithPassword="false"
-                        />
+                    @if ($database->enable_ssl)
+                        <x-modal-confirmation title="Regenerate SSL Certificates"
+                            buttonTitle="Regenerate SSL Certificates" :actions="[
+                                'The SSL certificate of this database will be regenerated.',
+                                'You must restart the database after regenerating the certificate to start using the new certificate.',
+                            ]"
+                            submitAction="regenerateSslCertificate" :confirmWithText="false" :confirmWithPassword="false" />
                     @endif
                 </div>
             </div>
-            @if($database->enable_ssl && $certificateValidUntil)
-                <span class="text-sm">Valid until: 
-                @if(now()->gt($certificateValidUntil))
-                    <span class="text-red-500">{{ $certificateValidUntil->format('d.m.Y H:i:s') }} - Expired</span>
-                @elseif(now()->addDays(30)->gt($certificateValidUntil))
-                    <span class="text-red-500">{{ $certificateValidUntil->format('d.m.Y H:i:s') }} - Expiring soon</span>
-                @else
-                    <span>{{ $certificateValidUntil->format('d.m.Y H:i:s') }}</span>
-                @endif
+            @if ($database->enable_ssl && $certificateValidUntil)
+                <span class="text-sm">Valid until:
+                    @if (now()->gt($certificateValidUntil))
+                        <span class="text-red-500">{{ $certificateValidUntil->format('d.m.Y H:i:s') }} - Expired</span>
+                    @elseif(now()->addDays(30)->gt($certificateValidUntil))
+                        <span class="text-red-500">{{ $certificateValidUntil->format('d.m.Y H:i:s') }} - Expiring
+                            soon</span>
+                    @else
+                        <span>{{ $certificateValidUntil->format('d.m.Y H:i:s') }}</span>
+                    @endif
                 </span>
             @endif
         </div>
         <div class="flex flex-col gap-2">
             <div class="flex flex-col gap-2">
-                <x-forms.checkbox id="database.enable_ssl" label="Enable SSL" 
-                    wire:model.live="database.enable_ssl" instantSave="instantSaveSSL" />
-                @if($database->enable_ssl)
-                    <x-forms.select id="database.ssl_mode" label="SSL Mode" 
-                        wire:model.live="database.ssl_mode" instantSave="instantSaveSSL"
-                        helper="Choose the SSL verification mode for MongoDB connections">
-                        <option value="allow">allow</option>
-                        <option value="prefer">prefer</option>
-                        <option value="require">require</option>
-                        <option value="verify-full">verify-full</option>
-                    </x-forms.select>
+                <x-forms.checkbox id="database.enable_ssl" label="Enable SSL" wire:model.live="database.enable_ssl"
+                    instantSave="instantSaveSSL" />
+                @if ($database->enable_ssl)
+                    <div class="mx-2">
+                        <x-forms.select id="database.ssl_mode" label="SSL Mode" wire:model.live="database.ssl_mode"
+                            instantSave="instantSaveSSL"
+                            helper="Choose the SSL verification mode for MongoDB connections">
+                            <option value="allow" title="Allow insecure connections">allow (insecure)</option>
+                            <option value="prefer" title="Prefer secure connections">prefer (secure)</option>
+                            <option value="require" title="Require secure connections">require (secure)</option>
+                            <option value="verify-full" title="Verify full certificate">verify-full (secure)</option>
+                        </x-forms.select>
+                    </div>
                 @endif
             </div>
         </div>
diff --git a/resources/views/livewire/project/database/mysql/general.blade.php b/resources/views/livewire/project/database/mysql/general.blade.php
index 7bef88441..2a02dd9cd 100644
--- a/resources/views/livewire/project/database/mysql/general.blade.php
+++ b/resources/views/livewire/project/database/mysql/general.blade.php
@@ -70,41 +70,45 @@
             <div class="flex items-center justify-between py-2">
                 <div class="flex items-center justify-between w-full">
                     <h3>SSL Configuration</h3>
-                    @if($database->enable_ssl && $certificateValidUntil)
-                        <x-modal-confirmation
-                            title="Regenerate SSL Certificates"
-                            buttonTitle="Regenerate SSL Certificates"
-                            :actions="['The SSL certificate of this database will be regenerated.','You must restart the database after regenerating the certificate to start using the new certificate.']"
-                            submitAction="regenerateSslCertificate"
-                            :confirmWithText="false"
-                            :confirmWithPassword="false"
-                        />
+                    @if ($database->enable_ssl && $certificateValidUntil)
+                        <x-modal-confirmation title="Regenerate SSL Certificates"
+                            buttonTitle="Regenerate SSL Certificates" :actions="[
+                                'The SSL certificate of this database will be regenerated.',
+                                'You must restart the database after regenerating the certificate to start using the new certificate.',
+                            ]"
+                            submitAction="regenerateSslCertificate" :confirmWithText="false" :confirmWithPassword="false" />
                     @endif
                 </div>
             </div>
-            @if($database->enable_ssl && $certificateValidUntil)
-                <span class="text-sm">Valid until: 
-                @if(now()->gt($certificateValidUntil))
-                    <span class="text-red-500">{{ $certificateValidUntil->format('d.m.Y H:i:s') }} - Expired</span>
-                @elseif(now()->addDays(30)->gt($certificateValidUntil))
-                    <span class="text-red-500">{{ $certificateValidUntil->format('d.m.Y H:i:s') }} - Expiring soon</span>
-                @else
-                    <span>{{ $certificateValidUntil->format('d.m.Y H:i:s') }}</span>
-                @endif
+            @if ($database->enable_ssl && $certificateValidUntil)
+                <span class="text-sm">Valid until:
+                    @if (now()->gt($certificateValidUntil))
+                        <span class="text-red-500">{{ $certificateValidUntil->format('d.m.Y H:i:s') }} - Expired</span>
+                    @elseif(now()->addDays(30)->gt($certificateValidUntil))
+                        <span class="text-red-500">{{ $certificateValidUntil->format('d.m.Y H:i:s') }} - Expiring
+                            soon</span>
+                    @else
+                        <span>{{ $certificateValidUntil->format('d.m.Y H:i:s') }}</span>
+                    @endif
                 </span>
             @endif
         </div>
         <div class="flex flex-col gap-2">
             <div class="flex flex-col gap-2">
-                <x-forms.checkbox id="database.enable_ssl" label="Enable SSL" wire:model.live="database.enable_ssl" instantSave="instantSaveSSL" />
-                @if($database->enable_ssl)
-                    <x-forms.select id="database.ssl_mode" label="SSL Mode" wire:model.live="database.ssl_mode" instantSave="instantSaveSSL"
-                        helper="Choose the SSL verification mode for MySQL connections">
-                        <option value="PREFERRED">PREFERRED</option>
-                        <option value="REQUIRED">REQUIRED</option>
-                        <option value="VERIFY_CA">VERIFY_CA</option>
-                        <option value="VERIFY_IDENTITY">VERIFY_IDENTITY</option>
-                    </x-forms.select>
+                <x-forms.checkbox id="database.enable_ssl" label="Enable SSL" wire:model.live="database.enable_ssl"
+                    instantSave="instantSaveSSL" />
+                @if ($database->enable_ssl)
+                    <div class="mx-2">
+                        <x-forms.select id="database.ssl_mode" label="SSL Mode" wire:model.live="database.ssl_mode"
+                            instantSave="instantSaveSSL"
+                            helper="Choose the SSL verification mode for MySQL connections">
+                            <option value="PREFERRED" title="Prefer secure connections">Prefer (secure)</option>
+                            <option value="REQUIRED" title="Require secure connections">Require (secure)</option>
+                            <option value="VERIFY_CA" title="Verify CA certificate">Verify CA (secure)</option>
+                            <option value="VERIFY_IDENTITY" title="Verify full certificate">Verify Full (secure)
+                            </option>
+                        </x-forms.select>
+                    </div>
                 @endif
             </div>
         </div>
diff --git a/resources/views/livewire/project/database/postgresql/general.blade.php b/resources/views/livewire/project/database/postgresql/general.blade.php
index e396b59c4..b90836ce8 100644
--- a/resources/views/livewire/project/database/postgresql/general.blade.php
+++ b/resources/views/livewire/project/database/postgresql/general.blade.php
@@ -77,42 +77,45 @@
             <div class="flex items-center justify-between py-2">
                 <div class="flex items-center justify-between w-full">
                     <h3>SSL Configuration</h3>
-                    @if($database->enable_ssl && $certificateValidUntil)
-                        <x-modal-confirmation
-                            title="Regenerate SSL Certificates"
-                            buttonTitle="Regenerate SSL Certificates"
-                            :actions="['The SSL certificate of this database will be regenerated.','You must restart the database after regenerating the certificate to start using the new certificate.']"
-                            submitAction="regenerateSslCertificate"
-                            :confirmWithText="false"
-                            :confirmWithPassword="false"
-                        />
+                    @if ($database->enable_ssl && $certificateValidUntil)
+                        <x-modal-confirmation title="Regenerate SSL Certificates"
+                            buttonTitle="Regenerate SSL Certificates" :actions="[
+                                'The SSL certificate of this database will be regenerated.',
+                                'You must restart the database after regenerating the certificate to start using the new certificate.',
+                            ]"
+                            submitAction="regenerateSslCertificate" :confirmWithText="false" :confirmWithPassword="false" />
                     @endif
                 </div>
             </div>
-            @if($database->enable_ssl && $certificateValidUntil)
-                <span class="text-sm">Valid until: 
-                @if(now()->gt($certificateValidUntil))
-                    <span class="text-red-500">{{ $certificateValidUntil->format('d.m.Y H:i:s') }} - Expired</span>
-                @elseif(now()->addDays(30)->gt($certificateValidUntil))
-                    <span class="text-red-500">{{ $certificateValidUntil->format('d.m.Y H:i:s') }} - Expiring soon</span>
-                @else
-                    <span>{{ $certificateValidUntil->format('d.m.Y H:i:s') }}</span>
-                @endif
+            @if ($database->enable_ssl && $certificateValidUntil)
+                <span class="text-sm">Valid until:
+                    @if (now()->gt($certificateValidUntil))
+                        <span class="text-red-500">{{ $certificateValidUntil->format('d.m.Y H:i:s') }} - Expired</span>
+                    @elseif(now()->addDays(30)->gt($certificateValidUntil))
+                        <span class="text-red-500">{{ $certificateValidUntil->format('d.m.Y H:i:s') }} - Expiring
+                            soon</span>
+                    @else
+                        <span>{{ $certificateValidUntil->format('d.m.Y H:i:s') }}</span>
+                    @endif
                 </span>
             @endif
         </div>
         <div class="flex flex-col gap-2">
             <div class="flex flex-col gap-2">
-                <x-forms.checkbox id="database.enable_ssl" label="Enable SSL" wire:model.live="database.enable_ssl" instantSave="instantSaveSSL" />
-                @if($database->enable_ssl)
-                    <x-forms.select id="database.ssl_mode" label="SSL Mode" wire:model.live="database.ssl_mode" instantSave="instantSaveSSL"
-                        helper="Choose the SSL verification mode for PostgreSQL connections">
-                        <option value="allow">allow</option>
-                        <option value="prefer">prefer</option>
-                        <option value="require">require</option>
-                        <option value="verify-ca">verify-ca</option>
-                        <option value="verify-full">verify-full</option>
-                    </x-forms.select>
+                <x-forms.checkbox id="database.enable_ssl" label="Enable SSL" wire:model.live="database.enable_ssl"
+                    instantSave="instantSaveSSL" />
+                @if ($database->enable_ssl)
+                    <div class="mx-2">
+                        <x-forms.select id="database.ssl_mode" label="SSL Mode" wire:model.live="database.ssl_mode"
+                            instantSave="instantSaveSSL"
+                            helper="Choose the SSL verification mode for PostgreSQL connections">
+                            <option value="allow" title="Allow insecure connections">allow (insecure)</option>
+                            <option value="prefer" title="Prefer secure connections">prefer (secure)</option>
+                            <option value="require" title="Require secure connections">require (secure)</option>
+                            <option value="verify-ca" title="Verify CA certificate">verify-ca (secure)</option>
+                            <option value="verify-full" title="Verify full certificate">verify-full (secure)</option>
+                        </x-forms.select>
+                    </div>
                 @endif
             </div>
         </div>
@@ -159,7 +162,8 @@
                 <h3>Initialization scripts</h3>
                 <x-modal-input buttonTitle="+ Add" title="New Init Script">
                     <form class="flex flex-col w-full gap-2 rounded" wire:submit='save_new_init_script'>
-                        <x-forms.input placeholder="create_test_db.sql" id="new_filename" label="Filename" required />
+                        <x-forms.input placeholder="create_test_db.sql" id="new_filename" label="Filename"
+                            required />
                         <x-forms.textarea rows="20" placeholder="CREATE DATABASE test;" id="new_content"
                             label="Content" required />
                         <x-forms.button type="submit">

From dfbe5f451403684068d57281b928d50eac95c925 Mon Sep 17 00:00:00 2001
From: Andras Bacsai <5845193+andrasbacsai@users.noreply.github.com>
Date: Mon, 17 Mar 2025 16:40:30 +0100
Subject: [PATCH 142/145] feat(templates): change glance for v0.7

https://github.com/glanceapp/glance/blob/main/docs/v0.7.0-upgrade.md
---
 templates/compose/glance.yaml    |  3 ++-
 templates/service-templates.json | 40 +++++++++++++++++++++++++++++---
 2 files changed, 39 insertions(+), 4 deletions(-)

diff --git a/templates/compose/glance.yaml b/templates/compose/glance.yaml
index 2a21bc50c..22618cf14 100644
--- a/templates/compose/glance.yaml
+++ b/templates/compose/glance.yaml
@@ -10,8 +10,9 @@ services:
     environment:
       - SERVICE_FQDN_GLANCE_8080
     volumes:
+      - ./config:/app/config
       - type: bind
-        source: ./config
+        source: ./config/glance.yml
         target: /app/config/glance.yml
         content: |
           pages:
diff --git a/templates/service-templates.json b/templates/service-templates.json
index d88ad79fa..cf6d49de2 100644
--- a/templates/service-templates.json
+++ b/templates/service-templates.json
@@ -563,6 +563,20 @@
         "minversion": "0.0.0",
         "port": "8080"
     },
+    "denoKV": {
+        "documentation": "https://docs.deno.com/deploy/kv/manual/?utm_source=coolify.io",
+        "slogan": "The Denoland key-value database",
+        "compose": "c2VydmljZXM6CiAgZGVub2t2OgogICAgaW1hZ2U6ICdnaGNyLmlvL2Rlbm9sYW5kL2Rlbm9rdjpsYXRlc3QnCiAgICBlbnZpcm9ubWVudDoKICAgICAgLSAnQUNDRVNTX1RPS0VOPSR7U0VSVklDRV9QQVNTV09SRF9ERU5PS1Z9JwogICAgICAtIFNFUlZJQ0VfRlFETl9ERU5PS1ZfNDUxMgogICAgdm9sdW1lczoKICAgICAgLSAnJHtDT09MSUZZX1ZPTFVNRV9BUFB9Oi9kYXRhJwogICAgY29tbWFuZDogJy0tc3FsaXRlLXBhdGggL2RhdGEvZGVub2t2LnNxbGl0ZSBzZXJ2ZSAtLWFjY2Vzcy10b2tlbiAke1NFUlZJQ0VfUEFTU1dPUkRfREVOT0tWfScKICAgIGhlYWx0aGNoZWNrOgogICAgICB0ZXN0OgogICAgICAgIC0gQ01ECiAgICAgICAgLSBuYwogICAgICAgIC0gJy16dicKICAgICAgICAtIDEyNy4wLjAuMQogICAgICAgIC0gJzQ1MTInCiAgICAgIGludGVydmFsOiA1cwogICAgICB0aW1lb3V0OiA1cwogICAgICByZXRyaWVzOiAzCg==",
+        "tags": [
+            "deno",
+            "kv",
+            "key-value",
+            "database"
+        ],
+        "logo": "svgs/deno.svg",
+        "minversion": "0.0.0",
+        "port": "4512"
+    },
     "directus-with-postgresql": {
         "documentation": "https://directus.io?utm_source=coolify.io",
         "slogan": "Directus wraps databases with a dynamic API, and provides an intuitive app for managing its content.",
@@ -1013,7 +1027,7 @@
     "foundryvtt": {
         "documentation": "https://foundryvtt.com/kb/?utm_source=coolify.io",
         "slogan": "Foundry Virtual Tabletop is a self-hosted & modern roleplaying platform",
-        "compose": "c2VydmljZXM6CiAgZm91bmRyeXZ0dDoKICAgIGltYWdlOiAnZmVsZGR5L2ZvdW5kcnl2dHQ6cmVsZWFzZScKICAgIGV4cG9zZToKICAgICAgLSAzMDAwMAogICAgZW52aXJvbm1lbnQ6CiAgICAgIC0gU0VSVklDRV9GUUROX0ZPVU5EUllfMzAwMDAKICAgICAgLSAnRk9VTkRSWV9VU0VSTkFNRT0ke0ZPVU5EUllfVVNFUk5BTUV9JwogICAgICAtICdGT1VORFJZX1BBU1NXT1JEPSR7Rk9VTkRSWV9QQVNTV09SRH0nCiAgICAgIC0gJ0ZPVU5EUllfUkVMRUFTRV9VUkw9JHtGT1VORFJZX1JFTEVBU0VfVVJMfScKICAgICAgLSAnRk9VTkRSWV9MSUNFTlNFX0tFWT0ke0ZPVU5EUllfTElDRU5TRV9LRVl9JwogICAgICAtICdGT1VORFJZX0FETUlOX0tFWT0ke0ZPVU5EUllfQURNSU46LWF0cm9wb3N9JwogICAgICAtICdGT1VORFJZX0hPU1ROQU1FPSR7Rk9VTkRSWV9IT1NUTkFNRX0nCiAgICAgIC0gJ0ZPVU5EUllfUk9VVEVfUFJFRklYPSR7Rk9VTkRSWV9ST1VURV9QUkVGSVh9JwogICAgICAtICdGT1VORFJZX1BST1hZX1BPUlQ9JHtGT1VORFJZX1BST1hZX1BPUlQ6LTgwfScKICAgICAgLSAnRk9VTkRSWV9QUk9YWV9TU0w9JHtGT1VORFJZX1BST1hZX1NTTDotdHJ1ZX0nCiAgICAgIC0gJ0ZPVU5EUllfQVdTX0NPTkZJRz0ke0ZPVU5EUllfQVdTX0NPTkZJR30nCiAgICAgIC0gJ0ZPVU5EUllfTEFOR1VBR0U9JHtGT1VORFJZX0xBTkdVQUdFOi1lbi5jb3JlfScKICAgICAgLSAnRk9VTkRSWV9DU1NfVEhFTUU9JHtGT1VORFJZX0NTU19USEVNRTotZm91bmRyeX0nCiAgICAgIC0gJ0ZPVU5EUllfTUlOSUZZX1NUQVRJQ19GSUxFUz0ke0ZPVU5EUllfTUlOSUZZX1NUQVRJQ19GSUxFUzotdHJ1ZX0nCiAgICAgIC0gJ0ZPVU5EUllfV09STEQ9JHtGT1VORFJZX1dPUkxEfScKICAgICAgLSAnRk9VTkRSWV9URUxFTUVUUlk9JHtGT1VORFJZX1RFTEVNRVRSWTotZmFsc2V9JwogICAgICAtICdUSU1FWk9ORT0ke1RJTUVaT05FOi1VVEN9JwogICAgICAtIENPTlRBSU5FUl9DQUNIRT0vZGF0YS9jb250YWluZXJfY2FjaGUKICAgIHZvbHVtZXM6CiAgICAgIC0gJ2ZvdW5kcnl2dHQtZGF0YTovZGF0YScKICAgIGhlYWx0aGNoZWNrOgogICAgICB0ZXN0OgogICAgICAgIC0gQ01ECiAgICAgICAgLSBjdXJsCiAgICAgICAgLSAnLWYnCiAgICAgICAgLSAnaHR0cDovLzEyNy4wLjAuMTozMDAwMCcKICAgICAgdGltZW91dDogNXMKICAgICAgaW50ZXJ2YWw6IDMwcwogICAgICByZXRyaWVzOiAzCg==",
+        "compose": "c2VydmljZXM6CiAgZm91bmRyeXZ0dDoKICAgIGltYWdlOiAnZmVsZGR5L2ZvdW5kcnl2dHQ6cmVsZWFzZScKICAgIGV4cG9zZToKICAgICAgLSAzMDAwMAogICAgZW52aXJvbm1lbnQ6CiAgICAgIC0gU0VSVklDRV9GUUROX0ZPVU5EUllfMzAwMDAKICAgICAgLSAnRk9VTkRSWV9VU0VSTkFNRT0ke0ZPVU5EUllfVVNFUk5BTUV9JwogICAgICAtICdGT1VORFJZX1BBU1NXT1JEPSR7Rk9VTkRSWV9QQVNTV09SRH0nCiAgICAgIC0gJ0ZPVU5EUllfUkVMRUFTRV9VUkw9JHtGT1VORFJZX1JFTEVBU0VfVVJMfScKICAgICAgLSAnRk9VTkRSWV9MSUNFTlNFX0tFWT0ke0ZPVU5EUllfTElDRU5TRV9LRVl9JwogICAgICAtICdGT1VORFJZX0FETUlOX0tFWT0ke0ZPVU5EUllfQURNSU46LWF0cm9wb3N9JwogICAgICAtICdGT1VORFJZX0hPU1ROQU1FPSR7Rk9VTkRSWV9IT1NUTkFNRX0nCiAgICAgIC0gJ0ZPVU5EUllfUk9VVEVfUFJFRklYPSR7Rk9VTkRSWV9ST1VURV9QUkVGSVh9JwogICAgICAtICdGT1VORFJZX1BST1hZX1BPUlQ9JHtGT1VORFJZX1BST1hZX1BPUlQ6LTgwfScKICAgICAgLSAnRk9VTkRSWV9QUk9YWV9TU0w9JHtGT1VORFJZX1BST1hZX1NTTDotdHJ1ZX0nCiAgICAgIC0gJ0ZPVU5EUllfQVdTX0NPTkZJRz0ke0ZPVU5EUllfQVdTX0NPTkZJR30nCiAgICAgIC0gJ0ZPVU5EUllfTEFOR1VBR0U9JHtGT1VORFJZX0xBTkdVQUdFOi1lbi5jb3JlfScKICAgICAgLSAnRk9VTkRSWV9DU1NfVEhFTUU9JHtGT1VORFJZX0NTU19USEVNRTotZm91bmRyeX0nCiAgICAgIC0gJ0ZPVU5EUllfTUlOSUZZX1NUQVRJQ19GSUxFUz0ke0ZPVU5EUllfTUlOSUZZX1NUQVRJQ19GSUxFUzotdHJ1ZX0nCiAgICAgIC0gJ0ZPVU5EUllfV09STEQ9JHtGT1VORFJZX1dPUkxEfScKICAgICAgLSAnRk9VTkRSWV9URUxFTUVUUlk9JHtGT1VORFJZX1RFTEVNRVRSWTotZmFsc2V9JwogICAgICAtICdUSU1FWk9ORT0ke1RJTUVaT05FOi1VVEN9JwogICAgICAtIENPTlRBSU5FUl9DQUNIRT0vZGF0YS9jb250YWluZXJfY2FjaGUKICAgIHZvbHVtZXM6CiAgICAgIC0KICAgICAgICB0eXBlOiBiaW5kCiAgICAgICAgc291cmNlOiAnJHtGT1VORFJZX0RBVEE6LS9kYXRhL2ZvdW5kcnl2dHR9JwogICAgICAgIHRhcmdldDogL2RhdGEKICAgICAgICBpc19kaXJlY3Rvcnk6IHRydWUKICAgIGhlYWx0aGNoZWNrOgogICAgICB0ZXN0OgogICAgICAgIC0gQ01ECiAgICAgICAgLSBjdXJsCiAgICAgICAgLSAnLWYnCiAgICAgICAgLSAnaHR0cDovLzEyNy4wLjAuMTozMDAwMCcKICAgICAgdGltZW91dDogNXMKICAgICAgaW50ZXJ2YWw6IDMwcwogICAgICByZXRyaWVzOiAzCg==",
         "tags": [
             "foundryvtt",
             "foundry",
@@ -1193,7 +1207,7 @@
     "glance": {
         "documentation": "https://github.com/glanceapp/glance?utm_source=coolify.io",
         "slogan": "A self-hosted dashboard that puts all your feeds in one place.",
-        "compose": "c2VydmljZXM6CiAgZ2xhbmNlOgogICAgaW1hZ2U6ICdnbGFuY2VhcHAvZ2xhbmNlOmxhdGVzdCcKICAgIGVudmlyb25tZW50OgogICAgICAtIFNFUlZJQ0VfRlFETl9HTEFOQ0VfODA4MAogICAgdm9sdW1lczoKICAgICAgLQogICAgICAgIHR5cGU6IGJpbmQKICAgICAgICBzb3VyY2U6IC4vZ2xhbmNlLXNldHRpbmdzCiAgICAgICAgdGFyZ2V0OiAvYXBwL2dsYW5jZS55bWwKICAgICAgICBjb250ZW50OiAicGFnZXM6XG4gIC0gbmFtZTogSG9tZVxuICAgIHNlcnZlcjpcbiAgICAgIGhvc3Q6IDAuMC4wLjBcbiAgICAgIHBvcnQ6IDgwODBcbiAgICAgIGFzc2V0cy1wYXRoOiAvdXNlci9hc3NldHNcbiAgICBjb2x1bW5zOlxuICAgICAgLSBzaXplOiBzbWFsbFxuICAgICAgICB3aWRnZXRzOlxuICAgICAgICAgIC0gdHlwZTogY2FsZW5kYXJcblxuICAgICAgICAgIC0gdHlwZTogcnNzXG4gICAgICAgICAgICBsaW1pdDogMTBcbiAgICAgICAgICAgIGNvbGxhcHNlLWFmdGVyOiAzXG4gICAgICAgICAgICBjYWNoZTogM2hcbiAgICAgICAgICAgIGZlZWRzOlxuICAgICAgICAgICAgICAtIHVybDogaHR0cHM6Ly9jaWVjaGFub3cuc2tpL2F0b20ueG1sXG4gICAgICAgICAgICAgIC0gdXJsOiBodHRwczovL3d3dy5qb3Nod2NvbWVhdS5jb20vcnNzLnhtbFxuICAgICAgICAgICAgICAgIHRpdGxlOiBKb3NoIENvbWVhdVxuICAgICAgICAgICAgICAtIHVybDogaHR0cHM6Ly9zYW13aG8uZGV2L3Jzcy54bWxcbiAgICAgICAgICAgICAgLSB1cmw6IGh0dHBzOi8vYXdlc29tZWtsaW5nLmdpdGh1Yi5pby9mZWVkLnhtbFxuICAgICAgICAgICAgICAtIHVybDogaHR0cHM6Ly9pc2hhZGVlZC5jb20vZmVlZC54bWxcbiAgICAgICAgICAgICAgICB0aXRsZTogQWhtYWQgU2hhZGVlZFxuXG4gICAgICAgICAgLSB0eXBlOiB0d2l0Y2gtY2hhbm5lbHNcbiAgICAgICAgICAgIGNoYW5uZWxzOlxuICAgICAgICAgICAgICAtIHRoZXByaW1lYWdlblxuICAgICAgICAgICAgICAtIGhleWFuZHJhc1xuICAgICAgICAgICAgICAtIGNvaGhjYXJuYWdlXG4gICAgICAgICAgICAgIC0gY2hyaXN0aXR1c3RlY2hcbiAgICAgICAgICAgICAgLSBibHVyYnNcbiAgICAgICAgICAgICAgLSBhc21vbmdvbGRcbiAgICAgICAgICAgICAgLSBqZW1iYXdsc1xuXG4gICAgICAtIHNpemU6IGZ1bGxcbiAgICAgICAgd2lkZ2V0czpcbiAgICAgICAgICAtIHR5cGU6IGhhY2tlci1uZXdzXG5cbiAgICAgICAgICAtIHR5cGU6IHZpZGVvc1xuICAgICAgICAgICAgY2hhbm5lbHM6XG4gICAgICAgICAgICAgIC0gVUNSLURYYzF2b292UzhuaEF2Y2NSWmhnICMgSmVmZiBHZWVybGluZ1xuICAgICAgICAgICAgICAtIFVDdjZKX2pKYThHSnFGd1FOZ05yTXV3dyAjIFNlcnZlVGhlSG9tZVxuICAgICAgICAgICAgICAtIFVDT2stZ0h5amNXWk5qM0JyNG94d2gwQSAjIFRlY2hubyBUaW1cblxuICAgICAgICAgIC0gdHlwZTogcmVkZGl0XG4gICAgICAgICAgICBzdWJyZWRkaXQ6IHNlbGZob3N0ZWRcblxuICAgICAgLSBzaXplOiBzbWFsbFxuICAgICAgICB3aWRnZXRzOlxuICAgICAgICAgIC0gdHlwZTogd2VhdGhlclxuICAgICAgICAgICAgbG9jYXRpb246IExvbmRvbiwgVW5pdGVkIEtpbmdkb21cblxuICAgICAgICAgIC0gdHlwZTogc3RvY2tzXG4gICAgICAgICAgICBzdG9ja3M6XG4gICAgICAgICAgICAgIC0gc3ltYm9sOiBTUFlcbiAgICAgICAgICAgICAgICBuYW1lOiBTJlAgNTAwXG4gICAgICAgICAgICAgIC0gc3ltYm9sOiBCVEMtVVNEXG4gICAgICAgICAgICAgICAgbmFtZTogQml0Y29pblxuICAgICAgICAgICAgICAtIHN5bWJvbDogTlZEQVxuICAgICAgICAgICAgICAgIG5hbWU6IE5WSURJQVxuICAgICAgICAgICAgICAtIHN5bWJvbDogQUFQTFxuICAgICAgICAgICAgICAgIG5hbWU6IEFwcGxlXG4gICAgICAgICAgICAgIC0gc3ltYm9sOiBNU0ZUXG4gICAgICAgICAgICAgICAgbmFtZTogTWljcm9zb2Z0XG4gICAgICAgICAgICAgIC0gc3ltYm9sOiBHT09HTFxuICAgICAgICAgICAgICAgIG5hbWU6IEdvb2dsZVxuICAgICAgICAgICAgICAtIHN5bWJvbDogQU1EXG4gICAgICAgICAgICAgICAgbmFtZTogQU1EXG4gICAgICAgICAgICAgIC0gc3ltYm9sOiBSRERUXG4gICAgICAgICAgICAgICAgbmFtZTogUmVkZGl0IgogICAgICAtICdnbGFuY2UtYXNzZXRzOi91c2VyL2Fzc2V0cycKICAgIGhlYWx0aGNoZWNrOgogICAgICB0ZXN0OgogICAgICAgIC0gQ01ECiAgICAgICAgLSBlY2hvCiAgICAgICAgLSAnWytdIFNob3VsZCBiZSB3b3JraW5nIGZpbmUuJwogICAgICBpbnRlcnZhbDogNXMKICAgICAgdGltZW91dDogMjBzCiAgICAgIHJldHJpZXM6IDEwCg==",
+        "compose": "c2VydmljZXM6CiAgZ2xhbmNlOgogICAgaW1hZ2U6ICdnbGFuY2VhcHAvZ2xhbmNlOmxhdGVzdCcKICAgIGVudmlyb25tZW50OgogICAgICAtIFNFUlZJQ0VfRlFETl9HTEFOQ0VfODA4MAogICAgdm9sdW1lczoKICAgICAgLSAnLi9jb25maWc6L2FwcC9jb25maWcnCiAgICAgIC0KICAgICAgICB0eXBlOiBiaW5kCiAgICAgICAgc291cmNlOiAuL2NvbmZpZy9nbGFuY2UueW1sCiAgICAgICAgdGFyZ2V0OiAvYXBwL2NvbmZpZy9nbGFuY2UueW1sCiAgICAgICAgY29udGVudDogInBhZ2VzOlxuICAtIG5hbWU6IEhvbWVcbiAgICBzZXJ2ZXI6XG4gICAgICBob3N0OiAwLjAuMC4wXG4gICAgICBwb3J0OiA4MDgwXG4gICAgICBhc3NldHMtcGF0aDogL3VzZXIvYXNzZXRzXG4gICAgY29sdW1uczpcbiAgICAgIC0gc2l6ZTogc21hbGxcbiAgICAgICAgd2lkZ2V0czpcbiAgICAgICAgICAtIHR5cGU6IGNhbGVuZGFyXG5cbiAgICAgICAgICAtIHR5cGU6IHJzc1xuICAgICAgICAgICAgbGltaXQ6IDEwXG4gICAgICAgICAgICBjb2xsYXBzZS1hZnRlcjogM1xuICAgICAgICAgICAgY2FjaGU6IDNoXG4gICAgICAgICAgICBmZWVkczpcbiAgICAgICAgICAgICAgLSB1cmw6IGh0dHBzOi8vY2llY2hhbm93LnNraS9hdG9tLnhtbFxuICAgICAgICAgICAgICAtIHVybDogaHR0cHM6Ly93d3cuam9zaHdjb21lYXUuY29tL3Jzcy54bWxcbiAgICAgICAgICAgICAgICB0aXRsZTogSm9zaCBDb21lYXVcbiAgICAgICAgICAgICAgLSB1cmw6IGh0dHBzOi8vc2Ftd2hvLmRldi9yc3MueG1sXG4gICAgICAgICAgICAgIC0gdXJsOiBodHRwczovL2F3ZXNvbWVrbGluZy5naXRodWIuaW8vZmVlZC54bWxcbiAgICAgICAgICAgICAgLSB1cmw6IGh0dHBzOi8vaXNoYWRlZWQuY29tL2ZlZWQueG1sXG4gICAgICAgICAgICAgICAgdGl0bGU6IEFobWFkIFNoYWRlZWRcblxuICAgICAgICAgIC0gdHlwZTogdHdpdGNoLWNoYW5uZWxzXG4gICAgICAgICAgICBjaGFubmVsczpcbiAgICAgICAgICAgICAgLSB0aGVwcmltZWFnZW5cbiAgICAgICAgICAgICAgLSBoZXlhbmRyYXNcbiAgICAgICAgICAgICAgLSBjb2hoY2FybmFnZVxuICAgICAgICAgICAgICAtIGNocmlzdGl0dXN0ZWNoXG4gICAgICAgICAgICAgIC0gYmx1cmJzXG4gICAgICAgICAgICAgIC0gYXNtb25nb2xkXG4gICAgICAgICAgICAgIC0gamVtYmF3bHNcblxuICAgICAgLSBzaXplOiBmdWxsXG4gICAgICAgIHdpZGdldHM6XG4gICAgICAgICAgLSB0eXBlOiBoYWNrZXItbmV3c1xuXG4gICAgICAgICAgLSB0eXBlOiB2aWRlb3NcbiAgICAgICAgICAgIGNoYW5uZWxzOlxuICAgICAgICAgICAgICAtIFVDUi1EWGMxdm9vdlM4bmhBdmNjUlpoZyAjIEplZmYgR2VlcmxpbmdcbiAgICAgICAgICAgICAgLSBVQ3Y2Sl9qSmE4R0pxRndRTmdOck11d3cgIyBTZXJ2ZVRoZUhvbWVcbiAgICAgICAgICAgICAgLSBVQ09rLWdIeWpjV1pOajNCcjRveHdoMEEgIyBUZWNobm8gVGltXG5cbiAgICAgICAgICAtIHR5cGU6IHJlZGRpdFxuICAgICAgICAgICAgc3VicmVkZGl0OiBzZWxmaG9zdGVkXG5cbiAgICAgIC0gc2l6ZTogc21hbGxcbiAgICAgICAgd2lkZ2V0czpcbiAgICAgICAgICAtIHR5cGU6IHdlYXRoZXJcbiAgICAgICAgICAgIGxvY2F0aW9uOiBMb25kb24sIFVuaXRlZCBLaW5nZG9tXG5cbiAgICAgICAgICAtIHR5cGU6IHN0b2Nrc1xuICAgICAgICAgICAgc3RvY2tzOlxuICAgICAgICAgICAgICAtIHN5bWJvbDogU1BZXG4gICAgICAgICAgICAgICAgbmFtZTogUyZQIDUwMFxuICAgICAgICAgICAgICAtIHN5bWJvbDogQlRDLVVTRFxuICAgICAgICAgICAgICAgIG5hbWU6IEJpdGNvaW5cbiAgICAgICAgICAgICAgLSBzeW1ib2w6IE5WREFcbiAgICAgICAgICAgICAgICBuYW1lOiBOVklESUFcbiAgICAgICAgICAgICAgLSBzeW1ib2w6IEFBUExcbiAgICAgICAgICAgICAgICBuYW1lOiBBcHBsZVxuICAgICAgICAgICAgICAtIHN5bWJvbDogTVNGVFxuICAgICAgICAgICAgICAgIG5hbWU6IE1pY3Jvc29mdFxuICAgICAgICAgICAgICAtIHN5bWJvbDogR09PR0xcbiAgICAgICAgICAgICAgICBuYW1lOiBHb29nbGVcbiAgICAgICAgICAgICAgLSBzeW1ib2w6IEFNRFxuICAgICAgICAgICAgICAgIG5hbWU6IEFNRFxuICAgICAgICAgICAgICAtIHN5bWJvbDogUkREVFxuICAgICAgICAgICAgICAgIG5hbWU6IFJlZGRpdCIKICAgICAgLSAnZ2xhbmNlLWFzc2V0czovdXNlci9hc3NldHMnCiAgICBoZWFsdGhjaGVjazoKICAgICAgdGVzdDoKICAgICAgICAtIENNRAogICAgICAgIC0gZWNobwogICAgICAgIC0gJ1srXSBTaG91bGQgYmUgd29ya2luZyBmaW5lLicKICAgICAgaW50ZXJ2YWw6IDVzCiAgICAgIHRpbWVvdXQ6IDIwcwogICAgICByZXRyaWVzOiAxMAo=",
         "tags": [
             "dashboard",
             "server",
@@ -2390,7 +2404,7 @@
     "plane": {
         "documentation": "https://docs.plane.so/self-hosting/methods/docker-compose?utm_source=coolify.io",
         "slogan": "The open source project management tool",
-        "compose": "eC1hcHAtZW52OgogIGVudmlyb25tZW50OgogICAgLSAnV0VCX1VSTD0ke1NFUlZJQ0VfRlFETl9QTEFORX0nCiAgICAtICdERUJVRz0ke0RFQlVHOi0wfScKICAgIC0gJ0NPUlNfQUxMT1dFRF9PUklHSU5TPSR7Q09SU19BTExPV0VEX09SSUdJTjotaHR0cDovL2xvY2FsaG9zdH0nCiAgICAtICdHVU5JQ09STl9XT1JLRVJTPSR7R1VOSUNPUk5fV09SS0VSUzotMX0nCiAgICAtIFBHSE9TVD1wbGFuZS1kYgogICAgLSBQR0RBVEFCQVNFPXBsYW5lCiAgICAtIFBPU1RHUkVTX1VTRVI9JFNFUlZJQ0VfVVNFUl9QT1NUR1JFUwogICAgLSBQT1NUR1JFU19QQVNTV09SRD0kU0VSVklDRV9QQVNTV09SRF9QT1NUR1JFUwogICAgLSBQT1NUR1JFU19EQj1wbGFuZQogICAgLSBQT1NUR1JFU19QT1JUPTU0MzIKICAgIC0gUEdEQVRBPS92YXIvbGliL3Bvc3RncmVzcWwvZGF0YQogICAgLSAnREFUQUJBU0VfVVJMPXBvc3RncmVzcWw6Ly8kU0VSVklDRV9VU0VSX1BPU1RHUkVTOiRTRVJWSUNFX1BBU1NXT1JEX1BPU1RHUkVTQHBsYW5lLWRiL3BsYW5lJwogICAgLSBSRURJU19IT1NUPXBsYW5lLXJlZGlzCiAgICAtIFJFRElTX1BPUlQ9NjM3OQogICAgLSAnUkVESVNfVVJMPSR7UkVESVNfVVJMOi1yZWRpczovL3BsYW5lLXJlZGlzOjYzNzkvfScKICAgIC0gUkFCQklUTVFfSE9TVD1wbGFuZS1tcQogICAgLSAnUkFCQklUTVFfUE9SVD0ke1JBQkJJVE1RX1BPUlQ6LTU2NzJ9JwogICAgLSAnUkFCQklUTVFfREVGQVVMVF9VU0VSPSR7U0VSVklDRV9VU0VSX1JBQkJJVE1ROi1wbGFuZX0nCiAgICAtICdSQUJCSVRNUV9ERUZBVUxUX1BBU1M9JHtTRVJWSUNFX1BBU1NXT1JEX1JBQkJJVE1ROi1wbGFuZX0nCiAgICAtICdSQUJCSVRNUV9ERUZBVUxUX1ZIT1NUPSR7UkFCQklUTVFfVkhPU1Q6LXBsYW5lfScKICAgIC0gJ1JBQkJJVE1RX1ZIT1NUPSR7UkFCQklUTVFfVkhPU1Q6LXBsYW5lfScKICAgIC0gJ0FNUVBfVVJMPWFtcXA6Ly8ke1NFUlZJQ0VfVVNFUl9SQUJCSVRNUX06JHtTRVJWSUNFX1BBU1NXT1JEX1JBQkJJVE1RfUBwbGFuZS1tcToke1JBQkJJVE1RX1BPUlR9L3BsYW5lJwogICAgLSBTRUNSRVRfS0VZPSRTRVJWSUNFX1BBU1NXT1JEXzY0X1NFQ1JFVEtFWQogICAgLSAnVVNFX01JTklPPSR7VVNFX01JTklPOi0xfScKICAgIC0gJ0FXU19SRUdJT049JHtBV1NfUkVHSU9OfScKICAgIC0gQVdTX0FDQ0VTU19LRVlfSUQ9JFNFUlZJQ0VfVVNFUl9NSU5JTwogICAgLSBBV1NfU0VDUkVUX0FDQ0VTU19LRVk9JFNFUlZJQ0VfUEFTU1dPUkRfTUlOSU8KICAgIC0gJ0FXU19TM19FTkRQT0lOVF9VUkw9JHtBV1NfUzNfRU5EUE9JTlRfVVJMOi1odHRwOi8vcGxhbmUtbWluaW86OTAwMH0nCiAgICAtICdBV1NfUzNfQlVDS0VUX05BTUU9JHtBV1NfUzNfQlVDS0VUX05BTUU6LXVwbG9hZHN9JwogICAgLSBNSU5JT19ST09UX1VTRVI9JFNFUlZJQ0VfVVNFUl9NSU5JTwogICAgLSBNSU5JT19ST09UX1BBU1NXT1JEPSRTRVJWSUNFX1BBU1NXT1JEX01JTklPCiAgICAtICdCVUNLRVRfTkFNRT0ke0JVQ0tFVF9OQU1FOi11cGxvYWRzfScKICAgIC0gJ0ZJTEVfU0laRV9MSU1JVD0ke0ZJTEVfU0laRV9MSU1JVDotNTI0Mjg4MH0nCiAgICAtICdBUElfQkFTRV9VUkw9JHtBUElfQkFTRV9VUkw6LWh0dHA6Ly9hcGk6ODAwMH0nCnNlcnZpY2VzOgogIHByb3h5OgogICAgZW52aXJvbm1lbnQ6CiAgICAgIC0gU0VSVklDRV9GUUROX1BMQU5FCiAgICAgIC0gJ0ZJTEVfU0laRV9MSU1JVD0ke0ZJTEVfU0laRV9MSU1JVDotNTI0Mjg4MH0nCiAgICAgIC0gJ0JVQ0tFVF9OQU1FPSR7QlVDS0VUX05BTUU6LXVwbG9hZHN9JwogICAgaW1hZ2U6ICdtYWtlcGxhbmUvcGxhbmUtcHJveHk6c3RhYmxlJwogICAgZGVwZW5kc19vbjoKICAgICAgLSB3ZWIKICAgICAgLSBhcGkKICAgICAgLSBzcGFjZQogICAgaGVhbHRoY2hlY2s6CiAgICAgIHRlc3Q6CiAgICAgICAgLSBDTUQKICAgICAgICAtIGN1cmwKICAgICAgICAtICctZicKICAgICAgICAtICdodHRwOi8vMTI3LjAuMC4xOjgwJwogICAgICBpbnRlcnZhbDogMnMKICAgICAgdGltZW91dDogMTBzCiAgICAgIHJldHJpZXM6IDE1CiAgd2ViOgogICAgZW52aXJvbm1lbnQ6CiAgICAgIC0gJ1dFQl9VUkw9JHtTRVJWSUNFX0ZRRE5fUExBTkV9JwogICAgICAtICdERUJVRz0ke0RFQlVHOi0wfScKICAgICAgLSAnQ09SU19BTExPV0VEX09SSUdJTlM9JHtDT1JTX0FMTE9XRURfT1JJR0lOOi1odHRwOi8vbG9jYWxob3N0fScKICAgICAgLSAnR1VOSUNPUk5fV09SS0VSUz0ke0dVTklDT1JOX1dPUktFUlM6LTF9JwogICAgICAtIFBHSE9TVD1wbGFuZS1kYgogICAgICAtIFBHREFUQUJBU0U9cGxhbmUKICAgICAgLSBQT1NUR1JFU19VU0VSPSRTRVJWSUNFX1VTRVJfUE9TVEdSRVMKICAgICAgLSBQT1NUR1JFU19QQVNTV09SRD0kU0VSVklDRV9QQVNTV09SRF9QT1NUR1JFUwogICAgICAtIFBPU1RHUkVTX0RCPXBsYW5lCiAgICAgIC0gUE9TVEdSRVNfUE9SVD01NDMyCiAgICAgIC0gUEdEQVRBPS92YXIvbGliL3Bvc3RncmVzcWwvZGF0YQogICAgICAtICdEQVRBQkFTRV9VUkw9cG9zdGdyZXNxbDovLyRTRVJWSUNFX1VTRVJfUE9TVEdSRVM6JFNFUlZJQ0VfUEFTU1dPUkRfUE9TVEdSRVNAcGxhbmUtZGIvcGxhbmUnCiAgICAgIC0gUkVESVNfSE9TVD1wbGFuZS1yZWRpcwogICAgICAtIFJFRElTX1BPUlQ9NjM3OQogICAgICAtICdSRURJU19VUkw9JHtSRURJU19VUkw6LXJlZGlzOi8vcGxhbmUtcmVkaXM6NjM3OS99JwogICAgICAtIFJBQkJJVE1RX0hPU1Q9cGxhbmUtbXEKICAgICAgLSAnUkFCQklUTVFfUE9SVD0ke1JBQkJJVE1RX1BPUlQ6LTU2NzJ9JwogICAgICAtICdSQUJCSVRNUV9ERUZBVUxUX1VTRVI9JHtTRVJWSUNFX1VTRVJfUkFCQklUTVE6LXBsYW5lfScKICAgICAgLSAnUkFCQklUTVFfREVGQVVMVF9QQVNTPSR7U0VSVklDRV9QQVNTV09SRF9SQUJCSVRNUTotcGxhbmV9JwogICAgICAtICdSQUJCSVRNUV9ERUZBVUxUX1ZIT1NUPSR7UkFCQklUTVFfVkhPU1Q6LXBsYW5lfScKICAgICAgLSAnUkFCQklUTVFfVkhPU1Q9JHtSQUJCSVRNUV9WSE9TVDotcGxhbmV9JwogICAgICAtICdBTVFQX1VSTD1hbXFwOi8vJHtTRVJWSUNFX1VTRVJfUkFCQklUTVF9OiR7U0VSVklDRV9QQVNTV09SRF9SQUJCSVRNUX1AcGxhbmUtbXE6JHtSQUJCSVRNUV9QT1JUfS9wbGFuZScKICAgICAgLSBTRUNSRVRfS0VZPSRTRVJWSUNFX1BBU1NXT1JEXzY0X1NFQ1JFVEtFWQogICAgICAtICdVU0VfTUlOSU89JHtVU0VfTUlOSU86LTF9JwogICAgICAtICdBV1NfUkVHSU9OPSR7QVdTX1JFR0lPTn0nCiAgICAgIC0gQVdTX0FDQ0VTU19LRVlfSUQ9JFNFUlZJQ0VfVVNFUl9NSU5JTwogICAgICAtIEFXU19TRUNSRVRfQUNDRVNTX0tFWT0kU0VSVklDRV9QQVNTV09SRF9NSU5JTwogICAgICAtICdBV1NfUzNfRU5EUE9JTlRfVVJMPSR7QVdTX1MzX0VORFBPSU5UX1VSTDotaHR0cDovL3BsYW5lLW1pbmlvOjkwMDB9JwogICAgICAtICdBV1NfUzNfQlVDS0VUX05BTUU9JHtBV1NfUzNfQlVDS0VUX05BTUU6LXVwbG9hZHN9JwogICAgICAtIE1JTklPX1JPT1RfVVNFUj0kU0VSVklDRV9VU0VSX01JTklPCiAgICAgIC0gTUlOSU9fUk9PVF9QQVNTV09SRD0kU0VSVklDRV9QQVNTV09SRF9NSU5JTwogICAgICAtICdCVUNLRVRfTkFNRT0ke0JVQ0tFVF9OQU1FOi11cGxvYWRzfScKICAgICAgLSAnRklMRV9TSVpFX0xJTUlUPSR7RklMRV9TSVpFX0xJTUlUOi01MjQyODgwfScKICAgICAgLSAnQVBJX0JBU0VfVVJMPSR7QVBJX0JBU0VfVVJMOi1odHRwOi8vYXBpOjgwMDB9JwogICAgaW1hZ2U6ICdtYWtlcGxhbmUvcGxhbmUtZnJvbnRlbmQ6c3RhYmxlJwogICAgY29tbWFuZDogJ25vZGUgd2ViL3NlcnZlci5qcyB3ZWInCiAgICBkZXBlbmRzX29uOgogICAgICAtIGFwaQogICAgICAtIHdvcmtlcgogICAgaGVhbHRoY2hlY2s6CiAgICAgIHRlc3Q6ICd3Z2V0IC1xTy0gaHR0cDovL2Bob3N0bmFtZWA6MzAwMCcKICAgICAgaW50ZXJ2YWw6IDJzCiAgICAgIHRpbWVvdXQ6IDEwcwogICAgICByZXRyaWVzOiAxNQogIHNwYWNlOgogICAgZW52aXJvbm1lbnQ6CiAgICAgIC0gJ1dFQl9VUkw9JHtTRVJWSUNFX0ZRRE5fUExBTkV9JwogICAgICAtICdERUJVRz0ke0RFQlVHOi0wfScKICAgICAgLSAnQ09SU19BTExPV0VEX09SSUdJTlM9JHtDT1JTX0FMTE9XRURfT1JJR0lOOi1odHRwOi8vbG9jYWxob3N0fScKICAgICAgLSAnR1VOSUNPUk5fV09SS0VSUz0ke0dVTklDT1JOX1dPUktFUlM6LTF9JwogICAgICAtIFBHSE9TVD1wbGFuZS1kYgogICAgICAtIFBHREFUQUJBU0U9cGxhbmUKICAgICAgLSBQT1NUR1JFU19VU0VSPSRTRVJWSUNFX1VTRVJfUE9TVEdSRVMKICAgICAgLSBQT1NUR1JFU19QQVNTV09SRD0kU0VSVklDRV9QQVNTV09SRF9QT1NUR1JFUwogICAgICAtIFBPU1RHUkVTX0RCPXBsYW5lCiAgICAgIC0gUE9TVEdSRVNfUE9SVD01NDMyCiAgICAgIC0gUEdEQVRBPS92YXIvbGliL3Bvc3RncmVzcWwvZGF0YQogICAgICAtICdEQVRBQkFTRV9VUkw9cG9zdGdyZXNxbDovLyRTRVJWSUNFX1VTRVJfUE9TVEdSRVM6JFNFUlZJQ0VfUEFTU1dPUkRfUE9TVEdSRVNAcGxhbmUtZGIvcGxhbmUnCiAgICAgIC0gUkVESVNfSE9TVD1wbGFuZS1yZWRpcwogICAgICAtIFJFRElTX1BPUlQ9NjM3OQogICAgICAtICdSRURJU19VUkw9JHtSRURJU19VUkw6LXJlZGlzOi8vcGxhbmUtcmVkaXM6NjM3OS99JwogICAgICAtIFJBQkJJVE1RX0hPU1Q9cGxhbmUtbXEKICAgICAgLSAnUkFCQklUTVFfUE9SVD0ke1JBQkJJVE1RX1BPUlQ6LTU2NzJ9JwogICAgICAtICdSQUJCSVRNUV9ERUZBVUxUX1VTRVI9JHtTRVJWSUNFX1VTRVJfUkFCQklUTVE6LXBsYW5lfScKICAgICAgLSAnUkFCQklUTVFfREVGQVVMVF9QQVNTPSR7U0VSVklDRV9QQVNTV09SRF9SQUJCSVRNUTotcGxhbmV9JwogICAgICAtICdSQUJCSVRNUV9ERUZBVUxUX1ZIT1NUPSR7UkFCQklUTVFfVkhPU1Q6LXBsYW5lfScKICAgICAgLSAnUkFCQklUTVFfVkhPU1Q9JHtSQUJCSVRNUV9WSE9TVDotcGxhbmV9JwogICAgICAtICdBTVFQX1VSTD1hbXFwOi8vJHtTRVJWSUNFX1VTRVJfUkFCQklUTVF9OiR7U0VSVklDRV9QQVNTV09SRF9SQUJCSVRNUX1AcGxhbmUtbXE6JHtSQUJCSVRNUV9QT1JUfS9wbGFuZScKICAgICAgLSBTRUNSRVRfS0VZPSRTRVJWSUNFX1BBU1NXT1JEXzY0X1NFQ1JFVEtFWQogICAgICAtICdVU0VfTUlOSU89JHtVU0VfTUlOSU86LTF9JwogICAgICAtICdBV1NfUkVHSU9OPSR7QVdTX1JFR0lPTn0nCiAgICAgIC0gQVdTX0FDQ0VTU19LRVlfSUQ9JFNFUlZJQ0VfVVNFUl9NSU5JTwogICAgICAtIEFXU19TRUNSRVRfQUNDRVNTX0tFWT0kU0VSVklDRV9QQVNTV09SRF9NSU5JTwogICAgICAtICdBV1NfUzNfRU5EUE9JTlRfVVJMPSR7QVdTX1MzX0VORFBPSU5UX1VSTDotaHR0cDovL3BsYW5lLW1pbmlvOjkwMDB9JwogICAgICAtICdBV1NfUzNfQlVDS0VUX05BTUU9JHtBV1NfUzNfQlVDS0VUX05BTUU6LXVwbG9hZHN9JwogICAgICAtIE1JTklPX1JPT1RfVVNFUj0kU0VSVklDRV9VU0VSX01JTklPCiAgICAgIC0gTUlOSU9fUk9PVF9QQVNTV09SRD0kU0VSVklDRV9QQVNTV09SRF9NSU5JTwogICAgICAtICdCVUNLRVRfTkFNRT0ke0JVQ0tFVF9OQU1FOi11cGxvYWRzfScKICAgICAgLSAnRklMRV9TSVpFX0xJTUlUPSR7RklMRV9TSVpFX0xJTUlUOi01MjQyODgwfScKICAgICAgLSAnQVBJX0JBU0VfVVJMPSR7QVBJX0JBU0VfVVJMOi1odHRwOi8vYXBpOjgwMDB9JwogICAgaW1hZ2U6ICdtYWtlcGxhbmUvcGxhbmUtc3BhY2U6c3RhYmxlJwogICAgY29tbWFuZDogJ25vZGUgc3BhY2Uvc2VydmVyLmpzIHNwYWNlJwogICAgZGVwZW5kc19vbjoKICAgICAgLSBhcGkKICAgICAgLSB3b3JrZXIKICAgICAgLSB3ZWIKICAgIGhlYWx0aGNoZWNrOgogICAgICB0ZXN0OgogICAgICAgIC0gQ01ECiAgICAgICAgLSBlY2hvCiAgICAgICAgLSAnaGV5IHdoYXRzIHVwJwogICAgICBpbnRlcnZhbDogMnMKICAgICAgdGltZW91dDogMTBzCiAgICAgIHJldHJpZXM6IDE1CiAgYWRtaW46CiAgICBlbnZpcm9ubWVudDoKICAgICAgLSAnV0VCX1VSTD0ke1NFUlZJQ0VfRlFETl9QTEFORX0nCiAgICAgIC0gJ0RFQlVHPSR7REVCVUc6LTB9JwogICAgICAtICdDT1JTX0FMTE9XRURfT1JJR0lOUz0ke0NPUlNfQUxMT1dFRF9PUklHSU46LWh0dHA6Ly9sb2NhbGhvc3R9JwogICAgICAtICdHVU5JQ09STl9XT1JLRVJTPSR7R1VOSUNPUk5fV09SS0VSUzotMX0nCiAgICAgIC0gUEdIT1NUPXBsYW5lLWRiCiAgICAgIC0gUEdEQVRBQkFTRT1wbGFuZQogICAgICAtIFBPU1RHUkVTX1VTRVI9JFNFUlZJQ0VfVVNFUl9QT1NUR1JFUwogICAgICAtIFBPU1RHUkVTX1BBU1NXT1JEPSRTRVJWSUNFX1BBU1NXT1JEX1BPU1RHUkVTCiAgICAgIC0gUE9TVEdSRVNfREI9cGxhbmUKICAgICAgLSBQT1NUR1JFU19QT1JUPTU0MzIKICAgICAgLSBQR0RBVEE9L3Zhci9saWIvcG9zdGdyZXNxbC9kYXRhCiAgICAgIC0gJ0RBVEFCQVNFX1VSTD1wb3N0Z3Jlc3FsOi8vJFNFUlZJQ0VfVVNFUl9QT1NUR1JFUzokU0VSVklDRV9QQVNTV09SRF9QT1NUR1JFU0BwbGFuZS1kYi9wbGFuZScKICAgICAgLSBSRURJU19IT1NUPXBsYW5lLXJlZGlzCiAgICAgIC0gUkVESVNfUE9SVD02Mzc5CiAgICAgIC0gJ1JFRElTX1VSTD0ke1JFRElTX1VSTDotcmVkaXM6Ly9wbGFuZS1yZWRpczo2Mzc5L30nCiAgICAgIC0gUkFCQklUTVFfSE9TVD1wbGFuZS1tcQogICAgICAtICdSQUJCSVRNUV9QT1JUPSR7UkFCQklUTVFfUE9SVDotNTY3Mn0nCiAgICAgIC0gJ1JBQkJJVE1RX0RFRkFVTFRfVVNFUj0ke1NFUlZJQ0VfVVNFUl9SQUJCSVRNUTotcGxhbmV9JwogICAgICAtICdSQUJCSVRNUV9ERUZBVUxUX1BBU1M9JHtTRVJWSUNFX1BBU1NXT1JEX1JBQkJJVE1ROi1wbGFuZX0nCiAgICAgIC0gJ1JBQkJJVE1RX0RFRkFVTFRfVkhPU1Q9JHtSQUJCSVRNUV9WSE9TVDotcGxhbmV9JwogICAgICAtICdSQUJCSVRNUV9WSE9TVD0ke1JBQkJJVE1RX1ZIT1NUOi1wbGFuZX0nCiAgICAgIC0gJ0FNUVBfVVJMPWFtcXA6Ly8ke1NFUlZJQ0VfVVNFUl9SQUJCSVRNUX06JHtTRVJWSUNFX1BBU1NXT1JEX1JBQkJJVE1RfUBwbGFuZS1tcToke1JBQkJJVE1RX1BPUlR9L3BsYW5lJwogICAgICAtIFNFQ1JFVF9LRVk9JFNFUlZJQ0VfUEFTU1dPUkRfNjRfU0VDUkVUS0VZCiAgICAgIC0gJ1VTRV9NSU5JTz0ke1VTRV9NSU5JTzotMX0nCiAgICAgIC0gJ0FXU19SRUdJT049JHtBV1NfUkVHSU9OfScKICAgICAgLSBBV1NfQUNDRVNTX0tFWV9JRD0kU0VSVklDRV9VU0VSX01JTklPCiAgICAgIC0gQVdTX1NFQ1JFVF9BQ0NFU1NfS0VZPSRTRVJWSUNFX1BBU1NXT1JEX01JTklPCiAgICAgIC0gJ0FXU19TM19FTkRQT0lOVF9VUkw9JHtBV1NfUzNfRU5EUE9JTlRfVVJMOi1odHRwOi8vcGxhbmUtbWluaW86OTAwMH0nCiAgICAgIC0gJ0FXU19TM19CVUNLRVRfTkFNRT0ke0FXU19TM19CVUNLRVRfTkFNRTotdXBsb2Fkc30nCiAgICAgIC0gTUlOSU9fUk9PVF9VU0VSPSRTRVJWSUNFX1VTRVJfTUlOSU8KICAgICAgLSBNSU5JT19ST09UX1BBU1NXT1JEPSRTRVJWSUNFX1BBU1NXT1JEX01JTklPCiAgICAgIC0gJ0JVQ0tFVF9OQU1FPSR7QlVDS0VUX05BTUU6LXVwbG9hZHN9JwogICAgICAtICdGSUxFX1NJWkVfTElNSVQ9JHtGSUxFX1NJWkVfTElNSVQ6LTUyNDI4ODB9JwogICAgICAtICdBUElfQkFTRV9VUkw9JHtBUElfQkFTRV9VUkw6LWh0dHA6Ly9hcGk6ODAwMH0nCiAgICBpbWFnZTogJ21ha2VwbGFuZS9wbGFuZS1hZG1pbjpzdGFibGUnCiAgICBjb21tYW5kOiAnbm9kZSBhZG1pbi9zZXJ2ZXIuanMgYWRtaW4nCiAgICBkZXBlbmRzX29uOgogICAgICAtIGFwaQogICAgICAtIHdlYgogICAgaGVhbHRoY2hlY2s6CiAgICAgIHRlc3Q6CiAgICAgICAgLSBDTUQKICAgICAgICAtIGVjaG8KICAgICAgICAtICdoZXkgd2hhdHMgdXAnCiAgICAgIGludGVydmFsOiAycwogICAgICB0aW1lb3V0OiAxMHMKICAgICAgcmV0cmllczogMTUKICBsaXZlOgogICAgZW52aXJvbm1lbnQ6CiAgICAgIC0gJ1dFQl9VUkw9JHtTRVJWSUNFX0ZRRE5fUExBTkV9JwogICAgICAtICdERUJVRz0ke0RFQlVHOi0wfScKICAgICAgLSAnQ09SU19BTExPV0VEX09SSUdJTlM9JHtDT1JTX0FMTE9XRURfT1JJR0lOOi1odHRwOi8vbG9jYWxob3N0fScKICAgICAgLSAnR1VOSUNPUk5fV09SS0VSUz0ke0dVTklDT1JOX1dPUktFUlM6LTF9JwogICAgICAtIFBHSE9TVD1wbGFuZS1kYgogICAgICAtIFBHREFUQUJBU0U9cGxhbmUKICAgICAgLSBQT1NUR1JFU19VU0VSPSRTRVJWSUNFX1VTRVJfUE9TVEdSRVMKICAgICAgLSBQT1NUR1JFU19QQVNTV09SRD0kU0VSVklDRV9QQVNTV09SRF9QT1NUR1JFUwogICAgICAtIFBPU1RHUkVTX0RCPXBsYW5lCiAgICAgIC0gUE9TVEdSRVNfUE9SVD01NDMyCiAgICAgIC0gUEdEQVRBPS92YXIvbGliL3Bvc3RncmVzcWwvZGF0YQogICAgICAtICdEQVRBQkFTRV9VUkw9cG9zdGdyZXNxbDovLyRTRVJWSUNFX1VTRVJfUE9TVEdSRVM6JFNFUlZJQ0VfUEFTU1dPUkRfUE9TVEdSRVNAcGxhbmUtZGIvcGxhbmUnCiAgICAgIC0gUkVESVNfSE9TVD1wbGFuZS1yZWRpcwogICAgICAtIFJFRElTX1BPUlQ9NjM3OQogICAgICAtICdSRURJU19VUkw9JHtSRURJU19VUkw6LXJlZGlzOi8vcGxhbmUtcmVkaXM6NjM3OS99JwogICAgICAtIFJBQkJJVE1RX0hPU1Q9cGxhbmUtbXEKICAgICAgLSAnUkFCQklUTVFfUE9SVD0ke1JBQkJJVE1RX1BPUlQ6LTU2NzJ9JwogICAgICAtICdSQUJCSVRNUV9ERUZBVUxUX1VTRVI9JHtTRVJWSUNFX1VTRVJfUkFCQklUTVE6LXBsYW5lfScKICAgICAgLSAnUkFCQklUTVFfREVGQVVMVF9QQVNTPSR7U0VSVklDRV9QQVNTV09SRF9SQUJCSVRNUTotcGxhbmV9JwogICAgICAtICdSQUJCSVRNUV9ERUZBVUxUX1ZIT1NUPSR7UkFCQklUTVFfVkhPU1Q6LXBsYW5lfScKICAgICAgLSAnUkFCQklUTVFfVkhPU1Q9JHtSQUJCSVRNUV9WSE9TVDotcGxhbmV9JwogICAgICAtICdBTVFQX1VSTD1hbXFwOi8vJHtTRVJWSUNFX1VTRVJfUkFCQklUTVF9OiR7U0VSVklDRV9QQVNTV09SRF9SQUJCSVRNUX1AcGxhbmUtbXE6JHtSQUJCSVRNUV9QT1JUfS9wbGFuZScKICAgICAgLSBTRUNSRVRfS0VZPSRTRVJWSUNFX1BBU1NXT1JEXzY0X1NFQ1JFVEtFWQogICAgICAtICdVU0VfTUlOSU89JHtVU0VfTUlOSU86LTF9JwogICAgICAtICdBV1NfUkVHSU9OPSR7QVdTX1JFR0lPTn0nCiAgICAgIC0gQVdTX0FDQ0VTU19LRVlfSUQ9JFNFUlZJQ0VfVVNFUl9NSU5JTwogICAgICAtIEFXU19TRUNSRVRfQUNDRVNTX0tFWT0kU0VSVklDRV9QQVNTV09SRF9NSU5JTwogICAgICAtICdBV1NfUzNfRU5EUE9JTlRfVVJMPSR7QVdTX1MzX0VORFBPSU5UX1VSTDotaHR0cDovL3BsYW5lLW1pbmlvOjkwMDB9JwogICAgICAtICdBV1NfUzNfQlVDS0VUX05BTUU9JHtBV1NfUzNfQlVDS0VUX05BTUU6LXVwbG9hZHN9JwogICAgICAtIE1JTklPX1JPT1RfVVNFUj0kU0VSVklDRV9VU0VSX01JTklPCiAgICAgIC0gTUlOSU9fUk9PVF9QQVNTV09SRD0kU0VSVklDRV9QQVNTV09SRF9NSU5JTwogICAgICAtICdCVUNLRVRfTkFNRT0ke0JVQ0tFVF9OQU1FOi11cGxvYWRzfScKICAgICAgLSAnRklMRV9TSVpFX0xJTUlUPSR7RklMRV9TSVpFX0xJTUlUOi01MjQyODgwfScKICAgICAgLSAnQVBJX0JBU0VfVVJMPSR7QVBJX0JBU0VfVVJMOi1odHRwOi8vYXBpOjgwMDB9JwogICAgaW1hZ2U6ICdtYWtlcGxhbmUvcGxhbmUtbGl2ZTpzdGFibGUnCiAgICBjb21tYW5kOiAnbm9kZSBsaXZlL2Rpc3Qvc2VydmVyLmpzIGxpdmUnCiAgICBkZXBlbmRzX29uOgogICAgICAtIGFwaQogICAgICAtIHdlYgogICAgaGVhbHRoY2hlY2s6CiAgICAgIHRlc3Q6CiAgICAgICAgLSBDTUQKICAgICAgICAtIGVjaG8KICAgICAgICAtICdoZXkgd2hhdHMgdXAnCiAgICAgIGludGVydmFsOiAycwogICAgICB0aW1lb3V0OiAxMHMKICAgICAgcmV0cmllczogMTUKICBhcGk6CiAgICBlbnZpcm9ubWVudDoKICAgICAgLSAnV0VCX1VSTD0ke1NFUlZJQ0VfRlFETl9QTEFORX0nCiAgICAgIC0gJ0RFQlVHPSR7REVCVUc6LTB9JwogICAgICAtICdDT1JTX0FMTE9XRURfT1JJR0lOUz0ke0NPUlNfQUxMT1dFRF9PUklHSU46LWh0dHA6Ly9sb2NhbGhvc3R9JwogICAgICAtICdHVU5JQ09STl9XT1JLRVJTPSR7R1VOSUNPUk5fV09SS0VSUzotMX0nCiAgICAgIC0gUEdIT1NUPXBsYW5lLWRiCiAgICAgIC0gUEdEQVRBQkFTRT1wbGFuZQogICAgICAtIFBPU1RHUkVTX1VTRVI9JFNFUlZJQ0VfVVNFUl9QT1NUR1JFUwogICAgICAtIFBPU1RHUkVTX1BBU1NXT1JEPSRTRVJWSUNFX1BBU1NXT1JEX1BPU1RHUkVTCiAgICAgIC0gUE9TVEdSRVNfREI9cGxhbmUKICAgICAgLSBQT1NUR1JFU19QT1JUPTU0MzIKICAgICAgLSBQR0RBVEE9L3Zhci9saWIvcG9zdGdyZXNxbC9kYXRhCiAgICAgIC0gJ0RBVEFCQVNFX1VSTD1wb3N0Z3Jlc3FsOi8vJFNFUlZJQ0VfVVNFUl9QT1NUR1JFUzokU0VSVklDRV9QQVNTV09SRF9QT1NUR1JFU0BwbGFuZS1kYi9wbGFuZScKICAgICAgLSBSRURJU19IT1NUPXBsYW5lLXJlZGlzCiAgICAgIC0gUkVESVNfUE9SVD02Mzc5CiAgICAgIC0gJ1JFRElTX1VSTD0ke1JFRElTX1VSTDotcmVkaXM6Ly9wbGFuZS1yZWRpczo2Mzc5L30nCiAgICAgIC0gUkFCQklUTVFfSE9TVD1wbGFuZS1tcQogICAgICAtICdSQUJCSVRNUV9QT1JUPSR7UkFCQklUTVFfUE9SVDotNTY3Mn0nCiAgICAgIC0gJ1JBQkJJVE1RX0RFRkFVTFRfVVNFUj0ke1NFUlZJQ0VfVVNFUl9SQUJCSVRNUTotcGxhbmV9JwogICAgICAtICdSQUJCSVRNUV9ERUZBVUxUX1BBU1M9JHtTRVJWSUNFX1BBU1NXT1JEX1JBQkJJVE1ROi1wbGFuZX0nCiAgICAgIC0gJ1JBQkJJVE1RX0RFRkFVTFRfVkhPU1Q9JHtSQUJCSVRNUV9WSE9TVDotcGxhbmV9JwogICAgICAtICdSQUJCSVRNUV9WSE9TVD0ke1JBQkJJVE1RX1ZIT1NUOi1wbGFuZX0nCiAgICAgIC0gJ0FNUVBfVVJMPWFtcXA6Ly8ke1NFUlZJQ0VfVVNFUl9SQUJCSVRNUX06JHtTRVJWSUNFX1BBU1NXT1JEX1JBQkJJVE1RfUBwbGFuZS1tcToke1JBQkJJVE1RX1BPUlR9L3BsYW5lJwogICAgICAtIFNFQ1JFVF9LRVk9JFNFUlZJQ0VfUEFTU1dPUkRfNjRfU0VDUkVUS0VZCiAgICAgIC0gJ1VTRV9NSU5JTz0ke1VTRV9NSU5JTzotMX0nCiAgICAgIC0gJ0FXU19SRUdJT049JHtBV1NfUkVHSU9OfScKICAgICAgLSBBV1NfQUNDRVNTX0tFWV9JRD0kU0VSVklDRV9VU0VSX01JTklPCiAgICAgIC0gQVdTX1NFQ1JFVF9BQ0NFU1NfS0VZPSRTRVJWSUNFX1BBU1NXT1JEX01JTklPCiAgICAgIC0gJ0FXU19TM19FTkRQT0lOVF9VUkw9JHtBV1NfUzNfRU5EUE9JTlRfVVJMOi1odHRwOi8vcGxhbmUtbWluaW86OTAwMH0nCiAgICAgIC0gJ0FXU19TM19CVUNLRVRfTkFNRT0ke0FXU19TM19CVUNLRVRfTkFNRTotdXBsb2Fkc30nCiAgICAgIC0gTUlOSU9fUk9PVF9VU0VSPSRTRVJWSUNFX1VTRVJfTUlOSU8KICAgICAgLSBNSU5JT19ST09UX1BBU1NXT1JEPSRTRVJWSUNFX1BBU1NXT1JEX01JTklPCiAgICAgIC0gJ0JVQ0tFVF9OQU1FPSR7QlVDS0VUX05BTUU6LXVwbG9hZHN9JwogICAgICAtICdGSUxFX1NJWkVfTElNSVQ9JHtGSUxFX1NJWkVfTElNSVQ6LTUyNDI4ODB9JwogICAgICAtICdBUElfQkFTRV9VUkw9JHtBUElfQkFTRV9VUkw6LWh0dHA6Ly9hcGk6ODAwMH0nCiAgICBpbWFnZTogJ21ha2VwbGFuZS9wbGFuZS1iYWNrZW5kOnN0YWJsZScKICAgIGNvbW1hbmQ6IC4vYmluL2RvY2tlci1lbnRyeXBvaW50LWFwaS5zaAogICAgdm9sdW1lczoKICAgICAgLSAnbG9nc19hcGk6L2NvZGUvcGxhbmUvbG9ncycKICAgIGRlcGVuZHNfb246CiAgICAgIC0gcGxhbmUtZGIKICAgICAgLSBwbGFuZS1yZWRpcwogICAgaGVhbHRoY2hlY2s6CiAgICAgIHRlc3Q6CiAgICAgICAgLSBDTUQKICAgICAgICAtIGVjaG8KICAgICAgICAtICdoZXkgd2hhdHMgdXAnCiAgICAgIGludGVydmFsOiAycwogICAgICB0aW1lb3V0OiAxMHMKICAgICAgcmV0cmllczogMTUKICB3b3JrZXI6CiAgICBlbnZpcm9ubWVudDoKICAgICAgLSAnV0VCX1VSTD0ke1NFUlZJQ0VfRlFETl9QTEFORX0nCiAgICAgIC0gJ0RFQlVHPSR7REVCVUc6LTB9JwogICAgICAtICdDT1JTX0FMTE9XRURfT1JJR0lOUz0ke0NPUlNfQUxMT1dFRF9PUklHSU46LWh0dHA6Ly9sb2NhbGhvc3R9JwogICAgICAtICdHVU5JQ09STl9XT1JLRVJTPSR7R1VOSUNPUk5fV09SS0VSUzotMX0nCiAgICAgIC0gUEdIT1NUPXBsYW5lLWRiCiAgICAgIC0gUEdEQVRBQkFTRT1wbGFuZQogICAgICAtIFBPU1RHUkVTX1VTRVI9JFNFUlZJQ0VfVVNFUl9QT1NUR1JFUwogICAgICAtIFBPU1RHUkVTX1BBU1NXT1JEPSRTRVJWSUNFX1BBU1NXT1JEX1BPU1RHUkVTCiAgICAgIC0gUE9TVEdSRVNfREI9cGxhbmUKICAgICAgLSBQT1NUR1JFU19QT1JUPTU0MzIKICAgICAgLSBQR0RBVEE9L3Zhci9saWIvcG9zdGdyZXNxbC9kYXRhCiAgICAgIC0gJ0RBVEFCQVNFX1VSTD1wb3N0Z3Jlc3FsOi8vJFNFUlZJQ0VfVVNFUl9QT1NUR1JFUzokU0VSVklDRV9QQVNTV09SRF9QT1NUR1JFU0BwbGFuZS1kYi9wbGFuZScKICAgICAgLSBSRURJU19IT1NUPXBsYW5lLXJlZGlzCiAgICAgIC0gUkVESVNfUE9SVD02Mzc5CiAgICAgIC0gJ1JFRElTX1VSTD0ke1JFRElTX1VSTDotcmVkaXM6Ly9wbGFuZS1yZWRpczo2Mzc5L30nCiAgICAgIC0gUkFCQklUTVFfSE9TVD1wbGFuZS1tcQogICAgICAtICdSQUJCSVRNUV9QT1JUPSR7UkFCQklUTVFfUE9SVDotNTY3Mn0nCiAgICAgIC0gJ1JBQkJJVE1RX0RFRkFVTFRfVVNFUj0ke1NFUlZJQ0VfVVNFUl9SQUJCSVRNUTotcGxhbmV9JwogICAgICAtICdSQUJCSVRNUV9ERUZBVUxUX1BBU1M9JHtTRVJWSUNFX1BBU1NXT1JEX1JBQkJJVE1ROi1wbGFuZX0nCiAgICAgIC0gJ1JBQkJJVE1RX0RFRkFVTFRfVkhPU1Q9JHtSQUJCSVRNUV9WSE9TVDotcGxhbmV9JwogICAgICAtICdSQUJCSVRNUV9WSE9TVD0ke1JBQkJJVE1RX1ZIT1NUOi1wbGFuZX0nCiAgICAgIC0gJ0FNUVBfVVJMPWFtcXA6Ly8ke1NFUlZJQ0VfVVNFUl9SQUJCSVRNUX06JHtTRVJWSUNFX1BBU1NXT1JEX1JBQkJJVE1RfUBwbGFuZS1tcToke1JBQkJJVE1RX1BPUlR9L3BsYW5lJwogICAgICAtIFNFQ1JFVF9LRVk9JFNFUlZJQ0VfUEFTU1dPUkRfNjRfU0VDUkVUS0VZCiAgICAgIC0gJ1VTRV9NSU5JTz0ke1VTRV9NSU5JTzotMX0nCiAgICAgIC0gJ0FXU19SRUdJT049JHtBV1NfUkVHSU9OfScKICAgICAgLSBBV1NfQUNDRVNTX0tFWV9JRD0kU0VSVklDRV9VU0VSX01JTklPCiAgICAgIC0gQVdTX1NFQ1JFVF9BQ0NFU1NfS0VZPSRTRVJWSUNFX1BBU1NXT1JEX01JTklPCiAgICAgIC0gJ0FXU19TM19FTkRQT0lOVF9VUkw9JHtBV1NfUzNfRU5EUE9JTlRfVVJMOi1odHRwOi8vcGxhbmUtbWluaW86OTAwMH0nCiAgICAgIC0gJ0FXU19TM19CVUNLRVRfTkFNRT0ke0FXU19TM19CVUNLRVRfTkFNRTotdXBsb2Fkc30nCiAgICAgIC0gTUlOSU9fUk9PVF9VU0VSPSRTRVJWSUNFX1VTRVJfTUlOSU8KICAgICAgLSBNSU5JT19ST09UX1BBU1NXT1JEPSRTRVJWSUNFX1BBU1NXT1JEX01JTklPCiAgICAgIC0gJ0JVQ0tFVF9OQU1FPSR7QlVDS0VUX05BTUU6LXVwbG9hZHN9JwogICAgICAtICdGSUxFX1NJWkVfTElNSVQ9JHtGSUxFX1NJWkVfTElNSVQ6LTUyNDI4ODB9JwogICAgICAtICdBUElfQkFTRV9VUkw9JHtBUElfQkFTRV9VUkw6LWh0dHA6Ly9hcGk6ODAwMH0nCiAgICBpbWFnZTogJ21ha2VwbGFuZS9wbGFuZS1iYWNrZW5kOnN0YWJsZScKICAgIGNvbW1hbmQ6IC4vYmluL2RvY2tlci1lbnRyeXBvaW50LXdvcmtlci5zaAogICAgdm9sdW1lczoKICAgICAgLSAnbG9nc193b3JrZXI6L2NvZGUvcGxhbmUvbG9ncycKICAgIGRlcGVuZHNfb246CiAgICAgIC0gYXBpCiAgICAgIC0gcGxhbmUtZGIKICAgICAgLSBwbGFuZS1yZWRpcwogICAgaGVhbHRoY2hlY2s6CiAgICAgIHRlc3Q6CiAgICAgICAgLSBDTUQKICAgICAgICAtIGVjaG8KICAgICAgICAtICdoZXkgd2hhdHMgdXAnCiAgICAgIGludGVydmFsOiAycwogICAgICB0aW1lb3V0OiAxMHMKICAgICAgcmV0cmllczogMTUKICBiZWF0LXdvcmtlcjoKICAgIGVudmlyb25tZW50OgogICAgICAtICdXRUJfVVJMPSR7U0VSVklDRV9GUUROX1BMQU5FfScKICAgICAgLSAnREVCVUc9JHtERUJVRzotMH0nCiAgICAgIC0gJ0NPUlNfQUxMT1dFRF9PUklHSU5TPSR7Q09SU19BTExPV0VEX09SSUdJTjotaHR0cDovL2xvY2FsaG9zdH0nCiAgICAgIC0gJ0dVTklDT1JOX1dPUktFUlM9JHtHVU5JQ09STl9XT1JLRVJTOi0xfScKICAgICAgLSBQR0hPU1Q9cGxhbmUtZGIKICAgICAgLSBQR0RBVEFCQVNFPXBsYW5lCiAgICAgIC0gUE9TVEdSRVNfVVNFUj0kU0VSVklDRV9VU0VSX1BPU1RHUkVTCiAgICAgIC0gUE9TVEdSRVNfUEFTU1dPUkQ9JFNFUlZJQ0VfUEFTU1dPUkRfUE9TVEdSRVMKICAgICAgLSBQT1NUR1JFU19EQj1wbGFuZQogICAgICAtIFBPU1RHUkVTX1BPUlQ9NTQzMgogICAgICAtIFBHREFUQT0vdmFyL2xpYi9wb3N0Z3Jlc3FsL2RhdGEKICAgICAgLSAnREFUQUJBU0VfVVJMPXBvc3RncmVzcWw6Ly8kU0VSVklDRV9VU0VSX1BPU1RHUkVTOiRTRVJWSUNFX1BBU1NXT1JEX1BPU1RHUkVTQHBsYW5lLWRiL3BsYW5lJwogICAgICAtIFJFRElTX0hPU1Q9cGxhbmUtcmVkaXMKICAgICAgLSBSRURJU19QT1JUPTYzNzkKICAgICAgLSAnUkVESVNfVVJMPSR7UkVESVNfVVJMOi1yZWRpczovL3BsYW5lLXJlZGlzOjYzNzkvfScKICAgICAgLSBSQUJCSVRNUV9IT1NUPXBsYW5lLW1xCiAgICAgIC0gJ1JBQkJJVE1RX1BPUlQ9JHtSQUJCSVRNUV9QT1JUOi01NjcyfScKICAgICAgLSAnUkFCQklUTVFfREVGQVVMVF9VU0VSPSR7U0VSVklDRV9VU0VSX1JBQkJJVE1ROi1wbGFuZX0nCiAgICAgIC0gJ1JBQkJJVE1RX0RFRkFVTFRfUEFTUz0ke1NFUlZJQ0VfUEFTU1dPUkRfUkFCQklUTVE6LXBsYW5lfScKICAgICAgLSAnUkFCQklUTVFfREVGQVVMVF9WSE9TVD0ke1JBQkJJVE1RX1ZIT1NUOi1wbGFuZX0nCiAgICAgIC0gJ1JBQkJJVE1RX1ZIT1NUPSR7UkFCQklUTVFfVkhPU1Q6LXBsYW5lfScKICAgICAgLSAnQU1RUF9VUkw9YW1xcDovLyR7U0VSVklDRV9VU0VSX1JBQkJJVE1RfToke1NFUlZJQ0VfUEFTU1dPUkRfUkFCQklUTVF9QHBsYW5lLW1xOiR7UkFCQklUTVFfUE9SVH0vcGxhbmUnCiAgICAgIC0gU0VDUkVUX0tFWT0kU0VSVklDRV9QQVNTV09SRF82NF9TRUNSRVRLRVkKICAgICAgLSAnVVNFX01JTklPPSR7VVNFX01JTklPOi0xfScKICAgICAgLSAnQVdTX1JFR0lPTj0ke0FXU19SRUdJT059JwogICAgICAtIEFXU19BQ0NFU1NfS0VZX0lEPSRTRVJWSUNFX1VTRVJfTUlOSU8KICAgICAgLSBBV1NfU0VDUkVUX0FDQ0VTU19LRVk9JFNFUlZJQ0VfUEFTU1dPUkRfTUlOSU8KICAgICAgLSAnQVdTX1MzX0VORFBPSU5UX1VSTD0ke0FXU19TM19FTkRQT0lOVF9VUkw6LWh0dHA6Ly9wbGFuZS1taW5pbzo5MDAwfScKICAgICAgLSAnQVdTX1MzX0JVQ0tFVF9OQU1FPSR7QVdTX1MzX0JVQ0tFVF9OQU1FOi11cGxvYWRzfScKICAgICAgLSBNSU5JT19ST09UX1VTRVI9JFNFUlZJQ0VfVVNFUl9NSU5JTwogICAgICAtIE1JTklPX1JPT1RfUEFTU1dPUkQ9JFNFUlZJQ0VfUEFTU1dPUkRfTUlOSU8KICAgICAgLSAnQlVDS0VUX05BTUU9JHtCVUNLRVRfTkFNRTotdXBsb2Fkc30nCiAgICAgIC0gJ0ZJTEVfU0laRV9MSU1JVD0ke0ZJTEVfU0laRV9MSU1JVDotNTI0Mjg4MH0nCiAgICAgIC0gJ0FQSV9CQVNFX1VSTD0ke0FQSV9CQVNFX1VSTDotaHR0cDovL2FwaTo4MDAwfScKICAgIGltYWdlOiAnbWFrZXBsYW5lL3BsYW5lLWJhY2tlbmQ6c3RhYmxlJwogICAgY29tbWFuZDogLi9iaW4vZG9ja2VyLWVudHJ5cG9pbnQtYmVhdC5zaAogICAgdm9sdW1lczoKICAgICAgLSAnbG9nc19iZWF0LXdvcmtlcjovY29kZS9wbGFuZS9sb2dzJwogICAgZGVwZW5kc19vbjoKICAgICAgLSBhcGkKICAgICAgLSBwbGFuZS1kYgogICAgICAtIHBsYW5lLXJlZGlzCiAgICBoZWFsdGhjaGVjazoKICAgICAgdGVzdDoKICAgICAgICAtIENNRAogICAgICAgIC0gZWNobwogICAgICAgIC0gJ2hleSB3aGF0cyB1cCcKICAgICAgaW50ZXJ2YWw6IDJzCiAgICAgIHRpbWVvdXQ6IDEwcwogICAgICByZXRyaWVzOiAxNQogIG1pZ3JhdG9yOgogICAgZW52aXJvbm1lbnQ6CiAgICAgIC0gJ1dFQl9VUkw9JHtTRVJWSUNFX0ZRRE5fUExBTkV9JwogICAgICAtICdERUJVRz0ke0RFQlVHOi0wfScKICAgICAgLSAnQ09SU19BTExPV0VEX09SSUdJTlM9JHtDT1JTX0FMTE9XRURfT1JJR0lOOi1odHRwOi8vbG9jYWxob3N0fScKICAgICAgLSAnR1VOSUNPUk5fV09SS0VSUz0ke0dVTklDT1JOX1dPUktFUlM6LTF9JwogICAgICAtIFBHSE9TVD1wbGFuZS1kYgogICAgICAtIFBHREFUQUJBU0U9cGxhbmUKICAgICAgLSBQT1NUR1JFU19VU0VSPSRTRVJWSUNFX1VTRVJfUE9TVEdSRVMKICAgICAgLSBQT1NUR1JFU19QQVNTV09SRD0kU0VSVklDRV9QQVNTV09SRF9QT1NUR1JFUwogICAgICAtIFBPU1RHUkVTX0RCPXBsYW5lCiAgICAgIC0gUE9TVEdSRVNfUE9SVD01NDMyCiAgICAgIC0gUEdEQVRBPS92YXIvbGliL3Bvc3RncmVzcWwvZGF0YQogICAgICAtICdEQVRBQkFTRV9VUkw9cG9zdGdyZXNxbDovLyRTRVJWSUNFX1VTRVJfUE9TVEdSRVM6JFNFUlZJQ0VfUEFTU1dPUkRfUE9TVEdSRVNAcGxhbmUtZGIvcGxhbmUnCiAgICAgIC0gUkVESVNfSE9TVD1wbGFuZS1yZWRpcwogICAgICAtIFJFRElTX1BPUlQ9NjM3OQogICAgICAtICdSRURJU19VUkw9JHtSRURJU19VUkw6LXJlZGlzOi8vcGxhbmUtcmVkaXM6NjM3OS99JwogICAgICAtIFJBQkJJVE1RX0hPU1Q9cGxhbmUtbXEKICAgICAgLSAnUkFCQklUTVFfUE9SVD0ke1JBQkJJVE1RX1BPUlQ6LTU2NzJ9JwogICAgICAtICdSQUJCSVRNUV9ERUZBVUxUX1VTRVI9JHtTRVJWSUNFX1VTRVJfUkFCQklUTVE6LXBsYW5lfScKICAgICAgLSAnUkFCQklUTVFfREVGQVVMVF9QQVNTPSR7U0VSVklDRV9QQVNTV09SRF9SQUJCSVRNUTotcGxhbmV9JwogICAgICAtICdSQUJCSVRNUV9ERUZBVUxUX1ZIT1NUPSR7UkFCQklUTVFfVkhPU1Q6LXBsYW5lfScKICAgICAgLSAnUkFCQklUTVFfVkhPU1Q9JHtSQUJCSVRNUV9WSE9TVDotcGxhbmV9JwogICAgICAtICdBTVFQX1VSTD1hbXFwOi8vJHtTRVJWSUNFX1VTRVJfUkFCQklUTVF9OiR7U0VSVklDRV9QQVNTV09SRF9SQUJCSVRNUX1AcGxhbmUtbXE6JHtSQUJCSVRNUV9QT1JUfS9wbGFuZScKICAgICAgLSBTRUNSRVRfS0VZPSRTRVJWSUNFX1BBU1NXT1JEXzY0X1NFQ1JFVEtFWQogICAgICAtICdVU0VfTUlOSU89JHtVU0VfTUlOSU86LTF9JwogICAgICAtICdBV1NfUkVHSU9OPSR7QVdTX1JFR0lPTn0nCiAgICAgIC0gQVdTX0FDQ0VTU19LRVlfSUQ9JFNFUlZJQ0VfVVNFUl9NSU5JTwogICAgICAtIEFXU19TRUNSRVRfQUNDRVNTX0tFWT0kU0VSVklDRV9QQVNTV09SRF9NSU5JTwogICAgICAtICdBV1NfUzNfRU5EUE9JTlRfVVJMPSR7QVdTX1MzX0VORFBPSU5UX1VSTDotaHR0cDovL3BsYW5lLW1pbmlvOjkwMDB9JwogICAgICAtICdBV1NfUzNfQlVDS0VUX05BTUU9JHtBV1NfUzNfQlVDS0VUX05BTUU6LXVwbG9hZHN9JwogICAgICAtIE1JTklPX1JPT1RfVVNFUj0kU0VSVklDRV9VU0VSX01JTklPCiAgICAgIC0gTUlOSU9fUk9PVF9QQVNTV09SRD0kU0VSVklDRV9QQVNTV09SRF9NSU5JTwogICAgICAtICdCVUNLRVRfTkFNRT0ke0JVQ0tFVF9OQU1FOi11cGxvYWRzfScKICAgICAgLSAnRklMRV9TSVpFX0xJTUlUPSR7RklMRV9TSVpFX0xJTUlUOi01MjQyODgwfScKICAgICAgLSAnQVBJX0JBU0VfVVJMPSR7QVBJX0JBU0VfVVJMOi1odHRwOi8vYXBpOjgwMDB9JwogICAgaW1hZ2U6ICdtYWtlcGxhbmUvcGxhbmUtYmFja2VuZDpzdGFibGUnCiAgICByZXN0YXJ0OiAnbm8nCiAgICBjb21tYW5kOiAuL2Jpbi9kb2NrZXItZW50cnlwb2ludC1taWdyYXRvci5zaAogICAgdm9sdW1lczoKICAgICAgLSAnbG9nc19taWdyYXRvcjovY29kZS9wbGFuZS9sb2dzJwogICAgZGVwZW5kc19vbjoKICAgICAgLSBwbGFuZS1kYgogICAgICAtIHBsYW5lLXJlZGlzCiAgcGxhbmUtZGI6CiAgICBlbnZpcm9ubWVudDoKICAgICAgLSAnV0VCX1VSTD0ke1NFUlZJQ0VfRlFETl9QTEFORX0nCiAgICAgIC0gJ0RFQlVHPSR7REVCVUc6LTB9JwogICAgICAtICdDT1JTX0FMTE9XRURfT1JJR0lOUz0ke0NPUlNfQUxMT1dFRF9PUklHSU46LWh0dHA6Ly9sb2NhbGhvc3R9JwogICAgICAtICdHVU5JQ09STl9XT1JLRVJTPSR7R1VOSUNPUk5fV09SS0VSUzotMX0nCiAgICAgIC0gUEdIT1NUPXBsYW5lLWRiCiAgICAgIC0gUEdEQVRBQkFTRT1wbGFuZQogICAgICAtIFBPU1RHUkVTX1VTRVI9JFNFUlZJQ0VfVVNFUl9QT1NUR1JFUwogICAgICAtIFBPU1RHUkVTX1BBU1NXT1JEPSRTRVJWSUNFX1BBU1NXT1JEX1BPU1RHUkVTCiAgICAgIC0gUE9TVEdSRVNfREI9cGxhbmUKICAgICAgLSBQT1NUR1JFU19QT1JUPTU0MzIKICAgICAgLSBQR0RBVEE9L3Zhci9saWIvcG9zdGdyZXNxbC9kYXRhCiAgICAgIC0gJ0RBVEFCQVNFX1VSTD1wb3N0Z3Jlc3FsOi8vJFNFUlZJQ0VfVVNFUl9QT1NUR1JFUzokU0VSVklDRV9QQVNTV09SRF9QT1NUR1JFU0BwbGFuZS1kYi9wbGFuZScKICAgICAgLSBSRURJU19IT1NUPXBsYW5lLXJlZGlzCiAgICAgIC0gUkVESVNfUE9SVD02Mzc5CiAgICAgIC0gJ1JFRElTX1VSTD0ke1JFRElTX1VSTDotcmVkaXM6Ly9wbGFuZS1yZWRpczo2Mzc5L30nCiAgICAgIC0gUkFCQklUTVFfSE9TVD1wbGFuZS1tcQogICAgICAtICdSQUJCSVRNUV9QT1JUPSR7UkFCQklUTVFfUE9SVDotNTY3Mn0nCiAgICAgIC0gJ1JBQkJJVE1RX0RFRkFVTFRfVVNFUj0ke1NFUlZJQ0VfVVNFUl9SQUJCSVRNUTotcGxhbmV9JwogICAgICAtICdSQUJCSVRNUV9ERUZBVUxUX1BBU1M9JHtTRVJWSUNFX1BBU1NXT1JEX1JBQkJJVE1ROi1wbGFuZX0nCiAgICAgIC0gJ1JBQkJJVE1RX0RFRkFVTFRfVkhPU1Q9JHtSQUJCSVRNUV9WSE9TVDotcGxhbmV9JwogICAgICAtICdSQUJCSVRNUV9WSE9TVD0ke1JBQkJJVE1RX1ZIT1NUOi1wbGFuZX0nCiAgICAgIC0gJ0FNUVBfVVJMPWFtcXA6Ly8ke1NFUlZJQ0VfVVNFUl9SQUJCSVRNUX06JHtTRVJWSUNFX1BBU1NXT1JEX1JBQkJJVE1RfUBwbGFuZS1tcToke1JBQkJJVE1RX1BPUlR9L3BsYW5lJwogICAgICAtIFNFQ1JFVF9LRVk9JFNFUlZJQ0VfUEFTU1dPUkRfNjRfU0VDUkVUS0VZCiAgICAgIC0gJ1VTRV9NSU5JTz0ke1VTRV9NSU5JTzotMX0nCiAgICAgIC0gJ0FXU19SRUdJT049JHtBV1NfUkVHSU9OfScKICAgICAgLSBBV1NfQUNDRVNTX0tFWV9JRD0kU0VSVklDRV9VU0VSX01JTklPCiAgICAgIC0gQVdTX1NFQ1JFVF9BQ0NFU1NfS0VZPSRTRVJWSUNFX1BBU1NXT1JEX01JTklPCiAgICAgIC0gJ0FXU19TM19FTkRQT0lOVF9VUkw9JHtBV1NfUzNfRU5EUE9JTlRfVVJMOi1odHRwOi8vcGxhbmUtbWluaW86OTAwMH0nCiAgICAgIC0gJ0FXU19TM19CVUNLRVRfTkFNRT0ke0FXU19TM19CVUNLRVRfTkFNRTotdXBsb2Fkc30nCiAgICAgIC0gTUlOSU9fUk9PVF9VU0VSPSRTRVJWSUNFX1VTRVJfTUlOSU8KICAgICAgLSBNSU5JT19ST09UX1BBU1NXT1JEPSRTRVJWSUNFX1BBU1NXT1JEX01JTklPCiAgICAgIC0gJ0JVQ0tFVF9OQU1FPSR7QlVDS0VUX05BTUU6LXVwbG9hZHN9JwogICAgICAtICdGSUxFX1NJWkVfTElNSVQ9JHtGSUxFX1NJWkVfTElNSVQ6LTUyNDI4ODB9JwogICAgICAtICdBUElfQkFTRV9VUkw9JHtBUElfQkFTRV9VUkw6LWh0dHA6Ly9hcGk6ODAwMH0nCiAgICBpbWFnZTogJ3Bvc3RncmVzOjE1LjctYWxwaW5lJwogICAgY29tbWFuZDogInBvc3RncmVzIC1jICdtYXhfY29ubmVjdGlvbnM9MTAwMCciCiAgICB2b2x1bWVzOgogICAgICAtICdwZ2RhdGE6L3Zhci9saWIvcG9zdGdyZXNxbC9kYXRhJwogICAgaGVhbHRoY2hlY2s6CiAgICAgIHRlc3Q6CiAgICAgICAgLSBDTUQtU0hFTEwKICAgICAgICAtICdwZ19pc3JlYWR5IC1VICQke1BPU1RHUkVTX1VTRVJ9IC1kICQke1BPU1RHUkVTX0RCfScKICAgICAgaW50ZXJ2YWw6IDVzCiAgICAgIHRpbWVvdXQ6IDIwcwogICAgICByZXRyaWVzOiAxMAogIHBsYW5lLXJlZGlzOgogICAgZW52aXJvbm1lbnQ6CiAgICAgIC0gJ1dFQl9VUkw9JHtTRVJWSUNFX0ZRRE5fUExBTkV9JwogICAgICAtICdERUJVRz0ke0RFQlVHOi0wfScKICAgICAgLSAnQ09SU19BTExPV0VEX09SSUdJTlM9JHtDT1JTX0FMTE9XRURfT1JJR0lOOi1odHRwOi8vbG9jYWxob3N0fScKICAgICAgLSAnR1VOSUNPUk5fV09SS0VSUz0ke0dVTklDT1JOX1dPUktFUlM6LTF9JwogICAgICAtIFBHSE9TVD1wbGFuZS1kYgogICAgICAtIFBHREFUQUJBU0U9cGxhbmUKICAgICAgLSBQT1NUR1JFU19VU0VSPSRTRVJWSUNFX1VTRVJfUE9TVEdSRVMKICAgICAgLSBQT1NUR1JFU19QQVNTV09SRD0kU0VSVklDRV9QQVNTV09SRF9QT1NUR1JFUwogICAgICAtIFBPU1RHUkVTX0RCPXBsYW5lCiAgICAgIC0gUE9TVEdSRVNfUE9SVD01NDMyCiAgICAgIC0gUEdEQVRBPS92YXIvbGliL3Bvc3RncmVzcWwvZGF0YQogICAgICAtICdEQVRBQkFTRV9VUkw9cG9zdGdyZXNxbDovLyRTRVJWSUNFX1VTRVJfUE9TVEdSRVM6JFNFUlZJQ0VfUEFTU1dPUkRfUE9TVEdSRVNAcGxhbmUtZGIvcGxhbmUnCiAgICAgIC0gUkVESVNfSE9TVD1wbGFuZS1yZWRpcwogICAgICAtIFJFRElTX1BPUlQ9NjM3OQogICAgICAtICdSRURJU19VUkw9JHtSRURJU19VUkw6LXJlZGlzOi8vcGxhbmUtcmVkaXM6NjM3OS99JwogICAgICAtIFJBQkJJVE1RX0hPU1Q9cGxhbmUtbXEKICAgICAgLSAnUkFCQklUTVFfUE9SVD0ke1JBQkJJVE1RX1BPUlQ6LTU2NzJ9JwogICAgICAtICdSQUJCSVRNUV9ERUZBVUxUX1VTRVI9JHtTRVJWSUNFX1VTRVJfUkFCQklUTVE6LXBsYW5lfScKICAgICAgLSAnUkFCQklUTVFfREVGQVVMVF9QQVNTPSR7U0VSVklDRV9QQVNTV09SRF9SQUJCSVRNUTotcGxhbmV9JwogICAgICAtICdSQUJCSVRNUV9ERUZBVUxUX1ZIT1NUPSR7UkFCQklUTVFfVkhPU1Q6LXBsYW5lfScKICAgICAgLSAnUkFCQklUTVFfVkhPU1Q9JHtSQUJCSVRNUV9WSE9TVDotcGxhbmV9JwogICAgICAtICdBTVFQX1VSTD1hbXFwOi8vJHtTRVJWSUNFX1VTRVJfUkFCQklUTVF9OiR7U0VSVklDRV9QQVNTV09SRF9SQUJCSVRNUX1AcGxhbmUtbXE6JHtSQUJCSVRNUV9QT1JUfS9wbGFuZScKICAgICAgLSBTRUNSRVRfS0VZPSRTRVJWSUNFX1BBU1NXT1JEXzY0X1NFQ1JFVEtFWQogICAgICAtICdVU0VfTUlOSU89JHtVU0VfTUlOSU86LTF9JwogICAgICAtICdBV1NfUkVHSU9OPSR7QVdTX1JFR0lPTn0nCiAgICAgIC0gQVdTX0FDQ0VTU19LRVlfSUQ9JFNFUlZJQ0VfVVNFUl9NSU5JTwogICAgICAtIEFXU19TRUNSRVRfQUNDRVNTX0tFWT0kU0VSVklDRV9QQVNTV09SRF9NSU5JTwogICAgICAtICdBV1NfUzNfRU5EUE9JTlRfVVJMPSR7QVdTX1MzX0VORFBPSU5UX1VSTDotaHR0cDovL3BsYW5lLW1pbmlvOjkwMDB9JwogICAgICAtICdBV1NfUzNfQlVDS0VUX05BTUU9JHtBV1NfUzNfQlVDS0VUX05BTUU6LXVwbG9hZHN9JwogICAgICAtIE1JTklPX1JPT1RfVVNFUj0kU0VSVklDRV9VU0VSX01JTklPCiAgICAgIC0gTUlOSU9fUk9PVF9QQVNTV09SRD0kU0VSVklDRV9QQVNTV09SRF9NSU5JTwogICAgICAtICdCVUNLRVRfTkFNRT0ke0JVQ0tFVF9OQU1FOi11cGxvYWRzfScKICAgICAgLSAnRklMRV9TSVpFX0xJTUlUPSR7RklMRV9TSVpFX0xJTUlUOi01MjQyODgwfScKICAgICAgLSAnQVBJX0JBU0VfVVJMPSR7QVBJX0JBU0VfVVJMOi1odHRwOi8vYXBpOjgwMDB9JwogICAgaW1hZ2U6ICd2YWxrZXkvdmFsa2V5OjcuMi41LWFscGluZScKICAgIHZvbHVtZXM6CiAgICAgIC0gJ3JlZGlzZGF0YTovZGF0YScKICAgIGhlYWx0aGNoZWNrOgogICAgICB0ZXN0OgogICAgICAgIC0gQ01ECiAgICAgICAgLSByZWRpcy1jbGkKICAgICAgICAtIHBpbmcKICAgICAgaW50ZXJ2YWw6IDVzCiAgICAgIHRpbWVvdXQ6IDIwcwogICAgICByZXRyaWVzOiAxMAogIHBsYW5lLW1xOgogICAgZW52aXJvbm1lbnQ6CiAgICAgIC0gJ1dFQl9VUkw9JHtTRVJWSUNFX0ZRRE5fUExBTkV9JwogICAgICAtICdERUJVRz0ke0RFQlVHOi0wfScKICAgICAgLSAnQ09SU19BTExPV0VEX09SSUdJTlM9JHtDT1JTX0FMTE9XRURfT1JJR0lOOi1odHRwOi8vbG9jYWxob3N0fScKICAgICAgLSAnR1VOSUNPUk5fV09SS0VSUz0ke0dVTklDT1JOX1dPUktFUlM6LTF9JwogICAgICAtIFBHSE9TVD1wbGFuZS1kYgogICAgICAtIFBHREFUQUJBU0U9cGxhbmUKICAgICAgLSBQT1NUR1JFU19VU0VSPSRTRVJWSUNFX1VTRVJfUE9TVEdSRVMKICAgICAgLSBQT1NUR1JFU19QQVNTV09SRD0kU0VSVklDRV9QQVNTV09SRF9QT1NUR1JFUwogICAgICAtIFBPU1RHUkVTX0RCPXBsYW5lCiAgICAgIC0gUE9TVEdSRVNfUE9SVD01NDMyCiAgICAgIC0gUEdEQVRBPS92YXIvbGliL3Bvc3RncmVzcWwvZGF0YQogICAgICAtICdEQVRBQkFTRV9VUkw9cG9zdGdyZXNxbDovLyRTRVJWSUNFX1VTRVJfUE9TVEdSRVM6JFNFUlZJQ0VfUEFTU1dPUkRfUE9TVEdSRVNAcGxhbmUtZGIvcGxhbmUnCiAgICAgIC0gUkVESVNfSE9TVD1wbGFuZS1yZWRpcwogICAgICAtIFJFRElTX1BPUlQ9NjM3OQogICAgICAtICdSRURJU19VUkw9JHtSRURJU19VUkw6LXJlZGlzOi8vcGxhbmUtcmVkaXM6NjM3OS99JwogICAgICAtIFJBQkJJVE1RX0hPU1Q9cGxhbmUtbXEKICAgICAgLSAnUkFCQklUTVFfUE9SVD0ke1JBQkJJVE1RX1BPUlQ6LTU2NzJ9JwogICAgICAtICdSQUJCSVRNUV9ERUZBVUxUX1VTRVI9JHtTRVJWSUNFX1VTRVJfUkFCQklUTVE6LXBsYW5lfScKICAgICAgLSAnUkFCQklUTVFfREVGQVVMVF9QQVNTPSR7U0VSVklDRV9QQVNTV09SRF9SQUJCSVRNUTotcGxhbmV9JwogICAgICAtICdSQUJCSVRNUV9ERUZBVUxUX1ZIT1NUPSR7UkFCQklUTVFfVkhPU1Q6LXBsYW5lfScKICAgICAgLSAnUkFCQklUTVFfVkhPU1Q9JHtSQUJCSVRNUV9WSE9TVDotcGxhbmV9JwogICAgICAtICdBTVFQX1VSTD1hbXFwOi8vJHtTRVJWSUNFX1VTRVJfUkFCQklUTVF9OiR7U0VSVklDRV9QQVNTV09SRF9SQUJCSVRNUX1AcGxhbmUtbXE6JHtSQUJCSVRNUV9QT1JUfS9wbGFuZScKICAgICAgLSBTRUNSRVRfS0VZPSRTRVJWSUNFX1BBU1NXT1JEXzY0X1NFQ1JFVEtFWQogICAgICAtICdVU0VfTUlOSU89JHtVU0VfTUlOSU86LTF9JwogICAgICAtICdBV1NfUkVHSU9OPSR7QVdTX1JFR0lPTn0nCiAgICAgIC0gQVdTX0FDQ0VTU19LRVlfSUQ9JFNFUlZJQ0VfVVNFUl9NSU5JTwogICAgICAtIEFXU19TRUNSRVRfQUNDRVNTX0tFWT0kU0VSVklDRV9QQVNTV09SRF9NSU5JTwogICAgICAtICdBV1NfUzNfRU5EUE9JTlRfVVJMPSR7QVdTX1MzX0VORFBPSU5UX1VSTDotaHR0cDovL3BsYW5lLW1pbmlvOjkwMDB9JwogICAgICAtICdBV1NfUzNfQlVDS0VUX05BTUU9JHtBV1NfUzNfQlVDS0VUX05BTUU6LXVwbG9hZHN9JwogICAgICAtIE1JTklPX1JPT1RfVVNFUj0kU0VSVklDRV9VU0VSX01JTklPCiAgICAgIC0gTUlOSU9fUk9PVF9QQVNTV09SRD0kU0VSVklDRV9QQVNTV09SRF9NSU5JTwogICAgICAtICdCVUNLRVRfTkFNRT0ke0JVQ0tFVF9OQU1FOi11cGxvYWRzfScKICAgICAgLSAnRklMRV9TSVpFX0xJTUlUPSR7RklMRV9TSVpFX0xJTUlUOi01MjQyODgwfScKICAgICAgLSAnQVBJX0JBU0VfVVJMPSR7QVBJX0JBU0VfVVJMOi1odHRwOi8vYXBpOjgwMDB9JwogICAgaW1hZ2U6ICdyYWJiaXRtcTozLjEzLjYtbWFuYWdlbWVudC1hbHBpbmUnCiAgICByZXN0YXJ0OiBhbHdheXMKICAgIHZvbHVtZXM6CiAgICAgIC0gJ3JhYmJpdG1xX2RhdGE6L3Zhci9saWIvcmFiYml0bXEnCiAgICBoZWFsdGhjaGVjazoKICAgICAgdGVzdDogJ3JhYmJpdG1xLWRpYWdub3N0aWNzIC1xIHBpbmcnCiAgICAgIGludGVydmFsOiAzMHMKICAgICAgdGltZW91dDogMzBzCiAgICAgIHJldHJpZXM6IDMKICBwbGFuZS1taW5pbzoKICAgIGVudmlyb25tZW50OgogICAgICAtICdXRUJfVVJMPSR7U0VSVklDRV9GUUROX1BMQU5FfScKICAgICAgLSAnREVCVUc9JHtERUJVRzotMH0nCiAgICAgIC0gJ0NPUlNfQUxMT1dFRF9PUklHSU5TPSR7Q09SU19BTExPV0VEX09SSUdJTjotaHR0cDovL2xvY2FsaG9zdH0nCiAgICAgIC0gJ0dVTklDT1JOX1dPUktFUlM9JHtHVU5JQ09STl9XT1JLRVJTOi0xfScKICAgICAgLSBQR0hPU1Q9cGxhbmUtZGIKICAgICAgLSBQR0RBVEFCQVNFPXBsYW5lCiAgICAgIC0gUE9TVEdSRVNfVVNFUj0kU0VSVklDRV9VU0VSX1BPU1RHUkVTCiAgICAgIC0gUE9TVEdSRVNfUEFTU1dPUkQ9JFNFUlZJQ0VfUEFTU1dPUkRfUE9TVEdSRVMKICAgICAgLSBQT1NUR1JFU19EQj1wbGFuZQogICAgICAtIFBPU1RHUkVTX1BPUlQ9NTQzMgogICAgICAtIFBHREFUQT0vdmFyL2xpYi9wb3N0Z3Jlc3FsL2RhdGEKICAgICAgLSAnREFUQUJBU0VfVVJMPXBvc3RncmVzcWw6Ly8kU0VSVklDRV9VU0VSX1BPU1RHUkVTOiRTRVJWSUNFX1BBU1NXT1JEX1BPU1RHUkVTQHBsYW5lLWRiL3BsYW5lJwogICAgICAtIFJFRElTX0hPU1Q9cGxhbmUtcmVkaXMKICAgICAgLSBSRURJU19QT1JUPTYzNzkKICAgICAgLSAnUkVESVNfVVJMPSR7UkVESVNfVVJMOi1yZWRpczovL3BsYW5lLXJlZGlzOjYzNzkvfScKICAgICAgLSBSQUJCSVRNUV9IT1NUPXBsYW5lLW1xCiAgICAgIC0gJ1JBQkJJVE1RX1BPUlQ9JHtSQUJCSVRNUV9QT1JUOi01NjcyfScKICAgICAgLSAnUkFCQklUTVFfREVGQVVMVF9VU0VSPSR7U0VSVklDRV9VU0VSX1JBQkJJVE1ROi1wbGFuZX0nCiAgICAgIC0gJ1JBQkJJVE1RX0RFRkFVTFRfUEFTUz0ke1NFUlZJQ0VfUEFTU1dPUkRfUkFCQklUTVE6LXBsYW5lfScKICAgICAgLSAnUkFCQklUTVFfREVGQVVMVF9WSE9TVD0ke1JBQkJJVE1RX1ZIT1NUOi1wbGFuZX0nCiAgICAgIC0gJ1JBQkJJVE1RX1ZIT1NUPSR7UkFCQklUTVFfVkhPU1Q6LXBsYW5lfScKICAgICAgLSAnQU1RUF9VUkw9YW1xcDovLyR7U0VSVklDRV9VU0VSX1JBQkJJVE1RfToke1NFUlZJQ0VfUEFTU1dPUkRfUkFCQklUTVF9QHBsYW5lLW1xOiR7UkFCQklUTVFfUE9SVH0vcGxhbmUnCiAgICAgIC0gU0VDUkVUX0tFWT0kU0VSVklDRV9QQVNTV09SRF82NF9TRUNSRVRLRVkKICAgICAgLSAnVVNFX01JTklPPSR7VVNFX01JTklPOi0xfScKICAgICAgLSAnQVdTX1JFR0lPTj0ke0FXU19SRUdJT059JwogICAgICAtIEFXU19BQ0NFU1NfS0VZX0lEPSRTRVJWSUNFX1VTRVJfTUlOSU8KICAgICAgLSBBV1NfU0VDUkVUX0FDQ0VTU19LRVk9JFNFUlZJQ0VfUEFTU1dPUkRfTUlOSU8KICAgICAgLSAnQVdTX1MzX0VORFBPSU5UX1VSTD0ke0FXU19TM19FTkRQT0lOVF9VUkw6LWh0dHA6Ly9wbGFuZS1taW5pbzo5MDAwfScKICAgICAgLSAnQVdTX1MzX0JVQ0tFVF9OQU1FPSR7QVdTX1MzX0JVQ0tFVF9OQU1FOi11cGxvYWRzfScKICAgICAgLSBNSU5JT19ST09UX1VTRVI9JFNFUlZJQ0VfVVNFUl9NSU5JTwogICAgICAtIE1JTklPX1JPT1RfUEFTU1dPUkQ9JFNFUlZJQ0VfUEFTU1dPUkRfTUlOSU8KICAgICAgLSAnQlVDS0VUX05BTUU9JHtCVUNLRVRfTkFNRTotdXBsb2Fkc30nCiAgICAgIC0gJ0ZJTEVfU0laRV9MSU1JVD0ke0ZJTEVfU0laRV9MSU1JVDotNTI0Mjg4MH0nCiAgICAgIC0gJ0FQSV9CQVNFX1VSTD0ke0FQSV9CQVNFX1VSTDotaHR0cDovL2FwaTo4MDAwfScKICAgIGltYWdlOiAnbWluaW8vbWluaW86bGF0ZXN0JwogICAgY29tbWFuZDogJ3NlcnZlciAvZXhwb3J0IC0tY29uc29sZS1hZGRyZXNzICI6OTA5MCInCiAgICB2b2x1bWVzOgogICAgICAtICd1cGxvYWRzOi9leHBvcnQnCiAgICBoZWFsdGhjaGVjazoKICAgICAgdGVzdDoKICAgICAgICAtIENNRAogICAgICAgIC0gbWMKICAgICAgICAtIHJlYWR5CiAgICAgICAgLSBsb2NhbAogICAgICBpbnRlcnZhbDogNXMKICAgICAgdGltZW91dDogMjBzCiAgICAgIHJldHJpZXM6IDEwCg==",
+        "compose": "eC1hcHAtZW52OgogIGVudmlyb25tZW50OgogICAgLSAnQVBQX1JFTEVBU0U9JHtBUFBfUkVMRUFTRTotdjAuMjUuMn0nCiAgICAtICdXRUJfVVJMPSR7U0VSVklDRV9GUUROX1BMQU5FfScKICAgIC0gJ0RFQlVHPSR7REVCVUc6LTB9JwogICAgLSAnQ09SU19BTExPV0VEX09SSUdJTlM9JHtDT1JTX0FMTE9XRURfT1JJR0lOOi1odHRwOi8vbG9jYWxob3N0fScKICAgIC0gJ0dVTklDT1JOX1dPUktFUlM9JHtHVU5JQ09STl9XT1JLRVJTOi0xfScKICAgIC0gUEdIT1NUPXBsYW5lLWRiCiAgICAtIFBHREFUQUJBU0U9cGxhbmUKICAgIC0gUE9TVEdSRVNfVVNFUj0kU0VSVklDRV9VU0VSX1BPU1RHUkVTCiAgICAtIFBPU1RHUkVTX1BBU1NXT1JEPSRTRVJWSUNFX1BBU1NXT1JEX1BPU1RHUkVTCiAgICAtIFBPU1RHUkVTX0RCPXBsYW5lCiAgICAtIFBPU1RHUkVTX1BPUlQ9NTQzMgogICAgLSBQR0RBVEE9L3Zhci9saWIvcG9zdGdyZXNxbC9kYXRhCiAgICAtICdEQVRBQkFTRV9VUkw9cG9zdGdyZXNxbDovLyRTRVJWSUNFX1VTRVJfUE9TVEdSRVM6JFNFUlZJQ0VfUEFTU1dPUkRfUE9TVEdSRVNAcGxhbmUtZGIvcGxhbmUnCiAgICAtIFJFRElTX0hPU1Q9cGxhbmUtcmVkaXMKICAgIC0gUkVESVNfUE9SVD02Mzc5CiAgICAtICdSRURJU19VUkw9JHtSRURJU19VUkw6LXJlZGlzOi8vcGxhbmUtcmVkaXM6NjM3OS99JwogICAgLSBSQUJCSVRNUV9IT1NUPXBsYW5lLW1xCiAgICAtICdSQUJCSVRNUV9QT1JUPSR7UkFCQklUTVFfUE9SVDotNTY3Mn0nCiAgICAtICdSQUJCSVRNUV9ERUZBVUxUX1VTRVI9JHtTRVJWSUNFX1VTRVJfUkFCQklUTVE6LXBsYW5lfScKICAgIC0gJ1JBQkJJVE1RX0RFRkFVTFRfUEFTUz0ke1NFUlZJQ0VfUEFTU1dPUkRfUkFCQklUTVE6LXBsYW5lfScKICAgIC0gJ1JBQkJJVE1RX0RFRkFVTFRfVkhPU1Q9JHtSQUJCSVRNUV9WSE9TVDotcGxhbmV9JwogICAgLSAnUkFCQklUTVFfVkhPU1Q9JHtSQUJCSVRNUV9WSE9TVDotcGxhbmV9JwogICAgLSAnQU1RUF9VUkw9YW1xcDovLyR7U0VSVklDRV9VU0VSX1JBQkJJVE1RfToke1NFUlZJQ0VfUEFTU1dPUkRfUkFCQklUTVF9QHBsYW5lLW1xOiR7UkFCQklUTVFfUE9SVH0vcGxhbmUnCiAgICAtIFNFQ1JFVF9LRVk9JFNFUlZJQ0VfUEFTU1dPUkRfNjRfU0VDUkVUS0VZCiAgICAtICdVU0VfTUlOSU89JHtVU0VfTUlOSU86LTF9JwogICAgLSAnQVdTX1JFR0lPTj0ke0FXU19SRUdJT059JwogICAgLSBBV1NfQUNDRVNTX0tFWV9JRD0kU0VSVklDRV9VU0VSX01JTklPCiAgICAtIEFXU19TRUNSRVRfQUNDRVNTX0tFWT0kU0VSVklDRV9QQVNTV09SRF9NSU5JTwogICAgLSAnQVdTX1MzX0VORFBPSU5UX1VSTD0ke0FXU19TM19FTkRQT0lOVF9VUkw6LWh0dHA6Ly9wbGFuZS1taW5pbzo5MDAwfScKICAgIC0gJ0FXU19TM19CVUNLRVRfTkFNRT0ke0FXU19TM19CVUNLRVRfTkFNRTotdXBsb2Fkc30nCiAgICAtIE1JTklPX1JPT1RfVVNFUj0kU0VSVklDRV9VU0VSX01JTklPCiAgICAtIE1JTklPX1JPT1RfUEFTU1dPUkQ9JFNFUlZJQ0VfUEFTU1dPUkRfTUlOSU8KICAgIC0gJ0JVQ0tFVF9OQU1FPSR7QlVDS0VUX05BTUU6LXVwbG9hZHN9JwogICAgLSAnRklMRV9TSVpFX0xJTUlUPSR7RklMRV9TSVpFX0xJTUlUOi01MjQyODgwfScKICAgIC0gJ0FQSV9CQVNFX1VSTD0ke0FQSV9CQVNFX1VSTDotaHR0cDovL2FwaTo4MDAwfScKc2VydmljZXM6CiAgcHJveHk6CiAgICBlbnZpcm9ubWVudDoKICAgICAgLSBTRVJWSUNFX0ZRRE5fUExBTkUKICAgICAgLSAnRklMRV9TSVpFX0xJTUlUPSR7RklMRV9TSVpFX0xJTUlUOi01MjQyODgwfScKICAgICAgLSAnQlVDS0VUX05BTUU9JHtCVUNLRVRfTkFNRTotdXBsb2Fkc30nCiAgICBpbWFnZTogJ21ha2VwbGFuZS9wbGFuZS1wcm94eToke0FQUF9SRUxFQVNFOi12MC4yNS4xfScKICAgIGRlcGVuZHNfb246CiAgICAgIC0gd2ViCiAgICAgIC0gYXBpCiAgICAgIC0gc3BhY2UKICAgIGhlYWx0aGNoZWNrOgogICAgICB0ZXN0OgogICAgICAgIC0gQ01ECiAgICAgICAgLSBjdXJsCiAgICAgICAgLSAnLWYnCiAgICAgICAgLSAnaHR0cDovLzEyNy4wLjAuMTo4MCcKICAgICAgaW50ZXJ2YWw6IDJzCiAgICAgIHRpbWVvdXQ6IDEwcwogICAgICByZXRyaWVzOiAxNQogIHdlYjoKICAgIGltYWdlOiAnbWFrZXBsYW5lL3BsYW5lLWZyb250ZW5kOiR7QVBQX1JFTEVBU0U6LXYwLjI1LjF9JwogICAgY29tbWFuZDogJ25vZGUgd2ViL3NlcnZlci5qcyB3ZWInCiAgICBkZXBlbmRzX29uOgogICAgICAtIGFwaQogICAgICAtIHdvcmtlcgogICAgaGVhbHRoY2hlY2s6CiAgICAgIHRlc3Q6ICd3Z2V0IC1xTy0gaHR0cDovL2Bob3N0bmFtZWA6MzAwMCcKICAgICAgaW50ZXJ2YWw6IDJzCiAgICAgIHRpbWVvdXQ6IDEwcwogICAgICByZXRyaWVzOiAxNQogIHNwYWNlOgogICAgaW1hZ2U6ICdtYWtlcGxhbmUvcGxhbmUtc3BhY2U6JHtBUFBfUkVMRUFTRTotdjAuMjUuMX0nCiAgICBjb21tYW5kOiAnbm9kZSBzcGFjZS9zZXJ2ZXIuanMgc3BhY2UnCiAgICBkZXBlbmRzX29uOgogICAgICAtIGFwaQogICAgICAtIHdvcmtlcgogICAgICAtIHdlYgogICAgaGVhbHRoY2hlY2s6CiAgICAgIHRlc3Q6CiAgICAgICAgLSBDTUQKICAgICAgICAtIGVjaG8KICAgICAgICAtICdoZXkgd2hhdHMgdXAnCiAgICAgIGludGVydmFsOiAycwogICAgICB0aW1lb3V0OiAxMHMKICAgICAgcmV0cmllczogMTUKICBhZG1pbjoKICAgIGltYWdlOiAnbWFrZXBsYW5lL3BsYW5lLWFkbWluOiR7QVBQX1JFTEVBU0U6LXYwLjI1LjF9JwogICAgY29tbWFuZDogJ25vZGUgYWRtaW4vc2VydmVyLmpzIGFkbWluJwogICAgZGVwZW5kc19vbjoKICAgICAgLSBhcGkKICAgICAgLSB3ZWIKICAgIGhlYWx0aGNoZWNrOgogICAgICB0ZXN0OgogICAgICAgIC0gQ01ECiAgICAgICAgLSBlY2hvCiAgICAgICAgLSAnaGV5IHdoYXRzIHVwJwogICAgICBpbnRlcnZhbDogMnMKICAgICAgdGltZW91dDogMTBzCiAgICAgIHJldHJpZXM6IDE1CiAgbGl2ZToKICAgIGVudmlyb25tZW50OgogICAgICAtICdBUFBfUkVMRUFTRT0ke0FQUF9SRUxFQVNFOi12MC4yNS4yfScKICAgICAgLSAnV0VCX1VSTD0ke1NFUlZJQ0VfRlFETl9QTEFORX0nCiAgICAgIC0gJ0RFQlVHPSR7REVCVUc6LTB9JwogICAgICAtICdDT1JTX0FMTE9XRURfT1JJR0lOUz0ke0NPUlNfQUxMT1dFRF9PUklHSU46LWh0dHA6Ly9sb2NhbGhvc3R9JwogICAgICAtICdHVU5JQ09STl9XT1JLRVJTPSR7R1VOSUNPUk5fV09SS0VSUzotMX0nCiAgICAgIC0gUEdIT1NUPXBsYW5lLWRiCiAgICAgIC0gUEdEQVRBQkFTRT1wbGFuZQogICAgICAtIFBPU1RHUkVTX1VTRVI9JFNFUlZJQ0VfVVNFUl9QT1NUR1JFUwogICAgICAtIFBPU1RHUkVTX1BBU1NXT1JEPSRTRVJWSUNFX1BBU1NXT1JEX1BPU1RHUkVTCiAgICAgIC0gUE9TVEdSRVNfREI9cGxhbmUKICAgICAgLSBQT1NUR1JFU19QT1JUPTU0MzIKICAgICAgLSBQR0RBVEE9L3Zhci9saWIvcG9zdGdyZXNxbC9kYXRhCiAgICAgIC0gJ0RBVEFCQVNFX1VSTD1wb3N0Z3Jlc3FsOi8vJFNFUlZJQ0VfVVNFUl9QT1NUR1JFUzokU0VSVklDRV9QQVNTV09SRF9QT1NUR1JFU0BwbGFuZS1kYi9wbGFuZScKICAgICAgLSBSRURJU19IT1NUPXBsYW5lLXJlZGlzCiAgICAgIC0gUkVESVNfUE9SVD02Mzc5CiAgICAgIC0gJ1JFRElTX1VSTD0ke1JFRElTX1VSTDotcmVkaXM6Ly9wbGFuZS1yZWRpczo2Mzc5L30nCiAgICAgIC0gUkFCQklUTVFfSE9TVD1wbGFuZS1tcQogICAgICAtICdSQUJCSVRNUV9QT1JUPSR7UkFCQklUTVFfUE9SVDotNTY3Mn0nCiAgICAgIC0gJ1JBQkJJVE1RX0RFRkFVTFRfVVNFUj0ke1NFUlZJQ0VfVVNFUl9SQUJCSVRNUTotcGxhbmV9JwogICAgICAtICdSQUJCSVRNUV9ERUZBVUxUX1BBU1M9JHtTRVJWSUNFX1BBU1NXT1JEX1JBQkJJVE1ROi1wbGFuZX0nCiAgICAgIC0gJ1JBQkJJVE1RX0RFRkFVTFRfVkhPU1Q9JHtSQUJCSVRNUV9WSE9TVDotcGxhbmV9JwogICAgICAtICdSQUJCSVRNUV9WSE9TVD0ke1JBQkJJVE1RX1ZIT1NUOi1wbGFuZX0nCiAgICAgIC0gJ0FNUVBfVVJMPWFtcXA6Ly8ke1NFUlZJQ0VfVVNFUl9SQUJCSVRNUX06JHtTRVJWSUNFX1BBU1NXT1JEX1JBQkJJVE1RfUBwbGFuZS1tcToke1JBQkJJVE1RX1BPUlR9L3BsYW5lJwogICAgICAtIFNFQ1JFVF9LRVk9JFNFUlZJQ0VfUEFTU1dPUkRfNjRfU0VDUkVUS0VZCiAgICAgIC0gJ1VTRV9NSU5JTz0ke1VTRV9NSU5JTzotMX0nCiAgICAgIC0gJ0FXU19SRUdJT049JHtBV1NfUkVHSU9OfScKICAgICAgLSBBV1NfQUNDRVNTX0tFWV9JRD0kU0VSVklDRV9VU0VSX01JTklPCiAgICAgIC0gQVdTX1NFQ1JFVF9BQ0NFU1NfS0VZPSRTRVJWSUNFX1BBU1NXT1JEX01JTklPCiAgICAgIC0gJ0FXU19TM19FTkRQT0lOVF9VUkw9JHtBV1NfUzNfRU5EUE9JTlRfVVJMOi1odHRwOi8vcGxhbmUtbWluaW86OTAwMH0nCiAgICAgIC0gJ0FXU19TM19CVUNLRVRfTkFNRT0ke0FXU19TM19CVUNLRVRfTkFNRTotdXBsb2Fkc30nCiAgICAgIC0gTUlOSU9fUk9PVF9VU0VSPSRTRVJWSUNFX1VTRVJfTUlOSU8KICAgICAgLSBNSU5JT19ST09UX1BBU1NXT1JEPSRTRVJWSUNFX1BBU1NXT1JEX01JTklPCiAgICAgIC0gJ0JVQ0tFVF9OQU1FPSR7QlVDS0VUX05BTUU6LXVwbG9hZHN9JwogICAgICAtICdGSUxFX1NJWkVfTElNSVQ9JHtGSUxFX1NJWkVfTElNSVQ6LTUyNDI4ODB9JwogICAgICAtICdBUElfQkFTRV9VUkw9JHtBUElfQkFTRV9VUkw6LWh0dHA6Ly9hcGk6ODAwMH0nCiAgICBpbWFnZTogJ21ha2VwbGFuZS9wbGFuZS1saXZlOiR7QVBQX1JFTEVBU0U6LXYwLjI1LjF9JwogICAgY29tbWFuZDogJ25vZGUgbGl2ZS9kaXN0L3NlcnZlci5qcyBsaXZlJwogICAgZGVwZW5kc19vbjoKICAgICAgLSBhcGkKICAgICAgLSB3ZWIKICAgIGhlYWx0aGNoZWNrOgogICAgICB0ZXN0OgogICAgICAgIC0gQ01ECiAgICAgICAgLSBlY2hvCiAgICAgICAgLSAnaGV5IHdoYXRzIHVwJwogICAgICBpbnRlcnZhbDogMnMKICAgICAgdGltZW91dDogMTBzCiAgICAgIHJldHJpZXM6IDE1CiAgYXBpOgogICAgZW52aXJvbm1lbnQ6CiAgICAgIC0gJ0FQUF9SRUxFQVNFPSR7QVBQX1JFTEVBU0U6LXYwLjI1LjJ9JwogICAgICAtICdXRUJfVVJMPSR7U0VSVklDRV9GUUROX1BMQU5FfScKICAgICAgLSAnREVCVUc9JHtERUJVRzotMH0nCiAgICAgIC0gJ0NPUlNfQUxMT1dFRF9PUklHSU5TPSR7Q09SU19BTExPV0VEX09SSUdJTjotaHR0cDovL2xvY2FsaG9zdH0nCiAgICAgIC0gJ0dVTklDT1JOX1dPUktFUlM9JHtHVU5JQ09STl9XT1JLRVJTOi0xfScKICAgICAgLSBQR0hPU1Q9cGxhbmUtZGIKICAgICAgLSBQR0RBVEFCQVNFPXBsYW5lCiAgICAgIC0gUE9TVEdSRVNfVVNFUj0kU0VSVklDRV9VU0VSX1BPU1RHUkVTCiAgICAgIC0gUE9TVEdSRVNfUEFTU1dPUkQ9JFNFUlZJQ0VfUEFTU1dPUkRfUE9TVEdSRVMKICAgICAgLSBQT1NUR1JFU19EQj1wbGFuZQogICAgICAtIFBPU1RHUkVTX1BPUlQ9NTQzMgogICAgICAtIFBHREFUQT0vdmFyL2xpYi9wb3N0Z3Jlc3FsL2RhdGEKICAgICAgLSAnREFUQUJBU0VfVVJMPXBvc3RncmVzcWw6Ly8kU0VSVklDRV9VU0VSX1BPU1RHUkVTOiRTRVJWSUNFX1BBU1NXT1JEX1BPU1RHUkVTQHBsYW5lLWRiL3BsYW5lJwogICAgICAtIFJFRElTX0hPU1Q9cGxhbmUtcmVkaXMKICAgICAgLSBSRURJU19QT1JUPTYzNzkKICAgICAgLSAnUkVESVNfVVJMPSR7UkVESVNfVVJMOi1yZWRpczovL3BsYW5lLXJlZGlzOjYzNzkvfScKICAgICAgLSBSQUJCSVRNUV9IT1NUPXBsYW5lLW1xCiAgICAgIC0gJ1JBQkJJVE1RX1BPUlQ9JHtSQUJCSVRNUV9QT1JUOi01NjcyfScKICAgICAgLSAnUkFCQklUTVFfREVGQVVMVF9VU0VSPSR7U0VSVklDRV9VU0VSX1JBQkJJVE1ROi1wbGFuZX0nCiAgICAgIC0gJ1JBQkJJVE1RX0RFRkFVTFRfUEFTUz0ke1NFUlZJQ0VfUEFTU1dPUkRfUkFCQklUTVE6LXBsYW5lfScKICAgICAgLSAnUkFCQklUTVFfREVGQVVMVF9WSE9TVD0ke1JBQkJJVE1RX1ZIT1NUOi1wbGFuZX0nCiAgICAgIC0gJ1JBQkJJVE1RX1ZIT1NUPSR7UkFCQklUTVFfVkhPU1Q6LXBsYW5lfScKICAgICAgLSAnQU1RUF9VUkw9YW1xcDovLyR7U0VSVklDRV9VU0VSX1JBQkJJVE1RfToke1NFUlZJQ0VfUEFTU1dPUkRfUkFCQklUTVF9QHBsYW5lLW1xOiR7UkFCQklUTVFfUE9SVH0vcGxhbmUnCiAgICAgIC0gU0VDUkVUX0tFWT0kU0VSVklDRV9QQVNTV09SRF82NF9TRUNSRVRLRVkKICAgICAgLSAnVVNFX01JTklPPSR7VVNFX01JTklPOi0xfScKICAgICAgLSAnQVdTX1JFR0lPTj0ke0FXU19SRUdJT059JwogICAgICAtIEFXU19BQ0NFU1NfS0VZX0lEPSRTRVJWSUNFX1VTRVJfTUlOSU8KICAgICAgLSBBV1NfU0VDUkVUX0FDQ0VTU19LRVk9JFNFUlZJQ0VfUEFTU1dPUkRfTUlOSU8KICAgICAgLSAnQVdTX1MzX0VORFBPSU5UX1VSTD0ke0FXU19TM19FTkRQT0lOVF9VUkw6LWh0dHA6Ly9wbGFuZS1taW5pbzo5MDAwfScKICAgICAgLSAnQVdTX1MzX0JVQ0tFVF9OQU1FPSR7QVdTX1MzX0JVQ0tFVF9OQU1FOi11cGxvYWRzfScKICAgICAgLSBNSU5JT19ST09UX1VTRVI9JFNFUlZJQ0VfVVNFUl9NSU5JTwogICAgICAtIE1JTklPX1JPT1RfUEFTU1dPUkQ9JFNFUlZJQ0VfUEFTU1dPUkRfTUlOSU8KICAgICAgLSAnQlVDS0VUX05BTUU9JHtCVUNLRVRfTkFNRTotdXBsb2Fkc30nCiAgICAgIC0gJ0ZJTEVfU0laRV9MSU1JVD0ke0ZJTEVfU0laRV9MSU1JVDotNTI0Mjg4MH0nCiAgICAgIC0gJ0FQSV9CQVNFX1VSTD0ke0FQSV9CQVNFX1VSTDotaHR0cDovL2FwaTo4MDAwfScKICAgIGltYWdlOiAnbWFrZXBsYW5lL3BsYW5lLWJhY2tlbmQ6JHtBUFBfUkVMRUFTRTotdjAuMjUuMX0nCiAgICBjb21tYW5kOiAuL2Jpbi9kb2NrZXItZW50cnlwb2ludC1hcGkuc2gKICAgIHZvbHVtZXM6CiAgICAgIC0gJ2xvZ3NfYXBpOi9jb2RlL3BsYW5lL2xvZ3MnCiAgICBkZXBlbmRzX29uOgogICAgICAtIHBsYW5lLWRiCiAgICAgIC0gcGxhbmUtcmVkaXMKICAgIGhlYWx0aGNoZWNrOgogICAgICB0ZXN0OgogICAgICAgIC0gQ01ECiAgICAgICAgLSBlY2hvCiAgICAgICAgLSAnaGV5IHdoYXRzIHVwJwogICAgICBpbnRlcnZhbDogMnMKICAgICAgdGltZW91dDogMTBzCiAgICAgIHJldHJpZXM6IDE1CiAgd29ya2VyOgogICAgZW52aXJvbm1lbnQ6CiAgICAgIC0gJ0FQUF9SRUxFQVNFPSR7QVBQX1JFTEVBU0U6LXYwLjI1LjJ9JwogICAgICAtICdXRUJfVVJMPSR7U0VSVklDRV9GUUROX1BMQU5FfScKICAgICAgLSAnREVCVUc9JHtERUJVRzotMH0nCiAgICAgIC0gJ0NPUlNfQUxMT1dFRF9PUklHSU5TPSR7Q09SU19BTExPV0VEX09SSUdJTjotaHR0cDovL2xvY2FsaG9zdH0nCiAgICAgIC0gJ0dVTklDT1JOX1dPUktFUlM9JHtHVU5JQ09STl9XT1JLRVJTOi0xfScKICAgICAgLSBQR0hPU1Q9cGxhbmUtZGIKICAgICAgLSBQR0RBVEFCQVNFPXBsYW5lCiAgICAgIC0gUE9TVEdSRVNfVVNFUj0kU0VSVklDRV9VU0VSX1BPU1RHUkVTCiAgICAgIC0gUE9TVEdSRVNfUEFTU1dPUkQ9JFNFUlZJQ0VfUEFTU1dPUkRfUE9TVEdSRVMKICAgICAgLSBQT1NUR1JFU19EQj1wbGFuZQogICAgICAtIFBPU1RHUkVTX1BPUlQ9NTQzMgogICAgICAtIFBHREFUQT0vdmFyL2xpYi9wb3N0Z3Jlc3FsL2RhdGEKICAgICAgLSAnREFUQUJBU0VfVVJMPXBvc3RncmVzcWw6Ly8kU0VSVklDRV9VU0VSX1BPU1RHUkVTOiRTRVJWSUNFX1BBU1NXT1JEX1BPU1RHUkVTQHBsYW5lLWRiL3BsYW5lJwogICAgICAtIFJFRElTX0hPU1Q9cGxhbmUtcmVkaXMKICAgICAgLSBSRURJU19QT1JUPTYzNzkKICAgICAgLSAnUkVESVNfVVJMPSR7UkVESVNfVVJMOi1yZWRpczovL3BsYW5lLXJlZGlzOjYzNzkvfScKICAgICAgLSBSQUJCSVRNUV9IT1NUPXBsYW5lLW1xCiAgICAgIC0gJ1JBQkJJVE1RX1BPUlQ9JHtSQUJCSVRNUV9QT1JUOi01NjcyfScKICAgICAgLSAnUkFCQklUTVFfREVGQVVMVF9VU0VSPSR7U0VSVklDRV9VU0VSX1JBQkJJVE1ROi1wbGFuZX0nCiAgICAgIC0gJ1JBQkJJVE1RX0RFRkFVTFRfUEFTUz0ke1NFUlZJQ0VfUEFTU1dPUkRfUkFCQklUTVE6LXBsYW5lfScKICAgICAgLSAnUkFCQklUTVFfREVGQVVMVF9WSE9TVD0ke1JBQkJJVE1RX1ZIT1NUOi1wbGFuZX0nCiAgICAgIC0gJ1JBQkJJVE1RX1ZIT1NUPSR7UkFCQklUTVFfVkhPU1Q6LXBsYW5lfScKICAgICAgLSAnQU1RUF9VUkw9YW1xcDovLyR7U0VSVklDRV9VU0VSX1JBQkJJVE1RfToke1NFUlZJQ0VfUEFTU1dPUkRfUkFCQklUTVF9QHBsYW5lLW1xOiR7UkFCQklUTVFfUE9SVH0vcGxhbmUnCiAgICAgIC0gU0VDUkVUX0tFWT0kU0VSVklDRV9QQVNTV09SRF82NF9TRUNSRVRLRVkKICAgICAgLSAnVVNFX01JTklPPSR7VVNFX01JTklPOi0xfScKICAgICAgLSAnQVdTX1JFR0lPTj0ke0FXU19SRUdJT059JwogICAgICAtIEFXU19BQ0NFU1NfS0VZX0lEPSRTRVJWSUNFX1VTRVJfTUlOSU8KICAgICAgLSBBV1NfU0VDUkVUX0FDQ0VTU19LRVk9JFNFUlZJQ0VfUEFTU1dPUkRfTUlOSU8KICAgICAgLSAnQVdTX1MzX0VORFBPSU5UX1VSTD0ke0FXU19TM19FTkRQT0lOVF9VUkw6LWh0dHA6Ly9wbGFuZS1taW5pbzo5MDAwfScKICAgICAgLSAnQVdTX1MzX0JVQ0tFVF9OQU1FPSR7QVdTX1MzX0JVQ0tFVF9OQU1FOi11cGxvYWRzfScKICAgICAgLSBNSU5JT19ST09UX1VTRVI9JFNFUlZJQ0VfVVNFUl9NSU5JTwogICAgICAtIE1JTklPX1JPT1RfUEFTU1dPUkQ9JFNFUlZJQ0VfUEFTU1dPUkRfTUlOSU8KICAgICAgLSAnQlVDS0VUX05BTUU9JHtCVUNLRVRfTkFNRTotdXBsb2Fkc30nCiAgICAgIC0gJ0ZJTEVfU0laRV9MSU1JVD0ke0ZJTEVfU0laRV9MSU1JVDotNTI0Mjg4MH0nCiAgICAgIC0gJ0FQSV9CQVNFX1VSTD0ke0FQSV9CQVNFX1VSTDotaHR0cDovL2FwaTo4MDAwfScKICAgIGltYWdlOiAnbWFrZXBsYW5lL3BsYW5lLWJhY2tlbmQ6JHtBUFBfUkVMRUFTRTotdjAuMjUuMX0nCiAgICBjb21tYW5kOiAuL2Jpbi9kb2NrZXItZW50cnlwb2ludC13b3JrZXIuc2gKICAgIHZvbHVtZXM6CiAgICAgIC0gJ2xvZ3Nfd29ya2VyOi9jb2RlL3BsYW5lL2xvZ3MnCiAgICBkZXBlbmRzX29uOgogICAgICAtIGFwaQogICAgICAtIHBsYW5lLWRiCiAgICAgIC0gcGxhbmUtcmVkaXMKICAgIGhlYWx0aGNoZWNrOgogICAgICB0ZXN0OgogICAgICAgIC0gQ01ECiAgICAgICAgLSBlY2hvCiAgICAgICAgLSAnaGV5IHdoYXRzIHVwJwogICAgICBpbnRlcnZhbDogMnMKICAgICAgdGltZW91dDogMTBzCiAgICAgIHJldHJpZXM6IDE1CiAgYmVhdC13b3JrZXI6CiAgICBlbnZpcm9ubWVudDoKICAgICAgLSAnQVBQX1JFTEVBU0U9JHtBUFBfUkVMRUFTRTotdjAuMjUuMn0nCiAgICAgIC0gJ1dFQl9VUkw9JHtTRVJWSUNFX0ZRRE5fUExBTkV9JwogICAgICAtICdERUJVRz0ke0RFQlVHOi0wfScKICAgICAgLSAnQ09SU19BTExPV0VEX09SSUdJTlM9JHtDT1JTX0FMTE9XRURfT1JJR0lOOi1odHRwOi8vbG9jYWxob3N0fScKICAgICAgLSAnR1VOSUNPUk5fV09SS0VSUz0ke0dVTklDT1JOX1dPUktFUlM6LTF9JwogICAgICAtIFBHSE9TVD1wbGFuZS1kYgogICAgICAtIFBHREFUQUJBU0U9cGxhbmUKICAgICAgLSBQT1NUR1JFU19VU0VSPSRTRVJWSUNFX1VTRVJfUE9TVEdSRVMKICAgICAgLSBQT1NUR1JFU19QQVNTV09SRD0kU0VSVklDRV9QQVNTV09SRF9QT1NUR1JFUwogICAgICAtIFBPU1RHUkVTX0RCPXBsYW5lCiAgICAgIC0gUE9TVEdSRVNfUE9SVD01NDMyCiAgICAgIC0gUEdEQVRBPS92YXIvbGliL3Bvc3RncmVzcWwvZGF0YQogICAgICAtICdEQVRBQkFTRV9VUkw9cG9zdGdyZXNxbDovLyRTRVJWSUNFX1VTRVJfUE9TVEdSRVM6JFNFUlZJQ0VfUEFTU1dPUkRfUE9TVEdSRVNAcGxhbmUtZGIvcGxhbmUnCiAgICAgIC0gUkVESVNfSE9TVD1wbGFuZS1yZWRpcwogICAgICAtIFJFRElTX1BPUlQ9NjM3OQogICAgICAtICdSRURJU19VUkw9JHtSRURJU19VUkw6LXJlZGlzOi8vcGxhbmUtcmVkaXM6NjM3OS99JwogICAgICAtIFJBQkJJVE1RX0hPU1Q9cGxhbmUtbXEKICAgICAgLSAnUkFCQklUTVFfUE9SVD0ke1JBQkJJVE1RX1BPUlQ6LTU2NzJ9JwogICAgICAtICdSQUJCSVRNUV9ERUZBVUxUX1VTRVI9JHtTRVJWSUNFX1VTRVJfUkFCQklUTVE6LXBsYW5lfScKICAgICAgLSAnUkFCQklUTVFfREVGQVVMVF9QQVNTPSR7U0VSVklDRV9QQVNTV09SRF9SQUJCSVRNUTotcGxhbmV9JwogICAgICAtICdSQUJCSVRNUV9ERUZBVUxUX1ZIT1NUPSR7UkFCQklUTVFfVkhPU1Q6LXBsYW5lfScKICAgICAgLSAnUkFCQklUTVFfVkhPU1Q9JHtSQUJCSVRNUV9WSE9TVDotcGxhbmV9JwogICAgICAtICdBTVFQX1VSTD1hbXFwOi8vJHtTRVJWSUNFX1VTRVJfUkFCQklUTVF9OiR7U0VSVklDRV9QQVNTV09SRF9SQUJCSVRNUX1AcGxhbmUtbXE6JHtSQUJCSVRNUV9QT1JUfS9wbGFuZScKICAgICAgLSBTRUNSRVRfS0VZPSRTRVJWSUNFX1BBU1NXT1JEXzY0X1NFQ1JFVEtFWQogICAgICAtICdVU0VfTUlOSU89JHtVU0VfTUlOSU86LTF9JwogICAgICAtICdBV1NfUkVHSU9OPSR7QVdTX1JFR0lPTn0nCiAgICAgIC0gQVdTX0FDQ0VTU19LRVlfSUQ9JFNFUlZJQ0VfVVNFUl9NSU5JTwogICAgICAtIEFXU19TRUNSRVRfQUNDRVNTX0tFWT0kU0VSVklDRV9QQVNTV09SRF9NSU5JTwogICAgICAtICdBV1NfUzNfRU5EUE9JTlRfVVJMPSR7QVdTX1MzX0VORFBPSU5UX1VSTDotaHR0cDovL3BsYW5lLW1pbmlvOjkwMDB9JwogICAgICAtICdBV1NfUzNfQlVDS0VUX05BTUU9JHtBV1NfUzNfQlVDS0VUX05BTUU6LXVwbG9hZHN9JwogICAgICAtIE1JTklPX1JPT1RfVVNFUj0kU0VSVklDRV9VU0VSX01JTklPCiAgICAgIC0gTUlOSU9fUk9PVF9QQVNTV09SRD0kU0VSVklDRV9QQVNTV09SRF9NSU5JTwogICAgICAtICdCVUNLRVRfTkFNRT0ke0JVQ0tFVF9OQU1FOi11cGxvYWRzfScKICAgICAgLSAnRklMRV9TSVpFX0xJTUlUPSR7RklMRV9TSVpFX0xJTUlUOi01MjQyODgwfScKICAgICAgLSAnQVBJX0JBU0VfVVJMPSR7QVBJX0JBU0VfVVJMOi1odHRwOi8vYXBpOjgwMDB9JwogICAgaW1hZ2U6ICdtYWtlcGxhbmUvcGxhbmUtYmFja2VuZDoke0FQUF9SRUxFQVNFOi12MC4yNS4xfScKICAgIGNvbW1hbmQ6IC4vYmluL2RvY2tlci1lbnRyeXBvaW50LWJlYXQuc2gKICAgIHZvbHVtZXM6CiAgICAgIC0gJ2xvZ3NfYmVhdC13b3JrZXI6L2NvZGUvcGxhbmUvbG9ncycKICAgIGRlcGVuZHNfb246CiAgICAgIC0gYXBpCiAgICAgIC0gcGxhbmUtZGIKICAgICAgLSBwbGFuZS1yZWRpcwogICAgaGVhbHRoY2hlY2s6CiAgICAgIHRlc3Q6CiAgICAgICAgLSBDTUQKICAgICAgICAtIGVjaG8KICAgICAgICAtICdoZXkgd2hhdHMgdXAnCiAgICAgIGludGVydmFsOiAycwogICAgICB0aW1lb3V0OiAxMHMKICAgICAgcmV0cmllczogMTUKICBtaWdyYXRvcjoKICAgIGVudmlyb25tZW50OgogICAgICAtICdBUFBfUkVMRUFTRT0ke0FQUF9SRUxFQVNFOi12MC4yNS4yfScKICAgICAgLSAnV0VCX1VSTD0ke1NFUlZJQ0VfRlFETl9QTEFORX0nCiAgICAgIC0gJ0RFQlVHPSR7REVCVUc6LTB9JwogICAgICAtICdDT1JTX0FMTE9XRURfT1JJR0lOUz0ke0NPUlNfQUxMT1dFRF9PUklHSU46LWh0dHA6Ly9sb2NhbGhvc3R9JwogICAgICAtICdHVU5JQ09STl9XT1JLRVJTPSR7R1VOSUNPUk5fV09SS0VSUzotMX0nCiAgICAgIC0gUEdIT1NUPXBsYW5lLWRiCiAgICAgIC0gUEdEQVRBQkFTRT1wbGFuZQogICAgICAtIFBPU1RHUkVTX1VTRVI9JFNFUlZJQ0VfVVNFUl9QT1NUR1JFUwogICAgICAtIFBPU1RHUkVTX1BBU1NXT1JEPSRTRVJWSUNFX1BBU1NXT1JEX1BPU1RHUkVTCiAgICAgIC0gUE9TVEdSRVNfREI9cGxhbmUKICAgICAgLSBQT1NUR1JFU19QT1JUPTU0MzIKICAgICAgLSBQR0RBVEE9L3Zhci9saWIvcG9zdGdyZXNxbC9kYXRhCiAgICAgIC0gJ0RBVEFCQVNFX1VSTD1wb3N0Z3Jlc3FsOi8vJFNFUlZJQ0VfVVNFUl9QT1NUR1JFUzokU0VSVklDRV9QQVNTV09SRF9QT1NUR1JFU0BwbGFuZS1kYi9wbGFuZScKICAgICAgLSBSRURJU19IT1NUPXBsYW5lLXJlZGlzCiAgICAgIC0gUkVESVNfUE9SVD02Mzc5CiAgICAgIC0gJ1JFRElTX1VSTD0ke1JFRElTX1VSTDotcmVkaXM6Ly9wbGFuZS1yZWRpczo2Mzc5L30nCiAgICAgIC0gUkFCQklUTVFfSE9TVD1wbGFuZS1tcQogICAgICAtICdSQUJCSVRNUV9QT1JUPSR7UkFCQklUTVFfUE9SVDotNTY3Mn0nCiAgICAgIC0gJ1JBQkJJVE1RX0RFRkFVTFRfVVNFUj0ke1NFUlZJQ0VfVVNFUl9SQUJCSVRNUTotcGxhbmV9JwogICAgICAtICdSQUJCSVRNUV9ERUZBVUxUX1BBU1M9JHtTRVJWSUNFX1BBU1NXT1JEX1JBQkJJVE1ROi1wbGFuZX0nCiAgICAgIC0gJ1JBQkJJVE1RX0RFRkFVTFRfVkhPU1Q9JHtSQUJCSVRNUV9WSE9TVDotcGxhbmV9JwogICAgICAtICdSQUJCSVRNUV9WSE9TVD0ke1JBQkJJVE1RX1ZIT1NUOi1wbGFuZX0nCiAgICAgIC0gJ0FNUVBfVVJMPWFtcXA6Ly8ke1NFUlZJQ0VfVVNFUl9SQUJCSVRNUX06JHtTRVJWSUNFX1BBU1NXT1JEX1JBQkJJVE1RfUBwbGFuZS1tcToke1JBQkJJVE1RX1BPUlR9L3BsYW5lJwogICAgICAtIFNFQ1JFVF9LRVk9JFNFUlZJQ0VfUEFTU1dPUkRfNjRfU0VDUkVUS0VZCiAgICAgIC0gJ1VTRV9NSU5JTz0ke1VTRV9NSU5JTzotMX0nCiAgICAgIC0gJ0FXU19SRUdJT049JHtBV1NfUkVHSU9OfScKICAgICAgLSBBV1NfQUNDRVNTX0tFWV9JRD0kU0VSVklDRV9VU0VSX01JTklPCiAgICAgIC0gQVdTX1NFQ1JFVF9BQ0NFU1NfS0VZPSRTRVJWSUNFX1BBU1NXT1JEX01JTklPCiAgICAgIC0gJ0FXU19TM19FTkRQT0lOVF9VUkw9JHtBV1NfUzNfRU5EUE9JTlRfVVJMOi1odHRwOi8vcGxhbmUtbWluaW86OTAwMH0nCiAgICAgIC0gJ0FXU19TM19CVUNLRVRfTkFNRT0ke0FXU19TM19CVUNLRVRfTkFNRTotdXBsb2Fkc30nCiAgICAgIC0gTUlOSU9fUk9PVF9VU0VSPSRTRVJWSUNFX1VTRVJfTUlOSU8KICAgICAgLSBNSU5JT19ST09UX1BBU1NXT1JEPSRTRVJWSUNFX1BBU1NXT1JEX01JTklPCiAgICAgIC0gJ0JVQ0tFVF9OQU1FPSR7QlVDS0VUX05BTUU6LXVwbG9hZHN9JwogICAgICAtICdGSUxFX1NJWkVfTElNSVQ9JHtGSUxFX1NJWkVfTElNSVQ6LTUyNDI4ODB9JwogICAgICAtICdBUElfQkFTRV9VUkw9JHtBUElfQkFTRV9VUkw6LWh0dHA6Ly9hcGk6ODAwMH0nCiAgICBpbWFnZTogJ21ha2VwbGFuZS9wbGFuZS1iYWNrZW5kOiR7QVBQX1JFTEVBU0U6LXYwLjI1LjF9JwogICAgcmVzdGFydDogJ25vJwogICAgY29tbWFuZDogLi9iaW4vZG9ja2VyLWVudHJ5cG9pbnQtbWlncmF0b3Iuc2gKICAgIHZvbHVtZXM6CiAgICAgIC0gJ2xvZ3NfbWlncmF0b3I6L2NvZGUvcGxhbmUvbG9ncycKICAgIGRlcGVuZHNfb246CiAgICAgIC0gcGxhbmUtZGIKICAgICAgLSBwbGFuZS1yZWRpcwogIHBsYW5lLWRiOgogICAgZW52aXJvbm1lbnQ6CiAgICAgIC0gJ0FQUF9SRUxFQVNFPSR7QVBQX1JFTEVBU0U6LXYwLjI1LjJ9JwogICAgICAtICdXRUJfVVJMPSR7U0VSVklDRV9GUUROX1BMQU5FfScKICAgICAgLSAnREVCVUc9JHtERUJVRzotMH0nCiAgICAgIC0gJ0NPUlNfQUxMT1dFRF9PUklHSU5TPSR7Q09SU19BTExPV0VEX09SSUdJTjotaHR0cDovL2xvY2FsaG9zdH0nCiAgICAgIC0gJ0dVTklDT1JOX1dPUktFUlM9JHtHVU5JQ09STl9XT1JLRVJTOi0xfScKICAgICAgLSBQR0hPU1Q9cGxhbmUtZGIKICAgICAgLSBQR0RBVEFCQVNFPXBsYW5lCiAgICAgIC0gUE9TVEdSRVNfVVNFUj0kU0VSVklDRV9VU0VSX1BPU1RHUkVTCiAgICAgIC0gUE9TVEdSRVNfUEFTU1dPUkQ9JFNFUlZJQ0VfUEFTU1dPUkRfUE9TVEdSRVMKICAgICAgLSBQT1NUR1JFU19EQj1wbGFuZQogICAgICAtIFBPU1RHUkVTX1BPUlQ9NTQzMgogICAgICAtIFBHREFUQT0vdmFyL2xpYi9wb3N0Z3Jlc3FsL2RhdGEKICAgICAgLSAnREFUQUJBU0VfVVJMPXBvc3RncmVzcWw6Ly8kU0VSVklDRV9VU0VSX1BPU1RHUkVTOiRTRVJWSUNFX1BBU1NXT1JEX1BPU1RHUkVTQHBsYW5lLWRiL3BsYW5lJwogICAgICAtIFJFRElTX0hPU1Q9cGxhbmUtcmVkaXMKICAgICAgLSBSRURJU19QT1JUPTYzNzkKICAgICAgLSAnUkVESVNfVVJMPSR7UkVESVNfVVJMOi1yZWRpczovL3BsYW5lLXJlZGlzOjYzNzkvfScKICAgICAgLSBSQUJCSVRNUV9IT1NUPXBsYW5lLW1xCiAgICAgIC0gJ1JBQkJJVE1RX1BPUlQ9JHtSQUJCSVRNUV9QT1JUOi01NjcyfScKICAgICAgLSAnUkFCQklUTVFfREVGQVVMVF9VU0VSPSR7U0VSVklDRV9VU0VSX1JBQkJJVE1ROi1wbGFuZX0nCiAgICAgIC0gJ1JBQkJJVE1RX0RFRkFVTFRfUEFTUz0ke1NFUlZJQ0VfUEFTU1dPUkRfUkFCQklUTVE6LXBsYW5lfScKICAgICAgLSAnUkFCQklUTVFfREVGQVVMVF9WSE9TVD0ke1JBQkJJVE1RX1ZIT1NUOi1wbGFuZX0nCiAgICAgIC0gJ1JBQkJJVE1RX1ZIT1NUPSR7UkFCQklUTVFfVkhPU1Q6LXBsYW5lfScKICAgICAgLSAnQU1RUF9VUkw9YW1xcDovLyR7U0VSVklDRV9VU0VSX1JBQkJJVE1RfToke1NFUlZJQ0VfUEFTU1dPUkRfUkFCQklUTVF9QHBsYW5lLW1xOiR7UkFCQklUTVFfUE9SVH0vcGxhbmUnCiAgICAgIC0gU0VDUkVUX0tFWT0kU0VSVklDRV9QQVNTV09SRF82NF9TRUNSRVRLRVkKICAgICAgLSAnVVNFX01JTklPPSR7VVNFX01JTklPOi0xfScKICAgICAgLSAnQVdTX1JFR0lPTj0ke0FXU19SRUdJT059JwogICAgICAtIEFXU19BQ0NFU1NfS0VZX0lEPSRTRVJWSUNFX1VTRVJfTUlOSU8KICAgICAgLSBBV1NfU0VDUkVUX0FDQ0VTU19LRVk9JFNFUlZJQ0VfUEFTU1dPUkRfTUlOSU8KICAgICAgLSAnQVdTX1MzX0VORFBPSU5UX1VSTD0ke0FXU19TM19FTkRQT0lOVF9VUkw6LWh0dHA6Ly9wbGFuZS1taW5pbzo5MDAwfScKICAgICAgLSAnQVdTX1MzX0JVQ0tFVF9OQU1FPSR7QVdTX1MzX0JVQ0tFVF9OQU1FOi11cGxvYWRzfScKICAgICAgLSBNSU5JT19ST09UX1VTRVI9JFNFUlZJQ0VfVVNFUl9NSU5JTwogICAgICAtIE1JTklPX1JPT1RfUEFTU1dPUkQ9JFNFUlZJQ0VfUEFTU1dPUkRfTUlOSU8KICAgICAgLSAnQlVDS0VUX05BTUU9JHtCVUNLRVRfTkFNRTotdXBsb2Fkc30nCiAgICAgIC0gJ0ZJTEVfU0laRV9MSU1JVD0ke0ZJTEVfU0laRV9MSU1JVDotNTI0Mjg4MH0nCiAgICAgIC0gJ0FQSV9CQVNFX1VSTD0ke0FQSV9CQVNFX1VSTDotaHR0cDovL2FwaTo4MDAwfScKICAgIGltYWdlOiAncG9zdGdyZXM6MTUuNy1hbHBpbmUnCiAgICBjb21tYW5kOiAicG9zdGdyZXMgLWMgJ21heF9jb25uZWN0aW9ucz0xMDAwJyIKICAgIHZvbHVtZXM6CiAgICAgIC0gJ3BnZGF0YTovdmFyL2xpYi9wb3N0Z3Jlc3FsL2RhdGEnCiAgICBoZWFsdGhjaGVjazoKICAgICAgdGVzdDoKICAgICAgICAtIENNRC1TSEVMTAogICAgICAgIC0gJ3BnX2lzcmVhZHkgLVUgJCR7UE9TVEdSRVNfVVNFUn0gLWQgJCR7UE9TVEdSRVNfREJ9JwogICAgICBpbnRlcnZhbDogNXMKICAgICAgdGltZW91dDogMjBzCiAgICAgIHJldHJpZXM6IDEwCiAgcGxhbmUtcmVkaXM6CiAgICBlbnZpcm9ubWVudDoKICAgICAgLSAnQVBQX1JFTEVBU0U9JHtBUFBfUkVMRUFTRTotdjAuMjUuMn0nCiAgICAgIC0gJ1dFQl9VUkw9JHtTRVJWSUNFX0ZRRE5fUExBTkV9JwogICAgICAtICdERUJVRz0ke0RFQlVHOi0wfScKICAgICAgLSAnQ09SU19BTExPV0VEX09SSUdJTlM9JHtDT1JTX0FMTE9XRURfT1JJR0lOOi1odHRwOi8vbG9jYWxob3N0fScKICAgICAgLSAnR1VOSUNPUk5fV09SS0VSUz0ke0dVTklDT1JOX1dPUktFUlM6LTF9JwogICAgICAtIFBHSE9TVD1wbGFuZS1kYgogICAgICAtIFBHREFUQUJBU0U9cGxhbmUKICAgICAgLSBQT1NUR1JFU19VU0VSPSRTRVJWSUNFX1VTRVJfUE9TVEdSRVMKICAgICAgLSBQT1NUR1JFU19QQVNTV09SRD0kU0VSVklDRV9QQVNTV09SRF9QT1NUR1JFUwogICAgICAtIFBPU1RHUkVTX0RCPXBsYW5lCiAgICAgIC0gUE9TVEdSRVNfUE9SVD01NDMyCiAgICAgIC0gUEdEQVRBPS92YXIvbGliL3Bvc3RncmVzcWwvZGF0YQogICAgICAtICdEQVRBQkFTRV9VUkw9cG9zdGdyZXNxbDovLyRTRVJWSUNFX1VTRVJfUE9TVEdSRVM6JFNFUlZJQ0VfUEFTU1dPUkRfUE9TVEdSRVNAcGxhbmUtZGIvcGxhbmUnCiAgICAgIC0gUkVESVNfSE9TVD1wbGFuZS1yZWRpcwogICAgICAtIFJFRElTX1BPUlQ9NjM3OQogICAgICAtICdSRURJU19VUkw9JHtSRURJU19VUkw6LXJlZGlzOi8vcGxhbmUtcmVkaXM6NjM3OS99JwogICAgICAtIFJBQkJJVE1RX0hPU1Q9cGxhbmUtbXEKICAgICAgLSAnUkFCQklUTVFfUE9SVD0ke1JBQkJJVE1RX1BPUlQ6LTU2NzJ9JwogICAgICAtICdSQUJCSVRNUV9ERUZBVUxUX1VTRVI9JHtTRVJWSUNFX1VTRVJfUkFCQklUTVE6LXBsYW5lfScKICAgICAgLSAnUkFCQklUTVFfREVGQVVMVF9QQVNTPSR7U0VSVklDRV9QQVNTV09SRF9SQUJCSVRNUTotcGxhbmV9JwogICAgICAtICdSQUJCSVRNUV9ERUZBVUxUX1ZIT1NUPSR7UkFCQklUTVFfVkhPU1Q6LXBsYW5lfScKICAgICAgLSAnUkFCQklUTVFfVkhPU1Q9JHtSQUJCSVRNUV9WSE9TVDotcGxhbmV9JwogICAgICAtICdBTVFQX1VSTD1hbXFwOi8vJHtTRVJWSUNFX1VTRVJfUkFCQklUTVF9OiR7U0VSVklDRV9QQVNTV09SRF9SQUJCSVRNUX1AcGxhbmUtbXE6JHtSQUJCSVRNUV9QT1JUfS9wbGFuZScKICAgICAgLSBTRUNSRVRfS0VZPSRTRVJWSUNFX1BBU1NXT1JEXzY0X1NFQ1JFVEtFWQogICAgICAtICdVU0VfTUlOSU89JHtVU0VfTUlOSU86LTF9JwogICAgICAtICdBV1NfUkVHSU9OPSR7QVdTX1JFR0lPTn0nCiAgICAgIC0gQVdTX0FDQ0VTU19LRVlfSUQ9JFNFUlZJQ0VfVVNFUl9NSU5JTwogICAgICAtIEFXU19TRUNSRVRfQUNDRVNTX0tFWT0kU0VSVklDRV9QQVNTV09SRF9NSU5JTwogICAgICAtICdBV1NfUzNfRU5EUE9JTlRfVVJMPSR7QVdTX1MzX0VORFBPSU5UX1VSTDotaHR0cDovL3BsYW5lLW1pbmlvOjkwMDB9JwogICAgICAtICdBV1NfUzNfQlVDS0VUX05BTUU9JHtBV1NfUzNfQlVDS0VUX05BTUU6LXVwbG9hZHN9JwogICAgICAtIE1JTklPX1JPT1RfVVNFUj0kU0VSVklDRV9VU0VSX01JTklPCiAgICAgIC0gTUlOSU9fUk9PVF9QQVNTV09SRD0kU0VSVklDRV9QQVNTV09SRF9NSU5JTwogICAgICAtICdCVUNLRVRfTkFNRT0ke0JVQ0tFVF9OQU1FOi11cGxvYWRzfScKICAgICAgLSAnRklMRV9TSVpFX0xJTUlUPSR7RklMRV9TSVpFX0xJTUlUOi01MjQyODgwfScKICAgICAgLSAnQVBJX0JBU0VfVVJMPSR7QVBJX0JBU0VfVVJMOi1odHRwOi8vYXBpOjgwMDB9JwogICAgaW1hZ2U6ICd2YWxrZXkvdmFsa2V5OjcuMi41LWFscGluZScKICAgIHZvbHVtZXM6CiAgICAgIC0gJ3JlZGlzZGF0YTovZGF0YScKICAgIGhlYWx0aGNoZWNrOgogICAgICB0ZXN0OgogICAgICAgIC0gQ01ECiAgICAgICAgLSByZWRpcy1jbGkKICAgICAgICAtIHBpbmcKICAgICAgaW50ZXJ2YWw6IDVzCiAgICAgIHRpbWVvdXQ6IDIwcwogICAgICByZXRyaWVzOiAxMAogIHBsYW5lLW1xOgogICAgZW52aXJvbm1lbnQ6CiAgICAgIC0gJ0FQUF9SRUxFQVNFPSR7QVBQX1JFTEVBU0U6LXYwLjI1LjJ9JwogICAgICAtICdXRUJfVVJMPSR7U0VSVklDRV9GUUROX1BMQU5FfScKICAgICAgLSAnREVCVUc9JHtERUJVRzotMH0nCiAgICAgIC0gJ0NPUlNfQUxMT1dFRF9PUklHSU5TPSR7Q09SU19BTExPV0VEX09SSUdJTjotaHR0cDovL2xvY2FsaG9zdH0nCiAgICAgIC0gJ0dVTklDT1JOX1dPUktFUlM9JHtHVU5JQ09STl9XT1JLRVJTOi0xfScKICAgICAgLSBQR0hPU1Q9cGxhbmUtZGIKICAgICAgLSBQR0RBVEFCQVNFPXBsYW5lCiAgICAgIC0gUE9TVEdSRVNfVVNFUj0kU0VSVklDRV9VU0VSX1BPU1RHUkVTCiAgICAgIC0gUE9TVEdSRVNfUEFTU1dPUkQ9JFNFUlZJQ0VfUEFTU1dPUkRfUE9TVEdSRVMKICAgICAgLSBQT1NUR1JFU19EQj1wbGFuZQogICAgICAtIFBPU1RHUkVTX1BPUlQ9NTQzMgogICAgICAtIFBHREFUQT0vdmFyL2xpYi9wb3N0Z3Jlc3FsL2RhdGEKICAgICAgLSAnREFUQUJBU0VfVVJMPXBvc3RncmVzcWw6Ly8kU0VSVklDRV9VU0VSX1BPU1RHUkVTOiRTRVJWSUNFX1BBU1NXT1JEX1BPU1RHUkVTQHBsYW5lLWRiL3BsYW5lJwogICAgICAtIFJFRElTX0hPU1Q9cGxhbmUtcmVkaXMKICAgICAgLSBSRURJU19QT1JUPTYzNzkKICAgICAgLSAnUkVESVNfVVJMPSR7UkVESVNfVVJMOi1yZWRpczovL3BsYW5lLXJlZGlzOjYzNzkvfScKICAgICAgLSBSQUJCSVRNUV9IT1NUPXBsYW5lLW1xCiAgICAgIC0gJ1JBQkJJVE1RX1BPUlQ9JHtSQUJCSVRNUV9QT1JUOi01NjcyfScKICAgICAgLSAnUkFCQklUTVFfREVGQVVMVF9VU0VSPSR7U0VSVklDRV9VU0VSX1JBQkJJVE1ROi1wbGFuZX0nCiAgICAgIC0gJ1JBQkJJVE1RX0RFRkFVTFRfUEFTUz0ke1NFUlZJQ0VfUEFTU1dPUkRfUkFCQklUTVE6LXBsYW5lfScKICAgICAgLSAnUkFCQklUTVFfREVGQVVMVF9WSE9TVD0ke1JBQkJJVE1RX1ZIT1NUOi1wbGFuZX0nCiAgICAgIC0gJ1JBQkJJVE1RX1ZIT1NUPSR7UkFCQklUTVFfVkhPU1Q6LXBsYW5lfScKICAgICAgLSAnQU1RUF9VUkw9YW1xcDovLyR7U0VSVklDRV9VU0VSX1JBQkJJVE1RfToke1NFUlZJQ0VfUEFTU1dPUkRfUkFCQklUTVF9QHBsYW5lLW1xOiR7UkFCQklUTVFfUE9SVH0vcGxhbmUnCiAgICAgIC0gU0VDUkVUX0tFWT0kU0VSVklDRV9QQVNTV09SRF82NF9TRUNSRVRLRVkKICAgICAgLSAnVVNFX01JTklPPSR7VVNFX01JTklPOi0xfScKICAgICAgLSAnQVdTX1JFR0lPTj0ke0FXU19SRUdJT059JwogICAgICAtIEFXU19BQ0NFU1NfS0VZX0lEPSRTRVJWSUNFX1VTRVJfTUlOSU8KICAgICAgLSBBV1NfU0VDUkVUX0FDQ0VTU19LRVk9JFNFUlZJQ0VfUEFTU1dPUkRfTUlOSU8KICAgICAgLSAnQVdTX1MzX0VORFBPSU5UX1VSTD0ke0FXU19TM19FTkRQT0lOVF9VUkw6LWh0dHA6Ly9wbGFuZS1taW5pbzo5MDAwfScKICAgICAgLSAnQVdTX1MzX0JVQ0tFVF9OQU1FPSR7QVdTX1MzX0JVQ0tFVF9OQU1FOi11cGxvYWRzfScKICAgICAgLSBNSU5JT19ST09UX1VTRVI9JFNFUlZJQ0VfVVNFUl9NSU5JTwogICAgICAtIE1JTklPX1JPT1RfUEFTU1dPUkQ9JFNFUlZJQ0VfUEFTU1dPUkRfTUlOSU8KICAgICAgLSAnQlVDS0VUX05BTUU9JHtCVUNLRVRfTkFNRTotdXBsb2Fkc30nCiAgICAgIC0gJ0ZJTEVfU0laRV9MSU1JVD0ke0ZJTEVfU0laRV9MSU1JVDotNTI0Mjg4MH0nCiAgICAgIC0gJ0FQSV9CQVNFX1VSTD0ke0FQSV9CQVNFX1VSTDotaHR0cDovL2FwaTo4MDAwfScKICAgIGltYWdlOiAncmFiYml0bXE6My4xMy42LW1hbmFnZW1lbnQtYWxwaW5lJwogICAgcmVzdGFydDogYWx3YXlzCiAgICB2b2x1bWVzOgogICAgICAtICdyYWJiaXRtcV9kYXRhOi92YXIvbGliL3JhYmJpdG1xJwogICAgaGVhbHRoY2hlY2s6CiAgICAgIHRlc3Q6ICdyYWJiaXRtcS1kaWFnbm9zdGljcyAtcSBwaW5nJwogICAgICBpbnRlcnZhbDogMzBzCiAgICAgIHRpbWVvdXQ6IDMwcwogICAgICByZXRyaWVzOiAzCiAgcGxhbmUtbWluaW86CiAgICBlbnZpcm9ubWVudDoKICAgICAgLSAnQVBQX1JFTEVBU0U9JHtBUFBfUkVMRUFTRTotdjAuMjUuMn0nCiAgICAgIC0gJ1dFQl9VUkw9JHtTRVJWSUNFX0ZRRE5fUExBTkV9JwogICAgICAtICdERUJVRz0ke0RFQlVHOi0wfScKICAgICAgLSAnQ09SU19BTExPV0VEX09SSUdJTlM9JHtDT1JTX0FMTE9XRURfT1JJR0lOOi1odHRwOi8vbG9jYWxob3N0fScKICAgICAgLSAnR1VOSUNPUk5fV09SS0VSUz0ke0dVTklDT1JOX1dPUktFUlM6LTF9JwogICAgICAtIFBHSE9TVD1wbGFuZS1kYgogICAgICAtIFBHREFUQUJBU0U9cGxhbmUKICAgICAgLSBQT1NUR1JFU19VU0VSPSRTRVJWSUNFX1VTRVJfUE9TVEdSRVMKICAgICAgLSBQT1NUR1JFU19QQVNTV09SRD0kU0VSVklDRV9QQVNTV09SRF9QT1NUR1JFUwogICAgICAtIFBPU1RHUkVTX0RCPXBsYW5lCiAgICAgIC0gUE9TVEdSRVNfUE9SVD01NDMyCiAgICAgIC0gUEdEQVRBPS92YXIvbGliL3Bvc3RncmVzcWwvZGF0YQogICAgICAtICdEQVRBQkFTRV9VUkw9cG9zdGdyZXNxbDovLyRTRVJWSUNFX1VTRVJfUE9TVEdSRVM6JFNFUlZJQ0VfUEFTU1dPUkRfUE9TVEdSRVNAcGxhbmUtZGIvcGxhbmUnCiAgICAgIC0gUkVESVNfSE9TVD1wbGFuZS1yZWRpcwogICAgICAtIFJFRElTX1BPUlQ9NjM3OQogICAgICAtICdSRURJU19VUkw9JHtSRURJU19VUkw6LXJlZGlzOi8vcGxhbmUtcmVkaXM6NjM3OS99JwogICAgICAtIFJBQkJJVE1RX0hPU1Q9cGxhbmUtbXEKICAgICAgLSAnUkFCQklUTVFfUE9SVD0ke1JBQkJJVE1RX1BPUlQ6LTU2NzJ9JwogICAgICAtICdSQUJCSVRNUV9ERUZBVUxUX1VTRVI9JHtTRVJWSUNFX1VTRVJfUkFCQklUTVE6LXBsYW5lfScKICAgICAgLSAnUkFCQklUTVFfREVGQVVMVF9QQVNTPSR7U0VSVklDRV9QQVNTV09SRF9SQUJCSVRNUTotcGxhbmV9JwogICAgICAtICdSQUJCSVRNUV9ERUZBVUxUX1ZIT1NUPSR7UkFCQklUTVFfVkhPU1Q6LXBsYW5lfScKICAgICAgLSAnUkFCQklUTVFfVkhPU1Q9JHtSQUJCSVRNUV9WSE9TVDotcGxhbmV9JwogICAgICAtICdBTVFQX1VSTD1hbXFwOi8vJHtTRVJWSUNFX1VTRVJfUkFCQklUTVF9OiR7U0VSVklDRV9QQVNTV09SRF9SQUJCSVRNUX1AcGxhbmUtbXE6JHtSQUJCSVRNUV9QT1JUfS9wbGFuZScKICAgICAgLSBTRUNSRVRfS0VZPSRTRVJWSUNFX1BBU1NXT1JEXzY0X1NFQ1JFVEtFWQogICAgICAtICdVU0VfTUlOSU89JHtVU0VfTUlOSU86LTF9JwogICAgICAtICdBV1NfUkVHSU9OPSR7QVdTX1JFR0lPTn0nCiAgICAgIC0gQVdTX0FDQ0VTU19LRVlfSUQ9JFNFUlZJQ0VfVVNFUl9NSU5JTwogICAgICAtIEFXU19TRUNSRVRfQUNDRVNTX0tFWT0kU0VSVklDRV9QQVNTV09SRF9NSU5JTwogICAgICAtICdBV1NfUzNfRU5EUE9JTlRfVVJMPSR7QVdTX1MzX0VORFBPSU5UX1VSTDotaHR0cDovL3BsYW5lLW1pbmlvOjkwMDB9JwogICAgICAtICdBV1NfUzNfQlVDS0VUX05BTUU9JHtBV1NfUzNfQlVDS0VUX05BTUU6LXVwbG9hZHN9JwogICAgICAtIE1JTklPX1JPT1RfVVNFUj0kU0VSVklDRV9VU0VSX01JTklPCiAgICAgIC0gTUlOSU9fUk9PVF9QQVNTV09SRD0kU0VSVklDRV9QQVNTV09SRF9NSU5JTwogICAgICAtICdCVUNLRVRfTkFNRT0ke0JVQ0tFVF9OQU1FOi11cGxvYWRzfScKICAgICAgLSAnRklMRV9TSVpFX0xJTUlUPSR7RklMRV9TSVpFX0xJTUlUOi01MjQyODgwfScKICAgICAgLSAnQVBJX0JBU0VfVVJMPSR7QVBJX0JBU0VfVVJMOi1odHRwOi8vYXBpOjgwMDB9JwogICAgaW1hZ2U6ICdtaW5pby9taW5pbzpsYXRlc3QnCiAgICBjb21tYW5kOiAnc2VydmVyIC9leHBvcnQgLS1jb25zb2xlLWFkZHJlc3MgIjo5MDkwIicKICAgIHZvbHVtZXM6CiAgICAgIC0gJ3VwbG9hZHM6L2V4cG9ydCcKICAgIGhlYWx0aGNoZWNrOgogICAgICB0ZXN0OgogICAgICAgIC0gQ01ECiAgICAgICAgLSBtYwogICAgICAgIC0gcmVhZHkKICAgICAgICAtIGxvY2FsCiAgICAgIGludGVydmFsOiA1cwogICAgICB0aW1lb3V0OiAyMHMKICAgICAgcmV0cmllczogMTAK",
         "tags": [
             "plane",
             "project-management",
@@ -3172,6 +3186,26 @@
         "minversion": "0.0.0",
         "port": "80"
     },
+    "wakapi": {
+        "documentation": "https://wakapi.dev/?utm_source=coolify.io",
+        "slogan": "A minimalist, self-hosted WakaTime-compatible backend for coding statistics",
+        "compose": "c2VydmljZXM6CiAgd2FrYXBpOgogICAgaW1hZ2U6ICdnaGNyLmlvL211ZXR5L3dha2FwaTpsYXRlc3QnCiAgICBlbnZpcm9ubWVudDoKICAgICAgLSBTRVJWSUNFX0ZRRE5fV0FLQVBJXzMwMDAKICAgICAgLSAnVFo9JHtUSU1FWk9ORTotRXVyb3BlL0Jlcmxpbn0nCiAgICAgIC0gJ1dBS0FQSV9TRVJWRVJfTElTVEVOX0lQVjY9Ii0iJwogICAgICAtICdXQUtBUElfRU5WPSR7V0FLQVBJX0VOVklST05NRU5UOi1wcm9kdWN0aW9ufScKICAgICAgLSAnV0FLQVBJX1NFQ1VSSVRZX1BBU1NXT1JEX1NBTFQ9JHtTRVJWSUNFX0JBU0U2NF82NF9QQVNTV09SRFNBTFR9JwogICAgICAtICdXQUtBUElfU0VDVVJJVFlfRVhQT1NFX01FVFJJQ1M9JHtXQUtBUElfU0VDVVJJVFlfRVhQT1NFX01FVFJJQ1M6LWZhbHNlfScKICAgICAgLSBXQUtBUElfREJfVFlQRT1wb3N0Z3JlcwogICAgICAtICdXQUtBUElfREJfTkFNRT0ke1dBS0FQSV9EQl9OQU1FOi13YWthcGl9JwogICAgICAtICdXQUtBUElfREJfVVNFUj0ke1NFUlZJQ0VfVVNFUl9EQVRBQkFTRX0nCiAgICAgIC0gJ1dBS0FQSV9EQl9QQVNTV09SRD0ke1NFUlZJQ0VfUEFTU1dPUkRfREFUQUJBU0V9JwogICAgICAtICdXQUtBUElfREJfSE9TVD0ke1dBS0FQSV9EQl9IT1NUOi1wb3N0Z3Jlc30nCiAgICAgIC0gJ1dBS0FQSV9EQl9QT1JUPSR7V0FLQVBJX0RCX1BPUlQ6LTU0MzJ9JwogICAgICAtICdXQUtBUElfTUFJTF9FTkFCTEVEPSR7V0FLQVBJX01BSUxfRU5BQkxFRDotZmFsc2V9JwogICAgICAtIFdBS0FQSV9NQUlMX1BST1ZJREVSPXNtdHAKICAgICAgLSAnV0FLQVBJX01BSUxfU0VOREVSPSR7V0FLQVBJX01BSUxfU0VOREVSfScKICAgICAgLSAnV0FLQVBJX01BSUxfU01UUF9IT1NUPSR7V0FLQVBJX01BSUxfU01UUF9IT1NUfScKICAgICAgLSAnV0FLQVBJX01BSUxfU01UUF9QT1JUPSR7V0FLQVBJX01BSUxfU01UUF9QT1JUOi01ODd9JwogICAgICAtICdXQUtBUElfTUFJTF9TTVRQX1VTRVJOQU1FPSR7V0FLQVBJX01BSUxfU01UUF9VU0VSTkFNRX0nCiAgICAgIC0gJ1dBS0FQSV9NQUlMX1NNVFBfUEFTU1dPUkQ9JHtXQUtBUElfTUFJTF9TTVRQX1BBU1NXT1JEfScKICAgIHZvbHVtZXM6CiAgICAgIC0gJ3dha2FwaS1kYXRhOi9kYXRhJwogICAgZGVwZW5kc19vbjoKICAgICAgcG9zdGdyZXM6CiAgICAgICAgY29uZGl0aW9uOiBzZXJ2aWNlX2hlYWx0aHkKICAgIGhlYWx0aGNoZWNrOgogICAgICB0ZXN0OgogICAgICAgIC0gQ01ELVNIRUxMCiAgICAgICAgLSAnd2dldCAtcU8tIGh0dHA6Ly8xMjcuMC4wLjE6MzAwMC8nCiAgICAgIGludGVydmFsOiAycwogICAgICB0aW1lb3V0OiAxMHMKICAgICAgcmV0cmllczogMTUKICBwb3N0Z3JlczoKICAgIGltYWdlOiAncG9zdGdyZXM6MTYtYWxwaW5lJwogICAgdm9sdW1lczoKICAgICAgLSAnd2FrYXBpLXBvc3RncmVzLWRhdGE6L3Zhci9saWIvcG9zdGdyZXNxbC9kYXRhJwogICAgZW52aXJvbm1lbnQ6CiAgICAgIC0gJ1BPU1RHUkVTX1VTRVI9JHtTRVJWSUNFX1VTRVJfREFUQUJBU0V9JwogICAgICAtICdQT1NUR1JFU19QQVNTV09SRD0ke1NFUlZJQ0VfUEFTU1dPUkRfREFUQUJBU0V9JwogICAgICAtICdQT1NUR1JFU19EQj0ke1dBS0FQSV9EQl9OQU1FOi13YWthcGl9JwogICAgICAtICdQT1NUR1JFU19QT1JUPSR7V0FLQVBJX0RCX1BPUlQ6LTU0MzJ9JwogICAgaGVhbHRoY2hlY2s6CiAgICAgIHRlc3Q6CiAgICAgICAgLSBDTUQtU0hFTEwKICAgICAgICAtICdwZ19pc3JlYWR5IC1VICQke1BPU1RHUkVTX1VTRVJ9IC1kICQke1BPU1RHUkVTX0RCfScKICAgICAgaW50ZXJ2YWw6IDVzCiAgICAgIHRpbWVvdXQ6IDIwcwogICAgICByZXRyaWVzOiAxMAo=",
+        "tags": [
+            "productivity",
+            "self-hosted",
+            "developer-tools",
+            "time-tracker",
+            "wakatime",
+            "wakatime-api",
+            "coding-statistics",
+            "statistics",
+            "timetracking",
+            "analytics"
+        ],
+        "logo": "svgs/wakapi.svg",
+        "minversion": "0.0.0",
+        "port": "3000"
+    },
     "weaviate": {
         "documentation": "https://weaviate.io/developers/weaviate?utm_source=coolify.io",
         "slogan": "Weaviate is an open-source vector database that stores both objects and vectors, allowing for combining vector search with structured filtering.",

From 8aef5df5390d35aa430933edf123da3ac0d04ee0 Mon Sep 17 00:00:00 2001
From: Darren Sisson <darrensisson@hotmail.com>
Date: Mon, 17 Mar 2025 17:52:34 +0000
Subject: [PATCH 143/145] change cleanup logic when restarting containers

---
 app/Actions/Database/StopDatabase.php | 2 +-
 app/Actions/Service/StopService.php   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/Actions/Database/StopDatabase.php b/app/Actions/Database/StopDatabase.php
index e4cea7cee..de4eaa31f 100644
--- a/app/Actions/Database/StopDatabase.php
+++ b/app/Actions/Database/StopDatabase.php
@@ -26,7 +26,7 @@ class StopDatabase
         }
 
         $this->stopContainer($database, $database->uuid, 300);
-        if (! $isDeleteOperation) {
+        if ($isDeleteOperation) {
             if ($dockerCleanup) {
                 CleanupDocker::dispatch($server, true);
             }
diff --git a/app/Actions/Service/StopService.php b/app/Actions/Service/StopService.php
index 95b08b437..e16dd5616 100644
--- a/app/Actions/Service/StopService.php
+++ b/app/Actions/Service/StopService.php
@@ -23,7 +23,7 @@ class StopService
             $containersToStop = $service->getContainersToStop();
             $service->stopContainers($containersToStop, $server);
 
-            if (! $isDeleteOperation) {
+            if ($isDeleteOperation) {
                 $service->delete_connected_networks($service->uuid);
                 if ($dockerCleanup) {
                     CleanupDocker::dispatch($server, true);

From 1b9787384b49b3377940eb2729469aa1563309fb Mon Sep 17 00:00:00 2001
From: Andras Bacsai <5845193+andrasbacsai@users.noreply.github.com>
Date: Tue, 18 Mar 2025 10:22:39 +0100
Subject: [PATCH 144/145] docs(CONTRIBUTING): add note about Laravel Horizon
 accessibility

---
 CONTRIBUTING.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index dba3676cf..c055f1009 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -136,6 +136,7 @@ After installing Docker (or Orbstack) and Spin, verify the installation:
    - Password: `password`
 
 2. Additional development tools:
+
    | Tool | URL | Note |
    |------|-----|------|
    | Laravel Horizon (scheduler) | `http://localhost:8000/horizon` | Only accessible when logged in as root user |

From 499fc9cced369eed258d021f420ac39bc2b4300c Mon Sep 17 00:00:00 2001
From: Andras Bacsai <5845193+andrasbacsai@users.noreply.github.com>
Date: Tue, 18 Mar 2025 10:53:29 +0100
Subject: [PATCH 145/145] feat(templates): add Freescout service template

---
 templates/service-templates.json | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/templates/service-templates.json b/templates/service-templates.json
index cf6d49de2..c1c076a33 100644
--- a/templates/service-templates.json
+++ b/templates/service-templates.json
@@ -1039,6 +1039,20 @@
         "minversion": "0.0.0",
         "port": "30000"
     },
+    "freescout": {
+        "documentation": "https://github.com/freescout-help-desk/freescout/wiki/?utm_source=coolify.io",
+        "slogan": "FreeScout is the super lightweight and powerful free open source help desk and shared inbox written in PHP (Laravel framework).",
+        "compose": "c2VydmljZXM6CiAgZnJlZXNjb3V0OgogICAgaW1hZ2U6ICd0aXJlZG9maXQvZnJlZXNjb3V0OmxhdGVzdCcKICAgIHZvbHVtZXM6CiAgICAgIC0gJ2ZyZWVzY291dC1kYXRhOi9kYXRhJwogICAgICAtICdmcmVlc2NvdXQtbG9nczovd3d3L2xvZ3MnCiAgICBkZXBlbmRzX29uOgogICAgICBtYXJpYWRiOgogICAgICAgIGNvbmRpdGlvbjogc2VydmljZV9oZWFsdGh5CiAgICBlbnZpcm9ubWVudDoKICAgICAgLSBTRVJWSUNFX0ZRRE5fRlJFRVNDT1VUXzgwCiAgICAgIC0gREJfSE9TVD1tYXJpYWRiCiAgICAgIC0gJ0RCX05BTUU9JHtNQVJJQURCX0RBVEFCQVNFOi1mcmVlc2NvdXR9JwogICAgICAtICdEQl9VU0VSPSR7U0VSVklDRV9VU0VSX01BUklBREI6LWZyZWVzY291dH0nCiAgICAgIC0gJ0RCX1BBU1M9JHtTRVJWSUNFX1BBU1NXT1JEX01BUklBREJ9JwogICAgICAtICdTSVRFX1VSTD0ke1NFUlZJQ0VfRlFETl9GUkVFU0NPVVR9JwogICAgICAtICdBRE1JTl9FTUFJTD0ke0FETUlOX0VNQUlMOi1hZG1pbkBleGFtcGxlLmNvbX0nCiAgICAgIC0gJ0FETUlOX1BBU1M9JHtTRVJWSUNFX1BBU1NXT1JEX0FETUlOfScKICAgICAgLSAnRElTUExBWV9FUlJPUlM9JHtESVNQTEFZX0VSUk9SUzotRkFMU0V9JwogICAgICAtICdUSU1FWk9ORT0ke1RJTUVaT05FOi1VVEN9JwogICAgaGVhbHRoY2hlY2s6CiAgICAgIHRlc3Q6CiAgICAgICAgLSBDTUQKICAgICAgICAtIGN1cmwKICAgICAgICAtICctZicKICAgICAgICAtICdodHRwOi8vMTI3LjAuMC4xJwogICAgICBzdGFydF9wZXJpb2Q6IDEwcwogICAgICBpbnRlcnZhbDogNXMKICAgICAgdGltZW91dDogMTBzCiAgICAgIHJldHJpZXM6IDE1CiAgbWFyaWFkYjoKICAgIGltYWdlOiBtYXJpYWRiCiAgICB2b2x1bWVzOgogICAgICAtICdtYXJpYWRiLWRhdGE6L3Zhci9saWIvbXlzcWwnCiAgICBlbnZpcm9ubWVudDoKICAgICAgLSAnTUFSSUFEQl9ST09UX1BBU1NXT1JEPSR7U0VSVklDRV9QQVNTV09SRF9ST09UfScKICAgICAgLSAnTUFSSUFEQl9EQVRBQkFTRT0ke01BUklBREJfREFUQUJBU0V9JwogICAgICAtICdNQVJJQURCX1VTRVI9JHtTRVJWSUNFX1VTRVJfTUFSSUFEQn0nCiAgICAgIC0gJ01BUklBREJfUEFTU1dPUkQ9JHtTRVJWSUNFX1BBU1NXT1JEX01BUklBREJ9JwogICAgaGVhbHRoY2hlY2s6CiAgICAgIHRlc3Q6CiAgICAgICAgLSBDTUQKICAgICAgICAtIGhlYWx0aGNoZWNrLnNoCiAgICAgICAgLSAnLS1jb25uZWN0JwogICAgICAgIC0gJy0taW5ub2RiX2luaXRpYWxpemVkJwogICAgICBzdGFydF9wZXJpb2Q6IDEwcwogICAgICBpbnRlcnZhbDogNXMKICAgICAgdGltZW91dDogMTBzCiAgICAgIHJldHJpZXM6IDE1Cg==",
+        "tags": [
+            "helpdesk",
+            "support",
+            "ticketing",
+            "customer-support"
+        ],
+        "logo": "svgs/freescout.png",
+        "minversion": "0.0.0",
+        "port": "80"
+    },
     "freshrss-with-mariadb": {
         "documentation": "https://freshrss.org/index.html?utm_source=coolify.io",
         "slogan": "A free, self-hostable feed aggregator.",
@@ -1579,7 +1593,7 @@
     "kimai": {
         "documentation": "https://www.kimai.org/?utm_source=coolify.io",
         "slogan": "Open source time-tracking app.",
-        "compose": "c2VydmljZXM6CiAgbXlzcWw6CiAgICBpbWFnZTogJ215c3FsOjgnCiAgICB2b2x1bWVzOgogICAgICAtICdraW1haS1teXNxbC1kYXRhOi92YXIvbGliL215c3FsJwogICAgZW52aXJvbm1lbnQ6CiAgICAgIC0gJ01ZU1FMX0RBVEFCQVNFPSR7TVlTUUxfREFUQUJBU0U6LWtpbWFpfScKICAgICAgLSAnTVlTUUxfVVNFUj0ke1NFUlZJQ0VfVVNFUl9NWVNRTH0nCiAgICAgIC0gJ01ZU1FMX1BBU1NXT1JEPSR7U0VSVklDRV9QQVNTV09SRF9NWVNRTH0nCiAgICAgIC0gJ01ZU1FMX1JPT1RfUEFTU1dPUkQ9JHtTRVJWSUNFX1BBU1NXT1JEX1JPT1R9JwogICAgY29tbWFuZDogJy0tZGVmYXVsdC1zdG9yYWdlLWVuZ2luZSBpbm5vZGInCiAgICBoZWFsdGhjaGVjazoKICAgICAgdGVzdDoKICAgICAgICAtIENNRAogICAgICAgIC0gbXlzcWxhZG1pbgogICAgICAgIC0gcGluZwogICAgICAgIC0gJy1oJwogICAgICAgIC0gMTI3LjAuMC4xCiAgICAgIGludGVydmFsOiA1cwogICAgICB0aW1lb3V0OiAyMHMKICAgICAgcmV0cmllczogMTAKICBraW1haToKICAgIGltYWdlOiAna2ltYWkva2ltYWkyOmFwYWNoZS1sYXRlc3QnCiAgICBjb250YWluZXJfbmFtZToga2ltYWkKICAgIGRlcGVuZHNfb246CiAgICAgIG15c3FsOgogICAgICAgIGNvbmRpdGlvbjogc2VydmljZV9oZWFsdGh5CiAgICB2b2x1bWVzOgogICAgICAtICdraW1haS1kYXRhOi9vcHQva2ltYWkvdmFyL2RhdGEnCiAgICBlbnZpcm9ubWVudDoKICAgICAgLSBTRVJWSUNFX0ZRRE5fS0lNQUlfODAwMQogICAgICAtICdBUFBfU0VDUkVUPSR7U0VSVklDRV9QQVNTV09SRF9BUFBTRUNSRVR9JwogICAgICAtICdNQUlMRVJfRlJPTT0ke01BSUxFUl9GUk9NOi1raW1haUBleGFtcGxlLmNvbX0nCiAgICAgIC0gJ01BSUxFUl9VUkw9JHtNQUlMRVJfVVJMOi1udWxsOi8vbnVsbH0nCiAgICAgIC0gJ0FETUlOTUFJTD0ke0FETUlOTUFJTDotYWRtaW5Aa2ltYWkubG9jYWx9JwogICAgICAtICdBRE1JTlBBU1M9JHtTRVJWSUNFX1BBU1NXT1JEX0FETUlOUEFTU30nCiAgICAgIC0gJ0RBVEFCQVNFX1VSTD1teXNxbDovLyR7U0VSVklDRV9VU0VSX01ZU1FMfToke1NFUlZJQ0VfUEFTU1dPUkRfTVlTUUx9QG15c3FsLyR7TVlTUUxfREFUQUJBU0V9P2NoYXJzZXQ9dXRmOG1iNCZzZXJ2ZXJWZXJzaW9uPTguMy4wJwogICAgICAtIFRSVVNURURfSE9TVFM9bG9jYWxob3N0CiAgICBoZWFsdGhjaGVjazoKICAgICAgdGVzdDoKICAgICAgICAtIENNRAogICAgICAgIC0gY3VybAogICAgICAgIC0gJy1mJwogICAgICAgIC0gJ2h0dHA6Ly8xMjcuMC4wLjE6ODAwMScKICAgICAgaW50ZXJ2YWw6IDJzCiAgICAgIHRpbWVvdXQ6IDEwcwogICAgICByZXRyaWVzOiAxNQo=",
+        "compose": "c2VydmljZXM6CiAgbXlzcWw6CiAgICBpbWFnZTogJ215c3FsOjgnCiAgICB2b2x1bWVzOgogICAgICAtICdraW1haS1teXNxbC1kYXRhOi92YXIvbGliL215c3FsJwogICAgZW52aXJvbm1lbnQ6CiAgICAgIC0gJ01ZU1FMX0RBVEFCQVNFPSR7TVlTUUxfREFUQUJBU0U6LWtpbWFpfScKICAgICAgLSAnTVlTUUxfVVNFUj0ke1NFUlZJQ0VfVVNFUl9NWVNRTH0nCiAgICAgIC0gJ01ZU1FMX1BBU1NXT1JEPSR7U0VSVklDRV9QQVNTV09SRF9NWVNRTH0nCiAgICAgIC0gJ01ZU1FMX1JPT1RfUEFTU1dPUkQ9JHtTRVJWSUNFX1BBU1NXT1JEX1JPT1R9JwogICAgY29tbWFuZDogJy0tZGVmYXVsdC1zdG9yYWdlLWVuZ2luZSBpbm5vZGInCiAgICBoZWFsdGhjaGVjazoKICAgICAgdGVzdDoKICAgICAgICAtIENNRAogICAgICAgIC0gbXlzcWxhZG1pbgogICAgICAgIC0gcGluZwogICAgICAgIC0gJy1oJwogICAgICAgIC0gMTI3LjAuMC4xCiAgICAgIGludGVydmFsOiA1cwogICAgICB0aW1lb3V0OiAyMHMKICAgICAgcmV0cmllczogMTAKICBraW1haToKICAgIGltYWdlOiAna2ltYWkva2ltYWkyOmFwYWNoZScKICAgIGNvbnRhaW5lcl9uYW1lOiBraW1haQogICAgZGVwZW5kc19vbjoKICAgICAgbXlzcWw6CiAgICAgICAgY29uZGl0aW9uOiBzZXJ2aWNlX2hlYWx0aHkKICAgIHZvbHVtZXM6CiAgICAgIC0gJ2tpbWFpLWRhdGE6L29wdC9raW1haS92YXIvZGF0YScKICAgIGVudmlyb25tZW50OgogICAgICAtIFNFUlZJQ0VfRlFETl9LSU1BSV84MDAxCiAgICAgIC0gJ0FQUF9TRUNSRVQ9JHtTRVJWSUNFX1BBU1NXT1JEX0FQUFNFQ1JFVH0nCiAgICAgIC0gJ01BSUxFUl9GUk9NPSR7TUFJTEVSX0ZST006LWtpbWFpQGV4YW1wbGUuY29tfScKICAgICAgLSAnTUFJTEVSX1VSTD0ke01BSUxFUl9VUkw6LW51bGw6Ly9udWxsfScKICAgICAgLSAnQURNSU5NQUlMPSR7QURNSU5NQUlMOi1hZG1pbkBraW1haS5sb2NhbH0nCiAgICAgIC0gJ0FETUlOUEFTUz0ke1NFUlZJQ0VfUEFTU1dPUkRfQURNSU5QQVNTfScKICAgICAgLSAnREFUQUJBU0VfVVJMPW15c3FsOi8vJHtTRVJWSUNFX1VTRVJfTVlTUUx9OiR7U0VSVklDRV9QQVNTV09SRF9NWVNRTH1AbXlzcWwvJHtNWVNRTF9EQVRBQkFTRX0/Y2hhcnNldD11dGY4bWI0JnNlcnZlclZlcnNpb249OC4zLjAnCiAgICAgIC0gVFJVU1RFRF9IT1NUUz1sb2NhbGhvc3QKICAgIGhlYWx0aGNoZWNrOgogICAgICB0ZXN0OgogICAgICAgIC0gQ01ECiAgICAgICAgLSBjdXJsCiAgICAgICAgLSAnLWYnCiAgICAgICAgLSAnaHR0cDovLzEyNy4wLjAuMTo4MDAxJwogICAgICBpbnRlcnZhbDogMnMKICAgICAgdGltZW91dDogMTBzCiAgICAgIHJldHJpZXM6IDE1Cg==",
         "tags": [
             "time-tracking",
             "open-source"