From 09538ef6a23e9c2b540b8e25f097475794275881 Mon Sep 17 00:00:00 2001
From: jeanjerome <jeanjerome.levy@gmail.com>
Date: Fri, 8 Sep 2023 13:20:48 +0200
Subject: [PATCH 1/4] ref(14): Change the logo

---
 .github/workflows/workflow.yml                |   2 +-
 Jenkinsfile                                   |   8 +-
 README.md                                     |  34 ++---
 config/json-schema/workflow-schema.json       |   4 +-
 config/k8s/containers-init.yaml               |   4 +-
 config/workflow-default.json                  |   2 +-
 contrib/build.sh                              |  14 +-
 contrib/make_doc.sh                           |   2 +-
 contrib/make_package_json.sh                  |  12 +-
 contrib/release.sh                            |   2 +-
 docker/basic/alpine/Dockerfile.02             |   2 +-
 docker/basic/alpine/Dockerfile.03             |   2 +-
 docker/basic/scratch/Dockerfile               |   2 +-
 docker/basic/ubi/Dockerfile                   |   2 +-
 docker/build-all-images.sh                    |   4 +-
 docs/images/wizard.png                        | Bin 0 -> 40681 bytes
 docs/src/lib/common.md                        |   2 +-
 docs/src/lib/log.md                           |   6 +-
 docs/src/lib/platform.md                      |   2 +-
 docs/src/lib/project.md                       |   2 +-
 docs/src/lib/tooling.md                       |   2 +-
 docs/src/lib/workflow.md                      |   2 +-
 makefile                                      |   2 +-
 package.json                                  |   8 +-
 resources/config/banner/wild.txt              |  12 --
 resources/config/banner/wizard.txt            |  12 ++
 resources/config/k8s/containers-init.yaml     |   4 +-
 spec/banner.md                                |  12 +-
 spec/lib/log_spec.sh                          |   4 +-
 spec/lib/project_spec.sh                      |  10 +-
 spec/lib/tooling_spec.sh                      |   4 +-
 spec/lib/workflow_spec.sh                     |  16 +--
 src/lib/ext/gendoc.sh                         |   2 +-
 src/lib/log.sh                                |   2 +-
 src/lib/tooling.sh                            |   2 +-
 src/lib/workflow.sh                           |  10 +-
 src/wild.sh                                   |  55 --------
 src/wizard.sh                                 |  54 ++++++++
 test/config/test-workflow-default.json        |   4 +-
 test/config/workflow-action.json              |   2 +-
 test/config/workflow-default.json             |   4 +-
 test/gitlab/install.sh                        |  29 ++--
 test/jenkins/README.md                        |   2 +-
 test/jenkins/config/casc.yaml                 |  12 +-
 test/jenkins/config/exported-jenkins.yaml     | 129 ------------------
 .../config/secrets-template.properties        |   2 +-
 test/jenkins/install.sh                       |   2 +
 vars/containerConfig.groovy                   |   2 +-
 ...dPipeline.groovy => wizardPipeline.groovy} |  28 ++--
 49 files changed, 211 insertions(+), 326 deletions(-)
 create mode 100644 docs/images/wizard.png
 delete mode 100644 resources/config/banner/wild.txt
 create mode 100644 resources/config/banner/wizard.txt
 delete mode 100755 src/wild.sh
 create mode 100755 src/wizard.sh
 delete mode 100644 test/jenkins/config/exported-jenkins.yaml
 rename vars/{wildPipeline.groovy => wizardPipeline.groovy} (84%)

diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml
index 485d49d..56060c5 100644
--- a/.github/workflows/workflow.yml
+++ b/.github/workflows/workflow.yml
@@ -31,6 +31,6 @@ jobs:
           token: ${{ secrets.CODECOV_TOKEN }} # required for private repos
           directory: coverage
           flags: unittests # optional
-          name: codecov-wild # optional
+          name: codecov-wizard # optional
           fail_ci_if_error: false # optional (default = false)
           verbose: true # optional (default = false)
diff --git a/Jenkinsfile b/Jenkinsfile
index f716695..93d4135 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -1,6 +1,6 @@
-library identifier: "wild@17-add-more-configurations-on-workflow-pipeline", retriever: modernSCM(
+library identifier: "wizard@14-redesign-gitlab-ci-platform-for-testing", retriever: modernSCM(
   [$class: 'GitSCMSource',
-   remote: 'https://github.com/scalastic/wild.git',
-   credentialsId: 'wild-github-token']) _
+   remote: 'https://github.com/scalastic/wizard.git',
+   credentialsId: 'wizard-github-token']) _
 
-wildPipeline()
\ No newline at end of file
+wizardPipeline()
\ No newline at end of file
diff --git a/README.md b/README.md
index 7f9f2f3..04df6cf 100644
--- a/README.md
+++ b/README.md
@@ -1,13 +1,13 @@
 
 ![Wizard](docs/images/wizard.png)
 
-[![License](https://img.shields.io/github/license/scalastic/wild.svg?style=flat-square)](https://github.com/scalastic/wild/blob/master/LICENSE)
+[![License](https://img.shields.io/github/license/scalastic/wizard.svg?style=flat-square)](https://github.com/scalastic/wizard/blob/master/LICENSE)
 [![bash](https://img.shields.io/badge/bash-4.4%2B-brightgreen)](https://www.gnu.org/software/bash/)
-[![Test and Code Coverage](https://github.com/scalastic/wild/actions/workflows/workflow.yml/badge.svg?branch=main)](https://github.com/scalastic/wild/actions/workflows/workflow.yml)
-[![codecov](https://codecov.io/gh/scalastic/wild/branch/main/graph/badge.svg?token=KO9TRVNQWE)](https://codecov.io/gh/scalastic/wild)
-[![GitHub release (latest by date)](https://img.shields.io/github/v/release/scalastic/wild)](https://img.shields.io/github/v/release/scalastic/wild)
-[![GitHub stars](https://img.shields.io/github/stars/scalastic/wild?style=social)](https://img.shields.io/github/stars/scalastic/wild?style=social)
-[![GitHub forks](https://img.shields.io/github/forks/scalastic/wild?style=social)](https://img.shields.io/github/forks/scalastic/wild?style=social)
+[![Test and Code Coverage](https://github.com/scalastic/wizard/actions/workflows/workflow.yml/badge.svg?branch=main)](https://github.com/scalastic/wizard/actions/workflows/workflow.yml)
+[![codecov](https://codecov.io/gh/scalastic/wizard/branch/main/graph/badge.svg?token=KO9TRVNQWE)](https://codecov.io/gh/scalastic/wizard)
+[![GitHub release (latest by date)](https://img.shields.io/github/v/release/scalastic/wizard)](https://img.shields.io/github/v/release/scalastic/wizard)
+[![GitHub stars](https://img.shields.io/github/stars/scalastic/wizard?style=social)](https://img.shields.io/github/stars/scalastic/wizard?style=social)
+[![GitHub forks](https://img.shields.io/github/forks/scalastic/wizard?style=social)](https://img.shields.io/github/forks/scalastic/wizard?style=social)
 
 # Wizard - The Magical Integration Framework
 
@@ -84,18 +84,18 @@ wizard [options] [command]
 
 ### Command options
 
-| Option | Description |
-| --- | --- |
-| -h, --help | Display help for command |
-| -v, --version | Display version of Wild |
-| -d, --debug | Display debug information |
-| -q, --quiet | Do not display any output |
+| Option | Description                           |
+| --- |---------------------------------------|
+| -h, --help | Display help for command              |
+| -v, --version | Display version of Wizard             |
+| -d, --debug | Display debug information             |
+| -q, --quiet | Do not display any output             |
 | -c, --config | Specify the configuration file to use |
-| -p, --project | Specify the project directory to use |
-| -l, --log | Specify the log file to use |
-| -t, --trace | Specify the trace file to use |
-| -e, --env | Specify the environment file to use |
-| -i, --input | Specify the input file to use |
+| -p, --project | Specify the project directory to use  |
+| -l, --log | Specify the log file to use           |
+| -t, --trace | Specify the trace file to use         |
+| -e, --env | Specify the environment file to use   |
+| -i, --input | Specify the input file to use         |
 
 ## Project directory
 
diff --git a/config/json-schema/workflow-schema.json b/config/json-schema/workflow-schema.json
index 0b14476..4e94f5b 100644
--- a/config/json-schema/workflow-schema.json
+++ b/config/json-schema/workflow-schema.json
@@ -1,8 +1,8 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
   "$id": "https://scalastic.io/workflow.schema.json",
-  "title": "Wild",
-  "description": "A workflow definition in Wild",
+  "title": "Wizard",
+  "description": "A workflow definition in Wizard",
   "version": "0.0.1",
   "type": "object",
   "properties": {
diff --git a/config/k8s/containers-init.yaml b/config/k8s/containers-init.yaml
index cbe009b..dde9557 100644
--- a/config/k8s/containers-init.yaml
+++ b/config/k8s/containers-init.yaml
@@ -3,8 +3,8 @@ metadata:
     pipeline: jenkinsfile
 spec:
   containers:
-    - name: 'wild'
-      image: scalastic/wild
+    - name: 'wizard'
+      image: scalastic/wizard
       command:
         - cat
       tty: true
diff --git a/config/workflow-default.json b/config/workflow-default.json
index 2249c3e..3c7a916 100644
--- a/config/workflow-default.json
+++ b/config/workflow-default.json
@@ -1,5 +1,5 @@
 {
-  "id": "wild-test-001",
+  "id": "wizard-test-001",
   "name": "Sample Workflow for Testing",
   "version": "1.0.0",
   "actions": [
diff --git a/contrib/build.sh b/contrib/build.sh
index 993b6ef..5d97831 100755
--- a/contrib/build.sh
+++ b/contrib/build.sh
@@ -1,17 +1,17 @@
 #!/usr/bin/env bash
 #
-# Inline Wild script and act as a wrapper.
+# Inline Wizard script and act as a wrapper.
 # This script is for release purposes.
 
 set -euo pipefail
 
-export WILD_CWD="${PWD}"
+export WIZARD_CWD="${PWD}"
 
 mkdir -p ./bin
-rm -f ./bin/wild
-./src/lib/ext/inline.sh --in-file ./src/wild.sh --out-file ./bin/wild
-grep -Ev "^[[:blank:]]*#[^!]|^[[:blank:]]*$" ./bin/wild > ./bin/wild.tmp
-mv ./bin/wild.tmp ./bin/wild
-chmod u+x ./bin/wild
+rm -f ./bin/wizard
+./src/lib/ext/inline.sh --in-file ./src/wizard.sh --out-file ./bin/wizard
+grep -Ev "^[[:blank:]]*#[^!]|^[[:blank:]]*$" ./bin/wizard > ./bin/wizard.tmp
+mv ./bin/wizard.tmp ./bin/wizard
+chmod u+x ./bin/wizard
 
 echo "ok"
diff --git a/contrib/make_doc.sh b/contrib/make_doc.sh
index 07db161..77fab53 100755
--- a/contrib/make_doc.sh
+++ b/contrib/make_doc.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 #
-# Generates Wild source code documentation.
+# Generates Wizard source code documentation.
 
 set -euo pipefail
 
diff --git a/contrib/make_package_json.sh b/contrib/make_package_json.sh
index 4a5d5ee..c93f374 100755
--- a/contrib/make_package_json.sh
+++ b/contrib/make_package_json.sh
@@ -1,27 +1,27 @@
 #!/usr/bin/env bash
 #
-# Creates a package.json file for Wild
+# Creates a package.json file for Wizard
 
 export LANG=C
 
 version() {
-  ./bin/wild --version
+  ./bin/wizard --version
 }
 
 files() {
   echo "["
-  files="$(find src -not -path "*lib/ext*" \( -type f -o -type l \) -exec echo "    \"{}\"," \; | sort)"
+  files="$(find src -not -path "*lib/ext*" -not -name ".DS_Store" \( -type f -o -type l \) -exec echo "    \"{}\"," \; | sort)"
   echo "${files%,}"
   echo "  ]"
 }
 
 cat<<JSON
 {
-  "name": "Wild",
+  "name": "Wizard",
   "version": "$(version)",
-  "description": "Wild fills the missing link of the DevOps approach and its shift-left principal herein. With Wild the shifts are so close to the developer that they no longer exist.",
+  "description": "Welcome to Wizard, a versatile and magical framework that empowers you to effortlessly execute uniform integration scripts both locally and on your server.",
   "homepage": "https://scalastic.io/en/",
-  "scripts": ["wild"],
+  "scripts": ["wizard"],
   "license": "MIT",
   "files": $(files),
   "install": "make install"
diff --git a/contrib/release.sh b/contrib/release.sh
index 7c23a03..75d8857 100755
--- a/contrib/release.sh
+++ b/contrib/release.sh
@@ -21,7 +21,7 @@ is_prerelease() {
   return 1
 }
 
-version=$(bin/wild --version)
+version=$(bin/wizard --version)
 
 confirm "Release $version?" || exit 0
 run git tag -s -a "$version" -m "$version"
diff --git a/docker/basic/alpine/Dockerfile.02 b/docker/basic/alpine/Dockerfile.02
index cecb9f6..133f58f 100644
--- a/docker/basic/alpine/Dockerfile.02
+++ b/docker/basic/alpine/Dockerfile.02
@@ -1,6 +1,6 @@
 FROM bash:latest
 
-LABEL Author="wild by scalastic"
+LABEL Author="wizard by scalastic"
 
 RUN apk update \
  && apk add --no-cache curl jq \
diff --git a/docker/basic/alpine/Dockerfile.03 b/docker/basic/alpine/Dockerfile.03
index 8149379..7416955 100644
--- a/docker/basic/alpine/Dockerfile.03
+++ b/docker/basic/alpine/Dockerfile.03
@@ -1,6 +1,6 @@
 FROM alpine:latest
 
-LABEL Author="wild by scalastic"
+LABEL Author="wizard by scalastic"
 
 # make sure the package repository is up to date
 RUN set -ex \
diff --git a/docker/basic/scratch/Dockerfile b/docker/basic/scratch/Dockerfile
index 6edb396..9c0f170 100644
--- a/docker/basic/scratch/Dockerfile
+++ b/docker/basic/scratch/Dockerfile
@@ -1,7 +1,7 @@
 FROM alpine:latest as downloader
 
 ENV JQ_VERSION jq-1.6/jq-linux64
-LABEL Author="wild by scalastic"
+LABEL Author="wizard by scalastic"
 
 RUN apk add --no-cache curl ca-certificates
 
diff --git a/docker/basic/ubi/Dockerfile b/docker/basic/ubi/Dockerfile
index 75cd946..ccdc485 100644
--- a/docker/basic/ubi/Dockerfile
+++ b/docker/basic/ubi/Dockerfile
@@ -1,5 +1,5 @@
 FROM redhat/ubi9:9.2
 
-LABEL Author="WILD by Scalastic"
+LABEL Author="WIZARD by Scalastic"
 
 RUN yum install jq -y
\ No newline at end of file
diff --git a/docker/build-all-images.sh b/docker/build-all-images.sh
index 145930a..207bfee 100755
--- a/docker/build-all-images.sh
+++ b/docker/build-all-images.sh
@@ -2,6 +2,6 @@
 
 set -euo pipefail
 
-docker build -t scalastic/wild:latest "./docker/basic/ubi/"
+docker build -t scalastic/wizard:latest "./docker/basic/ubi/"
 
-docker push scalastic/wild:latest
+docker push scalastic/wizard:latest
diff --git a/docs/images/wizard.png b/docs/images/wizard.png
new file mode 100644
index 0000000000000000000000000000000000000000..6a47a531aa005bcd75d74f28f81d730f8a39f995
GIT binary patch
literal 40681
zcmce-by!@%k_S42ySrs@cZUH6cXxM(kl-2y3$DQl?!jGyB@o=*gN6hr1cx`d_wMf9
zeY@ZL@16P1IX&G~zpk#Xw(8T-8fx;GXk=&r002`_K}HJz080M7QIKFUM_82Huouun
zOI`|4J4tZ_`!i%~plGM63SfbSQ2<ClJOKP(64(y_Bm*G+BMboO0m=U}YzAcd7Y!VY
zh8qBT0*GL@U8Exb;a~KDu=n3933kJf{`uB$^tE+ywe)mz2Whywfp|H1Ik<TN0E8rj
ze_#;6=o$-v|CN6M+<)K!B@5vHD-5Fp@Nn_)if{>wa0!68xJ0<QMELmt)7#hBuq4zs
z3Wgpqk?8;4Kt(OOa{vIo#Zkw=(?C^4#M;f3!_vmh%9g{|_03--0N7Uq7Id}sv;_IO
zy1e!f@fD-_2ZabM{5P7D2J{aSPiHY2162)>w41vvNPvTjgNsHS4Fm##-EHhdv}EM|
z#SZ%?M&sb=`9_43)5ph$!-to{&E1}pTUc0_lZ%Iwhld?T!S3Pr+SAgP{j~?}KSBNj
zN5<B}+THPur=#0z&|h3jD>pAsF&dh`8U5$=PdPmu?fxsL*B<{W7Oa4re^WTQIk-6g
zH#S>e$Nz)vZ_5A42Gh}h7VE!d=4<)ppG^Ny#y@2Q|CK<*P|McC&Bg0)S;V>d__$yf
zC->hc_#YDfxAgxi-#>W`{y%vCJ^g?3{uit6Ye!FUo_}TcKcfF9m%6*7Ev!!dDeb>l
z{ypyB=>IB8<R9j2DC6jA``Y7g33++A!JPkV%Kyq~@PBgtTgtz2!t^hq3bRHVOHWG~
zOHW(zzfFLhOPHNYNQawOgj-02hmVzuN93<||6jEK14r837KZTOQ3Q1Uqapn}%D++m
zZy0XwI&N+*;{R*Q{-+rK0QeW#zYxHje+~QJ4E>+2=pV7LW+aXV<NS{%DUOCVZ`cF?
zKmdv|k~+S?<Il)YdU-Dnlb|nq@v8+JY0aZ}3LsQPlq|aBSD-LgoDmYbq6ujOX#c^A
z@5l2*cx-Drv6Uf<z9FKsm7yUU903C&2E~GpdaG#yhq-~$FIzrpxj#F7?7Z!K?3+b-
zb$K^Ty|i@mPw!vr>U*_#Fw<fG|Nk3D#<scoPB$w&9)!L3<aZSNT3Np-K(&LfyOcZd
zFnfkoBA@@@IjfXcXi+Q)a&FKob=4l&G1e4(cRtx;_t`z$Ii1rbJ)8I-%Q!{Ur!VbN
zR5`2bOUJ>}L*&g__otUV%|o7gEd{DfLu@*nkA}ev&U3%}djGhcI@)by@QqF^byokb
z22ZIED;WxEaKPhquG`WIoqCiWi)S3R35-qTC{HB3>iQ7iW8!D)M6EVAq3A+Jr2rDb
zWTa2d`VGko`i|XNH%gwXZ(DnpZg-$I*;KuUa0__XO-nk(11KEIp<fy{X{|cS-r`JK
zmsnJ`-ZInMd|8gI6Naz(LXd)-Fb<E3kT@Q!_>crnvVVDe=u!uiJdtsoVmh3#>-A}$
z^G<(A2T4wE<z~ytm9oh{0*v1K@S8q+HG_JW`{urw-?!`{V^@+W3i*L9A#nY}q|72+
zRJU3$wfIgPFXn){CHQgw(h<g*9z{sfAh&ptpW+-{5u#yOd?c{MydrfhSby{BJXilu
zKCfIFOdhO3m^|2n#)^OH#m)yM*1N{z1tg|DPfq}K;=e9uLB`P8C-#eI(44G3N#iU{
zbMe)Njk0txQgl~#=`sF(^|Lzmu~|<?uY|M!%$`)HU})us<#b*MRJS%S?`sJsWZk6D
z&wXY>jnxWxamH=?^d%D^!$1q5Oz5kxDBf7?kRf<TioHJ`@g{Ki897Dpm^1PDL3Fdh
z3Ci*pa38p71$&QYBj0nsoP{2o9;P=QTMzFYPlxX2E<LX&GBJWGwiydhxaTzepmci(
z6x6j4(%<gT<6@0FPks645q(#~Mr!36sdn0kFh8ie;a}t6#|F3bJf$j~ZpLCve&oS#
zJw-{tN3v$xMtxMgN*W*<;Tf+J#+BRT)f#*KI6n%{dH1{A100}2?PuZs*RIwDqdmf@
zk~*NJqvYq%(=0CCb?2|#(xTfLk_NcUJXqbK2#8MPOk`imucsp@^5C<6{e*`<d-(Os
zJ2%QN>IAJUGXZ@aelWhHk1|;;*iNjEF`(8gh=l>rgLKmLx<QR(hhezv+^(cABkI&h
zGxl;>M-{sU?h`@}W>o=(1EIjyug0JG&->R8oShvKbutIqe0~sc5`=35rD-RG^JQp}
z&=>1A9qd!i1rPUOTOY$p>I%UeZP<A`d97a~B?X8=O_2(Zn@FN8hI4=C-VylpemBzW
zvNUl&S4WxJuMY+_4NgwrJqXD$%gQh<y_W!pbHXX4McYw~<7h~80GFV~_&(0m{mE9G
zthh5gHV6@!<rw@5;+`_9x?=jCqlTN^IBp*wXNni#>pD(5yQg&KxcxvO7M;j;>+s5x
z6lSr&m?i6v)>$-Z$b3{*(3ssGf*w{@X7NFE52Oe!63}wA2$!1Om~Rkp2%12}L`Zt^
zI!_e7W)54o3clBSH$Kd{j}YICpOUBo84rbH8ePJ;JZMhUuOk_=7e(l|4kQklv;;+^
zRW|DbUH_HT>W7P>kI2GrO1i4>8a{p<L2vvtK3<AaU~M6@460$?UkMmByz+V7Zh7X<
zL=XDiV^$G~5Q=_1IyLLZ`S3l@%aAvi(8xX(%~MhZN3l@(#ubq%JR}WY@vE!M0wHsq
zy#|r9)5m~`E#LaBHP02!^s$Al&hPJ&uTfFfY6szz8E{N2hyw-GGp69kOCKXhFncN-
z5Q&6GJtPNd2Xmvthj04i*!Z@s*rqL0Xc+YNAWDUr(~3w_H#vlA9&BrAy$q~N?;hT(
zGk{z!7T}cW{srfA#4M`6+rP#-ePuEp_+~Fp6f-J?fdDS0AhSeeU@YYO2+i#1H8Y9^
z!)v&hH&ySm`>F2yFbMebg9P<1{B<kM9xQ&6ssGqRlvDw=gE+2s-=;u{o%Zpd>#~5h
zw?X<}z|IqjRY`*}T(Mw87DRSMnLt8@5K22V?R>6pLin1XEMp3pLHrs>0{g&hRg=?o
z8$Qm^q><1COm~MyQ$Mrb-2@phNVxS7I5gAQ(Dm*0M<Yk$MT0S;NR8fG@R}ijDglNv
z1i+FocBKGgvl*3~T%uaRQodvQc<TeMEYaYWs&rsD?Jrz6O<v<8Aqm)c@aCP_(zmB-
zES<4KU^53i)WQrDYJpBGL$;QQgl@sWgdbMI<!K)_+W9GNCwcTkA|MVAIv;+_&eA@F
zK<Hq;5D)sML6*!NUyWY1-pz965P1Gxy-d?u$f-XZCiH>U)Mm7MWwjRVi{T!0X`Teb
z;F!r_SNM4J9*3qZ#EefyHnc|k(wa1y{F5w(v<yW&d1I1XuGZj3nVPi9KdO|KuStAc
zJbsWdg7}ChAFSc}{eq+IUl5iSGiv(p-(>(HpR$b+WHtFX6cH?yh{C15OpwgRprZ~-
zHPK5wH&}P&d1hgXs^%Ml)Sfa4)~-myzTSK^Ul^`>^>}L@{}BQ4Ls2rpK_SfIC%?qr
z3*~F+eTp}Yi@=+Vx{$?<yq$@me&>(&!{v;yW<ZLiF|?vA@ay^TD^>Xfga(lL-Y1?_
zDGb2ax~ielY|3`i$f*`{fR~=*pWsI~e4GK<D-l?~wv^%XNB#8R`Q-CN^`jKv8%?5t
zxHde8D$PDE0tF)FIAf{-P||D^W$!@<TTZ~?Hxd1sg}G7E(05JYb!1ZOZwS(|V@y*k
zG=W}v@Hk~eg?=t(RQM>9V`KNXx%0~k-bAm9>;VCzNCxQvaoloq)<FBXXcI}6=@<;R
za1vYNdRen-#<w`1vGz&gQ|b$uaS8i$K(D2(e`wHr>kOyhfBk%rAN(5SjI5mN)n986
zH(U62^wFk;<S;L->p=0uf>t)_J|9>WD1$|nyW@*tu&e$BNj$U#`ew0AN6oS{X`W;s
zE`AF8<b#UN#S}gv{{j*;19EGmKel=OUH#aAuSX@CXX!6;t$Ba3!Sf*Fv3aO{NQULi
z4>f0Z#9K)jZjEWg(y!chPRdnGV#%n+046kI)MWgCO(g6>TPF8sQtM%9Ro+TFoT~x~
znc*lW2twkgV=v%mvCPG*vQ76TXYoI!%~Y0eCc)7%ZGB+jVo$Qf9OTA?<fag|L+URA
z?J=<yIN`L#R3UqyC;OpP5`K!$Ku(GrUib#A8Jr=+uQ>edg+!vss4A<e)eT=H2I(^0
zQ;Dd0QZh1>&!&7Zd#hi{L`CCr6FjzHBk|!gKbXb7ua;}G>ob9}P7TM9Z%r2&aV3QC
zmn)h+-t=!2>FjSjbr|orwF@~FY#k6AL(1ZWv{hupNSvhp=!t7zSJS-Gb}eL@G0GXo
zO4Y7^*sv`w7mGBXx!O76`X-jdu}9Ghm9M%zM%%?d%m9)<x?jr_0C@2h)a^nKfJ$WV
z6tq6o;F8!3!RuIRznv=|gxWDL+s9<1*d}))j6itu1TFpL-iN2>AZyAXsPufN>Fm2@
zbIv<z9CG6n_1caG`77(FSl0T3LbgplyUTa2FRUIpc;upo1Iz&EU?%1Q5`iBcBD;#o
z#yF7#oMT~?(FJ9gzZ7D2Rmc$(pJ^beRx)8Wws#>Mnp5`cG8egOn%id9pQeK9kx9QR
zTMKqEv8G9!C-;(?87q`6n_R=@Qyu>M2~HhX)h0B6&NTK4%L*D*0c=&Etj0E!i=pBh
z<Um-`te>4++6KXVlmfmcp<8EMhnb~9rm5%4FU^@_!Xg$X$GR`o7&3#6s5y;XlFhW#
z+BWTDtg0Ek-8!#(sw9Hy!fQXyQ3r*-Q8Vu;*1ios*_zG8*5gDJvJ?{!)iB1X*I?;N
ziJ=9dneIpYnv-L!z@3CpId=|WH)$P7B(0<4vqD4cizhm;XsUp9%G8DtrW}hPy%LHj
z+~67&c0UajI^Dh^t=9J2JnBwv)13i6mQCKtTC;AK^V7D?%-}zqo9PR2$q61~e+^{u
zT7*GqP1wLN5}U{rrEdTu3x$LRkP?cg7+zB|@V1X83K18C+pn;V9k5&thckt6(ppya
zGVw<>fXe9I(50H-F;RwcnpXilPEI-P!xboqOlL{5oOr*Ii&5=qt~*oMS_>uGkqYGZ
zX;}6UM8?9wqsQRr6*}PVgzE@0PS~pxvphNvf@~QlExO3^o*cv=7mbPO$9x?1;}h%C
zoUz9`?It69rUm54e$8NzM0k+_AQDpC705bJZR23`lqefLw3FG#a;wGGSdQ;LAo0C;
zIxkHc*L57kX?~@zry%w`JEolcRP{5rl(Cp?Dtw67VwZ2(x`TxY{X+NZ8nX2JsE7@;
zZN3K@Ep{1?cq@GGeitb(C2f*`Wv=sfMW6ijUdGl#r){DJIHF@8XmS9XF_)c%a6aE}
z+M34Sn@jK7y1=?)0*5!Oh|?ghPpXK7h*DZ`!%6CX*lKcu<hUS#{s0{IsYJ}B#;MQW
z;bVQ~FkA<}50PIv*}6E`RvHGoSAG;jEV$J<pMrjFiMp{|dErUrfp__dSFti{y@^)>
zb~16u<FKVplrnp-nTA`K{NCAYOPBQi#K)w=3EE9?kbwMXn<t8>MlaS$bvqQ`V;W<&
zbqE0bB7~r@qcI@iARq%#2o`pb=m^qpd_Jr7N7hgOj!G~4NhI(`a{Ek9c|~53!r(U~
zSc2h)3f^+r<D*w?Tl$GHe|B2lvdiA#?!-YX=pEXnG3J`G=1&%*tWtnW3O3sI7-;{-
zcF&kT6}_>bZJ0aDwu{T-^7Dh9cTnq#JH}oKmp!;|EKBOLuNmCuhW6@at7{V-=Yewm
zUJdvj1qXr;jWv3UMnpBe{Mu#zPA?N0k4)AiPnpUB#kFm$em}C(R`7CHxM8aN{FLq7
zI4vfAi@LYswRH01#NjtPyU)&D;aL9sFh!oD0O$KB?W8Fy{ZX5w2*3mnQj&GJUt8MX
zWz!;E?ArKc*UWt2RZHDT522Edq9v9uAVV->FXYH?J7?*&QAS#qc&ytWGlm-4;G1xc
z0|X1|8re+7%n=VMyFuS&FwQ*<iUL`kYP#a`_M1^8l3NF}F^PxHErZT)RaCQuy)Tmq
z`08Lk*^T|fA_y_?o&&KxFHG+=yIbcI4W`C#Tj>DJoLr{NG)#GPw0XEyuJ1htr$_I8
z)%CEg**$uKTg7lpN3FXGDm~@5;J19ICNqi$uTXXF_fKkQ9TAJ71kNo$jF3?8)aKd}
zW7JHGCg#_!sP&K`i2N-Tliw<p@9{7L(eE3nXZ%{NyC0lpb5A7U3gXq!McY4z!Ce8G
z_B9@2fM+Yf<{+03w~{AWk7%O;K+_3LF3&GjXtXa1GYO<b^&I);F*l_8q4-JPD#04<
zTQ~BXiN8yvRrofOuF8Ot`KND??6%^a48*;HvKkP!0fNBn(9DQ_IF27ABBTUFY@nnM
zindKt_xs9p=vt*Bj?s6A7S+4e@p|M$-z<wi^CkH`d2o_`&em27%h{>;s}Duyfa!M}
zqdqLh-rp-|ClwsBPE5elP0*|WCTD@#cQ?)t&+w?i5wz^uv-x7!KTJgf{(RW?+X>03
z+wk!>t9^oZ`mK!y;jy@a^m$xE<)BHcuUdY>aSk7yFg7x9vR4h{0pi<8!z|`6W!%6I
zW=*G?H`9GZ##jOt?m`)%P=l_kK4w+@9tzrVPAT)pf$mgF?BOaSzu(;&3c*-RyksBl
zmYODy+0Xp^rpmsI2p)moQT5rvmPOm!uoYhjGMC_V#|viPQ4>cYfWYY;dX!(ER$gm*
z>X{@BAVU31#W0eX%&OyCkx})2`QLZLr_L?@Pc{0zhwX-Nx!{L$M(;mfH*CV64XZvQ
z`1KO3;n!am>KZj(rSUlW$!k_5avmK$Z?Dx3zlSJ&C%Fc^^U+qI5^6{0AX^z8)Ha9n
z9WW-<gfvA3Q{Qs1TB;PV9pe;cx(;yS(Hz7(9C9~0dI}GvI86$Q-5re5FSsKgB28)y
zU*7aO?uR&=&0Xxan2H5Q;XPBxrPd93^iTC8CvKNR%yK@Y{POcD!hIYH`tn8pT;3)f
zEp2=fiaa}*1!SD`!T)R>WMAlR4zSTCKqDEnK~S09<9)+Zr$IvgwYh~L2imWYYlZfS
z&R>iwP{|xa&$xsz9pWq!cwYIAqx>RCFehY+sxBz#EZscFb?W7p;ri2JwN{X@oPu~b
z(RWIwKO~WLhVMR7npXwrpJ~f2PTBdToX}puMq}Emt?s4CnHWjgXVPX*J@R9ef{XEf
z03~iOGmGMC1p&S!PK;h&A+rI23%Zil7&}{&n@B&y#2%%A`gcWZW1pMWALH(!rW?+6
z$L+3L7pA@Dbqi+6X^mU`d^u~H1-N1z$B!;-!FRjB$)><hSBrtLDSLpU{lV9s&NIz!
z)0u7xoU$!kM_yK6n*tdoyq-crd@{k9=+WPJZ@x6~&1n0<>xGOeXc`$v0@M3=1AO%q
zjen6XJXQo^M7u?Izg)+jZ3N%c1nYcC4HmDmSt<y831|2jmMI&wZu%No;(OKr_m7a~
zm~n1j&4f}K-KK;lAfGye3F#YD1>oB#`Qu5JjcpWpODLn}5fNJSp{xq;Nct7sfZ|sB
zv|Ac29iEM1DItQ~9q;Lf%r18;fyD+Yf^l-N2&`jr@8P+@Y5VnhRHCi7)lGN7OJLnu
zzpOvG*h8^woIhkcmBXkV?lD1udFz6$fV77;v;i3#g7kiew7&!;Qz4EkM$z5451l!L
z&v8}KVDB>?Ve=N-UJ|k6?q2s>9vypTx!Q{hMj!MEij(sMR$h*>0(6${Q-=(OeTgh&
zEgxT=DY{P4cN^0z&;|4mu3R)tSz{F-s#?mTG0;Lb4jlT*Tgv5og-^ULiSvbs*`5Z%
zwNAfEG_u3*R@5fEPHK-4)mJO2op}ezo*!rbdXzk8;E0&8&EY6^82R~qxvY!F0H}2z
zNd+n3M-05<-e@RrO%^xfjf8y%Nde;Ej1ywo<_pYNw_?+|3hy4DD1)kK76??Sg#J1U
zsOH7cGyFV)Hy5e}^RZ2gs?7kmDDKpVkGLpWV7QRvP)-Y3dKsgF(ci|E3Y9ty@+x?%
z(Phj-1h+a$jsq6WD1Pt!OAQB#Q2x!`g~+%-u|8>g9E@bKcesI@365!~JZw-<Oa~ZH
zJH-n*A0k43Td64XDIt@dvvJf&Tm>eVYD&FTNJ^P8%e$65>*k}UZ)cV*JBOJ(GetAb
z%G1+R>8OD>Y2TiwEU`swAqI2^w#xooWc(>gP6NY$d6Jfr9NS7-jKvi^>ZBEyV!F&>
z6v9ArZ^rmzhEK35b)PcItn+2&NjcOkh7OzJD@=#jJ0BxP{ZCt~(k(VOl!0$~E;6CC
zH6oJC{<3SnGW_u&l4b!YHo7{vEkk0`8u&Z~DjL)6EMY1LM;M?5GDkjWF3E)soX6?p
z$&bF-`@e<%^0#Kbmqak6czNZcgE~;^LKKVDwq>CT({k(mbp7&1p>)Pq>g|JSdr^A8
z_39Iagpi66WwmsY;M9YP^#02Xsi+|CNV;2kpFm!>XBB^YpKf$~+iqATCESdJmKET~
zOqHiietR3?=^7@8F$^bZWHpOt6ReYMi<?M59WX7`?I1DG2{0-tvs$f)otS=q-VK-o
zopXjShQh&nu$gJ}xIFoj&!eU=r+~R8VbXr<pu;_H!KgJP(~zrYqk}i3ur<|TSS1fz
zJV2)+1Y9w5$53KK$;w2~xoBld)gQkhQ2MGBQc+-rd>d28wSTxD_AsTD)vQjHxeh~P
zyqO5yJFhe;oxdae_~-)_#0*Ue%|fP!XSDU*rsW~@9c<^DTwcXbzf=_TYLZJBjF{5#
zom_I#zFYn_{A-L_Smr&CzEQmFbDrNEt6TQ9uB}vumW|rq#m>iWmnP#M$`XyY{jgO!
zBjDmJL@^9b7B|81bQ`Y@gkuy))jLf5arT)@OVc^t8>69HmA57{I+dmZ1#d~k<hxd~
z+D#cMb!hpC;^Y;_vfs?MEvFfCT(dG&=3iT2d^;}1-~rytdS&QmUL$bH@iiFRpjCKC
z<N^~a_v#lAj-N*U1P?xGd4e!bt3WI2(v0v88<@hE2p7j%s$bhG^wR*q)b-~&Nt(8^
zuU1q^R186S!)SI>`}C)S>^~lBuq+P$T<0vzN}P4#d%GHUp9BkL$G5>7_aydXa9G#5
za#$r|$Eb_w6vB2$;Ut`1NL~E)0oGQM)R+Of+N3ksI{*QAAzOuC+8TOmg|cRBnWF_Y
zoe1lPL6;xMJFBaYGQrcQAqb%-REkGL*d{B%lgmEo)z5<4bL0Syd?XKv9YhOMI{$4;
zlgwnu{7+iD!5V2L!Vm$YFo2Vb)-oTQul4#G!{d7wT71AH+GT*hc(;qIjM~gz2oZK%
z@0HOqb23=NcYD$2AU3koyBBWz@--i7J|N+p1&W1CA0E@rOnGG`L@%%|!-DYEWdk^A
z)Tj1aR~<Uxa;26AMhn^x=sc$}wu@9Y+&^877bSkWRtb*A5-#V$1}7PXUTxEeo0Xq8
zOHBPa3%tz<{vb$R=QZ)@7Q%~+kW~$s<$>o%7-}j06kv@)05`#B>QK?G7%i;4O%j%;
z;4kZjX^2{qUE;8lW#?wb@-*;s0iKmcn>ibd^Vb2~P9s~k8^S6PY`g0h+<4De+x?P@
zxztTW;)4uP$RpI++9exCY-Y~oaxmG^Wo2WD#ak8Oqogtpl?OL`rA)$u9A1T~e)Xs>
zw*_uk5|rG{CxC;qXJ%o}+dq)EZC~dJV75O1KlO6%`0&T|_D?xWM*zRYAtyjU^l3T5
z0WGs-2lN9`lIWMc_SA=JWfj{nd2%nJutwTGM<uLvYU`i}geWG!h;^S$T^f7HOva|K
z^=9#^V?IpVeOp?H)PqC`$nP$H1!Q1i%};&_Xf3vG`FvykhuHp9Dknz6UEzDW^VMlc
zEoH`G?ITCG=M7u)*G_~)UmwM>IQc})XZs9`GN|1YdJE!k`p01<?zqG2&+I^h^y%4T
z_E6^n>95D%o2fiYM}O76GoHGs$d<Z<`T^S1(a>k$1$(`&VkVtnyX>TOdt<H8*nsJG
z_wF0~y_%Ii8xL{6GLH8H`;Q(Nrg~N->KlbcE<OB&yU>WHzBRS0{fx!U++iFp_4z3o
z>xuY9Z<`m|EQt?Ph8Ka$UqbJ50vA3k(l}tOipgzeRq<avb}HTMY_<RVgpvORwxa+M
z+jdLaONiJ5zJoY!d^&NHtvbU7Vl|%TA!joH?1*=6fZ%8Ji&wUWy9oylj*;YK>j8J=
zYFT*T+uWVH1@F45uE)d1>fcDqBE;m2x3oCS5ZteHpp7`=_aLLO`2A#6hvgP%cA2p)
z2$HLi7l^kX^$5JghU|E`J@3=MsH&lj!2gE!wxsY9r69k4+ILkS(q9pWf8)#3m4LBm
zWknW?y*&wVD!4|-+K4*-dLcgj3c=61Sf`U*wR@sP%XS_!5i9)$^TZihp{Hpr;C{cn
zL+Os?M-Ne}T3-X5so_C1<`KZN8y}G(o<aT?oZI+T7?G`X-AQ^+X7PAb*f$6}d~)HO
z=l8cN(^&B&qp+V-%^AjY9hR^O_oC0K(MLhDS3rkuAeSaCs0bbaQaweXTi*L|ga#og
zD~O{)nhE_<PNz&u619=|`al}c5>LWT<xyIlU>^!k^0X0GIl2Z7aF&F%;Twu!wv@-O
zJt2g=7ZwWsQHh7fSw=1z)BqOhbjQ`OcTvQS3gDy;G@~%FN`8fxlD;+ih=?5^2hY7k
z>sg>Kt=l__z6O(ib~v%tX&ks=h4r=~1cPvL!22+q)u8L$_EcQT<EH9OHd}*0U|5^s
zBK(LNV)<~-ur*`rXZD#J?>$l)6gYP?Ea5$RbB57u@UmS#t}ybHcIQzO|Bu>VKaQ2B
zkiO>=v?IBpp%1}xu6JISbgu-8B7xI!#iPhOV@)6y_zv9J80rYwK>I453Wxg(Y|ls3
zY&~GGvL&J)|C3Mbgx%T<F@hnjf)wIclee*GITR|fGc-s_g^YCS*kw}TtGb>?bq;YD
z5?RqOM@Eb&+ntqJz_#*Pckf)9lABD`v6W-aU6X4FvLumKsuPa2yd^RLhE?*`G+Yyb
z%5+TG3XinP#3zIkl;IGn)M2ZEU8a3PQn6e|Y8t7LWf1BR>yNKCp>|yG+!oi06IxFT
z`HytzYf6^=0k9zrt{riC#zegHcEv#O#R(!M_*Q1kCls4XDIBF+!$DH%2QVMOA~R++
zI>d4IKqW0&QmJ3zZrt2{i)lMcbwo-=CtnW{U$;g9g%*dN=6p>p<I)njbM+76<TBZK
zEeYvLzEN1sYm=l(m>++;G5BnvYbmYq*ht0DP@W_S7mFgAbhaMv6_Wu;LO50VxsE~J
zi{CI`Bb8V?LXiQ{8j?3np^d;eAIJldQHm}~j*+-gGSU%^h^f*xabLD9t>Ey0w-nXf
zTMK6~V{Bi)bg@9hn)(dp*}kfpdi_T4Q!i@MULGb%Uy_uw128*N*CMi9Yc?!S;_FUa
z+aF)mRx$Yn9th8eP=6fEGF)6$+OJQB3ZxyMG2R;4cH2PACgA5;tT@SCvCMIPmD~>e
zUHSM0P5=p4SiHlUFhH4JtXKv2@ES2hpaRGnDNS{w0IIgs9sHuQi-Ib+&9L#Bg)Agp
zmqSFNlk-GBr5-Q{uXF*eBG1iHGiEQ2(#5zRgG;r~-o_^XE46Vxe~#PTvHjIx4ZV6L
z%oTzVdUfjr(^q26my#bo@Rp0D;soW+IEZLj@0D<eE2?RtF>d{vqZ?#H5HS*=ClCd4
zr&-omrb|1XB%BM!h_NKDCP^WdmQT`rsgYUK4nA9JY&_8}l@w}Sa7V1~<&e!%do-)X
z4Wk}l8U6m$L~b(rNq_fu9%52bTiCS@p#=&-9Im8IdcHiKpFnvi`wuHf@#+vBIt_bq
zuhm%Uf_E}apd@rcl$${m``u;&V<lkKQN<eFhAyb`Ekc?TcN4v33_-mX?I=NtxV&6~
zv%tpMV)cqgsQcWzLfDSuHn@Ao#lD72MsRuG4KB%ZjM=D$kpW?wt4JgS@a6PPfHOx_
zfNp4(T4H+UGVdF-A=PMw1IfraltNV2<zYd{*O{+rg*+vSaiU1HnV6+YO7v+KJ9(xQ
z-S38#ufCDmtB;K>n0FqPbr<8PHAL+E)#kZU6Z!Gz=|;smV>sHDcOC*-2$f`3reda6
zg_aYv1|__&;UE=RI60!GAX-Q^s$#aN7&^lwn|C~nqxTUZg8pW^LUYQkI9AiBp7(ly
zjv5=$bDw(*#1L4hf#ue0<F?x3woO_l>5Yc|cLIL6;??tNWBXH;6^QOz=Q|QiIWc=(
z`{Ky{g3t>9njD5yxa0?of~01WqP*F!*<9^k7~X2edE?H+Do*0Agtu4@5o8V1!YMK!
zTCC+%78o^5s0qD)OqJ4&&>ia*3iZ;`WBGjbULCvSi~t##BTfNkn4Y;EaSNOMvYavt
z?|5+#HY}i7@=;L6S@&2Y12_ycuJCZU?H?qFsIvq_$?pSET=o@116&^ULy0v*4K%g$
z5*}5PF3YUtlN-A~$CNvc7$b<uW4;A^Yt&LI!G50?d*~}EHtZCcVb6ba^@AvbwuT`0
z@b3p0i5%yNR2%L@3~<jPZ!BDa__A^3ET(f%yeJd}Eu^=&^y8V3DvxIRvLYHRKP5G`
zlcNE;ACel!zqlc~u{<E9z8M7L%%WNfbwO_KO1`{=<kEdc)MG1=J>%@eO$wzBgzd+K
z+^{di+H?^S-~ZO*p2*8~P1i-?#cY7a1t$`Y#fCU05{e2lm4#ak7c~$2c^Te`1<<LA
zJwKGp+G>tYfy+{co%$CG$`tS0dJ1?eO<Y9mEp*(VBtCdm&5bY{^i1?6;^7^Fi0<L!
z#gzJ#==!V@98~q;tD(BB+pK>6QPqdLzmwXlZL~uJ=1!eg0f^#ok5?7HK0XlDN3>f?
z?yi#)vUA2t759<9Vnvyjl(GpTpUnAAz1ZB%RMonxXW^nB7v0V$_nELoR(LH`Ha;p_
z@HLIqB2V0LXl))>HcBfgMFv|j##Gf(wtn!jwSgy1gx}dea>UzOY<t4{IMk)Nn_=X|
z37yObW$OUps{Ifxqhs*;Vv63f&Q!&)%d(VCC%H;#Ruq0ZNDK<8Whum1z`nrYmfa6v
z1&8zS65%22=yCmt5z=64Bp<YPvW%UbM;&tfM0{r0+tTfDf<8;<)M@<=wz=-{c)$64
zV9LnXbl_Hmmp^#@Sj|GNV34hw3oR$y%=hg7-EO%tv&>8Yvn9!TnhHOihVG~jqr8-e
ztVZaFv8ruw>dq^4`p0nY5m9!bY+ww3MI3PZw?mRV?w=#dr$%zoM2^{Rwif=H&pBgi
zR7z(=#I@NO4X})F8#nJ**B-Lt@4Ga7IFaFoqsqPkg;}fS;9jXfnVYATcu~)Bbg6U+
z-&Bh_JG#R$`Kc5ogyNzoAXF!ZYA|g&KqcMr^oHR};F!`lTOB^IEU)|&w33X{+3BU5
zcM%d?;7<Pm`c7}Da>aBR?r))GR7PwX)pOw%wCDDIF*#-6@i(k@7xp*3qb_dvKEzpI
z)QgMRS1(kd=PJg$c$DrxVMK*Ma^qSCfmgtz0P{p~>|7FK;3}NUQ@SYGePwh=UqLSd
zAq9;_eVk^a*ODT3K<cp7kol@1PEjgEbLz#coFhBy-p7qLT^Myt@76-k$E`v%h8%Mk
z+wNqMpO!p=F4Fi&8T@!u^La@5+uc5_`aOR8=Pf=RduW6N6MEeU^}iY<2o`{21)f<w
zYU}|bw!=H!AX2iSVUa@7u|WI++-TlV)d<`~DFiweSsdDFo<Y!?pVlcDWim43WK79t
zyW`3q*5wz&+4!&zne_VwUkjmS-|H~-I`VLeu`4-5M|@kt+L~WEeu&@;PRh#)rViPr
z=q{7+oj4#Yt-cVSpZCDT$FKvNF-2Xh$5G2GGi5E9z3u-oEvHk~tf3!AnkfHT9GL}4
z<HBE$gp*LuL(<5r()CX_<u2EVDpcp{dk^8Pj-bOQsQz!Hf>*cO27Xy}vtmoXl>Ba4
zr8uzSxKTEhm6%vBbU)v?k(2m(lQC(&jF$(&>cpG>EO0-Ua$)kACC<z&q)5Md(Wx|E
z9m%5aK4C&XK=mt)29X&81r-)erIc|rl5#V4o&|z;6c4HLuTQhnc%=J-fw%&coYL8H
zH7=T(B#7F5<eICqSFfi)lcn_x+*?}BX&!XMmfPJ$jU+uDUKAf02d5@kOSeQ%=L^dn
znCsOo&3s`a7DZ=VAbagh*Un(Y(^A25Cr(A(85I%%#2|-|eebyWl6ad&2KQoAD6<E=
zh7T-e-a}dTl{QmGEFmmiku`K8qKV3-Nh?a17j7vGfTu9`&40KJgL1eyR$&EHICm^0
z9FePhD2E(RC0Iq>oAAR=UCQtSfytH~^ir`7=psI-;+xN#i9rJ9C8LfKuV8D+Hwh-P
zt#YU9^-r^Qn~$KM^m44F-cCow6-m3E6~D`XWfz!zG_R6u+cij#w*hYz4pZ@kd9W-^
zwUp^Q1m~ns-}6b;<C|`gSxXsNmDzl=Kn#blUTV;!p);J!8Ub|hiE-0D%<&WIqTI3}
z7AIVgW?YU)di&BhgrhaJu2P`DYZ541zWzIdr094j@!4t25YQ(9;g?WP8g{DDwF{<t
zOG%`KE(v1%_!hm29#_VQW))96C5qQ=q*vq5ATD)ufKJSj%UC5+#lX!y%~v5BaC1m=
zlokVs5+7|cO2GunN?v%gF)7+Ndq~_0g`YukD`(oO!u#{lx_W<mAz$Db6@BSb;5opo
zLFv1}O<!W|YUAv})s~D{kO)g*E#3+1r)$1wbgepgh=Wh^T)AN(Axk?W4hx(ESUkXO
z{zH_c$W!)ZbCF*~E8S;P9-T76HU|LsaUO}1e|OBrlk;$lqcN3sWz6~Y_&2U3`$8$F
zoB?mUPs)}`;ob2VEaIX#Qn7LLkGQ!OMnM>JNH0_pQu#+zN1q>D-MT7>QnhU+|Eh-j
z9jaUK)8c0JVjv@x;%5xg*%&>Kntm!D0=DYT4@?$tq=ecyD5mn4ezSRwhnzd%=&tN3
ztjtmXyg2Pr2W6u;`XatICKUg>Zg5I8rV$zh(+@99gw2oF37_p89YlwJhg!og;aDnV
zNZqqN(~Y$2=(mt^T7w~}zfjp(cXa8NX6h~N=Xb;I)<r|k<9s9(3{L9&^6k83Zvcfb
zqZe=L`#VyHX?sGW5V%T!OI%89%&Df#&jx*qk2nRA+Tzp{v9aw-n$CO8PF2-ygvYc4
zjRr(Tc8>HhglmYxZjg91(5PcG35yMiIT@Uc(FOQadO#yJlmRP1mbn{M*jKaxt6Agy
z=j}jT>jAeh^3#(w!N-v{JiySq9P^8LJg{6HqkQODXYiV>FV^)to$tHNPXqq(f6!Qc
zoCmM%Ex9B~QDk{kcpdS84dIglNl2o2e0;A;hp9wERU`{j6@DgTFa&7`GvLgP#}kgo
zDs6uJ>F4i>Wi_(KX=8zg>db!mt-w(viT?58<F$zcP{z%uXp>4EeJ=>-mgD{`pFOS1
zZSzmk+R9e`cf1m={J-C|l5}@gG_Fu$y9ATv$p@i${Z{cD3DjK};IX{Ult-lr$>k1A
z1%GIu4Uu$iCB|Y`dP5@?8jds##NAacG+;Pk<{r!pDGB*-!17=*HHrXtb>&HA6Y3T2
zB*`fQqN}1$f!K;!ypkUfCO4fNyS#8BxZG|--hR$6?f$(YS9)<miS5OBuKkTY3fAvg
zpYy!@<~N=k@TkD%_wd2}*%55>-MN0=gvcm|<7)^Bicnfa4gWJYj)jVhH46vWT}Q<R
z@dpX56&FgM?}@==Q$_50;2(ru1qGWVBB-wa44HK+6<ZcE{205AqC@sR*N3=SA_rC4
zS<q~H-Ew4`jO-{?epPx?(!?)A=Cx%PyRFHlgWkR3m0;J+#f(06j-i27dK~aj?adPj
zDi!HOFg~DywqNtEdXO$H_cscNK>2YK9&ks%eD5)&VS1^c`GzKwAh0m394`rj4UyII
zE_eBR0=aaOErm?+Sh6U}?T32%OgOdV>aq^`j&AV@tvUp<sgWO6*p91KM>1F<^BgvP
z_C<R`eZe@@!IM`95)017K4;5spEQDlgTFHzd>9D5fDPH!KeS%<S`yi+;?p-j*v4lR
z4~@2Hl1w{IzQ_61pyy3hbKexonuucI39nqHd1Q+pg+q(OS2Xbc2H^;$Ic%jLjYb7Z
zgmD)*fskc3v4@agz=TACt4nuBMi$}W2b6Ai%F#UMldv1&OCZt>J$ICh9WdGH!-%W&
z+=`F<9{4Ktb>u+?Al$rC@BXyw=O-5etr`X^59S^atcN})=@=*9Y_~t!UOw-d5%Cjc
zsbX6z2_rXxAQGAzRQ{;={A^%>gIioNhk%AiSc;Tj5sQpNhFbt!mnvii(ZeOvyYUY@
z+2;UE4Txw9q1hR$g>lWJ;0)5yI|Y$hYt5vRW&$+i23kI}50D%dYMus6=KR$#N;J$u
zzcy5(mlcNt^U2GGGk(zww}3U{bJY%*bK$QSp9;QhK;Jw#;Ou;PSX49Uh0%yvSt>aS
zrTW(WHxyC^NRw&5qM_0wfQK_(mZL55HRfX_u>&ta9hWco?4-GqKhTmi1O^CO<t?-F
z;1YS;8Drcv?@?cF$HtJQ6eYleIUNvjHJkcm5*AHcaS?kF8Lw($ScA6Mf3CG3Q42o$
z#{K@Y^-*6$@XT1}<fqBU_=Uyqcee6#X{Y4xyrveP+2Z-u7DUq%{M#s%>5VLGznk<0
zd@?pqv>SU>+|n$imQT0^#nxB&BvhwEAs^~#xF24}PXdaLLv94QH8vNvPLzdcB@5t`
zP@FhXA*e?y=gAt{jAGc7xXfrCN4w|{nNyAMHrjV)6Q@>u%N<c5&9pPjL`{5WEp_BI
zO%=K$VZVPV5r>Jj(d+0txa|VmiWfXsDAcW8!o=`8tX+?FJpN_63I41zDwG|}QM-R}
zD`~tie#Jw@x*lCe_L5(i8}QQd;_5sX?rhd%&GduP3xm*sns9Imu^a3xP$!KjuI$w0
z17P(7AbX&(itZTPnlh&g7;2$Xq;h8ua{*a)k=Rl=pc8;dh6;2P9pgWvYck%lSZI8S
zx!o}geoWJ?=@ESSy-~#b<F=#980mS)!lH@W=p%C(#+UqAE*Q4$=+2Ta_<H_#{)7Ai
z*!-g8lbF117a_`}_gvB8RhCgbDY~8YeZLiN#e{GZ8HsEm%iZ(GeeiQF3i;8_4HWbS
z7;ZJ5rPajWSjP2A)}zipoH7yHKf8Q6o4PjCKY4#+*5J!n$xJ~`b>249pqUw=g9hvi
zXa!T!<_5>0y`yG{)*;rRStNzvaA2|qn#}a4Gy_wHSyYV`<`eo$rm@dPTcHI@wu|Fq
z(5b_*ZdlWj5uZZ@7_KybL^IK|6UN3a&=P237N|#W)m5J|zGA)9H3Qa8OFJ;bqwWaL
zxJvmTq*5lWL@Le!B$-=7aWDBK6sYDARRa&kJ~>iqMq(fr0YhIS*2-hgLS;wt^`o{t
zCCLy99p#$GrrqgY@l^vmdcTvsWb%)_Y@M6t-c0GS>Y^oi&;5b++RUY^hw^R%fqkNF
zj~I)#_xL(Zv6guG7<RH38DCz7+vzLZR+}JDS87qE7N}CO(lYtmknt2r`;C%p+4#+4
zns9~{Cn}5E)OYf#lU-dpaW3lDJC*YGDlp8pfQ`luuNVpx4L`rOkv^7YPR$XBNK~+S
zRRY4lQgrk0oA1_580{}Rx@5AQ0jmsM7P8;V82fJ~q(%zU>`3Z9A!XlcB=GNfDQ^yo
zKQ5=MZrxuwPi~`lp~=s{w;M5o^Qg9wQzj?!E<ER>B?i2?KScmQzf>z6q7VycDRY1&
zI(m9RdY}4uO^bJj(OCR@LT6E)ZGUI@?^#bNjnn$Amsqs{D^_rOGEmb#I{u_V0X#IX
z=sbXS%o%o2&F4}iiXt|ak@_>h=4!F{sf8e08cfS>3Wvulah{%07Sl@t(-v9GD@Ue`
zDaKUJJ^AP#ewD+?NWi<90{)@O?Xi%|<r!Kk!h=MqKSR|!;@8g^*DkoSms-B-V%wa*
zcJt0c$Iltq;$KQ!j?lRYOJ89Ly-I^q|6+hz16Md&kEfWD7Uif%iwU&J<m=3!R<xCj
zg4Rr5i%8Z{D)jY9NNPdCP@6`WT8Yk+n-7@5Wz3P`sb8)TQNZex@qsaS!cj(cnqhfA
zQ(PMh>6O;3cpEw2X>+lRf+jzJzX}+8VBltE_nsg_9?>ve7r1HfCA~=8#9rmwy&uoF
z#jF34JfL#LNmYF*fMLU2R_Ym6|KvK3@-+NIVaeyAZqH+afXWT~T&w(C$ani2=T?1l
z*XkY8e7tk=hGP3&DH^Y{9*--(!~Qg%@F;p3tB!!4I5rZ&r9Stvq>-_y(SpKKjG`g7
zl+bFEK(+>Se+OQrWwrHE1tAm-PEU=Am$TQ<49<btd^f;w#JEvMY{cx!e%|E>R|JkL
z&+SgeJ*BtgNf=~~<WG|tMn|pv9$M;n!Ap`}z6yu`0{0Q@-*X?eB<aWkFN%^)Of#^H
zD=>m18t0G{_@?qrAVPQVK*go~&o(cK^gP1sNUD5V4rR2alaL4Vn;)nXGqYVlsGE$f
z(NN6SX`?%cg{@^N-Ih6NrN&}5kb5zjHD?81d|%<5U8=O9vC8y=V;0H8W4+;K>db-x
z0iB9`LMp!DPY1J<Kl`ce8MwvCf#~WkUk`0;;~d2~nY-?XTon8U1;(Jftyj_wMmAsF
zc5p8wyWFbjzj^xs-Fx_lRZ2c?N~D;--JI3BzEgZAN=&%;B#`1`lQ@*cI?5G3bP>#d
zd0;*-($zcrvg0D5QUa?1Kn88Z$|V39a@ygsi%6({$KG6T78Tej6=7Z0!{aar2|e=0
z*&{@AXThJ{qi)u5!UK~uH~(gm@3VTCyEW5erM~WFUnMjwBTTBk)EYWQn~pM_(={B8
zVqcBA+w6fOh%hL#YHHqhb^L&vBZ(a2M8ksZh-C9@Ld}=lv$E*kn%4h|3;t&e1|bf%
z<4^==-VB%t;)le^>Zfc(+Mif(^ceyu0l+m%!`1^CfrXmR@2oa1PuFTY!MhGVXiYzW
z9xrTm4P2^Y<=j{FoPDZK{VA+sh#T4xpJ^^5>zGOuA|RLzhdSL{ZxQj%FWvQ$i$?KB
zq!L?3%nh3u(^5na99x;K-NiXrn>B{Y(GBrR2DQ$akUuS_`XZ32Xv;!1t{FyiY}tQX
z8z=X)5l)VT`7-4+`=X1o;n~_+OYP*H`O#IWRMkNS^H<;!LwjV|y)*wD%6z#jCR{0x
z1IOS98x?~SH_OzoaBA^`Go`XGs<AF2lh26jyO$&=dMobd5Z><;8LoUEE#aD@YQN#X
zseRM3DVW-LOork9F-nORJ=4K<dcE2`X$Xgf4JA&wZ)Pv`fR!?B)z9qPF-nD8jnZlZ
z@=JeNc|`N_bPVSmH}(pjdAg$UhbRQ9%47=sGTOJUN12o<d}<v#CJ_vm>B#*RN!0oM
zmu;^QS1rcoCo{5gf?80^Zh@oX61zDrLd13uV|N!;@~fNfA~yUnEmNEE^pfOy&vp(F
z%2Ylpq5__9I?b*pnK<VovA)~0bdcMP`hA@eyY#&aLzr1aR&zVlbtBNw%&;r)7h);f
zH$lnuF%3c@<^2+MU+cNG_O@Lm89ikq7JzpueIohpySZlj9h}=_lcWo)dADTrsxQzG
zG)Hz~SN@cPtKR~czDcQ#27aLvC?-Q=Oi&huL2ogG1{?gJ&MVC=GN3^wu6W~>V-&b8
zq2xxcgsVaoUo876S;gNX{RzQWa!+5t-72Yx&D){zOu;g;*erY$58(ug^76v+%1sp1
z97vf1`BPg81$f(UmH16^BKu#04e4KWc4adiayO;l``9taoaT{+p)ZVv)vbS~bHm!D
zw79{#-Nsm-T7BA&XBQO0s<w%XU5br?FVbU@!)cZ}Dn%tEQjFH_^La61$&QJQgX$$+
z`Og!RFAr{rhQ8OanvO{18)dFxT?Jtpn?&<(*k$loeLLh$PB_d_WlsDdD^iaKAqG?K
zC)^^a<k2TeX1u+2#;~z6k11_rIqQEf4()+UoDJvX6DHjM=14^GqV<lsoCMolj#1Y|
zJ6+Pnfo4*AhXDjTP5aZ|ux<>#4sS9`+u`+>vwrzs6Q<@rdTBmKs<cr!YPh|sOhc><
zK4bN%WnGZp#C+31#%rEFOZk?*-rTp)L%#0HE+eY<Lh@3uQzAP~Vl{0*6F7?R@XakL
zRVcoyChBkyz7Nvs<w*k9{6(T+$>|Fu@)3vF@8G-FTZ{V3b0*tDirweoMn|K5#j9)o
zA}y%iv^CwbC230_9kOwMZJR7rYO_~V_($VZMn#n0jA6^TeqVtpQr2a+OQ&rxXH#j4
zuk=*`c)wyV(P_#7Bo`QiD3OHg`!g6%Wy^*ce#`otZVPyj&+kmRbn{};n(;`0wFUpI
z^{OW%qIzWQx?lfwkX8q`znC7{9pQSRat+=z=PEBe+vUN+PwJb75}72O^<#gZs~%$E
z<P4!Xq7o#874KHQAE21^`i!5pG5!dOO>s9#@feC}>CKFC;5s(p3PgToTtaIkTx5QO
zF`bXpD-5$%tMhL#TIU1bvdqqE1F!Xm4d@2L1)UCtw^JS?)D<*q)4~Ww2s>%)5wGNY
zy(*;hLQ>K+Wiq)A!z_Nr8Gw79$KxekvM{DpN0zmf`Bn3)agY(LBx`k<CLS7pE_X@%
zDGlVlW2Wf&y9DVuTQAGs=osQB4-U<FEajTBZL8auHhM}<Aw%YPUSmy>Dp<&SQx&P@
zh=?{)Njv`0P;(|n8;41!CJ-^AA@dV`qB8A15$-X~3{C_@SsV_d*}`5S$Ed_2V|1C0
z5+j7c24~e_2YgW)`o3P)5Tvx9jP=JsDttWY&DVF|^;!AHm`MZRX^3|Am=`s%nB8Xk
zn(L3R!R8ptEhv1PU!*k<KD>pWR|waHSEaJ`c#TTsXx7vw?9ac%<$|w1B7F{V-=r3*
zGHuqZk$9E1&9mP9{ag4=$NHFQCdnM~P-A0NEmPO!WeV$!rDlqni%Bru`lFNX&&YX|
zEfyxHN)#q@TUSoPFjPGZ-0Aj`&l)aEA3$|k-voAr_EprC;r%o%M|XOxhVHnqyj_%c
z*gd%k-eGiiQXB^!JAhTI%<8f2Vn6OHm$nKidW*-kosV3VMKC(zJ!ZwSAMZKf`NvIp
z(1<%?NKT3t)A#-`;=2HNV!X;A9qL?yr|npa<nKX}%bMKCG{=@#k&4{#=(cP`@H5dC
z;rioc<56yt?j3myb3aEOH%b*I3#!SB7D=DE0yc}rb(i!^Ztz7+4l8x_O(Pv=mAS=d
zfz1A$akOVv=E7*o%<13)i;-8n+Xb|sMRH-tbVn|{YMYn&sle&vMlBF(mD`5nMg#CV
zUF>rD<4Fgzf&<l5$T=4!@%%K>u@F_Ck7UL#Kc(_t;0_jcNc9k@j24}rg$PyBmi)2J
z0oEDoy0lpCWQ~!Dw>@RzzU2(fIuci)h5RYi`plbvX)Oecbd#n{LCOb3JFCBkL6<qT
zwHgSt{MKHbk)9fuzx|xy-SP8hO!IA-jtbleeB}2K9!NtSuSXCGo?&7lm&qHgk&ULB
zqto?ul4U`I&Rs4Q2EwzDc@yC{V<4cN%&BhV+ogGb#W^X*Q!2%K;t!+A{?LtsAllaj
zTHe9!6<?kRk-oIPs+@?Z$cLQc)Qa>azVShAy|E79Xr*$2eV9k#ihaJTy7l#srOOsP
z$xfvu+T7ohEsp+Z0ENB>S(mdf-Yl(qqC(UW)<f_V`2i^8A?I$u@S`g4xo*Bn8uc%l
z07#(b_-EubPHSTU%rv?b@SA2Z?8wX(^h6yP-j%3FeW29?`}VKh2+*gCb4Tgo)<+an
z@fL0Hs~VM%KNX4GV*bElejdJB5H3vjU*!RPyM50%t%6p+`qE)10!%Id#KyM-t=Iq*
zpNTZ7SMlyv+hP&XU;tomofQjOkC+K~L&HeF+HefqZ0h#eN(|_@G2r+y!(j~9k6H_O
zoy{_=Zyg{iprWq|JCCd8553_y`(E`ZCdR04)ry|m`NfrLXhJF<jJ&pGVZ1b?HuC=f
znm}d0<bk>9fk#p3H)8u1y2czuP9gF@Y6(Wp@KFNaZ(&OSINmpjGB-VN0*cLhdhOgS
z{_K`Ifnelc-(`3+NPHoE&V;<4y9QPrsSh??9WUEAhOoZKJo~-p`P8tY$`BV27{tN>
zvgGufxkSf8L3vNVDRqm-Uy9Tnj(ma}<U%C>3EPPg`H-Vc08*1c<mc^|@Xlv>$qfD8
z5DfM;-56e=AKQ*?H&p;l$^ZaB07*naRJQ#Jd<4S0;ap`|$*udjK383=c@jVfl;q`D
znS=l$AVNB}65fNUVwtaa`ZwwOAF8=g<kh{h?7ELDyGpmNxhFPYt4Vth47OrV;m+dC
zh1UvY>97h{(m4zlG_YvE-W^T1ZDZZ--qvsf2b!+4r{peqez)tvsy$N$mT?r|$yHgJ
zc+aeXbc1o0pJj&u@d3(K#)1VE_@aW<e&XX)d5}Lcmb=Znnr;Xm$gG)d80V@%_}~_7
zV{{Eqn!Df!z60EaIMY?+IrUjgrv%fI*$AnhN0<1A(~@2wLbx<3&;zK<e2DxOZ0tH5
zUcgO1_yfGmdFzN9d$jHv1E>wS#k;Vy*73iBRre1A1lkKy+tYNLKDplwZ>+fnD>r~v
zfJhLB(wXaAg9QtjHNqgkW6y1)t_Gm2j{q#GQv(}%O##N-^_);~r@d;CE6cL5sz>>U
zzcT0!JXUw*?vm?+Odpm8BY4z?(CUO8*<gcZAi%J3Mo?iHc&-FJuBJoqT=(P-x8{i*
zhYW<<A8oiFe{0wc?gxM&4=!!r)swqHfML%foaYo_2Yx7i^!-scgqd?(nu_n+vW(oC
zc>F6*fDMIUj%BV^GuPddxkXqHatVG&R^Ufv+0v5hg@4MEWVs9F`{oa8ZkYb{_N{0+
ze+cLj?~@9A!qs7x;fH7C;>@jqeI9!Nj<SM`DbD=yM3{UF?w30Ngjl321$rQXU~wOu
zi|Ef{vno+=rWs=kY2TLz-Ox|R6b$$bnyr8>bpQ|6Ji<+Wq+xV>-3>i3Cf(n#I48_9
zE2-S9Y^cN~KdEOg0C3A!hX7tI3uIUu<)|g04KDV|)=(Vw13U*dH;@m&W3=f;_SM|Z
zyK5m2%2L<zWbG9b-nP*#zY%oPmjFb2QQ;3Mz|iP0fQ85+0pMH9+yVR;tXw+@BAF<T
z75L)7fm}AZvTfy4Unp<^7{ou4+NZwCN)2hT^}$E$R+rsrCzajm<FG((Th>c@GuMmj
zdw^Ya<iYE%{(v>_d)M%wi&o<Sfbv$fvhUrTyH1qxIJ9a{U0rf#;0NqD*dk!gLSV^w
zkN+jM)Ee{-o*h?v<8$SJUq=2Iyb>E$Z9Dvsp&KQY3b(%igs%uq-1IqG2s05XsEms*
z=ycWPY_`B6x0aB*3R*9=o?(3$-Esm*yKIDdWmH09qXl-G_dbA@Cc4)Wz$06_(bOAv
zD&WSnSj5u@(N)}sR^_w;bn5ug7y+Qra2bBp;%e8CExLVp3=o~dq-GbRg|%{(eE3gf
zd~v*dkqVts7&TwW4-0%Zf@#M)0lGiAx9+}n%c%P?j-zNz$Ds$U#4}DrK31coaB83S
z=)Z8SB!M(!*fJf$xo*OOso%M`;r{UlWA4@m>+XR0KF(xj;=IRSfqT9U#%IR(T(pu}
zf_l}~;P4V`c6%P)wS;zg5o$rW>(z`rBSdSaJOiJ^=|XF2-Rl>-p$#?n=x6r3Q9LJ;
zQu~s#;&u=qePt~1`BoRYzi5T98ywCMWh|lME<U~LmYj)hYE&g^7+@JdcboNCS~XAu
zjQjIKM*JrR`_>;gQki+Sj9W`cQodZ|u`4}QAkc2zP<NZ|skwo@4Rm_}h5&N9RK9!y
z<1E*Kz3ATK$E7+&>zXaWQ%|e7&5t$Qi2orHe1bi;wmPBDAAu6ihpkq2x$7ur4S3CG
zd-lx_&YYqT_76Ju{X5Xohmof|q3XEK9|OCwr>!lyyEc^EE_BuD11&R{NOa;^U=_8E
zjlvpsv`t@0U<4PgfzRIU!ufs|Ap0nOG@f~O)g8Yyz_S-V;sZ)1-^BSij*lI&wRvD*
z!Gj=fX5JJRV>@Feu4fs82x2iZ)?{}M6&Vm2QHv;BUJZ`wqVn*_mLmhZshxNhS3(5}
z0nsv^vGtsS<@@pd5&^-$)Qa56mJeH{2usmw?8R!=d+r!@yYOsG0KnJ2PCVy2<rRId
z1A{i~LR%O?1svYh2zW^y^84`VfW8yTkjEeiz{9?k!q&_Px^|EKXw;43c_C}JK!!KT
zL4kEo>ToLoMpFfLoA1Rl)tvw>m=Rx!KgAXeBVQZ{f@1)+sX&lGbUeDvtJjp=BM%eR
z3UK1{zDq9YbW4^12#I3&XSaJ8t+2hg7F#hOvuR7i?E^4LS*VOi4L>G7eW2k^I$pcR
zBr`0<^*a0Hvir|FC@rG0C)i$aTG^esuI$F}40S*52ZG&Zv@W?)G*^sP4N-G-l;Oec
zO?O~)%sv0ysyhkY?->rK!`?->_cy0`gXx(d?=2$J^Rdmyn<1SiRq!-P+F^@ult2({
zNY~CNt;fOJQ0c!o=xRF~+FAmtuu_zI@f_+cOI+{S6TG!Y8B~@~c^E+@E>$rCNf7k)
zX3=RNAPhamW+2;AfG5^>$^u*~7-@|Gkg|h#h8eoTuuJ}$r**j#pVjR;02~}mjsrn_
z69AS2BobhoWnmxy9Dh!SJL6eht`i_}(15(Q<5}chte7ll%|aqbnZudlyg_GInXSa$
zX|%36>f416U*Rgi8hs19u+fbHpH(YM;Q7KzZq6;n^SRZapSB*|;N4C4pFbRPn|Go$
zN^L0<^2RmYh;s7zpaq`map-=F9CLxADNhv+e5^*R&K$!ZmSOzZZ3hV6^;py0x3wYN
zVzULd0OU9BsJknkQgth*F%oXN(>S7U;9h|3->}(Ln}*u_6e+IY{5-$uoYfKtJ#{*Q
z(~+sJsfOoqCeP_9bv(nGC^XS>+Wqw*H+)~s)llIYobH0Ta0Ja7MmC2Z1b6`x+5@NG
z<QTB9V67!SGwi^0miEA|Fe{es0R%{t01gv{5wrpY(5L{B<>)S-bXm9S!WZ+}0gy&_
zqieqLmSGt!7JJmg#({>F=x(3+Z0G_!rwVM@ZN9&TZZ6M@Wdo2vZ3ViS9c+0DRgZO?
z&t8;sx<OAx;7`DbwmA)kz%^OGip_5IijsTcnU!cDgqGN1#B)is7AFdXSq*mNRG3yt
z0wYI*PhM4W&wEnEz2M0ew;Vru?O_{Q*#C8Z9WBUq&Jm|Cfd$_C3qFkZ`oeR`dYtl!
zGj-ZoceVuG*l{1eA)tl25oI=lXKy2T5KbN|IU`necpL&Ka4JiCV3)ZeUF?{H=T7L_
zc1$n=OHh-RiHIX7{-ct!GPZ|qv?SS8W_z{^fO_I(XvIx3&v5|f^$@184515cL0}4o
zmz`8`XFeD6`2e2N3H$JTb2p~Mct=15Bd!3?voGm#eK@DW3p(P;`GcJIH+6s}`|Pl%
zFo-CAH3)zcoqueP{BAxsWOvyIwFFy5fsEBcGd4A2{UGck9RSF)(Pe+mIc1qT6Z2`~
z{;lYi;|Fqv!%48Weuiz%NpsV?JLlx7O<idJJn$4qa?#Wo2^D|^CPo)E##^nSiy75o
zrQ!}B{4u(b!*Naas=fw|vTHg)i-X<O2BujEV2Fz9b)Sf5h;7|FW|sRdw#2<{d!|QP
z99H40d1t+DkvjpczxB`Saf{ZYOFiz4Fm(m3lnnsDedxlroEsk6^`Sd?=5xB;B1|ip
zP9R8c#fY>%Q}mhP?mYgK3R;3?w-msvAVzBnKzq<d9h>GTYJd=&JAY>Q-CnjbrvgC^
zl59q|w}$6-Cd<+hK$lI>x)osb{$)ueFO+xu9YJmp$UhC|_#`|7Zg=%4egyBrkHbWu
zTUa>c81MO$4_Rv-DlBLa#P#I;b_TZT)zoR+0A)O5t4f7!73SL=oGTay4uTBcg~1A6
zL&*&iz9!T#05Hl{WLw~*=_b0vB4$cR^a8LZ?B=p1B(+GNQPG?Yp0t^kXMjubEb){V
z_qf#;c8>1?L!pjmVh?|3*loXSOy|K_$&pPbM#xVGfG)$A_zXDO^Jq^G;W5BAj0*cA
zinT6IvOc5gI&fSLpW56!1A~Em7(IsGl!5*+G4EFnuCTkVx4^^}*vfne0DlkOoME1p
zFCRVhV0qmWkDs{uFuM>SEbUL9Z=g>Q;YjlnF?hmma(m#M!XZCk*3LW3H1GK{(GZyU
zBo5Q)TvS`=4&eE(pV12ki~RPmqElhHft$F!MK_AKO2#(V6)4y;fw)vos`;A4QRUH1
zZ7nUZ$F>15Fr~smh8kMIBwJ3QY0sN7Qh_0E8j{ZxSDzp$twqbk9|`7<{r8C5f;nxB
zn@zI$cE~AD?{cf~mW&O~w5g9vvTQpZsk=b{z6KCbz~wlXWxgfJmLS1Uf<M$Se{a_W
zKM>wXIM9{S8>Um4@PXjeQg}~id4>S;KfSl+ZuwD7;-<r66@EGARJ2g}$e=BVc|(4b
zGel!2wdusk<M5WsQoOCw9tJRJeQ@UA@mP<1#%I=^`8-dzJ+7VSXFLA%cmu2+Pd+kA
zC#J8+ttB-=Z8i4e?F&@$>WZS#IrtNFh1s3+ayGaj$>`P`dT7ioZ*&&}E)W>z#A8l6
zqp+9lz_T|_kC`|?D3WDflXZtD)>kT9t=lnAZsT`HTn(?`F>i%Iyb*)D=>&A8PeALD
z(_*F@YVg5U3;^*xVcKKciF5bXVoD7ML>PMUn4uS-Gc<^)J3MWW8|WtP!gItrT){z(
z=?B{MKRRBCz{f5xU$5H&V0{pvycyF}#-tH0g%U}=SNw!i%I?V=EE$i1+G6y!&EMj7
zJ&h@g$ibLCj@`C}F<fhI;-EI(5hQu<^DM@9HIBgOTvI)yTW7AF+%(F|TXV)o$U4w^
z;iPG{{w#2sObxBKE{v8kaDj!Pd+^iF`&t4jKAz=uU@(Cr!qP?d6=wv`gE(4T!F)D`
z25fPDptSCUqM*=&7HDOHR)mUZMxx{GYIo2Zn9czv_MmIH;hV#<XoCQtua}%Sy%M9y
zC!-Zunc$gZyLl-Gba~v1=^=aYiXKfd@Htu!p0}~}SMyy!xlovnvIBAw{5kBw;K&Gk
z**C%SITh5sK5~GP{4)og54Z`fY`zh4029Rb?8Qhu9y1)kh&?AX6DGO*o=kIrJg3q;
z5x{)@6Dl%T65F>p&xar_0nI>f#n{t2PBe%jCe7}&tV~O2#_#=U<$8<>Ep!m%<(Oa+
z-jQ9U3f|aYi!TO2*1FM$Yi`k{c$kFW-Z51CF^+^vV2#dQ*Qr&v;^m9nqu1|sbpWVP
zp;zAnS<E5ipbJ9{Z&K8Dp!pL8KB(`7{$$VjtOddDS*S~DF0yj)=)l&xdkF6#4`T%z
z+F<#(W2<a2CQ+aEoG#Zj$tZGcc?1JJoA7@17{Hv*-S(p8H3}f3J!zl8cn!Qe(b|;r
zAp_fi=tsruaUq3$7&$#C2*RF$zrd33r*FkI*nv@PPEO{^GR&LjBL4AtvOmk|Eh_=Q
zPdcmOPDU5KeY%U4rR6C40;4VDsS+$F=MT1r3VvkR3Z3D=dw<4_&TtuL-CP2};*t4`
zIlF{sR~;u*G4+KLl#4I|5agV}43m_H@4@plRCESumjI9!T?i1tU_!_76<6Pn<_QCC
z(FR&6qj+}M1CV2S6mK!qF;Q4G^&YM)#&TCDj(-*@HvEn)zqoo45V=h!jG!yO;cLV0
z00s&SP*e|-j?qm$?ecEdhjLFRa0Q!30fPI{iWAU58F<uy5~5I?47~+YhlCCuAAbr!
zQjQx>1V_GOyc7OdJH;T3wa^H)92sV?Wwk7iq6sH#N%r7t)90U4#li`ATL!J{sr=<<
z;;5gcjJ}|1a?1S(&SzkP_sqKiS6qH;h6B4Q>WmpSJeSNJVq0J?o!Yd^I`bc?M&;~2
zb37o`(DJCGyOrZcAG{OqpR&v4Z@~&)MeBJYo~2>JY!{}vNJaOjz^>ddCL~jyx9lKR
zk>T7yK06~GFmz${k<RFOqf*=VnwifMOw(?cYfW?Mtc{oovkSm&<u!>ao?o5(%r3Y5
zGz^4H&z$S#8yR>k5D%PiV8?=(5uj?N1qd(5GT_0%5l*z8ERbUxWs2@<p<&vAM;#=%
zc*BYC?IH|1O?7@|gPHLh^y;Wn0<Xw&!q^Th$+b`J$W~`A!4E4}shQz0^Y{J?7x3{g
zx6nb5_vY@|aCGO%n6GD}naF^*FT1rI5w4*-If_Zr46In>bwQrb5}D{`x7JTAv&u8_
z2qsOVqVsv+Fk6&h7>{=P&gz(QsV<e5_7s%a{){cq%J{&+ip~Eu;<n+vU|S@X<>ki3
z8P;GBWDVX=9``1RH#LS9-PXIu+yGw*WV-`_Q+Q6m`htt`?rjJW!Vnx~fm6QLhZYbQ
zL68k;E_5K7TOp9#i!SZJ6jNn5Pf|QaJqdUQi}Ls2J8UbC!-zKC`8@{<7H}QGAOe*E
zl>ebeQ1+=^B~~LWM><l9qMHBsJ-g+1Z^2*;TFOPs7^jN@os4;x)yQ4rwGWHJdw&`w
zJ1pCCMrnHempOAfhg?ur%f}8`YZ?mGm3Vf9mf0vL5+exUU>&@npN^n=TXhWpA}gCz
z8USAJlK>>B<P4ph@C*Ru>vL?GutJQXqVu&n%8#N&X>`hSFhrjRGBsJCA@Bm&z$i(i
zO%m7w-Fe%Xdkpgdxge{)H>>4g;g_Q|chb|lCmjf({$`9M-~aE!^4i=<7h&Z1ybc-p
zT?F5p4DkHv&LJ7y)v{sw3EuHN<@^qLL&Qd}2}=gqdoe-!0d%Fgh=HOZ28l4byc0e-
zZqku)J5TkmI35;PLH?49I{<`u%Z6P|_@)lDy9ckSsavq}4kGvC8lDD_Tt3zFPV=Yt
zv6h*ZP<}PYLQfht<NDr*uDzB|E{{an0z6}ylg=kKJ~4y${xnK9vGRPOE_4v&4e;P>
zTuhD*ci<tqfuP;ld_!dPVN^2Q>vH#@UY5|+>OLJ!9$!bfR-g>5U@|pntW$Li0PyV*
zF0HT61AVE%>s*b|O3n{FScod7WXzT(e*z{8DBNDWviI;ehTIsRKe8N<l`>=30{}T0
zZ-nr9;ACMxfN9eYM;%*(qeGZ>f)?d*Xz}*3+YTFJ7!0x2q1c6?rC3<>%%^r@34P`^
zK5#MBNAYN&hLKzvp%kAnZpWzcsZYSFGH5l93lJ?p$lAZUywx(iju-2kif4-(HtMol
z^6U`5Kzq?ez2~8Zd)j$;cY5;Em28=h{y_N_H%cgevlARwI3?_bkG^{!=1OudAPflb
z%QegKN}aAeJ&Ed(ka_PP>@GMG+jB;Dic30Y&f~BOih%;&01sf}3urSN;Ms1j{^IMT
zRn0L>Z5h7T4|;fJ2SBVN>KbwhEq0BqOT>!B0hI%Ij<_EnD$fR`v|6*+6)pov4;GZm
zs)ZOU7gS|l-XxWC5Yu@c`Pz^hK{r-}BjcP9eG;AnE@^vq8Hot+ZMbE`9pEUo6%Bb=
zH=j#pZ3V~{=K^g2^9sB+)^U(2HeEQ+Wmv9Ef}Vy%cVSK+m*Af)2naHN|Hl|xc?CGC
zCRdMH10dEi>r+Sq_5GMP$c0s>7id_$hJ&DtO!1pQnfdSJ()@SU-9~x;ni?8-nO0%y
z&qa83&_5k9)=V6E&p&`VP-Hk0R_CCN1r37!dOd>Uw%NFLU1;5L?LP*))1;MvgjPPK
zcB5Na!s~Vx*bVH)>u<jCCS*$Py%pcu0C1>9lJSfTfYHadGbULPMwBTj=0nCp<}=22
z5Fld=t<H^KA9nlk9I~A+6%)_%R-^kK4{V4*zvH(@9{C=gBXS@mdaH#?X;u7!WxMfg
z^Z=fXdbAPEP7JcF0I*JGmqL6txDx9cwoX*WBxj7EZ^Igd69xJXuZP81A&zqgrjZv1
zE`E9@UK!NZVZj}M{W~70Yu7ziXp1u&(c(qIW`j9g4ZA&Xb?ST3{r$He*RV)}&HIEB
zZD8YI$Yq$5xO|EqxOThKOmBtUBh!?f*J4G@o7bm#(39H??tKT9I80_0t-0zdeIed{
zZ>=f>fFt0cCD&f@IZ$H2ru7Nc39n8yYj`#nm8T1U(1Yn4QwCmXf3-y)M*044OG^wQ
zd<||3T5!9#dNLb6nz@)~N0MKqTXk-yR8s2K@jQ-m`Z$6-3h>;IsXQCLGvXe(b<{Pi
z!7JJryg@gZU!CKM(A)6btscDw#%%iV#>--Ml@Ai=w-p=-ZvzH)i8o{7^JJsMx^`{^
zdT@e#Z7y~u@}>QCXbG;t5?6BW-rLmQu&Lo5MN9tRAu@=lq~OOfKU<3P5eM-j@c>qa
z`ReU8_m$i5W(vCYtv@#U&5`GwQ*o!FWjafN_dM_Y1s|qSd*;2504?rjY|qEWx;SHj
z-P$g^VKDkI0L7yo4^~Z>89&9z)uY=(2L@L7t&p*>W*#Akp(r9_ivdWSRx??UwG07L
zws?cR{Xkp%qTCL&*gCOX)>3>4t_*<M_fXw!!?QbC-5ME4%awV06z4Zf9zr*ngE0cq
zU=b`EXz6hB^BBPpn|@q~CDg!C-NpD(;Hd9@OljH8_o3qe(PaSi@P2U2Yl|<!bI4@?
z%fSQI)n*~ktpq^r#=yz(ScITG2*~*2nE$!lzW{xkFqhmv3)gKkTB;m?p**)CfY<F<
z`hFEAPV<{069$sCILZcivN8N1K##BB?S*f)pj*wUFq{)8Wf4<4c)}L$+GS_~KC$Xf
zz|r3}6J~V;L}vRfY`pgud>CK*7MM%;To7HQn{nE^u&tQU)5p!-b6%I*kI_+rQK%hq
z(`&`*Kua-xpV;!}+aaX$O_5NkpvUf&J#sGtBp2~BmgDQZnQ?o6f>n{fI*4a`Kq{$m
zf#qswxjpi)L#`98jb03_@Y4YDt>JjOiImls9R|4M)qZqk!}ChiQgS(npfseZ<Ij;y
z@~i0DaY_v1JMnytZ;ix(0K9w+o_!tUTuh!z>aRw(c{4_B`CSeRBLLxzn4rEA`Phmx
z!ebe%p9*nmupC?_Yoe(y1fCPn+FXlk^N78sCx$Y-Puy_#ZfLmk@b<_=gCzXMFpc|z
z9+AEeUG@85OM1mD00PS(!KeAo@Hu$%=0d!iJkcTwCO!j4-s?B}XW}zpZf={Hya_S4
z&+AZ2e-{*faHvYtk?+Lwr3zYgh6)BA)aAX;SLOHyNqgY4zD|GwyRfV*GN93dE&y08
z)X+6SD>Ak<fRWT8w7MD?iDd{m(I_@{hjX@eJSMTbYp>pkY^bS`E)5x--~vG@UtygR
z5@>@k$*yi6T2OpmxC<c2mSZf=!H~u5f=(k4U{<2F*CliMd_h3tIXnj26RkL{-A$F%
zJ*FT5(Cxh2v+V-VKJg5+Ofj~lCkrhY;Rl$0g0B2F8N_JSV!28s`-w6hbAykmj`GnT
z!FP;<(1YuLHok%KlJl$X*=JW~8vvQ>_p#m0NDAR8(Smoy06g$HY;8}mj@&Pt?$U#A
zY{<<Yn`7NTtEUSf$;vY>fF{oc#|;azl3~Rb%xhbEF}lK&b<4a#S(Tc3G00I9k|*;8
z?yx0kt;r?m26k~}YVbr-%EoRPQc&WvOKzMfEgJ?Z$|y@2V8Q2o`~VZvc22}?jtDQu
zKu;Cl^ccmc@c!^zjjdWO7gvt%iUx;BK3G_cF7b*mqE0L7mjO)YxgXz0W;fP?a3v!-
z8Ba#n9o<m@V-t*yEdM&J7kCm{ggAqUgO)JnZ~ph4HTlMH3j+!HJSfE_KhO2*Lc)$M
z$WHi(Bfn2UtM7^ntM0`Y;MF`li{vUYvmAJj|2;N*H!lTxV8M5X=>$#_K=?YMw`1d%
z=VmV8hF^pa6b<4d=+YVkAe7L8=|C&53$NDooQ>hq);bpQW-E^$QO_}%ffa}qlT|&#
zRpZB(7M(M>t{LH%<a#mpjn5~!;441>&krZjhP3!l>8hC1$c>=~&+Sfpez!auEC5o$
z&*6C<!II!7!0FSpBWVIQ{yFt#5Z_c8=7O+z2F7zZ9&cl?tIO6`7hapI)v(GApUI(#
z#B<{0X#(kV0|9p}29F-a7v$KjWe^|XxC`$j4`Vd9>gO=hy;aDwRYy=}`MF^0Dh^yt
zG_R1x5I9oIMH9B*QNjUx!3_E=@uOI6`Zmn#yYxwD=|{Dw3--F9r=RQ8OH1EW;HzHz
zU@gHLDk}kgtI;xE0YCJC);iLydC%gW_xRV-)R@A<ygyQa2T&P_0&m6kQEYx92Vyf2
z_`2E1eE>nUAW8tE3MwZjQ_FycV$X!R)G#Qr@w&b8!KDnXDC$-5+^!p-wiwSEJ5h-z
z15h(q2N<xso1t>@)iw@h$Vl|Tt~}6$g9ZfMDP=9A_9JW%3}r4N?C?zx+M?Z2lu0*q
zFVQ{bJiNs?ucgyCpE#QVOdS8tmxtXRbWM3~J@DyjJX1Rbt5L6jEqi81`@8Wr23MRR
zuy+Fhxp8T%gMlFPB2fPXi>uy#4@R@0UO@}44?iYcRpwN5$=Bg|s^vrZ5sZ9q!koon
zw6{oS%Z`g5^y2!l_1B5(z;B8irNHs{cVYX>^gOV*0tc%Kh13Fx0SH&&RM}Oy{8%_;
zK11Sr#vIw@D|OO}Lo2fV6Pd?CS&v2;2yR>O3~(PtTNj}_y%eph9=3P^JTn=%XzKz0
zb_<uYsshaT%#aP=ITpT!^1cQDxP6Y5dsd4(_b%fsx&t6cf4l_Sr?4G|ErsNP`QibN
z2>%kcFQ=|>>m@x%XRK9lA*B4x@eQ2oUt`1Xe+tP1^TGqXmw8WrD*@p6>zP2X%_q1?
zIDz!fc*9`hv-T8{2j;Q|cn^OQ+n@P+doG{Ltdu=<hbM6>y2clQ^(k!UOd^uV$pdr2
z19zg3ZvX)Pa4r<~Xp}Lv1Sj|UkHC5_wudJdNu1<?W7-1`qjbE7e|$`r@+cQBf#4(;
z0Kc3~usC;+H_^sP#1c7q;8^tl?^)ivoD;}<IfY3)kU($}$B>Mh2eZW77qGn(+r8M*
zGeS5ag=5+SyhnMj{!eUQ@b~aBUErf#xb#eL8dtzir2ZL*{vozYvCZ&Iv}qI~i6jq9
z?E(I1--7J}Jf;@l)DELW0>SC|Nu&UVrz7$k*j|Bcu@KWPdEnUaz<w0t|6=<P!0*9h
zqeye36bS?m@j3wr7eVEf*sj6Gk>jKH5)?8|VZnQVOGR)5_|LI@9sqb?!F%Ko9gslq
z5FJKw-#tEk`1aB3D{IQntsVy)OdaII@MKasTn}&^M66Ifir4u5qPyxo4m<o_NE!e+
z42Pyx%wagq-)#3i^s3FbRZplqx9=I<uIDM8u6jI{#OJCc>8Ir|yqZ*|;{mRivl}b(
zJb*<S?%vwiGhB1mzw`3W`=+CtWG41N0>O#>GA(LjEU)Do>TdVO18)D<23;4Hw(2<#
zpNqsAf#qdo0YomNltS{r;d+2AJ_6qXthTciOOrjcGj|VTMVx*3whMT9$v%;MxEUn9
z^gQcG?tyZa<Cer-+Q9m8Sa!X(eb^oN&tX@^H#@3W{=M_m4p+sZoD~2fm(Jokg3?kv
z5@4LPm1zvlkYKR1ri`koN%pNOlL!^$DQzC2y~47_CbWM9HfP#idwDG#@;St^HnDyO
zze+cXH+_e(B-a4|-R?o>wqnV!9ax5KKR;^44lmX?;~I=<#+G^f$d0Kccm)2#dZ72>
zhUB}(UBp6JMHx5m*j9Y?4BOxjMrGKfgtg={tX-F3`6YRF=x1lz$CnJRr1C(7M_JFt
zZggLnl&|0LP`<AQT=>uH2q=pU?7SY2^00_$Y(+k5%XEz=wnf+HMS&JQpN{f1zMYfV
zuyYCJ6}vn?L}HtyTN=@zA85sSn=O_1=Rke0r)3aNs7>LS9FF|+@(L(Xel!yD1YNEb
zb*Z2>t!xwx=S#0r&-+Aq+%r&L`4ShBm5=2S5m|ztUmd8UiN}vJ@spf5NT5uSFH^Xm
zm{*5rt5Dh>mIo3D9+um@QZs+Vl{5TC0|aqDYW0c?a@FKIzGX3hZ^{m^5+V3QaZ?vs
zR)Oqhx7)j=!crewQ!-Qu@+F2!5$g(F@*~|_qb@6t*9r0>rxh(ON8m$2;>bSGXv1%E
z_GXj7Vez)S)P~v$cFZOg=rgd^^PznL7L19E*JHxx8}bh_MVT}&rlA)=%IkW2^8I0n
zs~+t#h+Tg)ptL;g+=5(`x7hRNUdSPTe0xL+EhRx*%0vrAzIM(+<Ic*$IDE<^zg1EM
zBseyl!V!7Ew@Hr3#==!DWq4AP*LZVA7!&-V_bd1K)%H}Tlpe%{&lIa_Fl1~~w2Dj_
zig_zm(S1D>p4l(TC5!SyNhn$tv0<4+M;NqoAyu-MOlZR_x1B>lRzpljv?!|lD1(@X
zQFqBtOR1v11Xd6=T%4GcNz15N277Jip(jNyq=OLiU_uG89m?rd6Kas5hKhqumRGXt
zQ1B_|uRBF4VEM|m6h$)3pk5v^z?}+*y`Wz(pxNSrG%CSr&`gm-^FRW@L-SXQG{!~7
z&?Om_``h2sv48>-?sBX$FD;RniMXnGa4~(k&+TTnBNZX%Wdb!sgk8vZx*W_d>x%x<
zm}E}Av89qSh5wccEy7|+Vyv{LqlCi7Wa+s1Qt0Y=OWG6lpq{clZ3Z0=;ye*;5yfYq
zCs$xfRA#Y3E8IYrsE>Q=F~F0<Q20S@wOaI7)Xb^M_&t@pqU7j}Ge0>UGl~=9kAMj0
z8GcxCUolB}2wH0xDWt)W+bSD#r5p?Sr*I@5NFaCw-s`JY_TygOZ8!NiQ`!f87&rFK
zxQp?CaN?l#0C&5;;idf`L=bqtd$j;RMj&04?GTRR7-ECMZ3>{!oL1?AM_QZ>l8{lV
zmm*0*WL1>f`G($_4^-L(n6}IimpbnAVg{|^D(u@>WNXl(sU5`a2ZKy}Myu5b^YCXw
zzQ8eoMufRzh;^8o<w!tM3H#xop6Dvsmt2JeygV}VcJNV=lwye(3+$CCku`6_*O#tG
zkv54uSUjr#k+7oW`JRs9TACbft~<<Q0>Q&{9MvA!@c>^{n)LgvxL3DkrSfm#rv5*;
z$thdh>r5c<-nZ%{H@B}%O7{X3lu)!jq*larhkVo;(c{jn`Zy_?8;?E{MiH1Y&@gf4
zB$ZTZJg6oh8o|0x=^?gS#C;64IMCY7Nv4G<ktD5+t_E<9G$ecvTvSCl+r>#1!8Qg@
zNm^Mdpr;0#D#qLkg(9ZHnxm&0LTN7ETI^j~f?;GB&Ye<`QHgpx;SBQZM<qA(d(ABW
zUC8b+Wy-2Njx^iM?;cyWXkW-UMGngY2?P(zZK`znw=b{b*Ztvu4|a32mSq_}D(U`e
zthws*wY+&ZZsgDsv>TZfLpO_|8h9I|Sg<%*wuR=17g9X}7dO+iqbFF#v?Bk7py?D4
zpfaIK7ou7bQSyi+<)(SrOqB^wYbh@kV`U0i+H^_t!JDxpju7@Xl&4BsA~j^@RFHg7
zS`3j!f=Zg-6-*0l%hV|JQvgC<X9+l(fEA2KVe2)OsL2F9ug)}if^58e`JUf+>C!#j
z9bKQxo6WyN*&0@MF#&lI&q^EmFVE6vAiNt7_mDvFa6RYsvZlPOj^SSru*przJ3epT
z<Fdx5&-r{d*6F&(0G8pECXw;_1^7@`4H(~!Qi0Sw_DGRnM1M3{R_sureI7g*-_$g#
zkP>?)V`ZYA*z#gp^-M~*l+Z0!B8x#pi#$RM5goA&lyEw#Mgi(;Ub?5O#$sVlQC?w=
zW(0T1Z`W5b19AAP5K=wSffW8#SNC?RN`!u-=p{5$4&?@A%|~08^dKei8B`WRvj{%c
z?|gw?DoGdj*It+n;?sH8LEv7hg*;TXQA!IXz!OIv5(pll4>MQ!5pM9^ZNO8*^P<n3
z=1$l^^A&t;7gf!sd})sUj%Hn8kcP?xH1fhjap9vH5ghOz)xi*_y%s!*ZK@hgBE+3O
zNrpOZ#;t5>kcL3<tq?U^7&L37D-RI^0#6u6Z;_2kq}f0n5i3N?Ns$O^o=0F2+t^t-
zgn+X0Z_)sp)FYUQz6es@fKj+gjm!jDiD(YSR-P}B5U~SMe?Y`Cc4l8#|9^Ym8Z6mW
zop(<6y`y>Qg(MIHn>a>EIdb80MU|BOBUMw$FA9>fQ>ZGb*eOB9itR#4Tq#3<!q<uI
zN<aa}!eGn7p%4gJ6cD2aQVA@9#KRbn1d@2@F?!A*gq|~+xpN=q<omw0*53Q{y`y=E
znYpdrXQt0yd#!J+z0W$mzPtPM>2BY71iXUi`tD&3irqilx9JD)zXAbt7Xl;Lgc|%R
zb^XTZ$kU5yD+#`s?7??=W%V(T#G_Fds$1Md-8CzpYCmbj_k1(jk0<ipHABJ4iZ(s5
z@f<G;(mf^#AjpAk?i#V_9jcI`Z%pYmmr&tpt%jmQNp=c=9S_oju?e+#dfZ4vDABH?
z8pI*ABzpZpDE!SHipY;o1Zv?mNI`ip=anmrv}^elap*|dY{Dvrc4i}4`9YeA8O>wl
z8PIBeq2ru}TX-5mW(V7f(x=mOKgLakcZTl;7qqJ@%LhJ<csujcK=XKT(@FD>1g^G6
zpMgq(N1r=+{)2z~N~{9gzfECKqqs5l(|3%1`k~Nm+I!a1c)ouJ{ro&;0pQW%*&V9{
zDT?Az%@%#)xv9XQmnrP94f;ZwF(8Uhe}80sSlkc;DF${<9xB$-DeS3*k--zj1fRB0
zNk%5JOdrn!SSN86-91*k6PpGYjHA%LOM{0i^Z@%{X-uKnvxjCAm@>gJ8O+aSSdg&)
zF*4t9PD5GVd^&b0^fiT})A*W>dhG+<(&A&$XS?f(AMC^@h4E7l@S;1OG-z&Fx(#od
z)a^xQppxK=Okumwc3s!ph9{@L@zFkoXX*_X_$rX$&;1<k`5HAhLywoqYX_vtDL~J2
zkz%Tnyz)rwARD|UVhL$W7Y!02)*Ewj7G)@vSc-rs41^%XObYkX)6~Tj<fq#8$ru`Y
z^phut&=~M{C96EyspdiWfq1Aq2a!=|qs?ZEWYHMcHpAsVK-6*!>_vPKC?~WZJ#2$K
z06<LOlC1Ed^&n_8UYbNXy0EKVkK3v4Ipvw`(KMG`bpA4~4SpWyWxwZO56JZM3wZ98
zxGEoA1}X_2UEYRXZTCee?)Cz>4<8W5W4Luq_a#*NqfyAIJS13Iscu+#dbocuSaOJh
zGjxnnm=jkf9iWm?d{K7E7Q-l<#f-&IUbg~m|BZ~`ll{$yaR=lO6Z2!S!^mDm03pQ-
zGz*AWY%R3x!`Rs{)ED#8v8GAD;67+<7T9x8>%=UxL((U~pguoyG#ewwBjV*iX7th3
zY5k28%Nb+%7)}4gsOxW7kK9&q?_fV_AHwnCl5l^={DCF@8e-jk0vV_z_!CItYhU-O
zT`1bWz!UvGJh4A@dvhyRgTrm^x&05}bMaq5xpb*u0I}Lc5kzr`4Tio^BB}5~Q3Rq$
zby7i4$fSsvRA8gsB<mD%A{GG<HO3P%yrK<9_6<0B2<p>}6<hYoQbe%U^ompjvX_yt
zg<F~v1w4cWd4?Wig*b7r8G~TyT4YQDPV(eX3cvv^5*M7>)JDg3fFyV_F_QT@DuW@#
ziqq$eBj~@nw6d3%P1bBL>o@O4*iV4~?;4HU|MQMtIeE=<Y>iV@999M@2_9COUKqre
z#LeiyCqRV%akOdfqZfSgg5f*Ca6k8R=N_0FwO2xXqAZK37wWi{vds|DqmE>$eyMb{
zEO4PI#irm2@`JerF&J4SZ1zeKCk4{iaOm*%S<C2%5}3xe$%U5%OTCHV5C8|fW<(wc
zsiK&#MF8IZ+aDDw@tBxK;WaVbx?POI01D!fY%ou<&mv6Ts-dH>$c^jEA<PuPI0ny4
zyC2s*KeKSb%h$ev2FS&)Zx5`t&wc=(7Jkd>o=w-<Qn`#;<)h8OI;ZGpLsh>+WnkBD
z?Ap5LndXCdHS}w^n3MhhMX`xatcp;8c4}BEVP|~R7j5{jGV)d!0#s1hr}Q^D`$pW<
zB4~=qxOi|gJ8Z5~OGEVO2bt62GIw%J%?ZmL9-qFNDq-kk@$<NO9NE(Nj7uAkgJU$E
z<|uoP#~ezprB;q>Si@N?5}wb6$K~S)hi|qK-N8(~9be2_vo>Ed+p+tZrGGxBlocYk
zib=i3|H@q3z3FZLYTGWt>UR7xkP7km4LQ3bopaea`?^v45xgvZ!k_<2M#wBTD;2DP
ztiG&Z1}Tfm0f7G<=XGw#2w3_#&Q$0Svj%7S0aTcn*}zgpSE$lzp|Pi+hmnvuh1ERb
z7;->RM;VL;@2^=M!eAzwV~U}nML|%h<3T0@YjDm-RAlZLTqu&L3FsH`H8~pS$A?W%
z5v(g6ZSq=sfNr;@ZE<sS+kANc?OT61Fx1X*$v`E+<C5k)$n($lUq_u>gO@(If!ekx
z)!ar=p^P#JVC#fRix+iVgSupCs%|~DyQr55#N#+#Mq4t;TW?B0ig9A)B-|10I1?ui
zh!M|1Q19~?8q8-xXDegI1J$r8HbEzJG@HtN3{K=kV0X6Mn2jE;&S)qt9&9OOXd<e|
z4y?@7xxQp}SHXrigu9zY;{%^r?+p=~cikV$3{(<4mf2k=_W9SGvv1VR{b|>B_vR9^
zs<FC=f<bve%(aq>(EN&(35g*A*BO*Hu4>rep>>WkNp_2<(0DLv%*Sl<E<~8MO~wd)
zo_#ol#roMV^lWLvgZ~S*)9g7lLg?tuYNXW8?8E?25}SL<GRdO0%5zHgxG{i5%|lL@
zeIyH;_u*A)s7u~99jf|%_gvrp2|p{G(N#L08K@+9JhSa%o!gxCoxU02XA)ao1dn1>
z>0lRyO%9+g77#{bt}NzlrNzBRq7!5_6eVB>2*ntWCT@zaC8u7{nX=p$44Xs*ij^F7
z8iE6G^Ts+hqRH8qj%DcSFw77!$}q}>4Ptu8r9FB&3`P-w66E7+;vS&zB+TLrqv3n{
zFbCqzCyv`Rg-4v6G;_wYf38vt-t0YqTG%CABfa90&5wR9W2<z$Gf+wJcxN2r@#AzW
zqophHoeI~XUi^mFyb@7;lr@<u+b27yCe!H#=c4dQGG&N#m{ei_*&Lw4PJ^!JC8Hc=
zjjn<QzEGxESr;Tia^f^;F{}9}yJCi4#Fo;J$H^Tgi-Epi9?@MbWducx$Var11KQ1r
ze*&1=2xkNt{(%DARp#ZL3}X~LXpKKAG#VNLtoR2AG=IBkzWK9DUw>};h9TPPc6>8X
zN$~jQJB{|bD_`^UT(jj5P!hMJ9CBs4$g)Xw<w7bt3GM<}U3X9cqVTD6n2jl%b_zVO
z5g}rgR``(89HgD>Sv(Rj3wyXl1k(m@lbiw>tq>*L!a9E$s@#`&9%+ta#~t%XAxSsb
zN~B?8))4{zArb&NJYA4Ne{f_rurS!=zg01k2V;|s2!(%mb8Iwf-}_%*zxiPfRkstD
zfl7iWF89sP{@m&Jw9WWkn8HJxhKk9H#p_l|yEcYOQcVTnsFMl6s?~}#DmHWs4*1|?
zn>#JqjHFCSw`4A3I5ryzWJxD<AbbYY4{Zt;#~A4K#vrjuAJNx|6aE~-{uiSac#fwB
z9WqgJ=AJM`k_X1M>9ALlWXwZq;lrIBl4m++QrM0Wf;8hWF%_)*+K((gz56E2E7WwT
z+X=|Ppe|0p_%l5uZ?fLK`>fBmqxL<xW`u7DMm?w`uwzlB?5I4c!Zuv3q?L;qVW+Qm
zlFrmD(xl44g}1IN6G+2h$IVHA5Ihp3l!e0%#$*rOI&Dylz;N)<9mxojQ4BG#2r~3!
zfS@vq3Of%T4^d7E>x4+Xk7{GGHyP6r892b0I{TOu+R_*A1~<)@@l%<9x^Uso@aJ0V
zc7iidN$>=pfE~BAE33=nD^M7Jj;Y|Mwpo5C8Yomcs#=y*vEpJ^8f!yNr95Ce$1s@4
z5zh3tAxtK|*feg@_nF9z>VaKxhW>ID$YwOT*5Q%RBNLT6a!ZjI*BzxxL9&+*AwQd3
z^41*Fn$H3N2M;-!3uh2SoTC!van!h6_@ysDrOrcI3NuKlRvh=|kOta`KV1Lg?Qh)j
zFjaLs@foNjc;e4NbKWOkzPFuUeGf|V|Dufe-Gka}m6r?4iYOPAEb8(l7t0wPRv#Y$
zE8MB1+TyByZATZ4X!~%rNob#~fGCE0B!jtzF*yy$1zN)N2z(&DFH*w%g()T?(U`?N
z04U5BwTL<3b@|0WajfV^BGRl7v4~+KFssn}V4PV%q;h>y=3zX(qctI{_S@!?1E+1i
zt%Ozi#Acw9;EBzD8vW-!`syb~qXU10g1ZqlYwsAd!0=ER6>Sup)t`Yf*`Tk2V{85#
zgraS^h*QN2ieh&V$7AV7v76vzz#xMa4p1bM7{Hu!KjG78)L=`|tqcEB6LXP~vEvb*
zKAtz`%z2bS=&b%AJ87yZX!3CZK_f2PGGi9Wv<%P9dhX#(wm?EyWD_ra`wwqlIq75d
zcR?&W8)aWfaHE_F%;O(@?C<SfZAb400q|>*tejGT`b5z$RRj&{j@EL;<ZfyJEPYFp
zNRQ+e!4Sh}kRDk|J`pGg7ntN40!9lM{SuUVV20KhC5?~;1hK_j1eS9sg-hcE1ksZS
zMD$7>l(Hzm#4h4RYuEsVmMwFGs0@sQN{h>Yvc*S2@VH^6?JxQ53+&#|(p=>en}JG#
zCpQ0UM*sA=ueiG%w{Jt$+zq2@mOC#sNKt_1if^?}nglje(zBbrgi@chWj%{86o4cv
z5ti(R5LSBbjKt*3!1Tc`#xM_?gwdx@fH<+4jU2e}Goo^BC@qY}jH56F_BKgPLn7k`
z9)zS2NnwVpqZHI=HbE!wIh-332!iAyPProH==wtfP}}}sJU{mb@BG)>c1OJ0Zk!BM
z65KfFLNnp#NAF(z(ii92_U)*lhg4^@*wSe*Tb5t8v!wB_R9YQo9~uS7^(*R<nvpEp
zAO^i-5aL+eu~C$p=>kR+w?Imd9s5Jt5iEtbp6$ao>3ICyz;-6)F(geo<jKGZMn7&2
zX3zpqh#bP8L~*uZ^Z`swSOgM+e~c8^VN8tO8q?yJ<GK(0^z!^2=2Z6^Ed!MVH`*D&
zeE5BYkH7Zp8&Op6MRDoJwN+c`wU!m8_EDoc4qIWd7^4<_v6PPz_|h*GIrR~r0FM!I
zs0hN$!H6>i_koRD-!u-vifbcL7y7_clVyt&XrGGvpr?Vf(})p^G3<WItl`ixtE>es
z#c->KW5X@5JdRQ)J$DX>`~QS-eQ>qM!8dR9*R5{edL@4_iMqONybM$l+<50iGupAx
zuC&|7A4O$fjv~WFb?j3`Qb5&tG0I^eJB7H;(dL7_3e}Yg88{itmocRlpjiKv;}Ap?
zFxe{{-3H6#>Q5ol!4PK}O5AcR`yzS{S(1xD8n>JbVt|l~nG%7Gds~%p9zw`qdc!1`
zO(pEcmJFg9ito#*ma=2YL%~@0wR8O?|LqNJ{c;3labxZ(32w~uqFJ5y!I$qHjmMXu
z1aCkg;~isEC)mL5pPQ&ac~BP*NDfKs8Mw2qqsG&rJ1%^!E0jZwmZ-^(<RpSh<l}BO
zCNX$8dw9=cPOzHz#z#|=;*`n>*)bDZ>*nd9ZzF5&5ap&FW_`#Q@`4Xq$LiQHVOwRJ
zorAhr<HNQH+~s@k{CfKNOd0BK!)2h7;D$RT!wH@Dk(d8)x#|886?d<y%)f3ysG`tK
z%mqn%F3LoMMp(uPi6jZkSU4(}2Tum4HK>DJH3uIjt=^nfY}I8x5rS>VYsPegjjHup
zi8k`~DQVmkNIk<2bkTv6MD9F5IsobnCky9pT?I`aSA<_8c}5`)4yKb}p&`;8moUib
z-)@)ts}~k_tSDIBZP*M{65Oz-CQs}a7hidMGionIap4<?QC_S-ZdQxxX(bglH(Ny}
zv;>k>)cNG~!q5+xK*MDcSPv5~Gi_4n!H4u`4-A`~48j>>u8E7JHIVk$u{8>nAcb>}
zufP-{GGTE6NJocBSQ-#Xdg~dGd-g+D_+^01<)>COH`sOU6t2nU^W~&DD#&xO8I3-+
z_ukF*$I;7tZcw?B;08T0<+S+KTg}!jSEBB&L+ROCu&7}bCwD5sqV*t&OwbQ%a1&ir
z?0k1KQvwOhH^nt-$+{$w34qObo0g~m0f4jrCS$KPlC$rCgfV`K>c<xI@tLGX<Ow7F
z=_5Z09M`=joa4<J2C+9Z%u~6szaX^e!CXi#gF|H@DZrq~n}!xj_8>*JcdqpPU)OJn
zMpC9=t0XuDCy7&h-G@$ldb#WVH$?oVF^kZPGU`yr!K$^5l1x&$-sP;%m>`t!7Z0#w
zm5s)z)P{4aA$cUbd2)!f8iSE>ES7m1-$3>$nU|bgG#hy)fy|ZB98)&bQa@?)zD)?B
z!j3jXhOvQiK&={MWf(w?5EDilViqLXQ0-zr>aSe9XY->uXq7f{1}X_|<g+s|w`U*u
zKJPXA3smktnpBHkkU?65H5+R<9&`{Wm$R*SXdo=F=T!P0*9x0sWk1F=vs)c&k!(oY
z2bqM0Ex^LNuSY5ooTi1;Ow1%5<GIcNJ}d87bi;$yr6pW0fk}?iuOU{N!x4Tq8Wf2{
zp))0HF2EdIikHIQ8?Ut2)K#FJhH2PW5}by!<a69{%Z`=j`;|{LUH>(frPN-B<zW={
z3KVF=kbt<rWuN@mUoSuzjdFpZi-$?-!kj%Vb|Q)rlP6@c0j1fnATQ33Tj`^Ip)d!*
z5)itC7ziM6^%>V=7ov2uCm)I>zzu5b&jkmzNZ9Lm)LX&VqFw*0alIDE{7lPMNpM=u
zl+W{*KKkliqo(~6FvXKp1z)ISy+~Q{xt^n(p#g|EtpF*j50XsaBxp4D^w1#mbcIQ_
z&&~?22o9w}>oN9|E}SE}_vKi~>?a=_k78J$q)rfMO8+8E4ie)9&|1avrKb)v%m`>%
zbX?N&k4iZM8vM~WPhrkqs5eIY37C?mlHin_sF)_{05$k|@SNTxi4vsUiq=Y!WjZX?
zvX^E0t4D!SHc5<bIS!HBWGe{)pup2^G@`)lYAbuCoWi(ruvlbN>AB;>N0A!+7&HYj
zNT}r%9nFGa=u8W?WP^~@PT+>HeZplWRf=zm&AU#TU;cKsR%seCP)Tqa&eFsjf8mO=
zpGV<+1S>xMShot1J3PFs<&k6w-0`8cncGdaRhHS~T~vnSmRtvsz3>f!J>ocP2``PN
zlMoclX5-k>&dsipM+`hL*=jZ-rWKk3#zC87a)-@0&V7aTSrDWLuP{PzY{WG#g%T#h
z3PC;FS-`}jeX|VxwZHu<CqGqysyGE1s3bTACuzMYu5RkT4kEb`6|5g|=QS@q3a}M0
z6cV`O!`El3amY}~Y)puk$VM9MiWF!R#s#5eguymNq?sGBh;0;Ms_59-%Ju|>i=)uc
z%N{xwh{AxCoMU07#vf>$#>@|lG#J;M0Wz{TBMF;u?D%j@z77dR3KH>%6%dYak)0!}
zXO|?}=7)%U3obQepzL+G(KAp<aHF50gUs*z%g))i(l;MPNuu~{<FzUlX6jRIm1=?)
zZ*YjZ+~JW{KajP$!H#h(qL3a;l&3*#96H0~BTF=vkhjy1tnTSkGH-fvvk{=vL};Td
zQzk8-2J?|qkP%&CH2T4)sS$*c85jTMLNg=r*FJQxLP)DIeOwZsBC?;3Nv?(!nBxG@
zH}`EhdFz92sLd2*ppxJeovg{JwwuoWI%*rAD{k-&C05?7*IelI@QN0>&|*cax^@#$
zwv`H#wXn5a1zVI|6JA(YmXhvn=~&7F=@3CeKtj5kC8axEI+qY%LL?WYySr0rLAnH_
z`&)j*_nbfQ%$&I=?wM=ONzZ%T0W2m>Vo5LSFtyolEwM$pzEToaPA_Z$0IGE*St%_y
zC7R^IqHtiSh~hJC2ATQ|N-w7*`qM<*drsZv4O}MXK3(Yz6Ed6C&03~VBK^BJdrtQg
zV$^=?YMIhxh0LhbqUeusndHDJf7gAmLjdLu#vDk~n}Yb>*kb0VYn1wg@^<s;5^=%%
z+-9n<P~N){KF8$fP#{y}JLl897woK`{N}-R0!pF;i%^Y_*2{kT$*Bgs_+=j3DzvRy
zO1_$LTzQ{<lkN_-Iz_GdX0osP$J+}YcPU?-R%L?=^YxXSl~t!Z3ZrPCZ9!ub%b{GV
zNS(CkG}Rxjyy%87aV0Cl!<Z_ye5LQz6umsx*tH+#+(Zin<A`uCy-0x>WGB8BR8SM$
zb*dOs|AFY|<(B~4A2{{jh?eh-Y0~GqLZ3l-3U|@$_lQ2eh=j4MlFcg|<KG~^syY;L
zKS{ptTb5DQqPb-FHF3sswg=On2w*pz!I)zA+<5S15{b=td@SMfuIDL3<5!?C+N3%(
zphAtH4fQ9NAKDoEF1ZB<EMOj)TvI-bdZ-|<AuO(E)t^_|mzMjD_>~rk=$5r4Zam8;
z9^DSuJhI8}mVCMH6Z6m4bWebx+up^rYG|&yaVO=M)F`5`8pUqd!m1(QMk_^*SC83x
z{8Uflvd2+0c>eAaV8ME$3;45RG`k@Y*Ryfw9cf~(Um&(px)cGm(NDQ7%3xiVA8VAH
zuhC-3U<WpzMHiDR(dC~%razao(HNIjHN;3>y1Yy7&!%W0l1$O7D;`FXNyV=nx|9O`
z9vQ(tuI^Ni(;J%<N`FLk8*U1+MBO^IcR;O51X8V17CZT9#vxgs**S6n>2Y78i2xpW
znm@DQ7>TU{)Jz#hvU4tSinPX)5#{zaDu5UkIa8?z?0%r@Yq?mZiO>ipo_Lpln4=nN
z`nRPA1~C0i{HJCC%>yajmtb66T*JAqj?xnn`JFIRt0wvIU^3WavF%LHUq<~cw3jKc
zEkZG64o{<+&5k6w;GXpzOqU6cYy6XmsWdIQB5N~zYhg>5DVK<EA?GJ<KO`h9jQ&Lp
zPw1qbEcd}=RKsBYl!(Jz`@WJ(!q0WPPcrYmcCxc-vDr0A=5+eT*XpD9kyaSMz;Av@
zfA%XL`z2L)oe1ndEY%IP4-xnfw?R_eH-NCF1pL0ij^}dx3np*%om_v^bXmm3i*uaz
zt9MsV;2X<oBAGe(F0%UBj_nO+DIHG5XOVFV^9!m*s7S4fe4+2z+w4u9{|__y<U1Kc
z6Z2(aCHFwI7{M#)QVn7aQq+6v+)@`waYK53m{RpJrTHrORWXQn22}m`gN0e#=NI7w
z**FT_)j9jj66{&$ziY!uW6;dX-C_kMh*LLtY=rzyS7)bcXK#Tq2C8sfCFh0FdE8-7
z_i2AJ%W`lH6~cR0GfJWAg=XGXZs3I(V^33-4RLRmbxoQ%#p|r|V737<FG_40DfN`r
zx_Hq`D-tND7I9Qmyh-(Lrosn<Kpu7&B)D&55UsN}P|1Vw)@wc&6Iqfg&*f`gY4g=h
zfATV59sm42(Yt=PzuefW+ur(~vv3L>2ANOm`YOLJ^kjq#-pl31fRAIWuk^|#_ZL!-
zyO|Fm&htf89Gup;<awr*+R05)cq|m#$$1s$rb6;sZ)Fs_o;R+~&pQKsOnA?Tn6?Dc
z-%1($hJ%Sp4Z0Y3UCoZDDFTF(dy^3+guS~bBQS?s^ZRCJ)e&K36r@i|>C8v#t>Tg5
z_a8|&iJ5p#o<lD}B30t*sN_c|<PU>}9)1^8blX<mG7mlyX)L#MxW`&EtL`N{52p_f
zg)1shBg3Qv-xd^;^>>2QN%8*VH(7JRMa<McW|DSMPNH}2i8f|X;t+HfuzxJSknc{{
zPIrXm<rz_VjyTf%_qRyo$*-Ibmq{MA(s?2~FVXS*4_-y5k~uzV?GyYFgRca1QKcQ3
z{+K!0GBjL7R*<PnVKCELfqK@S#gSHbODlDPC78I@5&;3%&fB9Vr+h$CZ9>W~too?=
z$>3>1S-7{C!il0U(Y*X%b>0eCWQ^^0Fq&VnN6}O2Ggset-rhZhVTeCYjiY8Z3Tc{t
zH?yk#%}!@;;^F?WoKS#Lccu0?FW*Mpk&orCZPAs_GD9SB*|k{wX>CL$ihHrbO9{~-
zj<sLR?ek7m>AmSq#F)9eCfMkw7o)X;Fjxp&afcVc;@<-!1aHnlvigV8$ILM2O`&+J
z<OvZ3YjFc@VHfM-jbxJ2nY@&lwfh%*Ww5<VEH2KeCR7&PvhBE>!SCdKW>cEg8b&;0
z6;;;Vz=dv5QVfy=tpu3*wC%1}w4E&hi8j#hO1Dv)RcH(lMitH`@%)~q6jr3Tl-i-p
z<==SLSh)1jclJ>e0#4oNn$b!`bm{NOK$q^;*4RR(|Md!*s0a>|+Mc}@WkVY0dm1+u
z`h25uX9(C2Tm0LJCH+8{N@LQ;5M$E7IL3XLe$)6K3JSM!&y33-HKY=MtU66oaEKu|
zz2v?wN6mM#_R=(_Y!N?%Zf7Q=-h}7?c|m)?VLn9P-AR<pCC9@_BHQY-gfrBxzf5MZ
zgZpGyRIPbrC#z#%Cw1MgIrjX@ZB{!4qeu{8GtS>W1QW-nk_WJ6!t2T%k=P9ZdmWN1
zQ6)u>bd5(UfRQvlclaKvG|SqXs(aXIDsQ96M~Fqw?plx;I8WVq{iSR3{XN8>I|gmY
z_Mx4>4I$a#csK^wfs4S*rSn|L2#IbU4aRvChdVp#vLzKlfD!Mlz*8M6LgG|Q(g7Cq
zG$p22He|>e$IgCBj;ns`cywpQ-&|>!AD)Igx>B_XzqdZS1$TKOHH~2+lDQH2#g0=?
zoa&V4=(88=GuIFP22%@c(r;(}S<uWMd}&^}U$z^2eeY=WSQ^!}AME9DIpQI#_uc8W
zkN^b4sc<4EBLBAIS?w1*C)M_lyn&c1+IJ^G6F+0=0?#ZJg+3IiuH>nu6t4{nvey9!
z^@mNs>+R(om6Vqk_gJaUFPNO}&g*C1tE~ju+)Ka?1?d<@9I7YzQgX)!BtB;5JgF%M
z>OK!yZoIc&`WK93+@)FK3d!9%fD?!eEeG5byfbo{!}UAisKEX6KILc?Kk@z#=D(2s
zu6fpaW_IFf3cngainup9PB?C$`HP;I-O_=4%TddL3+8-gS(SZKpL)vL$aNFxF>Tif
zcuv#bg_fqd2i?gdgJaEGwa+VG<dCrexW^T12nv<^)xkePPVas$l0LPKNpqV+-rrO3
z+2lHHX(M9>{jmfnavGOfPjf%}U#ONogT&BwdkeR1@|AkgCw&@jH(c8?%{x&vplT%N
zGl>&TN)A?y9Zg}-qQ;@W%GHSl@wUXK^SVao$`9w6^%Q2{qf@f`MkOu%TQt5IV>lqd
zG-8&7J}S-emGL|_71G^X&hbBvZLhcvLcF`V-kX62i+Y7e+eWXyQSB_2Ag5#hUYk$x
zuUf)FI@$5W9=D6sXzI9iPtKgiZ}7$li7||FK<Wth$#_-K-n`GE2klx)y}1i{aTQE-
z{E}aZ#BZ8nXFt=^^l&|M2ZRob9{<X3z*#>9Yg-tYjNcHy)nPoDB=0A1pmKOzuBY$U
z#abjMznM6?r;m7f#*iA)^W)}g0@|Bw(O#`R9#Lsfxxc2Qe@}`39UtM?tG76CS-$ji
zqGvgLtVA4%tXNXSX_bVa`9#_5b^w#SxUi}1wJ}9&6-nH0K+;x%`4pA<!WGe2|AeV~
zG_dH{Y-kjW;EcPn$(X3PpM}@?ChRqisDk!})_%X3i*V0x=8F_l{oAdN(KyTYJ)YxJ
zcU@^H`WHmxVwOGLp@czL!*i{uh|W%vH}Wdi$MLesGOgna+~mHlGxcX9E1&)$RDuYG
z&g#kzmOXu_t8gGmC}2RKKM5Y+E_#p|b&kI#^vx$riDaEp+7kBBWVu}9G{ydk1VM}$
z_Axpwx87tPSMGZsq)V8{q>yg$VqK<$dtgNE2ZK0_P5;YtxL9==>7mFySqiQ3uwq0-
z5UW*IhFvBYykOaDc>pQg+tjlPc8QpXypX5mwEyCbhmQ!)Pa-lmWwrtT31FFK<g|96
zDW#_3B&h&|6y$s@xW4{5_FsNsGf6^U=ZGZ;ZH<bqy4gn)()hl&5#I0wo(4_-9pJ;}
z<>T~&<I-~QTv7cRH9Se15T`gw*#*br085N5*d;b-ScVHpRF{*hX%?+;rRT&VL|_4^
zD(3xEtp^iKES8)6Ag4k*rO~voe0AKVzgO3hKRl9(s=R7PFHIN@4cc~(j<tJ$=D7N0
zm=5A-WU|bF2GF8069;Jct^By>#S3kG&(QWrPd!1}hX&Y5eH4;)LK$;i(WF`7chR;j
z+<ZdNb(4{5Nc^g;B%1~qxoCRj($F|!jLNM>SCu5QWa!0wJk}owmYhe#lw&oO+t7+h
z!@FOVb5mIT>gk(Pl#iv^uu!pDY3{M8jG`?**#Sa;>KzenckEjC;|g{}q+wi@ufZ4G
z(EHRI871XDdlY#%y5%jop?=DCQctxU%CG9pN0N~=-VU#;p!|<jr17^^C;2x#LL;`D
z$*Qpdfl9`@4qIW};l7WaBhx<^KQ`r6+Px|EZ!2=puJ9Yuzq1ISuE42IMj1=BTW#F2
zt^#yf=fnc9Zk?@E9i*+(!3MO&Wn0(m?Rt%)#k3%-%wgR*I?Ir!p)$wWY<{Xn*+BM2
zC2+&uG0N1B^2{X(QtBBCzt&%SDM)3#CklBgBp^jM{RD1vqYwtHSH8rwf>-j?#90XW
zEf_1+K4}PB%s%=DLUP_D0p5Fq0WyZ3bAfgXTRvdWAJVQe34_p%?f-K76p-Z-=hHXg
z;A+t!eYTEI61NfJ9xLL08e*;V8>b_>iwRK&DWwRUOFM}d?19y)AGDYSz)`EgiIn*p
z;>2mpw|GIPj>TVhi^eqwO`Ne?r{ej5QfaT`M|NKN%cw+^{5yCmdk?ZtSzi7zY*G!t
z%SGH{cme0e>RrNmTGZpp8}L6x3O9^WhQYXB2@<jBP3HkCN%p*SGSqoAR<MMBGxk%1
zFd!3tH(S@OM-O|+nxc{~Y3nX51)q>|Qp(UF2o;(4JalJF;17{LuBMR}n4s3j9ME0u
zeiPzSHLF;4Ca5oe#rW6h=Jj{W53L9dn2fG{!NJR8eu@lFx8*{+eJ%lFkwpi#j^7fG
z5$<PoIX7s&!THyW<%oicl`)vS4X~BSE~9saalkq=_@Rn`HD2#5jFa|$GN<BM)S#};
zcR?pUp@su9vrJclwo&aMt1QGd(c3+3h``B^pa_!)aNj)8NU-fPd9$sfuG!#ORh3!-
zK;gS!A%fd$zn)!MZ%&&_%9OQ_Q8CUDXw68HME~+Xv0Aj}K=e;PI9<sik$SCuQ-zH<
zw3fEDKJIMdi`$QtaSvZ{w-4-^F1o&D?XM*xRU!*?WYHm;Vobq>#%|Ke`$A%fgh;x%
z<P(hy!F&$he+3opq~ZH-6Eb^4Rp4!}J#@W~YCbHT(3y1KmpCl$aS5;$;JCBt<^m&f
zg908NARa+}4-}DGG{@3r`=Z1e@dPgr20`ll`ha<U(x~AbESfr%?<->yhUit16#QYD
z04UAhbDYK&vvPRJ5tsl1Ic;eq&blsYPhkCa=yc!I)QZ2S4=D1Dc*k9~%ns&BN}r+z
zmu&DLSkr|R;~>xZ(6+EK1IsodP0PS(*6xU|N9R0ap-bU2pP)8deH7&vJ5$z=D&m-_
zKE8GXkvslIxGq%l-=ceMW;0edt(sIAD+#x<G2>t^<dZO%aNM{7ny_*6LqaH%oPy!u
z=G<-Q@qa?!o3Uuj`PxmFO@A~VgpxhcA1ov_Zw~OX0#KWk7wpEG5e)7}=w?x1?-a+x
z`0%;EIE6T=F+}e)r6PnmlFF|Up7C{3#N#3I47?KOmpqEc(GFHw+DM{{vuSoz^fw-r
zOMx*0w~eOxB%zaWj@Ga4V4710c&^biG%^JrGr$9=Jm_tQhAg?c!UC=W#cz>k!ZIeH
zg>^zgW+1Wo&yRP*)9(*cFRIU5-?A4vCOsiMBVj@E0MDS(d1Z2G_RZY-;A(D2tlNHU
zn^Fv=Ija?09OVX?gJqM(cM2je^KWt=kY?WnliR3^sBuK4t^1mqniQHQcE*r*TZfXh
zjP6Ddfu~Z~M8ft645>6*vm(FsxV9x+6MHNDo%4_xW>k;ss=|tCt=EI8U4})qGe4l7
zjbwk}@fGV2KP>a&=Zwdq4%#T%EMtjj>J!J7I`*KpGk>`haKXaZQ9|fQ(7=^IN_zK_
zo9LTnJoTZn)(fJY<qf_9b)oZJx*d$P+HO<jd%BVO>wY<knw!n$N!`uNpr?E7mvxAH
z3B2=lnHpUNQ#U4Y*CxXHtwwFI;?%J0J!ZyV^}JLU%&%4Cw0sfI+-^z;@*&@9^R>Pl
zxE#>(6aivAO~{0>7XFOm0m8*l%kmU+*>?%%?|tMgYsZ$%)ghYr@|>R$Lh|+*`{BYF
zhZyjXwwupAIA_o+lfXxvfLE+lT8kl1j;cdQ^IRc0i0&%yyW>&-KEtS=-a9GpkYB+a
zS<^U<K+_+>&q84pxgl@-$fct9jRa$*z=ccx1cz8FzAk={?kOEO#gjY~imD=XpFrBF
zeODb94-<)PtV#O@1BJh!7)8=MhM61f*hQutik`@0QSkEO*6-SVzD57pfh%j|P5<!^
zhY<iuxs?(G{-#vvMqlXb27XBnqGeCB>pJ~||LDqc{CWb&BXEqZ-=)|$$WuRiS#Q+y
zeqt_eOF?HXr@f$kuGVrj3`G(jhgE4hpoH1Zw3JMR-f4ka-D9RPsJl#g5;7Fv2bza&
z8Tnq<`+OJAs`YDHX)xBfKIr+DH(ak9J&qizg&H~7fu5zHqF2P=hZ+VC(8^h>4u9~7
zKR{W3l>f`z3Vu46A3GeD)}=w92s2RTos0G#8VS@pnOJQNppC!eU2#7;lx4Wc=XTzD
zvX!k|bjb#c9V?z&5N_u)q?mPn%0MNh0%;hTsnka)mu|a5Fs6I$Z`{oteBQ~wn1_a~
zRZhDV{EY{`gwD&hpl6amXaqr7e`b)36`(u3N%P7qjjc<4G?`re2e#HPOW>}0hvbAS
zcUf)K#{2nSCKi!)0ry2)eNcv*^SbQDzPtTa%hhAZ2c6)E+>+?mv3PC{ZB)r&+bQ!y
zZ>o5rUd8JwIbiIOIb9LS1cv;f&bzB_4S5)Hc=cth&3k`#Iaa+cGl*pbb+s%bx;+fS
zKpp<27VO*^Km1wSQ>u-UmpZHu!Hm*L^cs~0rV>_?3!Acda&t*Cw-=5}&rTIC-_+1u
zV$SXd=KNWpHF=u;GwI~ITcr~Bd*rTbzp4IK{6`4)b7kV;)p2ik@P?xOL9dLlr=qH`
z9%Cux31W52$Dz7W;PJrBsIy4=*wGE85EviIf5q`R&Ddq*@wjvAFR1&Z@(v2wl!XNk
z<G>)VkeBXk{NO!FGx22RGe#|E<6FbnlfN8&lC3bKZMF}~GkCNXPd{Su=jY-AUaZ(y
z+xMd;sI}mYYb<zpW8A6}4p=lDoAZ^AcJ)LYNd@{{{w?ZNGk~7-Y||eT*=j<Zr%?{d
zYr41umPFNF6fx!ipU9ZzNDQ%`JBfYhwjezJdn6m^)<Uo%m5M#N&gQh}+vK2wJYT=&
zC@;fE7t#!)$UqqvzfjQ3vQWF2+>QEe%#K4%T9usTU`(*V`pFwS{okMVt3>1!n5n8?
z0QBx?eBX@(P)XM9H!26pIhI^~hkP(-_n$!622zc-52b#F-YEO5<_1=sjS9@UdW)p#
zcqqMdgtlrfFw*4s=qq>>dQ(%NOSUf6Fw{R@Cmk8;inp|43w4cEo4M?uR4J!zC9vgM
zeRaB8dU~c^nWP`j*u(@8NzBWd)@Q%~1Hi<z^D8l4Y4o})(3!S?zLK0^1u9EWwE@Ak
zt~tteAo}-Wdzv50E^~x!;Q<qFhZ%@Q7JZjD9J8IUibxAwD&E^Fh!JUjFyS%%F|^*=
z3p!W+xv}19ERDbWD1BT5Wng9rD2?<nmq5s&&4;DAM@=bW!QERV#hh3ki|@8Ep2Pm*
zK^LC=Pt_^$gY`L4eG>wFH{@7wJAA1#I^R<1Z0UFX%51D?-LD=cj%Tlt>H6}`g_SB2
z>G6n$=iwOtiIB;Agc8p@(jxav-lKLWWZC@|@vs=B1~-6Ei|OzlE&8doJRY%K$o_7R
z&{T2;=4O4BsDV@5H27iVT&LAL9qF8ef#AYMm6_U}^DcD#ye&N1akvucHxGbsYBKH$
zi?NboV)V#=SAU?FM!%d#{dc;*KC5^?(k}Rf9J9=oG>_x^5l#KR_tiioHT0$TJLEyI
z%;zEFFBviWsKxTWBVG0DM?NDz?%6k9DIDH;s(o6y*noM~a`PYBqqY<LKv`V9`q(h(
zu$|LsSI<<FjxT5<g1}XnA6Ohj;>Q+QK!0=R*j98?evQ^@XlXSCqtB&r^0(e>Xi=k^
z_ui7Y*V-nfwaWhU?iKLj%VvRJ?D-DN1myU+o+?0bZ1GM7A}Q8(MVq5mWc$kje)|x0
z@7HEAv^%s2*H87}IrzcdV&+9}yOSC8|3Cfhk64n^_cmCyrS|~TrzEE;TP|%J{6E;c
B)-(VB

literal 0
HcmV?d00001

diff --git a/docs/src/lib/common.md b/docs/src/lib/common.md
index bb95253..2403f4f 100644
--- a/docs/src/lib/common.md
+++ b/docs/src/lib/common.md
@@ -3,4 +3,4 @@
 Common functions used in stage scripts
 
 ---------------------------------------
-*Generated from [src/lib/common.sh](../../../src/lib/common.sh) on 08.09.2023         (writen with ✨ by [gendoc](../../../src/lib/ext/gendoc.sh))*
+*Generated from [src/lib/common.sh](../../../src/lib/common.sh) on 10.09.2023         (writen with ✨ by [gendoc](../../../src/lib/ext/gendoc.sh))*
diff --git a/docs/src/lib/log.md b/docs/src/lib/log.md
index 591a905..946557f 100644
--- a/docs/src/lib/log.md
+++ b/docs/src/lib/log.md
@@ -80,6 +80,10 @@ Logger functions for bash scripts
 log__log "$LOG_LEVEL_DEBUG" "This is a debug message" "$LOG_LEVEL_DEBUG_COLOR" "$LOG_COLOR_OFF"
 ```
 
+* Output
+
+  * `stdout`: Redirects and writes the message to stderr and file log/stdout.log
+
 ### `log__banner 🚫 (private)`
 
 * Log a banner message.
@@ -211,4 +215,4 @@ log_banner "This is a banner message"
   * `stdout`: Writes the banner message to stdout
 
 ---------------------------------------
-*Generated from [src/lib/log.sh](../../../src/lib/log.sh) on 08.09.2023         (writen with ✨ by [gendoc](../../../src/lib/ext/gendoc.sh))*
+*Generated from [src/lib/log.sh](../../../src/lib/log.sh) on 10.09.2023         (writen with ✨ by [gendoc](../../../src/lib/ext/gendoc.sh))*
diff --git a/docs/src/lib/platform.md b/docs/src/lib/platform.md
index a82a178..afb34a1 100644
--- a/docs/src/lib/platform.md
+++ b/docs/src/lib/platform.md
@@ -83,4 +83,4 @@ platform_get_platform
   * `stdout`: The platform where the script is running
 
 ---------------------------------------
-*Generated from [src/lib/platform.sh](../../../src/lib/platform.sh) on 08.09.2023         (writen with ✨ by [gendoc](../../../src/lib/ext/gendoc.sh))*
+*Generated from [src/lib/platform.sh](../../../src/lib/platform.sh) on 10.09.2023         (writen with ✨ by [gendoc](../../../src/lib/ext/gendoc.sh))*
diff --git a/docs/src/lib/project.md b/docs/src/lib/project.md
index 13863ef..64a479d 100644
--- a/docs/src/lib/project.md
+++ b/docs/src/lib/project.md
@@ -55,4 +55,4 @@ project__architecture_print_layers
   * `stdout`: The project architecture layers as a formatted string
 
 ---------------------------------------
-*Generated from [src/lib/project.sh](../../../src/lib/project.sh) on 08.09.2023         (writen with ✨ by [gendoc](../../../src/lib/ext/gendoc.sh))*
+*Generated from [src/lib/project.sh](../../../src/lib/project.sh) on 10.09.2023         (writen with ✨ by [gendoc](../../../src/lib/ext/gendoc.sh))*
diff --git a/docs/src/lib/tooling.md b/docs/src/lib/tooling.md
index 8c80013..f65bb18 100644
--- a/docs/src/lib/tooling.md
+++ b/docs/src/lib/tooling.md
@@ -49,4 +49,4 @@ tooling_set_jq
 ### `tooling_get_ip ✅ (public)`
 
 ---------------------------------------
-*Generated from [src/lib/tooling.sh](../../../src/lib/tooling.sh) on 08.09.2023         (writen with ✨ by [gendoc](../../../src/lib/ext/gendoc.sh))*
+*Generated from [src/lib/tooling.sh](../../../src/lib/tooling.sh) on 10.09.2023         (writen with ✨ by [gendoc](../../../src/lib/ext/gendoc.sh))*
diff --git a/docs/src/lib/workflow.md b/docs/src/lib/workflow.md
index e5ef0f9..d174d1c 100644
--- a/docs/src/lib/workflow.md
+++ b/docs/src/lib/workflow.md
@@ -83,4 +83,4 @@ workflow_load_action_definition "action1" "config/workflow-default.json"
   * `return`: Action definition as an array
 
 ---------------------------------------
-*Generated from [src/lib/workflow.sh](../../../src/lib/workflow.sh) on 08.09.2023         (writen with ✨ by [gendoc](../../../src/lib/ext/gendoc.sh))*
+*Generated from [src/lib/workflow.sh](../../../src/lib/workflow.sh) on 10.09.2023         (writen with ✨ by [gendoc](../../../src/lib/ext/gendoc.sh))*
diff --git a/makefile b/makefile
index 7a44fbb..fff09e8 100644
--- a/makefile
+++ b/makefile
@@ -5,7 +5,7 @@ SHELL=bash
 
 .PHONY: all build check metrics test coverage dev
 
-all: package check metrics coverage doc
+all: build package check metrics coverage doc
 
 build:
 	contrib/build.sh
diff --git a/package.json b/package.json
index 9591f3f..5312ca7 100644
--- a/package.json
+++ b/package.json
@@ -1,9 +1,9 @@
 {
-  "name": "Wild",
+  "name": "Wizard",
   "version": "0.0.1",
-  "description": "Wild fills the missing link of the DevOps approach and its shift-left principal herein. With Wild the shifts are so close to the developer that they no longer exist.",
+  "description": "Welcome to Wizard, a versatile and magical framework that empowers you to effortlessly execute uniform integration scripts both locally and on your server.",
   "homepage": "https://scalastic.io/en/",
-  "scripts": ["wild"],
+  "scripts": ["wizard"],
   "license": "MIT",
   "files": [
     "src/action/build/build.sh",
@@ -13,7 +13,7 @@
     "src/lib/project.sh",
     "src/lib/tooling.sh",
     "src/lib/workflow.sh",
-    "src/wild.sh"
+    "src/wizard.sh"
   ],
   "install": "make install"
 }
diff --git a/resources/config/banner/wild.txt b/resources/config/banner/wild.txt
deleted file mode 100644
index a268500..0000000
--- a/resources/config/banner/wild.txt
+++ /dev/null
@@ -1,12 +0,0 @@
-      ___                                    _____
-     /__/\        ___                       /  /::\
-    _\_ \:\      /  /\     ___             /  /:/\:\
-   /__/\ \:\    /  /:/    /__/\     ___   /  /:/  \:\
-  _\_ \:\ \:\  /__/::\    \  \:\   /  /\ /__/:/ \__\:|
- /__/\ \:\ \:\ \__\/\:\__  \  \:\ /  /:/ \  \:\ /  /:/
- \  \:\ \:\/:/    \  \:\/\  \  \:\  /:/   \  \:\  /:/
-  \  \:\ \::/      \__\::/   \  \:\/:/     \  \:\/:/
-   \  \:\/:/       /__/:/     \  \::/       \  \::/
-    \  \::/        \__\/       \__\/         \__\/
-     \__\/
-                  WILD by Scalastic 🦁
\ No newline at end of file
diff --git a/resources/config/banner/wizard.txt b/resources/config/banner/wizard.txt
new file mode 100644
index 0000000..c1f8d71
--- /dev/null
+++ b/resources/config/banner/wizard.txt
@@ -0,0 +1,12 @@
+      ___                       ___           ___           ___          _____
+     /__/\        ___          /  /\         /  /\         /  /\        /  /::\
+    _\_ \:\      /  /\        /  /::|       /  /::\       /  /::\      /  /:/\:\
+   /__/\ \:\    /  /:/       /  /:/:|      /  /:/\:\     /  /:/\:\    /  /:/  \:\
+  _\_ \:\ \:\  /__/::\      /  /:/|:|__   /  /:/~/::\   /  /:/~/:/   /__/:/ \__\:|
+ /__/\ \:\ \:\ \__\/\:\__  /__/:/ |:| /\ /__/:/ /:/\:\ /__/:/ /:/___ \  \:\ /  /:/
+ \  \:\ \:\/:/    \  \:\/\ \__\/  |:|/:/ \  \:\/:/__\/ \  \:\/:::::/  \  \:\  /:/
+  \  \:\ \::/      \__\::/     |  |:/:/   \  \::/       \  \::/~~~~    \  \:\/:/
+   \  \:\/:/       /__/:/      |  |::/     \  \:\        \  \:\         \  \::/
+    \  \::/        \__\/       |  |:/       \  \:\        \  \:\         \__\/
+     \__\/                     |__|/         \__\/         \__\/
+                        Wizard by Scalastic 💫 - isometric3
\ No newline at end of file
diff --git a/resources/config/k8s/containers-init.yaml b/resources/config/k8s/containers-init.yaml
index cbe009b..dde9557 100644
--- a/resources/config/k8s/containers-init.yaml
+++ b/resources/config/k8s/containers-init.yaml
@@ -3,8 +3,8 @@ metadata:
     pipeline: jenkinsfile
 spec:
   containers:
-    - name: 'wild'
-      image: scalastic/wild
+    - name: 'wizard'
+      image: scalastic/wizard
       command:
         - cat
       tty: true
diff --git a/spec/banner.md b/spec/banner.md
index 69b4093..3a5c701 100644
--- a/spec/banner.md
+++ b/spec/banner.md
@@ -1,6 +1,6 @@
-   ___  ___ _      _____  ____
-  / _ \/ _ | | /| / / _ \/ / /
- / , _/ __ | |/ |/ / , _/_/_/ 
-/_/|_/_/ |_|__/|__/_/|_(_|_)  
-
-WILD development by Scalastic 🤙
+__        ___                  _    ____            _        _ _     
+\ \      / (_)______ _ _ __ __| |  / ___|___  _ __ | |_ _ __(_) |__  
+ \ \ /\ / /| |_  / _` | '__/ _` | | |   / _ \| '_ \| __| '__| | '_ \
+  \ V  V / | |/ / (_| | | | (_| | | |__| (_) | | | | |_| |  | | |_) |
+   \_/\_/  |_/___\__,_|_|  \__,_|  \____\___/|_| |_|\__|_|  |_|_.__/ 
+                          By Scalastic 🤙
diff --git a/spec/lib/log_spec.sh b/spec/lib/log_spec.sh
index 2d27240..29c6026 100644
--- a/spec/lib/log_spec.sh
+++ b/spec/lib/log_spec.sh
@@ -7,8 +7,8 @@ Describe "Test that log.sh"
     Include "./src/lib/log.sh"
 
     setup() {
-        export WILD_CWD="${PWD}"
-        export LOG_PATH="${WILD_CWD}/../tmp/log"
+        export WIZARD_CWD="${PWD}"
+        export LOG_PATH="${WIZARD_CWD}/../tmp/log"
         export LOG_LEVEL="${LOG_LEVEL_INFO}"
     }
 
diff --git a/spec/lib/project_spec.sh b/spec/lib/project_spec.sh
index dc122c9..c0c42b1 100644
--- a/spec/lib/project_spec.sh
+++ b/spec/lib/project_spec.sh
@@ -8,10 +8,10 @@ Describe "Test that project.sh"
     Include "./src/lib/project.sh"
 
     setup() { 
-        export WILD_CWD="${PWD}"
-        export LOG_PATH="${WILD_CWD}/tmp/log"
+        export WIZARD_CWD="${PWD}"
+        export LOG_PATH="${WIZARD_CWD}/tmp/log"
         export LOG_LEVEL="${LOG_LEVEL_INFO}"
-        export CONFIG_PATH="${WILD_CWD}/test/config"
+        export CONFIG_PATH="${WIZARD_CWD}/test/config"
     }
 
     BeforeAll 'setup'
@@ -19,7 +19,7 @@ Describe "Test that project.sh"
     Describe "project_get_configuration_path"
 
         It "returns the default configuration path if no path is specified"
-            export CONFIG_PATH="${WILD_CWD}/config"
+            export CONFIG_PATH="${WIZARD_CWD}/config"
             When call project_get_configuration_path
             The status should be success
             The output should include "config/workflow-default.json"
@@ -27,7 +27,7 @@ Describe "Test that project.sh"
         End
 
         It "returns the specified configuration path if a path is specified"
-            export CONFIG_PATH="${WILD_CWD}/test/config"
+            export CONFIG_PATH="${WIZARD_CWD}/test/config"
             When call project_get_configuration_path "${CONFIG_PATH}/workflow-action.json"
             The status should be success
             The output should include "${CONFIG_PATH}/workflow-action.json"
diff --git a/spec/lib/tooling_spec.sh b/spec/lib/tooling_spec.sh
index bf6959f..5442a17 100644
--- a/spec/lib/tooling_spec.sh
+++ b/spec/lib/tooling_spec.sh
@@ -9,7 +9,7 @@ Describe "Test that tooling.sh"
     setup() {
         export LOG_PATH="${PWD}/log"
         export LOG_LEVEL="${LOG_LEVEL_INFO}"
-        export WILD_CWD="${PWD}"
+        export WIZARD_CWD="${PWD}"
     }
     BeforeAll 'setup'
 
@@ -81,7 +81,7 @@ Describe "Test that tooling.sh"
             When call tooling_set_jq
 
             The status should be success
-            The variable JQ should eq "FAKE_DOCKER run -i scalastic/wild:latest"
+            The variable JQ should eq "FAKE_DOCKER run -i scalastic/wizard:latest"
             The variable IS_DOCKERIZED_JQ should eq "true"
             The stderr should be present # for logs redirected into stderr
         End
diff --git a/spec/lib/workflow_spec.sh b/spec/lib/workflow_spec.sh
index d1136b7..d7a2ff5 100644
--- a/spec/lib/workflow_spec.sh
+++ b/spec/lib/workflow_spec.sh
@@ -5,12 +5,12 @@
 Describe "Test that workflow.sh"
 
     setup() {
-        export WILD_CWD="${PWD}"
-        export LOG_PATH="${WILD_CWD}/tmp/log"
+        export WIZARD_CWD="${PWD}"
+        export LOG_PATH="${WIZARD_CWD}/tmp/log"
         export LOG_LEVEL="${LOG_LEVEL_DEBUG}"
-        export CONFIG_PATH="${WILD_CWD}/config"
+        export CONFIG_PATH="${WIZARD_CWD}/config"
 
-        mkdir -p "${WILD_CWD}/tmp/config"
+        mkdir -p "${WIZARD_CWD}/tmp/config"
     }
 
     BeforeAll 'setup'
@@ -29,9 +29,9 @@ Describe "Test that workflow.sh"
             The stderr should be present # for logs redirected into stderr
         End
 
-        It "returns a status failure when WILD_CWD is not set"
+        It "returns a status failure when WIZARD_CWD is not set"
 
-            BeforeRun 'unset WILD_CWD'
+            BeforeRun 'unset WIZARD_CWD'
             BeforeRun 'JQ=FAKE_JQ'
 
             When run workflow_check_prerequisites
@@ -98,7 +98,7 @@ Describe "Test that workflow.sh"
             When run workflow_get_workflows_containers_names "${TEST_WORKFLOW_DEFINITION_FILENAME}"
 
             The status should be success
-            The output should eq "wild maven"
+            The output should eq "wizard maven"
             The stderr should be present # for logs redirected into stderr
         End
 
@@ -117,7 +117,7 @@ Describe "Test that workflow.sh"
             When run workflow_load_action_definition "action1" "${TEST_WORKFLOW_DEFINITION_FILENAME}"
 
             The status should be success
-            The output should eq "{\"id\":\"action1\",\"name\":\"Action 1\",\"container\":\"wild\",\"script\":\"test/action/bash-version.sh\"}"
+            The output should eq "{\"id\":\"action1\",\"name\":\"Action 1\",\"container\":\"wizard\",\"script\":\"test/action/bash-version.sh\"}"
             The stderr should be present # for logs redirected into stderr
         End
 
diff --git a/src/lib/ext/gendoc.sh b/src/lib/ext/gendoc.sh
index b8d5bba..8939ee2 100755
--- a/src/lib/ext/gendoc.sh
+++ b/src/lib/ext/gendoc.sh
@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-#@desc This script is used to generate documentation for bash scripts used in Wild.
+#@desc This script is used to generate documentation for bash scripts used in Wizard.
 
 set -euo pipefail
 
diff --git a/src/lib/log.sh b/src/lib/log.sh
index 971ceae..da34493 100644
--- a/src/lib/log.sh
+++ b/src/lib/log.sh
@@ -67,7 +67,7 @@ log__prerequisite() {
 #@arg       message: message to log
 #@arg       color: color to use for the message
 #@arg       color_off: color to use to turn off the color
-#@sdtout    Redirects and writes the message to stderr and file log/stdout.log
+#@stdout    Redirects and writes the message to stderr and file log/stdout.log
 log__log() {
     local level=$1
     local message=$2
diff --git a/src/lib/tooling.sh b/src/lib/tooling.sh
index 70fcfd2..d2fb553 100644
--- a/src/lib/tooling.sh
+++ b/src/lib/tooling.sh
@@ -41,7 +41,7 @@ tooling_set_jq() {
 
     elif tooling__check_command docker; then
         # shellcheck disable=SC2155
-        export JQ="$(tooling__get_command docker) run -i scalastic/wild:latest"
+        export JQ="$(tooling__get_command docker) run -i scalastic/wizard:latest"
         export IS_DOCKERIZED_JQ=true
         log_info "Using dockerized jq command $JQ"
 
diff --git a/src/lib/workflow.sh b/src/lib/workflow.sh
index 693a774..5c3f8d2 100644
--- a/src/lib/workflow.sh
+++ b/src/lib/workflow.sh
@@ -14,8 +14,8 @@ workflow_check_prerequisites () {
 
     local status=0
 
-    if [ -z "${WILD_CWD:-}" ]; then
-        log_error "Missing WILD_CWD environment variable"
+    if [ -z "${WIZARD_CWD:-}" ]; then
+        log_error "Missing WIZARD_CWD environment variable"
         status=1
     fi
 
@@ -29,7 +29,7 @@ workflow_check_prerequisites () {
         return 1
     fi
 
-    log_debug "WILD_CWD is ${WILD_CWD}"
+    log_debug "WIZARD_CWD is ${WIZARD_CWD}"
     log_debug "jq command is ${JQ}"
 }
 
@@ -49,7 +49,7 @@ workflow_check_workflow_definition_path() {
         path="config/workflow-default.json"
     fi
 
-    if [ ! -f "${WILD_CWD}/${path}" ]; then
+    if [ ! -f "${WIZARD_CWD}/${path}" ]; then
         log_fatal "Workflow definition file in ${path} does not exist"
         exit 1
     fi
@@ -96,7 +96,7 @@ workflow_load_action_definition() {
 
     local action_definition
     # shellcheck disable=SC2207
-    action_definition=($("$JQ" <"${WILD_CWD}/${workflow_definition_path}" -rc ".actions[] | select(.id == \"${action_id}\")"))
+    action_definition=($("$JQ" <"${WIZARD_CWD}/${workflow_definition_path}" -rc ".actions[] | select(.id == \"${action_id}\")"))
 
     # shellcheck disable=SC2145
     log_debug "Action definition is: ${action_definition[@]}"
diff --git a/src/wild.sh b/src/wild.sh
deleted file mode 100755
index b0c047a..0000000
--- a/src/wild.sh
+++ /dev/null
@@ -1,55 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-export WILD_CWD="${PWD}"
-export LOG_PATH="${WILD_CWD}/tmp" && mkdir -p "${LOG_PATH}"
-export CONFIG_PATH="./config"
-# shellcheck disable=SC2034
-VERSION="0.0.1"
-
-# shellcheck disable=SC1091
-source "${WILD_CWD}/src/lib/ext/getoptions.sh"
-
-parser_definition() {
-  setup REST help:usage -- "Usage: wild.sh [options]... [arguments]..." ''
-  msg -- 'Options:'
-  flag PARAM_DOCKER -d -- "executes on docker images"
-  disp :usage -h --help
-  disp VERSION --version
-}
-
-
-eval "$(getoptions parser_definition) exit 1"
-
-if [ -n "${PARAM_DOCKER}" ] && [ "${PARAM_DOCKER}" -eq "1" ]; then
-  echo "Starting containers..."
-  # Build images
-  "${WILD_CWD}"/docker/build-all-images.sh
-  # Start containers
-  #docker container run \
-  #  --mount type=bind,source="$WILD_CWD/config",target="/app/config"\
-  #  -td --name basic-wild \
-  #  scalastic/wild:latest \
-  #  /bin/bash
-fi
-
-# Import librairies
-# shellcheck disable=SC1091
-source "${WILD_CWD}/src/lib/log.sh"
-export LOG_LEVEL="$LOG_LEVEL_DEBUG"
-# shellcheck disable=SC1091
-source "${WILD_CWD}/src/lib/tooling.sh"
-tooling::set_jq
-
-# shellcheck disable=SC1091
-source "${WILD_CWD}/src/lib/platform.sh"
-# shellcheck disable=SC1091
-source "${WILD_CWD}/src/lib/project.sh"
-# shellcheck disable=SC1091
-source "${WILD_CWD}/src/lib/workflow.sh"
-
-
-workflow_configuration_path=$(project::get_configuration_path)
-# shellcheck disable=SC2034
-used_containers_names=$(workflow::_get_workflows_containers_names "$workflow_configuration_path")
diff --git a/src/wizard.sh b/src/wizard.sh
new file mode 100755
index 0000000..49e9f08
--- /dev/null
+++ b/src/wizard.sh
@@ -0,0 +1,54 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+export WIZARD_CWD="${PWD}"
+export LOG_PATH="${WIZARD_CWD}/tmp" && mkdir -p "${LOG_PATH}"
+export CONFIG_PATH="./config"
+# shellcheck disable=SC2034
+VERSION="0.0.1"
+
+# shellcheck disable=SC1091
+source "${WIZARD_CWD}/src/lib/ext/getoptions.sh"
+
+parser_definition() {
+  setup REST help:usage -- "Usage: wizard.sh [options]... [arguments]..." ''
+  msg -- 'Options:'
+  flag PARAM_DOCKER -d -- "executes on docker images"
+  disp :usage -h --help
+  disp VERSION --version
+}
+
+
+eval "$(getoptions parser_definition) exit 1"
+
+if [ -n "${PARAM_DOCKER}" ] && [ "${PARAM_DOCKER}" -eq "1" ]; then
+  echo "Starting containers..."
+  # Build images
+  "${WIZARD_CWD}"/docker/build-all-images.sh
+  # Start containers
+  #docker container run \
+  #  --mount type=bind,source="$WIZARD_CWD/config",target="/app/config"\
+  #  -td --name basic-wizard \
+  #  scalastic/wizard:latest \
+  #  /bin/bash
+fi
+
+# Import librairies
+# shellcheck disable=SC1091
+source "${WIZARD_CWD}/src/lib/log.sh"
+export LOG_LEVEL="$LOG_LEVEL_DEBUG"
+# shellcheck disable=SC1091
+source "${WIZARD_CWD}/src/lib/tooling.sh"
+tooling::set_jq
+
+# shellcheck disable=SC1091
+source "${WIZARD_CWD}/src/lib/platform.sh"
+# shellcheck disable=SC1091
+source "${WIZARD_CWD}/src/lib/project.sh"
+# shellcheck disable=SC1091
+source "${WIZARD_CWD}/src/lib/workflow.sh"
+
+
+#workflow_configuration_path=$(project::get_configuration_path)
+#used_containers_names=$(workflow::_get_workflows_containers_names "$workflow_configuration_path")
diff --git a/test/config/test-workflow-default.json b/test/config/test-workflow-default.json
index c08352b..bcc83b0 100644
--- a/test/config/test-workflow-default.json
+++ b/test/config/test-workflow-default.json
@@ -1,12 +1,12 @@
 {
-  "id": "wild-test-001",
+  "id": "wizard-test-001",
   "name": "Sample Workflow for Testing",
   "version": "1.0.0",
   "actions": [
     {
       "id": "action1",
       "name": "Action 1",
-      "container": "wild",
+      "container": "wizard",
       "script": "test/action/bash-version.sh"
     },
     {
diff --git a/test/config/workflow-action.json b/test/config/workflow-action.json
index 116fa5a..4a8259d 100644
--- a/test/config/workflow-action.json
+++ b/test/config/workflow-action.json
@@ -1,5 +1,5 @@
 {
-  "id": "wild-test-001",
+  "id": "wizard-test-001",
   "name": "Sample Workflow for Testing",
   "version": "1.0.0",
   "actions": [
diff --git a/test/config/workflow-default.json b/test/config/workflow-default.json
index c08352b..bcc83b0 100644
--- a/test/config/workflow-default.json
+++ b/test/config/workflow-default.json
@@ -1,12 +1,12 @@
 {
-  "id": "wild-test-001",
+  "id": "wizard-test-001",
   "name": "Sample Workflow for Testing",
   "version": "1.0.0",
   "actions": [
     {
       "id": "action1",
       "name": "Action 1",
-      "container": "wild",
+      "container": "wizard",
       "script": "test/action/bash-version.sh"
     },
     {
diff --git a/test/gitlab/install.sh b/test/gitlab/install.sh
index 6cde362..f24f3e8 100755
--- a/test/gitlab/install.sh
+++ b/test/gitlab/install.sh
@@ -9,15 +9,12 @@ GITLAB_INSTALLATION_CONFIG="${GITLAB_PATH}/config"
 
 export GITLAB_HOME="${GITLAB_VOLUME_HOME}"
 
-#docker build \
-#  -t gitlab: \
-#  "${GITLAB_INSTALLATION_CONFIG}"
-
-docker run \
-  --rm \
+docker run --detach \
+  --hostname gitlab.scalastic.local \
+  --add-host=gitlab.scalastic.local:192.168.0.100 \
+  --publish 127.0.0.1:4443:443 --publish 127.0.0.1:4080:80 --publish 127.0.0.1:4022:22 \
   --name gitlab \
-  --hostname gitlab.example.com \
-  --publish 443:443 --publish 80:80 --publish 22:22 \
+  --restart always \
   --volume "${GITLAB_VOLUME_HOME}/config:/etc/gitlab" \
   --volume "${GITLAB_VOLUME_HOME}/logs:/var/log/gitlab" \
   --volume "${GITLAB_VOLUME_HOME}/data:/var/opt/gitlab" \
@@ -25,6 +22,18 @@ docker run \
   --shm-size 256m \
   gitlab/gitlab-ce:latest
 
-# docker logs -f gitlab
+#docker run \
+#  --rm \
+#  --name gitlab \
+#  --hostname gitlab.example.com \
+#  --publish 443:443 --publish 80:80 --publish 22:22 \
+#  --volume "${GITLAB_VOLUME_HOME}/config:/etc/gitlab" \
+#  --volume "${GITLAB_VOLUME_HOME}/logs:/var/log/gitlab" \
+#  --volume "${GITLAB_VOLUME_HOME}/data:/var/opt/gitlab" \
+#  --env GITLAB_ROOT_PASSWORD=p@ssw0rd \
+#  --shm-size 256m \
+#  gitlab/gitlab-ce:latest
+
+docker logs -f gitlab
 
-# docker exec -it gitlab grep 'Password:' /etc/gitlab/initial_root_password
\ No newline at end of file
+docker exec -it gitlab grep 'Password:' /etc/gitlab/initial_root_password
\ No newline at end of file
diff --git a/test/jenkins/README.md b/test/jenkins/README.md
index ceee8c0..6a23f59 100644
--- a/test/jenkins/README.md
+++ b/test/jenkins/README.md
@@ -7,7 +7,7 @@
 
 ## Installation
 
-1. Start by copying the contents of `.env.template` into a new file named `.env`. In this newly created file, provide your GitHub Token. This token is necessary to access the Git repository where the "wild" application is installed.
+1. Start by copying the contents of `.env.template` into a new file named `.env`. In this newly created file, provide your GitHub Token. This token is necessary to access the Git repository where the "wizard" application is installed.
 
 2. To set up a fresh Jenkins instance, execute the following command:
 ```bash
diff --git a/test/jenkins/config/casc.yaml b/test/jenkins/config/casc.yaml
index 66a8719..b9b93cf 100644
--- a/test/jenkins/config/casc.yaml
+++ b/test/jenkins/config/casc.yaml
@@ -8,11 +8,11 @@ credentials:
               scope: GLOBAL
               secret: ${JENKINS_KUBERNETES_TOKEN}
           - usernamePassword:
-              description: wild-github-token
+              description: wizard-github-token
               scope: GLOBAL
-              id: wild-github-token
+              id: wizard-github-token
               username: oauth2
-              password: ${WILD_GITHUB_TOKEN}
+              password: ${WIZARD_GITHUB_TOKEN}
 jenkins:
   systemMessage: "Automated Jenkins Setup using Docker and Jenkins Configuration as Code"
   securityRealm:
@@ -62,10 +62,10 @@ jobs:
             scm {
               git {
                 remote {
-                  url('https://github.com/scalastic/wild.git')
-                  credentials('wild-github-token')
+                  url('https://github.com/scalastic/wizard.git')
+                  credentials('wizard-github-token')
                 }
-                branch('*/17-add-more-configurations-on-workflow-pipeline')
+                branch('*/14-redesign-gitlab-ci-platform-for-testing')
               }
             }
             lightweight()
diff --git a/test/jenkins/config/exported-jenkins.yaml b/test/jenkins/config/exported-jenkins.yaml
deleted file mode 100644
index 3d53b79..0000000
--- a/test/jenkins/config/exported-jenkins.yaml
+++ /dev/null
@@ -1,129 +0,0 @@
-credentials:
-  system:
-    domainCredentials:
-      - credentials:
-          - string:
-              description: "kubernetes-jenkins-token"
-              id: "kubernetes-jenkins-token"
-              scope: GLOBAL
-              secret: "{AQAAABAAAAOwXX63gVCVOwTvhbYt1LPl8FQ5DprGNEsgYmLkMRLlZ6SUzz5Glo8C86jBRDcQqnWBTAOCZkg3s09XUHAeCFvKBP+n4yymIBNXwD1kg5IM+tsM1Me+cxGWfwdA3mHC81TQX0CAskbKL0LUC4G9SYm93G90tHEX7QpxczFWbGFVrdWdTDn1xuEMBBOTeObSx60mKY8g0HOqzy06ct2V/RmWIaO/j00ByztNZBdhoZe87+tFJ0Fox8yqKITZF7aQkbvpXIM0xH2qtWR2Zw5BAIFOSAXjCOO5YJ+v7hyFEFpYgMacFSIrJLOel5kqHY9Tupb5/0znKZit7uVI5JOzNGGJzqVVkt4HQk0WnNd/Fss8vyi4surN53eqbhudvu2KXIDK3IW3JajVGYGGZNLDnQcvY37pLLec1uZrtiQKYeK3YPcP/GTDEXkKYR4iYv9l0xiwBd4oZlXsU/S1aLSRcOaNwnh7t03b2USXIS6bfcPIGNGPEqIq9pkNQ6FIdhWKXsJsC3R0aTk0F0bJF7q/MmYAqux3HUovv5eeD7mwLs9qhO0t32aphQfO/0IQCsFroIm2I4S35tDvqGuOmCDXfxYA823zLFq01y408TRi9BRQT+c/eKVGNbdE/NqxJaQvZng1nwQMBFhgzePmtuZbwtH9rxYBNsda6/X1v9tl6mcDBCivxjfMcR1/jSA0l7wWAnBe8Ud+KTiOogyHS50TMmrZdneqs2sm3z21iwb0hmGykMPjJKO7B7OPAt1SyGWSo5Ao4MXKYweR+l1wXWCD27d/1g2+cmcohM06Xq7IJuAIk4UjsygEsR9qG6YGcpI61QhnXEGdP9Uaemn1Atz2jixg+oTlboWT9O2TLBpfCqtqVskkTY9ntX+Cq/M+Xj8GoMCQy2dc+2kqbD9CW3tG3OYTIz0QETt9Ka161Xfk3R4XuSV9T3vK8hRvBc4e0vJltwLx9agSuFY/Wf63QN4ib9n9RGAjslrqC+7QSJ3eJ1DjhmkgN6EuHT2edtfjPOHiuvPnsIVi0xQ+V9aFNobQmrsumaeTOwtthSuCknaQ4Rd2lYM2H/UhE7jfvQpSX1EN2ngRzVuWLmrp7JqnUL/B2636eYDACl8uNtt5kbvOAYvd+wCqeG2Nk3BcZsPiygEkSycBX/I9pW2s2PdOm+6NDjbwptrMUvEMvDJRm0zuzOo8fxdwbqhMf3m+Kh0p5s5rM9lsISjOy/1gEwr5yQjJFEHmZk1AseyTXnYyL6SqS9p1RDCzzgcm2gylbU4NWJm5gAIx}"
-          - usernamePassword:
-              description: "wild-github-token"
-              id: "wild-github-token"
-              password: "{AQAAABAAAABgMBbHt+2lG9HjgZyFFlI6kIhkBgUPO2z+zXWwddZJTSa34qiQYuxYwaNzJhpZaGxnnhViqzYWKfVAn5DJRXhSN7Rgo2zZC+0flYKZq3Adf68/HHcdoqVnHHaYZOMebuEwPKVYn0UR7FVgZfIVYFEgsA==}"
-              scope: GLOBAL
-              username: "oauth2"
-jenkins:
-  agentProtocols:
-    - "JNLP4-connect"
-    - "Ping"
-  authorizationStrategy:
-    globalMatrix:
-      permissions:
-        - "Overall/Administer:admin"
-        - "Overall/Read:authenticated"
-  clouds:
-    - kubernetes:
-        containerCap: 10
-        containerCapStr: "10"
-        credentialsId: "kubernetes-jenkins-token"
-        jenkinsUrl: "http://192.168.1.18:8080"
-        name: "kubernetes"
-        namespace: "jenkins"
-        serverUrl: "https://kubernetes.docker.internal:6443"
-        skipTlsVerify: true
-        webSocket: true
-  crumbIssuer:
-    standard:
-      excludeClientIPFromCrumb: false
-  disableRememberMe: false
-  labelAtoms:
-    - name: "built-in"
-    - name: "removed-master"
-  labelString: "removed-master"
-  markupFormatter: "plainText"
-  mode: EXCLUSIVE
-  myViewsTabBar: "standard"
-  numExecutors: 0
-  primaryView:
-    all:
-      name: "all"
-  projectNamingStrategy: "standard"
-  quietPeriod: 5
-  remotingSecurity:
-    enabled: true
-  scmCheckoutRetryCount: 0
-  securityRealm:
-    local:
-      allowsSignup: false
-      enableCaptcha: false
-      users:
-        - id: "admin"
-          name: "admin"
-          properties:
-            - "apiToken"
-            - "mailer"
-            - "myView"
-            - preferredProvider:
-                providerId: "default"
-            - "timezone"
-            - "experimentalFlags"
-  slaveAgentPort: 50000
-  systemMessage: "Automated Jenkins Setup using Docker and Jenkins Configuration as\
-    \ Code"
-  updateCenter:
-    sites:
-      - id: "default"
-        url: "https://updates.jenkins.io/update-center.json"
-  views:
-    - all:
-        name: "all"
-  viewsTabBar: "standard"
-globalCredentialsConfiguration:
-  configuration:
-    providerFilter: "none"
-    typeFilter: "none"
-security:
-  apiToken:
-    creationOfLegacyTokenEnabled: false
-    tokenGenerationOnCreationEnabled: false
-    usageStatisticsEnabled: true
-  gitHooks:
-    allowedOnAgents: false
-    allowedOnController: false
-  gitHostKeyVerificationConfiguration:
-    sshHostKeyVerificationStrategy: "knownHostsFileVerificationStrategy"
-  globalJobDslSecurityConfiguration:
-    useScriptSecurity: true
-unclassified:
-  buildDiscarders:
-    configuredBuildDiscarders:
-      - "jobBuildDiscarder"
-  fingerprints:
-    fingerprintCleanupDisabled: false
-    storage: "file"
-  location:
-    adminAddress: "Adresse pas encore configurée <nobody@nowhere>"
-    url: "http://192.168.1.18:8080/"
-  mailer:
-    charset: "UTF-8"
-    useSsl: false
-    useTls: false
-  pollSCM:
-    pollingThreadCount: 10
-  scmGit:
-    addGitTagAction: false
-    allowSecondFetch: false
-    createAccountBasedOnEmail: false
-    disableGitToolChooser: false
-    hideCredentials: false
-    showEntireCommitSummaryInChanges: false
-    useExistingAccountWithSameEmail: false
-tool:
-  git:
-    installations:
-      - home: "git"
-        name: "Default"
-  mavenGlobalConfig:
-    globalSettingsProvider: "standard"
-    settingsProvider: "standard"
diff --git a/test/jenkins/config/secrets-template.properties b/test/jenkins/config/secrets-template.properties
index 5b371b9..f762f28 100644
--- a/test/jenkins/config/secrets-template.properties
+++ b/test/jenkins/config/secrets-template.properties
@@ -1,2 +1,2 @@
 JENKINS_KUBERNETES_TOKEN=<SERVICE_ACCOUNT_TOKEN>
-WILD_GITHUB_TOKEN=<GITHUB_TOKEN>
\ No newline at end of file
+WIZARD_GITHUB_TOKEN=<GITHUB_TOKEN>
\ No newline at end of file
diff --git a/test/jenkins/install.sh b/test/jenkins/install.sh
index 9d19a65..5a38c8d 100755
--- a/test/jenkins/install.sh
+++ b/test/jenkins/install.sh
@@ -56,6 +56,8 @@ docker build \
 docker run \
   --rm \
   --name jenkins \
+  --hostname jenkins.scalastic.local \
+  --add-host=jenkins.scalastic.local:"${LOCAL_IP_ADDRESS}" \
   -p 8080:8080 -p 50000:50000 \
   -v "${JENKINS_VOLUME_HOME}:/var/jenkins_home" \
   --env "LOCAL_IP_ADDRESS=${LOCAL_IP_ADDRESS}" \
diff --git a/vars/containerConfig.groovy b/vars/containerConfig.groovy
index e80bff8..6276e4e 100644
--- a/vars/containerConfig.groovy
+++ b/vars/containerConfig.groovy
@@ -1,6 +1,6 @@
 
     def getContainerConfig(appConfig, selectedContainerNames = null) {
-        //def appConfig = readYaml(file: "./wild-workdir/config/containers-config.yaml")
+        //def appConfig = readYaml(file: "./wizard-workdir/config/containers-config.yaml")
 
         if (selectedContainerNames) {
             appConfig.container = appConfig.container.findAll { container ->
diff --git a/vars/wildPipeline.groovy b/vars/wizardPipeline.groovy
similarity index 84%
rename from vars/wildPipeline.groovy
rename to vars/wizardPipeline.groovy
index 62e38af..a488ebf 100644
--- a/vars/wildPipeline.groovy
+++ b/vars/wizardPipeline.groovy
@@ -1,13 +1,13 @@
 def call() {
 
-    string pod_init_label = "wild-init-1"
-    string pod_run_label = "wild-run-1"
+    string pod_init_label = "wizard-init-1"
+    string pod_run_label = "wizard-run-1"
     def k8s_containers_init = libraryResource('config/k8s/containers-init.yaml')
     def k8s_containers_run
 
     def colored_xterm = isColoredXterm()
     def env_variables_list = [
-        "wild_path=./wild-workdir",
+        "wizard_path=./wizard-workdir",
         "log_path=${env.WORKSPACE}/log",
         "current_git_branch=${env.BRANCH_NAME}",
         "colored_xterm=${colored_xterm}",
@@ -20,7 +20,7 @@ def call() {
     ) {
         node(pod_init_label) {
 
-            logger.bannerLogo(libraryResource('config/banner/wild.txt'))
+            logger.bannerLogo(libraryResource('config/banner/wizard.txt'))
 
             stage('init') {
 
@@ -33,30 +33,30 @@ def call() {
 
                     checkout([
                         $class                           : 'GitSCM',
-                        branches                         : [[name: env."library.wild.version"]],
+                        branches                         : [[name: env."library.wizard.version"]],
                         doGenerateSubmoduleConfigurations: false,
                         extensions                       : [
                             [$class: 'CleanBeforeCheckout'],
-                            [$class: 'RelativeTargetDirectory', relativeTargetDir: './wild-workdir']
+                            [$class: 'RelativeTargetDirectory', relativeTargetDir: './wizard-workdir']
                         ],
                         submoduleCfg                     : [],
                         userRemoteConfigs                : [
-                            [credentialsId: 'wild-github-token',
-                             url          : 'https://github.com/scalastic/wild.git']
+                            [credentialsId: 'wizard-github-token',
+                             url          : 'https://github.com/scalastic/wizard.git']
                         ]
                     ])
 
-                    def config_containers = readYaml(file: "${wild_path}/config/k8s/containers-config.yaml")
+                    def config_containers = readYaml(file: "${wizard_path}/config/k8s/containers-config.yaml")
                     def names_containers_run = []
-                    container('wild') {
+                    container('wizard') {
                         names_containers_run = sh(
                             script: '''
                             export JQ=$(which jq)
-                            export WILD_CWD=${wild_path}
+                            export WIZARD_CWD=${wizard_path}
                             export LOG_PATH=${log_path}
                             bash --version
-                            source ${wild_path}/src/lib/workflow.sh
-                            workflow_get_workflows_containers_names ${wild_path}/config/workflow-default.json
+                            source ${wizard_path}/src/lib/workflow.sh
+                            workflow_get_workflows_containers_names ${wizard_path}/config/workflow-default.json
                             ''',
                             returnStdout: true)
                     }
@@ -81,7 +81,7 @@ def call() {
 
                 unstash "init"
 
-                def workflow = readJSON(file: "${wild_path}/config/workflow-default.json")
+                def workflow = readJSON(file: "${wizard_path}/config/workflow-default.json")
                 logger.info("Processing workflow '${workflow.name}', version '${workflow.version}'...")
 
                 workflow.actions.each { action ->

From 7e640ef5826d065ca5456eadefa57e81bd83b543 Mon Sep 17 00:00:00 2001
From: jeanjerome <jeanjerome.levy@gmail.com>
Date: Wed, 13 Sep 2023 23:54:05 +0200
Subject: [PATCH 2/4] ref(14): Set jenkins behind nginx

---
 test/gitlab/install.sh          | 20 +++++++++-
 test/jenkins/config/casc.yaml   |  9 ++---
 test/jenkins/config/plugins.txt |  1 -
 test/jenkins/install.sh         |  4 +-
 test/nginx/config/Dockerfile    | 10 +++++
 test/nginx/config/default.conf  | 68 +++++++++++++++++++++++++++++++++
 test/nginx/config/jenkins.conf  | 68 +++++++++++++++++++++++++++++++++
 test/nginx/home/index.html      |  6 +++
 test/nginx/install.sh           | 47 +++++++++++++++++++++++
 9 files changed, 223 insertions(+), 10 deletions(-)
 create mode 100644 test/nginx/config/Dockerfile
 create mode 100644 test/nginx/config/default.conf
 create mode 100644 test/nginx/config/jenkins.conf
 create mode 100644 test/nginx/home/index.html
 create mode 100755 test/nginx/install.sh

diff --git a/test/gitlab/install.sh b/test/gitlab/install.sh
index f24f3e8..d5e59ee 100755
--- a/test/gitlab/install.sh
+++ b/test/gitlab/install.sh
@@ -3,16 +3,32 @@
 
 set -euo pipefail
 
+source .env
+export LOG_PATH="./log"
+source ./src/lib/common.sh
+
+install__configure_kubernetes() {
+  declare -r name="gitlab"
+
+  kubectl delete namespace "${name}" || true
+  kubectl create namespace "${name}"
+
+  helm repo add gitlab https://charts.gitlab.io
+  helm repo update gitlab
+
+
+}
+
 GITLAB_PATH="${PWD}/test/gitlab"
 GITLAB_VOLUME_HOME="${GITLAB_PATH}/home"
 GITLAB_INSTALLATION_CONFIG="${GITLAB_PATH}/config"
+LOCAL_IP_ADDRESS=$(tooling_get_ip)
 
 export GITLAB_HOME="${GITLAB_VOLUME_HOME}"
 
 docker run --detach \
   --hostname gitlab.scalastic.local \
-  --add-host=gitlab.scalastic.local:192.168.0.100 \
-  --publish 127.0.0.1:4443:443 --publish 127.0.0.1:4080:80 --publish 127.0.0.1:4022:22 \
+  --publish 127.0.0.1:4443:443 --publish 127.0.0.1:4000:80 \
   --name gitlab \
   --restart always \
   --volume "${GITLAB_VOLUME_HOME}/config:/etc/gitlab" \
diff --git a/test/jenkins/config/casc.yaml b/test/jenkins/config/casc.yaml
index b9b93cf..d58f600 100644
--- a/test/jenkins/config/casc.yaml
+++ b/test/jenkins/config/casc.yaml
@@ -34,7 +34,8 @@ jenkins:
         containerCap: 10
         containerCapStr: "10"
         credentialsId: "kubernetes-jenkins-token"
-        jenkinsUrl: http://${LOCAL_IP_ADDRESS}:8080
+        # jenkinsUrl: http://${LOCAL_IP_ADDRESS}:8080
+        jenkinsUrl: http://jenkins.scalastic.local:8080
         name: "kubernetes"
         namespace: "jenkins"
         serverUrl: "https://kubernetes.docker.internal:6443"
@@ -74,9 +75,7 @@ jobs:
       }
 unclassified:
   location:
-    url: http://${LOCAL_IP_ADDRESS}:8080/
+    # url: http://${LOCAL_IP_ADDRESS}:8080/
+    url: http://jenkins.scalastic.local:8080/
   ansiColorBuildWrapper:
     globalColorMapName: "xterm"
-  themeManager:
-    disableUserThemes: true
-    theme: "darkSystem"
diff --git a/test/jenkins/config/plugins.txt b/test/jenkins/config/plugins.txt
index 820e6a3..b8c49a7 100644
--- a/test/jenkins/config/plugins.txt
+++ b/test/jenkins/config/plugins.txt
@@ -8,4 +8,3 @@ kubernetes:latest
 job-dsl:latest
 ansicolor:latest
 pipeline-utility-steps:latest
-dark-theme:latest
diff --git a/test/jenkins/install.sh b/test/jenkins/install.sh
index 5a38c8d..f7566a0 100755
--- a/test/jenkins/install.sh
+++ b/test/jenkins/install.sh
@@ -57,10 +57,10 @@ docker run \
   --rm \
   --name jenkins \
   --hostname jenkins.scalastic.local \
-  --add-host=jenkins.scalastic.local:"${LOCAL_IP_ADDRESS}" \
   -p 8080:8080 -p 50000:50000 \
   -v "${JENKINS_VOLUME_HOME}:/var/jenkins_home" \
-  --env "LOCAL_IP_ADDRESS=${LOCAL_IP_ADDRESS}" \
   --env "JENKINS_INSTALLATION_CONFIG=${JENKINS_INSTALLATION_CONFIG}" \
   --env JENKINS_ADMIN_ID=admin --env JENKINS_ADMIN_PASSWORD=password \
   jenkins:jcasc
+  # --env "LOCAL_IP_ADDRESS=${LOCAL_IP_ADDRESS}" \
+  # --add-host=jenkins.scalastic.local:"${LOCAL_IP_ADDRESS}" \
diff --git a/test/nginx/config/Dockerfile b/test/nginx/config/Dockerfile
new file mode 100644
index 0000000..e986e4f
--- /dev/null
+++ b/test/nginx/config/Dockerfile
@@ -0,0 +1,10 @@
+# Utilisez une image de base Nginx
+FROM nginx
+
+COPY jenkins.conf /etc/nginx/conf.d
+
+# Exposez le port 80 pour HTTP
+EXPOSE 80/tcp
+
+# Commande de démarrage pour Nginx
+CMD ["nginx", "-g", "daemon off;"]
\ No newline at end of file
diff --git a/test/nginx/config/default.conf b/test/nginx/config/default.conf
new file mode 100644
index 0000000..295f9fc
--- /dev/null
+++ b/test/nginx/config/default.conf
@@ -0,0 +1,68 @@
+# Required for Jenkins websocket agents
+map $http_upgrade $connection_upgrade {
+  default upgrade;
+  '' close;
+}
+
+server {
+  listen          80;
+  server_name     jenkins.scalastic.local;
+
+  # this is the jenkins web root directory
+  # (mentioned in the output of "systemctl cat jenkins")
+  root            /var/run/jenkins/war/;
+
+  access_log      /var/log/nginx/jenkins.access.log;
+  error_log       /var/log/nginx/jenkins.error.log;
+
+  # pass through headers from Jenkins that Nginx considers invalid
+  ignore_invalid_headers off;
+
+  location ~ "^/static/[0-9a-fA-F]{8}\/(.*)$" {
+    # rewrite all static files into requests to the root
+    # E.g /static/12345678/css/something.css will become /css/something.css
+    rewrite "^/static/[0-9a-fA-F]{8}\/(.*)" /$1 last;
+  }
+
+  location /userContent {
+    # have nginx handle all the static requests to userContent folder
+    # note : This is the $JENKINS_HOME dir
+    root /var/lib/jenkins/;
+    if (!-f $request_filename){
+      # this file does not exist, might be a directory or a /**view** url
+      rewrite (.*) /$1 last;
+      break;
+    }
+    sendfile on;
+  }
+
+  location / {
+      sendfile off;
+      proxy_pass         http://jenkins:8080/;
+      proxy_redirect     default;
+      proxy_http_version 1.1;
+
+      # Required for Jenkins websocket agents
+      proxy_set_header   Connection        $connection_upgrade;
+      proxy_set_header   Upgrade           $http_upgrade;
+
+      proxy_set_header   Host              $host;
+      proxy_set_header   X-Real-IP         $remote_addr;
+      proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
+      proxy_set_header   X-Forwarded-Proto $scheme;
+      proxy_max_temp_file_size 0;
+
+      #this is the maximum upload size
+      client_max_body_size       10m;
+      client_body_buffer_size    128k;
+
+      proxy_connect_timeout      90;
+      proxy_send_timeout         90;
+      proxy_read_timeout         90;
+      proxy_buffering            off;
+      proxy_request_buffering    off; # Required for HTTP CLI commands
+      proxy_set_header Connection ""; # Clear for keepalive
+  }
+
+}
+
diff --git a/test/nginx/config/jenkins.conf b/test/nginx/config/jenkins.conf
new file mode 100644
index 0000000..295f9fc
--- /dev/null
+++ b/test/nginx/config/jenkins.conf
@@ -0,0 +1,68 @@
+# Required for Jenkins websocket agents
+map $http_upgrade $connection_upgrade {
+  default upgrade;
+  '' close;
+}
+
+server {
+  listen          80;
+  server_name     jenkins.scalastic.local;
+
+  # this is the jenkins web root directory
+  # (mentioned in the output of "systemctl cat jenkins")
+  root            /var/run/jenkins/war/;
+
+  access_log      /var/log/nginx/jenkins.access.log;
+  error_log       /var/log/nginx/jenkins.error.log;
+
+  # pass through headers from Jenkins that Nginx considers invalid
+  ignore_invalid_headers off;
+
+  location ~ "^/static/[0-9a-fA-F]{8}\/(.*)$" {
+    # rewrite all static files into requests to the root
+    # E.g /static/12345678/css/something.css will become /css/something.css
+    rewrite "^/static/[0-9a-fA-F]{8}\/(.*)" /$1 last;
+  }
+
+  location /userContent {
+    # have nginx handle all the static requests to userContent folder
+    # note : This is the $JENKINS_HOME dir
+    root /var/lib/jenkins/;
+    if (!-f $request_filename){
+      # this file does not exist, might be a directory or a /**view** url
+      rewrite (.*) /$1 last;
+      break;
+    }
+    sendfile on;
+  }
+
+  location / {
+      sendfile off;
+      proxy_pass         http://jenkins:8080/;
+      proxy_redirect     default;
+      proxy_http_version 1.1;
+
+      # Required for Jenkins websocket agents
+      proxy_set_header   Connection        $connection_upgrade;
+      proxy_set_header   Upgrade           $http_upgrade;
+
+      proxy_set_header   Host              $host;
+      proxy_set_header   X-Real-IP         $remote_addr;
+      proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
+      proxy_set_header   X-Forwarded-Proto $scheme;
+      proxy_max_temp_file_size 0;
+
+      #this is the maximum upload size
+      client_max_body_size       10m;
+      client_body_buffer_size    128k;
+
+      proxy_connect_timeout      90;
+      proxy_send_timeout         90;
+      proxy_read_timeout         90;
+      proxy_buffering            off;
+      proxy_request_buffering    off; # Required for HTTP CLI commands
+      proxy_set_header Connection ""; # Clear for keepalive
+  }
+
+}
+
diff --git a/test/nginx/home/index.html b/test/nginx/home/index.html
new file mode 100644
index 0000000..7cb836f
--- /dev/null
+++ b/test/nginx/home/index.html
@@ -0,0 +1,6 @@
+<!DOCTYPE html>
+<html>
+<body>
+    <h1>NGINX Wizard Home</h1>
+</body>
+</html>
\ No newline at end of file
diff --git a/test/nginx/install.sh b/test/nginx/install.sh
new file mode 100755
index 0000000..852edbd
--- /dev/null
+++ b/test/nginx/install.sh
@@ -0,0 +1,47 @@
+#!/usr/bin/env bash
+#@desc Installation script for Jenkins with Docker
+
+set -euo pipefail
+
+source .env
+export LOG_PATH="./log"
+source ./src/lib/common.sh
+
+NGINX_PATH="${PWD}/test/nginx"
+NGINX_INSTALLATION_CONFIG="${NGINX_PATH}/config"
+NGINX_VOLUME_HOME="${NGINX_PATH}/home"
+DOCKER_NETWORK="wizard-network"
+LOCAL_IP_ADDRESS=$(tooling_get_ip)
+
+# shellcheck disable=SC2143
+if [ ! "$(docker network ls | grep ${DOCKER_NETWORK})" ]; then
+  log_info "Creating ${DOCKER_NETWORK} network ..."
+  docker network create "${DOCKER_NETWORK}"
+  docker network connect "${DOCKER_NETWORK}" jenkins
+else
+  log_info "${DOCKER_NETWORK} network already exists."
+fi
+
+# shellcheck disable=SC2143
+if [ ! "$(docker ps | grep ${DOCKER_NETWORK})" ]; then
+    if [ "$(docker ps -aq -f name=nginx)" ]; then
+        # cleanup
+        log_info "Cleaning nginx Proxy ..."
+        docker rm nginx
+    fi
+    # build your container
+    docker build \
+      -t nginx:test \
+      "${NGINX_INSTALLATION_CONFIG}"
+    # run your container in our global network shared by different projects
+    log_info "Running nginx Proxy in global ${DOCKER_NETWORK} network ..."
+    docker run \
+      --detach \
+      --name nginx \
+       -p 80:80 \
+       -p 443:443 \
+       --network="${DOCKER_NETWORK}" \
+       nginx:test
+else
+  log_info "nginx Proxy already running."
+fi

From 2cd65ef9a328e954462462f39ddcfc03231a5973 Mon Sep 17 00:00:00 2001
From: jeanjerome <jeanjerome.levy@gmail.com>
Date: Mon, 18 Sep 2023 12:05:25 +0200
Subject: [PATCH 3/4] ref(14): Refactor log with printf in place of echo

---
 src/lib/log.sh               | 14 ++++++++++----
 test/action/bash-version.sh  |  4 ++++
 test/action/maven-version.sh |  4 ++++
 3 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/src/lib/log.sh b/src/lib/log.sh
index da34493..4dc4eb8 100644
--- a/src/lib/log.sh
+++ b/src/lib/log.sh
@@ -79,7 +79,8 @@ log__log() {
     fi
 
     if [ "$LOG_LEVEL" -le "$level" ]; then
-        echo -e "${color}[${LOG_LEVELS[$level]}] $message${color_off}" | tee -a "${LOG_PATH}/stdout.log" >&2
+        #echo -e "${color}[${LOG_LEVELS[$level]}] $message${color_off}" | tee -a "${LOG_PATH}/stdout.log" >&2
+        printf "%b[%s] %s%b\n" "$color" "${LOG_LEVELS[$level]}" "$message" "$color_off" | tee -a "${LOG_PATH}/stdout.log" >&2
     fi
 }
 
@@ -102,9 +103,14 @@ log__banner() {
       return 2
     fi
 
-    echo -e "${color}################################${color_off}" | tee -a "${LOG_PATH}/stdout.log" >&2
-    echo -e "${color} $message${color_off}" | tee -a "${LOG_PATH}/stdout.log" >&2
-    echo -e "${color}################################${color_off}" | tee -a "${LOG_PATH}/stdout.log" >&2
+    #echo -e "${color}################################${color_off}" | tee -a "${LOG_PATH}/stdout.log" >&2
+    #echo -e "${color} $message${color_off}" | tee -a "${LOG_PATH}/stdout.log" >&2
+    #echo -e "${color}################################${color_off}" | tee -a "${LOG_PATH}/stdout.log" >&2
+
+    printf "%b################################%b\n" "$color" "$color_off" | tee -a "${LOG_PATH}/stdout.log" >&2
+    printf "%b %s%b\n" "$color" "$message" "$color_off" | tee -a "${LOG_PATH}/stdout.log" >&2
+    printf "%b################################%b\n" "$color" "$color_off" | tee -a "${LOG_PATH}/stdout.log" >&2
+
 }
 
 
diff --git a/test/action/bash-version.sh b/test/action/bash-version.sh
index b4cf08b..9e1b90a 100755
--- a/test/action/bash-version.sh
+++ b/test/action/bash-version.sh
@@ -3,4 +3,8 @@
 
 set -euo pipefail
 
+LOG_PATH="./log"
+source ./src/lib/log.sh
+
+log_info "Running bash --version..."
 bash --version
diff --git a/test/action/maven-version.sh b/test/action/maven-version.sh
index 787a477..6aeeb79 100755
--- a/test/action/maven-version.sh
+++ b/test/action/maven-version.sh
@@ -3,4 +3,8 @@
 
 set -euo pipefail
 
+LOG_PATH="./log"
+source ./src/lib/log.sh
+
+log_info "Running mvn --version..."
 mvn --version

From f69608f854ccf0248d11dddca2fe986b829c3408 Mon Sep 17 00:00:00 2001
From: jeanjerome <jeanjerome.levy@gmail.com>
Date: Sun, 28 Apr 2024 13:37:45 +0200
Subject: [PATCH 4/4] feat: restart work on the topic

---
 .env.template                                 |    3 +
 .gitignore                                    |    2 +
 .shellcheckrc                                 |    7 +
 README.md                                     |   12 +-
 docs/src/lib/common.md                        |    2 +-
 docs/src/lib/log.md                           |    2 +-
 docs/src/lib/platform.md                      |    2 +-
 docs/src/lib/project.md                       |    2 +-
 docs/src/lib/tooling.md                       |    2 +-
 docs/src/lib/workflow.md                      |    2 +-
 helm/create-ca-tls.sh                         |    2 +-
 infra/gitlab/README.md                        |   81 +
 infra/gitlab/config/gitlab.rb                 |    4 +
 infra/gitlab/config/runner.yaml               |  673 ++++
 infra/jenkins/README.md                       |   81 +
 infra/jenkins/config/Dockerfile               |   11 +
 infra/jenkins/config/casc.yaml                |   81 +
 infra/jenkins/config/plugins.txt              |   10 +
 .../config/secrets-template.properties        |    2 +
 infra/jenkins/jenkins-ingress.yaml            |   18 +
 shell/gitlab.sh                               |   25 +
 shell/jenkins.sh                              |   18 +
 shell/lib/core/command.sh                     |   32 +
 shell/lib/core/logger.sh                      |  106 +
 shell/lib/core/runner.sh                      |   81 +
 shell/lib/gitlab/core.sh                      |   76 +
 shell/lib/jenkins/core.sh                     |   65 +
 shell/lib/k8s/core.sh                         |   51 +
 shell/lib/tls/core.sh                         |  217 ++
 test/gitlab/config/gitlab.rb                  | 3347 +----------------
 test/gitlab/install.sh                        |   16 +-
 test/jenkins/install.sh                       |    6 +-
 test/nginx/config/Dockerfile                  |    9 +-
 test/nginx/config/default.conf                |   68 -
 test/nginx/config/gitlab.conf                 |   28 +
 test/nginx/home/index.html                    |    6 -
 test/shell/test.sh                            |   21 +
 37 files changed, 1727 insertions(+), 3444 deletions(-)
 create mode 100644 .shellcheckrc
 create mode 100644 infra/gitlab/README.md
 create mode 100644 infra/gitlab/config/gitlab.rb
 create mode 100644 infra/gitlab/config/runner.yaml
 create mode 100644 infra/jenkins/README.md
 create mode 100644 infra/jenkins/config/Dockerfile
 create mode 100644 infra/jenkins/config/casc.yaml
 create mode 100644 infra/jenkins/config/plugins.txt
 create mode 100644 infra/jenkins/config/secrets-template.properties
 create mode 100644 infra/jenkins/jenkins-ingress.yaml
 create mode 100755 shell/gitlab.sh
 create mode 100755 shell/jenkins.sh
 create mode 100755 shell/lib/core/command.sh
 create mode 100755 shell/lib/core/logger.sh
 create mode 100755 shell/lib/core/runner.sh
 create mode 100755 shell/lib/gitlab/core.sh
 create mode 100755 shell/lib/jenkins/core.sh
 create mode 100755 shell/lib/k8s/core.sh
 create mode 100755 shell/lib/tls/core.sh
 delete mode 100644 test/nginx/config/default.conf
 create mode 100644 test/nginx/config/gitlab.conf
 delete mode 100644 test/nginx/home/index.html
 create mode 100755 test/shell/test.sh

diff --git a/.env.template b/.env.template
index 9ef0927..a96cdf2 100644
--- a/.env.template
+++ b/.env.template
@@ -1,3 +1,6 @@
 # shellcheck disable=SC2148 disable=SC2034
+LOG_LEVEL=0
+LOG_DIR=tmp
+SHELL_DIR=shell
 CODECOV_TOKEN="<YOUR_CODECOV_TOKEN>"
 GITHUB_TOKEN="<YOUR_GITHUB_TOKEN>"
diff --git a/.gitignore b/.gitignore
index 5f3bdb5..c6bb35a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,6 +9,8 @@
 /test/gitlab/home/
 /test/jenkins/home/
 /test/jenkins/config/secrets.properties
+/infra/jenkins/config/secrets.properties
+/test/jenkins/config/secrets.yaml
 /test/jenkins/config/exported-jenkins.yaml
 /tmp/
 .DS_Store
diff --git a/.shellcheckrc b/.shellcheckrc
new file mode 100644
index 0000000..1bb12e2
--- /dev/null
+++ b/.shellcheckrc
@@ -0,0 +1,7 @@
+# ~/.shellcheckrc
+
+external-sources=true
+source-path="./shell"
+
+# Suggest ${VAR} in place of $VAR
+enable=require-variable-braces
\ No newline at end of file
diff --git a/README.md b/README.md
index 04df6cf..3e96e39 100644
--- a/README.md
+++ b/README.md
@@ -43,9 +43,9 @@ Embrace the enchantment of Wizard to fill the void in the DevOps approach and em
 
 Currently, `Wizard` is tailored for seamless use on the following platforms:
 
-- Your local environment (Unix-based systems)
-- Jenkins
-- GitLab-CI
+- [ ] Your local environment (Unix-based systems)
+- [x] Jenkins
+- [ ] GitLab-CI (_WIP_)
 
 Please note that our magical integration framework may expand its compatibility with more platforms in the future. Stay tuned for updates!
 
@@ -59,7 +59,7 @@ In order to utilize `Wizard` on your local machine, the following prerequisites
 
 ## Installation
 
-### Install with Homebrew
+### Install with Homebrew (_WIP_)
 
 ```bash
 brew tap scalastic/tap
@@ -76,7 +76,7 @@ git clone
 
 ## Wizard CLI
 
-### Usage
+### Usage (_WIP_)
 
 ```bash
 wizard [options] [command]
@@ -148,7 +148,7 @@ wizard [options] [command]
 
 - [Semantic Versioning](https://semver.org/) - Semantic Versioning 2.0.0.
 
-### Contributions
+### Contributions (_WIP_)
 
 All contributions are welcome!
 
diff --git a/docs/src/lib/common.md b/docs/src/lib/common.md
index 2403f4f..4c5d21d 100644
--- a/docs/src/lib/common.md
+++ b/docs/src/lib/common.md
@@ -3,4 +3,4 @@
 Common functions used in stage scripts
 
 ---------------------------------------
-*Generated from [src/lib/common.sh](../../../src/lib/common.sh) on 10.09.2023         (writen with ✨ by [gendoc](../../../src/lib/ext/gendoc.sh))*
+*Generated from [src/lib/common.sh](../../../src/lib/common.sh) on 18.09.2023         (writen with ✨ by [gendoc](../../../src/lib/ext/gendoc.sh))*
diff --git a/docs/src/lib/log.md b/docs/src/lib/log.md
index 946557f..f8c3755 100644
--- a/docs/src/lib/log.md
+++ b/docs/src/lib/log.md
@@ -215,4 +215,4 @@ log_banner "This is a banner message"
   * `stdout`: Writes the banner message to stdout
 
 ---------------------------------------
-*Generated from [src/lib/log.sh](../../../src/lib/log.sh) on 10.09.2023         (writen with ✨ by [gendoc](../../../src/lib/ext/gendoc.sh))*
+*Generated from [src/lib/log.sh](../../../src/lib/log.sh) on 18.09.2023         (writen with ✨ by [gendoc](../../../src/lib/ext/gendoc.sh))*
diff --git a/docs/src/lib/platform.md b/docs/src/lib/platform.md
index afb34a1..4d43ab7 100644
--- a/docs/src/lib/platform.md
+++ b/docs/src/lib/platform.md
@@ -83,4 +83,4 @@ platform_get_platform
   * `stdout`: The platform where the script is running
 
 ---------------------------------------
-*Generated from [src/lib/platform.sh](../../../src/lib/platform.sh) on 10.09.2023         (writen with ✨ by [gendoc](../../../src/lib/ext/gendoc.sh))*
+*Generated from [src/lib/platform.sh](../../../src/lib/platform.sh) on 18.09.2023         (writen with ✨ by [gendoc](../../../src/lib/ext/gendoc.sh))*
diff --git a/docs/src/lib/project.md b/docs/src/lib/project.md
index 64a479d..27e02aa 100644
--- a/docs/src/lib/project.md
+++ b/docs/src/lib/project.md
@@ -55,4 +55,4 @@ project__architecture_print_layers
   * `stdout`: The project architecture layers as a formatted string
 
 ---------------------------------------
-*Generated from [src/lib/project.sh](../../../src/lib/project.sh) on 10.09.2023         (writen with ✨ by [gendoc](../../../src/lib/ext/gendoc.sh))*
+*Generated from [src/lib/project.sh](../../../src/lib/project.sh) on 18.09.2023         (writen with ✨ by [gendoc](../../../src/lib/ext/gendoc.sh))*
diff --git a/docs/src/lib/tooling.md b/docs/src/lib/tooling.md
index f65bb18..d746491 100644
--- a/docs/src/lib/tooling.md
+++ b/docs/src/lib/tooling.md
@@ -49,4 +49,4 @@ tooling_set_jq
 ### `tooling_get_ip ✅ (public)`
 
 ---------------------------------------
-*Generated from [src/lib/tooling.sh](../../../src/lib/tooling.sh) on 10.09.2023         (writen with ✨ by [gendoc](../../../src/lib/ext/gendoc.sh))*
+*Generated from [src/lib/tooling.sh](../../../src/lib/tooling.sh) on 18.09.2023         (writen with ✨ by [gendoc](../../../src/lib/ext/gendoc.sh))*
diff --git a/docs/src/lib/workflow.md b/docs/src/lib/workflow.md
index d174d1c..23f9919 100644
--- a/docs/src/lib/workflow.md
+++ b/docs/src/lib/workflow.md
@@ -83,4 +83,4 @@ workflow_load_action_definition "action1" "config/workflow-default.json"
   * `return`: Action definition as an array
 
 ---------------------------------------
-*Generated from [src/lib/workflow.sh](../../../src/lib/workflow.sh) on 10.09.2023         (writen with ✨ by [gendoc](../../../src/lib/ext/gendoc.sh))*
+*Generated from [src/lib/workflow.sh](../../../src/lib/workflow.sh) on 18.09.2023         (writen with ✨ by [gendoc](../../../src/lib/ext/gendoc.sh))*
diff --git a/helm/create-ca-tls.sh b/helm/create-ca-tls.sh
index 36b1557..de9ae62 100755
--- a/helm/create-ca-tls.sh
+++ b/helm/create-ca-tls.sh
@@ -23,7 +23,7 @@
 
 set -euo pipefail
 
-COMPANY_NAME=${1:-scalastic}
+COMPANY_NAME=${1:-macompanie}
 CERT_CA_PATH="${CERT_CA_PATH:=openssl/ca}"
 
 echo "Creating CA certificate..."
diff --git a/infra/gitlab/README.md b/infra/gitlab/README.md
new file mode 100644
index 0000000..7a88afb
--- /dev/null
+++ b/infra/gitlab/README.md
@@ -0,0 +1,81 @@
+# GitLab-CI Installation
+
+## Prerequisites
+
+- A Kubernetes cluster
+- The following tools installed on your local machine:
+  - [Helm](https://helm.sh/docs/intro/install/)
+  - [Kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/)
+
+Both Helm and Kubectl are available in the Homebrew package manager. To install them, run the following commands:
+
+- Install Homebrew:
+
+```bash
+/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
+```
+
+- Install Helm and Kubectl:
+
+```bash
+brew install helm
+brew install kubectl
+```
+
+## Configure Helm
+
+```bash
+helm repo add gitlab https://charts.gitlab.io
+helm repo update
+```
+
+## Deploy GitLab-CI with Helm
+
+```bash
+helm install gitlab gitlab/gitlab --set global.edition=ce --set global.hosts.domain=scalastic.local --set certmanager.install=false
+```
+
+Get the Jenkins admin password:
+
+```bash
+kubectl get secret jenkins -o jsonpath="{.data.jenkins-admin-password}" | base64 --decode; echo
+```
+
+## Configure Ingress to access Jenkins
+
+- Install Nginx Ingress Controller:
+
+```bash
+helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
+helm repo update
+helm install nginx-ingress ingress-nginx/ingress-nginx
+```
+
+- Create a `jenkins-ingress.yaml` file:
+
+```yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: jenkins-ingress
+  annotations:
+    kubernetes.io/ingress.class: "nginx"
+spec:
+  rules:
+  - host: jenkins.scalastic.local
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: jenkins
+            port:
+              number: 8080
+```
+
+- Apply the configuration:
+
+```bash
+kubectl apply -f jenkins-ingress.yaml
+```
diff --git a/infra/gitlab/config/gitlab.rb b/infra/gitlab/config/gitlab.rb
new file mode 100644
index 0000000..c18f696
--- /dev/null
+++ b/infra/gitlab/config/gitlab.rb
@@ -0,0 +1,4 @@
+external_url 'http://gitlab.scalastic.local'
+registry_external_url 'https://gitlab.scalastic.local'
+nginx['listen_port'] = 4000
+nginx['listen_https'] = false
diff --git a/infra/gitlab/config/runner.yaml b/infra/gitlab/config/runner.yaml
new file mode 100644
index 0000000..f328230
--- /dev/null
+++ b/infra/gitlab/config/runner.yaml
@@ -0,0 +1,673 @@
+## GitLab Runner Image
+##
+## By default it's using registry.gitlab.com/gitlab-org/gitlab-runner:alpine-v{VERSION}
+## where {VERSION} is taken from Chart.yaml from appVersion field
+##
+## ref: https://gitlab.com/gitlab-org/gitlab-runner/container_registry/29383?orderBy=NAME&sort=asc&search[]=alpine-v&search[]=
+##
+## Note: If you change the image to the ubuntu release
+##       don't forget to change the securityContext;
+##       these images run on different user IDs.
+##
+image:
+  registry: registry.gitlab.com
+  image: gitlab-org/gitlab-runner
+  # tag: alpine-v{{.Chart.AppVersion}}
+
+## When using GitLab Runner Helm Chart with gitlab-runner-ubi-images (https://gitlab.com/gitlab-org/ci-cd/gitlab-runner-ubi-images/container_registry)
+## the installation fails because `dumb-init` is not packaged in the image. However, `tini` is present.
+## This configuration will allow gitlab-runner-ubi-images users to explicitly enable the use of `tini` instead of `dumb-init`
+useTini: false
+
+## Specify a imagePullPolicy for the main runner deployment
+## 'Always' if imageTag is 'latest', else set to 'IfNotPresent'
+##
+## Note: it does not apply to job containers launched by this executor.
+## Use `pull_policy` in [runners.kubernetes] to change it.
+##
+## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
+##
+imagePullPolicy: IfNotPresent
+
+## Specifying ImagePullSecrets on a Pod
+## Kubernetes supports specifying container image registry keys on a Pod.
+## ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
+##
+# imagePullSecrets:
+#   - name: "image-pull-secret"
+
+## Timeout, in seconds, for liveness and readiness probes of a runner pod.
+# probeTimeoutSeconds: 3
+
+## How many runner pods to launch.
+##
+# replicas: 1
+
+## How many old ReplicaSets for this Deployment you want to retain
+# revisionHistoryLimit: 10
+
+## The GitLab Server URL (with protocol) that want to register the runner against
+## ref: https://docs.gitlab.com/runner/commands/index.html#gitlab-runner-register
+##
+gitlabUrl: http://gitlab.scalastic.local:4000/
+
+## DEPRECATED: The Registration Token for adding new Runners to the GitLab Server.
+##
+## ref: https://docs.gitlab.com/ee/ci/runners/new_creation_workflow.html
+##
+# runnerRegistrationToken: ""
+
+## The Runner Token for adding new Runners to the GitLab Server. This must
+## be retrieved from your GitLab instance. It is the token of an already registered runner.
+## ref: (we don't have docs for that yet, but we want to use an existing token)
+##
+# runnerToken: ""
+#
+
+## Unregister all runners before termination
+##
+## Updating the runner's chart version or configuration will cause the runner container
+## to be terminated and created again. This may cause your Gitlab instance to reference
+## non-existant runners. Un-registering the runner before termination mitigates this issue.
+## ref: https://docs.gitlab.com/runner/commands/index.html#gitlab-runner-unregister
+##
+# unregisterRunners: true
+
+## When stopping the runner, give it time to wait for its jobs to terminate.
+##
+## Updating the runner's chart version or configuration will cause the runner container
+## to be terminated with a graceful stop request. terminationGracePeriodSeconds
+## instructs Kubernetes to wait long enough for the runner pod to terminate gracefully.
+## ref: https://docs.gitlab.com/runner/commands/#signals
+terminationGracePeriodSeconds: 3600
+
+## Set the certsSecretName in order to pass custom certficates for GitLab Runner to use.
+## Provide resource name for a Kubernetes Secret Object in the same namespace,
+## this is used to populate the /home/gitlab-runner/.gitlab-runner/certs/ directory
+## ref: https://docs.gitlab.com/runner/configuration/tls-self-signed.html#supported-options-for-self-signed-certificates-targeting-the-gitlab-server
+##
+# certsSecretName:
+
+## Configure the maximum number of concurrent jobs
+## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
+##
+concurrent: 10
+
+## Number of seconds until the forceful shutdown operation times out and exits the process.
+## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
+##
+shutdown_timeout: 0
+
+## Defines in seconds how often to check GitLab for new builds
+## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
+##
+checkInterval: 3
+
+## Configure GitLab Runner's logging level. Available values are: debug, info, warn, error, fatal, panic
+## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
+##
+# logLevel:
+
+## Configure GitLab Runner's logging format. Available values are: runner, text, json
+## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
+##
+# logFormat:
+
+## Configure GitLab Runner's Sentry DSN.
+## ref https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
+##
+# sentryDsn:
+
+## Configure GitLab Runner's maximum connection age for TLS keepalive connections.
+## ref https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
+##
+# connectionMaxAge: "15m"
+
+## A custom bash script that will be executed prior to the invocation of the
+## gitlab-runner process
+#
+#preEntrypointScript: |
+#  echo "hello"
+
+## Specify whether the runner should start the session server.
+## Defaults to false
+## ref:
+##
+## When sessionServer is enabled, the user can either provide a public publicIP
+## or rely on the external IP auto discovery.
+## When a serviceAccountName is used with the automounting to the pod disabled,
+## we recommend the usage of the publicIP
+sessionServer:
+  enabled: false
+  # annotations: {}
+  # timeout: 1800
+  # internalPort: 8093
+  # externalPort: 9000
+  # publicIP: ""
+  # loadBalancerSourceRanges:
+  #   - 1.2.3.4/32
+
+## For RBAC support:
+rbac:
+  create: true
+  ## Define the generated serviceAccountName when create is set to true
+  ## It defaults to "gitlab-runner.fullname" if not provided
+  generatedServiceAccountName: ""
+
+  ## Define list of rules to be added to the rbac role permissions.
+  ## Each rule supports the keys:
+  ## - apiGroups: default "" (indicates the core API group) if missing or empty.
+  ## - resources: default "*" if missing or empty.
+  ## - verbs: default "*" if missing or empty.
+  ##
+  ## Read more about the recommended rules on the following link
+  ##
+  ## ref: https://docs.gitlab.com/runner/executors/kubernetes.html#configure-runner-api-permissions
+  ##
+  rules: []
+  # - resources: ["configmaps", "events", "pods", "pods/attach", "pods/exec", "secrets", "services"]
+  #   verbs: ["get", "list", "watch", "create", "patch", "update", "delete"]
+  # - apiGroups: [""]
+  #   resources: ["pods/exec"]
+  #   verbs: ["create", "patch", "delete"]
+  # - apiGroups: [""]
+  #   resources: ["pods/log"]
+  #   verbs: ["get"]
+
+  ## Run the gitlab-bastion container with the ability to deploy/manage containers of jobs
+  ## cluster-wide or only within namespace
+  clusterWideAccess: false
+
+  ## Use the following Kubernetes Service Account name if RBAC is disabled in this Helm chart (see rbac.create)
+  ##
+  serviceAccountName: gitlab-serviceaccount
+
+  ## Specify annotations for Service Accounts, useful for annotations such as eks.amazonaws.com/role-arn.
+  ## Values may refer to other values as the _tpl_ function is implicitly applied. Mind the quotes when using this, e.g.
+  ## serviceAccountAnnotations:
+  ##   eks.amazonaws.com/role-arn: "arn:aws:iam::{{ .Values.global.accountId }}:role/{{ .Values.global.iamRoleName }}"
+  ##
+  ## ref: https://docs.aws.amazon.com/eks/latest/userguide/associate-service-account-role.html
+  ##
+  # serviceAccountAnnotations: {}
+
+  ## Use podSecurity Policy
+  ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
+  podSecurityPolicy:
+    enabled: false
+    resourceNames:
+    - gitlab-runner
+
+  ## Specify one or more imagePullSecrets used for pulling the runner image
+  ##
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account
+  ##
+  # imagePullSecrets: []
+
+## Configure integrated Prometheus metrics exporter
+##
+## ref: https://docs.gitlab.com/runner/monitoring/#configuration-of-the-metrics-http-server
+##
+metrics:
+  enabled: false
+
+  ## Define a name for the metrics port
+  ##
+  portName: metrics
+
+  ## Provide a port number for the integrated Prometheus metrics exporter
+  ##
+  port: 9252
+
+  ## Configure a prometheus-operator serviceMonitor to allow autodetection of
+  ## the scraping target. Requires enabling the service resource below.
+  ##
+  serviceMonitor:
+    enabled: false
+
+    ## Provide additional labels to the service monitor resource
+    ##
+    ## labels: {}
+
+    ## Provide annotations to the service monitor ressource
+    ##
+    ## annotations: {}
+
+    ## Define a scrape interval (otherwise prometheus default is used)
+    ##
+    ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config
+    ##
+    # interval: ""
+
+    ## Specify the scrape protocol scheme e.g., https or http
+    ##
+    # scheme: "http"
+
+    ## Supply a tls configuration for the service monitor
+    ##
+    ## ref: https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/charts/crds/crds/crd-servicemonitors.yaml
+    ##
+    # tlsConfig: {}
+
+    ## The URI path where prometheus metrics can be scraped from
+    ##
+    # path: "/metrics"
+
+    ## A list of MetricRelabelConfigs to apply to samples before ingestion
+    ##
+    ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
+    ##
+    # metricRelabelings: []
+
+    ## A list of RelabelConfigs to apply to samples before scraping
+    ##
+    ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
+    ##
+    ## relabelings: []
+
+## Configure a service resource e.g., to allow scraping metrics via
+## prometheus-operator serviceMonitor
+service:
+  enabled: false
+
+  ## Provide additonal labels for the service
+  ##
+  # labels: {}
+
+  ## Provide additonal annotations for the service
+  ##
+  # annotations: {}
+
+  ## Define a specific ClusterIP if you do not want a dynamic one
+  ##
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address
+  ##
+  # clusterIP: ""
+
+  ## Define a list of one or more external IPs for this service
+  ##
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
+  ##
+  # externalIPs: []
+
+  ## Provide a specific loadbalancerIP e.g., of an external Loadbalancer
+  ##
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
+  ##
+  # loadBalancerIP: ""
+
+  ## Provide a list of source IP ranges to have access to this service
+  ##
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#aws-nlb-support
+  ##
+  # loadBalancerSourceRanges: []
+
+  ## Specify the service type e.g., ClusterIP, NodePort, LoadBalancer or ExternalName
+  ##
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
+  ##
+  type: ClusterIP
+
+  ## Specify the services metrics nodeport if you use a service of type nodePort
+  ##
+  # metrics:
+
+    ## Specify the node port under which the prometheus metrics of the runner are made
+    ## available.
+    ##
+    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#nodeport
+    ##
+    # nodePort: ""
+
+  ## Provide a list of additional ports to be exposed by this service
+  ##
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
+  ##
+  # additionalPorts: []
+
+## Configuration for the Pods that the runner launches for each new job
+##
+runners:
+  # runner configuration, where the multi line string is evaluated as a
+  # template so you can specify helm values inside of it.
+  #
+  # tpl: https://helm.sh/docs/howto/charts_tips_and_tricks/#using-the-tpl-function
+  # runner configuration: https://docs.gitlab.com/runner/configuration/advanced-configuration.html
+  config: |
+    [[runners]]
+      [runners.kubernetes]
+        namespace = "{{.Release.Namespace}}"
+        image = "alpine"
+
+  ## Absolute path for an existing runner configuration file
+  ## Can be used alongside "volumes" and "volumeMounts" to use an external config file
+  ## Active if runners.config is empty or null
+  configPath: ""
+
+  ## Which executor should be used
+  ##
+  # executor: kubernetes
+
+  ## DEPRECATED: Specify whether the runner should be locked to a specific project: true, false.
+  ##
+  ## ref: https://docs.gitlab.com/ee/ci/runners/new_creation_workflow.html
+  ##
+  # locked: true
+
+  ## DEPRECATED: Specify the tags associated with the runner. Comma-separated list of tags.
+  ##
+  ## ref: https://docs.gitlab.com/ee/ci/runners/new_creation_workflow.html
+  ##
+  # tags: ""
+
+  ## Specify the name for the runner.
+  ##
+  # name: ""
+
+  ## DEPRECATED: Specify the maximum timeout (in seconds) that will be set for job when using this Runner
+  ##
+  ## ref: https://docs.gitlab.com/ee/ci/runners/new_creation_workflow.html
+  ##
+  # maximumTimeout: ""
+
+  ## DEPRECATED: Specify if jobs without tags should be run.
+  ##
+  ## ref: https://docs.gitlab.com/ee/ci/runners/new_creation_workflow.html
+  ##
+  # runUntagged: true
+
+  ## DEPRECATED: Specify whether the runner should only run protected branches.
+  ##
+  ## ref: https://docs.gitlab.com/ee/ci/runners/new_creation_workflow.html
+  ##
+  # protected: true
+
+  ## The name of the secret containing runner-token and runner-registration-token
+  secret: gitlab-runner-secret
+
+  ## Distributed runners caching
+  ## ref: https://docs.gitlab.com/runner/configuration/autoscale.html#distributed-runners-caching
+  ##
+  ## If you want to use s3 based distributing caching:
+  ## First of all you need to uncomment General settings and S3 settings sections.
+  ##
+  ## Create a secret 's3access' containing 'accesskey' & 'secretkey'
+  ## ref: https://aws.amazon.com/blogs/security/wheres-my-secret-access-key/
+  ##
+  ## $ kubectl create secret generic s3access \
+  ##   --from-literal=accesskey="YourAccessKey" \
+  ##   --from-literal=secretkey="YourSecretKey"
+  ## ref: https://kubernetes.io/docs/concepts/configuration/secret/
+  ##
+  ## If you want to use gcs based distributing caching:
+  ## First of all you need to uncomment General settings and GCS settings sections.
+  ##
+  ## Access using credentials file:
+  ## Create a secret 'google-application-credentials' containing your application credentials file.
+  ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscachegcs-section
+  ## You could configure
+  ## $ kubectl create secret generic google-application-credentials \
+  ##   --from-file=gcs-application-credentials-file=./path-to-your-google-application-credentials-file.json
+  ## ref: https://kubernetes.io/docs/concepts/configuration/secret/
+  ##
+  ## Access using access-id and private-key:
+  ## Create a secret 'gcsaccess' containing 'gcs-access-id' & 'gcs-private-key'.
+  ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscachegcs-section
+  ## You could configure
+  ## $ kubectl create secret generic gcsaccess \
+  ##   --from-literal=gcs-access-id="YourAccessID" \
+  ##   --from-literal=gcs-private-key="YourPrivateKey"
+  ## ref: https://kubernetes.io/docs/concepts/configuration/secret/
+  ##
+  ## If you want to use Azure-based distributed caching:
+  ## First, uncomment General settings.
+  ##
+  ## Create a secret 'azureaccess' containing 'azure-account-name' & 'azure-account-key'
+  ## ref: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blobs-introduction
+  ##
+  ## $ kubectl create secret generic azureaccess \
+  ##   --from-literal=azure-account-name="YourAccountName" \
+  ##   --from-literal=azure-account-key="YourAccountKey"
+  ## ref: https://kubernetes.io/docs/concepts/configuration/secret/
+
+  cache: {}
+    ## S3 the name of the secret.
+    # secretName: s3access
+    ## Use this line for access using gcs-access-id and gcs-private-key
+    # secretName: gcsaccess
+    ## Use this line for access using google-application-credentials file
+    # secretName: google-application-credentials
+    ## Use this line for access using Azure with azure-account-name and azure-account-key
+    # secretName: azureaccess
+
+## Specify the name of the scheduler which is used to schedule runner pods.
+## Kubernetes supports multiple scheduler configurations.
+## ref: https://kubernetes.io/docs/reference/scheduling
+# schedulerName: "my-custom-scheduler"
+
+## Configure securitycontext for the main container
+## ref: https://kubernetes.io/docs/concepts/security/pod-security-standards/
+##
+securityContext:
+  allowPrivilegeEscalation: false
+  readOnlyRootFilesystem: false
+  runAsNonRoot: true
+  privileged: false
+  capabilities:
+    drop: ["ALL"]
+
+## Configure update strategy for multi-replica deployments
+## Kubernetes supports types Recreate, and RollingUpdate
+## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
+##
+strategy: {}
+  # rollingUpdate:
+  #   maxSurge: 1
+  #   maxUnavailable: 0
+  # type: RollingUpdate
+
+## Configure securitycontext valid for the whole pod
+## ref: https://kubernetes.io/docs/concepts/security/pod-security-standards/
+##
+podSecurityContext:
+  runAsUser: 100
+  # runAsGroup: 65533
+  fsGroup: 65533
+  # supplementalGroups: [65533]
+
+  ## Note: values for the ubuntu image:
+  # runAsUser: 999
+  # fsGroup: 999
+
+## Configure resource requests and limits
+## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+##
+resources: {}
+  # limits:
+  #   memory: 256Mi
+  #   cpu: 200m
+  #   ephemeral-storage: 512Mi
+  # requests:
+  #   memory: 128Mi
+  #   cpu: 100m
+  #   ephemeral-storage: 256Mi
+
+## Affinity for pod assignment
+## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+##
+affinity: {}
+
+## TopologySpreadConstraints for pod assignment
+## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
+##
+topologySpreadConstraints: {}
+  # Example: The gitlab runner should be evenly spread across zones
+  # - maxSkew: 1
+  #   topologyKey: zone
+  #   whenUnsatisfiable: DoNotSchedule
+  #   labelSelector:
+  #     matchLabels:
+  #       foo: bar
+
+## Node labels for pod assignment
+## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
+##
+nodeSelector: {}
+  # Example: The gitlab runner manager should not run on spot instances so you can assign
+  # them to the regular worker nodes only.
+  # node-role.kubernetes.io/worker: "true"
+
+## List of node taints to tolerate (requires Kubernetes >= 1.6)
+## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+##
+tolerations: []
+  # Example: Regular worker nodes may have a taint, thus you need to tolerate the taint
+  # when you assign the gitlab runner manager with nodeSelector or affinity to the nodes.
+  # - key: "node-role.kubernetes.io/worker"
+  #   operator: "Exists"
+
+## Configure environment variables that will be present when the registration command runs
+## This provides further control over the registration process and the config.toml file
+## ref: `gitlab-runner register --help`
+## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html
+##
+# envVars:
+#   - name: RUNNER_EXECUTOR
+#     value: kubernetes
+
+## Additional environment variables from key-value pairs.
+extraEnv: {}
+  # CACHE_S3_SERVER_ADDRESS: s3.amazonaws.com
+  # CACHE_S3_BUCKET_NAME: runners-cache
+  # CACHE_S3_BUCKET_LOCATION: us-east-1
+  # CACHE_SHARED: true
+
+## Additional environment variables from other data sources
+extraEnvFrom: {}
+  # CACHE_S3_ACCESS_KEY:
+  #   secretKeyRef:
+  #     name: s3access
+  #     key: accesskey
+  # CACHE_S3_SECRET_KEY:
+  #   secretKeyRef:
+  #     name: s3access
+  #     key: secretkey
+
+## list of hosts and IPs that will be injected into the pod's hosts file
+hostAliases: []
+  # Example:
+  # - ip: "127.0.0.1"
+  #   hostnames:
+  #   - "foo.local"
+  #   - "bar.local"
+  # - ip: "10.1.2.3"
+  #   hostnames:
+  #   - "foo.remote"
+  #   - "bar.remote"
+
+## Annotations to be added to deployment
+##
+deploymentAnnotations: {}
+  # Example:
+  # downscaler/uptime: <my_uptime_period>
+
+## Labels to be added to deployment
+##
+deploymentLabels: {}
+  # Example:
+  # owner.team: <my_cool_team>
+  
+## Set hostname for runner pods
+#hostname: my-gitlab-runner
+
+## Annotations to be added to manager pod
+##
+podAnnotations: {}
+  # Example:
+  # iam.amazonaws.com/role: <my_role_arn>
+
+## Labels to be added to manager pod
+##
+podLabels: {}
+  # Example:
+  # owner.team: <my_cool_team>
+
+## HPA support for custom metrics:
+## This section enables runners to autoscale based on defined custom metrics.
+## In order to use this functionality, you need to enable a custom metrics API server by
+## implementing "custom.metrics.k8s.io" using supported third party adapter
+## Example: https://github.com/directxman12/k8s-prometheus-adapter
+##
+#hpa: {}
+  # minReplicas: 1
+  # maxReplicas: 10
+  # metrics:
+  # - type: Pods
+  #   pods:
+  #     metricName: gitlab_runner_jobs
+  #     targetAverageValue: 400m
+
+## Configure priorityClassName for manager pod. See k8s docs for more info on how pod priority works:
+##  https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
+priorityClassName: ""
+
+## Secrets to be additionally mounted to the containers.
+## All secrets are mounted through init-runner-secrets volume
+## and placed as readonly at /init-secrets in the init container
+## and finally copied to an in-memory volume runner-secrets that is
+## mounted at /secrets.
+secrets: []
+  # Example:
+  # - name: my-secret
+  # - name: myOtherSecret
+  #   items:
+  #     - key: key_one
+  #       path: path_one
+
+## Boolean to turn off the automountServiceAccountToken in the deployment
+## ref: https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#bound-service-account-token-volume
+##
+# automountServiceAccountToken: false
+
+## Additional config files to mount in the containers in `/configmaps`.
+##
+## Please note that a number of keys are reserved by the runner.
+## See https://gitlab.com/gitlab-org/charts/gitlab-runner/-/blob/main/templates/configmap.yaml
+## for a current list.
+configMaps: {}
+
+## Additional volumeMounts to add to the runner container
+##
+volumeMounts: []
+  # Example:
+  # - name: my-volume
+  #   mountPath: /mount/path
+
+## Additional volumes to add to the runner deployment
+##
+volumes: []
+  # Example:
+  # - name: my-volume
+  #   persistentVolumeClaim:
+  #     claimName: my-pvc
+
+## Array of extra K8s manifests to deploy
+##
+extraObjects: []
+# - apiVersion: external-secrets.io/v1beta1
+#   kind: ExternalSecret
+#   metadata:
+#     name: '{{ include "gitlab-runner.secret" . }}'
+#   spec:
+#     refreshInterval: 1h
+#     secretStoreRef:
+#       kind: SecretStore
+#       name: my-secret-store
+#     target:
+#       template:
+#         data:
+#           runner-registration-token: "" # need to leave as an empty string for compatibility reasons
+#           runner-token: "{{`{{ .runnerToken }}`}}"
+#     dataFrom:
+#     - extract:
+#         key: my-secret-store-secret
\ No newline at end of file
diff --git a/infra/jenkins/README.md b/infra/jenkins/README.md
new file mode 100644
index 0000000..4ecc4b7
--- /dev/null
+++ b/infra/jenkins/README.md
@@ -0,0 +1,81 @@
+# Jenkins Installation
+
+## Prerequisites
+
+- A Kubernetes cluster
+- The following tools installed on your local machine:
+  - [Helm](https://helm.sh/docs/intro/install/)
+  - [Kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/)
+
+Both Helm and Kubectl are available in the Homebrew package manager. To install them, run the following commands:
+
+- Install Homebrew:
+
+```bash
+/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
+```
+
+- Install Helm and Kubectl:
+
+```bash
+brew install helm
+brew install kubectl
+```
+
+## Configure Helm
+
+```bash
+helm repo add jenkins https://charts.jenkins.io
+helm repo update
+```
+
+## Deploy Jenkins with Helm
+
+```bash
+helm install jenkins jenkins/jenkins --set controller.service.type=NodePort
+```
+
+Get the Jenkins admin password:
+
+```bash
+kubectl get secret jenkins -o jsonpath="{.data.jenkins-admin-password}" | base64 --decode; echo
+```
+
+## Configure Ingress to access Jenkins
+
+- Install Nginx Ingress Controller:
+
+```bash
+helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
+helm repo update
+helm install nginx-ingress ingress-nginx/ingress-nginx
+```
+
+- Create a `jenkins-ingress.yaml` file:
+
+```yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: jenkins-ingress
+  annotations:
+    kubernetes.io/ingress.class: "nginx"
+spec:
+  rules:
+  - host: jenkins.scalastic.local
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: jenkins
+            port:
+              number: 8080
+```
+
+- Apply the configuration:
+
+```bash
+kubectl apply -f jenkins-ingress.yaml
+```
diff --git a/infra/jenkins/config/Dockerfile b/infra/jenkins/config/Dockerfile
new file mode 100644
index 0000000..c46927f
--- /dev/null
+++ b/infra/jenkins/config/Dockerfile
@@ -0,0 +1,11 @@
+FROM jenkins/jenkins:latest
+
+ENV JAVA_OPTS -Djenkins.install.runSetupWizard=false
+ENV CASC_JENKINS_CONFIG /jenkins/casc_configs
+
+COPY "${JENKINS_INSTALLATION_CONFIG}/plugins.txt" /usr/share/jenkins/ref/plugins.txt
+RUN jenkins-plugin-cli -f /usr/share/jenkins/ref/plugins.txt
+
+COPY "${JENKINS_INSTALLATION_CONFIG}/secrets.properties" /run/secrets/secrets.properties
+
+COPY "${JENKINS_INSTALLATION_CONFIG}/casc.yaml" /jenkins/casc_configs/jenkins.yaml
diff --git a/infra/jenkins/config/casc.yaml b/infra/jenkins/config/casc.yaml
new file mode 100644
index 0000000..d58f600
--- /dev/null
+++ b/infra/jenkins/config/casc.yaml
@@ -0,0 +1,81 @@
+credentials:
+  system:
+    domainCredentials:
+      - credentials:
+          - string:
+              description: kubernetes-jenkins-token
+              id: kubernetes-jenkins-token
+              scope: GLOBAL
+              secret: ${JENKINS_KUBERNETES_TOKEN}
+          - usernamePassword:
+              description: wizard-github-token
+              scope: GLOBAL
+              id: wizard-github-token
+              username: oauth2
+              password: ${WIZARD_GITHUB_TOKEN}
+jenkins:
+  systemMessage: "Automated Jenkins Setup using Docker and Jenkins Configuration as Code"
+  securityRealm:
+    local:
+      allowsSignup: false
+      users:
+        - id: ${JENKINS_ADMIN_ID}
+          password: ${JENKINS_ADMIN_PASSWORD}
+  authorizationStrategy:
+    globalMatrix:
+      permissions:
+        - "Overall/Administer:admin"
+        - "Overall/Read:authenticated"
+  agentProtocols:
+    - "JNLP4-connect"
+    - "Ping"
+  clouds:
+    - kubernetes:
+        containerCap: 10
+        containerCapStr: "10"
+        credentialsId: "kubernetes-jenkins-token"
+        # jenkinsUrl: http://${LOCAL_IP_ADDRESS}:8080
+        jenkinsUrl: http://jenkins.scalastic.local:8080
+        name: "kubernetes"
+        namespace: "jenkins"
+        serverUrl: "https://kubernetes.docker.internal:6443"
+        skipTlsVerify: true
+        webSocket: true
+  labelAtoms:
+    - name: "built-in"
+    - name: "removed-master"
+  labelString: "removed-master"
+  markupFormatter: "plainText"
+  mode: EXCLUSIVE
+  myViewsTabBar: "standard"
+  numExecutors: 0
+  primaryView:
+    all:
+      name: "all"
+  projectNamingStrategy: "standard"
+  quietPeriod: 5
+  scmCheckoutRetryCount: 0
+jobs:
+  - script: >
+      pipelineJob('test-kubernetes-agent') {
+        definition {
+          cpsScm {
+            scm {
+              git {
+                remote {
+                  url('https://github.com/scalastic/wizard.git')
+                  credentials('wizard-github-token')
+                }
+                branch('*/14-redesign-gitlab-ci-platform-for-testing')
+              }
+            }
+            lightweight()
+          }
+        }
+      }
+unclassified:
+  location:
+    # url: http://${LOCAL_IP_ADDRESS}:8080/
+    url: http://jenkins.scalastic.local:8080/
+  ansiColorBuildWrapper:
+    globalColorMapName: "xterm"
diff --git a/infra/jenkins/config/plugins.txt b/infra/jenkins/config/plugins.txt
new file mode 100644
index 0000000..b8c49a7
--- /dev/null
+++ b/infra/jenkins/config/plugins.txt
@@ -0,0 +1,10 @@
+cloudbees-folder:latest
+configuration-as-code:latest
+git:latest
+matrix-auth:latest
+pipeline-stage-view:latest
+workflow-aggregator:latest
+kubernetes:latest
+job-dsl:latest
+ansicolor:latest
+pipeline-utility-steps:latest
diff --git a/infra/jenkins/config/secrets-template.properties b/infra/jenkins/config/secrets-template.properties
new file mode 100644
index 0000000..f762f28
--- /dev/null
+++ b/infra/jenkins/config/secrets-template.properties
@@ -0,0 +1,2 @@
+JENKINS_KUBERNETES_TOKEN=<SERVICE_ACCOUNT_TOKEN>
+WIZARD_GITHUB_TOKEN=<GITHUB_TOKEN>
\ No newline at end of file
diff --git a/infra/jenkins/jenkins-ingress.yaml b/infra/jenkins/jenkins-ingress.yaml
new file mode 100644
index 0000000..38f141f
--- /dev/null
+++ b/infra/jenkins/jenkins-ingress.yaml
@@ -0,0 +1,18 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: jenkins-ingress
+  annotations:
+    kubernetes.io/ingress.class: "nginx"
+spec:
+  rules:
+  - host: jenkins.scalastic.local
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: jenkins
+            port:
+              number: 8080
diff --git a/shell/gitlab.sh b/shell/gitlab.sh
new file mode 100755
index 0000000..8a3b327
--- /dev/null
+++ b/shell/gitlab.sh
@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+
+SHELL_DIR=shell
+LOG_DIR=tmp
+LOG_LEVEL=0
+LOGGER_COLORIZED=true
+
+# shellcheck source-path=shell
+. "${SHELL_DIR}/lib/core/runner.sh"
+. "${SHELL_DIR}/lib/gitlab/core.sh"
+
+gitlab.install_and_start() {
+    log.info "Installing GitLab..."
+    gitlab.install gitlab
+
+    log.info "Starting GitLab..."
+    gitlab.run gitlab
+}
+
+gitlab.start() {
+    log.info "Starting GitLab..."
+    gitlab.run gitlab
+}
+
+#runner.run gitlab.install_and_start
\ No newline at end of file
diff --git a/shell/jenkins.sh b/shell/jenkins.sh
new file mode 100755
index 0000000..cab9dac
--- /dev/null
+++ b/shell/jenkins.sh
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+# shellcheck source-path=shell
+. "${SHELL_DIR}/lib/core/logger.sh"
+. "${SHELL_DIR}/lib/jenkins/core.sh"
+
+jenkins.install_and_start() {
+    log.info "Installing Jenkins..."
+    jenkins.install jenkins
+
+    log.info "Starting Jenkins..."
+    jenkins.run jenkins
+}
+
+jenkins.start() {
+    log.info "Starting Jenkins..."
+    jenkins.run jenkins
+}
diff --git a/shell/lib/core/command.sh b/shell/lib/core/command.sh
new file mode 100755
index 0000000..19b5917
--- /dev/null
+++ b/shell/lib/core/command.sh
@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+
+# shellcheck source-path=shell
+. "${SHELL_DIR}/lib/core/logger.sh"
+
+# shellcheck disable=SC2034
+COMMAND_SUCCESS=0
+# shellcheck disable=SC2034
+COMMAND_WARNING=1
+# shellcheck disable=SC2034
+COMMAND_ERROR=2
+
+command.run_function() {
+    local function_name="$1"
+    shift
+    local args=("$@")
+
+    if declare -f "${function_name}" > /dev/null; then
+        log.debug "Running function: ${function_name} with args: ${args[*]}"
+        ${function_name} "${args[@]}"
+    else
+        log.error "Function ${function_name} is not defined"
+        return 1
+    fi
+}
+
+command.run_eval() {
+    local command="$1"
+
+    log.debug "Running eval for command: ${command}"
+    eval "${command}"
+}
\ No newline at end of file
diff --git a/shell/lib/core/logger.sh b/shell/lib/core/logger.sh
new file mode 100755
index 0000000..35620f7
--- /dev/null
+++ b/shell/lib/core/logger.sh
@@ -0,0 +1,106 @@
+#!/usr/bin/env bash
+
+
+DEBUG_LEVEL=0
+INFO_LEVEL=1
+WARN_LEVEL=2
+ERROR_LEVEL=3
+SUCCESS_LEVEL=4
+
+LOG_LEVELS=(DEBUG INFO WARN ERROR SUCCESS)
+LOG_LEVEL=${LOG_LEVEL:-INFO_LEVEL}
+
+START_COLOR_PREFIX="\033[0;"
+START_COLOR_SUFFIX="m"
+END_COLOR="\033[0m"
+
+DEBUG_COLOR="${START_COLOR_PREFIX}30${START_COLOR_SUFFIX}"
+INFO_COLOR="${START_COLOR_PREFIX}34${START_COLOR_SUFFIX}"
+WARN_COLOR="${START_COLOR_PREFIX}33${START_COLOR_SUFFIX}"
+ERROR_COLOR="${START_COLOR_PREFIX}31${START_COLOR_SUFFIX}"
+SUCCESS_COLOR="${START_COLOR_PREFIX}32${START_COLOR_SUFFIX}"
+
+log.is_color_enabled() {
+    if which tput > /dev/null 2>&1 && [[ $(tput -T$TERM colors) -ge 8 ]]; then
+        return 0
+    else
+        return 1
+    fi
+}
+
+log.debug() {
+    local function_name
+
+    if [ -n "${FUNCNAME:-}" ] && [ "${#FUNCNAME[@]}" -gt 1 ]; then
+        function_name="${FUNCNAME[1]}"
+    else
+        function_name="unknown function"
+    fi
+
+    if [ -n "$1" ]; then
+        log.__log "${DEBUG_COLOR}" "${DEBUG_LEVEL}" "(${function_name}) $1"
+    else
+        log.__stream "${DEBUG_COLOR}" "(${function_name})${DEBUG_LEVEL}"
+    fi
+}
+
+log.info() {
+    if [ -n "$1" ]; then
+        log.__log "${INFO_COLOR}" "${INFO_LEVEL}" "$1"
+    else
+        log.__stream "${INFO_COLOR}" "${INFO_LEVEL}"
+    fi
+}
+
+log.warn() {
+    if [ -n "$1" ]; then
+        log.__log "${WARN_COLOR}" "${WARN_LEVEL}" "$1"
+    else
+        log.__stream "${WARN_COLOR}" "${WARN_LEVEL}"
+    fi
+}
+
+log.error() {
+    if [ -n "$1" ]; then
+        log.__log "${ERROR_COLOR}" "${ERROR_LEVEL}" "$1"
+    else
+        log.__stream "${ERROR_COLOR}" "${ERROR_LEVEL}"
+    fi
+}
+
+log.success() {
+    if [ -n "$1" ]; then
+        log.__log "${SUCCESS_COLOR}" "${SUCCESS_LEVEL}" "$1"
+    else
+        log.__stream "${SUCCESS_COLOR}" "${SUCCESS_LEVEL}"
+    fi
+}
+
+log.__log() {
+    local color="$1"
+    local level="$2"
+    local message="$3"
+
+    [ ! -d "${LOG_DIR}" ] && mkdir -p "${LOG_DIR}"
+
+    if [ -n "${level}" ] && [ "${level}" -ge "${LOG_LEVEL}" ]; then
+        level="[${LOG_LEVELS[${level}]}]"
+
+        if log.is_color_enabled; then
+            printf "%b%s %s%b\n" "${color}" "${level}" "${message}" "${END_COLOR}" | tee -a "${LOG_DIR}/stderr.log" >&2
+        else
+            printf "%s %s\n" "${level}" "${message}" | tee -a "${LOG_DIR}/stderr.log" >&2
+        fi
+    elif [ -z "${level}" ]; then
+        printf "%s\n" "${message}" | tee -a "${LOG_DIR}/stderr.log" >&2
+    fi
+}
+
+log.__stream() {
+    local color="$1"
+    local level="$2"
+
+    while IFS= read -r line; do
+        log.__log "${color}" "${level}" "${line}"
+    done
+}
diff --git a/shell/lib/core/runner.sh b/shell/lib/core/runner.sh
new file mode 100755
index 0000000..50be582
--- /dev/null
+++ b/shell/lib/core/runner.sh
@@ -0,0 +1,81 @@
+#!/usr/bin/env bash
+
+# shellcheck source-path=shell
+. "${SHELL_DIR}/lib/core/logger.sh"
+. "${SHELL_DIR}/lib/core/command.sh"
+
+runner.run() {
+    local command="${1}"
+    shift
+    local args=("${@}")
+
+    log.debug "Entering runner.run wrapper..."
+
+    local runner_log_file
+    runner_log_file="$(mktemp "${LOG_DIR}/runner.XXXXXX")"
+    log.debug "Logging into: ${runner_log_file}"
+
+    local command_log_file
+    command_log_file="$(mktemp "${LOG_DIR}/command.XXXXXX")"
+    log.debug "Logging into: ${command_log_file}"
+
+    set -eEo pipefail
+    trap 'runner.catch_error $?' ERR
+    {
+        log.debug "Running command: ${command} ${args[*]}"
+        "${command}" "${args[@]}" | tee "${command_log_file}"
+    } 1>&2 | tee "${runner_log_file}"
+
+    rm -f "${runner_log_file}"
+    trap - ERR
+
+    local exit_code
+    exit_code=$(runner.get_exit_code "${command_log_file}")
+    rm -f "${command_log_file}"
+    log.debug "Exit code: ${exit_code}"
+
+    return "${exit_code}"
+}
+
+runner.get_exit_code() {
+    local log_file="${1}"
+
+    local exit_code="${COMMAND_SUCCESS}"
+
+    while IFS= read -r line; do
+        if [[ "${line}" == "${COMMAND_WARNING}" && "${exit_code}" == "${COMMAND_SUCCESS}" ]]; then
+            log.debug "Found warning in log file: ${log_file}"
+            exit_code="${COMMAND_WARNING}"
+        elif [[ "${line}" == "${COMMAND_ERROR}" && "${exit_code}" == "${COMMAND_SUCCESS}" ]]; then
+            log.debug "Found error in log file: ${log_file}"
+            exit_code="${COMMAND_ERROR}"
+        fi
+    done < "${log_file}"
+
+    echo "${exit_code}"
+}
+
+runner.catch_error() {
+    local status_code="${1}"
+
+    log.error "Error caught with status code: ${status_code}"
+    runner.print_callstack
+
+    exit "${COMMAND_ERROR}"
+}
+
+runner.print_callstack() {
+    local stack_size=${#FUNCNAME[@]}
+    local indent=""
+    local -i i
+    local starting=2
+
+    log.error "Callstack is:"
+    for ((i=starting; i<stack_size; i++)); do
+        local func="${FUNCNAME[i]:-(top level)}"
+        local -i line="${BASH_LINENO[$((i - 1))]}"
+        local src="${BASH_SOURCE[${i}]:-(no file)}"
+        log.error "${indent}˪${src}:${line} (${func})"
+        indent="${indent}  "
+    done
+}
diff --git a/shell/lib/gitlab/core.sh b/shell/lib/gitlab/core.sh
new file mode 100755
index 0000000..150c185
--- /dev/null
+++ b/shell/lib/gitlab/core.sh
@@ -0,0 +1,76 @@
+#!/usr/bin/env bash
+
+# shellcheck source-path=shell
+. "${SHELL_DIR}/lib/k8s/core.sh"
+. "${SHELL_DIR}/lib/core/logger.sh"
+
+
+gitlab.run_docker_container() {
+    local name="${1}"
+
+    local gitlab_home
+    gitlab_home="$(pwd)/tmp/gitlab"
+
+    mkdir -p "${gitlab_home}"
+
+    docker run --detach \
+        --platform linux/amd64 \
+        --name "${name}" \
+        --network wizard-network \
+        --hostname "${name}".scalastic.local \
+        --env GITLAB_OMNIBUS_CONFIG="external_url 'http://gitlab.scalastic.local'" \
+        --env GITLAB_INSTALLATION_CONFIG="infra/gitlab/config" \
+        --publish 443:443 --publish 4000:80 --publish 22:22 \
+        --volume "${gitlab_home}/config:/etc/gitlab" \
+        --volume "${gitlab_home}/logs:/var/log/gitlab" \
+        --volume "${gitlab_home}/data:/var/opt/gitlab" \
+        --env GITLAB_ROOT_PASSWORD=p@ssw0rd \
+        --env GITLAB_HOME="${gitlab_home}" \
+        --shm-size 256m \
+        gitlab/gitlab-ce:latest
+
+    #   --env GITLAB_INSTALLATION_CONFIG="infra/gitlab/config" \
+}
+
+gitlab.create_runner_secret() {
+    local name="${1}"
+
+    kubectl create secret generic "${name}-runner-secret" \
+        --namespace "${name}" \
+        --from-literal=runner-registration-token="" \
+        --from-literal=runner-token="REDACTED"
+}
+
+
+gitlab.configure_kubernetes() {
+    local name="${1}"
+
+    k8s.create_namespace "${name}"
+    k8s.create_service_account "${name}"
+    k8s.create_service_account_secret "${name}"
+    k8s.create_role_binding "${name}"
+}
+
+gitlab.configure_helm() {
+    local name="${1}"
+
+    gitlab.create_runner_secret "${name}"
+
+    helm repo add gitlab https://charts.gitlab.io
+    helm repo update gitlab
+
+    helm install --namespace "${name}" "${name}-runner" -f infra/gitlab/config/runner.yaml gitlab/gitlab-runner
+}
+
+gitlab.install() {
+    local name="${1:-gitlab}"
+
+    gitlab.configure_kubernetes "${name}"
+    gitlab.configure_helm "${name}"
+}
+
+gitlab.run() {
+    local name="${1:-gitlab}"
+
+    gitlab.run_docker_container "${name}"
+}
\ No newline at end of file
diff --git a/shell/lib/jenkins/core.sh b/shell/lib/jenkins/core.sh
new file mode 100755
index 0000000..b5db3b5
--- /dev/null
+++ b/shell/lib/jenkins/core.sh
@@ -0,0 +1,65 @@
+#!/usr/bin/env bash
+
+# shellcheck source-path=shell
+. "${SHELL_DIR}/lib/k8s/core.sh"
+. "${SHELL_DIR}/lib/core/logger.sh"
+
+jenkins.build_docker_images() {
+    docker build \
+    -t jenkins:jcasc \
+    "infra/jenkins/config/"
+}
+
+jenkins.run_docker_container() {
+    local name="${1}"
+
+    local jenkins_home
+    jenkins_home="$(pwd)/tmp/jenkins"
+
+    mkdir -p "${jenkins_home}"
+
+    docker run \
+        --rm \
+        --name "${name}" \
+        --network wizard-network \
+        --hostname jenkins.scalastic.local \
+        -p 8080:8080 -p 50000:50000 \
+        -v "${jenkins_home}:/var/jenkins_home" \
+        --env "JENKINS_INSTALLATION_CONFIG=infra/jenkins/config" \
+        --env JENKINS_ADMIN_ID=admin --env JENKINS_ADMIN_PASSWORD=password \
+        jenkins:jcasc
+}
+
+jenkins.configure_kubernetes() {
+    local name="${1}"
+
+    k8s.create_namespace "${name}"
+    k8s.create_service_account "${name}"
+    k8s.create_service_account_secret "${name}"
+    k8s.create_role_binding "${name}"
+}
+
+jenkins.configure_secrets() {
+    local name="${1}"
+
+    local service_account_token
+    service_account_token="$(k8s.get_service_account_token "${name}")"
+
+    sed "s/<SERVICE_ACCOUNT_TOKEN>/${service_account_token}/g" \
+        "infra/jenkins/config/secrets-template.properties" > "infra/jenkins/config/secrets.properties"
+    sed -i "s/<GITHUB_TOKEN>/${GITHUB_TOKEN}/g" "infra/jenkins/config/secrets.properties"
+}
+
+jenkins.install() {
+    local name="${1:-jenkins}"
+
+    jenkins.configure_kubernetes "${name}"
+    jenkins.configure_secrets "${name}"
+    jenkins.build_docker_images "${name}"
+}
+
+jenkins.run() {
+    local name="${1:-jenkins}"
+
+    jenkins.run_docker_container "${name}"
+}
\ No newline at end of file
diff --git a/shell/lib/k8s/core.sh b/shell/lib/k8s/core.sh
new file mode 100755
index 0000000..7bfddec
--- /dev/null
+++ b/shell/lib/k8s/core.sh
@@ -0,0 +1,51 @@
+#!/usr/bin/env bash
+
+# shellcheck source-path=shell
+. "${SHELL_DIR}/lib/core/logger.sh"
+
+k8s.create_namespace() {
+    local name="${1}"
+
+    kubectl delete namespace "${name}" || true
+    kubectl create namespace "${name}"
+}
+
+k8s.create_service_account() {
+    local name="${1}"
+
+    kubectl create serviceaccount "${name}-serviceaccount" \
+    --namespace="${name}"
+}
+
+k8s.get_service_account_token() {
+    local name="${1}"
+
+    kubectl get "secrets/${name}-secret" \
+        --namespace="${name}" \
+        -ojsonpath='{.data.token}' \
+        | base64 --decode
+}
+
+
+k8s.create_role_binding() {
+    local name="${1}"
+
+    kubectl create rolebinding "${name}"-admin-binding \
+        --clusterrole=admin \
+        --serviceaccount="${name}":"${name}-serviceaccount" \
+        --namespace="${name}"
+}
+
+k8s.create_service_account_secret() {
+    local name="${1}"
+
+    kubectl apply --namespace="${name}" -f - <<EOF
+        apiVersion: v1
+        kind: Secret
+        metadata:
+            name: "${name}-secret"
+            annotations:
+                kubernetes.io/service-account.name: "${name}-serviceaccount"
+        type: kubernetes.io/service-account-token
+EOF
+}
\ No newline at end of file
diff --git a/shell/lib/tls/core.sh b/shell/lib/tls/core.sh
new file mode 100755
index 0000000..6f6bc49
--- /dev/null
+++ b/shell/lib/tls/core.sh
@@ -0,0 +1,217 @@
+#!/usr/bin/env bash
+
+# shellcheck source-path=shell
+. "${SHELL_DIR}/lib/core/logger.sh"
+
+
+tls.create_server_cert() {
+    local server="${1:-server}"
+    local company="${2:-scalastic}"
+    local cert_path="${3:-tmp/openssl}"
+    local ca_key_cert_path="${4:-${cert_path}/${company}-ca-tls}"
+
+    log.info "Creating ${server} certificate with CA ${ca_key_cert_path}.crt..."
+
+    if [ ! -f "${ca_key_cert_path}.crt" ] && [ ! -f "${ca_key_cert_path}.key" ]; then
+        log.info "No existing CA certificate found with name ${ca_key_cert_path}.crt"
+        command.run_function tls.__create_ca_cert "${company}" "${cert_path}"
+    fi
+
+    command.run_function tls.__create_server_cert "${server}" "${company}" "${cert_path}" "${ca_key_cert_path}"
+
+    command.run_function tls.__cleanup "${cert_path}"
+}
+
+tls.__create_ca_cert() {
+    local company="${1}"
+    local ca_cert_path="${2}"
+
+    log.info "Creating CA certificate..."
+
+    mkdir -p "${ca_cert_path}"
+    local ca_key_cert_path="${ca_cert_path}/${company}-ca-tls"
+
+    openssl req -x509 \
+    -sha512 -days 120 \
+    -nodes \
+    -newkey rsa:4096 \
+    -subj "/CN=${company}-ca.local/C=FR/L=Paris/O=${company^}/OU=${company^} SSL CA Cert" \
+    -keyout "${ca_key_cert_path}.key" -out "${ca_key_cert_path}.crt"
+
+    log.info "CA certificate created."
+    echo "${ca_key_cert_path}"
+}
+
+tls.__create_server_cert() {
+    local server="${1}"
+    local company="${2}"
+    local cert_path="${3}"
+    local ca_key_cert_path="${4}"
+
+    log.info "Creating ${server} certificate with CA cert ${ca_key_cert_path}..."
+
+    mkdir -p "${cert_path}"
+    local ca_crt_file="${ca_key_cert_path}.crt"
+    local ca_key_file="${ca_key_cert_path}.key"
+
+    local private_key_file
+    private_key_file="$(tls.__create_private_key "${server}" "${cert_path}")"
+
+    local csr_config_file
+    csr_config_file="$(tls.__create_csr_config "${server}" "${company}" "${cert_path}")"
+
+    local csr_file
+    csr_file="$(tls.__create_csr "${server}" "${private_key_file}" "${csr_config_file}" "${cert_path}")"
+
+    local cert_config_file
+    cert_config_file="$(tls.__create_cert_config "${server}" "${company}" "${cert_path}")"
+
+    local cert_file
+    cert_file="$(tls.__create_cert "${server}" "${company}" "${csr_file}" "${cert_config_file}" "${ca_crt_file}" "${ca_key_file}" "${cert_path}")"
+    
+    log.info "${server} certificate is :"
+    echo "${cert_file}"
+}
+
+tls.__create_private_key() {
+    local server="${1}"
+    local private_key_path="${2}"
+
+    log.info "Creating private key for ${server}..."
+
+    mkdir -p "${private_key_path}"
+    local private_key_file="${private_key_path}/${server}-tls.key"
+
+    openssl genrsa -out "${private_key_file}" 4096
+
+    log.info "Private key for ${server} created at ${private_key_file}."
+    echo "${private_key_file}"
+}
+
+tls.__create_csr_config() {
+    local server="${1}"
+    local company="${2}"
+    local csr_path="${3}"
+
+    log.info "Creating CSR config file for ${server}..."
+
+    local config_file="${csr_path}/${server}-csr.conf"
+    local csr_file="${csr_path}/${server}-tls.csr"
+
+    cat >"${config_file}" <<EOF
+
+    [ req ]
+    default_bits = 4096
+    prompt = no
+    default_md = sha512
+    req_extensions = req_ext
+    distinguished_name = dn
+
+    [ dn ]
+    C = FR
+    ST = France
+    L = Paris
+    O = "${company^}"
+    OU = "${server^} ${company^} Local"
+    CN = "${server}.${company}.local"
+
+    [ req_ext ]
+    subjectAltName = @alt_names
+
+    [ alt_names ]
+    DNS.1 = "${server}.${company}.local"
+    IP.1 = 127.0.0.1
+EOF
+
+    log.info "CSR config file created at ${config_file}."
+    echo "${config_file}"
+}
+
+tls.__create_cert_config() {
+    local server="${1}"
+    local company="${2}"
+    local cert_path="${3}"
+
+    log.info "Creating CERT config file for ${server}..."
+
+    local config_file="${cert_path}/${server}-cert.conf"
+
+    cat >"${config_file}" <<EOF
+
+    authorityKeyIdentifier=keyid,issuer
+    basicConstraints=CA:FALSE
+    keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+    subjectAltName = @alt_names
+
+    [ dn ]
+    C = FR
+    ST = France
+    L = Paris
+    O = "${company^}"
+    OU = "${server^} ${company^} Local"
+    CN = "${server}.${company}.local"
+    
+    [ req_ext ]
+    subjectAltName = @alt_names
+
+    [ alt_names ]
+    DNS.1 = "${server}.${company}.local"
+    IP.1 = 127.0.0.1
+EOF
+
+    log.info "CERT config file created at ${config_file}."
+    echo "${config_file}"
+}
+
+tls.__create_csr() {
+    local server="${1}"
+    local private_key_file="${2}"
+    local config_file="${3}"
+    local csr_path="${4}"
+
+    log.info "Creating CSR for ${server}..."
+
+    local csr_file="${csr_path}/${server}-tls.csr"
+
+    openssl req -new -key "${private_key_file}" -out "${csr_file}" -config "${config_file}"
+
+    log.info "CSR for ${server} created at ${csr_file}."
+    echo "${csr_file}"
+}
+
+tls.__create_cert() {
+    local server="${1}"
+    local company="${2}"
+    local csr_file="${3}"
+    local cert_config_file="${4}"
+    local ca_crt_file="${5}"
+    local ca_key_file="${6}"
+    local cert_path="${7}"
+
+    log.info "Creating certificate for ${server}..."
+
+    local cert_file="${cert_path}/${server}-tls.crt"
+
+    openssl x509 -req \
+        -in "./${csr_file}" \
+        -CA "./${ca_crt_file}" \
+        -CAkey "./${ca_key_file}" \
+        -CAcreateserial \
+        -days 120 \
+        -sha512 \
+        -extfile "${cert_config_file}" \
+        -out "./${cert_file}"
+
+    log.info "Certificate for ${server} created at ${cert_file}."
+    echo "${cert_file}"
+}
+
+tls.__cleanup() {
+    local cert_path="${1}"
+
+    log.info "Cleaning up ${cert_path}..."
+
+    rm "${cert_path}"/*.conf "${cert_path}"/*.csr "${cert_path}"/*.srl
+
+    log.info "Cleanup complete."
+}
diff --git a/test/gitlab/config/gitlab.rb b/test/gitlab/config/gitlab.rb
index 9f61361..c18f696 100644
--- a/test/gitlab/config/gitlab.rb
+++ b/test/gitlab/config/gitlab.rb
@@ -1,3343 +1,4 @@
-## GitLab configuration settings
-##! This file is generated during initial installation and **is not** modified
-##! during upgrades.
-##! Check out the latest version of this file to know about the different
-##! settings that can be configured, when they were introduced and why:
-##! https://gitlab.com/gitlab-org/omnibus-gitlab/blame/master/files/gitlab-config-template/gitlab.rb.template
-
-##! Locally, the complete template corresponding to the installed version can be found at:
-##! /opt/gitlab/etc/gitlab.rb.template
-
-##! You can run `gitlab-ctl diff-config` to compare the contents of the current gitlab.rb with
-##! the gitlab.rb.template from the currently running version.
-
-##! You can run `gitlab-ctl show-config` to display the configuration that will be generated by
-##! running `gitlab-ctl reconfigure`
-
-##! In general, the values specified here should reflect what the default value of the attribute will be.
-##! There are instances where this behavior is not possible or desired. For example, when providing passwords,
-##! or connecting to third party services.
-##! In those instances, we endeavour to provide an example configuration.
-
-## GitLab URL
-##! URL on which GitLab will be reachable.
-##! For more details on configuring external_url see:
-##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab
-##!
-##! Note: During installation/upgrades, the value of the environment variable
-##! EXTERNAL_URL will be used to populate/replace this value.
-##! On AWS EC2 instances, we also attempt to fetch the public hostname/IP
-##! address from AWS. For more details, see:
-##! https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html
-# external_url 'GENERATED_EXTERNAL_URL'
-
-## Roles for multi-instance GitLab
-##! The default is to have no roles enabled, which results in GitLab running as an all-in-one instance.
-##! Options:
-##!   redis_sentinel_role redis_master_role redis_replica_role geo_primary_role geo_secondary_role
-##!   postgres_role consul_role application_role monitoring_role
-##! For more details on each role, see:
-##! https://docs.gitlab.com/omnibus/roles/index.html#roles
-##!
-# roles ['redis_sentinel_role', 'redis_master_role']
-
-## Legend
-##! The following notations at the beginning of each line may be used to
-##! differentiate between components of this file and to easily select them using
-##! a regex.
-##! ## Titles, subtitles etc
-##! ##! More information - Description, Docs, Links, Issues etc.
-##! Configuration settings have a single # followed by a single space at the
-##! beginning; Remove them to enable the setting.
-
-##! **Configuration settings below are optional.**
-
-
-################################################################################
-################################################################################
-##                Configuration Settings for GitLab CE and EE                 ##
-################################################################################
-################################################################################
-
-################################################################################
-## gitlab.yml configuration
-##! Docs: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/gitlab.yml.md
-################################################################################
-# gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com'
-# gitlab_rails['gitlab_ssh_user'] = ''
-# gitlab_rails['time_zone'] = 'UTC'
-
-### Rails asset / CDN host
-###! Defines a url for a host/cdn to use for the Rails assets
-###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#set-a-content-delivery-network-url
-# gitlab_rails['cdn_host'] = 'https://mycdnsubdomain.fictional-cdn.com'
-
-### Request duration
-###! Tells the rails application how long it has to complete a request
-###! This value needs to be lower than the worker timeout set in puma.
-###! By default, we'll allow 95% of the the worker timeout
-# gitlab_rails['max_request_duration_seconds'] = 57
-
-### GitLab email server settings
-###! Docs: https://docs.gitlab.com/omnibus/settings/smtp.html
-###! **Use smtp instead of sendmail/postfix.**
-
-# gitlab_rails['smtp_enable'] = true
-# gitlab_rails['smtp_address'] = "smtp.server"
-# gitlab_rails['smtp_port'] = 465
-# gitlab_rails['smtp_user_name'] = "smtp user"
-# gitlab_rails['smtp_password'] = "smtp password"
-# gitlab_rails['smtp_domain'] = "example.com"
-# gitlab_rails['smtp_authentication'] = "login"
-# gitlab_rails['smtp_enable_starttls_auto'] = true
-# gitlab_rails['smtp_tls'] = false
-# gitlab_rails['smtp_pool'] = false
-
-###! **Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert'**
-###! Docs: http://api.rubyonrails.org/classes/ActionMailer/Base.html
-# gitlab_rails['smtp_openssl_verify_mode'] = 'none'
-
-# gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs"
-# gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt"
-
-### Email Settings
-
-# gitlab_rails['gitlab_email_enabled'] = true
-
-##! If your SMTP server does not like the default 'From: gitlab@gitlab.example.com'
-##! can change the 'From' with this setting.
-# gitlab_rails['gitlab_email_from'] = 'example@example.com'
-# gitlab_rails['gitlab_email_display_name'] = 'Example'
-# gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com'
-# gitlab_rails['gitlab_email_subject_suffix'] = ''
-# gitlab_rails['gitlab_email_smime_enabled'] = false
-# gitlab_rails['gitlab_email_smime_key_file'] = '/etc/gitlab/ssl/gitlab_smime.key'
-# gitlab_rails['gitlab_email_smime_cert_file'] = '/etc/gitlab/ssl/gitlab_smime.crt'
-# gitlab_rails['gitlab_email_smime_ca_certs_file'] = '/etc/gitlab/ssl/gitlab_smime_cas.crt'
-
-### GitLab user privileges
-# gitlab_rails['gitlab_username_changing_enabled'] = true
-
-### Default Theme
-### Available values:
-##! `1`  for Indigo
-##! `2`  for Dark
-##! `3`  for Light
-##! `4`  for Blue
-##! `5`  for Green
-##! `6`  for Light Indigo
-##! `7`  for Light Blue
-##! `8`  for Light Green
-##! `9`  for Red
-##! `10` for Light Red
-# gitlab_rails['gitlab_default_theme'] = 2
-
-### Default project feature settings
-# gitlab_rails['gitlab_default_projects_features_issues'] = true
-# gitlab_rails['gitlab_default_projects_features_merge_requests'] = true
-# gitlab_rails['gitlab_default_projects_features_wiki'] = true
-# gitlab_rails['gitlab_default_projects_features_snippets'] = true
-# gitlab_rails['gitlab_default_projects_features_builds'] = true
-# gitlab_rails['gitlab_default_projects_features_container_registry'] = true
-
-### Automatic issue closing
-###! See https://docs.gitlab.com/ee/customization/issue_closing.html for more
-###! information about this pattern.
-# gitlab_rails['gitlab_issue_closing_pattern'] = "\b((?:[Cc]los(?:e[sd]?|ing)|\b[Ff]ix(?:e[sd]|ing)?|\b[Rr]esolv(?:e[sd]?|ing)|\b[Ii]mplement(?:s|ed|ing)?)(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)"
-
-### Download location
-###! When a user clicks e.g. 'Download zip' on a project, a temporary zip file
-###! is created in the following directory.
-###! Should not be the same path, or a sub directory of any of the `git_data_dirs`
-# gitlab_rails['gitlab_repository_downloads_path'] = 'tmp/repositories'
-
-### Gravatar Settings
-# gitlab_rails['gravatar_plain_url'] = 'http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
-# gitlab_rails['gravatar_ssl_url'] = 'https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
-
-### Auxiliary jobs
-###! Periodically executed jobs, to self-heal Gitlab, do external
-###! synchronizations, etc.
-###! Docs: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job
-###!       https://docs.gitlab.com/ee/ci/yaml/index.html#artifactsexpire_in
-# gitlab_rails['stuck_ci_jobs_worker_cron'] = "0 0 * * *"
-# gitlab_rails['expire_build_artifacts_worker_cron'] = "*/7 * * * *"
-# gitlab_rails['environments_auto_stop_cron_worker_cron'] = "24 * * * *"
-# gitlab_rails['pipeline_schedule_worker_cron'] = "19 * * * *"
-# gitlab_rails['ci_archive_traces_cron_worker_cron'] = "17 * * * *"
-# gitlab_rails['repository_check_worker_cron'] = "20 * * * *"
-# gitlab_rails['admin_email_worker_cron'] = "0 0 * * 0"
-# gitlab_rails['personal_access_tokens_expiring_worker_cron'] = "0 1 * * *"
-# gitlab_rails['personal_access_tokens_expired_notification_worker_cron'] = "0 2 * * *"
-# gitlab_rails['repository_archive_cache_worker_cron'] = "0 * * * *"
-# gitlab_rails['pages_domain_verification_cron_worker'] = "*/15 * * * *"
-# gitlab_rails['pages_domain_ssl_renewal_cron_worker'] = "*/10 * * * *"
-# gitlab_rails['pages_domain_removal_cron_worker'] = "47 0 * * *"
-# gitlab_rails['remove_unaccepted_member_invites_cron_worker'] = "10 15 * * *"
-# gitlab_rails['schedule_migrate_external_diffs_worker_cron'] = "15 * * * *"
-# gitlab_rails['ci_platform_metrics_update_cron_worker'] = '47 9 * * *'
-# gitlab_rails['analytics_usage_trends_count_job_trigger_worker_cron'] = "50 23 */1 * *"
-# gitlab_rails['member_invitation_reminder_emails_worker_cron'] = "0 0 * * *"
-# gitlab_rails['user_status_cleanup_batch_worker_cron'] = "* * * * *"
-# gitlab_rails['namespaces_in_product_marketing_emails_worker_cron'] = "0 9 * * *"
-# gitlab_rails['ssh_keys_expired_notification_worker_cron'] = "0 2 * * *"
-# gitlab_rails['ssh_keys_expiring_soon_notification_worker_cron'] = "0 1 * * *"
-# gitlab_rails['loose_foreign_keys_cleanup_worker_cron'] = "*/5 * * * *"
-# gitlab_rails['ci_runner_versions_reconciliation_worker_cron'] = "@daily"
-# gitlab_rails['ci_runners_stale_machines_cleanup_worker_cron'] = "36 * * * *"
-
-### Webhook Settings
-###! Number of seconds to wait for HTTP response after sending webhook HTTP POST
-###! request (default: 10)
-# gitlab_rails['webhook_timeout'] = 10
-
-### GraphQL Settings
-###! Tells the rails application how long it has to complete a GraphQL request.
-###! We suggest this value to be higher than the database timeout value
-###! and lower than the worker timeout set in puma. (default: 30)
-# gitlab_rails['graphql_timeout'] = 30
-
-### Trusted proxies
-###! Customize if you have GitLab behind a reverse proxy which is running on a
-###! different machine.
-###! **Add the IP address for your reverse proxy to the list, otherwise users
-###!   will appear signed in from that address.**
-# gitlab_rails['trusted_proxies'] = []
-
-### Content Security Policy
-####! Customize if you want to enable the Content-Security-Policy header, which
-####! can help thwart JavaScript cross-site scripting (XSS) attacks.
-####! See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
-# gitlab_rails['content_security_policy'] = {
-#  'enabled' => false,
-#  'report_only' => false,
-#  # Each directive is a String (e.g. "'self'").
-#  'directives' => {
-#    'base_uri' => nil,
-#    'child_src' => nil,
-#    'connect_src' => nil,
-#    'default_src' => nil,
-#    'font_src' => nil,
-#    'form_action' => nil,
-#    'frame_ancestors' => nil,
-#    'frame_src' => nil,
-#    'img_src' => nil,
-#    'manifest_src' => nil,
-#    'media_src' => nil,
-#    'object_src' => nil,
-#    'script_src' => nil,
-#    'style_src' => nil,
-#    'worker_src' => nil,
-#    'report_uri' => nil,
-#  }
-# }
-
-### Allowed hosts
-###! Customize the `host` headers that should be catered by the Rails
-###! application. By default, everything is allowed.
-# gitlab_rails['allowed_hosts'] = []
-
-### Monitoring settings
-###! IP whitelist controlling access to monitoring endpoints
-# gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8', '::1/128']
-
-### Shutdown settings
-###! Defines an interval to block healthcheck,
-###! but continue accepting application requests.
-# gitlab_rails['shutdown_blackout_seconds'] = 10
-
-### Microsoft Graph Mailer
-###! Allows delivery of emails using Microsoft Graph API with OAuth 2.0 client
-###! credentials flow.
-###! Docs: https://docs.gitlab.com/omnibus/settings/microsoft_graph_mailer.html
-# gitlab_rails['microsoft_graph_mailer_enabled'] = false
-# gitlab_rails['microsoft_graph_mailer_user_id'] = "YOUR-USER-ID"
-# gitlab_rails['microsoft_graph_mailer_tenant'] = "YOUR-TENANT-ID"
-# gitlab_rails['microsoft_graph_mailer_client_id'] = "YOUR-CLIENT-ID"
-# gitlab_rails['microsoft_graph_mailer_client_secret'] = "YOUR-CLIENT-SECRET-ID"
-# gitlab_rails['microsoft_graph_mailer_azure_ad_endpoint'] = "https://login.microsoftonline.com"
-# gitlab_rails['microsoft_graph_mailer_graph_endpoint'] = "https://graph.microsoft.com"
-
-### Reply by email
-###! Allow users to comment on issues and merge requests by replying to
-###! notification emails.
-###! Docs: https://docs.gitlab.com/ee/administration/reply_by_email.html
-# gitlab_rails['incoming_email_enabled'] = true
-
-#### Incoming Email Address
-####! The email address including the `%{key}` placeholder that will be replaced
-####! to reference the item being replied to.
-####! **The placeholder can be omitted but if present, it must appear in the
-####!   "user" part of the address (before the `@`).**
-# gitlab_rails['incoming_email_address'] = "gitlab-incoming+%{key}@gmail.com"
-
-#### Email account username
-####! **With third party providers, this is usually the full email address.**
-####! **With self-hosted email servers, this is usually the user part of the
-####!   email address.**
-# gitlab_rails['incoming_email_email'] = "gitlab-incoming@gmail.com"
-
-#### Email account password
-# gitlab_rails['incoming_email_password'] = "[REDACTED]"
-
-#### IMAP Settings
-# gitlab_rails['incoming_email_host'] = "imap.gmail.com"
-# gitlab_rails['incoming_email_port'] = 993
-# gitlab_rails['incoming_email_ssl'] = true
-# gitlab_rails['incoming_email_start_tls'] = false
-
-#### Incoming Mailbox Settings (via `mail_room`)
-####! The mailbox where incoming mail will end up. Usually "inbox".
-# gitlab_rails['incoming_email_mailbox_name'] = "inbox"
-####! The IDLE command timeout.
-# gitlab_rails['incoming_email_idle_timeout'] = 60
-####! The file name for internal `mail_room` JSON logfile
-# gitlab_rails['incoming_email_log_file'] = "/var/log/gitlab/mailroom/mail_room_json.log"
-####! This marks incoming messages deleted after delivery.
-####! If you are using Microsoft Graph API instead of IMAP, set this to false to retain
-####! messages in the inbox since deleted messages are auto-expunged after some time.
-# gitlab_rails['incoming_email_delete_after_delivery'] = true
-####! Permanently remove messages from the mailbox when they are marked as deleted after delivery
-####! Only applies to IMAP. Microsoft Graph will auto-expunge any deleted messages.
-# gitlab_rails['incoming_email_expunge_deleted'] = false
-
-#### Inbox options (for Microsoft Graph)
-# gitlab_rails['incoming_email_inbox_method'] = 'microsoft_graph'
-# gitlab_rails['incoming_email_inbox_options'] = {
-#    'tenant_id': 'YOUR-TENANT-ID',
-#    'client_id': 'YOUR-CLIENT-ID',
-#    'client_secret': 'YOUR-CLIENT-SECRET',
-#    'poll_interval': 60  # Optional
-# }
-
-#### How incoming emails are delivered to Rails process. Accept either sidekiq
-#### or webhook. The default config is webhook.
-# gitlab_rails['incoming_email_delivery_method'] = "webhook"
-
-#### Token to authenticate webhook requests. The token must be exactly 32 bytes,
-#### encoded with base64
-# gitlab_rails['incoming_email_auth_token'] = nil
-
-####! The format of mail_room crash logs
-# mailroom['exit_log_format'] = "plain"
-
-### Consolidated (simplified) object storage configuration
-###! This uses a single credential for object storage with multiple buckets.
-###! It also enables Workhorse to upload files directly with its own S3 client
-###! instead of using pre-signed URLs.
-###!
-###! This configuration will only take effect if the object_store
-###! sections are not defined within the types. For example, enabling
-###! gitlab_rails['artifacts_object_store_enabled'] or
-###! gitlab_rails['lfs_object_store_enabled'] will prevent the
-###! consolidated settings from being used.
-###!
-###! Be sure to use different buckets for each type of object.
-###! Docs: https://docs.gitlab.com/ee/administration/object_storage.html
-# gitlab_rails['object_store']['enabled'] = false
-# gitlab_rails['object_store']['connection'] = {}
-# gitlab_rails['object_store']['storage_options'] = {}
-# gitlab_rails['object_store']['proxy_download'] = false
-# gitlab_rails['object_store']['objects']['artifacts']['bucket'] = nil
-# gitlab_rails['object_store']['objects']['external_diffs']['bucket'] = nil
-# gitlab_rails['object_store']['objects']['lfs']['bucket'] = nil
-# gitlab_rails['object_store']['objects']['uploads']['bucket'] = nil
-# gitlab_rails['object_store']['objects']['packages']['bucket'] = nil
-# gitlab_rails['object_store']['objects']['dependency_proxy']['bucket'] = nil
-# gitlab_rails['object_store']['objects']['terraform_state']['bucket'] = nil
-# gitlab_rails['object_store']['objects']['ci_secure_files']['bucket'] = nil
-# gitlab_rails['object_store']['objects']['pages']['bucket'] = nil
-
-### Job Artifacts
-# gitlab_rails['artifacts_enabled'] = true
-# gitlab_rails['artifacts_path'] = "/var/opt/gitlab/gitlab-rails/shared/artifacts"
-####! Job artifacts Object Store
-####! Docs: https://docs.gitlab.com/ee/administration/job_artifacts.html#using-object-storage
-# gitlab_rails['artifacts_object_store_enabled'] = false
-# gitlab_rails['artifacts_object_store_proxy_download'] = false
-# gitlab_rails['artifacts_object_store_remote_directory'] = "artifacts"
-# gitlab_rails['artifacts_object_store_connection'] = {
-#   'provider' => 'AWS',
-#   'region' => 'eu-west-1',
-#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
-#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
-#   # # The below options configure an S3 compatible host instead of AWS
-#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
-#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
-#   # 'host' => 's3.amazonaws.com',
-#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
-# }
-
-### External merge request diffs
-# gitlab_rails['external_diffs_enabled'] = false
-# gitlab_rails['external_diffs_when'] = nil
-# gitlab_rails['external_diffs_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/external-diffs"
-# gitlab_rails['external_diffs_object_store_enabled'] = false
-# gitlab_rails['external_diffs_object_store_proxy_download'] = false
-# gitlab_rails['external_diffs_object_store_remote_directory'] = "external-diffs"
-# gitlab_rails['external_diffs_object_store_connection'] = {
-#   'provider' => 'AWS',
-#   'region' => 'eu-west-1',
-#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
-#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
-#   # # The below options configure an S3 compatible host instead of AWS
-#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
-#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
-#   # 'host' => 's3.amazonaws.com',
-#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
-# }
-
-### Git LFS
-# gitlab_rails['lfs_enabled'] = true
-# gitlab_rails['lfs_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/lfs-objects"
-# gitlab_rails['lfs_object_store_enabled'] = false
-# gitlab_rails['lfs_object_store_proxy_download'] = false
-# gitlab_rails['lfs_object_store_remote_directory'] = "lfs-objects"
-# gitlab_rails['lfs_object_store_connection'] = {
-#   'provider' => 'AWS',
-#   'region' => 'eu-west-1',
-#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
-#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
-#   # # The below options configure an S3 compatible host instead of AWS
-#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
-#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
-#   # 'host' => 's3.amazonaws.com',
-#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
-# }
-
-### GitLab uploads
-###! Docs: https://docs.gitlab.com/ee/administration/uploads.html
-# gitlab_rails['uploads_directory'] = "/var/opt/gitlab/gitlab-rails/uploads"
-# gitlab_rails['uploads_storage_path'] = "/opt/gitlab/embedded/service/gitlab-rails/public"
-# gitlab_rails['uploads_base_dir'] = "uploads/-/system"
-# gitlab_rails['uploads_object_store_enabled'] = false
-# gitlab_rails['uploads_object_store_proxy_download'] = false
-# gitlab_rails['uploads_object_store_remote_directory'] = "uploads"
-# gitlab_rails['uploads_object_store_connection'] = {
-#   'provider' => 'AWS',
-#   'region' => 'eu-west-1',
-#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
-#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
-#   # # The below options configure an S3 compatible host instead of AWS
-#   # 'host' => 's3.amazonaws.com',
-#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
-#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
-#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
-# }
-
-### Terraform state
-###! Docs: https://docs.gitlab.com/ee/administration/terraform_state
-# gitlab_rails['terraform_state_enabled'] = true
-# gitlab_rails['terraform_state_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/terraform_state"
-# gitlab_rails['terraform_state_object_store_enabled'] = false
-# gitlab_rails['terraform_state_object_store_remote_directory'] = "terraform"
-# gitlab_rails['terraform_state_object_store_connection'] = {
-#   'provider' => 'AWS',
-#   'region' => 'eu-west-1',
-#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
-#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
-#   # # The below options configure an S3 compatible host instead of AWS
-#   # 'host' => 's3.amazonaws.com',
-#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
-#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
-#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
-# }
-
-### CI Secure Files
-# gitlab_rails['ci_secure_files_enabled'] = false
-# gitlab_rails['ci_secure_files_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/ci_secure_files"
-# gitlab_rails['ci_secure_files_object_store_enabled'] = false
-# gitlab_rails['ci_secure_files_object_store_remote_directory'] = "ci-secure-files"
-# gitlab_rails['ci_secure_files_object_store_connection'] = {
-#   'provider' => 'AWS',
-#   'region' => 'eu-west-1',
-#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
-#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
-#   # # The below options configure an S3 compatible host instead of AWS
-#   # 'host' => 's3.amazonaws.com',
-#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
-#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
-#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
-# }
-
-### GitLab Pages
-# gitlab_rails['pages_object_store_enabled'] = false
-# gitlab_rails['pages_object_store_remote_directory'] = "pages"
-# gitlab_rails['pages_object_store_connection'] = {
-#   'provider' => 'AWS',
-#   'region' => 'eu-west-1',
-#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
-#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
-#   # # The below options configure an S3 compatible host instead of AWS
-#   # 'host' => 's3.amazonaws.com',
-#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
-#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
-#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
-# }
-# gitlab_rails['pages_local_store_enabled'] = true
-# gitlab_rails['pages_local_store_path'] = "/var/opt/gitlab/gitlab-rails/shared/pages"
-
-### Impersonation settings
-# gitlab_rails['impersonation_enabled'] = true
-
-### Disable jQuery and CSS animations
-# gitlab_rails['disable_animations'] = false
-
-### Application settings cache expiry in seconds. (default: 60)
-# gitlab_rails['application_settings_cache_seconds'] = 60
-
-### Usage Statistics
-# gitlab_rails['usage_ping_enabled'] = true
-
-### GitLab Mattermost
-###! These settings are void if Mattermost is installed on the same omnibus
-###! install
-# gitlab_rails['mattermost_host'] = "https://mattermost.example.com"
-
-### LDAP Settings
-###! Docs: https://docs.gitlab.com/ee/administration/auth/ldap/index.html
-###! **Be careful not to break the indentation in the ldap_servers block. It is
-###!   in yaml format and the spaces must be retained. Using tabs will not work.**
-
-# gitlab_rails['ldap_enabled'] = false
-# gitlab_rails['prevent_ldap_sign_in'] = false
-
-###! **remember to close this block with 'EOS' below**
-# gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
-#   main: # 'main' is the GitLab 'provider ID' of this LDAP server
-#     label: 'LDAP'
-#     host: '_your_ldap_server'
-#     port: 389
-#     uid: 'sAMAccountName'
-#     bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
-#     password: '_the_password_of_the_bind_user'
-#     encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
-#     verify_certificates: true
-#     smartcard_auth: false
-#     active_directory: true
-#     allow_username_or_email_login: false
-#     lowercase_usernames: false
-#     block_auto_created_users: false
-#     base: ''
-#     user_filter: ''
-#     ## EE only
-#     group_base: ''
-#     admin_group: ''
-#     sync_ssh_keys: false
-#
-#   secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server
-#     label: 'LDAP'
-#     host: '_your_ldap_server'
-#     port: 389
-#     uid: 'sAMAccountName'
-#     bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
-#     password: '_the_password_of_the_bind_user'
-#     encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
-#     verify_certificates: true
-#     smartcard_auth: false
-#     active_directory: true
-#     allow_username_or_email_login: false
-#     lowercase_usernames: false
-#     block_auto_created_users: false
-#     base: ''
-#     user_filter: ''
-#     ## EE only
-#     group_base: ''
-#     admin_group: ''
-#     sync_ssh_keys: false
-# EOS
-
-### Smartcard authentication settings
-###! Docs: https://docs.gitlab.com/ee/administration/auth/smartcard.html
-# gitlab_rails['smartcard_enabled'] = false
-# gitlab_rails['smartcard_ca_file'] = "/etc/gitlab/ssl/CA.pem"
-# gitlab_rails['smartcard_client_certificate_required_host'] = 'smartcard.gitlab.example.com'
-# gitlab_rails['smartcard_client_certificate_required_port'] = 3444
-# gitlab_rails['smartcard_required_for_git_access'] = false
-# gitlab_rails['smartcard_san_extensions'] = false
-
-### OmniAuth Settings
-###! Docs: https://docs.gitlab.com/ee/integration/omniauth.html
-# gitlab_rails['omniauth_enabled'] = nil
-# gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
-# gitlab_rails['omniauth_sync_email_from_provider'] = 'saml'
-# gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml']
-# gitlab_rails['omniauth_sync_profile_attributes'] = ['email']
-# gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'
-# gitlab_rails['omniauth_block_auto_created_users'] = true
-# gitlab_rails['omniauth_auto_link_ldap_user'] = false
-# gitlab_rails['omniauth_auto_link_saml_user'] = false
-# gitlab_rails['omniauth_auto_link_user'] = ['twitter']
-# gitlab_rails['omniauth_external_providers'] = ['twitter', 'google_oauth2']
-# gitlab_rails['omniauth_allow_bypass_two_factor'] = ['google_oauth2']
-# gitlab_rails['omniauth_providers'] = [
-#   {
-#     "name" => "google_oauth2",
-#     "app_id" => "YOUR APP ID",
-#     "app_secret" => "YOUR APP SECRET",
-#     "args" => { "access_type" => "offline", "approval_prompt" => "" }
-#   }
-# ]
-# gitlab_rails['omniauth_cas3_session_duration'] = 28800
-# gitlab_rails['omniauth_saml_message_max_byte_size'] = 250000
-
-### FortiAuthenticator authentication settings
-# gitlab_rails['forti_authenticator_enabled'] = false
-# gitlab_rails['forti_authenticator_host'] = 'forti_authenticator.example.com'
-# gitlab_rails['forti_authenticator_port'] = 443
-# gitlab_rails['forti_authenticator_username'] = 'admin'
-# gitlab_rails['forti_authenticator_access_token'] = 's3cr3t'
-
-### FortiToken Cloud authentication settings
-# gitlab_rails['forti_token_cloud_enabled'] = false
-# gitlab_rails['forti_token_cloud_client_id'] = 'forti_token_cloud_client_id'
-# gitlab_rails['forti_token_cloud_client_secret'] = 's3cr3t'
-
-### DuoAuth authentication settings
-# gitlab_rails['duo_auth_enabled'] = false
-# gitlab_rails['duo_auth_integration_key'] = 'duo_auth_integration_key'
-# gitlab_rails['duo_auth_secret_key'] = 'duo_auth_secret_key'
-# gitlab_rails['duo_auth_hostname'] = 'duo_auth.example.com'
-
-### Backup Settings
-###! Docs: https://docs.gitlab.com/omnibus/settings/backups.html
-
-# gitlab_rails['manage_backup_path'] = true
-# gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"
-# gitlab_rails['backup_gitaly_backup_path'] = "/opt/gitlab/embedded/bin/gitaly-backup"
-
-###! Docs: https://docs.gitlab.com/ee/raketasks/backup_restore.html#backup-archive-permissions
-# gitlab_rails['backup_archive_permissions'] = 0644
-
-# gitlab_rails['backup_pg_schema'] = 'public'
-
-###! The duration in seconds to keep backups before they are allowed to be deleted
-# gitlab_rails['backup_keep_time'] = 604800
-
-# gitlab_rails['backup_upload_connection'] = {
-#   'provider' => 'AWS',
-#   'region' => 'eu-west-1',
-#   'aws_access_key_id' => 'AKIAKIAKI',
-#   'aws_secret_access_key' => 'secret123',
-#   # # If IAM profile use is enabled, remove aws_access_key_id and aws_secret_access_key
-#   'use_iam_profile' => false
-# }
-# gitlab_rails['backup_upload_remote_directory'] = 'my.s3.bucket'
-# gitlab_rails['backup_multipart_chunk_size'] = 104857600
-
-###! **Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for
-###!   backups**
-# gitlab_rails['backup_encryption'] = 'AES256'
-###! The encryption key to use with AWS Server-Side Encryption.
-###! Setting this value will enable Server-Side Encryption with customer provided keys;
-###!   otherwise S3-managed keys are used.
-# gitlab_rails['backup_encryption_key'] = '<base64-encoded encryption key>'
-
-###! **Turns on AWS Server-Side Encryption with Amazon SSE-KMS (AWS managed but customer-master key)
-# gitlab_rails['backup_upload_storage_options'] = {
-#  'server_side_encryption' => 'aws:kms',
-#  'server_side_encryption_kms_key_id' => 'arn:aws:kms:YOUR-KEY-ID-HERE'
-# }
-
-###! **Specifies Amazon S3 storage class to use for backups. Valid values
-###!   include 'STANDARD', 'STANDARD_IA', and 'REDUCED_REDUNDANCY'**
-# gitlab_rails['backup_storage_class'] = 'STANDARD'
-
-###! Skip parts of the backup. Comma separated.
-###! Docs: https://docs.gitlab.com/ee/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup
-#gitlab_rails['env'] = {
-#    "SKIP" => "db,uploads,repositories,builds,artifacts,lfs,registry,pages"
-#}
-
-### For setting up different data storing directory
-###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#store-git-data-in-an-alternative-directory
-###! **If you want to use a single non-default directory to store git data use a
-###!   path that doesn't contain symlinks.**
-# git_data_dirs({
-#   "default" => {
-#     "path" => "/mnt/nfs-01/git-data"
-#    }
-# })
-
-### Gitaly settings
-# gitlab_rails['gitaly_token'] = 'secret token'
-
-### For storing GitLab application uploads, eg. LFS objects, build artifacts
-###! Docs: https://docs.gitlab.com/ee/development/shared_files.html
-# gitlab_rails['shared_path'] = '/var/opt/gitlab/gitlab-rails/shared'
-
-### For storing encrypted configuration files
-###! Docs: https://docs.gitlab.com/ee/administration/encrypted_configuration.html
-# gitlab_rails['encrypted_settings_path'] = '/var/opt/gitlab/gitlab-rails/shared/encrypted_settings'
-
-### Wait for file system to be mounted
-###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#only-start-omnibus-gitlab-services-after-a-given-file-system-is-mounted
-# high_availability['mountpoint'] = ["/var/opt/gitlab/git-data", "/var/opt/gitlab/gitlab-rails/shared"]
-
-### GitLab Shell settings for GitLab
-# gitlab_rails['gitlab_shell_ssh_port'] = 22
-# gitlab_rails['gitlab_shell_git_timeout'] = 800
-
-### Extra customization
-# gitlab_rails['extra_google_analytics_id'] = '_your_tracking_id'
-# gitlab_rails['extra_google_tag_manager_id'] = '_your_tracking_id'
-# gitlab_rails['extra_one_trust_id'] = '_your_one_trust_id'
-# gitlab_rails['extra_google_tag_manager_nonce_id'] = '_your_google_tag_manager_id'
-# gitlab_rails['extra_bizible'] = false
-# gitlab_rails['extra_matomo_url'] = '_your_matomo_url'
-# gitlab_rails['extra_matomo_site_id'] = '_your_matomo_site_id'
-# gitlab_rails['extra_matomo_disable_cookies'] = false
-# gitlab_rails['extra_maximum_text_highlight_size_kilobytes'] = 512
-
-##! Docs: https://docs.gitlab.com/omnibus/settings/environment-variables.html
-# gitlab_rails['env'] = {
-#   'BUNDLE_GEMFILE' => "/opt/gitlab/embedded/service/gitlab-rails/Gemfile",
-#   'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin"
-# }
-
-# gitlab_rails['rack_attack_git_basic_auth'] = {
-#   'enabled' => false,
-#   'ip_whitelist' => ["127.0.0.1"],
-#   'maxretry' => 10,
-#   'findtime' => 60,
-#   'bantime' => 3600
-# }
-
-# gitlab_rails['dir'] = "/var/opt/gitlab/gitlab-rails"
-# gitlab_rails['log_directory'] = "/var/log/gitlab/gitlab-rails"
-# gitlab_rails['log_group'] = nil
-
-#### Change the initial default admin password and shared runner registration tokens.
-####! **Only applicable on initial setup, changing these settings after database
-####!   is created and seeded won't yield any change.**
-# gitlab_rails['initial_root_password'] = "password"
-# gitlab_rails['initial_shared_runners_registration_token'] = "token"
-
-#### Toggle if root password should be printed to STDOUT during initialization
-# gitlab_rails['display_initial_root_password'] = false
-
-#### Toggle if initial root password should be written to /etc/gitlab/initial_root_password
-# gitlab_rails['store_initial_root_password'] = true
-
-#### Set path to an initial license to be used while bootstrapping GitLab.
-####! **Only applicable on initial setup, future license updates need to be done via UI.
-####! Updating the file specified in this path won't yield any change after the first reconfigure run.
-# gitlab_rails['initial_license_file'] = '/etc/gitlab/company.gitlab-license'
-
-#### Enable or disable automatic database migrations
-# gitlab_rails['auto_migrate'] = true
-
-#### This is advanced feature used by large gitlab deployments where loading
-#### whole RAILS env takes a lot of time.
-# gitlab_rails['rake_cache_clear'] = true
-
-### GitLab database settings
-###! Docs: https://docs.gitlab.com/omnibus/settings/database.html
-###! **Only needed if you use an external database.**
-# gitlab_rails['db_adapter'] = "postgresql"
-# gitlab_rails['db_encoding'] = "unicode"
-# gitlab_rails['db_collation'] = nil
-# gitlab_rails['db_database'] = "gitlabhq_production"
-# gitlab_rails['db_username'] = "gitlab"
-# gitlab_rails['db_password'] = nil
-# gitlab_rails['db_host'] = nil
-# gitlab_rails['db_port'] = 5432
-# gitlab_rails['db_socket'] = nil
-# gitlab_rails['db_sslmode'] = nil
-# gitlab_rails['db_sslcompression'] = 0
-# gitlab_rails['db_sslrootcert'] = nil
-# gitlab_rails['db_sslcert'] = nil
-# gitlab_rails['db_sslkey'] = nil
-# gitlab_rails['db_prepared_statements'] = false
-# gitlab_rails['db_statements_limit'] = 1000
-# gitlab_rails['db_connect_timeout'] = nil
-# gitlab_rails['db_keepalives'] = nil
-# gitlab_rails['db_keepalives_idle'] = nil
-# gitlab_rails['db_keepalives_interval'] = nil
-# gitlab_rails['db_keepalives_count'] = nil
-# gitlab_rails['db_tcp_user_timeout'] = nil
-# gitlab_rails['db_application_name'] = nil
-# gitlab_rails['db_database_tasks'] = true
-
-### Gitlab decomposed database settings
-###! Docs: https://docs.gitlab.com/omnibus/settings/database.html
-# gitlab_rails['databases']['ci']['enable'] = true
-# gitlab_rails['databases']['ci']['db_database'] = 'gitlabhq_production'
-# gitlab_rails['databases']['ci']['database_tasks'] = false
-
-### GitLab Redis settings
-###! Connect to your own Redis instance
-###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
-
-#### Redis TCP connection
-# gitlab_rails['redis_host'] = "127.0.0.1"
-# gitlab_rails['redis_port'] = 6379
-# gitlab_rails['redis_ssl'] = false
-# gitlab_rails['redis_password'] = nil
-# gitlab_rails['redis_database'] = 0
-# gitlab_rails['redis_enable_client'] = true
-
-#### Redis local UNIX socket (will be disabled if TCP method is used)
-# gitlab_rails['redis_socket'] = "/var/opt/gitlab/redis/redis.socket"
-
-#### Sentinel support
-####! To have Sentinel working, you must enable Redis TCP connection support
-####! above and define a few Sentinel hosts below (to get a reliable setup
-####! at least 3 hosts).
-####! **You don't need to list every sentinel host, but the ones not listed will
-####!   not be used in a fail-over situation to query for the new master.**
-# gitlab_rails['redis_sentinels'] = [
-#   {'host' => '127.0.0.1', 'port' => 26379},
-# ]
-# gitlab_rails['redis_sentinels_password'] = 'sentinel-requirepass-goes-here'
-
-#### Cluster support
-####! Cluster support is only available for selected Redis instances. `resque.yml` will not
-####! support cluster mode to maintain full-compatibility with the GitLab rails application.
-####!
-####! To have Redis Cluster working, you must declare `redis_{instance}_cluster_nodes`
-####! `redis_{instance}_username` and `redis_{instance}_password` are required if ACL
-####! is enabled for the Redis servers.
-# gitlab_rails['redis_xxxx_cluster_nodes'] = [
-#    {'host' => '127.0.0.1', 'port' => 6379},
-# ]
-
-#### Separate instances support
-###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html#running-with-multiple-redis-instances
-# gitlab_rails['redis_cache_instance'] = nil
-# gitlab_rails['redis_cache_sentinels'] = nil
-# gitlab_rails['redis_cache_sentinels_password'] = nil
-# gitlab_rails['redis_cache_username'] = nil
-# gitlab_rails['redis_cache_password'] = nil
-# gitlab_rails['redis_cache_cluster_nodes'] = nil
-# gitlab_rails['redis_queues_instance'] = nil
-# gitlab_rails['redis_queues_sentinels'] = nil
-# gitlab_rails['redis_queues_sentinels_password'] = nil
-# gitlab_rails['redis_queues_username'] = nil
-# gitlab_rails['redis_queues_password'] = nil
-# gitlab_rails['redis_queues_cluster_nodes'] = nil
-# gitlab_rails['redis_shared_state_instance'] = nil
-# gitlab_rails['redis_shared_state_sentinels'] = nil
-# gitlab_rails['redis_shared_state_sentinels_password'] = nil
-# gitlab_rails['redis_shared_state_username'] = nil
-# gitlab_rails['redis_shared_state_password'] = nil
-# gitlab_rails['redis_shared_state_cluster_nodes'] = nil
-# gitlab_rails['redis_trace_chunks_instance'] = nil
-# gitlab_rails['redis_trace_chunks_sentinels'] = nil
-# gitlab_rails['redis_trace_chunks_sentinels_password'] = nil
-# gitlab_rails['redis_trace_chunks_username'] = nil
-# gitlab_rails['redis_trace_chunks_password'] = nil
-# gitlab_rails['redis_trace_chunks_cluster_nodes'] = nil
-# gitlab_rails['redis_actioncable_instance'] = nil
-# gitlab_rails['redis_actioncable_sentinels'] = nil
-# gitlab_rails['redis_actioncable_sentinels_password'] = nil
-# gitlab_rails['redis_actioncable_username'] = nil
-# gitlab_rails['redis_actioncable_password'] = nil
-# gitlab_rails['redis_actioncable_cluster_nodes'] = nil
-# gitlab_rails['redis_rate_limiting_instance'] = nil
-# gitlab_rails['redis_rate_limiting_sentinels'] = nil
-# gitlab_rails['redis_rate_limiting_sentinels_password'] = nil
-# gitlab_rails['redis_rate_limiting_username'] = nil
-# gitlab_rails['redis_rate_limiting_password'] = nil
-# gitlab_rails['redis_rate_limiting_cluster_nodes'] = nil
-# gitlab_rails['redis_sessions_instance'] = nil
-# gitlab_rails['redis_sessions_sentinels'] = nil
-# gitlab_rails['redis_sessions_sentinels_password'] = nil
-# gitlab_rails['redis_sessions_username'] = nil
-# gitlab_rails['redis_sessions_password'] = nil
-# gitlab_rails['redis_sessions_cluster_nodes'] = nil
-# gitlab_rails['redis_cluster_rate_limiting_instance'] = nil
-# gitlab_rails['redis_cluster_rate_limiting_sentinels'] = nil
-# gitlab_rails['redis_cluster_rate_limiting_sentinels_password'] = nil
-# gitlab_rails['redis_cluster_rate_limiting_username'] = nil
-# gitlab_rails['redis_cluster_rate_limiting_password'] = nil
-# gitlab_rails['redis_cluster_rate_limiting_cluster_nodes'] = nil
-# gitlab_rails['redis_repository_cache_instance'] = nil
-# gitlab_rails['redis_repository_cache_sentinels'] = nil
-# gitlab_rails['redis_repository_cache_sentinels_password'] = nil
-# gitlab_rails['redis_repository_cache_username'] = nil
-# gitlab_rails['redis_repository_cache_password'] = nil
-# gitlab_rails['redis_repository_cache_cluster_nodes'] = nil
-
-
-# gitlab_rails['redis_yml_override'] = nil
-
-################################################################################
-## Container Registry settings
-##! Docs: https://docs.gitlab.com/ee/administration/packages/container_registry.html
-################################################################################
-
-# registry_external_url 'https://registry.example.com'
-
-### Settings used by GitLab application
-# gitlab_rails['registry_enabled'] = true
-# gitlab_rails['registry_host'] = "registry.gitlab.example.com"
-# gitlab_rails['registry_port'] = "5005"
-# gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry"
-
-# Notification secret, it's used to authenticate notification requests to GitLab application
-# You only need to change this when you use external Registry service, otherwise
-# it will be taken directly from notification settings of your Registry
-# gitlab_rails['registry_notification_secret'] = nil
-
-###! **Do not change the following 3 settings unless you know what you are
-###!   doing**
-# gitlab_rails['registry_api_url'] = "http://127.0.0.1:5000"
-# gitlab_rails['registry_key_path'] = "/var/opt/gitlab/gitlab-rails/certificate.key"
-# gitlab_rails['registry_issuer'] = "omnibus-gitlab-issuer"
-
-### Settings used by Registry application
-# registry['enable'] = true
-# registry['username'] = "registry"
-# registry['group'] = "registry"
-# registry['uid'] = nil
-# registry['gid'] = nil
-# registry['dir'] = "/var/opt/gitlab/registry"
-# registry['registry_http_addr'] = "127.0.0.1:5000"
-# registry['debug_addr'] = "localhost:5001"
-# registry['log_directory'] = "/var/log/gitlab/registry"
-# registry['env_directory'] = "/opt/gitlab/etc/registry/env"
-# registry['env'] = {
-#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
-# }
-# registry['log_level'] = "info"
-# registry['log_formatter'] = "text"
-# registry['rootcertbundle'] = "/var/opt/gitlab/registry/certificate.crt"
-# registry['health_storagedriver_enabled'] = true
-# registry['middleware'] = nil
-# registry['storage_delete_enabled'] = true
-# registry['validation_enabled'] = false
-# registry['autoredirect'] = false
-# registry['compatibility_schema1_enabled'] = false
-
-### Registry backend storage
-###! Docs: https://docs.gitlab.com/ee/administration/packages/container_registry.html#configure-storage-for-the-container-registry
-# registry['storage'] = {
-#   's3' => {
-#     'accesskey' => 's3-access-key',
-#     'secretkey' => 's3-secret-key-for-access-key',
-#     'bucket' => 'your-s3-bucket',
-#     'region' => 'your-s3-region',
-#     'regionendpoint' => 'your-s3-regionendpoint'
-#   },
-#   'redirect' => {
-#     'disable' => false
-#   }
-# }
-
-### Registry notifications endpoints
-# registry['notifications'] = [
-#   {
-#     'name' => 'test_endpoint',
-#     'url' => 'https://gitlab.example.com/notify2',
-#     'timeout' => '500ms',
-#     'threshold' => 5,
-#     'backoff' => '1s',
-#     'headers' => {
-#       "Authorization" => ["AUTHORIZATION_EXAMPLE_TOKEN"]
-#     }
-#   }
-# ]
-### Default registry notifications
-# registry['default_notifications_timeout'] = "500ms"
-# registry['default_notifications_threshold'] = 5
-# registry['default_notifications_backoff'] = "1s"
-# registry['default_notifications_headers'] = {}
-
-################################################################################
-## Error Reporting and Logging with Sentry
-################################################################################
-# gitlab_rails['sentry_enabled'] = false
-# gitlab_rails['sentry_dsn'] = 'https://<key>@sentry.io/<project>'
-# gitlab_rails['sentry_clientside_dsn'] = 'https://<key>@sentry.io/<project>'
-# gitlab_rails['sentry_environment'] = 'production'
-
-################################################################################
-## CI_JOB_JWT
-################################################################################
-##! RSA private key used to sign CI_JOB_JWT
-# gitlab_rails['ci_jwt_signing_key'] = nil # Will be generated if not set.
-
-################################################################################
-## GitLab Workhorse
-##! Docs: https://gitlab.com/gitlab-org/gitlab/-/blob/master/workhorse/README.md
-################################################################################
-
-# gitlab_workhorse['enable'] = true
-# gitlab_workhorse['ha'] = false
-# gitlab_workhorse['alt_document_root'] = nil
-
-##! Duration to wait for all requests to finish (e.g. "10s" for 10
-##! seconds). By default this is disabled to preserve the existing
-##! behavior of fast shutdown. This should not be set higher than 30
-##! seconds, since gitlab-ctl will wait up to 30 seconds (as defined by
-##! the SVWAIT variable) and report a timeout error if the process has
-##! not shut down.
-# gitlab_workhorse['shutdown_timeout'] = nil
-# gitlab_workhorse['listen_network'] = "unix"
-# gitlab_workhorse['listen_umask'] = 000
-# gitlab_workhorse['listen_addr'] = "/var/opt/gitlab/gitlab-workhorse/sockets/socket"
-# gitlab_workhorse['auth_backend'] = "http://localhost:8080"
-
-##! Enable Redis keywatcher, if this setting is not present it defaults to true
-# gitlab_workhorse['workhorse_keywatcher'] = true
-
-##! the empty string is the default in gitlab-workhorse option parser
-# gitlab_workhorse['auth_socket'] = "''"
-
-##! put an empty string on the command line
-# gitlab_workhorse['pprof_listen_addr'] = "''"
-
-# gitlab_workhorse['prometheus_listen_addr'] = "localhost:9229"
-
-# gitlab_workhorse['dir'] = "/var/opt/gitlab/gitlab-workhorse"
-# gitlab_workhorse['log_directory'] = "/var/log/gitlab/gitlab-workhorse"
-# gitlab_workhorse['proxy_headers_timeout'] = "1m0s"
-
-##! limit number of concurrent API requests, defaults to 0 which is unlimited
-# gitlab_workhorse['api_limit'] = 0
-
-##! limit number of API requests allowed to be queued, defaults to 0 which
-##! disables queuing
-# gitlab_workhorse['api_queue_limit'] = 0
-
-##! duration after which we timeout requests if they sit too long in the queue
-# gitlab_workhorse['api_queue_duration'] = "30s"
-
-##! Long polling duration for job requesting for runners
-# gitlab_workhorse['api_ci_long_polling_duration'] = "60s"
-
-##! Propagate X-Request-Id if available. Workhorse will generate a random value otherwise.
-# gitlab_workhorse['propagate_correlation_id'] = false
-
-##! A list of CIDR blocks to allow for propagation of correlation ID.
-##! propagate_correlation_id should also be set to true.
-##! For example: %w(127.0.0.1/32 192.168.0.1/32)
-# gitlab_workhorse['trusted_cidrs_for_propagation'] = nil
-
-##! A list of CIDR blocks that must match remote IP addresses to use
-##! X-Forwarded-For HTTP header for the actual client IP. Used in
-##! conjuction with propagate_correlation_id and
-##! trusted_cidrs_for_propagation.
-##! For example: %w(127.0.0.1/32 192.168.0.1/32)
-# gitlab_workhorse['trusted_cidrs_for_x_forwarded_for'] = nil
-
-##! Log format: default is json, can also be text or none.
-# gitlab_workhorse['log_format'] = "json"
-
-# gitlab_workhorse['env_directory'] = "/opt/gitlab/etc/gitlab-workhorse/env"
-# gitlab_workhorse['env'] = {
-#   'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin",
-#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
-# }
-
-##! Resource limitations for the dynamic image scaler.
-##! Exceeding these thresholds will cause Workhorse to serve images in their original size.
-##!
-##! Maximum number of scaler processes that are allowed to execute concurrently.
-##! It is recommended for this not to exceed the number of CPUs available.
-# gitlab_workhorse['image_scaler_max_procs'] = 4
-##!
-##! Maximum file size in bytes for an image to be considered eligible for rescaling
-# gitlab_workhorse['image_scaler_max_filesize'] = 250000
-
-##! Service name used to register GitLab Workhorse as a Consul service
-# gitlab_workhorse['consul_service_name'] = 'workhorse'
-##! Semantic metadata used when registering GitLab Workhorse as a Consul service
-# gitlab_workhorse['consul_service_meta'] = {}
-
-################################################################################
-## GitLab User Settings
-##! Modify default git user.
-##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#change-the-name-of-the-git-user-or-group
-################################################################################
-
-# user['username'] = "git"
-# user['group'] = "git"
-# user['uid'] = nil
-# user['gid'] = nil
-
-##! The shell for the git user
-# user['shell'] = "/bin/sh"
-
-##! The home directory for the git user
-# user['home'] = "/var/opt/gitlab"
-
-# user['git_user_name'] = "GitLab"
-# user['git_user_email'] = "gitlab@#{node['fqdn']}"
-
-################################################################################
-## GitLab Puma
-##! Tweak puma settings.
-##! Docs: https://docs.gitlab.com/ee/administration/operations/puma.html
-################################################################################
-
-# puma['enable'] = true
-# puma['ha'] = false
-# puma['worker_timeout'] = 60
-# puma['worker_processes'] = 2
-# puma['min_threads'] = 4
-# puma['max_threads'] = 4
-
-### Advanced settings
-# puma['listen'] = '127.0.0.1'
-# puma['port'] = 8080
-# puma['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'
-# puma['somaxconn'] = 1024
-
-### SSL settings
-# puma['ssl_listen'] = nil
-# puma['ssl_port'] = nil
-# puma['ssl_certificate'] = nil
-# puma['ssl_certificate_key'] = nil
-# puma['ssl_client_certificate'] = nil
-# puma['ssl_cipher_filter'] = nil
-# puma['ssl_key_password_command'] = nil
-# puma['ssl_verify_mode'] = 'none'
-
-# puma['pidfile'] = '/opt/gitlab/var/puma/puma.pid'
-# puma['state_path'] = '/opt/gitlab/var/puma/puma.state'
-
-###! **We do not recommend changing this setting**
-# puma['log_directory'] = "/var/log/gitlab/puma"
-
-### **Only change these settings if you understand well what they mean**
-###! Docs: https://github.com/schneems/puma_worker_killer
-# puma['per_worker_max_memory_mb'] = 1024
-
-# puma['exporter_enabled'] = false
-# puma['exporter_address'] = "127.0.0.1"
-# puma['exporter_port'] = 8083
-# puma['exporter_tls_enabled'] = false
-# puma['exporter_tls_cert_path'] = ""
-# puma['exporter_tls_key_path'] = ""
-
-# puma['prometheus_scrape_scheme'] = 'http'
-# puma['prometheus_scrape_tls_server_name'] = 'localhost'
-# puma['prometheus_scrape_tls_skip_verification'] = false
-
-##! Service name used to register Puma as a Consul service
-# puma['consul_service_name'] = 'rails'
-##! Semantic metadata used when registering Puma as a Consul service
-# puma['consul_service_meta'] = {}
-
-################################################################################
-## GitLab Sidekiq
-################################################################################
-
-##! GitLab allows one to start multiple sidekiq processes. These
-##! processes can be used to consume a dedicated set of queues. This
-##! can be used to ensure certain queues are able to handle additional workload.
-##! https://docs.gitlab.com/ee/administration/operations/extra_sidekiq_processes.html
-
-# sidekiq['enable'] = true
-# sidekiq['log_directory'] = "/var/log/gitlab/sidekiq"
-# sidekiq['log_format'] = "json"
-# sidekiq['shutdown_timeout'] = 4
-# sidekiq['interval'] = nil
-# sidekiq['max_concurrency'] = 20
-# sidekiq['min_concurrency'] = nil
-
-##! GitLab allows route a job to a particular queue determined by an array of ##! routing rules.
-##! Each routing rule is a tuple of queue selector query and corresponding queue. By default,
-##! the routing rules are not configured (empty array)
-
-# sidekiq['routing_rules'] = []
-
-##! Each entry in the queue_groups array denotes a group of queues that have to be processed by a
-##! Sidekiq process. Multiple queues can be processed by the same process by
-##! separating them with a comma within the group entry, a `*` will process all queues
-
-# sidekiq['queue_groups'] = ['*']
-
-##! Specifies where Prometheus metrics endpoints should be made available for Sidekiq processes.
-# sidekiq['metrics_enabled'] = true
-# sidekiq['exporter_log_enabled'] = false
-# sidekiq['exporter_tls_enabled'] = false
-# sidekiq['exporter_tls_cert_path'] = ""
-# sidekiq['exporter_tls_key_path'] = ""
-# sidekiq['listen_address'] = "localhost"
-# sidekiq['listen_port'] = 8082
-
-##! Specifies where health-check endpoints should be made available for Sidekiq processes.
-##! Defaults to the same settings as for Prometheus metrics (see above).
-# sidekiq['health_checks_enabled'] = true
-# sidekiq['health_checks_listen_address'] = "localhost"
-# sidekiq['health_checks_listen_port'] = 8092
-
-##! Service name used to register Sidekiq as a Consul service
-# sidekiq['consul_service_name'] = 'sidekiq'
-##! Semantic metadata used when registering Sidekiq as a Consul service
-# sidekiq['consul_service_meta'] = {}
-
-################################################################################
-## gitlab-shell
-################################################################################
-
-# gitlab_shell['audit_usernames'] = false
-# gitlab_shell['log_level'] = 'INFO'
-# gitlab_shell['log_format'] = 'json'
-# gitlab_shell['http_settings'] = { user: 'username', password: 'password', ca_file: '/etc/ssl/cert.pem', ca_path: '/etc/pki/tls/certs'}
-# gitlab_shell['log_directory'] = "/var/log/gitlab/gitlab-shell"
-
-# gitlab_shell['auth_file'] = "/var/opt/gitlab/.ssh/authorized_keys"
-
-### Migration to Go feature flags
-###! Docs: https://gitlab.com/gitlab-org/gitlab-shell#migration-to-go-feature-flags
-# gitlab_shell['migration'] = { enabled: true, features: [] }
-
-### Git trace log file.
-###! If set, git commands receive GIT_TRACE* environment variables
-###! Docs: https://git-scm.com/book/es/v2/Git-Internals-Environment-Variables#Debugging
-###! An absolute path starting with / – the trace output will be appended to
-###! that file. It needs to exist so we can check permissions and avoid
-###! throwing warnings to the users.
-# gitlab_shell['git_trace_log_file'] = "/var/log/gitlab/gitlab-shell/gitlab-shell-git-trace.log"
-
-##! **We do not recommend changing this directory.**
-# gitlab_shell['dir'] = "/var/opt/gitlab/gitlab-shell"
-
-################################################################################
-## gitlab-sshd
-################################################################################
-
-# gitlab_sshd['enable'] = false
-# gitlab_sshd['generate_host_keys'] = true
-# gitlab_sshd['dir'] = "/var/opt/gitlab/gitlab-sshd"
-
-# gitlab-sshd outputs most logs to /var/log/gitlab/gitlab-shell/gitlab-shell.log.
-# This directory only stores stdout/stderr output from the daemon.
-# gitlab_sshd['log_directory'] = "/var/log/gitlab/gitlab-sshd/"
-
-# gitlab_sshd['env_directory'] = '/opt/gitlab/etc/gitlab-sshd/env'
-# gitlab_sshd['listen_address'] = 'localhost:2222'
-# gitlab_sshd['metrics_address'] = 'localhost:9122'
-# gitlab_sshd['concurrent_sessions_limit'] = 100
-# gitlab_sshd['proxy_protocol'] = false
-# gitlab_sshd['proxy_policy'] = 'use'
-# gitlab_sshd['proxy_header_timeout'] = '500ms'
-# gitlab_sshd['grace_period'] = 55
-# gitlab_sshd['client_alive_interval'] = nil
-# gitlab_sshd['ciphers'] = nil
-# gitlab_sshd['kex_algorithms'] = nil
-# gitlab_sshd['macs'] = nil
-# gitlab_sshd['login_grace_time'] = 60
-# gitlab_sshd['host_keys_dir'] = '/var/opt/gitlab/gitlab-sshd'
-# gitlab_sshd['host_keys_glob'] = 'ssh_host_*_key'
-# gitlab_sshd['host_certs_dir'] = '/var/opt/gitlab/gitlab-sshd'
-# gitlab_sshd['host_certs_glob'] = 'ssh_host_*-cert.pub'
-
-################################################################
-## GitLab PostgreSQL
-################################################################
-
-###! Changing any of these settings requires a restart of postgresql.
-###! By default, reconfigure reloads postgresql if it is running. If you
-###! change any of these settings, be sure to run `gitlab-ctl restart postgresql`
-###! after reconfigure in order for the changes to take effect.
-# postgresql['enable'] = true
-# postgresql['listen_address'] = nil
-# postgresql['port'] = 5432
-
-## Only used when Patroni is enabled. This is the port that PostgreSQL responds to other
-## cluster members. This port is used by Patroni to advertize the PostgreSQL connection
-## endpoint to the cluster. By default it is the same as postgresql['port'].
-# postgresql['connect_port'] = 5432
-
-##! **recommend value is 1/4 of total RAM, up to 14GB.**
-# postgresql['shared_buffers'] = "256MB"
-
-### Advanced settings
-# postgresql['ha'] = false
-# postgresql['dir'] = "/var/opt/gitlab/postgresql"
-# postgresql['log_directory'] = "/var/log/gitlab/postgresql"
-# postgresql['log_destination'] = nil
-# postgresql['logging_collector'] = nil
-# postgresql['log_truncate_on_rotation'] = nil
-# postgresql['log_rotation_age'] = nil
-# postgresql['log_rotation_size'] = nil
-##! 'username' affects the system and PostgreSQL user accounts created during installation and cannot be changed
-##! on an existing installation. See https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/3606 for more details.
-# postgresql['username'] = "gitlab-psql"
-# postgresql['group'] = "gitlab-psql"
-##! `SQL_USER_PASSWORD_HASH` can be generated using the command `gitlab-ctl pg-password-md5 gitlab`
-# postgresql['sql_user_password'] = 'SQL_USER_PASSWORD_HASH'
-# postgresql['uid'] = nil
-# postgresql['gid'] = nil
-# postgresql['shell'] = "/bin/sh"
-# postgresql['home'] = "/var/opt/gitlab/postgresql"
-# postgresql['user_path'] = "/opt/gitlab/embedded/bin:/opt/gitlab/bin:$PATH"
-# postgresql['sql_user'] = "gitlab"
-# postgresql['max_connections'] = 400
-# postgresql['md5_auth_cidr_addresses'] = []
-# postgresql['trust_auth_cidr_addresses'] = []
-# postgresql['wal_buffers'] = "-1"
-# postgresql['autovacuum_max_workers'] = "3"
-# postgresql['autovacuum_freeze_max_age'] = "200000000"
-# postgresql['log_statement'] = nil
-# postgresql['track_activity_query_size'] = "1024"
-# postgresql['shared_preload_libraries'] = nil
-# postgresql['dynamic_shared_memory_type'] = nil
-# postgresql['hot_standby'] = "off"
-
-### SSL settings
-# See https://www.postgresql.org/docs/13/static/runtime-config-connection.html#GUC-SSL-CERT-FILE for more details
-# postgresql['ssl'] = 'on'
-# postgresql['hostssl'] = false
-# postgresql['ssl_ciphers'] = 'HIGH:MEDIUM:+3DES:!aNULL:!SSLv3:!TLSv1'
-# postgresql['ssl_cert_file'] = 'server.crt'
-# postgresql['ssl_key_file'] = 'server.key'
-# postgresql['ssl_ca_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
-# postgresql['ssl_crl_file'] = nil
-# postgresql['cert_auth_addresses'] = {
-#   'ADDRESS' => {
-#     database: 'gitlabhq_production',
-#     user: 'gitlab'
-#   }
-# }
-
-### Replication settings
-###! Note, some replication settings do not require a full restart. They are documented below.
-# postgresql['wal_level'] = "hot_standby"
-# postgresql['wal_log_hints'] = 'off'
-# postgresql['max_wal_senders'] = 5
-# postgresql['max_replication_slots'] = 0
-# postgresql['max_locks_per_transaction'] = 128
-
-# Backup/Archive settings
-# postgresql['archive_mode'] = "off"
-
-###! Changing any of these settings only requires a reload of postgresql. You do not need to
-###! restart postgresql if you change any of these and run reconfigure.
-# postgresql['work_mem'] = "16MB"
-# postgresql['maintenance_work_mem'] = "16MB"
-# postgresql['checkpoint_timeout'] = "5min"
-# postgresql['checkpoint_completion_target'] = 0.9
-# postgresql['effective_io_concurrency'] = 1
-# postgresql['checkpoint_warning'] = "30s"
-# postgresql['effective_cache_size'] = "1MB"
-# postgresql['shmmax'] =  17179869184 # or 4294967295
-# postgresql['shmall'] =  4194304 # or 1048575
-# postgresql['autovacuum'] = "on"
-# postgresql['log_autovacuum_min_duration'] = "-1"
-# postgresql['autovacuum_naptime'] = "1min"
-# postgresql['autovacuum_vacuum_threshold'] = "50"
-# postgresql['autovacuum_analyze_threshold'] = "50"
-# postgresql['autovacuum_vacuum_scale_factor'] = "0.02"
-# postgresql['autovacuum_analyze_scale_factor'] = "0.01"
-# postgresql['autovacuum_vacuum_cost_delay'] = "20ms"
-# postgresql['autovacuum_vacuum_cost_limit'] = "-1"
-# postgresql['statement_timeout'] = "60000"
-# postgresql['idle_in_transaction_session_timeout'] = "60000"
-# postgresql['log_line_prefix'] = "%a"
-# postgresql['max_worker_processes'] = 8
-# postgresql['max_parallel_workers_per_gather'] = 0
-# postgresql['log_lock_waits'] = 1
-# postgresql['deadlock_timeout'] = '5s'
-# postgresql['track_io_timing'] = 0
-# postgresql['default_statistics_target'] = 1000
-
-### Available in PostgreSQL 9.6 and later
-# postgresql['min_wal_size'] = "80MB"
-# postgresql['max_wal_size'] = "1GB"
-
-# Backup/Archive settings
-# postgresql['archive_command'] = nil
-# postgresql['archive_timeout'] = "0"
-
-### Replication settings
-# postgresql['sql_replication_user'] = "gitlab_replicator"
-# postgresql['sql_replication_password'] = "md5 hash of postgresql password" # You can generate with `gitlab-ctl pg-password-md5 <dbuser>`
-# postgresql['wal_keep_segments'] = 10
-# postgresql['max_standby_archive_delay'] = "30s"
-# postgresql['max_standby_streaming_delay'] = "30s"
-# postgresql['synchronous_commit'] = on
-# postgresql['synchronous_standby_names'] = ''
-# postgresql['hot_standby_feedback'] = 'off'
-# postgresql['random_page_cost'] = 2.0
-# postgresql['log_temp_files'] = -1
-# postgresql['log_checkpoints'] = 'off'
-# To add custom entries to pg_hba.conf use the following
-# postgresql['custom_pg_hba_entries'] = {
-#   APPLICATION: [ # APPLICATION should identify what the settings are used for
-#     {
-#       type: example,
-#       database: example,
-#       user: example,
-#       cidr: example,
-#       method: example,
-#       option: example
-#     }
-#   ]
-# }
-# See https://www.postgresql.org/docs/13/static/auth-pg-hba-conf.html for an explanation
-# of the values
-
-### Version settings
-# Set this if you have disabled the bundled PostgreSQL but still want to use the backup rake tasks
-# postgresql['version'] = 10
-
-
-##! Automatically restart PostgreSQL service when version changes.
-# postgresql['auto_restart_on_version_change'] = true
-
-################################################################################
-## GitLab Redis
-##! **Can be disabled if you are using your own Redis instance.**
-##! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
-################################################################################
-
-# redis['enable'] = true
-# redis['ha'] = false
-# redis['start_down'] = false
-# redis['set_replicaof'] = false
-# redis['hz'] = 10
-# redis['dir'] = "/var/opt/gitlab/redis"
-# redis['log_directory'] = "/var/log/gitlab/redis"
-# redis['log_group'] = nil
-# redis['username'] = "gitlab-redis"
-# redis['group'] = "gitlab-redis"
-# redis['maxclients'] = "10000"
-# redis['open_files_ulimit'] = nil # Maximum number of open files allowed for the redis process (defaults to ope
-# redis['maxmemory'] = "0"
-# redis['maxmemory_policy'] = "noeviction"
-# redis['maxmemory_samples'] = "5"
-# redis['stop_writes_on_bgsave_error'] = true
-# redis['tcp_backlog'] = 511
-# redis['tcp_timeout'] = "60"
-# redis['tcp_keepalive'] = "300"
-# redis['uid'] = nil
-# redis['gid'] = nil
-# redis['startup_delay'] = 0
-
-### Redis TLS settings
-###! To run Redis over TLS, specify values for the following settings
-# redis['tls_port'] = nil
-# redis['tls_cert_file'] = nil
-# redis['tls_key_file'] = nil
-
-###! Other TLS related optional settings
-# redis['tls_dh_params_file'] = nil
-# redis['tls_ca_cert_dir'] = '/opt/gitlab/embedded/ssl/certs/'
-# redis['tls_ca_cert_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
-# redis['tls_auth_clients'] = 'optional'
-# redis['tls_replication'] = nil
-# redis['tls_cluster'] = nil
-# redis['tls_protocols'] = nil
-# redis['tls_ciphers'] = nil
-# redis['tls_ciphersuites'] = nil
-# redis['tls_prefer_server_ciphers'] = nil
-# redis['tls_session_caching'] = nil
-# redis['tls_session_cache_size'] = nil
-# redis['tls_session_cache_timeout'] = nil
-
-### Disable or obfuscate unnecessary redis command names
-### Uncomment and edit this block to add or remove entries.
-### See https://docs.gitlab.com/omnibus/settings/redis.html#renamed-commands
-### for detailed usage
-###
-# redis['rename_commands'] = {
-#   'KEYS': ''
-#}
-#
-
-###! Configure timeout (in seconds) for runit's sv commands used for managing
-###! the Redis service
-# redis['runit_sv_timeout'] = nil
-
-###! **To enable only Redis service in this machine, uncomment
-###!   one of the lines below (choose master or replica instance types).**
-###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
-###!       https://docs.gitlab.com/ee/administration/high_availability/redis.html
-# redis_master_role['enable'] = true
-# redis_replica_role['enable'] = true
-
-### Redis TCP support (will disable UNIX socket transport)
-# redis['bind'] = '0.0.0.0' # or specify an IP to bind to a single one
-# redis['port'] = 6379
-# redis['password'] = 'redis-password-goes-here'
-
-### Redis Sentinel support
-###! **You need a master replica Redis replication to be able to do failover**
-###! **Please read the documentation before enabling it to understand the
-###!   caveats:**
-###! Docs: https://docs.gitlab.com/ee/administration/high_availability/redis.html
-
-### Replication support
-#### Replica Redis instance
-# redis['master'] = false # by default this is true
-
-#### Replica and Sentinel shared configuration
-####! **Both need to point to the master Redis instance to get replication and
-####!   heartbeat monitoring**
-# redis['master_name'] = 'gitlab-redis'
-# redis['master_ip'] = nil
-# redis['master_port'] = 6379
-
-#### Support to run redis replicas in a Docker or NAT environment
-####! Docs: https://redis.io/topics/replication#configuring-replication-in-docker-and-nat
-# redis['announce_ip'] = nil
-# redis['announce_port'] = nil
-# redis['announce_ip_from_hostname'] = false
-
-####! **Master password should have the same value defined in
-####!   redis['password'] to enable the instance to transition to/from
-####!   master/replica in a failover event.**
-# redis['master_password'] = 'redis-password-goes-here'
-
-####! Increase these values when your replicas can't catch up with master
-# redis['client_output_buffer_limit_normal'] = '0 0 0'
-# redis['client_output_buffer_limit_replica'] = '256mb 64mb 60'
-# redis['client_output_buffer_limit_pubsub'] = '32mb 8mb 60'
-
-#####! Redis snapshotting frequency
-#####! Set to [] to disable
-#####! Set to [''] to clear previously set values
-# redis['save'] = [ '900 1', '300 10', '60 10000' ]
-
-#####! Redis lazy freeing
-#####! Defaults to false
-# redis['lazyfree_lazy_eviction'] = true
-# redis['lazyfree_lazy_expire'] = true
-# redis['lazyfree_lazy_server_del'] = true
-# redis['replica_lazy_flush'] = true
-
-#####! Redis threaded I/O
-#####! Defaults to disabled
-# redis['io_threads'] = 4
-# redis['io_threads_do_reads'] = true
-
-################################################################################
-## GitLab Web server
-##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#using-a-non-bundled-web-server
-################################################################################
-
-##! When bundled nginx is disabled we need to add the external webserver user to
-##! the GitLab webserver group.
-# web_server['external_users'] = []
-# web_server['username'] = 'gitlab-www'
-# web_server['group'] = 'gitlab-www'
-# web_server['uid'] = nil
-# web_server['gid'] = nil
-# web_server['shell'] = '/bin/false'
-# web_server['home'] = '/var/opt/gitlab/nginx'
-
-################################################################################
-## GitLab NGINX
-##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html
-################################################################################
-
-# nginx['enable'] = true
-# nginx['client_max_body_size'] = '250m'
-# nginx['redirect_http_to_https'] = false
-# nginx['redirect_http_to_https_port'] = 80
-
-##! Most root CA's are included by default
-# nginx['ssl_client_certificate'] = "/etc/gitlab/ssl/ca.crt"
-
-##! enable/disable 2-way SSL client authentication
-# nginx['ssl_verify_client'] = "off"
-
-##! if ssl_verify_client on, verification depth in the client certificates chain
-# nginx['ssl_verify_depth'] = "1"
-
-# nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt"
-# nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key"
-# nginx['ssl_ciphers'] = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
-# nginx['ssl_prefer_server_ciphers'] = "off"
-
-##! **Recommended by: https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
-##!                   https://cipherli.st/**
-# nginx['ssl_protocols'] = "TLSv1.2 TLSv1.3"
-
-##! **Recommended in: https://nginx.org/en/docs/http/ngx_http_ssl_module.html**
-# nginx['ssl_session_cache'] = "shared:SSL:10m"
-
-##! **Recommended in: https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1d&ocsp=false&guideline=5.6**
-# nginx['ssl_session_tickets'] = "off"
-
-##! **Default according to https://nginx.org/en/docs/http/ngx_http_ssl_module.html**
-# nginx['ssl_session_timeout'] = "1d"
-
-# nginx['ssl_dhparam'] = nil # Path to dhparams.pem, eg. /etc/gitlab/ssl/dhparams.pem
-# nginx['ssl_password_file'] = nil # Path to file with passphrases for ssl certificate secret keys
-# nginx['listen_addresses'] = ['*', '[::]']
-
-##! **Defaults to forcing web browsers to always communicate using only HTTPS**
-##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-http-strict-transport-security
-# nginx['hsts_max_age'] = 63072000
-# nginx['hsts_include_subdomains'] = false
-
-##! Defaults to stripping path information when making cross-origin requests
-# nginx['referrer_policy'] = 'strict-origin-when-cross-origin'
-
-##! **Docs: http://nginx.org/en/docs/http/ngx_http_gzip_module.html**
-# nginx['gzip_enabled'] = true
-
-##! **Override only if you use a reverse proxy**
-##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port
-# nginx['listen_port'] = nil
-
-##! **Override only if your reverse proxy internally communicates over HTTP**
-##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl
-# nginx['listen_https'] = nil
-
-##! **Override only if you use a reverse proxy with proxy protocol enabled**
-##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#configuring-proxy-protocol
-# nginx['proxy_protocol'] = false
-
-# nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
-# nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/example.conf;"
-# nginx['proxy_read_timeout'] = 3600
-# nginx['proxy_connect_timeout'] = 300
-# nginx['proxy_set_headers'] = {
-#  "Host" => "$http_host_with_default",
-#  "X-Real-IP" => "$remote_addr",
-#  "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
-#  "X-Forwarded-Proto" => "https",
-#  "X-Forwarded-Ssl" => "on",
-#  "Upgrade" => "$http_upgrade",
-#  "Connection" => "$connection_upgrade"
-# }
-# nginx['proxy_cache_path'] = 'proxy_cache keys_zone=gitlab:10m max_size=1g levels=1:2'
-# nginx['proxy_cache'] = 'gitlab'
-# nginx['proxy_custom_buffer_size'] = '4k'
-# nginx['http2_enabled'] = true
-# nginx['real_ip_trusted_addresses'] = []
-# nginx['real_ip_header'] = nil
-# nginx['real_ip_recursive'] = nil
-# nginx['custom_error_pages'] = {
-#   '404' => {
-#     'title' => 'Example title',
-#     'header' => 'Example header',
-#     'message' => 'Example message'
-#   }
-# }
-
-### Advanced settings
-# nginx['dir'] = "/var/opt/gitlab/nginx"
-# nginx['log_directory'] = "/var/log/gitlab/nginx"
-# nginx['log_group'] = nil
-# nginx['error_log_level'] = "error"
-# nginx['worker_processes'] = 4
-# nginx['worker_connections'] = 10240
-# nginx['log_format'] = '$remote_addr - $remote_user [$time_local] "$request_method $filtered_request_uri $server_protocol" $status $body_bytes_sent "$filtered_http_referer" "$http_user_agent" $gzip_ratio'
-# nginx['sendfile'] = 'on'
-# nginx['tcp_nopush'] = 'on'
-# nginx['tcp_nodelay'] = 'on'
-# nginx['hide_server_tokens'] = 'off'
-# nginx['gzip_http_version'] = "1.0"
-# nginx['gzip_comp_level'] = "2"
-# nginx['gzip_proxied'] = "any"
-# nginx['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ]
-# nginx['keepalive_timeout'] = 65
-# nginx['keepalive_time'] = '1h'
-# nginx['cache_max_size'] = '5000m'
-# nginx['server_names_hash_bucket_size'] = 64
-##! These paths have proxy_request_buffering disabled
-# nginx['request_buffering_off_path_regex'] = "/api/v\\d/jobs/\\d+/artifacts$|/import/gitlab_project$|\\.git/git-receive-pack$|\\.git/gitlab-lfs/objects|\\.git/info/lfs/objects/batch$"
-
-### Nginx status
-# nginx['status'] = {
-#  "enable" => true,
-#  "listen_addresses" => ["127.0.0.1"],
-#  "fqdn" => "dev.example.com",
-#  "port" => 9999,
-#  "vts_enable" => true,
-#  "options" => {
-#    "server_tokens" => "off", # Don't show the version of NGINX
-#    "access_log" => "off", # Disable logs for stats
-#    "allow" => "127.0.0.1", # Only allow access from localhost
-#    "deny" => "all" # Deny access to anyone else
-#  }
-# }
-
-##! Service name used to register Nginx as a Consul service
-# nginx['consul_service_name'] = 'nginx'
-##! Semantic metadata used when registering NGINX as a Consul service
-# nginx['consul_service_meta'] = {}
-
-################################################################################
-## GitLab Logging
-##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html
-################################################################################
-
-# logging['svlogd_size'] = 200 * 1024 * 1024 # rotate after 200 MB of log data
-# logging['svlogd_num'] = 30 # keep 30 rotated log files
-# logging['svlogd_timeout'] = 24 * 60 * 60 # rotate after 24 hours
-# logging['svlogd_filter'] = "gzip" # compress logs with gzip
-# logging['svlogd_udp'] = nil # transmit log messages via UDP
-# logging['svlogd_prefix'] = nil # custom prefix for log messages
-# logging['logrotate_frequency'] = "daily" # rotate logs daily
-# logging['logrotate_maxsize'] = nil # rotate logs when they grow bigger than size bytes even before the specified time interval (daily, weekly, monthly, or yearly)
-# logging['logrotate_size'] = nil # do not rotate by size by default
-# logging['logrotate_rotate'] = 30 # keep 30 rotated logs
-# logging['logrotate_compress'] = "compress" # see 'man logrotate'
-# logging['logrotate_method'] = "copytruncate" # see 'man logrotate'
-# logging['logrotate_postrotate'] = nil # no postrotate command by default
-# logging['logrotate_dateformat'] = nil # use date extensions for rotated files rather than numbers e.g. a value of "-%Y-%m-%d" would give rotated files like production.log-2016-03-09.gz
-# logging['log_group'] = nil # assign this group to specified log directories and use it for runit-managed logs, can be overridden per-service
-
-### UDP log forwarding
-##! Docs: http://docs.gitlab.com/omnibus/settings/logs.html#udp-log-forwarding
-
-##! remote host to ship log messages to via UDP
-# logging['udp_log_shipping_host'] = nil
-
-##! override the hostname used when logs are shipped via UDP,
-##  by default the system hostname will be used.
-# logging['udp_log_shipping_hostname'] = nil
-
-##! remote port to ship log messages to via UDP
-# logging['udp_log_shipping_port'] = 514
-
-
-################################################################################
-## Logrotate
-##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html#logrotate
-##! You can disable built in logrotate feature.
-################################################################################
-# logrotate['enable'] = true
-# logrotate['log_directory'] = "/var/log/gitlab/logrotate"
-# logrotate['log_group'] = nil
-
-################################################################################
-## Users and groups accounts
-##! Disable management of users and groups accounts.
-##! **Set only if creating accounts manually**
-##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-user-and-group-account-management
-################################################################################
-
-# manage_accounts['enable'] = true
-
-################################################################################
-## Storage directories
-##! Disable managing storage directories
-##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-storage-directories-management
-################################################################################
-
-##! **Set only if the select directories are created manually**
-# manage_storage_directories['enable'] = false
-# manage_storage_directories['manage_etc'] = false
-
-################################################################################
-## Runtime directory
-##! Docs: https://docs.gitlab.com//omnibus/settings/configuration.html#configuring-runtime-directory
-################################################################################
-
-# runtime_dir '/run'
-
-################################################################################
-## Git
-##! Advanced setting for configuring git system settings for omnibus-gitlab
-##! internal git
-################################################################################
-
-##! The format of the Omnibus gitconfig is:
-##! { "section" => ["subsection = value"] }
-##! For example:
-##! { "pack" => ["threads = 1"] }
-##! For multiple options under one header use array of comma separated values,
-##! eg.:
-##! { "receive" => ["fsckObjects = true"], "alias" => ["st = status", "co = checkout"] }
-# omnibus_gitconfig['system'] = {}
-
-################################################################################
-## GitLab Pages
-##! Docs: https://docs.gitlab.com/ee/administration/pages/
-################################################################################
-
-##! Define to enable GitLab Pages
-# pages_external_url "http://pages.example.com/"
-# gitlab_pages['enable'] = false
-
-##! Configure to expose GitLab Pages on external IP address, serving the HTTP
-# gitlab_pages['external_http'] = []
-
-##! Configure to expose GitLab Pages on external IP address, serving the HTTPS
-# gitlab_pages['external_https'] = []
-
-##! Configure to expose GitLab Pages on external IP address, serving the HTTPS over PROXYv2
-# gitlab_pages['external_https_proxyv2'] = []
-
-##! Configure cert when using external IP address
-# gitlab_pages['cert'] = "/etc/gitlab/ssl/#{Gitlab['gitlab_pages']['domain']}.crt"
-# gitlab_pages['cert_key'] = "/etc/gitlab/ssl/#{Gitlab['gitlab_pages']['domain']}.key"
-
-##! Configure to use the default list of cipher suites
-# gitlab_pages['insecure_ciphers'] = false
-
-##! Configure to enable health check endpoint on GitLab Pages
-# gitlab_pages['status_uri'] = "/@status"
-
-##! Tune the maximum number of concurrent connections GitLab Pages will handle.
-##! Default to 0 for unlimited connections.
-# gitlab_pages['max_connections'] = 0
-
-##! Configure the maximum length of URIs accepted by GitLab Pages
-##! By default is limited for security reasons. Set 0 for unlimited
-# gitlab_pages['max_uri_length'] = 1024
-
-##! Setting the propagate_correlation_id to true allows installations behind a reverse proxy
-##! generate and set a correlation ID to requests sent to GitLab Pages. If a reverse proxy
-##! sets the header value X-Request-ID, the value will be propagated in the request chain.
-# gitlab_pages['propagate_correlation_id'] = false
-
-##! Configure to use JSON structured logging in GitLab Pages
-# gitlab_pages['log_format'] = "json"
-
-##! Configure verbose logging for GitLab Pages
-# gitlab_pages['log_verbose'] = false
-
-##! Error Reporting and Logging with Sentry
-# gitlab_pages['sentry_enabled'] = false
-# gitlab_pages['sentry_dsn'] = 'https://<key>@sentry.io/<project>'
-# gitlab_pages['sentry_environment'] = 'production'
-
-##! Listen for requests forwarded by reverse proxy
-# gitlab_pages['listen_proxy'] = "localhost:8090"
-
-# gitlab_pages['redirect_http'] = true
-# gitlab_pages['use_http2'] = true
-# gitlab_pages['dir'] = "/var/opt/gitlab/gitlab-pages"
-# gitlab_pages['log_directory'] = "/var/log/gitlab/gitlab-pages"
-# gitlab_pages['log_group'] = nil
-
-# gitlab_pages['artifacts_server'] = true
-# gitlab_pages['artifacts_server_url'] = nil # Defaults to external_url + '/api/v4'
-# gitlab_pages['artifacts_server_timeout'] = 10
-
-##! Prometheus metrics for Pages docs: https://gitlab.com/gitlab-org/gitlab-pages/#enable-prometheus-metrics
-# gitlab_pages['metrics_address'] = ":9235"
-
-##! Specifies the minimum TLS version ("tls1.2" or "tls1.3")
-# gitlab_pages['tls_min_version'] = "tls1.2"
-
-##! Specifies the maximum TLS version ("tls1.2" or "tls1.3")
-# gitlab_pages['tls_max_version'] = "tls1.3"
-
-##! Pages access control
-# gitlab_pages['access_control'] = false
-# gitlab_pages['gitlab_id'] = nil # Automatically generated if not present
-# gitlab_pages['gitlab_secret'] = nil # Generated if not present
-# gitlab_pages['auth_redirect_uri'] = nil # Defaults to projects subdomain of pages_external_url and + '/auth'
-# gitlab_pages['gitlab_server'] = nil # Defaults to external_url
-# gitlab_pages['internal_gitlab_server'] = nil # Defaults to gitlab_server, can be changed to internal load balancer
-# gitlab_pages['auth_secret'] = nil # Generated if not present
-# gitlab_pages['auth_scope'] = nil # Defaults to api, can be changed to read_api to increase security
-# gitlab_pages['auth_cookie_session_timeout'] = "10m" # Authentication cookie session timeout (truncated to seconds). A zero value means the cookie will be deleted after the browser session ends
-
-##! GitLab Pages Server Shutdown Timeout
-##! Duration ("30s" for 30 seconds)
-# gitlab_pages['server_shutdown_timeout'] = "30s"
-
-##! GitLab API HTTP client connection timeout
-# gitlab_pages['gitlab_client_http_timeout'] = "10s"
-
-##! GitLab API JWT Token expiry time
-# gitlab_pages['gitlab_client_jwt_expiry'] = "30s"
-
-##! Advanced settings for API-based configuration for GitLab Pages.
-##! The recommended default values are set inside GitLab Pages.
-##! Should be changed only if absolutely needed.
-
-##! The maximum time a domain's configuration is stored in the cache.
-# gitlab_pages['gitlab_cache_expiry'] = "600s"
-##! The interval at which a domain's configuration is set to be due to refresh (default: 60s).
-# gitlab_pages['gitlab_cache_refresh'] = "60s"
-##! The interval at which expired items are removed from the cache (default: 60s).
-# gitlab_pages['gitlab_cache_cleanup'] = "60s"
-##! The maximum time to wait for a response from the GitLab API per request.
-# gitlab_pages['gitlab_retrieval_timeout'] = "30s"
-##! The interval to wait before retrying to resolve a domain's configuration via the GitLab API.
-# gitlab_pages['gitlab_retrieval_interval'] = "1s"
-##! The maximum number of times to retry to resolve a domain's configuration via the API
-# gitlab_pages['gitlab_retrieval_retries'] = 3
-
-##! Define custom gitlab-pages HTTP headers for the whole instance
-# gitlab_pages['headers'] = []
-
-##! Shared secret used for authentication between Pages and GitLab
-# gitlab_pages['api_secret_key'] = nil # Will be generated if not set. Base64 encoded and exactly 32 bytes long.
-
-##! Advanced settings for serving GitLab Pages from zip archives.
-##! The recommended default values are set inside GitLab Pages.
-##! Should be changed only if absolutely needed.
-
-##! The maximum time an archive will be cached in memory.
-# gitlab_pages['zip_cache_expiration'] = "60s"
-##! Zip archive cache cleaning interval.
-# gitlab_pages['zip_cache_cleanup'] = "30s"
-##! The interval to refresh a cache archive if accessed before expiring.
-# gitlab_pages['zip_cache_refresh'] = "30s"
-##! The maximum amount of time it takes to open a zip archive from the file system or object storage.
-# gitlab_pages['zip_open_timeout'] = "30s"
-##! Zip HTTP Client timeout
-# gitlab_pages['zip_http_client_timeout'] = "30m"
-
-##! ReadTimeout is the maximum duration for reading the entire request, including the body. A zero or negative value means there will be no timeout.
-# gitlab_pages['server_read_timeout'] = "5s"
-##! ReadHeaderTimeout is the amount of time allowed to read request headers. A zero or negative value means there will be no timeout.
-# gitlab_pages['server_read_header_timeout'] = "1s"
-##! WriteTimeout is the maximum duration before timing out writes of the response. A zero or negative value means there will be no timeout.
-# gitlab_pages['server_write_timeout'] = "5m"
-##! KeepAlive specifies the keep-alive period for network connections accepted by this listener. If zero, keep-alives are enabled if supported by the protocol and operating system. If negative, keep-alives are disabled.
-# gitlab_pages['server_keep_alive'] = "15s"
-
-##! Enable serving content from disk instead of Object Storage
-# gitlab_pages['enable_disk'] = nil
-
-##! Rate-limiting options below work in report-only mode:
-##! they only count rejected requests, but don't reject them
-##! enable `FF_ENABLE_RATE_LIMITER=true` environment variable to
-##! reject requests.
-
-##! Rate limits as described in https://docs.gitlab.com/ee/administration/pages/#rate-limits
-
-##! Rate limit HTTP requests per second from a single IP, 0 means is disabled
-# gitlab_pages['rate_limit_source_ip'] = 50.0
-##! Rate limit HTTP requests from a single IP, maximum burst allowed per second
-# gitlab_pages['rate_limit_source_ip_burst'] = 600
-##! Rate limit HTTP requests per second to a single domain, 0 means is disabled
-# gitlab_pages['rate_limit_domain'] = 0
-##! Rate limit HTTP requests to a single domain, maximum burst allowed per second
-# gitlab_pages['rate_limit_domain_burst'] = 10000
-
-##! Rate limit new TLS connections per second from a single IP, 0 means is disabled
-# gitlab_pages['rate_limit_tls_source_ip'] = 50.0
-##! Rate limit new TLS connections from a single IP, maximum burst allowed per second
-# gitlab_pages['rate_limit_tls_source_ip_burst'] = 600
-##!Rate limit new TLS connections per second from to a single domain, 0 means is disabled
-# gitlab_pages['rate_limit_tls_domain'] = 0
-##! Rate limit new TLS connections to a single domain, maximum burst allowed per second
-# gitlab_pages['rate_limit_tls_domain_burst'] = 10000
-
-##! The maximum size of the _redirects file, in bytes
-# gitlab_pages['redirects_max_config_size'] = 65536
-##! The maximum number of path segments allowed in _redirects rules URLs
-# gitlab_pages['redirects_max_path_segments'] = 25
-##! The maximum number of rules allowed in _redirects
-# gitlab_pages['redirects_max_rule_count'] = 1000
-
-# gitlab_pages['env_directory'] = "/opt/gitlab/etc/gitlab-pages/env"
-# gitlab_pages['env'] = {
-#   'SSL_CERT_DIR' => "#{node['package']['install-dir']}/embedded/ssl/certs/"
-# }
-
-################################################################################
-## GitLab Pages NGINX
-################################################################################
-
-# All the settings defined in the "GitLab Nginx" section are also available in
-# this "GitLab Pages NGINX" section, using the key `pages_nginx`.  However,
-# those settings should be explicitly set. That is, settings given as
-# `nginx['some_setting']` WILL NOT be automatically replicated as
-# `pages_nginx['some_setting']` and should be set separately.
-
-# Below you can find settings that are exclusive to "GitLab Pages NGINX"
-# pages_nginx['enable'] = true
-
-# gitlab_rails['pages_path'] = "/var/opt/gitlab/gitlab-rails/shared/pages"
-
-################################################################################
-## GitLab CI
-##! Docs: https://docs.gitlab.com/ee/ci/quick_start/
-################################################################################
-
-# gitlab_ci['gitlab_ci_all_broken_builds'] = true
-# gitlab_ci['gitlab_ci_add_pusher'] = true
-# gitlab_ci['builds_directory'] = '/var/opt/gitlab/gitlab-ci/builds'
-
-################################################################################
-## GitLab Kubernetes Agent Server
-##! Docs: https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent/blob/master/README.md
-################################################################################
-
-##! Settings used by the GitLab application
-# gitlab_rails['gitlab_kas_enabled'] = true
-# gitlab_rails['gitlab_kas_external_url'] = 'ws://gitlab.example.com/-/kubernetes-agent/'
-# gitlab_rails['gitlab_kas_internal_url'] = 'grpc://localhost:8153'
-# gitlab_rails['gitlab_kas_external_k8s_proxy_url'] = 'https://gitlab.example.com/-/kubernetes-agent/k8s-proxy/'
-
-##! Define to enable GitLab KAS
-# gitlab_kas_external_url "ws://gitlab.example.com/-/kubernetes-agent/"
-# gitlab_kas['enable'] = true
-
-##! Agent configuration for GitLab KAS
-# gitlab_kas['agent_configuration_poll_period'] = 20
-# gitlab_kas['agent_gitops_poll_period'] = 20
-# gitlab_kas['agent_gitops_project_info_cache_ttl'] = 300
-# gitlab_kas['agent_gitops_project_info_cache_error_ttl'] = 60
-# gitlab_kas['agent_info_cache_ttl'] = 300
-# gitlab_kas['agent_info_cache_error_ttl'] = 60
-
-##! Shared secret used for authentication between KAS and GitLab
-# gitlab_kas['api_secret_key'] = nil # Will be generated if not set. Base64 encoded and exactly 32 bytes long.
-
-##! Shared secret used for authentication between different KAS instances in a multi-node setup
-# gitlab_kas['private_api_secret_key'] = nil # Will be generated if not set. Base64 encoded and exactly 32 bytes long.
-
-##! Listen configuration for GitLab KAS
-# gitlab_kas['listen_address'] = 'localhost:8150'
-# gitlab_kas['listen_network'] = 'tcp'
-# gitlab_kas['listen_websocket'] = true
-# gitlab_kas['certificate_file'] = "/path/to/certificate.pem"
-# gitlab_kas['key_file'] = "/path/to/key.pem"
-# gitlab_kas['observability_listen_network'] = 'tcp'
-# gitlab_kas['observability_listen_address'] = 'localhost:8151'
-# gitlab_kas['internal_api_listen_network'] = 'tcp'
-# gitlab_kas['internal_api_listen_address'] = 'localhost:8153'
-# gitlab_kas['internal_api_certificate_file'] = "/path/to/certificate.pem"
-# gitlab_kas['internal_api_key_file'] = "/path/to/key.pem"
-# gitlab_kas['kubernetes_api_listen_address'] = 'localhost:8154'
-# gitlab_kas['kubernetes_api_certificate_file'] = "/path/to/certificate.pem"
-# gitlab_kas['kubernetes_api_key_file'] = "/path/to/key.pem"
-# gitlab_kas['private_api_listen_network'] = 'tcp'
-# gitlab_kas['private_api_listen_address'] = 'localhost:8155'
-# gitlab_kas['private_api_certificate_file'] = "/path/to/certificate.pem"
-# gitlab_kas['private_api_key_file'] = "/path/to/key.pem"
-
-##! Metrics configuration for GitLab KAS
-# gitlab_kas['metrics_usage_reporting_period'] = 60
-
-##! Log configuration for GitLab KAS
-# gitlab_kas['log_level'] = 'info'
-
-##! Environment variables for GitLab KAS
-# gitlab_kas['env'] = {
-#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/",
-#   # In a multi-node setup, this address MUST be reachable from other KAS instances. In a single-node setup, it can be on localhost for simplicity
-#   'OWN_PRIVATE_API_URL' => 'grpc://localhost:8155'
-# }
-
-##! Error Reporting and Logging with Sentry
-# gitlab_kas['sentry_dsn'] = 'https://<key>@sentry.io/<project>'
-# gitlab_kas['sentry_environment'] = 'production'
-
-##! Directories for GitLab KAS
-# gitlab_kas['dir'] = '/var/opt/gitlab/gitlab-kas'
-# gitlab_kas['log_directory'] = '/var/log/gitlab/gitlab-kas'
-# gitlab_kas['log_group'] = nil
-# gitlab_kas['env_directory'] = '/opt/gitlab/etc/gitlab-kas/env'
-
-################################################################################
-## GitLab Suggested Reviewers (EE Only)
-##! Docs: https://docs.gitlab.com/ee/user/project/merge_requests/reviews/#suggested-reviewers
-################################################################################
-
-##! Shared secret used for authentication between Suggested Reviewers and GitLab
-# suggested_reviewers['api_secret_key'] = nil # Will be generated if not set. Base64 encoded and exactly 32 bytes long.
-
-################################################################################
-## GitLab Mattermost
-##! Docs: https://docs.gitlab.com/omnibus/gitlab-mattermost
-################################################################################
-
-# mattermost_external_url 'http://mattermost.example.com'
-
-# mattermost['enable'] = false
-# mattermost['username'] = 'mattermost'
-# mattermost['group'] = 'mattermost'
-# mattermost['uid'] = nil
-# mattermost['gid'] = nil
-# mattermost['home'] = '/var/opt/gitlab/mattermost'
-# mattermost['database_name'] = 'mattermost_production'
-# mattermost['env'] = {
-#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
-# }
-# mattermost['service_address'] = "127.0.0.1"
-# mattermost['service_port'] = "8065"
-# mattermost['service_site_url'] = nil
-# mattermost['service_allowed_untrusted_internal_connections'] = ""
-# mattermost['service_enable_api_team_deletion'] = true
-# mattermost['team_site_name'] = "GitLab Mattermost"
-# mattermost['sql_driver_name'] = 'mysql'
-# mattermost['sql_data_source'] = "mmuser:mostest@tcp(dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8"
-# mattermost['log_file_directory'] = '/var/log/gitlab/mattermost/'
-# mattermost['gitlab_enable'] = false
-# mattermost['gitlab_id'] = "12345656"
-# mattermost['gitlab_secret'] = "123456789"
-# mattermost['gitlab_scope'] = ""
-# mattermost['gitlab_auth_endpoint'] = "http://gitlab.example.com/oauth/authorize"
-# mattermost['gitlab_token_endpoint'] = "http://gitlab.example.com/oauth/token"
-# mattermost['gitlab_user_api_endpoint'] = "http://gitlab.example.com/api/v4/user"
-# mattermost['file_directory'] = "/var/opt/gitlab/mattermost/data"
-# mattermost['plugin_directory'] = "/var/opt/gitlab/mattermost/plugins"
-# mattermost['plugin_client_directory'] = "/var/opt/gitlab/mattermost/client-plugins"
-
-################################################################################
-## Mattermost NGINX
-################################################################################
-
-# All the settings defined in the "GitLab Nginx" section are also available in
-# this "Mattermost NGINX" section, using the key `mattermost_nginx`.  However,
-# those settings should be explicitly set. That is, settings given as
-# `nginx['some_setting']` WILL NOT be automatically replicated as
-# `mattermost_nginx['some_setting']` and should be set separately.
-
-# Below you can find settings that are exclusive to "Mattermost NGINX"
-# mattermost_nginx['enable'] = false
-
-# mattermost_nginx['custom_gitlab_mattermost_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
-# mattermost_nginx['proxy_set_headers'] = {
-#   "Host" => "$http_host",
-#   "X-Real-IP" => "$remote_addr",
-#   "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
-#   "X-Frame-Options" => "SAMEORIGIN",
-#   "X-Forwarded-Proto" => "https",
-#   "X-Forwarded-Ssl" => "on",
-#   "Upgrade" => "$http_upgrade",
-#   "Connection" => "$connection_upgrade"
-# }
-
-
-################################################################################
-## Registry NGINX
-################################################################################
-
-# All the settings defined in the "GitLab Nginx" section are also available in
-# this "Registry NGINX" section, using the key `registry_nginx`.  However, those
-# settings should be explicitly set. That is, settings given as
-# `nginx['some_setting']` WILL NOT be automatically replicated as
-# `registry_nginx['some_setting']` and should be set separately.
-
-# Below you can find settings that are exclusive to "Registry NGINX"
-# registry_nginx['enable'] = false
-
-# registry_nginx['proxy_set_headers'] = {
-#  "Host" => "$http_host",
-#  "X-Real-IP" => "$remote_addr",
-#  "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
-#  "X-Forwarded-Proto" => "https",
-#  "X-Forwarded-Ssl" => "on"
-# }
-
-# When the registry is automatically enabled using the same domain as `external_url`,
-# it listens on this port
-# registry_nginx['listen_port'] = 5050
-
-################################################################################
-## Prometheus
-##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/
-################################################################################
-
-###! **To enable only Monitoring service in this machine, uncomment
-###!   the line below.**
-###! Docs: https://docs.gitlab.com/ee/administration/high_availability
-# monitoring_role['enable'] = true
-
-# prometheus['enable'] = true
-# prometheus['monitor_kubernetes'] = true
-# prometheus['username'] = 'gitlab-prometheus'
-# prometheus['group'] = 'gitlab-prometheus'
-# prometheus['uid'] = nil
-# prometheus['gid'] = nil
-# prometheus['shell'] = '/bin/sh'
-# prometheus['home'] = '/var/opt/gitlab/prometheus'
-# prometheus['log_directory'] = '/var/log/gitlab/prometheus'
-# prometheus['log_group'] = nil
-# prometheus['rules_files'] = ['/var/opt/gitlab/prometheus/rules/*.rules']
-# prometheus['scrape_interval'] = 15
-# prometheus['scrape_timeout'] = 15
-# prometheus['external_labels'] = { }
-# prometheus['env_directory'] = '/opt/gitlab/etc/prometheus/env'
-# prometheus['env'] = {
-#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
-# }
-#
-### Custom scrape configs
-#
-# Prometheus can scrape additional jobs via scrape_configs.  The default automatically
-# includes all of the exporters supported by the omnibus config.
-#
-# See: https://prometheus.io/docs/operating/configuration/#<scrape_config>
-#
-# Example:
-#
-# prometheus['scrape_configs'] = [
-#   {
-#     'job_name': 'example',
-#     'static_configs' => [
-#       'targets' => ['hostname:port'],
-#     ],
-#   },
-# ]
-#
-### Custom alertmanager config
-#
-# To configure external alertmanagers, create an alertmanager config.
-#
-# See: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config
-#
-# prometheus['alertmanagers'] = [
-#   {
-#     'static_configs' => [
-#       {
-#         'targets' => [
-#           'hostname:port'
-#         ]
-#       }
-#     ]
-#   }
-# ]
-#
-### Custom Prometheus flags
-#
-# prometheus['flags'] = {
-#   'storage.tsdb.path' => "/var/opt/gitlab/prometheus/data",
-#   'storage.tsdb.retention.time' => "15d",
-#   'config.file' => "/var/opt/gitlab/prometheus/prometheus.yml"
-# }
-
-##! Advanced settings. Should be changed only if absolutely needed.
-# prometheus['listen_address'] = 'localhost:9090'
-#
-
-##! Service name used to register Prometheus as a Consul service
-# prometheus['consul_service_name'] = 'prometheus'
-##! Semantic metadata used when registering Prometheus as a Consul service
-# prometheus['consul_service_meta'] = {}
-
-################################################################################
-###! **Only needed if Prometheus and Rails are not on the same server.**
-### For example, in a multi-node architecture, Prometheus will be installed on the monitoring node, while Rails will be on the Rails node.
-### https://docs.gitlab.com/ee/administration/monitoring/prometheus/index.html#using-an-external-prometheus-server
-### This value should be the address at which Prometheus is available to a GitLab Rails(Puma, Sidekiq) node.
-################################################################################
-# gitlab_rails['prometheus_address'] = 'your.prom:9090'
-
-################################################################################
-## Prometheus Alertmanager
-################################################################################
-
-# alertmanager['enable'] = true
-# alertmanager['home'] = '/var/opt/gitlab/alertmanager'
-# alertmanager['log_directory'] = '/var/log/gitlab/alertmanager'
-# alertmanager['log_group'] = nil
-# alertmanager['admin_email'] = 'admin@example.com'
-# alertmanager['flags'] = {
-#   'web.listen-address' => "localhost:9093",
-#   'storage.path' => "/var/opt/gitlab/alertmanager/data",
-#   'config.file' => "/var/opt/gitlab/alertmanager/alertmanager.yml"
-# }
-# alertmanager['env_directory'] = '/opt/gitlab/etc/alertmanager/env'
-# alertmanager['env'] = {
-#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
-# }
-
-##! Advanced settings. Should be changed only if absolutely needed.
-# alertmanager['listen_address'] = 'localhost:9093'
-# alertmanager['global'] = {}
-
-################################################################################
-## Prometheus Node Exporter
-##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/node_exporter.html
-################################################################################
-
-# node_exporter['enable'] = true
-# node_exporter['home'] = '/var/opt/gitlab/node-exporter'
-# node_exporter['log_directory'] = '/var/log/gitlab/node-exporter'
-# node_exporter['log_group'] = nil
-# node_exporter['flags'] = {
-#   'collector.textfile.directory' => "/var/opt/gitlab/node-exporter/textfile_collector"
-# }
-# node_exporter['env_directory'] = '/opt/gitlab/etc/node-exporter/env'
-# node_exporter['env'] = {
-#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
-# }
-
-##! Advanced settings. Should be changed only if absolutely needed.
-# node_exporter['listen_address'] = 'localhost:9100'
-
-##! Service name used to register Node Exporter as a Consul service
-# node_exporter['consul_service_name'] = 'node-exporter'
-##! Semantic metadata used when registering Node Exporter as a Consul service
-# node_exporter['consul_service_meta'] = {}
-
-################################################################################
-## Prometheus Redis exporter
-##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/redis_exporter.html
-################################################################################
-
-# redis_exporter['enable'] = true
-# redis_exporter['log_directory'] = '/var/log/gitlab/redis-exporter'
-# redis_exporter['log_group'] = nil
-# redis_exporter['flags'] = {
-#   'redis.addr' => "unix:///var/opt/gitlab/redis/redis.socket",
-# }
-# redis_exporter['env_directory'] = '/opt/gitlab/etc/redis-exporter/env'
-# redis_exporter['env'] = {
-#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
-# }
-
-##! Advanced settings. Should be changed only if absolutely needed.
-# redis_exporter['listen_address'] = 'localhost:9121'
-
-##! Service name used to register Redis Exporter as a Consul service
-# redis_exporter['consul_service_name'] = 'redis-exporter'
-##! Semantic metadata used when registering Redis Exporter as a Consul service
-# redis_exporter['consul_service_meta'] = {}
-
-################################################################################
-## Prometheus Postgres exporter
-##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/postgres_exporter.html
-################################################################################
-
-# postgres_exporter['enable'] = true
-# postgres_exporter['home'] = '/var/opt/gitlab/postgres-exporter'
-# postgres_exporter['log_directory'] = '/var/log/gitlab/postgres-exporter'
-# postgres_exporter['log_group'] = nil
-# postgres_exporter['flags'] = {}
-# postgres_exporter['listen_address'] = 'localhost:9187'
-# postgres_exporter['env_directory'] = '/opt/gitlab/etc/postgres-exporter/env'
-# postgres_exporter['env'] = {
-#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
-# }
-# postgres_exporter['sslmode'] = nil
-# postgres_exporter['per_table_stats'] = false
-
-##! Service name used to register Postgres Exporter as a Consul service
-# postgres_exporter['consul_service_name'] = 'postgres-exporter'
-##! Semantic metadata used when registering Postgres Exporter as a Consul service
-# postgres_exporter['consul_service_meta'] = {}
-
-################################################################################
-## Prometheus PgBouncer exporter (EE only)
-##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/pgbouncer_exporter.html
-################################################################################
-
-# pgbouncer_exporter['enable'] = false
-# pgbouncer_exporter['log_directory'] = "/var/log/gitlab/pgbouncer-exporter"
-# pgbouncer_exporter['log_group'] = nil
-# pgbouncer_exporter['listen_address'] = 'localhost:9188'
-# pgbouncer_exporter['env_directory'] = '/opt/gitlab/etc/pgbouncer-exporter/env'
-# pgbouncer_exporter['env'] = {
-#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
-# }
-
-################################################################################
-## Prometheus Gitlab exporter
-##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/gitlab_exporter.html
-################################################################################
-
-
-# gitlab_exporter['enable'] = true
-# gitlab_exporter['log_directory'] = "/var/log/gitlab/gitlab-exporter"
-# gitlab_exporter['log_group'] = nil
-# gitlab_exporter['home'] = "/var/opt/gitlab/gitlab-exporter"
-
-##! Advanced settings. Should be changed only if absolutely needed.
-# gitlab_exporter['server_name'] = 'webrick'
-# gitlab_exporter['listen_address'] = 'localhost'
-# gitlab_exporter['listen_port'] = '9168'
-
-##! TLS settings.
-# gitlab_exporter['tls_enabled'] = false
-# gitlab_exporter['tls_cert_path'] = '/etc/gitlab/ssl/gitlab-exporter.crt'
-# gitlab_exporter['tls_key_path'] = '/etc/gitlab/ssl/gitlab-exporter.key'
-
-##! Prometheus scrape related configs
-# gitlab_exporter['prometheus_scrape_scheme'] = 'http'
-# gitlab_exporter['prometheus_scrape_tls_server_name'] = 'localhost'
-# gitlab_exporter['prometheus_scrape_tls_skip_verification'] = false
-
-##! Manage gitlab-exporter sidekiq probes. false by default when Sentinels are
-##! found.
-# gitlab_exporter['probe_sidekiq'] = true
-
-##! Manage gitlab-exporter elasticsearch probes. Add authorization header if security
-##! is enabled.
-# gitlab_exporter['probe_elasticsearch'] = false
-# gitlab_exporter['elasticsearch_url'] = 'http://localhost:9200'
-# gitlab_exporter['elasticsearch_authorization'] = 'Basic <yourbase64encodedcredentials>'
-
-##! Service name used to register GitLab Exporter as a Consul service
-# gitlab_exporter['consul_service_name'] = 'gitlab-exporter'
-##! Semantic metadata used when registering GitLab Exporter as a Consul service
-# gitlab_exporter['consul_service_meta'] = {}
-
-# To completely disable prometheus, and all of it's exporters, set to false
-# prometheus_monitoring['enable'] = true
-
-################################################################################
-## Grafana Dashboards
-##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/#prometheus-as-a-grafana-data-source
-################################################################################
-
-# grafana['enable'] = false
-# grafana['enable_deprecated_service'] = false
-# grafana['log_directory'] = '/var/log/gitlab/grafana'
-# grafana['log_group'] = nil
-# grafana['home'] = '/var/opt/gitlab/grafana'
-# grafana['admin_password'] = 'admin'
-# grafana['allow_user_sign_up'] = false
-# grafana['basic_auth_enabled'] = false
-# grafana['disable_login_form'] = true
-# grafana['gitlab_application_id'] = 'GITLAB_APPLICATION_ID'
-# grafana['gitlab_secret'] = 'GITLAB_SECRET'
-# grafana['env_directory'] = '/opt/gitlab/etc/grafana/env'
-# grafana['allowed_groups'] = []
-# grafana['gitlab_auth_sign_up'] = true
-# grafana['env'] = {
-#   'SSL_CERT_DIR' => "#{node['package']['install-dir']}/embedded/ssl/certs/"
-# }
-# grafana['metrics_enabled'] = false
-# grafana['metrics_basic_auth_username'] = 'grafana_metrics' # default: nil
-# grafana['metrics_basic_auth_password'] = 'please_set_a_unique_password' # default: nil
-# grafana['alerting_enabled'] = false
-
-### SMTP Configuration
-#
-# See: http://docs.grafana.org/administration/configuration/#smtp
-#
-# grafana['smtp'] = {
-#   'enabled' => true,
-#   'host' => 'localhost:25',
-#   'user' => nil,
-#   'password' => nil,
-#   'cert_file' => nil,
-#   'key_file' => nil,
-#   'skip_verify' => false,
-#   'from_address' => 'admin@grafana.localhost',
-#   'from_name' => 'Grafana',
-#   'ehlo_identity' => 'dashboard.example.com',
-#   'startTLS_policy' => nil
-# }
-
-# Grafana usage reporting defaults to gitlab_rails['usage_ping_enabled']
-# grafana['reporting_enabled'] = true
-
-### Dashboards
-#
-# See: http://docs.grafana.org/administration/provisioning/#dashboards
-#
-# NOTE: Setting this will override the default.
-#
-# grafana['dashboards'] = [
-#   {
-#     'name' => 'GitLab Omnibus',
-#     'orgId' => 1,
-#     'folder' => 'GitLab Omnibus',
-#     'type' => 'file',
-#     'disableDeletion' => true,
-#     'updateIntervalSeconds' => 600,
-#     'options' => {
-#       'path' => '/opt/gitlab/embedded/service/grafana-dashboards',
-#     }
-#   }
-# ]
-
-### Datasources
-#
-# See: http://docs.grafana.org/administration/provisioning/#example-datasource-config-file
-#
-# NOTE: Setting this will override the default.
-#
-# grafana['datasources'] = [
-#   {
-#     'name' => 'GitLab Omnibus',
-#     'type' => 'prometheus',
-#     'access' => 'proxy',
-#     'url' => 'http://localhost:9090'
-#   }
-# ]
-
-##! Advanced settings. Should be changed only if absolutely needed.
-# grafana['http_addr'] = 'localhost'
-# grafana['http_port'] = 3000
-
-################################################################################
-## Gitaly
-##! Docs: https://docs.gitlab.com/ee/administration/gitaly/configure_gitaly.html
-################################################################################
-
-# The gitaly['enable'] option exists for the purpose of cluster
-# deployments, see https://docs.gitlab.com/ee/administration/gitaly/index.html .
-# gitaly['enable'] = true
-# gitaly['dir'] = "/var/opt/gitlab/gitaly"
-# gitaly['log_group'] = nil
-# gitaly['bin_path'] = "/opt/gitlab/embedded/bin/gitaly"
-# gitaly['env_directory'] = "/opt/gitlab/etc/gitaly/env"
-# gitaly['env'] = {
-#  'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin",
-#  'HOME' => '/var/opt/gitlab',
-#  'TZ' => ':/etc/localtime',
-#  'PYTHONPATH' => "/opt/gitlab/embedded/lib/python3.9/site-packages",
-#  'ICU_DATA' => "/opt/gitlab/embedded/share/icu/current",
-#  'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/",
-#  'WRAPPER_JSON_LOGGING' => true
-# }
-
-# gitaly['open_files_ulimit'] = 15000 # Maximum number of open files allowed for the gitaly process
-##! Service name used to register Gitaly as a Consul service
-# gitaly['consul_service_name'] = 'gitaly'
-##! Semantic metadata used when registering Gitaly as a Consul service
-# gitaly['consul_service_meta'] = {}
-# gitaly['configuration'] = {
-#   socket_path: '/var/opt/gitlab/gitaly/gitaly.socket',
-#   runtime_dir: '/var/opt/gitlab/gitaly/run',
-#   listen_addr: 'localhost:8075',
-#   prometheus_listen_addr: 'localhost:9236',
-#   tls_listen_addr: 'localhost:9075',
-#   tls: {
-#     certificate_path: '/var/opt/gitlab/gitaly/certificate.pem',
-#     key_path: '/var/opt/gitlab/gitaly/key.pem',
-#   },
-#   graceful_restart_timeout: '1m', # Grace time for a gitaly process to finish ongoing requests
-#   logging: {
-#     dir: "/var/log/gitlab/gitaly",
-#     level: 'warn',
-#     format: 'json',
-#     sentry_dsn: 'https://<key>:<secret>@sentry.io/<project>',
-#     sentry_environment: 'production',
-#   },
-#   prometheus: {
-#     grpc_latency_buckets: [0.001, 0.005, 0.025, 0.1, 0.5, 1.0, 10.0, 30.0, 60.0, 300.0, 1500.0],
-#   },
-#   auth: {
-#     token: '<secret>',
-#     transitioning: false, # When true, auth is logged to Prometheus but NOT enforced
-#   },
-#   git: {
-#     catfile_cache_size: 100, # Number of 'git cat-file' processes kept around for re-use
-#     bin_path: '/opt/gitlab/embedded/bin/git', # A custom path for the 'git' executable
-#     use_bundled_binaries: true, # Whether to use bundled Git.
-#     signing_key: '/var/opt/gitlab/gitaly/signing_key.gpg',
-#     ## Gitaly knows to set up the required default configuration for spawned Git
-#     ## commands automatically. It should thus not be required to configure anything
-#     ## here, except in very special situations where you must e.g. tweak specific
-#     ## performance-related settings or enable debugging facilities. It is not safe in
-#     ## general to set Git configuration that may change Git output in ways that are
-#     ## unexpected by Gitaly.
-#     config: [
-#       { key: 'pack.threads', value: '4' },
-#       { key: 'http.http://example.com.proxy', value: 'http://example.proxy.com' },
-#     ],
-#   },
-#   hooks: {
-#     custom_hooks_dir: '/var/opt/gitlab/gitaly/custom_hooks',
-#   },
-#   daily_maintenance: {
-#     disabled: false,
-#     start_hour: 22,
-#     start_minute: 30,
-#     duration: '30m',
-#     storages: ['default'],
-#   },
-#   cgroups: {
-#     mountpoint: '/sys/fs/cgroup',
-#     hierarchy_root: 'gitaly',
-#     memory_bytes: 1048576,
-#     cpu_shares: 512,
-#     cpu_quota_us: 400000,
-#     repositories: {
-#       count: 1000,
-#       memory_bytes: 12884901888,
-#       cpu_shares: 128,
-#       cpu_quota_us: 200000
-#     },
-#   },
-#   concurrency: [
-#     {
-#       rpc: '/gitaly.SmartHTTPService/PostReceivePack',
-#       max_per_repo: 20,
-#     },
-#     {
-#       rpc: '/gitaly.SSHService/SSHUploadPack',
-#       max_per_repo: 5,
-#     },
-#   ],
-#   rate_limiting: [
-#     {
-#       rpc: '/gitaly.SmartHTTPService/PostReceivePack',
-#       interval: '1m',
-#       burst: 10,
-#     },
-#     {
-#       rpc: '/gitaly.SSHService/SSHUploadPack',
-#       interval: '1m',
-#       burst: 5,
-#     },
-#   ],
-#   pack_objects_cache: {
-#     enabled: true,
-#     dir: '/var/opt/gitlab/git-data/repositories/+gitaly/PackObjectsCache',
-#     max_age: '5m',
-#   },
-# }
-
-################################################################################
-## Praefect
-##! Docs: https://docs.gitlab.com/ee/administration/gitaly/praefect.html
-################################################################################
-
-# praefect['enable'] = false
-# praefect['dir'] = "/var/opt/gitlab/praefect"
-# praefect['log_directory'] = "/var/log/gitlab/praefect"
-# praefect['log_group'] = nil
-# praefect['env_directory'] = "/opt/gitlab/etc/praefect/env"
-# praefect['env'] = {
-#  'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/",
-#  'GITALY_PID_FILE' => "/var/opt/gitlab/praefect/praefect.pid",
-#  'WRAPPER_JSON_LOGGING' => true
-# }
-# praefect['wrapper_path'] = "/opt/gitlab/embedded/bin/gitaly-wrapper"
-# praefect['auto_migrate'] = true
-##! Service name used to register Praefect as a Consul service
-# praefect['consul_service_name'] = 'praefect'
-##! Semantic metadata used when registering Praefect as a Consul service
-# praefect['consul_service_meta'] = {}
-# praefect['configuration'] = {
-#   listen_addr: 'localhost:2305',
-#   prometheus_listen_addr: 'localhost:9652',
-#   tls_listen_addr: 'localhost:3305',
-#   auth: {
-#     token: '',
-#     transitioning: false,
-#   },
-#   logging: {
-#     format: 'json',
-#     level: 'warn',
-#   },
-#   failover: {
-#     enabled: true,
-#   },
-#   background_verification: {
-#     delete_invalid_records: false,
-#     verification_interval: '72h',
-#   },
-#   reconciliation: {
-#     scheduling_interval: '5m',
-#     histogram_buckets: [0.001, 0.005, 0.025, 0.1, 0.5, 1.0, 10.0],
-#   },
-#   tls: {
-#     certificate_path: '/var/opt/gitlab/prafect/certificate.pem',
-#     key_path: '/var/opt/gitlab/prafect/key.pem',
-#   },
-#   database: {
-#     host: 'postgres.external',
-#     port: 6432,
-#     user: 'praefect',
-#     password: 'secret',
-#     dbname: 'praefect_production',
-#     sslmode: 'disable',
-#     sslcert: '/path/to/client-cert',
-#     sslkey: '/path/to/client-key',
-#     sslrootcert: '/path/to/rootcert',
-#     session_pooled: {
-#       host: 'postgres.internal',
-#       port: 5432,
-#       user: 'praefect',
-#       password: 'secret',
-#       dbname: 'praefect_production_direct',
-#       sslmode: 'disable',
-#       sslcert: '/path/to/client-cert',
-#       sslkey: '/path/to/client-key',
-#       sslrootcert: '/path/to/rootcert',
-#     },
-#   },
-#   sentry: {
-#     sentry_dsn: 'https://<key>:<secret>@sentry.io/<project>',
-#     sentry_environment: 'production',
-#   },
-#   prometheus: {
-#     grpc_latency_buckets: [0.001, 0.005, 0.025, 0.1, 0.5, 1.0, 10.0, 30.0, 60.0, 300.0, 1500.0],
-#   },
-#   graceful_stop_timeout: '1m',
-#   virtual_storage: [
-#     {
-#       name: 'default',
-#       default_replication_factor: 3,
-#       node: [
-#         {
-#           storage: 'praefect-internal-0',
-#           address: 'tcp://10.23.56.78:8075',
-#           token: 'abc123',
-#         },
-#         {
-#           storage: 'praefect-internal-1',
-#           address: 'tcp://10.76.23.31:8075',
-#           token: 'xyz456',
-#         },
-#       ],
-#   	},
-#     {
-#       name: 'alternative',
-#       node: [
-#         {
-#           storage: 'praefect-internal-2',
-#           address: 'tcp://10.34.1.16:8075',
-#           token: 'abc321',
-#         },
-#         {
-#           storage: 'praefect-internal-3',
-#           address: 'tcp://10.23.18.6:8075',
-#           token: 'xyz890',
-#         },
-#       ],
-#     },
-#   ],
-# }
-
-################################################################################
-# Storage check
-################################################################################
-# storage_check['enable'] = false
-# storage_check['target'] = 'unix:///var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'
-# storage_check['log_directory'] = '/var/log/gitlab/storage-check'
-# storage_check['log_group'] = nil
-
-################################################################################
-# Let's Encrypt integration
-################################################################################
-# letsencrypt['enable'] = nil
-# letsencrypt['contact_emails'] = [] # This should be an array of email addresses to add as contacts
-# letsencrypt['group'] = 'root'
-# letsencrypt['key_size'] = 2048
-# letsencrypt['owner'] = 'root'
-# letsencrypt['wwwroot'] = '/var/opt/gitlab/nginx/www'
-# See http://docs.gitlab.com/omnibus/settings/ssl.html#automatic-renewal for more on these sesttings
-# letsencrypt['auto_renew'] = true
-# letsencrypt['auto_renew_hour'] = 0
-# letsencrypt['auto_renew_minute'] = nil # Should be a number or cron expression, if specified.
-# letsencrypt['auto_renew_day_of_month'] = "*/4"
-# letsencrypt['auto_renew_log_directory'] = '/var/log/gitlab/lets-encrypt'
-
-##! Turn off automatic init system detection. To skip init detection in
-##! non-docker containers. Recommended not to change.
-# package['detect_init'] = true
-
-##! Attempt to modify kernel paramaters. To skip this in containers where the
-##! relevant file system is read-only, set the value to false.
-# package['modify_kernel_parameters'] = true
-
-##! Specify maximum number of tasks that can be created by the systemd unit
-##! Will be populated as TasksMax value to the unit file if user is on a systemd
-##! version that supports it (>= 227). Will be a no-op if user is not on systemd.
-# package['systemd_tasks_max'] = 4915
-
-##! Settings to configure order of GitLab's systemd unit.
-##! Note: We do not recommend changing these values unless absolutely necessary
-# package['systemd_after'] = 'multi-user.target'
-# package['systemd_wanted_by'] = 'multi-user.target'
-
-##! Settings to control secret generation and storage
-##! Note: We do not recommend changing these values unless absolutely necessary
-##! Set to false to only parse secrets from `gitlab-secrets.json` file but not generate them.
-# package['generate_default_secrets'] = true
-##! Set to false to prevent creating `gitlab-secrets.json` file
-# package['generate_secrets_json_file'] = true
-################################################################################
-################################################################################
-##                  Configuration Settings for GitLab EE only                 ##
-################################################################################
-################################################################################
-
-
-################################################################################
-## Auxiliary cron jobs applicable to GitLab EE only
-################################################################################
-#
-# gitlab_rails['geo_repository_sync_worker_cron'] = "*/5 * * * *"
-# gitlab_rails['geo_secondary_registry_consistency_worker'] = "* * * * *"
-# gitlab_rails['geo_secondary_usage_data_cron_worker'] = "0 0 * * 0"
-# gitlab_rails['geo_prune_event_log_worker_cron'] = "*/5 * * * *"
-# gitlab_rails['geo_repository_verification_primary_batch_worker_cron'] = "*/5 * * * *"
-# gitlab_rails['geo_repository_verification_secondary_scheduler_worker_cron'] = "*/5 * * * *"
-# gitlab_rails['ldap_sync_worker_cron'] = "30 1 * * *"
-# gitlab_rails['ldap_group_sync_worker_cron'] = "0 * * * *"
-# gitlab_rails['historical_data_worker_cron'] = "0 12 * * *"
-# gitlab_rails['elastic_index_bulk_cron'] = "*/1 * * * *"
-# gitlab_rails['analytics_devops_adoption_create_all_snapshots_worker_cron'] = "0 4 * * 0"
-# gitlab_rails['ci_runners_stale_group_runners_prune_worker_cron'] = "30 * * * *"
-
-################################################################################
-## Kerberos (EE Only)
-##! Docs: https://docs.gitlab.com/ee/integration/kerberos.html#http-git-access
-################################################################################
-
-# gitlab_rails['kerberos_enabled'] = true
-# gitlab_rails['kerberos_keytab'] = /etc/http.keytab
-# gitlab_rails['kerberos_service_principal_name'] = HTTP/gitlab.example.com@EXAMPLE.COM
-# gitlab_rails['kerberos_simple_ldap_linking_allowed_realms'] = ['example.com','kerberos.example.com']
-# gitlab_rails['kerberos_use_dedicated_port'] = true
-# gitlab_rails['kerberos_port'] = 8443
-# gitlab_rails['kerberos_https'] = true
-
-################################################################################
-## Package repository
-##! Docs: https://docs.gitlab.com/ee/administration/packages/
-################################################################################
-
-# gitlab_rails['packages_enabled'] = true
-# gitlab_rails['packages_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/packages"
-# gitlab_rails['packages_object_store_enabled'] = false
-# gitlab_rails['packages_object_store_proxy_download'] = false
-# gitlab_rails['packages_object_store_remote_directory'] = "packages"
-# gitlab_rails['packages_object_store_connection'] = {
-#   'provider' => 'AWS',
-#   'region' => 'eu-west-1',
-#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
-#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
-#   # # The below options configure an S3 compatible host instead of AWS
-#   # 'host' => 's3.amazonaws.com',
-#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
-#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
-#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
-# }
-
-################################################################################
-## Dependency proxy
-##! Docs: https://docs.gitlab.com/ee/administration/packages/dependency_proxy.html
-################################################################################
-
-# gitlab_rails['dependency_proxy_enabled'] = true
-# gitlab_rails['dependency_proxy_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/dependency_proxy"
-# gitlab_rails['dependency_proxy_object_store_enabled'] = false
-# gitlab_rails['dependency_proxy_object_store_proxy_download'] = false
-# gitlab_rails['dependency_proxy_object_store_remote_directory'] = "dependency_proxy"
-# gitlab_rails['dependency_proxy_object_store_connection'] = {
-#   'provider' => 'AWS',
-#   'region' => 'eu-west-1',
-#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
-#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
-#   # # The below options configure an S3 compatible host instead of AWS
-#   # 'host' => 's3.amazonaws.com',
-#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
-#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
-#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
-# }
-
-################################################################################
-## GitLab Sentinel (EE Only)
-##! Docs: http://docs.gitlab.com/ce/administration/high_availability/redis.html#high-availability-with-sentinel
-################################################################################
-
-##! **Make sure you configured all redis['master_*'] keys above before
-##!   continuing.**
-
-##! To enable Sentinel and disable all other services in this machine,
-##! uncomment the line below (if you've enabled Redis role, it will keep it).
-##! Docs: https://docs.gitlab.com/ee/administration/high_availability/redis.html
-# redis_sentinel_role['enable'] = true
-
-# sentinel['enable'] = true
-
-##! Bind to all interfaces, uncomment to specify an IP and bind to a single one
-# sentinel['bind'] = '0.0.0.0'
-
-##! Uncomment to change default port
-# sentinel['port'] = 26379
-
-##! Uncomment to require a Sentinel password. This may be different from the Redis master password.
-# sentinel['password'] = 'sentinel-password-goes-here'
-
-#### Support to run sentinels in a Docker or NAT environment
-#####! Docs: https://redis.io/topics/sentinel#sentinel-docker-nat-and-possible-issues
-# In an standard case, Sentinel will run in the same network service as Redis, so the same IP will be announce for Redis and Sentinel
-# Only define these values if it is needed to announce for Sentinel a differen IP service than Redis
-# sentinel['announce_ip'] = nil # If not defined, its value will be taken from redis['announce_ip'] or nil if not present
-# sentinel['announce_port'] = nil # If not defined, its value will be taken from sentinel['port'] or nil if redis['announce_ip'] not present
-
-##! Quorum must reflect the amount of voting sentinels it take to start a
-##! failover.
-##! **Value must NOT be greater then the amount of sentinels.**
-##! The quorum can be used to tune Sentinel in two ways:
-##! 1. If a the quorum is set to a value smaller than the majority of Sentinels
-##!    we deploy, we are basically making Sentinel more sensible to master
-##!    failures, triggering a failover as soon as even just a minority of
-##!    Sentinels is no longer able to talk with the master.
-##! 2. If a quorum is set to a value greater than the majority of Sentinels, we
-##!    are making Sentinel able to failover only when there are a very large
-##!    number (larger than majority) of well connected Sentinels which agree
-##!    about the master being down.
-# sentinel['quorum'] = 1
-
-### Consider unresponsive server down after x amount of ms.
-# sentinel['down_after_milliseconds'] = 10000
-
-### Specifies the failover timeout in milliseconds.
-##! It is used in many ways:
-##!
-##! - The time needed to re-start a failover after a previous failover was
-##!   already tried against the same master by a given Sentinel, is two
-##!   times the failover timeout.
-##!
-##! - The time needed for a replica replicating to a wrong master according
-##!   to a Sentinel current configuration, to be forced to replicate
-##!   with the right master, is exactly the failover timeout (counting since
-##!   the moment a Sentinel detected the misconfiguration).
-##!
-##! - The time needed to cancel a failover that is already in progress but
-##!   did not produced any configuration change (REPLICAOF NO ONE yet not
-##!   acknowledged by the promoted replica).
-##!
-##! - The maximum time a failover in progress waits for all the replicas to be
-##!   reconfigured as replicas of the new master. However even after this time
-##!   the replicas will be reconfigured by the Sentinels anyway, but not with
-##!   the exact parallel-syncs progression as specified.
-# sentinel['failover_timeout'] = 60000
-
-### Sentinel TLS settings
-###! To run Sentinel over TLS, specify values for the following settings
-# sentinel['tls_port'] = nil
-# sentinel['tls_cert_file'] = nil
-# sentinel['tls_key_file'] = nil
-
-###! Other TLS related optional settings
-# sentinel['tls_dh_params_file'] = nil
-# sentinel['tls_ca_cert_dir'] = '/opt/gitlab/embedded/ssl/certs/'
-# sentinel['tls_ca_cert_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
-# sentinel['tls_auth_clients'] = 'optional'
-# sentinel['tls_replication'] = nil
-# sentinel['tls_cluster'] = nil
-# sentinel['tls_protocols'] = nil
-# sentinel['tls_ciphers'] = nil
-# sentinel['tls_ciphersuites'] = nil
-# sentinel['tls_prefer_server_ciphers'] = nil
-# sentinel['tls_session_caching'] = nil
-# sentinel['tls_session_cache_size'] = nil
-# sentinel['tls_session_cache_timeout'] = nil
-
-### Sentinel hostname support
-###! When enabled, Redis will leverage hostname support
-###! Generally this does not need to be changed as we determine this based on
-###! the provided input from `redis['announce_ip']`
-###! * This is configured to `true` when a fully qualified hostname is provided
-###! * This is configured to `false` when an IP address is provided
-# sentinel['use_hostnames'] = <calculated>
-
-### Sentinel log settings
-# sentinel['log_directory'] = '/var/log/gitlab/sentinel'
-
-################################################################################
-## Additional Database Settings (EE only)
-##! Docs: https://docs.gitlab.com/ee/administration/database_load_balancing.html
-################################################################################
-# gitlab_rails['db_load_balancing'] = { 'hosts' => ['secondary1.example.com'] }
-
-################################################################################
-## GitLab Geo
-##! Docs: https://docs.gitlab.com/ee/gitlab-geo
-################################################################################
-##! Geo roles 'geo_primary_role' and 'geo_secondary_role' are set above with
-##! other roles. For more information, see: https://docs.gitlab.com/omnibus/roles/index.html#roles.
-
-# This is an optional identifier which Geo nodes can use to identify themselves.
-# For example, if external_url is the same for two secondaries, you must specify
-# a unique Geo node name for those secondaries.
-#
-# If it is blank, it defaults to external_url.
-# gitlab_rails['geo_node_name'] = nil
-
-# gitlab_rails['geo_registry_replication_enabled'] = true
-# gitlab_rails['geo_registry_replication_primary_api_url'] = 'https://example.com:5050'
-
-
-################################################################################
-## GitLab Geo Secondary (EE only)
-################################################################################
-# geo_secondary['auto_migrate'] = true
-# geo_secondary['db_adapter'] = "postgresql"
-# geo_secondary['db_encoding'] = "unicode"
-# geo_secondary['db_collation'] = nil
-# geo_secondary['db_database'] = "gitlabhq_geo_production"
-# geo_secondary['db_username'] = "gitlab_geo"
-# geo_secondary['db_password'] = nil
-# geo_secondary['db_host'] = "/var/opt/gitlab/geo-postgresql"
-# geo_secondary['db_port'] = 5431
-# geo_secondary['db_socket'] = nil
-# geo_secondary['db_sslmode'] = nil
-# geo_secondary['db_sslcompression'] = 0
-# geo_secondary['db_sslrootcert'] = nil
-# geo_secondary['db_sslca'] = nil
-# geo_secondary['db_prepared_statements'] = false
-# geo_secondary['db_database_tasks'] = true
-
-################################################################################
-## GitLab Geo Secondary Tracking Database (EE only)
-################################################################################
-
-# geo_postgresql['enable'] = false
-# geo_postgresql['ha'] = false
-# geo_postgresql['dir'] = '/var/opt/gitlab/geo-postgresql'
-# geo_postgresql['pgbouncer_user'] = nil
-# geo_postgresql['pgbouncer_user_password'] = nil
-##! `SQL_USER_PASSWORD_HASH` can be generated using the command `gitlab-ctl pg-password-md5 gitlab`
-# geo_postgresql['sql_user_password'] = 'SQL_USER_PASSWORD_HASH'
-# geo_postgresql['log_directory'] = '/var/log/gitlab/geo-postgresql'
-
-##! Automatically restart PostgreSQL service when version changes.
-# geo_postgresql['auto_restart_on_version_change'] = true
-
-################################################################################
-## GitLab Geo Log Cursor Daemon (EE only)
-################################################################################
-
-# geo_logcursor['log_directory'] = '/var/log/gitlab/geo-logcursor'
-# geo_logcursor['log_group'] = nil
-
-################################################################################
-## Unleash
-##! These settings are for GitLab internal use.
-##! They are used to control feature flags during GitLab development.
-##! Docs: https://docs.gitlab.com/ee/development/feature_flags
-################################################################################
-# gitlab_rails['feature_flags_unleash_enabled'] = false
-# gitlab_rails['feature_flags_unleash_url'] = nil
-# gitlab_rails['feature_flags_unleash_app_name'] = nil
-# gitlab_rails['feature_flags_unleash_instance_id'] = nil
-
-################################################################################
-# Pgbouncer (EE only)
-# See [GitLab PgBouncer documentation](http://docs.gitlab.com/omnibus/settings/database.html#enabling-pgbouncer-ee-only)
-# See the [PgBouncer page](https://pgbouncer.github.io/config.html) for details
-################################################################################
-# pgbouncer['enable'] = false
-# pgbouncer['log_directory'] = '/var/log/gitlab/pgbouncer'
-# pgbouncer['log_group'] = nil
-# pgbouncer['data_directory'] = '/var/opt/gitlab/pgbouncer'
-# pgbouncer['env_directory'] = '/opt/gitlab/etc/pgbouncer/env'
-# pgbouncer['env'] = {
-#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
-# }
-# pgbouncer['listen_addr'] = '0.0.0.0'
-# pgbouncer['listen_port'] = '6432'
-# pgbouncer['pool_mode'] = 'transaction'
-# pgbouncer['server_reset_query'] = 'DISCARD ALL'
-# pgbouncer['application_name_add_host'] = '1'
-# pgbouncer['max_client_conn'] = '2048'
-# pgbouncer['default_pool_size'] = '100'
-# pgbouncer['min_pool_size'] = '0'
-# pgbouncer['reserve_pool_size'] = '5'
-# pgbouncer['reserve_pool_timeout'] = '5.0'
-# pgbouncer['server_round_robin'] = '0'
-# pgbouncer['log_connections'] = '0'
-# pgbouncer['server_idle_timeout'] = '30'
-# pgbouncer['dns_max_ttl'] = '15.0'
-# pgbouncer['dns_zone_check_period'] = '0'
-# pgbouncer['dns_nxdomain_ttl'] = '15.0'
-# pgbouncer['admin_users'] = %w(gitlab-psql postgres pgbouncer)
-# pgbouncer['stats_users'] = %w(gitlab-psql postgres pgbouncer)
-# pgbouncer['ignore_startup_parameters'] = 'extra_float_digits'
-# pgbouncer['databases'] = {
-#   DATABASE_NAME: {
-#     host: HOSTNAME,
-#     port: PORT
-#     user: USERNAME,
-#     password: PASSWORD
-###! generate this with `echo -n '$password + $username' | md5sum`
-#   }
-#   ...
-# }
-# pgbouncer['logfile'] = nil
-# pgbouncer['unix_socket_dir'] = nil
-# pgbouncer['unix_socket_mode'] = '0777'
-# pgbouncer['unix_socket_group'] = nil
-# pgbouncer['auth_type'] = 'md5'
-# pgbouncer['auth_hba_file'] = nil
-# pgbouncer['auth_query'] = 'SELECT username, password FROM public.pg_shadow_lookup($1)'
-# pgbouncer['users'] = {
-#   USERNAME: {
-#     'password': MD5_PASSWORD_HASH,
-#   }
-# }
-# postgresql['pgbouncer_user'] = nil
-# postgresql['pgbouncer_user_password'] = nil
-# pgbouncer['server_reset_query_always'] = 0
-# pgbouncer['server_check_query'] = 'select 1'
-# pgbouncer['server_check_delay'] = 30
-# pgbouncer['max_db_connections'] = nil
-# pgbouncer['max_user_connections'] = nil
-# pgbouncer['syslog'] = 0
-# pgbouncer['syslog_facility'] = 'daemon'
-# pgbouncer['syslog_ident'] = 'pgbouncer'
-# pgbouncer['log_disconnections'] = 1
-# pgbouncer['log_pooler_errors'] = 1
-# pgbouncer['stats_period'] = 60
-# pgbouncer['verbose'] = 0
-# pgbouncer['server_lifetime'] = 3600
-# pgbouncer['server_connect_timeout'] = 15
-# pgbouncer['server_login_retry'] = 15
-# pgbouncer['query_timeout'] = 0
-# pgbouncer['query_wait_timeout'] = 120
-# pgbouncer['client_idle_timeout'] = 0
-# pgbouncer['client_login_timeout'] = 60
-# pgbouncer['autodb_idle_timeout'] = 3600
-# pgbouncer['suspend_timeout'] = 10
-# pgbouncer['idle_transaction_timeout'] = 0
-# pgbouncer['pkt_buf'] = 4096
-# pgbouncer['listen_backlog'] = 128
-# pgbouncer['sbuf_loopcnt'] = 5
-# pgbouncer['max_packet_size'] = 2147483647
-# pgbouncer['tcp_defer_accept'] = 0
-# pgbouncer['tcp_socket_buffer'] = 0
-# pgbouncer['tcp_keepalive'] = 1
-# pgbouncer['tcp_keepcnt'] = 0
-# pgbouncer['tcp_keepidle'] = 0
-# pgbouncer['tcp_keepintvl'] = 0
-# pgbouncer['disable_pqexec'] = 0
-
-## Pgbouncer client TLS options
-# pgbouncer['client_tls_sslmode'] = 'disable'
-# pgbouncer['client_tls_ca_file'] = nil
-# pgbouncer['client_tls_key_file'] = nil
-# pgbouncer['client_tls_cert_file'] = nil
-# pgbouncer['client_tls_protocols'] = 'all'
-# pgbouncer['client_tls_dheparams'] = 'auto'
-# pgbouncer['client_tls_ecdhcurve'] = 'auto'
-#
-## Pgbouncer server  TLS options
-# pgbouncer['server_tls_sslmode'] = 'disable'
-# pgbouncer['server_tls_ca_file'] = nil
-# pgbouncer['server_tls_key_file'] = nil
-# pgbouncer['server_tls_cert_file'] = nil
-# pgbouncer['server_tls_protocols'] = 'all'
-# pgbouncer['server_tls_ciphers'] = 'fast'
-
-################################################################################
-# Patroni (EE only)
-################################################################################
-# patroni['enable'] = false
-
-# patroni['dir'] = '/var/opt/gitlab/patroni'
-# patroni['ctl_command'] = '/opt/gitlab/embedded/bin/patronictl'
-
-## Patroni dynamic configuration settings
-# patroni['loop_wait'] = 10
-# patroni['ttl'] = 30
-# patroni['retry_timeout'] = 10
-# patroni['maximum_lag_on_failover'] = 1_048_576
-# patroni['max_timelines_history'] = 0
-# patroni['master_start_timeout'] = 300
-# patroni['use_pg_rewind'] = true
-# patroni['remove_data_directory_on_rewind_failure'] = false
-# patroni['remove_data_directory_on_diverged_timelines'] = false
-# patroni['use_slots'] = true
-# patroni['replication_password'] = nil
-# patroni['replication_slots'] = {}
-# patroni['callbacks'] = {}
-# patroni['recovery_conf'] = {}
-# patroni['tags'] = {}
-
-## Standby cluster replication settings
-# patroni['standby_cluster']['enable'] = false
-# patroni['standby_cluster']['host'] = nil
-# patroni['standby_cluster']['port'] = 5432
-# patroni['standby_cluster']['primary_slot_name'] = nil
-
-## Global/Universal settings
-# patroni['scope'] = 'gitlab-postgresql-ha'
-# patroni['name'] = nil
-
-## Log settings
-# patroni['log_directory'] = '/var/log/gitlab/patroni'
-# patroni['log_group'] = nil
-# patroni['log_level'] = 'INFO'
-
-## Consul specific settings
-# patroni['consul']['url'] = 'http://127.0.0.1:8500'
-# patroni['consul']['service_check_interval'] = '10s'
-# patroni['consul']['register_service'] = true
-# patroni['consul']['checks'] = []
-
-## PostgreSQL configuration override
-# patroni['postgresql']['hot_standby'] = 'on'
-
-## The following must hold the same values on all nodes.
-## Leave unassined to use PostgreSQL's default values.
-# patroni['postgresql']['wal_level'] = 'replica'
-# patroni['postgresql']['wal_log_hints'] = 'on'
-# patroni['postgresql']['max_worker_processes'] = 8
-# patroni['postgresql']['max_locks_per_transaction'] = 64
-# patroni['postgresql']['max_connections'] = 400
-# patroni['postgresql']['checkpoint_timeout'] = 30
-
-## The following can hold different values on all nodes.
-## Leave unassined to use PostgreSQL's default values.
-# patroni['postgresql']['wal_keep_segments'] = 8
-# patroni['postgresql']['max_wal_senders'] = 5
-# patroni['postgresql']['max_replication_slots'] = 5
-
-## Permanent replication slots for Streaming Replication
-# patroni['replication_slots'] = {
-#   'geo_secondary' => { 'type' => 'physical' }
-# }
-
-## The address and port that Patroni API binds to and listens on.
-# patroni['listen_address'] = nil
-# patroni['port'] = '8008'
-
-## The address of the Patroni node that is advertized to other cluster
-## members to communicate with its API and PostgreSQL. If it is not specified,
-## it tries to use the first available private IP and falls back to the default
-## network interface.
-# patroni['connect_address'] = nil
-
-## The port that Patroni API responds to other cluster members. This port is
-## advertized and by default is the same as patroni['port'].
-# patroni['connect_port'] = '8008'
-
-## Specifies the set of hosts that are allowed to call unsafe REST API endpoints.
-## Each item can be an hostname, IP address, or CIDR address.
-## All hosts are allowed if this is unset.
-# patroni['allowlist'] = []
-# patroni['allowlist_include_members'] = false
-
-## The username and password to use for basic auth on write commands to the
-## Patroni API. If not specified then the API does not use basic auth.
-# patroni['username'] = nil
-# patroni['password'] = nil
-
-## TLS configuration for Patroni API. Both certificate and key files are
-## required to enable TLS. If not specified then the API uses plain HTTP.
-# patroni['tls_certificate_file'] = nil
-# patroni['tls_key_file'] = nil
-# patroni['tls_key_password'] = nil
-# patroni['tls_ca_file'] = nil
-# patroni['tls_ciphers'] = nil
-# patroni['tls_client_mode'] = nil
-# patroni['tls_client_certificate_file'] = nil
-# patroni['tls_client_key_file'] = nil
-# patroni['tls_verify'] = true
-
-################################################################################
-# Consul (EEP only)
-################################################################################
-# consul['enable'] = false
-# consul['dir'] = '/var/opt/gitlab/consul'
-# consul['username'] = 'gitlab-consul'
-# consul['group'] = 'gitlab-consul'
-# consul['config_file'] = '/var/opt/gitlab/consul/config.json'
-# consul['config_dir'] = '/var/opt/gitlab/consul/config.d'
-# consul['data_dir'] = '/var/opt/gitlab/consul/data'
-# consul['log_directory'] = '/var/log/gitlab/consul'
-# consul['log_group'] = nil
-# consul['env_directory'] = '/opt/gitlab/etc/consul/env'
-# consul['env'] = {
-#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
-# }
-# consul['monitoring_service_discovery'] = false
-# consul['node_name'] = nil
-# consul['script_directory'] = '/var/opt/gitlab/consul/scripts'
-# consul['configuration'] = {
-#   'client_addr' => nil,
-#   'datacenter' => 'gitlab_consul',
-#   'enable_script_checks' => true,
-#   'server' => false
-# }
-# consul['services'] = []
-# consul['service_config'] = {
-#   'postgresql' => {
-#     'service' => {
-#       'name' => "postgresql",
-#       'address' => '',
-#       'port' => 5432,
-#       'checks' => [
-#         {
-#           'script' => "/var/opt/gitlab/consul/scripts/check_postgresql",
-#           'interval' => "10s"
-#         }
-#       ]
-#     }
-#   }
-# }
-# consul['watchers'] = []
-#
-# consul['custom_config_dir'] = '/path/to/service/configs/directory'
-#
-
-#### HTTP API ports
-# consul['http_port'] = nil
-# consul['https_port'] = nil
-
-#### Gossip encryption
-# consul['encryption_key'] = nil
-# consul['encryption_verify_incoming'] = nil
-# consul['encryption_verify_outgoing'] = nil
-
-#### TLS settings
-# consul['use_tls'] = false
-# consul['tls_ca_file'] = nil
-# consul['tls_certificate_file'] = nil
-# consul['tls_key_file'] = nil
-# consul['tls_verify_client'] = nil
-
-################################################################################
-# Service desk email settings
-################################################################################
-### Service desk email
-###! Allow users to create new service desk issues by sending an email to
-###! service desk address.
-###! Docs: https://docs.gitlab.com/ee/user/project/service_desk.html
-# gitlab_rails['service_desk_email_enabled'] = false
-
-#### Service Desk Mailbox Settings (via `mail_room`)
-#### Service Desk Email Address
-####! The email address including the `%{key}` placeholder that will be replaced
-####! to reference the item being replied to.
-####! **The placeholder can be omitted but if present, it must appear in the
-####!   "user" part of the address (before the `@`).**
-# gitlab_rails['service_desk_email_address'] = "contact_project+%{key}@gmail.com"
-
-#### Service Desk Email account username
-####! **With third party providers, this is usually the full email address.**
-####! **With self-hosted email servers, this is usually the user part of the
-####!   email address.**
-# gitlab_rails['service_desk_email_email'] = "contact_project@gmail.com"
-
-#### Service Desk Email account password
-# gitlab_rails['service_desk_email_password'] = "[REDACTED]"
-
-####! The mailbox where service desk mail will end up. Usually "inbox".
-# gitlab_rails['service_desk_email_mailbox_name'] = "inbox"
-####! The IDLE command timeout.
-# gitlab_rails['service_desk_email_idle_timeout'] = 60
-####! The file name for internal `mail_room` JSON logfile
-# gitlab_rails['service_desk_email_log_file'] = "/var/log/gitlab/mailroom/mail_room_json.log"
-
-#### Service Desk IMAP Settings
-# gitlab_rails['service_desk_email_host'] = "imap.gmail.com"
-# gitlab_rails['service_desk_email_port'] = 993
-# gitlab_rails['service_desk_email_ssl'] = true
-# gitlab_rails['service_desk_email_start_tls'] = false
-
-#### Inbox options (for Microsoft Graph)
-# gitlab_rails['service_desk_email_inbox_method'] = 'microsoft_graph'
-# gitlab_rails['service_desk_email_inbox_options'] = {
-#    'tenant_id': 'YOUR-TENANT-ID',
-#    'client_id': 'YOUR-CLIENT-ID',
-#    'client_secret': 'YOUR-CLIENT-SECRET',
-#    'poll_interval': 60  # Optional
-# }
-
-#### How service desk emails are delivered to Rails process. Accept either
-#### sidekiq or webhook. The default config is webhook.
-# gitlab_rails['service_desk_email_delivery_method'] = "webhook"
-
-#### Token to authenticate webhook requests. The token must be exactly 32 bytes,
-#### encoded with base64
-# gitlab_rails['service_desk_email_auth_token'] = nil
-
-################################################################################
-## Spamcheck (EE only)
-#################################################################################
-
-# spamcheck['enable'] = false
-# spamcheck['dir'] = '/var/opt/gitlab/spamcheck'
-# spamcheck['port'] = 8001
-# spamcheck['external_port'] = nil
-# spamcheck['monitoring_address'] = ':8003'
-# spamcheck['log_level'] = 'info'
-# spamcheck['log_format'] = 'json'
-# spamcheck['log_output'] = 'stdout'
-# spamcheck['monitor_mode'] = false
-# spamcheck['allowlist'] = {}
-# spamcheck['denylist'] = {}
-# spamcheck['log_directory'] = "/var/log/gitlab/spamcheck"
-# spamcheck['log_group'] = nil
-# spamcheck['env_directory'] = "/opt/gitlab/etc/spamcheck/env"
-# spamcheck['env'] = {
-#   'SSL_CERT_DIR' => '/opt/gitlab/embedded/ssl/cers'
-# }
-# spamcheck['classifier']['log_directory'] = "/var/log/gitlab/spam-classifier"
+external_url 'http://gitlab.scalastic.local'
+registry_external_url 'https://gitlab.scalastic.local'
+nginx['listen_port'] = 4000
+nginx['listen_https'] = false
diff --git a/test/gitlab/install.sh b/test/gitlab/install.sh
index d5e59ee..7c44595 100755
--- a/test/gitlab/install.sh
+++ b/test/gitlab/install.sh
@@ -15,26 +15,26 @@ install__configure_kubernetes() {
 
   helm repo add gitlab https://charts.gitlab.io
   helm repo update gitlab
-
-
 }
 
 GITLAB_PATH="${PWD}/test/gitlab"
 GITLAB_VOLUME_HOME="${GITLAB_PATH}/home"
-GITLAB_INSTALLATION_CONFIG="${GITLAB_PATH}/config"
 LOCAL_IP_ADDRESS=$(tooling_get_ip)
 
 export GITLAB_HOME="${GITLAB_VOLUME_HOME}"
+export GITLAB_INSTALLATION_CONFIG="${GITLAB_PATH}/config"
 
-docker run --detach \
-  --hostname gitlab.scalastic.local \
-  --publish 127.0.0.1:4443:443 --publish 127.0.0.1:4000:80 \
+docker run \
   --name gitlab \
-  --restart always \
+  --network wizard-network \
+  --hostname gitlab.scalastic.local \
+  --publish 4000:80 \
   --volume "${GITLAB_VOLUME_HOME}/config:/etc/gitlab" \
   --volume "${GITLAB_VOLUME_HOME}/logs:/var/log/gitlab" \
   --volume "${GITLAB_VOLUME_HOME}/data:/var/opt/gitlab" \
   --env GITLAB_ROOT_PASSWORD=p@ssw0rd \
+  --env GITLAB_HOME="${GITLAB_VOLUME_HOME}" \
+  --env GITLAB_INSTALLATION_CONFIG="${GITLAB_PATH}/config" \
   --shm-size 256m \
   gitlab/gitlab-ce:latest
 
@@ -52,4 +52,4 @@ docker run --detach \
 
 docker logs -f gitlab
 
-docker exec -it gitlab grep 'Password:' /etc/gitlab/initial_root_password
\ No newline at end of file
+#docker exec -it gitlab grep 'Password:' /etc/gitlab/initial_root_password
\ No newline at end of file
diff --git a/test/jenkins/install.sh b/test/jenkins/install.sh
index f7566a0..33a3c9d 100755
--- a/test/jenkins/install.sh
+++ b/test/jenkins/install.sh
@@ -43,9 +43,6 @@ EOF
 JENKINS_PATH="${PWD}/test/jenkins"
 JENKINS_INSTALLATION_CONFIG="${JENKINS_PATH}/config"
 JENKINS_VOLUME_HOME="${JENKINS_PATH}/home"
-LOCAL_IP_ADDRESS=$(tooling_get_ip)
-
-log_info "Local IP address is: ${LOCAL_IP_ADDRESS}"
 
 install__configure_kubernetes
 
@@ -56,11 +53,10 @@ docker build \
 docker run \
   --rm \
   --name jenkins \
+  --network wizard-network \
   --hostname jenkins.scalastic.local \
   -p 8080:8080 -p 50000:50000 \
   -v "${JENKINS_VOLUME_HOME}:/var/jenkins_home" \
   --env "JENKINS_INSTALLATION_CONFIG=${JENKINS_INSTALLATION_CONFIG}" \
   --env JENKINS_ADMIN_ID=admin --env JENKINS_ADMIN_PASSWORD=password \
   jenkins:jcasc
-  # --env "LOCAL_IP_ADDRESS=${LOCAL_IP_ADDRESS}" \
-  # --add-host=jenkins.scalastic.local:"${LOCAL_IP_ADDRESS}" \
diff --git a/test/nginx/config/Dockerfile b/test/nginx/config/Dockerfile
index e986e4f..a2ba12d 100644
--- a/test/nginx/config/Dockerfile
+++ b/test/nginx/config/Dockerfile
@@ -1,7 +1,14 @@
 # Utilisez une image de base Nginx
-FROM nginx
+FROM ubuntu:20.04
 
+RUN apt-get update -y
+
+# Install Nginx
+RUN apt-get install -y nginx
+
+RUN rm -f /etc/nginx/sites-enabled/*
 COPY jenkins.conf /etc/nginx/conf.d
+#COPY gitlab.conf /etc/nginx/conf.d
 
 # Exposez le port 80 pour HTTP
 EXPOSE 80/tcp
diff --git a/test/nginx/config/default.conf b/test/nginx/config/default.conf
deleted file mode 100644
index 295f9fc..0000000
--- a/test/nginx/config/default.conf
+++ /dev/null
@@ -1,68 +0,0 @@
-# Required for Jenkins websocket agents
-map $http_upgrade $connection_upgrade {
-  default upgrade;
-  '' close;
-}
-
-server {
-  listen          80;
-  server_name     jenkins.scalastic.local;
-
-  # this is the jenkins web root directory
-  # (mentioned in the output of "systemctl cat jenkins")
-  root            /var/run/jenkins/war/;
-
-  access_log      /var/log/nginx/jenkins.access.log;
-  error_log       /var/log/nginx/jenkins.error.log;
-
-  # pass through headers from Jenkins that Nginx considers invalid
-  ignore_invalid_headers off;
-
-  location ~ "^/static/[0-9a-fA-F]{8}\/(.*)$" {
-    # rewrite all static files into requests to the root
-    # E.g /static/12345678/css/something.css will become /css/something.css
-    rewrite "^/static/[0-9a-fA-F]{8}\/(.*)" /$1 last;
-  }
-
-  location /userContent {
-    # have nginx handle all the static requests to userContent folder
-    # note : This is the $JENKINS_HOME dir
-    root /var/lib/jenkins/;
-    if (!-f $request_filename){
-      # this file does not exist, might be a directory or a /**view** url
-      rewrite (.*) /$1 last;
-      break;
-    }
-    sendfile on;
-  }
-
-  location / {
-      sendfile off;
-      proxy_pass         http://jenkins:8080/;
-      proxy_redirect     default;
-      proxy_http_version 1.1;
-
-      # Required for Jenkins websocket agents
-      proxy_set_header   Connection        $connection_upgrade;
-      proxy_set_header   Upgrade           $http_upgrade;
-
-      proxy_set_header   Host              $host;
-      proxy_set_header   X-Real-IP         $remote_addr;
-      proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
-      proxy_set_header   X-Forwarded-Proto $scheme;
-      proxy_max_temp_file_size 0;
-
-      #this is the maximum upload size
-      client_max_body_size       10m;
-      client_body_buffer_size    128k;
-
-      proxy_connect_timeout      90;
-      proxy_send_timeout         90;
-      proxy_read_timeout         90;
-      proxy_buffering            off;
-      proxy_request_buffering    off; # Required for HTTP CLI commands
-      proxy_set_header Connection ""; # Clear for keepalive
-  }
-
-}
-
diff --git a/test/nginx/config/gitlab.conf b/test/nginx/config/gitlab.conf
new file mode 100644
index 0000000..f032b55
--- /dev/null
+++ b/test/nginx/config/gitlab.conf
@@ -0,0 +1,28 @@
+# Nginx reverse proxy configuration for Gitlab
+server {
+  listen        80;
+  server_name   gitlab.scalastic.local;
+
+  access_log    /var/log/nginx/gitlab.access.log;
+  error_log     /var/log/nginx/gitlab.error.log warn;
+
+  # pass through headers from Gitlab that Nginx considers invalid
+  ignore_invalid_headers off;
+
+  location / {
+    proxy_pass         http://gitlab:4000/;
+    proxy_redirect     default;
+    proxy_http_version  1.1;
+
+    add_header       X-Served-By $host;
+    proxy_set_header Host $host;
+    proxy_set_header X-Forwarded-Scheme $scheme;
+    proxy_set_header X-Forwarded-Proto  $scheme;
+    proxy_set_header X-Forwarded-For    $remote_addr;
+    proxy_set_header X-Real-IP          $remote_addr;
+
+
+  }
+
+
+}
\ No newline at end of file
diff --git a/test/nginx/home/index.html b/test/nginx/home/index.html
deleted file mode 100644
index 7cb836f..0000000
--- a/test/nginx/home/index.html
+++ /dev/null
@@ -1,6 +0,0 @@
-<!DOCTYPE html>
-<html>
-<body>
-    <h1>NGINX Wizard Home</h1>
-</body>
-</html>
\ No newline at end of file
diff --git a/test/shell/test.sh b/test/shell/test.sh
new file mode 100755
index 0000000..ff71259
--- /dev/null
+++ b/test/shell/test.sh
@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+
+
+SHELL_DIR=shell
+LOG_DIR=tmp
+LOG_LEVEL=0
+LOGGER_COLORIZED=true
+
+echo "${BASH_VERSION}"
+
+. "${SHELL_DIR}/lib/core/runner.sh"
+. "${SHELL_DIR}/lib/tls/core.sh"
+
+rm -rf "${LOG_DIR}"
+
+runner.run tls.create_server_cert jenkins scalastic "tmp/openssl"
+ls -al tmp/openssl
+
+runner.run tls.create_server_cert gitlab scalastic "tmp/openssl"
+ls -al tmp/openssl
+