From ecb9fe3e06eefb1c561c34b5824020836d662212 Mon Sep 17 00:00:00 2001
From: Soubinan <contact@soubinan.tk>
Date: Sun, 30 Jun 2024 18:01:36 +0000
Subject: [PATCH 01/37] gitignore generated files

---
 .gitignore | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index 00fb890..611e18a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,4 +3,6 @@
 # ignore tarballs
 *.tar.*
 # ignore kclvm dir
-.kclvm
\ No newline at end of file
+.kclvm
+# ignore test generation
+_lxc*
\ No newline at end of file

From f4ed69585621b9c5c027ec7fc009dd37c7aaa663 Mon Sep 17 00:00:00 2001
From: Soubinan <contact@soubinan.tk>
Date: Sun, 30 Jun 2024 15:26:30 -0400
Subject: [PATCH 02/37] Update readme

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 1404da4..b3aa4f7 100644
--- a/README.md
+++ b/README.md
@@ -44,7 +44,7 @@ It is very straight forward to add a new build template:
 
 ```sh {"id":"01J0MNYBZ7PPTE87YJCNJPC101"}
 # Your template should be in the ./templates directory
-read -p "Your template filename: " filename && yq eval '. as $root | {"kcl_options": [{"key": "build-instructions", "value": $root}]}' ./templates/${filename} > _lxc-partial.yml && echo "_lxc-partial.yml has been successfully generated !"
+read -p "Your template filepath (ie. ./templates/myapp.yml): " templatepath && yq eval '. as $root | {"kcl_options": [{"key": "build-instructions", "value": $root}]}' ./templates/${templatepath} > _lxc-partial.yml && echo "_lxc-partial.yml has been successfully generated !"
 ls -lash ./_lxc-partial.yml
 ```
 

From 040596a93087c37946a2578a3857dbc3cf1fb260 Mon Sep 17 00:00:00 2001
From: Soubinan <contact@soubinan.tk>
Date: Mon, 1 Jul 2024 04:04:18 +0000
Subject: [PATCH 03/37] Add Github actions extension to devcontainer config

---
 .devcontainer/devcontainer.json | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index 8946b37..8bbfbbd 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -6,8 +6,8 @@
     "dockerfile": "Dockerfile"
   },
   "remoteUser": "root",
-  "workspaceMount": "source=${localWorkspaceFolder},target=/workspace/homelab-lxc,type=bind,consistency=cached,Z=true",
-  "workspaceFolder": "/workspace/homelab-lxc",
+  "workspaceMount": "source=${localWorkspaceFolder},target=/workspaces/homelab-lxc,type=bind,consistency=cached,Z=true",
+  "workspaceFolder": "/workspaces/homelab-lxc",
   "customizations": {
     "vscode": {
       "extensions": [
@@ -15,7 +15,8 @@
         "eamodio.gitlens",
         "kcl.kcl-vscode-extension",
         "redhat.vscode-yaml",
-        "stateful.runme"
+        "stateful.runme",
+        "github.vscode-github-actions"
       ]
     }
   }

From d60ee8f2c1984a099f399d0760b0a77b694abecd Mon Sep 17 00:00:00 2001
From: Soubinan <contact@soubinan.tk>
Date: Mon, 1 Jul 2024 04:06:04 +0000
Subject: [PATCH 04/37] fix wrong example and rename variable to a better one

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index b3aa4f7..af08201 100644
--- a/README.md
+++ b/README.md
@@ -44,7 +44,7 @@ It is very straight forward to add a new build template:
 
 ```sh {"id":"01J0MNYBZ7PPTE87YJCNJPC101"}
 # Your template should be in the ./templates directory
-read -p "Your template filepath (ie. ./templates/myapp.yml): " templatepath && yq eval '. as $root | {"kcl_options": [{"key": "build-instructions", "value": $root}]}' ./templates/${templatepath} > _lxc-partial.yml && echo "_lxc-partial.yml has been successfully generated !"
+read -p "Your template filename (ie. myapp.yml): " template_file && yq eval '. as $root | {"kcl_options": [{"key": "build-instructions", "value": $root}]}' ./templates/${template_file} > _lxc-partial.yml && echo "_lxc-partial.yml has been successfully generated !"
 ls -lash ./_lxc-partial.yml
 ```
 

From 1dbbb59dec50646c3b3c817a704c185bebfc7e51 Mon Sep 17 00:00:00 2001
From: Soubinan <contact@soubinan.tk>
Date: Mon, 1 Jul 2024 13:44:03 +0000
Subject: [PATCH 05/37] Add template: AdGuard

---
 .github/workflows/build-adguard.yml | 49 +++++++++++++++++++++++++++++
 templates/adguard.yml               | 12 +++++++
 2 files changed, 61 insertions(+)
 create mode 100644 .github/workflows/build-adguard.yml
 create mode 100644 templates/adguard.yml

diff --git a/.github/workflows/build-adguard.yml b/.github/workflows/build-adguard.yml
new file mode 100644
index 0000000..58094c1
--- /dev/null
+++ b/.github/workflows/build-adguard.yml
@@ -0,0 +1,49 @@
+name: Build AdGuard LXC Image
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - closed
+    branches:
+      - main
+    paths:
+      - '.github/workflows/build-adguard.yml'
+      - 'templates/adguard.yml'
+  schedule:
+    - cron: '0 2 */1 * *'
+
+jobs:
+  init:
+    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get Application version
+        id: get-app-version
+        run: |
+          echo "APP_VERSION=$(curl -s https://github.com/AdguardTeam/AdGuardHome/releases/latest | jq -r '.tag_name' | sed -E 's/.*v|.*V|.+@//')" >> $GITHUB_OUTPUT
+    outputs:
+      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
+
+  image-build:
+    needs: init
+    strategy:
+      matrix:
+        architectures:
+          - amd64
+    uses: ./.github/workflows/builder.yml
+    with:
+      config_path: templates/adguard.yml
+      app_name: adguard
+      app_version: ${{needs.init.outputs.app_version}}
+      description: Network-wide ads & trackers blocking DNS server
+      categories: DNS, Privacy
+      project_source: https://github.com/AdguardTeam/AdGuardHome
+      distribution: debian
+      release: bullseye
+      architecture: ${{matrix.architectures}}
+      branch_name: ${{github.event.pull_request.base.ref}}
+      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
+    secrets: inherit
diff --git a/templates/adguard.yml b/templates/adguard.yml
new file mode 100644
index 0000000..5b07229
--- /dev/null
+++ b/templates/adguard.yml
@@ -0,0 +1,12 @@
+name: AdGuard
+
+actions:
+- trigger: post-files
+  pongo: true
+  action: |-
+    #!/bin/bash
+    set -eux
+
+    curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -v
+
+    systemctl enable AdGuardHome.service

From 7d96b91ca2962d7689ca2909ec31a7b1340b5155 Mon Sep 17 00:00:00 2001
From: Soubinan <contact@soubinan.tk>
Date: Mon, 1 Jul 2024 13:53:30 +0000
Subject: [PATCH 06/37] Update devcontainer Dockerfile: Add KCL lsp

---
 .devcontainer/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
index 6c8c386..edf5db3 100644
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -14,6 +14,7 @@ RUN apt-get update && apt-get upgrade -y && \
     && rm -rf /var/lib/apt/lists/*
 
 RUN wget -q https://kcl-lang.io/script/install-cli.sh -O - | bash && \
+    wget -q https://kcl-lang.io/script/install-kcl-lsp.sh -O - | bash && \
     wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq && \
     chmod +x /usr/bin/yq
 

From ac2d54effc63558bbbd69146df637f1ad13cc621 Mon Sep 17 00:00:00 2001
From: Soubinan <contact@soubinan.tk>
Date: Mon, 1 Jul 2024 14:01:05 +0000
Subject: [PATCH 07/37] Add template: Grafana

---
 .github/workflows/build-grafana.yml | 49 +++++++++++++++++++++++++++++
 templates/grafana.yml               | 22 +++++++++++++
 2 files changed, 71 insertions(+)
 create mode 100644 .github/workflows/build-grafana.yml
 create mode 100644 templates/grafana.yml

diff --git a/.github/workflows/build-grafana.yml b/.github/workflows/build-grafana.yml
new file mode 100644
index 0000000..2e7fe9c
--- /dev/null
+++ b/.github/workflows/build-grafana.yml
@@ -0,0 +1,49 @@
+name: Build Grafana LXC Image
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - closed
+    branches:
+      - main
+    paths:
+      - '.github/workflows/build-grafana.yml'
+      - 'templates/grafana.yml'
+  schedule:
+    - cron: '0 2 */1 * *'
+
+jobs:
+  init:
+    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get Application version
+        id: get-app-version
+        run: |
+          echo "APP_VERSION=$(curl -s https://github.com/grafana/grafana/releases/latest | jq -r '.tag_name' | sed -E 's/.*v|.*V|.+@| .*$//')" >> $GITHUB_OUTPUT
+    outputs:
+      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
+
+  image-build:
+    needs: init
+    strategy:
+      matrix:
+        architectures:
+          - amd64
+    uses: ./.github/workflows/builder.yml
+    with:
+      config_path: templates/grafana.yml
+      app_name: grafana
+      app_version: ${{needs.init.outputs.app_version}}
+      description: The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
+      categories: Monitoring, Dashboard, Analytics
+      project_source: https://github.com/grafana/grafana
+      distribution: debian
+      release: bullseye
+      architecture: ${{matrix.architectures}}
+      branch_name: ${{github.event.pull_request.base.ref}}
+      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
+    secrets: inherit
diff --git a/templates/grafana.yml b/templates/grafana.yml
new file mode 100644
index 0000000..d04a2d4
--- /dev/null
+++ b/templates/grafana.yml
@@ -0,0 +1,22 @@
+name: Grafana
+
+packages:
+- apt-transport-https
+- software-properties-common
+
+actions:
+- trigger: post-files
+  pongo: true
+  action: |-
+    #!/bin/bash
+    set -eux
+
+    mkdir -p /etc/apt/keyrings/
+    wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor | sudo tee /etc/apt/keyrings/grafana.gpg > /dev/null
+
+    echo "deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com stable main" | tee -a /etc/apt/sources.list.d/grafana.list
+
+    apt update
+    apt install -y grafana
+
+    systemctl enable grafana-server.service

From 034f0847f81a27f162fa979980970c9e71223680 Mon Sep 17 00:00:00 2001
From: Soubinan <contact@soubinan.tk>
Date: Mon, 1 Jul 2024 16:36:16 +0000
Subject: [PATCH 08/37] Add dockerignore and Hooks to remove generated files

---
 .devcontainer/.dockerignore     | 8 ++++++++
 .devcontainer/devcontainer.json | 6 ++++++
 2 files changed, 14 insertions(+)
 create mode 100644 .devcontainer/.dockerignore

diff --git a/.devcontainer/.dockerignore b/.devcontainer/.dockerignore
new file mode 100644
index 0000000..611e18a
--- /dev/null
+++ b/.devcontainer/.dockerignore
@@ -0,0 +1,8 @@
+# ignore vars files
+*.vars
+# ignore tarballs
+*.tar.*
+# ignore kclvm dir
+.kclvm
+# ignore test generation
+_lxc*
\ No newline at end of file
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index 8bbfbbd..5fa458c 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -8,6 +8,12 @@
   "remoteUser": "root",
   "workspaceMount": "source=${localWorkspaceFolder},target=/workspaces/homelab-lxc,type=bind,consistency=cached,Z=true",
   "workspaceFolder": "/workspaces/homelab-lxc",
+  "initializeCommand":{
+    "clean_kcl": "rm -rf ${localWorkspaceFolder}/.kclvm",
+    "clean_partial": "rm -f ${localWorkspaceFolder}/_lxc-partial.yml",
+    "clean_template": "rm -f ${localWorkspaceFolder}/_lxc-template.yml",
+    "clean_image": "rm -f ${localWorkspaceFolder}/*.tar.*"
+  },
   "customizations": {
     "vscode": {
       "extensions": [

From 0eeac069a2026f8904310962b7434f5c4cc2ae8f Mon Sep 17 00:00:00 2001
From: Soubinan <contact@soubinan.tk>
Date: Mon, 1 Jul 2024 18:40:27 +0000
Subject: [PATCH 09/37] Add lsb-release package to the base template and notice
 about already declared packages in README

---
 README.md                 | 1 +
 templates/__debian_base.k | 1 +
 2 files changed, 2 insertions(+)

diff --git a/README.md b/README.md
index af08201..fcf9f2e 100644
--- a/README.md
+++ b/README.md
@@ -39,6 +39,7 @@ It is very straight forward to add a new build template:
 - [Install yq](https://mikefarah.gitbook.io/yq#install)
 
 [Step 2] Create your LXC template (checck the `templates/` directory to see the already existing examples)
+> Note: the base template already has some packages in its definition so you don't need to add them twice, those packages are: fuse, openssh-server, lsb-release, openssl, cloud-init, curl, wget, gpg, vim
 
 [ Step 3] Run the following commands
 
diff --git a/templates/__debian_base.k b/templates/__debian_base.k
index 62684c3..7a4b062 100644
--- a/templates/__debian_base.k
+++ b/templates/__debian_base.k
@@ -1194,6 +1194,7 @@ packages = {
             packages = [
                 "fuse"
                 "openssh-server"
+                "lsb-release"
                 "openssl"
                 "cloud-init"
                 "curl"

From fbff697dae476ffe6841e50283f11c8e0858641c Mon Sep 17 00:00:00 2001
From: Soubinan <contact@soubinan.tk>
Date: Mon, 1 Jul 2024 21:47:48 +0000
Subject: [PATCH 10/37] Add template: BunkerWeb

---
 .github/workflows/build-bunkerweb.yml | 49 +++++++++++++++++++++++++++
 templates/bunkerweb.yml               | 25 ++++++++++++++
 2 files changed, 74 insertions(+)
 create mode 100644 .github/workflows/build-bunkerweb.yml
 create mode 100644 templates/bunkerweb.yml

diff --git a/.github/workflows/build-bunkerweb.yml b/.github/workflows/build-bunkerweb.yml
new file mode 100644
index 0000000..487d731
--- /dev/null
+++ b/.github/workflows/build-bunkerweb.yml
@@ -0,0 +1,49 @@
+name: Build BunkerWeb LXC Image
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - closed
+    branches:
+      - main
+    paths:
+      - '.github/workflows/build-bunkerweb.yml'
+      - 'templates/bunkerweb.yml'
+  schedule:
+    - cron: '0 2 */1 * *'
+
+jobs:
+  init:
+    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get Application version
+        id: get-app-version
+        run: |
+          echo "APP_VERSION=$(curl -s https://github.com/bunkerity/bunkerweb/releases/latest | jq -r '.tag_name' | sed -E 's/.*v|.*V|.+@//')" >> $GITHUB_OUTPUT
+    outputs:
+      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
+
+  image-build:
+    needs: init
+    strategy:
+      matrix:
+        architectures:
+          - amd64
+    uses: ./.github/workflows/builder.yml
+    with:
+      config_path: templates/bunkerweb.yml
+      app_name: bunkerweb
+      app_version: ${{needs.init.outputs.app_version}}
+      description: BunkerWeb is a next-generation and open-source Web Application Firewall (WAF).
+      categories: WAF, Security
+      project_source: https://github.com/bunkerity/bunkerweb
+      distribution: debian
+      release: bullseye
+      architecture: ${{matrix.architectures}}
+      branch_name: ${{github.event.pull_request.base.ref}}
+      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
+    secrets: inherit
diff --git a/templates/bunkerweb.yml b/templates/bunkerweb.yml
new file mode 100644
index 0000000..08f6683
--- /dev/null
+++ b/templates/bunkerweb.yml
@@ -0,0 +1,25 @@
+name: BunkerWeb
+
+packages:
+- ca-certificates
+- gnupg2
+- debian-archive-keyring
+
+actions:
+- trigger: post-files
+  pongo: true
+  action: |-
+    #!/bin/bash
+    set -eux
+
+    curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
+    echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/debian `lsb_release -cs` nginx" | tee /etc/apt/sources.list.d/nginx.list
+
+    export UI_WIZARD=1
+    curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.deb.sh | bash
+
+    apt install -y bunkerweb={{image.serial}}
+    apt-mark hold nginx bunkerweb
+
+    systemctl enable bunkerweb.service
+    systemctl enable bunkerweb-ui.service

From 44b959ec4f91a95aaa1a1ba448d75fc974d621f4 Mon Sep 17 00:00:00 2001
From: Soubinan <contact@soubinan.tk>
Date: Mon, 1 Jul 2024 22:06:32 +0000
Subject: [PATCH 11/37] Update Grafana template: remove unexpected sudo

---
 templates/grafana.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/grafana.yml b/templates/grafana.yml
index d04a2d4..abfcc96 100644
--- a/templates/grafana.yml
+++ b/templates/grafana.yml
@@ -12,7 +12,7 @@ actions:
     set -eux
 
     mkdir -p /etc/apt/keyrings/
-    wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor | sudo tee /etc/apt/keyrings/grafana.gpg > /dev/null
+    wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor | tee /etc/apt/keyrings/grafana.gpg > /dev/null
 
     echo "deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com stable main" | tee -a /etc/apt/sources.list.d/grafana.list
 

From d90cc37847b72910ad2037e8f5974964dc29828d Mon Sep 17 00:00:00 2001
From: Soubinan <contact@soubinan.tk>
Date: Wed, 3 Jul 2024 06:26:52 +0000
Subject: [PATCH 12/37] Update readme

Update redame
---
 README.md | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index fcf9f2e..6884bac 100644
--- a/README.md
+++ b/README.md
@@ -23,10 +23,10 @@ Open an issue to submit the application details and we will try to add it as soo
 
 It is very straight forward to add a new build template:
 
-- Create a distrobuilder template
+- Create a [distrobuilder](https://linuxcontainers.org/distrobuilder/docs/latest/) template
 
-   - check the `templates/` directory to see some examples of already existing builds
-   - check the [distrobuilder](https://linuxcontainers.org/distrobuilder/docs/latest/) docs about how to use the keys `files` and `actions`
+   - check the `templates/` directory to see some examples of already existing builds (you can take the template `templates/apisix.yml` as a solid example).
+   - check the [distrobuilder](https://linuxcontainers.org/distrobuilder/docs/latest/) docs about how to use the keys `files` and `actions` to see all possibilities available to you. Only both are using [distrobuilder](https://linuxcontainers.org/distrobuilder/docs/latest/) directly. Other keys like `repositories` and `packages` are preprocessed before to be used by [distrobuilder](https://linuxcontainers.org/distrobuilder/docs/latest/) but are pretty easy to use.
 
 - Create a job to build the LXC image (check the `.github/workflows/` to see some examples of already existing builds)
 
@@ -39,13 +39,15 @@ It is very straight forward to add a new build template:
 - [Install yq](https://mikefarah.gitbook.io/yq#install)
 
 [Step 2] Create your LXC template (checck the `templates/` directory to see the already existing examples)
+
 > Note: the base template already has some packages in its definition so you don't need to add them twice, those packages are: fuse, openssh-server, lsb-release, openssl, cloud-init, curl, wget, gpg, vim
 
 [ Step 3] Run the following commands
 
 ```sh {"id":"01J0MNYBZ7PPTE87YJCNJPC101"}
 # Your template should be in the ./templates directory
-read -p "Your template filename (ie. myapp.yml): " template_file && yq eval '. as $root | {"kcl_options": [{"key": "build-instructions", "value": $root}]}' ./templates/${template_file} > _lxc-partial.yml && echo "_lxc-partial.yml has been successfully generated !"
+# Uses myapp.yml as default value. This file do not really exists!
+read -p "Your template filename [myapp.yml]: " template_file && yq eval '. as $root | {"kcl_options": [{"key": "build-instructions", "value": $root}]}' ./templates/${template_file:-'myapp.yml'} > _lxc-partial.yml && echo "_lxc-partial.yml has been successfully generated !"
 ls -lash ./_lxc-partial.yml
 ```
 
@@ -60,5 +62,7 @@ Check the content of `_lxc-template` file to verify all is as expected. It shoul
 ```sh {"excludeFromRunAll":"false","id":"01J0MPGBG024BTJHTE54YMJP97"}
 # Build your LXC image
 # Do not work if exected into a container
-read -p "Enter the application version to build: " version && distrobuilder build-lxc _lxc-template.yml -o image.architecture=amd64 -o image.release=bookworm -o image.serial="${version}" -o source.url="http://ftp.us.debian.org/debian"
+# Uses 1.0.0 as default value
+# This will raise an error if you use the image.serial variable in your template while your application do not have any 1.0.0 version
+read -p "Enter the application version to build [1.0.0]: " version && distrobuilder build-lxc _lxc-template.yml -o image.architecture=amd64 -o image.release=bookworm -o image.serial="${version:-'1.0.0'}" -o source.url="http://ftp.us.debian.org/debian"
 ```

From 2ce8e5f81c0ab570efa7b3b58ad5d73d1a7bfe99 Mon Sep 17 00:00:00 2001
From: Soubinan <contact@soubinan.tk>
Date: Wed, 3 Jul 2024 06:27:49 +0000
Subject: [PATCH 13/37] Add template: Node-Red

---
 .github/workflows/build-nodered.yml | 49 +++++++++++++++++++
 templates/nodered.yml               | 76 +++++++++++++++++++++++++++++
 2 files changed, 125 insertions(+)
 create mode 100644 .github/workflows/build-nodered.yml
 create mode 100644 templates/nodered.yml

diff --git a/.github/workflows/build-nodered.yml b/.github/workflows/build-nodered.yml
new file mode 100644
index 0000000..db38c50
--- /dev/null
+++ b/.github/workflows/build-nodered.yml
@@ -0,0 +1,49 @@
+name: Build Node-RED LXC Image
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - closed
+    branches:
+      - main
+    paths:
+      - '.github/workflows/build-nodered.yml'
+      - 'templates/nodered.yml'
+  schedule:
+    - cron: '0 2 */1 * *'
+
+jobs:
+  init:
+    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get Application version
+        id: get-app-version
+        run: |
+          echo "APP_VERSION=$(curl -s https://github.com/node-red/node-red/releases/latest | jq -r '.tag_name' | sed -E 's/.*v|.*V|.+@| .*$//')" >> $GITHUB_OUTPUT
+    outputs:
+      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
+
+  image-build:
+    needs: init
+    strategy:
+      matrix:
+        architectures:
+          - amd64
+    uses: ./.github/workflows/builder.yml
+    with:
+      config_path: templates/nodered.yml
+      app_name: nodered
+      app_version: ${{needs.init.outputs.app_version}}
+      description: Low-code programming for event-driven applications
+      categories: Automation, Workflows
+      project_source: https://github.com/node-red/node-red
+      distribution: debian
+      release: bullseye
+      architecture: ${{matrix.architectures}}
+      branch_name: ${{github.event.pull_request.base.ref}}
+      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
+    secrets: inherit
diff --git a/templates/nodered.yml b/templates/nodered.yml
new file mode 100644
index 0000000..9bc5ea5
--- /dev/null
+++ b/templates/nodered.yml
@@ -0,0 +1,76 @@
+name: Node-Red
+
+files:
+- path: /etc/systemd/system/nodered.service
+  generator: dump
+  mode: '0440'
+  content: |-
+    [Unit]
+    Description=Node-RED
+    After=syslog.target network.target
+
+    [Service]
+    ExecStart=/usr/bin/node-red --max-old-space-size=128 -v
+    Restart=on-failure
+    KillSignal=SIGINT
+
+    SyslogIdentifier=node-red
+    StandardOutput=syslog
+
+    WorkingDirectory=/root/
+    User=root
+    Group=root
+
+    [Install]
+    WantedBy=multi-user.target
+
+packages:
+- ca-certificates
+- git
+- nodejs
+
+repositories:
+  - name: nodejs
+    url: |-
+      deb http://deb.nodesource.com/node_20.x nodistro main
+    key: |-
+      -----BEGIN PGP PUBLIC KEY BLOCK-----
+
+      mQENBFdDN1ABCADaNd/I3j3tn40deQNgz7hB2NvT+syXe6k4ZmdiEcOfBvFrkS8B
+      hNS67t93etHsxEy7E0qwsZH32bKazMqe9zDwoa3aVImryjh6SHC9lMtW27JPHFeM
+      Srkt9YmH1WMwWcRO6eSY9B3PpazquhnvbammLuUojXRIxkDroy6Fw4UKmUNSRr32
+      9Ej87jRoR1B2/57Kfp2Y4+vFGGzSvh3AFQpBHq51qsNHALU6+8PjLfIt+5TPvaWR
+      TB+kAZnQZkaIQM2nr1n3oj6ak2RATY/+kjLizgFWzgEfbCrbsyq68UoY5FPBnu4Z
+      E3iDZpaIqwKr0seUC7iA1xM5eHi5kty1oB7HABEBAAG0Ik5Tb2xpZCA8bnNvbGlk
+      LWdwZ0Bub2Rlc291cmNlLmNvbT6JATgEEwECACIFAldDN1ACGwMGCwkIBwMCBhUI
+      AgkKCwQWAgMBAh4BAheAAAoJEC9ZtfmbG+C0y7wH/i4xnab36dtrYW7RZwL8i6Sc
+      NjMx4j9+U1kr/F6YtqWd+JwCbBdar5zRghxPcYEq/qf7MbgAYcs1eSOuTOb7n7+o
+      xUwdH2iCtHhKh3Jr2mRw1ks7BbFZPB5KmkxHaEBfLT4d+I91ZuUdPXJ+0SXs9gzk
+      Dbz65Uhoz3W03aiF8HeL5JNARZFMbHHNVL05U1sTGTCOtu+1c/33f3TulQ/XZ3Y4
+      hwGCpLe0Tv7g7Lp3iLMZMWYPEa0a7S4u8he5IEJQLd8bE8jltcQvrdr3Fm8kI2Jg
+      BJmUmX4PSfhuTCFaR/yeCt3UoW883bs9LfbTzIx9DJGpRIu8Y0IL3b4sj/GoZVq5
+      AQ0EV0M3UAEIAKrTaC62ayzqOIPa7nS90BHHck4Z33a2tZF/uof38xNOiyWGhT8u
+      JeFoTTHn5SQq5Ftyu4K3K2fbbpuu/APQF05AaljzVkDGNMW4pSkgOasdysj831cu
+      ssrHX2RYS22wg80k6C/Hwmh5F45faEuNxsV+bPx7oPUrt5n6GMx84vEP3i1+FDBi
+      0pt/B/QnDFBXki1BGvJ35f5NwDefK8VaInxXP3ZN/WIbtn5dqxppkV/YkO7GiJlp
+      Jlju9rf3kKUIQzKQWxFsbCAPIHoWv7rH9RSxgDithXtG6Yg5R1aeBbJaPNXL9wpJ
+      YBJbiMjkAFaz4B95FOqZm3r7oHugiCGsHX0AEQEAAYkBHwQYAQIACQUCV0M3UAIb
+      DAAKCRAvWbX5mxvgtE/OB/0VN88DR3Y3fuqy7lq/dthkn7Dqm9YXdorZl3L152eE
+      IF882aG8FE3qZdaLGjQO4oShAyNWmRfSGuoH0XERXAI9n0r8m4mDMxE6rtP7tHet
+      y/5M8x3CTyuMgx5GLDaEUvBusnTD+/v/fBMwRK/cZ9du5PSG4R50rtst+oYyC2ao
+      x4I2SgjtF/cY7bECsZDplzatN3gv34PkcdIg8SLHAVlL4N5tzumDeizRspcSyoy2
+      K2+hwKU4C4+dekLLTg8rjnRROvplV2KtaEk6rxKtIRFDCoQng8wfJuIMrDNKvqZw
+      FRGt7cbvW5MCnuH8MhItOl9Uxp1wHp6gtav/h8Gp6MBa
+      =MARt
+      -----END PGP PUBLIC KEY BLOCK-----
+
+actions:
+- trigger: post-files
+  pongo: true
+  action: |-
+    #!/bin/bash
+    set -eux
+
+    npm install -g --unsafe-perm node-red
+
+    systemctl enable nodered.service

From 52770d48fd7554a9f6b621a48d430b039b52dce7 Mon Sep 17 00:00:00 2001
From: Soubinan <contact@soubinan.tk>
Date: Sun, 7 Jul 2024 18:46:14 +0000
Subject: [PATCH 14/37] Update base template: Add ca-certificates package as a
 default one

---
 templates/__debian_base.k | 1 +
 templates/bunkerweb.yml   | 1 -
 templates/nodered.yml     | 1 -
 3 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/templates/__debian_base.k b/templates/__debian_base.k
index 7a4b062..933b26d 100644
--- a/templates/__debian_base.k
+++ b/templates/__debian_base.k
@@ -1196,6 +1196,7 @@ packages = {
                 "openssh-server"
                 "lsb-release"
                 "openssl"
+                "ca-certificates"
                 "cloud-init"
                 "curl"
                 "wget"
diff --git a/templates/bunkerweb.yml b/templates/bunkerweb.yml
index 08f6683..b11dc80 100644
--- a/templates/bunkerweb.yml
+++ b/templates/bunkerweb.yml
@@ -1,7 +1,6 @@
 name: BunkerWeb
 
 packages:
-- ca-certificates
 - gnupg2
 - debian-archive-keyring
 
diff --git a/templates/nodered.yml b/templates/nodered.yml
index 9bc5ea5..c619d5d 100644
--- a/templates/nodered.yml
+++ b/templates/nodered.yml
@@ -25,7 +25,6 @@ files:
     WantedBy=multi-user.target
 
 packages:
-- ca-certificates
 - git
 - nodejs
 

From 433f3c29927bbe827469524ef0d1dab677aa2f79 Mon Sep 17 00:00:00 2001
From: Soubinan <contact@soubinan.tk>
Date: Mon, 8 Jul 2024 14:22:45 +0000
Subject: [PATCH 15/37] Upgrade os release for: adguard, bunkerweb, grafana,
 nodered

---
 .github/workflows/build-adguard.yml   | 2 +-
 .github/workflows/build-bunkerweb.yml | 2 +-
 .github/workflows/build-grafana.yml   | 2 +-
 .github/workflows/build-nodered.yml   | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/build-adguard.yml b/.github/workflows/build-adguard.yml
index 58094c1..a3b9310 100644
--- a/.github/workflows/build-adguard.yml
+++ b/.github/workflows/build-adguard.yml
@@ -42,7 +42,7 @@ jobs:
       categories: DNS, Privacy
       project_source: https://github.com/AdguardTeam/AdGuardHome
       distribution: debian
-      release: bullseye
+      release: bookworm
       architecture: ${{matrix.architectures}}
       branch_name: ${{github.event.pull_request.base.ref}}
       is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
diff --git a/.github/workflows/build-bunkerweb.yml b/.github/workflows/build-bunkerweb.yml
index 487d731..516dc88 100644
--- a/.github/workflows/build-bunkerweb.yml
+++ b/.github/workflows/build-bunkerweb.yml
@@ -42,7 +42,7 @@ jobs:
       categories: WAF, Security
       project_source: https://github.com/bunkerity/bunkerweb
       distribution: debian
-      release: bullseye
+      release: bookworm
       architecture: ${{matrix.architectures}}
       branch_name: ${{github.event.pull_request.base.ref}}
       is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
diff --git a/.github/workflows/build-grafana.yml b/.github/workflows/build-grafana.yml
index 2e7fe9c..64c3493 100644
--- a/.github/workflows/build-grafana.yml
+++ b/.github/workflows/build-grafana.yml
@@ -42,7 +42,7 @@ jobs:
       categories: Monitoring, Dashboard, Analytics
       project_source: https://github.com/grafana/grafana
       distribution: debian
-      release: bullseye
+      release: bookworm
       architecture: ${{matrix.architectures}}
       branch_name: ${{github.event.pull_request.base.ref}}
       is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
diff --git a/.github/workflows/build-nodered.yml b/.github/workflows/build-nodered.yml
index db38c50..6eb7399 100644
--- a/.github/workflows/build-nodered.yml
+++ b/.github/workflows/build-nodered.yml
@@ -42,7 +42,7 @@ jobs:
       categories: Automation, Workflows
       project_source: https://github.com/node-red/node-red
       distribution: debian
-      release: bullseye
+      release: bookworm
       architecture: ${{matrix.architectures}}
       branch_name: ${{github.event.pull_request.base.ref}}
       is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}

From f6a602505a00017ec21296dcd316bbaf6c4d3ee9 Mon Sep 17 00:00:00 2001
From: Soubinan <contact@soubinan.tk>
Date: Mon, 8 Jul 2024 14:23:21 +0000
Subject: [PATCH 16/37] add buster release in old OS list

---
 templates/__debian_base.k | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/templates/__debian_base.k b/templates/__debian_base.k
index 933b26d..b1f5b6f 100644
--- a/templates/__debian_base.k
+++ b/templates/__debian_base.k
@@ -1249,7 +1249,10 @@ actions = [
     {
         trigger = "post-files"
         action = _script_reset_resolvconf_old
-        releases = ["bullseye"]
+        releases = [
+            "bullseye",
+            "buster"
+        ]
     }
 ]
 mappings = {architecture_map = "debian"}

From f4885127442a8c0fd497a2333367d7da47c8d8ed Mon Sep 17 00:00:00 2001
From: Soubinan <contact@soubinan.tk>
Date: Mon, 8 Jul 2024 19:07:25 +0000
Subject: [PATCH 17/37] Set software-properties-common as a default package

---
 templates/__debian_base.k | 10 ++++++++--
 templates/grafana.yml     |  4 ----
 templates/infisical.yml   |  2 --
 templates/servarr.yml     |  1 -
 4 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/templates/__debian_base.k b/templates/__debian_base.k
index b1f5b6f..b9a5be8 100644
--- a/templates/__debian_base.k
+++ b/templates/__debian_base.k
@@ -998,7 +998,8 @@ printf '\\n'"""
 _debian_repositories = """\
 deb http://deb.debian.org/debian {{ image.release }} main non-free non-free-firmware bookworm-backports contrib
 deb http://deb.debian.org/debian {{ image.release }}-updates main non-free non-free-firmware bookworm-backports contrib
-deb http://deb.debian.org/debian-security/ {{ image.release }}-security main non-free non-free-firmware bookworm-backports contrib"""
+{% if image.release != 'sid' and image.release != 'buster' %}deb http://deb.debian.org/debian-security/ {{ image.release }}-security main non-free non-free-firmware bookworm-backports contrib{% endif %}
+{% if image.release == 'buster' %}deb http://deb.debian.org/debian-security/ {{ image.release }}/updates main non-free non-free-firmware bookworm-backports contrib{% endif %}"""
 _script_set_resolvconf = """\
 #!/bin/bash
 set -eux
@@ -1197,11 +1198,13 @@ packages = {
                 "lsb-release"
                 "openssl"
                 "ca-certificates"
+                "apt-transport-https"
                 "cloud-init"
                 "curl"
                 "wget"
                 "gpg"
                 "vim"
+                "software-properties-common"
             ]
             action = "install"
         }
@@ -1225,7 +1228,10 @@ actions = [
     {
         trigger = "post-packages"
         action = _script_enable_resolved
-        releases = ["bookworm"]
+        releases = [
+            "bookworm",
+            "trixie",
+        ]
     }
     {
         trigger = "post-packages"
diff --git a/templates/grafana.yml b/templates/grafana.yml
index abfcc96..b08b2f6 100644
--- a/templates/grafana.yml
+++ b/templates/grafana.yml
@@ -1,9 +1,5 @@
 name: Grafana
 
-packages:
-- apt-transport-https
-- software-properties-common
-
 actions:
 - trigger: post-files
   pongo: true
diff --git a/templates/infisical.yml b/templates/infisical.yml
index ffe3552..81716db 100644
--- a/templates/infisical.yml
+++ b/templates/infisical.yml
@@ -89,8 +89,6 @@ files:
     WantedBy=multi-user.target
 
 packages:
-- software-properties-common
-- apt-transport-https
 - git
 - nodejs
 - redis
diff --git a/templates/servarr.yml b/templates/servarr.yml
index 2c5756b..fd233a2 100644
--- a/templates/servarr.yml
+++ b/templates/servarr.yml
@@ -179,7 +179,6 @@ files:
     WantedBy=multi-user.target
 
 packages:
-- software-properties-common
 - git
 - sqlite3
 - python3-pip

From 981d81879841f66808cca18109af6f7e9d47ecf0 Mon Sep 17 00:00:00 2001
From: Soubinan <contact@soubinan.tk>
Date: Mon, 8 Jul 2024 19:26:24 +0000
Subject: [PATCH 18/37] Update readme

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 6884bac..73827b0 100644
--- a/README.md
+++ b/README.md
@@ -59,7 +59,7 @@ ls -lash ./_lxc-template.yml
 
 Check the content of `_lxc-template` file to verify all is as expected. It should contains the conplete configuration (based on `./templates/__debian_base.k`)
 
-```sh {"excludeFromRunAll":"false","id":"01J0MPGBG024BTJHTE54YMJP97"}
+```sh {"excludeFromRunAll":"true","id":"01J0MPGBG024BTJHTE54YMJP97"}
 # Build your LXC image
 # Do not work if exected into a container
 # Uses 1.0.0 as default value

From 390c55b593d9c21766c27a040340823fea08dd12 Mon Sep 17 00:00:00 2001
From: Soubinan <contact@soubinan.tk>
Date: Mon, 8 Jul 2024 19:26:43 +0000
Subject: [PATCH 19/37] add template: omada

---
 .github/workflows/build-omada.yml | 51 +++++++++++++++++++++++++++++++
 templates/omada.yml               | 46 ++++++++++++++++++++++++++++
 2 files changed, 97 insertions(+)
 create mode 100644 .github/workflows/build-omada.yml
 create mode 100644 templates/omada.yml

diff --git a/.github/workflows/build-omada.yml b/.github/workflows/build-omada.yml
new file mode 100644
index 0000000..cc5492f
--- /dev/null
+++ b/.github/workflows/build-omada.yml
@@ -0,0 +1,51 @@
+name: Build Omada LXC Image
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - closed
+    branches:
+      - main
+    paths:
+      - '.github/workflows/build-omada.yml'
+      - 'templates/omada.yml'
+  schedule:
+    - cron: '0 1 */1 * *'
+
+jobs:
+  init:
+    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get Application version
+        id: get-app-version
+        run: |
+          echo "APP_VERSION=$(echo $(curl -fsSL "https://www.tp-link.com/en/support/download/omada-software-controller/"|grep -io "https.*Omada_SDN_Controller.*linux_x64.deb"|head -n1) |grep -oE "v[0-9]+.[0-9]+.[0-9]+"| sed -E 's/^v|V|.+@//')" >> $GITHUB_OUTPUT
+    outputs:
+      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
+
+  image-build:
+    needs: init
+    strategy:
+      matrix:
+        architectures:
+          - amd64
+    uses: ./.github/workflows/builder.yml
+    with:
+      config_path: templates/omada.yml
+      app_name: omada
+      app_version: ${{needs.init.outputs.app_version}}
+      description: |
+        Omada SDN Controller Solution offers centralized and efficient management for configuring enterprise
+        networks comprised of security gateways, switches, and wireless access points.
+      categories: SDN, Networks
+      project_source: https://www.tp-link.com/en/support/download/omada-software-controller
+      distribution: debian
+      release: bookworm
+      architecture: ${{matrix.architectures}}
+      branch_name: ${{github.event.pull_request.base.ref}}
+      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
+    secrets: inherit
diff --git a/templates/omada.yml b/templates/omada.yml
new file mode 100644
index 0000000..e640578
--- /dev/null
+++ b/templates/omada.yml
@@ -0,0 +1,46 @@
+name: Omada
+
+files:
+- path: /etc/systemd/system/nodered.service
+  generator: dump
+  mode: '0440'
+  content: |-
+    [Unit]
+    Description=Node-RED
+    After=syslog.target network.target
+
+    [Service]
+    ExecStart=/usr/bin/node-red --max-old-space-size=128 -v
+    Restart=on-failure
+    KillSignal=SIGINT
+
+    SyslogIdentifier=node-red
+    StandardOutput=syslog
+
+    WorkingDirectory=/root/
+    User=root
+    Group=root
+
+    [Install]
+    WantedBy=multi-user.target
+
+packages:
+- jsvc
+- gnupg
+- nvidia-openjdk-8-jre
+- libssl-dev
+
+actions:
+- trigger: post-files
+  pongo: true
+  action: |-
+    #!/bin/bash
+    set -eux
+
+    cd /tmp
+
+    wget -qL https://repo.mongodb.org/apt/debian/dists/buster/mongodb-org/4.4/main/binary-amd64/mongodb-org-server_4.4.29_amd64.deb
+    apt install -fy ./mongodb-org-server*_amd64.deb
+
+    wget -qL $(curl -fsSL "https://www.tp-link.com/en/support/download/omada-software-controller/"|grep -io "https.*Omada_SDN_Controller.*linux_x64.deb"|head -n1)
+    apt install -fy ./*Omada_SDN_Controller*.deb

From ed65a9c2d029f5e2193ce8e34bd37b636db4fc0a Mon Sep 17 00:00:00 2001
From: Soubinan <contact@soubinan.tk>
Date: Mon, 8 Jul 2024 19:26:59 +0000
Subject: [PATCH 20/37] update categories

---
 .github/workflows/build-ittools.yml    | 2 +-
 .github/workflows/build-jellyfin.yml   | 2 +-
 .github/workflows/build-jellyseerr.yml | 2 +-
 .github/workflows/build-kestra.yml     | 2 +-
 .github/workflows/build-servarr.yml    | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/build-ittools.yml b/.github/workflows/build-ittools.yml
index a42b629..5a826bf 100644
--- a/.github/workflows/build-ittools.yml
+++ b/.github/workflows/build-ittools.yml
@@ -39,7 +39,7 @@ jobs:
       app_name: it-tools
       app_version: ${{needs.init.outputs.app_version}}
       description: Useful tools for developers and peoples working in IT.
-      categories: Dev, Collection
+      categories: Dev, Toolkit
       project_source: https://github.com/CorentinTh/it-tools
       distribution: debian
       release: bookworm
diff --git a/.github/workflows/build-jellyfin.yml b/.github/workflows/build-jellyfin.yml
index 988605a..375ab57 100644
--- a/.github/workflows/build-jellyfin.yml
+++ b/.github/workflows/build-jellyfin.yml
@@ -39,7 +39,7 @@ jobs:
       app_name: jellyfin
       app_version: ${{needs.init.outputs.app_version}}
       description: A Free Software Media System to collect, manage, and stream your media.
-      categories: Media, Streaming
+      categories: Media management, Streaming
       project_source: https://github.com/jellyfin/jellyfin
       distribution: debian
       release: bookworm
diff --git a/.github/workflows/build-jellyseerr.yml b/.github/workflows/build-jellyseerr.yml
index 35cd529..fff6548 100644
--- a/.github/workflows/build-jellyseerr.yml
+++ b/.github/workflows/build-jellyseerr.yml
@@ -39,7 +39,7 @@ jobs:
       app_name: jellyseerr
       app_version: ${{needs.init.outputs.app_version}}
       description: Open source software application for managing requests for your media library.
-      categories: Media, Streaming
+      categories: Media management
       project_source: https://github.com/Fallenbagel/jellyseerr
       distribution: debian
       release: bookworm
diff --git a/.github/workflows/build-kestra.yml b/.github/workflows/build-kestra.yml
index c59d5b9..950aa92 100644
--- a/.github/workflows/build-kestra.yml
+++ b/.github/workflows/build-kestra.yml
@@ -39,7 +39,7 @@ jobs:
       app_name: kestra
       app_version: ${{needs.init.outputs.app_version}}
       description: Kestra is a free and open-source workflow orchestrator and automation tool.
-      categories: Automation, Workflows
+      categories: Automation, Orchestration
       project_source: https://github.com/kestra-io/kestra
       distribution: debian
       release: bookworm
diff --git a/.github/workflows/build-servarr.yml b/.github/workflows/build-servarr.yml
index b231e4e..07bfa3b 100644
--- a/.github/workflows/build-servarr.yml
+++ b/.github/workflows/build-servarr.yml
@@ -39,7 +39,7 @@ jobs:
       app_name: servarr
       app_version: ${{needs.init.outputs.app_version}}
       description: Media organizer/manager stack (ARR) for usenet and torrent users. This stack includes QBitTorrent, SABnzbd, FlareSolverr, Bazarr and the ARR stack.
-      categories: Movies, TV, Torrent
+      categories: Media management
       project_source: https://wiki.servarr.com
       distribution: debian
       release: bookworm

From c5d41b6562103e9bfdd229257111beda5231b498 Mon Sep 17 00:00:00 2001
From: Soubinan <contact@soubinan.tk>
Date: Mon, 8 Jul 2024 19:54:22 +0000
Subject: [PATCH 21/37] update template: servarr, minor reformatting

---
 templates/servarr.yml | 41 +++++++++++++++++++++--------------------
 1 file changed, 21 insertions(+), 20 deletions(-)

diff --git a/templates/servarr.yml b/templates/servarr.yml
index fd233a2..cdae5bf 100644
--- a/templates/servarr.yml
+++ b/templates/servarr.yml
@@ -106,36 +106,37 @@ files:
     Restart=on-failure
     [Install]
     WantedBy=multi-user.target
-- path: /etc/systemd/system/flaresolverr.service
+
+- path: /etc/systemd/system/bazarr.service
   generator: dump
   mode: '0440'
   content: |-
     [Unit]
-    Description=FlareSolverr Daemon
+    Description=Bazarr Daemon
     After=syslog.target network.target
     [Service]
-    User=flaresolverr
+    User=bazarr
     Group=media
     Type=simple
-    ExecStart=/opt/FlareSolverr/venv/bin/python -u /opt/FlareSolverr/src/flaresolverr.py
+    ExecStart=/opt/bazarr/venv/bin/python -u /opt/bazarr/bazarr.py
     TimeoutStopSec=20
     KillMode=process
     Restart=on-failure
     [Install]
     WantedBy=multi-user.target
 
-- path: /etc/systemd/system/bazarr.service
+- path: /etc/systemd/system/flaresolverr.service
   generator: dump
   mode: '0440'
   content: |-
     [Unit]
-    Description=Bazarr Daemon
+    Description=FlareSolverr Daemon
     After=syslog.target network.target
     [Service]
-    User=bazarr
+    User=flaresolverr
     Group=media
     Type=simple
-    ExecStart=/opt/bazarr/venv/bin/python -u /opt/bazarr/bazarr.py
+    ExecStart=/opt/FlareSolverr/venv/bin/python -u /opt/FlareSolverr/src/flaresolverr.py
     TimeoutStopSec=20
     KillMode=process
     Restart=on-failure
@@ -263,6 +264,18 @@ actions:
     systemctl enable whisparr.service
     rm -rf *.tar.gz
 
+    mkdir /opt/bazarr
+    useradd --home-dir /opt/bazarr --shell /bin/sh bazarr
+    usermod -aG media bazarr
+    wget https://github.com/morpheus65535/bazarr/releases/latest/download/bazarr.zip -O /opt/bazarr.zip
+    unzip /opt/bazarr.zip -d /opt/bazarr
+    cd /opt/bazarr
+    python3 -m venv venv
+    /opt/bazarr/venv/bin/python -m pip install -r requirements.txt
+    chown -R bazarr:bazarr /opt/bazarr
+    systemctl enable bazarr.service
+    rm -rf /opt/*.zip
+
     mkdir -p /tmp/{libgl1-mesa-dri,adwaita-icon-theme} /pkgs 
     cd /tmp/libgl1-mesa-dri
     equivs-control libgl1-mesa-dri
@@ -291,18 +304,6 @@ actions:
     rm -f /usr/lib/x86_64-linux-gnu/mfx/*
     rm -rf /pkgs
 
-    mkdir /opt/bazarr
-    useradd --home-dir /opt/bazarr --shell /bin/sh bazarr
-    usermod -aG media bazarr
-    wget https://github.com/morpheus65535/bazarr/releases/latest/download/bazarr.zip -O /opt/bazarr.zip
-    unzip /opt/bazarr.zip -d /opt/bazarr
-    cd /opt/bazarr
-    python3 -m venv venv
-    /opt/bazarr/venv/bin/python -m pip install -r requirements.txt
-    chown -R bazarr:bazarr /opt/bazarr
-    systemctl enable bazarr.service
-    rm -rf /opt/*.zip
-
     useradd -m --home-dir /opt/qbittorrent qbittorrent
     usermod -aG media qbittorrent
     systemctl enable qbittorrent.service

From 0f4287811ff413b29e434b0c4a2572174316b6f3 Mon Sep 17 00:00:00 2001
From: Soubinan <contact@soubinan.tk>
Date: Mon, 8 Jul 2024 20:40:53 +0000
Subject: [PATCH 22/37] update template: fix typo in cron expression

---
 .github/workflows/build-adguard.yml    | 2 +-
 .github/workflows/build-apisix.yml     | 2 +-
 .github/workflows/build-bunkerweb.yml  | 2 +-
 .github/workflows/build-codeserver.yml | 2 +-
 .github/workflows/build-gitea.yml      | 2 +-
 .github/workflows/build-grafana.yml    | 2 +-
 .github/workflows/build-nodered.yml    | 2 +-
 7 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/build-adguard.yml b/.github/workflows/build-adguard.yml
index a3b9310..95a3032 100644
--- a/.github/workflows/build-adguard.yml
+++ b/.github/workflows/build-adguard.yml
@@ -13,7 +13,7 @@ on:
       - '.github/workflows/build-adguard.yml'
       - 'templates/adguard.yml'
   schedule:
-    - cron: '0 2 */1 * *'
+    - cron: '0 2 * * *'
 
 jobs:
   init:
diff --git a/.github/workflows/build-apisix.yml b/.github/workflows/build-apisix.yml
index 3424c27..fb968bf 100644
--- a/.github/workflows/build-apisix.yml
+++ b/.github/workflows/build-apisix.yml
@@ -13,7 +13,7 @@ on:
       - '.github/workflows/build-apisix.yml'
       - 'templates/apisix.yml'
   schedule:
-    - cron: '0 2 */1 * *'
+    - cron: '0 2 * * *'
 
 jobs:
   init:
diff --git a/.github/workflows/build-bunkerweb.yml b/.github/workflows/build-bunkerweb.yml
index 516dc88..32ec0b9 100644
--- a/.github/workflows/build-bunkerweb.yml
+++ b/.github/workflows/build-bunkerweb.yml
@@ -13,7 +13,7 @@ on:
       - '.github/workflows/build-bunkerweb.yml'
       - 'templates/bunkerweb.yml'
   schedule:
-    - cron: '0 2 */1 * *'
+    - cron: '0 2 * * *'
 
 jobs:
   init:
diff --git a/.github/workflows/build-codeserver.yml b/.github/workflows/build-codeserver.yml
index ab4f2eb..8661b01 100644
--- a/.github/workflows/build-codeserver.yml
+++ b/.github/workflows/build-codeserver.yml
@@ -13,7 +13,7 @@ on:
       - '.github/workflows/build-codeserver.yml'
       - 'templates/code-server.yml'
   schedule:
-    - cron: '0 2 */1 * *'
+    - cron: '0 2 * * *'
 
 jobs:
   init:
diff --git a/.github/workflows/build-gitea.yml b/.github/workflows/build-gitea.yml
index 1af89b3..e49b038 100644
--- a/.github/workflows/build-gitea.yml
+++ b/.github/workflows/build-gitea.yml
@@ -13,7 +13,7 @@ on:
       - '.github/workflows/build-gitea.yml'
       - 'templates/gitea.yml'
   schedule:
-    - cron: '0 2 */1 * *'
+    - cron: '0 2 * * *'
 
 jobs:
   init:
diff --git a/.github/workflows/build-grafana.yml b/.github/workflows/build-grafana.yml
index 64c3493..366e82f 100644
--- a/.github/workflows/build-grafana.yml
+++ b/.github/workflows/build-grafana.yml
@@ -13,7 +13,7 @@ on:
       - '.github/workflows/build-grafana.yml'
       - 'templates/grafana.yml'
   schedule:
-    - cron: '0 2 */1 * *'
+    - cron: '0 2 * * *'
 
 jobs:
   init:
diff --git a/.github/workflows/build-nodered.yml b/.github/workflows/build-nodered.yml
index 6eb7399..03dd881 100644
--- a/.github/workflows/build-nodered.yml
+++ b/.github/workflows/build-nodered.yml
@@ -13,7 +13,7 @@ on:
       - '.github/workflows/build-nodered.yml'
       - 'templates/nodered.yml'
   schedule:
-    - cron: '0 2 */1 * *'
+    - cron: '0 2 * * *'
 
 jobs:
   init:

From 377625850097cad8b019a7ac682eff32035a7aa6 Mon Sep 17 00:00:00 2001
From: Soubinan <contact@soubinan.tk>
Date: Mon, 8 Jul 2024 20:42:01 +0000
Subject: [PATCH 23/37] add template: downloadarr, lidarr, prowlarr, radarr,
 readarr, sonarr, whisparr

---
 .github/workflows/build-downloadarr.yml |  49 ++++++++++
 .github/workflows/build-lidarr.yml      |  49 ++++++++++
 .github/workflows/build-prowlarr.yml    |  49 ++++++++++
 .github/workflows/build-radarr.yml      |  49 ++++++++++
 .github/workflows/build-readarr.yml     |  49 ++++++++++
 .github/workflows/build-sonarr.yml      |  49 ++++++++++
 .github/workflows/build-whisparr.yml    |  49 ++++++++++
 templates/downloadarr.yml               | 120 ++++++++++++++++++++++++
 templates/lidarr.yml                    |  49 ++++++++++
 templates/prowlarr.yml                  |  47 ++++++++++
 templates/radarr.yml                    |  84 +++++++++++++++++
 templates/readarr.yml                   |  47 ++++++++++
 templates/sonarr.yml                    |  84 +++++++++++++++++
 templates/whisparr.yml                  |  48 ++++++++++
 14 files changed, 822 insertions(+)
 create mode 100644 .github/workflows/build-downloadarr.yml
 create mode 100644 .github/workflows/build-lidarr.yml
 create mode 100644 .github/workflows/build-prowlarr.yml
 create mode 100644 .github/workflows/build-radarr.yml
 create mode 100644 .github/workflows/build-readarr.yml
 create mode 100644 .github/workflows/build-sonarr.yml
 create mode 100644 .github/workflows/build-whisparr.yml
 create mode 100644 templates/downloadarr.yml
 create mode 100644 templates/lidarr.yml
 create mode 100644 templates/prowlarr.yml
 create mode 100644 templates/radarr.yml
 create mode 100644 templates/readarr.yml
 create mode 100644 templates/sonarr.yml
 create mode 100644 templates/whisparr.yml

diff --git a/.github/workflows/build-downloadarr.yml b/.github/workflows/build-downloadarr.yml
new file mode 100644
index 0000000..2302a4b
--- /dev/null
+++ b/.github/workflows/build-downloadarr.yml
@@ -0,0 +1,49 @@
+name: Build DownloadARR LXC Image
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - closed
+    branches:
+      - main
+    paths:
+      - '.github/workflows/build-downloadarr.yml'
+      - 'templates/downloadarr.yml'
+  schedule:
+    - cron: '0 3 * * *'
+
+jobs:
+  init:
+    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get Application version
+        id: get-app-version
+        run: |
+          echo "APP_VERSION=$(date +%Y-%m)" >> $GITHUB_OUTPUT
+    outputs:
+      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
+
+  image-build:
+    needs: init
+    strategy:
+      matrix:
+        architectures:
+          - amd64
+    uses: ./.github/workflows/builder.yml
+    with:
+      config_path: templates/downloadarr.yml
+      app_name: downloadarr
+      app_version: ${{needs.init.outputs.app_version}}
+      description: Downloadarr is the collection of three tools (QBitTorrent, SabNZBd and FlareSolverr) for Usenet and BitTorrent users.
+      categories: Torrent, Usenet
+      project_source: https://wiki.servarr.com
+      distribution: debian
+      release: bookworm
+      architecture: ${{matrix.architectures}}
+      branch_name: ${{github.event.pull_request.base.ref}}
+      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
+    secrets: inherit
diff --git a/.github/workflows/build-lidarr.yml b/.github/workflows/build-lidarr.yml
new file mode 100644
index 0000000..dc547c7
--- /dev/null
+++ b/.github/workflows/build-lidarr.yml
@@ -0,0 +1,49 @@
+name: Build LidARR LXC Image
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - closed
+    branches:
+      - main
+    paths:
+      - '.github/workflows/build-lidarr.yml'
+      - 'templates/lidarr.yml'
+  schedule:
+    - cron: '0 3 * * *'
+
+jobs:
+  init:
+    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get Application version
+        id: get-app-version
+        run: |
+          echo "APP_VERSION=$(curl -s https://api.github.com/repos/Lidarr/Lidarr/releases/latest | jq -r '.tag_name' | sed -E 's/^v|V|.+@//')" >> $GITHUB_OUTPUT
+    outputs:
+      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
+
+  image-build:
+    needs: init
+    strategy:
+      matrix:
+        architectures:
+          - amd64
+    uses: ./.github/workflows/builder.yml
+    with:
+      config_path: templates/lidarr.yml
+      app_name: lidarr
+      app_version: ${{needs.init.outputs.app_version}}
+      description: Lidarr is a music collection manager for Usenet and BitTorrent users.
+      categories: Media management
+      project_source: https://wiki.servarr.com/lidarr
+      distribution: debian
+      release: bookworm
+      architecture: ${{matrix.architectures}}
+      branch_name: ${{github.event.pull_request.base.ref}}
+      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
+    secrets: inherit
diff --git a/.github/workflows/build-prowlarr.yml b/.github/workflows/build-prowlarr.yml
new file mode 100644
index 0000000..da6d9ff
--- /dev/null
+++ b/.github/workflows/build-prowlarr.yml
@@ -0,0 +1,49 @@
+name: Build ProwlARR LXC Image
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - closed
+    branches:
+      - main
+    paths:
+      - '.github/workflows/build-prowlarr.yml'
+      - 'templates/prowlarr.yml'
+  schedule:
+    - cron: '0 3 * * *'
+
+jobs:
+  init:
+    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get Application version
+        id: get-app-version
+        run: |
+          echo "APP_VERSION=$(curl -s https://api.github.com/repos/Prowlarr/Prowlarr/releases/latest | jq -r '.tag_name' | sed -E 's/^v|V|.+@//')" >> $GITHUB_OUTPUT
+    outputs:
+      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
+
+  image-build:
+    needs: init
+    strategy:
+      matrix:
+        architectures:
+          - amd64
+    uses: ./.github/workflows/builder.yml
+    with:
+      config_path: templates/prowlarr.yml
+      app_name: prowlarr
+      app_version: ${{needs.init.outputs.app_version}}
+      description: Prowlarr is an indexer manager/proxy built on the popular arr .net/reactjs base stack to integrate with your various PVR apps.
+      categories: Media management
+      project_source: https://wiki.servarr.com/prowlarr
+      distribution: debian
+      release: bookworm
+      architecture: ${{matrix.architectures}}
+      branch_name: ${{github.event.pull_request.base.ref}}
+      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
+    secrets: inherit
diff --git a/.github/workflows/build-radarr.yml b/.github/workflows/build-radarr.yml
new file mode 100644
index 0000000..6bfb9d3
--- /dev/null
+++ b/.github/workflows/build-radarr.yml
@@ -0,0 +1,49 @@
+name: Build RadARR LXC Image
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - closed
+    branches:
+      - main
+    paths:
+      - '.github/workflows/build-radarr.yml'
+      - 'templates/radarr.yml'
+  schedule:
+    - cron: '0 3 * * *'
+
+jobs:
+  init:
+    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get Application version
+        id: get-app-version
+        run: |
+          echo "APP_VERSION=$(curl -s https://api.github.com/repos/Radarr/Radarr/releases/latest | jq -r '.tag_name' | sed -E 's/^v|V|.+@//')" >> $GITHUB_OUTPUT
+    outputs:
+      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
+
+  image-build:
+    needs: init
+    strategy:
+      matrix:
+        architectures:
+          - amd64
+    uses: ./.github/workflows/builder.yml
+    with:
+      config_path: templates/radarr.yml
+      app_name: radarr
+      app_version: ${{needs.init.outputs.app_version}}
+      description: Radarr is a movie collection manager for Usenet and BitTorrent users.
+      categories: Media management
+      project_source: https://wiki.servarr.com/radarr
+      distribution: debian
+      release: bookworm
+      architecture: ${{matrix.architectures}}
+      branch_name: ${{github.event.pull_request.base.ref}}
+      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
+    secrets: inherit
diff --git a/.github/workflows/build-readarr.yml b/.github/workflows/build-readarr.yml
new file mode 100644
index 0000000..cacd1cf
--- /dev/null
+++ b/.github/workflows/build-readarr.yml
@@ -0,0 +1,49 @@
+name: Build ReadARR LXC Image
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - closed
+    branches:
+      - main
+    paths:
+      - '.github/workflows/build-readarr.yml'
+      - 'templates/readarr.yml'
+  schedule:
+    - cron: '0 3 * * *'
+
+jobs:
+  init:
+    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get Application version
+        id: get-app-version
+        run: |
+          echo "APP_VERSION=$(curl -s https://api.github.com/repos/Readarr/Readarr/releases/latest | jq -r '.tag_name' | sed -E 's/^v|V|.+@//')" >> $GITHUB_OUTPUT
+    outputs:
+      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
+
+  image-build:
+    needs: init
+    strategy:
+      matrix:
+        architectures:
+          - amd64
+    uses: ./.github/workflows/builder.yml
+    with:
+      config_path: templates/readarr.yml
+      app_name: readarr
+      app_version: ${{needs.init.outputs.app_version}}
+      description: Readarr is an eBook and audiobook collection manager for Usenet and BitTorrent users.
+      categories: Media management
+      project_source: https://wiki.servarr.com/readarr
+      distribution: debian
+      release: bookworm
+      architecture: ${{matrix.architectures}}
+      branch_name: ${{github.event.pull_request.base.ref}}
+      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
+    secrets: inherit
diff --git a/.github/workflows/build-sonarr.yml b/.github/workflows/build-sonarr.yml
new file mode 100644
index 0000000..e2ab999
--- /dev/null
+++ b/.github/workflows/build-sonarr.yml
@@ -0,0 +1,49 @@
+name: Build SonARR LXC Image
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - closed
+    branches:
+      - main
+    paths:
+      - '.github/workflows/build-sonarr.yml'
+      - 'templates/sonarr.yml'
+  schedule:
+    - cron: '0 2 * * *'
+
+jobs:
+  init:
+    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get Application version
+        id: get-app-version
+        run: |
+          echo "APP_VERSION=$(curl -s https://api.github.com/repos/Sonarr/Sonarr/releases/latest | jq -r '.tag_name' | sed -E 's/^v|V|.+@//')" >> $GITHUB_OUTPUT
+    outputs:
+      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
+
+  image-build:
+    needs: init
+    strategy:
+      matrix:
+        architectures:
+          - amd64
+    uses: ./.github/workflows/builder.yml
+    with:
+      config_path: templates/sonarr.yml
+      app_name: sonarr
+      app_version: ${{needs.init.outputs.app_version}}
+      description: Sonarr is a PVR for Usenet and BitTorrent users.
+      categories: Media management
+      project_source: https://wiki.servarr.com/sonarr
+      distribution: debian
+      release: bookworm
+      architecture: ${{matrix.architectures}}
+      branch_name: ${{github.event.pull_request.base.ref}}
+      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
+    secrets: inherit
diff --git a/.github/workflows/build-whisparr.yml b/.github/workflows/build-whisparr.yml
new file mode 100644
index 0000000..a524dc3
--- /dev/null
+++ b/.github/workflows/build-whisparr.yml
@@ -0,0 +1,49 @@
+name: Build WhispARR LXC Image
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - closed
+    branches:
+      - main
+    paths:
+      - '.github/workflows/build-whisparr.yml'
+      - 'templates/whisparr.yml'
+  schedule:
+    - cron: '0 2 * * *'
+
+jobs:
+  init:
+    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get Application version
+        id: get-app-version
+        run: |
+          echo "APP_VERSION=$(curl -s https://api.github.com/repos/Whisparr/Whisparr/releases/latest | jq -r '.tag_name' | sed -E 's/^v|V|.+@//')" >> $GITHUB_OUTPUT
+    outputs:
+      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
+
+  image-build:
+    needs: init
+    strategy:
+      matrix:
+        architectures:
+          - amd64
+    uses: ./.github/workflows/builder.yml
+    with:
+      config_path: templates/whisparr.yml
+      app_name: whisparr
+      app_version: ${{needs.init.outputs.app_version}}
+      description: Whisparr is an adult video collection manager for Usenet and BitTorrent users.
+      categories: Media management
+      project_source: https://wiki.servarr.com/whisparr
+      distribution: debian
+      release: bookworm
+      architecture: ${{matrix.architectures}}
+      branch_name: ${{github.event.pull_request.base.ref}}
+      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
+    secrets: inherit
diff --git a/templates/downloadarr.yml b/templates/downloadarr.yml
new file mode 100644
index 0000000..1de922c
--- /dev/null
+++ b/templates/downloadarr.yml
@@ -0,0 +1,120 @@
+files:
+- path: /etc/systemd/system/flaresolverr.service
+  generator: dump
+  mode: '0440'
+  content: |-
+    [Unit]
+    Description=FlareSolverr Daemon
+    After=syslog.target network.target
+    [Service]
+    User=flaresolverr
+    Group=media
+    Type=simple
+    ExecStart=/opt/FlareSolverr/venv/bin/python -u /opt/FlareSolverr/src/flaresolverr.py
+    TimeoutStopSec=20
+    KillMode=process
+    Restart=on-failure
+    [Install]
+    WantedBy=multi-user.target
+
+- path: /etc/systemd/system/qbittorrent.service
+  generator: dump
+  mode: '0440'
+  content: |-
+    [Unit]
+    Description=QBitTorrent Daemon
+    After=syslog.target network.target
+    [Service]
+    User=qbittorrent
+    Group=media
+    Type=simple
+    ExecStart=/usr/bin/qbittorrent-nox --first-and-last --skip-dialog=true
+    TimeoutStopSec=20
+    KillMode=process
+    Restart=on-failure
+    [Install]
+    WantedBy=multi-user.target
+
+- path: /etc/systemd/system/sabnzbdplus.service
+  generator: dump
+  mode: '0440'
+  content: |-
+    [Unit]
+    Description=SABnzbdplus Daemon
+    After=syslog.target network.target
+    [Service]
+    User=sabnzbdplus
+    Group=media
+    Type=simple
+    ExecStart=/usr/bin/sabnzbdplus -s 0.0.0.0:8081
+    TimeoutStopSec=20
+    KillMode=process
+    Restart=on-failure
+    [Install]
+    WantedBy=multi-user.target
+
+packages:
+- git
+- sqlite3
+- python3-pip
+- python3-venv
+- python3-distutils
+- python3-dev
+- equivs
+- 7zip
+- unrar-free
+- unzip
+- qbittorrent-nox
+- sabnzbdplus
+
+actions:
+- trigger: post-files
+  pongo: true
+  action: |-
+    #!/bin/bash
+    set -eux
+
+    export ARCH={{ image.architecture }}
+    if [[ "$ARCH" == "amd64" ]];then export ARCH="x64"; fi
+
+    mkdir /downloads
+    groupadd media
+    chown -R :media /downloads
+
+    cd /opt
+
+    mkdir -p /tmp/{libgl1-mesa-dri,adwaita-icon-theme} /pkgs 
+    cd /tmp/libgl1-mesa-dri
+    equivs-control libgl1-mesa-dri
+    printf 'Section: misc\nPriority: optional\nStandards-Version: 3.9.2\nPackage: libgl1-mesa-dri\nVersion: 99.0.0\nDescription: Dummy package for libgl1-mesa-dri\n' >> libgl1-mesa-dri
+    equivs-build libgl1-mesa-dri
+    mv libgl1-mesa-dri_*.deb /pkgs/libgl1-mesa-dri.deb
+    cd /tmp/adwaita-icon-theme
+    equivs-control adwaita-icon-theme
+    printf 'Section: misc\nPriority: optional\nStandards-Version: 3.9.2\nPackage: adwaita-icon-theme\nVersion: 99.0.0\nDescription: Dummy package for adwaita-icon-theme\n' >> adwaita-icon-theme
+    equivs-build adwaita-icon-theme
+    mv adwaita-icon-theme_*.deb /pkgs/adwaita-icon-theme.deb
+    dpkg -i /pkgs/libgl1-mesa-dri.deb
+    dpkg -i /pkgs/adwaita-icon-theme.deb
+    apt install -y --no-install-recommends chromium chromium-common chromium-driver xvfb dumb-init procps curl vim xauth
+    useradd --home-dir /opt/FlareSolverr --shell /bin/sh flaresolverr
+    usermod -aG media flaresolverr
+    git clone -b master --depth 1 https://github.com/FlareSolverr/FlareSolverr.git /opt/FlareSolverr
+    cd /opt/FlareSolverr
+    python3 -m venv venv
+    /opt/FlareSolverr/venv/bin/python -m pip install -r requirements.txt
+    mv /usr/bin/chromedriver /opt/FlareSolverr/chromedriver
+    mkdir -p "/opt/FlareSolverr/.config/chromium/Crash Reports/pending"
+    chown -R flaresolverr:flaresolverr /opt/FlareSolverr
+    systemctl enable flaresolverr.service
+    rm -f /usr/lib/x86_64-linux-gnu/libmfxhw*
+    rm -f /usr/lib/x86_64-linux-gnu/mfx/*
+    rm -rf /pkgs
+
+    useradd -m --home-dir /opt/qbittorrent qbittorrent
+    usermod -aG media qbittorrent
+    systemctl enable qbittorrent.service
+
+    useradd -m --home-dir /opt/sabnzbdplus sabnzbdplus
+    usermod -aG media sabnzbdplus
+    systemctl enable sabnzbdplus.service
diff --git a/templates/lidarr.yml b/templates/lidarr.yml
new file mode 100644
index 0000000..662594f
--- /dev/null
+++ b/templates/lidarr.yml
@@ -0,0 +1,49 @@
+files:
+- path: /etc/systemd/system/lidarr.service
+  generator: dump
+  mode: '0440'
+  content: |-
+    [Unit]
+    Description=Lidarr Daemon
+    After=syslog.target network.target
+    [Service]
+    User=lidarr
+    Group=media
+    Type=simple
+    ExecStart=/opt/Lidarr/Lidarr -nobrowser -data=/var/lib/lidarr/
+    TimeoutStopSec=20
+    KillMode=process
+    Restart=on-failure
+    [Install]
+    WantedBy=multi-user.target
+
+packages:
+- git
+- sqlite3
+- mediainfo
+- libchromaprint-tools
+
+actions:
+- trigger: post-files
+  pongo: true
+  action: |-
+    #!/bin/bash
+    set -eux
+
+    export ARCH={{ image.architecture }}
+    if [[ "$ARCH" == "amd64" ]];then export ARCH="x64"; fi
+
+    mkdir /downloads
+    groupadd media
+    chown -R :media /downloads
+
+    cd /opt
+
+    useradd lidarr
+    usermod -aG media lidarr
+    mkdir -p /var/lib/lidarr
+    chown lidarr:lidarr -R /var/lib/lidarr
+    wget --content-disposition "http://lidarr.servarr.com/v1/update/nightly/updatefile?os=linux&runtime=netcore&arch=${ARCH}" -O Lidarr.linux.tar.gz
+    tar -xvzf Lidarr*.linux*.tar.gz
+    chown lidarr:lidarr -R /opt/Lidarr
+    systemctl enable lidarr.service
diff --git a/templates/prowlarr.yml b/templates/prowlarr.yml
new file mode 100644
index 0000000..598d89d
--- /dev/null
+++ b/templates/prowlarr.yml
@@ -0,0 +1,47 @@
+files:
+- path: /etc/systemd/system/prowlarr.service
+  generator: dump
+  mode: '0440'
+  content: |-
+    [Unit]
+    Description=Prowlarr Daemon
+    After=syslog.target network.target
+    [Service]
+    User=prowlarr
+    Group=media
+    Type=simple
+    ExecStart=/opt/Prowlarr/Prowlarr -nobrowser -data=/var/lib/prowlarr/
+    TimeoutStopSec=20
+    KillMode=process
+    Restart=on-failure
+    [Install]
+    WantedBy=multi-user.target
+
+packages:
+- git
+- sqlite3
+
+actions:
+- trigger: post-files
+  pongo: true
+  action: |-
+    #!/bin/bash
+    set -eux
+
+    export ARCH={{ image.architecture }}
+    if [[ "$ARCH" == "amd64" ]];then export ARCH="x64"; fi
+
+    mkdir /downloads
+    groupadd media
+    chown -R :media /downloads
+
+    cd /opt
+
+    useradd prowlarr
+    usermod -aG media prowlarr
+    mkdir -p /var/lib/prowlarr
+    chown prowlarr:prowlarr -R /var/lib/prowlarr
+    wget --content-disposition "http://prowlarr.servarr.com/v1/update/nightly/updatefile?os=linux&runtime=netcore&arch=${ARCH}" -O Prowlarr.linux.tar.gz
+    tar -xvzf Prowlarr*.linux*.tar.gz
+    chown prowlarr:prowlarr -R /opt/Prowlarr
+    systemctl enable prowlarr.service
diff --git a/templates/radarr.yml b/templates/radarr.yml
new file mode 100644
index 0000000..d5c3523
--- /dev/null
+++ b/templates/radarr.yml
@@ -0,0 +1,84 @@
+files:
+- path: /etc/systemd/system/radarr.service
+  generator: dump
+  mode: '0440'
+  content: |-
+    [Unit]
+    Description=Radarr Daemon
+    After=syslog.target network.target
+    [Service]
+    User=radarr
+    Group=media
+    Type=simple
+    ExecStart=/opt/Radarr/Radarr -nobrowser -data=/var/lib/radarr/
+    TimeoutStopSec=20
+    KillMode=process
+    Restart=on-failure
+    [Install]
+    WantedBy=multi-user.target
+
+- path: /etc/systemd/system/bazarr.service
+  generator: dump
+  mode: '0440'
+  content: |-
+    [Unit]
+    Description=Bazarr Daemon
+    After=syslog.target network.target
+    [Service]
+    User=bazarr
+    Group=media
+    Type=simple
+    ExecStart=/opt/bazarr/venv/bin/python -u /opt/bazarr/bazarr.py
+    TimeoutStopSec=20
+    KillMode=process
+    Restart=on-failure
+    [Install]
+    WantedBy=multi-user.target
+
+packages:
+- git
+- sqlite3
+- python3-pip
+- python3-venv
+- python3-distutils
+- python3-dev
+- 7zip
+- unrar-free
+- unzip
+
+actions:
+- trigger: post-files
+  pongo: true
+  action: |-
+    #!/bin/bash
+    set -eux
+
+    export ARCH={{ image.architecture }}
+    if [[ "$ARCH" == "amd64" ]];then export ARCH="x64"; fi
+
+    mkdir /downloads
+    groupadd media
+    chown -R :media /downloads
+
+    cd /opt
+
+    useradd radarr
+    usermod -aG media radarr
+    mkdir -p /var/lib/radarr
+    chown radarr:radarr -R /var/lib/radarr
+    wget --content-disposition "http://radarr.servarr.com/v1/update/nightly/updatefile?os=linux&runtime=netcore&arch=${ARCH}" -O Radarr.linux.tar.gz
+    tar -xvzf Radarr*.linux*.tar.gz
+    chown radarr:radarr -R /opt/Radarr
+    systemctl enable radarr.service
+
+    mkdir /opt/bazarr
+    useradd --home-dir /opt/bazarr --shell /bin/sh bazarr
+    usermod -aG media bazarr
+    wget https://github.com/morpheus65535/bazarr/releases/latest/download/bazarr.zip -O /opt/bazarr.zip
+    unzip /opt/bazarr.zip -d /opt/bazarr
+    cd /opt/bazarr
+    python3 -m venv venv
+    /opt/bazarr/venv/bin/python -m pip install -r requirements.txt
+    chown -R bazarr:bazarr /opt/bazarr
+    systemctl enable bazarr.service
+    rm -rf /opt/*.zip
diff --git a/templates/readarr.yml b/templates/readarr.yml
new file mode 100644
index 0000000..5e2efab
--- /dev/null
+++ b/templates/readarr.yml
@@ -0,0 +1,47 @@
+files:
+- path: /etc/systemd/system/readarr.service
+  generator: dump
+  mode: '0440'
+  content: |-
+    [Unit]
+    Description=Readarr Daemon
+    After=syslog.target network.target
+    [Service]
+    User=readarr
+    Group=media
+    Type=simple
+    ExecStart=/opt/Readarr/Readarr -nobrowser -data=/var/lib/readarr/
+    TimeoutStopSec=20
+    KillMode=process
+    Restart=on-failure
+    [Install]
+    WantedBy=multi-user.target
+
+packages:
+- git
+- sqlite3
+
+actions:
+- trigger: post-files
+  pongo: true
+  action: |-
+    #!/bin/bash
+    set -eux
+
+    export ARCH={{ image.architecture }}
+    if [[ "$ARCH" == "amd64" ]];then export ARCH="x64"; fi
+
+    mkdir /downloads
+    groupadd media
+    chown -R :media /downloads
+
+    cd /opt
+
+    useradd readarr
+    usermod -aG media readarr
+    mkdir -p /var/lib/readarr
+    chown readarr:readarr -R /var/lib/readarr
+    wget --content-disposition "http://readarr.servarr.com/v1/update/nightly/updatefile?os=linux&runtime=netcore&arch=${ARCH}" -O Readarr.linux.tar.gz
+    tar -xvzf Readarr*.linux*.tar.gz
+    chown readarr:readarr -R /opt/Readarr
+    systemctl enable readarr.service
diff --git a/templates/sonarr.yml b/templates/sonarr.yml
new file mode 100644
index 0000000..3364a0c
--- /dev/null
+++ b/templates/sonarr.yml
@@ -0,0 +1,84 @@
+files:
+- path: /etc/systemd/system/sonarr.service
+  generator: dump
+  mode: '0440'
+  content: |-
+    [Unit]
+    Description=Sonarr Daemon
+    After=syslog.target network.target
+    [Service]
+    User=sonarr
+    Group=media
+    Type=simple
+    ExecStart=/opt/Sonarr/Sonarr -nobrowser -data=/var/lib/sonarr/
+    TimeoutStopSec=20
+    KillMode=process
+    Restart=on-failure
+    [Install]
+    WantedBy=multi-user.target
+
+- path: /etc/systemd/system/bazarr.service
+  generator: dump
+  mode: '0440'
+  content: |-
+    [Unit]
+    Description=Bazarr Daemon
+    After=syslog.target network.target
+    [Service]
+    User=bazarr
+    Group=media
+    Type=simple
+    ExecStart=/opt/bazarr/venv/bin/python -u /opt/bazarr/bazarr.py
+    TimeoutStopSec=20
+    KillMode=process
+    Restart=on-failure
+    [Install]
+    WantedBy=multi-user.target
+
+packages:
+- git
+- sqlite3
+- python3-pip
+- python3-venv
+- python3-distutils
+- python3-dev
+- 7zip
+- unrar-free
+- unzip
+
+actions:
+- trigger: post-files
+  pongo: true
+  action: |-
+    #!/bin/bash
+    set -eux
+
+    export ARCH={{ image.architecture }}
+    if [[ "$ARCH" == "amd64" ]];then export ARCH="x64"; fi
+
+    mkdir /downloads
+    groupadd media
+    chown -R :media /downloads
+
+    cd /opt
+
+    useradd sonarr
+    usermod -aG media sonarr
+    mkdir -p /var/lib/sonarr
+    chown sonarr:sonarr -R /var/lib/sonarr
+    wget --content-disposition "https://services.sonarr.tv/v1/download/main/latest?version=4&os=linux&arch=${ARCH}" -O Sonarr.linux.tar.gz
+    tar -xvzf Sonarr*.linux*.tar.gz
+    chown sonarr:sonarr -R /opt/Sonarr
+    systemctl enable sonarr.service
+
+    mkdir /opt/bazarr
+    useradd --home-dir /opt/bazarr --shell /bin/sh bazarr
+    usermod -aG media bazarr
+    wget https://github.com/morpheus65535/bazarr/releases/latest/download/bazarr.zip -O /opt/bazarr.zip
+    unzip /opt/bazarr.zip -d /opt/bazarr
+    cd /opt/bazarr
+    python3 -m venv venv
+    /opt/bazarr/venv/bin/python -m pip install -r requirements.txt
+    chown -R bazarr:bazarr /opt/bazarr
+    systemctl enable bazarr.service
+    rm -rf /opt/*.zip
diff --git a/templates/whisparr.yml b/templates/whisparr.yml
new file mode 100644
index 0000000..b93e3b3
--- /dev/null
+++ b/templates/whisparr.yml
@@ -0,0 +1,48 @@
+files:
+- path: /etc/systemd/system/whisparr.service
+  generator: dump
+  mode: '0440'
+  content: |-
+    [Unit]
+    Description=Whisparr Daemon
+    After=syslog.target network.target
+    [Service]
+    User=whisparr
+    Group=media
+    Type=simple
+    ExecStart=/opt/Whisparr/Whisparr -nobrowser -data=/var/lib/whisparr/
+    TimeoutStopSec=20
+    KillMode=process
+    Restart=on-failure
+    [Install]
+    WantedBy=multi-user.target
+
+packages:
+- git
+- sqlite3
+
+actions:
+- trigger: post-files
+  pongo: true
+  action: |-
+    #!/bin/bash
+    set -eux
+
+    export ARCH={{ image.architecture }}
+    if [[ "$ARCH" == "amd64" ]];then export ARCH="x64"; fi
+
+    mkdir /downloads
+    groupadd media
+    chown -R :media /downloads
+
+    cd /opt
+
+    useradd whisparr
+    usermod -aG media whisparr
+    mkdir -p /var/lib/whisparr
+    chown whisparr:whisparr -R /var/lib/whisparr
+    wget --content-disposition "http://whisparr.servarr.com/v1/update/nightly/updatefile?os=linux&runtime=netcore&arch=${ARCH}" -O Whisparr.linux.tar.gz
+    tar -xvzf Whisparr*.linux*.tar.gz
+    chown whisparr:whisparr -R /opt/Whisparr
+    systemctl enable whisparr.service
+    rm -rf *.tar.gz

From b2d6b1008c2b400a2104a97bac8bc592f157a181 Mon Sep 17 00:00:00 2001
From: Soubinan <contact@soubinan.tk>
Date: Mon, 8 Jul 2024 20:43:10 +0000
Subject: [PATCH 24/37] update template builder: omada

---
 .github/workflows/build-omada.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build-omada.yml b/.github/workflows/build-omada.yml
index cc5492f..7af25fc 100644
--- a/.github/workflows/build-omada.yml
+++ b/.github/workflows/build-omada.yml
@@ -44,7 +44,7 @@ jobs:
       categories: SDN, Networks
       project_source: https://www.tp-link.com/en/support/download/omada-software-controller
       distribution: debian
-      release: bookworm
+      release: buster
       architecture: ${{matrix.architectures}}
       branch_name: ${{github.event.pull_request.base.ref}}
       is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}

From c754663baa44cdd546e77c9073d0d73c1072fb0b Mon Sep 17 00:00:00 2001
From: Soubinan <contact@soubinan.tk>
Date: Mon, 8 Jul 2024 21:02:46 +0000
Subject: [PATCH 25/37] update template: omada

---
 templates/omada.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/templates/omada.yml b/templates/omada.yml
index e640578..8adb628 100644
--- a/templates/omada.yml
+++ b/templates/omada.yml
@@ -26,7 +26,6 @@ files:
 
 packages:
 - jsvc
-- gnupg
 - nvidia-openjdk-8-jre
 - libssl-dev
 
@@ -44,3 +43,5 @@ actions:
 
     wget -qL $(curl -fsSL "https://www.tp-link.com/en/support/download/omada-software-controller/"|grep -io "https.*Omada_SDN_Controller.*linux_x64.deb"|head -n1)
     apt install -fy ./*Omada_SDN_Controller*.deb
+
+    systemctl enable mongod.service

From bd213730828df6a52c90a9aacae4a2b26a12c198 Mon Sep 17 00:00:00 2001
From: Soubinan <contact@soubinan.tk>
Date: Thu, 18 Jul 2024 13:44:50 +0000
Subject: [PATCH 26/37] update template: kestra for better build resilliency

---
 templates/kestra.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/kestra.yml b/templates/kestra.yml
index 4bc7287..a3c476d 100644
--- a/templates/kestra.yml
+++ b/templates/kestra.yml
@@ -53,6 +53,6 @@ actions:
     curl -sL https://raw.githubusercontent.com/kestra-io/kestra/develop/.plugins | grep io.kestra | sed s,#,,g > ./plugins-list
 
     mv /tmp/kestra* ./kestra && chmod +x ./kestra
-    for i in $(cat ./plugins-list); do ./kestra plugins install $i; done
+    for i in $(cat ./plugins-list); do echo "Install: $i" && ./kestra plugins install $i && echo "Done" || echo "Failed"; done
 
     systemctl enable kestra.service

From 4556feaac798d8e7409a825865b176ccec19747e Mon Sep 17 00:00:00 2001
From: Soubinan <contact@soubinan.tk>
Date: Wed, 23 Oct 2024 05:33:52 +0000
Subject: [PATCH 27/37] Simplify templating - try 1

---
 .devcontainer/Dockerfile                |   5 +-
 .devcontainer/devcontainer.json         |   2 +-
 renovate.json => .github/renovate.json  |   0
 .github/workflows/build-adguard.yml     |  49 --
 .github/workflows/build-apisix.yml      |  49 --
 .github/workflows/build-bunkerweb.yml   |  49 --
 .github/workflows/build-codeserver.yml  |  49 --
 .github/workflows/build-downloadarr.yml |  49 --
 .github/workflows/build-gitea.yml       |  49 --
 .github/workflows/build-grafana.yml     |  49 --
 .github/workflows/build-homarr.yml      |  49 --
 .github/workflows/build-infisical.yml   |  50 --
 .github/workflows/build-ittools.yml     |  49 --
 .github/workflows/build-jellyfin.yml    |  49 --
 .github/workflows/build-jellyseerr.yml  |  49 --
 .github/workflows/build-jenkins.yml     |  49 --
 .github/workflows/build-jupyterlab.yml  |  49 --
 .github/workflows/build-kestra.yml      |  49 --
 .github/workflows/build-keycloak.yml    |  49 --
 .github/workflows/build-lidarr.yml      |  49 --
 .github/workflows/build-matomo.yml      |  49 --
 .github/workflows/build-n8n.yml         |  49 --
 .github/workflows/build-nextcloud.yml   |  49 --
 .github/workflows/build-nodered.yml     |  49 --
 .github/workflows/build-omada.yml       |  51 --
 .github/workflows/build-prowlarr.yml    |  49 --
 .github/workflows/build-radarr.yml      |  49 --
 .github/workflows/build-readarr.yml     |  49 --
 .github/workflows/build-servarr.yml     |  49 --
 .github/workflows/build-sonarr.yml      |  49 --
 .github/workflows/build-tester.yml      |  24 +-
 .github/workflows/build-vault.yml       |  49 --
 .github/workflows/build-whisparr.yml    |  49 --
 .github/workflows/build-zitadel.yml     |  49 --
 .github/workflows/builder.yml           | 118 ++--
 .github/workflows/trigger.yml           |  45 ++
 .gitignore                              |   4 +-
 README.md                               |  71 ++-
 templates/__debian_base.k => __layout.k | 213 +++++--
 templates/adguard.yml                   |  29 +-
 templates/apisix.yml                    | 813 ++++++++++++------------
 templates/bunkerweb.yml                 |  75 ++-
 templates/code-server.yml               |  93 +--
 templates/debian-test.yml               |  19 +-
 templates/downloadarr.yml               | 231 +++----
 templates/gitea.yml                     | 105 +--
 templates/grafana.yml                   |  37 +-
 templates/homarr.yml                    | 641 ++++++++++---------
 templates/infisical.yml                 | 569 +++++++----------
 templates/ittools.yml                   | 171 ++---
 templates/jellyfin.yml                  | 110 +---
 templates/jellyseerr.yml                | 402 +++---------
 templates/jenkins.yml                   | 149 +++--
 templates/jupyterlab.yml                |  91 +--
 templates/kestra.yml                    | 100 +--
 templates/keycloak.yml                  | 209 +++---
 templates/lidarr.yml                    |  97 +--
 templates/matomo.yml                    | 225 +++----
 templates/n8n.yml                       | 159 ++---
 templates/nextcloud.yml                 | 327 +++++-----
 templates/nodered.yml                   | 139 ++--
 templates/omada.yml                     | 103 +--
 templates/prowlarr.yml                  |  93 +--
 templates/radarr.yml                    | 163 ++---
 templates/readarr.yml                   |  93 +--
 templates/servarr.yml                   | 583 ++++++++---------
 templates/sonarr.yml                    | 163 ++---
 templates/vault.yml                     | 123 ++--
 templates/whisparr.yml                  |  95 +--
 templates/zitadel.yml                   | 276 +++-----
 70 files changed, 3478 insertions(+), 4960 deletions(-)
 rename renovate.json => .github/renovate.json (100%)
 delete mode 100644 .github/workflows/build-adguard.yml
 delete mode 100644 .github/workflows/build-apisix.yml
 delete mode 100644 .github/workflows/build-bunkerweb.yml
 delete mode 100644 .github/workflows/build-codeserver.yml
 delete mode 100644 .github/workflows/build-downloadarr.yml
 delete mode 100644 .github/workflows/build-gitea.yml
 delete mode 100644 .github/workflows/build-grafana.yml
 delete mode 100644 .github/workflows/build-homarr.yml
 delete mode 100644 .github/workflows/build-infisical.yml
 delete mode 100644 .github/workflows/build-ittools.yml
 delete mode 100644 .github/workflows/build-jellyfin.yml
 delete mode 100644 .github/workflows/build-jellyseerr.yml
 delete mode 100644 .github/workflows/build-jenkins.yml
 delete mode 100644 .github/workflows/build-jupyterlab.yml
 delete mode 100644 .github/workflows/build-kestra.yml
 delete mode 100644 .github/workflows/build-keycloak.yml
 delete mode 100644 .github/workflows/build-lidarr.yml
 delete mode 100644 .github/workflows/build-matomo.yml
 delete mode 100644 .github/workflows/build-n8n.yml
 delete mode 100644 .github/workflows/build-nextcloud.yml
 delete mode 100644 .github/workflows/build-nodered.yml
 delete mode 100644 .github/workflows/build-omada.yml
 delete mode 100644 .github/workflows/build-prowlarr.yml
 delete mode 100644 .github/workflows/build-radarr.yml
 delete mode 100644 .github/workflows/build-readarr.yml
 delete mode 100644 .github/workflows/build-servarr.yml
 delete mode 100644 .github/workflows/build-sonarr.yml
 delete mode 100644 .github/workflows/build-vault.yml
 delete mode 100644 .github/workflows/build-whisparr.yml
 delete mode 100644 .github/workflows/build-zitadel.yml
 create mode 100644 .github/workflows/trigger.yml
 rename templates/__debian_base.k => __layout.k (94%)

diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
index edf5db3..fea2455 100644
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -3,13 +3,16 @@ FROM ubuntu:latest
 RUN apt-get update && apt-get upgrade -y && \
     apt-get install -y \
         build-essential \
+        gnupg2 \
         debootstrap \
+        squashfs-tools \
+        make \
+        rsync \
         curl \
         wget \
         git \
         vim \
         unzip \
-        squashfs-tools \
     && apt-get clean all \
     && rm -rf /var/lib/apt/lists/*
 
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index 5fa458c..a5ce59b 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -8,7 +8,7 @@
   "remoteUser": "root",
   "workspaceMount": "source=${localWorkspaceFolder},target=/workspaces/homelab-lxc,type=bind,consistency=cached,Z=true",
   "workspaceFolder": "/workspaces/homelab-lxc",
-  "initializeCommand":{
+  "initializeCommand": {
     "clean_kcl": "rm -rf ${localWorkspaceFolder}/.kclvm",
     "clean_partial": "rm -f ${localWorkspaceFolder}/_lxc-partial.yml",
     "clean_template": "rm -f ${localWorkspaceFolder}/_lxc-template.yml",
diff --git a/renovate.json b/.github/renovate.json
similarity index 100%
rename from renovate.json
rename to .github/renovate.json
diff --git a/.github/workflows/build-adguard.yml b/.github/workflows/build-adguard.yml
deleted file mode 100644
index 95a3032..0000000
--- a/.github/workflows/build-adguard.yml
+++ /dev/null
@@ -1,49 +0,0 @@
-name: Build AdGuard LXC Image
-
-on:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - closed
-    branches:
-      - main
-    paths:
-      - '.github/workflows/build-adguard.yml'
-      - 'templates/adguard.yml'
-  schedule:
-    - cron: '0 2 * * *'
-
-jobs:
-  init:
-    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
-    runs-on: ubuntu-latest
-    steps:
-      - name: Get Application version
-        id: get-app-version
-        run: |
-          echo "APP_VERSION=$(curl -s https://github.com/AdguardTeam/AdGuardHome/releases/latest | jq -r '.tag_name' | sed -E 's/.*v|.*V|.+@//')" >> $GITHUB_OUTPUT
-    outputs:
-      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
-
-  image-build:
-    needs: init
-    strategy:
-      matrix:
-        architectures:
-          - amd64
-    uses: ./.github/workflows/builder.yml
-    with:
-      config_path: templates/adguard.yml
-      app_name: adguard
-      app_version: ${{needs.init.outputs.app_version}}
-      description: Network-wide ads & trackers blocking DNS server
-      categories: DNS, Privacy
-      project_source: https://github.com/AdguardTeam/AdGuardHome
-      distribution: debian
-      release: bookworm
-      architecture: ${{matrix.architectures}}
-      branch_name: ${{github.event.pull_request.base.ref}}
-      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
-    secrets: inherit
diff --git a/.github/workflows/build-apisix.yml b/.github/workflows/build-apisix.yml
deleted file mode 100644
index fb968bf..0000000
--- a/.github/workflows/build-apisix.yml
+++ /dev/null
@@ -1,49 +0,0 @@
-name: Build APISIX LXC Image
-
-on:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - closed
-    branches:
-      - main
-    paths:
-      - '.github/workflows/build-apisix.yml'
-      - 'templates/apisix.yml'
-  schedule:
-    - cron: '0 2 * * *'
-
-jobs:
-  init:
-    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
-    runs-on: ubuntu-latest
-    steps:
-      - name: Get Application version
-        id: get-app-version
-        run: |
-          echo "APP_VERSION=$(curl -s https://api.github.com/repos/apache/apisix/releases/latest | jq -r '.tag_name' | sed -E 's/^v|V|.+@//')" >> $GITHUB_OUTPUT
-    outputs:
-      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
-
-  image-build:
-    needs: init
-    strategy:
-      matrix:
-        architectures:
-          - amd64
-    uses: ./.github/workflows/builder.yml
-    with:
-      config_path: templates/apisix.yml
-      app_name: apisix
-      app_version: ${{needs.init.outputs.app_version}}
-      description: Full Lifecycle API Management platform to help you manage microservices, delivering the ultimate performance and security.
-      categories: Loadbalancer, API Gateway, Reverse Proxy
-      project_source: https://github.com/apache/apisix
-      distribution: debian
-      release: bullseye
-      architecture: ${{matrix.architectures}}
-      branch_name: ${{github.event.pull_request.base.ref}}
-      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
-    secrets: inherit
diff --git a/.github/workflows/build-bunkerweb.yml b/.github/workflows/build-bunkerweb.yml
deleted file mode 100644
index 32ec0b9..0000000
--- a/.github/workflows/build-bunkerweb.yml
+++ /dev/null
@@ -1,49 +0,0 @@
-name: Build BunkerWeb LXC Image
-
-on:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - closed
-    branches:
-      - main
-    paths:
-      - '.github/workflows/build-bunkerweb.yml'
-      - 'templates/bunkerweb.yml'
-  schedule:
-    - cron: '0 2 * * *'
-
-jobs:
-  init:
-    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
-    runs-on: ubuntu-latest
-    steps:
-      - name: Get Application version
-        id: get-app-version
-        run: |
-          echo "APP_VERSION=$(curl -s https://github.com/bunkerity/bunkerweb/releases/latest | jq -r '.tag_name' | sed -E 's/.*v|.*V|.+@//')" >> $GITHUB_OUTPUT
-    outputs:
-      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
-
-  image-build:
-    needs: init
-    strategy:
-      matrix:
-        architectures:
-          - amd64
-    uses: ./.github/workflows/builder.yml
-    with:
-      config_path: templates/bunkerweb.yml
-      app_name: bunkerweb
-      app_version: ${{needs.init.outputs.app_version}}
-      description: BunkerWeb is a next-generation and open-source Web Application Firewall (WAF).
-      categories: WAF, Security
-      project_source: https://github.com/bunkerity/bunkerweb
-      distribution: debian
-      release: bookworm
-      architecture: ${{matrix.architectures}}
-      branch_name: ${{github.event.pull_request.base.ref}}
-      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
-    secrets: inherit
diff --git a/.github/workflows/build-codeserver.yml b/.github/workflows/build-codeserver.yml
deleted file mode 100644
index 8661b01..0000000
--- a/.github/workflows/build-codeserver.yml
+++ /dev/null
@@ -1,49 +0,0 @@
-name: Build Code-Server LXC Image
-
-on:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - closed
-    branches:
-      - main
-    paths:
-      - '.github/workflows/build-codeserver.yml'
-      - 'templates/code-server.yml'
-  schedule:
-    - cron: '0 2 * * *'
-
-jobs:
-  init:
-    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
-    runs-on: ubuntu-latest
-    steps:
-      - name: Get Application version
-        id: get-app-version
-        run: |
-          echo "APP_VERSION=$(curl -s https://api.github.com/repos/coder/code-server/releases/latest | jq -r '.tag_name' | sed -E 's/^v|V|.+@//')" >> $GITHUB_OUTPUT
-    outputs:
-      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
-
-  image-build:
-    needs: init
-    strategy:
-      matrix:
-        architectures:
-          - amd64
-    uses: ./.github/workflows/builder.yml
-    with:
-      config_path: templates/code-server.yml
-      app_name: code-server
-      app_version: ${{needs.init.outputs.app_version}}
-      description: Coder is an open source cloud development environment (CDE), based on VS Code.
-      categories: IDE, Dev
-      project_source: https://github.com/coder/code-server
-      distribution: debian
-      release: bookworm
-      architecture: ${{matrix.architectures}}
-      branch_name: ${{github.event.pull_request.base.ref}}
-      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
-    secrets: inherit
diff --git a/.github/workflows/build-downloadarr.yml b/.github/workflows/build-downloadarr.yml
deleted file mode 100644
index 2302a4b..0000000
--- a/.github/workflows/build-downloadarr.yml
+++ /dev/null
@@ -1,49 +0,0 @@
-name: Build DownloadARR LXC Image
-
-on:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - closed
-    branches:
-      - main
-    paths:
-      - '.github/workflows/build-downloadarr.yml'
-      - 'templates/downloadarr.yml'
-  schedule:
-    - cron: '0 3 * * *'
-
-jobs:
-  init:
-    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
-    runs-on: ubuntu-latest
-    steps:
-      - name: Get Application version
-        id: get-app-version
-        run: |
-          echo "APP_VERSION=$(date +%Y-%m)" >> $GITHUB_OUTPUT
-    outputs:
-      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
-
-  image-build:
-    needs: init
-    strategy:
-      matrix:
-        architectures:
-          - amd64
-    uses: ./.github/workflows/builder.yml
-    with:
-      config_path: templates/downloadarr.yml
-      app_name: downloadarr
-      app_version: ${{needs.init.outputs.app_version}}
-      description: Downloadarr is the collection of three tools (QBitTorrent, SabNZBd and FlareSolverr) for Usenet and BitTorrent users.
-      categories: Torrent, Usenet
-      project_source: https://wiki.servarr.com
-      distribution: debian
-      release: bookworm
-      architecture: ${{matrix.architectures}}
-      branch_name: ${{github.event.pull_request.base.ref}}
-      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
-    secrets: inherit
diff --git a/.github/workflows/build-gitea.yml b/.github/workflows/build-gitea.yml
deleted file mode 100644
index e49b038..0000000
--- a/.github/workflows/build-gitea.yml
+++ /dev/null
@@ -1,49 +0,0 @@
-name: Build Gitea LXC Image
-
-on:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - closed
-    branches:
-      - main
-    paths:
-      - '.github/workflows/build-gitea.yml'
-      - 'templates/gitea.yml'
-  schedule:
-    - cron: '0 2 * * *'
-
-jobs:
-  init:
-    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
-    runs-on: ubuntu-latest
-    steps:
-      - name: Get Application version
-        id: get-app-version
-        run: |
-          echo "APP_VERSION=$(curl -s https://dl.gitea.com/gitea/version.json| jq -r '.latest.version' | sed -E 's/^v|V|.+@//')" >> $GITHUB_OUTPUT
-    outputs:
-      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
-
-  image-build:
-    needs: init
-    strategy:
-      matrix:
-        architectures:
-          - amd64
-    uses: ./.github/workflows/builder.yml
-    with:
-      config_path: templates/gitea.yml
-      app_name: gitea
-      app_version: ${{needs.init.outputs.app_version}}
-      description: Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD.
-      categories: Git, CI CD, Dev
-      project_source: https://github.com/go-gitea/gitea
-      distribution: debian
-      release: bookworm
-      architecture: ${{matrix.architectures}}
-      branch_name: ${{github.event.pull_request.base.ref}}
-      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
-    secrets: inherit
diff --git a/.github/workflows/build-grafana.yml b/.github/workflows/build-grafana.yml
deleted file mode 100644
index 366e82f..0000000
--- a/.github/workflows/build-grafana.yml
+++ /dev/null
@@ -1,49 +0,0 @@
-name: Build Grafana LXC Image
-
-on:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - closed
-    branches:
-      - main
-    paths:
-      - '.github/workflows/build-grafana.yml'
-      - 'templates/grafana.yml'
-  schedule:
-    - cron: '0 2 * * *'
-
-jobs:
-  init:
-    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
-    runs-on: ubuntu-latest
-    steps:
-      - name: Get Application version
-        id: get-app-version
-        run: |
-          echo "APP_VERSION=$(curl -s https://github.com/grafana/grafana/releases/latest | jq -r '.tag_name' | sed -E 's/.*v|.*V|.+@| .*$//')" >> $GITHUB_OUTPUT
-    outputs:
-      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
-
-  image-build:
-    needs: init
-    strategy:
-      matrix:
-        architectures:
-          - amd64
-    uses: ./.github/workflows/builder.yml
-    with:
-      config_path: templates/grafana.yml
-      app_name: grafana
-      app_version: ${{needs.init.outputs.app_version}}
-      description: The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
-      categories: Monitoring, Dashboard, Analytics
-      project_source: https://github.com/grafana/grafana
-      distribution: debian
-      release: bookworm
-      architecture: ${{matrix.architectures}}
-      branch_name: ${{github.event.pull_request.base.ref}}
-      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
-    secrets: inherit
diff --git a/.github/workflows/build-homarr.yml b/.github/workflows/build-homarr.yml
deleted file mode 100644
index 0e265e5..0000000
--- a/.github/workflows/build-homarr.yml
+++ /dev/null
@@ -1,49 +0,0 @@
-name: Build Homarr LXC Image
-
-on:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - closed
-    branches:
-      - main
-    paths:
-      - '.github/workflows/build-homarr.yml'
-      - 'templates/homarr.yml'
-  schedule:
-    - cron: '0 1 */1 * *'
-
-jobs:
-  init:
-    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
-    runs-on: ubuntu-latest
-    steps:
-      - name: Get Application version
-        id: get-app-version
-        run: |
-          echo "APP_VERSION=$(curl -s https://api.github.com/repos/ajnart/homarr/releases/latest | jq -r '.tag_name' | sed -E 's/^v|V//')" >> $GITHUB_OUTPUT
-    outputs:
-      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
-
-  image-build:
-    needs: init
-    strategy:
-      matrix:
-        architectures:
-          - amd64
-    uses: ./.github/workflows/builder.yml
-    with:
-      config_path: templates/homarr.yml
-      app_name: homarr
-      app_version: ${{needs.init.outputs.app_version}}
-      description: A simple, yet powerful dashboard for your server.
-      categories: Homepage
-      project_source: https://github.com/ajnart/homarr
-      distribution: debian
-      release: bookworm
-      architecture: ${{matrix.architectures}}
-      branch_name: ${{github.event.pull_request.base.ref}}
-      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
-    secrets: inherit
diff --git a/.github/workflows/build-infisical.yml b/.github/workflows/build-infisical.yml
deleted file mode 100644
index ce05fc0..0000000
--- a/.github/workflows/build-infisical.yml
+++ /dev/null
@@ -1,50 +0,0 @@
-name: Build Infisical LXC Image
-
-on:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - closed
-    branches:
-      - main
-    paths:
-      - '.github/workflows/build-infisical.yml'
-      - 'templates/infisical.yml'
-  schedule:
-    - cron: '0 1 */1 * *'
-
-jobs:
-  init:
-    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
-    runs-on: ubuntu-latest
-    steps:
-      - name: Get Application version
-        id: get-app-version
-        run: |
-          DG=$(curl -s "https://hub.docker.com/v2/repositories/infisical/infisical/tags/" | jq -r '.results[] | select(.name |contains("latest-postgres"))|.digest')
-          echo "APP_VERSION=$(curl -s "https://hub.docker.com/v2/repositories/infisical/infisical/tags/"| jq --arg digest $DG -r '.results[] | select(.digest |contains($digest)) | select(.name |test("^v")) | .name' | sed -E 's/^(v|V)//' | sed -E 's/-postgres//')" >> $GITHUB_OUTPUT
-    outputs:
-      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
-
-  image-build:
-    needs: init
-    strategy:
-      matrix:
-        architectures:
-          - amd64
-    uses: ./.github/workflows/builder.yml
-    with:
-      config_path: templates/infisical.yml
-      app_name: infisical
-      app_version: ${{needs.init.outputs.app_version}}
-      description: Open Source all-in-one secret management platform to securely manage application configuration and secrets across your team and infrastructure.
-      categories: Secrets management, Security
-      project_source: https://github.com/Infisical/infisical
-      distribution: debian
-      release: bookworm
-      architecture: ${{matrix.architectures}}
-      branch_name: ${{github.event.pull_request.base.ref}}
-      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
-    secrets: inherit
diff --git a/.github/workflows/build-ittools.yml b/.github/workflows/build-ittools.yml
deleted file mode 100644
index 5a826bf..0000000
--- a/.github/workflows/build-ittools.yml
+++ /dev/null
@@ -1,49 +0,0 @@
-name: Build IT-Tools LXC Image
-
-on:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - closed
-    branches:
-      - main
-    paths:
-      - '.github/workflows/build-ittools.yml'
-      - 'templates/ittools.yml'
-  schedule:
-    - cron: '0 0 */1 * *'
-
-jobs:
-  init:
-    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
-    runs-on: ubuntu-latest
-    steps:
-      - name: Get Application version
-        id: get-app-version
-        run: |
-          echo "APP_VERSION=$(curl -s https://api.github.com/repos/CorentinTh/it-tools/releases/latest | jq -r '.tag_name' | sed -E 's/^v|V//')" >> $GITHUB_OUTPUT
-    outputs:
-      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
-
-  image-build:
-    needs: init
-    strategy:
-      matrix:
-        architectures:
-          - amd64
-    uses: ./.github/workflows/builder.yml
-    with:
-      config_path: templates/ittools.yml
-      app_name: it-tools
-      app_version: ${{needs.init.outputs.app_version}}
-      description: Useful tools for developers and peoples working in IT.
-      categories: Dev, Toolkit
-      project_source: https://github.com/CorentinTh/it-tools
-      distribution: debian
-      release: bookworm
-      architecture: ${{matrix.architectures}}
-      branch_name: ${{github.event.pull_request.base.ref}}
-      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
-    secrets: inherit
diff --git a/.github/workflows/build-jellyfin.yml b/.github/workflows/build-jellyfin.yml
deleted file mode 100644
index 375ab57..0000000
--- a/.github/workflows/build-jellyfin.yml
+++ /dev/null
@@ -1,49 +0,0 @@
-name: Build Jellyfin LXC Image
-
-on:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - closed
-    branches:
-      - main
-    paths:
-      - '.github/workflows/build-jellyfin.yml'
-      - 'templates/jellyfin.yml'
-  schedule:
-    - cron: '0 0 */15 * *'
-
-jobs:
-  init:
-    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
-    runs-on: ubuntu-latest
-    steps:
-      - name: Get Application version
-        id: get-app-version
-        run: |
-          echo "APP_VERSION=$(curl -s https://api.github.com/repos/jellyfin/jellyfin/releases/latest | jq -r '.tag_name' | sed -E 's/^v|V//')" >> $GITHUB_OUTPUT
-    outputs:
-      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
-
-  image-build:
-    needs: init
-    strategy:
-      matrix:
-        architectures:
-          - amd64
-    uses: ./.github/workflows/builder.yml
-    with:
-      config_path: templates/jellyfin.yml
-      app_name: jellyfin
-      app_version: ${{needs.init.outputs.app_version}}
-      description: A Free Software Media System to collect, manage, and stream your media.
-      categories: Media management, Streaming
-      project_source: https://github.com/jellyfin/jellyfin
-      distribution: debian
-      release: bookworm
-      architecture: ${{matrix.architectures}}
-      branch_name: ${{github.event.pull_request.base.ref}}
-      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
-    secrets: inherit
diff --git a/.github/workflows/build-jellyseerr.yml b/.github/workflows/build-jellyseerr.yml
deleted file mode 100644
index fff6548..0000000
--- a/.github/workflows/build-jellyseerr.yml
+++ /dev/null
@@ -1,49 +0,0 @@
-name: Build Jellyseerr LXC Image
-
-on:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - closed
-    branches:
-      - main
-    paths:
-      - '.github/workflows/build-jellyseerr.yml'
-      - 'templates/jellyseerr.yml'
-  schedule:
-    - cron: '0 0 */1 * *'
-
-jobs:
-  init:
-    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
-    runs-on: ubuntu-latest
-    steps:
-      - name: Get Application version
-        id: get-app-version
-        run: |
-          echo "APP_VERSION=$(curl -s https://api.github.com/repos/Fallenbagel/jellyseerr/releases/latest | jq -r '.tag_name' | sed -E 's/^v|V//')" >> $GITHUB_OUTPUT
-    outputs:
-      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
-
-  image-build:
-    needs: init
-    strategy:
-      matrix:
-        architectures:
-          - amd64
-    uses: ./.github/workflows/builder.yml
-    with:
-      config_path: templates/jellyseerr.yml
-      app_name: jellyseerr
-      app_version: ${{needs.init.outputs.app_version}}
-      description: Open source software application for managing requests for your media library.
-      categories: Media management
-      project_source: https://github.com/Fallenbagel/jellyseerr
-      distribution: debian
-      release: bookworm
-      architecture: ${{matrix.architectures}}
-      branch_name: ${{github.event.pull_request.base.ref}}
-      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
-    secrets: inherit
diff --git a/.github/workflows/build-jenkins.yml b/.github/workflows/build-jenkins.yml
deleted file mode 100644
index 4a7cb7c..0000000
--- a/.github/workflows/build-jenkins.yml
+++ /dev/null
@@ -1,49 +0,0 @@
-name: Build Jenkins LXC Image
-
-on:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - closed
-    branches:
-      - main
-    paths:
-      - '.github/workflows/build-jenkins.yml'
-      - 'templates/jenkins.yml'
-  schedule:
-    - cron: '0 0 */1 * *'
-
-jobs:
-  init:
-    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
-    runs-on: ubuntu-latest
-    steps:
-      - name: Get Application version
-        id: get-app-version
-        run: |
-          echo "APP_VERSION=$(curl -Ls https://updates.jenkins.io/stable/latestCore.txt | sed -E 's/^v|V//')" >> $GITHUB_OUTPUT
-    outputs:
-      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
-
-  image-build:
-    needs: init
-    strategy:
-      matrix:
-        architectures:
-          - amd64
-    uses: ./.github/workflows/builder.yml
-    with:
-      config_path: templates/jenkins.yml
-      app_name: jenkins
-      app_version: ${{needs.init.outputs.app_version}}
-      description: The leading open source automation server. Build great things at any scale.
-      categories: Automation, CI CD, Dev
-      project_source: https://github.com/jenkinsci/jenkins
-      distribution: debian
-      release: bookworm
-      architecture: ${{matrix.architectures}}
-      branch_name: ${{github.event.pull_request.base.ref}}
-      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
-    secrets: inherit
diff --git a/.github/workflows/build-jupyterlab.yml b/.github/workflows/build-jupyterlab.yml
deleted file mode 100644
index b4345fe..0000000
--- a/.github/workflows/build-jupyterlab.yml
+++ /dev/null
@@ -1,49 +0,0 @@
-name: Build JupyterLab LXC Image
-
-on:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - closed
-    branches:
-      - main
-    paths:
-      - '.github/workflows/build-jupyterlab.yml'
-      - 'templates/jupyterlab.yml'
-  schedule:
-    - cron: '0 1 */1 * *'
-
-jobs:
-  init:
-    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
-    runs-on: ubuntu-latest
-    steps:
-      - name: Get Application version
-        id: get-app-version
-        run: |
-          echo "APP_VERSION=$(curl -s https://api.github.com/repos/jupyterlab/jupyterlab/releases/latest | jq -r '.tag_name' | sed -E 's/^v|V//')" >> $GITHUB_OUTPUT
-    outputs:
-      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
-
-  image-build:
-    needs: init
-    strategy:
-      matrix:
-        architectures:
-          - amd64
-    uses: ./.github/workflows/builder.yml
-    with:
-      config_path: templates/jupyterlab.yml
-      app_name: jupyterlab
-      app_version: ${{needs.init.outputs.app_version}}
-      description: JupyterLab is the latest web-based interactive development environment for notebooks, code, and data.
-      categories: IDE, Python, Dev
-      project_source: https://github.com/jupyterlab/jupyterlab
-      distribution: debian
-      release: bookworm
-      architecture: ${{matrix.architectures}}
-      branch_name: ${{github.event.pull_request.base.ref}}
-      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
-    secrets: inherit
diff --git a/.github/workflows/build-kestra.yml b/.github/workflows/build-kestra.yml
deleted file mode 100644
index 950aa92..0000000
--- a/.github/workflows/build-kestra.yml
+++ /dev/null
@@ -1,49 +0,0 @@
-name: Build Kestra LXC Image
-
-on:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - closed
-    branches:
-      - main
-    paths:
-      - '.github/workflows/build-kestra.yml'
-      - 'templates/kestra.yml'
-  schedule:
-    - cron: '0 1 */1 * *'
-
-jobs:
-  init:
-    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
-    runs-on: ubuntu-latest
-    steps:
-      - name: Get Application version
-        id: get-app-version
-        run: |
-          echo "APP_VERSION=$(curl -s https://api.github.com/repos/kestra-io/kestra/releases/latest | jq -r '.tag_name' | sed -E 's/^v|V|.+@//')" >> $GITHUB_OUTPUT
-    outputs:
-      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
-
-  image-build:
-    needs: init
-    strategy:
-      matrix:
-        architectures:
-          - amd64
-    uses: ./.github/workflows/builder.yml
-    with:
-      config_path: templates/kestra.yml
-      app_name: kestra
-      app_version: ${{needs.init.outputs.app_version}}
-      description: Kestra is a free and open-source workflow orchestrator and automation tool.
-      categories: Automation, Orchestration
-      project_source: https://github.com/kestra-io/kestra
-      distribution: debian
-      release: bookworm
-      architecture: ${{matrix.architectures}}
-      branch_name: ${{github.event.pull_request.base.ref}}
-      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
-    secrets: inherit
diff --git a/.github/workflows/build-keycloak.yml b/.github/workflows/build-keycloak.yml
deleted file mode 100644
index a2703d8..0000000
--- a/.github/workflows/build-keycloak.yml
+++ /dev/null
@@ -1,49 +0,0 @@
-name: Build Keycloak LXC Image
-
-on:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - closed
-    branches:
-      - main
-    paths:
-      - '.github/workflows/build-keycloak.yml'
-      - 'templates/keycloak.yml'
-  schedule:
-    - cron: '0 1 */1 * *'
-
-jobs:
-  init:
-    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
-    runs-on: ubuntu-latest
-    steps:
-      - name: Get Application version
-        id: get-app-version
-        run: |
-          echo "APP_VERSION=$(curl -Ls  https://api.github.com/repos/keycloak/keycloak/releases/latest | jq -r '.tag_name' | sed -E 's/^v|V//')" >> $GITHUB_OUTPUT
-    outputs:
-      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
-
-  image-build:
-    needs: init
-    strategy:
-      matrix:
-        architectures:
-          - amd64
-    uses: ./.github/workflows/builder.yml
-    with:
-      config_path: templates/keycloak.yml
-      app_name: keycloak
-      app_version: ${{needs.init.outputs.app_version}}
-      description: Open Source Identity and Access Management.
-      categories: Identity, IAM, IDP, Security
-      project_source: https://github.com/keycloak/keycloak
-      distribution: debian
-      release: bookworm
-      architecture: ${{matrix.architectures}}
-      branch_name: ${{github.event.pull_request.base.ref}}
-      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
-    secrets: inherit
diff --git a/.github/workflows/build-lidarr.yml b/.github/workflows/build-lidarr.yml
deleted file mode 100644
index dc547c7..0000000
--- a/.github/workflows/build-lidarr.yml
+++ /dev/null
@@ -1,49 +0,0 @@
-name: Build LidARR LXC Image
-
-on:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - closed
-    branches:
-      - main
-    paths:
-      - '.github/workflows/build-lidarr.yml'
-      - 'templates/lidarr.yml'
-  schedule:
-    - cron: '0 3 * * *'
-
-jobs:
-  init:
-    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
-    runs-on: ubuntu-latest
-    steps:
-      - name: Get Application version
-        id: get-app-version
-        run: |
-          echo "APP_VERSION=$(curl -s https://api.github.com/repos/Lidarr/Lidarr/releases/latest | jq -r '.tag_name' | sed -E 's/^v|V|.+@//')" >> $GITHUB_OUTPUT
-    outputs:
-      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
-
-  image-build:
-    needs: init
-    strategy:
-      matrix:
-        architectures:
-          - amd64
-    uses: ./.github/workflows/builder.yml
-    with:
-      config_path: templates/lidarr.yml
-      app_name: lidarr
-      app_version: ${{needs.init.outputs.app_version}}
-      description: Lidarr is a music collection manager for Usenet and BitTorrent users.
-      categories: Media management
-      project_source: https://wiki.servarr.com/lidarr
-      distribution: debian
-      release: bookworm
-      architecture: ${{matrix.architectures}}
-      branch_name: ${{github.event.pull_request.base.ref}}
-      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
-    secrets: inherit
diff --git a/.github/workflows/build-matomo.yml b/.github/workflows/build-matomo.yml
deleted file mode 100644
index 71f89ab..0000000
--- a/.github/workflows/build-matomo.yml
+++ /dev/null
@@ -1,49 +0,0 @@
-name: Build Matomo LXC Image
-
-on:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - closed
-    branches:
-      - main
-    paths:
-      - '.github/workflows/build-matomo.yml'
-      - 'templates/matomo.yml'
-  schedule:
-    - cron: '0 1 */1 * *'
-
-jobs:
-  init:
-    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
-    runs-on: ubuntu-latest
-    steps:
-      - name: Get Application version
-        id: get-app-version
-        run: |
-          echo "APP_VERSION=$(curl -s https://api.github.com/repos/matomo-org/matomo/releases/latest | jq -r '.tag_name' | sed -E 's/^v|V|.+@//')" >> $GITHUB_OUTPUT
-    outputs:
-      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
-
-  image-build:
-    needs: init
-    strategy:
-      matrix:
-        architectures:
-          - amd64
-    uses: ./.github/workflows/builder.yml
-    with:
-      config_path: templates/matomo.yml
-      app_name: matomo
-      app_version: ${{needs.init.outputs.app_version}}
-      description: Google Analytics alternative that protects your data and your customers' privacy.
-      categories: Analytics, SEO, Tracking
-      project_source: https://github.com/matomo-org/matomo
-      distribution: debian
-      release: bookworm
-      architecture: ${{matrix.architectures}}
-      branch_name: ${{github.event.pull_request.base.ref}}
-      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
-    secrets: inherit
diff --git a/.github/workflows/build-n8n.yml b/.github/workflows/build-n8n.yml
deleted file mode 100644
index 7e2184e..0000000
--- a/.github/workflows/build-n8n.yml
+++ /dev/null
@@ -1,49 +0,0 @@
-name: Build n8n LXC Image
-
-on:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - closed
-    branches:
-      - main
-    paths:
-      - '.github/workflows/build-n8n.yml'
-      - 'templates/n8n.yml'
-  schedule:
-    - cron: '0 1 */1 * *'
-
-jobs:
-  init:
-    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
-    runs-on: ubuntu-latest
-    steps:
-      - name: Get Application version
-        id: get-app-version
-        run: |
-          echo "APP_VERSION=$(curl -s https://api.github.com/repos/n8n-io/n8n/releases/latest | jq -r '.tag_name' | sed -E 's/^v|V|.+@//')" >> $GITHUB_OUTPUT
-    outputs:
-      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
-
-  image-build:
-    needs: init
-    strategy:
-      matrix:
-        architectures:
-          - amd64
-    uses: ./.github/workflows/builder.yml
-    with:
-      config_path: templates/n8n.yml
-      app_name: n8n
-      app_version: ${{needs.init.outputs.app_version}}
-      description: n8n is a free and source-available workflow automation tool.
-      categories: Automation, Workflows
-      project_source: https://github.com/n8n-io/n8n
-      distribution: debian
-      release: bookworm
-      architecture: ${{matrix.architectures}}
-      branch_name: ${{github.event.pull_request.base.ref}}
-      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
-    secrets: inherit
diff --git a/.github/workflows/build-nextcloud.yml b/.github/workflows/build-nextcloud.yml
deleted file mode 100644
index ff6dd97..0000000
--- a/.github/workflows/build-nextcloud.yml
+++ /dev/null
@@ -1,49 +0,0 @@
-name: Build NextCloud LXC Image
-
-on:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - closed
-    branches:
-      - main
-    paths:
-      - '.github/workflows/build-nextcloud.yml'
-      - 'templates/nextcloud.yml'
-  schedule:
-    - cron: '0 1 */1 * *'
-
-jobs:
-  init:
-    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
-    runs-on: ubuntu-latest
-    steps:
-      - name: Get Application version
-        id: get-app-version
-        run: |
-          echo "APP_VERSION=$(curl -s https://api.github.com/repos/nextcloud/server/releases/latest | jq -r '.tag_name' | sed -E 's/^v|V|.+@//')" >> $GITHUB_OUTPUT
-    outputs:
-      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
-
-  image-build:
-    needs: init
-    strategy:
-      matrix:
-        architectures:
-          - amd64
-    uses: ./.github/workflows/builder.yml
-    with:
-      config_path: templates/nextcloud.yml
-      app_name: nextcloud
-      app_version: ${{needs.init.outputs.app_version}}
-      description: Fully open-source, on-premises content collaboration platform.
-      categories: Personal Cloud, Data Privacy
-      project_source: https://github.com/nextcloud/server
-      distribution: debian
-      release: bookworm
-      architecture: ${{matrix.architectures}}
-      branch_name: ${{github.event.pull_request.base.ref}}
-      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
-    secrets: inherit
diff --git a/.github/workflows/build-nodered.yml b/.github/workflows/build-nodered.yml
deleted file mode 100644
index 03dd881..0000000
--- a/.github/workflows/build-nodered.yml
+++ /dev/null
@@ -1,49 +0,0 @@
-name: Build Node-RED LXC Image
-
-on:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - closed
-    branches:
-      - main
-    paths:
-      - '.github/workflows/build-nodered.yml'
-      - 'templates/nodered.yml'
-  schedule:
-    - cron: '0 2 * * *'
-
-jobs:
-  init:
-    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
-    runs-on: ubuntu-latest
-    steps:
-      - name: Get Application version
-        id: get-app-version
-        run: |
-          echo "APP_VERSION=$(curl -s https://github.com/node-red/node-red/releases/latest | jq -r '.tag_name' | sed -E 's/.*v|.*V|.+@| .*$//')" >> $GITHUB_OUTPUT
-    outputs:
-      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
-
-  image-build:
-    needs: init
-    strategy:
-      matrix:
-        architectures:
-          - amd64
-    uses: ./.github/workflows/builder.yml
-    with:
-      config_path: templates/nodered.yml
-      app_name: nodered
-      app_version: ${{needs.init.outputs.app_version}}
-      description: Low-code programming for event-driven applications
-      categories: Automation, Workflows
-      project_source: https://github.com/node-red/node-red
-      distribution: debian
-      release: bookworm
-      architecture: ${{matrix.architectures}}
-      branch_name: ${{github.event.pull_request.base.ref}}
-      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
-    secrets: inherit
diff --git a/.github/workflows/build-omada.yml b/.github/workflows/build-omada.yml
deleted file mode 100644
index 7af25fc..0000000
--- a/.github/workflows/build-omada.yml
+++ /dev/null
@@ -1,51 +0,0 @@
-name: Build Omada LXC Image
-
-on:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - closed
-    branches:
-      - main
-    paths:
-      - '.github/workflows/build-omada.yml'
-      - 'templates/omada.yml'
-  schedule:
-    - cron: '0 1 */1 * *'
-
-jobs:
-  init:
-    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
-    runs-on: ubuntu-latest
-    steps:
-      - name: Get Application version
-        id: get-app-version
-        run: |
-          echo "APP_VERSION=$(echo $(curl -fsSL "https://www.tp-link.com/en/support/download/omada-software-controller/"|grep -io "https.*Omada_SDN_Controller.*linux_x64.deb"|head -n1) |grep -oE "v[0-9]+.[0-9]+.[0-9]+"| sed -E 's/^v|V|.+@//')" >> $GITHUB_OUTPUT
-    outputs:
-      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
-
-  image-build:
-    needs: init
-    strategy:
-      matrix:
-        architectures:
-          - amd64
-    uses: ./.github/workflows/builder.yml
-    with:
-      config_path: templates/omada.yml
-      app_name: omada
-      app_version: ${{needs.init.outputs.app_version}}
-      description: |
-        Omada SDN Controller Solution offers centralized and efficient management for configuring enterprise
-        networks comprised of security gateways, switches, and wireless access points.
-      categories: SDN, Networks
-      project_source: https://www.tp-link.com/en/support/download/omada-software-controller
-      distribution: debian
-      release: buster
-      architecture: ${{matrix.architectures}}
-      branch_name: ${{github.event.pull_request.base.ref}}
-      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
-    secrets: inherit
diff --git a/.github/workflows/build-prowlarr.yml b/.github/workflows/build-prowlarr.yml
deleted file mode 100644
index da6d9ff..0000000
--- a/.github/workflows/build-prowlarr.yml
+++ /dev/null
@@ -1,49 +0,0 @@
-name: Build ProwlARR LXC Image
-
-on:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - closed
-    branches:
-      - main
-    paths:
-      - '.github/workflows/build-prowlarr.yml'
-      - 'templates/prowlarr.yml'
-  schedule:
-    - cron: '0 3 * * *'
-
-jobs:
-  init:
-    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
-    runs-on: ubuntu-latest
-    steps:
-      - name: Get Application version
-        id: get-app-version
-        run: |
-          echo "APP_VERSION=$(curl -s https://api.github.com/repos/Prowlarr/Prowlarr/releases/latest | jq -r '.tag_name' | sed -E 's/^v|V|.+@//')" >> $GITHUB_OUTPUT
-    outputs:
-      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
-
-  image-build:
-    needs: init
-    strategy:
-      matrix:
-        architectures:
-          - amd64
-    uses: ./.github/workflows/builder.yml
-    with:
-      config_path: templates/prowlarr.yml
-      app_name: prowlarr
-      app_version: ${{needs.init.outputs.app_version}}
-      description: Prowlarr is an indexer manager/proxy built on the popular arr .net/reactjs base stack to integrate with your various PVR apps.
-      categories: Media management
-      project_source: https://wiki.servarr.com/prowlarr
-      distribution: debian
-      release: bookworm
-      architecture: ${{matrix.architectures}}
-      branch_name: ${{github.event.pull_request.base.ref}}
-      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
-    secrets: inherit
diff --git a/.github/workflows/build-radarr.yml b/.github/workflows/build-radarr.yml
deleted file mode 100644
index 6bfb9d3..0000000
--- a/.github/workflows/build-radarr.yml
+++ /dev/null
@@ -1,49 +0,0 @@
-name: Build RadARR LXC Image
-
-on:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - closed
-    branches:
-      - main
-    paths:
-      - '.github/workflows/build-radarr.yml'
-      - 'templates/radarr.yml'
-  schedule:
-    - cron: '0 3 * * *'
-
-jobs:
-  init:
-    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
-    runs-on: ubuntu-latest
-    steps:
-      - name: Get Application version
-        id: get-app-version
-        run: |
-          echo "APP_VERSION=$(curl -s https://api.github.com/repos/Radarr/Radarr/releases/latest | jq -r '.tag_name' | sed -E 's/^v|V|.+@//')" >> $GITHUB_OUTPUT
-    outputs:
-      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
-
-  image-build:
-    needs: init
-    strategy:
-      matrix:
-        architectures:
-          - amd64
-    uses: ./.github/workflows/builder.yml
-    with:
-      config_path: templates/radarr.yml
-      app_name: radarr
-      app_version: ${{needs.init.outputs.app_version}}
-      description: Radarr is a movie collection manager for Usenet and BitTorrent users.
-      categories: Media management
-      project_source: https://wiki.servarr.com/radarr
-      distribution: debian
-      release: bookworm
-      architecture: ${{matrix.architectures}}
-      branch_name: ${{github.event.pull_request.base.ref}}
-      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
-    secrets: inherit
diff --git a/.github/workflows/build-readarr.yml b/.github/workflows/build-readarr.yml
deleted file mode 100644
index cacd1cf..0000000
--- a/.github/workflows/build-readarr.yml
+++ /dev/null
@@ -1,49 +0,0 @@
-name: Build ReadARR LXC Image
-
-on:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - closed
-    branches:
-      - main
-    paths:
-      - '.github/workflows/build-readarr.yml'
-      - 'templates/readarr.yml'
-  schedule:
-    - cron: '0 3 * * *'
-
-jobs:
-  init:
-    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
-    runs-on: ubuntu-latest
-    steps:
-      - name: Get Application version
-        id: get-app-version
-        run: |
-          echo "APP_VERSION=$(curl -s https://api.github.com/repos/Readarr/Readarr/releases/latest | jq -r '.tag_name' | sed -E 's/^v|V|.+@//')" >> $GITHUB_OUTPUT
-    outputs:
-      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
-
-  image-build:
-    needs: init
-    strategy:
-      matrix:
-        architectures:
-          - amd64
-    uses: ./.github/workflows/builder.yml
-    with:
-      config_path: templates/readarr.yml
-      app_name: readarr
-      app_version: ${{needs.init.outputs.app_version}}
-      description: Readarr is an eBook and audiobook collection manager for Usenet and BitTorrent users.
-      categories: Media management
-      project_source: https://wiki.servarr.com/readarr
-      distribution: debian
-      release: bookworm
-      architecture: ${{matrix.architectures}}
-      branch_name: ${{github.event.pull_request.base.ref}}
-      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
-    secrets: inherit
diff --git a/.github/workflows/build-servarr.yml b/.github/workflows/build-servarr.yml
deleted file mode 100644
index 07bfa3b..0000000
--- a/.github/workflows/build-servarr.yml
+++ /dev/null
@@ -1,49 +0,0 @@
-name: Build ServARR LXC Image
-
-on:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - closed
-    branches:
-      - main
-    paths:
-      - '.github/workflows/build-servarr.yml'
-      - 'templates/servarr.yml'
-  schedule:
-    - cron: '0 0 1 * *'
-
-jobs:
-  init:
-    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
-    runs-on: ubuntu-latest
-    steps:
-      - name: Get Application version
-        id: get-app-version
-        run: |
-          echo "APP_VERSION=$(date +%Y-%m)" >> $GITHUB_OUTPUT
-    outputs:
-      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
-
-  image-build:
-    needs: init
-    strategy:
-      matrix:
-        architectures:
-          - amd64
-    uses: ./.github/workflows/builder.yml
-    with:
-      config_path: templates/servarr.yml
-      app_name: servarr
-      app_version: ${{needs.init.outputs.app_version}}
-      description: Media organizer/manager stack (ARR) for usenet and torrent users. This stack includes QBitTorrent, SABnzbd, FlareSolverr, Bazarr and the ARR stack.
-      categories: Media management
-      project_source: https://wiki.servarr.com
-      distribution: debian
-      release: bookworm
-      architecture: ${{matrix.architectures}}
-      branch_name: ${{github.event.pull_request.base.ref}}
-      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
-    secrets: inherit
diff --git a/.github/workflows/build-sonarr.yml b/.github/workflows/build-sonarr.yml
deleted file mode 100644
index e2ab999..0000000
--- a/.github/workflows/build-sonarr.yml
+++ /dev/null
@@ -1,49 +0,0 @@
-name: Build SonARR LXC Image
-
-on:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - closed
-    branches:
-      - main
-    paths:
-      - '.github/workflows/build-sonarr.yml'
-      - 'templates/sonarr.yml'
-  schedule:
-    - cron: '0 2 * * *'
-
-jobs:
-  init:
-    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
-    runs-on: ubuntu-latest
-    steps:
-      - name: Get Application version
-        id: get-app-version
-        run: |
-          echo "APP_VERSION=$(curl -s https://api.github.com/repos/Sonarr/Sonarr/releases/latest | jq -r '.tag_name' | sed -E 's/^v|V|.+@//')" >> $GITHUB_OUTPUT
-    outputs:
-      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
-
-  image-build:
-    needs: init
-    strategy:
-      matrix:
-        architectures:
-          - amd64
-    uses: ./.github/workflows/builder.yml
-    with:
-      config_path: templates/sonarr.yml
-      app_name: sonarr
-      app_version: ${{needs.init.outputs.app_version}}
-      description: Sonarr is a PVR for Usenet and BitTorrent users.
-      categories: Media management
-      project_source: https://wiki.servarr.com/sonarr
-      distribution: debian
-      release: bookworm
-      architecture: ${{matrix.architectures}}
-      branch_name: ${{github.event.pull_request.base.ref}}
-      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
-    secrets: inherit
diff --git a/.github/workflows/build-tester.yml b/.github/workflows/build-tester.yml
index a5fa838..1d6c192 100644
--- a/.github/workflows/build-tester.yml
+++ b/.github/workflows/build-tester.yml
@@ -10,28 +10,22 @@ on:
     branches:
       - main
     paths:
-      - '.github/publish_build.hurl'
-      - '.github/workflows/builder.yml'
-      - '.github/workflows/build-tester.yml'
+      - ".github/publish_build.hurl"
+      - ".github/workflows/builder.yml"
+      - ".github/workflows/build-tester.yml"
 
 jobs:
+  init:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+
   image-build:
     if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
-    strategy:
-      matrix:
-        architectures:
-          - amd64
     uses: ./.github/workflows/builder.yml
     with:
       config_path: templates/debian-test.yml
-      app_name: dummy_app
-      app_version: '0.0.0'
-      description: Dummy test
-      categories: test, dummy
-      project_source: https://github.com/soubinan/homelab-lxc
-      distribution: debian
-      release: bookworm
-      architecture: ${{matrix.architectures}}
       branch_name: test
       is_merged: false
     secrets: inherit
diff --git a/.github/workflows/build-vault.yml b/.github/workflows/build-vault.yml
deleted file mode 100644
index baf49ad..0000000
--- a/.github/workflows/build-vault.yml
+++ /dev/null
@@ -1,49 +0,0 @@
-name: Build Vault LXC Image
-
-on:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - closed
-    branches:
-      - main
-    paths:
-      - '.github/workflows/build-vault.yml'
-      - 'templates/vault.yml'
-  schedule:
-    - cron: '0 0 */1 * *'
-
-jobs:
-  init:
-    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
-    runs-on: ubuntu-latest
-    steps:
-      - name: Get Application version
-        id: get-app-version
-        run: |
-          echo "APP_VERSION=$(curl -s https://api.github.com/repos/hashicorp/vault/releases/latest | jq -r '.tag_name' | sed -E 's/^v|V|.+@//')" >> $GITHUB_OUTPUT
-    outputs:
-      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
-
-  image-build:
-    needs: init
-    strategy:
-      matrix:
-        architectures:
-          - amd64
-    uses: ./.github/workflows/builder.yml
-    with:
-      config_path: templates/vault.yml
-      app_name: vault
-      app_version: ${{needs.init.outputs.app_version}}
-      description: Vault is a free and source-available secrets management tool / secrets store.
-      categories: Secrets management, Security
-      project_source: https://github.com/hashicorp/vault
-      distribution: debian
-      release: bookworm
-      architecture: ${{matrix.architectures}}
-      branch_name: ${{github.event.pull_request.base.ref}}
-      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
-    secrets: inherit
diff --git a/.github/workflows/build-whisparr.yml b/.github/workflows/build-whisparr.yml
deleted file mode 100644
index a524dc3..0000000
--- a/.github/workflows/build-whisparr.yml
+++ /dev/null
@@ -1,49 +0,0 @@
-name: Build WhispARR LXC Image
-
-on:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - closed
-    branches:
-      - main
-    paths:
-      - '.github/workflows/build-whisparr.yml'
-      - 'templates/whisparr.yml'
-  schedule:
-    - cron: '0 2 * * *'
-
-jobs:
-  init:
-    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
-    runs-on: ubuntu-latest
-    steps:
-      - name: Get Application version
-        id: get-app-version
-        run: |
-          echo "APP_VERSION=$(curl -s https://api.github.com/repos/Whisparr/Whisparr/releases/latest | jq -r '.tag_name' | sed -E 's/^v|V|.+@//')" >> $GITHUB_OUTPUT
-    outputs:
-      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
-
-  image-build:
-    needs: init
-    strategy:
-      matrix:
-        architectures:
-          - amd64
-    uses: ./.github/workflows/builder.yml
-    with:
-      config_path: templates/whisparr.yml
-      app_name: whisparr
-      app_version: ${{needs.init.outputs.app_version}}
-      description: Whisparr is an adult video collection manager for Usenet and BitTorrent users.
-      categories: Media management
-      project_source: https://wiki.servarr.com/whisparr
-      distribution: debian
-      release: bookworm
-      architecture: ${{matrix.architectures}}
-      branch_name: ${{github.event.pull_request.base.ref}}
-      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
-    secrets: inherit
diff --git a/.github/workflows/build-zitadel.yml b/.github/workflows/build-zitadel.yml
deleted file mode 100644
index ac244d5..0000000
--- a/.github/workflows/build-zitadel.yml
+++ /dev/null
@@ -1,49 +0,0 @@
-name: Build Zitadel LXC Image
-
-on:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - closed
-    branches:
-      - main
-    paths:
-      - '.github/workflows/build-zitadel.yml'
-      - 'templates/zitadel.yml'
-  schedule:
-    - cron: '0 0 */1 * *'
-
-jobs:
-  init:
-    if: github.event.action != 'closed' || (github.event.action == 'closed' && github.event.pull_request.merged)
-    runs-on: ubuntu-latest
-    steps:
-      - name: Get Application version
-        id: get-app-version
-        run: |
-          echo "APP_VERSION=$(curl -s https://api.github.com/repos/zitadel/zitadel/releases/latest | jq -r '.tag_name' | sed -E 's/^v|V|.+@//')" >> $GITHUB_OUTPUT
-    outputs:
-      app_version: ${{steps.get-app-version.outputs.APP_VERSION}}
-
-  image-build:
-    needs: init
-    strategy:
-      matrix:
-        architectures:
-          - amd64
-    uses: ./.github/workflows/builder.yml
-    with:
-      config_path: templates/zitadel.yml
-      app_name: zitadel
-      app_version: ${{needs.init.outputs.app_version}}
-      description: Zitadel is a free and open-source secure authentication management tool.
-      categories: IAM, Authentication
-      project_source: https://github.com/zitadel/zitadel
-      distribution: debian
-      release: bookworm
-      architecture: ${{matrix.architectures}}
-      branch_name: ${{github.event.pull_request.base.ref}}
-      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
-    secrets: inherit
diff --git a/.github/workflows/builder.yml b/.github/workflows/builder.yml
index eb46a4a..0d12868 100644
--- a/.github/workflows/builder.yml
+++ b/.github/workflows/builder.yml
@@ -6,30 +6,6 @@ on:
       config_path:
         required: true
         type: string
-      app_name:
-        required: true
-        type: string
-      app_version:
-        required: true
-        type: string
-      description:
-        required: true
-        type: string
-      categories:
-        required: true
-        type: string
-      project_source:
-        required: true
-        type: string
-      distribution:
-        required: true
-        type: string
-      architecture:
-        required: true
-        type: string
-      release:
-        required: true
-        type: string
       branch_name:
         required: true
         type: string
@@ -47,62 +23,100 @@ on:
         required: true
 
 jobs:
+  init:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+
+      - name: Get params
+        id: get-params
+        run: |
+          GET_VERSION_COMMAND=$(eval "$(cat ${{inputs.config_path}} | yq -r '.metadata.get_version_command') | sed -E 's/^[vV]//'")
+
+          echo "APP_VERSION=$(echo $GET_VERSION_COMMAND)" | tee -a $GITHUB_OUTPUT
+          echo "APP_NAME=$(cat ${{inputs.config_path}} | yq -r '.metadata.name = (.metadata.name | downcase) | .metadata.name')" | tee -a $GITHUB_OUTPUT
+          echo "DESCRIPTION=$(cat ${{inputs.config_path}} | yq -r '.metadata.description = (.metadata.description | downcase) | .metadata.description')" | tee -a $GITHUB_OUTPUT
+          echo "CATEGORIES=$(cat ${{inputs.config_path}} | yq -r '.metadata.categories = (.metadata.categories | downcase) | .metadata.categories')" | tee -a $GITHUB_OUTPUT
+          echo "PROJECT_SOURCE=$(cat ${{inputs.config_path}} | yq -r '.metadata.project_source = (.metadata.project_source | downcase) | .metadata.project_source')" | tee -a $GITHUB_OUTPUT
+          echo "DISTRIBUTION=$(cat ${{inputs.config_path}} | yq -r '.metadata.distribution = (.metadata.distribution | downcase) | .metadata.distribution')" | tee -a $GITHUB_OUTPUT
+          echo "ARCHITECTURES=$(cat ${{inputs.config_path}} | yq -r '.metadata.architectures' -o json -I=0)" | tee -a $GITHUB_OUTPUT
+          echo "RELEASE=$(cat ${{inputs.config_path}} | yq -r '.metadata.release = (.metadata.release | downcase) | .metadata.release')" | tee -a $GITHUB_OUTPUT
+    outputs:
+      app_name: ${{steps.get-params.outputs.APP_NAME}}
+      app_version: ${{steps.get-params.outputs.APP_VERSION}}
+      description: ${{steps.get-params.outputs.DESCRIPTION}}
+      categories: ${{steps.get-params.outputs.CATEGORIES}}
+      project_source: ${{steps.get-params.outputs.PROJECT_SOURCE}}
+      distribution: ${{steps.get-params.outputs.DISTRIBUTION}}
+      architectures: ${{steps.get-params.outputs.ARCHITECTURES}}
+      release: ${{steps.get-params.outputs.RELEASE}}
+
   image-build:
-    if: ${{inputs.app_version}} != "null" && ${{inputs.app_version}} != ""
+    needs: init
+    if: ${{needs.init.outputs.app_version}} != "null" && ${{needs.init.outputs.app_version}} != ""
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        architectures: ${{ fromJson(needs.init.outputs.architectures) }}
     steps:
       - name: Check submitted version
         id: version-check
         run: |
-          SUBMITTED_BUILD_ID=${{inputs.app_name}}-${{inputs.app_version}}-${{inputs.architecture}}
-          CHECKED_BUILD_ID=$(curl -sLX POST $HOMELAB_LXC_EP -H "Content-Type: application/json" -d '{"query":"query CheckBuildID { build(where: {buildId: \"${{inputs.app_name}}-${{inputs.app_version}}-${{inputs.architecture}}\"}) { buildId } }"}'| jq -r '.data.build.buildId')
+          SUBMITTED_BUILD_ID=${{needs.init.outputs.app_name}}-${{needs.init.outputs.app_version}}-${{matrix.architectures}}
+          CHECKED_BUILD_ID=$(curl -sLX POST $HOMELAB_LXC_EP -H "Content-Type: application/json" -d '{"query":"query CheckBuildID { build(where: {buildId: \"${{needs.init.outputs.app_name}}-${{needs.init.outputs.app_version}}-${{matrix.architectures}}\"}) { buildId } }"}' | jq -r '.data.build.buildId')
           echo "SUBMITTED_BUILD_ID=$SUBMITTED_BUILD_ID" >> $GITHUB_OUTPUT
           echo "CHECKED_BUILD_ID=$CHECKED_BUILD_ID" >> $GITHUB_OUTPUT
         env:
           HOMELAB_LXC_EP: ${{secrets.HOMELAB_LXC_EP}}
 
+      - name: Check necessary steps
+        id: validity-checks
+        run: |
+          echo "IS_BUILDABLE=${{github.event_name != 'schedule' || (steps.version-check.outputs.SUBMITTED_BUILD_ID != steps.version-check.outputs.CHECKED_BUILD_ID && github.event_name == 'schedule')}}" >> $GITHUB_OUTPUT
+          echo "IS_PUBLISHABLE=${{inputs.branch_name == 'test' || (steps.version-check.outputs.SUBMITTED_BUILD_ID != steps.version-check.outputs.CHECKED_BUILD_ID && github.event_name == 'schedule') || (inputs.branch_name == 'main' && inputs.is_merged == true)}}" >> $GITHUB_OUTPUT
+
       - name: Check out repository
         uses: actions/checkout@v4
+        if: ${{steps.validity-checks.outputs.IS_BUILDABLE}} == true
 
       - name: Install required tools
-        if: github.event_name != 'schedule' || (steps.version-check.outputs.SUBMITTED_BUILD_ID != steps.version-check.outputs.CHECKED_BUILD_ID && github.event_name == 'schedule')
+        if: ${{steps.validity-checks.outputs.IS_BUILDABLE}} == true
         run: |
           sudo apt-get update -y
-          sudo apt-get install -y debootstrap squashfs-tools jq wget curl unzip python3 python3-pip
+          sudo apt-get install -y debootstrap squashfs-tools wget unzip python3 python3-pip
           sudo snap install distrobuilder --classic
-          mkdir -p /tmp/output/${{inputs.app_name}}
-          mkdir -p /tmp/cache/${{inputs.app_name}}
-          HURL_VERSION=$(curl -s https://api.github.com/repos/Orange-OpenSource/hurl/releases/latest |jq -r '.tag_name')
+          mkdir -p /tmp/output/${{needs.init.outputs.app_name}}
+          mkdir -p /tmp/cache/${{needs.init.outputs.app_name}}
+          HURL_VERSION=$(curl -s https://api.github.com/repos/Orange-OpenSource/hurl/releases/latest | jq -r '.tag_name')
           curl --silent --location https://github.com/Orange-OpenSource/hurl/releases/download/${HURL_VERSION}/hurl-${HURL_VERSION}-x86_64-unknown-linux-gnu.tar.gz | tar xvz -C /tmp
           sudo cp /tmp/hurl-${HURL_VERSION}-x86_64-unknown-linux-gnu/bin/* /usr/bin/
           sudo -v ; curl https://rclone.org/install.sh | sudo bash
           sudo -v ; wget -q https://kcl-lang.io/script/install-cli.sh -O - | sudo bash
-          sudo wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq && sudo chmod +x /usr/bin/yq
 
       - name: Create Distrobuilder LXC template file
-        if: github.event_name != 'schedule' || (steps.version-check.outputs.SUBMITTED_BUILD_ID != steps.version-check.outputs.CHECKED_BUILD_ID && github.event_name == 'schedule')
+        if: ${{steps.validity-checks.outputs.IS_BUILDABLE}} == true
         run: |
-          yq eval '. as $root | {"kcl_options": [{"key": "build-instructions", "value": $root}]}' ${{github.workspace}}/${{inputs.config_path}} > ${{github.workspace}}/${{inputs.config_path}}_repacked.yaml
-          kcl ${{github.workspace}}/templates/__debian_base.k -Y ${{github.workspace}}/${{inputs.config_path}}_repacked.yaml > ${{github.workspace}}/lxc-template.yml
+          kcl run ${{github.workspace}}/__layout.k -D input=${{github.workspace}}/${{inputs.config_path}} -o /tmp/${{needs.init.outputs.app_name}}.build
 
       - name: Build Image
-        if: github.event_name != 'schedule' || (steps.version-check.outputs.SUBMITTED_BUILD_ID != steps.version-check.outputs.CHECKED_BUILD_ID && github.event_name == 'schedule')
+        if: ${{steps.validity-checks.outputs.IS_BUILDABLE}} == true
         run: |
-          sudo distrobuilder --cache-dir /tmp/cache/${{inputs.app_name}} build-lxc ${{github.workspace}}/lxc-template.yml -o image.distribution=${{inputs.distribution}} -o image.architecture=${{inputs.architecture}} -o image.release=${{inputs.release}} -o image.serial="${{inputs.app_version}}" -o source.url="http://ftp.us.debian.org/debian" /tmp/output/${{inputs.app_name}}/
-          mv /tmp/output/${{inputs.app_name}}/rootfs.tar.xz ./${{inputs.app_name}}-${{inputs.app_version}}-${{inputs.architecture}}-root.tar.xz
-          mv /tmp/output/${{inputs.app_name}}/meta.tar.xz ./${{inputs.app_name}}-${{inputs.app_version}}-${{inputs.architecture}}-meta.tar.xz
-          echo "ARTIFACT_SIZE=$(du -sh ./${{inputs.app_name}}-${{inputs.app_version}}-${{inputs.architecture}}-root.tar.xz| cut -f 1)" >> $GITHUB_ENV
+          sudo distrobuilder --cache-dir /tmp/cache/${{needs.init.outputs.app_name}} build-lxc /tmp/${{needs.init.outputs.app_name}}.build -o image.serial="${{needs.init.outputs.app_version}}" -o image.architecture=${{matrix.architectures}} /tmp/output/${{needs.init.outputs.app_name}}/
+          mv /tmp/output/${{needs.init.outputs.app_name}}/rootfs.tar.xz ./${{needs.init.outputs.app_name}}-${{needs.init.outputs.app_version}}-${{matrix.architectures}}-root.tar.xz
+          mv /tmp/output/${{needs.init.outputs.app_name}}/meta.tar.xz ./${{needs.init.outputs.app_name}}-${{needs.init.outputs.app_version}}-${{matrix.architectures}}-meta.tar.xz
+          echo "ARTIFACT_SIZE=$(du -sh ./${{needs.init.outputs.app_name}}-${{needs.init.outputs.app_version}}-${{matrix.architectures}}-root.tar.xz | cut -f 1)" >> $GITHUB_ENV
           pwd && ls -lash
 
       - name: Publish Image files
-        if: inputs.branch_name == 'test' || (steps.version-check.outputs.SUBMITTED_BUILD_ID != steps.version-check.outputs.CHECKED_BUILD_ID && github.event_name == 'schedule') || (inputs.branch_name == 'main' && inputs.is_merged == true)
+        if: ${{steps.validity-checks.outputs.IS_PUBLISHABLE}} == true
         run: |
           cat << EOF > /tmp/rclone.conf
           $RCLONE_CONFIG
           EOF
           echo
-          rclone copy ./${{inputs.app_name}}-${{inputs.app_version}}-${{inputs.architecture}}-root.tar.xz cloudflare:lxc-images --config /tmp/rclone.conf
-          rclone copy ./${{inputs.app_name}}-${{inputs.app_version}}-${{inputs.architecture}}-meta.tar.xz cloudflare:lxc-images --config /tmp/rclone.conf
+          rclone copy ./${{needs.init.outputs.app_name}}-${{needs.init.outputs.app_version}}-${{matrix.architectures}}-root.tar.xz cloudflare:lxc-images --config /tmp/rclone.conf
+          rclone copy ./${{needs.init.outputs.app_name}}-${{needs.init.outputs.app_version}}-${{matrix.architectures}}-meta.tar.xz cloudflare:lxc-images --config /tmp/rclone.conf
           echo
           echo 'LXC Image published successfully !'
         env:
@@ -110,17 +124,17 @@ jobs:
           RCLONE_CONFIG_PASS: ${{secrets.RCLONE_CONFIG_PASS}}
 
       - name: Publish Image metadata
-        if: inputs.branch_name == 'test' || (steps.version-check.outputs.SUBMITTED_BUILD_ID != steps.version-check.outputs.CHECKED_BUILD_ID && github.event_name == 'schedule') || (inputs.branch_name == 'main' && inputs.is_merged == true)
+        if: ${{steps.validity-checks.outputs.IS_PUBLISHABLE}} == true
         run: |
-          CATEGORIES_STR="${{inputs.categories}}"
-          CATEGORIES_FMT=$(echo "[\"$CATEGORIES_STR\"]" | sed -E 's/^\["[ ,]+/["/g' | sed -E 's/[ ,]+"]$/"]/g'| sed -E 's/ *, */","/g')
+          CATEGORIES_STR="${{needs.init.outputs.categories}}"
+          CATEGORIES_FMT=$(echo "[\"$CATEGORIES_STR\"]" | sed -E 's/^\["[ ,]+/["/g' | sed -E 's/[ ,]+"]$/"]/g' | sed -E 's/ *, */","/g')
 
           hurl -v --variable endpoint_url=$HOMELAB_LXC_EP --variable token=$HOMELAB_LXC_TOKEN \
-            --variable app_name=${{inputs.app_name}} --variable app_version=${{inputs.app_version}} \
-            --variable arch=${{inputs.architecture}} --variable dist=${{inputs.distribution}} \
-            --variable dist_release=${{inputs.release}} --variable build_id=${{inputs.app_name}}-${{inputs.app_version}}-${{inputs.architecture}} \
-            --variable size=$ARTIFACT_SIZE --variable source=${{inputs.project_source}} --variable is_for_test=${{inputs.branch_name == 'test'}} \
-            --variable categories="$CATEGORIES_FMT" --variable description="${{inputs.description}}" \
+            --variable app_name=${{needs.init.outputs.app_name}} --variable app_version=${{needs.init.outputs.app_version}} \
+            --variable arch=${{matrix.architectures}} --variable dist=${{needs.init.outputs.distribution}} \
+            --variable dist_release=${{needs.init.outputs.release}} --variable build_id=${{needs.init.outputs.app_name}}-${{needs.init.outputs.app_version}}-${{matrix.architectures}} \
+            --variable size=$ARTIFACT_SIZE --variable source=${{needs.init.outputs.project_source}} --variable is_for_test=${{inputs.branch_name == 'test'}} \
+            --variable categories="$CATEGORIES_FMT" --variable description="${{needs.init.outputs.description}}" \
             .github/publish_build.hurl
           echo
           echo 'LXC build details published successfully !'
diff --git a/.github/workflows/trigger.yml b/.github/workflows/trigger.yml
new file mode 100644
index 0000000..6c4bd99
--- /dev/null
+++ b/.github/workflows/trigger.yml
@@ -0,0 +1,45 @@
+name: Build Trigger
+
+on:
+  workflow_dispatch:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - closed
+    branches:
+      - main
+    paths:
+      - ".github/workflows/trigger.yml"
+      - "./templates/*"
+  schedule:
+    - cron: "0 0 */7 * *"
+
+jobs:
+  init:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+
+      - name: List templates
+        id: templates-list
+        run: |
+          sudo apt-get install -y jq
+          echo TEMPLATES_LIST="$(ls templates/* | jq -Rsc 'split("\n")[:-1]')" | tee -a $GITHUB_OUTPUT
+    outputs:
+      templates_list: ${{steps.templates-list.outputs.TEMPLATES_LIST}}
+
+  image-build:
+    needs: init
+    strategy:
+      fail-fast: false
+      matrix:
+        templates: ${{ fromJson(needs.init.outputs.templates_list) }}
+    uses: ./.github/workflows/builder.yml
+    with:
+      config_path: ${{matrix.templates}}
+      branch_name: ${{github.event.pull_request.base.ref}}
+      is_merged: ${{github.event.pull_request.merged || github.event_name == 'schedule'}}
+    secrets: inherit
diff --git a/.gitignore b/.gitignore
index 611e18a..00fb890 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,6 +3,4 @@
 # ignore tarballs
 *.tar.*
 # ignore kclvm dir
-.kclvm
-# ignore test generation
-_lxc*
\ No newline at end of file
+.kclvm
\ No newline at end of file
diff --git a/README.md b/README.md
index 73827b0..c31b79b 100644
--- a/README.md
+++ b/README.md
@@ -17,7 +17,7 @@ This started as a personal project built for my own needs, then shared because i
 
 ## Your favorite application is missing here ?
 
-Open an issue to submit the application details and we will try to add it as soon as possible.
+[Open an issue](https://github.com/soubinan/homelab-lxc/issues/new?assignees=&labels=&projects=&template=new-application-request.md&title=Add+%3Capplication_name%3E+template) to submit the application details and we will try to add it as soon as possible.
 
 ## Contributions
 
@@ -25,10 +25,19 @@ It is very straight forward to add a new build template:
 
 - Create a [distrobuilder](https://linuxcontainers.org/distrobuilder/docs/latest/) template
 
-   - check the `templates/` directory to see some examples of already existing builds (you can take the template `templates/apisix.yml` as a solid example).
-   - check the [distrobuilder](https://linuxcontainers.org/distrobuilder/docs/latest/) docs about how to use the keys `files` and `actions` to see all possibilities available to you. Only both are using [distrobuilder](https://linuxcontainers.org/distrobuilder/docs/latest/) directly. Other keys like `repositories` and `packages` are preprocessed before to be used by [distrobuilder](https://linuxcontainers.org/distrobuilder/docs/latest/) but are pretty easy to use.
-
-- Create a job to build the LXC image (check the `.github/workflows/` to see some examples of already existing builds)
+   - Check the `templates/` directory to see some examples of already existing builds (you can take the template `templates/apisix.yml` as a solid example).
+   - Check the [distrobuilder](https://linuxcontainers.org/distrobuilder/docs/latest/) docs about how to use the keys `files` and `actions` to see all possibilities available to you. Only both are using [distrobuilder](https://linuxcontainers.org/distrobuilder/docs/latest/) directly. Other keys like `repositories` and `packages` are preprocessed before to be used by [distrobuilder](https://linuxcontainers.org/distrobuilder/docs/latest/) but are pretty easy to use (again `templates/apisix.yml` is a good example about how it works).
+   - Give the metadata info below (all fields are required)
+      - name (str)
+      - get_version_command (str)
+      - description (str)
+      - categories (str)
+      - project_source (str)
+      - distribution (str)
+      - release (str)
+      - architectures (list)
+   - Name your file according to the application name
+   - That it, the automation will do the rest !
 
 ### Local test
 
@@ -36,33 +45,43 @@ It is very straight forward to add a new build template:
 
 - [Install distrobuilder](https://linuxcontainers.org/distrobuilder/docs/latest/howto/install/)
 - [Install KCL](https://www.kcl-lang.io/docs/user_docs/getting-started/install)
-- [Install yq](https://mikefarah.gitbook.io/yq#install)
-
-[Step 2] Create your LXC template (checck the `templates/` directory to see the already existing examples)
-
-> Note: the base template already has some packages in its definition so you don't need to add them twice, those packages are: fuse, openssh-server, lsb-release, openssl, cloud-init, curl, wget, gpg, vim
-
-[ Step 3] Run the following commands
-
-```sh {"id":"01J0MNYBZ7PPTE87YJCNJPC101"}
-# Your template should be in the ./templates directory
-# Uses myapp.yml as default value. This file do not really exists!
-read -p "Your template filename [myapp.yml]: " template_file && yq eval '. as $root | {"kcl_options": [{"key": "build-instructions", "value": $root}]}' ./templates/${template_file:-'myapp.yml'} > _lxc-partial.yml && echo "_lxc-partial.yml has been successfully generated !"
-ls -lash ./_lxc-partial.yml
-```
+- [Install yq](https://mikefarah.gitbook.io/yq#install) (optional)
+- [Install jq](https://jqlang.github.io/jq/download/) (optional)
+
+[Step 2] [Create your LXC template](#contributions) (check the `templates/` directory to see the already existing examples) or select an existing one
+
+> Note: the base template already has some packages in its definition so you don't need to add them twice, those packages are:
+> * fuse
+> * openssh-server
+> * lsb-release
+> * openssl
+> * ca-certificates
+> * apt-transport-https
+> * cloud-init
+> * curl
+> * wget
+> * gnupg2
+> * gzip
+> * vim
+> * software-properties-common
+> * tzdata
+>
+
+[ Step 3] Run the following command to build the final LXC template
 
 ```sh {"id":"01J0MPD5W78R3GD6JKZRV9WHHS"}
 # Render to final LXC template
-kcl ./templates/__debian_base.k -Y _lxc-partial.yml > _lxc-template.yml && echo "_lxc-template.yml has been successfully generated !"
-ls -lash ./_lxc-template.yml
+kcl run __layout.k -D input=templates/<template_filename>.yml > _lxc-template.yml
+
+# ie: kcl run __layout.k -D input=templates/apisix.yml > apisix-template.yml
 ```
 
-Check the content of `_lxc-template` file to verify all is as expected. It should contains the conplete configuration (based on `./templates/__debian_base.k`)
+Check the content of `_lxc-template` file to verify all is as expected. It should contains the conplete configuration (based on `__layout.k` and the application specific inputs.)
 
 ```sh {"excludeFromRunAll":"true","id":"01J0MPGBG024BTJHTE54YMJP97"}
 # Build your LXC image
-# Do not work if exected into a container
-# Uses 1.0.0 as default value
-# This will raise an error if you use the image.serial variable in your template while your application do not have any 1.0.0 version
-read -p "Enter the application version to build [1.0.0]: " version && distrobuilder build-lxc _lxc-template.yml -o image.architecture=amd64 -o image.release=bookworm -o image.serial="${version:-'1.0.0'}" -o source.url="http://ftp.us.debian.org/debian"
+# Do not work if executed into a container (need chroot)
+sudo distrobuilder build-lxc _lxc-template.yml -o image.architecture=amd64 -o image.serial="<application version>"
+
+# ie: sudo distrobuilder build-lxc apisix-template.yml -o image.architecture=amd64 -o image.serial="3.8.0"
 ```
diff --git a/templates/__debian_base.k b/__layout.k
similarity index 94%
rename from templates/__debian_base.k
rename to __layout.k
index b9a5be8..2b8ae99 100644
--- a/templates/__debian_base.k
+++ b/__layout.k
@@ -1,14 +1,65 @@
-_application = option("build-instructions", required=True)
-_app_name = option("app_name") or _application.name or "App"
-_repositories_add = _application.repositories or Undefined
-_packages = _application.packages or []
+import yaml
+import file
+
+schema File:
+    path: str
+    generator: str
+    mode?: str
+    source?: str
+    content?: str
+
+schema Repo:
+    name: str
+    url: str
+    key: str
+
+schema Action:
+    trigger: str
+    pongo?: bool = False
+    action: str
+
+schema Metadata:
+    name: str
+    get_version_command: str
+    description: str
+    project_source: str
+    categories: str
+    distribution: str
+    release: str
+    architectures: [str]
+
+    check:
+        distribution != Undefined, "Distribution should be explicitely set"
+        distribution == "debian", "Only debian distribution is allowed"
+
+schema Instructions:
+    files?: [File]
+    packages?: [str]
+    repositories?: [Repo]
+    actions?: [Action]
+
+schema Inputs:
+    metadata: Metadata
+    instructions?: Instructions
+
+_inputs_file: str = option("input", default="./templates/debian-test.yml", help="Input file path")
+_inputs_str: str = file.read(filepath=_inputs_file)
+_inputs = Inputs {**yaml.decode(_inputs_str)}
+
+_metadata = _inputs.metadata
+_instructions = _inputs.instructions
+_app_name = _metadata.name or "App"
+_distirbution = "debian"
+_repositories_add = _instructions.repositories or []
+_packages = _instructions.packages or Undefined
 _packages_install = {
     packages = _packages
     action = "install"
 } if _packages else Undefined
-_files_add = _application.files or Undefined
-_actions_add = _application.actions or Undefined
-_key1 = """-----BEGIN PGP PUBLIC KEY BLOCK-----
+_files_add = _instructions.files or []
+_actions_add = _instructions.actions or []
+_key1 = """\
+-----BEGIN PGP PUBLIC KEY BLOCK-----
 
 mQINBFRvqBkBEADAe63Jl0pw5Ry9LDwn31BJSBat+2WYJXT4Iqsgtmm79drvAcVU
 JjtGZX11XdJj/aIVxeafghYxVj4Ld+yxiB25GAcxGr5O3Acv7DOlBQnqFZ7jvZUd
@@ -197,8 +248,10 @@ cYE0lv+TUU0OpbxwGEea2d+YaBS/ZSy3yGMrv8kf4VM/iZUDYWsrB/0q+SRQeaKE
 utERYOxjvA+geNHpBZa1LdKg1KWeZI7PpaHE19N53u8hSeFMkaTCqFLhk2WmEYyU
 tizqJW3oSFiqIcpiyfN+0rLetGa0WslDnSIhyclfxOPMH14=
 =k46C
------END PGP PUBLIC KEY BLOCK-----"""
-_key2 = """-----BEGIN PGP PUBLIC KEY BLOCK-----
+-----END PGP PUBLIC KEY BLOCK-----
+"""
+_key2 = """\
+-----BEGIN PGP PUBLIC KEY BLOCK-----
 
 mQINBE+a7rUBEADQiEKtLOgqiq8YY/p7IFODMqGPR+o1vtXaksie8iTOh3Vxab38
 cA3kK1iB5XYElbZ5b/x3vWiufHK2semOpn5MG2GRJUwmKxZbt3HLZiHtAadkby2l
@@ -544,8 +597,10 @@ TgECAPFpPDjYlf7ZIGKrOWYX7vhmGqA/oytxueIrG1AS66zB8MlfnrXPgDgun9cd
 Gjbs3Bh4bJrvoCvhWAf9kIEnShX69NQbfZFvfG2b9WocV5yMLH0bZ/tCa1hFRMpc
 qCTHsZBLcjOQhV5Ubg==
 =L+5x
------END PGP PUBLIC KEY BLOCK-----"""
-_key3 = """-----BEGIN PGP PUBLIC KEY BLOCK-----
+-----END PGP PUBLIC KEY BLOCK-----
+"""
+_key3 = """\
+-----BEGIN PGP PUBLIC KEY BLOCK-----
 
 mQINBFxZ9FABEADPEDVwAUd10zcdnQJF7klaxK1mcTEUd+xfNAKBjhvP69XdAf54
 7PS8Xid9zMAK/JARzLsZj5STy1VQQrPGOkSqPKA+gSpW8CmEWwfL/VTfQFFrJ9kb
@@ -597,8 +652,10 @@ MnjVJCXOIls7rkI2128c2cQSeUNBW8N/dXTthE0SAqTek5jGGgJ5oo7brPFmJLhD
 2ywOhgdo65iPihKiqLGr2pSrcmwJ3LvHpCgQldjqZfF9dmJAqdoO+WDYBU3pTQGV
 idjr8CGNeffTyeMJbSniGisGOkhiX9TLbz8ufw==
 =a2kx
------END PGP PUBLIC KEY BLOCK-----"""
-_key4 = """-----BEGIN PGP PUBLIC KEY BLOCK-----
+-----END PGP PUBLIC KEY BLOCK-----
+"""
+_key4 = """\
+-----BEGIN PGP PUBLIC KEY BLOCK-----
 
 mQINBFyy5ecBEACxXGKUyi5dFjPhEFoz3IwKlVfDxySVg+hlhcUEO657UHf/7Ba5
 wr9eHxjlbpxetAymSNnptgh8oaJWcokr9UjeaTbKrYGpRra7Wd1W+f++9tF7BVvV
@@ -771,8 +828,10 @@ calvWyo8N+XrZKD8NQnWQ/BocU9r5S5aJFcovdcmm1s1Ymdlo5Yuk8WHZDOsSf38
 VzY12szoQ9eMbBJOH7MhseS/gIWC/4x1eEEhGbPQbkzKZlJifv+55Mqqq7emGyBG
 qn8+ouVQUr65+xcIST13Ffg80zc=
 =lfn1
------END PGP PUBLIC KEY BLOCK-----"""
-_key5 = """-----BEGIN PGP PUBLIC KEY BLOCK-----
+-----END PGP PUBLIC KEY BLOCK-----
+"""
+_key5 = """\
+-----BEGIN PGP PUBLIC KEY BLOCK-----
 
 mQINBF/7h7cBEAC9H4Seq0jkv3r3P+JNAoHi2O+X8Q3upG+JUnek3p8dNl+JyTEw
 hVkDNttWhoqZOH+QLcL5oMd0Nr1zM9ng3pmarmX2DFk+aO95pnCoIlpA/nr0SQV/
@@ -801,8 +860,10 @@ xllJFHFCxU+0t0ImEW7Uk7rojIBluDZdRfwliI7fDCCnTFf1fF9e6gJUrKUNZFTp
 yoUM8+FwlIhpEGhn4o8+ezyG83IebGVDxydnX1rrph+eZ9BvWWjesHo8R5FDvoPV
 oPh9t/VGRvdQHA==
 =KM28
------END PGP PUBLIC KEY BLOCK-----"""
-_key6 = """-----BEGIN PGP PUBLIC KEY BLOCK-----
+-----END PGP PUBLIC KEY BLOCK-----
+"""
+_key6 = """\
+-----BEGIN PGP PUBLIC KEY BLOCK-----
 
 mQINBGPL0BUBEADmW5NdOOHwPIJlgPu6JDcKw/NZJPR8lsD3K87ZM18gzyQZJD+w
 ns6TSXOsx+BmpouHZgvh3FQADj/hhLjpNSqH5IH0xY7nic9BuSeyKx2WvfG62yxw
@@ -927,23 +988,26 @@ s8bp4jKtODbPQBxRPQ4MUtLNZsHf6K05NPyB2aRUPP9FLBu6Zqv7YkT+PS1fxuCr
 gwyb6WzC7OpdW9MHhVBP+5BPExPZmVRl8o1t5vzBgxhDgbE+uB2S7HbpY2BVubVU
 22lSkijKki64QmcUnp84EDZQdk+myhnGBqi+yw==
 =swbo
------END PGP PUBLIC KEY BLOCK-----"""
-_create_message = """You just created an {{ image.description }} container.
+-----END PGP PUBLIC KEY BLOCK-----
+"""
+_create_message = """\
+You just created an {{ image.description }} container.
 
 To enable SSH, run: apt install openssh-server
-No default root or user password are set by LXC."""
-_network_interfaces = """# This file describes the network interfaces available on your system
+No default root or user password are set by LXC.
+"""
+_network_interfaces = """\
+# This file describes the network interfaces available on your system
 # and how to activate them. For more information, see interfaces(5).
-
 # The loopback network interface
 auto lo
 iface lo inet loopback
-
 auto eth0
 iface eth0 inet dhcp
-
-source /etc/network/interfaces.d/*"""
-_eth0 = """[Match]
+source /etc/network/interfaces.d/*
+"""
+_eth0 = """\
+[Match]
 Name=eth0
 
 [Network]
@@ -953,7 +1017,8 @@ DHCP=true
 UseDomains=true
 
 [DHCP]
-ClientIdentifier=mac"""
+ClientIdentifier=mac
+"""
 _welcome_msg_issue = """\
 | Built by:
 |
@@ -963,21 +1028,22 @@ _welcome_msg_issue = """\
 |     ░▓█▓░▓█▓░▓█▓░▓█▓▒▓█▓░▓█▓▒▓█▓░▓█▓░▓█▓░  ░▓█▓▒▓█▓░▓█▓▒▓█▓░   ░▓█▓
 | ▒▓████▓░ ░▓███▓░ ▒▓███▓▒ ▓████▓░ ▓█▓░▓████▓░▓█▓▒▓█▓░▓████▓▒░▓████▓░
 |
-Welcome on your {} LXC\n""".format(_app_name)
+Welcome to your ${_app_name} LXC
+"""
 _welcome_msg_cron = """\
 @reboot root /etc/profile.d/50-welcome.sh > /etc/issue.d/51-welcome.issue
-* * * * * root /etc/profile.d/50-welcome.sh > /etc/issue.d/51-welcome.issue"""
+* * * * * root /etc/profile.d/50-welcome.sh > /etc/issue.d/51-welcome.issue
+"""
 _welcome_msg_script = """\
 #!/bin/bash
 
 ports=$(ss -ptuln | grep -vE 'systemd|next-router|next-render|127.0.0.|%lo' | awk '/^tcp/ && $4 !~ /^(127\.|::1|0\.0\.0\.0)/ {print $5}' | awk -F: '{print $NF}' | sort -u)
-
 num_ports=$(echo $ports | wc -l)
 ips=$(ip a|grep 'inet '|awk '{print $2}')
 
 printf '\\n'
 printf '+-----------------------------------+\\n'
-printf '| %-33s |\\n' '""" + _app_name + """ is listening on'
+printf '| %-33s |\\n' '${_app_name} is listening on'
 
 while read -r ip; do
     printf '| %-33s |\\n' \"  => $ip\"
@@ -994,42 +1060,65 @@ done <<< $ports
 
 # Print table footer
 printf '+------------+----------------------+\\n'
-printf '\\n'"""
+printf '\\n'
+"""
+_dynamic_components = ""
+_dynamic_repos = ""
+if (_metadata.release == "buster"):
+    _dynamic_repos = "deb http://deb.debian.org/debian-security/ {{ image.release }}/updates non-free contrib main"
+
+if (_metadata.release != "buster" and _metadata.release != "sid"):
+    _dynamic_repos = "deb http://deb.debian.org/debian-security/ {{ image.release }}-security non-free contrib main"
+
+if (_metadata.release != "buster" and _metadata.release != "bullseye" and _metadata.release != "sid"):
+    _dynamic_components = "non-free-firmware"
+
 _debian_repositories = """\
-deb http://deb.debian.org/debian {{ image.release }} main non-free non-free-firmware bookworm-backports contrib
-deb http://deb.debian.org/debian {{ image.release }}-updates main non-free non-free-firmware bookworm-backports contrib
-{% if image.release != 'sid' and image.release != 'buster' %}deb http://deb.debian.org/debian-security/ {{ image.release }}-security main non-free non-free-firmware bookworm-backports contrib{% endif %}
-{% if image.release == 'buster' %}deb http://deb.debian.org/debian-security/ {{ image.release }}/updates main non-free non-free-firmware bookworm-backports contrib{% endif %}"""
+deb http://deb.debian.org/debian {{ image.release }} non-free ${_dynamic_components} contrib main
+deb http://deb.debian.org/debian {{ image.release }}-updates non-free ${_dynamic_components} contrib main
+${_dynamic_repos}
+"""
 _script_set_resolvconf = """\
 #!/bin/bash
 set -eux
+
 cat /etc/resolv.conf > /tmp/resolv.conf
 umount -l /etc/resolv.conf || true
-mv /tmp/resolv.conf /etc/"""
+mv /tmp/resolv.conf /etc/
+"""
 _script_reset_resolvconf_new = """\
 #!/bin/bash
 set -eux
+
 umount -l /etc/resolv.conf || true
-ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf"""
+ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
+"""
 _script_reset_resolvconf_old = """\
 #!/bin/bash
 set -eux
+
 umount -l /etc/resolv.conf || true
-ln -sf /run/resolvconf/resolv.conf /etc/resolv.conf"""
+ln -sf /run/resolvconf/resolv.conf /etc/resolv.conf
+"""
 _script_enable_networkd = """\
 #!/bin/bash
 set -eux
+
 # Enable networkd socket
 systemctl enable systemd-networkd.socket
-systemctl enable systemd-networkd.service"""
+systemctl enable systemd-networkd.service
+"""
 _script_enable_resolved = """\
 #!/bin/bash
 set -eux
+
 # Enable systemd-resolved
-systemctl enable systemd-resolved.service"""
+systemctl enable systemd-resolved.service
+"""
 _script_update_locale = """\
 #!/bin/bash
 set -eux
+
 # Make sure the locale is built and functional
 echo en_US.UTF-8 UTF-8 >> /etc/locale.gen
 locale-gen en_US.UTF-8 UTF-8
@@ -1039,25 +1128,46 @@ mount -o bind / /mnt
 rm -rf /mnt/run/*
 umount /mnt
 # Cleanup temporary shadow paths
-rm /etc/*-"""
+rm /etc/*-
+"""
+_script_preparations = """\
+#!/bin/bash
+set -eux
+
+tee /usr/sbin/systemctl <<EOF
+#!/bin/bash
+if [[ "\$1" == "start" || "\$1" == "restart" || "\$1" == "try-restart" || "\$1" == "reload" || "\$1" == "stop" ]]; then
+    echo "Skipping \$1 command for \$2 as requested by policy."
+else
+    /usr/bin/systemctl "\$@"
+fi
+EOF
+
+chmod +x /usr/sbin/systemctl
+"""
 _script_cleanup_files = """\
 #!/bin/bash
 set -eux
+
 apt-get autoremove --purge -y
 apt-get clean -y
+
+rm -rf /usr/sbin/systemctl
 rm -rf /var/cache/apt/archives/*.deb
 rm -rf /tmp/*
 rm -rf /var/tmp/*
 rm -rf /usr/local/share/.cache/*
 rm -rf /root/.cache/*
-rm -rf /var/lib/apt/lists/*"""
+rm -rf /var/lib/apt/lists/*
+"""
 image = {
     distribution = "debian"
-    release = "stable"
+    release = _metadata.release
     variant = "default"
 }
 source = {
     downloader = "debootstrap"
+    url = "http://ftp.us.debian.org/debian"
     same_as = "sid"
     keys = [
         _key1
@@ -1201,10 +1311,12 @@ packages = {
                 "apt-transport-https"
                 "cloud-init"
                 "curl"
+                "gzip"
                 "wget"
-                "gpg"
+                "gnupg2"
                 "vim"
                 "software-properties-common"
+                "tzdata"
             ]
             action = "install"
         }
@@ -1229,19 +1341,22 @@ actions = [
         trigger = "post-packages"
         action = _script_enable_resolved
         releases = [
-            "bookworm",
-            "trixie",
+            "bookworm"
+            "trixie"
         ]
     }
     {
         trigger = "post-packages"
         action = _script_update_locale
     }
+    {
+        trigger = "post-files"
+        action = _script_preparations
+    }
     *_actions_add
     {
         trigger = "post-files"
         action = _script_cleanup_files
-        releases = ["bookworm"]
     }
     {
         trigger = "post-files"
@@ -1256,7 +1371,7 @@ actions = [
         trigger = "post-files"
         action = _script_reset_resolvconf_old
         releases = [
-            "bullseye",
+            "bullseye"
             "buster"
         ]
     }
diff --git a/templates/adguard.yml b/templates/adguard.yml
index 5b07229..d71aeff 100644
--- a/templates/adguard.yml
+++ b/templates/adguard.yml
@@ -1,12 +1,21 @@
-name: AdGuard
+metadata:
+  name: AdGuard
+  get_version_command: curl -s https://api.github.com/repos/AdguardTeam/AdGuardHome/releases/latest | jq -r '.tag_name'
+  description: Network-wide ads & trackers blocking DNS server
+  categories: DNS, Privacy
+  project_source: https://github.com/AdguardTeam/AdGuardHome
+  distribution: debian
+  release: bookworm
+  architectures:
+    - amd64
+instructions:
+  actions:
+    - trigger: post-files
+      pongo: true
+      action: |-
+        #!/bin/bash
+        set -eux
 
-actions:
-- trigger: post-files
-  pongo: true
-  action: |-
-    #!/bin/bash
-    set -eux
+        curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -v
 
-    curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -v
-
-    systemctl enable AdGuardHome.service
+        systemctl enable AdGuardHome.service
diff --git a/templates/apisix.yml b/templates/apisix.yml
index a8dd0fa..93de488 100644
--- a/templates/apisix.yml
+++ b/templates/apisix.yml
@@ -1,426 +1,435 @@
-name: APISIX
+metadata:
+  name: APISIX
+  get_version_command: curl -s https://api.github.com/repos/apache/apisix/releases/latest | jq -r '.tag_name'
+  description: Full Lifecycle API Management platform to help you manage microservices, delivering the ultimate performance and security.
+  categories: Loadbalancer, API Gateway, Reverse Proxy
+  project_source: https://github.com/apache/apisix
+  distribution: debian
+  release: bullseye
+  architectures:
+    - amd64
+instructions:
+  files:
+    - path: /etc/security/limits.d/apisix-nofile.conf
+      generator: dump
+      mode: "0440"
+      content: |-
+        root soft nofile 4096
+        root hard nofile 8192
+        apisix soft nofile 4096
+        apisix hard nofile 8192
 
-files:
-- path: /etc/security/limits.d/apisix-nofile.conf
-  generator: dump
-  mode: '0440'
-  content: |-
-    root soft nofile 4096
-    root hard nofile 8192
-    apisix soft nofile 4096
-    apisix hard nofile 8192
+    - path: /etc/systemd/system/apisix.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        # apisix systemd service
+        # https://github.com/api7/apisix-build-tools/blob/master/usr/lib/systemd/system/apisix.service
+        [Unit]
+        Description=apisix
+        #Conflicts=apisix.service
+        After=network-online.target etcd.service
+        Wants=network-online.target
 
-- path: /etc/systemd/system/apisix.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    # apisix systemd service
-    # https://github.com/api7/apisix-build-tools/blob/master/usr/lib/systemd/system/apisix.service
-    [Unit]
-    Description=apisix
-    #Conflicts=apisix.service
-    After=network-online.target etcd.service
-    Wants=network-online.target
+        [Service]
+        Type=forking
+        Restart=on-failure
+        WorkingDirectory=/usr/local/apisix
+        ExecStartPre=/bin/rm -f /usr/local/apisix/logs/worker_events.sock
+        ExecStart=/usr/bin/apisix start
+        ExecStop=/usr/bin/apisix stop
+        ExecReload=/usr/bin/apisix reload
+        LimitNOFILE=524288:524288
 
-    [Service]
-    Type=forking
-    Restart=on-failure
-    WorkingDirectory=/usr/local/apisix
-    ExecStartPre=/bin/rm -f /usr/local/apisix/logs/worker_events.sock
-    ExecStart=/usr/bin/apisix start
-    ExecStop=/usr/bin/apisix stop
-    ExecReload=/usr/bin/apisix reload
-    LimitNOFILE=524288:524288
+        [Install]
+        WantedBy=multi-user.target
 
-    [Install]
-    WantedBy=multi-user.target
+    - path: /etc/systemd/system/etcd.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=etcd - highly-available key value store
+        Documentation=https://etcd.io/docs
+        Documentation=man:etcd
+        After=network.target
+        Wants=network-online.target
 
-- path: /etc/systemd/system/etcd.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=etcd - highly-available key value store
-    Documentation=https://etcd.io/docs
-    Documentation=man:etcd
-    After=network.target
-    Wants=network-online.target
+        [Service]
+        Environment=DAEMON_ARGS=
+        Environment=ETCD_NAME=%H
+        Environment=ETCD_DATA_DIR=/var/lib/etcd/default
+        EnvironmentFile=-/etc/default/%p
+        Type=notify
+        ExecStart=/usr/bin/etcd $DAEMON_ARGS
+        Restart=on-abnormal
+        LimitNOFILE=524288:524288
 
-    [Service]
-    Environment=DAEMON_ARGS=
-    Environment=ETCD_NAME=%H
-    Environment=ETCD_DATA_DIR=/var/lib/etcd/default
-    EnvironmentFile=-/etc/default/%p
-    Type=notify
-    ExecStart=/usr/bin/etcd $DAEMON_ARGS
-    Restart=on-abnormal
-    LimitNOFILE=524288:524288
+        [Install]
+        WantedBy=multi-user.target
 
-    [Install]
-    WantedBy=multi-user.target
+    - path: /etc/systemd/system/apisix-dashboard.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=apisix-dashboard
+        #Conflicts=apisix-dashboard.service
+        After=network-online.target apisix.service
 
-- path: /etc/systemd/system/apisix-dashboard.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=apisix-dashboard
-    #Conflicts=apisix-dashboard.service
-    After=network-online.target apisix.service
+        [Service]
+        WorkingDirectory=/usr/local/apisix-dashboard
+        ExecStart=/usr/local/apisix-dashboard/manager-api -c /usr/local/apisix-dashboard/conf/conf.yaml
 
-    [Service]
-    WorkingDirectory=/usr/local/apisix-dashboard
-    ExecStart=/usr/local/apisix-dashboard/manager-api -c /usr/local/apisix-dashboard/conf/conf.yaml
+        [Install]
+        WantedBy=multi-user.target
 
-    [Install]
-    WantedBy=multi-user.target
+  packages:
+    - jq
+    - git
+    - make
+    - nodejs
+    - yarn
 
-packages:
-- jq
-- git
-- make
-- nodejs
-- yarn
+  repositories:
+    - name: nodejs
+      url: |-
+        deb http://deb.nodesource.com/node_16.x nodistro main
+      key: |-
+        -----BEGIN PGP PUBLIC KEY BLOCK-----
 
-repositories:
-  - name: nodejs
-    url: |-
-      deb http://deb.nodesource.com/node_16.x nodistro main
-    key: |-
-      -----BEGIN PGP PUBLIC KEY BLOCK-----
+        mQENBFdDN1ABCADaNd/I3j3tn40deQNgz7hB2NvT+syXe6k4ZmdiEcOfBvFrkS8B
+        hNS67t93etHsxEy7E0qwsZH32bKazMqe9zDwoa3aVImryjh6SHC9lMtW27JPHFeM
+        Srkt9YmH1WMwWcRO6eSY9B3PpazquhnvbammLuUojXRIxkDroy6Fw4UKmUNSRr32
+        9Ej87jRoR1B2/57Kfp2Y4+vFGGzSvh3AFQpBHq51qsNHALU6+8PjLfIt+5TPvaWR
+        TB+kAZnQZkaIQM2nr1n3oj6ak2RATY/+kjLizgFWzgEfbCrbsyq68UoY5FPBnu4Z
+        E3iDZpaIqwKr0seUC7iA1xM5eHi5kty1oB7HABEBAAG0Ik5Tb2xpZCA8bnNvbGlk
+        LWdwZ0Bub2Rlc291cmNlLmNvbT6JATgEEwECACIFAldDN1ACGwMGCwkIBwMCBhUI
+        AgkKCwQWAgMBAh4BAheAAAoJEC9ZtfmbG+C0y7wH/i4xnab36dtrYW7RZwL8i6Sc
+        NjMx4j9+U1kr/F6YtqWd+JwCbBdar5zRghxPcYEq/qf7MbgAYcs1eSOuTOb7n7+o
+        xUwdH2iCtHhKh3Jr2mRw1ks7BbFZPB5KmkxHaEBfLT4d+I91ZuUdPXJ+0SXs9gzk
+        Dbz65Uhoz3W03aiF8HeL5JNARZFMbHHNVL05U1sTGTCOtu+1c/33f3TulQ/XZ3Y4
+        hwGCpLe0Tv7g7Lp3iLMZMWYPEa0a7S4u8he5IEJQLd8bE8jltcQvrdr3Fm8kI2Jg
+        BJmUmX4PSfhuTCFaR/yeCt3UoW883bs9LfbTzIx9DJGpRIu8Y0IL3b4sj/GoZVq5
+        AQ0EV0M3UAEIAKrTaC62ayzqOIPa7nS90BHHck4Z33a2tZF/uof38xNOiyWGhT8u
+        JeFoTTHn5SQq5Ftyu4K3K2fbbpuu/APQF05AaljzVkDGNMW4pSkgOasdysj831cu
+        ssrHX2RYS22wg80k6C/Hwmh5F45faEuNxsV+bPx7oPUrt5n6GMx84vEP3i1+FDBi
+        0pt/B/QnDFBXki1BGvJ35f5NwDefK8VaInxXP3ZN/WIbtn5dqxppkV/YkO7GiJlp
+        Jlju9rf3kKUIQzKQWxFsbCAPIHoWv7rH9RSxgDithXtG6Yg5R1aeBbJaPNXL9wpJ
+        YBJbiMjkAFaz4B95FOqZm3r7oHugiCGsHX0AEQEAAYkBHwQYAQIACQUCV0M3UAIb
+        DAAKCRAvWbX5mxvgtE/OB/0VN88DR3Y3fuqy7lq/dthkn7Dqm9YXdorZl3L152eE
+        IF882aG8FE3qZdaLGjQO4oShAyNWmRfSGuoH0XERXAI9n0r8m4mDMxE6rtP7tHet
+        y/5M8x3CTyuMgx5GLDaEUvBusnTD+/v/fBMwRK/cZ9du5PSG4R50rtst+oYyC2ao
+        x4I2SgjtF/cY7bECsZDplzatN3gv34PkcdIg8SLHAVlL4N5tzumDeizRspcSyoy2
+        K2+hwKU4C4+dekLLTg8rjnRROvplV2KtaEk6rxKtIRFDCoQng8wfJuIMrDNKvqZw
+        FRGt7cbvW5MCnuH8MhItOl9Uxp1wHp6gtav/h8Gp6MBa
+        =MARt
+        -----END PGP PUBLIC KEY BLOCK-----
 
-      mQENBFdDN1ABCADaNd/I3j3tn40deQNgz7hB2NvT+syXe6k4ZmdiEcOfBvFrkS8B
-      hNS67t93etHsxEy7E0qwsZH32bKazMqe9zDwoa3aVImryjh6SHC9lMtW27JPHFeM
-      Srkt9YmH1WMwWcRO6eSY9B3PpazquhnvbammLuUojXRIxkDroy6Fw4UKmUNSRr32
-      9Ej87jRoR1B2/57Kfp2Y4+vFGGzSvh3AFQpBHq51qsNHALU6+8PjLfIt+5TPvaWR
-      TB+kAZnQZkaIQM2nr1n3oj6ak2RATY/+kjLizgFWzgEfbCrbsyq68UoY5FPBnu4Z
-      E3iDZpaIqwKr0seUC7iA1xM5eHi5kty1oB7HABEBAAG0Ik5Tb2xpZCA8bnNvbGlk
-      LWdwZ0Bub2Rlc291cmNlLmNvbT6JATgEEwECACIFAldDN1ACGwMGCwkIBwMCBhUI
-      AgkKCwQWAgMBAh4BAheAAAoJEC9ZtfmbG+C0y7wH/i4xnab36dtrYW7RZwL8i6Sc
-      NjMx4j9+U1kr/F6YtqWd+JwCbBdar5zRghxPcYEq/qf7MbgAYcs1eSOuTOb7n7+o
-      xUwdH2iCtHhKh3Jr2mRw1ks7BbFZPB5KmkxHaEBfLT4d+I91ZuUdPXJ+0SXs9gzk
-      Dbz65Uhoz3W03aiF8HeL5JNARZFMbHHNVL05U1sTGTCOtu+1c/33f3TulQ/XZ3Y4
-      hwGCpLe0Tv7g7Lp3iLMZMWYPEa0a7S4u8he5IEJQLd8bE8jltcQvrdr3Fm8kI2Jg
-      BJmUmX4PSfhuTCFaR/yeCt3UoW883bs9LfbTzIx9DJGpRIu8Y0IL3b4sj/GoZVq5
-      AQ0EV0M3UAEIAKrTaC62ayzqOIPa7nS90BHHck4Z33a2tZF/uof38xNOiyWGhT8u
-      JeFoTTHn5SQq5Ftyu4K3K2fbbpuu/APQF05AaljzVkDGNMW4pSkgOasdysj831cu
-      ssrHX2RYS22wg80k6C/Hwmh5F45faEuNxsV+bPx7oPUrt5n6GMx84vEP3i1+FDBi
-      0pt/B/QnDFBXki1BGvJ35f5NwDefK8VaInxXP3ZN/WIbtn5dqxppkV/YkO7GiJlp
-      Jlju9rf3kKUIQzKQWxFsbCAPIHoWv7rH9RSxgDithXtG6Yg5R1aeBbJaPNXL9wpJ
-      YBJbiMjkAFaz4B95FOqZm3r7oHugiCGsHX0AEQEAAYkBHwQYAQIACQUCV0M3UAIb
-      DAAKCRAvWbX5mxvgtE/OB/0VN88DR3Y3fuqy7lq/dthkn7Dqm9YXdorZl3L152eE
-      IF882aG8FE3qZdaLGjQO4oShAyNWmRfSGuoH0XERXAI9n0r8m4mDMxE6rtP7tHet
-      y/5M8x3CTyuMgx5GLDaEUvBusnTD+/v/fBMwRK/cZ9du5PSG4R50rtst+oYyC2ao
-      x4I2SgjtF/cY7bECsZDplzatN3gv34PkcdIg8SLHAVlL4N5tzumDeizRspcSyoy2
-      K2+hwKU4C4+dekLLTg8rjnRROvplV2KtaEk6rxKtIRFDCoQng8wfJuIMrDNKvqZw
-      FRGt7cbvW5MCnuH8MhItOl9Uxp1wHp6gtav/h8Gp6MBa
-      =MARt
-      -----END PGP PUBLIC KEY BLOCK-----
+    - name: yarn
+      url: |-
+        deb http://dl.yarnpkg.com/debian stable main
+      key: |-
+        -----BEGIN PGP PUBLIC KEY BLOCK-----
 
-  - name: yarn
-    url: |-
-      deb http://dl.yarnpkg.com/debian stable main
-    key: |-
-      -----BEGIN PGP PUBLIC KEY BLOCK-----
+        mQINBFf0j5oBEADS6cItqCbf4lOLICohq2aHqM5I1jsz3DC4ddIU5ONbKXP1t0wk
+        FEUPRzd6m80cTo7Q02Bw7enh4J6HvM5XVBSSGKENP6XAsiOZnY9nkXlcQAPFRnCn
+        CjEfoOPZ0cBKjn2IpIXXcC+7xh4p1yruBpOsCbT6BuzA+Nm9j4cpRjdRdWSSmdID
+        TyMZClmYm/NIfCPduYvNZxZXhW3QYeieP7HIonhZSHVu/jauEUyHLVsieUIvAOJI
+        cXYpwLlrw0yy4flHe1ORJzuA7EZ4eOWCuKf1PgowEnVSS7Qp7lksCuljtfXgWelB
+        XGJlAMD90mMbsNpQPF8ywQ2wjECM8Q6BGUcQuGMDBtFihobb+ufJxpUOm4uDt0y4
+        zaw+MVSi+a56+zvY0VmMGVyJstldPAcUlFYBDsfC9+zpzyrAqRY+qFWOT2tj29R5
+        ZNYvUUjEmA/kXPNIwmEr4oj7PVjSTUSpwoKamFFE6Bbha1bzIHpdPIRYc6cEulp3
+        dTOWfp+Cniiblp9gwz3HeXOWu7npTTvJBnnyRSVtQgRnZrrtRt3oLZgmj2fpZFCE
+        g8VcnQOb0iFcIM7VlWL0QR4SOz36/GFyezZkGsMlJwIGjXkqGhcEHYVDpg0nMoq1
+        qUvizxv4nKLanZ5jKrV2J8V09PbL+BERIi6QSeXhXQIui/HfV5wHXC6DywARAQAB
+        tBxZYXJuIFBhY2thZ2luZyA8eWFybkBkYW4uY3g+iQI5BBMBCAAjBQJX9I+aAhsD
+        BwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQFkawG4blAxB52Q/9FcyGIEK2
+        QamDhookuoUGGYjIeN+huQPWmc6mLPEKS2Vahk5jnJKVtAFiaqINiUtt/1jZuhF2
+        bVGITvZK79kM6lg42xQcnhypzQPgkN7GQ/ApYqeKqCh1wV43KzT/CsJ9TrI0SC34
+        qYHTEXXUprAuwQitgAJNi5QMdMtauCmpK+Xtl/72aetvL8jMFElOobeGwKgfLo9+
+        We2EkKhSwyiy3W5TYI1UlV+evyyT+N0pmhRUSH6sJpzDnVYYPbCWa2b+0D/PHjXi
+        edKcely/NvqyVGoWZ+j41wkp5Q0wK2ybURS1ajfaKt0OcMhRf9XCfeXAQvU98mEk
+        FlfPaq0CXsjOy8eJXDeoc1dwxjDi2YbfHel0CafjrNp6qIFG9v3JxPUU19hG9lxD
+        Iv7VXftvMpjJCo/J4Qk+MOv7KsabgXg1iZHmllyyH3TY4AA4VA+mlceiiOHdXbKk
+        Q3BfS1jdXPV+2kBfqM4oWANArlrFTqtop8PPsDNqh/6SrVsthr7WTvC5q5h/Lmxy
+        Krm4Laf7JJMvdisfAsBbGZcR0Xv/Vw9cf2OIEzeOWbj5xul0kHT1vHhVNrBNanfe
+        t79RTDGESPbqz+bTS7olHWctl6TlwxA0/qKlI/PzXfOg63Nqy15woq9buca+uTcS
+        ccYO5au+g4Z70IEeQHsq5SC56qDR5/FvYyu5Ag0EV/SPmgEQANDSEMBKp6ER86y+
+        udfKdSLP9gOv6hPsAgCHhcvBsks+ixeX9U9KkK7vj/1q6wodKf9oEbbdykHgIIB1
+        lzY1l7u7/biAtQhTjdEZPh/dt3vjogrJblUEC0rt+fZe325ociocS4Bt9I75Ttkd
+        nWgkE4uOBJsSllpUbqfLBfYR58zz2Rz1pkBqRTkmJFetVNYErYi2tWbeJ59GjUN7
+        w1K3GhxqbMbgx4dF5+rjGs+KI9k6jkGeeQHqhDk+FU70oLVLuH2Dmi9IFjklKmGa
+        3BU7VpNxvDwdoV7ttRYEBcBnPOmL24Sn4Xhe2MDCqgJwwyohd9rk8neV7GtavVea
+        Tv6bnzi1iJRgDld51HFWG8X+y55i5cYWaiXHdHOAG1+t35QUrczm9+sgkiKSk1II
+        TlEFsfwRl16NTCMGzjP5kGCm/W+yyyvBMw7CkENQcd23fMsdaQ/2UNYJau2PoRH/
+        m+IoRehIcmE0npKeLVTDeZNCzpmfY18T542ibK49kdjZiK6G/VyBhIbWEFVu5Ll9
+        +8GbcO9ucYaaeWkFS8Hg0FZafMk59VxKiICKLZ5he/C4f0UssXdyRYU6C5BH8UTC
+        QLg0z8mSSL+Wb2iFVPrn39Do7Zm8ry6LBCmfCf3pI99Q/1VaLDauorooJV3rQ5kC
+        JEiAeqQtLOvyoXIex1VbzlRUXmElABEBAAGJAh8EGAEIAAkFAlf0j5oCGwwACgkQ
+        FkawG4blAxAUUQ//afD0KLHjClHsA/dFiW+5qVzI8kPMHwO1QcUjeXrB6I3SluOT
+        rLSPhOsoS72yAaU9hFuq8g9ecmFrl3Skp/U4DHZXioEmozyZRp7eVsaHTewlfaOb
+        6g7+v52ktYdomcp3BM5v/pPZCnB5rLrH2KaUWbpY6V6tqtCHbF7zftDqcBENJDXf
+        hiCqS19J08GZFjDEqGDrEj3YEmEXZMN7PcXEISPIz6NYI6rw4yVH8AXfQW6vpPzm
+        ycHwI0QsVW2NQdcZ6zZt+phm6shNUbN2iDdg3BJICmIvQf8qhO3bOh0Bwc11FLHu
+        MKuGVxnWN82HyIsuUB7WDLBHEOtg61Zf1nAF1PQK52YuQz3EWI4LL9OqVqfSTY1J
+        jqIfj+u1PY2UHrxZfxlz1M8pXb1grozjKQ5aNqBKRrcMZNx71itR5rv18qGjGR2i
+        Sciu/xah7zAroEQrx72IjYt03tbk/007CvUlUqFIFB8kY1bbfX8JAA+TxelUniUR
+        2CY8eom5HnaPpKE3kGXZ0jWkudbWb7uuWcW1FE/bO+VtexpBL3SoXmwbVMGnJIEi
+        Uvy8m6ez0kzLXzJ/4K4b8bDO4NjFX2ocKdzLA89Z95KcZUxEG0O7kaDCu0x3BEge
+        uArJLecD5je2/2HXAdvkOAOUi6Gc/LiJrtInc0vUFsdqWCUK5Ao/MKvdMFW5Ag0E
+        V/SP2AEQALRcYv/hiv1n3VYuJbFnEfMkGwkdBYLGo3hiHKY8xrsFVePl9SkL8aqd
+        C310KUFNI42gGY/lz54RUHOqfMszTdafFrmwU18ECWGo4oG9qEutIKG7fkxcvk2M
+        tgsOMZFJqVDS1a9I4QTIkv1ellLBhVub9S7vhe/0jDjXs9IyOBpYQrpCXAm6SypC
+        fpqkDJ4qt/yFheATcm3s8ZVTsk2hiz2jnbqfvpte3hr3XArDjZXr3mGAp3YY9JFT
+        zVBOhyhT/92e6tURz8a/+IrMJzhSyIDel9L+2sHHo9E+fA3/h3lg2mo6EZmRTuvE
+        v9GXf5xeP5lSCDwS6YBXevJ8OSPlocC8Qm8ziww6dy/23XTxPg4YTkdf42i7VOpS
+        pa7EvBGne8YrmUzfbrxyAArK05lo56ZWb9ROgTnqM62wfvrCbEqSHidN3WQQEhMH
+        N7vtXeDPhAd8vaDhYBk4A/yWXIwgIbMczYf7Pl7oY3bXlQHb0KW/y7N3OZCr5mPW
+        94VLLH/v+T5R4DXaqTWeWtDGXLih7uXrG9vdlyrULEW+FDSpexKFUQe83a+Vkp6x
+        GX7FdMC9tNKYnPeRYqPF9UQEJg+MSbfkHSAJgky+bbacz+eqacLXMNCEk2LXFV1B
+        66u2EvSkGZiH7+6BNOar84I3qJrU7LBD7TmKBDHtnRr9JXrAxee3ABEBAAGJBEQE
+        GAEIAA8FAlf0j9gCGwIFCQHhM4ACKQkQFkawG4blAxDBXSAEGQEIAAYFAlf0j9gA
+        CgkQ0QH3iZ1B88PaoA//VuGdF5sjxRIOAOYqXypOD9/Kd7lYyxmtCwnvKdM7f8O5
+        iD8oR2Pk1RhYHjpkfMRVjMkaLfxIRXfGQsWfKN2Zsa4zmTuNy7H6X26XW3rkFWpm
+        dECz1siGRvcpL6NvwLPIPQe7tST72q03u1H7bcyLGk0sTppgMoBND7yuaBTBZkAO
+        WizR+13x7FV+Y2j430Ft/DOe/NTc9dAlp6WmF5baOZClULfFzCTf9OcS2+bo68oP
+        gwWwnciJHSSLm6WRjsgoDxo5f3xBJs0ELKCr4jMwpSOTYqbDgEYOQTmHKkX8ZeQA
+        7mokc9guA0WK+DiGZis85lU95mneyJ2RuYcz6/VDwvT84ooe1swVkC2palDqBMwg
+        jZSTzbcUVqZRRnSDCe9jtpvF48WK4ZRiqtGO6Avzg1ZwMmWSr0zHQrLrUMTq/62W
+        KxLyj2oPxgptRg589hIwXVxJRWQjFijvK/xSjRMLgg73aNTq6Ojh98iyKAQ3HfzW
+        6iXBLLuGfvxflFednUSdWorr38MspcFvjFBOly+NDSjPHamNQ2h19iHLrYT7t4ve
+        nU9PvC+ORvXGxTN8mQR9btSdienQ8bBuU/mg/c417w6WbY7tkkqHqUuQC9LoaVdC
+        QFeE/SKGNe+wWN/EKi0QhXR9+UgWA41Gddi83Bk5deuTwbUeYkMDeUlOq3yyemcG
+        VxAA0PSktXnJgUj63+cdXu7ustVqzMjVJySCKSBtwJOge5aayonCNxz7KwoPO34m
+        Gdr9P4iJfc9kjawNV79aQ5aUH9uU2qFlbZOdO8pHOTjy4E+J0wbJb3VtzCJc1Eaa
+        83kZLFtJ45Fv2WQQ2Nv3Fo+yqAtkOkaBZv9Yq0UTaDkSYE9MMzHDVFx11TT21NZD
+        xu2QiIiqBcZfqJtIFHN5jONjwPG08xLAQKfUNROzclZ1h4XYUT+TWouopmpNeay5
+        JSNcp5LsC2Rn0jSFuZGPJ1rBwB9vSFVA/GvOj8qEdfhjN3XbqPLVdOeChKuhlK0/
+        sOLZZG91SHmT5SjP2zM6QKKSwNgHX4xZt4uugSZiY13+XqnrOGO9zRH8uumhsQmI
+        eFEdT27fsXTDTkWPI2zlHTltQjH1iebqqM9gfa2KUt671WyoL1yLhWrgePvDE+He
+        r002OslvvW6aAIIBki3FntPDqdIH89EEB4UEGqiA1eIZ6hGaQfinC7/IOkkm/mEa
+        qdeoI6NRS521/yf7i34NNj3IaL+rZQFbVWdbTEzAPtAs+bMJOHQXSGZeUUFrEQ/J
+        ael6aNg7mlr7cacmDwZWYLoCfY4w9GW6JHi6i63np8EA34CXecfor7cAX4XfaokB
+        XjyEkrnfV6OWYS7f01JJOcqYANhndxz1Ph8bxoRPelf5q+W5Ag0EWBU7dwEQAL1p
+        wH4prFMFMNV7MJPAwEug0Mxf3OsTBtCBnBYNvgFB+SFwKQLyDXUujuGQudjqQPCz
+        /09MOJPwGCOi0uA0BQScJ5JAfOq33qXi1iXCj9akeCfZXCOWtG3Izc3ofS6uee7K
+        fWUF1hNyA3PUwpRtM2pll+sQEO3y/EN7xYGUOM0mlCawrYGtxSNMlWBlMk/y5HK9
+        upz+iHwUaEJ4PjV+P4YmDq0PnPvXE4qhTIvxx0kO5oZF0tAJCoTg1HE7o99/xq9Z
+        rejDR1JJj6btNw1YFQsRDLxRZv4rL9He10lmLhiQE8QN7zOWzyJbRP++tWY2d2zE
+        yFzvsOsGPbBqLDNkbb9d8Bfvp+udG13sHAEtRzI2UWe5SEdVHobAgu5l+m10WlsN
+        TG/L0gJe1eD1bwceWlnSrbqw+y+pam9YKWqdu18ETN6CeAbNo4w7honRkcRdZyoG
+        p9zZf3o1bGBBMla6RbLuJBoRDOy2Ql7B+Z87N0td6KlHI6X8fNbatbtsXR7qLUBP
+        5oRb6nXX4+DnTMDbvFpE2zxnkg+C354Tw5ysyHhM6abB2+zCXcZ3holeyxC+BUrO
+        gGPyLH/s01mg2zmttwC1UbkaGkQ6SwCoQoFEVq9Dp96B6PgZxhEw0GMrKRw53LoX
+        4rZif9Exv6qUFsGY8U9daEdDPF5UHYe7t/nPpfW3ABEBAAGJBEQEGAEIAA8CGwIF
+        AlokZSMFCQQWmKMCKcFdIAQZAQgABgUCWBU7dwAKCRBGwhMN/SSX9XKdD/4/dWSy
+        7h+ejbq8DuaX1vNXea79f+DNTUerJKpi/1nDOTajnXZnhCShP/yVF6kgbu8AVFDM
+        +fno/P++kx+IwNp/q2HGzzCm/jLeb6txAhAo7iw3fDAU89u8zzAahjp8Zq8iQsoo
+        hfLUGnNEaW0Z25/Rzb37Jy/NxxCnK5OtmThmXveQvIFLx8K34xlZ6MwyiUO64smI
+        dtdyLr492LciZpvJK1s2cliZLKu40dwseWAhvK6BOIBx1PLQGL/Pwx95jCNUDASR
+        fhvY3C27B5gvO6kE5O/RKpgKYF25k5uRLkscxn7liH0d+t3Ti4x07lwiLLQCwZ6F
+        NELdfJp5rtCT33es1wYTNfss0HUYHYFdKr0Vg9v6rR7B/yTwuv0TRYbR28M5olKR
+        IZ52B0DVDO9OCkACRVaxeWSxKFV/g1WyTE1QYNFo8t5EH4hX/mM76RGwW46DlOWS
+        fpyC7X4GfmAh+/SfL0rtN4Lr3uBFAhwrx1vW3xeJ2BIptGaxJgRpELLdz3HDb83s
+        MtT8mzeBXwVR3txmlpg36T96sx3J+osDugV34ctsDkO7/3vXIXz/oGh/zOmMH35A
+        9EgBGlxE4RxBfPT122XzBbwzSvT3Gmdr7QmTonEX6y0P3v6HOKRBcjFS0JePfmmz
+        1RJLG/Vy7PQxoV1YZbXc66C03htDYM2B6VtMNQkQFkawG4blAxCiVRAAhq/1L5Yl
+        smItiC6MROtPP+lfAWRmMSkoIuAtzkV/orqPetwWzjYLgApOvVXBuf9FdJ5vAx1I
+        XG3mDx6mQQWkr4t9onwCUuQ7lE29qmvCHB3FpKVJPKiGC6xK38t5dGAJtbUMZBQb
+        1vDuQ7new8dVLzBSH1VZ7gx9AT+WEptWznb1US1AbejO0uT8jsVc/McK4R3LQmVy
+        9+hbTYZFz1zCImuv9SCNZPSdLpDe41QxcMfKiW7XU4rshJULKd4HYG92KjeJU80z
+        gCyppOm85ENiMz91tPT7+A4O7XMlOaJEH8t/2SZGBE/dmHjSKcWIpJYrIZKXTrNv
+        7rSQGvweNG5alvCAvnrLJ2cRpU1Rziw7auEU1YiSse+hQ1ZBIzWhPMunIdnkL/BJ
+        unBTVE7hPMMG7alOLy5Z0ikNytVewasZlm/dj5tEsfvF7tisVTZWVjWCvEMTP5fe
+        cNMEAwbZdBDyQBAN00y7xp4Pwc/kPLuaqESyTTt8jGek/pe7/+6fu0GQmR2gZKGa
+        gAxeZEvXWrxSJp/q81XSQGcO6QYMff7VexY3ncdjSVLro+Z3ZtYt6aVIGAEEA5UE
+        341yCGIeN+nr27CXD4fHF28aPh+AJzYh+uVjQhHbL8agwcyCMLgU88u1U0tT5Qtj
+        wnw+w+3UNhROvn495REpeEwD60iVeiuF5FW5Ag0EWbWWowEQALCiEk5Ic40W7/v5
+        hqYNjrRlxTE/1axOhhzt8eCB7eOeNOMQKwabYxqBceNmol/guzlnFqLtbaA6yZQk
+        zz/K3eNwWQg7CfXO3+p/dN0HtktPfdCk+kY/t7StKRjINW6S9xk9KshiukmdiDq8
+        JKS0HgxqphBB3tDjmo6/RiaOEFMoUlXKSU+BYYpBpLKg53P8F/8nIsK2aZJyk8Xu
+        Bd0UXKI+N1gfCfzoDWnYHs73LQKcjrTaZQauT81J7+TeWoLI28vkVxyjvTXAyjSB
+        nhxTYfwUNGSoawEXyJ1uKCwhIpklxcCMI9Hykg7sKNsvmJ4uNcRJ7cSRfb0g5DR9
+        dLhR+eEvFd+o4PblKk16AI48N8Zg1dLlJuV2cAtl0oBPk+tnbZukvkS5n1IzTSmi
+        iPIXvK2t506VtfFEw4iZrJWf2Q9//TszBM3r1FPATLH7EAeG5P8RV+ri7L7NvzP6
+        ZQClRDUsxeimCSe8v/t0OpheCVMlM9TpVcKGMw8ig/WEodoLOP4iqBs4BKR7fuyd
+        jDqbU0k/sdJTltp7IIdK1e49POIQ7pt+SUrsq/HnPW4woLC1WjouBWyr2M7/a0Sl
+        dPidZ2BUAK7O9oXosidZMJT7dBp3eHrspY4bdkSxsd0nshj0ndtqNktxkrSFRkoF
+        pMz0J/M3Q93CjdHuTLpTHQEWjm/7ABEBAAGJBEQEGAEIAA8FAlm1lqMCGwIFCQJ2
+        LQACKQkQFkawG4blAxDBXSAEGQEIAAYFAlm1lqMACgkQ4HTRbrb/TeMpDQ//eOIs
+        CWY2gYOGACw42JzMVvuTDrgRT4hMhgHCGeKzn1wFL1EsbSQV4Z6pYvnNayuEakgI
+        z14wf4UFs5u1ehfBwatmakSQJn32ANcAvI0INAkLEoqqy81mROjMc9FFrOkdqjcN
+        7yN0BzH9jNYL/gsvmOOwOu+dIH3C1Lgei844ZR1BZK1900mohuRwcji0sdROMcrK
+        rGjqd4yb6f7yl0wbdAxA3IHT3TFGczC7Y41P2OEpaJeVIZZgxkgQsJ14qK/QGpdK
+        vmZAQpjHBipeO/H+qxyOT5Y+f15VLWGOOVL090+ZdtF7h3m4X2+L7xWsFIgdOprf
+        O60gq3e79YFfgNBYU5BGtJGFGlJ0sGtnpzx5QCRka0j/1E5lIu00sW3WfGItFd48
+        hW6wHCloyoi7pBR7xqSEoU/U5o7+nC8wHFrDYyqcyO9Q3mZDw4LvlgnyMOM+qLv/
+        fNgO9USE4T30eSvc0t/5p1hCKNvyxHFghdRSJqn70bm6MQY+kd6+B/k62Oy8eCwR
+        t4PR+LQEIPnxN7xGuNpVO1oMyhhO41osYruMrodzw81icBRKYFlSuDOQ5jlcSajc
+        6TvF22y+VXy7nx1q/CN4tzB/ryUASU+vXS8/QNM6qI/QbbgBy7VtHqDbs2KHp4cP
+        0j9KYQzMrKwtRwfHqVrwFLkCp61EHwSlPsEFiglpMg/8DQ92O4beY0n7eSrilwEd
+        Jg89IeepTBm1QYiLM33qWLR9CABYAIiDG7qxviHozVfX6kUwbkntVpyHAXSbWrM3
+        kD6jPs3u/dimLKVyd29AVrBSn9FC04EjtDWsj1KB7HrFN4oo9o0JLSnXeJb8FnPf
+        3MitaKltvj/kZhegozIs+zvpzuri0LvoB4fNA0T4eAmxkGkZBB+mjNCrUHIakyPZ
+        VzWGL0QGsfK1Q9jvw0OErqHJYX8A1wLre/HkBne+e5ezS6Mc7kFW33Y1arfbHFNA
+        e12juPsOxqK76qNilUbQpPtNvWP3FTpbkAdodMLq/gQ+M5yHwPe8SkpZ8wYCfcwE
+        emz/P+4QhQB8tbYbpcPxJ+aQjVjcHpsLdrlSY3JL/gqockR7+97GrCzqXbgvsqiW
+        r16Zyn6mxYWEHn9HXMh3b+2IYKFFXHffbIBq/mfibDnZtQBrZpn2uyh6F2ZuOsZh
+        0LTD7RL53KV3fi90nS00Gs1kbMkPycL1JLqvYQDpllE2oZ1dKDYkwivGyDQhRNfE
+        RL6JkjyiSxfZ2c84r2HPgnJTi/WBplloQkM+2NfXrBo6kLHSC6aBndRKk2UmUhrU
+        luGcQUyfzYRFH5kVueIYfDaBPus9gb+sjnViFRpqVjefwlXSJEDHWP3Cl2cuo2mJ
+        jeDghj400U6pjSUW3bIC/PK5Ag0EXCxEEQEQAKVjsdljwPDGO+48879LDa1d7GEu
+        /Jm9HRK6INCQiSiS/0mHkeKa6t4DRgCY2ID9lFiegx2Er+sIgL0chs16XJrFO21u
+        kw+bkBdm2HYUKSsUFmr/bms8DkmAM699vRYVUAzO9eXG/g8lVrAzlb3RT7eGHYKd
+        15DT5KxXDQB+T+mWE9qD5RJwEyPjSU+4WjYF+Rr9gbSuAt5UySUb9jTR5HRNj9wt
+        b4YutfP9jbfqy8esQVG9R/hpWKb2laxvn8Qc2Xj93qNIkBt/SILfx9WDJl0wNUmu
+        +zUwpiC2wrLFTgNOpq7g9wRPtg5mi8MXExWwSF2DlD54yxOOAvdVACJFBXEcstQ3
+        SWg8gxljG8eLMpDjwoIBax3DZwiYZjkjJPeydSulh8vKoFBCQkf2PcImXdOk2HqO
+        V1L7FROM6fKydeSLJbx17SNjVdQnq1OsyqSO0catAFNptMHBsN+tiCI29gpGegao
+        umV9cnND69aYvyPBgvdtmzPChjSmc6rzW1yXCJDm2qzwm/BcwJNXW5B3EUPxc0qS
+        Wste9fUna0G4l/WMuaIzVkuTgXf1/r9HeQbjtxAztxH0d0VgdHAWPDkUYmztcZ4s
+        d0PWkVa18qSrOvyhI96gCzdvMRLX17m1kPvP5PlPulvqizjDs8BScqeSzGgSbbQV
+        m5Tx4w2uF4/n3FBnABEBAAGJBFsEGAEIACYCGwIWIQRy7PRqVrStOckHu7cWRrAb
+        huUDEAUCY897hAUJDUbR8wIpwV0gBBkBAgAGBQJcLEQRAAoJECPnFmeItj4egdIP
+        /3D4rN79jOl7wG1aDNxiDF57FY9VgB7sAP42u1H2SffpFfz4jC5AG1tHwY9P8tDt
+        0ctdlVUBl4QvlaOI+gvKsBT+Dl2uhLMR17r1jCM7QWl9Smr+td2lwbcaerU67ndB
+        RVIeLA3NUURG97TK+suXLxSYJ63VnF9YLJejg3IFgRjXOmV+x+4+PITEeipjXmaH
+        Fu6fFvgYA0Cal2MFTS9eajh81QIdHVrBSxPYMAU5gwmNN8fWq8UjQxgl8sbehO+y
+        2zVSKEkZRG5L4uo995xG7hESAmJegpbV0AsolSo4XiXCzI24L+fmywr9s33if1sj
+        pjhiqR0bvpQVdRr5YkcVG5VZZo1j4WDwWVxsoyCNek6q/opURHGRVvkk3HG61XLe
+        +SVi28cJRJosfltR8EkQkfih8dwrq+GTzDgZT7BYpTjrDWu0TlAeere879tRH9wX
+        nmgnfXOJMzRjfHdYnBKkl6Flj6oEk9C2T7WcqlmVZ1qxwoVR364qMYUp8PDt8GNQ
+        NhkmoYgkr747znhKCclNtWTMOgFchwoer+NqGGnQXxoBcDaOTgjITcTcvwnFKwUg
+        6si1UzOUJTbE++WLO5Bx53PiZPsceCaYsjQs+S83D4ZcKapyUHIyXWNYQ4Su+Tq5
+        o/zXwjHmfINWlT1+MRKvADMmWIWef5ZjPtd0Xb/GVuhSCRAWRrAbhuUDEHSxD/9M
+        5il+6iZDsLMFQvsZJjRWnquPxRXBfyA3aiLJXsmMwWfSdEjS3JKq2hrOKVT3FgkN
+        CHBxhPREIPEhlE7EsGmdYvvzceYeM8LuK4DVMIjjpsIlxyS+h3iQNamoITbwuZyc
+        Hgv9FGVOElrtntqPY6BZWBdK1ZVAT3Q4hf1+o2UZ6o5gcmu6rR5wlgsqdGc5XCev
+        YVaJ7qQXvLhU0gzWyJ1p//d4DQUqrXW9+1bFg/gwPFn+ZBoO40/IovwoIdo1xX4p
+        KgH47aXFRHB53LhNtve422XDEuQnBTwNucvxAA91TmFt1BDVy1VCEwlDaKMS4Tuw
+        xrBEBKwsuBqelJPEcDzzt+yvc3jPoVrNrC5zLpAF3VPCUCkf21tbqYroFy/UfQls
+        O26iJhfPxoLEGtuCYt+DrpnR/1DteKqtett+Z1nJ9JEZAxk8QjdcpdMa5kBtC1hd
+        vb9f8ySSxv91RtzmyehIc7TBogwK+mydWMskTmNAl4ecGepfghPfA5JDW0NUm/Vv
+        /DAylze+BXzXPBeMXDAsHOcf4A8QVht9jX5a03QpPcFcXUYFjtItrjeDyzlSBp3K
+        8B9ECMy2+ke0U0jupNWlFxxzR15e+rEi450ilL/wKm7Va5VhQuNlXToIZJdQg/3e
+        n2jb+0Wye2SNCdPjF8663z+VwaZDVaDXqnT72wEJv7kCDQRcN/VvARAAoEHIkyjF
+        DsfoCxA/b2qNjz+l8OI2WhAMdqxReg7JN9R61qbetj9RYIcWswPSO84c0ioRUk+x
+        JavEFh/6Lg00QKwJKPf0kd1Us6SfqklxGczOaWNLyiM7JthFRNMp0qVX6NjLqGoC
+        NO+d/+nNk6s2x4rLECj/EROmE3ZQQEo5nBXmPlhXpVem23rGfXEQvXDNqFmvqrP+
+        Befn/+aDpo89QIm3sE8G0LfgcajIdSfgLH+NJTvOVAtXXVXJPK39Njr1aBzWTbWh
+        LS2bji7DwP7hshdh7DE2rS623vlzvkkrms8oKkiRpKATdhQ8CEx+mhTFKCj6GtNq
+        hwttCbf98N9GpiHD0has65YtgQQjk2pLR62rZf6czagRfKbFQzXjl2JxS/bsHVhT
+        khyJFqgDcHCSXe7K8uGTAE2AkakGhGyDJYqGVSl0w5IAU8dqDQMc0IpsVMbFk4nX
+        4GgOwixwrzrgCh0jRi+EwUHJYZHBAyzNCkr++D25R0gwNhPMjSKe8Ks6G3hH3XP/
+        ZVlceW/gPfxRixUTk/q7s3xPpPhLMREEpKS1aGcmYxEkrkVBDAzNYKdKP1MYwLn4
+        lh4yNFXWlTClnDyI6UODTHwt8xDddtnT9u+U+xc6OJiYcCOstl+ovS9HmM/Kt9VT
+        EX9cckEEL1IS+9esQMr4b5X02Y1q9Q2uEucAEQEAAYkEWwQYAQgAJgIbAhYhBHLs
+        9GpWtK05yQe7txZGsBuG5QMQBQJjz3uOBQkNOyCfAinBXSAEGQECAAYFAlw39W8A
+        CgkQT3dnk2lHW6p0eg/+K2JJu1RbTSLJPFYQhLcxX+5d2unkuNLIy3kArtZuB992
+        E2Fw00okPGtuPdSyk2ygh4DeYnwmabIWChi7LDp+YnqcI4GfMxNG6RsHs+A/77rL
+        BST3BB1sejZppmKCQZDSC2pvYaZBpS80UvftCZ9RFdY+kTC22Btn/5ekiQOfIqhU
+        H9CyGWS/YlGciomVIVn1hSPN8l4EpBCDtceRaephvzjQIZT3AxOfSlpwJviYjAOk
+        SX4qWyIjC5Ke5kfEOldUuBN1JGAm45tKlrz/LD/+VOc2IWpbkOIAVSldUgpRyiIJ
+        QAZ80trNxrJI7ncaID8lAa7pBptJiL0KorRjk3c6Y7p830Nwe0J5e5+W1RzN4wlR
+        8+9uuRyP8Mcwz/Hz2jwMiv38Vk4tAOe4PYNZuDnpjZ28yCpF3UUgvzjarubFAcg2
+        jd8SauCQFlmOfvT+1qIMSeLmWBOdlzJTUpJRcZqnkEE4WtiMSlxyWVFvUwOmKSGi
+        8CLoGW1Ksh9thQ9zKhvVUiVoKn4Z79HXr4pX6rnp+mweJ2dEZtlqD7HxjVTlCHn9
+        fzClt/Nt0h721fJbS587AC/ZMgg5GV+GKu6Mij0sPAowUJVCIwN9uK/GHICZEAoM
+        SngP8xzKnhU5FD38vwBvsqbKxTtICrv2NuwnQ0WBBQ58w5mv2RCMr2W6iegSKIAJ
+        EBZGsBuG5QMQ0SIQAMFN0FlUSP5TiKrTFMj79TcCLDeAvk8+h7nNj/dlgDpRl4kp
+        r+XO/a0VTwK8XVszNA43FDuT0WORPG73LYlgJi5gdLeWoXaEnW1f+ZyR2uc8/UNu
+        8nwv2dPLefLbhrWpkQbcriOt5FHL61Z8CqYa67vm2Lkr1yD+y3XFAuB2j3hbB1pF
+        xmc3wvkY+ZMA3fMb+ZbAlV9ylNn4MWzK2Z1hzC0G33Ym6z8SbqljvTn0ABS8BI0g
+        cJaPtSV7+rq+a/YOCBudSY1qBLCHGvpkByispqKjguS/95+37zcqEbTCTX9S5XmS
+        lsKFY08+6rq7yu8ptLkbg/RuXLzAvn6g56zFQlPeR+BIrKeCbWRu9hx4kSS6uN22
+        MgYgv7l9ohNTzRxnugHnnerdyElDge50AQeFR43bdHEhvyumPLjaJ2WbSHtxRkLw
+        HcXOlx6lL/i2DJeLMaCshITV6TfvubVYG8djMUogWiXK0T74oocPSs00HDNs7OPy
+        9W44ZAFknGvoaTOEYxNgSI84yUf2304IhP+U9pYcRnJwJM4pOzcXZxPibrQf2Ex9
+        XZXRkb9jkfYMvs0XBnCTUnSl5WVVlNHo2oUC2/mwuc321M6ucf7uDwN6FdPQVlJh
+        1qXVLvbNiyYug0lvwXsyfwu6IX+wl+kAP5NrRYuX8H+L0eauTGrRsld7OZ3H
+        =e4wy
+        -----END PGP PUBLIC KEY BLOCK-----
 
-      mQINBFf0j5oBEADS6cItqCbf4lOLICohq2aHqM5I1jsz3DC4ddIU5ONbKXP1t0wk
-      FEUPRzd6m80cTo7Q02Bw7enh4J6HvM5XVBSSGKENP6XAsiOZnY9nkXlcQAPFRnCn
-      CjEfoOPZ0cBKjn2IpIXXcC+7xh4p1yruBpOsCbT6BuzA+Nm9j4cpRjdRdWSSmdID
-      TyMZClmYm/NIfCPduYvNZxZXhW3QYeieP7HIonhZSHVu/jauEUyHLVsieUIvAOJI
-      cXYpwLlrw0yy4flHe1ORJzuA7EZ4eOWCuKf1PgowEnVSS7Qp7lksCuljtfXgWelB
-      XGJlAMD90mMbsNpQPF8ywQ2wjECM8Q6BGUcQuGMDBtFihobb+ufJxpUOm4uDt0y4
-      zaw+MVSi+a56+zvY0VmMGVyJstldPAcUlFYBDsfC9+zpzyrAqRY+qFWOT2tj29R5
-      ZNYvUUjEmA/kXPNIwmEr4oj7PVjSTUSpwoKamFFE6Bbha1bzIHpdPIRYc6cEulp3
-      dTOWfp+Cniiblp9gwz3HeXOWu7npTTvJBnnyRSVtQgRnZrrtRt3oLZgmj2fpZFCE
-      g8VcnQOb0iFcIM7VlWL0QR4SOz36/GFyezZkGsMlJwIGjXkqGhcEHYVDpg0nMoq1
-      qUvizxv4nKLanZ5jKrV2J8V09PbL+BERIi6QSeXhXQIui/HfV5wHXC6DywARAQAB
-      tBxZYXJuIFBhY2thZ2luZyA8eWFybkBkYW4uY3g+iQI5BBMBCAAjBQJX9I+aAhsD
-      BwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQFkawG4blAxB52Q/9FcyGIEK2
-      QamDhookuoUGGYjIeN+huQPWmc6mLPEKS2Vahk5jnJKVtAFiaqINiUtt/1jZuhF2
-      bVGITvZK79kM6lg42xQcnhypzQPgkN7GQ/ApYqeKqCh1wV43KzT/CsJ9TrI0SC34
-      qYHTEXXUprAuwQitgAJNi5QMdMtauCmpK+Xtl/72aetvL8jMFElOobeGwKgfLo9+
-      We2EkKhSwyiy3W5TYI1UlV+evyyT+N0pmhRUSH6sJpzDnVYYPbCWa2b+0D/PHjXi
-      edKcely/NvqyVGoWZ+j41wkp5Q0wK2ybURS1ajfaKt0OcMhRf9XCfeXAQvU98mEk
-      FlfPaq0CXsjOy8eJXDeoc1dwxjDi2YbfHel0CafjrNp6qIFG9v3JxPUU19hG9lxD
-      Iv7VXftvMpjJCo/J4Qk+MOv7KsabgXg1iZHmllyyH3TY4AA4VA+mlceiiOHdXbKk
-      Q3BfS1jdXPV+2kBfqM4oWANArlrFTqtop8PPsDNqh/6SrVsthr7WTvC5q5h/Lmxy
-      Krm4Laf7JJMvdisfAsBbGZcR0Xv/Vw9cf2OIEzeOWbj5xul0kHT1vHhVNrBNanfe
-      t79RTDGESPbqz+bTS7olHWctl6TlwxA0/qKlI/PzXfOg63Nqy15woq9buca+uTcS
-      ccYO5au+g4Z70IEeQHsq5SC56qDR5/FvYyu5Ag0EV/SPmgEQANDSEMBKp6ER86y+
-      udfKdSLP9gOv6hPsAgCHhcvBsks+ixeX9U9KkK7vj/1q6wodKf9oEbbdykHgIIB1
-      lzY1l7u7/biAtQhTjdEZPh/dt3vjogrJblUEC0rt+fZe325ociocS4Bt9I75Ttkd
-      nWgkE4uOBJsSllpUbqfLBfYR58zz2Rz1pkBqRTkmJFetVNYErYi2tWbeJ59GjUN7
-      w1K3GhxqbMbgx4dF5+rjGs+KI9k6jkGeeQHqhDk+FU70oLVLuH2Dmi9IFjklKmGa
-      3BU7VpNxvDwdoV7ttRYEBcBnPOmL24Sn4Xhe2MDCqgJwwyohd9rk8neV7GtavVea
-      Tv6bnzi1iJRgDld51HFWG8X+y55i5cYWaiXHdHOAG1+t35QUrczm9+sgkiKSk1II
-      TlEFsfwRl16NTCMGzjP5kGCm/W+yyyvBMw7CkENQcd23fMsdaQ/2UNYJau2PoRH/
-      m+IoRehIcmE0npKeLVTDeZNCzpmfY18T542ibK49kdjZiK6G/VyBhIbWEFVu5Ll9
-      +8GbcO9ucYaaeWkFS8Hg0FZafMk59VxKiICKLZ5he/C4f0UssXdyRYU6C5BH8UTC
-      QLg0z8mSSL+Wb2iFVPrn39Do7Zm8ry6LBCmfCf3pI99Q/1VaLDauorooJV3rQ5kC
-      JEiAeqQtLOvyoXIex1VbzlRUXmElABEBAAGJAh8EGAEIAAkFAlf0j5oCGwwACgkQ
-      FkawG4blAxAUUQ//afD0KLHjClHsA/dFiW+5qVzI8kPMHwO1QcUjeXrB6I3SluOT
-      rLSPhOsoS72yAaU9hFuq8g9ecmFrl3Skp/U4DHZXioEmozyZRp7eVsaHTewlfaOb
-      6g7+v52ktYdomcp3BM5v/pPZCnB5rLrH2KaUWbpY6V6tqtCHbF7zftDqcBENJDXf
-      hiCqS19J08GZFjDEqGDrEj3YEmEXZMN7PcXEISPIz6NYI6rw4yVH8AXfQW6vpPzm
-      ycHwI0QsVW2NQdcZ6zZt+phm6shNUbN2iDdg3BJICmIvQf8qhO3bOh0Bwc11FLHu
-      MKuGVxnWN82HyIsuUB7WDLBHEOtg61Zf1nAF1PQK52YuQz3EWI4LL9OqVqfSTY1J
-      jqIfj+u1PY2UHrxZfxlz1M8pXb1grozjKQ5aNqBKRrcMZNx71itR5rv18qGjGR2i
-      Sciu/xah7zAroEQrx72IjYt03tbk/007CvUlUqFIFB8kY1bbfX8JAA+TxelUniUR
-      2CY8eom5HnaPpKE3kGXZ0jWkudbWb7uuWcW1FE/bO+VtexpBL3SoXmwbVMGnJIEi
-      Uvy8m6ez0kzLXzJ/4K4b8bDO4NjFX2ocKdzLA89Z95KcZUxEG0O7kaDCu0x3BEge
-      uArJLecD5je2/2HXAdvkOAOUi6Gc/LiJrtInc0vUFsdqWCUK5Ao/MKvdMFW5Ag0E
-      V/SP2AEQALRcYv/hiv1n3VYuJbFnEfMkGwkdBYLGo3hiHKY8xrsFVePl9SkL8aqd
-      C310KUFNI42gGY/lz54RUHOqfMszTdafFrmwU18ECWGo4oG9qEutIKG7fkxcvk2M
-      tgsOMZFJqVDS1a9I4QTIkv1ellLBhVub9S7vhe/0jDjXs9IyOBpYQrpCXAm6SypC
-      fpqkDJ4qt/yFheATcm3s8ZVTsk2hiz2jnbqfvpte3hr3XArDjZXr3mGAp3YY9JFT
-      zVBOhyhT/92e6tURz8a/+IrMJzhSyIDel9L+2sHHo9E+fA3/h3lg2mo6EZmRTuvE
-      v9GXf5xeP5lSCDwS6YBXevJ8OSPlocC8Qm8ziww6dy/23XTxPg4YTkdf42i7VOpS
-      pa7EvBGne8YrmUzfbrxyAArK05lo56ZWb9ROgTnqM62wfvrCbEqSHidN3WQQEhMH
-      N7vtXeDPhAd8vaDhYBk4A/yWXIwgIbMczYf7Pl7oY3bXlQHb0KW/y7N3OZCr5mPW
-      94VLLH/v+T5R4DXaqTWeWtDGXLih7uXrG9vdlyrULEW+FDSpexKFUQe83a+Vkp6x
-      GX7FdMC9tNKYnPeRYqPF9UQEJg+MSbfkHSAJgky+bbacz+eqacLXMNCEk2LXFV1B
-      66u2EvSkGZiH7+6BNOar84I3qJrU7LBD7TmKBDHtnRr9JXrAxee3ABEBAAGJBEQE
-      GAEIAA8FAlf0j9gCGwIFCQHhM4ACKQkQFkawG4blAxDBXSAEGQEIAAYFAlf0j9gA
-      CgkQ0QH3iZ1B88PaoA//VuGdF5sjxRIOAOYqXypOD9/Kd7lYyxmtCwnvKdM7f8O5
-      iD8oR2Pk1RhYHjpkfMRVjMkaLfxIRXfGQsWfKN2Zsa4zmTuNy7H6X26XW3rkFWpm
-      dECz1siGRvcpL6NvwLPIPQe7tST72q03u1H7bcyLGk0sTppgMoBND7yuaBTBZkAO
-      WizR+13x7FV+Y2j430Ft/DOe/NTc9dAlp6WmF5baOZClULfFzCTf9OcS2+bo68oP
-      gwWwnciJHSSLm6WRjsgoDxo5f3xBJs0ELKCr4jMwpSOTYqbDgEYOQTmHKkX8ZeQA
-      7mokc9guA0WK+DiGZis85lU95mneyJ2RuYcz6/VDwvT84ooe1swVkC2palDqBMwg
-      jZSTzbcUVqZRRnSDCe9jtpvF48WK4ZRiqtGO6Avzg1ZwMmWSr0zHQrLrUMTq/62W
-      KxLyj2oPxgptRg589hIwXVxJRWQjFijvK/xSjRMLgg73aNTq6Ojh98iyKAQ3HfzW
-      6iXBLLuGfvxflFednUSdWorr38MspcFvjFBOly+NDSjPHamNQ2h19iHLrYT7t4ve
-      nU9PvC+ORvXGxTN8mQR9btSdienQ8bBuU/mg/c417w6WbY7tkkqHqUuQC9LoaVdC
-      QFeE/SKGNe+wWN/EKi0QhXR9+UgWA41Gddi83Bk5deuTwbUeYkMDeUlOq3yyemcG
-      VxAA0PSktXnJgUj63+cdXu7ustVqzMjVJySCKSBtwJOge5aayonCNxz7KwoPO34m
-      Gdr9P4iJfc9kjawNV79aQ5aUH9uU2qFlbZOdO8pHOTjy4E+J0wbJb3VtzCJc1Eaa
-      83kZLFtJ45Fv2WQQ2Nv3Fo+yqAtkOkaBZv9Yq0UTaDkSYE9MMzHDVFx11TT21NZD
-      xu2QiIiqBcZfqJtIFHN5jONjwPG08xLAQKfUNROzclZ1h4XYUT+TWouopmpNeay5
-      JSNcp5LsC2Rn0jSFuZGPJ1rBwB9vSFVA/GvOj8qEdfhjN3XbqPLVdOeChKuhlK0/
-      sOLZZG91SHmT5SjP2zM6QKKSwNgHX4xZt4uugSZiY13+XqnrOGO9zRH8uumhsQmI
-      eFEdT27fsXTDTkWPI2zlHTltQjH1iebqqM9gfa2KUt671WyoL1yLhWrgePvDE+He
-      r002OslvvW6aAIIBki3FntPDqdIH89EEB4UEGqiA1eIZ6hGaQfinC7/IOkkm/mEa
-      qdeoI6NRS521/yf7i34NNj3IaL+rZQFbVWdbTEzAPtAs+bMJOHQXSGZeUUFrEQ/J
-      ael6aNg7mlr7cacmDwZWYLoCfY4w9GW6JHi6i63np8EA34CXecfor7cAX4XfaokB
-      XjyEkrnfV6OWYS7f01JJOcqYANhndxz1Ph8bxoRPelf5q+W5Ag0EWBU7dwEQAL1p
-      wH4prFMFMNV7MJPAwEug0Mxf3OsTBtCBnBYNvgFB+SFwKQLyDXUujuGQudjqQPCz
-      /09MOJPwGCOi0uA0BQScJ5JAfOq33qXi1iXCj9akeCfZXCOWtG3Izc3ofS6uee7K
-      fWUF1hNyA3PUwpRtM2pll+sQEO3y/EN7xYGUOM0mlCawrYGtxSNMlWBlMk/y5HK9
-      upz+iHwUaEJ4PjV+P4YmDq0PnPvXE4qhTIvxx0kO5oZF0tAJCoTg1HE7o99/xq9Z
-      rejDR1JJj6btNw1YFQsRDLxRZv4rL9He10lmLhiQE8QN7zOWzyJbRP++tWY2d2zE
-      yFzvsOsGPbBqLDNkbb9d8Bfvp+udG13sHAEtRzI2UWe5SEdVHobAgu5l+m10WlsN
-      TG/L0gJe1eD1bwceWlnSrbqw+y+pam9YKWqdu18ETN6CeAbNo4w7honRkcRdZyoG
-      p9zZf3o1bGBBMla6RbLuJBoRDOy2Ql7B+Z87N0td6KlHI6X8fNbatbtsXR7qLUBP
-      5oRb6nXX4+DnTMDbvFpE2zxnkg+C354Tw5ysyHhM6abB2+zCXcZ3holeyxC+BUrO
-      gGPyLH/s01mg2zmttwC1UbkaGkQ6SwCoQoFEVq9Dp96B6PgZxhEw0GMrKRw53LoX
-      4rZif9Exv6qUFsGY8U9daEdDPF5UHYe7t/nPpfW3ABEBAAGJBEQEGAEIAA8CGwIF
-      AlokZSMFCQQWmKMCKcFdIAQZAQgABgUCWBU7dwAKCRBGwhMN/SSX9XKdD/4/dWSy
-      7h+ejbq8DuaX1vNXea79f+DNTUerJKpi/1nDOTajnXZnhCShP/yVF6kgbu8AVFDM
-      +fno/P++kx+IwNp/q2HGzzCm/jLeb6txAhAo7iw3fDAU89u8zzAahjp8Zq8iQsoo
-      hfLUGnNEaW0Z25/Rzb37Jy/NxxCnK5OtmThmXveQvIFLx8K34xlZ6MwyiUO64smI
-      dtdyLr492LciZpvJK1s2cliZLKu40dwseWAhvK6BOIBx1PLQGL/Pwx95jCNUDASR
-      fhvY3C27B5gvO6kE5O/RKpgKYF25k5uRLkscxn7liH0d+t3Ti4x07lwiLLQCwZ6F
-      NELdfJp5rtCT33es1wYTNfss0HUYHYFdKr0Vg9v6rR7B/yTwuv0TRYbR28M5olKR
-      IZ52B0DVDO9OCkACRVaxeWSxKFV/g1WyTE1QYNFo8t5EH4hX/mM76RGwW46DlOWS
-      fpyC7X4GfmAh+/SfL0rtN4Lr3uBFAhwrx1vW3xeJ2BIptGaxJgRpELLdz3HDb83s
-      MtT8mzeBXwVR3txmlpg36T96sx3J+osDugV34ctsDkO7/3vXIXz/oGh/zOmMH35A
-      9EgBGlxE4RxBfPT122XzBbwzSvT3Gmdr7QmTonEX6y0P3v6HOKRBcjFS0JePfmmz
-      1RJLG/Vy7PQxoV1YZbXc66C03htDYM2B6VtMNQkQFkawG4blAxCiVRAAhq/1L5Yl
-      smItiC6MROtPP+lfAWRmMSkoIuAtzkV/orqPetwWzjYLgApOvVXBuf9FdJ5vAx1I
-      XG3mDx6mQQWkr4t9onwCUuQ7lE29qmvCHB3FpKVJPKiGC6xK38t5dGAJtbUMZBQb
-      1vDuQ7new8dVLzBSH1VZ7gx9AT+WEptWznb1US1AbejO0uT8jsVc/McK4R3LQmVy
-      9+hbTYZFz1zCImuv9SCNZPSdLpDe41QxcMfKiW7XU4rshJULKd4HYG92KjeJU80z
-      gCyppOm85ENiMz91tPT7+A4O7XMlOaJEH8t/2SZGBE/dmHjSKcWIpJYrIZKXTrNv
-      7rSQGvweNG5alvCAvnrLJ2cRpU1Rziw7auEU1YiSse+hQ1ZBIzWhPMunIdnkL/BJ
-      unBTVE7hPMMG7alOLy5Z0ikNytVewasZlm/dj5tEsfvF7tisVTZWVjWCvEMTP5fe
-      cNMEAwbZdBDyQBAN00y7xp4Pwc/kPLuaqESyTTt8jGek/pe7/+6fu0GQmR2gZKGa
-      gAxeZEvXWrxSJp/q81XSQGcO6QYMff7VexY3ncdjSVLro+Z3ZtYt6aVIGAEEA5UE
-      341yCGIeN+nr27CXD4fHF28aPh+AJzYh+uVjQhHbL8agwcyCMLgU88u1U0tT5Qtj
-      wnw+w+3UNhROvn495REpeEwD60iVeiuF5FW5Ag0EWbWWowEQALCiEk5Ic40W7/v5
-      hqYNjrRlxTE/1axOhhzt8eCB7eOeNOMQKwabYxqBceNmol/guzlnFqLtbaA6yZQk
-      zz/K3eNwWQg7CfXO3+p/dN0HtktPfdCk+kY/t7StKRjINW6S9xk9KshiukmdiDq8
-      JKS0HgxqphBB3tDjmo6/RiaOEFMoUlXKSU+BYYpBpLKg53P8F/8nIsK2aZJyk8Xu
-      Bd0UXKI+N1gfCfzoDWnYHs73LQKcjrTaZQauT81J7+TeWoLI28vkVxyjvTXAyjSB
-      nhxTYfwUNGSoawEXyJ1uKCwhIpklxcCMI9Hykg7sKNsvmJ4uNcRJ7cSRfb0g5DR9
-      dLhR+eEvFd+o4PblKk16AI48N8Zg1dLlJuV2cAtl0oBPk+tnbZukvkS5n1IzTSmi
-      iPIXvK2t506VtfFEw4iZrJWf2Q9//TszBM3r1FPATLH7EAeG5P8RV+ri7L7NvzP6
-      ZQClRDUsxeimCSe8v/t0OpheCVMlM9TpVcKGMw8ig/WEodoLOP4iqBs4BKR7fuyd
-      jDqbU0k/sdJTltp7IIdK1e49POIQ7pt+SUrsq/HnPW4woLC1WjouBWyr2M7/a0Sl
-      dPidZ2BUAK7O9oXosidZMJT7dBp3eHrspY4bdkSxsd0nshj0ndtqNktxkrSFRkoF
-      pMz0J/M3Q93CjdHuTLpTHQEWjm/7ABEBAAGJBEQEGAEIAA8FAlm1lqMCGwIFCQJ2
-      LQACKQkQFkawG4blAxDBXSAEGQEIAAYFAlm1lqMACgkQ4HTRbrb/TeMpDQ//eOIs
-      CWY2gYOGACw42JzMVvuTDrgRT4hMhgHCGeKzn1wFL1EsbSQV4Z6pYvnNayuEakgI
-      z14wf4UFs5u1ehfBwatmakSQJn32ANcAvI0INAkLEoqqy81mROjMc9FFrOkdqjcN
-      7yN0BzH9jNYL/gsvmOOwOu+dIH3C1Lgei844ZR1BZK1900mohuRwcji0sdROMcrK
-      rGjqd4yb6f7yl0wbdAxA3IHT3TFGczC7Y41P2OEpaJeVIZZgxkgQsJ14qK/QGpdK
-      vmZAQpjHBipeO/H+qxyOT5Y+f15VLWGOOVL090+ZdtF7h3m4X2+L7xWsFIgdOprf
-      O60gq3e79YFfgNBYU5BGtJGFGlJ0sGtnpzx5QCRka0j/1E5lIu00sW3WfGItFd48
-      hW6wHCloyoi7pBR7xqSEoU/U5o7+nC8wHFrDYyqcyO9Q3mZDw4LvlgnyMOM+qLv/
-      fNgO9USE4T30eSvc0t/5p1hCKNvyxHFghdRSJqn70bm6MQY+kd6+B/k62Oy8eCwR
-      t4PR+LQEIPnxN7xGuNpVO1oMyhhO41osYruMrodzw81icBRKYFlSuDOQ5jlcSajc
-      6TvF22y+VXy7nx1q/CN4tzB/ryUASU+vXS8/QNM6qI/QbbgBy7VtHqDbs2KHp4cP
-      0j9KYQzMrKwtRwfHqVrwFLkCp61EHwSlPsEFiglpMg/8DQ92O4beY0n7eSrilwEd
-      Jg89IeepTBm1QYiLM33qWLR9CABYAIiDG7qxviHozVfX6kUwbkntVpyHAXSbWrM3
-      kD6jPs3u/dimLKVyd29AVrBSn9FC04EjtDWsj1KB7HrFN4oo9o0JLSnXeJb8FnPf
-      3MitaKltvj/kZhegozIs+zvpzuri0LvoB4fNA0T4eAmxkGkZBB+mjNCrUHIakyPZ
-      VzWGL0QGsfK1Q9jvw0OErqHJYX8A1wLre/HkBne+e5ezS6Mc7kFW33Y1arfbHFNA
-      e12juPsOxqK76qNilUbQpPtNvWP3FTpbkAdodMLq/gQ+M5yHwPe8SkpZ8wYCfcwE
-      emz/P+4QhQB8tbYbpcPxJ+aQjVjcHpsLdrlSY3JL/gqockR7+97GrCzqXbgvsqiW
-      r16Zyn6mxYWEHn9HXMh3b+2IYKFFXHffbIBq/mfibDnZtQBrZpn2uyh6F2ZuOsZh
-      0LTD7RL53KV3fi90nS00Gs1kbMkPycL1JLqvYQDpllE2oZ1dKDYkwivGyDQhRNfE
-      RL6JkjyiSxfZ2c84r2HPgnJTi/WBplloQkM+2NfXrBo6kLHSC6aBndRKk2UmUhrU
-      luGcQUyfzYRFH5kVueIYfDaBPus9gb+sjnViFRpqVjefwlXSJEDHWP3Cl2cuo2mJ
-      jeDghj400U6pjSUW3bIC/PK5Ag0EXCxEEQEQAKVjsdljwPDGO+48879LDa1d7GEu
-      /Jm9HRK6INCQiSiS/0mHkeKa6t4DRgCY2ID9lFiegx2Er+sIgL0chs16XJrFO21u
-      kw+bkBdm2HYUKSsUFmr/bms8DkmAM699vRYVUAzO9eXG/g8lVrAzlb3RT7eGHYKd
-      15DT5KxXDQB+T+mWE9qD5RJwEyPjSU+4WjYF+Rr9gbSuAt5UySUb9jTR5HRNj9wt
-      b4YutfP9jbfqy8esQVG9R/hpWKb2laxvn8Qc2Xj93qNIkBt/SILfx9WDJl0wNUmu
-      +zUwpiC2wrLFTgNOpq7g9wRPtg5mi8MXExWwSF2DlD54yxOOAvdVACJFBXEcstQ3
-      SWg8gxljG8eLMpDjwoIBax3DZwiYZjkjJPeydSulh8vKoFBCQkf2PcImXdOk2HqO
-      V1L7FROM6fKydeSLJbx17SNjVdQnq1OsyqSO0catAFNptMHBsN+tiCI29gpGegao
-      umV9cnND69aYvyPBgvdtmzPChjSmc6rzW1yXCJDm2qzwm/BcwJNXW5B3EUPxc0qS
-      Wste9fUna0G4l/WMuaIzVkuTgXf1/r9HeQbjtxAztxH0d0VgdHAWPDkUYmztcZ4s
-      d0PWkVa18qSrOvyhI96gCzdvMRLX17m1kPvP5PlPulvqizjDs8BScqeSzGgSbbQV
-      m5Tx4w2uF4/n3FBnABEBAAGJBFsEGAEIACYCGwIWIQRy7PRqVrStOckHu7cWRrAb
-      huUDEAUCY897hAUJDUbR8wIpwV0gBBkBAgAGBQJcLEQRAAoJECPnFmeItj4egdIP
-      /3D4rN79jOl7wG1aDNxiDF57FY9VgB7sAP42u1H2SffpFfz4jC5AG1tHwY9P8tDt
-      0ctdlVUBl4QvlaOI+gvKsBT+Dl2uhLMR17r1jCM7QWl9Smr+td2lwbcaerU67ndB
-      RVIeLA3NUURG97TK+suXLxSYJ63VnF9YLJejg3IFgRjXOmV+x+4+PITEeipjXmaH
-      Fu6fFvgYA0Cal2MFTS9eajh81QIdHVrBSxPYMAU5gwmNN8fWq8UjQxgl8sbehO+y
-      2zVSKEkZRG5L4uo995xG7hESAmJegpbV0AsolSo4XiXCzI24L+fmywr9s33if1sj
-      pjhiqR0bvpQVdRr5YkcVG5VZZo1j4WDwWVxsoyCNek6q/opURHGRVvkk3HG61XLe
-      +SVi28cJRJosfltR8EkQkfih8dwrq+GTzDgZT7BYpTjrDWu0TlAeere879tRH9wX
-      nmgnfXOJMzRjfHdYnBKkl6Flj6oEk9C2T7WcqlmVZ1qxwoVR364qMYUp8PDt8GNQ
-      NhkmoYgkr747znhKCclNtWTMOgFchwoer+NqGGnQXxoBcDaOTgjITcTcvwnFKwUg
-      6si1UzOUJTbE++WLO5Bx53PiZPsceCaYsjQs+S83D4ZcKapyUHIyXWNYQ4Su+Tq5
-      o/zXwjHmfINWlT1+MRKvADMmWIWef5ZjPtd0Xb/GVuhSCRAWRrAbhuUDEHSxD/9M
-      5il+6iZDsLMFQvsZJjRWnquPxRXBfyA3aiLJXsmMwWfSdEjS3JKq2hrOKVT3FgkN
-      CHBxhPREIPEhlE7EsGmdYvvzceYeM8LuK4DVMIjjpsIlxyS+h3iQNamoITbwuZyc
-      Hgv9FGVOElrtntqPY6BZWBdK1ZVAT3Q4hf1+o2UZ6o5gcmu6rR5wlgsqdGc5XCev
-      YVaJ7qQXvLhU0gzWyJ1p//d4DQUqrXW9+1bFg/gwPFn+ZBoO40/IovwoIdo1xX4p
-      KgH47aXFRHB53LhNtve422XDEuQnBTwNucvxAA91TmFt1BDVy1VCEwlDaKMS4Tuw
-      xrBEBKwsuBqelJPEcDzzt+yvc3jPoVrNrC5zLpAF3VPCUCkf21tbqYroFy/UfQls
-      O26iJhfPxoLEGtuCYt+DrpnR/1DteKqtett+Z1nJ9JEZAxk8QjdcpdMa5kBtC1hd
-      vb9f8ySSxv91RtzmyehIc7TBogwK+mydWMskTmNAl4ecGepfghPfA5JDW0NUm/Vv
-      /DAylze+BXzXPBeMXDAsHOcf4A8QVht9jX5a03QpPcFcXUYFjtItrjeDyzlSBp3K
-      8B9ECMy2+ke0U0jupNWlFxxzR15e+rEi450ilL/wKm7Va5VhQuNlXToIZJdQg/3e
-      n2jb+0Wye2SNCdPjF8663z+VwaZDVaDXqnT72wEJv7kCDQRcN/VvARAAoEHIkyjF
-      DsfoCxA/b2qNjz+l8OI2WhAMdqxReg7JN9R61qbetj9RYIcWswPSO84c0ioRUk+x
-      JavEFh/6Lg00QKwJKPf0kd1Us6SfqklxGczOaWNLyiM7JthFRNMp0qVX6NjLqGoC
-      NO+d/+nNk6s2x4rLECj/EROmE3ZQQEo5nBXmPlhXpVem23rGfXEQvXDNqFmvqrP+
-      Befn/+aDpo89QIm3sE8G0LfgcajIdSfgLH+NJTvOVAtXXVXJPK39Njr1aBzWTbWh
-      LS2bji7DwP7hshdh7DE2rS623vlzvkkrms8oKkiRpKATdhQ8CEx+mhTFKCj6GtNq
-      hwttCbf98N9GpiHD0has65YtgQQjk2pLR62rZf6czagRfKbFQzXjl2JxS/bsHVhT
-      khyJFqgDcHCSXe7K8uGTAE2AkakGhGyDJYqGVSl0w5IAU8dqDQMc0IpsVMbFk4nX
-      4GgOwixwrzrgCh0jRi+EwUHJYZHBAyzNCkr++D25R0gwNhPMjSKe8Ks6G3hH3XP/
-      ZVlceW/gPfxRixUTk/q7s3xPpPhLMREEpKS1aGcmYxEkrkVBDAzNYKdKP1MYwLn4
-      lh4yNFXWlTClnDyI6UODTHwt8xDddtnT9u+U+xc6OJiYcCOstl+ovS9HmM/Kt9VT
-      EX9cckEEL1IS+9esQMr4b5X02Y1q9Q2uEucAEQEAAYkEWwQYAQgAJgIbAhYhBHLs
-      9GpWtK05yQe7txZGsBuG5QMQBQJjz3uOBQkNOyCfAinBXSAEGQECAAYFAlw39W8A
-      CgkQT3dnk2lHW6p0eg/+K2JJu1RbTSLJPFYQhLcxX+5d2unkuNLIy3kArtZuB992
-      E2Fw00okPGtuPdSyk2ygh4DeYnwmabIWChi7LDp+YnqcI4GfMxNG6RsHs+A/77rL
-      BST3BB1sejZppmKCQZDSC2pvYaZBpS80UvftCZ9RFdY+kTC22Btn/5ekiQOfIqhU
-      H9CyGWS/YlGciomVIVn1hSPN8l4EpBCDtceRaephvzjQIZT3AxOfSlpwJviYjAOk
-      SX4qWyIjC5Ke5kfEOldUuBN1JGAm45tKlrz/LD/+VOc2IWpbkOIAVSldUgpRyiIJ
-      QAZ80trNxrJI7ncaID8lAa7pBptJiL0KorRjk3c6Y7p830Nwe0J5e5+W1RzN4wlR
-      8+9uuRyP8Mcwz/Hz2jwMiv38Vk4tAOe4PYNZuDnpjZ28yCpF3UUgvzjarubFAcg2
-      jd8SauCQFlmOfvT+1qIMSeLmWBOdlzJTUpJRcZqnkEE4WtiMSlxyWVFvUwOmKSGi
-      8CLoGW1Ksh9thQ9zKhvVUiVoKn4Z79HXr4pX6rnp+mweJ2dEZtlqD7HxjVTlCHn9
-      fzClt/Nt0h721fJbS587AC/ZMgg5GV+GKu6Mij0sPAowUJVCIwN9uK/GHICZEAoM
-      SngP8xzKnhU5FD38vwBvsqbKxTtICrv2NuwnQ0WBBQ58w5mv2RCMr2W6iegSKIAJ
-      EBZGsBuG5QMQ0SIQAMFN0FlUSP5TiKrTFMj79TcCLDeAvk8+h7nNj/dlgDpRl4kp
-      r+XO/a0VTwK8XVszNA43FDuT0WORPG73LYlgJi5gdLeWoXaEnW1f+ZyR2uc8/UNu
-      8nwv2dPLefLbhrWpkQbcriOt5FHL61Z8CqYa67vm2Lkr1yD+y3XFAuB2j3hbB1pF
-      xmc3wvkY+ZMA3fMb+ZbAlV9ylNn4MWzK2Z1hzC0G33Ym6z8SbqljvTn0ABS8BI0g
-      cJaPtSV7+rq+a/YOCBudSY1qBLCHGvpkByispqKjguS/95+37zcqEbTCTX9S5XmS
-      lsKFY08+6rq7yu8ptLkbg/RuXLzAvn6g56zFQlPeR+BIrKeCbWRu9hx4kSS6uN22
-      MgYgv7l9ohNTzRxnugHnnerdyElDge50AQeFR43bdHEhvyumPLjaJ2WbSHtxRkLw
-      HcXOlx6lL/i2DJeLMaCshITV6TfvubVYG8djMUogWiXK0T74oocPSs00HDNs7OPy
-      9W44ZAFknGvoaTOEYxNgSI84yUf2304IhP+U9pYcRnJwJM4pOzcXZxPibrQf2Ex9
-      XZXRkb9jkfYMvs0XBnCTUnSl5WVVlNHo2oUC2/mwuc321M6ucf7uDwN6FdPQVlJh
-      1qXVLvbNiyYug0lvwXsyfwu6IX+wl+kAP5NrRYuX8H+L0eauTGrRsld7OZ3H
-      =e4wy
-      -----END PGP PUBLIC KEY BLOCK-----
+    - name: apisix
+      url: |-
+        deb http://repos.apiseven.com/packages/debian {{image.release}} main
+      key: |-
+        -----BEGIN PGP PUBLIC KEY BLOCK-----
 
-  - name: apisix
-    url: |-
-      deb http://repos.apiseven.com/packages/debian {{image.release}} main {# This will use the image.release varible from the distrobuilder #}
-    key: |-
-      -----BEGIN PGP PUBLIC KEY BLOCK-----
+        mQGNBGaLWX4BDADvAnu9nq9/HfN6518RObZwpWV430R8fOqkhdNxGTuTxF6yVbhw
+        dVxylX4KNZKmXeJMr0NYG5KAYRGFRYe8Yh9o0vLgV9xFFfZllnLyMk9d4RqlkFFK
+        YlPfH8QiM5C19zlQRThUzx087H0CAJx4/fkibFSxaOXX9/tOqmdBI8st1zkU+N5C
+        NPBuGbLZfvNYnJ8zn0WIYspW4Y/qaqUofVT847ek0hRf2LFnv3YceaGgUMiNwcHD
+        r1f6EWJ8s3I4n0DNA5FuR+6yH/nhmqObQV5lJWcuP5WwNN4hPbaCjKU78bYjPO05
+        gJKFamtdY/vxNX5NjwBA4KiLQr7WNdAjqgU7AflBwR03lyzx0KcMagjncoALcjNl
+        MXqvhWi7KysHh2LbAowBN6LPp/LFWpjs5YggJyI4B6oChKKE1FPJb94+52ZKEsWm
+        z7YKLcppA2Iq/T4RHYb2avjwAMrzwJ3bZ3CYQNFDU7yT6h/VzKZwzjW/Lica7lLM
+        In80ZnuMGaDAYW0AEQEAAbQdY2hlbmp1bnh1IDxjaGVuanVueHVAYXBpNy5haT6J
+        AdQEEwEKAD4WIQQVgPHmiYUcEexhWQ12ojvM75FWgAUCZotZfgIbAwUJA8JnAAUL
+        CQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRB2ojvM75FWgMyIC/9WRgTFqD7VgsD1
+        J7Pi+yBQz/GhxSlB3R5ydxVAbcIW24IxUhH7Ysn9A8CM7cXP5M/mWgu6/mD5hS3A
+        Bu+hAL0J8qsYmTPNexsQu06+bTSxJ/1X85UyWWyyV2eZCGfJXiGHiwoP/kYax4/v
+        tGfp5GO9IZ1PLfkcUIusUb1e+AaUtIrMQ3QBzS2WATltgYjr3DT784N094TsoQtP
+        /yBRD3l+ZMvci2R6XOckqtiulURZcFejEk5NQe3LStielBoA+Q2I9MGsJ3HlmacN
+        rGHcyTQg0KODtr5o2oSO+8Gq5oqqHbJozaCx9OgE/OeTbOUHKx34y1Ga+gMkCwOr
+        3yM6Kxncenz/SPo+NxiTFM1WCbGwOK80X2/WZz3JIIlsiIF+cHNI52zVv/GO4ucZ
+        tutlsnV9ryz2u6g1hdWeTftVPNd5pLk17ehSnybllRFB3n1yudUDlvSAMkwF2xJE
+        V8fQnuZZcDorXpHO142PkpSLbMe0SgIbjkXRq/2fD4f1z08EfCC5AY0EZotZfgEM
+        AL5qPxaZjiuYPe4xWu1KlbXh6vgoC+GyRxOanbtUqs8tw2P8E4nxwQqF48NXdmGD
+        3XF6zk5/SPrZkEnSFBDadt18ZKHWHQEjdU+o0cDJkscwnfQPJbM4I6iteIZtrCJ8
+        Q9/bnXMct4wP5ie9OHrimU+2UJC8Il/4EAN/hChoBFujiZbl7Wbf73ceNZoVbz+C
+        Y2WC9a0tHgYgP+UZZF2P4lNwodqwdC7iqLlG8Xb7ZD1c50nAI9WM64p9WUx38z/y
+        1tA4vuL5eGcZlEEwgIZXwjeo3oXiPnkk+CzGAWXMSqinDQY7ZxEh5oPvzYnMp6OQ
+        4MsJZ2WDE7dUxQGv6FmRUxHSY90OT3pRyswLmZALW4U4ndqsl+XRYRqKIO5qpFQx
+        nl3/uTFWfyH1zrcX8L6tq3DOXUci7fn8ex6cTDGYfp5TM3TgGyaEhUlM2ynrLYAI
+        PVvIEUkzB73DT8M8mrCjYCtMItsXKCKPaqprlQX2dGNHrxfgIeWH9HoCnTiJfNO4
+        RQARAQABiQG8BBgBCgAmFiEEFYDx5omFHBHsYVkNdqI7zO+RVoAFAmaLWX4CGwwF
+        CQPCZwAACgkQdqI7zO+RVoC7gAv/R4RFvDbO2SAwYHPmHT6Wxwok/q7NQ4yAJJcp
+        RX+y5xy/QGnaN4OBaOI5h4QUgM4nUQNxw4yB8C4p9bdCFdvs72NdjjL1kaSufdBF
+        Iw49S2z53cFszU28wNTgBq8B1w4ocm485PQ8QKC5bP0DHkrKLSRtb0OBPD+oIr/t
+        8PNr1bjHZBR/APeRMXADUSUPp1AWdELAhugKxUi/PVEgP2FMdsGiq69OOSQlDCMm
+        4xTJ72zuVQDSLY2g2XtuzHfOvZwMX7qNuQA+OFbDWTEb5cGyZMZ7dr6gC22DB5gx
+        NXcCezm0vGKH6sQHZrOUOy89zf4G1Z0mUepqF1unvlM6C5zQZqT7RhKbqDD69mX2
+        2Sm1VyHMpy0nA5HJEgiFXKyQ8V9DPCs2sjkTreUOatjByeKqodmTAPNY2IL1FAI4
+        OlmESOgjaM5ubzroKf9VnHsAjYgH+fF7km/kDnDzPuPtoq0FiCTH+0sYe0KbgcmZ
+        kLbxIc0AWUKNuF0MJN0D6AkDWYVR
+        =KrLj
+        -----END PGP PUBLIC KEY BLOCK-----
 
-      mQGNBGLH8lQBDAC4LhXl1ubt6W3P7j0I0hvrVjD3GRQpn3IcIXfbPjB9z1TtpYHv
-      Fmhotw/SFrAgTtI9sEy77UG1XdsFtFuSkhnJLZx6/PctfApzhSty5VCZDQh4cyvt
-      NYBeSRpcuoLwm1jJmGT9WWlFqj2AdkyJGak1aLkf20gvWqjLmnjWN3U5BVSwaVPQ
-      YIkD4XEwMeK/Z8fJaR/V3pRb/893xLOsNgXbaRJ4ZNNbvHaBlDl7N+szXYmeXKNy
-      PI6gjXaz/25hs+PKPYW+csERADmLTWJBloIrDQGNILAOmaa0yUcNkrNkG1BQgNEQ
-      PJoO9K0eiMt8QdAlDs7VLhk2BXPSQq2sNk4nZ8UkIUUTL29O4AMGAQiNOOehoCiy
-      nlM/6f6Pw/30NmxJi59A8Kb4rlKczCsj6ljGk1pcXAvyDigCNfkZ/8nlTAOVZfLu
-      bmPL+SPCemugIgYDHG7zT/32IGT2rkbgffioF3vhYhk2txF96o+ih3U3Ub4Z8Y85
-      4Kahz1g2nMZQ+6kAEQEAAbQbemhhb3NoaXJ1aSA8c2hpcnVpQGFwaTcuYWk+iQHU
-      BBMBCgA+FiEEIuF5V5+9afOBIJTcqFzTnX+CkycFAmLH8lQCGwMFCQPCZwAFCwkI
-      BwIGFQoJCAsCBBYCAwECHgECF4AACgkQqFzTnX+CkyeH0gwAl96efZaWPcJsjdT3
-      hIpQct0FpFWG/ku1/YeXSlgd2jBjtvktI45J6+IbC5TUT/457AHRFR6v0snZHJz8
-      2JagZWlDZeVxbrM+v3wYrh8TjBcCSDMY47czSiGmJ8bwO5wJAOHKvqmGuO3nBOIN
-      tOPrc6WzkzgKfkdjI0E1ooFaxpQVl+8iUQ+mXTDoqcqjO1zSZT3vvCcgzuXcPHX3
-      SsYCtEYeYmgetujz+2GZkqn5extcFoE0LORpDK+qAoMEaLD7E6ohgTq6gBkXWpD1
-      8f+xXG2l8W3Q++yCREeXlxvQwcgJaLoz7fKHwQ34BQmv8rnXcrrrH5AJ0F/8HrO+
-      22628/ow/u/Di8jdh/6kgXt1AVuqKdNPhFP6YY/KjehEa3Ubok9cF+XRo52VAdS4
-      xcwqZo1o0XxOaBCdD3TaQKQds/IJQSN6AAz/B5ejjeDKDFrq1NsDHohjw4VhFmuL
-      ZaacCyOiObfimh9WEsSvsd/B6GfDVhCvnwNY9E1UDZEyoqm5uQGNBGLH8lQBDADR
-      w00yN9FvXqzbsBIV+LNukAS4Akjxa0ue/F5qBIkbWHVnXVdFRcdYHlYumNR7J6kY
-      coP0ieuywn4nfh5rGL9rNHWft7sjzxheFgYgn0SykdRc79ROzw5KjGIo2EOzFg8z
-      vUcm4vme+dRmLL76lsfJcbvaBKPF0XjhbY3vlrzSBBzFIl9xW/EoqDdtAGxapmhj
-      PtvwpvyRVmmIDUnN31rn3N8d9vHq44nxn2eyw1b3atseCLBlxfxAcL1Xo3oSMFzO
-      zSqgW3a55p5aXzqSuZ6wTjZopBkXhNRPtZQTAHZ4vKd0Di8Y1C9xSdt/X3JLxN2J
-      5iwAdOjJObIujeGhtlCaMA1D9+W4p49psJHMvskAZ6IOpkt4NJ3wkFeG4MFRcdoR
-      p9ZoLsUjnk00JjORSA12kepr6zfLpT6KdnKl6sb2QNIpL33fMJyIJ7BHVDp8rF/5
-      tdX3B/1vnbwsbFv+SDmAsb2aFcPfamF159Vyhv9Tn1FjZ/T51PGs5ZjLL4zsFV0A
-      EQEAAYkBvAQYAQoAJhYhBCLheVefvWnzgSCU3Khc051/gpMnBQJix/JUAhsMBQkD
-      wmcAAAoJEKhc051/gpMnRGYL/0yhULFbLrQh/wtiW89/JN4vUPiIp3YArvDu3uWr
-      laMvvGc+e8bD9isWDuGv9/uWrY4CJ2RxwHtIj6oJz2/q5DNR1x+dzdXWDS/ENPMO
-      jpBO7tX4iq3CwTPVRjE5hOg7NVpN43+PzDV+eSbp3sIzYD68Hj+ZLOs0NdalO7r9
-      kG+eKBGqy/eHKG5l/Qz95KJKsmmnlTx6+QMcliw9HJAWJ663neZTFQGHVoShe8TE
-      YZ/3enAWF+t3YXxsyrq+4yvowH900OsDapr8CTDV+QAWU9IW9EJiwCiZZlKkGMGL
-      xwra8S+0R/qP+6q824q8prszQPUuBVAnG58AuEdJB9Hp3O0D8V5cWSeCKFdgCkQF
-      wknrrxnKTTQ3173451uZK9EeNEKwvPRn4Urwh1xPRd4IAAbulND9I1Pw3M2M9vGP
-      CTPGLWLTfVL7bTNYChUY7YODeinAgOAEjR/9J3G2b3JvdCY9MpLQ5F8qSEICGdch
-      ZZnxLiifYpZHVbO3Vr1qrg0QPA==
-      =jnnH
-      -----END PGP PUBLIC KEY BLOCK-----
+  actions:
+    - trigger: post-files
+      pongo: true
+      action: |-
+        #!/bin/bash
+        set -eux
 
-actions:
-- trigger: post-files
-  pongo: true
-  action: |-
-    #!/bin/bash
-    set -eux
+        mkdir -p /var/lib/etcd/default
+        ETCD_VERSION=$(curl -s https://api.github.com/repos/etcd-io/etcd/releases/latest | jq -r '.tag_name')
+        wget https://github.com/etcd-io/etcd/releases/download/${ETCD_VERSION}/etcd-${ETCD_VERSION}-linux-amd64.tar.gz
+        tar -xvf etcd-${ETCD_VERSION}-linux-amd64.tar.gz && \
+          cp etcd-${ETCD_VERSION}-linux-amd64/{etcd,etcdctl} /usr/bin/
+        chmod 0644 etcd-${ETCD_VERSION}-linux-amd64/{etcd,etcdctl}
+        cd ../ && rm -rf etcd-${ETCD_VERSION}-linux-amd64*
 
-    mkdir -p /var/lib/etcd/default
-    ETCD_VERSION=$(curl -s https://api.github.com/repos/etcd-io/etcd/releases/latest | jq -r '.tag_name' | sed -E 's/^v|V|.+@//')
-    wget https://github.com/etcd-io/etcd/releases/download/v${ETCD_VERSION}/etcd-v${ETCD_VERSION}-linux-amd64.tar.gz
-    tar -xvf etcd-v${ETCD_VERSION}-linux-amd64.tar.gz && \
-      cp etcd-v${ETCD_VERSION}-linux-amd64/{etcd,etcdctl} /usr/bin/
-    chmod 0644 etcd-v${ETCD_VERSION}-linux-amd64/{etcd,etcdctl}
-    cd ../ && rm -rf etcd-v${ETCD_VERSION}-linux-amd64*
+        apt-get update -y
+        FULL_VERSION=$(apt-cache madison apisix | grep {{image.serial}} | head -n1 | awk '{print $3}')
 
-    apt update -y
-    apt install -y apisix={{image.serial}}-0 {# This will use the image.serial varible from the distrobuilder #}
-    apisix init
+        apt-get install -y apisix=${FULL_VERSION}
+        apisix init
 
-    GO_VERSION=$(curl -sL --url  "https://golang.org/VERSION?m=text" | cut -d \t -f1)
-    wget https://go.dev/dl/${GO_VERSION}.linux-amd64.tar.gz
-    rm -rf /usr/local/go && tar -C /usr/local -xzf ${GO_VERSION}.linux-amd64.tar.gz
-    export PATH=$PATH:/usr/local/go/bin
+        GO_VERSION=$(curl -sL --url  "https://golang.org/VERSION?m=text" | grep go.*)
+        wget https://go.dev/dl/${GO_VERSION}.linux-amd64.tar.gz
+        rm -rf /usr/local/go && tar -C /usr/local -xzf ${GO_VERSION}.linux-amd64.tar.gz
+        export PATH=$PATH:/usr/local/go/bin
 
-    yarn config set "strict-ssl" false
+        yarn config set "strict-ssl" false
 
-    DASHBOARD_VERSION=$(curl -s https://api.github.com/repos/apache/apisix-dashboard/releases/latest | jq -r '.tag_name' | sed -E 's/^v|V|.+@//')
-    git clone -b v${DASHBOARD_VERSION} https://github.com/apache/apisix-dashboard.git --depth 1 && \
-      cd apisix-dashboard && make build
-    mkdir -p /usr/local/apisix-dashboard
-    cp -rf ./output/* /usr/local/apisix-dashboard/
-    cd ../ && rm -rf apisix-dashboard
+        DASHBOARD_VERSION=$(curl -s https://api.github.com/repos/apache/apisix-dashboard/releases/latest | jq -r '.tag_name')
+        git clone -b ${DASHBOARD_VERSION} https://github.com/apache/apisix-dashboard.git --depth 1 && \
+          cd apisix-dashboard && make build
+        mkdir -p /usr/local/apisix-dashboard
+        cp -rf ./output/* /usr/local/apisix-dashboard/
+        cd ../ && rm -rf apisix-dashboard
 
-    systemctl enable etcd.service
-    systemctl enable apisix.service
-    systemctl enable apisix-dashboard.service
+        systemctl enable etcd.service apisix.service apisix-dashboard.service
diff --git a/templates/bunkerweb.yml b/templates/bunkerweb.yml
index b11dc80..6044ef7 100644
--- a/templates/bunkerweb.yml
+++ b/templates/bunkerweb.yml
@@ -1,24 +1,63 @@
-name: BunkerWeb
+metadata:
+  name: BunkerWeb
+  get_version_command: curl -s https://api.github.com/repos/bunkerity/bunkerweb/releases/latest | jq -r '.tag_name'
+  description: BunkerWeb is a next-generation and open-source Web Application Firewall (WAF).
+  categories: WAF, Security
+  project_source: https://github.com/bunkerity/bunkerweb
+  distribution: debian
+  release: bookworm
+  architectures:
+    - amd64
+instructions:
+  files:
+    - path: /etc/systemd/system/bunkerweb.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=BunkerWeb service
+        Documentation=https://docs.bunkerweb.io
+        After=network.target
 
-packages:
-- gnupg2
-- debian-archive-keyring
+        [Service]
+        Restart=no
+        User=root
+        PIDFile=/var/run/bunkerweb/scheduler.pid
+        ExecStartPre=/usr/bin/systemctl stop nginx.service
+        ExecStartPre=/usr/bin/systemctl stop nginx-debug.service
+        ExecStart=/usr/share/bunkerweb/scripts/start.sh start
+        ExecStop=/usr/share/bunkerweb/scripts/start.sh stop
+        ExecReload=/usr/share/bunkerweb/scripts/start.sh reload
+        Type=exec
+        StandardOutput=journal+console
+        StandardError=journal+console
 
-actions:
-- trigger: post-files
-  pongo: true
-  action: |-
-    #!/bin/bash
-    set -eux
+        [Install]
+        WantedBy=multi-user.target
+        Alias=bunkerweb.service
 
-    curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
-    echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/debian `lsb_release -cs` nginx" | tee /etc/apt/sources.list.d/nginx.list
+  packages:
+    - debian-archive-keyring
 
-    export UI_WIZARD=1
-    curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.deb.sh | bash
+  actions:
+    - trigger: post-files
+      pongo: true
+      action: |-
+        #!/bin/bash
+        set -eux
 
-    apt install -y bunkerweb={{image.serial}}
-    apt-mark hold nginx bunkerweb
+        curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
+        echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/debian `lsb_release -cs` nginx" | tee /etc/apt/sources.list.d/nginx.list
 
-    systemctl enable bunkerweb.service
-    systemctl enable bunkerweb-ui.service
+        apt update
+        FULL_VERSION=$(apt-cache madison nginx | grep 1.26.2 | head -n1 | awk '{print $3}')
+        apt install -y nginx=$FULL_VERSION
+
+        export UI_WIZARD=1
+        curl -s https://repo.bunkerweb.io/install/script.deb.sh | bash
+        apt install -y bunkerweb={{image.serial}}
+        apt-mark hold nginx bunkerweb
+
+        systemctl disable nginx.service
+        systemctl mask nginx-debug.service
+        systemctl enable bunkerweb.service bunkerweb-ui.service
diff --git a/templates/code-server.yml b/templates/code-server.yml
index d423c2f..5837ba8 100644
--- a/templates/code-server.yml
+++ b/templates/code-server.yml
@@ -1,42 +1,51 @@
-name: Code-Server
-
-files:
-- path: /etc/issue.d/99_default-password-info.issue
-  generator: dump
-  mode: '0440'
-  content: |-
-    Find your initial password in ~/.config/code-server/config.yaml
-
-- path: /etc/systemd/system/code-server.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=Code-Server
-    After=network-online.target
-
-    [Service]
-    WorkingDirectory=/opt/code
-    ExecStart=code-server --bind-addr 0.0.0.0:8080 --cert
-
-    [Install]
-    WantedBy=multi-user.target
-
-packages:
-- jq
-- git
-
-actions:
-- trigger: post-files
-  pongo: true
-  action: |-
-    #!/bin/bash
-    set -eux
-
-    mkdir /opt/code
-    wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq && chmod +x /usr/bin/yq
-
-    curl -fOL https://github.com/coder/code-server/releases/download/v{{image.serial}}/code-server_{{image.serial}}_{{image.architecture}}.deb
-    apt install ./code-server_{{image.serial}}_{{image.architecture}}.deb
-    systemctl enable code-server
-    # Now visit http://127.0.0.1:8080. Your password is in ~/.config/code-server/config.yaml
+metadata:
+  name: Code-Server
+  get_version_command: curl -s https://api.github.com/repos/coder/code-server/releases/latest | jq -r '.tag_name'
+  description: Coder is an open source cloud development environment (CDE), based on VS Code.
+  categories: IDE, Dev
+  project_source: https://github.com/coder/code-server
+  distribution: debian
+  release: bookworm
+  architectures:
+    - amd64
+instructions:
+  files:
+    - path: /etc/issue.d/99_default-password-info.issue
+      generator: dump
+      mode: "0440"
+      content: |-
+        Find your initial password in ~/.config/code-server/config.yaml
+
+    - path: /etc/systemd/system/code-server.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=Code-Server
+        After=network-online.target
+
+        [Service]
+        WorkingDirectory=/opt/code
+        ExecStart=code-server --bind-addr 0.0.0.0:8080 --cert
+
+        [Install]
+        WantedBy=multi-user.target
+
+  packages:
+    - jq
+    - git
+
+  actions:
+    - trigger: post-files
+      pongo: true
+      action: |-
+        #!/bin/bash
+        set -eux
+
+        mkdir /opt/code
+        wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq && chmod +x /usr/bin/yq
+
+        curl -fOL https://github.com/coder/code-server/releases/download/v{{image.serial}}/code-server_{{image.serial}}_{{image.architecture}}.deb
+        apt-get install ./code-server_{{image.serial}}_{{image.architecture}}.deb
+        systemctl enable code-server
+        # Now visit http://127.0.0.1:8080. Your password is in ~/.config/code-server/config.yaml
diff --git a/templates/debian-test.yml b/templates/debian-test.yml
index f9afc36..324d3bc 100644
--- a/templates/debian-test.yml
+++ b/templates/debian-test.yml
@@ -1,2 +1,17 @@
----
-name: Test
\ No newline at end of file
+metadata:
+  name: Test
+  get_version_command: echo "V1.0.0"
+  description: Test
+  categories: Dummy
+  project_source: https://example.com
+  distribution: debian
+  release: bookworm
+  architectures:
+    - amd64
+instructions:
+  actions:
+    - trigger: post-files
+      pongo: true
+      action: |-
+        #!/bin/bash
+        set -eux
diff --git a/templates/downloadarr.yml b/templates/downloadarr.yml
index 1de922c..f8ba9ec 100644
--- a/templates/downloadarr.yml
+++ b/templates/downloadarr.yml
@@ -1,120 +1,131 @@
-files:
-- path: /etc/systemd/system/flaresolverr.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=FlareSolverr Daemon
-    After=syslog.target network.target
-    [Service]
-    User=flaresolverr
-    Group=media
-    Type=simple
-    ExecStart=/opt/FlareSolverr/venv/bin/python -u /opt/FlareSolverr/src/flaresolverr.py
-    TimeoutStopSec=20
-    KillMode=process
-    Restart=on-failure
-    [Install]
-    WantedBy=multi-user.target
+metadata:
+  name: Downloadarr
+  get_version_command: date +%Y-%m
+  description: Downloadarr is the collection of three tools (QBitTorrent, SabNZBd and FlareSolverr) for Usenet and BitTorrent users.
+  categories: Torrent, Usenet
+  project_source: https://wiki.servarr.com
+  distribution: debian
+  release: bookworm
+  architectures:
+    - amd64
+instructions:
+  files:
+    - path: /etc/systemd/system/flaresolverr.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=FlareSolverr Daemon
+        After=syslog.target network.target
+        [Service]
+        User=flaresolverr
+        Group=media
+        Type=simple
+        ExecStart=/opt/FlareSolverr/venv/bin/python3 -u /opt/FlareSolverr/src/flaresolverr.py
+        TimeoutStopSec=20
+        KillMode=process
+        Restart=on-failure
+        [Install]
+        WantedBy=multi-user.target
 
-- path: /etc/systemd/system/qbittorrent.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=QBitTorrent Daemon
-    After=syslog.target network.target
-    [Service]
-    User=qbittorrent
-    Group=media
-    Type=simple
-    ExecStart=/usr/bin/qbittorrent-nox --first-and-last --skip-dialog=true
-    TimeoutStopSec=20
-    KillMode=process
-    Restart=on-failure
-    [Install]
-    WantedBy=multi-user.target
+    - path: /etc/systemd/system/qbittorrent.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=QBitTorrent Daemon
+        After=syslog.target network.target
+        [Service]
+        User=qbittorrent
+        Group=media
+        Type=simple
+        ExecStart=/usr/bin/qbittorrent-nox --first-and-last --skip-dialog=true
+        TimeoutStopSec=20
+        KillMode=process
+        Restart=on-failure
+        [Install]
+        WantedBy=multi-user.target
 
-- path: /etc/systemd/system/sabnzbdplus.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=SABnzbdplus Daemon
-    After=syslog.target network.target
-    [Service]
-    User=sabnzbdplus
-    Group=media
-    Type=simple
-    ExecStart=/usr/bin/sabnzbdplus -s 0.0.0.0:8081
-    TimeoutStopSec=20
-    KillMode=process
-    Restart=on-failure
-    [Install]
-    WantedBy=multi-user.target
+    - path: /etc/systemd/system/sabnzbdplus.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=SABnzbdplus Daemon
+        After=syslog.target network.target
+        [Service]
+        User=sabnzbdplus
+        Group=media
+        Type=simple
+        ExecStart=/usr/bin/sabnzbdplus -s 0.0.0.0:8081
+        TimeoutStopSec=20
+        KillMode=process
+        Restart=on-failure
+        [Install]
+        WantedBy=multi-user.target
 
-packages:
-- git
-- sqlite3
-- python3-pip
-- python3-venv
-- python3-distutils
-- python3-dev
-- equivs
-- 7zip
-- unrar-free
-- unzip
-- qbittorrent-nox
-- sabnzbdplus
+  packages:
+    - git
+    - sqlite3
+    - python3-pip
+    - python3-venv
+    - python3-distutils
+    - python3-dev
+    - equivs
+    - 7zip
+    - unrar-free
+    - unzip
+    - qbittorrent-nox
+    - sabnzbdplus
 
-actions:
-- trigger: post-files
-  pongo: true
-  action: |-
-    #!/bin/bash
-    set -eux
+  actions:
+    - trigger: post-files
+      pongo: true
+      action: |-
+        #!/bin/bash
+        set -eux
 
-    export ARCH={{ image.architecture }}
-    if [[ "$ARCH" == "amd64" ]];then export ARCH="x64"; fi
+        export ARCH={{ image.architecture }}
+        if [[ "$ARCH" == "amd64" ]];then export ARCH="x64"; fi
 
-    mkdir /downloads
-    groupadd media
-    chown -R :media /downloads
+        mkdir /downloads
+        groupadd media
+        chown -R :media /downloads
 
-    cd /opt
+        cd /opt
 
-    mkdir -p /tmp/{libgl1-mesa-dri,adwaita-icon-theme} /pkgs 
-    cd /tmp/libgl1-mesa-dri
-    equivs-control libgl1-mesa-dri
-    printf 'Section: misc\nPriority: optional\nStandards-Version: 3.9.2\nPackage: libgl1-mesa-dri\nVersion: 99.0.0\nDescription: Dummy package for libgl1-mesa-dri\n' >> libgl1-mesa-dri
-    equivs-build libgl1-mesa-dri
-    mv libgl1-mesa-dri_*.deb /pkgs/libgl1-mesa-dri.deb
-    cd /tmp/adwaita-icon-theme
-    equivs-control adwaita-icon-theme
-    printf 'Section: misc\nPriority: optional\nStandards-Version: 3.9.2\nPackage: adwaita-icon-theme\nVersion: 99.0.0\nDescription: Dummy package for adwaita-icon-theme\n' >> adwaita-icon-theme
-    equivs-build adwaita-icon-theme
-    mv adwaita-icon-theme_*.deb /pkgs/adwaita-icon-theme.deb
-    dpkg -i /pkgs/libgl1-mesa-dri.deb
-    dpkg -i /pkgs/adwaita-icon-theme.deb
-    apt install -y --no-install-recommends chromium chromium-common chromium-driver xvfb dumb-init procps curl vim xauth
-    useradd --home-dir /opt/FlareSolverr --shell /bin/sh flaresolverr
-    usermod -aG media flaresolverr
-    git clone -b master --depth 1 https://github.com/FlareSolverr/FlareSolverr.git /opt/FlareSolverr
-    cd /opt/FlareSolverr
-    python3 -m venv venv
-    /opt/FlareSolverr/venv/bin/python -m pip install -r requirements.txt
-    mv /usr/bin/chromedriver /opt/FlareSolverr/chromedriver
-    mkdir -p "/opt/FlareSolverr/.config/chromium/Crash Reports/pending"
-    chown -R flaresolverr:flaresolverr /opt/FlareSolverr
-    systemctl enable flaresolverr.service
-    rm -f /usr/lib/x86_64-linux-gnu/libmfxhw*
-    rm -f /usr/lib/x86_64-linux-gnu/mfx/*
-    rm -rf /pkgs
+        mkdir -p /tmp/{libgl1-mesa-dri,adwaita-icon-theme} /pkgs 
+        cd /tmp/libgl1-mesa-dri
+        equivs-control libgl1-mesa-dri
+        printf 'Section: misc\nPriority: optional\nStandards-Version: 3.9.2\nPackage: libgl1-mesa-dri\nVersion: 99.0.0\nDescription: Dummy package for libgl1-mesa-dri\n' >> libgl1-mesa-dri
+        equivs-build libgl1-mesa-dri
+        mv libgl1-mesa-dri_*.deb /pkgs/libgl1-mesa-dri.deb
+        cd /tmp/adwaita-icon-theme
+        equivs-control adwaita-icon-theme
+        printf 'Section: misc\nPriority: optional\nStandards-Version: 3.9.2\nPackage: adwaita-icon-theme\nVersion: 99.0.0\nDescription: Dummy package for adwaita-icon-theme\n' >> adwaita-icon-theme
+        equivs-build adwaita-icon-theme
+        mv adwaita-icon-theme_*.deb /pkgs/adwaita-icon-theme.deb
+        dpkg -i /pkgs/libgl1-mesa-dri.deb
+        dpkg -i /pkgs/adwaita-icon-theme.deb
+        apt-get install -y --no-install-recommends chromium chromium-common chromium-driver xvfb dumb-init procps curl vim xauth
+        useradd --home-dir /opt/FlareSolverr --shell /bin/sh flaresolverr
+        usermod -aG media flaresolverr
+        git clone -b master --depth 1 https://github.com/FlareSolverr/FlareSolverr.git /opt/FlareSolverr
+        cd /opt/FlareSolverr
+        python3 -m venv venv
+        /opt/FlareSolverr/venv/bin/python3 -m pip install -r requirements.txt
+        mv /usr/bin/chromedriver /opt/FlareSolverr/chromedriver
+        mkdir -p "/opt/FlareSolverr/.config/chromium/Crash Reports/pending"
+        chown -R flaresolverr:flaresolverr /opt/FlareSolverr
 
-    useradd -m --home-dir /opt/qbittorrent qbittorrent
-    usermod -aG media qbittorrent
-    systemctl enable qbittorrent.service
+        rm -f /usr/lib/x86_64-linux-gnu/libmfxhw*
+        rm -f /usr/lib/x86_64-linux-gnu/mfx/*
+        rm -rf /pkgs
 
-    useradd -m --home-dir /opt/sabnzbdplus sabnzbdplus
-    usermod -aG media sabnzbdplus
-    systemctl enable sabnzbdplus.service
+        useradd -m --home-dir /opt/qbittorrent qbittorrent
+        usermod -aG media qbittorrent
+
+        useradd -m --home-dir /opt/sabnzbdplus sabnzbdplus
+        usermod -aG media sabnzbdplus
+
+        systemctl enable sabnzbdplus.service qbittorrent.service flaresolverr.service
diff --git a/templates/gitea.yml b/templates/gitea.yml
index d8af98f..2db5ae4 100644
--- a/templates/gitea.yml
+++ b/templates/gitea.yml
@@ -1,48 +1,57 @@
-name: Gitea
-
-files:
-- path: /etc/systemd/system/gitea.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=Gitea (Git with a cup of tea)
-    After=network.target
-
-    [Service]
-    User=git
-    Group=git
-    LimitNOFILE=524288:524288
-    RestartSec=2s
-    Type=simple
-    WorkingDirectory=/var/lib/gitea/
-    ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
-    Restart=always
-    Environment=USER=root HOME=/root GITEA_WORK_DIR=/var/lib/gitea
-
-    [Install]
-    WantedBy=multi-user.target
-
-packages:
-- git
-
-actions:
-- trigger: post-files
-  pongo: true
-  action: |-
-    #!/bin/bash
-    set -eux
-
-    wget -O /usr/local/bin/gitea https://dl.gitea.com/gitea/{{image.serial}}/gitea-{{image.serial}}-linux-amd64
-    chmod +x /usr/local/bin/gitea
-
-    adduser --system --shell /bin/bash --gecos 'Git Version Control' --group --disabled-password --home /home/git git
-
-    mkdir -p /var/lib/gitea/{custom,data,log}
-    chown -R git:git /var/lib/gitea/
-    chmod -R 750 /var/lib/gitea/
-    mkdir /etc/gitea
-    chown root:git /etc/gitea
-    chmod 770 /etc/gitea
-
-    systemctl enable gitea.service
+metadata:
+  name: Gitea
+  get_version_command: curl -s https://dl.gitea.com/gitea/version.json| jq -r '.latest.version'
+  description: Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD.
+  categories: Git, CI CD, Dev
+  project_source: https://github.com/go-gitea/gitea
+  distribution: debian
+  release: bookworm
+  architectures:
+    - amd64
+instructions:
+  files:
+    - path: /etc/systemd/system/gitea.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=Gitea (Git with a cup of tea)
+        After=network.target
+
+        [Service]
+        User=git
+        Group=git
+        LimitNOFILE=524288:524288
+        RestartSec=2s
+        Type=simple
+        WorkingDirectory=/var/lib/gitea/
+        ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
+        Restart=always
+        Environment=USER=root HOME=/root GITEA_WORK_DIR=/var/lib/gitea
+
+        [Install]
+        WantedBy=multi-user.target
+
+  packages:
+    - git
+
+  actions:
+    - trigger: post-files
+      pongo: true
+      action: |-
+        #!/bin/bash
+        set -eux
+
+        wget -O /usr/local/bin/gitea https://dl.gitea.com/gitea/{{image.serial}}/gitea-{{image.serial}}-linux-amd64
+        chmod +x /usr/local/bin/gitea
+
+        adduser --system --shell /bin/bash --gecos 'Git Version Control' --group --disabled-password --home /home/git git
+
+        mkdir -p /var/lib/gitea/{custom,data,log}
+        chown -R git:git /var/lib/gitea/
+        chmod -R 750 /var/lib/gitea/
+        mkdir /etc/gitea
+        chown root:git /etc/gitea
+        chmod 770 /etc/gitea
+
+        systemctl enable gitea.service
diff --git a/templates/grafana.yml b/templates/grafana.yml
index b08b2f6..caba225 100644
--- a/templates/grafana.yml
+++ b/templates/grafana.yml
@@ -1,18 +1,27 @@
-name: Grafana
+metadata:
+  name: Grafana
+  get_version_command: curl -s https://api.github.com/repos/grafana/grafana/releases/latest | jq -r '.tag_name'
+  description: The open and composable observability and data visualization platform.
+  categories: Monitoring, Dashboard, Analytics
+  project_source: https://github.com/grafana/grafana
+  distribution: debian
+  release: bookworm
+  architectures:
+    - amd64
+instructions:
+  actions:
+    - trigger: post-files
+      pongo: true
+      action: |-
+        #!/bin/bash
+        set -eux
 
-actions:
-- trigger: post-files
-  pongo: true
-  action: |-
-    #!/bin/bash
-    set -eux
+        mkdir -p /etc/apt/keyrings/
+        wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor | tee /etc/apt/keyrings/grafana.gpg > /dev/null
 
-    mkdir -p /etc/apt/keyrings/
-    wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor | tee /etc/apt/keyrings/grafana.gpg > /dev/null
+        echo "deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com stable main" | tee -a /etc/apt/sources.list.d/grafana.list
 
-    echo "deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com stable main" | tee -a /etc/apt/sources.list.d/grafana.list
+        apt-get update
+        apt-get install -y grafana
 
-    apt update
-    apt install -y grafana
-
-    systemctl enable grafana-server.service
+        systemctl enable grafana-server.service
diff --git a/templates/homarr.yml b/templates/homarr.yml
index 4da5360..1155b65 100644
--- a/templates/homarr.yml
+++ b/templates/homarr.yml
@@ -1,328 +1,337 @@
-name: Homarr
+metadata:
+  name: Homarr
+  get_version_command: curl -s https://api.github.com/repos/ajnart/homarr/releases/latest | jq -r '.tag_name'
+  description: A simple, yet powerful dashboard for your server.
+  categories: Homepage
+  project_source: https://github.com/ajnart/homarr
+  distribution: debian
+  release: bookworm
+  architectures:
+    - amd64
+instructions:
+  files:
+    - path: /opt/homarr/settings.env
+      generator: dump
+      mode: "0440"
+      content: |-
+        PORT=7575
+        NEXT_TELEMETRY_DISABLED=1
+        NODE_ENV="production"
+        NODE_OPTIONS="--no-experimental-fetch"
+        DATABASE_URL="file:/data/db.sqlite"
+        NEXTAUTH_URL="http://localhost:7575"
+        NEXTAUTH_SECRET="NOT_IN_USE_BECAUSE_JWTS_ARE_UNUSE"
+        NEXT_PUBLIC_DISABLE_ANALYTICS="true"
+        HOSTNAME="127.0.0.1"
+        DEFAULT_COLOR_SCHEME="dark"
 
-files:
-- path: /opt/homarr/settings.env
-  generator: dump
-  mode: '0440'
-  content: |-
-    PORT=7575
-    NEXT_TELEMETRY_DISABLED=1
-    NODE_ENV="production"
-    NODE_OPTIONS="--no-experimental-fetch"
-    DATABASE_URL="file:/data/db.sqlite"
-    NEXTAUTH_URL="http://localhost:7575"
-    NEXTAUTH_SECRET="NOT_IN_USE_BECAUSE_JWTS_ARE_UNUSE"
-    NEXT_PUBLIC_DISABLE_ANALYTICS="true"
-    HOSTNAME="127.0.0.1"
-    DEFAULT_COLOR_SCHEME="dark"
+    - path: /etc/systemd/system/homarr.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=Homarr Dashboard
+        After=network.target
+        ConditionPathExists=/app/.installed__
 
-- path: /etc/systemd/system/homarr.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=Homarr Dashboard
-    After=network.target
-    ConditionPathExists=/app/.installed__
+        [Service]
+        Type=simple
+        WorkingDirectory=/app
+        EnvironmentFile=/app/.env
+        PIDFile=/opt/homarr/homarr.pid
+        ExecStart=/usr/bin/bash scripts/run.sh
+        Restart=always
 
-    [Service]
-    Type=simple
-    WorkingDirectory=/app
-    EnvironmentFile=/app/.env
-    PIDFile=/opt/homarr/homarr.pid
-    ExecStart=/usr/bin/bash scripts/run.sh
-    Restart=always
+        [Install]
+        WantedBy=multi-user.target
 
-    [Install]
-    WantedBy=multi-user.target
+  packages:
+    - git
+    - nodejs
+    - yarn
 
-packages:
-- git
-- nodejs
-- yarn
+  repositories:
+    - name: nodejs
+      url: |-
+        deb http://deb.nodesource.com/node_20.x nodistro main
+      key: |-
+        -----BEGIN PGP PUBLIC KEY BLOCK-----
 
-repositories:
-  - name: nodejs
-    url: |-
-      deb http://deb.nodesource.com/node_20.x nodistro main
-    key: |-
-      -----BEGIN PGP PUBLIC KEY BLOCK-----
+        mQENBFdDN1ABCADaNd/I3j3tn40deQNgz7hB2NvT+syXe6k4ZmdiEcOfBvFrkS8B
+        hNS67t93etHsxEy7E0qwsZH32bKazMqe9zDwoa3aVImryjh6SHC9lMtW27JPHFeM
+        Srkt9YmH1WMwWcRO6eSY9B3PpazquhnvbammLuUojXRIxkDroy6Fw4UKmUNSRr32
+        9Ej87jRoR1B2/57Kfp2Y4+vFGGzSvh3AFQpBHq51qsNHALU6+8PjLfIt+5TPvaWR
+        TB+kAZnQZkaIQM2nr1n3oj6ak2RATY/+kjLizgFWzgEfbCrbsyq68UoY5FPBnu4Z
+        E3iDZpaIqwKr0seUC7iA1xM5eHi5kty1oB7HABEBAAG0Ik5Tb2xpZCA8bnNvbGlk
+        LWdwZ0Bub2Rlc291cmNlLmNvbT6JATgEEwECACIFAldDN1ACGwMGCwkIBwMCBhUI
+        AgkKCwQWAgMBAh4BAheAAAoJEC9ZtfmbG+C0y7wH/i4xnab36dtrYW7RZwL8i6Sc
+        NjMx4j9+U1kr/F6YtqWd+JwCbBdar5zRghxPcYEq/qf7MbgAYcs1eSOuTOb7n7+o
+        xUwdH2iCtHhKh3Jr2mRw1ks7BbFZPB5KmkxHaEBfLT4d+I91ZuUdPXJ+0SXs9gzk
+        Dbz65Uhoz3W03aiF8HeL5JNARZFMbHHNVL05U1sTGTCOtu+1c/33f3TulQ/XZ3Y4
+        hwGCpLe0Tv7g7Lp3iLMZMWYPEa0a7S4u8he5IEJQLd8bE8jltcQvrdr3Fm8kI2Jg
+        BJmUmX4PSfhuTCFaR/yeCt3UoW883bs9LfbTzIx9DJGpRIu8Y0IL3b4sj/GoZVq5
+        AQ0EV0M3UAEIAKrTaC62ayzqOIPa7nS90BHHck4Z33a2tZF/uof38xNOiyWGhT8u
+        JeFoTTHn5SQq5Ftyu4K3K2fbbpuu/APQF05AaljzVkDGNMW4pSkgOasdysj831cu
+        ssrHX2RYS22wg80k6C/Hwmh5F45faEuNxsV+bPx7oPUrt5n6GMx84vEP3i1+FDBi
+        0pt/B/QnDFBXki1BGvJ35f5NwDefK8VaInxXP3ZN/WIbtn5dqxppkV/YkO7GiJlp
+        Jlju9rf3kKUIQzKQWxFsbCAPIHoWv7rH9RSxgDithXtG6Yg5R1aeBbJaPNXL9wpJ
+        YBJbiMjkAFaz4B95FOqZm3r7oHugiCGsHX0AEQEAAYkBHwQYAQIACQUCV0M3UAIb
+        DAAKCRAvWbX5mxvgtE/OB/0VN88DR3Y3fuqy7lq/dthkn7Dqm9YXdorZl3L152eE
+        IF882aG8FE3qZdaLGjQO4oShAyNWmRfSGuoH0XERXAI9n0r8m4mDMxE6rtP7tHet
+        y/5M8x3CTyuMgx5GLDaEUvBusnTD+/v/fBMwRK/cZ9du5PSG4R50rtst+oYyC2ao
+        x4I2SgjtF/cY7bECsZDplzatN3gv34PkcdIg8SLHAVlL4N5tzumDeizRspcSyoy2
+        K2+hwKU4C4+dekLLTg8rjnRROvplV2KtaEk6rxKtIRFDCoQng8wfJuIMrDNKvqZw
+        FRGt7cbvW5MCnuH8MhItOl9Uxp1wHp6gtav/h8Gp6MBa
+        =MARt
+        -----END PGP PUBLIC KEY BLOCK-----
 
-      mQENBFdDN1ABCADaNd/I3j3tn40deQNgz7hB2NvT+syXe6k4ZmdiEcOfBvFrkS8B
-      hNS67t93etHsxEy7E0qwsZH32bKazMqe9zDwoa3aVImryjh6SHC9lMtW27JPHFeM
-      Srkt9YmH1WMwWcRO6eSY9B3PpazquhnvbammLuUojXRIxkDroy6Fw4UKmUNSRr32
-      9Ej87jRoR1B2/57Kfp2Y4+vFGGzSvh3AFQpBHq51qsNHALU6+8PjLfIt+5TPvaWR
-      TB+kAZnQZkaIQM2nr1n3oj6ak2RATY/+kjLizgFWzgEfbCrbsyq68UoY5FPBnu4Z
-      E3iDZpaIqwKr0seUC7iA1xM5eHi5kty1oB7HABEBAAG0Ik5Tb2xpZCA8bnNvbGlk
-      LWdwZ0Bub2Rlc291cmNlLmNvbT6JATgEEwECACIFAldDN1ACGwMGCwkIBwMCBhUI
-      AgkKCwQWAgMBAh4BAheAAAoJEC9ZtfmbG+C0y7wH/i4xnab36dtrYW7RZwL8i6Sc
-      NjMx4j9+U1kr/F6YtqWd+JwCbBdar5zRghxPcYEq/qf7MbgAYcs1eSOuTOb7n7+o
-      xUwdH2iCtHhKh3Jr2mRw1ks7BbFZPB5KmkxHaEBfLT4d+I91ZuUdPXJ+0SXs9gzk
-      Dbz65Uhoz3W03aiF8HeL5JNARZFMbHHNVL05U1sTGTCOtu+1c/33f3TulQ/XZ3Y4
-      hwGCpLe0Tv7g7Lp3iLMZMWYPEa0a7S4u8he5IEJQLd8bE8jltcQvrdr3Fm8kI2Jg
-      BJmUmX4PSfhuTCFaR/yeCt3UoW883bs9LfbTzIx9DJGpRIu8Y0IL3b4sj/GoZVq5
-      AQ0EV0M3UAEIAKrTaC62ayzqOIPa7nS90BHHck4Z33a2tZF/uof38xNOiyWGhT8u
-      JeFoTTHn5SQq5Ftyu4K3K2fbbpuu/APQF05AaljzVkDGNMW4pSkgOasdysj831cu
-      ssrHX2RYS22wg80k6C/Hwmh5F45faEuNxsV+bPx7oPUrt5n6GMx84vEP3i1+FDBi
-      0pt/B/QnDFBXki1BGvJ35f5NwDefK8VaInxXP3ZN/WIbtn5dqxppkV/YkO7GiJlp
-      Jlju9rf3kKUIQzKQWxFsbCAPIHoWv7rH9RSxgDithXtG6Yg5R1aeBbJaPNXL9wpJ
-      YBJbiMjkAFaz4B95FOqZm3r7oHugiCGsHX0AEQEAAYkBHwQYAQIACQUCV0M3UAIb
-      DAAKCRAvWbX5mxvgtE/OB/0VN88DR3Y3fuqy7lq/dthkn7Dqm9YXdorZl3L152eE
-      IF882aG8FE3qZdaLGjQO4oShAyNWmRfSGuoH0XERXAI9n0r8m4mDMxE6rtP7tHet
-      y/5M8x3CTyuMgx5GLDaEUvBusnTD+/v/fBMwRK/cZ9du5PSG4R50rtst+oYyC2ao
-      x4I2SgjtF/cY7bECsZDplzatN3gv34PkcdIg8SLHAVlL4N5tzumDeizRspcSyoy2
-      K2+hwKU4C4+dekLLTg8rjnRROvplV2KtaEk6rxKtIRFDCoQng8wfJuIMrDNKvqZw
-      FRGt7cbvW5MCnuH8MhItOl9Uxp1wHp6gtav/h8Gp6MBa
-      =MARt
-      -----END PGP PUBLIC KEY BLOCK-----
+    - name: yarn
+      url: |-
+        deb http://dl.yarnpkg.com/debian stable main
+      key: |-
+        -----BEGIN PGP PUBLIC KEY BLOCK-----
 
-  - name: yarn
-    url: |-
-      deb http://dl.yarnpkg.com/debian stable main
-    key: |-
-      -----BEGIN PGP PUBLIC KEY BLOCK-----
+        mQINBFf0j5oBEADS6cItqCbf4lOLICohq2aHqM5I1jsz3DC4ddIU5ONbKXP1t0wk
+        FEUPRzd6m80cTo7Q02Bw7enh4J6HvM5XVBSSGKENP6XAsiOZnY9nkXlcQAPFRnCn
+        CjEfoOPZ0cBKjn2IpIXXcC+7xh4p1yruBpOsCbT6BuzA+Nm9j4cpRjdRdWSSmdID
+        TyMZClmYm/NIfCPduYvNZxZXhW3QYeieP7HIonhZSHVu/jauEUyHLVsieUIvAOJI
+        cXYpwLlrw0yy4flHe1ORJzuA7EZ4eOWCuKf1PgowEnVSS7Qp7lksCuljtfXgWelB
+        XGJlAMD90mMbsNpQPF8ywQ2wjECM8Q6BGUcQuGMDBtFihobb+ufJxpUOm4uDt0y4
+        zaw+MVSi+a56+zvY0VmMGVyJstldPAcUlFYBDsfC9+zpzyrAqRY+qFWOT2tj29R5
+        ZNYvUUjEmA/kXPNIwmEr4oj7PVjSTUSpwoKamFFE6Bbha1bzIHpdPIRYc6cEulp3
+        dTOWfp+Cniiblp9gwz3HeXOWu7npTTvJBnnyRSVtQgRnZrrtRt3oLZgmj2fpZFCE
+        g8VcnQOb0iFcIM7VlWL0QR4SOz36/GFyezZkGsMlJwIGjXkqGhcEHYVDpg0nMoq1
+        qUvizxv4nKLanZ5jKrV2J8V09PbL+BERIi6QSeXhXQIui/HfV5wHXC6DywARAQAB
+        tBxZYXJuIFBhY2thZ2luZyA8eWFybkBkYW4uY3g+iQI5BBMBCAAjBQJX9I+aAhsD
+        BwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQFkawG4blAxB52Q/9FcyGIEK2
+        QamDhookuoUGGYjIeN+huQPWmc6mLPEKS2Vahk5jnJKVtAFiaqINiUtt/1jZuhF2
+        bVGITvZK79kM6lg42xQcnhypzQPgkN7GQ/ApYqeKqCh1wV43KzT/CsJ9TrI0SC34
+        qYHTEXXUprAuwQitgAJNi5QMdMtauCmpK+Xtl/72aetvL8jMFElOobeGwKgfLo9+
+        We2EkKhSwyiy3W5TYI1UlV+evyyT+N0pmhRUSH6sJpzDnVYYPbCWa2b+0D/PHjXi
+        edKcely/NvqyVGoWZ+j41wkp5Q0wK2ybURS1ajfaKt0OcMhRf9XCfeXAQvU98mEk
+        FlfPaq0CXsjOy8eJXDeoc1dwxjDi2YbfHel0CafjrNp6qIFG9v3JxPUU19hG9lxD
+        Iv7VXftvMpjJCo/J4Qk+MOv7KsabgXg1iZHmllyyH3TY4AA4VA+mlceiiOHdXbKk
+        Q3BfS1jdXPV+2kBfqM4oWANArlrFTqtop8PPsDNqh/6SrVsthr7WTvC5q5h/Lmxy
+        Krm4Laf7JJMvdisfAsBbGZcR0Xv/Vw9cf2OIEzeOWbj5xul0kHT1vHhVNrBNanfe
+        t79RTDGESPbqz+bTS7olHWctl6TlwxA0/qKlI/PzXfOg63Nqy15woq9buca+uTcS
+        ccYO5au+g4Z70IEeQHsq5SC56qDR5/FvYyu5Ag0EV/SPmgEQANDSEMBKp6ER86y+
+        udfKdSLP9gOv6hPsAgCHhcvBsks+ixeX9U9KkK7vj/1q6wodKf9oEbbdykHgIIB1
+        lzY1l7u7/biAtQhTjdEZPh/dt3vjogrJblUEC0rt+fZe325ociocS4Bt9I75Ttkd
+        nWgkE4uOBJsSllpUbqfLBfYR58zz2Rz1pkBqRTkmJFetVNYErYi2tWbeJ59GjUN7
+        w1K3GhxqbMbgx4dF5+rjGs+KI9k6jkGeeQHqhDk+FU70oLVLuH2Dmi9IFjklKmGa
+        3BU7VpNxvDwdoV7ttRYEBcBnPOmL24Sn4Xhe2MDCqgJwwyohd9rk8neV7GtavVea
+        Tv6bnzi1iJRgDld51HFWG8X+y55i5cYWaiXHdHOAG1+t35QUrczm9+sgkiKSk1II
+        TlEFsfwRl16NTCMGzjP5kGCm/W+yyyvBMw7CkENQcd23fMsdaQ/2UNYJau2PoRH/
+        m+IoRehIcmE0npKeLVTDeZNCzpmfY18T542ibK49kdjZiK6G/VyBhIbWEFVu5Ll9
+        +8GbcO9ucYaaeWkFS8Hg0FZafMk59VxKiICKLZ5he/C4f0UssXdyRYU6C5BH8UTC
+        QLg0z8mSSL+Wb2iFVPrn39Do7Zm8ry6LBCmfCf3pI99Q/1VaLDauorooJV3rQ5kC
+        JEiAeqQtLOvyoXIex1VbzlRUXmElABEBAAGJAh8EGAEIAAkFAlf0j5oCGwwACgkQ
+        FkawG4blAxAUUQ//afD0KLHjClHsA/dFiW+5qVzI8kPMHwO1QcUjeXrB6I3SluOT
+        rLSPhOsoS72yAaU9hFuq8g9ecmFrl3Skp/U4DHZXioEmozyZRp7eVsaHTewlfaOb
+        6g7+v52ktYdomcp3BM5v/pPZCnB5rLrH2KaUWbpY6V6tqtCHbF7zftDqcBENJDXf
+        hiCqS19J08GZFjDEqGDrEj3YEmEXZMN7PcXEISPIz6NYI6rw4yVH8AXfQW6vpPzm
+        ycHwI0QsVW2NQdcZ6zZt+phm6shNUbN2iDdg3BJICmIvQf8qhO3bOh0Bwc11FLHu
+        MKuGVxnWN82HyIsuUB7WDLBHEOtg61Zf1nAF1PQK52YuQz3EWI4LL9OqVqfSTY1J
+        jqIfj+u1PY2UHrxZfxlz1M8pXb1grozjKQ5aNqBKRrcMZNx71itR5rv18qGjGR2i
+        Sciu/xah7zAroEQrx72IjYt03tbk/007CvUlUqFIFB8kY1bbfX8JAA+TxelUniUR
+        2CY8eom5HnaPpKE3kGXZ0jWkudbWb7uuWcW1FE/bO+VtexpBL3SoXmwbVMGnJIEi
+        Uvy8m6ez0kzLXzJ/4K4b8bDO4NjFX2ocKdzLA89Z95KcZUxEG0O7kaDCu0x3BEge
+        uArJLecD5je2/2HXAdvkOAOUi6Gc/LiJrtInc0vUFsdqWCUK5Ao/MKvdMFW5Ag0E
+        V/SP2AEQALRcYv/hiv1n3VYuJbFnEfMkGwkdBYLGo3hiHKY8xrsFVePl9SkL8aqd
+        C310KUFNI42gGY/lz54RUHOqfMszTdafFrmwU18ECWGo4oG9qEutIKG7fkxcvk2M
+        tgsOMZFJqVDS1a9I4QTIkv1ellLBhVub9S7vhe/0jDjXs9IyOBpYQrpCXAm6SypC
+        fpqkDJ4qt/yFheATcm3s8ZVTsk2hiz2jnbqfvpte3hr3XArDjZXr3mGAp3YY9JFT
+        zVBOhyhT/92e6tURz8a/+IrMJzhSyIDel9L+2sHHo9E+fA3/h3lg2mo6EZmRTuvE
+        v9GXf5xeP5lSCDwS6YBXevJ8OSPlocC8Qm8ziww6dy/23XTxPg4YTkdf42i7VOpS
+        pa7EvBGne8YrmUzfbrxyAArK05lo56ZWb9ROgTnqM62wfvrCbEqSHidN3WQQEhMH
+        N7vtXeDPhAd8vaDhYBk4A/yWXIwgIbMczYf7Pl7oY3bXlQHb0KW/y7N3OZCr5mPW
+        94VLLH/v+T5R4DXaqTWeWtDGXLih7uXrG9vdlyrULEW+FDSpexKFUQe83a+Vkp6x
+        GX7FdMC9tNKYnPeRYqPF9UQEJg+MSbfkHSAJgky+bbacz+eqacLXMNCEk2LXFV1B
+        66u2EvSkGZiH7+6BNOar84I3qJrU7LBD7TmKBDHtnRr9JXrAxee3ABEBAAGJBEQE
+        GAEIAA8FAlf0j9gCGwIFCQHhM4ACKQkQFkawG4blAxDBXSAEGQEIAAYFAlf0j9gA
+        CgkQ0QH3iZ1B88PaoA//VuGdF5sjxRIOAOYqXypOD9/Kd7lYyxmtCwnvKdM7f8O5
+        iD8oR2Pk1RhYHjpkfMRVjMkaLfxIRXfGQsWfKN2Zsa4zmTuNy7H6X26XW3rkFWpm
+        dECz1siGRvcpL6NvwLPIPQe7tST72q03u1H7bcyLGk0sTppgMoBND7yuaBTBZkAO
+        WizR+13x7FV+Y2j430Ft/DOe/NTc9dAlp6WmF5baOZClULfFzCTf9OcS2+bo68oP
+        gwWwnciJHSSLm6WRjsgoDxo5f3xBJs0ELKCr4jMwpSOTYqbDgEYOQTmHKkX8ZeQA
+        7mokc9guA0WK+DiGZis85lU95mneyJ2RuYcz6/VDwvT84ooe1swVkC2palDqBMwg
+        jZSTzbcUVqZRRnSDCe9jtpvF48WK4ZRiqtGO6Avzg1ZwMmWSr0zHQrLrUMTq/62W
+        KxLyj2oPxgptRg589hIwXVxJRWQjFijvK/xSjRMLgg73aNTq6Ojh98iyKAQ3HfzW
+        6iXBLLuGfvxflFednUSdWorr38MspcFvjFBOly+NDSjPHamNQ2h19iHLrYT7t4ve
+        nU9PvC+ORvXGxTN8mQR9btSdienQ8bBuU/mg/c417w6WbY7tkkqHqUuQC9LoaVdC
+        QFeE/SKGNe+wWN/EKi0QhXR9+UgWA41Gddi83Bk5deuTwbUeYkMDeUlOq3yyemcG
+        VxAA0PSktXnJgUj63+cdXu7ustVqzMjVJySCKSBtwJOge5aayonCNxz7KwoPO34m
+        Gdr9P4iJfc9kjawNV79aQ5aUH9uU2qFlbZOdO8pHOTjy4E+J0wbJb3VtzCJc1Eaa
+        83kZLFtJ45Fv2WQQ2Nv3Fo+yqAtkOkaBZv9Yq0UTaDkSYE9MMzHDVFx11TT21NZD
+        xu2QiIiqBcZfqJtIFHN5jONjwPG08xLAQKfUNROzclZ1h4XYUT+TWouopmpNeay5
+        JSNcp5LsC2Rn0jSFuZGPJ1rBwB9vSFVA/GvOj8qEdfhjN3XbqPLVdOeChKuhlK0/
+        sOLZZG91SHmT5SjP2zM6QKKSwNgHX4xZt4uugSZiY13+XqnrOGO9zRH8uumhsQmI
+        eFEdT27fsXTDTkWPI2zlHTltQjH1iebqqM9gfa2KUt671WyoL1yLhWrgePvDE+He
+        r002OslvvW6aAIIBki3FntPDqdIH89EEB4UEGqiA1eIZ6hGaQfinC7/IOkkm/mEa
+        qdeoI6NRS521/yf7i34NNj3IaL+rZQFbVWdbTEzAPtAs+bMJOHQXSGZeUUFrEQ/J
+        ael6aNg7mlr7cacmDwZWYLoCfY4w9GW6JHi6i63np8EA34CXecfor7cAX4XfaokB
+        XjyEkrnfV6OWYS7f01JJOcqYANhndxz1Ph8bxoRPelf5q+W5Ag0EWBU7dwEQAL1p
+        wH4prFMFMNV7MJPAwEug0Mxf3OsTBtCBnBYNvgFB+SFwKQLyDXUujuGQudjqQPCz
+        /09MOJPwGCOi0uA0BQScJ5JAfOq33qXi1iXCj9akeCfZXCOWtG3Izc3ofS6uee7K
+        fWUF1hNyA3PUwpRtM2pll+sQEO3y/EN7xYGUOM0mlCawrYGtxSNMlWBlMk/y5HK9
+        upz+iHwUaEJ4PjV+P4YmDq0PnPvXE4qhTIvxx0kO5oZF0tAJCoTg1HE7o99/xq9Z
+        rejDR1JJj6btNw1YFQsRDLxRZv4rL9He10lmLhiQE8QN7zOWzyJbRP++tWY2d2zE
+        yFzvsOsGPbBqLDNkbb9d8Bfvp+udG13sHAEtRzI2UWe5SEdVHobAgu5l+m10WlsN
+        TG/L0gJe1eD1bwceWlnSrbqw+y+pam9YKWqdu18ETN6CeAbNo4w7honRkcRdZyoG
+        p9zZf3o1bGBBMla6RbLuJBoRDOy2Ql7B+Z87N0td6KlHI6X8fNbatbtsXR7qLUBP
+        5oRb6nXX4+DnTMDbvFpE2zxnkg+C354Tw5ysyHhM6abB2+zCXcZ3holeyxC+BUrO
+        gGPyLH/s01mg2zmttwC1UbkaGkQ6SwCoQoFEVq9Dp96B6PgZxhEw0GMrKRw53LoX
+        4rZif9Exv6qUFsGY8U9daEdDPF5UHYe7t/nPpfW3ABEBAAGJBEQEGAEIAA8CGwIF
+        AlokZSMFCQQWmKMCKcFdIAQZAQgABgUCWBU7dwAKCRBGwhMN/SSX9XKdD/4/dWSy
+        7h+ejbq8DuaX1vNXea79f+DNTUerJKpi/1nDOTajnXZnhCShP/yVF6kgbu8AVFDM
+        +fno/P++kx+IwNp/q2HGzzCm/jLeb6txAhAo7iw3fDAU89u8zzAahjp8Zq8iQsoo
+        hfLUGnNEaW0Z25/Rzb37Jy/NxxCnK5OtmThmXveQvIFLx8K34xlZ6MwyiUO64smI
+        dtdyLr492LciZpvJK1s2cliZLKu40dwseWAhvK6BOIBx1PLQGL/Pwx95jCNUDASR
+        fhvY3C27B5gvO6kE5O/RKpgKYF25k5uRLkscxn7liH0d+t3Ti4x07lwiLLQCwZ6F
+        NELdfJp5rtCT33es1wYTNfss0HUYHYFdKr0Vg9v6rR7B/yTwuv0TRYbR28M5olKR
+        IZ52B0DVDO9OCkACRVaxeWSxKFV/g1WyTE1QYNFo8t5EH4hX/mM76RGwW46DlOWS
+        fpyC7X4GfmAh+/SfL0rtN4Lr3uBFAhwrx1vW3xeJ2BIptGaxJgRpELLdz3HDb83s
+        MtT8mzeBXwVR3txmlpg36T96sx3J+osDugV34ctsDkO7/3vXIXz/oGh/zOmMH35A
+        9EgBGlxE4RxBfPT122XzBbwzSvT3Gmdr7QmTonEX6y0P3v6HOKRBcjFS0JePfmmz
+        1RJLG/Vy7PQxoV1YZbXc66C03htDYM2B6VtMNQkQFkawG4blAxCiVRAAhq/1L5Yl
+        smItiC6MROtPP+lfAWRmMSkoIuAtzkV/orqPetwWzjYLgApOvVXBuf9FdJ5vAx1I
+        XG3mDx6mQQWkr4t9onwCUuQ7lE29qmvCHB3FpKVJPKiGC6xK38t5dGAJtbUMZBQb
+        1vDuQ7new8dVLzBSH1VZ7gx9AT+WEptWznb1US1AbejO0uT8jsVc/McK4R3LQmVy
+        9+hbTYZFz1zCImuv9SCNZPSdLpDe41QxcMfKiW7XU4rshJULKd4HYG92KjeJU80z
+        gCyppOm85ENiMz91tPT7+A4O7XMlOaJEH8t/2SZGBE/dmHjSKcWIpJYrIZKXTrNv
+        7rSQGvweNG5alvCAvnrLJ2cRpU1Rziw7auEU1YiSse+hQ1ZBIzWhPMunIdnkL/BJ
+        unBTVE7hPMMG7alOLy5Z0ikNytVewasZlm/dj5tEsfvF7tisVTZWVjWCvEMTP5fe
+        cNMEAwbZdBDyQBAN00y7xp4Pwc/kPLuaqESyTTt8jGek/pe7/+6fu0GQmR2gZKGa
+        gAxeZEvXWrxSJp/q81XSQGcO6QYMff7VexY3ncdjSVLro+Z3ZtYt6aVIGAEEA5UE
+        341yCGIeN+nr27CXD4fHF28aPh+AJzYh+uVjQhHbL8agwcyCMLgU88u1U0tT5Qtj
+        wnw+w+3UNhROvn495REpeEwD60iVeiuF5FW5Ag0EWbWWowEQALCiEk5Ic40W7/v5
+        hqYNjrRlxTE/1axOhhzt8eCB7eOeNOMQKwabYxqBceNmol/guzlnFqLtbaA6yZQk
+        zz/K3eNwWQg7CfXO3+p/dN0HtktPfdCk+kY/t7StKRjINW6S9xk9KshiukmdiDq8
+        JKS0HgxqphBB3tDjmo6/RiaOEFMoUlXKSU+BYYpBpLKg53P8F/8nIsK2aZJyk8Xu
+        Bd0UXKI+N1gfCfzoDWnYHs73LQKcjrTaZQauT81J7+TeWoLI28vkVxyjvTXAyjSB
+        nhxTYfwUNGSoawEXyJ1uKCwhIpklxcCMI9Hykg7sKNsvmJ4uNcRJ7cSRfb0g5DR9
+        dLhR+eEvFd+o4PblKk16AI48N8Zg1dLlJuV2cAtl0oBPk+tnbZukvkS5n1IzTSmi
+        iPIXvK2t506VtfFEw4iZrJWf2Q9//TszBM3r1FPATLH7EAeG5P8RV+ri7L7NvzP6
+        ZQClRDUsxeimCSe8v/t0OpheCVMlM9TpVcKGMw8ig/WEodoLOP4iqBs4BKR7fuyd
+        jDqbU0k/sdJTltp7IIdK1e49POIQ7pt+SUrsq/HnPW4woLC1WjouBWyr2M7/a0Sl
+        dPidZ2BUAK7O9oXosidZMJT7dBp3eHrspY4bdkSxsd0nshj0ndtqNktxkrSFRkoF
+        pMz0J/M3Q93CjdHuTLpTHQEWjm/7ABEBAAGJBEQEGAEIAA8FAlm1lqMCGwIFCQJ2
+        LQACKQkQFkawG4blAxDBXSAEGQEIAAYFAlm1lqMACgkQ4HTRbrb/TeMpDQ//eOIs
+        CWY2gYOGACw42JzMVvuTDrgRT4hMhgHCGeKzn1wFL1EsbSQV4Z6pYvnNayuEakgI
+        z14wf4UFs5u1ehfBwatmakSQJn32ANcAvI0INAkLEoqqy81mROjMc9FFrOkdqjcN
+        7yN0BzH9jNYL/gsvmOOwOu+dIH3C1Lgei844ZR1BZK1900mohuRwcji0sdROMcrK
+        rGjqd4yb6f7yl0wbdAxA3IHT3TFGczC7Y41P2OEpaJeVIZZgxkgQsJ14qK/QGpdK
+        vmZAQpjHBipeO/H+qxyOT5Y+f15VLWGOOVL090+ZdtF7h3m4X2+L7xWsFIgdOprf
+        O60gq3e79YFfgNBYU5BGtJGFGlJ0sGtnpzx5QCRka0j/1E5lIu00sW3WfGItFd48
+        hW6wHCloyoi7pBR7xqSEoU/U5o7+nC8wHFrDYyqcyO9Q3mZDw4LvlgnyMOM+qLv/
+        fNgO9USE4T30eSvc0t/5p1hCKNvyxHFghdRSJqn70bm6MQY+kd6+B/k62Oy8eCwR
+        t4PR+LQEIPnxN7xGuNpVO1oMyhhO41osYruMrodzw81icBRKYFlSuDOQ5jlcSajc
+        6TvF22y+VXy7nx1q/CN4tzB/ryUASU+vXS8/QNM6qI/QbbgBy7VtHqDbs2KHp4cP
+        0j9KYQzMrKwtRwfHqVrwFLkCp61EHwSlPsEFiglpMg/8DQ92O4beY0n7eSrilwEd
+        Jg89IeepTBm1QYiLM33qWLR9CABYAIiDG7qxviHozVfX6kUwbkntVpyHAXSbWrM3
+        kD6jPs3u/dimLKVyd29AVrBSn9FC04EjtDWsj1KB7HrFN4oo9o0JLSnXeJb8FnPf
+        3MitaKltvj/kZhegozIs+zvpzuri0LvoB4fNA0T4eAmxkGkZBB+mjNCrUHIakyPZ
+        VzWGL0QGsfK1Q9jvw0OErqHJYX8A1wLre/HkBne+e5ezS6Mc7kFW33Y1arfbHFNA
+        e12juPsOxqK76qNilUbQpPtNvWP3FTpbkAdodMLq/gQ+M5yHwPe8SkpZ8wYCfcwE
+        emz/P+4QhQB8tbYbpcPxJ+aQjVjcHpsLdrlSY3JL/gqockR7+97GrCzqXbgvsqiW
+        r16Zyn6mxYWEHn9HXMh3b+2IYKFFXHffbIBq/mfibDnZtQBrZpn2uyh6F2ZuOsZh
+        0LTD7RL53KV3fi90nS00Gs1kbMkPycL1JLqvYQDpllE2oZ1dKDYkwivGyDQhRNfE
+        RL6JkjyiSxfZ2c84r2HPgnJTi/WBplloQkM+2NfXrBo6kLHSC6aBndRKk2UmUhrU
+        luGcQUyfzYRFH5kVueIYfDaBPus9gb+sjnViFRpqVjefwlXSJEDHWP3Cl2cuo2mJ
+        jeDghj400U6pjSUW3bIC/PK5Ag0EXCxEEQEQAKVjsdljwPDGO+48879LDa1d7GEu
+        /Jm9HRK6INCQiSiS/0mHkeKa6t4DRgCY2ID9lFiegx2Er+sIgL0chs16XJrFO21u
+        kw+bkBdm2HYUKSsUFmr/bms8DkmAM699vRYVUAzO9eXG/g8lVrAzlb3RT7eGHYKd
+        15DT5KxXDQB+T+mWE9qD5RJwEyPjSU+4WjYF+Rr9gbSuAt5UySUb9jTR5HRNj9wt
+        b4YutfP9jbfqy8esQVG9R/hpWKb2laxvn8Qc2Xj93qNIkBt/SILfx9WDJl0wNUmu
+        +zUwpiC2wrLFTgNOpq7g9wRPtg5mi8MXExWwSF2DlD54yxOOAvdVACJFBXEcstQ3
+        SWg8gxljG8eLMpDjwoIBax3DZwiYZjkjJPeydSulh8vKoFBCQkf2PcImXdOk2HqO
+        V1L7FROM6fKydeSLJbx17SNjVdQnq1OsyqSO0catAFNptMHBsN+tiCI29gpGegao
+        umV9cnND69aYvyPBgvdtmzPChjSmc6rzW1yXCJDm2qzwm/BcwJNXW5B3EUPxc0qS
+        Wste9fUna0G4l/WMuaIzVkuTgXf1/r9HeQbjtxAztxH0d0VgdHAWPDkUYmztcZ4s
+        d0PWkVa18qSrOvyhI96gCzdvMRLX17m1kPvP5PlPulvqizjDs8BScqeSzGgSbbQV
+        m5Tx4w2uF4/n3FBnABEBAAGJBFsEGAEIACYCGwIWIQRy7PRqVrStOckHu7cWRrAb
+        huUDEAUCY897hAUJDUbR8wIpwV0gBBkBAgAGBQJcLEQRAAoJECPnFmeItj4egdIP
+        /3D4rN79jOl7wG1aDNxiDF57FY9VgB7sAP42u1H2SffpFfz4jC5AG1tHwY9P8tDt
+        0ctdlVUBl4QvlaOI+gvKsBT+Dl2uhLMR17r1jCM7QWl9Smr+td2lwbcaerU67ndB
+        RVIeLA3NUURG97TK+suXLxSYJ63VnF9YLJejg3IFgRjXOmV+x+4+PITEeipjXmaH
+        Fu6fFvgYA0Cal2MFTS9eajh81QIdHVrBSxPYMAU5gwmNN8fWq8UjQxgl8sbehO+y
+        2zVSKEkZRG5L4uo995xG7hESAmJegpbV0AsolSo4XiXCzI24L+fmywr9s33if1sj
+        pjhiqR0bvpQVdRr5YkcVG5VZZo1j4WDwWVxsoyCNek6q/opURHGRVvkk3HG61XLe
+        +SVi28cJRJosfltR8EkQkfih8dwrq+GTzDgZT7BYpTjrDWu0TlAeere879tRH9wX
+        nmgnfXOJMzRjfHdYnBKkl6Flj6oEk9C2T7WcqlmVZ1qxwoVR364qMYUp8PDt8GNQ
+        NhkmoYgkr747znhKCclNtWTMOgFchwoer+NqGGnQXxoBcDaOTgjITcTcvwnFKwUg
+        6si1UzOUJTbE++WLO5Bx53PiZPsceCaYsjQs+S83D4ZcKapyUHIyXWNYQ4Su+Tq5
+        o/zXwjHmfINWlT1+MRKvADMmWIWef5ZjPtd0Xb/GVuhSCRAWRrAbhuUDEHSxD/9M
+        5il+6iZDsLMFQvsZJjRWnquPxRXBfyA3aiLJXsmMwWfSdEjS3JKq2hrOKVT3FgkN
+        CHBxhPREIPEhlE7EsGmdYvvzceYeM8LuK4DVMIjjpsIlxyS+h3iQNamoITbwuZyc
+        Hgv9FGVOElrtntqPY6BZWBdK1ZVAT3Q4hf1+o2UZ6o5gcmu6rR5wlgsqdGc5XCev
+        YVaJ7qQXvLhU0gzWyJ1p//d4DQUqrXW9+1bFg/gwPFn+ZBoO40/IovwoIdo1xX4p
+        KgH47aXFRHB53LhNtve422XDEuQnBTwNucvxAA91TmFt1BDVy1VCEwlDaKMS4Tuw
+        xrBEBKwsuBqelJPEcDzzt+yvc3jPoVrNrC5zLpAF3VPCUCkf21tbqYroFy/UfQls
+        O26iJhfPxoLEGtuCYt+DrpnR/1DteKqtett+Z1nJ9JEZAxk8QjdcpdMa5kBtC1hd
+        vb9f8ySSxv91RtzmyehIc7TBogwK+mydWMskTmNAl4ecGepfghPfA5JDW0NUm/Vv
+        /DAylze+BXzXPBeMXDAsHOcf4A8QVht9jX5a03QpPcFcXUYFjtItrjeDyzlSBp3K
+        8B9ECMy2+ke0U0jupNWlFxxzR15e+rEi450ilL/wKm7Va5VhQuNlXToIZJdQg/3e
+        n2jb+0Wye2SNCdPjF8663z+VwaZDVaDXqnT72wEJv7kCDQRcN/VvARAAoEHIkyjF
+        DsfoCxA/b2qNjz+l8OI2WhAMdqxReg7JN9R61qbetj9RYIcWswPSO84c0ioRUk+x
+        JavEFh/6Lg00QKwJKPf0kd1Us6SfqklxGczOaWNLyiM7JthFRNMp0qVX6NjLqGoC
+        NO+d/+nNk6s2x4rLECj/EROmE3ZQQEo5nBXmPlhXpVem23rGfXEQvXDNqFmvqrP+
+        Befn/+aDpo89QIm3sE8G0LfgcajIdSfgLH+NJTvOVAtXXVXJPK39Njr1aBzWTbWh
+        LS2bji7DwP7hshdh7DE2rS623vlzvkkrms8oKkiRpKATdhQ8CEx+mhTFKCj6GtNq
+        hwttCbf98N9GpiHD0has65YtgQQjk2pLR62rZf6czagRfKbFQzXjl2JxS/bsHVhT
+        khyJFqgDcHCSXe7K8uGTAE2AkakGhGyDJYqGVSl0w5IAU8dqDQMc0IpsVMbFk4nX
+        4GgOwixwrzrgCh0jRi+EwUHJYZHBAyzNCkr++D25R0gwNhPMjSKe8Ks6G3hH3XP/
+        ZVlceW/gPfxRixUTk/q7s3xPpPhLMREEpKS1aGcmYxEkrkVBDAzNYKdKP1MYwLn4
+        lh4yNFXWlTClnDyI6UODTHwt8xDddtnT9u+U+xc6OJiYcCOstl+ovS9HmM/Kt9VT
+        EX9cckEEL1IS+9esQMr4b5X02Y1q9Q2uEucAEQEAAYkEWwQYAQgAJgIbAhYhBHLs
+        9GpWtK05yQe7txZGsBuG5QMQBQJjz3uOBQkNOyCfAinBXSAEGQECAAYFAlw39W8A
+        CgkQT3dnk2lHW6p0eg/+K2JJu1RbTSLJPFYQhLcxX+5d2unkuNLIy3kArtZuB992
+        E2Fw00okPGtuPdSyk2ygh4DeYnwmabIWChi7LDp+YnqcI4GfMxNG6RsHs+A/77rL
+        BST3BB1sejZppmKCQZDSC2pvYaZBpS80UvftCZ9RFdY+kTC22Btn/5ekiQOfIqhU
+        H9CyGWS/YlGciomVIVn1hSPN8l4EpBCDtceRaephvzjQIZT3AxOfSlpwJviYjAOk
+        SX4qWyIjC5Ke5kfEOldUuBN1JGAm45tKlrz/LD/+VOc2IWpbkOIAVSldUgpRyiIJ
+        QAZ80trNxrJI7ncaID8lAa7pBptJiL0KorRjk3c6Y7p830Nwe0J5e5+W1RzN4wlR
+        8+9uuRyP8Mcwz/Hz2jwMiv38Vk4tAOe4PYNZuDnpjZ28yCpF3UUgvzjarubFAcg2
+        jd8SauCQFlmOfvT+1qIMSeLmWBOdlzJTUpJRcZqnkEE4WtiMSlxyWVFvUwOmKSGi
+        8CLoGW1Ksh9thQ9zKhvVUiVoKn4Z79HXr4pX6rnp+mweJ2dEZtlqD7HxjVTlCHn9
+        fzClt/Nt0h721fJbS587AC/ZMgg5GV+GKu6Mij0sPAowUJVCIwN9uK/GHICZEAoM
+        SngP8xzKnhU5FD38vwBvsqbKxTtICrv2NuwnQ0WBBQ58w5mv2RCMr2W6iegSKIAJ
+        EBZGsBuG5QMQ0SIQAMFN0FlUSP5TiKrTFMj79TcCLDeAvk8+h7nNj/dlgDpRl4kp
+        r+XO/a0VTwK8XVszNA43FDuT0WORPG73LYlgJi5gdLeWoXaEnW1f+ZyR2uc8/UNu
+        8nwv2dPLefLbhrWpkQbcriOt5FHL61Z8CqYa67vm2Lkr1yD+y3XFAuB2j3hbB1pF
+        xmc3wvkY+ZMA3fMb+ZbAlV9ylNn4MWzK2Z1hzC0G33Ym6z8SbqljvTn0ABS8BI0g
+        cJaPtSV7+rq+a/YOCBudSY1qBLCHGvpkByispqKjguS/95+37zcqEbTCTX9S5XmS
+        lsKFY08+6rq7yu8ptLkbg/RuXLzAvn6g56zFQlPeR+BIrKeCbWRu9hx4kSS6uN22
+        MgYgv7l9ohNTzRxnugHnnerdyElDge50AQeFR43bdHEhvyumPLjaJ2WbSHtxRkLw
+        HcXOlx6lL/i2DJeLMaCshITV6TfvubVYG8djMUogWiXK0T74oocPSs00HDNs7OPy
+        9W44ZAFknGvoaTOEYxNgSI84yUf2304IhP+U9pYcRnJwJM4pOzcXZxPibrQf2Ex9
+        XZXRkb9jkfYMvs0XBnCTUnSl5WVVlNHo2oUC2/mwuc321M6ucf7uDwN6FdPQVlJh
+        1qXVLvbNiyYug0lvwXsyfwu6IX+wl+kAP5NrRYuX8H+L0eauTGrRsld7OZ3H
+        =e4wy
+        -----END PGP PUBLIC KEY BLOCK-----
 
-      mQINBFf0j5oBEADS6cItqCbf4lOLICohq2aHqM5I1jsz3DC4ddIU5ONbKXP1t0wk
-      FEUPRzd6m80cTo7Q02Bw7enh4J6HvM5XVBSSGKENP6XAsiOZnY9nkXlcQAPFRnCn
-      CjEfoOPZ0cBKjn2IpIXXcC+7xh4p1yruBpOsCbT6BuzA+Nm9j4cpRjdRdWSSmdID
-      TyMZClmYm/NIfCPduYvNZxZXhW3QYeieP7HIonhZSHVu/jauEUyHLVsieUIvAOJI
-      cXYpwLlrw0yy4flHe1ORJzuA7EZ4eOWCuKf1PgowEnVSS7Qp7lksCuljtfXgWelB
-      XGJlAMD90mMbsNpQPF8ywQ2wjECM8Q6BGUcQuGMDBtFihobb+ufJxpUOm4uDt0y4
-      zaw+MVSi+a56+zvY0VmMGVyJstldPAcUlFYBDsfC9+zpzyrAqRY+qFWOT2tj29R5
-      ZNYvUUjEmA/kXPNIwmEr4oj7PVjSTUSpwoKamFFE6Bbha1bzIHpdPIRYc6cEulp3
-      dTOWfp+Cniiblp9gwz3HeXOWu7npTTvJBnnyRSVtQgRnZrrtRt3oLZgmj2fpZFCE
-      g8VcnQOb0iFcIM7VlWL0QR4SOz36/GFyezZkGsMlJwIGjXkqGhcEHYVDpg0nMoq1
-      qUvizxv4nKLanZ5jKrV2J8V09PbL+BERIi6QSeXhXQIui/HfV5wHXC6DywARAQAB
-      tBxZYXJuIFBhY2thZ2luZyA8eWFybkBkYW4uY3g+iQI5BBMBCAAjBQJX9I+aAhsD
-      BwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQFkawG4blAxB52Q/9FcyGIEK2
-      QamDhookuoUGGYjIeN+huQPWmc6mLPEKS2Vahk5jnJKVtAFiaqINiUtt/1jZuhF2
-      bVGITvZK79kM6lg42xQcnhypzQPgkN7GQ/ApYqeKqCh1wV43KzT/CsJ9TrI0SC34
-      qYHTEXXUprAuwQitgAJNi5QMdMtauCmpK+Xtl/72aetvL8jMFElOobeGwKgfLo9+
-      We2EkKhSwyiy3W5TYI1UlV+evyyT+N0pmhRUSH6sJpzDnVYYPbCWa2b+0D/PHjXi
-      edKcely/NvqyVGoWZ+j41wkp5Q0wK2ybURS1ajfaKt0OcMhRf9XCfeXAQvU98mEk
-      FlfPaq0CXsjOy8eJXDeoc1dwxjDi2YbfHel0CafjrNp6qIFG9v3JxPUU19hG9lxD
-      Iv7VXftvMpjJCo/J4Qk+MOv7KsabgXg1iZHmllyyH3TY4AA4VA+mlceiiOHdXbKk
-      Q3BfS1jdXPV+2kBfqM4oWANArlrFTqtop8PPsDNqh/6SrVsthr7WTvC5q5h/Lmxy
-      Krm4Laf7JJMvdisfAsBbGZcR0Xv/Vw9cf2OIEzeOWbj5xul0kHT1vHhVNrBNanfe
-      t79RTDGESPbqz+bTS7olHWctl6TlwxA0/qKlI/PzXfOg63Nqy15woq9buca+uTcS
-      ccYO5au+g4Z70IEeQHsq5SC56qDR5/FvYyu5Ag0EV/SPmgEQANDSEMBKp6ER86y+
-      udfKdSLP9gOv6hPsAgCHhcvBsks+ixeX9U9KkK7vj/1q6wodKf9oEbbdykHgIIB1
-      lzY1l7u7/biAtQhTjdEZPh/dt3vjogrJblUEC0rt+fZe325ociocS4Bt9I75Ttkd
-      nWgkE4uOBJsSllpUbqfLBfYR58zz2Rz1pkBqRTkmJFetVNYErYi2tWbeJ59GjUN7
-      w1K3GhxqbMbgx4dF5+rjGs+KI9k6jkGeeQHqhDk+FU70oLVLuH2Dmi9IFjklKmGa
-      3BU7VpNxvDwdoV7ttRYEBcBnPOmL24Sn4Xhe2MDCqgJwwyohd9rk8neV7GtavVea
-      Tv6bnzi1iJRgDld51HFWG8X+y55i5cYWaiXHdHOAG1+t35QUrczm9+sgkiKSk1II
-      TlEFsfwRl16NTCMGzjP5kGCm/W+yyyvBMw7CkENQcd23fMsdaQ/2UNYJau2PoRH/
-      m+IoRehIcmE0npKeLVTDeZNCzpmfY18T542ibK49kdjZiK6G/VyBhIbWEFVu5Ll9
-      +8GbcO9ucYaaeWkFS8Hg0FZafMk59VxKiICKLZ5he/C4f0UssXdyRYU6C5BH8UTC
-      QLg0z8mSSL+Wb2iFVPrn39Do7Zm8ry6LBCmfCf3pI99Q/1VaLDauorooJV3rQ5kC
-      JEiAeqQtLOvyoXIex1VbzlRUXmElABEBAAGJAh8EGAEIAAkFAlf0j5oCGwwACgkQ
-      FkawG4blAxAUUQ//afD0KLHjClHsA/dFiW+5qVzI8kPMHwO1QcUjeXrB6I3SluOT
-      rLSPhOsoS72yAaU9hFuq8g9ecmFrl3Skp/U4DHZXioEmozyZRp7eVsaHTewlfaOb
-      6g7+v52ktYdomcp3BM5v/pPZCnB5rLrH2KaUWbpY6V6tqtCHbF7zftDqcBENJDXf
-      hiCqS19J08GZFjDEqGDrEj3YEmEXZMN7PcXEISPIz6NYI6rw4yVH8AXfQW6vpPzm
-      ycHwI0QsVW2NQdcZ6zZt+phm6shNUbN2iDdg3BJICmIvQf8qhO3bOh0Bwc11FLHu
-      MKuGVxnWN82HyIsuUB7WDLBHEOtg61Zf1nAF1PQK52YuQz3EWI4LL9OqVqfSTY1J
-      jqIfj+u1PY2UHrxZfxlz1M8pXb1grozjKQ5aNqBKRrcMZNx71itR5rv18qGjGR2i
-      Sciu/xah7zAroEQrx72IjYt03tbk/007CvUlUqFIFB8kY1bbfX8JAA+TxelUniUR
-      2CY8eom5HnaPpKE3kGXZ0jWkudbWb7uuWcW1FE/bO+VtexpBL3SoXmwbVMGnJIEi
-      Uvy8m6ez0kzLXzJ/4K4b8bDO4NjFX2ocKdzLA89Z95KcZUxEG0O7kaDCu0x3BEge
-      uArJLecD5je2/2HXAdvkOAOUi6Gc/LiJrtInc0vUFsdqWCUK5Ao/MKvdMFW5Ag0E
-      V/SP2AEQALRcYv/hiv1n3VYuJbFnEfMkGwkdBYLGo3hiHKY8xrsFVePl9SkL8aqd
-      C310KUFNI42gGY/lz54RUHOqfMszTdafFrmwU18ECWGo4oG9qEutIKG7fkxcvk2M
-      tgsOMZFJqVDS1a9I4QTIkv1ellLBhVub9S7vhe/0jDjXs9IyOBpYQrpCXAm6SypC
-      fpqkDJ4qt/yFheATcm3s8ZVTsk2hiz2jnbqfvpte3hr3XArDjZXr3mGAp3YY9JFT
-      zVBOhyhT/92e6tURz8a/+IrMJzhSyIDel9L+2sHHo9E+fA3/h3lg2mo6EZmRTuvE
-      v9GXf5xeP5lSCDwS6YBXevJ8OSPlocC8Qm8ziww6dy/23XTxPg4YTkdf42i7VOpS
-      pa7EvBGne8YrmUzfbrxyAArK05lo56ZWb9ROgTnqM62wfvrCbEqSHidN3WQQEhMH
-      N7vtXeDPhAd8vaDhYBk4A/yWXIwgIbMczYf7Pl7oY3bXlQHb0KW/y7N3OZCr5mPW
-      94VLLH/v+T5R4DXaqTWeWtDGXLih7uXrG9vdlyrULEW+FDSpexKFUQe83a+Vkp6x
-      GX7FdMC9tNKYnPeRYqPF9UQEJg+MSbfkHSAJgky+bbacz+eqacLXMNCEk2LXFV1B
-      66u2EvSkGZiH7+6BNOar84I3qJrU7LBD7TmKBDHtnRr9JXrAxee3ABEBAAGJBEQE
-      GAEIAA8FAlf0j9gCGwIFCQHhM4ACKQkQFkawG4blAxDBXSAEGQEIAAYFAlf0j9gA
-      CgkQ0QH3iZ1B88PaoA//VuGdF5sjxRIOAOYqXypOD9/Kd7lYyxmtCwnvKdM7f8O5
-      iD8oR2Pk1RhYHjpkfMRVjMkaLfxIRXfGQsWfKN2Zsa4zmTuNy7H6X26XW3rkFWpm
-      dECz1siGRvcpL6NvwLPIPQe7tST72q03u1H7bcyLGk0sTppgMoBND7yuaBTBZkAO
-      WizR+13x7FV+Y2j430Ft/DOe/NTc9dAlp6WmF5baOZClULfFzCTf9OcS2+bo68oP
-      gwWwnciJHSSLm6WRjsgoDxo5f3xBJs0ELKCr4jMwpSOTYqbDgEYOQTmHKkX8ZeQA
-      7mokc9guA0WK+DiGZis85lU95mneyJ2RuYcz6/VDwvT84ooe1swVkC2palDqBMwg
-      jZSTzbcUVqZRRnSDCe9jtpvF48WK4ZRiqtGO6Avzg1ZwMmWSr0zHQrLrUMTq/62W
-      KxLyj2oPxgptRg589hIwXVxJRWQjFijvK/xSjRMLgg73aNTq6Ojh98iyKAQ3HfzW
-      6iXBLLuGfvxflFednUSdWorr38MspcFvjFBOly+NDSjPHamNQ2h19iHLrYT7t4ve
-      nU9PvC+ORvXGxTN8mQR9btSdienQ8bBuU/mg/c417w6WbY7tkkqHqUuQC9LoaVdC
-      QFeE/SKGNe+wWN/EKi0QhXR9+UgWA41Gddi83Bk5deuTwbUeYkMDeUlOq3yyemcG
-      VxAA0PSktXnJgUj63+cdXu7ustVqzMjVJySCKSBtwJOge5aayonCNxz7KwoPO34m
-      Gdr9P4iJfc9kjawNV79aQ5aUH9uU2qFlbZOdO8pHOTjy4E+J0wbJb3VtzCJc1Eaa
-      83kZLFtJ45Fv2WQQ2Nv3Fo+yqAtkOkaBZv9Yq0UTaDkSYE9MMzHDVFx11TT21NZD
-      xu2QiIiqBcZfqJtIFHN5jONjwPG08xLAQKfUNROzclZ1h4XYUT+TWouopmpNeay5
-      JSNcp5LsC2Rn0jSFuZGPJ1rBwB9vSFVA/GvOj8qEdfhjN3XbqPLVdOeChKuhlK0/
-      sOLZZG91SHmT5SjP2zM6QKKSwNgHX4xZt4uugSZiY13+XqnrOGO9zRH8uumhsQmI
-      eFEdT27fsXTDTkWPI2zlHTltQjH1iebqqM9gfa2KUt671WyoL1yLhWrgePvDE+He
-      r002OslvvW6aAIIBki3FntPDqdIH89EEB4UEGqiA1eIZ6hGaQfinC7/IOkkm/mEa
-      qdeoI6NRS521/yf7i34NNj3IaL+rZQFbVWdbTEzAPtAs+bMJOHQXSGZeUUFrEQ/J
-      ael6aNg7mlr7cacmDwZWYLoCfY4w9GW6JHi6i63np8EA34CXecfor7cAX4XfaokB
-      XjyEkrnfV6OWYS7f01JJOcqYANhndxz1Ph8bxoRPelf5q+W5Ag0EWBU7dwEQAL1p
-      wH4prFMFMNV7MJPAwEug0Mxf3OsTBtCBnBYNvgFB+SFwKQLyDXUujuGQudjqQPCz
-      /09MOJPwGCOi0uA0BQScJ5JAfOq33qXi1iXCj9akeCfZXCOWtG3Izc3ofS6uee7K
-      fWUF1hNyA3PUwpRtM2pll+sQEO3y/EN7xYGUOM0mlCawrYGtxSNMlWBlMk/y5HK9
-      upz+iHwUaEJ4PjV+P4YmDq0PnPvXE4qhTIvxx0kO5oZF0tAJCoTg1HE7o99/xq9Z
-      rejDR1JJj6btNw1YFQsRDLxRZv4rL9He10lmLhiQE8QN7zOWzyJbRP++tWY2d2zE
-      yFzvsOsGPbBqLDNkbb9d8Bfvp+udG13sHAEtRzI2UWe5SEdVHobAgu5l+m10WlsN
-      TG/L0gJe1eD1bwceWlnSrbqw+y+pam9YKWqdu18ETN6CeAbNo4w7honRkcRdZyoG
-      p9zZf3o1bGBBMla6RbLuJBoRDOy2Ql7B+Z87N0td6KlHI6X8fNbatbtsXR7qLUBP
-      5oRb6nXX4+DnTMDbvFpE2zxnkg+C354Tw5ysyHhM6abB2+zCXcZ3holeyxC+BUrO
-      gGPyLH/s01mg2zmttwC1UbkaGkQ6SwCoQoFEVq9Dp96B6PgZxhEw0GMrKRw53LoX
-      4rZif9Exv6qUFsGY8U9daEdDPF5UHYe7t/nPpfW3ABEBAAGJBEQEGAEIAA8CGwIF
-      AlokZSMFCQQWmKMCKcFdIAQZAQgABgUCWBU7dwAKCRBGwhMN/SSX9XKdD/4/dWSy
-      7h+ejbq8DuaX1vNXea79f+DNTUerJKpi/1nDOTajnXZnhCShP/yVF6kgbu8AVFDM
-      +fno/P++kx+IwNp/q2HGzzCm/jLeb6txAhAo7iw3fDAU89u8zzAahjp8Zq8iQsoo
-      hfLUGnNEaW0Z25/Rzb37Jy/NxxCnK5OtmThmXveQvIFLx8K34xlZ6MwyiUO64smI
-      dtdyLr492LciZpvJK1s2cliZLKu40dwseWAhvK6BOIBx1PLQGL/Pwx95jCNUDASR
-      fhvY3C27B5gvO6kE5O/RKpgKYF25k5uRLkscxn7liH0d+t3Ti4x07lwiLLQCwZ6F
-      NELdfJp5rtCT33es1wYTNfss0HUYHYFdKr0Vg9v6rR7B/yTwuv0TRYbR28M5olKR
-      IZ52B0DVDO9OCkACRVaxeWSxKFV/g1WyTE1QYNFo8t5EH4hX/mM76RGwW46DlOWS
-      fpyC7X4GfmAh+/SfL0rtN4Lr3uBFAhwrx1vW3xeJ2BIptGaxJgRpELLdz3HDb83s
-      MtT8mzeBXwVR3txmlpg36T96sx3J+osDugV34ctsDkO7/3vXIXz/oGh/zOmMH35A
-      9EgBGlxE4RxBfPT122XzBbwzSvT3Gmdr7QmTonEX6y0P3v6HOKRBcjFS0JePfmmz
-      1RJLG/Vy7PQxoV1YZbXc66C03htDYM2B6VtMNQkQFkawG4blAxCiVRAAhq/1L5Yl
-      smItiC6MROtPP+lfAWRmMSkoIuAtzkV/orqPetwWzjYLgApOvVXBuf9FdJ5vAx1I
-      XG3mDx6mQQWkr4t9onwCUuQ7lE29qmvCHB3FpKVJPKiGC6xK38t5dGAJtbUMZBQb
-      1vDuQ7new8dVLzBSH1VZ7gx9AT+WEptWznb1US1AbejO0uT8jsVc/McK4R3LQmVy
-      9+hbTYZFz1zCImuv9SCNZPSdLpDe41QxcMfKiW7XU4rshJULKd4HYG92KjeJU80z
-      gCyppOm85ENiMz91tPT7+A4O7XMlOaJEH8t/2SZGBE/dmHjSKcWIpJYrIZKXTrNv
-      7rSQGvweNG5alvCAvnrLJ2cRpU1Rziw7auEU1YiSse+hQ1ZBIzWhPMunIdnkL/BJ
-      unBTVE7hPMMG7alOLy5Z0ikNytVewasZlm/dj5tEsfvF7tisVTZWVjWCvEMTP5fe
-      cNMEAwbZdBDyQBAN00y7xp4Pwc/kPLuaqESyTTt8jGek/pe7/+6fu0GQmR2gZKGa
-      gAxeZEvXWrxSJp/q81XSQGcO6QYMff7VexY3ncdjSVLro+Z3ZtYt6aVIGAEEA5UE
-      341yCGIeN+nr27CXD4fHF28aPh+AJzYh+uVjQhHbL8agwcyCMLgU88u1U0tT5Qtj
-      wnw+w+3UNhROvn495REpeEwD60iVeiuF5FW5Ag0EWbWWowEQALCiEk5Ic40W7/v5
-      hqYNjrRlxTE/1axOhhzt8eCB7eOeNOMQKwabYxqBceNmol/guzlnFqLtbaA6yZQk
-      zz/K3eNwWQg7CfXO3+p/dN0HtktPfdCk+kY/t7StKRjINW6S9xk9KshiukmdiDq8
-      JKS0HgxqphBB3tDjmo6/RiaOEFMoUlXKSU+BYYpBpLKg53P8F/8nIsK2aZJyk8Xu
-      Bd0UXKI+N1gfCfzoDWnYHs73LQKcjrTaZQauT81J7+TeWoLI28vkVxyjvTXAyjSB
-      nhxTYfwUNGSoawEXyJ1uKCwhIpklxcCMI9Hykg7sKNsvmJ4uNcRJ7cSRfb0g5DR9
-      dLhR+eEvFd+o4PblKk16AI48N8Zg1dLlJuV2cAtl0oBPk+tnbZukvkS5n1IzTSmi
-      iPIXvK2t506VtfFEw4iZrJWf2Q9//TszBM3r1FPATLH7EAeG5P8RV+ri7L7NvzP6
-      ZQClRDUsxeimCSe8v/t0OpheCVMlM9TpVcKGMw8ig/WEodoLOP4iqBs4BKR7fuyd
-      jDqbU0k/sdJTltp7IIdK1e49POIQ7pt+SUrsq/HnPW4woLC1WjouBWyr2M7/a0Sl
-      dPidZ2BUAK7O9oXosidZMJT7dBp3eHrspY4bdkSxsd0nshj0ndtqNktxkrSFRkoF
-      pMz0J/M3Q93CjdHuTLpTHQEWjm/7ABEBAAGJBEQEGAEIAA8FAlm1lqMCGwIFCQJ2
-      LQACKQkQFkawG4blAxDBXSAEGQEIAAYFAlm1lqMACgkQ4HTRbrb/TeMpDQ//eOIs
-      CWY2gYOGACw42JzMVvuTDrgRT4hMhgHCGeKzn1wFL1EsbSQV4Z6pYvnNayuEakgI
-      z14wf4UFs5u1ehfBwatmakSQJn32ANcAvI0INAkLEoqqy81mROjMc9FFrOkdqjcN
-      7yN0BzH9jNYL/gsvmOOwOu+dIH3C1Lgei844ZR1BZK1900mohuRwcji0sdROMcrK
-      rGjqd4yb6f7yl0wbdAxA3IHT3TFGczC7Y41P2OEpaJeVIZZgxkgQsJ14qK/QGpdK
-      vmZAQpjHBipeO/H+qxyOT5Y+f15VLWGOOVL090+ZdtF7h3m4X2+L7xWsFIgdOprf
-      O60gq3e79YFfgNBYU5BGtJGFGlJ0sGtnpzx5QCRka0j/1E5lIu00sW3WfGItFd48
-      hW6wHCloyoi7pBR7xqSEoU/U5o7+nC8wHFrDYyqcyO9Q3mZDw4LvlgnyMOM+qLv/
-      fNgO9USE4T30eSvc0t/5p1hCKNvyxHFghdRSJqn70bm6MQY+kd6+B/k62Oy8eCwR
-      t4PR+LQEIPnxN7xGuNpVO1oMyhhO41osYruMrodzw81icBRKYFlSuDOQ5jlcSajc
-      6TvF22y+VXy7nx1q/CN4tzB/ryUASU+vXS8/QNM6qI/QbbgBy7VtHqDbs2KHp4cP
-      0j9KYQzMrKwtRwfHqVrwFLkCp61EHwSlPsEFiglpMg/8DQ92O4beY0n7eSrilwEd
-      Jg89IeepTBm1QYiLM33qWLR9CABYAIiDG7qxviHozVfX6kUwbkntVpyHAXSbWrM3
-      kD6jPs3u/dimLKVyd29AVrBSn9FC04EjtDWsj1KB7HrFN4oo9o0JLSnXeJb8FnPf
-      3MitaKltvj/kZhegozIs+zvpzuri0LvoB4fNA0T4eAmxkGkZBB+mjNCrUHIakyPZ
-      VzWGL0QGsfK1Q9jvw0OErqHJYX8A1wLre/HkBne+e5ezS6Mc7kFW33Y1arfbHFNA
-      e12juPsOxqK76qNilUbQpPtNvWP3FTpbkAdodMLq/gQ+M5yHwPe8SkpZ8wYCfcwE
-      emz/P+4QhQB8tbYbpcPxJ+aQjVjcHpsLdrlSY3JL/gqockR7+97GrCzqXbgvsqiW
-      r16Zyn6mxYWEHn9HXMh3b+2IYKFFXHffbIBq/mfibDnZtQBrZpn2uyh6F2ZuOsZh
-      0LTD7RL53KV3fi90nS00Gs1kbMkPycL1JLqvYQDpllE2oZ1dKDYkwivGyDQhRNfE
-      RL6JkjyiSxfZ2c84r2HPgnJTi/WBplloQkM+2NfXrBo6kLHSC6aBndRKk2UmUhrU
-      luGcQUyfzYRFH5kVueIYfDaBPus9gb+sjnViFRpqVjefwlXSJEDHWP3Cl2cuo2mJ
-      jeDghj400U6pjSUW3bIC/PK5Ag0EXCxEEQEQAKVjsdljwPDGO+48879LDa1d7GEu
-      /Jm9HRK6INCQiSiS/0mHkeKa6t4DRgCY2ID9lFiegx2Er+sIgL0chs16XJrFO21u
-      kw+bkBdm2HYUKSsUFmr/bms8DkmAM699vRYVUAzO9eXG/g8lVrAzlb3RT7eGHYKd
-      15DT5KxXDQB+T+mWE9qD5RJwEyPjSU+4WjYF+Rr9gbSuAt5UySUb9jTR5HRNj9wt
-      b4YutfP9jbfqy8esQVG9R/hpWKb2laxvn8Qc2Xj93qNIkBt/SILfx9WDJl0wNUmu
-      +zUwpiC2wrLFTgNOpq7g9wRPtg5mi8MXExWwSF2DlD54yxOOAvdVACJFBXEcstQ3
-      SWg8gxljG8eLMpDjwoIBax3DZwiYZjkjJPeydSulh8vKoFBCQkf2PcImXdOk2HqO
-      V1L7FROM6fKydeSLJbx17SNjVdQnq1OsyqSO0catAFNptMHBsN+tiCI29gpGegao
-      umV9cnND69aYvyPBgvdtmzPChjSmc6rzW1yXCJDm2qzwm/BcwJNXW5B3EUPxc0qS
-      Wste9fUna0G4l/WMuaIzVkuTgXf1/r9HeQbjtxAztxH0d0VgdHAWPDkUYmztcZ4s
-      d0PWkVa18qSrOvyhI96gCzdvMRLX17m1kPvP5PlPulvqizjDs8BScqeSzGgSbbQV
-      m5Tx4w2uF4/n3FBnABEBAAGJBFsEGAEIACYCGwIWIQRy7PRqVrStOckHu7cWRrAb
-      huUDEAUCY897hAUJDUbR8wIpwV0gBBkBAgAGBQJcLEQRAAoJECPnFmeItj4egdIP
-      /3D4rN79jOl7wG1aDNxiDF57FY9VgB7sAP42u1H2SffpFfz4jC5AG1tHwY9P8tDt
-      0ctdlVUBl4QvlaOI+gvKsBT+Dl2uhLMR17r1jCM7QWl9Smr+td2lwbcaerU67ndB
-      RVIeLA3NUURG97TK+suXLxSYJ63VnF9YLJejg3IFgRjXOmV+x+4+PITEeipjXmaH
-      Fu6fFvgYA0Cal2MFTS9eajh81QIdHVrBSxPYMAU5gwmNN8fWq8UjQxgl8sbehO+y
-      2zVSKEkZRG5L4uo995xG7hESAmJegpbV0AsolSo4XiXCzI24L+fmywr9s33if1sj
-      pjhiqR0bvpQVdRr5YkcVG5VZZo1j4WDwWVxsoyCNek6q/opURHGRVvkk3HG61XLe
-      +SVi28cJRJosfltR8EkQkfih8dwrq+GTzDgZT7BYpTjrDWu0TlAeere879tRH9wX
-      nmgnfXOJMzRjfHdYnBKkl6Flj6oEk9C2T7WcqlmVZ1qxwoVR364qMYUp8PDt8GNQ
-      NhkmoYgkr747znhKCclNtWTMOgFchwoer+NqGGnQXxoBcDaOTgjITcTcvwnFKwUg
-      6si1UzOUJTbE++WLO5Bx53PiZPsceCaYsjQs+S83D4ZcKapyUHIyXWNYQ4Su+Tq5
-      o/zXwjHmfINWlT1+MRKvADMmWIWef5ZjPtd0Xb/GVuhSCRAWRrAbhuUDEHSxD/9M
-      5il+6iZDsLMFQvsZJjRWnquPxRXBfyA3aiLJXsmMwWfSdEjS3JKq2hrOKVT3FgkN
-      CHBxhPREIPEhlE7EsGmdYvvzceYeM8LuK4DVMIjjpsIlxyS+h3iQNamoITbwuZyc
-      Hgv9FGVOElrtntqPY6BZWBdK1ZVAT3Q4hf1+o2UZ6o5gcmu6rR5wlgsqdGc5XCev
-      YVaJ7qQXvLhU0gzWyJ1p//d4DQUqrXW9+1bFg/gwPFn+ZBoO40/IovwoIdo1xX4p
-      KgH47aXFRHB53LhNtve422XDEuQnBTwNucvxAA91TmFt1BDVy1VCEwlDaKMS4Tuw
-      xrBEBKwsuBqelJPEcDzzt+yvc3jPoVrNrC5zLpAF3VPCUCkf21tbqYroFy/UfQls
-      O26iJhfPxoLEGtuCYt+DrpnR/1DteKqtett+Z1nJ9JEZAxk8QjdcpdMa5kBtC1hd
-      vb9f8ySSxv91RtzmyehIc7TBogwK+mydWMskTmNAl4ecGepfghPfA5JDW0NUm/Vv
-      /DAylze+BXzXPBeMXDAsHOcf4A8QVht9jX5a03QpPcFcXUYFjtItrjeDyzlSBp3K
-      8B9ECMy2+ke0U0jupNWlFxxzR15e+rEi450ilL/wKm7Va5VhQuNlXToIZJdQg/3e
-      n2jb+0Wye2SNCdPjF8663z+VwaZDVaDXqnT72wEJv7kCDQRcN/VvARAAoEHIkyjF
-      DsfoCxA/b2qNjz+l8OI2WhAMdqxReg7JN9R61qbetj9RYIcWswPSO84c0ioRUk+x
-      JavEFh/6Lg00QKwJKPf0kd1Us6SfqklxGczOaWNLyiM7JthFRNMp0qVX6NjLqGoC
-      NO+d/+nNk6s2x4rLECj/EROmE3ZQQEo5nBXmPlhXpVem23rGfXEQvXDNqFmvqrP+
-      Befn/+aDpo89QIm3sE8G0LfgcajIdSfgLH+NJTvOVAtXXVXJPK39Njr1aBzWTbWh
-      LS2bji7DwP7hshdh7DE2rS623vlzvkkrms8oKkiRpKATdhQ8CEx+mhTFKCj6GtNq
-      hwttCbf98N9GpiHD0has65YtgQQjk2pLR62rZf6czagRfKbFQzXjl2JxS/bsHVhT
-      khyJFqgDcHCSXe7K8uGTAE2AkakGhGyDJYqGVSl0w5IAU8dqDQMc0IpsVMbFk4nX
-      4GgOwixwrzrgCh0jRi+EwUHJYZHBAyzNCkr++D25R0gwNhPMjSKe8Ks6G3hH3XP/
-      ZVlceW/gPfxRixUTk/q7s3xPpPhLMREEpKS1aGcmYxEkrkVBDAzNYKdKP1MYwLn4
-      lh4yNFXWlTClnDyI6UODTHwt8xDddtnT9u+U+xc6OJiYcCOstl+ovS9HmM/Kt9VT
-      EX9cckEEL1IS+9esQMr4b5X02Y1q9Q2uEucAEQEAAYkEWwQYAQgAJgIbAhYhBHLs
-      9GpWtK05yQe7txZGsBuG5QMQBQJjz3uOBQkNOyCfAinBXSAEGQECAAYFAlw39W8A
-      CgkQT3dnk2lHW6p0eg/+K2JJu1RbTSLJPFYQhLcxX+5d2unkuNLIy3kArtZuB992
-      E2Fw00okPGtuPdSyk2ygh4DeYnwmabIWChi7LDp+YnqcI4GfMxNG6RsHs+A/77rL
-      BST3BB1sejZppmKCQZDSC2pvYaZBpS80UvftCZ9RFdY+kTC22Btn/5ekiQOfIqhU
-      H9CyGWS/YlGciomVIVn1hSPN8l4EpBCDtceRaephvzjQIZT3AxOfSlpwJviYjAOk
-      SX4qWyIjC5Ke5kfEOldUuBN1JGAm45tKlrz/LD/+VOc2IWpbkOIAVSldUgpRyiIJ
-      QAZ80trNxrJI7ncaID8lAa7pBptJiL0KorRjk3c6Y7p830Nwe0J5e5+W1RzN4wlR
-      8+9uuRyP8Mcwz/Hz2jwMiv38Vk4tAOe4PYNZuDnpjZ28yCpF3UUgvzjarubFAcg2
-      jd8SauCQFlmOfvT+1qIMSeLmWBOdlzJTUpJRcZqnkEE4WtiMSlxyWVFvUwOmKSGi
-      8CLoGW1Ksh9thQ9zKhvVUiVoKn4Z79HXr4pX6rnp+mweJ2dEZtlqD7HxjVTlCHn9
-      fzClt/Nt0h721fJbS587AC/ZMgg5GV+GKu6Mij0sPAowUJVCIwN9uK/GHICZEAoM
-      SngP8xzKnhU5FD38vwBvsqbKxTtICrv2NuwnQ0WBBQ58w5mv2RCMr2W6iegSKIAJ
-      EBZGsBuG5QMQ0SIQAMFN0FlUSP5TiKrTFMj79TcCLDeAvk8+h7nNj/dlgDpRl4kp
-      r+XO/a0VTwK8XVszNA43FDuT0WORPG73LYlgJi5gdLeWoXaEnW1f+ZyR2uc8/UNu
-      8nwv2dPLefLbhrWpkQbcriOt5FHL61Z8CqYa67vm2Lkr1yD+y3XFAuB2j3hbB1pF
-      xmc3wvkY+ZMA3fMb+ZbAlV9ylNn4MWzK2Z1hzC0G33Ym6z8SbqljvTn0ABS8BI0g
-      cJaPtSV7+rq+a/YOCBudSY1qBLCHGvpkByispqKjguS/95+37zcqEbTCTX9S5XmS
-      lsKFY08+6rq7yu8ptLkbg/RuXLzAvn6g56zFQlPeR+BIrKeCbWRu9hx4kSS6uN22
-      MgYgv7l9ohNTzRxnugHnnerdyElDge50AQeFR43bdHEhvyumPLjaJ2WbSHtxRkLw
-      HcXOlx6lL/i2DJeLMaCshITV6TfvubVYG8djMUogWiXK0T74oocPSs00HDNs7OPy
-      9W44ZAFknGvoaTOEYxNgSI84yUf2304IhP+U9pYcRnJwJM4pOzcXZxPibrQf2Ex9
-      XZXRkb9jkfYMvs0XBnCTUnSl5WVVlNHo2oUC2/mwuc321M6ucf7uDwN6FdPQVlJh
-      1qXVLvbNiyYug0lvwXsyfwu6IX+wl+kAP5NrRYuX8H+L0eauTGrRsld7OZ3H
-      =e4wy
-      -----END PGP PUBLIC KEY BLOCK-----
+  actions:
+    - trigger: post-files
+      pongo: true
+      action: |-
+        #!/bin/bash
+        set -eux
 
-actions:
-- trigger: post-files
-  pongo: true
-  action: |-
-    #!/bin/bash
-    set -eux
+        mkdir /data
+        git clone https://github.com/ajnart/homarr -b v{{ image.serial }} --depth 1 /app
 
-    mkdir /data
-    git clone https://github.com/ajnart/homarr -b v{{ image.serial }} --depth 1 /app
+        cd /app
+        yarn install
+        cp /opt/homarr/settings.env .env
+        yarn build
+        cp -r drizzle/migrate/ migrate/
+        cp tsconfig.json migrate/tsconfig.json
+        touch migrate/yarn.lock
+        yarn db:migrate
+        yarn cache clean
+        rm -rf node_modules
+        cp -r .next/standalone/* .
+        chmod +x scripts/run.sh
+        touch .installed__
 
-    cd /app
-    yarn install
-    cp /opt/homarr/settings.env .env
-    yarn build
-    cp -r drizzle/migrate/ migrate/
-    cp tsconfig.json migrate/tsconfig.json
-    touch migrate/yarn.lock
-    yarn db:migrate
-    yarn cache clean
-    rm -rf node_modules
-    cp -r .next/standalone/* .
-    chmod +x scripts/run.sh
-    touch .installed__
-
-    systemctl enable homarr.service
+        systemctl enable homarr.service
diff --git a/templates/infisical.yml b/templates/infisical.yml
index 81716db..fbaff52 100644
--- a/templates/infisical.yml
+++ b/templates/infisical.yml
@@ -1,350 +1,219 @@
-name: Infisical
-
-files:
-- path: /opt/infisical/settings.env
-  generator: dump
-  mode: '0440'
-  content: |-
-    PORT=8080
-    HOST=0.0.0.0
-    HTTPS_ENABLED=false 
-    STANDALONE_BUILD=true 
-    STANDALONE_MODE=true
-    TELEMETRY_ENABLED=true
-    NODE_ENV=production
-    NEXT_PUBLIC_ENV=production
-    NEXT_TELEMETRY_DISABLED=1
-    POSTGRES_USER=infuser
-    POSTGRES_DB=infisical
-
-- path: /etc/systemd/system/infisical-initdb.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=DB initializer for Infisical in postgresql
-    After=network.target postgresql.service
-    Wants=postgresql.service
-    ConditionPathExists=/backend/.installed__
-    ConditionPathExists=!/var/lib/postgresql/.db_initialized__
-
-    [Service]
-    Type=oneshot
-    RemainAfterExit=yes
-    WorkingDirectory=/
-    User=postgres
-    EnvironmentFile=/opt/infisical/settings.env
-    ExecStart=/usr/bin/createdb ${POSTGRES_DB}
-    ExecStart=/usr/bin/createuser -s ${POSTGRES_USER}
-    ExecStart=/usr/bin/psql -c "GRANT ALL PRIVILEGES ON DATABASE ${POSTGRES_DB} TO ${POSTGRES_USER};"
-    ExecStart=/usr/bin/touch /var/lib/postgresql/.db_initialized__
-
-    [Install]
-    WantedBy=multi-user.target
-
-- path: /etc/systemd/system/infisical-migrator.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=DB migrator for Infisical
-    After=network.target infisical-initdb.service
-    Wants=infisical-initdb.service
-    ConditionPathExists=/var/lib/postgresql/.db_initialized__
-    ConditionPathExists=!/backend/.migrated__
-
-    [Service]
-    Type=oneshot
-    RemainAfterExit=yes
-    WorkingDirectory=/backend
-    EnvironmentFile=/opt/infisical/settings.env
-    Environment=DB_CONNECTION_URI=postgres://postgres@127.0.0.1:5432/infisical
-    ExecStart=/usr/bin/npm run migration:latest
-    ExecStart=/usr/bin/touch /backend/.migrated__
-
-    [Install]
-    WantedBy=multi-user.target
-
-- path: /etc/systemd/system/infisical.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=Open Source Secret Management
-    After=network.target infisical-migrator.service
-    ConditionPathExists=/backend/.migrated__
-
-    [Service]
-    Type=simple
-    WorkingDirectory=/backend
-    EnvironmentFile=/opt/infisical/settings.env
-    Environment=DB_CONNECTION_URI=postgres://infuser@127.0.0.1:5432/infisical
-    Environment=REDIS_URL=redis://127.0.0.1:6379
-    Environment=SITE_URL=http://0.0.0.0:8080
-    PIDFile=/opt/infisical/infisical.pid
-    ExecStart=/backend/standalone-entrypoint.sh
-    Restart=always
-
-    [Install]
-    WantedBy=multi-user.target
-
-packages:
-- git
-- nodejs
-- redis
-- redis-server
-- postgresql-16
-
-repositories:
-  - name: nodejs
-    url: |-
-      deb http://deb.nodesource.com/node_20.x nodistro main
-    key: |-
-      -----BEGIN PGP PUBLIC KEY BLOCK-----
-
-      mQENBFdDN1ABCADaNd/I3j3tn40deQNgz7hB2NvT+syXe6k4ZmdiEcOfBvFrkS8B
-      hNS67t93etHsxEy7E0qwsZH32bKazMqe9zDwoa3aVImryjh6SHC9lMtW27JPHFeM
-      Srkt9YmH1WMwWcRO6eSY9B3PpazquhnvbammLuUojXRIxkDroy6Fw4UKmUNSRr32
-      9Ej87jRoR1B2/57Kfp2Y4+vFGGzSvh3AFQpBHq51qsNHALU6+8PjLfIt+5TPvaWR
-      TB+kAZnQZkaIQM2nr1n3oj6ak2RATY/+kjLizgFWzgEfbCrbsyq68UoY5FPBnu4Z
-      E3iDZpaIqwKr0seUC7iA1xM5eHi5kty1oB7HABEBAAG0Ik5Tb2xpZCA8bnNvbGlk
-      LWdwZ0Bub2Rlc291cmNlLmNvbT6JATgEEwECACIFAldDN1ACGwMGCwkIBwMCBhUI
-      AgkKCwQWAgMBAh4BAheAAAoJEC9ZtfmbG+C0y7wH/i4xnab36dtrYW7RZwL8i6Sc
-      NjMx4j9+U1kr/F6YtqWd+JwCbBdar5zRghxPcYEq/qf7MbgAYcs1eSOuTOb7n7+o
-      xUwdH2iCtHhKh3Jr2mRw1ks7BbFZPB5KmkxHaEBfLT4d+I91ZuUdPXJ+0SXs9gzk
-      Dbz65Uhoz3W03aiF8HeL5JNARZFMbHHNVL05U1sTGTCOtu+1c/33f3TulQ/XZ3Y4
-      hwGCpLe0Tv7g7Lp3iLMZMWYPEa0a7S4u8he5IEJQLd8bE8jltcQvrdr3Fm8kI2Jg
-      BJmUmX4PSfhuTCFaR/yeCt3UoW883bs9LfbTzIx9DJGpRIu8Y0IL3b4sj/GoZVq5
-      AQ0EV0M3UAEIAKrTaC62ayzqOIPa7nS90BHHck4Z33a2tZF/uof38xNOiyWGhT8u
-      JeFoTTHn5SQq5Ftyu4K3K2fbbpuu/APQF05AaljzVkDGNMW4pSkgOasdysj831cu
-      ssrHX2RYS22wg80k6C/Hwmh5F45faEuNxsV+bPx7oPUrt5n6GMx84vEP3i1+FDBi
-      0pt/B/QnDFBXki1BGvJ35f5NwDefK8VaInxXP3ZN/WIbtn5dqxppkV/YkO7GiJlp
-      Jlju9rf3kKUIQzKQWxFsbCAPIHoWv7rH9RSxgDithXtG6Yg5R1aeBbJaPNXL9wpJ
-      YBJbiMjkAFaz4B95FOqZm3r7oHugiCGsHX0AEQEAAYkBHwQYAQIACQUCV0M3UAIb
-      DAAKCRAvWbX5mxvgtE/OB/0VN88DR3Y3fuqy7lq/dthkn7Dqm9YXdorZl3L152eE
-      IF882aG8FE3qZdaLGjQO4oShAyNWmRfSGuoH0XERXAI9n0r8m4mDMxE6rtP7tHet
-      y/5M8x3CTyuMgx5GLDaEUvBusnTD+/v/fBMwRK/cZ9du5PSG4R50rtst+oYyC2ao
-      x4I2SgjtF/cY7bECsZDplzatN3gv34PkcdIg8SLHAVlL4N5tzumDeizRspcSyoy2
-      K2+hwKU4C4+dekLLTg8rjnRROvplV2KtaEk6rxKtIRFDCoQng8wfJuIMrDNKvqZw
-      FRGt7cbvW5MCnuH8MhItOl9Uxp1wHp6gtav/h8Gp6MBa
-      =MARt
-      -----END PGP PUBLIC KEY BLOCK-----
-
-  - name: redis
-    url: |-
-      deb http://packages.redis.io/deb {{image.release}} main
-    key: |-
-      -----BEGIN PGP PUBLIC KEY BLOCK-----
-
-      mQINBGD37jsBEADdZKxRBkGSzT4XJbSVtNHCdacP5WvEVx3u6Ly95mYaoVR7N4LX
-      3Muy3CCLk5LU1dW0e8Ws38/ZZTF6Lu3793qhDCi6hCbD36UkfH9xWqLNEgU/G8P9
-      9aGbh9LDt6JyD5v4kJaQnMYnrFHNu0cYwvfn83IobaOhluLdR3Z7XIWorViLm1JG
-      z/SgFsT3zrXaOmco0JTBwZ5MAbUXEtWuZrRJRqBw5imCHDgbhieAaLopu2voxi6D
-      F0yVQO/QnxVffVTSrwGPi+0K8qhRW2p49lEH9QoggI5m+jH7tPfQYmT3sk2ZVC2J
-      vedWivkg7RVaCyq0G9zpJqCb88KqHHkd+jsO3JSgPlvZI0Jceqbw6bf9UGGaAANP
-      UuZBT0h1xctOoDziQ4iQcy2r0SLxp5Ger/4DbQkn+gEEo9+QVpSvwL+ct7iinb7R
-      pcwaztsDWUxNFsf13j2MVGDlD0YmLE0wyxTycCxgHrCf7zFAcT9z6OaWNEXL0Oos
-      EMD/hxvmCsGHeBedWJD0+hE5m/c/7F/eNHsFveHrw063509vsj4/abZRJjec6Co/
-      bNtxOvyLSSy2p86uLjOuQBil8M74jx/IlcACqmDuhj9ooE7EFtj8u1GTNLmpwn7N
-      OaLU7jz/cCoxhuLq3nMk7ciDnxXpapfZeNUzMvdsRPWUp/UNWhsy14e47wARAQAB
-      tDFSZWRpcyAoUGFja2FnZSBTaWduaW5nKSA8cmVkaXMtcGFja2FnZXNAcmVkaXMu
-      aW8+iQJOBBMBCgA4FiEEVDGPpAUtHmGmtve7X0NJ1r9TqgwFAmD37jsCGwMFCwkI
-      BwIGFQoJCAsCBBYCAwECHgECF4AACgkQX0NJ1r9TqgyMiA/9GsMtdFo2SeOt2COh
-      cUg6x3joOWAMtpgGA2jxaH2kJ92/dIvQgAJ8O2dDawTtZtA1oJbVJiPqZsV43M7U
-      l2FKluF2/v3PfWBHhmNebc4OMpka1s3Dgejen1Ps1D4Ld9TGKWVtMBJzE4Nv74nZ
-      nrhaocS+885VPL9g56D7m0Yw0EseNq/3vbDboQu/USGNDDYk8WK+C2mDtRNUwK2s
-      DfKpcyMRjuxTcmqxEOPaK1XV262+2MHi/S/h2XpH2qVkUNF5JMNeDj/WmZqSkqQR
-      fJJSTto295rXq9/4SGkCdpX+0iwwbysuYHxdIoPWoviOGyO12I5uMCtJ75POD8dW
-      X5JDi/pAzQmpnWV16r6LWyIH+nH1xxTXw31fROGWkX3S+hoINsfC4S/T2JI3ibYk
-      W/0e9r16NVqspJTs4+4c85SxxqnFOwp5yHlSA1IFtttb0pvwuaV/4J6IMqXpoWri
-      DjWRg/FAvVdrnBRXJDJlXSV5+cJ50s+USXxzTrC4H0BT4/Cm+M+bgPT7qhMxh/PZ
-      ZDXSfVc8FT4GYxCD5q29H5crg2KmmZ5ICl5ttA0PuMKVJf9ZXLxD/VJD1SZFMWIL
-      6jSSK+D3JCQkGjWha/SiqkjT8TFtp/55wBJ4hxNhUGfoNJFXE2KK9CrNSiML/EF9
-      iuv7q6rxyabb73O9DjbBvGPPSj65Ag0EYPfuOwEQALvZtHJtqAC2Yap/w4dCcRHK
-      5mriLdjvdPj/gtfZAFiZWPSCth1he+LEsxkKHg0MveQ33NrwSFZ1MBGDrFyhcMJh
-      H29HbPRrZzZMjXEhLtZZidfVXBFRzwOGkDLJqgCu5ji67eTD8PPhEMVJIsO1+qf2
-      xfBiLv9bRqJMlFE7/BdbzUhAeyfyNIyp8v9T2NvLfk9i6++OgFZ4ZhV6D4rTPcot
-      T0PG7NizT/2OS1L+p0PFTUPKRinA8Zr0LL6cMASGqBYUfYNt49fQ3gkIFopeZuc+
-      ueT7APgbpqNVVGNbzu8bCnRsQw4VG2uiRg/wbsUFRVnLMshqYWgvK0YxDGbxokxk
-      5vNJHZSDgkSxOdE6SivDVoQkwbyoE9LRAqi1ZyA8bEDLR501h1IrLRHG3VxNTHdv
-      lLefJvnl+EnTcRdFMDGlsSpYGMbklQVXRNH37IW5TFJmfv5JxAWQ/QMdKzx6xq2p
-      1DUN2Jg5BMQV9yQWiRekmMNPl8TWlK+/c8zKNy/jsWOFX2eypShRQ8O6lwUsr6Qw
-      2lcfxGJMptbyarrWL4weE51Q0V/2QOgCMeKRA/k4vwt6x29XcCxW8MOkB/yWKJsQ
-      EowgHKfwwMNCkj210nXhIat3VNLR7+AsosFJaQPQXSA1p2jSjRaZZjBjJOGp4/IO
-      n0MojRNfwZnZh2G8RQgDABEBAAGJAjYEGAEKACAWIQRUMY+kBS0eYaa297tfQ0nW
-      v1OqDAUCYPfuOwIbDAAKCRBfQ0nWv1OqDPfaEACwhMPLZgOEOjkZYg4WyGrPDUua
-      L9pREl/010yEN8BxIcpqFA0COh4LgFUe8mB7w2YGN05DgTzZqLGoeu08roWV94MD
-      h6V4pS/mu1wLM+qJ5n+YVa5ncA58TBCU8Bl525SiKcGF0o109pG4jAKQuzsP97Y5
-      vMl+/GVywcYEc+5OHsrqYxy2HU4sblbCdIrWs+E58FIFI+PbmUX6fP7K1a26+AyW
-      ln8jAiZW4cSuEWcqyEMo7MQmEHqm1MVwMfbYFn+MaaLcojScMhKq02OKOEE8PY+o
-      rzoSxGbJbD09fSnN3VRQkKIj7BkjAWd+IM1/sePOh/SQUNDKz4aBSCzvuVlMv4+l
-      9dFHkI2/WFqNe5L7RP/nTOvgghKFqo9n9uWg2ssw99ut9knyi/gDiMMIZ25grHM3
-      fClZG9aEanGY2L0g2YQr+h53E5LCucGFnW642hPi+nT1Nzk6xVKN8g/wH4j3GffL
-      XIBJiYB2qaQFam87jGAQqZ5LZ+OZHbZqSjp7L/MkNdzLdqF3KZ8YuO3NAf/k7gv8
-      UKpAlnjHEQF4h0Wk281lmPmsZKddau28k7ByKxwnUQNRLgotX/LCLu7HcWabXIhp
-      208jU3p1Jlb6Bcr5Ii1xJxBwhCfda0MpAZ1pyR+Kdg2ovm0eE7ZkDZ/hWKbc+lmC
-      Oi5R+3n0UUbz020kbQ==
-      =1K+h
-      -----END PGP PUBLIC KEY BLOCK-----
-
-  - name: postgresql
-    url: |-
-      deb http://apt.postgresql.org/pub/repos/apt {{image.release}}-pgdg main
-    key: |-
-      -----BEGIN PGP PUBLIC KEY BLOCK-----
-
-      mQINBE6XR8IBEACVdDKT2HEH1IyHzXkb4nIWAY7echjRxo7MTcj4vbXAyBKOfjja
-      UrBEJWHN6fjKJXOYWXHLIYg0hOGeW9qcSiaa1/rYIbOzjfGfhE4x0Y+NJHS1db0V
-      G6GUj3qXaeyqIJGS2z7m0Thy4Lgr/LpZlZ78Nf1fliSzBlMo1sV7PpP/7zUO+aA4
-      bKa8Rio3weMXQOZgclzgeSdqtwKnyKTQdXY5MkH1QXyFIk1nTfWwyqpJjHlgtwMi
-      c2cxjqG5nnV9rIYlTTjYG6RBglq0SmzF/raBnF4Lwjxq4qRqvRllBXdFu5+2pMfC
-      IZ10HPRdqDCTN60DUix+BTzBUT30NzaLhZbOMT5RvQtvTVgWpeIn20i2NrPWNCUh
-      hj490dKDLpK/v+A5/i8zPvN4c6MkDHi1FZfaoz3863dylUBR3Ip26oM0hHXf4/2U
-      A/oA4pCl2W0hc4aNtozjKHkVjRx5Q8/hVYu+39csFWxo6YSB/KgIEw+0W8DiTII3
-      RQj/OlD68ZDmGLyQPiJvaEtY9fDrcSpI0Esm0i4sjkNbuuh0Cvwwwqo5EF1zfkVj
-      Tqz2REYQGMJGc5LUbIpk5sMHo1HWV038TWxlDRwtOdzw08zQA6BeWe9FOokRPeR2
-      AqhyaJJwOZJodKZ76S+LDwFkTLzEKnYPCzkoRwLrEdNt1M7wQBThnC5z6wARAQAB
-      tBxQb3N0Z3JlU1FMIERlYmlhbiBSZXBvc2l0b3J5iQJOBBMBCAA4AhsDBQsJCAcD
-      BRUKCQgLBRYCAwEAAh4BAheAFiEEuXsK/KoaR/BE8kSgf8x9RqzMTPgFAlhtCD8A
-      CgkQf8x9RqzMTPgECxAAk8uL+dwveTv6eH21tIHcltt8U3Ofajdo+D/ayO53LiYO
-      xi27kdHD0zvFMUWXLGxQtWyeqqDRvDagfWglHucIcaLxoxNwL8+e+9hVFIEskQAY
-      kVToBCKMXTQDLarz8/J030Pmcv3ihbwB+jhnykMuyyNmht4kq0CNgnlcMCdVz0d3
-      z/09puryIHJrD+A8y3TD4RM74snQuwc9u5bsckvRtRJKbP3GX5JaFZAqUyZNRJRJ
-      Tn2OQRBhCpxhlZ2afkAPFIq2aVnEt/Ie6tmeRCzsW3lOxEH2K7MQSfSu/kRz7ELf
-      Cz3NJHj7rMzC+76Rhsas60t9CjmvMuGONEpctijDWONLCuch3Pdj6XpC+MVxpgBy
-      2VUdkunb48YhXNW0jgFGM/BFRj+dMQOUbY8PjJjsmVV0joDruWATQG/M4C7O8iU0
-      B7o6yVv4m8LDEN9CiR6r7H17m4xZseT3f+0QpMe7iQjz6XxTUFRQxXqzmNnloA1T
-      7VjwPqIIzkj/u0V8nICG/ktLzp1OsCFatWXh7LbU+hwYl6gsFH/mFDqVxJ3+DKQi
-      vyf1NatzEwl62foVjGUSpvh3ymtmtUQ4JUkNDsXiRBWczaiGSuzD9Qi0ONdkAX3b
-      ewqmN4TfE+XIpCPxxHXwGq9Rv1IFjOdCX0iG436GHyTLC1tTUIKF5xV4Y0+cXIOI
-      RgQQEQgABgUCTpdI7gAKCRDFr3dKWFELWqaPAKD1TtT5c3sZz92Fj97KYmqbNQZP
-      +ACfSC6+hfvlj4GxmUjp1aepoVTo3weJAhwEEAEIAAYFAk6XSQsACgkQTFprqxLS
-      p64F8Q//cCcutwrH50UoRFejg0EIZav6LUKejC6kpLeubbEtuaIH3r2zMblPGc4i
-      +eMQKo/PqyQrceRXeNNlqO6/exHozYi2meudxa6IudhwJIOn1MQykJbNMSC2sGUp
-      1W5M1N5EYgt4hy+qhlfnD66LR4G+9t5FscTJSy84SdiOuqgCOpQmPkVRm1HX5X1+
-      dmnzMOCk5LHHQuiacV0qeGO7JcBCVEIDr+uhU1H2u5GPFNHm5u15n25tOxVivb94
-      xg6NDjouECBH7cCVuW79YcExH/0X3/9G45rjdHlKPH1OIUJiiX47OTxdG3dAbB4Q
-      fnViRJhjehFscFvYWSqXo3pgWqUsEvv9qJac2ZEMSz9x2mj0ekWxuM6/hGWxJdB+
-      +985rIelPmc7VRAXOjIxWknrXnPCZAMlPlDLu6+vZ5BhFX0Be3y38f7GNCxFkJzl
-      hWZ4Cj3WojMj+0DaC1eKTj3rJ7OJlt9S9xnO7OOPEUTGyzgNIDAyCiu8F4huLPaT
-      ape6RupxOMHZeoCVlqx3ouWctelB2oNXcxxiQ/8y+21aHfD4n/CiIFwDvIQjl7dg
-      mT3u5Lr6yxuosR3QJx1P6rP5ZrDTP9khT30t+HZCbvs5Pq+v/9m6XDmi+NlU7Zuh
-      Ehy97tL3uBDgoL4b/5BpFL5U9nruPlQzGq1P9jj40dxAaDAX/WKJAj0EEwEIACcC
-      GwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AFAlB5KywFCQPDFt8ACgkQf8x9RqzM
-      TPhuCQ//QAjRSAOCQ02qmUAikT+mTB6baOAakkYq6uHbEO7qPZkv4E/M+HPIJ4wd
-      nBNeSQjfvdNcZBA/x0hr5EMcBneKKPDj4hJ0panOIRQmNSTThQw9OU351gm3YQct
-      AMPRUu1fTJAL/AuZUQf9ESmhyVtWNlH/56HBfYjE4iVeaRkkNLJyX3vkWdJSMwC/
-      LO3Lw/0M3R8itDsm74F8w4xOdSQ52nSRFRh7PunFtREl+QzQ3EA/WB4AIj3VohIG
-      kWDfPFCzV3cyZQiEnjAe9gG5pHsXHUWQsDFZ12t784JgkGyO5wT26pzTiuApWM3k
-      /9V+o3HJSgH5hn7wuTi3TelEFwP1fNzI5iUUtZdtxbFOfWMnZAypEhaLmXNkg4zD
-      kH44r0ss9fR0DAgUav1a25UnbOn4PgIEQy2fgHKHwRpCy20d6oCSlmgyWsR40EPP
-      YvtGq49A2aK6ibXmdvvFT+Ts8Z+q2SkFpoYFX20mR2nsF0fbt1lfH65P64dukxeR
-      GteWIeNakDD40bAAOH8+OaoTGVBJ2ACJfLVNM53PEoftavAwUYMrR910qvwYfd/4
-      6rh46g1Frr9SFMKYE9uvIJIgDsQB3QBp71houU4H55M5GD8XURYs+bfiQpJG1p7e
-      B8e5jZx1SagNWc4XwL2FzQ9svrkbg1Y+359buUiP7T6QXX2zY++JAj0EEwEIACcC
-      GwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AFAlEqbZUFCQg2wEEACgkQf8x9RqzM
-      TPhFMQ//WxAfKMdpSIA9oIC/yPD/dJpY/+DyouOljpE6MucMy/ArBECjFTBwi/j9
-      NYM4ynAk34IkhuNexc1i9/05f5RM6+riLCLgAOsADDbHD4miZzoSxiVr6GQ3YXMb
-      OGld9kV9Sy6mGNjcUov7iFcf5Hy5w3AjPfKuR9zXswyfzIU1YXObiiZT38l55pp/
-      BSgvGVQsvbNjsff5CbEKXS7q3xW+WzN0QWF6YsfNVhFjRGj8hKtHvwKcA02wwjLe
-      LXVTm6915ZUKhZXUFc0vM4Pj4EgNswH8Ojw9AJaKWJIZmLyW+aP+wpu6YwVCicxB
-      Y59CzBO2pPJDfKFQzUtrErk9irXeuCCLesDyirxJhv8o0JAvmnMAKOLhNFUrSQ2m
-      +3EnF7zhfz70gHW+EG8X8mL/EN3/dUM09j6TVrjtw43RLxBzwMDeariFF9yC+5bL
-      tnGgxjsB9Ik6GV5v34/NEEGf1qBiAzFmDVFRZlrNDkq6gmpvGnA5hUWNr+y0i01L
-      jGyaLSWHYjgw2UEQOqcUtTFK9MNzbZze4mVaHMEz9/aMfX25R6qbiNqCChveIm8m
-      Yr5Ds2zdZx+G5bAKdzX7nx2IUAxFQJEE94VLSp3npAaTWv3sHr7dR8tSyUJ9poDw
-      gw4W9BIcnAM7zvFYbLF5FNggg/26njHCCN70sHt8zGxKQINMc6SJAj0EEwEIACcC
-      GwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AFAlLpFRkFCQ6EJy0ACgkQf8x9RqzM
-      TPjOZA//Zp0e25pcvle7cLc0YuFr9pBv2JIkLzPm83nkcwKmxaWayUIG4Sv6pH6h
-      m8+S/CHQij/yFCX+o3ngMw2J9HBUvafZ4bnbI0RGJ70GsAwraQ0VlkIfg7GUw3Tz
-      voGYO42rZTru9S0K/6nFP6D1HUu+U+AsJONLeb6oypQgInfXQExPZyliUnHdipei
-      4WR1YFW6sjSkZT/5C3J1wkAvPl5lvOVthI9Zs6bZlJLZwusKxU0UM4Btgu1Sf3nn
-      JcHmzisixwS9PMHE+AgPWIGSec/N27a0KmTTvImV6K6nEjXJey0K2+EYJuIBsYUN
-      orOGBwDFIhfRk9qGlpgt0KRyguV+AP5qvgry95IrYtrOuE7307SidEbSnvO5ezNe
-      mE7gT9Z1tM7IMPfmoKph4BfpNoH7aXiQh1Wo+ChdP92hZUtQrY2Nm13cmkxYjQ4Z
-      gMWfYMC+DA/GooSgZM5i6hYqyyfAuUD9kwRN6BqTbuAUAp+hCWYeN4D88sLYpFh3
-      paDYNKJ+Gf7Yyi6gThcV956RUFDH3ys5Dk0vDL9NiWwdebWfRFbzoRM3dyGP889a
-      OyLzS3mh6nHzZrNGhW73kslSQek8tjKrB+56hXOnb4HaElTZGDvD5wmrrhN94kby
-      Gtz3cydIohvNO9d90+29h0eGEDYti7j7maHkBKUAwlcPvMg5m3Y=
-      =DA1T
-      -----END PGP PUBLIC KEY BLOCK-----
-
-actions:
-- trigger: post-files
-  pongo: true
-  action: |-
-    #!/bin/bash
-    set -eux
-
-    export NODE_ENV=production
-    export NEXT_PUBLIC_ENV=production
-    export NEXT_PUBLIC_POSTHOG_HOST=https://app.posthog.com
-    export NEXT_PUBLIC_POSTHOG_API_KEY=posthog-api-key
-    export NEXT_PUBLIC_INTERCOM_ID=intercom-id
-    export NEXT_PUBLIC_INFISICAL_PLATFORM_VERSION=v{{image.serial}}
-    export NEXT_TELEMETRY_DISABLED=1
-
-    npm config delete http-proxy
-    npm config delete https-proxy
-
-    npm config rm proxy
-    npm config rm https-proxy
-
-    set HTTP_PROXY=null
-    set HTTPS_PROXY=null
-
-    npm config set fetch-timeout 90000
-
-    git clone https://github.com/Infisical/infisical -b infisical/v{{ image.serial }}-postgres --depth 1 /tmp/app
-
-    mkdir /build-frontend && cd /build-frontend
-    cp /tmp/app/frontend/{package.json,package-lock.json,next.config.js} .
-    npm ci --only-production --ignore-scripts
-    cp -r /tmp/app/frontend/* /build-frontend/
-    npm run build
-    mkdir -p /infisical-frontend/.next/cache/images
-    cp -r /tmp/app/frontend/scripts /infisical-frontend/scripts
-    cp -r /build-frontend/public /infisical-frontend/public
-    cp -r /build-frontend/.next/standalone/* /infisical-frontend/
-    cp -r /build-frontend/.next/* /infisical-frontend/.next/ && rm -rf /infisical-frontend/.next/standalone/
-    npm cache clean --force
-
-    export NODE_ENV=
-    export NEXT_PUBLIC_ENV=
-
-    mkdir /backend && cd /backend
-    cp /tmp/app/backend/package*.json .
-    npm ci --only-production
-    cp -r /tmp/app/backend/* /backend/
-    cp -r /tmp/app/standalone-entrypoint.sh /backend/ && chmod +x /backend/standalone-entrypoint.sh
-    npm i -D tsconfig-paths
-    npm run build
-    cp -r /infisical-frontend /backend/frontend-build
-    chmod +x -R /backend/scripts /backend/frontend-build/scripts
-    npm cache clean --force
-
-    rm -rf /build-frontend /infisical-frontend/
-    touch .installed__
-    cd /
-
-    cat <<EOF >> /opt/infisical/settings.env
-    ENCRYPTION_KEY=$(/usr/bin/openssl rand -hex 16)
-    AUTH_SECRET=$(/usr/bin/openssl rand -hex 32)
-    EOF
-
-    cat <<EOF > /etc/postgresql/16/main/pg_hba.conf
-    local   all             postgres                                         peer
-    local   infisical       infuser                                          peer
-    local   all             all                                              peer
-    host    infisical       infuser,postgres         127.0.0.1/32            trust
-    host    all             all                      127.0.0.1/32            scram-sha-256
-    host    all             all                      ::1/128                 scram-sha-256
-    local   replication     all                                              peer
-    host    replication     all                      127.0.0.1/32            scram-sha-256
-    host    replication     all                      ::1/128                 scram-sha-256
-    EOF
-
-    systemctl enable redis-server.service
-    systemctl enable postgresql.service
-    systemctl enable infisical-migrator.service
-    systemctl enable infisical.service
+metadata:
+  name: Infisical
+  get_version_command: date +%Y-%m
+  description: Open Source all-in-one secret management platform to securely manage application configuration and secrets across your team and infrastructure.
+  categories: Secrets management, Security
+  project_source: https://github.com/Infisical/infisical
+  distribution: debian
+  release: bookworm
+  architectures:
+    - amd64
+instructions:
+  files:
+    - path: /opt/infisical/settings.env
+      generator: dump
+      mode: "0440"
+      content: |-
+        PORT=8080
+        HOST=0.0.0.0
+        HTTPS_ENABLED=false 
+        STANDALONE_BUILD=true 
+        STANDALONE_MODE=true
+        TELEMETRY_ENABLED=true
+        NODE_ENV=production
+        NEXT_PUBLIC_ENV=production
+        NEXT_TELEMETRY_DISABLED=1
+        POSTGRES_USER=infuser
+        POSTGRES_DB=infisical
+
+    - path: /etc/systemd/system/infisical-initdb.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=DB initializer for Infisical in postgresql
+        After=network.target postgresql.service
+        Wants=postgresql.service
+        ConditionPathExists=/backend/.installed__
+        ConditionPathExists=!/var/lib/postgresql/.db_initialized__
+
+        [Service]
+        Type=oneshot
+        RemainAfterExit=yes
+        WorkingDirectory=/
+        User=postgres
+        EnvironmentFile=/opt/infisical/settings.env
+        ExecStart=/usr/bin/createdb ${POSTGRES_DB}
+        ExecStart=/usr/bin/createuser -s ${POSTGRES_USER}
+        ExecStart=/usr/bin/psql -c "GRANT ALL PRIVILEGES ON DATABASE ${POSTGRES_DB} TO ${POSTGRES_USER};"
+        ExecStart=/usr/bin/touch /var/lib/postgresql/.db_initialized__
+
+        [Install]
+        WantedBy=multi-user.target
+
+    - path: /etc/systemd/system/infisical-migrator.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=DB migrator for Infisical
+        After=network.target infisical-initdb.service
+        Wants=infisical-initdb.service
+        ConditionPathExists=/var/lib/postgresql/.db_initialized__
+        ConditionPathExists=!/backend/.migrated__
+
+        [Service]
+        Type=oneshot
+        RemainAfterExit=yes
+        WorkingDirectory=/backend
+        EnvironmentFile=/opt/infisical/settings.env
+        Environment=DB_CONNECTION_URI=postgres://postgres@127.0.0.1:5432/infisical
+        ExecStart=/usr/bin/npm run migration:latest
+        ExecStart=/usr/bin/touch /backend/.migrated__
+
+        [Install]
+        WantedBy=multi-user.target
+
+    - path: /etc/systemd/system/infisical.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=Open Source Secret Management
+        After=network.target infisical-migrator.service
+        ConditionPathExists=/backend/.migrated__
+
+        [Service]
+        Type=simple
+        WorkingDirectory=/backend
+        EnvironmentFile=/opt/infisical/settings.env
+        Environment=DB_CONNECTION_URI=postgres://infuser@127.0.0.1:5432/infisical
+        Environment=REDIS_URL=redis://127.0.0.1:6379
+        Environment=SITE_URL=http://0.0.0.0:8080
+        PIDFile=/opt/infisical/infisical.pid
+        ExecStart=/backend/standalone-entrypoint.sh
+        Restart=always
+
+        [Install]
+        WantedBy=multi-user.target
+
+  packages:
+    - git
+    - nodejs
+    - redis
+    - redis-server
+    - postgresql-15
+
+  repositories:
+    - name: nodejs
+      url: |-
+        deb http://deb.nodesource.com/node_20.x nodistro main
+      key: |-
+        -----BEGIN PGP PUBLIC KEY BLOCK-----
+
+        mQENBFdDN1ABCADaNd/I3j3tn40deQNgz7hB2NvT+syXe6k4ZmdiEcOfBvFrkS8B
+        hNS67t93etHsxEy7E0qwsZH32bKazMqe9zDwoa3aVImryjh6SHC9lMtW27JPHFeM
+        Srkt9YmH1WMwWcRO6eSY9B3PpazquhnvbammLuUojXRIxkDroy6Fw4UKmUNSRr32
+        9Ej87jRoR1B2/57Kfp2Y4+vFGGzSvh3AFQpBHq51qsNHALU6+8PjLfIt+5TPvaWR
+        TB+kAZnQZkaIQM2nr1n3oj6ak2RATY/+kjLizgFWzgEfbCrbsyq68UoY5FPBnu4Z
+        E3iDZpaIqwKr0seUC7iA1xM5eHi5kty1oB7HABEBAAG0Ik5Tb2xpZCA8bnNvbGlk
+        LWdwZ0Bub2Rlc291cmNlLmNvbT6JATgEEwECACIFAldDN1ACGwMGCwkIBwMCBhUI
+        AgkKCwQWAgMBAh4BAheAAAoJEC9ZtfmbG+C0y7wH/i4xnab36dtrYW7RZwL8i6Sc
+        NjMx4j9+U1kr/F6YtqWd+JwCbBdar5zRghxPcYEq/qf7MbgAYcs1eSOuTOb7n7+o
+        xUwdH2iCtHhKh3Jr2mRw1ks7BbFZPB5KmkxHaEBfLT4d+I91ZuUdPXJ+0SXs9gzk
+        Dbz65Uhoz3W03aiF8HeL5JNARZFMbHHNVL05U1sTGTCOtu+1c/33f3TulQ/XZ3Y4
+        hwGCpLe0Tv7g7Lp3iLMZMWYPEa0a7S4u8he5IEJQLd8bE8jltcQvrdr3Fm8kI2Jg
+        BJmUmX4PSfhuTCFaR/yeCt3UoW883bs9LfbTzIx9DJGpRIu8Y0IL3b4sj/GoZVq5
+        AQ0EV0M3UAEIAKrTaC62ayzqOIPa7nS90BHHck4Z33a2tZF/uof38xNOiyWGhT8u
+        JeFoTTHn5SQq5Ftyu4K3K2fbbpuu/APQF05AaljzVkDGNMW4pSkgOasdysj831cu
+        ssrHX2RYS22wg80k6C/Hwmh5F45faEuNxsV+bPx7oPUrt5n6GMx84vEP3i1+FDBi
+        0pt/B/QnDFBXki1BGvJ35f5NwDefK8VaInxXP3ZN/WIbtn5dqxppkV/YkO7GiJlp
+        Jlju9rf3kKUIQzKQWxFsbCAPIHoWv7rH9RSxgDithXtG6Yg5R1aeBbJaPNXL9wpJ
+        YBJbiMjkAFaz4B95FOqZm3r7oHugiCGsHX0AEQEAAYkBHwQYAQIACQUCV0M3UAIb
+        DAAKCRAvWbX5mxvgtE/OB/0VN88DR3Y3fuqy7lq/dthkn7Dqm9YXdorZl3L152eE
+        IF882aG8FE3qZdaLGjQO4oShAyNWmRfSGuoH0XERXAI9n0r8m4mDMxE6rtP7tHet
+        y/5M8x3CTyuMgx5GLDaEUvBusnTD+/v/fBMwRK/cZ9du5PSG4R50rtst+oYyC2ao
+        x4I2SgjtF/cY7bECsZDplzatN3gv34PkcdIg8SLHAVlL4N5tzumDeizRspcSyoy2
+        K2+hwKU4C4+dekLLTg8rjnRROvplV2KtaEk6rxKtIRFDCoQng8wfJuIMrDNKvqZw
+        FRGt7cbvW5MCnuH8MhItOl9Uxp1wHp6gtav/h8Gp6MBa
+        =MARt
+        -----END PGP PUBLIC KEY BLOCK-----
+
+  actions:
+    - trigger: post-files
+      pongo: true
+      action: |-
+        #!/bin/bash
+        set -eux
+
+        export NODE_ENV=production
+        export NEXT_PUBLIC_ENV=production
+        export NEXT_PUBLIC_POSTHOG_HOST=https://app.posthog.com
+        export NEXT_PUBLIC_POSTHOG_API_KEY=posthog-api-key
+        export NEXT_PUBLIC_INTERCOM_ID=intercom-id
+        export NEXT_PUBLIC_INFISICAL_PLATFORM_VERSION=v{{image.serial}}
+        export NEXT_TELEMETRY_DISABLED=1
+
+        npm config delete http-proxy
+        npm config delete https-proxy
+
+        npm config rm proxy
+        npm config rm https-proxy
+
+        set HTTP_PROXY=null
+        set HTTPS_PROXY=null
+
+        npm config set fetch-timeout 90000
+
+        git clone https://github.com/Infisical/infisical --depth 1 /tmp/app
+
+        mkdir /build-frontend && cd /build-frontend
+        cp /tmp/app/frontend/{package.json,package-lock.json,next.config.js} .
+        npm ci --only-production --ignore-scripts
+        cp -r /tmp/app/frontend/* /build-frontend/
+        npm run build
+        mkdir -p /infisical-frontend/.next/cache/images
+        cp -r /tmp/app/frontend/scripts /infisical-frontend/scripts
+        cp -r /build-frontend/public /infisical-frontend/public
+        cp -r /build-frontend/.next/standalone/* /infisical-frontend/
+        cp -r /build-frontend/.next/* /infisical-frontend/.next/ && rm -rf /infisical-frontend/.next/standalone/
+        npm cache clean --force
+
+        export NODE_ENV=
+        export NEXT_PUBLIC_ENV=
+
+        mkdir /backend && cd /backend
+        cp /tmp/app/backend/package*.json .
+        npm ci --only-production
+        cp -r /tmp/app/backend/* /backend/
+        cp -r /tmp/app/standalone-entrypoint.sh /backend/ && chmod +x /backend/standalone-entrypoint.sh
+        npm i -D tsconfig-paths
+        npm run build
+        cp -r /infisical-frontend /backend/frontend-build
+        chmod +x -R /backend/scripts /backend/frontend-build/scripts
+        npm cache clean --force
+
+        rm -rf /build-frontend /infisical-frontend/
+        touch .installed__
+        cd /
+
+        cat <<EOF >> /opt/infisical/settings.env
+        ENCRYPTION_KEY=$(/usr/bin/openssl rand -hex 16)
+        AUTH_SECRET=$(/usr/bin/openssl rand -hex 32)
+        EOF
+
+        PG_VERSION=$(ls -1 /etc/postgresql)
+
+        cat <<EOF > /etc/postgresql/${PG_VERSION}/main/pg_hba.conf
+        local   all             postgres                                         peer
+        local   infisical       infuser                                          peer
+        local   all             all                                              peer
+        host    infisical       infuser,postgres         127.0.0.1/32            trust
+        host    all             all                      127.0.0.1/32            scram-sha-256
+        host    all             all                      ::1/128                 scram-sha-256
+        local   replication     all                                              peer
+        host    replication     all                      127.0.0.1/32            scram-sha-256
+        host    replication     all                      ::1/128                 scram-sha-256
+        EOF
+
+        systemctl enable redis-server.service postgresql.service infisical-migrator.service infisical.service
diff --git a/templates/ittools.yml b/templates/ittools.yml
index 33dea77..6ed2eff 100644
--- a/templates/ittools.yml
+++ b/templates/ittools.yml
@@ -1,95 +1,104 @@
-name: IT-Tools
+metadata:
+  name: IT-Tools
+  get_version_command: curl -s https://api.github.com/repos/CorentinTh/it-tools/releases/latest | jq -r '.tag_name'
+  description: Useful tools for developers and peoples working in IT.
+  categories: Dev, Toolkit
+  project_source: https://github.com/CorentinTh/it-tools
+  distribution: debian
+  release: bookworm
+  architectures:
+    - amd64
+instructions:
+  files:
+    - path: /var/nginx.conf
+      generator: dump
+      mode: "0440"
+      content: |-
+        worker_processes  1;
+        worker_rlimit_nofile 8192;
 
-files:
-- path: /var/nginx.conf
-  generator: dump
-  mode: '0440'
-  content: |-
-    worker_processes  1;
-    worker_rlimit_nofile 8192;
+        events {
+          worker_connections  4096;
+        }
 
-    events {
-      worker_connections  4096;
-    }
+        http {
+          include    /etc/nginx/mime.types;
+          index    index.html index.htm index.php;
 
-    http {
-      include    /etc/nginx/mime.types;
-      index    index.html index.htm index.php;
+          server {
+              listen 80;
+              server_name localhost;
+              root /usr/share/nginx/html;
+              index index.html;
 
-      server {
-          listen 80;
-          server_name localhost;
-          root /usr/share/nginx/html;
-          index index.html;
-
-          location / {
-              try_files $uri $uri/ /index.html;
+              location / {
+                  try_files $uri $uri/ /index.html;
+              }
           }
-      }
-    }
+        }
 
-packages:
-- git
-- nodejs
-- nginx
+  packages:
+    - git
+    - nodejs
+    - nginx
 
-repositories:
-  - name: nodejs
-    url: |-
-      deb http://deb.nodesource.com/node_20.x nodistro main
-    key: |-
-      -----BEGIN PGP PUBLIC KEY BLOCK-----
+  repositories:
+    - name: nodejs
+      url: |-
+        deb http://deb.nodesource.com/node_20.x nodistro main
+      key: |-
+        -----BEGIN PGP PUBLIC KEY BLOCK-----
 
-      mQENBFdDN1ABCADaNd/I3j3tn40deQNgz7hB2NvT+syXe6k4ZmdiEcOfBvFrkS8B
-      hNS67t93etHsxEy7E0qwsZH32bKazMqe9zDwoa3aVImryjh6SHC9lMtW27JPHFeM
-      Srkt9YmH1WMwWcRO6eSY9B3PpazquhnvbammLuUojXRIxkDroy6Fw4UKmUNSRr32
-      9Ej87jRoR1B2/57Kfp2Y4+vFGGzSvh3AFQpBHq51qsNHALU6+8PjLfIt+5TPvaWR
-      TB+kAZnQZkaIQM2nr1n3oj6ak2RATY/+kjLizgFWzgEfbCrbsyq68UoY5FPBnu4Z
-      E3iDZpaIqwKr0seUC7iA1xM5eHi5kty1oB7HABEBAAG0Ik5Tb2xpZCA8bnNvbGlk
-      LWdwZ0Bub2Rlc291cmNlLmNvbT6JATgEEwECACIFAldDN1ACGwMGCwkIBwMCBhUI
-      AgkKCwQWAgMBAh4BAheAAAoJEC9ZtfmbG+C0y7wH/i4xnab36dtrYW7RZwL8i6Sc
-      NjMx4j9+U1kr/F6YtqWd+JwCbBdar5zRghxPcYEq/qf7MbgAYcs1eSOuTOb7n7+o
-      xUwdH2iCtHhKh3Jr2mRw1ks7BbFZPB5KmkxHaEBfLT4d+I91ZuUdPXJ+0SXs9gzk
-      Dbz65Uhoz3W03aiF8HeL5JNARZFMbHHNVL05U1sTGTCOtu+1c/33f3TulQ/XZ3Y4
-      hwGCpLe0Tv7g7Lp3iLMZMWYPEa0a7S4u8he5IEJQLd8bE8jltcQvrdr3Fm8kI2Jg
-      BJmUmX4PSfhuTCFaR/yeCt3UoW883bs9LfbTzIx9DJGpRIu8Y0IL3b4sj/GoZVq5
-      AQ0EV0M3UAEIAKrTaC62ayzqOIPa7nS90BHHck4Z33a2tZF/uof38xNOiyWGhT8u
-      JeFoTTHn5SQq5Ftyu4K3K2fbbpuu/APQF05AaljzVkDGNMW4pSkgOasdysj831cu
-      ssrHX2RYS22wg80k6C/Hwmh5F45faEuNxsV+bPx7oPUrt5n6GMx84vEP3i1+FDBi
-      0pt/B/QnDFBXki1BGvJ35f5NwDefK8VaInxXP3ZN/WIbtn5dqxppkV/YkO7GiJlp
-      Jlju9rf3kKUIQzKQWxFsbCAPIHoWv7rH9RSxgDithXtG6Yg5R1aeBbJaPNXL9wpJ
-      YBJbiMjkAFaz4B95FOqZm3r7oHugiCGsHX0AEQEAAYkBHwQYAQIACQUCV0M3UAIb
-      DAAKCRAvWbX5mxvgtE/OB/0VN88DR3Y3fuqy7lq/dthkn7Dqm9YXdorZl3L152eE
-      IF882aG8FE3qZdaLGjQO4oShAyNWmRfSGuoH0XERXAI9n0r8m4mDMxE6rtP7tHet
-      y/5M8x3CTyuMgx5GLDaEUvBusnTD+/v/fBMwRK/cZ9du5PSG4R50rtst+oYyC2ao
-      x4I2SgjtF/cY7bECsZDplzatN3gv34PkcdIg8SLHAVlL4N5tzumDeizRspcSyoy2
-      K2+hwKU4C4+dekLLTg8rjnRROvplV2KtaEk6rxKtIRFDCoQng8wfJuIMrDNKvqZw
-      FRGt7cbvW5MCnuH8MhItOl9Uxp1wHp6gtav/h8Gp6MBa
-      =MARt
-      -----END PGP PUBLIC KEY BLOCK-----
+        mQENBFdDN1ABCADaNd/I3j3tn40deQNgz7hB2NvT+syXe6k4ZmdiEcOfBvFrkS8B
+        hNS67t93etHsxEy7E0qwsZH32bKazMqe9zDwoa3aVImryjh6SHC9lMtW27JPHFeM
+        Srkt9YmH1WMwWcRO6eSY9B3PpazquhnvbammLuUojXRIxkDroy6Fw4UKmUNSRr32
+        9Ej87jRoR1B2/57Kfp2Y4+vFGGzSvh3AFQpBHq51qsNHALU6+8PjLfIt+5TPvaWR
+        TB+kAZnQZkaIQM2nr1n3oj6ak2RATY/+kjLizgFWzgEfbCrbsyq68UoY5FPBnu4Z
+        E3iDZpaIqwKr0seUC7iA1xM5eHi5kty1oB7HABEBAAG0Ik5Tb2xpZCA8bnNvbGlk
+        LWdwZ0Bub2Rlc291cmNlLmNvbT6JATgEEwECACIFAldDN1ACGwMGCwkIBwMCBhUI
+        AgkKCwQWAgMBAh4BAheAAAoJEC9ZtfmbG+C0y7wH/i4xnab36dtrYW7RZwL8i6Sc
+        NjMx4j9+U1kr/F6YtqWd+JwCbBdar5zRghxPcYEq/qf7MbgAYcs1eSOuTOb7n7+o
+        xUwdH2iCtHhKh3Jr2mRw1ks7BbFZPB5KmkxHaEBfLT4d+I91ZuUdPXJ+0SXs9gzk
+        Dbz65Uhoz3W03aiF8HeL5JNARZFMbHHNVL05U1sTGTCOtu+1c/33f3TulQ/XZ3Y4
+        hwGCpLe0Tv7g7Lp3iLMZMWYPEa0a7S4u8he5IEJQLd8bE8jltcQvrdr3Fm8kI2Jg
+        BJmUmX4PSfhuTCFaR/yeCt3UoW883bs9LfbTzIx9DJGpRIu8Y0IL3b4sj/GoZVq5
+        AQ0EV0M3UAEIAKrTaC62ayzqOIPa7nS90BHHck4Z33a2tZF/uof38xNOiyWGhT8u
+        JeFoTTHn5SQq5Ftyu4K3K2fbbpuu/APQF05AaljzVkDGNMW4pSkgOasdysj831cu
+        ssrHX2RYS22wg80k6C/Hwmh5F45faEuNxsV+bPx7oPUrt5n6GMx84vEP3i1+FDBi
+        0pt/B/QnDFBXki1BGvJ35f5NwDefK8VaInxXP3ZN/WIbtn5dqxppkV/YkO7GiJlp
+        Jlju9rf3kKUIQzKQWxFsbCAPIHoWv7rH9RSxgDithXtG6Yg5R1aeBbJaPNXL9wpJ
+        YBJbiMjkAFaz4B95FOqZm3r7oHugiCGsHX0AEQEAAYkBHwQYAQIACQUCV0M3UAIb
+        DAAKCRAvWbX5mxvgtE/OB/0VN88DR3Y3fuqy7lq/dthkn7Dqm9YXdorZl3L152eE
+        IF882aG8FE3qZdaLGjQO4oShAyNWmRfSGuoH0XERXAI9n0r8m4mDMxE6rtP7tHet
+        y/5M8x3CTyuMgx5GLDaEUvBusnTD+/v/fBMwRK/cZ9du5PSG4R50rtst+oYyC2ao
+        x4I2SgjtF/cY7bECsZDplzatN3gv34PkcdIg8SLHAVlL4N5tzumDeizRspcSyoy2
+        K2+hwKU4C4+dekLLTg8rjnRROvplV2KtaEk6rxKtIRFDCoQng8wfJuIMrDNKvqZw
+        FRGt7cbvW5MCnuH8MhItOl9Uxp1wHp6gtav/h8Gp6MBa
+        =MARt
+        -----END PGP PUBLIC KEY BLOCK-----
 
-actions:
-- trigger: post-files
-  pongo: true
-  action: |-
-    #!/bin/bash
-    set -eux
+  actions:
+    - trigger: post-files
+      pongo: true
+      action: |-
+        #!/bin/bash
+        set -eux
 
-    export NPM_CONFIG_LOGLEVEL=warn
-    export CI=true
-    git clone https://github.com/CorentinTh/it-tools -b v{{ image.serial }} --depth 1 /tmp/app
+        export NPM_CONFIG_LOGLEVEL=warn
+        export CI=true
+        git clone https://github.com/CorentinTh/it-tools -b v{{ image.serial }} --depth 1 /tmp/app
 
-    mkdir /install
-    cd /install
-    cp /tmp/app/{package.json,pnpm-lock.yaml} .
+        mkdir /install
+        cd /install
+        cp /tmp/app/{package.json,pnpm-lock.yaml} .
 
-    npm install -g pnpm && pnpm i --frozen-lockfile
-    cp -r /tmp/app/* /install/
-    pnpm build
-    cp -r dist/* /usr/share/nginx/html/
-    mv /var/nginx.conf /etc/nginx/nginx.conf
+        npm install -g pnpm && pnpm i --frozen-lockfile
+        cp -r /tmp/app/* /install/
+        pnpm build
+        cp -r dist/* /usr/share/nginx/html/
+        mv /var/nginx.conf /etc/nginx/nginx.conf
 
-    cd /
-    rm -rf /install
+        cd /
+        rm -rf /install
 
-    systemctl enable nginx.service
+        systemctl enable nginx.service
diff --git a/templates/jellyfin.yml b/templates/jellyfin.yml
index e258534..9692c88 100644
--- a/templates/jellyfin.yml
+++ b/templates/jellyfin.yml
@@ -1,93 +1,21 @@
-name: Jenkins
+metadata:
+  name: Jellyfin
+  get_version_command: curl -s https://api.github.com/repos/jellyfin/jellyfin/releases/latest | jq -r '.tag_name'
+  description: A Free Software Media System to collect, manage, and stream your media.
+  categories: Media management, Streaming
+  project_source: https://github.com/jellyfin/jellyfin
+  distribution: debian
+  release: bookworm
+  architectures:
+    - amd64
+instructions:
+  actions:
+    - trigger: post-files
+      pongo: true
+      action: |-
+        #!/bin/bash
+        set -eux
 
-files:
-- path: /etc/systemd/system/jellyfin.service
-  generator: dump
-  content: |-
-    [Unit]
-    Description = Jellyfin Media Server
-    After = network-online.target
+        curl https://repo.jellyfin.org/install-debuntu.sh | sed '/echo -en \"If this looks correct/,/read < \/dev\/tty/d' | bash
 
-    [Service]
-    Type = simple
-    EnvironmentFile = /etc/default/jellyfin
-    WorkingDirectory = /var/lib/jellyfin
-    ExecStart = /usr/bin/jellyfin $JELLYFIN_WEB_OPT $JELLYFIN_RESTART_OPT $JELLYFIN_FFMPEG_OPT $JELLYFIN_SERVICE_OPT $JELLYFIN_NOWEBAPP_OPT $JELLYFIN_ADDITIONAL_OPTS
-    Restart = on-failure
-    TimeoutSec = 15
-    SuccessExitStatus=0 143
-
-    [Install]
-    WantedBy = multi-user.target
-
-actions:
-- trigger: post-files
-  pongo: true
-  action: |-
-    #!/bin/bash
-    set -eux
-
-    cat <<EOF | tee /etc/apt/sources.list.d/jellyfin.sources
-    Types: deb
-    URIs: https://repo.jellyfin.org/{{ image.distribution }}
-    Suites: {{ image.release }}
-    Components: main
-    Architectures: {{ image.architecture }}
-    Signed-By:
-     -----BEGIN PGP PUBLIC KEY BLOCK-----
-     .
-     mQGNBFwWoe0BDAC84Lw0ULDa7goKnxx6MsoSRp/c26mVSyo32NaaU4hd0j2ZsRpA
-     /Au33yZJesgtq6O5H3X2aQazmENqtp/phyWexwPn6L7w5SMkSMQIGCNzmbWnd2ef
-     RHHp2vJ7w9p5d2FRm2mPnxvgV+G2lumg2Nq9YWCdhI0lpIh47n4KBR4WjmVi+Jrp
-     VhZan4TUUX8Lz3HP3jW1gzXIOnD8dEM+HyBamq8GCnmA3jtqFY2pxeU/Ol7uXmBw
-     n4B2AHHDe5CyhczK+j6tvdvN+1mNnXXrg0W5hu6MJuHBucQF1sXhYC7q9BzhMEES
-     MM+mXzwwjknVdxh7rFHz5Hh+rwA6cTE/3rbvMhNaFusLC6gGuZw+LyK2Y2gsWkZ9
-     1vtdlpU1Evox+JYH2wnfgLdMEnqOP4JT7jOwJwoQS7nxTJBGBx9RK/BGfCHf5LE8
-     moJxIBsw3rpgsP75ekaNTuxIZdQz+hzRB/rsk8I7U7L1i9RS8E+2DQDO98PZ7ZMQ
-     hcUbEFSEtrdMTEMAEQEAAbQhSmVsbHlmaW4gVGVhbSA8dGVhbUBqZWxseWZpbi5v
-     cmc+iQHOBBMBCgA4AhsDBQsJCAcDBRUKCQgLBRYDAgEAAh4BAheAFiEESRiqvEhs
-     oFI1jXeNSQI80B3iGnsFAl+6tVIACgkQSQI80B3iGntaRwwAmoF7msQXtBc+pC+q
-     li/kP/HAY/lowPdG6HqnVlfIUnDymBR4oKTO+izuZDNVFczBtiExcWecp4kbV0vV
-     o1W7vtzrSsZngYSU9JeZD41WOOM4oKtk8wU4ctS/bXKpgj8fY+sb9J0xwJEl0lPF
-     lV582aChUa2IZJUmOaoQPij/HZDnZ4HVgjB4AsPQUmdENVypV83BjuRuSyifOdGv
-     hXmwouM8i/nZRNTcrVtaLQyFRJ9zmqa34qioXWmgJPOZbrZf3s/YGCfsQKuwyOzH
-     v92g0bV0N6pHTct9tyNyXg3qVYZvybrpaDJgDKZ3e6xcxOmbfLdDG79r5OdEzSby
-     ooVLwl5au2dtODgKgnohso+02bqFCP63szPU4LmexysEqQKqVVU6bZum8rAYN52j
-     C4ejkqxoDbUiay2Ou0BsUnQFdH3p/H25YMUAUuPYD4iFkGe3KmfRAbW6k0z1+pF1
-     qXst9T9/egEDFmgdpj7O//TqGZ8kk5nBiFjsLt42/yLUJy4ZiQHUBBMBCgA+FiEE
-     SRiqvEhsoFI1jXeNSQI80B3iGnsFAlwWoe0CGwMFCQPCZwAFCwkIBwMFFQoJCAsF
-     FgMCAQACHgECF4AACgkQSQI80B3iGntrNgwAqjW/2LvcvnIldvc1kwCGkZ5Tueka
-     msP1UvhWs9hy4LQw3oRfDBqh4rBS2cU889GUjJsu825hudxQ0bGz3fw/c8oSPNnU
-     haygZqAuHHu6wTrw3p4/F2o3vdvCvOBDvwdqF9R/ID3IcIL3n8Yor4RrYyYp9jCZ
-     YS97kmW2UoplrkcJoeKf1pbYdQQUgM5MVKDRe7fEsXKTEouRlfkGF/9k66t+sAL0
-     qUhJ89cEXHYSZQR+XA9ajft9+6pEWNNZwV4lwjBYx1AGF0l/VfGcH8QDNBqsfKM4
-     rOEDfKUrpo91HavqdR7z8g6hVRvn1p30QKceMQLJTwM2ppAWmZlDEjeeqZVxsnYG
-     a9wbt5euc9m5lhXOPDIHCbecTzEku4g3vbdU+YR7os/1uosvZ/oAoFQrO4x5jbes
-     kTIGawfzUxv75U0Yk0wOaa7wrvLn+iQNAV09skzLee0w4ZOUZAvqVVvM1jWiz0kV
-     t6KK2zDmXZpU5ucZijn/j4sjFTe5s5b/d/BnuQGNBFwWoe0BDACm+PPkKavrzYX7
-     nx7Bhii1u/8pn8xWuSkLbUaAez0h1AAjmxNG0ntYNuyzucbZSyae6ujPH3V/a9qC
-     omIIy8CqY0Tn9AZ5Icz1UmG7EZV5hMyWTELG6/PKK0K0p5m3IT6la4fVUv5z8wb6
-     7qDSbWoW9ZQZMYeK7BOAXPns9nJ9Q753cxafl5g6D44WquGiOLhy7Ms37J/eua5i
-     6FhEeLZaqvlwJ0cC3R/JgZGACjZVXNrzUMZ2jnS7XtuzWcwyabh4GvDE8baLGGQG
-     mFHNm5o80ZlsrC5hIHIcH1QrcAxTkS6BnMCIKc05ZuotYJhwUFhZPXguw0fQjfcw
-     M9nCwMbQtYJdnifiKxeJNMo3Nwv6ZXv57y9wjx1F4zQB0LhnZQqkEIIUCzFgaHNC
-     gnfmPgiOnC0XjXLw84k8rIsCx2c7Aqzg7fygsry0l8sTllewejM1LZDyWHqGJM0L
-     RlZMTKFOJmx6pBkLfcZpggaN6FucL/6kDgQ1Gu+h4GTJlx76t60AEQEAAYkBtgQY
-     AQoAIAIbDBYhBEkYqrxIbKBSNY13jUkCPNAd4hp7BQJfurVdAAoJEEkCPNAd4hp7
-     gdgL/ja9frYBY2Iyhzk9p3TYyk4NXYqtmd42oslrQtXDkRLld3Hn1d0caacKngKY
-     xgJOV46qOdXMgOTGdIjYkDYVTiNyVmsiGGnclxO8CWXuPR243zxSLik/1JTO+6dZ
-     tOwJYAYct8hsKY3gayPViu4tRCmDx2zbiXUYy3/puwBFZDrlk7XCguc3Yl9vgWdB
-     WgoSMxqq5PGIRngKe416Fkjm3eLUOXi1MTifC4gHBi9yqK/sQ3VK4/xj1hsAfJ4t
-     ynJE1d/PGF3DDtV/Jo+lEcxUQre32ItAMQ6//6sePfyre9lscO1c0ju6kvEEfxhw
-     h6qGmrnTVVHBbpBvI7nY3M5BfdDIg5/oQm0r5OLcPkMb2FKYNMmCPg/sd1qkw0LF
-     ZoV3SMsxEMK5J6P+XVH2vmZPWQhObZxUbnCYEZX/nVG1lbtRQ/EwXLT2/WoxQ5sg
-     JsVnlqQu0XjtZhSDcIR/dNgJfYsrts3xfn1qMzs8b63nq/GXTEmRvZpOggGo/ybT
-     oqYC5A==
-     =OWPs
-     -----END PGP PUBLIC KEY BLOCK-----
-    EOF
-
-    apt update -y
-    apt install -y jellyfin
-
-    systemctl enable jellyfin.service
+        systemctl enable jellyfin.service
diff --git a/templates/jellyseerr.yml b/templates/jellyseerr.yml
index c5a02f3..47ac8a3 100644
--- a/templates/jellyseerr.yml
+++ b/templates/jellyseerr.yml
@@ -1,319 +1,111 @@
-name: Jellyseerr
+metadata:
+  name: Jellyseerr
+  get_version_command: curl -s https://api.github.com/repos/Fallenbagel/jellyseerr/releases/latest | jq -r '.tag_name'
+  description: Open source software application for managing requests for your media library.
+  categories: Media management
+  project_source: https://github.com/Fallenbagel/jellyseerr
+  distribution: debian
+  release: bookworm
+  architectures:
+    - amd64
+instructions:
+  files:
+    - path: /etc/jellyseerr/jellyseerr.conf
+      generator: dump
+      mode: "0440"
+      content: |-
+        # Jellyseerr's default port is 5055, if you want to use both, change this.
+        # specify on which port to listen
+        PORT=5055
 
-files:
-- path: /etc/jellyseerr/jellyseerr.conf
-  generator: dump
-  mode: '0440'
-  content: |-
-    # Jellyseerr's default port is 5055, if you want to use both, change this.
-    # specify on which port to listen
-    PORT=5055
+        # specify on which interface to listen, by default jellyseerr listens on all interfaces
+        #HOST=127.0.0.1
 
-    # specify on which interface to listen, by default jellyseerr listens on all interfaces
-    #HOST=127.0.0.1
+        # Uncomment if your media server is emby instead of jellyfin.
+        # JELLYFIN_TYPE=emby
 
-    # Uncomment if your media server is emby instead of jellyfin.
-    # JELLYFIN_TYPE=emby
+        ## Uncomment if you want to force Node.js to resolve IPv4 before IPv6 (advanced users only)
+        FORCE_IPV4_FIRST=true
 
-- path: /etc/systemd/system/jellyseerr.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=Jellyseerr Service
-    Wants=network-online.target
-    After=network-online.target
+    - path: /etc/systemd/system/jellyseerr.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=Jellyseerr Service
+        Wants=network-online.target
+        After=network-online.target
 
-    [Service]
-    EnvironmentFile=/etc/jellyseerr/jellyseerr.conf
-    Environment=NODE_ENV=production
-    Type=exec
-    Restart=on-failure
-    WorkingDirectory=/opt/jellyseerr
-    ExecStart=/usr/bin/node dist/index.js
+        [Service]
+        EnvironmentFile=/etc/jellyseerr/jellyseerr.conf
+        Environment=NODE_ENV=production
+        Type=exec
+        Restart=on-failure
+        WorkingDirectory=/opt/jellyseerr
+        ExecStart=/usr/bin/node dist/index.js
 
-    [Install]
-    WantedBy=multi-user.target
+        [Install]
+        WantedBy=multi-user.target
 
-packages:
-- tzdata
-- git
-- nodejs
-- yarn
+  packages:
+    - git
+    - nodejs
 
-repositories:
-  - name: nodejs
-    url: |-
-      deb http://deb.nodesource.com/node_18.x nodistro main
-    key: |-
-      -----BEGIN PGP PUBLIC KEY BLOCK-----
+  repositories:
+    - name: nodejs
+      url: |-
+        deb http://deb.nodesource.com/node_20.x nodistro main
+      key: |-
+        -----BEGIN PGP PUBLIC KEY BLOCK-----
 
-      mQENBFdDN1ABCADaNd/I3j3tn40deQNgz7hB2NvT+syXe6k4ZmdiEcOfBvFrkS8B
-      hNS67t93etHsxEy7E0qwsZH32bKazMqe9zDwoa3aVImryjh6SHC9lMtW27JPHFeM
-      Srkt9YmH1WMwWcRO6eSY9B3PpazquhnvbammLuUojXRIxkDroy6Fw4UKmUNSRr32
-      9Ej87jRoR1B2/57Kfp2Y4+vFGGzSvh3AFQpBHq51qsNHALU6+8PjLfIt+5TPvaWR
-      TB+kAZnQZkaIQM2nr1n3oj6ak2RATY/+kjLizgFWzgEfbCrbsyq68UoY5FPBnu4Z
-      E3iDZpaIqwKr0seUC7iA1xM5eHi5kty1oB7HABEBAAG0Ik5Tb2xpZCA8bnNvbGlk
-      LWdwZ0Bub2Rlc291cmNlLmNvbT6JATgEEwECACIFAldDN1ACGwMGCwkIBwMCBhUI
-      AgkKCwQWAgMBAh4BAheAAAoJEC9ZtfmbG+C0y7wH/i4xnab36dtrYW7RZwL8i6Sc
-      NjMx4j9+U1kr/F6YtqWd+JwCbBdar5zRghxPcYEq/qf7MbgAYcs1eSOuTOb7n7+o
-      xUwdH2iCtHhKh3Jr2mRw1ks7BbFZPB5KmkxHaEBfLT4d+I91ZuUdPXJ+0SXs9gzk
-      Dbz65Uhoz3W03aiF8HeL5JNARZFMbHHNVL05U1sTGTCOtu+1c/33f3TulQ/XZ3Y4
-      hwGCpLe0Tv7g7Lp3iLMZMWYPEa0a7S4u8he5IEJQLd8bE8jltcQvrdr3Fm8kI2Jg
-      BJmUmX4PSfhuTCFaR/yeCt3UoW883bs9LfbTzIx9DJGpRIu8Y0IL3b4sj/GoZVq5
-      AQ0EV0M3UAEIAKrTaC62ayzqOIPa7nS90BHHck4Z33a2tZF/uof38xNOiyWGhT8u
-      JeFoTTHn5SQq5Ftyu4K3K2fbbpuu/APQF05AaljzVkDGNMW4pSkgOasdysj831cu
-      ssrHX2RYS22wg80k6C/Hwmh5F45faEuNxsV+bPx7oPUrt5n6GMx84vEP3i1+FDBi
-      0pt/B/QnDFBXki1BGvJ35f5NwDefK8VaInxXP3ZN/WIbtn5dqxppkV/YkO7GiJlp
-      Jlju9rf3kKUIQzKQWxFsbCAPIHoWv7rH9RSxgDithXtG6Yg5R1aeBbJaPNXL9wpJ
-      YBJbiMjkAFaz4B95FOqZm3r7oHugiCGsHX0AEQEAAYkBHwQYAQIACQUCV0M3UAIb
-      DAAKCRAvWbX5mxvgtE/OB/0VN88DR3Y3fuqy7lq/dthkn7Dqm9YXdorZl3L152eE
-      IF882aG8FE3qZdaLGjQO4oShAyNWmRfSGuoH0XERXAI9n0r8m4mDMxE6rtP7tHet
-      y/5M8x3CTyuMgx5GLDaEUvBusnTD+/v/fBMwRK/cZ9du5PSG4R50rtst+oYyC2ao
-      x4I2SgjtF/cY7bECsZDplzatN3gv34PkcdIg8SLHAVlL4N5tzumDeizRspcSyoy2
-      K2+hwKU4C4+dekLLTg8rjnRROvplV2KtaEk6rxKtIRFDCoQng8wfJuIMrDNKvqZw
-      FRGt7cbvW5MCnuH8MhItOl9Uxp1wHp6gtav/h8Gp6MBa
-      =MARt
-      -----END PGP PUBLIC KEY BLOCK-----
+        mQENBFdDN1ABCADaNd/I3j3tn40deQNgz7hB2NvT+syXe6k4ZmdiEcOfBvFrkS8B
+        hNS67t93etHsxEy7E0qwsZH32bKazMqe9zDwoa3aVImryjh6SHC9lMtW27JPHFeM
+        Srkt9YmH1WMwWcRO6eSY9B3PpazquhnvbammLuUojXRIxkDroy6Fw4UKmUNSRr32
+        9Ej87jRoR1B2/57Kfp2Y4+vFGGzSvh3AFQpBHq51qsNHALU6+8PjLfIt+5TPvaWR
+        TB+kAZnQZkaIQM2nr1n3oj6ak2RATY/+kjLizgFWzgEfbCrbsyq68UoY5FPBnu4Z
+        E3iDZpaIqwKr0seUC7iA1xM5eHi5kty1oB7HABEBAAG0Ik5Tb2xpZCA8bnNvbGlk
+        LWdwZ0Bub2Rlc291cmNlLmNvbT6JATgEEwECACIFAldDN1ACGwMGCwkIBwMCBhUI
+        AgkKCwQWAgMBAh4BAheAAAoJEC9ZtfmbG+C0y7wH/i4xnab36dtrYW7RZwL8i6Sc
+        NjMx4j9+U1kr/F6YtqWd+JwCbBdar5zRghxPcYEq/qf7MbgAYcs1eSOuTOb7n7+o
+        xUwdH2iCtHhKh3Jr2mRw1ks7BbFZPB5KmkxHaEBfLT4d+I91ZuUdPXJ+0SXs9gzk
+        Dbz65Uhoz3W03aiF8HeL5JNARZFMbHHNVL05U1sTGTCOtu+1c/33f3TulQ/XZ3Y4
+        hwGCpLe0Tv7g7Lp3iLMZMWYPEa0a7S4u8he5IEJQLd8bE8jltcQvrdr3Fm8kI2Jg
+        BJmUmX4PSfhuTCFaR/yeCt3UoW883bs9LfbTzIx9DJGpRIu8Y0IL3b4sj/GoZVq5
+        AQ0EV0M3UAEIAKrTaC62ayzqOIPa7nS90BHHck4Z33a2tZF/uof38xNOiyWGhT8u
+        JeFoTTHn5SQq5Ftyu4K3K2fbbpuu/APQF05AaljzVkDGNMW4pSkgOasdysj831cu
+        ssrHX2RYS22wg80k6C/Hwmh5F45faEuNxsV+bPx7oPUrt5n6GMx84vEP3i1+FDBi
+        0pt/B/QnDFBXki1BGvJ35f5NwDefK8VaInxXP3ZN/WIbtn5dqxppkV/YkO7GiJlp
+        Jlju9rf3kKUIQzKQWxFsbCAPIHoWv7rH9RSxgDithXtG6Yg5R1aeBbJaPNXL9wpJ
+        YBJbiMjkAFaz4B95FOqZm3r7oHugiCGsHX0AEQEAAYkBHwQYAQIACQUCV0M3UAIb
+        DAAKCRAvWbX5mxvgtE/OB/0VN88DR3Y3fuqy7lq/dthkn7Dqm9YXdorZl3L152eE
+        IF882aG8FE3qZdaLGjQO4oShAyNWmRfSGuoH0XERXAI9n0r8m4mDMxE6rtP7tHet
+        y/5M8x3CTyuMgx5GLDaEUvBusnTD+/v/fBMwRK/cZ9du5PSG4R50rtst+oYyC2ao
+        x4I2SgjtF/cY7bECsZDplzatN3gv34PkcdIg8SLHAVlL4N5tzumDeizRspcSyoy2
+        K2+hwKU4C4+dekLLTg8rjnRROvplV2KtaEk6rxKtIRFDCoQng8wfJuIMrDNKvqZw
+        FRGt7cbvW5MCnuH8MhItOl9Uxp1wHp6gtav/h8Gp6MBa
+        =MARt
+        -----END PGP PUBLIC KEY BLOCK-----
 
-  - name: yarn
-    url: |-
-      deb http://dl.yarnpkg.com/debian stable main
-    key: |-
-      -----BEGIN PGP PUBLIC KEY BLOCK-----
+  actions:
+    - trigger: post-files
+      pongo: true
+      action: |-
+        #!/bin/bash
+        set -eux
 
-      mQINBFf0j5oBEADS6cItqCbf4lOLICohq2aHqM5I1jsz3DC4ddIU5ONbKXP1t0wk
-      FEUPRzd6m80cTo7Q02Bw7enh4J6HvM5XVBSSGKENP6XAsiOZnY9nkXlcQAPFRnCn
-      CjEfoOPZ0cBKjn2IpIXXcC+7xh4p1yruBpOsCbT6BuzA+Nm9j4cpRjdRdWSSmdID
-      TyMZClmYm/NIfCPduYvNZxZXhW3QYeieP7HIonhZSHVu/jauEUyHLVsieUIvAOJI
-      cXYpwLlrw0yy4flHe1ORJzuA7EZ4eOWCuKf1PgowEnVSS7Qp7lksCuljtfXgWelB
-      XGJlAMD90mMbsNpQPF8ywQ2wjECM8Q6BGUcQuGMDBtFihobb+ufJxpUOm4uDt0y4
-      zaw+MVSi+a56+zvY0VmMGVyJstldPAcUlFYBDsfC9+zpzyrAqRY+qFWOT2tj29R5
-      ZNYvUUjEmA/kXPNIwmEr4oj7PVjSTUSpwoKamFFE6Bbha1bzIHpdPIRYc6cEulp3
-      dTOWfp+Cniiblp9gwz3HeXOWu7npTTvJBnnyRSVtQgRnZrrtRt3oLZgmj2fpZFCE
-      g8VcnQOb0iFcIM7VlWL0QR4SOz36/GFyezZkGsMlJwIGjXkqGhcEHYVDpg0nMoq1
-      qUvizxv4nKLanZ5jKrV2J8V09PbL+BERIi6QSeXhXQIui/HfV5wHXC6DywARAQAB
-      tBxZYXJuIFBhY2thZ2luZyA8eWFybkBkYW4uY3g+iQI5BBMBCAAjBQJX9I+aAhsD
-      BwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQFkawG4blAxB52Q/9FcyGIEK2
-      QamDhookuoUGGYjIeN+huQPWmc6mLPEKS2Vahk5jnJKVtAFiaqINiUtt/1jZuhF2
-      bVGITvZK79kM6lg42xQcnhypzQPgkN7GQ/ApYqeKqCh1wV43KzT/CsJ9TrI0SC34
-      qYHTEXXUprAuwQitgAJNi5QMdMtauCmpK+Xtl/72aetvL8jMFElOobeGwKgfLo9+
-      We2EkKhSwyiy3W5TYI1UlV+evyyT+N0pmhRUSH6sJpzDnVYYPbCWa2b+0D/PHjXi
-      edKcely/NvqyVGoWZ+j41wkp5Q0wK2ybURS1ajfaKt0OcMhRf9XCfeXAQvU98mEk
-      FlfPaq0CXsjOy8eJXDeoc1dwxjDi2YbfHel0CafjrNp6qIFG9v3JxPUU19hG9lxD
-      Iv7VXftvMpjJCo/J4Qk+MOv7KsabgXg1iZHmllyyH3TY4AA4VA+mlceiiOHdXbKk
-      Q3BfS1jdXPV+2kBfqM4oWANArlrFTqtop8PPsDNqh/6SrVsthr7WTvC5q5h/Lmxy
-      Krm4Laf7JJMvdisfAsBbGZcR0Xv/Vw9cf2OIEzeOWbj5xul0kHT1vHhVNrBNanfe
-      t79RTDGESPbqz+bTS7olHWctl6TlwxA0/qKlI/PzXfOg63Nqy15woq9buca+uTcS
-      ccYO5au+g4Z70IEeQHsq5SC56qDR5/FvYyu5Ag0EV/SPmgEQANDSEMBKp6ER86y+
-      udfKdSLP9gOv6hPsAgCHhcvBsks+ixeX9U9KkK7vj/1q6wodKf9oEbbdykHgIIB1
-      lzY1l7u7/biAtQhTjdEZPh/dt3vjogrJblUEC0rt+fZe325ociocS4Bt9I75Ttkd
-      nWgkE4uOBJsSllpUbqfLBfYR58zz2Rz1pkBqRTkmJFetVNYErYi2tWbeJ59GjUN7
-      w1K3GhxqbMbgx4dF5+rjGs+KI9k6jkGeeQHqhDk+FU70oLVLuH2Dmi9IFjklKmGa
-      3BU7VpNxvDwdoV7ttRYEBcBnPOmL24Sn4Xhe2MDCqgJwwyohd9rk8neV7GtavVea
-      Tv6bnzi1iJRgDld51HFWG8X+y55i5cYWaiXHdHOAG1+t35QUrczm9+sgkiKSk1II
-      TlEFsfwRl16NTCMGzjP5kGCm/W+yyyvBMw7CkENQcd23fMsdaQ/2UNYJau2PoRH/
-      m+IoRehIcmE0npKeLVTDeZNCzpmfY18T542ibK49kdjZiK6G/VyBhIbWEFVu5Ll9
-      +8GbcO9ucYaaeWkFS8Hg0FZafMk59VxKiICKLZ5he/C4f0UssXdyRYU6C5BH8UTC
-      QLg0z8mSSL+Wb2iFVPrn39Do7Zm8ry6LBCmfCf3pI99Q/1VaLDauorooJV3rQ5kC
-      JEiAeqQtLOvyoXIex1VbzlRUXmElABEBAAGJAh8EGAEIAAkFAlf0j5oCGwwACgkQ
-      FkawG4blAxAUUQ//afD0KLHjClHsA/dFiW+5qVzI8kPMHwO1QcUjeXrB6I3SluOT
-      rLSPhOsoS72yAaU9hFuq8g9ecmFrl3Skp/U4DHZXioEmozyZRp7eVsaHTewlfaOb
-      6g7+v52ktYdomcp3BM5v/pPZCnB5rLrH2KaUWbpY6V6tqtCHbF7zftDqcBENJDXf
-      hiCqS19J08GZFjDEqGDrEj3YEmEXZMN7PcXEISPIz6NYI6rw4yVH8AXfQW6vpPzm
-      ycHwI0QsVW2NQdcZ6zZt+phm6shNUbN2iDdg3BJICmIvQf8qhO3bOh0Bwc11FLHu
-      MKuGVxnWN82HyIsuUB7WDLBHEOtg61Zf1nAF1PQK52YuQz3EWI4LL9OqVqfSTY1J
-      jqIfj+u1PY2UHrxZfxlz1M8pXb1grozjKQ5aNqBKRrcMZNx71itR5rv18qGjGR2i
-      Sciu/xah7zAroEQrx72IjYt03tbk/007CvUlUqFIFB8kY1bbfX8JAA+TxelUniUR
-      2CY8eom5HnaPpKE3kGXZ0jWkudbWb7uuWcW1FE/bO+VtexpBL3SoXmwbVMGnJIEi
-      Uvy8m6ez0kzLXzJ/4K4b8bDO4NjFX2ocKdzLA89Z95KcZUxEG0O7kaDCu0x3BEge
-      uArJLecD5je2/2HXAdvkOAOUi6Gc/LiJrtInc0vUFsdqWCUK5Ao/MKvdMFW5Ag0E
-      V/SP2AEQALRcYv/hiv1n3VYuJbFnEfMkGwkdBYLGo3hiHKY8xrsFVePl9SkL8aqd
-      C310KUFNI42gGY/lz54RUHOqfMszTdafFrmwU18ECWGo4oG9qEutIKG7fkxcvk2M
-      tgsOMZFJqVDS1a9I4QTIkv1ellLBhVub9S7vhe/0jDjXs9IyOBpYQrpCXAm6SypC
-      fpqkDJ4qt/yFheATcm3s8ZVTsk2hiz2jnbqfvpte3hr3XArDjZXr3mGAp3YY9JFT
-      zVBOhyhT/92e6tURz8a/+IrMJzhSyIDel9L+2sHHo9E+fA3/h3lg2mo6EZmRTuvE
-      v9GXf5xeP5lSCDwS6YBXevJ8OSPlocC8Qm8ziww6dy/23XTxPg4YTkdf42i7VOpS
-      pa7EvBGne8YrmUzfbrxyAArK05lo56ZWb9ROgTnqM62wfvrCbEqSHidN3WQQEhMH
-      N7vtXeDPhAd8vaDhYBk4A/yWXIwgIbMczYf7Pl7oY3bXlQHb0KW/y7N3OZCr5mPW
-      94VLLH/v+T5R4DXaqTWeWtDGXLih7uXrG9vdlyrULEW+FDSpexKFUQe83a+Vkp6x
-      GX7FdMC9tNKYnPeRYqPF9UQEJg+MSbfkHSAJgky+bbacz+eqacLXMNCEk2LXFV1B
-      66u2EvSkGZiH7+6BNOar84I3qJrU7LBD7TmKBDHtnRr9JXrAxee3ABEBAAGJBEQE
-      GAEIAA8FAlf0j9gCGwIFCQHhM4ACKQkQFkawG4blAxDBXSAEGQEIAAYFAlf0j9gA
-      CgkQ0QH3iZ1B88PaoA//VuGdF5sjxRIOAOYqXypOD9/Kd7lYyxmtCwnvKdM7f8O5
-      iD8oR2Pk1RhYHjpkfMRVjMkaLfxIRXfGQsWfKN2Zsa4zmTuNy7H6X26XW3rkFWpm
-      dECz1siGRvcpL6NvwLPIPQe7tST72q03u1H7bcyLGk0sTppgMoBND7yuaBTBZkAO
-      WizR+13x7FV+Y2j430Ft/DOe/NTc9dAlp6WmF5baOZClULfFzCTf9OcS2+bo68oP
-      gwWwnciJHSSLm6WRjsgoDxo5f3xBJs0ELKCr4jMwpSOTYqbDgEYOQTmHKkX8ZeQA
-      7mokc9guA0WK+DiGZis85lU95mneyJ2RuYcz6/VDwvT84ooe1swVkC2palDqBMwg
-      jZSTzbcUVqZRRnSDCe9jtpvF48WK4ZRiqtGO6Avzg1ZwMmWSr0zHQrLrUMTq/62W
-      KxLyj2oPxgptRg589hIwXVxJRWQjFijvK/xSjRMLgg73aNTq6Ojh98iyKAQ3HfzW
-      6iXBLLuGfvxflFednUSdWorr38MspcFvjFBOly+NDSjPHamNQ2h19iHLrYT7t4ve
-      nU9PvC+ORvXGxTN8mQR9btSdienQ8bBuU/mg/c417w6WbY7tkkqHqUuQC9LoaVdC
-      QFeE/SKGNe+wWN/EKi0QhXR9+UgWA41Gddi83Bk5deuTwbUeYkMDeUlOq3yyemcG
-      VxAA0PSktXnJgUj63+cdXu7ustVqzMjVJySCKSBtwJOge5aayonCNxz7KwoPO34m
-      Gdr9P4iJfc9kjawNV79aQ5aUH9uU2qFlbZOdO8pHOTjy4E+J0wbJb3VtzCJc1Eaa
-      83kZLFtJ45Fv2WQQ2Nv3Fo+yqAtkOkaBZv9Yq0UTaDkSYE9MMzHDVFx11TT21NZD
-      xu2QiIiqBcZfqJtIFHN5jONjwPG08xLAQKfUNROzclZ1h4XYUT+TWouopmpNeay5
-      JSNcp5LsC2Rn0jSFuZGPJ1rBwB9vSFVA/GvOj8qEdfhjN3XbqPLVdOeChKuhlK0/
-      sOLZZG91SHmT5SjP2zM6QKKSwNgHX4xZt4uugSZiY13+XqnrOGO9zRH8uumhsQmI
-      eFEdT27fsXTDTkWPI2zlHTltQjH1iebqqM9gfa2KUt671WyoL1yLhWrgePvDE+He
-      r002OslvvW6aAIIBki3FntPDqdIH89EEB4UEGqiA1eIZ6hGaQfinC7/IOkkm/mEa
-      qdeoI6NRS521/yf7i34NNj3IaL+rZQFbVWdbTEzAPtAs+bMJOHQXSGZeUUFrEQ/J
-      ael6aNg7mlr7cacmDwZWYLoCfY4w9GW6JHi6i63np8EA34CXecfor7cAX4XfaokB
-      XjyEkrnfV6OWYS7f01JJOcqYANhndxz1Ph8bxoRPelf5q+W5Ag0EWBU7dwEQAL1p
-      wH4prFMFMNV7MJPAwEug0Mxf3OsTBtCBnBYNvgFB+SFwKQLyDXUujuGQudjqQPCz
-      /09MOJPwGCOi0uA0BQScJ5JAfOq33qXi1iXCj9akeCfZXCOWtG3Izc3ofS6uee7K
-      fWUF1hNyA3PUwpRtM2pll+sQEO3y/EN7xYGUOM0mlCawrYGtxSNMlWBlMk/y5HK9
-      upz+iHwUaEJ4PjV+P4YmDq0PnPvXE4qhTIvxx0kO5oZF0tAJCoTg1HE7o99/xq9Z
-      rejDR1JJj6btNw1YFQsRDLxRZv4rL9He10lmLhiQE8QN7zOWzyJbRP++tWY2d2zE
-      yFzvsOsGPbBqLDNkbb9d8Bfvp+udG13sHAEtRzI2UWe5SEdVHobAgu5l+m10WlsN
-      TG/L0gJe1eD1bwceWlnSrbqw+y+pam9YKWqdu18ETN6CeAbNo4w7honRkcRdZyoG
-      p9zZf3o1bGBBMla6RbLuJBoRDOy2Ql7B+Z87N0td6KlHI6X8fNbatbtsXR7qLUBP
-      5oRb6nXX4+DnTMDbvFpE2zxnkg+C354Tw5ysyHhM6abB2+zCXcZ3holeyxC+BUrO
-      gGPyLH/s01mg2zmttwC1UbkaGkQ6SwCoQoFEVq9Dp96B6PgZxhEw0GMrKRw53LoX
-      4rZif9Exv6qUFsGY8U9daEdDPF5UHYe7t/nPpfW3ABEBAAGJBEQEGAEIAA8CGwIF
-      AlokZSMFCQQWmKMCKcFdIAQZAQgABgUCWBU7dwAKCRBGwhMN/SSX9XKdD/4/dWSy
-      7h+ejbq8DuaX1vNXea79f+DNTUerJKpi/1nDOTajnXZnhCShP/yVF6kgbu8AVFDM
-      +fno/P++kx+IwNp/q2HGzzCm/jLeb6txAhAo7iw3fDAU89u8zzAahjp8Zq8iQsoo
-      hfLUGnNEaW0Z25/Rzb37Jy/NxxCnK5OtmThmXveQvIFLx8K34xlZ6MwyiUO64smI
-      dtdyLr492LciZpvJK1s2cliZLKu40dwseWAhvK6BOIBx1PLQGL/Pwx95jCNUDASR
-      fhvY3C27B5gvO6kE5O/RKpgKYF25k5uRLkscxn7liH0d+t3Ti4x07lwiLLQCwZ6F
-      NELdfJp5rtCT33es1wYTNfss0HUYHYFdKr0Vg9v6rR7B/yTwuv0TRYbR28M5olKR
-      IZ52B0DVDO9OCkACRVaxeWSxKFV/g1WyTE1QYNFo8t5EH4hX/mM76RGwW46DlOWS
-      fpyC7X4GfmAh+/SfL0rtN4Lr3uBFAhwrx1vW3xeJ2BIptGaxJgRpELLdz3HDb83s
-      MtT8mzeBXwVR3txmlpg36T96sx3J+osDugV34ctsDkO7/3vXIXz/oGh/zOmMH35A
-      9EgBGlxE4RxBfPT122XzBbwzSvT3Gmdr7QmTonEX6y0P3v6HOKRBcjFS0JePfmmz
-      1RJLG/Vy7PQxoV1YZbXc66C03htDYM2B6VtMNQkQFkawG4blAxCiVRAAhq/1L5Yl
-      smItiC6MROtPP+lfAWRmMSkoIuAtzkV/orqPetwWzjYLgApOvVXBuf9FdJ5vAx1I
-      XG3mDx6mQQWkr4t9onwCUuQ7lE29qmvCHB3FpKVJPKiGC6xK38t5dGAJtbUMZBQb
-      1vDuQ7new8dVLzBSH1VZ7gx9AT+WEptWznb1US1AbejO0uT8jsVc/McK4R3LQmVy
-      9+hbTYZFz1zCImuv9SCNZPSdLpDe41QxcMfKiW7XU4rshJULKd4HYG92KjeJU80z
-      gCyppOm85ENiMz91tPT7+A4O7XMlOaJEH8t/2SZGBE/dmHjSKcWIpJYrIZKXTrNv
-      7rSQGvweNG5alvCAvnrLJ2cRpU1Rziw7auEU1YiSse+hQ1ZBIzWhPMunIdnkL/BJ
-      unBTVE7hPMMG7alOLy5Z0ikNytVewasZlm/dj5tEsfvF7tisVTZWVjWCvEMTP5fe
-      cNMEAwbZdBDyQBAN00y7xp4Pwc/kPLuaqESyTTt8jGek/pe7/+6fu0GQmR2gZKGa
-      gAxeZEvXWrxSJp/q81XSQGcO6QYMff7VexY3ncdjSVLro+Z3ZtYt6aVIGAEEA5UE
-      341yCGIeN+nr27CXD4fHF28aPh+AJzYh+uVjQhHbL8agwcyCMLgU88u1U0tT5Qtj
-      wnw+w+3UNhROvn495REpeEwD60iVeiuF5FW5Ag0EWbWWowEQALCiEk5Ic40W7/v5
-      hqYNjrRlxTE/1axOhhzt8eCB7eOeNOMQKwabYxqBceNmol/guzlnFqLtbaA6yZQk
-      zz/K3eNwWQg7CfXO3+p/dN0HtktPfdCk+kY/t7StKRjINW6S9xk9KshiukmdiDq8
-      JKS0HgxqphBB3tDjmo6/RiaOEFMoUlXKSU+BYYpBpLKg53P8F/8nIsK2aZJyk8Xu
-      Bd0UXKI+N1gfCfzoDWnYHs73LQKcjrTaZQauT81J7+TeWoLI28vkVxyjvTXAyjSB
-      nhxTYfwUNGSoawEXyJ1uKCwhIpklxcCMI9Hykg7sKNsvmJ4uNcRJ7cSRfb0g5DR9
-      dLhR+eEvFd+o4PblKk16AI48N8Zg1dLlJuV2cAtl0oBPk+tnbZukvkS5n1IzTSmi
-      iPIXvK2t506VtfFEw4iZrJWf2Q9//TszBM3r1FPATLH7EAeG5P8RV+ri7L7NvzP6
-      ZQClRDUsxeimCSe8v/t0OpheCVMlM9TpVcKGMw8ig/WEodoLOP4iqBs4BKR7fuyd
-      jDqbU0k/sdJTltp7IIdK1e49POIQ7pt+SUrsq/HnPW4woLC1WjouBWyr2M7/a0Sl
-      dPidZ2BUAK7O9oXosidZMJT7dBp3eHrspY4bdkSxsd0nshj0ndtqNktxkrSFRkoF
-      pMz0J/M3Q93CjdHuTLpTHQEWjm/7ABEBAAGJBEQEGAEIAA8FAlm1lqMCGwIFCQJ2
-      LQACKQkQFkawG4blAxDBXSAEGQEIAAYFAlm1lqMACgkQ4HTRbrb/TeMpDQ//eOIs
-      CWY2gYOGACw42JzMVvuTDrgRT4hMhgHCGeKzn1wFL1EsbSQV4Z6pYvnNayuEakgI
-      z14wf4UFs5u1ehfBwatmakSQJn32ANcAvI0INAkLEoqqy81mROjMc9FFrOkdqjcN
-      7yN0BzH9jNYL/gsvmOOwOu+dIH3C1Lgei844ZR1BZK1900mohuRwcji0sdROMcrK
-      rGjqd4yb6f7yl0wbdAxA3IHT3TFGczC7Y41P2OEpaJeVIZZgxkgQsJ14qK/QGpdK
-      vmZAQpjHBipeO/H+qxyOT5Y+f15VLWGOOVL090+ZdtF7h3m4X2+L7xWsFIgdOprf
-      O60gq3e79YFfgNBYU5BGtJGFGlJ0sGtnpzx5QCRka0j/1E5lIu00sW3WfGItFd48
-      hW6wHCloyoi7pBR7xqSEoU/U5o7+nC8wHFrDYyqcyO9Q3mZDw4LvlgnyMOM+qLv/
-      fNgO9USE4T30eSvc0t/5p1hCKNvyxHFghdRSJqn70bm6MQY+kd6+B/k62Oy8eCwR
-      t4PR+LQEIPnxN7xGuNpVO1oMyhhO41osYruMrodzw81icBRKYFlSuDOQ5jlcSajc
-      6TvF22y+VXy7nx1q/CN4tzB/ryUASU+vXS8/QNM6qI/QbbgBy7VtHqDbs2KHp4cP
-      0j9KYQzMrKwtRwfHqVrwFLkCp61EHwSlPsEFiglpMg/8DQ92O4beY0n7eSrilwEd
-      Jg89IeepTBm1QYiLM33qWLR9CABYAIiDG7qxviHozVfX6kUwbkntVpyHAXSbWrM3
-      kD6jPs3u/dimLKVyd29AVrBSn9FC04EjtDWsj1KB7HrFN4oo9o0JLSnXeJb8FnPf
-      3MitaKltvj/kZhegozIs+zvpzuri0LvoB4fNA0T4eAmxkGkZBB+mjNCrUHIakyPZ
-      VzWGL0QGsfK1Q9jvw0OErqHJYX8A1wLre/HkBne+e5ezS6Mc7kFW33Y1arfbHFNA
-      e12juPsOxqK76qNilUbQpPtNvWP3FTpbkAdodMLq/gQ+M5yHwPe8SkpZ8wYCfcwE
-      emz/P+4QhQB8tbYbpcPxJ+aQjVjcHpsLdrlSY3JL/gqockR7+97GrCzqXbgvsqiW
-      r16Zyn6mxYWEHn9HXMh3b+2IYKFFXHffbIBq/mfibDnZtQBrZpn2uyh6F2ZuOsZh
-      0LTD7RL53KV3fi90nS00Gs1kbMkPycL1JLqvYQDpllE2oZ1dKDYkwivGyDQhRNfE
-      RL6JkjyiSxfZ2c84r2HPgnJTi/WBplloQkM+2NfXrBo6kLHSC6aBndRKk2UmUhrU
-      luGcQUyfzYRFH5kVueIYfDaBPus9gb+sjnViFRpqVjefwlXSJEDHWP3Cl2cuo2mJ
-      jeDghj400U6pjSUW3bIC/PK5Ag0EXCxEEQEQAKVjsdljwPDGO+48879LDa1d7GEu
-      /Jm9HRK6INCQiSiS/0mHkeKa6t4DRgCY2ID9lFiegx2Er+sIgL0chs16XJrFO21u
-      kw+bkBdm2HYUKSsUFmr/bms8DkmAM699vRYVUAzO9eXG/g8lVrAzlb3RT7eGHYKd
-      15DT5KxXDQB+T+mWE9qD5RJwEyPjSU+4WjYF+Rr9gbSuAt5UySUb9jTR5HRNj9wt
-      b4YutfP9jbfqy8esQVG9R/hpWKb2laxvn8Qc2Xj93qNIkBt/SILfx9WDJl0wNUmu
-      +zUwpiC2wrLFTgNOpq7g9wRPtg5mi8MXExWwSF2DlD54yxOOAvdVACJFBXEcstQ3
-      SWg8gxljG8eLMpDjwoIBax3DZwiYZjkjJPeydSulh8vKoFBCQkf2PcImXdOk2HqO
-      V1L7FROM6fKydeSLJbx17SNjVdQnq1OsyqSO0catAFNptMHBsN+tiCI29gpGegao
-      umV9cnND69aYvyPBgvdtmzPChjSmc6rzW1yXCJDm2qzwm/BcwJNXW5B3EUPxc0qS
-      Wste9fUna0G4l/WMuaIzVkuTgXf1/r9HeQbjtxAztxH0d0VgdHAWPDkUYmztcZ4s
-      d0PWkVa18qSrOvyhI96gCzdvMRLX17m1kPvP5PlPulvqizjDs8BScqeSzGgSbbQV
-      m5Tx4w2uF4/n3FBnABEBAAGJBFsEGAEIACYCGwIWIQRy7PRqVrStOckHu7cWRrAb
-      huUDEAUCY897hAUJDUbR8wIpwV0gBBkBAgAGBQJcLEQRAAoJECPnFmeItj4egdIP
-      /3D4rN79jOl7wG1aDNxiDF57FY9VgB7sAP42u1H2SffpFfz4jC5AG1tHwY9P8tDt
-      0ctdlVUBl4QvlaOI+gvKsBT+Dl2uhLMR17r1jCM7QWl9Smr+td2lwbcaerU67ndB
-      RVIeLA3NUURG97TK+suXLxSYJ63VnF9YLJejg3IFgRjXOmV+x+4+PITEeipjXmaH
-      Fu6fFvgYA0Cal2MFTS9eajh81QIdHVrBSxPYMAU5gwmNN8fWq8UjQxgl8sbehO+y
-      2zVSKEkZRG5L4uo995xG7hESAmJegpbV0AsolSo4XiXCzI24L+fmywr9s33if1sj
-      pjhiqR0bvpQVdRr5YkcVG5VZZo1j4WDwWVxsoyCNek6q/opURHGRVvkk3HG61XLe
-      +SVi28cJRJosfltR8EkQkfih8dwrq+GTzDgZT7BYpTjrDWu0TlAeere879tRH9wX
-      nmgnfXOJMzRjfHdYnBKkl6Flj6oEk9C2T7WcqlmVZ1qxwoVR364qMYUp8PDt8GNQ
-      NhkmoYgkr747znhKCclNtWTMOgFchwoer+NqGGnQXxoBcDaOTgjITcTcvwnFKwUg
-      6si1UzOUJTbE++WLO5Bx53PiZPsceCaYsjQs+S83D4ZcKapyUHIyXWNYQ4Su+Tq5
-      o/zXwjHmfINWlT1+MRKvADMmWIWef5ZjPtd0Xb/GVuhSCRAWRrAbhuUDEHSxD/9M
-      5il+6iZDsLMFQvsZJjRWnquPxRXBfyA3aiLJXsmMwWfSdEjS3JKq2hrOKVT3FgkN
-      CHBxhPREIPEhlE7EsGmdYvvzceYeM8LuK4DVMIjjpsIlxyS+h3iQNamoITbwuZyc
-      Hgv9FGVOElrtntqPY6BZWBdK1ZVAT3Q4hf1+o2UZ6o5gcmu6rR5wlgsqdGc5XCev
-      YVaJ7qQXvLhU0gzWyJ1p//d4DQUqrXW9+1bFg/gwPFn+ZBoO40/IovwoIdo1xX4p
-      KgH47aXFRHB53LhNtve422XDEuQnBTwNucvxAA91TmFt1BDVy1VCEwlDaKMS4Tuw
-      xrBEBKwsuBqelJPEcDzzt+yvc3jPoVrNrC5zLpAF3VPCUCkf21tbqYroFy/UfQls
-      O26iJhfPxoLEGtuCYt+DrpnR/1DteKqtett+Z1nJ9JEZAxk8QjdcpdMa5kBtC1hd
-      vb9f8ySSxv91RtzmyehIc7TBogwK+mydWMskTmNAl4ecGepfghPfA5JDW0NUm/Vv
-      /DAylze+BXzXPBeMXDAsHOcf4A8QVht9jX5a03QpPcFcXUYFjtItrjeDyzlSBp3K
-      8B9ECMy2+ke0U0jupNWlFxxzR15e+rEi450ilL/wKm7Va5VhQuNlXToIZJdQg/3e
-      n2jb+0Wye2SNCdPjF8663z+VwaZDVaDXqnT72wEJv7kCDQRcN/VvARAAoEHIkyjF
-      DsfoCxA/b2qNjz+l8OI2WhAMdqxReg7JN9R61qbetj9RYIcWswPSO84c0ioRUk+x
-      JavEFh/6Lg00QKwJKPf0kd1Us6SfqklxGczOaWNLyiM7JthFRNMp0qVX6NjLqGoC
-      NO+d/+nNk6s2x4rLECj/EROmE3ZQQEo5nBXmPlhXpVem23rGfXEQvXDNqFmvqrP+
-      Befn/+aDpo89QIm3sE8G0LfgcajIdSfgLH+NJTvOVAtXXVXJPK39Njr1aBzWTbWh
-      LS2bji7DwP7hshdh7DE2rS623vlzvkkrms8oKkiRpKATdhQ8CEx+mhTFKCj6GtNq
-      hwttCbf98N9GpiHD0has65YtgQQjk2pLR62rZf6czagRfKbFQzXjl2JxS/bsHVhT
-      khyJFqgDcHCSXe7K8uGTAE2AkakGhGyDJYqGVSl0w5IAU8dqDQMc0IpsVMbFk4nX
-      4GgOwixwrzrgCh0jRi+EwUHJYZHBAyzNCkr++D25R0gwNhPMjSKe8Ks6G3hH3XP/
-      ZVlceW/gPfxRixUTk/q7s3xPpPhLMREEpKS1aGcmYxEkrkVBDAzNYKdKP1MYwLn4
-      lh4yNFXWlTClnDyI6UODTHwt8xDddtnT9u+U+xc6OJiYcCOstl+ovS9HmM/Kt9VT
-      EX9cckEEL1IS+9esQMr4b5X02Y1q9Q2uEucAEQEAAYkEWwQYAQgAJgIbAhYhBHLs
-      9GpWtK05yQe7txZGsBuG5QMQBQJjz3uOBQkNOyCfAinBXSAEGQECAAYFAlw39W8A
-      CgkQT3dnk2lHW6p0eg/+K2JJu1RbTSLJPFYQhLcxX+5d2unkuNLIy3kArtZuB992
-      E2Fw00okPGtuPdSyk2ygh4DeYnwmabIWChi7LDp+YnqcI4GfMxNG6RsHs+A/77rL
-      BST3BB1sejZppmKCQZDSC2pvYaZBpS80UvftCZ9RFdY+kTC22Btn/5ekiQOfIqhU
-      H9CyGWS/YlGciomVIVn1hSPN8l4EpBCDtceRaephvzjQIZT3AxOfSlpwJviYjAOk
-      SX4qWyIjC5Ke5kfEOldUuBN1JGAm45tKlrz/LD/+VOc2IWpbkOIAVSldUgpRyiIJ
-      QAZ80trNxrJI7ncaID8lAa7pBptJiL0KorRjk3c6Y7p830Nwe0J5e5+W1RzN4wlR
-      8+9uuRyP8Mcwz/Hz2jwMiv38Vk4tAOe4PYNZuDnpjZ28yCpF3UUgvzjarubFAcg2
-      jd8SauCQFlmOfvT+1qIMSeLmWBOdlzJTUpJRcZqnkEE4WtiMSlxyWVFvUwOmKSGi
-      8CLoGW1Ksh9thQ9zKhvVUiVoKn4Z79HXr4pX6rnp+mweJ2dEZtlqD7HxjVTlCHn9
-      fzClt/Nt0h721fJbS587AC/ZMgg5GV+GKu6Mij0sPAowUJVCIwN9uK/GHICZEAoM
-      SngP8xzKnhU5FD38vwBvsqbKxTtICrv2NuwnQ0WBBQ58w5mv2RCMr2W6iegSKIAJ
-      EBZGsBuG5QMQ0SIQAMFN0FlUSP5TiKrTFMj79TcCLDeAvk8+h7nNj/dlgDpRl4kp
-      r+XO/a0VTwK8XVszNA43FDuT0WORPG73LYlgJi5gdLeWoXaEnW1f+ZyR2uc8/UNu
-      8nwv2dPLefLbhrWpkQbcriOt5FHL61Z8CqYa67vm2Lkr1yD+y3XFAuB2j3hbB1pF
-      xmc3wvkY+ZMA3fMb+ZbAlV9ylNn4MWzK2Z1hzC0G33Ym6z8SbqljvTn0ABS8BI0g
-      cJaPtSV7+rq+a/YOCBudSY1qBLCHGvpkByispqKjguS/95+37zcqEbTCTX9S5XmS
-      lsKFY08+6rq7yu8ptLkbg/RuXLzAvn6g56zFQlPeR+BIrKeCbWRu9hx4kSS6uN22
-      MgYgv7l9ohNTzRxnugHnnerdyElDge50AQeFR43bdHEhvyumPLjaJ2WbSHtxRkLw
-      HcXOlx6lL/i2DJeLMaCshITV6TfvubVYG8djMUogWiXK0T74oocPSs00HDNs7OPy
-      9W44ZAFknGvoaTOEYxNgSI84yUf2304IhP+U9pYcRnJwJM4pOzcXZxPibrQf2Ex9
-      XZXRkb9jkfYMvs0XBnCTUnSl5WVVlNHo2oUC2/mwuc321M6ucf7uDwN6FdPQVlJh
-      1qXVLvbNiyYug0lvwXsyfwu6IX+wl+kAP5NrRYuX8H+L0eauTGrRsld7OZ3H
-      =e4wy
-      -----END PGP PUBLIC KEY BLOCK-----
+        export SHELL=/bin/bash
+        export ENV=~/.bashrc
+        export CYPRESS_INSTALL_BINARY=0
 
-actions:
-- trigger: post-files
-  pongo: true
-  action: |-
-    #!/bin/bash
-    set -eux
+        curl -fsSL https://get.pnpm.io/install.sh | bash -
+        source $ENV
 
-    git clone https://github.com/Fallenbagel/jellyseerr -b v{{ image.serial }} --depth 1 /opt/jellyseerr
-    cd /opt/jellyseerr
-    yarn global add node-gyp
-    CYPRESS_INSTALL_BINARY=0 yarn install --frozen-lockfile --network-timeout 1000000
-    yarn build
-    yarn install --production --ignore-scripts --prefer-offline
-    rm -rf src server .next/cache
+        git clone https://github.com/Fallenbagel/jellyseerr -b v{{ image.serial }} --depth 1 /opt/jellyseerr
+        cd /opt/jellyseerr
 
-    systemctl enable jellyseerr.service
+        pnpm install --frozen-lockfile
+        pnpm build
+
+        rm -rf src server .next/cache
+
+        systemctl enable jellyseerr.service
diff --git a/templates/jenkins.yml b/templates/jenkins.yml
index 68fd9e4..8d41299 100644
--- a/templates/jenkins.yml
+++ b/templates/jenkins.yml
@@ -1,75 +1,84 @@
-name: Jenkins
+metadata:
+  name: Jenkins
+  get_version_command: curl -Ls https://updates.jenkins.io/stable/latestCore.txt
+  description: The leading open source automation server. Build great things at any scale.
+  categories: Automation, CI CD, Dev
+  project_source: https://github.com/jenkinsci/jenkins
+  distribution: debian
+  release: bookworm
+  architectures:
+    - amd64
+instructions:
+  packages:
+    - openjdk-17-jre
+    - fontconfig
 
-packages:
-- openjdk-17-jre
-- fontconfig
+  repositories:
+    - name: jenkins
+      url: |-
+        deb https://pkg.jenkins.io/debian-stable binary/
+      key: |-
+        -----BEGIN PGP PUBLIC KEY BLOCK-----
 
-repositories:
-  - name: jenkins
-    url: |-
-      deb https://pkg.jenkins.io/debian-stable binary/
-    key: |-
-      -----BEGIN PGP PUBLIC KEY BLOCK-----
+        mQINBGQhzisBEAC7yUhIqVCcyCXJWeZZf/BA6/+KguDQpycck0xUomj5ogT1+lwJ
+        Mnr6XsPFdTt5DgzjHKg6SM8PTIpLpzOcpqIG9eB8MnvtTp6qFSfIdZnEZccTot1e
+        cArnM2H6yw/4OW+8QHx9Zgj1miiqolVZ1RusHT3cvPdkF4GFTZnChiF0epd+6iKi
+        Em8gfzECIltl+McYCwjPXlx38p1mwPI0tgQ7GGD1VzjS/GycuD+shM7lPQ9PmCnC
+        8zkZIBsbGbSTbAYqnARrbczmg9BKCyErfdQJKi6+r/fg6cWAairXsiOlzqCLCBoZ
+        ssLKkRAc2ib3cm/RHBm+MK2wLZ5q8xgh9e/iBoBOpJXXARvfu67uQjfLPj/o4FwM
+        ZWxGZlj2b3cL5q+thjGWOliEh15gciGU17vT15YGcEPVMeDVBYKp/Z+TgkJIlUmD
+        4bU+K89qYCzp/AP3tsozFwazQRultkjuHVCZrJQtCaVu3/wjtkVd101Oj/Gi4ajn
+        2WU2KkGWkM0jArUCohJPsZodLHj8DAT2V5SqrEq6jF6ONnAlK1MNmPTKAoDmP6LJ
+        3of4VHcIbGq1p+I6R9292Lv3Avs/uMbWtR7nae4XWT9l49hY3p8gc5rPOs2wzPgV
+        v8X6vaQSlgjJDaNVPSZCo8hQkqHsoskri5BHVhxBpjaJ0mNKCeSHWfP+RwARAQAB
+        tDJKZW5raW5zIFByb2plY3QgPGplbmtpbnNjaS1ib2FyZEBnb29nbGVncm91cHMu
+        Y29tPokCVwQTAQgAQRYhBGNmfudLuh8KCKaYclujHVfvWXXKBQJkIc4rAhsDBQkF
+        o5qABQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJEFujHVfvWXXK4+kP/0cR
+        nNYrjb4gWG/rcwJ8zo0YKZBO30RPul1INnyufDediDb0UCOJwT+CnEZULx+HeUOi
+        xHVBMD70LRP3ym+40Naw3s4nJWvBpOYIqQhjoRqrWkdIrMgNSAwRrufgXqSBvvfZ
+        +xQYrNRuu8/00U6Bz2eeCL2SNZpShL0iPjP9Bcu7763jaGvnS/WUVaAqqyNwxGRl
+        afffRvCV/Wjy47W+ifCPgku4SKZgG+QPMuthI842+lLSl2BXhiEVJ4auK5rjFHsv
+        RrUEQrjEGZ9vEoitZAQL/CDWmlkhrqYSpgTVsMCoByRzZqQG9fOAJNFniFqrANQQ
+        m9NkZN0ZljOnZfJh+ZzbjjVUS522piJtVqdOU0noT6awMtSO/CO4EmuElj8LkVI6
+        jbP0FqxYecNQtlAzBguRD5UWjAi3jgkdbap0ooqZm2YQPNaLD3OLWdvtj/jx+EI4
+        DTrSoSSoHea5xiAFQNB3ab2fk5kN5ufVWIV5F9AQHU+kWE9jgS+zl8apzbwMinm8
+        ZW0KeIcW63MH5hvbmsfBjdyroTTy2mwy096mB2vvqwWv6nt9mQy1YCmBeyp7oshI
+        qNeXIunP1NekAfGY+dRlldA3SoxNuJhVGd5eCOFWYmipb9XD+JrSgncHjCgewHq1
+        ycptdm1q8OZ26ZOaAIVOYENk8WUOz5DzOuOS81EJuQINBGQhzisBEADtvyAOnz23
+        gKKKVzSY9bhEvQxJWQUY/jXek7LjhflLw4xugGARMrTMc6zzabOJefyrVkucWqso
+        spCWoj+M8HGfhHXpNDHbn21fyHB6jpOh8Ors2ZHH2skswcAcWcLlWQWrUtqQFuje
+        1rXShp8IhYz308MIZ65VYf/Z9Bk7VNNTgRLmOMTn+KlN8qiQZ0SZbPj/wFK1iwAh
+        /xPu586a7xVN4xdy6RJNfrSCG84kMNyaHTDFOEKchWPoGe5D6EqF8dufvrcKoSxc
+        T2sC6WzDqG/+Jfk//xrHblxeCXiOAX/Dm+McvceV0dBSVJJx67FoHUyWBRj5coHU
+        4YfrUTHREEKdYcpUAHQGPJBLyx0QNs2URhYSCwNU5yYL+z3UIpsS93HosUPEzrTD
+        XE1D2eV1gGf0YzCWxWTAuOjoUD8D22p//GAaLXYpuwSgVzgKwvPefkWJ94Euvz6T
+        sKrljMPsxOdPLBs8AJgrqmYIwbRXoxNEzv/PT/9sST5nl5tlWc9PonzwzHqStU4Y
+        f8jQhIv1yq2wAE2OB0Q7B6i62QWqSWAWEAc6LPRdSalgS8ooj/MIQFGwsd4VuNSN
+        JD9p7bHHlHceeXMR2F0JeG8G91RqlTkxu7cUMkqheXXAyTa/OuG5xauHyLzt4xVp
+        fnHd5fNjxcc02ADF46X6/nze6hClUBqMAQARAQABiQI8BBgBCAAmFiEEY2Z+50u6
+        HwoIpphyW6MdV+9ZdcoFAmQhzisCGwwFCQWjmoAACgkQW6MdV+9ZdcoRGA/+JmjW
+        09ZmAlBM846GgI0B00YtXMu3PuhhOq8sJEXvcvlCfSAlVpHfnwUJE7q5QaUrD3wT
+        VKT4pe/zBRN+zD84gXxGANJY813EhpngBEJmptIjNkKvWclr/nG4MI8yezZmeEgP
+        142LviJmNYb0+3s1CU7Q03g3b/wsHNFpuA9zVJu24xVAM/Af65N1STvnSQAjcXa9
+        rgIwdiZ7XbCD6rpF1ms8i6RYsflB+dGLgEOiAlX+lZ6843WpMWlDUBd2v+OHtXvm
+        zLYbg8SYtHV8xMJWPjz6e9yoKuyjvWAwAiDcjO0SpCqlkHsUzWRS44z3hQssgywP
+        iFKGqP5eHDaSCqUHF5VkGdtg/a9M7vthhEoB/2IKSf82CQE9IdmNtEJHAPgWamgm
+        VPpyMliDTd2gyqD+FmduRdY/yHMP0QV6G/VRTV4gfQ80qU/U2JXWAQdw6ok1+k5V
+        t0ur8buQo+49diyr8WPHA4CwpSwriwIClDZdq38JiCdnfICfFxAQYdBMbL6S4wqA
+        Sv+OqcDBvu7m5yV/hrfcVztRkWUwr21kUmvx04xpvvpG/cUAnQOog3Q7Ce5xkaX7
+        99Ewd0xUXma/H++IGX77jxU7jW5n2FPeVEn+zcNF8of/XAi1uaP1WL5T/iEl6EsI
+        MetBbjkOnNXyWrP3SAPwqQMMg/vNa+mJIjoNByw=
+        =sdsH
+        -----END PGP PUBLIC KEY BLOCK-----
 
-      mQINBGQhzisBEAC7yUhIqVCcyCXJWeZZf/BA6/+KguDQpycck0xUomj5ogT1+lwJ
-      Mnr6XsPFdTt5DgzjHKg6SM8PTIpLpzOcpqIG9eB8MnvtTp6qFSfIdZnEZccTot1e
-      cArnM2H6yw/4OW+8QHx9Zgj1miiqolVZ1RusHT3cvPdkF4GFTZnChiF0epd+6iKi
-      Em8gfzECIltl+McYCwjPXlx38p1mwPI0tgQ7GGD1VzjS/GycuD+shM7lPQ9PmCnC
-      8zkZIBsbGbSTbAYqnARrbczmg9BKCyErfdQJKi6+r/fg6cWAairXsiOlzqCLCBoZ
-      ssLKkRAc2ib3cm/RHBm+MK2wLZ5q8xgh9e/iBoBOpJXXARvfu67uQjfLPj/o4FwM
-      ZWxGZlj2b3cL5q+thjGWOliEh15gciGU17vT15YGcEPVMeDVBYKp/Z+TgkJIlUmD
-      4bU+K89qYCzp/AP3tsozFwazQRultkjuHVCZrJQtCaVu3/wjtkVd101Oj/Gi4ajn
-      2WU2KkGWkM0jArUCohJPsZodLHj8DAT2V5SqrEq6jF6ONnAlK1MNmPTKAoDmP6LJ
-      3of4VHcIbGq1p+I6R9292Lv3Avs/uMbWtR7nae4XWT9l49hY3p8gc5rPOs2wzPgV
-      v8X6vaQSlgjJDaNVPSZCo8hQkqHsoskri5BHVhxBpjaJ0mNKCeSHWfP+RwARAQAB
-      tDJKZW5raW5zIFByb2plY3QgPGplbmtpbnNjaS1ib2FyZEBnb29nbGVncm91cHMu
-      Y29tPokCVwQTAQgAQRYhBGNmfudLuh8KCKaYclujHVfvWXXKBQJkIc4rAhsDBQkF
-      o5qABQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJEFujHVfvWXXK4+kP/0cR
-      nNYrjb4gWG/rcwJ8zo0YKZBO30RPul1INnyufDediDb0UCOJwT+CnEZULx+HeUOi
-      xHVBMD70LRP3ym+40Naw3s4nJWvBpOYIqQhjoRqrWkdIrMgNSAwRrufgXqSBvvfZ
-      +xQYrNRuu8/00U6Bz2eeCL2SNZpShL0iPjP9Bcu7763jaGvnS/WUVaAqqyNwxGRl
-      afffRvCV/Wjy47W+ifCPgku4SKZgG+QPMuthI842+lLSl2BXhiEVJ4auK5rjFHsv
-      RrUEQrjEGZ9vEoitZAQL/CDWmlkhrqYSpgTVsMCoByRzZqQG9fOAJNFniFqrANQQ
-      m9NkZN0ZljOnZfJh+ZzbjjVUS522piJtVqdOU0noT6awMtSO/CO4EmuElj8LkVI6
-      jbP0FqxYecNQtlAzBguRD5UWjAi3jgkdbap0ooqZm2YQPNaLD3OLWdvtj/jx+EI4
-      DTrSoSSoHea5xiAFQNB3ab2fk5kN5ufVWIV5F9AQHU+kWE9jgS+zl8apzbwMinm8
-      ZW0KeIcW63MH5hvbmsfBjdyroTTy2mwy096mB2vvqwWv6nt9mQy1YCmBeyp7oshI
-      qNeXIunP1NekAfGY+dRlldA3SoxNuJhVGd5eCOFWYmipb9XD+JrSgncHjCgewHq1
-      ycptdm1q8OZ26ZOaAIVOYENk8WUOz5DzOuOS81EJuQINBGQhzisBEADtvyAOnz23
-      gKKKVzSY9bhEvQxJWQUY/jXek7LjhflLw4xugGARMrTMc6zzabOJefyrVkucWqso
-      spCWoj+M8HGfhHXpNDHbn21fyHB6jpOh8Ors2ZHH2skswcAcWcLlWQWrUtqQFuje
-      1rXShp8IhYz308MIZ65VYf/Z9Bk7VNNTgRLmOMTn+KlN8qiQZ0SZbPj/wFK1iwAh
-      /xPu586a7xVN4xdy6RJNfrSCG84kMNyaHTDFOEKchWPoGe5D6EqF8dufvrcKoSxc
-      T2sC6WzDqG/+Jfk//xrHblxeCXiOAX/Dm+McvceV0dBSVJJx67FoHUyWBRj5coHU
-      4YfrUTHREEKdYcpUAHQGPJBLyx0QNs2URhYSCwNU5yYL+z3UIpsS93HosUPEzrTD
-      XE1D2eV1gGf0YzCWxWTAuOjoUD8D22p//GAaLXYpuwSgVzgKwvPefkWJ94Euvz6T
-      sKrljMPsxOdPLBs8AJgrqmYIwbRXoxNEzv/PT/9sST5nl5tlWc9PonzwzHqStU4Y
-      f8jQhIv1yq2wAE2OB0Q7B6i62QWqSWAWEAc6LPRdSalgS8ooj/MIQFGwsd4VuNSN
-      JD9p7bHHlHceeXMR2F0JeG8G91RqlTkxu7cUMkqheXXAyTa/OuG5xauHyLzt4xVp
-      fnHd5fNjxcc02ADF46X6/nze6hClUBqMAQARAQABiQI8BBgBCAAmFiEEY2Z+50u6
-      HwoIpphyW6MdV+9ZdcoFAmQhzisCGwwFCQWjmoAACgkQW6MdV+9ZdcoRGA/+JmjW
-      09ZmAlBM846GgI0B00YtXMu3PuhhOq8sJEXvcvlCfSAlVpHfnwUJE7q5QaUrD3wT
-      VKT4pe/zBRN+zD84gXxGANJY813EhpngBEJmptIjNkKvWclr/nG4MI8yezZmeEgP
-      142LviJmNYb0+3s1CU7Q03g3b/wsHNFpuA9zVJu24xVAM/Af65N1STvnSQAjcXa9
-      rgIwdiZ7XbCD6rpF1ms8i6RYsflB+dGLgEOiAlX+lZ6843WpMWlDUBd2v+OHtXvm
-      zLYbg8SYtHV8xMJWPjz6e9yoKuyjvWAwAiDcjO0SpCqlkHsUzWRS44z3hQssgywP
-      iFKGqP5eHDaSCqUHF5VkGdtg/a9M7vthhEoB/2IKSf82CQE9IdmNtEJHAPgWamgm
-      VPpyMliDTd2gyqD+FmduRdY/yHMP0QV6G/VRTV4gfQ80qU/U2JXWAQdw6ok1+k5V
-      t0ur8buQo+49diyr8WPHA4CwpSwriwIClDZdq38JiCdnfICfFxAQYdBMbL6S4wqA
-      Sv+OqcDBvu7m5yV/hrfcVztRkWUwr21kUmvx04xpvvpG/cUAnQOog3Q7Ce5xkaX7
-      99Ewd0xUXma/H++IGX77jxU7jW5n2FPeVEn+zcNF8of/XAi1uaP1WL5T/iEl6EsI
-      MetBbjkOnNXyWrP3SAPwqQMMg/vNa+mJIjoNByw=
-      =sdsH
-      -----END PGP PUBLIC KEY BLOCK-----
+  actions:
+    - trigger: post-files
+      pongo: true
+      action: |-
+        #!/bin/bash
+        set -eux
 
-actions:
-- trigger: post-files
-  pongo: true
-  action: |-
-    #!/bin/bash
-    set -eux
+        apt-get update -y
+        apt-get install -y jenkins
 
-    apt update -y
-    apt install -y jenkins
-
-    systemctl enable jenkins.service
+        systemctl enable jenkins.service
diff --git a/templates/jupyterlab.yml b/templates/jupyterlab.yml
index c183917..4f00b84 100644
--- a/templates/jupyterlab.yml
+++ b/templates/jupyterlab.yml
@@ -1,41 +1,50 @@
-name: JupyterLab
-
-files:
-- path: /etc/systemd/system/jupyterlab.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=JupyterLab
-    After=network.target
-    ConditionPathExists=/jupyterlab/.installed__
-
-    [Service]
-    Type = simple
-    ExecStart=/jupyterlab/bin/jupyter-lab --allow-root --no-browser --ip=0.0.0.0 --port=8888
-    TimeoutSec = 15
-    Restart = on-failure
-
-    [Install]
-    WantedBy=multi-user.target
-
-packages:
-- git
-- python3-pip
-- python3-venv
-
-actions:
-- trigger: post-files
-  pongo: true
-  action: |-
-    #!/bin/bash
-    set -eux
-
-    cd /
-    python3 -m venv jupyterlab
-    cd jupyterlab && source bin/activate
-    pip install jupyterlab==v{{ image.serial }}
-
-    touch /jupyterlab/.installed__
-
-    systemctl enable jupyterlab.service
+metadata:
+  name: JupyterLab
+  get_version_command: curl -s https://api.github.com/repos/jupyterlab/jupyterlab/releases/latest | jq -r '.tag_name'
+  description: Kestra is a free and open-source workflow orchestrator and automation tool.
+  categories: Automation, Orchestration
+  project_source: https://github.com/kestra-io/kestra
+  distribution: debian
+  release: bookworm
+  architectures:
+    - amd64
+instructions:
+  files:
+    - path: /etc/systemd/system/jupyterlab.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=JupyterLab
+        After=network.target
+        ConditionPathExists=/jupyterlab/.installed__
+
+        [Service]
+        Type = simple
+        ExecStart=/jupyterlab/bin/jupyter-lab --allow-root --no-browser --ip=0.0.0.0 --port=8888
+        TimeoutSec = 15
+        Restart = on-failure
+
+        [Install]
+        WantedBy=multi-user.target
+
+  packages:
+    - git
+    - python3-pip
+    - python3-venv
+
+  actions:
+    - trigger: post-files
+      pongo: true
+      action: |-
+        #!/bin/bash
+        set -eux
+
+        cd /
+        python3 -m venv jupyterlab
+        cd jupyterlab && source bin/activate
+        pip install jupyterlab==v{{ image.serial }}
+
+        touch /jupyterlab/.installed__
+
+        systemctl enable jupyterlab.service
diff --git a/templates/kestra.yml b/templates/kestra.yml
index a3c476d..ba2457f 100644
--- a/templates/kestra.yml
+++ b/templates/kestra.yml
@@ -1,58 +1,66 @@
-name: Kestra
+metadata:
+  name: Kestra
+  get_version_command: curl -s https://api.github.com/repos/kestra-io/kestra/releases/latest | jq -r '.tag_name'
+  description: Kestra is a free and open-source workflow orchestrator and automation tool.
+  categories: Automation, Orchestration
+  project_source: https://github.com/kestra-io/kestra
+  distribution: debian
+  release: bookworm
+  architectures:
+    - amd64
+instructions:
+  files:
+    - path: /etc/systemd/system/kestra.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=Kestra
+        After=network.target
 
-files:
-- path: /etc/systemd/system/kestra.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=Kestra
-    After=network.target
+        [Service]
+        Type = simple
+        WorkingDirectory=/opt/kestra
+        ExecStart=/opt/kestra/kestra server local --worker-thread 5
+        TimeoutSec = 15
+        Restart = on-failure
 
-    [Service]
-    Type = simple
-    WorkingDirectory=/opt/kestra
-    ExecStart=/opt/kestra/kestra server local --worker-thread 5
-    TimeoutSec = 15
-    Restart = on-failure
+        [Install]
+        WantedBy=multi-user.target
 
-    [Install]
-    WantedBy=multi-user.target
+  packages:
+    - build-essential
+    - autoconf
+    - git
+    - unzip
 
-packages:
-- build-essential
-- autoconf
-- git
-- unzip
+  actions:
+    - trigger: post-files
+      pongo: true
+      action: |-
+        #!/bin/bash
+        set -eux
 
-actions:
-- trigger: post-files
-  pongo: true
-  action: |-
-    #!/bin/bash
-    set -eux
+        curl https://download.java.net/java/GA/jdk22.0.1/c7ec1332f7bb44aeba2eb341ae18aca4/8/GPL/openjdk-22.0.1_linux-x64_bin.tar.gz -o /tmp/openjdk.tar.gz
+        curl -sL https://api.kestra.io/v1/versions/download -o /tmp/kestra.zip
 
-    curl https://download.java.net/java/GA/jdk22.0.1/c7ec1332f7bb44aeba2eb341ae18aca4/8/GPL/openjdk-22.0.1_linux-x64_bin.tar.gz -o /tmp/openjdk.tar.gz
-    curl -sL https://api.kestra.io/v1/versions/download -o /tmp/kestra.zip
+        mkdir -p /opt/kestra
+        mkdir -p /opt/jdk
 
-    mkdir -p /opt/kestra
-    mkdir -p /opt/jdk
+        cd /tmp
 
-    cd /tmp
+        tar -zxf /tmp/openjdk.tar.gz -C /opt/jdk
+        unzip /tmp/kestra.zip && rm /tmp/kestra.zip
 
-    tar -zxf /tmp/openjdk.tar.gz -C /opt/jdk
-    unzip /tmp/kestra.zip && rm /tmp/kestra.zip
+        update-alternatives --install /usr/bin/java java /opt/jdk/jdk*/bin/java 100
+        update-alternatives --install /usr/bin/javac javac /opt/jdk/jdk*/bin/javac 100
+        update-alternatives --display java
+        update-alternatives --display javac
 
-    update-alternatives --install /usr/bin/java java /opt/jdk/jdk*/bin/java 100
-    update-alternatives --install /usr/bin/javac javac /opt/jdk/jdk*/bin/javac 100
-    update-alternatives --display java
-    update-alternatives --display javac
+        cd /opt/kestra
+        mv /tmp/kestra* ./kestra && chmod +x ./kestra
 
-    cd /opt/kestra
+        curl -sL https://raw.githubusercontent.com/kestra-io/kestra/develop/.plugins | grep io.kestra | sed s,#,,g > ./plugins-list
+        cat ./plugins-list | xargs -P 4 -I % bash -c 'echo "Install: %" && ./kestra plugins install % && echo "% installation done" || echo "% installation failed"'
 
-    curl -sL https://raw.githubusercontent.com/kestra-io/kestra/develop/.plugins | grep io.kestra | sed s,#,,g > ./plugins-list
-
-    mv /tmp/kestra* ./kestra && chmod +x ./kestra
-    for i in $(cat ./plugins-list); do echo "Install: $i" && ./kestra plugins install $i && echo "Done" || echo "Failed"; done
-
-    systemctl enable kestra.service
+        systemctl enable kestra.service
diff --git a/templates/keycloak.yml b/templates/keycloak.yml
index f07cfe0..633850d 100644
--- a/templates/keycloak.yml
+++ b/templates/keycloak.yml
@@ -1,100 +1,109 @@
-name: Keycloak
-
-files:
-- path: /etc/keycloak/creds.env
-  generator: dump
-  mode: '0440'
-  content: |-
-    KEYCLOAK_ADMIN=
-    KEYCLOAK_ADMIN_PASSWORD=
-    JAVA_OPTS_APPEND="-Djava.net.preferIPv4Stack=true"
-
-- path: /opt/utils/set-ip.sh
-  generator: dump
-  mode: '0755'
-  content: |-
-    sleep 5
-    HOSTN=$(ip addr list eth0 | grep -E "inet .* metric" | cut -d' ' -f6 | cut -d/ -f1 | head -n 1)
-    sed -i "s/^hostname.*/hostname=$HOSTN/" /opt/keycloak/conf/keycloak.conf
-
-- path: /etc/systemd/system/keycloak-init.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=Open Source Identity and Access Management
-    After=network.target
-
-    [Service]
-    Type=oneshot
-    RemainAfterExit=yes
-    ExecStart=/opt/utils/set-ip.sh
-
-    [Install]
-    WantedBy=multi-user.target
-
-- path: /etc/systemd/system/keycloak.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=Open Source Identity and Access Management
-    After=network.target keycloak-init.service
-    PathChanged=/opt/keycloak/conf/keycloak.conf
-
-    [Service]
-    Type=simple
-    Restart=always
-    # Update /etc/keycloak/creds.env with the admin credentials you want.
-    EnvironmentFile=/etc/keycloak/creds.env
-    Environment=JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64
-    ExecStart=/opt/keycloak/bin/kc.sh start
-
-    [Install]
-    WantedBy=multi-user.target
-
-- path: /opt/certs/rootCA.config
-  generator: copy
-  source: assets/rootCA.config
-
-- path: /opt/certs/csr.config
-  generator: copy
-  source: assets/csr.config
-
-- path: /opt/certs/crt.config
-  generator: copy
-  source: assets/crt.config
-
-packages:
-- openjdk-17-jre
-- fontconfig
-
-actions:
-- trigger: post-files
-  pongo: true
-  action: |-
-    #!/bin/bash
-    set -eux
-
-    mkdir -p /opt/keycloak
-
-    openssl req -x509 -newkey rsa:4096 -keyout /opt/certs/rootCA.key -out /opt/certs/rootCA.crt -sha256 -days 3650 -nodes -config /opt/certs/rootCA.config
-    openssl genrsa -out /etc/ssl/private/keycloak.key 2048
-    openssl req -new -key /etc/ssl/private/keycloak.key -out /etc/ssl/private/keycloak.csr -config /opt/certs/csr.config
-    openssl x509 -req -in /etc/ssl/private/keycloak.csr -CA /opt/certs/rootCA.crt -CAkey /opt/certs/rootCA.key -CAcreateserial -out /etc/ssl/private/keycloak.crt -days 1825 -sha256 -extfile /opt/certs/crt.config
-
-    wget -O /tmp/keycloak.tar.gz https://github.com/keycloak/keycloak/releases/download/{{image.serial}}/keycloak-{{image.serial}}.tar.gz
-    tar -xvf /tmp/keycloak.tar.gz -C /tmp && cp -r /tmp/keycloak-{{image.serial}}/* /opt/keycloak/
-
-    cat <<EOF > /opt/keycloak/conf/keycloak.conf
-    hostname=0.0.0.0
-    https-certificate-file=/etc/ssl/private/keycloak.crt
-    https-certificate-key-file=/etc/ssl/private/keycloak.key
-    EOF
-
-    export JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64
-
-    cd /opt/keycloak/bin && ./kc.sh build
-
-    systemctl enable keycloak-init.service
-    systemctl enable keycloak.service
+metadata:
+  name: Keycloak
+  get_version_command: curl -Ls  https://api.github.com/repos/keycloak/keycloak/releases/latest | jq -r '.tag_name'
+  description: Open Source Identity and Access Management.
+  categories: Identity, IAM, IDP, Security
+  project_source: https://github.com/keycloak/keycloak
+  distribution: debian
+  release: bookworm
+  architectures:
+    - amd64
+instructions:
+  files:
+    - path: /etc/keycloak/creds.env
+      generator: dump
+      mode: "0440"
+      content: |-
+        KEYCLOAK_ADMIN=
+        KEYCLOAK_ADMIN_PASSWORD=
+        JAVA_OPTS_APPEND="-Djava.net.preferIPv4Stack=true"
+
+    - path: /opt/utils/set-ip.sh
+      generator: dump
+      mode: "0755"
+      content: |-
+        sleep 5
+        HOSTN=$(ip addr list eth0 | grep -E "inet .* metric" | cut -d' ' -f6 | cut -d/ -f1 | head -n 1)
+        sed -i "s/^hostname.*/hostname=$HOSTN/" /opt/keycloak/conf/keycloak.conf
+
+    - path: /etc/systemd/system/keycloak-init.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=Open Source Identity and Access Management
+        After=network.target
+
+        [Service]
+        Type=oneshot
+        RemainAfterExit=yes
+        ExecStart=/opt/utils/set-ip.sh
+
+        [Install]
+        WantedBy=multi-user.target
+
+    - path: /etc/systemd/system/keycloak.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=Open Source Identity and Access Management
+        After=network.target keycloak-init.service
+        PathChanged=/opt/keycloak/conf/keycloak.conf
+
+        [Service]
+        Type=simple
+        Restart=always
+        # Update /etc/keycloak/creds.env with the admin credentials you want.
+        EnvironmentFile=/etc/keycloak/creds.env
+        Environment=JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64
+        ExecStart=/opt/keycloak/bin/kc.sh start
+
+        [Install]
+        WantedBy=multi-user.target
+
+    - path: /opt/certs/rootCA.config
+      generator: copy
+      source: assets/rootCA.config
+
+    - path: /opt/certs/csr.config
+      generator: copy
+      source: assets/csr.config
+
+    - path: /opt/certs/crt.config
+      generator: copy
+      source: assets/crt.config
+
+  packages:
+    - openjdk-17-jre
+    - fontconfig
+
+  actions:
+    - trigger: post-files
+      pongo: true
+      action: |-
+        #!/bin/bash
+        set -eux
+
+        mkdir -p /opt/keycloak
+
+        openssl req -x509 -newkey rsa:4096 -keyout /opt/certs/rootCA.key -out /opt/certs/rootCA.crt -sha256 -days 3650 -nodes -config /opt/certs/rootCA.config
+        openssl genrsa -out /etc/ssl/private/keycloak.key 2048
+        openssl req -new -key /etc/ssl/private/keycloak.key -out /etc/ssl/private/keycloak.csr -config /opt/certs/csr.config
+        openssl x509 -req -in /etc/ssl/private/keycloak.csr -CA /opt/certs/rootCA.crt -CAkey /opt/certs/rootCA.key -CAcreateserial -out /etc/ssl/private/keycloak.crt -days 1825 -sha256 -extfile /opt/certs/crt.config
+
+        wget -O /tmp/keycloak.tar.gz https://github.com/keycloak/keycloak/releases/download/{{image.serial}}/keycloak-{{image.serial}}.tar.gz
+        tar -xvf /tmp/keycloak.tar.gz -C /tmp && cp -r /tmp/keycloak-{{image.serial}}/* /opt/keycloak/
+
+        cat <<EOF > /opt/keycloak/conf/keycloak.conf
+        hostname=0.0.0.0
+        https-certificate-file=/etc/ssl/private/keycloak.crt
+        https-certificate-key-file=/etc/ssl/private/keycloak.key
+        EOF
+
+        export JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64
+
+        cd /opt/keycloak/bin && ./kc.sh build
+
+        systemctl enable keycloak-init.service
+        systemctl enable keycloak.service
diff --git a/templates/lidarr.yml b/templates/lidarr.yml
index 662594f..2a08549 100644
--- a/templates/lidarr.yml
+++ b/templates/lidarr.yml
@@ -1,49 +1,60 @@
-files:
-- path: /etc/systemd/system/lidarr.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=Lidarr Daemon
-    After=syslog.target network.target
-    [Service]
-    User=lidarr
-    Group=media
-    Type=simple
-    ExecStart=/opt/Lidarr/Lidarr -nobrowser -data=/var/lib/lidarr/
-    TimeoutStopSec=20
-    KillMode=process
-    Restart=on-failure
-    [Install]
-    WantedBy=multi-user.target
+metadata:
+  name: Lidarr
+  get_version_command: curl -s https://api.github.com/repos/Lidarr/Lidarr/releases/latest | jq -r '.tag_name'
+  description: Lidarr is a music collection manager for Usenet and BitTorrent users.
+  categories: Media management
+  project_source: https://wiki.servarr.com/lidarr
+  distribution: debian
+  release: bookworm
+  architectures:
+    - amd64
+instructions:
+  files:
+    - path: /etc/systemd/system/lidarr.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=Lidarr Daemon
+        After=syslog.target network.target
+        [Service]
+        User=lidarr
+        Group=media
+        Type=simple
+        ExecStart=/opt/Lidarr/Lidarr -nobrowser -data=/var/lib/lidarr/
+        TimeoutStopSec=20
+        KillMode=process
+        Restart=on-failure
+        [Install]
+        WantedBy=multi-user.target
 
-packages:
-- git
-- sqlite3
-- mediainfo
-- libchromaprint-tools
+  packages:
+    - git
+    - sqlite3
+    - mediainfo
+    - libchromaprint-tools
 
-actions:
-- trigger: post-files
-  pongo: true
-  action: |-
-    #!/bin/bash
-    set -eux
+  actions:
+    - trigger: post-files
+      pongo: true
+      action: |-
+        #!/bin/bash
+        set -eux
 
-    export ARCH={{ image.architecture }}
-    if [[ "$ARCH" == "amd64" ]];then export ARCH="x64"; fi
+        export ARCH={{ image.architecture }}
+        if [[ "$ARCH" == "amd64" ]];then export ARCH="x64"; fi
 
-    mkdir /downloads
-    groupadd media
-    chown -R :media /downloads
+        mkdir /downloads
+        groupadd media
+        chown -R :media /downloads
 
-    cd /opt
+        cd /opt
 
-    useradd lidarr
-    usermod -aG media lidarr
-    mkdir -p /var/lib/lidarr
-    chown lidarr:lidarr -R /var/lib/lidarr
-    wget --content-disposition "http://lidarr.servarr.com/v1/update/nightly/updatefile?os=linux&runtime=netcore&arch=${ARCH}" -O Lidarr.linux.tar.gz
-    tar -xvzf Lidarr*.linux*.tar.gz
-    chown lidarr:lidarr -R /opt/Lidarr
-    systemctl enable lidarr.service
+        useradd lidarr
+        usermod -aG media lidarr
+        mkdir -p /var/lib/lidarr
+        chown lidarr:lidarr -R /var/lib/lidarr
+        wget --content-disposition "http://lidarr.servarr.com/v1/update/nightly/updatefile?os=linux&runtime=netcore&arch=${ARCH}" -O Lidarr.linux.tar.gz
+        tar -xvzf Lidarr*.linux*.tar.gz
+        chown lidarr:lidarr -R /opt/Lidarr
+        systemctl enable lidarr.service
diff --git a/templates/matomo.yml b/templates/matomo.yml
index 320649c..4ade34a 100644
--- a/templates/matomo.yml
+++ b/templates/matomo.yml
@@ -1,113 +1,122 @@
-name: Matomo
-
-files:
-- path: /opt/certs/rootCA.config
-  generator: copy
-  source: assets/rootCA.config
-
-- path: /opt/ssl.conf
-  generator: dump
-  content: |-
-    <VirtualHost *:443>
-            ServerAdmin webmaster@localhost
-            DocumentRoot /var/www/html
-            ErrorLog ${APACHE_LOG_DIR}/error.log
-            CustomLog ${APACHE_LOG_DIR}/access.log combined
-            SSLEngine on
-            SSLCertificateFile      /etc/ssl/certs/rootCA.crt
-            SSLCertificateKeyFile   /etc/ssl/private/rootCA.key
-            <FilesMatch "\.(?:cgi|shtml|phtml|php)$">
-                    SSLOptions +StdEnvVars
-            </FilesMatch>
-            <Directory /usr/lib/cgi-bin>
-                    SSLOptions +StdEnvVars
-            </Directory>
-    </VirtualHost>
-
-- path: /var/matomo/init.sh
-  generator: dump
-  mode: '0755'
-  content: |-
-    #!/bin/bash
-
-    sed -i "/'tables_prefix' => 'matomo_'/ r /var/matomo/re.php" /var/www/html/plugins/Installation/FormDatabaseSetup.php
-    sed -i "/<h2>{{ 'Installation/ r /var/matomo/re.twig" /var/www/html/plugins/Installation/templates/databaseSetup.twig
-    sed -i "s|File integrity check failed and reported some errors. You should fix this issue and then refresh this page until it shows no error.|File integrity check failed and reported some errors. But this is expected due to some changes done on DB the setup form default values during the LXC packaging. The expected modified files are: /var/www/html/lang/en.json, /var/www/html/plugins/Installation/FormDatabaseSetup.php and /var/www/html/plugins/Installation/templates/databaseSetup.twig|" /var/www/html/lang/en.json
-
-    mysql -e "CREATE DATABASE matomo_db;"
-    mysql -e "CREATE USER 'matomo_u'@'localhost';"
-    mysql -e "GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, INDEX, DROP, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES ON matomo_db.* TO 'matomo_u'@'localhost';"
-    mysql -e "GRANT FILE ON *.* TO 'matomo_u'@'localhost';"
-
-    a2enmod ssl
-    a2ensite default-ssl
-    a2dissite 000-default.conf
-    systemctl reload apache2
-
-- path: /var/matomo/re.twig
-  generator: dump
-  mode: '0644'
-  content: |-
+metadata:
+  name: Matomo
+  get_version_command: curl -s https://api.github.com/repos/matomo-org/matomo/releases/latest | jq -r '.tag_name'
+  description: Google Analytics alternative that protects your data and your customers' privacy.
+  categories: Analytics, SEO, Tracking
+  project_source: https://github.com/matomo-org/matomo
+  distribution: debian
+  release: bookworm
+  architectures:
+    - amd64
+instructions:
+  files:
+    - path: /opt/certs/rootCA.config
+      generator: copy
+      source: assets/rootCA.config
+
+    - path: /opt/ssl.conf
+      generator: dump
+      content: |-
+        <VirtualHost *:443>
+                ServerAdmin webmaster@localhost
+                DocumentRoot /var/www/html
+                ErrorLog ${APACHE_LOG_DIR}/error.log
+                CustomLog ${APACHE_LOG_DIR}/access.log combined
+                SSLEngine on
+                SSLCertificateFile      /etc/ssl/certs/rootCA.crt
+                SSLCertificateKeyFile   /etc/ssl/private/rootCA.key
+                <FilesMatch "\.(?:cgi|shtml|phtml|php)$">
+                        SSLOptions +StdEnvVars
+                </FilesMatch>
+                <Directory /usr/lib/cgi-bin>
+                        SSLOptions +StdEnvVars
+                </Directory>
+        </VirtualHost>
+
+    - path: /var/matomo/init.sh
+      generator: dump
+      mode: "0755"
+      content: |-
+        #!/bin/bash
+
+        sed -i "/'tables_prefix' => 'matomo_'/ r /var/matomo/re.php" /var/www/html/plugins/Installation/FormDatabaseSetup.php
+        sed -i "/<h2>{{ 'Installation/ r /var/matomo/re.twig" /var/www/html/plugins/Installation/templates/databaseSetup.twig
+        sed -i "s|File integrity check failed and reported some errors. You should fix this issue and then refresh this page until it shows no error.|File integrity check failed and reported some errors. But this is expected due to some changes done on DB the setup form default values during the LXC packaging. The expected modified files are: /var/www/html/lang/en.json, /var/www/html/plugins/Installation/FormDatabaseSetup.php and /var/www/html/plugins/Installation/templates/databaseSetup.twig|" /var/www/html/lang/en.json
+
+        mysql -e "CREATE DATABASE matomo_db;"
+        mysql -e "CREATE USER 'matomo_u'@'localhost';"
+        mysql -e "GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, INDEX, DROP, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES ON matomo_db.* TO 'matomo_u'@'localhost';"
+        mysql -e "GRANT FILE ON *.* TO 'matomo_u'@'localhost';"
+
+        a2enmod ssl
+        a2ensite default-ssl
+        a2dissite 000-default.conf
+        systemctl reload apache2
+
+    - path: /var/matomo/re.twig
+      generator: dump
+      mode: "0644"
+      content: |-
         <p style="background: #f5f4f1; padding: 5px;">
           You can use the pre-configured MySQL database below:<br>
           <strong>Database Server: 127.0.0.1, Database Name: matomo_db, Login: matomo_u</strong>
         </p>
 
-- path: /var/matomo/re.php
-  generator: dump
-  mode: '0644'
-  content: |-
-                'username' => 'matomo_u',
-                'password' => '',
-                'dbname' => 'matomo_db',
-
-- path: /etc/systemd/system/matomo-init.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=DB init for Matomo
-    After=network.target mariadb.service apache2.service
-    ConditionPathExists=!/var/matomo/.initialized__
-
-    [Service]
-    Type=oneshot
-    RemainAfterExit=yes
-    ExecStart=/var/matomo/init.sh
-    ExecStart=/usr/bin/touch /var/matomo/.initialized__
-
-    [Install]
-    WantedBy=multi-user.target
-
-packages:
-- unzip
-- php
-- php-mysql
-- php-curl
-- php-cli
-- php-gd
-- php-xml
-- php-mbstring
-- libapache2-mod-php
-- mariadb-server
-
-actions:
-- trigger: post-files
-  pongo: true
-  action: |-
-    #!/bin/bash
-    set -eux
-
-    openssl req -x509 -newkey rsa:4096 -keyout /etc/ssl/private/rootCA.key -out /etc/ssl/certs/rootCA.crt -sha256 -days 3650 -nodes -config /opt/certs/rootCA.config
-
-    wget -O /tmp/matomo.zip https://builds.matomo.org/matomo-{{image.serial}}.zip
-    unzip /tmp/matomo.zip -d /tmp
-    rm -rf /var/www/html/*
-    cp -r /tmp/matomo/* /var/www/html/
-    chown www-data: -R /var/www/
-
-    cp /opt/ssl.conf /etc/apache2/sites-available/default-ssl.conf
-
-    systemctl enable matomo-init
-    systemctl enable mariadb
-    systemctl enable apache2
+    - path: /var/matomo/re.php
+      generator: dump
+      mode: "0644"
+      content: |-
+        'username' => 'matomo_u',
+        'password' => '',
+        'dbname' => 'matomo_db',
+
+    - path: /etc/systemd/system/matomo-init.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=DB init for Matomo
+        After=network.target mariadb.service apache2.service
+        ConditionPathExists=!/var/matomo/.initialized__
+
+        [Service]
+        Type=oneshot
+        RemainAfterExit=yes
+        ExecStart=/var/matomo/init.sh
+        ExecStart=/usr/bin/touch /var/matomo/.initialized__
+
+        [Install]
+        WantedBy=multi-user.target
+
+  packages:
+    - unzip
+    - php
+    - php-mysql
+    - php-curl
+    - php-cli
+    - php-gd
+    - php-xml
+    - php-mbstring
+    - libapache2-mod-php
+    - mariadb-server
+
+  actions:
+    - trigger: post-files
+      pongo: true
+      action: |-
+        #!/bin/bash
+        set -eux
+
+        openssl req -x509 -newkey rsa:4096 -keyout /etc/ssl/private/rootCA.key -out /etc/ssl/certs/rootCA.crt -sha256 -days 3650 -nodes -config /opt/certs/rootCA.config
+
+        wget -O /tmp/matomo.zip https://builds.matomo.org/matomo-{{image.serial}}.zip
+        unzip /tmp/matomo.zip -d /tmp
+        rm -rf /var/www/html/*
+        cp -r /tmp/matomo/* /var/www/html/
+        chown www-data: -R /var/www/
+
+        cp /opt/ssl.conf /etc/apache2/sites-available/default-ssl.conf
+
+        systemctl enable matomo-init
+        systemctl enable mariadb
+        systemctl enable apache2
diff --git a/templates/n8n.yml b/templates/n8n.yml
index 168a874..f5061dc 100644
--- a/templates/n8n.yml
+++ b/templates/n8n.yml
@@ -1,85 +1,94 @@
-name: n8n
+metadata:
+  name: n8n
+  get_version_command: curl -s https://api.github.com/repos/n8n-io/n8n/releases/latest | jq -r '.tag_name' | sed -E 's/.+@//'
+  description: n8n is a free and source-available workflow automation tool.
+  categories: Automation, Workflows
+  project_source: https://github.com/n8n-io/n8n
+  distribution: debian
+  release: bookworm
+  architectures:
+    - amd64
+instructions:
+  files:
+    - path: /opt/n8n/.env
+      generator: dump
+      mode: "0440"
+      content: |-
+        PORT=5678
+        NODE_ENV="production"
+        NODE_OPTIONS="--no-experimental-fetch"
+        N8N_RELEASE_TYPE=stable
 
-files:
-- path: /opt/n8n/.env
-  generator: dump
-  mode: '0440'
-  content: |-
-    PORT=5678
-    NODE_ENV="production"
-    NODE_OPTIONS="--no-experimental-fetch"
-    N8N_RELEASE_TYPE=stable
+    - path: /etc/systemd/system/n8n.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=n8n - Workflow automation tool
+        After=network.target
+        ConditionPathExists=/opt/n8n/.installed__
 
-- path: /etc/systemd/system/n8n.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=n8n - Workflow automation tool
-    After=network.target
-    ConditionPathExists=/opt/n8n/.installed__
+        [Service]
+        Type=simple
+        EnvironmentFile=/opt/n8n/.env
+        PIDFile=/opt/n8n/n8n.pid
+        ExecStart=/usr/bin/n8n start
+        Restart=always
 
-    [Service]
-    Type=simple
-    EnvironmentFile=/opt/n8n/.env
-    PIDFile=/opt/n8n/n8n.pid
-    ExecStart=/usr/bin/n8n start
-    Restart=always
+        [Install]
+        WantedBy=multi-user.target
 
-    [Install]
-    WantedBy=multi-user.target
+  packages:
+    - git
+    - nodejs
 
-packages:
-- git
-- nodejs
+  repositories:
+    - name: nodejs
+      url: |-
+        deb http://deb.nodesource.com/node_20.x nodistro main
+      key: |-
+        -----BEGIN PGP PUBLIC KEY BLOCK-----
 
-repositories:
-  - name: nodejs
-    url: |-
-      deb http://deb.nodesource.com/node_20.x nodistro main
-    key: |-
-      -----BEGIN PGP PUBLIC KEY BLOCK-----
+        mQENBFdDN1ABCADaNd/I3j3tn40deQNgz7hB2NvT+syXe6k4ZmdiEcOfBvFrkS8B
+        hNS67t93etHsxEy7E0qwsZH32bKazMqe9zDwoa3aVImryjh6SHC9lMtW27JPHFeM
+        Srkt9YmH1WMwWcRO6eSY9B3PpazquhnvbammLuUojXRIxkDroy6Fw4UKmUNSRr32
+        9Ej87jRoR1B2/57Kfp2Y4+vFGGzSvh3AFQpBHq51qsNHALU6+8PjLfIt+5TPvaWR
+        TB+kAZnQZkaIQM2nr1n3oj6ak2RATY/+kjLizgFWzgEfbCrbsyq68UoY5FPBnu4Z
+        E3iDZpaIqwKr0seUC7iA1xM5eHi5kty1oB7HABEBAAG0Ik5Tb2xpZCA8bnNvbGlk
+        LWdwZ0Bub2Rlc291cmNlLmNvbT6JATgEEwECACIFAldDN1ACGwMGCwkIBwMCBhUI
+        AgkKCwQWAgMBAh4BAheAAAoJEC9ZtfmbG+C0y7wH/i4xnab36dtrYW7RZwL8i6Sc
+        NjMx4j9+U1kr/F6YtqWd+JwCbBdar5zRghxPcYEq/qf7MbgAYcs1eSOuTOb7n7+o
+        xUwdH2iCtHhKh3Jr2mRw1ks7BbFZPB5KmkxHaEBfLT4d+I91ZuUdPXJ+0SXs9gzk
+        Dbz65Uhoz3W03aiF8HeL5JNARZFMbHHNVL05U1sTGTCOtu+1c/33f3TulQ/XZ3Y4
+        hwGCpLe0Tv7g7Lp3iLMZMWYPEa0a7S4u8he5IEJQLd8bE8jltcQvrdr3Fm8kI2Jg
+        BJmUmX4PSfhuTCFaR/yeCt3UoW883bs9LfbTzIx9DJGpRIu8Y0IL3b4sj/GoZVq5
+        AQ0EV0M3UAEIAKrTaC62ayzqOIPa7nS90BHHck4Z33a2tZF/uof38xNOiyWGhT8u
+        JeFoTTHn5SQq5Ftyu4K3K2fbbpuu/APQF05AaljzVkDGNMW4pSkgOasdysj831cu
+        ssrHX2RYS22wg80k6C/Hwmh5F45faEuNxsV+bPx7oPUrt5n6GMx84vEP3i1+FDBi
+        0pt/B/QnDFBXki1BGvJ35f5NwDefK8VaInxXP3ZN/WIbtn5dqxppkV/YkO7GiJlp
+        Jlju9rf3kKUIQzKQWxFsbCAPIHoWv7rH9RSxgDithXtG6Yg5R1aeBbJaPNXL9wpJ
+        YBJbiMjkAFaz4B95FOqZm3r7oHugiCGsHX0AEQEAAYkBHwQYAQIACQUCV0M3UAIb
+        DAAKCRAvWbX5mxvgtE/OB/0VN88DR3Y3fuqy7lq/dthkn7Dqm9YXdorZl3L152eE
+        IF882aG8FE3qZdaLGjQO4oShAyNWmRfSGuoH0XERXAI9n0r8m4mDMxE6rtP7tHet
+        y/5M8x3CTyuMgx5GLDaEUvBusnTD+/v/fBMwRK/cZ9du5PSG4R50rtst+oYyC2ao
+        x4I2SgjtF/cY7bECsZDplzatN3gv34PkcdIg8SLHAVlL4N5tzumDeizRspcSyoy2
+        K2+hwKU4C4+dekLLTg8rjnRROvplV2KtaEk6rxKtIRFDCoQng8wfJuIMrDNKvqZw
+        FRGt7cbvW5MCnuH8MhItOl9Uxp1wHp6gtav/h8Gp6MBa
+        =MARt
+        -----END PGP PUBLIC KEY BLOCK-----
 
-      mQENBFdDN1ABCADaNd/I3j3tn40deQNgz7hB2NvT+syXe6k4ZmdiEcOfBvFrkS8B
-      hNS67t93etHsxEy7E0qwsZH32bKazMqe9zDwoa3aVImryjh6SHC9lMtW27JPHFeM
-      Srkt9YmH1WMwWcRO6eSY9B3PpazquhnvbammLuUojXRIxkDroy6Fw4UKmUNSRr32
-      9Ej87jRoR1B2/57Kfp2Y4+vFGGzSvh3AFQpBHq51qsNHALU6+8PjLfIt+5TPvaWR
-      TB+kAZnQZkaIQM2nr1n3oj6ak2RATY/+kjLizgFWzgEfbCrbsyq68UoY5FPBnu4Z
-      E3iDZpaIqwKr0seUC7iA1xM5eHi5kty1oB7HABEBAAG0Ik5Tb2xpZCA8bnNvbGlk
-      LWdwZ0Bub2Rlc291cmNlLmNvbT6JATgEEwECACIFAldDN1ACGwMGCwkIBwMCBhUI
-      AgkKCwQWAgMBAh4BAheAAAoJEC9ZtfmbG+C0y7wH/i4xnab36dtrYW7RZwL8i6Sc
-      NjMx4j9+U1kr/F6YtqWd+JwCbBdar5zRghxPcYEq/qf7MbgAYcs1eSOuTOb7n7+o
-      xUwdH2iCtHhKh3Jr2mRw1ks7BbFZPB5KmkxHaEBfLT4d+I91ZuUdPXJ+0SXs9gzk
-      Dbz65Uhoz3W03aiF8HeL5JNARZFMbHHNVL05U1sTGTCOtu+1c/33f3TulQ/XZ3Y4
-      hwGCpLe0Tv7g7Lp3iLMZMWYPEa0a7S4u8he5IEJQLd8bE8jltcQvrdr3Fm8kI2Jg
-      BJmUmX4PSfhuTCFaR/yeCt3UoW883bs9LfbTzIx9DJGpRIu8Y0IL3b4sj/GoZVq5
-      AQ0EV0M3UAEIAKrTaC62ayzqOIPa7nS90BHHck4Z33a2tZF/uof38xNOiyWGhT8u
-      JeFoTTHn5SQq5Ftyu4K3K2fbbpuu/APQF05AaljzVkDGNMW4pSkgOasdysj831cu
-      ssrHX2RYS22wg80k6C/Hwmh5F45faEuNxsV+bPx7oPUrt5n6GMx84vEP3i1+FDBi
-      0pt/B/QnDFBXki1BGvJ35f5NwDefK8VaInxXP3ZN/WIbtn5dqxppkV/YkO7GiJlp
-      Jlju9rf3kKUIQzKQWxFsbCAPIHoWv7rH9RSxgDithXtG6Yg5R1aeBbJaPNXL9wpJ
-      YBJbiMjkAFaz4B95FOqZm3r7oHugiCGsHX0AEQEAAYkBHwQYAQIACQUCV0M3UAIb
-      DAAKCRAvWbX5mxvgtE/OB/0VN88DR3Y3fuqy7lq/dthkn7Dqm9YXdorZl3L152eE
-      IF882aG8FE3qZdaLGjQO4oShAyNWmRfSGuoH0XERXAI9n0r8m4mDMxE6rtP7tHet
-      y/5M8x3CTyuMgx5GLDaEUvBusnTD+/v/fBMwRK/cZ9du5PSG4R50rtst+oYyC2ao
-      x4I2SgjtF/cY7bECsZDplzatN3gv34PkcdIg8SLHAVlL4N5tzumDeizRspcSyoy2
-      K2+hwKU4C4+dekLLTg8rjnRROvplV2KtaEk6rxKtIRFDCoQng8wfJuIMrDNKvqZw
-      FRGt7cbvW5MCnuH8MhItOl9Uxp1wHp6gtav/h8Gp6MBa
-      =MARt
-      -----END PGP PUBLIC KEY BLOCK-----
+  actions:
+    - trigger: post-files
+      pongo: true
+      action: |-
+        #!/bin/bash
+        set -eux
 
-actions:
-- trigger: post-files
-  pongo: true
-  action: |-
-    #!/bin/bash
-    set -eux
+        PORT=5678
+        NODE_ENV=production
+        N8N_RELEASE_TYPE=stable
 
-    PORT=5678
-    NODE_ENV=production
-    N8N_RELEASE_TYPE=stable
+        npm install -g n8n@v{{ image.serial }}
+        touch /opt/n8n/.installed__
 
-    npm install -g n8n@v{{ image.serial }}
-    touch /opt/n8n/.installed__
-
-    systemctl enable n8n.service
+        systemctl enable n8n.service
diff --git a/templates/nextcloud.yml b/templates/nextcloud.yml
index 6d174c1..bbf83ff 100644
--- a/templates/nextcloud.yml
+++ b/templates/nextcloud.yml
@@ -1,159 +1,168 @@
-name: NextCloud
-
-files:
-- path: /opt/certs/rootCA.config
-  generator: copy
-  source: assets/rootCA.config
-
-- path: /opt/ssl.conf
-  generator: dump
-  content: |-
-    <VirtualHost *:443>
-            ServerAdmin webmaster@localhost
-
-            DocumentRoot /var/www/html
-
-            ErrorLog ${APACHE_LOG_DIR}/error.log
-            CustomLog ${APACHE_LOG_DIR}/access.log combined
-            SSLEngine on
-
-            SSLCertificateFile      /etc/ssl/certs/rootCA.crt
-            SSLCertificateKeyFile   /etc/ssl/private/rootCA.key
-
-            <FilesMatch "\.(?:cgi|shtml|phtml|php)$">
-                    SSLOptions +StdEnvVars
-            </FilesMatch>
-
-            <Directory /usr/lib/cgi-bin>
-                    SSLOptions +StdEnvVars
-            </Directory>
-            <Directory "/var/www">
-                    Options MultiViews FollowSymlinks
-                    Order allow,deny
-                    Allow from all
-                    AllowOverride All
-            </Directory>
-            <Directory "/var/www/data">
-                    Deny from all
-            </Directory>
-
-            <IfModule mod_headers.c>
-                    Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
-            </IfModule>
-    </VirtualHost>
-
-- path: /etc/systemd/system/nextcloud-init.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=DB init for NextCloud
-    After=network.target mariadb.service apache2.service
-    ConditionPathExists=!/var/nextcloud/.initialized__
-
-    [Service]
-    Type=oneshot
-    RemainAfterExit=yes
-    ExecStart=/var/nextcloud/init.sh
-
-    [Install]
-    WantedBy=multi-user.target
-
-- path: /etc/systemd/system/nextcloud-optimize.timer
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=Run perf optimization for NextCloud periodically
-
-    [Timer]
-    Unit=nextcloud-optimize.service
-    OnCalendar=*-*-* *:*:00,30
-
-    [Install]
-    WantedBy=multi-user.target
-
-- path: /etc/systemd/system/nextcloud-optimize.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=Perf optimization for NextCloud
-    After=network.target mariadb.service apache2.service
-    ConditionPathExists=/var/www/html/config/config.php
-    ConditionPathExists=!/var/nextcloud/.optimized__
-
-    [Service]
-    Type=oneshot
-    ExecStart=/usr/bin/sed -i "/'instanceid' => '/ a 'memcache.locking' => '\\\\OC\\\\Memcache\\\\Redis'," /var/www/html/config/config.php
-    ExecStart=/usr/bin/sed -i "/'instanceid' => '/ a 'memcache.local' => '\\\\OC\\\\Memcache\\\\APCu'," /var/www/html/config/config.php
-    ExecStart=/usr/bin/chmod 660 /var/www/html/config/config.php
-    ExecStart=/usr/bin/chown root:www-data /var/www/html/config/config.php
-    ExecStart=/usr/bin/touch /var/nextcloud/.optimized__
-
-    [Install]
-    WantedBy=multi-user.target
-
-packages:
-- unzip
-- mariadb-server
-- redis
-- php
-- php-common
-- php-cli
-- php-mysql
-- php-redis
-- php-imagick
-- php-curl
-- php-zip
-- php-xml
-- php-apcu
-- php-gd
-- php-gmp
-- php-intl
-- php-mbstring
-- php-bcmath
-- libapache2-mod-php
-
-actions:
-- trigger: post-files
-  pongo: true
-  action: |-
-    #!/bin/bash
-    set -eux
-
-    openssl req -x509 -newkey rsa:4096 -keyout /etc/ssl/private/rootCA.key -out /etc/ssl/certs/rootCA.crt -sha256 -days 3650 -nodes -config /opt/certs/rootCA.config
-
-    wget -O /tmp/nextcloud.zip https://download.nextcloud.com/server/releases/nextcloud-{{image.serial}}.zip
-    unzip /tmp/nextcloud.zip -d /tmp
-    rm -rf /var/www/html
-    cp -r /tmp/nextcloud /var/www/html
-    mkdir -p /var/www/html/data
-    chown www-data: -R /var/www/
-
-    cp /opt/ssl.conf /etc/apache2/sites-available/default-ssl.conf
-
-    PHP_VERSION=$(php -v|grep cli|awk '{print $2}'|cut -d . -f1-2)
-
-    sed -iE "s|^output_buffering.*|output_buffering = Off|" /etc/php/$PHP_VERSION/apache2/php.ini
-    sed -iE "s|^memory_limit.*|memory_limit = 512M|" /etc/php/$PHP_VERSION/apache2/php.ini
-    sed -iE "s|^upload_max_filesize.*|upload_max_filesize = 256M|" /etc/php/$PHP_VERSION/apache2/php.ini
-    sed -iE "s|^max_file_uploads.*|max_file_uploads = 100|" /etc/php/$PHP_VERSION/apache2/php.ini
-    sed -iE "s|^max_execution_time.*|max_execution_time = 360|" /etc/php/$PHP_VERSION/apache2/php.ini
-    sed -iE "s|^post_max_size.*|post_max_size = 256M|" /etc/php/$PHP_VERSION/apache2/php.ini
-    sed -iE "s|^;date.timezone.*|date.timezone = UTC|" /etc/php/$PHP_VERSION/apache2/php.ini
-    sed -iE "s|^;opcache.enable.*|opcache.enable = 1|" /etc/php/$PHP_VERSION/apache2/php.ini
-    sed -iE "s|^;opcache.interned_strings_buffer.*|opcache.interned_strings_buffer = 16|" /etc/php/$PHP_VERSION/apache2/php.ini
-    sed -iE "s|^;opcache.max_accelerated_files.*|opcache.max_accelerated_files = 10000|" /etc/php/$PHP_VERSION/apache2/php.ini
-    sed -iE "s|^;opcache.memory_consumption.*|opcache.memory_consumption = 128|" /etc/php/$PHP_VERSION/apache2/php.ini
-    sed -iE "s|^;opcache.save_comments.*|opcache.save_comments = 1|" /etc/php/$PHP_VERSION/apache2/php.ini
-    sed -iE "s|^;opcache.revalidate_freq.*|opcache.revalidate_freq = 1|" /etc/php/$PHP_VERSION/apache2/php.ini
-
-    sed -iE "s|'dbname' => '',|'dbname' => 'nextcloud_db',|" /var/www/html/core/Controller/SetupController.php
-    sed -iE "s|'dbuser' => '',|'dbuser' => 'nextcloud_u',|" /var/www/html/core/Controller/SetupController.php
-
-    systemctl enable mariadb
-    systemctl enable redis-server
-    systemctl enable apache2
-    systemctl enable nextcloud-init
-    systemctl enable nextcloud-optimize.timer
+metadata:
+  name: NextCloud
+  get_version_command: curl -s https://api.github.com/repos/nextcloud/server/releases/latest | jq -r '.tag_name'
+  description: Fully open-source, on-premises content collaboration platform.
+  categories: Personal Cloud, Data Privacy
+  project_source: https://github.com/nextcloud/server
+  distribution: debian
+  release: bookworm
+  architectures:
+    - amd64
+instructions:
+  files:
+    - path: /opt/certs/rootCA.config
+      generator: copy
+      source: assets/rootCA.config
+
+    - path: /opt/ssl.conf
+      generator: dump
+      content: |-
+        <VirtualHost *:443>
+                ServerAdmin webmaster@localhost
+
+                DocumentRoot /var/www/html
+
+                ErrorLog ${APACHE_LOG_DIR}/error.log
+                CustomLog ${APACHE_LOG_DIR}/access.log combined
+                SSLEngine on
+
+                SSLCertificateFile      /etc/ssl/certs/rootCA.crt
+                SSLCertificateKeyFile   /etc/ssl/private/rootCA.key
+
+                <FilesMatch "\.(?:cgi|shtml|phtml|php)$">
+                        SSLOptions +StdEnvVars
+                </FilesMatch>
+
+                <Directory /usr/lib/cgi-bin>
+                        SSLOptions +StdEnvVars
+                </Directory>
+                <Directory "/var/www">
+                        Options MultiViews FollowSymlinks
+                        Order allow,deny
+                        Allow from all
+                        AllowOverride All
+                </Directory>
+                <Directory "/var/www/data">
+                        Deny from all
+                </Directory>
+
+                <IfModule mod_headers.c>
+                        Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
+                </IfModule>
+        </VirtualHost>
+
+    - path: /etc/systemd/system/nextcloud-init.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=DB init for NextCloud
+        After=network.target mariadb.service apache2.service
+        ConditionPathExists=!/var/nextcloud/.initialized__
+
+        [Service]
+        Type=oneshot
+        RemainAfterExit=yes
+        ExecStart=/var/nextcloud/init.sh
+
+        [Install]
+        WantedBy=multi-user.target
+
+    - path: /etc/systemd/system/nextcloud-optimize.timer
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=Run perf optimization for NextCloud periodically
+
+        [Timer]
+        Unit=nextcloud-optimize.service
+        OnCalendar=*-*-* *:*:00,30
+
+        [Install]
+        WantedBy=multi-user.target
+
+    - path: /etc/systemd/system/nextcloud-optimize.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=Perf optimization for NextCloud
+        After=network.target mariadb.service apache2.service
+        ConditionPathExists=/var/www/html/config/config.php
+        ConditionPathExists=!/var/nextcloud/.optimized__
+
+        [Service]
+        Type=oneshot
+        ExecStart=/usr/bin/sed -i "/'instanceid' => '/ a 'memcache.locking' => '\\\\OC\\\\Memcache\\\\Redis'," /var/www/html/config/config.php
+        ExecStart=/usr/bin/sed -i "/'instanceid' => '/ a 'memcache.local' => '\\\\OC\\\\Memcache\\\\APCu'," /var/www/html/config/config.php
+        ExecStart=/usr/bin/chmod 660 /var/www/html/config/config.php
+        ExecStart=/usr/bin/chown root:www-data /var/www/html/config/config.php
+        ExecStart=/usr/bin/touch /var/nextcloud/.optimized__
+
+        [Install]
+        WantedBy=multi-user.target
+
+  packages:
+    - unzip
+    - mariadb-server
+    - redis
+    - php
+    - php-common
+    - php-cli
+    - php-mysql
+    - php-redis
+    - php-imagick
+    - php-curl
+    - php-zip
+    - php-xml
+    - php-apcu
+    - php-gd
+    - php-gmp
+    - php-intl
+    - php-mbstring
+    - php-bcmath
+    - libapache2-mod-php
+
+  actions:
+    - trigger: post-files
+      pongo: true
+      action: |-
+        #!/bin/bash
+        set -eux
+
+        openssl req -x509 -newkey rsa:4096 -keyout /etc/ssl/private/rootCA.key -out /etc/ssl/certs/rootCA.crt -sha256 -days 3650 -nodes -config /opt/certs/rootCA.config
+
+        wget -O /tmp/nextcloud.zip https://download.nextcloud.com/server/releases/nextcloud-{{image.serial}}.zip
+        unzip /tmp/nextcloud.zip -d /tmp
+        rm -rf /var/www/html
+        cp -r /tmp/nextcloud /var/www/html
+        mkdir -p /var/www/html/data
+        chown www-data: -R /var/www/
+
+        cp /opt/ssl.conf /etc/apache2/sites-available/default-ssl.conf
+
+        PHP_VERSION=$(php -v|grep cli|awk '{print $2}'|cut -d . -f1-2)
+
+        sed -iE "s|^output_buffering.*|output_buffering = Off|" /etc/php/$PHP_VERSION/apache2/php.ini
+        sed -iE "s|^memory_limit.*|memory_limit = 512M|" /etc/php/$PHP_VERSION/apache2/php.ini
+        sed -iE "s|^upload_max_filesize.*|upload_max_filesize = 256M|" /etc/php/$PHP_VERSION/apache2/php.ini
+        sed -iE "s|^max_file_uploads.*|max_file_uploads = 100|" /etc/php/$PHP_VERSION/apache2/php.ini
+        sed -iE "s|^max_execution_time.*|max_execution_time = 360|" /etc/php/$PHP_VERSION/apache2/php.ini
+        sed -iE "s|^post_max_size.*|post_max_size = 256M|" /etc/php/$PHP_VERSION/apache2/php.ini
+        sed -iE "s|^;date.timezone.*|date.timezone = UTC|" /etc/php/$PHP_VERSION/apache2/php.ini
+        sed -iE "s|^;opcache.enable.*|opcache.enable = 1|" /etc/php/$PHP_VERSION/apache2/php.ini
+        sed -iE "s|^;opcache.interned_strings_buffer.*|opcache.interned_strings_buffer = 16|" /etc/php/$PHP_VERSION/apache2/php.ini
+        sed -iE "s|^;opcache.max_accelerated_files.*|opcache.max_accelerated_files = 10000|" /etc/php/$PHP_VERSION/apache2/php.ini
+        sed -iE "s|^;opcache.memory_consumption.*|opcache.memory_consumption = 128|" /etc/php/$PHP_VERSION/apache2/php.ini
+        sed -iE "s|^;opcache.save_comments.*|opcache.save_comments = 1|" /etc/php/$PHP_VERSION/apache2/php.ini
+        sed -iE "s|^;opcache.revalidate_freq.*|opcache.revalidate_freq = 1|" /etc/php/$PHP_VERSION/apache2/php.ini
+
+        sed -iE "s|'dbname' => '',|'dbname' => 'nextcloud_db',|" /var/www/html/core/Controller/SetupController.php
+        sed -iE "s|'dbuser' => '',|'dbuser' => 'nextcloud_u',|" /var/www/html/core/Controller/SetupController.php
+
+        systemctl enable mariadb
+        systemctl enable redis-server
+        systemctl enable apache2
+        systemctl enable nextcloud-init
+        systemctl enable nextcloud-optimize.timer
diff --git a/templates/nodered.yml b/templates/nodered.yml
index c619d5d..c09b734 100644
--- a/templates/nodered.yml
+++ b/templates/nodered.yml
@@ -1,75 +1,84 @@
-name: Node-Red
+metadata:
+  name: Node-RED
+  get_version_command: curl -s https://api.github.com/repos/node-red/node-red/releases/latest | jq -r '.tag_name'
+  description: Low-code programming for event-driven applications
+  categories: Automation, Workflows
+  project_source: https://github.com/node-red/node-red
+  distribution: debian
+  release: bookworm
+  architectures:
+    - amd64
+instructions:
+  files:
+    - path: /etc/systemd/system/nodered.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=Node-RED
+        After=syslog.target network.target
 
-files:
-- path: /etc/systemd/system/nodered.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=Node-RED
-    After=syslog.target network.target
+        [Service]
+        ExecStart=/usr/bin/node-red --max-old-space-size=128 -v
+        Restart=on-failure
+        KillSignal=SIGINT
 
-    [Service]
-    ExecStart=/usr/bin/node-red --max-old-space-size=128 -v
-    Restart=on-failure
-    KillSignal=SIGINT
+        SyslogIdentifier=node-red
+        StandardOutput=syslog
 
-    SyslogIdentifier=node-red
-    StandardOutput=syslog
+        WorkingDirectory=/root/
+        User=root
+        Group=root
 
-    WorkingDirectory=/root/
-    User=root
-    Group=root
+        [Install]
+        WantedBy=multi-user.target
 
-    [Install]
-    WantedBy=multi-user.target
+  packages:
+    - git
+    - nodejs
 
-packages:
-- git
-- nodejs
+  repositories:
+    - name: nodejs
+      url: |-
+        deb http://deb.nodesource.com/node_20.x nodistro main
+      key: |-
+        -----BEGIN PGP PUBLIC KEY BLOCK-----
 
-repositories:
-  - name: nodejs
-    url: |-
-      deb http://deb.nodesource.com/node_20.x nodistro main
-    key: |-
-      -----BEGIN PGP PUBLIC KEY BLOCK-----
+        mQENBFdDN1ABCADaNd/I3j3tn40deQNgz7hB2NvT+syXe6k4ZmdiEcOfBvFrkS8B
+        hNS67t93etHsxEy7E0qwsZH32bKazMqe9zDwoa3aVImryjh6SHC9lMtW27JPHFeM
+        Srkt9YmH1WMwWcRO6eSY9B3PpazquhnvbammLuUojXRIxkDroy6Fw4UKmUNSRr32
+        9Ej87jRoR1B2/57Kfp2Y4+vFGGzSvh3AFQpBHq51qsNHALU6+8PjLfIt+5TPvaWR
+        TB+kAZnQZkaIQM2nr1n3oj6ak2RATY/+kjLizgFWzgEfbCrbsyq68UoY5FPBnu4Z
+        E3iDZpaIqwKr0seUC7iA1xM5eHi5kty1oB7HABEBAAG0Ik5Tb2xpZCA8bnNvbGlk
+        LWdwZ0Bub2Rlc291cmNlLmNvbT6JATgEEwECACIFAldDN1ACGwMGCwkIBwMCBhUI
+        AgkKCwQWAgMBAh4BAheAAAoJEC9ZtfmbG+C0y7wH/i4xnab36dtrYW7RZwL8i6Sc
+        NjMx4j9+U1kr/F6YtqWd+JwCbBdar5zRghxPcYEq/qf7MbgAYcs1eSOuTOb7n7+o
+        xUwdH2iCtHhKh3Jr2mRw1ks7BbFZPB5KmkxHaEBfLT4d+I91ZuUdPXJ+0SXs9gzk
+        Dbz65Uhoz3W03aiF8HeL5JNARZFMbHHNVL05U1sTGTCOtu+1c/33f3TulQ/XZ3Y4
+        hwGCpLe0Tv7g7Lp3iLMZMWYPEa0a7S4u8he5IEJQLd8bE8jltcQvrdr3Fm8kI2Jg
+        BJmUmX4PSfhuTCFaR/yeCt3UoW883bs9LfbTzIx9DJGpRIu8Y0IL3b4sj/GoZVq5
+        AQ0EV0M3UAEIAKrTaC62ayzqOIPa7nS90BHHck4Z33a2tZF/uof38xNOiyWGhT8u
+        JeFoTTHn5SQq5Ftyu4K3K2fbbpuu/APQF05AaljzVkDGNMW4pSkgOasdysj831cu
+        ssrHX2RYS22wg80k6C/Hwmh5F45faEuNxsV+bPx7oPUrt5n6GMx84vEP3i1+FDBi
+        0pt/B/QnDFBXki1BGvJ35f5NwDefK8VaInxXP3ZN/WIbtn5dqxppkV/YkO7GiJlp
+        Jlju9rf3kKUIQzKQWxFsbCAPIHoWv7rH9RSxgDithXtG6Yg5R1aeBbJaPNXL9wpJ
+        YBJbiMjkAFaz4B95FOqZm3r7oHugiCGsHX0AEQEAAYkBHwQYAQIACQUCV0M3UAIb
+        DAAKCRAvWbX5mxvgtE/OB/0VN88DR3Y3fuqy7lq/dthkn7Dqm9YXdorZl3L152eE
+        IF882aG8FE3qZdaLGjQO4oShAyNWmRfSGuoH0XERXAI9n0r8m4mDMxE6rtP7tHet
+        y/5M8x3CTyuMgx5GLDaEUvBusnTD+/v/fBMwRK/cZ9du5PSG4R50rtst+oYyC2ao
+        x4I2SgjtF/cY7bECsZDplzatN3gv34PkcdIg8SLHAVlL4N5tzumDeizRspcSyoy2
+        K2+hwKU4C4+dekLLTg8rjnRROvplV2KtaEk6rxKtIRFDCoQng8wfJuIMrDNKvqZw
+        FRGt7cbvW5MCnuH8MhItOl9Uxp1wHp6gtav/h8Gp6MBa
+        =MARt
+        -----END PGP PUBLIC KEY BLOCK-----
 
-      mQENBFdDN1ABCADaNd/I3j3tn40deQNgz7hB2NvT+syXe6k4ZmdiEcOfBvFrkS8B
-      hNS67t93etHsxEy7E0qwsZH32bKazMqe9zDwoa3aVImryjh6SHC9lMtW27JPHFeM
-      Srkt9YmH1WMwWcRO6eSY9B3PpazquhnvbammLuUojXRIxkDroy6Fw4UKmUNSRr32
-      9Ej87jRoR1B2/57Kfp2Y4+vFGGzSvh3AFQpBHq51qsNHALU6+8PjLfIt+5TPvaWR
-      TB+kAZnQZkaIQM2nr1n3oj6ak2RATY/+kjLizgFWzgEfbCrbsyq68UoY5FPBnu4Z
-      E3iDZpaIqwKr0seUC7iA1xM5eHi5kty1oB7HABEBAAG0Ik5Tb2xpZCA8bnNvbGlk
-      LWdwZ0Bub2Rlc291cmNlLmNvbT6JATgEEwECACIFAldDN1ACGwMGCwkIBwMCBhUI
-      AgkKCwQWAgMBAh4BAheAAAoJEC9ZtfmbG+C0y7wH/i4xnab36dtrYW7RZwL8i6Sc
-      NjMx4j9+U1kr/F6YtqWd+JwCbBdar5zRghxPcYEq/qf7MbgAYcs1eSOuTOb7n7+o
-      xUwdH2iCtHhKh3Jr2mRw1ks7BbFZPB5KmkxHaEBfLT4d+I91ZuUdPXJ+0SXs9gzk
-      Dbz65Uhoz3W03aiF8HeL5JNARZFMbHHNVL05U1sTGTCOtu+1c/33f3TulQ/XZ3Y4
-      hwGCpLe0Tv7g7Lp3iLMZMWYPEa0a7S4u8he5IEJQLd8bE8jltcQvrdr3Fm8kI2Jg
-      BJmUmX4PSfhuTCFaR/yeCt3UoW883bs9LfbTzIx9DJGpRIu8Y0IL3b4sj/GoZVq5
-      AQ0EV0M3UAEIAKrTaC62ayzqOIPa7nS90BHHck4Z33a2tZF/uof38xNOiyWGhT8u
-      JeFoTTHn5SQq5Ftyu4K3K2fbbpuu/APQF05AaljzVkDGNMW4pSkgOasdysj831cu
-      ssrHX2RYS22wg80k6C/Hwmh5F45faEuNxsV+bPx7oPUrt5n6GMx84vEP3i1+FDBi
-      0pt/B/QnDFBXki1BGvJ35f5NwDefK8VaInxXP3ZN/WIbtn5dqxppkV/YkO7GiJlp
-      Jlju9rf3kKUIQzKQWxFsbCAPIHoWv7rH9RSxgDithXtG6Yg5R1aeBbJaPNXL9wpJ
-      YBJbiMjkAFaz4B95FOqZm3r7oHugiCGsHX0AEQEAAYkBHwQYAQIACQUCV0M3UAIb
-      DAAKCRAvWbX5mxvgtE/OB/0VN88DR3Y3fuqy7lq/dthkn7Dqm9YXdorZl3L152eE
-      IF882aG8FE3qZdaLGjQO4oShAyNWmRfSGuoH0XERXAI9n0r8m4mDMxE6rtP7tHet
-      y/5M8x3CTyuMgx5GLDaEUvBusnTD+/v/fBMwRK/cZ9du5PSG4R50rtst+oYyC2ao
-      x4I2SgjtF/cY7bECsZDplzatN3gv34PkcdIg8SLHAVlL4N5tzumDeizRspcSyoy2
-      K2+hwKU4C4+dekLLTg8rjnRROvplV2KtaEk6rxKtIRFDCoQng8wfJuIMrDNKvqZw
-      FRGt7cbvW5MCnuH8MhItOl9Uxp1wHp6gtav/h8Gp6MBa
-      =MARt
-      -----END PGP PUBLIC KEY BLOCK-----
+  actions:
+    - trigger: post-files
+      pongo: true
+      action: |-
+        #!/bin/bash
+        set -eux
 
-actions:
-- trigger: post-files
-  pongo: true
-  action: |-
-    #!/bin/bash
-    set -eux
+        npm install -g --unsafe-perm node-red
 
-    npm install -g --unsafe-perm node-red
-
-    systemctl enable nodered.service
+        systemctl enable nodered.service
diff --git a/templates/omada.yml b/templates/omada.yml
index 8adb628..271b466 100644
--- a/templates/omada.yml
+++ b/templates/omada.yml
@@ -1,47 +1,56 @@
-name: Omada
-
-files:
-- path: /etc/systemd/system/nodered.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=Node-RED
-    After=syslog.target network.target
-
-    [Service]
-    ExecStart=/usr/bin/node-red --max-old-space-size=128 -v
-    Restart=on-failure
-    KillSignal=SIGINT
-
-    SyslogIdentifier=node-red
-    StandardOutput=syslog
-
-    WorkingDirectory=/root/
-    User=root
-    Group=root
-
-    [Install]
-    WantedBy=multi-user.target
-
-packages:
-- jsvc
-- nvidia-openjdk-8-jre
-- libssl-dev
-
-actions:
-- trigger: post-files
-  pongo: true
-  action: |-
-    #!/bin/bash
-    set -eux
-
-    cd /tmp
-
-    wget -qL https://repo.mongodb.org/apt/debian/dists/buster/mongodb-org/4.4/main/binary-amd64/mongodb-org-server_4.4.29_amd64.deb
-    apt install -fy ./mongodb-org-server*_amd64.deb
-
-    wget -qL $(curl -fsSL "https://www.tp-link.com/en/support/download/omada-software-controller/"|grep -io "https.*Omada_SDN_Controller.*linux_x64.deb"|head -n1)
-    apt install -fy ./*Omada_SDN_Controller*.deb
-
-    systemctl enable mongod.service
+metadata:
+  name: Omada
+  get_version_command: curl -fsSL "https://www.tp-link.com/en/support/download/omada-software-controller/"|grep -io "https.*Omada_SDN_Controller.*linux_x64.deb"|head -n1|grep -oE "v[0-9]+.[0-9]+.[0-9]+"
+  description: TP-Link Omada SDN Controller Solution offers centralized and efficient management for gateways, switches, and wAP.
+  categories: SDN, Networks
+  project_source: https://www.tp-link.com/en/support/download/omada-software-controller
+  distribution: debian
+  release: buster
+  architectures:
+    - amd64
+instructions:
+  files:
+    - path: /etc/systemd/system/nodered.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=Node-RED
+        After=syslog.target network.target
+
+        [Service]
+        ExecStart=/usr/bin/node-red --max-old-space-size=128 -v
+        Restart=on-failure
+        KillSignal=SIGINT
+
+        SyslogIdentifier=node-red
+        StandardOutput=syslog
+
+        WorkingDirectory=/root/
+        User=root
+        Group=root
+
+        [Install]
+        WantedBy=multi-user.target
+
+  packages:
+    - jsvc
+    - nvidia-openjdk-8-jre
+    - libssl-dev
+
+  actions:
+    - trigger: post-files
+      pongo: true
+      action: |-
+        #!/bin/bash
+        set -eux
+
+        cd /tmp
+
+        wget -qL https://repo.mongodb.org/apt/debian/dists/buster/mongodb-org/4.4/main/binary-amd64/mongodb-org-server_4.4.29_amd64.deb
+        apt-get install -fy ./mongodb-org-server*_amd64.deb
+
+        wget -qL $(curl -fsSL "https://www.tp-link.com/en/support/download/omada-software-controller/"|grep -io "https.*Omada_SDN_Controller.*linux_x64.deb"|head -n1)
+        apt-get install -fy ./*Omada_SDN_Controller*.deb
+
+        systemctl enable mongod.service
diff --git a/templates/prowlarr.yml b/templates/prowlarr.yml
index 598d89d..ea90926 100644
--- a/templates/prowlarr.yml
+++ b/templates/prowlarr.yml
@@ -1,47 +1,58 @@
-files:
-- path: /etc/systemd/system/prowlarr.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=Prowlarr Daemon
-    After=syslog.target network.target
-    [Service]
-    User=prowlarr
-    Group=media
-    Type=simple
-    ExecStart=/opt/Prowlarr/Prowlarr -nobrowser -data=/var/lib/prowlarr/
-    TimeoutStopSec=20
-    KillMode=process
-    Restart=on-failure
-    [Install]
-    WantedBy=multi-user.target
+metadata:
+  name: Prowlarr
+  get_version_command: curl -s https://api.github.com/repos/Prowlarr/Prowlarr/releases/latest | jq -r '.tag_name'
+  description: Prowlarr is an indexer manager/proxy built on the popular arr .net/reactjs base stack to integrate with your various PVR apps.
+  categories: Media management
+  project_source: https://wiki.servarr.com/prowlarr
+  distribution: debian
+  release: bookworm
+  architectures:
+    - amd64
+instructions:
+  files:
+    - path: /etc/systemd/system/prowlarr.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=Prowlarr Daemon
+        After=syslog.target network.target
+        [Service]
+        User=prowlarr
+        Group=media
+        Type=simple
+        ExecStart=/opt/Prowlarr/Prowlarr -nobrowser -data=/var/lib/prowlarr/
+        TimeoutStopSec=20
+        KillMode=process
+        Restart=on-failure
+        [Install]
+        WantedBy=multi-user.target
 
-packages:
-- git
-- sqlite3
+  packages:
+    - git
+    - sqlite3
 
-actions:
-- trigger: post-files
-  pongo: true
-  action: |-
-    #!/bin/bash
-    set -eux
+  actions:
+    - trigger: post-files
+      pongo: true
+      action: |-
+        #!/bin/bash
+        set -eux
 
-    export ARCH={{ image.architecture }}
-    if [[ "$ARCH" == "amd64" ]];then export ARCH="x64"; fi
+        export ARCH={{ image.architecture }}
+        if [[ "$ARCH" == "amd64" ]];then export ARCH="x64"; fi
 
-    mkdir /downloads
-    groupadd media
-    chown -R :media /downloads
+        mkdir /downloads
+        groupadd media
+        chown -R :media /downloads
 
-    cd /opt
+        cd /opt
 
-    useradd prowlarr
-    usermod -aG media prowlarr
-    mkdir -p /var/lib/prowlarr
-    chown prowlarr:prowlarr -R /var/lib/prowlarr
-    wget --content-disposition "http://prowlarr.servarr.com/v1/update/nightly/updatefile?os=linux&runtime=netcore&arch=${ARCH}" -O Prowlarr.linux.tar.gz
-    tar -xvzf Prowlarr*.linux*.tar.gz
-    chown prowlarr:prowlarr -R /opt/Prowlarr
-    systemctl enable prowlarr.service
+        useradd prowlarr
+        usermod -aG media prowlarr
+        mkdir -p /var/lib/prowlarr
+        chown prowlarr:prowlarr -R /var/lib/prowlarr
+        wget --content-disposition "http://prowlarr.servarr.com/v1/update/nightly/updatefile?os=linux&runtime=netcore&arch=${ARCH}" -O Prowlarr.linux.tar.gz
+        tar -xvzf Prowlarr*.linux*.tar.gz
+        chown prowlarr:prowlarr -R /opt/Prowlarr
+        systemctl enable prowlarr.service
diff --git a/templates/radarr.yml b/templates/radarr.yml
index d5c3523..0defa6f 100644
--- a/templates/radarr.yml
+++ b/templates/radarr.yml
@@ -1,84 +1,95 @@
-files:
-- path: /etc/systemd/system/radarr.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=Radarr Daemon
-    After=syslog.target network.target
-    [Service]
-    User=radarr
-    Group=media
-    Type=simple
-    ExecStart=/opt/Radarr/Radarr -nobrowser -data=/var/lib/radarr/
-    TimeoutStopSec=20
-    KillMode=process
-    Restart=on-failure
-    [Install]
-    WantedBy=multi-user.target
+metadata:
+  name: Radarr
+  get_version_command: curl -s https://api.github.com/repos/Radarr/Radarr/releases/latest | jq -r '.tag_name'
+  description: Radarr is a movie collection manager for Usenet and BitTorrent users.
+  categories: Media management
+  project_source: https://wiki.servarr.com/radarr
+  distribution: debian
+  release: bookworm
+  architectures:
+    - amd64
+instructions:
+  files:
+    - path: /etc/systemd/system/radarr.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=Radarr Daemon
+        After=syslog.target network.target
+        [Service]
+        User=radarr
+        Group=media
+        Type=simple
+        ExecStart=/opt/Radarr/Radarr -nobrowser -data=/var/lib/radarr/
+        TimeoutStopSec=20
+        KillMode=process
+        Restart=on-failure
+        [Install]
+        WantedBy=multi-user.target
 
-- path: /etc/systemd/system/bazarr.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=Bazarr Daemon
-    After=syslog.target network.target
-    [Service]
-    User=bazarr
-    Group=media
-    Type=simple
-    ExecStart=/opt/bazarr/venv/bin/python -u /opt/bazarr/bazarr.py
-    TimeoutStopSec=20
-    KillMode=process
-    Restart=on-failure
-    [Install]
-    WantedBy=multi-user.target
+    - path: /etc/systemd/system/bazarr.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=Bazarr Daemon
+        After=syslog.target network.target
+        [Service]
+        User=bazarr
+        Group=media
+        Type=simple
+        ExecStart=/opt/bazarr/venv/bin/python3 -u /opt/bazarr/bazarr.py
+        TimeoutStopSec=20
+        KillMode=process
+        Restart=on-failure
+        [Install]
+        WantedBy=multi-user.target
 
-packages:
-- git
-- sqlite3
-- python3-pip
-- python3-venv
-- python3-distutils
-- python3-dev
-- 7zip
-- unrar-free
-- unzip
+  packages:
+    - git
+    - sqlite3
+    - python3-pip
+    - python3-venv
+    - python3-distutils
+    - python3-dev
+    - 7zip
+    - unrar-free
+    - unzip
 
-actions:
-- trigger: post-files
-  pongo: true
-  action: |-
-    #!/bin/bash
-    set -eux
+  actions:
+    - trigger: post-files
+      pongo: true
+      action: |-
+        #!/bin/bash
+        set -eux
 
-    export ARCH={{ image.architecture }}
-    if [[ "$ARCH" == "amd64" ]];then export ARCH="x64"; fi
+        export ARCH={{ image.architecture }}
+        if [[ "$ARCH" == "amd64" ]];then export ARCH="x64"; fi
 
-    mkdir /downloads
-    groupadd media
-    chown -R :media /downloads
+        mkdir /downloads
+        groupadd media
+        chown -R :media /downloads
 
-    cd /opt
+        cd /opt
 
-    useradd radarr
-    usermod -aG media radarr
-    mkdir -p /var/lib/radarr
-    chown radarr:radarr -R /var/lib/radarr
-    wget --content-disposition "http://radarr.servarr.com/v1/update/nightly/updatefile?os=linux&runtime=netcore&arch=${ARCH}" -O Radarr.linux.tar.gz
-    tar -xvzf Radarr*.linux*.tar.gz
-    chown radarr:radarr -R /opt/Radarr
-    systemctl enable radarr.service
+        useradd radarr
+        usermod -aG media radarr
+        mkdir -p /var/lib/radarr
+        chown radarr:radarr -R /var/lib/radarr
+        wget --content-disposition "http://radarr.servarr.com/v1/update/nightly/updatefile?os=linux&runtime=netcore&arch=${ARCH}" -O Radarr.linux.tar.gz
+        tar -xvzf Radarr*.linux*.tar.gz
+        chown radarr:radarr -R /opt/Radarr
+        systemctl enable radarr.service
 
-    mkdir /opt/bazarr
-    useradd --home-dir /opt/bazarr --shell /bin/sh bazarr
-    usermod -aG media bazarr
-    wget https://github.com/morpheus65535/bazarr/releases/latest/download/bazarr.zip -O /opt/bazarr.zip
-    unzip /opt/bazarr.zip -d /opt/bazarr
-    cd /opt/bazarr
-    python3 -m venv venv
-    /opt/bazarr/venv/bin/python -m pip install -r requirements.txt
-    chown -R bazarr:bazarr /opt/bazarr
-    systemctl enable bazarr.service
-    rm -rf /opt/*.zip
+        mkdir /opt/bazarr
+        useradd --home-dir /opt/bazarr --shell /bin/sh bazarr
+        usermod -aG media bazarr
+        wget https://github.com/morpheus65535/bazarr/releases/latest/download/bazarr.zip -O /opt/bazarr.zip
+        unzip /opt/bazarr.zip -d /opt/bazarr
+        cd /opt/bazarr
+        python3 -m venv venv
+        /opt/bazarr/venv/bin/python3 -m pip install -r requirements.txt
+        chown -R bazarr:bazarr /opt/bazarr
+        systemctl enable bazarr.service
+        rm -rf /opt/*.zip
diff --git a/templates/readarr.yml b/templates/readarr.yml
index 5e2efab..566c6c9 100644
--- a/templates/readarr.yml
+++ b/templates/readarr.yml
@@ -1,47 +1,58 @@
-files:
-- path: /etc/systemd/system/readarr.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=Readarr Daemon
-    After=syslog.target network.target
-    [Service]
-    User=readarr
-    Group=media
-    Type=simple
-    ExecStart=/opt/Readarr/Readarr -nobrowser -data=/var/lib/readarr/
-    TimeoutStopSec=20
-    KillMode=process
-    Restart=on-failure
-    [Install]
-    WantedBy=multi-user.target
+metadata:
+  name: Readarr
+  get_version_command: curl -s https://api.github.com/repos/Readarr/Readarr/releases?per_page=1 | jq -r '.[0].tag_name'
+  description: Readarr is an eBook and audiobook collection manager for Usenet and BitTorrent users.
+  categories: Media management
+  project_source: https://wiki.servarr.com/readarr
+  distribution: debian
+  release: bookworm
+  architectures:
+    - amd64
+instructions:
+  files:
+    - path: /etc/systemd/system/readarr.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=Readarr Daemon
+        After=syslog.target network.target
+        [Service]
+        User=readarr
+        Group=media
+        Type=simple
+        ExecStart=/opt/Readarr/Readarr -nobrowser -data=/var/lib/readarr/
+        TimeoutStopSec=20
+        KillMode=process
+        Restart=on-failure
+        [Install]
+        WantedBy=multi-user.target
 
-packages:
-- git
-- sqlite3
+  packages:
+    - git
+    - sqlite3
 
-actions:
-- trigger: post-files
-  pongo: true
-  action: |-
-    #!/bin/bash
-    set -eux
+  actions:
+    - trigger: post-files
+      pongo: true
+      action: |-
+        #!/bin/bash
+        set -eux
 
-    export ARCH={{ image.architecture }}
-    if [[ "$ARCH" == "amd64" ]];then export ARCH="x64"; fi
+        export ARCH={{ image.architecture }}
+        if [[ "$ARCH" == "amd64" ]];then export ARCH="x64"; fi
 
-    mkdir /downloads
-    groupadd media
-    chown -R :media /downloads
+        mkdir /downloads
+        groupadd media
+        chown -R :media /downloads
 
-    cd /opt
+        cd /opt
 
-    useradd readarr
-    usermod -aG media readarr
-    mkdir -p /var/lib/readarr
-    chown readarr:readarr -R /var/lib/readarr
-    wget --content-disposition "http://readarr.servarr.com/v1/update/nightly/updatefile?os=linux&runtime=netcore&arch=${ARCH}" -O Readarr.linux.tar.gz
-    tar -xvzf Readarr*.linux*.tar.gz
-    chown readarr:readarr -R /opt/Readarr
-    systemctl enable readarr.service
+        useradd readarr
+        usermod -aG media readarr
+        mkdir -p /var/lib/readarr
+        chown readarr:readarr -R /var/lib/readarr
+        wget --content-disposition "http://readarr.servarr.com/v1/update/nightly/updatefile?os=linux&runtime=netcore&arch=${ARCH}" -O Readarr.linux.tar.gz
+        tar -xvzf Readarr*.linux*.tar.gz
+        chown readarr:readarr -R /opt/Readarr
+        systemctl enable readarr.service
diff --git a/templates/servarr.yml b/templates/servarr.yml
index cdae5bf..018d8b6 100644
--- a/templates/servarr.yml
+++ b/templates/servarr.yml
@@ -1,313 +1,318 @@
-files:
-- path: /etc/systemd/system/readarr.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=Readarr Daemon
-    After=syslog.target network.target
-    [Service]
-    User=readarr
-    Group=media
-    Type=simple
-    ExecStart=/opt/Readarr/Readarr -nobrowser -data=/var/lib/readarr/
-    TimeoutStopSec=20
-    KillMode=process
-    Restart=on-failure
-    [Install]
-    WantedBy=multi-user.target
+metadata:
+  name: Servarr
+  get_version_command: date +%Y-%m
+  description: Media organizer/manager stack (ARR) for usenet and torrent users. This stack includes QBitTorrent, SABnzbd, FlareSolverr, Bazarr and the ARR stack.
+  categories: Media management
+  project_source: https://wiki.servarr.com
+  distribution: debian
+  release: bookworm
+  architectures:
+    - amd64
+instructions:
+  files:
+    - path: /etc/systemd/system/readarr.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=Readarr Daemon
+        After=syslog.target network.target
+        [Service]
+        User=readarr
+        Group=media
+        Type=simple
+        ExecStart=/opt/Readarr/Readarr -nobrowser -data=/var/lib/readarr/
+        TimeoutStopSec=20
+        KillMode=process
+        Restart=on-failure
+        [Install]
+        WantedBy=multi-user.target
 
-- path: /etc/systemd/system/sonarr.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=Sonarr Daemon
-    After=syslog.target network.target
-    [Service]
-    User=sonarr
-    Group=media
-    Type=simple
-    ExecStart=/opt/Sonarr/Sonarr -nobrowser -data=/var/lib/sonarr/
-    TimeoutStopSec=20
-    KillMode=process
-    Restart=on-failure
-    [Install]
-    WantedBy=multi-user.target
+    - path: /etc/systemd/system/sonarr.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=Sonarr Daemon
+        After=syslog.target network.target
+        [Service]
+        User=sonarr
+        Group=media
+        Type=simple
+        ExecStart=/opt/Sonarr/Sonarr -nobrowser -data=/var/lib/sonarr/
+        TimeoutStopSec=20
+        KillMode=process
+        Restart=on-failure
+        [Install]
+        WantedBy=multi-user.target
 
-- path: /etc/systemd/system/radarr.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=Radarr Daemon
-    After=syslog.target network.target
-    [Service]
-    User=radarr
-    Group=media
-    Type=simple
-    ExecStart=/opt/Radarr/Radarr -nobrowser -data=/var/lib/radarr/
-    TimeoutStopSec=20
-    KillMode=process
-    Restart=on-failure
-    [Install]
-    WantedBy=multi-user.target
+    - path: /etc/systemd/system/radarr.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=Radarr Daemon
+        After=syslog.target network.target
+        [Service]
+        User=radarr
+        Group=media
+        Type=simple
+        ExecStart=/opt/Radarr/Radarr -nobrowser -data=/var/lib/radarr/
+        TimeoutStopSec=20
+        KillMode=process
+        Restart=on-failure
+        [Install]
+        WantedBy=multi-user.target
 
-- path: /etc/systemd/system/lidarr.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=Lidarr Daemon
-    After=syslog.target network.target
-    [Service]
-    User=lidarr
-    Group=media
-    Type=simple
-    ExecStart=/opt/Lidarr/Lidarr -nobrowser -data=/var/lib/lidarr/
-    TimeoutStopSec=20
-    KillMode=process
-    Restart=on-failure
-    [Install]
-    WantedBy=multi-user.target
+    - path: /etc/systemd/system/lidarr.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=Lidarr Daemon
+        After=syslog.target network.target
+        [Service]
+        User=lidarr
+        Group=media
+        Type=simple
+        ExecStart=/opt/Lidarr/Lidarr -nobrowser -data=/var/lib/lidarr/
+        TimeoutStopSec=20
+        KillMode=process
+        Restart=on-failure
+        [Install]
+        WantedBy=multi-user.target
 
-- path: /etc/systemd/system/prowlarr.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=Prowlarr Daemon
-    After=syslog.target network.target
-    [Service]
-    User=prowlarr
-    Group=media
-    Type=simple
-    ExecStart=/opt/Prowlarr/Prowlarr -nobrowser -data=/var/lib/prowlarr/
-    TimeoutStopSec=20
-    KillMode=process
-    Restart=on-failure
-    [Install]
-    WantedBy=multi-user.target
+    - path: /etc/systemd/system/prowlarr.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=Prowlarr Daemon
+        After=syslog.target network.target
+        [Service]
+        User=prowlarr
+        Group=media
+        Type=simple
+        ExecStart=/opt/Prowlarr/Prowlarr -nobrowser -data=/var/lib/prowlarr/
+        TimeoutStopSec=20
+        KillMode=process
+        Restart=on-failure
+        [Install]
+        WantedBy=multi-user.target
 
-- path: /etc/systemd/system/whisparr.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=Whisparr Daemon
-    After=syslog.target network.target
-    [Service]
-    User=whisparr
-    Group=media
-    Type=simple
-    ExecStart=/opt/Whisparr/Whisparr -nobrowser -data=/var/lib/whisparr/
-    TimeoutStopSec=20
-    KillMode=process
-    Restart=on-failure
-    [Install]
-    WantedBy=multi-user.target
+    - path: /etc/systemd/system/whisparr.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=Whisparr Daemon
+        After=syslog.target network.target
+        [Service]
+        User=whisparr
+        Group=media
+        Type=simple
+        ExecStart=/opt/Whisparr/Whisparr -nobrowser -data=/var/lib/whisparr/
+        TimeoutStopSec=20
+        KillMode=process
+        Restart=on-failure
+        [Install]
+        WantedBy=multi-user.target
 
-- path: /etc/systemd/system/bazarr.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=Bazarr Daemon
-    After=syslog.target network.target
-    [Service]
-    User=bazarr
-    Group=media
-    Type=simple
-    ExecStart=/opt/bazarr/venv/bin/python -u /opt/bazarr/bazarr.py
-    TimeoutStopSec=20
-    KillMode=process
-    Restart=on-failure
-    [Install]
-    WantedBy=multi-user.target
+    - path: /etc/systemd/system/bazarr.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=Bazarr Daemon
+        After=syslog.target network.target
+        [Service]
+        User=bazarr
+        Group=media
+        Type=simple
+        ExecStart=/opt/bazarr/venv/bin/python3 -u /opt/bazarr/bazarr.py
+        TimeoutStopSec=20
+        KillMode=process
+        Restart=on-failure
+        [Install]
+        WantedBy=multi-user.target
 
-- path: /etc/systemd/system/flaresolverr.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=FlareSolverr Daemon
-    After=syslog.target network.target
-    [Service]
-    User=flaresolverr
-    Group=media
-    Type=simple
-    ExecStart=/opt/FlareSolverr/venv/bin/python -u /opt/FlareSolverr/src/flaresolverr.py
-    TimeoutStopSec=20
-    KillMode=process
-    Restart=on-failure
-    [Install]
-    WantedBy=multi-user.target
+    - path: /etc/systemd/system/flaresolverr.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=FlareSolverr Daemon
+        After=syslog.target network.target
+        [Service]
+        User=flaresolverr
+        Group=media
+        Type=simple
+        ExecStart=/opt/FlareSolverr/venv/bin/python3 -u /opt/FlareSolverr/src/flaresolverr.py
+        TimeoutStopSec=20
+        KillMode=process
+        Restart=on-failure
+        [Install]
+        WantedBy=multi-user.target
 
-- path: /etc/systemd/system/qbittorrent.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=QBitTorrent Daemon
-    After=syslog.target network.target
-    [Service]
-    User=qbittorrent
-    Group=media
-    Type=simple
-    ExecStart=/usr/bin/qbittorrent-nox --first-and-last --skip-dialog=true
-    TimeoutStopSec=20
-    KillMode=process
-    Restart=on-failure
-    [Install]
-    WantedBy=multi-user.target
+    - path: /etc/systemd/system/qbittorrent.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=QBitTorrent Daemon
+        After=syslog.target network.target
+        [Service]
+        User=qbittorrent
+        Group=media
+        Type=simple
+        ExecStart=/usr/bin/qbittorrent-nox --first-and-last --skip-dialog=true
+        TimeoutStopSec=20
+        KillMode=process
+        Restart=on-failure
+        [Install]
+        WantedBy=multi-user.target
 
-- path: /etc/systemd/system/sabnzbdplus.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=SABnzbdplus Daemon
-    After=syslog.target network.target
-    [Service]
-    User=sabnzbdplus
-    Group=media
-    Type=simple
-    ExecStart=/usr/bin/sabnzbdplus -s 0.0.0.0:8081
-    TimeoutStopSec=20
-    KillMode=process
-    Restart=on-failure
-    [Install]
-    WantedBy=multi-user.target
+    - path: /etc/systemd/system/sabnzbdplus.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=SABnzbdplus Daemon
+        After=syslog.target network.target
+        [Service]
+        User=sabnzbdplus
+        Group=media
+        Type=simple
+        ExecStart=/usr/bin/sabnzbdplus -s 0.0.0.0:8081
+        TimeoutStopSec=20
+        KillMode=process
+        Restart=on-failure
+        [Install]
+        WantedBy=multi-user.target
 
-packages:
-- git
-- sqlite3
-- python3-pip
-- python3-venv
-- python3-distutils
-- python3-dev
-- equivs
-- 7zip
-- unrar-free
-- unzip
-- qbittorrent-nox
-- sabnzbdplus
+  packages:
+    - git
+    - sqlite3
+    - python3-pip
+    - python3-venv
+    - python3-distutils
+    - python3-dev
+    - equivs
+    - 7zip
+    - unrar-free
+    - unzip
+    - qbittorrent-nox
+    - sabnzbdplus
 
-actions:
-- trigger: post-files
-  pongo: true
-  action: |-
-    #!/bin/bash
-    set -eux
+  actions:
+    - trigger: post-files
+      pongo: true
+      action: |-
+        #!/bin/bash
+        set -eux
 
-    export ARCH={{ image.architecture }}
-    if [[ "$ARCH" == "amd64" ]];then export ARCH="x64"; fi
+        export ARCH={{ image.architecture }}
+        if [[ "$ARCH" == "amd64" ]];then export ARCH="x64"; fi
 
-    mkdir /downloads
-    groupadd media
-    chown -R :media /downloads
+        mkdir /downloads
+        groupadd media
+        chown -R :media /downloads
 
-    cd /opt
+        cd /opt
 
-    useradd readarr
-    usermod -aG media readarr
-    mkdir -p /var/lib/readarr
-    chown readarr:readarr -R /var/lib/readarr
-    wget --content-disposition "http://readarr.servarr.com/v1/update/nightly/updatefile?os=linux&runtime=netcore&arch=${ARCH}" -O Readarr.linux.tar.gz
-    tar -xvzf Readarr*.linux*.tar.gz
-    chown readarr:readarr -R /opt/Readarr
-    systemctl enable readarr.service
+        useradd readarr
+        usermod -aG media readarr
+        mkdir -p /var/lib/readarr
+        chown readarr:readarr -R /var/lib/readarr
+        wget --content-disposition "http://readarr.servarr.com/v1/update/nightly/updatefile?os=linux&runtime=netcore&arch=${ARCH}" -O Readarr.linux.tar.gz
+        tar -xvzf Readarr*.linux*.tar.gz
+        chown readarr:readarr -R /opt/Readarr
 
-    useradd sonarr
-    usermod -aG media sonarr
-    mkdir -p /var/lib/sonarr
-    chown sonarr:sonarr -R /var/lib/sonarr
-    wget --content-disposition "https://services.sonarr.tv/v1/download/main/latest?version=4&os=linux&arch=${ARCH}" -O Sonarr.linux.tar.gz
-    tar -xvzf Sonarr*.linux*.tar.gz
-    chown sonarr:sonarr -R /opt/Sonarr
-    systemctl enable sonarr.service
+        useradd sonarr
+        usermod -aG media sonarr
+        mkdir -p /var/lib/sonarr
+        chown sonarr:sonarr -R /var/lib/sonarr
+        wget --content-disposition "https://services.sonarr.tv/v1/download/main/latest?version=4&os=linux&arch=${ARCH}" -O Sonarr.linux.tar.gz
+        tar -xvzf Sonarr*.linux*.tar.gz
+        chown sonarr:sonarr -R /opt/Sonarr
 
-    useradd radarr
-    usermod -aG media radarr
-    mkdir -p /var/lib/radarr
-    chown radarr:radarr -R /var/lib/radarr
-    wget --content-disposition "http://radarr.servarr.com/v1/update/nightly/updatefile?os=linux&runtime=netcore&arch=${ARCH}" -O Radarr.linux.tar.gz
-    tar -xvzf Radarr*.linux*.tar.gz
-    chown radarr:radarr -R /opt/Radarr
-    systemctl enable radarr.service
+        useradd radarr
+        usermod -aG media radarr
+        mkdir -p /var/lib/radarr
+        chown radarr:radarr -R /var/lib/radarr
+        wget --content-disposition "http://radarr.servarr.com/v1/update/nightly/updatefile?os=linux&runtime=netcore&arch=${ARCH}" -O Radarr.linux.tar.gz
+        tar -xvzf Radarr*.linux*.tar.gz
+        chown radarr:radarr -R /opt/Radarr
 
-    useradd lidarr
-    usermod -aG media lidarr
-    mkdir -p /var/lib/lidarr
-    chown lidarr:lidarr -R /var/lib/lidarr
-    wget --content-disposition "http://lidarr.servarr.com/v1/update/nightly/updatefile?os=linux&runtime=netcore&arch=${ARCH}" -O Lidarr.linux.tar.gz
-    tar -xvzf Lidarr*.linux*.tar.gz
-    chown lidarr:lidarr -R /opt/Lidarr
-    systemctl enable lidarr.service
+        useradd lidarr
+        usermod -aG media lidarr
+        mkdir -p /var/lib/lidarr
+        chown lidarr:lidarr -R /var/lib/lidarr
+        wget --content-disposition "http://lidarr.servarr.com/v1/update/nightly/updatefile?os=linux&runtime=netcore&arch=${ARCH}" -O Lidarr.linux.tar.gz
+        tar -xvzf Lidarr*.linux*.tar.gz
+        chown lidarr:lidarr -R /opt/Lidarr
 
-    useradd prowlarr
-    usermod -aG media prowlarr
-    mkdir -p /var/lib/prowlarr
-    chown prowlarr:prowlarr -R /var/lib/prowlarr
-    wget --content-disposition "http://prowlarr.servarr.com/v1/update/nightly/updatefile?os=linux&runtime=netcore&arch=${ARCH}" -O Prowlarr.linux.tar.gz
-    tar -xvzf Prowlarr*.linux*.tar.gz
-    chown prowlarr:prowlarr -R /opt/Prowlarr
-    systemctl enable prowlarr.service
+        useradd prowlarr
+        usermod -aG media prowlarr
+        mkdir -p /var/lib/prowlarr
+        chown prowlarr:prowlarr -R /var/lib/prowlarr
+        wget --content-disposition "http://prowlarr.servarr.com/v1/update/nightly/updatefile?os=linux&runtime=netcore&arch=${ARCH}" -O Prowlarr.linux.tar.gz
+        tar -xvzf Prowlarr*.linux*.tar.gz
+        chown prowlarr:prowlarr -R /opt/Prowlarr
 
-    useradd whisparr
-    usermod -aG media whisparr
-    mkdir -p /var/lib/whisparr
-    chown whisparr:whisparr -R /var/lib/whisparr
-    wget --content-disposition "http://whisparr.servarr.com/v1/update/nightly/updatefile?os=linux&runtime=netcore&arch=${ARCH}" -O Whisparr.linux.tar.gz
-    tar -xvzf Whisparr*.linux*.tar.gz
-    chown whisparr:whisparr -R /opt/Whisparr
-    systemctl enable whisparr.service
-    rm -rf *.tar.gz
+        useradd whisparr
+        usermod -aG media whisparr
+        mkdir -p /var/lib/whisparr
+        chown whisparr:whisparr -R /var/lib/whisparr
+        wget --content-disposition "http://whisparr.servarr.com/v1/update/nightly/updatefile?os=linux&runtime=netcore&arch=${ARCH}" -O Whisparr.linux.tar.gz
+        tar -xvzf Whisparr*.linux*.tar.gz
+        chown whisparr:whisparr -R /opt/Whisparr
+        rm -rf *.tar.gz
 
-    mkdir /opt/bazarr
-    useradd --home-dir /opt/bazarr --shell /bin/sh bazarr
-    usermod -aG media bazarr
-    wget https://github.com/morpheus65535/bazarr/releases/latest/download/bazarr.zip -O /opt/bazarr.zip
-    unzip /opt/bazarr.zip -d /opt/bazarr
-    cd /opt/bazarr
-    python3 -m venv venv
-    /opt/bazarr/venv/bin/python -m pip install -r requirements.txt
-    chown -R bazarr:bazarr /opt/bazarr
-    systemctl enable bazarr.service
-    rm -rf /opt/*.zip
+        mkdir /opt/bazarr
+        useradd --home-dir /opt/bazarr --shell /bin/sh bazarr
+        usermod -aG media bazarr
+        wget https://github.com/morpheus65535/bazarr/releases/latest/download/bazarr.zip -O /opt/bazarr.zip
+        unzip /opt/bazarr.zip -d /opt/bazarr
+        cd /opt/bazarr
+        python3 -m venv venv
+        /opt/bazarr/venv/bin/python3 -m pip install -r requirements.txt
+        chown -R bazarr:bazarr /opt/bazarr
+        rm -rf /opt/*.zip
 
-    mkdir -p /tmp/{libgl1-mesa-dri,adwaita-icon-theme} /pkgs 
-    cd /tmp/libgl1-mesa-dri
-    equivs-control libgl1-mesa-dri
-    printf 'Section: misc\nPriority: optional\nStandards-Version: 3.9.2\nPackage: libgl1-mesa-dri\nVersion: 99.0.0\nDescription: Dummy package for libgl1-mesa-dri\n' >> libgl1-mesa-dri
-    equivs-build libgl1-mesa-dri
-    mv libgl1-mesa-dri_*.deb /pkgs/libgl1-mesa-dri.deb
-    cd /tmp/adwaita-icon-theme
-    equivs-control adwaita-icon-theme
-    printf 'Section: misc\nPriority: optional\nStandards-Version: 3.9.2\nPackage: adwaita-icon-theme\nVersion: 99.0.0\nDescription: Dummy package for adwaita-icon-theme\n' >> adwaita-icon-theme
-    equivs-build adwaita-icon-theme
-    mv adwaita-icon-theme_*.deb /pkgs/adwaita-icon-theme.deb
-    dpkg -i /pkgs/libgl1-mesa-dri.deb
-    dpkg -i /pkgs/adwaita-icon-theme.deb
-    apt install -y --no-install-recommends chromium chromium-common chromium-driver xvfb dumb-init procps curl vim xauth
-    useradd --home-dir /opt/FlareSolverr --shell /bin/sh flaresolverr
-    usermod -aG media flaresolverr
-    git clone -b master --depth 1 https://github.com/FlareSolverr/FlareSolverr.git /opt/FlareSolverr
-    cd /opt/FlareSolverr
-    python3 -m venv venv
-    /opt/FlareSolverr/venv/bin/python -m pip install -r requirements.txt
-    mv /usr/bin/chromedriver /opt/FlareSolverr/chromedriver
-    mkdir -p "/opt/FlareSolverr/.config/chromium/Crash Reports/pending"
-    chown -R flaresolverr:flaresolverr /opt/FlareSolverr
-    systemctl enable flaresolverr.service
-    rm -f /usr/lib/x86_64-linux-gnu/libmfxhw*
-    rm -f /usr/lib/x86_64-linux-gnu/mfx/*
-    rm -rf /pkgs
+        mkdir -p /tmp/{libgl1-mesa-dri,adwaita-icon-theme} /pkgs 
+        cd /tmp/libgl1-mesa-dri
+        equivs-control libgl1-mesa-dri
+        printf 'Section: misc\nPriority: optional\nStandards-Version: 3.9.2\nPackage: libgl1-mesa-dri\nVersion: 99.0.0\nDescription: Dummy package for libgl1-mesa-dri\n' >> libgl1-mesa-dri
+        equivs-build libgl1-mesa-dri
+        mv libgl1-mesa-dri_*.deb /pkgs/libgl1-mesa-dri.deb
+        cd /tmp/adwaita-icon-theme
+        equivs-control adwaita-icon-theme
+        printf 'Section: misc\nPriority: optional\nStandards-Version: 3.9.2\nPackage: adwaita-icon-theme\nVersion: 99.0.0\nDescription: Dummy package for adwaita-icon-theme\n' >> adwaita-icon-theme
+        equivs-build adwaita-icon-theme
+        mv adwaita-icon-theme_*.deb /pkgs/adwaita-icon-theme.deb
+        dpkg -i /pkgs/libgl1-mesa-dri.deb
+        dpkg -i /pkgs/adwaita-icon-theme.deb
+        apt-get install -y --no-install-recommends chromium chromium-common chromium-driver xvfb dumb-init procps curl vim xauth
+        useradd --home-dir /opt/FlareSolverr --shell /bin/sh flaresolverr
+        usermod -aG media flaresolverr
+        git clone -b master --depth 1 https://github.com/FlareSolverr/FlareSolverr.git /opt/FlareSolverr
+        cd /opt/FlareSolverr
+        python3 -m venv venv
+        /opt/FlareSolverr/venv/bin/python3 -m pip install -r requirements.txt
+        mv /usr/bin/chromedriver /opt/FlareSolverr/chromedriver
+        mkdir -p "/opt/FlareSolverr/.config/chromium/Crash Reports/pending"
+        chown -R flaresolverr:flaresolverr /opt/FlareSolverr
+        rm -f /usr/lib/x86_64-linux-gnu/libmfxhw*
+        rm -f /usr/lib/x86_64-linux-gnu/mfx/*
+        rm -rf /pkgs
 
-    useradd -m --home-dir /opt/qbittorrent qbittorrent
-    usermod -aG media qbittorrent
-    systemctl enable qbittorrent.service
+        useradd -m --home-dir /opt/qbittorrent qbittorrent
+        usermod -aG media qbittorrent
 
-    useradd -m --home-dir /opt/sabnzbdplus sabnzbdplus
-    usermod -aG media sabnzbdplus
-    systemctl enable sabnzbdplus.service
+        useradd -m --home-dir /opt/sabnzbdplus sabnzbdplus
+        usermod -aG media sabnzbdplus
+
+        systemctl enable prowlarr.service sonarr.service radarr.service \
+          bazarr.service readarr.service lidarr.service whisparr.service \
+          flaresolverr.service qbittorrent.service sabnzbdplus.service
diff --git a/templates/sonarr.yml b/templates/sonarr.yml
index 3364a0c..39b8203 100644
--- a/templates/sonarr.yml
+++ b/templates/sonarr.yml
@@ -1,84 +1,95 @@
-files:
-- path: /etc/systemd/system/sonarr.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=Sonarr Daemon
-    After=syslog.target network.target
-    [Service]
-    User=sonarr
-    Group=media
-    Type=simple
-    ExecStart=/opt/Sonarr/Sonarr -nobrowser -data=/var/lib/sonarr/
-    TimeoutStopSec=20
-    KillMode=process
-    Restart=on-failure
-    [Install]
-    WantedBy=multi-user.target
+metadata:
+  name: Sonarr
+  get_version_command: curl -s https://api.github.com/repos/Sonarr/Sonarr/releases/latest | jq -r '.tag_name'
+  description: Sonarr is a PVR for Usenet and BitTorrent users.
+  categories: Media management
+  project_source: https://wiki.servarr.com/sonarr
+  distribution: debian
+  release: bookworm
+  architectures:
+    - amd64
+instructions:
+  files:
+    - path: /etc/systemd/system/sonarr.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=Sonarr Daemon
+        After=syslog.target network.target
+        [Service]
+        User=sonarr
+        Group=media
+        Type=simple
+        ExecStart=/opt/Sonarr/Sonarr -nobrowser -data=/var/lib/sonarr/
+        TimeoutStopSec=20
+        KillMode=process
+        Restart=on-failure
+        [Install]
+        WantedBy=multi-user.target
 
-- path: /etc/systemd/system/bazarr.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=Bazarr Daemon
-    After=syslog.target network.target
-    [Service]
-    User=bazarr
-    Group=media
-    Type=simple
-    ExecStart=/opt/bazarr/venv/bin/python -u /opt/bazarr/bazarr.py
-    TimeoutStopSec=20
-    KillMode=process
-    Restart=on-failure
-    [Install]
-    WantedBy=multi-user.target
+    - path: /etc/systemd/system/bazarr.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=Bazarr Daemon
+        After=syslog.target network.target
+        [Service]
+        User=bazarr
+        Group=media
+        Type=simple
+        ExecStart=/opt/bazarr/venv/bin/python3 -u /opt/bazarr/bazarr.py
+        TimeoutStopSec=20
+        KillMode=process
+        Restart=on-failure
+        [Install]
+        WantedBy=multi-user.target
 
-packages:
-- git
-- sqlite3
-- python3-pip
-- python3-venv
-- python3-distutils
-- python3-dev
-- 7zip
-- unrar-free
-- unzip
+  packages:
+    - git
+    - sqlite3
+    - python3-pip
+    - python3-venv
+    - python3-distutils
+    - python3-dev
+    - 7zip
+    - unrar-free
+    - unzip
 
-actions:
-- trigger: post-files
-  pongo: true
-  action: |-
-    #!/bin/bash
-    set -eux
+  actions:
+    - trigger: post-files
+      pongo: true
+      action: |-
+        #!/bin/bash
+        set -eux
 
-    export ARCH={{ image.architecture }}
-    if [[ "$ARCH" == "amd64" ]];then export ARCH="x64"; fi
+        export ARCH={{ image.architecture }}
+        if [[ "$ARCH" == "amd64" ]];then export ARCH="x64"; fi
 
-    mkdir /downloads
-    groupadd media
-    chown -R :media /downloads
+        mkdir /downloads
+        groupadd media
+        chown -R :media /downloads
 
-    cd /opt
+        cd /opt
 
-    useradd sonarr
-    usermod -aG media sonarr
-    mkdir -p /var/lib/sonarr
-    chown sonarr:sonarr -R /var/lib/sonarr
-    wget --content-disposition "https://services.sonarr.tv/v1/download/main/latest?version=4&os=linux&arch=${ARCH}" -O Sonarr.linux.tar.gz
-    tar -xvzf Sonarr*.linux*.tar.gz
-    chown sonarr:sonarr -R /opt/Sonarr
-    systemctl enable sonarr.service
+        useradd sonarr
+        usermod -aG media sonarr
+        mkdir -p /var/lib/sonarr
+        chown sonarr:sonarr -R /var/lib/sonarr
+        wget --content-disposition "https://services.sonarr.tv/v1/download/main/latest?version=4&os=linux&arch=${ARCH}" -O Sonarr.linux.tar.gz
+        tar -xvzf Sonarr*.linux*.tar.gz
+        chown sonarr:sonarr -R /opt/Sonarr
+        systemctl enable sonarr.service
 
-    mkdir /opt/bazarr
-    useradd --home-dir /opt/bazarr --shell /bin/sh bazarr
-    usermod -aG media bazarr
-    wget https://github.com/morpheus65535/bazarr/releases/latest/download/bazarr.zip -O /opt/bazarr.zip
-    unzip /opt/bazarr.zip -d /opt/bazarr
-    cd /opt/bazarr
-    python3 -m venv venv
-    /opt/bazarr/venv/bin/python -m pip install -r requirements.txt
-    chown -R bazarr:bazarr /opt/bazarr
-    systemctl enable bazarr.service
-    rm -rf /opt/*.zip
+        mkdir /opt/bazarr
+        useradd --home-dir /opt/bazarr --shell /bin/sh bazarr
+        usermod -aG media bazarr
+        wget https://github.com/morpheus65535/bazarr/releases/latest/download/bazarr.zip -O /opt/bazarr.zip
+        unzip /opt/bazarr.zip -d /opt/bazarr
+        cd /opt/bazarr
+        python3 -m venv venv
+        /opt/bazarr/venv/bin/python3 -m pip install -r requirements.txt
+        chown -R bazarr:bazarr /opt/bazarr
+        systemctl enable bazarr.service
+        rm -rf /opt/*.zip
diff --git a/templates/vault.yml b/templates/vault.yml
index 10091f7..4198b4e 100644
--- a/templates/vault.yml
+++ b/templates/vault.yml
@@ -1,70 +1,79 @@
-name: Vault
+metadata:
+  name: Vault
+  get_version_command: curl -s https://api.github.com/repos/hashicorp/vault/releases/latest | jq -r '.tag_name'
+  description: Vault is a free and source-available secrets management tool / secrets store.
+  categories: Secrets management, Security
+  project_source: https://github.com/hashicorp/vault
+  distribution: debian
+  release: bookworm
+  architectures:
+    - amd64
+instructions:
+  files:
+    - path: /opt/certs/rootCA.config
+      generator: copy
+      source: assets/rootCA.config
 
-files:
-- path: /opt/certs/rootCA.config
-  generator: copy
-  source: assets/rootCA.config
+    - path: /opt/certs/csr.config
+      generator: copy
+      source: assets/csr.config
 
-- path: /opt/certs/csr.config
-  generator: copy
-  source: assets/csr.config
+    - path: /opt/certs/crt.config
+      generator: copy
+      source: assets/crt.config
 
-- path: /opt/certs/crt.config
-  generator: copy
-  source: assets/crt.config
+    - path: /opt/vault/.config
+      generator: dump
+      content: |-
+        ui            = true
+        cluster_addr  = "https://127.0.0.1:8201"
+        api_addr      = "https://127.0.0.1:8200"
+        disable_mlock = true
 
-- path: /opt/vault/.config
-  generator: dump
-  content: |-
-    ui            = true
-    cluster_addr  = "https://127.0.0.1:8201"
-    api_addr      = "https://127.0.0.1:8200"
-    disable_mlock = true
+        storage "raft" {
+          path = "/opt/vault/data"
+          node_id = "vault01"
+        }
 
-    storage "raft" {
-      path = "/opt/vault/data"
-      node_id = "vault01"
-    }
+        listener "tcp" {
+          address       = "0.0.0.0:8200"
+          tls_cert_file = "/etc/ssl/private/vault.crt"
+          tls_key_file  = "/etc/ssl/private/vault.key"
+        }
 
-    listener "tcp" {
-      address       = "0.0.0.0:8200"
-      tls_cert_file = "/etc/ssl/private/vault.crt"
-      tls_key_file  = "/etc/ssl/private/vault.key"
-    }
+    - path: /etc/systemd/system/vault.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=Vault - Secret management
+        After=network.target
 
-- path: /etc/systemd/system/vault.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=Vault - Secret management
-    After=network.target
+        [Service]
+        Type=simple
+        PIDFile=/opt/vault/vault.pid
+        ExecStart=/usr/bin/vault server -config /opt/vault/.config
+        Restart=always
 
-    [Service]
-    Type=simple
-    PIDFile=/opt/vault/vault.pid
-    ExecStart=/usr/bin/vault server -config /opt/vault/.config
-    Restart=always
+        [Install]
+        WantedBy=multi-user.target
 
-    [Install]
-    WantedBy=multi-user.target
+  actions:
+    - trigger: post-files
+      pongo: true
+      action: |-
+        #!/bin/bash
+        set -eux
 
-actions:
-- trigger: post-files
-  pongo: true
-  action: |-
-    #!/bin/bash
-    set -eux
+        wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
+        echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com {{image.release}} main" | tee /etc/apt/sources.list.d/hashicorp.list
+        apt-get update && apt-get install vault
 
-    wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
-    echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com {{image.release}} main" | tee /etc/apt/sources.list.d/hashicorp.list
-    apt update && apt install vault
+        mkdir -p /opt/vault/data
 
-    mkdir -p /opt/vault/data
+        openssl req -x509 -newkey rsa:4096 -keyout /opt/certs/rootCA.key -out /opt/certs/rootCA.crt -sha256 -days 3650 -nodes -config /opt/certs/rootCA.config
+        openssl genrsa -out /etc/ssl/private/vault.key 2048
+        openssl req -new -key /etc/ssl/private/vault.key -out /etc/ssl/private/vault.csr -config /opt/certs/csr.config
+        openssl x509 -req -in /etc/ssl/private/vault.csr -CA /opt/certs/rootCA.crt -CAkey /opt/certs/rootCA.key -CAcreateserial -out /etc/ssl/private/vault.crt -days 1825 -sha256 -extfile /opt/certs/crt.config
 
-    openssl req -x509 -newkey rsa:4096 -keyout /opt/certs/rootCA.key -out /opt/certs/rootCA.crt -sha256 -days 3650 -nodes -config /opt/certs/rootCA.config
-    openssl genrsa -out /etc/ssl/private/vault.key 2048
-    openssl req -new -key /etc/ssl/private/vault.key -out /etc/ssl/private/vault.csr -config /opt/certs/csr.config
-    openssl x509 -req -in /etc/ssl/private/vault.csr -CA /opt/certs/rootCA.crt -CAkey /opt/certs/rootCA.key -CAcreateserial -out /etc/ssl/private/vault.crt -days 1825 -sha256 -extfile /opt/certs/crt.config
-
-    systemctl enable vault.service
+        systemctl enable vault.service
diff --git a/templates/whisparr.yml b/templates/whisparr.yml
index b93e3b3..c86afa0 100644
--- a/templates/whisparr.yml
+++ b/templates/whisparr.yml
@@ -1,48 +1,59 @@
-files:
-- path: /etc/systemd/system/whisparr.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=Whisparr Daemon
-    After=syslog.target network.target
-    [Service]
-    User=whisparr
-    Group=media
-    Type=simple
-    ExecStart=/opt/Whisparr/Whisparr -nobrowser -data=/var/lib/whisparr/
-    TimeoutStopSec=20
-    KillMode=process
-    Restart=on-failure
-    [Install]
-    WantedBy=multi-user.target
+metadata:
+  name: Whisparr
+  get_version_command: date +%Y-%m
+  description: Whisparr is an adult video collection manager for Usenet and BitTorrent users.
+  categories: Media management
+  project_source: https://wiki.servarr.com/whisparr
+  distribution: debian
+  release: bookworm
+  architectures:
+    - amd64
+instructions:
+  files:
+    - path: /etc/systemd/system/whisparr.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=Whisparr Daemon
+        After=syslog.target network.target
+        [Service]
+        User=whisparr
+        Group=media
+        Type=simple
+        ExecStart=/opt/Whisparr/Whisparr -nobrowser -data=/var/lib/whisparr/
+        TimeoutStopSec=20
+        KillMode=process
+        Restart=on-failure
+        [Install]
+        WantedBy=multi-user.target
 
-packages:
-- git
-- sqlite3
+  packages:
+    - git
+    - sqlite3
 
-actions:
-- trigger: post-files
-  pongo: true
-  action: |-
-    #!/bin/bash
-    set -eux
+  actions:
+    - trigger: post-files
+      pongo: true
+      action: |-
+        #!/bin/bash
+        set -eux
 
-    export ARCH={{ image.architecture }}
-    if [[ "$ARCH" == "amd64" ]];then export ARCH="x64"; fi
+        export ARCH={{ image.architecture }}
+        if [[ "$ARCH" == "amd64" ]];then export ARCH="x64"; fi
 
-    mkdir /downloads
-    groupadd media
-    chown -R :media /downloads
+        mkdir /downloads
+        groupadd media
+        chown -R :media /downloads
 
-    cd /opt
+        cd /opt
 
-    useradd whisparr
-    usermod -aG media whisparr
-    mkdir -p /var/lib/whisparr
-    chown whisparr:whisparr -R /var/lib/whisparr
-    wget --content-disposition "http://whisparr.servarr.com/v1/update/nightly/updatefile?os=linux&runtime=netcore&arch=${ARCH}" -O Whisparr.linux.tar.gz
-    tar -xvzf Whisparr*.linux*.tar.gz
-    chown whisparr:whisparr -R /opt/Whisparr
-    systemctl enable whisparr.service
-    rm -rf *.tar.gz
+        useradd whisparr
+        usermod -aG media whisparr
+        mkdir -p /var/lib/whisparr
+        chown whisparr:whisparr -R /var/lib/whisparr
+        wget --content-disposition "http://whisparr.servarr.com/v1/update/nightly/updatefile?os=linux&runtime=netcore&arch=${ARCH}" -O Whisparr.linux.tar.gz
+        tar -xvzf Whisparr*.linux*.tar.gz
+        chown whisparr:whisparr -R /opt/Whisparr
+        systemctl enable whisparr.service
+        rm -rf *.tar.gz
diff --git a/templates/zitadel.yml b/templates/zitadel.yml
index 03d7a58..5488069 100644
--- a/templates/zitadel.yml
+++ b/templates/zitadel.yml
@@ -1,175 +1,101 @@
-name: Zitadel
-
-files:
-- path: /opt/certs/rootCA.config
-  generator: copy
-  source: assets/rootCA.config
-
-- path: /opt/certs/csr.config
-  generator: copy
-  source: assets/csr.config
-
-- path: /opt/certs/crt.config
-  generator: copy
-  source: assets/crt.config
-
-- path: /opt/zitadel/.config
-  generator: dump
-  content: |-
-    ExternalDomain: localhost
-    ExternalSecure: true
-    TLS:
-      Enabled: true
-      KeyPath: /etc/ssl/private/zitadel.key
-      CertPath: /etc/ssl/private/zitadel.crt
-
-- path: /opt/zitadel/.env
-  generator: dump
-  mode: '0440'
-  content: |-
-    ZITADEL_DATABASE_POSTGRES_HOST=127.0.0.1
-    ZITADEL_DATABASE_POSTGRES_PORT=5432
-    ZITADEL_DATABASE_POSTGRES_DATABASE=zitadel
-    ZITADEL_DATABASE_POSTGRES_USER_USERNAME=zitadel
-    ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE=disable
-    ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME=postgres
-    ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE=disable
-
-- path: /etc/systemd/system/zitadel.service
-  generator: dump
-  mode: '0440'
-  content: |-
-    [Unit]
-    Description=Zitadel - Secure authentication management
-    After=network.target postgresql.service
-
-    [Service]
-    Type=simple
-    EnvironmentFile=/opt/zitadel/.env
-    PIDFile=/opt/zitadel/zitadel.pid
-    ExecStart=/usr/local/bin/zitadel start-from-init --masterkeyFromEnv --config /opt/zitadel/.config
-    Restart=always
-
-    [Install]
-    WantedBy=multi-user.target
-
-packages:
-- postgresql-16
-
-repositories:
-  - name: postgresql
-    url: |-
-      deb http://apt.postgresql.org/pub/repos/apt {{image.release}}-pgdg main
-    key: |-
-      -----BEGIN PGP PUBLIC KEY BLOCK-----
-
-      mQINBE6XR8IBEACVdDKT2HEH1IyHzXkb4nIWAY7echjRxo7MTcj4vbXAyBKOfjja
-      UrBEJWHN6fjKJXOYWXHLIYg0hOGeW9qcSiaa1/rYIbOzjfGfhE4x0Y+NJHS1db0V
-      G6GUj3qXaeyqIJGS2z7m0Thy4Lgr/LpZlZ78Nf1fliSzBlMo1sV7PpP/7zUO+aA4
-      bKa8Rio3weMXQOZgclzgeSdqtwKnyKTQdXY5MkH1QXyFIk1nTfWwyqpJjHlgtwMi
-      c2cxjqG5nnV9rIYlTTjYG6RBglq0SmzF/raBnF4Lwjxq4qRqvRllBXdFu5+2pMfC
-      IZ10HPRdqDCTN60DUix+BTzBUT30NzaLhZbOMT5RvQtvTVgWpeIn20i2NrPWNCUh
-      hj490dKDLpK/v+A5/i8zPvN4c6MkDHi1FZfaoz3863dylUBR3Ip26oM0hHXf4/2U
-      A/oA4pCl2W0hc4aNtozjKHkVjRx5Q8/hVYu+39csFWxo6YSB/KgIEw+0W8DiTII3
-      RQj/OlD68ZDmGLyQPiJvaEtY9fDrcSpI0Esm0i4sjkNbuuh0Cvwwwqo5EF1zfkVj
-      Tqz2REYQGMJGc5LUbIpk5sMHo1HWV038TWxlDRwtOdzw08zQA6BeWe9FOokRPeR2
-      AqhyaJJwOZJodKZ76S+LDwFkTLzEKnYPCzkoRwLrEdNt1M7wQBThnC5z6wARAQAB
-      tBxQb3N0Z3JlU1FMIERlYmlhbiBSZXBvc2l0b3J5iQJOBBMBCAA4AhsDBQsJCAcD
-      BRUKCQgLBRYCAwEAAh4BAheAFiEEuXsK/KoaR/BE8kSgf8x9RqzMTPgFAlhtCD8A
-      CgkQf8x9RqzMTPgECxAAk8uL+dwveTv6eH21tIHcltt8U3Ofajdo+D/ayO53LiYO
-      xi27kdHD0zvFMUWXLGxQtWyeqqDRvDagfWglHucIcaLxoxNwL8+e+9hVFIEskQAY
-      kVToBCKMXTQDLarz8/J030Pmcv3ihbwB+jhnykMuyyNmht4kq0CNgnlcMCdVz0d3
-      z/09puryIHJrD+A8y3TD4RM74snQuwc9u5bsckvRtRJKbP3GX5JaFZAqUyZNRJRJ
-      Tn2OQRBhCpxhlZ2afkAPFIq2aVnEt/Ie6tmeRCzsW3lOxEH2K7MQSfSu/kRz7ELf
-      Cz3NJHj7rMzC+76Rhsas60t9CjmvMuGONEpctijDWONLCuch3Pdj6XpC+MVxpgBy
-      2VUdkunb48YhXNW0jgFGM/BFRj+dMQOUbY8PjJjsmVV0joDruWATQG/M4C7O8iU0
-      B7o6yVv4m8LDEN9CiR6r7H17m4xZseT3f+0QpMe7iQjz6XxTUFRQxXqzmNnloA1T
-      7VjwPqIIzkj/u0V8nICG/ktLzp1OsCFatWXh7LbU+hwYl6gsFH/mFDqVxJ3+DKQi
-      vyf1NatzEwl62foVjGUSpvh3ymtmtUQ4JUkNDsXiRBWczaiGSuzD9Qi0ONdkAX3b
-      ewqmN4TfE+XIpCPxxHXwGq9Rv1IFjOdCX0iG436GHyTLC1tTUIKF5xV4Y0+cXIOI
-      RgQQEQgABgUCTpdI7gAKCRDFr3dKWFELWqaPAKD1TtT5c3sZz92Fj97KYmqbNQZP
-      +ACfSC6+hfvlj4GxmUjp1aepoVTo3weJAhwEEAEIAAYFAk6XSQsACgkQTFprqxLS
-      p64F8Q//cCcutwrH50UoRFejg0EIZav6LUKejC6kpLeubbEtuaIH3r2zMblPGc4i
-      +eMQKo/PqyQrceRXeNNlqO6/exHozYi2meudxa6IudhwJIOn1MQykJbNMSC2sGUp
-      1W5M1N5EYgt4hy+qhlfnD66LR4G+9t5FscTJSy84SdiOuqgCOpQmPkVRm1HX5X1+
-      dmnzMOCk5LHHQuiacV0qeGO7JcBCVEIDr+uhU1H2u5GPFNHm5u15n25tOxVivb94
-      xg6NDjouECBH7cCVuW79YcExH/0X3/9G45rjdHlKPH1OIUJiiX47OTxdG3dAbB4Q
-      fnViRJhjehFscFvYWSqXo3pgWqUsEvv9qJac2ZEMSz9x2mj0ekWxuM6/hGWxJdB+
-      +985rIelPmc7VRAXOjIxWknrXnPCZAMlPlDLu6+vZ5BhFX0Be3y38f7GNCxFkJzl
-      hWZ4Cj3WojMj+0DaC1eKTj3rJ7OJlt9S9xnO7OOPEUTGyzgNIDAyCiu8F4huLPaT
-      ape6RupxOMHZeoCVlqx3ouWctelB2oNXcxxiQ/8y+21aHfD4n/CiIFwDvIQjl7dg
-      mT3u5Lr6yxuosR3QJx1P6rP5ZrDTP9khT30t+HZCbvs5Pq+v/9m6XDmi+NlU7Zuh
-      Ehy97tL3uBDgoL4b/5BpFL5U9nruPlQzGq1P9jj40dxAaDAX/WKJAj0EEwEIACcC
-      GwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AFAlB5KywFCQPDFt8ACgkQf8x9RqzM
-      TPhuCQ//QAjRSAOCQ02qmUAikT+mTB6baOAakkYq6uHbEO7qPZkv4E/M+HPIJ4wd
-      nBNeSQjfvdNcZBA/x0hr5EMcBneKKPDj4hJ0panOIRQmNSTThQw9OU351gm3YQct
-      AMPRUu1fTJAL/AuZUQf9ESmhyVtWNlH/56HBfYjE4iVeaRkkNLJyX3vkWdJSMwC/
-      LO3Lw/0M3R8itDsm74F8w4xOdSQ52nSRFRh7PunFtREl+QzQ3EA/WB4AIj3VohIG
-      kWDfPFCzV3cyZQiEnjAe9gG5pHsXHUWQsDFZ12t784JgkGyO5wT26pzTiuApWM3k
-      /9V+o3HJSgH5hn7wuTi3TelEFwP1fNzI5iUUtZdtxbFOfWMnZAypEhaLmXNkg4zD
-      kH44r0ss9fR0DAgUav1a25UnbOn4PgIEQy2fgHKHwRpCy20d6oCSlmgyWsR40EPP
-      YvtGq49A2aK6ibXmdvvFT+Ts8Z+q2SkFpoYFX20mR2nsF0fbt1lfH65P64dukxeR
-      GteWIeNakDD40bAAOH8+OaoTGVBJ2ACJfLVNM53PEoftavAwUYMrR910qvwYfd/4
-      6rh46g1Frr9SFMKYE9uvIJIgDsQB3QBp71houU4H55M5GD8XURYs+bfiQpJG1p7e
-      B8e5jZx1SagNWc4XwL2FzQ9svrkbg1Y+359buUiP7T6QXX2zY++JAj0EEwEIACcC
-      GwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AFAlEqbZUFCQg2wEEACgkQf8x9RqzM
-      TPhFMQ//WxAfKMdpSIA9oIC/yPD/dJpY/+DyouOljpE6MucMy/ArBECjFTBwi/j9
-      NYM4ynAk34IkhuNexc1i9/05f5RM6+riLCLgAOsADDbHD4miZzoSxiVr6GQ3YXMb
-      OGld9kV9Sy6mGNjcUov7iFcf5Hy5w3AjPfKuR9zXswyfzIU1YXObiiZT38l55pp/
-      BSgvGVQsvbNjsff5CbEKXS7q3xW+WzN0QWF6YsfNVhFjRGj8hKtHvwKcA02wwjLe
-      LXVTm6915ZUKhZXUFc0vM4Pj4EgNswH8Ojw9AJaKWJIZmLyW+aP+wpu6YwVCicxB
-      Y59CzBO2pPJDfKFQzUtrErk9irXeuCCLesDyirxJhv8o0JAvmnMAKOLhNFUrSQ2m
-      +3EnF7zhfz70gHW+EG8X8mL/EN3/dUM09j6TVrjtw43RLxBzwMDeariFF9yC+5bL
-      tnGgxjsB9Ik6GV5v34/NEEGf1qBiAzFmDVFRZlrNDkq6gmpvGnA5hUWNr+y0i01L
-      jGyaLSWHYjgw2UEQOqcUtTFK9MNzbZze4mVaHMEz9/aMfX25R6qbiNqCChveIm8m
-      Yr5Ds2zdZx+G5bAKdzX7nx2IUAxFQJEE94VLSp3npAaTWv3sHr7dR8tSyUJ9poDw
-      gw4W9BIcnAM7zvFYbLF5FNggg/26njHCCN70sHt8zGxKQINMc6SJAj0EEwEIACcC
-      GwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AFAlLpFRkFCQ6EJy0ACgkQf8x9RqzM
-      TPjOZA//Zp0e25pcvle7cLc0YuFr9pBv2JIkLzPm83nkcwKmxaWayUIG4Sv6pH6h
-      m8+S/CHQij/yFCX+o3ngMw2J9HBUvafZ4bnbI0RGJ70GsAwraQ0VlkIfg7GUw3Tz
-      voGYO42rZTru9S0K/6nFP6D1HUu+U+AsJONLeb6oypQgInfXQExPZyliUnHdipei
-      4WR1YFW6sjSkZT/5C3J1wkAvPl5lvOVthI9Zs6bZlJLZwusKxU0UM4Btgu1Sf3nn
-      JcHmzisixwS9PMHE+AgPWIGSec/N27a0KmTTvImV6K6nEjXJey0K2+EYJuIBsYUN
-      orOGBwDFIhfRk9qGlpgt0KRyguV+AP5qvgry95IrYtrOuE7307SidEbSnvO5ezNe
-      mE7gT9Z1tM7IMPfmoKph4BfpNoH7aXiQh1Wo+ChdP92hZUtQrY2Nm13cmkxYjQ4Z
-      gMWfYMC+DA/GooSgZM5i6hYqyyfAuUD9kwRN6BqTbuAUAp+hCWYeN4D88sLYpFh3
-      paDYNKJ+Gf7Yyi6gThcV956RUFDH3ys5Dk0vDL9NiWwdebWfRFbzoRM3dyGP889a
-      OyLzS3mh6nHzZrNGhW73kslSQek8tjKrB+56hXOnb4HaElTZGDvD5wmrrhN94kby
-      Gtz3cydIohvNO9d90+29h0eGEDYti7j7maHkBKUAwlcPvMg5m3Y=
-      =DA1T
-      -----END PGP PUBLIC KEY BLOCK-----
-
-actions:
-- trigger: post-files
-  pongo: true
-  action: |-
-    #!/bin/bash
-    set -eux
-
-    wget -c https://github.com/zitadel/zitadel/releases/download/v{{image.serial}}/zitadel-linux-{{image.architecture}}.tar.gz -O - | tar -xz && mv zitadel-linux-{{image.architecture}}/zitadel /usr/local/bin
-
-    mkdir -p /opt/zitadel
-    echo "ZITADEL_DATABASE_POSTGRES_USER_PASSWORD=$(/usr/bin/openssl rand -hex 16)" >> /opt/zitadel/.env
-    echo "ZITADEL_MASTERKEY=$(/usr/bin/openssl rand -hex 32)" >> /opt/zitadel/.env
-
-    PG_VERSION=$(psql -V|awk '{print $3}'|cut -d . -f1)
-
-    cat <<EOF > /etc/postgresql/$PG_VERSION/main/pg_hba.conf
-    local   all             postgres                                         peer
-    local   zitadel         zitadel                                          peer
-    local   all             all                                              peer
-    host    zitadel         zitadel,postgres         127.0.0.1/32            trust
-    host    all             all                      127.0.0.1/32            scram-sha-256
-    host    all             all                      ::1/128                 scram-sha-256
-    local   replication     all                                              peer
-    host    replication     all                      127.0.0.1/32            scram-sha-256
-    host    replication     all                      ::1/128                 scram-sha-256
-    EOF
-
-    openssl req -x509 -newkey rsa:4096 -keyout /opt/certs/rootCA.key -out /opt/certs/rootCA.crt -sha256 -days 3650 -nodes -config /opt/certs/rootCA.config
-    openssl genrsa -out /etc/ssl/private/zitadel.key 2048
-    openssl req -new -key /etc/ssl/private/zitadel.key -out /etc/ssl/private/zitadel.csr -config /opt/certs/csr.config
-    openssl x509 -req -in /etc/ssl/private/zitadel.csr -CA /opt/certs/rootCA.crt -CAkey /opt/certs/rootCA.key -CAcreateserial -out /etc/ssl/private/zitadel.crt -days 1825 -sha256 -extfile /opt/certs/crt.config
-
-    systemctl enable postgresql.service
-    systemctl enable zitadel.service
+metadata:
+  name: Zitadel
+  get_version_command: curl -s https://api.github.com/repos/zitadel/zitadel/releases/latest | jq -r '.tag_name'
+  description: Zitadel is a free and open-source secure authentication management tool.
+  categories: IAM, Authentication
+  project_source: https://github.com/zitadel/zitadel
+  distribution: debian
+  release: bookworm
+  architectures:
+    - amd64
+instructions:
+  files:
+    - path: /opt/certs/rootCA.config
+      generator: copy
+      source: assets/rootCA.config
+
+    - path: /opt/certs/csr.config
+      generator: copy
+      source: assets/csr.config
+
+    - path: /opt/certs/crt.config
+      generator: copy
+      source: assets/crt.config
+
+    - path: /opt/zitadel/.config
+      generator: dump
+      content: |-
+        ExternalDomain: localhost
+        ExternalSecure: true
+        TLS:
+          Enabled: true
+          KeyPath: /etc/ssl/private/zitadel.key
+          CertPath: /etc/ssl/private/zitadel.crt
+
+    - path: /opt/zitadel/.env
+      generator: dump
+      mode: "0440"
+      content: |-
+        ZITADEL_DATABASE_POSTGRES_HOST=127.0.0.1
+        ZITADEL_DATABASE_POSTGRES_PORT=5432
+        ZITADEL_DATABASE_POSTGRES_DATABASE=zitadel
+        ZITADEL_DATABASE_POSTGRES_USER_USERNAME=zitadel
+        ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE=disable
+        ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME=postgres
+        ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE=disable
+
+    - path: /etc/systemd/system/zitadel.service
+      generator: dump
+      mode: "0440"
+      content: |-
+        [Unit]
+        Description=Zitadel - Secure authentication management
+        After=network.target postgresql.service
+
+        [Service]
+        Type=simple
+        EnvironmentFile=/opt/zitadel/.env
+        PIDFile=/opt/zitadel/zitadel.pid
+        ExecStart=/usr/local/bin/zitadel start-from-init --masterkeyFromEnv --config /opt/zitadel/.config
+        Restart=always
+
+        [Install]
+        WantedBy=multi-user.target
+
+  packages:
+    - postgresql-15
+
+  actions:
+    - trigger: post-files
+      pongo: true
+      action: |-
+        #!/bin/bash
+        set -eux
+
+        wget -c https://github.com/zitadel/zitadel/releases/download/v{{image.serial}}/zitadel-linux-{{image.architecture}}.tar.gz -O - | tar -xz && mv zitadel-linux-{{image.architecture}}/zitadel /usr/local/bin
+
+        mkdir -p /opt/zitadel
+        echo "ZITADEL_DATABASE_POSTGRES_USER_PASSWORD=$(/usr/bin/openssl rand -hex 16)" >> /opt/zitadel/.env
+        echo "ZITADEL_MASTERKEY=$(/usr/bin/openssl rand -hex 32)" >> /opt/zitadel/.env
+
+        PG_VERSION=$(ls -1 /etc/postgresql)
+
+        cat <<EOF > /etc/postgresql/$PG_VERSION/main/pg_hba.conf
+        local   all             postgres                                         peer
+        local   zitadel         zitadel                                          peer
+        local   all             all                                              peer
+        host    zitadel         zitadel,postgres         127.0.0.1/32            trust
+        host    all             all                      127.0.0.1/32            scram-sha-256
+        host    all             all                      ::1/128                 scram-sha-256
+        local   replication     all                                              peer
+        host    replication     all                      127.0.0.1/32            scram-sha-256
+        host    replication     all                      ::1/128                 scram-sha-256
+        EOF
+
+        openssl req -x509 -newkey rsa:4096 -keyout /opt/certs/rootCA.key -out /opt/certs/rootCA.crt -sha256 -days 3650 -nodes -config /opt/certs/rootCA.config
+        openssl genrsa -out /etc/ssl/private/zitadel.key 2048
+        openssl req -new -key /etc/ssl/private/zitadel.key -out /etc/ssl/private/zitadel.csr -config /opt/certs/csr.config
+        openssl x509 -req -in /etc/ssl/private/zitadel.csr -CA /opt/certs/rootCA.crt -CAkey /opt/certs/rootCA.key -CAcreateserial -out /etc/ssl/private/zitadel.crt -days 1825 -sha256 -extfile /opt/certs/crt.config
+
+        systemctl enable postgresql.service
+        systemctl enable zitadel.service

From cb69038d8cdb08a9fc7039941e8a201282549fa2 Mon Sep 17 00:00:00 2001
From: Soubinan <contact@soubinan.tk>
Date: Sun, 3 Nov 2024 15:23:29 +0000
Subject: [PATCH 28/37] Set a better filtering on listening ports

---
 __layout.k | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/__layout.k b/__layout.k
index 2b8ae99..ef15ef1 100644
--- a/__layout.k
+++ b/__layout.k
@@ -1037,7 +1037,7 @@ _welcome_msg_cron = """\
 _welcome_msg_script = """\
 #!/bin/bash
 
-ports=$(ss -ptuln | grep -vE 'systemd|next-router|next-render|127.0.0.|%lo' | awk '/^tcp/ && $4 !~ /^(127\.|::1|0\.0\.0\.0)/ {print $5}' | awk -F: '{print $NF}' | sort -u)
+ports=$(ss -ptuln '( sport > :1023 or sport = :80 or sport = :443 )' | grep -vE 'systemd|next-router|next-render|127.0.0.|%lo' | awk '/^tcp/ && $4 !~ /^(127\.|::1|0\.0\.0\.0)/ {print $5}' | awk -F: '{print $NF}' | sort -u)
 num_ports=$(echo $ports | wc -l)
 ips=$(ip a|grep 'inet '|awk '{print $2}')
 

From efd637fd875a686ee4207df6fe0ec066dbda9e5f Mon Sep 17 00:00:00 2001
From: Soubinan <contact@soubinan.tk>
Date: Sun, 3 Nov 2024 15:33:22 +0000
Subject: [PATCH 29/37] remove unecessary quotes

---
 __layout.k | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/__layout.k b/__layout.k
index ef15ef1..0a71bfd 100644
--- a/__layout.k
+++ b/__layout.k
@@ -1046,7 +1046,7 @@ printf '+-----------------------------------+\\n'
 printf '| %-33s |\\n' '${_app_name} is listening on'
 
 while read -r ip; do
-    printf '| %-33s |\\n' \"  => $ip\"
+    printf '| %-33s |\\n' "  => $ip"
 done <<< $ips
 
 printf '+------------+----------------------+\\n'
@@ -1054,7 +1054,7 @@ printf '| %-10s | %-20s |\\n' 'Ports' 'Process'
 printf '+------------+----------------------+\\n'
 
 while read -r port; do
-    application=$(ss -lptn \"sport = :$port\" | tail -n +2 | awk '{print $6}' | cut -d'\"' -f2 | sort -u)
+    application=$(ss -lptn "(sport = :$port)" | tail -n +2 | awk '{print $6}' | cut -d'"' -f2 | sort -u)
     printf '| %-10s | %-20s |\\n' $port $application
 done <<< $ports
 

From e8e7b99551f23ed0c7a6eacef9d2708f0aa71d36 Mon Sep 17 00:00:00 2001
From: Soubinan <contact@soubinan.tk>
Date: Sun, 3 Nov 2024 15:38:53 +0000
Subject: [PATCH 30/37] watch on __layout.k

---
 .github/workflows/build-tester.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/build-tester.yml b/.github/workflows/build-tester.yml
index 1d6c192..0a8b80b 100644
--- a/.github/workflows/build-tester.yml
+++ b/.github/workflows/build-tester.yml
@@ -13,6 +13,7 @@ on:
       - ".github/publish_build.hurl"
       - ".github/workflows/builder.yml"
       - ".github/workflows/build-tester.yml"
+      - "./__layout.k"
 
 jobs:
   init:

From 6bbfad2f2c08f7fce9e8bae994cdf96929171c6b Mon Sep 17 00:00:00 2001
From: Soubinan <contact@soubinan.tk>
Date: Mon, 11 Nov 2024 20:08:53 +0000
Subject: [PATCH 31/37] fix ss port capture typo

---
 __layout.k | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/__layout.k b/__layout.k
index 0a71bfd..ba14d8f 100644
--- a/__layout.k
+++ b/__layout.k
@@ -1037,7 +1037,7 @@ _welcome_msg_cron = """\
 _welcome_msg_script = """\
 #!/bin/bash
 
-ports=$(ss -ptuln '( sport > :1023 or sport = :80 or sport = :443 )' | grep -vE 'systemd|next-router|next-render|127.0.0.|%lo' | awk '/^tcp/ && $4 !~ /^(127\.|::1|0\.0\.0\.0)/ {print $5}' | awk -F: '{print $NF}' | sort -u)
+ports=$(ss -ptuln 'sport > :1023 or sport = :80 or sport = :443' | grep -vE 'systemd|next-router|next-render|127.0.0.|%lo' | awk '/^tcp/ && $4 !~ /^(127\.|::1|0\.0\.0\.0)/ {print $5}' | awk -F: '{print $NF}' | sort -u)
 num_ports=$(echo $ports | wc -l)
 ips=$(ip a|grep 'inet '|awk '{print $2}')
 
@@ -1054,7 +1054,7 @@ printf '| %-10s | %-20s |\\n' 'Ports' 'Process'
 printf '+------------+----------------------+\\n'
 
 while read -r port; do
-    application=$(ss -lptn "(sport = :$port)" | tail -n +2 | awk '{print $6}' | cut -d'"' -f2 | sort -u)
+    application=$(ss -lptn 'sport == :$port' | tail -n +2 | awk '{print $6}' | cut -d'"' -f2 | sort -u)
     printf '| %-10s | %-20s |\\n' $port $application
 done <<< $ports
 

From 6c7b58b1ec1dbdc5c79fccde07d5da5bcfa0303e Mon Sep 17 00:00:00 2001
From: Soubinan <contact@soubinan.tk>
Date: Mon, 11 Nov 2024 20:09:19 +0000
Subject: [PATCH 32/37] add new template: OneDev

---
 templates/onedev.yml | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 templates/onedev.yml

diff --git a/templates/onedev.yml b/templates/onedev.yml
new file mode 100644
index 0000000..dd85385
--- /dev/null
+++ b/templates/onedev.yml
@@ -0,0 +1,33 @@
+metadata:
+  name: OneDev
+  get_version_command: curl -s https://api.github.com/repos/theonedev/onedev/releases/latest | jq -r '.tag_name'
+  description: Git Server with CI/CD, Kanban, and Packages. Seamless integration. Unparalleled experience.
+  categories: Git, CI CD, Dev
+  project_source: https://github.com/theonedev/onedev
+  distribution: debian
+  release: bookworm
+  architectures:
+    - amd64
+instructions:
+  packages:
+    - openjdk-17-jre
+    - fontconfig
+    - git
+
+  actions:
+    - trigger: post-files
+      pongo: true
+      action: |-
+        #!/bin/bash
+        set -eux
+
+        export JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64
+
+        curl -L https://code.onedev.io/onedev/server/~site/onedev-latest.tar.gz -o /tmp/onedev-latest.tar.gz
+        tar -zxf /tmp/onedev-latest.tar.gz -C /opt/
+
+        bash /opt/onedev-latest/bin/server.sh install
+
+        echo "* hard nofile 65535" >> /etc/security/limits.conf
+
+        systemctl enable onedev.service

From 0d0a6edf90cb412c4e9a46ba767fbdd725ab30de Mon Sep 17 00:00:00 2001
From: Soubinan <contact@soubinan.tk>
Date: Tue, 12 Nov 2024 04:02:25 +0000
Subject: [PATCH 33/37] update template: infisical: explicit make install

---
 templates/infisical.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/templates/infisical.yml b/templates/infisical.yml
index fbaff52..35618a8 100644
--- a/templates/infisical.yml
+++ b/templates/infisical.yml
@@ -99,6 +99,7 @@ instructions:
 
   packages:
     - git
+    - make
     - nodejs
     - redis
     - redis-server

From ebf847823e4a4fa8f34fd96803c0b354e96c4b79 Mon Sep 17 00:00:00 2001
From: Soubinan <contact@soubinan.tk>
Date: Thu, 9 Jan 2025 10:24:53 -0500
Subject: [PATCH 34/37] improve available ports formatting

---
 __layout.k | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/__layout.k b/__layout.k
index ba14d8f..631df34 100644
--- a/__layout.k
+++ b/__layout.k
@@ -1037,8 +1037,7 @@ _welcome_msg_cron = """\
 _welcome_msg_script = """\
 #!/bin/bash
 
-ports=$(ss -ptuln 'sport > :1023 or sport = :80 or sport = :443' | grep -vE 'systemd|next-router|next-render|127.0.0.|%lo' | awk '/^tcp/ && $4 !~ /^(127\.|::1|0\.0\.0\.0)/ {print $5}' | awk -F: '{print $NF}' | sort -u)
-num_ports=$(echo $ports | wc -l)
+ports=$(ss -ptln "sport > :1023 or sport = :80 or sport = :443" | grep -vE 'systemd|127.0.0.|%lo|::1|Netid|Local' | awk '{print $4}' | awk -F: '{print $NF}' | sort -u)
 ips=$(ip a|grep 'inet '|awk '{print $2}')
 
 printf '\\n'
@@ -1054,8 +1053,8 @@ printf '| %-10s | %-20s |\\n' 'Ports' 'Process'
 printf '+------------+----------------------+\\n'
 
 while read -r port; do
-    application=$(ss -lptn 'sport == :$port' | tail -n +2 | awk '{print $6}' | cut -d'"' -f2 | sort -u)
-    printf '| %-10s | %-20s |\\n' $port $application
+    application=$(ss -lptn "sport == :$port" | awk '{print $6}' | cut -d'"' -f2)
+    printf '| %-10s | %-20s |\\n' \$port $application
 done <<< $ports
 
 # Print table footer

From 8a971060b687d7cbe493d54b2e892630a25304f1 Mon Sep 17 00:00:00 2001
From: William Bartholomew <wdb@willbar.com>
Date: Wed, 1 Jan 2025 13:24:28 -0800
Subject: [PATCH 35/37] Add missing debootstrap dependency to README

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index c31b79b..737d75d 100644
--- a/README.md
+++ b/README.md
@@ -44,6 +44,7 @@ It is very straight forward to add a new build template:
 [Step 1] Install requirements:
 
 - [Install distrobuilder](https://linuxcontainers.org/distrobuilder/docs/latest/howto/install/)
+- [Install debootstrap](https://wiki.debian.org/Debootstrap)
 - [Install KCL](https://www.kcl-lang.io/docs/user_docs/getting-started/install)
 - [Install yq](https://mikefarah.gitbook.io/yq#install) (optional)
 - [Install jq](https://jqlang.github.io/jq/download/) (optional)

From 82e346060c17ecb27b104d2d36f45047054f5e11 Mon Sep 17 00:00:00 2001
From: Soubinan <contact@soubinan.tk>
Date: Thu, 9 Jan 2025 10:54:30 -0500
Subject: [PATCH 36/37] move workflow_dispatch event preventing others events

---
 .github/workflows/trigger.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/trigger.yml b/.github/workflows/trigger.yml
index 6c4bd99..d201b40 100644
--- a/.github/workflows/trigger.yml
+++ b/.github/workflows/trigger.yml
@@ -1,7 +1,6 @@
 name: Build Trigger
 
 on:
-  workflow_dispatch:
   pull_request:
     types:
       - opened
@@ -15,6 +14,7 @@ on:
       - "./templates/*"
   schedule:
     - cron: "0 0 */7 * *"
+  workflow_dispatch:
 
 jobs:
   init:

From 69e21bf096e300266c638d1686cdadb9a805a2a4 Mon Sep 17 00:00:00 2001
From: Soubinan KACOU <soubinan@gmail.com>
Date: Fri, 10 Jan 2025 16:56:17 -0500
Subject: [PATCH 37/37] Create blank.yml

---
 .github/workflows/blank.yml | 62 +++++++++++++++++++++++++++++++++++++
 1 file changed, 62 insertions(+)
 create mode 100644 .github/workflows/blank.yml

diff --git a/.github/workflows/blank.yml b/.github/workflows/blank.yml
new file mode 100644
index 0000000..35c1a73
--- /dev/null
+++ b/.github/workflows/blank.yml
@@ -0,0 +1,62 @@
+# This is a basic workflow to help you get started with Actions
+
+name: BLANK TEST
+
+# Controls when the workflow will run
+on:
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "build"
+  build:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - uses: actions/checkout@v4
+
+      # Runs a single command using the runners shell
+      - name: Run a one-line script
+        run: echo Hello, world!
+
+      # Runs a set of commands using the runners shell
+      - name: Run a multi-line script
+        run: |
+          echo Add other actions to build,
+          echo test, and deploy your project.
+
+      - name: EEE
+        id: eee
+        run: |
+          echo all_changed_files="templates/infisical.yml templates/omada.yml" | tee -a $GITHUB_OUTPUT
+        if: ${{github.event_name}} != 'pull_request'
+
+      - name: List changed templates
+        id: all-changed-templates-list
+        uses: tj-actions/changed-files@v45
+        with:
+          files: templates/**
+        if: ${{github.event_name}} == 'pull_request'
+
+      - name: List all templates
+        id: all-templates-list
+        run: |
+          sudo apt-get install -y jq
+          echo all_files="$(printf '%s' "$(ls templates/*)" | jq -Rsc 'split("\n")')" | tee -a $GITHUB_OUTPUT
+          echo all_changed_files=$(echo -n ${{ steps.eee.outputs.all_changed_files }} | jq -Rsc 'split(" ")') | tee -a $GITHUB_OUTPUT
+        if: ${{github.event_name}} != 'pull_request'
+
+      - name: Check templates list
+        id: check-templates-list
+        run: |
+          echo all_files=${{ steps.all-templates-list.outputs.all_files }}
+          echo all_changed_files=${{ steps.all-templates-list.outputs.all_changed_files }}
+          echo TEMPLATES_LIST=${{ (steps.all-templates-list.outputs.all_changed_files != '[]') && steps.all-templates-list.outputs.all_changed_files || steps.all-templates-list.outputs.all_files }} | tee -a $GITHUB_OUTPUT
+
+      - name: Print templates list
+        run: |
+          echo "TEMPLATES_LIST=${{ steps.check-templates-list.outputs.TEMPLATES_LIST}}"