From 9c71ad1b0bc37e07bc5c290bbedb38bf8afb6d04 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 26 Feb 2024 04:40:16 +0000
Subject: [PATCH 001/341] Bump xt0rted/markdownlint-problem-matcher from 2 to 3

Bumps [xt0rted/markdownlint-problem-matcher](https://github.com/xt0rted/markdownlint-problem-matcher) from 2 to 3.
- [Release notes](https://github.com/xt0rted/markdownlint-problem-matcher/releases)
- [Changelog](https://github.com/xt0rted/markdownlint-problem-matcher/blob/main/CHANGELOG.md)
- [Commits](https://github.com/xt0rted/markdownlint-problem-matcher/compare/v2...v3)

---
updated-dependencies:
- dependency-name: xt0rted/markdownlint-problem-matcher
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/markdown-lint.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/markdown-lint.yaml b/.github/workflows/markdown-lint.yaml
index b4265e22..42635b69 100644
--- a/.github/workflows/markdown-lint.yaml
+++ b/.github/workflows/markdown-lint.yaml
@@ -16,6 +16,6 @@ jobs:
       - name: Reconfigure git to use HTTP authentication
         run: git config --global url."https://${{ secrets.GITHUB_TOKEN }}@github.com/".insteadOf ssh://git@github.com/
       - name: Install problem matcher
-        uses: xt0rted/markdownlint-problem-matcher@v2
+        uses: xt0rted/markdownlint-problem-matcher@v3
       - name: Lint Markdown
         run: npx markdownlint-cli2

From 48ed574621c33f7e5729afe2ee70f9a9c0781521 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 11 Mar 2024 05:01:04 +0000
Subject: [PATCH 002/341] Bump softprops/action-gh-release from 1 to 2

Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 1 to 2.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/action-gh-release/compare/v1...v2)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/dplsh-build-release.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/dplsh-build-release.yaml b/.github/workflows/dplsh-build-release.yaml
index 6cdfe3f2..2e599be3 100644
--- a/.github/workflows/dplsh-build-release.yaml
+++ b/.github/workflows/dplsh-build-release.yaml
@@ -91,7 +91,7 @@ jobs:
 
       # Create a github release if this was a tag.
       - name: Create release
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@v2
         if: startsWith(github.ref, 'refs/tags/')
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

From 87003a22a506d4b3d47432e11e19f8253a60897c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 15 Apr 2024 04:45:40 +0000
Subject: [PATCH 003/341] Bump stefanzweifel/git-auto-commit-action from 5.0.0
 to 5.0.1

Bumps [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action) from 5.0.0 to 5.0.1.
- [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases)
- [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md)
- [Commits](https://github.com/stefanzweifel/git-auto-commit-action/compare/v5.0.0...v5.0.1)

---
updated-dependencies:
- dependency-name: stefanzweifel/git-auto-commit-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/diagrams-render.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/diagrams-render.yaml b/.github/workflows/diagrams-render.yaml
index a67cb7e1..d24ac741 100644
--- a/.github/workflows/diagrams-render.yaml
+++ b/.github/workflows/diagrams-render.yaml
@@ -34,7 +34,7 @@ jobs:
           } >>"$GITHUB_ENV"
 
       - name: Commit changed files
-        uses: stefanzweifel/git-auto-commit-action@v5.0.0
+        uses: stefanzweifel/git-auto-commit-action@v5.0.1
         with:
           commit_message: "diagrams: re-render of updated diagrams"
           commit_user_name: "${{ env.GIT_COMMIT_COMMITTER_NAME }}"

From 0dcd9adf0ac96af79da8b77d4a5ea5186086d129 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Wed, 17 Apr 2024 16:23:42 +0200
Subject: [PATCH 004/341] Add runbook that explains how to use Lagoon UI to
 sync site state

The runbook should be accessible to developers who may want to do this with PR environments
---
 docs/images/lagoon-ui-tasks-page.png | Bin 0 -> 70500 bytes
 docs/runbooks/ui-sync-site-state.md  |  58 +++++++++++++++++++++++++++
 2 files changed, 58 insertions(+)
 create mode 100644 docs/images/lagoon-ui-tasks-page.png
 create mode 100644 docs/runbooks/ui-sync-site-state.md

diff --git a/docs/images/lagoon-ui-tasks-page.png b/docs/images/lagoon-ui-tasks-page.png
new file mode 100644
index 0000000000000000000000000000000000000000..0f1a9e53c9891fabcad38db02f03544c911b923b
GIT binary patch
literal 70500
zcmb5VXIPU<*9MARK}4lVm#u(wl_p(5dXttwXi6va4hcm?MX6E((n1LVLI_CjpdcV1
zB|tzzlMX?8Xo0|q?^gGBew-gC*F_uFGc&8q%v$%{&$}nOYP8g>)KpYdv>NJ<4XCIt
zNKsLpethvfr6sKs6-N1S)>}!#=pyA4bkX)L<!=@r6%!vrcY7cIXI^$x4sPzQcEa8^
zUUqhF-j41*>t~u3C_;k2gp|GPp7}VryWKQ$a<!uZ+S%T`Cw23Yhu6*fckheeyeBDh
zS5ij&!A)fqL!+gVE3H&iH>orpKQanP|2g6BV{CkUyy=h$9i(~11X(wDb@5JC0Rx+4
z(d=8Bb-Q%^j?KjfA*(UE-u7Sg^Djo6W2BK}@LjrN@emSzRTI)D?{IRg&OOh2`@L#V
z^KchvZqj>q)ZZbKZ8&&qbc}(4!Q>QWmj8Yp-deP(^Knw%`>%;A=4(`_hbS!V0a(&V
zlk2C(eHA(*Uyo6DolR+Dc0<zA%;L**#<}qyYAIQ(z{$OMfPfsZkgQ2^(L7mE_cui?
z3Px#Fwhtw)8#68fe?oCK5C$95<;t*Vr=7(YsP>xV;HG#_l$SR8MmO~$P)=aKCegM2
zejclL4dEUphg`VUOgLhCFi>NJ+q>0MZm@d6@ZbX=#2uF5U>pk_JuDe--lx6vYx<u&
z`9;O_pJ7*7>)0Is`Jnf3c1GOif=7_x+v$YR-wIMu4bipeu+vLbWkdfqJ<p`3v?Wl%
z(*8CT@V)w_@Z+r();i|Dt^25(<6rb?9!vSq{cYPYRH}K0XpgV>+ftzS>)BWTr?X!T
z0>h$#akLXOf5naxue!|?oVC79ko;@yCz-6`<55@qeOA7FfAjNn%yq4S(|;bwYLYOi
zk#;gl%sbAj<c*FH2z0SM@lXjj)P~6296$R<>|yZs$lkdN{&cwDWJzF9dP$3Sf~wkb
z)w|MElJT1+bGYG@g|aWp?%01%kkQp1VhX+aW4!HP+mnr3oc<?vJrdm91|@x+{e_r=
zogrl-;7xql6z`uws0bDr;c3|E7!giJROhTU*k|&`S~lx=Bhp^98>>}5083fH>C@>O
zzDOnC`K=v$IJK7{tTGgn>MLj3j;guNMOkUtx~)BzE?ukhwf=c;6(P;dt#nK8;^4Of
z(^N^mawcdvg7K~E66fz>3j|*rY0tZb0x^{!7N}phvy_nnUru)YIjZNmGSpJPbjHxz
z;1Cw-m<nc&HOH-*8#?N5hZ0SfK{X=P0DPPN-PhfJ4C)Bk+U)`Ezo_1sJ2QfE9lKOF
z{o>>+v(m>)RE~0BiSeSfrqqssV?@Gi1=zXCG8I-V{O+8u7l)C^Rac(D{>I;PdNP(i
z)W$mHov?N?Hg#LWdAKOffv`|+NktVij4fd{>z(twm+Iw@mZ6c<VjGt?GF)@>9nzZQ
z?7m;C=qsf0I~>I2&p{Q2Yl_i6C-NgOx!u+3De!ty8|`;NDk_1(Mh|ZnpT;+DWaCe>
zirqDr$B#7Z6PvnIowmL&$t)QUGQV~D&qg}Z@4S5<DZ$t3W|Qv6^4-3DN2E#b%nmix
z^B*zw*V_}d^~MrT6RxiVyG^F_E3a|r*Mu)pd{;SM&)cj1;>O>&NTrri)QY<>iCvX4
z2Tj-ZX2^DbRAHpbij#J0=}DJETU<CD5$QK1(FCZbR*^WD^WB~PUz0d$dQ~-II=Jfi
zm%LZUs(~LgN)|aKycE!B?*2Q+XI@*aPplI#Q1ixs=zJ@<n?#N2g#WV^yW+{ZF9L;Y
zqPQO*pVGRZ8e=ns<l-bm1{;UoCb8E7em$lbUbMSk6tbfQ)T6r<@gOPlU2{Ty=rJBQ
z=cht<V|fN`q0{_HAQu1~^@xc~^w6??0jZ$T&mZnk@lO*<h6Vi_htGKtH~CCmzp>JC
z1_k#oM&D!oUJ{<PYKHny#W(D|&RTtBp&EKT`L)u(v1X_VgZp|4&dKsmFd3yM>iT~C
z&6+KJe?vmP)&(|KbNh<eQ}Q`cJ_z~ZIo!6dvQ3e$A{P8u3f)_3@BwCE5Djn_ClM|n
zIBIvsxy1vcWrWA$7@lb7A~;u5HIssZY&1asnk;KseXLQv+WdY~myJmJ-N#d8XT;+g
z(>KX>6+z|tk2cRZM^9Q=`>rD4y|QD2RkzhL^CWHQHVrG5Xw)JJ2dVP(a%6CY@vtPq
zJz1J`$5?YOHwlwF%@+Xi`hYFcV{dF!E?j@b{e_S5YJ`+V^!;(U4{HK^eT7<QgcRAh
z77Y!$;vAsL9LyY+HSr$yZsg<D*D!{+s1dE-n@@o<_P}|lWbd^xr#IdypMQ6K@6LPw
zn4@Pw4^0?F2bXrFRrxHOe0Oi6MHf=z2|a#|auyOT;HS>~<1oK958|$rYIg*HEO8A$
zH?hWV+k{Z*!H6u`;RGIQ;_ZmT>}oWIg-w2r={TfKQM*r7#I_dyg{UUexuwP)gBQ64
zmhj_{Y+Slj5JbLo=$&e+2MW#B!ai~MM&CN%nc~ru4C!_Yq3{u4RT(Ki#!hyw!m2jo
zkh4YY{-qH@cR{7!9J{O$Q3g7yRaJFAjnMiWnAAgL*kP1H=Hk+<MR+SlA-^8dkcqWY
zkYM#I%zq^ruQ=k^=7mU3zJWAFO{ElbDr$Jy?tCqwQ5(<_gX}Y^u^j>OGr_)(xX`<C
z@jb~`*zc39V-Ti?F=U6)4-9>@C+2G2IT(>u2b_qxOvT6&W;AAjmrKEq66VEw>=PSs
zeZb~H9Ka#EOr}2Bc<drSUymbpPu0ChCP@2k@O6syz7zt*I@dK&PO9i8Z*jYx>8}1s
zgdDl~#XyvQ5b1WQOF*r#K8O^i#|8hfT+JM?)#D=`?2ocxcUt0yhbVk6v@w~M3p^S7
z5sBsW)MZ(o$*ivvYQ-kh7Zq!NB#df<cH{K=+~d#FZi|=38pl51Zx=<fi>Fq9!OF7b
z9_2W{A`*!uG)O(gyJcrE?Y^ZEaTUP{2;jmE*G@rPW&ql`m*}G@+nH=r0fu2+Y<5oG
zX!bQNIht-pud9cJ2iDm>eHQ8xgT?!*mI&X)8+z0<zLk8v8tq~gz*PjYBdRberVVK4
z;=YI#@$OcD?UAcy>^fs6(exb4bDr?EHNKwX@7N*Cj@2eqh}F1e**n+RY+IrR>ey&?
zI7~Up#0x!m2;a>02AjHu3g}xT3d{=DLg(KDTzh~%HHbqI=e#&_t5yuu2~f9IUr~G8
zsl}b{1n@yl62u%EBXH?ff`PgGiCZB>UetSHtHV`8sGo9bX~m?;iKr%Ys5<YKvF|vp
zi=wP8DkZE=q=b=^O1h#3WzpcO-~0XprhD8@1RQ$gT5SE{f(GQMS&VUHJr%Nq+Y}Bh
z!4ibfVq;o8(LP@_T`xc(;0E01${0(ysNE~|eE7`r3&ALO%7UW`ibocj`Li=*ed)x~
zGx3_eZ?7plB(OIB2o;mGaJD(`T~*zo1N_YbOXK!ygwBCM^Jln7<5%M&HHF5H`dxUi
zxYPvr+fB4TeRPEA@)y(SRUz^QQr{Y7TR5lzFCJfUTwqqMy$48+-XyMgM*&o|nrKxG
z0j!lj?IaG2^qL<m4Ngfh!<kv#cQ#<~nLW0i{cqUf)2O|hdW!W!hI3{ylLCxIsTa{J
zdI^(9`1})It<7Nh38~@1XnqB<Q&>eHC5Rprb1pd(W2M+J-aLT@g?zLRdInvCqZQIt
zmT+P5^xVFV4vhLISf$2g>6V20aV%FpQ*Sg)-;U4WIY50Lt1J38@7-xYb4|;j^fOhi
z9`6bPWAJDjq0keKKMaNhnQqJ{*pLDs8<){Nk?iu#%3YgU7&FtIE2Z~U>Yu&w+wkeQ
zx=gNS?~ySHY~CyKB^tfT&u@o<?&GivIW)U0tIIE@0cd9F)H-EqXJ_BG12|>zlaak8
zo$1sogk`2o1d2-rpX$uGpm`tQYJ-eMbM)vYl=1kk+53(L7UygSlNPH6UZ8Q(v$-YB
z5|9lVHE!1;H|eQC@<GhnLDwC<_;;msiw1hZgHe<F{f_y9w48+H-GEO1M#F+QU4;%@
z2}Em3*pGO$)^fPoVkj>^{0&RyV&NIf*%jILQOd&->7uKk1O3n7YmTPHjZfK^U((3y
zxIGhJaaPkZ$kh$Ttg$;VTHsLJ0Q%l-pWq7!fBOfiwR>NUD?@8!vX~tXD}zJZ7VE0w
z+%m8BpD7u!dOK7wQy3Zy&z>^JHcXZrF3mlN{>fEbWR9jRA_k7>B}y{L7;{LTdqBI!
zSx9N7WHu33q<B8t+pS_I0XGb;5SR)V-M}cde5B)aU5gb*-^5T^ZsS%5<AuUD-rJAw
z@Z)eTzO}65^4ekb;e@Jfo1O6}lIhsZtKEO{;D?6O=e81IasOoY`G2wLW0g|P>^VpP
ztXd(KB+n4C{X6dUEj`S$%_&M{LnvnhfKgRmp+3ZY2UV5Vsi1_Vf`c76FYSAPh<s4p
z=;BhFit2@;TscHarZgecX4<p6na<J_XH$@W?U`zcj=wm1X?CVkmVJ2<UVLMIxwR*z
zs{S>U3mzPA++vP6r}D_D?*+VWo`vjW^Q=ZcJ^XQ=48$=Bdz@2NLtH3^v%BG}tMp<q
zLexrrnydAo=w&;`veAN1l%+~Q0h6%nQ{ENDOS7w$vcdO(wRHinaQR&9oM&cl^rWmh
z>KaV%ISFzELtdi0NubxRce{Gx;=OrH`GqZHo}{<1prB^_&`9hGnogAVs5R-<*+(7H
z^<&s6CRU_|K_1qOCR(@oE7(K};d<d^=HT>WwD(NZWC~%aafZq(8LQBY?obP0t?9yc
zJ#5>?SC&U;i$NUXuz5Ked$WFsT4ap0U5)Y6*9g4`d^FhIw>1TR9i&;?scI#1k0AXS
zJQ~UoT-&mgMlYW+VN5zqY5})uC>O;i%aR6P=6npU#_9%=wo{O0Z&`c!&qd{hf-A(U
zm*#R*?L&?I+=|BB5;<20yPpArRWQuciP|CT5Uq-LP&hWtIhT)Qx^s+Qx}Zmp9vZxw
ziH+oXK$0xqNZ+aFP_bNevPOOBnVKAwAm`%BgGsZ5oLxT_Oy3qUIZ`fTqCJ0E<Mp1q
z(p#+Hx@@Y2(P{FmrP{rbz(NStgTEmypGHP~ThWUM!pa}bx*^6LfqTTuAu;bh)*UJ7
zC0IuvALJq2<HNXslab}*y7iaO;U@(ypGGUAH91T4bQ>*&-!_Ji$7}XTjBQICjFKUg
zL!iuSg-?40E0TNrZNvJ!GQ<ZIu?9VO4-c(&aePn%EjaH_XKYZ2?(AC|2^QrVz=*OB
zRY<4U#juSkn%_DMPnIsOvCybnFSC!QZteO!p<F3Zn)S`IZA6$Wm8p7fsUk7{VL7y(
zlqU4E`hT@36_q&0i=)exQR@b)vnN}`lA)s?&53EH)mNZ6@x&PYBUj9MRrT%>81>WJ
zquK~N4TIP#fM-a~sm8&jC#YC!*CcG=8G~wFz%`h8k(F8}FRQSo;7*N0#nZ4jSMHr?
zAuu!=3(CaRD5wNqE@g$jOe~vp40Ic{_jeJdHi^8=%T`;A-5M}<E5@!d@c*OvI+&)E
zbwFQp+_55?c=`>z!UwHy0!51;%X~!DNToh)nXvf#x$o8a^9s`kG|l!j^n;7mSX?EF
z!Wf`)QO7ma-u|P~M(^Dc|3Ne9!_uGTzOcZ2Q$PfUcPUibq4hzphVoT54EK0g=f$h*
zmMMo{ompFWvh2+vu!$NXa3$)rKoMsX*;-FNo`ZbgsupVQGIV%ZPq{Th>CTAbye`U}
zPcZYgRfF;RRj1LsR^u=6i4~s{jr=qVH`A$qih<1BM6?XFWzj2qfuxSr;=GeCoLRHq
zPWPmNqc_TUxz--ZwU>yomV0lXdl8jV;-P)$_r9S~wOdn7`4nQk8b+QCi?Kigim?sR
zc4OV+PDF&@&hkx`TRVc__4)y4*+mv%JY){sb!8P}O&!JLDhT~Ku=CnDZ(bS;kg}X!
zet8$Mm=9F^o|wCOh+I?@xcs2Lia)5x=Oar|PPvGL$-KQ=6YhmLFavbBGp-|C>0wcv
z_e~RM5P{xfwsoQ;6BB+RMeTI7q$CSxRrr$tV6SBoM)+MgvoyR>NG+kG?M_qRbjG~`
zs7dE6GWli3uJIe**l3Z1rUwNX(u(MBo-`x#;GL=<S_0rkJd>#F;ql9|jvmV-ga#sK
zsL?{b^Lj;mMV%3&gXg@%^5V+%L)YJ#yN;H6fH#NsI0)fw-?Zsqv0n~N96feZsan!k
zlb7w424He{(p(a)dHBpD{Bp&3YgrA~p3JKI<umZZ&R!d>oj*-0Xg9CXbeF$H-E@BN
ziVY(pZ(yf^YVG3vG9KsL4;~sR@jZ7_8&&H3-y4S;t2)US>An*u5icN)ym}Ux63LT-
zq>Hlo=CDkl(b}^5{b#SaZNjJFd31tPdYy}`u+C{YRF-)r1~$iDE3guNazI=(*P}m#
z)`jNI&1tQS$U;`l5IT=qFnL*7L9da*>4HsN=etcLBHssL<jAW)#>`z=74KVbiL^1C
zC*y;5e2}{7S1lVdp5a(oE7?@2x|cOF07$C4<LWv&2zLCm^lntu`Aqz-M(7?Jd3L<j
zHP4<!rJd>g3PnRDRsMNNa)q=(Dh$Nb{ED(8mOK<Vne_*m$a~c0OV&qE9=Bj)d=Ta%
zg?o4Osw+#W?=5WTIOyPJU5avAkS{ADMmoRVvs;_^t}bZx)~AD`*iF>GsE=>;V)cF1
z2<qgmJ#@=)KFW0AE%d3XntB&(pbI0Mp2;!Ss1)Cf#C1*&#2lzP-xpK}y^TE6%Muw>
z_miRe(MuiFi<X{T2H>Wrf-g9Df2)l#mXh`Me>*qY^=*eZ9%a<1sHjz)!G(S_LGUa6
z`RyhwM}yx@qlSgU^2U_IyivMtO08ulJVhSQd_D#lHn24_8x#@qpn=)JF8E!{gCo8(
zhcDTIRt*>bEB&v}?$6U*GE`N4V{Kh%HM%jK7K)RnQz)5d!=p`01Z~qZA9kA4zN)Hb
zW#?Hv%)Xm@FVG-~Px#~u_QIiH(k=XHl+S0oZAU@1g$;$bs^Dw<wJ8R=AMcAeC&GX=
zi?-TW&dfIJe|T(=Q3m|qwqUCK$xzm@&-uBZ0ohQFU^A`HuX;p-FtUILq(QJ@DdC%D
zXXVa4{}&Y=O^Daq$d8WbV|h$5>+JF)>AG2OL+${QMwu#0t-;f3#8mJzfmaUkiLh&P
zpZ_rn@gRPqi>DXxU3c;QybND!_-;7U%;72#Z$q~}GJ1blGn{=@fbp_DNBotf2t(^z
zm@;qb^;1%MU2(>?%Vl;NyhhZbzG+5K-IRED!ME#9I5kz#pc%)I&M$Wfge7%Z5WqIN
z%nSM6gWud>nc<Gi%tlCVd}4}VZLMla)3T%M`@qahv;B@!rnLs@1q`6##;^TltLG9@
zZt*{k5c2<E=*F&9T-%B@d<SS|nO%PI9HAIwwGBo3d>Vc7InSuCdw>aer@h1Yn8y7V
zlttEAiI3=^<Z3+KmAuH|kWWB%Ko#vk{>)QD8TJQB>rkH>!|N`Z0;7E8HTTOa3UWph
z6KBBPlPylHMWnL*x|BzuW;jKuLQmqEe~XxhtDdd(g7@x~wl9)*QVxlqU>I065rA}s
z07t_mjY6W2giK4Osig=B^sc@;CTPh6)lBk}8&B#EqlV`+$#|{K&H=cW6;$lXg~#zj
z#reh~23(I0%}k>mg<Z$&66t^D07#zIws_Nwfg&G=BGsKzgR%;R!;RL1`sgNwI~fY?
zgS8w;96CB4yfQl#gkXf`?sD*0f!apu_*6byDKnmi#~m3MJKtEaW5t*(FAYu@XbYkO
z2PYxrq#|PLm0Oin1lEgN+v-UMf+bji>3OX*DYnL1yn3lY_><1=_;_XHe$HztG4Ch_
z8%Cgj=T?V$PedpaH{e#ChO-}oh|LNwi>uK4^FAVM1}gq#1XI!r&<8{A5RKwQLqcV$
zIyym?<De4w6uASvogZeb<b&!U16u20!NT>`Y&_who!Erk^DKvFMg?j^GpYb&%?ph&
zxKF)mS2lKk-qWP3X1!sxyQyFyXxa`MNLuHR-^J*U+=GXRjTgqxObED6iB24VThFB#
z$Q!%a&x536x?Vjuen$a+|KI3qD&>Tr8Ch7K!Rp&3y^sgc49|lp;SkNmnoUXP#i6Ft
z7>_ArPxsjriWGS3yJNK8+kQ%R4x&`9*lFEP&QxO#K8<SKDC1Z^ZcR;JEzbG?qr_rP
zX37C{&Mqc0cH7C>`bE`krbMB%vG*qNOuu0~$bBW<{+2c^T)qD~YbNx#cGj2jwKJb=
zMQ9!6a$H}K<8i2=j*T)5@X@l%Ur)C2hQ(EAHo=>X%5`t8{9qJk=j#GH>UC0pv=2kY
z6d>&wV4<8_qUb9wTe<Nd&6&7hj^Lv}R6^s}e74*(r}%k61bmx-JsJTV=5mv|HBLxo
zHfd~B>bjWRD}ysk)<!56=_9p_+)URTJE`=57Bl=lFR*z*sHvxV2{XuZT+(=b(qm`h
z4j2*HZq{bcqBG$$7fdef(VRN&!#V*2NE3{zT$sD~B%aqQ>Z@a>8II9#lGU>sV~Y!P
zn$p}9M8^@<1f*uTv8que6B=*4@)&_T%$<`%1<ImnWVPODA;X3UiQg;7mj)H!#V0BG
zep75@k0)D7NPsZrO@$O`Lm3hMh<EtCm|VuJ7^qAOpULz3izfXWlXKTOT)!n0MGbRq
ziRXk9=LMWjm=LZAIg5;^J9~Dj()yJ8hXR5`DIqYuY>Q4`xYg*~MO~)s*?P>M5f7)~
z#SeZsE=ck>U~th0OjpsgDUG*)XSmM~2K2kuqN*VGM0zLRwX=F*>4>z$v}9S(z5YR8
z=0Iu-+X}Ipw3-_}Wz8S2m)G<hO~f46_u?8C>!@94mqP22E@}~xFp_UIeiMV}OF#+>
zvI}!9E!S-VI<44NFRCl6fpp#`xGXmZ-5oek^!D|w!788lR<tE}Rm+kBO3;GsP`r3I
zHl6`xW2HB;D}1O%KksTrSh}~e?C-z;kX1ai;0cw(zQsA!q@=l1t^`mx{j~+z|E1gR
zsL^gOaaY|p@doBPhXTsw$#yH0vh)%9mUCfEj~QP(p-C%kh4Pgwmke{(Dip51&E&Z7
zQpiG1K=W5M`t2U_H)!KaxhuKf!N_&EG{m6snh`#@U`tsAOVk}a$U2CdYAS2wL!oBc
ze}npY9&g^n6JgM%s0FkKTYWF&C?J|k(bCk^R3=~}%fQeOmXLs0TH*$emLb<5KUnN4
zS)M>M+-@t$nv(MpU@(TS30IJ;uAo^*0yV;TUI9N*jmL(i0DxDviQDg9LoeFfvbv5r
z5pl;YcXMk#xi0$0*mszaf6Afv?>e1`Aew{b9i13E!+OLa(>iL&8E(G2XZ3(2Wa1fB
zuAm<jxRdcrx^h~SWQG$Cl7TI3$kO4gJi3kGoAmJ6yn`<9B@W4$cXcLRPl!q?x@&x1
z<g=~2Cy^ka2c%$1@6<bUS>%rj5tw%XG89rL`6z-GRyGg?5cMRI;!|Je>tysuq>}Ow
z7WpO_^4|uf@5QGHa%f9}HW3xg@v+AV*O4!|0m*x%U{3CHWyl^g4teQ5M|Z5WcQTtr
z00kD+iAmyRBfC~%$+L3gLt;y#XtR}dMP4*+t{Vd=@gp9dvqQfc>GLP1uPhVFEiBkA
zA2=wU;Nu$m4bcX{(!<imA3Lz#R**WU-27xUjZv1@uqM%bXkGrcew5Q2td+w9Qd<g~
z*UE8zjum4$zl2kUudN8$CI6h_7d{@(?}(SPkn11JXhmKHYU+rQJR`Ahidt72@3vwk
zY~;yPn0Qe=(x#ePiAX|-ul1-i+b!w5A+I_(5qlxVClBYFU@_r}l$VX3JZN7cm7{xo
zt3(AaKj4xc91Ls6ifP4^JRhW7bh=}11IshrfD4Blhi3=_dAntU6qr$L(E;|egP-wD
zW{PxG7g;#0*44TQQbC7Jj2+bK<)9Ra^w<9xlI+b7<}c0*hM_1|T90DW#AP(G)2fG*
z08fDxJJD6d-PYM(o#tVu6q~p<O5#qD|3(2{pfuvE=x^~&K)-RyWm_sG-=C|YbddV~
zDrJq7X%%YnEFYxNoWUMiDi|R~EDbFS5<{$O6({aU*k~Vw8cU>g$us*jE@}2DHlW;*
zXzE01seOH3$3xg&V=j!k4`#V98{pp+)f2Z?cHagp5L~>qt$ko=>>1M51eDKHyO#vB
zl>Pnz5X$)h90eU+6l6&j=%|P&E%FFyL%fXD8m$tvDZCes<{T8jmk^H8z3wk=MQa%c
zD-OsB;zI7iVx8vq0Hc9^uPW7JcIE%K(4O<&^ll9$F40a%*nj%~azCtJZyI#ZcX?vl
z*I7Ba8#iaiD<D)i5l828Tl*DGxf;6Fx4B#j^F54v9Qgu%Ec1x8B%vmDWqA5^>ibz&
z1su(-49_^Ub4&CwF%H31c6&A%q^c2UYVbx-A~I>~K5{(on8i%rcpfGl<CfuM)CR~a
z;Hl(vTT`bl(DBavr-fkuY$Z46q33iRY2x|=nQ{F+zYx25z-7ZoE9kOEIqIvs9c-d;
zoPm2>XiQ<+exoYPGR>o0;8oh^Yi|E5q@MVn4qT3yAV*Ce?-^1w_|ol`z_GzBef;qj
zmw9(g_1!{+mL7ZIBAG85i+USFik;ZTbvB-n&%UWSzviEI747K&C8_Ws&P}leH)0*l
z>WrS|GI;{{h?EO}SmG!&X2C(y$HDnsoG#}w$~OYLE6#tFm-fc$r_|?vxByGbGw^|Q
z76r1igR=ide)h1YAYER4*SAsvt5x+_KzqjlkplE#@Tn!q_Q;VM@V1FusJE8g0;FzX
z^o(7h8nOjxoA%FtNxn#^Nzp*6MG+r7SfB1>VHf1Qx2)Kd^YY4wK*gz-I%lP<i}KCt
zG&`Zuc|jT<-+`VyCE_|1Fe^?H{GSI;WOX9^s8?<@m^*DtBKj2lE3!~$)8cKBL25EP
zMtZ=<8rcAunr07{rM*j%D>@isH(gHVU)8GSZb1>97^NugDk4JaCn?vf;$@*VltX}0
z&0-2Js!`Sv1IOCZfxlt55ZjnhF5T`N?BwJEEX{5#-%BiD>`{r%yuES3_~n=`o&W9W
z1k1IiK$+@A@C3Avqhoy7$}&LzWK34+#fMj*rBQ75z?I5(2S)Pkd=im~N=1oDJoDS5
ztc15E9ZOb<AU0aeWNL{!aPbari#{bis>IsPkKmI^4lSi~-GL+P0~K0Q3uu)hy|B7)
zu*crrofY=NC(T$2G?ZF<6K#2Dz}4`CzuE@3uE6;6IqOAMw_!X?;L;p;V+pHZxcN3U
zTBoNS`BNgs&n4z+Eyp&Z!)vEZZP>>Jd|yP(TX!|eZo|R(f4^G9%wxaB;2Y^yyoLUE
zPw7Z~gtZ{f#+a`jP19#cLcZ%)Z?|X-?o1PQx2mNvOi-Y=TS(qfwvbjh{&P?vui*TG
z*64x3p!v%6XcdaNlO!p}EN^TiHp?x$67NRAwiX?7!MNcgkZW}wr2+)AEhgM{9c8;?
znp1`9bmz9)yS#-j_!a-Kw9jK#Ag%&ZXr+0352N1;Ae8z_NXhraJ)gr$hZW+WUde7?
zce3cnExqQPBfkVjCdINf8512Ne75Ah%;)V$-Ig9}iYvtf&7)@04r5Rm6qNZF6oLn`
zR1S$5sp&GK8}@GwhIy2`98#9quK`<n3a`4ISF8CSe)f<|J?9|ceh4MttTS~LN)fs&
zaan$=c$8_mJx|Bn;-d3lo(}$_Q(9j09x^`oQpA$q>vYw!4&G-BVEXM#j^+gM@x<IE
z4>ihl&%j(MR?YV~x!YTOewN5<#xeTA?()W*>iNKz|DVIRe(h7p{T3|9KyM-#I_WoW
zi$uG2SjxPw(Ye=SCO8;vSl8T~>d(p(YT}~oUwygd&JgbceSghRV2!EJe@qH6M>E8%
zDK9Aff82p_v9mU01JV=G{YBC%N<8z8U!L^qccym(y!H@#(DH9MvtDvGexD`~>R1sa
znwt$Z<oVO}{>qAy27fVUMp6z1fAk&uV&d!0e3WcO@vM`To#Sp<I*Gvg^5Pd0g~1E|
zCOaM<?oq#c>%2taB81EkgvW)dC`1Og;OQ(1f={^u=wV>AG~qC8C|RJ;ErcG8T|8_3
z?ms39MHgs|sS5?V5;jlE@0`tH<d}9O09iCOJ=qFn@9<r<@%@5i|4r?nqIwP)dODqV
zo3h)a-WP1-u77^B$ZG2!w*SMOd1$Ju>`xUP%hne1A2Y@==%SSVqnoLYzqtdHiAU2-
z^9o%2BL06UHqRp{Qb}>A@BI$OU+QITa*sb|dEqFS@@DPazxq<XKe;x|+ja4aLFI1{
zmNK#ScOLY1XRX=lep`hi_0Z#0+MO`+|54WDnp=+0->s1%am%i#GLi6CJt{|H!G9DR
zDi8DjL%8|>`&YlC?cy9ipHy>p{onps`6=#?R(<s7#gT%Qvj6Y;oB|>nP-sM~=laUM
zEc6sIotBFKX!=|=!h`-H;;M(mL9l}K6?d&a|G4?U;4D@2%SDJ+Py^4O{-1Zn-KKJ6
zIDHBjqWBjYq<Y>(Io%u?B9f7R4Onn_n)mtnMF_meVcy2{H#>o1)^qV^sc3s?Yqk!8
z@3)Kl0RN2k@Rn-LrL51T|1pCKu23|g?cI?(V4sZnD~402rxL&8Ec_qCDhqT`>Xi7M
zzVi6nnX%Qk{zyKN7@&+4QTXp-ptL@*_+<fx>A%#Y0+C+>2>htqI;8aQ`?*hXzf`$9
z45}^e_%FP&K<W%s;vXJ<g7qza^$ZaFOQlj%&7sQr{N%qV0lzdl^)T#N^MAwA{~A{N
z=8vv*zW*GLQ>JM9C;-k!afnIM??Rc1%7`9y`uTZ%^UCELgZ&nN=0w$T>DNqO{ugHt
zb$-qAYO(YDw*G%(7sgUN8Rl`OI4DHmuR;%ZD53@a#Veg%WkSM#tW$7}(&LWERgd|6
z@ZS|Pbd};W2(yPp;opFM82$U{|Ld50zn<*^36A*Adj}l;ou!0w9aWa)xzok$9dUgf
zV}FTl1uO&SDDpdU|8@IGe^bim!V}qX*Gxins96>nZX1Po|JI)Ho$pbC2rJ@LPx{Ti
zjzZ;<vpRMAKC~{D0*+mZ1$N#|0}kC)U?3Q-{n*=gRn}-RLkx7rjA1qIhDk|s=w3_%
znsWeihHQry>6uzJmk-{%Qz;qm0^co4N5?K;uq1g@mk${{oR@GOE^e?$*Eh^|BBd-y
zEfDC*ea5F_P;v0Cy>r6Vi#1zP?PSR_D?3}QCC<-^g%1PN6(^4NajYy!m_SiQbg1jw
z0hH7@az*d$`?%X_MSWHQkEUpA4Cyjcb4K70Eq;d+gFQIA;eJr*xG!mueqC@q2kHy$
zK3UG@KlGiv)!hHV(eQ9@k<xqIpxTI{N2RW-<xu1}jI?sgn;~>e)YneRs#AiliX9Wq
zDW@i{6>>WewAr3XY}u10_#IC`0$c>8EAL9uRb`^Bnj5rP=2P!1toy!z*9X6v(cW16
z<C6CmrP7!}MaeVMoif6BfyGa%!FP8!bONPx^{hg3a=PR*(;8ID^O}&!lg`=sC5rl`
zss>M+?VCvv3SU{W(8Wy_mpBl1gMLm}2d-tV&<O;3y~zM!1~BkkTtPW=)`Id?IdplW
zX1}`M=GRM8JgGi@Fy%ORz`R_2My5c;@u3s68ob%SRdN6DpNRt^RUjb#G)QKZrIFLG
z7T(<8KYdn0HN+mAFn!+q_3PJ?K2k5mvROS>&(v+cGN3OGI5yR|AMy51|6Zn0e@bvW
z%IqMJ1#e+<-J19_-WabKR57FF#*D7Obyo~5mzZ5p?fgmWwTf?0jMme)uUANIH086H
z)Vc<1w9H51QzcUCJ&Pc_f=4Oezxk$CbDOV%7KRDm_YW;|6&3wo6v5_Pacp`zz%A+K
zVT((z8)c6|{#fzhya`*`J5P2sg^rS?{U%na3d|NgeYcSjlOh+cFuDD53@~J7GG`HE
zkQ|y#=jS`bC}p07wMY|eSqIv7yRjaYqkSHYtM=>%g?S0of4sMKK&HMVeKaqMH^j<r
zWK5EHE%+=wql*=4)9|X{0^;HZnEEUI2MK&mF3wgc@8B&KjduSU;buKsPMxsD(HuJ`
zwspOs{jT2Gt?d%imK)Jmgof+242()IV)Khz!wXyC^PrE_L(vX~6#<)owktaQm!83_
z>WA0#=<^=gs0r8~B$K>i&DzeHtt3thS3)*PIT4!Zu<m3hv)Hp43}%}SKH4@m><5wS
z-py7qw>vhwt=7nYcD(0>8%|#IcHY-_$gvmZoF_Cf0!NAR^StiZ2AsxLB^c9UU2@u$
z<e7GQ;=*#S{k#&bl^`wGz@t$%Nw71cv<8p7KB-*?e+{pdPmH{L-GDWvJ<U5i>6|$*
zBvY?<vtiNRkvYR(S8w%r%Ng^n_=dZTtL~7~gkhye=aqS8`Gqx$?7(`E)6iR8+@0i-
zjKjf^H3kcaL5zK9nNlZA=$s%+<%4^V<f}w+drp9@UFT_kl#J(NE){^y9f1ce-~a4?
z9z`ZU%lR+444U=HA@-v3kH(+>BTI{|On6gJ8)vRT?J^L`8Der0cbi4Umjjh1$_1+F
z$mlUvO+tTU!cwEJO0u@Kt7=G_cKI;MU8i%wrRm8dSr#^=d)`<fJ4AjKef#FZUx=_~
zotBI&u!{C;?y;7%(y|H#_$NUed}h>EUdVP7*q~}TWCPNBGo)13gT<82^zt*GNxeZU
zi;SIw`lE)^M|6~1&)_R;kyrdUF#4|Oi@wg}<I9H4mmCWBxE7XLch2~@R{uzrzy|w*
zrbLO;dl$qDJMIfpUmg&aSE|SsY5&DH|Mhup^SEX-abIS+MYg#AtE1ZS#zmDki8KaB
zjXo2<_M)#r9N+g9$=f|W_#~$OekO&^SAx7<`3+Ip^QN$|!(IV-d94UXgkvUyt*~zA
zh$-`=XNu}$M#ZOduT;ADC@7aYzn~!t>>OghbHiNk_`NE-Tj~?qrX@*o!}_!WYiNx%
z2P|VxS1`l#Sc9|+8%>oxYT1guQ#hr;x{z61ixv~N?RV=jOF^GvrZtKzEKFSaaV%aM
z=G(cfMf}1?<GX+n7O3?o(7oaLaxw@SXTLgDQ1EP|Fw%;#wFkt)_OFr@nk=opp`rCr
z#M^fO7j2`qr{&^&+L*%_oNvAii7;`1pVl;Z3)xu}m>R}`QUM~3K6He7MkoWeKDo|#
zxM)+b%(Mt3?hYU_q8F}(XsDJpLQq=Ayuy~59JiS(%Ze-y67(B{Ty2=H8$&py49$H$
zyxe(EvEr0E<ln4t5Y$-K)i>Q=EVG(xg0X4<nE`|cHS?R>)33UiF5Cp~9QzDS4_#t~
z)vK?EB(oCNuiw5EI&wDSr&*q<GswwD39T7=Z>a0P_`G~kDzq#JtVr_7NUSswOU~==
zDmduBRF~B%(nv0el?a8VdRYLa!>gQn(*}3+z4R;~epV`gq+Sz2sjE*OeV#6PzS61b
zg}*!kbNB*oGaDo>_>aL7VI?n*TsXd$s&X|SH!ZMl5GZW07d6Fv&aShTNq~6Y?%vs#
z&jm$I9y;VCdh|Mh%XiI!>zj{GDfn{2vtsI*molwf0NO1Y1ZF^j<<Jb7Wmso1b5KWi
zL1<{9YxkS)jKndXjrfU!*~xah>(+Pt|M3oI_rUS1l#NN5^$Gxl*j<aiYnwxQQ-zb3
znkq`N>cuh-9v7off%mU@5(f4jPx$qrSjWp;m@IiudrCPI5V2q|Dm=Z$koc*U9yh|A
z2Y0Y4Ibl`=a`i#2^qP_jUFcCsm@(A)`#72Ab1a8?pEsXW@~4&XoCKR|X(}!_muT!w
z<k8>(a^p_&+Q~6Tx_Y4rz|C4fm_**<2x;$4fW`d=<>)Dw*qvh`Tzo1mOG)`6Sy{{v
zko1vNrE)nZ#MrlhspIdGLf94A=|35IG6^QH`ezF4wjb_9PDaZWDIwxAG6Y!=U*EFA
z?*7>{sS>knuSh(dUvO~hpd4LuK2Ku(w7HBjR|2=Bzp?y@Uk@TB6T~gL4YKJq<*77X
zkvS;Skde;YYCL#8P*h2M)?7vPmDGP3^C!<JJEv1awJ#q&95oFD4+|A$*Z&<b#-`}n
zrL5k-V%RKV;O}b(>}-_G&G%Q<w|7W+wc*deKORtO<*eRcdob63>G1<eO5#dLbikO8
zBv8^h+CS0{By(vg?Q9<N+tOa_lWu?7Kb3O3Qa#E4%igBEAi?x&I7;GoP=NpYjzHz}
zFQ*=6<aqs;buzW|WXiZ_TGlt9Wqg*hu5i>XGm8z_u56PIGM8f}IcQ3z=H<x2<z|^c
zHI8jLJ-9<!Kn+WOY$$7q2!~98a(Il)^rUoGNnf`&-Jdf%MCpij;uMt*vvJy|%^r&r
zU<P!UtAf`fk@nT)5rp^DpiV~jv9Pg4rJ%++8m@s(U_)N8B`tn?57(F(oP9{zp8Drs
zy|PLXUi1$$F4YttDYWSP$nV<!hmplCCe82nNa7)hcc==)ik%r*Tc(~+bqIIptD6)k
zp@Z3=UNon@Fq8u%>VcY#*||&HD}@tYQJbAyGlSP+iQ%2=SCf9btK-ZsJMmuiU}U+5
z@1LOZNDOLRA1I3UH$L2dX&1W^6=^jf35<U??3A32-oJUu-lEbBKDcAwc(U5c+I8ah
z?@XWbhQ$j|`Tld&!!Bx$QgZ#^`v<5sNmiGgXjxCM@vO5|io6BXku<6Q?XVcNU;cfy
z0@*qUh&&Z?|Ni3gMBgszZkW#yDP7A4qJ7Klci?>TeD@lkdN-|B!%8<Z&)=S`hpt+~
zz0gJ%3}@i{mu~1B9r)I5RrE#_*qcpGo-A#}(K+kC$o+T;@(dU1qY-61JS?4hoLNom
zY+%HHT*>kZ>S375&VQ30*i_uGpqVj=tOFL9Njldr1aB1E_n2l;E^r+8j>YHeLR7?^
zkyj=l&JSDEqgg`Xy)w1sIbE<b=R#KvCgHCki;9E9X(_Erw~i3I+G}8JZKkSrjgr)q
z7wS!wfIoEp=g@fdF-FS12Uo`BPk5Mwe#>Mrbdp$3EKhUC=F*!L$VkMz2t)6Tj){q{
zjPa13ZR_&zIG`VfyjE*3R2jQM7)O+xr{%~VY}f1mYT3i~lb4PX2pv#dUUH5Em)>B7
zzvAFgrEG<$v|7`L0N+(bZ3j!A=;C^x4>QVzqeGq{be%ebq>`zT!^|K=n_%eBaN`A7
zoC724s5wS<_etiXR&hd9xwz-i)k<1Hf48R?xa^8K*)I5@7ig&q)xFapres@QwY;)?
zGMrYv06us#A(MDZrE;zC6rvZ`=iaEnOpFvZ%Wx2@aN1oV?TuwReU6C6XQba!sRC3#
zLP&USxz=qqC`6!CrLD+Q%I8w|et1|&xHiij;AVU2c6QwL5*0sMbx(!rl=K{FPGKhU
zf|rZ`0aX|$AK&ub%|-j}ybi;ab(s~!`!)Kw?pxR8H7c6X0Nwg~&#-jS-q>l}^A0{<
z3GpSupTbBx^{K&M1&@YDG#0JyYsN)aS^SQ)4#Acl-cEtwHgw%yj03SP#(dPEFL!Ms
zs|_mUxXI`4NU+mevC@l`>C&=wBCj+L?=)v3Ickw59_sZ{oC9moTH?-l=emtJ=ACgI
znQbl1F%7x1E}wnKm08Sq;f!6o67`+gem9I_h1p7S2*%$k1cWI*DrpKm);4a`vTgDU
zI+C3TIPt-BZ)nQHv&m`AgB@wjBM$2!MdA5PMQP_%HR8)g^hU^1iaB)EbBW8!?Z-Nx
zt!duiy=Cp-<1Z_aO~Rx=CJn4<ZI~`3-z-$tVr8JwtE9~sKssfI<mxYu7OebHUM)UP
zcZ(RhJ&B9XV9kS+c{KNQS?Sm;a(u{FoH)=TyM9(Ur%C6xC4$Ll)^cVJ%0iV)Wi>aE
z%zWiiY1l>g-pe7219W1?PcHPBXNr{k{9<^M{M@fdHj870$$8f-bR<E3y&viw0(~Wa
z1yeTCTx>P9U!X7v*oCWWnU|bfFCJ-$og7>Y4X_Y3AGY9*cfsFp^jUO;?54>J+zD2K
z<P7&^X7AA0FNbxX<VYRg)#ngw^qZ{>Zy--Cb+WAwC?@BB6~@IK<*tG<DlE{=!D=VL
zvjFmD+XWx{pq&%-PkBOE8vpTP#hwYEU;12fWmVZ=Oon_`pF<FWm{a{YbdN@YKbvWH
z41@l&JF-_(D$uNS3DK2yXL$e1xtSk5cN%m=Gy3bpawcqDt*QaCgJl(-?Iq%)d$}T;
zg)Sl&_1<w!lsIsvA{&cgmt0Y6d_?_xdjov$4yat%^c<kfG>tf|tO!i9Uz$flIl1o^
zosl%9fy0Z~@`{G0FAv<wHRan`!|4mR$k`!zofeZgWD-|8K|q#e(?ZAtIiAq%x4cu^
zZ>r|ZSVAj6{)7U_Yo|EID=jowPMMmX+da|K8$bF02|A9_)e1KAKl=G7xONIA5z<z%
zToi+8g@r!NuUhX*bmlSpsAeS>6nWf#NKbYP_;{mRV18w4nE;*akD1Bsc~ua&I7yh0
zwk&;SU<oL^@)MtffeymfO*H_%DRxF}Ai=(!IrjYS0epoDWPw?V&}N*Xa_U1IJq{48
zw}jl^kXxN9(_PuKzvDWOu3H5)bFvr@zEIFz<F3UYj)v6{dZj8+x1URRwSWq=GC9Fh
zLXXd-bmFUBBmI!`-5~Ts)jF@3yX<T56cUb1=LE2xmcKSu6)973*?8@k1Mhj$3=VTS
zz7l+tW;Rs0*a69!V$!KS2Fo`-uz*J?rBwnKuXs{-PUf%5((!kc$M;|t{MT@+@(==9
zmURALe)#QL_D>k8+gH!2t4qjq*3jorfiNXzIbExPZ*U8{E@olM)_>e~(l4B_O<b=I
zDKRuNLfn>ES8Mc{wSl;K*2!tKGv|F^5@uZK9{x;DDeRUy>)yu)aewAFO}0KF_;0GP
zKA|~jE%+~xn)ly+M0FnP_D$_nFfpA=(=Dg>?V0Ucc@arMnR;&Og~T(F_nuAceRIGc
z@6tnfx-g>>)JaQRdba!%kw%$XTv#ryS_5SelOFQ<6-<CuESYq#v6@?Jc%q~vB((b2
zbLK*w|HEKau~V*4vfBjcx(lnyUem)pxg$Y~V2EB@lE^FST=4cxpTst1gc#%hiYohQ
z%JK1&)GM_Z@tM4-<vo9R$!AQ2CGc25IOrf`VrN_m&-{`4C&a9;5t2GA8t~YP^DY>Q
zpMVhK(tQ1zYjW5`f%VM?X(54qG$5a^3BuoVN8nJik*44b0fvZLHX^><-Pz%jrq|Hc
zoY@Z1(0}=-LMdZX8To|rCU1a|@o~pyUq%WM{{Hk?b#<ksMyW@2uL}j+Ue1RXTa*^B
z;8#GyRWE6MD3o={2m=+AChQ7#_8ZQD?r-B$TpBkY3cM1ZELq&Vc7G2JUFelhm=0Nh
z>h6}hf{wfCNV_W>Ui>PYUi{xzub37wnF{0Xj*IIpEjp}?ylQwl`0-6aw|vRc4)joP
zKydxw!?LCcF&iH6(?WRcsMK<D1)y{%BnEu%O>U9Sy7Ty%gU@-~k)c}AK|eF=PDmn!
zi>5zj?w9-etdyjR%?bvWetb1Du8nIM$<!aX6iKi=cn&8oauAqTl4W_nUFH!AFr!o0
z&j#>G+u6I~@=H$idO+H^W+3vb#Fl_OaXg_82~<8X;ps#TS$Go(<XMS8<w9*Sixq_+
zGjCPB{vXf1MUDl;-lWTjlZ}Jl$BQ_t`%i3B&XatrFU!jxdny9RTc2kkM`2UGU)%(O
zxAP%CmUmN6jwPr?szh};;G1QW3Mv2G`dI14ep1s;yHa?kd3>cS#4B8qv)H&0Rnpy?
zEkD)QpIX#Va=NAh_cr_9yhl-_`-nCO^^R_$AlO+-P+{}cK)T!3r9#a4Qp^x)go>6;
z@}Y2Vh7$X~C*(s|J4YjHTlPMG31K@!x;8t?%w}S<6G#FAo6AQq-n7Qao?L{LPxTT%
zr!x~j7__%OFicDb8-}e+4Gu|NxHDHI)S8ziDMeUCeJ;Dqk?&6b^S+oAcxFXR0<xw4
z8t`OzUOPS8!OFC7JZj{h%w0OCu4Fot#WR|%(Idu*;9Sntkgzq4ZXtV+iAHaNjGw?0
zpq!X-<^<Mc?Hrdkt>Fk%aY**Up)+yulGg`mJaMuS5B9&~)6bT=In|8%Y`P*=C)lue
zi?jqgyHo3&6!SpGt~doFedvbGpzT%A?>*C9VGEsHA&gn|X&;3b7aIo*OoPy+kZ5p`
zB|<yJem*ztN`5)yd|JGhWJu8ng+-|xf0@fSV2&m@Bs8)-|Fwi1E~_s<Cv^sq7T%mS
zrH6#A-o!n<+}UK9c|2=@(d(v768hY@(^3&DAvsJwa-{{HlUhZarS9T%W(Q#w<1)GS
zRl4aO1-+FgSmNFrwB_e1r8nWMM5qB*a~Uvr?ch;Idfq@NRAW!1S}P7A@vI$9@E`6h
z`zlLfl|Rvs-z5esQE21R2~5rlEeUnIb)U*7_X>M&cnQc$t1xBuLT0)<>+(lOoeNnl
zuMtkZ+u}Cs^hX-&4ES~PV~+MydB^cqdex#L<9-4=UoM$~cZR(O6|k<+eIXexr=o`>
zv(hs)6%PG+QcL;WS<RI>EmW8ATOYcr+3~(`^L#D`IIcjK6OT*?_j4l0vyhgi^jV3Y
zoFU7_BGjk_t+T&xd6FXuDGFI0yTYlvJDGuoN+9EtcIKU>+RqD4k~ps8mz?XX&_~QK
zc<zekg#6(G1iXcZ<ef-oYrp7FCat98hu``Bk4BzBDA_=4rrU%Y^7$wJs7(#zB~YEz
zyRn>|KMBp+c)Bh0My^pV;(^t<s%7GP%i7iSr`zK0zD=I5Sm)14+Ur)aHw6>FXpLmj
zyTF}9Kb}O_Rk^KM_zpIypii{r-31rp!erustd6eVRWZF7O~ITJRUUvF-UWA$|Lf3J
zNfTBV>W0kG+O8*VO$bMruMaeCu0rOUB)#gNZ<|+kyiY7Wq7Sa(cJHy&dV9W^Smnkq
z^j$8zZLs`pss7Wn=Pw|H*Uua-q~)^|N^J02a3o3brb~C-YZafV&Bs;0O|ZMfm2)rn
z$ZM+m+hvSZqsFdx70STotA}xSz148W;@LEZfP#Yz(UrBN;`_H#b^~-ywt%o3*=!1R
zGo>RERi2$ChJjtCiWcSm3mKlRX7Xz0#v<H7fmO~o0H&Ds!1Z-|yjxG8UB#PmDT_;s
zmg2wD;KJK2J*;0!p>a&Bz4fxr&PC19YbLgLZfTUgA`sFp@E3dozA&B+Q$xpwdis-T
z5B69P+&f#!_01I?o7rVL6M@-3&BPtniW@vy3pcLq5lEzYh6)xqLBZ<-f!Vv)1?xK0
zB^7!m@`w~OWX#=`E|_c&9+Z>%@;(LAxOt(M#(r*^KemB4{emAD2;vdWGu6COuRKh+
z;f5b^o{mS<j-aOVdTmq%s=kx_(5#lB2uMJZ#3}TQjk+m_JlH3bo=m~f$BPcn4+(JZ
ziwZ}AX>XuTsTk>K#+#?2UB!|IJIdc!A=n`M4BkPam5%gjQWhvfjm=G&khOP(N)-F9
z=jcm`3xp8Pn%#<KpHNwQb6eWidRdetR=@8je2VNl`(B3eC{o@KZGV*27;~gR#JxR!
zG4Fvf*RFpv{?ZKGkBME0?kunL=wVvbRPUc`yo7JGgDr%Tx#aKXz`&zhi>G^sC)c?~
zP8w?gEX)(`zYU+vI&DuIU+2{5H$QQ)YIwQO4a*a*Wyt|8XjEfyS2hd6q12pVHKa^u
z!JVZ<D;>L$q@7UIE9mxoOP~*C_-AM21>r|^)(;P_3wCPuuwtq(!I90M-7W#tJ&ya!
z3O&b?1PT=dlk1g~wgg>tGGtPGCYh?<GJzK|#`3nmyU6eCRf~r@lnE5aln~Q(4X@-I
zN;>b*NM&4*1S^N+IJg$AS-jK=N)SI?U+55dzjwo;t>gXA`pSh^`oKqpI{Lwf{B`5J
z_o`8*^?<fmjaEbM?1R~F@6EQWz<_b1>asfzgiMByiU>yWx)});0OUPe*KrGrNE&}0
zjW;jrcAq3PJe!j%)nL0Gv4Y_?>+S`w8(TICA&2Zpe!A9^ffaWG`Y-Nmp~n4OF<c`J
z#@;)fk$cWY%~!zY9eQg3<#=PakZJJbHbkDdwnv&rUl@|U8OkxC?Ru~j7<>)LIA#1B
z3SpqUXm0b}_wKXIpMg?D3@safnfPeDTB0=}>E5d{@h94?)(LOqL?WV`-uuU;bbYVZ
z3m44#`HiL747wd_6KNdTj$C%;H+{(fLce-uQ`3DbbXvDH@5hf%*UzVN`}^+=PTT9o
zC@<m?19t{`5QzDBSvBPK<Obwei3>U=%x!od$V(VI=Un;!@b=zOO)X#8Fjp^D%2g@S
zFCx+eq<2sdkX}OQMWlz`dr<@wq=*Eh_W%h=q=XJp5a}Q!q4z4GDG++#i`R1R?_2Bp
z<6G-p@A-qZn4EKFX3xw%d!GI5Ju9~TQL=?zX$qXKc3Llkg_w^QPzr(*_hcD)8!UM~
zMROVq>V??_i@-@UdoQ4UqetP|CTLO?dP3(YE=xmWZcYoi&EVzj-!t*))>+c*{75U<
z*3)0%2HixJ4w^p4(C$+b`#|YU@UrWOse}q;^LCHcK96;{r(jF|`y<Llqx^+_gP~S;
zf<{<+IVuOiG6+9lIM17B(S|W<;iMAGRBVtdNStZ0oC`!orPpg)X~~4E+x(oWK#lq-
zq{@<px_bZBc8dB7e|Fc3O4RfJapkTbsJC_RvO!X~Qvq|_xo79JW8|01Zm9b~HD5Ob
zZeNs>U8jZfBFy_xk*wLLY?M8)=U#WRb@iv^Jln*KKiGwawF|jan)VFkpnN8BQEJv0
zy9OBX;Bt_Vb@{271F}-H%g3JEb3svSs!kWc$zUjma~cFhM#m5JN$eV?=q!c!f7tXe
z=z(gf3BP%hlI4HIfBN(aHx6@ek?rQ+aS7nC?$ImEN?y0W#Cb|MwGKbI#nh%0YL!v4
z61;Rr(Z2gK=h9;C3$iFIZ-?Nen}%cRLU*o2FBE6b*Bu!4*iek2=B8dZ_~So3;g#pV
z(!41bdhC&TE9`?Q&0jb3^yN4-?r-{fb+b!hQha#L^!1QY$~n`P%DItO>!{RiS#eFP
z8rq2rW^L?@(}<5ji`~xqveD;`W%DK``iFL$EA6@w2Q#V8$U+pO;Xv)ZAF`gUyic01
zZ@r}Z4NgqTi$k5@ygNfLqLszXoX*KBiNgrJeSR@j>wx>x`aZYWA6#ya&LpIm=2>H$
z6ug;XC?9r3-&s}|6W3|E_RgKPHXZbEmRK-YKTo#Lr)c&4QT>rEQC90TuW&PfC?_|D
zbc>?)Drw`%)F8;NLE1d;<W-w$gl@Xnu{@-eicWzSMP62a#4UjJ8hKs)Y$Unx{!$^Z
zI83Gt-)&7{mpzJn{yen3iOO&(tMe}8h6=-QAu7i=TavlGV@0JR-+v4lnJh_tQncEG
z@ebd*DK5q!ZqU~=XIgKtLD#KsG}R!H;@c-a#woSn&pZ8{A@a|acg4nZoUtt_Cgync
zuiG*l%|3v&bO!YvZepK{TC#|e(`s><o(MQ6#}h&|*rv2ed(W<*y-lMe?OLBYz!diu
zjtaRcAIspAJDt&Do;fUtTOXMItgzW&X;f3rkHp|SAnU4zPV;q4g!$MM#kKo_#d!02
zr+|R0oKvi(j!_Vgj%ARk%2>ZQkWDGaa$C|uAOnHL#<s)?<g2qO^$VK|k{W})L<yUm
z5>zJ4M|n98_+tpFhSMQ`2)K$panzIwNng}QnbE+WwJB<c-}JIC;;vVutNBSn@yG|M
z%Td|t!QcI5LL(TXIYzx{R8UBR<LXx$4=;TccaR=atuV+F1x|^V@o_xM$ACRjXLZTb
zgtR3<@xv){g*`Po#w<~$MQ^mbs<(hAVKFpja&0y9b$>oAYm4Cay?IZ4ztiATJ}P6U
zJ$!fTavVx<A|<^Ua2C8{Hg($P3N?CQW%F*rdu^=SyvtbG7!<|xkvF?iW4Y|SbP7oQ
z56<G3>C!&4j;kd_U|t`JF2=&+l{;TfE7upUL8MRVR^I`<?l^5tzY(U@Z>>h+bjCW8
zv{-U2%9;l(d-b%kWdn3qA?lWFBE$%)tlnS(|A#A-^)Ebq*+(9Du1|<LFI#nIH;*Q%
zrd?~Ok)3uF05&QMgTd*((k|k6#etYs?_bN{!IFKvwVrX|%_YHwl~I&s=8*byPlbQ8
zIE$c7-RdZkl1aUyC2!}gxLap#%OG?-{)u`^x)qhnwLTn{Z|i=7g=zh=ag>pup{x=s
zYQpK`!W&USS$}uv5u|eX41z189l08V;eiz&wZKPj+0bre1aG{RGOPCU=IIXGFhgx3
z%PTExfFTrJ!;kth>z1R^{anqz#qfR=hTf(Xi`E>IKmwcu;8}fZC@C)VGa+>?=x6gX
zskIX4;r^z>KPcP@%${Jy9_uewP`|iTc(&PswvLF)Wh%futK**lJG2^~sW>Yu0B?XQ
zS(Z9LhzKbS?bN^OB&!`Z&0Pi7ZiU$=4EG<JaMFfI-v}ShQt<XVe*Dd-1EIwSF&Hg;
z6XZ|mr?l_A3(pW&YV2vzwHC7j5W|SL+glGa_ijjgR=%1eD0_^u*ct1*yRz+u6yUe;
zLb9yr@gF&%gw;nmgQu8@P3Twj#-xd^!cX{uQx~Y`QY@j<#$>h8`m+EL8Vb?OG4!DR
z+;(^mk6QZCLJ7I_deUvBnmZP_4`?X1-yXEI%T_J8RayJz535LbEVyi(KO^wTQ;48s
z&c5<_CDuMu+(*Tq>8bKm*eA;$P@pXthb9#Em3?!D2DZY><J%_{Bog~ZWZsA`X`LC-
zL4*x8vEga-Rdm_u1xsw2*zG2QEI<2su_Bm*3AK;)D>4F8XuKl4KD5vDEI;R1I^V}R
zX_%}(<@S=`YsZ`N+uzFS?tgUiH<;jY;#5m*V3e%0na+Syv1A=4w8Zi)cYChmB(^j$
z)50+;-v_uLNJ#~jhU7%@#SxY@c6=6vyCeh;Z+fkd?4E_d51t6{2cL`_4eS!@X``ZH
z;}rGk*MN48#R8b!`j>&Y1UhnR#(Yb8V39>h;V$5z3>Ch^!Sb`tVHN#NdAui3=g<&L
z@za}jKmU@1^Yu0>;#QMdyg7v$q_Q?753L}sad~XT9drjdavUD6S#?A3UD4p{yt65P
zbjxU}WoP8-_+C3H4m|vFpv3YN4qqdKEiCY2P?I;BEV<ZtyhPs2RefM3u{!58p?#5V
zMFiY%Odl#68cIv?Kr8!bQ^?}%Yq(hWMA!UrT9r}NOeSQ~goV;1)5oCkN_vNZuvXQ$
zjs~BJfy03XqoIU^vM|8t3)pkOY4EjTf5XDt)aH<q94jxV%bIJ>G#Zr1&SCq4wZ5u&
za_8Cfc@ehZzO#(N=j8?ao>`OSZ1O}k8R+ESP>@ZhLHCxR^JJWcPf=3s<Br#yL7tO6
zM{=C|ls$~n#^LCeFxtZ?S6-*N+9OVdzp95ZD2|5JdBMJICyC%`8@&I5NJjPJxCGkm
zM!_@V)yr|axfM#jGv&m}75LWb_28<_7T(fNaQ>h9rLdyqcY$qnH4SEh)2CIRG$$c<
zF^K2s`_8k=^$km@?D*j#L=y{FwF6NxROHZ^SR<&B`i`}sH9RWSjZcYjZb-jbngxqQ
z6U$33P=78EvJsn)U52i3WsldYX*h%+c&;v_r24mw!f?$&t9vT6!4)P<j=N~9!S1>J
zwML>}x=Ev$&B@=yy(L^j*duq8J2QgJsAMSlIxX6_*^oaSNglqQ7Wz4+VYOix=>FK2
zZI}%MaXgej@^RNR9_`|bYWOp`Z;9S-$uV3iVg{Zp(`KCY8T8Hg@k;zv_2(KMooL`g
z4h$Y+p)#R}D<6hl`(V!9R+7dV>Q)!l?A@?8re)`nU1W9)$9%4^@d0++jB0RL`+^Y5
zIL6ub9qhbdu8GEvb>%Oi!THj4(y!R-OUI_p1~D+zFRPp#OQL{kry)s#$!BFHM5Bt_
z#K+Q_TrDY{4qtA!xM75GQDB_Jm(m%njG!GH$RIzIKZ=A~l|v^`nN6q0kiOi>g41xS
zkx`*Ytk9i@ZYHYL-UL!ah%8_&Vcbq#*ahXgQKbWQ2c{<v%R&P&Y1~p<akpxsl|-Ae
zopDYhnt+q!vZIxG9YVRgoR~9CQHxQTTlBrErFf&h4)f5a79Zg_Ly~iBAY`I_e!`L(
zO^6t8usQ+!H19o}fb|p?>ASw_rEzhs!P_Lhd>FgjEtIW3z4vB1c$=%)zaK)EJKV5B
zT%kGIBje}q5xQ&5xHoPS+hCI=Kfzc+&PLR@D$iRj;+4oyxX&e*X9)Ia8#VQRF?~AD
zJ|dIzxpo3$n=vNc<d-^aB?IdWo#cHNPXDoY@SAHKp|7U>2=ca%LL)+2Ui1Od{D!$T
z@R4>5PaG=t&wKRkx?kUqh#uB2FcOgM()0K16l%0FGsY#WD{fAg_4iBUKNof_h^^NO
zGZ$o##^mFd)R$IWAz#mSPnw#$#kK6#%@Aeof+N^leia8mN9rELP)8E`zBn~L(%FS^
zXZHz<$#MK?bIsSBo2h>j4pvrz7REpG>Z5q1e%f559UX~@?^2qP*2eX6+kGTOE)Xex
zcLGM)6FbqL<UGYk7>(IlMHtc=Gye3W&prc!kBhl=YJwP#`l&O%o%n)SAIqG5YMO&4
z?MbZ8h(Pca+F|rQ3)7eI@D)gSA^q8~`h%JsvwP;xaQ3}x8N?|Vo=rb6E#0|oF6g);
z@M!ThJBW7ObkSSP{2UEt?T%cScQ9CqQeR4B5w|K%TtLj>>6q^NYYZaaT7T2s*bB!f
zl=O~ZV`R#n*%yHg&JRz>#$_@l5;eVBLNp@_LVUvPojVIHb*99uYwny`VVcCGdms(3
z*xMTG-G~7#VL|(>ghYZ7yG7qrzX!mh>W>EE+#0T~JJb~t8_(XR74LTVuu7rD$VmJv
zHgHO)d^=&iBt|~BaNrD?E-UbWUf`8da7!jaq0)<wl`^e{QAkvUUIE{Ov~b3JVDz^T
z6uY{^YdcBz*m%*TBs)4WH?RJx!pO{o#psse56gv&cHo{?RVVP0-g#TLK`XT2$S1iN
zpSw5`W#I@kMDlisQzdIKWO%Y>6`_5JC5DTSyw;HZ5}HGo*wlo<zP53O2;&l#V{LBC
zGHg~_4>Z*r$9U1O;(1$6`SbX2$EjgS7TFvqbDLI9*oQ0bqmTN`!~k-+_-nmOw>cfx
zQdwf-W{@0eJn94Dc00R9j-)6mrwKzX=U~I`S~_jck}gb}mVf|o-4|_aA5Dcg)8Z57
z;{Nuq;jX-Otjq8Ni*c21B!v!2<rVwVmyZbFBbzoq&f7T#8B@3X-NU1>arz6XaI9px
z7oxcmdLWciXs6?Y{c^_g8X&Gbb(~Enmo7m>aVTGQPID$K%c*Pnb;{i{pv>?w+^?D2
zzU|t0$*-7ovY3Cu-+AllLly-v<P~$*@?7Ej&q1-EA$2$tc~87I#ScLm$dFj<;DSho
z`(DyooZ0Gn5$HsU$m+a%ukw3LgnlzZ@-(4JuPGyV`{z75L8$94KaDH02n`a0{Jk>F
zWbIe32(k$1KSkb>*_EaNGQUU}WNCCxe@4WqEd5KtzC_|62*hGmQ!q}~f5eB7niQeY
ze@_cjzOGGH+EQ8NostgbuwonN-u#|X^`EPBj>Mt&(0ltU!k9#yrXg)==-W3vI_)|C
zWm%`Ok_gRl^B!+2P2;;ae{pxn>L~tlJ6HGEuTd$Q-K6Z_+i4?6{UG<2%&IgEWcuA`
z+DL<Q@5ybNe{PycMDo`py14nh#wqs9c#q#S76Xd!E%+#^CACgva`|8SH90$}sSnlz
zKS0{=@ivmOF#fn^g&)*io_+Ri`d?W%ewW3Iwz(8sx7np%_mxWCzCkLT+DwWk{L9KF
zzcu-%uDx~%PYH&H5A!P#C0WFkha@6T?>0=FvamAv*Z7bLkW!G6b@!5lqk{Xly2sxO
zU;XE$cBD{*?=J<=U3DjA)ckSfJ$bE7#(jg-S+##-CL*qUCk$yaYnPN8{5$6A_Z9!h
z(=`5-y^%C1-}ygw^Y3JA|1&0Fl92D0r9--^f9E;P8%ok8;}#>;5oi6H)cN1>6{P{U
zX~@+3HXr{-_<^qqJCb|5H-8g~$jDMY-rUvnLs3bfgJb6bWbcdpd8L41Ez{tsU!<kF
z^4Ao<#X(j|_b=a{)XJ+QLHxd;<iB>u--~ePe$Rf=v;;l<ceu&!qwfC*F#6}wJk$Ti
zap>}sCfM&+{$HqWG&cC1hD{t}G#HT|{|zGEp4sk(xz(!MbE(i^qn%TouSQD4-{W_S
z$iyrw=9V!W@M1T|S4GvDPJ8Mx_DCOIev$nZ%gv$B{dANYF5tA_F=>BX)qkbqMa$%t
z3QlVjg`@#P&CGW9Tw-po=I0wm9i<^me=h|xvRHknhj;h&63AUon!|veOG=b&6r@+`
zy+G&dhASZx<Qi8w)F9uh6d1&QdICYRV0xfJ&Bj+~ez)=cSa-3Pw@rxKW2xZcs?Q#k
zMIQhDNT#m8$(amDmE3K`iac1p3Sjy3KVv8`&Y6BD#*ewXJMjB;WFGn5viuuK{d9qi
z^rxfiVC`Z%y3@C$u2g%^nSel$-6?eklSX~zbm{t#%2Ofd#PujyPyh-SszVLD>Kw=>
z4n&6?r9w<Eti?~5_EcqMBIPwXH%tp>_KwQ{1IFZO!Yu>REf#Tf2rQoEqVH{fRl@<Y
zC<zy6PIDs^z(UQCR)eAMy(Xc0cHo#MJ?)KD!P>z8jf<%QOHDR;KOQWbgfyWfuHK-v
zchp1{?8Bwz>{&@RkNK3&#<~84b_%lyyj3zq_btJ*$GDmXs|>G6P@BQ_Ch*7!cwTw$
z1<-@1MrR78yA@iY89a3h+w2@}K|3#S+!bkB3o4cm4zH@2_Na1mTS9L47xqNKYFic0
zFRkg1vHVtdb-UfnZf?A{no^3|)RedUCCd&%otfJ#d>O@njqk3+GE(ZG8aKB<My>YR
zF-n!Df;(ip6e7N`meV7N4Z=oV@MeQ)U-M4e7km6rMS9qgPjXA9yar{f`yluMt@m*E
zHls;fFg`y<ATaIs;6R@X$7Ckz2)I<@l3BEc1p{U>y7H$KnvoL2s%r^o(l+7*H|}#!
znJV$I*qZnwn;_NBj-*}yj4<rHV{7S~`^lf0`<@&W5JMkc;6PvJj9ri@E72Jb#0-ts
z_F_4#m<^GcLEYv%FvE3uXv%xmqm}c`KrR_QzA($YT#4IXJTd^RfB0exFkr@E5&hG^
zGSk!3X7^S8o{V<Wnw?VpC3sL@qw{VO6=>Ei3pEAyr%0K==b{|ft`(1+qnRi}yREZv
ztmVvzx%PvIzT8@LXO{>~e($11zw!Mwo!%{3{Xn7LDqmqffp=^Z8u8Vbz&NTyWDHu7
zcUTeXJDxpHyy*dFjg`+c(U5Q+=whxPi8ZK&AqSK0oK|+{XV0Kv5~<lK098UR*J;vi
zlXH#u!Hx^OM@>T-fR15-k#QP9-v)%$)5ju-W-OF9Crw~8W)Q2?Eu#VFHOG;1e?o4b
zP{Y|bXI%ATl<lyeR*);yubLG`e?cNiD>=PEM<dL#yf|}z^-%^-Vx9+TW6Y{eX83iC
z=bn`Ou^1jAL@EBIho6(JgWJb+oS9|pB-37SI?pvmn+Jn0Y!Gr4J;=xbU3(1f^?_%d
zq@Fskm8NYv3Wh5s%V}G+Y}beNfeK`D7|Rk^lT%1pIGf8}as_><Z*1gy{_v;wo1}s(
zN#oDWiQx%0gba!FYd@!e#mSlv6uH=st7v6U7${vx#LYb8mu|4mxf7<KWp#0?<ji@A
zr>*v-v@)@rXHA0C&vSpg*?BwcB6&NFlyqSO&>Nf7zhEl6BjI~90QHG_=gn)o?h#o?
zyOrip_4%jx>F_$0=rNxs9bSDI`wAOs^=dknHv*+Y-UOP*IS3ln!lLnA*IFvsj+Csl
z(_xnpAA;PBi_CQtUIR?!Z4z21d~k1>no}B%{rik%EpqK@Qf&My8Ld1~4M7m+HKc;`
z^oRoQ?(0F4UoSXm{d~{v=JR%G(~?L;i*+8p0m4H{6G-BgrFA#0`B5VL?@aZKRou5K
zi$S1?mQjrm(9X%~QAoE7If-BtbkUS{Y~OHd;Y9Jw!ph8MYXf!@W@|jPWHy>rX&>#k
zDSbOeRRs0Yk8gK(4AcQto)zYQF;Q69e-!J6(R=_CcO)SG0F5v1Rv8^7#E-va&0}?K
z^^WX&C6^)pO@qHX*5K^vNSRX-kjo#AEg#EW^XNZYeY%P2*Yq~)bY4uiADP6F#@_Sv
zDuM&nGUzO_&zm<z%Q%HbG<j1w5uPa@ZK*mnthB&zlNhBzJ!>z4(Zag*J<!@6DXI=<
zhYX-VYUp^)2qK|Eyvy^^#6lG<R$7tPp!&Bhr&~@MdnIYJ#SO~?n<^t|aH`3H%|9QZ
zD6ZRO>0%yzS}WGX-BZ}nY8G3gC_`97rGBzzOkzV~oyyeOvWkU#_A$O2wYAov6`X>D
zrcYA3qd-i>?hw}@Jcos^*0gACLS$yO^dL|xxTCux$zbsnnu^??1)<0COee<4WTFK#
zITdXh&kSdpI9N1PQ4!Pi=>N01{>e*2zeL@w6O^JBU`{T2wZSkDSU5N(RzwVHZgGp7
zzn}{B3@fxxm7PeySrA*j1fg&5b8em97ctr#nZ0<XGxB`NZM4WRwg!zd2;b~ANb_SA
z?zM&I)M^HY$T*$2o~M12CL|tv1$;O|E#^LGNNA}q4%yC4aK1r_Zi!=TR7<Xvw!~?{
zM$Yn3696nM4(XE9vb}%L)_8L9#$S1P^K{*!7@u2XJaI_$xw!HEd6?;Gbe3we?@$V8
z#66!1We8dwx9D~pGGI-%g{&b_GT>{I$}DT9oKoPrc?W)JR;cq9Td_63_wz3<0Bk#_
zk#RX^L4r<jq((aux9(#feCmAL!6^aoqL<~!`c&Iwd@}DM!aX_Iwe;zewR$|3Nx^9|
zcM4ms8gY(Mg<CQ>vS!1()U{e!%`@2NZgqB05FBIW8ME{P&bRP|b>oqrkx$!aX#F(z
zFV$bSp7P_nC)5E605HWF8;S7tetv7Iyk)k~s-=<CU?E{_ac%$s6>S1_ZIq)&jC_or
z?mYPh;17>m=iyP8;Ph`x(pfMB&7H!B%N5EWoOkZwjhUA?Ddu3UU}Rm(e}Wh1Y}2V2
zd`jNRQ*wP_pSPV;pC$8%W^@EdX(nd)c?*ULwMq!OxCp#zdXALQ)abEH+_Q6`c12u#
zW9->(qnC86Mw3M7Q`)Ui&h?$i4De-khXl9F6oxPQ$_l%jgqPSkf{~}=Zwiy#_;K%M
zUsn8CX6M2miuOWMNt!`DEiabOQPKb(%d|~dJz#~@<f^{`wAfM1Z6k3{24=_VD>yY-
zOrso6E91vgh99ytQ>61uRC_rj;4Q|?eeWjs(zs5fb4TqPb$os%=cV^>A$r?{4p~>I
zEe3l-zn8nu2;P>Adbc%G?CO*Q8oZ-Iel>_P_a=%$g0PWuz8in-@BPo0+5?CP7Ejfs
z7uy)b)XVLc_`=QUW5QZ$K=!@0PG6lSsxf?-Rp^zbKd>&4KnD0_s(;4DgF)!k{MK1v
z5U)3=qU^<2{bVXG+UA+LqWOKeCxsCXI&#0lx_w~9$=G$J`4U}QQkHghLa<x`uHt3P
z>Et`L%R~??-#gdP{ZX=i6%1GXf_GfxqQ{#UvkxDfN%2Ggubt$5sf#rM!QCAmyc}{G
z%d3|i;FZ}E4>)QKuqO8s#myI&gZl01l%ipA{W)K8x8m5Pw*ACKFexAjaNX{WspB=N
z4j~pVV`rWz?CQzjyw~QTu<gy{wx$S=$*+caNOp%-wQP?^ge$>iSzXdOw%zj!u*oNe
zaiChK{G+&35H3~J_seW?Q6Cd(%EU;?Y^2*l72B(;4&~{1olDqN2$Ncol3KbKnv$XS
z_-@t@N&8ChYpvR6r0N8j@bx<l`AFM7wByF4Oj@+kPP~UKd47`y-zb6y!(&%<RjsG5
zZClYGvz;~;YmW1JrJHFNK4dCHWW?P6VJGJ;^94}9$g5iB_O3fTustSc`Qnir_~Ez}
zs5LJBdaI$&ls3G$b%TlEP?<Q6dYR<hC6n8hR8rEI0)`kg8oV?AoSuQ8!Q2Yhsl5(j
z=t-Pg=Fx#E`!*&F*HMM7u#L>$35Ug|`|UrW+C+SbM%hi#mH0MRVxe7!Yi`ol{l6e@
z=-=OeM83iqo0_+b$3CvGFQ0%G`RN^bPg(Lj$s1qMS#qxH>A@t4Ro1eyOfT-zd~`@~
z2A7cHQX!nICGSFIWf!f#0e18xK#w<eYDFePwt1zeXl?+_GMJDXo?YW$3!_NJx=uV@
znPVDZyoSpX5$r`X#IAVSG;_YxdRqaT0a^68?)77zgtax)aC@ENl<{Yl*q=LEhBpwe
z`EmX3@KfVji@`m(I;CS_!ZrHsZ4(2Tf|d|EcU%TP4=4@245_58wa!d1TZ6jGrClHA
zR&^ub?zTeR=czh{{x+RcmMa#X46ZSC754VB74&3_dp6;(muZJVf%+AF%M~7JHD76}
zu;aq7Y#HJ6G(w4Rjf3<LPY%i~GB0EtPN~4hULzFtOmP7ZF(T}FbFfcB>_f=Q<6A=(
za_3`_)BO5s9X#vxF{*sSHralhww-9;d0LB6=S~S>ed|5k5pm>(G{d;QP)@Y%bC{=G
zqy1TnqJWbnh?%xGD3c8I>e&odM61gwqtb*@9{W=cx)7)CIZ?a8^awyfY*hotWRpR!
zCd*`nayYA;L&Qx>C>vA$Y~^xHjfXFYrL>)I8PDVZQ4Fru{YVbcM#MKb>0;@$GUb%d
zG}g-Yti`h@D-^5JxOj@zP<Zp##X-@z4dyri?2f>&3|n!jRhkNP%Ngj0=i%I(f%B^{
zO$7se7z7OB&b5KM<YXT38Ez)~pVt{PZ=#{Ym+aVwfo%gMFr}|A`tHWf5Kd)OvCSG9
zVpsg$$gSoL!%Yi)JDRbpNBMXQ*yH<7owX(!VyB)pVd-ItJP5r8c-e@_TJrF!xUP{~
zR)NzE$d|9QuDIJD0V;-2ZRW9(zTjru*{2+k@%)<6kmr@LwyKI~irC>b5%drfgN3hM
zPtcXhF>pqR;<5jR0chPL-Yt6~T1-@5Xj%gm;1I1Cq|DuUON}-5B^7X+I(X5;9l}ls
zh$GV#k;?kDITXvbzFBE{yOCqx@-NVZ<T#D?Kz--10~P0fV!fDRVNMg!=m?B@0K=o)
z5aSwj&S*WeX44qU0OjoB)S#IV*yQqAffe1rP^@T)>^XetVMM0reC#9O?)5l?Z!rF8
zaHQx~8m;LOF(|t;X|g$#_Bv~^xCID&7#JkF3LngF8S%f`GK|J-2%m5G^4)}Q_#91f
z_;D9=a1rl3*9tb>IhG~nfYRDAR&$gxj_aLnc>R%`ru&0mV}UEi60Va;yj$Y@xYo6G
zeu~6L7XBly&?=9z)VoAW4eh1Q`8oLeSr0LHj5$i(q}OD~v)@7QQ3um*(Uw;z+NaPy
z6lG9GMIU&0p)|~(JP6BkZ|NPXhEcTv)O7*&q+lD#rSu0S2d&FkN#We<Sov^>C0S|e
z6*HSRkALZ_p5}`_d(G^SQuy?%2LrbBQh_U34&FUiOYVAty05F2F}X5Wf5BDM*RS4q
zvoU_t>PSktW498diJV+qfjW4rPo6fG2zYeskdbxI8hAlZLYny+nd-<^E@akYUOy5L
zmsk2>6_`_bt!ta`uY`|fM^pvz0+;OLE-m=X8mCOX9D)Rt3<+NipX{*!-L&V%&ghng
zf9oJEojRH;u-PAw(EFvQv3(i&26Of#+<{*M^}Z0uw4mi0>z{L~7I#T0)YJ@%6vJI3
zCH~l6x{wv};s;xxjufal%uM2Vc)o;?V3dt0d5KFbn6*~J=vNv=m82TXvz~!7exY4?
zk2}?7P2@;u$h6D{OQ?z>ky4C81Y2B@FA&ea?WJ)1jRdN+i<cO>h|s1v;ytcQ(Er|G
zlci{tL5lgi=87iYd$o)6U}wr?E}CNNJvT+G`D&%aJagWB|3nx_Lw|yZ0#*i~VTz^e
zZgf79UDzD}3y9%$<L2_G0JmE|l*V_l)deiEx-D~H|AobLbMAskA#h|7u^+KNp|&)(
z&C59E?|@F;r-inkSmd@RvNVX}Ulf$=|2lg0e*`T1AQ^PG>pNylrpt107-Zx}ud4!a
z%GnRch}w1EqGy`<_Cr{8%!{Mh!iy=^H-#yblKYPppwvtfpg+jC$I2G5-J8E8YQE>9
zWa(w-$0pG2ucPPt@93FRJ-YDkfB$dr(9F)CG#Gi1&fZ?#Cr=8J-{=7SjDAdOD6N&1
z0x8cy*VI&DW#cp6gzsQt9<!~zy<<nh2Gk1OLVAF&QRc_pxbDG1Rg_JKpBRWn<NeDg
zLj3$>WcQ^WX=)k}j|jBP%;sZ1^MjQ7J&TMafm5NJckUSa8R@o@GIo$K(a6O`z%RW=
z&n_wXb}3Bv*8gd2(>(h0WQT;zpVPJfKC6CR&?pT$x9B6LD+CDv;Lfj7GBN>?wA+&|
zH|-sVBE_|WK0~6d|IGT&ua@;Onfa&DmQ2nv#Ql*^<E7tMw4_c(%|L)kVbDk3-VqBo
z%csyAIQ3>ETGjo;OSfMbwe&ePZM+LU?3(e$;#AJ}Be7J%^5A|P6&P-0m%5V%X+C&%
z2d<tR$TRN0{&_8XYEcdZsT5E?{!wq;Vz=1ju2)(Ps}l+D{H8!+Qr9&}(VmTQ6Po6H
z;k(R5sx!pgmYkEC97ca|fqvTR+M%bHfgk-<kM+|B?kxva{IUTr+xphgyL}phprLLJ
znxDvT-gp(bNo_Tr4J0Q=xuLq_<=z#~^!B(ahLr8K6$|yrB-z<{$&xi+!ngV`T{Qzv
zt2#PR&ks7biRgkX=0<Z~xc84H-p2vmz?sz4D5&?s<T72kKWMLe@{F#0fEXQ~_K8kT
z6l-c3Luz+vOIC-^!COF01EoPp5;CK{E{mwNGDv&0HFX|WfXJ1dBt>5q<!+uH=w$Pj
zH3>PO>6*e|K@ykWBsMmNtkn$7s+KsJ9o0{4V4g|18RgphF0IT7<R(2rvG~-sOfKsV
zuM0uNW;r<R-3NO%ENpK^Q;Z}8`I=p`GWBL1YL(c;qOuvw-115$WzW$LhP}->@M{!~
zU4;fN-k_vlEKW}!Gu?Y!R36RV<}s3|lh~c2<T*psu(?<bG;mc2tPA9kY{*nWi|QPE
zT@m*(=bLU+G7=}XEi=x%`587(*?sEtaIb*R+ItVQY{9>@F!Nwxg$1flTlJ5W43s+(
z*+w>}8o{sicG0^c!ot<T`)(`>VNK_PqkEL=4czveUG-*$NnCi+KGVHV-rJ0HlnzzY
z5fkW|b*Yte+-a-?q31|LwwOd9xev5=E=X`~Cd{4CleoLY-O<izklsYqXZP%MwK#%f
zuJi5#bwRn4RvJR0-{2|v)@trP0h7>6o8fQeGRO8MD@Jr7ft69NO-U&?1Tf==<m>3)
zA{;5W>*xMiVyMGX+(4(+e?CLJrqL~93HpFq0V#O=u!m^yO#JjHZtsrt;_w*@{8$n1
zHNi-9T{f2+n&f40yHalUF>N@jqgv*Jmc?ekgN0kpJyspNBU#kD^L>#ii;dcBR9^ws
zunH!W3Vz3zfpNmVDM6v-5x|`?O*vZDnY=4WDaMaQS9j)kcbrH`GoM|k<m`aoNQ+s^
zc*SW-e4<+4h5fd=@7Q^;g#WsTCb*(+20F0nwJy(~g!xflo!l^IL#h&1u!~`FgH=1|
zL7VK8s~b%JNMCYcw8BPROADy39{a?`W@&EDb9jM)fnmHQw2_%AX5Fvx*|TT7WhJF$
z0@9N%4AxnQ&Q}_ugcF0~zzJCe9D=mgvG?x!Pqe8)#6MLfUnea>O@@3%V!y+Y4b~##
z-YH|K*tBwsZ)T~*ehZ`c9_y5RUcM}+8kKA2*E;#pF~x!M^kS~e#^ueKs*(cXap(xl
z-D!~J25x5IM9CHzpp+O6E|O;xz>WB02Pn0Xb&3{BI?#4sL3|rwWUakM+)f}^ODDuz
zy?Ms0B;8+`SD|uUVt2Vo0jJ-r>uy3xe~5F-d-3ABy!^PS<7Dtw4xx}W^qBk0{pY7!
z3-v*+?;jn~*5tOE<r5;8oNlULr7(K<@Zr;UBL!{?3c%WD6IO#dQ&WDtN5uox>#GU)
zwdKzUF=sHdl=^^d=o{%}->Tr54~&4$xh$?Q%vFx)HE?L??p(4O<HTF?`G3AO-0??*
zwOlH}TKAbS!}lilMypNXq%TGo=RTd-pt6pJ48&-Y|6O(OByV4J?@q1Me#J>BX=DV9
zYF^9*`3F9mHw-OFv<iGA;j@dIuHX9d6gFNuqL9Wjma-^Yq^#hcG!|B*BJRuot~O@e
zYRV|T!w__su!A<fGln9hk&mwhMX6XBq2FJWSNbCqq32&aW!iE}PkRjI`{4<T2U_1o
zHT$x-U_#jfOkpTeNd~5ueg7~ZsIyJZK%!5w_|=q5_5Qh)P!yYadF>W6X^&}r<?CKb
zOk+s_>j}`L!{2Ge6Oatl+nDHd*e_}DC$X18HbL#2OElxD3-1#f&;z)j1?;2Hs$Gp|
zKb)}L@7vmxDk>@}P2nZy`(M3!wezg66)OF7Ti4Cmt>1Fh!2HP|?k&lZvq#!WlYA@@
z7z*kr|C{A9tl?U0eZ~+L&z@amKjbuIhat3LfJZ8Ety8GP%TN|_Cuh^kUtuSAAmXz0
ztYp~&*VW^bC2R#p$71J!UTsu%b8he~x0a4Ce(~k)bT9nJiW|bAZ8WCZXTu&Y;i_%N
zQ^>9LP{JbDjB^)M0p&(y)H*SHkpeC&znb2};f=~+@j>NSE|;uX9w>UJ!iUERq-`0Y
z#Y?Oz1xzCF7_1##&e$L1hc+H^Oexe=6+|l0$b4nj8cR0J69PzOhJSvg1u?ahFl>&?
zu>295PgC|Tf@Go77Ml-G%BGRLS#FOv;|mg(X)XIqy#IA&CEMPtG&WycT_}0ia1Auw
z&>Tc!=;nIGk<yvH$Se#Gsn%fGsyE`mTeO}Bk|%JORt3aWGWi;g9Br1rAtx&xzWX%W
zccm|T7Z2SSXI)8ZCDPJ7e(k*Pfbwa5w^Kr5oY3eFC=b;yCDD=pd7%?OqPE2!YGPEE
zQ(HLctlY^PcP{e0-EA&jA*G?f2{4$X_;oPq7O(+yh#m)VCp@QsQpza`8EkSzY7LF6
zhCgU<>bI2}lR$S5m4#ld?03Ul(ruiW#+FY^r*POIhxv05wXEUlwN(CqUWgHH@RnNi
z<Z*L8n~e70JFW{(b;q)O0d?_Bg71C=fS4n;&-Yt2`tiuf9PbX?;^4R}?x|*x?6K4T
z)R5qs%>-rW&Q9K|w7G1s!hRk%J(INBsgLg}97p*UE{73H=-``$!ET#~=*@?o^nISj
z&UE}hs2QIxd?3Y(<P&a{&9BS$i;}n^#igT(sX^~`x?KiLjnj2qNAMksrA?mznI_pV
zbuWet8OE{I;cQW8d5a!Da;M3!v$xP>*lKrDiLlz6l8>v=jZAdXV(>Zq9U~C{Lpo>2
z8<X_(WLRRz)f1*qvf?^bsSpj6`sf&**9cbD`>MA}si#-djv;58!2fj+S8t^dR;wZf
z0t5i$3AnJY=Y!miYco!f{Nt&2e0RIT73D$uU+?zSzWV&W;{xcdcY?j#P(lRB1SKsG
z;q9+qbxCP3QK83vYSI>cm(A5lhT8MnZCd%1Ol82)^zN=rx!}^XZFj=(del*XwuPKX
zQ~rwulAfj*tHl!^oZofbux1o#N;6f(CYuejyJjh<v4t=oXFm)$YHDsO{Fy;IV{enV
zXDS!4BsMN|Do$`U)ks}z8*g-tT1H;MaA0x_xYBm0=cb95n}v>4<5?#(($`qAZ*zpU
zy|b|S2k702$!yT!(QTsKFmLT<;wp;C-nsW6jIna-^3))gdQRCf%4s#kjv}Whe9sRo
z21$S7dP6jPh=#vXJPjF_)|x4y_jaOQ6~(*UEf4xSzY=u3F@xL8@86a>flZ^2)%ZI-
z`2(ZL(~QNOZxinw+w`pmMc$Hg-Hvl9`!Y<#$~YFZobEd?5(iyDZc~L)$m#r%k?||l
z>F~paV?1#kCR*)qRe5+%&#zTqE9;%M8;cdtA=jIFxp<hm|8qzWf$^a8Z%VNh$6=0*
zC7VZMI~`@GD66uyMWqZWY4?sr9!A3zLpbA3;XK#g0A=yj;~zZMGzJ(B3en0m^po&l
zsJ}h8{4p>=@r(q&u6o5^a1Ye6LYNg3&fmg~@$IK({eQahRHrRuj#JZv7ULdT2thK}
zVd1!LIWDjh0btv+*)WH%ff|`}mZn22(1KWhz8a^2mzoSYPeG&QZ=$JOkdJhfyjXEr
z`|?=XnGZppF3yK^j@>N|h@6~*G{z|}w43V_%x3QN2-8}j??^oR_*cx9Y4G35+n0@2
z9-IwKhsG%TF1s?L2Pm2&Z*lXsy|~2vg2ilos#HiwOKa+F!^<vviA=4^t~+MQO_|d@
zcOY-;G9h;uHC!tE*E#oMuhSN_^=9o;Km0@QcEP0(g^{JGEU6`iw^CU<lRLpVFkg#;
zTq=Rw;<LV)A~`OtLkTDN>%t4AHpJ_KVh+*bXR<~ZBVs{w$Ik8Cpjf8~rNSeW{y~}L
z0}%)Kbiih?)WxX+1Q)&2(YTy+vNO;F^N^BF>V7t3U01IueB?|>nTaJC(o*0F;Ox?Z
zs}LVh`|TQj+KV~@?U}ktrR2Mm09&3Cu+>1FDREKl2Q+=>$e?e`n%qK9oziDcOIMLZ
zHFxHI-KS;|j4HLbS%;Rv8;KM~-#WKdbOnhsC*+{Ree_y(+UDTI#mXf*8U&;wTXYtp
zC+#3qQk<_6R%cu_E(Z%Iu1HON+cH=R90n+vY4|dE!II+?BJ7-s^w<Oq9=8IHRyuS*
zy&4@$UoRVljLaP=DXo<OKYfWxqg$J%XB(cq%)tAudPHGF5SME+AYbP&;;@S|V+fjM
zQ^M}9Dw2z;4dpe?44P?eVflCX4(g2;e79iXnDKA!tNuhwpnZPhg^+hvn5`yLWC)>&
z_2yZ5LzDtHxoX+Mi*H9KQTGUqXCB`^#o|XFSZ;-sq0hFgq(fwNSP6wV>rS-j1{>Pw
z70@AZn$HRq_SLzs(h~WUntJ$>cgCHwibz?lk}T~KbIu-BEr37?AR+l`kJ%5NR)j|P
z&0U`l%7jl%9+{cfU83*w`#a5_>|9JQ3^o;OC{bqGdmH5PY~cx2@OTOrqFRbmr>|a0
zOh@U{3_O3%Zo&b7P>@LYh+V*oZ(7GE)O7bw!I3kk=H5GnShUr}_K_<5#{|10x9PAb
z%6biIUzi|FJ1X;rc-JZ$WOKy4ke&b8qGYw9RhW<xT9g^W<*udwPH#FZGiqFJO(Doh
z8{#q*3=21Z;p0;U889!4Bm}P}`tR!k`~j;y3K#(3irC4Z3|68@lGroSpoUz{mV0^B
zR(Kva*;kg0nZ};+d-LAre(2iZr*EF56r9>SOfA!d;~djz)MqL+O0&P>$^7}5)75Iu
zcZoR-$jny$<X%nq;a1Gi<H*e9pnY8<vk3E!8qo5qCF$#8`Z@_}x=DJ>Zra0C14pr&
z()UMvL3hzjp&4SUOntt7gA3FI{Tqe%xiG_D7L4q9VIvz2jge>y2Cx0gDdGL<%|}C;
zEO8rU*RpTXt{dj{+LVp^ebi~bz*+VIyjS^$M|+QCdhvU*3-EF$O^oas%qc_I?scOX
z?o`MaEw8*Wj)Dz^{s2zQ)nP`+miZ$QL!>4A<HsW2DTn+vP9*^b(zcJgTcJBlx$j$M
zFd?M5sKl+B_k-b~RnW7(&j1P2B{QxLTQQoynE&=);+Dg(cNJrct3>yW-y&KT?pR>*
zqfAE&!INhf;@6f-td{u)hg*{;8VwWz-y&RTd9D2Y$yNM5^S7C*nS~EGokw^jI@-Gq
z?M9VtuLZ<!vW;uM>?=qa4SdI1hX6P22@dY|)eGBk->Zl;4QBmZ03;=m7Jr+bN!Wpy
zD_6V2>^Wlv`_9FgQZ}j;CNE%l#UCgkw#rgfpmgqtl1w+IJXUxCI0>s%yIZAkvBr`3
zvOwFeW4iq)$Q3akok%)K?Ij4;3;CFE-e;!tAwwpe<7xiTz=!Lk^z{4jdWB?c<f1Qd
z@4~)qOIIrMs9Ge?<wyK&RnL^%Sc}G!UxZnDB%PC`lmbwLkRs+rlz7NqUnbPVpgMWn
zA492h={E_G3<RB_*%@u4)VjHa=&wM_apIYs2cLi2tc)4yd)UN{7r8A0Fbh`$Gjf&M
z7?b!klXh{a9))1EUorU7$t$vUl^A?)Ms!Gq7$9Zox!-!fZlGOVe`GKU_Fm^Qyl~Ot
zi42<Va_oNpNWVpym%4CM<{DJ|sdObM-j9Y3wLOx88=nV3-8PgonvE&kGp`rOYJ^x>
zS%*cRWVDy2ccj}KL=UIsR)SxzCNJva1!a6E`ydIIA8;;r3NKESM`bj!jPy6BbLK=U
z$FFNG8qIUg)6o>&x8ox&9$rm=TgPKR20f~3$v~L!G*%08SS_id|JiGP|5M7tE4KoX
zoBVvWwmuut(Ay6v=DQbH`;EZMIJ{SJnQB8F&gV^=E**GFiRzGhbcQ#*zPnd=Nmg1z
zhiK=Q4z%#fIPLD{|5ha=ySQL-=P$pV<l4-X)J!9{h?VXhAfkzO7GN&}L!LAjPi8gE
zv+y+7Bs20`AfhIM`0kuOPc4_^PNd_&vA^4`iEfOMRp+nld?K{CxtgyZN2z33zvx3N
zx8K`qUVjB6IydG(P)pB^>)}zhUFk{D-e^l|3{FogweGyNQbx?qyf*Xz-PnfR-x+os
zHsT}r=Ch;U-6Y%;)m5606zsG8fo^>7b6pWH_!|wivKh0zyhK;owXRfkYOO{-9CpzT
zfjJJstH4+TM)KF2Vr${wdf$w{TY8t3(?>Jad5ghvn;>Kxk1tk8c=bkSj6ewsIj3RZ
zlR?^jdX?D@!qYR$dKJ4yCN$`FvU^N^aRFA#BQWzz{O(J5TkUkRv2=K^dDp~>rnKv2
z=R(+e+%6%uPkK4fSYs#z=jRxwk9&j8X18L~F=@KxgJ}-MwFd1iY_>e8e6(bkXPBV;
zbk8=vg3I}ph>_E=Kj^T@<Y;aOxkT*D##`l9IQ@cCeJ8-;Gj}}LdBI;_J*wfoTgtr@
zWLF8$s6E|#Dxc=&y9(}77Lkc2XJC9CVmJi6O8ez=CEG5MDh7|*D0;|N==gSQnX*VJ
z*!O*NPAk*%)KhxK0<y&GjrXcho^7m4IVO2GNKkJHpYfpHQ(nQyYL!vj{m!9i-$o7B
zG?Z(h_(~8oUGAj!Uad;RI9F}baRTR2z;cis))~Gz$hx#nsC`#zttmoI&x{r92%$0D
zs~0at2DO08%S6k)M2cD!JL=Et!D<y<;i9Gfd^m3wOn!BPKIc!8H3^q)G~iXkry0;>
zyN=p`{JPr*9!tu!7q_S>gL6aQP-ta^4>mS=y*-q!bZ#7Gk+^O2v{JihHI07_1yXI0
zEj<2$c%a7%O{*@|8+nRv4l6i4-h9ZiI%w!g8DhKWuzD~^9IqbGA$FK^274Yk26Rn|
zYi*qdfR9j@k{2GwLV71T66>zvadju<<6q-OW;ZnmLs?t9sj7m6ILg=QHOeCPuDX_Q
zEE$=%EP_sZMyc?#5)Zuh87iqkg`K>;*;9oLYe(V}gwvu#;HaEQmmXnhqZ|0?CC8E7
znx`16w4$66-|KoaB^<YbDcT7&Jbv9^pzT)f?7c(ccC)3`R&mWYEiCt_&L%k;glYAa
zUZyRBar`GSVChQ%$w|#>29O67B*Hg<{gR{nhhAh}LB|c3Ppft-`m!Oek$-1fO7I~a
zquby8t@Kh{X>A{y43!@7<UiiL$}d8}Kqql{K+f0XDMHy$-;7Xq;Xb>rz}qIHJ~HJU
z!$`_2cX$;73RB6yI~{iAvTM1at7#eb5>zFx!D__l)6m$F?Kfn1&7a)RKHVw#BGj`1
zDWCGjf}?m`KyI$6T^DmRT2d!kM@~$Gxjg2gpDtj(5+<RSDXGwB#R75Lz?0NQ?X76^
z_^Sp0wd&o^iG1{qt<Ub#nugNcybk?RcYBP;Cv^%hZV94VD-I<^e!baG;~lUA_N<-e
z1#{fOj;0qVi;UnO+UGEDo?fX%VZY1}3`-(-8Ek&+^uOzXv~-~_q%(chZ>a898{V|E
zEZ=vK6bm$2;#Dk>)$@mbWzIz73UgWYX1@75J05U`OeYXYNg@)fZ$C-NX_T^Tv3*LG
z_v($w6^gI0P5Zp$|NWNpTcG8m0(rmJLqd**NGDQ*-@Y{{KECTyXWPlycF*>va=z*q
zvQ&y!>cd>|(pvk~Qt9-=)$#CyIx2W3oV;VLY$RUjm&<|lj=Cr29(7WlEr1&<G6Saa
zM23ApVq<q`Q&BQ5H!_!}TvNuAp^i#m&}@sJ1Q_UYQnaW<W}54bNsy5lRYyeJFD@?T
z5f!a&$oyei=yH57`1|j74Vh2*%)!M*dtVEr#Qcjhy8HQvZ;@%X)DpJTNN6EW%k3Kn
z0l$;xc4m0|xcO`AtcE|SHK2;GUp-uBTC|ccN&ZkcygdB;TE}}E08Py}yxSFo2R)11
zY0A9*%<VYo4mx76TQW)Yq~=J74B8KpEEEk_63DKb84wuAcLx$hI^hZBKGTAC`$3nv
zAAkL?ze?Y}rQ6=#Mr=Z6ulNtnEeDHaUAZcp@|Z6ptHM1wzt~Izi4k1w{TTn<banr9
z7=tAF9!p;~H8t5)DFgjQz6+kT8#nFos*vgIf5VzN`#Hr<8TU5ZCJrik!$tY&3aJ@j
zW;36+JU!;$ZQpWh=U=*$<V?5)6kl0h*~wOa$50u=R1#Cl?_>lm8(0BU{652gY__)k
zOLyOscG|3^zLG=0725xJZ3MKzKsR;eKUR9)WCsOS0$!FZ&zhq<%Da_*H0=A|(n6@{
z<lUFL|KJAy6yFCzE3JR4a5A!4eNt?~?+0`_{>Qm@?Z3o(?Dyc0-xui5|2n6{{)c$a
z_&>z^`2Qi^tNah~{{KgH92+A(RSl##kNaAG-JCU=(z?%?4hbAK`o~}BFCoA1!!fK&
zPa|zEyqNscUw9Oo(H5UT!W4N^J%wQnzdPWYGx0UN4%$dbZ`Xap;8*5DQty2K==%G2
zCnNq3_9Smugre|Q10wkT3{@6m`W~%N3aAVC(e%>bFE^la-$i~u+cv}A_g7F#+Rf1W
zDAM5=q<g)~>AF^h>+60#(5{I|!Ps@HGaAC`fd3pGAwW-B`56#%fwa4Ham?C)>wj?l
z)0_LQcBn@JX&TYi_e5R!NwF+sWO(Mbdy8K6MF4Q7fya+Eixp^p0O?UKHJQ+TK?)!R
z!IS9`OBNsL1Q*@}{}2jFsVgjJhj1}_&C~qwpOZ0s)xUkN=0vOW5`M-qW6hVy-|ik`
zS?Ouq#@i?lgMb@PCDyGENP5B}@Y>HXBrN5hStz5Zx$jnC=DtDb(-njPAW_SMTL#(f
zPYMI^F!f9_**i||>9HIYzWB2beO`#!ZSxOz9ys&?twF0s?X;Qg>vPeTb$#*Qkuh_x
zm8+6*;Lx8uWif#AgFB%LVrIqa!ZW#ZSOj(mOtEmm)Q(zW7Z9tVP+ZsF7)nweM|VuL
z!*$-1Bm&jwVt3LAqyDF>5#vu!bH>Z`=axw=TkGisn=q@hs*RW=g29jZjvA~J%Q#jc
zq-VdYr}uVx;=Okpn`9|;e#G5+*ugX-)J9EY42ZTF^k0^`wAF5X_l~9k$Jjx9rawOs
zVr)cNR7~+aP#`;vOGby<&WzdP$g)66o}?vW8KOOpeunjcxQ-$~CA_dn<|$0Upd4Q=
zIMwLG;rqq}D2Q|v#rr@{&mXmtVVUVI>eI804(m(1-2gSuL<Uv3IR2f@Ljnz6JH=hv
zVpsivpv>$thl>RyDPSeaOjWz!w;<Yg)AP_FwPx*vl4xsiqfP`Vk+S~TQ#mYqZy`Q0
zqsq`-cE35RjcxeAHvAejNxS~I@@ne8c!<d8n4(Lzaha$b&WBxX7onj^><rpVrwyuc
z%Ywr(TMpgC*Ul-68YjOarN|6az<u>Eg(-BR#%!?CO?8Z7mM{M>2@07vgikLR=xc=S
z{;GlOzMXmUbN)el?m28z`r7{6@%wfqx4YVUG~A*Myn07lvA!9?4k+<WElfqPY?sW#
zn$bN*aY>UtqPn3!9sUbMIivD%WDTpj5n`@5@ADndj6)K_iNRp=TW|SP#&*~3zW$du
zSAR?RD2o+dXNH0C80+Z!jc2-6<Dz{tEc~u>`Nf=@kknxjrAg_dnNq(FdZ*#&NNLM2
z`MSZ$(bQXoeuOD)_so{i{FaPnLo+Hn?g=Nb`(rsVR~(?0G9K_(d)e=<lqv!lzb^|p
z;a1+@gLDJu>LQCWh-J<?7U8u#Uf!%Jb@ggWn)~ZTgUt%L3<-xfmBa<C{7_I(cI)m!
zH`Pnb`{60t^)<w^g<zD+sd@9a`rVIp{a30UB?DAbwTG_0+2{GYB2$GBYw(U!)#;+Y
z^T<o{dYYojDzJ2d`_RY47L4hDcEedtOYDA{FzFb#62HFeI}1?jpo4+e+dWgrz?l#@
zwL<5c<H)v@FV3B^73yr^M^y>!d)PiA$8WUZwiP+#<Hy{8d!-H}F$l;Rg66~}4ufbz
z!$q69J6-;=?PRsw9X-D#?Q^?1;m@po1LD^s1wz{@dGzGDLb2^(c2H<gi<XjnMYE5y
z%gc=dmst13p_v(DxLu5lQ^0d&`+h^M^m@SXN4=oM<<u*ZsK7Y7Z+JgYRk8xENvVf0
zNTSj=T3f}lO__)b7WOjIe{z{ruHAEm{H2s^lybpx#thvgsf97}1;AJdi|TTv&HWyf
z{||3p6&2UkbxA^i1PviU10+arx8Q^X2=4Cg?k)*#!GpUL?oeoOhaiQ!Q#eHdRajT<
zz2E)*e(BK<J$gUXs8MqE*=O5YYtA({*^KP*VWyP|!bPX|rTVuCIYx*k#GF{hRiz|m
z(g^Yl<szm*o@_ml7q~y~x3i0UB%+hb5rPy8j8M=$d;|Q}=&KXp-C+qglU~lLP!`p7
zt3;XlJODh_y`|M@&|y}!l>hC3ci6e*&w4Bu*&W+j@H{dD&E3+wvP#R{!jW&DF&j{>
z3%P_xx$-R-H9v5cHW1(Ku2qX+<sTP@By-&zM_5}}U7UOyK2(%n{o`S`=pj68X6gYt
zZhFyZWWkA2ioZ94KaD6AO$tu;O^BeV2!~`Af0G4RjE^DS5%c^m?T~b(UFKYV^J?<T
zSWjfWQ2J)RZ_-1zdfLS_H+5`GN>gfaw6gHz(qS72xQ2ukQ(i2>QWiCem3G!e!TVND
z(#~negh723{j!Xf+vQ;HI6X0&yj+je=(Sf|r>?#I1Uu!3*YLo|4+a(q&!TO-|D%ii
zz4G5DUQ$;|<xfu*p{4|cSS9PI>8xlH5M||B5n5QtE-I3`_c3%gs58uEt9Ue}a~63w
zN0@KA@D<#>5*Ck)t@5eYKS*UhXmgEITY#??#I$yT_Og9G#4hz)eBsERep1+{#3@jr
zxvReIz&A`(KRYv&u;4_u?$T;vMkhFuNc~$vFN8|-wT1jFp?7WnN9UwQ|Kj9{^g?o>
zN3GS^WxxXzu<@^5Bmx4&Ujj@t4h~(fngP@)AdrD_{Ah;CvG7JbXhPmEglZZfTD-k;
zptwn}F|#4Nq{2?w$Zc0dm~CUL(V$Ahkj6J%k=3&7Q)XuwSD}d~H0{psEQgX3B5;qq
zZCrFX7Z1rwBU-GX(XFi0E~8B6J`C6zeKim_rsX}akWlj6Gf8&^T%n-NfCXNWg6a&o
z&{o8ZR{Wcj5in9TERMZWJ)nXJ&h2O6SFCOEks9GoG-$TTWg6}t4pts(xwn;QO~v`D
zkR&rJO8MpRxyLZ1@lP{}p1Zlr>eMKdX=AIT8x$+eO-v4qOzkKdsfV~@U>&Z>u*hWP
zrHtxx<=7U8G6MPBEK=M&>ZgC&VM!Oy%zA-+rYqPVZUI86XQ`vw16C&WvCB5+QWx4~
zVs*&?P=hV#E74-DMVg;f!(eqO=4U@olFN-RWg)JOLp<);_@g(PXiv2dJFec>ejS!f
z&6}I^2H5)GaiL!&cz0DT);nazc#46+&;NT85t2efDdTd+$2Gv7y>kM>ct8Zuv}zkl
z@T;ZEcP^_N@b>27VBFM0t~w(fx1u9dL?L2oIQk&_Wt|?o!@?(y9b%vRhy%e+D^R|N
zF-%|B1q40_E<;tU;JoQCt3S)<rFJt@)z~9}{(Kab&C1TJ64KAn@udAIAe9M+CF=WG
zV<}!>H4R>@$wSX+vWMGD%PVbHW#(4-L{Jh44jcT(k`M4o=VK7kOnX2tcd-Rhjn|XL
z1(m}ZIduBWN?IN1;3a;rJ0+ZcvZ>_NoFJ!YbS9k^r*nmz$?nj`NtJ`Pbo7I+y({|1
z)}Vik1jKY{ChX5C#u(R@OSRy*yt5S}+Rvu>SpOgZO1Y0`^z!J{qz;HLQ2)Ts#lLgZ
zCGS7tD3x~c>`jpB*r;Y1Pu8v8_y&%(Pi<!y-4l`Fzaqn(V7tGg_6X5`OI0->on)P|
zj#lTuOqfaJ(S}&uJi_EjNC6^NZEP&be{2iHedG+QS~k;3N=(VN^W<Y=3IF$-_1cmP
z2RyFqjcIY5hca1Lo`0<aB--E?4FC0dW}YV@L`~6oTmWX{QG8qye_M8cEeVOm2wQ6f
zxgw>M^xq`{$wBW8wsd-uJ8zoe{lLHT5eZ>mRXaH&+$FSC*TIQHC(dHp`Q;=p0BYxd
z7eobR-QU&q-=qI~u~O~eo_~|C5r)&B+~$A375RVUr~E&0i~h0ZtpqqEB8A~iA8f9b
zua{1z=QUV};<w?d9IIXubm7;BHDvF_MyQ4a0NIa_7NIqwBI`$oV$>Oyb5D)|?)yD^
zeG5-RN?pjHF7Zsx4V&^nip+221ox3BQh@(j998z_mYr*&UF=3xncsC-f4>F`Oc_lf
z<>&Bnr?~LAW?_T(RAQF-Fhg}<T7yk~VEZD&B1=^-@6ZoJsDjA-^M+%#uax}Xhot$O
zJK6#u$;Q{QUf>l|r+Si#y~^0Q6i=PHRlm>r$BxNs0@6R=QLWOlyPZy1_auDmr^teW
z_c<BtCK}}zmoF5)g?(+XTNCru4jmex^}j~4;t!qTX8x`2JZpIyC-X+59TAc#G9!f_
z%-Z2PRh`|rUcvfCIy=&ujsYa7y=AK#yznJ{{ux+q{G7WOy1U%8GI_D(dVW)>H(W*#
z+NFr)<x}2r`zG^8293M*s(fU<$;cDZA;upYqy_zBTBYWvcHo)8&l2+FO;nM@&~|Nq
z(%%X?xOs~}IYeroW?G9;=v6Vn;O0)T7Z$}##~O%uJ)>|yNGo5a?oM_^3v(L7y-_`2
zc=fZSx1W#l#KgVojy{nF$YouSnEWQ;;m$b6?=dAeLh#;<HL2zZ@7`3ene1U&L`=J|
zZRWLXYNJNk)m!DFX<5G~@2#fV5-K~3qKTEro*}8f{WF#V=nV&#T16Pl8C55C+h;BX
z+P_xn&sm-`m-z@{Tb`GyKuPCIT#6I=l(E33)(hYsurO`jKAU=4awS~#eXbv$-fr`I
zUHiGU5Ki7YoX@oy2mMbKl4MNnQi}*^>{P!tJ!!Gl;1IjfPIBM;!Ck3U`i38Gro4fQ
zsC4caThQB8Srfgk-hKzi>vpMXdud+?E0*?zsO<+tt%JL2z9d0UuhvGZ!c}t&G{o}7
z_taCgT}SL#QvWJ7OLI{pR$xY3mMI?dGrn|3@|f`2gKj*P_13Bv;xOUY%%M&kv6k0G
zZ_?l^Xj*lTX7`RIx*g9lL^8Jo>J?6XfO>|XB@PZ6qqpsM_cg#mwo*JUADjWButJ4{
z)|CCNiB3@Q6D(*bvm|)YAsj!Yts{YI$8tJCb~u)(;3_aAQLja}67LY&rLEjhHKf||
zaAg<)IHjaK{qAO`1@NRpo9T#a-*3ikzwGs0d84;^XR1;0EWP>ZPrk-G?e^CByg;6q
z>2HdGwcDn&u8+*5wNiGIJ(rupp~IZiKsW2D$b>|pecYAlMdf(JFm~dgQeRxSR)|AB
znM?PTO^w$9U|d$Yy8$3KOEdh<`_Tp(OvC!lPh=UF^G}5y^p=c54!eZ=0C6eGsRPOl
zzUC*?w+JVJIcBN2a{_R}t&<p)09yIul}oa}o@s0~;(jbYRco01mKmhtx7MuetzKy1
zZ&7<9wU~>OQa*Vl6#aTn&xzDs%pD=LT4>!+VgG$|g?b>+RV$06%8tp+!s@_9Ii!!?
z-JOT83Q31={978YYjo81lFQn!q6>kB`MOVuE!Z(i1j_6#;MJ+>L93cUFwr~j;>L(f
znDDVQ(+`R^xzox#NOEcef`H~!3ax&BapPEuUpb;MQ2D7=W5uLKDxQv~OwonWod=jr
z=hT^VFCBsiLX_j<z)*NpM4Jq2QQm+TSj;T_1{{fBiHD;q%)NdqR6waWNsP!s3#y3U
zu42`e4o=cM?Ve!CDkWG^%uHjPX$qa%uIE%Qj^UO~Z&zD_f1zE?x3J}Kj>NaEDH$7M
z+BPqdLDA~q9?t?`eNsOdVp9hgo_`V~E>YckZ-oFp$1`rWchxq1p6jsb@YM^eRu1NZ
zrv(c3iMv_8G&a9nkgM3(bpr<<x+I9j_klmSU&nLt?zM#0f-j5IA`vvK7U0lI`;FYF
z$^%OMZvoG*-W=aRMa~Rd=S^Ro)D?cpl8$5{I!PU~=@$}WS4C`l>TQUSEokN03{r@B
zVhHAZRp(=~2nk*&T~}R361to9IoM^P(yF4D%D-<ECW+B>rDzl64q%-jUe(flDh%4J
z@O_hFFxi+yva@<6zJTGTQ(26RR1BQ*o7|0h*<d@Zv6H!o`FTpSXNcFu=Mevx5mTiV
zezIfZ%3Ksvp<BUp;@HB&rk54E3r<R+<C_5%Q!r~5x4(b<gALwPH69PouCqQm`-q^3
z*zPP)NyVWEA1>K{1F^74#bJF0z5BIAF^*D%a15+h-hakQ3m&BS9Qfim@oei_tF5AH
z^HrP4;7m;-*CIHjL?X>Qqa9<<&~`biY>+G*orOl0YgiceRGly~jXN@Nz#VcqBp)ml
zV^{uR1N!<%HCz}>;DH0xCJK}VQJBQw%VyF&R@PX}(#k}O`fQK)AtE?6%OQ_Fsw=k5
zwA0yuQCW5*q)sey)b3!m*S}k0;VdwbHKwDI<_^;;Wf@a@&3uq&9C7Mv#xno5mfq3X
zVg~L*lQK7SMo);%3&jEKjkE@*I=Mx`1`p?)mSuAKk*V4NPQ(H6dtNTG;p0!N3&f*4
z6?N}`Bxnj;qepK|ha{f(y~$LU$<z>1^p~oUit#b!eVXV3btP7^DnCIV*RG`0YPraH
zs&%bg9-1EI7H(DTl8JwMSafJhz+N{DyYkN(V?^ZqCS&hz4<QaNRhZKtc9})KMzJ`_
zdp(xg_603=Z<w+?*b9rOyo>3noT`<YkDnu{Ucuw-trL-1u9H*2*;Nl`rM9mo)le(2
zg{I~3I4M18va}*-^iRz{h#Sd2XnPjsRK7Lcm3ny6@g^%lClntHGfx4_j4UU)^n7mN
ziXj3htYD%vwyMR#%716PDT6|%4*1ecOZ;TKbvfFa7C}|}Tw3AYC2PYKH6d%xt;CEv
zxo@0{_HXkK=+Ep*8U@h~L+oT#Hg<53)@!%W5#la6^qQg|X9E(ZJC{cMCUO-x8>B$3
zVxF19ta<T<Bz`0R`&G@woliqDsdfGngp97&f`Uj{qZONTxEa&g@2h@WSL5p3`Z{b2
z+Ul|Ag0sS#GUmw}%;YD(o~XR<nUm-ko*ZIS-a8fJd_BKQEV$Ykr=tnb;`1%VKM^Wg
zX2!i>ZWsqnXa{@GT1aYz#oJrxxb!SmH}FX?P95#=bB)f5>Y3tb+L0i{;vp&@fwf7g
z46qvyM4-_%{(W{x1*eM&16I=ZC~v8&uy0wcaCUis#6YQp$RyvJOnpYfOqbKl%-7(-
zneo2q%f7~Yc*8qItQ9QD6RXvlhM+aQ{5Jy$GYrNR$#3oR0*}FE%f#G~O$eYFnWoMZ
ztfNe}f9ZJI+MZ9Gk+nMiBa~;wuUW~1ma#J3F6QvVkjiRJW*QWV&`8`PL-(%^iX)<T
z#ZgU0=;k0o2R5Fu2kg{6AMZPAZ@ARvK1G9Ee^8k>UR7ik;&j}L>Z1ymtTmLTp(`SZ
zfHvs=^h1Q_Vym@Ao%`ij`7u}}k9;MmQ7+OApMJtNEz9p@ATJm(hTaBiwXv)EqH)o4
z`6q0w=&Wds|1QJG0DDMhJjG1Hvy;M?7e+xrW#9V{Al?6JQHKecz)E)b6IP5xUhOxU
zw4!krY_A*Icke`I1CX$Q9i3P0?8<94HbraH82|ykYflFKbTyk9HuH|%hrKm8Y(~kv
zLz-7&me%xZR6NUi4@r_ROWN>aqhdNbaY;)1COREbLpG>5aPji%6oSy;vR)#MPOGK2
z0qfgj78dqL(YyoM4Svo1c$4+venx35RANXvzQHiQg<GqXy6l?avR8bkfv~{s$==69
z4HAH<vpth$=O=(}OLnR=<n=UXB!U7+RTld6De{}qjP&MBqKi_3iYG(dV|VtY*!%@y
zPU5D_Y75>awafSS+nFhq#=J!?UM3_dF_|CfU`+}Jo~J}*RcVc~YPTpP^;ZfZIu&ie
zxu*dPh|`e&<P~t-&G;!0jCuR!;%mxq{h;D)FjtMhe&#-feC?v1Fzu^R<fr=(tf$wZ
zwFKu>@&Tk<yEp9fh;QNPpvPV$ZZlpx6paA7MI`|8l-kS7CWY=~BC0jw7Qd>wwRq0`
zy#{=9Lfos%;<8meX|OG~N~ss8_lZ|#;74Oo0m;O(rZrjFKo##zI6YWpVjVcHom@Vq
z)jX7|MtL&HR3W9JfPXUkxSCcfMt1-<!IUfb4;NsDsk!^CW)qS}moh?Ke4wH?%XYk4
zucT~l8>fFU23`m-K`MzvcVnD&M+*Yws^W2BUc_<n$dc?9TU2>}c74I`tXDGQno^im
z2~H{SB%hd^&^=XngeT_#(D)WFd!p>Q=+^QYjg7}SwhN12!LQZJn*4uj>k|@#cof;7
z2o46`BG58vH#=-n@Y``8RzlB)f?>EX5q{Zn^Sdt%&X%XO3yb?iWsO&;rKhKrcgC%p
z<_BZ|MIJ68`_oI5)z6tUZ(ZxCOF#eGOXCt0i~FVpsHu`3aA%sHQRR&|At>_-G09pk
zJ&0tVp{fDe<OW`-CSO(PmnI=V{uQd926#x7B7Y%ODFM{=`QmOm6)E_;1WdH^6=K$M
zrJ57tRzw<J%uNB~x-(AaE=-Gy>W=4y*Ty$o3O1Lp7!&Z#W-Ro!k2(bifMWU2+#eGO
zy%14l+a~8x@h5K5n%-laX^reu_3GGu^IN3Gme0zdJ_U0pxh_)`SJ%6Atab?QCyRF9
z@vU{-chyUUXS;Gzt?Jpznvlw;LOy!!QvCrGc;}yuxo{2vDDt0rPAbQ53$UtB2nflC
z7{(RL2Z)l0l|s+f0QO4FKD>^IRjhAKp08R34_{7AOD%AFqYO3LnDef&1N_z?gV?ok
z6C$lic2!AC2yHC7tC!Wa4@;;rq^(xvr<ThuP<^s8!vz-rL{UjQSg$~Dk;XFH6%rmH
zbulJyhR?8-Ok}K~2cR35{Y`<7@)JUARlUg}K1;E)o%Uh55FF6>+?p;RviJZrG>{m#
z7vCyhoyI9YEBK9{;m*f@n&py=e)2Y>^+%{I<>_0xSWDr<3V;8qsHc%WpNZ*muPt<!
zc)uV*V?FX6Fl#Q~&8MUSarvT=#ZN^^%ErPbiE*_byh)H0+M_<n6J(fA#WAd1nlG2N
zzCa4#%c-uui{SmoH~+QM<H7&0pN{nZ9eHfR&>SMO8=N~-;wk*<mQ~LHY7;>FZ-7I=
zSOsw=Ll0KF=LCvrj_PipJL&&Slam5CXlQkgsMKh#{O<t_70KOOj*OJ@yeTp}i)E2R
z>OV;OKP4co>L1|gnpKDKKc6B6j8t|1Z{V%e|2?+4%sdx};PE*kS0F%cPMW^L1-i-+
z*Zq<HQO$hy2YB=>|9EE>S6=MHRp_df5AI~G@${V6em*7f*?v3m?2jm7q=2<y&N1+R
zl+u`=^stt;zG!~NtlbRjwzWfG*u&!qSxZ{CK?u!xf#Vi<a{5erbL@<(3PxvE*%*}X
zFh(fONw{HtleEaI4S^k$a6e1?yJ-#jLqhL@#uvA0zo#SUqNX@3UXyJC3xK1x5yu%T
z11u#-Zw|*Azq>U;TS)sUNtx}T+C^zc@)M*0<#C-EVyBPRduac}l@)r&tl~_DIc1-Y
zYi-7drXy%4`QG?g>3pWC($dzJpxt10=PT=ns9>$y;{fdJLA8!P2}8wmV%CD}7OpF$
z^QGbQ!w<4qwIb5)WQtx{+b1L?A+iZB_doR_Ak3#@=Jf7sM(y_-Hlz`6%g>GZ0pZ>;
zZj2cKdxXZpiN3Rn1yn_$-J$QAICqJE*1TI40p%*SX#Ja%&Ft_|xA3W4IQ@9qNnW?C
zK8xj-S}{$}DS5ieI(l~B_JU9e4Qk0&C0SpgHBYwCGSUk<+A*S{?FZY}`1?%Ot5u7&
zE`dVcEXsDVs|DkMA=`ZAmgJA}&QVml-qRurcbGdF0!4zICbUh<<hg*T3J&NZ%}7!<
zr&O%|oD{U8s8*>6+(38x8swgHVy~#56~jo%-zLwGanWbsgA~wG{&D{D+^x#s@3bAH
z853S$aPd>Qr(=toc?>+a)S5Hz1{FG~A`w&v+BXglhTl~UKZ!wXX2Ba43|-G9XQ25~
z%r$hCVqvw9FaUn}h{A>HC-w_$>uX#<AJ(@So?H*sC0go6X8Tw<QcXeCsyp|{JMSn^
zHrmn-LU;r~d5cZQQ_vueX+i1jm}(}I!KdF+jE3~<O*rpAG)jf2_g2=8k?1^ikOFfW
zUWAh7pK(V#JzaWj_Bsha=4&G@ZzC;&<+BFR1-Q^l#gF=sYP5<d6WGqiP|_r+t|yLg
zn)1n_kO{s|2{M6N(Q5zXwB3EYTx)BzA|<8sZtfHq_sZU}KJ5-qYq}_*sOtE9?P5<=
zHGN2E^}8UhZLey|{1K{>U0~5r&81S(1icW_M?f!{3kC@}e}@utPUuK1UOCL_Adpxf
zg6`J~V~#$toIEp$oIPc8rCRyJlX|~cTfr==*Po##CR11i6K9cIE)!q5wHRF&M~6ZZ
z)BQm5<i3D6*b<WtHOV0e;V}!~m_`XTLRlfoKGO*jtI$e@?4oSn`ZRLQ+AO)TVnm_R
zKd7Y%n+4ZKD*pXr0fJKAB_ONYri7>dP$1w*&sbCu61!hKzCo69zkrOSu<{>PDwrA3
zwHtXovVanH1Z{@4%WOXmSB+GXXXj8=WdSy2vb!KKHVWzoEhQO~mpD@L(HGp@Zwb(;
z`yGs{HT@vOYUdUIEE~!mdotIu<9yj^iO2PR-B578tIC2pKMNjn0Jx;nKWKMfcAaQf
zFSE_r8I{AdU*N-<{g#P}7?zdooi<aWr{)JevCFTo=8+cYHlHEQd=h&?Ls0Yg!r=O%
z%k0<?;E{x(EKpqZhcv|E<tV^2)FqH!_)&GA)zrf)xwLk4twEE7V?t5VsCh`3QECO%
zT|G}d7rVHq%!IU@npUo9+51}y5uMj{CO|7e&o8OGkK?Oi1>a$s99AKogllsSIO`3<
zaW9SkuVO&JLta{y6g?01!Pgc50-T4=M2qbN;O({6`{A%eC}HY1guO^%^G@wpBQCTy
zx=Zvni0-)a`sTD8JuO)WJ9KL2u&nCVYEn?K$hj-$UF<wDuNZ@<hwdwAQu9h3&AuWm
zuDM>N-O7~ox+Yb2U*p#~4wA9`c^9|)(Rij&vsn~bVCQ3vHUytM*?anl)vhMi#6MgB
z#B*tWjzB7<rlu;G1$h7^PR^S?A^C#oV$oi@Rjsu}`|0xflSiWNC?QKA+x@S><2Ry^
zNOj1I1VNKBHO7ow;K9N$hv4gFRw=;&y|N9*o#J?L5sYZy^#`I;U%>ThT>px91F?ko
zpzpbttZu8w0WUTX22xh>@fQ@J(%ev0tHVGN8S5%O|GS64%ppY;q<?MUO(`ssX8W+E
z2=?E?@(wz+R-<cP83z;1`ter?CYF-nd-6p<_%JpH;vn-8#+ESX`7Ynzw38g}ks+o;
zD$S@ozxO??QYabUGr4e}|1eJeRP*<iuTad&$@EvPA}gP>6^{R6u~-Q*>-`NcC`5JS
zrTq_uS0s^W1%Lww{jx&P@zh-;x_P%6;x?pHE#Y^&v<vpPS~M(Mh8TWcU(Xw#c-fXg
z*vX(54ve>Dd<!jy<a9C8&H+K>uKrQ7J*!I$>PbhxXTo>vEth|}MKo|JZVl>r8QxP{
z@jFQFSV86<r^ru<3;jrq-YhiNXbA~OpzKt(d=|cgU}IU3mz9(dHXQiYWo6V$roQnL
z;gesBtz)2|*gW#TT7t^%1~-CoK@+Y?6<f+$aFSKK1%9)GmCl&yhV~@{&a0$Ya}2US
z!h_q4ojZ+V@Gd^A)DbTgS7^<r15Eb}z0QuQ`Lr%B5BW+}_1j7$`mxngzFUYbrZLnk
zJzsgekU1XXcjq4+4TejneC3J>o2t+^-RJS`SO#hfcU(4~v|IjY>0O#>K8IbI(tF>k
zv^!jb!12Fz6epQL9oMcc{@tjm-~kIVP-5#+iDd6WRa|#AxpMjk^GCn*dS9JL3>J&M
zVU24b8HsDstMnz1z&X9{^?b3^5G^d~?c$k{y;w4YuQv8pZx0rSyyrg46{NhRPfn{{
zCc$|fq}M5;yQ{F6CJ7&CpDR^w^$=UKvC8_bi9GP2XfLzo_GIokXq{(m1nA;&PU8h#
zSy<G*wHrXnSp=$@?X;q4v8etr3j-KJH>yI$j7?rRR;AtZa)ZAO=+ET+K)YOggwrjL
zXd8|(xYA+k5FyTk$YhrkCb!I;Rd-Ebb1lM7Zpu2$>3F!O6=WAy_(p!$`tW;78*Q(n
zDuulD6F;OFT&I2fW;IGn)ax+Lf4Ssmd{b^RE48Qk$}}%e=#}ifa63Fd)(Z<L+jC+^
zJCTsib-yKlnL;wVKd8QTFiBOVeAwb*f)HJ_ynBlh>!HE&uu!xN%04J0um>?M=v!Wp
zCu~zo#w5YlQ|0U1w+x~^9HNds$&qTXOFnu+nVD7|LW(*CbvDd>?><T}=)=l7#<1eD
zsqdSFN%z$5Z(xkJO-*V8WOl=F!!2I*F-gzQ`SyO2{ArkzKhf;f>H<Vbm+C$-#AcQB
zh6>7%W<%xgjl)$YrWJsmv4u4uLa>4mF6Q%sc8WLNPgbzUb+h+R(jQBs$NIsO>fZF1
z^Aqs($E=yLR?;+hA87<LY!e*}ka+N{Gm>Vk<FsLj#qeVm=@a-&@dl5SSzo9LCqp8J
z+t(%5?taO~RN{IX%l%F)To$=73VE^q2JL>Y!@7Q}=XLvRQ)5Q1E??~pUOQaOy8&32
zO>v-x7C^6R7%Qd5<&#mv7lUA8DXe4!2gkRzHlGUiF{%Xi=#r@>vZzIP^9b_Vs)3Ft
z8suBAi6VdpUeH5A&yx-1QV1_HLHBdeSay*`z2VnjjLTx)x?wCHQfuKU2877|v3|#-
zw);}#xOICg?U9N7%I$@98pj0})>+lM!YVg44q4tf=z<rij5ro9f<azSSKoUsffX?|
zFXTV@J=TBLw+fmPOT{~T*yAs+EFRhkUP?J-1h*Z{>B`o@4~lT~r?$0)LD5*4Llxi1
zvfFjy;{5nB{iBEhau3KZJv66>hby0<B6U;#PcD>JXA<<`R?EtQmn&P@cUQ$*Y$8>a
zWK@x2PUZfe?u)W1mtAarFU5A`F)=-qoObw#oa>pBwG_V!<&b|UCwSzRV2c$f^<oh$
z%pTSrI#Y(6eB-3*sO?<0Ve&ZSVrsygu_nLQr3912!|8c%)S-UsT<vVvUhT7Mr=x}f
z>GYmwFI{)qBBc9E2iZ<7XMck2&>UbUt>~B8^*dgy<+mvI33W#Z$?_%`J8DNck-c8=
z;H$lzIOCJao3XV6a{`W%CrHdP!TxM+g=t>vx}gsO8y9!ph&OJ9df~<|5ff4;%;)%F
zgE#sZq&0a(NDU>+-}9T#4`NT@>HFN@!Rnlr)#)6-*DFrvHJA>k_Aksjuu-1dQ%fOx
zs4_@9X<XvG=(#UuFh{?VnS;1vD-C$GQc&j4Pyot8maii4vl)F^)#1dxcZ1JeW9ml8
zmK4=vA5{(+2q8njEm^FZzQf#XDI9Li=4}=$a|Ygm($4_l&PucpcSTW`g0w#iBLr#X
zu8BxWP<PXq-g#us>nbJ?OlY1`p~>J1G;3ScPj)Lp9|TI<<1_$Zf_M#=Tf*R$lkkYf
zzJo5!9c(vEW)A0shwDoXs3l1mt#<vZR^77m(?lYCrTD{n^!Dp@1=om%GEE<IERx6E
z<og?y14FwBVy8+Ej}e;7p1kYJ-__$0O%ilP$4JrM&VZQAx{M)}e)T4LdaI10U3{w@
z4&50l3emW4dUGr&d*0*Nq*`Y!e!_WWuk!LuVr{D)ngq*E8_iN~s52KIR_*IOFF0C&
z=6PvL#vsReO1O`4^60WYCoFXm3~B)$u^n@6=T6kK-Rc}aW6m&CQAyiYvXY9xrWbGb
z7R!SD3c)QegV!f4odeTqC?4~cHuxH~vIT^+d>8wN?W`+j1?^_G@a9rD3Noc>)ckTn
zE9KNORx0P^K0|-sGPvBenTCbjr6*z|C>O-5YPKZWiN4z<wQ{5bHMWhrCk>@rT<T>9
z2Q-IeF_dTk$5r+*Ef1?3b!p@UDb)1hS!pYB7IzL=iI`+dj}83x$88Cx)r<0zh}L<N
zaf%U?O9BGMTT%UoR|W5JmMcA2hFpMtJ*>?OS`QccT+~NT1bsgzpbJ$Sm$I_x#|*#S
zeq3lhWTh+Pj@eo>H*54>&?RmRD3mrhuv7RY!uUn%%a_*}FSS2?62(;b^wRf}s1~2<
z%S6<|R!xIevt7@}9JiE0^_MrkmDVgSyWt$r(NyQ`TcHE%)XtBnRf`ptuU#G%I0r%N
zpTO`evx7UXltfAHOgAN^V;;3B^^;F@N2%9z6HS$p3weg$C6e;BATd6ir@u{WQ&f}H
zP6Qt#H6x36_&U-@3H^w;0tLySp3r+V4ixSQ_A|Q4kljLNzw@G_tg&C?V<k!y8Nbh7
zec|y>{sg%;ZSK!L&Av8%SUhiAEFz|+q@+{4$AwSK%cc=c^q*H<7(nB{gh=4t8|W7u
zkDp;VcCf5Ky_5Z+Pnq(iUy`XMqDQx!9mG?rGxhoH_=RPH?B{Y|)wTuMH-Q796UkyM
zDp1?m`6^R?TwGw9bs7c0AU`ZDY_Nfqx4ncs)-^jqx^5NoHizPYt&EUkAH}SfFGnYN
zjMV$4a)LnM4D2oA)A>$3=$pYvoHc)vFGIHb!MJ;JsK@a%4;`t=OLrTbbU$Gk(SAkU
zJ=_oNa6Vkwtc{8)ulR>+6I9=e54!CX8h4*u?HXJ1A-`hV<~<2R58FpW+Zo~}xWe&n
zn`*7JpAPM{{GdyhINSdGZC<@rkOkW_!AP%I<96$vklzK}CVP?_r=%tv*PhBfcWrPX
z@j{kr;h31i>!_7*`oM5?^|g4bddP)cB134h@7S*=^1rX<J<QrvvB;6D?TuCTif=6J
zd9!@&IiVQoM_IQhRc#IF97TJo^2S+rsZBywa;NSeri8ouJBaKdHjkB;3~h-lTBuHz
zg9E>cVFqd{8M4{%`|tyyaF)g0KJczQ*<tvIfEj~%a);znu|HM29M0-P5iu}<o5OSP
zotIGCw_eS)^WNYVwGWoosF3cBG=W8L+RSKO8JG!@Z|mZMD%}3z!g^%nGoSHMM(+SJ
z{9MOD68}n>R~&Y|Fg@Mn&;{ax6nF1#27#iC2O2+r1c&PLp6$p`(s9Q$V<6|C;`7M2
zt(5<C?1ZdR%Ae~RskU_R1uf=sV^<N54cwENx`So>JU(o8$Lc~xSuRgW#UuBGw_Bfo
zYljH!<>O@K)$x7{*NxPh(_$Jo_CMeAOIYTLc<FGGTX?eACB(tQ6=~9eszI3-R$owK
zeXI92v31llUbEAT<DfF`HO9n^&HMsXSGYr9B}8!|Wx#ljWo~kqWXIq-+uw0YD?Ti7
z(#2XJ4d$QSdq5(!lf1G&S4>*yJ1*SKi4UchzdcAIYBa>eF&pfb)#M5C!xPx&1R#s)
z__g01WVFJHWMB8ZQeqQuQm(br_PRQdOi*ZwT$-P|@XJ*5!JCOSRc=+7e>#rGKkvEt
zu3iIonVoEcDZYgDn<c-yQ?F)9_g)atZ1go>(nH{PD!e%zF~DjIiLaONS4VpgPSVl*
z0#_wo#cjp=W>a_gb;%c@5xOfoc&2Np+!oa%sP5U96Q}fq*fWW4p%8pK-(&v5ioH2d
zc(aO?OnXk5zJI1f@gyWSi}A|3OPaj%6K^)*Y}DiT+)VP_Uj%i8ivru-?v+GM0ZsY~
zpSG~=FJKUW4dFFzcE`=zA%B!QH*H+L%iD|-z#-A?#!I~u%>bq87F^E_hB+$J^U$_~
zqp=)IWZFZ|?}a_ylXcSx1#%f(B-f^ox9eK)_d9wSqlDi4S*dzyT^y@95m=Z6`l2>-
zjh*<_FL8nFx-?=4g&U^`XL4bz?9sUR_Mf+!P0okjszpj0CTWd#Q9sL<(k;I?J|<o-
z;kVAy)#)2Ma5!Qdx)Xl!zxY6!c9YdwLk~?ew^e4;WAa~LQkTlcvH->O+fR@S@Y-V^
zt^(v5(vPtC8mo+zwIuaC?lrZt$R#V4(mxQ4`$uJ?#Te+GVBc|`*p_-^w)3`FIgZXo
z6Q09Z1UO2$0{5ES%X-Rsynp{Xg`;LBB>NAUmz8spv4=dd9mjH0i7s-GGA4uhJy+%v
zgSb4wkQ|X<yI>(FBZF{N%|W`5=+#RD{AEb_<XhpMG7@@=*f&4i3Ma(1odnNONk7b)
z?jI#lHQ2<cbKhzRe4|x(_Z+9^*O)L13I@IaKP&iS+`X~eiRsMm#~R@aUb7glRQ5_F
zRe;*;H$3Pq>rq*fz@1_=#y9wQJ$oCg7t-|}dw`dU<5G77w(<>dS)GyWcZLXZi92~C
z)5rn4KeM)el?d-W`Var4;ALDx4}OAbJL9)zC6B--gDwwxoxv)2M)CuCT#@6BCIa$F
zMA;koB)Aju=I11Z3mhlN9ZPt9($3=3lwh4p4!*SCiTwf}jb3*Oa{pM|+m-z}giU`9
zOKVEY#u8Eks098}hVEa2z9tLv{`6AMo^z=D6nX>8d|zI#x|NB2?RZuG;f1-8BVotQ
ztyza15t-i&Fts-`y!FUfR);^s-A~|4t{XW-WU%j^^!9Ne{qyy-#o64<8JmNS*<;4e
zcJCzK&lq2yt6?%L7vD%Wdo<imLyB)`opP<;J~;Oa$-T!22sErQYS3br2Y+4a9`rM=
zZX%IxnyNJEoc}=B5jW!xH>FpLps1=!NJ!sh-z~#+v8+oltn0{g?SO1hB1eLPKt?8n
zy)o3Y^*<PX@i_k&I_q1T2=d&2?I`!lXkD{}?^usf$|d~ivw5S14if?W=!3p*+Qz95
z#uD|HH72J0<Hlz+4AqTyLE)5X&O)fl4RX$lE2~A}cQjOd(}aF5D1wlg?h&Ws>7CJe
z%D1x5I`2@<+O2rj#{1bm|0Gcl=kX_#D|SwRm#W1Ep{23kOgp;RE~i6O$Hu4_T-RX9
zO;#C9l6tK&^!}>8so@yehMPeTD$r*ovIpD30C>L+KKYT9$p+@yJG+L1`*RKzbk>09
z#O-W9PZ&tpHX*z&WcM#WrPNP!jawgt-t4{aokQsX%Q^%Gy><aMKgJyH4}^t%z2e-E
zLCj35Vya40C_as%Y?=u%t1HuFMt|JGHjO4ku>p=XJ`AP*l=?McC);iBo~=$3HgS%T
z8lO6$7{-ScVLmwHod5NlHA;Elqu=oxeU=fe0!C_GZq|z(9wIJVlyn>#6SD8}T4Pfn
zy6;@JvVBo;!rFw;Ly7n{H!gqk5|{~tazZJAxPZ)&<auvjU*>Hj&3mraAO|<MN?3xj
zohq<X@oPw+n>_vMTG-Pota6=fAG_Ahk2|{2{UBdvJM$aGGDXh0S8J?K>6NJIKa(<9
z3!(2c#d&Sg7FTI(UR<yXo4s=+^|x_*wNQXU%^pRhdBL?8D8(J~2uxcc%Hl}5z$!^N
z+<dUhjeA|)tdQ$hQ5PtSB=9_vHo)<YaKOGglVYwXzkf^MRdVk#j=t$pw#3)3LVb-3
zr<3k?Lae`xfbeIi(h3}_sjR6(2@{X91~<lW8kqwy+Xej5TAVYH$tc(3WxA!D4_(C%
zn-iGiuX;ETxm8a&e0Qz6%L1<f!kX<{R$_bOY!lT^2Ilb5>l_fxXAgSLEv}W`?>6jB
zRgAt9U-XVHP;R9<N5gom9NyDSd431j;}}U_TDMKownm-#$6BWSyn1~h@IaJ(Z6j7u
z%4P9z^isTCBcykSlE^=o3WxzkwKrLdvA1-7Z#_L8!*+kezUv3?)PP0Isb~YoF}<!m
z7aMFuG8dyg_F?j=oF|$Qy`x*xY$PnnPwSJ4Cu-Y|(iUMl3U64e8fp`h!X(y=MXG2l
zLCwq!hfR5q+ehPWlBBQtP$GRM`Hl`6iIW#s(Ic8f1Yh$Tv4A1l>~Y@Xk4Cdf3#~5;
z1upciJLYr<etUlBvc57*wEhGMBI>ZW6|-2#qdL+WOG_Z&uMg4Zgff_GST6`?oEb1Y
z0f8Oa&ZpkJ6A04DSRV`@%{0_bO;dqRoCP+8DCUd5kAKwaD>`a<F}Hv-bbc@P<(a~6
z5yFW48speM@XEUB<=a<@o~Wr@KLvobMDIC#&Y&$_aU9x`dW82(mDzrMGr59<Ff(H2
zE>p`{0Ly)=D&@B5R3yzR8PSBHL4zin!}?&L$~);?8X~swu42j$XCQ_(h+S=PfDzR5
zqM>OYRPu86hR{ff^ax)2MoipnVZn0X<W*NH1|=z~nmswQ0QIir2ltA>k;n-NL)%0T
zPv*`x6@igJnN7KYAo-VpcB!W|&rlO0T{g$5j5ei?4m8d%sNPAJFL1p(Gcwpf$5iKG
zS6|>{Wkmh>mglEt(heK)_zg$zA{Ig?tImYlGl5|cxiRxS_tt}6mPy*YZJi;T&e`SY
zory*TzQdxuBI?g&hyXnV-1P115scZsp(VDXD3B=!)7HCw;OhLNjx(CRYf;5Ua%jA2
znG)AwmD;VJTo!xHsYmuAF1cC9go}}Thyx#YkL@b(`Cz<`5yoIJxno95dq}PtM~rZ&
zfb2lrK*__#7a_|yp3h5Ih2e9@|KS3(-Q88EqJ7MCjVs^&Xf%!KbLY$QLSgY*eyeam
z-&|9HMm+Z96A&XoSZ17&@Rvkq@T8}cuK?a=81m5z%a5|vGy}NgrxC@m1D$8atH0*f
za3cE(l%P{YQXPxWEA%o&5u)?{o2(<I<PNT658>{i$9YzrpHw(E!y}QW;=l69j$Tr2
zZf>1lops%_V_h>&$M@q>!knf*$ffQ)2aa+roIwUA9A5c<z@~XmAWf3)m=Vs!=7W6J
zew02E9F{yr$FZ)<ZMz(ruQ#JQ`z*;j`hL`M^EuVWuRtUxd+pav-{2i$>?@7*hHKE2
ze8GXU5otXZ4d4BDjvq{}r}v-kEgS;5D8d3pg-f4f4hQ!M^rvdzU1ab#h7yozHr8ok
z3bYAu`0HyjX*jMAzT&C(xZTJs^hZQ%uwK;k7CIm710k1C=x1h6A0A+5SQrwzT?ArS
zZxcqw3j1*<{JimyVaI&n+X|Ou9b%5&nL=cM+o-W-YEB(0DG#Pu94J+j35Lw%ho*{;
zR(5LKb#}E0S5sE)=#B4(2HBr<X;f%97@3V-NXt?(P2aR9{n(Ge3_BS_@@Bl9W!c-C
zST+9IM0UgUQ)<q@|4z63O9Oe&UMzkyC*nN7_pulbCj#O{AIn*=Rx^4h1jl*0e{uNJ
za=(N8{2pi@K;E0ZtwR69@M%3{=7o{N`>IZYeqf-tk-TI7r=l!}#RFxk<s#GFXh!=W
z$Z38%job#+MBm=1%)4C^_8Zuidl?Cx6Y?@8xzYNO+NEH9XwQqvZES|`wx8Vd#zX}a
z-(N?k;MU%}TDM<Uf|(X!TSUmu-eM8lU6?j2QT00TMa#^g-X0Jdol~z{QCE+7%*J|z
z6o(!ciatJ`_ie?clxrT6DJFLJQ@EXcjMk*P>2_V|I3#!D)j{M!a4I8>`B`vR30%GE
z^r$!9Ztj?QK01#|!^ZFaDxo?nHZ5^8pK)*TR-ChM&93*1@la<Mlfkf$!qHfkdnnGl
zPPs<sLDiXTwX5<w;Z?g*<f|$ZAY{*+j$iPH#6X3qgKmn=H5!c^ngOBus9M7_g7*}^
zOlBK13toAimvPw=EM0v(x7PXIrtam;oAD9Ycw`8?p1(sr+j%`8UoslFyu?jIZYX`B
zs5hvK_fb3Ms?M0fgHr$gkY2(&(3-bY{mSU#6r$l&%Y=iXzd>wsj<9KdIfAK*GfkR{
z_&>U`qZT_}Jsb|Av{OiovdQt~{_2zCp@|s?aCh{nyB%&>^&7-GWuc%@&jVOcAPR3^
znSiR4=8bnBy`0%i#jyaKztgU>--lP4)l(GH2%GE!UC&s!wR#=Q2^5a0?j)wRvoY7A
zI7btnxrDvq;+Dlliv!eE`sj1^j3D%S3T6)F+hlG^7>n(`ZrFxpT`T|Yh_v<2Tvtuy
zy9U;HgT&tkQ-nv2UJzvQkH{Rzpi!0V`>Isxz?Su?rFO0d-C8M<7;t~K#HV7!m=o@P
z-K-*l@LDiPgPh3r8q2;Kbf1piGd*mcm@$s*RZ*P7v-137)lo_lYpb147#q#PEckII
z%=(GZ-Y1p5tUSjC8qc4N>3=UV3Vu;-zkSGp|3mGBjf~kB&)!H{uXHXVh{?aYkLhUY
zQ0j|e5Qh%^Xo2de-dpGMMT0EEh4MF4&sHUN7?@jr_7*8-dRqPFj_Bl0jw6jsSh-Md
zEP>B3ZLh~#*72^lHJ_$gb~^lGN<-yhHnZc48PA{CVqsmG3fb6N%lG>_o4u`e(M0yE
zcZg`@T+VD$qGHh8HFp!T#s(XhD{-wj{H{lUyha=i0KXY2HMIt6)Pu&y3mN9+pY2F_
z>T{o2FkNwG%a1Of3_Tux79_`5bzNKc7mnTlUU2^kU&-QfFnM)*`^D@y__veki)N+e
z$-<{thtJ}xZHO_9M=@@*^*EEL9Uo>aJ=TCo^`y7d`XNI$a7%iU3?Qv`Wpyq0&a1}S
z2Ed7X1Pb1s<0e9i`4x<1KeZMA!-t;O3M7O1$(<Q!bX%@dJrW_%Vs=NdJDz~;Y>e)x
z)kM}T;if{E!@Q1^(G#EpWZi{pjtc$Q5Vczy8r9T(m&cyu#M-*pVTkR_kwxQ(Rfqq!
zE8mE7!A-pqh?x7EyFsb(qNSdcw~=9kNfsIiOBG?NYM?_LV$q1EE#Fl|p>J&!Gi;L7
zMO5j-;;}TRA<W)UJ~Q@Ofw5?Q;{%<E+dFBWdTk$41IZsm`y)cfeT_X&c7$J8>!s9g
zz@FD<Zk#Sq{>=W7o(vkV-11bGw(^?G(ImCkgPXleC~K3P4mvnW<B9Ua!!hR7M@A1z
zUrnbmzny9`6pMKMykF3gM_OEVBfy@sU25T1d~7JZ?bnP1>iK-W#Qv4ZXQ|zqIG2m(
z-rS7lfOA&k+u02#Pl37N{N1|Cu&l8q-|XE6<%wyE;pm=`j*SF1v=^tWKhPlAq)6xG
zpy0|kW)Q{G@n=xa7<h2zQR*!UrC-x}`1#sTm^s~-C4!~%`)U2(g$Z3F^6HdSmK@5V
ze#1^FT0Zk!#7$-7V%z#gubOO8I!~eo>g^5vBP8L0TzBmJDCrwwU!aR$U_=I4W)Hs}
z?sgSpj9~ZcGs29SH^>k<m7KL+Y?CI;^M*R5^3VQ!qc#)TvGwNea}oee&X>}62&tsI
z$il;*gDX{>;q2Q6YmfOGXAv6sfLpQV_pU5YeO3ppS8r}zfTBNs4|NT(oXwzhZZubM
z*rJn~92|WkIN|b%RH_q?tJ^8J-PylXGA_D&D>9HWwLh81I^-X1e%5UK`tXXV!a2LO
zma1Z7i>4K_)giF_sD(A!;GCMd!M0O2A9mr%*u2Le>(Vh=QRB_nzry-FtX#&Wek~X&
zAF}?erHNcpbcuy%ni`BQe5O3#<iwUPpZf9Ym}=F<$*0F>*TXBw`UyRVMLG;6>Ia$!
z;825%Z1&r@9m~a+q<5QhkG<8n+Aplwf@t!`v)^a-v8WgHL`h+4db_R2_7t=3l;My2
zEMA&?SirRD>I<**V&2~u7`-MX+e%qC<1Bgk>4!J{01wOh06Br<JAIOlBZZ62t?H_+
z9(V<eTU|d{MyT_oh`_bwI%l}eeg9U*U(OvMdj@#p0~umeVt{VJ;CoI6@n#UCp2^?!
zY)O&3{Ue@f$0Hvu?#pd&W=Tbwzze~pJ9_3f+?$2!RyA$*_KRt)`&S0k7n&0e1`zwZ
zgN2wUq|(;!WKW0$o#%|^Yj!UAKZY6~oL`PA9~Q;z5#7`4w*e!sPTRjse{lBP?rKS7
z+Kwdh{=w8aW&~#O2HeX!rzJTRUQV}Lz?J1u8&5w;RY}mEdPi^xW18LU8j#&=(naj8
zqfLUn15Wwczt_!CCSD12UsR#7o><^!k**#cEw-k}xHQlDg(cmIQJl-^^=+S~#FrT%
zF`vBuf<NM|drydqJCwzo@Ye>@|1Rg@_KtNq{oxzGlC21P7HoK`;PCd+#ceaenlB`&
z8v8Sm-;t}3R|DG`jh8}>4@Z{oqwA6Ft;5A#>Ro<`g2Vgi0iR#ZJv5T6?L#E0Ni;$v
zqE#)t3T3~a7lA_c9djo5eP&8uRcSga=Y8_l^FDmy1-;wqHnYRs375+5eH2RV&E0Y=
zXhp-*1R&0wK0~)1XZpFT2lwoscy8MJ!=CW^>NR$Mng`krb-9den$Vk6j#Q4u=X^dK
zFRJ8GS-}uJ8NQugts+F=cJ3@8-7;Mr`DwK%=C!EcrnQ}=j$<Oz?+R^(5~!C<GS_<A
z=RhCg116Jo^*!AWekq|ip)%{4<Jk%OufCWh4G{9>@z|m>%zd?^LAx#Llx;FxV#e3j
zh7nCvJhRyl;PHLoJF@W0p=*sMwbSqI`1hWgkL?iUS~YWVzv<`?hCJk1JU(UTyNPtK
zN%*21DfNwyHmGd;-fzb;${(vSu_q=Y_jJBE#Y8t<Me{wVhJG}we8maoh-u;{Xzj)^
zqCuOrf7id!dp_{h>oE?dr#-YfdRs`KsD^~$sfA-01i@Rqy_5EmkL@E?3i4|2%zvzV
z^D*1Uu>Y|Ko;mc>(mVA*&%MapOXQ^fEsRH>tFuGN->jR>?R5DY)5=anp^jsJwZm`c
zOMO>1)!o6L1PAP>j8ANdT2GY0nn=sEOU{g2zCuRp?&OocCQq5W6lad$Z+!J_yc`A1
zWn_wxLwh{$#hzf1OU=*@bRTfsIGwP`QKxzA#N>z`HWA)TO{<J0j#+KGe02OcCbL%~
zCe%|xu6wh8uZZcj;T<o4uF!G7e>dMGND%L+OA%fPp6G?G)w<|lo*$fSqch3otBX&U
zStGm9B^@n1_rI_%+94hv(0}OV*A0Cc%LB_RodoykJVr|@P&6q_EH~Wj_R{mAN~~${
zF3Jedfh;kdN92vR=Mpr|px#mZNkM%yEO9&5lLsTY^;PayZ<7To2>BL*bID^2mJcV+
zBun`{Bj*a1=6v@TXt#&gJm>m;H4K+Ul|X1t{pXVcLzT{>%f~R*+N39Lne{(xXx+XS
z!qVTpAJ8*B`yEryn;D^5ji;>ECR_MV94D&CzHntSn0vR)w+?cLh_+TTBl7(seTI(>
zva~rFw>pa~jj~A6E-n>>MUkfFS*z)AWJ-RymkH&@Oi_q!#~8fgIH${7bKl$Q%eU|?
zgpT~#YB>h%Iy`d7KBN0~C9|aI))qB}E$ha|Psm+xI2aM4_5;CMnvY5Rq3k?=!n@mK
zn+8h-v8iz?@eyK>jRB%Y7Lt+bxLevuXF|}M`PXs$;_UwS9jVpDoyCPu)Bj9<3MU*z
z2jxH8`U%}hWq3IW^vTv0ISn%?_}6cznNyCexhy)@X>0$8uw}k1PU6NG@upUyzy3(k
z^mBL$;SA{@Cl$7H02nI}e$k&Y*e+{oc`Brp^_Q{m=gNPTljncCPJjRC&+kY-b;;uX
z&jO?*q>;-4=Fcs^Mj%mdmX~!L-JRQ4#(o?YaQ)T3KNmW&)pCZM7(*b?juqRNxVW&1
z$Y^PWznkz^McdqUf@gscx2BCEnbWf2mcMWIpV#ZBVyJ(f)W2mrCTIOmpyIz}8Ta*{
z`f-Pz?51XWurmt7Ao{Q>hy3?<TZ7@w!RPxoTR+toS$$bJR(*aF7k1OB<RER3`hW0y
zoU6x<UPnY8_ORW8&SQgdA1+Nc?J6}9kJ#~qT%uJ8dgGuAmL(r?^r6;=`UF@}Q$A<W
z%7V*x^vu{wYH~03uzXv~(QYkLVZfCNd}>&q{n~rS+Tg>78j^m<Vow9DGF1kJsnz*!
z>n#m(?*rV*LP3DFaE=~efY5(^TyOX9c5Ta<w60(w9t<v!gm4w)u@R{#;N_RGRFnC_
zSJ+f6*PQT9$8>qZeos5`uF1qJRq`kU$J2FLk=UOzW<m;X0AYy=J$!m0@f~m5b~!>k
zY;a{T%J}^EhE4OSYDkiE>z!MS%B%RJW>3!zC*YwT7&WB9Kf-W;VXE--IlVWz!FZVb
z0qBIa|A@sh^LjZZ#{b6j&ZjXnrO?Ti<V78~zIp;_>%bJW=D{Y$BYySs;mfym8CAju
z1IFG*qc`V76cdl^9sO6$NvAS%5w3)sHgq_crJ)n94dQ=ynO#WGU*ndyOD#Z37DMOG
z-}_zJD$fm*JZ~DOeasw_{f`7n@2mJt?O-*Wxtz8U*b=!}Z(gXqr}dZZlMMmZ)G9MR
zi#t;e(MneN?hebBvgCIO#mO?c&bdc<=^tp!Fb!vBb?R>)tl_hKBoyWPtI<8sTaNw1
zhWdSfa%QB;Xd<|}G9!Mq{oAiSymNTVGA0XqJsOsl-PMz))AWN##4kx5;=Lwt{#SWl
z6&2Ugg_)2L5;P&fEx5aT2o~Jk-QC?iKyZg(jk~+MyEg99xZ5=0=Kt@=numFv{m{ME
z={i+sSJl?)v%mF<u5g;dh^vdLp7-fDpF>ec-3Vk{rqUmZ5~}{$jJbbgrk7HuyLj`C
znSCOE*e#k2QNU4_e~)`C{6o?@eT=;50(-z~tR(3=J{CWi0I5P%yF_kI-{mzb4bL&B
zQ|5PEl99dhP4Uexj7Kx?GardnesEuKr@kMO#;*D1UtSr<u0E*o({0^qPazPGqw>9;
z33opRw<*EnyveuVUbViq;@zm5feI?he3#{oGQ?}QHsQ!qCV*X4NL_d=1f|huv-On>
zNYgTnTBL!{M`tmOf%`66$0>8M%-?5Yiax4v*jdF#MzO;hyz_Q7P>lsOzpHzUiNux%
z#N;th{>XO3{)>S1QfhbOXnHu)Dqr1uj`WDF+^selnW~7k5UX!(>um4M&DWed#erNM
za=!q%utuUuxlcEtfJV{FJnedG5xaK=Cwm<d^wTG(nZyWNUdPtw@r~XmDIuCLuAW*g
z#oAN(6&@{5_jsFy3PuKtM~zoMRF>4W(^m`dueI7|&Mj8^*WAO$jRvU>6qeNZK>EWS
z6e{INCO5{iwk@|?3cAZZmujSn_?dx&j%swS;3Nb!=HhVi#y+PZdWdsO);C8eKxdlC
zX%N-{huKHv!uJWmJN5jCNctZeY={MunMbk1gJr1=v<B9)F{j2~G%H@s&p!$>a1k#S
z0%6qQTenKSWRpGa@T6-njsZ^k6#Y#Zfw|TLyw8rrQWo#$Wt#=LZ1uB)@PyI}cIRr3
zxQj0JZ4V85Kw<dn+O;@hZYNhYn!=^GC?r4HZ1jv$0Nlk2s^$}I!&W%Qz*G|TMEXQ*
zscrk8VMGksv<P9ST^8YRS(iia82L7aqpM@!RK!ke!U^`rn=Ut4)}jtk=*AAqNLhw#
zBXuOK_9kzfs@_qhHec7Oc(Dw3Ce8-mtVZoBzH5GTUkO|nE&S|SY#?6za^Az@@q?Z!
zR&nBc@vG&*3Kuwy`v;2n0P#=T8@CHO*OCNe+{0G;bCK{jC8hVdFN$>o6Y`G+H%FrP
z@&JTu?#$NR*R8)dh#a?y7f-e)Zfm$)C*VddL5vP!xVfJIHR3#xTolM>sFr=?p!)EG
zjkUs<Mgl&*z0Wy~MsL)|w{Ghj#@`ITo73-H5r6iV4F7WR+6d6zI8KsTdP9AK!_60;
z^c@c_k5d1uxjC9#(xR67O1}M8B0V(6)hE;F{fc-rAbzbd;tia2`qE110Y>sF(b;l-
zju|cq%X|Er_W=^DxFyi|L4UYdghr1+d{(T4$(VO_C}u82=|2MEZdRtozd)b2`vHIM
zF8U=H<r!3@m=Zc^o!8X5-y+EbTxxD48P&dx%T~&1K0lHV{W#FIeyG9}lGWL6>sZN^
z&iZNgt!3)g2I=R!u&X?*6RoW~QDS?8_c=N?JF0lr+d>jO@U``|znq5sVlpIP*L&Fd
zQ0SPk*gdkY8WxOLb|@45l9%VbB@~-&yu`pu0efIo)|vEczx}n?n)Z4tx_8Ub5ELvN
zx5qs!@rl727{HM>*En@(k^!7#t$H=QZxKG!^)4$a)qP^<+3bD#6k(F}$0YU^X?B;J
z&TDIvU+6eK5%)Q`yK+3BhWQRA)qg1z49C6L(E@y`0H<u8ENG4p4th=M;^=SFS8P<~
zNbc5{E0rJcO1RJ7f^?d<tMXr~maQFBmHr>{g?TWf)+KbV566t6+G}f8k?g#e*<KQ}
zZj<jDYKwpdtk|)cz6$v~L*M7#lA8IEqOXS8OfcEAex11y2|)wHa0&kYMvuo~(L5Bp
zg2(qZesI1zN*1rqvbR#rbYZ=-#44gfC@yy2EL`ZjDg=NK)uSb;`Sv-53wA&lrGc2w
z{HoxkOv(}?Ti`U(pSMO%59-|r8C*7?7H<R>_IH%nWfn^yve#hstAgLT^A;2k)s+OI
z3fMb(zb2Qkndm~HbjnjFhpxVFL$09#Lsif}@qZzjUDubu!*c*vGEEL_v^0FerLx(q
zhhLI4`xx4@dLyc0XB8W8c8uw+9wYu(4@Z*l*@je=Y_wGT>xThA8O_$c-1x?MMjl1b
zS&n$eon=${B@1iq)5ndVuZtr8_)HNh{1c#Oi*F8zk0NIr+ltENzbaBN-k?uomE^vb
z!bQ)zZmzl$&3YBOSr_+2Q0S!A@4t;dYVY4-5U%O|-CS8dr1f0_M7+NU2?AW2=U4$&
z6FZ03*}~DT4CgTs9ZS)d{n0dd`h_zv{=ppZLdqB!t`pJ2o0t7bd$(S*-fha~bdNuH
zG0BuLSGg~aHi@aUM=B|Uxylm2)BDi0!*Yu&&^QaZymVMMV#3|x$`!xNiE&~S7p$s!
z!|dlqj#6<G9i+1?z9vT8!#rpZmP1^N{9F2=e7oO1r{a1u*fw4&2-l<~I~2k5{~D`v
zfmLs7SrS~5_DPX!%vwFs%i1o|-F_efn^|iSMbh~T8~+s76fdC3u~;xvUC7kRD)T!T
zLrY?JmYSGV9DYA<m;|n^H{DoVLf*S#OS$<RCvzX2r<$^U94JxwIa%&Jm7W{-h+w6)
z-fy|wP98U`#-cY*IokAp35LV!u8k<6y|hGRYWa977@K2Xfc!=B5Fx@Po_I=mvZrNV
zIu^@0HDfL&sR<jj>1ed5$gzykdUa&4qgzj%9<xB_xKmKs7q>b)jEW5J9QIg1MP=@!
zI~Zb%_9oV|`ls3z=>^3rBEW=K$Lb)%r%vP>*i3iZ)yykF+8w_mp;MA?H-MvKo#o3f
zeb)uo$_sB;5U33L>^;!Wiv{3iN09!JXI%z2@<TvD98i4X&e&FrkMGf~%<2Oeb8i`>
z-)l!Fb{6R&HqptUkgz<_u~~i>9N4RuRkZHok8rZ@(?YZFm$4{&x`j2+R=rAT$W%oX
zg>s(W*ew3XA$zQNjz%IGo}&?etLi1WX^+j}^j<Lb(le>D&y?GOqyl)kT?c}F3oP6f
zgcaL%aNwo3Z^WbJH2=gMd>gU#TPuLLyOufFKhOKAj$ZM-5ikuG3ns#m<<OpatNI6f
z@{jZ|-koJOK6?KbKi9mhAU6BLI^fgDeD9$}sZ~jz%jW|EfNEol7Ap+yBkMx0n2Q(_
zsHxhxj!XpnU;7&G{_&***;x61T>p(FKzXGD&cYOvA(9zk&C?u8wP-F+6$uQ?G&}X;
z^6zB7@pRU^_NUUxzV4<lOwRu$NSG^5yo`^JWc9J088aEkebJmRj}HzVgcODrldJoM
z%sqULISdBILBoiP_qK^Xi>#`#@~>t8w)^wlx0l~0<{4o_t$}wrix#D0U|q=hKgBF~
zbM?kb%Ky_n5l;}1%r=n;oj5w&S^Ev#6|@)DNv3NBj}~XAon~2!lYPmUO6P>YrPOY~
z0P(c`K(iegb@L-(MHpL2`RcMO@CfT21-l<KWXQ`p{rT)Y1gz+b({Yf>l#!?hEhtuT
z5+-^67P_AfH5Ix@|L$kGXmM)GRPycg-QCi;)j!kt@&$SeZN5blo}ov&pVGe7QXTP&
zvEHb=%>2-N{EaXo7RY*?*ov(*3E4YyVZ6nKGg#3gzYol#17`<~xx?qbU2SlG*Wq_y
zS~xUsRqJ8=xkKlE-|URPzdj&2akU23$<gG;eaX_R)<BUiPfT1xp|{m<X3A|HJj+K6
zdUPUD&x1#pBK_W4=b4>Q88)(%6x4LG&e!wU-57eunyTt4sNoTrVIpt>3U1`M(kB;I
zc}<_%5=W^u*3Eek8iY>^^tS*>=1-da2%+Pt)i=sVYluoXLoRde`4Cy??i-WGv#^Ck
zvg4kOP$hI40XLXf6Upt6_H`H}{LM>y(rEmb|LRgQaH22akUYLp6Uzf9jBre=Yk(TX
zPk3r|7rE<XhLIPnt?@f(Xyh!^{%*q549_j#I(P$6J2;+6Vd#B_0~A@)8JllGVt1UO
zI&NC3O|BcP%qFngO^ylZ-blZFY7U-C(#ew=divgav~wGJz;rfR?rL5bpUjFD;Gm0y
zosaDqUf?s!tD;ov2+=W-mTnPskEV_Z<q|j8sg#Y2RbSISlIp*z^(*;eQlE}^c=mmP
zbeggkm*cPAbdN{PY2PCu>;3NauEo0JF~*Tn*Hcw!`F!4hdG{=wrPjhadNg#4Y>hkX
zx2jw8srH7D9WBc3L9Q`|OVuB4)IQHW^dJH}*i)ko*sVQyPzEPF==2w@wKMjP6*Jr4
z&W;C$v-Vf(<Ygsz7UTSTk6XVfMqe~l9R8j#S}~R@KZeY7$f$G^e%Ah=mZV6El~^&B
zj}yywqm{S5hw&(=1QVSu3|da8Foz+|DEO@XI=M%w0z@LvCLjyXsshJSZcmO!4?_LK
z^GOBP4Y^3q#pgb{_joTJ(qy#Es1KG$a67wAOyqr)GUI@)Oa$JlV~=}(Ew}x#X4$x-
zDvKr=RrdT?l@y8jt8_n-14O|m(g7vwQdl!+eVMY^pE?(dNCziH?E@nW>46J#Ng)Co
z-S=xETU3up^%5~{>pQrYtf!-eMsT13yW%#ji0Fo511WH7W?82KeHM#IsBgEXf%Gr$
zr_>cnaLL2$jCtba(n|9lK7{f8n`d+eO9Io$xx#0Q$e2*fWw*648AZZ~wp2^ofeRgL
zkS*oLcb~+GvLZnYv|_~Y9V?EJLP0QuW|SMD@4JrjX?3G~-+0ivj43l=2jWt(DmO5G
z{rg`4tbh+-TavI%kdyrD$#ro27$Do{U8^=b(^|s!0na0~Z<w<z9`X&9SgGj3$QI|W
zuPilht&0BwWgUqOMIc(irA@Drzjoc3)M$OgP1M#mTdR!rQ<>HgF_=cM(J*tUCMXK(
zSZ&p>(ssy|0V~}<WX%j_5)&TEUn`g4P;D*0Z3uEdMK-itl5JA+mdpT9_^kb~9Jei%
z=E2JE(y=Dh@0Yb+pdwA&)PDF_mK6>AjM-L}2+NT0T`C+p07rX^d0lCTM4*Dmj0AZt
zBqzj6XMx(4h8?bfbNvLCgJZE+d1%T>8%ZNf`J1Ssoif*?FT`t5t&--I_YtbYEDvDu
zOUE0WkwHO*#m3`u9#Ly(@z%u6Ykgt75B5=+;FF-6O{F8-mC|<+y564@gTzPT2UW{s
zZ=$AYSb?qV4pPR<X5Y^cUkB%ckHpLjPz~6two#TDs@~`Pqf2|$HeJ6?tV&9rncGaU
z$Y?`1UZy;hUmbDfx3wOiJ`x6nDfV7pB+aVOCv!7(uVGL9Dp%j;5)G&+-Kr%X!&(?E
z?7fL=+c*y!;GR*~+SrH{I{=`LR2E2N!(151u&(@Qu(hF2xXv0ZNl8fjq0Q##RBMo=
zXH@I7W>od7WnRZNZ^OZ;bZX7N1*z3r!;wM4SMbaiKjAZ!{Yg*c%^*5AT6i4WILQyz
zWUzl^k~}gwc)P50#J$`m_v^(VgLmt2EbXrZHOVvMs{xO+$el+@f96dxK02dz{a8wl
zp{=(F{qhvvGdCkaoGG@d$Ce`>cj$HIN;hfXPZvi?CngRx?K*&j9k`zz%FQL%9QEgB
zMKve39<uoSt(Z=xHwI&i4jA6#evTDeL2NDhNXT1sUwQX2tUKaMZLCB1l+VhjG((X?
ze9XeM^|kK@9_I67u)ehB>-N;2ZUwMa{*@kw<^za$^s71-lG>XR+G8s9*zr`4ioF>{
z*yX!iL?^3sVUgzd8I6w{;e;l6r;?DTO5znxeGFUJ^<#wsFm)k(A8QS<VB(H)EQ=s&
zi4Sy6CL!++dzCejX%?+aQ~G{fDNj=G1w0%J=npRhiO7=gA=ipxz;fp^6?Ea?$I+O|
za=;ZJXa6dRsq|G0!(Qx?&*T_k4k0jmu=TgF&G{bWy#aIFO?XJ4B5(S&yNL!2)no#m
zU~?QuroSmj5FE7SQqz~kd*(VpM78mNDG!2=iq#bS^t!U>*j<Kqy1eem&Cy;*!>>nP
zeHRg!$h$H37Y%JmpP2i;KVBpT%}s?lVseJ%c)gvjYb%0%me#$aro_Z_pL?VE=BFGC
z>fOE&B4x90j0w-k7Wmw`-C%*ygVLEREu;=czTC9iS)9<Pp@te45|2cK@jdwpVsaWp
z*u_1Y1y;_wOliaQFXBpqaEE+BBn>qd@TQpVR}Nz`@jSaXL(Aj%Pr5f{)7oob0Fnu5
zr_lyYY+1M=Q}76IB}W8y0q^g$*Ab7OGqpp%l72C2I#oTrB!$317yHB%L;|$w(p+@i
zvpT%WI!jT^nQ%%{`MbJ!th@IF_96TqtQ|5<pv~>gv<WG~+W<}C?uv;{uV`vocmh3!
znT)TbqB^6K|F~z13v|UL300zpn<Pp9*~u-3%02e59g^K!e^d|HwqOTxVa!o|HrCtZ
zCTa**ccpKf>=)i0O?IQd2RnNRB3P`>qF`?;;wNlJE2viaSQ<<HALlFLsj>j}XtvOw
zsB~EmY_ZO*M>uj(B6@mXGRAeEbyM>U+B!QsfB-a?zkE25PA~|GIB23GuV^z;he848
zz;}Y3L!J)nces!5k}ebPA0@WRD`95X=W3Y^mft2_8XuB_N4&Y3#S;J5Ua|JqTG`Vk
zWbFzY%D4L6&?V=S6hwM_F3GMA(rtj>^1guP0|!679xC?Pf?sC;dZcxCdd%;@^@qFt
zL7K59K$?cuXHT}*Lk%oS(~8e|;%BP6GW@v%vKsmmT}H5{uoeA%{41(ZI3U&^1|wX8
z*~<QN9Xs>`5d0D`c$|m^`EKz7w$i^pWt?QNr@f?U|6ang7JSLkgU}K~iT}B3eKbBh
z3jE(s0Z3~9V<7*uba-nL!DazQrp2(LpP!=p<1ubv|4K~sZ%EodH22@|tk@KURRv>}
zK3i7n02@qYzNea&%{!;0AC&eu+4uB=IQE#DYl1%4rWWRjv2b;M^dVRW$+Xc5#GR6r
z`cmGH6*7rpi1sBb`xeAB`u(ba!3Ez;K0V><hX9ZDg__eTj5OLA`Pf7)Y}EMVxw6C?
z48->&n7%VDQ|BVX`y0pJ)H{r~U(@Y^qu7Zxbm+aZ@wr!g>>e3%<5A);Ic&u(4-&h`
zaR!O19g&39K~0e|;j0=ROBJlC>!=<SsvX!W>d-d}y?Hg0Rh$;22g()R8sRR85i{%o
z#Y*tn)g}5{$v2|OOi52es=dj}Or@KKY+ioQ9}nD5C@#$=b}rhkM3WohjnEzeC8Al1
zMcQwl3`+FCGm-P7hW+*D4jQWal(>_Y&0)=dP6lpjj5r~|8;m(&IEo^rCe>dJgfF>{
zH`DFpd&5nsTi`&+<`9n8+J*Fl89EMxCMsi>r`6HZYBv%5WDPT7dIn9P5l9WHIZk$f
zhf#lxyHQcUeVyf<?7l?(%uxXf1@2N2CL{Fno&vKU(1St?VDL4xe|tFLH7|X{1<cl&
ziuK!=jQt6c(a_2D1*Ljz>@*OU*oZnM>0!cZhS5ombO@2`uq7^|Dg>!zjv6{x^@M3A
z0=yF)XkN02U~6C=A5*IB$J%U$W@8_-8r18OKJF6))Y7h4;_Ga4O4P~us$mP+9{{Cp
z;I9my{1m2-o2AUYRAk?<aDt=fD4l2KK(=}9WpnG)0;Mk4;d5%{B2C{L9-`2FDod(4
zdeu-xF{>CZJ+_3#^<=(5t{f?Rb2K$l4VD~L@_#)8&o{sN=-|6B$g}Bj7QDn2Q+zw3
zlY;Islk&ESBQBv(m^oo__`wHn2Y2$;5R00OXru!bq6wRGT6C_3FEw&!inW`lAF5wv
z<TItaO=Qg4KlO*xE0mpB;>CK>>{S}`Cn35kl~0NyUfmDpDz#KRN^$@s)ca?Qg&XGm
zPH3sjqg)+1Cp>Oa7}>)=n>Y}bYJRy$WCmDu-gx@>q|p1*YN`>WV4vtbG%}j9eF;#p
zh2nCe`FRlBm_#ageHaHhsMZpf`9Yim;!LL6*bO`Xb686kfz^eh^W!ywy{D1SE)85E
zB*v+F3EM^k0l;eWOa<|>;ySL2Vy-bw=K~Qo4`f}5xDIyMaClE$j}ZWSvu5rrzD5g2
zaBYHivGGH{OklkkcDfV~`LND_<Iy_OhRc>6TU;ZHsP;0gk3#c2Zzzh(v1VH#oK5M&
zHZH89Jvwm@+W9H^D~h`OGl4XHzWEZ@;Q{OJa-&C6qN2sNRb7la=$MSI2ftobpZ300
zNR4q1BXxDh8aTZ|1&^OB5_AT$mH?>A6~FIy@wfX-mp!b<{c65!l!+7NwHnnWgq{hu
zp4m1E$9L5}n5-#3^1GrIwFnIt8*v$-Yjs}rB@vy>I|Ss;RX`!2^ji|phh^gj&~VjJ
z9bFajW5cWj>J5zh4XQS!G|`f-Ao0m|u~nK$CpMyOy^9aJi|0N>*|K2!p1jJNE-mL&
zd%l@gAHq&lYP&&vuW8m*I=p%E_JFvC#_X0(9>mt2@Wt}v6yGA<n&XsDE!aiX#E>&-
zo70Gr_g13E%7Yl4h)SowABZVphi`FW%<*Umhc{kL>$dkj)`FWS(u7KQra2A%g7<`p
zic=l@GQ!RIVcMK7lsh(GK-z25X!mnD_2A3)uPHi7vGjIh&ehmqgk5{QUfM`TZXRa+
zZ`ECgEq0u2QZ=`Jjl^5GzP|6QpniOd>bQ8tlEx{8i2*PEP~k0fHeG%rNkNKCeJT(Q
zPzt%_+in{7g-3z#xi4STUs0>2xuH-A3>E3@WFOdg_t~W$t3$sdUl;w^n!x^7M*Jyp
z;4oq|cdy9fn~FFj1nYqJv_tgww-ct&^0~uN5-t&?>k975=btrlqPxoI!`AFnPLmZ7
zRbmJAhOg**&u%|Y_Ljz`CRE1Y5WTh5@VRrMeH&(`KAeT7gQmqbP+-Sf3Sk5lceWeI
zk2#`|aED_e{JMtEzDTumGGhIQdoz6zjGAiEsOW5KIDLqfM?sDwK~1P`gWx40cM7o*
z!>x)tM|_B~7|z;BBa`;yO(<zaPdR%rrv=x?FoQZKSlETZTCa+rg5`+q{A=wprxg!B
z-J*kG3xXs4we5Aqcy#e7{cuUL-u}Ep@&r0PSiy<3%}r$<MWO99rFFE5;qZ5q*sCWT
z*zrPEm~#yw(UVD}Di(x|R>aP1Jv6RnTx`v=ff@2Ng`jJti5r9Y&}9116q{~ZS0QLZ
z^y&;VDGh0a`>skWn7|6&QN62%%bxgZJM8roI7h(t8{fL_GNZOH&Dfk_=iBwCma}@^
zvZOhztG!~jnWr0<XRV3Wku3^T>vs_+v(7b{`DtE)C;hT;*Re4L_BI~rc*#$1S;9*U
zZp29*CF?3ogcDEhSyxS(=QT6Gcj((9oOL;!T5JubcDBk8SyWN;dcI}}qqjI$bZ3i=
z6DY#T`Ci($YA14IzlVlcH+*2Y{YgLkCWv2v729;iSJJ{Ks}}VV6i7H{<rYvs_<^O;
z6q-9AHs>Z&&XTh!CV_tY?8cWxIBhN@Q&o&j)?st9oA92&0PpkJWtL8#h{!Oyy57#c
zFq?+QDa?m$E|hogiq%t5Sy-#BA#g<J1vRtlIp!F+xr_uA89i`2T10CVmo5a-m_@$A
zvDvlL-eTxGF>Iy?W>|K#TAsE03$1Zi++6Q-mkCY*fb^@^Iapg)P9dm_Yb>NqsaeBz
zlpvGHN(-C-QD)(-lMz=eTAlc(IhVm7RXVlTlDUrjAPc1cXdd+DXJ=<{lKmgAsgCqr
zv)<k~%@YbZ8<a@IZxXq!k6;8?Q#!$|XYO;k3~(7!?L5RB&RRwouXj)Yjkqw$6!1xM
zJh?Xda@XWYHbwUM!IIDq@kGRiPZSptzmsGr{L1yA<HoeF#58ZopN`6^FtO<;(0#0N
zIvb6Dgg-Nwf2$3X%X<!{X8bqr9E?&bpd(}lN@e0}yC1m_u-aRR9j>4I@$Dh`ZL*n!
zE(z{#8vSt%;k`Qf&s#6`4d~<csaGfx8r~3Zij`w8$IsYV8!fS6B(~D0M8YT57SDJ(
z=WO5<&&fR$%=k%FFkKKj*Okf%5d={hXx>XVc2;G*QcoC~K=D9;@$Z6LZhhrFOgxf6
z%WNx7uLV=#!6~j88pbh0aBk{J(?|n(9qT@USX{bp#~~1hS80wR_KEt<`wZ6*CWd8J
zZ>5mx(OMlR*9z9gPm2D6*u#z@BwZnpk=Ls%v1WmU^|9RkMPIA(H?+ngxs{eVBFWU>
zt!R$ywajiK^VgIcEW=zjkzenY=n8Y3K3#%1*z)h1@2<Cp4HM9W@IM?P&MOdn44LJ5
z_fsi!rn5Wfki|}$c{l33(rDsr<9v6QRZL={$1H8yY^^dZN|Sx|#J}vsyY*{@&bNd1
z_rG`$8$KGQjnUbpaT9o<64+A+IJXR+e5$wEer&ec4jXplI(v9<FT@cKt95kK^{YGg
za97B$A{N-g=%6$%n9Y?4e`hrAkT$v2o@&A()CNbrxB0+~YF;m~yMspRZ~_5j&L@@?
zRao7@U>AK7tqTyFUgnybs7k>#P|JSIs}x0PzS+LrHv)#!FQiWdsE=(mP3=+i)}6j#
z#s4w<sEz{ixm}6kEk||}@wnh~zuKo0b0X!*f7(X6HFPNx7!H)Z6H8+*I1tbI4ncrF
znx3l_5jXvsalbM>OSH=BYUk)tw|X3cfK&}X(r5D6gL^U{TafXvOjPZGnzy84%3ATL
zm_$KkT$Hl6<(&Ux2X?{O#F3o5b28o`06p9zZ$x-zH||NUVEgIxgIL(_&}Y=8b^>sD
zA22PFnH1`eU=a#V=@*eW?8-Ys5DE!o34{eUeDPGoi~jhTM8q~$pi3>$dmIrdv-VX9
zI)(}r#>9K!nQM-oY|GA4at~X8DdiNKZ8v$9g3+=9Rxk#mazYb^7^M_CC!WBeoE#hI
z(2heT_*AACNyE`@uYimZQr~dAw^ZFr?-yN9m}KR4Exf$L;&I-NjcbLFhJ12lBn%^I
z^ObMDm+;6)bVZ$j;IK1cM_%P>x-n2KBaRzboFX`qmv;sbuJzKkFc%#;(aAS;$S<W)
zic3Wd(S{ZzTQ^QyT5NTk-Vohnb@t<nCE48O%YT@qm2<jl4j*K~TCNkOe%SWdA@;aK
zaDL43C^>pE4dN=f+BukmIklfjV9{zk<p`*BchH%snpMxcV5cI{K6r~X4=1FalAkN9
z_N|^MJZ#6#4Hdd?SVp|n35#`_Kt?@<O}S``ym(bI6fLS40~AtCNJ1%2M(w0xVK!Uh
zlan~<K0rOXM1h`~mT9;?eq>c9Rj#<k$VPoH{SZq+D4?=oY#O=$uIH$bwUAl`lZ>K&
zm$9f)m&JyGXl}BsB&^`jKCK4ZtjBK0H_ulJQWzA|i~b2RF<MKiql_#CbTof5<t|Mg
z*O+;6sB}9$K_5N8?>HTu=X^PaR&QXMDzF(kT6u>(_2h0|kC=pDc;o-Mo>Hv()ho@>
z-!^~Bpn0n3lVoWEwz5GpF5ptYJnGYw*i=85(gesux_*87vhi73QJ0n=e1=%9)Q@Cx
z`{}wU?4w_AQLMZSpnzX21t1>NT*&>fXka>lAI_*u*#v=#KTEX0*n(}AUj?q6^Zm;f
zeKjEipO(KuQIQ!PlI@VVn1;eni|YKcx#;ad;fI49LM}bWP1=sh13E%T<4&LDDFjTD
zs{BGe>LTj_j4#E7Wmh{vP{d>%R>bvf=H{X$1B7v(@&ii;ESSG{Y*hZ(w&-w-)od{3
z>R32zlTH#T!oD~`a+JAXU!H&wDTr3&P?4Y%l@&ECg|HP*djN@<?H@Fv=3}h-B{H7U
zKREAGr6khv4nOG4k6{+gMNQNb^D$0MPLf&lC_P*rf!_o^L+ja(@UN-WBa@{pGAAVv
z6;Jc~=F{H3K{I^rLUgMuG@5b5ndcdUQCYWvRiwHl^-VD{SbuP$1~epjO{oFl@9jg4
z@JNXqqWhNgx*Wx1#zYQq<==9@VrDKCGM5qBa#P22Gil<?Nms6FowRkxX~Eg!;Gl+~
zrG*=(fh|zl{{2n1Op$R@D%7NvfJtm4z(JyWcMOMOx^T9jkaK~OMK8L$%XE^Mk$6fM
z9%U#ATzweoxh5`{YJ3Ql>9@ni3|i(g5UvPF`meT%b$J02A4lirtoBn<n-?jKLD7@s
z+{cyGx%^CiEU;)y0pAOe;nE(X-C0Q2`b)<U3wuor5V&AjF`4>+<5R4&`;SXo$czcd
z{A}J9EVBnLBn{uO{0q@4E-HFXH*44I3%=vk!@Lh3^Ysg1)Jo60?55A3t&uw_y8iK$
z_v7L0Gb?ntqVDdxlT?l%GjPKxl(t0GN~(PJuzbHz85n25ys$U}I&T<0X&e$WrpwL^
zk?_vz?nWkMQ4ecQwV23$&<mJMq}3SV=8)=e25lQf&p13tb^zK*{etf=#LZZkgvV6K
zCsWxJCZe42XnAqrlPIcJo%ecdVjQ|0{ULbqb$6E}%*;+%kxpxY*2|qCgqn(B$ZqU{
zA%o(KDMe$c)YChM;c>=6XVe$lpTAp-FgiggVcO48u9CU#u`9<rZq~s5T%qwpt9fb^
ziqxtY(25yms_G@*&W@{^0|2(*`&LI8TkuDv3Pv<kGMK{zjK|I-jI>TKE+Z086C+`L
z^0vWnCVCL+cUJq~W-LX}(V^;JN~_h+o`J@^2RU!o_lEkLDbVP@9N6}2$>&{qllq-g
z=+FJ`5Zt$Gs$f&6u6W3`$21(fF2hx83*8-m1jbkg=#mo;<3R$9b?fCU<WqkcXkF?}
zh%Ir1Aks@CRd0D#A6kt2rZO^575A%Y>?PaPZmHWCFYN2GFyb+blW_tPTeXKU?K#H+
z(!Uxs3W%lT_@AmNTi+I<4`Fusvm$97j^3ON(M^3mceY(CNHnp}QhEcSYj2yIx%_a8
zJyGK#9a-2h5sg%<0)>zk$4pqyK1e&|oF(1EA-!nF(eB=}-#jH#p`m9N#lT#D=UOFa
zqT=M^Jw6^izfF3cn>i8v3DZ?+$V>xk^btUgW2@Qy7Kzw&#(+GQv~oVfyUP!_FDV?!
zALNvPUR|vkFwDwOL6fyCNsEgwr)3hp`%NrIAp1f!87rSdmaxX0#jd6Ey`-XQJ%E~G
zx~)jWZo{^z5xOY`e@We6?zR8q*x1yk1snImzBzQQ<-Cp_)nLq|X#*B2;GR<jS*vmH
z!9jg0HP>=mU%wDtrGZAB@fJbucB#HwUGsH+!SRVvaLfF_h)hnXhhoMIf}auSDs8%B
zx0)-}K?b`-w+c1R%!E}Ha9Aa6sx{ulod6cY$S)s3uvk0j;Cg`jj0{W&w&1c^tvIM1
zvK%Ep3e@K_sGIz~C#Zp6eyRVq(qgZAoS-CgZTul5(9}QUmL-=%L1%7Lul-iZ?s`32
zd9Pk@T?Z~@u0{PQri%2;YnSYOWR|6vizcA@-Z=E}Fk4_KEw*6NvS2<D-L`%!@DgMF
z90fsl`Pf#1r>;vmTCSLR$wf^>S>I6myXP>@Vxb<!J`(c-u2^WJ+6O;=p)MHPWzft;
zcZvGUt`a|4piQqOa{<V->Qcea=#id2+6Z$dpyfu?&giBe2Rr*m!=z-B40-quEBf(z
zwog9vj9k=;Eov>wNpvW=hVg<qmodh>)$h>!&+-}hx&#NN-9?j_apV;fd0%^_3kRA>
z_mR(_Rv-u%dLfH1=b}tEmTU$sPd?OX8MCVcW)!fc@2154uGp}39N>-0W=w{T;`-Pv
zlE=N#Wgl;hW0*RPAEO|xFXxY>rEvR)g5t`Y3*<3HXYg6mt+AH#n3sV$)2&?fyA)-K
zOoVbcEh>3{Q7h-h<J02a)}Lt38M)tE)Ng~?!X&1m2Mt*psixAnGkG<pNpIQ&?JNrU
z+gK+Uxb0eETki7cQd2Xn#sK1n>Uqo#)x8-7oWu%rBW~#$Pi4YZnKm)lpNl0;3XCrc
zXQ&+FiFCUbIokjPN;=VB$Pbrl)bw`!g5k@1X(`mLaPiN3GfW>Q*gZzM8vy&wV|~H!
z2eL99PE%lfjjcwDy<IEZ8v7;K0K|1(z1TyUT`$y7>vz3-fzsBpS;5;#yJyRVGt?f$
zoE)6IpALzuoTijxR4UF>5{&k)$YJyg>{}}ML@ukztgOq%Ra(ZwI8mTvEp6)s2w8RG
z;mF+dg8JK`8Q2(=SG`j5xveDkt7UgoH&7pxtlEJW9N;3ouX`#h|Co+NfwqLMdTxif
zSl78N8{SxK4|}iq<%QoKcTPcrzZ5qm>J=o!RWdcqnwl6<!(2IU_@eve3r9nUll1&M
zO%C3S>@3jhQ2W2-=`h$SdBhXOi8Gboy=#!&jx^O0?;<qFGn^Om=ZZBPa=&zee$<T-
zo^H$$8&aPOAk4E|rFS-!_dlp9yX!ACFgyuwF3FNhGcnt>E-E_u)rFm(JF6Q?hMtWY
zLckgmyC>Pz9O`^_Ccs#QVGS!H+2*!9ty2-;;6|eDYkaCBk$agUaWNc1Z5Tu-N(vcu
z9vT3B(Lb)EP}HVQqaq=pRD2~8yN3d<Hy9u`HR8_nFt2k-`a=n(B@+kAHLGUXRVuBv
z5L%*l>L6gd@ANKQcIGIkHmqls^6NU+!`BjJiy}vv0V>;m?6_>GRJAOqai3e(TK=F4
z>=~OOoSmkbN3{ZW2qf&Z^xY6_xxs$s^P8A1!`WU4Jqq^x`iv9w-34t!-@Kim?Td-k
z?Ax6X>4)k{B`o;>ybSG_6mI#1VGv9wdV$l3yP)!8(9*p}%jkeV?}s^l=bhCu=k@TI
zhtxJM*0pHbgWuI=ig{HRl-5Z+!J<EA26I}{0|Zo$&T}<Bi~Iz+=~m}2E$1&cRVta6
z$l;?rg}T$R@>xZ-WVgU9XKk7|>;q>+rVc*H8eY?6>uwqeNMG5G)YvW+_Sap#9x9<6
zGbnkKKXP!?BX^d5x|n?Lw*f3^aT?C65$QkgSuTlNK+pFbJaGo?-Z2o~l9?sxN97x%
zPZ~MPR_OVu&s)#=OqH$~Tu?9nh?8T=)<u{}O}VSI*2qkpCrF}KM&pOM06Im*Y-gE0
zM=8UG7DtVTBH*H;G_wp0Od)gd_u+F*j`Bxo0HgkBe)v1HL}W1V>x%g{XO4vWy@cDx
zD#eyt@iwe`KttXw_2cifCSWe4#{(~Ce5-H}xFKkCZ|@gw32etNEn7FM?knPZs1&f9
z^h~vo*o>*Hc@x`VdAgfgN~btuoC<1zpPqkl`ir4l>jV&CU-sZH!7eAEv&%?zv#rE4
z^aM9)#cF?+7F8%f_JxF~$UhisfNU()c>MnYpm}Qi8%KEs<=;Tf*O33lAanl@7_&x9
zjP9#fh#EqCJhI?{{^`OeRSWfv+KadF3WVq?zp?z>S?jO%Bn5CQaJ%$?5#M(R&wbJm
zBmh`P3IAMvwF19R|GO>V8A1(~^|d_jAr|)1;!8iU+5n^crjE>4<Z4MiLapDPq3n+B
zXkmH5bG?4jYh2a83BufoeCfv$3Q`fyi31zWziqP8=j|%k%S5$?&D<9&s%K~3U3uXd
zRn^&BG(14krc_HAjOI*Zc;UW2Ka(_@YUXP5g4e5Qx%0p}GR1|kcVxf#u=5OR%_}@I
zS=r<vTz|0qGSsn#8)UpIh~DuT<=PY12aFZ)OqzyYS1=p@aQ%Dwv+nKVl1sx8hRXCm
zV;@sLK*l{lCcRC04Ee*YvjPl@%k|O=l=!PB+oG>gBkuQq(40{toh5`8?i^mmgN1ip
zqG$Q^XRtQr!E@je3LxhNp{}+8_ydd(%*yieC|wT0^CpLX7P}SLd1${sm@r{%YKpoe
z?fH7!)}Ne;N}Va`F!An`b!6pF-CO_U$LaY$bF*T;W#3?TZRsa1EghYb!Z^D5>P>NV
zwR`}A0tq{N&4_2zHyg`8Am6;`7S?}i<vy-~yB8J`k`fgi{1ykXh~%seV=$a7udICg
zO2MZjMDO>1q5Wp2XJ@~aez*<{3erm4!u9_bWZwU}2^C+0KQQl}ZM`<KI4#%p_6!MX
zEf~m<Zv)7T9mBeT^dg@lvFP4q(a2O`xMx1iA?9>>T>L68iflBHYd-nSMn`Nc8hJP^
zSZn!1<&u#^Ytb<~0Dds@t);>9JiQQ2AY>NuK88%d0A9&F73RdS*uupw&T#+PB7GvF
zTb$_e4r{?F-2N1zYVMd&wF<mi6AHZ1z^!rU5EXbD-l6?hI^NOZQ}E2OvX+D2dx&N)
zRBLgy3BQa^o7g}rdo$Ve;T7|r-Th}&Ph0{LE~&9tAlu9$Udbeuv;E$ETc~n_QAt>;
zk!%B_Y#Evkqm6l4d523qdz104ag@AAvq(%1#>OeQo_&aPdmx&#p?GRLY&hA{6H1ee
zLLrX3MPi1tv`mH2f`*4wfj7>$1WLH{FAE+@_KN@yjdbDgtQhJ&9C_hLIVFTgK8dg@
zHJw3noV4u~x~Ai4t}2oF<I|BUo=A$I#D|U}6X#0Ys+4Kac-6f1Z)Lk8b;tl>vIau{
zC@GRCk)x!juuznrpZ|^8JAa!0^6&rALdGXiG^8EBV+u*d+0K2N{TA3WWgXTm2xCA<
zmi6%SvWR+0rG#-`Wdv9vnxs2@G<jMxU4ZKXKpqyAa{ShiNS!P-HD_<PD9jTU;k*Hr
zqWri_Xq@u+vzfJ<l-C~u%Rb>kkC_9&Xw&R|9C+RjMJ!u-O)3`3NPz$Cl7{zm+Gs(g
z#CS7L3!QmiYbYE}l6MoiNUcJ)gpo7vXh=lnxQGM!l>_FpQg|Vsgc_N{!^3j>lDfL0
zEK#@!9Y%-2(qdAh1$YzSJbw94S5XPhc;Wy8Qn@@KFJtH3&t|jqVrWr#8%3PyGO3P8
zBdPh`y&&YCXwglev75lJ@9kL746u;1Dd6MtS{AwDoIRp$SleDSbb=7A7)lD&PoLtZ
zkq%kPg)s6d`dzM7lo`k>O>~s={p}vZ)q!Q=F2p&;-&qcmT7f_RBO0DOh3l<!O_nR;
zNB;OSXDtoi=F~_59K_^ylX?pFTJ{d5b4?nG)z*ljMfu=20EIq5{}hsKv@5B0z0Q-3
z&N+`>4Yqj)9Ajjstg#a<8J3&LW&A1zS(n~a4Q1@eQ;b)AI9m1@EAgXyS7+TT5Z+&#
z0#?M@uXnHZ`V#WW<FSl6npO6vV@xi}?S!4}V<RC5E2{XZEWqB}4b0(5UCHi6?+=?i
zHEGFCN6uTbl4-NWY)Tx^Xg+)hX4xFN#}NlG3S+Fve)~{wahg`FPR*Q@g%3WB9X;$L
z>qf-F6qQ;X8Hs1Z`+qG>{3pbsjp*p&uQZIjLTyw{_kGAkWEe$9;@CtT=5a%7vX}VF
z(~~R%F;@uChoBvXFNthIS2^P259&2k$+?rwp#@bSpkDdIiUb3pa5<{KZX%c9j;ukB
ztxbrMy2&8M?ka<B#X?p!a+Pz|QeW=ee1^QzX60v72!{spC*i*!qn<qdk{h+GiJ04R
zL$O1*`D*1v`eeZAti5$A*33+#!!wQO346VG%`#HDx^EL9Fke<Vb1Jr*B4Pd5I<f%H
zjE>HS`)tLD%Hc<!T>H!WjpO$Yb`Ct!xOxtbEajDk#MRtcLNa8eH+DDxr@>q53+%Ry
zjo&X~`LYQi)tkg$y$KrzTgn&mM-)jW8YUSHtGO~>2O0Ip#}_12RGi<1FOMV6d=cx%
zDL!r$uVPXkP0$ILO1vor;h^DNJtACmzfKa^AR;H?;Pb+=V{6na*)z*aj2NAIhZYx?
zlRLCfWzO4-mqS2WTPL7bFufn|6bdh5QmLJh73{-)p=a%d2SHiR-`yv5Gsf6+5JF2K
zFBOZGzgVRp7^(=V;<NEHRNk;#7AXgNv|nOrGI)BIEbv+I<YUYW6ec_Q$zWTe$O9p2
zvHt5+plTn~btOjHelw{ymz$b}6vnu!ZQfqYuuHnytI*ruIDOl{`cqa_xwyN_VTc&x
zBd2QF5^!FwUJ!1`+zH}4Qc7~kU0Pyx`)KjHGGfTZ5R~ezBaq$MC`zy`f)w3u1VZe{
zkvCg`yf<*n_ol+ud6UWQ`c}TmiK5^6m{>X4@{sn9Lsc<-Yp`HiFiE)5wnhaTU#i06
z+D$AxY`n8;ge2ECwAxg;n6n7r-SIiv?I<ddlksp%e;D$(if(>^-Ho{A-K$qz=;%pE
zpvHc7{Xfg&$!>bI1SBIPL*JpJ>5Peq0ou)IDJdmD!}P$~qFpDJZv98=fN|*lg|y<y
z4k#`b2j5^_r}_X|x2}^_Qp&5ZuP-U1yT+e>_B>vw70U*+$jZpfT#%P1R99D5zHk@^
z1c94NN#Ta~WDXCDgH<w|WcD$X?SG8htCcVzA)$yV<CvaxDSrMgJ*?y=AF+a|{OIWD
z*M(mm{|#B|@DpgRU~UdVdYxlYI;WsOyb@w$^j8dCSqfgfP3F|n=jZn$_++}~KUN3M
z5WJ8ldol3}EHrdv&w519dR=X(=I5C|uFapHJ#jl#s-&Mz!doT{h#S=~IG`?;s2`<T
zfYv-)hu8<=*ck48<~8Kp+#2=`DVm>|{r)>B>bUpj&#;KqQg~ZjRJ=m@g444zsCw9I
z(tp_;I+OY>j;owEYLKr~QT}`V9ce|CfJSuT_;m1uG3|GxIC>!)fosu^`>eTF>W&H*
z^iOfADTt)Jk=yrix2_lO4%y`k0QNGkFD?0rk@lJe^+|w4PVkg7EzNEM>n*hWsVNv$
zHMfoPg{#8-X@DD>Zc?t=r$n|9kle1n8k@9@{Kb%2B&Bo^>pJ6pbC9qVY9vQKm6K3O
zY|dT~4rlJcZ*>QIoXPShXF=lb`=CeDVaqWSXjsmF=~{s$WivOIJo&VcnGL6q7!<wy
zYF8hw>q>Ph`W><>_RP?u#+<`$L*U)0Dxoi`u}S_!pH8Up)%jA1_yX5lu@wx?OgM5t
z!TPy*k?Lj8W9ef4HVzJD&e+u|I|g+xQbdl?&BO-m2T4J<&`Wc&DGUpd5l(s`DSx@X
z^==aPJN?7LT8X(#Oq8RA`%Q7V%B})OQ^YnR8op<L^Mz>M+sT@bZ6$sSz2DLv!qSQ(
z$j%}l%iUFQZdoH+)xR@JDP)YkZN(HDtgy2Xm5V(>3<3y7@P{xM@KsVonsyNHcscc4
z4Ad|iF7!#&Q}>N;ubL^*pKHpOz>ymD|2*5<RIoQbO8Ah7WD)U+Q(%3ZDPMQno$+UK
zt|f1zle&w8J0ZQD7j)*Wkoap@=YLHdn|ew?o|K7Z;%UV}Q*{6dF}Ii(lEGbziDWWj
zhM1XhjcCC_Hwil>zff5^^f_>3O;%apr?X&ub)_g=O>_YOAf+$ud;9Y%JN3@!)<{)V
zqp$(G@)YO<jQiunDbKHQEPR68_g<#$TD8c{A<lkAeDtRx?~+VI)t&AyYwV$;8uBl#
zD}uFu1)}x0PXDI0NEnUZ_24o(Dmqz`RgC2XV#ykDs$^^Z(0s$Ao7qjJ%=9Q<Xgr6Y
zO%8zcT)PyNBI#&8@ih}9R6N^}^+5FPduAY8`6*+QocYWSnvGmCX7;FN!OvJX<;Qt_
zJ9}qpkkJ6yILY?@d_{r4#5Q5B@eKBqAF`o)*h6q81S;FVw5=`d+#yrmP!ZGFsY;`n
znKAQSvjTz%Uo3z-I(zpt_d+!k{^(Y<V5TuU{JTdMu|R<Bp>B0<UDx(Ekbae|Z79&d
zCOb#@4uOHpd0d+^5!0h=e`0~u?iz&gE5k}hyHaOC94jHZ$Zc~d7@b?*NTKo<1gh|D
z>M=N(_(IpTU=tU)X{oTkLn={nh{g6OS2bUJ$0E;~F~M-VWYk|?wXbT{M0F{jNXcfs
zqFADnV0>M!%Bb%f8I|G|kOUA+!RF;@YilyU%CBDgHSFZ(!1RS4@FVX~!?@#AjBPR^
zt4s&+J(DMHSj&GD7VLK~G#Lgv#|nE_)r>dW^BWiScJ|A{F$We+#w?oZv&9Y?YJjSR
z%Uw;qnEY_;$;(K)d_x!+W##kiJ9MT5L9Vd{lgphSQ?yw3YrIW$x495D!Hl$JX`c#(
z`bFVJ^HMPEeiy5$mxvf#x#c7D?;*_!q8qaa=94ggBQ6l{`+<`q)lqMMDqB3-@_3(i
zKHYp7a;JX8^y)G6UkdIg1#M#E^@4OCS<L;G#(DFqr0uQZP`pBJ3=a0;mAOBsxX`Bn
z*=DmUdxq-VA=p@YCOQ6au0k}WCgizFUy}o$3ca~90UYy!n1MCf@mzjq$6-U(JJW?|
zaMpawt7r1~gv{-BncA>!DqV{dpYb8WrP5?~o(rTYGabkP8LL2QvH0Ha(v(Ro0gyL9
z)YY_PR!jKDv4`+y$!uzhnqheLYG!nFw$RdGr^?~Q6xH%xf`D!_Z$(mh2QEr1(#E2<
z(`Go!9taa^c$47WjzyZ}<bEIB&$(ugm-}%=$He57T7u(3uaXZQV5|8;t!mvxXT&CU
zkFp8!M;0>UO`oH`XS{v^+WXUD#eAI=Fs`sHUB}F41qpM$(n$jBdz5_j=<_^#weWva
z8SmzS43w0X%v#Fx>0NZAFVXOy9$GK{o6~4TU`bicFDk;?q4R7IHZv<q9zOP>dZU5=
zUxRV~&DFIrzo6g)i<fy-RaJg*vAnD6{kJ&pl20aJ4QPq=HymArTQrXoPva`;?)LYh
zf<(0xH>h1(U)QUcgR1}H8u~1EwebH@PBh2yvB>{04Gv`gAMz~VoBzMP&F={TRxj8>
TB~Tjoc@Bm6#rcZAYkL0=$@7B)

literal 0
HcmV?d00001

diff --git a/docs/runbooks/ui-sync-site-state.md b/docs/runbooks/ui-sync-site-state.md
new file mode 100644
index 00000000..48049d57
--- /dev/null
+++ b/docs/runbooks/ui-sync-site-state.md
@@ -0,0 +1,58 @@
+# UI: Synchronize site state
+
+## When to use
+
+If you want to synchronize state from one environment into another environment.
+
+For example, you may want to synchronize state to a PR environment to run your
+code in a more realistic setup.
+
+Or you may want to synchronize a main (production) environment state to a
+moduletest environment, if requested by the customer.
+
+## Prerequisites:
+
+- A user with access to the relevant project through the
+  [Lagoon UI](https://ui.lagoon.dplplat01.dpl.reload.dk/)
+
+If you have access to the dpl-platform setup and can run task in the taskfile
+(for platform engineers, not developers of the CMS) you may want to synchronize
+site state using the related task (runbook WIP).
+
+## Procedure
+
+1. Go to the [Lagoon UI] website and log in
+2. Navigate to the relevant project by selecting in the list
+3. Pick the *target* environment in the list of environments. E.g. if you are
+   synchronizing state from `main` to `pr-775` you should select `pr-775`.
+4. In the left-hand side pick the "Tasks" menu point
+
+Now you are at the tasks UI and can execute tasks for this environment. It
+should look something like this:
+
+![Tasks page in the Lagoon UI](../images/lagoon-ui-tasks-page.png)
+
+5. Run task "Copy database between environments \[drush sql-sync\]":
+  - Select the task in the "Select a task..." dropdown.
+  - Select the source environment. E.g. if you are synchronizing from `main` to
+    `pr-775` select `main` in the dropdown.
+  - Click "Run task" to start the task.  
+    The task appears in the top of the list of tasks. You can click it to see
+    log output. Once the task completes verify that the log output states that
+    the synchronization worked.
+6. Run task "Copy files between environments \[drush rsync\]":
+  - Select the task in the "Select a task..." dropdown.
+  - Select the source environment as above.
+  - Click "Run task" to start the task.  
+    The task output can be viewed as described in point 5.  
+    The task will fail. Verify that the error is a list of statements saying
+    `> rsync: [receiver] failed to set times on ...`. As long as these are the
+    only errors in the output, the synchronization succeeded.
+7. Run task "Clear Drupal caches \[drupal cache-clear\]" to clear the caches:
+  - Select the task in the "Select a task..." dropdown.
+  - Select the source environment as above.
+  - Click "Run task" to start the task.  
+    Once the task completes the environment has been fully synced and caches
+    are cleared so the state will be reflected when you visit the site.  
+    E.g. if you were synchronizing state from `main` to `pr-775`, the `pr-775`
+    environment will now have the same state as `main`.

From 3bfba11a5d6de66faba3ff08250d8a7c889b2be5 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Wed, 17 Apr 2024 16:32:12 +0200
Subject: [PATCH 005/341] Markdown lint fix

---
 docs/runbooks/ui-sync-site-state.md | 55 +++++++++++++++++------------
 1 file changed, 33 insertions(+), 22 deletions(-)

diff --git a/docs/runbooks/ui-sync-site-state.md b/docs/runbooks/ui-sync-site-state.md
index 48049d57..deec6265 100644
--- a/docs/runbooks/ui-sync-site-state.md
+++ b/docs/runbooks/ui-sync-site-state.md
@@ -10,7 +10,7 @@ code in a more realistic setup.
 Or you may want to synchronize a main (production) environment state to a
 moduletest environment, if requested by the customer.
 
-## Prerequisites:
+## Prerequisites
 
 - A user with access to the relevant project through the
   [Lagoon UI](https://ui.lagoon.dplplat01.dpl.reload.dk/)
@@ -32,27 +32,38 @@ should look something like this:
 
 ![Tasks page in the Lagoon UI](../images/lagoon-ui-tasks-page.png)
 
+Now we need to execute 3 tasks to synchronize the whole state and make it
+available on visits to the target site:
+
+<!-- markdownlint-disable-next-line MD029 -->
 5. Run task "Copy database between environments \[drush sql-sync\]":
-  - Select the task in the "Select a task..." dropdown.
-  - Select the source environment. E.g. if you are synchronizing from `main` to
-    `pr-775` select `main` in the dropdown.
-  - Click "Run task" to start the task.  
-    The task appears in the top of the list of tasks. You can click it to see
-    log output. Once the task completes verify that the log output states that
-    the synchronization worked.
+
+    - Select the task in the "Select a task..." dropdown.
+    - Select the source environment. E.g. if you are synchronizing from `main` to
+      `pr-775` select `main` in the dropdown.
+    - Click "Run task" to start the task.  
+      The task appears in the top of the list of tasks. You can click it to see
+      log output. Once the task completes verify that the log output states that
+      the synchronization worked.
+
+<!-- markdownlint-disable-next-line MD029 -->
 6. Run task "Copy files between environments \[drush rsync\]":
-  - Select the task in the "Select a task..." dropdown.
-  - Select the source environment as above.
-  - Click "Run task" to start the task.  
-    The task output can be viewed as described in point 5.  
-    The task will fail. Verify that the error is a list of statements saying
-    `> rsync: [receiver] failed to set times on ...`. As long as these are the
-    only errors in the output, the synchronization succeeded.
+
+    - Select the task in the "Select a task..." dropdown.
+    - Select the source environment as above.
+    - Click "Run task" to start the task.  
+      The task output can be viewed as described in point 5.  
+      The task will fail. Verify that the error is a list of statements saying
+      `> rsync: [receiver] failed to set times on ...`. As long as these are the
+      only errors in the output, the synchronization succeeded.
+
+<!-- markdownlint-disable-next-line MD029 -->
 7. Run task "Clear Drupal caches \[drupal cache-clear\]" to clear the caches:
-  - Select the task in the "Select a task..." dropdown.
-  - Select the source environment as above.
-  - Click "Run task" to start the task.  
-    Once the task completes the environment has been fully synced and caches
-    are cleared so the state will be reflected when you visit the site.  
-    E.g. if you were synchronizing state from `main` to `pr-775`, the `pr-775`
-    environment will now have the same state as `main`.
+
+    - Select the task in the "Select a task..." dropdown.
+    - Select the source environment as above.
+    - Click "Run task" to start the task.  
+      Once the task completes the environment has been fully synced and caches
+      are cleared so the state will be reflected when you visit the site.  
+      E.g. if you were synchronizing state from `main` to `pr-775`, the `pr-775`
+      environment will now have the same state as `main`.

From 8f068c0efc7c737e240ef858aa25cb11bd567fc1 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Tue, 30 Apr 2024 21:39:11 +0200
Subject: [PATCH 006/341] Add task sites:check which shows a report of which
 sites respond correctly and with HTTPS on /

---
 infrastructure/Taskfile.yml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index 70e76dc7..218f531b 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -865,6 +865,24 @@ tasks:
       cmds:
         - cat sites.yaml | yq '.sites | keys | .[]'
 
+    sites:check:
+      desc: Simply checks that all sites defined in sites.yaml are running and responding
+      dir: "{{.dir_env}}"
+      vars:
+        sites:
+          sh: cat {{.dir_env}}/sites.yaml | yq '.sites | keys | .[]'
+      cmds:
+        - touch statusnow.txt
+        - for: { var: sites }
+          cmd: |
+            if [[ "$(curl -I https://varnish.main.{{.ITEM}}.dplplat01.dpl.reload.dk | head -1)" == "HTTP/2 200"* ]]; then
+              echo "{{.ITEM}}: OK" >> statusnow.txt;
+            else
+              echo "{{.ITEM}}: ERROR! Not up." >> statusnow.txt;
+            fi
+        - cat statusnow.txt
+        - rm statusnow.txt
+
     sites:sync:
       desc: Performs a full synchronization from sites.yaml to running state
       dir: "{{.dir_env}}"

From d5b204b469e5db68c0e944497e83e07f1efb1b71 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Tue, 30 Apr 2024 21:39:24 +0200
Subject: [PATCH 007/341] Remove unnecessary step that prints deploy key to
 console when syncing site

---
 infrastructure/Taskfile.yml | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index 218f531b..094cd5c4 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -707,9 +707,6 @@ tasks:
         - task: lagoon:project:ensure:github-registry-credentials
           vars:
             PROJECT_NAME: "{{.PROJECT_NAME}}"
-        - task: lagoon:project:deploykey
-          vars:
-            PROJECT_NAME: "{{.PROJECT_NAME}}"
       preconditions:
       - sh: "[ ! -z {{.GIT_URL}} ]"
         msg: "Env variable GIT_URL is not set or empty."

From e312c250835a6b24d377c58ebf2292c800fde8c3 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Tue, 30 Apr 2024 21:41:53 +0200
Subject: [PATCH 008/341] Add task terraform:import:repo for importing a github
 repo by site name

---
 infrastructure/Taskfile.yml | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index 094cd5c4..50e7d0f1 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -142,7 +142,17 @@ tasks:
                 )
               --query value -o tsv
       cmds:
-        - cmd: terraform -chdir={{.dir_env_repos}} import "{{.OPTIONS}}" "{{.ADDRESS_ID}}"
+        - cmd: terraform -chdir={{.dir_env_repos}} import '{{.OPTIONS}}' '{{.ADDRESS_ID}}'
+
+    terraform:import:repo:
+      desc: Imports a Github repository for a site by passing the site name
+      cmds:
+        - task: terraform:import
+          vars:
+            OPTIONS: module.env_repos.github_repository.site["{{.SITE}}"]
+            ADDRESS_ID: env-{{.SITE}}
+      preconditions:
+      - *require_site
 
     cluster:auth:
         deps: [_req_env, _infra:terraform:init]

From 22d0751e970c85bbeba45bcc1969ad7ef18d4c2a Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Wed, 1 May 2024 23:29:25 +0200
Subject: [PATCH 009/341] Release 2024.18.0 to all sites

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 2e278ba6..6baced48 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -2,7 +2,7 @@
 x-defaults: &default-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
-  dpl-cms-release: "2024.17.0"
+  dpl-cms-release: "2024.18.0"
 sites:
   # Site objects are indexed by a unique key that must be a valid lagoon, and
   # github project name. That is, alphanumeric and dashes.

From 25d4bf2b7a3fd06a5ed0e468624cdd8c87c30fa4 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Thu, 2 May 2024 15:31:30 +0200
Subject: [PATCH 010/341] Scale up ingresses more! perhaps

We scaled to max 10 ingresses and the autoscaler immediately went to the limit. We will see if they stay there after the 5 minute stabilization window. If they do, or even if they stay close to (say 8+) it may be worth scaling the resources instead.

This commit suggests how to do that, while also increasing the autoscaling range to a more realistic one for our load.
---
 .../ingress-nginx/ingres-nginx-values.template.yaml       | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/infrastructure/environments/dplplat01/configuration/ingress-nginx/ingres-nginx-values.template.yaml b/infrastructure/environments/dplplat01/configuration/ingress-nginx/ingres-nginx-values.template.yaml
index bdb40148..f63ab294 100644
--- a/infrastructure/environments/dplplat01/configuration/ingress-nginx/ingres-nginx-values.template.yaml
+++ b/infrastructure/environments/dplplat01/configuration/ingress-nginx/ingres-nginx-values.template.yaml
@@ -16,8 +16,12 @@ controller:
   replicaCount: 2
   autoscaling:
     enabled: true
-    minReplicas: 2
-    maxReplicas: 10
+    minReplicas: 5
+    maxReplicas: 15
+  resources:
+    requests:
+      cpu: 1000m
+      memory: 300Mi
   service:
     loadBalancerIP: "${INGRESS_IP}"
     externalTrafficPolicy: "Local"

From af71e429c80868f2e096d9a3a0d227ca415661bf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Thu, 2 May 2024 17:09:30 +0200
Subject: [PATCH 011/341] Upgrade Canary to 2024.18.2

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 2e278ba6..27f6f971 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -12,7 +12,7 @@ sites:
     description: "A site to test new releases on"
     releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
     releaseImageName: dpl-cms-source
-    dpl-cms-release: "2024.18.0"
+    dpl-cms-release: "2024.18.2"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIhuA0K7CNvRoe+Xx7RaXG4+a8KcSpzuWn+G4sUPzNWx"
   cms-school:
     name: "CMS-skole"

From 899b5cb527a2ab20ff417a29a0b8278b858ee745 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Thu, 2 May 2024 17:16:21 +0200
Subject: [PATCH 012/341] Based on data from HorizontalPodAutoscaler modified
 scaling

---
 .../ingress-nginx/ingres-nginx-values.template.yaml           | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/infrastructure/environments/dplplat01/configuration/ingress-nginx/ingres-nginx-values.template.yaml b/infrastructure/environments/dplplat01/configuration/ingress-nginx/ingres-nginx-values.template.yaml
index f63ab294..7395568d 100644
--- a/infrastructure/environments/dplplat01/configuration/ingress-nginx/ingres-nginx-values.template.yaml
+++ b/infrastructure/environments/dplplat01/configuration/ingress-nginx/ingres-nginx-values.template.yaml
@@ -20,8 +20,8 @@ controller:
     maxReplicas: 15
   resources:
     requests:
-      cpu: 1000m
-      memory: 300Mi
+      cpu: 500m
+      memory: 500Mi
   service:
     loadBalancerIP: "${INGRESS_IP}"
     externalTrafficPolicy: "Local"

From 4b4d1a6ebe5c94b2a928e28d29854f07946d5512 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Thu, 2 May 2024 15:30:11 +0200
Subject: [PATCH 013/341] ensure that a the connectionstring is deployed along
 with new deployments and updates to deployments

---
 infrastructure/Taskfile.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index 8d60005e..fac36b5a 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -736,6 +736,9 @@ tasks:
         - task: lagoon:project:ensure:github-registry-credentials
           vars:
             PROJECT_NAME: "{{.PROJECT_NAME}}"
+        - task: lagoon:project:ensure:azure-mail-connection-string
+          vars:
+            PROJECT_NAME: "{{.PROJECT_NAME}}"
       preconditions:
       - sh: "[ ! -z {{.GIT_URL}} ]"
         msg: "Env variable GIT_URL is not set or empty."

From a37c037876129a5f5004af1a0fce62d0c207e804 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Thu, 2 May 2024 21:01:40 +0200
Subject: [PATCH 014/341] Fix variable scope for AZURE_MAIL_CONNECTION_STRING
 env var

---
 infrastructure/Taskfile.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index fac36b5a..2a5ae008 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -648,7 +648,7 @@ tasks:
       cmds:
       - task: lagoon:ensure:environment-variable
         vars:
-          VARIABLE_SCOPE: "CONTAINER_REGISTRY"
+          VARIABLE_SCOPE: "RUNTIME"
           VARIABLE_NAME: "AZURE_MAIL_CONNECTION_STRING"
           VARIABLE_VALUE: "{{.ACS_CONNECTION_STRING}}"
           PROJECT_NAME: "{{.PROJECT_NAME}}"

From da199e66e97c41be578f06b4c23080124b5d5785 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Thu, 2 May 2024 21:11:54 +0200
Subject: [PATCH 015/341] Fix require_site shorthand so it is defined at first
 use

---
 infrastructure/Taskfile.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index 2a5ae008..46744e04 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -152,7 +152,10 @@ tasks:
             OPTIONS: module.env_repos.github_repository.site["{{.SITE}}"]
             ADDRESS_ID: env-{{.SITE}}
       preconditions:
-      - *require_site
+      - &require_site {
+          sh: "[ ! -z \"{{.SITE}}\" ]",
+          msg: "Variable SITE is not set or empty."
+        }
 
     cluster:auth:
         deps: [_req_env, _infra:terraform:init]
@@ -883,10 +886,7 @@ tasks:
       cmds:
         - dpladm/bin/sync-site.sh
       preconditions:
-      - &require_site {
-          sh: "[ ! -z \"{{.SITE}}\" ]",
-          msg: "Variable SITE is not set or empty."
-        }
+      - *require_site
 
     sites:list-keys:
       desc: List keys for sites in sites.yaml config

From 5baa2172cd608bd532246a1e101fbe51912dd86b Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Thu, 2 May 2024 21:27:58 +0200
Subject: [PATCH 016/341] Fix validation of input to environment variable
 setting

---
 infrastructure/Taskfile.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index 46744e04..aa74ae1a 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -606,13 +606,13 @@ tasks:
                 }
               }
       preconditions:
-      - sh: "[ ! -z {{.VARIABLE_VALUE}} ]"
+      - sh: "[ ! -z \"{{.VARIABLE_VALUE}}\" ]"
         msg: "Missing VARIABLE_VALUE"
-      - sh: "[ ! -z {{.VARIABLE_NAME}} ]"
+      - sh: "[ ! -z \"{{.VARIABLE_NAME}}\" ]"
         msg: "Missing VARIABLE_NAME"
-      - sh: "[ ! -z {{.VARIABLE_SCOPE}} ]"
+      - sh: "[ ! -z \"{{.VARIABLE_SCOPE}}\" ]"
         msg: "Missing VARIABLE_SCOPE"
-      - sh: "[ ! -z {{.PROJECT_NAME}} ]"
+      - sh: "[ ! -z \"{{.PROJECT_NAME}}\" ]"
         msg: "Missing PROJECT_NAME"
 
     lagoon:project:ensure:github-registry-credentials:

From c8cd46dbfb24db863bdf0c078ed302921ef6115e Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Thu, 2 May 2024 21:28:22 +0200
Subject: [PATCH 017/341] Pull azure comms connection string from keyvault

---
 infrastructure/Taskfile.yml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index aa74ae1a..5d0abfec 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -640,14 +640,14 @@ tasks:
     lagoon:project:ensure:azure-mail-connection-string:
       vars:
         ACS_CONNECTION_STRING:
-          sh: az communication list-key
-              --name communication-servicesa5e3
-              --resource-group
+          sh: az keyvault secret show
+              --subscription "{{.AZURE_SUBSCRIPTION_ID}}"
+              --name azure-communications-connection-string
+              --vault-name
                 $(
-                  terraform -chdir={{.dir_infra}} output -json | jq --raw-output ".resourcegroup_name.value | select (.!=null)"
+                  terraform -chdir={{.dir_infra}} output -json | jq --raw-output ".keyvault_name.value | select (.!=null)"
                 )
-              --query "primaryConnectionString"
-              --output tsv
+              --query value -o tsv
       cmds:
       - task: lagoon:ensure:environment-variable
         vars:

From 9929b91f23e349dbf5d065a539f35c98e34b8ffe Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Thu, 2 May 2024 21:30:20 +0200
Subject: [PATCH 018/341] Release 2024.18.2 to early movers

---
 infrastructure/environments/dplplat01/sites.yaml | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index f92ca8e5..1a6be6a9 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -3,6 +3,10 @@ x-defaults: &default-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
   dpl-cms-release: "2024.18.0"
+x-early-movers: &early-movers-release-image-source
+  releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
+  releaseImageName: dpl-cms-source
+  dpl-cms-release: "2024.18.2"
 sites:
   # Site objects are indexed by a unique key that must be a valid lagoon, and
   # github project name. That is, alphanumeric and dashes.
@@ -35,7 +39,7 @@ sites:
     name: "Aalborg Bibliotekerne"
     description: "The main library site for Aalborg"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE8+vj/1goR+Y42JMD/NbL4PXM4N6DifKbRZjJdyAURp"
-    <<: *default-release-image-source
+    <<: *early-movers-release-image-source
   aarhus:
     name: "Aarhus Kommunes Biblioteker"
     description: "The library site for Aarhus"
@@ -205,7 +209,7 @@ sites:
     name: "Herning Bibliotekerne"
     description: "The main library site for Herning"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA4LZWJFrRQQD65WohscqcmX0uqx7/zXFsK/o2tVY/9B"
-    <<: *default-release-image-source
+    <<: *early-movers-release-image-source
   hillerod:
     name: "Hillerød Bibliotekerne"
     description: "The library site for Hillerød"
@@ -430,7 +434,7 @@ sites:
     name: "Solrød Bibliotek og Kulturhus"
     description: "The library site for Solrød"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF1GwZ4r8QZ7Vebdqiz/mtkifrLU+ZSvlAJshdXjCh5J"
-    <<: *default-release-image-source
+    <<: *early-movers-release-image-source
   sonderborg:
     name: "Biblioteket Sønderborg"
     description: "The library site for Sønderborg"

From 13a77a4a5319e5f0742f7125e57fa3d3527224cf Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Fri, 3 May 2024 06:36:24 +0200
Subject: [PATCH 019/341] Release 2024.18.2 to all sites

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 1a6be6a9..a99d4a59 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -2,7 +2,7 @@
 x-defaults: &default-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
-  dpl-cms-release: "2024.18.0"
+  dpl-cms-release: "2024.18.2"
 x-early-movers: &early-movers-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source

From fe86a7f185581a155f91f4e2996eb780db60fa1f Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Fri, 3 May 2024 14:46:57 +0200
Subject: [PATCH 020/341] Release 2024.18.3 to canary and cms-school for
 testing

---
 infrastructure/environments/dplplat01/sites.yaml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 1a6be6a9..23173e54 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -16,13 +16,15 @@ sites:
     description: "A site to test new releases on"
     releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
     releaseImageName: dpl-cms-source
-    dpl-cms-release: "2024.18.2"
+    dpl-cms-release: "2024.18.3"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIhuA0K7CNvRoe+Xx7RaXG4+a8KcSpzuWn+G4sUPzNWx"
   cms-school:
     name: "CMS-skole"
     description: "Et site til undervisning i CMSet"
+    releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
+    releaseImageName: dpl-cms-source
+    dpl-cms-release: "2024.18.3"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6SzfPFf/XeLeqI342kxuJAlATpDMtgAfqlrLTTbW2m"
-    <<: *default-release-image-source
   customizable-canary:
     name: "Customizable bibliotek - eksempel"
     description: "Eksempel på bibliotek der kører på 'webmaster' plan, og derfor har et modultest-miljø"

From 9d7a9d1c13706015e07aa384e8e60b5f12d212c0 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Fri, 3 May 2024 15:00:20 +0200
Subject: [PATCH 021/341] Add task for setting up an autoscaler for a site

The autoscaler handles scaling the nginx pod (which runs php and nginx) for a particular site.
---
 infrastructure/Taskfile.yml                   | 12 ++++
 .../dpladm/autoscaler.template.yaml           | 25 +++++++
 .../dpladm/bin/dpladm-shared.source           | 68 +++++++++++++++++++
 .../bin/set-up-horizontal-autoscaler.sh       | 21 ++++++
 infrastructure/dpladm/bin/sync-site.sh        | 29 --------
 5 files changed, 126 insertions(+), 29 deletions(-)
 create mode 100644 infrastructure/dpladm/autoscaler.template.yaml
 create mode 100755 infrastructure/dpladm/bin/set-up-horizontal-autoscaler.sh

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index 5d0abfec..d3154c16 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -888,6 +888,18 @@ tasks:
       preconditions:
       - *require_site
 
+    site:autoscaler:
+      desc: Runs the a dpladm setup of horizontal autoscaler, making sure the site has an autoscaler configured
+      deps: [cluster:auth]
+      summary: Run the task without additional variables to see required arguments
+      env:
+        SITES_CONFIG: "{{.dir_env}}/sites.yaml"
+        SITE: "{{.SITE}}"
+      cmds:
+        - dpladm/bin/set-up-horizontal-autoscaler.sh
+      preconditions:
+      - *require_site
+
     sites:list-keys:
       desc: List keys for sites in sites.yaml config
       dir: "{{.dir_env}}"
diff --git a/infrastructure/dpladm/autoscaler.template.yaml b/infrastructure/dpladm/autoscaler.template.yaml
new file mode 100644
index 00000000..4db10ecd
--- /dev/null
+++ b/infrastructure/dpladm/autoscaler.template.yaml
@@ -0,0 +1,25 @@
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: php-nginx-autoscaler
+  namespace: ${SITE_NAME}-${SITE_ENV}
+spec:
+  maxReplicas: 5
+  metrics:
+  - resource:
+      name: memory
+      target:
+        averageUtilization: 500
+        type: Utilization
+    type: Resource
+  - resource:
+      name: cpu
+      target:
+        averageUtilization: 70
+        type: Utilization
+    type: Resource
+  minReplicas: 1
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: nginx
diff --git a/infrastructure/dpladm/bin/dpladm-shared.source b/infrastructure/dpladm/bin/dpladm-shared.source
index e369accc..2eabbbcd 100755
--- a/infrastructure/dpladm/bin/dpladm-shared.source
+++ b/infrastructure/dpladm/bin/dpladm-shared.source
@@ -215,3 +215,71 @@ function syncEnvRepo {
   git push origin "${branchName}"
 }
 
+function print_usage {
+    # Start with a more specific error-message if we're passed the name of a
+    # variable that was missing.
+    if [[ -n "${1:-}" ]]; then
+        echo "Could not find the variable ${1}"
+    fi
+    echo
+    echo "Set the following environment variables before running the script."
+    echo "  SITES_CONFIG: path to the sites.yaml that should be used for site configuration"
+    echo "  SITE:         the sites key in sites.yaml"
+    echo ""
+    echo "  FORCE:  Push even if there is no diff in which case an empty"
+    echo "          commit will be pushed."
+
+    exit 1
+}
+
+function getSitePlan {
+    local plan
+    plan=$(yq eval ".sites.${1}.plan" "${2}")
+    if [[ "${plan}" == "null" ]]; then
+        echo "standard"
+        return
+    fi
+
+    echo "${plan}"
+    return
+}
+
+function setUpHorizontalAutoscaler {
+  local siteName=$1
+  local SITES_CONFIG=$2
+  local plan=$(getSitePlan "${siteName}" "${SITES_CONFIG}")
+
+  local workspace
+  workspace="$(getCleanWorkspacePath)"
+  cd "${workspace}"
+
+  renderAutoscalers "${siteName}" "${plan}"
+  kubectl apply --recursive -f autoscalers
+}
+
+function renderAutoscalers {
+  local siteName=$1
+  local plan=$2
+
+  local scriptDir
+  scriptDir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+  mkdir autoscalers
+
+  local envs=(
+    "main"
+  )
+
+  if [ plan = "webmaster" ]; then
+    local envs=(
+      "main"
+      "moduletest"
+    )
+  fi
+
+  for env in "${envs[@]}"; do
+    export SITE_NAME="$siteName";
+    export SITE_ENV="$env";
+    envsubst '$SITE_NAME $SITE_ENV' < "${scriptDir}/../autoscaler.template.yaml" > "autoscalers/$env.yaml";
+  done
+}
diff --git a/infrastructure/dpladm/bin/set-up-horizontal-autoscaler.sh b/infrastructure/dpladm/bin/set-up-horizontal-autoscaler.sh
new file mode 100755
index 00000000..dfb5c7de
--- /dev/null
+++ b/infrastructure/dpladm/bin/set-up-horizontal-autoscaler.sh
@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+#
+# Reads in a sites.yaml and updates the sites environment repository to bring it
+# in sync with the configuration with regards to eg. the deployed release.
+# This will typically trigger a deployment of the site.
+#
+set -euo pipefail
+IFS=$'\n\t'
+
+SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+source "${SCRIPT_DIR}/dpladm-shared.source"
+
+if [[ -z "${SITES_CONFIG:-}" ]]; then
+    print_usage "SITES_CONFIG"
+fi
+
+if [[ -z "${SITE:-}" ]]; then
+    print_usage "SITE"
+fi
+
+setUpHorizontalAutoscaler "$SITE" "$SITES_CONFIG"
diff --git a/infrastructure/dpladm/bin/sync-site.sh b/infrastructure/dpladm/bin/sync-site.sh
index 9597d785..898d3f62 100755
--- a/infrastructure/dpladm/bin/sync-site.sh
+++ b/infrastructure/dpladm/bin/sync-site.sh
@@ -10,23 +10,6 @@ IFS=$'\n\t'
 SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 source "${SCRIPT_DIR}/dpladm-shared.source"
 
-function print_usage {
-    # Start with a more specific error-message if we're passed the name of a
-    # variable that was missing.
-    if [[ -n "${1:-}" ]]; then
-        echo "Could not find the variable ${1}"
-    fi
-    echo
-    echo "Set the following environment variables before running the script."
-    echo "  SITES_CONFIG: path to the sites.yaml that should be used for site configuration"
-    echo "  SITE:         the sites key in sites.yaml"
-    echo ""
-    echo "  FORCE:  Push even if there is no diff in which case an empty"
-    echo "          commit will be pushed."
-
-    exit 1
-}
-
 function getSiteConfig {
     local config
     config=$(yq eval ".sites.${1}" "${2}")
@@ -77,18 +60,6 @@ function getSiteReleaseImageName {
     return
 }
 
-function getSitePlan {
-    local plan
-    plan=$(yq eval ".sites.${1}.plan" "${2}")
-    if [[ "${plan}" == "null" ]]; then
-        echo "standard"
-        return
-    fi
-
-    echo "${plan}"
-    return
-}
-
 function getSitePrimaryDomain {
     local domain
     domain=$(yq eval ".sites.${1}.primary-domain" "${2}")

From 7cf0277fc99ff895c0c200023b001f70fdfa42ee Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Fri, 3 May 2024 15:29:21 +0200
Subject: [PATCH 022/341] Add support for `importTranslationsCron` in
 sites.yaml, set for cms-school

This allows us to define custom schedules for when translations should be imported. For cms-school we set it to hourly, so we get more frequent data updates here in particular.
---
 infrastructure/dpladm/bin/dpladm-shared.source | 16 ++++++++++------
 infrastructure/dpladm/bin/sync-site.sh         | 18 ++++++++++++++++--
 .../env-repo-template/standard/.lagoon.yml     |  4 ++--
 .../environments/dplplat01/sites.yaml          |  1 +
 4 files changed, 29 insertions(+), 10 deletions(-)

diff --git a/infrastructure/dpladm/bin/dpladm-shared.source b/infrastructure/dpladm/bin/dpladm-shared.source
index e369accc..31848c34 100755
--- a/infrastructure/dpladm/bin/dpladm-shared.source
+++ b/infrastructure/dpladm/bin/dpladm-shared.source
@@ -66,10 +66,12 @@ function renderProfileTemplate {
   local releaseImageRepository=$3
   # Name of the container-image that contains the built release
   local releaseImageName=$4
+  # Cron schedule for importing translations
+  local importTranslationsCron=$5
   # The primary domain of the site (optional)
-  local primaryDomain=${5:-}
+  local primaryDomain=${6:-}
   # A space-seperated list of secondary domains (optional)
-  local secondaryDomainsString=${6:-}
+  local secondaryDomainsString=${7:-}
 
   PRIMARY_DOMAIN=""
   ENABLE_ROUTES=""
@@ -112,12 +114,13 @@ EndOfMessage
   export LAGOON_IMAGES_RELEASE_TAG
   export PRIMARY_DOMAIN
   export SECONDARY_DOMAINS
+  export IMPORT_TRANSLATIONS_CRON=${importTranslationsCron}
 
   # TODO this templating could be quite a bit more flexible.
   # Tell envsubst which variables to replace. This allows other variables to
   # remain untouched.
   # shellcheck disable=SC2016
-  local variablesToSubst='$RELEASE_IMAGE_REPOSITORY $RELEASE_IMAGE_NAME $RELEASE_TAG $ENABLE_ROUTES $LAGOON_IMAGES_RELEASE_TAG $LAGOON_PROJECT_NAME $PRIMARY_DOMAIN $SECONDARY_DOMAINS'
+  local variablesToSubst='$RELEASE_IMAGE_REPOSITORY $RELEASE_IMAGE_NAME $RELEASE_TAG $ENABLE_ROUTES $LAGOON_IMAGES_RELEASE_TAG $LAGOON_PROJECT_NAME $PRIMARY_DOMAIN $SECONDARY_DOMAINS $IMPORT_TRANSLATIONS_CRON'
 
   # Loop through the files we know to contain variables that needs replacing.
   local templateFiles=(
@@ -142,8 +145,9 @@ function syncEnvRepo {
   local branchName=$3
   local releaseImageRepository=$4
   local releaseImageName=$5
-  local primaryDomain="${6:-}"
-  local secondaryDomains="${7:-}"
+  local importTranslationsCron=$6
+  local primaryDomain="${7:-}"
+  local secondaryDomains="${8:-}"
 
   # TODO, preflight checks that verifies this repository looks good to go.
   # makes most sense to do when we're doing more complicated things inside
@@ -176,7 +180,7 @@ function syncEnvRepo {
 
   # Enter the template and rendered it
   cd "${repoName}"
-  renderProfileTemplate "${siteName}" "${releaseTag}" "${releaseImageRepository}" "${releaseImageName}" "${primaryDomain}" "${secondaryDomains}"
+  renderProfileTemplate "${siteName}" "${releaseTag}" "${releaseImageRepository}" "${releaseImageName}" "${importTranslationsCron}" "${primaryDomain}" "${secondaryDomains}"
 
   # Detect changes
   local changedFiles
diff --git a/infrastructure/dpladm/bin/sync-site.sh b/infrastructure/dpladm/bin/sync-site.sh
index 9597d785..5bf39d39 100755
--- a/infrastructure/dpladm/bin/sync-site.sh
+++ b/infrastructure/dpladm/bin/sync-site.sh
@@ -113,6 +113,19 @@ function getSiteSecondaryDomains {
     return
 }
 
+function getSiteImportTranslationsCron {
+    local importTranslationsCron
+    importTranslationsCron=$(yq eval ".sites.${1}.importTranslationsCron" "${2}")
+
+    if [[ "${importTranslationsCron}" == "null" ]]; then
+        echo "M H(2-5) * * *"
+        return
+    fi
+
+    echo "${importTranslationsCron}"
+    return
+}
+
 if [[ -z "${SITES_CONFIG:-}" ]]; then
     print_usage "SITES_CONFIG"
 fi
@@ -148,11 +161,12 @@ failOnErr $? "${siteImageRepository}"
 siteReleaseImageName=$(getSiteReleaseImageName "${SITE}" "${SITES_CONFIG}")
 failOnErr $? "${siteReleaseImageName}"
 plan=$(getSitePlan "${SITE}" "${SITES_CONFIG}")
+importTranslationsCron=$(getSiteImportTranslationsCron "${SITE}" "${SITES_CONFIG}")
 set -o errexit
 
 # Synchronise the sites environment repository.
-syncEnvRepo "${SITE}" "${releaseTag}" "${BRANCH}" "${siteImageRepository}" "${siteReleaseImageName}" "${primaryDomain}" "${secondaryDomains}"
+syncEnvRepo "${SITE}" "${releaseTag}" "${BRANCH}" "${siteImageRepository}" "${siteReleaseImageName}" "${importTranslationsCron}" "${primaryDomain}" "${secondaryDomains}"
 
 if [ "${plan}" = "webmaster" ] && [ "${BRANCH}" = "main" ]; then
-    syncEnvRepo "${SITE}" "${releaseTag}" "moduletest" "${siteImageRepository}" "${siteReleaseImageName}"
+    syncEnvRepo "${SITE}" "${releaseTag}" "moduletest" "${siteImageRepository}" "${siteReleaseImageName}" "${importTranslationsCron}"
 fi
diff --git a/infrastructure/dpladm/env-repo-template/standard/.lagoon.yml b/infrastructure/dpladm/env-repo-template/standard/.lagoon.yml
index a5d24965..11fd2e96 100644
--- a/infrastructure/dpladm/env-repo-template/standard/.lagoon.yml
+++ b/infrastructure/dpladm/env-repo-template/standard/.lagoon.yml
@@ -64,11 +64,11 @@ $SECONDARY_DOMAINS
         command: drush cron
         service: cli
       - name: import translations
-        schedule: "M H(2-5) * * *"
+        schedule: "${IMPORT_TRANSLATIONS_CRON}"
         command: drush locale-check && drush locale-update
         service: cli
       - name: import danish config translations
-        schedule: "M H(2-5) * * *"
+        schedule: "${IMPORT_TRANSLATIONS_CRON}"
         command: drush dpl_po:import-remote-config-po da https://danskernesdigitalebibliotek.github.io/dpl-cms/translations/da.config.po
         service: cli
 
diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index c3b7edd5..51089883 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -24,6 +24,7 @@ sites:
     releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
     releaseImageName: dpl-cms-source
     dpl-cms-release: "2024.18.3"
+    importTranslationsCron: "0 * * * *"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6SzfPFf/XeLeqI342kxuJAlATpDMtgAfqlrLTTbW2m"
   customizable-canary:
     name: "Customizable bibliotek - eksempel"

From 107ee17c5c24220928711f2ff9ee20f04b487526 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Fri, 3 May 2024 16:51:03 +0200
Subject: [PATCH 023/341] Testing primary and secondary domains on canary

---
 infrastructure/environments/dplplat01/sites.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 51089883..bfc708a5 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -17,6 +17,9 @@ sites:
     releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
     releaseImageName: dpl-cms-source
     dpl-cms-release: "2024.18.3"
+    primary-domain: bibliotest.deranged.dk
+    secondary-domains:
+      - www.bibliotest.deranged.dk
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIhuA0K7CNvRoe+Xx7RaXG4+a8KcSpzuWn+G4sUPzNWx"
   cms-school:
     name: "CMS-skole"

From f0e67eacec226e103850dbe27705925a909d74b9 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Fri, 3 May 2024 17:01:31 +0200
Subject: [PATCH 024/341] Release 2024.18.3 to early movers, recategorize who
 is an early mover

The early movers are now:
- cms-school
- herlev (go-live monday)
- billund (go-live monday)
---
 infrastructure/environments/dplplat01/sites.yaml | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 51089883..d22cc669 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -6,7 +6,7 @@ x-defaults: &default-release-image-source
 x-early-movers: &early-movers-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
-  dpl-cms-release: "2024.18.2"
+  dpl-cms-release: "2024.18.3"
 sites:
   # Site objects are indexed by a unique key that must be a valid lagoon, and
   # github project name. That is, alphanumeric and dashes.
@@ -21,11 +21,9 @@ sites:
   cms-school:
     name: "CMS-skole"
     description: "Et site til undervisning i CMSet"
-    releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
-    releaseImageName: dpl-cms-source
-    dpl-cms-release: "2024.18.3"
     importTranslationsCron: "0 * * * *"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6SzfPFf/XeLeqI342kxuJAlATpDMtgAfqlrLTTbW2m"
+    <<: *early-movers-release-image-source
   customizable-canary:
     name: "Customizable bibliotek - eksempel"
     description: "Eksempel på bibliotek der kører på 'webmaster' plan, og derfor har et modultest-miljø"
@@ -42,7 +40,7 @@ sites:
     name: "Aalborg Bibliotekerne"
     description: "The main library site for Aalborg"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE8+vj/1goR+Y42JMD/NbL4PXM4N6DifKbRZjJdyAURp"
-    <<: *early-movers-release-image-source
+    <<: *default-release-image-source
   aarhus:
     name: "Aarhus Kommunes Biblioteker"
     description: "The library site for Aarhus"
@@ -77,7 +75,7 @@ sites:
     name: "Billund Bibliotekerne og Borgerservice"
     description: "The main library site for Billund"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOsUy+dVkL+KxOYz8zSel7mNkcKrEnqDZPHmsU4sfMv/"
-    <<: *default-release-image-source
+    <<: *early-movers-release-image-source
   bornholm:
     name: "Bornholms Folkebiblioteker"
     description: "The library site for Bornholm"
@@ -207,12 +205,12 @@ sites:
     name: "Herlev Bibliotek"
     description: "The library site for Herlev"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICsQ7blUGjtlSdPU4AV7PR21o2Eqg5IMKTCFX3PV/2Mf"
-    <<: *default-release-image-source
+    <<: *early-movers-release-image-source
   herning:
     name: "Herning Bibliotekerne"
     description: "The main library site for Herning"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA4LZWJFrRQQD65WohscqcmX0uqx7/zXFsK/o2tVY/9B"
-    <<: *early-movers-release-image-source
+    <<: *default-release-image-source
   hillerod:
     name: "Hillerød Bibliotekerne"
     description: "The library site for Hillerød"
@@ -437,7 +435,7 @@ sites:
     name: "Solrød Bibliotek og Kulturhus"
     description: "The library site for Solrød"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF1GwZ4r8QZ7Vebdqiz/mtkifrLU+ZSvlAJshdXjCh5J"
-    <<: *early-movers-release-image-source
+    <<: *default-release-image-source
   sonderborg:
     name: "Biblioteket Sønderborg"
     description: "The library site for Sønderborg"

From 404e15d196573d3f89be072267ccd128f16f1171 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Fri, 3 May 2024 17:19:37 +0200
Subject: [PATCH 025/341] Scale up ingress-nginx, based on metrics

Based on data from Grafana this seems like a reasonable level to request to be able to deal with spikes in traffic.

The ingresses (15!) are currently using around 300-400 Mi of memory and
barely perceptible CPU. We would like to run on slightly fewer ingresses
with room to scale up, so this request level (1.1Gi) should accomodate
that wish.

We have 16 Gb memory available on each node, and allowing an ingress to
be a memory heavy instance makes sense. Even at this level, we could
accomodate 14 ingresses on a node, which is a lot! So it seems
reasonable.
---
 .../ingress-nginx/ingres-nginx-values.template.yaml           | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/infrastructure/environments/dplplat01/configuration/ingress-nginx/ingres-nginx-values.template.yaml b/infrastructure/environments/dplplat01/configuration/ingress-nginx/ingres-nginx-values.template.yaml
index 7395568d..46e445ab 100644
--- a/infrastructure/environments/dplplat01/configuration/ingress-nginx/ingres-nginx-values.template.yaml
+++ b/infrastructure/environments/dplplat01/configuration/ingress-nginx/ingres-nginx-values.template.yaml
@@ -20,8 +20,8 @@ controller:
     maxReplicas: 15
   resources:
     requests:
-      cpu: 500m
-      memory: 500Mi
+      cpu: 300m
+      memory: 1100Mi
   service:
     loadBalancerIP: "${INGRESS_IP}"
     externalTrafficPolicy: "Local"

From 302c76a85d40ac78e44b3ec37480466d8c853a6a Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Mon, 6 May 2024 08:49:38 +0200
Subject: [PATCH 026/341] Add primary and secondary domains for
 billund,herlev,kobenhavn

This means we are ready for them to point their DNS at us!
---
 infrastructure/environments/dplplat01/sites.yaml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 51089883..01c8dbab 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -76,6 +76,11 @@ sites:
   billund:
     name: "Billund Bibliotekerne og Borgerservice"
     description: "The main library site for Billund"
+    primary-domain: billundbib.dk
+    secondary-domains:
+      - www.billundbib.dk
+      - billundbibliotek.dk
+      - www.billundbibliotek.dk
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOsUy+dVkL+KxOYz8zSel7mNkcKrEnqDZPHmsU4sfMv/"
     <<: *default-release-image-source
   bornholm:
@@ -206,6 +211,9 @@ sites:
   herlev:
     name: "Herlev Bibliotek"
     description: "The library site for Herlev"
+    primary-domain: www.herlevbibliotek.dk
+    secondary-domains:
+      - herlevbibliotek.dk
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICsQ7blUGjtlSdPU4AV7PR21o2Eqg5IMKTCFX3PV/2Mf"
     <<: *default-release-image-source
   herning:
@@ -281,6 +289,9 @@ sites:
   kobenhavn:
     name: "Københavns Biblioteker"
     description: "The main library site for København"
+    primary-domain: bibliotek.kk.dk
+    secondary-domains:
+      - www.bibliotek.kk.dk
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHaTkDvjLW/b2qVj8FIvtX9x3TxFFZTENn+w2CFELeoC"
     <<: *default-release-image-source
   koge:

From 72a81cee6a58af04e74d2441d79ecebe448a7aaf Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Mon, 6 May 2024 09:07:36 +0200
Subject: [PATCH 027/341] Target varnish service instead of nginx to enable
 caching!

This seems to have been an old setting in how we generated primary routes-  now fixed and deployed for the new launches
---
 infrastructure/dpladm/bin/dpladm-shared.source | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/dpladm/bin/dpladm-shared.source b/infrastructure/dpladm/bin/dpladm-shared.source
index 4ebcc959..2b3c9724 100755
--- a/infrastructure/dpladm/bin/dpladm-shared.source
+++ b/infrastructure/dpladm/bin/dpladm-shared.source
@@ -82,7 +82,7 @@ function renderProfileTemplate {
   if [[ -n "${primaryDomain}" ]]; then
     ENABLE_ROUTES+=$(cat << EndOfMessage
 ${routesIndent}routes:
-${routesIndent}  - nginx:
+${routesIndent}  - varnish:
 EndOfMessage
 )
     PRIMARY_DOMAIN="${singleRouteIndent}- \"${primaryDomain}\""

From 5a401947c7b46e2b86582c17f7176022c98b6a65 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Mon, 6 May 2024 09:11:59 +0200
Subject: [PATCH 028/341] When a primary domain is set, disable autogenerating
 routes for the main environment

---
 infrastructure/dpladm/bin/dpladm-shared.source | 1 +
 1 file changed, 1 insertion(+)

diff --git a/infrastructure/dpladm/bin/dpladm-shared.source b/infrastructure/dpladm/bin/dpladm-shared.source
index 2b3c9724..daebf6ae 100755
--- a/infrastructure/dpladm/bin/dpladm-shared.source
+++ b/infrastructure/dpladm/bin/dpladm-shared.source
@@ -81,6 +81,7 @@ function renderProfileTemplate {
   local singleRouteIndent="${routesIndent}    "
   if [[ -n "${primaryDomain}" ]]; then
     ENABLE_ROUTES+=$(cat << EndOfMessage
+${routesIndent}autogenerateRoutes: false
 ${routesIndent}routes:
 ${routesIndent}  - varnish:
 EndOfMessage

From 7ba8f25e45dbd6cadb15835a7441e43f80d8b109 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Mon, 6 May 2024 10:56:45 +0200
Subject: [PATCH 029/341] Disable Kube{ControllerManager,Proxy,Scheduler}Down
 alerts in Prometheus

These are standard alerts but fail when running on AKS (Azure Kubernetes Service).
---
 .../configuration/prometheus/prometheus-values.yaml         | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/infrastructure/environments/dplplat01/configuration/prometheus/prometheus-values.yaml b/infrastructure/environments/dplplat01/configuration/prometheus/prometheus-values.yaml
index e9c3c052..0e0368a2 100644
--- a/infrastructure/environments/dplplat01/configuration/prometheus/prometheus-values.yaml
+++ b/infrastructure/environments/dplplat01/configuration/prometheus/prometheus-values.yaml
@@ -56,3 +56,9 @@ prometheus:
            requests:
            # Setup a 100Gigabyte disk for holding the metrics.
              storage: 100Gi
+
+defaultRules:
+  disabled:
+    KubeControllerManagerDown: true
+    KubeProxyDown: true
+    KubeSchedulerDown: true

From 19aefaad26e99a9922765a593df7941319a080aa Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Mon, 6 May 2024 17:40:25 +0200
Subject: [PATCH 030/341] Removes lemvig,slagelse,tonder who are not going to
 use the platform

---
 infrastructure/environments/dplplat01/sites.yaml | 15 ---------------
 1 file changed, 15 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 01c8dbab..c84ba26c 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -319,11 +319,6 @@ sites:
     description: "The library site for Lejre"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJUCoDJmWFsXa3nZe7XBa/v1nahzl2GeoT46XAW7ZVQG"
     <<: *default-release-image-source
-  lemvig:
-    name: "Lemvig Bibliotek"
-    description: "The library site for Lemvig"
-    deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINLPu/T7RI4zFZ5+JYJqttf2IAU2GIcUOyRfqA3PlB9W"
-    <<: *default-release-image-source
   lolland:
     name: "LollandBibliotekerne"
     description: "The library site for Lolland"
@@ -439,11 +434,6 @@ sites:
     description: "The library site for Skive"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGpJAKCBMKM9G0qvUGeCRSvz8QNg27r7sDedj15HP7Hh"
     <<: *default-release-image-source
-  slagelse:
-    name: "Slagelse Biblioteker og Borgerservice"
-    description: "The library site for Slagelse"
-    deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAQdh4Doe9DRLdCMApkRLmApfudvVgcVBr27fSG9gwHm"
-    <<: *default-release-image-source
   solrod:
     name: "Solrød Bibliotek og Kulturhus"
     description: "The library site for Solrød"
@@ -494,11 +484,6 @@ sites:
     description: "The library site for Thisted"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII8zoNSiwkKmOSHvtKxSMJiDC9EWbTzhkAUd1+csvnne"
     <<: *default-release-image-source
-  tonder:
-    name: "Tønder Kommunes Biblioteker"
-    description: "The library site for Tønder"
-    deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDUpgNIeuCbzprGnyr+TKcWCvS1aYS49unqhNNVYQGNf"
-    <<: *default-release-image-source
   vallensbaek:
     name: "Vallensbæk Bibliotek"
     description: "The library site for Vallensbæk"

From 1e2bbe7d396ba38554984ed80b6af1151dd5bc4d Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Mon, 6 May 2024 18:02:21 +0200
Subject: [PATCH 031/341] Adjusted pod autoscaler for sites

The base levels for nginx-php pods (requests) 110 Mi memory and 0.02 cpu (by adding the requests for the two containers). Our estimates for a "large" site is that it will use 400 Mi memory and 0.1 cpu. At that point it may make sense to scale, so we adjust levels to fit that - still a very reasonable and low level.

So we set targets for the autoscaler that match a "large" instance and start scaling at that point. This means upping the CPU scaling to 500%, which is 0.1 cpu. Even this may be a low point to start scaling at...
---
 infrastructure/dpladm/autoscaler.template.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/dpladm/autoscaler.template.yaml b/infrastructure/dpladm/autoscaler.template.yaml
index 4db10ecd..089bd2a6 100644
--- a/infrastructure/dpladm/autoscaler.template.yaml
+++ b/infrastructure/dpladm/autoscaler.template.yaml
@@ -15,7 +15,7 @@ spec:
   - resource:
       name: cpu
       target:
-        averageUtilization: 70
+        averageUtilization: 500
         type: Utilization
     type: Resource
   minReplicas: 1

From 4e1c9895eb9daef4b6760f5221298c47a93c2784 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Tue, 7 May 2024 11:02:29 +0200
Subject: [PATCH 032/341] Scale prometheus storage volume

---
 .../dplplat01/configuration/prometheus/prometheus-values.yaml   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/configuration/prometheus/prometheus-values.yaml b/infrastructure/environments/dplplat01/configuration/prometheus/prometheus-values.yaml
index 0e0368a2..988063c0 100644
--- a/infrastructure/environments/dplplat01/configuration/prometheus/prometheus-values.yaml
+++ b/infrastructure/environments/dplplat01/configuration/prometheus/prometheus-values.yaml
@@ -55,7 +55,7 @@ prometheus:
          resources:
            requests:
            # Setup a 100Gigabyte disk for holding the metrics.
-             storage: 100Gi
+             storage: 500Gi
 
 defaultRules:
   disabled:

From e404e0f7bfa2a5e53b3aaa4eb290960ea6165c49 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 8 May 2024 04:39:00 +0000
Subject: [PATCH 033/341] Bump hashicorp/setup-terraform from 3.0.0 to 3.1.1

Bumps [hashicorp/setup-terraform](https://github.com/hashicorp/setup-terraform) from 3.0.0 to 3.1.1.
- [Release notes](https://github.com/hashicorp/setup-terraform/releases)
- [Changelog](https://github.com/hashicorp/setup-terraform/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/setup-terraform/compare/v3.0.0...v3.1.1)

---
updated-dependencies:
- dependency-name: hashicorp/setup-terraform
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/terraform-lint.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/terraform-lint.yaml b/.github/workflows/terraform-lint.yaml
index 6b9b45f6..642aaf61 100644
--- a/.github/workflows/terraform-lint.yaml
+++ b/.github/workflows/terraform-lint.yaml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4.1.1
-      - uses: hashicorp/setup-terraform@v3.0.0
+      - uses: hashicorp/setup-terraform@v3.1.1
       - name: Terraform fmt
         id: fmt
         run: terraform fmt -recursive -check infrastructure/terraform

From 6430b3907eb7bf17d3e4451b07beb70088a96f91 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <me@hypesystem.dk>
Date: Wed, 8 May 2024 10:47:50 +0200
Subject: [PATCH 034/341] Fixed comment no longer correct

Co-authored-by: Achton Smidt Winther <achton@reload.dk>
---
 .../dplplat01/configuration/prometheus/prometheus-values.yaml   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/configuration/prometheus/prometheus-values.yaml b/infrastructure/environments/dplplat01/configuration/prometheus/prometheus-values.yaml
index 988063c0..7cfd5d79 100644
--- a/infrastructure/environments/dplplat01/configuration/prometheus/prometheus-values.yaml
+++ b/infrastructure/environments/dplplat01/configuration/prometheus/prometheus-values.yaml
@@ -54,7 +54,7 @@ prometheus:
          accessModes: ["ReadWriteOnce"]
          resources:
            requests:
-           # Setup a 100Gigabyte disk for holding the metrics.
+           # Setup a disk for holding the metrics.
              storage: 500Gi
 
 defaultRules:

From f5c0c087a5f5ae7f6dbf9ed7529955c6b3d50b48 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Wed, 8 May 2024 10:52:29 +0200
Subject: [PATCH 035/341] After all sites are synced with sites:sync, add
 autoscaler

---
 infrastructure/Taskfile.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index d3154c16..799a49d8 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -938,6 +938,10 @@ tasks:
           task: site:full-sync
           vars:
             SITE: "{{.ITEM}}"
+        - for: { var: sites }
+          task: site:autoscaler
+          vars:
+            SITE: "{{.ITEM}}"
 
     site:full-sync:
       desc: Performs a full syncrhonization from sites.yaml for a single site to running state

From 473486c6f48f072df5a0d0ff676dd24a4f0776e8 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Wed, 8 May 2024 11:01:04 +0200
Subject: [PATCH 036/341] Add internal domains as secondary domains for sites
 with primary domains.

After https://github.com/danskernesdigitalebibliotek/dpl-platform/pull/308 this ensures that we still have those domains live, in case anyone links to them, they will just redirect to the primary domain now instead
---
 infrastructure/environments/dplplat01/sites.yaml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 0402afe9..b3cd3844 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -20,6 +20,8 @@ sites:
     primary-domain: bibliotest.deranged.dk
     secondary-domains:
       - www.bibliotest.deranged.dk
+      - nginx.main.canary.dplplat01.dpl.reload.dk
+      - varnish.main.canary.dplplat01.dpl.reload.dk
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIhuA0K7CNvRoe+Xx7RaXG4+a8KcSpzuWn+G4sUPzNWx"
   cms-school:
     name: "CMS-skole"
@@ -82,6 +84,8 @@ sites:
       - www.billundbib.dk
       - billundbibliotek.dk
       - www.billundbibliotek.dk
+      - nginx.main.billund.dplplat01.dpl.reload.dk
+      - varnish.main.billund.dplplat01.dpl.reload.dk
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOsUy+dVkL+KxOYz8zSel7mNkcKrEnqDZPHmsU4sfMv/"
     <<: *early-movers-release-image-source
   bornholm:
@@ -215,6 +219,8 @@ sites:
     primary-domain: www.herlevbibliotek.dk
     secondary-domains:
       - herlevbibliotek.dk
+      - nginx.main.herlev.dplplat01.dpl.reload.dk
+      - varnish.main.herlev.dplplat01.dpl.reload.dk
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICsQ7blUGjtlSdPU4AV7PR21o2Eqg5IMKTCFX3PV/2Mf"
     <<: *early-movers-release-image-source
   herning:
@@ -293,6 +299,8 @@ sites:
     primary-domain: bibliotek.kk.dk
     secondary-domains:
       - www.bibliotek.kk.dk
+      - nginx.main.kobenhavn.dplplat01.dpl.reload.dk
+      - varnish.main.kobenhavn.dplplat01.dpl.reload.dk
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHaTkDvjLW/b2qVj8FIvtX9x3TxFFZTENn+w2CFELeoC"
     <<: *default-release-image-source
   koge:

From 5ce834eb8eaee4e97176aa6e08df24171b5573b1 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 8 May 2024 11:47:16 +0200
Subject: [PATCH 037/341] adjust cms release to 2024.18.3 for deafult

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index b3cd3844..5fa1e5b4 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -2,7 +2,7 @@
 x-defaults: &default-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
-  dpl-cms-release: "2024.18.2"
+  dpl-cms-release: "2024.18.3"
 x-early-movers: &early-movers-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source

From f74a46f61f426ad3e46fb99d844c0a3e3a4a1448 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 8 May 2024 11:47:55 +0200
Subject: [PATCH 038/341] adjust early movers to use cms version 2024.19.0

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 5fa1e5b4..44c627bf 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -6,7 +6,7 @@ x-defaults: &default-release-image-source
 x-early-movers: &early-movers-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
-  dpl-cms-release: "2024.18.3"
+  dpl-cms-release: "2024.19.0"
 sites:
   # Site objects are indexed by a unique key that must be a valid lagoon, and
   # github project name. That is, alphanumeric and dashes.

From e9d599e15c92bf3fa9155c3abc60858bed85a196 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 8 May 2024 11:48:28 +0200
Subject: [PATCH 039/341] test 2024.19.0 on canary

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 44c627bf..34930ec2 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -16,7 +16,7 @@ sites:
     description: "A site to test new releases on"
     releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
     releaseImageName: dpl-cms-source
-    dpl-cms-release: "2024.18.3"
+    dpl-cms-release: "2024.19.0"
     primary-domain: bibliotest.deranged.dk
     secondary-domains:
       - www.bibliotest.deranged.dk

From d08fa39558a4de0f837f378917579aee74709186 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 8 May 2024 11:48:54 +0200
Subject: [PATCH 040/341] add Aalborg to early movers

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 34930ec2..3bfcdd2b 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -45,7 +45,7 @@ sites:
     name: "Aalborg Bibliotekerne"
     description: "The main library site for Aalborg"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE8+vj/1goR+Y42JMD/NbL4PXM4N6DifKbRZjJdyAURp"
-    <<: *default-release-image-source
+    <<: *early-movers-release-image-source
   aarhus:
     name: "Aarhus Kommunes Biblioteker"
     description: "The library site for Aarhus"

From 94187ee4530e7453c51a923ef57af300e08f7f4e Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 8 May 2024 11:49:36 +0200
Subject: [PATCH 041/341] outcomment domain setup for kbh as that would make it
 impossible for them to test their site for now

---
 infrastructure/environments/dplplat01/sites.yaml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 3bfcdd2b..0245dd16 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -296,11 +296,11 @@ sites:
   kobenhavn:
     name: "Københavns Biblioteker"
     description: "The main library site for København"
-    primary-domain: bibliotek.kk.dk
-    secondary-domains:
-      - www.bibliotek.kk.dk
-      - nginx.main.kobenhavn.dplplat01.dpl.reload.dk
-      - varnish.main.kobenhavn.dplplat01.dpl.reload.dk
+    # primary-domain: bibliotek.kk.dk
+    # secondary-domains:
+    #   - www.bibliotek.kk.dk
+    #   - nginx.main.kobenhavn.dplplat01.dpl.reload.dk
+    #   - varnish.main.kobenhavn.dplplat01.dpl.reload.dk
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHaTkDvjLW/b2qVj8FIvtX9x3TxFFZTENn+w2CFELeoC"
     <<: *default-release-image-source
   koge:

From f245dfa052134e38d864c9930ce4aeb210866ed7 Mon Sep 17 00:00:00 2001
From: Achton Smidt Winther <achton@reload.dk>
Date: Wed, 8 May 2024 13:05:36 +0200
Subject: [PATCH 042/341] Set node pool changes in TF.

---
 .../environments/dplplat01/infrastructure/main.tf           | 6 +++---
 .../terraform/modules/dpl-platform-environment/variables.tf | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/infrastructure/environments/dplplat01/infrastructure/main.tf b/infrastructure/environments/dplplat01/infrastructure/main.tf
index 36009122..728f7e14 100644
--- a/infrastructure/environments/dplplat01/infrastructure/main.tf
+++ b/infrastructure/environments/dplplat01/infrastructure/main.tf
@@ -7,9 +7,9 @@ module "environment" {
   # <environment_name>.dpl.reload.dk
   lagoon_domain_base              = "dplplat01.dpl.reload.dk"
   random_seed                     = "LahYegheePhohGeew9Fa"
-  node_pool_system_count          = 1
-  node_pool_app_default_count_min = 2
-  node_pool_app_default_count_max = 7
+  node_pool_system_count          = 2
+  node_pool_app_default_count_min = 8
+  node_pool_app_default_count_max = 40
   # We've increased this quite a bit to test performance. The ideal starting-
   # point seems to be in the range 102400 - 204800 to get enough IOPS to
   # maintain performance during a Drupal site-install.
diff --git a/infrastructure/terraform/modules/dpl-platform-environment/variables.tf b/infrastructure/terraform/modules/dpl-platform-environment/variables.tf
index 4a3f0c67..44adcf7c 100644
--- a/infrastructure/terraform/modules/dpl-platform-environment/variables.tf
+++ b/infrastructure/terraform/modules/dpl-platform-environment/variables.tf
@@ -33,13 +33,13 @@ variable "location" {
 
 variable "node_pool_admin_count_max" {
   description = "The maximum number of pods to autoscale the administration nodepool to"
-  default     = 3
+  default     = 6
   type        = number
 }
 
 variable "node_pool_admin_count_min" {
   description = "The minimum number of pods to autoscale the administration nodepool to, also used as the initial count for the nodepool"
-  default     = 1
+  default     = 3
   type        = number
 }
 

From 74995a67dc7001addf02a75217467155bbebb25a Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Wed, 8 May 2024 14:04:52 +0200
Subject: [PATCH 043/341] Task for checking for CAA records in all sites in
 sites.yaml

Given primary- and secondary-domains in sites.yaml this task checks through all domains to see if any have a CAA record attached. If they do, this is reported.

CAA records present in a DNS record means that we *must* specify the certificate authority allowed to provision certificates for the domain. If any of the libraries have this record we must get them to adjust it prior to going live.
---
 infrastructure/Taskfile.yml | 10 ++++++++++
 tools/dplsh/Dockerfile      |  3 ++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index 799a49d8..0df010ca 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -987,6 +987,16 @@ tasks:
       preconditions:
       - *require_site
 
+    sites:check-caa:
+      desc: |
+        Checks if a site's primary and secondary domains have CAA records registered, and if they do report it.
+        If a site has these records they must be updated to allow zerossl to provision certificates for the site.
+      cmds:
+        - |
+          cat {{.dir_env}}/sites.yaml \
+            | yq '.sites[] | [ .primary-domain ] + .secondary-domains | .[] | select(. | contains("dplplat01.dpl.reload.dk") | not)' \
+            | xargs -I % -n 1 bash -c 'if (( $(dig % CAA | grep issue | wc -l) > 0 )); then echo "There are CAAs for domain %"; fi'
+
     site:lagoon:project:capture-deploy-key:
       # TODO: print a big message if a deploy key is newly captured, so we know to commit changes!
       desc: Gets the deploy key for a particular project from Lagoon and persists it in sites.yaml
diff --git a/tools/dplsh/Dockerfile b/tools/dplsh/Dockerfile
index 9e6a2042..9f567d36 100644
--- a/tools/dplsh/Dockerfile
+++ b/tools/dplsh/Dockerfile
@@ -47,7 +47,8 @@ RUN apk add --no-cache \
   shadow \
   vim \
   yq \
-  openssh
+  openssh \
+  bind-tools
 
 # Add task, a modern Make equivalent.
 RUN curl -sL https://taskfile.dev/install.sh | bash -s -- -b /usr/local/bin ${TASK_VERSION}

From 465d9eb1f40c56e3bb5e1671d26b83bdbeed94bd Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 8 May 2024 15:18:17 +0200
Subject: [PATCH 044/341] roll out 2024.19.0 out on all sites

---
 infrastructure/environments/dplplat01/sites.yaml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 0245dd16..8fc24da8 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -2,7 +2,7 @@
 x-defaults: &default-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
-  dpl-cms-release: "2024.18.3"
+  dpl-cms-release: "2024.19.0"
 x-early-movers: &early-movers-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
@@ -28,7 +28,7 @@ sites:
     description: "Et site til undervisning i CMSet"
     importTranslationsCron: "0 * * * *"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6SzfPFf/XeLeqI342kxuJAlATpDMtgAfqlrLTTbW2m"
-    <<: *early-movers-release-image-source
+    <<: *default-release-image-source
   customizable-canary:
     name: "Customizable bibliotek - eksempel"
     description: "Eksempel på bibliotek der kører på 'webmaster' plan, og derfor har et modultest-miljø"
@@ -45,7 +45,7 @@ sites:
     name: "Aalborg Bibliotekerne"
     description: "The main library site for Aalborg"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE8+vj/1goR+Y42JMD/NbL4PXM4N6DifKbRZjJdyAURp"
-    <<: *early-movers-release-image-source
+    <<: *default-release-image-source
   aarhus:
     name: "Aarhus Kommunes Biblioteker"
     description: "The library site for Aarhus"
@@ -87,7 +87,7 @@ sites:
       - nginx.main.billund.dplplat01.dpl.reload.dk
       - varnish.main.billund.dplplat01.dpl.reload.dk
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOsUy+dVkL+KxOYz8zSel7mNkcKrEnqDZPHmsU4sfMv/"
-    <<: *early-movers-release-image-source
+    <<: *default-release-image-source
   bornholm:
     name: "Bornholms Folkebiblioteker"
     description: "The library site for Bornholm"
@@ -222,7 +222,7 @@ sites:
       - nginx.main.herlev.dplplat01.dpl.reload.dk
       - varnish.main.herlev.dplplat01.dpl.reload.dk
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICsQ7blUGjtlSdPU4AV7PR21o2Eqg5IMKTCFX3PV/2Mf"
-    <<: *early-movers-release-image-source
+    <<: *default-release-image-source
   herning:
     name: "Herning Bibliotekerne"
     description: "The main library site for Herning"

From d5d18abaddafe9da0189b539c358d955dc432fe0 Mon Sep 17 00:00:00 2001
From: Achton Smidt Winther <achton@reload.dk>
Date: Wed, 8 May 2024 13:47:29 +0200
Subject: [PATCH 045/341] Upgrade AKS and kubectl versions to latest supported
 1.27.x.

---
 infrastructure/environments/dplplat01/infrastructure/main.tf | 2 +-
 tools/dplsh/Dockerfile                                       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/infrastructure/environments/dplplat01/infrastructure/main.tf b/infrastructure/environments/dplplat01/infrastructure/main.tf
index 728f7e14..5dbf3c16 100644
--- a/infrastructure/environments/dplplat01/infrastructure/main.tf
+++ b/infrastructure/environments/dplplat01/infrastructure/main.tf
@@ -16,7 +16,7 @@ module "environment" {
   # When copying this value, consider leaving it out and falling back to the
   # default of 102400.
   sql_storage_mb          = 409600
-  control_plane_version   = "1.26.10"
+  control_plane_version   = "1.27.9"
 }
 
 # Outputs, for values that comes straight from the dpl-platform-environment
diff --git a/tools/dplsh/Dockerfile b/tools/dplsh/Dockerfile
index 9e6a2042..a13a95c2 100644
--- a/tools/dplsh/Dockerfile
+++ b/tools/dplsh/Dockerfile
@@ -25,7 +25,7 @@ ARG KREW_VERSION=v0.4.4
 ARG CERT_MANAGER_VERIFIER_VERSION=0.3.0
 
 # The kubectl version can be bumped as we upgrade the cluster minor version.
-ARG KUBECTL_VERSION=v1.26.10
+ARG KUBECTL_VERSION=v1.27.9
 # kubelogin is a client-go credential plugin implementing azure authentication.
 # https://github.com/Azure/kubelogin/releases
 ARG KUBELOGIN_VERSION=v0.0.34

From 9a11c2305f1d7608c45886cfce0b6c66ae980d55 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Wed, 8 May 2024 15:58:09 +0200
Subject: [PATCH 046/341] Add task for looping through sites and checking if
 they have a logo set up

---
 infrastructure/Taskfile.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index 799a49d8..0ffe9817 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -1019,6 +1019,15 @@ tasks:
       preconditions:
       - *require_site
 
+    sites:report-is-set-up:
+      desc: |
+        Loops through all the sites in sites.yaml and reports whether their logo or logotext has been changed.
+        We use this as an indication for whether the site owners have startet setting up the site.
+      cmds:
+        - |
+          cat {{.dir_env}}/sites.yaml | yq '.sites | keys | .[]' \
+          | xargs -n 1 -I % bash -c 'set -e; if (( $(curl -s https://varnish.main.%.dplplat01.dpl.reload.dk/ | grep "\"header__logo-desktop-link\"" -A 8 | grep "\"logo-fallback\s*\"" -A 4 | grep "Logo title (bold)" | wc -l) > 0 )); then echo "% not yet set up"; fi'
+
     ui-password:
       deps: [cluster:auth]
       desc: Get the password to access a given user interface

From a22d57362a0de3a7bce62bd00ac588c69edef054 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Thu, 9 May 2024 11:35:27 +0200
Subject: [PATCH 047/341] Change format for defining node pools to allow
 dynamically creating new node pools

---
 .../dplplat01/infrastructure/main.tf          |  6 ++-
 .../modules/dpl-platform-environment/aks.tf   | 44 ++++---------------
 .../dpl-platform-environment/variables.tf     |  6 +++
 3 files changed, 18 insertions(+), 38 deletions(-)

diff --git a/infrastructure/environments/dplplat01/infrastructure/main.tf b/infrastructure/environments/dplplat01/infrastructure/main.tf
index 5dbf3c16..6f5ffadd 100644
--- a/infrastructure/environments/dplplat01/infrastructure/main.tf
+++ b/infrastructure/environments/dplplat01/infrastructure/main.tf
@@ -7,9 +7,11 @@ module "environment" {
   # <environment_name>.dpl.reload.dk
   lagoon_domain_base              = "dplplat01.dpl.reload.dk"
   random_seed                     = "LahYegheePhohGeew9Fa"
+  node_pools = {
+    "appdefault": { min: 8, max: 40, vm: "Standard_B4ms" },
+    "admin": { min: 3, max: 6, vm: "Standard_B4ms" }
+  }
   node_pool_system_count          = 2
-  node_pool_app_default_count_min = 8
-  node_pool_app_default_count_max = 40
   # We've increased this quite a bit to test performance. The ideal starting-
   # point seems to be in the range 102400 - 204800 to get enough IOPS to
   # maintain performance during a Drupal site-install.
diff --git a/infrastructure/terraform/modules/dpl-platform-environment/aks.tf b/infrastructure/terraform/modules/dpl-platform-environment/aks.tf
index c18c4f1c..84e06e7f 100644
--- a/infrastructure/terraform/modules/dpl-platform-environment/aks.tf
+++ b/infrastructure/terraform/modules/dpl-platform-environment/aks.tf
@@ -60,38 +60,10 @@ resource "azurerm_kubernetes_cluster" "cluster" {
   }
 }
 
-# Add a nodepool for administrative workloads
-resource "azurerm_kubernetes_cluster_node_pool" "admin" {
-  name                  = "admin"
-  kubernetes_cluster_id = azurerm_kubernetes_cluster.cluster.id
-  vnet_subnet_id        = azurerm_subnet.aks.id
-  node_labels = {
-    "noderole.dplplatform" : "admin"
-  }
-  zones = [
-    "1",
-  ]
-
-  vm_size = var.node_pool_admin_vm_sku
-
-  # Enable autoscaling.
-  enable_auto_scaling = true
-  min_count           = var.node_pool_admin_count_min
-  max_count           = var.node_pool_admin_count_max
-  node_count          = var.node_pool_admin_count_min
-
-  lifecycle {
-    ignore_changes = [
-      # Changed by the autoscaler, so we need to ignore it.
-      node_count
-    ]
-  }
-}
-
-
 # Add a application default nodepool.
-resource "azurerm_kubernetes_cluster_node_pool" "app_default" {
-  name                  = "appdefault"
+resource "azurerm_kubernetes_cluster_node_pool" "pool" {
+  for_each = var.node_pools
+  name                  = each.key
   kubernetes_cluster_id = azurerm_kubernetes_cluster.cluster.id
   vnet_subnet_id        = azurerm_subnet.aks.id
   node_labels = {
@@ -106,15 +78,15 @@ resource "azurerm_kubernetes_cluster_node_pool" "app_default" {
   # low resource requests, we're keeping the number of pods on a node low to
   # avoid running the nodes too hot.
   # Be aware that changing this value will destroy and recreate the nodepool.
-  max_pods = 30
+  max_pods = try(each.value.max_pods, 30)
 
-  vm_size = var.node_pool_app_default_vm_sku
+  vm_size = each.value.vm
 
   # Enable autoscaling.
   enable_auto_scaling = true
-  min_count           = var.node_pool_app_default_count_min
-  max_count           = var.node_pool_app_default_count_max
-  node_count          = var.node_pool_app_default_count_min
+  min_count           = each.value.min
+  max_count           = each.value.max
+  #node_count          = each.value.min
 
   lifecycle {
     ignore_changes = [
diff --git a/infrastructure/terraform/modules/dpl-platform-environment/variables.tf b/infrastructure/terraform/modules/dpl-platform-environment/variables.tf
index 44adcf7c..3c54bda3 100644
--- a/infrastructure/terraform/modules/dpl-platform-environment/variables.tf
+++ b/infrastructure/terraform/modules/dpl-platform-environment/variables.tf
@@ -31,6 +31,12 @@ variable "location" {
   default     = "West Europe"
 }
 
+variable "node_pools" {
+  description = "The node pools (other than the system one) used for the cluster"
+  default     = {}
+  type        = map
+}
+
 variable "node_pool_admin_count_max" {
   description = "The maximum number of pods to autoscale the administration nodepool to"
   default     = 6

From 2547b9c00d10d7822b66a34ecd987baaeecc8f9b Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Thu, 9 May 2024 11:41:48 +0200
Subject: [PATCH 048/341] Allow defining noderole for node pool

---
 infrastructure/environments/dplplat01/infrastructure/main.tf    | 2 +-
 .../terraform/modules/dpl-platform-environment/aks.tf           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/infrastructure/environments/dplplat01/infrastructure/main.tf b/infrastructure/environments/dplplat01/infrastructure/main.tf
index 6f5ffadd..c099a336 100644
--- a/infrastructure/environments/dplplat01/infrastructure/main.tf
+++ b/infrastructure/environments/dplplat01/infrastructure/main.tf
@@ -9,7 +9,7 @@ module "environment" {
   random_seed                     = "LahYegheePhohGeew9Fa"
   node_pools = {
     "appdefault": { min: 8, max: 40, vm: "Standard_B4ms" },
-    "admin": { min: 3, max: 6, vm: "Standard_B4ms" }
+    "admin": { min: 3, max: 6, vm: "Standard_B4ms", role: "admin" }
   }
   node_pool_system_count          = 2
   # We've increased this quite a bit to test performance. The ideal starting-
diff --git a/infrastructure/terraform/modules/dpl-platform-environment/aks.tf b/infrastructure/terraform/modules/dpl-platform-environment/aks.tf
index 84e06e7f..d7d6094c 100644
--- a/infrastructure/terraform/modules/dpl-platform-environment/aks.tf
+++ b/infrastructure/terraform/modules/dpl-platform-environment/aks.tf
@@ -67,7 +67,7 @@ resource "azurerm_kubernetes_cluster_node_pool" "pool" {
   kubernetes_cluster_id = azurerm_kubernetes_cluster.cluster.id
   vnet_subnet_id        = azurerm_subnet.aks.id
   node_labels = {
-    "noderole.dplplatform" : "application"
+    "noderole.dplplatform" : try(each.value.role, "application")
   }
   zones = [
     "1",

From 6af75310d525dbdad8ae9b0aa28641e29354c54a Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Thu, 9 May 2024 11:52:20 +0200
Subject: [PATCH 049/341] Create new node pools on B8ms, start scaling admin
 pool down

---
 infrastructure/environments/dplplat01/infrastructure/main.tf | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/infrastructure/main.tf b/infrastructure/environments/dplplat01/infrastructure/main.tf
index c099a336..78f0cc86 100644
--- a/infrastructure/environments/dplplat01/infrastructure/main.tf
+++ b/infrastructure/environments/dplplat01/infrastructure/main.tf
@@ -9,7 +9,9 @@ module "environment" {
   random_seed                     = "LahYegheePhohGeew9Fa"
   node_pools = {
     "appdefault": { min: 8, max: 40, vm: "Standard_B4ms" },
-    "admin": { min: 3, max: 6, vm: "Standard_B4ms", role: "admin" }
+    "admin": { min: 0, max: 2, vm: "Standard_B4ms", role: "admin" },
+    "app2": { min: 0, max: 20, vm: "Standard_B8ms", max_pods: 100 },
+    "admin2": { min: 1, max: 1, vm: "Standard_B8ms", role: "admin", max_pods: 100 }
   }
   node_pool_system_count          = 2
   # We've increased this quite a bit to test performance. The ideal starting-

From d2a4c56de11f8d2b633a199d5a6215c727041dcf Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Thu, 9 May 2024 11:53:24 +0200
Subject: [PATCH 050/341] Start scaling down appdefault node pool

---
 infrastructure/environments/dplplat01/infrastructure/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/infrastructure/main.tf b/infrastructure/environments/dplplat01/infrastructure/main.tf
index 78f0cc86..b8c9e25e 100644
--- a/infrastructure/environments/dplplat01/infrastructure/main.tf
+++ b/infrastructure/environments/dplplat01/infrastructure/main.tf
@@ -8,7 +8,7 @@ module "environment" {
   lagoon_domain_base              = "dplplat01.dpl.reload.dk"
   random_seed                     = "LahYegheePhohGeew9Fa"
   node_pools = {
-    "appdefault": { min: 8, max: 40, vm: "Standard_B4ms" },
+    "appdefault": { min: 0, max: 10, vm: "Standard_B4ms" },
     "admin": { min: 0, max: 2, vm: "Standard_B4ms", role: "admin" },
     "app2": { min: 0, max: 20, vm: "Standard_B8ms", max_pods: 100 },
     "admin2": { min: 1, max: 1, vm: "Standard_B8ms", role: "admin", max_pods: 100 }

From 4296b5750c135b4b262502a2c4a9451e5400106d Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Thu, 9 May 2024 11:53:51 +0200
Subject: [PATCH 051/341] Remove now-unused vars from module

---
 .../dpl-platform-environment/variables.tf     | 36 -------------------
 1 file changed, 36 deletions(-)

diff --git a/infrastructure/terraform/modules/dpl-platform-environment/variables.tf b/infrastructure/terraform/modules/dpl-platform-environment/variables.tf
index 3c54bda3..46440d7e 100644
--- a/infrastructure/terraform/modules/dpl-platform-environment/variables.tf
+++ b/infrastructure/terraform/modules/dpl-platform-environment/variables.tf
@@ -37,42 +37,6 @@ variable "node_pools" {
   type        = map
 }
 
-variable "node_pool_admin_count_max" {
-  description = "The maximum number of pods to autoscale the administration nodepool to"
-  default     = 6
-  type        = number
-}
-
-variable "node_pool_admin_count_min" {
-  description = "The minimum number of pods to autoscale the administration nodepool to, also used as the initial count for the nodepool"
-  default     = 3
-  type        = number
-}
-
-variable "node_pool_admin_vm_sku" {
-  description = "The SKU of the virtual machines used for the administration nodepool"
-  default     = "Standard_B4ms"
-  type        = string
-}
-
-variable "node_pool_app_default_count_max" {
-  description = "The maximum number of pods to autoscale the default application nodepool to"
-  default     = 3
-  type        = number
-}
-
-variable "node_pool_app_default_count_min" {
-  description = "The minimum number of pods to autoscale the default application nodepool to, also used as the initial count for the nodepool"
-  default     = 1
-  type        = number
-}
-
-variable "node_pool_app_default_vm_sku" {
-  description = "The SKU of the virtual machines used for the default application nodepool"
-  default     = "Standard_B4ms"
-  type        = string
-}
-
 variable "node_pool_system_count" {
   description = "The number of nodes in the system node-pool"
   default     = 1

From d74f5f7706bffebddd93e8cfc032d42c144a87ef Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Thu, 9 May 2024 12:02:07 +0200
Subject: [PATCH 052/341] Terraform lint fix

---
 .../dplplat01/infrastructure/main.tf           | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/infrastructure/environments/dplplat01/infrastructure/main.tf b/infrastructure/environments/dplplat01/infrastructure/main.tf
index b8c9e25e..a2393618 100644
--- a/infrastructure/environments/dplplat01/infrastructure/main.tf
+++ b/infrastructure/environments/dplplat01/infrastructure/main.tf
@@ -5,22 +5,22 @@ module "environment" {
   environment_name = "dplplat01"
   # This variable current _has_ to match the pattern
   # <environment_name>.dpl.reload.dk
-  lagoon_domain_base              = "dplplat01.dpl.reload.dk"
-  random_seed                     = "LahYegheePhohGeew9Fa"
+  lagoon_domain_base = "dplplat01.dpl.reload.dk"
+  random_seed        = "LahYegheePhohGeew9Fa"
   node_pools = {
-    "appdefault": { min: 0, max: 10, vm: "Standard_B4ms" },
-    "admin": { min: 0, max: 2, vm: "Standard_B4ms", role: "admin" },
-    "app2": { min: 0, max: 20, vm: "Standard_B8ms", max_pods: 100 },
-    "admin2": { min: 1, max: 1, vm: "Standard_B8ms", role: "admin", max_pods: 100 }
+    "appdefault" : { min : 0, max : 10, vm : "Standard_B4ms" },
+    "admin" : { min : 0, max : 2, vm : "Standard_B4ms", role : "admin" },
+    "app2" : { min : 0, max : 20, vm : "Standard_B8ms", max_pods : 100 },
+    "admin2" : { min : 1, max : 1, vm : "Standard_B8ms", role : "admin", max_pods : 100 }
   }
-  node_pool_system_count          = 2
+  node_pool_system_count = 2
   # We've increased this quite a bit to test performance. The ideal starting-
   # point seems to be in the range 102400 - 204800 to get enough IOPS to
   # maintain performance during a Drupal site-install.
   # When copying this value, consider leaving it out and falling back to the
   # default of 102400.
-  sql_storage_mb          = 409600
-  control_plane_version   = "1.27.9"
+  sql_storage_mb        = 409600
+  control_plane_version = "1.27.9"
 }
 
 # Outputs, for values that comes straight from the dpl-platform-environment

From c8b068a6f2125b783634a8c8de9f2ff3075ab97d Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Thu, 9 May 2024 12:04:38 +0200
Subject: [PATCH 053/341] Terraform lint fix 2

---
 .../terraform/modules/dpl-platform-environment/aks.tf           | 2 +-
 .../terraform/modules/dpl-platform-environment/variables.tf     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/infrastructure/terraform/modules/dpl-platform-environment/aks.tf b/infrastructure/terraform/modules/dpl-platform-environment/aks.tf
index d7d6094c..221b9dd1 100644
--- a/infrastructure/terraform/modules/dpl-platform-environment/aks.tf
+++ b/infrastructure/terraform/modules/dpl-platform-environment/aks.tf
@@ -62,7 +62,7 @@ resource "azurerm_kubernetes_cluster" "cluster" {
 
 # Add a application default nodepool.
 resource "azurerm_kubernetes_cluster_node_pool" "pool" {
-  for_each = var.node_pools
+  for_each              = var.node_pools
   name                  = each.key
   kubernetes_cluster_id = azurerm_kubernetes_cluster.cluster.id
   vnet_subnet_id        = azurerm_subnet.aks.id
diff --git a/infrastructure/terraform/modules/dpl-platform-environment/variables.tf b/infrastructure/terraform/modules/dpl-platform-environment/variables.tf
index 46440d7e..9ab322fe 100644
--- a/infrastructure/terraform/modules/dpl-platform-environment/variables.tf
+++ b/infrastructure/terraform/modules/dpl-platform-environment/variables.tf
@@ -34,7 +34,7 @@ variable "location" {
 variable "node_pools" {
   description = "The node pools (other than the system one) used for the cluster"
   default     = {}
-  type        = map
+  type        = map(any)
 }
 
 variable "node_pool_system_count" {

From 69f9ad1a76defdc3652b52a7228ce44e1ee6d138 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Thu, 9 May 2024 12:10:52 +0200
Subject: [PATCH 054/341] Make sure node pool version tracks control plane
 version

---
 infrastructure/terraform/modules/dpl-platform-environment/aks.tf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/infrastructure/terraform/modules/dpl-platform-environment/aks.tf b/infrastructure/terraform/modules/dpl-platform-environment/aks.tf
index 221b9dd1..b23f02b8 100644
--- a/infrastructure/terraform/modules/dpl-platform-environment/aks.tf
+++ b/infrastructure/terraform/modules/dpl-platform-environment/aks.tf
@@ -64,6 +64,7 @@ resource "azurerm_kubernetes_cluster" "cluster" {
 resource "azurerm_kubernetes_cluster_node_pool" "pool" {
   for_each              = var.node_pools
   name                  = each.key
+  orchestrator_version  = var.control_plane_version
   kubernetes_cluster_id = azurerm_kubernetes_cluster.cluster.id
   vnet_subnet_id        = azurerm_subnet.aks.id
   node_labels = {

From 3c1289ee9a5af40f6aa6891cb313aa7974931832 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Thu, 9 May 2024 15:30:09 +0200
Subject: [PATCH 055/341] Sync system node pool version with controller version

---
 .../terraform/modules/dpl-platform-environment/aks.tf          | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/infrastructure/terraform/modules/dpl-platform-environment/aks.tf b/infrastructure/terraform/modules/dpl-platform-environment/aks.tf
index b23f02b8..23dfca9d 100644
--- a/infrastructure/terraform/modules/dpl-platform-environment/aks.tf
+++ b/infrastructure/terraform/modules/dpl-platform-environment/aks.tf
@@ -18,6 +18,9 @@ resource "azurerm_kubernetes_cluster" "cluster" {
     node_count = var.node_pool_system_count
     vm_size    = var.node_pool_system_vm_sku
 
+    # Sync node version with control plane version of k8s
+    orchestrator_version  = var.control_plane_version
+
     # Attach the cluster to our private network.
     vnet_subnet_id = azurerm_subnet.aks.id
 

From 375293702fc442b4daacdab2fc912d7eea1017db Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Thu, 9 May 2024 15:30:24 +0200
Subject: [PATCH 056/341] Test and support scaling a node pool manually to 0

---
 .../environments/dplplat01/infrastructure/main.tf |  4 ++--
 .../modules/dpl-platform-environment/aks.tf       | 15 ++++-----------
 2 files changed, 6 insertions(+), 13 deletions(-)

diff --git a/infrastructure/environments/dplplat01/infrastructure/main.tf b/infrastructure/environments/dplplat01/infrastructure/main.tf
index a2393618..40762013 100644
--- a/infrastructure/environments/dplplat01/infrastructure/main.tf
+++ b/infrastructure/environments/dplplat01/infrastructure/main.tf
@@ -8,8 +8,8 @@ module "environment" {
   lagoon_domain_base = "dplplat01.dpl.reload.dk"
   random_seed        = "LahYegheePhohGeew9Fa"
   node_pools = {
-    "appdefault" : { min : 0, max : 10, vm : "Standard_B4ms" },
-    "admin" : { min : 0, max : 2, vm : "Standard_B4ms", role : "admin" },
+    "appdefault" : { count : 0, vm : "Standard_B4ms" },
+    "admin" : { count : 0, vm : "Standard_B4ms", role : "admin" },
     "app2" : { min : 0, max : 20, vm : "Standard_B8ms", max_pods : 100 },
     "admin2" : { min : 1, max : 1, vm : "Standard_B8ms", role : "admin", max_pods : 100 }
   }
diff --git a/infrastructure/terraform/modules/dpl-platform-environment/aks.tf b/infrastructure/terraform/modules/dpl-platform-environment/aks.tf
index 23dfca9d..bb8abbea 100644
--- a/infrastructure/terraform/modules/dpl-platform-environment/aks.tf
+++ b/infrastructure/terraform/modules/dpl-platform-environment/aks.tf
@@ -87,15 +87,8 @@ resource "azurerm_kubernetes_cluster_node_pool" "pool" {
   vm_size = each.value.vm
 
   # Enable autoscaling.
-  enable_auto_scaling = true
-  min_count           = each.value.min
-  max_count           = each.value.max
-  #node_count          = each.value.min
-
-  lifecycle {
-    ignore_changes = [
-      # Changed by the autoscaler, so we need to ignore it.
-      node_count
-    ]
-  }
+  enable_auto_scaling = try(each.value.min, try(each.value.max, null)) != null ? true : false
+  min_count           = try(each.value.min, null)
+  max_count           = try(each.value.max, null)
+  node_count          = try(each.value.count, null)
 }

From b03ca46f3be4120056fae775e48530fa188428d4 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Thu, 9 May 2024 16:05:01 +0200
Subject: [PATCH 057/341] Rightsize app2 based on actual size after moving
 workloads

---
 infrastructure/environments/dplplat01/infrastructure/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/infrastructure/main.tf b/infrastructure/environments/dplplat01/infrastructure/main.tf
index 40762013..f85631c0 100644
--- a/infrastructure/environments/dplplat01/infrastructure/main.tf
+++ b/infrastructure/environments/dplplat01/infrastructure/main.tf
@@ -10,7 +10,7 @@ module "environment" {
   node_pools = {
     "appdefault" : { count : 0, vm : "Standard_B4ms" },
     "admin" : { count : 0, vm : "Standard_B4ms", role : "admin" },
-    "app2" : { min : 0, max : 20, vm : "Standard_B8ms", max_pods : 100 },
+    "app2" : { min : 6, max : 15, vm : "Standard_B8ms", max_pods : 100 },
     "admin2" : { min : 1, max : 1, vm : "Standard_B8ms", role : "admin", max_pods : 100 }
   }
   node_pool_system_count = 2

From 1165a2c3d1608026108078be432534bf8a91e41d Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Fri, 10 May 2024 16:32:56 +0200
Subject: [PATCH 058/341] Remove now-unused node pools

---
 infrastructure/environments/dplplat01/infrastructure/main.tf | 2 --
 1 file changed, 2 deletions(-)

diff --git a/infrastructure/environments/dplplat01/infrastructure/main.tf b/infrastructure/environments/dplplat01/infrastructure/main.tf
index f85631c0..f25d2d89 100644
--- a/infrastructure/environments/dplplat01/infrastructure/main.tf
+++ b/infrastructure/environments/dplplat01/infrastructure/main.tf
@@ -8,8 +8,6 @@ module "environment" {
   lagoon_domain_base = "dplplat01.dpl.reload.dk"
   random_seed        = "LahYegheePhohGeew9Fa"
   node_pools = {
-    "appdefault" : { count : 0, vm : "Standard_B4ms" },
-    "admin" : { count : 0, vm : "Standard_B4ms", role : "admin" },
     "app2" : { min : 6, max : 15, vm : "Standard_B8ms", max_pods : 100 },
     "admin2" : { min : 1, max : 1, vm : "Standard_B8ms", role : "admin", max_pods : 100 }
   }

From 1492b1d3ba45a6e488458d3c759ba145ca0ecd0f Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Mon, 13 May 2024 10:16:20 +0200
Subject: [PATCH 059/341] Aalborg go live

---
 infrastructure/environments/dplplat01/sites.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 8fc24da8..ed9bdbd1 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -45,6 +45,11 @@ sites:
     name: "Aalborg Bibliotekerne"
     description: "The main library site for Aalborg"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE8+vj/1goR+Y42JMD/NbL4PXM4N6DifKbRZjJdyAURp"
+    primary-domain: www.aalborgbibliotekerne.dk
+    secondary-domains:
+      - aalborgbibliotekerne.dk
+      - nginx.main.aalborg.dplplat01.dpl.reload.dk
+      - varnish.main.aalborg.dplplat01.dpl.reload.dk
     <<: *default-release-image-source
   aarhus:
     name: "Aarhus Kommunes Biblioteker"

From e1291617b4b45c50723251c042d2f6fa45c3a852 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Tue, 14 May 2024 17:24:00 +0200
Subject: [PATCH 060/341] Deploy 2024.20.1 to Canary

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index ed9bdbd1..9563b24c 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -16,7 +16,7 @@ sites:
     description: "A site to test new releases on"
     releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
     releaseImageName: dpl-cms-source
-    dpl-cms-release: "2024.19.0"
+    dpl-cms-release: "2024.20.1"
     primary-domain: bibliotest.deranged.dk
     secondary-domains:
       - www.bibliotest.deranged.dk

From 4f33c6095d87cf9b0a9842a3beff804d97a52ec4 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Wed, 15 May 2024 08:41:55 +0200
Subject: [PATCH 061/341] Terraform lint fifx

---
 .../terraform/modules/dpl-platform-environment/aks.tf           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/terraform/modules/dpl-platform-environment/aks.tf b/infrastructure/terraform/modules/dpl-platform-environment/aks.tf
index bb8abbea..bf463690 100644
--- a/infrastructure/terraform/modules/dpl-platform-environment/aks.tf
+++ b/infrastructure/terraform/modules/dpl-platform-environment/aks.tf
@@ -19,7 +19,7 @@ resource "azurerm_kubernetes_cluster" "cluster" {
     vm_size    = var.node_pool_system_vm_sku
 
     # Sync node version with control plane version of k8s
-    orchestrator_version  = var.control_plane_version
+    orchestrator_version = var.control_plane_version
 
     # Attach the cluster to our private network.
     vnet_subnet_id = azurerm_subnet.aks.id

From 761c7930085f594cfe9f2c7429509df66d381317 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 15 May 2024 12:53:09 +0200
Subject: [PATCH 062/341] bump version for deafult and canary

---
 infrastructure/environments/dplplat01/sites.yaml | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 9563b24c..7342b077 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -2,11 +2,7 @@
 x-defaults: &default-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
-  dpl-cms-release: "2024.19.0"
-x-early-movers: &early-movers-release-image-source
-  releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
-  releaseImageName: dpl-cms-source
-  dpl-cms-release: "2024.19.0"
+  dpl-cms-release: "2024.20.2"
 sites:
   # Site objects are indexed by a unique key that must be a valid lagoon, and
   # github project name. That is, alphanumeric and dashes.
@@ -16,7 +12,7 @@ sites:
     description: "A site to test new releases on"
     releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
     releaseImageName: dpl-cms-source
-    dpl-cms-release: "2024.20.1"
+    dpl-cms-release: "2024.20.2"
     primary-domain: bibliotest.deranged.dk
     secondary-domains:
       - www.bibliotest.deranged.dk

From dd175ee1fb3de7b40669986f92969bc36281f490 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 15 May 2024 15:14:43 +0200
Subject: [PATCH 063/341] patch for 2024.20.2

---
 infrastructure/environments/dplplat01/sites.yaml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 7342b077..40f78104 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -3,6 +3,10 @@ x-defaults: &default-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
   dpl-cms-release: "2024.20.2"
+x-patch: &patch-release-image-source
+  releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
+  releaseImageName: dpl-cms-source
+  dpl-cms-release: "2024.20.3"
 sites:
   # Site objects are indexed by a unique key that must be a valid lagoon, and
   # github project name. That is, alphanumeric and dashes.
@@ -228,7 +232,7 @@ sites:
     name: "Herning Bibliotekerne"
     description: "The main library site for Herning"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA4LZWJFrRQQD65WohscqcmX0uqx7/zXFsK/o2tVY/9B"
-    <<: *default-release-image-source
+    <<: *patch-release-image-source
   hillerod:
     name: "Hillerød Bibliotekerne"
     description: "The library site for Hillerød"

From 3e2625d1997f91f05b9c0184327b6be5af08ea9a Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Wed, 15 May 2024 15:35:35 +0200
Subject: [PATCH 064/341] Support `autogenerateRoutes` flag on sites, which
 overrides default autogeneration behavior

Default is autogenerting UNLESS primary domain is set. Now you can override with custom behavior
---
 .../dpladm/bin/dpladm-shared.source           | 24 ++++++++++++-------
 infrastructure/dpladm/bin/sync-site.sh        | 13 +++++++++-
 .../environments/dplplat01/sites.yaml         |  3 +--
 3 files changed, 29 insertions(+), 11 deletions(-)

diff --git a/infrastructure/dpladm/bin/dpladm-shared.source b/infrastructure/dpladm/bin/dpladm-shared.source
index daebf6ae..5729b0b1 100755
--- a/infrastructure/dpladm/bin/dpladm-shared.source
+++ b/infrastructure/dpladm/bin/dpladm-shared.source
@@ -68,20 +68,27 @@ function renderProfileTemplate {
   local releaseImageName=$4
   # Cron schedule for importing translations
   local importTranslationsCron=$5
+  # Flag for whether or not to autogenerate routes
+  local autogenerateRoutes=${6:-}
   # The primary domain of the site (optional)
-  local primaryDomain=${6:-}
+  local primaryDomain=${7:-}
   # A space-seperated list of secondary domains (optional)
-  local secondaryDomainsString=${7:-}
+  local secondaryDomainsString=${8:-}
 
   PRIMARY_DOMAIN=""
-  ENABLE_ROUTES=""
+
   # This is a little bit terrible. As we're injecting this into a yaml-
   # document we need to maintain the indentation
   local routesIndent="    "
   local singleRouteIndent="${routesIndent}    "
+
+  ENABLE_ROUTES=$(cat << EndOfMessage
+${routesIndent}autogenerateRoutes: ${autogenerateRoutes:-true}
+EndOfMessage
+)
   if [[ -n "${primaryDomain}" ]]; then
-    ENABLE_ROUTES+=$(cat << EndOfMessage
-${routesIndent}autogenerateRoutes: false
+    ENABLE_ROUTES=$(cat << EndOfMessage
+${routesIndent}autogenerateRoutes: ${autogenerateRoutes:-false}
 ${routesIndent}routes:
 ${routesIndent}  - varnish:
 EndOfMessage
@@ -147,8 +154,9 @@ function syncEnvRepo {
   local releaseImageRepository=$4
   local releaseImageName=$5
   local importTranslationsCron=$6
-  local primaryDomain="${7:-}"
-  local secondaryDomains="${8:-}"
+  local autogenerateRoutes="${7:-}"
+  local primaryDomain="${8:-}"
+  local secondaryDomains="${9:-}"
 
   # TODO, preflight checks that verifies this repository looks good to go.
   # makes most sense to do when we're doing more complicated things inside
@@ -181,7 +189,7 @@ function syncEnvRepo {
 
   # Enter the template and rendered it
   cd "${repoName}"
-  renderProfileTemplate "${siteName}" "${releaseTag}" "${releaseImageRepository}" "${releaseImageName}" "${importTranslationsCron}" "${primaryDomain}" "${secondaryDomains}"
+  renderProfileTemplate "${siteName}" "${releaseTag}" "${releaseImageRepository}" "${releaseImageName}" "${importTranslationsCron}" "${autogenerateRoutes}" "${primaryDomain}" "${secondaryDomains}"
 
   # Detect changes
   local changedFiles
diff --git a/infrastructure/dpladm/bin/sync-site.sh b/infrastructure/dpladm/bin/sync-site.sh
index 66c2fa23..3caa4c3b 100755
--- a/infrastructure/dpladm/bin/sync-site.sh
+++ b/infrastructure/dpladm/bin/sync-site.sh
@@ -84,6 +84,16 @@ function getSiteSecondaryDomains {
     return
 }
 
+function getSiteAutogenerateRoutes {
+    local autogenerateRoutes
+    autogenerateRoutes=$(yq eval ".sites.${1}.autogenerateRoutes" "${2}")
+    if [[ "${autogenerateRoutes}" == "null" ]]; then
+        echo ""
+        return
+    fi
+    echo "${autogenerateRoutes}"
+}
+
 function getSiteImportTranslationsCron {
     local importTranslationsCron
     importTranslationsCron=$(yq eval ".sites.${1}.importTranslationsCron" "${2}")
@@ -126,6 +136,7 @@ set +o errexit
 # Get the primary and secondary domains from site.yml.
 primaryDomain=$(getSitePrimaryDomain "${SITE}" "${SITES_CONFIG}")
 secondaryDomains=$(getSiteSecondaryDomains "${SITE}" "${SITES_CONFIG}")
+autogenerateRoutes=$(getSiteAutogenerateRoutes "${SITE}" "${SITES_CONFIG}")
 releaseTag=$(getSiteDplCmsRelease "${SITE}" "${SITES_CONFIG}")
 siteImageRepository=$(getSiteReleaseImageRepository "${SITE}" "${SITES_CONFIG}" || exit 1)
 failOnErr $? "${siteImageRepository}"
@@ -136,7 +147,7 @@ importTranslationsCron=$(getSiteImportTranslationsCron "${SITE}" "${SITES_CONFIG
 set -o errexit
 
 # Synchronise the sites environment repository.
-syncEnvRepo "${SITE}" "${releaseTag}" "${BRANCH}" "${siteImageRepository}" "${siteReleaseImageName}" "${importTranslationsCron}" "${primaryDomain}" "${secondaryDomains}"
+syncEnvRepo "${SITE}" "${releaseTag}" "${BRANCH}" "${siteImageRepository}" "${siteReleaseImageName}" "${importTranslationsCron}" "${autogenerateRoutes}" "${primaryDomain}" "${secondaryDomains}"
 
 if [ "${plan}" = "webmaster" ] && [ "${BRANCH}" = "main" ]; then
     syncEnvRepo "${SITE}" "${releaseTag}" "moduletest" "${siteImageRepository}" "${siteReleaseImageName}" "${importTranslationsCron}"
diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 9563b24c..6970deca 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -20,8 +20,7 @@ sites:
     primary-domain: bibliotest.deranged.dk
     secondary-domains:
       - www.bibliotest.deranged.dk
-      - nginx.main.canary.dplplat01.dpl.reload.dk
-      - varnish.main.canary.dplplat01.dpl.reload.dk
+    autogenerateRoutes: true
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIhuA0K7CNvRoe+Xx7RaXG4+a8KcSpzuWn+G4sUPzNWx"
   cms-school:
     name: "CMS-skole"

From 0d8c017aa62abcc688b213aed5aec42fa50668a3 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Wed, 15 May 2024 15:43:47 +0200
Subject: [PATCH 065/341] Add tasks
 `sites:{incomplete-deployments,grep-in-deploy-log}`

- incomplete-deployments lists all sites whose latest deployments are not in status "complete", so we can track which ones failed during deployment
- grep-in-deploy-log takes a NEEDLE and returns for each site the number of matches in their latest deploymentss log
---
 infrastructure/Taskfile.yml | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index 8196afc1..6455f568 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -997,6 +997,31 @@ tasks:
             | yq '.sites[] | [ .primary-domain ] + .secondary-domains | .[] | select(. | contains("dplplat01.dpl.reload.dk") | not)' \
             | xargs -I % -n 1 bash -c 'if (( $(dig % CAA | grep issue | wc -l) > 0 )); then echo "There are CAAs for domain %"; fi'
 
+    sites:incomplete-deployments:
+      desc: |
+        Gets the latest deployment for each production environment and prints its status if it is *not* complete.
+      cmds:
+        - |
+          lagoon list projects --output-json \
+            | jq -r '.data[].projectname'  \
+            | while read -r projectname; do echo "$projectname: $(lagoon list deployments -e main -p $projectname --output-json | jq '.data[0].status')"; done \
+            | grep -v "complete"
+
+    sites:grep-in-deploy-log:
+      desc: |
+        Given a needle `NEEDLE` this task finds all sites whose *latest* deployment log contains a given string
+      cmds:
+        - |
+          set -e
+          lagoon list projects --output-json \
+            | jq -r '.data[].projectname'  \
+            | while read -r projectname; do \
+                buildname=$(lagoon list deployments -e main -p $projectname --output-json | jq '.data[0].name' --raw-output)
+                echo "$projectname: $(lagoon get deployment -e main -p $projectname --name $buildname --logs | grep -E '{{ .NEEDLE }}' | wc -l) matches"
+              done \
+            | grep -v ": 0 matches"
+          echo "done"
+
     site:lagoon:project:capture-deploy-key:
       # TODO: print a big message if a deploy key is newly captured, so we know to commit changes!
       desc: Gets the deploy key for a particular project from Lagoon and persists it in sites.yaml

From f9fcf866259fa15964ae00b0bf7147a0fefd0258 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 15 May 2024 15:48:38 +0200
Subject: [PATCH 066/341] rollback herning to 2024.19.0

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 40f78104..b05006bf 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -6,7 +6,7 @@ x-defaults: &default-release-image-source
 x-patch: &patch-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
-  dpl-cms-release: "2024.20.3"
+  dpl-cms-release: "2024.19.0"
 sites:
   # Site objects are indexed by a unique key that must be a valid lagoon, and
   # github project name. That is, alphanumeric and dashes.

From b5771e54ee1a6acb71216bae3d7dfbbf2c6a463a Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 21 May 2024 12:59:19 +0200
Subject: [PATCH 067/341] upgrade az cli

---
 tools/dplsh/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/dplsh/Dockerfile b/tools/dplsh/Dockerfile
index 67c7771a..5f0cf31e 100644
--- a/tools/dplsh/Dockerfile
+++ b/tools/dplsh/Dockerfile
@@ -10,7 +10,7 @@ FROM hashicorp/terraform:1.7.3 as terraform
 # We use the official azure cli as a base-image. It is itself based on alpine
 # and is quite minimal.
 # https://mcr.microsoft.com/v2/azure-cli/tags/list
-FROM mcr.microsoft.com/azure-cli:2.57.0
+FROM mcr.microsoft.com/azure-cli:2.61.0
 
 # See https://github.com/go-task/task/releases
 ARG TASK_VERSION=v3.36.0

From 5703eb993d744f91142e1b863856f5490815b49a Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 22 May 2024 10:33:10 +0200
Subject: [PATCH 068/341] remove varnish and nginx routes

---
 infrastructure/environments/dplplat01/sites.yaml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 7d9b7910..b493c76f 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -47,8 +47,6 @@ sites:
     primary-domain: www.aalborgbibliotekerne.dk
     secondary-domains:
       - aalborgbibliotekerne.dk
-      - nginx.main.aalborg.dplplat01.dpl.reload.dk
-      - varnish.main.aalborg.dplplat01.dpl.reload.dk
     <<: *default-release-image-source
   aarhus:
     name: "Aarhus Kommunes Biblioteker"

From 54a72ff56dc83e51c6a789074032e5fb176ed799 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Wed, 22 May 2024 11:52:59 +0200
Subject: [PATCH 069/341] Autogenerate routes for aalborg so test system works
 again

---
 infrastructure/environments/dplplat01/sites.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index b493c76f..e858a2f3 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -47,6 +47,7 @@ sites:
     primary-domain: www.aalborgbibliotekerne.dk
     secondary-domains:
       - aalborgbibliotekerne.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   aarhus:
     name: "Aarhus Kommunes Biblioteker"

From 19854c846767ae047b01b1c1f8595db2a4762df3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Mon, 27 May 2024 09:23:35 +0200
Subject: [PATCH 070/341] Deploy 2024.22.0 to Canary

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index e858a2f3..e075887d 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -16,7 +16,7 @@ sites:
     description: "A site to test new releases on"
     releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
     releaseImageName: dpl-cms-source
-    dpl-cms-release: "2024.20.2"
+    dpl-cms-release: "2024.22.0"
     primary-domain: bibliotest.deranged.dk
     secondary-domains:
       - www.bibliotest.deranged.dk

From 776467c52aaf2cc0fb2970dec0eccb8da700ce2b Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Mon, 27 May 2024 09:52:56 +0200
Subject: [PATCH 071/341] Start new node pools with fewer max pods: we are
 migrating workloads here

We experienced very slow workload scheduling seemingly because our pods request very few resources, so there *should* be room to schedule more work as far as k8s can tell, even though there in reality rarely was. We use max pods as a proxy metric to make it less likely we hit this case without scaling the node pool. Annoying, but seems like the best we can do with Lagoon controlling resource requests for the pods they generate, instead of letting us set values.
---
 .../environments/dplplat01/infrastructure/main.tf           | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/infrastructure/environments/dplplat01/infrastructure/main.tf b/infrastructure/environments/dplplat01/infrastructure/main.tf
index f25d2d89..4a514988 100644
--- a/infrastructure/environments/dplplat01/infrastructure/main.tf
+++ b/infrastructure/environments/dplplat01/infrastructure/main.tf
@@ -8,8 +8,10 @@ module "environment" {
   lagoon_domain_base = "dplplat01.dpl.reload.dk"
   random_seed        = "LahYegheePhohGeew9Fa"
   node_pools = {
-    "app2" : { min : 6, max : 15, vm : "Standard_B8ms", max_pods : 100 },
-    "admin2" : { min : 1, max : 1, vm : "Standard_B8ms", role : "admin", max_pods : 100 }
+    "app2" : { min : 0, max : 6, vm : "Standard_B8ms", max_pods : 100 },
+    "app3" : { min : 3, max : 15, vm: "Standard_B8ms", max_pods : 85 },
+    "admin2" : { min : 1, max : 1, vm : "Standard_B8ms", role : "admin", max_pods : 100 },
+    "admin3" : { min : 0, max : 1, vm : "Standard_B8ms", role : "admin", max_pods : 85 },
   }
   node_pool_system_count = 2
   # We've increased this quite a bit to test performance. The ideal starting-

From df41ba42f38c1e683704c34a834d6426cd817270 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Mon, 27 May 2024 10:14:14 +0200
Subject: [PATCH 072/341] Deploy release 2024.22.0 to CMS school

---
 infrastructure/environments/dplplat01/sites.yaml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index e075887d..2d74c48b 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -7,6 +7,10 @@ x-patch: &patch-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
   dpl-cms-release: "2024.19.0"
+x-next: &next-release-image-source
+  releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
+  releaseImageName: dpl-cms-source
+  dpl-cms-release: "2024.22.0"
 sites:
   # Site objects are indexed by a unique key that must be a valid lagoon, and
   # github project name. That is, alphanumeric and dashes.
@@ -27,7 +31,7 @@ sites:
     description: "Et site til undervisning i CMSet"
     importTranslationsCron: "0 * * * *"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6SzfPFf/XeLeqI342kxuJAlATpDMtgAfqlrLTTbW2m"
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   customizable-canary:
     name: "Customizable bibliotek - eksempel"
     description: "Eksempel på bibliotek der kører på 'webmaster' plan, og derfor har et modultest-miljø"

From ebb28b4450bb581c0b537833b385075882d73e29 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Mon, 27 May 2024 10:30:28 +0200
Subject: [PATCH 073/341] Deploy 2024.22.0 to production sites

---
 infrastructure/environments/dplplat01/sites.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 2d74c48b..a097c2b9 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -52,7 +52,7 @@ sites:
     secondary-domains:
       - aalborgbibliotekerne.dk
     autogenerateRoutes: true
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   aarhus:
     name: "Aarhus Kommunes Biblioteker"
     description: "The library site for Aarhus"
@@ -94,7 +94,7 @@ sites:
       - nginx.main.billund.dplplat01.dpl.reload.dk
       - varnish.main.billund.dplplat01.dpl.reload.dk
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOsUy+dVkL+KxOYz8zSel7mNkcKrEnqDZPHmsU4sfMv/"
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   bornholm:
     name: "Bornholms Folkebiblioteker"
     description: "The library site for Bornholm"
@@ -229,7 +229,7 @@ sites:
       - nginx.main.herlev.dplplat01.dpl.reload.dk
       - varnish.main.herlev.dplplat01.dpl.reload.dk
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICsQ7blUGjtlSdPU4AV7PR21o2Eqg5IMKTCFX3PV/2Mf"
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   herning:
     name: "Herning Bibliotekerne"
     description: "The main library site for Herning"

From ca5ca5d7223219277617587f0331bada0112febf Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Mon, 27 May 2024 11:24:28 +0200
Subject: [PATCH 074/341] Migrate to new node pools with a lower max pods
 limit, delete old node pools

---
 .../environments/dplplat01/infrastructure/main.tf           | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/infrastructure/environments/dplplat01/infrastructure/main.tf b/infrastructure/environments/dplplat01/infrastructure/main.tf
index 4a514988..5a39f020 100644
--- a/infrastructure/environments/dplplat01/infrastructure/main.tf
+++ b/infrastructure/environments/dplplat01/infrastructure/main.tf
@@ -8,10 +8,8 @@ module "environment" {
   lagoon_domain_base = "dplplat01.dpl.reload.dk"
   random_seed        = "LahYegheePhohGeew9Fa"
   node_pools = {
-    "app2" : { min : 0, max : 6, vm : "Standard_B8ms", max_pods : 100 },
-    "app3" : { min : 3, max : 15, vm: "Standard_B8ms", max_pods : 85 },
-    "admin2" : { min : 1, max : 1, vm : "Standard_B8ms", role : "admin", max_pods : 100 },
-    "admin3" : { min : 0, max : 1, vm : "Standard_B8ms", role : "admin", max_pods : 85 },
+    "app3" : { min : 7, max : 15, vm: "Standard_B8ms", max_pods : 85 },
+    "admin3" : { min : 1, max : 1, vm : "Standard_B8ms", role : "admin", max_pods : 85 },
   }
   node_pool_system_count = 2
   # We've increased this quite a bit to test performance. The ideal starting-

From 10b016c912b35258bd0fa072b4d746c8a638d72e Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 30 Apr 2024 21:34:52 +0200
Subject: [PATCH 075/341] here's how to set the password of the admin

---
 infrastructure/Taskfile.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index 6455f568..b2bec4bd 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -1082,3 +1082,13 @@ tasks:
         msg: "Could not find directory {{.dir_infra}}"
       - sh: "[ -d {{.dir_configuration}} ]"
         msg: "Could not find directory {{.dir_configuration}}"
+
+    site:admin:password:set:
+      desc: Sets the password for the admin of the selected site
+      deps: [lagoon:cli:config, cluster:auth]
+      dir: "{{.dir_env}}"
+      vars:
+        PROJECT: "{{.PROJECT}}"
+        PASSWORD: "{{.PASSWORD}}"
+      cmds:
+        - lagoon ssh --project {{.PROJECT}} --environment main -C "drush user:password admin '{{.PASSWORD}}'"

From 92a2d905bd0c207ecbbbf520de3dd0092969e17c Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 30 Apr 2024 22:03:49 +0200
Subject: [PATCH 076/341] task to sent an email to anyone

---
 infrastructure/Taskfile.yml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index b2bec4bd..836b4a0f 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -1092,3 +1092,22 @@ tasks:
         PASSWORD: "{{.PASSWORD}}"
       cmds:
         - lagoon ssh --project {{.PROJECT}} --environment main -C "drush user:password admin '{{.PASSWORD}}'"
+
+    mail:sent:
+      desc: Sends an email from DoNotReply@folkebibliotekernescms.dk
+      deps: [cluster:auth]
+      vars:
+        RECIPIENT: "{{.RECIPIENT}}"
+        SUBJECT: "{{.SUBJECT}}"
+        CONTENT: "{{.CONTENT}}"
+        CONNECTION_STRING:
+          sh: az communication list-key
+              --name communication-servicesa5e3
+              --resource-group
+                $(
+                  terraform -chdir={{.dir_infra}} output -json | jq --raw-output ".resourcegroup_name.value | select (.!=null)"
+                )
+              --query "primaryConnectionString"
+              --output tsv
+      cmds:
+        - az communication email send --sender "DoNotReply@folkebibliotekernescms.dk" --subject "{{.SUBJECT}}" --to "{{.RECIPIENT}}" --text "{{.CONTENT}}" --connection-string "{{.CONNECTION_STRING}}"

From ae97841713b966494c7be6c54a6aded84c0368ac Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 1 May 2024 00:28:15 +0200
Subject: [PATCH 077/341] make this task call the mail:sent task

---
 infrastructure/Taskfile.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index 836b4a0f..8e99f230 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -1092,6 +1092,17 @@ tasks:
         PASSWORD: "{{.PASSWORD}}"
       cmds:
         - lagoon ssh --project {{.PROJECT}} --environment main -C "drush user:password admin '{{.PASSWORD}}'"
+        - task: mail:sent
+          vars:
+            SUBJECT: "Logininformation til jeres nye bibliotekssite"
+            RECIPIENT:
+              sh: cat {{.dir_env}}/contacts-and-their-sites.yaml | yq ".sites[\"{{.PROJECT}}\"].contact"
+            CONTENT: |
+                      Dette er en automatisk mail med adgangsinformation til jeres nye biblioteks website.
+
+                      Gå til varnish.main."{{.PROJECT}}".dplplat01.dpl.reload.dk
+                      Her kan du logge ind med brugernavn: admin
+                      og password: "{{.PASSWORD}}"
 
     mail:sent:
       desc: Sends an email from DoNotReply@folkebibliotekernescms.dk

From 93abea6cf5f0fd31b1dadc89d6fbf143bce9da7a Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 1 May 2024 00:29:03 +0200
Subject: [PATCH 078/341] loop over a yaml file with all of the contacts and
 their sites and sent them the information that they need to sign in

---
 infrastructure/Taskfile.yml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index 8e99f230..d7815cae 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -1122,3 +1122,18 @@ tasks:
               --output tsv
       cmds:
         - az communication email send --sender "DoNotReply@folkebibliotekernescms.dk" --subject "{{.SUBJECT}}" --to "{{.RECIPIENT}}" --text "{{.CONTENT}}" --connection-string "{{.CONNECTION_STRING}}"
+
+    site:admins:credentials:mail:
+      desc: Sent email with credentials and site info to admin user on a library site
+      deps: [cluster:auth, lagoon:cli:config]
+      dir: "{{.dir_env}}"
+      vars:
+        siteadmins:
+          sh: cat {{.dir_env}}/contacts-and-their-sites.yaml | yq '.sites | keys | .[]'
+      cmds:
+        - for: { var: siteadmins }
+          task: site:admin:password:set
+          vars:
+            PROJECT: "{{.ITEM}}"
+            PASSWORD:
+              sh: $RANDOM  | md5sum | head -c 20

From e6ffa74d0529be64499a8a99adc8b42e46708b01 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Thu, 2 May 2024 13:35:00 +0200
Subject: [PATCH 079/341] rescrop connection string

---
 infrastructure/Taskfile.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index d7815cae..fc25c8fc 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -657,7 +657,7 @@ tasks:
           PROJECT_NAME: "{{.PROJECT_NAME}}"
       preconditions:
       - sh: "[ ! -z \"{{.PROJECT_NAME}}\" ]"
-        msg: "Missing PROJECT_ID or PROJECT_NAME - at least one must be set"
+        msg: "Missing PROJECT_NAME"
 
     lagoon:add:cluster:
       deps: [cluster:auth]

From 178fdb6b4286e6961f5b180a9fda0fd062dfdba6 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Thu, 2 May 2024 13:38:54 +0200
Subject: [PATCH 080/341] loop over alle the contacts and sent a mail to each
 of them

---
 infrastructure/Taskfile.yml | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index fc25c8fc..7435d2b2 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -1090,19 +1090,20 @@ tasks:
       vars:
         PROJECT: "{{.PROJECT}}"
         PASSWORD: "{{.PASSWORD}}"
+        contacts:
+          sh: yq '.sites.{{.PROJECT}}.contacts[] | path | .[-1]' "{{.dir_env}}/contacts-and-their-sites.yaml"
       cmds:
         - lagoon ssh --project {{.PROJECT}} --environment main -C "drush user:password admin '{{.PASSWORD}}'"
-        - task: mail:sent
+        - for: { var: contacts, as: INDEX}
+          task: mail:sent
           vars:
             SUBJECT: "Logininformation til jeres nye bibliotekssite"
             RECIPIENT:
-              sh: cat {{.dir_env}}/contacts-and-their-sites.yaml | yq ".sites[\"{{.PROJECT}}\"].contact"
-            CONTENT: |
-                      Dette er en automatisk mail med adgangsinformation til jeres nye biblioteks website.
-
-                      Gå til varnish.main."{{.PROJECT}}".dplplat01.dpl.reload.dk
-                      Her kan du logge ind med brugernavn: admin
-                      og password: "{{.PASSWORD}}"
+              sh: yq '.sites.{{.PROJECT}}.contacts[{{.INDEX}}].email' "{{.dir_env}}/contacts-and-their-sites.yaml"
+            CONTACTNAME:
+              sh: yq '.sites.{{.PROJECT}}.contacts[{{.INDEX}}].name' "{{.dir_env}}/contacts-and-their-sites.yaml"
+            PASSWORD: "{{.PASSWORD}}"
+            PROJECT: "{{.PROJECT}}"
 
     mail:sent:
       desc: Sends an email from DoNotReply@folkebibliotekernescms.dk

From fc32069506843c76613afaa88988a2d939a92a82 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Thu, 2 May 2024 13:39:43 +0200
Subject: [PATCH 081/341] move contect so we can utilize the templating

---
 infrastructure/Taskfile.yml | 54 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 53 insertions(+), 1 deletion(-)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index 7435d2b2..a0fd380a 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -1111,7 +1111,59 @@ tasks:
       vars:
         RECIPIENT: "{{.RECIPIENT}}"
         SUBJECT: "{{.SUBJECT}}"
-        CONTENT: "{{.CONTENT}}"
+        CONTENT: |
+                Kære {{.CONTACTNAME}}
+
+                Læs venligst hele mailen før du går i gang. Den indeholder 3 afsnit:
+
+                1. Instruktion om opsætning af brugere
+                2. Loginoplysninger
+                3. En note om certifikatfejl der kan opleves i starten
+
+
+
+                Instruktion om opsætning af brugere:
+
+                Du får hermed adgang til jeres nyt bibliotekssite. Bemærk at medsendte bruger er ens for begge jer, der er kontaktpersoner. Så den første af jer der går ind på sitet skal skifte kodeord og oprette den anden som bruger. Det er vigtigt, at I vælger egne kodeord, så det kun er jer selv der kender det.
+
+                Den brugerkonto der følger med denne mail er af typen Admin, og dermed den brugertype der har flest rettigheder i løsningen (se manualen for beskrivelse af de forskellige brugertyper). Overvej grundigt hvilke brugertyper I giver andre brugere. Af sikkerhedshensyn er det bedre at starte med færre rettigheder for den enkelte, og så "opgradere" dem hvis det bliver nødvendigt.
+
+                Så helt kort:
+
+                - Nulstil kodeord så snart du er logget ind, så det kun er dig der kender det
+
+                - Brug admin-brugeren til at oprette andre brugere, men begræns deres muligheder
+
+                Du kan se mere omkring dette i manualen her:
+                https://www.folkebibliotekernescms.dk/main/startopsaetning/systembrugere/
+
+
+
+                Loginoplysninger:
+
+                Brugernavn: admin
+                Password: {{.PASSWORD}}
+
+                Disse login-oplysninger kan bruges på følgende web-addresse: https://varnish.main.{{.PROJECT}}.dplplat01.dpl.reload.dk
+
+
+
+                En note om certifikatfejl der kan opleves i starten:
+
+                Vi har desværre nogle fejl med certifikater til test-siderne. Det betyder at I kan opleve fejl i jeres browsere når I forsøger at tilgå jeres nye site.
+
+                Hvis I oplever denne fejl kan I i stedet tilgå en web-addresse der starter med "http", i jeres tilfælde http://varnish.main.{{.PROJECT}}.dplplat01.dpl.reload.dk
+
+                Her kan I logge ind og bruge redigeringsmodulerne. Desværre vil login gennem DBC ikke fungere fra denne version af siden.
+
+                Vi arbejder på hurtigst muligt at få sat fungerende certifikater op til alle siderne, og beklager de problemer det måtte skabe for jer!
+
+
+
+                Vi håber I kommer godt igang med vores nye løsning.
+
+                Med venlig hilsen
+                Det Digitale Folkebibliotek
         CONNECTION_STRING:
           sh: az communication list-key
               --name communication-servicesa5e3

From 5e1e1e8772cf3e06e1f190804e4c8b82ef646531 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Thu, 2 May 2024 13:40:27 +0200
Subject: [PATCH 082/341] easier to read command line

---
 infrastructure/Taskfile.yml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index a0fd380a..6d87d8ba 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -1173,8 +1173,13 @@ tasks:
                 )
               --query "primaryConnectionString"
               --output tsv
-      cmds:
-        - az communication email send --sender "DoNotReply@folkebibliotekernescms.dk" --subject "{{.SUBJECT}}" --to "{{.RECIPIENT}}" --text "{{.CONTENT}}" --connection-string "{{.CONNECTION_STRING}}"
+      cmd:
+        -|
+          az communication email send --sender "DoNotReply@folkebibliotekernescms.dk"
+          --subject "{{.SUBJECT}}"
+          --to "{{.RECIPIENT}}"
+          --text "{{.CONTENT}}"
+          --connection-string "{{.CONNECTION_STRING}}"
 
     site:admins:credentials:mail:
       desc: Sent email with credentials and site info to admin user on a library site

From 954245e6e95456948c83b12e30fc19f0110673e9 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Thu, 2 May 2024 13:55:31 +0200
Subject: [PATCH 083/341] add the file that is being read from by the email
 task

---
 .../environments/dplplat01/contacts-and-their-sites.yaml   | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 infrastructure/environments/dplplat01/contacts-and-their-sites.yaml

diff --git a/infrastructure/environments/dplplat01/contacts-and-their-sites.yaml b/infrastructure/environments/dplplat01/contacts-and-their-sites.yaml
new file mode 100644
index 00000000..1341ddd0
--- /dev/null
+++ b/infrastructure/environments/dplplat01/contacts-and-their-sites.yaml
@@ -0,0 +1,7 @@
+sites:
+  somesitename:
+    contacts:
+      - name: "some nam"
+        email: "some@email.tld"
+      - name: "another name"
+        email: "another@email.tld"

From 90136427ebb9dea56b2b468f7b71d4f705ebdce8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Tue, 28 May 2024 13:52:29 +0200
Subject: [PATCH 084/341] Upgrade canary to 2024.22.1

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index a097c2b9..d3e54ec6 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -20,7 +20,7 @@ sites:
     description: "A site to test new releases on"
     releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
     releaseImageName: dpl-cms-source
-    dpl-cms-release: "2024.22.0"
+    dpl-cms-release: "2024.22.1"
     primary-domain: bibliotest.deranged.dk
     secondary-domains:
       - www.bibliotest.deranged.dk

From bacb8b5921ad47afc703887e0de074ab99ab8cf5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Tue, 28 May 2024 13:54:32 +0200
Subject: [PATCH 085/341] Remove custom domains from Canary

It is no longer needed. It also prevents us from logging in with
Adgangsplatformen as the credentials used here are tied to domains.
The custom domain currently used has not been whitelisted.
---
 infrastructure/environments/dplplat01/sites.yaml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index d3e54ec6..a2d6196d 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -21,10 +21,6 @@ sites:
     releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
     releaseImageName: dpl-cms-source
     dpl-cms-release: "2024.22.1"
-    primary-domain: bibliotest.deranged.dk
-    secondary-domains:
-      - www.bibliotest.deranged.dk
-    autogenerateRoutes: true
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIhuA0K7CNvRoe+Xx7RaXG4+a8KcSpzuWn+G4sUPzNWx"
   cms-school:
     name: "CMS-skole"

From f058cbb4ba2d7670b8f5d4fa9d7931d33e9f16f3 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Wed, 29 May 2024 10:46:51 +0200
Subject: [PATCH 086/341] Fix loki config: compactor, limits_config,
 persistence had no effect

Moved the configs to the correct points so they have an effect as reported by the DIFF
---
 .../loki/loki-values.template.yaml            | 23 +++++++++----------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/infrastructure/environments/dplplat01/configuration/loki/loki-values.template.yaml b/infrastructure/environments/dplplat01/configuration/loki/loki-values.template.yaml
index 4632acc2..15e6b158 100644
--- a/infrastructure/environments/dplplat01/configuration/loki/loki-values.template.yaml
+++ b/infrastructure/environments/dplplat01/configuration/loki/loki-values.template.yaml
@@ -5,20 +5,20 @@ ingress:
   enabled: false
 
 # Back the loki instances with storage as a buffer
-persistence:
-  enabled: true
-  accessModes:
-  - ReadWriteOnce
-  size: 16Gi
-
-compactor:
-  retention_enabled: true
-limits_config:
-  # We keep logs for 3 months.
-  retention_period: 93d
+backend:
+  persistence:
+    enabled: true
+    accessModes:
+    - ReadWriteOnce
+    size: 32Gi
 
 loki:
   auth_enabled: false
+  compactor:
+    retention_enabled: true
+  limits_config:
+    # We keep logs for 3 months.
+    retention_period: 93d
   structuredConfig:
     # Setup our index and the azure blob-storage as the storage backend.
     storage_config:
@@ -48,7 +48,6 @@ loki:
           prefix: loki_index_
           period: 24h
 
-
 write:
   replicas: 2
   persistence:

From a1b9e735b656f6dc90de79d8718f15fac22f3276 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Wed, 29 May 2024 10:48:31 +0200
Subject: [PATCH 087/341] Reduce Loki retention period to 30d

---
 .../dplplat01/configuration/loki/loki-values.template.yaml      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/configuration/loki/loki-values.template.yaml b/infrastructure/environments/dplplat01/configuration/loki/loki-values.template.yaml
index 15e6b158..4076284a 100644
--- a/infrastructure/environments/dplplat01/configuration/loki/loki-values.template.yaml
+++ b/infrastructure/environments/dplplat01/configuration/loki/loki-values.template.yaml
@@ -18,7 +18,7 @@ loki:
     retention_enabled: true
   limits_config:
     # We keep logs for 3 months.
-    retention_period: 93d
+    retention_period: 30d
   structuredConfig:
     # Setup our index and the azure blob-storage as the storage backend.
     storage_config:

From 56bda8094689431ffaa33f46a3fb603adfb5bea1 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Thu, 2 May 2024 11:57:42 +0200
Subject: [PATCH 088/341] Add support for skipping steps in deployments so we
 can use our knowledge of a deployment situation to only take necessary steps
 + get faster deploys

---
 infrastructure/Taskfile.yml | 56 ++++++++++++++++++++++++++++++-------
 1 file changed, 46 insertions(+), 10 deletions(-)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index 6d87d8ba..33b2f62f 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -123,7 +123,12 @@ tasks:
                 )
               --query value -o tsv
       cmds:
-        - cmd: terraform -chdir={{.dir_env_repos}} apply {{.OPTIONS}}
+        - cmd: |
+            if [ -z "{{.SKIP}}" ]; then
+              terraform -chdir={{.dir_env_repos}} apply {{.OPTIONS}}
+            else
+              echo "Skipped provisioning."
+            fi
 
 
     terraform:import:
@@ -884,7 +889,12 @@ tasks:
                 )
               --query value -o tsv
       cmds:
-        - dpladm/bin/sync-site.sh
+        - |
+          if [ -z "{{.SKIP}}" ]; then
+            ./dpladm/bin/sync-site.sh
+          else
+            echo "Skipped repo sync."
+          fi
       preconditions:
       - *require_site
 
@@ -934,10 +944,16 @@ tasks:
         - task: env_repos:provision
           vars:
             OPTIONS: "{{.INITIAL_TERRAFORM_OPTIONS}}"
+            SKIP: "{{.SKIP_PROVISION}}"
         - for: { var: sites }
           task: site:full-sync
           vars:
             SITE: "{{.ITEM}}"
+            SKIP_ENSURE_PROJECT: "{{.SKIP_ENSURE_PROJECT}}"
+            SKIP_CAPTURE_DEPLOY_KEY: "{{.SKIP_CAPTURE_DEPLOY_KEY}}"
+            SKIP_PROVISION: "{{.SKIP_PROVISION}}"
+            SKIP_FIRST_DEPLOYMENT: "{{.SKIP_FIRST_DEPLOYMENT}}"
+            SKIP_REPO_SYNC: "{{.SKIP_REPO_SYNC}}"
         - for: { var: sites }
           task: site:autoscaler
           vars:
@@ -950,18 +966,23 @@ tasks:
         - task: site:lagoon:project:ensure
           vars:
             SITE: "{{.SITE}}"
+            SKIP: "{{.SKIP_ENSURE_PROJECT}}"
         - task: site:lagoon:project:capture-deploy-key
           vars:
             SITE: "{{.SITE}}"
+            SKIP: "{{.SKIP_CAPTURE_DEPLOY_KEY}}"
         - task: env_repos:provision
           vars:
             OPTIONS: -refresh=false
+            SKIP: "{{.SKIP_PROVISION}}"
         - task: site:lagoon:ensure-first-deployment
           vars:
             SITE: "{{.SITE}}"
+            SKIP: "{{.SKIP_FIRST_DEPLOYMENT}}"
         - task: site:sync
           vars:
             SITE: "{{.SITE}}"
+            SKIP: "{{.SKIP_REPO_SYNC}}"
       preconditions:
       - *require_site
 
@@ -979,10 +1000,14 @@ tasks:
           sh: if [ "{{.SITE_PLAN}}" = "{{.webmaster_plan_name}}" ]; then echo "{{.production_branch}}|{{.moduletest_branch}}"; else echo "{{.production_branch}}"; fi
       cmds:
         - |
-          if [ "$(lagoon get project --project "{{.SITE}}" --output-json | jq '.data[0].id' --raw-output)" = "0" ]; then
-            PROJECT_NAME="{{.SITE}}" GIT_URL="{{.GIT_URL}}" BRANCHES="{{.BRANCHES}}" task lagoon:project:add;
+          if [ -z "{{.SKIP}}" ]; then
+            if [ "$(lagoon get project --project "{{.SITE}}" --output-json | jq '.data[0].id' --raw-output)" = "0" ]; then
+              PROJECT_NAME="{{.SITE}}" GIT_URL="{{.GIT_URL}}" BRANCHES="{{.BRANCHES}}" task lagoon:project:add;
+            else
+              PROJECT_NAME="{{.SITE}}" GIT_URL="{{.GIT_URL}}" BRANCHES="{{.BRANCHES}}" task lagoon:project:update;
+            fi
           else
-            PROJECT_NAME="{{.SITE}}" GIT_URL="{{.GIT_URL}}" BRANCHES="{{.BRANCHES}}" task lagoon:project:update;
+            echo "Skipped project ensure."
           fi
       preconditions:
       - *require_site
@@ -1032,7 +1057,12 @@ tasks:
           sh: lagoon get project-key --project "{{.SITE}}" --output-json | jq '.data[0].publickey' --raw-output
         SITE: "{{.SITE}}"
       cmds:
-        - yq -i e '.sites["{{.SITE}}"].deploy_key |= "{{.DEPLOY_KEY}}" | (... | select(tag == "!!merge")) tag = ""' sites.yaml
+        - |
+          if [ -z "{{.SKIP}}" ]; then
+            yq -i e '.sites["{{.SITE}}"].deploy_key |= "{{.DEPLOY_KEY}}" | (... | select(tag == "!!merge")) tag = ""' sites.yaml
+          else
+            echo "Skipped capture deploy key."
+          fi
       preconditions:
       - *require_site
 
@@ -1044,12 +1074,18 @@ tasks:
         SITE: "{{.SITE}}"
       cmds:
         - |
-          if [ "$(lagoon list deployments --project "{{.SITE}}" --environment {{.production_branch}} --output-json | jq '.data | length')" = "0" ]; then
-            lagoon deploy branch --project "{{.SITE}}" --branch "{{.production_branch}}";
+          if [ -z "{{.SKIP}}" ]; then
+            if [ "$(lagoon list deployments --project "{{.SITE}}" --environment {{.production_branch}} --output-json | jq '.data | length')" = "0" ]; then
+              lagoon deploy branch --project "{{.SITE}}" --branch "{{.production_branch}}";
+            fi
+          else
+            echo "Skipped deploying branch."
           fi
         - |
-          if [ "$(yq '.sites[env(SITE)].plan' sites.yaml)" = "{{.webmaster_plan_name}}" -a "$(lagoon list deployments --project "{{.SITE}}" --environment {{.moduletest_branch}} --output-json | jq '.data | length')" = "0" ]; then
-            lagoon deploy branch --project "{{.SITE}}" --branch "{{.moduletest_branch}}";
+          if [ -z "{{.SKIP}}" ]; then
+            if [ "$(yq '.sites[env(SITE)].plan' sites.yaml)" = "{{.webmaster_plan_name}}" -a "$(lagoon list deployments --project "{{.SITE}}" --environment {{.moduletest_branch}} --output-json | jq '.data | length')" = "0" ]; then
+              lagoon deploy branch --project "{{.SITE}}" --branch "{{.moduletest_branch}}";
+            fi
           fi
       preconditions:
       - *require_site

From e939cca04304489f99e3980ba613d6d223fdeb37 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 29 May 2024 09:40:17 +0200
Subject: [PATCH 089/341] remove old groups and set new release for deafult

---
 .../environments/dplplat01/sites.yaml         | 20 ++++++-------------
 1 file changed, 6 insertions(+), 14 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index a2d6196d..c27b6e3d 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -2,15 +2,7 @@
 x-defaults: &default-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
-  dpl-cms-release: "2024.20.2"
-x-patch: &patch-release-image-source
-  releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
-  releaseImageName: dpl-cms-source
-  dpl-cms-release: "2024.19.0"
-x-next: &next-release-image-source
-  releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
-  releaseImageName: dpl-cms-source
-  dpl-cms-release: "2024.22.0"
+  dpl-cms-release: "2024.22.1"
 sites:
   # Site objects are indexed by a unique key that must be a valid lagoon, and
   # github project name. That is, alphanumeric and dashes.
@@ -27,7 +19,7 @@ sites:
     description: "Et site til undervisning i CMSet"
     importTranslationsCron: "0 * * * *"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6SzfPFf/XeLeqI342kxuJAlATpDMtgAfqlrLTTbW2m"
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   customizable-canary:
     name: "Customizable bibliotek - eksempel"
     description: "Eksempel på bibliotek der kører på 'webmaster' plan, og derfor har et modultest-miljø"
@@ -48,7 +40,7 @@ sites:
     secondary-domains:
       - aalborgbibliotekerne.dk
     autogenerateRoutes: true
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   aarhus:
     name: "Aarhus Kommunes Biblioteker"
     description: "The library site for Aarhus"
@@ -90,7 +82,7 @@ sites:
       - nginx.main.billund.dplplat01.dpl.reload.dk
       - varnish.main.billund.dplplat01.dpl.reload.dk
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOsUy+dVkL+KxOYz8zSel7mNkcKrEnqDZPHmsU4sfMv/"
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   bornholm:
     name: "Bornholms Folkebiblioteker"
     description: "The library site for Bornholm"
@@ -225,12 +217,12 @@ sites:
       - nginx.main.herlev.dplplat01.dpl.reload.dk
       - varnish.main.herlev.dplplat01.dpl.reload.dk
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICsQ7blUGjtlSdPU4AV7PR21o2Eqg5IMKTCFX3PV/2Mf"
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   herning:
     name: "Herning Bibliotekerne"
     description: "The main library site for Herning"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA4LZWJFrRQQD65WohscqcmX0uqx7/zXFsK/o2tVY/9B"
-    <<: *patch-release-image-source
+    <<: *default-release-image-source
   hillerod:
     name: "Hillerød Bibliotekerne"
     description: "The library site for Hillerød"

From 5ba3c887e2d69193fb4a6a7e9b416e2aedbd47cc Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 29 May 2024 11:56:13 +0200
Subject: [PATCH 090/341] introduce skip logic to start from the site a
 deployment failed at

---
 infrastructure/Taskfile.yml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index 33b2f62f..1975e648 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -940,6 +940,7 @@ tasks:
       vars:
         sites:
           sh: cat {{.dir_env}}/sites.yaml | yq '.sites | keys | .[]'
+        START_FROM_SITE: "{{.START_FROM_SITE}}"
       cmds:
         - task: env_repos:provision
           vars:
@@ -954,6 +955,24 @@ tasks:
             SKIP_PROVISION: "{{.SKIP_PROVISION}}"
             SKIP_FIRST_DEPLOYMENT: "{{.SKIP_FIRST_DEPLOYMENT}}"
             SKIP_REPO_SYNC: "{{.SKIP_REPO_SYNC}}"
+            SKIP:
+              sh: |
+                if [ -z "{{.START_FROM_SITE}}" ]; then
+                  exit 0
+                fi
+                pos_startfrom=$(echo "{{.sites}}" | awk -v item="{{.START_FROM_SITE}}" '{if($0 == item) print NR}')
+                pos_currentsite=$(echo "{{.sites}}" | awk -v item="{{.ITEM}}" '{if($0 == item) print NR}')
+
+                if [ -z "$pos_startfrom" ] || [ -z "$pos_currentsite" ]; then
+                  exit 0
+                fi
+
+                if [ "$pos_startfrom" -lt "$pos_currentsite" ]; then
+                  exit 0
+                else
+                  echo -n "true"
+                  exit 0
+                fi
         - for: { var: sites }
           task: site:autoscaler
           vars:

From 910c4a8f25dae920970dc59c784f41bf05d426dc Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 29 May 2024 11:56:34 +0200
Subject: [PATCH 091/341] add vesthimmerland domains

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index c27b6e3d..dc39120c 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -512,6 +512,10 @@ sites:
     name: "Vesthimmerlands Biblioteker"
     description: "The library site for Vesthimmerland"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKNqMIGZql1EAivzzOPpcq2DmC5tPnA1KvLgtnJBqd1F"
+    primary-domain: "vhbib.dk"
+    secondary-domains:
+      - "www.vhbib.dk"
+    autogenerateRoutes: true
     <<: *default-release-image-source
   viborg:
     name: "Viborg Bibliotekerne"

From 1a97f65ca030ebb9b4ac203cc5e4267c099d51eb Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 29 May 2024 13:01:36 +0200
Subject: [PATCH 092/341] use less than or equals

---
 infrastructure/Taskfile.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index 1975e648..09a8b005 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -967,7 +967,7 @@ tasks:
                   exit 0
                 fi
 
-                if [ "$pos_startfrom" -lt "$pos_currentsite" ]; then
+                if [ "$pos_startfrom" -le "$pos_currentsite" ]; then
                   exit 0
                 else
                   echo -n "true"

From 8b4f154dd7df151fd77b83d7ca36cf8400f225f2 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 29 May 2024 13:02:03 +0200
Subject: [PATCH 093/341] uf skip is set, overule individual skip steps

---
 infrastructure/Taskfile.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index 09a8b005..a2aa3e35 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -985,23 +985,23 @@ tasks:
         - task: site:lagoon:project:ensure
           vars:
             SITE: "{{.SITE}}"
-            SKIP: "{{.SKIP_ENSURE_PROJECT}}"
+            SKIP: "{{.SKIP_ENSURE_PROJECT}}{{.SKIP}}"
         - task: site:lagoon:project:capture-deploy-key
           vars:
             SITE: "{{.SITE}}"
-            SKIP: "{{.SKIP_CAPTURE_DEPLOY_KEY}}"
+            SKIP: "{{.SKIP_CAPTURE_DEPLOY_KEY}}{{.SKIP}}"
         - task: env_repos:provision
           vars:
             OPTIONS: -refresh=false
-            SKIP: "{{.SKIP_PROVISION}}"
+            SKIP: "{{.SKIP_PROVISION}}{{.SKIP}}"
         - task: site:lagoon:ensure-first-deployment
           vars:
             SITE: "{{.SITE}}"
-            SKIP: "{{.SKIP_FIRST_DEPLOYMENT}}"
+            SKIP: "{{.SKIP_FIRST_DEPLOYMENT}}{{.SKIP}}"
         - task: site:sync
           vars:
             SITE: "{{.SITE}}"
-            SKIP: "{{.SKIP_REPO_SYNC}}"
+            SKIP: "{{.SKIP_REPO_SYNC}}{{.SKIP}}"
       preconditions:
       - *require_site
 

From 8b68c93800f2fa11198fd60b6201cd4b3f502f8f Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <me@hypesystem.dk>
Date: Wed, 29 May 2024 13:03:19 +0200
Subject: [PATCH 094/341] Fix comment for log retention

Co-authored-by: Achton Smidt Winther <achton@reload.dk>
---
 .../dplplat01/configuration/loki/loki-values.template.yaml      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/configuration/loki/loki-values.template.yaml b/infrastructure/environments/dplplat01/configuration/loki/loki-values.template.yaml
index 4076284a..f5af3015 100644
--- a/infrastructure/environments/dplplat01/configuration/loki/loki-values.template.yaml
+++ b/infrastructure/environments/dplplat01/configuration/loki/loki-values.template.yaml
@@ -17,7 +17,7 @@ loki:
   compactor:
     retention_enabled: true
   limits_config:
-    # We keep logs for 3 months.
+    # We keep logs for 1 month.
     retention_period: 30d
   structuredConfig:
     # Setup our index and the azure blob-storage as the storage backend.

From b6996e40ba8b26754e9c0ea9a40586024dd60f13 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 29 May 2024 13:53:48 +0200
Subject: [PATCH 095/341] remove autoGenerateRoutes for aalborg and fix primary
 secondary domains for vesthimmerland

---
 infrastructure/environments/dplplat01/sites.yaml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index dc39120c..c4f55f8a 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -39,7 +39,8 @@ sites:
     primary-domain: www.aalborgbibliotekerne.dk
     secondary-domains:
       - aalborgbibliotekerne.dk
-    autogenerateRoutes: true
+      - nginx.main.aalborg.dplplat01.dpl.reload.dk
+      - varnish.main.aalborg.dplplat01.dpl.reload.dk
     <<: *default-release-image-source
   aarhus:
     name: "Aarhus Kommunes Biblioteker"
@@ -512,9 +513,9 @@ sites:
     name: "Vesthimmerlands Biblioteker"
     description: "The library site for Vesthimmerland"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKNqMIGZql1EAivzzOPpcq2DmC5tPnA1KvLgtnJBqd1F"
-    primary-domain: "vhbib.dk"
+    primary-domain: "www.vhbib.dk"
     secondary-domains:
-      - "www.vhbib.dk"
+      - "vhbib.dk"
     autogenerateRoutes: true
     <<: *default-release-image-source
   viborg:

From 4943765ab853aebbe60bd9d750a79b98f30d740a Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 29 May 2024 19:55:25 +0200
Subject: [PATCH 096/341] set domains and autoGenerateRoutes for Struer and
 Faxe

---
 infrastructure/environments/dplplat01/sites.yaml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index c4f55f8a..485536b0 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -128,6 +128,10 @@ sites:
     name: "Faxe Kommunes Bibliotek & Borgerservice"
     description: "The library site for Faxe"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBkdxUoBx0ZAXfMfA0rRUNo2EcUK39fp0M/zKJPOcYx2"
+    primary-domain: "www.faxebibliotek.dk"
+    secondary-domains:
+      - "faxebibliotek.dk"
+    autogenerateRoutes: true
     <<: *default-release-image-source
   fredensborg:
     name: "Fredensborg Bibliotekerne"
@@ -463,6 +467,10 @@ sites:
     name: "Struer Bibliotek"
     description: "The library site for Struer"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAcZDg9Veyvl3u/TGG0lIw6Z8osrEZwd4HhcXvbABAsH"
+    primary-domain: "www.struerbibliotek.dk"
+    secondary-domain:
+      - "struerbibliotek.dk"
+    autogenerateRoutes: true
     <<: *default-release-image-source
   sydslesvig:
     name: "Dansk Centralbibliotek for Sydslesvig e.V."

From b71e3427dee5dca1466656e0eebb368e73e55e92 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 28 May 2024 15:38:18 +0200
Subject: [PATCH 097/341] this add a one-time task that allows us quickly send
 a new admin their credentials

---
 infrastructure/Taskfile.yml | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index a2aa3e35..e2885680 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -1160,6 +1160,28 @@ tasks:
             PASSWORD: "{{.PASSWORD}}"
             PROJECT: "{{.PROJECT}}"
 
+
+    site:local-admin:password:create-and-notify:
+      desc: Sets the password for the admin of the selected site
+      deps: [lagoon:cli:config, cluster:auth]
+      dir: "{{.dir_env}}"
+      vars:
+        PROJECT: "{{.PROJECT}}"
+        PASSWORD: "{{.PASSWORD}}"
+        MAIL: "{{.MAIL}}"
+        USERNAME: "{{.USERNAME}}"
+        CONTACTNAME: "{{.CONTACTNAME}}"
+      cmds:
+        - lagoon ssh --project {{.PROJECT}} --environment main -C "drush user:create '{{.USERNAME}}' --mail='{{.MAIL}}' --password='{{.PASSWORD}}'"
+        - lagoon ssh --project {{.PROJECT}} --environment main -C "drush user:role:add 'local_administrator' '{{.USERNAME}}'"
+        - task: mail:sent
+          vars:
+            SUBJECT: "Logininformation til jeres nye bibliotekssite"
+            RECIPIENT: "{{.MAIL}}"
+            CONTACTNAME: "{{.CONTACTNAME}}"
+            PASSWORD: "{{.PASSWORD}}"
+            PROJECT: "{{.PROJECT}}"
+
     mail:sent:
       desc: Sends an email from DoNotReply@folkebibliotekernescms.dk
       deps: [cluster:auth]
@@ -1196,7 +1218,7 @@ tasks:
 
                 Loginoplysninger:
 
-                Brugernavn: admin
+                Brugernavn: {{.USERNAME}}
                 Password: {{.PASSWORD}}
 
                 Disse login-oplysninger kan bruges på følgende web-addresse: https://varnish.main.{{.PROJECT}}.dplplat01.dpl.reload.dk

From 509f7318a1242c4776c278aa2729cef0b0297bb4 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 29 May 2024 20:15:07 +0200
Subject: [PATCH 098/341] change to present tense

---
 infrastructure/Taskfile.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index e2885680..6996adb3 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -1150,7 +1150,7 @@ tasks:
       cmds:
         - lagoon ssh --project {{.PROJECT}} --environment main -C "drush user:password admin '{{.PASSWORD}}'"
         - for: { var: contacts, as: INDEX}
-          task: mail:sent
+          task: mail:send
           vars:
             SUBJECT: "Logininformation til jeres nye bibliotekssite"
             RECIPIENT:
@@ -1182,7 +1182,7 @@ tasks:
             PASSWORD: "{{.PASSWORD}}"
             PROJECT: "{{.PROJECT}}"
 
-    mail:sent:
+    mail:send:
       desc: Sends an email from DoNotReply@folkebibliotekernescms.dk
       deps: [cluster:auth]
       vars:

From a97c08c909b0dcc1a8802d09631b563d50d77fb2 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 28 May 2024 20:44:47 +0200
Subject: [PATCH 099/341] make mail:sent more utilizable for other tasks

---
 infrastructure/Taskfile.yml | 77 +++++++++++++++++++++++++++++++++----
 1 file changed, 69 insertions(+), 8 deletions(-)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index 6996adb3..ebf4d45e 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -1160,6 +1160,67 @@ tasks:
             PASSWORD: "{{.PASSWORD}}"
             PROJECT: "{{.PROJECT}}"
 
+    mail:send:
+      desc: Sends an email from DoNotReply@folkebibliotekernescms.dk
+      deps: [cluster:auth]
+      vars:
+        RECIPIENT: "{{.RECIPIENT}}"
+        SUBJECT: "{{.SUBJECT}}"
+        CONTENT: |
+            CONTENT: |
+                Kære {{.CONTACTNAME}}
+
+                Læs venligst hele mailen før du går i gang. Den indeholder 3 afsnit:
+
+                1. Instruktion om opsætning af brugere
+                2. Loginoplysninger
+                3. En note om certifikatfejl der kan opleves i starten
+
+
+
+                Instruktion om opsætning af brugere:
+
+                Du får hermed adgang til jeres nyt bibliotekssite. Bemærk at medsendte bruger er ens for begge jer, der er kontaktpersoner. Så den første af jer der går ind på sitet skal skifte kodeord og oprette den anden som bruger. Det er vigtigt, at I vælger egne kodeord, så det kun er jer selv der kender det.
+
+                Den brugerkonto der følger med denne mail er af typen Admin, og dermed den brugertype der har flest rettigheder i løsningen (se manualen for beskrivelse af de forskellige brugertyper). Overvej grundigt hvilke brugertyper I giver andre brugere. Af sikkerhedshensyn er det bedre at starte med færre rettigheder for den enkelte, og så "opgradere" dem hvis det bliver nødvendigt.
+
+                Så helt kort:
+
+                - Nulstil kodeord så snart du er logget ind, så det kun er dig der kender det
+
+                - Brug admin-brugeren til at oprette andre brugere, men begræns deres muligheder
+
+                Du kan se mere omkring dette i manualen her:
+                https://www.folkebibliotekernescms.dk/main/startopsaetning/systembrugere/
+
+
+
+                Loginoplysninger:
+
+                Brugernavn: {{.USERNAME}}
+                Password: {{.PASSWORD}}
+
+                Disse login-oplysninger kan bruges på følgende web-addresse: https://varnish.main.{{.PROJECT}}.dplplat01.dpl.reload.dk
+
+
+
+                En note om certifikatfejl der kan opleves i starten:
+
+                Vi har desværre nogle fejl med certifikater til test-siderne. Det betyder at I kan opleve fejl i jeres browsere når I forsøger at tilgå jeres nye site.
+
+                Hvis I oplever denne fejl kan I i stedet tilgå en web-addresse der starter med "http", i jeres tilfælde http://varnish.main.{{.PROJECT}}.dplplat01.dpl.reload.dk
+
+                Her kan I logge ind og bruge redigeringsmodulerne. Desværre vil login gennem DBC ikke fungere fra denne version af siden.
+
+                Vi arbejder på hurtigst muligt at få sat fungerende certifikater op til alle siderne, og beklager de problemer det måtte skabe for jer!
+
+
+
+                Vi håber I kommer godt igang med vores nye løsning.
+
+                Med venlig hilsen
+                Det Digitale Folkebibliotek
+
 
     site:local-admin:password:create-and-notify:
       desc: Sets the password for the admin of the selected site
@@ -1181,14 +1242,7 @@ tasks:
             CONTACTNAME: "{{.CONTACTNAME}}"
             PASSWORD: "{{.PASSWORD}}"
             PROJECT: "{{.PROJECT}}"
-
-    mail:send:
-      desc: Sends an email from DoNotReply@folkebibliotekernescms.dk
-      deps: [cluster:auth]
-      vars:
-        RECIPIENT: "{{.RECIPIENT}}"
-        SUBJECT: "{{.SUBJECT}}"
-        CONTENT: |
+            CONTENT: |
                 Kære {{.CONTACTNAME}}
 
                 Læs venligst hele mailen før du går i gang. Den indeholder 3 afsnit:
@@ -1241,6 +1295,13 @@ tasks:
 
                 Med venlig hilsen
                 Det Digitale Folkebibliotek
+    mail:sent:
+      desc: Sends an email from DoNotReply@folkebibliotekernescms.dk
+      deps: [cluster:auth]
+      vars:
+        RECIPIENT: "{{.RECIPIENT}}"
+        SUBJECT: "{{.SUBJECT}}"
+        CONTENT: '{{.CONTENT}}'
         CONNECTION_STRING:
           sh: az communication list-key
               --name communication-servicesa5e3

From 31bae12109f8171c0d0e59cdb3dbf3d19b58102e Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 28 May 2024 20:45:15 +0200
Subject: [PATCH 100/341] make it a lot faster to reset an admin password and
 notify them

---
 infrastructure/Taskfile.yml | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index ebf4d45e..47f81394 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -1295,6 +1295,34 @@ tasks:
 
                 Med venlig hilsen
                 Det Digitale Folkebibliotek
+
+
+    site:local-admin:password:reset:
+      desc: Resets the password for the local admin of a site
+      deps: [cluster:auth, lagoon:cli:config]
+      dir: "{{.dir_env}}"
+      vars:
+        PROJECT: "{{.PROJECT}}"
+        USERNAME: "{{.USERNAME}}"
+        EMAIL: "{{.EMAIL}}"
+        PASSWORD:
+          sh: $RANDOM  | md5sum | head -c 20
+      cmds:
+        - lagoon ssh --project {{.PROJECT}} --environment main -C "drush user:password {{.USERNAME}} '{{.PASSWORD}}'"
+        - task: mail:sent
+          vars:
+            SUBJECT: "Nulstilling af bibliotekssite password"
+            RECIPIENT: "{{.EMAIL}}"
+            PASSWORD: "{{.PASSWORD}}"
+            CONTENT: |
+              Hej,
+              Du har bedt om at få nulstillet dit password til jeres bibliotekssite.
+              Dit nye password er: {{.PASSWORD}}
+              Vi anbefaler at du ændrer passwordet til noget du selv kan huske.
+
+              Med venlig hilsen
+              Det Digitale Folkebibliotek
+
     mail:sent:
       desc: Sends an email from DoNotReply@folkebibliotekernescms.dk
       deps: [cluster:auth]

From 1e2d3c953c407dd55f39471969e23673c30cdf4d Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 29 May 2024 20:29:32 +0200
Subject: [PATCH 101/341] fix post rebase

---
 infrastructure/Taskfile.yml | 85 ++-----------------------------------
 1 file changed, 4 insertions(+), 81 deletions(-)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index 47f81394..5f74d645 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -1160,67 +1160,6 @@ tasks:
             PASSWORD: "{{.PASSWORD}}"
             PROJECT: "{{.PROJECT}}"
 
-    mail:send:
-      desc: Sends an email from DoNotReply@folkebibliotekernescms.dk
-      deps: [cluster:auth]
-      vars:
-        RECIPIENT: "{{.RECIPIENT}}"
-        SUBJECT: "{{.SUBJECT}}"
-        CONTENT: |
-            CONTENT: |
-                Kære {{.CONTACTNAME}}
-
-                Læs venligst hele mailen før du går i gang. Den indeholder 3 afsnit:
-
-                1. Instruktion om opsætning af brugere
-                2. Loginoplysninger
-                3. En note om certifikatfejl der kan opleves i starten
-
-
-
-                Instruktion om opsætning af brugere:
-
-                Du får hermed adgang til jeres nyt bibliotekssite. Bemærk at medsendte bruger er ens for begge jer, der er kontaktpersoner. Så den første af jer der går ind på sitet skal skifte kodeord og oprette den anden som bruger. Det er vigtigt, at I vælger egne kodeord, så det kun er jer selv der kender det.
-
-                Den brugerkonto der følger med denne mail er af typen Admin, og dermed den brugertype der har flest rettigheder i løsningen (se manualen for beskrivelse af de forskellige brugertyper). Overvej grundigt hvilke brugertyper I giver andre brugere. Af sikkerhedshensyn er det bedre at starte med færre rettigheder for den enkelte, og så "opgradere" dem hvis det bliver nødvendigt.
-
-                Så helt kort:
-
-                - Nulstil kodeord så snart du er logget ind, så det kun er dig der kender det
-
-                - Brug admin-brugeren til at oprette andre brugere, men begræns deres muligheder
-
-                Du kan se mere omkring dette i manualen her:
-                https://www.folkebibliotekernescms.dk/main/startopsaetning/systembrugere/
-
-
-
-                Loginoplysninger:
-
-                Brugernavn: {{.USERNAME}}
-                Password: {{.PASSWORD}}
-
-                Disse login-oplysninger kan bruges på følgende web-addresse: https://varnish.main.{{.PROJECT}}.dplplat01.dpl.reload.dk
-
-
-
-                En note om certifikatfejl der kan opleves i starten:
-
-                Vi har desværre nogle fejl med certifikater til test-siderne. Det betyder at I kan opleve fejl i jeres browsere når I forsøger at tilgå jeres nye site.
-
-                Hvis I oplever denne fejl kan I i stedet tilgå en web-addresse der starter med "http", i jeres tilfælde http://varnish.main.{{.PROJECT}}.dplplat01.dpl.reload.dk
-
-                Her kan I logge ind og bruge redigeringsmodulerne. Desværre vil login gennem DBC ikke fungere fra denne version af siden.
-
-                Vi arbejder på hurtigst muligt at få sat fungerende certifikater op til alle siderne, og beklager de problemer det måtte skabe for jer!
-
-
-
-                Vi håber I kommer godt igang med vores nye løsning.
-
-                Med venlig hilsen
-                Det Digitale Folkebibliotek
-
 
     site:local-admin:password:create-and-notify:
       desc: Sets the password for the admin of the selected site
@@ -1235,7 +1174,7 @@ tasks:
       cmds:
         - lagoon ssh --project {{.PROJECT}} --environment main -C "drush user:create '{{.USERNAME}}' --mail='{{.MAIL}}' --password='{{.PASSWORD}}'"
         - lagoon ssh --project {{.PROJECT}} --environment main -C "drush user:role:add 'local_administrator' '{{.USERNAME}}'"
-        - task: mail:sent
+        - task: mail:send
           vars:
             SUBJECT: "Logininformation til jeres nye bibliotekssite"
             RECIPIENT: "{{.MAIL}}"
@@ -1245,11 +1184,10 @@ tasks:
             CONTENT: |
                 Kære {{.CONTACTNAME}}
 
-                Læs venligst hele mailen før du går i gang. Den indeholder 3 afsnit:
+                Læs venligst hele mailen før du går i gang. Den indeholder 2 afsnit:
 
                 1. Instruktion om opsætning af brugere
                 2. Loginoplysninger
-                3. En note om certifikatfejl der kan opleves i starten
 
 
 
@@ -1278,25 +1216,11 @@ tasks:
                 Disse login-oplysninger kan bruges på følgende web-addresse: https://varnish.main.{{.PROJECT}}.dplplat01.dpl.reload.dk
 
 
-
-                En note om certifikatfejl der kan opleves i starten:
-
-                Vi har desværre nogle fejl med certifikater til test-siderne. Det betyder at I kan opleve fejl i jeres browsere når I forsøger at tilgå jeres nye site.
-
-                Hvis I oplever denne fejl kan I i stedet tilgå en web-addresse der starter med "http", i jeres tilfælde http://varnish.main.{{.PROJECT}}.dplplat01.dpl.reload.dk
-
-                Her kan I logge ind og bruge redigeringsmodulerne. Desværre vil login gennem DBC ikke fungere fra denne version af siden.
-
-                Vi arbejder på hurtigst muligt at få sat fungerende certifikater op til alle siderne, og beklager de problemer det måtte skabe for jer!
-
-
-
                 Vi håber I kommer godt igang med vores nye løsning.
 
                 Med venlig hilsen
                 Det Digitale Folkebibliotek
 
-
     site:local-admin:password:reset:
       desc: Resets the password for the local admin of a site
       deps: [cluster:auth, lagoon:cli:config]
@@ -1319,17 +1243,16 @@ tasks:
               Du har bedt om at få nulstillet dit password til jeres bibliotekssite.
               Dit nye password er: {{.PASSWORD}}
               Vi anbefaler at du ændrer passwordet til noget du selv kan huske.
-
               Med venlig hilsen
               Det Digitale Folkebibliotek
 
-    mail:sent:
+    mail:send:
       desc: Sends an email from DoNotReply@folkebibliotekernescms.dk
       deps: [cluster:auth]
       vars:
         RECIPIENT: "{{.RECIPIENT}}"
         SUBJECT: "{{.SUBJECT}}"
-        CONTENT: '{{.CONTENT}}'
+        CONTENT: "{{.CONTENT}}"
         CONNECTION_STRING:
           sh: az communication list-key
               --name communication-servicesa5e3

From 28ca10538df408c71f9f2925c90136a5e71c7c3c Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 29 May 2024 20:49:22 +0200
Subject: [PATCH 102/341] one more fix post rebase

---
 infrastructure/Taskfile.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index 5f74d645..f226ca0b 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -1233,16 +1233,18 @@ tasks:
           sh: $RANDOM  | md5sum | head -c 20
       cmds:
         - lagoon ssh --project {{.PROJECT}} --environment main -C "drush user:password {{.USERNAME}} '{{.PASSWORD}}'"
-        - task: mail:sent
+        - task: mail:send
           vars:
             SUBJECT: "Nulstilling af bibliotekssite password"
             RECIPIENT: "{{.EMAIL}}"
             PASSWORD: "{{.PASSWORD}}"
             CONTENT: |
               Hej,
+
               Du har bedt om at få nulstillet dit password til jeres bibliotekssite.
               Dit nye password er: {{.PASSWORD}}
               Vi anbefaler at du ændrer passwordet til noget du selv kan huske.
+
               Med venlig hilsen
               Det Digitale Folkebibliotek
 

From 7c19bd31ca02b94314260431f6cb3e273f1cae83 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Thu, 30 May 2024 08:48:55 +0200
Subject: [PATCH 103/341] Typo fix: "secondary-domain{->s}" meant
 struerbibliotek.dk was not created

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 485536b0..8659d0eb 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -468,7 +468,7 @@ sites:
     description: "The library site for Struer"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAcZDg9Veyvl3u/TGG0lIw6Z8osrEZwd4HhcXvbABAsH"
     primary-domain: "www.struerbibliotek.dk"
-    secondary-domain:
+    secondary-domains:
       - "struerbibliotek.dk"
     autogenerateRoutes: true
     <<: *default-release-image-source

From 992d7543c174b05f4ee2281628df6b8928763e89 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Tue, 4 Jun 2024 16:40:58 +0200
Subject: [PATCH 104/341] Deploy release 2024.23.0 to canary

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 8659d0eb..e54d2c50 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -12,7 +12,7 @@ sites:
     description: "A site to test new releases on"
     releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
     releaseImageName: dpl-cms-source
-    dpl-cms-release: "2024.22.1"
+    dpl-cms-release: "2024.23.0"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIhuA0K7CNvRoe+Xx7RaXG4+a8KcSpzuWn+G4sUPzNWx"
   cms-school:
     name: "CMS-skole"

From 9892ebffc05d2c8e9596bec23d0505496ed10791 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Tue, 4 Jun 2024 17:10:39 +0200
Subject: [PATCH 105/341] Also deploy 2024.23.0 to cms-school

Deployments to Canary are currently failing so let's try on CMS school
instead.
---
 infrastructure/environments/dplplat01/sites.yaml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index e54d2c50..494e747c 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -3,6 +3,10 @@ x-defaults: &default-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
   dpl-cms-release: "2024.22.1"
+x-next: &next-release-image-source
+  releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
+  releaseImageName: dpl-cms-source
+  dpl-cms-release: "2024.23.0"
 sites:
   # Site objects are indexed by a unique key that must be a valid lagoon, and
   # github project name. That is, alphanumeric and dashes.
@@ -19,7 +23,7 @@ sites:
     description: "Et site til undervisning i CMSet"
     importTranslationsCron: "0 * * * *"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6SzfPFf/XeLeqI342kxuJAlATpDMtgAfqlrLTTbW2m"
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   customizable-canary:
     name: "Customizable bibliotek - eksempel"
     description: "Eksempel på bibliotek der kører på 'webmaster' plan, og derfor har et modultest-miljø"

From 1b89df10b57a45c0918993e09451a098e2283bf9 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Mon, 3 Jun 2024 15:33:02 +0200
Subject: [PATCH 106/341] add task that gives a user 'administrator' rights and
 removes the 'local_administrator' role

---
 infrastructure/Taskfile.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index f226ca0b..59ecbb52 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -1286,3 +1286,14 @@ tasks:
             PROJECT: "{{.ITEM}}"
             PASSWORD:
               sh: $RANDOM  | md5sum | head -c 20
+
+    site:local-admin:admin:
+      desc: Switches the local admin user to an admin user
+      deps: [cluster:auth, lagoon:cli:config]
+      dir: "{{.dir_env}}"
+      vars:
+        PROJECT: "{{.PROJECT}}"
+        ENVIRONMENT: "{{.ENVIRONMENT}}"
+        USERNAME: "{{.USERNAME}}"
+      cmds:
+        - lagoon ssh --project {{.PROJECT}} --environment {{.ENVIRONMENT}} -C "drush user:role:add 'administrator' '{{.USERNAME}}'; drush user:role:remove 'local_administrator' '{{.USERNAME}}'"

From 04b790e0f413030a9d7addd44e5e333edc1ad66c Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 4 Jun 2024 12:31:01 +0200
Subject: [PATCH 107/341] get a list of admins to loop over

---
 infrastructure/Taskfile.yml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index 59ecbb52..c976f502 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -1294,6 +1294,12 @@ tasks:
       vars:
         PROJECT: "{{.PROJECT}}"
         ENVIRONMENT: "{{.ENVIRONMENT}}"
-        USERNAME: "{{.USERNAME}}"
+        ADMINS:
+          sh: lagoon ssh -p canary -e main -C "drush sqlq 'SELECT GROUP_CONCAT(entity_id) FROM user__roles WHERE roles_target_id=\"administrator\"'" | sed 's/,/\n/g'
+      cmds:
+        - for: { var: ADMINS, as: ITEM }
+          task: site:local-admin:admin:execute
+          vars:
+            ADMINID: "{{.ITEM}}"
       cmds:
         - lagoon ssh --project {{.PROJECT}} --environment {{.ENVIRONMENT}} -C "drush user:role:add 'administrator' '{{.USERNAME}}'; drush user:role:remove 'local_administrator' '{{.USERNAME}}'"

From d17b11c2226a1a01c47e3f1d02dbe5420c411c31 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 4 Jun 2024 12:31:33 +0200
Subject: [PATCH 108/341] actually change the roles of the admins coming in

---
 infrastructure/Taskfile.yml | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index c976f502..f7a429c0 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -1301,5 +1301,15 @@ tasks:
           task: site:local-admin:admin:execute
           vars:
             ADMINID: "{{.ITEM}}"
+
+    site:local-admin:admin:execute:
+      desc: Switches the local admin user to an admin user
+      dir: "{{.dir_env}}"
+      vars:
+        PROJECT: "{{.PROJECT}}"
+        ENVIRONMENT: "{{.ENVIRONMENT}}"
+        ADMIN:
+          sh: lagoon ssh -p canary -e main -C "drush uinf --field='name' --uid={{.ADMINID}}"
       cmds:
-        - lagoon ssh --project {{.PROJECT}} --environment {{.ENVIRONMENT}} -C "drush user:role:add 'administrator' '{{.USERNAME}}'; drush user:role:remove 'local_administrator' '{{.USERNAME}}'"
+        - echo {{.ADMINID}}
+        - lagoon ssh --project {{.PROJECT}} --environment {{.ENVIRONMENT}} -C "drush user:role:add 'administrator' '{{.ADMIN}}'"

From 64c7fed3d1c4740003fb1a3ade0d456ab0689683 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 4 Jun 2024 14:49:09 +0200
Subject: [PATCH 109/341] we want the users who are local_administrators

---
 infrastructure/Taskfile.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index f7a429c0..9a2a1711 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -1295,7 +1295,7 @@ tasks:
         PROJECT: "{{.PROJECT}}"
         ENVIRONMENT: "{{.ENVIRONMENT}}"
         ADMINS:
-          sh: lagoon ssh -p canary -e main -C "drush sqlq 'SELECT GROUP_CONCAT(entity_id) FROM user__roles WHERE roles_target_id=\"administrator\"'" | sed 's/,/\n/g'
+          sh: lagoon ssh -p canary -e main -C "drush sqlq 'SELECT GROUP_CONCAT(entity_id) FROM user__roles WHERE roles_target_id=\"local_administrator\"'" | sed 's/,/\n/g'
       cmds:
         - for: { var: ADMINS, as: ITEM }
           task: site:local-admin:admin:execute

From 972c776e53760173309a09043480d620d1f245f9 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 5 Jun 2024 09:15:43 +0200
Subject: [PATCH 110/341] remove the local_admin role after having assigned the
 administrator role

---
 infrastructure/Taskfile.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index 9a2a1711..06623d09 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -1313,3 +1313,4 @@ tasks:
       cmds:
         - echo {{.ADMINID}}
         - lagoon ssh --project {{.PROJECT}} --environment {{.ENVIRONMENT}} -C "drush user:role:add 'administrator' '{{.ADMIN}}'"
+        - lagoon ssh --project {{.PROJECT}} --environment {{.ENVIRONMENT}} -C "drush user:role:remove 'local_administrator' '{{.ADMIN}}'"

From c0f58758ca8ffaa240ddba37762f0c27e01fa24b Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 5 Jun 2024 09:20:03 +0200
Subject: [PATCH 111/341] wrap in quotes and remove echo

---
 infrastructure/Taskfile.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index 06623d09..3d28f05d 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -1309,8 +1309,7 @@ tasks:
         PROJECT: "{{.PROJECT}}"
         ENVIRONMENT: "{{.ENVIRONMENT}}"
         ADMIN:
-          sh: lagoon ssh -p canary -e main -C "drush uinf --field='name' --uid={{.ADMINID}}"
+          sh: lagoon ssh -p canary -e main -C "drush uinf --field='name' --uid='{{.ADMINID}}'"
       cmds:
-        - echo {{.ADMINID}}
         - lagoon ssh --project {{.PROJECT}} --environment {{.ENVIRONMENT}} -C "drush user:role:add 'administrator' '{{.ADMIN}}'"
         - lagoon ssh --project {{.PROJECT}} --environment {{.ENVIRONMENT}} -C "drush user:role:remove 'local_administrator' '{{.ADMIN}}'"

From 9a7474eed30e3b46939200bf6af6122b45c9288a Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 4 Jun 2024 13:14:37 +0200
Subject: [PATCH 112/341] set 5 libs on the webmaster plan

---
 infrastructure/environments/dplplat01/sites.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 494e747c..026b4d0d 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -45,11 +45,13 @@ sites:
       - aalborgbibliotekerne.dk
       - nginx.main.aalborg.dplplat01.dpl.reload.dk
       - varnish.main.aalborg.dplplat01.dpl.reload.dk
+    plan: webmaster
     <<: *default-release-image-source
   aarhus:
     name: "Aarhus Kommunes Biblioteker"
     description: "The library site for Aarhus"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFL+uMeEfsaHEzbNxOmBB8dX32OLo63CTomG8VZvuiN2"
+    plan: webmaster
     <<: *default-release-image-source
   aero:
     name: "Ærø Folkebibliotek"
@@ -136,6 +138,7 @@ sites:
     secondary-domains:
       - "faxebibliotek.dk"
     autogenerateRoutes: true
+    plan: webmaster
     <<: *default-release-image-source
   fredensborg:
     name: "Fredensborg Bibliotekerne"
@@ -231,6 +234,7 @@ sites:
     name: "Herning Bibliotekerne"
     description: "The main library site for Herning"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA4LZWJFrRQQD65WohscqcmX0uqx7/zXFsK/o2tVY/9B"
+    plan: webmaster
     <<: *default-release-image-source
   hillerod:
     name: "Hillerød Bibliotekerne"
@@ -305,6 +309,7 @@ sites:
     #   - www.bibliotek.kk.dk
     #   - nginx.main.kobenhavn.dplplat01.dpl.reload.dk
     #   - varnish.main.kobenhavn.dplplat01.dpl.reload.dk
+    plan: webmaster
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHaTkDvjLW/b2qVj8FIvtX9x3TxFFZTENn+w2CFELeoC"
     <<: *default-release-image-source
   koge:
@@ -495,6 +500,7 @@ sites:
     name: "Tårnby Kommunebiblioteker"
     description: "The library site for Tårnby"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF0F5bqQwdmAdMcDHVT8xxK0tOEGZYp21WIZ1zydr28O"
+    plan: webmaster
     <<: *default-release-image-source
   thisted:
     name: "Biblioteket i Thy"

From 6d5a4ef7633061ab64601d68e3098439d66ae550 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 4 Jun 2024 13:15:08 +0200
Subject: [PATCH 113/341] add canary to the webmaster plan

---
 infrastructure/environments/dplplat01/sites.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 026b4d0d..a48f8047 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -17,6 +17,7 @@ sites:
     releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
     releaseImageName: dpl-cms-source
     dpl-cms-release: "2024.23.0"
+    plan: webmaster
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIhuA0K7CNvRoe+Xx7RaXG4+a8KcSpzuWn+G4sUPzNWx"
   cms-school:
     name: "CMS-skole"

From f494e7b7f49f417535dbcc13e40f10f39369ad5b Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 4 Jun 2024 13:21:24 +0200
Subject: [PATCH 114/341] comment out so canary be tested first

---
 infrastructure/environments/dplplat01/sites.yaml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index a48f8047..95f88bf2 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -46,13 +46,13 @@ sites:
       - aalborgbibliotekerne.dk
       - nginx.main.aalborg.dplplat01.dpl.reload.dk
       - varnish.main.aalborg.dplplat01.dpl.reload.dk
-    plan: webmaster
+    # plan: webmaster
     <<: *default-release-image-source
   aarhus:
     name: "Aarhus Kommunes Biblioteker"
     description: "The library site for Aarhus"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFL+uMeEfsaHEzbNxOmBB8dX32OLo63CTomG8VZvuiN2"
-    plan: webmaster
+    # plan: webmaster
     <<: *default-release-image-source
   aero:
     name: "Ærø Folkebibliotek"
@@ -139,7 +139,7 @@ sites:
     secondary-domains:
       - "faxebibliotek.dk"
     autogenerateRoutes: true
-    plan: webmaster
+    # plan: webmaster
     <<: *default-release-image-source
   fredensborg:
     name: "Fredensborg Bibliotekerne"
@@ -235,7 +235,7 @@ sites:
     name: "Herning Bibliotekerne"
     description: "The main library site for Herning"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA4LZWJFrRQQD65WohscqcmX0uqx7/zXFsK/o2tVY/9B"
-    plan: webmaster
+    # plan: webmaster
     <<: *default-release-image-source
   hillerod:
     name: "Hillerød Bibliotekerne"
@@ -310,7 +310,7 @@ sites:
     #   - www.bibliotek.kk.dk
     #   - nginx.main.kobenhavn.dplplat01.dpl.reload.dk
     #   - varnish.main.kobenhavn.dplplat01.dpl.reload.dk
-    plan: webmaster
+    # plan: webmaster
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHaTkDvjLW/b2qVj8FIvtX9x3TxFFZTENn+w2CFELeoC"
     <<: *default-release-image-source
   koge:
@@ -501,7 +501,7 @@ sites:
     name: "Tårnby Kommunebiblioteker"
     description: "The library site for Tårnby"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF0F5bqQwdmAdMcDHVT8xxK0tOEGZYp21WIZ1zydr28O"
-    plan: webmaster
+    # plan: webmaster
     <<: *default-release-image-source
   thisted:
     name: "Biblioteket i Thy"

From 40242a21687806a376f879a368e3b0487fa3d03f Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 4 Jun 2024 14:54:00 +0200
Subject: [PATCH 115/341] uncomment plan property for sites that should go live
 on webmaster plan tomorrow

---
 infrastructure/environments/dplplat01/sites.yaml | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 95f88bf2..8dacf6b9 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -46,13 +46,13 @@ sites:
       - aalborgbibliotekerne.dk
       - nginx.main.aalborg.dplplat01.dpl.reload.dk
       - varnish.main.aalborg.dplplat01.dpl.reload.dk
-    # plan: webmaster
+    plan: webmaster
     <<: *default-release-image-source
   aarhus:
     name: "Aarhus Kommunes Biblioteker"
     description: "The library site for Aarhus"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFL+uMeEfsaHEzbNxOmBB8dX32OLo63CTomG8VZvuiN2"
-    # plan: webmaster
+    plan: webmaster
     <<: *default-release-image-source
   aero:
     name: "Ærø Folkebibliotek"
@@ -139,7 +139,7 @@ sites:
     secondary-domains:
       - "faxebibliotek.dk"
     autogenerateRoutes: true
-    # plan: webmaster
+    plan: webmaster
     <<: *default-release-image-source
   fredensborg:
     name: "Fredensborg Bibliotekerne"
@@ -235,7 +235,7 @@ sites:
     name: "Herning Bibliotekerne"
     description: "The main library site for Herning"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA4LZWJFrRQQD65WohscqcmX0uqx7/zXFsK/o2tVY/9B"
-    # plan: webmaster
+    plan: webmaster
     <<: *default-release-image-source
   hillerod:
     name: "Hillerød Bibliotekerne"
@@ -312,6 +312,7 @@ sites:
     #   - varnish.main.kobenhavn.dplplat01.dpl.reload.dk
     # plan: webmaster
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHaTkDvjLW/b2qVj8FIvtX9x3TxFFZTENn+w2CFELeoC"
+    plan: webmaster
     <<: *default-release-image-source
   koge:
     name: "KøgeBibliotekerne"
@@ -501,7 +502,7 @@ sites:
     name: "Tårnby Kommunebiblioteker"
     description: "The library site for Tårnby"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF0F5bqQwdmAdMcDHVT8xxK0tOEGZYp21WIZ1zydr28O"
-    # plan: webmaster
+    plan: webmaster
     <<: *default-release-image-source
   thisted:
     name: "Biblioteket i Thy"

From f8585d003dbbca9c49877f66de45df30512d0b7c Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Fri, 31 May 2024 10:50:38 +0200
Subject: [PATCH 116/341] set routes

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 8dacf6b9..d57b9b94 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -235,6 +235,10 @@ sites:
     name: "Herning Bibliotekerne"
     description: "The main library site for Herning"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA4LZWJFrRQQD65WohscqcmX0uqx7/zXFsK/o2tVY/9B"
+    primary-domain: www.herningbib.dk
+    secondary-domains:
+      - herningbib.dk
+    autoGenerateRoutes: true
     plan: webmaster
     <<: *default-release-image-source
   hillerod:

From 741043e65d17c45a8145570a846da811a8394938 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Thu, 6 Jun 2024 08:28:46 +0200
Subject: [PATCH 117/341] release 2024.23.0 out to every lib

---
 infrastructure/environments/dplplat01/sites.yaml | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index d57b9b94..fbb41162 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -1,9 +1,5 @@
 # Configure the source we default to when looking for release images.
 x-defaults: &default-release-image-source
-  releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
-  releaseImageName: dpl-cms-source
-  dpl-cms-release: "2024.22.1"
-x-next: &next-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
   dpl-cms-release: "2024.23.0"
@@ -24,7 +20,7 @@ sites:
     description: "Et site til undervisning i CMSet"
     importTranslationsCron: "0 * * * *"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6SzfPFf/XeLeqI342kxuJAlATpDMtgAfqlrLTTbW2m"
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   customizable-canary:
     name: "Customizable bibliotek - eksempel"
     description: "Eksempel på bibliotek der kører på 'webmaster' plan, og derfor har et modultest-miljø"

From 521f0f37c21cb88399a294b82fc7679b160fbbae Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Thu, 6 Jun 2024 11:49:47 +0200
Subject: [PATCH 118/341] =?UTF-8?q?add=20domains=20for=20sams=C3=B8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index fbb41162..7963e735 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -438,6 +438,10 @@ sites:
     name: "Samsø Bibliotek"
     description: "The library site for Samsø"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFZcxFuzVNn72t0dnDsnEX60NZ0OJ5ce4HxgI1PtIKFp"
+    primary-domain: "bibliotek.samsoe.dk"
+    secondary-domains:
+      - "www.bibliotek.samsoe.dk"
+    autogenerateRoutes: true
     <<: *default-release-image-source
   silkeborg:
     name: "Silkeborg Bibliotekerne"

From 44bd81819dee680b942f69ad7846a7231618bf31 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Thu, 6 Jun 2024 11:53:54 +0200
Subject: [PATCH 119/341] up the number of current challenges certmanager will
 handle

---
 .../configuration/cert-manager/cert-manager-values.yaml         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/configuration/cert-manager/cert-manager-values.yaml b/infrastructure/environments/dplplat01/configuration/cert-manager/cert-manager-values.yaml
index b7d5dec8..a3ed2351 100644
--- a/infrastructure/environments/dplplat01/configuration/cert-manager/cert-manager-values.yaml
+++ b/infrastructure/environments/dplplat01/configuration/cert-manager/cert-manager-values.yaml
@@ -6,4 +6,4 @@ ingressShim:
   defaultIssuerName: zerossl-production
   defaultIssuerKind: ClusterIssuer
   defaultIssuerGroup: cert-manager.io
-maxConcurrentChallenges: 10
+maxConcurrentChallenges: 50

From 9dab798afd2206ae6142985fa09af521acba350a Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Fri, 7 Jun 2024 09:49:12 +0200
Subject: [PATCH 120/341] ensure that the .lagoon.yaml file on moduletest
 matches the one one main

---
 infrastructure/dpladm/bin/dpladm-shared.source | 2 +-
 infrastructure/dpladm/bin/sync-site.sh         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/infrastructure/dpladm/bin/dpladm-shared.source b/infrastructure/dpladm/bin/dpladm-shared.source
index 5729b0b1..69c2c8f5 100755
--- a/infrastructure/dpladm/bin/dpladm-shared.source
+++ b/infrastructure/dpladm/bin/dpladm-shared.source
@@ -97,8 +97,8 @@ EndOfMessage
   fi
 
   # Only render secondary domains if we have a primary domain.
+  SECONDARY_DOMAINS=""
   if [[ -n "${primaryDomain}" && -n "${secondaryDomainsString}" ]]; then
-    SECONDARY_DOMAINS=""
     IFS=' '
     for secondaryDomain in ${secondaryDomainsString}; do
       SECONDARY_DOMAINS+=$(cat << EndOfMessage
diff --git a/infrastructure/dpladm/bin/sync-site.sh b/infrastructure/dpladm/bin/sync-site.sh
index 3caa4c3b..1f74e3e0 100755
--- a/infrastructure/dpladm/bin/sync-site.sh
+++ b/infrastructure/dpladm/bin/sync-site.sh
@@ -150,5 +150,5 @@ set -o errexit
 syncEnvRepo "${SITE}" "${releaseTag}" "${BRANCH}" "${siteImageRepository}" "${siteReleaseImageName}" "${importTranslationsCron}" "${autogenerateRoutes}" "${primaryDomain}" "${secondaryDomains}"
 
 if [ "${plan}" = "webmaster" ] && [ "${BRANCH}" = "main" ]; then
-    syncEnvRepo "${SITE}" "${releaseTag}" "moduletest" "${siteImageRepository}" "${siteReleaseImageName}" "${importTranslationsCron}"
+    syncEnvRepo "${SITE}" "${releaseTag}" "moduletest" "${siteImageRepository}" "${siteReleaseImageName}" "${importTranslationsCron}" "${autogenerateRoutes}" "${primaryDomain}" "${secondaryDomains}"
 fi

From 4fbd3d3b322772c8397a0ee2da63e99375cb20e3 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Fri, 31 May 2024 10:58:12 +0200
Subject: [PATCH 121/341] set routes

---
 infrastructure/environments/dplplat01/sites.yaml | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 7963e735..c92c9c13 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -305,14 +305,13 @@ sites:
   kobenhavn:
     name: "Københavns Biblioteker"
     description: "The main library site for København"
-    # primary-domain: bibliotek.kk.dk
-    # secondary-domains:
-    #   - www.bibliotek.kk.dk
-    #   - nginx.main.kobenhavn.dplplat01.dpl.reload.dk
-    #   - varnish.main.kobenhavn.dplplat01.dpl.reload.dk
-    # plan: webmaster
-    deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHaTkDvjLW/b2qVj8FIvtX9x3TxFFZTENn+w2CFELeoC"
+    primary-domain: bibliotek.kk.dk
+    secondary-domains:
+      - www.bibliotek.kk.dk
+      - nginx.main.kobenhavn.dplplat01.dpl.reload.dk
+      - varnish.main.kobenhavn.dplplat01.dpl.reload.dk
     plan: webmaster
+    deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHaTkDvjLW/b2qVj8FIvtX9x3TxFFZTENn+w2CFELeoC"
     <<: *default-release-image-source
   koge:
     name: "KøgeBibliotekerne"

From 19f6de86fb1f845e0ca9d32a4dd56ee26476bcfe Mon Sep 17 00:00:00 2001
From: Mikkel Jakobsen <jakobsen.mikkel@gmail.com>
Date: Tue, 11 Jun 2024 14:38:53 +0200
Subject: [PATCH 122/341] Deploying version 2024-24-0 to canary site

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index c92c9c13..72476744 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -12,7 +12,7 @@ sites:
     description: "A site to test new releases on"
     releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
     releaseImageName: dpl-cms-source
-    dpl-cms-release: "2024.23.0"
+    dpl-cms-release: "2024.24.0"
     plan: webmaster
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIhuA0K7CNvRoe+Xx7RaXG4+a8KcSpzuWn+G4sUPzNWx"
   cms-school:

From 20f2d24012be0bd82b6a954689b2b8ae272e3fd4 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 11 Jun 2024 12:49:57 +0200
Subject: [PATCH 123/341] up the minimum number of nodes

---
 infrastructure/environments/dplplat01/infrastructure/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/infrastructure/main.tf b/infrastructure/environments/dplplat01/infrastructure/main.tf
index 5a39f020..58621474 100644
--- a/infrastructure/environments/dplplat01/infrastructure/main.tf
+++ b/infrastructure/environments/dplplat01/infrastructure/main.tf
@@ -8,7 +8,7 @@ module "environment" {
   lagoon_domain_base = "dplplat01.dpl.reload.dk"
   random_seed        = "LahYegheePhohGeew9Fa"
   node_pools = {
-    "app3" : { min : 7, max : 15, vm: "Standard_B8ms", max_pods : 85 },
+    "app3" : { min : 9, max : 15, vm: "Standard_B8ms", max_pods : 85 },
     "admin3" : { min : 1, max : 1, vm : "Standard_B8ms", role : "admin", max_pods : 85 },
   }
   node_pool_system_count = 2

From 93309e22f55d74607579d720f80a9732a007e6fd Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 11 Jun 2024 21:26:11 +0200
Subject: [PATCH 124/341] make a webmaster for cms school

---
 infrastructure/environments/dplplat01/sites.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 72476744..0b188c0b 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -20,6 +20,7 @@ sites:
     description: "Et site til undervisning i CMSet"
     importTranslationsCron: "0 * * * *"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6SzfPFf/XeLeqI342kxuJAlATpDMtgAfqlrLTTbW2m"
+    plan: webmaster
     <<: *default-release-image-source
   customizable-canary:
     name: "Customizable bibliotek - eksempel"

From 636f4f1eb1ec3c0ab805fa3cef4575af8ccde59a Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Fri, 31 May 2024 11:11:54 +0200
Subject: [PATCH 125/341] set routes

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 0b188c0b..1612b7f6 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -102,6 +102,10 @@ sites:
     name: "Brønderslev Bibliotek"
     description: "The library site for Brønderslev"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPocm02vNblShmSFlQqWsIszR/AXsbT5Jmwj8fDwjSwO"
+    primary-domain: www.bronderslevbib.dk
+    secondary-domains:
+      - www.bronderslevbib.dk
+    autoGenerateRoutes: true
     <<: *default-release-image-source
   dragor:
     name: "Dragør Bibliotek"

From 79e33b894ff98685c5d099b5b71f09d048e3cb6a Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Fri, 31 May 2024 11:18:21 +0200
Subject: [PATCH 126/341] forgot to remove the www

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 1612b7f6..b318ed6a 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -104,7 +104,7 @@ sites:
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPocm02vNblShmSFlQqWsIszR/AXsbT5Jmwj8fDwjSwO"
     primary-domain: www.bronderslevbib.dk
     secondary-domains:
-      - www.bronderslevbib.dk
+      - bronderslevbib.dk
     autoGenerateRoutes: true
     <<: *default-release-image-source
   dragor:

From c01aa9910745eb84db367bb7460148d5cfaf2547 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Fri, 31 May 2024 12:11:45 +0200
Subject: [PATCH 127/341] fix typo

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index b318ed6a..9d829b03 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -105,7 +105,7 @@ sites:
     primary-domain: www.bronderslevbib.dk
     secondary-domains:
       - bronderslevbib.dk
-    autoGenerateRoutes: true
+    autogenerateRoutes: true
     <<: *default-release-image-source
   dragor:
     name: "Dragør Bibliotek"

From ea823796e6b531867ebac5a480d1d34ef00fcd0c Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Fri, 31 May 2024 12:31:52 +0200
Subject: [PATCH 128/341] set routes for middelfart

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 9d829b03..b6cf2a06 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -362,6 +362,10 @@ sites:
     name: "Middelfart Bibliotek"
     description: "The library site for Middelfart"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+cnxhliA+siikDk40SlviShSK6MmC3g/3spAVey0ht"
+    primary-domain: www.middelfartbibliotek.dk
+    secondary-domains:
+      - middelfartbibliotek.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   morso:
     name: "Morsø Folkebibliotek"

From 36f30d3048d57af383499ea82c49f0752ee3bbd6 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Fri, 31 May 2024 12:33:41 +0200
Subject: [PATCH 129/341] add routes for nyborg

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index b6cf2a06..5621fcad 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -391,6 +391,10 @@ sites:
     name: "Nyborg Bibliotek"
     description: "The library site for Nyborg"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMpG7Br//TQnc3LRdkXCR80mD0C6vsZg36ZVibTUfdyS"
+    primary-domain: www.nyborgbibliotek.dk
+    secondary-domains:
+      - nyborgbibliotek.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   odder:
     name: "Odder Bibliotek"

From a0c264855ac5092f5c122a0ca33a7b94c5f45c44 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Fri, 31 May 2024 10:32:20 +0200
Subject: [PATCH 130/341] set routes

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 5621fcad..44f13379 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -65,6 +65,10 @@ sites:
     name: "Allerød Biblioteker"
     description: "The library site for Allerød"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOlK4u+5C8Y+euVj0Q+s7ZsNWMeUqSKgVg+845d3XX1s"
+    primary-domain: www.alleroedbibs.dk
+    secondary-domains:
+      - www.bibliotek.alleroed.dk
+    autoGenerateRoutes: true
     <<: *default-release-image-source
   assens:
     name: "AssensBibliotekerne"

From a139cabbbf72e22f3788d03e79c29636de913c9d Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Fri, 31 May 2024 10:40:37 +0200
Subject: [PATCH 131/341] fix wrong domains

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 44f13379..b2d612ce 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -65,9 +65,9 @@ sites:
     name: "Allerød Biblioteker"
     description: "The library site for Allerød"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOlK4u+5C8Y+euVj0Q+s7ZsNWMeUqSKgVg+845d3XX1s"
-    primary-domain: www.alleroedbibs.dk
+    primary-domain: www.bibliotek.alleroed.dk
     secondary-domains:
-      - www.bibliotek.alleroed.dk
+      - bibliotek.alleroed.dk
     autoGenerateRoutes: true
     <<: *default-release-image-source
   assens:

From 3f95bae57ae849b1ba6a529094b203797735253d Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Fri, 31 May 2024 12:10:50 +0200
Subject: [PATCH 132/341] fix typo

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index b2d612ce..2c2ba31e 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -68,7 +68,7 @@ sites:
     primary-domain: www.bibliotek.alleroed.dk
     secondary-domains:
       - bibliotek.alleroed.dk
-    autoGenerateRoutes: true
+    autogenerateRoutes: true
     <<: *default-release-image-source
   assens:
     name: "AssensBibliotekerne"

From caa9188bdc727748d33e591db8d2e271a8bcd023 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 12 Jun 2024 13:10:12 +0200
Subject: [PATCH 133/341] change release to 2024.24.0

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 2c2ba31e..ecc9f989 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -2,7 +2,7 @@
 x-defaults: &default-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
-  dpl-cms-release: "2024.23.0"
+  dpl-cms-release: "2024.24.0"
 sites:
   # Site objects are indexed by a unique key that must be a valid lagoon, and
   # github project name. That is, alphanumeric and dashes.

From 4953c2b5dc06bf7d0000d326349a41b16abf4af2 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 11 Jun 2024 07:34:19 +0200
Subject: [PATCH 134/341] some fixes

---
 infrastructure/Taskfile.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index 3d28f05d..16cd9908 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -1295,7 +1295,7 @@ tasks:
         PROJECT: "{{.PROJECT}}"
         ENVIRONMENT: "{{.ENVIRONMENT}}"
         ADMINS:
-          sh: lagoon ssh -p canary -e main -C "drush sqlq 'SELECT GROUP_CONCAT(entity_id) FROM user__roles WHERE roles_target_id=\"local_administrator\"'" | sed 's/,/\n/g'
+          sh: lagoon ssh -p {{.PROJECT}} -e {{.ENVIRONMENT}} -C "drush sqlq 'SELECT GROUP_CONCAT(entity_id) FROM user__roles WHERE roles_target_id=\"local_administrator\"'" | sed 's/,/\n/g'
       cmds:
         - for: { var: ADMINS, as: ITEM }
           task: site:local-admin:admin:execute
@@ -1309,7 +1309,8 @@ tasks:
         PROJECT: "{{.PROJECT}}"
         ENVIRONMENT: "{{.ENVIRONMENT}}"
         ADMIN:
-          sh: lagoon ssh -p canary -e main -C "drush uinf --field='name' --uid='{{.ADMINID}}'"
+          sh: lagoon ssh -p {{.PROJECT}} -e {{.ENVIRONMENT}} -C "drush uinf --field='name' --uid='{{.ADMINID}}'"
       cmds:
+        - echo {{.ADMINID}}
         - lagoon ssh --project {{.PROJECT}} --environment {{.ENVIRONMENT}} -C "drush user:role:add 'administrator' '{{.ADMIN}}'"
         - lagoon ssh --project {{.PROJECT}} --environment {{.ENVIRONMENT}} -C "drush user:role:remove 'local_administrator' '{{.ADMIN}}'"

From e8229e30ac03c8aadc1ffee65ac67d946d5add90 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 12 Jun 2024 12:55:05 +0200
Subject: [PATCH 135/341] remove echo

---
 infrastructure/Taskfile.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index 16cd9908..d113b0fe 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -1311,6 +1311,5 @@ tasks:
         ADMIN:
           sh: lagoon ssh -p {{.PROJECT}} -e {{.ENVIRONMENT}} -C "drush uinf --field='name' --uid='{{.ADMINID}}'"
       cmds:
-        - echo {{.ADMINID}}
         - lagoon ssh --project {{.PROJECT}} --environment {{.ENVIRONMENT}} -C "drush user:role:add 'administrator' '{{.ADMIN}}'"
         - lagoon ssh --project {{.PROJECT}} --environment {{.ENVIRONMENT}} -C "drush user:role:remove 'local_administrator' '{{.ADMIN}}'"

From 2b1b4dc92ba6977c83207c7ff1c1488faa5a36f0 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Thu, 30 May 2024 09:03:12 +0200
Subject: [PATCH 136/341] Support value `autogenerateRoutes: "redirect"` as
 shorthand for making auto-routes redirect to primary domain

This means significantly less code for us in sites.yaml
---
 infrastructure/dpladm/bin/dpladm-shared.source | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/infrastructure/dpladm/bin/dpladm-shared.source b/infrastructure/dpladm/bin/dpladm-shared.source
index 69c2c8f5..8ab7c7ad 100755
--- a/infrastructure/dpladm/bin/dpladm-shared.source
+++ b/infrastructure/dpladm/bin/dpladm-shared.source
@@ -77,18 +77,31 @@ function renderProfileTemplate {
 
   PRIMARY_DOMAIN=""
 
+  if [[ "${autogenerateRoutes}" == "redirect" ]]; then
+    autogenerateRoutes="false"
+    secondaryDomainsString="${secondaryDomainsString} varnish.main.${siteName}.dplplat01.dpl.reload.dk nginx.main.${siteName}.dplplat01.dpl.reload.dk"
+  fi
+
+  if [[ -z "${autogenerateRoutes}" && -n "${primaryDomain}" ]]; then
+    autogenerateRoutes="false"
+  fi
+
+  if [[ -z "${autogenerateRoutes}" ]]; then
+    autogenerateRoutes="true"
+  fi
+
   # This is a little bit terrible. As we're injecting this into a yaml-
   # document we need to maintain the indentation
   local routesIndent="    "
   local singleRouteIndent="${routesIndent}    "
 
   ENABLE_ROUTES=$(cat << EndOfMessage
-${routesIndent}autogenerateRoutes: ${autogenerateRoutes:-true}
+${routesIndent}autogenerateRoutes: ${autogenerateRoutes}
 EndOfMessage
 )
   if [[ -n "${primaryDomain}" ]]; then
     ENABLE_ROUTES=$(cat << EndOfMessage
-${routesIndent}autogenerateRoutes: ${autogenerateRoutes:-false}
+${routesIndent}autogenerateRoutes: ${autogenerateRoutes}
 ${routesIndent}routes:
 ${routesIndent}  - varnish:
 EndOfMessage

From bf3bd78493080b02a1dd7f710f0174a8b0659483 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Thu, 30 May 2024 09:05:33 +0200
Subject: [PATCH 137/341] Replace explicit setting of auto-routes as secondary
 domains with new autogenerateRoutes: "redirect" param

---
 infrastructure/environments/dplplat01/sites.yaml | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index ecc9f989..9137527a 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -41,8 +41,7 @@ sites:
     primary-domain: www.aalborgbibliotekerne.dk
     secondary-domains:
       - aalborgbibliotekerne.dk
-      - nginx.main.aalborg.dplplat01.dpl.reload.dk
-      - varnish.main.aalborg.dplplat01.dpl.reload.dk
+    autogenerateRoutes: "redirect"
     plan: webmaster
     <<: *default-release-image-source
   aarhus:
@@ -88,8 +87,7 @@ sites:
       - www.billundbib.dk
       - billundbibliotek.dk
       - www.billundbibliotek.dk
-      - nginx.main.billund.dplplat01.dpl.reload.dk
-      - varnish.main.billund.dplplat01.dpl.reload.dk
+    autogenerateRoutes: "redirect"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOsUy+dVkL+KxOYz8zSel7mNkcKrEnqDZPHmsU4sfMv/"
     <<: *default-release-image-source
   bornholm:
@@ -232,8 +230,7 @@ sites:
     primary-domain: www.herlevbibliotek.dk
     secondary-domains:
       - herlevbibliotek.dk
-      - nginx.main.herlev.dplplat01.dpl.reload.dk
-      - varnish.main.herlev.dplplat01.dpl.reload.dk
+    autogenerateRoutes: "redirect"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICsQ7blUGjtlSdPU4AV7PR21o2Eqg5IMKTCFX3PV/2Mf"
     <<: *default-release-image-source
   herning:

From e6ac9c402e38b8c52a08d4090234a605c917aaaa Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Thu, 30 May 2024 09:08:33 +0200
Subject: [PATCH 138/341] Set launched sites to have autogenerateRoutes:
 "redirect" instead of true

This means we have officially closed their test domains
---
 infrastructure/environments/dplplat01/sites.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 9137527a..3fb9092e 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -498,7 +498,7 @@ sites:
     primary-domain: "www.struerbibliotek.dk"
     secondary-domains:
       - "struerbibliotek.dk"
-    autogenerateRoutes: true
+    autogenerateRoutes: "redirect"
     <<: *default-release-image-source
   sydslesvig:
     name: "Dansk Centralbibliotek for Sydslesvig e.V."
@@ -553,7 +553,7 @@ sites:
     primary-domain: "www.vhbib.dk"
     secondary-domains:
       - "vhbib.dk"
-    autogenerateRoutes: true
+    autogenerateRoutes: "redirect"
     <<: *default-release-image-source
   viborg:
     name: "Viborg Bibliotekerne"

From 749e4d6a474832072598da226c67fb73513193f5 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Wed, 29 May 2024 13:09:44 +0200
Subject: [PATCH 139/341] Allow loki backends to scale to 6 instances when load
 happens

The loki backends have no specified resource allocation whcih means the Quality of Service level is [BestEffort](https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/#besteffort), and they use whatever resources are available on a spare node. We could consider increasing the minimum request, but because use of loki is so bursty, I think it may make sense to just scale by adding more instances when we add more load?
---
 .../dplplat01/configuration/loki/loki-values.template.yaml  | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/infrastructure/environments/dplplat01/configuration/loki/loki-values.template.yaml b/infrastructure/environments/dplplat01/configuration/loki/loki-values.template.yaml
index f5af3015..a4c6b2b5 100644
--- a/infrastructure/environments/dplplat01/configuration/loki/loki-values.template.yaml
+++ b/infrastructure/environments/dplplat01/configuration/loki/loki-values.template.yaml
@@ -6,6 +6,12 @@ ingress:
 
 # Back the loki instances with storage as a buffer
 backend:
+  autoscaling:
+    enabled: true
+    minReplicas: 3
+    maxReplicas: 6
+    targetCPUUtilizationPercentage: 70
+    targetMemoryUtilizationPercentage: 70
   persistence:
     enabled: true
     accessModes:

From e9e854ac659285af5b308670553bf819fe83c6bf Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 13 Jun 2024 04:06:51 +0000
Subject: [PATCH 140/341] Bump actions/checkout from 4.1.1 to 4.1.7

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.1 to 4.1.7.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4.1.1...v4.1.7)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/dependacheck.yaml        | 2 +-
 .github/workflows/diagrams-render.yaml     | 2 +-
 .github/workflows/dplsh-build-release.yaml | 2 +-
 .github/workflows/markdown-lint.yaml       | 2 +-
 .github/workflows/shellcheck.yaml          | 2 +-
 .github/workflows/terraform-lint.yaml      | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/dependacheck.yaml b/.github/workflows/dependacheck.yaml
index 24e17a94..89fb8b88 100644
--- a/.github/workflows/dependacheck.yaml
+++ b/.github/workflows/dependacheck.yaml
@@ -9,7 +9,7 @@ jobs:
   dependacheck:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4.1.1
+      - uses: actions/checkout@v4.1.7
       - name: Check that images are checked by dependabot
         run: |
           ./tools/dependacheck/dependacheck.sh
diff --git a/.github/workflows/diagrams-render.yaml b/.github/workflows/diagrams-render.yaml
index a67cb7e1..7315e3d5 100644
--- a/.github/workflows/diagrams-render.yaml
+++ b/.github/workflows/diagrams-render.yaml
@@ -17,7 +17,7 @@ jobs:
     name: Render Drawio diagrams
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4.1.1
+      - uses: actions/checkout@v4.1.7
       - name: Install Task
         uses: Arduino/actions/setup-taskfile@master
       - name: Clean render
diff --git a/.github/workflows/dplsh-build-release.yaml b/.github/workflows/dplsh-build-release.yaml
index 6cdfe3f2..bd5f128c 100644
--- a/.github/workflows/dplsh-build-release.yaml
+++ b/.github/workflows/dplsh-build-release.yaml
@@ -35,7 +35,7 @@ jobs:
       image-url: ghcr.io/danskernesdigitalebibliotek/dpl-platform/dplsh
     steps:
       - name: Checkout
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@v4.1.7
       - name: Install Task
         uses: arduino/setup-task@v2
       - name: Log in to the Container registry
diff --git a/.github/workflows/markdown-lint.yaml b/.github/workflows/markdown-lint.yaml
index b4265e22..2fd3e157 100644
--- a/.github/workflows/markdown-lint.yaml
+++ b/.github/workflows/markdown-lint.yaml
@@ -10,7 +10,7 @@ jobs:
     name: Lint Markdown
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4.1.1
+      - uses: actions/checkout@v4.1.7
         # git with HTTP authentication provides an easy way for us to install
         # unreleased commits of NPM projects.
       - name: Reconfigure git to use HTTP authentication
diff --git a/.github/workflows/shellcheck.yaml b/.github/workflows/shellcheck.yaml
index 57aa2ab1..e8325af9 100644
--- a/.github/workflows/shellcheck.yaml
+++ b/.github/workflows/shellcheck.yaml
@@ -13,7 +13,7 @@ jobs:
     name: Shellcheck
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4.1.1
+      - uses: actions/checkout@v4.1.7
       - name: shellcheck
         uses: reviewdog/action-shellcheck@v1
         with:
diff --git a/.github/workflows/terraform-lint.yaml b/.github/workflows/terraform-lint.yaml
index 6b9b45f6..069ce982 100644
--- a/.github/workflows/terraform-lint.yaml
+++ b/.github/workflows/terraform-lint.yaml
@@ -11,7 +11,7 @@ jobs:
   terraform_format:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4.1.1
+      - uses: actions/checkout@v4.1.7
       - uses: hashicorp/setup-terraform@v3.0.0
       - name: Terraform fmt
         id: fmt

From 827845e1e2ea5aea5769fdbdae28a1828613657a Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Thu, 13 Jun 2024 13:06:38 +0200
Subject: [PATCH 141/341] Render version metrics files in env-repo templates

---
 .../dpladm/bin/dpladm-shared.source           | 23 +++++++++++--------
 .../lagoon/conf/nginx/metrics/version.json    |  9 ++++++++
 .../lagoon/conf/nginx/metrics/version.txt     |  1 +
 3 files changed, 24 insertions(+), 9 deletions(-)
 create mode 100644 infrastructure/dpladm/env-repo-template/standard/lagoon/conf/nginx/metrics/version.json
 create mode 100644 infrastructure/dpladm/env-repo-template/standard/lagoon/conf/nginx/metrics/version.txt

diff --git a/infrastructure/dpladm/bin/dpladm-shared.source b/infrastructure/dpladm/bin/dpladm-shared.source
index 69c2c8f5..3096a9e3 100755
--- a/infrastructure/dpladm/bin/dpladm-shared.source
+++ b/infrastructure/dpladm/bin/dpladm-shared.source
@@ -60,20 +60,22 @@ function getCleanWorkspacePath {
 function renderProfileTemplate {
   # Name of the site
   local siteName=$1
+  # Env of the site
+  local siteEnv=$2
   # Which dpl-cms release to use.
-  local releaseTag=$2
+  local releaseTag=$3
   # Image registry to pull the release from
-  local releaseImageRepository=$3
+  local releaseImageRepository=$4
   # Name of the container-image that contains the built release
-  local releaseImageName=$4
+  local releaseImageName=$5
   # Cron schedule for importing translations
-  local importTranslationsCron=$5
+  local importTranslationsCron=$6
   # Flag for whether or not to autogenerate routes
-  local autogenerateRoutes=${6:-}
+  local autogenerateRoutes=${7:-}
   # The primary domain of the site (optional)
-  local primaryDomain=${7:-}
+  local primaryDomain=${8:-}
   # A space-seperated list of secondary domains (optional)
-  local secondaryDomainsString=${8:-}
+  local secondaryDomainsString=${9:-}
 
   PRIMARY_DOMAIN=""
 
@@ -119,6 +121,7 @@ EndOfMessage
   export RELEASE_TAG="${releaseTag}"
   export ENABLE_ROUTES
   export LAGOON_PROJECT_NAME="${siteName}"
+  export LAGOON_ENVIRONMENT="${siteEnv}"
   export LAGOON_IMAGES_RELEASE_TAG
   export PRIMARY_DOMAIN
   export SECONDARY_DOMAINS
@@ -128,7 +131,7 @@ EndOfMessage
   # Tell envsubst which variables to replace. This allows other variables to
   # remain untouched.
   # shellcheck disable=SC2016
-  local variablesToSubst='$RELEASE_IMAGE_REPOSITORY $RELEASE_IMAGE_NAME $RELEASE_TAG $ENABLE_ROUTES $LAGOON_IMAGES_RELEASE_TAG $LAGOON_PROJECT_NAME $PRIMARY_DOMAIN $SECONDARY_DOMAINS $IMPORT_TRANSLATIONS_CRON'
+  local variablesToSubst='$RELEASE_IMAGE_REPOSITORY $RELEASE_IMAGE_NAME $RELEASE_TAG $ENABLE_ROUTES $LAGOON_IMAGES_RELEASE_TAG $LAGOON_PROJECT_NAME $LAGOON_ENVIRONMENT $PRIMARY_DOMAIN $SECONDARY_DOMAINS $IMPORT_TRANSLATIONS_CRON'
 
   # Loop through the files we know to contain variables that needs replacing.
   local templateFiles=(
@@ -136,6 +139,8 @@ EndOfMessage
     "lagoon/cli.dockerfile"
     "lagoon/nginx.dockerfile"
     "lagoon/php.dockerfile"
+    "lagoon/conf/nginx/metrics/version.txt"
+    "lagoon/conf/nginx/metrics/version.json"
     "README.md"
   )
   for templateFile in "${templateFiles[@]}"
@@ -189,7 +194,7 @@ function syncEnvRepo {
 
   # Enter the template and rendered it
   cd "${repoName}"
-  renderProfileTemplate "${siteName}" "${releaseTag}" "${releaseImageRepository}" "${releaseImageName}" "${importTranslationsCron}" "${autogenerateRoutes}" "${primaryDomain}" "${secondaryDomains}"
+  renderProfileTemplate "${siteName}" "${branchName}" "${releaseTag}" "${releaseImageRepository}" "${releaseImageName}" "${importTranslationsCron}" "${autogenerateRoutes}" "${primaryDomain}" "${secondaryDomains}"
 
   # Detect changes
   local changedFiles
diff --git a/infrastructure/dpladm/env-repo-template/standard/lagoon/conf/nginx/metrics/version.json b/infrastructure/dpladm/env-repo-template/standard/lagoon/conf/nginx/metrics/version.json
new file mode 100644
index 00000000..9e03dace
--- /dev/null
+++ b/infrastructure/dpladm/env-repo-template/standard/lagoon/conf/nginx/metrics/version.json
@@ -0,0 +1,9 @@
+{
+    "site": "${LAGOON_PROJECT_NAME}",
+    "env": "${LAGOON_ENVIRONMENT}",
+    "imageVersion": {
+        "repository": "${RELEASE_IMAGE_REPOSITORY}",
+        "image": "${RELEASE_IMAGE_NAME}",
+        "tag": "${RELEASE_TAG}"
+    }
+}
diff --git a/infrastructure/dpladm/env-repo-template/standard/lagoon/conf/nginx/metrics/version.txt b/infrastructure/dpladm/env-repo-template/standard/lagoon/conf/nginx/metrics/version.txt
new file mode 100644
index 00000000..e42772dc
--- /dev/null
+++ b/infrastructure/dpladm/env-repo-template/standard/lagoon/conf/nginx/metrics/version.txt
@@ -0,0 +1 @@
+site_image_version{site="${LAGOON_PROJECT_NAME}" env="${LAGOON_ENVIRONMENT}" repository="${RELEASE_IMAGE_REPOSITORY}" image="${RELEASE_IMAGE_NAME}" tag="${RELEASE_TAG}"}

From 889bba7b9fb297f6c2d81023b39a03f327e694ed Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Thu, 13 Jun 2024 13:09:34 +0200
Subject: [PATCH 142/341] Serve /versions metric as plain/text per default

---
 .../conf/nginx/server_append_drupal_serve_metrics.conf     | 7 +++++++
 .../env-repo-template/standard/lagoon/nginx.dockerfile     | 4 ++++
 2 files changed, 11 insertions(+)
 create mode 100644 infrastructure/dpladm/env-repo-template/standard/lagoon/conf/nginx/server_append_drupal_serve_metrics.conf

diff --git a/infrastructure/dpladm/env-repo-template/standard/lagoon/conf/nginx/server_append_drupal_serve_metrics.conf b/infrastructure/dpladm/env-repo-template/standard/lagoon/conf/nginx/server_append_drupal_serve_metrics.conf
new file mode 100644
index 00000000..0bf27b39
--- /dev/null
+++ b/infrastructure/dpladm/env-repo-template/standard/lagoon/conf/nginx/server_append_drupal_serve_metrics.conf
@@ -0,0 +1,7 @@
+  location /_metrics/ {
+    set $metrics_file_extension ".txt";
+    if ($http_accept ~ "application/json") {
+      set $metrics_file_extension ".json";
+    }
+    try_files $uri$metrics_file_extension $uri @drupal;
+  }
diff --git a/infrastructure/dpladm/env-repo-template/standard/lagoon/nginx.dockerfile b/infrastructure/dpladm/env-repo-template/standard/lagoon/nginx.dockerfile
index 6bc2aa06..63864b6f 100644
--- a/infrastructure/dpladm/env-repo-template/standard/lagoon/nginx.dockerfile
+++ b/infrastructure/dpladm/env-repo-template/standard/lagoon/nginx.dockerfile
@@ -21,5 +21,9 @@ RUN fix-permissions /etc/nginx/conf.d/drupal/server_append_drupal_modules_local.
 COPY lagoon/conf/nginx/server_append_drupal_rewrite_registration.conf /etc/nginx/conf.d/drupal/server_append_drupal_rewrite_registration.conf
 RUN fix-permissions /etc/nginx/conf.d/drupal/server_append_drupal_rewrite_registration.conf
 
+COPY lagoon/conf/nginx/metrics /app/web/_metrics
+COPY lagoon/conf/nginx/server_append_drupal_serve_metrics.conf /etc/nginx/conf.d/drupal/server_append_drupal_serve_metrics.conf
+RUN fix-permissions /etc/nginx/conf.d/drupal/server_append_drupal_serve_metrics.conf
+
 # Define where the Drupal Root is located
 ENV WEBROOT=web

From 33468c63f4f186341c5b9045ea9e7ec95fb8acde Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Thu, 13 Jun 2024 13:10:01 +0200
Subject: [PATCH 143/341] Make nginx output JSON logs consistent with the
 ingress format

---
 .../dpladm/env-repo-template/standard/lagoon/nginx.dockerfile  | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/infrastructure/dpladm/env-repo-template/standard/lagoon/nginx.dockerfile b/infrastructure/dpladm/env-repo-template/standard/lagoon/nginx.dockerfile
index 63864b6f..26c6b9bb 100644
--- a/infrastructure/dpladm/env-repo-template/standard/lagoon/nginx.dockerfile
+++ b/infrastructure/dpladm/env-repo-template/standard/lagoon/nginx.dockerfile
@@ -25,5 +25,8 @@ COPY lagoon/conf/nginx/metrics /app/web/_metrics
 COPY lagoon/conf/nginx/server_append_drupal_serve_metrics.conf /etc/nginx/conf.d/drupal/server_append_drupal_serve_metrics.conf
 RUN fix-permissions /etc/nginx/conf.d/drupal/server_append_drupal_serve_metrics.conf
 
+COPY lagoon/conf/nginx/http_log_format.conf /etc/nginx/conf.d/http_log_format.conf
+RUN fix-permissions /etc/nginx/conf.d/http_log_format.conf
+
 # Define where the Drupal Root is located
 ENV WEBROOT=web

From 9315b9a53b1499a672b36c0c319fd9a53422a088 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Mon, 17 Jun 2024 11:21:24 +0200
Subject: [PATCH 144/341] sent horsholm live

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 3fb9092e..0dcc2d58 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -277,6 +277,10 @@ sites:
     name: "Hørsholm Bibliotek"
     description: "The library site for Hørsholm"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDAyQTTt/8Wnhyz03LUWjVrAuhohatAUuBx3dtmM8wa8"
+    primary-domain: biblioteket.horsholm.dk
+    secondary-domains:
+      - www.biblioteket.horsholm.dk
+    autogenerateRoutes: redirect
     <<: *default-release-image-source
   hvidovre:
     name: "HvidovreBibliotekerne"

From e52c9da3cccb8ca7815134243766c2939b6a6f28 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 18 Jun 2024 04:39:10 +0000
Subject: [PATCH 145/341] Bump docker/build-push-action from 5 to 6

Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 5 to 6.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v5...v6)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/dplsh-build-release.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/dplsh-build-release.yaml b/.github/workflows/dplsh-build-release.yaml
index 6cdfe3f2..2a8969a1 100644
--- a/.github/workflows/dplsh-build-release.yaml
+++ b/.github/workflows/dplsh-build-release.yaml
@@ -66,7 +66,7 @@ jobs:
       # run som tests on the image, while still avoiding to have to rebuild the
       # image when we do the final build.
       - name: Build and export to Docker
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: tools/dplsh
           load: true
@@ -80,7 +80,7 @@ jobs:
         working-directory: tools/dplsh
 
       - name: Build and push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: tools/dplsh
           platforms: linux/amd64,linux/arm64

From ac00421046e0107d05d51f3d80fca344d388f480 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 18 Jun 2024 13:42:28 +0200
Subject: [PATCH 146/341] add fredericia

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 0dcc2d58..bffdbd77 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -153,6 +153,10 @@ sites:
     name: "Fredericia Bibliotek"
     description: "The library site for Fredericia"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA2SgYgOoWn6jbg+U91/PcxmfRIxoSWbTANKP++LKanO"
+    primary-domain: fredericiabib.dk
+    secondary-domains:
+      - www.fredericiabib.dk
+    autogenerateRoutes: redirect
     <<: *default-release-image-source
   frederiksberg:
     name: "Biblioteket Frederiksberg"

From 1ad735aba42ec3f4a15e86d17c8dc617e5aa891b Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 18 Jun 2024 13:42:42 +0200
Subject: [PATCH 147/341] add frederikssund

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index bffdbd77..56b6f396 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -172,6 +172,10 @@ sites:
     name: "Frederikssund Bibliotekerne"
     description: "The library site for Frederikssund"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOSWh56XpMvlK6CMz2bi3RZoUXUWFUVw7eo/cfaxmE/1"
+    primary-domain: www.bibliotekerne.frederikssund.dk
+    secondary-domains:
+      - bibliotekerne.frederikssund.dk
+    autogenerateRoutes: redirect
     <<: *default-release-image-source
   fureso:
     name: "Furesø Bibliotek & Borgerservice"

From 34b66634aa68e81558ce43f7dbdbd2db971c244a Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 18 Jun 2024 13:43:36 +0200
Subject: [PATCH 148/341] misread frederikshavn for frederikssund, and they are
 not on the list for tomorrow

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 56b6f396..bffdbd77 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -172,10 +172,6 @@ sites:
     name: "Frederikssund Bibliotekerne"
     description: "The library site for Frederikssund"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOSWh56XpMvlK6CMz2bi3RZoUXUWFUVw7eo/cfaxmE/1"
-    primary-domain: www.bibliotekerne.frederikssund.dk
-    secondary-domains:
-      - bibliotekerne.frederikssund.dk
-    autogenerateRoutes: redirect
     <<: *default-release-image-source
   fureso:
     name: "Furesø Bibliotek & Borgerservice"

From 0e5f68b02e16aa10bab28ee231796906c54c4868 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 18 Jun 2024 13:44:54 +0200
Subject: [PATCH 149/341] add frederikshavn

---
 infrastructure/environments/dplplat01/sites.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index bffdbd77..200bbb27 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -167,6 +167,8 @@ sites:
     name: "Frederikshavn Kommunes Biblioteker"
     description: "The library site for Frederikshavn"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICZcYBGIGrw0aei4UFmWcNMiQ4ZbJbBR7OU7q5Bsu/lz"
+    primary-domain: bibl.frederikshavn.dk
+    autoGenerateRoutes: redirect
     <<: *default-release-image-source
   frederikssund:
     name: "Frederikssund Bibliotekerne"

From b4c2acff9034b057652b3e7304467806505a2d65 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 18 Jun 2024 13:46:04 +0200
Subject: [PATCH 150/341] =?UTF-8?q?add=20fures=C3=B8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 200bbb27..16732312 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -179,6 +179,10 @@ sites:
     name: "Furesø Bibliotek & Borgerservice"
     description: "The library site for Furesø"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+OntBSayMdg22NU1xDnoMsuW1E69uNwvcmeEgt8wlQ"
+    primary-domain: furbib.dk
+    secondary-domains:
+      - www.furbib.dk
+    autogenerateRoutes: redirect
     <<: *default-release-image-source
   gentofte:
     name: "Gentofte Bibliotekerne"

From cdd5d2b3bad62bd55cd1fb1daad6d0a24af0733b Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 18 Jun 2024 13:48:49 +0200
Subject: [PATCH 151/341] add Holstebro

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 16732312..83eb54f3 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -277,6 +277,10 @@ sites:
     name: "Holstebro Bibliotek"
     description: "The library site for Holstebro"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINQNXpvIAg6/lHe/RVocj2losQ6Q2TIN/S5IFdY17g0Y"
+    primary-domain: www.holstebrobibliotek.dk
+    secondary-domains:
+      - holstebrobibliotek.dk
+    autogenerateRoutes: redirect
     <<: *default-release-image-source
   horsens:
     name: "Horsens Bibliotek"

From 457be5588dae11bd6c7eb5615a49010f23e44484 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 18 Jun 2024 13:49:22 +0200
Subject: [PATCH 152/341] =?UTF-8?q?add=20H=C3=B8je-Taastrup?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 83eb54f3..f507d79c 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -267,6 +267,10 @@ sites:
     name: "Høje-Taastrup Kommunes Biblioteker"
     description: "The library site for Høje-Taastrup"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILiVBegVlQMb0OfQCfJAv87mLMe37xAaGCQc42i0j+2H"
+    primary-domain: bibliotek.htk.dk
+    secondary-domains:
+      - www.bibliotek.htk.dk
+    autogenerateRoutes: redirect
     <<: *default-release-image-source
   holbaek:
     name: "Holbæk Bibliotekerne"

From 504b0d665bc09993675b1303c842b9ac8384d30f Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 18 Jun 2024 13:51:26 +0200
Subject: [PATCH 153/341] =?UTF-8?q?add=20lyngby-taarb=C3=A6k?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index f507d79c..ffbfdd9a 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -375,6 +375,10 @@ sites:
     name: "Lyngby-Taarbæk Bibliotekerne"
     description: "The library site for Lyngby-Taarbæk"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOeXHvVXTlOXtrK8kSR12qZQH1YHto+PpWx0rac/1QMe"
+    primary-domain: www.lyngbybib.dk
+    secondary-domains:
+      - lyngbybib.dk
+    autogenerateRoutes: redirect
     <<: *default-release-image-source
   mariagerfjord:
     name: "Mariagerfjord Bibliotekerne"

From 7352f6d25ae11af05002c80615ab9bd71cfda35f Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 18 Jun 2024 13:53:20 +0200
Subject: [PATCH 154/341] =?UTF-8?q?add=20mors=C3=B8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index ffbfdd9a..69f79599 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -398,6 +398,10 @@ sites:
     name: "Morsø Folkebibliotek"
     description: "The library site for Morsø"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAVce9r/E16lOPiiZEcjzEW40nuxCCt7ahv5NYUPwU8P"
+    primary-domain: www.bibliotekmorsoe.dk
+    secondary-domains:
+      - bibliotekmorsoe.dk
+    autogenerateRoutes: redirect
     <<: *default-release-image-source
   naestved:
     name: "Næstved Bibliotek og Borgerservice"

From 042746ca88ad8dca2c3c9e205b45812ae6ea7ada Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 18 Jun 2024 13:57:27 +0200
Subject: [PATCH 155/341] add skive

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 69f79599..cca1530b 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -500,6 +500,10 @@ sites:
     name: "Skive Bibliotek"
     description: "The library site for Skive"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGpJAKCBMKM9G0qvUGeCRSvz8QNg27r7sDedj15HP7Hh"
+    primary-domain: www.skivebibliotek.dk
+    secondary-domains:
+      - skivebibliotek.dk
+    autogenerateRoutes: redirect
     <<: *default-release-image-source
   solrod:
     name: "Solrød Bibliotek og Kulturhus"

From 1126b2b17cccf5fe134873613103df1e443fec9f Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 18 Jun 2024 14:04:40 +0200
Subject: [PATCH 156/341] =?UTF-8?q?add=20vallensb=C3=A6k?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index cca1530b..f66abcea 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -564,6 +564,10 @@ sites:
     name: "Vallensbæk Bibliotek"
     description: "The library site for Vallensbæk"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1BwEGpOF6YrjToeH8iD2cALRjCdk1XOrHl7Yj9NPUE"
+    primary-domain: kulturogborgerhus.vallensbaek.dk
+    secondary-domains:
+      - www.kulturogborgerhus.vallensbaek.dk
+    autogenerateRoutes: redirect
     <<: *default-release-image-source
   varde:
     name: "Varde Bibliotek"

From 2c87bdcebdd10905e34f8269799ddf702a729f30 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 18 Jun 2024 14:13:20 +0200
Subject: [PATCH 157/341] add varde

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index f66abcea..3503bd5e 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -573,6 +573,10 @@ sites:
     name: "Varde Bibliotek"
     description: "The library site for Varde"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINk4ZKSj49vjmu9/wQAuK/LC8B7Q7dF7B+0N4JIRcGCp"
+    primary-domain: www.vardebib.dk
+    secondary-domains:
+      - vardebib.dk
+    autogenerateRoutes: redirect
     <<: *default-release-image-source
   vejen:
     name: "Vejen Kommunes Biblioteker"

From dc6190bc2948dce7336d5c9be401e9bdbc5d3ebf Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 18 Jun 2024 14:14:11 +0200
Subject: [PATCH 158/341] add vejen

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 3503bd5e..b1e01a3e 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -582,6 +582,10 @@ sites:
     name: "Vejen Kommunes Biblioteker"
     description: "The library site for Vejen"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKEKCWFJdpWpxSXpP0fXHBkZG6v0mENmOEsyJEDIqnoQ"
+    primary-domain: vejbib.dk
+    secondary-domains:
+      - www.vejbib.dk
+    autogenerateRoutes: redirect
     <<: *default-release-image-source
   vejle:
     name: "Vejle Bibliotekerne"

From 214e01a16485761d002afcf9c35835b5d93b5eee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Tue, 18 Jun 2024 14:49:17 +0200
Subject: [PATCH 159/341] Deploy 2024.25.0 on canary

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 0dcc2d58..fb4475bb 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -12,7 +12,7 @@ sites:
     description: "A site to test new releases on"
     releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
     releaseImageName: dpl-cms-source
-    dpl-cms-release: "2024.24.0"
+    dpl-cms-release: "2024.25.0"
     plan: webmaster
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIhuA0K7CNvRoe+Xx7RaXG4+a8KcSpzuWn+G4sUPzNWx"
   cms-school:

From c5c0bcaa6e4e3be5b07231a6d980e3d051bf6917 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Tue, 18 Jun 2024 15:27:28 +0200
Subject: [PATCH 160/341] Try to fix domain problems by adding a secondary
 domain

After applying previous changes it appears as if the project no longer
responds to the autogenerated domain names.

Frederikshavn is the only project which does not have a secondary
domain name in the batch. Try to fix it by adding one.
---
 infrastructure/environments/dplplat01/sites.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index b1e01a3e..9a283ef0 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -168,6 +168,8 @@ sites:
     description: "The library site for Frederikshavn"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICZcYBGIGrw0aei4UFmWcNMiQ4ZbJbBR7OU7q5Bsu/lz"
     primary-domain: bibl.frederikshavn.dk
+    secondary-domains:
+      - www.bibl.frederikshavn.dk
     autoGenerateRoutes: redirect
     <<: *default-release-image-source
   frederikssund:

From dec81f42bcc7fa7e678ffe9f1f1ed3340adc374f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Tue, 18 Jun 2024 15:33:54 +0200
Subject: [PATCH 161/341] Update autogenerate routes for Frederikshavn to keep
 existing routes

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 9a283ef0..a5b70e84 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -170,7 +170,7 @@ sites:
     primary-domain: bibl.frederikshavn.dk
     secondary-domains:
       - www.bibl.frederikshavn.dk
-    autoGenerateRoutes: redirect
+    autoGenerateRoutes: true
     <<: *default-release-image-source
   frederikssund:
     name: "Frederikssund Bibliotekerne"

From e4a48f85a98a2ba5d18cef9711c7e2d27de0bb2a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Tue, 18 Jun 2024 15:45:35 +0200
Subject: [PATCH 162/341] Revert "Try to fix domain problems by adding a
 secondary domain"

This reverts commit c5c0bcaa6e4e3be5b07231a6d980e3d051bf6917.

# Conflicts:
#	infrastructure/environments/dplplat01/sites.yaml
---
 infrastructure/environments/dplplat01/sites.yaml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index a5b70e84..9a004598 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -168,8 +168,6 @@ sites:
     description: "The library site for Frederikshavn"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICZcYBGIGrw0aei4UFmWcNMiQ4ZbJbBR7OU7q5Bsu/lz"
     primary-domain: bibl.frederikshavn.dk
-    secondary-domains:
-      - www.bibl.frederikshavn.dk
     autoGenerateRoutes: true
     <<: *default-release-image-source
   frederikssund:

From 2ccaea2c5b3fbb384e6bcab270fed89c3c4abb2d Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Tue, 18 Jun 2024 15:51:01 +0200
Subject: [PATCH 163/341] Fix typos (auto{G->g}enerateRoutes) and set new
 libraries to gen routes without redirect

We only want autogenerateRoutes: true after traffic is succesfully directed to the primary domain and we want to move traffic off the autogen domains
---
 .../environments/dplplat01/sites.yaml         | 24 +++++++++----------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 9a004598..8b6511f5 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -156,7 +156,7 @@ sites:
     primary-domain: fredericiabib.dk
     secondary-domains:
       - www.fredericiabib.dk
-    autogenerateRoutes: redirect
+    autogenerateRoutes: true
     <<: *default-release-image-source
   frederiksberg:
     name: "Biblioteket Frederiksberg"
@@ -168,7 +168,7 @@ sites:
     description: "The library site for Frederikshavn"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICZcYBGIGrw0aei4UFmWcNMiQ4ZbJbBR7OU7q5Bsu/lz"
     primary-domain: bibl.frederikshavn.dk
-    autoGenerateRoutes: true
+    autogenerateRoutes: true
     <<: *default-release-image-source
   frederikssund:
     name: "Frederikssund Bibliotekerne"
@@ -182,7 +182,7 @@ sites:
     primary-domain: furbib.dk
     secondary-domains:
       - www.furbib.dk
-    autogenerateRoutes: redirect
+    autogenerateRoutes: true
     <<: *default-release-image-source
   gentofte:
     name: "Gentofte Bibliotekerne"
@@ -250,7 +250,7 @@ sites:
     primary-domain: www.herningbib.dk
     secondary-domains:
       - herningbib.dk
-    autoGenerateRoutes: true
+    autogenerateRoutes: true
     plan: webmaster
     <<: *default-release-image-source
   hillerod:
@@ -270,7 +270,7 @@ sites:
     primary-domain: bibliotek.htk.dk
     secondary-domains:
       - www.bibliotek.htk.dk
-    autogenerateRoutes: redirect
+    autogenerateRoutes: true
     <<: *default-release-image-source
   holbaek:
     name: "Holbæk Bibliotekerne"
@@ -284,7 +284,7 @@ sites:
     primary-domain: www.holstebrobibliotek.dk
     secondary-domains:
       - holstebrobibliotek.dk
-    autogenerateRoutes: redirect
+    autogenerateRoutes: true
     <<: *default-release-image-source
   horsens:
     name: "Horsens Bibliotek"
@@ -378,7 +378,7 @@ sites:
     primary-domain: www.lyngbybib.dk
     secondary-domains:
       - lyngbybib.dk
-    autogenerateRoutes: redirect
+    autogenerateRoutes: true
     <<: *default-release-image-source
   mariagerfjord:
     name: "Mariagerfjord Bibliotekerne"
@@ -401,7 +401,7 @@ sites:
     primary-domain: www.bibliotekmorsoe.dk
     secondary-domains:
       - bibliotekmorsoe.dk
-    autogenerateRoutes: redirect
+    autogenerateRoutes: true
     <<: *default-release-image-source
   naestved:
     name: "Næstved Bibliotek og Borgerservice"
@@ -503,7 +503,7 @@ sites:
     primary-domain: www.skivebibliotek.dk
     secondary-domains:
       - skivebibliotek.dk
-    autogenerateRoutes: redirect
+    autogenerateRoutes: true
     <<: *default-release-image-source
   solrod:
     name: "Solrød Bibliotek og Kulturhus"
@@ -567,7 +567,7 @@ sites:
     primary-domain: kulturogborgerhus.vallensbaek.dk
     secondary-domains:
       - www.kulturogborgerhus.vallensbaek.dk
-    autogenerateRoutes: redirect
+    autogenerateRoutes: true
     <<: *default-release-image-source
   varde:
     name: "Varde Bibliotek"
@@ -576,7 +576,7 @@ sites:
     primary-domain: www.vardebib.dk
     secondary-domains:
       - vardebib.dk
-    autogenerateRoutes: redirect
+    autogenerateRoutes: true
     <<: *default-release-image-source
   vejen:
     name: "Vejen Kommunes Biblioteker"
@@ -585,7 +585,7 @@ sites:
     primary-domain: vejbib.dk
     secondary-domains:
       - www.vejbib.dk
-    autogenerateRoutes: redirect
+    autogenerateRoutes: true
     <<: *default-release-image-source
   vejle:
     name: "Vejle Bibliotekerne"

From 58f693f92303687267cfb6dda552e597f6d948a0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Tue, 18 Jun 2024 17:07:20 +0200
Subject: [PATCH 164/341] Deploy 2024.25.0 to canary

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index fb4475bb..d4093f30 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -12,7 +12,7 @@ sites:
     description: "A site to test new releases on"
     releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
     releaseImageName: dpl-cms-source
-    dpl-cms-release: "2024.25.0"
+    dpl-cms-release: "2024.25.1"
     plan: webmaster
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIhuA0K7CNvRoe+Xx7RaXG4+a8KcSpzuWn+G4sUPzNWx"
   cms-school:

From 9ed45037bad72b5552b9dbc67bc4189a4b0b6e8e Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 19 Jun 2024 08:26:57 +0200
Subject: [PATCH 165/341] skive is not using this as their secondary domain

---
 infrastructure/environments/dplplat01/sites.yaml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 8b6511f5..ff683e9f 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -501,8 +501,6 @@ sites:
     description: "The library site for Skive"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGpJAKCBMKM9G0qvUGeCRSvz8QNg27r7sDedj15HP7Hh"
     primary-domain: www.skivebibliotek.dk
-    secondary-domains:
-      - skivebibliotek.dk
     autogenerateRoutes: true
     <<: *default-release-image-source
   solrod:

From 77e9c71262fa89b6b67399319fc2031f44ce187d Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Thu, 20 Jun 2024 07:59:30 +0200
Subject: [PATCH 166/341] add secondary domains

---
 infrastructure/environments/dplplat01/sites.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index ff683e9f..8b6511f5 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -501,6 +501,8 @@ sites:
     description: "The library site for Skive"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGpJAKCBMKM9G0qvUGeCRSvz8QNg27r7sDedj15HP7Hh"
     primary-domain: www.skivebibliotek.dk
+    secondary-domains:
+      - skivebibliotek.dk
     autogenerateRoutes: true
     <<: *default-release-image-source
   solrod:

From 1c8f4f29b983e52ebc5b61b4eec937e5b04b921c Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Thu, 13 Jun 2024 11:51:11 +0200
Subject: [PATCH 167/341] up the min number of nodes for the app pool to 11

---
 infrastructure/environments/dplplat01/infrastructure/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/infrastructure/main.tf b/infrastructure/environments/dplplat01/infrastructure/main.tf
index 58621474..b6d8d0d3 100644
--- a/infrastructure/environments/dplplat01/infrastructure/main.tf
+++ b/infrastructure/environments/dplplat01/infrastructure/main.tf
@@ -8,7 +8,7 @@ module "environment" {
   lagoon_domain_base = "dplplat01.dpl.reload.dk"
   random_seed        = "LahYegheePhohGeew9Fa"
   node_pools = {
-    "app3" : { min : 9, max : 15, vm: "Standard_B8ms", max_pods : 85 },
+    "app3" : { min : 11, max : 15, vm: "Standard_B8ms", max_pods : 85 },
     "admin3" : { min : 1, max : 1, vm : "Standard_B8ms", role : "admin", max_pods : 85 },
   }
   node_pool_system_count = 2

From f4cb698de4ec9161b23bf210c4d3210564dfbc08 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Thu, 20 Jun 2024 08:02:38 +0200
Subject: [PATCH 168/341] =?UTF-8?q?add=20hiller=C3=B8d?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 3447a3cb..6d7b6674 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -257,6 +257,10 @@ sites:
     name: "Hillerød Bibliotekerne"
     description: "The library site for Hillerød"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMpZ969v19pbZ6ILz1krcNBccZMkUK3ok5S1HjF7u5Y1"
+    primary-domain: hilbib.dk
+    secondary-domains:
+      - www.hilbib.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   hjorring:
     name: "Hjørring Bibliotekerne"

From 52e44955451bc1cc8183aaa42a615b4299c0772b Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Thu, 20 Jun 2024 10:15:43 +0200
Subject: [PATCH 169/341] release 2024.25.1 to all sites

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 6d7b6674..f6ff842a 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -2,7 +2,7 @@
 x-defaults: &default-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
-  dpl-cms-release: "2024.24.0"
+  dpl-cms-release: "2024.25.1"
 sites:
   # Site objects are indexed by a unique key that must be a valid lagoon, and
   # github project name. That is, alphanumeric and dashes.

From b41bf0004222565e610505867d92f3318ce7207a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Thu, 20 Jun 2024 14:57:32 +0200
Subject: [PATCH 170/341] Deploy 2024.25.2 to select sites

---
 infrastructure/environments/dplplat01/sites.yaml | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index f6ff842a..b3c1aa18 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -3,6 +3,10 @@ x-defaults: &default-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
   dpl-cms-release: "2024.25.1"
+x-next: &next-release-image-source
+  releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
+  releaseImageName: dpl-cms-source
+  dpl-cms-release: "2024.25.2"
 sites:
   # Site objects are indexed by a unique key that must be a valid lagoon, and
   # github project name. That is, alphanumeric and dashes.
@@ -33,7 +37,7 @@ sites:
     name: "Aabenraa Biblioteker og Kulturhuse"
     description: "The library site for Aabenraa"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEMyXdV9INXfJeWlvQAke7jOtWWHTokbPoQ/0vjZ0S1D"
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   aalborg:
     name: "Aalborg Bibliotekerne"
     description: "The main library site for Aalborg"
@@ -183,7 +187,7 @@ sites:
     secondary-domains:
       - www.furbib.dk
     autogenerateRoutes: true
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   gentofte:
     name: "Gentofte Bibliotekerne"
     description: "The library site for Gentofte"
@@ -242,7 +246,7 @@ sites:
       - herlevbibliotek.dk
     autogenerateRoutes: "redirect"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICsQ7blUGjtlSdPU4AV7PR21o2Eqg5IMKTCFX3PV/2Mf"
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   herning:
     name: "Herning Bibliotekerne"
     description: "The main library site for Herning"
@@ -397,7 +401,7 @@ sites:
     secondary-domains:
       - middelfartbibliotek.dk
     autogenerateRoutes: true
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   morso:
     name: "Morsø Folkebibliotek"
     description: "The library site for Morsø"
@@ -480,7 +484,7 @@ sites:
     name: "Rudersdal Bibliotekerne"
     description: "The library site for Rudersdal"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMS9z1DqqOV7+ycLji2x8PYZeBgpUKvZLPlBu5/8IPDy"
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   samso:
     name: "Samsø Bibliotek"
     description: "The library site for Samsø"

From e7198c0e5f6f4c3600df71ddd12dfe252c90ac01 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 8 May 2024 13:19:48 +0200
Subject: [PATCH 171/341] add a step to remind us to update the kubectl version
 to match the AKS kubernetes version

---
 docs/runbooks/upgrading-aks.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/runbooks/upgrading-aks.md b/docs/runbooks/upgrading-aks.md
index e0cea057..9a447c45 100644
--- a/docs/runbooks/upgrading-aks.md
+++ b/docs/runbooks/upgrading-aks.md
@@ -86,3 +86,4 @@ Monitor via eg.
 ```shell
 watch -n 5 kubectl get nodes
 ```
+5. Go to `dplsh's` Dockerfile and update the `kubectl` version to match that of the upgraded AKS version

From b9fad247d9d092a38e212327b80c285953bc8129 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 12 Jun 2024 15:43:45 +0200
Subject: [PATCH 172/341] add correct variable

---
 docs/runbooks/upgrading-aks.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/runbooks/upgrading-aks.md b/docs/runbooks/upgrading-aks.md
index 9a447c45..02091349 100644
--- a/docs/runbooks/upgrading-aks.md
+++ b/docs/runbooks/upgrading-aks.md
@@ -86,4 +86,4 @@ Monitor via eg.
 ```shell
 watch -n 5 kubectl get nodes
 ```
-5. Go to `dplsh's` Dockerfile and update the `kubectl` version to match that of the upgraded AKS version
+5. Go to `dplsh's` Dockerfile and update the `KUBECTL_VERSION` version to match that of the upgraded AKS version

From 9419a88adad99984de447b5cce34f813d4a86e15 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Thu, 20 Jun 2024 15:01:56 +0200
Subject: [PATCH 173/341] fix some identation

---
 docs/runbooks/upgrading-aks.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/runbooks/upgrading-aks.md b/docs/runbooks/upgrading-aks.md
index 02091349..4deb0337 100644
--- a/docs/runbooks/upgrading-aks.md
+++ b/docs/runbooks/upgrading-aks.md
@@ -81,9 +81,9 @@ for background info on this operation.
    aware that the admin node-pool where harbor runs has a tendency to take a
    long time as the harbor pvcs are slow to migrate to the new node.
 
-Monitor via eg.
+    Monitor via eg.
 
-```shell
-watch -n 5 kubectl get nodes
-```
+    ```shell
+    watch -n 5 kubectl get nodes
+    ```
 5. Go to `dplsh's` Dockerfile and update the `KUBECTL_VERSION` version to match that of the upgraded AKS version

From 3c7d571c11f8a52d5f39ceb77d6ee3638d1897e6 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Thu, 20 Jun 2024 15:08:16 +0200
Subject: [PATCH 174/341] fixe fenced code blocks should be surrounded by blank
 lines

---
 docs/runbooks/upgrading-aks.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/runbooks/upgrading-aks.md b/docs/runbooks/upgrading-aks.md
index 4deb0337..95c9ce88 100644
--- a/docs/runbooks/upgrading-aks.md
+++ b/docs/runbooks/upgrading-aks.md
@@ -86,4 +86,5 @@ for background info on this operation.
     ```shell
     watch -n 5 kubectl get nodes
     ```
+
 5. Go to `dplsh's` Dockerfile and update the `KUBECTL_VERSION` version to match that of the upgraded AKS version

From 0ce5d643bce952d67722d4ecd685608c6495700a Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Thu, 20 Jun 2024 15:13:43 +0200
Subject: [PATCH 175/341] line length error fix

---
 docs/runbooks/upgrading-aks.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docs/runbooks/upgrading-aks.md b/docs/runbooks/upgrading-aks.md
index 95c9ce88..d377ec08 100644
--- a/docs/runbooks/upgrading-aks.md
+++ b/docs/runbooks/upgrading-aks.md
@@ -87,4 +87,5 @@ for background info on this operation.
     watch -n 5 kubectl get nodes
     ```
 
-5. Go to `dplsh's` Dockerfile and update the `KUBECTL_VERSION` version to match that of the upgraded AKS version
+5. Go to `dplsh's` Dockerfile and update the `KUBECTL_VERSION` version to
+    match that of the upgraded AKS version

From f8a63f8bdd1240a9dff1dd9e2a4f68334c38f35b Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Thu, 20 Jun 2024 11:51:42 +0200
Subject: [PATCH 176/341] add new memory optimized node pool

---
 infrastructure/environments/dplplat01/infrastructure/main.tf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/infrastructure/environments/dplplat01/infrastructure/main.tf b/infrastructure/environments/dplplat01/infrastructure/main.tf
index b6d8d0d3..49f9096e 100644
--- a/infrastructure/environments/dplplat01/infrastructure/main.tf
+++ b/infrastructure/environments/dplplat01/infrastructure/main.tf
@@ -9,6 +9,7 @@ module "environment" {
   random_seed        = "LahYegheePhohGeew9Fa"
   node_pools = {
     "app3" : { min : 11, max : 15, vm: "Standard_B8ms", max_pods : 85 },
+    "app4" : { min : 4, max : 15, vm: "Standard_E4s_v3", max_pods : 70 },
     "admin3" : { min : 1, max : 1, vm : "Standard_B8ms", role : "admin", max_pods : 85 },
   }
   node_pool_system_count = 2

From b30ba56453d6b4e5ffa39c17807c4b7e6100ec03 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Sun, 23 Jun 2024 23:12:14 +0200
Subject: [PATCH 177/341] Add missing http_log_format file

---
 .../standard/lagoon/conf/nginx/http_log_format.conf             | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 infrastructure/dpladm/env-repo-template/standard/lagoon/conf/nginx/http_log_format.conf

diff --git a/infrastructure/dpladm/env-repo-template/standard/lagoon/conf/nginx/http_log_format.conf b/infrastructure/dpladm/env-repo-template/standard/lagoon/conf/nginx/http_log_format.conf
new file mode 100644
index 00000000..3e561d88
--- /dev/null
+++ b/infrastructure/dpladm/env-repo-template/standard/lagoon/conf/nginx/http_log_format.conf
@@ -0,0 +1,2 @@
+log_format upstreaminfo '{"time": "$time_iso8601", "remote_addr": "$proxy_add_x_forwarded_for", "x-forward-for": "$proxy_add_x_forwarded_for", "bytes_sent": $bytes_sent, "request_time": $request_time, "status":$status, "vhost": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args", "request_length": $request_length, "duration": $request_time,"method": "$request_method", "http_referrer": "$http_referer", "http_user_agent": "$http_user_agent" }';
+access_log /dev/stdout upstreaminfo;

From 8d4c2bf3c7e8d6bcd096902a582406ae4a727cee Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Sun, 23 Jun 2024 23:22:16 +0200
Subject: [PATCH 178/341] Set up domains going live 24th of June 2024

---
 .../environments/dplplat01/sites.yaml         | 30 +++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index b3c1aa18..88415f0f 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -127,6 +127,10 @@ sites:
     name: "Esbjerg Kommunes Biblioteker"
     description: "The library site for Esbjerg"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBQFAh4UeSmcPTFtXj5W/ZKhelJcAornaFYIYJUP0hH9"
+    primary-domain: www.esbjergbibliotek.dk
+    secondary-domains:
+      - esbjergbibliotek.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   faaborg-midtfyn:
     name: "Faaborg-Midtfyn Bibliotekerne"
@@ -137,6 +141,12 @@ sites:
     name: "Favrskov Bibliotekerne"
     description: "The library site for Favrskov"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINqAkzzI+VgHhM7NpOQaEe7XSUo2iWU/cVXvt8rq88uK"
+    primary-domain: favrskovbib.dk
+    secondary-domains:
+      - www.favrskovbib.dk
+      - favrskovbibliotekerne.dk
+      - www.favrskovbibliotekerne.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   faxe:
     name: "Faxe Kommunes Bibliotek & Borgerservice"
@@ -227,11 +237,19 @@ sites:
     name: "Halsnæs Bibliotekerne"
     description: "The library site for Halsnæs"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMB+INXad3Fl3fbnPVnDJcMq1L907fu5J4S7rL3nUv84"
+    primary-domain: bibliotekerne.halsnaes.dk
+    secondary-domains:
+      - www.bibliotekerne.halsnaes.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   hedensted:
     name: "Hedensted Bibliotekerne"
     description: "The library site for Hedensted"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID34dCc953IPi1leCQyIOo4XMOvuRz84qam4P1r9Dzuh"
+    primary-domain: hedenstedbib.dk
+    secondary-domains:
+      - www.hedenstedbib.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   helsingor:
     name: "Helsingør Kommunes Biblioteker"
@@ -378,6 +396,10 @@ sites:
     name: "LollandBibliotekerne"
     description: "The library site for Lolland"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDHoX6Huapt+Rjz1pgyyYRLAHpgsgctmi+Fs37tVIbjN"
+    primary-domain: lollandbib.dk
+    secondary-domains:
+      - www.lollandbib.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   lyngby-taarbaek:
     name: "Lyngby-Taarbæk Bibliotekerne"
@@ -498,6 +520,10 @@ sites:
     name: "Silkeborg Bibliotekerne"
     description: "The library site for Silkeborg"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHudvU3HuWcnnCOFlQU5Tvgkb/v6b2DttwUTN7Vl0sQV"
+    primary-domain: silkeborgbib.dk
+    secondary-domains:
+      - www.silkeborgbib.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   skanderborg:
     name: "Skanderborg Bibliotek"
@@ -618,4 +644,8 @@ sites:
     name: "Vordingborg Bibliotekerne"
     description: "The library site for Vordingborg"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICeMmI9ufAPgkQvdcFEg0EAMNNuLbXHxw2MXhVdtPT3w"
+    primary-domain: www.vordingborgbibliotekerne.dk
+    secondary-domains:
+      - vordingborgbibliotekerne.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source

From 06046bf432898ad67131252f883b0e539ef4940f Mon Sep 17 00:00:00 2001
From: Mikkel Jakobsen <jakobsen.mikkel@gmail.com>
Date: Mon, 24 Jun 2024 12:18:06 +0200
Subject: [PATCH 179/341] Deploy 2024.26.0 to canary site for testing

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index b3c1aa18..369e606e 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -16,7 +16,7 @@ sites:
     description: "A site to test new releases on"
     releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
     releaseImageName: dpl-cms-source
-    dpl-cms-release: "2024.25.1"
+    dpl-cms-release: "2024.26.0"
     plan: webmaster
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIhuA0K7CNvRoe+Xx7RaXG4+a8KcSpzuWn+G4sUPzNWx"
   cms-school:

From b22933d94622f09695960b10db08cfa1e4ca8125 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Mon, 24 Jun 2024 12:37:53 +0200
Subject: [PATCH 180/341] Add more domains to esbjerg

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 88415f0f..5c5fec67 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -130,6 +130,10 @@ sites:
     primary-domain: www.esbjergbibliotek.dk
     secondary-domains:
       - esbjergbibliotek.dk
+      - ekb.dk
+      - www.ekb.dk
+      - esbbib.dk
+      - www.esbbib.dk
     autogenerateRoutes: true
     <<: *default-release-image-source
   faaborg-midtfyn:

From 658f76653a2a06c9af3f85f227fc2d8daef994d4 Mon Sep 17 00:00:00 2001
From: Mikkel Jakobsen <jakobsen.mikkel@gmail.com>
Date: Mon, 24 Jun 2024 14:38:11 +0200
Subject: [PATCH 181/341] Roll out 2024.26.0 on all library sites

---
 infrastructure/environments/dplplat01/sites.yaml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index eba02fe3..c04c23de 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -2,7 +2,7 @@
 x-defaults: &default-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
-  dpl-cms-release: "2024.25.1"
+  dpl-cms-release: "2024.26.0"
 x-next: &next-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
@@ -37,7 +37,7 @@ sites:
     name: "Aabenraa Biblioteker og Kulturhuse"
     description: "The library site for Aabenraa"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEMyXdV9INXfJeWlvQAke7jOtWWHTokbPoQ/0vjZ0S1D"
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   aalborg:
     name: "Aalborg Bibliotekerne"
     description: "The main library site for Aalborg"
@@ -201,7 +201,7 @@ sites:
     secondary-domains:
       - www.furbib.dk
     autogenerateRoutes: true
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   gentofte:
     name: "Gentofte Bibliotekerne"
     description: "The library site for Gentofte"
@@ -268,7 +268,7 @@ sites:
       - herlevbibliotek.dk
     autogenerateRoutes: "redirect"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICsQ7blUGjtlSdPU4AV7PR21o2Eqg5IMKTCFX3PV/2Mf"
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   herning:
     name: "Herning Bibliotekerne"
     description: "The main library site for Herning"
@@ -427,7 +427,7 @@ sites:
     secondary-domains:
       - middelfartbibliotek.dk
     autogenerateRoutes: true
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   morso:
     name: "Morsø Folkebibliotek"
     description: "The library site for Morsø"
@@ -510,7 +510,7 @@ sites:
     name: "Rudersdal Bibliotekerne"
     description: "The library site for Rudersdal"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMS9z1DqqOV7+ycLji2x8PYZeBgpUKvZLPlBu5/8IPDy"
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   samso:
     name: "Samsø Bibliotek"
     description: "The library site for Samsø"

From c371d81e0e1e53a012750baab666ab815e94313e Mon Sep 17 00:00:00 2001
From: Mikkel Jakobsen <jakobsen.mikkel@gmail.com>
Date: Mon, 24 Jun 2024 14:47:25 +0200
Subject: [PATCH 182/341] Delete unused "next" release block

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index c04c23de..489ceba6 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -3,10 +3,6 @@ x-defaults: &default-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
   dpl-cms-release: "2024.26.0"
-x-next: &next-release-image-source
-  releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
-  releaseImageName: dpl-cms-source
-  dpl-cms-release: "2024.25.2"
 sites:
   # Site objects are indexed by a unique key that must be a valid lagoon, and
   # github project name. That is, alphanumeric and dashes.

From bc02afdfdc4618cefb0d3cd0ac67ce5567fc34cc Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Mon, 24 Jun 2024 20:55:02 +0200
Subject: [PATCH 183/341] Added domains going live 25th of June 2024

---
 .../environments/dplplat01/sites.yaml         | 32 +++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 489ceba6..98046219 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -232,6 +232,10 @@ sites:
     name: "Haderslev Bibliotekerne"
     description: "The library site for Haderslev"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICsEjJ7Yqh8JPF1UglkMDQbksKwAeZLSZeqWRCWFXMkR"
+    primary-domain: haderslevbibliotekerne.dk
+    secondary-domains:
+      - www.haderslevbibliotekerne.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   halsnaes:
     name: "Halsnæs Bibliotekerne"
@@ -316,6 +320,10 @@ sites:
     name: "Horsens Bibliotek"
     description: "The library site for Horsens"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFR0Fs3s0SyO3kSWPJd2flAItMWSvN0elpWrqHuJSjjz"
+    primary-domain: horsensbibliotek.dk
+    secondary-domains:
+      - www.horsensbibliotek.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   horsholm:
     name: "Hørsholm Bibliotek"
@@ -330,6 +338,12 @@ sites:
     name: "HvidovreBibliotekerne"
     description: "The library site for Hvidovre"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINf+6OcOZOpd8hdtNcBm7wA8jYe6CtdYbW8iUrDjWapZ"
+    primary-domain: www.hvidovrebib.dk
+    secondary-domains:
+      - hvidovrebib.dk
+      - www.hvidovrebibliotekerne.dk
+      - hvidovrebibliotekerne.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   ikast-brande:
     name: "Ikast-Brande Bibliotek"
@@ -442,6 +456,10 @@ sites:
     name: "Norddjurs Biblioteker"
     description: "The library site for Norddjurs"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgrEOr/QVP8FkakoeoFwqqYMMroLzUEu2ieyLLWGmsB"
+    primary-domain: norddjursbib.dk
+    secondary-domains:
+      - www.norddjursbib.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   nordfyn:
     name: "Bibliotek og Borgerservice Nordfyns Kommune"
@@ -476,6 +494,12 @@ sites:
     name: "Randers Bibliotek"
     description: "The library site for Randers"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmOBUxVFYKHM8QNQ3od1a8e7+w+oFlE871SxH1+FN4R"
+    primary-domain: www.randersbib.dk
+    secondary-domains:
+      - randersbib.dk
+      - randersbibliotek.dk
+      - www.randersbibliotek.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   rebild:
     name: "Rebild Bibliotekerne"
@@ -625,6 +649,10 @@ sites:
     name: "Vejle Bibliotekerne"
     description: "The library site for Vejle"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILj79u24Ev3uo0WLgNVyMT+V0921M7a8qdM7Q/GyOdZl"
+    primary-domain: vejlebib.dk
+    secondary-domains:
+      - www.vejlebib.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   vesthimmerland:
     name: "Vesthimmerlands Biblioteker"
@@ -639,6 +667,10 @@ sites:
     name: "Viborg Bibliotekerne"
     description: "The library site for Viborg"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINOTdXuLPGfLvqVJYmsF06Bdgmrff2tKl4PS7pRg4fFx"
+    primary-domain: www.viborgbib.dk
+    secondary-domains:
+      - viborgbib.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   vordingborg:
     name: "Vordingborg Bibliotekerne"

From 1e50a47bb0d8e17aac5e2c34c582c10a1a3060ad Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Mon, 24 Jun 2024 21:15:36 +0200
Subject: [PATCH 184/341] task certs:clear-queue

This task clears the entire queue of certificates that have not completed provisioning, allowing cert manager to quickly restart provisioning.
Sometimes the queue gets stuck for who knows what reason and this command helps unstuck it.
---
 infrastructure/Taskfile.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index d113b0fe..827bba3f 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -1118,6 +1118,17 @@ tasks:
           cat {{.dir_env}}/sites.yaml | yq '.sites | keys | .[]' \
           | xargs -n 1 -I % bash -c 'set -e; if (( $(curl -s https://varnish.main.%.dplplat01.dpl.reload.dk/ | grep "\"header__logo-desktop-link\"" -A 8 | grep "\"logo-fallback\s*\"" -A 4 | grep "Logo title (bold)" | wc -l) > 0 )); then echo "% not yet set up"; fi'
 
+    certs:clear-queue:
+      desc: |
+        Because cert-manager sometimes hangs while provisioning certificates it helps to clear the whole queue
+        of uncompleted certificates. This command removes any certificate that has an order not in either
+        valid (certificate is good!) or ready (almost ready, will be provisioned in seconds) state.
+      cmds:
+        - |
+          kubectl get order -A -o yaml | \
+          yq '.items | filter(.status.state != "valid" and .status.state != "ready") | .[].metadata | .namespace + " " + .name' | \
+          xargs -n 2 bash -c 'kubectl delete certificate -n $0 $(echo "$1" | sed -r "s/^([0-9a-z\.\-]+-tls)-[a-z0-9]+-[a-z0-9]+$/\1/i")'
+
     ui-password:
       deps: [cluster:auth]
       desc: Get the password to access a given user interface

From cdd26d7dc2a2cb502b6ff0469e8dc458edb9af22 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Tue, 25 Jun 2024 20:57:48 +0200
Subject: [PATCH 185/341] Swap www. and non-www. viborg domains

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 98046219..623736e9 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -667,9 +667,9 @@ sites:
     name: "Viborg Bibliotekerne"
     description: "The library site for Viborg"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINOTdXuLPGfLvqVJYmsF06Bdgmrff2tKl4PS7pRg4fFx"
-    primary-domain: www.viborgbib.dk
+    primary-domain: viborgbib.dk
     secondary-domains:
-      - viborgbib.dk
+      - www.viborgbib.dk
     autogenerateRoutes: true
     <<: *default-release-image-source
   vordingborg:

From c1dcb44c83a191ef721b47a5ce04a308bd22b2a2 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Tue, 25 Jun 2024 21:41:21 +0200
Subject: [PATCH 186/341] Set up domains for sites set to go live on June 26th
 2024

---
 .../environments/dplplat01/sites.yaml         | 84 +++++++++++++++++++
 1 file changed, 84 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 623736e9..9ea0149d 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -33,6 +33,10 @@ sites:
     name: "Aabenraa Biblioteker og Kulturhuse"
     description: "The library site for Aabenraa"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEMyXdV9INXfJeWlvQAke7jOtWWHTokbPoQ/0vjZ0S1D"
+    primary-domain: www.aabenraabib.dk
+    secondary-domains:
+      - aabenraabib.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   aalborg:
     name: "Aalborg Bibliotekerne"
@@ -54,6 +58,10 @@ sites:
     name: "Ærø Folkebibliotek"
     description: "The library site for Ærø"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDJNI7OU7O3X0AYNJSyZ9VkdSGaD5mAQmhcRMW72TpKi"
+    primary-domain: www.arrebib.dk
+    secondary-domains:
+      - arrebib.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   albertslund:
     name: "Albertslund Bibliotek"
@@ -78,6 +86,10 @@ sites:
     name: "Ballerup Bibliotekerne"
     description: "The library site for Ballerup"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKnoDa5OsU/7RESGoGwvRv/piSndDnLShEyaBDP2pW1r"
+    primary-domain: bib.ballerup.dk
+    secondary-domains:
+      - www.bib.ballerup.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   billund:
     name: "Billund Bibliotekerne og Borgerservice"
@@ -113,6 +125,10 @@ sites:
     name: "Dragør Bibliotek"
     description: "The library site for Dragør"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAwkmlUnVYpnRLKQDohUcg58fFYn+UdPGDU2AUWoTybo"
+    primary-domain: www.drabib.dk
+    secondary-domains:
+      - drabib.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   egedal:
     name: "Egedal Bibliotekerne"
@@ -188,6 +204,10 @@ sites:
     name: "Frederikssund Bibliotekerne"
     description: "The library site for Frederikssund"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOSWh56XpMvlK6CMz2bi3RZoUXUWFUVw7eo/cfaxmE/1"
+    primary-domain: www.bibliotekerne.frederikssund.dk
+    secondary-domains:
+      - bibliotekerne.frederikssund.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   fureso:
     name: "Furesø Bibliotek & Borgerservice"
@@ -292,6 +312,10 @@ sites:
     name: "Hjørring Bibliotekerne"
     description: "The library site for Hjørring"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJw8nFZITPe1eVE9BUmtxWWuJUKNezmJgRa3QS1T0nWI"
+    primary-domain: hjbib.dk
+    secondary-domains:
+      - www.hjbib.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   hoje-taastrup:
     name: "Høje-Taastrup Kommunes Biblioteker"
@@ -349,6 +373,10 @@ sites:
     name: "Ikast-Brande Bibliotek"
     description: "The library site for Ikast-Brande"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKpSICadbqfwDoZgxSro2QlhWCNKMfN4Juhpg+S+57Jg"
+    primary-domain: www.ikast-brandebibliotek.dk
+    secondary-domains:
+      - ikast-brandebibliotek.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   ishoj:
     name: "Ishøj Bibliotek"
@@ -385,16 +413,30 @@ sites:
     name: "KøgeBibliotekerne"
     description: "The library site for Køge"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMRB54Z7o6Vt3qOucjvE7No6LN2NdBNtfRi2f4y+UQdA"
+    primary-domain: www.koegebib.dk
+    secondary-domains:
+      - koegebib.dk
+      - www.koegebibliotekerne.dk
+      - koegebibliotekerne.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   kolding:
     name: "Koldingbibliotekerne"
     description: "The library site for Kolding"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBIP5Rlg98TBW8mdIbqcksbxpT0epIbAe56iAcEmi2z6"
+    primary-domain: koldingbib.dk
+    secondary-domains:
+      - www.koldingbib.dk
+      - koldingbibliotekerne.dk
+      - www.koldingbibliotekerne.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   laeso:
     name: "Læsø Bibliotek"
     description: "The library site for Læsø"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBAqZWP02LnFU7Iwlj9ebWeX3efwl9tkRzidSIjo6FF"
+    primary-domain: biblioteket.laesoe.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   langeland:
     name: "Langeland Bibliotek"
@@ -405,6 +447,14 @@ sites:
     name: "Lejre Bibliotek & Arkiv"
     description: "The library site for Lejre"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJUCoDJmWFsXa3nZe7XBa/v1nahzl2GeoT46XAW7ZVQG"
+    primary-domain: lejrebib.dk
+    secondary-domains:
+      - www.lejrebib.dk
+      - lejrebibliotek.dk
+      - www.lejrebibliotek.dk
+      - lejre.ddbcms.dk
+      - www.lejre.ddbcms.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   lolland:
     name: "LollandBibliotekerne"
@@ -428,6 +478,10 @@ sites:
     name: "Mariagerfjord Bibliotekerne"
     description: "The library site for Mariagerfjord"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFeTDNC6HBZrpSy73UadgOdr8sjxpsKZkwGARuJ3X8rC"
+    primary-domain: www.mariagerfjordbibliotekerne.dk
+    secondary-domains:
+      - mariagerfjordbibliotekerne.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   middelfart:
     name: "Middelfart Bibliotek"
@@ -479,6 +533,10 @@ sites:
     name: "Odder Bibliotek"
     description: "The library site for Odder"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHppEy2QVzOCwuLSQqf4OOMxiVtfbuxMQzatS4HBXXYB"
+    primary-domain: www.bibliotek.odder.dk
+    secondary-domains:
+      - bibliotek.odder.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   odense:
     name: "Odense Biblioteker og Borgerservice"
@@ -510,11 +568,19 @@ sites:
     name: "Ringkøbing-Skjern Bibliotekerne"
     description: "The library site for Ringkøbing-Skjern"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFDaximGZYZQWR0IX2sP/e94hfbHQrKVD5mTqiCvpIW2"
+    primary-domain: riskbib.dk
+    secondary-domains:
+      - www.riskbib.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   ringsted:
     name: "Ringsted Bibliotek & Borgerservice"
     description: "The library site for Ringsted"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGimIWKuDZGYhgEmh26pImLTGtIHvh9xEw1lHfxxplJz"
+    primary-domain: ringstedbib.dk
+    secondary-domains:
+      - www.ringstedbib.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   rodovre:
     name: "Rødovre Bibliotek"
@@ -530,6 +596,12 @@ sites:
     name: "Rudersdal Bibliotekerne"
     description: "The library site for Rudersdal"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMS9z1DqqOV7+ycLji2x8PYZeBgpUKvZLPlBu5/8IPDy"
+    primary-domain: rudbib.dk
+    secondary-domains:
+      - www.rudbib.dk
+      - rudersdalbibliotekerne.dk
+      - www.rudersdalbibliotekerne.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   samso:
     name: "Samsø Bibliotek"
@@ -553,6 +625,10 @@ sites:
     name: "Skanderborg Bibliotek"
     description: "The library site for Skanderborg"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ3uD7iCaZUa5HRmzs9esYCFoVnmPp5KKee+q5FPyR+Z"
+    primary-domain: www.bibliotek.skanderborg.dk
+    secondary-domains:
+      - bibliotek.skanderborg.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   skive:
     name: "Skive Bibliotek"
@@ -596,6 +672,10 @@ sites:
     name: "Dansk Centralbibliotek for Sydslesvig e.V."
     description: "The library site for Dansk Centralbibliotek for Sydslesvig e.V."
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH5J5WxZ7j+tCGTPOt36J6r1Vnth7PXXcdvYzP2TPph0"
+    primary-domain: www.dcbib.dk
+    secondary-domains:
+      - dcbib.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   svendborg:
     name: "Svendborg Bibliotek"
@@ -612,6 +692,10 @@ sites:
     description: "The library site for Tårnby"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF0F5bqQwdmAdMcDHVT8xxK0tOEGZYp21WIZ1zydr28O"
     plan: webmaster
+    primary-domain: taarnbybib.dk
+    secondary-domains:
+      - www.taarnbybib.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   thisted:
     name: "Biblioteket i Thy"

From fd8074f01921c992cae19f3c4a949c48fe9952b7 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Tue, 25 Jun 2024 22:40:43 +0200
Subject: [PATCH 187/341] Add thisted (Thy) domain

---
 infrastructure/environments/dplplat01/sites.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 9ea0149d..e2ea7ff9 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -701,6 +701,8 @@ sites:
     name: "Biblioteket i Thy"
     description: "The library site for Thisted"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII8zoNSiwkKmOSHvtKxSMJiDC9EWbTzhkAUd1+csvnne"
+    primary-domain: bib.kulturrummet.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   vallensbaek:
     name: "Vallensbæk Bibliotek"

From ed5fd2b184873766c863a5185983480ea8520ba9 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Wed, 26 Jun 2024 13:25:52 +0200
Subject: [PATCH 188/341] Add mfbib.dk as primary mariagerfjord domain

---
 infrastructure/environments/dplplat01/sites.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index e2ea7ff9..27e0cb94 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -478,9 +478,11 @@ sites:
     name: "Mariagerfjord Bibliotekerne"
     description: "The library site for Mariagerfjord"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFeTDNC6HBZrpSy73UadgOdr8sjxpsKZkwGARuJ3X8rC"
-    primary-domain: www.mariagerfjordbibliotekerne.dk
+    primary-domain: mfbib.dk
     secondary-domains:
+      - www.mfbib.dk
       - mariagerfjordbibliotekerne.dk
+      - www.mariagerfjordbibliotekerne.dk
     autogenerateRoutes: true
     <<: *default-release-image-source
   middelfart:

From 50a54d59667e19a4a5c64c819f103a6663f5a705 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Wed, 26 Jun 2024 13:59:43 +0200
Subject: [PATCH 189/341] Fail-fast in post-rollout

---
 infrastructure/dpladm/env-repo-template/standard/.lagoon.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/infrastructure/dpladm/env-repo-template/standard/.lagoon.yml b/infrastructure/dpladm/env-repo-template/standard/.lagoon.yml
index 11fd2e96..3a636b93 100644
--- a/infrastructure/dpladm/env-repo-template/standard/.lagoon.yml
+++ b/infrastructure/dpladm/env-repo-template/standard/.lagoon.yml
@@ -10,6 +10,7 @@ tasks:
     - run:
         name: If drupal is not installed
         command: |
+            set -e
             if tables=$(drush sqlq "show tables like 'node';") && [ -z "$tables" ]; then
                 drush si --existing-config -y
             fi
@@ -18,6 +19,7 @@ tasks:
     - run:
         name: drush deploy
         command: |
+            set -e
             if [[ -f config/sync/system.site.yml ]]; then
                 echo "Config detected, doing a drush deploy"
                 drush deploy
@@ -37,6 +39,7 @@ tasks:
         # it will be gone.
         name: Create module upload directory in public files
         command: |
+            set -e
             if [[ ! -d "web/sites/default/files/modules_local" ]]; then
                 echo "Creating directory for module uploads"
                 mkdir web/sites/default/files/modules_local
@@ -45,6 +48,7 @@ tasks:
     - run:
         name: Import translations
         command: |
+            set -e;
             drush locale-check
             drush locale-update
         service: cli

From 425407db19a8fa750c80bbd470677a73a90f9d92 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Wed, 26 Jun 2024 14:30:55 +0200
Subject: [PATCH 190/341] Set up domains for libraries going lvie June 27th
 2024

---
 .../environments/dplplat01/sites.yaml         | 42 +++++++++++++++++++
 1 file changed, 42 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 27e0cb94..9cf02ea7 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -178,6 +178,10 @@ sites:
     name: "Fredensborg Bibliotekerne"
     description: "The library site for Fredensborg"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKxoe8V6eyofhPOEe18qZACQAoWjfgCjN3yxcTWVjyxV"
+    primary-domain: www.fredensborgbibliotekerne.dk
+    secondary-domains:
+      - fredensborgbibliotekerne.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   fredericia:
     name: "Fredericia Bibliotek"
@@ -232,11 +236,21 @@ sites:
     name: "Glostrup Bibliotek"
     description: "The library site for Glostrup"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBMV2GongJbNSRKHl2OUNd2Md5Y9PxKMLxyU8BprGV1L"
+    primary-domain: www.glostrupbib.dk
+    secondary-domains:
+      - glostrupbib.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   greve:
     name: "Greve Bibliotek"
     description: "The library site for Greve"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMjwn5wHT3u7AIfYN0FMPtxidi+vUmcE1cZpWeg1pPm9"
+    primary-domain: www.grevebibliotek.dk
+    secondary-domains:
+      - grevebibliotek.dk
+      - grevebib.dk
+      - www.grevebib.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   gribskov:
     name: "Gribskov Biblioteker"
@@ -382,6 +396,10 @@ sites:
     name: "Ishøj Bibliotek"
     description: "The library site for Ishøj"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILAwD4x4QUSQlylgELoKuxBwP7PqHke5gbv4mkog82GK"
+    primary-domain: www.ishojbib.dk
+    secondary-domains:
+      - ishojbib.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   jammerbugt:
     name: "Jammerbugt Bibliotekerne"
@@ -392,6 +410,10 @@ sites:
     name: "Kalundborg Biblioteker"
     description: "The library site for Kallundborg"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+tCuK/9Ywp8AizLtg+GflsiGcB8QVDWNbXBwznxHkw"
+    primary-domain: www.kalundborgbib.dk
+    secondary-domains:
+      - kalundborgbib.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   kerteminde:
     name: "Kerteminde Bibliotekerne"
@@ -549,6 +571,10 @@ sites:
     name: "Odsherred Bibliotek og Kulturhuse"
     description: "The library site for Odsherred"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKO7a1/SEglnKZ3RJpSYKSaadeeVXr6xb5b5MJIEeYmc"
+    primary-domain: odsbib.dk
+    secondary-domains:
+      - www.odsbib.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   randers:
     name: "Randers Bibliotek"
@@ -565,6 +591,10 @@ sites:
     name: "Rebild Bibliotekerne"
     description: "The library site for Rebild"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ7BXhw6xig5W2AjtX7eqnnrWHKnavFqHdgc+5vY2U3T"
+    primary-domain: www.rebildbib.dk
+    secondary-domains:
+      - rebildbib.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   ringkobing-skjern:
     name: "Ringkøbing-Skjern Bibliotekerne"
@@ -650,6 +680,10 @@ sites:
     name: "Biblioteket Sønderborg"
     description: "The library site for Sønderborg"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJKta0DYtcxlP5VNCAQFVtRSbzJRSEs1YY3zsSxVQgfi"
+    primary-domain: biblioteket.sonderborg.dk
+    secondary-domains:
+      - www.biblioteket.sonderborg.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   soro:
     name: "Sorø Bibliotek"
@@ -660,6 +694,10 @@ sites:
     name: "Stevns Bibliotekerne"
     description: "The library site for Stevns"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINmstZ41PSBjLAxu8cE4Oi7G1oktlH1FFJBNbLT1GAez"
+    primary-domain: www.stevnsbib.dk
+    secondary-domains:
+      - stevnsbib.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   struer:
     name: "Struer Bibliotek"
@@ -688,6 +726,10 @@ sites:
     name: "Syddjurs Bibliotek"
     description: "The library site for Syddjurs"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINhp6QNrL71jlzbhSPRoTcRQS6b8Ztpx+JLZVxUhNSVK"
+    primary-domain: syddjursbibliotek.dk
+    secondary-domains:
+      - syddjursbibliotek.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   taarnby:
     name: "Tårnby Kommunebiblioteker"

From 876275161479e7bce69a7f8e08cd93cfe15560bb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Wed, 26 Jun 2024 15:28:19 +0200
Subject: [PATCH 191/341] Add task to show the latest backup for each site

Currently we have no good way of identifying failing backups. Our
best way to check that they are running for all sites is to check when
the last succesfull backup was run.

To help in this process we add a new task which retrieves this from
each site in Lagoon and prints it.

Use silent to avoid printing the shell command for each site. This
makes the output more compact.
---
 infrastructure/Taskfile.yml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index d113b0fe..f8dc1567 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -1066,6 +1066,18 @@ tasks:
             | grep -v ": 0 matches"
           echo "done"
 
+    sites:latest-backup:
+      desc: Show the timestamp for the last successful backup for each site
+      vars:
+        SITES:
+          sh: lagoon list projects --output-json | jq -r ".data[].projectname"
+      cmds:
+        - for: { var: SITES }
+          cmd: |
+            DATE=$(lagoon list backups -p {{.ITEM}} -e main --output-json | jq -r '.data[0].created')
+            echo "{{.ITEM}}: ${DATE}"
+          silent: true
+
     site:lagoon:project:capture-deploy-key:
       # TODO: print a big message if a deploy key is newly captured, so we know to commit changes!
       desc: Gets the deploy key for a particular project from Lagoon and persists it in sites.yaml

From 06e75f7fc388d4c47eb1050370f25cd24e5957cc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 27 Jun 2024 04:03:41 +0000
Subject: [PATCH 192/341] Bump hashicorp/terraform from 1.7.3 to 1.9.0 in
 /tools/dplsh

Bumps hashicorp/terraform from 1.7.3 to 1.9.0.

---
updated-dependencies:
- dependency-name: hashicorp/terraform
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 tools/dplsh/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/dplsh/Dockerfile b/tools/dplsh/Dockerfile
index 5f0cf31e..58f3dd28 100644
--- a/tools/dplsh/Dockerfile
+++ b/tools/dplsh/Dockerfile
@@ -5,7 +5,7 @@ ARG DPLSH_BUILD_VERSION=latest
 FROM alpine/helm:3.14.1 as helm
 
 # https://hub.docker.com/r/hashicorp/terraform/tags?page=1&ordering=last_updated
-FROM hashicorp/terraform:1.7.3 as terraform
+FROM hashicorp/terraform:1.9.0 as terraform
 
 # We use the official azure cli as a base-image. It is itself based on alpine
 # and is quite minimal.

From 6022368eddeea2b1a8324dbd9ffc88cbfd14c877 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Thu, 27 Jun 2024 09:15:27 +0200
Subject: [PATCH 193/341] Fix syddjurs secondary domain

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 9cf02ea7..84489115 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -728,7 +728,7 @@ sites:
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINhp6QNrL71jlzbhSPRoTcRQS6b8Ztpx+JLZVxUhNSVK"
     primary-domain: syddjursbibliotek.dk
     secondary-domains:
-      - syddjursbibliotek.dk
+      - www.syddjursbibliotek.dk
     autogenerateRoutes: true
     <<: *default-release-image-source
   taarnby:

From 2cc6ecbcef6c99d9eb0202f3de8f10ee9b1fb2ff Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Thu, 27 Jun 2024 12:12:46 +0200
Subject: [PATCH 194/341] Remove old url lejre.ddbcms.dk from lejre

---
 infrastructure/environments/dplplat01/sites.yaml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 84489115..74eb970c 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -474,8 +474,6 @@ sites:
       - www.lejrebib.dk
       - lejrebibliotek.dk
       - www.lejrebibliotek.dk
-      - lejre.ddbcms.dk
-      - www.lejre.ddbcms.dk
     autogenerateRoutes: true
     <<: *default-release-image-source
   lolland:

From 98de2717671c715648267470890b6bbc519ef0c7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Tue, 2 Jul 2024 15:10:47 +0200
Subject: [PATCH 195/341] Deploy release 2024.27.0 to Canary

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 27e0cb94..cc8e5394 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -12,7 +12,7 @@ sites:
     description: "A site to test new releases on"
     releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
     releaseImageName: dpl-cms-source
-    dpl-cms-release: "2024.26.0"
+    dpl-cms-release: "2024.27.0"
     plan: webmaster
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIhuA0K7CNvRoe+Xx7RaXG4+a8KcSpzuWn+G4sUPzNWx"
   cms-school:

From b549c94b07d75f9bc149602447f54bae72954a39 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Fri, 21 Jun 2024 15:28:44 +0200
Subject: [PATCH 196/341] add new admin pool, and down one node

---
 infrastructure/environments/dplplat01/infrastructure/main.tf | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/infrastructure/environments/dplplat01/infrastructure/main.tf b/infrastructure/environments/dplplat01/infrastructure/main.tf
index 49f9096e..6feeab94 100644
--- a/infrastructure/environments/dplplat01/infrastructure/main.tf
+++ b/infrastructure/environments/dplplat01/infrastructure/main.tf
@@ -8,9 +8,10 @@ module "environment" {
   lagoon_domain_base = "dplplat01.dpl.reload.dk"
   random_seed        = "LahYegheePhohGeew9Fa"
   node_pools = {
-    "app3" : { min : 11, max : 15, vm: "Standard_B8ms", max_pods : 85 },
+    "app3" : { count: 10, vm: "Standard_B8ms", max_pods : 85 },
+    "admin3" : { count: 1, vm : "Standard_B8ms", role : "admin", max_pods : 85 },
     "app4" : { min : 4, max : 15, vm: "Standard_E4s_v3", max_pods : 70 },
-    "admin3" : { min : 1, max : 1, vm : "Standard_B8ms", role : "admin", max_pods : 85 },
+    "admin4" : { min : 1, max : 1, vm : "Standard_B8ms", role : "admin", max_pods : 70 },
   }
   node_pool_system_count = 2
   # We've increased this quite a bit to test performance. The ideal starting-

From 883f4a2554d1bc4d43e1f61f917dd28adf9c70c7 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Fri, 21 Jun 2024 15:56:58 +0200
Subject: [PATCH 197/341] down one more

---
 infrastructure/environments/dplplat01/infrastructure/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/infrastructure/main.tf b/infrastructure/environments/dplplat01/infrastructure/main.tf
index 6feeab94..4dbe2cc8 100644
--- a/infrastructure/environments/dplplat01/infrastructure/main.tf
+++ b/infrastructure/environments/dplplat01/infrastructure/main.tf
@@ -8,7 +8,7 @@ module "environment" {
   lagoon_domain_base = "dplplat01.dpl.reload.dk"
   random_seed        = "LahYegheePhohGeew9Fa"
   node_pools = {
-    "app3" : { count: 10, vm: "Standard_B8ms", max_pods : 85 },
+    "app3" : { count: 9, vm: "Standard_B8ms", max_pods : 85 },
     "admin3" : { count: 1, vm : "Standard_B8ms", role : "admin", max_pods : 85 },
     "app4" : { min : 4, max : 15, vm: "Standard_E4s_v3", max_pods : 70 },
     "admin4" : { min : 1, max : 1, vm : "Standard_B8ms", role : "admin", max_pods : 70 },

From 77ee71d9aa1de3930b9754c78a9662c19e495dfe Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 26 Jun 2024 12:41:27 +0200
Subject: [PATCH 198/341] down some more app3 nodes

---
 infrastructure/environments/dplplat01/infrastructure/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/infrastructure/main.tf b/infrastructure/environments/dplplat01/infrastructure/main.tf
index 4dbe2cc8..03abd515 100644
--- a/infrastructure/environments/dplplat01/infrastructure/main.tf
+++ b/infrastructure/environments/dplplat01/infrastructure/main.tf
@@ -8,7 +8,7 @@ module "environment" {
   lagoon_domain_base = "dplplat01.dpl.reload.dk"
   random_seed        = "LahYegheePhohGeew9Fa"
   node_pools = {
-    "app3" : { count: 9, vm: "Standard_B8ms", max_pods : 85 },
+    "app3" : { count: 7, vm: "Standard_B8ms", max_pods : 85 },
     "admin3" : { count: 1, vm : "Standard_B8ms", role : "admin", max_pods : 85 },
     "app4" : { min : 4, max : 15, vm: "Standard_E4s_v3", max_pods : 70 },
     "admin4" : { min : 1, max : 1, vm : "Standard_B8ms", role : "admin", max_pods : 70 },

From 95a86339d65fe7d061dd076b47e100d4fe040d28 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Tue, 2 Jul 2024 16:49:34 +0200
Subject: [PATCH 199/341] Fix node pools to actual size (Es limited by quota),
 up B8s

---
 infrastructure/environments/dplplat01/infrastructure/main.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/infrastructure/environments/dplplat01/infrastructure/main.tf b/infrastructure/environments/dplplat01/infrastructure/main.tf
index 03abd515..d32fb880 100644
--- a/infrastructure/environments/dplplat01/infrastructure/main.tf
+++ b/infrastructure/environments/dplplat01/infrastructure/main.tf
@@ -8,9 +8,9 @@ module "environment" {
   lagoon_domain_base = "dplplat01.dpl.reload.dk"
   random_seed        = "LahYegheePhohGeew9Fa"
   node_pools = {
-    "app3" : { count: 7, vm: "Standard_B8ms", max_pods : 85 },
+    "app3" : { count: 8, vm: "Standard_B8ms", max_pods : 85 },
     "admin3" : { count: 1, vm : "Standard_B8ms", role : "admin", max_pods : 85 },
-    "app4" : { min : 4, max : 15, vm: "Standard_E4s_v3", max_pods : 70 },
+    "app4" : { min : 4, max : 4, vm: "Standard_E4s_v3", max_pods : 70 },
     "admin4" : { min : 1, max : 1, vm : "Standard_B8ms", role : "admin", max_pods : 70 },
   }
   node_pool_system_count = 2

From b407b4742402d1ca97b65eb24bafd76821bdad53 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Tue, 2 Jul 2024 19:06:37 +0200
Subject: [PATCH 200/341] Bump release to 2024.27.1 on Canary

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index cc8e5394..24ff32e6 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -12,7 +12,7 @@ sites:
     description: "A site to test new releases on"
     releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
     releaseImageName: dpl-cms-source
-    dpl-cms-release: "2024.27.0"
+    dpl-cms-release: "2024.27.1"
     plan: webmaster
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIhuA0K7CNvRoe+Xx7RaXG4+a8KcSpzuWn+G4sUPzNWx"
   cms-school:

From 3469634d557ee93f8de0a273691e2279d30e59bf Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Wed, 3 Jul 2024 12:15:34 +0200
Subject: [PATCH 201/341] Roll out 2024.27.1 on all sites

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 5d3145ce..9c3669c4 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -2,7 +2,7 @@
 x-defaults: &default-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
-  dpl-cms-release: "2024.26.0"
+  dpl-cms-release: "2024.27.1"
 sites:
   # Site objects are indexed by a unique key that must be a valid lagoon, and
   # github project name. That is, alphanumeric and dashes.

From fa70109f692305f808d3037c5e05789fdb477f4a Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Wed, 3 Jul 2024 12:16:18 +0200
Subject: [PATCH 202/341] Add site bibliotek-test for library testing

---
 infrastructure/environments/dplplat01/sites.yaml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 9c3669c4..85a08a53 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -22,6 +22,13 @@ sites:
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6SzfPFf/XeLeqI342kxuJAlATpDMtgAfqlrLTTbW2m"
     plan: webmaster
     <<: *default-release-image-source
+  bibliotek-test:
+    name: "Bibliotekstest"
+    description: "Et site hvor bibliotekerne kan teste"
+    importTranslationsCron: "0 * * * *"
+    deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6SzfPFf/XeLeqI342kxuJAlATpDMtgAfqlrLTTbW2m"
+    plan: webmaster
+    <<: *default-release-image-source
   customizable-canary:
     name: "Customizable bibliotek - eksempel"
     description: "Eksempel på bibliotek der kører på 'webmaster' plan, og derfor har et modultest-miljø"

From 1e263bb6d6cfca9b2c4f842cbea418e290348a99 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Wed, 3 Jul 2024 12:33:05 +0200
Subject: [PATCH 203/341] Remove deploy key invalid for bibliotekstest (was
 copied from cms-school)

---
 infrastructure/environments/dplplat01/sites.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 85a08a53..92dad71a 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -26,7 +26,6 @@ sites:
     name: "Bibliotekstest"
     description: "Et site hvor bibliotekerne kan teste"
     importTranslationsCron: "0 * * * *"
-    deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6SzfPFf/XeLeqI342kxuJAlATpDMtgAfqlrLTTbW2m"
     plan: webmaster
     <<: *default-release-image-source
   customizable-canary:

From dd89a469f137148889d923de6dfd6b0893bfb501 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Wed, 3 Jul 2024 16:27:33 +0200
Subject: [PATCH 204/341] Refactor incomplete deployments task

Fetch deployment status for all projects in a single GraphQL query.
This should be much more efficient compared to listing all projects
and then retrieving the deployment status for each of them.
---
 infrastructure/Taskfile.yml | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index 827bba3f..de96cbae 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -1046,10 +1046,18 @@ tasks:
         Gets the latest deployment for each production environment and prints its status if it is *not* complete.
       cmds:
         - |
-          lagoon list projects --output-json \
-            | jq -r '.data[].projectname'  \
-            | while read -r projectname; do echo "$projectname: $(lagoon list deployments -e main -p $projectname --output-json | jq '.data[0].status')"; done \
-            | grep -v "complete"
+          lagoon raw --raw "query allProjects {
+            allProjects {
+            name
+              environments(type: PRODUCTION) {
+                name
+                deployments(limit: 1) {
+                  status
+                  created
+                }
+              }
+            }
+          }" | jq -r '.allProjects[] | .name as $name | .environments[].deployments[] | select(.status != "complete") | ($name) + ": " + (.status)' 
 
     sites:grep-in-deploy-log:
       desc: |

From 6fe3ad2850f07f94cb216743e78c1c81f8d4460e Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Wed, 3 Jul 2024 21:48:50 +0200
Subject: [PATCH 205/341] Update to larger database, already executed in UI

---
 .../terraform/modules/dpl-platform-environment/variables.tf     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/terraform/modules/dpl-platform-environment/variables.tf b/infrastructure/terraform/modules/dpl-platform-environment/variables.tf
index 9ab322fe..9faaafc7 100644
--- a/infrastructure/terraform/modules/dpl-platform-environment/variables.tf
+++ b/infrastructure/terraform/modules/dpl-platform-environment/variables.tf
@@ -57,7 +57,7 @@ variable "random_seed" {
 variable "sql_sku" {
   description = "The SKU used for MariaDB"
   type        = string
-  default     = "GP_Gen5_2"
+  default     = "GP_Gen5_4"
 }
 
 variable "sql_version" {

From 87d4be9e4bc5f7bf8bf925bf47f84be6f00d5b61 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Wed, 3 Jul 2024 21:49:15 +0200
Subject: [PATCH 206/341] Remove admin4 pool, scale down app3 and scale up app4

---
 .../environments/dplplat01/infrastructure/main.tf          | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/infrastructure/environments/dplplat01/infrastructure/main.tf b/infrastructure/environments/dplplat01/infrastructure/main.tf
index d32fb880..bc9faf9b 100644
--- a/infrastructure/environments/dplplat01/infrastructure/main.tf
+++ b/infrastructure/environments/dplplat01/infrastructure/main.tf
@@ -8,10 +8,9 @@ module "environment" {
   lagoon_domain_base = "dplplat01.dpl.reload.dk"
   random_seed        = "LahYegheePhohGeew9Fa"
   node_pools = {
-    "app3" : { count: 8, vm: "Standard_B8ms", max_pods : 85 },
-    "admin3" : { count: 1, vm : "Standard_B8ms", role : "admin", max_pods : 85 },
-    "app4" : { min : 4, max : 4, vm: "Standard_E4s_v3", max_pods : 70 },
-    "admin4" : { min : 1, max : 1, vm : "Standard_B8ms", role : "admin", max_pods : 70 },
+    "app3" : { count: 0, vm: "Standard_B8ms", max_pods : 85 },
+    "app4" : { min : 7, max : 20, vm: "Standard_E4s_v3", max_pods : 70 },
+    "admin5" : { count: 1, vm: "Standard_E4s_v3", max_pods: 70 },
   }
   node_pool_system_count = 2
   # We've increased this quite a bit to test performance. The ideal starting-

From 276faf43c256ded15fc73bdbe34e9774bc29fa83 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Wed, 3 Jul 2024 21:58:11 +0200
Subject: [PATCH 207/341] Set AKS SLA tier to Standard instead of Free - gives
 us some uptime support

---
 infrastructure/terraform/modules/dpl-platform-environment/aks.tf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/infrastructure/terraform/modules/dpl-platform-environment/aks.tf b/infrastructure/terraform/modules/dpl-platform-environment/aks.tf
index bf463690..114c751a 100644
--- a/infrastructure/terraform/modules/dpl-platform-environment/aks.tf
+++ b/infrastructure/terraform/modules/dpl-platform-environment/aks.tf
@@ -1,6 +1,7 @@
 # Setup a single cluster in a single availabillity zone.
 resource "azurerm_kubernetes_cluster" "cluster" {
   name                = "aks-${var.environment_name}-01"
+  sku_tier            = "Standard"
   location            = var.location
   resource_group_name = azurerm_resource_group.rg.name
   dns_prefix          = var.environment_name

From b3c8dbd49aca7d76e51d37c30cfcace8bbb0626c Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Wed, 3 Jul 2024 21:58:22 +0200
Subject: [PATCH 208/341] Remove scaled down app3

---
 infrastructure/environments/dplplat01/infrastructure/main.tf | 1 -
 1 file changed, 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/infrastructure/main.tf b/infrastructure/environments/dplplat01/infrastructure/main.tf
index bc9faf9b..47b35819 100644
--- a/infrastructure/environments/dplplat01/infrastructure/main.tf
+++ b/infrastructure/environments/dplplat01/infrastructure/main.tf
@@ -8,7 +8,6 @@ module "environment" {
   lagoon_domain_base = "dplplat01.dpl.reload.dk"
   random_seed        = "LahYegheePhohGeew9Fa"
   node_pools = {
-    "app3" : { count: 0, vm: "Standard_B8ms", max_pods : 85 },
     "app4" : { min : 7, max : 20, vm: "Standard_E4s_v3", max_pods : 70 },
     "admin5" : { count: 1, vm: "Standard_E4s_v3", max_pods: 70 },
   }

From b5aa171a9d6d7371b8625a9969d3e064b3e43c59 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Wed, 3 Jul 2024 21:59:18 +0200
Subject: [PATCH 209/341] Terraform linting

---
 infrastructure/environments/dplplat01/infrastructure/main.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/infrastructure/environments/dplplat01/infrastructure/main.tf b/infrastructure/environments/dplplat01/infrastructure/main.tf
index 47b35819..c6979563 100644
--- a/infrastructure/environments/dplplat01/infrastructure/main.tf
+++ b/infrastructure/environments/dplplat01/infrastructure/main.tf
@@ -8,8 +8,8 @@ module "environment" {
   lagoon_domain_base = "dplplat01.dpl.reload.dk"
   random_seed        = "LahYegheePhohGeew9Fa"
   node_pools = {
-    "app4" : { min : 7, max : 20, vm: "Standard_E4s_v3", max_pods : 70 },
-    "admin5" : { count: 1, vm: "Standard_E4s_v3", max_pods: 70 },
+    "app4" : { min : 7, max : 20, vm : "Standard_E4s_v3", max_pods : 70 },
+    "admin5" : { count : 1, vm : "Standard_E4s_v3", max_pods : 70 },
   }
   node_pool_system_count = 2
   # We've increased this quite a bit to test performance. The ideal starting-

From e9575948c94273d2ee08a4e7ed059bbb7288412e Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Wed, 3 Jul 2024 21:59:46 +0200
Subject: [PATCH 210/341] Support passing options to infra:provision task, so
 we can set `-refresh=false` when updating many times in a row

---
 infrastructure/Taskfile.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index 827bba3f..d658de96 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -78,7 +78,7 @@ tasks:
         Use Terraform to provision the infrastructure for an environment.
       dir: "{{.dir_infra}}"
       cmds:
-        - terraform apply
+        - terraform apply {{.OPTIONS}}
 
     infra:keyvault:secret:set:
       deps: [_req_env, _infra:terraform:init]

From 32c828b64be0343132789fd017a467d63a04854f Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Thu, 4 Jul 2024 11:57:05 +0200
Subject: [PATCH 211/341] Move to different admin pool that is correctly tagged
 for admin workloads

---
 infrastructure/environments/dplplat01/infrastructure/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/infrastructure/main.tf b/infrastructure/environments/dplplat01/infrastructure/main.tf
index c6979563..32621838 100644
--- a/infrastructure/environments/dplplat01/infrastructure/main.tf
+++ b/infrastructure/environments/dplplat01/infrastructure/main.tf
@@ -9,7 +9,7 @@ module "environment" {
   random_seed        = "LahYegheePhohGeew9Fa"
   node_pools = {
     "app4" : { min : 7, max : 20, vm : "Standard_E4s_v3", max_pods : 70 },
-    "admin5" : { count : 1, vm : "Standard_E4s_v3", max_pods : 70 },
+    "admin6": { count : 1, vm : "Standard_E4s_v3", role: "admin", max_pods : 60, },
   }
   node_pool_system_count = 2
   # We've increased this quite a bit to test performance. The ideal starting-

From aeaf0ea62cd6e5972210d3d7bf6fdd935e797125 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Thu, 4 Jul 2024 13:24:27 +0200
Subject: [PATCH 212/341] Terraform lint

---
 infrastructure/environments/dplplat01/infrastructure/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/infrastructure/main.tf b/infrastructure/environments/dplplat01/infrastructure/main.tf
index 32621838..474ac1b2 100644
--- a/infrastructure/environments/dplplat01/infrastructure/main.tf
+++ b/infrastructure/environments/dplplat01/infrastructure/main.tf
@@ -9,7 +9,7 @@ module "environment" {
   random_seed        = "LahYegheePhohGeew9Fa"
   node_pools = {
     "app4" : { min : 7, max : 20, vm : "Standard_E4s_v3", max_pods : 70 },
-    "admin6": { count : 1, vm : "Standard_E4s_v3", role: "admin", max_pods : 60, },
+    "admin6": { count : 1, vm : "Standard_E4s_v3", role : "admin", max_pods : 60, },
   }
   node_pool_system_count = 2
   # We've increased this quite a bit to test performance. The ideal starting-

From e13349cd3c7bc16b285825453bda12799553c507 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 9 Jul 2024 04:46:32 +0000
Subject: [PATCH 213/341] Bump azure-cli from 2.61.0 to 2.62.0 in /tools/dplsh

Bumps azure-cli from 2.61.0 to 2.62.0.

---
updated-dependencies:
- dependency-name: azure-cli
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 tools/dplsh/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/dplsh/Dockerfile b/tools/dplsh/Dockerfile
index 5f0cf31e..14a97d6c 100644
--- a/tools/dplsh/Dockerfile
+++ b/tools/dplsh/Dockerfile
@@ -10,7 +10,7 @@ FROM hashicorp/terraform:1.7.3 as terraform
 # We use the official azure cli as a base-image. It is itself based on alpine
 # and is quite minimal.
 # https://mcr.microsoft.com/v2/azure-cli/tags/list
-FROM mcr.microsoft.com/azure-cli:2.61.0
+FROM mcr.microsoft.com/azure-cli:2.62.0
 
 # See https://github.com/go-task/task/releases
 ARG TASK_VERSION=v3.36.0

From ee3558852540efd53479ec17c64aac7773df34a9 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Mon, 8 Jul 2024 16:30:55 +0200
Subject: [PATCH 214/341] add cron-jobs to moduletest

---
 .../dpladm/env-repo-template/standard/.lagoon.yml  | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/infrastructure/dpladm/env-repo-template/standard/.lagoon.yml b/infrastructure/dpladm/env-repo-template/standard/.lagoon.yml
index 3a636b93..41aa3d2d 100644
--- a/infrastructure/dpladm/env-repo-template/standard/.lagoon.yml
+++ b/infrastructure/dpladm/env-repo-template/standard/.lagoon.yml
@@ -75,6 +75,20 @@ $SECONDARY_DOMAINS
         schedule: "${IMPORT_TRANSLATIONS_CRON}"
         command: drush dpl_po:import-remote-config-po da https://danskernesdigitalebibliotek.github.io/dpl-cms/translations/da.config.po
         service: cli
+  moduletest:
+    cronjobs:
+      - name: drush cron
+        schedule: "M/15 * * * *"
+        command: drush cron
+        service: cli
+      - name: import translations
+        schedule: "${IMPORT_TRANSLATIONS_CRON}"
+        command: drush locale-check && drush locale-update
+        service: cli
+      - name: import danish config translations
+        schedule: "${IMPORT_TRANSLATIONS_CRON}"
+        command: drush dpl_po:import-remote-config-po da https://danskernesdigitalebibliotek.github.io/dpl-cms/translations/da.config.po
+        service: cli
 
 container-registries:
   github:

From 9002ac7d63ed8378dc66ee5d10685acf757196ae Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Wed, 10 Jul 2024 13:04:18 +0200
Subject: [PATCH 215/341] Update node pool sizes, grow a little

---
 infrastructure/environments/dplplat01/infrastructure/main.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/infrastructure/environments/dplplat01/infrastructure/main.tf b/infrastructure/environments/dplplat01/infrastructure/main.tf
index 474ac1b2..47a10798 100644
--- a/infrastructure/environments/dplplat01/infrastructure/main.tf
+++ b/infrastructure/environments/dplplat01/infrastructure/main.tf
@@ -8,10 +8,10 @@ module "environment" {
   lagoon_domain_base = "dplplat01.dpl.reload.dk"
   random_seed        = "LahYegheePhohGeew9Fa"
   node_pools = {
-    "app4" : { min : 7, max : 20, vm : "Standard_E4s_v3", max_pods : 70 },
+    "app4" : { min : 11, max : 20, vm : "Standard_E4s_v3", max_pods : 70 },
     "admin6": { count : 1, vm : "Standard_E4s_v3", role : "admin", max_pods : 60, },
   }
-  node_pool_system_count = 2
+  node_pool_system_count = 3
   # We've increased this quite a bit to test performance. The ideal starting-
   # point seems to be in the range 102400 - 204800 to get enough IOPS to
   # maintain performance during a Drupal site-install.

From ddd6a0c11bddf91f9389e58d72c1e40305b6f8c8 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Wed, 10 Jul 2024 15:00:41 +0200
Subject: [PATCH 216/341] Update to aks 1.28.9

---
 infrastructure/environments/dplplat01/infrastructure/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/infrastructure/main.tf b/infrastructure/environments/dplplat01/infrastructure/main.tf
index 47a10798..0b4816c0 100644
--- a/infrastructure/environments/dplplat01/infrastructure/main.tf
+++ b/infrastructure/environments/dplplat01/infrastructure/main.tf
@@ -18,7 +18,7 @@ module "environment" {
   # When copying this value, consider leaving it out and falling back to the
   # default of 102400.
   sql_storage_mb        = 409600
-  control_plane_version = "1.27.9"
+  control_plane_version = "1.28.9"
 }
 
 # Outputs, for values that comes straight from the dpl-platform-environment

From f3f631eee11be5e8d1b3688066b57814e65e4ba3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Wed, 10 Jul 2024 16:09:23 +0200
Subject: [PATCH 217/341] Deploy 2024.28.0 to canary

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 92dad71a..74660333 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -12,7 +12,7 @@ sites:
     description: "A site to test new releases on"
     releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
     releaseImageName: dpl-cms-source
-    dpl-cms-release: "2024.27.1"
+    dpl-cms-release: "2024.28.0"
     plan: webmaster
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIhuA0K7CNvRoe+Xx7RaXG4+a8KcSpzuWn+G4sUPzNWx"
   cms-school:

From 670f6a5113852ef8faeaadaaaa23b437a15903a1 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 10 Jul 2024 16:15:40 +0200
Subject: [PATCH 218/341] add deploy key and remove a url

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 92dad71a..e36dbed8 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -27,6 +27,7 @@ sites:
     description: "Et site hvor bibliotekerne kan teste"
     importTranslationsCron: "0 * * * *"
     plan: webmaster
+    deploy_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHvhy79hHjLcQJCcMNwci1Q/P/O2LwD4IzBVfkmRGKom
     <<: *default-release-image-source
   customizable-canary:
     name: "Customizable bibliotek - eksempel"
@@ -253,7 +254,6 @@ sites:
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMjwn5wHT3u7AIfYN0FMPtxidi+vUmcE1cZpWeg1pPm9"
     primary-domain: www.grevebibliotek.dk
     secondary-domains:
-      - grevebibliotek.dk
       - grevebib.dk
       - www.grevebib.dk
     autogenerateRoutes: true

From a5c1c542421a288cfc14f853d533e6a6c98c0176 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Wed, 10 Jul 2024 16:22:07 +0200
Subject: [PATCH 219/341] Lower max builds concurrent in lagoon to 5

---
 .../dplplat01/lagoon/lagoon-remote-values.template.yaml         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/lagoon/lagoon-remote-values.template.yaml b/infrastructure/environments/dplplat01/lagoon/lagoon-remote-values.template.yaml
index 10e6a586..4423f816 100644
--- a/infrastructure/environments/dplplat01/lagoon/lagoon-remote-values.template.yaml
+++ b/infrastructure/environments/dplplat01/lagoon/lagoon-remote-values.template.yaml
@@ -8,7 +8,7 @@ lagoon-build-deploy:
     - "--harbor-username=admin"
     - "--harbor-password=$HARBOR_ADMIN_PASS"
     - "--enable-qos"
-    - "--qos-max-builds=15"
+    - "--qos-max-builds=5"
   rabbitMQUsername: "lagoon"
   rabbitMQPassword: "$RABBITMQ_PASS"
   rabbitMQHostname: "lagoon-core-broker.lagoon-core.svc.cluster.local"

From 110046aab7d6b92c1116ffe6abd321b7ea25a118 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Thu, 11 Jul 2024 12:35:12 +0200
Subject: [PATCH 220/341] Set 2024.28.0 as next release

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 8158296d..88f09759 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -3,6 +3,10 @@ x-defaults: &default-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
   dpl-cms-release: "2024.27.1"
+x-next: &next-release-image-source
+  releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
+  releaseImageName: dpl-cms-source
+  dpl-cms-release: "2024.28.0"
 sites:
   # Site objects are indexed by a unique key that must be a valid lagoon, and
   # github project name. That is, alphanumeric and dashes.

From 82a1ca03950daab5c2718984652548a78e518427 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Thu, 11 Jul 2024 12:35:31 +0200
Subject: [PATCH 221/341] Deploy next release to a select few sites

---
 infrastructure/environments/dplplat01/sites.yaml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 88f09759..bd61b459 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -782,7 +782,7 @@ sites:
     secondary-domains:
       - www.vejbib.dk
     autogenerateRoutes: true
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   vejle:
     name: "Vejle Bibliotekerne"
     description: "The library site for Vejle"
@@ -791,7 +791,7 @@ sites:
     secondary-domains:
       - www.vejlebib.dk
     autogenerateRoutes: true
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   vesthimmerland:
     name: "Vesthimmerlands Biblioteker"
     description: "The library site for Vesthimmerland"
@@ -800,7 +800,7 @@ sites:
     secondary-domains:
       - "vhbib.dk"
     autogenerateRoutes: "redirect"
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   viborg:
     name: "Viborg Bibliotekerne"
     description: "The library site for Viborg"
@@ -809,7 +809,7 @@ sites:
     secondary-domains:
       - www.viborgbib.dk
     autogenerateRoutes: true
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   vordingborg:
     name: "Vordingborg Bibliotekerne"
     description: "The library site for Vordingborg"
@@ -818,4 +818,4 @@ sites:
     secondary-domains:
       - vordingborgbibliotekerne.dk
     autogenerateRoutes: true
-    <<: *default-release-image-source
+    <<: *next-release-image-source

From 059108b1fffd04fc816b967a5d9f33720a857fe2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Thu, 11 Jul 2024 13:59:57 +0200
Subject: [PATCH 222/341] Define new release image for webmaster sites

We may want to upgrade these separately from other sites.

This is the result of defining a new release image with the current
version and changing all sites with plan: webmaster to use this
release.
---
 infrastructure/environments/dplplat01/sites.yaml | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index bd61b459..244c7e52 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -3,6 +3,10 @@ x-defaults: &default-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
   dpl-cms-release: "2024.27.1"
+x-webmaster: &webmaster-release-image-source
+  releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
+  releaseImageName: dpl-cms-source
+  dpl-cms-release: "2024.27.1"
 x-next: &next-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
@@ -58,13 +62,13 @@ sites:
       - aalborgbibliotekerne.dk
     autogenerateRoutes: "redirect"
     plan: webmaster
-    <<: *default-release-image-source
+    <<: *webmaster-release-image-source
   aarhus:
     name: "Aarhus Kommunes Biblioteker"
     description: "The library site for Aarhus"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFL+uMeEfsaHEzbNxOmBB8dX32OLo63CTomG8VZvuiN2"
     plan: webmaster
-    <<: *default-release-image-source
+    <<: *webmaster-release-image-source
   aero:
     name: "Ærø Folkebibliotek"
     description: "The library site for Ærø"
@@ -184,7 +188,7 @@ sites:
       - "faxebibliotek.dk"
     autogenerateRoutes: true
     plan: webmaster
-    <<: *default-release-image-source
+    <<: *webmaster-release-image-source
   fredensborg:
     name: "Fredensborg Bibliotekerne"
     description: "The library site for Fredensborg"
@@ -322,7 +326,7 @@ sites:
       - herningbib.dk
     autogenerateRoutes: true
     plan: webmaster
-    <<: *default-release-image-source
+    <<: *webmaster-release-image-source
   hillerod:
     name: "Hillerød Bibliotekerne"
     description: "The library site for Hillerød"
@@ -440,7 +444,7 @@ sites:
       - varnish.main.kobenhavn.dplplat01.dpl.reload.dk
     plan: webmaster
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHaTkDvjLW/b2qVj8FIvtX9x3TxFFZTENn+w2CFELeoC"
-    <<: *default-release-image-source
+    <<: *webmaster-release-image-source
   koge:
     name: "KøgeBibliotekerne"
     description: "The library site for Køge"
@@ -748,7 +752,7 @@ sites:
     secondary-domains:
       - www.taarnbybib.dk
     autogenerateRoutes: true
-    <<: *default-release-image-source
+    <<: *webmaster-release-image-source
   thisted:
     name: "Biblioteket i Thy"
     description: "The library site for Thisted"

From 68fc6dc8015710a07d426731e27b2a29e95a957b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Thu, 11 Jul 2024 14:00:43 +0200
Subject: [PATCH 223/341] Deploy release 2024.28.0 to remaining non-webmaster
 sites

---
 infrastructure/environments/dplplat01/sites.yaml | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 244c7e52..84fe05a4 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -2,15 +2,11 @@
 x-defaults: &default-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
-  dpl-cms-release: "2024.27.1"
+  dpl-cms-release: "2024.28.0"
 x-webmaster: &webmaster-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
   dpl-cms-release: "2024.27.1"
-x-next: &next-release-image-source
-  releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
-  releaseImageName: dpl-cms-source
-  dpl-cms-release: "2024.28.0"
 sites:
   # Site objects are indexed by a unique key that must be a valid lagoon, and
   # github project name. That is, alphanumeric and dashes.
@@ -786,7 +782,7 @@ sites:
     secondary-domains:
       - www.vejbib.dk
     autogenerateRoutes: true
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   vejle:
     name: "Vejle Bibliotekerne"
     description: "The library site for Vejle"
@@ -795,7 +791,7 @@ sites:
     secondary-domains:
       - www.vejlebib.dk
     autogenerateRoutes: true
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   vesthimmerland:
     name: "Vesthimmerlands Biblioteker"
     description: "The library site for Vesthimmerland"
@@ -804,7 +800,7 @@ sites:
     secondary-domains:
       - "vhbib.dk"
     autogenerateRoutes: "redirect"
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   viborg:
     name: "Viborg Bibliotekerne"
     description: "The library site for Viborg"
@@ -813,7 +809,7 @@ sites:
     secondary-domains:
       - www.viborgbib.dk
     autogenerateRoutes: true
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   vordingborg:
     name: "Vordingborg Bibliotekerne"
     description: "The library site for Vordingborg"
@@ -822,4 +818,4 @@ sites:
     secondary-domains:
       - vordingborgbibliotekerne.dk
     autogenerateRoutes: true
-    <<: *next-release-image-source
+    <<: *default-release-image-source

From 96cb383b81d119e626c130d50781da7c07dbedf1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Thu, 11 Jul 2024 15:05:08 +0200
Subject: [PATCH 224/341] Deploy 2024.28.0 to all webmaster sites

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 84fe05a4..2e116490 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -6,7 +6,7 @@ x-defaults: &default-release-image-source
 x-webmaster: &webmaster-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
-  dpl-cms-release: "2024.27.1"
+  dpl-cms-release: "2024.28.0"
 sites:
   # Site objects are indexed by a unique key that must be a valid lagoon, and
   # github project name. That is, alphanumeric and dashes.

From 7210f9b3e56c5b6e3ca7e73a4aeb9784c30ef530 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 15 Jul 2024 04:52:33 +0000
Subject: [PATCH 225/341] Bump alpine/helm from 3.14.1 to 3.15.3 in
 /tools/dplsh

Bumps alpine/helm from 3.14.1 to 3.15.3.

---
updated-dependencies:
- dependency-name: alpine/helm
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 tools/dplsh/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/dplsh/Dockerfile b/tools/dplsh/Dockerfile
index 58f3dd28..a2027758 100644
--- a/tools/dplsh/Dockerfile
+++ b/tools/dplsh/Dockerfile
@@ -2,7 +2,7 @@ ARG DPLSH_BUILD_VERSION=latest
 
 # Use an intermediate images as a way to have dependabot track our dependency
 # https://hub.docker.com/r/alpine/helm/tags?page=1&ordering=last_updated
-FROM alpine/helm:3.14.1 as helm
+FROM alpine/helm:3.15.3 as helm
 
 # https://hub.docker.com/r/hashicorp/terraform/tags?page=1&ordering=last_updated
 FROM hashicorp/terraform:1.9.0 as terraform

From 5a33108529ceed33162303f84e410f4229eaa9a2 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Thu, 13 Jun 2024 11:49:54 +0200
Subject: [PATCH 226/341] initial take on a runbook for updating and releasing
 a new version of dplsh

---
 .../changing-and-releasing-new-dplsh-version.md  | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 docs/runbooks/changing-and-releasing-new-dplsh-version.md

diff --git a/docs/runbooks/changing-and-releasing-new-dplsh-version.md b/docs/runbooks/changing-and-releasing-new-dplsh-version.md
new file mode 100644
index 00000000..f0fe2e9e
--- /dev/null
+++ b/docs/runbooks/changing-and-releasing-new-dplsh-version.md
@@ -0,0 +1,16 @@
+# Make changes to DPLSH
+## When to use
+When for example the `kubectl` version need updating
+
+## Make the change
+
+1. Go to the DPLSH directory and make the necessary changes on a new branch
+2. Build DPLSH locally by running `IMAGE_URL=dplsh IMAGE_TAG=someTagName task build`
+3. Test that it works by running `DPLSH_IMAGE=dplsh:local ./dplsh` and running what ever commands need to be run to test that the change has the desired effect
+4. Check what version DPLSH is at here: https://github.com/danskernesdigitalebibliotek/dpl-platform/releases
+5. Push the branch, have it review and merge it into `main`
+6. Push a new tag to `main`. The tag should look like this: `dplsh-x.x.x`. (If in doubt about what version to bump to; read this: https://semver.org/)
+7. Wait for main to automically build and release the new version
+8. Go to your main branch, enter the `/infrastructure` directory and run `../tools/dplsh/dplsh.sh --update`.
+
+You are done and have the newest version of DPLSH on your machine.

From 9322912e2db7bac9d641c6273249bc01cb910bdb Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Mon, 15 Jul 2024 09:52:37 +0200
Subject: [PATCH 227/341] as requested

---
 docs/runbooks/changing-and-releasing-new-dplsh-version.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/runbooks/changing-and-releasing-new-dplsh-version.md b/docs/runbooks/changing-and-releasing-new-dplsh-version.md
index f0fe2e9e..1a10eb6d 100644
--- a/docs/runbooks/changing-and-releasing-new-dplsh-version.md
+++ b/docs/runbooks/changing-and-releasing-new-dplsh-version.md
@@ -1,6 +1,6 @@
 # Make changes to DPLSH
 ## When to use
-When for example the `kubectl` version need updating
+When for example the `kubectl` or other dependencies needs updating
 
 ## Make the change
 

From 0fc0fa709b8e059484faf2ce49deb4ffa9923d74 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Mon, 15 Jul 2024 09:53:43 +0200
Subject: [PATCH 228/341] remove new line

---
 docs/runbooks/changing-and-releasing-new-dplsh-version.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/docs/runbooks/changing-and-releasing-new-dplsh-version.md b/docs/runbooks/changing-and-releasing-new-dplsh-version.md
index 1a10eb6d..2ec5852b 100644
--- a/docs/runbooks/changing-and-releasing-new-dplsh-version.md
+++ b/docs/runbooks/changing-and-releasing-new-dplsh-version.md
@@ -3,7 +3,6 @@
 When for example the `kubectl` or other dependencies needs updating
 
 ## Make the change
-
 1. Go to the DPLSH directory and make the necessary changes on a new branch
 2. Build DPLSH locally by running `IMAGE_URL=dplsh IMAGE_TAG=someTagName task build`
 3. Test that it works by running `DPLSH_IMAGE=dplsh:local ./dplsh` and running what ever commands need to be run to test that the change has the desired effect

From 5e44e2d91628bf11a8c02b6acd66dd358d686011 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Mon, 15 Jul 2024 09:55:26 +0200
Subject: [PATCH 229/341] heading should be surrounded by empty lines

---
 docs/runbooks/changing-and-releasing-new-dplsh-version.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docs/runbooks/changing-and-releasing-new-dplsh-version.md b/docs/runbooks/changing-and-releasing-new-dplsh-version.md
index 2ec5852b..be9de4f1 100644
--- a/docs/runbooks/changing-and-releasing-new-dplsh-version.md
+++ b/docs/runbooks/changing-and-releasing-new-dplsh-version.md
@@ -1,8 +1,11 @@
 # Make changes to DPLSH
+
 ## When to use
+
 When for example the `kubectl` or other dependencies needs updating
 
 ## Make the change
+
 1. Go to the DPLSH directory and make the necessary changes on a new branch
 2. Build DPLSH locally by running `IMAGE_URL=dplsh IMAGE_TAG=someTagName task build`
 3. Test that it works by running `DPLSH_IMAGE=dplsh:local ./dplsh` and running what ever commands need to be run to test that the change has the desired effect

From e1262c64957bc9f58db556b0fa6ad736c8ca04ff Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Mon, 15 Jul 2024 09:58:15 +0200
Subject: [PATCH 230/341] lines must not exceed 80 charachters

---
 .../changing-and-releasing-new-dplsh-version.md   | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/docs/runbooks/changing-and-releasing-new-dplsh-version.md b/docs/runbooks/changing-and-releasing-new-dplsh-version.md
index be9de4f1..84019422 100644
--- a/docs/runbooks/changing-and-releasing-new-dplsh-version.md
+++ b/docs/runbooks/changing-and-releasing-new-dplsh-version.md
@@ -7,12 +7,17 @@ When for example the `kubectl` or other dependencies needs updating
 ## Make the change
 
 1. Go to the DPLSH directory and make the necessary changes on a new branch
-2. Build DPLSH locally by running `IMAGE_URL=dplsh IMAGE_TAG=someTagName task build`
-3. Test that it works by running `DPLSH_IMAGE=dplsh:local ./dplsh` and running what ever commands need to be run to test that the change has the desired effect
-4. Check what version DPLSH is at here: https://github.com/danskernesdigitalebibliotek/dpl-platform/releases
+2. Build DPLSH locally by running `IMAGE_URL=dplsh IMAGE_TAG=someTagName
+  task build`
+3. Test that it works by running `DPLSH_IMAGE=dplsh:local ./dplsh` and running
+    what ever commands need to be run to test that the change has the desired effect
+4. Check what version DPLSH is at here:
+    https://github.com/danskernesdigitalebibliotek/dpl-platform/releases
 5. Push the branch, have it review and merge it into `main`
-6. Push a new tag to `main`. The tag should look like this: `dplsh-x.x.x`. (If in doubt about what version to bump to; read this: https://semver.org/)
+6. Push a new tag to `main`. The tag should look like this: `dplsh-x.x.x`.
+    (If in doubt about what version to bump to; read this: https://semver.org/)
 7. Wait for main to automically build and release the new version
-8. Go to your main branch, enter the `/infrastructure` directory and run `../tools/dplsh/dplsh.sh --update`.
+8. Go to your main branch, enter the `/infrastructure` directory and
+    run `../tools/dplsh/dplsh.sh --update`.
 
 You are done and have the newest version of DPLSH on your machine.

From 12341c1a4675b270b8dd3df273a5c57e57d71184 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Mon, 15 Jul 2024 10:01:04 +0200
Subject: [PATCH 231/341] no bare urls

---
 docs/runbooks/changing-and-releasing-new-dplsh-version.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/runbooks/changing-and-releasing-new-dplsh-version.md b/docs/runbooks/changing-and-releasing-new-dplsh-version.md
index 84019422..1b8f8bfc 100644
--- a/docs/runbooks/changing-and-releasing-new-dplsh-version.md
+++ b/docs/runbooks/changing-and-releasing-new-dplsh-version.md
@@ -12,10 +12,10 @@ When for example the `kubectl` or other dependencies needs updating
 3. Test that it works by running `DPLSH_IMAGE=dplsh:local ./dplsh` and running
     what ever commands need to be run to test that the change has the desired effect
 4. Check what version DPLSH is at here:
-    https://github.com/danskernesdigitalebibliotek/dpl-platform/releases
+    <https://github.com/danskernesdigitalebibliotek/dpl-platform/releases>
 5. Push the branch, have it review and merge it into `main`
 6. Push a new tag to `main`. The tag should look like this: `dplsh-x.x.x`.
-    (If in doubt about what version to bump to; read this: https://semver.org/)
+    (If in doubt about what version to bump to; read this: <https://semver.org/>)
 7. Wait for main to automically build and release the new version
 8. Go to your main branch, enter the `/infrastructure` directory and
     run `../tools/dplsh/dplsh.sh --update`.

From 87d0db7f12e9b305390f92f6035ebcbb01685e38 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Mon, 15 Jul 2024 15:06:52 +0200
Subject: [PATCH 232/341] Deploy release 2024.29.0 on Canary

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index bd61b459..1e72eec6 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -16,7 +16,7 @@ sites:
     description: "A site to test new releases on"
     releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
     releaseImageName: dpl-cms-source
-    dpl-cms-release: "2024.28.0"
+    dpl-cms-release: "2024.29.0"
     plan: webmaster
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIhuA0K7CNvRoe+Xx7RaXG4+a8KcSpzuWn+G4sUPzNWx"
   cms-school:

From 0496e46b3937a3cc22266774ebb2293ac20b1764 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Mon, 15 Jul 2024 22:24:37 +0200
Subject: [PATCH 233/341] Deploy release 2024.29.1 on Canary

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 1e72eec6..535cd5b5 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -16,7 +16,7 @@ sites:
     description: "A site to test new releases on"
     releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
     releaseImageName: dpl-cms-source
-    dpl-cms-release: "2024.29.0"
+    dpl-cms-release: "2024.29.1"
     plan: webmaster
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIhuA0K7CNvRoe+Xx7RaXG4+a8KcSpzuWn+G4sUPzNWx"
   cms-school:

From c49ede0a38e966ee8f340526d83efa3a1ae3c4f3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Tue, 16 Jul 2024 10:43:09 +0200
Subject: [PATCH 234/341] Create a new release for 2024.29.1

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index dc4a4aee..edd7fe2c 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -3,6 +3,10 @@ x-defaults: &default-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
   dpl-cms-release: "2024.28.0"
+x-next: &next-release-image-source
+  releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
+  releaseImageName: dpl-cms-source
+  dpl-cms-release: "2024.29.1"
 x-webmaster: &webmaster-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source

From def15ecc8f3ded873b1f08f0a036a7ab263ea2d3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Tue, 16 Jul 2024 10:46:50 +0200
Subject: [PATCH 235/341] Deploy 2024.29.1 to a few sites

---
 infrastructure/environments/dplplat01/sites.yaml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index edd7fe2c..3b589498 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -52,7 +52,7 @@ sites:
     secondary-domains:
       - aabenraabib.dk
     autogenerateRoutes: true
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   aalborg:
     name: "Aalborg Bibliotekerne"
     description: "The main library site for Aalborg"
@@ -77,12 +77,12 @@ sites:
     secondary-domains:
       - arrebib.dk
     autogenerateRoutes: true
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   albertslund:
     name: "Albertslund Bibliotek"
     description: "The library site for Albertslund"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOpbJ5Duz6d8xqIF6CMOGrJxkpcwwAeAmP2OPnuXwAQe"
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   allerod:
     name: "Allerød Biblioteker"
     description: "The library site for Allerød"
@@ -91,7 +91,7 @@ sites:
     secondary-domains:
       - bibliotek.alleroed.dk
     autogenerateRoutes: true
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   assens:
     name: "AssensBibliotekerne"
     description: "The library site for Assens"
@@ -105,7 +105,7 @@ sites:
     secondary-domains:
       - www.bib.ballerup.dk
     autogenerateRoutes: true
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   billund:
     name: "Billund Bibliotekerne og Borgerservice"
     description: "The main library site for Billund"

From a0596d70a14326d917b10faad9b58ea24f0673ab Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Tue, 16 Jul 2024 11:03:02 +0200
Subject: [PATCH 236/341] Deploy 2024.29.1 to more sites

---
 .../environments/dplplat01/sites.yaml         | 20 +++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 3b589498..94efa252 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -29,20 +29,20 @@ sites:
     importTranslationsCron: "0 * * * *"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6SzfPFf/XeLeqI342kxuJAlATpDMtgAfqlrLTTbW2m"
     plan: webmaster
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   bibliotek-test:
     name: "Bibliotekstest"
     description: "Et site hvor bibliotekerne kan teste"
     importTranslationsCron: "0 * * * *"
     plan: webmaster
     deploy_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHvhy79hHjLcQJCcMNwci1Q/P/O2LwD4IzBVfkmRGKom
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   customizable-canary:
     name: "Customizable bibliotek - eksempel"
     description: "Eksempel på bibliotek der kører på 'webmaster' plan, og derfor har et modultest-miljø"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILj8lXv7C/7s7te9sEpwcHQhgDWfzsCkAN7rqQ4sdTzk"
     plan: webmaster
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   # Production sites
   aabenraa:
     name: "Aabenraa Biblioteker og Kulturhuse"
@@ -96,7 +96,7 @@ sites:
     name: "AssensBibliotekerne"
     description: "The library site for Assens"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDrdA9FWa+mpmJ+uyMO6H3O+xIVYpdjcbodE/zS790Ee"
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   ballerup:
     name: "Ballerup Bibliotekerne"
     description: "The library site for Ballerup"
@@ -116,17 +116,17 @@ sites:
       - www.billundbibliotek.dk
     autogenerateRoutes: "redirect"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOsUy+dVkL+KxOYz8zSel7mNkcKrEnqDZPHmsU4sfMv/"
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   bornholm:
     name: "Bornholms Folkebiblioteker"
     description: "The library site for Bornholm"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIApUNh71neiuKAsO3OL4jEzxnPCXt9gvl66gDRiYLnLw"
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   brondby:
     name: "Brøndby-Bibliotekerne"
     description: "The library site for Brøndby"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICyvaCXo55aJOmlSTDQr+GXCIihWMJHhUiw4XpDrbVID"
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   bronderslev:
     name: "Brønderslev Bibliotek"
     description: "The library site for Brønderslev"
@@ -135,7 +135,7 @@ sites:
     secondary-domains:
       - bronderslevbib.dk
     autogenerateRoutes: true
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   dragor:
     name: "Dragør Bibliotek"
     description: "The library site for Dragør"
@@ -144,12 +144,12 @@ sites:
     secondary-domains:
       - drabib.dk
     autogenerateRoutes: true
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   egedal:
     name: "Egedal Bibliotekerne"
     description: "The library site for Egedal"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDCT5ZJIKWlbAYV5Fnr9Qq5WaVIuZKfcLucqTebUpXyz"
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   esbjerg:
     name: "Esbjerg Kommunes Biblioteker"
     description: "The library site for Esbjerg"

From 516b6d23080d499ba1b09103355c3f594f557938 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Tue, 16 Jul 2024 11:29:10 +0200
Subject: [PATCH 237/341] Deploy 2024.29.1 to even more sites

---
 .../environments/dplplat01/sites.yaml         | 40 +++++++++----------
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 94efa252..6654288f 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -162,12 +162,12 @@ sites:
       - esbbib.dk
       - www.esbbib.dk
     autogenerateRoutes: true
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   faaborg-midtfyn:
     name: "Faaborg-Midtfyn Bibliotekerne"
     description: "The library site for Faaborg-Midtfyn"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILKo6SAhtuZy4z708mYP3vyc6YDMmTxwme3kg+kyQoTM"
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   favrskov:
     name: "Favrskov Bibliotekerne"
     description: "The library site for Favrskov"
@@ -178,7 +178,7 @@ sites:
       - favrskovbibliotekerne.dk
       - www.favrskovbibliotekerne.dk
     autogenerateRoutes: true
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   faxe:
     name: "Faxe Kommunes Bibliotek & Borgerservice"
     description: "The library site for Faxe"
@@ -197,7 +197,7 @@ sites:
     secondary-domains:
       - fredensborgbibliotekerne.dk
     autogenerateRoutes: true
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   fredericia:
     name: "Fredericia Bibliotek"
     description: "The library site for Fredericia"
@@ -206,19 +206,19 @@ sites:
     secondary-domains:
       - www.fredericiabib.dk
     autogenerateRoutes: true
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   frederiksberg:
     name: "Biblioteket Frederiksberg"
     description: "The library site for Frederiksberg"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGatN86NGcfXHefEFAACwDVkDxob2SW+N8R+8/rANnvF"
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   frederikshavn:
     name: "Frederikshavn Kommunes Biblioteker"
     description: "The library site for Frederikshavn"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICZcYBGIGrw0aei4UFmWcNMiQ4ZbJbBR7OU7q5Bsu/lz"
     primary-domain: bibl.frederikshavn.dk
     autogenerateRoutes: true
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   frederikssund:
     name: "Frederikssund Bibliotekerne"
     description: "The library site for Frederikssund"
@@ -227,7 +227,7 @@ sites:
     secondary-domains:
       - bibliotekerne.frederikssund.dk
     autogenerateRoutes: true
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   fureso:
     name: "Furesø Bibliotek & Borgerservice"
     description: "The library site for Furesø"
@@ -236,17 +236,17 @@ sites:
     secondary-domains:
       - www.furbib.dk
     autogenerateRoutes: true
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   gentofte:
     name: "Gentofte Bibliotekerne"
     description: "The library site for Gentofte"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP3Gh74TPbjSiKTz/cJQeH3l0gLsPtgzGVpC1YezMi+D"
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   gladsaxe:
     name: "Gladsaxe Bibliotekerne"
     description: "The library site for Gladsaxe"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICAQZr2pUtpsYarlI31+J/EXr3QHomuiG5TwQJDhquYF"
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   glostrup:
     name: "Glostrup Bibliotek"
     description: "The library site for Glostrup"
@@ -255,7 +255,7 @@ sites:
     secondary-domains:
       - glostrupbib.dk
     autogenerateRoutes: true
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   greve:
     name: "Greve Bibliotek"
     description: "The library site for Greve"
@@ -265,17 +265,17 @@ sites:
       - grevebib.dk
       - www.grevebib.dk
     autogenerateRoutes: true
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   gribskov:
     name: "Gribskov Biblioteker"
     description: "The library site for Gribskov"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIK40x6Y/UvhxDaW+McgqIeY2phSuuadNxuG/FGnSY70"
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   guldborgsund:
     name: "Guldborgsund-bibliotekerne"
     description: "The library site for Guldborgsund"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFwCP4jEJTjUyPTNlOJd7dHaT63C1iox9PPWl/Ck7IJH"
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   haderslev:
     name: "Haderslev Bibliotekerne"
     description: "The library site for Haderslev"
@@ -284,7 +284,7 @@ sites:
     secondary-domains:
       - www.haderslevbibliotekerne.dk
     autogenerateRoutes: true
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   halsnaes:
     name: "Halsnæs Bibliotekerne"
     description: "The library site for Halsnæs"
@@ -293,7 +293,7 @@ sites:
     secondary-domains:
       - www.bibliotekerne.halsnaes.dk
     autogenerateRoutes: true
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   hedensted:
     name: "Hedensted Bibliotekerne"
     description: "The library site for Hedensted"
@@ -302,12 +302,12 @@ sites:
     secondary-domains:
       - www.hedenstedbib.dk
     autogenerateRoutes: true
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   helsingor:
     name: "Helsingør Kommunes Biblioteker"
     description: "The library site for Helsingør"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMjjzFRg91rY4Bsr1I8yxysk/aCk374S2rpgixONAP7a"
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   herlev:
     name: "Herlev Bibliotek"
     description: "The library site for Herlev"
@@ -316,7 +316,7 @@ sites:
       - herlevbibliotek.dk
     autogenerateRoutes: "redirect"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICsQ7blUGjtlSdPU4AV7PR21o2Eqg5IMKTCFX3PV/2Mf"
-    <<: *default-release-image-source
+    <<: *next-release-image-source
   herning:
     name: "Herning Bibliotekerne"
     description: "The main library site for Herning"

From 7cd254dd682d97dd03b95c475e8c35729139eac6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Tue, 16 Jul 2024 11:43:30 +0200
Subject: [PATCH 238/341] Deploy 2024.29.1 to all remaining sites making it the
 new default

---
 .../environments/dplplat01/sites.yaml         | 76 +++++++++----------
 1 file changed, 36 insertions(+), 40 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 6654288f..c4c210d5 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -1,16 +1,12 @@
 # Configure the source we default to when looking for release images.
 x-defaults: &default-release-image-source
-  releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
-  releaseImageName: dpl-cms-source
-  dpl-cms-release: "2024.28.0"
-x-next: &next-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
   dpl-cms-release: "2024.29.1"
 x-webmaster: &webmaster-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
-  dpl-cms-release: "2024.28.0"
+  dpl-cms-release: "2024.29.1"
 sites:
   # Site objects are indexed by a unique key that must be a valid lagoon, and
   # github project name. That is, alphanumeric and dashes.
@@ -29,20 +25,20 @@ sites:
     importTranslationsCron: "0 * * * *"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6SzfPFf/XeLeqI342kxuJAlATpDMtgAfqlrLTTbW2m"
     plan: webmaster
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   bibliotek-test:
     name: "Bibliotekstest"
     description: "Et site hvor bibliotekerne kan teste"
     importTranslationsCron: "0 * * * *"
     plan: webmaster
     deploy_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHvhy79hHjLcQJCcMNwci1Q/P/O2LwD4IzBVfkmRGKom
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   customizable-canary:
     name: "Customizable bibliotek - eksempel"
     description: "Eksempel på bibliotek der kører på 'webmaster' plan, og derfor har et modultest-miljø"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILj8lXv7C/7s7te9sEpwcHQhgDWfzsCkAN7rqQ4sdTzk"
     plan: webmaster
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   # Production sites
   aabenraa:
     name: "Aabenraa Biblioteker og Kulturhuse"
@@ -52,7 +48,7 @@ sites:
     secondary-domains:
       - aabenraabib.dk
     autogenerateRoutes: true
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   aalborg:
     name: "Aalborg Bibliotekerne"
     description: "The main library site for Aalborg"
@@ -77,12 +73,12 @@ sites:
     secondary-domains:
       - arrebib.dk
     autogenerateRoutes: true
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   albertslund:
     name: "Albertslund Bibliotek"
     description: "The library site for Albertslund"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOpbJ5Duz6d8xqIF6CMOGrJxkpcwwAeAmP2OPnuXwAQe"
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   allerod:
     name: "Allerød Biblioteker"
     description: "The library site for Allerød"
@@ -91,12 +87,12 @@ sites:
     secondary-domains:
       - bibliotek.alleroed.dk
     autogenerateRoutes: true
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   assens:
     name: "AssensBibliotekerne"
     description: "The library site for Assens"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDrdA9FWa+mpmJ+uyMO6H3O+xIVYpdjcbodE/zS790Ee"
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   ballerup:
     name: "Ballerup Bibliotekerne"
     description: "The library site for Ballerup"
@@ -105,7 +101,7 @@ sites:
     secondary-domains:
       - www.bib.ballerup.dk
     autogenerateRoutes: true
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   billund:
     name: "Billund Bibliotekerne og Borgerservice"
     description: "The main library site for Billund"
@@ -116,17 +112,17 @@ sites:
       - www.billundbibliotek.dk
     autogenerateRoutes: "redirect"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOsUy+dVkL+KxOYz8zSel7mNkcKrEnqDZPHmsU4sfMv/"
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   bornholm:
     name: "Bornholms Folkebiblioteker"
     description: "The library site for Bornholm"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIApUNh71neiuKAsO3OL4jEzxnPCXt9gvl66gDRiYLnLw"
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   brondby:
     name: "Brøndby-Bibliotekerne"
     description: "The library site for Brøndby"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICyvaCXo55aJOmlSTDQr+GXCIihWMJHhUiw4XpDrbVID"
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   bronderslev:
     name: "Brønderslev Bibliotek"
     description: "The library site for Brønderslev"
@@ -135,7 +131,7 @@ sites:
     secondary-domains:
       - bronderslevbib.dk
     autogenerateRoutes: true
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   dragor:
     name: "Dragør Bibliotek"
     description: "The library site for Dragør"
@@ -144,12 +140,12 @@ sites:
     secondary-domains:
       - drabib.dk
     autogenerateRoutes: true
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   egedal:
     name: "Egedal Bibliotekerne"
     description: "The library site for Egedal"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDCT5ZJIKWlbAYV5Fnr9Qq5WaVIuZKfcLucqTebUpXyz"
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   esbjerg:
     name: "Esbjerg Kommunes Biblioteker"
     description: "The library site for Esbjerg"
@@ -162,12 +158,12 @@ sites:
       - esbbib.dk
       - www.esbbib.dk
     autogenerateRoutes: true
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   faaborg-midtfyn:
     name: "Faaborg-Midtfyn Bibliotekerne"
     description: "The library site for Faaborg-Midtfyn"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILKo6SAhtuZy4z708mYP3vyc6YDMmTxwme3kg+kyQoTM"
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   favrskov:
     name: "Favrskov Bibliotekerne"
     description: "The library site for Favrskov"
@@ -178,7 +174,7 @@ sites:
       - favrskovbibliotekerne.dk
       - www.favrskovbibliotekerne.dk
     autogenerateRoutes: true
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   faxe:
     name: "Faxe Kommunes Bibliotek & Borgerservice"
     description: "The library site for Faxe"
@@ -197,7 +193,7 @@ sites:
     secondary-domains:
       - fredensborgbibliotekerne.dk
     autogenerateRoutes: true
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   fredericia:
     name: "Fredericia Bibliotek"
     description: "The library site for Fredericia"
@@ -206,19 +202,19 @@ sites:
     secondary-domains:
       - www.fredericiabib.dk
     autogenerateRoutes: true
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   frederiksberg:
     name: "Biblioteket Frederiksberg"
     description: "The library site for Frederiksberg"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGatN86NGcfXHefEFAACwDVkDxob2SW+N8R+8/rANnvF"
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   frederikshavn:
     name: "Frederikshavn Kommunes Biblioteker"
     description: "The library site for Frederikshavn"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICZcYBGIGrw0aei4UFmWcNMiQ4ZbJbBR7OU7q5Bsu/lz"
     primary-domain: bibl.frederikshavn.dk
     autogenerateRoutes: true
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   frederikssund:
     name: "Frederikssund Bibliotekerne"
     description: "The library site for Frederikssund"
@@ -227,7 +223,7 @@ sites:
     secondary-domains:
       - bibliotekerne.frederikssund.dk
     autogenerateRoutes: true
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   fureso:
     name: "Furesø Bibliotek & Borgerservice"
     description: "The library site for Furesø"
@@ -236,17 +232,17 @@ sites:
     secondary-domains:
       - www.furbib.dk
     autogenerateRoutes: true
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   gentofte:
     name: "Gentofte Bibliotekerne"
     description: "The library site for Gentofte"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP3Gh74TPbjSiKTz/cJQeH3l0gLsPtgzGVpC1YezMi+D"
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   gladsaxe:
     name: "Gladsaxe Bibliotekerne"
     description: "The library site for Gladsaxe"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICAQZr2pUtpsYarlI31+J/EXr3QHomuiG5TwQJDhquYF"
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   glostrup:
     name: "Glostrup Bibliotek"
     description: "The library site for Glostrup"
@@ -255,7 +251,7 @@ sites:
     secondary-domains:
       - glostrupbib.dk
     autogenerateRoutes: true
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   greve:
     name: "Greve Bibliotek"
     description: "The library site for Greve"
@@ -265,17 +261,17 @@ sites:
       - grevebib.dk
       - www.grevebib.dk
     autogenerateRoutes: true
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   gribskov:
     name: "Gribskov Biblioteker"
     description: "The library site for Gribskov"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIK40x6Y/UvhxDaW+McgqIeY2phSuuadNxuG/FGnSY70"
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   guldborgsund:
     name: "Guldborgsund-bibliotekerne"
     description: "The library site for Guldborgsund"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFwCP4jEJTjUyPTNlOJd7dHaT63C1iox9PPWl/Ck7IJH"
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   haderslev:
     name: "Haderslev Bibliotekerne"
     description: "The library site for Haderslev"
@@ -284,7 +280,7 @@ sites:
     secondary-domains:
       - www.haderslevbibliotekerne.dk
     autogenerateRoutes: true
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   halsnaes:
     name: "Halsnæs Bibliotekerne"
     description: "The library site for Halsnæs"
@@ -293,7 +289,7 @@ sites:
     secondary-domains:
       - www.bibliotekerne.halsnaes.dk
     autogenerateRoutes: true
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   hedensted:
     name: "Hedensted Bibliotekerne"
     description: "The library site for Hedensted"
@@ -302,12 +298,12 @@ sites:
     secondary-domains:
       - www.hedenstedbib.dk
     autogenerateRoutes: true
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   helsingor:
     name: "Helsingør Kommunes Biblioteker"
     description: "The library site for Helsingør"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMjjzFRg91rY4Bsr1I8yxysk/aCk374S2rpgixONAP7a"
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   herlev:
     name: "Herlev Bibliotek"
     description: "The library site for Herlev"
@@ -316,7 +312,7 @@ sites:
       - herlevbibliotek.dk
     autogenerateRoutes: "redirect"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICsQ7blUGjtlSdPU4AV7PR21o2Eqg5IMKTCFX3PV/2Mf"
-    <<: *next-release-image-source
+    <<: *default-release-image-source
   herning:
     name: "Herning Bibliotekerne"
     description: "The main library site for Herning"

From e108465dc0598fadfaa1c8909a8c000fe55b2cbf Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 16 Jul 2024 10:21:11 +0000
Subject: [PATCH 239/341] Bump hashicorp/terraform from 1.9.0 to 1.9.2 in
 /tools/dplsh

Bumps hashicorp/terraform from 1.9.0 to 1.9.2.

---
updated-dependencies:
- dependency-name: hashicorp/terraform
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 tools/dplsh/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/dplsh/Dockerfile b/tools/dplsh/Dockerfile
index 5569ce05..bdfdd917 100644
--- a/tools/dplsh/Dockerfile
+++ b/tools/dplsh/Dockerfile
@@ -5,7 +5,7 @@ ARG DPLSH_BUILD_VERSION=latest
 FROM alpine/helm:3.15.3 as helm
 
 # https://hub.docker.com/r/hashicorp/terraform/tags?page=1&ordering=last_updated
-FROM hashicorp/terraform:1.9.0 as terraform
+FROM hashicorp/terraform:1.9.2 as terraform
 
 # We use the official azure cli as a base-image. It is itself based on alpine
 # and is quite minimal.

From d4164ff39a4bbe6596783db788b2a76c52bd9b5b Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 16 Jul 2024 13:02:40 +0200
Subject: [PATCH 240/341] upgrade to 0.23.1

---
 tools/dplsh/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/dplsh/Dockerfile b/tools/dplsh/Dockerfile
index bdfdd917..e380584e 100644
--- a/tools/dplsh/Dockerfile
+++ b/tools/dplsh/Dockerfile
@@ -17,7 +17,7 @@ ARG TASK_VERSION=v3.36.0
 # See https://github.com/stern/stern/releases
 ARG STERN_RELEASE=1.27.0
 # See https://github.com/uselagoon/lagoon-cli/releases
-ARG LAGOON_CLI_RELEASE=v0.20.2
+ARG LAGOON_CLI_RELEASE=v0.23.1
 # See https://github.com/kubernetes-sigs/krew/releases
 ARG KREW_VERSION=v0.4.4
 # https://github.com/alenkacz/cert-manager-verifier/releases

From 4a1b4f711e764862bc5af05650f8b5b78ba8cd47 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Tue, 16 Jul 2024 13:32:23 +0200
Subject: [PATCH 241/341] Fix version of Lagoon CLI

The latest release is 0.21.3 - not 0.23.1.

With the current change the Lagoon CLI will no longer been installed.
---
 tools/dplsh/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/dplsh/Dockerfile b/tools/dplsh/Dockerfile
index e380584e..a92577ce 100644
--- a/tools/dplsh/Dockerfile
+++ b/tools/dplsh/Dockerfile
@@ -17,7 +17,7 @@ ARG TASK_VERSION=v3.36.0
 # See https://github.com/stern/stern/releases
 ARG STERN_RELEASE=1.27.0
 # See https://github.com/uselagoon/lagoon-cli/releases
-ARG LAGOON_CLI_RELEASE=v0.23.1
+ARG LAGOON_CLI_RELEASE=v0.21.3
 # See https://github.com/kubernetes-sigs/krew/releases
 ARG KREW_VERSION=v0.4.4
 # https://github.com/alenkacz/cert-manager-verifier/releases

From b18fa32c60bfad90fd60342dd695a6f1dcf52a31 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 30 Jul 2024 11:47:36 +0200
Subject: [PATCH 242/341] theses libraries are going webmaster

---
 infrastructure/environments/dplplat01/sites.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index c4c210d5..cbb68cb7 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -78,6 +78,7 @@ sites:
     name: "Albertslund Bibliotek"
     description: "The library site for Albertslund"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOpbJ5Duz6d8xqIF6CMOGrJxkpcwwAeAmP2OPnuXwAQe"
+    plan: webmaster
     <<: *default-release-image-source
   allerod:
     name: "Allerød Biblioteker"
@@ -101,6 +102,7 @@ sites:
     secondary-domains:
       - www.bib.ballerup.dk
     autogenerateRoutes: true
+    plan: webmaster
     <<: *default-release-image-source
   billund:
     name: "Billund Bibliotekerne og Borgerservice"
@@ -660,6 +662,7 @@ sites:
     secondary-domains:
       - www.silkeborgbib.dk
     autogenerateRoutes: true
+    plan: webmaster
     <<: *default-release-image-source
   skanderborg:
     name: "Skanderborg Bibliotek"
@@ -692,6 +695,7 @@ sites:
     secondary-domains:
       - www.biblioteket.sonderborg.dk
     autogenerateRoutes: true
+    plan: webmaster
     <<: *default-release-image-source
   soro:
     name: "Sorø Bibliotek"
@@ -724,6 +728,7 @@ sites:
     secondary-domains:
       - dcbib.dk
     autogenerateRoutes: true
+    plan: webmaster
     <<: *default-release-image-source
   svendborg:
     name: "Svendborg Bibliotek"

From 5a0e41cad536ef4bd67eecd1492457526a043a1c Mon Sep 17 00:00:00 2001
From: Mikkel Jakobsen <jakobsen.mikkel@gmail.com>
Date: Tue, 6 Aug 2024 11:58:27 +0200
Subject: [PATCH 243/341] Test release 2024.32.1 on canary

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index cbb68cb7..24b47227 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -16,7 +16,7 @@ sites:
     description: "A site to test new releases on"
     releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
     releaseImageName: dpl-cms-source
-    dpl-cms-release: "2024.29.1"
+    dpl-cms-release: "2024.32.1"
     plan: webmaster
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIhuA0K7CNvRoe+Xx7RaXG4+a8KcSpzuWn+G4sUPzNWx"
   cms-school:

From 11124d54dfb71c56862ab8766ae2d4a3a3ddf7c9 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 7 Aug 2024 12:05:37 +0200
Subject: [PATCH 244/341] put Odense on the webmaster plan

---
 infrastructure/environments/dplplat01/sites.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 24b47227..b9e3d24f 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -576,6 +576,7 @@ sites:
     name: "Odense Biblioteker og Borgerservice"
     description: "The library site for Odense"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQ6nngmgVZXTNpPzhMTvJyx4tUPjHxoLSNL/jJPaNQ0"
+    plan: webmaster
     <<: *default-release-image-source
   odsherred:
     name: "Odsherred Bibliotek og Kulturhuse"

From 033c646ea19865cd839b4b286fc3e7048d79cc70 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Thu, 8 Aug 2024 13:59:59 +0200
Subject: [PATCH 245/341] update version to 32.1

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index b9e3d24f..08c9f7f4 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -2,7 +2,7 @@
 x-defaults: &default-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
-  dpl-cms-release: "2024.29.1"
+  dpl-cms-release: "2024.32.1"
 x-webmaster: &webmaster-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source

From 6ede0cc7bae1f16ad6539bc620610b0db8a4f04b Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Thu, 8 Aug 2024 15:59:26 +0200
Subject: [PATCH 246/341] we also need to bump the webmasters to 32.1

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 08c9f7f4..84504f32 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -6,7 +6,7 @@ x-defaults: &default-release-image-source
 x-webmaster: &webmaster-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
-  dpl-cms-release: "2024.29.1"
+  dpl-cms-release: "2024.32.1"
 sites:
   # Site objects are indexed by a unique key that must be a valid lagoon, and
   # github project name. That is, alphanumeric and dashes.

From 72d4c9618f7a78f02a96d54ce94654fea21f48ff Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 9 Aug 2024 04:19:01 +0000
Subject: [PATCH 247/341] Bump azure-cli from 2.62.0 to 2.63.0 in /tools/dplsh

Bumps azure-cli from 2.62.0 to 2.63.0.

---
updated-dependencies:
- dependency-name: azure-cli
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 tools/dplsh/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/dplsh/Dockerfile b/tools/dplsh/Dockerfile
index a92577ce..9f773e49 100644
--- a/tools/dplsh/Dockerfile
+++ b/tools/dplsh/Dockerfile
@@ -10,7 +10,7 @@ FROM hashicorp/terraform:1.9.2 as terraform
 # We use the official azure cli as a base-image. It is itself based on alpine
 # and is quite minimal.
 # https://mcr.microsoft.com/v2/azure-cli/tags/list
-FROM mcr.microsoft.com/azure-cli:2.62.0
+FROM mcr.microsoft.com/azure-cli:2.63.0
 
 # See https://github.com/go-task/task/releases
 ARG TASK_VERSION=v3.36.0

From 26ea649bea91a436a1b55f65e5dd24c9b25088d8 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 13 Aug 2024 15:10:36 +0200
Subject: [PATCH 248/341] release 2024.33.0 to canary

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 84504f32..5fee4205 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -16,7 +16,7 @@ sites:
     description: "A site to test new releases on"
     releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
     releaseImageName: dpl-cms-source
-    dpl-cms-release: "2024.32.1"
+    dpl-cms-release: "2024.33.0"
     plan: webmaster
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIhuA0K7CNvRoe+Xx7RaXG4+a8KcSpzuWn+G4sUPzNWx"
   cms-school:

From fd6f7902e4ae12c2b6c466534b773569d70ae65e Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 13 Aug 2024 15:29:02 +0200
Subject: [PATCH 249/341] add gentofte's urls so they can go live

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 5fee4205..be166a9f 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -239,6 +239,10 @@ sites:
     name: "Gentofte Bibliotekerne"
     description: "The library site for Gentofte"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP3Gh74TPbjSiKTz/cJQeH3l0gLsPtgzGVpC1YezMi+D"
+    primary-domain: genbib.dk
+    secondary-domains:
+      - www.genbib.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   gladsaxe:
     name: "Gladsaxe Bibliotekerne"

From d4ec83924573c9cd790691a6b93bbc53f60f76c2 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Thu, 15 Aug 2024 09:43:25 +0200
Subject: [PATCH 250/341] bump version

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index be166a9f..8082c173 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -2,7 +2,7 @@
 x-defaults: &default-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
-  dpl-cms-release: "2024.32.1"
+  dpl-cms-release: "2024.33.0"
 x-webmaster: &webmaster-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source

From 5647209b5dbcf86e3805c14584af64b15218e549 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Thu, 11 Jul 2024 14:29:37 +0200
Subject: [PATCH 251/341] support having different versions on WM's and
 standard libs

---
 infrastructure/dpladm/bin/sync-site.sh           | 16 +++++++++++++++-
 infrastructure/environments/dplplat01/sites.yaml |  1 +
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/infrastructure/dpladm/bin/sync-site.sh b/infrastructure/dpladm/bin/sync-site.sh
index 1f74e3e0..3cb7b8a9 100755
--- a/infrastructure/dpladm/bin/sync-site.sh
+++ b/infrastructure/dpladm/bin/sync-site.sh
@@ -34,6 +34,19 @@ function getSiteDplCmsRelease {
     return
 }
 
+
+function getWebmasterDplCmsRelease {
+    local wmRelease
+    wmRelease=$(yq eval ".sites.${1}.webmaster-cms-version" "${2}")
+    if [[ "${wmRelease}" == "null" ]]; then
+        echo ""
+        return
+    fi
+
+    echo "${wmRelease}"
+    return
+}
+
 function getSiteReleaseImageRepository {
     local repository
     repository=$(yq eval ".sites.${1}.releaseImageRepository" "${2}")
@@ -138,6 +151,7 @@ primaryDomain=$(getSitePrimaryDomain "${SITE}" "${SITES_CONFIG}")
 secondaryDomains=$(getSiteSecondaryDomains "${SITE}" "${SITES_CONFIG}")
 autogenerateRoutes=$(getSiteAutogenerateRoutes "${SITE}" "${SITES_CONFIG}")
 releaseTag=$(getSiteDplCmsRelease "${SITE}" "${SITES_CONFIG}")
+wmReleaseTag=$(getWebmasterDplCmsRelease "${SITE}" "${SITES_CONFIG}")
 siteImageRepository=$(getSiteReleaseImageRepository "${SITE}" "${SITES_CONFIG}" || exit 1)
 failOnErr $? "${siteImageRepository}"
 siteReleaseImageName=$(getSiteReleaseImageName "${SITE}" "${SITES_CONFIG}")
@@ -150,5 +164,5 @@ set -o errexit
 syncEnvRepo "${SITE}" "${releaseTag}" "${BRANCH}" "${siteImageRepository}" "${siteReleaseImageName}" "${importTranslationsCron}" "${autogenerateRoutes}" "${primaryDomain}" "${secondaryDomains}"
 
 if [ "${plan}" = "webmaster" ] && [ "${BRANCH}" = "main" ]; then
-    syncEnvRepo "${SITE}" "${releaseTag}" "moduletest" "${siteImageRepository}" "${siteReleaseImageName}" "${importTranslationsCron}" "${autogenerateRoutes}" "${primaryDomain}" "${secondaryDomains}"
+    syncEnvRepo "${SITE}" "${wmReleaseTag}" "moduletest" "${siteImageRepository}" "${siteReleaseImageName}" "${importTranslationsCron}" "${autogenerateRoutes}" "${primaryDomain}" "${secondaryDomains}"
 fi
diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 8082c173..d161e57f 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -445,6 +445,7 @@ sites:
       - nginx.main.kobenhavn.dplplat01.dpl.reload.dk
       - varnish.main.kobenhavn.dplplat01.dpl.reload.dk
     plan: webmaster
+    webmaster-cms-version: 2024.27.1
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHaTkDvjLW/b2qVj8FIvtX9x3TxFFZTENn+w2CFELeoC"
     <<: *webmaster-release-image-source
   koge:

From 70e98224d3df7a018090ae70e05fa6323d7a0812 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Thu, 11 Jul 2024 14:49:47 +0200
Subject: [PATCH 252/341] patch cli's req

---
 .../dpladm/env-repo-template/standard/.lagoon.yml         | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/infrastructure/dpladm/env-repo-template/standard/.lagoon.yml b/infrastructure/dpladm/env-repo-template/standard/.lagoon.yml
index 41aa3d2d..d34a11df 100644
--- a/infrastructure/dpladm/env-repo-template/standard/.lagoon.yml
+++ b/infrastructure/dpladm/env-repo-template/standard/.lagoon.yml
@@ -56,7 +56,13 @@ tasks:
         name: Import config translations
         command: drush dpl_po:import-remote-config-po da https://danskernesdigitalebibliotek.github.io/dpl-cms/translations/da.config.po
         service: cli
-
+    - run:
+        name: Set Pod resource requests and limits
+        command: |
+            set -e;
+            echo "setting resource requests for cli"
+            kubernetes patch deployment cli -n ${LAGOON_PROJECT_NAME} -p '{"spec":{"template":{"spec":{"containers":[{"name":"cli","resources":{"requests":{"memory":"20Mi"}}}]}}}'
+        service: cli
 environments:
   main:
 $ENABLE_ROUTES

From ed62758dc1aba241a27403830e3f323d913067c6 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Thu, 11 Jul 2024 14:50:31 +0200
Subject: [PATCH 253/341] install kubectl, so we can have the cli box patch the
 pods with resource req

---
 .../dpladm/env-repo-template/standard/lagoon/cli.dockerfile  | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/infrastructure/dpladm/env-repo-template/standard/lagoon/cli.dockerfile b/infrastructure/dpladm/env-repo-template/standard/lagoon/cli.dockerfile
index d85509c5..815fa15b 100644
--- a/infrastructure/dpladm/env-repo-template/standard/lagoon/cli.dockerfile
+++ b/infrastructure/dpladm/env-repo-template/standard/lagoon/cli.dockerfile
@@ -7,6 +7,11 @@ FROM uselagoon/php-8.1-cli-drupal:${LAGOON_IMAGES_RELEASE_TAG}
 
 COPY --from=release /app /app
 RUN mkdir -p -v -m775 /app/web/sites/default/files
+# install kubectl - we need as long as we cant set the resource request
+RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
+RUN chmod +x ./kubectl
+RUN mv ./kubectl /usr/local/bin
+
 
 # Define where the Drupal Root is located
 ENV WEBROOT=web

From 3626597da6ada18089c4edd168ea8fec633e6941 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 16 Jul 2024 10:45:38 +0200
Subject: [PATCH 254/341] add task that will run the bash script

---
 infrastructure/Taskfile.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index 2e0196df..23fe00d1 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -205,6 +205,12 @@ tasks:
           - sh: "[ ! -z {{.AZURE_SUBSCRIPTION_ID}} ]"
             msg: "Env variable AZURE_SUBSCRIPTION_ID is not set or empty."
 
+    cluster:adjust:resource-request:
+      deps: [cluster:auth, lagoon:cli:config]
+      desc: "Adjust resource requests for a every pod inside a library namespace"
+      cmds:
+        - task/scripts/adjust-resource-requests.sh
+
     support:provision:cert-manager:
       deps: [cluster:auth]
       summary: Set the DIFF environment variable to any value to switch to diffing instead of an actual upgrade.

From b74e4882c5d6ba5d4224bb490a8ef3b1e0a49ace Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 16 Jul 2024 10:46:06 +0200
Subject: [PATCH 255/341] add script that will patch the resource request for
 the desired pods

---
 .../task/scripts/adjust-resource-requests.sh  | 57 +++++++++++++++++++
 1 file changed, 57 insertions(+)
 create mode 100755 infrastructure/task/scripts/adjust-resource-requests.sh

diff --git a/infrastructure/task/scripts/adjust-resource-requests.sh b/infrastructure/task/scripts/adjust-resource-requests.sh
new file mode 100755
index 00000000..8bbf0d81
--- /dev/null
+++ b/infrastructure/task/scripts/adjust-resource-requests.sh
@@ -0,0 +1,57 @@
+#!/usr/bin/env bash
+#
+# Lagoon doesn't allow us to set the resource request which results in kubernetes not
+# being able to adjust it's workloades properly.
+# This script allows us to do that, though in an imperfect way.
+# The Script should be obsolote when a vertical pod autoscaler is in place.
+
+# Namespace
+NAMESPACES_RAW=$(kubectl get ns -o jsonpath='{.items[*].metadata.name}')
+NAMESPACES=($NAMESPACES_RAW)
+
+SYSTEM_NAMESPACES=(
+  "calico-system"
+  "cert-manager"
+  "default"
+  "dpl-cms-develop"
+  "grafana"
+  "harbor"
+  "ingress-nginx"
+  "k8up"
+  "kube-node-lease"
+  "kube-public"
+  "kube-system"
+  "kuma-monitoring"
+  "lagoon"
+  "lagoon-core"
+  "loki"
+  "minio"
+  "prometheus"
+  "promtail"
+  "tigera-operator"
+)
+
+echo "Adjusting resource requests in the cluster"
+for NS in "${NAMESPACES[@]}"; do
+  # Skip system namespaces - those we have enough controll over
+  if [[ " ${SYSTEM_NAMESPACES[@]} " =~ " ${NS} " ]]; then
+    continue
+  fi
+  echo "##   $NS    ##"
+  # Pod to be adjusted
+  DEPLOYMENTS=("cli" "nginx" "varnish" "redis")
+
+  # Desired memory request
+  MEMORY_REQUEST="150Mi"
+
+  for DEPLOYMENT in "${DEPLOYMENTS[@]}"; do
+    # Patch the deployments resource request
+    kubectl patch deployments.apps -n $NS $DEPLOYMENT --type="json" -p='[
+      {
+        "op": "replace",
+        "path": "/spec/template/spec/containers/0/resources/requests/memory",
+        "value": "'"$MEMORY_REQUEST"'"
+      }
+    ]'
+  done
+done

From 081ddcf334903ae87ab50cc397d7dcf8f3c922f3 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 16 Jul 2024 11:18:57 +0200
Subject: [PATCH 256/341] remove this postrollout task as it doesn't work

---
 .../dpladm/env-repo-template/standard/.lagoon.yml         | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/infrastructure/dpladm/env-repo-template/standard/.lagoon.yml b/infrastructure/dpladm/env-repo-template/standard/.lagoon.yml
index d34a11df..41aa3d2d 100644
--- a/infrastructure/dpladm/env-repo-template/standard/.lagoon.yml
+++ b/infrastructure/dpladm/env-repo-template/standard/.lagoon.yml
@@ -56,13 +56,7 @@ tasks:
         name: Import config translations
         command: drush dpl_po:import-remote-config-po da https://danskernesdigitalebibliotek.github.io/dpl-cms/translations/da.config.po
         service: cli
-    - run:
-        name: Set Pod resource requests and limits
-        command: |
-            set -e;
-            echo "setting resource requests for cli"
-            kubernetes patch deployment cli -n ${LAGOON_PROJECT_NAME} -p '{"spec":{"template":{"spec":{"containers":[{"name":"cli","resources":{"requests":{"memory":"20Mi"}}}]}}}'
-        service: cli
+
 environments:
   main:
 $ENABLE_ROUTES

From f413c7db24053dc740ea38ba2737bdfea709b4b7 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 16 Jul 2024 14:43:51 +0200
Subject: [PATCH 257/341] fix shellcheck stuff

---
 infrastructure/task/scripts/adjust-resource-requests.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/infrastructure/task/scripts/adjust-resource-requests.sh b/infrastructure/task/scripts/adjust-resource-requests.sh
index 8bbf0d81..237d2780 100755
--- a/infrastructure/task/scripts/adjust-resource-requests.sh
+++ b/infrastructure/task/scripts/adjust-resource-requests.sh
@@ -7,7 +7,7 @@
 
 # Namespace
 NAMESPACES_RAW=$(kubectl get ns -o jsonpath='{.items[*].metadata.name}')
-NAMESPACES=($NAMESPACES_RAW)
+NAMESPACES=("$NAMESPACES_RAW")
 
 SYSTEM_NAMESPACES=(
   "calico-system"
@@ -34,7 +34,7 @@ SYSTEM_NAMESPACES=(
 echo "Adjusting resource requests in the cluster"
 for NS in "${NAMESPACES[@]}"; do
   # Skip system namespaces - those we have enough controll over
-  if [[ " ${SYSTEM_NAMESPACES[@]} " =~ " ${NS} " ]]; then
+  if [[ " ${SYSTEM_NAMESPACES[*]} " =~ " ${NS} " ]]; then
     continue
   fi
   echo "##   $NS    ##"
@@ -46,7 +46,7 @@ for NS in "${NAMESPACES[@]}"; do
 
   for DEPLOYMENT in "${DEPLOYMENTS[@]}"; do
     # Patch the deployments resource request
-    kubectl patch deployments.apps -n $NS $DEPLOYMENT --type="json" -p='[
+    kubectl patch deployments.apps -n "$NS" "$DEPLOYMENT" --type="json" -p='[
       {
         "op": "replace",
         "path": "/spec/template/spec/containers/0/resources/requests/memory",

From 17aa31416071c88ef63a32c946aaa304cf88dc90 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 16 Jul 2024 15:22:56 +0200
Subject: [PATCH 258/341] more shellcheck stuff

---
 infrastructure/task/scripts/adjust-resource-requests.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/infrastructure/task/scripts/adjust-resource-requests.sh b/infrastructure/task/scripts/adjust-resource-requests.sh
index 237d2780..8d30e66f 100755
--- a/infrastructure/task/scripts/adjust-resource-requests.sh
+++ b/infrastructure/task/scripts/adjust-resource-requests.sh
@@ -7,7 +7,7 @@
 
 # Namespace
 NAMESPACES_RAW=$(kubectl get ns -o jsonpath='{.items[*].metadata.name}')
-NAMESPACES=("$NAMESPACES_RAW")
+NAMESPACES=($NAMESPACES_RAW)
 
 SYSTEM_NAMESPACES=(
   "calico-system"
@@ -34,7 +34,7 @@ SYSTEM_NAMESPACES=(
 echo "Adjusting resource requests in the cluster"
 for NS in "${NAMESPACES[@]}"; do
   # Skip system namespaces - those we have enough controll over
-  if [[ " ${SYSTEM_NAMESPACES[*]} " =~ " ${NS} " ]]; then
+  if [[ " ${SYSTEM_NAMESPACES[*]} " =~ ${NS} ]]; then
     continue
   fi
   echo "##   $NS    ##"

From c9b3ce22bab03f55b3a80355a557de51413f87fd Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 16 Jul 2024 15:29:57 +0200
Subject: [PATCH 259/341] ignore this

---
 infrastructure/task/scripts/adjust-resource-requests.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/infrastructure/task/scripts/adjust-resource-requests.sh b/infrastructure/task/scripts/adjust-resource-requests.sh
index 8d30e66f..447b938d 100755
--- a/infrastructure/task/scripts/adjust-resource-requests.sh
+++ b/infrastructure/task/scripts/adjust-resource-requests.sh
@@ -7,6 +7,7 @@
 
 # Namespace
 NAMESPACES_RAW=$(kubectl get ns -o jsonpath='{.items[*].metadata.name}')
+# shellcheck disable=SC2206
 NAMESPACES=($NAMESPACES_RAW)
 
 SYSTEM_NAMESPACES=(

From dd31a75910ec3a561a6be445eff17915a64f15e7 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Thu, 15 Aug 2024 14:05:18 +0200
Subject: [PATCH 260/341] remove unused function

---
 infrastructure/dpladm/bin/sync-site.sh | 13 -------------
 1 file changed, 13 deletions(-)

diff --git a/infrastructure/dpladm/bin/sync-site.sh b/infrastructure/dpladm/bin/sync-site.sh
index 3cb7b8a9..124afa5f 100755
--- a/infrastructure/dpladm/bin/sync-site.sh
+++ b/infrastructure/dpladm/bin/sync-site.sh
@@ -34,19 +34,6 @@ function getSiteDplCmsRelease {
     return
 }
 
-
-function getWebmasterDplCmsRelease {
-    local wmRelease
-    wmRelease=$(yq eval ".sites.${1}.webmaster-cms-version" "${2}")
-    if [[ "${wmRelease}" == "null" ]]; then
-        echo ""
-        return
-    fi
-
-    echo "${wmRelease}"
-    return
-}
-
 function getSiteReleaseImageRepository {
     local repository
     repository=$(yq eval ".sites.${1}.releaseImageRepository" "${2}")

From de88b948e48affdb9df9d01f8a2ab6a5406832c4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 19 Aug 2024 04:16:52 +0000
Subject: [PATCH 261/341] Bump alpine/helm from 3.15.3 to 3.15.4 in
 /tools/dplsh

Bumps alpine/helm from 3.15.3 to 3.15.4.

---
updated-dependencies:
- dependency-name: alpine/helm
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 tools/dplsh/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/dplsh/Dockerfile b/tools/dplsh/Dockerfile
index a92577ce..0271559c 100644
--- a/tools/dplsh/Dockerfile
+++ b/tools/dplsh/Dockerfile
@@ -2,7 +2,7 @@ ARG DPLSH_BUILD_VERSION=latest
 
 # Use an intermediate images as a way to have dependabot track our dependency
 # https://hub.docker.com/r/alpine/helm/tags?page=1&ordering=last_updated
-FROM alpine/helm:3.15.3 as helm
+FROM alpine/helm:3.15.4 as helm
 
 # https://hub.docker.com/r/hashicorp/terraform/tags?page=1&ordering=last_updated
 FROM hashicorp/terraform:1.9.2 as terraform

From 24ae41f56808cde46a27dd92cbda0e1e5f97e6b3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 20 Aug 2024 04:20:56 +0000
Subject: [PATCH 262/341] Bump hashicorp/setup-terraform from 3.1.1 to 3.1.2

Bumps [hashicorp/setup-terraform](https://github.com/hashicorp/setup-terraform) from 3.1.1 to 3.1.2.
- [Release notes](https://github.com/hashicorp/setup-terraform/releases)
- [Changelog](https://github.com/hashicorp/setup-terraform/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/setup-terraform/compare/v3.1.1...v3.1.2)

---
updated-dependencies:
- dependency-name: hashicorp/setup-terraform
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/terraform-lint.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/terraform-lint.yaml b/.github/workflows/terraform-lint.yaml
index df93e596..b53cdc99 100644
--- a/.github/workflows/terraform-lint.yaml
+++ b/.github/workflows/terraform-lint.yaml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4.1.7
-      - uses: hashicorp/setup-terraform@v3.1.1
+      - uses: hashicorp/setup-terraform@v3.1.2
       - name: Terraform fmt
         id: fmt
         run: terraform fmt -recursive -check infrastructure/terraform

From bb283a850b6f0fafcba9ab557415bdd618a0dc81 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 21 Aug 2024 04:21:29 +0000
Subject: [PATCH 263/341] Bump hashicorp/terraform from 1.9.2 to 1.9.5 in
 /tools/dplsh

Bumps hashicorp/terraform from 1.9.2 to 1.9.5.

---
updated-dependencies:
- dependency-name: hashicorp/terraform
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 tools/dplsh/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/dplsh/Dockerfile b/tools/dplsh/Dockerfile
index a92577ce..3dd0763f 100644
--- a/tools/dplsh/Dockerfile
+++ b/tools/dplsh/Dockerfile
@@ -5,7 +5,7 @@ ARG DPLSH_BUILD_VERSION=latest
 FROM alpine/helm:3.15.3 as helm
 
 # https://hub.docker.com/r/hashicorp/terraform/tags?page=1&ordering=last_updated
-FROM hashicorp/terraform:1.9.2 as terraform
+FROM hashicorp/terraform:1.9.5 as terraform
 
 # We use the official azure cli as a base-image. It is itself based on alpine
 # and is quite minimal.

From 5e441212c680e21785dc76a86f201cb16bc2e3b6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Wed, 21 Aug 2024 09:33:35 +0200
Subject: [PATCH 264/341] Cleanup development environments in our core Lagoon
 project.

With our setup Lagoon creates a development environment automatically
each time a pull request is created. Such an environments should also
be deleted when the pull request is closed. This is usually the case
when the PR is merged but often failed when the pull request is closed
without merging.

To work around this issue this script tries to close all development
environments in Lagoon where the corresponding pull request has been
either closed or merged.
---
 .../task/scripts/cleanup-dev-envs.sh          | 51 +++++++++++++++++++
 1 file changed, 51 insertions(+)
 create mode 100644 infrastructure/task/scripts/cleanup-dev-envs.sh

diff --git a/infrastructure/task/scripts/cleanup-dev-envs.sh b/infrastructure/task/scripts/cleanup-dev-envs.sh
new file mode 100644
index 00000000..23918240
--- /dev/null
+++ b/infrastructure/task/scripts/cleanup-dev-envs.sh
@@ -0,0 +1,51 @@
+#!/usr/bin/env bash
+#
+# Cleanup development environments in our core Lagoon project.
+#
+# With our setup Lagoon creates a development environment automatically each
+# time a pull request is created. Such an environments should also be deleted
+# when the pull request is closed. This is usually the case when the PR is
+# merged but often failed when the pull request is closed without merging.
+#
+# To work around this issue this script tries to close all development
+# environments in Lagoon where the corresponding pull request has been either
+# closed or merged.
+
+LAGOON_PROJECT="dpl-cms"
+REPO="danskernesdigitalebibliotek/dpl-cms"
+
+DRY_RUN=false
+if [ "$1" == "--dry-run" ]; then
+  DRY_RUN=true
+fi
+
+DEV_ENVS=$(lagoon raw --raw "query dplCmsEnvs {
+  projectByName(name: \"$LAGOON_PROJECT\") {
+    environments {
+      name
+      environmentType
+    }
+  }
+}" | jq -c '.projectByName.environments[] | select(.environmentType == "development" and .name != "develop")')
+
+echo "$DEV_ENVS" | while read -r environment; do
+  ENV_NAME=$(echo "$environment" | jq -r '.name')
+  # Lagoon development environments are named after the number or their
+  # corresponding pull request.
+  PR_NUMBER=$(echo "$environment" | jq -r '.name | gsub("^pr-"; "") | tonumber')
+
+  # Check the status of the PR using the gh CLI
+  PR_STATUS=$(gh pr view "$PR_NUMBER" --repo $REPO --json state -q '.state')
+
+  if [[ "$PR_STATUS" == "CLOSED" || "$PR_STATUS" == "MERGED" ]]; then
+
+    echo "PR #$PR_NUMBER is $PR_STATUS. Closing development environment: $ENV_NAME."
+
+    if [ "$DRY_RUN" = true ]; then
+      echo "Dry-run: lagoon delete environment -p \"$LAGOON_PROJECT\" -e \"$ENV_NAME\""
+    else
+      echo "foo"
+      #lagoon delete environment -p "$LAGOON_PROJECT" -e "$ENV_NAME"
+    fi
+  fi
+done;
\ No newline at end of file

From f77a2b847df696e22bf206fc87bccfe7f9aca97a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Asbj=C3=B8rn=20Dyhrberg=20Thegler?= <asbjoern@deranged.dk>
Date: Mon, 26 Aug 2024 09:09:59 +0200
Subject: [PATCH 265/341] Add proxy_upstream_name to nginx logging

`proxy_upstream_name` is part of the default logging, but when we changed to custom logging, it was left out. This adds it back in, into the custom logging.
---
 .../ingress-nginx/ingres-nginx-values.template.yaml             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/configuration/ingress-nginx/ingres-nginx-values.template.yaml b/infrastructure/environments/dplplat01/configuration/ingress-nginx/ingres-nginx-values.template.yaml
index 46e445ab..00e50efa 100644
--- a/infrastructure/environments/dplplat01/configuration/ingress-nginx/ingres-nginx-values.template.yaml
+++ b/infrastructure/environments/dplplat01/configuration/ingress-nginx/ingres-nginx-values.template.yaml
@@ -7,7 +7,7 @@ controller:
     log-format-upstream: '{"time": "$time_iso8601", "remote_addr": "$proxy_add_x_forwarded_for", "x-forward-for": "$proxy_add_x_forwarded_for", "request_id": "$req_id",
       "bytes_sent": $bytes_sent, "request_time": $request_time, "status":$status, "vhost": "$host", "request_proto": "$server_protocol",
       "path": "$uri", "request_query": "$args", "request_length": $request_length, "duration": $request_time,"method": "$request_method", "http_referrer": "$http_referer",
-      "http_user_agent": "$http_user_agent" }'
+      "http_user_agent": "$http_user_agent", "proxy_upstream_name": "$proxy_upstream_name" }'
     # Default client_max_body_size is 1m, which is too small for our needs.
     # We align this with the value in Lagoon itself.
     # See https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#custom-max-body-size

From f7abd1f12d3e1288ad9791756fbebee213bab6e8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Mon, 26 Aug 2024 11:12:53 +0200
Subject: [PATCH 266/341] fixup! Cleanup development environments in our core
 Lagoon project.

---
 infrastructure/task/scripts/cleanup-dev-envs.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/task/scripts/cleanup-dev-envs.sh b/infrastructure/task/scripts/cleanup-dev-envs.sh
index 23918240..57e5fb8a 100644
--- a/infrastructure/task/scripts/cleanup-dev-envs.sh
+++ b/infrastructure/task/scripts/cleanup-dev-envs.sh
@@ -30,7 +30,7 @@ DEV_ENVS=$(lagoon raw --raw "query dplCmsEnvs {
 
 echo "$DEV_ENVS" | while read -r environment; do
   ENV_NAME=$(echo "$environment" | jq -r '.name')
-  # Lagoon development environments are named after the number or their
+  # Lagoon development environments are named after the number of their
   # corresponding pull request.
   PR_NUMBER=$(echo "$environment" | jq -r '.name | gsub("^pr-"; "") | tonumber')
 

From 4995ee5054a1a5c5b4151821ddfaeb52fcb15265 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Mon, 26 Aug 2024 11:20:18 +0200
Subject: [PATCH 267/341] Actually delete environments when not dry-running
 cleanup

---
 infrastructure/task/scripts/cleanup-dev-envs.sh | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/infrastructure/task/scripts/cleanup-dev-envs.sh b/infrastructure/task/scripts/cleanup-dev-envs.sh
index 57e5fb8a..a2443a0f 100644
--- a/infrastructure/task/scripts/cleanup-dev-envs.sh
+++ b/infrastructure/task/scripts/cleanup-dev-envs.sh
@@ -44,8 +44,7 @@ echo "$DEV_ENVS" | while read -r environment; do
     if [ "$DRY_RUN" = true ]; then
       echo "Dry-run: lagoon delete environment -p \"$LAGOON_PROJECT\" -e \"$ENV_NAME\""
     else
-      echo "foo"
-      #lagoon delete environment -p "$LAGOON_PROJECT" -e "$ENV_NAME"
+      lagoon delete environment -p "$LAGOON_PROJECT" -e "$ENV_NAME"
     fi
   fi
 done;
\ No newline at end of file

From 3a122eed6a5857cb310b6328e0e840c409f0cfd9 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Mon, 26 Aug 2024 11:27:20 +0200
Subject: [PATCH 268/341] change plan to webmaster

---
 infrastructure/environments/dplplat01/sites.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index d161e57f..51df88fe 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -639,6 +639,7 @@ sites:
     name: "Roskilde Bibliotekerne"
     description: "The library site for Roskilde"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPfCXTAe50+d/RUIu8JSctoCSzfJoEMtZ2OY0AUQdZgo"
+    plan: webmaster
     <<: *default-release-image-source
   rudersdal:
     name: "Rudersdal Bibliotekerne"

From 301b4bff158beb0dc5d840aaae0521b9166264ea Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Mon, 26 Aug 2024 11:51:42 +0200
Subject: [PATCH 269/341] Add GitHub CLI to dplsh

It is needed for the cleanup environments script to run
---
 tools/dplsh/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tools/dplsh/Dockerfile b/tools/dplsh/Dockerfile
index a92577ce..23b54ae9 100644
--- a/tools/dplsh/Dockerfile
+++ b/tools/dplsh/Dockerfile
@@ -43,6 +43,7 @@ RUN apk add --no-cache \
   docker-cli \
   gettext \
   git \
+  github-cli \
   rsync \
   shadow \
   vim \

From e596d184763d5718effa7312df82ab6f877e1543 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Mon, 26 Aug 2024 11:52:48 +0200
Subject: [PATCH 270/341] Ensure that the user is authenticated on GitHub when
 running cleanup

---
 infrastructure/task/scripts/cleanup-dev-envs.sh | 5 +++++
 1 file changed, 5 insertions(+)
 mode change 100644 => 100755 infrastructure/task/scripts/cleanup-dev-envs.sh

diff --git a/infrastructure/task/scripts/cleanup-dev-envs.sh b/infrastructure/task/scripts/cleanup-dev-envs.sh
old mode 100644
new mode 100755
index a2443a0f..f555ed49
--- a/infrastructure/task/scripts/cleanup-dev-envs.sh
+++ b/infrastructure/task/scripts/cleanup-dev-envs.sh
@@ -14,6 +14,11 @@
 LAGOON_PROJECT="dpl-cms"
 REPO="danskernesdigitalebibliotek/dpl-cms"
 
+if ! gh auth status >/dev/null 2>&1; then
+  echo "Error: You are not logged into GitHub. Please log in using 'gh auth login' and try again."
+  exit 1
+fi
+
 DRY_RUN=false
 if [ "$1" == "--dry-run" ]; then
   DRY_RUN=true

From 59d6ff590fb1fca6fb1778ed06753719d70357e6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Mon, 26 Aug 2024 21:11:29 +0200
Subject: [PATCH 271/341] Redirect legacy paths for library search and
 materials to new paths

Add NGINX configuration which sets up the redirects.

This has been implemented on the NGINX level as this part of the
system already has a setup for modifying the default configuration and
this should be a relatively efficient solution.

Alternate solutions would include:
- PHP: This would make the redirects computationally more
  expensive to execute as Drupal would need to be bootstrapped first
  and would occupy a FPM worker. With the right headers each redirect
  could be cached in Varnish.
- Varnish: This might make the redirects even faster but we do not
  have a setup for modifying the existing VCL.
---
 ...nd_drupal_rewrite_legacy_search_works.conf | 31 +++++++++++++++++++
 .../standard/lagoon/nginx.dockerfile          |  4 +++
 2 files changed, 35 insertions(+)
 create mode 100644 infrastructure/dpladm/env-repo-template/standard/lagoon/conf/nginx/server_append_drupal_rewrite_legacy_search_works.conf

diff --git a/infrastructure/dpladm/env-repo-template/standard/lagoon/conf/nginx/server_append_drupal_rewrite_legacy_search_works.conf b/infrastructure/dpladm/env-repo-template/standard/lagoon/conf/nginx/server_append_drupal_rewrite_legacy_search_works.conf
new file mode 100644
index 00000000..0608c475
--- /dev/null
+++ b/infrastructure/dpladm/env-repo-template/standard/lagoon/conf/nginx/server_append_drupal_rewrite_legacy_search_works.conf
@@ -0,0 +1,31 @@
+# Redirect paths for library search and materials to new urls.
+#
+# For all redirects we:
+# - Use permanent redirects to ensure that the new urls are picked up properly
+#   by search engines.
+# - Strip all query parameters in the process as we do not have a reliable way
+#   to transform these.
+
+# Redirect search queries
+#
+# Legacy paths:
+# - /search/ting/harry potter
+# - /search/ting/harry%20potter?&facets%5B%5D=facet.category%3Avoksenmaterialer
+# - /search/ting/harry%20potter?page=1
+# New path:
+# - /search?q=harry%2520potter
+rewrite ^/search/ting/([^/?]+) /search?q=$1? permanent;
+
+# Redirect materials.
+# The legacy system had separate paths for works (collections) and
+# manifestations (objects). The current system only promoted works so redirect
+# both to the work url.
+# This only works because there currently is a simple translation from the
+# id (pid) of a manifestation to the id of the corresponding work.
+#
+# Legacy paths:
+# - /ting/collection/870970-basis%3A47086868
+# - /ting/object/870970-basis%3A47086868
+# New path:
+# - /work/work-of:870970-basis%3A47086868
+rewrite ^/ting/(object|collection)/([^/?]+) /work/work-of:$2? permanent;
diff --git a/infrastructure/dpladm/env-repo-template/standard/lagoon/nginx.dockerfile b/infrastructure/dpladm/env-repo-template/standard/lagoon/nginx.dockerfile
index 26c6b9bb..3aca06b9 100644
--- a/infrastructure/dpladm/env-repo-template/standard/lagoon/nginx.dockerfile
+++ b/infrastructure/dpladm/env-repo-template/standard/lagoon/nginx.dockerfile
@@ -21,6 +21,10 @@ RUN fix-permissions /etc/nginx/conf.d/drupal/server_append_drupal_modules_local.
 COPY lagoon/conf/nginx/server_append_drupal_rewrite_registration.conf /etc/nginx/conf.d/drupal/server_append_drupal_rewrite_registration.conf
 RUN fix-permissions /etc/nginx/conf.d/drupal/server_append_drupal_rewrite_registration.conf
 
+COPY lagoon/conf/nginx/server_append_drupal_rewrite_legacy_search_works.conf /etc/nginx/conf.d/drupal/server_append_drupal_rewrite_legacy_search_works.conf
+RUN fix-permissions /etc/nginx/conf.d/drupal/server_append_drupal_rewrite_legacy_search_works.conf
+
+# Configuration targeted for non-local development.
 COPY lagoon/conf/nginx/metrics /app/web/_metrics
 COPY lagoon/conf/nginx/server_append_drupal_serve_metrics.conf /etc/nginx/conf.d/drupal/server_append_drupal_serve_metrics.conf
 RUN fix-permissions /etc/nginx/conf.d/drupal/server_append_drupal_serve_metrics.conf

From e0cf7a3a6ba5b8eaba3d9d6523a5fa8016192141 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 28 Aug 2024 10:41:33 +0200
Subject: [PATCH 272/341] roll out 35.1 on canary

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 51df88fe..7f70d4ac 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -16,7 +16,7 @@ sites:
     description: "A site to test new releases on"
     releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
     releaseImageName: dpl-cms-source
-    dpl-cms-release: "2024.33.0"
+    dpl-cms-release: "2024.35.1"
     plan: webmaster
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIhuA0K7CNvRoe+Xx7RaXG4+a8KcSpzuWn+G4sUPzNWx"
   cms-school:

From 446e2a47b64f7ecc50b6c9df185a5993ff175172 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 28 Aug 2024 10:56:56 +0200
Subject: [PATCH 273/341] add url's for gladsaxe

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 7f70d4ac..5962990c 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -248,6 +248,10 @@ sites:
     name: "Gladsaxe Bibliotekerne"
     description: "The library site for Gladsaxe"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICAQZr2pUtpsYarlI31+J/EXr3QHomuiG5TwQJDhquYF"
+    primary-domain: gladbib.dk
+    secondary-domains:
+      - www.gladbib.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   glostrup:
     name: "Glostrup Bibliotek"

From 729108bd6f88ab8d2390dfcde642190a3578da13 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 28 Aug 2024 10:58:44 +0200
Subject: [PATCH 274/341] =?UTF-8?q?add=20helsing=C3=B8rs=20urls?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 5962990c..e0bc8b21 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -313,6 +313,10 @@ sites:
     name: "Helsingør Kommunes Biblioteker"
     description: "The library site for Helsingør"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMjjzFRg91rY4Bsr1I8yxysk/aCk374S2rpgixONAP7a"
+    primary-domain: helsbib.dk
+    secondary-domains:
+      - www.helsbib.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   herlev:
     name: "Herlev Bibliotek"

From 4aea4b16b103735824f1b81bf00654ae2445b857 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 28 Aug 2024 11:01:14 +0200
Subject: [PATCH 275/341] =?UTF-8?q?add=20r=C3=B8dovre=20urls?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index e0bc8b21..153d5c83 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -642,6 +642,10 @@ sites:
     name: "Rødovre Bibliotek"
     description: "The library site for Rødovre"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOLyDhYdpnunBj8EZNR4fE6lN4vc/+RVVB5n2ei/40xt"
+    primary-domain: www.rdb.dk
+    secondary-domains:
+      - rdb.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   roskilde:
     name: "Roskilde Bibliotekerne"

From a722d90cad7d088a93452d66b7d7f3ded0264ba0 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 28 Aug 2024 11:03:42 +0200
Subject: [PATCH 276/341] =?UTF-8?q?add=20solr=C3=B8d=20urls?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 153d5c83..018d2802 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -705,6 +705,10 @@ sites:
     name: "Solrød Bibliotek og Kulturhus"
     description: "The library site for Solrød"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF1GwZ4r8QZ7Vebdqiz/mtkifrLU+ZSvlAJshdXjCh5J"
+    primary-domain: solbib.dk
+    secondary-domains:
+      - www.solbib.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   sonderborg:
     name: "Biblioteket Sønderborg"

From 2e967ee34f9bc1cc229c371cce84bacd8e6a3a5a Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 28 Aug 2024 11:06:12 +0200
Subject: [PATCH 277/341] add urls for albertslund

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 018d2802..6b59cf2a 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -78,6 +78,10 @@ sites:
     name: "Albertslund Bibliotek"
     description: "The library site for Albertslund"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOpbJ5Duz6d8xqIF6CMOGrJxkpcwwAeAmP2OPnuXwAQe"
+    primary-domain: albertslundbibliotek.dk
+    secondary-domains:
+      - www.albertslundbibliotek.dk
+    autogenerateRoutes: true
     plan: webmaster
     <<: *default-release-image-source
   allerod:

From 33605757d2bae85db1877250bd59d2206388c0ce Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 28 Aug 2024 11:07:30 +0200
Subject: [PATCH 278/341] add gribskovs urls

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 6b59cf2a..e501415f 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -280,6 +280,10 @@ sites:
     name: "Gribskov Biblioteker"
     description: "The library site for Gribskov"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIK40x6Y/UvhxDaW+McgqIeY2phSuuadNxuG/FGnSY70"
+    primary-domain: www.gribskovbib.dk
+    secondary-domains:
+      - gribskovbib.dk
+    autogenerateRoutes: true
     <<: *default-release-image-source
   guldborgsund:
     name: "Guldborgsund-bibliotekerne"

From f7139ed856115a6064790f6b94d15dbaaf71e5d8 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Thu, 8 Aug 2024 13:15:17 +0200
Subject: [PATCH 279/341] attempt to increase the deployment speed, which is
 gruelingly slow right now

---
 .../dplplat01/lagoon/lagoon-remote-values.template.yaml         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/lagoon/lagoon-remote-values.template.yaml b/infrastructure/environments/dplplat01/lagoon/lagoon-remote-values.template.yaml
index 4423f816..610610e0 100644
--- a/infrastructure/environments/dplplat01/lagoon/lagoon-remote-values.template.yaml
+++ b/infrastructure/environments/dplplat01/lagoon/lagoon-remote-values.template.yaml
@@ -8,7 +8,7 @@ lagoon-build-deploy:
     - "--harbor-username=admin"
     - "--harbor-password=$HARBOR_ADMIN_PASS"
     - "--enable-qos"
-    - "--qos-max-builds=5"
+    - "--qos-max-builds=10"
   rabbitMQUsername: "lagoon"
   rabbitMQPassword: "$RABBITMQ_PASS"
   rabbitMQHostname: "lagoon-core-broker.lagoon-core.svc.cluster.local"

From ae78de0be7619ca27fdb77def6d3f431dc2563b5 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Thu, 11 Jul 2024 14:29:37 +0200
Subject: [PATCH 280/341] support having different versions on WM's and
 standard libs

---
 infrastructure/dpladm/bin/sync-site.sh | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/infrastructure/dpladm/bin/sync-site.sh b/infrastructure/dpladm/bin/sync-site.sh
index 124afa5f..3cb7b8a9 100755
--- a/infrastructure/dpladm/bin/sync-site.sh
+++ b/infrastructure/dpladm/bin/sync-site.sh
@@ -34,6 +34,19 @@ function getSiteDplCmsRelease {
     return
 }
 
+
+function getWebmasterDplCmsRelease {
+    local wmRelease
+    wmRelease=$(yq eval ".sites.${1}.webmaster-cms-version" "${2}")
+    if [[ "${wmRelease}" == "null" ]]; then
+        echo ""
+        return
+    fi
+
+    echo "${wmRelease}"
+    return
+}
+
 function getSiteReleaseImageRepository {
     local repository
     repository=$(yq eval ".sites.${1}.releaseImageRepository" "${2}")

From b481ff19f5957e8ad77f33ca76af740dd1346db2 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Thu, 11 Jul 2024 22:43:58 +0200
Subject: [PATCH 281/341] move to customizable-canary and make it a string to
 match

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index e501415f..4b7d6e3f 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -38,6 +38,7 @@ sites:
     description: "Eksempel på bibliotek der kører på 'webmaster' plan, og derfor har et modultest-miljø"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILj8lXv7C/7s7te9sEpwcHQhgDWfzsCkAN7rqQ4sdTzk"
     plan: webmaster
+    webmaster-cms-version: "2024.27.1"
     <<: *default-release-image-source
   # Production sites
   aabenraa:
@@ -461,7 +462,6 @@ sites:
       - nginx.main.kobenhavn.dplplat01.dpl.reload.dk
       - varnish.main.kobenhavn.dplplat01.dpl.reload.dk
     plan: webmaster
-    webmaster-cms-version: 2024.27.1
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHaTkDvjLW/b2qVj8FIvtX9x3TxFFZTENn+w2CFELeoC"
     <<: *webmaster-release-image-source
   koge:

From 1c4a38df35a81f216d64a8b8e9f505d1acfe0989 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Mon, 19 Aug 2024 11:57:11 +0200
Subject: [PATCH 282/341] change to up to date version

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 4b7d6e3f..40087175 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -38,7 +38,7 @@ sites:
     description: "Eksempel på bibliotek der kører på 'webmaster' plan, og derfor har et modultest-miljø"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILj8lXv7C/7s7te9sEpwcHQhgDWfzsCkAN7rqQ4sdTzk"
     plan: webmaster
-    webmaster-cms-version: "2024.27.1"
+    webmaster-cms-version: "2024.32.1"
     <<: *default-release-image-source
   # Production sites
   aabenraa:

From 3eca527f6b3e15743093fcd2849123b775d80e14 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Mon, 19 Aug 2024 12:00:16 +0200
Subject: [PATCH 283/341] as requested

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 40087175..6812a10f 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -38,7 +38,7 @@ sites:
     description: "Eksempel på bibliotek der kører på 'webmaster' plan, og derfor har et modultest-miljø"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILj8lXv7C/7s7te9sEpwcHQhgDWfzsCkAN7rqQ4sdTzk"
     plan: webmaster
-    webmaster-cms-version: "2024.32.1"
+    moduletest-dpl-cms-release: "2024.32.1"
     <<: *default-release-image-source
   # Production sites
   aabenraa:

From 074a8131ef7ca0c93fedaa4fde75d9cb061ce6cd Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Mon, 19 Aug 2024 12:13:28 +0200
Subject: [PATCH 284/341] retest on canary and change the key to look for to
 the newly changed key-name

---
 infrastructure/dpladm/bin/sync-site.sh           | 2 +-
 infrastructure/environments/dplplat01/sites.yaml | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/infrastructure/dpladm/bin/sync-site.sh b/infrastructure/dpladm/bin/sync-site.sh
index 3cb7b8a9..2aa33bc7 100755
--- a/infrastructure/dpladm/bin/sync-site.sh
+++ b/infrastructure/dpladm/bin/sync-site.sh
@@ -37,7 +37,7 @@ function getSiteDplCmsRelease {
 
 function getWebmasterDplCmsRelease {
     local wmRelease
-    wmRelease=$(yq eval ".sites.${1}.webmaster-cms-version" "${2}")
+    wmRelease=$(yq eval ".sites.${1}.moduletest-dpl-cms-release" "${2}")
     if [[ "${wmRelease}" == "null" ]]; then
         echo ""
         return
diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 6812a10f..d4ccb003 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -18,6 +18,7 @@ sites:
     releaseImageName: dpl-cms-source
     dpl-cms-release: "2024.35.1"
     plan: webmaster
+    moduletest-dpl-cms-release: "2024.32.1"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIhuA0K7CNvRoe+Xx7RaXG4+a8KcSpzuWn+G4sUPzNWx"
   cms-school:
     name: "CMS-skole"

From 9ab4a8680e4028ee4c4b5c63680bf83b987e7e20 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Wed, 28 Aug 2024 14:23:20 +0200
Subject: [PATCH 285/341] improve the UX of the dplsh

---
 infrastructure/.dplsh.profile | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/infrastructure/.dplsh.profile b/infrastructure/.dplsh.profile
index 880d647b..7ddff82f 100644
--- a/infrastructure/.dplsh.profile
+++ b/infrastructure/.dplsh.profile
@@ -33,6 +33,15 @@ fi
 export DNSIMPLE_ACCOUNT="61014"
 
 export DPLPLAT_ENV="dplplat01"
+
+# Get bash completion and set the alias and set completion for the alias
+source <(kubectl completion bash)
+alias kc=kubectl
+complete -o default -F __start_kubectl kc
+
+# Give PS1 some color so it's eaiser to find
+export PS1='\[$(printf "\x1b[38;2;255;100;250m\]$(hostname):$(pwd)$ \[\x1b[0m")\]'
+
 echo
 echo "Environment is assumed to be 'dplplat01'"
 echo "If you want to operate another environment, run 'export DPLPLAT_ENV=<environment>'"

From 8826bcd3fb92edc8a6143771140172d9db89fdf6 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Thu, 29 Aug 2024 11:15:13 +0200
Subject: [PATCH 286/341] up default and webmaster releases to 35.1 but let 3
 libraries stay on 33

---
 .../environments/dplplat01/sites.yaml          | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index d4ccb003..25469492 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -2,11 +2,15 @@
 x-defaults: &default-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
-  dpl-cms-release: "2024.33.0"
+  dpl-cms-release: "2024.35.1"
 x-webmaster: &webmaster-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
-  dpl-cms-release: "2024.32.1"
+  dpl-cms-release: "2024.35.1"
+x-stay-on-33.1: &stay-on-33
+  releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
+  releaseImageName: dpl-cms-source
+  dpl-cms-release: "2024.33.0"
 sites:
   # Site objects are indexed by a unique key that must be a valid lagoon, and
   # github project name. That is, alphanumeric and dashes.
@@ -18,7 +22,7 @@ sites:
     releaseImageName: dpl-cms-source
     dpl-cms-release: "2024.35.1"
     plan: webmaster
-    moduletest-dpl-cms-release: "2024.32.1"
+    moduletest-dpl-cms-release: "2024.35.1"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIhuA0K7CNvRoe+Xx7RaXG4+a8KcSpzuWn+G4sUPzNWx"
   cms-school:
     name: "CMS-skole"
@@ -39,7 +43,7 @@ sites:
     description: "Eksempel på bibliotek der kører på 'webmaster' plan, og derfor har et modultest-miljø"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILj8lXv7C/7s7te9sEpwcHQhgDWfzsCkAN7rqQ4sdTzk"
     plan: webmaster
-    moduletest-dpl-cms-release: "2024.32.1"
+    moduletest-dpl-cms-release: "2024.35.1"
     <<: *default-release-image-source
   # Production sites
   aabenraa:
@@ -85,7 +89,7 @@ sites:
       - www.albertslundbibliotek.dk
     autogenerateRoutes: true
     plan: webmaster
-    <<: *default-release-image-source
+    <<: *stay-on-33
   allerod:
     name: "Allerød Biblioteker"
     description: "The library site for Allerød"
@@ -661,7 +665,7 @@ sites:
     description: "The library site for Roskilde"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPfCXTAe50+d/RUIu8JSctoCSzfJoEMtZ2OY0AUQdZgo"
     plan: webmaster
-    <<: *default-release-image-source
+    <<: *stay-on-33
   rudersdal:
     name: "Rudersdal Bibliotekerne"
     description: "The library site for Rudersdal"
@@ -691,7 +695,7 @@ sites:
       - www.silkeborgbib.dk
     autogenerateRoutes: true
     plan: webmaster
-    <<: *default-release-image-source
+    <<: *stay-on-33
   skanderborg:
     name: "Skanderborg Bibliotek"
     description: "The library site for Skanderborg"

From 6a767fede1ff4cebe403bc663e8552cc25c84340 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Thu, 29 Aug 2024 11:40:09 +0200
Subject: [PATCH 287/341] correct this to match the label

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 25469492..34a26665 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -7,7 +7,7 @@ x-webmaster: &webmaster-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
   dpl-cms-release: "2024.35.1"
-x-stay-on-33.1: &stay-on-33
+x-stay-on-33: &stay-on-33
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
   dpl-cms-release: "2024.33.0"

From f4ab6eaf83286d72abe5dbca18ca482ca7903277 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Fri, 30 Aug 2024 11:17:31 +0200
Subject: [PATCH 288/341] set resource request by type of deployment

---
 .../task/scripts/adjust-resource-requests.sh  | 20 ++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/infrastructure/task/scripts/adjust-resource-requests.sh b/infrastructure/task/scripts/adjust-resource-requests.sh
index 447b938d..d348518c 100755
--- a/infrastructure/task/scripts/adjust-resource-requests.sh
+++ b/infrastructure/task/scripts/adjust-resource-requests.sh
@@ -43,9 +43,27 @@ for NS in "${NAMESPACES[@]}"; do
   DEPLOYMENTS=("cli" "nginx" "varnish" "redis")
 
   # Desired memory request
-  MEMORY_REQUEST="150Mi"
+  VARNISH_MEMORY="1000Mi"
+  REDIS_MEMORY="100Mi"
+  NGINX_MEMORY="150Mi"
+  CLI_MEMORY="20Mi"
 
   for DEPLOYMENT in "${DEPLOYMENTS[@]}"; do
+    if [ "$DEPLOYMENT" = "cli" ]; then
+      MEMORY_REQUEST=$CLI_MEMORY
+      echo $MEMORY_REQUEST
+    fi
+    if [ "$DEPLOYMENT" = "nginx" ]; then
+      MEMORY_REQUEST=$NGINX_MEMORY
+      echo $MEMORY_REQUEST
+    fi
+    if [ "$DEPLOYMENT" = "redis" ]; then
+      MEMORY_REQUEST=$REDIS_MEMORY
+      echo $MEMORY_REQUEST
+    fi
+    if [ "$DEPLOYMENT" = "varnish" ]; then
+      MEMORY_REQUEST=$VARNISH_MEMORY
+    fi
     # Patch the deployments resource request
     kubectl patch deployments.apps -n "$NS" "$DEPLOYMENT" --type="json" -p='[
       {

From 7d73d07ff8e053f756611d626113c98743e71e49 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Fri, 30 Aug 2024 11:31:04 +0200
Subject: [PATCH 289/341] don't give pr envs more ressources

---
 infrastructure/task/scripts/adjust-resource-requests.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/infrastructure/task/scripts/adjust-resource-requests.sh b/infrastructure/task/scripts/adjust-resource-requests.sh
index d348518c..99f1beb7 100755
--- a/infrastructure/task/scripts/adjust-resource-requests.sh
+++ b/infrastructure/task/scripts/adjust-resource-requests.sh
@@ -38,6 +38,10 @@ for NS in "${NAMESPACES[@]}"; do
   if [[ " ${SYSTEM_NAMESPACES[*]} " =~ ${NS} ]]; then
     continue
   fi
+# We also dont want to adjust for DPL-CMS
+  if [[ "$NS" = *"dpl-cms"* ]]; then
+    continue
+  fi
   echo "##   $NS    ##"
   # Pod to be adjusted
   DEPLOYMENTS=("cli" "nginx" "varnish" "redis")

From 27b37601fd98399316e480c82772359109feb1f3 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Fri, 30 Aug 2024 13:58:12 +0200
Subject: [PATCH 290/341] try and have pr sites alloacted less resources

---
 .../task/scripts/adjust-resource-requests.sh  | 22 +++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/infrastructure/task/scripts/adjust-resource-requests.sh b/infrastructure/task/scripts/adjust-resource-requests.sh
index 99f1beb7..b73b8460 100755
--- a/infrastructure/task/scripts/adjust-resource-requests.sh
+++ b/infrastructure/task/scripts/adjust-resource-requests.sh
@@ -38,10 +38,6 @@ for NS in "${NAMESPACES[@]}"; do
   if [[ " ${SYSTEM_NAMESPACES[*]} " =~ ${NS} ]]; then
     continue
   fi
-# We also dont want to adjust for DPL-CMS
-  if [[ "$NS" = *"dpl-cms"* ]]; then
-    continue
-  fi
   echo "##   $NS    ##"
   # Pod to be adjusted
   DEPLOYMENTS=("cli" "nginx" "varnish" "redis")
@@ -68,6 +64,24 @@ for NS in "${NAMESPACES[@]}"; do
     if [ "$DEPLOYMENT" = "varnish" ]; then
       MEMORY_REQUEST=$VARNISH_MEMORY
     fi
+    # If the Namespace is DPL-CMS PR site set it lower
+    if [[ "$NS" = *"dpl-cms"* ]]; then
+      if [ "$DEPLOYMENT" = "cli" ]; then
+        MEMORY_REQUEST="20Mi"
+        echo $MEMORY_REQUEST
+      fi
+      if [ "$DEPLOYMENT" = "nginx" ]; then
+        MEMORY_REQUEST="80Mi"
+        echo $MEMORY_REQUEST
+      fi
+      if [ "$DEPLOYMENT" = "redis" ]; then
+        MEMORY_REQUEST="100Mi"
+        echo $MEMORY_REQUEST
+      fi
+      if [ "$DEPLOYMENT" = "varnish" ]; then
+        MEMORY_REQUEST="100Mi"
+      fi
+    fi
     # Patch the deployments resource request
     kubectl patch deployments.apps -n "$NS" "$DEPLOYMENT" --type="json" -p='[
       {

From 0a192396bd5d9f4f99d1379f524f200029e4e2d6 Mon Sep 17 00:00:00 2001
From: Thomas Fini Hansen <xen@xen.dk>
Date: Fri, 30 Aug 2024 15:26:03 +0200
Subject: [PATCH 291/341] Check that arguments is defined in syncEnvRepo

---
 .../dpladm/bin/dpladm-shared.source           | 25 +++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/infrastructure/dpladm/bin/dpladm-shared.source b/infrastructure/dpladm/bin/dpladm-shared.source
index 81c965b0..08ca37d4 100755
--- a/infrastructure/dpladm/bin/dpladm-shared.source
+++ b/infrastructure/dpladm/bin/dpladm-shared.source
@@ -176,6 +176,31 @@ function syncEnvRepo {
   local primaryDomain="${8:-}"
   local secondaryDomains="${9:-}"
 
+  if [[ -z $siteName ]]; then
+      echo "Missing site name"
+      exit 1
+  fi
+
+  if [[ -z $releaseTag ]]; then
+      echo "Missing release tag"
+      exit 1
+  fi
+
+  if [[ -z $branchName ]]; then
+      echo "Missing branch name"
+      exit 1
+  fi
+
+  if [[ -z $releaseImageRepository ]]; then
+      echo "Missing release image repository"
+      exit 1
+  fi
+
+  if [[ -z $releaseImageName ]]; then
+      echo "Missing release image name"
+      exit 1
+  fi
+
   # TODO, preflight checks that verifies this repository looks good to go.
   # makes most sense to do when we're doing more complicated things inside
   # the repository. At the very least we should verify that this actually

From 618b6786d46527642677894b3a1f8378db0884e7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Mon, 2 Sep 2024 17:55:49 +0200
Subject: [PATCH 292/341] Use force when deleting environments during cleanup

Otherwise the script will stop after deleting a single environment.

Using --force uses yes for interactive prompts and allows the
script to conntinue across all environments.
---
 infrastructure/task/scripts/cleanup-dev-envs.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/infrastructure/task/scripts/cleanup-dev-envs.sh b/infrastructure/task/scripts/cleanup-dev-envs.sh
index f555ed49..56253123 100755
--- a/infrastructure/task/scripts/cleanup-dev-envs.sh
+++ b/infrastructure/task/scripts/cleanup-dev-envs.sh
@@ -47,9 +47,9 @@ echo "$DEV_ENVS" | while read -r environment; do
     echo "PR #$PR_NUMBER is $PR_STATUS. Closing development environment: $ENV_NAME."
 
     if [ "$DRY_RUN" = true ]; then
-      echo "Dry-run: lagoon delete environment -p \"$LAGOON_PROJECT\" -e \"$ENV_NAME\""
+      echo "Dry-run: lagoon delete environment -p \"$LAGOON_PROJECT\" -e \"$ENV_NAME\" --force"
     else
-      lagoon delete environment -p "$LAGOON_PROJECT" -e "$ENV_NAME"
+      lagoon delete environment -p "$LAGOON_PROJECT" -e "$ENV_NAME" --force
     fi
   fi
 done;
\ No newline at end of file

From e93544f928676199fb35d166e2948e78afad4c9d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Tue, 3 Sep 2024 16:24:49 +0200
Subject: [PATCH 293/341] Deploy release 2024.36.0 to canary

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 34a26665..096dfb63 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -20,9 +20,9 @@ sites:
     description: "A site to test new releases on"
     releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
     releaseImageName: dpl-cms-source
-    dpl-cms-release: "2024.35.1"
+    dpl-cms-release: "2024.36.0"
     plan: webmaster
-    moduletest-dpl-cms-release: "2024.35.1"
+    moduletest-dpl-cms-release: "2024.36.0"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIhuA0K7CNvRoe+Xx7RaXG4+a8KcSpzuWn+G4sUPzNWx"
   cms-school:
     name: "CMS-skole"

From 106bdf2387e323331aaada88e8f39bce9eeeb600 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Asbj=C3=B8rn=20Dyhrberg=20Thegler?= <asbjoern@thegler.dk>
Date: Wed, 4 Sep 2024 11:27:34 +0200
Subject: [PATCH 294/341] =?UTF-8?q?Remove=20secondary=20domains=20from=20K?=
 =?UTF-8?q?=C3=B8ge=20bibliotek?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 infrastructure/environments/dplplat01/sites.yaml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 34a26665..c81cb482 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -476,8 +476,6 @@ sites:
     primary-domain: www.koegebib.dk
     secondary-domains:
       - koegebib.dk
-      - www.koegebibliotekerne.dk
-      - koegebibliotekerne.dk
     autogenerateRoutes: true
     <<: *default-release-image-source
   kolding:

From 9747c6a64b381c9b2cd4ebe4ac4244c8be0ad7a8 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Mon, 2 Sep 2024 12:36:33 +0200
Subject: [PATCH 295/341] set version for moduletest

---
 infrastructure/environments/dplplat01/sites.yaml | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index c81cb482..d81535fd 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -70,6 +70,7 @@ sites:
     description: "The library site for Aarhus"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFL+uMeEfsaHEzbNxOmBB8dX32OLo63CTomG8VZvuiN2"
     plan: webmaster
+    moduletest-dpl-cms-release: "2024.35.1"
     <<: *webmaster-release-image-source
   aero:
     name: "Ærø Folkebibliotek"
@@ -88,6 +89,7 @@ sites:
     secondary-domains:
       - www.albertslundbibliotek.dk
     autogenerateRoutes: true
+    moduletest-dpl-cms-release: "2024.35.1"
     plan: webmaster
     <<: *stay-on-33
   allerod:
@@ -113,6 +115,7 @@ sites:
       - www.bib.ballerup.dk
     autogenerateRoutes: true
     plan: webmaster
+    moduletest-dpl-cms-release: "2024.35.1"
     <<: *default-release-image-source
   billund:
     name: "Billund Bibliotekerne og Borgerservice"
@@ -196,6 +199,7 @@ sites:
       - "faxebibliotek.dk"
     autogenerateRoutes: true
     plan: webmaster
+    moduletest-dpl-cms-release: "2024.35.1"
     <<: *webmaster-release-image-source
   fredensborg:
     name: "Fredensborg Bibliotekerne"
@@ -350,6 +354,7 @@ sites:
       - herningbib.dk
     autogenerateRoutes: true
     plan: webmaster
+    moduletest-dpl-cms-release: "2024.35.1"
     <<: *webmaster-release-image-source
   hillerod:
     name: "Hillerød Bibliotekerne"
@@ -467,6 +472,7 @@ sites:
       - nginx.main.kobenhavn.dplplat01.dpl.reload.dk
       - varnish.main.kobenhavn.dplplat01.dpl.reload.dk
     plan: webmaster
+    moduletest-dpl-cms-release: "2024.35.1"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHaTkDvjLW/b2qVj8FIvtX9x3TxFFZTENn+w2CFELeoC"
     <<: *webmaster-release-image-source
   koge:
@@ -601,6 +607,7 @@ sites:
     description: "The library site for Odense"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQ6nngmgVZXTNpPzhMTvJyx4tUPjHxoLSNL/jJPaNQ0"
     plan: webmaster
+    moduletest-dpl-cms-release: "2024.35.1"
     <<: *default-release-image-source
   odsherred:
     name: "Odsherred Bibliotek og Kulturhuse"
@@ -663,7 +670,8 @@ sites:
     description: "The library site for Roskilde"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPfCXTAe50+d/RUIu8JSctoCSzfJoEMtZ2OY0AUQdZgo"
     plan: webmaster
-    <<: *stay-on-33
+    moduletest-dpl-cms-release: "2024.35.1"
+    <<: *default-release-image-source
   rudersdal:
     name: "Rudersdal Bibliotekerne"
     description: "The library site for Rudersdal"
@@ -693,7 +701,8 @@ sites:
       - www.silkeborgbib.dk
     autogenerateRoutes: true
     plan: webmaster
-    <<: *stay-on-33
+    moduletest-dpl-cms-release: "2024.35.1"
+    <<: *default-release-image-source
   skanderborg:
     name: "Skanderborg Bibliotek"
     description: "The library site for Skanderborg"
@@ -730,6 +739,7 @@ sites:
       - www.biblioteket.sonderborg.dk
     autogenerateRoutes: true
     plan: webmaster
+    moduletest-dpl-cms-release: "2024.35.1"
     <<: *default-release-image-source
   soro:
     name: "Sorø Bibliotek"
@@ -763,6 +773,7 @@ sites:
       - dcbib.dk
     autogenerateRoutes: true
     plan: webmaster
+    moduletest-dpl-cms-release: "2024.35.1"
     <<: *default-release-image-source
   svendborg:
     name: "Svendborg Bibliotek"
@@ -783,6 +794,7 @@ sites:
     description: "The library site for Tårnby"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF0F5bqQwdmAdMcDHVT8xxK0tOEGZYp21WIZ1zydr28O"
     plan: webmaster
+    moduletest-dpl-cms-release: "2024.35.1"
     primary-domain: taarnbybib.dk
     secondary-domains:
       - www.taarnbybib.dk

From e10748fb57349db1f48d873cbe75f72af024ab9e Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Thu, 5 Sep 2024 10:23:03 +0200
Subject: [PATCH 296/341] bump from 35.1 to 36.0

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 31d2402c..7aeec970 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -2,7 +2,7 @@
 x-defaults: &default-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
-  dpl-cms-release: "2024.35.1"
+  dpl-cms-release: "2024.36.0"
 x-webmaster: &webmaster-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source

From ad4765962d83b6ef58a30c60f5aa0486d7c2e3a2 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Thu, 5 Sep 2024 10:24:01 +0200
Subject: [PATCH 297/341] remove no longer needed release pointer

---
 infrastructure/environments/dplplat01/sites.yaml | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 7aeec970..5c4b2560 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -7,10 +7,6 @@ x-webmaster: &webmaster-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
   dpl-cms-release: "2024.35.1"
-x-stay-on-33: &stay-on-33
-  releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
-  releaseImageName: dpl-cms-source
-  dpl-cms-release: "2024.33.0"
 sites:
   # Site objects are indexed by a unique key that must be a valid lagoon, and
   # github project name. That is, alphanumeric and dashes.
@@ -91,7 +87,7 @@ sites:
     autogenerateRoutes: true
     moduletest-dpl-cms-release: "2024.35.1"
     plan: webmaster
-    <<: *stay-on-33
+    <<: *webmaster-release-image-source
   allerod:
     name: "Allerød Biblioteker"
     description: "The library site for Allerød"
@@ -671,7 +667,7 @@ sites:
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPfCXTAe50+d/RUIu8JSctoCSzfJoEMtZ2OY0AUQdZgo"
     plan: webmaster
     moduletest-dpl-cms-release: "2024.35.1"
-    <<: *default-release-image-source
+    <<: *webmaster-release-image-source
   rudersdal:
     name: "Rudersdal Bibliotekerne"
     description: "The library site for Rudersdal"

From 028079dd5301b15fb8574284ea97be935307a731 Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Thu, 5 Sep 2024 11:01:40 +0200
Subject: [PATCH 298/341] add the moduletest-dpl-cms-release to the webmaster
 anchor

---
 .../environments/dplplat01/sites.yaml         | 30 ++++++-------------
 1 file changed, 9 insertions(+), 21 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 5c4b2560..eccd2a09 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -7,6 +7,7 @@ x-webmaster: &webmaster-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
   dpl-cms-release: "2024.35.1"
+  moduletest-dpl-cms-release: "2024.36.0"
 sites:
   # Site objects are indexed by a unique key that must be a valid lagoon, and
   # github project name. That is, alphanumeric and dashes.
@@ -26,21 +27,20 @@ sites:
     importTranslationsCron: "0 * * * *"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6SzfPFf/XeLeqI342kxuJAlATpDMtgAfqlrLTTbW2m"
     plan: webmaster
-    <<: *default-release-image-source
+    <<: *webmaster-release-image-source
   bibliotek-test:
     name: "Bibliotekstest"
     description: "Et site hvor bibliotekerne kan teste"
     importTranslationsCron: "0 * * * *"
     plan: webmaster
     deploy_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHvhy79hHjLcQJCcMNwci1Q/P/O2LwD4IzBVfkmRGKom
-    <<: *default-release-image-source
+    <<: *webmaster-release-image-source
   customizable-canary:
     name: "Customizable bibliotek - eksempel"
     description: "Eksempel på bibliotek der kører på 'webmaster' plan, og derfor har et modultest-miljø"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILj8lXv7C/7s7te9sEpwcHQhgDWfzsCkAN7rqQ4sdTzk"
     plan: webmaster
-    moduletest-dpl-cms-release: "2024.35.1"
-    <<: *default-release-image-source
+    <<: *webmaster-release-image-source
   # Production sites
   aabenraa:
     name: "Aabenraa Biblioteker og Kulturhuse"
@@ -66,7 +66,6 @@ sites:
     description: "The library site for Aarhus"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFL+uMeEfsaHEzbNxOmBB8dX32OLo63CTomG8VZvuiN2"
     plan: webmaster
-    moduletest-dpl-cms-release: "2024.35.1"
     <<: *webmaster-release-image-source
   aero:
     name: "Ærø Folkebibliotek"
@@ -85,7 +84,6 @@ sites:
     secondary-domains:
       - www.albertslundbibliotek.dk
     autogenerateRoutes: true
-    moduletest-dpl-cms-release: "2024.35.1"
     plan: webmaster
     <<: *webmaster-release-image-source
   allerod:
@@ -111,8 +109,7 @@ sites:
       - www.bib.ballerup.dk
     autogenerateRoutes: true
     plan: webmaster
-    moduletest-dpl-cms-release: "2024.35.1"
-    <<: *default-release-image-source
+    <<: *webmaster-release-image-source
   billund:
     name: "Billund Bibliotekerne og Borgerservice"
     description: "The main library site for Billund"
@@ -195,7 +192,6 @@ sites:
       - "faxebibliotek.dk"
     autogenerateRoutes: true
     plan: webmaster
-    moduletest-dpl-cms-release: "2024.35.1"
     <<: *webmaster-release-image-source
   fredensborg:
     name: "Fredensborg Bibliotekerne"
@@ -350,7 +346,6 @@ sites:
       - herningbib.dk
     autogenerateRoutes: true
     plan: webmaster
-    moduletest-dpl-cms-release: "2024.35.1"
     <<: *webmaster-release-image-source
   hillerod:
     name: "Hillerød Bibliotekerne"
@@ -468,7 +463,6 @@ sites:
       - nginx.main.kobenhavn.dplplat01.dpl.reload.dk
       - varnish.main.kobenhavn.dplplat01.dpl.reload.dk
     plan: webmaster
-    moduletest-dpl-cms-release: "2024.35.1"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHaTkDvjLW/b2qVj8FIvtX9x3TxFFZTENn+w2CFELeoC"
     <<: *webmaster-release-image-source
   koge:
@@ -603,8 +597,7 @@ sites:
     description: "The library site for Odense"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQ6nngmgVZXTNpPzhMTvJyx4tUPjHxoLSNL/jJPaNQ0"
     plan: webmaster
-    moduletest-dpl-cms-release: "2024.35.1"
-    <<: *default-release-image-source
+    <<: *webmaster-release-image-source
   odsherred:
     name: "Odsherred Bibliotek og Kulturhuse"
     description: "The library site for Odsherred"
@@ -666,7 +659,6 @@ sites:
     description: "The library site for Roskilde"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPfCXTAe50+d/RUIu8JSctoCSzfJoEMtZ2OY0AUQdZgo"
     plan: webmaster
-    moduletest-dpl-cms-release: "2024.35.1"
     <<: *webmaster-release-image-source
   rudersdal:
     name: "Rudersdal Bibliotekerne"
@@ -697,8 +689,7 @@ sites:
       - www.silkeborgbib.dk
     autogenerateRoutes: true
     plan: webmaster
-    moduletest-dpl-cms-release: "2024.35.1"
-    <<: *default-release-image-source
+    <<: *webmaster-release-image-source
   skanderborg:
     name: "Skanderborg Bibliotek"
     description: "The library site for Skanderborg"
@@ -735,8 +726,7 @@ sites:
       - www.biblioteket.sonderborg.dk
     autogenerateRoutes: true
     plan: webmaster
-    moduletest-dpl-cms-release: "2024.35.1"
-    <<: *default-release-image-source
+    <<: *webmaster-release-image-source
   soro:
     name: "Sorø Bibliotek"
     description: "The library site for Sorø"
@@ -769,8 +759,7 @@ sites:
       - dcbib.dk
     autogenerateRoutes: true
     plan: webmaster
-    moduletest-dpl-cms-release: "2024.35.1"
-    <<: *default-release-image-source
+    <<: *webmaster-release-image-source
   svendborg:
     name: "Svendborg Bibliotek"
     description: "The library site for Svendborg"
@@ -790,7 +779,6 @@ sites:
     description: "The library site for Tårnby"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF0F5bqQwdmAdMcDHVT8xxK0tOEGZYp21WIZ1zydr28O"
     plan: webmaster
-    moduletest-dpl-cms-release: "2024.35.1"
     primary-domain: taarnbybib.dk
     secondary-domains:
       - www.taarnbybib.dk

From f5fed8976d503ebf603fd7a38c6603a429b83a86 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Tue, 10 Sep 2024 22:27:01 +0200
Subject: [PATCH 299/341] Deploy 2024.37.0 to Canary

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index eccd2a09..0a01a54c 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -17,9 +17,9 @@ sites:
     description: "A site to test new releases on"
     releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
     releaseImageName: dpl-cms-source
-    dpl-cms-release: "2024.36.0"
+    dpl-cms-release: "2024.37.0"
     plan: webmaster
-    moduletest-dpl-cms-release: "2024.36.0"
+    moduletest-dpl-cms-release: "2024.37.0"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIhuA0K7CNvRoe+Xx7RaXG4+a8KcSpzuWn+G4sUPzNWx"
   cms-school:
     name: "CMS-skole"

From 89eee55be90f6bcd788be46ecf67e70d93d160fe Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Mon, 19 Aug 2024 12:27:39 +0200
Subject: [PATCH 300/341] add a staging site for the DDF people to test on and
 give canary back to developers and operators

---
 infrastructure/environments/dplplat01/sites.yaml | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index eccd2a09..208701d8 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -14,13 +14,21 @@ sites:
   # Testing and instructional sites
   canary:
     name: "Canary"
-    description: "A site to test new releases on"
+    description: "A site for developers and operators to test on"
     releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
     releaseImageName: dpl-cms-source
     dpl-cms-release: "2024.36.0"
     plan: webmaster
     moduletest-dpl-cms-release: "2024.36.0"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIhuA0K7CNvRoe+Xx7RaXG4+a8KcSpzuWn+G4sUPzNWx"
+  staging:
+    name: "Staging"
+    description: "A site to test new releases on"
+    releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
+    releaseImageName: dpl-cms-source
+    dpl-cms-release: "2024.33.0"
+    plan: webmaster
+    deploy_key:
   cms-school:
     name: "CMS-skole"
     description: "Et site til undervisning i CMSet"

From efb45adff01d2a9a3f6ccac8199135f310593ffe Mon Sep 17 00:00:00 2001
From: Philip <philip@deranged.dk>
Date: Tue, 10 Sep 2024 15:26:18 +0200
Subject: [PATCH 301/341] add deploykey and clean up site props

---
 infrastructure/environments/dplplat01/sites.yaml | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 208701d8..87db1e7c 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -24,11 +24,9 @@ sites:
   staging:
     name: "Staging"
     description: "A site to test new releases on"
-    releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
-    releaseImageName: dpl-cms-source
-    dpl-cms-release: "2024.33.0"
+    deploy_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBLUrrxfwsfwz4nkn/WCbMUbLHkTFvyYB2uusHLA7NlH
     plan: webmaster
-    deploy_key:
+    <<: *webmaster-release-image-source
   cms-school:
     name: "CMS-skole"
     description: "Et site til undervisning i CMSet"

From eec62e7f52138650ad5cf96ab1e60d0908a1c8a1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Asbj=C3=B8rn=20Dyhrberg=20Thegler?= <asbjoern@thegler.dk>
Date: Tue, 10 Sep 2024 20:35:56 +0200
Subject: [PATCH 302/341] Add script to promote namespaced workloads to
 production nodes

---
 .../promote-workloads-to-prod-nodes.sh        | 27 +++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100755 infrastructure/task/scripts/promote-workloads-to-prod-nodes.sh

diff --git a/infrastructure/task/scripts/promote-workloads-to-prod-nodes.sh b/infrastructure/task/scripts/promote-workloads-to-prod-nodes.sh
new file mode 100755
index 00000000..9f07439e
--- /dev/null
+++ b/infrastructure/task/scripts/promote-workloads-to-prod-nodes.sh
@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+#
+# Lagoon doesn't allow us to set tolerations on our workloads, so we set them
+# manually with this script. During adoption of the production-only nodes, we
+# can gradually promote workloads to the production nodes by adding them to the
+# below list of namespaces.
+
+PROMOTED_NAMESPACES=("canary-main")
+
+DEPLOYMENTS=("cli" "nginx" "varnish" "redis")
+
+NAMESPACES_RAW=$(kubectl get ns -o jsonpath='{.items[*].metadata.name}')
+# shellcheck disable=SC2206
+NAMESPACES=($NAMESPACES_RAW)
+
+echo "Patching tolerations on all promoted namespace workloads to schedule on production nodes"
+for NS in "${NAMESPACES[@]}"; do
+
+  # Only patch promoted namespaces
+  if [[ " ${PROMOTED_NAMESPACES[*]} " =~ ${NS} ]]; then
+    echo "## Namespace: $NS"
+
+    for DEPLOYMENT in "${DEPLOYMENTS[@]}"; do
+      kubectl patch deployments.apps -n "$NS" "$DEPLOYMENT" -p '{"spec": {"template": {"spec": {"tolerations": [{ "key": "noderole.dplplatform", "operator": "Equal", "value": "prod", "effect": "NoSchedule" }]}}}}'
+    done
+  fi
+done

From 7954648de578e9940b6cd12cbc5efe2aecbfba0b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Asbj=C3=B8rn=20Dyhrberg=20Thegler?= <asbjoern@thegler.dk>
Date: Wed, 11 Sep 2024 17:01:46 +0200
Subject: [PATCH 303/341] Add required affinity to promoted sites

---
 .../promote-workloads-to-prod-nodes.sh        | 34 ++++++++++++++++++-
 1 file changed, 33 insertions(+), 1 deletion(-)

diff --git a/infrastructure/task/scripts/promote-workloads-to-prod-nodes.sh b/infrastructure/task/scripts/promote-workloads-to-prod-nodes.sh
index 9f07439e..d74a8850 100755
--- a/infrastructure/task/scripts/promote-workloads-to-prod-nodes.sh
+++ b/infrastructure/task/scripts/promote-workloads-to-prod-nodes.sh
@@ -21,7 +21,39 @@ for NS in "${NAMESPACES[@]}"; do
     echo "## Namespace: $NS"
 
     for DEPLOYMENT in "${DEPLOYMENTS[@]}"; do
-      kubectl patch deployments.apps -n "$NS" "$DEPLOYMENT" -p '{"spec": {"template": {"spec": {"tolerations": [{ "key": "noderole.dplplatform", "operator": "Equal", "value": "prod", "effect": "NoSchedule" }]}}}}'
+      kubectl patch deployments.apps -n "$NS" "$DEPLOYMENT" -p '{
+        "spec": {
+          "template": {
+            "spec": {
+              "tolerations": [
+                {
+                  "key": "noderole.dplplatform",
+                  "operator": "Equal",
+                  "value": "prod",
+                  "effect": "NoSchedule"
+                }
+              ],
+              "affinity": {
+                "nodeAffinity": {
+                  "requiredDuringSchedulingIgnoredDuringExecution": {
+                    "nodeSelectorTerms": [
+                      {
+                        "matchExpressions": [
+                          {
+                            "key": "noderole.dplplatform",
+                            "operator": "In",
+                            "values": [ "prod" ]
+                          }
+                        ]
+                      }
+                    ]
+                  }
+                }
+              }
+            }
+          }
+        }
+      }'
     done
   fi
 done

From 606ca7270b46af76153273f5986068f94b8a2b53 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Asbj=C3=B8rn=20Dyhrberg=20Thegler?= <asbjoern@thegler.dk>
Date: Wed, 11 Sep 2024 17:02:00 +0200
Subject: [PATCH 304/341] Add missing echo

---
 infrastructure/task/scripts/adjust-resource-requests.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/infrastructure/task/scripts/adjust-resource-requests.sh b/infrastructure/task/scripts/adjust-resource-requests.sh
index b73b8460..55d828be 100755
--- a/infrastructure/task/scripts/adjust-resource-requests.sh
+++ b/infrastructure/task/scripts/adjust-resource-requests.sh
@@ -63,6 +63,7 @@ for NS in "${NAMESPACES[@]}"; do
     fi
     if [ "$DEPLOYMENT" = "varnish" ]; then
       MEMORY_REQUEST=$VARNISH_MEMORY
+      echo $MEMORY_REQUEST
     fi
     # If the Namespace is DPL-CMS PR site set it lower
     if [[ "$NS" = *"dpl-cms"* ]]; then
@@ -80,6 +81,7 @@ for NS in "${NAMESPACES[@]}"; do
       fi
       if [ "$DEPLOYMENT" = "varnish" ]; then
         MEMORY_REQUEST="100Mi"
+        echo $MEMORY_REQUEST
       fi
     fi
     # Patch the deployments resource request

From 118c25d0777c67029203c5f147e61af4dc457a05 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Asbj=C3=B8rn=20Dyhrberg=20Thegler?= <asbjoern@thegler.dk>
Date: Wed, 11 Sep 2024 17:03:30 +0200
Subject: [PATCH 305/341] Add convenience script

---
 .../task/scripts/delete-all-completed-pods.sh | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100755 infrastructure/task/scripts/delete-all-completed-pods.sh

diff --git a/infrastructure/task/scripts/delete-all-completed-pods.sh b/infrastructure/task/scripts/delete-all-completed-pods.sh
new file mode 100755
index 00000000..68ec6b1e
--- /dev/null
+++ b/infrastructure/task/scripts/delete-all-completed-pods.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+#
+# This script finds and deletes all pods that are in a "Completed" state.
+# This is harmless as completed pods are never doing any work, and mostly exist
+# to allow state inspection. It is, however, nice to be able to get a good
+# overview of relevant pods when working directly with the Kubernetes API.
+
+
+NAMESPACES=$(kubectl get ns --no-headers | awk '{print $1}')
+
+echo "Deleting completed pods in all namespaces"
+for NS in $NAMESPACES; do
+  echo "## Namespace: $NS"
+
+  COMPLETED_PODS=$(kubectl get pods -n "$NS" --no-headers | grep Completed | awk '{print $1}')
+  for POD in $COMPLETED_PODS; do
+    echo "¤¤ Pod: $POD";
+    kubectl delete pod -n "$NS" "$POD" --wait=false
+  done
+done

From e2eb8d82b982e47da368044400cbbe47008052be Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Asbj=C3=B8rn=20Dyhrberg=20Thegler?= <asbjoern@thegler.dk>
Date: Wed, 11 Sep 2024 17:14:27 +0200
Subject: [PATCH 306/341] Increase varnish memory requests

---
 infrastructure/task/scripts/adjust-resource-requests.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/task/scripts/adjust-resource-requests.sh b/infrastructure/task/scripts/adjust-resource-requests.sh
index 55d828be..dbb167a0 100755
--- a/infrastructure/task/scripts/adjust-resource-requests.sh
+++ b/infrastructure/task/scripts/adjust-resource-requests.sh
@@ -43,7 +43,7 @@ for NS in "${NAMESPACES[@]}"; do
   DEPLOYMENTS=("cli" "nginx" "varnish" "redis")
 
   # Desired memory request
-  VARNISH_MEMORY="1000Mi"
+  VARNISH_MEMORY="1500Mi"
   REDIS_MEMORY="100Mi"
   NGINX_MEMORY="150Mi"
   CLI_MEMORY="20Mi"

From 8d36fb14973a4a44e98bca859ceb9b9904dcc1fa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Asbj=C3=B8rn=20Dyhrberg=20Thegler?= <asbjoern@thegler.dk>
Date: Wed, 11 Sep 2024 17:14:52 +0200
Subject: [PATCH 307/341] Add promoted sites

---
 .../promote-workloads-to-prod-nodes.sh        | 32 ++++++++++++++++++-
 1 file changed, 31 insertions(+), 1 deletion(-)

diff --git a/infrastructure/task/scripts/promote-workloads-to-prod-nodes.sh b/infrastructure/task/scripts/promote-workloads-to-prod-nodes.sh
index d74a8850..9ac73063 100755
--- a/infrastructure/task/scripts/promote-workloads-to-prod-nodes.sh
+++ b/infrastructure/task/scripts/promote-workloads-to-prod-nodes.sh
@@ -5,7 +5,37 @@
 # can gradually promote workloads to the production nodes by adding them to the
 # below list of namespaces.
 
-PROMOTED_NAMESPACES=("canary-main")
+PROMOTED_NAMESPACES=(
+  "aabenraa-main"
+  "aalborg-main"
+  "aalborg-moduletest"
+  "aarhus-main"
+  "aarhus-moduletest"
+  "aero-main"
+  "albertslund-main"
+  "albertslund-moduletest"
+  "allerod-main"
+  "assens-main"
+  "ballerup-main"
+  "ballerup-moduletest"
+  "bibliotek-test-main"
+  "bibliotek-test-moduletest"
+  "billund-main"
+  "bornholm-main"
+  "brondby-main"
+  "bronderslev-main"
+  "canary-main"
+  "canary-moduletest"
+  "cms-school-main"
+  "cms-school-moduletest"
+  "customizable-canary-main"
+  "customizable-canary-moduletest"
+  "dragor-main"
+  "egedal-main"
+  "esbjerg-main"
+  "faaborg-midtfyn-main"
+  "favrskov-main"
+)
 
 DEPLOYMENTS=("cli" "nginx" "varnish" "redis")
 

From f3a8bbb93e3535eccc077f2231488f068c90a0bb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Asbj=C3=B8rn=20Dyhrberg=20Thegler?= <asbjoern@thegler.dk>
Date: Wed, 11 Sep 2024 17:15:36 +0200
Subject: [PATCH 308/341] add non-promoted sites

---
 .../promote-workloads-to-prod-nodes.sh        | 89 +++++++++++++++++++
 1 file changed, 89 insertions(+)

diff --git a/infrastructure/task/scripts/promote-workloads-to-prod-nodes.sh b/infrastructure/task/scripts/promote-workloads-to-prod-nodes.sh
index 9ac73063..f221742b 100755
--- a/infrastructure/task/scripts/promote-workloads-to-prod-nodes.sh
+++ b/infrastructure/task/scripts/promote-workloads-to-prod-nodes.sh
@@ -35,6 +35,95 @@ PROMOTED_NAMESPACES=(
   "esbjerg-main"
   "faaborg-midtfyn-main"
   "favrskov-main"
+  # "faxe-main"
+  # "faxe-moduletest"
+  # "fredensborg-main"
+  # "fredericia-main"
+  # "frederiksberg-main"
+  # "frederikshavn-main"
+  # "frederikssund-main"
+  # "fureso-main"
+  # "gentofte-main"
+  # "gladsaxe-main"
+  # "glostrup-main"
+  # "greve-main"
+  # "gribskov-main"
+  # "guldborgsund-main"
+  # "haderslev-main"
+  # "halsnaes-main"
+  # "hedensted-main"
+  # "helsingor-main"
+  # "herlev-main"
+  # "herning-main"
+  # "herning-moduletest"
+  # "hillerod-main"
+  # "hjorring-main"
+  # "hoje-taastrup-main"
+  # "holbaek-main"
+  # "holstebro-main"
+  # "horsens-main"
+  # "horsholm-main"
+  # "hvidovre-main"
+  # "ikast-brande-main"
+  # "ishoj-main"
+  # "jammerbugt-main"
+  # "kalundborg-main"
+  # "kerteminde-main"
+  # "kobenhavn-main"
+  # "kobenhavn-moduletest"
+  # "koge-main"
+  # "kolding-main"
+  # "laeso-main"
+  # "langeland-main"
+  # "lejre-main"
+  # "lolland-main"
+  # "lyngby-taarbaek-main"
+  # "mariagerfjord-main"
+  # "middelfart-main"
+  # "morso-main"
+  # "naestved-main"
+  # "norddjurs-main"
+  # "nordfyn-main"
+  # "nyborg-main"
+  # "odder-main"
+  # "odense-main"
+  # "odense-moduletest"
+  # "odsherred-main"
+  # "randers-main"
+  # "rebild-main"
+  # "ringkobing-skjern-main"
+  # "ringsted-main"
+  # "rodovre-main"
+  # "roskilde-main"
+  # "roskilde-moduletest"
+  # "rudersdal-main"
+  # "samso-main"
+  # "silkeborg-main"
+  # "silkeborg-moduletest"
+  # "skanderborg-main"
+  # "skive-main"
+  # "solrod-main"
+  # "sonderborg-main"
+  # "sonderborg-moduletest"
+  # "soro-main"
+  # "staging-main"
+  # "staging-moduletest"
+  # "stevns-main"
+  # "struer-main"
+  # "svendborg-main"
+  # "syddjurs-main"
+  # "sydslesvig-main"
+  # "sydslesvig-moduletest"
+  # "taarnby-main"
+  # "taarnby-moduletest"
+  # "thisted-main"
+  # "vallensbaek-main"
+  # "varde-main"
+  # "vejen-main"
+  # "vejle-main"
+  # "vesthimmerland-main"
+  # "viborg-main"
+  # "vordingborg-main"
 )
 
 DEPLOYMENTS=("cli" "nginx" "varnish" "redis")

From e7516b2c708580da39f1f58653af2ff00b6c1192 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Thu, 12 Sep 2024 10:30:09 +0200
Subject: [PATCH 309/341] Release 2024.37.0 to moduletest sites for webmaster
 and main sites for others

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 001630df..3237021e 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -2,12 +2,12 @@
 x-defaults: &default-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
-  dpl-cms-release: "2024.36.0"
+  dpl-cms-release: "2024.37.0"
 x-webmaster: &webmaster-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
   dpl-cms-release: "2024.35.1"
-  moduletest-dpl-cms-release: "2024.36.0"
+  moduletest-dpl-cms-release: "2024.37.0"
 sites:
   # Site objects are indexed by a unique key that must be a valid lagoon, and
   # github project name. That is, alphanumeric and dashes.

From e8da493acb2bfd0836c9cb61beeaa0bc8eab5978 Mon Sep 17 00:00:00 2001
From: Niels Abildgaard <niels@deranged.dk>
Date: Thu, 12 Sep 2024 13:45:03 +0200
Subject: [PATCH 310/341] Add tasks for the new cluster scripts

task cluster:{delete-all-completed-pods,promote-workloads-to-prod} added
---
 infrastructure/Taskfile.yml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/infrastructure/Taskfile.yml b/infrastructure/Taskfile.yml
index 23fe00d1..89de6410 100644
--- a/infrastructure/Taskfile.yml
+++ b/infrastructure/Taskfile.yml
@@ -211,6 +211,18 @@ tasks:
       cmds:
         - task/scripts/adjust-resource-requests.sh
 
+    cluster:delete-all-completed-pods:
+      deps: [cluster:auth, lagoon:cli:config]
+      desc: "Deletes all pods in completed state to clear room on nodes"
+      cmds:
+        - task/scripts/delete-all-completed-pods.sh
+
+    cluster:promote-workloads-to-prod:
+      deps: [cluster:auth, lagoon:cli:config]
+      desc: "Promotes selected workloads to production node pool"
+      cmds:
+        - task/scripts/promote-workloads-to-prod-nodes.sh
+
     support:provision:cert-manager:
       deps: [cluster:auth]
       summary: Set the DIFF environment variable to any value to switch to diffing instead of an actual upgrade.

From 988df7a171a6165c3444f49c0ee1f44bc294df05 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Asbj=C3=B8rn=20Dyhrberg=20Thegler?= <asbjoern@thegler.dk>
Date: Tue, 17 Sep 2024 14:06:38 +0200
Subject: [PATCH 311/341] Add more sites to production nodes

---
 .../promote-workloads-to-prod-nodes.sh        | 62 +++++++++----------
 1 file changed, 31 insertions(+), 31 deletions(-)

diff --git a/infrastructure/task/scripts/promote-workloads-to-prod-nodes.sh b/infrastructure/task/scripts/promote-workloads-to-prod-nodes.sh
index f221742b..615623a2 100755
--- a/infrastructure/task/scripts/promote-workloads-to-prod-nodes.sh
+++ b/infrastructure/task/scripts/promote-workloads-to-prod-nodes.sh
@@ -35,37 +35,37 @@ PROMOTED_NAMESPACES=(
   "esbjerg-main"
   "faaborg-midtfyn-main"
   "favrskov-main"
-  # "faxe-main"
-  # "faxe-moduletest"
-  # "fredensborg-main"
-  # "fredericia-main"
-  # "frederiksberg-main"
-  # "frederikshavn-main"
-  # "frederikssund-main"
-  # "fureso-main"
-  # "gentofte-main"
-  # "gladsaxe-main"
-  # "glostrup-main"
-  # "greve-main"
-  # "gribskov-main"
-  # "guldborgsund-main"
-  # "haderslev-main"
-  # "halsnaes-main"
-  # "hedensted-main"
-  # "helsingor-main"
-  # "herlev-main"
-  # "herning-main"
-  # "herning-moduletest"
-  # "hillerod-main"
-  # "hjorring-main"
-  # "hoje-taastrup-main"
-  # "holbaek-main"
-  # "holstebro-main"
-  # "horsens-main"
-  # "horsholm-main"
-  # "hvidovre-main"
-  # "ikast-brande-main"
-  # "ishoj-main"
+  "faxe-main"
+  "faxe-moduletest"
+  "fredensborg-main"
+  "fredericia-main"
+  "frederiksberg-main"
+  "frederikshavn-main"
+  "frederikssund-main"
+  "fureso-main"
+  "gentofte-main"
+  "gladsaxe-main"
+  "glostrup-main"
+  "greve-main"
+  "gribskov-main"
+  "guldborgsund-main"
+  "haderslev-main"
+  "halsnaes-main"
+  "hedensted-main"
+  "helsingor-main"
+  "herlev-main"
+  "herning-main"
+  "herning-moduletest"
+  "hillerod-main"
+  "hjorring-main"
+  "hoje-taastrup-main"
+  "holbaek-main"
+  "holstebro-main"
+  "horsens-main"
+  "horsholm-main"
+  "hvidovre-main"
+  "ikast-brande-main"
+  "ishoj-main"
   # "jammerbugt-main"
   # "kalundborg-main"
   # "kerteminde-main"

From 568f5ecc53a8c9d4b59d55c0699f518ae339a09e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Tue, 17 Sep 2024 21:40:41 +0200
Subject: [PATCH 312/341] Deploy release 2024.38.0 on Canary

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 3237021e..f480e1b0 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -17,9 +17,9 @@ sites:
     description: "A site for developers and operators to test on"
     releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
     releaseImageName: dpl-cms-source
-    dpl-cms-release: "2024.37.0"
+    dpl-cms-release: "2024.38.0"
     plan: webmaster
-    moduletest-dpl-cms-release: "2024.37.0"
+    moduletest-dpl-cms-release: "2024.38.0"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIhuA0K7CNvRoe+Xx7RaXG4+a8KcSpzuWn+G4sUPzNWx"
   staging:
     name: "Staging"

From 8aa9e6aa9d7e3de29dfd7e19c71e4d5e149963f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Tue, 17 Sep 2024 22:45:14 +0200
Subject: [PATCH 313/341] Deploy release 2024.38.1 to Canary

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index f480e1b0..dbd226a0 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -17,9 +17,9 @@ sites:
     description: "A site for developers and operators to test on"
     releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
     releaseImageName: dpl-cms-source
-    dpl-cms-release: "2024.38.0"
+    dpl-cms-release: "2024.38.1"
     plan: webmaster
-    moduletest-dpl-cms-release: "2024.38.0"
+    moduletest-dpl-cms-release: "2024.38.1"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIhuA0K7CNvRoe+Xx7RaXG4+a8KcSpzuWn+G4sUPzNWx"
   staging:
     name: "Staging"

From 74c117d9d973caaa22dad44b6943a14ffc71eac6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Asbj=C3=B8rn=20Dyhrberg=20Thegler?= <asbjoern@thegler.dk>
Date: Wed, 18 Sep 2024 10:51:17 +0200
Subject: [PATCH 314/341] Promote more sites to production

---
 .../promote-workloads-to-prod-nodes.sh        | 58 +++++++++----------
 1 file changed, 29 insertions(+), 29 deletions(-)

diff --git a/infrastructure/task/scripts/promote-workloads-to-prod-nodes.sh b/infrastructure/task/scripts/promote-workloads-to-prod-nodes.sh
index 615623a2..71bdf224 100755
--- a/infrastructure/task/scripts/promote-workloads-to-prod-nodes.sh
+++ b/infrastructure/task/scripts/promote-workloads-to-prod-nodes.sh
@@ -66,35 +66,35 @@ PROMOTED_NAMESPACES=(
   "hvidovre-main"
   "ikast-brande-main"
   "ishoj-main"
-  # "jammerbugt-main"
-  # "kalundborg-main"
-  # "kerteminde-main"
-  # "kobenhavn-main"
-  # "kobenhavn-moduletest"
-  # "koge-main"
-  # "kolding-main"
-  # "laeso-main"
-  # "langeland-main"
-  # "lejre-main"
-  # "lolland-main"
-  # "lyngby-taarbaek-main"
-  # "mariagerfjord-main"
-  # "middelfart-main"
-  # "morso-main"
-  # "naestved-main"
-  # "norddjurs-main"
-  # "nordfyn-main"
-  # "nyborg-main"
-  # "odder-main"
-  # "odense-main"
-  # "odense-moduletest"
-  # "odsherred-main"
-  # "randers-main"
-  # "rebild-main"
-  # "ringkobing-skjern-main"
-  # "ringsted-main"
-  # "rodovre-main"
-  # "roskilde-main"
+  "jammerbugt-main"
+  "kalundborg-main"
+  "kerteminde-main"
+  "kobenhavn-main"
+  "kobenhavn-moduletest"
+  "koge-main"
+  "kolding-main"
+  "laeso-main"
+  "langeland-main"
+  "lejre-main"
+  "lolland-main"
+  "lyngby-taarbaek-main"
+  "mariagerfjord-main"
+  "middelfart-main"
+  "morso-main"
+  "naestved-main"
+  "norddjurs-main"
+  "nordfyn-main"
+  "nyborg-main"
+  "odder-main"
+  "odense-main"
+  "odense-moduletest"
+  "odsherred-main"
+  "randers-main"
+  "rebild-main"
+  "ringkobing-skjern-main"
+  "ringsted-main"
+  "rodovre-main"
+  "roskilde-main"
   # "roskilde-moduletest"
   # "rudersdal-main"
   # "samso-main"

From db76197208ee49760186b2c278d112fe727530cf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Asbj=C3=B8rn=20Dyhrberg=20Thegler?= <asbjoern@thegler.dk>
Date: Wed, 18 Sep 2024 13:34:07 +0200
Subject: [PATCH 315/341] Promote all sites to production nodes

---
 .../promote-workloads-to-prod-nodes.sh        | 58 +++++++++----------
 1 file changed, 29 insertions(+), 29 deletions(-)

diff --git a/infrastructure/task/scripts/promote-workloads-to-prod-nodes.sh b/infrastructure/task/scripts/promote-workloads-to-prod-nodes.sh
index 71bdf224..096fd5a0 100755
--- a/infrastructure/task/scripts/promote-workloads-to-prod-nodes.sh
+++ b/infrastructure/task/scripts/promote-workloads-to-prod-nodes.sh
@@ -95,35 +95,35 @@ PROMOTED_NAMESPACES=(
   "ringsted-main"
   "rodovre-main"
   "roskilde-main"
-  # "roskilde-moduletest"
-  # "rudersdal-main"
-  # "samso-main"
-  # "silkeborg-main"
-  # "silkeborg-moduletest"
-  # "skanderborg-main"
-  # "skive-main"
-  # "solrod-main"
-  # "sonderborg-main"
-  # "sonderborg-moduletest"
-  # "soro-main"
-  # "staging-main"
-  # "staging-moduletest"
-  # "stevns-main"
-  # "struer-main"
-  # "svendborg-main"
-  # "syddjurs-main"
-  # "sydslesvig-main"
-  # "sydslesvig-moduletest"
-  # "taarnby-main"
-  # "taarnby-moduletest"
-  # "thisted-main"
-  # "vallensbaek-main"
-  # "varde-main"
-  # "vejen-main"
-  # "vejle-main"
-  # "vesthimmerland-main"
-  # "viborg-main"
-  # "vordingborg-main"
+  "roskilde-moduletest"
+  "rudersdal-main"
+  "samso-main"
+  "silkeborg-main"
+  "silkeborg-moduletest"
+  "skanderborg-main"
+  "skive-main"
+  "solrod-main"
+  "sonderborg-main"
+  "sonderborg-moduletest"
+  "soro-main"
+  "staging-main"
+  "staging-moduletest"
+  "stevns-main"
+  "struer-main"
+  "svendborg-main"
+  "syddjurs-main"
+  "sydslesvig-main"
+  "sydslesvig-moduletest"
+  "taarnby-main"
+  "taarnby-moduletest"
+  "thisted-main"
+  "vallensbaek-main"
+  "varde-main"
+  "vejen-main"
+  "vejle-main"
+  "vesthimmerland-main"
+  "viborg-main"
+  "vordingborg-main"
 )
 
 DEPLOYMENTS=("cli" "nginx" "varnish" "redis")

From 395874bc985d30489eedbe4c8a02e16d66e814eb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Asbj=C3=B8rn=20Dyhrberg=20Thegler?= <asbjoern@thegler.dk>
Date: Wed, 18 Sep 2024 13:45:14 +0200
Subject: [PATCH 316/341] Add tolerations and affinity to lagoon docker host

---
 .../lagoon/lagoon-remote-values.template.yaml    | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/infrastructure/environments/dplplat01/lagoon/lagoon-remote-values.template.yaml b/infrastructure/environments/dplplat01/lagoon/lagoon-remote-values.template.yaml
index 610610e0..2f7ac92d 100644
--- a/infrastructure/environments/dplplat01/lagoon/lagoon-remote-values.template.yaml
+++ b/infrastructure/environments/dplplat01/lagoon/lagoon-remote-values.template.yaml
@@ -44,3 +44,19 @@ dbaas-operator:
       password: "$SQL_PASSWORD"
       port: "3306"
       user: "$SQL_USER@$SQL_HOSTNAME"
+
+dockerHost:
+  tolerations:
+  - key: noderole.dplplatform
+    operator: Equal
+    value: build
+    effect: NoSchedule
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+          - matchExpressions:
+            - key: noderole.dplplatform
+              operator: In
+              values:
+                - build

From 8f4577ce26ee8375073943c051c38d91f0b8c2c6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Asbj=C3=B8rn=20Dyhrberg=20Thegler?= <asbjoern@thegler.dk>
Date: Wed, 18 Sep 2024 14:00:21 +0200
Subject: [PATCH 317/341] Remove default backend config as we have no default
 backend

---
 .../ingress-nginx/ingres-nginx-values.template.yaml            | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/infrastructure/environments/dplplat01/configuration/ingress-nginx/ingres-nginx-values.template.yaml b/infrastructure/environments/dplplat01/configuration/ingress-nginx/ingres-nginx-values.template.yaml
index 00e50efa..27db58a8 100644
--- a/infrastructure/environments/dplplat01/configuration/ingress-nginx/ingres-nginx-values.template.yaml
+++ b/infrastructure/environments/dplplat01/configuration/ingress-nginx/ingres-nginx-values.template.yaml
@@ -39,6 +39,3 @@ controller:
   # https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#allow-snippet-annotations
   # https://docs.lagoon.sh/using-lagoon-the-basics/going-live/#production-environment
   allowSnippetAnnotations: true
-defaultBackend:
-  nodeSelector:
-    beta.kubernetes.io/os: linux

From 2135e9ca331efa50cb0c2f1fb6291e9838729cec Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Asbj=C3=B8rn=20Dyhrberg=20Thegler?= <asbjoern@thegler.dk>
Date: Wed, 18 Sep 2024 14:01:23 +0200
Subject: [PATCH 318/341] Add tolerations and affinity to ingress-nginx

---
 .../ingres-nginx-values.template.yaml              | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/infrastructure/environments/dplplat01/configuration/ingress-nginx/ingres-nginx-values.template.yaml b/infrastructure/environments/dplplat01/configuration/ingress-nginx/ingres-nginx-values.template.yaml
index 27db58a8..60bf33af 100644
--- a/infrastructure/environments/dplplat01/configuration/ingress-nginx/ingres-nginx-values.template.yaml
+++ b/infrastructure/environments/dplplat01/configuration/ingress-nginx/ingres-nginx-values.template.yaml
@@ -39,3 +39,17 @@ controller:
   # https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#allow-snippet-annotations
   # https://docs.lagoon.sh/using-lagoon-the-basics/going-live/#production-environment
   allowSnippetAnnotations: true
+  tolerations:
+    - key: noderole.dplplatform
+      operator: Equal
+      value: prod
+      effect: NoSchedule
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+          - matchExpressions:
+              - key: noderole.dplplatform
+                operator: In
+                values:
+                  - prod

From 9aa985003d39e93212f13a528eaa594b39c614b4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Asbj=C3=B8rn=20Dyhrberg=20Thegler?= <asbjoern@thegler.dk>
Date: Wed, 18 Sep 2024 14:08:26 +0200
Subject: [PATCH 319/341] Remove CPU requests from ingress-nginx and reduce
 memory requests

This should improve autoscaling behaviour
---
 .../ingress-nginx/ingres-nginx-values.template.yaml          | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/infrastructure/environments/dplplat01/configuration/ingress-nginx/ingres-nginx-values.template.yaml b/infrastructure/environments/dplplat01/configuration/ingress-nginx/ingres-nginx-values.template.yaml
index 60bf33af..a40fdf84 100644
--- a/infrastructure/environments/dplplat01/configuration/ingress-nginx/ingres-nginx-values.template.yaml
+++ b/infrastructure/environments/dplplat01/configuration/ingress-nginx/ingres-nginx-values.template.yaml
@@ -18,10 +18,11 @@ controller:
     enabled: true
     minReplicas: 5
     maxReplicas: 15
+    targetCPUUtilizationPercentage: null
   resources:
     requests:
-      cpu: 300m
-      memory: 1100Mi
+      cpu: null # lets not worry about CPU for now
+      memory: 500Mi
   service:
     loadBalancerIP: "${INGRESS_IP}"
     externalTrafficPolicy: "Local"

From 211696733cb86dc06fa4372c6aa6bf96afe2a422 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Asbj=C3=B8rn=20Dyhrberg=20Thegler?= <asbjoern@thegler.dk>
Date: Wed, 18 Sep 2024 14:14:02 +0200
Subject: [PATCH 320/341] Update node selector labels

---
 .../ingress-nginx/ingres-nginx-values.template.yaml           | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/infrastructure/environments/dplplat01/configuration/ingress-nginx/ingres-nginx-values.template.yaml b/infrastructure/environments/dplplat01/configuration/ingress-nginx/ingres-nginx-values.template.yaml
index a40fdf84..3ca5de84 100644
--- a/infrastructure/environments/dplplat01/configuration/ingress-nginx/ingres-nginx-values.template.yaml
+++ b/infrastructure/environments/dplplat01/configuration/ingress-nginx/ingres-nginx-values.template.yaml
@@ -30,10 +30,10 @@ controller:
       service.beta.kubernetes.io/azure-load-balancer-internal: "false"
       service.beta.kubernetes.io/azure-load-balancer-resource-group: "${RESOURCE_GROUP}"
   nodeSelector:
-    beta.kubernetes.io/os: linux
+    kubernetes.io/os: linux
   admissionWebhooks:
     patch.nodeSelector:
-      beta.kubernetes.io/os: linux
+      kubernetes.io/os: linux
   # Since v1.9.0, Nginx server snippets are disabled by default. However, Lagoon
   # relies on them to be available for ingress definitions in order to prohibit
   # dev environments from being indexed by search engines. See:

From 98f755e904b7fcee53b8ba69659204d339ed8f30 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Asbj=C3=B8rn=20Dyhrberg=20Thegler?= <asbjoern@thegler.dk>
Date: Wed, 18 Sep 2024 14:18:34 +0200
Subject: [PATCH 321/341] Set target memory utilization for ingress-nginx

---
 .../ingress-nginx/ingres-nginx-values.template.yaml              | 1 +
 1 file changed, 1 insertion(+)

diff --git a/infrastructure/environments/dplplat01/configuration/ingress-nginx/ingres-nginx-values.template.yaml b/infrastructure/environments/dplplat01/configuration/ingress-nginx/ingres-nginx-values.template.yaml
index 3ca5de84..558db236 100644
--- a/infrastructure/environments/dplplat01/configuration/ingress-nginx/ingres-nginx-values.template.yaml
+++ b/infrastructure/environments/dplplat01/configuration/ingress-nginx/ingres-nginx-values.template.yaml
@@ -19,6 +19,7 @@ controller:
     minReplicas: 5
     maxReplicas: 15
     targetCPUUtilizationPercentage: null
+    targetMemoryUtilizationPercentage: 80
   resources:
     requests:
       cpu: null # lets not worry about CPU for now

From 722a8f7f544e9da0afc7596936af48ed0c7a511f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Asbj=C3=B8rn=20Dyhrberg=20Thegler?= <asbjoern@thegler.dk>
Date: Wed, 18 Sep 2024 15:32:09 +0200
Subject: [PATCH 322/341] Assign lagoon-remote workloads to system nodes

---
 .../lagoon/lagoon-remote-values.template.yaml | 45 +++++++++++++++++++
 1 file changed, 45 insertions(+)

diff --git a/infrastructure/environments/dplplat01/lagoon/lagoon-remote-values.template.yaml b/infrastructure/environments/dplplat01/lagoon/lagoon-remote-values.template.yaml
index 2f7ac92d..2df392bb 100644
--- a/infrastructure/environments/dplplat01/lagoon/lagoon-remote-values.template.yaml
+++ b/infrastructure/environments/dplplat01/lagoon/lagoon-remote-values.template.yaml
@@ -17,6 +17,21 @@ lagoon-build-deploy:
   taskSSHPort: "22"
   taskAPIHost: "api.lagoon.dplplat01.dpl.reload.dk"
   lagoonFeatureFlagDefaultRootlessWorkload: "enabled"
+  tolerations:
+    - key: noderole.dplplatform
+      operator: Equal
+      value: system
+      effect: PreferNoSchedule
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+          - matchExpressions:
+              - key: noderole.dplplatform
+                operator: In
+                values:
+                  - system
+
 
 sshCore:
   enabled: true
@@ -44,6 +59,20 @@ dbaas-operator:
       password: "$SQL_PASSWORD"
       port: "3306"
       user: "$SQL_USER@$SQL_HOSTNAME"
+  tolerations:
+    - key: noderole.dplplatform
+      operator: Equal
+      value: system
+      effect: PreferNoSchedule
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+          - matchExpressions:
+              - key: noderole.dplplatform
+                operator: In
+                values:
+                  - system
 
 dockerHost:
   tolerations:
@@ -60,3 +89,19 @@ dockerHost:
               operator: In
               values:
                 - build
+
+dioscuri:
+  tolerations:
+    - key: noderole.dplplatform
+      operator: Equal
+      value: system
+      effect: PreferNoSchedule
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+          - matchExpressions:
+              - key: noderole.dplplatform
+                operator: In
+                values:
+                  - system

From 4a4f0c44654fa23bd07cae5835db406012ceeb37 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Asbj=C3=B8rn=20Dyhrberg=20Thegler?= <asbjoern@thegler.dk>
Date: Wed, 18 Sep 2024 15:44:05 +0200
Subject: [PATCH 323/341] Add additional toleration for when we change taints
 on system nodes

---
 .../lagoon/lagoon-remote-values.template.yaml        | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/infrastructure/environments/dplplat01/lagoon/lagoon-remote-values.template.yaml b/infrastructure/environments/dplplat01/lagoon/lagoon-remote-values.template.yaml
index 2df392bb..db99fb31 100644
--- a/infrastructure/environments/dplplat01/lagoon/lagoon-remote-values.template.yaml
+++ b/infrastructure/environments/dplplat01/lagoon/lagoon-remote-values.template.yaml
@@ -22,6 +22,10 @@ lagoon-build-deploy:
       operator: Equal
       value: system
       effect: PreferNoSchedule
+    - key: noderole.dplplatform
+      operator: Equal
+      value: system
+      effect: NoSchedule
   affinity:
     nodeAffinity:
       requiredDuringSchedulingIgnoredDuringExecution:
@@ -64,6 +68,10 @@ dbaas-operator:
       operator: Equal
       value: system
       effect: PreferNoSchedule
+    - key: noderole.dplplatform
+      operator: Equal
+      value: system
+      effect: NoSchedule
   affinity:
     nodeAffinity:
       requiredDuringSchedulingIgnoredDuringExecution:
@@ -96,6 +104,10 @@ dioscuri:
       operator: Equal
       value: system
       effect: PreferNoSchedule
+    - key: noderole.dplplatform
+      operator: Equal
+      value: system
+      effect: NoSchedule
   affinity:
     nodeAffinity:
       requiredDuringSchedulingIgnoredDuringExecution:

From f7b7a0cecee859123130227d70a75609d8ecae06 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Asbj=C3=B8rn=20Dyhrberg=20Thegler?= <asbjoern@thegler.dk>
Date: Wed, 18 Sep 2024 16:57:42 +0200
Subject: [PATCH 324/341] Update tolerations to use AKS supported taint

---
 .../lagoon/lagoon-remote-values.template.yaml | 30 ++++---------------
 1 file changed, 6 insertions(+), 24 deletions(-)

diff --git a/infrastructure/environments/dplplat01/lagoon/lagoon-remote-values.template.yaml b/infrastructure/environments/dplplat01/lagoon/lagoon-remote-values.template.yaml
index db99fb31..89935ef5 100644
--- a/infrastructure/environments/dplplat01/lagoon/lagoon-remote-values.template.yaml
+++ b/infrastructure/environments/dplplat01/lagoon/lagoon-remote-values.template.yaml
@@ -18,14 +18,8 @@ lagoon-build-deploy:
   taskAPIHost: "api.lagoon.dplplat01.dpl.reload.dk"
   lagoonFeatureFlagDefaultRootlessWorkload: "enabled"
   tolerations:
-    - key: noderole.dplplatform
-      operator: Equal
-      value: system
-      effect: PreferNoSchedule
-    - key: noderole.dplplatform
-      operator: Equal
-      value: system
-      effect: NoSchedule
+    - key: CriticalAddonsOnly
+      operator: Exists
   affinity:
     nodeAffinity:
       requiredDuringSchedulingIgnoredDuringExecution:
@@ -64,14 +58,8 @@ dbaas-operator:
       port: "3306"
       user: "$SQL_USER@$SQL_HOSTNAME"
   tolerations:
-    - key: noderole.dplplatform
-      operator: Equal
-      value: system
-      effect: PreferNoSchedule
-    - key: noderole.dplplatform
-      operator: Equal
-      value: system
-      effect: NoSchedule
+    - key: CriticalAddonsOnly
+      operator: Exists
   affinity:
     nodeAffinity:
       requiredDuringSchedulingIgnoredDuringExecution:
@@ -100,14 +88,8 @@ dockerHost:
 
 dioscuri:
   tolerations:
-    - key: noderole.dplplatform
-      operator: Equal
-      value: system
-      effect: PreferNoSchedule
-    - key: noderole.dplplatform
-      operator: Equal
-      value: system
-      effect: NoSchedule
+    - key: CriticalAddonsOnly
+      operator: Exists
   affinity:
     nodeAffinity:
       requiredDuringSchedulingIgnoredDuringExecution:

From 224ba7736cbce9ee96a6bc0b202f587aeef1476a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Asbj=C3=B8rn=20Dyhrberg=20Thegler?= <asbjoern@thegler.dk>
Date: Wed, 18 Sep 2024 18:41:09 +0200
Subject: [PATCH 325/341] Let promtail collect logs from nodes with taints

---
 .../dplplat01/configuration/promtail/promtail-values.yaml   | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/infrastructure/environments/dplplat01/configuration/promtail/promtail-values.yaml b/infrastructure/environments/dplplat01/configuration/promtail/promtail-values.yaml
index 5c48c111..b27f7ca7 100644
--- a/infrastructure/environments/dplplat01/configuration/promtail/promtail-values.yaml
+++ b/infrastructure/environments/dplplat01/configuration/promtail/promtail-values.yaml
@@ -3,3 +3,9 @@
 config:
   clients:
     - url: http://loki-gateway.loki.svc.cluster.local/loki/api/v1/push
+
+tolerations:
+  - key: CriticalAddonsOnly
+    operator: Exists
+  - key: noderole.dplplatform
+    operator: Exists

From 3ea42cec556fd78aa68e2461d2620c0d894b2130 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Asbj=C3=B8rn=20Dyhrberg=20Thegler?= <asbjoern@thegler.dk>
Date: Wed, 18 Sep 2024 18:41:11 +0200
Subject: [PATCH 326/341] Add tolerations and affinities to cert manager
 workloads

---
 .../cert-manager/cert-manager-values.yaml     | 41 +++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/infrastructure/environments/dplplat01/configuration/cert-manager/cert-manager-values.yaml b/infrastructure/environments/dplplat01/configuration/cert-manager/cert-manager-values.yaml
index a3ed2351..61dff1e7 100644
--- a/infrastructure/environments/dplplat01/configuration/cert-manager/cert-manager-values.yaml
+++ b/infrastructure/environments/dplplat01/configuration/cert-manager/cert-manager-values.yaml
@@ -7,3 +7,44 @@ ingressShim:
   defaultIssuerKind: ClusterIssuer
   defaultIssuerGroup: cert-manager.io
 maxConcurrentChallenges: 50
+
+tolerations:
+  - key: CriticalAddonsOnly
+    operator: Exists
+affinity:
+  nodeAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: noderole.dplplatform
+              operator: In
+              values:
+                - system
+
+webhook:
+  tolerations:
+    - key: CriticalAddonsOnly
+      operator: Exists
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+          - matchExpressions:
+              - key: noderole.dplplatform
+                operator: In
+                values:
+                  - system
+
+cainjector:
+  tolerations:
+    - key: CriticalAddonsOnly
+      operator: Exists
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+          - matchExpressions:
+              - key: noderole.dplplatform
+                operator: In
+                values:
+                  - system

From 32d437144dd65c7ee96840cb2bf051fa1c27da0b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Asbj=C3=B8rn=20Dyhrberg=20Thegler?= <asbjoern@thegler.dk>
Date: Wed, 18 Sep 2024 19:15:51 +0200
Subject: [PATCH 327/341] Let loki canary run on nodes with taints

---
 .../configuration/loki/loki-values.template.yaml          | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/infrastructure/environments/dplplat01/configuration/loki/loki-values.template.yaml b/infrastructure/environments/dplplat01/configuration/loki/loki-values.template.yaml
index a4c6b2b5..ba5f8d0a 100644
--- a/infrastructure/environments/dplplat01/configuration/loki/loki-values.template.yaml
+++ b/infrastructure/environments/dplplat01/configuration/loki/loki-values.template.yaml
@@ -67,3 +67,11 @@ read:
     # Size of persistent disk, make sure to match a azure disk size or you will
     # just provision a larger disk capped to a smaller size.
     size: 16Gi
+
+monitoring:
+  lokiCanary:
+    tolerations:
+      - key: CriticalAddonsOnly
+        operator: Exists
+      - key: noderole.dplplatform
+        operator: Exists

From 90258fb8efe03eb526848484ad7c29337a13f0a1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Asbj=C3=B8rn=20Dyhrberg=20Thegler?= <asbjoern@thegler.dk>
Date: Wed, 18 Sep 2024 19:39:47 +0200
Subject: [PATCH 328/341] Set tolerations and affinity for prometheus

---
 .../prometheus/prometheus-values.yaml         | 39 ++++++++++++++++++-
 1 file changed, 38 insertions(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/configuration/prometheus/prometheus-values.yaml b/infrastructure/environments/dplplat01/configuration/prometheus/prometheus-values.yaml
index 7cfd5d79..2c6fc0fc 100644
--- a/infrastructure/environments/dplplat01/configuration/prometheus/prometheus-values.yaml
+++ b/infrastructure/environments/dplplat01/configuration/prometheus/prometheus-values.yaml
@@ -14,6 +14,19 @@ kubeStateMetrics:
 
 alertmanager:
   enabled: true
+  alertmanagerSpec:
+    tolerations:
+      - key: CriticalAddonsOnly
+        operator: Exists
+    affinity:
+      nodeAffinity:
+        requiredDuringSchedulingIgnoredDuringExecution:
+          nodeSelectorTerms:
+            - matchExpressions:
+                - key: noderole.dplplatform
+                  operator: In
+                  values:
+                    - system
 
 prometheus-node-exporter:
   podLabels:
@@ -22,7 +35,18 @@ prometheus-node-exporter:
 
 prometheusOperator:
   enabled: true
-
+  tolerations:
+    - key: CriticalAddonsOnly
+      operator: Exists
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+          - matchExpressions:
+              - key: noderole.dplplatform
+                operator: In
+                values:
+                  - system
 ## Deploy a Prometheus instance
 ##
 prometheus:
@@ -57,6 +81,19 @@ prometheus:
            # Setup a disk for holding the metrics.
              storage: 500Gi
 
+    tolerations:
+      - key: CriticalAddonsOnly
+        operator: Exists
+    affinity:
+      nodeAffinity:
+        requiredDuringSchedulingIgnoredDuringExecution:
+          nodeSelectorTerms:
+            - matchExpressions:
+                - key: noderole.dplplatform
+                  operator: In
+                  values:
+                    - system
+
 defaultRules:
   disabled:
     KubeControllerManagerDown: true

From 88234f5d1f2c0504ec48a9b5cde88a4de6304fb9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Asbj=C3=B8rn=20Dyhrberg=20Thegler?= <asbjoern@thegler.dk>
Date: Wed, 18 Sep 2024 19:48:31 +0200
Subject: [PATCH 329/341] Add tolerations and affinity to grafana

---
 .../configuration/grafana/grafana-values.yaml       | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/infrastructure/environments/dplplat01/configuration/grafana/grafana-values.yaml b/infrastructure/environments/dplplat01/configuration/grafana/grafana-values.yaml
index 7f96ca60..edde35bf 100644
--- a/infrastructure/environments/dplplat01/configuration/grafana/grafana-values.yaml
+++ b/infrastructure/environments/dplplat01/configuration/grafana/grafana-values.yaml
@@ -77,3 +77,16 @@ grafana.ini:
     mode: console
   grafana_net:
     url: https://grafana.net
+
+tolerations:
+  - key: CriticalAddonsOnly
+    operator: Exists
+affinity:
+  nodeAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: noderole.dplplatform
+              operator: In
+              values:
+                - system

From 906e1babb6317bd7011b02d4a3fc1b14c2b383e1 Mon Sep 17 00:00:00 2001
From: ITViking <philip@deranged.dk>
Date: Wed, 18 Sep 2024 15:45:33 +0200
Subject: [PATCH 330/341] add system toleration to harbor

---
 .../configuration/harbor/harbor-values.template.yaml       | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/infrastructure/environments/dplplat01/configuration/harbor/harbor-values.template.yaml b/infrastructure/environments/dplplat01/configuration/harbor/harbor-values.template.yaml
index 07d0155d..c47fcfa5 100644
--- a/infrastructure/environments/dplplat01/configuration/harbor/harbor-values.template.yaml
+++ b/infrastructure/environments/dplplat01/configuration/harbor/harbor-values.template.yaml
@@ -61,3 +61,10 @@ persistence:
       accountname: "$STORAGE_ACCOUNT_NAME"
       accountkey: "$STORAGE_ACCOUNT_KEY"
       container: "$STORAGE_CONTAINER_NAME"
+
+# Use tolerations
+tolerations:
+  - key: noderole.dplplatform
+    effect: NoSchedule
+    operator: Equal
+    value: system

From 85eaab5657f0969b27fc38f25f1d9575e8be0f85 Mon Sep 17 00:00:00 2001
From: ITViking <philip@deranged.dk>
Date: Wed, 18 Sep 2024 15:50:23 +0200
Subject: [PATCH 331/341] add affinity to harbor

---
 .../configuration/harbor/harbor-values.template.yaml   | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/infrastructure/environments/dplplat01/configuration/harbor/harbor-values.template.yaml b/infrastructure/environments/dplplat01/configuration/harbor/harbor-values.template.yaml
index c47fcfa5..08071dd0 100644
--- a/infrastructure/environments/dplplat01/configuration/harbor/harbor-values.template.yaml
+++ b/infrastructure/environments/dplplat01/configuration/harbor/harbor-values.template.yaml
@@ -68,3 +68,13 @@ tolerations:
     effect: NoSchedule
     operator: Equal
     value: system
+
+affinity:
+  nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+          - key: noderole.dplplatform
+            operator: In
+            values:
+            - system

From dd4aa71ef2c786f081e8c12a055d354d4f1ad87c Mon Sep 17 00:00:00 2001
From: ITViking <philip@deranged.dk>
Date: Wed, 18 Sep 2024 15:58:41 +0200
Subject: [PATCH 332/341] it's supposed to be the admin nodepools

---
 .../configuration/harbor/harbor-values.template.yaml          | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/infrastructure/environments/dplplat01/configuration/harbor/harbor-values.template.yaml b/infrastructure/environments/dplplat01/configuration/harbor/harbor-values.template.yaml
index 08071dd0..90db6dad 100644
--- a/infrastructure/environments/dplplat01/configuration/harbor/harbor-values.template.yaml
+++ b/infrastructure/environments/dplplat01/configuration/harbor/harbor-values.template.yaml
@@ -67,7 +67,7 @@ tolerations:
   - key: noderole.dplplatform
     effect: NoSchedule
     operator: Equal
-    value: system
+    value: admin
 
 affinity:
   nodeAffinity:
@@ -77,4 +77,4 @@ affinity:
           - key: noderole.dplplatform
             operator: In
             values:
-            - system
+            - admin

From 50e9707f87086246f86d6b844bd546291ed89ffa Mon Sep 17 00:00:00 2001
From: ITViking <philip@deranged.dk>
Date: Wed, 18 Sep 2024 16:01:27 +0200
Subject: [PATCH 333/341] correct effect

---
 .../dplplat01/configuration/harbor/harbor-values.template.yaml  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/configuration/harbor/harbor-values.template.yaml b/infrastructure/environments/dplplat01/configuration/harbor/harbor-values.template.yaml
index 90db6dad..b073765b 100644
--- a/infrastructure/environments/dplplat01/configuration/harbor/harbor-values.template.yaml
+++ b/infrastructure/environments/dplplat01/configuration/harbor/harbor-values.template.yaml
@@ -65,7 +65,7 @@ persistence:
 # Use tolerations
 tolerations:
   - key: noderole.dplplatform
-    effect: NoSchedule
+    effect: PreferNoSchedule
     operator: Equal
     value: admin
 

From 0f4fde60a57580063a29c0a83163336761377aff Mon Sep 17 00:00:00 2001
From: ITViking <philip@deranged.dk>
Date: Wed, 18 Sep 2024 18:14:19 +0200
Subject: [PATCH 334/341] set tolerations for all of harbor workloads

---
 .../harbor/harbor-values.template.yaml        | 96 +++++++++++++++----
 1 file changed, 80 insertions(+), 16 deletions(-)

diff --git a/infrastructure/environments/dplplat01/configuration/harbor/harbor-values.template.yaml b/infrastructure/environments/dplplat01/configuration/harbor/harbor-values.template.yaml
index b073765b..8402d006 100644
--- a/infrastructure/environments/dplplat01/configuration/harbor/harbor-values.template.yaml
+++ b/infrastructure/environments/dplplat01/configuration/harbor/harbor-values.template.yaml
@@ -23,18 +23,98 @@ trivy:
   enabled: false
 jobservice:
   jobLogger: stdout
+  # Use tolerations
+  tolerations:
+    - key: CriticalAddonsOnly
+      operator: Exists
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+          - matchExpressions:
+              - key: noderole.dplplatform
+                operator: In
+                values:
+                  - system
 registry:
   replicas: 3
   resources:
     requests:
       memory: 1Gi
       cpu: 500m
+  # Use tolerations
+  tolerations:
+    - key: CriticalAddonsOnly
+      operator: Exists
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+          - matchExpressions:
+              - key: noderole.dplplatform
+                operator: In
+                values:
+                  - system
 core:
   replicas: 2
   resources:
     requests:
       memory: 1Gi
       cpu: 500m
+  tolerations:
+    - key: CriticalAddonsOnly
+      operator: Exists
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+          - matchExpressions:
+              - key: noderole.dplplatform
+                operator: In
+                values:
+                  - system
+portal:
+  # Use tolerations
+  tolerations:
+    - key: CriticalAddonsOnly
+      operator: Exists
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+          - matchExpressions:
+              - key: noderole.dplplatform
+                operator: In
+                values:
+                  - system
+database:
+  # Use tolerations
+  tolerations:
+    - key: CriticalAddonsOnly
+      operator: Exists
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+          - matchExpressions:
+              - key: noderole.dplplatform
+                operator: In
+                values:
+                  - system
+redis:
+  # Use tolerations
+  tolerations:
+    - key: CriticalAddonsOnly
+      operator: Exists
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+          - matchExpressions:
+              - key: noderole.dplplatform
+                operator: In
+                values:
+                  - system
 
 # Use Azure blob storage for persistence
 persistence:
@@ -62,19 +142,3 @@ persistence:
       accountkey: "$STORAGE_ACCOUNT_KEY"
       container: "$STORAGE_CONTAINER_NAME"
 
-# Use tolerations
-tolerations:
-  - key: noderole.dplplatform
-    effect: PreferNoSchedule
-    operator: Equal
-    value: admin
-
-affinity:
-  nodeAffinity:
-      requiredDuringSchedulingIgnoredDuringExecution:
-        nodeSelectorTerms:
-        - matchExpressions:
-          - key: noderole.dplplatform
-            operator: In
-            values:
-            - admin

From cf025cad7c69b75f7cab743bddea99a484d40490 Mon Sep 17 00:00:00 2001
From: ITViking <philip@deranged.dk>
Date: Wed, 18 Sep 2024 20:28:14 +0200
Subject: [PATCH 335/341] set affinity and tolerations for statefulset

---
 .../harbor/harbor-values.template.yaml        | 54 ++++++++++---------
 1 file changed, 28 insertions(+), 26 deletions(-)

diff --git a/infrastructure/environments/dplplat01/configuration/harbor/harbor-values.template.yaml b/infrastructure/environments/dplplat01/configuration/harbor/harbor-values.template.yaml
index 8402d006..ad5965db 100644
--- a/infrastructure/environments/dplplat01/configuration/harbor/harbor-values.template.yaml
+++ b/infrastructure/environments/dplplat01/configuration/harbor/harbor-values.template.yaml
@@ -88,33 +88,35 @@ portal:
                 values:
                   - system
 database:
-  # Use tolerations
-  tolerations:
-    - key: CriticalAddonsOnly
-      operator: Exists
-  affinity:
-    nodeAffinity:
-      requiredDuringSchedulingIgnoredDuringExecution:
-        nodeSelectorTerms:
-          - matchExpressions:
-              - key: noderole.dplplatform
-                operator: In
-                values:
-                  - system
+  internal:
+    # Use tolerations
+    tolerations:
+      - key: CriticalAddonsOnly
+        operator: Exists
+    affinity:
+      nodeAffinity:
+        requiredDuringSchedulingIgnoredDuringExecution:
+          nodeSelectorTerms:
+            - matchExpressions:
+                - key: noderole.dplplatform
+                  operator: In
+                  values:
+                    - system
 redis:
-  # Use tolerations
-  tolerations:
-    - key: CriticalAddonsOnly
-      operator: Exists
-  affinity:
-    nodeAffinity:
-      requiredDuringSchedulingIgnoredDuringExecution:
-        nodeSelectorTerms:
-          - matchExpressions:
-              - key: noderole.dplplatform
-                operator: In
-                values:
-                  - system
+  internal:
+    # Use tolerations
+    tolerations:
+      - key: CriticalAddonsOnly
+        operator: Exists
+    affinity:
+      nodeAffinity:
+        requiredDuringSchedulingIgnoredDuringExecution:
+          nodeSelectorTerms:
+            - matchExpressions:
+                - key: noderole.dplplatform
+                  operator: In
+                  values:
+                    - system
 
 # Use Azure blob storage for persistence
 persistence:

From 229e7d60367e60d043f4c2c8894f3857bfe4a26a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Asbj=C3=B8rn=20Dyhrberg=20Thegler?= <asbjoern@thegler.dk>
Date: Wed, 18 Sep 2024 21:43:04 +0200
Subject: [PATCH 336/341] Add affinity and tolerations for loki workloads

---
 .../loki/loki-values.template.yaml            | 104 ++++++++++++++++++
 1 file changed, 104 insertions(+)

diff --git a/infrastructure/environments/dplplat01/configuration/loki/loki-values.template.yaml b/infrastructure/environments/dplplat01/configuration/loki/loki-values.template.yaml
index ba5f8d0a..33fedb8f 100644
--- a/infrastructure/environments/dplplat01/configuration/loki/loki-values.template.yaml
+++ b/infrastructure/environments/dplplat01/configuration/loki/loki-values.template.yaml
@@ -17,6 +17,26 @@ backend:
     accessModes:
     - ReadWriteOnce
     size: 32Gi
+  tolerations:
+    - key: CriticalAddonsOnly
+      operator: Exists
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: loki
+              app.kubernetes.io/instance: loki
+              app.kubernetes.io/component: backend
+          topologyKey: kubernetes.io/hostname
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+          - matchExpressions:
+              - key: noderole.dplplatform
+                operator: In
+                values:
+                  - system
 
 loki:
   auth_enabled: false
@@ -60,6 +80,26 @@ write:
     # Size of persistent disk, make sure to match a azure disk size or you will
     # just provision a larger disk capped to a smaller size.
     size: 16Gi
+  tolerations:
+    - key: CriticalAddonsOnly
+      operator: Exists
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: loki
+              app.kubernetes.io/instance: loki
+              app.kubernetes.io/component: write
+          topologyKey: kubernetes.io/hostname
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+          - matchExpressions:
+              - key: noderole.dplplatform
+                operator: In
+                values:
+                  - system
 
 read:
   replicas: 2
@@ -67,6 +107,47 @@ read:
     # Size of persistent disk, make sure to match a azure disk size or you will
     # just provision a larger disk capped to a smaller size.
     size: 16Gi
+  tolerations:
+    - key: CriticalAddonsOnly
+      operator: Exists
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: loki
+              app.kubernetes.io/instance: loki
+              app.kubernetes.io/component: read
+          topologyKey: kubernetes.io/hostname
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+          - matchExpressions:
+              - key: noderole.dplplatform
+                operator: In
+                values:
+                  - system
+gateway:
+  tolerations:
+    - key: CriticalAddonsOnly
+      operator: Exists
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: loki
+              app.kubernetes.io/instance: loki
+              app.kubernetes.io/component: gateway
+          topologyKey: kubernetes.io/hostname
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+          - matchExpressions:
+              - key: noderole.dplplatform
+                operator: In
+                values:
+                  - system
 
 monitoring:
   lokiCanary:
@@ -75,3 +156,26 @@ monitoring:
         operator: Exists
       - key: noderole.dplplatform
         operator: Exists
+  selfMonitoring:
+    grafanaAgent:
+      tolerations:
+        - key: CriticalAddonsOnly
+          operator: Exists
+      # grafana operator agent does not support affinity in this version of the chart - should be fixed later
+      # affinity: |
+      #   podAntiAffinity:
+      #     requiredDuringSchedulingIgnoredDuringExecution:
+      #       - labelSelector:
+      #           matchLabels:
+      #             app.kubernetes.io/name: loki
+      #             app.kubernetes.io/instance: loki
+      #             app.kubernetes.io/component: write
+      #         topologyKey: kubernetes.io/hostname
+      #   nodeAffinity:
+      #     requiredDuringSchedulingIgnoredDuringExecution:
+      #       nodeSelectorTerms:
+      #         - matchExpressions:
+      #             - key: noderole.dplplatform
+      #               operator: In
+      #               values:
+      #                 - system

From 5fcc077c99a46fc5201af062d3152ee53de09a81 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Asbj=C3=B8rn=20Dyhrberg=20Thegler?= <asbjoern@thegler.dk>
Date: Wed, 18 Sep 2024 21:53:29 +0200
Subject: [PATCH 337/341] Add affinity and tolerations for k8up workloads

---
 .../configuration/k8up/k8up-values.template.yaml    | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/infrastructure/environments/dplplat01/configuration/k8up/k8up-values.template.yaml b/infrastructure/environments/dplplat01/configuration/k8up/k8up-values.template.yaml
index f8d22042..3137fc5f 100644
--- a/infrastructure/environments/dplplat01/configuration/k8up/k8up-values.template.yaml
+++ b/infrastructure/environments/dplplat01/configuration/k8up/k8up-values.template.yaml
@@ -28,3 +28,16 @@ k8up:
   # Empty value defaults to the timezone in which Kubernetes is deployed.
   # Accepts `tz database` compatible entries, e.g. `Europe/Zurich`
   timezone: "Europe/Copenhagen"
+
+tolerations:
+  - key: CriticalAddonsOnly
+    operator: Exists
+affinity:
+  nodeAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: noderole.dplplatform
+              operator: In
+              values:
+                - system

From 1abd89b54589ffd48577759fad39787edf3c2950 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Fri, 13 Sep 2024 16:59:52 +0200
Subject: [PATCH 338/341] Add an anchor for webmaster sites using the latest
 version on main

Normally webmaster sites use a previous version on their main
(production) environment and the latest version on their moduletest
environment.

However some sites want to use the latest version on both
environments.

Create an anchor to use for these sites.
---
 infrastructure/environments/dplplat01/sites.yaml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index dbd226a0..30f56f9e 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -8,6 +8,13 @@ x-webmaster: &webmaster-release-image-source
   releaseImageName: dpl-cms-source
   dpl-cms-release: "2024.35.1"
   moduletest-dpl-cms-release: "2024.37.0"
+# Some sites on the webmaster plan wish to track the same release as
+# sites do per default in dpl-cms-release.
+x-webmaster-with-defaults: &webmaster-with-defaults-release-image-source
+  # Reference default before webmaster anchor as YAML references will not
+  # override existing keys.
+  <<: *default-release-image-source
+  <<: *webmaster-release-image-source
 sites:
   # Site objects are indexed by a unique key that must be a valid lagoon, and
   # github project name. That is, alphanumeric and dashes.

From b64e817ca2066e6ebf671f837421e6353aab1556 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Garn=C3=A6s?= <kasperg@users.noreply.github.com>
Date: Mon, 16 Sep 2024 08:24:55 +0200
Subject: [PATCH 339/341] Make some sites use latest version on main
 environment

Reference the new anchor for CMS School and Silkeborg as requested by
the business.

Reference the new anchor on staging to ensure that this follows the
latest version. This makes sense to enable testing there.
---
 infrastructure/environments/dplplat01/sites.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 30f56f9e..87396195 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -33,14 +33,14 @@ sites:
     description: "A site to test new releases on"
     deploy_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBLUrrxfwsfwz4nkn/WCbMUbLHkTFvyYB2uusHLA7NlH
     plan: webmaster
-    <<: *webmaster-release-image-source
+    <<: *webmaster-with-defaults-release-image-source
   cms-school:
     name: "CMS-skole"
     description: "Et site til undervisning i CMSet"
     importTranslationsCron: "0 * * * *"
     deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6SzfPFf/XeLeqI342kxuJAlATpDMtgAfqlrLTTbW2m"
     plan: webmaster
-    <<: *webmaster-release-image-source
+    <<: *webmaster-with-defaults-release-image-source
   bibliotek-test:
     name: "Bibliotekstest"
     description: "Et site hvor bibliotekerne kan teste"
@@ -702,7 +702,7 @@ sites:
       - www.silkeborgbib.dk
     autogenerateRoutes: true
     plan: webmaster
-    <<: *webmaster-release-image-source
+    <<: *webmaster-with-defaults-release-image-source
   skanderborg:
     name: "Skanderborg Bibliotek"
     description: "The library site for Skanderborg"

From 89dee2eedcbfbe6ca4555c5d0e20aade8c639880 Mon Sep 17 00:00:00 2001
From: ITViking <philip@deranged.dk>
Date: Thu, 19 Sep 2024 09:21:04 +0200
Subject: [PATCH 340/341] release 38.1 to editors and moduletests

---
 infrastructure/environments/dplplat01/sites.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index 87396195..bfb064d2 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -2,12 +2,12 @@
 x-defaults: &default-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
-  dpl-cms-release: "2024.37.0"
+  dpl-cms-release: "2024.38.1"
 x-webmaster: &webmaster-release-image-source
   releaseImageRepository: ghcr.io/danskernesdigitalebibliotek
   releaseImageName: dpl-cms-source
   dpl-cms-release: "2024.35.1"
-  moduletest-dpl-cms-release: "2024.37.0"
+  moduletest-dpl-cms-release: "2024.38.1"
 # Some sites on the webmaster plan wish to track the same release as
 # sites do per default in dpl-cms-release.
 x-webmaster-with-defaults: &webmaster-with-defaults-release-image-source

From cf21baadbbb19d2e3e23c38cbb8261f5660a6dd0 Mon Sep 17 00:00:00 2001
From: ITViking <philip@deranged.dk>
Date: Thu, 19 Sep 2024 13:11:17 +0200
Subject: [PATCH 341/341] fix anchor merge

---
 infrastructure/environments/dplplat01/sites.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/environments/dplplat01/sites.yaml b/infrastructure/environments/dplplat01/sites.yaml
index bfb064d2..84a21ca5 100644
--- a/infrastructure/environments/dplplat01/sites.yaml
+++ b/infrastructure/environments/dplplat01/sites.yaml
@@ -14,7 +14,7 @@ x-webmaster-with-defaults: &webmaster-with-defaults-release-image-source
   # Reference default before webmaster anchor as YAML references will not
   # override existing keys.
   <<: *default-release-image-source
-  <<: *webmaster-release-image-source
+  moduletest-dpl-cms-release: "2024.38.1"
 sites:
   # Site objects are indexed by a unique key that must be a valid lagoon, and
   # github project name. That is, alphanumeric and dashes.