diff --git a/.gitignore b/.gitignore index ad4e0ed..068cf58 100644 --- a/.gitignore +++ b/.gitignore @@ -17,5 +17,4 @@ devenv.local.nix # pre-commit .pre-commit-config.yaml -.jekyll-cache/ result diff --git a/.jekyll-cache/Jekyll/Cache/Jekyll--Cache/b7/9606fb3afea5bd1609ed40b622142f1c98125abcfe89a76a661b0e8e343910 b/.jekyll-cache/Jekyll/Cache/Jekyll--Cache/b7/9606fb3afea5bd1609ed40b622142f1c98125abcfe89a76a661b0e8e343910 new file mode 100644 index 0000000..09128b6 --- /dev/null +++ b/.jekyll-cache/Jekyll/Cache/Jekyll--Cache/b7/9606fb3afea5bd1609ed40b622142f1c98125abcfe89a76a661b0e8e343910 @@ -0,0 +1 @@ +I"ÿ{"source"=>"/home/pim/git/blog-pim", "destination"=>"/home/pim/git/blog-pim/_site", "collections_dir"=>"", "cache_dir"=>".jekyll-cache", "plugins_dir"=>"_plugins", "layouts_dir"=>"_layouts", "data_dir"=>"_data", "includes_dir"=>"_includes", "collections"=>{"posts"=>{"output"=>true, "permalink"=>"/:categories/:year/:month/:day/:title:output_ext"}}, "safe"=>false, "include"=>[".htaccess"], "exclude"=>[".sass-cache", ".jekyll-cache", "gemfiles", "Gemfile", "Gemfile.lock", "node_modules", "vendor/bundle/", "vendor/cache/", "vendor/gems/", "vendor/ruby/"], "keep_files"=>[".git", ".svn"], "encoding"=>"utf-8", "markdown_ext"=>"markdown,mkdown,mkdn,mkd,md", "strict_front_matter"=>false, "show_drafts"=>nil, "limit_posts"=>0, "future"=>false, "unpublished"=>false, "whitelist"=>[], "plugins"=>[], "markdown"=>"kramdown", "highlighter"=>"rouge", "lsi"=>false, "excerpt_separator"=>"\n\n", "incremental"=>false, "detach"=>false, "port"=>"4000", "host"=>"127.0.0.1", "baseurl"=>nil, "show_dir_listing"=>false, "permalink"=>"date", "paginate_path"=>"/page:num", "timezone"=>nil, "quiet"=>false, "verbose"=>false, "defaults"=>[], "liquid"=>{"error_mode"=>"warn", "strict_filters"=>false, "strict_variables"=>false}, "kramdown"=>{"auto_ids"=>true, "toc_levels"=>[1, 2, 3, 4, 5, 6], "entity_output"=>"as_char", "smart_quotes"=>"lsquo,rsquo,ldquo,rdquo", "input"=>"GFM", "hard_wrap"=>false, "guess_lang"=>true, "footnote_nr"=>1, "show_warnings"=>false}, "livereload_port"=>35729, "serving"=>true, "watch"=>true, "url"=>"http://localhost:4000"}:ET \ No newline at end of file diff --git a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/0e/763d8239a78fde13ad37342cacbcd9ada77932aa71a300ff4a742b3a5403a2 b/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/0e/763d8239a78fde13ad37342cacbcd9ada77932aa71a300ff4a742b3a5403a2 similarity index 92% rename from src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/0e/763d8239a78fde13ad37342cacbcd9ada77932aa71a300ff4a742b3a5403a2 rename to .jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/0e/763d8239a78fde13ad37342cacbcd9ada77932aa71a300ff4a742b3a5403a2 index 521cbe9..ea8297a 100644 --- a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/0e/763d8239a78fde13ad37342cacbcd9ada77932aa71a300ff4a742b3a5403a2 +++ b/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/0e/763d8239a78fde13ad37342cacbcd9ada77932aa71a300ff4a742b3a5403a2 @@ -1,43 +1,56 @@ -I"GL

Recently, I deployed Concourse CI because I wanted to get my feet wet with a CI/CD pipeline. +I"±N

Recently, I deployed Concourse CI because I wanted to get my feet wet with a CI/CD pipeline. However, I had a practical use case lying around for a long time: automatically compiling my static website and deploying it to my docker Swarm. This took some time getting right, but the result works like a charm (source code).

+

It’s comforting to know I don’t have move a finger and my website is automatically deployed. However, I would still like to receive some indication of what’s happening. And what’s a better way to do that, than using my Apprise service to keep me up to date. There’s a little snag though: I could not find any Concourse resource that does this. That’s when I decided to just create it myself.

+

The Plagiarism Hunt

+

As any good computer person, I am lazy. I’d rather just copy someone’s work, so that’s what I did. I found this GitHub repository that does the same thing but for Slack notifications. For some reason it’s archived, but it seemed like it should work. I actually noticed lots of repositories for Concourse resource types are archived, so not sure what’s going on there.

+

Getting to know Concourse

+

Let’s first understand what we need to do reach our end goal of sending Apprise notifications from Concourse.

+

A Concourse pipeline takes some inputs, performs some operations on them which result in some outputs. These inputs and outputs are called resources in Concourse. For example, a Git repository could be a resource. Each resource is an instance of a resource type. A resource type therefore is simply a blueprint that can create multiple resources. To continue the example, a resource type could be “Git repository”.

+

We therefore need to create our own resource type that can send Apprise notifications. A resource type is simply a container that includes three scripts:

-

As Apprise notifications are basically fire-and-forget, we will only implement the out script.

-

Writing the out script

+ +

As Apprise notifications are basically fire-and-forget, we will only implement the out script.

+ +

Writing the out script

+

The whole script can be found here, but I will explain the most important bits of it. Note that I only use Apprise’s persistent storage solution, and not its stateless solution.

-

Concourse provides us with the working directory, which we cd to:

+ +

Concourse provides us with the working directory, which we cd to:

cd "${1}"
+

We create a timestamp, formatted in JSON, which we will use for the resource’s new version later. Concourse requires us to set a version for the resource, but since Apprise notifications don’t have that, we use the timestamp:

timestamp="$(jq -n "{version:{timestamp:\"$(date +%s)\"}}")"
+

First some black magic Bash to redirect file descriptors. Not sure why this is needed, but I copied it anyways. After that, we create a temporary file holding resource’s parameters.

@@ -47,8 +60,9 @@ After that, we create a temporary file holding resource’s parameters.

payload=$(mktemp /tmp/resource-in.XXXXXX) cat > "${payload}" <&0 +

We then extract the individual parameters. -The source key contains values how the resource type was specified, while the params key specifies parameters for this specific resource.

+The source key contains values how the resource type was specified, while the params key specifies parameters for this specific resource.

apprise_host="$(jq -r '.source.host' < "${payload}")"
 apprise_key="$(jq -r '.source.key' < "${payload}")"
 
@@ -58,6 +72,7 @@ The source key contains values how the resource type was specified,
 alert_tag="$(jq -r '.params.tag // null' < "${payload}")"
 alert_format="$(jq -r '.params.format // null' < "${payload}")"
+

We then format the different parameters using JSON:

alert_body="$(eval "printf \"${alert_body}\"" | jq -R -s .)"
 [ "${alert_title}" != "null" ] && alert_title="$(eval "printf \"${alert_title}\"" | jq -R -s .)"
@@ -65,6 +80,7 @@ The source key contains values how the resource type was specified,
 [ "${alert_tag}" != "null" ] && alert_tag="$(eval "printf \"${alert_tag}\"" | jq -R -s .)"
 [ "${alert_format}" != "null" ] && alert_format="$(eval "printf \"${alert_format}\"" | jq -R -s .)"
+

Next, from the individual parameters we construct the final JSON message body we send to the Apprise endpoint.

body="$(cat <<EOF
 {
@@ -77,26 +93,33 @@ The source key contains values how the resource type was specified,
 EOF
 )"
-

Before sending it just yet, we compact the JSON and remove any values that are null:

+ +

Before sending it just yet, we compact the JSON and remove any values that are null:

compact_body="$(echo "${body}" | jq -c '.')"
 echo "$compact_body" | jq 'del(..|nulls)' > /tmp/compact_body.json
+

Here is the most important line, where we send the payload to the Apprise endpoint. It’s quite straight-forward.

curl -v -X POST -T /tmp/compact_body.json -H "Content-Type: application/json" "${apprise_host}/notify/${apprise_key}"
+

Finally, we print the timestamp (fake version) in order to appease the Concourse gods.

echo "${timestamp}" >&3
+

Building the Container

+

As said earlier, to actually use this script, we need to add it to a image. I won’t be explaining this whole process, but the source can be found here. The most important take-aways are these:

+

Using the Resource Type

+

Using our newly created resource type is surprisingly simple. I use it for the blog you are reading right now and the pipeline definition can be found here. Here we specify the resource type in a Concourse pipeline:

@@ -107,6 +130,7 @@ Here we specify the resource type in a Concourse pipeline:

repository: git.kun.is/pim/concourse-apprise-notifier tag: "1.1.1" +

We simply have to tell Concourse where to find the image, and which tag we want. Next, we instantiate the resource type to create a resource:

resources:
@@ -117,8 +141,10 @@ Next, we instantiate the resource type to create a resource:

     key: concourse
   icon: bell
+

We simply specify the host to send Apprise notifications to. Yeah, I even gave it a little bell because it’s cute.

+

All that’s left to do, is actually send the notification. Let’s see how that is done:

- name: deploy-static-website
@@ -133,17 +159,22 @@ Let’s see how that is done:

 	  body: "New version: $(cat version/version)"
 	no_get: true
+

As can be seen, the Apprise notification can be triggered when a task is executed successfully. -We do this using the put command, which execute the out script underwater. +We do this using the put command, which execute the out script underwater. We set the notification’s title and body, and send it! The result is seen below in my Ntfy app, which Apprise forwards the message to: picture showing my Ntfy app with the Apprise notification

+

And to finish this off, here is what it looks like in the Concourse web UI: the concourse web gui showing the pipeline of my static website including the the apprise notification resources

+

Conclusion

+

Concourse’s way of representing everything as an image/container is really interesting in my opinion. A resource type is quite easily implemented as well, although Bash might not be the optimal way to do this. I’ve seen some people implement it in Rust, which might be a good excuse to finally learn that language :)

+

Apart from Apprise notifications, I’m planning on creating a resource type to deploy to a Docker swarm eventually. This seems like a lot harder than simply sending notifications though.

:ET \ No newline at end of file diff --git a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/1a/68cb66b01bbf383da07f97fa2f92ac4f63f127b7ede00efab21d453837389e b/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/1a/68cb66b01bbf383da07f97fa2f92ac4f63f127b7ede00efab21d453837389e similarity index 90% rename from src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/1a/68cb66b01bbf383da07f97fa2f92ac4f63f127b7ede00efab21d453837389e rename to .jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/1a/68cb66b01bbf383da07f97fa2f92ac4f63f127b7ede00efab21d453837389e index 1e583e6..dcc8b00 100644 --- a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/1a/68cb66b01bbf383da07f97fa2f92ac4f63f127b7ede00efab21d453837389e +++ b/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/1a/68cb66b01bbf383da07f97fa2f92ac4f63f127b7ede00efab21d453837389e @@ -1,8 +1,9 @@ -I"ž8

Ever SSH’ed into a freshly installed server and gotten the following annoying message?

+I"”:

Ever SSH’ed into a freshly installed server and gotten the following annoying message?

The authenticity of host 'host.tld (1.2.3.4)' can't be established.
 ED25519 key fingerprint is SHA256:eUXGdm1YdsMAS7vkdx6dOJdOGHdem5gQp4tadCfdLB8.
 Are you sure you want to continue connecting (yes/no)?
+

Or even more annoying:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
 @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@ -20,26 +21,34 @@ Offending ED25519 key in /home/user/.ssh/known_hosts:3
 ED25519 host key for 1.2.3.4 has changed and you have requested strict checking.
 Host key verification failed.
+

Could it be that the programmers at OpenSSH simply like to annoy us with these confusing messages? Maybe, but these warnings also serve as a way to notify users of a potential Man-in-the-Middle (MITM) attack. I won’t go into the details of this problem, but I refer you to this excellent blog post. Instead, I would like to talk about ways to solve these annoying warnings.

-

One obvious solution is simply to add each host to your known_hosts file. + +

One obvious solution is simply to add each host to your known_hosts file. This works okay when managing a handful of servers, but becomes unbearable when managing many servers. In my case, I wanted to quickly spin up virtual machines using Duncan Mac-Vicar’s Terraform Libvirt provider, without having to accept their host key before connecting. The solution? Issuing SSH host certificates using an SSH certificate authority.

+

SSH Certificate Authorities vs. the Web

+

The idea of an SSH certificate authority (CA) is quite easy to grasp, if you understand the web’s Public Key Infrastructure (PKI). Just like with the web, a trusted party can issue certificates that are offered when establishing a connection. The idea is, just by trusting the trusted party, you trust every certificate they issue. In the case of the web’s PKI, this trusted party is bundled and trusted by your browser or operating system. However, in the case of SSH, the trusted party is you! (Okay you can also trust your own web certificate authority) With this great power, comes great responsibility which we will abuse heavily in this article.

+

SSH Certificate Authority for Terraform

+

So, let’s start with a plan. I want to spawn virtual machines with Terraform which which are automatically provisioned with a SSH host certificate issued by my CA. This CA will be another host on my private network, issuing certificates over SSH.

+

Fetching the SSH Host Certificate

+

First we generate an SSH key pair in Terraform. Below is the code for that:

resource "tls_private_key" "debian" {
@@ -50,8 +59,9 @@ Below is the code for that:

   private_key_pem = tls_private_key.debian.private_key_pem
 }
+

Now that we have an SSH key pair, we need to somehow make Terraform communicate this with the CA. -Lucky for us, there is a way for Terraform to execute an arbitrary command with the external data feature. +Lucky for us, there is a way for Terraform to execute an arbitrary command with the external data feature. We call this script below:

data "external" "cert" {
   program = ["bash", "${path.module}/get_cert.sh"]
@@ -65,6 +75,7 @@ We call this script below:

   }
 }
+

These query parameters will end up in the script’s stdin in JSON format. We can then read these parameters, and send them to the CA over SSH. The result must as well be in JSON format.

@@ -81,8 +92,9 @@ The result must as well be in JSON format.

jq -n --arg cert "$CERT" '{"cert":$cert}' +

We see that a script is called on the remote host that issues the certificate. -This is just a simple wrapper around ssh-keygen, which you can see below.

+This is just a simple wrapper around ssh-keygen, which you can see below.

#!/bin/bash
 set -euo pipefail
 IFS=$'\n\t'
@@ -100,18 +112,22 @@ host() {
 
 "$1" "$@"
+

Appeasing the Terraform Gods

+

So nice, we can fetch the SSH host certificate from the CA. We should just be able to use it right? We can, but it brings a big annoyance with it: Terraform will fetch a new certificate every time it is run. -This is because the external feature of Terraform is a data source. +This is because the external feature of Terraform is a data source. If we were to use this data source for a Terraform resource, it would need to be updated every time we run Terraform. I have not been able to find a way to avoid fetching the certificate every time, except for writing my own resource provider which I’d rather not. I have, however, found a way to hack around the issue.

-

The idea is as follows: we can use Terraform’s ignore_changes to, well, ignore any changes of a resource. -Unfortunately, we cannot use this for a data source, so we must create a glue null_resource that supports ignore_changes. + +

The idea is as follows: we can use Terraform’s ignore_changes to, well, ignore any changes of a resource. +Unfortunately, we cannot use this for a data source, so we must create a glue null_resource that supports ignore_changes. This is shown in the code snipppet below. -We use the triggers property simply to copy the certificate in; we don’t use it for it’s original purpose.

+We use the triggers property simply to copy the certificate in; we don’t use it for it’s original purpose.

+ 
resource "null_resource" "cert" {
   triggers = {
     cert = data.external.cert.result["cert"]
@@ -124,23 +140,31 @@ We use the triggers property simply to copy the certificate in; we
   }
 }
-

And voilà, we can now use null_resource.cert.triggers["cert"] as our certificate, that won’t trigger replacements in Terraform.

+ +

And voilà, we can now use null_resource.cert.triggers["cert"] as our certificate, that won’t trigger replacements in Terraform.

+

Setting the Host Certificate with Cloud-Init

+

Terraform’s Libvirt provider has native support for Cloud-Init, which is very handy. We can give the host certificate directly to Cloud-Init and place it on the virtual machine. -Inside the Cloud-Init configuration, we can set the ssh_keys property to do this:

+Inside the Cloud-Init configuration, we can set the ssh_keys property to do this:

ssh_keys:
   ed25519_private: |
     ${indent(4, private_key)}
   ed25519_certificate: "${host_cert}"
+

I hardcoded this to ED25519 keys, because this is all I use.

+

This works perfectly, and I never have to accept host certificates from virtual machines again.

+

Caveats

+

A sharp eye might have noticed the lifecycle of these host certificates is severely lacking. Namely, the deployed host certificates have no expiration date nore is there revocation function. There are ways to implement these, but for my home lab I did not deem this necessary at this point. In a more professional environment, I would suggest using Hashicorp’s Vault.

+

This project did teach me about the limits and flexibility of Terraform, so all in all a success! All code can be found on the git repository here.

:ET \ No newline at end of file diff --git a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/42/129c8d8ed3adce9c8fb7301f8c4137151c8a5fce8bfdc7931f6d3eddecd1d0 b/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/42/129c8d8ed3adce9c8fb7301f8c4137151c8a5fce8bfdc7931f6d3eddecd1d0 similarity index 84% rename from src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/42/129c8d8ed3adce9c8fb7301f8c4137151c8a5fce8bfdc7931f6d3eddecd1d0 rename to .jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/42/129c8d8ed3adce9c8fb7301f8c4137151c8a5fce8bfdc7931f6d3eddecd1d0 index ff88a77..a92a14d 100644 Binary files a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/42/129c8d8ed3adce9c8fb7301f8c4137151c8a5fce8bfdc7931f6d3eddecd1d0 and b/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/42/129c8d8ed3adce9c8fb7301f8c4137151c8a5fce8bfdc7931f6d3eddecd1d0 differ diff --git a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/4b/03ed67d8bc9c0d8fd335b681a9a1d44e97b95fb060758712befbe0a20bf7ed b/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/59/b34569de7b190c8504763f412280aef126498994f10a177acf84deee8117b9 similarity index 75% rename from src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/4b/03ed67d8bc9c0d8fd335b681a9a1d44e97b95fb060758712befbe0a20bf7ed rename to .jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/59/b34569de7b190c8504763f412280aef126498994f10a177acf84deee8117b9 index 1261b6e..08c63b3 100644 --- a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/4b/03ed67d8bc9c0d8fd335b681a9a1d44e97b95fb060758712befbe0a20bf7ed +++ b/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/59/b34569de7b190c8504763f412280aef126498994f10a177acf84deee8117b9 @@ -1,40 +1,55 @@ -I"GG

I have been meaning to write about the current state of my home lab infrastructure for a while now. +I"ęG

I have been meaning to write about the current state of my home lab infrastructure for a while now. Now that the most important parts are quite stable, I think the opportunity is ripe. I expect this post to get quite long, so I might have to leave out some details along the way.

+

This post will be a starting point for future infrastructure snapshots which I can hopefully put out periodically. That is, if there is enough worth talking about.

+

Keep an eye out for the icon, which links to the source code and configuration of anything mentioned. Oh yeah, did I mention everything I do is open source?

+

Networking and Infrastructure Overview

+

Hardware and Operating Systems

+

Let’s start with the basics: what kind of hardware do I use for my home lab? The most important servers are my three Gigabyte Brix GB-BLCE-4105. Two of them have 16 GB of memory, and one 8 GB. I named these servers as follows:

+

Here is a picture of them sitting in their cosy closet:

+

A picture of my servers.

+

If you look look to the left, you will also see a Raspberry pi 4B. I use this Pi to do some rudimentary monitoring whether servers and services are running. More on this in the relevant section below. The Pi is called Iris because it’s a messenger for the other servers.

+

I used to run Ubuntu on these systems, but I have since migrated away to Debian. The main reasons were Canonical putting advertisements in my terminal and pushing Snap which has a proprietry backend. Two of my servers run the newly released Debian Bookworm, while one still runs Debian Bullseye.

+

Networking

+

For networking, I wanted hypervisors and virtual machines separated by VLANs for security reasons. The following picture shows a simplified view of the VLANs present in my home lab:

+

Picture showing the VLANS in my home lab.

+

All virtual machines are connected to a virtual bridge which tags network traffic with the DMZ VLAN. The hypervisors VLAN is used for traffic to and from the hypervisors. Devices from the hypervisors VLAN are allowed to connect to devices in the DMZ, but not vice versa. The hypervisors are connected to a switch using a trunk link, allows both DMZ and hypervisors traffic.

+

I realised the above design using ifupdown. -Below is the configuration for each hypervisor, which creates a new enp3s0.30 interface with all DMZ traffic from the enp3s0 interface .

+Below is the configuration for each hypervisor, which creates a new enp3s0.30 interface with all DMZ traffic from the enp3s0 interface .

+ 
auto enp3s0.30
 iface enp3s0.30 inet manual
 iface enp3s0.30 inet6 auto
@@ -44,10 +59,13 @@ iface enp3s0.30 inet6 auto
 	privext 0
 	pre-up sysctl -w net/ipv6/conf/enp3s0.30/disable_ipv6=1
+

This configuration seems more complex than it actually is. Most of it is to make sure the interface is not assigned an IPv4/6 address on the hypervisor host. -The magic .30 at the end of the interface name makes this interface tagged with VLAN ID 30 (DMZ for me).

+The magic .30 at the end of the interface name makes this interface tagged with VLAN ID 30 (DMZ for me).

+

Now that we have an interface tagged for the DMZ VLAN, we can create a bridge where future virtual machines can connect to:

+ 
auto dmzbr
 iface dmzbr inet manual
 	bridge_ports enp3s0.30
@@ -59,76 +77,101 @@ iface dmzbr inet6 auto
 	privext 0
 	pre-up sysctl -w net/ipv6/conf/dmzbr/disable_ipv6=1
+

Just like the previous config, this is quite bloated because I don’t want the interface to be assigned an IP address on the host. -Most importantly, the bridge_ports enp3s0.30 line here makes this interface a virtual bridge for the enp3s0.30 interface.

+Most importantly, the bridge_ports enp3s0.30 line here makes this interface a virtual bridge for the enp3s0.30 interface.

+

And voilĂ , we now have a virtual bridge on each machine, where only DMZ traffic will flow. Here I verify whether this configuration works:

Show -

We can see that the two virtual interfaces are created, and are only assigned a MAC address and not a IP address:

-
root@atlas:~# ip a show enp3s0.30
+
+
+We can see that the two virtual interfaces are created, and are only assigned a MAC address and not a IP address:
+```text
+root@atlas:~# ip a show enp3s0.30
 4: enp3s0.30@enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master dmzbr state UP group default qlen 1000
     link/ether d8:5e:d3:4c:70:38 brd ff:ff:ff:ff:ff:ff
 5: dmzbr: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
     link/ether 4e:f7:1f:0f:ad:17 brd ff:ff:ff:ff:ff:ff
-
-

Pinging a VM from a hypervisor works:

-
root@atlas:~# ping -c1 maestro.dmz
+```
+
+Pinging a VM from a hypervisor works:
+```text
+root@atlas:~# ping -c1 maestro.dmz
 PING maestro.dmz (192.168.30.8) 56(84) bytes of data.
 64 bytes from 192.168.30.8 (192.168.30.8): icmp_seq=1 ttl=63 time=0.457 ms
-
-

Pinging a hypervisor from a VM does not work:

-
root@maestro:~# ping  -c1 atlas.hyp
+```
+
+Pinging a hypervisor from a VM does not work:
+```text
+root@maestro:~# ping  -c1 atlas.hyp
 PING atlas.hyp (192.168.40.2) 56(84) bytes of data.
 
 --- atlas.hyp ping statistics ---
 1 packets transmitted, 0 received, 100% packet loss, time 0ms
-
+```
+

DNS and DHCP

+

Now that we have a working DMZ network, let’s build on it to get DNS and DHCP working. This will enable new virtual machines to obtain a static or dynamic IP address and register their host in DNS. This has actually been incredibly annoying due to our friend Network address translation (NAT).

NAT recap -

Network address translation (NAT) is a function of a router which allows multiple hosts to share a single IP address. + +Network address translation (NAT) is a function of a router which allows multiple hosts to share a single IP address. This is needed for IPv4, because IPv4 addresses are scarce and usually one household is only assigned a single IPv4 address. This is one of the problems IPv6 attempts to solve (mainly by having so many IP addresses that they should never run out). -To solve the problem for IPv4, each host in a network is assigned a private IPv4 address, which can be reused for every network.

-

Then, the router must perform address translation. +To solve the problem for IPv4, each host in a network is assigned a private IPv4 address, which can be reused for every network. + +Then, the router must perform address translation. It does this by keeping track of ports opened by hosts in its private network. -If a packet from the internet arrives at the router for such a port, it forwards this packet to the correct host.

+If a packet from the internet arrives at the router for such a port, it forwards this packet to the correct host.
+

I would like to host my own DNS on a virtual machine (called hermes, more on VMs later) in the DMZ network. This basically gives two problems:

+
    -
  1. The upstream DNS server will refer to the public internet-accessible IP address of our DNS server. +
  2. The upstream DNS server will refer to the public internet-accessible IP address of our DNS server. This IP-address has no meaning inside the private network due to NAT and the router will reject the packet.
    3. -
  3. Our DNS resolves hosts to their public internet-accessible IP address. +
  4. Our DNS resolves hosts to their public internet-accessible IP address. This is similar to the previous problem as the public IP address has no meaning.
+

The first problem can be remediated by overriding the location of the DNS server for hosts inside the DMZ network. This can be achieved on my router, which uses Unbound as its recursive DNS server:

+

Unbound overides for kun.is and dmz domains.

-

Any DNS requests to Unbound to domains in either dmz or kun.is will now be forwarded 192.168.30.7 (port 5353). + +

Any DNS requests to Unbound to domains in either dmz or kun.is will now be forwarded 192.168.30.7 (port 5353). This is the virtual machine hosting my DNS.

+

The second problem can be solved at the DNS server. We need to do some magic overriding, which dnsmasq is perfect for :

+ 
alias=84.245.14.149,192.168.30.8
 server=/kun.is/192.168.30.7
+

This always overrides the public IPv4 address to the private one. -It also overrides the DNS server for kun.is to 192.168.30.7.

+It also overrides the DNS server for kun.is to 192.168.30.7.

+

Finally, behind the dnsmasq server, I run Powerdns as authoritative DNS server . I like this DNS server because I can manage it with Terraform .

+

Here is a small diagram showing my setup (my networking teacher would probably kill me for this): Shitty diagram showing my DNS setup.

+

Virtualization

-

https://github.com/containrrr/shepherd +

https://github.com/containrrr/shepherd Now that we have laid out the basic networking, let’s talk virtualization. Each of my servers are configured to run KVM virtual machines, orchestrated using Libvirt. Configuration of the physical hypervisor servers, including KVM/Libvirt is done using Ansible. The VMs are spun up using Terraform and the dmacvicar/libvirt Terraform provider.

+

This all isn’t too exciting, except that I created a Terraform module that abstracts the Terraform Libvirt provider for my specific scenario :

module "maestro" {
   source          = "git::https://git.kun.is/home/tf-modules.git//debian"
@@ -138,77 +181,101 @@ The VMs are spun up using Terraform and the mac             = "CA:FE:C0:FF:EE:08"
 }
+

This automatically creates a Debian virtual machines with the properties specified. -It also sets up certificate-based SSH authentication which I talked about before.

+It also sets up certificate-based SSH authentication which I talked about before.

+

Clustering

+

With virtualization explained, let’s move up one level further. Each of my three physical servers hosts a virtual machine running Docker, which together form a Docker Swarm. I use Traefik as a reverse proxy which routes requests to the correct container.

+

All data is hosted on a single machine and made available to containers using NFS. This might not be very secure (as NFS is not encrypted and no proper authentication), it is quite fast.

+

As of today, I host the following services on my Docker Swarm :

+

CI / CD

+

For CI / CD, I run Concourse CI in a separate VM. This is needed, because Concourse heavily uses containers to create reproducible builds.

+

Although I should probably use it for more, I currently use my Concourse for three pipelines:

+ +

Backups

+

To create backups, I use Borg. As I keep all data on one machine, this backup process is quite simple. In fact, all this data is stored in a single Libvirt volume. To configure Borg with a simple declarative script, I use Borgmatic.

+

In order to back up the data inside the Libvirt volume, I create a snapshot to a file. Then I can mount this snapshot in my file system. The files can then be backed up while the system is still running. It is also possible to simply back up the Libvirt image, but this takes more time and storage .

+

Monitoring and Alerting

+

The last topic I would like to talk about is monitoring and alerting. This is something I’m still actively improving and only just set up properly.

+

Alerting

+

For alerting, I wanted something that runs entirely on my own infrastructure. I settled for Apprise + Ntfy.

+

Apprise is a server that is able to send notifications to dozens of services. For application developers, it is thus only necessary to implement the Apprise API to gain access to all these services. The Apprise API itself is also very simple. By using Apprise, I can also easily switch to another notification service later. Ntfy is free software made for mobile push notifications.

+

I use this alerting system in quite a lot of places in my infrastructure, for example when creating backups.

+

Uptime Monitoring

+

The first monitoring setup I created, was using Uptime Kuma. Uptime Kuma periodically pings a service to see whether it is still running. You can do a literal ping, test HTTP response codes, check database connectivity and much more. I use it to check whether my services and VMs are online. And the best part is, Uptime Kuma supports Apprise so I get push notifications on my phone whenever something goes down!

+

Metrics and Log Monitoring

+

A new monitoring system I am still in the process of deploying is focused on metrics and logs. I plan on creating a separate blog post about this, so keep an eye out on that (for example using RSS :)). Safe to say, it is no basic ELK stack!

+

Conclusion

+

That’s it for now! Hopefully I inspired someone to build something
 or how not to :)

:ET \ No newline at end of file diff --git a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/95/3072d9307fff41fb3452f89e0c9cc99bcf4bcbf90a5e819a6827177e476177 b/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/95/3072d9307fff41fb3452f89e0c9cc99bcf4bcbf90a5e819a6827177e476177 similarity index 70% rename from src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/95/3072d9307fff41fb3452f89e0c9cc99bcf4bcbf90a5e819a6827177e476177 rename to .jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/95/3072d9307fff41fb3452f89e0c9cc99bcf4bcbf90a5e819a6827177e476177 index 924975d..f206364 100644 --- a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/95/3072d9307fff41fb3452f89e0c9cc99bcf4bcbf90a5e819a6827177e476177 +++ b/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/95/3072d9307fff41fb3452f89e0c9cc99bcf4bcbf90a5e819a6827177e476177 @@ -1,32 +1,40 @@ -I"Û

Previously, I have used Prometheus’ node_exporter to monitor the memory usage of my servers. +I"

Previously, I have used Prometheus’ node_exporter to monitor the memory usage of my servers. However, I am currently in the process of moving away from Prometheus to a new Monioring stack. While I understand the advantages, I felt like Prometheus’ pull architecture does not scale nicely. Everytime I spin up a new machine, I would have to centrally change Prometheus’ configuration in order for it to query the new server.

+

In order to collect metrics from my servers, I am now using Fluent Bit. I love Fluent Bit’s way of configuration which I can easily express as code and automate, its focus on effiency and being vendor agnostic. -However, I have stumbled upon one, in my opinion, big issue with Fluent Bit: its mem plugin to monitor memory usage is completely useless. +However, I have stumbled upon one, in my opinion, big issue with Fluent Bit: its mem plugin to monitor memory usage is completely useless. In this post I will go over the problem and my temporary solution.

-

The Problem with Fluent Bit’s mem Plugin

-

As can be seen in the documentation, Fluent Bit’s mem input plugin exposes a few metrics regarding memory usage which should be self-explaining: Mem.total, Mem.used, Mem.free, Swap.total, Swap.used and Swap.free. -The problem is that Mem.used and Mem.free do not accurately reflect the machine’s actual memory usage. + +

The Problem with Fluent Bit’s mem Plugin

+ +

As can be seen in the documentation, Fluent Bit’s mem input plugin exposes a few metrics regarding memory usage which should be self-explaining: Mem.total, Mem.used, Mem.free, Swap.total, Swap.used and Swap.free. +The problem is that Mem.used and Mem.free do not accurately reflect the machine’s actual memory usage. This is because these metrics include caches and buffers, which can be reclaimed by other processes if needed. Most tools reporting memory usage therefore include an additional metric that specifices the memory available on the system. -For example, the command free -m reports the following data on my laptop:

+For example, the command free -m reports the following data on my laptop:

               total        used        free      shared  buff/cache   available
 Mem:           15864        3728        7334         518        5647       12136
 Swap:           2383         663        1720
-

Notice that the available memory is more than free memory.

+ +

Notice that the available memory is more than free memory.

+

While the issue is known (see this and this link), it is unfortunately not yet fixed.

+

A Temporary Solution

+

The issues I linked previously provide stand-alone plugins that fix the problem, which will hopefully be merged in the official project at some point. -However, I didn’t want to install another plugin so I used Fluent Bit’s exec input plugin and the free Linux command to query memory usage like so:

+However, I didn’t want to install another plugin so I used Fluent Bit’s exec input plugin and the free Linux command to query memory usage like so:

[INPUT]
     Name exec
     Tag memory
     Command free -m | tail -2 | tr '\n' ' '
     Interval_Sec 1
+

To interpret the command’s output, I created the following filter:

[FILTER]
     Name parser
@@ -34,6 +42,7 @@ However, I didn’t want to install another plugin so I used Fluent Bit’s Key_Name exec
     Parser free
+

Lastly, I created the following parser (warning: regex shitcode incoming):

[PARSER]
     Name free
@@ -41,14 +50,17 @@ However, I didn’t want to install another plugin so I used Fluent Bit’s Regex ^Mem:\s+(?<mem_total>\d+)\s+(?<mem_used>\d+)\s+(?<mem_free>\d+)\s+(?<mem_shared>\d+)\s+(?<mem_buff_cache>\d+)\s+(?<mem_available>\d+) Swap:\s+(?<swap_total>\d+)\s+(?<swap_used>\d+)\s+(?<swap_free>\d+)
     Types mem_total:integer mem_used:integer mem_free:integer mem_shared:integer mem_buff_cache:integer mem_available:integer swap_total:integer swap_used:integer
-

With this configuration, you can use the mem_available metric to get accurate memory usage in Fluent Bit.

+ +

With this configuration, you can use the mem_available metric to get accurate memory usage in Fluent Bit.

+

Conclusion

-

Let’s hope Fluent Bit’s mem input plugin is improved upon soon so this hacky solution is not needed. + +

Let’s hope Fluent Bit’s mem input plugin is improved upon soon so this hacky solution is not needed. I also intend to document my new monitoring pipeline, which at the moment consists of:

:ET \ No newline at end of file diff --git a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/b4/97aba66d754cde21ccf57911a944a2c6cdecdcf1af5627383af00a22c1698a b/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/b4/97aba66d754cde21ccf57911a944a2c6cdecdcf1af5627383af00a22c1698a similarity index 73% rename from src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/b4/97aba66d754cde21ccf57911a944a2c6cdecdcf1af5627383af00a22c1698a rename to .jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/b4/97aba66d754cde21ccf57911a944a2c6cdecdcf1af5627383af00a22c1698a index 0febaba..fc8d47a 100644 --- a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/b4/97aba66d754cde21ccf57911a944a2c6cdecdcf1af5627383af00a22c1698a +++ b/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/b4/97aba66d754cde21ccf57911a944a2c6cdecdcf1af5627383af00a22c1698a @@ -1,38 +1,49 @@ -I":

See the Update at the end of the article.

+I"Đ

See the Update at the end of the article.

+

Already a week ago, Hashicorp announced it would change the license on almost all its projects. Unlike their previous license, which was the Mozilla Public License 2.0, their new license is no longer truly open source. It is called the Business Source Licenseℱ and restricts use of their software for competitors. In their own words:

-

Vendors who provide competitive services built on our community products will no longer be able to incorporate future releases, bug fixes, or security patches contributed to our products.

+

Vendors who provide competitive services built on our community products will no longer be able to incorporate future releases, bug fixes, or security patches contributed to our products.

+

I found a great article by MeshedInsights that names this behaviour the “rights ratchet model”. They define a script start-ups use to garner the interest of open source enthusiasts but eventually turn their back on them for profit. The reason why Hashicorp can do this, is because contributors signed a copyright license agreement (CLA). This agreement transfers the copyright of contributors’ code to Hashicorp, allowing them to change the license if they want to.

+

I find this action really regrettable because I like their products. -This sort of action was also why I wanted to avoid using an Elastic stack, which also had their license changed.1 +This sort of action was also why I wanted to avoid using an Elastic stack, which also had their license changed.1 These companies do not respect their contributors and the software stack beneath they built their product on, which is actually open source (Golang, Linux, etc.).

+

Impact on my Home Lab

+

I am using Terraform in my home lab to manage several important things:

+

With Hashicorp’s anti open source move, I intend to move away from Terraform in the future. While I will not use Hashicorp’s products for new personal projects, I will leave my current setup as-is for some time because there is no real need to quickly migrate.

+

I might also investigate some of Terraform’s competitors, like Pulumi. Hopefully there is a project that respects open source which I can use in the future.

+

Update

+

A promising fork of Terraform has been announced called OpenTF. They intend to take part of the Cloud Native Computing Foundation, which I think is a good effort because Terraform is so important for modern cloud infrastructures.

+

Footnotes

-
-
    -
  1. -

    While I am still using Elasticsearch, I don’t use the rest of the Elastic stack in order to prevent a vendor lock-in. ↩

    -
    2. -
-
+ +
+
    +
  1. +

    While I am still using Elasticsearch, I don’t use the rest of the Elastic stack in order to prevent a vendor lock-in. 

    +
    2. +
+
:ET \ No newline at end of file diff --git a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/cf/a279eddeb4b979b0e9e6555e6f42751b96af7f180d0a086c18cac528a356b7 b/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/cf/a279eddeb4b979b0e9e6555e6f42751b96af7f180d0a086c18cac528a356b7 similarity index 77% rename from src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/cf/a279eddeb4b979b0e9e6555e6f42751b96af7f180d0a086c18cac528a356b7 rename to .jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/cf/a279eddeb4b979b0e9e6555e6f42751b96af7f180d0a086c18cac528a356b7 index 2001e9f..1f67617 100644 --- a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/cf/a279eddeb4b979b0e9e6555e6f42751b96af7f180d0a086c18cac528a356b7 +++ b/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/cf/a279eddeb4b979b0e9e6555e6f42751b96af7f180d0a086c18cac528a356b7 @@ -1,41 +1,53 @@ -I"q

When I was scaling up my home lab, I started thinking more about data management. +I"ć

When I was scaling up my home lab, I started thinking more about data management. I hadn’t (and still haven’t) set up any form of network storage. I have, however, set up a backup mechanism using Borg. Still, I want to operate lots of virtual machines, and backing up each one of them separately seemed excessive. So I started thinking, what if I just let the host machines back up the data? After all, the amount of physical hosts I have in my home lab is unlikely to increase drastically.

+

The Use Case for Sharing Directories

+

I started working out this idea further. Without network storage, I needed a way for guest VMs to access the host’s disks. Here there are two possibilities, either expose some block device or a file system. Creating a whole virtual disk for just the data of some VMs seemed wasteful, and from my experiences also increases backup times dramatically. I therefore searched for a way to mount a directory from the host OS on the guest VM. This is when I stumbled upon this blog post talking about sharing directories with virtual machines.

+

Sharing Directories with virtio-9p

+

virtio-9p is a way to map a directory on the host OS to a special device on the virtual machine. -In virt-manager, it looks like the following: +In virt-manager, it looks like the following: picture showing virt-manager configuration to map a directory to a VM Under the hood, virtio-9p uses the 9pnet protocol. Originally developed at Bell Labs, support for this is available in all modern Linux kernels. If you share a directory with a VM, you can then mount it. -Below is an extract of my /etc/fstab to automatically mount the directory:

+Below is an extract of my /etc/fstab to automatically mount the directory:

data	/mnt/data	9p	trans=virtio,rw	0	0
-

The first argument (data) refers to the name you gave this share from the host -With the trans option we specify that this is a virtio share.

+ +

The first argument (data) refers to the name you gave this share from the host +With the trans option we specify that this is a virtio share.

+

Problems with virtio-9p

+

At first I had no problems with my setup, but I am now contemplating just moving to a network storage based setup because of two problems.

-

The first problem is that some files have suddenly changed ownership from libvirt-qemu to root. -If the file is owned by root, the guest OS can still see it, but cannot access it. + +

The first problem is that some files have suddenly changed ownership from libvirt-qemu to root. +If the file is owned by root, the guest OS can still see it, but cannot access it. I am not entirely sure the problem lies with virtio, but I suspect it is. -For anyone experiencing this problem, I wrote a small shell script to revert ownership to the libvirt-qemu user:

+For anyone experiencing this problem, I wrote a small shell script to revert ownership to the libvirt-qemu user:

find -printf "%h/%f %u\n"  | grep root | cut -d ' ' -f1 | xargs chown libvirt-qemu:libvirt-qemu
+

Another problem that I have experienced, is guests being unable to mount the directory at all. I have only experienced this problem once, but it was highly annoying. To fix it, I had to reboot the whole physical machine.

+

Alternatives

+

virtio-9p seemed like a good idea, but as discussed, I had some problems with it. It seems virtioFS might be a an interesting alternative as it is designed specifically for sharing directories with VMs.

+

As for me, I will probably finally look into deploying network storage either with NFS or SSHFS.

:ET \ No newline at end of file diff --git a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/dd/fa550314d3f6e485fefcd71068b25447db3acbd8d5f496b19d502161a999cd b/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/dd/fa550314d3f6e485fefcd71068b25447db3acbd8d5f496b19d502161a999cd similarity index 84% rename from src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/dd/fa550314d3f6e485fefcd71068b25447db3acbd8d5f496b19d502161a999cd rename to .jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/dd/fa550314d3f6e485fefcd71068b25447db3acbd8d5f496b19d502161a999cd index e1d86bf..0e44a03 100644 --- a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/dd/fa550314d3f6e485fefcd71068b25447db3acbd8d5f496b19d502161a999cd +++ b/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/dd/fa550314d3f6e485fefcd71068b25447db3acbd8d5f496b19d502161a999cd @@ -1,15 +1,19 @@ -I"

BorgBackup and Borgmatic have been my go-to tools to create backups for my home lab since I started creating backups. +I"ë

BorgBackup and Borgmatic have been my go-to tools to create backups for my home lab since I started creating backups. Using Systemd Timers, I regularly create a backup every night. I also monitor successful execution of the backup process, in case some error occurs. However, the way I set this up resulted in not receiving notifications. Even though it boils down to RTFM, I’d like to explain my error and how to handle errors correctly.

-

I was using the on_error option to handle errors, like so:

+ +

I was using the on_error option to handle errors, like so:

+ 
on_error:
   - 'apprise --body="Error while performing backup" <URL> || true'
-

However, on_error does not handle errors from the execution of before_everything and after_everything hooks. + +

However, on_error does not handle errors from the execution of before_everything and after_everything hooks. My solution to this was moving the error handling up to the Systemd service that calls Borgmatic. This results in the following Systemd service:

+ 
[Unit]
 Description=Backup data using Borgmatic
 # Added
@@ -19,8 +23,10 @@ This results in the following Systemd service:

 ExecStart=/usr/bin/borgmatic --config /root/backup.yml
 Type=oneshot
+

This handles any error, be it from Borgmatic’s hooks or itself. -The backup-failure service is very simple, and just calls Apprise to send a notification:

+The backup-failure service is very simple, and just calls Apprise to send a notification:

+ 
[Unit]
 Description=Send backup failure notification
 
@@ -31,12 +37,15 @@ The backup-failure service is very simple, and just calls Apprise t
 [Install]
 WantedBy=multi-user.target
+

The Aftermath (or what I learned)

+

Because the error handling and alerting weren’t working propertly, my backups didn’t succeed for two weeks straight. And, of course, you only notice your backups aren’t working when you actually need them. This is exactly what happened: my disk was full and a MariaDB database crashed as a result of that. Actually, the whole database seemed to be corrupt and I find it worrying MariaDB does not seem to be very resilient to failures (in comparison a PostgreSQL database was able to recover automatically). I then tried to recover the data using last night’s backup, only to find out there was no such backup. Fortunately, I had other means to recover the data so I incurred no data loss.

+

I already knew it is important to test backups, but I learned it is also important to test failures during backups!

:ET \ No newline at end of file diff --git a/src/.gitignore b/src/.gitignore new file mode 100644 index 0000000..a285669 --- /dev/null +++ b/src/.gitignore @@ -0,0 +1,2 @@ +.jekyll-cache/ +_site/ diff --git a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Cache/b7/9606fb3afea5bd1609ed40b622142f1c98125abcfe89a76a661b0e8e343910 b/src/.jekyll-cache/Jekyll/Cache/Jekyll--Cache/b7/9606fb3afea5bd1609ed40b622142f1c98125abcfe89a76a661b0e8e343910 deleted file mode 100644 index f8ea00c..0000000 --- a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Cache/b7/9606fb3afea5bd1609ed40b622142f1c98125abcfe89a76a661b0e8e343910 +++ /dev/null @@ -1 +0,0 @@ -I"Ś {"source"=>"/home/pim/git/blog-pim/src", "destination"=>"/home/pim/git/blog-pim/src/_site", "collections_dir"=>"", "cache_dir"=>".jekyll-cache", "plugins_dir"=>"_plugins", "layouts_dir"=>"_layouts", "data_dir"=>"_data", "includes_dir"=>"_includes", "collections"=>{"posts"=>{"output"=>true, "permalink"=>"/:title/"}}, "safe"=>false, "include"=>["_redirects", ".htaccess"], "exclude"=>["CNAME", "Gemfile", "Gemfile.lock", "LICENSE", "CHANGELOG.md", "README.md", "node_modules", "CODE_OF_CONDUCT.md", "CONTRIBUTING.md", "lighthouse.png", "klise-*.gem", "klise.gemspec", "gemset.nix", ".sass-cache", ".jekyll-cache", "gemfiles", "vendor/bundle/", "vendor/cache/", "vendor/gems/", "vendor/ruby/"], "keep_files"=>[".git", ".svn"], "encoding"=>"utf-8", "markdown_ext"=>"markdown,mkdown,mkdn,mkd,md", "strict_front_matter"=>false, "show_drafts"=>nil, "limit_posts"=>0, "future"=>false, "unpublished"=>false, "whitelist"=>[], "plugins"=>["jekyll-feed", "jekyll-sitemap", "jekyll-postfiles", "jekyll-commonmark-ghpages"], "markdown"=>"CommonMarkGhPages", "highlighter"=>"rouge", "lsi"=>false, "excerpt_separator"=>"\n\n", "incremental"=>false, "detach"=>false, "port"=>"4000", "host"=>"127.0.0.1", "baseurl"=>"/", "show_dir_listing"=>false, "permalink"=>"/:title/", "paginate_path"=>"/page:num", "timezone"=>"Europe/Amsterdam", "quiet"=>false, "verbose"=>false, "defaults"=>[{"scope"=>{"path"=>""}, "values"=>{"layout"=>"post", "comments"=>false}}], "liquid"=>{"error_mode"=>"warn", "strict_filters"=>false, "strict_variables"=>false}, "kramdown"=>{"auto_ids"=>true, "toc_levels"=>[1, 2, 3, 4, 5, 6], "entity_output"=>"as_char", "smart_quotes"=>"lsquo,rsquo,ldquo,rdquo", "input"=>"GFM", "hard_wrap"=>false, "guess_lang"=>true, "footnote_nr"=>1, "show_warnings"=>false, "syntax_highlighter"=>"rouge"}, "title"=>"Pim Kunis", "description"=>"A pig's gotta fly", "lang"=>"en-US", "image"=>"assets/img/avatar.jpg", "repo"=>"https://git.kun.is/pim/static", "mode"=>"light", "author"=>{"name"=>"Pim Kunis", "bio"=>"A pig's gotta fly", "username"=>"pim", "avatar"=>"/assets/img/avatar.jpg"}, "url"=>"http://localhost:4000", "jekyll_compose"=>{"post_default_front_matter"=>{"modified"=>nil, "tags"=>[], "description"=>nil}, "draft_default_front_matter"=>{"modified"=>nil, "tags"=>[], "description"=>nil}}, "number_of_posts"=>5, "sass"=>{"style"=>"compressed"}, "commonmark"=>{"options"=>["SMART", "FOOTNOTES"], "extensions"=>["strikethrough", "autolink", "table", "tagfilter"]}, "livereload_port"=>35729, "serving"=>true, "watch"=>true}:ET \ No newline at end of file diff --git a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/05/974e3d7573ea82516d84156656de5bbf7ff6ba109d70464cbe6839f592094b b/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/05/974e3d7573ea82516d84156656de5bbf7ff6ba109d70464cbe6839f592094b deleted file mode 100644 index 679610d..0000000 --- a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/05/974e3d7573ea82516d84156656de5bbf7ff6ba109d70464cbe6839f592094b +++ /dev/null @@ -1,6 +0,0 @@ -I"„

Ever SSH’ed into a freshly installed server and gotten the following annoying message?

-
The authenticity of host 'host.tld (1.2.3.4)' can't be established.
-ED25519 key fingerprint is SHA256:eUXGdm1YdsMAS7vkdx6dOJdOGHdem5gQp4tadCfdLB8.
-Are you sure you want to continue connecting (yes/no)?
-
-:ET \ No newline at end of file diff --git a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/4d/1f7103582bf7a375b7e199c115b152c6960d408bde12ec01191a8b470bc37d b/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/4d/1f7103582bf7a375b7e199c115b152c6960d408bde12ec01191a8b470bc37d deleted file mode 100644 index 28af8b8..0000000 --- a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/4d/1f7103582bf7a375b7e199c115b152c6960d408bde12ec01191a8b470bc37d +++ /dev/null @@ -1,2 +0,0 @@ -I"U

See the Update at the end of the article.

-:ET \ No newline at end of file diff --git a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/5a/79890c75774971d86fa3a9500f60acb485aab92f38b4d59116b26fa5b065a5 b/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/5a/79890c75774971d86fa3a9500f60acb485aab92f38b4d59116b26fa5b065a5 deleted file mode 100644 index e68b7a4..0000000 --- a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/5a/79890c75774971d86fa3a9500f60acb485aab92f38b4d59116b26fa5b065a5 +++ /dev/null @@ -1,6 +0,0 @@ -I"f

BorgBackup and Borgmatic have been my go-to tools to create backups for my home lab since I started creating backups. -Using Systemd Timers, I regularly create a backup every night. -I also monitor successful execution of the backup process, in case some error occurs. -However, the way I set this up resulted in not receiving notifications. -Even though it boils down to RTFM, I’d like to explain my error and how to handle errors correctly.

-:ET \ No newline at end of file diff --git a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/5c/8fa8240a1640578f5aa674d4f7f9445d7b22817fc1803dbddfc2b5fe30da33 b/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/5c/8fa8240a1640578f5aa674d4f7f9445d7b22817fc1803dbddfc2b5fe30da33 deleted file mode 100644 index d45a833..0000000 --- a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/5c/8fa8240a1640578f5aa674d4f7f9445d7b22817fc1803dbddfc2b5fe30da33 +++ /dev/null @@ -1,7 +0,0 @@ -I"1

When I was scaling up my home lab, I started thinking more about data management. -I hadn’t (and still haven’t) set up any form of network storage. -I have, however, set up a backup mechanism using Borg. -Still, I want to operate lots of virtual machines, and backing up each one of them separately seemed excessive. -So I started thinking, what if I just let the host machines back up the data? -After all, the amount of physical hosts I have in my home lab is unlikely to increase drastically.

-:ET \ No newline at end of file diff --git a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/91/5e385b14adac9ab2123fd9d2352da7c5bb04d9882563beb3316a61554ca575 b/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/91/5e385b14adac9ab2123fd9d2352da7c5bb04d9882563beb3316a61554ca575 deleted file mode 100644 index 9a3212d..0000000 --- a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/91/5e385b14adac9ab2123fd9d2352da7c5bb04d9882563beb3316a61554ca575 +++ /dev/null @@ -1,4 +0,0 @@ -I"

I have been meaning to write about the current state of my home lab infrastructure for a while now. -Now that the most important parts are quite stable, I think the opportunity is ripe. -I expect this post to get quite long, so I might have to leave out some details along the way.

-:ET \ No newline at end of file diff --git a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/a0/3c83cf411782db1c50d9126663f49970c6f45dc99e8db7ec0da9af3b56d618 b/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/a0/3c83cf411782db1c50d9126663f49970c6f45dc99e8db7ec0da9af3b56d618 deleted file mode 100644 index 50e89b2..0000000 --- a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/a0/3c83cf411782db1c50d9126663f49970c6f45dc99e8db7ec0da9af3b56d618 +++ /dev/null @@ -1,4 +0,0 @@ -I"

Recently, I deployed Concourse CI because I wanted to get my feet wet with a CI/CD pipeline. -However, I had a practical use case lying around for a long time: automatically compiling my static website and deploying it to my docker Swarm. -This took some time getting right, but the result works like a charm (source code).

-:ET \ No newline at end of file diff --git a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/a3/2451b46abf31bffd4ef16c4fba342105d08b449ffcd5d8857fac68c8d666ac b/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/a3/2451b46abf31bffd4ef16c4fba342105d08b449ffcd5d8857fac68c8d666ac deleted file mode 100644 index 8a31833..0000000 --- a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/a3/2451b46abf31bffd4ef16c4fba342105d08b449ffcd5d8857fac68c8d666ac +++ /dev/null @@ -1,5 +0,0 @@ -I"

For months, I’ve had a peculiar problem with my laptop: once in a while, seemingly without reason, my laptop screen would freeze. -This only happened on my laptop screen, and not on an external monitor. -I had kind of learned to live with it as I couldn’t find a solution online. -The only remedy I had was reloading my window manager, which would often unfreeze the screen.

-:ET \ No newline at end of file diff --git a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/b0/5eaa7d51955d5eb4c0531861b6ceff386cf59937bb012e007e75bb17be3a70 b/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/b0/5eaa7d51955d5eb4c0531861b6ceff386cf59937bb012e007e75bb17be3a70 deleted file mode 100644 index 9a2b2e4..0000000 --- a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/b0/5eaa7d51955d5eb4c0531861b6ceff386cf59937bb012e007e75bb17be3a70 +++ /dev/null @@ -1,9 +0,0 @@ -I"ł

Finally, after several months this website is up and running again!

-

My homelab has completely changed, but the reason why it initially went offline is because of my failing CI installation. -I was using Concourse CI which I was initially interested in due to the reproducible nature of its builds using containers. -However, for some reason pipelines were sporadically getting stuck when I reboot the virtual machine it was running on. -The fix was very annoying: I had to re-create the pipelines manually (which feels very backwards for a CI/CD system!) -Additionally, my virtual machine setup back then was also quite fragile and I decided to get rid of that as well.

-

I have learned that having an escape hatch to deploy something is probably a good idea 😅 -Expect a new overview of my homelab soon, in the same vein as this post from last year!

-:ET \ No newline at end of file diff --git a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/ca/fa91a891b326d3785106ef39feb14d15f250d4e9053e26bc4a59df1be95175 b/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/ca/fa91a891b326d3785106ef39feb14d15f250d4e9053e26bc4a59df1be95175 deleted file mode 100644 index 938b887..0000000 --- a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/ca/fa91a891b326d3785106ef39feb14d15f250d4e9053e26bc4a59df1be95175 +++ /dev/null @@ -1,2 +0,0 @@ -I"H

Here I might post some personally identifiable information.

-:ET \ No newline at end of file diff --git a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/de/3e2dabf1802e61ca9f839af6ae4614ee4dd39a3db773a8ac7c3b1dcc8d5b5c b/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/de/3e2dabf1802e61ca9f839af6ae4614ee4dd39a3db773a8ac7c3b1dcc8d5b5c deleted file mode 100644 index 9ab03e1..0000000 --- a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/de/3e2dabf1802e61ca9f839af6ae4614ee4dd39a3db773a8ac7c3b1dcc8d5b5c +++ /dev/null @@ -1,2 +0,0 @@ -I"P

Finally, after several months this website is up and running again!

-:ET \ No newline at end of file diff --git a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/e3/b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 b/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/e3/b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 deleted file mode 100644 index 177adbd..0000000 Binary files a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/e3/b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 and /dev/null differ diff --git a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/ee/52e5fa863848f5119ac696d0af443c67f63ca3732d79fbd250d0c2ebb8bbb8 b/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/ee/52e5fa863848f5119ac696d0af443c67f63ca3732d79fbd250d0c2ebb8bbb8 deleted file mode 100644 index 8796725..0000000 --- a/src/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/ee/52e5fa863848f5119ac696d0af443c67f63ca3732d79fbd250d0c2ebb8bbb8 +++ /dev/null @@ -1,5 +0,0 @@ -I"ï

Previously, I have used Prometheus’ node_exporter to monitor the memory usage of my servers. -However, I am currently in the process of moving away from Prometheus to a new Monioring stack. -While I understand the advantages, I felt like Prometheus’ pull architecture does not scale nicely. -Everytime I spin up a new machine, I would have to centrally change Prometheus’ configuration in order for it to query the new server.

-:ET \ No newline at end of file diff --git a/src/_data/menus.yml b/src/_data/menus.yml index 78daf1c..7170bea 100644 --- a/src/_data/menus.yml +++ b/src/_data/menus.yml @@ -8,7 +8,15 @@ - title: about url: /about/ - external: false # set true if you using external link, see below + external: false + +- title: ideas + url: /ideas/ + external: false + +- title: now + url: /now/ + external: false # Example: # - title: github diff --git a/src/_layouts/404.html b/src/_layouts/404.html index 77bbabd..85df97a 100644 --- a/src/_layouts/404.html +++ b/src/_layouts/404.html @@ -33,7 +33,7 @@ layout: compress
404
- get me the fuck out of here + get me the heck out of here
diff --git a/src/_site/404.html b/src/_site/404.html deleted file mode 100644 index 714474e..0000000 --- a/src/_site/404.html +++ /dev/null @@ -1 +0,0 @@ - 404 - Pim Kunis
404
get me the fuck out of here
diff --git a/src/_site/about/index.html b/src/_site/about/index.html deleted file mode 100644 index 0a0c79e..0000000 --- a/src/_site/about/index.html +++ /dev/null @@ -1 +0,0 @@ - Me - Pim Kunis

Me.

Here I might post some personally identifiable information.

diff --git a/src/_site/ansible-edit-grub/index.html b/src/_site/ansible-edit-grub/index.html deleted file mode 100644 index d1c7883..0000000 --- a/src/_site/ansible-edit-grub/index.html +++ /dev/null @@ -1,18 +0,0 @@ - Using Ansible to alter Kernel Parameters - Pim Kunis

Using Ansible to alter Kernel Parameters

For months, I’ve had a peculiar problem with my laptop: once in a while, seemingly without reason, my laptop screen would freeze. This only happened on my laptop screen, and not on an external monitor. I had kind of learned to live with it as I couldn’t find a solution online. The only remedy I had was reloading my window manager, which would often unfreeze the screen.

Yesterday I tried Googling once more and I actually found a thread about it on the Arch Linux forums! They talk about the same laptop model, the Lenovo ThinkPad x260, having the problem. Fortunately, they also propose a temporary fix.

Trying the Fix

Apparently, a problem with the Panel Self Refresh (PSR) feature of Intel iGPUs is the culprit. According to the Linux source code, PSR enables the display to go into a lower standby mode when the sytem is idle but the screen is in use. These lower standby modes can reduce power usage of your device when idling.

This all seems useful, except when it makes your screen freeze! The proposed fix disables the PSR feature entirely. To do this, we need to change a parameter to the Intel Graphics Linux Kernel Module (LKM). The LKM for Intel Graphics is called i915. There are multiple ways to change kernel parameters, but I chose to edit my Grub configuration.

First, I wanted to test whether it actually works. When booting into my Linux partition via Grub, you can press e to edit the Grub definition. Somewhere there, you can find the linux command which specifies to boot Linux and how to do that. I simply appended the option i915.enable_psr=0 to this line. After rebooting, I noticed my screen no longer freezes! Success!

Persisting the Fix

To make the change permanent, we need to permanently change Grub’s configuration. One way to do this, is by changing Grub’s defaults in /etc/default/grub. Namely, the GRUB_CMDLINE_LINUX_DEFAULT option specifies what options Grub should pass to the Linux kernel by default. For me, this is a nice solution as the problem exists for both Linux OSes I have installed. I changed this option to:

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash i915.enable_psr=0"
-

Next, I wanted to automate this solution using Ansible. This turned out to be quite easy, as the Grub configuration looks a bit like an ini file (maybe it is?):

- name: Edit grub to disable Panel Self Refresh
-  become: true
-  ini_file:
-    path: /etc/default/grub
-    section: null
-    option: "GRUB_CMDLINE_LINUX_DEFAULT"
-    value: '"quiet splash i915.enable_psr=0"'
-    no_extra_spaces: true
-  notify: update grub
-

Lastly, I created the notify hook to update the Grub configuration:

- name: update grub
-  become: true
-  command:
-    cmd: update-grub
-

Update: Just use Nix

Lately, I have been learning a bit of NixOS with the intention of replacing my current setup. Compared to Ansible, applying this fix is a breeze on NixOS:

{
-  boot.kernelParams = [ "i915.enable_psr=0" ];
-}
-

That’s it, yep.

Conclusion

It turned out to be quite easy to change Linux kernel parameters using Ansible. Maybe some kernel gurus have better ways to change parameters, but this works for me for now.

As a sidenote, I started reading a bit more about NixOS and realised that it can solve issues like these much more nicely than Ansible does. I might replace my OS with NixOS some day, if I manage to rewrite my Ansible for it.

diff --git a/src/_site/archive/index.html b/src/_site/archive/index.html deleted file mode 100644 index d39ca32..0000000 --- a/src/_site/archive/index.html +++ /dev/null @@ -1 +0,0 @@ - Archive - Pim Kunis

Archive.

2024

2023

diff --git a/src/_site/assets/css/fontawesome.all.min.css b/src/_site/assets/css/fontawesome.all.min.css deleted file mode 100644 index 84dbeb8..0000000 --- a/src/_site/assets/css/fontawesome.all.min.css +++ /dev/null @@ -1,6 +0,0 @@ -/*! - * Font Awesome Free 6.2.1 by @fontawesome - https://fontawesome.com - * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) - * Copyright 2022 Fonticons, Inc. - */ -.fa{font-family:var(--fa-style-family,"Font Awesome 6 Free");font-weight:var(--fa-style,900)}.fa,.fa-brands,.fa-classic,.fa-regular,.fa-sharp,.fa-solid,.fab,.far,.fas{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:var(--fa-display,inline-block);font-style:normal;font-variant:normal;line-height:1;text-rendering:auto}.fa-classic,.fa-regular,.fa-solid,.far,.fas{font-family:"Font Awesome 6 Free"}.fa-brands,.fab{font-family:"Font Awesome 6 Brands"}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-2xs{font-size:.625em;line-height:.1em;vertical-align:.225em}.fa-xs{font-size:.75em;line-height:.08333em;vertical-align:.125em}.fa-sm{font-size:.875em;line-height:.07143em;vertical-align:.05357em}.fa-lg{font-size:1.25em;line-height:.05em;vertical-align:-.075em}.fa-xl{font-size:1.5em;line-height:.04167em;vertical-align:-.125em}.fa-2xl{font-size:2em;line-height:.03125em;vertical-align:-.1875em}.fa-fw{text-align:center;width:1.25em}.fa-ul{list-style-type:none;margin-left:var(--fa-li-margin,2.5em);padding-left:0}.fa-ul>li{position:relative}.fa-li{left:calc(var(--fa-li-width, 2em)*-1);position:absolute;text-align:center;width:var(--fa-li-width,2em);line-height:inherit}.fa-border{border-radius:var(--fa-border-radius,.1em);border:var(--fa-border-width,.08em) var(--fa-border-style,solid) var(--fa-border-color,#eee);padding:var(--fa-border-padding,.2em .25em .15em)}.fa-pull-left{float:left;margin-right:var(--fa-pull-margin,.3em)}.fa-pull-right{float:right;margin-left:var(--fa-pull-margin,.3em)}.fa-beat{-webkit-animation-name:fa-beat;animation-name:fa-beat;-webkit-animation-delay:var(--fa-animation-delay,0s);animation-delay:var(--fa-animation-delay,0s);-webkit-animation-direction:var(--fa-animation-direction,normal);animation-direction:var(--fa-animation-direction,normal);-webkit-animation-duration:var(--fa-animation-duration,1s);animation-duration:var(--fa-animation-duration,1s);-webkit-animation-iteration-count:var(--fa-animation-iteration-count,infinite);animation-iteration-count:var(--fa-animation-iteration-count,infinite);-webkit-animation-timing-function:var(--fa-animation-timing,ease-in-out);animation-timing-function:var(--fa-animation-timing,ease-in-out)}.fa-bounce{-webkit-animation-name:fa-bounce;animation-name:fa-bounce;-webkit-animation-delay:var(--fa-animation-delay,0s);animation-delay:var(--fa-animation-delay,0s);-webkit-animation-direction:var(--fa-animation-direction,normal);animation-direction:var(--fa-animation-direction,normal);-webkit-animation-duration:var(--fa-animation-duration,1s);animation-duration:var(--fa-animation-duration,1s);-webkit-animation-iteration-count:var(--fa-animation-iteration-count,infinite);animation-iteration-count:var(--fa-animation-iteration-count,infinite);-webkit-animation-timing-function:var(--fa-animation-timing,cubic-bezier(.28,.84,.42,1));animation-timing-function:var(--fa-animation-timing,cubic-bezier(.28,.84,.42,1))}.fa-fade{-webkit-animation-name:fa-fade;animation-name:fa-fade;-webkit-animation-iteration-count:var(--fa-animation-iteration-count,infinite);animation-iteration-count:var(--fa-animation-iteration-count,infinite);-webkit-animation-timing-function:var(--fa-animation-timing,cubic-bezier(.4,0,.6,1));animation-timing-function:var(--fa-animation-timing,cubic-bezier(.4,0,.6,1))}.fa-beat-fade,.fa-fade{-webkit-animation-delay:var(--fa-animation-delay,0s);animation-delay:var(--fa-animation-delay,0s);-webkit-animation-direction:var(--fa-animation-direction,normal);animation-direction:var(--fa-animation-direction,normal);-webkit-animation-duration:var(--fa-animation-duration,1s);animation-duration:var(--fa-animation-duration,1s)}.fa-beat-fade{-webkit-animation-name:fa-beat-fade;animation-name:fa-beat-fade;-webkit-animation-iteration-count:var(--fa-animation-iteration-count,infinite);animation-iteration-count:var(--fa-animation-iteration-count,infinite);-webkit-animation-timing-function:var(--fa-animation-timing,cubic-bezier(.4,0,.6,1));animation-timing-function:var(--fa-animation-timing,cubic-bezier(.4,0,.6,1))}.fa-flip{-webkit-animation-name:fa-flip;animation-name:fa-flip;-webkit-animation-delay:var(--fa-animation-delay,0s);animation-delay:var(--fa-animation-delay,0s);-webkit-animation-direction:var(--fa-animation-direction,normal);animation-direction:var(--fa-animation-direction,normal);-webkit-animation-duration:var(--fa-animation-duration,1s);animation-duration:var(--fa-animation-duration,1s);-webkit-animation-iteration-count:var(--fa-animation-iteration-count,infinite);animation-iteration-count:var(--fa-animation-iteration-count,infinite);-webkit-animation-timing-function:var(--fa-animation-timing,ease-in-out);animation-timing-function:var(--fa-animation-timing,ease-in-out)}.fa-shake{-webkit-animation-name:fa-shake;animation-name:fa-shake;-webkit-animation-duration:var(--fa-animation-duration,1s);animation-duration:var(--fa-animation-duration,1s);-webkit-animation-iteration-count:var(--fa-animation-iteration-count,infinite);animation-iteration-count:var(--fa-animation-iteration-count,infinite);-webkit-animation-timing-function:var(--fa-animation-timing,linear);animation-timing-function:var(--fa-animation-timing,linear)}.fa-shake,.fa-spin{-webkit-animation-delay:var(--fa-animation-delay,0s);animation-delay:var(--fa-animation-delay,0s);-webkit-animation-direction:var(--fa-animation-direction,normal);animation-direction:var(--fa-animation-direction,normal)}.fa-spin{-webkit-animation-name:fa-spin;animation-name:fa-spin;-webkit-animation-duration:var(--fa-animation-duration,2s);animation-duration:var(--fa-animation-duration,2s);-webkit-animation-iteration-count:var(--fa-animation-iteration-count,infinite);animation-iteration-count:var(--fa-animation-iteration-count,infinite);-webkit-animation-timing-function:var(--fa-animation-timing,linear);animation-timing-function:var(--fa-animation-timing,linear)}.fa-spin-reverse{--fa-animation-direction:reverse}.fa-pulse,.fa-spin-pulse{-webkit-animation-name:fa-spin;animation-name:fa-spin;-webkit-animation-direction:var(--fa-animation-direction,normal);animation-direction:var(--fa-animation-direction,normal);-webkit-animation-duration:var(--fa-animation-duration,1s);animation-duration:var(--fa-animation-duration,1s);-webkit-animation-iteration-count:var(--fa-animation-iteration-count,infinite);animation-iteration-count:var(--fa-animation-iteration-count,infinite);-webkit-animation-timing-function:var(--fa-animation-timing,steps(8));animation-timing-function:var(--fa-animation-timing,steps(8))}@media (prefers-reduced-motion:reduce){.fa-beat,.fa-beat-fade,.fa-bounce,.fa-fade,.fa-flip,.fa-pulse,.fa-shake,.fa-spin,.fa-spin-pulse{-webkit-animation-delay:-1ms;animation-delay:-1ms;-webkit-animation-duration:1ms;animation-duration:1ms;-webkit-animation-iteration-count:1;animation-iteration-count:1;transition-delay:0s;transition-duration:0s}}@-webkit-keyframes fa-beat{0%,90%{-webkit-transform:scale(1);transform:scale(1)}45%{-webkit-transform:scale(var(--fa-beat-scale,1.25));transform:scale(var(--fa-beat-scale,1.25))}}@keyframes fa-beat{0%,90%{-webkit-transform:scale(1);transform:scale(1)}45%{-webkit-transform:scale(var(--fa-beat-scale,1.25));transform:scale(var(--fa-beat-scale,1.25))}}@-webkit-keyframes fa-bounce{0%{-webkit-transform:scale(1) translateY(0);transform:scale(1) translateY(0)}10%{-webkit-transform:scale(var(--fa-bounce-start-scale-x,1.1),var(--fa-bounce-start-scale-y,.9)) translateY(0);transform:scale(var(--fa-bounce-start-scale-x,1.1),var(--fa-bounce-start-scale-y,.9)) translateY(0)}30%{-webkit-transform:scale(var(--fa-bounce-jump-scale-x,.9),var(--fa-bounce-jump-scale-y,1.1)) translateY(var(--fa-bounce-height,-.5em));transform:scale(var(--fa-bounce-jump-scale-x,.9),var(--fa-bounce-jump-scale-y,1.1)) translateY(var(--fa-bounce-height,-.5em))}50%{-webkit-transform:scale(var(--fa-bounce-land-scale-x,1.05),var(--fa-bounce-land-scale-y,.95)) translateY(0);transform:scale(var(--fa-bounce-land-scale-x,1.05),var(--fa-bounce-land-scale-y,.95)) translateY(0)}57%{-webkit-transform:scale(1) translateY(var(--fa-bounce-rebound,-.125em));transform:scale(1) translateY(var(--fa-bounce-rebound,-.125em))}64%{-webkit-transform:scale(1) translateY(0);transform:scale(1) translateY(0)}to{-webkit-transform:scale(1) translateY(0);transform:scale(1) translateY(0)}}@keyframes fa-bounce{0%{-webkit-transform:scale(1) translateY(0);transform:scale(1) translateY(0)}10%{-webkit-transform:scale(var(--fa-bounce-start-scale-x,1.1),var(--fa-bounce-start-scale-y,.9)) translateY(0);transform:scale(var(--fa-bounce-start-scale-x,1.1),var(--fa-bounce-start-scale-y,.9)) translateY(0)}30%{-webkit-transform:scale(var(--fa-bounce-jump-scale-x,.9),var(--fa-bounce-jump-scale-y,1.1)) translateY(var(--fa-bounce-height,-.5em));transform:scale(var(--fa-bounce-jump-scale-x,.9),var(--fa-bounce-jump-scale-y,1.1)) translateY(var(--fa-bounce-height,-.5em))}50%{-webkit-transform:scale(var(--fa-bounce-land-scale-x,1.05),var(--fa-bounce-land-scale-y,.95)) translateY(0);transform:scale(var(--fa-bounce-land-scale-x,1.05),var(--fa-bounce-land-scale-y,.95)) translateY(0)}57%{-webkit-transform:scale(1) translateY(var(--fa-bounce-rebound,-.125em));transform:scale(1) translateY(var(--fa-bounce-rebound,-.125em))}64%{-webkit-transform:scale(1) translateY(0);transform:scale(1) translateY(0)}to{-webkit-transform:scale(1) translateY(0);transform:scale(1) translateY(0)}}@-webkit-keyframes fa-fade{50%{opacity:var(--fa-fade-opacity,.4)}}@keyframes fa-fade{50%{opacity:var(--fa-fade-opacity,.4)}}@-webkit-keyframes fa-beat-fade{0%,to{opacity:var(--fa-beat-fade-opacity,.4);-webkit-transform:scale(1);transform:scale(1)}50%{opacity:1;-webkit-transform:scale(var(--fa-beat-fade-scale,1.125));transform:scale(var(--fa-beat-fade-scale,1.125))}}@keyframes fa-beat-fade{0%,to{opacity:var(--fa-beat-fade-opacity,.4);-webkit-transform:scale(1);transform:scale(1)}50%{opacity:1;-webkit-transform:scale(var(--fa-beat-fade-scale,1.125));transform:scale(var(--fa-beat-fade-scale,1.125))}}@-webkit-keyframes fa-flip{50%{-webkit-transform:rotate3d(var(--fa-flip-x,0),var(--fa-flip-y,1),var(--fa-flip-z,0),var(--fa-flip-angle,-180deg));transform:rotate3d(var(--fa-flip-x,0),var(--fa-flip-y,1),var(--fa-flip-z,0),var(--fa-flip-angle,-180deg))}}@keyframes fa-flip{50%{-webkit-transform:rotate3d(var(--fa-flip-x,0),var(--fa-flip-y,1),var(--fa-flip-z,0),var(--fa-flip-angle,-180deg));transform:rotate3d(var(--fa-flip-x,0),var(--fa-flip-y,1),var(--fa-flip-z,0),var(--fa-flip-angle,-180deg))}}@-webkit-keyframes fa-shake{0%{-webkit-transform:rotate(-15deg);transform:rotate(-15deg)}4%{-webkit-transform:rotate(15deg);transform:rotate(15deg)}8%,24%{-webkit-transform:rotate(-18deg);transform:rotate(-18deg)}12%,28%{-webkit-transform:rotate(18deg);transform:rotate(18deg)}16%{-webkit-transform:rotate(-22deg);transform:rotate(-22deg)}20%{-webkit-transform:rotate(22deg);transform:rotate(22deg)}32%{-webkit-transform:rotate(-12deg);transform:rotate(-12deg)}36%{-webkit-transform:rotate(12deg);transform:rotate(12deg)}40%,to{-webkit-transform:rotate(0deg);transform:rotate(0deg)}}@keyframes fa-shake{0%{-webkit-transform:rotate(-15deg);transform:rotate(-15deg)}4%{-webkit-transform:rotate(15deg);transform:rotate(15deg)}8%,24%{-webkit-transform:rotate(-18deg);transform:rotate(-18deg)}12%,28%{-webkit-transform:rotate(18deg);transform:rotate(18deg)}16%{-webkit-transform:rotate(-22deg);transform:rotate(-22deg)}20%{-webkit-transform:rotate(22deg);transform:rotate(22deg)}32%{-webkit-transform:rotate(-12deg);transform:rotate(-12deg)}36%{-webkit-transform:rotate(12deg);transform:rotate(12deg)}40%,to{-webkit-transform:rotate(0deg);transform:rotate(0deg)}}@-webkit-keyframes fa-spin{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(1turn);transform:rotate(1turn)}}@keyframes fa-spin{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(1turn);transform:rotate(1turn)}}.fa-rotate-90{-webkit-transform:rotate(90deg);transform:rotate(90deg)}.fa-rotate-180{-webkit-transform:rotate(180deg);transform:rotate(180deg)}.fa-rotate-270{-webkit-transform:rotate(270deg);transform:rotate(270deg)}.fa-flip-horizontal{-webkit-transform:scaleX(-1);transform:scaleX(-1)}.fa-flip-vertical{-webkit-transform:scaleY(-1);transform:scaleY(-1)}.fa-flip-both,.fa-flip-horizontal.fa-flip-vertical{-webkit-transform:scale(-1);transform:scale(-1)}.fa-rotate-by{-webkit-transform:rotate(var(--fa-rotate-angle,none));transform:rotate(var(--fa-rotate-angle,none))}.fa-stack{display:inline-block;height:2em;line-height:2em;position:relative;vertical-align:middle;width:2.5em}.fa-stack-1x,.fa-stack-2x{left:0;position:absolute;text-align:center;width:100%;z-index:var(--fa-stack-z-index,auto)}.fa-stack-1x{line-height:inherit}.fa-stack-2x{font-size:2em}.fa-inverse{color:var(--fa-inverse,#fff)}.fa-0:before{content:"\30"}.fa-1:before{content:"\31"}.fa-2:before{content:"\32"}.fa-3:before{content:"\33"}.fa-4:before{content:"\34"}.fa-5:before{content:"\35"}.fa-6:before{content:"\36"}.fa-7:before{content:"\37"}.fa-8:before{content:"\38"}.fa-9:before{content:"\39"}.fa-fill-drip:before{content:"\f576"}.fa-arrows-to-circle:before{content:"\e4bd"}.fa-chevron-circle-right:before,.fa-circle-chevron-right:before{content:"\f138"}.fa-at:before{content:"\40"}.fa-trash-alt:before,.fa-trash-can:before{content:"\f2ed"}.fa-text-height:before{content:"\f034"}.fa-user-times:before,.fa-user-xmark:before{content:"\f235"}.fa-stethoscope:before{content:"\f0f1"}.fa-comment-alt:before,.fa-message:before{content:"\f27a"}.fa-info:before{content:"\f129"}.fa-compress-alt:before,.fa-down-left-and-up-right-to-center:before{content:"\f422"}.fa-explosion:before{content:"\e4e9"}.fa-file-alt:before,.fa-file-lines:before,.fa-file-text:before{content:"\f15c"}.fa-wave-square:before{content:"\f83e"}.fa-ring:before{content:"\f70b"}.fa-building-un:before{content:"\e4d9"}.fa-dice-three:before{content:"\f527"}.fa-calendar-alt:before,.fa-calendar-days:before{content:"\f073"}.fa-anchor-circle-check:before{content:"\e4aa"}.fa-building-circle-arrow-right:before{content:"\e4d1"}.fa-volleyball-ball:before,.fa-volleyball:before{content:"\f45f"}.fa-arrows-up-to-line:before{content:"\e4c2"}.fa-sort-desc:before,.fa-sort-down:before{content:"\f0dd"}.fa-circle-minus:before,.fa-minus-circle:before{content:"\f056"}.fa-door-open:before{content:"\f52b"}.fa-right-from-bracket:before,.fa-sign-out-alt:before{content:"\f2f5"}.fa-atom:before{content:"\f5d2"}.fa-soap:before{content:"\e06e"}.fa-heart-music-camera-bolt:before,.fa-icons:before{content:"\f86d"}.fa-microphone-alt-slash:before,.fa-microphone-lines-slash:before{content:"\f539"}.fa-bridge-circle-check:before{content:"\e4c9"}.fa-pump-medical:before{content:"\e06a"}.fa-fingerprint:before{content:"\f577"}.fa-hand-point-right:before{content:"\f0a4"}.fa-magnifying-glass-location:before,.fa-search-location:before{content:"\f689"}.fa-forward-step:before,.fa-step-forward:before{content:"\f051"}.fa-face-smile-beam:before,.fa-smile-beam:before{content:"\f5b8"}.fa-flag-checkered:before{content:"\f11e"}.fa-football-ball:before,.fa-football:before{content:"\f44e"}.fa-school-circle-exclamation:before{content:"\e56c"}.fa-crop:before{content:"\f125"}.fa-angle-double-down:before,.fa-angles-down:before{content:"\f103"}.fa-users-rectangle:before{content:"\e594"}.fa-people-roof:before{content:"\e537"}.fa-people-line:before{content:"\e534"}.fa-beer-mug-empty:before,.fa-beer:before{content:"\f0fc"}.fa-diagram-predecessor:before{content:"\e477"}.fa-arrow-up-long:before,.fa-long-arrow-up:before{content:"\f176"}.fa-burn:before,.fa-fire-flame-simple:before{content:"\f46a"}.fa-male:before,.fa-person:before{content:"\f183"}.fa-laptop:before{content:"\f109"}.fa-file-csv:before{content:"\f6dd"}.fa-menorah:before{content:"\f676"}.fa-truck-plane:before{content:"\e58f"}.fa-record-vinyl:before{content:"\f8d9"}.fa-face-grin-stars:before,.fa-grin-stars:before{content:"\f587"}.fa-bong:before{content:"\f55c"}.fa-pastafarianism:before,.fa-spaghetti-monster-flying:before{content:"\f67b"}.fa-arrow-down-up-across-line:before{content:"\e4af"}.fa-spoon:before,.fa-utensil-spoon:before{content:"\f2e5"}.fa-jar-wheat:before{content:"\e517"}.fa-envelopes-bulk:before,.fa-mail-bulk:before{content:"\f674"}.fa-file-circle-exclamation:before{content:"\e4eb"}.fa-circle-h:before,.fa-hospital-symbol:before{content:"\f47e"}.fa-pager:before{content:"\f815"}.fa-address-book:before,.fa-contact-book:before{content:"\f2b9"}.fa-strikethrough:before{content:"\f0cc"}.fa-k:before{content:"\4b"}.fa-landmark-flag:before{content:"\e51c"}.fa-pencil-alt:before,.fa-pencil:before{content:"\f303"}.fa-backward:before{content:"\f04a"}.fa-caret-right:before{content:"\f0da"}.fa-comments:before{content:"\f086"}.fa-file-clipboard:before,.fa-paste:before{content:"\f0ea"}.fa-code-pull-request:before{content:"\e13c"}.fa-clipboard-list:before{content:"\f46d"}.fa-truck-loading:before,.fa-truck-ramp-box:before{content:"\f4de"}.fa-user-check:before{content:"\f4fc"}.fa-vial-virus:before{content:"\e597"}.fa-sheet-plastic:before{content:"\e571"}.fa-blog:before{content:"\f781"}.fa-user-ninja:before{content:"\f504"}.fa-person-arrow-up-from-line:before{content:"\e539"}.fa-scroll-torah:before,.fa-torah:before{content:"\f6a0"}.fa-broom-ball:before,.fa-quidditch-broom-ball:before,.fa-quidditch:before{content:"\f458"}.fa-toggle-off:before{content:"\f204"}.fa-archive:before,.fa-box-archive:before{content:"\f187"}.fa-person-drowning:before{content:"\e545"}.fa-arrow-down-9-1:before,.fa-sort-numeric-desc:before,.fa-sort-numeric-down-alt:before{content:"\f886"}.fa-face-grin-tongue-squint:before,.fa-grin-tongue-squint:before{content:"\f58a"}.fa-spray-can:before{content:"\f5bd"}.fa-truck-monster:before{content:"\f63b"}.fa-w:before{content:"\57"}.fa-earth-africa:before,.fa-globe-africa:before{content:"\f57c"}.fa-rainbow:before{content:"\f75b"}.fa-circle-notch:before{content:"\f1ce"}.fa-tablet-alt:before,.fa-tablet-screen-button:before{content:"\f3fa"}.fa-paw:before{content:"\f1b0"}.fa-cloud:before{content:"\f0c2"}.fa-trowel-bricks:before{content:"\e58a"}.fa-face-flushed:before,.fa-flushed:before{content:"\f579"}.fa-hospital-user:before{content:"\f80d"}.fa-tent-arrow-left-right:before{content:"\e57f"}.fa-gavel:before,.fa-legal:before{content:"\f0e3"}.fa-binoculars:before{content:"\f1e5"}.fa-microphone-slash:before{content:"\f131"}.fa-box-tissue:before{content:"\e05b"}.fa-motorcycle:before{content:"\f21c"}.fa-bell-concierge:before,.fa-concierge-bell:before{content:"\f562"}.fa-pen-ruler:before,.fa-pencil-ruler:before{content:"\f5ae"}.fa-people-arrows-left-right:before,.fa-people-arrows:before{content:"\e068"}.fa-mars-and-venus-burst:before{content:"\e523"}.fa-caret-square-right:before,.fa-square-caret-right:before{content:"\f152"}.fa-cut:before,.fa-scissors:before{content:"\f0c4"}.fa-sun-plant-wilt:before{content:"\e57a"}.fa-toilets-portable:before{content:"\e584"}.fa-hockey-puck:before{content:"\f453"}.fa-table:before{content:"\f0ce"}.fa-magnifying-glass-arrow-right:before{content:"\e521"}.fa-digital-tachograph:before,.fa-tachograph-digital:before{content:"\f566"}.fa-users-slash:before{content:"\e073"}.fa-clover:before{content:"\e139"}.fa-mail-reply:before,.fa-reply:before{content:"\f3e5"}.fa-star-and-crescent:before{content:"\f699"}.fa-house-fire:before{content:"\e50c"}.fa-minus-square:before,.fa-square-minus:before{content:"\f146"}.fa-helicopter:before{content:"\f533"}.fa-compass:before{content:"\f14e"}.fa-caret-square-down:before,.fa-square-caret-down:before{content:"\f150"}.fa-file-circle-question:before{content:"\e4ef"}.fa-laptop-code:before{content:"\f5fc"}.fa-swatchbook:before{content:"\f5c3"}.fa-prescription-bottle:before{content:"\f485"}.fa-bars:before,.fa-navicon:before{content:"\f0c9"}.fa-people-group:before{content:"\e533"}.fa-hourglass-3:before,.fa-hourglass-end:before{content:"\f253"}.fa-heart-broken:before,.fa-heart-crack:before{content:"\f7a9"}.fa-external-link-square-alt:before,.fa-square-up-right:before{content:"\f360"}.fa-face-kiss-beam:before,.fa-kiss-beam:before{content:"\f597"}.fa-film:before{content:"\f008"}.fa-ruler-horizontal:before{content:"\f547"}.fa-people-robbery:before{content:"\e536"}.fa-lightbulb:before{content:"\f0eb"}.fa-caret-left:before{content:"\f0d9"}.fa-circle-exclamation:before,.fa-exclamation-circle:before{content:"\f06a"}.fa-school-circle-xmark:before{content:"\e56d"}.fa-arrow-right-from-bracket:before,.fa-sign-out:before{content:"\f08b"}.fa-chevron-circle-down:before,.fa-circle-chevron-down:before{content:"\f13a"}.fa-unlock-alt:before,.fa-unlock-keyhole:before{content:"\f13e"}.fa-cloud-showers-heavy:before{content:"\f740"}.fa-headphones-alt:before,.fa-headphones-simple:before{content:"\f58f"}.fa-sitemap:before{content:"\f0e8"}.fa-circle-dollar-to-slot:before,.fa-donate:before{content:"\f4b9"}.fa-memory:before{content:"\f538"}.fa-road-spikes:before{content:"\e568"}.fa-fire-burner:before{content:"\e4f1"}.fa-flag:before{content:"\f024"}.fa-hanukiah:before{content:"\f6e6"}.fa-feather:before{content:"\f52d"}.fa-volume-down:before,.fa-volume-low:before{content:"\f027"}.fa-comment-slash:before{content:"\f4b3"}.fa-cloud-sun-rain:before{content:"\f743"}.fa-compress:before{content:"\f066"}.fa-wheat-alt:before,.fa-wheat-awn:before{content:"\e2cd"}.fa-ankh:before{content:"\f644"}.fa-hands-holding-child:before{content:"\e4fa"}.fa-asterisk:before{content:"\2a"}.fa-check-square:before,.fa-square-check:before{content:"\f14a"}.fa-peseta-sign:before{content:"\e221"}.fa-header:before,.fa-heading:before{content:"\f1dc"}.fa-ghost:before{content:"\f6e2"}.fa-list-squares:before,.fa-list:before{content:"\f03a"}.fa-phone-square-alt:before,.fa-square-phone-flip:before{content:"\f87b"}.fa-cart-plus:before{content:"\f217"}.fa-gamepad:before{content:"\f11b"}.fa-circle-dot:before,.fa-dot-circle:before{content:"\f192"}.fa-dizzy:before,.fa-face-dizzy:before{content:"\f567"}.fa-egg:before{content:"\f7fb"}.fa-house-medical-circle-xmark:before{content:"\e513"}.fa-campground:before{content:"\f6bb"}.fa-folder-plus:before{content:"\f65e"}.fa-futbol-ball:before,.fa-futbol:before,.fa-soccer-ball:before{content:"\f1e3"}.fa-paint-brush:before,.fa-paintbrush:before{content:"\f1fc"}.fa-lock:before{content:"\f023"}.fa-gas-pump:before{content:"\f52f"}.fa-hot-tub-person:before,.fa-hot-tub:before{content:"\f593"}.fa-map-location:before,.fa-map-marked:before{content:"\f59f"}.fa-house-flood-water:before{content:"\e50e"}.fa-tree:before{content:"\f1bb"}.fa-bridge-lock:before{content:"\e4cc"}.fa-sack-dollar:before{content:"\f81d"}.fa-edit:before,.fa-pen-to-square:before{content:"\f044"}.fa-car-side:before{content:"\f5e4"}.fa-share-alt:before,.fa-share-nodes:before{content:"\f1e0"}.fa-heart-circle-minus:before{content:"\e4ff"}.fa-hourglass-2:before,.fa-hourglass-half:before{content:"\f252"}.fa-microscope:before{content:"\f610"}.fa-sink:before{content:"\e06d"}.fa-bag-shopping:before,.fa-shopping-bag:before{content:"\f290"}.fa-arrow-down-z-a:before,.fa-sort-alpha-desc:before,.fa-sort-alpha-down-alt:before{content:"\f881"}.fa-mitten:before{content:"\f7b5"}.fa-person-rays:before{content:"\e54d"}.fa-users:before{content:"\f0c0"}.fa-eye-slash:before{content:"\f070"}.fa-flask-vial:before{content:"\e4f3"}.fa-hand-paper:before,.fa-hand:before{content:"\f256"}.fa-om:before{content:"\f679"}.fa-worm:before{content:"\e599"}.fa-house-circle-xmark:before{content:"\e50b"}.fa-plug:before{content:"\f1e6"}.fa-chevron-up:before{content:"\f077"}.fa-hand-spock:before{content:"\f259"}.fa-stopwatch:before{content:"\f2f2"}.fa-face-kiss:before,.fa-kiss:before{content:"\f596"}.fa-bridge-circle-xmark:before{content:"\e4cb"}.fa-face-grin-tongue:before,.fa-grin-tongue:before{content:"\f589"}.fa-chess-bishop:before{content:"\f43a"}.fa-face-grin-wink:before,.fa-grin-wink:before{content:"\f58c"}.fa-deaf:before,.fa-deafness:before,.fa-ear-deaf:before,.fa-hard-of-hearing:before{content:"\f2a4"}.fa-road-circle-check:before{content:"\e564"}.fa-dice-five:before{content:"\f523"}.fa-rss-square:before,.fa-square-rss:before{content:"\f143"}.fa-land-mine-on:before{content:"\e51b"}.fa-i-cursor:before{content:"\f246"}.fa-stamp:before{content:"\f5bf"}.fa-stairs:before{content:"\e289"}.fa-i:before{content:"\49"}.fa-hryvnia-sign:before,.fa-hryvnia:before{content:"\f6f2"}.fa-pills:before{content:"\f484"}.fa-face-grin-wide:before,.fa-grin-alt:before{content:"\f581"}.fa-tooth:before{content:"\f5c9"}.fa-v:before{content:"\56"}.fa-bangladeshi-taka-sign:before{content:"\e2e6"}.fa-bicycle:before{content:"\f206"}.fa-rod-asclepius:before,.fa-rod-snake:before,.fa-staff-aesculapius:before,.fa-staff-snake:before{content:"\e579"}.fa-head-side-cough-slash:before{content:"\e062"}.fa-ambulance:before,.fa-truck-medical:before{content:"\f0f9"}.fa-wheat-awn-circle-exclamation:before{content:"\e598"}.fa-snowman:before{content:"\f7d0"}.fa-mortar-pestle:before{content:"\f5a7"}.fa-road-barrier:before{content:"\e562"}.fa-school:before{content:"\f549"}.fa-igloo:before{content:"\f7ae"}.fa-joint:before{content:"\f595"}.fa-angle-right:before{content:"\f105"}.fa-horse:before{content:"\f6f0"}.fa-q:before{content:"\51"}.fa-g:before{content:"\47"}.fa-notes-medical:before{content:"\f481"}.fa-temperature-2:before,.fa-temperature-half:before,.fa-thermometer-2:before,.fa-thermometer-half:before{content:"\f2c9"}.fa-dong-sign:before{content:"\e169"}.fa-capsules:before{content:"\f46b"}.fa-poo-bolt:before,.fa-poo-storm:before{content:"\f75a"}.fa-face-frown-open:before,.fa-frown-open:before{content:"\f57a"}.fa-hand-point-up:before{content:"\f0a6"}.fa-money-bill:before{content:"\f0d6"}.fa-bookmark:before{content:"\f02e"}.fa-align-justify:before{content:"\f039"}.fa-umbrella-beach:before{content:"\f5ca"}.fa-helmet-un:before{content:"\e503"}.fa-bullseye:before{content:"\f140"}.fa-bacon:before{content:"\f7e5"}.fa-hand-point-down:before{content:"\f0a7"}.fa-arrow-up-from-bracket:before{content:"\e09a"}.fa-folder-blank:before,.fa-folder:before{content:"\f07b"}.fa-file-medical-alt:before,.fa-file-waveform:before{content:"\f478"}.fa-radiation:before{content:"\f7b9"}.fa-chart-simple:before{content:"\e473"}.fa-mars-stroke:before{content:"\f229"}.fa-vial:before{content:"\f492"}.fa-dashboard:before,.fa-gauge-med:before,.fa-gauge:before,.fa-tachometer-alt-average:before{content:"\f624"}.fa-magic-wand-sparkles:before,.fa-wand-magic-sparkles:before{content:"\e2ca"}.fa-e:before{content:"\45"}.fa-pen-alt:before,.fa-pen-clip:before{content:"\f305"}.fa-bridge-circle-exclamation:before{content:"\e4ca"}.fa-user:before{content:"\f007"}.fa-school-circle-check:before{content:"\e56b"}.fa-dumpster:before{content:"\f793"}.fa-shuttle-van:before,.fa-van-shuttle:before{content:"\f5b6"}.fa-building-user:before{content:"\e4da"}.fa-caret-square-left:before,.fa-square-caret-left:before{content:"\f191"}.fa-highlighter:before{content:"\f591"}.fa-key:before{content:"\f084"}.fa-bullhorn:before{content:"\f0a1"}.fa-globe:before{content:"\f0ac"}.fa-synagogue:before{content:"\f69b"}.fa-person-half-dress:before{content:"\e548"}.fa-road-bridge:before{content:"\e563"}.fa-location-arrow:before{content:"\f124"}.fa-c:before{content:"\43"}.fa-tablet-button:before{content:"\f10a"}.fa-building-lock:before{content:"\e4d6"}.fa-pizza-slice:before{content:"\f818"}.fa-money-bill-wave:before{content:"\f53a"}.fa-area-chart:before,.fa-chart-area:before{content:"\f1fe"}.fa-house-flag:before{content:"\e50d"}.fa-person-circle-minus:before{content:"\e540"}.fa-ban:before,.fa-cancel:before{content:"\f05e"}.fa-camera-rotate:before{content:"\e0d8"}.fa-air-freshener:before,.fa-spray-can-sparkles:before{content:"\f5d0"}.fa-star:before{content:"\f005"}.fa-repeat:before{content:"\f363"}.fa-cross:before{content:"\f654"}.fa-box:before{content:"\f466"}.fa-venus-mars:before{content:"\f228"}.fa-arrow-pointer:before,.fa-mouse-pointer:before{content:"\f245"}.fa-expand-arrows-alt:before,.fa-maximize:before{content:"\f31e"}.fa-charging-station:before{content:"\f5e7"}.fa-shapes:before,.fa-triangle-circle-square:before{content:"\f61f"}.fa-random:before,.fa-shuffle:before{content:"\f074"}.fa-person-running:before,.fa-running:before{content:"\f70c"}.fa-mobile-retro:before{content:"\e527"}.fa-grip-lines-vertical:before{content:"\f7a5"}.fa-spider:before{content:"\f717"}.fa-hands-bound:before{content:"\e4f9"}.fa-file-invoice-dollar:before{content:"\f571"}.fa-plane-circle-exclamation:before{content:"\e556"}.fa-x-ray:before{content:"\f497"}.fa-spell-check:before{content:"\f891"}.fa-slash:before{content:"\f715"}.fa-computer-mouse:before,.fa-mouse:before{content:"\f8cc"}.fa-arrow-right-to-bracket:before,.fa-sign-in:before{content:"\f090"}.fa-shop-slash:before,.fa-store-alt-slash:before{content:"\e070"}.fa-server:before{content:"\f233"}.fa-virus-covid-slash:before{content:"\e4a9"}.fa-shop-lock:before{content:"\e4a5"}.fa-hourglass-1:before,.fa-hourglass-start:before{content:"\f251"}.fa-blender-phone:before{content:"\f6b6"}.fa-building-wheat:before{content:"\e4db"}.fa-person-breastfeeding:before{content:"\e53a"}.fa-right-to-bracket:before,.fa-sign-in-alt:before{content:"\f2f6"}.fa-venus:before{content:"\f221"}.fa-passport:before{content:"\f5ab"}.fa-heart-pulse:before,.fa-heartbeat:before{content:"\f21e"}.fa-people-carry-box:before,.fa-people-carry:before{content:"\f4ce"}.fa-temperature-high:before{content:"\f769"}.fa-microchip:before{content:"\f2db"}.fa-crown:before{content:"\f521"}.fa-weight-hanging:before{content:"\f5cd"}.fa-xmarks-lines:before{content:"\e59a"}.fa-file-prescription:before{content:"\f572"}.fa-weight-scale:before,.fa-weight:before{content:"\f496"}.fa-user-friends:before,.fa-user-group:before{content:"\f500"}.fa-arrow-up-a-z:before,.fa-sort-alpha-up:before{content:"\f15e"}.fa-chess-knight:before{content:"\f441"}.fa-face-laugh-squint:before,.fa-laugh-squint:before{content:"\f59b"}.fa-wheelchair:before{content:"\f193"}.fa-arrow-circle-up:before,.fa-circle-arrow-up:before{content:"\f0aa"}.fa-toggle-on:before{content:"\f205"}.fa-person-walking:before,.fa-walking:before{content:"\f554"}.fa-l:before{content:"\4c"}.fa-fire:before{content:"\f06d"}.fa-bed-pulse:before,.fa-procedures:before{content:"\f487"}.fa-shuttle-space:before,.fa-space-shuttle:before{content:"\f197"}.fa-face-laugh:before,.fa-laugh:before{content:"\f599"}.fa-folder-open:before{content:"\f07c"}.fa-heart-circle-plus:before{content:"\e500"}.fa-code-fork:before{content:"\e13b"}.fa-city:before{content:"\f64f"}.fa-microphone-alt:before,.fa-microphone-lines:before{content:"\f3c9"}.fa-pepper-hot:before{content:"\f816"}.fa-unlock:before{content:"\f09c"}.fa-colon-sign:before{content:"\e140"}.fa-headset:before{content:"\f590"}.fa-store-slash:before{content:"\e071"}.fa-road-circle-xmark:before{content:"\e566"}.fa-user-minus:before{content:"\f503"}.fa-mars-stroke-up:before,.fa-mars-stroke-v:before{content:"\f22a"}.fa-champagne-glasses:before,.fa-glass-cheers:before{content:"\f79f"}.fa-clipboard:before{content:"\f328"}.fa-house-circle-exclamation:before{content:"\e50a"}.fa-file-arrow-up:before,.fa-file-upload:before{content:"\f574"}.fa-wifi-3:before,.fa-wifi-strong:before,.fa-wifi:before{content:"\f1eb"}.fa-bath:before,.fa-bathtub:before{content:"\f2cd"}.fa-underline:before{content:"\f0cd"}.fa-user-edit:before,.fa-user-pen:before{content:"\f4ff"}.fa-signature:before{content:"\f5b7"}.fa-stroopwafel:before{content:"\f551"}.fa-bold:before{content:"\f032"}.fa-anchor-lock:before{content:"\e4ad"}.fa-building-ngo:before{content:"\e4d7"}.fa-manat-sign:before{content:"\e1d5"}.fa-not-equal:before{content:"\f53e"}.fa-border-style:before,.fa-border-top-left:before{content:"\f853"}.fa-map-location-dot:before,.fa-map-marked-alt:before{content:"\f5a0"}.fa-jedi:before{content:"\f669"}.fa-poll:before,.fa-square-poll-vertical:before{content:"\f681"}.fa-mug-hot:before{content:"\f7b6"}.fa-battery-car:before,.fa-car-battery:before{content:"\f5df"}.fa-gift:before{content:"\f06b"}.fa-dice-two:before{content:"\f528"}.fa-chess-queen:before{content:"\f445"}.fa-glasses:before{content:"\f530"}.fa-chess-board:before{content:"\f43c"}.fa-building-circle-check:before{content:"\e4d2"}.fa-person-chalkboard:before{content:"\e53d"}.fa-mars-stroke-h:before,.fa-mars-stroke-right:before{content:"\f22b"}.fa-hand-back-fist:before,.fa-hand-rock:before{content:"\f255"}.fa-caret-square-up:before,.fa-square-caret-up:before{content:"\f151"}.fa-cloud-showers-water:before{content:"\e4e4"}.fa-bar-chart:before,.fa-chart-bar:before{content:"\f080"}.fa-hands-bubbles:before,.fa-hands-wash:before{content:"\e05e"}.fa-less-than-equal:before{content:"\f537"}.fa-train:before{content:"\f238"}.fa-eye-low-vision:before,.fa-low-vision:before{content:"\f2a8"}.fa-crow:before{content:"\f520"}.fa-sailboat:before{content:"\e445"}.fa-window-restore:before{content:"\f2d2"}.fa-plus-square:before,.fa-square-plus:before{content:"\f0fe"}.fa-torii-gate:before{content:"\f6a1"}.fa-frog:before{content:"\f52e"}.fa-bucket:before{content:"\e4cf"}.fa-image:before{content:"\f03e"}.fa-microphone:before{content:"\f130"}.fa-cow:before{content:"\f6c8"}.fa-caret-up:before{content:"\f0d8"}.fa-screwdriver:before{content:"\f54a"}.fa-folder-closed:before{content:"\e185"}.fa-house-tsunami:before{content:"\e515"}.fa-square-nfi:before{content:"\e576"}.fa-arrow-up-from-ground-water:before{content:"\e4b5"}.fa-glass-martini-alt:before,.fa-martini-glass:before{content:"\f57b"}.fa-rotate-back:before,.fa-rotate-backward:before,.fa-rotate-left:before,.fa-undo-alt:before{content:"\f2ea"}.fa-columns:before,.fa-table-columns:before{content:"\f0db"}.fa-lemon:before{content:"\f094"}.fa-head-side-mask:before{content:"\e063"}.fa-handshake:before{content:"\f2b5"}.fa-gem:before{content:"\f3a5"}.fa-dolly-box:before,.fa-dolly:before{content:"\f472"}.fa-smoking:before{content:"\f48d"}.fa-compress-arrows-alt:before,.fa-minimize:before{content:"\f78c"}.fa-monument:before{content:"\f5a6"}.fa-snowplow:before{content:"\f7d2"}.fa-angle-double-right:before,.fa-angles-right:before{content:"\f101"}.fa-cannabis:before{content:"\f55f"}.fa-circle-play:before,.fa-play-circle:before{content:"\f144"}.fa-tablets:before{content:"\f490"}.fa-ethernet:before{content:"\f796"}.fa-eur:before,.fa-euro-sign:before,.fa-euro:before{content:"\f153"}.fa-chair:before{content:"\f6c0"}.fa-check-circle:before,.fa-circle-check:before{content:"\f058"}.fa-circle-stop:before,.fa-stop-circle:before{content:"\f28d"}.fa-compass-drafting:before,.fa-drafting-compass:before{content:"\f568"}.fa-plate-wheat:before{content:"\e55a"}.fa-icicles:before{content:"\f7ad"}.fa-person-shelter:before{content:"\e54f"}.fa-neuter:before{content:"\f22c"}.fa-id-badge:before{content:"\f2c1"}.fa-marker:before{content:"\f5a1"}.fa-face-laugh-beam:before,.fa-laugh-beam:before{content:"\f59a"}.fa-helicopter-symbol:before{content:"\e502"}.fa-universal-access:before{content:"\f29a"}.fa-chevron-circle-up:before,.fa-circle-chevron-up:before{content:"\f139"}.fa-lari-sign:before{content:"\e1c8"}.fa-volcano:before{content:"\f770"}.fa-person-walking-dashed-line-arrow-right:before{content:"\e553"}.fa-gbp:before,.fa-pound-sign:before,.fa-sterling-sign:before{content:"\f154"}.fa-viruses:before{content:"\e076"}.fa-square-person-confined:before{content:"\e577"}.fa-user-tie:before{content:"\f508"}.fa-arrow-down-long:before,.fa-long-arrow-down:before{content:"\f175"}.fa-tent-arrow-down-to-line:before{content:"\e57e"}.fa-certificate:before{content:"\f0a3"}.fa-mail-reply-all:before,.fa-reply-all:before{content:"\f122"}.fa-suitcase:before{content:"\f0f2"}.fa-person-skating:before,.fa-skating:before{content:"\f7c5"}.fa-filter-circle-dollar:before,.fa-funnel-dollar:before{content:"\f662"}.fa-camera-retro:before{content:"\f083"}.fa-arrow-circle-down:before,.fa-circle-arrow-down:before{content:"\f0ab"}.fa-arrow-right-to-file:before,.fa-file-import:before{content:"\f56f"}.fa-external-link-square:before,.fa-square-arrow-up-right:before{content:"\f14c"}.fa-box-open:before{content:"\f49e"}.fa-scroll:before{content:"\f70e"}.fa-spa:before{content:"\f5bb"}.fa-location-pin-lock:before{content:"\e51f"}.fa-pause:before{content:"\f04c"}.fa-hill-avalanche:before{content:"\e507"}.fa-temperature-0:before,.fa-temperature-empty:before,.fa-thermometer-0:before,.fa-thermometer-empty:before{content:"\f2cb"}.fa-bomb:before{content:"\f1e2"}.fa-registered:before{content:"\f25d"}.fa-address-card:before,.fa-contact-card:before,.fa-vcard:before{content:"\f2bb"}.fa-balance-scale-right:before,.fa-scale-unbalanced-flip:before{content:"\f516"}.fa-subscript:before{content:"\f12c"}.fa-diamond-turn-right:before,.fa-directions:before{content:"\f5eb"}.fa-burst:before{content:"\e4dc"}.fa-house-laptop:before,.fa-laptop-house:before{content:"\e066"}.fa-face-tired:before,.fa-tired:before{content:"\f5c8"}.fa-money-bills:before{content:"\e1f3"}.fa-smog:before{content:"\f75f"}.fa-crutch:before{content:"\f7f7"}.fa-cloud-arrow-up:before,.fa-cloud-upload-alt:before,.fa-cloud-upload:before{content:"\f0ee"}.fa-palette:before{content:"\f53f"}.fa-arrows-turn-right:before{content:"\e4c0"}.fa-vest:before{content:"\e085"}.fa-ferry:before{content:"\e4ea"}.fa-arrows-down-to-people:before{content:"\e4b9"}.fa-seedling:before,.fa-sprout:before{content:"\f4d8"}.fa-arrows-alt-h:before,.fa-left-right:before{content:"\f337"}.fa-boxes-packing:before{content:"\e4c7"}.fa-arrow-circle-left:before,.fa-circle-arrow-left:before{content:"\f0a8"}.fa-group-arrows-rotate:before{content:"\e4f6"}.fa-bowl-food:before{content:"\e4c6"}.fa-candy-cane:before{content:"\f786"}.fa-arrow-down-wide-short:before,.fa-sort-amount-asc:before,.fa-sort-amount-down:before{content:"\f160"}.fa-cloud-bolt:before,.fa-thunderstorm:before{content:"\f76c"}.fa-remove-format:before,.fa-text-slash:before{content:"\f87d"}.fa-face-smile-wink:before,.fa-smile-wink:before{content:"\f4da"}.fa-file-word:before{content:"\f1c2"}.fa-file-powerpoint:before{content:"\f1c4"}.fa-arrows-h:before,.fa-arrows-left-right:before{content:"\f07e"}.fa-house-lock:before{content:"\e510"}.fa-cloud-arrow-down:before,.fa-cloud-download-alt:before,.fa-cloud-download:before{content:"\f0ed"}.fa-children:before{content:"\e4e1"}.fa-blackboard:before,.fa-chalkboard:before{content:"\f51b"}.fa-user-alt-slash:before,.fa-user-large-slash:before{content:"\f4fa"}.fa-envelope-open:before{content:"\f2b6"}.fa-handshake-alt-slash:before,.fa-handshake-simple-slash:before{content:"\e05f"}.fa-mattress-pillow:before{content:"\e525"}.fa-guarani-sign:before{content:"\e19a"}.fa-arrows-rotate:before,.fa-refresh:before,.fa-sync:before{content:"\f021"}.fa-fire-extinguisher:before{content:"\f134"}.fa-cruzeiro-sign:before{content:"\e152"}.fa-greater-than-equal:before{content:"\f532"}.fa-shield-alt:before,.fa-shield-halved:before{content:"\f3ed"}.fa-atlas:before,.fa-book-atlas:before{content:"\f558"}.fa-virus:before{content:"\e074"}.fa-envelope-circle-check:before{content:"\e4e8"}.fa-layer-group:before{content:"\f5fd"}.fa-arrows-to-dot:before{content:"\e4be"}.fa-archway:before{content:"\f557"}.fa-heart-circle-check:before{content:"\e4fd"}.fa-house-chimney-crack:before,.fa-house-damage:before{content:"\f6f1"}.fa-file-archive:before,.fa-file-zipper:before{content:"\f1c6"}.fa-square:before{content:"\f0c8"}.fa-glass-martini:before,.fa-martini-glass-empty:before{content:"\f000"}.fa-couch:before{content:"\f4b8"}.fa-cedi-sign:before{content:"\e0df"}.fa-italic:before{content:"\f033"}.fa-church:before{content:"\f51d"}.fa-comments-dollar:before{content:"\f653"}.fa-democrat:before{content:"\f747"}.fa-z:before{content:"\5a"}.fa-person-skiing:before,.fa-skiing:before{content:"\f7c9"}.fa-road-lock:before{content:"\e567"}.fa-a:before{content:"\41"}.fa-temperature-arrow-down:before,.fa-temperature-down:before{content:"\e03f"}.fa-feather-alt:before,.fa-feather-pointed:before{content:"\f56b"}.fa-p:before{content:"\50"}.fa-snowflake:before{content:"\f2dc"}.fa-newspaper:before{content:"\f1ea"}.fa-ad:before,.fa-rectangle-ad:before{content:"\f641"}.fa-arrow-circle-right:before,.fa-circle-arrow-right:before{content:"\f0a9"}.fa-filter-circle-xmark:before{content:"\e17b"}.fa-locust:before{content:"\e520"}.fa-sort:before,.fa-unsorted:before{content:"\f0dc"}.fa-list-1-2:before,.fa-list-numeric:before,.fa-list-ol:before{content:"\f0cb"}.fa-person-dress-burst:before{content:"\e544"}.fa-money-check-alt:before,.fa-money-check-dollar:before{content:"\f53d"}.fa-vector-square:before{content:"\f5cb"}.fa-bread-slice:before{content:"\f7ec"}.fa-language:before{content:"\f1ab"}.fa-face-kiss-wink-heart:before,.fa-kiss-wink-heart:before{content:"\f598"}.fa-filter:before{content:"\f0b0"}.fa-question:before{content:"\3f"}.fa-file-signature:before{content:"\f573"}.fa-arrows-alt:before,.fa-up-down-left-right:before{content:"\f0b2"}.fa-house-chimney-user:before{content:"\e065"}.fa-hand-holding-heart:before{content:"\f4be"}.fa-puzzle-piece:before{content:"\f12e"}.fa-money-check:before{content:"\f53c"}.fa-star-half-alt:before,.fa-star-half-stroke:before{content:"\f5c0"}.fa-code:before{content:"\f121"}.fa-glass-whiskey:before,.fa-whiskey-glass:before{content:"\f7a0"}.fa-building-circle-exclamation:before{content:"\e4d3"}.fa-magnifying-glass-chart:before{content:"\e522"}.fa-arrow-up-right-from-square:before,.fa-external-link:before{content:"\f08e"}.fa-cubes-stacked:before{content:"\e4e6"}.fa-krw:before,.fa-won-sign:before,.fa-won:before{content:"\f159"}.fa-virus-covid:before{content:"\e4a8"}.fa-austral-sign:before{content:"\e0a9"}.fa-f:before{content:"\46"}.fa-leaf:before{content:"\f06c"}.fa-road:before{content:"\f018"}.fa-cab:before,.fa-taxi:before{content:"\f1ba"}.fa-person-circle-plus:before{content:"\e541"}.fa-chart-pie:before,.fa-pie-chart:before{content:"\f200"}.fa-bolt-lightning:before{content:"\e0b7"}.fa-sack-xmark:before{content:"\e56a"}.fa-file-excel:before{content:"\f1c3"}.fa-file-contract:before{content:"\f56c"}.fa-fish-fins:before{content:"\e4f2"}.fa-building-flag:before{content:"\e4d5"}.fa-face-grin-beam:before,.fa-grin-beam:before{content:"\f582"}.fa-object-ungroup:before{content:"\f248"}.fa-poop:before{content:"\f619"}.fa-location-pin:before,.fa-map-marker:before{content:"\f041"}.fa-kaaba:before{content:"\f66b"}.fa-toilet-paper:before{content:"\f71e"}.fa-hard-hat:before,.fa-hat-hard:before,.fa-helmet-safety:before{content:"\f807"}.fa-eject:before{content:"\f052"}.fa-arrow-alt-circle-right:before,.fa-circle-right:before{content:"\f35a"}.fa-plane-circle-check:before{content:"\e555"}.fa-face-rolling-eyes:before,.fa-meh-rolling-eyes:before{content:"\f5a5"}.fa-object-group:before{content:"\f247"}.fa-chart-line:before,.fa-line-chart:before{content:"\f201"}.fa-mask-ventilator:before{content:"\e524"}.fa-arrow-right:before{content:"\f061"}.fa-map-signs:before,.fa-signs-post:before{content:"\f277"}.fa-cash-register:before{content:"\f788"}.fa-person-circle-question:before{content:"\e542"}.fa-h:before{content:"\48"}.fa-tarp:before{content:"\e57b"}.fa-screwdriver-wrench:before,.fa-tools:before{content:"\f7d9"}.fa-arrows-to-eye:before{content:"\e4bf"}.fa-plug-circle-bolt:before{content:"\e55b"}.fa-heart:before{content:"\f004"}.fa-mars-and-venus:before{content:"\f224"}.fa-home-user:before,.fa-house-user:before{content:"\e1b0"}.fa-dumpster-fire:before{content:"\f794"}.fa-house-crack:before{content:"\e3b1"}.fa-cocktail:before,.fa-martini-glass-citrus:before{content:"\f561"}.fa-face-surprise:before,.fa-surprise:before{content:"\f5c2"}.fa-bottle-water:before{content:"\e4c5"}.fa-circle-pause:before,.fa-pause-circle:before{content:"\f28b"}.fa-toilet-paper-slash:before{content:"\e072"}.fa-apple-alt:before,.fa-apple-whole:before{content:"\f5d1"}.fa-kitchen-set:before{content:"\e51a"}.fa-r:before{content:"\52"}.fa-temperature-1:before,.fa-temperature-quarter:before,.fa-thermometer-1:before,.fa-thermometer-quarter:before{content:"\f2ca"}.fa-cube:before{content:"\f1b2"}.fa-bitcoin-sign:before{content:"\e0b4"}.fa-shield-dog:before{content:"\e573"}.fa-solar-panel:before{content:"\f5ba"}.fa-lock-open:before{content:"\f3c1"}.fa-elevator:before{content:"\e16d"}.fa-money-bill-transfer:before{content:"\e528"}.fa-money-bill-trend-up:before{content:"\e529"}.fa-house-flood-water-circle-arrow-right:before{content:"\e50f"}.fa-poll-h:before,.fa-square-poll-horizontal:before{content:"\f682"}.fa-circle:before{content:"\f111"}.fa-backward-fast:before,.fa-fast-backward:before{content:"\f049"}.fa-recycle:before{content:"\f1b8"}.fa-user-astronaut:before{content:"\f4fb"}.fa-plane-slash:before{content:"\e069"}.fa-trademark:before{content:"\f25c"}.fa-basketball-ball:before,.fa-basketball:before{content:"\f434"}.fa-satellite-dish:before{content:"\f7c0"}.fa-arrow-alt-circle-up:before,.fa-circle-up:before{content:"\f35b"}.fa-mobile-alt:before,.fa-mobile-screen-button:before{content:"\f3cd"}.fa-volume-high:before,.fa-volume-up:before{content:"\f028"}.fa-users-rays:before{content:"\e593"}.fa-wallet:before{content:"\f555"}.fa-clipboard-check:before{content:"\f46c"}.fa-file-audio:before{content:"\f1c7"}.fa-burger:before,.fa-hamburger:before{content:"\f805"}.fa-wrench:before{content:"\f0ad"}.fa-bugs:before{content:"\e4d0"}.fa-rupee-sign:before,.fa-rupee:before{content:"\f156"}.fa-file-image:before{content:"\f1c5"}.fa-circle-question:before,.fa-question-circle:before{content:"\f059"}.fa-plane-departure:before{content:"\f5b0"}.fa-handshake-slash:before{content:"\e060"}.fa-book-bookmark:before{content:"\e0bb"}.fa-code-branch:before{content:"\f126"}.fa-hat-cowboy:before{content:"\f8c0"}.fa-bridge:before{content:"\e4c8"}.fa-phone-alt:before,.fa-phone-flip:before{content:"\f879"}.fa-truck-front:before{content:"\e2b7"}.fa-cat:before{content:"\f6be"}.fa-anchor-circle-exclamation:before{content:"\e4ab"}.fa-truck-field:before{content:"\e58d"}.fa-route:before{content:"\f4d7"}.fa-clipboard-question:before{content:"\e4e3"}.fa-panorama:before{content:"\e209"}.fa-comment-medical:before{content:"\f7f5"}.fa-teeth-open:before{content:"\f62f"}.fa-file-circle-minus:before{content:"\e4ed"}.fa-tags:before{content:"\f02c"}.fa-wine-glass:before{content:"\f4e3"}.fa-fast-forward:before,.fa-forward-fast:before{content:"\f050"}.fa-face-meh-blank:before,.fa-meh-blank:before{content:"\f5a4"}.fa-parking:before,.fa-square-parking:before{content:"\f540"}.fa-house-signal:before{content:"\e012"}.fa-bars-progress:before,.fa-tasks-alt:before{content:"\f828"}.fa-faucet-drip:before{content:"\e006"}.fa-cart-flatbed:before,.fa-dolly-flatbed:before{content:"\f474"}.fa-ban-smoking:before,.fa-smoking-ban:before{content:"\f54d"}.fa-terminal:before{content:"\f120"}.fa-mobile-button:before{content:"\f10b"}.fa-house-medical-flag:before{content:"\e514"}.fa-basket-shopping:before,.fa-shopping-basket:before{content:"\f291"}.fa-tape:before{content:"\f4db"}.fa-bus-alt:before,.fa-bus-simple:before{content:"\f55e"}.fa-eye:before{content:"\f06e"}.fa-face-sad-cry:before,.fa-sad-cry:before{content:"\f5b3"}.fa-audio-description:before{content:"\f29e"}.fa-person-military-to-person:before{content:"\e54c"}.fa-file-shield:before{content:"\e4f0"}.fa-user-slash:before{content:"\f506"}.fa-pen:before{content:"\f304"}.fa-tower-observation:before{content:"\e586"}.fa-file-code:before{content:"\f1c9"}.fa-signal-5:before,.fa-signal-perfect:before,.fa-signal:before{content:"\f012"}.fa-bus:before{content:"\f207"}.fa-heart-circle-xmark:before{content:"\e501"}.fa-home-lg:before,.fa-house-chimney:before{content:"\e3af"}.fa-window-maximize:before{content:"\f2d0"}.fa-face-frown:before,.fa-frown:before{content:"\f119"}.fa-prescription:before{content:"\f5b1"}.fa-shop:before,.fa-store-alt:before{content:"\f54f"}.fa-floppy-disk:before,.fa-save:before{content:"\f0c7"}.fa-vihara:before{content:"\f6a7"}.fa-balance-scale-left:before,.fa-scale-unbalanced:before{content:"\f515"}.fa-sort-asc:before,.fa-sort-up:before{content:"\f0de"}.fa-comment-dots:before,.fa-commenting:before{content:"\f4ad"}.fa-plant-wilt:before{content:"\e5aa"}.fa-diamond:before{content:"\f219"}.fa-face-grin-squint:before,.fa-grin-squint:before{content:"\f585"}.fa-hand-holding-dollar:before,.fa-hand-holding-usd:before{content:"\f4c0"}.fa-bacterium:before{content:"\e05a"}.fa-hand-pointer:before{content:"\f25a"}.fa-drum-steelpan:before{content:"\f56a"}.fa-hand-scissors:before{content:"\f257"}.fa-hands-praying:before,.fa-praying-hands:before{content:"\f684"}.fa-arrow-right-rotate:before,.fa-arrow-rotate-forward:before,.fa-arrow-rotate-right:before,.fa-redo:before{content:"\f01e"}.fa-biohazard:before{content:"\f780"}.fa-location-crosshairs:before,.fa-location:before{content:"\f601"}.fa-mars-double:before{content:"\f227"}.fa-child-dress:before{content:"\e59c"}.fa-users-between-lines:before{content:"\e591"}.fa-lungs-virus:before{content:"\e067"}.fa-face-grin-tears:before,.fa-grin-tears:before{content:"\f588"}.fa-phone:before{content:"\f095"}.fa-calendar-times:before,.fa-calendar-xmark:before{content:"\f273"}.fa-child-reaching:before{content:"\e59d"}.fa-head-side-virus:before{content:"\e064"}.fa-user-cog:before,.fa-user-gear:before{content:"\f4fe"}.fa-arrow-up-1-9:before,.fa-sort-numeric-up:before{content:"\f163"}.fa-door-closed:before{content:"\f52a"}.fa-shield-virus:before{content:"\e06c"}.fa-dice-six:before{content:"\f526"}.fa-mosquito-net:before{content:"\e52c"}.fa-bridge-water:before{content:"\e4ce"}.fa-person-booth:before{content:"\f756"}.fa-text-width:before{content:"\f035"}.fa-hat-wizard:before{content:"\f6e8"}.fa-pen-fancy:before{content:"\f5ac"}.fa-digging:before,.fa-person-digging:before{content:"\f85e"}.fa-trash:before{content:"\f1f8"}.fa-gauge-simple-med:before,.fa-gauge-simple:before,.fa-tachometer-average:before{content:"\f629"}.fa-book-medical:before{content:"\f7e6"}.fa-poo:before{content:"\f2fe"}.fa-quote-right-alt:before,.fa-quote-right:before{content:"\f10e"}.fa-shirt:before,.fa-t-shirt:before,.fa-tshirt:before{content:"\f553"}.fa-cubes:before{content:"\f1b3"}.fa-divide:before{content:"\f529"}.fa-tenge-sign:before,.fa-tenge:before{content:"\f7d7"}.fa-headphones:before{content:"\f025"}.fa-hands-holding:before{content:"\f4c2"}.fa-hands-clapping:before{content:"\e1a8"}.fa-republican:before{content:"\f75e"}.fa-arrow-left:before{content:"\f060"}.fa-person-circle-xmark:before{content:"\e543"}.fa-ruler:before{content:"\f545"}.fa-align-left:before{content:"\f036"}.fa-dice-d6:before{content:"\f6d1"}.fa-restroom:before{content:"\f7bd"}.fa-j:before{content:"\4a"}.fa-users-viewfinder:before{content:"\e595"}.fa-file-video:before{content:"\f1c8"}.fa-external-link-alt:before,.fa-up-right-from-square:before{content:"\f35d"}.fa-table-cells:before,.fa-th:before{content:"\f00a"}.fa-file-pdf:before{content:"\f1c1"}.fa-bible:before,.fa-book-bible:before{content:"\f647"}.fa-o:before{content:"\4f"}.fa-medkit:before,.fa-suitcase-medical:before{content:"\f0fa"}.fa-user-secret:before{content:"\f21b"}.fa-otter:before{content:"\f700"}.fa-female:before,.fa-person-dress:before{content:"\f182"}.fa-comment-dollar:before{content:"\f651"}.fa-briefcase-clock:before,.fa-business-time:before{content:"\f64a"}.fa-table-cells-large:before,.fa-th-large:before{content:"\f009"}.fa-book-tanakh:before,.fa-tanakh:before{content:"\f827"}.fa-phone-volume:before,.fa-volume-control-phone:before{content:"\f2a0"}.fa-hat-cowboy-side:before{content:"\f8c1"}.fa-clipboard-user:before{content:"\f7f3"}.fa-child:before{content:"\f1ae"}.fa-lira-sign:before{content:"\f195"}.fa-satellite:before{content:"\f7bf"}.fa-plane-lock:before{content:"\e558"}.fa-tag:before{content:"\f02b"}.fa-comment:before{content:"\f075"}.fa-birthday-cake:before,.fa-cake-candles:before,.fa-cake:before{content:"\f1fd"}.fa-envelope:before{content:"\f0e0"}.fa-angle-double-up:before,.fa-angles-up:before{content:"\f102"}.fa-paperclip:before{content:"\f0c6"}.fa-arrow-right-to-city:before{content:"\e4b3"}.fa-ribbon:before{content:"\f4d6"}.fa-lungs:before{content:"\f604"}.fa-arrow-up-9-1:before,.fa-sort-numeric-up-alt:before{content:"\f887"}.fa-litecoin-sign:before{content:"\e1d3"}.fa-border-none:before{content:"\f850"}.fa-circle-nodes:before{content:"\e4e2"}.fa-parachute-box:before{content:"\f4cd"}.fa-indent:before{content:"\f03c"}.fa-truck-field-un:before{content:"\e58e"}.fa-hourglass-empty:before,.fa-hourglass:before{content:"\f254"}.fa-mountain:before{content:"\f6fc"}.fa-user-doctor:before,.fa-user-md:before{content:"\f0f0"}.fa-circle-info:before,.fa-info-circle:before{content:"\f05a"}.fa-cloud-meatball:before{content:"\f73b"}.fa-camera-alt:before,.fa-camera:before{content:"\f030"}.fa-square-virus:before{content:"\e578"}.fa-meteor:before{content:"\f753"}.fa-car-on:before{content:"\e4dd"}.fa-sleigh:before{content:"\f7cc"}.fa-arrow-down-1-9:before,.fa-sort-numeric-asc:before,.fa-sort-numeric-down:before{content:"\f162"}.fa-hand-holding-droplet:before,.fa-hand-holding-water:before{content:"\f4c1"}.fa-water:before{content:"\f773"}.fa-calendar-check:before{content:"\f274"}.fa-braille:before{content:"\f2a1"}.fa-prescription-bottle-alt:before,.fa-prescription-bottle-medical:before{content:"\f486"}.fa-landmark:before{content:"\f66f"}.fa-truck:before{content:"\f0d1"}.fa-crosshairs:before{content:"\f05b"}.fa-person-cane:before{content:"\e53c"}.fa-tent:before{content:"\e57d"}.fa-vest-patches:before{content:"\e086"}.fa-check-double:before{content:"\f560"}.fa-arrow-down-a-z:before,.fa-sort-alpha-asc:before,.fa-sort-alpha-down:before{content:"\f15d"}.fa-money-bill-wheat:before{content:"\e52a"}.fa-cookie:before{content:"\f563"}.fa-arrow-left-rotate:before,.fa-arrow-rotate-back:before,.fa-arrow-rotate-backward:before,.fa-arrow-rotate-left:before,.fa-undo:before{content:"\f0e2"}.fa-hard-drive:before,.fa-hdd:before{content:"\f0a0"}.fa-face-grin-squint-tears:before,.fa-grin-squint-tears:before{content:"\f586"}.fa-dumbbell:before{content:"\f44b"}.fa-list-alt:before,.fa-rectangle-list:before{content:"\f022"}.fa-tarp-droplet:before{content:"\e57c"}.fa-house-medical-circle-check:before{content:"\e511"}.fa-person-skiing-nordic:before,.fa-skiing-nordic:before{content:"\f7ca"}.fa-calendar-plus:before{content:"\f271"}.fa-plane-arrival:before{content:"\f5af"}.fa-arrow-alt-circle-left:before,.fa-circle-left:before{content:"\f359"}.fa-subway:before,.fa-train-subway:before{content:"\f239"}.fa-chart-gantt:before{content:"\e0e4"}.fa-indian-rupee-sign:before,.fa-indian-rupee:before,.fa-inr:before{content:"\e1bc"}.fa-crop-alt:before,.fa-crop-simple:before{content:"\f565"}.fa-money-bill-1:before,.fa-money-bill-alt:before{content:"\f3d1"}.fa-left-long:before,.fa-long-arrow-alt-left:before{content:"\f30a"}.fa-dna:before{content:"\f471"}.fa-virus-slash:before{content:"\e075"}.fa-minus:before,.fa-subtract:before{content:"\f068"}.fa-chess:before{content:"\f439"}.fa-arrow-left-long:before,.fa-long-arrow-left:before{content:"\f177"}.fa-plug-circle-check:before{content:"\e55c"}.fa-street-view:before{content:"\f21d"}.fa-franc-sign:before{content:"\e18f"}.fa-volume-off:before{content:"\f026"}.fa-american-sign-language-interpreting:before,.fa-asl-interpreting:before,.fa-hands-american-sign-language-interpreting:before,.fa-hands-asl-interpreting:before{content:"\f2a3"}.fa-cog:before,.fa-gear:before{content:"\f013"}.fa-droplet-slash:before,.fa-tint-slash:before{content:"\f5c7"}.fa-mosque:before{content:"\f678"}.fa-mosquito:before{content:"\e52b"}.fa-star-of-david:before{content:"\f69a"}.fa-person-military-rifle:before{content:"\e54b"}.fa-cart-shopping:before,.fa-shopping-cart:before{content:"\f07a"}.fa-vials:before{content:"\f493"}.fa-plug-circle-plus:before{content:"\e55f"}.fa-place-of-worship:before{content:"\f67f"}.fa-grip-vertical:before{content:"\f58e"}.fa-arrow-turn-up:before,.fa-level-up:before{content:"\f148"}.fa-u:before{content:"\55"}.fa-square-root-alt:before,.fa-square-root-variable:before{content:"\f698"}.fa-clock-four:before,.fa-clock:before{content:"\f017"}.fa-backward-step:before,.fa-step-backward:before{content:"\f048"}.fa-pallet:before{content:"\f482"}.fa-faucet:before{content:"\e005"}.fa-baseball-bat-ball:before{content:"\f432"}.fa-s:before{content:"\53"}.fa-timeline:before{content:"\e29c"}.fa-keyboard:before{content:"\f11c"}.fa-caret-down:before{content:"\f0d7"}.fa-clinic-medical:before,.fa-house-chimney-medical:before{content:"\f7f2"}.fa-temperature-3:before,.fa-temperature-three-quarters:before,.fa-thermometer-3:before,.fa-thermometer-three-quarters:before{content:"\f2c8"}.fa-mobile-android-alt:before,.fa-mobile-screen:before{content:"\f3cf"}.fa-plane-up:before{content:"\e22d"}.fa-piggy-bank:before{content:"\f4d3"}.fa-battery-3:before,.fa-battery-half:before{content:"\f242"}.fa-mountain-city:before{content:"\e52e"}.fa-coins:before{content:"\f51e"}.fa-khanda:before{content:"\f66d"}.fa-sliders-h:before,.fa-sliders:before{content:"\f1de"}.fa-folder-tree:before{content:"\f802"}.fa-network-wired:before{content:"\f6ff"}.fa-map-pin:before{content:"\f276"}.fa-hamsa:before{content:"\f665"}.fa-cent-sign:before{content:"\e3f5"}.fa-flask:before{content:"\f0c3"}.fa-person-pregnant:before{content:"\e31e"}.fa-wand-sparkles:before{content:"\f72b"}.fa-ellipsis-v:before,.fa-ellipsis-vertical:before{content:"\f142"}.fa-ticket:before{content:"\f145"}.fa-power-off:before{content:"\f011"}.fa-long-arrow-alt-right:before,.fa-right-long:before{content:"\f30b"}.fa-flag-usa:before{content:"\f74d"}.fa-laptop-file:before{content:"\e51d"}.fa-teletype:before,.fa-tty:before{content:"\f1e4"}.fa-diagram-next:before{content:"\e476"}.fa-person-rifle:before{content:"\e54e"}.fa-house-medical-circle-exclamation:before{content:"\e512"}.fa-closed-captioning:before{content:"\f20a"}.fa-hiking:before,.fa-person-hiking:before{content:"\f6ec"}.fa-venus-double:before{content:"\f226"}.fa-images:before{content:"\f302"}.fa-calculator:before{content:"\f1ec"}.fa-people-pulling:before{content:"\e535"}.fa-n:before{content:"\4e"}.fa-cable-car:before,.fa-tram:before{content:"\f7da"}.fa-cloud-rain:before{content:"\f73d"}.fa-building-circle-xmark:before{content:"\e4d4"}.fa-ship:before{content:"\f21a"}.fa-arrows-down-to-line:before{content:"\e4b8"}.fa-download:before{content:"\f019"}.fa-face-grin:before,.fa-grin:before{content:"\f580"}.fa-backspace:before,.fa-delete-left:before{content:"\f55a"}.fa-eye-dropper-empty:before,.fa-eye-dropper:before,.fa-eyedropper:before{content:"\f1fb"}.fa-file-circle-check:before{content:"\e5a0"}.fa-forward:before{content:"\f04e"}.fa-mobile-android:before,.fa-mobile-phone:before,.fa-mobile:before{content:"\f3ce"}.fa-face-meh:before,.fa-meh:before{content:"\f11a"}.fa-align-center:before{content:"\f037"}.fa-book-dead:before,.fa-book-skull:before{content:"\f6b7"}.fa-drivers-license:before,.fa-id-card:before{content:"\f2c2"}.fa-dedent:before,.fa-outdent:before{content:"\f03b"}.fa-heart-circle-exclamation:before{content:"\e4fe"}.fa-home-alt:before,.fa-home-lg-alt:before,.fa-home:before,.fa-house:before{content:"\f015"}.fa-calendar-week:before{content:"\f784"}.fa-laptop-medical:before{content:"\f812"}.fa-b:before{content:"\42"}.fa-file-medical:before{content:"\f477"}.fa-dice-one:before{content:"\f525"}.fa-kiwi-bird:before{content:"\f535"}.fa-arrow-right-arrow-left:before,.fa-exchange:before{content:"\f0ec"}.fa-redo-alt:before,.fa-rotate-forward:before,.fa-rotate-right:before{content:"\f2f9"}.fa-cutlery:before,.fa-utensils:before{content:"\f2e7"}.fa-arrow-up-wide-short:before,.fa-sort-amount-up:before{content:"\f161"}.fa-mill-sign:before{content:"\e1ed"}.fa-bowl-rice:before{content:"\e2eb"}.fa-skull:before{content:"\f54c"}.fa-broadcast-tower:before,.fa-tower-broadcast:before{content:"\f519"}.fa-truck-pickup:before{content:"\f63c"}.fa-long-arrow-alt-up:before,.fa-up-long:before{content:"\f30c"}.fa-stop:before{content:"\f04d"}.fa-code-merge:before{content:"\f387"}.fa-upload:before{content:"\f093"}.fa-hurricane:before{content:"\f751"}.fa-mound:before{content:"\e52d"}.fa-toilet-portable:before{content:"\e583"}.fa-compact-disc:before{content:"\f51f"}.fa-file-arrow-down:before,.fa-file-download:before{content:"\f56d"}.fa-caravan:before{content:"\f8ff"}.fa-shield-cat:before{content:"\e572"}.fa-bolt:before,.fa-zap:before{content:"\f0e7"}.fa-glass-water:before{content:"\e4f4"}.fa-oil-well:before{content:"\e532"}.fa-vault:before{content:"\e2c5"}.fa-mars:before{content:"\f222"}.fa-toilet:before{content:"\f7d8"}.fa-plane-circle-xmark:before{content:"\e557"}.fa-cny:before,.fa-jpy:before,.fa-rmb:before,.fa-yen-sign:before,.fa-yen:before{content:"\f157"}.fa-rouble:before,.fa-rub:before,.fa-ruble-sign:before,.fa-ruble:before{content:"\f158"}.fa-sun:before{content:"\f185"}.fa-guitar:before{content:"\f7a6"}.fa-face-laugh-wink:before,.fa-laugh-wink:before{content:"\f59c"}.fa-horse-head:before{content:"\f7ab"}.fa-bore-hole:before{content:"\e4c3"}.fa-industry:before{content:"\f275"}.fa-arrow-alt-circle-down:before,.fa-circle-down:before{content:"\f358"}.fa-arrows-turn-to-dots:before{content:"\e4c1"}.fa-florin-sign:before{content:"\e184"}.fa-arrow-down-short-wide:before,.fa-sort-amount-desc:before,.fa-sort-amount-down-alt:before{content:"\f884"}.fa-less-than:before{content:"\3c"}.fa-angle-down:before{content:"\f107"}.fa-car-tunnel:before{content:"\e4de"}.fa-head-side-cough:before{content:"\e061"}.fa-grip-lines:before{content:"\f7a4"}.fa-thumbs-down:before{content:"\f165"}.fa-user-lock:before{content:"\f502"}.fa-arrow-right-long:before,.fa-long-arrow-right:before{content:"\f178"}.fa-anchor-circle-xmark:before{content:"\e4ac"}.fa-ellipsis-h:before,.fa-ellipsis:before{content:"\f141"}.fa-chess-pawn:before{content:"\f443"}.fa-first-aid:before,.fa-kit-medical:before{content:"\f479"}.fa-person-through-window:before{content:"\e5a9"}.fa-toolbox:before{content:"\f552"}.fa-hands-holding-circle:before{content:"\e4fb"}.fa-bug:before{content:"\f188"}.fa-credit-card-alt:before,.fa-credit-card:before{content:"\f09d"}.fa-automobile:before,.fa-car:before{content:"\f1b9"}.fa-hand-holding-hand:before{content:"\e4f7"}.fa-book-open-reader:before,.fa-book-reader:before{content:"\f5da"}.fa-mountain-sun:before{content:"\e52f"}.fa-arrows-left-right-to-line:before{content:"\e4ba"}.fa-dice-d20:before{content:"\f6cf"}.fa-truck-droplet:before{content:"\e58c"}.fa-file-circle-xmark:before{content:"\e5a1"}.fa-temperature-arrow-up:before,.fa-temperature-up:before{content:"\e040"}.fa-medal:before{content:"\f5a2"}.fa-bed:before{content:"\f236"}.fa-h-square:before,.fa-square-h:before{content:"\f0fd"}.fa-podcast:before{content:"\f2ce"}.fa-temperature-4:before,.fa-temperature-full:before,.fa-thermometer-4:before,.fa-thermometer-full:before{content:"\f2c7"}.fa-bell:before{content:"\f0f3"}.fa-superscript:before{content:"\f12b"}.fa-plug-circle-xmark:before{content:"\e560"}.fa-star-of-life:before{content:"\f621"}.fa-phone-slash:before{content:"\f3dd"}.fa-paint-roller:before{content:"\f5aa"}.fa-hands-helping:before,.fa-handshake-angle:before{content:"\f4c4"}.fa-location-dot:before,.fa-map-marker-alt:before{content:"\f3c5"}.fa-file:before{content:"\f15b"}.fa-greater-than:before{content:"\3e"}.fa-person-swimming:before,.fa-swimmer:before{content:"\f5c4"}.fa-arrow-down:before{content:"\f063"}.fa-droplet:before,.fa-tint:before{content:"\f043"}.fa-eraser:before{content:"\f12d"}.fa-earth-america:before,.fa-earth-americas:before,.fa-earth:before,.fa-globe-americas:before{content:"\f57d"}.fa-person-burst:before{content:"\e53b"}.fa-dove:before{content:"\f4ba"}.fa-battery-0:before,.fa-battery-empty:before{content:"\f244"}.fa-socks:before{content:"\f696"}.fa-inbox:before{content:"\f01c"}.fa-section:before{content:"\e447"}.fa-gauge-high:before,.fa-tachometer-alt-fast:before,.fa-tachometer-alt:before{content:"\f625"}.fa-envelope-open-text:before{content:"\f658"}.fa-hospital-alt:before,.fa-hospital-wide:before,.fa-hospital:before{content:"\f0f8"}.fa-wine-bottle:before{content:"\f72f"}.fa-chess-rook:before{content:"\f447"}.fa-bars-staggered:before,.fa-reorder:before,.fa-stream:before{content:"\f550"}.fa-dharmachakra:before{content:"\f655"}.fa-hotdog:before{content:"\f80f"}.fa-blind:before,.fa-person-walking-with-cane:before{content:"\f29d"}.fa-drum:before{content:"\f569"}.fa-ice-cream:before{content:"\f810"}.fa-heart-circle-bolt:before{content:"\e4fc"}.fa-fax:before{content:"\f1ac"}.fa-paragraph:before{content:"\f1dd"}.fa-check-to-slot:before,.fa-vote-yea:before{content:"\f772"}.fa-star-half:before{content:"\f089"}.fa-boxes-alt:before,.fa-boxes-stacked:before,.fa-boxes:before{content:"\f468"}.fa-chain:before,.fa-link:before{content:"\f0c1"}.fa-assistive-listening-systems:before,.fa-ear-listen:before{content:"\f2a2"}.fa-tree-city:before{content:"\e587"}.fa-play:before{content:"\f04b"}.fa-font:before{content:"\f031"}.fa-rupiah-sign:before{content:"\e23d"}.fa-magnifying-glass:before,.fa-search:before{content:"\f002"}.fa-ping-pong-paddle-ball:before,.fa-table-tennis-paddle-ball:before,.fa-table-tennis:before{content:"\f45d"}.fa-diagnoses:before,.fa-person-dots-from-line:before{content:"\f470"}.fa-trash-can-arrow-up:before,.fa-trash-restore-alt:before{content:"\f82a"}.fa-naira-sign:before{content:"\e1f6"}.fa-cart-arrow-down:before{content:"\f218"}.fa-walkie-talkie:before{content:"\f8ef"}.fa-file-edit:before,.fa-file-pen:before{content:"\f31c"}.fa-receipt:before{content:"\f543"}.fa-pen-square:before,.fa-pencil-square:before,.fa-square-pen:before{content:"\f14b"}.fa-suitcase-rolling:before{content:"\f5c1"}.fa-person-circle-exclamation:before{content:"\e53f"}.fa-chevron-down:before{content:"\f078"}.fa-battery-5:before,.fa-battery-full:before,.fa-battery:before{content:"\f240"}.fa-skull-crossbones:before{content:"\f714"}.fa-code-compare:before{content:"\e13a"}.fa-list-dots:before,.fa-list-ul:before{content:"\f0ca"}.fa-school-lock:before{content:"\e56f"}.fa-tower-cell:before{content:"\e585"}.fa-down-long:before,.fa-long-arrow-alt-down:before{content:"\f309"}.fa-ranking-star:before{content:"\e561"}.fa-chess-king:before{content:"\f43f"}.fa-person-harassing:before{content:"\e549"}.fa-brazilian-real-sign:before{content:"\e46c"}.fa-landmark-alt:before,.fa-landmark-dome:before{content:"\f752"}.fa-arrow-up:before{content:"\f062"}.fa-television:before,.fa-tv-alt:before,.fa-tv:before{content:"\f26c"}.fa-shrimp:before{content:"\e448"}.fa-list-check:before,.fa-tasks:before{content:"\f0ae"}.fa-jug-detergent:before{content:"\e519"}.fa-circle-user:before,.fa-user-circle:before{content:"\f2bd"}.fa-user-shield:before{content:"\f505"}.fa-wind:before{content:"\f72e"}.fa-car-burst:before,.fa-car-crash:before{content:"\f5e1"}.fa-y:before{content:"\59"}.fa-person-snowboarding:before,.fa-snowboarding:before{content:"\f7ce"}.fa-shipping-fast:before,.fa-truck-fast:before{content:"\f48b"}.fa-fish:before{content:"\f578"}.fa-user-graduate:before{content:"\f501"}.fa-adjust:before,.fa-circle-half-stroke:before{content:"\f042"}.fa-clapperboard:before{content:"\e131"}.fa-circle-radiation:before,.fa-radiation-alt:before{content:"\f7ba"}.fa-baseball-ball:before,.fa-baseball:before{content:"\f433"}.fa-jet-fighter-up:before{content:"\e518"}.fa-diagram-project:before,.fa-project-diagram:before{content:"\f542"}.fa-copy:before{content:"\f0c5"}.fa-volume-mute:before,.fa-volume-times:before,.fa-volume-xmark:before{content:"\f6a9"}.fa-hand-sparkles:before{content:"\e05d"}.fa-grip-horizontal:before,.fa-grip:before{content:"\f58d"}.fa-share-from-square:before,.fa-share-square:before{content:"\f14d"}.fa-child-combatant:before,.fa-child-rifle:before{content:"\e4e0"}.fa-gun:before{content:"\e19b"}.fa-phone-square:before,.fa-square-phone:before{content:"\f098"}.fa-add:before,.fa-plus:before{content:"\2b"}.fa-expand:before{content:"\f065"}.fa-computer:before{content:"\e4e5"}.fa-close:before,.fa-multiply:before,.fa-remove:before,.fa-times:before,.fa-xmark:before{content:"\f00d"}.fa-arrows-up-down-left-right:before,.fa-arrows:before{content:"\f047"}.fa-chalkboard-teacher:before,.fa-chalkboard-user:before{content:"\f51c"}.fa-peso-sign:before{content:"\e222"}.fa-building-shield:before{content:"\e4d8"}.fa-baby:before{content:"\f77c"}.fa-users-line:before{content:"\e592"}.fa-quote-left-alt:before,.fa-quote-left:before{content:"\f10d"}.fa-tractor:before{content:"\f722"}.fa-trash-arrow-up:before,.fa-trash-restore:before{content:"\f829"}.fa-arrow-down-up-lock:before{content:"\e4b0"}.fa-lines-leaning:before{content:"\e51e"}.fa-ruler-combined:before{content:"\f546"}.fa-copyright:before{content:"\f1f9"}.fa-equals:before{content:"\3d"}.fa-blender:before{content:"\f517"}.fa-teeth:before{content:"\f62e"}.fa-ils:before,.fa-shekel-sign:before,.fa-shekel:before,.fa-sheqel-sign:before,.fa-sheqel:before{content:"\f20b"}.fa-map:before{content:"\f279"}.fa-rocket:before{content:"\f135"}.fa-photo-film:before,.fa-photo-video:before{content:"\f87c"}.fa-folder-minus:before{content:"\f65d"}.fa-store:before{content:"\f54e"}.fa-arrow-trend-up:before{content:"\e098"}.fa-plug-circle-minus:before{content:"\e55e"}.fa-sign-hanging:before,.fa-sign:before{content:"\f4d9"}.fa-bezier-curve:before{content:"\f55b"}.fa-bell-slash:before{content:"\f1f6"}.fa-tablet-android:before,.fa-tablet:before{content:"\f3fb"}.fa-school-flag:before{content:"\e56e"}.fa-fill:before{content:"\f575"}.fa-angle-up:before{content:"\f106"}.fa-drumstick-bite:before{content:"\f6d7"}.fa-holly-berry:before{content:"\f7aa"}.fa-chevron-left:before{content:"\f053"}.fa-bacteria:before{content:"\e059"}.fa-hand-lizard:before{content:"\f258"}.fa-notdef:before{content:"\e1fe"}.fa-disease:before{content:"\f7fa"}.fa-briefcase-medical:before{content:"\f469"}.fa-genderless:before{content:"\f22d"}.fa-chevron-right:before{content:"\f054"}.fa-retweet:before{content:"\f079"}.fa-car-alt:before,.fa-car-rear:before{content:"\f5de"}.fa-pump-soap:before{content:"\e06b"}.fa-video-slash:before{content:"\f4e2"}.fa-battery-2:before,.fa-battery-quarter:before{content:"\f243"}.fa-radio:before{content:"\f8d7"}.fa-baby-carriage:before,.fa-carriage-baby:before{content:"\f77d"}.fa-traffic-light:before{content:"\f637"}.fa-thermometer:before{content:"\f491"}.fa-vr-cardboard:before{content:"\f729"}.fa-hand-middle-finger:before{content:"\f806"}.fa-percent:before,.fa-percentage:before{content:"\25"}.fa-truck-moving:before{content:"\f4df"}.fa-glass-water-droplet:before{content:"\e4f5"}.fa-display:before{content:"\e163"}.fa-face-smile:before,.fa-smile:before{content:"\f118"}.fa-thumb-tack:before,.fa-thumbtack:before{content:"\f08d"}.fa-trophy:before{content:"\f091"}.fa-person-praying:before,.fa-pray:before{content:"\f683"}.fa-hammer:before{content:"\f6e3"}.fa-hand-peace:before{content:"\f25b"}.fa-rotate:before,.fa-sync-alt:before{content:"\f2f1"}.fa-spinner:before{content:"\f110"}.fa-robot:before{content:"\f544"}.fa-peace:before{content:"\f67c"}.fa-cogs:before,.fa-gears:before{content:"\f085"}.fa-warehouse:before{content:"\f494"}.fa-arrow-up-right-dots:before{content:"\e4b7"}.fa-splotch:before{content:"\f5bc"}.fa-face-grin-hearts:before,.fa-grin-hearts:before{content:"\f584"}.fa-dice-four:before{content:"\f524"}.fa-sim-card:before{content:"\f7c4"}.fa-transgender-alt:before,.fa-transgender:before{content:"\f225"}.fa-mercury:before{content:"\f223"}.fa-arrow-turn-down:before,.fa-level-down:before{content:"\f149"}.fa-person-falling-burst:before{content:"\e547"}.fa-award:before{content:"\f559"}.fa-ticket-alt:before,.fa-ticket-simple:before{content:"\f3ff"}.fa-building:before{content:"\f1ad"}.fa-angle-double-left:before,.fa-angles-left:before{content:"\f100"}.fa-qrcode:before{content:"\f029"}.fa-clock-rotate-left:before,.fa-history:before{content:"\f1da"}.fa-face-grin-beam-sweat:before,.fa-grin-beam-sweat:before{content:"\f583"}.fa-arrow-right-from-file:before,.fa-file-export:before{content:"\f56e"}.fa-shield-blank:before,.fa-shield:before{content:"\f132"}.fa-arrow-up-short-wide:before,.fa-sort-amount-up-alt:before{content:"\f885"}.fa-house-medical:before{content:"\e3b2"}.fa-golf-ball-tee:before,.fa-golf-ball:before{content:"\f450"}.fa-chevron-circle-left:before,.fa-circle-chevron-left:before{content:"\f137"}.fa-house-chimney-window:before{content:"\e00d"}.fa-pen-nib:before{content:"\f5ad"}.fa-tent-arrow-turn-left:before{content:"\e580"}.fa-tents:before{content:"\e582"}.fa-magic:before,.fa-wand-magic:before{content:"\f0d0"}.fa-dog:before{content:"\f6d3"}.fa-carrot:before{content:"\f787"}.fa-moon:before{content:"\f186"}.fa-wine-glass-alt:before,.fa-wine-glass-empty:before{content:"\f5ce"}.fa-cheese:before{content:"\f7ef"}.fa-yin-yang:before{content:"\f6ad"}.fa-music:before{content:"\f001"}.fa-code-commit:before{content:"\f386"}.fa-temperature-low:before{content:"\f76b"}.fa-biking:before,.fa-person-biking:before{content:"\f84a"}.fa-broom:before{content:"\f51a"}.fa-shield-heart:before{content:"\e574"}.fa-gopuram:before{content:"\f664"}.fa-earth-oceania:before,.fa-globe-oceania:before{content:"\e47b"}.fa-square-xmark:before,.fa-times-square:before,.fa-xmark-square:before{content:"\f2d3"}.fa-hashtag:before{content:"\23"}.fa-expand-alt:before,.fa-up-right-and-down-left-from-center:before{content:"\f424"}.fa-oil-can:before{content:"\f613"}.fa-t:before{content:"\54"}.fa-hippo:before{content:"\f6ed"}.fa-chart-column:before{content:"\e0e3"}.fa-infinity:before{content:"\f534"}.fa-vial-circle-check:before{content:"\e596"}.fa-person-arrow-down-to-line:before{content:"\e538"}.fa-voicemail:before{content:"\f897"}.fa-fan:before{content:"\f863"}.fa-person-walking-luggage:before{content:"\e554"}.fa-arrows-alt-v:before,.fa-up-down:before{content:"\f338"}.fa-cloud-moon-rain:before{content:"\f73c"}.fa-calendar:before{content:"\f133"}.fa-trailer:before{content:"\e041"}.fa-bahai:before,.fa-haykal:before{content:"\f666"}.fa-sd-card:before{content:"\f7c2"}.fa-dragon:before{content:"\f6d5"}.fa-shoe-prints:before{content:"\f54b"}.fa-circle-plus:before,.fa-plus-circle:before{content:"\f055"}.fa-face-grin-tongue-wink:before,.fa-grin-tongue-wink:before{content:"\f58b"}.fa-hand-holding:before{content:"\f4bd"}.fa-plug-circle-exclamation:before{content:"\e55d"}.fa-chain-broken:before,.fa-chain-slash:before,.fa-link-slash:before,.fa-unlink:before{content:"\f127"}.fa-clone:before{content:"\f24d"}.fa-person-walking-arrow-loop-left:before{content:"\e551"}.fa-arrow-up-z-a:before,.fa-sort-alpha-up-alt:before{content:"\f882"}.fa-fire-alt:before,.fa-fire-flame-curved:before{content:"\f7e4"}.fa-tornado:before{content:"\f76f"}.fa-file-circle-plus:before{content:"\e494"}.fa-book-quran:before,.fa-quran:before{content:"\f687"}.fa-anchor:before{content:"\f13d"}.fa-border-all:before{content:"\f84c"}.fa-angry:before,.fa-face-angry:before{content:"\f556"}.fa-cookie-bite:before{content:"\f564"}.fa-arrow-trend-down:before{content:"\e097"}.fa-feed:before,.fa-rss:before{content:"\f09e"}.fa-draw-polygon:before{content:"\f5ee"}.fa-balance-scale:before,.fa-scale-balanced:before{content:"\f24e"}.fa-gauge-simple-high:before,.fa-tachometer-fast:before,.fa-tachometer:before{content:"\f62a"}.fa-shower:before{content:"\f2cc"}.fa-desktop-alt:before,.fa-desktop:before{content:"\f390"}.fa-m:before{content:"\4d"}.fa-table-list:before,.fa-th-list:before{content:"\f00b"}.fa-comment-sms:before,.fa-sms:before{content:"\f7cd"}.fa-book:before{content:"\f02d"}.fa-user-plus:before{content:"\f234"}.fa-check:before{content:"\f00c"}.fa-battery-4:before,.fa-battery-three-quarters:before{content:"\f241"}.fa-house-circle-check:before{content:"\e509"}.fa-angle-left:before{content:"\f104"}.fa-diagram-successor:before{content:"\e47a"}.fa-truck-arrow-right:before{content:"\e58b"}.fa-arrows-split-up-and-left:before{content:"\e4bc"}.fa-fist-raised:before,.fa-hand-fist:before{content:"\f6de"}.fa-cloud-moon:before{content:"\f6c3"}.fa-briefcase:before{content:"\f0b1"}.fa-person-falling:before{content:"\e546"}.fa-image-portrait:before,.fa-portrait:before{content:"\f3e0"}.fa-user-tag:before{content:"\f507"}.fa-rug:before{content:"\e569"}.fa-earth-europe:before,.fa-globe-europe:before{content:"\f7a2"}.fa-cart-flatbed-suitcase:before,.fa-luggage-cart:before{content:"\f59d"}.fa-rectangle-times:before,.fa-rectangle-xmark:before,.fa-times-rectangle:before,.fa-window-close:before{content:"\f410"}.fa-baht-sign:before{content:"\e0ac"}.fa-book-open:before{content:"\f518"}.fa-book-journal-whills:before,.fa-journal-whills:before{content:"\f66a"}.fa-handcuffs:before{content:"\e4f8"}.fa-exclamation-triangle:before,.fa-triangle-exclamation:before,.fa-warning:before{content:"\f071"}.fa-database:before{content:"\f1c0"}.fa-arrow-turn-right:before,.fa-mail-forward:before,.fa-share:before{content:"\f064"}.fa-bottle-droplet:before{content:"\e4c4"}.fa-mask-face:before{content:"\e1d7"}.fa-hill-rockslide:before{content:"\e508"}.fa-exchange-alt:before,.fa-right-left:before{content:"\f362"}.fa-paper-plane:before{content:"\f1d8"}.fa-road-circle-exclamation:before{content:"\e565"}.fa-dungeon:before{content:"\f6d9"}.fa-align-right:before{content:"\f038"}.fa-money-bill-1-wave:before,.fa-money-bill-wave-alt:before{content:"\f53b"}.fa-life-ring:before{content:"\f1cd"}.fa-hands:before,.fa-sign-language:before,.fa-signing:before{content:"\f2a7"}.fa-calendar-day:before{content:"\f783"}.fa-ladder-water:before,.fa-swimming-pool:before,.fa-water-ladder:before{content:"\f5c5"}.fa-arrows-up-down:before,.fa-arrows-v:before{content:"\f07d"}.fa-face-grimace:before,.fa-grimace:before{content:"\f57f"}.fa-wheelchair-alt:before,.fa-wheelchair-move:before{content:"\e2ce"}.fa-level-down-alt:before,.fa-turn-down:before{content:"\f3be"}.fa-person-walking-arrow-right:before{content:"\e552"}.fa-envelope-square:before,.fa-square-envelope:before{content:"\f199"}.fa-dice:before{content:"\f522"}.fa-bowling-ball:before{content:"\f436"}.fa-brain:before{content:"\f5dc"}.fa-band-aid:before,.fa-bandage:before{content:"\f462"}.fa-calendar-minus:before{content:"\f272"}.fa-circle-xmark:before,.fa-times-circle:before,.fa-xmark-circle:before{content:"\f057"}.fa-gifts:before{content:"\f79c"}.fa-hotel:before{content:"\f594"}.fa-earth-asia:before,.fa-globe-asia:before{content:"\f57e"}.fa-id-card-alt:before,.fa-id-card-clip:before{content:"\f47f"}.fa-magnifying-glass-plus:before,.fa-search-plus:before{content:"\f00e"}.fa-thumbs-up:before{content:"\f164"}.fa-user-clock:before{content:"\f4fd"}.fa-allergies:before,.fa-hand-dots:before{content:"\f461"}.fa-file-invoice:before{content:"\f570"}.fa-window-minimize:before{content:"\f2d1"}.fa-coffee:before,.fa-mug-saucer:before{content:"\f0f4"}.fa-brush:before{content:"\f55d"}.fa-mask:before{content:"\f6fa"}.fa-magnifying-glass-minus:before,.fa-search-minus:before{content:"\f010"}.fa-ruler-vertical:before{content:"\f548"}.fa-user-alt:before,.fa-user-large:before{content:"\f406"}.fa-train-tram:before{content:"\e5b4"}.fa-user-nurse:before{content:"\f82f"}.fa-syringe:before{content:"\f48e"}.fa-cloud-sun:before{content:"\f6c4"}.fa-stopwatch-20:before{content:"\e06f"}.fa-square-full:before{content:"\f45c"}.fa-magnet:before{content:"\f076"}.fa-jar:before{content:"\e516"}.fa-note-sticky:before,.fa-sticky-note:before{content:"\f249"}.fa-bug-slash:before{content:"\e490"}.fa-arrow-up-from-water-pump:before{content:"\e4b6"}.fa-bone:before{content:"\f5d7"}.fa-user-injured:before{content:"\f728"}.fa-face-sad-tear:before,.fa-sad-tear:before{content:"\f5b4"}.fa-plane:before{content:"\f072"}.fa-tent-arrows-down:before{content:"\e581"}.fa-exclamation:before{content:"\21"}.fa-arrows-spin:before{content:"\e4bb"}.fa-print:before{content:"\f02f"}.fa-try:before,.fa-turkish-lira-sign:before,.fa-turkish-lira:before{content:"\e2bb"}.fa-dollar-sign:before,.fa-dollar:before,.fa-usd:before{content:"\24"}.fa-x:before{content:"\58"}.fa-magnifying-glass-dollar:before,.fa-search-dollar:before{content:"\f688"}.fa-users-cog:before,.fa-users-gear:before{content:"\f509"}.fa-person-military-pointing:before{content:"\e54a"}.fa-bank:before,.fa-building-columns:before,.fa-institution:before,.fa-museum:before,.fa-university:before{content:"\f19c"}.fa-umbrella:before{content:"\f0e9"}.fa-trowel:before{content:"\e589"}.fa-d:before{content:"\44"}.fa-stapler:before{content:"\e5af"}.fa-masks-theater:before,.fa-theater-masks:before{content:"\f630"}.fa-kip-sign:before{content:"\e1c4"}.fa-hand-point-left:before{content:"\f0a5"}.fa-handshake-alt:before,.fa-handshake-simple:before{content:"\f4c6"}.fa-fighter-jet:before,.fa-jet-fighter:before{content:"\f0fb"}.fa-share-alt-square:before,.fa-square-share-nodes:before{content:"\f1e1"}.fa-barcode:before{content:"\f02a"}.fa-plus-minus:before{content:"\e43c"}.fa-video-camera:before,.fa-video:before{content:"\f03d"}.fa-graduation-cap:before,.fa-mortar-board:before{content:"\f19d"}.fa-hand-holding-medical:before{content:"\e05c"}.fa-person-circle-check:before{content:"\e53e"}.fa-level-up-alt:before,.fa-turn-up:before{content:"\f3bf"}.fa-sr-only,.fa-sr-only-focusable:not(:focus),.sr-only,.sr-only-focusable:not(:focus){position:absolute;width:1px;height:1px;padding:0;margin:-1px;overflow:hidden;clip:rect(0,0,0,0);white-space:nowrap;border-width:0}:host,:root{--fa-style-family-brands:"Font Awesome 6 Brands";--fa-font-brands:normal 400 1em/1 "Font Awesome 6 Brands"}@font-face{font-family:"Font Awesome 6 Brands";font-style:normal;font-weight:400;font-display:block;src:url(../webfonts/fa-brands-400.woff2) format("woff2"),url(../webfonts/fa-brands-400.ttf) format("truetype")}.fa-brands,.fab{font-weight:400}.fa-monero:before{content:"\f3d0"}.fa-hooli:before{content:"\f427"}.fa-yelp:before{content:"\f1e9"}.fa-cc-visa:before{content:"\f1f0"}.fa-lastfm:before{content:"\f202"}.fa-shopware:before{content:"\f5b5"}.fa-creative-commons-nc:before{content:"\f4e8"}.fa-aws:before{content:"\f375"}.fa-redhat:before{content:"\f7bc"}.fa-yoast:before{content:"\f2b1"}.fa-cloudflare:before{content:"\e07d"}.fa-ups:before{content:"\f7e0"}.fa-wpexplorer:before{content:"\f2de"}.fa-dyalog:before{content:"\f399"}.fa-bity:before{content:"\f37a"}.fa-stackpath:before{content:"\f842"}.fa-buysellads:before{content:"\f20d"}.fa-first-order:before{content:"\f2b0"}.fa-modx:before{content:"\f285"}.fa-guilded:before{content:"\e07e"}.fa-vnv:before{content:"\f40b"}.fa-js-square:before,.fa-square-js:before{content:"\f3b9"}.fa-microsoft:before{content:"\f3ca"}.fa-qq:before{content:"\f1d6"}.fa-orcid:before{content:"\f8d2"}.fa-java:before{content:"\f4e4"}.fa-invision:before{content:"\f7b0"}.fa-creative-commons-pd-alt:before{content:"\f4ed"}.fa-centercode:before{content:"\f380"}.fa-glide-g:before{content:"\f2a6"}.fa-drupal:before{content:"\f1a9"}.fa-hire-a-helper:before{content:"\f3b0"}.fa-creative-commons-by:before{content:"\f4e7"}.fa-unity:before{content:"\e049"}.fa-whmcs:before{content:"\f40d"}.fa-rocketchat:before{content:"\f3e8"}.fa-vk:before{content:"\f189"}.fa-untappd:before{content:"\f405"}.fa-mailchimp:before{content:"\f59e"}.fa-css3-alt:before{content:"\f38b"}.fa-reddit-square:before,.fa-square-reddit:before{content:"\f1a2"}.fa-vimeo-v:before{content:"\f27d"}.fa-contao:before{content:"\f26d"}.fa-square-font-awesome:before{content:"\e5ad"}.fa-deskpro:before{content:"\f38f"}.fa-sistrix:before{content:"\f3ee"}.fa-instagram-square:before,.fa-square-instagram:before{content:"\e055"}.fa-battle-net:before{content:"\f835"}.fa-the-red-yeti:before{content:"\f69d"}.fa-hacker-news-square:before,.fa-square-hacker-news:before{content:"\f3af"}.fa-edge:before{content:"\f282"}.fa-napster:before{content:"\f3d2"}.fa-snapchat-square:before,.fa-square-snapchat:before{content:"\f2ad"}.fa-google-plus-g:before{content:"\f0d5"}.fa-artstation:before{content:"\f77a"}.fa-markdown:before{content:"\f60f"}.fa-sourcetree:before{content:"\f7d3"}.fa-google-plus:before{content:"\f2b3"}.fa-diaspora:before{content:"\f791"}.fa-foursquare:before{content:"\f180"}.fa-stack-overflow:before{content:"\f16c"}.fa-github-alt:before{content:"\f113"}.fa-phoenix-squadron:before{content:"\f511"}.fa-pagelines:before{content:"\f18c"}.fa-algolia:before{content:"\f36c"}.fa-red-river:before{content:"\f3e3"}.fa-creative-commons-sa:before{content:"\f4ef"}.fa-safari:before{content:"\f267"}.fa-google:before{content:"\f1a0"}.fa-font-awesome-alt:before,.fa-square-font-awesome-stroke:before{content:"\f35c"}.fa-atlassian:before{content:"\f77b"}.fa-linkedin-in:before{content:"\f0e1"}.fa-digital-ocean:before{content:"\f391"}.fa-nimblr:before{content:"\f5a8"}.fa-chromecast:before{content:"\f838"}.fa-evernote:before{content:"\f839"}.fa-hacker-news:before{content:"\f1d4"}.fa-creative-commons-sampling:before{content:"\f4f0"}.fa-adversal:before{content:"\f36a"}.fa-creative-commons:before{content:"\f25e"}.fa-watchman-monitoring:before{content:"\e087"}.fa-fonticons:before{content:"\f280"}.fa-weixin:before{content:"\f1d7"}.fa-shirtsinbulk:before{content:"\f214"}.fa-codepen:before{content:"\f1cb"}.fa-git-alt:before{content:"\f841"}.fa-lyft:before{content:"\f3c3"}.fa-rev:before{content:"\f5b2"}.fa-windows:before{content:"\f17a"}.fa-wizards-of-the-coast:before{content:"\f730"}.fa-square-viadeo:before,.fa-viadeo-square:before{content:"\f2aa"}.fa-meetup:before{content:"\f2e0"}.fa-centos:before{content:"\f789"}.fa-adn:before{content:"\f170"}.fa-cloudsmith:before{content:"\f384"}.fa-pied-piper-alt:before{content:"\f1a8"}.fa-dribbble-square:before,.fa-square-dribbble:before{content:"\f397"}.fa-codiepie:before{content:"\f284"}.fa-node:before{content:"\f419"}.fa-mix:before{content:"\f3cb"}.fa-steam:before{content:"\f1b6"}.fa-cc-apple-pay:before{content:"\f416"}.fa-scribd:before{content:"\f28a"}.fa-openid:before{content:"\f19b"}.fa-instalod:before{content:"\e081"}.fa-expeditedssl:before{content:"\f23e"}.fa-sellcast:before{content:"\f2da"}.fa-square-twitter:before,.fa-twitter-square:before{content:"\f081"}.fa-r-project:before{content:"\f4f7"}.fa-delicious:before{content:"\f1a5"}.fa-freebsd:before{content:"\f3a4"}.fa-vuejs:before{content:"\f41f"}.fa-accusoft:before{content:"\f369"}.fa-ioxhost:before{content:"\f208"}.fa-fonticons-fi:before{content:"\f3a2"}.fa-app-store:before{content:"\f36f"}.fa-cc-mastercard:before{content:"\f1f1"}.fa-itunes-note:before{content:"\f3b5"}.fa-golang:before{content:"\e40f"}.fa-kickstarter:before{content:"\f3bb"}.fa-grav:before{content:"\f2d6"}.fa-weibo:before{content:"\f18a"}.fa-uncharted:before{content:"\e084"}.fa-firstdraft:before{content:"\f3a1"}.fa-square-youtube:before,.fa-youtube-square:before{content:"\f431"}.fa-wikipedia-w:before{content:"\f266"}.fa-rendact:before,.fa-wpressr:before{content:"\f3e4"}.fa-angellist:before{content:"\f209"}.fa-galactic-republic:before{content:"\f50c"}.fa-nfc-directional:before{content:"\e530"}.fa-skype:before{content:"\f17e"}.fa-joget:before{content:"\f3b7"}.fa-fedora:before{content:"\f798"}.fa-stripe-s:before{content:"\f42a"}.fa-meta:before{content:"\e49b"}.fa-laravel:before{content:"\f3bd"}.fa-hotjar:before{content:"\f3b1"}.fa-bluetooth-b:before{content:"\f294"}.fa-sticker-mule:before{content:"\f3f7"}.fa-creative-commons-zero:before{content:"\f4f3"}.fa-hips:before{content:"\f452"}.fa-behance:before{content:"\f1b4"}.fa-reddit:before{content:"\f1a1"}.fa-discord:before{content:"\f392"}.fa-chrome:before{content:"\f268"}.fa-app-store-ios:before{content:"\f370"}.fa-cc-discover:before{content:"\f1f2"}.fa-wpbeginner:before{content:"\f297"}.fa-confluence:before{content:"\f78d"}.fa-mdb:before{content:"\f8ca"}.fa-dochub:before{content:"\f394"}.fa-accessible-icon:before{content:"\f368"}.fa-ebay:before{content:"\f4f4"}.fa-amazon:before{content:"\f270"}.fa-unsplash:before{content:"\e07c"}.fa-yarn:before{content:"\f7e3"}.fa-square-steam:before,.fa-steam-square:before{content:"\f1b7"}.fa-500px:before{content:"\f26e"}.fa-square-vimeo:before,.fa-vimeo-square:before{content:"\f194"}.fa-asymmetrik:before{content:"\f372"}.fa-font-awesome-flag:before,.fa-font-awesome-logo-full:before,.fa-font-awesome:before{content:"\f2b4"}.fa-gratipay:before{content:"\f184"}.fa-apple:before{content:"\f179"}.fa-hive:before{content:"\e07f"}.fa-gitkraken:before{content:"\f3a6"}.fa-keybase:before{content:"\f4f5"}.fa-apple-pay:before{content:"\f415"}.fa-padlet:before{content:"\e4a0"}.fa-amazon-pay:before{content:"\f42c"}.fa-github-square:before,.fa-square-github:before{content:"\f092"}.fa-stumbleupon:before{content:"\f1a4"}.fa-fedex:before{content:"\f797"}.fa-phoenix-framework:before{content:"\f3dc"}.fa-shopify:before{content:"\e057"}.fa-neos:before{content:"\f612"}.fa-hackerrank:before{content:"\f5f7"}.fa-researchgate:before{content:"\f4f8"}.fa-swift:before{content:"\f8e1"}.fa-angular:before{content:"\f420"}.fa-speakap:before{content:"\f3f3"}.fa-angrycreative:before{content:"\f36e"}.fa-y-combinator:before{content:"\f23b"}.fa-empire:before{content:"\f1d1"}.fa-envira:before{content:"\f299"}.fa-gitlab-square:before,.fa-square-gitlab:before{content:"\e5ae"}.fa-studiovinari:before{content:"\f3f8"}.fa-pied-piper:before{content:"\f2ae"}.fa-wordpress:before{content:"\f19a"}.fa-product-hunt:before{content:"\f288"}.fa-firefox:before{content:"\f269"}.fa-linode:before{content:"\f2b8"}.fa-goodreads:before{content:"\f3a8"}.fa-odnoklassniki-square:before,.fa-square-odnoklassniki:before{content:"\f264"}.fa-jsfiddle:before{content:"\f1cc"}.fa-sith:before{content:"\f512"}.fa-themeisle:before{content:"\f2b2"}.fa-page4:before{content:"\f3d7"}.fa-hashnode:before{content:"\e499"}.fa-react:before{content:"\f41b"}.fa-cc-paypal:before{content:"\f1f4"}.fa-squarespace:before{content:"\f5be"}.fa-cc-stripe:before{content:"\f1f5"}.fa-creative-commons-share:before{content:"\f4f2"}.fa-bitcoin:before{content:"\f379"}.fa-keycdn:before{content:"\f3ba"}.fa-opera:before{content:"\f26a"}.fa-itch-io:before{content:"\f83a"}.fa-umbraco:before{content:"\f8e8"}.fa-galactic-senate:before{content:"\f50d"}.fa-ubuntu:before{content:"\f7df"}.fa-draft2digital:before{content:"\f396"}.fa-stripe:before{content:"\f429"}.fa-houzz:before{content:"\f27c"}.fa-gg:before{content:"\f260"}.fa-dhl:before{content:"\f790"}.fa-pinterest-square:before,.fa-square-pinterest:before{content:"\f0d3"}.fa-xing:before{content:"\f168"}.fa-blackberry:before{content:"\f37b"}.fa-creative-commons-pd:before{content:"\f4ec"}.fa-playstation:before{content:"\f3df"}.fa-quinscape:before{content:"\f459"}.fa-less:before{content:"\f41d"}.fa-blogger-b:before{content:"\f37d"}.fa-opencart:before{content:"\f23d"}.fa-vine:before{content:"\f1ca"}.fa-paypal:before{content:"\f1ed"}.fa-gitlab:before{content:"\f296"}.fa-typo3:before{content:"\f42b"}.fa-reddit-alien:before{content:"\f281"}.fa-yahoo:before{content:"\f19e"}.fa-dailymotion:before{content:"\e052"}.fa-affiliatetheme:before{content:"\f36b"}.fa-pied-piper-pp:before{content:"\f1a7"}.fa-bootstrap:before{content:"\f836"}.fa-odnoklassniki:before{content:"\f263"}.fa-nfc-symbol:before{content:"\e531"}.fa-ethereum:before{content:"\f42e"}.fa-speaker-deck:before{content:"\f83c"}.fa-creative-commons-nc-eu:before{content:"\f4e9"}.fa-patreon:before{content:"\f3d9"}.fa-avianex:before{content:"\f374"}.fa-ello:before{content:"\f5f1"}.fa-gofore:before{content:"\f3a7"}.fa-bimobject:before{content:"\f378"}.fa-facebook-f:before{content:"\f39e"}.fa-google-plus-square:before,.fa-square-google-plus:before{content:"\f0d4"}.fa-mandalorian:before{content:"\f50f"}.fa-first-order-alt:before{content:"\f50a"}.fa-osi:before{content:"\f41a"}.fa-google-wallet:before{content:"\f1ee"}.fa-d-and-d-beyond:before{content:"\f6ca"}.fa-periscope:before{content:"\f3da"}.fa-fulcrum:before{content:"\f50b"}.fa-cloudscale:before{content:"\f383"}.fa-forumbee:before{content:"\f211"}.fa-mizuni:before{content:"\f3cc"}.fa-schlix:before{content:"\f3ea"}.fa-square-xing:before,.fa-xing-square:before{content:"\f169"}.fa-bandcamp:before{content:"\f2d5"}.fa-wpforms:before{content:"\f298"}.fa-cloudversify:before{content:"\f385"}.fa-usps:before{content:"\f7e1"}.fa-megaport:before{content:"\f5a3"}.fa-magento:before{content:"\f3c4"}.fa-spotify:before{content:"\f1bc"}.fa-optin-monster:before{content:"\f23c"}.fa-fly:before{content:"\f417"}.fa-aviato:before{content:"\f421"}.fa-itunes:before{content:"\f3b4"}.fa-cuttlefish:before{content:"\f38c"}.fa-blogger:before{content:"\f37c"}.fa-flickr:before{content:"\f16e"}.fa-viber:before{content:"\f409"}.fa-soundcloud:before{content:"\f1be"}.fa-digg:before{content:"\f1a6"}.fa-tencent-weibo:before{content:"\f1d5"}.fa-symfony:before{content:"\f83d"}.fa-maxcdn:before{content:"\f136"}.fa-etsy:before{content:"\f2d7"}.fa-facebook-messenger:before{content:"\f39f"}.fa-audible:before{content:"\f373"}.fa-think-peaks:before{content:"\f731"}.fa-bilibili:before{content:"\e3d9"}.fa-erlang:before{content:"\f39d"}.fa-cotton-bureau:before{content:"\f89e"}.fa-dashcube:before{content:"\f210"}.fa-42-group:before,.fa-innosoft:before{content:"\e080"}.fa-stack-exchange:before{content:"\f18d"}.fa-elementor:before{content:"\f430"}.fa-pied-piper-square:before,.fa-square-pied-piper:before{content:"\e01e"}.fa-creative-commons-nd:before{content:"\f4eb"}.fa-palfed:before{content:"\f3d8"}.fa-superpowers:before{content:"\f2dd"}.fa-resolving:before{content:"\f3e7"}.fa-xbox:before{content:"\f412"}.fa-searchengin:before{content:"\f3eb"}.fa-tiktok:before{content:"\e07b"}.fa-facebook-square:before,.fa-square-facebook:before{content:"\f082"}.fa-renren:before{content:"\f18b"}.fa-linux:before{content:"\f17c"}.fa-glide:before{content:"\f2a5"}.fa-linkedin:before{content:"\f08c"}.fa-hubspot:before{content:"\f3b2"}.fa-deploydog:before{content:"\f38e"}.fa-twitch:before{content:"\f1e8"}.fa-ravelry:before{content:"\f2d9"}.fa-mixer:before{content:"\e056"}.fa-lastfm-square:before,.fa-square-lastfm:before{content:"\f203"}.fa-vimeo:before{content:"\f40a"}.fa-mendeley:before{content:"\f7b3"}.fa-uniregistry:before{content:"\f404"}.fa-figma:before{content:"\f799"}.fa-creative-commons-remix:before{content:"\f4ee"}.fa-cc-amazon-pay:before{content:"\f42d"}.fa-dropbox:before{content:"\f16b"}.fa-instagram:before{content:"\f16d"}.fa-cmplid:before{content:"\e360"}.fa-facebook:before{content:"\f09a"}.fa-gripfire:before{content:"\f3ac"}.fa-jedi-order:before{content:"\f50e"}.fa-uikit:before{content:"\f403"}.fa-fort-awesome-alt:before{content:"\f3a3"}.fa-phabricator:before{content:"\f3db"}.fa-ussunnah:before{content:"\f407"}.fa-earlybirds:before{content:"\f39a"}.fa-trade-federation:before{content:"\f513"}.fa-autoprefixer:before{content:"\f41c"}.fa-whatsapp:before{content:"\f232"}.fa-slideshare:before{content:"\f1e7"}.fa-google-play:before{content:"\f3ab"}.fa-viadeo:before{content:"\f2a9"}.fa-line:before{content:"\f3c0"}.fa-google-drive:before{content:"\f3aa"}.fa-servicestack:before{content:"\f3ec"}.fa-simplybuilt:before{content:"\f215"}.fa-bitbucket:before{content:"\f171"}.fa-imdb:before{content:"\f2d8"}.fa-deezer:before{content:"\e077"}.fa-raspberry-pi:before{content:"\f7bb"}.fa-jira:before{content:"\f7b1"}.fa-docker:before{content:"\f395"}.fa-screenpal:before{content:"\e570"}.fa-bluetooth:before{content:"\f293"}.fa-gitter:before{content:"\f426"}.fa-d-and-d:before{content:"\f38d"}.fa-microblog:before{content:"\e01a"}.fa-cc-diners-club:before{content:"\f24c"}.fa-gg-circle:before{content:"\f261"}.fa-pied-piper-hat:before{content:"\f4e5"}.fa-kickstarter-k:before{content:"\f3bc"}.fa-yandex:before{content:"\f413"}.fa-readme:before{content:"\f4d5"}.fa-html5:before{content:"\f13b"}.fa-sellsy:before{content:"\f213"}.fa-sass:before{content:"\f41e"}.fa-wirsindhandwerk:before,.fa-wsh:before{content:"\e2d0"}.fa-buromobelexperte:before{content:"\f37f"}.fa-salesforce:before{content:"\f83b"}.fa-octopus-deploy:before{content:"\e082"}.fa-medapps:before{content:"\f3c6"}.fa-ns8:before{content:"\f3d5"}.fa-pinterest-p:before{content:"\f231"}.fa-apper:before{content:"\f371"}.fa-fort-awesome:before{content:"\f286"}.fa-waze:before{content:"\f83f"}.fa-cc-jcb:before{content:"\f24b"}.fa-snapchat-ghost:before,.fa-snapchat:before{content:"\f2ab"}.fa-fantasy-flight-games:before{content:"\f6dc"}.fa-rust:before{content:"\e07a"}.fa-wix:before{content:"\f5cf"}.fa-behance-square:before,.fa-square-behance:before{content:"\f1b5"}.fa-supple:before{content:"\f3f9"}.fa-rebel:before{content:"\f1d0"}.fa-css3:before{content:"\f13c"}.fa-staylinked:before{content:"\f3f5"}.fa-kaggle:before{content:"\f5fa"}.fa-space-awesome:before{content:"\e5ac"}.fa-deviantart:before{content:"\f1bd"}.fa-cpanel:before{content:"\f388"}.fa-goodreads-g:before{content:"\f3a9"}.fa-git-square:before,.fa-square-git:before{content:"\f1d2"}.fa-square-tumblr:before,.fa-tumblr-square:before{content:"\f174"}.fa-trello:before{content:"\f181"}.fa-creative-commons-nc-jp:before{content:"\f4ea"}.fa-get-pocket:before{content:"\f265"}.fa-perbyte:before{content:"\e083"}.fa-grunt:before{content:"\f3ad"}.fa-weebly:before{content:"\f5cc"}.fa-connectdevelop:before{content:"\f20e"}.fa-leanpub:before{content:"\f212"}.fa-black-tie:before{content:"\f27e"}.fa-themeco:before{content:"\f5c6"}.fa-python:before{content:"\f3e2"}.fa-android:before{content:"\f17b"}.fa-bots:before{content:"\e340"}.fa-free-code-camp:before{content:"\f2c5"}.fa-hornbill:before{content:"\f592"}.fa-js:before{content:"\f3b8"}.fa-ideal:before{content:"\e013"}.fa-git:before{content:"\f1d3"}.fa-dev:before{content:"\f6cc"}.fa-sketch:before{content:"\f7c6"}.fa-yandex-international:before{content:"\f414"}.fa-cc-amex:before{content:"\f1f3"}.fa-uber:before{content:"\f402"}.fa-github:before{content:"\f09b"}.fa-php:before{content:"\f457"}.fa-alipay:before{content:"\f642"}.fa-youtube:before{content:"\f167"}.fa-skyatlas:before{content:"\f216"}.fa-firefox-browser:before{content:"\e007"}.fa-replyd:before{content:"\f3e6"}.fa-suse:before{content:"\f7d6"}.fa-jenkins:before{content:"\f3b6"}.fa-twitter:before{content:"\f099"}.fa-rockrms:before{content:"\f3e9"}.fa-pinterest:before{content:"\f0d2"}.fa-buffer:before{content:"\f837"}.fa-npm:before{content:"\f3d4"}.fa-yammer:before{content:"\f840"}.fa-btc:before{content:"\f15a"}.fa-dribbble:before{content:"\f17d"}.fa-stumbleupon-circle:before{content:"\f1a3"}.fa-internet-explorer:before{content:"\f26b"}.fa-telegram-plane:before,.fa-telegram:before{content:"\f2c6"}.fa-old-republic:before{content:"\f510"}.fa-square-whatsapp:before,.fa-whatsapp-square:before{content:"\f40c"}.fa-node-js:before{content:"\f3d3"}.fa-edge-legacy:before{content:"\e078"}.fa-slack-hash:before,.fa-slack:before{content:"\f198"}.fa-medrt:before{content:"\f3c8"}.fa-usb:before{content:"\f287"}.fa-tumblr:before{content:"\f173"}.fa-vaadin:before{content:"\f408"}.fa-quora:before{content:"\f2c4"}.fa-reacteurope:before{content:"\f75d"}.fa-medium-m:before,.fa-medium:before{content:"\f23a"}.fa-amilia:before{content:"\f36d"}.fa-mixcloud:before{content:"\f289"}.fa-flipboard:before{content:"\f44d"}.fa-viacoin:before{content:"\f237"}.fa-critical-role:before{content:"\f6c9"}.fa-sitrox:before{content:"\e44a"}.fa-discourse:before{content:"\f393"}.fa-joomla:before{content:"\f1aa"}.fa-mastodon:before{content:"\f4f6"}.fa-airbnb:before{content:"\f834"}.fa-wolf-pack-battalion:before{content:"\f514"}.fa-buy-n-large:before{content:"\f8a6"}.fa-gulp:before{content:"\f3ae"}.fa-creative-commons-sampling-plus:before{content:"\f4f1"}.fa-strava:before{content:"\f428"}.fa-ember:before{content:"\f423"}.fa-canadian-maple-leaf:before{content:"\f785"}.fa-teamspeak:before{content:"\f4f9"}.fa-pushed:before{content:"\f3e1"}.fa-wordpress-simple:before{content:"\f411"}.fa-nutritionix:before{content:"\f3d6"}.fa-wodu:before{content:"\e088"}.fa-google-pay:before{content:"\e079"}.fa-intercom:before{content:"\f7af"}.fa-zhihu:before{content:"\f63f"}.fa-korvue:before{content:"\f42f"}.fa-pix:before{content:"\e43a"}.fa-steam-symbol:before{content:"\f3f6"}:host,:root{--fa-font-regular:normal 400 1em/1 "Font Awesome 6 Free"}@font-face{font-family:"Font Awesome 6 Free";font-style:normal;font-weight:400;font-display:block;src:url(../webfonts/fa-regular-400.woff2) format("woff2"),url(../webfonts/fa-regular-400.ttf) format("truetype")}.fa-regular,.far{font-weight:400}:host,:root{--fa-style-family-classic:"Font Awesome 6 Free";--fa-font-solid:normal 900 1em/1 "Font Awesome 6 Free"}@font-face{font-family:"Font Awesome 6 Free";font-style:normal;font-weight:900;font-display:block;src:url(../webfonts/fa-solid-900.woff2) format("woff2"),url(../webfonts/fa-solid-900.ttf) format("truetype")}.fa-solid,.fas{font-weight:900}@font-face{font-family:"Font Awesome 5 Brands";font-display:block;font-weight:400;src:url(../webfonts/fa-brands-400.woff2) format("woff2"),url(../webfonts/fa-brands-400.ttf) format("truetype")}@font-face{font-family:"Font Awesome 5 Free";font-display:block;font-weight:900;src:url(../webfonts/fa-solid-900.woff2) format("woff2"),url(../webfonts/fa-solid-900.ttf) format("truetype")}@font-face{font-family:"Font Awesome 5 Free";font-display:block;font-weight:400;src:url(../webfonts/fa-regular-400.woff2) format("woff2"),url(../webfonts/fa-regular-400.ttf) format("truetype")}@font-face{font-family:"FontAwesome";font-display:block;src:url(../webfonts/fa-solid-900.woff2) format("woff2"),url(../webfonts/fa-solid-900.ttf) format("truetype")}@font-face{font-family:"FontAwesome";font-display:block;src:url(../webfonts/fa-brands-400.woff2) format("woff2"),url(../webfonts/fa-brands-400.ttf) format("truetype")}@font-face{font-family:"FontAwesome";font-display:block;src:url(../webfonts/fa-regular-400.woff2) format("woff2"),url(../webfonts/fa-regular-400.ttf) format("truetype");unicode-range:u+f003,u+f006,u+f014,u+f016-f017,u+f01a-f01b,u+f01d,u+f022,u+f03e,u+f044,u+f046,u+f05c-f05d,u+f06e,u+f070,u+f087-f088,u+f08a,u+f094,u+f096-f097,u+f09d,u+f0a0,u+f0a2,u+f0a4-f0a7,u+f0c5,u+f0c7,u+f0e5-f0e6,u+f0eb,u+f0f6-f0f8,u+f10c,u+f114-f115,u+f118-f11a,u+f11c-f11d,u+f133,u+f147,u+f14e,u+f150-f152,u+f185-f186,u+f18e,u+f190-f192,u+f196,u+f1c1-f1c9,u+f1d9,u+f1db,u+f1e3,u+f1ea,u+f1f7,u+f1f9,u+f20a,u+f247-f248,u+f24a,u+f24d,u+f255-f25b,u+f25d,u+f271-f274,u+f278,u+f27b,u+f28c,u+f28e,u+f29c,u+f2b5,u+f2b7,u+f2ba,u+f2bc,u+f2be,u+f2c0-f2c1,u+f2c3,u+f2d0,u+f2d2,u+f2d4,u+f2dc}@font-face{font-family:"FontAwesome";font-display:block;src:url(../webfonts/fa-v4compatibility.woff2) format("woff2"),url(../webfonts/fa-v4compatibility.ttf) format("truetype");unicode-range:u+f041,u+f047,u+f065-f066,u+f07d-f07e,u+f080,u+f08b,u+f08e,u+f090,u+f09a,u+f0ac,u+f0ae,u+f0b2,u+f0d0,u+f0d6,u+f0e4,u+f0ec,u+f10a-f10b,u+f123,u+f13e,u+f148-f149,u+f14c,u+f156,u+f15e,u+f160-f161,u+f163,u+f175-f178,u+f195,u+f1f8,u+f219,u+f27a} \ No newline at end of file diff --git a/src/_site/assets/css/style.css b/src/_site/assets/css/style.css deleted file mode 100644 index 0bbdf5c..0000000 --- a/src/_site/assets/css/style.css +++ /dev/null @@ -1,3 +0,0 @@ -*{-webkit-transition:background-color 75ms ease-in, border-color 75ms ease-in;-moz-transition:background-color 75ms ease-in, border-color 75ms ease-in;-ms-transition:background-color 75ms ease-in, border-color 75ms ease-in;-o-transition:background-color 75ms ease-in, border-color 75ms ease-in;transition:background-color 75ms ease-in, border-color 75ms ease-in}.notransition{-webkit-transition:none;-moz-transition:none;-ms-transition:none;-o-transition:none;transition:none}html{overflow-x:hidden;width:100%}body,h1,h2,h3,h4,h5,h6,p,blockquote,pre,hr,dl,dd,ol,ul,figure{margin:0;padding:0}body{min-height:100vh;overflow-x:hidden;position:relative;color:#434648;background-color:#fff;font:400 16px/1.85 Roboto,sans-serif;-webkit-text-size-adjust:100%;-webkit-font-smoothing:antialiased;-webkit-font-feature-settings:"kern" 1;-moz-font-feature-settings:"kern" 1;-o-font-feature-settings:"kern" 1;font-feature-settings:"kern" 1;font-kerning:normal;box-sizing:border-box}h1,h2,h3,h4,h5,h6,p,blockquote,pre,ul,ol,dl,figure{margin-top:10px;margin-bottom:10px}strong,b{font-weight:700;color:#0d122b}hr{border-bottom:0;border-style:solid;border-color:#ececec}kbd{-moz-border-radius:3px;-webkit-border-radius:3px;border:1px solid #ececec;border-radius:2px;color:#0d122b;display:inline-block;font-size:14px;line-height:1.4;font-family:Consolas,monospace;margin:0 0.1em;font-weight:700;padding:0.01em 0.4em;text-shadow:0 1px 0 #fff}img{max-width:100%;vertical-align:middle;-webkit-user-drag:none;margin:0 auto;text-align:center}figure{position:relative}figure>img{display:block;position:relative}figcaption{font-size:13px;text-align:center}ul{list-style:none}ul li{display:list-item;text-align:-webkit-match-parent}ul li::before{content:"\FE63";display:inline-block;top:-1px;width:1.2em;position:relative;margin-left:-1.3em;font-weight:700}ol{list-style:none;counter-reset:li}ol li{position:relative;counter-increment:li}ol li::before{content:counter(li);display:inline-block;width:1em;margin-right:0.5em;margin-left:-1.6em;text-align:right;direction:rtl;font-weight:700;font-size:14px}ul,ol{margin-top:0;margin-left:30px}li{padding-bottom:1px;padding-top:1px}li:before{color:#0d122b}li>ul,li>ol{margin-bottom:2px;margin-top:0}h1,h2,h3,h4,h5,h6{color:#0d122b;font-weight:700}h1+ul,h1+ol,h2+ul,h2+ol,h3+ul,h3+ol,h4+ul,h4+ol,h5+ul,h5+ol,h6+ul,h6+ol{margin-top:10px}@media screen and (max-width: 768px){h1,h2,h3,h4,h5,h6{scroll-margin-top:65px}}h1>a,h2>a,h3>a,h4>a,h5>a,h6>a{text-decoration:none;border:none}h1>a:hover,h2>a:hover,h3>a:hover,h4>a:hover,h5>a:hover,h6>a:hover{text-decoration:none;border:none}a{color:inherit;text-decoration-color:#d2c7c7}a:hover{color:#003fff}a:focus{outline:3px solid rgba(0,54,199,0.6);outline-offset:2px}del{color:inherit}em{color:inherit}blockquote{color:#6b7886;font-style:italic;text-align:center;opacity:0.9;border-top:1px solid #ececec;border-bottom:1px solid #ececec;padding:10px;margin-left:10px;margin-right:10px;font-size:1em}blockquote>:last-child{margin-bottom:0;margin-top:0}.wrapper{max-width:-webkit-calc(720px - (30px * 2));max-width:calc(720px - (30px * 2));position:relative;margin-right:auto;margin-left:auto;padding-right:30px;padding-left:30px}@media screen and (max-width: 768px){.wrapper{max-width:-webkit-calc(720px - (30px));max-width:calc(720px - (30px));padding-right:20px;padding-left:20px}.wrapper.blurry{animation:0.2s ease-in forwards blur;-webkit-animation:0.2s ease-in forwards blur}}u{text-decoration-color:#d2c7c7}small{font-size:14px}sup{border-radius:10%;top:-3px;left:2px;font-size:small;position:relative;margin-right:2px}.overflow-table{overflow-x:auto}table{width:100%;margin-top:15px;border-collapse:collapse;font-size:14px}table thead{font-weight:700;color:#0d122b;border-bottom:1px solid #ececec}table th,table td,table tr{border:1px solid #ececec;padding:2px 7px}.post-item:after,.navbar:after,.wrapper:after{content:"";display:table;clear:both}mark,::selection{background:#fffba0;color:#0d122b}.gist table{border:0}.gist table tr,.gist table td{border:0}.navbar{height:auto;max-width:calc(890px - (30px * 2));max-width:-webkit-calc(890px - (30px * 2));position:relative;margin-right:auto;margin-left:auto;border-bottom:1px solid #ececec;padding:15px 30px}.menu{user-select:none;-ms-user-select:none;-webkit-user-select:none}.menu a#mode{float:left;left:8px;top:6px;position:relative;clear:both;-webkit-transform:scale(1, 1);transform:scale(1, 1);opacity:0.7;z-index:1}.menu a#mode:hover{cursor:pointer;opacity:1}.menu a#mode:active{-webkit-transform:scale(0.9, 0.9);transform:scale(0.9, 0.9)}.menu a#mode .mode-moon{display:block}.menu a#mode .mode-moon line{stroke:#0d122b;fill:none}.menu a#mode .mode-moon circle{fill:#0d122b;stroke:#0d122b}.menu a#mode .mode-sunny{display:none}.menu a#mode .mode-sunny line{stroke:#eaeaea;fill:none}.menu a#mode .mode-sunny circle{fill:none;stroke:#eaeaea}.menu .trigger{float:right}.menu .menu-trigger{display:none}.menu .menu-icon{display:none}.menu .menu-link{color:#0d122b;line-height:2.25;text-decoration:none;padding:5px 8px;opacity:0.7;letter-spacing:0.3px}.menu .menu-link:hover{opacity:1}.menu .menu-link:not(:last-child){margin-right:5px}.menu .menu-link.rss{position:relative;bottom:-3px;outline:none}@media screen and (max-width: 768px){.menu .menu-link{opacity:0.8}}.menu .menu-link.active{opacity:1;font-weight:600}@media screen and (max-width: 768px){.menu{position:fixed;top:0;left:0;right:0;z-index:2;text-align:center;height:50px;background-color:#fff;border-bottom:1px solid #ececec}.menu a#mode{left:10px;top:12px}.menu .menu-icon{display:block;position:absolute;right:0;width:50px;height:23px;line-height:0;padding-top:13px;padding-bottom:15px;cursor:pointer;text-align:center;z-index:1}.menu .menu-icon>svg{fill:#0d122b;opacity:0.7}.menu .menu-icon:hover>svg{opacity:1}.menu .menu-icon:active{-webkit-transform:scale(0.9, 0.9);transform:scale(0.9, 0.9)}.menu input[type="checkbox"]:not(:checked)~.trigger{clear:both;visibility:hidden}.menu input[type="checkbox"]:checked~.trigger{position:fixed;animation:0.2s ease-in forwards fadein;-webkit-animation:0.2s ease-in forwards fadein;display:flex;flex-direction:row;justify-content:center;align-items:center;background-color:#fff;height:100vh;width:100%;top:0}.menu .menu-link{display:block;box-sizing:border-box;font-size:1.1em}.menu .menu-link:not(:last-child){margin:0;padding:2px 0}}.author{margin-top:6.3rem;margin-bottom:7.2rem;text-align:center}@media screen and (max-width: 768px){.author{margin-bottom:3em}}.author .author-avatar{width:70px;height:70px;border-radius:100%;user-select:none;-ms-user-select:none;-webkit-user-select:none;-webkit-animation:0.5s ease-in forwards fadein;animation:0.5s ease-in forwards fadein;opacity:1}.author .author-name{font-size:1.7em;margin-bottom:2px}.author .author-bio{margin:0 auto;opacity:0.9;max-width:393px;line-height:1.688}.posts-item-note{font-size:16px;font-weight:700;margin-bottom:5px;color:#0d122b}.post-item{display:flex;padding-top:5px;padding-bottom:6px}.post-item:not(:first-child){border-top:1px solid #ececec}.post-item .post-item-date{min-width:96px;color:#0d122b;font-weight:700;padding-right:10px}@media screen and (max-width: 768px){.post-item .post-item-date{font-size:16px}}.post-item .post-item-title{margin:0;border:0;padding:0;font-size:16px;font-weight:normal;letter-spacing:0.1px}.post-item .post-item-title a{color:#434648}.post-item .post-item-title a:hover,.post-item .post-item-title afocus{color:#0d122b}.footer{margin-top:8em;margin-bottom:2em;text-align:center}@media screen and (max-width: 768px){.footer{margin-top:3em}}.footer span.footer_item{color:#0d122b;opacity:0.8;font-weight:700;font-size:14px}.footer a.footer_item{color:#0d122b;opacity:0.8;text-decoration:none}.footer a.footer_item:not(:last-child){margin-right:10px}.footer a.footer_item:not(:last-child):hover{opacity:1}.footer .footer_copyright{font-size:13px;margin-top:3px;display:block;color:#6b7886;opacity:0.8}.not-found{text-align:center;display:flex;justify-content:center;flex-direction:column;height:75vh}.not-found .title{font-size:5em;font-weight:700;line-height:1.1;color:#0d122b;text-shadow:1px 0px 0px #003fff}.not-found .phrase{color:#434648}.not-found .solution{color:#003fff;letter-spacing:0.5px}.not-found .solution:hover{color:#0036c7}.search-article{position:relative;margin-bottom:50px}.search-article label[for="search-input"]{position:relative;top:10px;left:11px}.search-article input[type="search"]{top:0;left:0;border:0;width:100%;height:40px;outline:none;position:absolute;border-radius:5px;padding:10px 10px 10px 35px;color:#434648;-webkit-appearance:none;font-size:16px;background-color:rgba(128,128,128,0.1);border:1px solid rgba(128,128,128,0.1)}.search-article input[type="search"]::-webkit-input-placeholder{color:#808080}.search-article input[type="search"]::-webkit-search-decoration,.search-article input[type="search"]::-webkit-search-results-decoration{display:none}#search-results{text-align:center}#search-results li{text-align:left}.archive-tags{height:auto}.archive-tags .tag-item{padding:1px 3px;border-radius:2px;border:1px solid rgba(128,128,128,0.1);background-color:rgba(128,128,128,0.1)}@media screen and (max-width: 768px){.wrapper.post{padding-left:15px;padding-right:15px}}.header{margin-top:7.8em;margin-bottom:3em}.header .tags{margin-left:3px;letter-spacing:0.5px}.header .tags .tag{font-weight:700;font-size:12px}.header .tags .tag:hover{text-decoration:none}.header .header-title{font-size:2em;line-height:1.2;margin-top:10px;margin-bottom:20px}.header .header-title.center{text-align:center}@media screen and (max-width: 768px){.header .header-title{font-size:1.9em}}.post-meta{padding-top:3px;line-height:1.3;color:#6b7886}.post-meta time{position:relative;margin-right:1.5em}.post-meta time::after{background:#ececec;bottom:1px;content:" ";height:2px;position:absolute;right:-20px;width:12px}.post-meta span[itemprop="author"]{border-bottom:1px dotted #ececec}.page-content{padding-top:8px}.page-content iframe{text-align:center}.page-content figure img{border-radius:2px}.page-content figure figcaption{margin-top:5px;font-style:italic;font-size:14px}.page-content a{color:#003fff;text-decoration:none}.page-content a[target="_blank"]::after{content:" \2197";font-size:14px;line-height:0;position:relative;bottom:5px;vertical-align:baseline}.page-content a:hover{color:#0036c7}.page-content a:focus{color:#003fff}.page-content>p{margin:0;padding-top:15px;padding-bottom:15px}.page-content ul.task-list{list-style:none;margin:0}.page-content ul.task-list li::before{content:""}.page-content ul.task-list li input[type="checkbox"]{margin-right:10px}.page-content dl dt{font-weight:700}.page-content h1,.page-content h2,.page-content h3,.page-content h4,.page-content h5,.page-content h6{color:#0d122b;font-weight:700;margin-top:30px;margin-bottom:0}.page-content h1:hover .anchor-head,.page-content h2:hover .anchor-head,.page-content h3:hover .anchor-head,.page-content h4:hover .anchor-head,.page-content h5:hover .anchor-head,.page-content h6:hover .anchor-head{color:#003fff;opacity:1}.page-content h1 .anchor-head,.page-content h2 .anchor-head,.page-content h3 .anchor-head,.page-content h4 .anchor-head,.page-content h5 .anchor-head,.page-content h6 .anchor-head{position:relative;opacity:0;outline:none}.page-content h1 .anchor-head::before,.page-content h2 .anchor-head::before,.page-content h3 .anchor-head::before,.page-content h4 .anchor-head::before,.page-content h5 .anchor-head::before,.page-content h6 .anchor-head::before{content:"#";position:absolute;right:-3px;width:1em;font-weight:700}.page-content h1{font-size:24px}.page-content h2{font-size:22px}.page-content h3{font-size:20px;border-bottom:1px solid #ececec;padding-bottom:4px}.page-content h4{font-size:20px}.page-content h5{font-size:16px}.page-content h6{font-size:14px}.post-nav{display:flex;position:relative;margin-top:5em;border-top:1px solid #ececec;line-height:1.4}.post-nav .post-nav-item{border-bottom:0;font-weight:700;padding-bottom:10px;width:50%;padding-top:10px;text-decoration:none;box-sizing:border-box}.post-nav .post-nav-item .post-title{color:#0d122b}.post-nav .post-nav-item:hover .post-title,.post-nav .post-nav-item:focus .post-title{color:#0036c7;opacity:0.9}.post-nav .post-nav-item .nav-arrow{font-weight:400;font-size:14px;color:#6b7886;margin-bottom:3px}.post-nav .post-nav-item:nth-child(odd){padding-left:0;padding-right:20px}.post-nav .post-nav-item:nth-child(even){text-align:right;padding-right:0;padding-left:20px}@media screen and (max-width: 768px){.post-nav{display:block;font-size:14px}.post-nav .post-nav-item{display:block;width:100%}.post-nav .post-nav-item:nth-child(even){border-left:0;padding-left:0;border-top:1px solid #ececec}}.post-updated-at{font-family:"Ubuntu mono", "monospace"}@keyframes fadein{0%{opacity:0.2}100%{opacity:0.8}}@keyframes blur{0%{filter:blur(0px)}100%{filter:blur(4px)}}.embed-responsive{height:0;max-width:100%;overflow:hidden;position:relative;padding-bottom:56.25%;margin-top:20px}.embed-responsive iframe,.embed-responsive object,.embed-responsive embed{top:0;left:0;width:100%;height:100%;position:absolute}code{font-family:Consolas,monospace;text-rendering:optimizeLegibility;font-feature-settings:"calt" 1;font-variant-ligatures:normal;white-space:pre;word-spacing:normal;word-break:normal;word-wrap:normal;font-size:inherit}code.highlighter-rouge{padding:1px 3px;position:relative;top:-1px;background-color:#f6f6f6;border-radius:2px;border:1px solid rgba(128,128,128,0.1)}pre.highlight,pre{margin:0 -27px;border:1px solid rgba(128,128,128,0.1);background-color:#1a1b21;border-radius:2px;padding:10px;display:block;overflow-x:auto}@media screen and (max-width: 768px){pre.highlight,pre{margin:0 calc(51% - 51vw);padding-left:20px}}pre.highlight>code,pre>code{width:100%;max-width:50rem;margin-left:auto;margin-right:auto;line-height:1.5;display:block;border:0}.highlight table td{padding:5px}.highlight table pre{margin:0}.highlight,.highlight .w{color:#fbf1c7}.highlight .err{color:#fb4934;font-weight:bold}.highlight .c,.highlight .cd,.highlight .cm,.highlight .c1,.highlight .cs{color:#928374;font-style:italic}.highlight .cp{color:#8ec07c}.highlight .nt{color:#fb4934}.highlight .o,.highlight .ow{color:#fbf1c7}.highlight .p,.highlight .pi{color:#fbf1c7}.highlight .gi{color:#b8bb26;background-color:#282828}.highlight .gd{color:#fb4934;background-color:#282828}.highlight .gh{color:#b8bb26;font-weight:bold}.highlight .k,.highlight .kn,.highlight .kp,.highlight .kr,.highlight .kv{color:#fb4934}.highlight .kc{color:#d3869b}.highlight .kt{color:#fabd2f}.highlight .kd{color:#fe8019}.highlight .s,.highlight .sb,.highlight .sc,.highlight .sd,.highlight .s2,.highlight .sh,.highlight .sx,.highlight .s1{color:#b8bb26;font-style:italic}.highlight .si{color:#b8bb26;font-style:italic}.highlight .sr{color:#b8bb26;font-style:italic}.highlight .se{color:#fe8019}.highlight .nn{color:#8ec07c}.highlight .nc{color:#8ec07c}.highlight .no{color:#d3869b}.highlight .na{color:#b8bb26}.highlight .m,.highlight .mf,.highlight .mh,.highlight .mi,.highlight .il,.highlight .mo,.highlight .mb,.highlight .mx{color:#d3869b}.highlight .ss{color:#83a598}body[data-theme="dark"]{color:#c7bebe;background-color:#131418}body[data-theme="dark"] h1,body[data-theme="dark"] h2,body[data-theme="dark"] h3,body[data-theme="dark"] h4,body[data-theme="dark"] h5,body[data-theme="dark"] h6{color:#eaeaea}body[data-theme="dark"] table thead{color:#eaeaea;border-color:#1b1d25}body[data-theme="dark"] table th,body[data-theme="dark"] table td,body[data-theme="dark"] table tr{border-color:#1b1d25}body[data-theme="dark"] .page-content a{color:#ff5277}body[data-theme="dark"] .page-content a:hover,body[data-theme="dark"] .page-content a:active,body[data-theme="dark"] .page-content a:focus{color:#ff2957}body[data-theme="dark"] .page-content h3{border-color:#1b1d25}body[data-theme="dark"] .page-content h1 .anchor-head,body[data-theme="dark"] .page-content h2 .anchor-head,body[data-theme="dark"] .page-content h3 .anchor-head,body[data-theme="dark"] .page-content h4 .anchor-head,body[data-theme="dark"] .page-content h5 .anchor-head,body[data-theme="dark"] .page-content h6 .anchor-head{color:#ff5277}body[data-theme="dark"] code.highlighter-rouge{background-color:#1b1d25}body[data-theme="dark"] kbd{border-color:#1b1d25;color:#eaeaea;text-shadow:0 1px 0 #131418}body[data-theme="dark"] hr{border-color:#1b1d25}body[data-theme="dark"] .post-meta{color:#767f87}body[data-theme="dark"] .post-meta time::after{background-color:#1b1d25}body[data-theme="dark"] .post-meta span[itemprop="author"]{border-color:#1b1d25}body[data-theme="dark"] a{color:inherit;text-decoration-color:#4a4d56}body[data-theme="dark"] a:hover{color:#ff5277}body[data-theme="dark"] a:focus{outline-color:rgba(255,82,119,0.6)}body[data-theme="dark"] li:before{color:#eaeaea}body[data-theme="dark"] blockquote{color:#767f87;border-color:#1b1d25}body[data-theme="dark"] strong,body[data-theme="dark"] b{color:#eaeaea}body[data-theme="dark"] .navbar{border-color:#1b1d25}body[data-theme="dark"] .navbar .menu a#mode .mode-sunny{display:block}body[data-theme="dark"] .navbar .menu a#mode .mode-moon{display:none}body[data-theme="dark"] .navbar .menu .menu-link{color:#eaeaea}@media screen and (max-width: 768px){body[data-theme="dark"] .navbar .menu{background-color:#131418;border-color:#1b1d25}body[data-theme="dark"] .navbar .menu .menu-icon>svg{fill:#eaeaea}body[data-theme="dark"] .navbar .menu input[type="checkbox"]:checked~.trigger{background:#131418}}body[data-theme="dark"] .post-item:not(:first-child){border-color:#1b1d25}body[data-theme="dark"] .post-item .post-item-date{color:#eaeaea}body[data-theme="dark"] .post-item .post-item-title a{color:#c7bebe}body[data-theme="dark"] .post-item .post-item-title a:hover,body[data-theme="dark"] .post-item .post-item-title afocus{color:#eaeaea}body[data-theme="dark"] .post-nav{border-color:#1b1d25}body[data-theme="dark"] .post-nav .post-nav-item{font-weight:700}body[data-theme="dark"] .post-nav .post-nav-item .post-title{color:#eaeaea;opacity:0.9}body[data-theme="dark"] .post-nav .post-nav-item:hover .post-title,body[data-theme="dark"] .post-nav .post-nav-item:focus .post-title{color:#ff2957}body[data-theme="dark"] .post-nav .post-nav-item .nav-arrow{color:#767f87}@media screen and (max-width: 768px){body[data-theme="dark"] .post-nav .post-nav-item:nth-child(even){border-color:#1b1d25}}body[data-theme="dark"] .footer span.footer_item{color:#eaeaea}body[data-theme="dark"] .footer a.footer_item:not(:last-child){color:#eaeaea}body[data-theme="dark"] .footer .footer_copyright{color:#767f87;opacity:1}body[data-theme="dark"] .not-found .title{color:#eaeaea;text-shadow:1px 0px 0px #ff5277}body[data-theme="dark"] .not-found .phrase{color:#c7bebe}body[data-theme="dark"] .not-found .solution{color:#ff5277}body[data-theme="dark"] .not-found .solution:hover{color:#ff2957}body[data-theme="dark"] .search-article input[type="search"]{color:#c7bebe}body[data-theme="dark"] .search-article input[type="search"]::-webkit-input-placeholder{color:rgba(128,128,128,0.8)} - -/*# sourceMappingURL=style.css.map */ \ No newline at end of file diff --git a/src/_site/assets/css/style.css.map b/src/_site/assets/css/style.css.map deleted file mode 100644 index 8480762..0000000 --- a/src/_site/assets/css/style.css.map +++ /dev/null @@ -1,28 +0,0 @@ -{ - "version": 3, - "file": "style.css", - "sources": [ - "style.scss", - "_sass/main.scss", - "_sass/klise/_fonts.scss", - "_sass/klise/_base.scss", - "_sass/klise/_layout.scss", - "_sass/klise/_post.scss", - "_sass/klise/_miscellaneous.scss", - "_sass/klise/_syntax.scss", - "_sass/klise/_dark.scss" - ], - "sourcesContent": [ - "@import \"main\";\n", - "// Fonts preferences\n$sans-family: Roboto, sans-serif;\n$mono-family: Consolas, monospace;\n$base-font-size: 16px;\n$medium-font-size: $base-font-size * 0.938;\n$small-font-size: $base-font-size * 0.875;\n$base-line-height: 1.85;\n\n// Font weight\n// $light-weight: 300; // uncomment if necessary\n$normal-weight: 400;\n$bold-weight: 700;\n// $black-weight: 900; // uncomment if necessary\n\n//Light Colors\n$text-base-color: #434648;\n$text-link-blue: #003fff;\n$text-link-blue-active: #0036c7;\n\n$black: #0d122b;\n$light: #ececec;\n$smoke: #d2c7c7;\n$gray: #6b7886;\n$white: #fff;\n\n// Dark Colors\n$dark-text-base-color: #c7bebe;\n$dark-text-link-blue: #ff5277;\n$dark-text-link-blue-active: #ff2957;\n\n$dark-black: #131418;\n$dark-white: #eaeaea;\n$dark-light: #1b1d25;\n$dark-smoke: #4a4d56;\n$dark-gray: #767f87;\n\n// Width of the content area\n$wide-size: 890px;\n$narrow-size: 720px;\n\n// Padding unit\n$spacing-full: 30px;\n$spacing-half: $spacing-full / 2;\n\n// State of devices\n$on-mobile: 768px;\n$on-tablet: 769px;\n$on-desktop: 1024px;\n$on-widescreen: 1152px;\n\n@mixin media-query($device) {\n @media screen and (max-width: $device) {\n @content;\n }\n}\n\n@mixin relative-font-size($ratio) {\n font-size: $base-font-size * $ratio;\n}\n\n// Import sass files\n@import \"klise/fonts\", \"klise/base\", \"klise/layout\", \"klise/post\",\n \"klise/miscellaneous\", \"klise/syntax\", \"klise/dark\";\n", - "@charset \"utf-8\";\n", - "// Reset some basic elements\n* {\n -webkit-transition: background-color 75ms ease-in, border-color 75ms ease-in;\n -moz-transition: background-color 75ms ease-in, border-color 75ms ease-in;\n -ms-transition: background-color 75ms ease-in, border-color 75ms ease-in;\n -o-transition: background-color 75ms ease-in, border-color 75ms ease-in;\n transition: background-color 75ms ease-in, border-color 75ms ease-in;\n}\n\n.notransition {\n -webkit-transition: none;\n -moz-transition: none; \n -ms-transition: none;\n -o-transition: none;\n transition: none;\n}\n\nhtml {\n overflow-x: hidden;\n width: 100%;\n}\n\nbody,\nh1,\nh2,\nh3,\nh4,\nh5,\nh6,\np,\nblockquote,\npre,\nhr,\ndl,\ndd,\nol,\nul,\nfigure {\n margin: 0;\n padding: 0;\n}\n\n// Basic styling\nbody {\n min-height: 100vh;\n overflow-x: hidden;\n position: relative;\n color: $text-base-color;\n background-color: $white;\n font: $normal-weight #{$base-font-size}/#{$base-line-height} $sans-family;\n -webkit-text-size-adjust: 100%;\n -webkit-font-smoothing: antialiased;\n -webkit-font-feature-settings: \"kern\" 1;\n -moz-font-feature-settings: \"kern\" 1;\n -o-font-feature-settings: \"kern\" 1;\n font-feature-settings: \"kern\" 1;\n font-kerning: normal;\n box-sizing: border-box;\n}\n\n// Set `margin-bottom` to maintain vertical rhythm\nh1,\nh2,\nh3,\nh4,\nh5,\nh6,\np,\nblockquote,\npre,\nul,\nol,\ndl,\nfigure,\n%vertical-rhythm {\n margin-top: $spacing-full - 20;\n margin-bottom: $spacing-full - 20;\n}\n\n// strong | bold\nstrong,\nb {\n font-weight: $bold-weight;\n color: $black;\n}\n\n// horizontal rule\nhr {\n border-bottom: 0;\n border-style: solid;\n border-color: $light;\n}\n\n// kbd tag\nkbd {\n -moz-border-radius: 3px;\n -webkit-border-radius: 3px;\n border: 1px solid $light;\n border-radius: 2px;\n color: $black;\n display: inline-block;\n font-size: $small-font-size;\n line-height: 1.4;\n font-family: $mono-family;\n margin: 0 0.1em;\n font-weight: $bold-weight;\n padding: 0.01em 0.4em;\n text-shadow: 0 1px 0 $white;\n}\n\n// Image\nimg {\n max-width: 100%;\n vertical-align: middle;\n -webkit-user-drag: none;\n margin: 0 auto;\n text-align: center;\n}\n\n// Figure\nfigure {\n position: relative;\n}\n\n// Image inside Figure tag\nfigure > img {\n display: block;\n position: relative;\n}\n\n// Image caption\nfigcaption {\n font-size: 13px;\n text-align: center;\n}\n\n// List\nul {\n list-style: none;\n li {\n display: list-item;\n text-align: -webkit-match-parent;\n }\n li::before {\n content: \"\\FE63\";\n display: inline-block;\n top: -1px;\n width: 1.2em;\n position: relative;\n margin-left: -1.3em;\n font-weight: 700;\n }\n}\n\nol {\n list-style: none;\n counter-reset: li;\n li {\n position: relative;\n counter-increment: li;\n &::before {\n content: counter(li);\n display: inline-block;\n width: 1em;\n margin-right: 0.5em;\n margin-left: -1.6em;\n text-align: right;\n direction: rtl;\n font-weight: $bold-weight;\n font-size: $small-font-size;\n }\n }\n}\n\nul,\nol {\n margin-top: 0;\n margin-left: $spacing-full;\n}\n\nli {\n padding-bottom: 1px;\n padding-top: 1px;\n\n &:before {\n color: $black;\n }\n\n > ul,\n > ol {\n margin-bottom: 2px;\n margin-top: 0;\n }\n}\n\n// Headings\nh1,\nh2,\nh3,\nh4,\nh5,\nh6 {\n color: $black;\n font-weight: $bold-weight;\n & + ul,\n & + ol {\n margin-top: 10px;\n }\n\n @include media-query($on-mobile) {\n scroll-margin-top: 65px;\n }\n}\n\n// Headings with link\nh1 > a,\nh2 > a,\nh3 > a,\nh4 > a,\nh5 > a,\nh6 > a {\n text-decoration: none;\n border: none;\n\n &:hover {\n text-decoration: none;\n border: none;\n }\n}\n\n// Link\na {\n color: inherit;\n text-decoration-color: $smoke;\n\n &:hover {\n color: $text-link-blue;\n }\n\n &:focus {\n outline: 3px solid rgba(0, 54, 199, 0.6);\n outline-offset: 2px;\n }\n}\n\n// Del\ndel {\n color: inherit;\n}\n\n// Em\nem {\n color: inherit;\n}\n\n// Blockquotes\nblockquote {\n color: $gray;\n font-style: italic;\n text-align: center;\n opacity: 0.9;\n border-top: 1px solid $light;\n border-bottom: 1px solid $light;\n padding: 10px;\n margin-left: 10px;\n margin-right: 10px;\n font-size: 1em;\n\n > :last-child {\n margin-bottom: 0;\n margin-top: 0;\n }\n}\n\n// Wrapper\n.wrapper {\n max-width: -webkit-calc(#{$narrow-size} - (#{$spacing-full} * 2));\n max-width: calc(#{$narrow-size} - (#{$spacing-full} * 2));\n position: relative;\n margin-right: auto;\n margin-left: auto;\n padding-right: $spacing-full;\n padding-left: $spacing-full;\n @extend %clearfix;\n\n @include media-query($on-mobile) {\n max-width: -webkit-calc(#{$narrow-size} - (#{$spacing-full}));\n max-width: calc(#{$narrow-size} - (#{$spacing-full}));\n padding-right: $spacing-full - 10;\n padding-left: $spacing-full - 10;\n\n &.blurry {\n animation: 0.2s ease-in forwards blur;\n -webkit-animation: 0.2s ease-in forwards blur;\n }\n }\n}\n\n// Underline\nu {\n text-decoration-color: #d2c7c7;\n}\n\n// Small\nsmall {\n font-size: $small-font-size;\n}\n\n// Superscript\nsup {\n border-radius: 10%;\n top: -3px;\n left: 2px;\n font-size: small;\n position: relative;\n margin-right: 2px;\n}\n\n// Table\n.overflow-table {\n overflow-x: auto;\n}\n\ntable {\n width: 100%;\n margin-top: $spacing-half;\n border-collapse: collapse;\n font-size: $small-font-size;\n\n thead {\n font-weight: $bold-weight;\n color: $black;\n border-bottom: 1px solid $light;\n }\n\n th,\n td,\n tr {\n border: 1px solid $light;\n padding: 2px 7px;\n }\n}\n\n// Clearfix\n%clearfix:after {\n content: \"\";\n display: table;\n clear: both;\n}\n\n// When mouse block a text set this color\nmark,\n::selection {\n background: #fffba0;\n color: $black;\n}\n\n// Github Gist clear border\n.gist {\n table {\n border: 0;\n\n tr,\n td {\n border: 0;\n }\n }\n}\n", - "// Navbar\n.navbar {\n height: auto;\n max-width: calc(#{$wide-size} - (#{$spacing-full} * 2));\n max-width: -webkit-calc(#{$wide-size} - (#{$spacing-full} * 2));\n position: relative;\n margin-right: auto;\n margin-left: auto;\n border-bottom: 1px solid $light;\n padding: $spacing-full - 15px $spacing-full;\n @extend %clearfix;\n}\n\n// Navigation\n.menu {\n user-select: none;\n -ms-user-select: none;\n -webkit-user-select: none;\n\n a#mode {\n float: left;\n left: 8px;\n top: 6px;\n position: relative;\n clear: both;\n -webkit-transform: scale(1, 1);\n transform: scale(1, 1);\n opacity: 0.7;\n z-index: 1;\n &:hover {\n cursor: pointer;\n opacity: 1;\n }\n &:active {\n -webkit-transform: scale(0.9, 0.9);\n transform: scale(0.9, 0.9);\n }\n .mode-moon {\n display: block;\n line {\n stroke: $black;\n fill: none;\n }\n\n circle {\n fill: $black;\n stroke: $black;\n }\n }\n .mode-sunny {\n display: none;\n line {\n stroke: $dark-white;\n fill: none;\n }\n circle {\n fill: none;\n stroke: $dark-white;\n }\n }\n }\n\n .trigger {\n float: right;\n }\n\n .menu-trigger {\n display: none;\n }\n\n .menu-icon {\n display: none;\n }\n\n .menu-link {\n color: $black;\n line-height: $base-line-height + 0.4;\n text-decoration: none;\n padding: 5px 8px;\n opacity: 0.7;\n letter-spacing: 0.3px;\n\n &:hover {\n opacity: 1;\n }\n\n &:not(:last-child) {\n margin-right: 5px;\n }\n\n &.rss {\n position: relative;\n bottom: -3px;\n outline: none;\n }\n\n @include media-query($on-mobile) {\n opacity: 0.8;\n }\n }\n\n .menu-link.active {\n opacity: 1;\n font-weight: 600;\n }\n\n @include media-query($on-mobile) {\n position: fixed;\n top: 0;\n left: 0;\n right: 0;\n z-index: 2;\n text-align: center;\n height: 50px;\n background-color: $white;\n border-bottom: 1px solid $light;\n\n a#mode {\n left: 10px;\n top: 12px;\n }\n\n .menu-icon {\n display: block;\n position: absolute;\n right: 0;\n width: 50px;\n height: 23px;\n line-height: 0;\n padding-top: 13px;\n padding-bottom: 15px;\n cursor: pointer;\n text-align: center;\n z-index: 1;\n > svg {\n fill: $black;\n opacity: 0.7;\n }\n &:hover {\n > svg {\n opacity: 1;\n }\n }\n &:active {\n -webkit-transform: scale(0.9, 0.9);\n transform: scale(0.9, 0.9);\n }\n }\n\n input[type=\"checkbox\"]:not(:checked) ~ .trigger {\n clear: both;\n visibility: hidden;\n }\n\n input[type=\"checkbox\"]:checked ~ .trigger {\n position: fixed;\n animation: 0.2s ease-in forwards fadein;\n -webkit-animation: 0.2s ease-in forwards fadein;\n display: flex;\n flex-direction: row;\n justify-content: center;\n align-items: center;\n background-color: $white;\n height: 100vh;\n width: 100%;\n top: 0;\n }\n\n .menu-link {\n display: block;\n box-sizing: border-box;\n font-size: 1.1em;\n\n &:not(:last-child) {\n margin: 0;\n padding: 2px 0;\n }\n }\n }\n}\n\n// Author\n.author {\n margin-top: 6.3rem;\n margin-bottom: 7.2rem;\n text-align: center;\n\n @include media-query($on-mobile) {\n margin-bottom: 3em;\n }\n\n .author-avatar {\n width: 70px;\n height: 70px;\n border-radius: 100%;\n user-select: none;\n // background-color: $black;\n -ms-user-select: none;\n -webkit-user-select: none;\n -webkit-animation: 0.5s ease-in forwards fadein;\n animation: 0.5s ease-in forwards fadein;\n opacity: 1;\n }\n\n .author-name {\n font-size: 1.7em;\n margin-bottom: 2px;\n }\n\n .author-bio {\n margin: 0 auto;\n opacity: 0.9;\n max-width: 393px;\n line-height: 1.688;\n }\n}\n\n// Content\n.posts-item-note {\n font-size: $base-font-size;\n font-weight: 700;\n margin-bottom: 5px;\n color: $black;\n}\n\n// List of posts\n.post-item {\n display: flex;\n padding-top: 5px;\n padding-bottom: 6px;\n @extend %clearfix;\n\n &:not(:first-child) {\n border-top: 1px solid $light;\n }\n\n .post-item-date {\n min-width: 96px;\n color: $black;\n font-weight: 700;\n padding-right: 10px;\n\n @include media-query($on-mobile) {\n font-size: 16px;\n }\n }\n\n .post-item-title {\n margin: 0;\n border: 0;\n padding: 0;\n font-size: $base-font-size;\n font-weight: normal;\n letter-spacing: 0.1px;\n\n a {\n color: $text-base-color;\n\n &:hover,\n &focus {\n color: $black;\n }\n }\n }\n}\n\n// Footer\n.footer {\n margin-top: 8em;\n margin-bottom: 2em;\n text-align: center;\n\n @include media-query($on-mobile) {\n margin-top: 3em;\n }\n span.footer_item {\n color: $black;\n opacity: 0.8;\n font-weight: $bold-weight;\n font-size: $small-font-size;\n }\n a.footer_item {\n color: $black;\n opacity: 0.8;\n text-decoration: none;\n\n &:not(:last-child) {\n margin-right: 10px;\n &:hover {\n opacity: 1;\n }\n }\n }\n\n .footer_copyright {\n font-size: $small-font-size - 1;\n margin-top: 3px;\n display: block;\n color: $gray;\n opacity: 0.8;\n }\n}\n\n.not-found {\n text-align: center;\n display: flex;\n justify-content: center;\n flex-direction: column;\n height: 75vh;\n .title {\n font-size: 5em;\n font-weight: $bold-weight;\n line-height: 1.1;\n color: $black;\n text-shadow: 1px 0px 0px $text-link-blue;\n }\n .phrase {\n color: $text-base-color;\n }\n .solution {\n color: $text-link-blue;\n letter-spacing: 0.5px;\n }\n .solution:hover {\n color: $text-link-blue-active;\n }\n}\n\n\n.search-article {\n position: relative;\n margin-bottom: 50px;\n\n label[for=\"search-input\"] {\n position: relative;\n top: 10px;\n left: 11px;\n }\n\n input[type=\"search\"] {\n top: 0;\n left: 0;\n border: 0;\n width: 100%;\n height: 40px;\n outline: none;\n position: absolute;\n border-radius: 5px;\n padding: 10px 10px 10px 35px;\n color: $text-base-color;\n -webkit-appearance: none;\n font-size: $base-font-size;\n background-color: rgba(128, 128, 128, 0.1);\n border: 1px solid rgba(128, 128, 128, 0.1);\n &::-webkit-input-placeholder {\n color: #808080;\n }\n &::-webkit-search-decoration,\n &::-webkit-search-results-decoration {\n display: none;\n }\n }\n}\n\n#search-results {\n text-align: center;\n li {\n text-align: left;\n }\n}\n\n.archive-tags {\n height: auto;\n .tag-item {\n padding: 1px 3px;\n border-radius: 2px;\n border: 1px solid rgba(128, 128, 128, 0.1);\n background-color: rgba(128, 128, 128, 0.1);\n }\n}\n", - "// Post wrapper\n.wrapper.post {\n @include media-query($on-mobile) {\n padding-left: $spacing-half;\n padding-right: $spacing-half;\n }\n}\n\n// Post title\n.header {\n margin-top: 7.8em;\n margin-bottom: 3em;\n\n .tags {\n margin-left: 3px;\n letter-spacing: 0.5px;\n\n .tag {\n font-weight: $bold-weight;\n font-size: $small-font-size - 2;\n\n &:hover {\n text-decoration: none;\n }\n }\n }\n\n .header-title {\n font-size: 2em;\n line-height: 1.2;\n margin-top: 10px;\n margin-bottom: 20px;\n\n &.center {\n text-align: center;\n }\n\n @include media-query($on-mobile) {\n font-size: 1.9em;\n }\n }\n}\n\n// Post meta\n.post-meta {\n padding-top: 3px;\n line-height: 1.3;\n color: $gray;\n\n time {\n position: relative;\n margin-right: 1.5em;\n\n &::after {\n background: $light;\n bottom: 1px;\n content: \" \";\n height: 2px;\n position: absolute;\n right: -20px;\n width: 12px;\n }\n }\n\n span[itemprop=\"author\"] {\n border-bottom: 1px dotted $light;\n }\n}\n\n// Post content\n.page-content {\n padding-top: 8px;\n\n iframe {\n text-align: center;\n }\n\n figure {\n img {\n border-radius: 2px;\n }\n\n figcaption {\n margin-top: 5px;\n font-style: italic;\n font-size: $small-font-size;\n }\n }\n\n a {\n color: $text-link-blue;\n text-decoration: none;\n &[target=\"_blank\"]::after {\n content: \" \\2197\";\n font-size: $small-font-size;\n line-height: 0;\n position: relative;\n bottom: 5px;\n vertical-align: baseline;\n }\n\n &:hover {\n color: $text-link-blue-active;\n }\n\n &:focus {\n color: $text-link-blue;\n }\n }\n\n > p {\n margin: 0;\n padding-top: $spacing-full - 15;\n padding-bottom: $spacing-full - 15;\n }\n\n ul.task-list {\n list-style: none; \n margin: 0;\n\n li::before {\n content: \"\";\n }\n\n li input[type=\"checkbox\"] {\n margin-right: 10px;\n }\n }\n\n dl dt {\n font-weight: $bold-weight;\n }\n\n h1,\n h2,\n h3,\n h4,\n h5,\n h6 {\n color: $black;\n font-weight: $bold-weight;\n margin-top: $spacing-full;\n margin-bottom: 0;\n\n &:hover {\n .anchor-head {\n color: $text-link-blue;\n opacity: 1;\n }\n }\n\n .anchor-head {\n position: relative;\n opacity: 0;\n outline: none;\n\n &::before {\n content: \"#\";\n position: absolute;\n right: -3px;\n width: 1em;\n font-weight: $bold-weight;\n }\n }\n }\n\n h1 {\n @include relative-font-size(1.5);\n }\n\n h2 {\n @include relative-font-size(1.375);\n }\n\n h3 {\n @include relative-font-size(1.25);\n border-bottom: 1px solid $light;\n padding-bottom: 4px;\n }\n\n h4 {\n @include relative-font-size(1.25);\n }\n\n h5 {\n @include relative-font-size(1);\n }\n\n h6 {\n @include relative-font-size(0.875);\n }\n}\n\n.post-nav {\n display: flex;\n position: relative;\n margin-top: 5em;\n border-top: 1px solid $light;\n line-height: 1.4;\n\n .post-nav-item {\n border-bottom: 0;\n font-weight: $bold-weight;\n padding-bottom: 10px;\n\n .post-title {\n color: $black;\n }\n\n &:hover,\n &:focus {\n .post-title {\n color: $text-link-blue-active;\n opacity: 0.9;\n }\n }\n\n .nav-arrow {\n font-weight: $normal-weight;\n font-size: $small-font-size;\n color: $gray;\n margin-bottom: 3px;\n }\n\n width: 50%;\n padding-top: 10px;\n text-decoration: none;\n box-sizing: border-box;\n\n &:nth-child(odd) {\n padding-left: 0;\n padding-right: 20px;\n }\n\n &:nth-child(even) {\n text-align: right;\n padding-right: 0;\n padding-left: 20px;\n }\n }\n\n @include media-query($on-mobile) {\n display: block;\n font-size: $small-font-size;\n\n .post-nav-item {\n display: block;\n width: 100%;\n }\n\n .post-nav-item:nth-child(even) {\n border-left: 0;\n padding-left: 0;\n border-top: 1px solid $light;\n }\n }\n}\n\n.post-updated-at {\n font-family: \"Ubuntu mono\", \"monospace\";\n}\n", - "// Animation fade-in\n@keyframes fadein {\n 0% {\n opacity: 0.2;\n }\n\n 100% {\n opacity: 0.8;\n }\n}\n\n// Animation blur\n@keyframes blur {\n 0% {\n filter: blur(0px);\n }\n\n 100% {\n filter: blur(4px);\n }\n}\n\n// Responsive embed video\n.embed-responsive {\n height: 0;\n max-width: 100%;\n overflow: hidden;\n position: relative;\n padding-bottom: 56.25%;\n margin-top: 20px;\n\n iframe,\n object,\n embed {\n top: 0;\n left: 0;\n width: 100%;\n height: 100%;\n position: absolute;\n }\n}\n", - "// Code\ncode {\n font-family: $mono-family;\n text-rendering: optimizeLegibility;\n font-feature-settings: \"calt\" 1;\n font-variant-ligatures: normal;\n white-space: pre;\n word-spacing: normal;\n word-break: normal;\n word-wrap: normal;\n font-size: inherit;\n\n &.highlighter-rouge {\n padding: 1px 3px;\n position: relative;\n top: -1px;\n background-color: #f6f6f6;\n border-radius: 2px;\n border: 1px solid rgba(128,128,128,0.1);\n }\n}\n\n// Codeblock Theme\npre.highlight, pre {\n margin: 0 -27px;\n @include media-query($on-mobile) {\n margin: 0 calc(51% - 51vw);\n padding-left: 20px;\n }\n border: 1px solid rgba(128,128,128,0.1);\n background-color: #1a1b21;\n border-radius: 2px;\n padding: 10px;\n display: block;\n overflow-x: auto;\n\n > code {\n width: 100%;\n max-width: 50rem;\n margin-left: auto;\n margin-right: auto;\n line-height: 1.5;\n display: block;\n border: 0;\n }\n}\n\n.highlight table td {\n padding: 5px;\n}\n\n.highlight table pre {\n margin: 0;\n}\n\n.highlight,\n.highlight .w {\n color: #fbf1c7;\n // background-color: #1a1b21;\n}\n\n.highlight .err {\n color: #fb4934;\n // background-color: #1a1b21;\n font-weight: bold;\n}\n\n.highlight .c,\n.highlight .cd,\n.highlight .cm,\n.highlight .c1,\n.highlight .cs {\n color: #928374;\n font-style: italic;\n}\n\n.highlight .cp {\n color: #8ec07c;\n}\n\n.highlight .nt {\n color: #fb4934;\n}\n\n.highlight .o,\n.highlight .ow {\n color: #fbf1c7;\n}\n\n.highlight .p,\n.highlight .pi {\n color: #fbf1c7;\n}\n\n.highlight .gi {\n color: #b8bb26;\n background-color: #282828;\n}\n\n.highlight .gd {\n color: #fb4934;\n background-color: #282828;\n}\n\n.highlight .gh {\n color: #b8bb26;\n font-weight: bold;\n}\n\n.highlight .k,\n.highlight .kn,\n.highlight .kp,\n.highlight .kr,\n.highlight .kv {\n color: #fb4934;\n}\n\n.highlight .kc {\n color: #d3869b;\n}\n\n.highlight .kt {\n color: #fabd2f;\n}\n\n.highlight .kd {\n color: #fe8019;\n}\n\n.highlight .s,\n.highlight .sb,\n.highlight .sc,\n.highlight .sd,\n.highlight .s2,\n.highlight .sh,\n.highlight .sx,\n.highlight .s1 {\n color: #b8bb26;\n font-style: italic;\n}\n\n.highlight .si {\n color: #b8bb26;\n font-style: italic;\n}\n\n.highlight .sr {\n color: #b8bb26;\n font-style: italic;\n}\n\n.highlight .se {\n color: #fe8019;\n}\n\n.highlight .nn {\n color: #8ec07c;\n}\n\n.highlight .nc {\n color: #8ec07c;\n}\n\n.highlight .no {\n color: #d3869b;\n}\n\n.highlight .na {\n color: #b8bb26;\n}\n\n.highlight .m,\n.highlight .mf,\n.highlight .mh,\n.highlight .mi,\n.highlight .il,\n.highlight .mo,\n.highlight .mb,\n.highlight .mx {\n color: #d3869b;\n}\n\n.highlight .ss {\n color: #83a598;\n}\n", - "body[data-theme=\"dark\"] {\n color: $dark-text-base-color;\n background-color: $dark-black;\n\n // Heading\n h1,\n h2,\n h3,\n h4,\n h5,\n h6 {\n color: $dark-white;\n }\n\n // Table\n table {\n thead {\n color: $dark-white;\n border-color: $dark-light;\n }\n\n th,\n td,\n tr {\n border-color: $dark-light;\n }\n }\n\n // Post\n .page-content {\n a {\n color: $dark-text-link-blue;\n\n &:hover,\n &:active,\n &:focus {\n color: $dark-text-link-blue-active;\n }\n }\n\n h3 {\n border-color: $dark-light;\n }\n h1,\n h2,\n h3,\n h4,\n h5,\n h6 {\n .anchor-head {\n color: $dark-text-link-blue;\n }\n }\n }\n\n // Syntax\n code {\n &.highlighter-rouge {\n background-color: $dark-light;\n }\n }\n\n // kbd tag\n kbd {\n border-color: $dark-light;\n color: $dark-white;\n text-shadow: 0 1px 0 $dark-black;\n }\n\n // horizontal rule\n hr {\n border-color: $dark-light;\n }\n\n // Post Meta\n .post-meta {\n color: $dark-gray;\n\n time {\n &::after {\n background-color: $dark-light;\n }\n }\n\n span[itemprop=\"author\"] {\n border-color: $dark-light;\n }\n }\n\n // Link\n a {\n color: inherit;\n text-decoration-color: $dark-smoke;\n\n &:hover {\n color: $dark-text-link-blue;\n }\n\n &:focus {\n outline-color: rgba(255, 82, 119, 0.6);\n }\n }\n\n // List\n li {\n &:before {\n color: $dark-white;\n }\n }\n\n // Blockquote\n blockquote {\n color: $dark-gray;\n border-color: $dark-light;\n }\n\n // Strong, Bold\n strong,\n b {\n color: $dark-white;\n }\n\n // Navbar\n .navbar {\n border-color: $dark-light;\n .menu {\n a#mode {\n .mode-sunny {\n display: block;\n }\n .mode-moon {\n display: none;\n }\n }\n\n .menu-link {\n color: $dark-white;\n }\n @include media-query($on-mobile) {\n background-color: $dark-black;\n border-color: $dark-light;\n\n .menu-icon {\n > svg {\n fill: $dark-white;\n }\n }\n\n input[type=\"checkbox\"]:checked ~ .trigger {\n background: $dark-black;\n }\n }\n }\n }\n\n // Post Item\n .post-item {\n &:not(:first-child) {\n border-color: $dark-light;\n }\n\n .post-item-date {\n color: $dark-white;\n }\n .post-item-title {\n a {\n color: $dark-text-base-color;\n\n &:hover,\n &focus {\n color: $dark-white;\n }\n }\n }\n }\n\n // Post Navigation\n .post-nav {\n border-color: $dark-light;\n\n .post-nav-item {\n font-weight: $bold-weight;\n\n .post-title {\n color: $dark-white;\n opacity: 0.9;\n }\n\n &:hover,\n &:focus {\n .post-title {\n color: $dark-text-link-blue-active;\n }\n }\n\n .nav-arrow {\n color: $dark-gray;\n }\n }\n\n @include media-query($on-mobile) {\n .post-nav-item:nth-child(even) {\n border-color: $dark-light;\n }\n }\n }\n\n // Footer\n .footer {\n span.footer_item {\n color: $dark-white;\n }\n a.footer_item:not(:last-child) {\n color: $dark-white;\n }\n .footer_copyright {\n color: $dark-gray;\n opacity: 1;\n }\n }\n\n // 404 Page\n .not-found {\n .title {\n color: $dark-white;\n text-shadow: 1px 0px 0px $dark-text-link-blue;\n }\n .phrase {\n color: $dark-text-base-color;\n }\n .solution {\n color: $dark-text-link-blue;\n }\n .solution:hover {\n color: $dark-text-link-blue-active;\n }\n } \n\n .search-article {\n input[type=\"search\"] {\n color: $dark-text-base-color;\n &::-webkit-input-placeholder {\n color: rgba(128,128,128,0.8);\n }\n }\n }\n}\n" - ], - "names": [], - "mappings": "AGCA,AAAA,CAAC,AAAC,CACA,kBAAkB,CAAE,wDAAwD,CAC5E,eAAe,CAAE,wDAAwD,CACzE,cAAc,CAAE,wDAAwD,CACxE,aAAa,CAAE,wDAAwD,CACvE,UAAU,CAAE,wDAAwD,CACrE,AAED,AAAA,aAAa,AAAC,CACZ,kBAAkB,CAAE,IAAI,CACxB,eAAe,CAAE,IAAI,CACrB,cAAc,CAAE,IAAI,CACpB,aAAa,CAAE,IAAI,CACnB,UAAU,CAAE,IAAI,CACjB,AAED,AAAA,IAAI,AAAC,CACH,UAAU,CAAE,MAAM,CAClB,KAAK,CAAE,IAAI,CACZ,AAED,AAAA,IAAI,CACJ,EAAE,CACF,EAAE,CACF,EAAE,CACF,EAAE,CACF,EAAE,CACF,EAAE,CACF,CAAC,CACD,UAAU,CACV,GAAG,CACH,EAAE,CACF,EAAE,CACF,EAAE,CACF,EAAE,CACF,EAAE,CACF,MAAM,AAAC,CACL,MAAM,CAAE,CAAC,CACT,OAAO,CAAE,CAAC,CACX,AAGD,AAAA,IAAI,AAAC,CACH,UAAU,CAAE,KAAK,CACjB,UAAU,CAAE,MAAM,CAClB,QAAQ,CAAE,QAAQ,CAClB,KAAK,CFhCW,OAAO,CEiCvB,gBAAgB,CFzBV,IAAI,CE0BV,IAAI,CFvCU,GAAG,CEuCI,SAAuE,CFhDhF,MAAM,CAAE,UAAU,CEiD9B,wBAAwB,CAAE,IAAI,CAC9B,sBAAsB,CAAE,WAAW,CACnC,6BAA6B,CAAE,QAAQ,CACvC,0BAA0B,CAAE,QAAQ,CACpC,wBAAwB,CAAE,QAAQ,CAClC,qBAAqB,CAAE,QAAQ,CAC/B,YAAY,CAAE,MAAM,CACpB,UAAU,CAAE,UAAU,CACvB,AAGD,AAAA,EAAE,CACF,EAAE,CACF,EAAE,CACF,EAAE,CACF,EAAE,CACF,EAAE,CACF,CAAC,CACD,UAAU,CACV,GAAG,CACH,EAAE,CACF,EAAE,CACF,EAAE,CACF,MAAM,AACW,CACf,UAAU,CAAE,IAAkB,CAC9B,aAAa,CAAE,IAAkB,CAClC,AAGD,AAAA,MAAM,CACN,CAAC,AAAC,CACA,WAAW,CFvEC,GAAG,CEwEf,KAAK,CFhEC,OAAO,CEiEd,AAGD,AAAA,EAAE,AAAC,CACD,aAAa,CAAE,CAAC,CAChB,YAAY,CAAE,KAAK,CACnB,YAAY,CFtEN,OAAO,CEuEd,AAGD,AAAA,GAAG,AAAC,CACF,kBAAkB,CAAE,GAAG,CACvB,qBAAqB,CAAE,GAAG,CAC1B,MAAM,CAAE,GAAG,CAAC,KAAK,CF7EX,OAAO,CE8Eb,aAAa,CAAE,GAAG,CAClB,KAAK,CFhFC,OAAO,CEiFb,OAAO,CAAE,YAAY,CACrB,SAAS,CFhGO,IAAuB,CEiGvC,WAAW,CAAE,GAAG,CAChB,WAAW,CFrGC,QAAQ,CAAE,SAAS,CEsG/B,MAAM,CAAE,OAAO,CACf,WAAW,CF9FC,GAAG,CE+Ff,OAAO,CAAE,YAAY,CACrB,WAAW,CAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CFpFd,IAAI,CEqFX,AAGD,AAAA,GAAG,AAAC,CACF,SAAS,CAAE,IAAI,CACf,cAAc,CAAE,MAAM,CACtB,iBAAiB,CAAE,IAAI,CACvB,MAAM,CAAE,MAAM,CACd,UAAU,CAAE,MAAM,CACnB,AAGD,AAAA,MAAM,AAAC,CACL,QAAQ,CAAE,QAAQ,CACnB,AAGD,AAAA,MAAM,CAAG,GAAG,AAAC,CACX,OAAO,CAAE,KAAK,CACd,QAAQ,CAAE,QAAQ,CACnB,AAGD,AAAA,UAAU,AAAC,CACT,SAAS,CAAE,IAAI,CACf,UAAU,CAAE,MAAM,CACnB,AAGD,AAAA,EAAE,AAAC,CACD,UAAU,CAAE,IAAI,CAcjB,AAfD,AAEE,EAFA,CAEA,EAAE,AAAC,CACD,OAAO,CAAE,SAAS,CAClB,UAAU,CAAE,oBAAoB,CACjC,AALH,AAME,EANA,CAMA,EAAE,EAAE,MAAM,AAAC,CACT,OAAO,CAAE,OAAO,CAChB,OAAO,CAAE,YAAY,CACrB,GAAG,CAAE,IAAI,CACT,KAAK,CAAE,KAAK,CACZ,QAAQ,CAAE,QAAQ,CAClB,WAAW,CAAE,MAAM,CACnB,WAAW,CAAE,GAAG,CACjB,AAGH,AAAA,EAAE,AAAC,CACD,UAAU,CAAE,IAAI,CAChB,aAAa,CAAE,EAAE,CAgBlB,AAlBD,AAGE,EAHA,CAGA,EAAE,AAAC,CACD,QAAQ,CAAE,QAAQ,CAClB,iBAAiB,CAAE,EAAE,CAYtB,AAjBH,AAMI,EANF,CAGA,EAAE,EAGG,MAAM,AAAC,CACR,OAAO,CAAE,WAAW,CACpB,OAAO,CAAE,YAAY,CACrB,KAAK,CAAE,GAAG,CACV,YAAY,CAAE,KAAK,CACnB,WAAW,CAAE,MAAM,CACnB,UAAU,CAAE,KAAK,CACjB,SAAS,CAAE,GAAG,CACd,WAAW,CF7JH,GAAG,CE8JX,SAAS,CFpKG,IAAuB,CEqKpC,AAIL,AAAA,EAAE,CACF,EAAE,AAAC,CACD,UAAU,CAAE,CAAC,CACb,WAAW,CFxIE,IAAI,CEyIlB,AAED,AAAA,EAAE,AAAC,CACD,cAAc,CAAE,GAAG,CACnB,WAAW,CAAE,GAAG,CAWjB,AAbD,AAIE,EAJA,CAIE,MAAM,AAAC,CACP,KAAK,CFtKD,OAAO,CEuKZ,AANH,AAQE,EARA,CAQE,EAAE,CARN,EAAE,CASE,EAAE,AAAC,CACH,aAAa,CAAE,GAAG,CAClB,UAAU,CAAE,CAAC,CACd,AAIH,AAAA,EAAE,CACF,EAAE,CACF,EAAE,CACF,EAAE,CACF,EAAE,CACF,EAAE,AAAC,CACD,KAAK,CFvLC,OAAO,CEwLb,WAAW,CFhMC,GAAG,CEyMhB,AAhBD,AAQE,EARA,CAQI,EAAE,CARR,EAAE,CASI,EAAE,CARR,EAAE,CAOI,EAAE,CAPR,EAAE,CAQI,EAAE,CAPR,EAAE,CAMI,EAAE,CANR,EAAE,CAOI,EAAE,CANR,EAAE,CAKI,EAAE,CALR,EAAE,CAMI,EAAE,CALR,EAAE,CAII,EAAE,CAJR,EAAE,CAKI,EAAE,CAJR,EAAE,CAGI,EAAE,CAHR,EAAE,CAII,EAAE,AAAC,CACL,UAAU,CAAE,IAAI,CACjB,AF5JD,MAAM,8BEiJR,CAAA,AAAA,EAAE,CACF,EAAE,CACF,EAAE,CACF,EAAE,CACF,EAAE,CACF,EAAE,AAAC,CASC,iBAAiB,CAAE,IAAI,CAE1B,CAAA,AAGD,AAAA,EAAE,CAAG,CAAC,CACN,EAAE,CAAG,CAAC,CACN,EAAE,CAAG,CAAC,CACN,EAAE,CAAG,CAAC,CACN,EAAE,CAAG,CAAC,CACN,EAAE,CAAG,CAAC,AAAC,CACL,eAAe,CAAE,IAAI,CACrB,MAAM,CAAE,IAAI,CAMb,AAbD,AASE,EATA,CAAG,CAAC,CASF,KAAK,CART,EAAE,CAAG,CAAC,CAQF,KAAK,CAPT,EAAE,CAAG,CAAC,CAOF,KAAK,CANT,EAAE,CAAG,CAAC,CAMF,KAAK,CALT,EAAE,CAAG,CAAC,CAKF,KAAK,CAJT,EAAE,CAAG,CAAC,CAIF,KAAK,AAAC,CACN,eAAe,CAAE,IAAI,CACrB,MAAM,CAAE,IAAI,CACb,AAIH,AAAA,CAAC,AAAC,CACA,KAAK,CAAE,OAAO,CACd,qBAAqB,CFpNf,OAAO,CE8Nd,AAZD,AAIE,CAJD,CAIG,KAAK,AAAC,CACN,KAAK,CF5NQ,OAAO,CE6NrB,AANH,AAQE,CARD,CAQG,KAAK,AAAC,CACN,OAAO,CAAE,GAAG,CAAC,KAAK,CAAC,kBAAqB,CACxC,cAAc,CAAE,GAAG,CACpB,AAIH,AAAA,GAAG,AAAC,CACF,KAAK,CAAE,OAAO,CACf,AAGD,AAAA,EAAE,AAAC,CACD,KAAK,CAAE,OAAO,CACf,AAGD,AAAA,UAAU,AAAC,CACT,KAAK,CF3OA,OAAO,CE4OZ,UAAU,CAAE,MAAM,CAClB,UAAU,CAAE,MAAM,CAClB,OAAO,CAAE,GAAG,CACZ,UAAU,CAAE,GAAG,CAAC,KAAK,CFjPf,OAAO,CEkPb,aAAa,CAAE,GAAG,CAAC,KAAK,CFlPlB,OAAO,CEmPb,OAAO,CAAE,IAAI,CACb,WAAW,CAAE,IAAI,CACjB,YAAY,CAAE,IAAI,CAClB,SAAS,CAAE,GAAG,CAMf,AAhBD,AAYE,UAZQ,EAYL,UAAU,AAAC,CACZ,aAAa,CAAE,CAAC,CAChB,UAAU,CAAE,CAAC,CACd,AAIH,AAAA,QAAQ,AAAC,CACP,SAAS,CAAE,gCAAwG,CACnH,SAAS,CAAE,wBAAgG,CAC3G,QAAQ,CAAE,QAAQ,CAClB,YAAY,CAAE,IAAI,CAClB,WAAW,CAAE,IAAI,CACjB,aAAa,CFhPA,IAAI,CEiPjB,YAAY,CFjPC,IAAI,CE+PlB,AFrPC,MAAM,8BEgOR,CAAA,AAAA,QAAQ,AAAC,CAWL,SAAS,CAAE,4BAAoG,CAC/G,SAAS,CAAE,oBAA4F,CACvG,aAAa,CAAE,IAAkB,CACjC,YAAY,CAAE,IAAkB,CAOnC,AArBD,AAgBI,QAhBI,AAgBH,OAAO,AAAC,CACP,SAAS,CAAE,0BAA0B,CACrC,iBAAiB,CAAE,0BAA0B,CAC9C,CAEJ,AAGD,AAAA,CAAC,AAAC,CACA,qBAAqB,CAAE,OAAO,CAC/B,AAGD,AAAA,KAAK,AAAC,CACJ,SAAS,CF5SO,IAAuB,CE6SxC,AAGD,AAAA,GAAG,AAAC,CACF,aAAa,CAAE,GAAG,CAClB,GAAG,CAAE,IAAI,CACT,IAAI,CAAE,GAAG,CACT,SAAS,CAAE,KAAK,CAChB,QAAQ,CAAE,QAAQ,CAClB,YAAY,CAAE,GAAG,CAClB,AAGD,AAAA,eAAe,AAAC,CACd,UAAU,CAAE,IAAI,CACjB,AAED,AAAA,KAAK,AAAC,CACJ,KAAK,CAAE,IAAI,CACX,UAAU,CF3RG,IAAiB,CE4R9B,eAAe,CAAE,QAAQ,CACzB,SAAS,CFlUO,IAAuB,CEgVxC,AAlBD,AAME,KANG,CAMH,KAAK,AAAC,CACJ,WAAW,CF/TD,GAAG,CEgUb,KAAK,CFxTD,OAAO,CEyTX,aAAa,CAAE,GAAG,CAAC,KAAK,CFxTpB,OAAO,CEyTZ,AAVH,AAYE,KAZG,CAYH,EAAE,CAZJ,KAAK,CAaH,EAAE,CAbJ,KAAK,CAcH,EAAE,AAAC,CACD,MAAM,CAAE,GAAG,CAAC,KAAK,CF9Tb,OAAO,CE+TX,OAAO,CAAE,OAAO,CACjB,AClHH,ADsHA,UCtHU,CDsHA,KAAK,CCvVf,OAAO,CDuVG,KAAK,CArEf,QAAQ,CAqEE,KAAK,AAAC,CACd,OAAO,CAAE,EAAE,CACX,OAAO,CAAE,KAAK,CACd,KAAK,CAAE,IAAI,CACZ,AAGD,AAAA,IAAI,GACF,SAAS,AAAC,CACV,UAAU,CAAE,OAAO,CACnB,KAAK,CF/UC,OAAO,CEgVd,AAGD,AACE,KADG,CACH,KAAK,AAAC,CACJ,MAAM,CAAE,CAAC,CAMV,AARH,AAII,KAJC,CACH,KAAK,CAGH,EAAE,CAJN,KAAK,CACH,KAAK,CAIH,EAAE,AAAC,CACD,MAAM,CAAE,CAAC,CACV,AC5WL,AAAA,OAAO,AAAC,CACN,MAAM,CAAE,IAAI,CACZ,SAAS,CAAE,wBAA0F,CACrG,SAAS,CAAE,gCAAkG,CAC7G,QAAQ,CAAE,QAAQ,CAClB,YAAY,CAAE,IAAI,CAClB,WAAW,CAAE,IAAI,CACjB,aAAa,CAAE,GAAG,CAAC,KAAK,CHYlB,OAAO,CGXb,OAAO,CAAE,IAAoB,CHgChB,IAAI,CG9BlB,AAGD,AAAA,KAAK,AAAC,CACJ,WAAW,CAAE,IAAI,CACjB,eAAe,CAAE,IAAI,CACrB,mBAAmB,CAAE,IAAI,CAkK1B,AArKD,AAKE,KALG,CAKH,CAAC,AAAA,KAAK,AAAC,CACL,KAAK,CAAE,IAAI,CACX,IAAI,CAAE,GAAG,CACT,GAAG,CAAE,GAAG,CACR,QAAQ,CAAE,QAAQ,CAClB,KAAK,CAAE,IAAI,CACX,iBAAiB,CAAE,WAAW,CAC9B,SAAS,CAAE,WAAW,CACtB,OAAO,CAAE,GAAG,CACZ,OAAO,CAAE,CAAC,CAgCX,AA9CH,AAeI,KAfC,CAKH,CAAC,AAAA,KAAK,CAUF,KAAK,AAAC,CACN,MAAM,CAAE,OAAO,CACf,OAAO,CAAE,CAAC,CACX,AAlBL,AAmBI,KAnBC,CAKH,CAAC,AAAA,KAAK,CAcF,MAAM,AAAC,CACP,iBAAiB,CAAE,eAAe,CAClC,SAAS,CAAE,eAAe,CAC3B,AAtBL,AAuBI,KAvBC,CAKH,CAAC,AAAA,KAAK,CAkBJ,UAAU,AAAC,CACT,OAAO,CAAE,KAAK,CAUf,AAlCL,AAyBM,KAzBD,CAKH,CAAC,AAAA,KAAK,CAkBJ,UAAU,CAER,IAAI,AAAC,CACH,MAAM,CHrBN,OAAO,CGsBP,IAAI,CAAE,IAAI,CACX,AA5BP,AA8BM,KA9BD,CAKH,CAAC,AAAA,KAAK,CAkBJ,UAAU,CAOR,MAAM,AAAC,CACL,IAAI,CH1BJ,OAAO,CG2BP,MAAM,CH3BN,OAAO,CG4BR,AAjCP,AAmCI,KAnCC,CAKH,CAAC,AAAA,KAAK,CA8BJ,WAAW,AAAC,CACV,OAAO,CAAE,IAAI,CASd,AA7CL,AAqCM,KArCD,CAKH,CAAC,AAAA,KAAK,CA8BJ,WAAW,CAET,IAAI,AAAC,CACH,MAAM,CHrBD,OAAO,CGsBZ,IAAI,CAAE,IAAI,CACX,AAxCP,AAyCM,KAzCD,CAKH,CAAC,AAAA,KAAK,CA8BJ,WAAW,CAMT,MAAM,AAAC,CACL,IAAI,CAAE,IAAI,CACV,MAAM,CH1BD,OAAO,CG2Bb,AA5CP,AAgDE,KAhDG,CAgDH,QAAQ,AAAC,CACP,KAAK,CAAE,KAAK,CACb,AAlDH,AAoDE,KApDG,CAoDH,aAAa,AAAC,CACZ,OAAO,CAAE,IAAI,CACd,AAtDH,AAwDE,KAxDG,CAwDH,UAAU,AAAC,CACT,OAAO,CAAE,IAAI,CACd,AA1DH,AA4DE,KA5DG,CA4DH,UAAU,AAAC,CACT,KAAK,CHxDD,OAAO,CGyDX,WAAW,CHtEI,IAAI,CGuEnB,eAAe,CAAE,IAAI,CACrB,OAAO,CAAE,OAAO,CAChB,OAAO,CAAE,GAAG,CACZ,cAAc,CAAE,KAAK,CAmBtB,AArFH,AAoEI,KApEC,CA4DH,UAAU,CAQN,KAAK,AAAC,CACN,OAAO,CAAE,CAAC,CACX,AAtEL,AAwEI,KAxEC,CA4DH,UAAU,CAYP,GAAK,EAAC,UAAU,CAAE,CACjB,YAAY,CAAE,GAAG,CAClB,AA1EL,AA4EI,KA5EC,CA4DH,UAAU,AAgBP,IAAI,AAAC,CACJ,QAAQ,CAAE,QAAQ,CAClB,MAAM,CAAE,IAAI,CACZ,OAAO,CAAE,IAAI,CACd,AH3CH,MAAM,8BGuBN,CA5DF,AA4DE,KA5DG,CA4DH,UAAU,AAAC,CAuBP,OAAO,CAAE,GAAG,CAEf,CAAA,AArFH,AAuFE,KAvFG,CAuFH,UAAU,AAAA,OAAO,AAAC,CAChB,OAAO,CAAE,CAAC,CACV,WAAW,CAAE,GAAG,CACjB,AHrDD,MAAM,8BGrCR,CAAA,AAAA,KAAK,AAAC,CA6FF,QAAQ,CAAE,KAAK,CACf,GAAG,CAAE,CAAC,CACN,IAAI,CAAE,CAAC,CACP,KAAK,CAAE,CAAC,CACR,OAAO,CAAE,CAAC,CACV,UAAU,CAAE,MAAM,CAClB,MAAM,CAAE,IAAI,CACZ,gBAAgB,CH3FZ,IAAI,CG4FR,aAAa,CAAE,GAAG,CAAC,KAAK,CH/FpB,OAAO,CG+Jd,AArKD,AAuGI,KAvGC,CAuGD,CAAC,AAAA,KAAK,AAAC,CACL,IAAI,CAAE,IAAI,CACV,GAAG,CAAE,IAAI,CACV,AA1GL,AA4GI,KA5GC,CA4GD,UAAU,AAAC,CACT,OAAO,CAAE,KAAK,CACd,QAAQ,CAAE,QAAQ,CAClB,KAAK,CAAE,CAAC,CACR,KAAK,CAAE,IAAI,CACX,MAAM,CAAE,IAAI,CACZ,WAAW,CAAE,CAAC,CACd,WAAW,CAAE,IAAI,CACjB,cAAc,CAAE,IAAI,CACpB,MAAM,CAAE,OAAO,CACf,UAAU,CAAE,MAAM,CAClB,OAAO,CAAE,CAAC,CAcX,AArIL,AAwHM,KAxHD,CA4GD,UAAU,CAYN,GAAG,AAAC,CACJ,IAAI,CHpHJ,OAAO,CGqHP,OAAO,CAAE,GAAG,CACb,AA3HP,AA6HQ,KA7HH,CA4GD,UAAU,CAgBN,KAAK,CACH,GAAG,AAAC,CACJ,OAAO,CAAE,CAAC,CACX,AA/HT,AAiIM,KAjID,CA4GD,UAAU,CAqBN,MAAM,AAAC,CACP,iBAAiB,CAAE,eAAe,CAClC,SAAS,CAAE,eAAe,CAC3B,AApIP,AAuII,KAvIC,CAuID,KAAK,CAAA,AAAA,IAAC,CAAK,UAAU,AAAf,EAAgB,GAAK,EAAC,OAAO,EAAI,QAAQ,AAAC,CAC9C,KAAK,CAAE,IAAI,CACX,UAAU,CAAE,MAAM,CACnB,AA1IL,AA4II,KA5IC,CA4ID,KAAK,CAAA,AAAA,IAAC,CAAK,UAAU,AAAf,EAAiB,OAAO,CAAG,QAAQ,AAAC,CACxC,QAAQ,CAAE,KAAK,CACf,SAAS,CAAE,4BAA4B,CACvC,iBAAiB,CAAE,4BAA4B,CAC/C,OAAO,CAAE,IAAI,CACb,cAAc,CAAE,GAAG,CACnB,eAAe,CAAE,MAAM,CACvB,WAAW,CAAE,MAAM,CACnB,gBAAgB,CH3Id,IAAI,CG4IN,MAAM,CAAE,KAAK,CACb,KAAK,CAAE,IAAI,CACX,GAAG,CAAE,CAAC,CACP,AAxJL,AA0JI,KA1JC,CA0JD,UAAU,AAAC,CACT,OAAO,CAAE,KAAK,CACd,UAAU,CAAE,UAAU,CACtB,SAAS,CAAE,KAAK,CAMjB,AAnKL,AA+JM,KA/JD,CA0JD,UAAU,CAKP,GAAK,EAAC,UAAU,CAAE,CACjB,MAAM,CAAE,CAAC,CACT,OAAO,CAAE,KAAK,CACf,CAGN,AAGD,AAAA,OAAO,AAAC,CACN,UAAU,CAAE,MAAM,CAClB,aAAa,CAAE,MAAM,CACrB,UAAU,CAAE,MAAM,CA8BnB,AHpKC,MAAM,8BGmIR,CAAA,AAAA,OAAO,AAAC,CAMJ,aAAa,CAAE,GAAG,CA2BrB,CAAA,AAjCD,AASE,OATK,CASL,cAAc,AAAC,CACb,KAAK,CAAE,IAAI,CACX,MAAM,CAAE,IAAI,CACZ,aAAa,CAAE,IAAI,CACnB,WAAW,CAAE,IAAI,CAEjB,eAAe,CAAE,IAAI,CACrB,mBAAmB,CAAE,IAAI,CACzB,iBAAiB,CAAE,4BAA4B,CAC/C,SAAS,CAAE,4BAA4B,CACvC,OAAO,CAAE,CAAC,CACX,AApBH,AAsBE,OAtBK,CAsBL,YAAY,AAAC,CACX,SAAS,CAAE,KAAK,CAChB,aAAa,CAAE,GAAG,CACnB,AAzBH,AA2BE,OA3BK,CA2BL,WAAW,AAAC,CACV,MAAM,CAAE,MAAM,CACd,OAAO,CAAE,GAAG,CACZ,SAAS,CAAE,KAAK,CAChB,WAAW,CAAE,KAAK,CACnB,AAIH,AAAA,gBAAgB,AAAC,CACf,SAAS,CHxNM,IAAI,CGyNnB,WAAW,CAAE,GAAG,CAChB,aAAa,CAAE,GAAG,CAClB,KAAK,CH3MC,OAAO,CG4Md,AAGD,AAAA,UAAU,AAAC,CACT,OAAO,CAAE,IAAI,CACb,WAAW,CAAE,GAAG,CAChB,cAAc,CAAE,GAAG,CAmCpB,AAtCD,AAME,UANQ,CAMP,GAAK,EAAC,WAAW,CAAE,CAClB,UAAU,CAAE,GAAG,CAAC,KAAK,CHrNjB,OAAO,CGsNZ,AARH,AAUE,UAVQ,CAUR,eAAe,AAAC,CACd,SAAS,CAAE,IAAI,CACf,KAAK,CH3ND,OAAO,CG4NX,WAAW,CAAE,GAAG,CAChB,aAAa,CAAE,IAAI,CAKpB,AHlMD,MAAM,8BGyLN,CAVF,AAUE,UAVQ,CAUR,eAAe,AAAC,CAOZ,SAAS,CAAE,IAAI,CAElB,CAAA,AAnBH,AAqBE,UArBQ,CAqBR,gBAAgB,AAAC,CACf,MAAM,CAAE,CAAC,CACT,MAAM,CAAE,CAAC,CACT,OAAO,CAAE,CAAC,CACV,SAAS,CHxPI,IAAI,CGyPjB,WAAW,CAAE,MAAM,CACnB,cAAc,CAAE,KAAK,CAUtB,AArCH,AA6BI,UA7BM,CAqBR,gBAAgB,CAQd,CAAC,AAAC,CACA,KAAK,CHjPO,OAAO,CGuPpB,AApCL,AAgCM,UAhCI,CAqBR,gBAAgB,CAQd,CAAC,CAGG,KAAK,CAhCb,UAAU,CAqBR,gBAAgB,CAQd,MAAC,AAIQ,CACL,KAAK,CHjPL,OAAO,CGkPR,AAMP,AAAA,OAAO,AAAC,CACN,UAAU,CAAE,GAAG,CACf,aAAa,CAAE,GAAG,CAClB,UAAU,CAAE,MAAM,CA+BnB,AH1PC,MAAM,8BGwNR,CAAA,AAAA,OAAO,AAAC,CAMJ,UAAU,CAAE,GAAG,CA4BlB,CAAA,AAlCD,AAQE,OARK,CAQL,IAAI,AAAA,YAAY,AAAC,CACf,KAAK,CHjQD,OAAO,CGkQX,OAAO,CAAE,GAAG,CACZ,WAAW,CH3QD,GAAG,CG4Qb,SAAS,CHlRK,IAAuB,CGmRtC,AAbH,AAcE,OAdK,CAcL,CAAC,AAAA,YAAY,AAAC,CACZ,KAAK,CHvQD,OAAO,CGwQX,OAAO,CAAE,GAAG,CACZ,eAAe,CAAE,IAAI,CAQtB,AAzBH,AAmBI,OAnBG,CAcL,CAAC,AAAA,YAAY,CAKV,GAAK,EAAC,UAAU,CAAE,CACjB,YAAY,CAAE,IAAI,CAInB,AAxBL,AAqBM,OArBC,CAcL,CAAC,AAAA,YAAY,CAKV,GAAK,EAAC,UAAU,EAEb,KAAK,AAAC,CACN,OAAO,CAAE,CAAC,CACX,AAvBP,AA2BE,OA3BK,CA2BL,iBAAiB,AAAC,CAChB,SAAS,CAAE,IAAoB,CAC/B,UAAU,CAAE,GAAG,CACf,OAAO,CAAE,KAAK,CACd,KAAK,CHpRF,OAAO,CGqRV,OAAO,CAAE,GAAG,CACb,AAGH,AAAA,UAAU,AAAC,CACT,UAAU,CAAE,MAAM,CAClB,OAAO,CAAE,IAAI,CACb,eAAe,CAAE,MAAM,CACvB,cAAc,CAAE,MAAM,CACtB,MAAM,CAAE,IAAI,CAkBb,AAvBD,AAME,UANQ,CAMR,MAAM,AAAC,CACL,SAAS,CAAE,GAAG,CACd,WAAW,CH5SD,GAAG,CG6Sb,WAAW,CAAE,GAAG,CAChB,KAAK,CHtSD,OAAO,CGuSX,WAAW,CAAE,GAAG,CAAC,GAAG,CAAC,GAAG,CH1SX,OAAO,CG2SrB,AAZH,AAaE,UAbQ,CAaR,OAAO,AAAC,CACN,KAAK,CH9SS,OAAO,CG+StB,AAfH,AAgBE,UAhBQ,CAgBR,SAAS,AAAC,CACR,KAAK,CHhTQ,OAAO,CGiTpB,cAAc,CAAE,KAAK,CACtB,AAnBH,AAoBE,UApBQ,CAoBR,SAAS,CAAC,KAAK,AAAC,CACd,KAAK,CHnTe,OAAO,CGoT5B,AAIH,AAAA,eAAe,AAAC,CACd,QAAQ,CAAE,QAAQ,CAClB,aAAa,CAAE,IAAI,CA+BpB,AAjCD,AAIE,eAJa,CAIb,KAAK,CAAA,AAAA,GAAC,CAAI,cAAc,AAAlB,CAAoB,CACxB,QAAQ,CAAE,QAAQ,CAClB,GAAG,CAAE,IAAI,CACT,IAAI,CAAE,IAAI,CACX,AARH,AAUE,eAVa,CAUb,KAAK,CAAA,AAAA,IAAC,CAAK,QAAQ,AAAb,CAAe,CACnB,GAAG,CAAE,CAAC,CACN,IAAI,CAAE,CAAC,CACP,MAAM,CAAE,CAAC,CACT,KAAK,CAAE,IAAI,CACX,MAAM,CAAE,IAAI,CACZ,OAAO,CAAE,IAAI,CACb,QAAQ,CAAE,QAAQ,CAClB,aAAa,CAAE,GAAG,CAClB,OAAO,CAAE,mBAAmB,CAC5B,KAAK,CH9US,OAAO,CG+UrB,kBAAkB,CAAE,IAAI,CACxB,SAAS,CH5VI,IAAI,CG6VjB,gBAAgB,CAAE,qBAAwB,CAC1C,MAAM,CAAE,GAAG,CAAC,KAAK,CAAC,qBAAwB,CAQ3C,AAhCH,AAyBI,eAzBW,CAUb,KAAK,CAAA,AAAA,IAAC,CAAK,QAAQ,AAAb,GAeD,yBAAyB,AAAC,CAC3B,KAAK,CAAE,OAAO,CACf,AA3BL,AA4BI,eA5BW,CAUb,KAAK,CAAA,AAAA,IAAC,CAAK,QAAQ,AAAb,GAkBD,yBAAyB,CA5BhC,eAAe,CAUb,KAAK,CAAA,AAAA,IAAC,CAAK,QAAQ,AAAb,GAmBD,iCAAiC,AAAC,CACnC,OAAO,CAAE,IAAI,CACd,AAIL,AAAA,eAAe,AAAC,CACd,UAAU,CAAE,MAAM,CAInB,AALD,AAEE,eAFa,CAEb,EAAE,AAAC,CACD,UAAU,CAAE,IAAI,CACjB,AAGH,AAAA,aAAa,AAAC,CACZ,MAAM,CAAE,IAAI,CAOb,AARD,AAEE,aAFW,CAEX,SAAS,AAAC,CACR,OAAO,CAAE,OAAO,CAChB,aAAa,CAAE,GAAG,CAClB,MAAM,CAAE,GAAG,CAAC,KAAK,CAAC,qBAAwB,CAC1C,gBAAgB,CAAE,qBAAwB,CAC3C,AHvUD,MAAM,8BIlDR,CAAA,AAAA,QAAQ,AAAA,KAAK,AAAC,CAEV,YAAY,CJuCD,IAAiB,CItC5B,aAAa,CJsCF,IAAiB,CIpC/B,CAAA,AAGD,AAAA,OAAO,AAAC,CACN,UAAU,CAAE,KAAK,CACjB,aAAa,CAAE,GAAG,CA8BnB,AAhCD,AAIE,OAJK,CAIL,KAAK,AAAC,CACJ,WAAW,CAAE,GAAG,CAChB,cAAc,CAAE,KAAK,CAUtB,AAhBH,AAQI,OARG,CAIL,KAAK,CAIH,IAAI,AAAC,CACH,WAAW,CJPH,GAAG,CIQX,SAAS,CAAE,IAAoB,CAKhC,AAfL,AAYM,OAZC,CAIL,KAAK,CAIH,IAAI,CAIA,KAAK,AAAC,CACN,eAAe,CAAE,IAAI,CACtB,AAdP,AAkBE,OAlBK,CAkBL,aAAa,AAAC,CACZ,SAAS,CAAE,GAAG,CACd,WAAW,CAAE,GAAG,CAChB,UAAU,CAAE,IAAI,CAChB,aAAa,CAAE,IAAI,CASpB,AA/BH,AAwBI,OAxBG,CAkBL,aAAa,AAMV,OAAO,AAAC,CACP,UAAU,CAAE,MAAM,CACnB,AJgBH,MAAM,8BIxBN,CAlBF,AAkBE,OAlBK,CAkBL,aAAa,AAAC,CAWV,SAAS,CAAE,KAAK,CAEnB,CAAA,AAIH,AAAA,UAAU,AAAC,CACT,WAAW,CAAE,GAAG,CAChB,WAAW,CAAE,GAAG,CAChB,KAAK,CJzBA,OAAO,CI6Cb,AAvBD,AAKE,UALQ,CAKR,IAAI,AAAC,CACH,QAAQ,CAAE,QAAQ,CAClB,YAAY,CAAE,KAAK,CAWpB,AAlBH,AASI,UATM,CAKR,IAAI,EAIC,KAAK,AAAC,CACP,UAAU,CJlCR,OAAO,CImCT,MAAM,CAAE,GAAG,CACX,OAAO,CAAE,GAAG,CACZ,MAAM,CAAE,GAAG,CACX,QAAQ,CAAE,QAAQ,CAClB,KAAK,CAAE,KAAK,CACZ,KAAK,CAAE,IAAI,CACZ,AAjBL,AAoBE,UApBQ,CAoBR,IAAI,CAAA,AAAA,QAAC,CAAS,QAAQ,AAAjB,CAAmB,CACtB,aAAa,CAAE,GAAG,CAAC,MAAM,CJ7CrB,OAAO,CI8CZ,AAIH,AAAA,aAAa,AAAC,CACZ,WAAW,CAAE,GAAG,CAwHjB,AAzHD,AAGE,aAHW,CAGX,MAAM,AAAC,CACL,UAAU,CAAE,MAAM,CACnB,AALH,AAQI,aARS,CAOX,MAAM,CACJ,GAAG,AAAC,CACF,aAAa,CAAE,GAAG,CACnB,AAVL,AAYI,aAZS,CAOX,MAAM,CAKJ,UAAU,AAAC,CACT,UAAU,CAAE,GAAG,CACf,UAAU,CAAE,MAAM,CAClB,SAAS,CJhFG,IAAuB,CIiFpC,AAhBL,AAmBE,aAnBW,CAmBX,CAAC,AAAC,CACA,KAAK,CJ1EQ,OAAO,CI2EpB,eAAe,CAAE,IAAI,CAiBtB,AAtCH,AAsBI,aAtBS,CAmBX,CAAC,CAGE,AAAA,MAAC,CAAO,QAAQ,AAAf,GAAkB,KAAK,AAAC,CACxB,OAAO,CAAE,QAAQ,CACjB,SAAS,CJzFG,IAAuB,CI0FnC,WAAW,CAAE,CAAC,CACd,QAAQ,CAAE,QAAQ,CAClB,MAAM,CAAE,GAAG,CACX,cAAc,CAAE,QAAQ,CACzB,AA7BL,AA+BI,aA/BS,CAmBX,CAAC,CAYG,KAAK,AAAC,CACN,KAAK,CJrFa,OAAO,CIsF1B,AAjCL,AAmCI,aAnCS,CAmBX,CAAC,CAgBG,KAAK,AAAC,CACN,KAAK,CJ1FM,OAAO,CI2FnB,AArCL,AAwCE,aAxCW,CAwCT,CAAC,AAAC,CACF,MAAM,CAAE,CAAC,CACT,WAAW,CAAE,IAAkB,CAC/B,cAAc,CAAE,IAAkB,CACnC,AA5CH,AA8CE,aA9CW,CA8CX,EAAE,AAAA,UAAU,AAAC,CACX,UAAU,CAAE,IAAI,CAChB,MAAM,CAAE,CAAC,CASV,AAzDH,AAkDI,aAlDS,CA8CX,EAAE,AAAA,UAAU,CAIV,EAAE,EAAE,MAAM,AAAC,CACT,OAAO,CAAE,EAAE,CACZ,AApDL,AAsDI,aAtDS,CA8CX,EAAE,AAAA,UAAU,CAQV,EAAE,CAAC,KAAK,CAAA,AAAA,IAAC,CAAK,UAAU,AAAf,CAAiB,CACxB,YAAY,CAAE,IAAI,CACnB,AAxDL,AA2DE,aA3DW,CA2DX,EAAE,CAAC,EAAE,AAAC,CACJ,WAAW,CJvHD,GAAG,CIwHd,AA7DH,AA+DE,aA/DW,CA+DX,EAAE,CA/DJ,aAAa,CAgEX,EAAE,CAhEJ,aAAa,CAiEX,EAAE,CAjEJ,aAAa,CAkEX,EAAE,CAlEJ,aAAa,CAmEX,EAAE,CAnEJ,aAAa,CAoEX,EAAE,AAAC,CACD,KAAK,CJxHD,OAAO,CIyHX,WAAW,CJjID,GAAG,CIkIb,UAAU,CJpGC,IAAI,CIqGf,aAAa,CAAE,CAAC,CAsBjB,AA9FH,AA2EM,aA3EO,CA+DX,EAAE,CAWE,KAAK,CACL,YAAY,CA3ElB,aAAa,CAgEX,EAAE,CAUE,KAAK,CACL,YAAY,CA3ElB,aAAa,CAiEX,EAAE,CASE,KAAK,CACL,YAAY,CA3ElB,aAAa,CAkEX,EAAE,CAQE,KAAK,CACL,YAAY,CA3ElB,aAAa,CAmEX,EAAE,CAOE,KAAK,CACL,YAAY,CA3ElB,aAAa,CAoEX,EAAE,CAME,KAAK,CACL,YAAY,AAAC,CACX,KAAK,CJlII,OAAO,CImIhB,OAAO,CAAE,CAAC,CACX,AA9EP,AAiFI,aAjFS,CA+DX,EAAE,CAkBA,YAAY,CAjFhB,aAAa,CAgEX,EAAE,CAiBA,YAAY,CAjFhB,aAAa,CAiEX,EAAE,CAgBA,YAAY,CAjFhB,aAAa,CAkEX,EAAE,CAeA,YAAY,CAjFhB,aAAa,CAmEX,EAAE,CAcA,YAAY,CAjFhB,aAAa,CAoEX,EAAE,CAaA,YAAY,AAAC,CACX,QAAQ,CAAE,QAAQ,CAClB,OAAO,CAAE,CAAC,CACV,OAAO,CAAE,IAAI,CASd,AA7FL,AAsFM,aAtFO,CA+DX,EAAE,CAkBA,YAAY,EAKP,MAAM,CAtFf,aAAa,CAgEX,EAAE,CAiBA,YAAY,EAKP,MAAM,CAtFf,aAAa,CAiEX,EAAE,CAgBA,YAAY,EAKP,MAAM,CAtFf,aAAa,CAkEX,EAAE,CAeA,YAAY,EAKP,MAAM,CAtFf,aAAa,CAmEX,EAAE,CAcA,YAAY,EAKP,MAAM,CAtFf,aAAa,CAoEX,EAAE,CAaA,YAAY,EAKP,MAAM,AAAC,CACR,OAAO,CAAE,GAAG,CACZ,QAAQ,CAAE,QAAQ,CAClB,KAAK,CAAE,IAAI,CACX,KAAK,CAAE,GAAG,CACV,WAAW,CJtJL,GAAG,CIuJV,AA5FP,AAgGE,aAhGW,CAgGX,EAAE,AAAC,CJ7GH,SAAS,CAAE,IAAwB,CI+GlC,AAlGH,AAoGE,aApGW,CAoGX,EAAE,AAAC,CJjHH,SAAS,CAAE,IAAwB,CImHlC,AAtGH,AAwGE,aAxGW,CAwGX,EAAE,AAAC,CJrHH,SAAS,CAAE,IAAwB,CIuHjC,aAAa,CAAE,GAAG,CAAC,KAAK,CJ5JpB,OAAO,CI6JX,cAAc,CAAE,GAAG,CACpB,AA5GH,AA8GE,aA9GW,CA8GX,EAAE,AAAC,CJ3HH,SAAS,CAAE,IAAwB,CI6HlC,AAhHH,AAkHE,aAlHW,CAkHX,EAAE,AAAC,CJ/HH,SAAS,CAAE,IAAwB,CIiIlC,AApHH,AAsHE,aAtHW,CAsHX,EAAE,AAAC,CJnIH,SAAS,CAAE,IAAwB,CIqIlC,AAGH,AAAA,SAAS,AAAC,CACR,OAAO,CAAE,IAAI,CACb,QAAQ,CAAE,QAAQ,CAClB,UAAU,CAAE,GAAG,CACf,UAAU,CAAE,GAAG,CAAC,KAAK,CJjLf,OAAO,CIkLb,WAAW,CAAE,GAAG,CA0DjB,AA/DD,AAOE,SAPO,CAOP,cAAc,AAAC,CACb,aAAa,CAAE,CAAC,CAChB,WAAW,CJ/LD,GAAG,CIgMb,cAAc,CAAE,IAAI,CAqBpB,KAAK,CAAE,GAAG,CACV,WAAW,CAAE,IAAI,CACjB,eAAe,CAAE,IAAI,CACrB,UAAU,CAAE,UAAU,CAYvB,AA9CH,AAYI,SAZK,CAOP,cAAc,CAKZ,WAAW,AAAC,CACV,KAAK,CJ3LH,OAAO,CI4LV,AAdL,AAkBM,SAlBG,CAOP,cAAc,CASV,KAAK,CAEL,WAAW,CAlBjB,SAAS,CAOP,cAAc,CAUV,KAAK,CACL,WAAW,AAAC,CACV,KAAK,CJnMW,OAAO,CIoMvB,OAAO,CAAE,GAAG,CACb,AArBP,AAwBI,SAxBK,CAOP,cAAc,CAiBZ,UAAU,AAAC,CACT,WAAW,CJhND,GAAG,CIiNb,SAAS,CJtNG,IAAuB,CIuNnC,KAAK,CJtMJ,OAAO,CIuMR,aAAa,CAAE,GAAG,CACnB,AA7BL,AAoCI,SApCK,CAOP,cAAc,CA6BV,SAAU,CAAA,GAAG,CAAE,CACf,YAAY,CAAE,CAAC,CACf,aAAa,CAAE,IAAI,CACpB,AAvCL,AAyCI,SAzCK,CAOP,cAAc,CAkCV,SAAU,CAAA,IAAI,CAAE,CAChB,UAAU,CAAE,KAAK,CACjB,aAAa,CAAE,CAAC,CAChB,YAAY,CAAE,IAAI,CACnB,AJ3LH,MAAM,8BI8IR,CAAA,AAAA,SAAS,AAAC,CAiDN,OAAO,CAAE,KAAK,CACd,SAAS,CJ9OK,IAAuB,CI2PxC,AA/DD,AAoDI,SApDK,CAoDL,cAAc,AAAC,CACb,OAAO,CAAE,KAAK,CACd,KAAK,CAAE,IAAI,CACZ,AAvDL,AAyDI,SAzDK,CAyDL,cAAc,CAAC,SAAU,CAAA,IAAI,CAAE,CAC7B,WAAW,CAAE,CAAC,CACd,YAAY,CAAE,CAAC,CACf,UAAU,CAAE,GAAG,CAAC,KAAK,CJzOnB,OAAO,CI0OV,CAEJ,AAED,AAAA,gBAAgB,AAAC,CACf,WAAW,CAAE,0BAA0B,CACxC,ACnQD,UAAU,CAAV,MAAU,CACR,EAAE,CACA,OAAO,CAAE,GAAG,CAGd,IAAI,CACF,OAAO,CAAE,GAAG,EAKhB,UAAU,CAAV,IAAU,CACR,EAAE,CACA,MAAM,CAAE,SAAS,CAGnB,IAAI,CACF,MAAM,CAAE,SAAS,EAKrB,AAAA,iBAAiB,AAAC,CAChB,MAAM,CAAE,CAAC,CACT,SAAS,CAAE,IAAI,CACf,QAAQ,CAAE,MAAM,CAChB,QAAQ,CAAE,QAAQ,CAClB,cAAc,CAAE,MAAM,CACtB,UAAU,CAAE,IAAI,CAWjB,AAjBD,AAQE,iBARe,CAQf,MAAM,CARR,iBAAiB,CASf,MAAM,CATR,iBAAiB,CAUf,KAAK,AAAC,CACJ,GAAG,CAAE,CAAC,CACN,IAAI,CAAE,CAAC,CACP,KAAK,CAAE,IAAI,CACX,MAAM,CAAE,IAAI,CACZ,QAAQ,CAAE,QAAQ,CACnB,ACtCH,AAAA,IAAI,AAAC,CACH,WAAW,CNAC,QAAQ,CAAE,SAAS,CMC/B,cAAc,CAAE,kBAAkB,CAClC,qBAAqB,CAAE,QAAQ,CAC/B,sBAAsB,CAAE,MAAM,CAC9B,WAAW,CAAE,GAAG,CAChB,YAAY,CAAE,MAAM,CACpB,UAAU,CAAE,MAAM,CAClB,SAAS,CAAE,MAAM,CACjB,SAAS,CAAE,OAAO,CAUnB,AAnBD,AAWE,IAXE,AAWD,kBAAkB,AAAC,CAClB,OAAO,CAAE,OAAO,CAChB,QAAQ,CAAE,QAAQ,CAClB,GAAG,CAAE,IAAI,CACT,gBAAgB,CAAE,OAAO,CACzB,aAAa,CAAE,GAAG,CAClB,MAAM,CAAE,GAAG,CAAC,KAAK,CAAC,qBAAqB,CACxC,AAIH,AAAA,GAAG,AAAA,UAAU,CAAE,GAAG,AAAC,CACjB,MAAM,CAAE,OAAO,CAKf,MAAM,CAAE,GAAG,CAAC,KAAK,CAAC,qBAAqB,CACvC,gBAAgB,CAAE,OAAO,CACzB,aAAa,CAAE,GAAG,CAClB,OAAO,CAAE,IAAI,CACb,OAAO,CAAE,KAAK,CACd,UAAU,CAAE,IAAI,CAWjB,ANMC,MAAM,8BM5BR,CAAA,AAAA,GAAG,AAAA,UAAU,CAAE,GAAG,AAAC,CAGf,MAAM,CAAE,CAAC,CAAC,gBAAgB,CAC1B,YAAY,CAAE,IAAI,CAkBrB,CAAA,AAtBD,AAaE,GAbC,AAAA,UAAU,CAaT,IAAI,CAbO,GAAG,CAad,IAAI,AAAC,CACL,KAAK,CAAE,IAAI,CACX,SAAS,CAAE,KAAK,CAChB,WAAW,CAAE,IAAI,CACjB,YAAY,CAAE,IAAI,CAClB,WAAW,CAAE,GAAG,CAChB,OAAO,CAAE,KAAK,CACd,MAAM,CAAE,CAAC,CACV,AAGH,AAAA,UAAU,CAAC,KAAK,CAAC,EAAE,AAAC,CAClB,OAAO,CAAE,GAAG,CACb,AAED,AAAA,UAAU,CAAC,KAAK,CAAC,GAAG,AAAC,CACnB,MAAM,CAAE,CAAC,CACV,AAED,AAAA,UAAU,CACV,UAAU,CAAC,EAAE,AAAC,CACZ,KAAK,CAAE,OAAO,CAEf,AAED,AAAA,UAAU,CAAC,IAAI,AAAC,CACd,KAAK,CAAE,OAAO,CAEd,WAAW,CAAE,IAAI,CAClB,AAED,AAAA,UAAU,CAAC,EAAE,CACb,UAAU,CAAC,GAAG,CACd,UAAU,CAAC,GAAG,CACd,UAAU,CAAC,GAAG,CACd,UAAU,CAAC,GAAG,AAAC,CACb,KAAK,CAAE,OAAO,CACd,UAAU,CAAE,MAAM,CACnB,AAED,AAAA,UAAU,CAAC,GAAG,AAAC,CACb,KAAK,CAAE,OAAO,CACf,AAED,AAAA,UAAU,CAAC,GAAG,AAAC,CACb,KAAK,CAAE,OAAO,CACf,AAED,AAAA,UAAU,CAAC,EAAE,CACb,UAAU,CAAC,GAAG,AAAC,CACb,KAAK,CAAE,OAAO,CACf,AAED,AAAA,UAAU,CAAC,EAAE,CACb,UAAU,CAAC,GAAG,AAAC,CACb,KAAK,CAAE,OAAO,CACf,AAED,AAAA,UAAU,CAAC,GAAG,AAAC,CACb,KAAK,CAAE,OAAO,CACd,gBAAgB,CAAE,OAAO,CAC1B,AAED,AAAA,UAAU,CAAC,GAAG,AAAC,CACb,KAAK,CAAE,OAAO,CACd,gBAAgB,CAAE,OAAO,CAC1B,AAED,AAAA,UAAU,CAAC,GAAG,AAAC,CACb,KAAK,CAAE,OAAO,CACd,WAAW,CAAE,IAAI,CAClB,AAED,AAAA,UAAU,CAAC,EAAE,CACb,UAAU,CAAC,GAAG,CACd,UAAU,CAAC,GAAG,CACd,UAAU,CAAC,GAAG,CACd,UAAU,CAAC,GAAG,AAAC,CACb,KAAK,CAAE,OAAO,CACf,AAED,AAAA,UAAU,CAAC,GAAG,AAAC,CACb,KAAK,CAAE,OAAO,CACf,AAED,AAAA,UAAU,CAAC,GAAG,AAAC,CACb,KAAK,CAAE,OAAO,CACf,AAED,AAAA,UAAU,CAAC,GAAG,AAAC,CACb,KAAK,CAAE,OAAO,CACf,AAED,AAAA,UAAU,CAAC,EAAE,CACb,UAAU,CAAC,GAAG,CACd,UAAU,CAAC,GAAG,CACd,UAAU,CAAC,GAAG,CACd,UAAU,CAAC,GAAG,CACd,UAAU,CAAC,GAAG,CACd,UAAU,CAAC,GAAG,CACd,UAAU,CAAC,GAAG,AAAC,CACb,KAAK,CAAE,OAAO,CACd,UAAU,CAAE,MAAM,CACnB,AAED,AAAA,UAAU,CAAC,GAAG,AAAC,CACb,KAAK,CAAE,OAAO,CACd,UAAU,CAAE,MAAM,CACnB,AAED,AAAA,UAAU,CAAC,GAAG,AAAC,CACb,KAAK,CAAE,OAAO,CACd,UAAU,CAAE,MAAM,CACnB,AAED,AAAA,UAAU,CAAC,GAAG,AAAC,CACb,KAAK,CAAE,OAAO,CACf,AAED,AAAA,UAAU,CAAC,GAAG,AAAC,CACb,KAAK,CAAE,OAAO,CACf,AAED,AAAA,UAAU,CAAC,GAAG,AAAC,CACb,KAAK,CAAE,OAAO,CACf,AAED,AAAA,UAAU,CAAC,GAAG,AAAC,CACb,KAAK,CAAE,OAAO,CACf,AAED,AAAA,UAAU,CAAC,GAAG,AAAC,CACb,KAAK,CAAE,OAAO,CACf,AAED,AAAA,UAAU,CAAC,EAAE,CACb,UAAU,CAAC,GAAG,CACd,UAAU,CAAC,GAAG,CACd,UAAU,CAAC,GAAG,CACd,UAAU,CAAC,GAAG,CACd,UAAU,CAAC,GAAG,CACd,UAAU,CAAC,GAAG,CACd,UAAU,CAAC,GAAG,AAAC,CACb,KAAK,CAAE,OAAO,CACf,AAED,AAAA,UAAU,CAAC,GAAG,AAAC,CACb,KAAK,CAAE,OAAO,CACf,ACxLD,AAAA,IAAI,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,CAAmB,CACtB,KAAK,CPyBgB,OAAO,COxB5B,gBAAgB,CP4BL,OAAO,COwNnB,AAtPD,AAKE,IALE,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EAKH,EAAE,CALJ,IAAI,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EAMH,EAAE,CANJ,IAAI,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EAOH,EAAE,CAPJ,IAAI,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EAQH,EAAE,CARJ,IAAI,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EASH,EAAE,CATJ,IAAI,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EAUH,EAAE,AAAC,CACD,KAAK,CPoBI,OAAO,COnBjB,AAZH,AAgBI,IAhBA,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EAeH,KAAK,CACH,KAAK,AAAC,CACJ,KAAK,CPcE,OAAO,CObd,YAAY,CPcL,OAAO,CObf,AAnBL,AAqBI,IArBA,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EAeH,KAAK,CAMH,EAAE,CArBN,IAAI,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EAeH,KAAK,CAOH,EAAE,CAtBN,IAAI,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EAeH,KAAK,CAQH,EAAE,AAAC,CACD,YAAY,CPQL,OAAO,COPf,AAzBL,AA8BI,IA9BA,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EA6BH,aAAa,CACX,CAAC,AAAC,CACA,KAAK,CPJW,OAAO,COWxB,AAtCL,AAiCM,IAjCF,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EA6BH,aAAa,CACX,CAAC,CAGG,KAAK,CAjCb,IAAI,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EA6BH,aAAa,CACX,CAAC,CAIG,MAAM,CAlCd,IAAI,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EA6BH,aAAa,CACX,CAAC,CAKG,KAAK,AAAC,CACN,KAAK,CPRgB,OAAO,COS7B,AArCP,AAwCI,IAxCA,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EA6BH,aAAa,CAWX,EAAE,AAAC,CACD,YAAY,CPTL,OAAO,COUf,AA1CL,AAiDM,IAjDF,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EA6BH,aAAa,CAcX,EAAE,CAMA,YAAY,CAjDlB,IAAI,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EA6BH,aAAa,CAeX,EAAE,CAKA,YAAY,CAjDlB,IAAI,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EA6BH,aAAa,CAgBX,EAAE,CAIA,YAAY,CAjDlB,IAAI,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EA6BH,aAAa,CAiBX,EAAE,CAGA,YAAY,CAjDlB,IAAI,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EA6BH,aAAa,CAkBX,EAAE,CAEA,YAAY,CAjDlB,IAAI,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EA6BH,aAAa,CAmBX,EAAE,CACA,YAAY,AAAC,CACX,KAAK,CPvBS,OAAO,COwBtB,AAnDP,AAyDI,IAzDA,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EAwDH,IAAI,AACD,kBAAkB,AAAC,CAClB,gBAAgB,CP1BT,OAAO,CO2Bf,AA3DL,AA+DE,IA/DE,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EA+DH,GAAG,AAAC,CACF,YAAY,CPhCH,OAAO,COiChB,KAAK,CPlCI,OAAO,COmChB,WAAW,CAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CPpCX,OAAO,COqCjB,AAnEH,AAsEE,IAtEE,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EAsEH,EAAE,AAAC,CACD,YAAY,CPvCH,OAAO,COwCjB,AAxEH,AA2EE,IA3EE,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EA2EH,UAAU,AAAC,CACT,KAAK,CP1CG,OAAO,COqDhB,AAvFH,AA+EM,IA/EF,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EA2EH,UAAU,CAGR,IAAI,EACC,KAAK,AAAC,CACP,gBAAgB,CPhDX,OAAO,COiDb,AAjFP,AAoFI,IApFA,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EA2EH,UAAU,CASR,IAAI,CAAA,AAAA,QAAC,CAAS,QAAQ,AAAjB,CAAmB,CACtB,YAAY,CPrDL,OAAO,COsDf,AAtFL,AA0FE,IA1FE,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EA0FH,CAAC,AAAC,CACA,KAAK,CAAE,OAAO,CACd,qBAAqB,CP3DZ,OAAO,COoEjB,AArGH,AA8FI,IA9FA,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EA0FH,CAAC,CAIG,KAAK,AAAC,CACN,KAAK,CPpEW,OAAO,COqExB,AAhGL,AAkGI,IAlGA,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EA0FH,CAAC,CAQG,KAAK,AAAC,CACN,aAAa,CAAE,oBAAuB,CACvC,AApGL,AAyGI,IAzGA,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EAwGH,EAAE,CACE,MAAM,AAAC,CACP,KAAK,CP3EE,OAAO,CO4Ef,AA3GL,AA+GE,IA/GE,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EA+GH,UAAU,AAAC,CACT,KAAK,CP9EG,OAAO,CO+Ef,YAAY,CPjFH,OAAO,COkFjB,AAlHH,AAqHE,IArHE,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EAqHH,MAAM,CArHR,IAAI,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EAsHH,CAAC,AAAC,CACA,KAAK,CPxFI,OAAO,COyFjB,AAxHH,AA2HE,IA3HE,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EA2HH,OAAO,AAAC,CACN,YAAY,CP5FH,OAAO,COyHjB,AAzJH,AA+HQ,IA/HJ,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EA2HH,OAAO,CAEL,KAAK,CACH,CAAC,AAAA,KAAK,CACJ,WAAW,AAAC,CACV,OAAO,CAAE,KAAK,CACf,AAjIT,AAkIQ,IAlIJ,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EA2HH,OAAO,CAEL,KAAK,CACH,CAAC,AAAA,KAAK,CAIJ,UAAU,AAAC,CACT,OAAO,CAAE,IAAI,CACd,AApIT,AAuIM,IAvIF,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EA2HH,OAAO,CAEL,KAAK,CAUH,UAAU,AAAC,CACT,KAAK,CPzGA,OAAO,CO0Gb,APtFL,MAAM,8BO0EJ,CA7HJ,AA6HI,IA7HA,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EA2HH,OAAO,CAEL,KAAK,AAAC,CAcF,gBAAgB,CP7GX,OAAO,CO8GZ,YAAY,CP5GP,OAAO,COwHf,AAxJL,AA+IU,IA/IN,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EA2HH,OAAO,CAEL,KAAK,CAiBD,UAAU,CACN,GAAG,AAAC,CACJ,IAAI,CPjHH,OAAO,COkHT,AAjJX,AAoJQ,IApJJ,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EA2HH,OAAO,CAEL,KAAK,CAuBD,KAAK,CAAA,AAAA,IAAC,CAAK,UAAU,AAAf,EAAiB,OAAO,CAAG,QAAQ,AAAC,CACxC,UAAU,CPvHP,OAAO,COwHX,CAEJ,AAxJL,AA6JI,IA7JA,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EA4JH,UAAU,CACP,GAAK,EAAC,WAAW,CAAE,CAClB,YAAY,CP9HL,OAAO,CO+Hf,AA/JL,AAiKI,IAjKA,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EA4JH,UAAU,CAKR,eAAe,AAAC,CACd,KAAK,CPnIE,OAAO,COoIf,AAnKL,AAqKM,IArKF,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EA4JH,UAAU,CAQR,gBAAgB,CACd,CAAC,AAAC,CACA,KAAK,CP5IU,OAAO,COkJvB,AA5KP,AAwKQ,IAxKJ,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EA4JH,UAAU,CAQR,gBAAgB,CACd,CAAC,CAGG,KAAK,CAxKf,IAAI,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EA4JH,UAAU,CAQR,gBAAgB,CACd,MAAC,AAIQ,CACL,KAAK,CP3IF,OAAO,CO4IX,AA3KT,AAiLE,IAjLE,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EAiLH,SAAS,AAAC,CACR,YAAY,CPlJH,OAAO,CO6KjB,AA7MH,AAoLI,IApLA,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EAiLH,SAAS,CAGP,cAAc,AAAC,CACb,WAAW,CP1KH,GAAG,CO2LZ,AAtML,AAuLM,IAvLF,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EAiLH,SAAS,CAGP,cAAc,CAGZ,WAAW,AAAC,CACV,KAAK,CPzJA,OAAO,CO0JZ,OAAO,CAAE,GAAG,CACb,AA1LP,AA8LQ,IA9LJ,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EAiLH,SAAS,CAGP,cAAc,CAQV,KAAK,CAEL,WAAW,CA9LnB,IAAI,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EAiLH,SAAS,CAGP,cAAc,CASV,KAAK,CACL,WAAW,AAAC,CACV,KAAK,CPnKc,OAAO,COoK3B,AAhMT,AAmMM,IAnMF,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EAiLH,SAAS,CAGP,cAAc,CAeZ,UAAU,AAAC,CACT,KAAK,CPlKD,OAAO,COmKZ,APlJL,MAAM,8BOsJF,CAzMN,AAyMM,IAzMF,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EAiLH,SAAS,CAwBL,cAAc,CAAC,SAAU,CAAA,IAAI,CAAE,CAC7B,YAAY,CP1KP,OAAO,CO2Kb,CAAA,AA3MP,AAiNI,IAjNA,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EAgNH,OAAO,CACL,IAAI,AAAA,YAAY,AAAC,CACf,KAAK,CPnLE,OAAO,COoLf,AAnNL,AAoNI,IApNA,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EAgNH,OAAO,CAIL,CAAC,AAAA,YAAY,CAAA,GAAK,EAAC,UAAU,CAAE,CAC7B,KAAK,CPtLE,OAAO,COuLf,AAtNL,AAuNI,IAvNA,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EAgNH,OAAO,CAOL,iBAAiB,AAAC,CAChB,KAAK,CPtLC,OAAO,COuLb,OAAO,CAAE,CAAC,CACX,AA1NL,AA+NI,IA/NA,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EA8NH,UAAU,CACR,MAAM,AAAC,CACL,KAAK,CPjME,OAAO,COkMd,WAAW,CAAE,GAAG,CAAC,GAAG,CAAC,GAAG,CPtMR,OAAO,COuMxB,AAlOL,AAmOI,IAnOA,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EA8NH,UAAU,CAKR,OAAO,AAAC,CACN,KAAK,CP1MY,OAAO,CO2MzB,AArOL,AAsOI,IAtOA,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EA8NH,UAAU,CAQR,SAAS,AAAC,CACR,KAAK,CP5MW,OAAO,CO6MxB,AAxOL,AAyOI,IAzOA,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EA8NH,UAAU,CAWR,SAAS,CAAC,KAAK,AAAC,CACd,KAAK,CP9MkB,OAAO,CO+M/B,AA3OL,AA+OI,IA/OA,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EA8OH,eAAe,CACb,KAAK,CAAA,AAAA,IAAC,CAAK,QAAQ,AAAb,CAAe,CACnB,KAAK,CPtNY,OAAO,CO0NzB,AApPL,AAiPM,IAjPF,CAAA,AAAA,UAAC,CAAW,MAAM,AAAjB,EA8OH,eAAe,CACb,KAAK,CAAA,AAAA,IAAC,CAAK,QAAQ,AAAb,GAED,yBAAyB,AAAC,CAC3B,KAAK,CAAE,qBAAqB,CAC7B" -} \ No newline at end of file diff --git a/src/_site/assets/favicons/android-chrome-192x192.png b/src/_site/assets/favicons/android-chrome-192x192.png deleted file mode 100644 index 9100b0e..0000000 Binary files a/src/_site/assets/favicons/android-chrome-192x192.png and /dev/null differ diff --git a/src/_site/assets/favicons/android-chrome-384x384.png b/src/_site/assets/favicons/android-chrome-384x384.png deleted file mode 100644 index babf68c..0000000 Binary files a/src/_site/assets/favicons/android-chrome-384x384.png and /dev/null differ diff --git a/src/_site/assets/favicons/android-chrome-512x512.png b/src/_site/assets/favicons/android-chrome-512x512.png deleted file mode 100644 index e886216..0000000 Binary files a/src/_site/assets/favicons/android-chrome-512x512.png and /dev/null differ diff --git a/src/_site/assets/favicons/apple-touch-icon.png b/src/_site/assets/favicons/apple-touch-icon.png deleted file mode 100644 index 6e70307..0000000 Binary files a/src/_site/assets/favicons/apple-touch-icon.png and /dev/null differ diff --git a/src/_site/assets/favicons/browserconfig.xml b/src/_site/assets/favicons/browserconfig.xml deleted file mode 100644 index 5cd27e3..0000000 --- a/src/_site/assets/favicons/browserconfig.xml +++ /dev/null @@ -1,9 +0,0 @@ - - - - - - #603cba - - - diff --git a/src/_site/assets/favicons/favicon-16x16.png b/src/_site/assets/favicons/favicon-16x16.png deleted file mode 100644 index b81a8dc..0000000 Binary files a/src/_site/assets/favicons/favicon-16x16.png and /dev/null differ diff --git a/src/_site/assets/favicons/favicon-32x32.png b/src/_site/assets/favicons/favicon-32x32.png deleted file mode 100644 index 532571d..0000000 Binary files a/src/_site/assets/favicons/favicon-32x32.png and /dev/null differ diff --git a/src/_site/assets/favicons/favicon.ico b/src/_site/assets/favicons/favicon.ico deleted file mode 100644 index fbc9922..0000000 Binary files a/src/_site/assets/favicons/favicon.ico and /dev/null differ diff --git a/src/_site/assets/favicons/mstile-150x150.png b/src/_site/assets/favicons/mstile-150x150.png deleted file mode 100644 index 455d5ed..0000000 Binary files a/src/_site/assets/favicons/mstile-150x150.png and /dev/null differ diff --git a/src/_site/assets/favicons/safari-pinned-tab.svg b/src/_site/assets/favicons/safari-pinned-tab.svg deleted file mode 100644 index ec6019b..0000000 --- a/src/_site/assets/favicons/safari-pinned-tab.svg +++ /dev/null @@ -1,25 +0,0 @@ - - - - -Created by potrace 1.11, written by Peter Selinger 2001-2013 - - - - - diff --git a/src/_site/assets/favicons/site.webmanifest b/src/_site/assets/favicons/site.webmanifest deleted file mode 100644 index 45dc8a2..0000000 --- a/src/_site/assets/favicons/site.webmanifest +++ /dev/null @@ -1 +0,0 @@ -{"name":"","short_name":"","icons":[{"src":"/android-chrome-192x192.png","sizes":"192x192","type":"image/png"},{"src":"/android-chrome-512x512.png","sizes":"512x512","type":"image/png"}],"theme_color":"#ffffff","background_color":"#ffffff","display":"standalone"} \ No newline at end of file diff --git a/src/_site/assets/img/avatar.jpg b/src/_site/assets/img/avatar.jpg deleted file mode 100644 index e13d044..0000000 Binary files a/src/_site/assets/img/avatar.jpg and /dev/null differ diff --git a/src/_site/assets/js/disqus.js b/src/_site/assets/js/disqus.js deleted file mode 100644 index f490611..0000000 --- a/src/_site/assets/js/disqus.js +++ /dev/null @@ -1 +0,0 @@ -!function(t,e,n){"use strict";var o=function(t,e){var n,o;return function(){var i=this,r=arguments,d=+new Date;n&&dt.innerHeight*r||i-l-u.offsetHeight-t.innerHeight*r>0)return!0;var c,f,p,y=e.getElementById("disqus_thread");y&&y.removeAttribute("id"),u.setAttribute("id","disqus_thread"),u.disqusLoaderStatus="loaded","loaded"==a?DISQUS.reset({reload:!0,config:d}):(t.disqus_config=d,"unloaded"==a&&(a="loading",c=s,f=function(){a="loaded"},(p=e.createElement("script")).src=c,p.async=!0,p.setAttribute("data-timestamp",+new Date),p.addEventListener("load",function(){"function"==typeof f&&f()}),(e.head||e.body).appendChild(p)))};t.addEventListener("scroll",o(i,l)),t.addEventListener("resize",o(i,l)),t.disqusLoader=function(t,n){n=function(t,e){var n,o={};for(n in t)Object.prototype.hasOwnProperty.call(t,n)&&(o[n]=t[n]);for(n in e)Object.prototype.hasOwnProperty.call(e,n)&&(o[n]=e[n]);return o}({laziness:1,throttle:250,scriptUrl:!1,disqusConfig:!1},n),r=n.laziness+1,i=n.throttle,d=n.disqusConfig,s=!1===s?n.scriptUrl:s,(u="string"==typeof t?e.querySelector(t):"number"==typeof t.length?t[0]:t)&&(u.disqusLoaderStatus="unloaded"),l()}}(window,document); \ No newline at end of file diff --git a/src/_site/assets/js/main.js b/src/_site/assets/js/main.js deleted file mode 100644 index b58aca9..0000000 --- a/src/_site/assets/js/main.js +++ /dev/null @@ -1,31 +0,0 @@ -(() => { - // Theme switch - const body = document.body; - const lamp = document.getElementById("mode"); - - const toggleTheme = (state) => { - if (state === "dark") { - localStorage.setItem("theme", "light"); - body.removeAttribute("data-theme"); - } else if (state === "light") { - localStorage.setItem("theme", "dark"); - body.setAttribute("data-theme", "dark"); - } else { - initTheme(state); - } - }; - - lamp.addEventListener("click", () => - toggleTheme(localStorage.getItem("theme")) - ); - - // Blur the content when the menu is open - const cbox = document.getElementById("menu-trigger"); - - cbox.addEventListener("change", function () { - const area = document.querySelector(".wrapper"); - this.checked - ? area.classList.add("blurry") - : area.classList.remove("blurry"); - }); -})(); diff --git a/src/_site/assets/js/search.min.js b/src/_site/assets/js/search.min.js deleted file mode 100644 index 7b47ead..0000000 --- a/src/_site/assets/js/search.min.js +++ /dev/null @@ -1,6 +0,0 @@ -/*! - * Simple-Jekyll-Search - * Copyright 2015-2020, Christian Fei - * Licensed under the MIT License. - */ - !function(){"use strict";var i={compile:function(r){return o.template.replace(o.pattern,function(t,e){var n=o.middleware(e,r[e],o.template);return void 0!==n?n:r[e]||t})},setOptions:function(t){o.pattern=t.pattern||o.pattern,o.template=t.template||o.template,"function"==typeof t.middleware&&(o.middleware=t.middleware)}},o={};o.pattern=/\{(.*?)\}/g,o.template="",o.middleware=function(){};var n=function(t,e){var n=e.length,r=t.length;if(n{title}',templateMiddleware:Function.prototype,sortMiddleware:function(){return 0},noResultsText:"No results found",limit:10,fuzzy:!1,exclude:[]},w=function j(t){if(!((e=t)&&"undefined"!=typeof e.required&&e.required instanceof Array))throw new Error("-- OptionsValidator: required options missing");var e;if(!(this instanceof j))return new j(t);var r=t.required;this.getRequiredOptions=function(){return r},this.validate=function(e){var n=[];return r.forEach(function(t){"undefined"==typeof e[t]&&n.push(t)}),n}}({required:v=["searchInput","resultsContainer","json"]}),t.SimpleJekyllSearch=function(t){var n;0 Error Handling in Borgmatic - Pim Kunis

Error Handling in Borgmatic

BorgBackup and Borgmatic have been my go-to tools to create backups for my home lab since I started creating backups. Using Systemd Timers, I regularly create a backup every night. I also monitor successful execution of the backup process, in case some error occurs. However, the way I set this up resulted in not receiving notifications. Even though it boils down to RTFM, I’d like to explain my error and how to handle errors correctly.

I was using the on_error option to handle errors, like so:

on_error:
-  - 'apprise --body="Error while performing backup" <URL> || true'
-

However, on_error does not handle errors from the execution of before_everything and after_everything hooks. My solution to this was moving the error handling up to the Systemd service that calls Borgmatic. This results in the following Systemd service:

[Unit]
-Description=Backup data using Borgmatic
-# Added
-OnFailure=backup-failure.service
-
-[Service]
-ExecStart=/usr/bin/borgmatic --config /root/backup.yml
-Type=oneshot
-

This handles any error, be it from Borgmatic’s hooks or itself. The backup-failure service is very simple, and just calls Apprise to send a notification:

[Unit]
-Description=Send backup failure notification
-
-[Service]
-Type=oneshot
-ExecStart=apprise --body="Failed to create backup!" <URL>
-
-[Install]
-WantedBy=multi-user.target
-

The Aftermath (or what I learned)

Because the error handling and alerting weren’t working propertly, my backups didn’t succeed for two weeks straight. And, of course, you only notice your backups aren’t working when you actually need them. This is exactly what happened: my disk was full and a MariaDB database crashed as a result of that. Actually, the whole database seemed to be corrupt and I find it worrying MariaDB does not seem to be very resilient to failures (in comparison a PostgreSQL database was able to recover automatically). I then tried to recover the data using last night’s backup, only to find out there was no such backup. Fortunately, I had other means to recover the data so I incurred no data loss.

I already knew it is important to test backups, but I learned it is also important to test failures during backups!

diff --git a/src/_site/browserconfig.xml b/src/_site/browserconfig.xml deleted file mode 100644 index 4c5c4ec..0000000 --- a/src/_site/browserconfig.xml +++ /dev/null @@ -1,9 +0,0 @@ - - - - - - #2c2c2c - - - diff --git a/src/_site/concourse-apprise-notifier/index.html b/src/_site/concourse-apprise-notifier/index.html deleted file mode 100644 index c0dc6bd..0000000 --- a/src/_site/concourse-apprise-notifier/index.html +++ /dev/null @@ -1,59 +0,0 @@ - Sending Apprise Notifications from Concourse CI - Pim Kunis

Sending Apprise Notifications from Concourse CI

Recently, I deployed Concourse CI because I wanted to get my feet wet with a CI/CD pipeline. However, I had a practical use case lying around for a long time: automatically compiling my static website and deploying it to my docker Swarm. This took some time getting right, but the result works like a charm (source code).

It’s comforting to know I don’t have move a finger and my website is automatically deployed. However, I would still like to receive some indication of what’s happening. And what’s a better way to do that, than using my Apprise service to keep me up to date. There’s a little snag though: I could not find any Concourse resource that does this. That’s when I decided to just create it myself.

The Plagiarism Hunt

As any good computer person, I am lazy. I’d rather just copy someone’s work, so that’s what I did. I found this GitHub repository that does the same thing but for Slack notifications. For some reason it’s archived, but it seemed like it should work. I actually noticed lots of repositories for Concourse resource types are archived, so not sure what’s going on there.

Getting to know Concourse

Let’s first understand what we need to do reach our end goal of sending Apprise notifications from Concourse.

A Concourse pipeline takes some inputs, performs some operations on them which result in some outputs. These inputs and outputs are called resources in Concourse. For example, a Git repository could be a resource. Each resource is an instance of a resource type. A resource type therefore is simply a blueprint that can create multiple resources. To continue the example, a resource type could be “Git repository”.

We therefore need to create our own resource type that can send Apprise notifications. A resource type is simply a container that includes three scripts:

  • check: check for a new version of a resource
  • in: retrieve a version of the resource
  • out: create a version of the resource

As Apprise notifications are basically fire-and-forget, we will only implement the out script.

Writing the out script

The whole script can be found here, but I will explain the most important bits of it. Note that I only use Apprise’s persistent storage solution, and not its stateless solution.

Concourse provides us with the working directory, which we cd to:

cd "${1}"
-

We create a timestamp, formatted in JSON, which we will use for the resource’s new version later. Concourse requires us to set a version for the resource, but since Apprise notifications don’t have that, we use the timestamp:

timestamp="$(jq -n "{version:{timestamp:\"$(date +%s)\"}}")"
-

First some black magic Bash to redirect file descriptors. Not sure why this is needed, but I copied it anyways. After that, we create a temporary file holding resource’s parameters.

exec 3>&1
-exec 1>&2
-
-payload=$(mktemp /tmp/resource-in.XXXXXX)
-cat > "${payload}" <&0
-

We then extract the individual parameters. The source key contains values how the resource type was specified, while the params key specifies parameters for this specific resource.

apprise_host="$(jq -r '.source.host' < "${payload}")"
-apprise_key="$(jq -r '.source.key' < "${payload}")"
-
-alert_body="$(jq -r '.params.body' < "${payload}")"
-alert_title="$(jq -r '.params.title // null' < "${payload}")"
-alert_type="$(jq -r '.params.type // null' < "${payload}")"
-alert_tag="$(jq -r '.params.tag // null' < "${payload}")"
-alert_format="$(jq -r '.params.format // null' < "${payload}")"
-

We then format the different parameters using JSON:

alert_body="$(eval "printf \"${alert_body}\"" | jq -R -s .)"
-[ "${alert_title}" != "null" ] && alert_title="$(eval "printf \"${alert_title}\"" | jq -R -s .)"
-[ "${alert_type}" != "null" ] && alert_type="$(eval "printf \"${alert_type}\"" | jq -R -s .)"
-[ "${alert_tag}" != "null" ] && alert_tag="$(eval "printf \"${alert_tag}\"" | jq -R -s .)"
-[ "${alert_format}" != "null" ] && alert_format="$(eval "printf \"${alert_format}\"" | jq -R -s .)"
-

Next, from the individual parameters we construct the final JSON message body we send to the Apprise endpoint.

body="$(cat <<EOF
-{
-  "body": ${alert_body},
-  "title": ${alert_title},
-  "type": ${alert_type},
-  "tag": ${alert_tag},
-  "format": ${alert_format}
-}
-EOF
-)"
-

Before sending it just yet, we compact the JSON and remove any values that are null:

compact_body="$(echo "${body}" | jq -c '.')"
-echo "$compact_body" | jq 'del(..|nulls)' > /tmp/compact_body.json
-

Here is the most important line, where we send the payload to the Apprise endpoint. It’s quite straight-forward.

curl -v -X POST -T /tmp/compact_body.json -H "Content-Type: application/json" "${apprise_host}/notify/${apprise_key}"
-

Finally, we print the timestamp (fake version) in order to appease the Concourse gods.

echo "${timestamp}" >&3
-

Building the Container

As said earlier, to actually use this script, we need to add it to a image. I won’t be explaining this whole process, but the source can be found here. The most important take-aways are these:

  • Use concourse/oci-build-task to build a image from a Dockerfile.
  • Use registry-image to push the image to an image registry.

Using the Resource Type

Using our newly created resource type is surprisingly simple. I use it for the blog you are reading right now and the pipeline definition can be found here. Here we specify the resource type in a Concourse pipeline:

resource_types:
-- name: apprise
-  type: registry-image
-  source:
-    repository: git.kun.is/pim/concourse-apprise-notifier
-    tag: "1.1.1"
-

We simply have to tell Concourse where to find the image, and which tag we want. Next, we instantiate the resource type to create a resource:

resources:
-- name: apprise-notification
-  type: apprise
-  source:
-    host: https://apprise.kun.is:444
-    key: concourse
-  icon: bell
-

We simply specify the host to send Apprise notifications to. Yeah, I even gave it a little bell because it’s cute.

All that’s left to do, is actually send the notification. Let’s see how that is done:

- name: deploy-static-website
-  plan:
-    - task: deploy-site
-      config: ...
-
-      on_success:
-	put: apprise-notification
-	params:
-	  title: "Static website deployed!"
-	  body: "New version: $(cat version/version)"
-	no_get: true
-

As can be seen, the Apprise notification can be triggered when a task is executed successfully. We do this using the put command, which execute the out script underwater. We set the notification’s title and body, and send it! The result is seen below in my Ntfy app, which Apprise forwards the message to: picture showing my Ntfy app with the Apprise notification

And to finish this off, here is what it looks like in the Concourse web UI: the concourse web gui showing the pipeline of my static website including the the apprise notification resources

Conclusion

Concourse’s way of representing everything as an image/container is really interesting in my opinion. A resource type is quite easily implemented as well, although Bash might not be the optimal way to do this. I’ve seen some people implement it in Rust, which might be a good excuse to finally learn that language :)

Apart from Apprise notifications, I’m planning on creating a resource type to deploy to a Docker swarm eventually. This seems like a lot harder than simply sending notifications though.

diff --git a/src/_site/concourse-apprise-notifier/ntfy.png b/src/_site/concourse-apprise-notifier/ntfy.png deleted file mode 100644 index 3b47f51..0000000 Binary files a/src/_site/concourse-apprise-notifier/ntfy.png and /dev/null differ diff --git a/src/_site/concourse-apprise-notifier/pipeline.png b/src/_site/concourse-apprise-notifier/pipeline.png deleted file mode 100644 index 68d0d14..0000000 Binary files a/src/_site/concourse-apprise-notifier/pipeline.png and /dev/null differ diff --git a/src/_site/feed.xml b/src/_site/feed.xml deleted file mode 100644 index 3c3ea5d..0000000 --- a/src/_site/feed.xml +++ /dev/null @@ -1,738 +0,0 @@ -Jekyll2024-04-26T10:58:13+02:00http://localhost:4000/feed.xmlPim KunisA pig's gotta flyPim KunisIt’s alive!2024-04-21T10:02:00+02:002024-04-21T10:02:00+02:00http://localhost:4000/its-aliveFinally, after several months this website is up and running again!

-

My homelab has completely changed, but the reason why it initially went offline is because of my failing CI installation. -I was using Concourse CI which I was initially interested in due to the reproducible nature of its builds using containers. -However, for some reason pipelines were sporadically getting stuck when I reboot the virtual machine it was running on. -The fix was very annoying: I had to re-create the pipelines manually (which feels very backwards for a CI/CD system!) -Additionally, my virtual machine setup back then was also quite fragile and I decided to get rid of that as well.

-

I have learned that having an escape hatch to deploy something is probably a good idea 😅 -Expect a new overview of my homelab soon, in the same vein as this post from last year!

]]>Pim KunisHome Lab Infrastructure Snapshot August 20232023-08-27T22:23:00+02:002023-08-27T22:23:00+02:00http://localhost:4000/infrastructure-snapshotI have been meaning to write about the current state of my home lab infrastructure for a while now. -Now that the most important parts are quite stable, I think the opportunity is ripe. -I expect this post to get quite long, so I might have to leave out some details along the way.

-

This post will be a starting point for future infrastructure snapshots which I can hopefully put out periodically. -That is, if there is enough worth talking about.

-

Keep an eye out for the icon, which links to the source code and configuration of anything mentioned. -Oh yeah, did I mention everything I do is open source?

-

Networking and Infrastructure Overview

-

Hardware and Operating Systems

-

Let’s start with the basics: what kind of hardware do I use for my home lab? -The most important servers are my three Gigabyte Brix GB-BLCE-4105. -Two of them have 16 GB of memory, and one 8 GB. -I named these servers as follows:

-
    -
  • Atlas: because this server was going to “lift” a lot of virtual machines.
    • -
  • Lewis: we started out with a “Max” server named after the Formula 1 driver Max Verstappen, but it kind of became an unmanagable behemoth without infrastructure-as-code. Our second server we subsequently named Lewis after his colleague Lewis Hamilton. Note: people around me vetoed these names and I am no F1 fan!
    • -
  • Jefke: it’s a funny Belgian name. That’s all.
    • -
-

Here is a picture of them sitting in their cosy closet:

-

A picture of my servers.

-

If you look look to the left, you will also see a Raspberry pi 4B. -I use this Pi to do some rudimentary monitoring whether servers and services are running. -More on this in the relevant section below. -The Pi is called Iris because it’s a messenger for the other servers.

-

I used to run Ubuntu on these systems, but I have since migrated away to Debian. -The main reasons were Canonical putting advertisements in my terminal and pushing Snap which has a proprietry backend. -Two of my servers run the newly released Debian Bookworm, while one still runs Debian Bullseye.

-

Networking

-

For networking, I wanted hypervisors and virtual machines separated by VLANs for security reasons. -The following picture shows a simplified view of the VLANs present in my home lab:

-

Picture showing the VLANS in my home lab.

-

All virtual machines are connected to a virtual bridge which tags network traffic with the DMZ VLAN. -The hypervisors VLAN is used for traffic to and from the hypervisors. -Devices from the hypervisors VLAN are allowed to connect to devices in the DMZ, but not vice versa. -The hypervisors are connected to a switch using a trunk link, allows both DMZ and hypervisors traffic.

-

I realised the above design using ifupdown. -Below is the configuration for each hypervisor, which creates a new enp3s0.30 interface with all DMZ traffic from the enp3s0 interface .

-
auto enp3s0.30
-iface enp3s0.30 inet manual
-iface enp3s0.30 inet6 auto
-	accept_ra 0
-	dhcp 0
-	request_prefix 0
-	privext 0
-	pre-up sysctl -w net/ipv6/conf/enp3s0.30/disable_ipv6=1
-
-

This configuration seems more complex than it actually is. -Most of it is to make sure the interface is not assigned an IPv4/6 address on the hypervisor host. -The magic .30 at the end of the interface name makes this interface tagged with VLAN ID 30 (DMZ for me).

-

Now that we have an interface tagged for the DMZ VLAN, we can create a bridge where future virtual machines can connect to:

-
auto dmzbr
-iface dmzbr inet manual
-	bridge_ports enp3s0.30
-	bridge_stp off
-iface dmzbr inet6 auto
-	accept_ra 0
-	dhcp 0
-	request_prefix 0
-	privext 0
-	pre-up sysctl -w net/ipv6/conf/dmzbr/disable_ipv6=1
-
-

Just like the previous config, this is quite bloated because I don’t want the interface to be assigned an IP address on the host. -Most importantly, the bridge_ports enp3s0.30 line here makes this interface a virtual bridge for the enp3s0.30 interface.

-

And voilĂ , we now have a virtual bridge on each machine, where only DMZ traffic will flow. -Here I verify whether this configuration works:

-
- Show -

We can see that the two virtual interfaces are created, and are only assigned a MAC address and not a IP address:

-
root@atlas:~# ip a show enp3s0.30
-4: enp3s0.30@enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master dmzbr state UP group default qlen 1000
-    link/ether d8:5e:d3:4c:70:38 brd ff:ff:ff:ff:ff:ff
-5: dmzbr: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
-    link/ether 4e:f7:1f:0f:ad:17 brd ff:ff:ff:ff:ff:ff
-
-

Pinging a VM from a hypervisor works:

-
root@atlas:~# ping -c1 maestro.dmz
-PING maestro.dmz (192.168.30.8) 56(84) bytes of data.
-64 bytes from 192.168.30.8 (192.168.30.8): icmp_seq=1 ttl=63 time=0.457 ms
-
-

Pinging a hypervisor from a VM does not work:

-
root@maestro:~# ping  -c1 atlas.hyp
-PING atlas.hyp (192.168.40.2) 56(84) bytes of data.
-
---- atlas.hyp ping statistics ---
-1 packets transmitted, 0 received, 100% packet loss, time 0ms
-
-
-

DNS and DHCP

-

Now that we have a working DMZ network, let’s build on it to get DNS and DHCP working. -This will enable new virtual machines to obtain a static or dynamic IP address and register their host in DNS. -This has actually been incredibly annoying due to our friend Network address translation (NAT).

-
- NAT recap -

Network address translation (NAT) is a function of a router which allows multiple hosts to share a single IP address. -This is needed for IPv4, because IPv4 addresses are scarce and usually one household is only assigned a single IPv4 address. -This is one of the problems IPv6 attempts to solve (mainly by having so many IP addresses that they should never run out). -To solve the problem for IPv4, each host in a network is assigned a private IPv4 address, which can be reused for every network.

-

Then, the router must perform address translation. -It does this by keeping track of ports opened by hosts in its private network. -If a packet from the internet arrives at the router for such a port, it forwards this packet to the correct host.

-
-

I would like to host my own DNS on a virtual machine (called hermes, more on VMs later) in the DMZ network. -This basically gives two problems:

-
    -
  1. The upstream DNS server will refer to the public internet-accessible IP address of our DNS server. -This IP-address has no meaning inside the private network due to NAT and the router will reject the packet.
    2. -
  2. Our DNS resolves hosts to their public internet-accessible IP address. -This is similar to the previous problem as the public IP address has no meaning.
    3. -
-

The first problem can be remediated by overriding the location of the DNS server for hosts inside the DMZ network. -This can be achieved on my router, which uses Unbound as its recursive DNS server:

-

Unbound overides for kun.is and dmz domains.

-

Any DNS requests to Unbound to domains in either dmz or kun.is will now be forwarded 192.168.30.7 (port 5353). -This is the virtual machine hosting my DNS.

-

The second problem can be solved at the DNS server. -We need to do some magic overriding, which dnsmasq is perfect for :

-
alias=84.245.14.149,192.168.30.8
-server=/kun.is/192.168.30.7
-
-

This always overrides the public IPv4 address to the private one. -It also overrides the DNS server for kun.is to 192.168.30.7.

-

Finally, behind the dnsmasq server, I run Powerdns as authoritative DNS server . -I like this DNS server because I can manage it with Terraform .

-

Here is a small diagram showing my setup (my networking teacher would probably kill me for this): -Shitty diagram showing my DNS setup.

-

Virtualization

-

https://github.com/containrrr/shepherd -Now that we have laid out the basic networking, let’s talk virtualization. -Each of my servers are configured to run KVM virtual machines, orchestrated using Libvirt. -Configuration of the physical hypervisor servers, including KVM/Libvirt is done using Ansible. -The VMs are spun up using Terraform and the dmacvicar/libvirt Terraform provider.

-

This all isn’t too exciting, except that I created a Terraform module that abstracts the Terraform Libvirt provider for my specific scenario :

-
module "maestro" {
-  source          = "git::https://git.kun.is/home/tf-modules.git//debian"
-  name            = "maestro"
-  domain_name     = "tf-maestro"
-  memory          = 10240
-  mac             = "CA:FE:C0:FF:EE:08"
-}
-
-

This automatically creates a Debian virtual machines with the properties specified. -It also sets up certificate-based SSH authentication which I talked about before.

-

Clustering

-

With virtualization explained, let’s move up one level further. -Each of my three physical servers hosts a virtual machine running Docker, which together form a Docker Swarm. -I use Traefik as a reverse proxy which routes requests to the correct container.

-

All data is hosted on a single machine and made available to containers using NFS. -This might not be very secure (as NFS is not encrypted and no proper authentication), it is quite fast.

-

As of today, I host the following services on my Docker Swarm :

- -

CI / CD

-

For CI / CD, I run Concourse CI in a separate VM. -This is needed, because Concourse heavily uses containers to create reproducible builds.

-

Although I should probably use it for more, I currently use my Concourse for three pipelines:

-
    -
  • A pipeline to build this static website and create a container image of it. -The image is then uploaded to the image registry of my Forgejo instance. -I love it when I can use stuff I previously built :) -The pipeline finally deploys this new image to the Docker Swarm .
    • -
  • A pipeline to create a Concourse resource that sends Apprise alerts (Concourse-ception?)
    • -
  • A pipeline to build a custom Fluentd image with plugins installed
    • -
-

Backups

-

To create backups, I use Borg. -As I keep all data on one machine, this backup process is quite simple. -In fact, all this data is stored in a single Libvirt volume. -To configure Borg with a simple declarative script, I use Borgmatic.

-

In order to back up the data inside the Libvirt volume, I create a snapshot to a file. -Then I can mount this snapshot in my file system. -The files can then be backed up while the system is still running. -It is also possible to simply back up the Libvirt image, but this takes more time and storage .

-

Monitoring and Alerting

-

The last topic I would like to talk about is monitoring and alerting. -This is something I’m still actively improving and only just set up properly.

-

Alerting

-

For alerting, I wanted something that runs entirely on my own infrastructure. -I settled for Apprise + Ntfy.

-

Apprise is a server that is able to send notifications to dozens of services. -For application developers, it is thus only necessary to implement the Apprise API to gain access to all these services. -The Apprise API itself is also very simple. -By using Apprise, I can also easily switch to another notification service later. -Ntfy is free software made for mobile push notifications.

-

I use this alerting system in quite a lot of places in my infrastructure, for example when creating backups.

-

Uptime Monitoring

-

The first monitoring setup I created, was using Uptime Kuma. -Uptime Kuma periodically pings a service to see whether it is still running. -You can do a literal ping, test HTTP response codes, check database connectivity and much more. -I use it to check whether my services and VMs are online. -And the best part is, Uptime Kuma supports Apprise so I get push notifications on my phone whenever something goes down!

-

Metrics and Log Monitoring

-

A new monitoring system I am still in the process of deploying is focused on metrics and logs. -I plan on creating a separate blog post about this, so keep an eye out on that (for example using RSS :)). -Safe to say, it is no basic ELK stack!

-

Conclusion

-

That’s it for now! -Hopefully I inspired someone to build something
 or how not to :)

]]>Pim KunisHashicorp’s License Change and my Home Lab - Update2023-08-17T18:15:00+02:002023-08-17T18:15:00+02:00http://localhost:4000/hashicorp-license-changeSee the Update at the end of the article.

-

Already a week ago, Hashicorp announced it would change the license on almost all its projects. -Unlike their previous license, which was the Mozilla Public License 2.0, their new license is no longer truly open source. -It is called the Business Source Licenseℱ and restricts use of their software for competitors. -In their own words:

-
-

Vendors who provide competitive services built on our community products will no longer be able to incorporate future releases, bug fixes, or security patches contributed to our products.

-
-

I found a great article by MeshedInsights that names this behaviour the “rights ratchet model”. -They define a script start-ups use to garner the interest of open source enthusiasts but eventually turn their back on them for profit. -The reason why Hashicorp can do this, is because contributors signed a copyright license agreement (CLA). -This agreement transfers the copyright of contributors’ code to Hashicorp, allowing them to change the license if they want to.

-

I find this action really regrettable because I like their products. -This sort of action was also why I wanted to avoid using an Elastic stack, which also had their license changed.1 -These companies do not respect their contributors and the software stack beneath they built their product on, which is actually open source (Golang, Linux, etc.).

-

Impact on my Home Lab

-

I am using Terraform in my home lab to manage several important things:

-
    -
  • Libvirt virtual machines
    • -
  • PowerDNS records
    • -
  • Elasticsearch configuration
    • -
-

With Hashicorp’s anti open source move, I intend to move away from Terraform in the future. -While I will not use Hashicorp’s products for new personal projects, I will leave my current setup as-is for some time because there is no real need to quickly migrate.

-

I might also investigate some of Terraform’s competitors, like Pulumi. -Hopefully there is a project that respects open source which I can use in the future.

-

Update

-

A promising fork of Terraform has been announced called OpenTF. -They intend to take part of the Cloud Native Computing Foundation, which I think is a good effort because Terraform is so important for modern cloud infrastructures.

-

Footnotes

-
-
    -
  1. -

    While I am still using Elasticsearch, I don’t use the rest of the Elastic stack in order to prevent a vendor lock-in. ↩

    -
    2. -
-
]]>Pim KunisMonitoring Correct Memory Usage in Fluent Bit2023-08-09T16:19:00+02:002023-08-09T16:19:00+02:00http://localhost:4000/fluent-bit-memoryPreviously, I have used Prometheus’ node_exporter to monitor the memory usage of my servers. -However, I am currently in the process of moving away from Prometheus to a new Monioring stack. -While I understand the advantages, I felt like Prometheus’ pull architecture does not scale nicely. -Everytime I spin up a new machine, I would have to centrally change Prometheus’ configuration in order for it to query the new server.

-

In order to collect metrics from my servers, I am now using Fluent Bit. -I love Fluent Bit’s way of configuration which I can easily express as code and automate, its focus on effiency and being vendor agnostic. -However, I have stumbled upon one, in my opinion, big issue with Fluent Bit: its mem plugin to monitor memory usage is completely useless. -In this post I will go over the problem and my temporary solution.

-

The Problem with Fluent Bit’s mem Plugin

-

As can be seen in the documentation, Fluent Bit’s mem input plugin exposes a few metrics regarding memory usage which should be self-explaining: Mem.total, Mem.used, Mem.free, Swap.total, Swap.used and Swap.free. -The problem is that Mem.used and Mem.free do not accurately reflect the machine’s actual memory usage. -This is because these metrics include caches and buffers, which can be reclaimed by other processes if needed. -Most tools reporting memory usage therefore include an additional metric that specifices the memory available on the system. -For example, the command free -m reports the following data on my laptop:

-
               total        used        free      shared  buff/cache   available
-Mem:           15864        3728        7334         518        5647       12136
-Swap:           2383         663        1720
-
-

Notice that the available memory is more than free memory.

-

While the issue is known (see this and this link), it is unfortunately not yet fixed.

-

A Temporary Solution

-

The issues I linked previously provide stand-alone plugins that fix the problem, which will hopefully be merged in the official project at some point. -However, I didn’t want to install another plugin so I used Fluent Bit’s exec input plugin and the free Linux command to query memory usage like so:

-
[INPUT]
-    Name exec
-    Tag memory
-    Command free -m | tail -2 | tr '\n' ' '
-    Interval_Sec 1
-
-

To interpret the command’s output, I created the following filter:

-
[FILTER]
-    Name parser
-    Match memory
-    Key_Name exec
-    Parser free
-
-

Lastly, I created the following parser (warning: regex shitcode incoming):

-
[PARSER]
-    Name free
-    Format regex
-    Regex ^Mem:\s+(?<mem_total>\d+)\s+(?<mem_used>\d+)\s+(?<mem_free>\d+)\s+(?<mem_shared>\d+)\s+(?<mem_buff_cache>\d+)\s+(?<mem_available>\d+) Swap:\s+(?<swap_total>\d+)\s+(?<swap_used>\d+)\s+(?<swap_free>\d+)
-    Types mem_total:integer mem_used:integer mem_free:integer mem_shared:integer mem_buff_cache:integer mem_available:integer swap_total:integer swap_used:integer
-
-

With this configuration, you can use the mem_available metric to get accurate memory usage in Fluent Bit.

-

Conclusion

-

Let’s hope Fluent Bit’s mem input plugin is improved upon soon so this hacky solution is not needed. -I also intend to document my new monitoring pipeline, which at the moment consists of:

-
    -
  • Fluent Bit
    • -
  • Fluentd
    • -
  • Elasticsearch
    • -
  • Grafana
    • -
]]>Pim KunisError Handling in Borgmatic2023-08-08T11:51:00+02:002023-08-08T11:51:00+02:00http://localhost:4000/backup-failureBorgBackup and Borgmatic have been my go-to tools to create backups for my home lab since I started creating backups. -Using Systemd Timers, I regularly create a backup every night. -I also monitor successful execution of the backup process, in case some error occurs. -However, the way I set this up resulted in not receiving notifications. -Even though it boils down to RTFM, I’d like to explain my error and how to handle errors correctly.

-

I was using the on_error option to handle errors, like so:

-
on_error:
-  - 'apprise --body="Error while performing backup" <URL> || true'
-
-

However, on_error does not handle errors from the execution of before_everything and after_everything hooks. -My solution to this was moving the error handling up to the Systemd service that calls Borgmatic. -This results in the following Systemd service:

-
[Unit]
-Description=Backup data using Borgmatic
-# Added
-OnFailure=backup-failure.service
-
-[Service]
-ExecStart=/usr/bin/borgmatic --config /root/backup.yml
-Type=oneshot
-
-

This handles any error, be it from Borgmatic’s hooks or itself. -The backup-failure service is very simple, and just calls Apprise to send a notification:

-
[Unit]
-Description=Send backup failure notification
-
-[Service]
-Type=oneshot
-ExecStart=apprise --body="Failed to create backup!" <URL>
-
-[Install]
-WantedBy=multi-user.target
-
-

The Aftermath (or what I learned)

-

Because the error handling and alerting weren’t working propertly, my backups didn’t succeed for two weeks straight. -And, of course, you only notice your backups aren’t working when you actually need them. -This is exactly what happened: my disk was full and a MariaDB database crashed as a result of that. -Actually, the whole database seemed to be corrupt and I find it worrying MariaDB does not seem to be very resilient to failures (in comparison a PostgreSQL database was able to recover automatically). -I then tried to recover the data using last night’s backup, only to find out there was no such backup. -Fortunately, I had other means to recover the data so I incurred no data loss.

-

I already knew it is important to test backups, but I learned it is also important to test failures during backups!

]]>Pim KunisUsing Ansible to alter Kernel Parameters2023-06-19T09:31:00+02:002023-06-19T09:31:00+02:00http://localhost:4000/ansible-edit-grubFor months, I’ve had a peculiar problem with my laptop: once in a while, seemingly without reason, my laptop screen would freeze. -This only happened on my laptop screen, and not on an external monitor. -I had kind of learned to live with it as I couldn’t find a solution online. -The only remedy I had was reloading my window manager, which would often unfreeze the screen.

-

Yesterday I tried Googling once more and I actually found a thread about it on the Arch Linux forums! -They talk about the same laptop model, the Lenovo ThinkPad x260, having the problem. -Fortunately, they also propose a temporary fix.

-

Trying the Fix

-

Apparently, a problem with the Panel Self Refresh (PSR) feature of Intel iGPUs is the culprit. -According to the Linux source code, PSR enables the display to go into a lower standby mode when the sytem is idle but the screen is in use. -These lower standby modes can reduce power usage of your device when idling.

-

This all seems useful, except when it makes your screen freeze! -The proposed fix disables the PSR feature entirely. -To do this, we need to change a parameter to the Intel Graphics Linux Kernel Module (LKM). -The LKM for Intel Graphics is called i915. -There are multiple ways to change kernel parameters, but I chose to edit my Grub configuration.

-

First, I wanted to test whether it actually works. -When booting into my Linux partition via Grub, you can press e to edit the Grub definition. -Somewhere there, you can find the linux command which specifies to boot Linux and how to do that. -I simply appended the option i915.enable_psr=0 to this line. -After rebooting, I noticed my screen no longer freezes! -Success!

-

Persisting the Fix

-

To make the change permanent, we need to permanently change Grub’s configuration. -One way to do this, is by changing Grub’s defaults in /etc/default/grub. -Namely, the GRUB_CMDLINE_LINUX_DEFAULT option specifies what options Grub should pass to the Linux kernel by default. -For me, this is a nice solution as the problem exists for both Linux OSes I have installed. -I changed this option to:

-
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash i915.enable_psr=0"
-
-

Next, I wanted to automate this solution using Ansible. -This turned out to be quite easy, as the Grub configuration looks a bit like an ini file (maybe it is?):

-
- name: Edit grub to disable Panel Self Refresh
-  become: true
-  ini_file:
-    path: /etc/default/grub
-    section: null
-    option: "GRUB_CMDLINE_LINUX_DEFAULT"
-    value: '"quiet splash i915.enable_psr=0"'
-    no_extra_spaces: true
-  notify: update grub
-
-

Lastly, I created the notify hook to update the Grub configuration:

-
- name: update grub
-  become: true
-  command:
-    cmd: update-grub
-
-

Update: Just use Nix

-

Lately, I have been learning a bit of NixOS with the intention of replacing my current setup. -Compared to Ansible, applying this fix is a breeze on NixOS:

-
{
-  boot.kernelParams = [ "i915.enable_psr=0" ];
-}
-
-

That’s it, yep.

-

Conclusion

-

It turned out to be quite easy to change Linux kernel parameters using Ansible. -Maybe some kernel gurus have better ways to change parameters, but this works for me for now.

-

As a sidenote, I started reading a bit more about NixOS and realised that it can solve issues like these much more nicely than Ansible does. -I might replace my OS with NixOS some day, if I manage to rewrite my Ansible for it.

]]>Pim KunisSending Apprise Notifications from Concourse CI2023-06-14T23:39:00+02:002023-06-14T23:39:00+02:00http://localhost:4000/concourse-apprise-notifierRecently, I deployed Concourse CI because I wanted to get my feet wet with a CI/CD pipeline. -However, I had a practical use case lying around for a long time: automatically compiling my static website and deploying it to my docker Swarm. -This took some time getting right, but the result works like a charm (source code).

-

It’s comforting to know I don’t have move a finger and my website is automatically deployed. -However, I would still like to receive some indication of what’s happening. -And what’s a better way to do that, than using my Apprise service to keep me up to date. -There’s a little snag though: I could not find any Concourse resource that does this. -That’s when I decided to just create it myself.

-

The Plagiarism Hunt

-

As any good computer person, I am lazy. -I’d rather just copy someone’s work, so that’s what I did. -I found this GitHub repository that does the same thing but for Slack notifications. -For some reason it’s archived, but it seemed like it should work. -I actually noticed lots of repositories for Concourse resource types are archived, so not sure what’s going on there.

-

Getting to know Concourse

-

Let’s first understand what we need to do reach our end goal of sending Apprise notifications from Concourse.

-

A Concourse pipeline takes some inputs, performs some operations on them which result in some outputs. -These inputs and outputs are called resources in Concourse. -For example, a Git repository could be a resource. -Each resource is an instance of a resource type. -A resource type therefore is simply a blueprint that can create multiple resources. -To continue the example, a resource type could be “Git repository”.

-

We therefore need to create our own resource type that can send Apprise notifications. -A resource type is simply a container that includes three scripts:

-
    -
  • check: check for a new version of a resource
    • -
  • in: retrieve a version of the resource
    • -
  • out: create a version of the resource
    • -
-

As Apprise notifications are basically fire-and-forget, we will only implement the out script.

-

Writing the out script

-

The whole script can be found here, but I will explain the most important bits of it. -Note that I only use Apprise’s persistent storage solution, and not its stateless solution.

-

Concourse provides us with the working directory, which we cd to:

-
cd "${1}"
-
-

We create a timestamp, formatted in JSON, which we will use for the resource’s new version later. -Concourse requires us to set a version for the resource, but since Apprise notifications don’t have that, we use the timestamp:

-
timestamp="$(jq -n "{version:{timestamp:\"$(date +%s)\"}}")"
-
-

First some black magic Bash to redirect file descriptors. -Not sure why this is needed, but I copied it anyways. -After that, we create a temporary file holding resource’s parameters.

-
exec 3>&1
-exec 1>&2
-
-payload=$(mktemp /tmp/resource-in.XXXXXX)
-cat > "${payload}" <&0
-
-

We then extract the individual parameters. -The source key contains values how the resource type was specified, while the params key specifies parameters for this specific resource.

-
apprise_host="$(jq -r '.source.host' < "${payload}")"
-apprise_key="$(jq -r '.source.key' < "${payload}")"
-
-alert_body="$(jq -r '.params.body' < "${payload}")"
-alert_title="$(jq -r '.params.title // null' < "${payload}")"
-alert_type="$(jq -r '.params.type // null' < "${payload}")"
-alert_tag="$(jq -r '.params.tag // null' < "${payload}")"
-alert_format="$(jq -r '.params.format // null' < "${payload}")"
-
-

We then format the different parameters using JSON:

-
alert_body="$(eval "printf \"${alert_body}\"" | jq -R -s .)"
-[ "${alert_title}" != "null" ] && alert_title="$(eval "printf \"${alert_title}\"" | jq -R -s .)"
-[ "${alert_type}" != "null" ] && alert_type="$(eval "printf \"${alert_type}\"" | jq -R -s .)"
-[ "${alert_tag}" != "null" ] && alert_tag="$(eval "printf \"${alert_tag}\"" | jq -R -s .)"
-[ "${alert_format}" != "null" ] && alert_format="$(eval "printf \"${alert_format}\"" | jq -R -s .)"
-
-

Next, from the individual parameters we construct the final JSON message body we send to the Apprise endpoint.

-
body="$(cat <<EOF
-{
-  "body": ${alert_body},
-  "title": ${alert_title},
-  "type": ${alert_type},
-  "tag": ${alert_tag},
-  "format": ${alert_format}
-}
-EOF
-)"
-
-

Before sending it just yet, we compact the JSON and remove any values that are null:

-
compact_body="$(echo "${body}" | jq -c '.')"
-echo "$compact_body" | jq 'del(..|nulls)' > /tmp/compact_body.json
-
-

Here is the most important line, where we send the payload to the Apprise endpoint. -It’s quite straight-forward.

-
curl -v -X POST -T /tmp/compact_body.json -H "Content-Type: application/json" "${apprise_host}/notify/${apprise_key}"
-
-

Finally, we print the timestamp (fake version) in order to appease the Concourse gods.

-
echo "${timestamp}" >&3
-
-

Building the Container

-

As said earlier, to actually use this script, we need to add it to a image. -I won’t be explaining this whole process, but the source can be found here. -The most important take-aways are these:

-
    -
  • Use concourse/oci-build-task to build a image from a Dockerfile.
    • -
  • Use registry-image to push the image to an image registry.
    • -
-

Using the Resource Type

-

Using our newly created resource type is surprisingly simple. -I use it for the blog you are reading right now and the pipeline definition can be found here. -Here we specify the resource type in a Concourse pipeline:

-
resource_types:
-- name: apprise
-  type: registry-image
-  source:
-    repository: git.kun.is/pim/concourse-apprise-notifier
-    tag: "1.1.1"
-
-

We simply have to tell Concourse where to find the image, and which tag we want. -Next, we instantiate the resource type to create a resource:

-
resources:
-- name: apprise-notification
-  type: apprise
-  source:
-    host: https://apprise.kun.is:444
-    key: concourse
-  icon: bell
-
-

We simply specify the host to send Apprise notifications to. -Yeah, I even gave it a little bell because it’s cute.

-

All that’s left to do, is actually send the notification. -Let’s see how that is done:

-
- name: deploy-static-website
-  plan:
-    - task: deploy-site
-      config: ...
-
-      on_success:
-	put: apprise-notification
-	params:
-	  title: "Static website deployed!"
-	  body: "New version: $(cat version/version)"
-	no_get: true
-
-

As can be seen, the Apprise notification can be triggered when a task is executed successfully. -We do this using the put command, which execute the out script underwater. -We set the notification’s title and body, and send it! -The result is seen below in my Ntfy app, which Apprise forwards the message to: -picture showing my Ntfy app with the Apprise notification

-

And to finish this off, here is what it looks like in the Concourse web UI: -the concourse web gui showing the pipeline of my static website including the the apprise notification resources

-

Conclusion

-

Concourse’s way of representing everything as an image/container is really interesting in my opinion. -A resource type is quite easily implemented as well, although Bash might not be the optimal way to do this. -I’ve seen some people implement it in Rust, which might be a good excuse to finally learn that language :)

-

Apart from Apprise notifications, I’m planning on creating a resource type to deploy to a Docker swarm eventually. -This seems like a lot harder than simply sending notifications though.

]]>Pim KunisMy Experiences with virtio-9p2023-05-31T14:18:00+02:002023-05-31T14:18:00+02:00http://localhost:4000/virtio-9p-experiencesWhen I was scaling up my home lab, I started thinking more about data management. -I hadn’t (and still haven’t) set up any form of network storage. -I have, however, set up a backup mechanism using Borg. -Still, I want to operate lots of virtual machines, and backing up each one of them separately seemed excessive. -So I started thinking, what if I just let the host machines back up the data? -After all, the amount of physical hosts I have in my home lab is unlikely to increase drastically.

-

The Use Case for Sharing Directories

-

I started working out this idea further. -Without network storage, I needed a way for guest VMs to access the host’s disks. -Here there are two possibilities, either expose some block device or a file system. -Creating a whole virtual disk for just the data of some VMs seemed wasteful, and from my experiences also increases backup times dramatically. -I therefore searched for a way to mount a directory from the host OS on the guest VM. -This is when I stumbled upon this blog post talking about sharing directories with virtual machines.

-

Sharing Directories with virtio-9p

-

virtio-9p is a way to map a directory on the host OS to a special device on the virtual machine. -In virt-manager, it looks like the following: -picture showing virt-manager configuration to map a directory to a VM -Under the hood, virtio-9p uses the 9pnet protocol. -Originally developed at Bell Labs, support for this is available in all modern Linux kernels. -If you share a directory with a VM, you can then mount it. -Below is an extract of my /etc/fstab to automatically mount the directory:

-
data	/mnt/data	9p	trans=virtio,rw	0	0
-
-

The first argument (data) refers to the name you gave this share from the host -With the trans option we specify that this is a virtio share.

-

Problems with virtio-9p

-

At first I had no problems with my setup, but I am now contemplating just moving to a network storage based setup because of two problems.

-

The first problem is that some files have suddenly changed ownership from libvirt-qemu to root. -If the file is owned by root, the guest OS can still see it, but cannot access it. -I am not entirely sure the problem lies with virtio, but I suspect it is. -For anyone experiencing this problem, I wrote a small shell script to revert ownership to the libvirt-qemu user:

-
find -printf "%h/%f %u\n"  | grep root | cut -d ' ' -f1 | xargs chown libvirt-qemu:libvirt-qemu
-
-

Another problem that I have experienced, is guests being unable to mount the directory at all. -I have only experienced this problem once, but it was highly annoying. -To fix it, I had to reboot the whole physical machine.

-

Alternatives

-

virtio-9p seemed like a good idea, but as discussed, I had some problems with it. -It seems virtioFS might be a an interesting alternative as it is designed specifically for sharing directories with VMs.

-

As for me, I will probably finally look into deploying network storage either with NFS or SSHFS.

]]>Pim KunisHomebrew SSH Certificate Authority for the Terraform Libvirt Provider2023-05-23T11:14:00+02:002023-05-23T11:14:00+02:00http://localhost:4000/homebrew-ssh-caEver SSH’ed into a freshly installed server and gotten the following annoying message?

-
The authenticity of host 'host.tld (1.2.3.4)' can't be established.
-ED25519 key fingerprint is SHA256:eUXGdm1YdsMAS7vkdx6dOJdOGHdem5gQp4tadCfdLB8.
-Are you sure you want to continue connecting (yes/no)?
-
-

Or even more annoying:

-
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
-@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
-@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
-IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
-Someone could be eavesdropping on you right now (man-in-the-middle attack)!
-It is also possible that a host key has just been changed.
-The fingerprint for the ED25519 key sent by the remote host is
-SHA256:eUXGdm1YdsMAS7vkdx6dOJdOGHdem5gQp4tadCfdLB8.
-Please contact your system administrator.
-Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
-Offending ED25519 key in /home/user/.ssh/known_hosts:3
-  remove with:
-  ssh-keygen -f "/etc/ssh/ssh_known_hosts" -R "1.2.3.4"
-ED25519 host key for 1.2.3.4 has changed and you have requested strict checking.
-Host key verification failed.
-
-

Could it be that the programmers at OpenSSH simply like to annoy us with these confusing messages? -Maybe, but these warnings also serve as a way to notify users of a potential Man-in-the-Middle (MITM) attack. -I won’t go into the details of this problem, but I refer you to this excellent blog post. -Instead, I would like to talk about ways to solve these annoying warnings.

-

One obvious solution is simply to add each host to your known_hosts file. -This works okay when managing a handful of servers, but becomes unbearable when managing many servers. -In my case, I wanted to quickly spin up virtual machines using Duncan Mac-Vicar’s Terraform Libvirt provider, without having to accept their host key before connecting. -The solution? Issuing SSH host certificates using an SSH certificate authority.

-

SSH Certificate Authorities vs. the Web

-

The idea of an SSH certificate authority (CA) is quite easy to grasp, if you understand the web’s Public Key Infrastructure (PKI). -Just like with the web, a trusted party can issue certificates that are offered when establishing a connection. -The idea is, just by trusting the trusted party, you trust every certificate they issue. -In the case of the web’s PKI, this trusted party is bundled and trusted by your browser or operating system. -However, in the case of SSH, the trusted party is you! (Okay you can also trust your own web certificate authority) -With this great power, comes great responsibility which we will abuse heavily in this article.

-

SSH Certificate Authority for Terraform

-

So, let’s start with a plan. -I want to spawn virtual machines with Terraform which which are automatically provisioned with a SSH host certificate issued by my CA. -This CA will be another host on my private network, issuing certificates over SSH.

-

Fetching the SSH Host Certificate

-

First we generate an SSH key pair in Terraform. -Below is the code for that:

-
resource "tls_private_key" "debian" {
-  algorithm = "ED25519"
-}
-
-data "tls_public_key" "debian" {
-  private_key_pem = tls_private_key.debian.private_key_pem
-}
-
-

Now that we have an SSH key pair, we need to somehow make Terraform communicate this with the CA. -Lucky for us, there is a way for Terraform to execute an arbitrary command with the external data feature. -We call this script below:

-
data "external" "cert" {
-  program = ["bash", "${path.module}/get_cert.sh"]
-
-  query = {
-    pubkey   = trimspace(data.tls_public_key.debian.public_key_openssh)
-    host     = var.name
-    cahost   = var.ca_host
-    cascript = var.ca_script
-    cakey    = var.ca_key
-  }
-}
-
-

These query parameters will end up in the script’s stdin in JSON format. -We can then read these parameters, and send them to the CA over SSH. -The result must as well be in JSON format.

-
#!/bin/bash
-set -euo pipefail
-IFS=$'\n\t'
-
-# Read the query parameters
-eval "$(jq -r '@sh "PUBKEY=\(.pubkey) HOST=\(.host) CAHOST=\(.cahost) CASCRIPT=\(.cascript) CAKEY=\(.cakey)"')"
-
-# Fetch certificate from the CA
-# Warning: extremely ugly code that I am to lazy to fix
-CERT=$(ssh -o ConnectTimeout=3 -o ConnectionAttempts=1 root@$CAHOST '"'"$CASCRIPT"'" host "'"$CAKEY"'" "'"$PUBKEY"'" "'"$HOST"'".dmz')
-
-jq -n --arg cert "$CERT" '{"cert":$cert}'
-
-

We see that a script is called on the remote host that issues the certificate. -This is just a simple wrapper around ssh-keygen, which you can see below.

-
#!/bin/bash
-set -euo pipefail
-IFS=$'\n\t'
-
-host() {
-	CAKEY="$2"
-	PUBKEY="$3"
-	HOST="$4"
-
-	echo "$PUBKEY" > /root/ca/"$HOST".pub
-	ssh-keygen -h -s /root/ca/keys/"$CAKEY" -I "$HOST" -n "$HOST" /root/ca/"$HOST".pub
-	cat /root/ca/"$HOST"-cert.pub
-	rm /root/ca/"$HOST"*.pub
-}
-
-"$1" "$@"
-
-

Appeasing the Terraform Gods

-

So nice, we can fetch the SSH host certificate from the CA. -We should just be able to use it right? -We can, but it brings a big annoyance with it: Terraform will fetch a new certificate every time it is run. -This is because the external feature of Terraform is a data source. -If we were to use this data source for a Terraform resource, it would need to be updated every time we run Terraform. -I have not been able to find a way to avoid fetching the certificate every time, except for writing my own resource provider which I’d rather not. -I have, however, found a way to hack around the issue.

-

The idea is as follows: we can use Terraform’s ignore_changes to, well, ignore any changes of a resource. -Unfortunately, we cannot use this for a data source, so we must create a glue null_resource that supports ignore_changes. -This is shown in the code snipppet below. -We use the triggers property simply to copy the certificate in; we don’t use it for it’s original purpose.

-
resource "null_resource" "cert" {
-  triggers = {
-    cert = data.external.cert.result["cert"]
-  }
-
-  lifecycle {
-    ignore_changes = [
-      triggers
-    ]
-  }
-}
-
-

And voilà, we can now use null_resource.cert.triggers["cert"] as our certificate, that won’t trigger replacements in Terraform.

-

Setting the Host Certificate with Cloud-Init

-

Terraform’s Libvirt provider has native support for Cloud-Init, which is very handy. -We can give the host certificate directly to Cloud-Init and place it on the virtual machine. -Inside the Cloud-Init configuration, we can set the ssh_keys property to do this:

-
ssh_keys:
-  ed25519_private: |
-    ${indent(4, private_key)}
-  ed25519_certificate: "${host_cert}"
-
-

I hardcoded this to ED25519 keys, because this is all I use.

-

This works perfectly, and I never have to accept host certificates from virtual machines again.

-

Caveats

-

A sharp eye might have noticed the lifecycle of these host certificates is severely lacking. -Namely, the deployed host certificates have no expiration date nore is there revocation function. -There are ways to implement these, but for my home lab I did not deem this necessary at this point. -In a more professional environment, I would suggest using Hashicorp’s Vault.

-

This project did teach me about the limits and flexibility of Terraform, so all in all a success! -All code can be found on the git repository here.

]]>Pim Kunis \ No newline at end of file diff --git a/src/_site/fluent-bit-memory/index.html b/src/_site/fluent-bit-memory/index.html deleted file mode 100644 index b1eecfd..0000000 --- a/src/_site/fluent-bit-memory/index.html +++ /dev/null @@ -1,19 +0,0 @@ - Monitoring Correct Memory Usage in Fluent Bit - Pim Kunis

Monitoring Correct Memory Usage in Fluent Bit

Previously, I have used Prometheus’ node_exporter to monitor the memory usage of my servers. However, I am currently in the process of moving away from Prometheus to a new Monioring stack. While I understand the advantages, I felt like Prometheus’ pull architecture does not scale nicely. Everytime I spin up a new machine, I would have to centrally change Prometheus’ configuration in order for it to query the new server.

In order to collect metrics from my servers, I am now using Fluent Bit. I love Fluent Bit’s way of configuration which I can easily express as code and automate, its focus on effiency and being vendor agnostic. However, I have stumbled upon one, in my opinion, big issue with Fluent Bit: its mem plugin to monitor memory usage is completely useless. In this post I will go over the problem and my temporary solution.

The Problem with Fluent Bit’s mem Plugin

As can be seen in the documentation, Fluent Bit’s mem input plugin exposes a few metrics regarding memory usage which should be self-explaining: Mem.total, Mem.used, Mem.free, Swap.total, Swap.used and Swap.free. The problem is that Mem.used and Mem.free do not accurately reflect the machine’s actual memory usage. This is because these metrics include caches and buffers, which can be reclaimed by other processes if needed. Most tools reporting memory usage therefore include an additional metric that specifices the memory available on the system. For example, the command free -m reports the following data on my laptop:

               total        used        free      shared  buff/cache   available
-Mem:           15864        3728        7334         518        5647       12136
-Swap:           2383         663        1720
-

Notice that the available memory is more than free memory.

While the issue is known (see this and this link), it is unfortunately not yet fixed.

A Temporary Solution

The issues I linked previously provide stand-alone plugins that fix the problem, which will hopefully be merged in the official project at some point. However, I didn’t want to install another plugin so I used Fluent Bit’s exec input plugin and the free Linux command to query memory usage like so:

[INPUT]
-    Name exec
-    Tag memory
-    Command free -m | tail -2 | tr '\n' ' '
-    Interval_Sec 1
-

To interpret the command’s output, I created the following filter:

[FILTER]
-    Name parser
-    Match memory
-    Key_Name exec
-    Parser free
-

Lastly, I created the following parser (warning: regex shitcode incoming):

[PARSER]
-    Name free
-    Format regex
-    Regex ^Mem:\s+(?<mem_total>\d+)\s+(?<mem_used>\d+)\s+(?<mem_free>\d+)\s+(?<mem_shared>\d+)\s+(?<mem_buff_cache>\d+)\s+(?<mem_available>\d+) Swap:\s+(?<swap_total>\d+)\s+(?<swap_used>\d+)\s+(?<swap_free>\d+)
-    Types mem_total:integer mem_used:integer mem_free:integer mem_shared:integer mem_buff_cache:integer mem_available:integer swap_total:integer swap_used:integer
-

With this configuration, you can use the mem_available metric to get accurate memory usage in Fluent Bit.

Conclusion

Let’s hope Fluent Bit’s mem input plugin is improved upon soon so this hacky solution is not needed. I also intend to document my new monitoring pipeline, which at the moment consists of:

  • Fluent Bit
  • Fluentd
  • Elasticsearch
  • Grafana
diff --git a/src/_site/hashicorp-license-change/index.html b/src/_site/hashicorp-license-change/index.html deleted file mode 100644 index f0452f0..0000000 --- a/src/_site/hashicorp-license-change/index.html +++ /dev/null @@ -1 +0,0 @@ - Hashicorp's License Change and my Home Lab - Update - Pim Kunis

Hashicorp's License Change and my Home Lab - Update

See the Update at the end of the article.

Already a week ago, Hashicorp announced it would change the license on almost all its projects. Unlike their previous license, which was the Mozilla Public License 2.0, their new license is no longer truly open source. It is called the Business Source Licenseℱ and restricts use of their software for competitors. In their own words:

Vendors who provide competitive services built on our community products will no longer be able to incorporate future releases, bug fixes, or security patches contributed to our products.

I found a great article by MeshedInsights that names this behaviour the “rights ratchet model”. They define a script start-ups use to garner the interest of open source enthusiasts but eventually turn their back on them for profit. The reason why Hashicorp can do this, is because contributors signed a copyright license agreement (CLA). This agreement transfers the copyright of contributors’ code to Hashicorp, allowing them to change the license if they want to.

I find this action really regrettable because I like their products. This sort of action was also why I wanted to avoid using an Elastic stack, which also had their license changed.1 These companies do not respect their contributors and the software stack beneath they built their product on, which is actually open source (Golang, Linux, etc.).

Impact on my Home Lab

I am using Terraform in my home lab to manage several important things:

  • Libvirt virtual machines
  • PowerDNS records
  • Elasticsearch configuration

With Hashicorp’s anti open source move, I intend to move away from Terraform in the future. While I will not use Hashicorp’s products for new personal projects, I will leave my current setup as-is for some time because there is no real need to quickly migrate.

I might also investigate some of Terraform’s competitors, like Pulumi. Hopefully there is a project that respects open source which I can use in the future.

Update

A promising fork of Terraform has been announced called OpenTF. They intend to take part of the Cloud Native Computing Foundation, which I think is a good effort because Terraform is so important for modern cloud infrastructures.

Footnotes

  1. While I am still using Elasticsearch, I don’t use the rest of the Elastic stack in order to prevent a vendor lock-in. ↩

diff --git a/src/_site/homebrew-ssh-ca/index.html b/src/_site/homebrew-ssh-ca/index.html deleted file mode 100644 index 5ef63bd..0000000 --- a/src/_site/homebrew-ssh-ca/index.html +++ /dev/null @@ -1,83 +0,0 @@ - Homebrew SSH Certificate Authority for the Terraform Libvirt Provider - Pim Kunis

Homebrew SSH Certificate Authority for the Terraform Libvirt Provider

Ever SSH’ed into a freshly installed server and gotten the following annoying message?

The authenticity of host 'host.tld (1.2.3.4)' can't be established.
-ED25519 key fingerprint is SHA256:eUXGdm1YdsMAS7vkdx6dOJdOGHdem5gQp4tadCfdLB8.
-Are you sure you want to continue connecting (yes/no)?
-

Or even more annoying:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
-@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
-@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
-IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
-Someone could be eavesdropping on you right now (man-in-the-middle attack)!
-It is also possible that a host key has just been changed.
-The fingerprint for the ED25519 key sent by the remote host is
-SHA256:eUXGdm1YdsMAS7vkdx6dOJdOGHdem5gQp4tadCfdLB8.
-Please contact your system administrator.
-Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
-Offending ED25519 key in /home/user/.ssh/known_hosts:3
-  remove with:
-  ssh-keygen -f "/etc/ssh/ssh_known_hosts" -R "1.2.3.4"
-ED25519 host key for 1.2.3.4 has changed and you have requested strict checking.
-Host key verification failed.
-

Could it be that the programmers at OpenSSH simply like to annoy us with these confusing messages? Maybe, but these warnings also serve as a way to notify users of a potential Man-in-the-Middle (MITM) attack. I won’t go into the details of this problem, but I refer you to this excellent blog post. Instead, I would like to talk about ways to solve these annoying warnings.

One obvious solution is simply to add each host to your known_hosts file. This works okay when managing a handful of servers, but becomes unbearable when managing many servers. In my case, I wanted to quickly spin up virtual machines using Duncan Mac-Vicar’s Terraform Libvirt provider, without having to accept their host key before connecting. The solution? Issuing SSH host certificates using an SSH certificate authority.

SSH Certificate Authorities vs. the Web

The idea of an SSH certificate authority (CA) is quite easy to grasp, if you understand the web’s Public Key Infrastructure (PKI). Just like with the web, a trusted party can issue certificates that are offered when establishing a connection. The idea is, just by trusting the trusted party, you trust every certificate they issue. In the case of the web’s PKI, this trusted party is bundled and trusted by your browser or operating system. However, in the case of SSH, the trusted party is you! (Okay you can also trust your own web certificate authority) With this great power, comes great responsibility which we will abuse heavily in this article.

SSH Certificate Authority for Terraform

So, let’s start with a plan. I want to spawn virtual machines with Terraform which which are automatically provisioned with a SSH host certificate issued by my CA. This CA will be another host on my private network, issuing certificates over SSH.

Fetching the SSH Host Certificate

First we generate an SSH key pair in Terraform. Below is the code for that:

resource "tls_private_key" "debian" {
-  algorithm = "ED25519"
-}
-
-data "tls_public_key" "debian" {
-  private_key_pem = tls_private_key.debian.private_key_pem
-}
-

Now that we have an SSH key pair, we need to somehow make Terraform communicate this with the CA. Lucky for us, there is a way for Terraform to execute an arbitrary command with the external data feature. We call this script below:

data "external" "cert" {
-  program = ["bash", "${path.module}/get_cert.sh"]
-
-  query = {
-    pubkey   = trimspace(data.tls_public_key.debian.public_key_openssh)
-    host     = var.name
-    cahost   = var.ca_host
-    cascript = var.ca_script
-    cakey    = var.ca_key
-  }
-}
-

These query parameters will end up in the script’s stdin in JSON format. We can then read these parameters, and send them to the CA over SSH. The result must as well be in JSON format.

#!/bin/bash
-set -euo pipefail
-IFS=$'\n\t'
-
-# Read the query parameters
-eval "$(jq -r '@sh "PUBKEY=\(.pubkey) HOST=\(.host) CAHOST=\(.cahost) CASCRIPT=\(.cascript) CAKEY=\(.cakey)"')"
-
-# Fetch certificate from the CA
-# Warning: extremely ugly code that I am to lazy to fix
-CERT=$(ssh -o ConnectTimeout=3 -o ConnectionAttempts=1 root@$CAHOST '"'"$CASCRIPT"'" host "'"$CAKEY"'" "'"$PUBKEY"'" "'"$HOST"'".dmz')
-
-jq -n --arg cert "$CERT" '{"cert":$cert}'
-

We see that a script is called on the remote host that issues the certificate. This is just a simple wrapper around ssh-keygen, which you can see below.

#!/bin/bash
-set -euo pipefail
-IFS=$'\n\t'
-
-host() {
-	CAKEY="$2"
-	PUBKEY="$3"
-	HOST="$4"
-
-	echo "$PUBKEY" > /root/ca/"$HOST".pub
-	ssh-keygen -h -s /root/ca/keys/"$CAKEY" -I "$HOST" -n "$HOST" /root/ca/"$HOST".pub
-	cat /root/ca/"$HOST"-cert.pub
-	rm /root/ca/"$HOST"*.pub
-}
-
-"$1" "$@"
-

Appeasing the Terraform Gods

So nice, we can fetch the SSH host certificate from the CA. We should just be able to use it right? We can, but it brings a big annoyance with it: Terraform will fetch a new certificate every time it is run. This is because the external feature of Terraform is a data source. If we were to use this data source for a Terraform resource, it would need to be updated every time we run Terraform. I have not been able to find a way to avoid fetching the certificate every time, except for writing my own resource provider which I’d rather not. I have, however, found a way to hack around the issue.

The idea is as follows: we can use Terraform’s ignore_changes to, well, ignore any changes of a resource. Unfortunately, we cannot use this for a data source, so we must create a glue null_resource that supports ignore_changes. This is shown in the code snipppet below. We use the triggers property simply to copy the certificate in; we don’t use it for it’s original purpose.

resource "null_resource" "cert" {
-  triggers = {
-    cert = data.external.cert.result["cert"]
-  }
-
-  lifecycle {
-    ignore_changes = [
-      triggers
-    ]
-  }
-}
-

And voilà, we can now use null_resource.cert.triggers["cert"] as our certificate, that won’t trigger replacements in Terraform.

Setting the Host Certificate with Cloud-Init

Terraform’s Libvirt provider has native support for Cloud-Init, which is very handy. We can give the host certificate directly to Cloud-Init and place it on the virtual machine. Inside the Cloud-Init configuration, we can set the ssh_keys property to do this:

ssh_keys:
-  ed25519_private: |
-    ${indent(4, private_key)}
-  ed25519_certificate: "${host_cert}"
-

I hardcoded this to ED25519 keys, because this is all I use.

This works perfectly, and I never have to accept host certificates from virtual machines again.

Caveats

A sharp eye might have noticed the lifecycle of these host certificates is severely lacking. Namely, the deployed host certificates have no expiration date nore is there revocation function. There are ways to implement these, but for my home lab I did not deem this necessary at this point. In a more professional environment, I would suggest using Hashicorp’s Vault.

This project did teach me about the limits and flexibility of Terraform, so all in all a success! All code can be found on the git repository here.

diff --git a/src/_site/index.html b/src/_site/index.html deleted file mode 100644 index 6b45c7f..0000000 --- a/src/_site/index.html +++ /dev/null @@ -1 +0,0 @@ - Pim Kunis
pim

Pim Kunis

A pig's gotta fly

Recent Posts

diff --git a/src/_site/infrastructure-snapshot/index.html b/src/_site/infrastructure-snapshot/index.html deleted file mode 100644 index 9187eca..0000000 --- a/src/_site/infrastructure-snapshot/index.html +++ /dev/null @@ -1,41 +0,0 @@ - Home Lab Infrastructure Snapshot August 2023 - Pim Kunis

Home Lab Infrastructure Snapshot August 2023

I have been meaning to write about the current state of my home lab infrastructure for a while now. Now that the most important parts are quite stable, I think the opportunity is ripe. I expect this post to get quite long, so I might have to leave out some details along the way.

This post will be a starting point for future infrastructure snapshots which I can hopefully put out periodically. That is, if there is enough worth talking about.

Keep an eye out for the icon, which links to the source code and configuration of anything mentioned. Oh yeah, did I mention everything I do is open source?

Networking and Infrastructure Overview

Hardware and Operating Systems

Let’s start with the basics: what kind of hardware do I use for my home lab? The most important servers are my three Gigabyte Brix GB-BLCE-4105. Two of them have 16 GB of memory, and one 8 GB. I named these servers as follows:

  • Atlas: because this server was going to “lift” a lot of virtual machines.
  • Lewis: we started out with a “Max” server named after the Formula 1 driver Max Verstappen, but it kind of became an unmanagable behemoth without infrastructure-as-code. Our second server we subsequently named Lewis after his colleague Lewis Hamilton. Note: people around me vetoed these names and I am no F1 fan!
  • Jefke: it’s a funny Belgian name. That’s all.

Here is a picture of them sitting in their cosy closet:

A picture of my servers.

If you look look to the left, you will also see a Raspberry pi 4B. I use this Pi to do some rudimentary monitoring whether servers and services are running. More on this in the relevant section below. The Pi is called Iris because it’s a messenger for the other servers.

I used to run Ubuntu on these systems, but I have since migrated away to Debian. The main reasons were Canonical putting advertisements in my terminal and pushing Snap which has a proprietry backend. Two of my servers run the newly released Debian Bookworm, while one still runs Debian Bullseye.

Networking

For networking, I wanted hypervisors and virtual machines separated by VLANs for security reasons. The following picture shows a simplified view of the VLANs present in my home lab:

Picture showing the VLANS in my home lab.

All virtual machines are connected to a virtual bridge which tags network traffic with the DMZ VLAN. The hypervisors VLAN is used for traffic to and from the hypervisors. Devices from the hypervisors VLAN are allowed to connect to devices in the DMZ, but not vice versa. The hypervisors are connected to a switch using a trunk link, allows both DMZ and hypervisors traffic.

I realised the above design using ifupdown. Below is the configuration for each hypervisor, which creates a new enp3s0.30 interface with all DMZ traffic from the enp3s0 interface .

auto enp3s0.30
-iface enp3s0.30 inet manual
-iface enp3s0.30 inet6 auto
-	accept_ra 0
-	dhcp 0
-	request_prefix 0
-	privext 0
-	pre-up sysctl -w net/ipv6/conf/enp3s0.30/disable_ipv6=1
-

This configuration seems more complex than it actually is. Most of it is to make sure the interface is not assigned an IPv4/6 address on the hypervisor host. The magic .30 at the end of the interface name makes this interface tagged with VLAN ID 30 (DMZ for me).

Now that we have an interface tagged for the DMZ VLAN, we can create a bridge where future virtual machines can connect to:

auto dmzbr
-iface dmzbr inet manual
-	bridge_ports enp3s0.30
-	bridge_stp off
-iface dmzbr inet6 auto
-	accept_ra 0
-	dhcp 0
-	request_prefix 0
-	privext 0
-	pre-up sysctl -w net/ipv6/conf/dmzbr/disable_ipv6=1
-

Just like the previous config, this is quite bloated because I don’t want the interface to be assigned an IP address on the host. Most importantly, the bridge_ports enp3s0.30 line here makes this interface a virtual bridge for the enp3s0.30 interface.

And voilĂ , we now have a virtual bridge on each machine, where only DMZ traffic will flow. Here I verify whether this configuration works:

Show

We can see that the two virtual interfaces are created, and are only assigned a MAC address and not a IP address:

root@atlas:~# ip a show enp3s0.30
-4: enp3s0.30@enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master dmzbr state UP group default qlen 1000
-    link/ether d8:5e:d3:4c:70:38 brd ff:ff:ff:ff:ff:ff
-5: dmzbr: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
-    link/ether 4e:f7:1f:0f:ad:17 brd ff:ff:ff:ff:ff:ff
-

Pinging a VM from a hypervisor works:

root@atlas:~# ping -c1 maestro.dmz
-PING maestro.dmz (192.168.30.8) 56(84) bytes of data.
-64 bytes from 192.168.30.8 (192.168.30.8): icmp_seq=1 ttl=63 time=0.457 ms
-

Pinging a hypervisor from a VM does not work:

root@maestro:~# ping  -c1 atlas.hyp
-PING atlas.hyp (192.168.40.2) 56(84) bytes of data.
-
---- atlas.hyp ping statistics ---
-1 packets transmitted, 0 received, 100% packet loss, time 0ms
-

DNS and DHCP

Now that we have a working DMZ network, let’s build on it to get DNS and DHCP working. This will enable new virtual machines to obtain a static or dynamic IP address and register their host in DNS. This has actually been incredibly annoying due to our friend Network address translation (NAT).

NAT recap

Network address translation (NAT) is a function of a router which allows multiple hosts to share a single IP address. This is needed for IPv4, because IPv4 addresses are scarce and usually one household is only assigned a single IPv4 address. This is one of the problems IPv6 attempts to solve (mainly by having so many IP addresses that they should never run out). To solve the problem for IPv4, each host in a network is assigned a private IPv4 address, which can be reused for every network.

Then, the router must perform address translation. It does this by keeping track of ports opened by hosts in its private network. If a packet from the internet arrives at the router for such a port, it forwards this packet to the correct host.

I would like to host my own DNS on a virtual machine (called hermes, more on VMs later) in the DMZ network. This basically gives two problems:

  1. The upstream DNS server will refer to the public internet-accessible IP address of our DNS server. This IP-address has no meaning inside the private network due to NAT and the router will reject the packet.
  2. Our DNS resolves hosts to their public internet-accessible IP address. This is similar to the previous problem as the public IP address has no meaning.

The first problem can be remediated by overriding the location of the DNS server for hosts inside the DMZ network. This can be achieved on my router, which uses Unbound as its recursive DNS server:

Unbound overides for kun.is and dmz domains.

Any DNS requests to Unbound to domains in either dmz or kun.is will now be forwarded 192.168.30.7 (port 5353). This is the virtual machine hosting my DNS.

The second problem can be solved at the DNS server. We need to do some magic overriding, which dnsmasq is perfect for :

alias=84.245.14.149,192.168.30.8
-server=/kun.is/192.168.30.7
-

This always overrides the public IPv4 address to the private one. It also overrides the DNS server for kun.is to 192.168.30.7.

Finally, behind the dnsmasq server, I run Powerdns as authoritative DNS server . I like this DNS server because I can manage it with Terraform .

Here is a small diagram showing my setup (my networking teacher would probably kill me for this): Shitty diagram showing my DNS setup.

Virtualization

https://github.com/containrrr/shepherd Now that we have laid out the basic networking, let’s talk virtualization. Each of my servers are configured to run KVM virtual machines, orchestrated using Libvirt. Configuration of the physical hypervisor servers, including KVM/Libvirt is done using Ansible. The VMs are spun up using Terraform and the dmacvicar/libvirt Terraform provider.

This all isn’t too exciting, except that I created a Terraform module that abstracts the Terraform Libvirt provider for my specific scenario :

module "maestro" {
-  source          = "git::https://git.kun.is/home/tf-modules.git//debian"
-  name            = "maestro"
-  domain_name     = "tf-maestro"
-  memory          = 10240
-  mac             = "CA:FE:C0:FF:EE:08"
-}
-

This automatically creates a Debian virtual machines with the properties specified. It also sets up certificate-based SSH authentication which I talked about before.

Clustering

With virtualization explained, let’s move up one level further. Each of my three physical servers hosts a virtual machine running Docker, which together form a Docker Swarm. I use Traefik as a reverse proxy which routes requests to the correct container.

All data is hosted on a single machine and made available to containers using NFS. This might not be very secure (as NFS is not encrypted and no proper authentication), it is quite fast.

As of today, I host the following services on my Docker Swarm :

CI / CD

For CI / CD, I run Concourse CI in a separate VM. This is needed, because Concourse heavily uses containers to create reproducible builds.

Although I should probably use it for more, I currently use my Concourse for three pipelines:

  • A pipeline to build this static website and create a container image of it. The image is then uploaded to the image registry of my Forgejo instance. I love it when I can use stuff I previously built :) The pipeline finally deploys this new image to the Docker Swarm .
  • A pipeline to create a Concourse resource that sends Apprise alerts (Concourse-ception?)
  • A pipeline to build a custom Fluentd image with plugins installed

Backups

To create backups, I use Borg. As I keep all data on one machine, this backup process is quite simple. In fact, all this data is stored in a single Libvirt volume. To configure Borg with a simple declarative script, I use Borgmatic.

In order to back up the data inside the Libvirt volume, I create a snapshot to a file. Then I can mount this snapshot in my file system. The files can then be backed up while the system is still running. It is also possible to simply back up the Libvirt image, but this takes more time and storage .

Monitoring and Alerting

The last topic I would like to talk about is monitoring and alerting. This is something I’m still actively improving and only just set up properly.

Alerting

For alerting, I wanted something that runs entirely on my own infrastructure. I settled for Apprise + Ntfy.

Apprise is a server that is able to send notifications to dozens of services. For application developers, it is thus only necessary to implement the Apprise API to gain access to all these services. The Apprise API itself is also very simple. By using Apprise, I can also easily switch to another notification service later. Ntfy is free software made for mobile push notifications.

I use this alerting system in quite a lot of places in my infrastructure, for example when creating backups.

Uptime Monitoring

The first monitoring setup I created, was using Uptime Kuma. Uptime Kuma periodically pings a service to see whether it is still running. You can do a literal ping, test HTTP response codes, check database connectivity and much more. I use it to check whether my services and VMs are online. And the best part is, Uptime Kuma supports Apprise so I get push notifications on my phone whenever something goes down!

Metrics and Log Monitoring

A new monitoring system I am still in the process of deploying is focused on metrics and logs. I plan on creating a separate blog post about this, so keep an eye out on that (for example using RSS :)). Safe to say, it is no basic ELK stack!

Conclusion

That’s it for now! Hopefully I inspired someone to build something
 or how not to :)

diff --git a/src/_site/infrastructure-snapshot/nat.png b/src/_site/infrastructure-snapshot/nat.png deleted file mode 100644 index 0d5f72c..0000000 Binary files a/src/_site/infrastructure-snapshot/nat.png and /dev/null differ diff --git a/src/_site/infrastructure-snapshot/servers.jpeg b/src/_site/infrastructure-snapshot/servers.jpeg deleted file mode 100644 index b269484..0000000 Binary files a/src/_site/infrastructure-snapshot/servers.jpeg and /dev/null differ diff --git a/src/_site/infrastructure-snapshot/unbound_overrides.png b/src/_site/infrastructure-snapshot/unbound_overrides.png deleted file mode 100644 index f94394f..0000000 Binary files a/src/_site/infrastructure-snapshot/unbound_overrides.png and /dev/null differ diff --git a/src/_site/infrastructure-snapshot/vlans.png b/src/_site/infrastructure-snapshot/vlans.png deleted file mode 100644 index 7bf4add..0000000 Binary files a/src/_site/infrastructure-snapshot/vlans.png and /dev/null differ diff --git a/src/_site/its-alive/index.html b/src/_site/its-alive/index.html deleted file mode 100644 index ed3f035..0000000 --- a/src/_site/its-alive/index.html +++ /dev/null @@ -1 +0,0 @@ - It's alive! - Pim Kunis

It's alive!

Finally, after several months this website is up and running again!

My homelab has completely changed, but the reason why it initially went offline is because of my failing CI installation. I was using Concourse CI which I was initially interested in due to the reproducible nature of its builds using containers. However, for some reason pipelines were sporadically getting stuck when I reboot the virtual machine it was running on. The fix was very annoying: I had to re-create the pipelines manually (which feels very backwards for a CI/CD system!) Additionally, my virtual machine setup back then was also quite fragile and I decided to get rid of that as well.

I have learned that having an escape hatch to deploy something is probably a good idea 😅 Expect a new overview of my homelab soon, in the same vein as this post from last year!

diff --git a/src/_site/now.json b/src/_site/now.json deleted file mode 100644 index b6dcfd5..0000000 --- a/src/_site/now.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "version": 2, - "routes": [ - { "handle": "filesystem" }, - { "src": "/.*", "status": 404, "dest": "404.html" } - ] -} diff --git a/src/_site/robots.txt b/src/_site/robots.txt deleted file mode 100644 index d297064..0000000 --- a/src/_site/robots.txt +++ /dev/null @@ -1 +0,0 @@ -Sitemap: http://localhost:4000/sitemap.xml diff --git a/src/_site/sitemap.xml b/src/_site/sitemap.xml deleted file mode 100644 index cf9eeba..0000000 --- a/src/_site/sitemap.xml +++ /dev/null @@ -1,51 +0,0 @@ - - - -http://localhost:4000/homebrew-ssh-ca/ -2023-05-23T11:14:00+02:00 - - -http://localhost:4000/virtio-9p-experiences/ -2023-05-31T14:18:00+02:00 - - -http://localhost:4000/concourse-apprise-notifier/ -2023-06-14T23:39:00+02:00 - - -http://localhost:4000/ansible-edit-grub/ -2023-06-19T09:31:00+02:00 - - -http://localhost:4000/backup-failure/ -2023-08-08T11:51:00+02:00 - - -http://localhost:4000/fluent-bit-memory/ -2023-08-09T16:19:00+02:00 - - -http://localhost:4000/hashicorp-license-change/ -2023-08-17T18:15:00+02:00 - - -http://localhost:4000/infrastructure-snapshot/ -2023-08-27T22:23:00+02:00 - - -http://localhost:4000/its-alive/ -2024-04-21T10:02:00+02:00 - - -http://localhost:4000/about/ - - -http://localhost:4000/archive/ - - -http://localhost:4000/ - - -http://localhost:4000/tags/ - - diff --git a/src/_site/tags/index.html b/src/_site/tags/index.html deleted file mode 100644 index b321f96..0000000 --- a/src/_site/tags/index.html +++ /dev/null @@ -1 +0,0 @@ - Tags - Pim Kunis

Tags.

all
diff --git a/src/_site/virtio-9p-experiences/index.html b/src/_site/virtio-9p-experiences/index.html deleted file mode 100644 index d37388a..0000000 --- a/src/_site/virtio-9p-experiences/index.html +++ /dev/null @@ -1,3 +0,0 @@ - My Experiences with virtio-9p - Pim Kunis

My Experiences with virtio-9p

When I was scaling up my home lab, I started thinking more about data management. I hadn’t (and still haven’t) set up any form of network storage. I have, however, set up a backup mechanism using Borg. Still, I want to operate lots of virtual machines, and backing up each one of them separately seemed excessive. So I started thinking, what if I just let the host machines back up the data? After all, the amount of physical hosts I have in my home lab is unlikely to increase drastically.

The Use Case for Sharing Directories

I started working out this idea further. Without network storage, I needed a way for guest VMs to access the host’s disks. Here there are two possibilities, either expose some block device or a file system. Creating a whole virtual disk for just the data of some VMs seemed wasteful, and from my experiences also increases backup times dramatically. I therefore searched for a way to mount a directory from the host OS on the guest VM. This is when I stumbled upon this blog post talking about sharing directories with virtual machines.

Sharing Directories with virtio-9p

virtio-9p is a way to map a directory on the host OS to a special device on the virtual machine. In virt-manager, it looks like the following: picture showing virt-manager configuration to map a directory to a VM Under the hood, virtio-9p uses the 9pnet protocol. Originally developed at Bell Labs, support for this is available in all modern Linux kernels. If you share a directory with a VM, you can then mount it. Below is an extract of my /etc/fstab to automatically mount the directory:

data	/mnt/data	9p	trans=virtio,rw	0	0
-

The first argument (data) refers to the name you gave this share from the host With the trans option we specify that this is a virtio share.

Problems with virtio-9p

At first I had no problems with my setup, but I am now contemplating just moving to a network storage based setup because of two problems.

The first problem is that some files have suddenly changed ownership from libvirt-qemu to root. If the file is owned by root, the guest OS can still see it, but cannot access it. I am not entirely sure the problem lies with virtio, but I suspect it is. For anyone experiencing this problem, I wrote a small shell script to revert ownership to the libvirt-qemu user:

find -printf "%h/%f %u\n"  | grep root | cut -d ' ' -f1 | xargs chown libvirt-qemu:libvirt-qemu
-

Another problem that I have experienced, is guests being unable to mount the directory at all. I have only experienced this problem once, but it was highly annoying. To fix it, I had to reboot the whole physical machine.

Alternatives

virtio-9p seemed like a good idea, but as discussed, I had some problems with it. It seems virtioFS might be a an interesting alternative as it is designed specifically for sharing directories with VMs.

As for me, I will probably finally look into deploying network storage either with NFS or SSHFS.

diff --git a/src/_site/virtio-9p-experiences/virt-manager.png b/src/_site/virtio-9p-experiences/virt-manager.png deleted file mode 100644 index 8567efb..0000000 Binary files a/src/_site/virtio-9p-experiences/virt-manager.png and /dev/null differ diff --git a/src/about.md b/src/about.md index 292ca93..603c174 100644 --- a/src/about.md +++ b/src/about.md @@ -2,8 +2,24 @@ title: Me permalink: /about/ layout: page -excerpt: Free PIIs +excerpt: About me comments: false --- -Here I might post some personally identifiable information. +Welcome to my humble blog! 👋 +I write technical posts with the intention of either documenting problems I have solved or showing off stuff I built. + +My passion is self-hosting in my home lab with these important goals: +- **Data sovereignty, privacy and autonomy**: Nowadays our data is increasingly in the hands of companies. This is problematic because these companies have but one goal: to make money, oftentimes using the data you entrust them. Worse still, these companies are not scared of barring you from your own data (see [this link](https://archive.is/saQXe) for example). These facts have made it abundantly clear we need to have full control over our own data. +- **Expanding knowledge for my professional life**: Diving into new technologies without the risk of breaking important systems is in my opinion one of the best methods to learn. Actually, breaking things is the best way to learn! Stuff breaks (usually) because you don't fully understand it, and these failures are therefore very valuable. +- **Fun**: 😀 + +Infrastructure as Code (IaC) is the most important principle I adhere to when building my home lab. +With IaC, all (digital) infrastructure and systems are defined in code that can be automatically rolled out. +Ansible is probably the most used IaC tool out there, but it has a huge problem: it suffers from configuration drift. +You can create a task in Ansible to install a package, but if you remove this task, the package remains. +At this point, your configuration does not reflect reality anymore. + +What is the solution to this configuration drift? Nix and NixOS! +NixOS will always make sure you machine is in the exact state you define in your configuration. +My current Linux systems now all run NixOS and I have no intention of ever going back! diff --git a/src/ideas.md b/src/ideas.md new file mode 100644 index 0000000..52b76a5 --- /dev/null +++ b/src/ideas.md @@ -0,0 +1,9 @@ +--- +title: Ideas +permalink: /ideas/ +layout: page +excerpt: Plans for the future +comments: false +--- + +🏗 Under construction 🏗 diff --git a/src/now.md b/src/now.md new file mode 100644 index 0000000..182348e --- /dev/null +++ b/src/now.md @@ -0,0 +1,9 @@ +--- +title: Now +permalink: /now/ +layout: page +excerpt: Things I am working on now +comments: false +--- + +🏗 Under construction 🏗