Added playbooks sub-dirs

playbooks/examples/ansible_facts.fqdn.playbook.yaml

@@ -0,0 +1,11 @@
+---
+  - name: "Get ansible_facts.fqdn"
+    hosts: all
+    gather_facts: yes
+    become: true
+    #    collections:
+    #     - ansible.posix
+    tasks:
+      - name: "get ansible_facts.fqdn"
+        debug:
+          msg: " {{ ansible_facts.fqdn }}"

playbooks/examples/copy_file_to_hosts.yaml

@@ -0,0 +1,13 @@
+---
+  - name: Copy a specified file to hosts
+    hosts: "***CONTENTS REDACTED***.edu"
+    gather_facts: no
+    become: true
+    tasks:
+      - name: perform copy
+        copy:
+          src: ~/install_packages/users.fact
+          dest: /etc/ansible/facts.d/
+          owner: Ansible
+          group: wheel
+          mode: 0755

playbooks/examples/determine_firewall.yaml

@@ -0,0 +1,45 @@
+---
+  - name: "Update firewall rules for Zabbix agent"
+    hosts: all
+    gather_facts: True
+    become: true
+
+    tasks:
+
+      - name: Gather package facts
+        package_facts:
+          manager: auto
+
+      - name: Populate systemd service_facts
+        service_facts:
+#
+#################################
+# Determine and set the firewall method
+      - name: Set variable to indicate which firewall method is being used by a systemd
+        set_fact:
+          FW_METHOD: "ufw"
+        when: "'ufw' in ansible_facts.packages"
+
+      - name: Set variable to indicate which firewall method is being used by a systemd
+        set_fact:
+          FW_METHOD: "iptables"
+        when: "'iptables' in ansible_facts.packages"
+
+      - name: Set variable to indicate which firewall method is being used by a systemd
+        set_fact:
+          FW_METHOD: "firewalld"
+        when:
+          - ansible_facts.distribution_file_variety != "Debian"
+          - ansible_facts.services['firewalld.service']['status'] == 'enabled' or ansible_facts.services['firewalld.service']['status'] == 'running'
+
+
+      - name: Set variable to indicate which firewall method is being used by a systemd
+        set_fact:
+          FW_METHOD: "firewalld"
+        when:
+          - ansible_facts.distribution_file_variety != "Debian"
+          - ansible_facts.services['iptables.service']['status'] == 'enabled' or ansible_facts.services['iptables.service']['status'] == 'running'
+
+      - name: Show value of FW_METHOD
+        debug:
+          msg: FW_METHOD is "{{ FW_METHOD }}"

playbooks/examples/find_a_file.yaml

@@ -0,0 +1,20 @@
+---
+  - name: find a specific file across hosts and return its host and path
+    hosts: all
+    collections:
+      ansible.posix
+    gather_facts: no
+    become: true
+    tasks:
+      - name: run find command
+        find:
+          file_type: file
+        #  excludes: '/tmp,/sbin,/bin,/run,/media,/mnt,/proc,lost+found,/lib,/lib64,/srv,/sys,/boot,/dev'
+          paths: /home,/root
+          recurse: yes
+          patterns: '*update.sh*'
+          use_regex: no
+        register: output
+
+      - debug: var=item.path
+        with_items: "{{ output.files }}"

playbooks/examples/gather_facts.playbook.yaml

@@ -0,0 +1,14 @@
+---
+- name: Gather facts about an inventory
+  hosts: all
+  gather_facts: true
+  become: false
+  tasks:
+    - debug:
+        var: ansible_virtualization_role
+    - debug:
+        var: ansible_virtualization_type
+    - debug:
+        var: ansible_product_name
+    - debug:
+        var: ansible_product_serial

playbooks/examples/iptables.yaml

@@ -0,0 +1,115 @@
+---
+  - name: "Example of a working iptables playbook"
+    hosts: all
+#      - "*IPTables"
+    gather_facts: True
+    become: true
+# Put the IPs/hostnames of Zabbix servers and proxies here:
+    vars:
+      MONSRC:
+      - ***CONTENTS REDACTED***
+      - ***CONTENTS REDACTED***
+      - 10.***CONTENTS REDACTED***
+      MONSRCRANGE:
+      - ***CONTENTS REDACTED***
+      - ***CONTENTS REDACTED***
+
+    tasks:
+      - name: "msg print to stdout: Debug ansible_facts"
+        debug:
+          msg:
+#            - "{{ ansible_facts.service_mgr }}"
+            - ansible_facts.distribution "{{ ansible_facts.distribution }}"
+            - ansible_facts.distribution_major_version "{{ ansible_facts.distribution_major_version }}"
+            - ansible_facts.distribution_file_variety "{{ ansible_facts.distribution_file_variety }}"
+            #- "{{  ansible_facts.services_iptables'].state  }}"
+            #- ansible_facts.services "{{ ansible_facts.services }}"
+
+      - name: Show MONSRC variables
+        debug:
+          msg: "MONSRCs: {{ MONSRC[0-2] }}"
+
+      - name: Show MONSRCRANGE variables
+        debug:
+          msg: "MONSRCRANGEs: {{ MONSRCRANGE[0-2] }}"
+
+      - name: Populate systemd service_facts
+        service_facts:
+
+      - debug:
+          msg:
+            - ansible_facts.services['firewalld.service'] "{{ ansible_facts.services['firewalld.service'] }}"
+        when: "'firewalld.service' in services"
+
+      - debug:
+          msg:
+            - ansible_facts.services['iptables.service'] "{{ ansible_facts.services['iptables.service'] }}"
+        when: "'iptables.service' in services"
+
+
+      - debug:
+          msg:
+            -  ansible_all_ipv4_addresses "{{ ansible_all_ipv4_addresses}}"
+
+      - name: Open 10050/tcp from $MONSRC0 ("{{ MONSRC[0] }}") if iptables.service is enabled
+        iptables:
+          action: insert
+          chain: INPUT
+          source: "{{ MONSRC[0] }}"
+          protocol: tcp
+          destination_port: 10050:10051
+          state: present
+          jump: ACCEPT
+        when: ansible_facts.services['iptables.service']['status'] == 'enabled'
+
+      - name: Open 10050/tcp from $MONSRC1 ("{{ MONSRC[1] }}") if iptables.service is enabled
+        iptables:
+          action: insert
+          chain: INPUT
+          source:  "{{ MONSRC[1] }}"
+          protocol: tcp
+          destination_port: 10050:10051
+          state: present
+          jump: ACCEPT
+        when: ansible_facts.services['iptables.service']['status'] == 'enabled'
+
+      - name: Open 10050/tcp from $MONSRC2 ("{{ MONSRC[2] }}") if iptables.service is enabled AND IP contains 10.***CONTENTS REDACTED***
+        iptables:
+          action: insert
+          chain: INPUT
+          source:  "{{ MONSRC[2] }}"
+          protocol: tcp
+          destination_port: 10050:10051
+          state: present
+          jump: ACCEPT
+        when:
+          - ansible_facts.services['iptables.service']['status'] == 'enabled'
+          - ansible_all_ipv4_addresses is search("10.***CONTENTS REDACTED***")
+
+      - name: Open 10050/tcp from $MONSRCRANGE0 ("{{ MONSRCRANGE[0] }}") if iptables.service is enabled
+        iptables:
+          action: insert
+          chain: INPUT
+          src_range:  "{{ MONSRCRANGE[0] }}"
+          protocol: tcp
+          destination_port: 10050:10051
+          state: present
+          jump: ACCEPT
+        when: ansible_facts.services['iptables.service']['status'] == 'enabled'
+
+      - name: Open 10050/tcp from $MONSRCRANGE1 ("{{ MONSRCRANGE[1] }}") if iptables.service is enabled
+        iptables:
+          action: insert
+          chain: INPUT
+          src_range:  "{{ MONSRCRANGE[1] }}"
+          protocol: tcp
+          destination_port: 10050:10051
+          state: present
+          jump: ACCEPT
+        when: ansible_facts.services['iptables.service']['status'] == 'enabled'
+
+      - name: Save current state of the firewall in system file if iptables is enabled
+        iptables_state:
+          state: saved
+          path: /etc/sysconfig/iptables
+        when: ansible_facts.services['iptables.service']['status'] == 'enabled'

playbooks/examples/just_gather_facts.playbook.yaml

@@ -0,0 +1,12 @@
+---
+  - name: "Gather ansible_facts"
+    hosts: all
+    gather_facts: yes
+    become: true
+    #    collections:
+    #     - ansible.posix
+    tasks:
+      - name: "msg print to stdout: Debug ansible_facts"
+        debug:
+          msg:
+            - "{{ ansible_facts }}"

playbooks/examples/package_facts-module.yaml

@@ -0,0 +1,30 @@
+---
+  - name: "Gather the package facts ansible.builtin.package_facts"
+    hosts: all
+    gather_facts: True
+    become: true
+
+    tasks:
+
+      - name: Gather the package facts
+        package_facts:
+          manager: auto
+
+      - name: Print the package facts
+        debug:
+          var: ansible_facts.packages
+
+      - name: Check whether a package called firewalld is installed
+        ansible.builtin.debug:
+          msg: "{{ ansible_facts.packages['firewalld'] | length }} versions of firewalld are installed!"
+        when: "'firewalld' in ansible_facts.packages"
+
+      - name: Check whether a package called aerhaewrhqwet is installed (True/false)
+        ansible.builtin.debug:
+          msg: "True"
+        when: "'aerhaewrhqwet' in ansible_facts.packages"
+
+      - name: Check whether a package called aerhaewrhqwet is installed (true/False)
+        ansible.builtin.debug:
+          msg: "False"
+        when: "'aerhaewrhqwet' not in ansible_facts.packages"

playbooks/examples/ping.yaml

@@ -0,0 +1,10 @@
+---
+- name: Simple test ping playbook
+  hosts: all
+  gather_facts: true
+  become: True
+  #vars_files:
+  tasks:
+
+  - name: Example from an Ansible Playbook
+    ping:

playbooks/examples/remove_package.yaml

@@ -0,0 +1,19 @@
+---
+  - name: "Removes a package using yum/dnf/apt"
+    hosts: all
+    gather_facts: True
+    become: true
+    tasks:
+#      - name: "msg print to stdout: Debug ansible_facts"
+#        debug:
+#          msg:
+#            - "{{ ansible_facts.service_mgr }}"
+#            - "{{ ansible_facts }}"
+#      - name: Populate systemd service_facts
+#        service_facts:
+
+      - name: Remove package using "package" module
+        package:
+          name: zabbix-agent
+          state: absent
+        #when: ansible_facts['os_family'] != "RedHat" and ansible_facts['distribution_major_version'] != 7 and (ansible_facts['distribution'] == 'RedHat') and (ansible_facts['distribution_major_version'] == '9')

playbooks/examples/run_bash_script_on_remote_hosts.yaml

@@ -0,0 +1,8 @@
+---
+  - name: Transfer and execute a script.
+    hosts: all
+    become: true
+    tasks:
+
+       - name: Copy and Execute the script
+         script: ~/playbooks/CheckMK_server/add_on_target_using_api.sh

playbooks/examples/sample_playbook-OPNSense.yaml

@@ -0,0 +1,14 @@
+---
+- hosts: localhost
+  gather_facts: no
+  module_defaults:
+    ansibleguy.opnsense.list:
+    firewall: 'OPN-A.***CONTENTS REDACTED***'
+    api_credential_file: 'include/OPN-A***CONTENTS REDACTED***'
+    ssl_ca_file: 'include/***CONTENTS REDACTED***AB-CA.crt'
+    ssl_verify: false
+
+  tasks:
+    - name: Pull updates
+      ansibleguy.opnsense.system:
+        action: 'update'

playbooks/examples/show_ansible_facts.yaml

@@ -0,0 +1,30 @@
+---
+  - name: Show certain ansible_facts
+    hosts: CentOS7-TEST
+    gather_facts: yes
+    become: true
+    tasks:
+#      - name: "distribution"
+#        debug:
+#          var: ansible_facts["distribution"]
+#        tags: distro
+#      - name: "distribution_version"
+#        debug:
+#          var: ansible_facts["distribution_version"]
+#        tags: distrov
+      - name: "distribution_major_version"
+        debug:
+          var: ansible_facts["distribution_major_version"]
+        tags: distromajorv
+#      - name: "distribution_release"
+#        debug:
+#          var: ansible_facts["distribution_release"]
+#        tags: distrorelease
+      - name: "os_family"
+        debug:
+          var: ansible_facts["os_family"]
+#        tags: distrofamily
+#      - name: "pkg_mgr"
+#        debug:
+#          var: ansible_facts["pkg_mgr"]
+#        tags: distropkgmgr

playbooks/general_administration/certificates/CONTENTS_REDACTED.TLD_wildcard.yaml

@@ -0,0 +1,16 @@
+# Given a leaf certificate for www.ansible.com and one or more intermediate
+# certificates, finds the associated root certificate.
+- name: Find root certificate
+  community.crypto.certificate_complete_chain:
+    input_chain: "{{ lookup('ansible.builtin.file', '/etc/ssl/csr/***CONTENTS REDACTED***-fullchain.pem') }}"
+    root_certificates:
+    - /etc/ca-certificates/
+  register: www_ansible_com
+- name: Write root certificate to disk
+  ansible.builtin.copy:
+    dest: /etc/ssl/csr/***CONTENTS REDACTED***-root.pem
+    content: "{{ www_ansible_com.root }}"
+
+/etc/ssl/certs/***CONTENTS REDACTED***.cert
+/etc/ssl/private/***CONTENTS REDACTED***.edu.key
+/etc/ssl/certs/***CONTENTS REDACTED***.edu-cabundle.pem

playbooks/general_administration/certificates/README.md

@@ -0,0 +1,10 @@
+Ansible playbook to run against systems needing the ***CONTENTS REDACTED***.edu wildcard certificate updated.  06-18-2024
+
+Run by specifying the host instead of an entire inventory:
+  >$ ansible-playbook -i inventories/inventories/***CONTENTS REDACTED***
+
+Files:
+  >$ include/**CONTENTS REDACTED**.cert		#Just the certificate file. Begins and ends with a "BEGIN" and "END" statement. ~2.5Kb
+  >$ include/**CONTENTS REDACTED**.key		#Just the private key file. Begins and ends with a "BEGIN" and "END" statement. ~1.7Kb.
+  >$ include/**CONTENTS REDACTED***.pem		#Both the certificate file and key file from above concatenated together. For HAProxy.
+  >$ include/**CONTENTS REDACTED***.pem		#The certificate "full chain." Will contain 

playbooks/general_administration/certificates/include/REDACTED.TLD-cert-key.pem

@@ -0,0 +1 @@
+***CONTENTS REDACTED***

playbooks/general_administration/certificates/include/REDACTED.TLD-chain.pem

@@ -0,0 +1 @@
+***CONTENTS REDACTED***

playbooks/general_administration/certificates/include/REDACTED.TLD-full.pem

@@ -0,0 +1 @@
+***CONTENTS REDACTED***

playbooks/general_administration/certificates/include/REDACTED.TLD.cert

@@ -0,0 +1 @@
+***CONTENTS REDACTED***

playbooks/general_administration/certificates/include/REDACTED.TLD.key

@@ -0,0 +1 @@
+***CONTENTS REDACTED***

playbooks/general_administration/certificates/include/redacted.TLD-bundle.pem

@@ -0,0 +1 @@
+***CONTENTS REDACTED***

playbooks/general_administration/certificates/update_domain_wildcard.yaml

@@ -0,0 +1,374 @@
+---
+# Update _domain wildcard certificate and private key on web servers running Apache, Gitlab, Nginx & Tomcat"
+
+  - name: "Apache group: set group-wide variables"
+    hosts: apache
+    vars:
+      new_cert: "include/current/_domain.cert"
+      new_bundle: "include/current/root-chain_domain.pem"
+      new_fullchain_root_bundle: "include/current/fullchain_bundle_domain.pem"
+      new_private_key: "include/current/_domain.key"
+    ##########################################################################
+      apache_config_test_command: "apachectl -t"
+      apache_apply_command: "systemctl reload httpd.service"
+    tasks:
+      - name: "Apache group: dump group-wide variables"
+        debug:
+          msg:
+            - "host is: {{ ansible_host }}"
+            - "Group from inventory file is: {{ group_names }} "
+            - "------------------------------------------------------------------"
+            - "new_cert is: {{ new_cert }}"
+            - "new_bundle is: {{ new_bundle }}"
+            - "new_fullchain_root_bundle is: {{ new_fullchain_root_bundle }}"
+            - "new_private_key is: {{ new_private_key }}"
+            - "------------------------------------------------------------------"
+            - "apache_config_test_command is: {{ apache_config_test_command }}"
+            - "apache_apply_command is: {{ apply_command }}"
+      - name: "Apache group: dump host-specific variables"
+        debug:
+          msg:
+            - "host is: {{ ansible_host }}"
+            - "--- Running for group apache only ---"
+            - "------------------------------------------------------------------"
+            - "cert_path is: {{ cert_path }}"
+            - "private_key_path is: {{ private_key_path }}"
+            - "post_test_command is: {{ post_test_command }}"
+            - "webserver_hostname is: {{ webserver_hostname }}"
+            - "------------------------------------------------------------------"
+      - name: "Apache group: dump OPTIONAL host-specific variable: root_bundle_path"
+        debug:
+          msg:
+            - "host is: {{ ansible_host }}"
+            - "--- Running for group apache only ---"
+            - "root_bundle_path is: {{ root_bundle_path }}"
+        when: root_bundle_path is defined
+################# copy cert section ##########
+      - name: "Apache hosts: Copy the new certificate file"
+        copy:
+          backup: true
+          src: "{{ new_cert }}"
+          dest: "{{ cert_path }}"
+      - name: "Apache: Copy the intermediate certs file"
+        copy:
+          backup: true
+          src: "{{ new_bundle }}"
+          dest: "{{ root_bundle_path }}"
+        when: root_bundle_path is defined
+      - name: "Apache: Copy the private key"
+        copy:
+          backup: true
+          src: "{{ new_private_key }}"
+          dest: "{{ private_key_path }}"
+
+################# test section ##############
+      - name: "Apache: run apache_config_test_command and register output"
+        command: "{{ apache_config_test_command }}"
+        register: apache_config_test_result
+        ignore_errors: yes
+      - debug:
+          msg: "{{ apache_config_test_result.stderr }}"
+      - name: "Set test_outcome to pass if criteria are met"
+        set_fact:
+          config_test_outcome: pass
+        when: '"Syntax OK" in apache_config_test_result.stderr'
+        ignore_errors: yes
+
+      - debug:
+          msg: "{{ config_test_outcome }}"
+        ignore_errors: yes
+
+#################### restart embedded nginx if test is ok $$$$$$$$$
+      - name: "Apache: restart apache if config test is successful"
+        command: "{{ apache_apply_command }}"
+        when: config_test_outcome == "pass"
+        ignore_errors: yes
+      - name: "Apache: fail if config test is NOT successful"
+        debug:
+          msg:
+            - '======================================================================================'
+            - '===                                       !!!FAILURE!!!'
+            - '=== APACHE CONFIG MODIFICATIONS ON "{{ inventory_hostname }}"AT"{{ ansible_host }}" FAILED.'
+            - '===   THESE WILL HAVE TO BE FIXED MANUALLY. THESE FILES WERE MODIFIED but also backed up:'
+            - '==='
+            - ===  "{{ cert_path }}"
+            - ===  "{{ root_bundle_path }}"
+            - ===  "{{ private_key_path }}"
+            - "===  *** The actual apache configuration wasn't changed, just the cert & key files the config points to."
+            - "======================================================================================="
+        when: config_test_outcome is undefined
+
+      - name: "Get new cert info by contacting site locally"
+        get_certificate:
+          host: "{{ ansible_host }}"
+          port: "{{ webserver_port }}"
+          server_name: "{{ webserver_hostname }}"
+        register: new_cert_info
+        delegate_to: localhost
+        when: config_test_outcome == "pass"
+
+      - name: "Show results of locally connecting to remote site"
+        debug:
+          msg:
+            - "New cert expires in: {{ new_cert_days_left }} days."
+        vars:
+          new_cert_days_left: >-
+            {{ (
+              (new_cert_info.not_after | ansible.builtin.to_datetime('%Y%m%d%H%M%SZ')) -
+              (ansible_date_time.iso8601 | ansible.builtin.to_datetime('%Y-%m-%dT%H:%M:%SZ'))
+            ).days }}
+        register: new_cert_days_left
+        when: config_test_outcome == "pass"
+
+      - name: "set_fact from this host's test outputs to display at end of playbook run"
+        set_fact:
+          changed_site_hostname_and_new_exp_date: "{{ webserver_hostname }} {{ new_cert_days_left }}"
+        when: config_test_outcome == "pass"
+
+
+  - name: "Gitlab group: set group-wide variables"
+    hosts: gitlab
+    vars:
+      new_bundle: "include/current/root-chain_domain.pem"
+      new_fullchain_root_bundle: "include/current/fullchain_bundle_domain.pem"
+      new_private_key: "include/current/_domain.key"
+      gitlab_apply_command: "gitlab-ctl restart nginx"
+      #gitlab_apply_command: " gitlab-ctl hup nginx;  gitlab-ctl hup registry"
+
+    tasks:
+      - name: "GitLab group: dump group-wide variables"
+        debug:
+          msg:
+            - "host is: {{ ansible_host }}"
+            - "This is only showing info from GitLab group"
+            - "------------------------------------------------------------------"
+            - "new_bundle is: {{ new_bundle }}"
+            - "new_fullchain_root_bundle is: {{ new_fullchain_root_bundle }}"
+            - "new_private_key is: {{ new_private_key }}"
+
+      - name: "Gitlab group: dump host-specific variables"
+        debug:
+          msg:
+            - "host is: {{ ansible_host }}"
+            - "This is only showing info from GitLab group"
+            - "------------------------------------------------------------------"
+            - "fullchain_root_bundle_path is: {{ fullchain_root_bundle_path }}"
+            - "private_key_path path is: {{ private_key_path }}"
+            - "------------------------------------------------------------------"
+            - "gitlab_nginx_config_test_command is: {{ gitlab_nginx_config_test_command }}"
+            - "healthcheck_url is: {{ healthcheck_url }}"
+            - "new_fullchain_root_bundle is: {{ new_fullchain_root_bundle }}"
+            - "fullchain_root_bundle_path is: {{ fullchain_root_bundle_path }}"
+
+############# copy new cert files ##############
+      - name: "GitLab hosts: Copy the new_fullchain_root_bundle"
+        copy:
+          backup: true
+    #      follow: true
+          src: "{{ new_fullchain_root_bundle }}"
+          dest: "{{ fullchain_root_bundle_path }}"
+      - name: "GitLab: Copy the private key"
+        copy:
+          backup: true
+          src: "{{ new_private_key }}"
+          dest: "{{ private_key_path }}"
+
+################# test section ##############
+      - name: "GitLab: run embedded nginx config check command and register output"
+        command: "{{ gitlab_nginx_config_test_command }}"
+        register: gitlab_nginx_config_test_result
+        ignore_errors: yes
+
+      - name: "Dump output from gitlab_nginx_config_test_result"
+        debug:
+          msg: "gitlab_nginx_config_test_result is {{ gitlab_nginx_config_test_result }}"
+
+      - name: "Dump gitlab_nginx_config_test_result"
+        debug:
+          msg: "gitlab_nginx_config_test_result is {{ gitlab_nginx_config_test_result }}"
+
+      - name: "dump gitlab_nginx_config_test_result.stderr"
+        debug:
+          msg: "{{ gitlab_nginx_config_test_result.stderr }}"
+      - name: "Set test_outcome to pass if criteria are met"
+        set_fact:
+          config_test_outcome: pass
+        when: '"test is successful" in gitlab_nginx_config_test_result.stderr'
+        ignore_errors: yes
+
+      - debug:
+          msg: "{{ config_test_outcome }}"
+        ignore_errors: yes
+
+      - name: "Get new cert info by contacting site remotely"
+        get_certificate:
+          host: "{{ ansible_host }}"
+          port: "{{ webserver_port }}"
+          server_name: "{{ webserver_hostname }}"
+        register: new_cert_info
+        delegate_to: localhost
+        when: config_test_outcome == "pass"
+
+      - name: "Show results of remotely connecting to remote site"
+        debug:
+          msg:
+            - "New cert expires in: {{ new_cert_days_left }} days."
+        vars:
+          new_cert_days_left: >-
+            {{ (
+              (new_cert_info.not_after | ansible.builtin.to_datetime('%Y%m%d%H%M%SZ')) -
+              (ansible_date_time.iso8601 | ansible.builtin.to_datetime('%Y-%m-%dT%H:%M:%SZ'))
+            ).days }}
+        register: new_cert_days_left
+        when: config_test_outcome == "pass"
+
+      - name: "set_fact from this host's test outputs to display at end of playbook run"
+        set_fact:
+          changed_site_hostname_and_new_exp_date: "{{ webserver_hostname }} {{ new_cert_days_left }}"
+        when: config_test_outcome == "pass"
+
+################## apply changes if successful ###############
+      - name: "GitLab: restart GitLab embedded Nginx if config test is successful"
+        command: "{{ gitlab_apply_command }}"
+        when: config_test_outcome == "pass"
+        ignore_errors: yes
+
+########## nginx group ###################################################################################################################
+  - name: "Nginx group: set group-wide variables"
+    hosts: nginx
+    vars:
+      new_bundle: "include/current/root-chain_domain.pem"
+      new_fullchain_root_bundle: "include/current/fullchain_bundle_domain.pem"
+      new_private_key: "include/current/_domain.key"
+      nginx_config_test_command: "nginx -t -c /etc/nginx/nginx.conf"
+      nginx_apply_command: "systemctl reload nginx.service"
+
+    tasks:
+      - name: "nginx group: dump group-wide variables"
+        debug:
+          msg:
+            - "host is: {{ ansible_host }}"
+            - "This is only showing info from GitLab group"
+            - "------------------------------------------------------------------"
+            - "new_bundle is: {{ new_bundle }}"
+            - "new_fullchain_root_bundle is: {{ new_fullchain_root_bundle }}"
+            - "new_private_key is: {{ new_private_key }}"
+            - "nginx_config_test_command is: {{ nginx_config_test_command }}"
+            - "nginx_apply_command is: {{ nginx_apply_command }}"
+      - name: "nginx group: dump host-specific variables"
+        debug:
+          msg:
+            - "host is: {{ ansible_host }}"
+            - "This is only showing info from GitLab group"
+            - "------------------------------------------------------------------"
+            - "fullchain_root_bundle_path is: {{ fullchain_root_bundle_path }}"
+            - "private_key is: {{ private_key }}"
+            - "------------------------------------------------------------------"
+            - "healthcheck_url is: {{ healthcheck_url }}"
+      - name: "nginx group: dump OPTIONAL host-specific variables"
+        debug:
+          msg:
+          - "host is: {{ ansible_host }}"
+          - "------------------------------------------------------------------"
+
+      - name: "nginx hosts: Copy the new_fullchain_root_bundle"
+        copy:
+          backup: true
+    #      follow: true
+          src: "{{ new_fullchain_root_bundle }}"
+          dest: "{{ fullchain_root_bundle_path }}"
+      - name: "nginx: Copy the private key"
+        copy:
+          backup: true
+          src: "{{ new_private_key }}"
+          dest: "{{ private_key }}"
+
+################# test section ##############
+      - name: "Nginx: run nginx config check command and register output"
+        command: "{{ nginx_config_test_command }}"
+        register: nginx_config_test_command_result
+        ignore_errors: yes
+
+      - name: "Dump nginx_config_test_command_result"
+        debug:
+          msg: "nginx_config_test_command_result is {{ nginx_config_test_command_result }}"
+
+      - name: "dump nginx_config_test_command_result.stderr"
+        debug:
+          msg: "{{ nginx_config_test_command_result.stderr }}"
+      - name: "Set test_outcome to pass if criteria are met"
+        set_fact:
+          config_test_outcome: pass
+        when: '"test is successful" in nginx_config_test_command_result.stderr'
+        ignore_errors: yes
+
+      - debug:
+          msg: "{{ config_test_outcome }}"
+        ignore_errors: yes
+
+################# apply section ##############
+      - name: "Nginx: reload nginx service if config test is successful"
+        command: "{{ nginx_apply_command }}"
+        ignore_errors: yes
+        when: config_test_outcome == "pass"
+
+########## others group ###################################################################################################################
+  - name: "others group"
+    hosts: others
+    vars:
+      new_cert: "include/current/_domain.cert"
+      new_bundle: "include/current/root-chain_domain.pem"
+      new_fullchain_root_bundle: "include/current/fullchain_bundle_domain.pem"
+      new_private_key: "include/current/_domain.key"
+    tasks:
+    - name: "others: dump debugging messages"
+      debug:
+        msg:
+            - "host is: {{ ansible_host }}"
+            - "Group from inventory file is: {{ group_names }} "
+            - "This host's post_test_command is: {{ post_test_command }}"
+            - "This host's apply_command is: {{ apply_command }}"
+            - "------------------------------------------------------------------"
+            - "fullchain_root_bundle_path: {{ fullchain_root_bundle_path }}"
+            - "private_key_path: {{ private_key_path }}"
+
+    - name: "other hosts: Copy the new_fullchain_root_bundle"
+      copy:
+        backup: true
+  #      follow: true
+        src: "{{ new_fullchain_root_bundle }}"
+        dest: "{{ fullchain_root_bundle_path }}"
+    - name: "other: Copy the private key"
+      copy:
+        backup: true
+        src: "{{ new_private_key }}"
+        dest: "{{ private_key }}"
+
+################# other section ##############
+    - name: "other: run other host-specific config check command and register output"
+      command: "{{ post_test_command }}"
+      register: other_hosts_config_test_command_result
+      ignore_errors: yes
+
+    - name: "Dump other_hosts_config_test_command_result"
+      debug:
+        msg: "other_hosts_config_test_command_result is {{ other_hosts_config_test_command_result }}"
+
+    - name: "dump other_hosts_config_test_command_result.stderr"
+      debug:
+        msg: "{{ other_hosts_config_test_command_result.stderr }}"
+    - name: "Set test_outcome to pass if criteria are met"
+      set_fact:
+        config_test_outcome: pass
+      when: '{{ post_test_command_success_output }} in other_hosts_config_test_command_result.stderr'
+      ignore_errors: yes
+
+    - debug:
+        msg: "{{ config_test_outcome }}"
+      ignore_errors: yes
+
+################# other apply section ##############
+    - name: "others: host-specific command"
+      command: "{{ apply_command }}"
+      ignore_errors: yes
+      when: config_test_outcome == "pass"

playbooks/general_administration/enable_persistent_journal.yaml

@@ -0,0 +1,20 @@
+---
+- name: Enable persistent journal (across boots)
+  hosts: all
+  gather_facts: true
+  become: True
+  tasks:
+
+    - name: mkdir /var/log/journal
+      command:
+        cmd: mkdir /
+        creates: /var/log/journal
+      ignore_errors: yes
+
+    - name: Create systemd-tmpfiles in /var/log/journal
+      command:
+        cmd: systemd-tmpfiles --create --prefix /var/log/journal
+
+    - name: Restart system-journald
+      command:
+         cmd: systemctl restart systemd-journald

playbooks/general_administration/shutdown-at_job.yaml

@@ -0,0 +1,29 @@
+---
+  - name: Create at job to run shutdown at X
+    hosts: CentOS7-TEST
+    gather_facts: no
+    become: true
+
+    vars_prompt:
+
+      - name: "days"
+        prompt: "In how many DAYS from now should shutdown be scheduled?"
+        private: false
+
+      - name: "hours"
+        prompt: In how many HOURS from now should the shutdown be scheduled?
+        private: false
+
+      - name: "minutes"
+        prompt: In how many MINUTES from now should the shutdown be scheduled?
+        private: false
+
+
+    tasks:
+      - name: show hours plus minutes
+        debug:
+          msg:
+          - "The value for DAYS is {{ days }}"
+          - "The value for HOURS is {{ hours }}"
+          - "The value for MINUTES is {{ minutes }}"
+

playbooks/general_administration/unlock_special_user.playbook.yaml

@@ -0,0 +1,16 @@
+---
+  - name: change expire time for user ***CONTENTS REDACTED*** to (date given in epoch time)
+    hosts: all
+    become: true
+    collections:
+      - ansible.builtin.user
+    tasks:
+      - name: description of task
+        user:
+          name: ***CONTENTS REDACTED***
+          expires: '{{ epoch_time_for_expiration }}'
+          state: "present"
+          password: "***CONTENTS REDACTED***"
+          update_password: "Always"
+      - debug:
+          var: uptimeoutput.stdout_lines

playbooks/maintenance/OPNSense/KVMAB_CA.pem

@@ -0,0 +1 @@
+***CONTENTS REDACTED***

playbooks/maintenance/OPNSense/KVMAB_api.key

@@ -0,0 +1 @@
+***CONTENTS REDACTED***

playbooks/maintenance/OPNSense/include/KVM-AB-Primary.png

@@ -0,0 +1 @@
+

playbooks/maintenance/OPNSense/include/KVM-AB-Secondary.png

@@ -0,0 +1 @@
+

playbooks/maintenance/OPNSense/update_primaries.yaml

@@ -0,0 +1,37 @@
+- hosts: localhost
+  gather_facts: no
+  vars_files:
+    - ~/include/OPNSense_firewalls/OPNSense-Primaries.yaml
+
+  collections:
+    - ansibleguy.opnsense
+  tasks:
+    - name: Show variable values
+      debug:
+        msg: "Items: {{ 'opnsensefirewall', 'opnsenseapi_port', 'opnsensessl_verify', 'opnsensessl_ca_file', 'opnsenseapi_key', 'opnsenseapi_secret' }}"
+      loop: "{{ primaries }}"
+
+    - name: Pull updates for PRIMARY firewalls
+      system:
+        action: 'update'
+        firewall: "{{ item.opnsensefirewall }}"
+        api_port: "{{ item.opnsenseapi_port }}"
+        ssl_verify: false
+        ssl_ca_file: "{{ item.opnsensessl_ca_file }}"
+        api_key: "{{ item.opnsenseapi_key }}"
+        api_secret: "{{ item.opnsenseapi_secret }}"
+        debug: true
+      loop: "{{ primaries }}"
+
+    - name: Start UPGRADES for PRIMARY firewalls
+      system:
+        action: 'upgrade'
+        wait: true
+        firewall: "{{ item.opnsensefirewall }}"
+        api_port: "{{ item.opnsenseapi_port }}"
+        ssl_verify: false
+        ssl_ca_file: "{{ item.opnsensessl_ca_file }}"
+        api_key: "{{ item.opnsenseapi_key }}"
+        api_secret: "{{ item.opnsenseapi_secret }}"
+        debug: true
+      loop: "{{ primaries }}"

playbooks/maintenance/OPNSense/update_secondaries.yaml

@@ -0,0 +1,38 @@
+- hosts: localhost
+  gather_facts: no
+  vars_files:
+    - ~/include/OPNSense_firewalls/OPNSense-Secondaries.yaml
+
+  collections:
+    - ansibleguy.opnsense
+  tasks:
+    - name: Show variable values
+      debug:
+        msg: "Items: {{ 'opnsensefirewall', 'opnsenseapi_port', 'opnsensessl_verify', 'opnsensessl_ca_file', 'opnsenseapi_key', 'opnsenseapi_secret' }}"
+      loop: "{{ secondaries }}"
+
+
+    - name: Pull updates for SECONDARY firewalls
+      system:
+        action: 'update'
+        firewall: "{{ item.opnsensefirewall }}"
+        ssl_verify: false
+        ssl_ca_file: "{{ item.opnsensessl_ca_file }}"
+        api_key: "{{ item.opnsenseapi_key }}"
+        api_secret: "{{ item.opnsenseapi_secret }}"
+        debug: true
+      loop: "{{ secondaries }}"
+
+
+    - name: Start UPGRADES for SECONDARY firewalls
+      system:
+        action: 'upgrade'
+        wait: true
+        firewall: "{{ item.opnsensefirewall }}"
+        api_port: "{{ item.opnsenseapi_port }}"
+        ssl_verify: false
+        ssl_ca_file: "{{ item.opnsensessl_ca_file }}"
+        api_key: "{{ item.opnsenseapi_key }}"
+        api_secret: "{{ item.opnsenseapi_secret }}"
+        debug: true
+      loop: "{{ secondaries }}"

playbooks/maintenance/OPNSense/update_secondaries_NO_LOOP.yaml

@@ -0,0 +1,32 @@
+- hosts: localhost
+  gather_facts: no
+  vars_files:
+    - ~/include/***CONTENTS REDACTED***
+    - ~/include/***CONTENTS REDACTED***
+    - ~/include/***CONTENTS REDACTED***
+  collections:
+    - ansibleguy.opnsense
+
+  tasks:
+    - name: Pull updates for "{{ opnsensefirewall }}"
+      system:
+        action: 'update'
+        firewall: "{{ opnsensefirewall }}"
+        api_port: "{{ opnsenseapi_port }}"
+        ssl_verify: "{{ opnsensessl_verify }}"
+        ssl_ca_file: "{{ opnsensessl_ca_file }}"
+        api_key: "{{ opnsenseapi_key }}"
+        api_secret: "{{ opnsenseapi_secret }}"
+        debug: true
+
+    - name: Start upgrade of "{{ opnsensefirewall }}"
+      system:
+        action: 'upgrade'
+        timeout: 640
+        firewall: "{{ opnsensefirewall }}"
+        api_port: "{{ opnsenseapi_port }}"
+        ssl_verify: "{{ opnsensessl_verify }}"
+        ssl_ca_file: "{{ opnsensessl_ca_file }}"
+        api_key: "{{ opnsenseapi_key }}"
+        api_secret: "{{ opnsenseapi_secret }}"
+        debug: true

playbooks/maintenance/OPNSense/upload_custom_logos.yaml

@@ -0,0 +1,22 @@
+- hosts: KVM-AB-*
+  gather_facts: false
+  #vars_files:
+
+  tasks:
+    - name: Upload custom logo to Primary
+      copy:
+        remote_src: false
+        src: ~/include/OPNSense_firewalls/KVM-AB-Primary.png
+        dest: /usr/local/opnsense/www/themes/opnsense/build/images/default-logo.svg
+        force: true
+        unsafe_writes: true
+      when: ansible_host == '***CONTENTS REDACTED***'
+
+    - name: Upload custom logo to Secondary
+      copy:
+        remote_src: false
+        src: ~/include/OPNSense_firewalls/KVM-AB-Secondary.png
+        dest: /usr/local/opnsense/www/themes/opnsense/build/images/default-logo.svg
+        force: true
+        unsafe_writes: true
+      when: ansible_host == '***CONTENTS REDACTED***'

playbooks/misc/TEST-iptables.yaml

@@ -0,0 +1,112 @@
+---
+  - name: "Example of a working iptables playbook"
+    hosts: all
+#      - "*IPTables"
+    gather_facts: True
+    become: true
+# Put the IPs/hostnames of Zabbix servers and proxies here:
+    vars:
+      MONSRC:
+      - ***CONTENTS REDACTED***
+      - ***CONTENTS REDACTED***
+      - ***CONTENTS REDACTED***
+      MONSRCRANGE:
+      - ***CONTENTS REDACTED***
+      - ***CONTENTS REDACTED***
+
+    tasks:
+      - name: "msg print to stdout: Debug ansible_facts"
+        debug:
+          msg:
+            - ansible_facts.distribution "{{ ansible_facts.distribution }}"
+            - ansible_facts.distribution_major_version "{{ ansible_facts.distribution_major_version }}"
+            - ansible_facts.distribution_file_variety "{{ ansible_facts.distribution_file_variety }}"
+
+      - name: Show MONSRC variables
+        debug:
+          msg: "MONSRCs: {{ MONSRC[0-2] }}"
+
+      - name: Show MONSRCRANGE variables
+        debug:
+          msg: "MONSRCRANGEs: {{ MONSRCRANGE[0-2] }}"
+
+      - name: Populate systemd service_facts
+        service_facts:
+
+      - debug:
+          msg:
+            - ansible_facts.services['firewalld.service'] "{{ ansible_facts.services['firewalld.service'] }}"
+        when: "'firewalld.service' in services"
+
+      - debug:
+          msg:
+            - ansible_facts.services['iptables.service'] "{{ ansible_facts.services['iptables.service'] }}"
+        when: "'iptables.service' in services"
+
+
+      - debug:
+          msg:
+            -  ansible_all_ipv4_addresses "{{ ansible_all_ipv4_addresses}}"
+
+      - name: Open 10050/tcp from $MONSRC0 ("{{ MONSRC[0] }}") if iptables.service is enabled
+        iptables:
+          action: insert
+          chain: INPUT
+          source: "{{ MONSRC[0] }}"
+          protocol: tcp
+          destination_port: 10050:10051
+          state: present
+          jump: ACCEPT
+        when: ansible_facts.services['iptables.service']['status'] == 'enabled'
+
+      - name: Open 10050/tcp from $MONSRC1 ("{{ MONSRC[1] }}") if iptables.service is enabled
+        iptables:
+          action: insert
+          chain: INPUT
+          source:  "{{ MONSRC[1] }}"
+          protocol: tcp
+          destination_port: 10050:10051
+          state: present
+          jump: ACCEPT
+        when: ansible_facts.services['iptables.service']['status'] == 'enabled'
+
+      - name: Open 10050/tcp from $MONSRC2 ("{{ MONSRC[2] }}") if iptables.service is enabled AND IP contains 10.***CONTENTS REDACTED***
+        iptables:
+          action: insert
+          chain: INPUT
+          source:  "{{ MONSRC[2] }}"
+          protocol: tcp
+          destination_port: 10050:10051
+          state: present
+          jump: ACCEPT
+        when:
+          - ansible_facts.services['iptables.service']['status'] == 'enabled'
+          - ansible_all_ipv4_addresses is search("10.***CONTENTS REDACTED***")
+
+      - name: Open 10050/tcp from $MONSRCRANGE0 ("{{ MONSRCRANGE[0] }}") if iptables.service is enabled
+        iptables:
+          action: insert
+          chain: INPUT
+          src_range:  "{{ MONSRCRANGE[0] }}"
+          protocol: tcp
+          destination_port: 10050:10051
+          state: present
+          jump: ACCEPT
+        when: ansible_facts.services['iptables.service']['status'] == 'enabled'
+
+      - name: Open 10050/tcp from $MONSRCRANGE1 ("{{ MONSRCRANGE[1] }}") if iptables.service is enabled
+        iptables:
+          action: insert
+          chain: INPUT
+          src_range:  "{{ MONSRCRANGE[1] }}"
+          protocol: tcp
+          destination_port: 10050:10051
+          state: present
+          jump: ACCEPT
+        when: ansible_facts.services['iptables.service']['status'] == 'enabled'
+
+      - name: Save current state of the firewall in system file if iptables is enabled
+        iptables_state:
+          state: saved
+          path: /etc/sysconfig/iptables
+        when: ansible_facts.services['iptables.service']['status'] == 'enabled'

playbooks/misc/copy_users.fact_to_hosts.yaml

@@ -0,0 +1,13 @@
+---
+  - name: Copy a specified file to hosts
+    hosts: "***CONTENTS REDACTED***.edu"
+    gather_facts: no
+    become: true
+    tasks:
+      - name: perform copy
+        copy:
+          src: install_packages/users.fact
+          dest: /etc/ansible/facts.d/
+          owner: root
+          group: root
+          mode: "755"

playbooks/misc/undercloud-predictable_NIC_names.yaml

@@ -0,0 +1,192 @@
+---
+- name: Rename network interfaces
+  hosts: exampletarget
+  become: true
+  vars:
+    src_prefix: "eth"
+    dst_prefix: "em"
+    osnet_conf: "/etc/os-net-config/config.json"
+    src_interfaces: "{{ ansible_interfaces | select('match', src_prefix ~ '.*') | sort | list }}"
+    undercloud_conf: "~/undercloud.conf"
+  tasks:
+    - debug:
+        msg: "{{ src_interfaces }}"
+
+
+    - name: Update udev rules
+      tags:
+        - udev
+      lineinfile:
+        line: >
+          SUBSYSTEM=="net",
+          ACTION=="add",
+          DRIVERS=="?*",
+          ATTR{address}=="{{ ansible_facts[item]['perm_macaddress'] | default(ansible_facts[item]['macaddress']) }}",
+          NAME="{{ item | replace(src_prefix, dst_prefix) }}"
+        path: /etc/udev/rules.d/70-rhosp-persistent-net.rules
+        create: true
+      with_items: "{{ src_interfaces | reject('match', '^.*\\..*$') | list }}"
+
+
+    - name: Rename ifcfg files
+      tags:
+        - ifcfg
+      block:
+        - name: Check that src_prefix files exists
+          stat:
+            path: /etc/sysconfig/network-scripts/ifcfg-{{ item }}
+          register: nic_result
+          with_items: "{{ src_interfaces }}"
+
+        - name: Copy ifcfg files using dst_prefix
+          copy:
+            remote_src: true
+            src: "{{ item.stat.path }}"
+            dest: "{{ item.stat.path | replace(src_prefix, dst_prefix) }}"
+          with_items: "{{ nic_result.results }}"
+          when: item.stat.exists
+          loop_control:
+            label: "{{ item.item }}"
+
+        - name: Edit NAME in new network-script files
+          lineinfile:
+            regexp: "^NAME=.*"
+            line: "NAME={{ item.item | replace(src_prefix, dst_prefix) }}"
+            path: "{{ item.stat.path | replace(src_prefix, dst_prefix) }}"
+          with_items: "{{ nic_result.results }}"
+          when: item.stat.exists
+          loop_control:
+            label: "{{ item.item }}"
+
+        - name: Edit DEVICE in new network-script files
+          lineinfile:
+            regexp: "^DEVICE=.*"
+            line: "DEVICE={{ item.item | replace(src_prefix, dst_prefix) }}"
+            path: "{{ item.stat.path | replace(src_prefix, dst_prefix) }}"
+          with_items: "{{ nic_result.results }}"
+          when: item.stat.exists
+          loop_control:
+            label: "{{ item.item }}"
+
+        - name: Backup old ifcfg network-script files
+          copy:
+            remote_src: true
+            src: "{{ item.stat.path }}"
+            dest: "{{ item.stat.path }}.bak"
+          with_items: "{{ nic_result.results }}"
+          when: item.stat.exists
+          loop_control:
+            label: "{{ item.item }}"
+
+        - name: Remove old ifcfg network-script files
+          file:
+            path: "{{ item.stat.path }}"
+            state: absent
+          with_items: "{{ nic_result.results }}"
+          when: item.stat.exists
+          loop_control:
+            label: "{{ item.item }}"
+
+
+    - name: Rename route files
+      tags:
+        - routes
+      block:
+        - name: Check that route files exists
+          stat:
+            path: /etc/sysconfig/network-scripts/route-{{ item }}
+          register: route_result
+          with_items: "{{ src_interfaces }}"
+
+        - name: Copy route files using dst_prefix
+          copy:
+            remote_src: true
+            src: "{{ item.stat.path }}"
+            dest: "{{ item.stat.path | replace(src_prefix, dst_prefix) }}"
+          with_items: "{{ route_result.results }}"
+          when: item.stat.exists
+          loop_control:
+            label: "{{ item.item }}"
+
+        - name: Update dst_prefix in route files that use IP command arguments format
+          replace:
+            regexp: "{{ src_prefix }}"
+            replace: "{{ dst_prefix }}"
+            path: "{{ item.stat.path | replace(src_prefix, dst_prefix) }}"
+          with_items: "{{ route_result.results }}"
+          when: item.stat.exists
+          loop_control:
+            label: "{{ item.item }}"
+
+        - name: Backup old route files
+          copy:
+            remote_src: true
+            src: "{{ item.stat.path }}"
+            dest: "{{ item.stat.path }}.bak"
+          with_items: "{{ route_result.results }}"
+          when: item.stat.exists
+          loop_control:
+            label: "{{ item.item }}"
+
+        - name: Remove old route files
+          file:
+            path: "{{ item.stat.path }}"
+            state: absent
+          with_items: "{{ route_result.results }}"
+          when: item.stat.exists
+          loop_control:
+            label: "{{ item.item }}"
+
+
+    - name: Perform a final regex for any remaining src_prefix in ifcfg files
+      tags:
+        - ifcfg
+      block:
+        - name: Get a list of all ifcfg files
+          find:
+            paths: /etc/sysconfig/network-scripts/
+            patterns: 'ifcfg-*'
+            excludes: '*.bak'
+          register: ifcfg_files
+
+        - name: Perform final regex on ifcfg files
+          replace:
+            path: "{{ item[0].path }}"
+            regexp: "{{ item[1] }}"
+            replace: "{{ item[1] | replace(src_prefix, dst_prefix) }}"
+          with_nested:
+            - "{{ ifcfg_files.files }}"
+            - "{{ src_interfaces }}"
+          loop_control:
+            label: "{{ item[1] }} -> {{ item[0].path }}"
+
+
+    - name: Replace interface name in TripleO configuration files
+      tags:
+        - tripleo
+      block:
+        - name: Check if undercloud.conf exists
+          stat:
+            path: "{{ undercloud_conf }}"
+          register: undercloud_conf_stat
+
+        - name: Replace interface name in undercloud.conf
+          replace:
+            path: "{{ undercloud_conf }}"
+            regexp: "{{ item }}"
+            replace: "{{ item | replace(src_prefix, dst_prefix) }}"
+          when: undercloud_conf_stat.stat.exists
+          with_items: "{{ src_interfaces }}"
+
+        - name: Check if os-net-config's config.json exists
+          stat:
+            path: "{{ osnet_conf }}"
+          register: osnet_conf_stat
+
+        - name: Replace interface name in config.json
+          replace:
+            path: "{{ osnet_conf }}"
+            regexp: "{{ item }}"
+            replace: "{{ item | replace(src_prefix, dst_prefix) }}"
+          when: osnet_conf_stat.stat.exists
+          with_items: "{{ src_interfaces }}"

playbooks/packagemanagement/DataDog/deploy_to_systems.yaml

@@ -0,0 +1,16 @@
+---
+- hosts: all
+  vars:
+    - install_file_path: "include/"
+    - rpm_filename: "SentinelAgent_linux_v22_4_2_4.rpm"
+    - deb_filename: "SentinelAgent_linux_v22_4_2_4.deb"
+    - script_file: "include/activation_script.sh"
+    - new_host_fqdn: "{{ ansible_fqdn }}"
+    - site_token: "{{ dd_site_token }}"
+
+  tasks:
+    - name: Import the Datadog Agent role from the Datadog collection
+      import_role:
+        name: datadog.dd.agent
+  vars:
+    datadog_api_key: "{{ dd_api_key }}"

playbooks/packagemanagement/DataDog/include/RH-repofile.repo

@@ -0,0 +1,26 @@
+[datadog]
+name = Datadog, Inc.
+##############################################################################
+###                                                                        ###
+###     DataDog's repo @yum.datadot.com does not provide RPMs for major    ###
+###   versions other than 6 and 7 (as of 11-05-2024), so the $releasever   ###
+###           variable is manually overridden by the presense of           ###
+###   /etc/dnf/vars/datadogreleasever, which contains only the text "7".   ###
+###                                                                        ###  
+###          The variable, which is just the name of the file in           ###
+###       /etc/dnf/vars/, is referenced below as $datadogreleasever.       ###
+###                                                                        ###
+###                                                                        ###
+###                                                            11/05/2024  ###
+##############################################################################
+### baseurl = https://yum.datadoghq.com/stable/$releasever/$basearch/
+baseurl = https://yum.datadoghq.com/stable/$datadogreleasever/$basearch/
+enabled=1
+gpgcheck=1
+repo_gpgcheck=1
+priority=1
+gpgkey=https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_4F09D16B.public
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public

playbooks/packagemanagement/DataDog/role-deploy_to_systems.yaml

@@ -0,0 +1,19 @@
+- hosts: all
+
+  tasks:
+    - name: Install python3-dnf or python2-dnf if distro flavor is RH-like and version is 7
+      dnf:
+        name:
+          - python3-dnf
+          - python2-dnf
+        state: present
+      when:
+          - ansible_facts.distribution_file_variety == "RedHat"
+          - ansible_facts['distribution_major_version'] == '7'
+      ignore_errors: yes
+
+  roles:
+    - { role: DataDog.datadog, become: yes }
+  vars:
+    datadog_api_key: "{{ dd_api_key }}"
+    datadog_site: ddog-gov.com

playbooks/packagemanagement/DataDog/update_config.yaml

@@ -0,0 +1,52 @@
+- hosts: all
+  tasks:
+
+    - name: Remove existing config file
+      file:
+        path:  /etc/datadog-agent/datadog.yaml
+        state: absent
+
+    - name: Populate config lines in datadog.yaml
+      blockinfile:
+#        backup: true
+        path: /etc/datadog-agent/datadog.yaml
+        create: true
+        owner: dd-agent
+        group: dd-agent
+        mode: '640'
+        block: |
+          api_key: '"{{ dd_api_key }}"'
+          apm_config:
+            receiver_socket: /opt/datadog/apm/inject/run/apm.socket
+          containerd_namespace: []
+          containerd_namespaces: []
+          dogstatsd_socket: /opt/datadog/apm/inject/run/dsd.socket
+          process_config:
+            enabled: "true"
+            process_collection:
+              enabled: true
+            network_tracer:
+              enabled: true
+          logs_enabled: true
+          enable_payloads:
+              series: false
+              events: false
+              service_checks: false
+              sketches: false
+          proxy:
+            http: ""
+            https: ""
+            no_proxy:
+            - x.y.z.254
+            - x.y.z.200
+          python_version: "3"
+          remote_configuration:
+            enabled: false
+          site: ddog-gov.com
+          use_dogstatsd: true
+
+    - name: Restart the DataDog Agent
+      service:
+        name: datadog-agent
+        state: started
+        enabled: yes

playbooks/packagemanagement/Qualys/install_files/qualys-cloud-agent_AMD64-6.1.0-28.rpm

@@ -0,0 +1 @@
+***CONTENTS REDACTED***

playbooks/packagemanagement/Qualys/install_files/qualys-cloud-agent_AMD64-6.2.1.9.deb

@@ -0,0 +1 @@
+***CONTENTS REDACTED***

playbooks/packagemanagement/Qualys/install_qualys-agent.playbook.yaml

@@ -0,0 +1,112 @@
+---
+  - name: "Install qualys-agent using yum/dnf/apt; activation: sudo ***CONTENTS REDACTED***"
+    hosts: all
+    gather_facts: True
+    become: true
+    vars:
+      - install_file_path: "***CONTENTS REDACTED***Qualys/install_files/"
+      - rpm_filename: "qualys-cloud-agent_AMD64-6.1.0-28.rpm"
+      - deb_filename: "qualys-cloud-agent_AMD64-6.2.1.9.deb"
+      - new_host_fqdn: "{{ ansible_fqdn }}"
+####################################  TEST: Customer-specific variables  ####################################
+      - cloudagent_ActivationId: "***CONTENTS REDACTED***"
+      - cloudagent_CustomerId: "***CONTENTS REDACTED***"
+      - cloudagent_ServerUri: "***CONTENTS REDACTED***"
+
+    tasks:
+
+      - name: Populate systemd service_facts
+        service_facts:
+
+      - name: "Debug: show var new_host_fqdn, ansible_facts['os_family'] & ['distribution_major_version']"
+        debug:
+          var: new_host_fqdn
+      - name: "Debug: ansible_facts['os_family'] & ['distribution_major_version']"
+        debug:
+          msg:
+            - os_family "{{ ansible_facts['os_family'] }}"
+            - distribution_major_version "{{ ansible_facts['distribution_major_version'] }}"
+
+      - name: "Copy rpm file to host if host is RH-like, versions 6-9"
+        copy:
+          src: "{{ install_file_path }}{{ rpm_filename }}"
+          dest: /home/Ansible/{{ rpm_filename }}
+        when:
+          - ansible_facts['os_family'] == "RedHat"
+          - ansible_facts['distribution_major_version'] == '6' or ansible_facts['distribution_major_version'] == '7' or ansible_facts['distribution_major_version'] == '8' or ansible_facts['distribution_major_version'] == '9'
+
+
+      - name: "Perform installation w/ yum and rpm file if distro is RH-like versions 6-9"
+        yum:
+          name: /home/Ansible/{{ rpm_filename }}
+          state: present
+          disable_gpg_check: true
+        when:
+          - ansible_facts['os_family'] == "RedHat"
+          - ansible_facts['distribution_major_version'] == '6' or ansible_facts['distribution_major_version'] == '7' or ansible_facts['distribution_major_version'] == '8' or ansible_facts['distribution_major_version'] == '9'
+
+      - name: "Add firewall rules if firewalld running"
+        firewalld:
+          permanent: true
+          state: enabled
+          immediate: true
+          rich_rule: rule family=ipv4 source address=***CONTENTS REDACTED***0 port port=10001-10005 protocol=tcp accept
+          when: ansible_facts.services['firewalld.service'].state == 'running'
+        ignore_errors: yes
+        firewalld:
+          permanent: true
+          state: enabled
+          immediate: true
+          rich_rule: rule family=ipv4 source address=***CONTENTS REDACTED*** port port=10001-10005 protocol=tcp accept
+        when: ansible_facts.services['firewalld.service'].state == 'running'
+        ignore_errors: yes
+        firewalld:
+          permanent: true
+          state: enabled
+          immediate: true
+          rich_rule: rule family=ipv4 source address=***CONTENTS REDACTED*** port port=10001-10005 protocol=tcp accept
+        when: ansible_facts.services['firewalld.service'].state == 'running'
+        ignore_errors: yes
+        firewalld:
+          permanent: true
+          state: enabled
+          immediate: true
+          rich_fule: rule family=ipv4 source address=***CONTENTS REDACTED*** port port=10001-10005 protocol=tcp accept
+        when: ansible_facts.services['firewalld.service'].state == 'running'
+        ignore_errors: yes
+        firewalld:
+          permanent: true
+          state: enabled
+          immediate: true
+          rich_rule: rule family=ipv4 source address=***CONTENTS REDACTED*** port port=10001-10005 protocol=tcp accept
+        when: ansible_facts.services['firewalld.service'].state == 'running'
+
+  # For Deb-like:
+      - name: "Copy deb file to host if host is Debian 7 through 12, Bookworm"
+        copy:
+            src: "{{ install_file_path }}{{ deb_filename }}"
+            dest: /home/Ansible/{{ deb_filename }}
+        when:
+          - ansible_facts['os_family'] == 'Debian'
+
+      - name: "Install deb file on host if distro is Debian-like"
+        apt:
+          deb: /home/Ansible/{{ deb_filename }}
+          state: present
+        when:
+          - ansible_facts['os_family'] == 'Debian'
+
+######################################### Init agent w/ ActivationID, CustomerID and ServerUri #########################################
+      - name: "Make one-liner executable"
+        file:
+          path: ***CONTENTS REDACTED***/qualys-cloud-agent.sh
+          mode: "0750"
+
+      - name: "Run one-liner to provide cloud-agent ActivationID, CustomerID and ServerUri"
+        command: /usr/local/qualys/cloud-agent/bin/qualys-cloud-agent.sh ActivationId="{{  cloudagent_ActivationId }}" CustomerId="{{ cloudagent_CustomerId }}" ServerUri="{{ cloudagent_ServerUri }}"
+
+      - name: "Restart the cloud-agent service"
+        service:
+          name: qualys-cloud-agent
+          state: restarted
+          enabled: yes

playbooks/packagemanagement/bacula/add_bacula_user.yaml

@@ -0,0 +1,86 @@
+---
+- name: Add bacula user to enable control by Bacula/Bacularis system
+  hosts: all
+  gather_facts: true
+  become: True
+  tasks:
+    - name: populate package mgr facts
+      package_facts:
+        manager: auto
+    - name: output package facts
+      debug:
+        msg:
+#        - "{{ ansible_facts ['distribution_file_variety'] }}"
+
+    - name: "install pkg containing lgroupmod, required by module(s) below"
+      package:
+        name: libuser
+        state: present
+      #when: "'libuser' not in ansible_facts.packages"
+
+    - name: Add bacula user, Deb-like
+      user:
+        name: bacula
+        comment: "Debian-like- Add bacula user for the Bacula backup system"
+        create_home: true
+        local: true
+        group: "sudo"
+        shell: "/bin/bash"
+        uid: "133"
+        system: false
+        generate_ssh_key: false
+        password: "$6$0000000000000000$00000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+        expires: -1
+        password_expire_max: 99999
+        password_expire_min: 0
+        password_lock: false
+        state: present
+      when: ansible_facts['distribution_file_variety'] == "Debian"
+
+    - name: Add bacula user, RH-like
+      user:
+        name: bacula
+        comment: "RH-like- Add bacula user for the Bacula backup system"
+        create_home: true
+        local: false
+        group: "wheel"
+        shell: "/bin/bash"
+        uid: "133"
+        system: true
+        generate_ssh_key: false
+        password: "$6$0000000000000000$00000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+        expires: -1
+        password_expire_max: 99999
+        password_expire_min: 0
+        password_lock: false
+        state: present
+      when: ansible_facts['distribution_file_variety'] == "RedHat"
+
+    - name: Add bacula user to the sudoers file
+      sudoers:
+        commands: ALL
+        host: ALL
+        name: bacula
+        nopassword: True
+        state: present
+        user: bacula
+        validation: detect
+
+    - name: Copy bacula RSA public keys to ~/bacula/.ssh/authorized_keys
+      authorized_key:
+        user: bacula
+        comment: "RSA- ssh keys for the bacula backup user"
+        key: "{{ lookup('file', '~/playbooks/bacula/include/bacula-id_rsa.pub') }}"
+        state: present
+    - name: copy bacula ECDSA public keys to ~/bacula/.ssh/authorized_keys
+      authorized_key:
+        user: bacula
+        comment: "ECDSA- ssh keys for the bacula backup user"
+        key: "{{ lookup('file', '~/playbooks/bacula/include/bacula-id_ecdsa.pub') }}"
+        state: present
+    - name: copy bacula ED25519 public keys to ~/zabbix/.ssh/authorized_keys
+      authorized_key:
+        user: bacula
+        comment: "ED25519- ssh keys for the backup user"
+        key: "{{ lookup('file', '~/playbooks/bacula/include/bacula-id_ed25519.pub') }}"
+        state: present

playbooks/packagemanagement/bacula/include/bacula-community.repo

@@ -0,0 +1,6 @@
+[Bacula-Cummunity-localmirror]
+name = Bacula Community Binary Repo, locally hosted
+baseurl=https://bacula.space.swri.edu/repo/15.0.2/rpms/el$releasever/$basearch/
+gpgkey=https://bacula.space.swri.edu/repo/15.0.2/Bacula-4096-Distribution-Verification-key.asc
+enabled=1
+gpgcheck=0

playbooks/packagemanagement/bacula/include/bacula-fd.conf

@@ -0,0 +1,43 @@
+# Default  Bacula File Daemon Configuration file
+#
+#  For Bacula release 11.0.1 (05 February 2020) -- redhat Beta
+#
+# There is not much to change here except perhaps the
+# File daemon Name to
+#
+#
+# Copyright (C) 2000-2020 Kern Sibbald
+# License: BSD 2-Clause; see file LICENSE-FOSS
+#
+
+#
+# List Directors who are permitted to contact this File daemon
+#
+Director {
+  Name = bacula-dir
+  Password = "000000000000000000000000000000000"
+#  TLSPSKEnable = yes
+  # TLS configuration directives
+  TLSEnable = no
+  TLSRequire = no
+  TLSVerifyPeer = no
+#  TLS CA Certificate File = /opt/bacula/ssl/certs/root_cert.pem
+#  TLS Certificate = /opt/bacula/ssl/certs/client1_cert.pem
+#  TLS Key = /opt/bacula/ssl/keys/client1_key.pem
+}
+
+FileDaemon {
+  Name = bacula.space.swri.edu
+  FDPort = 9102
+  FDAddress = 0.0.0.0
+  WorkingDirectory = /var/spool/bacula
+  Pid Directory = /var/run
+  Maximum Concurrent Jobs = 20
+  Plugin Directory = /usr/lib64/bacula
+}
+
+# Send all messages except skipped files back to Director
+Messages {
+  Name = Standard
+  director = bacula-dir = all, !skipped, !restored, !saved
+}

playbooks/packagemanagement/bacula/include/bacula-fd.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=Bacula File Daemon
+Documentation=man:bacula-fd(8)
+After=network.target nss-lookup.target
+
+[Service]
+Environment=CONFIG=/etc/bacula/bacula-fd.conf
+EnvironmentFile=-/etc/sysconfig/bacula-fd
+ExecStart=/usr/sbin/bacula-fd -d10  -f $OPTS -c $CONFIG -u $FD_USER -g $FD_GROUP
+IOSchedulingClass=idle
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target

playbooks/packagemanagement/bacula/include/bconsole.conf

@@ -0,0 +1,13 @@
+#
+# Bacula User Agent (or Console) Configuration File
+#
+# Copyright (C) 2000-2020 Kern Sibbald
+# License: BSD 2-Clause; see file LICENSE-FOSS
+#
+
+Director {
+  Name = bacula-dir
+  DIRport = 9101
+  address = bacula.domain.edu
+  Password = "000000000000000000000000000000000"
+}

playbooks/packagemanagement/bacula/install_bacula_client.yaml

@@ -0,0 +1,143 @@
+---
+  - name: "Install Bacula Client"
+    hosts: all
+    gather_facts: True
+    become: true
+    tasks:
+      - include_tasks: ../include/determine_which_firewall.yaml
+
+      - name: Set variable for the current version of bacula-client
+        set_fact:
+          BACULAVERSION: "15.0.2"
+
+################################################ create/copy repo file to hosts and import PGP key (if necessary)
+      - name: Copy signing key to RH-like hosts using the old manual command
+        command:
+#          cmd: rpmkeys --import https://bacula.space.swri.edu/repo/{{ BACULAVERSION }}/Bacula-15.0.2-public.key
+          cmd: rpmkeys --import https://bacula.space.swri.edu/repo/{{ BACULAVERSION }}/repomd.xml.key
+        when: (ansible_facts['distribution_file_variety'] == 'RedHat')
+
+
+      - name: Copy/overwrite, bacula-community.repo to RHEL-like hosts
+        copy:
+          force: true
+          src: include/bacula-community.repo
+          dest: /etc/yum.repos.d/bacula-community.repo
+          owner: root
+          group: root
+          mode: '0640'
+        when: (ansible_facts['distribution_file_variety'] == 'RedHat')
+
+      - name: Copy signing key to Deb-like hosts
+        copy:
+          src: include/Bacula-4096-Distribution-Verification-key.asc
+          dest: /etc/apt/trusted.gpg.d/bacula-community-localmirror.asc
+        when: (ansible_facts['distribution_file_variety'] == 'Debian')
+
+      - name: Create /etc/apt/sources.list.d/bacula-community.list on Debian-like hosts
+        copy:
+          dest: /etc/apt/sources.list.d/bacula-community.list
+          owner: root
+          group: root
+          mode: '0640'
+          content: |
+            deb https://bacula.space.swri.edu/repo/{{ BACULAVERSION }}/debs {{ ansible_lsb.codename }} main
+        when: (ansible_facts['distribution_file_variety'] == 'Debian')
+
+############################################### remove old verions of bacula-client
+      - name: Gather the package facts
+        package_facts:
+          manager: auto
+
+      - name: Print the package facts
+        ansible.builtin.debug:
+          var: ansible_facts.packages
+
+      - name: Debug- output ansible_facts.packages bacula-client
+        ansible.builtin.debug:
+#          msg: "{{ ansible_facts.packages['bacula-client']| map(attribute='version')|list|first }} is installed"
+          msg:
+#            - "{{ ansible_facts.packages['bacula-client']| map(attribute='version') | first }}"
+            - "{{ ansible_facts.packages['bacula-client']| map(attribute='version') | first }}"
+          ignore_errors: yes
+        when: (ansible_facts.packages['bacula-client'] is defined)
+
+      - name: Remove bacula-client, etc. if version isn't 13-15
+        ansible.builtin.package:
+          name:
+            - bacula-client
+            - bacula-common
+            - bacula-console
+            - bacula-fd
+          state: absent
+        when:
+          - (ansible_facts.packages['bacula-client'] is defined)
+          - "'15' not in ansible_facts.packages['bacula-client']| map(attribute='version') | first"
+          - "'14' not in ansible_facts.packages['bacula-client']| map(attribute='version') | first"
+          - "'13' not in ansible_facts.packages['bacula-client']| map(attribute='version') | first"
+
+############################################### install using pkg mgr
+      - name: 'Install Bacula Client & Bacula console from newly created repo for RHEL-like distros'
+        yum:
+          name:
+            - bacula-client
+          state: latest
+          update_cache: true
+        when: (ansible_facts['distribution_file_variety'] == 'RedHat')
+
+      - name: 'Install Bacula Client & bacula-console from newly created repo for Deb-like repos'
+        apt:
+          name:
+            - bacula-client
+          state: present
+        when: (ansible_facts['distribution_file_variety'] == 'Debian')
+
+################################################  Copy config files          #################################################
+
+# Copy Bacula Client config file to host
+      - name: perform copy of bacula-fd.conf
+        copy:
+          src: ~/playbooks/bacula/include/bacula-fd.conf
+          dest: /etc/bacula/bacula-fd.conf
+          owner: root
+          group: root
+          mode: '0640'
+
+################################################ Add Fireall Rules       #################################################
+      - name: 'Allow bacula-client service using firewalld'
+        firewalld:
+          service: bacula-client
+          permanent: True
+          state: enabled
+          immediate: True
+        when: which_firewall == 'firewalld'
+        ignore_errors: yes
+      - name: 'Allow bacula-client service using iptables'
+        iptables:
+          chain: INPUT
+          prorocol: TCP
+          destination_port: "9102"
+        when: which_firewall == 'iptables'
+        ignore_errors: yes
+      - name: 'Allow bacula-client service using ufw'
+        ufw:
+          rule: allow
+          port: '9102'
+          proro: tcp
+        when: which_firewall == 'ufw'
+        ignore_errors: yes
+
+
+################################################ Service/Systemd Section      #################################################
+
+
+# Enable bacula-fd on systemd-enabled systems:
+      - name: enable bacula-fd service
+        systemd:
+          name: bacula-fd
+          enabled: True
+          masked: no
+          state: restarted
+        ignore_errors: False
+        #when: ansible_facts.services['source'].source == systemd
+        when: ansible_facts.service_mgr == "systemd"

playbooks/packagemanagement/idrac/install_perccli_MegaRAID.yaml

@@ -0,0 +1,143 @@
+---
+- name: "Install Dell's perccli (MegaRAID) cli util"
+  hosts: all
+  gather_facts: yes
+  become: true
+  tasks:
+
+  - name: Create /home/Ansible/install_packages if it does not exist.
+    file:
+      path: /home/Ansible/install_packages
+      state: directory
+      mode: '0775'
+      owner: Ansible
+      group: Ansible
+
+# For RHEL-like:
+  - name: Copy the appropriate .rpm file (RH5-like) from ~/install_packages/
+    copy:
+      src: perccli/RH5-7/perccli-007.0318.0000.0000-1.noarch.rpm
+      dest: /home/Ansible/install_packages/
+      owner: Ansible
+      mode: 0664
+    when: (ansible_facts['os_family'] == "RedHat") and (ansible_facts['distribution_major_version'] == "5")
+  - name: Install rpm file RH(5)-like
+    yum:
+      name: /home/Ansible/install_packages/perccli-007.0318.0000.0000-1.noarch.rpm
+#      enablerepo:
+#      disablrepo:
+      state: present
+    when: (ansible_facts['os_family'] == "RedHat") and (ansible_facts['distribution_major_version'] == "5")
+
+
+
+  - name: Copy the appropriate .rpm file (RH6-like) from ~/install_packages/
+    copy:
+      src: perccli/RH5-7/perccli-007.0318.0000.0000-1.noarch.rpm
+      dest: /home/Ansible/install_packages/
+      owner: Ansible
+      mode: 0664
+    when: (ansible_facts['os_family'] == "RedHat") and (ansible_facts['distribution_major_version'] == "6")
+  - name: Install rpm file to host if RH(6)-like
+    yum:
+      name: /home/Ansible/install_packages/perccli-007.0318.0000.0000-1.noarch.rpm
+#        enablerepo:
+#        disablerepo:
+      state: present
+    when: (ansible_facts['os_family'] == "RedHat") and (ansible_facts['distribution_major_version'] == "6")
+
+
+
+  - name: Copy the appropriate .rpm file (RH7-like) from ~/install_packages/
+    copy:
+      src: perccli/RH7-8/perccli-007.1020.0000.0000-1.noarch.rpm
+      dest: /home/Ansible/install_packages/
+      owner: Ansible
+      mode: 0664
+    when: (ansible_facts['os_family'] == "RedHat") and (ansible_facts['distribution_major_version'] == "7")
+  - name: Install rpm file to host if RH(7)-like
+    yum:
+      name: /home/Ansible/install_packages/perccli-007.1020.0000.0000-1.noarch.rpm
+      state: present
+    when: (ansible_facts['os_family'] == "RedHat") and (ansible_facts['distribution_major_version'] == "7")
+
+
+  - name: Copy the appropriate .rpm file (RH8-like) from ~/install_packages/
+    copy:
+      src: perccli/RH8-9/perccli2-008.0004.0000.0022-1.x86_64.rpm
+      dest: /home/Ansible/install_packages/
+      owner: Ansible
+      mode: 0664
+    when: (ansible_facts['os_family'] == "RedHat") and (ansible_facts['distribution_major_version'] == "8")
+  - name: Install rpm file to host if RH(8)-like
+    yum:
+      name: /home/Ansible/install_packages/perccli2-008.0004.0000.0022-1.x86_64.rpm
+      state: present
+    when: (ansible_facts['os_family'] == "RedHat") and (ansible_facts['distribution_major_version'] == "8")
+
+
+  - name: Copy the appropriate .rpm file (RH9-like) from ~/install_packages/
+    copy:
+      src: perccli/RH8-9/perccli2-008.0004.0000.0022-1.x86_64.rpm
+      dest: /home/Ansible/install_packages/
+      owner: Ansible
+      mode: 0664
+    when: (ansible_facts['os_family'] == "RedHat") and (ansible_facts['distribution_major_version'] == "9")
+  - name: Install rpm file to host if RH(9)-like
+    yum:
+      name: /home/Ansible/install_packages/perccli2-008.0004.0000.0022-1.x86_64.rpm
+      state: present
+    when: (ansible_facts['os_family'] == "RedHat") and (ansible_facts['distribution_major_version'] == "9")
+
+
+# For Deb-like:
+  - name: Copy the appropriate .deb file (Ubuntu 16.04) from ~/install_packages/
+    copy:
+      src: perccli/Ub1604/perccli_007.0318.0000.0000-2_all.deb
+      dest: /home/Ansible/install_packages/
+    when: (ansible_facts['distribution'] == "Ubuntu") and (ansible_facts['distribution_major_version'] == "16")
+  - name: Install the .deb file using apt
+    apt:
+      update_cache: yes
+      deb: /home/Ansible/install_packages/perccli_007.0318.0000.0000-2_all.deb
+      clean: yes
+    when: (ansible_facts['distribution'] == "Ubuntu") and (ansible_facts['distribution_major_version'] == "16")
+
+  - name: Copy the appropriate .deb file (Ubuntu 18.04) from ~/install_packages/
+    copy:
+      src: perccli/Ub1804/perccli_007.1020.0000.0000-2_all.deb
+      dest: /home/Ansible/install_packages/
+    when: (ansible_facts['distribution'] == "Ubuntu") and (ansible_facts['distribution_major_version'] == "18")
+  - name: Install the .deb file using apt
+    apt:
+      update_cache: yes
+      deb: /home/Ansible/install_packages/perccli_007.1020.0000.0000-2_all.deb
+      clean: yes
+    when: (ansible_facts['distribution'] == "Ubuntu") and (ansible_facts['distribution_major_version'] == "18")
+
+  - name: Copy the appropriate .deb file (Ubuntu 20.04) from ~/install_packages/
+    copy:
+      src: perccli/Ub2204/perccli2_008.0004.0000.0022_all.deb
+      dest: /home/Ansible/install_packages/
+      owner: Ansible
+      mode: 0664
+    when: (ansible_facts['distribution'] == "Ubuntu") and (ansible_facts['distribution_major_version'] == "20")
+  - name: Install deb file using apt
+    apt:
+      update_cache: yes
+      deb: /home/Ansible/install_packages/perccli2_008.0004.0000.0022_all.deb
+      force_apt_get: yes
+      clean: yes
+    when: (ansible_facts['distribution'] == "Ubuntu") and (ansible_facts['distribution_major_version'] == "20")
+
+  - name: Copy the appropriate .deb file (Ubuntu 22.04) from ~/install_packages/
+    copy:
+        src: perccli/Ub2204/perccli2_008.0004.0000.0022_all.deb
+        dest: /home/Ansible/install_packages/
+    when: (ansible_facts['distribution'] == "Ubuntu") and (ansible_facts['distribution_major_version'] == "22")
+  - name: Install the .deb file using apt
+    apt:
+      update_cache: yes
+      deb: /home/Ansible/install_packages/perccli/Ub2204/perccli2_008.0004.0000.0022_all.deb
+      clean: yes
+    when: (ansible_facts['distribution'] == "Ubuntu") and (ansible_facts['distribution_major_version'] == "22")

playbooks/packagemanagement/install_rpm_or_deb.playbook.yaml

@@ -0,0 +1,75 @@
+---
+  - name: "Install an rpm or deb file using yum/dnf/apt"
+    hosts: all
+    gather_facts: True
+    become: true
+    vars:
+      - install_file_path: "include/"
+      - rpm_filename: "filename_v22_4_2_4.rpm"
+      - deb_filename: "filename_v22_4_2_4.deb"
+      - new_host_fqdn: "{{ ansible_fqdn }}"
+####  s1-speficic:
+      - site_token: "***CONTENTS REDACTED***"
+    tasks:
+      - name: "msg print to stdout: Debug ansible_facts"
+        debug:
+          msg:
+#            - "{{ ansible_facts.service_mgr }}"
+            - ansible_facts.distribution "{{ ansible_facts.distribution }}"
+            - ansible_facts.distribution_major_version "{{ ansible_facts.distribution_major_version }}"
+            - ansible_facts.distribution_file_variety "{{ ansible_facts.distribution_file_variety }}"
+
+
+      - name: Populate systemd service_facts
+        service_facts:
+
+      - debug:
+          msg:
+            - ansible_facts.services['firewalld.service'] "{{ ansible_facts.services['firewalld.service'] }}"
+        when: "'firewalld.service' in services"
+
+      - debug:
+          msg:
+            - ansible_facts.services['iptables.service'] "{{ ansible_facts.services['iptables.service'] }}"
+        when: "'iptables.service' in services"
+
+      - debug:
+          msg:
+            - ansible_facts.services['iptables.service'] "{{ ansible_facts.services['iptables.service'] }}"
+        when: "'ufw.service' in services"
+
+###############################################  Copy source rpm or deb file to be installed  #################################################################################
+
+      - name: Copy deb file to host when distribution_file_variety is RedHat
+        copy:
+          src: "{{ install_file_path }}{{ rpm_filename }}"
+          dest: /home/Ansible/{{{ rpm_filename }}
+        when: ansible_facts['distribution_file_variety'] == 'RedHat'
+
+      - name: Copy deb file to host when distribution_file_variety is Debian
+        copy:
+          src: "{{ install_file_path }}{{ deb_filename }}"
+          dest: /home/Ansible/{{ deb_filename }}
+        when: ansible_facts['distribution_file_variety'] == 'Debian'
+
+###############################################  RH section  #################################################################################################
+      - name: "Perform installation w/ yum and rpm file when distribution_file_variety is RedHat"
+        yum:
+          name: /home/Ansible/{{ rpm_filename }}
+          state: present
+          disable_gpg_check: true
+        when:
+          - ansible_facts['distribution_file_variety'] == 'RedHat'
+
+###############################################  Deb section  #################################################################################################
+      - name: "Install deb file on host when distribution_file_variety is Debian"
+        apt:
+          deb: /home/Ansible/{{ deb_filename }}
+          state: present
+        when:
+          - ansible_facts['distribution_file_variety'] == 'Debian'
+
+
+###############################################  Run activation_script.sh  #################################################################################################
+      - name: "Running activation_script.sh"
+        shell: include/activation_script.sh

playbooks/packagemanagement/install_rpm_or_deb.yaml

@@ -0,0 +1,312 @@
+---
+  - name: "Install Zabbix agent using yum/dnf/apt"
+    hosts: all
+    gather_facts: True
+    become: true
+    tasks:
+      - name: "msg print to stdout: Debug ansible_facts"
+        debug:
+          msg:
+            - ansible_facts.distribution "{{ ansible_facts.distribution }}"
+            - ansible_facts.distribution_major_version "{{ ansible_facts.distribution_major_version }}"
+            - ansible_facts.distribution_file_variety "{{ ansible_facts.distribution_file_variety }}"
+
+
+      - name: Populate systemd service_facts
+        service_facts:
+
+      - debug:
+          msg:
+            - ansible_facts.services['firewalld.service'] "{{ ansible_facts.services['firewalld.service'] }}"
+        when: "'firewalld.service' in services"
+
+      - debug:
+          msg:
+            - ansible_facts.services['iptables.service'] "{{ ansible_facts.services['iptables.service'] }}"
+        when: "'iptables.service' in services"
+
+      - debug:
+          msg:
+            - ansible_facts.services['iptables.service'] "{{ ansible_facts.services['iptables.service'] }}"
+        when: "'ufw.service' in services"
+
+
+#RHEL-6 Like:
+      - name: Install Zabbix rpm key if distro RHEL-6 like
+        rpm_key:
+          key: https://repo.zabbix.com/RPM-GPG-KEY-ZABBIX-08EFA7DD
+          state: present
+        when: ansible_facts['distribution_file_variety'] == 'RedHat'
+
+      - name: Install zabbix-agent2 from specified rpm if distro is RH6-like
+        yum:
+          name: https://repo.zabbix.com/zabbix/6.4/rhel/6/x86_64/zabbix-agent2-6.4.8-release2.el6.x86_64.rpm
+          state: installed
+        when: (ansible_facts['distribution_file_variety'] == 'RedHat') and (ansible_facts['distribution_major_version'] == '6')
+
+#RHEL-7 like:
+      - name: Install Official Zabbix repo for RHEL-7 like, incl. Fedora 19 - 27
+        yum_repository:
+          name: zabbix
+          description: Install Zabbix official repo for RHEL-7 like
+          baseurl: https://repo.zabbix.com/zabbix/6.4/rhel/$releasever/x86_64/
+          enabled: yes
+        when:
+          - ansible_facts['distribution_file_variety'] == 'RedHat'
+          - ansible_facts['distribution_major_version'] == '7' or ansible_facts['distribution_major_version'] == '19' or ansible_facts['distribution_major_version'] == '20' or ansible_facts['distribution_major_version'] == '21' or ansible_facts['distribution_major_version'] == '22' or ansible_facts['distribution_major_version'] == '23' or ansible_facts['distribution_major_version'] == '24' or ansible_facts['distribution_major_version'] == '25' or ansible_facts['distribution_major_version'] == '26' or ansible_facts['distribution_major_version'] == '27'
+
+      - name: yum-clean-metadata for RHEL-7 like, incl. Fedora 19 - 27
+        ansible.builtin.command: yum clean metadata
+        when:
+          - ansible_facts['distribution_file_variety'] == 'RedHat'
+          - ansible_facts['distribution_major_version'] == '7' or ansible_facts['distribution_major_version'] == '19' or ansible_facts['distribution_major_version'] == '20' or ansible_facts['distribution_major_version'] == '21' or ansible_facts['distribution_major_version'] == '22' or ansible_facts['distribution_major_version'] == '23' or ansible_facts['distribution_major_version'] == '24' or ansible_facts['distribution_major_version'] == '25' or ansible_facts['distribution_major_version'] == '26' or ansible_facts['distribution_major_version'] == '27'
+
+      - name: Install zabbix-agent2 + plugins for RHEL-7 like
+        yum:
+          name:
+            - zabbix-agent2, zabbix-agent2-plugin-*
+          disablerepo: "epel"
+          state: present
+        when:
+          - ansible_facts['distribution_file_variety'] == 'RedHat'
+          - ansible_facts['distribution_major_version'] == '7' or ansible_facts['distribution_major_version'] == '19' or ansible_facts['distribution_major_version'] == '20' or ansible_facts['distribution_major_version'] == '21' or ansible_facts['distribution_major_version'] == '22' or ansible_facts['distribution_major_version'] == '23' or ansible_facts['distribution_major_version'] == '24' or ansible_facts['distribution_major_version'] == '25' or ansible_facts['distribution_major_version'] == '26' or ansible_facts['distribution_major_version'] == '27'
+
+#RHEL-8 like:
+      - name: Install Zabbix repo GPG key for ALL RHEL like, incl. Fedora 28 - 33
+        rpm_key:
+          state: present
+          key: https://repo.zabbix.com/RPM-GPG-KEY-ZABBIX-08EFA7DD
+        when: ansible_facts['distribution_file_variety'] == 'RedHat'
+
+      - name: Install Official Zabbix repo for RHEL-8 like incl. Fedora 28 - 33
+        yum_repository:
+          name: zabbix
+          description: Install Zabbix official repo for RHEL-8 like incl. Fedora 28 - 33
+          baseurl: https://repo.zabbix.com/zabbix/6.4/rhel/8/x86_64/
+          enabled: yes
+        when:
+          - ansible_facts['distribution_file_variety'] == 'RedHat'
+          - ansible_facts['distribution_major_version'] == '8' or ansible_facts['distribution_major_version'] == '28' or ansible_facts['distribution_major_version'] == '29' or ansible_facts['distribution_major_version'] == '30' or ansible_facts['distribution_major_version'] == '31' or ansible_facts['distribution_major_version'] == '32' or ansible_facts['distribution_major_version'] == '33'
+
+
+      - name: yum-clean-metadata for RHEL-8 like incl. Fedora 28 - 33
+        ansible.builtin.command: yum clean metadata
+        when:
+          - ansible_facts['distribution_file_variety'] == 'RedHat'
+          - ansible_facts['distribution_major_version'] == '8' or ansible_facts['distribution_major_version'] == '28' or ansible_facts['distribution_major_version'] == '29' or ansible_facts['distribution_major_version'] == '30' or ansible_facts['distribution_major_version'] == '31' or ansible_facts['distribution_major_version'] == '32' or ansible_facts['distribution_major_version'] == '33'
+
+
+
+      - name: Install Official Zabbix repo for RHEL-9 like, incl. Fedora 34-40
+        yum_repository:
+          name: zabbix
+          description: Install Zabbix official repo for RHEL-9 like, incl. Fedora 34-40
+          baseurl: https://repo.zabbix.com/zabbix/6.4/rhel/9/x86_64/
+          enabled: yes
+        when:
+          - ansible_facts['distribution_file_variety'] == 'RedHat'
+          - ansible_facts['distribution_major_version'] == '9' or ansible_facts['distribution_major_version'] == '34' or ansible_facts['distribution_major_version'] == '35' or ansible_facts['distribution_major_version'] == '36' or ansible_facts['distribution_major_version'] == '37' or ansible_facts['distribution_major_version'] == '38' or ansible_facts['distribution_major_version'] == '39' or ansible_facts['distribution_major_version'] == '40'
+
+
+      - name: yum-clean-metadata for RHEL-9 like, incl. Fedora 34-40
+        ansible.builtin.command: yum clean metadata
+        when:
+          - ansible_facts['distribution_file_variety'] == 'RedHat'
+          - ansible_facts['distribution_major_version'] == '9' or ansible_facts['distribution_major_version'] == '34' or ansible_facts['distribution_major_version'] == '35' or ansible_facts['distribution_major_version'] == '36' or ansible_facts['distribution_major_version'] == '37' or ansible_facts['distribution_major_version'] == '38' or ansible_facts['distribution_major_version'] == '39' or ansible_facts['distribution_major_version'] == '40'
+
+
+      - name: Install zabbix-agent2 + plugins for RHEL-9 like, incl. Fedora 34-40
+        yum:
+          name:
+            - zabbix-agent2, zabbix-agent2-plugin-*
+          disablerepo: "epel"
+          state: present
+          disable_gpg_check: true
+        when:
+          - ansible_facts['distribution_file_variety'] == 'RedHat'
+          - ansible_facts['distribution_major_version'] == '9' or ansible_facts['distribution_major_version'] == '34' or ansible_facts['distribution_major_version'] == '35' or ansible_facts['distribution_major_version'] == '36' or ansible_facts['distribution_major_version'] == '37' or ansible_facts['distribution_major_version'] == '38' or ansible_facts['distribution_major_version'] == '39' or ansible_facts['distribution_major_version'] == '40'
+
+
+
+###############################################  Debian section  #################################################################################################
+      - name: Install zabbix-agent2 from specified deb file if distro is Deb12, "Bookworm"
+        apt:
+          deb: https://repo.zabbix.com/zabbix/6.4/debian/pool/main/z/zabbix/zabbix-agent2_6.4.8-2%2Bdebian12_amd64.deb
+          state: present
+        when: (ansible_facts['distribution'] == 'Debian') and (ansible_facts['distribution_major_version'] == '12')
+      - name: Install zabbix-agent2 from specified deb file if distro is Deb11, "Bullseye"
+        apt:
+          deb: https://repo.zabbix.com/zabbix/6.4/debian/pool/main/z/zabbix/zabbix-agent2_6.4.8-2%2Bdebian11_amd64.deb
+          state: present
+        when: (ansible_facts['distribution'] == 'Debian') and (ansible_facts['distribution_major_version'] == '11')
+      - name: Install zabbix-agent2 from specified deb file if distro is Deb10, "Buster"
+        apt:
+          deb: https://repo.zabbix.com/zabbix/6.4/debian/pool/main/z/zabbix/zabbix-agent2_6.4.8-2%2Bdebian10_amd64.deb
+          state: present
+        when: (ansible_facts['distribution'] == 'Debian') and (ansible_facts['distribution_major_version'] == '10')
+      - name: Install zabbix-agent2 from specified deb file if distro is Deb9, "Stretch"
+        apt:
+          deb: https://repo.zabbix.com/zabbix/6.4/debian/pool/main/z/zabbix/zabbix-agent2_6.4.8-2%2Bdebian9_amd64.deb
+          state: present
+        when: (ansible_facts['distribution'] == 'Debian') and (ansible_facts['distribution_major_version'] == '9')
+##############################################   Begin Ubuntu section   ###################################################
+      - name: Install zabbix-agent2 from specified deb file if distro is Ubuntu 22.xx, "Jammy Jellyfish"
+        apt:
+          deb: https://repo.zabbix.com/zabbix/6.4/ubuntu/pool/main/z/zabbix/zabbix-agent2_6.4.8-2%2Bubuntu22.04_amd64.deb
+          state: present
+        when: (ansible_facts['distribution'] == 'Ubuntu') and (ansible_facts['distribution_major_version'] == '22')
+      - name: Install zabbix-agent2 from specified deb file if distro is Ubuntu 20.xx, "Focal Fossa"
+        apt:
+          deb: https://repo.zabbix.com/zabbix/6.4/ubuntu/pool/main/z/zabbix/zabbix-agent2_6.4.8-2%2Bubuntu20.04_amd64.deb
+          state: present
+        when: (ansible_facts['distribution'] == 'Ubuntu') and (ansible_facts['distribution_major_version'] == '20')
+      - name: Install zabbix-agent2 from specified deb file if distro is Ubuntu 18.xx, "Bionic Bever"
+        apt:
+          deb: https://repo.zabbix.com/zabbix/6.4/ubuntu/pool/main/z/zabbix/zabbix-agent2_6.4.8-2%2Bubuntu18.04_amd64.deb
+          state: present
+        when: (ansible_facts['distribution'] == 'Ubuntu') and (ansible_facts['distribution_major_version'] == '18')
+
+      - name: Create /etc/zabbix w/ appropriate permissinos
+        file:
+          path: /etc/zabbix
+          owner: zabbix
+          group: root
+          mode: '0755'
+          state: directory
+
+# Copy Zabbix agent config file to host
+      - name: perform copy of zabbix agent config
+        copy:
+          src: ~/install_packages/zabbix/zabbix_agent2.conf
+          dest: /etc/zabbix/zabbix_agent2.conf
+          owner: zabbix
+          group: root
+          mode: '0640'
+# Create /etc/zabbix w/ appropriate permissinos
+      - name: Create /etc/zabbix/certs w/ appropriate permissions
+        file:
+          path: /etc/zabbix/certs
+          owner: zabbix
+          group: root
+          mode: '0750'
+          state: directory
+
+# Copy Zabbix ca.cert to host
+      - name: perform copy ca.cert
+        copy:
+          src: ~/install_packages/zabbix/certs/ca.cert
+          dest: /etc/zabbix/certs/ca.cert
+          owner: zabbix
+          group: root
+          mode: '0640'
+
+# Copy Zabbix client.cert to host
+      - name: perform copy client.cert
+        copy:
+          src: ~/install_packages/zabbix/certs/client.cert
+          dest: /etc/zabbix/certs/client.cert
+          owner: zabbix
+          group: root
+          mode: '0640'
+
+# Copy Zabbix client_private.key to host
+      - name: perform copy ca.cert
+        copy:
+          src: ~/install_packages/zabbix/certs/client_private.key
+          dest: /etc/zabbix/certs/client_private.key
+          owner: zabbix
+          group: root
+          mode: '0640'
+
+
+      - name : remove /etc/zabbix_agentd.conf file if present
+        file:
+          path: /etc/zabbix_agentd.conf
+          state: absent
+
+# Copy Zabbix agent PSK
+      - name: perform copy of Zabbix agent PSK
+        copy:
+          src: ~/install_packages/zabbix/psk.key
+          dest: /etc/zabbix/psk.key
+          owner: zabbix
+          group: root
+          mode: '0440'
+
+# Ensure /var/log/zabbix/ exists w/ correct permissions
+      - name: Create /var/log/zabbix if needed
+        file:
+          path: /var/log/zabbix
+          state: directory
+          owner: zabbix
+          group: zabbix
+          mode: '0775'
+
+
+# Ensure /var/log/zabbix/zabbix_agentd.log exists
+      - name: Touch /var/log/zabbix/zabbix_agent2.log
+        file:
+          path: /var/log/zabbix/zabbix_agent2.log
+          state: touch
+          owner: zabbix
+          group: zabbix
+          mode: '0664'
+
+
+# Allow connections to :10050 on systems using firewalld:
+      - name: allow :10050/tcp incoming, firewalld
+        firewalld:
+          port:
+            - 10050/tcp
+            - 10051/tcp
+          permanent: True
+          state: enabled
+          immediate: True
+        when: ansible_facts.services['firewalld.service']['status'] == 'enabled'
+        ignore_errors: yes
+
+# Allow connections to :10050 on systems using iptables.service:
+      - name: Open 10050/tcp if iptables.service is running
+        iptables:
+          chain: INPUT
+          src_range: "***CONTENTS REDACTED***"
+          protocol: tcp
+          destination_ports:
+            - "10050"
+            - "10051"
+          jump: ACCEPT
+        when: ansible_facts.services['iptables.service']['status'] == 'enabled'
+        ignore_errors: yes
+
+# Allow connections to :10050 on systems using UFW:
+      - name: allow :10050/tcp incoming, ufw
+        ufw:
+          rule: allow
+          port: '10050'
+          proto: tcp
+          comment: Zabbix agent on 10050
+        when:
+          - "'ufw' in services"
+          - ansible_facts.services['ufw.service']['status'] == 'enabled'
+        ignore_errors: yes
+
+# Enable zabbix-agent on systemd-enabled systems:
+      - name: enable zabbix-agent2 service
+        systemd:
+          name: zabbix-agent2
+          enabled: True
+          masked: no
+          state: started
+        ignore_errors: False
+        #when: ansible_facts.services['source'].source == systemd
+        when: ansible_facts.service_mgr == "systemd"
+
+# Restart systemd service
+      - name: restart zabbix-agent2.service, systemd
+        systemd:
+          name: zabbix-agent2
+          enabled: True
+          masked: no
+          state: restarted
+        ignore_errors: False
+        when: ansible_facts.service_mgr == "systemd"

playbooks/packagemanagement/sentinelone/include/REDACTED-activation_script.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+###################################################
+sentinelToken="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+###################################################
+
+if [ -f /opt/sentinelone/bin/sentinelctl ]; then
+    echo "/opt/sentinelone/bin/sentinelctl found!"
+    /opt/sentinelone/bin/sentinelctl management token set $sentinelToken
+    /opt/sentinelone/bin/sentinelctl control start
+else
+    echo "/opt/sentinelone/bin/sentinelctl not found!"
+    exit 1
+fi

playbooks/packagemanagement/sentinelone/include/REDACTED-siteToken.txt

@@ -0,0 +1 @@
+0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

playbooks/packagemanagement/sentinelone/include/SentinelAgent_linux_v22_4_2_4.deb

@@ -0,0 +1 @@
+***CONTENTS REDACTED***

playbooks/packagemanagement/sentinelone/include/SentinelAgent_linux_v22_4_2_4.rpm

@@ -0,0 +1 @@
+***CONTENTS REDACTED***

playbooks/packagemanagement/sentinelone/include/activation_script.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+###################################################
+sentinelToken="***CONTENTS REDACTED***"
+###################################################
+
+if [ -f /opt/sentinelone/bin/sentinelctl ]; then
+    echo "/opt/sentinelone/bin/sentinelctl found!"
+    /opt/sentinelone/bin/sentinelctl management token set $sentinelToken
+    /opt/sentinelone/bin/sentinelctl control start
+else
+    echo "/opt/sentinelone/bin/sentinelctl not found!"
+    exit 1
+fi

playbooks/packagemanagement/sentinelone/include/siteToken.txt

@@ -0,0 +1 @@
+***CONTENTS REDACTED***

playbooks/packagemanagement/sentinelone/install_rpm_or_deb.playbook.yaml

@@ -0,0 +1,77 @@
+---
+  - name: "Install an rpm or deb file using yum/dnf/apt"
+    hosts: all
+    gather_facts: True
+    become: true
+    vars:
+      - install_file_path: "include/"
+      - rpm_filename: "SentinelAgent_linux_v22_4_2_4.rpm"
+      - deb_filename: "SentinelAgent_linux_v22_4_2_4.deb"
+      - script_file: "include/activation_script.sh"
+      - new_host_fqdn: "{{ ansible_fqdn }}"
+      - site_token: "***CONTENTS REDACTED***"
+    tasks:
+      - name: "msg print to stdout: Debug ansible_facts"
+        debug:
+          msg:
+            - ansible_facts.distribution "{{ ansible_facts.distribution }}"
+            - ansible_facts.distribution_major_version "{{ ansible_facts.distribution_major_version }}"
+            - ansible_facts.distribution_file_variety "{{ ansible_facts.distribution_file_variety }}"
+
+
+      - name: Populate systemd service_facts
+        service_facts:
+
+      - debug:
+          msg:
+            - ansible_facts.services['firewalld.service'] "{{ ansible_facts.services['firewalld.service'] }}"
+        when: "'firewalld.service' in services"
+
+      - debug:
+          msg:
+            - ansible_facts.services['iptables.service'] "{{ ansible_facts.services['iptables.service'] }}"
+        when: "'iptables.service' in services"
+
+      - debug:
+          msg:
+            - ansible_facts.services['iptables.service'] "{{ ansible_facts.services['iptables.service'] }}"
+        when: "'ufw.service' in services"
+
+###############################################  Copy source rpm or deb file to be installed  #################################################################################
+
+      - name: Copy rpm file to host when distribution_file_variety is RedHat
+        copy:
+          src: "{{ install_file_path }}{{ rpm_filename }}"
+          dest: "/home/Ansible/{{ rpm_filename }}"
+        when: ansible_facts['distribution_file_variety'] == 'RedHat'
+
+      - name: Copy deb file to host when distribution_file_variety is Debian
+        copy:
+          src: "{{ install_file_path }}{{ deb_filename }}"
+          dest: "/home/Ansible/{{ deb_filename }}"
+        when: ansible_facts['distribution_file_variety'] == 'Debian'
+
+
+###############################################  RH section  #################################################################################################
+      - name: "Perform installation w/ yum and rpm file when distribution_file_variety is RedHat"
+        yum:
+          name: /home/Ansible/{{ rpm_filename }}
+          state: present
+          disable_gpg_check: true
+        when:
+          - ansible_facts['distribution_file_variety'] == 'RedHat'
+
+###############################################  Deb section  #################################################################################################
+      - name: "Install deb file on host when distribution_file_variety is Debian"
+        apt:
+          deb: /home/Ansible/{{ deb_filename }}
+          state: present
+        when:
+          - ansible_facts['distribution_file_variety'] == 'Debian'
+
+
+###############################################  Run activation_script.sh  #################################################################################################
+      - name: "Running activation commands"
+        command:
+          cmd: /opt/sentinelone/bin/sentinelctl management token set ***CONTENTS REDACTED***
+          cmd: /opt/sentinelone/bin/sentinelctl control start

playbooks/packagemanagement/zabbix/add_authorized_key-zabbix.yaml

@@ -0,0 +1,8 @@
+
+- name: Set up multiple authorized keys
+  ansible.posix.authorized_key:
+    user: root
+    state: present
+    key: '{{ item }}'
+  with_file:
+    - public_keys/zabbix

playbooks/packagemanagement/zabbix/add_hosts_entry.yaml

@@ -0,0 +1,12 @@
+---
+  - name: "Add line in hosts file to point ***CONTENTS REDACTED*** to ***CONTENTS REDACTED***"
+    hosts: all
+    gather_facts: True
+    become: true
+    tasks:
+      - name: "line entry into /etc/hosts"
+        lineinfile:
+          path: "/etc/hosts"
+          line: "***CONTENTS REDACTED***"
+          state: present
+          backup: yes

playbooks/packagemanagement/zabbix/include/certs/ca.cert

@@ -0,0 +1 @@
+CONTENTS REDACTED

playbooks/packagemanagement/zabbix/include/certs/client.cert

@@ -0,0 +1 @@
+CONTENTS REDACTED

playbooks/packagemanagement/zabbix/include/certs/client_private.key

@@ -0,0 +1 @@
+CONTENTS REDACTED

playbooks/packagemanagement/zabbix/include/confluence.space.swri.edu-zabbix_agent2.conf

@@ -0,0 +1 @@
+

playbooks/packagemanagement/zabbix/include/id_ecdsa.pub

@@ -0,0 +1 @@
+CONTENTS REDACTED

playbooks/packagemanagement/zabbix/include/id_ed25519.pub

@@ -0,0 +1 @@
+CONTENTS REDACTED

playbooks/packagemanagement/zabbix/include/id_rsa.pub

@@ -0,0 +1 @@
+CONTENTS REDACTED

playbooks/packagemanagement/zabbix/include/individual_systems/hostname.REDACTED.TLD-zabbix_agent2.conf

@@ -0,0 +1,545 @@
+# This is a configuration file for Zabbix agent daemon (Unix)
+# To get more information about Zabbix, visit http://www.zabbix.com
+
+############ GENERAL PARAMETERS #################
+
+### Option: PidFile
+#	Name of PID file.
+#
+# Mandatory: no
+# Default:
+# PidFile=/tmp/zabbix_agentd.pid
+PidFile=/run/zabbix/zabbix_agentd.pid
+
+### Option: LogType
+#	Specifies where log messages are written to:
+#		system  - syslog
+#		file    - file specified with LogFile parameter
+#		console - standard output
+#
+# Mandatory: no
+# Default:
+# LogType=file
+
+### Option: LogFile
+#	Log file name for LogType 'file' parameter.
+#
+# Mandatory: yes, if LogType is set to file, otherwise no
+# Default:
+# LogFile=
+
+LogFile=/var/log/zabbix/zabbix_agentd.log
+
+### Option: LogFileSize
+#	Maximum size of log file in MB.
+#	0 - disable automatic log rotation.
+#
+# Mandatory: no
+# Range: 0-1024
+# Default:
+# LogFileSize=1
+LogFileSize=0
+
+### Option: DebugLevel
+#	Specifies debug level:
+#	0 - basic information about starting and stopping of Zabbix processes
+#	1 - critical information
+#	2 - error information
+#	3 - warnings
+#	4 - for debugging (produces lots of information)
+#	5 - extended debugging (produces even more information)
+#
+# Mandatory: no
+# Range: 0-5
+# Default:
+# DebugLevel=3
+
+### Option: SourceIP
+#	Source IP address for outgoing connections.
+#
+# Mandatory: no
+# Default:
+# SourceIP=
+
+### Option: AllowKey
+#	Allow execution of item keys matching pattern.
+#	Multiple keys matching rules may be defined in combination with DenyKey.
+#	Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments.
+#	Parameters are processed one by one according their appearance order.
+#	If no AllowKey or DenyKey rules defined, all keys are allowed.
+#
+# Mandatory: no
+
+### Option: DenyKey
+#	Deny execution of items keys matching pattern.
+#	Multiple keys matching rules may be defined in combination with AllowKey.
+#	Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments.
+#	Parameters are processed one by one according their appearance order.
+#	If no AllowKey or DenyKey rules defined, all keys are allowed.
+#       Unless another system.run[*] rule is specified DenyKey=system.run[*] is added by default.
+#
+# Mandatory: no
+# Default:
+# DenyKey=system.run[*]
+
+### Option: EnableRemoteCommands - Deprecated, use AllowKey=system.run[*] or DenyKey=system.run[*] instead
+#	Internal alias for AllowKey/DenyKey parameters depending on value:
+#	0 - DenyKey=system.run[*]
+#	1 - AllowKey=system.run[*]
+#
+# Mandatory: no
+
+### Option: LogRemoteCommands
+#	Enable logging of executed shell commands as warnings.
+#	0 - disabled
+#	1 - enabled
+#
+# Mandatory: no
+# Default:
+# LogRemoteCommands=0
+
+##### Passive checks related
+
+### Option: Server
+#	List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of Zabbix servers and Zabbix proxies.
+#	Incoming connections will be accepted only from the hosts listed here.
+#	If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally
+#	and '::/0' will allow any IPv4 or IPv6 address.
+#	'0.0.0.0/0' can be used to allow any IPv4 address.
+#	Example: Server=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com
+#
+# Mandatory: yes, if StartAgents is not explicitly set to 0
+# Default:
+# Server=
+Server= ***CONTENTS REDACTED***
+### Option: ListenPort
+#	Agent will listen on this port for connections from the server.
+#
+# Mandatory: no
+# Range: 1024-32767
+# Default:
+ListenPort=10050
+
+### Option: ListenIP
+#	List of comma delimited IP addresses that the agent should listen on.
+#	First IP address is sent to Zabbix server if connecting to it to retrieve list of active checks.
+#
+# Mandatory: no
+# Default:
+# ListenIP=0.0.0.0
+
+### Option: StartAgents
+#	Number of pre-forked instances of zabbix_agentd that process passive checks.
+#	If set to 0, disables passive checks and the agent will not listen on any TCP port.
+#
+# Mandatory: no
+# Range: 0-100
+# Default:
+# StartAgents=3
+
+##### Active checks related
+
+### Option: ServerActive
+#	Zabbix server/proxy address or cluster configuration to get active checks from.
+#	Server/proxy address is IP address or DNS name and optional port separated by colon.
+#	Cluster configuration is one or more server addresses separated by semicolon.
+#	Multiple Zabbix servers/clusters and Zabbix proxies can be specified, separated by comma.
+#	More than one Zabbix proxy should not be specified from each Zabbix server/cluster.
+#	If Zabbix proxy is specified then Zabbix server/cluster for that proxy should not be specified.
+#	Multiple comma-delimited addresses can be provided to use several independent Zabbix servers in parallel. Spaces are allowed.
+#	If port is not specified, default port is used.
+#	IPv6 addresses must be enclosed in square brackets if port for that host is specified.
+#	If port is not specified, square brackets for IPv6 addresses are optional.
+#	If this parameter is not specified, active checks are disabled.
+#	Example for Zabbix proxy:
+#		ServerActive=127.0.0.1:10051
+#	Example for multiple servers:
+#		ServerActive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1]
+#	Example for high availability:
+#		ServerActive=zabbix.cluster.node1;zabbix.cluster.node2:20051;zabbix.cluster.node3
+#	Example for high availability with two clusters and one server:
+#		ServerActive=zabbix.cluster.node1;zabbix.cluster.node2:20051,zabbix.cluster2.node1;zabbix.cluster2.node2,zabbix.domain
+#
+# Mandatory: no
+# Default:
+# ServerActive=
+
+ServerActive=***CONTENTS REDACTED***
+
+### Option: Hostname
+#	List of comma delimited unique, case sensitive hostnames.
+#	Required for active checks and must match hostnames as configured on the server.
+#	Value is acquired from HostnameItem if undefined.
+#
+# Mandatory: no
+# Default:
+# Hostname=
+
+### Option: HostnameItem
+#	Item used for generating Hostname if it is undefined. Ignored if Hostname is defined.
+#	Does not support UserParameters or aliases.
+#
+# Mandatory: no
+# Default:
+HostnameItem=system.hostname
+
+### Option: HostMetadata
+#	Optional parameter that defines host metadata.
+#	Host metadata is used at host auto-registration process.
+#	An agent will issue an error and not start if the value is over limit of 255 characters.
+#	If not defined, value will be acquired from HostMetadataItem.
+#
+# Mandatory: no
+# Range: 0-255 characters
+# Default:
+# HostMetadata=
+
+### Option: HostMetadataItem
+#	Optional parameter that defines an item used for getting host metadata.
+#	Host metadata is used at host auto-registration process.
+#	During an auto-registration request an agent will log a warning message if
+#	the value returned by specified item is over limit of 255 characters.
+#	This option is only used when HostMetadata is not defined.
+#
+# Mandatory: no
+# Default:
+# HostMetadataItem=
+
+### Option: HostInterface
+#	Optional parameter that defines host interface.
+#	Host interface is used at host auto-registration process.
+#	An agent will issue an error and not start if the value is over limit of 255 characters.
+#	If not defined, value will be acquired from HostInterfaceItem.
+#
+# Mandatory: no
+# Range: 0-255 characters
+# Default:
+# HostInterface=
+
+### Option: HostInterfaceItem
+#	Optional parameter that defines an item used for getting host interface.
+#	Host interface is used at host auto-registration process.
+#	During an auto-registration request an agent will log a warning message if
+#	the value returned by specified item is over limit of 255 characters.
+#	This option is only used when HostInterface is not defined.
+#
+# Mandatory: no
+# Default:
+# HostInterfaceItem=
+
+### Option: RefreshActiveChecks
+#	How often list of active checks is refreshed, in seconds.
+#
+# Mandatory: no
+# Range: 60-3600
+# Default:
+# RefreshActiveChecks=120
+
+### Option: BufferSend
+#	Do not keep data longer than N seconds in buffer.
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# BufferSend=5
+
+### Option: BufferSize
+#	Maximum number of values in a memory buffer. The agent will send
+#	all collected data to Zabbix Server or Proxy if the buffer is full.
+#
+# Mandatory: no
+# Range: 2-65535
+# Default:
+# BufferSize=100
+
+### Option: MaxLinesPerSecond
+#	Maximum number of new lines the agent will send per second to Zabbix Server
+#	or Proxy processing 'log' and 'logrt' active checks.
+#	The provided value will be overridden by the parameter 'maxlines',
+#	provided in 'log' or 'logrt' item keys.
+#
+# Mandatory: no
+# Range: 1-1000
+# Default:
+# MaxLinesPerSecond=20
+
+############ ADVANCED PARAMETERS #################
+
+### Option: Alias
+#	Sets an alias for an item key. It can be used to substitute long and complex item key with a smaller and simpler one.
+#	Multiple Alias parameters may be present. Multiple parameters with the same Alias key are not allowed.
+#	Different Alias keys may reference the same item key.
+#	For example, to retrieve the ID of user 'zabbix':
+#	Alias=zabbix.userid:vfs.file.regexp[/etc/passwd,^zabbix:.:([0-9]+),,,,\1]
+#	Now shorthand key zabbix.userid may be used to retrieve data.
+#	Aliases can be used in HostMetadataItem but not in HostnameItem parameters.
+#
+# Mandatory: no
+# Range:
+# Default:
+
+### Option: Timeout
+#	Spend no more than Timeout seconds on processing
+#
+# Mandatory: no
+# Range: 1-30
+# Default:
+# Timeout=3
+
+### Option: AllowRoot
+#	Allow the agent to run as 'root'. If disabled and the agent is started by 'root', the agent
+#	will try to switch to the user specified by the User configuration option instead.
+#	Has no effect if started under a regular user.
+#	0 - do not allow
+#	1 - allow
+#
+# Mandatory: no
+# Default:
+# AllowRoot=0
+
+### Option: User
+#	Drop privileges to a specific, existing user on the system.
+#	Only has effect if run as 'root' and AllowRoot is disabled.
+#
+# Mandatory: no
+# Default:
+# User=zabbix
+
+### Option: Include
+#	You may include individual files or all files in a directory in the configuration file.
+#	Installing Zabbix will create include directory in /etc, unless modified during the compile time.
+#
+# Mandatory: no
+# Default:
+# Include=
+
+##
+##  11-16-2023: commending out "Include" statement: causes "Recursion detected! Skipped processing"
+## Include=/etc/zabbix/*.conf
+
+# Include=/etc/zabbix_agentd.userparams.conf
+# Include=/etc/zabbix_agentd.conf.d/
+# Include=/etc/zabbix_agentd.conf.d/*.conf
+
+####### USER-DEFINED MONITORED PARAMETERS #######
+
+### Option: UnsafeUserParameters
+#	Allow all characters to be passed in arguments to user-defined parameters.
+#	The following characters are not allowed:
+#	\ ' " ` * ? [ ] { } ~ $ ! & ; ( ) < > | # @
+#	Additionally, newline characters are not allowed.
+#	0 - do not allow
+#	1 - allow
+#
+# Mandatory: no
+# Range: 0-1
+# Default:
+# UnsafeUserParameters=0
+
+### Option: UserParameter
+#	User-defined parameter to monitor. There can be several user-defined parameters.
+#	Format: UserParameter=<key>,<shell command>
+#	See 'zabbix_agentd' directory for examples.
+#
+# Mandatory: no
+# Default:
+# UserParameter=
+
+### Option: UserParameterDir
+#	Directory to execute UserParameter commands from. Only one entry is allowed.
+#	When executing UserParameter commands the agent will change the working directory to the one
+#	specified in the UserParameterDir option.
+#	This way UserParameter commands can be specified using the relative ./ prefix.
+#
+# Mandatory: no
+# Default:
+# UserParameterDir=
+
+####### LOADABLE MODULES #######
+
+### Option: LoadModulePath
+#	Full path to location of agent modules.
+#	Default depends on compilation options.
+#	To see the default path run command "zabbix_agentd --help".
+#
+# Mandatory: no
+# Default:
+# LoadModulePath=${libdir}/modules
+
+### Option: LoadModule
+#	Module to load at agent startup. Modules are used to extend functionality of the agent.
+#	Formats:
+#		LoadModule=<module.so>
+#		LoadModule=<path/module.so>
+#		LoadModule=</abs_path/module.so>
+#	Either the module must be located in directory specified by LoadModulePath or the path must precede the module name.
+#	If the preceding path is absolute (starts with '/') then LoadModulePath is ignored.
+#	It is allowed to include multiple LoadModule parameters.
+#
+# Mandatory: no
+# Default:
+# LoadModule=
+
+####### TLS-RELATED PARAMETERS #######
+
+### Option: TLSConnect
+#	How the agent should connect to server or proxy. Used for active checks.
+#	Only one value can be specified:
+#		unencrypted - connect without encryption
+#		psk         - connect using TLS and a pre-shared key
+#		cert        - connect using TLS and a certificate
+#
+# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
+# Default:
+# TLSConnect=unencrypted
+TLSConnect=psk
+
+### Option: TLSAccept
+#	What incoming connections to accept.
+#	Multiple values can be specified, separated by comma:
+#		unencrypted - accept connections without encryption
+#		psk         - accept connections secured with TLS and a pre-shared key
+#		cert        - accept connections secured with TLS and a certificate
+#
+# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
+# Default:
+# TLSAccept=unencrypted
+TLSAccept=psk,cert
+### Option: TLSCAFile
+#	Full pathname of a file containing the top-level CA(s) certificates for
+#	peer certificate verification.
+#
+# Mandatory: no
+# Default:
+# TLSCAFile=
+TLSCAFile=/etc/zabbix/certs/ca.cert
+
+### Option: TLSCRLFile
+#	Full pathname of a file containing revoked certificates.
+#
+# Mandatory: no
+# Default:
+# TLSCRLFile=
+
+### Option: TLSServerCertIssuer
+#		Allowed server certificate issuer.
+#
+# Mandatory: no
+# Default:
+# TLSServerCertIssuer=
+
+### Option: TLSServerCertSubject
+#		Allowed server certificate subject.
+#
+# Mandatory: no
+# Default:
+# TLSServerCertSubject=
+
+### Option: TLSCertFile
+#	Full pathname of a file containing the agent certificate or certificate chain.
+#
+# Mandatory: no
+# Default:
+# TLSCertFile=
+
+TLSCertFile=/etc/zabbix/certs/client.cert
+
+### Option: TLSKeyFile
+#	Full pathname of a file containing the agent private key.
+#
+# Mandatory: no
+# Default:
+# TLSKeyFile=
+
+TLSKeyFile=/etc/zabbix/certs/client_private.key
+
+### Option: TLSPSKIdentity
+#	Unique, case sensitive string used to identify the pre-shared key.
+#
+# Mandatory: no
+# Default:
+# TLSPSKIdentity=
+TLSPSKIdentity=default
+### Option: TLSPSKFile
+#	Full pathname of a file containing the pre-shared key.
+#
+# Mandatory: no
+# Default:
+# TLSPSKFile=
+TLSPSKFile=/etc/zabbix/psk.key
+####### For advanced users - TLS ciphersuite selection criteria #######
+
+### Option: TLSCipherCert13
+#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+#	Override the default ciphersuite selection criteria for certificate-based encryption.
+#
+# Mandatory: no
+# Default:
+# TLSCipherCert13=
+
+### Option: TLSCipherCert
+#	GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+#	Override the default ciphersuite selection criteria for certificate-based encryption.
+#	Example for GnuTLS:
+#		NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
+#	Example for OpenSSL:
+#		EECDH+aRSA+AES128:RSA+aRSA+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherCert=
+
+### Option: TLSCipherPSK13
+#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+#	Override the default ciphersuite selection criteria for PSK-based encryption.
+#	Example:
+#		TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+#
+# Mandatory: no
+# Default:
+# TLSCipherPSK13=
+
+### Option: TLSCipherPSK
+#	GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+#	Override the default ciphersuite selection criteria for PSK-based encryption.
+#	Example for GnuTLS:
+#		NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL
+#	Example for OpenSSL:
+#		kECDHEPSK+AES128:kPSK+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherPSK=
+
+### Option: TLSCipherAll13
+#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+#	Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
+#	Example:
+#		TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+#
+# Mandatory: no
+# Default:
+# TLSCipherAll13=
+
+### Option: TLSCipherAll
+#	GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+#	Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
+#	Example for GnuTLS:
+#		NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
+#	Example for OpenSSL:
+#		EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherAll=
+
+####### For advanced users - TCP-related fine-tuning parameters #######
+
+## Option: ListenBacklog
+#       The maximum number of pending connections in the queue. This parameter is passed to
+#       listen() function as argument 'backlog' (see "man listen").
+#
+# Mandatory: no
+# Range: 0 - INT_MAX (depends on system, too large values may be silently truncated to implementation-specified maximum)
+# Default: SOMAXCONN (hard-coded constant, depends on system)
+# ListenBacklog=

playbooks/packagemanagement/zabbix/include/individual_systems/store0/zabbix_config_files.tar.gz

@@ -0,0 +1 @@
+

playbooks/packagemanagement/zabbix/include/psk.key

@@ -0,0 +1 @@
+CONTENTS REDACTED

playbooks/packagemanagement/zabbix/include/repos/rpm/CentOS/10/AGPLv3

@@ -0,0 +1,661 @@
+                    GNU AFFERO GENERAL PUBLIC LICENSE
+                       Version 3, 19 November 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The GNU Affero General Public License is a free, copyleft license for
+software and other kinds of works, specifically designed to ensure
+cooperation with the community in the case of network server software.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+our General Public Licenses are intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  Developers that use our General Public Licenses protect your rights
+with two steps: (1) assert copyright on the software, and (2) offer
+you this License which gives you legal permission to copy, distribute
+and/or modify the software.
+
+  A secondary benefit of defending all users' freedom is that
+improvements made in alternate versions of the program, if they
+receive widespread use, become available for other developers to
+incorporate.  Many developers of free software are heartened and
+encouraged by the resulting cooperation.  However, in the case of
+software used on network servers, this result may fail to come about.
+The GNU General Public License permits making a modified version and
+letting the public access it on a server without ever releasing its
+source code to the public.
+
+  The GNU Affero General Public License is designed specifically to
+ensure that, in such cases, the modified source code becomes available
+to the community.  It requires the operator of a network server to
+provide the source code of the modified version running there to the
+users of that server.  Therefore, public use of a modified version, on
+a publicly accessible server, gives the public access to the source
+code of the modified version.
+
+  An older license, called the Affero General Public License and
+published by Affero, was designed to accomplish similar goals.  This is
+a different license, not a version of the Affero GPL, but Affero has
+released a new version of the Affero GPL which permits relicensing under
+this license.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU Affero General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Remote Network Interaction; Use with the GNU General Public License.
+
+  Notwithstanding any other provision of this License, if you modify the
+Program, your modified version must prominently offer all users
+interacting with it remotely through a computer network (if your version
+supports such interaction) an opportunity to receive the Corresponding
+Source of your version by providing access to the Corresponding Source
+from a network server at no charge, through some standard or customary
+means of facilitating copying of software.  This Corresponding Source
+shall include the Corresponding Source for any work covered by version 3
+of the GNU General Public License that is incorporated pursuant to the
+following paragraph.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the work with which it is combined will remain governed by version
+3 of the GNU General Public License.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU Affero General Public License from time to time.  Such new versions
+will be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU Affero General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU Affero General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU Affero General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If your software can interact with users remotely through a computer
+network, you should also make sure that it provides a way for users to
+get its source.  For example, if your program is a web application, its
+interface could display a "Source" link that leads users to an archive
+of the code.  There are many ways you could offer source, and different
+solutions will be better for different programs; see section 13 for the
+specific requirements.
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU AGPL, see
+<https://www.gnu.org/licenses/>.

playbooks/packagemanagement/zabbix/include/repos/rpm/CentOS/10/RPM-GPG-KEY-ZABBIX-B5333005

@@ -0,0 +1,52 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGYwjIcBEADHPOcYeW6xpiMh2ZO6a9OCncCs4IBQa7Ie+omyzJLNldnBMrxO
+jbZXY2brQZWu5GEA6rTrexbfq9w/MaGiV5hAJ/x9oKHHKod79IfYLWsYS+rKTEr4
+OptCGYqmJhdB29m44feut/PjjbjTuD0nwkaaE4Cm90r2aHMj5CcuD0/V823MgOwY
+v5uz1Az9OhMLHB+qO/QDGZOxfmETpfj0J1Sh1afTngXoPgyniBT0BuyAMRlb2js6
+QSpT9AnVxVDMVZwu5Ioy9Jf1Rz8ibP6LTN4Rh+TDFJizzoqJMqfDjN8PculcVZvG
+j3bpweL0txhSykuLN75GPP1DO7rSVljIAChpY1hPtpYBD3F7uL0udpauVhVUY3Vs
+13kxbsDgSr84s+tpRxV9BaQy2pjQY/jyesbFpFCjGHqUZVS1F3huWYBukQn3Em7C
+X3WgzWe1iewPxENCLSGfSEVBcQ28guNvy2INcHHjx+AWOXFfkDKVZtBOH5MVr6hR
+/xJH9S8Pd4wJZ4wvXwwDUBMD0Jju5ELE9/NQty8AeL6tjZomVhO2nFUe3N0lKE2K
+wNLt0N4PqDrCHogQ7knROMR+9KqjFu+ko39TZmCUlVncX3s0v0t9gxIK9zQoX9p6
+ngAr7IM8rGe/BGD7crYsrveWtBA7AY2DX9Z9iQylsXrq8tfGyhMaH3SgLwARAQAB
+tCtaYWJiaXggTExDIChBcHIgMjAyNCkgPHBhY2thZ2VyQHphYmJpeC5jb20+iQJU
+BBMBCgA+FiEETD1vLMdfUUZ1T8N02RMhmrUzMAUFAmYwjIcCGwMFCRLMAwAFCwkI
+BwMFFQoJCAsFFgIDAQACHgECF4AACgkQ2RMhmrUzMAWf/w/+NSQz9LfZo7eNuKpd
+piWsQgI+73sdLXmABp9kNWYrYTghXUe0WkWyLuFRMOh4fxZCtdiwpeEKGEDUgPr7
+gTMH7ay7gD2kCJLCJl1tUCh4ryXJvVMyN9J+x7w742fOdPrVK9/ULad1KAH6zx+J
+Ym/Qt5JfYMhjeCIBKpappGMVCFb3sEJUT4e7ggqt9uUgbjlpQtYhZg65vaX9C7qZ
+EXxaWEfBkBNiHEeImuv6wjp1rM4cNMQW7lnfnvlo1MmkmDzQjCFA5g41DvK1YQcE
+HWDW6Zp30SGQqthEHNOPHezNCxD1vMxfUCUawSZP5ajuK6o/CGM9L5rjvcCnpe+6
+JVCX93KkPB0VqgfzzHB7OQsWQ8csRkjsW0v+5PkXbRRkf98YzaYDqVa1AvGv5YOv
+alEPlqvQ6Xnm/6xV9gIr49Kgkf+VFvigbvwKfiH0hseWZN5ykswFoZ4mvYCJO6m4
+ouU4sSW8AM/LxHHvlAZdO9h8O961nh5fs8AIl4EJb+4kClnYFGaguCKZyAu1V7bJ
+vDZ0OlaRtnh2cEPBd9W0CoPZaEHYcUDFmMIlxab1oGgDqIN4SJoCTnJLJ4BloQFs
+9rIpAMcXxA3lqNnBjbolXqUTJq9WIpe6q/r38ADh0M5najksbwZWU0WZ+j2DJmgV
+otW7wuTabGL9k3lnyNRwlK4OkRe5Ag0EZjCMhwEQAL1RylY+ljV/Ma9rAcZxwT08
+/emKEE4VMeDlJbzEWeMNjx8IpeVI3JlADkolbggcBEELZiwRRAJrJaYcBDNq0ZmE
+BG5ffJin12iIU6f0GFg4x4elcPi9diP/1foz6k93eWYMpAj17B1YTM9ZgKKIJmuf
+8GDsMTb/AgHcGC+gkduZGakUcHv538o+ub8/021HPqmYcF/HVaENv0LJd3yxLB6/
+mhSCT9axuX6NDQxVxzXKz+PAnz1uYyz7yZB4YXROHNwnvOGPYbljIGQPTIgjrCNP
+26ySH9t6JYxWY7bXJKGepSnk0QeGHiM0p6TC9n3BS6RkmKUt0c6cXbW+BCc8QHOj
+jzPOxjbvpmbZtVo56ZQYm/DWuj0lg+/pYKSReX5YJ8gnvhRoNM/fLeWsIGMZJaM9
+DygVTU0/0r7rxYbXoDqHMhsdMvjmrSAD3pDcPDci6WyeaLcvphvfZR4uyKtz1FS0
+GU+B0ly1gwItDca2En01AbrYX3eLnSw6ZwegBy42gnzAooFmGrfQUuskr+j5hxzs
+BBCTtU6zEBGIMAVs1pNCnUVEleD/2E2U4Uzqi/XQv95b3msqP3tNkWrp1Em12Wls
+2bIe47+uOpfcxzsAADLTu5avJT0YcJ3u1lBB6rIBcFL6kmkqD1u2pgFZw5Otdo4h
+/8gxK3CZ/g81yCsBOcNZABEBAAGJAjwEGAEKACYWIQRMPW8sx19RRnVPw3TZEyGa
+tTMwBQUCZjCMhwIbDAUJEswDAAAKCRDZEyGatTMwBeZUEACOatbYmCCIdcqF05id
+GsoPRqXEQHj8cY3NmzD4nlATJPHLN8+p6TH1mDInnBFfDp6Ll1u8PHnvGccVDUl+
+aJCDCOcscqaKNaIbAi39OFLyED/j1t2g0VH9M0F41ZOofQN/Tf4SaR3ziY4j4hn+
+pWpzqcdQ4zCSA+c95NijkeSgGFdT8OzCbWrmvKHdoeaescRMJg3Zmi3Aegqaaxe8
+MMmixmGYk7jz35G0oBABCEcWTeqFXpQIG91AN5F0qe+tgQgwEr2N8YvIdRUb0e1c
+Yc7Ly7pNHgH7wd0L2SND2pamXrZ6+kbUVVg46aa6XKvx36Fa2R0n6Var+Dcb9Rsr
+mLq69/n2C18QLKwMnVSJfetPzQhAOnJ85Q2alRIyrMa7wq7+5NLcNBTGRRm4WYut
+mzRvmmMmt0r+LOaV1fUdtfUVyIDrAb7rdqGW4eGbWTSLOcSgX7czThne7/v3zuSP
+N0nc8yosGQp2aT8XCuzWqGQQ10NxUKP374jdetWgFI/8fH5zVx67TrViJ0FnK2Ug
+CTtaHKt7jwwkMs6Y0kCCi/xysw+6UlDmBvzM5TVcWSO/lDUotFccn7IC782ghT03
+pY9AfSJCu2NB44LODaLg9jyXbv2MPq8ZsWRqxxmmCUinmQMV6rI/nWPZpgEpKId7
+RF/42ix6CdCLj9WuDJRHAPA6nA==
+=iQwh
+-----END PGP PUBLIC KEY BLOCK-----

playbooks/packagemanagement/zabbix/include/repos/rpm/CentOS/10/RPM-GPG-KEY-ZABBIX-TOOLS

@@ -0,0 +1,51 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGYY5NABEADivJt9rUIiZJgcF0SXTdPldjjir+BWnbqroAR582BmSbhEnIvq
+ZQS5M+wpyS1a4V3hV1qy0zi96qekNFFIy8GNCJ8bevU/NZVjH1RtI58UT4NRAahW
+2MaypPUlvwEzzWwxA8yHzmLaKsiqflZJR7wMHfx2hMKw41Q58VcWgadWjOtl8oyU
+e5Z/nMSabDssPUuFv9EB+OVzNanJGbpSnxfKBB0sCs8mx2uWnOnK0crFRtaTM2Ym
+F1/UJzLIWxYmV9Y2hUyHosTdtbXk6BA2iQq4DrpQ0Xba9NL2d6nRj6KNDfA+n8PP
+Z1R5u7+iujXs2a7yb024Ge9uCX+6G9i250kDobG37CpdXRCgfc6TThkGbWmYSRnZ
+TtbqBLLgq4cIMXURy1uvEiQWzdHxTOOinYe4khV7USEjPbC6X42vCt3cAnZAYChx
+Dx+/5d1IaLNoc/odosp2XCIcCpOhcq6vj+MTByiShHlF9nUQhsJHfdHLNLEFA/NR
+eierO/g1AbqVfnQOS/o1vpZ4eOzedQMgLK6udu9r/7hicflewduuTKe8DBPUQ7le
+qk4EvmEPtpT8h/m6SNu8agxrY+DcOmQP52apDCEXxk8C56bO082WH7W3PlMEcvDJ
+ASROgryz4JaDL3j17NwOIiYpAVheb2xhZW/mFUxNDPW6gkdFOC+OhfHrHwARAQAB
+tCJaYWJiaXggVG9vbHMgPHBhY2thZ2VyQHphYmJpeC5jb20+iQJOBBMBCgA4FiEE
+hBYsOfAAdQ3a64FjBaf67CJ2GNgFAmYY5NACGwMFCwkIBwMFFQoJCAsFFgIDAQAC
+HgECF4AACgkQBaf67CJ2GNiLVA//cJc20e+RisuAhMR4URA8LSyD70msEQV2E/a4
+NOZcBExFc5nj3VycOpKJtnfZyeCJFnZt62v28PB8ldx7dGK86RmFIWZMe3sYmSA8
+qtG5DI9RHbgoSYkFJ97bAdgcSqTSwM++qL+z/khSMtXGA1NlQAsD/0+2a/H5C+qt
+HCxoXkxBuBNsNifKjI1C7X2nXa509CAz13UhVbkaWG+Ld8EUBeiJASSLhtnHkBKS
+JfCRvT2/sya04l4kwJ6Wx5beAPegPPWoi5X7ux0alToJlf3PXnf3etrmGeb/UguB
+CjIv5TG5DMpxCKv/KeGawu7lgMV+Ih+bkBASEjfNMWNUSY7OtiTbv/3RWVSE16DZ
+Cnl6KkG+ouJiuu2UzAgQUWen1BpFkVhjpwE0wD1q866808yuOeViNZEK/h0CEr0e
+yYElGyxj6V0ub81IBdqOjIV9S3+zSLPvaoGxIjGOUlU+sZ/sQa98EWUeo9tlPrp+
+0F17hnc9G7XnzB0F6b//YFCOJQo3lAa6I049lRe/42LreCgLAL60kmamhnd7jgSm
+wOApZrrX8usRqLGpv8LPeCc0fWbZdBinNUjTY0H51XVQzsLBSRsGktY5bWkub/oY
+8mIQpYkDCan7WSqU/7ioXr67jA47Q2Hl9/lUhb+CG7ZF6hNTemu65EVyKYH4O3bJ
+QMAyNre5Ag0EZhjk0AEQANQ5nOt+0d/kWeiknANEwNJGzxdoIQA6LfD3OkMeZ/os
+2BV8iZaeltfIClXuiIzN9EmV//D7bclngSMqghyELlj5WtcA07UUNdE7EXKZ4cwg
+4Isal04bclYejs9BLF1TUmQGDXOI6909qRSygGoANS3a5LA8Jz4ObFwnnxqJveEu
+ugVO4FfySYW43fu86zzl5UFcGEsfepFdlHkKgXcmVF+fxrQ1ekROnG1GdKyv7iST
+r9H2Vn2AGQrF0Wx+kYyj/iYTQCAmAgSJwDlEZ5Jh4ZCiFi14w4B3b9ddM82DoJsA
++ABC7NdJ2uKiZ+feEgTEiEmaSbBrg+2AWc0LSqMbb3s9hlXtJMpjyHzS+SKH4TCQ
+fFNp/5mE9PLfLGn+nnGVrdVeeEi5pt7gufLsstdTtKmdTtZ2AdE+9iefZpY8XxZN
+UcEbgoJRq/IKwbEwh7dVim0yRYmzv/WKgJEoSHyCyEnPJGc2BS5bKD9s1GpdgEwk
+HB1U/+vvaHHaaqEQIKr0hRp2Us5TNUXOPmzw2CkCAvirZehaP7I8Ka8AlC1eL93u
+aqjcJSVdd/XQhIYiCZnNJv+lfh53MHcojgVWIirCNEAzSekVGq59t5otewVPTFxk
+75ojtc9pR2n54a4kPetjB35YPJ+cixCzZPGGDK6vIlJp/lJfHyc0VLROMq5JB/77
+ABEBAAGJAjYEGAEKACAWIQSEFiw58AB1DdrrgWMFp/rsInYY2AUCZhjk0AIbDAAK
+CRAFp/rsInYY2AFdD/9iBBEthRdkVZQwll+T706ptXWEJ+n6TlBFUhE/oWZYwwCY
+5xocHW9Na6mU1pvL753S7an2cnhpe7W/RS236cahlQFFhUm3UDqa77WADcxgjuxG
+s2mzoOyPSwffXs7+FoaMzWkVaQkIqcpFnUK8Xn68xXRgFXhGLbirYnPBwkfnGi5W
+0pqBcfD0fjQ50Ta1HAjFq7fGi1jtv80i+qrY/RUtJB6Jto6714DRjbEpftKxhmXg
+mXN2UcaiEGmpDl+upI8gvn1Au9E/CYsomlQD1re95nWTWllG12Al8R1aW3PCpPpu
+/pfT9qB74yJ/fBufHsQe8ccYwZVpVtB+afbKVLw8gw//bNKofqLhjveGSs1DI6Ua
+ReWo1iaDqvUcFHS3Q9NAHwTj3864kBOymCGTCMmciZGGWJaRbmXOiln1uvrPBoIF
+KFd0kDjsFHdshFXGq5qfxn2l1aCL+bAcKxUPR8uzqkT0iGWF1zAZW2Ubm55MhXYd
+ncc5WbM2cn8o/gsp7Urcrf0jIzldifbxSIU00tojhQle6QwqVT5jmkOTEEcjTx/O
+vIT3jv1xr+xHAl96FLu2TDz6WOB7pT0ezmsIzIeN8SvUadNYupPoYaNuuhkSX9D7
+qcb1baJObbPKIDCocEwLQpuMFLTeeCrSxW4F8GETTW8LNecSnG6dxfW3AqqgYQ==
+=Ey2D
+-----END PGP PUBLIC KEY BLOCK-----

playbooks/packagemanagement/zabbix/include/repos/rpm/CentOS/10/zabbix-release.repo

@@ -0,0 +1,6 @@
+[zabbix-release]
+name=Zabbix Official Repository (release packages) - noarch
+baseurl=https://repo.zabbix.com/zabbix/7.2/release/centos/10/noarch/
+enabled=1
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-B5333005

playbooks/packagemanagement/zabbix/include/repos/rpm/CentOS/10/zabbix-third-party.repo

@@ -0,0 +1,6 @@
+[zabbix-third-party]
+name=Zabbix Official Repository (third-party) - $basearch
+baseurl=https://repo.zabbix.com/third-party/2024-10/centos/10/$basearch/
+enabled=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-B5333005
+gpgcheck=1

playbooks/packagemanagement/zabbix/include/repos/rpm/CentOS/10/zabbix-tools.repo

@@ -0,0 +1,13 @@
+[zabbix-tools]
+name=Zabbix Official Repository (tools) - $basearch
+baseurl=https://repo.zabbix.com/zabbix-tools/rhel/10/$basearch/
+enabled=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-TOOLS
+gpgcheck=1
+
+[zabbix-tools-sources]
+name=Zabbix Official Repository (tools - sources) - $basearch
+baseurl=https://repo.zabbix.com/zabbix-tools/rhel/10/SRPMS/
+enabled=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-TOOLS
+gpgcheck=1

playbooks/packagemanagement/zabbix/include/repos/rpm/CentOS/10/zabbix-unstable.repo

@@ -0,0 +1,20 @@
+[zabbix-unstable]
+name=Zabbix Official Repository (unstable) - $basearch
+baseurl=https://repo.zabbix.com/zabbix/7.2/unstable/centos/10/$basearch/
+enabled=0
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-B5333005
+
+[zabbix-unstable-debuginfo]
+name=Zabbix Official Repository (unstable debuginfo) - $basearch
+baseurl=https://repo.zabbix.com/zabbix/7.2/centos/10/$basearch/debuginfo/
+enabled=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-B5333005
+gpgcheck=1
+
+[zabbix-unstable-sources]
+name=Zabbix Official Repository (unstable - sources) - $basearch
+baseurl=https://repo.zabbix.com/zabbix/7.2/unstable/centos/10/SRPMS/
+enabled=0
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-B5333005

playbooks/packagemanagement/zabbix/include/repos/rpm/CentOS/10/zabbix.repo

@@ -0,0 +1,20 @@
+[zabbix]
+name=Zabbix Official Repository - $basearch
+baseurl=https://repo.zabbix.com/zabbix/7.2/stable/centos/10/$basearch/
+enabled=1
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-B5333005
+
+[zabbix-debuginfo]
+name=Zabbix Official Repository (debuginfo) - $basearch
+baseurl=https://repo.zabbix.com/zabbix/7.2/stable/centos/10/$basearch/debuginfo/
+enabled=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-B5333005
+gpgcheck=1
+
+[zabbix-sources]
+name=Zabbix Official Repository (sources) - $basearch
+baseurl=https://repo.zabbix.com/zabbix/7.2/stable/centos/10/SRPMS/
+enabled=1
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-B5333005

playbooks/packagemanagement/zabbix/include/repos/rpm/CentOS/8/AGPLv3

@@ -0,0 +1,661 @@
+                    GNU AFFERO GENERAL PUBLIC LICENSE
+                       Version 3, 19 November 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The GNU Affero General Public License is a free, copyleft license for
+software and other kinds of works, specifically designed to ensure
+cooperation with the community in the case of network server software.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+our General Public Licenses are intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  Developers that use our General Public Licenses protect your rights
+with two steps: (1) assert copyright on the software, and (2) offer
+you this License which gives you legal permission to copy, distribute
+and/or modify the software.
+
+  A secondary benefit of defending all users' freedom is that
+improvements made in alternate versions of the program, if they
+receive widespread use, become available for other developers to
+incorporate.  Many developers of free software are heartened and
+encouraged by the resulting cooperation.  However, in the case of
+software used on network servers, this result may fail to come about.
+The GNU General Public License permits making a modified version and
+letting the public access it on a server without ever releasing its
+source code to the public.
+
+  The GNU Affero General Public License is designed specifically to
+ensure that, in such cases, the modified source code becomes available
+to the community.  It requires the operator of a network server to
+provide the source code of the modified version running there to the
+users of that server.  Therefore, public use of a modified version, on
+a publicly accessible server, gives the public access to the source
+code of the modified version.
+
+  An older license, called the Affero General Public License and
+published by Affero, was designed to accomplish similar goals.  This is
+a different license, not a version of the Affero GPL, but Affero has
+released a new version of the Affero GPL which permits relicensing under
+this license.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU Affero General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Remote Network Interaction; Use with the GNU General Public License.
+
+  Notwithstanding any other provision of this License, if you modify the
+Program, your modified version must prominently offer all users
+interacting with it remotely through a computer network (if your version
+supports such interaction) an opportunity to receive the Corresponding
+Source of your version by providing access to the Corresponding Source
+from a network server at no charge, through some standard or customary
+means of facilitating copying of software.  This Corresponding Source
+shall include the Corresponding Source for any work covered by version 3
+of the GNU General Public License that is incorporated pursuant to the
+following paragraph.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the work with which it is combined will remain governed by version
+3 of the GNU General Public License.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU Affero General Public License from time to time.  Such new versions
+will be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU Affero General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU Affero General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU Affero General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If your software can interact with users remotely through a computer
+network, you should also make sure that it provides a way for users to
+get its source.  For example, if your program is a web application, its
+interface could display a "Source" link that leads users to an archive
+of the code.  There are many ways you could offer source, and different
+solutions will be better for different programs; see section 13 for the
+specific requirements.
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU AGPL, see
+<https://www.gnu.org/licenses/>.

playbooks/packagemanagement/zabbix/include/repos/rpm/CentOS/8/RPM-GPG-KEY-ZABBIX-B5333005

@@ -0,0 +1,52 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGYwjIcBEADHPOcYeW6xpiMh2ZO6a9OCncCs4IBQa7Ie+omyzJLNldnBMrxO
+jbZXY2brQZWu5GEA6rTrexbfq9w/MaGiV5hAJ/x9oKHHKod79IfYLWsYS+rKTEr4
+OptCGYqmJhdB29m44feut/PjjbjTuD0nwkaaE4Cm90r2aHMj5CcuD0/V823MgOwY
+v5uz1Az9OhMLHB+qO/QDGZOxfmETpfj0J1Sh1afTngXoPgyniBT0BuyAMRlb2js6
+QSpT9AnVxVDMVZwu5Ioy9Jf1Rz8ibP6LTN4Rh+TDFJizzoqJMqfDjN8PculcVZvG
+j3bpweL0txhSykuLN75GPP1DO7rSVljIAChpY1hPtpYBD3F7uL0udpauVhVUY3Vs
+13kxbsDgSr84s+tpRxV9BaQy2pjQY/jyesbFpFCjGHqUZVS1F3huWYBukQn3Em7C
+X3WgzWe1iewPxENCLSGfSEVBcQ28guNvy2INcHHjx+AWOXFfkDKVZtBOH5MVr6hR
+/xJH9S8Pd4wJZ4wvXwwDUBMD0Jju5ELE9/NQty8AeL6tjZomVhO2nFUe3N0lKE2K
+wNLt0N4PqDrCHogQ7knROMR+9KqjFu+ko39TZmCUlVncX3s0v0t9gxIK9zQoX9p6
+ngAr7IM8rGe/BGD7crYsrveWtBA7AY2DX9Z9iQylsXrq8tfGyhMaH3SgLwARAQAB
+tCtaYWJiaXggTExDIChBcHIgMjAyNCkgPHBhY2thZ2VyQHphYmJpeC5jb20+iQJU
+BBMBCgA+FiEETD1vLMdfUUZ1T8N02RMhmrUzMAUFAmYwjIcCGwMFCRLMAwAFCwkI
+BwMFFQoJCAsFFgIDAQACHgECF4AACgkQ2RMhmrUzMAWf/w/+NSQz9LfZo7eNuKpd
+piWsQgI+73sdLXmABp9kNWYrYTghXUe0WkWyLuFRMOh4fxZCtdiwpeEKGEDUgPr7
+gTMH7ay7gD2kCJLCJl1tUCh4ryXJvVMyN9J+x7w742fOdPrVK9/ULad1KAH6zx+J
+Ym/Qt5JfYMhjeCIBKpappGMVCFb3sEJUT4e7ggqt9uUgbjlpQtYhZg65vaX9C7qZ
+EXxaWEfBkBNiHEeImuv6wjp1rM4cNMQW7lnfnvlo1MmkmDzQjCFA5g41DvK1YQcE
+HWDW6Zp30SGQqthEHNOPHezNCxD1vMxfUCUawSZP5ajuK6o/CGM9L5rjvcCnpe+6
+JVCX93KkPB0VqgfzzHB7OQsWQ8csRkjsW0v+5PkXbRRkf98YzaYDqVa1AvGv5YOv
+alEPlqvQ6Xnm/6xV9gIr49Kgkf+VFvigbvwKfiH0hseWZN5ykswFoZ4mvYCJO6m4
+ouU4sSW8AM/LxHHvlAZdO9h8O961nh5fs8AIl4EJb+4kClnYFGaguCKZyAu1V7bJ
+vDZ0OlaRtnh2cEPBd9W0CoPZaEHYcUDFmMIlxab1oGgDqIN4SJoCTnJLJ4BloQFs
+9rIpAMcXxA3lqNnBjbolXqUTJq9WIpe6q/r38ADh0M5najksbwZWU0WZ+j2DJmgV
+otW7wuTabGL9k3lnyNRwlK4OkRe5Ag0EZjCMhwEQAL1RylY+ljV/Ma9rAcZxwT08
+/emKEE4VMeDlJbzEWeMNjx8IpeVI3JlADkolbggcBEELZiwRRAJrJaYcBDNq0ZmE
+BG5ffJin12iIU6f0GFg4x4elcPi9diP/1foz6k93eWYMpAj17B1YTM9ZgKKIJmuf
+8GDsMTb/AgHcGC+gkduZGakUcHv538o+ub8/021HPqmYcF/HVaENv0LJd3yxLB6/
+mhSCT9axuX6NDQxVxzXKz+PAnz1uYyz7yZB4YXROHNwnvOGPYbljIGQPTIgjrCNP
+26ySH9t6JYxWY7bXJKGepSnk0QeGHiM0p6TC9n3BS6RkmKUt0c6cXbW+BCc8QHOj
+jzPOxjbvpmbZtVo56ZQYm/DWuj0lg+/pYKSReX5YJ8gnvhRoNM/fLeWsIGMZJaM9
+DygVTU0/0r7rxYbXoDqHMhsdMvjmrSAD3pDcPDci6WyeaLcvphvfZR4uyKtz1FS0
+GU+B0ly1gwItDca2En01AbrYX3eLnSw6ZwegBy42gnzAooFmGrfQUuskr+j5hxzs
+BBCTtU6zEBGIMAVs1pNCnUVEleD/2E2U4Uzqi/XQv95b3msqP3tNkWrp1Em12Wls
+2bIe47+uOpfcxzsAADLTu5avJT0YcJ3u1lBB6rIBcFL6kmkqD1u2pgFZw5Otdo4h
+/8gxK3CZ/g81yCsBOcNZABEBAAGJAjwEGAEKACYWIQRMPW8sx19RRnVPw3TZEyGa
+tTMwBQUCZjCMhwIbDAUJEswDAAAKCRDZEyGatTMwBeZUEACOatbYmCCIdcqF05id
+GsoPRqXEQHj8cY3NmzD4nlATJPHLN8+p6TH1mDInnBFfDp6Ll1u8PHnvGccVDUl+
+aJCDCOcscqaKNaIbAi39OFLyED/j1t2g0VH9M0F41ZOofQN/Tf4SaR3ziY4j4hn+
+pWpzqcdQ4zCSA+c95NijkeSgGFdT8OzCbWrmvKHdoeaescRMJg3Zmi3Aegqaaxe8
+MMmixmGYk7jz35G0oBABCEcWTeqFXpQIG91AN5F0qe+tgQgwEr2N8YvIdRUb0e1c
+Yc7Ly7pNHgH7wd0L2SND2pamXrZ6+kbUVVg46aa6XKvx36Fa2R0n6Var+Dcb9Rsr
+mLq69/n2C18QLKwMnVSJfetPzQhAOnJ85Q2alRIyrMa7wq7+5NLcNBTGRRm4WYut
+mzRvmmMmt0r+LOaV1fUdtfUVyIDrAb7rdqGW4eGbWTSLOcSgX7czThne7/v3zuSP
+N0nc8yosGQp2aT8XCuzWqGQQ10NxUKP374jdetWgFI/8fH5zVx67TrViJ0FnK2Ug
+CTtaHKt7jwwkMs6Y0kCCi/xysw+6UlDmBvzM5TVcWSO/lDUotFccn7IC782ghT03
+pY9AfSJCu2NB44LODaLg9jyXbv2MPq8ZsWRqxxmmCUinmQMV6rI/nWPZpgEpKId7
+RF/42ix6CdCLj9WuDJRHAPA6nA==
+=iQwh
+-----END PGP PUBLIC KEY BLOCK-----

playbooks/packagemanagement/zabbix/include/repos/rpm/CentOS/8/RPM-GPG-KEY-ZABBIX-TOOLS

@@ -0,0 +1,51 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGYY5NABEADivJt9rUIiZJgcF0SXTdPldjjir+BWnbqroAR582BmSbhEnIvq
+ZQS5M+wpyS1a4V3hV1qy0zi96qekNFFIy8GNCJ8bevU/NZVjH1RtI58UT4NRAahW
+2MaypPUlvwEzzWwxA8yHzmLaKsiqflZJR7wMHfx2hMKw41Q58VcWgadWjOtl8oyU
+e5Z/nMSabDssPUuFv9EB+OVzNanJGbpSnxfKBB0sCs8mx2uWnOnK0crFRtaTM2Ym
+F1/UJzLIWxYmV9Y2hUyHosTdtbXk6BA2iQq4DrpQ0Xba9NL2d6nRj6KNDfA+n8PP
+Z1R5u7+iujXs2a7yb024Ge9uCX+6G9i250kDobG37CpdXRCgfc6TThkGbWmYSRnZ
+TtbqBLLgq4cIMXURy1uvEiQWzdHxTOOinYe4khV7USEjPbC6X42vCt3cAnZAYChx
+Dx+/5d1IaLNoc/odosp2XCIcCpOhcq6vj+MTByiShHlF9nUQhsJHfdHLNLEFA/NR
+eierO/g1AbqVfnQOS/o1vpZ4eOzedQMgLK6udu9r/7hicflewduuTKe8DBPUQ7le
+qk4EvmEPtpT8h/m6SNu8agxrY+DcOmQP52apDCEXxk8C56bO082WH7W3PlMEcvDJ
+ASROgryz4JaDL3j17NwOIiYpAVheb2xhZW/mFUxNDPW6gkdFOC+OhfHrHwARAQAB
+tCJaYWJiaXggVG9vbHMgPHBhY2thZ2VyQHphYmJpeC5jb20+iQJOBBMBCgA4FiEE
+hBYsOfAAdQ3a64FjBaf67CJ2GNgFAmYY5NACGwMFCwkIBwMFFQoJCAsFFgIDAQAC
+HgECF4AACgkQBaf67CJ2GNiLVA//cJc20e+RisuAhMR4URA8LSyD70msEQV2E/a4
+NOZcBExFc5nj3VycOpKJtnfZyeCJFnZt62v28PB8ldx7dGK86RmFIWZMe3sYmSA8
+qtG5DI9RHbgoSYkFJ97bAdgcSqTSwM++qL+z/khSMtXGA1NlQAsD/0+2a/H5C+qt
+HCxoXkxBuBNsNifKjI1C7X2nXa509CAz13UhVbkaWG+Ld8EUBeiJASSLhtnHkBKS
+JfCRvT2/sya04l4kwJ6Wx5beAPegPPWoi5X7ux0alToJlf3PXnf3etrmGeb/UguB
+CjIv5TG5DMpxCKv/KeGawu7lgMV+Ih+bkBASEjfNMWNUSY7OtiTbv/3RWVSE16DZ
+Cnl6KkG+ouJiuu2UzAgQUWen1BpFkVhjpwE0wD1q866808yuOeViNZEK/h0CEr0e
+yYElGyxj6V0ub81IBdqOjIV9S3+zSLPvaoGxIjGOUlU+sZ/sQa98EWUeo9tlPrp+
+0F17hnc9G7XnzB0F6b//YFCOJQo3lAa6I049lRe/42LreCgLAL60kmamhnd7jgSm
+wOApZrrX8usRqLGpv8LPeCc0fWbZdBinNUjTY0H51XVQzsLBSRsGktY5bWkub/oY
+8mIQpYkDCan7WSqU/7ioXr67jA47Q2Hl9/lUhb+CG7ZF6hNTemu65EVyKYH4O3bJ
+QMAyNre5Ag0EZhjk0AEQANQ5nOt+0d/kWeiknANEwNJGzxdoIQA6LfD3OkMeZ/os
+2BV8iZaeltfIClXuiIzN9EmV//D7bclngSMqghyELlj5WtcA07UUNdE7EXKZ4cwg
+4Isal04bclYejs9BLF1TUmQGDXOI6909qRSygGoANS3a5LA8Jz4ObFwnnxqJveEu
+ugVO4FfySYW43fu86zzl5UFcGEsfepFdlHkKgXcmVF+fxrQ1ekROnG1GdKyv7iST
+r9H2Vn2AGQrF0Wx+kYyj/iYTQCAmAgSJwDlEZ5Jh4ZCiFi14w4B3b9ddM82DoJsA
++ABC7NdJ2uKiZ+feEgTEiEmaSbBrg+2AWc0LSqMbb3s9hlXtJMpjyHzS+SKH4TCQ
+fFNp/5mE9PLfLGn+nnGVrdVeeEi5pt7gufLsstdTtKmdTtZ2AdE+9iefZpY8XxZN
+UcEbgoJRq/IKwbEwh7dVim0yRYmzv/WKgJEoSHyCyEnPJGc2BS5bKD9s1GpdgEwk
+HB1U/+vvaHHaaqEQIKr0hRp2Us5TNUXOPmzw2CkCAvirZehaP7I8Ka8AlC1eL93u
+aqjcJSVdd/XQhIYiCZnNJv+lfh53MHcojgVWIirCNEAzSekVGq59t5otewVPTFxk
+75ojtc9pR2n54a4kPetjB35YPJ+cixCzZPGGDK6vIlJp/lJfHyc0VLROMq5JB/77
+ABEBAAGJAjYEGAEKACAWIQSEFiw58AB1DdrrgWMFp/rsInYY2AUCZhjk0AIbDAAK
+CRAFp/rsInYY2AFdD/9iBBEthRdkVZQwll+T706ptXWEJ+n6TlBFUhE/oWZYwwCY
+5xocHW9Na6mU1pvL753S7an2cnhpe7W/RS236cahlQFFhUm3UDqa77WADcxgjuxG
+s2mzoOyPSwffXs7+FoaMzWkVaQkIqcpFnUK8Xn68xXRgFXhGLbirYnPBwkfnGi5W
+0pqBcfD0fjQ50Ta1HAjFq7fGi1jtv80i+qrY/RUtJB6Jto6714DRjbEpftKxhmXg
+mXN2UcaiEGmpDl+upI8gvn1Au9E/CYsomlQD1re95nWTWllG12Al8R1aW3PCpPpu
+/pfT9qB74yJ/fBufHsQe8ccYwZVpVtB+afbKVLw8gw//bNKofqLhjveGSs1DI6Ua
+ReWo1iaDqvUcFHS3Q9NAHwTj3864kBOymCGTCMmciZGGWJaRbmXOiln1uvrPBoIF
+KFd0kDjsFHdshFXGq5qfxn2l1aCL+bAcKxUPR8uzqkT0iGWF1zAZW2Ubm55MhXYd
+ncc5WbM2cn8o/gsp7Urcrf0jIzldifbxSIU00tojhQle6QwqVT5jmkOTEEcjTx/O
+vIT3jv1xr+xHAl96FLu2TDz6WOB7pT0ezmsIzIeN8SvUadNYupPoYaNuuhkSX9D7
+qcb1baJObbPKIDCocEwLQpuMFLTeeCrSxW4F8GETTW8LNecSnG6dxfW3AqqgYQ==
+=Ey2D
+-----END PGP PUBLIC KEY BLOCK-----

playbooks/packagemanagement/zabbix/include/repos/rpm/CentOS/8/zabbix-release.repo

@@ -0,0 +1,6 @@
+[zabbix-release]
+name=Zabbix Official Repository (release packages) - noarch
+baseurl=https://repo.zabbix.com/zabbix/7.2/release/centos/8/noarch/
+enabled=1
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-B5333005

playbooks/packagemanagement/zabbix/include/repos/rpm/CentOS/8/zabbix-third-party.repo

@@ -0,0 +1,6 @@
+[zabbix-third-party]
+name=Zabbix Official Repository (third-party) - $basearch
+baseurl=https://repo.zabbix.com/third-party/2024-10/centos/8/$basearch/
+enabled=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-B5333005
+gpgcheck=1

playbooks/packagemanagement/zabbix/include/repos/rpm/CentOS/8/zabbix-tools.repo

@@ -0,0 +1,13 @@
+[zabbix-tools]
+name=Zabbix Official Repository (tools) - $basearch
+baseurl=https://repo.zabbix.com/zabbix-tools/rhel/8/$basearch/
+enabled=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-TOOLS
+gpgcheck=1
+
+[zabbix-tools-sources]
+name=Zabbix Official Repository (tools - sources) - $basearch
+baseurl=https://repo.zabbix.com/zabbix-tools/rhel/8/SRPMS/
+enabled=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-TOOLS
+gpgcheck=1

playbooks/packagemanagement/zabbix/include/repos/rpm/CentOS/8/zabbix-unstable.repo

@@ -0,0 +1,20 @@
+[zabbix-unstable]
+name=Zabbix Official Repository (unstable) - $basearch
+baseurl=https://repo.zabbix.com/zabbix/7.2/unstable/centos/8/$basearch/
+enabled=0
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-B5333005
+
+[zabbix-unstable-debuginfo]
+name=Zabbix Official Repository (unstable debuginfo) - $basearch
+baseurl=https://repo.zabbix.com/zabbix/7.2/centos/8/$basearch/debuginfo/
+enabled=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-B5333005
+gpgcheck=1
+
+[zabbix-unstable-sources]
+name=Zabbix Official Repository (unstable - sources) - $basearch
+baseurl=https://repo.zabbix.com/zabbix/7.2/unstable/centos/8/SRPMS/
+enabled=0
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-B5333005

playbooks/packagemanagement/zabbix/include/repos/rpm/CentOS/8/zabbix.repo

@@ -0,0 +1,20 @@
+[zabbix]
+name=Zabbix Official Repository - $basearch
+baseurl=https://repo.zabbix.com/zabbix/7.2/stable/centos/8/$basearch/
+enabled=1
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-B5333005
+
+[zabbix-debuginfo]
+name=Zabbix Official Repository (debuginfo) - $basearch
+baseurl=https://repo.zabbix.com/zabbix/7.2/stable/centos/8/$basearch/debuginfo/
+enabled=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-B5333005
+gpgcheck=1
+
+[zabbix-sources]
+name=Zabbix Official Repository (sources) - $basearch
+baseurl=https://repo.zabbix.com/zabbix/7.2/stable/centos/8/SRPMS/
+enabled=1
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-B5333005

playbooks/packagemanagement/zabbix/include/repos/rpm/CentOS/9/zabbix-release.repo

@@ -0,0 +1,6 @@
+[zabbix-release]
+name=Zabbix Official Repository (release packages) - noarch
+baseurl=https://repo.zabbix.com/zabbix/7.2/release/centos/9/noarch/
+enabled=1
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-B5333005

playbooks/packagemanagement/zabbix/include/repos/rpm/CentOS/9/zabbix-third-party.repo

@@ -0,0 +1,6 @@
+[zabbix-third-party]
+name=Zabbix Official Repository (third-party) - $basearch
+baseurl=https://repo.zabbix.com/third-party/2024-10/centos/9/$basearch/
+enabled=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-B5333005
+gpgcheck=1

playbooks/packagemanagement/zabbix/include/repos/rpm/CentOS/9/zabbix-tools.repo

@@ -0,0 +1,13 @@
+[zabbix-tools]
+name=Zabbix Official Repository (tools) - $basearch
+baseurl=https://repo.zabbix.com/zabbix-tools/rhel/9/$basearch/
+enabled=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-TOOLS
+gpgcheck=1
+
+[zabbix-tools-sources]
+name=Zabbix Official Repository (tools - sources) - $basearch
+baseurl=https://repo.zabbix.com/zabbix-tools/rhel/9/SRPMS/
+enabled=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-TOOLS
+gpgcheck=1

playbooks/packagemanagement/zabbix/include/repos/rpm/CentOS/9/zabbix-unstable.repo

@@ -0,0 +1,20 @@
+[zabbix-unstable]
+name=Zabbix Official Repository (unstable) - $basearch
+baseurl=https://repo.zabbix.com/zabbix/7.2/unstable/centos/9/$basearch/
+enabled=0
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-B5333005
+
+[zabbix-unstable-debuginfo]
+name=Zabbix Official Repository (unstable debuginfo) - $basearch
+baseurl=https://repo.zabbix.com/zabbix/7.2/centos/9/$basearch/debuginfo/
+enabled=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-B5333005
+gpgcheck=1
+
+[zabbix-unstable-sources]
+name=Zabbix Official Repository (unstable - sources) - $basearch
+baseurl=https://repo.zabbix.com/zabbix/7.2/unstable/centos/9/SRPMS/
+enabled=0
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-B5333005

playbooks/packagemanagement/zabbix/include/repos/rpm/CentOS/9/zabbix.repo

@@ -0,0 +1,20 @@
+[zabbix]
+name=Zabbix Official Repository - $basearch
+baseurl=https://repo.zabbix.com/zabbix/7.2/stable/centos/9/$basearch/
+enabled=1
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-B5333005
+
+[zabbix-debuginfo]
+name=Zabbix Official Repository (debuginfo) - $basearch
+baseurl=https://repo.zabbix.com/zabbix/7.2/stable/centos/9/$basearch/debuginfo/
+enabled=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-B5333005
+gpgcheck=1
+
+[zabbix-sources]
+name=Zabbix Official Repository (sources) - $basearch
+baseurl=https://repo.zabbix.com/zabbix/7.2/stable/centos/9/SRPMS/
+enabled=1
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-B5333005

playbooks/packagemanagement/zabbix/include/repos/rpm/Rocky/8/AGPLv3

@@ -0,0 +1,661 @@
+                    GNU AFFERO GENERAL PUBLIC LICENSE
+                       Version 3, 19 November 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The GNU Affero General Public License is a free, copyleft license for
+software and other kinds of works, specifically designed to ensure
+cooperation with the community in the case of network server software.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+our General Public Licenses are intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  Developers that use our General Public Licenses protect your rights
+with two steps: (1) assert copyright on the software, and (2) offer
+you this License which gives you legal permission to copy, distribute
+and/or modify the software.
+
+  A secondary benefit of defending all users' freedom is that
+improvements made in alternate versions of the program, if they
+receive widespread use, become available for other developers to
+incorporate.  Many developers of free software are heartened and
+encouraged by the resulting cooperation.  However, in the case of
+software used on network servers, this result may fail to come about.
+The GNU General Public License permits making a modified version and
+letting the public access it on a server without ever releasing its
+source code to the public.
+
+  The GNU Affero General Public License is designed specifically to
+ensure that, in such cases, the modified source code becomes available
+to the community.  It requires the operator of a network server to
+provide the source code of the modified version running there to the
+users of that server.  Therefore, public use of a modified version, on
+a publicly accessible server, gives the public access to the source
+code of the modified version.
+
+  An older license, called the Affero General Public License and
+published by Affero, was designed to accomplish similar goals.  This is
+a different license, not a version of the Affero GPL, but Affero has
+released a new version of the Affero GPL which permits relicensing under
+this license.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU Affero General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Remote Network Interaction; Use with the GNU General Public License.
+
+  Notwithstanding any other provision of this License, if you modify the
+Program, your modified version must prominently offer all users
+interacting with it remotely through a computer network (if your version
+supports such interaction) an opportunity to receive the Corresponding
+Source of your version by providing access to the Corresponding Source
+from a network server at no charge, through some standard or customary
+means of facilitating copying of software.  This Corresponding Source
+shall include the Corresponding Source for any work covered by version 3
+of the GNU General Public License that is incorporated pursuant to the
+following paragraph.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the work with which it is combined will remain governed by version
+3 of the GNU General Public License.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU Affero General Public License from time to time.  Such new versions
+will be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU Affero General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU Affero General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU Affero General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If your software can interact with users remotely through a computer
+network, you should also make sure that it provides a way for users to
+get its source.  For example, if your program is a web application, its
+interface could display a "Source" link that leads users to an archive
+of the code.  There are many ways you could offer source, and different
+solutions will be better for different programs; see section 13 for the
+specific requirements.
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU AGPL, see
+<https://www.gnu.org/licenses/>.

playbooks/packagemanagement/zabbix/include/repos/rpm/Rocky/8/RPM-GPG-KEY-ZABBIX-B5333005

@@ -0,0 +1,52 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGYwjIcBEADHPOcYeW6xpiMh2ZO6a9OCncCs4IBQa7Ie+omyzJLNldnBMrxO
+jbZXY2brQZWu5GEA6rTrexbfq9w/MaGiV5hAJ/x9oKHHKod79IfYLWsYS+rKTEr4
+OptCGYqmJhdB29m44feut/PjjbjTuD0nwkaaE4Cm90r2aHMj5CcuD0/V823MgOwY
+v5uz1Az9OhMLHB+qO/QDGZOxfmETpfj0J1Sh1afTngXoPgyniBT0BuyAMRlb2js6
+QSpT9AnVxVDMVZwu5Ioy9Jf1Rz8ibP6LTN4Rh+TDFJizzoqJMqfDjN8PculcVZvG
+j3bpweL0txhSykuLN75GPP1DO7rSVljIAChpY1hPtpYBD3F7uL0udpauVhVUY3Vs
+13kxbsDgSr84s+tpRxV9BaQy2pjQY/jyesbFpFCjGHqUZVS1F3huWYBukQn3Em7C
+X3WgzWe1iewPxENCLSGfSEVBcQ28guNvy2INcHHjx+AWOXFfkDKVZtBOH5MVr6hR
+/xJH9S8Pd4wJZ4wvXwwDUBMD0Jju5ELE9/NQty8AeL6tjZomVhO2nFUe3N0lKE2K
+wNLt0N4PqDrCHogQ7knROMR+9KqjFu+ko39TZmCUlVncX3s0v0t9gxIK9zQoX9p6
+ngAr7IM8rGe/BGD7crYsrveWtBA7AY2DX9Z9iQylsXrq8tfGyhMaH3SgLwARAQAB
+tCtaYWJiaXggTExDIChBcHIgMjAyNCkgPHBhY2thZ2VyQHphYmJpeC5jb20+iQJU
+BBMBCgA+FiEETD1vLMdfUUZ1T8N02RMhmrUzMAUFAmYwjIcCGwMFCRLMAwAFCwkI
+BwMFFQoJCAsFFgIDAQACHgECF4AACgkQ2RMhmrUzMAWf/w/+NSQz9LfZo7eNuKpd
+piWsQgI+73sdLXmABp9kNWYrYTghXUe0WkWyLuFRMOh4fxZCtdiwpeEKGEDUgPr7
+gTMH7ay7gD2kCJLCJl1tUCh4ryXJvVMyN9J+x7w742fOdPrVK9/ULad1KAH6zx+J
+Ym/Qt5JfYMhjeCIBKpappGMVCFb3sEJUT4e7ggqt9uUgbjlpQtYhZg65vaX9C7qZ
+EXxaWEfBkBNiHEeImuv6wjp1rM4cNMQW7lnfnvlo1MmkmDzQjCFA5g41DvK1YQcE
+HWDW6Zp30SGQqthEHNOPHezNCxD1vMxfUCUawSZP5ajuK6o/CGM9L5rjvcCnpe+6
+JVCX93KkPB0VqgfzzHB7OQsWQ8csRkjsW0v+5PkXbRRkf98YzaYDqVa1AvGv5YOv
+alEPlqvQ6Xnm/6xV9gIr49Kgkf+VFvigbvwKfiH0hseWZN5ykswFoZ4mvYCJO6m4
+ouU4sSW8AM/LxHHvlAZdO9h8O961nh5fs8AIl4EJb+4kClnYFGaguCKZyAu1V7bJ
+vDZ0OlaRtnh2cEPBd9W0CoPZaEHYcUDFmMIlxab1oGgDqIN4SJoCTnJLJ4BloQFs
+9rIpAMcXxA3lqNnBjbolXqUTJq9WIpe6q/r38ADh0M5najksbwZWU0WZ+j2DJmgV
+otW7wuTabGL9k3lnyNRwlK4OkRe5Ag0EZjCMhwEQAL1RylY+ljV/Ma9rAcZxwT08
+/emKEE4VMeDlJbzEWeMNjx8IpeVI3JlADkolbggcBEELZiwRRAJrJaYcBDNq0ZmE
+BG5ffJin12iIU6f0GFg4x4elcPi9diP/1foz6k93eWYMpAj17B1YTM9ZgKKIJmuf
+8GDsMTb/AgHcGC+gkduZGakUcHv538o+ub8/021HPqmYcF/HVaENv0LJd3yxLB6/
+mhSCT9axuX6NDQxVxzXKz+PAnz1uYyz7yZB4YXROHNwnvOGPYbljIGQPTIgjrCNP
+26ySH9t6JYxWY7bXJKGepSnk0QeGHiM0p6TC9n3BS6RkmKUt0c6cXbW+BCc8QHOj
+jzPOxjbvpmbZtVo56ZQYm/DWuj0lg+/pYKSReX5YJ8gnvhRoNM/fLeWsIGMZJaM9
+DygVTU0/0r7rxYbXoDqHMhsdMvjmrSAD3pDcPDci6WyeaLcvphvfZR4uyKtz1FS0
+GU+B0ly1gwItDca2En01AbrYX3eLnSw6ZwegBy42gnzAooFmGrfQUuskr+j5hxzs
+BBCTtU6zEBGIMAVs1pNCnUVEleD/2E2U4Uzqi/XQv95b3msqP3tNkWrp1Em12Wls
+2bIe47+uOpfcxzsAADLTu5avJT0YcJ3u1lBB6rIBcFL6kmkqD1u2pgFZw5Otdo4h
+/8gxK3CZ/g81yCsBOcNZABEBAAGJAjwEGAEKACYWIQRMPW8sx19RRnVPw3TZEyGa
+tTMwBQUCZjCMhwIbDAUJEswDAAAKCRDZEyGatTMwBeZUEACOatbYmCCIdcqF05id
+GsoPRqXEQHj8cY3NmzD4nlATJPHLN8+p6TH1mDInnBFfDp6Ll1u8PHnvGccVDUl+
+aJCDCOcscqaKNaIbAi39OFLyED/j1t2g0VH9M0F41ZOofQN/Tf4SaR3ziY4j4hn+
+pWpzqcdQ4zCSA+c95NijkeSgGFdT8OzCbWrmvKHdoeaescRMJg3Zmi3Aegqaaxe8
+MMmixmGYk7jz35G0oBABCEcWTeqFXpQIG91AN5F0qe+tgQgwEr2N8YvIdRUb0e1c
+Yc7Ly7pNHgH7wd0L2SND2pamXrZ6+kbUVVg46aa6XKvx36Fa2R0n6Var+Dcb9Rsr
+mLq69/n2C18QLKwMnVSJfetPzQhAOnJ85Q2alRIyrMa7wq7+5NLcNBTGRRm4WYut
+mzRvmmMmt0r+LOaV1fUdtfUVyIDrAb7rdqGW4eGbWTSLOcSgX7czThne7/v3zuSP
+N0nc8yosGQp2aT8XCuzWqGQQ10NxUKP374jdetWgFI/8fH5zVx67TrViJ0FnK2Ug
+CTtaHKt7jwwkMs6Y0kCCi/xysw+6UlDmBvzM5TVcWSO/lDUotFccn7IC782ghT03
+pY9AfSJCu2NB44LODaLg9jyXbv2MPq8ZsWRqxxmmCUinmQMV6rI/nWPZpgEpKId7
+RF/42ix6CdCLj9WuDJRHAPA6nA==
+=iQwh
+-----END PGP PUBLIC KEY BLOCK-----

playbooks/packagemanagement/zabbix/include/repos/rpm/Rocky/8/RPM-GPG-KEY-ZABBIX-TOOLS

@@ -0,0 +1,51 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGYY5NABEADivJt9rUIiZJgcF0SXTdPldjjir+BWnbqroAR582BmSbhEnIvq
+ZQS5M+wpyS1a4V3hV1qy0zi96qekNFFIy8GNCJ8bevU/NZVjH1RtI58UT4NRAahW
+2MaypPUlvwEzzWwxA8yHzmLaKsiqflZJR7wMHfx2hMKw41Q58VcWgadWjOtl8oyU
+e5Z/nMSabDssPUuFv9EB+OVzNanJGbpSnxfKBB0sCs8mx2uWnOnK0crFRtaTM2Ym
+F1/UJzLIWxYmV9Y2hUyHosTdtbXk6BA2iQq4DrpQ0Xba9NL2d6nRj6KNDfA+n8PP
+Z1R5u7+iujXs2a7yb024Ge9uCX+6G9i250kDobG37CpdXRCgfc6TThkGbWmYSRnZ
+TtbqBLLgq4cIMXURy1uvEiQWzdHxTOOinYe4khV7USEjPbC6X42vCt3cAnZAYChx
+Dx+/5d1IaLNoc/odosp2XCIcCpOhcq6vj+MTByiShHlF9nUQhsJHfdHLNLEFA/NR
+eierO/g1AbqVfnQOS/o1vpZ4eOzedQMgLK6udu9r/7hicflewduuTKe8DBPUQ7le
+qk4EvmEPtpT8h/m6SNu8agxrY+DcOmQP52apDCEXxk8C56bO082WH7W3PlMEcvDJ
+ASROgryz4JaDL3j17NwOIiYpAVheb2xhZW/mFUxNDPW6gkdFOC+OhfHrHwARAQAB
+tCJaYWJiaXggVG9vbHMgPHBhY2thZ2VyQHphYmJpeC5jb20+iQJOBBMBCgA4FiEE
+hBYsOfAAdQ3a64FjBaf67CJ2GNgFAmYY5NACGwMFCwkIBwMFFQoJCAsFFgIDAQAC
+HgECF4AACgkQBaf67CJ2GNiLVA//cJc20e+RisuAhMR4URA8LSyD70msEQV2E/a4
+NOZcBExFc5nj3VycOpKJtnfZyeCJFnZt62v28PB8ldx7dGK86RmFIWZMe3sYmSA8
+qtG5DI9RHbgoSYkFJ97bAdgcSqTSwM++qL+z/khSMtXGA1NlQAsD/0+2a/H5C+qt
+HCxoXkxBuBNsNifKjI1C7X2nXa509CAz13UhVbkaWG+Ld8EUBeiJASSLhtnHkBKS
+JfCRvT2/sya04l4kwJ6Wx5beAPegPPWoi5X7ux0alToJlf3PXnf3etrmGeb/UguB
+CjIv5TG5DMpxCKv/KeGawu7lgMV+Ih+bkBASEjfNMWNUSY7OtiTbv/3RWVSE16DZ
+Cnl6KkG+ouJiuu2UzAgQUWen1BpFkVhjpwE0wD1q866808yuOeViNZEK/h0CEr0e
+yYElGyxj6V0ub81IBdqOjIV9S3+zSLPvaoGxIjGOUlU+sZ/sQa98EWUeo9tlPrp+
+0F17hnc9G7XnzB0F6b//YFCOJQo3lAa6I049lRe/42LreCgLAL60kmamhnd7jgSm
+wOApZrrX8usRqLGpv8LPeCc0fWbZdBinNUjTY0H51XVQzsLBSRsGktY5bWkub/oY
+8mIQpYkDCan7WSqU/7ioXr67jA47Q2Hl9/lUhb+CG7ZF6hNTemu65EVyKYH4O3bJ
+QMAyNre5Ag0EZhjk0AEQANQ5nOt+0d/kWeiknANEwNJGzxdoIQA6LfD3OkMeZ/os
+2BV8iZaeltfIClXuiIzN9EmV//D7bclngSMqghyELlj5WtcA07UUNdE7EXKZ4cwg
+4Isal04bclYejs9BLF1TUmQGDXOI6909qRSygGoANS3a5LA8Jz4ObFwnnxqJveEu
+ugVO4FfySYW43fu86zzl5UFcGEsfepFdlHkKgXcmVF+fxrQ1ekROnG1GdKyv7iST
+r9H2Vn2AGQrF0Wx+kYyj/iYTQCAmAgSJwDlEZ5Jh4ZCiFi14w4B3b9ddM82DoJsA
++ABC7NdJ2uKiZ+feEgTEiEmaSbBrg+2AWc0LSqMbb3s9hlXtJMpjyHzS+SKH4TCQ
+fFNp/5mE9PLfLGn+nnGVrdVeeEi5pt7gufLsstdTtKmdTtZ2AdE+9iefZpY8XxZN
+UcEbgoJRq/IKwbEwh7dVim0yRYmzv/WKgJEoSHyCyEnPJGc2BS5bKD9s1GpdgEwk
+HB1U/+vvaHHaaqEQIKr0hRp2Us5TNUXOPmzw2CkCAvirZehaP7I8Ka8AlC1eL93u
+aqjcJSVdd/XQhIYiCZnNJv+lfh53MHcojgVWIirCNEAzSekVGq59t5otewVPTFxk
+75ojtc9pR2n54a4kPetjB35YPJ+cixCzZPGGDK6vIlJp/lJfHyc0VLROMq5JB/77
+ABEBAAGJAjYEGAEKACAWIQSEFiw58AB1DdrrgWMFp/rsInYY2AUCZhjk0AIbDAAK
+CRAFp/rsInYY2AFdD/9iBBEthRdkVZQwll+T706ptXWEJ+n6TlBFUhE/oWZYwwCY
+5xocHW9Na6mU1pvL753S7an2cnhpe7W/RS236cahlQFFhUm3UDqa77WADcxgjuxG
+s2mzoOyPSwffXs7+FoaMzWkVaQkIqcpFnUK8Xn68xXRgFXhGLbirYnPBwkfnGi5W
+0pqBcfD0fjQ50Ta1HAjFq7fGi1jtv80i+qrY/RUtJB6Jto6714DRjbEpftKxhmXg
+mXN2UcaiEGmpDl+upI8gvn1Au9E/CYsomlQD1re95nWTWllG12Al8R1aW3PCpPpu
+/pfT9qB74yJ/fBufHsQe8ccYwZVpVtB+afbKVLw8gw//bNKofqLhjveGSs1DI6Ua
+ReWo1iaDqvUcFHS3Q9NAHwTj3864kBOymCGTCMmciZGGWJaRbmXOiln1uvrPBoIF
+KFd0kDjsFHdshFXGq5qfxn2l1aCL+bAcKxUPR8uzqkT0iGWF1zAZW2Ubm55MhXYd
+ncc5WbM2cn8o/gsp7Urcrf0jIzldifbxSIU00tojhQle6QwqVT5jmkOTEEcjTx/O
+vIT3jv1xr+xHAl96FLu2TDz6WOB7pT0ezmsIzIeN8SvUadNYupPoYaNuuhkSX9D7
+qcb1baJObbPKIDCocEwLQpuMFLTeeCrSxW4F8GETTW8LNecSnG6dxfW3AqqgYQ==
+=Ey2D
+-----END PGP PUBLIC KEY BLOCK-----

playbooks/packagemanagement/zabbix/include/repos/rpm/Rocky/8/zabbix-release-latest-7.2.el8.noarch.rpm

@@ -0,0 +1 @@
+

playbooks/packagemanagement/zabbix/include/repos/rpm/Rocky/8/zabbix-release.repo

@@ -0,0 +1,6 @@
+[zabbix-release]
+name=Zabbix Official Repository (release packages) - noarch
+baseurl=https://repo.zabbix.com/zabbix/7.2/release/rocky/8/noarch/
+enabled=1
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-B5333005