From 57f08843e132fc0bf74f5b002c4078a0baaf280b Mon Sep 17 00:00:00 2001
From: Bruno Tavares <connect+github@bltavares.com>
Date: Sun, 20 Aug 2023 17:41:53 -0300
Subject: [PATCH] Run dos2unix on the repository to fix CRLF line endings

---
 docs/TODO.md                                  |  24 +-
 docs/mediacenter.md                           | 500 +++++++++---------
 docs/secrets.md                               |  14 +-
 kickstart/files/godns.service                 |  22 +-
 kickstart/files/godns6.service                |  22 +-
 kickstart/files/nomad/archiver.hcl            |  28 +-
 kickstart/files/nomad/citadel.hcl             |   4 +-
 nomad/ingress/ssb.toml.tpl                    |  28 +-
 secrets/oracle/private.pem                    | Bin 1756 -> 1729 bytes
 terraform/modules/dns/main.tf                 |  42 +-
 terraform/modules/dns/variables.tf            |  30 +-
 terraform/modules/network_member/main.tf      |  44 +-
 terraform/modules/network_member/outputs.tf   |   6 +-
 terraform/modules/network_member/variables.tf |  30 +-
 terraform/stage/certificates/archiver.tf      |  50 +-
 terraform/stage/certificates/lab.tf           |  60 +--
 terraform/stage/certificates/main.tf          |  60 +--
 terraform/stage/certificates/terragrunt.hcl   |  12 +-
 terraform/stage/certificates/variables.tf     |  22 +-
 .../network-members/archiver/terragrunt.hcl   |  14 +-
 .../network-members/archiver/web-proxy.tf     |  16 +-
 .../network-members/citadel/terragrunt.hcl    |  14 +-
 .../network-members/controller/terragrunt.hcl |  14 +-
 .../network-members/libreelec/terragrunt.hcl  |  14 +-
 .../network-members/minecraft/terragrunt.hcl  |  14 +-
 .../stage/network-members/omv/terragrunt.hcl  |  14 +-
 .../stage/network-members/p1/terragrunt.hcl   |  14 +-
 .../stage/network-members/p2/terragrunt.hcl   |  14 +-
 .../stage/network-members/p3/terragrunt.hcl   |  14 +-
 .../stage/network-members/p4/terragrunt.hcl   |  14 +-
 .../network-members/pve-dat/terragrunt.hcl    |  14 +-
 .../network-members/pve-debian/terragrunt.hcl |  14 +-
 .../stage/network-members/pve/terragrunt.hcl  |  14 +-
 .../network-members/ryzen/terragrunt.hcl      |  14 +-
 .../stage/network-members/terragrunt.hcl      |  82 +--
 .../stage/network-members/tiny/terragrunt.hcl |  14 +-
 .../stage/network-members/tiny/web-proxy.tf   |  12 +-
 .../network-members/vaporware/terragrunt.hcl  |  14 +-
 terraform/stage/network/dns.tf                |  34 +-
 terraform/stage/network/main.tf               |  42 +-
 terraform/stage/network/terragrunt.hcl        |  12 +-
 terraform/stage/network/variables.tf          |  38 +-
 terraform/stage/network/zt_network.tf         |  64 +--
 .../stage/oracle/instances/citadel/backend.tf |  16 +-
 .../oracle/instances/citadel/providers.tf     |  72 +--
 .../oracle/instances/citadel/terragrunt.hcl   |  14 +-
 .../stage/oracle/instances/terragrunt.hcl     | 146 ++---
 terraform/stage/oracle/network/terragrunt.hcl |  12 +-
 terraform/terragrunt/network_members/main.tf  |  52 +-
 .../terragrunt/network_members/member.tf      |  14 +-
 .../terragrunt/network_members/variables.tf   |  44 +-
 51 files changed, 946 insertions(+), 946 deletions(-)

diff --git a/docs/TODO.md b/docs/TODO.md
index b120526..716fa51 100644
--- a/docs/TODO.md
+++ b/docs/TODO.md
@@ -1,12 +1,12 @@
-## TODOs
-
-- [ ] Remove hardcoded files from nomad templates and replace with consul variables
-- [x] Migrate all images to use the internal registry
-- [x] Create an upgrade script for the internal registry
-  - [ ] Make services restart after job is finished
-- [ ] Fork Trow into Balsa and remove the GRPC copy overhead
-- [ ] Readjust all resources usage
-- [ ] Introduce restart policies and checks to all services
-- [x] Remove unsed files from the repo
-- [x] Update the cluster to ProxMox v8 and Debian 12
-- [x] Update node access to use single-node-writer
+## TODOs
+
+- [ ] Remove hardcoded files from nomad templates and replace with consul variables
+- [x] Migrate all images to use the internal registry
+- [x] Create an upgrade script for the internal registry
+  - [ ] Make services restart after job is finished
+- [ ] Fork Trow into Balsa and remove the GRPC copy overhead
+- [ ] Readjust all resources usage
+- [ ] Introduce restart policies and checks to all services
+- [x] Remove unsed files from the repo
+- [x] Update the cluster to ProxMox v8 and Debian 12
+- [x] Update node access to use single-node-writer
diff --git a/docs/mediacenter.md b/docs/mediacenter.md
index 10ac2fd..c590649 100644
--- a/docs/mediacenter.md
+++ b/docs/mediacenter.md
@@ -1,251 +1,251 @@
-# Media Center Setup
-
-Given the amount of things running, a Pi3 is ideal. It **will** struggle to run it all, specially as the USB and network use a single bus.
-Using torrents (which demands a lot of network) writing to the USB disk (which shares the network bus) **will** make the Pi freeze sometimes.
-
-Just remove the power cable, and restart as necessary.
-Maybe eperiment: celeron ultratop small form PC, Rock64 or Odroid would run them better
-
-Tested on Libreelec 8 and 9.
-
-## Windows Setup
-
-Windows DOES come with Zeroconf/Avahi/Bonjour/mDNS implementatio on recent versions, but I've noticed they don't quite match some avahi versions and fail to find some devices from time to time. Also, some apps would work with the mDNS hostname, while others would ignore it.
-
-It was more reliable to use iTunes Bonjour implementation. Here is the trick:
-
-- Search for iTunes installer (.msi version, not the app store version)
-  - Go to iTunes page on apple.com
-  - Select Download
-  - Avoid the recomendation to use the appstore
-  - Scroll a bit down
-  - Select: Other versions - Windows
-  - The button now should point to the installer
-- Unzip the installer
-- Install only the Bonjour64
-
-## Kodi setup
-
-- Flash Install LibreElec
-  - Simplest flashing tool: Balena Etcher
-- Boot the Pi
-
-Kodi should work out of the box with the remote control of a modern TV (couple of years old).
-If it doesn't work on first boot, it is very likely be caused by bad cabling. It is possible that a cable supports 1080 transmission, but fails to transmit CEC information. Good HDMI cables often come written CEC-compliant or Ethernet or something on these lines on the cable itself, on small white letters.
-
-A good chance of working is HDAMI 1.4 cables.
-
-On the startup, turn on Samba Sharing and SSH services.
-Configure an static IP if you meant to use it as a PiHole instance as well.
-
-It might be necessery a couple for restarts until the NTP sets the time, and Addons are updated.
-Check if the wired or network is connecting on startup. It might need to toggle the autoconnect toggle.
-
-### Addons
-
-You might be interested in adding a Subtitle provider. There is Legendas.TV and Subscene providers, and a AutoSub service available.
-
-Install Docker, which will be our main tool to run services on Kodi.
-
-### Network
-
-To make use of Zerotier, and have a p2p VPN access to the device, it is important to ask the network manager to not manage the zt interface
-(as of I'm writing).
-
-```sh
-cp /etc/connman/main.conf /storage/.config/connman_main.conf
-## Edit the file to ignore zt interfaces and reboot
-## https://github.com/LibreELEC/LibreELEC.tv/commit/7cee2a095cb6c9126971afc58c145aad473fe7d7
-## This will not be necessary in future releases
-```
-
-If you intend to use PiHole, you need to manually setup the ip, make it static.
-You may do this over ssh using `connmanctl`.
-
-### Transmission
-
-Edit settings to enable other devices to connect:
-
-```sh
-docker stop transmission
-
-## Enable RPC password
-## add a username
-## add a plaintext password (will be hashed automatically later)
-## Add RPC host list and enable:
-### Eg: 127.0.0.1,192.168.0.*
-```
-
-### Sonarr/Radarr
-
-- Add Transmission as client
-- Enable rename
-- :warning: Don't add series with Monitor all by default, it is very heavy to update a lot of seasons at once with a Pi
-- Connect: Kodi
-- Add indexers using Jackett
-
-## File Sharing
-
-Kodi comes with SMB service available, but [due to limitations on VLC (libdsm)](https://github.com/videolabs/libdsm/issues/110), both Desktop and Android, it is not possible to use use newer versions of SMB protocol.
-
-This means we need to enable the CIFS/SMB 1.0 protocol on Kodi, even tho that is not that much secure.
-What we do for convenience.
-
-Head to Settings, and change the Minimum and Maxium to SMB 1.
-
-That also means that we need to enable SMB/CIFS 1.0 protocol on Windows 10.
-Since April 2018, Windows have disabled SMB1 as it is not secure. But you have still the option to enable the client and server discovery. [Better documented here](https://support.microsoft.com/pt-br/help/2696547/how-to-detect-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and)
-
-After enabling (there might be some restarts needed), you should be able to acess the files on the network folder.
-
-## PiHole
-
-PiHole is capable to run from Docker. After giving the node a static ip in the network, start it and configure the DHCP server on the router.
-
-## Scripted setup
-
-```sh
-DOWNLOADS=/storage/<hdname>/Downloads
-MOVIES=/storage/<hdname>/Series
-SERIES=/storage/<hdname>/Movies
-SYNCTHING=/storage/<hdname>/Syncthing
-USERNAME=<username>
-PASSWORD=<password>
-CONFIG_FOLDER=/storage
-TZ=America/Sao_Paulo
-
-pihole() {
-  #IP=
-  #IPv6=
-  WEBPASSWORD="$PASSWORD"
-
-  IP_LOOKUP="$(ip route get 8.8.8.8 | awk '{for(i=1;i<=NF;i++) if ($i=="src") print $(i+1)}')"
-  IPv6_LOOKUP="$(ip -6 route get 2001:4860:4860::8888 | awk '{for(i=1;i<=NF;i++) if ($i=="src") print $(i+1)}')"
-  IP="${IP:-$IP_LOOKUP}"       # use $IP, if set, otherwise IP_LOOKUP
-  IPv6="${IPv6:-$IPv6_LOOKUP}" # use $IPv6, if set, otherwise IP_LOOKUP
-
-  echo "### Make sure your IPs are correct, hard code ServerIP ENV VARs if necessary\nIP: ${IP}\nIPv6: ${IPv6}"
-  docker run -d \
-    --name pihole-ng \
-    -p 53:53/tcp -p 53:53/udp \
-    -p 67:67/udp \
-    -p 80:80 \
-    -p 443:443 \
-    -v "${CONFIG_FOLDER}/pihole/pihole:/etc/pihole/" \
-    -v "${CONFIG_FOLDER}/pihole/dnsmasq.d/:/etc/dnsmasq.d/" \
-    -e ServerIP="${IP}" \
-    -e ServerIPv6="${IPv6}" \
-    -e IPv6=true \
-    -e WEBPASSWORD \
-    -e TZ \
-    -e DNS1=1.0.0.1 \
-    -e DNS2=8.8.8.8 \
-    --restart=unless-stopped \
-    --cap-add=NET_ADMIN \
-    --dns=127.0.0.1 --dns=1.0.0.1 \
-    pihole/pihole:latest
-
-  echo -n "Your password for https://${IP}/admin/ is "
-  docker logs pihole-ng 2>/dev/null | grep 'password'
-}
-
-syncthing() {
-  docker run --name=syncthing \
-    -e GUI_USERNAME="$USERNAME" \
-    -e GUI_PASSWORD_PLAIN="$PASSWORD" \
-    -e UID=0 -e GID=0 \
-    -v "${CONFIG_FOLDER}/syncthing/:/syncthing/config" \
-    -v "${SYNCTHING}/:/syncthing/data" \
-    --network=host \
-    --restart=unless-stopped -d \
-    funkyfuture/rpi-syncthing
-}
-
-transmission() {
-  docker run --name=transmission \
-    -v /storage/transmission:/config \
-    -v "${DOWNLOADS}/:/downloads" \
-    -v "${DOWNLOADS}/watch:/watch" \
-    -e PGID=0 -e PUID=0 \
-    -e TZ \
-    -p 9091:9091 \
-    --net=host \
-    --restart=unless-stopped -d \
-    lsioarmhf/transmission
-}
-
-sonarr() {
-  docker run \
-    --name sonarr \
-    -p 8989:8989 \
-    -e PUID=0 -e PGID=0 \
-    -e TZ \
-    -v "${CONFIG_FOLDER}/sonarr:/config" \
-    -v "${SERIES}/:/tv" \
-    -v "${DOWNLOADS}:/downloads" \
-    --net=host \
-    --restart=unless-stopped -d \
-    lsioarmhf/sonarr
-}
-
-jackett() {
-  docker run --name=jackett \
-    -v "${CONFIG_FOLDER}/jackett:/config" \
-    -v "${DOWNLOADS}/:/downloads" \
-    -e PGID=0 -e PUID=0 \
-    -e TZ \
-    -p 9117:9117 \
-    --net=host \
-    --restart=unless-stopped -d \
-    lsioarmhf/jackett
-}
-
-radarr() {
-  docker run --name=radarr \
-    -v "${CONFIG_FOLDER}/radarr:/config" \
-    -v "${DOWNLOADS}/:/downloads" \
-    -v "${MOVIES}/:/movies" \
-    -e PGID=0 -e PUID=0 \
-    -e TZ \
-    -p 7878:7878 \
-    --net=host \
-    --restart=unless-stopped -d \
-    lsioarmhf/radarr
-}
-
-bazarr() {
-  docker run --name=bazarr \
-    -v "${CONFIG_FOLDER}/bazarr:/config" \
-    -v "${MOVIES}/:/movies" \
-    -v "${SERIES}/:/tv" \
-    -e PGID=0 -e PUID=0 \
-    -e TZ \
-    -p 6767:6767 \
-    --net=host \
-    --restart=unless-stopped -d \
-    lsioarmhf/bazarr
-}
-
-zerotier() {
-  docker run --name zerotier \
-    --device=/dev/net/tun \
-    --net=host \
-    --cap-add=NET_ADMIN \
-    --cap-add=SYS_ADMIN \
-    -v "${CONFIG_FOLDER}/zerotier-one:/var/lib/zerotier-one" \
-    --restart=unless-stopped -d \
-    bltavares/zerotier
-}
-
-zerotier-join() {
-    docker exec zerotier zerotier-cli join $1
-}
-
-## libreelec: defualt hostname
-# kodi: http://libreelec.local:8080/
-# transmission: http://libreelec.local:9091/
-# sonarr: http://libreelec.local:8989/
-# jackett: http://libreelec.local:9117/
-# radarr: http://libreelec.local:7878/
-# bazarr: http://libreelec.local:6767/
+# Media Center Setup
+
+Given the amount of things running, a Pi3 is ideal. It **will** struggle to run it all, specially as the USB and network use a single bus.
+Using torrents (which demands a lot of network) writing to the USB disk (which shares the network bus) **will** make the Pi freeze sometimes.
+
+Just remove the power cable, and restart as necessary.
+Maybe eperiment: celeron ultratop small form PC, Rock64 or Odroid would run them better
+
+Tested on Libreelec 8 and 9.
+
+## Windows Setup
+
+Windows DOES come with Zeroconf/Avahi/Bonjour/mDNS implementatio on recent versions, but I've noticed they don't quite match some avahi versions and fail to find some devices from time to time. Also, some apps would work with the mDNS hostname, while others would ignore it.
+
+It was more reliable to use iTunes Bonjour implementation. Here is the trick:
+
+- Search for iTunes installer (.msi version, not the app store version)
+  - Go to iTunes page on apple.com
+  - Select Download
+  - Avoid the recomendation to use the appstore
+  - Scroll a bit down
+  - Select: Other versions - Windows
+  - The button now should point to the installer
+- Unzip the installer
+- Install only the Bonjour64
+
+## Kodi setup
+
+- Flash Install LibreElec
+  - Simplest flashing tool: Balena Etcher
+- Boot the Pi
+
+Kodi should work out of the box with the remote control of a modern TV (couple of years old).
+If it doesn't work on first boot, it is very likely be caused by bad cabling. It is possible that a cable supports 1080 transmission, but fails to transmit CEC information. Good HDMI cables often come written CEC-compliant or Ethernet or something on these lines on the cable itself, on small white letters.
+
+A good chance of working is HDAMI 1.4 cables.
+
+On the startup, turn on Samba Sharing and SSH services.
+Configure an static IP if you meant to use it as a PiHole instance as well.
+
+It might be necessery a couple for restarts until the NTP sets the time, and Addons are updated.
+Check if the wired or network is connecting on startup. It might need to toggle the autoconnect toggle.
+
+### Addons
+
+You might be interested in adding a Subtitle provider. There is Legendas.TV and Subscene providers, and a AutoSub service available.
+
+Install Docker, which will be our main tool to run services on Kodi.
+
+### Network
+
+To make use of Zerotier, and have a p2p VPN access to the device, it is important to ask the network manager to not manage the zt interface
+(as of I'm writing).
+
+```sh
+cp /etc/connman/main.conf /storage/.config/connman_main.conf
+## Edit the file to ignore zt interfaces and reboot
+## https://github.com/LibreELEC/LibreELEC.tv/commit/7cee2a095cb6c9126971afc58c145aad473fe7d7
+## This will not be necessary in future releases
+```
+
+If you intend to use PiHole, you need to manually setup the ip, make it static.
+You may do this over ssh using `connmanctl`.
+
+### Transmission
+
+Edit settings to enable other devices to connect:
+
+```sh
+docker stop transmission
+
+## Enable RPC password
+## add a username
+## add a plaintext password (will be hashed automatically later)
+## Add RPC host list and enable:
+### Eg: 127.0.0.1,192.168.0.*
+```
+
+### Sonarr/Radarr
+
+- Add Transmission as client
+- Enable rename
+- :warning: Don't add series with Monitor all by default, it is very heavy to update a lot of seasons at once with a Pi
+- Connect: Kodi
+- Add indexers using Jackett
+
+## File Sharing
+
+Kodi comes with SMB service available, but [due to limitations on VLC (libdsm)](https://github.com/videolabs/libdsm/issues/110), both Desktop and Android, it is not possible to use use newer versions of SMB protocol.
+
+This means we need to enable the CIFS/SMB 1.0 protocol on Kodi, even tho that is not that much secure.
+What we do for convenience.
+
+Head to Settings, and change the Minimum and Maxium to SMB 1.
+
+That also means that we need to enable SMB/CIFS 1.0 protocol on Windows 10.
+Since April 2018, Windows have disabled SMB1 as it is not secure. But you have still the option to enable the client and server discovery. [Better documented here](https://support.microsoft.com/pt-br/help/2696547/how-to-detect-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and)
+
+After enabling (there might be some restarts needed), you should be able to acess the files on the network folder.
+
+## PiHole
+
+PiHole is capable to run from Docker. After giving the node a static ip in the network, start it and configure the DHCP server on the router.
+
+## Scripted setup
+
+```sh
+DOWNLOADS=/storage/<hdname>/Downloads
+MOVIES=/storage/<hdname>/Series
+SERIES=/storage/<hdname>/Movies
+SYNCTHING=/storage/<hdname>/Syncthing
+USERNAME=<username>
+PASSWORD=<password>
+CONFIG_FOLDER=/storage
+TZ=America/Sao_Paulo
+
+pihole() {
+  #IP=
+  #IPv6=
+  WEBPASSWORD="$PASSWORD"
+
+  IP_LOOKUP="$(ip route get 8.8.8.8 | awk '{for(i=1;i<=NF;i++) if ($i=="src") print $(i+1)}')"
+  IPv6_LOOKUP="$(ip -6 route get 2001:4860:4860::8888 | awk '{for(i=1;i<=NF;i++) if ($i=="src") print $(i+1)}')"
+  IP="${IP:-$IP_LOOKUP}"       # use $IP, if set, otherwise IP_LOOKUP
+  IPv6="${IPv6:-$IPv6_LOOKUP}" # use $IPv6, if set, otherwise IP_LOOKUP
+
+  echo "### Make sure your IPs are correct, hard code ServerIP ENV VARs if necessary\nIP: ${IP}\nIPv6: ${IPv6}"
+  docker run -d \
+    --name pihole-ng \
+    -p 53:53/tcp -p 53:53/udp \
+    -p 67:67/udp \
+    -p 80:80 \
+    -p 443:443 \
+    -v "${CONFIG_FOLDER}/pihole/pihole:/etc/pihole/" \
+    -v "${CONFIG_FOLDER}/pihole/dnsmasq.d/:/etc/dnsmasq.d/" \
+    -e ServerIP="${IP}" \
+    -e ServerIPv6="${IPv6}" \
+    -e IPv6=true \
+    -e WEBPASSWORD \
+    -e TZ \
+    -e DNS1=1.0.0.1 \
+    -e DNS2=8.8.8.8 \
+    --restart=unless-stopped \
+    --cap-add=NET_ADMIN \
+    --dns=127.0.0.1 --dns=1.0.0.1 \
+    pihole/pihole:latest
+
+  echo -n "Your password for https://${IP}/admin/ is "
+  docker logs pihole-ng 2>/dev/null | grep 'password'
+}
+
+syncthing() {
+  docker run --name=syncthing \
+    -e GUI_USERNAME="$USERNAME" \
+    -e GUI_PASSWORD_PLAIN="$PASSWORD" \
+    -e UID=0 -e GID=0 \
+    -v "${CONFIG_FOLDER}/syncthing/:/syncthing/config" \
+    -v "${SYNCTHING}/:/syncthing/data" \
+    --network=host \
+    --restart=unless-stopped -d \
+    funkyfuture/rpi-syncthing
+}
+
+transmission() {
+  docker run --name=transmission \
+    -v /storage/transmission:/config \
+    -v "${DOWNLOADS}/:/downloads" \
+    -v "${DOWNLOADS}/watch:/watch" \
+    -e PGID=0 -e PUID=0 \
+    -e TZ \
+    -p 9091:9091 \
+    --net=host \
+    --restart=unless-stopped -d \
+    lsioarmhf/transmission
+}
+
+sonarr() {
+  docker run \
+    --name sonarr \
+    -p 8989:8989 \
+    -e PUID=0 -e PGID=0 \
+    -e TZ \
+    -v "${CONFIG_FOLDER}/sonarr:/config" \
+    -v "${SERIES}/:/tv" \
+    -v "${DOWNLOADS}:/downloads" \
+    --net=host \
+    --restart=unless-stopped -d \
+    lsioarmhf/sonarr
+}
+
+jackett() {
+  docker run --name=jackett \
+    -v "${CONFIG_FOLDER}/jackett:/config" \
+    -v "${DOWNLOADS}/:/downloads" \
+    -e PGID=0 -e PUID=0 \
+    -e TZ \
+    -p 9117:9117 \
+    --net=host \
+    --restart=unless-stopped -d \
+    lsioarmhf/jackett
+}
+
+radarr() {
+  docker run --name=radarr \
+    -v "${CONFIG_FOLDER}/radarr:/config" \
+    -v "${DOWNLOADS}/:/downloads" \
+    -v "${MOVIES}/:/movies" \
+    -e PGID=0 -e PUID=0 \
+    -e TZ \
+    -p 7878:7878 \
+    --net=host \
+    --restart=unless-stopped -d \
+    lsioarmhf/radarr
+}
+
+bazarr() {
+  docker run --name=bazarr \
+    -v "${CONFIG_FOLDER}/bazarr:/config" \
+    -v "${MOVIES}/:/movies" \
+    -v "${SERIES}/:/tv" \
+    -e PGID=0 -e PUID=0 \
+    -e TZ \
+    -p 6767:6767 \
+    --net=host \
+    --restart=unless-stopped -d \
+    lsioarmhf/bazarr
+}
+
+zerotier() {
+  docker run --name zerotier \
+    --device=/dev/net/tun \
+    --net=host \
+    --cap-add=NET_ADMIN \
+    --cap-add=SYS_ADMIN \
+    -v "${CONFIG_FOLDER}/zerotier-one:/var/lib/zerotier-one" \
+    --restart=unless-stopped -d \
+    bltavares/zerotier
+}
+
+zerotier-join() {
+    docker exec zerotier zerotier-cli join $1
+}
+
+## libreelec: defualt hostname
+# kodi: http://libreelec.local:8080/
+# transmission: http://libreelec.local:9091/
+# sonarr: http://libreelec.local:8989/
+# jackett: http://libreelec.local:9117/
+# radarr: http://libreelec.local:7878/
+# bazarr: http://libreelec.local:6767/
 ```
\ No newline at end of file
diff --git a/docs/secrets.md b/docs/secrets.md
index 56e75be..695a3f6 100644
--- a/docs/secrets.md
+++ b/docs/secrets.md
@@ -1,8 +1,8 @@
-# Secrets
-
-Secrets are stored using `git-crypt`.
-
-```sh
-# unlock
-git crypt unlock <(cat | base64 -d)
+# Secrets
+
+Secrets are stored using `git-crypt`.
+
+```sh
+# unlock
+git crypt unlock <(cat | base64 -d)
 ```
\ No newline at end of file
diff --git a/kickstart/files/godns.service b/kickstart/files/godns.service
index 61ca183..9a57fe3 100644
--- a/kickstart/files/godns.service
+++ b/kickstart/files/godns.service
@@ -1,12 +1,12 @@
-[Unit]
-Description=GoDNS Service
-After=network.target
-
-[Service]
-ExecStart=/usr/local/bin/godns -c=/etc/godns.json
-Restart=always
-KillMode=process
-RestartSec=2s
-
-[Install]
+[Unit]
+Description=GoDNS Service
+After=network.target
+
+[Service]
+ExecStart=/usr/local/bin/godns -c=/etc/godns.json
+Restart=always
+KillMode=process
+RestartSec=2s
+
+[Install]
 WantedBy=multi-user.target
\ No newline at end of file
diff --git a/kickstart/files/godns6.service b/kickstart/files/godns6.service
index 140c1be..ebcfb12 100644
--- a/kickstart/files/godns6.service
+++ b/kickstart/files/godns6.service
@@ -1,12 +1,12 @@
-[Unit]
-Description=GoDNS Service for Ipv6
-After=network.target
-
-[Service]
-ExecStart=/usr/local/bin/godns -c=/etc/godns6.json
-Restart=always
-KillMode=process
-RestartSec=2s
-
-[Install]
+[Unit]
+Description=GoDNS Service for Ipv6
+After=network.target
+
+[Service]
+ExecStart=/usr/local/bin/godns -c=/etc/godns6.json
+Restart=always
+KillMode=process
+RestartSec=2s
+
+[Install]
 WantedBy=multi-user.target
\ No newline at end of file
diff --git a/kickstart/files/nomad/archiver.hcl b/kickstart/files/nomad/archiver.hcl
index f884b87..9c5ccb6 100644
--- a/kickstart/files/nomad/archiver.hcl
+++ b/kickstart/files/nomad/archiver.hcl
@@ -1,15 +1,15 @@
-plugin "docker" {
-  config {
-    allow_privileged = true
-    volumes {
-      enabled = true
-    }
-  }
-}
-
-client {
-  reserved {
-    cpu    = 1000
-    memory = 3072
-  }
+plugin "docker" {
+  config {
+    allow_privileged = true
+    volumes {
+      enabled = true
+    }
+  }
+}
+
+client {
+  reserved {
+    cpu    = 1000
+    memory = 3072
+  }
 }
\ No newline at end of file
diff --git a/kickstart/files/nomad/citadel.hcl b/kickstart/files/nomad/citadel.hcl
index 918835d..f70787c 100644
--- a/kickstart/files/nomad/citadel.hcl
+++ b/kickstart/files/nomad/citadel.hcl
@@ -1,3 +1,3 @@
-client {
-  enabled = false
+client {
+  enabled = false
 }
\ No newline at end of file
diff --git a/nomad/ingress/ssb.toml.tpl b/nomad/ingress/ssb.toml.tpl
index 192ad04..2a4f7d7 100644
--- a/nomad/ingress/ssb.toml.tpl
+++ b/nomad/ingress/ssb.toml.tpl
@@ -1,15 +1,15 @@
-
-[[tcp.services.ssb-shs.loadBalancer.servers]]
-  address = "ssb-shs.bltavares.com:8008"
-[tcp.routers.ssb-shs]
-  entryPoints = ["ssb-shs"]
-  rule = "HostSNI(`*`)"
-  service = "ssb-shs"
-
-[[tcp.services.ssh-shs-web.loadBalancer.servers]]
-  address = "ssb-shs.bltavares.com:8443"
-[tcp.routers.ssh-shs-web]
-  entryPoints = ["ssl"]
-  rule = "HostSNI(`ssb.bltavares.com`) || HostSNIRegexp(`{subdomain:[a-z]+}.ssb.bltavares.com`)"
-  service = "ssh-shs-web"
+
+[[tcp.services.ssb-shs.loadBalancer.servers]]
+  address = "ssb-shs.bltavares.com:8008"
+[tcp.routers.ssb-shs]
+  entryPoints = ["ssb-shs"]
+  rule = "HostSNI(`*`)"
+  service = "ssb-shs"
+
+[[tcp.services.ssh-shs-web.loadBalancer.servers]]
+  address = "ssb-shs.bltavares.com:8443"
+[tcp.routers.ssh-shs-web]
+  entryPoints = ["ssl"]
+  rule = "HostSNI(`ssb.bltavares.com`) || HostSNIRegexp(`{subdomain:[a-z]+}.ssb.bltavares.com`)"
+  service = "ssh-shs-web"
   tls = { passthrough = true }
\ No newline at end of file
diff --git a/secrets/oracle/private.pem b/secrets/oracle/private.pem
index a2e3489d6f4d8cd17a3fe3c9fae1481fca4b99df..3c181573011e6406e349b8268e709fcd30c65c9d 100644
GIT binary patch
literal 1729
zcmV;y20r-!M@dveQdv+`0AA2q=WIX17ePiI%--7O;VE}4=RW<+Z9VBV?Q!&7Oc`kX
z)>Dj-Hm1p1JG5l2<$O>*JM{2vhcKW=)u(9U>QhSW2k8wKeOvq`vd?eGGtn<`kO=%b
z54N^O2uAt0f9(cuZTwcJEv13g*RIkCHz1sR!>R|;T_9dcTDkp^0^$0ek+0$9A(+cz
z=tQW9n52ALb{Hy3+pFX%7{NJ8fe>XTB+Z4nxJjgXaH6D)`r!Mr;Lx3zNgp^H6iFaE
zlj>xKTuwk})W%y!(y~2MiIX(xI{~EN`F4bWkuS;Ve6}18#cR}!T?)royU3d8&@F;G
zl>DNmb`=ASPaNIc>vA4uTD<v6+lQ@6xv%KD@PoEZif0;60vgQ6b=Kf*=Y{7{BOk#0
z3-mc&#T?p&+<qs`d%@F)=b8Ak)>m_`rF)={1z$&cE`AzUn=kDf#`#kiMPtTwhy=Ax
zM89GtDs~b3XXL&Z;$CL%``J^vS{IDpaO!qm%Wquw*^bW!$3REPd%FGOO#!@c&j_sD
zn{pxUP&F47PPI7-*SBPeFCyXU{NjXZdH5lyk&O3KC4og~LT`eCv4pfY$HEu!$xRnP
zNxQkp?Gc6=9XJ$(UAX<YP>{M-6uUP>xDMxeabzAFCb*$4GJC<gL{9-OhgBtyB@id~
zwJb|8$5<9-8lJYXq%iSiHor?$INKtq35k|d2Oyu}WxmL@_GiQY{PQy~b9<<~sgF1I
z6Xkb|d1vTFi2QY;r0nUjF_E-mbBC>6)|ds_;uMS`-~5JC4Q@1&OQBGycOIIYY9ug7
zX1d38EZ5%IWhkMrwzc391Z>Po0TNn#r!9;<xmtpWg<7yqHcW#lZJ0+GOe=3{jI!aD
zbZ*Ho>GAVq6LAUu%9yRjb41=i!|O$>#K0S%2S>tOP+P5e@Lv0{B}i9%syo?rFnf~7
zQhV$NGz6?|dhG~c=$Q(q9RKt}|JTvX_X9GahTCKG43ioJT}UjmJZ;H+n}Brg9%s_Z
zz=<Ta7jAu4btMjL&Z(Mcv8v%k1(1b`VyM=F<Hf||qq4K8iKu6F%@@L1GM?(hA-X?Z
z4?OESN38Y{)LYt-Mk50M1-fw~&MT!+Nw!V*H8VEYN-+7byBg&MGgqcrl$bmT!G=Rn
z{P*#%b2B%P9gSt6R%Z1a4Cfh0yy@H{RW&xjT)oc#R(s81VD4?$A}tQA5#jF`<sAk3
z<#*|x=)5~BQXZ~e5S6W^>)LC$2Plt}I=N4w59{(*KSB&{m>^P`DmpI~9&HBfgX?Q6
zOT_!^>-+7W&tmyZ#ALy^s1Md~01xHy83&RF;?W><HiP%}^H~eSet}`NN(7(@WcdBY
zbqBt;q)%s}IFMJ_)?kL{yLflF12x(GpW%d~-#f&@T<H(1<@pXox$B})v1UqCnzd@E
zJ0HgatWDw?fn(g9G&KOiq<f!!?Op)4PoyTP|1mDICslOypeyl}!5^!<X5d0i3q1na
z?Z+11+n@8i4E;aGLd`)(KHk{FJ(nBcwNU-&$0Ynyq29cwN!l0a%!w+II?4$crr}{S
z_?_xUa=Lm<u2&-+ok3QtV(I!Ics=9cZHua75niPUbw0p;2s-}0P`%FnF)Oa57iS3?
z*L=y5vdV)Y*IjAF=2MEj;Q9^o;IKfKn3*sA>k5h$dbmYr)oo`win5EIu|UhX$r)Tk
zuyNO>nL8kF5|kEV3j2@dBJ#70w`wd?6M$mmPqLIt(-cU=TfA3Gb8Z*s)l>8?hznk`
zOIyPyqno};;T?AdAlL7+cWd4=`D{AJa#yk62_9{=G2<?KG&FvX0MlS#ZBNhvW#SfO
z!+3bHPpLwQ^1d}lfIOma!)+_}^gP_ErfndmXJ;MfV{TM_;I?u$YLR*!ff5@liK#jd
zaveVf5+1V$Ay=%)_#YNylynyq{I?#zAoI}d&ewZ~dD%kCxprqF6(o{zEzs=gPhAMJ
zk@|gqG}Q5?j5;4HsaNWgLB=YMvX+40%v4g{oE0L)dOP}F&g(82>+B`WbS0Pi7sEy@
zv0s51#S5p^G!2@q#0BnjgPIj!at+{>0biTVKGLiAL01N3JRk@4aUl?jw1YhYV1V~M
z0CS{Fi=5)U-J3_D`fI=wmZ#FF6y~vF!tW|6g9Z2l-)17MeHpQX8jdf4OMJ+3|MR@B
z3JZ2vUuHbG(eoKggy1De*x3*tNQ^3=iRi903sZcpV0W4j$|g080UYH<l<;_5nCtMW
X{D3<mb=#l0KNn;G;~M9in2nEen8RNY

literal 1756
zcmV<21|#_ZM@dveQdv+`02jNxJS?%#3v0_S`XHJ@E_*=LdR*bHa$t?7Xdf>lKy8*&
zPvpY3$mS5<3<T$yGJZau^O$ycX6$c-T<oy_OM2mhTVJoHWlbc=aDQ8*yRu17BX6j2
zR|LVR6)=w)MxT3ZhBSk^0tF?_hak-W#>v^cEj?IW_ZCMHwKdXXo8k4V_QopJY<C~p
zJByYtF*6SH0;gVS9_e0j?fqWrUA%!2rt`?;SoFKGhD3(F2xt<^flSCse1GTnYBo(>
z7AaXQ!c6<QdP5Af)uT?^KQ2b)x>7Rs{<H~>0HO(1p#NDMBq3v!{8Z1#)a^-mo&u^y
zY95_<-{!Al3|PR6d4ajjhsJX3zGTCa;Bom9ifgs)PDU3;tMoswFH8;Pfd$=P309aX
z11V3MS662X{!LM*E^OLd6v0&gIq=Q&nFfE(v0-)6AUG;GU94k15n+E^u7$FVhoKy4
zW*g7AnE4wA&ZsTt*5yXy677wT$}X3rBRM5gA8ICP*Qo|yUQwJjAlbANLc!^!5Py*I
zDOc}ralxz0@?v=e-FqZ<vWPc;ei<~L*xHD#Z-^Xi*6OzZ=}?Cv`6m~m&*ybzsp}dp
z@;nM$2FLQyqQTCEi^Qdwc^U_JI{yDxF*7%0J57)MaUSann5ln&o?mscF6Fp4l)V7!
zCW+h;EjP3*KV3p7wRshHw48y<IE`)XTvK<93a4>X;o8m{FsS><TPECF<X3U~b`h3&
zevx^swkL;{;2wpu(U-m&`?vHvR4-+&-Q9<&hD9km#99mN(q){p5DT|&X`SE|xpBIb
z>y1HFfoI~kp;2ZW-S#=|wdZ;G9d$md99>Q76ITWk1HBBcBu)yoVIZ1#VP<P9vj3VF
z?h^B_KK`1)`l^1_agK}Rwc{ghEp0X67X+#J?Z%%&XL7EVMq$D)>W6FzE<HB`XIn`^
zs;yn64<lYN0bGe+jB9eS;20urm_GaH*nUzk4Qg>5^6Ih+@pNtLO;Ew7vJ(<ALx(4k
zYT0o{rg&VhiB6#Eale(z`{nm}C5L>JCjVRfS)R*Oi*<$Mz#yua9hlVp_NjB`2glQ(
z26Jt)-hE0Yh>to6F$za6Jw2<xv($173ci(G>?Nr|5HGcUD8^*EbDRubxM21fP@%}H
z!v&ZIwGV5(G*E8!p}&dLp`;*=i_>B+jFJ@{V!MYwzVu#8p;XFWgno<m3#<2u%;qi?
zOGXiw%7{cKh+0}X*V^yP=P-BGfxW08r0PD<XV?LA|4$_OV-SYgXJc8x`F1H1KQok0
zP8k|J@=3%Mlj<`-^VKqqW+A3NpMWQC)#y8HMrpob;Q<=%YDlI@TfH_}VWfxVZ|kU(
zlPDlr$}e}#OL;11)gdGQ!84;Blg`?RGqo}H7XEE!Oh=AT$bcjO$nUZ`s${XU1G2m&
z@YA$i6xSjq{jNT58xqU~OE#1i+Fk$S=r?m5qpq-8+}!*{b5zcVB55)SaG07<Q3p1|
z>mSLZ^7~`rQ;=A)158bTV6KTnnyXhGHP&D?jNTrp)Rgu<SJ|gP&O9zt1sTpEVL0EO
z^R;dMW=C<dG)X0jv}_Ak!P6DPglN07jALMVc~*kalBlGFjoNJ_Z^2uNtER6JnE^Q5
zw`!T61w8a%3WAM`Qi!1<WUa;W1;Xp6_t_`M{1ighUd_fRP<AG?<?tk}l*Fk^WnTPb
zpVv*hciZyt-|3InJvm8C@w9P&K`h~pi6*YZv7%So7Nt5^IDq;9P>{*h__zeSc6T>j
zVIIum<Vsx*{~s8bqp85w{duv5`+^fd=7eq&jk&fKI(6#$Kg{gG@kDUDgDVA5iWaI3
zluMvePe&5hnnaGZ&dNM_;#p@gI#@zi#vohKpyYx)1Kxs93E_FGB$=`vdT(KWqJzUF
z7`SZp-3LD$$#at<*XbF#d5%e2oc9ef*q#5$%#8liKW>f$mcrKNPd>Z{b>pTpEV$NS
zVSGN2l)ZPdiKI29>4c{XCM!Ix-C{?7H`tk4QT**jAr6WZG-C#SLV79Hx@PfFY5REx
z#)oRKjBn#6gUiLAy_cqScNnT+sV#09<wtco+l3!CC4UB50=pm}8&yoSSDT*EhWSBr
z=|JB~POjL{<+BqYdx_^rr!o|HmYhTE%Q5dmF!Z-(KTsBp*=>QeGlqLx<DU8^*DXH{
z8wk}v1_Nv<NCjn!#=j*fSrT*5V%OH`*175X&ef2UIxo1(3e)56YZIv&GwPojtDu;3
y8BaTNYqJboUA+%1BZR${`~J#854?z&D~U&wBlYC+{J1Fj=c8vUv5^CPZ<&Z>SYsCe

diff --git a/terraform/modules/dns/main.tf b/terraform/modules/dns/main.tf
index c420a7b..60fd86d 100644
--- a/terraform/modules/dns/main.tf
+++ b/terraform/modules/dns/main.tf
@@ -1,21 +1,21 @@
-
-resource "cloudflare_record" "zt6plane" {
-  zone_id = var.zone_id
-  name    = var.domain
-  type    = "AAAA"
-  value   = var.zt_addresses.zt6plane_address
-}
-
-resource "cloudflare_record" "ztrfc" {
-  zone_id = var.zone_id
-  name    = var.domain
-  type    = "AAAA"
-  value   = var.zt_addresses.rfc4193_address
-}
-
-resource "cloudflare_record" "ztdhcp" {
-  zone_id = var.zone_id
-  name    = var.domain
-  type    = "A"
-  value   = element(tolist(var.zt_addresses.ipv4_assignments), 0)
-}
+
+resource "cloudflare_record" "zt6plane" {
+  zone_id = var.zone_id
+  name    = var.domain
+  type    = "AAAA"
+  value   = var.zt_addresses.zt6plane_address
+}
+
+resource "cloudflare_record" "ztrfc" {
+  zone_id = var.zone_id
+  name    = var.domain
+  type    = "AAAA"
+  value   = var.zt_addresses.rfc4193_address
+}
+
+resource "cloudflare_record" "ztdhcp" {
+  zone_id = var.zone_id
+  name    = var.domain
+  type    = "A"
+  value   = element(tolist(var.zt_addresses.ipv4_assignments), 0)
+}
diff --git a/terraform/modules/dns/variables.tf b/terraform/modules/dns/variables.tf
index c5249c8..3a66d4b 100644
--- a/terraform/modules/dns/variables.tf
+++ b/terraform/modules/dns/variables.tf
@@ -1,15 +1,15 @@
-variable "zone_id" {
-  type = string
-}
-
-variable "zt_addresses" {
-  type = object({
-    zt6plane_address = string,
-    rfc4193_address  = string,
-    ipv4_assignments = list(string)
-  })
-}
-
-variable "domain" {
-  type = string
-}
+variable "zone_id" {
+  type = string
+}
+
+variable "zt_addresses" {
+  type = object({
+    zt6plane_address = string,
+    rfc4193_address  = string,
+    ipv4_assignments = list(string)
+  })
+}
+
+variable "domain" {
+  type = string
+}
diff --git a/terraform/modules/network_member/main.tf b/terraform/modules/network_member/main.tf
index bda1809..40a16f5 100644
--- a/terraform/modules/network_member/main.tf
+++ b/terraform/modules/network_member/main.tf
@@ -1,22 +1,22 @@
-terraform {
-  required_providers {
-    zerotier = {
-      source  = "bltavares/zerotier"
-      version = "~> 0.3.0"
-    }
-  }
-}
-
-resource "zerotier_member" "node" {
-  node_id        = var.zerotier_member.node_id
-  network_id     = var.zerotier_network_id
-  name           = var.zerotier_member.name
-  ip_assignments = var.zerotier_member.assignment_ips
-}
-
-module "dns" {
-  source       = "../dns"
-  zone_id      = var.zone_id
-  domain       = "${var.zerotier_member.name}.zerotier"
-  zt_addresses = zerotier_member.node
-}
+terraform {
+  required_providers {
+    zerotier = {
+      source  = "bltavares/zerotier"
+      version = "~> 0.3.0"
+    }
+  }
+}
+
+resource "zerotier_member" "node" {
+  node_id        = var.zerotier_member.node_id
+  network_id     = var.zerotier_network_id
+  name           = var.zerotier_member.name
+  ip_assignments = var.zerotier_member.assignment_ips
+}
+
+module "dns" {
+  source       = "../dns"
+  zone_id      = var.zone_id
+  domain       = "${var.zerotier_member.name}.zerotier"
+  zt_addresses = zerotier_member.node
+}
diff --git a/terraform/modules/network_member/outputs.tf b/terraform/modules/network_member/outputs.tf
index 241b2cd..3b7f3df 100644
--- a/terraform/modules/network_member/outputs.tf
+++ b/terraform/modules/network_member/outputs.tf
@@ -1,3 +1,3 @@
-output "addresses" {
-  value = zerotier_member.node
-}
+output "addresses" {
+  value = zerotier_member.node
+}
diff --git a/terraform/modules/network_member/variables.tf b/terraform/modules/network_member/variables.tf
index e1e7fec..d55ad1e 100644
--- a/terraform/modules/network_member/variables.tf
+++ b/terraform/modules/network_member/variables.tf
@@ -1,15 +1,15 @@
-variable "zerotier_member" {
-  type = object({
-    name           = string
-    node_id        = string,
-    assignment_ips = list(string)
-  })
-}
-
-variable "zerotier_network_id" {
-  type = string
-}
-
-variable "zone_id" {
-  type = string
-}
+variable "zerotier_member" {
+  type = object({
+    name           = string
+    node_id        = string,
+    assignment_ips = list(string)
+  })
+}
+
+variable "zerotier_network_id" {
+  type = string
+}
+
+variable "zone_id" {
+  type = string
+}
diff --git a/terraform/stage/certificates/archiver.tf b/terraform/stage/certificates/archiver.tf
index bbfa113..92efd59 100644
--- a/terraform/stage/certificates/archiver.tf
+++ b/terraform/stage/certificates/archiver.tf
@@ -1,25 +1,25 @@
-
-resource "acme_certificate" "archiver-certificate" {
-  account_key_pem    = acme_registration.registration.account_key_pem
-  common_name        = "archiver.zerotier.bltavares.com"
-  min_days_remaining = 10
-
-  dns_challenge {
-    provider = "cloudflare"
-
-    config = {
-      CLOUDFLARE_EMAIL   = var.cloudflare_email
-      CLOUDFLARE_API_KEY = var.cloudflare_token
-    }
-  }
-}
-
-resource "local_file" "archiver-certificate" {
-  sensitive_content = acme_certificate.archiver-certificate.certificate_pem
-  filename          = "../../../kickstart/files/certificates/archiver.zerotier.bltavares.com.cert"
-}
-
-resource "local_file" "archiver-private-key" {
-  sensitive_content = acme_certificate.archiver-certificate.private_key_pem
-  filename          = "../../../kickstart/files/certificates/archiver.zerotier.bltavares.com.key"
-}
+
+resource "acme_certificate" "archiver-certificate" {
+  account_key_pem    = acme_registration.registration.account_key_pem
+  common_name        = "archiver.zerotier.bltavares.com"
+  min_days_remaining = 10
+
+  dns_challenge {
+    provider = "cloudflare"
+
+    config = {
+      CLOUDFLARE_EMAIL   = var.cloudflare_email
+      CLOUDFLARE_API_KEY = var.cloudflare_token
+    }
+  }
+}
+
+resource "local_file" "archiver-certificate" {
+  sensitive_content = acme_certificate.archiver-certificate.certificate_pem
+  filename          = "../../../kickstart/files/certificates/archiver.zerotier.bltavares.com.cert"
+}
+
+resource "local_file" "archiver-private-key" {
+  sensitive_content = acme_certificate.archiver-certificate.private_key_pem
+  filename          = "../../../kickstart/files/certificates/archiver.zerotier.bltavares.com.key"
+}
diff --git a/terraform/stage/certificates/lab.tf b/terraform/stage/certificates/lab.tf
index 4ece0d8..12e5f7e 100644
--- a/terraform/stage/certificates/lab.tf
+++ b/terraform/stage/certificates/lab.tf
@@ -1,30 +1,30 @@
-resource "acme_certificate" "lab-certificate" {
-  account_key_pem           = acme_registration.registration.account_key_pem
-  common_name               = "*.lab.bltavares.com"
-  subject_alternative_names = ["lab.bltavares.com"]
-  min_days_remaining        = 10
-
-  dns_challenge {
-    provider = "cloudflare"
-
-    config = {
-      CLOUDFLARE_EMAIL   = var.cloudflare_email
-      CLOUDFLARE_API_KEY = var.cloudflare_token
-    }
-  }
-}
-
-resource "local_file" "lab-certificate" {
-  sensitive_content = acme_certificate.lab-certificate.certificate_pem
-  filename          = "../../../kickstart/files/certificates/lab.bltavares.com.cert"
-}
-
-resource "local_file" "lab-private-key" {
-  sensitive_content = acme_certificate.lab-certificate.private_key_pem
-  filename          = "../../../kickstart/files/certificates/lab.bltavares.com.key"
-}
-
-resource "local_file" "lab-fullchain" {
-  sensitive_content = "${acme_certificate.lab-certificate.certificate_pem}${acme_certificate.lab-certificate.issuer_pem}"
-  filename          = "../../../kickstart/files/certificates/lab.bltavares.com.fullchain.cert"
-}
+resource "acme_certificate" "lab-certificate" {
+  account_key_pem           = acme_registration.registration.account_key_pem
+  common_name               = "*.lab.bltavares.com"
+  subject_alternative_names = ["lab.bltavares.com"]
+  min_days_remaining        = 10
+
+  dns_challenge {
+    provider = "cloudflare"
+
+    config = {
+      CLOUDFLARE_EMAIL   = var.cloudflare_email
+      CLOUDFLARE_API_KEY = var.cloudflare_token
+    }
+  }
+}
+
+resource "local_file" "lab-certificate" {
+  sensitive_content = acme_certificate.lab-certificate.certificate_pem
+  filename          = "../../../kickstart/files/certificates/lab.bltavares.com.cert"
+}
+
+resource "local_file" "lab-private-key" {
+  sensitive_content = acme_certificate.lab-certificate.private_key_pem
+  filename          = "../../../kickstart/files/certificates/lab.bltavares.com.key"
+}
+
+resource "local_file" "lab-fullchain" {
+  sensitive_content = "${acme_certificate.lab-certificate.certificate_pem}${acme_certificate.lab-certificate.issuer_pem}"
+  filename          = "../../../kickstart/files/certificates/lab.bltavares.com.fullchain.cert"
+}
diff --git a/terraform/stage/certificates/main.tf b/terraform/stage/certificates/main.tf
index 542a30c..63e720f 100644
--- a/terraform/stage/certificates/main.tf
+++ b/terraform/stage/certificates/main.tf
@@ -1,30 +1,30 @@
-terraform {
-  required_providers {
-    acme = {
-      source = "vancluever/acme"
-      version = "~> 2.4.0"
-    }
-    local = {
-      source  = "hashicorp/local"
-      version = "~> 2.1.0"
-    }
-  }
-
-  backend "remote" {
-    organization = "homelab"
-
-    workspaces {
-      name = "certificates"
-    }
-  }
-}
-
-provider "acme" {
-  #  server_url = "https://acme-staging-v02.api.letsencrypt.org/directory"
-  server_url = "https://acme-v02.api.letsencrypt.org/directory"
-}
-
-resource "acme_registration" "registration" {
-  account_key_pem = file("../../../secrets/acme-registration.key")
-  email_address   = var.acme-user
-}
+terraform {
+  required_providers {
+    acme = {
+      source = "vancluever/acme"
+      version = "~> 2.4.0"
+    }
+    local = {
+      source  = "hashicorp/local"
+      version = "~> 2.1.0"
+    }
+  }
+
+  backend "remote" {
+    organization = "homelab"
+
+    workspaces {
+      name = "certificates"
+    }
+  }
+}
+
+provider "acme" {
+  #  server_url = "https://acme-staging-v02.api.letsencrypt.org/directory"
+  server_url = "https://acme-v02.api.letsencrypt.org/directory"
+}
+
+resource "acme_registration" "registration" {
+  account_key_pem = file("../../../secrets/acme-registration.key")
+  email_address   = var.acme-user
+}
diff --git a/terraform/stage/certificates/terragrunt.hcl b/terraform/stage/certificates/terragrunt.hcl
index f1c1494..c48d621 100644
--- a/terraform/stage/certificates/terragrunt.hcl
+++ b/terraform/stage/certificates/terragrunt.hcl
@@ -1,6 +1,6 @@
-terraform {
-  extra_arguments "default_vars" {
-    commands           = get_terraform_commands_that_need_vars()
-    required_var_files = ["${get_terragrunt_dir()}/../../../secrets/production.tfvars"]
-  }
-}
+terraform {
+  extra_arguments "default_vars" {
+    commands           = get_terraform_commands_that_need_vars()
+    required_var_files = ["${get_terragrunt_dir()}/../../../secrets/production.tfvars"]
+  }
+}
diff --git a/terraform/stage/certificates/variables.tf b/terraform/stage/certificates/variables.tf
index 0deb88c..8b5b63f 100644
--- a/terraform/stage/certificates/variables.tf
+++ b/terraform/stage/certificates/variables.tf
@@ -1,11 +1,11 @@
-variable "acme-user" {
-  type = string
-}
-
-variable "cloudflare_email" {
-  type = string
-}
-
-variable "cloudflare_token" {
-  type = string
-}
+variable "acme-user" {
+  type = string
+}
+
+variable "cloudflare_email" {
+  type = string
+}
+
+variable "cloudflare_token" {
+  type = string
+}
diff --git a/terraform/stage/network-members/archiver/terragrunt.hcl b/terraform/stage/network-members/archiver/terragrunt.hcl
index db4e343..40cf458 100644
--- a/terraform/stage/network-members/archiver/terragrunt.hcl
+++ b/terraform/stage/network-members/archiver/terragrunt.hcl
@@ -1,7 +1,7 @@
-include {
-  path = find_in_parent_folders()
-}
-
-inputs = {
-  name = path_relative_to_include()
-}
+include {
+  path = find_in_parent_folders()
+}
+
+inputs = {
+  name = path_relative_to_include()
+}
diff --git a/terraform/stage/network-members/archiver/web-proxy.tf b/terraform/stage/network-members/archiver/web-proxy.tf
index dd0edf5..1e5dc5b 100644
--- a/terraform/stage/network-members/archiver/web-proxy.tf
+++ b/terraform/stage/network-members/archiver/web-proxy.tf
@@ -1,8 +1,8 @@
-resource "local_file" "lab-config" {
-  filename = "../../../../../kickstart/files/lab-traefik.toml"
-  content = templatefile("templates/lab-traefik.toml.tmpl", {
-    radarr       = element(tolist(module.member.addresses.ipv4_assignments), 0),
-    sonarr       = element(tolist(module.member.addresses.ipv4_assignments), 0),
-    transmission = element(tolist(module.member.addresses.ipv4_assignments), 0),
-  })
-}
+resource "local_file" "lab-config" {
+  filename = "../../../../../kickstart/files/lab-traefik.toml"
+  content = templatefile("templates/lab-traefik.toml.tmpl", {
+    radarr       = element(tolist(module.member.addresses.ipv4_assignments), 0),
+    sonarr       = element(tolist(module.member.addresses.ipv4_assignments), 0),
+    transmission = element(tolist(module.member.addresses.ipv4_assignments), 0),
+  })
+}
diff --git a/terraform/stage/network-members/citadel/terragrunt.hcl b/terraform/stage/network-members/citadel/terragrunt.hcl
index db4e343..40cf458 100644
--- a/terraform/stage/network-members/citadel/terragrunt.hcl
+++ b/terraform/stage/network-members/citadel/terragrunt.hcl
@@ -1,7 +1,7 @@
-include {
-  path = find_in_parent_folders()
-}
-
-inputs = {
-  name = path_relative_to_include()
-}
+include {
+  path = find_in_parent_folders()
+}
+
+inputs = {
+  name = path_relative_to_include()
+}
diff --git a/terraform/stage/network-members/controller/terragrunt.hcl b/terraform/stage/network-members/controller/terragrunt.hcl
index db4e343..40cf458 100644
--- a/terraform/stage/network-members/controller/terragrunt.hcl
+++ b/terraform/stage/network-members/controller/terragrunt.hcl
@@ -1,7 +1,7 @@
-include {
-  path = find_in_parent_folders()
-}
-
-inputs = {
-  name = path_relative_to_include()
-}
+include {
+  path = find_in_parent_folders()
+}
+
+inputs = {
+  name = path_relative_to_include()
+}
diff --git a/terraform/stage/network-members/libreelec/terragrunt.hcl b/terraform/stage/network-members/libreelec/terragrunt.hcl
index db4e343..40cf458 100644
--- a/terraform/stage/network-members/libreelec/terragrunt.hcl
+++ b/terraform/stage/network-members/libreelec/terragrunt.hcl
@@ -1,7 +1,7 @@
-include {
-  path = find_in_parent_folders()
-}
-
-inputs = {
-  name = path_relative_to_include()
-}
+include {
+  path = find_in_parent_folders()
+}
+
+inputs = {
+  name = path_relative_to_include()
+}
diff --git a/terraform/stage/network-members/minecraft/terragrunt.hcl b/terraform/stage/network-members/minecraft/terragrunt.hcl
index db4e343..40cf458 100644
--- a/terraform/stage/network-members/minecraft/terragrunt.hcl
+++ b/terraform/stage/network-members/minecraft/terragrunt.hcl
@@ -1,7 +1,7 @@
-include {
-  path = find_in_parent_folders()
-}
-
-inputs = {
-  name = path_relative_to_include()
-}
+include {
+  path = find_in_parent_folders()
+}
+
+inputs = {
+  name = path_relative_to_include()
+}
diff --git a/terraform/stage/network-members/omv/terragrunt.hcl b/terraform/stage/network-members/omv/terragrunt.hcl
index db4e343..40cf458 100644
--- a/terraform/stage/network-members/omv/terragrunt.hcl
+++ b/terraform/stage/network-members/omv/terragrunt.hcl
@@ -1,7 +1,7 @@
-include {
-  path = find_in_parent_folders()
-}
-
-inputs = {
-  name = path_relative_to_include()
-}
+include {
+  path = find_in_parent_folders()
+}
+
+inputs = {
+  name = path_relative_to_include()
+}
diff --git a/terraform/stage/network-members/p1/terragrunt.hcl b/terraform/stage/network-members/p1/terragrunt.hcl
index db4e343..40cf458 100644
--- a/terraform/stage/network-members/p1/terragrunt.hcl
+++ b/terraform/stage/network-members/p1/terragrunt.hcl
@@ -1,7 +1,7 @@
-include {
-  path = find_in_parent_folders()
-}
-
-inputs = {
-  name = path_relative_to_include()
-}
+include {
+  path = find_in_parent_folders()
+}
+
+inputs = {
+  name = path_relative_to_include()
+}
diff --git a/terraform/stage/network-members/p2/terragrunt.hcl b/terraform/stage/network-members/p2/terragrunt.hcl
index db4e343..40cf458 100644
--- a/terraform/stage/network-members/p2/terragrunt.hcl
+++ b/terraform/stage/network-members/p2/terragrunt.hcl
@@ -1,7 +1,7 @@
-include {
-  path = find_in_parent_folders()
-}
-
-inputs = {
-  name = path_relative_to_include()
-}
+include {
+  path = find_in_parent_folders()
+}
+
+inputs = {
+  name = path_relative_to_include()
+}
diff --git a/terraform/stage/network-members/p3/terragrunt.hcl b/terraform/stage/network-members/p3/terragrunt.hcl
index db4e343..40cf458 100644
--- a/terraform/stage/network-members/p3/terragrunt.hcl
+++ b/terraform/stage/network-members/p3/terragrunt.hcl
@@ -1,7 +1,7 @@
-include {
-  path = find_in_parent_folders()
-}
-
-inputs = {
-  name = path_relative_to_include()
-}
+include {
+  path = find_in_parent_folders()
+}
+
+inputs = {
+  name = path_relative_to_include()
+}
diff --git a/terraform/stage/network-members/p4/terragrunt.hcl b/terraform/stage/network-members/p4/terragrunt.hcl
index db4e343..40cf458 100644
--- a/terraform/stage/network-members/p4/terragrunt.hcl
+++ b/terraform/stage/network-members/p4/terragrunt.hcl
@@ -1,7 +1,7 @@
-include {
-  path = find_in_parent_folders()
-}
-
-inputs = {
-  name = path_relative_to_include()
-}
+include {
+  path = find_in_parent_folders()
+}
+
+inputs = {
+  name = path_relative_to_include()
+}
diff --git a/terraform/stage/network-members/pve-dat/terragrunt.hcl b/terraform/stage/network-members/pve-dat/terragrunt.hcl
index db4e343..40cf458 100644
--- a/terraform/stage/network-members/pve-dat/terragrunt.hcl
+++ b/terraform/stage/network-members/pve-dat/terragrunt.hcl
@@ -1,7 +1,7 @@
-include {
-  path = find_in_parent_folders()
-}
-
-inputs = {
-  name = path_relative_to_include()
-}
+include {
+  path = find_in_parent_folders()
+}
+
+inputs = {
+  name = path_relative_to_include()
+}
diff --git a/terraform/stage/network-members/pve-debian/terragrunt.hcl b/terraform/stage/network-members/pve-debian/terragrunt.hcl
index db4e343..40cf458 100644
--- a/terraform/stage/network-members/pve-debian/terragrunt.hcl
+++ b/terraform/stage/network-members/pve-debian/terragrunt.hcl
@@ -1,7 +1,7 @@
-include {
-  path = find_in_parent_folders()
-}
-
-inputs = {
-  name = path_relative_to_include()
-}
+include {
+  path = find_in_parent_folders()
+}
+
+inputs = {
+  name = path_relative_to_include()
+}
diff --git a/terraform/stage/network-members/pve/terragrunt.hcl b/terraform/stage/network-members/pve/terragrunt.hcl
index db4e343..40cf458 100644
--- a/terraform/stage/network-members/pve/terragrunt.hcl
+++ b/terraform/stage/network-members/pve/terragrunt.hcl
@@ -1,7 +1,7 @@
-include {
-  path = find_in_parent_folders()
-}
-
-inputs = {
-  name = path_relative_to_include()
-}
+include {
+  path = find_in_parent_folders()
+}
+
+inputs = {
+  name = path_relative_to_include()
+}
diff --git a/terraform/stage/network-members/ryzen/terragrunt.hcl b/terraform/stage/network-members/ryzen/terragrunt.hcl
index db4e343..40cf458 100644
--- a/terraform/stage/network-members/ryzen/terragrunt.hcl
+++ b/terraform/stage/network-members/ryzen/terragrunt.hcl
@@ -1,7 +1,7 @@
-include {
-  path = find_in_parent_folders()
-}
-
-inputs = {
-  name = path_relative_to_include()
-}
+include {
+  path = find_in_parent_folders()
+}
+
+inputs = {
+  name = path_relative_to_include()
+}
diff --git a/terraform/stage/network-members/terragrunt.hcl b/terraform/stage/network-members/terragrunt.hcl
index 56c314e..1cec634 100644
--- a/terraform/stage/network-members/terragrunt.hcl
+++ b/terraform/stage/network-members/terragrunt.hcl
@@ -1,41 +1,41 @@
-generate "providers" {
-  path      = "providers.tf"
-  if_exists = "overwrite_terragrunt"
-  contents  = <<EOF
-provider "zerotier" {
-  api_key = var.zerotier_api_key
-}
-
-provider "cloudflare" {
-  email   = var.cloudflare_email
-  api_key = var.cloudflare_token
-}
-EOF
-}
-
-generate "backend" {
-  path      = "backend.tf"
-  if_exists = "overwrite_terragrunt"
-  contents  = <<EOF
-  terraform {
-    backend "remote" {
-      organization = "homelab"
-      workspaces {
-        name = "member-${path_relative_to_include()}"
-      }
-    }
-  }
-EOF
-}
-
-terraform {
-  source = "${get_parent_terragrunt_dir()}/../../terragrunt/network_members"
-
-  extra_arguments "default_vars" {
-    commands           = get_terraform_commands_that_need_vars()
-    required_var_files = ["${get_parent_terragrunt_dir()}/../../../secrets/production.tfvars"]
-  }
-}
-
-download_dir = "${get_parent_terragrunt_dir()}/../../terragrunt/.terragrunt-cache"
-skip         = true
+generate "providers" {
+  path      = "providers.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<EOF
+provider "zerotier" {
+  api_key = var.zerotier_api_key
+}
+
+provider "cloudflare" {
+  email   = var.cloudflare_email
+  api_key = var.cloudflare_token
+}
+EOF
+}
+
+generate "backend" {
+  path      = "backend.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<EOF
+  terraform {
+    backend "remote" {
+      organization = "homelab"
+      workspaces {
+        name = "member-${path_relative_to_include()}"
+      }
+    }
+  }
+EOF
+}
+
+terraform {
+  source = "${get_parent_terragrunt_dir()}/../../terragrunt/network_members"
+
+  extra_arguments "default_vars" {
+    commands           = get_terraform_commands_that_need_vars()
+    required_var_files = ["${get_parent_terragrunt_dir()}/../../../secrets/production.tfvars"]
+  }
+}
+
+download_dir = "${get_parent_terragrunt_dir()}/../../terragrunt/.terragrunt-cache"
+skip         = true
diff --git a/terraform/stage/network-members/tiny/terragrunt.hcl b/terraform/stage/network-members/tiny/terragrunt.hcl
index db4e343..40cf458 100644
--- a/terraform/stage/network-members/tiny/terragrunt.hcl
+++ b/terraform/stage/network-members/tiny/terragrunt.hcl
@@ -1,7 +1,7 @@
-include {
-  path = find_in_parent_folders()
-}
-
-inputs = {
-  name = path_relative_to_include()
-}
+include {
+  path = find_in_parent_folders()
+}
+
+inputs = {
+  name = path_relative_to_include()
+}
diff --git a/terraform/stage/network-members/tiny/web-proxy.tf b/terraform/stage/network-members/tiny/web-proxy.tf
index 613454e..e5e1421 100644
--- a/terraform/stage/network-members/tiny/web-proxy.tf
+++ b/terraform/stage/network-members/tiny/web-proxy.tf
@@ -1,6 +1,6 @@
-module "web-proxy" {
-  source       = "../../../../modules/dns"
-  zone_id      = data.terraform_remote_state.network.outputs.zone_id
-  domain       = "*.lab"
-  zt_addresses = module.member.addresses
-}
+module "web-proxy" {
+  source       = "../../../../modules/dns"
+  zone_id      = data.terraform_remote_state.network.outputs.zone_id
+  domain       = "*.lab"
+  zt_addresses = module.member.addresses
+}
diff --git a/terraform/stage/network-members/vaporware/terragrunt.hcl b/terraform/stage/network-members/vaporware/terragrunt.hcl
index db4e343..40cf458 100644
--- a/terraform/stage/network-members/vaporware/terragrunt.hcl
+++ b/terraform/stage/network-members/vaporware/terragrunt.hcl
@@ -1,7 +1,7 @@
-include {
-  path = find_in_parent_folders()
-}
-
-inputs = {
-  name = path_relative_to_include()
-}
+include {
+  path = find_in_parent_folders()
+}
+
+inputs = {
+  name = path_relative_to_include()
+}
diff --git a/terraform/stage/network/dns.tf b/terraform/stage/network/dns.tf
index 574f58c..bfb5339 100644
--- a/terraform/stage/network/dns.tf
+++ b/terraform/stage/network/dns.tf
@@ -1,17 +1,17 @@
-
-provider "cloudflare" {
-  email   = var.cloudflare_email
-  api_key = var.cloudflare_token
-}
-
-data "cloudflare_zones" "zone_info" {
-  filter {
-    name   = "bltavares.com"
-    status = "active"
-    paused = false
-  }
-}
-
-output "zone_id" {
-  value = lookup(data.cloudflare_zones.zone_info.zones[0], "id")
-}
+
+provider "cloudflare" {
+  email   = var.cloudflare_email
+  api_key = var.cloudflare_token
+}
+
+data "cloudflare_zones" "zone_info" {
+  filter {
+    name   = "bltavares.com"
+    status = "active"
+    paused = false
+  }
+}
+
+output "zone_id" {
+  value = lookup(data.cloudflare_zones.zone_info.zones[0], "id")
+}
diff --git a/terraform/stage/network/main.tf b/terraform/stage/network/main.tf
index e6dc83f..c2bb348 100644
--- a/terraform/stage/network/main.tf
+++ b/terraform/stage/network/main.tf
@@ -1,21 +1,21 @@
-terraform {
-  required_providers {
-    zerotier = {
-      source  = "bltavares/zerotier"
-      version = "~> 0.3.0"
-    }
-    cloudflare = {
-      source  = "cloudflare/cloudflare"
-      version = "~> 2.10.0"
-    }
-  }
-
-  backend "remote" {
-    organization = "homelab"
-
-    workspaces {
-      name = "network"
-    }
-  }
-}
-
+terraform {
+  required_providers {
+    zerotier = {
+      source  = "bltavares/zerotier"
+      version = "~> 0.3.0"
+    }
+    cloudflare = {
+      source  = "cloudflare/cloudflare"
+      version = "~> 2.10.0"
+    }
+  }
+
+  backend "remote" {
+    organization = "homelab"
+
+    workspaces {
+      name = "network"
+    }
+  }
+}
+
diff --git a/terraform/stage/network/terragrunt.hcl b/terraform/stage/network/terragrunt.hcl
index f1c1494..c48d621 100644
--- a/terraform/stage/network/terragrunt.hcl
+++ b/terraform/stage/network/terragrunt.hcl
@@ -1,6 +1,6 @@
-terraform {
-  extra_arguments "default_vars" {
-    commands           = get_terraform_commands_that_need_vars()
-    required_var_files = ["${get_terragrunt_dir()}/../../../secrets/production.tfvars"]
-  }
-}
+terraform {
+  extra_arguments "default_vars" {
+    commands           = get_terraform_commands_that_need_vars()
+    required_var_files = ["${get_terragrunt_dir()}/../../../secrets/production.tfvars"]
+  }
+}
diff --git a/terraform/stage/network/variables.tf b/terraform/stage/network/variables.tf
index 0007be4..11046e0 100644
--- a/terraform/stage/network/variables.tf
+++ b/terraform/stage/network/variables.tf
@@ -1,19 +1,19 @@
-variable "zerotier_api_key" {
-  type = string
-}
-
-variable "zerotier_network" {
-  type = map(object({
-    first  = string,
-    last   = string,
-    target = string,
-  }))
-}
-
-variable "cloudflare_email" {
-  type = string
-}
-
-variable "cloudflare_token" {
-  type = string
-}
+variable "zerotier_api_key" {
+  type = string
+}
+
+variable "zerotier_network" {
+  type = map(object({
+    first  = string,
+    last   = string,
+    target = string,
+  }))
+}
+
+variable "cloudflare_email" {
+  type = string
+}
+
+variable "cloudflare_token" {
+  type = string
+}
diff --git a/terraform/stage/network/zt_network.tf b/terraform/stage/network/zt_network.tf
index ab647ef..e9f647a 100644
--- a/terraform/stage/network/zt_network.tf
+++ b/terraform/stage/network/zt_network.tf
@@ -1,32 +1,32 @@
-
-provider "zerotier" {
-  api_key = var.zerotier_api_key
-}
-
-resource "zerotier_network" "homelab" {
-  name         = "zerotier.bltavares.com"
-  rules_source = file("../../../secrets/zerotier.config")
-
-  auto_assign_v4     = true
-  auto_assign_6plane = true
-  auto_assign_v6     = true
-
-  dynamic "assignment_pool" {
-    for_each = var.zerotier_network
-    content {
-      first = assignment_pool.value.first
-      last  = assignment_pool.value.last
-    }
-  }
-
-  dynamic "route" {
-    for_each = var.zerotier_network
-    content {
-      target = route.value.target
-    }
-  }
-}
-
-output "id" {
-  value = zerotier_network.homelab.id
-}
+
+provider "zerotier" {
+  api_key = var.zerotier_api_key
+}
+
+resource "zerotier_network" "homelab" {
+  name         = "zerotier.bltavares.com"
+  rules_source = file("../../../secrets/zerotier.config")
+
+  auto_assign_v4     = true
+  auto_assign_6plane = true
+  auto_assign_v6     = true
+
+  dynamic "assignment_pool" {
+    for_each = var.zerotier_network
+    content {
+      first = assignment_pool.value.first
+      last  = assignment_pool.value.last
+    }
+  }
+
+  dynamic "route" {
+    for_each = var.zerotier_network
+    content {
+      target = route.value.target
+    }
+  }
+}
+
+output "id" {
+  value = zerotier_network.homelab.id
+}
diff --git a/terraform/stage/oracle/instances/citadel/backend.tf b/terraform/stage/oracle/instances/citadel/backend.tf
index 459af94..f94c909 100644
--- a/terraform/stage/oracle/instances/citadel/backend.tf
+++ b/terraform/stage/oracle/instances/citadel/backend.tf
@@ -1,9 +1,9 @@
 # Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa
-  terraform {
-    backend "remote" {
-      organization = "homelab"
-      workspaces {
-        name = "instance-oracle-citadel"
-      }
-    }
-  }
+  terraform {
+    backend "remote" {
+      organization = "homelab"
+      workspaces {
+        name = "instance-oracle-citadel"
+      }
+    }
+  }
diff --git a/terraform/stage/oracle/instances/citadel/providers.tf b/terraform/stage/oracle/instances/citadel/providers.tf
index 48b0d16..8df80e8 100644
--- a/terraform/stage/oracle/instances/citadel/providers.tf
+++ b/terraform/stage/oracle/instances/citadel/providers.tf
@@ -1,37 +1,37 @@
 # Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa
-terraform {
-  required_providers {
-    oci = {
-      source  = "oracle/oci"
-      version = "4.110.0"
-    }
-    cloudflare = {
-      source  = "cloudflare/cloudflare"
-      version = "~> 2.10.0"
-    }
-  }
-}
-
-provider "oci" {
-  tenancy_ocid     = var.oci_profile.tenancy
-  user_ocid        = var.oci_profile.user
-  private_key_path = var.oci_profile.key_file
-  fingerprint      = var.oci_profile.fingerprint
-  region           = var.oci_profile.region
-}
-
-variable "oci_profile" {
-  type = object({
-    tenancy     = string
-    user        = string
-    key_file    = string
-    fingerprint = string
-    region      = string
-    compartment = string
-  })
-}
-
-provider "cloudflare" {
-  email   = var.cloudflare_email
-  api_key = var.cloudflare_token
-}
+terraform {
+  required_providers {
+    oci = {
+      source  = "oracle/oci"
+      version = "4.110.0"
+    }
+    cloudflare = {
+      source  = "cloudflare/cloudflare"
+      version = "~> 2.10.0"
+    }
+  }
+}
+
+provider "oci" {
+  tenancy_ocid     = var.oci_profile.tenancy
+  user_ocid        = var.oci_profile.user
+  private_key_path = var.oci_profile.key_file
+  fingerprint      = var.oci_profile.fingerprint
+  region           = var.oci_profile.region
+}
+
+variable "oci_profile" {
+  type = object({
+    tenancy     = string
+    user        = string
+    key_file    = string
+    fingerprint = string
+    region      = string
+    compartment = string
+  })
+}
+
+provider "cloudflare" {
+  email   = var.cloudflare_email
+  api_key = var.cloudflare_token
+}
diff --git a/terraform/stage/oracle/instances/citadel/terragrunt.hcl b/terraform/stage/oracle/instances/citadel/terragrunt.hcl
index db4e343..40cf458 100644
--- a/terraform/stage/oracle/instances/citadel/terragrunt.hcl
+++ b/terraform/stage/oracle/instances/citadel/terragrunt.hcl
@@ -1,7 +1,7 @@
-include {
-  path = find_in_parent_folders()
-}
-
-inputs = {
-  name = path_relative_to_include()
-}
+include {
+  path = find_in_parent_folders()
+}
+
+inputs = {
+  name = path_relative_to_include()
+}
diff --git a/terraform/stage/oracle/instances/terragrunt.hcl b/terraform/stage/oracle/instances/terragrunt.hcl
index de7c1a6..dfcdd67 100644
--- a/terraform/stage/oracle/instances/terragrunt.hcl
+++ b/terraform/stage/oracle/instances/terragrunt.hcl
@@ -1,73 +1,73 @@
-generate "providers" {
-  path      = "providers.tf"
-  if_exists = "overwrite_terragrunt"
-  contents  = <<EOF
-terraform {
-  required_providers {
-    oci = {
-      source  = "oracle/oci"
-      version = "4.110.0"
-    }
-    cloudflare = {
-      source  = "cloudflare/cloudflare"
-      version = "~> 2.10.0"
-    }
-  }
-}
-
-provider "oci" {
-  tenancy_ocid     = var.oci_profile.tenancy
-  user_ocid        = var.oci_profile.user
-  private_key_path = var.oci_profile.key_file
-  fingerprint      = var.oci_profile.fingerprint
-  region           = var.oci_profile.region
-}
-
-variable "oci_profile" {
-  type = object({
-    tenancy     = string
-    user        = string
-    key_file    = string
-    fingerprint = string
-    region      = string
-    compartment = string
-  })
-}
-
-provider "cloudflare" {
-  email   = var.cloudflare_email
-  api_key = var.cloudflare_token
-}
-EOF
-}
-
-generate "backend" {
-  path      = "backend.tf"
-  if_exists = "overwrite_terragrunt"
-  contents  = <<EOF
-  terraform {
-    backend "remote" {
-      organization = "homelab"
-      workspaces {
-        name = "instance-oracle-${path_relative_to_include()}"
-      }
-    }
-  }
-EOF
-}
-
-generate "images" {
-  path = "images.tf"
-  if_exists = "overwrite_terragrunt"
-
-}
-
-terraform {
-  extra_arguments "default_vars" {
-    commands           = get_terraform_commands_that_need_vars()
-    required_var_files = ["${get_terragrunt_dir()}/../../../../secrets/production.tfvars"]
-  }
-}
-
-download_dir = "${get_parent_terragrunt_dir()}/../../../terragrunt/.terragrunt-cache"
-skip         = true
+generate "providers" {
+  path      = "providers.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<EOF
+terraform {
+  required_providers {
+    oci = {
+      source  = "oracle/oci"
+      version = "4.110.0"
+    }
+    cloudflare = {
+      source  = "cloudflare/cloudflare"
+      version = "~> 2.10.0"
+    }
+  }
+}
+
+provider "oci" {
+  tenancy_ocid     = var.oci_profile.tenancy
+  user_ocid        = var.oci_profile.user
+  private_key_path = var.oci_profile.key_file
+  fingerprint      = var.oci_profile.fingerprint
+  region           = var.oci_profile.region
+}
+
+variable "oci_profile" {
+  type = object({
+    tenancy     = string
+    user        = string
+    key_file    = string
+    fingerprint = string
+    region      = string
+    compartment = string
+  })
+}
+
+provider "cloudflare" {
+  email   = var.cloudflare_email
+  api_key = var.cloudflare_token
+}
+EOF
+}
+
+generate "backend" {
+  path      = "backend.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<EOF
+  terraform {
+    backend "remote" {
+      organization = "homelab"
+      workspaces {
+        name = "instance-oracle-${path_relative_to_include()}"
+      }
+    }
+  }
+EOF
+}
+
+generate "images" {
+  path = "images.tf"
+  if_exists = "overwrite_terragrunt"
+
+}
+
+terraform {
+  extra_arguments "default_vars" {
+    commands           = get_terraform_commands_that_need_vars()
+    required_var_files = ["${get_terragrunt_dir()}/../../../../secrets/production.tfvars"]
+  }
+}
+
+download_dir = "${get_parent_terragrunt_dir()}/../../../terragrunt/.terragrunt-cache"
+skip         = true
diff --git a/terraform/stage/oracle/network/terragrunt.hcl b/terraform/stage/oracle/network/terragrunt.hcl
index 61f7012..9bd43cc 100644
--- a/terraform/stage/oracle/network/terragrunt.hcl
+++ b/terraform/stage/oracle/network/terragrunt.hcl
@@ -1,6 +1,6 @@
-terraform {
-  extra_arguments "default_vars" {
-    commands           = get_terraform_commands_that_need_vars()
-    required_var_files = ["${get_terragrunt_dir()}/../../../../secrets/production.tfvars"]
-  }
-}
+terraform {
+  extra_arguments "default_vars" {
+    commands           = get_terraform_commands_that_need_vars()
+    required_var_files = ["${get_terragrunt_dir()}/../../../../secrets/production.tfvars"]
+  }
+}
diff --git a/terraform/terragrunt/network_members/main.tf b/terraform/terragrunt/network_members/main.tf
index 66ead3d..ff36efc 100644
--- a/terraform/terragrunt/network_members/main.tf
+++ b/terraform/terragrunt/network_members/main.tf
@@ -1,26 +1,26 @@
-terraform {
-  required_providers {
-    zerotier = {
-      source  = "bltavares/zerotier"
-      version = "~> 0.3.0"
-    }
-    cloudflare = {
-      source  = "cloudflare/cloudflare"
-      version = "~> 2.10.0"
-    }
-    local = {
-      source  = "hashicorp/local"
-      version = "~> 1.4.0"
-    }
-  }
-}
-
-data "terraform_remote_state" "network" {
-  backend = "remote"
-  config = {
-    organization = "homelab"
-    workspaces = {
-      name = "network"
-    }
-  }
-}
+terraform {
+  required_providers {
+    zerotier = {
+      source  = "bltavares/zerotier"
+      version = "~> 0.3.0"
+    }
+    cloudflare = {
+      source  = "cloudflare/cloudflare"
+      version = "~> 2.10.0"
+    }
+    local = {
+      source  = "hashicorp/local"
+      version = "~> 1.4.0"
+    }
+  }
+}
+
+data "terraform_remote_state" "network" {
+  backend = "remote"
+  config = {
+    organization = "homelab"
+    workspaces = {
+      name = "network"
+    }
+  }
+}
diff --git a/terraform/terragrunt/network_members/member.tf b/terraform/terragrunt/network_members/member.tf
index 6086616..e10c2ea 100644
--- a/terraform/terragrunt/network_members/member.tf
+++ b/terraform/terragrunt/network_members/member.tf
@@ -1,7 +1,7 @@
-module "member" {
-  source = "../../../../modules/network_member"
-
-  zerotier_member     = merge(var.zerotier_members[var.name], { name = var.name })
-  zerotier_network_id = data.terraform_remote_state.network.outputs.id
-  zone_id             = data.terraform_remote_state.network.outputs.zone_id
-}
+module "member" {
+  source = "../../../../modules/network_member"
+
+  zerotier_member     = merge(var.zerotier_members[var.name], { name = var.name })
+  zerotier_network_id = data.terraform_remote_state.network.outputs.id
+  zone_id             = data.terraform_remote_state.network.outputs.zone_id
+}
diff --git a/terraform/terragrunt/network_members/variables.tf b/terraform/terragrunt/network_members/variables.tf
index 892e22b..18398ec 100644
--- a/terraform/terragrunt/network_members/variables.tf
+++ b/terraform/terragrunt/network_members/variables.tf
@@ -1,22 +1,22 @@
-variable "cloudflare_email" {
-  type = string
-}
-
-variable "cloudflare_token" {
-  type = string
-}
-
-variable "zerotier_api_key" {
-  type = string
-}
-
-variable "zerotier_members" {
-  type = map(object({
-    node_id        = string,
-    assignment_ips = list(string)
-  }))
-}
-
-variable "name" {
-  type = string
-}
+variable "cloudflare_email" {
+  type = string
+}
+
+variable "cloudflare_token" {
+  type = string
+}
+
+variable "zerotier_api_key" {
+  type = string
+}
+
+variable "zerotier_members" {
+  type = map(object({
+    node_id        = string,
+    assignment_ips = list(string)
+  }))
+}
+
+variable "name" {
+  type = string
+}