diff --git a/.gitignore b/.gitignore index 147f742..eabeb01 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ **/*secret* +gym-tracker/ diff --git a/README.md b/README.md new file mode 100644 index 0000000..e69de29 diff --git a/gitea/gitea.yaml b/gitea/gitea.yaml new file mode 100644 index 0000000..6a205e1 --- /dev/null +++ b/gitea/gitea.yaml @@ -0,0 +1,176 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: gitea + +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: gitea-data + namespace: gitea +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gitea + namespace: gitea + labels: + app: gitea +spec: + replicas: 1 + selector: + matchLabels: + app: gitea + template: + metadata: + labels: + app: gitea + spec: + nodeSelector: + kubernetes.io/arch: arm64 + containers: + - name: gitea + image: gitea/gitea:1.24.6 + env: + - name: USER_UID + value: "1000" + - name: USER_GID + value: "1000" + ports: + - containerPort: 3000 + name: http + protocol: TCP + - containerPort: 22 + name: ssh + protocol: TCP + volumeMounts: + - name: gitea-data + mountPath: /data + - name: timezone + mountPath: /etc/timezone + readOnly: true + - name: localtime + mountPath: /etc/localtime + readOnly: true + volumes: + - name: gitea-data + persistentVolumeClaim: + claimName: gitea-data + - name: timezone + hostPath: + path: /etc/timezone + type: File + - name: localtime + hostPath: + path: /etc/localtime + type: File +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: gitea-runner-data + namespace: gitea +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: gitea-runner-config + namespace: gitea +data: + GITEA_INSTANCE_URL: "http://gitea.rogi.casa" +--- +apiVersion: v1 +kind: Secret +metadata: + name: gitea-runner-secret + namespace: gitea +type: Opaque +stringData: + GITEA_RUNNER_REGISTRATION_TOKEN: "BqkIGoAiwSYUFm2CPXlvvKAdSw5fl6ayCAb60zsM" +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gitea-runner + namespace: gitea + labels: + app: gitea-runner +spec: + replicas: 1 + selector: + matchLabels: + app: gitea-runner + template: + metadata: + labels: + app: gitea-runner + spec: + nodeSelector: + kubernetes.io/arch: arm64 + containers: + - name: gitea-runner + image: vegardit/gitea-act-runner:0.1.6 + env: + - name: GITEA_INSTANCE_URL + valueFrom: + configMapKeyRef: + name: gitea-runner-config + key: GITEA_INSTANCE_URL + - name: GITEA_RUNNER_REGISTRATION_TOKEN + valueFrom: + secretKeyRef: + name: gitea-runner-secret + key: GITEA_RUNNER_REGISTRATION_TOKEN + - name: GITEA_RUNNER_UID + value: "1000" + - name: GITEA_RUNNER_GID + value: "100" + volumeMounts: + - name: docker-socket + mountPath: /var/run/docker.sock + - name: runner-data + mountPath: /data + volumes: + - name: docker-socket + hostPath: + path: /var/run/docker.sock + type: Socket + - name: runner-data + persistentVolumeClaim: + claimName: gitea-runner-data +--- +apiVersion: v1 +kind: Service +metadata: + name: gitea + namespace: gitea + labels: + app: gitea +spec: + type: ClusterIP + ports: + - name: http + port: 80 + targetPort: 3000 + protocol: TCP + - name: ssh + port: 22 + targetPort: 22 + protocol: TCP + selector: + app: gitea diff --git a/gym-tracker b/gym-tracker new file mode 160000 index 0000000..5e237b6 --- /dev/null +++ b/gym-tracker @@ -0,0 +1 @@ +Subproject commit 5e237b617404c0c5fdbf410e7b2b184c0eafe354 diff --git a/homeassistant/homeassistant.txt b/homeassistant/homeassistant.txt new file mode 100644 index 0000000..b075c1f --- /dev/null +++ b/homeassistant/homeassistant.txt @@ -0,0 +1,146 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: home-assistant +--- +apiVersion: v1 +kind: Service +metadata: + namespace: home-assistant + name: home-assistant +spec: + selector: + app: home-assistant + type: ClusterIP + ports: + - name: http + protocol: TCP + port: 80 + targetPort: 8123 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: home-assistant + name: home-assistant + labels: + app: home-assistant +spec: + replicas: 1 + selector: + matchLabels: + app: home-assistant + template: + metadata: + labels: + app: home-assistant + spec: + containers: + - name: bluez + image: ghcr.io/mysticrenji/bluez-service:v1.0.0 + securityContext: + privileged: true + - name: home-assistant + image: ghcr.io/mysticrenji/homeassistant-arm64:2023.3.0 + resources: + requests: + memory: "256Mi" + limits: + memory: "512Mi" + ports: + - containerPort: 8123 + volumeMounts: + - mountPath: /config + name: config + - mountPath: /config/configuration.yaml + subPath: configuration.yaml + name: configmap-file + - mountPath: /config/automations.yaml + subPath: automations.yaml + name: configmap-file + - mountPath: /media + name: media-volume + # - mountPath: /run/dbus + # name: d-bus + # readOnly: true + - mountPath: /dev/ttyUSB1 + name: zigbee + #- mountPath: /dev/video0 + # name: cam + securityContext: + privileged: true + capabilities: + add: + - NET_ADMIN + - NET_RAW + - SYS_ADMIN + hostNetwork: true + volumes: + - name: config + persistentVolumeClaim: + claimName: home-assistant-pvc + - name: media-volume + hostPath: + path: /tmp/media + - name: configmap-file + configMap: + name: home-assistant-configmap + # hostPath: + # path: /tmp/home-assistant + # type: DirectoryOrCreate + # - name: d-bus + # hostPath: + # path: /run/dbus + - name: zigbee + hostPath: + path: /dev/ttyACM0 + #- name: cam + # hostPath: + # path: /dev/video0 +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: home-assistant-configmap + namespace: home-assistant +data: + known_devices.yaml: | + automations.yaml: | + configuration.yaml: |- + default_config: + frontend: + themes: !include_dir_merge_named themes + automation: !include automations.yaml + http: + use_x_forwarded_for: true + trusted_proxies: + - 10.10.0.0/16 +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: home-assistant-pvc + labels: + app: home-assistant + namespace: home-assistant +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 9Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: zwavejs2mqtt-pvc + labels: + app: zwavejs2mqtt + namespace: home-assistant +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 500Mi diff --git a/homeassistant/homeassistant.yaml b/homeassistant/homeassistant.yaml new file mode 100644 index 0000000..3dd6ab1 --- /dev/null +++ b/homeassistant/homeassistant.yaml @@ -0,0 +1,75 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: home-assistant +--- +apiVersion: v1 +kind: Service +metadata: + namespace: home-assistant + name: home-assistant +spec: + selector: + app: home-assistant + type: ClusterIP + ports: + - name: http + protocol: TCP + port: 80 + targetPort: 8123 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: home-assistant + name: home-assistant + labels: + app: home-assistant +spec: + replicas: 1 + selector: + matchLabels: + app: home-assistant + template: + metadata: + labels: + app: home-assistant + spec: + containers: + - name: home-assistant + image: ghcr.io/home-assistant/home-assistant:stable + resources: + requests: + memory: "256Mi" + limits: + memory: "512Mi" + ports: + - containerPort: 8123 + volumeMounts: + securityContext: + privileged: true + capabilities: + add: + - NET_ADMIN + - NET_RAW + - SYS_ADMIN + hostNetwork: true + volumes: + - name: config + persistentVolumeClaim: + claimName: home-assistant-pvc +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: home-assistant-pvc + labels: + app: home-assistant + namespace: home-assistant +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 9Gi diff --git a/ingress.yaml b/ingress.yaml index 3e34b11..0828f9a 100644 --- a/ingress.yaml +++ b/ingress.yaml @@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: rogicasa-ingress - namespace: default # Change to your preferred namespace + namespace: default annotations: # Use Traefik as the ingress controller (default in k3s) kubernetes.io/ingress.class: "traefik" @@ -69,4 +69,193 @@ spec: port: number: 80 path: / - + - host: phoenix.rogi.casa + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: phoenix-service + port: + number: 80 + - host: gym.rogi.casa + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: gym-tracker + port: + number: 80 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: gitea-ingress + namespace: gitea + annotations: + # Use Traefik as the ingress controller (default in k3s) + kubernetes.io/ingress.class: "traefik" + # Enable SSL redirect + traefik.ingress.kubernetes.io/redirect-entry-point: https + # Optional: enable compression + traefik.ingress.kubernetes.io/compress: "true" + cert-manager.io/issuer: prod-issuer + cert-manager.io/issuer-kind: OriginIssuer + cert-manager.io/issuer-group: cert-manager.k8s.cloudflare.com +spec: + tls: + - hosts: + - "*.rogi.casa" + secretName: rogicasa-tls + rules: + - host: gitea.rogi.casa + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: gitea + port: + number: 80 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: monitoring-ingress + namespace: monitoring + annotations: + # Use Traefik as the ingress controller (default in k3s) + kubernetes.io/ingress.class: "traefik" + # Enable SSL redirect + traefik.ingress.kubernetes.io/redirect-entry-point: https + # Optional: enable compression + traefik.ingress.kubernetes.io/compress: "true" + cert-manager.io/issuer: prod-issuer + cert-manager.io/issuer-kind: OriginIssuer + cert-manager.io/issuer-group: cert-manager.k8s.cloudflare.com +spec: + tls: + - hosts: + - "*.rogi.casa" + secretName: rogicasa-tls + rules: + - host: grafana.rogi.casa + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: grafana + port: + number: 80 + - host: prometheus.rogi.casa + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: prometheus-k8s + port: + number: 80 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: vaultwarden-ingress + namespace: vaultwarden + annotations: + # Use Traefik as the ingress controller (default in k3s) + kubernetes.io/ingress.class: "traefik" + # Enable SSL redirect + traefik.ingress.kubernetes.io/redirect-entry-point: https + # Optional: enable compression + traefik.ingress.kubernetes.io/compress: "true" + cert-manager.io/issuer: prod-issuer + cert-manager.io/issuer-kind: OriginIssuer + cert-manager.io/issuer-group: cert-manager.k8s.cloudflare.com +spec: + tls: + - hosts: + - "*.rogi.casa" + secretName: rogicasa-tls + rules: + - host: vaultwarden.rogi.casa + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: vaultwarden + port: + number: 80 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: homeassistant-ingress + namespace: home-assistant + annotations: + # Use Traefik as the ingress controller (default in k3s) + kubernetes.io/ingress.class: "traefik" + # Enable SSL redirect + traefik.ingress.kubernetes.io/redirect-entry-point: https + # Optional: enable compression + traefik.ingress.kubernetes.io/compress: "true" + cert-manager.io/issuer: prod-issuer + cert-manager.io/issuer-kind: OriginIssuer + cert-manager.io/issuer-group: cert-manager.k8s.cloudflare.com +spec: + tls: + - hosts: + - "*.rogi.casa" + secretName: rogicasa-tls + rules: + - host: homeassistant.rogi.casa + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: home-assistant + port: + number: 80 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: minecraft-ingress + namespace: minecraft + annotations: + # Use Traefik as the ingress controller (default in k3s) + kubernetes.io/ingress.class: "traefik" + # Enable SSL redirect + traefik.ingress.kubernetes.io/redirect-entry-point: https + # Optional: enable compression + traefik.ingress.kubernetes.io/compress: "true" + cert-manager.io/issuer: prod-issuer + cert-manager.io/issuer-kind: OriginIssuer + cert-manager.io/issuer-group: cert-manager.k8s.cloudflare.com +spec: + tls: + - hosts: + - "*.rogi.casa" + secretName: rogicasa-tls + rules: + - host: minecraft.rogi.casa + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: minecraft-server + port: + number: 25565 diff --git a/jellyfin-kubernetes b/jellyfin-kubernetes new file mode 160000 index 0000000..8ed3bfe --- /dev/null +++ b/jellyfin-kubernetes @@ -0,0 +1 @@ +Subproject commit 8ed3bfe2512c0c2b0d678c51cfcfda77bd038b1f diff --git a/kube-prometheus b/kube-prometheus new file mode 160000 index 0000000..2fe94c3 --- /dev/null +++ b/kube-prometheus @@ -0,0 +1 @@ +Subproject commit 2fe94c33794784a33b4bbe4fc074e057773b169a diff --git a/litellm/litellm.yaml b/litellm/litellm.yaml index 49a65fb..0bbc3d0 100644 --- a/litellm/litellm.yaml +++ b/litellm/litellm.yaml @@ -13,6 +13,10 @@ data: litellm_params: model: ollama/qwen3:32b api_base: "http://10.88.88.236:11434" + - model_name: gemma3:27b + litellm_params: + model: ollama/gemma3:27b + api_base: "http://10.88.88.236:11434" --- apiVersion: apps/v1 kind: Deployment diff --git a/minecraft-server/minecraft-server.yaml b/minecraft-server/minecraft-server.yaml new file mode 100644 index 0000000..32c47be --- /dev/null +++ b/minecraft-server/minecraft-server.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: minecraft +--- +apiVersion: v1 +kind: Service +metadata: + name: minecraft-server + namespace: minecraft + labels: + app: minecraft-server +spec: + type: LoadBalancer + ports: + - name: minecraft + port: 25565 + selector: + app: minecraft-server diff --git a/minecraft-server/pvc.yaml b/minecraft-server/pvc.yaml new file mode 100644 index 0000000..198c1b6 --- /dev/null +++ b/minecraft-server/pvc.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: minecraft-data + namespace: minecraft +spec: + #storageClassName: longhorn + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi + diff --git a/minecraft-server/ss.yaml b/minecraft-server/ss.yaml new file mode 100644 index 0000000..e1875f3 --- /dev/null +++ b/minecraft-server/ss.yaml @@ -0,0 +1,75 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: minecraft-server + namespace: minecraft +spec: + selector: + matchLabels: + app: minecraft-server + template: + metadata: + labels: + app: minecraft-server + spec: + containers: + - name: minecraft-server + image: itzg/minecraft-server:latest # Or specific version if needed + env: + - name: EULA + value: "TRUE" + - name: MODE + value: "survival" + - name: TYPE + value: "CURSEFORGE" + - name: INIT_MEMORY + value: 1G + - name: MAX_MEMORY + value: 4G + - name: CF_SERVER_MOD + value: "/modpacks/your-modpack.zip" + - name: ALLOW_FLIGHT + value: "TRUE" + - name: USE_AIKAR_FLAGS + value: "TRUE" + - name: RCON_PASSWORD + value: "rcon-password" + ports: + - name: minecraft + containerPort: 25565 # Expose port 25565 + - name: minecraft-rcon + containerPort: 25575 + - name: metrics + containerPort: 19565 + resources: + requests: + cpu: 1 #4 # Adjust based on expected workload + memory: "1Gi" #"12Gi" # Adjust based on expected workload + limits: + cpu: 2 #8 # Adjust based on expected workload + memory: "4Gi" #"16Gi" # Adjust based on expected workload + readinessProbe: + exec: + command: + - mcstatus + - 127.0.0.1 + - ping + initialDelaySeconds: 30 + periodSeconds: 30 + livenessProbe: + exec: + command: + - mcstatus + - 127.0.0.1 + - ping + initialDelaySeconds: 30 + periodSeconds: 30 + volumeMounts: + - name: minecraft-data + mountPath: /data + volumes: + - name: minecraft-data + persistentVolumeClaim: + claimName: minecraft-data + diff --git a/n8n-hosting b/n8n-hosting new file mode 160000 index 0000000..3e6a954 --- /dev/null +++ b/n8n-hosting @@ -0,0 +1 @@ +Subproject commit 3e6a954f2858f91d87a7603444b1863d3e49604e diff --git a/phoenix b/phoenix new file mode 160000 index 0000000..5f2e821 --- /dev/null +++ b/phoenix @@ -0,0 +1 @@ +Subproject commit 5f2e821a83b0ce55033da75452e06f8298e26a1e diff --git a/pihole/pihole.yaml b/pihole/pihole.yaml index 4a8089a..7d1cebc 100644 --- a/pihole/pihole.yaml +++ b/pihole/pihole.yaml @@ -27,6 +27,11 @@ spec: labels: app: pihole spec: + dnsPolicy: "None" + dnsConfig: + nameservers: + - 8.8.8.8 + - 8.8.4.4 containers: - name: pihole image: pihole/pihole:latest @@ -46,14 +51,6 @@ spec: #value: "" #- name: FTLCONF_webserver_api_password #value: '' - - name: FTLCONF_REPLY_ADDR4 - value: pihole - - name: FTLCONF_dns_upstreams - value: "8.8.8.8;8.8.4.4" - #- name: PIHOLE_DNS_ - #value: 127.0.0.1#5054 - #- name: PIHOLE_DNS_ - #value: "8.8.8.8;8.8.4.4" #- name: DNSMASQ_LISTENING #value: "all" - name: FTLCONF_dns_listeningMode diff --git a/qbittorrent/qbittorrent.yaml b/qbittorrent/qbittorrent.yaml new file mode 100644 index 0000000..6b8ae8c --- /dev/null +++ b/qbittorrent/qbittorrent.yaml @@ -0,0 +1,97 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: qbittorrent + labels: + app: qbittorrent +spec: + replicas: 1 + selector: + matchLabels: + app: qbittorrent + template: + metadata: + labels: + app: qbittorrent + spec: + containers: + - name: qbittorrent + image: lscr.io/linuxserver/qbittorrent:latest + ports: + - containerPort: 6880 # Web UI + - containerPort: 6881 # Torrenting (TCP) + env: + - name: PUID + value: "1000" + - name: PGID + value: "1000" + - name: TZ + value: "Etc/UTC" + - name: WEBUI_PORT + value: "6880" + - name: TORRENTING_PORT + value: "6881" + volumeMounts: + - name: config + mountPath: /config + - name: downloads + mountPath: /downloads + volumes: + - name: config + persistentVolumeClaim: + claimName: qbittorrent-config + - name: downloads + persistentVolumeClaim: + claimName: qbittorrent-downloads +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: qbittorrent-config + labels: + app: qbittorrent +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: standard +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: qbittorrent-downloads + labels: + app: qbittorrent +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + storageClassName: standard +--- +apiVersion: v1 +kind: Service +metadata: + name: qbittorrent + labels: + app: qbittorrent +spec: + type: NodePort + ports: + - port: 6880 + targetPort: 6880 + protocol: TCP + name: webui + - port: 6881 + targetPort: 6881 + protocol: TCP + name: torrenting-tcp + - port: 6881 + targetPort: 6881 + protocol: UDP + name: torrenting-udp + selector: + app: qbittorrent diff --git a/vaultwarden/vaultwarden.yaml b/vaultwarden/vaultwarden.yaml new file mode 100644 index 0000000..903a817 --- /dev/null +++ b/vaultwarden/vaultwarden.yaml @@ -0,0 +1,113 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + pod-security.kubernetes.io/warn: privileged + pod-security.kubernetes.io/warn-version: latest + name: vaultwarden +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: vaultwarden + namespace: vaultwarden + labels: + app.kubernetes.io/name: vaultwarden + app.kubernetes.io/instance: vaultwarden +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: vaultwarden + app.kubernetes.io/instance: vaultwarden + template: + metadata: + name: vaultwarden + labels: + app.kubernetes.io/name: vaultwarden + app.kubernetes.io/instance: vaultwarden + spec: + volumes: + - name: vaultwarden-pv-storage + persistentVolumeClaim: + claimName: vaultwarden-pv-claim + containers: + - name: vaultwarden + image: vaultwarden/server:latest + env: + - name: ADMIN_TOKEN + valueFrom: + secretKeyRef: + name: vaultwarden-admin + key: admin-token + - name: WEBSOCKET_ENABLED + value: "true" + securityContext: + privileged: false + volumeMounts: + - mountPath: "/data" + name: vaultwarden-pv-storage + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 50m + memory: 64Mi + livenessProbe: + httpGet: + path: /index.html + port: 80 + scheme: HTTP + initialDelaySeconds: 60 + timeoutSeconds: 5 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 6 +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: vaultwarden-pv-claim + namespace: vaultwarden + labels: + app.kubernetes.io/name: vaultwarden + app.kubernetes.io/instance: vaultwarden +spec: +# storageClassName: nfs-client # Needs to be specified if no default class is set + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi +--- +apiVersion: v1 +kind: Service +metadata: + name: vaultwarden + namespace: vaultwarden + labels: + app.kubernetes.io/name: vaultwarden + app.kubernetes.io/instance: vaultwarden +spec: + selector: + app.kubernetes.io/name: vaultwarden + app.kubernetes.io/instance: vaultwarden + ports: + - name: http + protocol: TCP + port: 80 + targetPort: 80 + type: ClusterIP +--- +apiVersion: v1 +kind: Secret +metadata: + name: vaultwarden-admin + namespace: vaultwarden + labels: + app.kubernetes.io/name: vaultwarden + app.kubernetes.io/instance: vaultwarden +type: Opaque +stringData: + admin-token: 8v6cw+7E7nCUyc1ajyri1Bb2oL3rVK5aQv0CLv9HOBUKcAChU93GPhHuUTHnsZ9w