update

remove argo
updates
2026-02-08 01:36:28 +01:00 · 2025-09-05 14:43:24 +02:00 · 2025-09-05 13:51:33 +02:00 · 2025-09-05 11:22:58 +02:00 · 2025-09-05 08:56:04 +02:00 · 2025-09-05 07:04:15 +02:00
43 changed files with 1921 additions and 51 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -36,3 +36,4 @@ report.[0-9]_.[0-9]_.[0-9]_.[0-9]_.json
 /data/
 /cloudflare.yaml
 /secret.*.yaml
--- a/TODO.md
+++ b/TODO.md
@@ -0,0 +1,3 @@
 TODO:
 * Set location provisioner path permissions
 * Limit postgres connections in reconciler
--- a/charts/apps/charts/coder/Chart.yaml
+++ b/charts/apps/charts/coder/Chart.yaml
@@ -0,0 +1,3 @@
 apiVersion: v2
 version: 1.0.0
 name: openwebui
--- a/charts/apps/charts/coder/templates/client.yaml
+++ b/charts/apps/charts/coder/templates/client.yaml
@@ -0,0 +1,10 @@
 apiVersion: homelab.mortenolsen.pro/v1
 kind: OidcClient
 metadata:
  name: '{{ .Release.Name }}'
 spec:
  environment: '{{ .Values.globals.environment }}'
  redirectUris:
    - path: /api/v2/users/oidc/callback
      subdomain: '{{ .Values.subdomain }}'
      matchingMode: strict
--- a/charts/apps/charts/coder/templates/deployment.yaml
+++ b/charts/apps/charts/coder/templates/deployment.yaml
@@ -0,0 +1,73 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: '{{ .Release.Name }}'
 spec:
  strategy:
    type: Recreate
  replicas: 1
  selector:
    matchLabels:
      app: '{{ .Release.Name }}'
  template:
    metadata:
      labels:
        app: '{{ .Release.Name }}'
    spec:
      serviceAccountName: '{{ .Release.Name }}-serviceaccount'
      containers:
        - name: '{{ .Release.Name }}'
          image: '{{ .Values.image.repository }}:{{ .Values.image.tag }}'
          imagePullPolicy: '{{ .Values.image.pullPolicy }}'
          ports:
            - name: http
              containerPort: 7080
              protocol: TCP
          livenessProbe:
            tcpSocket:
              port: http
          readinessProbe:
            tcpSocket:
              port: http
          volumeMounts:
            - mountPath: /home/coder/.config
              name: data
          env:
            - name: CODER_HTTP_ADDRESS
              value: '0.0.0.0:7080'
            - name: CODER_OIDC_ALLOWED_GROUPS
              value: admin
            - name: CODER_OIDC_GROUP_FIELD
              value: groups
            - name: CODER_ACCESS_URL
              value: https://coder.olsen.cloud
            - name: CODER_OIDC_ICON_URL
              value: https://authentik.olsen.cloud/static/dist/assets/icons/icon.png
            - name: CODER_DISABLE_PASSWORD_AUTH
              value: 'true'
            - name: CODER_OAUTH2_GITHUB_ALLOW_SIGNUPS
              value: 'false'
            - name: CODER_OIDC_SIGN_IN_TEXT
              value: 'Sign in with OIDC'
            - name: CODER_OIDC_SCOPES
              value: openid,profile,email,offline_access
            - name: CODER_OIDC_ISSUER_URL
              valueFrom:
                secretKeyRef:
                  name: '{{ .Release.Name }}-client'
                  key: configurationIssuer
            - name: CODER_OIDC_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: '{{ .Release.Name }}-client'
                  key: clientId
            - name: CODER_OIDC_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: '{{ .Release.Name }}-client'
                  key: clientSecret
      volumes:
        - name: data
          persistentVolumeClaim:
            claimName: '{{ .Release.Name }}-data'
--- a/charts/apps/charts/coder/templates/http-service.yaml
+++ b/charts/apps/charts/coder/templates/http-service.yaml
@@ -0,0 +1,11 @@
 apiVersion: homelab.mortenolsen.pro/v1
 kind: HttpService
 metadata:
  name: '{{ .Release.Name }}'
 spec:
  environment: '{{ .Values.globals.environment }}'
  subdomain: '{{ .Values.subdomain }}'
  destination:
    host: '{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local'
    port:
      number: 80
--- a/charts/apps/charts/coder/templates/pvc.yaml
+++ b/charts/apps/charts/coder/templates/pvc.yaml
@@ -0,0 +1,11 @@
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
  name: '{{ .Release.Name }}-data'
 spec:
  accessModes:
    - 'ReadWriteOnce'
  resources:
    requests:
      storage: '1Gi'
  storageClassName: '{{ .Values.globals.environment }}'
--- a/charts/apps/charts/coder/templates/role.yaml
+++ b/charts/apps/charts/coder/templates/role.yaml
@@ -0,0 +1,21 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: '{{ .Release.Name }}-workspace-creator'
 rules:
  - apiGroups: [''] # "" indicates the core API group (for Pods, PVCs, Services)
    resources: ['pods', 'pods/exec', 'pods/log', 'persistentvolumeclaims', 'services']
    verbs: ['get', 'list', 'watch', 'create', 'update', 'patch', 'delete']
  - apiGroups: ['apps'] # For Deployments, StatefulSets
    resources: ['deployments', 'statefulsets']
    verbs: ['get', 'list', 'watch', 'create', 'update', 'patch', 'delete']
  - apiGroups: ['networking.k8s.io'] # For Ingresses
    resources: ['ingresses']
    verbs: ['get', 'list', 'watch', 'create', 'update', 'patch', 'delete']
  - apiGroups: ['events.k8s.io'] # For events related to workspace activity
    resources: ['events']
    verbs: ['create', 'patch', 'update'] # Coder might create events for workspace lifecycle
  # Add any other resources that Coder workspace templates might create (e.g., secrets, configmaps)
  # - apiGroups: [""]
  #   resources: ["secrets", "configmaps"]
  #   verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
--- a/charts/apps/charts/coder/templates/rolebinding.yaml
+++ b/charts/apps/charts/coder/templates/rolebinding.yaml
@@ -0,0 +1,13 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: '{{ .Release.Name }}-workspace-creator-binding'
  namespace: '{{ .Release.Namespace }}'
 subjects:
  - kind: ServiceAccount
    name: '{{ .Release.Name }}-serviceaccount'
    namespace: '{{ .Release.Namespace }}'
 roleRef:
  kind: ClusterRole
  name: '{{ .Release.Name }}-workspace-creator'
  apiGroup: rbac.authorization.k8s.io
--- a/charts/apps/charts/coder/templates/service.yaml
+++ b/charts/apps/charts/coder/templates/service.yaml
@@ -0,0 +1,15 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: '{{ .Release.Name }}'
  labels:
    app: '{{ .Release.Name }}'
 spec:
  type: ClusterIP
  ports:
    - port: 80
      targetPort: 7080
      protocol: TCP
      name: http
  selector:
    app: '{{ .Release.Name }}'
--- a/charts/apps/charts/coder/templates/serviceaccount.yaml
+++ b/charts/apps/charts/coder/templates/serviceaccount.yaml
@@ -0,0 +1,5 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: '{{ .Release.Name }}-serviceaccount'
  namespace: '{{ .Release.Namespace }}'
--- a/charts/apps/charts/coder/values.yaml
+++ b/charts/apps/charts/coder/values.yaml
@@ -0,0 +1,7 @@
 globals:
  environment: prod
 image:
  repository: ghcr.io/coder/coder
  tag: latest
  pullPolicy: IfNotPresent
 subdomain: coder
--- a/charts/apps/charts/gitea/templates/_runner-deployment.yaml
+++ b/charts/apps/charts/gitea/templates/_runner-deployment.yaml
@@ -0,0 +1,36 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: '{{ .Release.Name }}-runner'
  labels:
    app: '{{ .Release.Name }}-runner'
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: '{{ .Release.Name }}-runner'
  template:
    metadata:
      labels:
        app: '{{ .Release.Name }}-runner'
    spec:
      containers:
        - name: '{{ .Release.Name }}-runner'
          image: docker.io/gitea/act_runner:latest-dind-rootless
          env:
            - name: GITEA_INSTANCE_URL
              value: '{{ .Release.Name }}'
            - name: GITEA_RUNNER_NAME
            - name: GITEA_RUNNER_REGISTRATION_TOKEN
              valueFrom:
                secretKeyRef:
                  name: '{{ .Release.Name }}-runner'
                  key: registration_token
            - name: DOCKER_HOST
              value: tcp://localhost:2376
            - name: DOCKER_CERT_PATH
              value: /certs/client
            - name: DOCKER_TLS_VERIFY
              value: '1'
          securityContext:
            privileged: true
--- a/charts/apps/charts/gitea/templates/deployment.yaml
+++ b/charts/apps/charts/gitea/templates/deployment.yaml
@@ -22,6 +22,9 @@ spec:
            - name: http
              containerPort: 3000
              protocol: TCP
            - name: ssh
              containerPort: 22
              protocol: TCP
          livenessProbe:
            tcpSocket:
              port: http
@@ -40,8 +43,8 @@ spec:
              value: '1000'
            - name: GITEA__service__REQUIRE_EXTERNAL_REGISTRATION_PASSWORD
              value: 'true'
-            - name: GITEA__service__ENABLE_BASIC_AUTHENTICATION
+            #- name: GITEA__service__ENABLE_BASIC_AUTHENTICATION
-              value: 'true'
+            #  value: 'true'
            - name: GITEA__service__ENABLE_PASSWORD_SIGNIN_FORM
              value: 'false'
            - name: GITEA__service__DEFAULT_KEEP_EMAIL_PRIVATE
--- a/charts/apps/charts/gitea/templates/service.yaml
+++ b/charts/apps/charts/gitea/templates/service.yaml
@@ -13,3 +13,20 @@ spec:
      name: http
  selector:
    app: '{{ .Release.Name }}'
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: '{{ .Release.Name }}-ssh'
  labels:
    app: '{{ .Release.Name }}'
 spec:
  type: LoadBalancer
  ports:
    - port: 2202
      targetPort: 22
      protocol: TCP
      name: ssh
  selector:
    app: '{{ .Release.Name }}'
--- a/charts/apps/charts/harbor/Chart.yaml
+++ b/charts/apps/charts/harbor/Chart.yaml
@@ -0,0 +1,3 @@
 apiVersion: v2
 version: 1.0.0
 name: monitoring
--- a/charts/apps/charts/harbor/templates/helm.yaml
+++ b/charts/apps/charts/harbor/templates/helm.yaml
@@ -0,0 +1,38 @@
 apiVersion: source.toolkit.fluxcd.io/v1
 kind: HelmRepository
 metadata:
  name: '{{ .Release.Name }}'
 spec:
  interval: 1h
  url: https://helm.goharbor.io
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
  name: '{{ .Release.Name }}'
 spec:
  chart:
    spec:
      chart: harbor
      reconcileStrategy: ChartVersion
      sourceRef:
        apiVersion: source.toolkit.fluxcd.io/v1
        kind: HelmRepository
        name: '{{ .Release.Name }}'
        namespace: '{{ .Release.Namespace }}'
  interval: 1h
  values:
    persistence:
      persistentVolumeClaim:
        registry:
          storageClass: '{{ .Values.globals.environment }}'
        jobservice:
          jobLog:
            storageClass: '{{ .Values.globals.environment }}'
        database:
          storageClass: '{{ .Values.globals.environment }}'
        redis:
          storageClass: '{{ .Values.globals.environment }}'
        trivy:
          storageClass: '{{ .Values.globals.environment }}'
--- a/charts/apps/charts/harbor/templates/http-service.yaml
+++ b/charts/apps/charts/harbor/templates/http-service.yaml
@@ -0,0 +1,11 @@
 apiVersion: homelab.mortenolsen.pro/v1
 kind: HttpService
 metadata:
  name: '{{ .Release.Name }}'
 spec:
  environment: '{{ .Values.globals.environment }}'
  subdomain: '{{ .Values.subdomain }}'
  destination:
    host: '{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local'
    port:
      number: 80
--- a/charts/apps/charts/harbor/values.yaml
+++ b/charts/apps/charts/harbor/values.yaml
@@ -0,0 +1,3 @@
 globals:
  environment: prod
 subdomain: harbor
--- a/charts/apps/charts/headscale/templates/service.yaml
+++ b/charts/apps/charts/headscale/templates/service.yaml
@@ -11,9 +11,22 @@ spec:
      targetPort: 8080
      protocol: TCP
      name: http
-    - name: wireguard-udp # TODO: should this be a LB service?
+  selector:
-      port: 41641
+    app: '{{ .Release.Name }}'
-      targetPort: 41641
+
-      protocol: UDP
+---
 apiVersion: v1
 kind: Service
 metadata:
  name: '{{ .Release.Name }}-headscale'
  labels:
    app: '{{ .Release.Name }}'
 spec:
  type: LoadBalancer
  ports:
    - port: 41641
      targetPort: 41641
      protocol: UDP
      name: wireguard-udp
  selector:
    app: '{{ .Release.Name }}'
--- a/charts/monitoring/Chart.yaml
+++ b/charts/monitoring/Chart.yaml
@@ -0,0 +1,3 @@
 apiVersion: v2
 version: 1.0.0
 name: monitoring
--- a/charts/monitoring/templates/falco.yaml
+++ b/charts/monitoring/templates/falco.yaml
@@ -0,0 +1,25 @@
 apiVersion: source.toolkit.fluxcd.io/v1
 kind: HelmRepository
 metadata:
  name: '{{ .Release.Name }}-falco'
 spec:
  interval: 1h
  url: https://falcosecurity.github.io/charts
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
  name: '{{ .Release.Name }}-falco'
 spec:
  chart:
    spec:
      chart: falco
      reconcileStrategy: ChartVersion
      sourceRef:
        apiVersion: source.toolkit.fluxcd.io/v1
        kind: HelmRepository
        name: '{{ .Release.Name }}-falco'
        namespace: '{{ .Release.Namespace }}'
  interval: 1h
  values: {}
--- a/charts/monitoring/templates/kube-prometheus-stack.yaml
+++ b/charts/monitoring/templates/kube-prometheus-stack.yaml
@@ -0,0 +1,51 @@
 apiVersion: source.toolkit.fluxcd.io/v1
 kind: HelmRepository
 metadata:
  name: '{{ .Release.Name }}-prometheus-community'
 spec:
  interval: 1h
  url: https://prometheus-community.github.io/helm-charts/
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
  name: '{{ .Release.Name }}-prometheus-community'
 spec:
  chart:
    spec:
      chart: kube-prometheus-stack
      reconcileStrategy: ChartVersion
      sourceRef:
        apiVersion: source.toolkit.fluxcd.io/v1
        kind: HelmRepository
        name: '{{ .Release.Name }}-prometheus-community'
        namespace: '{{ .Release.Namespace }}'
  interval: 1h
  values: {}
 ---
 apiVersion: homelab.mortenolsen.pro/v1
 kind: HttpService
 metadata:
  name: '{{ .Release.Name }}-prometheus-community'
 spec:
  environment: '{{ .Values.globals.environment }}'
  subdomain: '{{ .Values.graphana.subdomain }}'
  destination:
    host: '{{ .Release.Name }}-prometheus-community-grafana.{{ .Release.Namespace }}.svc.cluster.local'
    port:
      number: 80
 ---
 apiVersion: homelab.mortenolsen.pro/v1
 kind: HttpService
 metadata:
  name: '{{ .Release.Name }}-prometheus-community-alertmanager'
 spec:
  environment: '{{ .Values.globals.environment }}'
  subdomain: '{{ .Values.graphana.subdomain }}-alertmanager'
  destination:
    host: '{{ .Release.Name }}-prometheus-comm-alertmanager.{{ .Release.Namespace }}.svc.cluster.local'
    port:
      number: 9093
--- a/charts/monitoring/templates/kyverno.yaml
+++ b/charts/monitoring/templates/kyverno.yaml
@@ -0,0 +1,25 @@
 apiVersion: source.toolkit.fluxcd.io/v1
 kind: HelmRepository
 metadata:
  name: '{{ .Release.Name }}-kyverno'
 spec:
  interval: 1h
  url: https://kyverno.github.io/kyverno/
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
  name: '{{ .Release.Name }}-kyverno'
 spec:
  chart:
    spec:
      chart: kyverno
      reconcileStrategy: ChartVersion
      sourceRef:
        apiVersion: source.toolkit.fluxcd.io/v1
        kind: HelmRepository
        name: '{{ .Release.Name }}-kyverno'
        namespace: '{{ .Release.Namespace }}'
  interval: 1h
  values: {}
--- a/charts/monitoring/templates/loki.yaml
+++ b/charts/monitoring/templates/loki.yaml
@@ -0,0 +1,121 @@
 apiVersion: source.toolkit.fluxcd.io/v1
 kind: HelmRepository
 metadata:
  name: '{{ .Release.Name }}-loki'
 spec:
  interval: 1h
  url: https://grafana.github.io/helm-charts
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
  name: '{{ .Release.Name }}-loki'
 spec:
  chart:
    spec:
      chart: loki
      reconcileStrategy: ChartVersion
      sourceRef:
        apiVersion: source.toolkit.fluxcd.io/v1
        kind: HelmRepository
        name: '{{ .Release.Name }}-loki'
        namespace: '{{ .Release.Namespace }}'
  interval: 1h
  values:
    deploymentMode: SingleBinary
    loki:
      auth_enabled: false
      server:
        http_listen_port: 3100
      # memberlist:
      #   join_members:
      #     - loki-memberlist
      schemaConfig:
        configs:
          - from: 2020-05-15
            store: tsdb
            object_store: filesystem
            schema: v13
            index:
              prefix: index_
              period: 24h
      storage:
        type: filesystem
      storage_config:
        filesystem:
          directory: /loki/chunks
      limits_config:
        reject_old_samples: true
        reject_old_samples_max_age: 168h
        max_cache_freshness_per_query: 10m
        split_queries_by_interval: 15m
        volume_enabled: true
      common:
        path_prefix: /loki
        storage:
          filesystem:
            chunks_directory: /loki/chunks
            rules_directory: /loki/rules
        replication_factor: 1
        ring:
          instance_addr: 127.0.0.1
          kvstore:
            store: inmemory
    # Enable persistent storage
    singleBinary:
      persistence:
        enabled: true
        size: 10Gi
        storageClass: '{{ .Values.globals.environment }}' # Uses default storage class
      extraVolumeMounts:
        - name: storage
          mountPath: /loki
    backend:
      replicas: 0
    read:
      replicas: 0
    write:
      replicas: 0
    ingester:
      replicas: 0
    querier:
      replicas: 0
    queryFrontend:
      replicas: 0
    queryScheduler:
      replicas: 0
    distributor:
      replicas: 0
    compactor:
      replicas: 0
    indexGateway:
      replicas: 0
    bloomCompactor:
      replicas: 0
    bloomGateway:
      replicas: 0
    promtail:
      enabled: true
      config:
        snippets:
          extraScrapeConfigs: |
            - job_name: kubernetes-pods
              kubernetes_sd_configs:
                - role: pod
              relabel_configs:
                - source_labels: ["__meta_kubernetes_pod_container_name"]
                  target_label: "container"
                - source_labels: ["__meta_kubernetes_pod_name"]
                  target_label: "pod"
                - source_labels: ["__meta_kubernetes_pod_namespace"]
                  target_label: "namespace"
--- a/charts/monitoring/templates/trivy.yaml
+++ b/charts/monitoring/templates/trivy.yaml
@@ -0,0 +1,25 @@
 apiVersion: source.toolkit.fluxcd.io/v1
 kind: HelmRepository
 metadata:
  name: '{{ .Release.Name }}-aqua'
 spec:
  interval: 1h
  url: https://aquasecurity.github.io/helm-charts/
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
  name: '{{ .Release.Name }}-aqua'
 spec:
  chart:
    spec:
      chart: trivy-operator
      reconcileStrategy: ChartVersion
      sourceRef:
        apiVersion: source.toolkit.fluxcd.io/v1
        kind: HelmRepository
        name: '{{ .Release.Name }}-aqua'
        namespace: '{{ .Release.Namespace }}'
  interval: 1h
  values: {}
--- a/charts/monitoring/values.yaml
+++ b/charts/monitoring/values.yaml
@@ -0,0 +1,4 @@
 globals:
  environment: prod
 graphana:
  subdomain: grafana
--- a/docs/monitoring.md
+++ b/docs/monitoring.md
@@ -0,0 +1,476 @@
 # Home Kubernetes Cluster Setup: Monitoring & Security Quickstart
 This guide provides a practical, lightweight setup for monitoring and security on your home Kubernetes cluster. It uses Helm for easy installation and focuses on essential features with minimal complexity.
 ## Overview
 This setup includes:
 *   **Monitoring:** Prometheus + node-exporter + kube-state-metrics + Grafana (via the `kube-prometheus-stack` Helm chart).
 *   **Image Scanning & Supply-Chain:** Trivy (Trivy Operator) for automated in-cluster image vulnerability scanning.
 *   **Policy / Admission Control / Pod Security:** Kyverno for policy enforcement and Kubernetes Pod Security Admission (PSA) for baseline security.
 *   **Runtime Security / IDS:** Falco to detect suspicious syscalls and pod activity.
 *   **Network Segmentation:** Calico (or Cilium) CNI with basic NetworkPolicy configuration.
 *   **Ad-Hoc Checks:**  kube-bench (CIS benchmarks), kube-linter/kube-score (static analysis), and kube-hunter (penetration testing).
 ## Prerequisites
 *   A functional Kubernetes cluster (managed or self-hosted).
 *   `kubectl` installed and configured to connect to your cluster.
 *   Helm v3 installed.
 ## Installation
 These instructions assume you have `kubectl` and Helm set up and authenticated to your cluster.
 ### 1. Monitoring (Prometheus + Grafana)
 *   Add the Prometheus community Helm repository:
    ```bash
    helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
    helm repo update
    ```
 *   Create the `monitoring` namespace and install the `kube-prometheus-stack` chart:
    ```bash
    kubectl create ns monitoring
    helm install kube-prometheus prometheus-community/kube-prometheus-stack --namespace monitoring
    ```
    *Optional*: Customize the installation by creating a `values.yaml` file to configure persistence, resource limits, and scrape intervals.  See *Configuration* below for a potential `values.yaml` you can adapt.
 *   Access Grafana:
    ```bash
    kubectl -n monitoring port-forward svc/kube-prometheus-grafana 3000:80
    ```
    Open `http://localhost:3000` in your browser. The default `admin` user password can be found in the chart's secrets (check the Helm chart documentation).
    This provides node-exporter, kube-state-metrics, a Prometheus server, Alertmanager, and pre-built dashboards for your cluster.
 ### 2. Image Scanning (Trivy Operator)
 *   Add the Aqua Security Helm repository:
    ```bash
    helm repo add aqua https://aquasecurity.github.io/helm-charts
    helm repo update
    ```
 *   Create the `trivy-system` namespace and install the `trivy-operator` chart:
    ```bash
    kubectl create ns trivy-system
    helm install trivy-operator aqua/trivy-operator --namespace trivy-system
    ```
    Trivy Operator creates `VulnerabilityReport` and `ConfigAuditReport` CRDs.  It scans images running in the cluster for vulnerabilities.
 ### 3. Policy Admission (Kyverno)
 *   Create the `kyverno` namespace and install Kyverno:
    ```bash
    kubectl create ns kyverno
    kubectl apply -f https://github.com/kyverno/kyverno/releases/latest/download/install.yaml
    ```
 *   Apply the example `ClusterPolicy` to deny privileged containers and hostPath mounts:
    ```yaml
    apiVersion: kyverno.io/v1
    kind: ClusterPolicy
    metadata:
      name: deny-privileged-and-hostpath
    spec:
      rules:
      - name: deny-privileged
        match:
          resources:
            kinds: ["Pod","PodTemplate","CronJob","Job","Deployment","StatefulSet"]
        validate:
          message: "Privileged containers are not allowed"
          deny:
            conditions:
            - key: "{{ request.object.spec.containers[].securityContext.privileged }}"
              operator: Equals
              value: true
      - name: deny-hostpath
        match:
          resources:
            kinds: ["Pod","PodTemplate","Deployment","StatefulSet"]
        validate:
          message: "hostPath volumes are not allowed"
          pattern:
            spec:
              volumes:
              - "*":
                  hostPath: null
    ```
    Save the above as `kyverno-policy.yaml` and apply it:
    ```bash
    kubectl apply -f kyverno-policy.yaml
    ```
    Adapt the `match` section to target specific workload types.  See *Example Kyverno Policy* below.
 ### 4. Pod Security Admission (PSA)
 *   Apply the `baseline` Pod Security Standard to the `default` namespace:
    ```bash
    kubectl label ns default pod-security.kubernetes.io/enforce=baseline
    ```
 *   For a stricter security posture, use the `restricted` profile:
    ```bash
    kubectl label ns default pod-security.kubernetes.io/enforce=restricted
    ```
    PSA provides controls like preventing privileged containers and restricting host networking.
 ### 5. Runtime Detection (Falco)
 *   Add the Falco Helm repository:
    ```bash
    helm repo add falcosecurity https://falcosecurity.github.io/charts
    helm repo update
    ```
 *   Create the `falco` namespace and install the `falco` chart:
    ```bash
    kubectl create ns falco
    helm install falco falcosecurity/falco --namespace falco
    ```
    Falco detects suspicious container behavior and system calls.
 ### 6. Network Policy & CNI
 *   If you haven't already, install a CNI that supports NetworkPolicy, such as Calico:
    ```bash
    kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
    ```
    Alternatively, consider Cilium.
 *   Implement a default-deny NetworkPolicy:
    ```yaml
    apiVersion: networking.k8s.io/v1
    kind: NetworkPolicy
    metadata:
      name: default-deny
      namespace: my-namespace
    spec:
      podSelector: {}
      policyTypes:
      - Ingress
      - Egress
    ```
    Save the above as `default-deny.yaml` and apply it to your namespace:
    ```bash
    kubectl apply -f default-deny.yaml
    ```
    Follow this up with explicit `allow` policies for necessary services.
 ### 7. Cluster Hardening & Scans
 *   **kube-bench (CIS Benchmarks):**
    ```bash
    kubectl run --rm -it --image aquasec/kube-bench:latest kube-bench -- /kube-bench --version 1.23
    ```
    Refer to the kube-bench documentation for running as a Job or Pod.
 *   **kube-linter / kube-score (Static Manifest Checks):**
    Install the CLI tool locally and analyze your Kubernetes manifests.
 *   **kube-hunter (Penetration Testing):**
    ```bash
    docker run aquasec/kube-hunter:latest --remote <K8S_API_ENDPOINT>
    ```
 ## Configuration
 This section provides example configuration files and tips to customize the setup for a home Kubernetes cluster.
 ### Example `values.yaml` for `kube-prometheus-stack`
 This reduces resource usage and avoids the need for external object storage for Alertmanager, which is not needed at home.  It disables default dashboards you might not need initially and cuts down some Prometheus retention.
 ```yaml
 # values.yaml for kube-prometheus-stack
 prometheus:
  prometheusSpec:
    # reduce resource rqts / limits
    resources:
       requests:
         memory: 1Gi
         cpu: 200m
       limits:
         memory: 2Gi
         cpu: 500m
    # Reduce storage retention
    retention: 7d
    storageSpec:
      volumeClaimTemplate:
        spec:
          storageClassName: "local-path" # Or your storage class
          accessModes: ["ReadWriteOnce"]
          resources:
            requests:
              storage: 10Gi # adjust as needed
 alertmanager:
  enabled: false # for quick home setup, send directly to telegram etc.
 grafana:
  enabled: true
  defaultDashboardsEnabled: false   # Disable default dashboards
  sidecar:
    dashboards:
      enabled: true
      provider:
        folders:
          fromConfigMap: true # Load custom dashboards from ConfigMaps
 kube-state-metrics:
 enabled: true
 nodeExporter:
  enabled: true
 ```
 To use this configuration, save it as `values.yaml` and run:
 ```bash
 helm install kube-prometheus prometheus-community/kube-prometheus-stack --namespace monitoring -f values.yaml
 ```
 Adapt the `storageClassName` and storage amounts to your environment.
 ### Example Kyverno Policy - Disallow Root User / Require Distroless
 This example expands on the previous policy.  It requires images not run as UID 0 and suggests distroless images.  It still requires privilege escalation to be forbidden:
 ```yaml
 apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: require-non-root-user-and-distroless
  annotations:
    policies.kyverno.io/title: Require Non-Root User and Distroless Images
    policies.kyverno.io/category: Security
    policies.kyverno.io/severity: medium
    policies.kyverno.io/subject: Pod
    policies.kyverno.io/description: >-
      Containers should not run as root, and ideally, be based on Distroless
      images where possible. This policy requires that containers define
      `runAsUser`, and that `runAsUser` is not `0`.  It also generates a warning
      if the image is not based on a distroless image, although does not reject
      the deployment.
 spec:
  validationFailureAction: Enforce
  rules:
    - name: check-runasnonroot
      match:
        any:
          - resources:
              kinds:
                - Pod
      validate:
        message: "Containers must not run as root. Specify a non-zero runAsUser in securityContext."
        pattern:
          spec:
            containers:
              - securityContext:
                  runAsUser: "!0" # not equal to zero
    - name: check-allowprivilegeescalation
      match:
        any:
          - resources:
              kinds:
                - Pod
      validate:
        message: "Containers must set allowPrivilegeEscalation to false."
        pattern:
          spec:
            containers:
              - securityContext:
                  allowPrivilegeEscalation: "false"
    - name: warn-distroless
      match:
        any:
          - resources:
              kinds:
                - Pod
      verifyImages:
        - imageReferences:
            - "*"  # all images
          attestations:
            - policy:
                subjects:
                  - name: distroless
                conditions:
                  all:
                    - key: "ghcr.io/distroless/static:latest"  # Example -  Check if the image is distroless.  You can use wildcards
                      operator: In
                      value: "{{ image.repoDigests }}"
                  # You can add other keys and values to check
      mutate:
        overlay:
          metadata:
            annotations:
              "image.distroless.warn": "This image isn't distroless -- see https://github.com/GoogleContainerTools/distroless"
 ```
 ### Alertmanager to Telegram
 1.  **Create a Telegram Bot:** Search for `@BotFather` on Telegram. Use the `/newbot` command. Give your bot a name and a unique username.  BotFather will give you the bot's API token.
 2.  **Get your Telegram Chat ID:** Send a message to your bot.  Then, in a browser, go to  `https://api.telegram.org/bot<YOUR_BOT_API_TOKEN>/getUpdates` (replace `<YOUR_BOT_API_TOKEN>`). The `chat.id` value in the JSON response is your chat ID.
 3.  **Create a Secret in Kubernetes:**
    ```bash
    kubectl create secret generic telegram-secrets \
      --from-literal=bot_token="<YOUR_BOT_API_TOKEN>" \
      --from-literal=chat_id="<YOUR_CHAT_ID>"
    ```
    Replace the placeholders with the correct values.
 4.  **Add Alertmanager Configuration:**
    You'll need to patch the default Alertmanager configuration provided by `kube-prometheus-stack`.  Because we disabled the Alertmanager component from the chart for simplicitly's sake, we'll instead rely on defining an additional prometheusRule that sends alerts to a webhook (and have a small sidecar container forward them to telegram).
 Example:
 ```yaml
 apiVersion: monitoring.coreos.com/v1
 kind: PrometheusRule
 metadata:
  labels:
    prometheus: k8s
    role: alert-rules
  name: promethus-to-telegram
  namespace: monitoring
 spec:
  groups:
    - name: kubernetes-home-cluster
      rules:
        - alert: PrometheusToTelegramAlert
          annotations:
            description: 'Alert sent from Prometheus goes to telegram'
          expr: vector(1)
          labels:
            severity: critical
          for: 1s
          actions:
            - name: SendToTelegramAction
              url: 'http://localhost:8080/message'
              parameters:
                text: Alert from Prometheus: {{ .Alerts.Firing | len }} firing alert{{ if gt (len .Alerts.Firing) 1 }}s{{ end }}.\nSeverity: {{ .CommonLabels.severity }}\nDescription: {{ .CommonAnnotations.description }}
 ```
 Now you will create a deployment that runs a small webhook server forwarding these alerts to telegram:
 ```yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: prometheus-telegram
  namespace: monitoring
 spec:
  selector:
    matchLabels:
      app: prometheus-telegram
  replicas: 1
  template:
    metadata:
      labels:
        app: prometheus-telegram
    spec:
      containers:
      - name: webhook
        image: nginx
        ports:
        - containerPort: 8080
      - name: telegram-forwarder
        image: alpine/curl
        command: ["/bin/sh"]
        args:
        - "-c"
        - |
          while true; do
            nc -l -p 8080 | sed 's/text=/text=Alert from Prometheus: /g' | curl -sS --fail -X POST "https://api.telegram.org/bot$(TELEGRAM_BOT_TOKEN)/sendMessage" -d chat_id=$(TELEGRAM_CHAT_ID) -d "$$(cat)"
            sleep 1;
          done
        env:
        - name: TELEGRAM_BOT_TOKEN
          valueFrom:
            secretKeyRef:
              name: telegram-secrets
              key: bot_token
        - name: TELEGRAM_CHAT_ID
          valueFrom:
            secretKeyRef:
              name: telegram-secrets
              key: chat_id
 ```
 **Explanation:**
 *   It creates an Nginx pod for a HTTP listener to avoid unnecessary security errors in Promethues,
 *   The `telegram-forwarder` container uses `curl` and `nc` to forward the POST from Prometheus to the Telegram API, using the secrets for authentication.
 ## Operational Tips
 *   **Resource Management:**  Set resource limits and requests for components, especially Prometheus and Grafana. Adjust scrape intervals for Prometheus to reduce load.
 *   **Persistence:**  Use persistent volumes for Grafana and Prometheus to preserve dashboards and historical data.
 *   **Alerting:**  Configure Alertmanager with a Telegram or Discord webhook for notifications. This is *simpler* than email for home setups.
 *   **Trivy & Image Blocking:** To automatically block vulnerable images, integrate Trivy with admission webhooks (using Kyverno to reject deployments based on Trivy reports).
 *   **Backups:** Regularly back up etcd (if self-hosting the control plane) and potentially Prometheus/Grafana data.
 ## Getting Started Quickly
 Follow this installation order:
 1.  Install your `CNI`.
 2.  Install `kube-prometheus-stack`, using `values.yaml` to reduce resources.
 3.  Install Grafana and import dashboards.
 4.  Enable PSA on namespaces.
 5.  Install Kyverno and create deny policies.
 6.  Install Trivy Operator for image scanning visibility.
 7.  Install Falco for runtime detection.
 8.  Run `kube-bench` and `kube-linter` for initial assessment.
 ## Useful Resources
 *   [kube-prometheus-stack (Helm)](https://github.com/prometheus-community/helm-charts)
 *   [trivy-operator](https://github.com/aquasecurity/trivy-operator)
 *   [Kyverno](https://kyverno.io/)
 *   [Falco](https://falco.org/)
 *   [Calico CNI](https://www.tigera.io/project-calico/)
 *  [Aqua kube-hunter, kube-bench, kube-linter](https://www.aquasec.com/)
 This README provides a solid foundation for setting up monitoring and security on your home Kubernetes cluster.  Adapt the configurations and policies to your specific needs and experiment!
--- a/docs/prepare-server.md
+++ b/docs/prepare-server.md
@@ -0,0 +1,216 @@
 Here's the guide formatted as a `README.md` file, ready for a GitHub repository or local documentation.
 ```markdown
 # Optimizing Debian for K3s
 This guide outlines steps to optimize a Debian server for running K3s (Lightweight Kubernetes). Optimization involves a combination of general Linux best practices, K3s-specific recommendations, and considerations for your specific workload.
 ## Table of Contents
 - [1. Debian Base System Optimization](#1-debian-base-system-optimization)
  - [a. Kernel Parameters (sysctl.conf)](#a-kernel-parameters-sysctlconf)
  - [b. User Limits (ulimit)](#b-user-limits-ulimit)
  - [c. Disable Unnecessary Services](#c-disable-unnecessary-services)
  - [d. Update System](#d-update-system)
  - [e. Swap Configuration](#e-swap-configuration)
 - [2. K3s Specific Optimizations](#2-k3s-specific-optimizations)
  - [a. Choose a Performant Storage Backend](#a-choose-a-performant-storage-backend)
  - [b. Containerd Tuning](#b-containerd-tuning)
  - [c. K3s Server and Agent Configuration](#c-k3s-server-and-agent-configuration)
  - [d. CNI Choice](#d-cni-choice)
 - [3. General Server Best Practices](#3-general-server-best-practices)
  - [a. Fast Storage](#a-fast-storage)
  - [b. Adequate RAM and CPU](#b-adequate-ram-and-cpu)
  - [c. Network Configuration](#c-network-configuration)
  - [d. Monitoring](#d-monitoring)
  - [e. Logging](#e-logging)
 - [4. Post-Optimization Verification](#4-post-optimization-verification)
 ---
 ## 1. Debian Base System Optimization
 These steps are generally beneficial for any server, but particularly important for containerized environments like K3s.
 ### a. Kernel Parameters (sysctl.conf)
 Edit `/etc/sysctl.conf` and apply changes with `sudo sysctl -p`.
 ```ini
 # Increase maximum open files (for container processes, K3s components)
 fs.inotify.max_user_watches = 524288 # For fs-based operations within containers
 fs.inotify.max_user_instances = 8192 # For fs-based operations within containers
 fs.file-max = 2097152 # Increase overall system file handle limit
 # Increase limits for network connections
 net.core.somaxconn = 65535 # Max backlog of pending connections
 net.ipv4.tcp_tw_reuse = 1 # Allow reuse of TIME_WAIT sockets (caution: can sometimes mask issues)
 net.ipv4.tcp_fin_timeout = 30 # Reduce TIME_WAIT duration
 net.ipv4.tcp_max_syn_backlog = 65535 # Max number of remembered connection requests
 net.ipv4.tcp_keepalive_time=600 # Shorter keepalive interval
 net.ipv4.tcp_keepalive_intvl=60 # Keepalive interval
 net.ipv4.tcp_keepalive_probes=3 # Keepalive probes
 # Increase memory limits for network buffers (especially if high network traffic)
 net.core.rmem_max = 26214400
 net.core.wmem_max = 26214400
 net.core.rmem_default = 26214400
 net.core.wmem_default = 26214400
 # Other useful parameters
 vm.max_map_count = 262144 # Essential for Elasticsearch, MongoDB, etc.
 vm.dirty_ratio = 5 # Reduce dirty page percentage for better write performance
 vm.dirty_background_ratio = 10 # Reduce dirty page percentage for better write performance
 kernel.pid_max = 4194304 # Increase max PIDs
 ```
 **Explanation:**
 - `fs.file-max`: K3s and its deployed containers can open a large number of files. Increasing this prevents "Too many open files" errors.
 - `net.*`: These parameters help in handling a high number of concurrent network connections crucial for a Kubernetes cluster.
 - `vm.max_map_count`: Required by some applications that run on Kubernetes (e.g., Elasticsearch).
 ### b. User Limits (ulimit)
 Edit `/etc/security/limits.conf` (or create a file like `/etc/security/limits.d/k3s.conf`) for all users, or specifically for the user K3s runs as (often `root` by default or a dedicated `k3s` user).
 ```
 # For all users (or a specific k3s user if you configure it)
 *    soft nofile 65536
 *    hard nofile 131072
 *    soft nproc  65536
 *    hard nproc  131072
 ```
 **Note:** A reboot or logging out/in is often required for these changes to take effect for user sessions. Services typically pick up new limits upon restart.
 **Explanation:**
 - `nofile` (number of open files): Sets the per-user/per-process limit. K3s and pods need a high limit.
 - `nproc` (number of processes): Each container consumes processes. A high limit prevents hitting a ceiling.
 ### c. Disable Unnecessary Services
 Reducing background services frees up CPU, RAM, and I/O.
 ```bash
 sudo systemctl disable --now apache2 # Example, replace with actual unused services
 sudo systemctl disable --now nginx    # Example
 sudo systemctl disable --now cups     # If not using printing
 sudo systemctl disable --now modemmanager # If not using a modem
 sudo systemctl disable --now bluetooth # If no bluetooth devices
 # Review active services using:
 # systemctl list-unit-files --type=service --state=enabled
 ```
 ### d. Update System
 Keep your system packages up-to-date for security and performance bug fixes.
 ```bash
 sudo apt update
 sudo apt upgrade -y
 sudo apt dist-upgrade -y # For major version changes (if applicable)
 sudo apt autoremove -y
 sudo reboot # After significant kernel or base system updates
 ```
 ### e. Swap Configuration
 **It is generally recommended to disable swap on K3s nodes, especially worker nodes.** Swapping can severely degrade performance in containerized environments due to unpredictable latency.
 If you absolutely must have swap (e.g., very low memory server, not recommended for production):
 *   Reduce swappiness: `sudo sysctl vm.swappiness=10` (or even `1`). Add `vm.swappiness = 10` to `/etc/sysctl.conf`.
 *   Preferably, disable swap entirely if you have sufficient RAM:
    ```bash
    sudo swapoff -a
    sudo sed -i '/ swap / s/^/#/' /etc/fstab
    ```
    **WARNING:** Only disable swap if your system has sufficient RAM to handle its workload without it. If nodes run out of memory without swap, processes will be OOM-killed, leading to instability.
 ## 2. K3s Specific Optimizations
 ### a. Choose a Performant Storage Backend
 The choice of K3s's data store significantly impacts performance and availability.
 *   **SQLite (Default):** Good for single-node setups or small, non-critical clusters. Performance can degrade with many changes or large clusters.
 *   **External Database (MariaDB/MySQL, PostgreSQL):**
    *   **Recommended for Production:** Offers high availability and better performance than embedded SQLite for multi-node K3s server configurations.
    *   **Placement:** Place the external database on a separate server or on a dedicated, fast storage volume.
 *   **External etcd:** Offers the best performance and scalability, but is more complex to manage and requires its own dedicated etcd cluster.
 ### b. Containerd Tuning
 K3s uses containerd as its container runtime.
 *   **Fast Storage for Containerd:** Ensure the directories where containerd stores its data are on fast storage (NVMe SSDs are ideal).
    *   `/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs` (K3s specific)
    *   (`/var/lib/containerd` if using a standalone containerd setup)
    This is critical for image pulls, container startup, and overlayfs performance.
 ### c. K3s Server and Agent Configuration
 Configure K3s using a configuration file (e.g., `/etc/rancher/k3s/config.yaml`) or command-line flags.
 *   **Disable Unused Components:** Reduce resource consumption by disabling features you don't need.
    *   `--disable traefik`: If using Nginx Ingress Controller or another ingress.
    *   `--disable servicelb`: If using a cloud provider Load Balancer, MetalLB, or another solution.
    *   `--disable local-storage`: If using cloud provider storage, NFS, or another remote storage solution.
    *   `--disable metrics-server`: If using a different metrics solution or don't need it.
    *   `--disable helm-controller`: If exclusively using `kubectl` for deployments.
    **Example `/etc/rancher/k3s/config.yaml` for a server node:**
    ```yaml
    # /etc/rancher/k3s/config.yaml
    server: true
    disable:
      - traefik
      - servicelb
      - local-storage
      - metrics-server
    # Example for external database
    # datastore-endpoint: "mysql://k3s:password@tcp(db-server:3306)/kube?parseTime=true"
    ```
 ### d. CNI Choice
 K3s defaults to Flannel (with VXLAN), which is performant for many use cases.
 *   **Alternative CNIs (Calico, Cilium):** If you require advanced network policies, superior performance in high-throughput scenarios, or specific networking features, consider replacing Flannel. These can offer better raw throughput or lower latency but add complexity.
    *   If installing K3s, you'd typically skip Flannel installation (`--flannel-backend=none`) then install your chosen CNI.
    *   Ensure your chosen CNI is optimized with the correct kernel modules and sysctls.
 ## 3. General Server Best Practices
 ### a. Fast Storage
 *   **SSD/NVMe:** Absolutely crucial for K3s performance, especially for the K3s data directory (`$K3S_DATA_DIR`, default: `/var/lib/rancher/k3s`), `/var/lib/containerd`, and the operating system itself. Pod startup times, image pulls, and database operations are heavily I/O bound.
 *   **RAID:** If using multiple drives, consider RAID1 or RAID10 for redundancy and increased I/O performance.
 ### b. Adequate RAM and CPU
 *   **RAM:** K3s servers (especially with embedded SQLite) require more RAM. Worker nodes also need ample RAM for their pods. Err on the side of more RAM.
 *   **CPU:** Ensure sufficient CPU cores for K3s components, containers, and your workloads.
 ### c. Network Configuration
 *   **Gigabit Ethernet (at least):** 10Gbps or faster is ideal for larger clusters or high-bandwidth applications.
 *   **MTU:** Ensure consistent MTU settings across all nodes and your network infrastructure. K3s default CNI (Flannel VXLAN) might use a smaller MTU (e.g., 1450) due to encapsulation overhead. Misconfigured MTU can lead to packet fragmentation and performance issues.
 *   **Jumbo Frames:** If your network supports it and all components are configured for it, jumbo frames (e.g., 9000 bytes MTU) can reduce overhead and improve throughput, but requires careful and consistent configuration.
 ### d. Monitoring
 *   **Prometheus/Grafana:** Essential for monitoring resource usage (CPU, RAM, disk I/O, network) of your nodes and K3s components. This helps identify and diagnose bottlenecks.
 *   **Kube-state-metrics:** Provides metrics about Kubernetes objects.
 *   **Node Exporter:** Provides system-level metrics.
 *   **cAdvisor (usually bundled with container runtimes):** Provides container-level metrics.
 ### e. Logging
 *   **Centralized Logging (ELK Stack, Loki, etc.):** Stream logs from K3s components and pods to a central logging system for easier debugging, troubleshooting, and performance analysis.
 ## 4. Post-Optimization Verification
 1.  **Reboot:** After making changes to kernel parameters or `limits.conf`, a full system reboot is often the safest way to ensure all changes are fully applied.
 2.  **Verify sysctl settings:** `sudo sysctl -a | grep -i <parameter_name>` (e.g., `sudo sysctl -a | grep -i fs.file-max`)
 3.  **Verify ulimits:** Check `ulimit -n` and `ulimit -u` in a new shell. For specific running processes, inspect `/proc/<pid>/limits`.
 4.  **Monitor Performance:** Use tools like `htop`, `iostat`, `netstat`, `dstat`, and your installed monitoring stack (Prometheus/Grafana) to observe the impact of your changes. Look for reduced CPU usage, lower I/O wait, improved network throughput, and stable memory usage.
 5.  **Test Workloads:** Deploy your actual applications and perform load testing to ensure the optimizations yield the desired performance benefits under realistic conditions.
 By diligently following these steps, you can establish a robust and highly performant Debian environment for your K3s cluster. Always test changes in a staging or development environment before applying them to production systems.
 ```
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -7,3 +7,8 @@ requires-python = ">=3.13"
 dependencies = [
    "kubediagrams>=0.5.0",
 ]
 [tool.uv.workspace]
 members = [
    "security/trivy-report",
 ]
--- a/security/trivy-report/.gitignore
+++ b/security/trivy-report/.gitignore
@@ -0,0 +1,3 @@
 /security_report.pdf
 /transformed_data.json
 /all_data.json
--- a/security/trivy-report/README.md
+++ b/security/trivy-report/README.md
--- a/security/trivy-report/fetch-data.sh
+++ b/security/trivy-report/fetch-data.sh
@@ -0,0 +1,24 @@
 #!/bin/bash
 # Data Extraction Function
 extract_data() {
  crd_type="$1"
  kubectl get "$crd_type" -A -o json | jq -r '.items[] | {
    namespace: .metadata.namespace,
    name: .metadata.name,
    report: .report
  }'
 }
 # Vulnerability Reports
 vulnerability_data=$(extract_data vulnerabilityreports)
 # Example of capturing ConfigAuditReports (adjust jq filter as needed)
 config_audit_data=$(extract_data configauditreports)
 # Combine the data into a proper JSON array using jq
 {
  echo "$vulnerability_data"
  echo "$config_audit_data"
 } | jq -s '.' > all_data.json
--- a/security/trivy-report/generate_report.py
+++ b/security/trivy-report/generate_report.py
@@ -0,0 +1,82 @@
 import json
 from jinja2 import Environment, FileSystemLoader
 import weasyprint
 def generate_pdf_report(transformed_data, template_file, output_file):
    """Generates a PDF report from the transformed data and Jinja2 template."""
    env = Environment(
        loader=FileSystemLoader(".")
    )  # Load templates from the current directory
    template = env.get_template(template_file)
    html_output = template.render(transformed_data)  # Render the template with the data
    # Generate PDF using WeasyPrint
    weasyprint.HTML(string=html_output).write_pdf(output_file)
 # Load the already transformed JSON data
 with open("transformed_data.json", "r") as f:
    raw_data = json.load(f)
 # Sort by severity (CRITICAL, HIGH, MEDIUM, LOW)
 severity_order = {"CRITICAL": 0, "HIGH": 1, "MEDIUM": 2, "LOW": 3}
 # Group vulnerabilities by CVE ID
 vuln_groups = {}
 for vuln in raw_data["vulnerabilities"]:
    cve_id = vuln["vulnerabilityID"]
    if cve_id not in vuln_groups:
        vuln_groups[cve_id] = {
            "vulnerabilityID": vuln["vulnerabilityID"],
            "severity": vuln["severity"],
            "title": vuln["title"],
            "packagePURL": vuln.get("packagePURL"),
            "installedVersion": vuln.get("installedVersion"),
            "fixedVersion": vuln.get("fixedVersion"),
            "affected_resources": [],
        }
    vuln_groups[cve_id]["affected_resources"].append(
        {"namespace": vuln["namespace"], "resource": vuln["resource"]}
    )
 # Convert to list and sort by severity
 grouped_vulnerabilities = sorted(
    list(vuln_groups.values()), key=lambda x: severity_order.get(x["severity"], 4)
 )
 # Group config issues by checkID
 config_groups = {}
 for issue in raw_data["config_issues"]:
    check_id = issue["checkID"]
    if check_id not in config_groups:
        config_groups[check_id] = {
            "checkID": issue["checkID"],
            "severity": issue["severity"],
            "title": issue["title"],
            "description": issue["description"],
            "remediation": issue["remediation"],
            "affected_resources": [],
        }
    config_groups[check_id]["affected_resources"].append(
        {"namespace": issue["namespace"], "resource": issue["resource"]}
    )
 # Convert to list and sort by severity
 grouped_config_issues = sorted(
    list(config_groups.values()), key=lambda x: severity_order.get(x["severity"], 4)
 )
 transformed_data = {
    "vulnerabilities": grouped_vulnerabilities,
    "config_issues": grouped_config_issues,
 }
 # Generate the PDF report
 generate_pdf_report(transformed_data, "report_template.html", "security_report.pdf")
 print("PDF report generated successfully: security_report.pdf")
--- a/security/trivy-report/main.py
+++ b/security/trivy-report/main.py
@@ -0,0 +1,6 @@
 def main():
    print("Hello from trivy-report!")
 if __name__ == "__main__":
    main()
--- a/security/trivy-report/pyproject.toml
+++ b/security/trivy-report/pyproject.toml
@@ -0,0 +1,10 @@
 [project]
 name = "trivy-report"
 version = "0.1.0"
 description = "Add your description here"
 readme = "README.md"
 requires-python = ">=3.13"
 dependencies = [
    "jinja2>=3.1.6",
    "weasyprint>=66.0",
 ]
--- a/security/trivy-report/report_template.html
+++ b/security/trivy-report/report_template.html
@@ -0,0 +1,136 @@
 <!DOCTYPE html>
 <html>
 <head>
  <title>Kubernetes Security Report</title>
  <style>
    @page {
      size: A4;
      margin: 0.5in;
    }
    body { 
      font-family: Arial, sans-serif; 
      font-size: 10px;
      line-height: 1.3;
      margin: 0;
      padding: 0;
    }
    h1 { 
      color: #333; 
      font-size: 16px;
      margin-bottom: 10px;
    }
    h2 { 
      color: #666; 
      font-size: 14px;
      margin: 15px 0 8px 0;
    }
    table { 
      border-collapse: collapse; 
      width: 100%;
      margin-bottom: 20px;
      font-size: 8px;
    }
    th, td { 
      border: 1px solid #ccc; 
      padding: 4px; 
      text-align: left; 
      vertical-align: top;
      word-wrap: break-word;
      max-width: 150px;
    }
    th { 
      background-color: #f5f5f5;
      font-weight: bold;
      font-size: 9px;
    }
    .severity-critical { background-color: #ffebee; color: #c62828; font-weight: bold; }
    .severity-high { background-color: #fff3e0; color: #ef6c00; font-weight: bold; }
    .severity-medium { background-color: #fff8e1; color: #f57f17; }
    .severity-low { background-color: #f3e5f5; color: #7b1fa2; }
    .resource-col { max-width: 120px; }
    .vuln-id-col { max-width: 80px; }
    .severity-col { max-width: 60px; text-align: center; }
    .namespace-col { max-width: 80px; }
    .description-col { max-width: 200px; font-size: 7px; }
  </style>
 </head>
 <body>
  <h1>Kubernetes Security Report</h1>
  <h2>Vulnerabilities ({{ vulnerabilities|length }})</h2>
  <table>
    <thead>
      <tr>
        <th class="vuln-id-col">CVE ID</th>
        <th class="severity-col">Severity</th>
        <th style="max-width: 180px;">Title</th>
        <th style="max-width: 100px;">Package</th>
        <th style="max-width: 60px;">Count</th>
        <th style="max-width: 250px;">Affected Resources</th>
      </tr>
    </thead>
    <tbody>
      {% for vuln in vulnerabilities %}
        <tr>
          <td class="vuln-id-col">{{ vuln.vulnerabilityID }}</td>
          <td class="severity-col severity-{{ vuln.severity|lower }}">{{ vuln.severity }}</td>
          <td style="max-width: 180px;">{{ vuln.title }}</td>
          <td style="max-width: 100px;">{{ vuln.packagePURL or 'N/A' }}</td>
          <td style="max-width: 60px; text-align: center;">{{ vuln.affected_resources|length }}</td>
          <td style="max-width: 250px; font-size: 7px;">
            {% for resource in vuln.affected_resources[:10] %}
              {{ resource.namespace }}/{{ resource.resource }}{% if not loop.last %}, {% endif %}
            {% endfor %}
            {% if vuln.affected_resources|length > 10 %}
              <br/><em>... and {{ vuln.affected_resources|length - 10 }} more</em>
            {% endif %}
          </td>
        </tr>
      {% endfor %}
    </tbody>
  </table>
  <h2>Configuration Issues ({{ config_issues|length }})</h2>
  <table>
    <thead>
      <tr>
        <th class="vuln-id-col">Check ID</th>
        <th class="severity-col">Severity</th>
        <th style="max-width: 180px;">Title</th>
        <th style="max-width: 200px;">Remediation</th>
        <th style="max-width: 60px;">Count</th>
        <th style="max-width: 200px;">Affected Resources</th>
      </tr>
    </thead>
    <tbody>
      {% for issue in config_issues %}
        <tr>
          <td class="vuln-id-col">{{ issue.checkID }}</td>
          <td class="severity-col severity-{{ issue.severity|lower }}">{{ issue.severity }}</td>
          <td style="max-width: 180px;">{{ issue.title }}</td>
          <td style="max-width: 200px; font-size: 7px;">{{ issue.remediation }}</td>
          <td style="max-width: 60px; text-align: center;">{{ issue.affected_resources|length }}</td>
          <td style="max-width: 200px; font-size: 7px;">
            {% for resource in issue.affected_resources[:8] %}
              {{ resource.namespace }}/{{ resource.resource }}{% if not loop.last %}, {% endif %}
            {% endfor %}
            {% if issue.affected_resources|length > 8 %}
              <br/><em>... and {{ issue.affected_resources|length - 8 }} more</em>
            {% endif %}
          </td>
        </tr>
      {% endfor %}
    </tbody>
  </table>
 </body>
 </html>
--- a/security/trivy-report/transform.py
+++ b/security/trivy-report/transform.py
@@ -0,0 +1,56 @@
 import json
 def transform_data(json_data):
    """Transforms the raw JSON data into a structured format for reporting."""
    reports = json.loads(json_data)
    all_vulnerabilities = []
    all_config_audit_issues = []
    for report in reports:
        if "vulnerabilities" in report["report"]:
            for vuln in report["report"]["vulnerabilities"]:
                all_vulnerabilities.append(
                    {
                        "namespace": report["namespace"],
                        "resource": report["name"],
                        "vulnerabilityID": vuln["vulnerabilityID"],
                        "severity": vuln["severity"],
                        "title": vuln["title"],
                        "packagePURL": vuln.get("packagePURL"),
                        "installedVersion": vuln.get("installedVersion"),
                        "fixedVersion": vuln.get("fixedVersion"),
                    }
                )
        elif "checks" in report["report"]:  # ConfigAuditReports have "checks"
            for check in report["report"]["checks"]:
                all_config_audit_issues.append(
                    {
                        "namespace": report["namespace"],
                        "resource": report["name"],
                        "checkID": check["checkID"],
                        "severity": check["severity"],
                        "title": check["title"],
                        "description": check["description"],
                        "remediation": check["remediation"],
                        "success": check["success"],
                    }
                )
    return {
        "vulnerabilities": all_vulnerabilities,
        "config_issues": all_config_audit_issues,
    }
 # Load the JSON data
 with open("all_data.json", "r") as f:
    raw_data = f.read()
 transformed_data = transform_data(raw_data)
 # Print the transformed data (for verification)
 print(json.dumps(transformed_data, indent=2))  # print for check
 # Save it for the next step:
 with open("transformed_data.json", "w") as f:
    json.dump(transformed_data, f, indent=2)
--- a/src/resources/core/pvc/pvc.ts
+++ b/src/resources/core/pvc/pvc.ts
@@ -4,6 +4,7 @@ import { StorageClass } from '../storage-class/storage-class.ts';
 import { PersistentVolume } from '../pv/pv.ts';
 import { Resource, ResourceService, type ResourceOptions } from '#services/resources/resources.ts';
 import { chmod, mkdir } from 'fs/promises';
 const PROVISIONER = 'homelab-operator';
@@ -41,6 +42,12 @@ class PVC extends Resource<V1PersistentVolumeClaim> {
    const resourceService = this.services.get(ResourceService);
    const pv = resourceService.get(PersistentVolume, pvName);
    try {
      await mkdir(target, { recursive: true });
    } catch (error) {
      console.error('Error creating directory', error);
    }
    await pv.ensure({
      metadata: {
        name: pvName,
@@ -74,6 +81,11 @@ class PVC extends Resource<V1PersistentVolumeClaim> {
        },
      },
    });
    try {
      await chmod(target, 0o777);
    } catch (error) {
      console.error('Error changing directory permissions', error);
    }
  };
 }
--- a/src/resources/homelab/environment/environment.ts
+++ b/src/resources/homelab/environment/environment.ts
@@ -14,8 +14,8 @@ import { Gateway } from '#resources/istio/gateway/gateway.ts';
 import { NotReadyError } from '#utils/errors.ts';
 import { NamespaceService } from '#bootstrap/namespaces/namespaces.ts';
 import { CloudflareService } from '#services/cloudflare/cloudflare.ts';
-import { HelmRelease } from '#resources/flux/helm-release/helm-release.ts';
+//import { HelmRelease } from '#resources/flux/helm-release/helm-release.ts';
-import { RepoService } from '#bootstrap/repos/repos.ts';
+// import { RepoService } from '#bootstrap/repos/repos.ts';
 const specSchema = z.object({
  domain: z.string(),
@@ -39,8 +39,8 @@ class Environment extends CustomResource<typeof specSchema> {
  #redisServer: RedisServer;
  #authentikServer: AuthentikServer;
  #cloudflareService: CloudflareService;
-  #argoRelease: HelmRelease;
+  //#argoRelease: HelmRelease;
-  #argoNamespace: Namespace;
+  //#argoNamespace: Namespace;
  constructor(options: CustomResourceOptions<typeof specSchema>) {
    super(options);
@@ -72,10 +72,10 @@ class Environment extends CustomResource<typeof specSchema> {
    this.#authentikServer = resourceService.get(AuthentikServer, `${this.name}-authentik`, homelabNamespace);
    this.#authentikServer.on('changed', this.queueReconcile);
-    this.#argoNamespace = resourceService.get(Namespace, `${this.name}-argo`);
+    // this.#argoNamespace = resourceService.get(Namespace, `${this.name}-argo`);
-    this.#argoRelease = resourceService.get(HelmRelease, `${this.name}-argo`, homelabNamespace);
+    // this.#argoRelease = resourceService.get(HelmRelease, `${this.name}-argo`, homelabNamespace);
-    this.#argoRelease.on('changed', this.queueReconcile);
+    // this.#argoRelease.on('changed', this.queueReconcile);
  }
  public get certificate() {
@@ -197,32 +197,32 @@ class Environment extends CustomResource<typeof specSchema> {
      },
    });
-    await this.#argoNamespace.ensure({});
+    // await this.#argoNamespace.ensure({});
-    const repoService = this.services.get(RepoService);
+    // const repoService = this.services.get(RepoService);
-    await this.#argoRelease.ensure({
+    // await this.#argoRelease.ensure({
-      spec: {
+    //   spec: {
-        targetNamespace: this.#argoNamespace.name,
+    //     targetNamespace: this.#argoNamespace.name,
-        interval: '1h',
+    //     interval: '1h',
-        values: {
+    //     values: {
-          applicationset: {
+    //       applicationset: {
-            enabled: true,
+    //         enabled: true,
-          },
+    //       },
-        },
+    //     },
-        chart: {
+    //     chart: {
-          spec: {
+    //       spec: {
-            chart: 'argo-cd',
+    //         chart: 'argo-cd',
-            version: '3.9.0',
+    //         version: '3.9.0',
-            sourceRef: {
+    //         sourceRef: {
-              apiVersion: 'source.toolkit.fluxcd.io/v1',
+    //           apiVersion: 'source.toolkit.fluxcd.io/v1',
-              kind: 'HelmRepository',
+    //           kind: 'HelmRepository',
-              name: repoService.argo.name,
+    //           name: repoService.argo.name,
-              namespace: repoService.argo.namespace,
+    //           namespace: repoService.argo.namespace,
-            },
+    //         },
-          },
+    //       },
-        },
+    //     },
-      },
+    //   },
-    });
+    // });
  };
 }
--- a/src/resources/homelab/postgres-database/postgres-database.ts
+++ b/src/resources/homelab/postgres-database/postgres-database.ts
@@ -124,19 +124,23 @@ class PostgresDatabase extends CustomResource<typeof specSchema> {
      user: clusterSecret.user,
      password: clusterSecret.password,
    });
-    const connectionError = await database.ping();
+    try {
-    if (connectionError) {
+      const connectionError = await database.ping();
-      console.error('Failed to connect', connectionError);
+      if (connectionError) {
-      throw new NotReadyError('FailedToConnectToDatabase');
+        console.error('Failed to connect', connectionError);
        throw new NotReadyError('FailedToConnectToDatabase');
      }
      await database.upsertRole({
        name: secret.user,
        password: secret.password,
      });
      await database.upsertDatabase({
        name: secret.database,
        owner: secret.user,
      });
    } finally {
      await database.close();
    }
    await database.upsertRole({
      name: secret.user,
      password: secret.password,
    });
    await database.upsertDatabase({
      name: secret.database,
      owner: secret.user,
    });
  };
 }
--- a/src/services/postgres/postgres.instance.ts
+++ b/src/services/postgres/postgres.instance.ts
@@ -60,6 +60,10 @@ class PostgresInstance {
      await this.#db.raw(`ALTER DATABASE "${name}" OWNER TO "${owner}"`);
    }
  };
  public close = async () => {
    await this.#db.destroy();
  };
 }
 export { PostgresInstance, type PostgresInstanceOptions };
--- a/uv.lock
+++ b/uv.lock
@@ -1,7 +1,72 @@
 version = 1
-revision = 2
+revision = 3
 requires-python = ">=3.13"
 [manifest]
 members = [
    "homelab-operator",
    "trivy-report",
 ]
 [[package]]
 name = "brotli"
 version = "1.1.0"
 source = { registry = "https://pypi.org/simple" }
 sdist = { url = "https://files.pythonhosted.org/packages/2f/c2/f9e977608bdf958650638c3f1e28f85a1b075f075ebbe77db8555463787b/Brotli-1.1.0.tar.gz", hash = "sha256:81de08ac11bcb85841e440c13611c00b67d3bf82698314928d0b676362546724", size = 7372270, upload-time = "2023-09-07T14:05:41.643Z" }
 wheels = [
    { url = "https://files.pythonhosted.org/packages/0a/9f/fb37bb8ffc52a8da37b1c03c459a8cd55df7a57bdccd8831d500e994a0ca/Brotli-1.1.0-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:8bf32b98b75c13ec7cf774164172683d6e7891088f6316e54425fde1efc276d5", size = 815681, upload-time = "2024-10-18T12:32:34.942Z" },
    { url = "https://files.pythonhosted.org/packages/06/b3/dbd332a988586fefb0aa49c779f59f47cae76855c2d00f450364bb574cac/Brotli-1.1.0-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:7bc37c4d6b87fb1017ea28c9508b36bbcb0c3d18b4260fcdf08b200c74a6aee8", size = 422475, upload-time = "2024-10-18T12:32:36.485Z" },
    { url = "https://files.pythonhosted.org/packages/bb/80/6aaddc2f63dbcf2d93c2d204e49c11a9ec93a8c7c63261e2b4bd35198283/Brotli-1.1.0-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:3c0ef38c7a7014ffac184db9e04debe495d317cc9c6fb10071f7fefd93100a4f", size = 2906173, upload-time = "2024-10-18T12:32:37.978Z" },
    { url = "https://files.pythonhosted.org/packages/ea/1d/e6ca79c96ff5b641df6097d299347507d39a9604bde8915e76bf026d6c77/Brotli-1.1.0-cp313-cp313-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:91d7cc2a76b5567591d12c01f019dd7afce6ba8cba6571187e21e2fc418ae648", size = 2943803, upload-time = "2024-10-18T12:32:39.606Z" },
    { url = "https://files.pythonhosted.org/packages/ac/a3/d98d2472e0130b7dd3acdbb7f390d478123dbf62b7d32bda5c830a96116d/Brotli-1.1.0-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a93dde851926f4f2678e704fadeb39e16c35d8baebd5252c9fd94ce8ce68c4a0", size = 2918946, upload-time = "2024-10-18T12:32:41.679Z" },
    { url = "https://files.pythonhosted.org/packages/c4/a5/c69e6d272aee3e1423ed005d8915a7eaa0384c7de503da987f2d224d0721/Brotli-1.1.0-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:f0db75f47be8b8abc8d9e31bc7aad0547ca26f24a54e6fd10231d623f183d089", size = 2845707, upload-time = "2024-10-18T12:32:43.478Z" },
    { url = "https://files.pythonhosted.org/packages/58/9f/4149d38b52725afa39067350696c09526de0125ebfbaab5acc5af28b42ea/Brotli-1.1.0-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:6967ced6730aed543b8673008b5a391c3b1076d834ca438bbd70635c73775368", size = 2936231, upload-time = "2024-10-18T12:32:45.224Z" },
    { url = "https://files.pythonhosted.org/packages/5a/5a/145de884285611838a16bebfdb060c231c52b8f84dfbe52b852a15780386/Brotli-1.1.0-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:7eedaa5d036d9336c95915035fb57422054014ebdeb6f3b42eac809928e40d0c", size = 2848157, upload-time = "2024-10-18T12:32:46.894Z" },
    { url = "https://files.pythonhosted.org/packages/50/ae/408b6bfb8525dadebd3b3dd5b19d631da4f7d46420321db44cd99dcf2f2c/Brotli-1.1.0-cp313-cp313-musllinux_1_2_ppc64le.whl", hash = "sha256:d487f5432bf35b60ed625d7e1b448e2dc855422e87469e3f450aa5552b0eb284", size = 3035122, upload-time = "2024-10-18T12:32:48.844Z" },
    { url = "https://files.pythonhosted.org/packages/af/85/a94e5cfaa0ca449d8f91c3d6f78313ebf919a0dbd55a100c711c6e9655bc/Brotli-1.1.0-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:832436e59afb93e1836081a20f324cb185836c617659b07b129141a8426973c7", size = 2930206, upload-time = "2024-10-18T12:32:51.198Z" },
    { url = "https://files.pythonhosted.org/packages/c2/f0/a61d9262cd01351df22e57ad7c34f66794709acab13f34be2675f45bf89d/Brotli-1.1.0-cp313-cp313-win32.whl", hash = "sha256:43395e90523f9c23a3d5bdf004733246fba087f2948f87ab28015f12359ca6a0", size = 333804, upload-time = "2024-10-18T12:32:52.661Z" },
    { url = "https://files.pythonhosted.org/packages/7e/c1/ec214e9c94000d1c1974ec67ced1c970c148aa6b8d8373066123fc3dbf06/Brotli-1.1.0-cp313-cp313-win_amd64.whl", hash = "sha256:9011560a466d2eb3f5a6e4929cf4a09be405c64154e12df0dd72713f6500e32b", size = 358517, upload-time = "2024-10-18T12:32:54.066Z" },
 ]
 [[package]]
 name = "brotlicffi"
 version = "1.1.0.0"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
    { name = "cffi" },
 ]
 sdist = { url = "https://files.pythonhosted.org/packages/95/9d/70caa61192f570fcf0352766331b735afa931b4c6bc9a348a0925cc13288/brotlicffi-1.1.0.0.tar.gz", hash = "sha256:b77827a689905143f87915310b93b273ab17888fd43ef350d4832c4a71083c13", size = 465192, upload-time = "2023-09-14T14:22:40.707Z" }
 wheels = [
    { url = "https://files.pythonhosted.org/packages/a2/11/7b96009d3dcc2c931e828ce1e157f03824a69fb728d06bfd7b2fc6f93718/brotlicffi-1.1.0.0-cp37-abi3-macosx_10_9_x86_64.whl", hash = "sha256:9b7ae6bd1a3f0df532b6d67ff674099a96d22bc0948955cb338488c31bfb8851", size = 453786, upload-time = "2023-09-14T14:21:57.72Z" },
    { url = "https://files.pythonhosted.org/packages/d6/e6/a8f46f4a4ee7856fbd6ac0c6fb0dc65ed181ba46cd77875b8d9bbe494d9e/brotlicffi-1.1.0.0-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:19ffc919fa4fc6ace69286e0a23b3789b4219058313cf9b45625016bf7ff996b", size = 2911165, upload-time = "2023-09-14T14:21:59.613Z" },
    { url = "https://files.pythonhosted.org/packages/be/20/201559dff14e83ba345a5ec03335607e47467b6633c210607e693aefac40/brotlicffi-1.1.0.0-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:9feb210d932ffe7798ee62e6145d3a757eb6233aa9a4e7db78dd3690d7755814", size = 2927895, upload-time = "2023-09-14T14:22:01.22Z" },
    { url = "https://files.pythonhosted.org/packages/cd/15/695b1409264143be3c933f708a3f81d53c4a1e1ebbc06f46331decbf6563/brotlicffi-1.1.0.0-cp37-abi3-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:84763dbdef5dd5c24b75597a77e1b30c66604725707565188ba54bab4f114820", size = 2851834, upload-time = "2023-09-14T14:22:03.571Z" },
    { url = "https://files.pythonhosted.org/packages/b4/40/b961a702463b6005baf952794c2e9e0099bde657d0d7e007f923883b907f/brotlicffi-1.1.0.0-cp37-abi3-win32.whl", hash = "sha256:1b12b50e07c3911e1efa3a8971543e7648100713d4e0971b13631cce22c587eb", size = 341731, upload-time = "2023-09-14T14:22:05.74Z" },
    { url = "https://files.pythonhosted.org/packages/1c/fa/5408a03c041114ceab628ce21766a4ea882aa6f6f0a800e04ee3a30ec6b9/brotlicffi-1.1.0.0-cp37-abi3-win_amd64.whl", hash = "sha256:994a4f0681bb6c6c3b0925530a1926b7a189d878e6e5e38fae8efa47c5d9c613", size = 366783, upload-time = "2023-09-14T14:22:07.096Z" },
 ]
 [[package]]
 name = "cffi"
 version = "1.17.1"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
    { name = "pycparser" },
 ]
 sdist = { url = "https://files.pythonhosted.org/packages/fc/97/c783634659c2920c3fc70419e3af40972dbaf758daa229a7d6ea6135c90d/cffi-1.17.1.tar.gz", hash = "sha256:1c39c6016c32bc48dd54561950ebd6836e1670f2ae46128f67cf49e789c52824", size = 516621, upload-time = "2024-09-04T20:45:21.852Z" }
 wheels = [
    { url = "https://files.pythonhosted.org/packages/8d/f8/dd6c246b148639254dad4d6803eb6a54e8c85c6e11ec9df2cffa87571dbe/cffi-1.17.1-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:f3a2b4222ce6b60e2e8b337bb9596923045681d71e5a082783484d845390938e", size = 182989, upload-time = "2024-09-04T20:44:28.956Z" },
    { url = "https://files.pythonhosted.org/packages/8b/f1/672d303ddf17c24fc83afd712316fda78dc6fce1cd53011b839483e1ecc8/cffi-1.17.1-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:0984a4925a435b1da406122d4d7968dd861c1385afe3b45ba82b750f229811e2", size = 178802, upload-time = "2024-09-04T20:44:30.289Z" },
    { url = "https://files.pythonhosted.org/packages/0e/2d/eab2e858a91fdff70533cab61dcff4a1f55ec60425832ddfdc9cd36bc8af/cffi-1.17.1-cp313-cp313-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:d01b12eeeb4427d3110de311e1774046ad344f5b1a7403101878976ecd7a10f3", size = 454792, upload-time = "2024-09-04T20:44:32.01Z" },
    { url = "https://files.pythonhosted.org/packages/75/b2/fbaec7c4455c604e29388d55599b99ebcc250a60050610fadde58932b7ee/cffi-1.17.1-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:706510fe141c86a69c8ddc029c7910003a17353970cff3b904ff0686a5927683", size = 478893, upload-time = "2024-09-04T20:44:33.606Z" },
    { url = "https://files.pythonhosted.org/packages/4f/b7/6e4a2162178bf1935c336d4da8a9352cccab4d3a5d7914065490f08c0690/cffi-1.17.1-cp313-cp313-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:de55b766c7aa2e2a3092c51e0483d700341182f08e67c63630d5b6f200bb28e5", size = 485810, upload-time = "2024-09-04T20:44:35.191Z" },
    { url = "https://files.pythonhosted.org/packages/c7/8a/1d0e4a9c26e54746dc08c2c6c037889124d4f59dffd853a659fa545f1b40/cffi-1.17.1-cp313-cp313-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:c59d6e989d07460165cc5ad3c61f9fd8f1b4796eacbd81cee78957842b834af4", size = 471200, upload-time = "2024-09-04T20:44:36.743Z" },
    { url = "https://files.pythonhosted.org/packages/26/9f/1aab65a6c0db35f43c4d1b4f580e8df53914310afc10ae0397d29d697af4/cffi-1.17.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:dd398dbc6773384a17fe0d3e7eeb8d1a21c2200473ee6806bb5e6a8e62bb73dd", size = 479447, upload-time = "2024-09-04T20:44:38.492Z" },
    { url = "https://files.pythonhosted.org/packages/5f/e4/fb8b3dd8dc0e98edf1135ff067ae070bb32ef9d509d6cb0f538cd6f7483f/cffi-1.17.1-cp313-cp313-musllinux_1_1_aarch64.whl", hash = "sha256:3edc8d958eb099c634dace3c7e16560ae474aa3803a5df240542b305d14e14ed", size = 484358, upload-time = "2024-09-04T20:44:40.046Z" },
    { url = "https://files.pythonhosted.org/packages/f1/47/d7145bf2dc04684935d57d67dff9d6d795b2ba2796806bb109864be3a151/cffi-1.17.1-cp313-cp313-musllinux_1_1_x86_64.whl", hash = "sha256:72e72408cad3d5419375fc87d289076ee319835bdfa2caad331e377589aebba9", size = 488469, upload-time = "2024-09-04T20:44:41.616Z" },
    { url = "https://files.pythonhosted.org/packages/bf/ee/f94057fa6426481d663b88637a9a10e859e492c73d0384514a17d78ee205/cffi-1.17.1-cp313-cp313-win32.whl", hash = "sha256:e03eab0a8677fa80d646b5ddece1cbeaf556c313dcfac435ba11f107ba117b5d", size = 172475, upload-time = "2024-09-04T20:44:43.733Z" },
    { url = "https://files.pythonhosted.org/packages/7c/fc/6a8cb64e5f0324877d503c854da15d76c1e50eb722e320b15345c4d0c6de/cffi-1.17.1-cp313-cp313-win_amd64.whl", hash = "sha256:f6a16c31041f09ead72d69f583767292f750d24913dadacf5756b966aacb3f1a", size = 182009, upload-time = "2024-09-04T20:44:45.309Z" },
 ]
 [[package]]
 name = "cfgv"
 version = "3.4.0"
@@ -11,6 +76,19 @@ wheels = [
    { url = "https://files.pythonhosted.org/packages/c5/55/51844dd50c4fc7a33b653bfaba4c2456f06955289ca770a5dbd5fd267374/cfgv-3.4.0-py2.py3-none-any.whl", hash = "sha256:b7265b1f29fd3316bfcd2b330d63d024f2bfd8bcb8b0272f8e19a504856c48f9", size = 7249, upload-time = "2023-08-12T20:38:16.269Z" },
 ]
 [[package]]
 name = "cssselect2"
 version = "0.8.0"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
    { name = "tinycss2" },
    { name = "webencodings" },
 ]
 sdist = { url = "https://files.pythonhosted.org/packages/9f/86/fd7f58fc498b3166f3a7e8e0cddb6e620fe1da35b02248b1bd59e95dbaaa/cssselect2-0.8.0.tar.gz", hash = "sha256:7674ffb954a3b46162392aee2a3a0aedb2e14ecf99fcc28644900f4e6e3e9d3a", size = 35716, upload-time = "2025-03-05T14:46:07.988Z" }
 wheels = [
    { url = "https://files.pythonhosted.org/packages/0f/e7/aa315e6a749d9b96c2504a1ba0ba031ba2d0517e972ce22682e3fccecb09/cssselect2-0.8.0-py3-none-any.whl", hash = "sha256:46fc70ebc41ced7a32cd42d58b1884d72ade23d21e5a4eaaf022401c13f0e76e", size = 15454, upload-time = "2025-03-05T14:46:06.463Z" },
 ]
 [[package]]
 name = "diagrams"
 version = "0.24.4"
@@ -43,6 +121,46 @@ wheels = [
    { url = "https://files.pythonhosted.org/packages/42/14/42b2651a2f46b022ccd948bca9f2d5af0fd8929c4eec235b8d6d844fbe67/filelock-3.19.1-py3-none-any.whl", hash = "sha256:d38e30481def20772f5baf097c122c3babc4fcdb7e14e57049eb9d88c6dc017d", size = 15988, upload-time = "2025-08-14T16:56:01.633Z" },
 ]
 [[package]]
 name = "fonttools"
 version = "4.59.2"
 source = { registry = "https://pypi.org/simple" }
 sdist = { url = "https://files.pythonhosted.org/packages/0d/a5/fba25f9fbdab96e26dedcaeeba125e5f05a09043bf888e0305326e55685b/fonttools-4.59.2.tar.gz", hash = "sha256:e72c0749b06113f50bcb80332364c6be83a9582d6e3db3fe0b280f996dc2ef22", size = 3540889, upload-time = "2025-08-27T16:40:30.97Z" }
 wheels = [
    { url = "https://files.pythonhosted.org/packages/13/7b/d0d3b9431642947b5805201fbbbe938a47b70c76685ef1f0cb5f5d7140d6/fonttools-4.59.2-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:381bde13216ba09489864467f6bc0c57997bd729abfbb1ce6f807ba42c06cceb", size = 2761563, upload-time = "2025-08-27T16:39:20.286Z" },
    { url = "https://files.pythonhosted.org/packages/76/be/fc5fe58dd76af7127b769b68071dbc32d4b95adc8b58d1d28d42d93c90f2/fonttools-4.59.2-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:f33839aa091f7eef4e9078f5b7ab1b8ea4b1d8a50aeaef9fdb3611bba80869ec", size = 2335671, upload-time = "2025-08-27T16:39:22.027Z" },
    { url = "https://files.pythonhosted.org/packages/f2/9f/bf231c2a3fac99d1d7f1d89c76594f158693f981a4aa02be406e9f036832/fonttools-4.59.2-cp313-cp313-manylinux1_x86_64.manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:6235fc06bcbdb40186f483ba9d5d68f888ea68aa3c8dac347e05a7c54346fbc8", size = 4893967, upload-time = "2025-08-27T16:39:23.664Z" },
    { url = "https://files.pythonhosted.org/packages/26/a9/d46d2ad4fcb915198504d6727f83aa07f46764c64f425a861aa38756c9fd/fonttools-4.59.2-cp313-cp313-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:83ad6e5d06ef3a2884c4fa6384a20d6367b5cfe560e3b53b07c9dc65a7020e73", size = 4951986, upload-time = "2025-08-27T16:39:25.379Z" },
    { url = "https://files.pythonhosted.org/packages/07/90/1cc8d7dd8f707dfeeca472b82b898d3add0ebe85b1f645690dcd128ee63f/fonttools-4.59.2-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:d029804c70fddf90be46ed5305c136cae15800a2300cb0f6bba96d48e770dde0", size = 4891630, upload-time = "2025-08-27T16:39:27.494Z" },
    { url = "https://files.pythonhosted.org/packages/d8/04/f0345b0d9fe67d65aa8d3f2d4cbf91d06f111bc7b8d802e65914eb06194d/fonttools-4.59.2-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:95807a3b5e78f2714acaa26a33bc2143005cc05c0217b322361a772e59f32b89", size = 5035116, upload-time = "2025-08-27T16:39:29.406Z" },
    { url = "https://files.pythonhosted.org/packages/d7/7d/5ba5eefffd243182fbd067cdbfeb12addd4e5aec45011b724c98a344ea33/fonttools-4.59.2-cp313-cp313-win32.whl", hash = "sha256:b3ebda00c3bb8f32a740b72ec38537d54c7c09f383a4cfefb0b315860f825b08", size = 2204907, upload-time = "2025-08-27T16:39:31.42Z" },
    { url = "https://files.pythonhosted.org/packages/ea/a9/be7219fc64a6026cc0aded17fa3720f9277001c185434230bd351bf678e6/fonttools-4.59.2-cp313-cp313-win_amd64.whl", hash = "sha256:a72155928d7053bbde499d32a9c77d3f0f3d29ae72b5a121752481bcbd71e50f", size = 2253742, upload-time = "2025-08-27T16:39:33.079Z" },
    { url = "https://files.pythonhosted.org/packages/fc/c7/486580d00be6fa5d45e41682e5ffa5c809f3d25773c6f39628d60f333521/fonttools-4.59.2-cp314-cp314-macosx_10_13_universal2.whl", hash = "sha256:d09e487d6bfbe21195801323ba95c91cb3523f0fcc34016454d4d9ae9eaa57fe", size = 2762444, upload-time = "2025-08-27T16:39:34.759Z" },
    { url = "https://files.pythonhosted.org/packages/d3/9b/950ea9b7b764ceb8d18645c62191e14ce62124d8e05cb32a4dc5e65fde0b/fonttools-4.59.2-cp314-cp314-macosx_10_13_x86_64.whl", hash = "sha256:dec2f22486d7781087b173799567cffdcc75e9fb2f1c045f05f8317ccce76a3e", size = 2333256, upload-time = "2025-08-27T16:39:40.777Z" },
    { url = "https://files.pythonhosted.org/packages/9b/4d/8ee9d563126de9002eede950cde0051be86cc4e8c07c63eca0c9fc95734a/fonttools-4.59.2-cp314-cp314-manylinux1_x86_64.manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:1647201af10993090120da2e66e9526c4e20e88859f3e34aa05b8c24ded2a564", size = 4834846, upload-time = "2025-08-27T16:39:42.885Z" },
    { url = "https://files.pythonhosted.org/packages/03/26/f26d947b0712dce3d118e92ce30ca88f98938b066498f60d0ee000a892ae/fonttools-4.59.2-cp314-cp314-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:47742c33fe65f41eabed36eec2d7313a8082704b7b808752406452f766c573fc", size = 4930871, upload-time = "2025-08-27T16:39:44.818Z" },
    { url = "https://files.pythonhosted.org/packages/fc/7f/ebe878061a5a5e6b6502f0548489e01100f7e6c0049846e6546ba19a3ab4/fonttools-4.59.2-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:92ac2d45794f95d1ad4cb43fa07e7e3776d86c83dc4b9918cf82831518165b4b", size = 4876971, upload-time = "2025-08-27T16:39:47.027Z" },
    { url = "https://files.pythonhosted.org/packages/eb/0d/0d22e3a20ac566836098d30718092351935487e3271fd57385db1adb2fde/fonttools-4.59.2-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:fa9ecaf2dcef8941fb5719e16322345d730f4c40599bbf47c9753de40eb03882", size = 4987478, upload-time = "2025-08-27T16:39:48.774Z" },
    { url = "https://files.pythonhosted.org/packages/3b/a3/960cc83182a408ffacc795e61b5f698c6f7b0cfccf23da4451c39973f3c8/fonttools-4.59.2-cp314-cp314-win32.whl", hash = "sha256:a8d40594982ed858780e18a7e4c80415af65af0f22efa7de26bdd30bf24e1e14", size = 2208640, upload-time = "2025-08-27T16:39:50.592Z" },
    { url = "https://files.pythonhosted.org/packages/d8/74/55e5c57c414fa3965fee5fc036ed23f26a5c4e9e10f7f078a54ff9c7dfb7/fonttools-4.59.2-cp314-cp314-win_amd64.whl", hash = "sha256:9cde8b6a6b05f68516573523f2013a3574cb2c75299d7d500f44de82ba947b80", size = 2258457, upload-time = "2025-08-27T16:39:52.611Z" },
    { url = "https://files.pythonhosted.org/packages/e1/dc/8e4261dc591c5cfee68fecff3ffee2a9b29e1edc4c4d9cbafdc5aefe74ee/fonttools-4.59.2-cp314-cp314t-macosx_10_13_universal2.whl", hash = "sha256:036cd87a2dbd7ef72f7b68df8314ced00b8d9973aee296f2464d06a836aeb9a9", size = 2829901, upload-time = "2025-08-27T16:39:55.014Z" },
    { url = "https://files.pythonhosted.org/packages/fb/05/331538dcf21fd6331579cd628268150e85210d0d2bdae20f7598c2b36c05/fonttools-4.59.2-cp314-cp314t-macosx_10_13_x86_64.whl", hash = "sha256:14870930181493b1d740b6f25483e20185e5aea58aec7d266d16da7be822b4bb", size = 2362717, upload-time = "2025-08-27T16:39:56.843Z" },
    { url = "https://files.pythonhosted.org/packages/60/ae/d26428ca9ede809c0a93f0af91f44c87433dc0251e2aec333da5ed00d38f/fonttools-4.59.2-cp314-cp314t-manylinux1_x86_64.manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:7ff58ea1eb8fc7e05e9a949419f031890023f8785c925b44d6da17a6a7d6e85d", size = 4835120, upload-time = "2025-08-27T16:39:59.06Z" },
    { url = "https://files.pythonhosted.org/packages/07/c4/0f6ac15895de509e07688cb1d45f1ae583adbaa0fa5a5699d73f3bd58ca0/fonttools-4.59.2-cp314-cp314t-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:6dee142b8b3096514c96ad9e2106bf039e2fe34a704c587585b569a36df08c3c", size = 5071115, upload-time = "2025-08-27T16:40:01.009Z" },
    { url = "https://files.pythonhosted.org/packages/b2/b6/147a711b7ecf7ea39f9da9422a55866f6dd5747c2f36b3b0a7a7e0c6820b/fonttools-4.59.2-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:8991bdbae39cf78bcc9cd3d81f6528df1f83f2e7c23ccf6f990fa1f0b6e19708", size = 4943905, upload-time = "2025-08-27T16:40:03.179Z" },
    { url = "https://files.pythonhosted.org/packages/5b/4e/2ab19006646b753855e2b02200fa1cabb75faa4eeca4ef289f269a936974/fonttools-4.59.2-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:53c1a411b7690042535a4f0edf2120096a39a506adeb6c51484a232e59f2aa0c", size = 4960313, upload-time = "2025-08-27T16:40:05.45Z" },
    { url = "https://files.pythonhosted.org/packages/98/3d/df77907e5be88adcca93cc2cee00646d039da220164be12bee028401e1cf/fonttools-4.59.2-cp314-cp314t-win32.whl", hash = "sha256:59d85088e29fa7a8f87d19e97a1beae2a35821ee48d8ef6d2c4f965f26cb9f8a", size = 2269719, upload-time = "2025-08-27T16:40:07.553Z" },
    { url = "https://files.pythonhosted.org/packages/2d/a0/d4c4bc5b50275449a9a908283b567caa032a94505fe1976e17f994faa6be/fonttools-4.59.2-cp314-cp314t-win_amd64.whl", hash = "sha256:7ad5d8d8cc9e43cb438b3eb4a0094dd6d4088daa767b0a24d52529361fd4c199", size = 2333169, upload-time = "2025-08-27T16:40:09.656Z" },
    { url = "https://files.pythonhosted.org/packages/65/a4/d2f7be3c86708912c02571db0b550121caab8cd88a3c0aacb9cfa15ea66e/fonttools-4.59.2-py3-none-any.whl", hash = "sha256:8bd0f759020e87bb5d323e6283914d9bf4ae35a7307dafb2cbd1e379e720ad37", size = 1132315, upload-time = "2025-08-27T16:40:28.984Z" },
 ]
 [package.optional-dependencies]
 woff = [
    { name = "brotli", marker = "platform_python_implementation == 'CPython'" },
    { name = "brotlicffi", marker = "platform_python_implementation != 'CPython'" },
    { name = "zopfli" },
 ]
 [[package]]
 name = "graphviz"
 version = "0.20.3"
@@ -134,6 +252,61 @@ wheels = [
    { url = "https://files.pythonhosted.org/packages/d2/1d/1b658dbd2b9fa9c4c9f32accbfc0205d532c8c6194dc0f2a4c0428e7128a/nodeenv-1.9.1-py2.py3-none-any.whl", hash = "sha256:ba11c9782d29c27c70ffbdda2d7415098754709be8a7056d79a737cd901155c9", size = 22314, upload-time = "2024-06-04T18:44:08.352Z" },
 ]
 [[package]]
 name = "pillow"
 version = "11.3.0"
 source = { registry = "https://pypi.org/simple" }
 sdist = { url = "https://files.pythonhosted.org/packages/f3/0d/d0d6dea55cd152ce3d6767bb38a8fc10e33796ba4ba210cbab9354b6d238/pillow-11.3.0.tar.gz", hash = "sha256:3828ee7586cd0b2091b6209e5ad53e20d0649bbe87164a459d0676e035e8f523", size = 47113069, upload-time = "2025-07-01T09:16:30.666Z" }
 wheels = [
    { url = "https://files.pythonhosted.org/packages/1e/93/0952f2ed8db3a5a4c7a11f91965d6184ebc8cd7cbb7941a260d5f018cd2d/pillow-11.3.0-cp313-cp313-ios_13_0_arm64_iphoneos.whl", hash = "sha256:1c627742b539bba4309df89171356fcb3cc5a9178355b2727d1b74a6cf155fbd", size = 2128328, upload-time = "2025-07-01T09:14:35.276Z" },
    { url = "https://files.pythonhosted.org/packages/4b/e8/100c3d114b1a0bf4042f27e0f87d2f25e857e838034e98ca98fe7b8c0a9c/pillow-11.3.0-cp313-cp313-ios_13_0_arm64_iphonesimulator.whl", hash = "sha256:30b7c02f3899d10f13d7a48163c8969e4e653f8b43416d23d13d1bbfdc93b9f8", size = 2170652, upload-time = "2025-07-01T09:14:37.203Z" },
    { url = "https://files.pythonhosted.org/packages/aa/86/3f758a28a6e381758545f7cdb4942e1cb79abd271bea932998fc0db93cb6/pillow-11.3.0-cp313-cp313-ios_13_0_x86_64_iphonesimulator.whl", hash = "sha256:7859a4cc7c9295f5838015d8cc0a9c215b77e43d07a25e460f35cf516df8626f", size = 2227443, upload-time = "2025-07-01T09:14:39.344Z" },
    { url = "https://files.pythonhosted.org/packages/01/f4/91d5b3ffa718df2f53b0dc109877993e511f4fd055d7e9508682e8aba092/pillow-11.3.0-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:ec1ee50470b0d050984394423d96325b744d55c701a439d2bd66089bff963d3c", size = 5278474, upload-time = "2025-07-01T09:14:41.843Z" },
    { url = "https://files.pythonhosted.org/packages/f9/0e/37d7d3eca6c879fbd9dba21268427dffda1ab00d4eb05b32923d4fbe3b12/pillow-11.3.0-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:7db51d222548ccfd274e4572fdbf3e810a5e66b00608862f947b163e613b67dd", size = 4686038, upload-time = "2025-07-01T09:14:44.008Z" },
    { url = "https://files.pythonhosted.org/packages/ff/b0/3426e5c7f6565e752d81221af9d3676fdbb4f352317ceafd42899aaf5d8a/pillow-11.3.0-cp313-cp313-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:2d6fcc902a24ac74495df63faad1884282239265c6839a0a6416d33faedfae7e", size = 5864407, upload-time = "2025-07-03T13:10:15.628Z" },
    { url = "https://files.pythonhosted.org/packages/fc/c1/c6c423134229f2a221ee53f838d4be9d82bab86f7e2f8e75e47b6bf6cd77/pillow-11.3.0-cp313-cp313-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:f0f5d8f4a08090c6d6d578351a2b91acf519a54986c055af27e7a93feae6d3f1", size = 7639094, upload-time = "2025-07-03T13:10:21.857Z" },
    { url = "https://files.pythonhosted.org/packages/ba/c9/09e6746630fe6372c67c648ff9deae52a2bc20897d51fa293571977ceb5d/pillow-11.3.0-cp313-cp313-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:c37d8ba9411d6003bba9e518db0db0c58a680ab9fe5179f040b0463644bc9805", size = 5973503, upload-time = "2025-07-01T09:14:45.698Z" },
    { url = "https://files.pythonhosted.org/packages/d5/1c/a2a29649c0b1983d3ef57ee87a66487fdeb45132df66ab30dd37f7dbe162/pillow-11.3.0-cp313-cp313-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:13f87d581e71d9189ab21fe0efb5a23e9f28552d5be6979e84001d3b8505abe8", size = 6642574, upload-time = "2025-07-01T09:14:47.415Z" },
    { url = "https://files.pythonhosted.org/packages/36/de/d5cc31cc4b055b6c6fd990e3e7f0f8aaf36229a2698501bcb0cdf67c7146/pillow-11.3.0-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:023f6d2d11784a465f09fd09a34b150ea4672e85fb3d05931d89f373ab14abb2", size = 6084060, upload-time = "2025-07-01T09:14:49.636Z" },
    { url = "https://files.pythonhosted.org/packages/d5/ea/502d938cbaeec836ac28a9b730193716f0114c41325db428e6b280513f09/pillow-11.3.0-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:45dfc51ac5975b938e9809451c51734124e73b04d0f0ac621649821a63852e7b", size = 6721407, upload-time = "2025-07-01T09:14:51.962Z" },
    { url = "https://files.pythonhosted.org/packages/45/9c/9c5e2a73f125f6cbc59cc7087c8f2d649a7ae453f83bd0362ff7c9e2aee2/pillow-11.3.0-cp313-cp313-win32.whl", hash = "sha256:a4d336baed65d50d37b88ca5b60c0fa9d81e3a87d4a7930d3880d1624d5b31f3", size = 6273841, upload-time = "2025-07-01T09:14:54.142Z" },
    { url = "https://files.pythonhosted.org/packages/23/85/397c73524e0cd212067e0c969aa245b01d50183439550d24d9f55781b776/pillow-11.3.0-cp313-cp313-win_amd64.whl", hash = "sha256:0bce5c4fd0921f99d2e858dc4d4d64193407e1b99478bc5cacecba2311abde51", size = 6978450, upload-time = "2025-07-01T09:14:56.436Z" },
    { url = "https://files.pythonhosted.org/packages/17/d2/622f4547f69cd173955194b78e4d19ca4935a1b0f03a302d655c9f6aae65/pillow-11.3.0-cp313-cp313-win_arm64.whl", hash = "sha256:1904e1264881f682f02b7f8167935cce37bc97db457f8e7849dc3a6a52b99580", size = 2423055, upload-time = "2025-07-01T09:14:58.072Z" },
    { url = "https://files.pythonhosted.org/packages/dd/80/a8a2ac21dda2e82480852978416cfacd439a4b490a501a288ecf4fe2532d/pillow-11.3.0-cp313-cp313t-macosx_10_13_x86_64.whl", hash = "sha256:4c834a3921375c48ee6b9624061076bc0a32a60b5532b322cc0ea64e639dd50e", size = 5281110, upload-time = "2025-07-01T09:14:59.79Z" },
    { url = "https://files.pythonhosted.org/packages/44/d6/b79754ca790f315918732e18f82a8146d33bcd7f4494380457ea89eb883d/pillow-11.3.0-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:5e05688ccef30ea69b9317a9ead994b93975104a677a36a8ed8106be9260aa6d", size = 4689547, upload-time = "2025-07-01T09:15:01.648Z" },
    { url = "https://files.pythonhosted.org/packages/49/20/716b8717d331150cb00f7fdd78169c01e8e0c219732a78b0e59b6bdb2fd6/pillow-11.3.0-cp313-cp313t-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:1019b04af07fc0163e2810167918cb5add8d74674b6267616021ab558dc98ced", size = 5901554, upload-time = "2025-07-03T13:10:27.018Z" },
    { url = "https://files.pythonhosted.org/packages/74/cf/a9f3a2514a65bb071075063a96f0a5cf949c2f2fce683c15ccc83b1c1cab/pillow-11.3.0-cp313-cp313t-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:f944255db153ebb2b19c51fe85dd99ef0ce494123f21b9db4877ffdfc5590c7c", size = 7669132, upload-time = "2025-07-03T13:10:33.01Z" },
    { url = "https://files.pythonhosted.org/packages/98/3c/da78805cbdbee9cb43efe8261dd7cc0b4b93f2ac79b676c03159e9db2187/pillow-11.3.0-cp313-cp313t-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:1f85acb69adf2aaee8b7da124efebbdb959a104db34d3a2cb0f3793dbae422a8", size = 6005001, upload-time = "2025-07-01T09:15:03.365Z" },
    { url = "https://files.pythonhosted.org/packages/6c/fa/ce044b91faecf30e635321351bba32bab5a7e034c60187fe9698191aef4f/pillow-11.3.0-cp313-cp313t-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:05f6ecbeff5005399bb48d198f098a9b4b6bdf27b8487c7f38ca16eeb070cd59", size = 6668814, upload-time = "2025-07-01T09:15:05.655Z" },
    { url = "https://files.pythonhosted.org/packages/7b/51/90f9291406d09bf93686434f9183aba27b831c10c87746ff49f127ee80cb/pillow-11.3.0-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:a7bc6e6fd0395bc052f16b1a8670859964dbd7003bd0af2ff08342eb6e442cfe", size = 6113124, upload-time = "2025-07-01T09:15:07.358Z" },
    { url = "https://files.pythonhosted.org/packages/cd/5a/6fec59b1dfb619234f7636d4157d11fb4e196caeee220232a8d2ec48488d/pillow-11.3.0-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:83e1b0161c9d148125083a35c1c5a89db5b7054834fd4387499e06552035236c", size = 6747186, upload-time = "2025-07-01T09:15:09.317Z" },
    { url = "https://files.pythonhosted.org/packages/49/6b/00187a044f98255225f172de653941e61da37104a9ea60e4f6887717e2b5/pillow-11.3.0-cp313-cp313t-win32.whl", hash = "sha256:2a3117c06b8fb646639dce83694f2f9eac405472713fcb1ae887469c0d4f6788", size = 6277546, upload-time = "2025-07-01T09:15:11.311Z" },
    { url = "https://files.pythonhosted.org/packages/e8/5c/6caaba7e261c0d75bab23be79f1d06b5ad2a2ae49f028ccec801b0e853d6/pillow-11.3.0-cp313-cp313t-win_amd64.whl", hash = "sha256:857844335c95bea93fb39e0fa2726b4d9d758850b34075a7e3ff4f4fa3aa3b31", size = 6985102, upload-time = "2025-07-01T09:15:13.164Z" },
    { url = "https://files.pythonhosted.org/packages/f3/7e/b623008460c09a0cb38263c93b828c666493caee2eb34ff67f778b87e58c/pillow-11.3.0-cp313-cp313t-win_arm64.whl", hash = "sha256:8797edc41f3e8536ae4b10897ee2f637235c94f27404cac7297f7b607dd0716e", size = 2424803, upload-time = "2025-07-01T09:15:15.695Z" },
    { url = "https://files.pythonhosted.org/packages/73/f4/04905af42837292ed86cb1b1dabe03dce1edc008ef14c473c5c7e1443c5d/pillow-11.3.0-cp314-cp314-macosx_10_13_x86_64.whl", hash = "sha256:d9da3df5f9ea2a89b81bb6087177fb1f4d1c7146d583a3fe5c672c0d94e55e12", size = 5278520, upload-time = "2025-07-01T09:15:17.429Z" },
    { url = "https://files.pythonhosted.org/packages/41/b0/33d79e377a336247df6348a54e6d2a2b85d644ca202555e3faa0cf811ecc/pillow-11.3.0-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:0b275ff9b04df7b640c59ec5a3cb113eefd3795a8df80bac69646ef699c6981a", size = 4686116, upload-time = "2025-07-01T09:15:19.423Z" },
    { url = "https://files.pythonhosted.org/packages/49/2d/ed8bc0ab219ae8768f529597d9509d184fe8a6c4741a6864fea334d25f3f/pillow-11.3.0-cp314-cp314-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:0743841cabd3dba6a83f38a92672cccbd69af56e3e91777b0ee7f4dba4385632", size = 5864597, upload-time = "2025-07-03T13:10:38.404Z" },
    { url = "https://files.pythonhosted.org/packages/b5/3d/b932bb4225c80b58dfadaca9d42d08d0b7064d2d1791b6a237f87f661834/pillow-11.3.0-cp314-cp314-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:2465a69cf967b8b49ee1b96d76718cd98c4e925414ead59fdf75cf0fd07df673", size = 7638246, upload-time = "2025-07-03T13:10:44.987Z" },
    { url = "https://files.pythonhosted.org/packages/09/b5/0487044b7c096f1b48f0d7ad416472c02e0e4bf6919541b111efd3cae690/pillow-11.3.0-cp314-cp314-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:41742638139424703b4d01665b807c6468e23e699e8e90cffefe291c5832b027", size = 5973336, upload-time = "2025-07-01T09:15:21.237Z" },
    { url = "https://files.pythonhosted.org/packages/a8/2d/524f9318f6cbfcc79fbc004801ea6b607ec3f843977652fdee4857a7568b/pillow-11.3.0-cp314-cp314-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:93efb0b4de7e340d99057415c749175e24c8864302369e05914682ba642e5d77", size = 6642699, upload-time = "2025-07-01T09:15:23.186Z" },
    { url = "https://files.pythonhosted.org/packages/6f/d2/a9a4f280c6aefedce1e8f615baaa5474e0701d86dd6f1dede66726462bbd/pillow-11.3.0-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:7966e38dcd0fa11ca390aed7c6f20454443581d758242023cf36fcb319b1a874", size = 6083789, upload-time = "2025-07-01T09:15:25.1Z" },
    { url = "https://files.pythonhosted.org/packages/fe/54/86b0cd9dbb683a9d5e960b66c7379e821a19be4ac5810e2e5a715c09a0c0/pillow-11.3.0-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:98a9afa7b9007c67ed84c57c9e0ad86a6000da96eaa638e4f8abe5b65ff83f0a", size = 6720386, upload-time = "2025-07-01T09:15:27.378Z" },
    { url = "https://files.pythonhosted.org/packages/e7/95/88efcaf384c3588e24259c4203b909cbe3e3c2d887af9e938c2022c9dd48/pillow-11.3.0-cp314-cp314-win32.whl", hash = "sha256:02a723e6bf909e7cea0dac1b0e0310be9d7650cd66222a5f1c571455c0a45214", size = 6370911, upload-time = "2025-07-01T09:15:29.294Z" },
    { url = "https://files.pythonhosted.org/packages/2e/cc/934e5820850ec5eb107e7b1a72dd278140731c669f396110ebc326f2a503/pillow-11.3.0-cp314-cp314-win_amd64.whl", hash = "sha256:a418486160228f64dd9e9efcd132679b7a02a5f22c982c78b6fc7dab3fefb635", size = 7117383, upload-time = "2025-07-01T09:15:31.128Z" },
    { url = "https://files.pythonhosted.org/packages/d6/e9/9c0a616a71da2a5d163aa37405e8aced9a906d574b4a214bede134e731bc/pillow-11.3.0-cp314-cp314-win_arm64.whl", hash = "sha256:155658efb5e044669c08896c0c44231c5e9abcaadbc5cd3648df2f7c0b96b9a6", size = 2511385, upload-time = "2025-07-01T09:15:33.328Z" },
    { url = "https://files.pythonhosted.org/packages/1a/33/c88376898aff369658b225262cd4f2659b13e8178e7534df9e6e1fa289f6/pillow-11.3.0-cp314-cp314t-macosx_10_13_x86_64.whl", hash = "sha256:59a03cdf019efbfeeed910bf79c7c93255c3d54bc45898ac2a4140071b02b4ae", size = 5281129, upload-time = "2025-07-01T09:15:35.194Z" },
    { url = "https://files.pythonhosted.org/packages/1f/70/d376247fb36f1844b42910911c83a02d5544ebd2a8bad9efcc0f707ea774/pillow-11.3.0-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:f8a5827f84d973d8636e9dc5764af4f0cf2318d26744b3d902931701b0d46653", size = 4689580, upload-time = "2025-07-01T09:15:37.114Z" },
    { url = "https://files.pythonhosted.org/packages/eb/1c/537e930496149fbac69efd2fc4329035bbe2e5475b4165439e3be9cb183b/pillow-11.3.0-cp314-cp314t-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:ee92f2fd10f4adc4b43d07ec5e779932b4eb3dbfbc34790ada5a6669bc095aa6", size = 5902860, upload-time = "2025-07-03T13:10:50.248Z" },
    { url = "https://files.pythonhosted.org/packages/bd/57/80f53264954dcefeebcf9dae6e3eb1daea1b488f0be8b8fef12f79a3eb10/pillow-11.3.0-cp314-cp314t-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:c96d333dcf42d01f47b37e0979b6bd73ec91eae18614864622d9b87bbd5bbf36", size = 7670694, upload-time = "2025-07-03T13:10:56.432Z" },
    { url = "https://files.pythonhosted.org/packages/70/ff/4727d3b71a8578b4587d9c276e90efad2d6fe0335fd76742a6da08132e8c/pillow-11.3.0-cp314-cp314t-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:4c96f993ab8c98460cd0c001447bff6194403e8b1d7e149ade5f00594918128b", size = 6005888, upload-time = "2025-07-01T09:15:39.436Z" },
    { url = "https://files.pythonhosted.org/packages/05/ae/716592277934f85d3be51d7256f3636672d7b1abfafdc42cf3f8cbd4b4c8/pillow-11.3.0-cp314-cp314t-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:41342b64afeba938edb034d122b2dda5db2139b9a4af999729ba8818e0056477", size = 6670330, upload-time = "2025-07-01T09:15:41.269Z" },
    { url = "https://files.pythonhosted.org/packages/e7/bb/7fe6cddcc8827b01b1a9766f5fdeb7418680744f9082035bdbabecf1d57f/pillow-11.3.0-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:068d9c39a2d1b358eb9f245ce7ab1b5c3246c7c8c7d9ba58cfa5b43146c06e50", size = 6114089, upload-time = "2025-07-01T09:15:43.13Z" },
    { url = "https://files.pythonhosted.org/packages/8b/f5/06bfaa444c8e80f1a8e4bff98da9c83b37b5be3b1deaa43d27a0db37ef84/pillow-11.3.0-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:a1bc6ba083b145187f648b667e05a2534ecc4b9f2784c2cbe3089e44868f2b9b", size = 6748206, upload-time = "2025-07-01T09:15:44.937Z" },
    { url = "https://files.pythonhosted.org/packages/f0/77/bc6f92a3e8e6e46c0ca78abfffec0037845800ea38c73483760362804c41/pillow-11.3.0-cp314-cp314t-win32.whl", hash = "sha256:118ca10c0d60b06d006be10a501fd6bbdfef559251ed31b794668ed569c87e12", size = 6377370, upload-time = "2025-07-01T09:15:46.673Z" },
    { url = "https://files.pythonhosted.org/packages/4a/82/3a721f7d69dca802befb8af08b7c79ebcab461007ce1c18bd91a5d5896f9/pillow-11.3.0-cp314-cp314t-win_amd64.whl", hash = "sha256:8924748b688aa210d79883357d102cd64690e56b923a186f35a82cbc10f997db", size = 7121500, upload-time = "2025-07-01T09:15:48.512Z" },
    { url = "https://files.pythonhosted.org/packages/89/c7/5572fa4a3f45740eaab6ae86fcdf7195b55beac1371ac8c619d880cfe948/pillow-11.3.0-cp314-cp314t-win_arm64.whl", hash = "sha256:79ea0d14d3ebad43ec77ad5272e6ff9bba5b679ef73375ea760261207fa8e0aa", size = 2512835, upload-time = "2025-07-01T09:15:50.399Z" },
 ]
 [[package]]
 name = "platformdirs"
 version = "4.3.8"
@@ -159,6 +332,33 @@ wheels = [
    { url = "https://files.pythonhosted.org/packages/5b/a5/987a405322d78a73b66e39e4a90e4ef156fd7141bf71df987e50717c321b/pre_commit-4.3.0-py2.py3-none-any.whl", hash = "sha256:2b0747ad7e6e967169136edffee14c16e148a778a54e4f967921aa1ebf2308d8", size = 220965, upload-time = "2025-08-09T18:56:13.192Z" },
 ]
 [[package]]
 name = "pycparser"
 version = "2.22"
 source = { registry = "https://pypi.org/simple" }
 sdist = { url = "https://files.pythonhosted.org/packages/1d/b2/31537cf4b1ca988837256c910a668b553fceb8f069bedc4b1c826024b52c/pycparser-2.22.tar.gz", hash = "sha256:491c8be9c040f5390f5bf44a5b07752bd07f56edf992381b05c701439eec10f6", size = 172736, upload-time = "2024-03-30T13:22:22.564Z" }
 wheels = [
    { url = "https://files.pythonhosted.org/packages/13/a3/a812df4e2dd5696d1f351d58b8fe16a405b234ad2886a0dab9183fb78109/pycparser-2.22-py3-none-any.whl", hash = "sha256:c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc", size = 117552, upload-time = "2024-03-30T13:22:20.476Z" },
 ]
 [[package]]
 name = "pydyf"
 version = "0.11.0"
 source = { registry = "https://pypi.org/simple" }
 sdist = { url = "https://files.pythonhosted.org/packages/2e/c2/97fc6ce4ce0045080dc99446def812081b57750ed8aa67bfdfafa4561fe5/pydyf-0.11.0.tar.gz", hash = "sha256:394dddf619cca9d0c55715e3c55ea121a9bf9cbc780cdc1201a2427917b86b64", size = 17769, upload-time = "2024-07-12T12:26:51.95Z" }
 wheels = [
    { url = "https://files.pythonhosted.org/packages/c9/ac/d5db977deaf28c6ecbc61bbca269eb3e8f0b3a1f55c8549e5333e606e005/pydyf-0.11.0-py3-none-any.whl", hash = "sha256:0aaf9e2ebbe786ec7a78ec3fbffa4cdcecde53fd6f563221d53c6bc1328848a3", size = 8104, upload-time = "2024-07-12T12:26:49.896Z" },
 ]
 [[package]]
 name = "pyphen"
 version = "0.17.2"
 source = { registry = "https://pypi.org/simple" }
 sdist = { url = "https://files.pythonhosted.org/packages/69/56/e4d7e1bd70d997713649c5ce530b2d15a5fc2245a74ca820fc2d51d89d4d/pyphen-0.17.2.tar.gz", hash = "sha256:f60647a9c9b30ec6c59910097af82bc5dd2d36576b918e44148d8b07ef3b4aa3", size = 2079470, upload-time = "2025-01-20T13:18:36.296Z" }
 wheels = [
    { url = "https://files.pythonhosted.org/packages/7b/1f/c2142d2edf833a90728e5cdeb10bdbdc094dde8dbac078cee0cf33f5e11b/pyphen-0.17.2-py3-none-any.whl", hash = "sha256:3a07fb017cb2341e1d9ff31b8634efb1ae4dc4b130468c7c39dd3d32e7c3affd", size = 2079358, upload-time = "2025-01-20T13:18:29.629Z" },
 ]
 [[package]]
 name = "pyyaml"
 version = "6.0.2"
@@ -176,6 +376,45 @@ wheels = [
    { url = "https://files.pythonhosted.org/packages/fa/de/02b54f42487e3d3c6efb3f89428677074ca7bf43aae402517bc7cca949f3/PyYAML-6.0.2-cp313-cp313-win_amd64.whl", hash = "sha256:8388ee1976c416731879ac16da0aff3f63b286ffdd57cdeb95f3f2e085687563", size = 156446, upload-time = "2024-08-06T20:33:04.33Z" },
 ]
 [[package]]
 name = "tinycss2"
 version = "1.4.0"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
    { name = "webencodings" },
 ]
 sdist = { url = "https://files.pythonhosted.org/packages/7a/fd/7a5ee21fd08ff70d3d33a5781c255cbe779659bd03278feb98b19ee550f4/tinycss2-1.4.0.tar.gz", hash = "sha256:10c0972f6fc0fbee87c3edb76549357415e94548c1ae10ebccdea16fb404a9b7", size = 87085, upload-time = "2024-10-24T14:58:29.895Z" }
 wheels = [
    { url = "https://files.pythonhosted.org/packages/e6/34/ebdc18bae6aa14fbee1a08b63c015c72b64868ff7dae68808ab500c492e2/tinycss2-1.4.0-py3-none-any.whl", hash = "sha256:3a49cf47b7675da0b15d0c6e1df8df4ebd96e9394bb905a5775adb0d884c5289", size = 26610, upload-time = "2024-10-24T14:58:28.029Z" },
 ]
 [[package]]
 name = "tinyhtml5"
 version = "2.0.0"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
    { name = "webencodings" },
 ]
 sdist = { url = "https://files.pythonhosted.org/packages/fd/03/6111ed99e9bf7dfa1c30baeef0e0fb7e0bd387bd07f8e5b270776fe1de3f/tinyhtml5-2.0.0.tar.gz", hash = "sha256:086f998833da24c300c414d9fe81d9b368fd04cb9d2596a008421cbc705fcfcc", size = 179507, upload-time = "2024-10-29T15:37:14.078Z" }
 wheels = [
    { url = "https://files.pythonhosted.org/packages/5c/de/27c57899297163a4a84104d5cec0af3b1ac5faf62f44667e506373c6b8ce/tinyhtml5-2.0.0-py3-none-any.whl", hash = "sha256:13683277c5b176d070f82d099d977194b7a1e26815b016114f581a74bbfbf47e", size = 39793, upload-time = "2024-10-29T15:37:11.743Z" },
 ]
 [[package]]
 name = "trivy-report"
 version = "0.1.0"
 source = { virtual = "security/trivy-report" }
 dependencies = [
    { name = "jinja2" },
    { name = "weasyprint" },
 ]
 [package.metadata]
 requires-dist = [
    { name = "jinja2", specifier = ">=3.1.6" },
    { name = "weasyprint", specifier = ">=66.0" },
 ]
 [[package]]
 name = "virtualenv"
 version = "20.34.0"
@@ -189,3 +428,49 @@ sdist = { url = "https://files.pythonhosted.org/packages/1c/14/37fcdba2808a6c615
 wheels = [
    { url = "https://files.pythonhosted.org/packages/76/06/04c8e804f813cf972e3262f3f8584c232de64f0cde9f703b46cf53a45090/virtualenv-20.34.0-py3-none-any.whl", hash = "sha256:341f5afa7eee943e4984a9207c025feedd768baff6753cd660c857ceb3e36026", size = 5983279, upload-time = "2025-08-13T14:24:05.111Z" },
 ]
 [[package]]
 name = "weasyprint"
 version = "66.0"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
    { name = "cffi" },
    { name = "cssselect2" },
    { name = "fonttools", extra = ["woff"] },
    { name = "pillow" },
    { name = "pydyf" },
    { name = "pyphen" },
    { name = "tinycss2" },
    { name = "tinyhtml5" },
 ]
 sdist = { url = "https://files.pythonhosted.org/packages/32/99/480b5430b7eb0916e7d5df1bee7d9508b28b48fee28da894d0a050e0e930/weasyprint-66.0.tar.gz", hash = "sha256:da71dc87dc129ac9cffdc65e5477e90365ab9dbae45c744014ec1d06303dde40", size = 504224, upload-time = "2025-07-24T11:44:42.771Z" }
 wheels = [
    { url = "https://files.pythonhosted.org/packages/0f/d1/c5d9b341bf3d556c1e4c6566b3efdda0b1bb175510aa7b09dd3eee246923/weasyprint-66.0-py3-none-any.whl", hash = "sha256:82b0783b726fcd318e2c977dcdddca76515b30044bc7a830cc4fbe717582a6d0", size = 301965, upload-time = "2025-07-24T11:44:40.968Z" },
 ]
 [[package]]
 name = "webencodings"
 version = "0.5.1"
 source = { registry = "https://pypi.org/simple" }
 sdist = { url = "https://files.pythonhosted.org/packages/0b/02/ae6ceac1baeda530866a85075641cec12989bd8d31af6d5ab4a3e8c92f47/webencodings-0.5.1.tar.gz", hash = "sha256:b36a1c245f2d304965eb4e0a82848379241dc04b865afcc4aab16748587e1923", size = 9721, upload-time = "2017-04-05T20:21:34.189Z" }
 wheels = [
    { url = "https://files.pythonhosted.org/packages/f4/24/2a3e3df732393fed8b3ebf2ec078f05546de641fe1b667ee316ec1dcf3b7/webencodings-0.5.1-py2.py3-none-any.whl", hash = "sha256:a0af1213f3c2226497a97e2b3aa01a7e4bee4f403f95be16fc9acd2947514a78", size = 11774, upload-time = "2017-04-05T20:21:32.581Z" },
 ]
 [[package]]
 name = "zopfli"
 version = "0.2.3.post1"
 source = { registry = "https://pypi.org/simple" }
 sdist = { url = "https://files.pythonhosted.org/packages/5e/7c/a8f6696e694709e2abcbccd27d05ef761e9b6efae217e11d977471555b62/zopfli-0.2.3.post1.tar.gz", hash = "sha256:96484dc0f48be1c5d7ae9f38ed1ce41e3675fd506b27c11a6607f14b49101e99", size = 175629, upload-time = "2024-10-18T15:42:05.946Z" }
 wheels = [
    { url = "https://files.pythonhosted.org/packages/2b/24/0e552e2efce9a20625b56e9609d1e33c2966be33fc008681121ec267daec/zopfli-0.2.3.post1-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:ecb7572df5372abce8073df078207d9d1749f20b8b136089916a4a0868d56051", size = 295485, upload-time = "2024-10-18T15:41:12.57Z" },
    { url = "https://files.pythonhosted.org/packages/08/83/b2564369fb98797a617fe2796097b1d719a4937234375757ad2a3febc04b/zopfli-0.2.3.post1-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:a1cf720896d2ce998bc8e051d4b4ce0d8bec007aab6243102e8e1d22a0b2fb3f", size = 163000, upload-time = "2024-10-18T15:41:13.743Z" },
    { url = "https://files.pythonhosted.org/packages/3c/55/81d419739c2aab35e19b58bce5498dcb58e6446e5eb69f2d3c748b1c9151/zopfli-0.2.3.post1-cp313-cp313-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:5aad740b4d4fcbaaae4887823925166ffd062db3b248b3f432198fc287381d1a", size = 823699, upload-time = "2024-10-18T15:41:14.874Z" },
    { url = "https://files.pythonhosted.org/packages/9e/91/89f07c8ea3c9bc64099b3461627b07a8384302235ee0f357eaa86f98f509/zopfli-0.2.3.post1-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:6617fb10f9e4393b331941861d73afb119cd847e88e4974bdbe8068ceef3f73f", size = 826612, upload-time = "2024-10-18T15:41:16.069Z" },
    { url = "https://files.pythonhosted.org/packages/41/31/46670fc0c7805d42bc89702440fa9b73491d68abbc39e28d687180755178/zopfli-0.2.3.post1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a53b18797cdef27e019db595d66c4b077325afe2fd62145953275f53d84ce40c", size = 851148, upload-time = "2024-10-18T15:41:17.403Z" },
    { url = "https://files.pythonhosted.org/packages/22/00/71ad39277bbb88f9fd20fb786bd3ff2ea4025c53b31652a0da796fb546cd/zopfli-0.2.3.post1-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:b78008a69300d929ca2efeffec951b64a312e9a811e265ea4a907ab546d79fa6", size = 1754215, upload-time = "2024-10-18T15:41:18.661Z" },
    { url = "https://files.pythonhosted.org/packages/d0/4e/e542c508d20c3dfbef1b90fcf726f824f505e725747f777b0b7b7d1deb95/zopfli-0.2.3.post1-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:0aa5f90d6298bda02a95bc8dc8c3c19004d5a4e44bda00b67ca7431d857b4b54", size = 1905988, upload-time = "2024-10-18T15:41:19.933Z" },
    { url = "https://files.pythonhosted.org/packages/ba/a5/817ac1ecc888723e91dc172e8c6eeab9f48a1e52285803b965084e11bbd5/zopfli-0.2.3.post1-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:2768c877f76c8a0e7519b1c86c93757f3c01492ddde55751e9988afb7eff64e1", size = 1835907, upload-time = "2024-10-18T15:41:21.582Z" },
    { url = "https://files.pythonhosted.org/packages/cd/35/2525f90c972d8aafc39784a8c00244eeee8e8221b26cbc576748ee9dc1cd/zopfli-0.2.3.post1-cp313-cp313-win32.whl", hash = "sha256:71390dbd3fbf6ebea9a5d85ffed8c26ee1453ee09248e9b88486e30e0397b775", size = 82742, upload-time = "2024-10-18T15:41:23.362Z" },
    { url = "https://files.pythonhosted.org/packages/2f/c6/49b27570923956d52d37363e8f5df3a31a61bd7719bb8718527a9df3ae5f/zopfli-0.2.3.post1-cp313-cp313-win_amd64.whl", hash = "sha256:a86eb88e06bd87e1fff31dac878965c26b0c26db59ddcf78bb0379a954b120de", size = 99408, upload-time = "2024-10-18T15:41:24.377Z" },
 ]
Author	SHA1	Message	Date
Morten Olsen	eae83bf0dd	update	2025-09-05 14:43:24 +02:00
Morten Olsen	42cc50948d	remove argo	2025-09-05 13:51:33 +02:00
Morten Olsen	ff06613e99	updates	2025-09-05 11:22:58 +02:00
Morten Olsen	9fe279b1b5	docs	2025-09-05 08:56:04 +02:00
Morten Olsen	63e0ef0909	add-coder	2025-09-05 07:04:15 +02:00
Morten Olsen	a44e3cb2be	ssh port on gitea	2025-09-04 20:15:36 +02:00