diff --git a/README.md b/README.md
new file mode 100644
index 0000000..33a5880
--- /dev/null
+++ b/README.md
@@ -0,0 +1,11 @@
+# OneLab (Kubernetes)
+
+Deploy OneLab with **Argo CD** and Helm using the manifests under [`gitops/`](gitops/).
+
+**Documentation:** [gitops/README.md](gitops/README.md) — prerequisites, configuration, bootstrap, and troubleshooting.
+
+```bash
+kubectl apply -f gitops/argocd/application.yaml
+```
+
+Edit `gitops/argocd/application.yaml` (`repoURL`, `targetRevision`) and `gitops/values/*.yaml` before syncing in production.
diff --git a/app/backup.sh b/app/backup.sh
deleted file mode 100644
index 3b919ab..0000000
--- a/app/backup.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-
-#!/bin/bash
-ANSIBLE_LOG_PATH=./logs/ansible/$(date +%F)-ansible.log ansible-playbook ./installation/1.27.0/app/playbooks/backup.yml
diff --git a/app/configurations.yml b/app/configurations.yml
deleted file mode 100644
index e8c7474..0000000
--- a/app/configurations.yml
+++ /dev/null
@@ -1,154 +0,0 @@
----
-onelab:
-  domain: https://localhost
-  logs:
- #  path: "/path/to/onelab/logs"
-    level: info
-  assets:
- #  path: "/path/to/onelab/data"
-    purge: 1d
-  shared:
-    inputs:
-      path: "./data/shared/inputs"
-      archive_path: "./data/shared/archived"
-  security:
-    cors: '*'
-    auth:
-      token:
-        expiration: 5m
-        key: TokenAuthPlaceholder
-      password:
-        expiration: 90d
-        min_length: 8
-        prevent_reuse: 5
-      allow_list: []
-      block_list: []
-      authentifier: "email"
-    ratelimit:
-      ip:
-        max: 1000
-        duration: 1d
-      auth:
-        max: 5
-        duration: 5m
-        delay_after: 2
-        delay_ms: 1000
-    devices:
-        cors: '*'
-    monitoring:
-        token: TokenMonitoringPlaceholder
-  params:
-    session:
-      idle: 45m
-      remember_me: true
-    lab:
-      creation_policy: many
-    # compliance:
-    #   require_electronic_signature: true
-    #   execution_operator_restriction_policy: 'reviewed'
-    #   execution_admin_expert_restriction_policy: 'reviewed'
-    #   prevent_csv_import: true
-    #   prevent_manual_metadata_edit: true
-    # device_restart: true
-    signup: false
-    # Google Analytics
-    # ga: XXXXX   
-    # Intercom Andrew Alliance
-    intercom:
-      appid: zxvgsagz
-      secret: QUw2jEV8utIpe9DeYjOqBjhBY9VxjXddKUCISUNu
-    # Recaptcha Andrew Alliance
-    # recaptcha:
-    #  client: XXXXXXXXXXXX
-    #  secret: XXXXXXXXXXXX
-    #links:
-    #  terms: https://www.andrewalliance.com/onelab-service-agreement.pdf
-    #  privacy: https://www.andrewalliance.com/onelab-privacy-policy.pdf
-    #  cookies: https://www.andrewalliance.com/onelab-cookie-policy.pdf
-  mailer:
-    #
-    # SMTP
-    # smtp:
-    #   host: XXX    (optional)
-    #   port: XXX    (optional)
-    #   auth:    (optional)
-    #     user: XXX
-    #     pass: XXX
-    #     type: custom | login | oauth2    (optional)
-    #     method: XXX    (optional)
-    #   secure: true | false    (optional)
-    #
-    # Amazon SES
-    # ses:
-    #   accessKeyId: XXXX
-    #   secretAccessKey: XXXX
-    #
-    # MailGun
-    # mailgun:
-    #   auth:
-    #     api: XXXX
-    #     domain: XXXX
-    #
-    # Debug
-    # debug:
-    #   type: file | mail
-    #   path: XXXX
-    #   redirect: XXX@andrewalliance.com
-    #
-    noreply: no-reply@andrewalliance.com
-    queue:
-      scheduling: 15
-      maxsize: 50
-    error:
-      maxtries: 3
-      timeout: 60
-  ldap:
-    enabled: false
-    # timeout: 10
-    # encryption: plain | tls | start_tls
-    # policy: all | changes_only
-    # verify_certificates: true | false
-    # tls:
-    #  ca: file_path
-    #  cert: file_path
-    #  key: file_path
-    #  ciphers: string
-    #  ssl_version: string
-  services:
-    db:
-      # host: db
-      # Note: port 5432 is the standard port for postgres however a custom port can be used if 5432 is occupied already
-      # port: 5432
-      database: postgres
-      username: postgres
-      password: DBPasswordPlaceholder
-      schema: onelab
-      # replicas: 1
-    # redis:
-    #   host: redis
-    #   port: '6379'
-    #   replicas: 1
-    rabbit:
-      # url: rabbitmq
-      # port: 5671
-      token: TokenRabbitPlaceholder
-      # replicas: 1
-    api:
-      replicas: 2
-    # apidevice:
-    #   replicas: 1
-    # apirabbit:
-    #   replicas: 1
-    # devices:
-    #   replicas: 1
-    # experiments:
-    #   replicas: 1
-    # images:
-    #   replicas: 1
-    # manual:
-    #   replicas: 1
-    # website:
-    #   ssr: false
-    # ws:
-    #   replicas: 1
-
diff --git a/app/docker-compose.yml b/app/docker-compose.yml
deleted file mode 100644
index ed09b6e..0000000
--- a/app/docker-compose.yml
+++ /dev/null
@@ -1,319 +0,0 @@
-version: "3.3"
-services:
-  # If the database isn't accessed other than by services present in this file, remove port instruction.
-  # It exposes the database to the host system and if the server isn't secure, it exposes the database to attacks.
-  # That doesn't exclude the need to secure the servers on which the containers are run.
-  db:
-    image: hub.andrewalliance.com/releases/postgres:17.8
-    volumes:
-      - pgdata:/var/lib/postgresql/data
-    environment:
-      - POSTGRES_USER=postgres
-      - POSTGRES_PASSWORD={{ onelab.services.db.password }}
-      - POSTGRES_DB=postgres
-{% if onelab.services.db.port is defined %}
-    ports:
-      - "{{ onelab.services.db.port }}:5432"
-{% endif %}
-    deploy:
-      replicas: {{ onelab.services.db.replicas|default('1') }}
-      placement:
-        constraints:
-          - node.role == manager
-  redis:
-    image: hub.andrewalliance.com/releases/redis:7.4.7-alpine
-    deploy:
-      replicas: {{ onelab.services.db.redis.replicas|default('1') }}
-      placement:
-        constraints:
-          - node.role == manager
-  rabbitmq:
-    image: hub.andrewalliance.com/releases/rabbitmq:3.13.7
-    hostname: "onelab"
-    volumes:
-      - rabbitmq_data:/var/lib/rabbitmq/mnesia
-    configs:
-      - source: enable_plugins
-        target: /etc/rabbitmq/enabled_plugins
-      - source: rabbit.conf
-        target: /etc/rabbitmq/rabbitmq.conf
-      - source: advanced.conf
-        target: /etc/rabbitmq/advanced.conf
-      - source: definitions.json
-        target: /opt/definitions.json
-      - source: rabbit.crt
-        target: /etc/rabbitmq/ssl/rabbit.crt
-      - source: rabbit.key
-        target: /etc/rabbitmq/ssl/rabbit.key
-      - source: rabbit.fullchain.pem
-        target: /etc/rabbitmq/ssl/rabbit.fullchain.pem
-    ports:
-      - "5671:5671"
-    deploy:
-      replicas: {{ onelab.services.rabbit.replicas|default('1') }}
-      placement:
-        constraints:
-          - node.role == manager
-  supervisor:
-    image: hub.andrewalliance.com/releases/onelab-supervisor-worker:1.27.0
-    volumes:
-      - {{ onelab.logs.path|default('./logs') }}:/logs
-      - {{ onelab.assets.path|default('./data') }}:/data
-    configs:
-      - source: configurations.yml
-        target: /conf/configurations.yml
-    deploy:
-      replicas: 1
-      placement:
-        constraints:
-          - node.role == {{ deploy_on|default('manager') }}
-  file-worker:
-    image: hub.andrewalliance.com/releases/onelab-file-worker:1.27.0
-    volumes:
-      - {{ onelab.logs.path|default('./logs') }}:/logs
-      - {{ onelab.assets.path|default('./data') }}:/data
-      - {{ onelab.shared.inputs.path|default('./data/shared/inputs') }}:/shared-inputs
-      - {{ onelab.shared.inputs.archived_path|default('./data/shared/archived') }}:/shared-archived
-    configs:
-      - source: configurations.yml
-        target: /conf/configurations.yml
-    deploy:
-      replicas: 1
-      placement:
-        constraints:
-          - node.role == manager
-  api:
-    image: hub.andrewalliance.com/releases/onelab-api:1.27.0
-    volumes:
-      - {{ onelab.logs.path|default('./logs') }}:/logs
-      - {{ onelab.assets.path|default('./data') }}:/data
-    configs:
-      - source: configurations.yml
-        target: /conf/configurations.yml
-    deploy:
-      replicas: {{ onelab.services.api.replicas|default('1') }}
-      placement:
-        constraints:
-          - node.role == {{ deploy_on|default('manager') }}
-  api-device:
-    image: hub.andrewalliance.com/releases/onelab-api-device:1.27.0
-    volumes:
-      - {{ onelab.logs.path|default('./logs') }}:/logs
-      - {{ onelab.assets.path|default('./data') }}:/data
-    configs:
-      - source: configurations.yml
-        target: /conf/configurations.yml
-    deploy:
-      replicas: {{ onelab.services.apidevice.replicas|default('1') }}
-      placement:
-        constraints:
-          - node.role == {{ deploy_on|default('manager') }}
-  api-rabbit:
-    image: hub.andrewalliance.com/releases/onelab-api-rabbit:1.27.0
-    volumes:
-      - {{ onelab.logs.path|default('./logs') }}:/logs
-      - {{ onelab.assets.path|default('./data') }}:/data
-    configs:
-      - source: configurations.yml
-        target: /conf/configurations.yml
-    deploy:
-      replicas: {{ onelab.services.apirabbit.replicas|default('1') }}
-      placement:
-        constraints:
-          - node.role == {{ deploy_on|default('manager') }}
-  devices-worker:
-    image: hub.andrewalliance.com/releases/onelab-devices-worker:1.27.0
-    volumes:
-      - {{ onelab.logs.path|default('./logs') }}:/logs
-      - {{ onelab.assets.path|default('./data') }}:/data
-    configs:
-      - source: configurations.yml
-        target: /conf/configurations.yml
-    deploy:
-      replicas: {{ onelab.services.devices.replicas|default('1') }}
-      placement:
-        constraints:
-          - node.role == {{ deploy_on|default('manager') }}
-  experiments-worker:
-    image: hub.andrewalliance.com/releases/onelab-experiments-worker:1.27.0
-    volumes:
-      - {{ onelab.logs.path|default('./logs') }}:/logs
-    configs:
-      - source: configurations.yml
-        target: /conf/configurations.yml
-    deploy:
-      replicas: {{ onelab.services.experiments.replicas|default('1') }}
-      placement:
-        constraints:
-          - node.role == {{ deploy_on|default('manager') }}
-  images-worker:
-    image: hub.andrewalliance.com/releases/onelab-images-worker:1.27.0
-    volumes:
-      - {{ onelab.logs.path|default('./logs') }}:/logs
-      - {{ onelab.assets.path|default('./data') }}:/data
-    configs:
-      - source: configurations.yml
-        target: /conf/configurations.yml
-    deploy:
-      replicas: {{ onelab.services.images.replicas|default('1') }}
-      placement:
-        constraints:
-          - node.role == {{ deploy_on|default('manager') }}
-
-{% if (onelab.ldap|default(false)) != false %}
-  ldap-worker:
-    image: hub.andrewalliance.com/releases/onelab-ldap-worker:1.27.0
-    volumes:
-      - {{ onelab.logs.path|default('./logs') }}:/logs
-    configs:
-      - source: configurations.yml
-        target: /conf/configurations.yml
-{% if onelab.ldap.tls.ca is defined %}
-      - source: ldap-ca.crt
-        target: /ldap/ca.crt
-{% endif %}
-{% if onelab.ldap.tls.key is defined %}
-      - source: ldap-private.key
-        target: /ldap/private.key
-{% endif %}
-{% if onelab.ldap.tls.cert is defined %}
-      - source: ldap-cert.crt
-        target: /ldap/cert.crt
-{% endif %}
-    deploy:
-      replicas: {{ onelab.services.ldap.replicas|default('1') }}
-      placement:
-        constraints:
-          - node.role == {{ deploy_on|default('manager') }}
-{% endif %}
-{% if (onelab.mailer.smtp|default(false)) != false or (onelab.mailer.ses|default(false)) != false %}
-  mailer-worker:
-    image: hub.andrewalliance.com/releases/onelab-mailer-worker:1.27.0
-    volumes:
-      - {{ onelab.logs.path|default('./logs') }}:/logs
-    configs:
-      - source: configurations.yml
-        target: /conf/configurations.yml
-    deploy:
-      replicas: {{ onelab.services.mailer.replicas|default('1') }}
-      placement:
-        constraints:
-          - node.role == {{ deploy_on|default('manager') }}
-{% endif %}
-  manual-worker:
-    image: hub.andrewalliance.com/releases/onelab-manual-worker:1.27.0
-    volumes:
-      - {{ onelab.logs.path|default('./logs') }}:/logs
-    configs:
-      - source: configurations.yml
-        target: /conf/configurations.yml
-    deploy:
-      replicas: {{ onelab.services.manual.replicas|default('1') }}
-      placement:
-        constraints:
-          - node.role == {{ deploy_on|default('manager') }}
-  websocket-worker:
-    image: hub.andrewalliance.com/releases/onelab-websocket-worker:1.27.0
-    volumes:
-      - {{ onelab.logs.path|default('./logs') }}:/logs
-    configs:
-      - source: configurations.yml
-        target: /conf/configurations.yml
-    deploy:
-      replicas: {{ onelab.services.ws.replicas|default('1') }}
-      placement:
-        constraints:
-          - node.role == {{ deploy_on|default('manager') }}
-  static:
-    image: hub.andrewalliance.com/releases/onelab-static:1.27.0
-    deploy:
-      replicas: 1
-      placement:
-        constraints:
-          - node.role == {{ deploy_on|default('manager') }}
-  main:
-    image: hub.andrewalliance.com/releases/onelab-main:1.27.0
-    deploy:
-      replicas: 1
-      placement:
-        constraints:
-          - node.role == {{ deploy_on|default('manager') }}
-  designer:
-    image: hub.andrewalliance.com/releases/onelab-designer:1.27.0
-    deploy:
-      replicas: 1
-      placement:
-        constraints:
-          - node.role == {{ deploy_on|default('manager') }}
-  runner:
-    image: hub.andrewalliance.com/releases/onelab-runner:1.27.0
-    deploy:
-      replicas: 1
-      placement:
-        constraints:
-          - node.role == {{ deploy_on|default('manager') }}
-  website:
-    image: hub.andrewalliance.com/releases/onelab-website:1.27.0
-{% if (onelab.services.website.ssr|default(true)) != true %}
-    environment:
-      - RENDERING_MODE=no-ssr
-{% endif %}
-    deploy:
-      replicas: 1
-      placement:
-        constraints:
-          - node.role == {{ deploy_on|default('manager') }}
-  revproxy:
-    image: hub.andrewalliance.com/releases/nginx:1.29.5-alpine
-    ports:
-      - "8080:80"
-    volumes:
-      - {{ onelab.assets.path|default('./data') }}:/data
-    configs:
-      - source: nginx.conf
-        target: /etc/nginx/nginx.conf
-      - source: error-404.html
-        target: /data/error-404.html
-    deploy:
-      replicas: 1
-      placement:
-        constraints:
-          - node.role == {{ deploy_on|default('manager') }}
-volumes:
-  pgdata:
-    driver: local
-  rabbitmq_data:
-    driver: local
-configs:
-  configurations.yml:
-    file: ./configurations.yml
-  nginx.conf:
-    file: ./nginx/onelab.conf
-  error-404.html:
-    file: ./proxy/error-404.html
-  rabbit.crt:
-    file: ./rabbit/ssl/rabbit.crt
-  rabbit.key:
-    file: ./rabbit/ssl/rabbit.key
-  rabbit.fullchain.pem:
-    file: ./rabbit/ssl/rabbit.fullchain.pem
-  enable_plugins:
-    file: ./rabbit/enable_plugins
-  rabbit.conf:
-    file: ./rabbit/rabbit.conf
-  advanced.conf:
-    file: ./rabbit/advanced.conf
-  definitions.json:
-    file: ./rabbit/definitions.json
-{% if onelab.ldap.tls.ca is defined %}
-  ldap-ca.crt:
-    file: {{ onelab.ldap.tls.ca }}
-{% endif %}
-{% if onelab.ldap.tls.key is defined %}
-  ldap-private.key:
-    file: {{ onelab.ldap.tls.key }}
-{% endif %}
-{% if onelab.ldap.tls.cert is defined %}
-  ldap-cert.crt:
-    file: {{ onelab.ldap.tls.cert }}
-{% endif %}
diff --git a/app/nginx/onelab.conf b/app/nginx/onelab.conf
deleted file mode 100644
index b7c456f..0000000
--- a/app/nginx/onelab.conf
+++ /dev/null
@@ -1,337 +0,0 @@
-
-worker_processes 4;
-
-events { worker_connections 1024; }
-
-http {
-  include /etc/nginx/mime.types;
-  
-  client_max_body_size 2m;
-
-  # don't send the nginx version number in error pages and Server header
-  server_tokens off;
-
-  sendfile on;
-
-  upstream website {
-    server website:4000;
-  }
-
-  upstream main {
-    server main:80;
-  }
-
-  upstream api {
-    server api:3000;
-  }
-
-  upstream api-device {
-    server api-device:3000;
-  }
-
-  upstream api-rabbit {
-    server api-rabbit:3000;
-  }
-
-  upstream designer {
-    server designer:80;
-  }
-
-  upstream runner {
-    server runner:80;
-  }
-
-  upstream static {
-    server static:80;
-  }
-
-  upstream websocket-worker {
-    server websocket-worker:3030;
-  }
-
-  # Restore the real client IP from the upstream reverse proxy
-  # Trust all RFC 1918 private ranges (covers any Docker network config)
-  set_real_ip_from  10.0.0.0/8;
-  set_real_ip_from  172.16.0.0/12;
-  set_real_ip_from  192.168.0.0/16;
-  real_ip_header    X-Real-IP;
-
-  limit_req_zone $binary_remote_addr zone=auth:10m rate=1r/s;
-  limit_req_zone $binary_remote_addr zone=website:10m rate=5r/s;
-  limit_req_zone $binary_remote_addr zone=global:10m rate=10r/s;
-
-  # redirect all http traffic to https
-  server {
-    listen 80 default_server;
-{% if (onelab.services.revproxy.ipv6|default(true)) != false %}
-    listen [::]:80 default_server;
-{% endif %}
-    server_name localhost;
-
-    gzip on;
-    gzip_vary on;
-    gzip_min_length 10240;
-    gzip_proxied expired no-cache no-store private auth;
-    gzip_types text/plain text/css application/json application/x-javascript application/javascript text/xml application/xml application/xml+rss text/javascript;
-    gzip_disable "MSIE [1-6]\.";
-
-    root /data/;
-
-    location ^~ /lab/ {
-      rewrite ^/lab/(.*?) /app/lab/$1 last;
-    }
-
-    location ^~ /assets/ {
-      location ~* \.(?:css|js|woff|woff2|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
-        expires 1M;
-        access_log off;
-        add_header Cache-Control "public";
-
-        try_files $uri $uri/ /error-404.html =404;
-      }
-      expires -1;
-      add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
-
-      try_files $uri $uri/ /error-404.html =404;
-    }
-
-    location ^~ /static/ {
-      location ~* \.(?:css|js|woff|woff2|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
-        expires 1M;
-        access_log off;
-        add_header Cache-Control "public";
-
-        proxy_pass  http://static;
-        proxy_redirect  off;
-        proxy_set_header  Host $host;
-        proxy_set_header  X-Real-IP $remote_addr;
-        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header  X-Forwarded-Host $server_name;
-      }
-
-      expires -1;
-      add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
-
-      proxy_pass  http://static;
-      proxy_redirect  off;
-      proxy_set_header  Host $host;
-      proxy_set_header  X-Real-IP $remote_addr;
-      proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
-      proxy_set_header  X-Forwarded-Host $server_name;
-    }
-
-    location ^~ /sitemap.xml {
-      limit_req zone=global burst=10 nodelay;
-
-      proxy_pass  http://api;
-      proxy_redirect  off;
-      proxy_set_header  Host $host;
-      proxy_set_header  X-Real-IP $remote_addr;
-      proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
-      proxy_set_header  X-Forwarded-Host $server_name;
-    }
-
-    location ^~ /robots.txt {
-      limit_req zone=global burst=10 nodelay;
-
-      proxy_pass  http://api;
-      proxy_redirect  off;
-      proxy_set_header  Host $host;
-      proxy_set_header  X-Real-IP $remote_addr;
-      proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
-      proxy_set_header  X-Forwarded-Host $server_name;
-    }
-
-    location ^~ /api/ {
-      limit_req zone=global burst=10 nodelay;
-
-      proxy_pass  http://api;
-      proxy_redirect  off;
-      proxy_set_header  Cookie $http_cookie;
-      proxy_set_header  Host $host;
-      proxy_set_header  X-Real-IP $remote_addr;
-      proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
-      proxy_set_header  X-Forwarded-Host $server_name;
-    }
-
-    location ^~ /api/v1/auth/ {
-      # apply rate limiting
-      limit_req zone=auth burst=5 nodelay;
-  
-      proxy_pass http://api;
-      proxy_redirect  off;
-      proxy_set_header  Cookie $http_cookie;
-      proxy_set_header  Host $host;
-      proxy_set_header  X-Real-IP $remote_addr;
-      proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
-      proxy_set_header  X-Forwarded-Host $server_name;
-    }
-    
-    location ^~ /api/v1/firmwares {
-      limit_req zone=global burst=10 nodelay;
-    
-      client_max_body_size 600M;
-
-      proxy_pass  http://api;
-      proxy_redirect  off;
-      proxy_set_header  Cookie $http_cookie;
-      proxy_set_header  Host $host;
-      proxy_set_header  X-Real-IP $remote_addr;
-      proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
-      proxy_set_header  X-Forwarded-Host $server_name;
-    }
-
-    location ^~ /api/v1/rmq/ {
-      proxy_pass  http://api-rabbit;
-      proxy_redirect  off;
-      proxy_set_header  Cookie $http_cookie;
-      proxy_set_header  Host $host;
-      proxy_set_header  X-Real-IP $remote_addr;
-      proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
-      proxy_set_header  X-Forwarded-Host $server_name;
-    }
-
-    location ^~ /device-api/ {
-      limit_req zone=global burst=10 nodelay;
-      client_max_body_size 600m;
-
-      proxy_pass  http://api-device;
-      proxy_redirect  off;
-      proxy_set_header  Cookie $http_cookie;
-      proxy_set_header  Host $host;
-      proxy_set_header  X-Real-IP $remote_addr;
-      proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
-      proxy_set_header  X-Forwarded-Host $server_name;
-    }
-
-    location ^~ /app/designer/ {
-      location ~* \.(?:css|js|woff|woff2|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
-        expires 1M;
-        access_log off;
-        add_header Cache-Control "public";
-
-        proxy_pass  http://designer;
-        proxy_redirect  off;
-        proxy_set_header  Cookie $http_cookie;
-        proxy_set_header  Host $host;
-        proxy_set_header  X-Real-IP $remote_addr;
-        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header  X-Forwarded-Host $server_name;
-      }
-
-      expires -1;
-      add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
-
-      proxy_pass  http://designer;
-      proxy_redirect  off;
-      proxy_set_header  Cookie $http_cookie;
-      proxy_set_header  Host $host;
-      proxy_set_header  X-Real-IP $remote_addr;
-      proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
-      proxy_set_header  X-Forwarded-Host $server_name;
-    }
-
-    location ^~ /app/runner/ {
-      location ~* \.(?:css|js|woff|woff2|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
-        expires 1M;
-        access_log off;
-        add_header Cache-Control "public";
-
-        proxy_pass  http://runner;
-        proxy_redirect  off;
-        proxy_set_header  Cookie $http_cookie;
-        proxy_set_header  Host $host;
-        proxy_set_header  X-Real-IP $remote_addr;
-        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header  X-Forwarded-Host $server_name;
-      }
-      
-      expires -1;
-      add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
-
-      proxy_pass  http://runner;
-      proxy_redirect  off;
-      proxy_set_header  Cookie $http_cookie;
-      proxy_set_header  Host $host;
-      proxy_set_header  X-Real-IP $remote_addr;
-      proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
-      proxy_set_header  X-Forwarded-Host $server_name;
-    }
-
-    location ^~ /ws/ {
-      proxy_pass  http://websocket-worker;
-      proxy_redirect  off;
-      proxy_set_header  Cookie $http_cookie;
-      proxy_set_header  Host $host;
-      proxy_set_header  X-Real-IP $remote_addr;
-      proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
-      proxy_set_header  X-Forwarded-Host $server_name;
-      
-      proxy_set_header Upgrade $http_upgrade;
-      proxy_set_header Connection "upgrade";
-    }
-    
-    location ^~ /app/ {
-      location ~* \.(?:css|js|woff|woff2|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
-        expires 1M;
-        access_log off;
-        add_header Cache-Control "public";
-
-        proxy_pass  http://main;
-        proxy_redirect  off;
-        proxy_set_header  Cookie $http_cookie;
-        proxy_set_header  Host $host;
-        proxy_set_header  X-Real-IP $remote_addr;
-        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header  X-Forwarded-Host $server_name;
-      }
-      
-      expires -1;
-      add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
-
-      proxy_pass  http://main;
-      proxy_redirect  off;
-      proxy_set_header  Cookie $http_cookie;
-      proxy_set_header  Host $host;
-      proxy_set_header  X-Real-IP $remote_addr;
-      proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
-      proxy_set_header  X-Forwarded-Host $server_name;
-    }
-    
-    # Static assets for website (including /media/ subdirectory)
-     location ~* ^/.+\.(?:css|js|woff|woff2|ttf|eot|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {   
-        expires 1M;
-        access_log off;
-        add_header Cache-Control "public";
-
-        proxy_pass  http://website;
-        proxy_redirect  off;
-        proxy_set_header  Cookie $http_cookie;
-        proxy_set_header  Host $host;
-        proxy_set_header  X-Real-IP $remote_addr;
-        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header  X-Forwarded-Host $server_name;
-    }
-
-    # Website SSR routes (rate limited)
-    location ~ ^/(library(/[^/]+)?|login(/(reset|change))?|signup)?$ {
-      limit_req zone=website burst=10 nodelay;
-
-      expires -1;
-      add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
-
-      proxy_pass  http://website;
-      proxy_redirect  off;
-      proxy_set_header  Cookie $http_cookie;
-      proxy_set_header  Host $host;
-      proxy_set_header  X-Real-IP $remote_addr;
-      proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
-      proxy_set_header  X-Forwarded-Host $server_name;
-    }
-
-    # Catch-all for junk requests
-    location /  {
-      try_files $uri $uri/ /error-404.html =404;
-    }
-  }
-}
diff --git a/app/playbooks/backup.yml b/app/playbooks/backup.yml
deleted file mode 100644
index f14143e..0000000
--- a/app/playbooks/backup.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-- name: Backing up OneLab (1.27.0)
-  hosts: localhost
-  gather_facts: yes
-  vars:
-    onelab_path: '../../../..'
-  
-  # Call from ./installation/latest/app/playbooks/backup.yml
-
-  tasks:
-    - include_tasks: ./tasks/backup-task.yml
diff --git a/app/playbooks/deploy.yml b/app/playbooks/deploy.yml
deleted file mode 100644
index 75f0131..0000000
--- a/app/playbooks/deploy.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-- name: Deploying OneLab (1.27.0)
-  hosts: localhost
-  vars:
-    onelab_path: '../../../../../onelab'
-  
-  # Call from ./installation/latest/app/playbooks/deploy.yml
-
-  tasks:
-    # Load configuration
-    - include_vars:
-        file: "{{ onelab_path }}/configurations.yml"
-
-    # Start proxy
-    - include_tasks: ./tasks/start-proxy.yml
-
-    # Start OneLab
-    - include_tasks: ./tasks/start-onelab.yml
diff --git a/app/playbooks/install-swarm.yml b/app/playbooks/install-swarm.yml
deleted file mode 100644
index bcab1ad..0000000
--- a/app/playbooks/install-swarm.yml
+++ /dev/null
@@ -1,25 +0,0 @@
----
-- name: Generate the command to join a node as swarm worker
-  hosts: localhost
-  gather_facts: yes
-
-  tasks:
-    - name: Determine Docker swarm status
-      shell: >
-        docker info | egrep 'Swarm: '
-      register: swarm_status
-      become: true
-
-    - name: Prepare the command to join a node as worker in this swarm
-      command: docker swarm join-token worker -q
-      become: true
-      when: "' Swarm: active' in swarm_status.stdout_lines"
-      register: worker_join_token
-
-    - set_fact:
-        run_on_worker: "sudo docker swarm join --token {{ worker_join_token.stdout }} {{ ansible_eth0.ipv4.address }}:2377"
-    
-    - debug: var=run_on_worker
-
-  
-
diff --git a/app/playbooks/install.yml b/app/playbooks/install.yml
deleted file mode 100644
index bc1d5f6..0000000
--- a/app/playbooks/install.yml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-- name: Installing OneLab (1.27.0)
-  hosts: localhost
-  gather_facts: yes
-  vars:
-    main_path: '../../..'
-    onelab_path: '../../../onelab'
-    installer_path: '../../../onelab-enterprise-installer-1.27.0'
-    
-  # Call from ./onelab-enterprise-installer-1.27.0/app/playbooks/install.yml
-
-  tasks:
-  - include_tasks: ./tasks/install-task.yml
diff --git a/app/playbooks/reconfigure.yml b/app/playbooks/reconfigure.yml
deleted file mode 100644
index 38cc208..0000000
--- a/app/playbooks/reconfigure.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-- name: Reconfiguring OneLab (1.27.0)
-  hosts: localhost
-  vars:
-    main_path: '../../../../..'
-    onelab_path: '../../../../../onelab'
-    
-  # Call from ./installation/latest/app/playbooks/reconfigure.yml
-
-  tasks:
-    # Load configuration
-    - include_vars: 
-        file: "{{ onelab_path }}/configurations.yml"
-
-    - include_tasks: "{{ onelab_path }}/installation/latest/app/playbooks/tasks/reconfigure-task.yml"
diff --git a/app/playbooks/stop.yml b/app/playbooks/stop.yml
deleted file mode 100644
index ac16367..0000000
--- a/app/playbooks/stop.yml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-- name: Stopping OneLab (1.27.0)
-  hosts: localhost
-  vars:
-    onelab_path: '../../../../../onelab'
-
-  # Call from ./installation/latest/app/playbooks/stop.yml
-
-  tasks:
-    - include_tasks: ./tasks/stop-onelab.yml
-
-    - include_tasks: ./tasks/stop-proxy.yml
diff --git a/app/playbooks/tasks/backup-task.yml b/app/playbooks/tasks/backup-task.yml
deleted file mode 100644
index 2208fec..0000000
--- a/app/playbooks/tasks/backup-task.yml
+++ /dev/null
@@ -1,37 +0,0 @@
----
-- name: Checking if OneLab is running
-  shell: docker stack ls | grep 'onelab' | grep -v 'onelab_proxy' | wc -l
-  become: true
-  register: backup_stack_count
-
-# Start DB if OneLab is not running
-- include_tasks: "{{ onelab_path }}/installation/latest/app/playbooks/tasks/start-db-only.yml"
-  when: backup_stack_count.stdout == "0"
-
-- name:  Creating backup directory
-  file:
-    path: "{{ onelab_path }}/backups/{{ ansible_date_time.iso8601_basic_short }}_1.27.0"
-    state: directory
-  register: backup_path
-
-- name: Backing up files
-  shell:
-    tar --exclude='temp' -czvf {{ backup_path.path }}/onelab.tar.gz -C {{ onelab_path }} ./data ./installation ./nginx ./proxy ./rabbit ./ssl ./backup.sh ./configurations.yml ./docker-compose.yml ./reconfigure.sh ./start.sh ./stop.sh ./update.sh     
-  become: yes
-
-- name: Backing up database
-  shell:
-    docker exec -i $(docker ps --filter "name=onelab_db|onelab-db" -q) pg_dump -Upostgres -Fc > {{ backup_path.path }}/db.tar.gz
-  become: yes
-
-- name: Creating restore script files
-  copy:
-    src: "{{ onelab_path }}/installation/latest/resources/restore/{{ item }}"
-    dest: "{{ backup_path.path }}"
-  with_items:
-    - 'restore.yml'
-    - 'restore.sh'
-
-# Stop DB if OneLab was not running
-- include_tasks: "{{ onelab_path }}/installation/latest/app/playbooks/tasks/stop-db-only.yml"
-  when: backup_stack_count.stdout == "0"
diff --git a/app/playbooks/tasks/check-offline-resources.yml b/app/playbooks/tasks/check-offline-resources.yml
deleted file mode 100644
index 4e84578..0000000
--- a/app/playbooks/tasks/check-offline-resources.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-# Check if Docker images are existing locally
-- name: Checking local Docker images bundle
-  stat:
-    path: "{{ main_path }}/onelab-images-1.27.0.tar.gz"
-    get_checksum: no
-  register: docker_images_tar
diff --git a/app/playbooks/tasks/check-requirements.yml b/app/playbooks/tasks/check-requirements.yml
deleted file mode 100644
index 83648ca..0000000
--- a/app/playbooks/tasks/check-requirements.yml
+++ /dev/null
@@ -1,71 +0,0 @@
----
-- name: Checking internet connection
-  uri:
-    url: "https://hub.andrewalliance.com"
-  register: pingresult
-  until:
-    - pingresult.status == 200
-  retries: 3 # 3 * 5 seconds = 15s
-  delay: 5 # Every 5 seconds
-  when: (docker_images_tar is undefined) or (not docker_images_tar.stat.exists)
-
-- name: Getting current logged-in user
-  shell: whoami
-  register: login_user
-- debug: var=login_user.stdout
-
-# User running the process may have to enter their sudo password at this step
-
-- name: Checking if the logged-in user has sudo privileges
-  shell: sudo whoami
-  register: sudo_check
-  failed_when: sudo_check.stdout != "root"
-
-- name: Checking Ansible
-  debug: 
-    msg: "{{ item }}"
-  with_items:
-  - "{{ ansible_distribution }}"
-  - "{{ ansible_distribution_version }}"
-  - "{{ ansible_distribution_major_version }}"
-
-- name: Checking Docker version
-  shell: docker -v | cut -d ' ' -f 3 | cut -d ',' -f 1
-  become: true
-  register: docker_version
-- debug: var=docker_version.stdout
-
-# workaround: add a dumb failed condition to avoid any failure here as the service is maybe not installed/existing
-- name: Check if "docker compose" is available
-  shell: docker compose version
-  become: true
-  register: docker_compose_check
-  failed_when: "'FAILED' in docker_compose_check.stderr"
-
-- name: Set the compose command to "docker compose"
-  set_fact:
-    compose_command: "docker compose"
-  when: docker_compose_check.rc == 0
-
-- name: Fallback to "docker-compose" if "docker compose" is not available
-  set_fact:
-    compose_command: "docker-compose"
-  when: docker_compose_check.rc != 0
-
-- name: Checking Docker Compose version
-  shell: "{{ compose_command }} version"
-  become: true
-  register: compose_version_output
-- debug: var=compose_version_output.stdout
-
-- name: Checking tar pacakge
-  shell: tar --usage
-  become: true
-
-- name: Checking unzip pacakge
-  shell: unzip
-  become: true
-
-- name: Checking openssl package
-  shell: openssl
-  become: true
diff --git a/app/playbooks/tasks/check-ssl-files.yml b/app/playbooks/tasks/check-ssl-files.yml
deleted file mode 100644
index ff9d5f9..0000000
--- a/app/playbooks/tasks/check-ssl-files.yml
+++ /dev/null
@@ -1,49 +0,0 @@
----
-# Check SSL files
-- name: Getting the list of Docker secrets
-  shell: docker secret ls | tail -n +2 | awk '{print $2}'
-  register: docker_secrets
-  become: true
-
-- name: Checking if dhparam.pem file exists in /onelab/ssl
-  stat:
-    path: "{{ onelab_path }}/ssl/dhparam.pem"
-  register: dhparam
-  failed_when: not dhparam.stat.exists
-
-- name: Checking if server.pem file exists in /onelab/ssl
-  stat:
-    path: "{{ onelab_path }}/ssl/server.pem"
-  register: serverpem
-  failed_when: not serverpem.stat.exists
-
-- name: Checking if server.key file exists in /onelab/ssl
-  stat:
-    path: "{{ onelab_path }}/ssl/server.key"
-  register: serverkey
-  failed_when: not serverkey.stat.exists
-
-- name: Checking if chain.pem file exists in /onelab/ssl
-  stat:
-    path: "{{ onelab_path }}/ssl/chain.pem"
-  register: chain
-  failed_when: not chain.stat.exists
-
-- name: Checking if certificate and key are matching (part 1/2)
-  shell: >
-    openssl rsa -noout -modulus -in {{ onelab_path }}/ssl/server.key | openssl md5
-  register: serverkey_modulus
-  become: true
-  when:
-    - "'ssl_passphrase' not in docker_secrets.stdout_lines"
-    - (onelab.deployment.skip_ssl is undefined) or (onelab.deployment.skip_ssl == false)
-
-- name: Checking if certificate and key are matching (part 2/2)
-  shell: >
-    openssl x509 -noout -modulus -in {{ onelab_path }}/ssl/server.pem | openssl md5
-  register: serverpem_modulus
-  failed_when: serverpem_modulus.stdout != serverkey_modulus.stdout
-  become: true
-  when:
-    - "'ssl_passphrase' not in docker_secrets.stdout_lines"
-    - (onelab.deployment.skip_ssl is undefined) or (onelab.deployment.skip_ssl == false)
diff --git a/app/playbooks/tasks/init-docker.yml b/app/playbooks/tasks/init-docker.yml
deleted file mode 100644
index 0c093ba..0000000
--- a/app/playbooks/tasks/init-docker.yml
+++ /dev/null
@@ -1,21 +0,0 @@
----
-#
-# Configure Docker
-#
-
-- name: Ensuring Docker status
-  service:
-    name: "docker"
-    state: started
-  
-- name: Determining Docker swarm status
-  shell: >
-    docker info | egrep 'Swarm: '
-  register: swarm_status
-  become: true
-
-- name: Configuring Docker Swarm
-  shell: >
-    docker swarm init --advertise-addr "{{ ansible_default_ipv4.address }}"
-  when: "' Swarm: inactive' in swarm_status.stdout_lines"
-  become: true
diff --git a/app/playbooks/tasks/init-onelab.yml b/app/playbooks/tasks/init-onelab.yml
deleted file mode 100644
index 6b8314a..0000000
--- a/app/playbooks/tasks/init-onelab.yml
+++ /dev/null
@@ -1,119 +0,0 @@
----
-#
-# Start Installation
-#
-
-# Folders creation
-- name: Creating OneLab directory
-  file:
-    path: "{{ onelab_path }}"
-    state: directory
-    
-- name: Creating OneLab directory structure
-  file:
-    path: "{{ onelab_path }}/{{ item }}"
-    state: directory
-  with_items:
-    - 'backups'
-    - 'data'
-    - 'data/shared'
-    - 'data/shared/inputs'
-    - 'data/shared/archived'
-    - 'logs'
-    - 'installation'
-    - 'ssl'
-    - 'rabbit'
-
-- name: Creating directory for rabbit SSL certificates
-  file:
-    path: "{{ onelab_path }}/rabbit/ssl"
-    state: directory
-
-- name: Creating directory for Ansible logs
-  file:
-    path: "{{ onelab_path }}/logs/ansible"
-    state: directory
-
-# Copy version
-- name: Cleaning latest installation
-  ansible.builtin.file:
-    path: "{{ onelab_path }}/installation/latest"
-    state: absent
-
-- name: Copying current installation bundle
-  ansible.builtin.copy:
-    src: "{{ installer_path }}/"
-    dest: "{{ onelab_path }}/installation/{{ item }}"
-    directory_mode: no
-    remote_src: yes
-  with_items:
-    - 'latest'
-    - '1.27.0'
-
-# Copy files
-- name: Copying applicative files
-  copy:
-    src: "{{ onelab_path }}/installation/latest/app/{{ item }}"
-    dest: "{{ onelab_path }}/"
-    directory_mode: yes
-    remote_src: yes
-  with_items:
-    - 'nginx'
-    - 'proxy'
-    - 'rabbit'
-
-- name: Copying routine scripts
-  copy:
-    src: "{{ onelab_path }}/installation/latest/app/{{ item }}.sh"
-    dest: "{{ onelab_path }}/"
-    directory_mode: yes
-    remote_src: yes
-  with_items:
-    - 'start'
-    - 'stop'
-    - 'reconfigure'
-    - 'backup'
-    - 'update'
-
-
-- name: Initializing custom config proxy files
-  file:
-    path: "{{ onelab_path }}/proxy/{{ item }}"
-    state: touch
-  with_items:
-    - 'custom-http.conf'
-    - 'custom-server.conf'
-  when: not is_update
-
-# Initialize configurations.yml file
-- name: Initializing configurations.yml file
-  copy:
-    src: "{{ onelab_path }}/installation/latest/app/configurations.yml"
-    dest: "{{ onelab_path }}/configurations.yml"
-    remote_src: yes
-  when: not is_update
-
-- name: Initializing unique Password and Tokens
-  ansible.builtin.replace:
-    path: "{{ onelab_path }}/configurations.yml"
-    regexp: '{{ item.placeholder }}'
-    replace: '{{ item.value }}'
-  with_items:
-    - { placeholder: DBPasswordPlaceholder, value: '{{ lookup("password", "/dev/null length=16 chars=ascii_letters,digits") }}' }
-    - { placeholder: TokenAuthPlaceholder, value: '{{ lookup("password", "/dev/null length=32 chars=ascii_letters,digits") }}' }
-    - { placeholder: TokenRabbitPlaceholder, value: '{{ lookup("password", "/dev/null length=32 chars=ascii_letters,digits") }}' }
-    - { placeholder: TokenMonitoringPlaceholder, value: '{{ lookup("password", "/dev/null length=32 chars=ascii_letters,digits") }}' }
-  when: not is_update
-
-- name: Initializing Rabbit SSL certificate
-  shell: |
-    openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout {{ onelab_path }}/rabbit/ssl/rabbit.key -out {{ onelab_path }}/rabbit/ssl/rabbit.crt  -subj "/C=CH/ST=Geneva/L=Geneva/O=Andrew Alliance/OU=OneLab/CN=andrewalliance.com"
-    cat {{ onelab_path }}/rabbit/ssl/rabbit.crt > {{ onelab_path }}/rabbit/ssl/rabbit.fullchain.pem
-  become: true
-  when: not is_update
-
-- name: Initializing DH Param
-  shell: |
-    openssl dhparam -out {{ onelab_path }}/ssl/dhparam.pem 2048
-  become: true
-  when: not is_update
diff --git a/app/playbooks/tasks/init-service.yml b/app/playbooks/tasks/init-service.yml
deleted file mode 100644
index e9e5975..0000000
--- a/app/playbooks/tasks/init-service.yml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-#
-# Create onelab.service
-#
-- name: Check ansible-playbook bin
-  shell: whereis ansible-playbook | cut -d ' ' -f 2
-  register: ansiblebin_result
-  become: true
-
-# workaround: add a dumb failed condition to avoid any failure here as the service is maybe not installed/existing
-- name: Check onelab.service
-  shell: |
-    systemctl disable onelab.service
-    rm /etc/systemd/system/onelab.service
-  register: command_result
-  failed_when: "'FAILED' in command_result.stderr"
-  become: true
-
-# playbook_dir will be /home/ubuntu/onelab/test/onelab-enterprise-installer-release-1.13.0/app/playbooks for install.sh
-# but will be /home/ubuntu/onelab/test/onelab/installation/latest/app/playbooks/ for update.sh
-- debug: var=playbook_dir
-
-- name: Creating onelab.service
-  ansible.builtin.template:
-    src: "{{ installer_path }}/resources/services/onelab.service"
-    dest: "/etc/systemd/system/onelab.service"
-  become: true
-
-- name: Configuring onelab.service
-  shell: |
-    systemctl daemon-reload
-    systemctl enable onelab.service
-  become: true
diff --git a/app/playbooks/tasks/install-task.yml b/app/playbooks/tasks/install-task.yml
deleted file mode 100644
index 690bc73..0000000
--- a/app/playbooks/tasks/install-task.yml
+++ /dev/null
@@ -1,81 +0,0 @@
----
-#
-# Offline-resources-check
-#
-- include_tasks: "{{ installer_path }}/app/playbooks/tasks/check-offline-resources.yml"
-#
-# Pre-check
-#
-- include_tasks: "{{ installer_path }}/app/playbooks/tasks/check-requirements.yml"
-#
-# Configure Docker
-#
-- include_tasks: "{{ installer_path }}/app/playbooks/tasks/init-docker.yml"
-
-  
-- name: Loading Docker images
-  debug:
-    msg:
-    - "Loading images could take few minutes, please do not interrupt"
-  when: (docker_images_tar is defined) and (docker_images_tar.stat.exists)
-
-- name: Loading OneLab images from the tar file
-  shell:
-    docker load --input {{ main_path }}/onelab-images-1.27.0.tar.gz
-  become: true
-  when: (docker_images_tar is defined) and (docker_images_tar.stat.exists)
-
-
-#
-# Check if we are running a fresh installation or an update on an existing installation
-#
-- name: Checking if OneLab is already installed
-  stat:
-    path: "{{ onelab_path }}/docker-compose.yml"
-  register: onelab_result
-
-#
-# Pre-migration task
-#
-- include_tasks: "{{ installer_path }}/app/playbooks/tasks/pre-update.yml"
-  when: onelab_result.stat.exists
-
-#
-# Install OneLab
-#
-- include_tasks: "{{ installer_path }}/app/playbooks/tasks/init-onelab.yml"
-  vars:
-    is_update: "{{ onelab_result.stat.exists|bool }}"
-
-#
-# Init Service
-#
-- include_tasks: "{{ installer_path }}/app/playbooks/tasks/init-service.yml"
-
-# Checking Docker volumes
-
-- name: Checking if RabbitMQ exists
-  shell: docker volume ls
-  become: true
-  register: list_volumes
-
-
-# Cleaning cache
-- name: Cleaning RabbitMQ cache
-  shell: docker volume rm onelab_rabbitmq_data
-  become: true
-  when: "'onelab_rabbitmq_data' in list_volumes.stdout"
-
-#
-# Reconfigure
-#
-- include_vars:
-    file: "{{ onelab_path }}/configurations.yml"
-    
-- include_tasks: "{{ installer_path }}/app/playbooks/tasks/update-conf-files.yml"
-
-#
-# Post-migration task
-#
-- include_tasks: "{{ installer_path }}/app/playbooks/tasks/post-update.yml"
-  when: onelab_result.stat.exists
\ No newline at end of file
diff --git a/app/playbooks/tasks/manage-images.yml b/app/playbooks/tasks/manage-images.yml
deleted file mode 100644
index 0848e25..0000000
--- a/app/playbooks/tasks/manage-images.yml
+++ /dev/null
@@ -1,40 +0,0 @@
-- name: Connecting to Docker Hub
-  shell: >
-    docker login -u {{ onelab.docker.login.user|default('public') }} -p {{ onelab.docker.login.password|default('Andrew01..Release') }} hub.andrewalliance.com
-  become: true
-  when: (docker_images_tar is undefined) or (not docker_images_tar.stat.exists)
-
-- name: Checking current OneLab images
-  shell: >
-    {% raw %}
-    docker image ls --format '{{.ID}} {{.Repository}}:{{.Tag}}' |
-    egrep 'onelab-' |
-    egrep -v '1.27.0' |
-    awk '{ print $1 }'
-    {% endraw %}
-  register: onelab_old_images
-  become: true
-
-- name: Pruning OneLab old images
-  shell:
-    docker rmi {{ item }}
-  become: true
-  loop: "{{ onelab_old_images.stdout_lines }}"
-
-- name: Gathering OneLab images
-  shell: >
-    cat {{ onelab_path }}/docker-compose.yml | egrep 'image: ' | awk '{ print $2 }'
-  register: onelab_images
-  become: true
-  when: (docker_images_tar is undefined) or (not docker_images_tar.stat.exists)
-
-- name: Pulling OneLab images
-  shell: >
-    docker image pull {{ item }}
-  become: true
-  register: pullimages
-  loop: "{{ onelab_images.stdout_lines }}"
-  until: pullimages is not failed
-  retries: 10
-  delay: 5
-  when: (docker_images_tar is undefined) or (not docker_images_tar.stat.exists)
diff --git a/app/playbooks/tasks/post-db-migration.yml b/app/playbooks/tasks/post-db-migration.yml
deleted file mode 100644
index d92983c..0000000
--- a/app/playbooks/tasks/post-db-migration.yml
+++ /dev/null
@@ -1,28 +0,0 @@
----
-
-- name: Pull new postgres image
-  shell: |
-    docker image pull hub.andrewalliance.com/releases/postgres:17.8
-  become: true
-  when: (docker_images_tar is undefined) or (not docker_images_tar.stat.exists)
-
-- name: Cleaning database
-  shell: >
-    docker volume rm onelab_pgdata
-  become: true
-
-- include_tasks: "{{ onelab_path }}/installation/latest/app/playbooks/tasks/start-db-only.yml"
-
-- name: Restoring & Migrating database
-  shell: |
-    docker exec -i $(docker ps --filter "name=onelab_db|onelab-db" -q) pg_restore -Upostgres -dpostgres -v -Fc  < {{ onelab_path }}/db-migration-postgres.tar.gz
-    rm {{ onelab_path }}/db-migration-postgres.tar.gz
-  become: true
-
-- include_tasks: "{{ onelab_path }}/installation/latest/app/playbooks/tasks/stop-db-only.yml"
-
-- name: Removing lock file
-  shell: >
-    rm {{ onelab_path }}/.lock_db_migration
-  become: true
-
diff --git a/app/playbooks/tasks/post-update.yml b/app/playbooks/tasks/post-update.yml
deleted file mode 100644
index a5ce8f9..0000000
--- a/app/playbooks/tasks/post-update.yml
+++ /dev/null
@@ -1,21 +0,0 @@
----
-  #
-  # Specfic update tasks for version
-  #
-
-
-  #
-  # Migrate SSL structure (1.12.0 -> 1.13.0)
-  #
-  - include_tasks: "{{ installer_path }}/app/playbooks/tasks/ssl-cert-migration.yml"
-
-  #
-  # Postgres13 post-migration
-  #
-  - name: Checking if database has to be migrated
-    stat:
-      path: "{{ onelab_path }}/.lock_db_migration"
-    register: onelab_lock_db_result
-
-  - include_tasks: "{{ installer_path }}/app/playbooks/tasks/post-db-migration.yml"
-    when: onelab_lock_db_result.stat.exists
\ No newline at end of file
diff --git a/app/playbooks/tasks/pre-db-migration.yml b/app/playbooks/tasks/pre-db-migration.yml
deleted file mode 100644
index a029bba..0000000
--- a/app/playbooks/tasks/pre-db-migration.yml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-- include_tasks: "{{ installer_path }}/app/playbooks/tasks/start-db-only.yml"
-
-- name: Backing up database
-  shell:
-    docker exec -i $(docker ps --filter "name=onelab_db|onelab-db" -q) pg_dump -Upostgres -Fc > {{ onelab_path }}/db-migration-postgres.tar.gz
-  become: yes
-
-- include_tasks: "{{ installer_path }}/app/playbooks/tasks/stop-db-only.yml"
-
-- name: Creating lock file
-  shell: >
-    touch {{ onelab_path }}/.lock_db_migration
-  become: true
diff --git a/app/playbooks/tasks/pre-update.yml b/app/playbooks/tasks/pre-update.yml
deleted file mode 100644
index cc2ea3e..0000000
--- a/app/playbooks/tasks/pre-update.yml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-  - name: Checking current database
-    shell: >
-      cat {{ onelab_path }}/docker-compose.yml | egrep 'image: postgres' | awk '{ print $2 }'
-    register: onelab_db
-    become: true
-
-  #
-  # Postgres pre-migration
-  #
-  - include_tasks: "{{ installer_path }}/app/playbooks/tasks/pre-db-migration.yml"
-    when: onelab_db.stdout != 'hub.andrewalliance.com/releases/postgres:17.8'
diff --git a/app/playbooks/tasks/reconfigure-task.yml b/app/playbooks/tasks/reconfigure-task.yml
deleted file mode 100644
index cb5ae9e..0000000
--- a/app/playbooks/tasks/reconfigure-task.yml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-# Evaluate Docker images bundle
-- include_tasks: "{{ onelab_path }}/installation/latest/app/playbooks/tasks/check-offline-resources.yml"
-  when: (policy | default('')) != "no-pull" and (onelab.docker.policy | default('')) != "no-pull"
-
-# Update conf files
-- include_tasks: "{{ onelab_path }}/installation/latest/app/playbooks/tasks/update-conf-files.yml"
-
-# Check SSL files
-- include_tasks: "{{ onelab_path }}/installation/latest/app/playbooks/tasks/check-ssl-files.yml"
-
-# Rotate Rabbit SSL files
-- include_tasks: "{{ onelab_path }}/installation/latest/app/playbooks/tasks/rotate-ssl-files-for-rabbit.yml"
-
-# Connect to Docker and pull images, and clean up old images
-- include_tasks: "{{ onelab_path }}/installation/latest/app/playbooks/tasks/manage-images.yml"
-  when: (policy | default('')) != "no-pull" and (onelab.docker.policy | default('')) != "no-pull"
diff --git a/app/playbooks/tasks/rotate-ssl-files-for-rabbit.yml b/app/playbooks/tasks/rotate-ssl-files-for-rabbit.yml
deleted file mode 100644
index 8ad43c3..0000000
--- a/app/playbooks/tasks/rotate-ssl-files-for-rabbit.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-# Check SSL files
-- name: Rotate Rabbit SSL certificate
-  shell: |
-    openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout {{ onelab_path }}/rabbit/ssl/rabbit.key -out {{ onelab_path }}/rabbit/ssl/rabbit.crt  -subj "/C=CH/ST=Geneva/L=Geneva/O=Andrew Alliance/OU=OneLab/CN=andrewalliance.com"
-    cat {{ onelab_path }}/rabbit/ssl/rabbit.crt > {{ onelab_path }}/rabbit/ssl/rabbit.fullchain.pem
-  become: true
-  
\ No newline at end of file
diff --git a/app/playbooks/tasks/ssl-cert-migration.yml b/app/playbooks/tasks/ssl-cert-migration.yml
deleted file mode 100644
index 14c4ed2..0000000
--- a/app/playbooks/tasks/ssl-cert-migration.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-
-- name: Checking if fullchain.pem file exists in /onelab/ssl
-  stat:
-    path: "{{ onelab_path }}/ssl/fullchain.pem"
-  register: fullchain
-
-- name: Migrating legacy SSL structure to the new one
-  shell: |
-    cp {{ onelab_path }}/ssl/fullchain.pem  {{ onelab_path }}/ssl/server.pem
-    cp {{ onelab_path }}/ssl/fullchain.pem  {{ onelab_path }}/ssl/chain.pem
-    rm {{ onelab_path }}/ssl/server.crt
-    rm {{ onelab_path }}/ssl/fullchain.pem
-  when: fullchain.stat.exists
-  register: command_result
-  failed_when: "'FAILED' in command_result.stderr"
-  become: true
-
diff --git a/app/playbooks/tasks/start-db-only.yml b/app/playbooks/tasks/start-db-only.yml
deleted file mode 100644
index 4caaf2e..0000000
--- a/app/playbooks/tasks/start-db-only.yml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-# workaround: add a dumb failed condition to avoid any failure here as the service is maybe not installed/existing
-- name: Check if "docker compose" is available
-  shell: docker compose version
-  become: true
-  register: docker_compose_check
-  failed_when: "'FAILED' in docker_compose_check.stderr"
-
-- name: Set the compose command to "docker compose"
-  set_fact:
-    compose_command: "docker compose"
-  when: docker_compose_check.rc == 0
-
-- name: Fallback to "docker-compose" if "docker compose" is not available
-  set_fact:
-    compose_command: "docker-compose"
-  when: docker_compose_check.rc != 0
-  
-- name: Starting database service
-  shell: |
-    {{ compose_command }} -f {{ onelab_path }}/docker-compose.yml up -d db
-    sleep 30
-  become: true
diff --git a/app/playbooks/tasks/start-onelab.yml b/app/playbooks/tasks/start-onelab.yml
deleted file mode 100644
index f84bf7c..0000000
--- a/app/playbooks/tasks/start-onelab.yml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-- name: Starting OneLab
-  shell: >
-    docker stack deploy onelab --compose-file {{ onelab_path }}/docker-compose.yml --with-registry-auth  --prune
-  become: true
-
-- name: Checking OneLab health status (could take up to 5min to be alive)
-  uri:
-    url: "{{ onelab.domain }}/api/status?token={{ onelab.security.monitoring.token }}"
-    return_content: yes
-    validate_certs: no
-  register: json_response
-  until:
-    - json_response.status == 200
-    - (json_response is defined) and (json_response.content|length > 0)
-    - json_response.content is search('status')
-    - "(json_response.content | from_json).status == 'running'"
-  retries: 60 # 60 * 10 seconds = 10m
-  delay: 10 # Every 10 seconds
\ No newline at end of file
diff --git a/app/playbooks/tasks/start-proxy.yml b/app/playbooks/tasks/start-proxy.yml
deleted file mode 100644
index ab013a3..0000000
--- a/app/playbooks/tasks/start-proxy.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-- name: Starting Proxy
-  shell: |
-    docker stack deploy onelab_proxy --compose-file {{ onelab_path }}/proxy/docker-compose.yml
-    sleep 10
-  become: true
\ No newline at end of file
diff --git a/app/playbooks/tasks/stop-db-only.yml b/app/playbooks/tasks/stop-db-only.yml
deleted file mode 100644
index 1048438..0000000
--- a/app/playbooks/tasks/stop-db-only.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-- name: Stopping database service
-  shell: |
-    {{ compose_command }} -f {{ onelab_path }}/docker-compose.yml down
-    sleep 30
-  become: true
diff --git a/app/playbooks/tasks/stop-onelab.yml b/app/playbooks/tasks/stop-onelab.yml
deleted file mode 100644
index 42abf45..0000000
--- a/app/playbooks/tasks/stop-onelab.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-- name: Stopping OneLab
-  shell: |
-    docker stack rm onelab
-    sleep 30
-  become: true
diff --git a/app/playbooks/tasks/stop-proxy.yml b/app/playbooks/tasks/stop-proxy.yml
deleted file mode 100644
index 1632bea..0000000
--- a/app/playbooks/tasks/stop-proxy.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-- name: Stopping Proxy
-  shell: |
-    docker stack rm onelab_proxy
-    sleep 20
-  become: true
\ No newline at end of file
diff --git a/app/playbooks/tasks/update-conf-files.yml b/app/playbooks/tasks/update-conf-files.yml
deleted file mode 100644
index 7d73344..0000000
--- a/app/playbooks/tasks/update-conf-files.yml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-- name: Loading Docker Swarm configuration
-  shell: >
-    docker node ls | grep "Ready" | wc -l
-  register: nodecount
-  become: true
-
-- set_fact:
-    deploy_on: "{{ 'manager' if (nodecount.stdout == '1') else 'worker' }}"
-
-- name: Getting the list of Docker secrets
-  shell: docker secret ls | tail -n +2 | awk '{print $2}'
-  register: docker_secrets
-  become: true
-
-- name: Reconfiguring files
-  ansible.builtin.template:
-    src: "{{ onelab_path }}/installation/latest/app/{{ item }}"
-    dest: "{{ onelab_path }}/{{ item }}"
-  with_items:
-    - 'docker-compose.yml'
-    - 'nginx/onelab.conf'
-    - 'proxy/proxy.conf'
-    - 'proxy/docker-compose.yml'
diff --git a/app/playbooks/uninstall.yml b/app/playbooks/uninstall.yml
deleted file mode 100644
index a6aac1d..0000000
--- a/app/playbooks/uninstall.yml
+++ /dev/null
@@ -1,53 +0,0 @@
----
-- name: Uninstalling OneLab (1.27.0) 
-  hosts: localhost
-  vars_prompt:
-    - name: "userchoice"
-      prompt: "Do you want to uninstall OneLab and remove all the data? Type: yes/no"
-      private: no
-
-  # Call from ./installation/latest/app/playbooks/uninstall.yml
-
-  tasks:
-  
-    - name: Aborting the uninstall process
-      fail:
-        msg: Aborting the uninstall process
-      when: userchoice != "yes"
-
-    # Stop OneLab if OneLab is running
-    - name: Checking if OneLab is running
-      shell: docker stack ls | grep 'onelab' | wc -l
-      become: true
-      register: stack_count
-
-    - include_tasks: ./tasks/stop-onelab.yml
-      when: stack_count.stdout != "0"
-    - include_tasks: ./tasks/stop-proxy.yml
-      when: stack_count.stdout != "0"
-
-    # Remove Docker volumes (onelab_pgdata, onelab_rabbitmq_data)
-    - name: Removing Docker data
-      shell: |
-        docker volume rm onelab_pgdata -f
-        docker volume rm onelab_rabbitmq_data -f
-      become: true
-
-    # Remove Docker images
-    - name: Checking current OneLab images
-      shell: >
-        docker image ls | egrep 'onelab-' | egrep -v '1.27.0' | awk '{ print $3}'
-      register: onelab_old_images
-      become: true
-
-    - name: Pruning OneLab old images
-      shell:
-        docker rmi {{ item }}
-      become: true
-      loop: "{{ onelab_old_images.stdout_lines }}"
-
-    # Remove Docker login credentials
-    - name: Removing Docker login credentials
-      shell: |
-        docker logout hub.andrewalliance.com
-      become: true
diff --git a/app/playbooks/update.yml b/app/playbooks/update.yml
deleted file mode 100644
index a0e22d7..0000000
--- a/app/playbooks/update.yml
+++ /dev/null
@@ -1,115 +0,0 @@
-# This playbook updates the OneLab Enterprise to latest version or a chosen version in one step
----
-- name: Updating OneLab
-  hosts: localhost
-  gather_facts: yes
-  vars:
-    main_path: '../../../../..'
-    onelab_path: '../../../../../onelab'
-  
-  vars_prompt:
-    - name: "userchoice"
-      prompt: "Confirm OneLab update: yes/no"
-      private: no       
-
-  tasks:
-
-    # Choice to proceed or stop the update process
-    - name: Aborting the update process
-      fail:
-        msg: Aborting the update process
-      when: userchoice != "yes"
-
-    # Gather latest version information
-    - name: Fetching OneLab latest version details from the repository
-      uri:
-        url: "https://hub.andrewalliance.com/enterprise/version.json"
-        return_content: yes
-        validate_certs: no
-      register: latest_version
-      become: true
-      when:  version is undefined
-    - set_fact:
-        latest: "{{ (latest_version.content | from_json).version }}"
-      when:  version is undefined
-
-    - name: Checking OneLab current version
-      fail:
-        msg: OneLab is already up-to-date (1.27.0)
-      when: (version is undefined) and (latest == "1.27.0")
-
-    - name: Starting OneLab update to {{ version | default(latest) }}
-      debug:
-        msg: Version {{ version | default(latest) }}
-
-    # Remove installer bundles if it exists already, then download & unzip
-    - name: Removing the bundle if it already exists
-      file:
-        state: absent
-        path: "{{ item }}"
-      with_items:
-        - "{{ main_path }}/onelab-enterprise-installer-{{ version | default(latest)}}"
-        - "{{ main_path }}/onelab-enterprise-installer-{{ version | default(latest)}}.zip"
-      become: true
-
-    - name: Downloading the installer bundle
-      shell: wget --no-check-certificate https://hub.andrewalliance.com/enterprise/onelab-enterprise-installer-{{ version | default(latest)}}.zip -P {{ main_path }}
-      become: true
-      
-    - name: Unzip the installer bundle
-      shell: unzip {{ main_path }}/onelab-enterprise-installer-{{ version | default(latest)}}.zip -d {{ main_path }}/onelab-enterprise-installer-{{ version | default(latest)}}
-      become: true
-
-    - name: Checking if OneLab is running
-      shell: docker stack ls | grep 'onelab' | wc -l
-      become: true
-      register: stack_count
-
-    # Stop OneLab (unkown version) if OneLab is running
-    - include_tasks: "{{ onelab_path }}/installation/latest/app/playbooks/tasks/stop-onelab.yml"
-      when: stack_count.stdout != "0"
-    - include_tasks: "{{ onelab_path }}/installation/latest/app/playbooks/tasks/stop-proxy.yml"
-      when: stack_count.stdout != "0"
-
-    # Start Proxy (maintenance page) if OneLab was running
-    - include_tasks: "{{ onelab_path }}/installation/latest/app/playbooks/tasks/start-proxy.yml"
-      when: stack_count.stdout != "0"
-
-    # Perform OneLab backup
-    - include_tasks: "{{ onelab_path }}/installation/latest/app/playbooks/tasks/backup-task.yml"
-
-    # Perform OneLab update
-    - include_tasks: "{{ main_path }}/onelab-enterprise-installer-{{ version | default(latest)}}/app/playbooks/tasks/install-task.yml"
-      vars:
-        main_path: '../../../../..'
-        onelab_path: '../../../../../onelab'
-        installer_path: '../../../../../onelab-enterprise-installer-{{ version | default(latest)}}'
-
-    # Load configuration
-    - include_vars: 
-        file: "{{ onelab_path }}/configurations.yml"
-
-    # Perform reconfiguration
-    # Use dynamic path (variable) to force dynamic loading of this new task
-    - include_tasks: "{{ onelab_path }}/installation/latest/app/playbooks/tasks/reconfigure-task.yml"
-
-    # Remove installer bundles 
-    - name: Removing the installer
-      file:
-        state: absent
-        path: "{{ item }}"
-      with_items:
-        - "{{ main_path }}/onelab-enterprise-installer-{{ version | default(latest)}}"
-        - "{{ main_path }}/onelab-enterprise-installer-{{ version | default(latest)}}.zip"
-      become: true
-
-    # Stop Proxy (maintenance page) if OneLab was running
-    # Use dynamic path (variable) to force dynamic loading of this new task
-    - include_tasks: "{{ onelab_path }}/installation/latest/app/playbooks/tasks/stop-proxy.yml"
-      when: stack_count.stdout != "0"
-
-    # Start OneLab if OneLab was running
-    - include_tasks: "{{ onelab_path }}/installation/latest/app/playbooks/tasks/start-proxy.yml"
-      when: stack_count.stdout != "0"
-    - include_tasks: "{{ onelab_path }}/installation/latest/app/playbooks/tasks/start-onelab.yml"
-      when: stack_count.stdout != "0"
\ No newline at end of file
diff --git a/app/proxy/docker-compose.yml b/app/proxy/docker-compose.yml
deleted file mode 100644
index 41681e5..0000000
--- a/app/proxy/docker-compose.yml
+++ /dev/null
@@ -1,47 +0,0 @@
-version: "3.2"
-services:
-    proxy:
-        image: hub.andrewalliance.com/releases/nginx:1.29.5-alpine
-        ports:
-            - target: 80
-              published: 80
-              protocol: tcp
-              mode: host
-            - target: 443
-              published: 443
-              protocol: tcp
-              mode: host
-        volumes:
-            - ./../ssl:/etc/nginx/ssl
-            - ./not-supported.html:/usr/onelab/not-supported.html
-            - ./error-404.html:/usr/onelab/error-404.html
-            - ./proxy.conf:/etc/nginx/nginx.conf
-            - ./custom-http.conf:/etc/nginx/custom-http.conf
-            - ./custom-server.conf:/etc/nginx/custom-server.conf
-        extra_hosts:
-            - "host.docker.internal:host-gateway"
-        deploy:
-          replicas: 1
-          placement:
-            constraints:
-              - node.role == manager
-{% if docker_secrets is defined and "ssl_passphrase" in docker_secrets.stdout_lines %}
-        secrets:
-          - ssl_passphrase
-{% endif %}
-    maintenance:
-        image: hub.andrewalliance.com/releases/nginx:1.29.5-alpine
-        volumes:
-            - ./maintenance.html:/usr/onelab/index.html
-            - ./maintenance.conf:/etc/nginx/conf.d/default.conf
-        deploy:
-          replicas: 1
-          placement:
-            constraints:
-              - node.role == manager
-{% if docker_secrets is defined and "ssl_passphrase" in docker_secrets.stdout_lines %}
-secrets:
-  ssl_passphrase:
-    external: true
-{% endif %}
-
diff --git a/app/proxy/error-404.html b/app/proxy/error-404.html
deleted file mode 100644
index 2ffc0d8..0000000
--- a/app/proxy/error-404.html
+++ /dev/null
@@ -1,98 +0,0 @@
-<!doctype html>
-<html lang="en">
-
-<head>
-  <meta charset="utf-8">
-  <title>OneLab - Page Not Found</title>
-  <meta name="description" content="The page you are looking for does not exist or has been moved.">
-  <meta name="robots" content="noindex, nofollow">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <link href="https://fonts.googleapis.com/css?family=Open+Sans&display=swap" rel="stylesheet">
-  <style>
-    body {
-      font-family: "Open Sans", sans-serif, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;
-    }
-
-    .page {
-      position: absolute;
-      top: 0;
-      bottom: 0;
-      left: 0;
-      right: 0;
-      text-align: center;
-      padding: 128px;
-      display: flex;
-      flex-direction: column;
-      align-items: center;
-    }
-
-    .content {
-      width: 360px;
-      max-width: 90%;
-    }
-
-    .main {
-      font-size: 32px;
-      font-weight: 600;
-      margin-top: 64px;
-      font-stretch: normal;
-      font-style: normal;
-      line-height: normal;
-      letter-spacing: normal;
-      text-align: center;
-      color: #4a4a4a;
-    }
-
-    .code {
-      margin-top: 8px;
-      font-size: 13px;
-      letter-spacing: 2px;
-      color: #888;
-      text-transform: uppercase;
-    }
-
-    .sub {
-      margin-top: 24px;
-      font-size: 15px;
-      line-height: 1.47;
-      color: #4a4a4a;
-    }
-
-    a.login-btn {
-      display: inline-block;
-      margin-top: 32px;
-      padding: 12px 28px;
-      border-radius: 1000px;
-      background: #6cb644;
-      color: #fff;
-      text-decoration: none;
-      font-weight: 600;
-      box-shadow: 0 2px 4px rgba(0, 0, 0, .15);
-      font-size: 15px;
-    }
-
-    a.login-btn:hover,
-    a.login-btn:focus {
-      background: #3a8611;
-    }
-  </style>
-</head>
-
-<body>
-  <div class="page" role="main" aria-labelledby="title">
-    <div class="content">
-      <div class="img">
-        <img
-          src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAALsAAAAvCAQAAAARbnO0AAAABGdBTUEAALGPC/xhBQAAC7VJREFUeNrtW3l0FdUdHgIkCAiyb1ZEkH1TREQRBVzqgrIVkCMFpbREPEKAIgoRxIWlilatuIRzEMUcN5YgtYYeEFRA+b47bxKeiX0algAqYFDZpDVMzyx3Zt7+XhJSqLn3n7yZO3f57u/+7vdboii/suLrIgYZlZ3O2Ait2EuvoVQVb+Eb0M2adWb6xxSWQqemXpDUZ3oKrxJzkMUc/pPZfJZ3a00rHxz1RjxtVD58bsEeSOMpq3/OTHyxF2A+vren5VSexiZxXeXCjkx79KJzC3bUxi9W/2JOohMazyOhkHvA/7toUgV7Av0/bva+x988gcb+VL4UHXK7FvuurII9gSv1Mt5eeH4i+rwasz3wHuZLYrjvSq0rBjCDH3kk/qjvsirYK24qizx6fGGgXsjba/mFA/0BXBQTrsZqT7bz100A2Mais9Y1v5lerSJh9zf0dUGf/GYxxl0ZCru/oeiRdwlqVxianTiw+Lz4APThaXsqJ8UdEe/nesh1Nmad58sx+Nqo3KAoHMzNLLHblFLDQ9EoFLsji/ud/r7Da2rP8sMeqIdMao54/ISPOVJP4TP2DJ8Ih31XLTGBW/GD/fsXbhXTEoArThFzzFUF0Dje7myTks5R0dpodQhnSTc5Q0yynxzi1giX8H70Ce1nVy0uczbZy5VeDDYwkoUdQ3gwwgwCKLD/eiUM9q9xOML9dUC9tTygF5+H/9gjxqa+am9nkitiXhTtZYdYHwZ7NPZzRL3Y20deA3wWtfV6L/DJwS4mGSZKzJmEwx6tZSkeKDvsu2rh33ZPs2LL+hNS4oIhiiBRWXbLU/Ke9sLO0/RhJefyBXzsebrKc3FXx4fO881iNDuhLQcjy5H+BWWDHQMkV4bOEm7gEj7O91DgPVWRYWcpduJtzOez2Iif3JWIEeXQ7DPNcQv8DWM3s9UDP4/b4c1yYuKWUNi5w6tQ1FtxSC5Mu9BZ8ANO68lB5+16y7JjKTomD3sgDcUOkFmo7+n3aqgxYf/Ey8tEE77lvPmhoFE5WFhb9AukxWu0x57Y3+J1l9fAmdYfQmAv0lNCjv1Yp+0YqfX4nf3kqbA5PGTPYVnysPN+RxgmhRHj6pIKhMPOVeEcSs4DOhedafL4sz3UIwns47+DDV8H9i/DLQFnOxfb4wyW3D+cqqG+rZsPSSiSgF2e1g8izvjNUNhj8XY9xbFS9sRxo1yv3umuA/041DWQeBWHuSyOvcQI9+yIHvid6eNyfDAL44JeU2pLZsSDXVH4j2AJxnPSyaB1CK/40t7QzsnBXni+1OuRLehw2MN5exCc10h5Vy+Na3IVWhYOlpoj7LLA5WKLxYmW5rtHzF8H8y4x8ZpmEQ3RWaHfHujNBHSWPM6jE4BdOhvetr9eE9f5YCz2xuRgR0fJunfVKr+0m0TZ5kQcGJVMt/EqW9HEUUxTvd8jU1H0GjjpPfPSrsFShe/ZLw6G6uewJdzngNMzAdhfsPt91/69JRHYpeWQKOyir/3d7ihzTlLa3btODI+KQwuHI40xFKQ8b/yT4duSQGOGobSkMcZ5JgbSSHxawThHhkfE8cP7QpeYFOw5dtu93Bq9ikHJwc5OFSvtgTRpnYgbYow6zwCeG1DTHGOGKeGfWBYu0o0eCFsBjTNZWr6lgMQInDDQEi2Vgkbmn6ZNF8uX4iGLi8oCO160235Yka6wQD3nUPepCGnH5c4qYwb9fK3YyWVCaOHr4uoKranWVa/u+p7QzTUE8xqwu7VZCh5zhspxm4eAfp0TNSlxDYFkYBfDHbPs0or0QDp27/sVIe2OJ/ZAZBddBRatDvY62jU3knUlRssTAR33RTgBCcBeeL5zoeSHO8kwJNgXkgSBnOoIzT0R3q6NytuzI2zSGKev58tByW8W98bygXp9gj86Ax5khssz9Wq8ius8l96rERVPArB7jRF8hm5B3v6JPMVSPFQW2IvPwzeO33OJ14OodZAkNqK061zHdkH9LHS8Tics+lcm0C0G9308V4sF4A085vVVEFiNlcjFt0E8Y1WwnzA52P2p/NTjDVnJybiJQznbdddyfCjsLOHD0apWxx7pt673hfv4FmdzKl/mFscpFd0nc4qbsRRTOJvZHheDyUnKVvx1HdtmXmKhqC7SZIlC7U5zXqi+Sw52RfE39wRMIngJPZdUZnyy6R5kZoQ7k8vqgUzEcIxpUkrxnZJ4oGCBV+aDpr0tUu5AsrCbLDei2cSD4l7vpiYHu6KIu5xwhbcWoTAq7HsjrZXHxIRyhjnGmsx9U1LRKtFEPIhN3uOJYmS5gY3ywm75M7CGRz0KbTOm5DWIwmQShF0xiPBCBlz1AYFxeo1YBNLfUMzxqhbswVMJXYVxKUr+b8oaI2kr+opB7B477UCvodUxaqRQmD/VehfZBepPRUfRX/Rnu8hSgZrW17FqJIqnXaj2xgCtjSTCgTSrrT/VNYiCn/jrsjtuE/0tr0lVOUeLnsJRYprWpgqJSi2WEuNRrUMVFpVWAvUcTjW/Co3KUzHVHUZ1XxUalVg41MwkXeNe4lWlkiQ+NK8u/l7Ni5vNpOgpvvZn9aXW7Zw74DgeH1K1J44nf4Q4kj7kcVE013IFHvNR3PF/CLthciTbr3opDovOqMkPwtMqfrWwq735OrZzlRiOExbs6MM3uA0r2Uux0i+mYBO34U31TiOygnfsBd6Mt7Gd2RzMtYalymViBJZjO9dxaAgUt2ON6U6YEO7JRm3Mx0Z8iBnGSeBU/tn+5losN0J1HMhsbsNyJ6ugJjOwHhvFo8aYYpo7FlbnN+N4gke4lmvZXVFwEZbyU67isLPv7h3FI5iu9lZv5bvQDdjFcO7GEFwk7sDXor+icDI3oI+vi/g9Bxt+bJw0Fzkd33Aie6l3YiN04xrhPpAj2UtM4jGjpdfXgyI0zm/GHer1YY6InXxG66B1xWvGdhY0wlcYZ8bnvzHyCMQEfCluEa05EntEDzPauR3rcZOxKXzZME/kNikKS7U2ojUy+YXoK/qiPjriW6SrF6vXYHt5MhvPQPGnsgS3eZWMnoJv0c9eyGB8oihcwuddD4gFu785jhvypFj/82TDrl5jw/xoqAsMT6GIO2Qan+f5LJknqaeg0IiI+rrgkLgFOw3XqVYHP0op53jmmJknuU4SU81w2L1KBuudjJ6W+CF51XgmFUxPlgTrdrZjKV/nCqPiHRzXq+U3Qy6K+boYa0zdgh23UXP6CId9eLB+xXL6OJc+w8OHtt44EnP4uTUWV3CXxUHEHdCx3FJ2OOG8zeE+ReFHMr1PGuPRYWcJ18mvcdwb0fqfF197nPDEuY/72ouW+EUMUq+W1ZItf3NxF1ZT86dasIu+KI4OO4ZAeKDphx+NWJC4CzvRllu9iobZfMkdy9fKorE8ys8NvY5uPMZr5VvjLOB9/jFIRS5z0wjDYN+HdLfvhP6fqPI8ZigwUmkUywn6s6HboXK2LbWtvTFBPQWHzdS5k6aOLZRSK3rEhl0M4m5ra8VonpJZkfa7sfjK8rbr1Yx7xLDzcEBrY8ipmVdVhHRHQFqYmSf/skLg/rpGDgJncou8JSzYMURm8vAVrLaFpq5FDs4m0ng592M1ZnAxAzxtwK725H7mMINLjKvVlL43kC5GI4uaXkNeqVpXFBB4FeuNTCqTc0SB3Z/KLcgV9zIDecjCV8HeOa7gPvEoZvEjrgqkaV35nbjCAAoqppsn5RDf4lQ8x91W8hL+imI+gUz6jXilvyH3IRfTuchIKzRhb8FjeBHp2oV5DSC4gzPxGAqkIJ1NwNfnRC7iVF8rPmxlDeQ14EQs4HgrToLaHIZM/oUTDVVR0EguIZDGgbyHA3k7d5kAZsi4CjoGh4H16hyG+cww5FNcFxrDEYM4VzyIAZb0y+xDXysxxxhPa4p0LODdbshFXMGZnCvDjOoFvJ+Leb/WFI9Y50D0EE9iljGKXkOMFk9y8lml18tXRGsriR/dUFjlb6s8vn8PdqIIe6HKfzOoKomW/wIUYeDeIwVFgwAAAABJRU5ErkJggg=="
-          alt="OneLab logo">
-      </div>
-      <div class="main" id="title">Page not found</div>
-      <div class="code">Error 404</div>
-      <div class="sub">The page you requested doesn’t exist, was removed, or is temporarily unavailable. You can return
-        to the application by logging in again.</div>
-      <a href="/login" class="login-btn" aria-label="Go to login page">Go to Home page</a>
-    </div>
-  </div>
-</body>
-
-</html>
\ No newline at end of file
diff --git a/app/proxy/maintenance.conf b/app/proxy/maintenance.conf
deleted file mode 100644
index 84bb425..0000000
--- a/app/proxy/maintenance.conf
+++ /dev/null
@@ -1,9 +0,0 @@
-
-server {
-  listen 80;
-  location / {
-    root /usr/onelab;
-    index index.html index.htm;
-    try_files $uri $uri/ /index.html =404;
-  }
-}
diff --git a/app/proxy/maintenance.html b/app/proxy/maintenance.html
deleted file mode 100644
index ad5b45a..0000000
--- a/app/proxy/maintenance.html
+++ /dev/null
@@ -1,89 +0,0 @@
-<!doctype html>
-
-<html lang="en">
-
-<head>
-  <meta charset="utf-8">
-
-  <title>OneLab - Maintenance</title>
-  <meta name="description" content="OneLab is temporarily down for maintenance. Thank you for your patience.">
-
-  <meta charset="UTF-8">
-  <meta http-equiv="refresh" content="30">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-
-  <link href="https://fonts.googleapis.com/css?family=Open+Sans&display=swap" rel="stylesheet">
-
-  <style>
-    body {
-      font-family: "Open Sans", sans-serif, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;
-    }
-
-    .page {
-      position: absolute;
-      top: 0;
-      bottom: 0;
-      left: 0;
-      right: 0;
-      text-align: center;
-      padding: 128px;
-      display: flex;
-      flex-direction: column;
-      align-items: center;
-    }
-
-    .content {
-      width: 320px;
-    }
-
-    .anim {
-      padding: 68px;
-    }
-
-    .main {
-      font-size: 32px;
-      font-weight: 600;
-      font-stretch: normal;
-      font-style: normal;
-      line-height: normal;
-      letter-spacing: normal;
-      text-align: center;
-      color: #4a4a4a;
-    }
-
-    .sub {
-      margin-top: 32px;
-      font-size: 15px;
-      font-weight: normal;
-      font-stretch: normal;
-      font-style: normal;
-      line-height: 1.47;
-      letter-spacing: normal;
-      text-align: center;
-      color: #4a4a4a;
-    }
-  </style>
-
-</head>
-
-<body>
-  <div class="page">
-    <div class="content">
-      <div class="img">
-        <img
-          src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAALsAAAAvCAQAAAARbnO0AAAABGdBTUEAALGPC/xhBQAAC7VJREFUeNrtW3l0FdUdHgIkCAiyb1ZEkH1TREQRBVzqgrIVkCMFpbREPEKAIgoRxIWlilatuIRzEMUcN5YgtYYeEFRA+b47bxKeiX0algAqYFDZpDVMzyx3Zt7+XhJSqLn3n7yZO3f57u/+7vdboii/suLrIgYZlZ3O2Ait2EuvoVQVb+Eb0M2adWb6xxSWQqemXpDUZ3oKrxJzkMUc/pPZfJZ3a00rHxz1RjxtVD58bsEeSOMpq3/OTHyxF2A+vren5VSexiZxXeXCjkx79KJzC3bUxi9W/2JOohMazyOhkHvA/7toUgV7Av0/bva+x988gcb+VL4UHXK7FvuurII9gSv1Mt5eeH4i+rwasz3wHuZLYrjvSq0rBjCDH3kk/qjvsirYK24qizx6fGGgXsjba/mFA/0BXBQTrsZqT7bz100A2Mais9Y1v5lerSJh9zf0dUGf/GYxxl0ZCru/oeiRdwlqVxianTiw+Lz4APThaXsqJ8UdEe/nesh1Nmad58sx+Nqo3KAoHMzNLLHblFLDQ9EoFLsji/ud/r7Da2rP8sMeqIdMao54/ISPOVJP4TP2DJ8Ih31XLTGBW/GD/fsXbhXTEoArThFzzFUF0Dje7myTks5R0dpodQhnSTc5Q0yynxzi1giX8H70Ce1nVy0uczbZy5VeDDYwkoUdQ3gwwgwCKLD/eiUM9q9xOML9dUC9tTygF5+H/9gjxqa+am9nkitiXhTtZYdYHwZ7NPZzRL3Y20deA3wWtfV6L/DJwS4mGSZKzJmEwx6tZSkeKDvsu2rh33ZPs2LL+hNS4oIhiiBRWXbLU/Ke9sLO0/RhJefyBXzsebrKc3FXx4fO881iNDuhLQcjy5H+BWWDHQMkV4bOEm7gEj7O91DgPVWRYWcpduJtzOez2Iif3JWIEeXQ7DPNcQv8DWM3s9UDP4/b4c1yYuKWUNi5w6tQ1FtxSC5Mu9BZ8ANO68lB5+16y7JjKTomD3sgDcUOkFmo7+n3aqgxYf/Ey8tEE77lvPmhoFE5WFhb9AukxWu0x57Y3+J1l9fAmdYfQmAv0lNCjv1Yp+0YqfX4nf3kqbA5PGTPYVnysPN+RxgmhRHj6pIKhMPOVeEcSs4DOhedafL4sz3UIwns47+DDV8H9i/DLQFnOxfb4wyW3D+cqqG+rZsPSSiSgF2e1g8izvjNUNhj8XY9xbFS9sRxo1yv3umuA/041DWQeBWHuSyOvcQI9+yIHvid6eNyfDAL44JeU2pLZsSDXVH4j2AJxnPSyaB1CK/40t7QzsnBXni+1OuRLehw2MN5exCc10h5Vy+Na3IVWhYOlpoj7LLA5WKLxYmW5rtHzF8H8y4x8ZpmEQ3RWaHfHujNBHSWPM6jE4BdOhvetr9eE9f5YCz2xuRgR0fJunfVKr+0m0TZ5kQcGJVMt/EqW9HEUUxTvd8jU1H0GjjpPfPSrsFShe/ZLw6G6uewJdzngNMzAdhfsPt91/69JRHYpeWQKOyir/3d7ihzTlLa3btODI+KQwuHI40xFKQ8b/yT4duSQGOGobSkMcZ5JgbSSHxawThHhkfE8cP7QpeYFOw5dtu93Bq9ikHJwc5OFSvtgTRpnYgbYow6zwCeG1DTHGOGKeGfWBYu0o0eCFsBjTNZWr6lgMQInDDQEi2Vgkbmn6ZNF8uX4iGLi8oCO160235Yka6wQD3nUPepCGnH5c4qYwb9fK3YyWVCaOHr4uoKranWVa/u+p7QzTUE8xqwu7VZCh5zhspxm4eAfp0TNSlxDYFkYBfDHbPs0or0QDp27/sVIe2OJ/ZAZBddBRatDvY62jU3knUlRssTAR33RTgBCcBeeL5zoeSHO8kwJNgXkgSBnOoIzT0R3q6NytuzI2zSGKev58tByW8W98bygXp9gj86Ax5khssz9Wq8ius8l96rERVPArB7jRF8hm5B3v6JPMVSPFQW2IvPwzeO33OJ14OodZAkNqK061zHdkH9LHS8Tics+lcm0C0G9308V4sF4A085vVVEFiNlcjFt0E8Y1WwnzA52P2p/NTjDVnJybiJQznbdddyfCjsLOHD0apWxx7pt673hfv4FmdzKl/mFscpFd0nc4qbsRRTOJvZHheDyUnKVvx1HdtmXmKhqC7SZIlC7U5zXqi+Sw52RfE39wRMIngJPZdUZnyy6R5kZoQ7k8vqgUzEcIxpUkrxnZJ4oGCBV+aDpr0tUu5AsrCbLDei2cSD4l7vpiYHu6KIu5xwhbcWoTAq7HsjrZXHxIRyhjnGmsx9U1LRKtFEPIhN3uOJYmS5gY3ywm75M7CGRz0KbTOm5DWIwmQShF0xiPBCBlz1AYFxeo1YBNLfUMzxqhbswVMJXYVxKUr+b8oaI2kr+opB7B477UCvodUxaqRQmD/VehfZBepPRUfRX/Rnu8hSgZrW17FqJIqnXaj2xgCtjSTCgTSrrT/VNYiCn/jrsjtuE/0tr0lVOUeLnsJRYprWpgqJSi2WEuNRrUMVFpVWAvUcTjW/Co3KUzHVHUZ1XxUalVg41MwkXeNe4lWlkiQ+NK8u/l7Ni5vNpOgpvvZn9aXW7Zw74DgeH1K1J44nf4Q4kj7kcVE013IFHvNR3PF/CLthciTbr3opDovOqMkPwtMqfrWwq735OrZzlRiOExbs6MM3uA0r2Uux0i+mYBO34U31TiOygnfsBd6Mt7Gd2RzMtYalymViBJZjO9dxaAgUt2ON6U6YEO7JRm3Mx0Z8iBnGSeBU/tn+5losN0J1HMhsbsNyJ6ugJjOwHhvFo8aYYpo7FlbnN+N4gke4lmvZXVFwEZbyU67isLPv7h3FI5iu9lZv5bvQDdjFcO7GEFwk7sDXor+icDI3oI+vi/g9Bxt+bJw0Fzkd33Aie6l3YiN04xrhPpAj2UtM4jGjpdfXgyI0zm/GHer1YY6InXxG66B1xWvGdhY0wlcYZ8bnvzHyCMQEfCluEa05EntEDzPauR3rcZOxKXzZME/kNikKS7U2ojUy+YXoK/qiPjriW6SrF6vXYHt5MhvPQPGnsgS3eZWMnoJv0c9eyGB8oihcwuddD4gFu785jhvypFj/82TDrl5jw/xoqAsMT6GIO2Qan+f5LJknqaeg0IiI+rrgkLgFOw3XqVYHP0op53jmmJknuU4SU81w2L1KBuudjJ6W+CF51XgmFUxPlgTrdrZjKV/nCqPiHRzXq+U3Qy6K+boYa0zdgh23UXP6CId9eLB+xXL6OJc+w8OHtt44EnP4uTUWV3CXxUHEHdCx3FJ2OOG8zeE+ReFHMr1PGuPRYWcJ18mvcdwb0fqfF197nPDEuY/72ouW+EUMUq+W1ZItf3NxF1ZT86dasIu+KI4OO4ZAeKDphx+NWJC4CzvRllu9iobZfMkdy9fKorE8ys8NvY5uPMZr5VvjLOB9/jFIRS5z0wjDYN+HdLfvhP6fqPI8ZigwUmkUywn6s6HboXK2LbWtvTFBPQWHzdS5k6aOLZRSK3rEhl0M4m5ra8VonpJZkfa7sfjK8rbr1Yx7xLDzcEBrY8ipmVdVhHRHQFqYmSf/skLg/rpGDgJncou8JSzYMURm8vAVrLaFpq5FDs4m0ng592M1ZnAxAzxtwK725H7mMINLjKvVlL43kC5GI4uaXkNeqVpXFBB4FeuNTCqTc0SB3Z/KLcgV9zIDecjCV8HeOa7gPvEoZvEjrgqkaV35nbjCAAoqppsn5RDf4lQ8x91W8hL+imI+gUz6jXilvyH3IRfTuchIKzRhb8FjeBHp2oV5DSC4gzPxGAqkIJ1NwNfnRC7iVF8rPmxlDeQ14EQs4HgrToLaHIZM/oUTDVVR0EguIZDGgbyHA3k7d5kAZsi4CjoGh4H16hyG+cww5FNcFxrDEYM4VzyIAZb0y+xDXysxxxhPa4p0LODdbshFXMGZnCvDjOoFvJ+Leb/WFI9Y50D0EE9iljGKXkOMFk9y8lml18tXRGsriR/dUFjlb6s8vn8PdqIIe6HKfzOoKomW/wIUYeDeIwVFgwAAAABJRU5ErkJggg=="
-          alt="OneLab logo">
-      </div>
-      <div class="anim">
-        <img
-          src="data:image/gif;base64,R0lGODlhYAAOAPcAAP/79P/9+//79v/79f/////69P/68v/8+P/58P/8+f/+/f/9+v/+/P/9+f/58f/47v/9/P/89v/9+P///v/+/v/58v/15f/y3f/z4P/47P/y2//z3//15v/z4f/36v/x3P/26P/37P/04v/y3v/05P/++//w2v/qyv/szv/s0P/t0f/z4v/v2P/u1P/t0P/rzP/w1v/v1//qyf/y3//y4P/juv/lv//mwv/s0f/mwP/kvP/lvv/nw//itv/iuP/15//htf/qzv/rz//gs//erv/pyP/cqP/x3v/bpv/gtP/cqv/gsv/fsP/drP/bqP/pyf/erP/nxP/t0//mw//oxv/Ynv/Idv/XnP/ao//VmP/UlP/apP/htP/ZoP/Vlf/Ulf/Wmv/lvf/t1v/TkP/Uk//Zov/YnP/cpv/oxP/BZf/BZP/Gcv/Da/+/YP/FcP/Idf/Id//RjP/Daf/Lfv/GcP/Sjv/KfP/HdP/AYf/Jd//Qiv/PiP/kuv/Rjf/Ohv/WmP/Ohf/Ng//OhP/Ngv/Ebf/Ebv/CZv++Xf/Jef/MgP/gsf/nwv/Lf//Og//jvP/CZf+7VP+5UP+9Wv+8WP+4Tv/46//Gb/+3TP+8V/+7V/+zQ/+yP/+xPP+wOv+vOP+0Rf+rL/+xPf+tMv+qLP+0Rv+rLv+pKf+1SP+2Sv+uNf++W/+vOf+pK//Wl//aof+0Qv+yPP+zQP/VlP+2SP/eqv/Ulv/25v/8+v/u0v/mvv+oKv/itP/s0v+nJv+oKP+oKf/Wlf+jG/+iGf+iGP+lIP+lIv+iGv+jGv+kHv+kHf+hGP+nJP+mIP+mH/+bB/+iF/+fEf+hFf+bBf+cCf+dC/+pKP+fD/+eDf+eDv+jGf+gEv+kHP+kG/+mI//Nhv+gFP+2R/+YAP+WAP+XAP+UAP+VAP+jGP+TAP+ZAf/PhP+dCv+ZAP+aAv+cC/+sLf+cDP+cCv+aA//u2P+eD//y4f/Ea/+qKv+bCf+WAv+fE//Sjf+ZAv/AX/+qKf/68AAAACH/C05FVFNDQVBFMi4wAwEAAAAh/wtYTVAgRGF0YVhNUDw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNi1jMTQ1IDc5LjE2MzQ5OSwgMjAxOC8wOC8xMy0xNjo0MDoyMiAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIDIwMTkgKE1hY2ludG9zaCkiIHhtcE1NOkluc3RhbmNlSUQ9InhtcC5paWQ6MjJEOTIxNzkxOEEwMTFFOTg3NzhCRUUyMDk3OEMxQTMiIHhtcE1NOkRvY3VtZW50SUQ9InhtcC5kaWQ6MjJEOTIxN0ExOEEwMTFFOTg3NzhCRUUyMDk3OEMxQTMiPiA8eG1wTU06RGVyaXZlZEZyb20gc3RSZWY6aW5zdGFuY2VJRD0ieG1wLmlpZDoyMkQ5MjE3NzE4QTAxMUU5ODc3OEJFRTIwOTc4QzFBMyIgc3RSZWY6ZG9jdW1lbnRJRD0ieG1wLmRpZDoyMkQ5MjE3ODE4QTAxMUU5ODc3OEJFRTIwOTc4QzFBMyIvPiA8L3JkZjpEZXNjcmlwdGlvbj4gPC9yZGY6UkRGPiA8L3g6eG1wbWV0YT4gPD94cGFja2V0IGVuZD0iciI/PgH//v38+/r5+Pf29fTz8vHw7+7t7Ovq6ejn5uXk4+Lh4N/e3dzb2tnY19bV1NPS0dDPzs3My8rJyMfGxcTDwsHAv769vLu6ubi3trW0s7KxsK+urayrqqmop6alpKOioaCfnp2cm5qZmJeWlZSTkpGQj46NjIuKiYiHhoWEg4KBgH9+fXx7enl4d3Z1dHNycXBvbm1sa2ppaGdmZWRjYmFgX15dXFtaWVhXVlVUU1JRUE9OTUxLSklIR0ZFRENCQUA/Pj08Ozo5ODc2NTQzMjEwLy4tLCsqKSgnJiUkIyIhIB8eHRwbGhkYFxYVFBMSERAPDg0MCwoJCAcGBQQDAgEAACH5BAUCAAAALAAAAABgAA4AAAjIAAEIPODjjiFCf0gIXMiwocOHECNKnEhx4ohP8/CNK9duWRUFFUOKHElSYodv5KJxOxZsmDRyfQiUnEmzZsMFnchtO8aT57Zr4U7ItEm0KMUa5LL1XLotHCoWRqNKZdhmXLClS6EtGzO1q1FO0LAuzcatjdezNcGK7UnWLNq3I6teXQutVx24eCv6SLq2KaoYeQNHXOBJ3E6mQGVMEMzYIYZv5aJdDSbMGTk9QxtrFvjhVcZwHJeBYbC5tMAIQNakkaNFhOnNAQEAIfkEBQIAAAAsAAAAACIADgAACM0AAQhcEOYOoTtdVghcyLChggQDBAhYQKHhhU/YxAl01qtMw48EGiBA8ODByAoMFpIAUA5AMIHZBNb5yLCByZE4TaYE4KklzZ8CFdzEmdPBBCAAzAElFYBmgaFERz5okAkoAGsAWnxU4CBq1AcGQmH9KSyYj48lunol6kAs0LJnG6Zdy7aq1axb1dIFi9TqpwVOoX5N0KAnTWxWhe41CqBDvobZpAGIY1WCYJw7AZjQlHFjryp3Q0q9WaFpzRpr5KypguHuQgUHIg6guDAgACH5BAUCAAAALBQAAAAOAA4AAAh3AAEIBBDAgIcMHgZMGDjQAAYMFz58GMHhwEACFT5cePhwg4YRDQQuuDCCo8kPJCgQAKHBpMsPFQKIKOmS4wUOETpsqMlxg4icO3li2EBCJk2eN1e2FPrBAYCRR0+SUAAAo0aTG0iGbDg04kQLFhkSNBgi4UKBAQEAIfkEBQIAAAAsFAAAAA4ADgAACHUAAQgE0OABBgsiECgYOPCBChcvTrxAYWIAwwcvXrhQwdHFCRQRBB6YyLEkxxdiFo44YbLliRALWqBoafKFCQMtNtLs2AKnzp0uWjSQufOkCQAri6p4CWDkTJovWgwMkdEkRJAXVaCQOJGFRYZNH5AQsULhwIAAIfkEBQIAAQAsFAAAAA4ADgAACH0AAwgMEAGECRYsQgxcCGLKDh81ath4YWDhDx06ctzYmEMiAIEDME7ZSHJKjSIMAkjxMZKkSx8kDlDZ4bKmDiEIotio6TIHlZw7eXKkIpOm0Bs3VbI8CjNASB0tS9agkjLADx+OetbYUXEgCCo6IEp8UWHhQA4mYrDwUDVAQAAh+QQFAgAAACwUAAAADgAOAAAIewABCBSIAYcQFD8YDBxIwkcTJEqUEMnxYOEKiEuGaFzihIgDgQaaEEmisWQSJTUCACiChGTJl05mCPBB5KXNJjc8AGFi8+USHzp59tzoY2bNoUNwrmyJ1MgRACFH2jyZUmAHJE18SkSwsOHDiERsVFwIIAKGFEGEcFgYEAAh+QQFAgAEACwUAAAADgAOAAAIgwAJCCQg4AOVKFQ6DFw4Q8mVL1m8VBkSYqEJMmCwaMRSRuIDgQ7AXNmyUeOWLFAEhtFCsuTGLywAKKnisiSYHiDOdKm5sYySnDt5clRSYKZQLGCAENjxpWVNLzAIhBzp8mSTBQJNaMnY04uZjwNnGHmYJUuVJR4WChxgggoPNBgCDAwIACH5BAUCAAAALBQAAAAOAA4AAAiCAAEIBDCgRS4dOi4EGDjQBBg9gfwAqoMEBMMWg/SQ0aLlyxhAfTwIfKAnzheOKL/sqbIAAJdAXlDK1BJIhYErfWbK1KOERJYxOlGSueITaFAtQ2/mPMrTJcyjgnAAIGly5hc/LAVi1CgUUByRDR8G2uOnD5IfDAUaaBGmho4PLQUGBAAh+QQFAgAAACwUAAAADgAOAAAIgwABCARgAAUQRUNYLBg4sEUfO2ve3EkExgJDIWsQCQLEMdAdOyAEZkBkxw/Hk37ejGkAwMgakydjrjnhoM+cmDH9IKpCQ88gnDEF1en5EyhHoQhsGuWI6ErLl0vvnADggSRMlCpZAhBCR+NJjyAHTlARB6KVN4n+kGA4UAgXJopiMAwIACH5BAUCAAAALBQAAAAOAA4AAAiFAAEIFCgDihElUgYqRDFHTps0atz0WaHwxCFDb+BYgXMHDyESAj3IIZTHikmTedQMSgDgCh5EJ2NawRPlQaJCMk/CkTPmg507OU/eSeQTaFArQ23iDLpzTMuXR2kCADGyZMyUgw4ILHJITsaNd9SwATnwRcOHEeNgUCgQQZEmSIyoaDAwIAAh+QQFAgAAACwUAAAADgAOAAAIhwABCASAIAqWKlWENBg48AQdSZQgRTqUaARDHpcwPTLEUc3EFQJ/TJIkh6NJOZHeHABAhlJJkzAp7XhA5xDMm5gCsSCE5ybMNHd29vTJ8dGaEDWJcsQkiGWklz4phQHAARNJn5DuRBC4KOPGjpEkdWBYxJKkSJAgHZrzgaHABzm6XKnyYqXAgAAh+QQFAgAAACwUAAAADgAOAAAIhAABCATwIAwYWcBkHBgocEIUPLNCvYoV6Y4Jhjs4fcI0iSOkWJdmCCRx6pIkTChRSoplKAKAPaFOppwJy4cHPJdmzpxEClGLQ5B0zsyk5mdQoSiJ3qSElOMpOC9jNt3UAwBJkzolvTI0UAcnUhw9ghzBcBFEWBMprbnIUKCOP2S8FGEYEAAh+QQFAgAAACwUAAAADgAOAAAIfQABCBToY4yeOFEGKrQBydMoUKA2pWGh0IepVKROafxUqtMHgSI8dUKlsSQqUJMEALAzimTJl6OYgIDE6aXNVGxSUNJk8yWpTDo/9Sz5c2aooRpxrmyJNCaAFSJdmkSpEgCQiy8/gfKoMEwkh6IiphGjUKAHIHX26FkUYWBAACH5BAUCAAAALBQAAAAOAA4AAAiEAAEIBOBhyZ5EgWxEGDiwxidfxoghAyWpBcMlypZ5WsUxVTJWJgRi6GWqE8eTnYihGgBgzTGTJ2MGU/KD1KiYOHvhebEpFc6Ynmbx9PmTo6dTNW8WXaWzZTCYP2cCmNGLFVSOKVcKZJJxY0dkplgw9PEwmERQk1QwFAiCiZ85g8IIGBgQACH5BAUCAAEALBQAAAAOAA4AAAiDAAMIFAhlDhxEfAYqBOIpmjNs15BdwqEQijRtvkxp7EXtWAyBI6IJG6Wx5ChqoQQamkaypMtpWyx42uayZjRIT0Qtq+myWqciOnmWrOaJxEyhGm8GWNmS5zQsAT5Ey9ZU46hrnAAIVHIx40ZqwlooZJIq2jRrES8JUThQiZ07eXwoDAgAIfkEBQIAAQAsFAAAAA4ADgAACIsAAwgMAALJHUJugAgYOJBJNWnlxonDFksIQyTn0A0LdizYM3HvWgj8IA3etmMoUW4bBwpAAEnlkqWceaxcFRKmqNFMGUwaOCrdou1MaY4VUKFDj5kbhVPn0J6nXsZMWu5KABMlT85c6W4glnPshHH0KK6dCoZNHpYLNw7bphMMBXLAskZOoSEDBgYEACH5BAUCAAkALCIAAAAVAA4AAAhxABMIHEgwAYQDAhIGKMhQ4AQBCBA8eBBRAIWGAwkUoBix4wMDEzASOMCxo8cIBAgwpGCyZUcGCxgucOkyggCGEWi2BHCzYE6dHQHELDgTaESUK41GZNBwZMmWD5A23UgTJEaHECVyHHDx6kAINhUSDAgAIfkEBQIAAQAsKQAAAA4ADgAACG4AAwgM0ACBhxAPIhAYKJDCAwwjPny4QMODAoY/LozAwBHDhg8kKAhEYGJDx5MfHhBQAPHkyQ0jbgHY6PLkiAcPTNY86SHnTp4zf3K8yZJmTZgJCJDU6TLlwIxGPYIU2TCD1IkVLzIkaBChwoEBAQAh+QQFAgAAACwpAAAADgAOAAAIewABCAQQ4YcICxYMDByogIQKFC9OvFCxgsHCDydQqNj4UAYLBQJByHDBseQJCwAYPCxZ0gWKCAgmsiyJwhYIkjNLzviBM+fGGQ+E+NxYk4FLny4jAPgxMucJEgInfHihkSOKEzBACmTgMKJEFR1KLBQogAMJErYMTBgYEAAh+QQFAgACACwpAAAADgAOAAAIdwAFCBRgYIYJExceDBzIwASPGj581MgRI8DACThq7LjB8YYNHycYCMTgI0fHkz5MEAiQY+PJjjZsAACh4+XLHTNGmLR5soVOnj1pAuWIk6VLmzELEKBRkmfKgSh62Dj5MeRABSZu1IA4McaChQIIIBjBAqHCgQEBACH5BAUCAAAALCkAAAAOAA4AAAh3AAEIJPAgBg4cMTxMEMhQgYolSpw4abJESAOGAKJsITKk4xAmSHYwNLFliUePS5yoILBgCceTHpkwMUDiJUyPRGLEMHnz5JOdPX3WDNoxZ0ubMGU6IMACCU+YKhny2HgSZBiMDHBAdGKE4ouLGAEUxJGihQeMAQEAIfkEBQIAAAAsKQAAAA4ADgAACHcAAQgE4EEIFSovfgwcyOAJlixfvoApEyXBQh9jqmDZiKUKGSYBBKoYw7Ekli9PBJa5YpJjlSoPPrBs6RKFkC40S9q4mZOjDZk9O6IAgGVmy5cPAIzMOYbKBAAUMGrk2IUMkYUAqGAB48XLxCkRsAIAYRAhh4UBAQAh+QQFAgAAACwpAAAADgAOAAAIegABCATwg4qNHGhIDFxog8yeQIL2kNERYSGURHW0aNQyZtCWgScSkdm4kYygHAAOkOlDkuSYOiFYxGnZUh8VKmNG0tRIhgvOnSW5yASqUV8RlSx3vvQAIKTOloN0DGyC0eWgLgsD7HAoCJCeMTUELBTIgUquMFFWLAwIACH5BAUCAAAALCkAAAAOAA4AAAiHAAEIBEDCBpAeOmYMHBighyA4a+7ACaRowMIuheYA2ggoER0tDATycBPID8eNgtwMoQCgkcaTHBMx8iDFDkyYc2zsCCToJkdBSnTw9IlSiQqbRAHljBDo5U2ZIAAsciPI5MmUS1hSqFIo0UmPZAIMXLCrEZw7dxAFYmJxIYAVO7hw0TGCpcCAACH5BAUCAAAALCkAAAAOAA4AAAh+AAEIBEDDBxQoXEwMXEjkjSE8eAy9QVJgIAUth9xY2WhlTRs/AQTqOHQHDseNbw4poSDgDiGTJze6ccNBCJuYMQv5AHLnDU6Ob7rw9PnTStAXN4ta0dny5c81biwA4EMS5kmVA8dkPOkR0EIAUO48jHgHiYGvAGb0aKIk4cKAACH5BAUCAAAALCkAAAAOAA4AAAh+AAEIBPCBCRYsTWJQGChwwZY0kCJFgqTmioGBE/agOmSooyE8lxANTIJKjUePjy51UQBAjaqTJ9u0IVFEEkyYh5gQUfPoJsovO3v67Pil5tCOOQe4HCpTBIAll9LcTLkSgAI/G0+ChLNgYAMsaiJOVAOG4UATRLp0aSKGpcCAACH5BAUCAAEALCkAAAAOAA4AAAh+AAMIDGDCCBgwW1oMHNjgCqZXsDZ9gkRmIQU7nihhmoQJU6RObBYIhNIJEseOKDu1CjAA0qWTKDtGitRhEaqYODFRQoIEUk6cenr+jKnH5tCOOwG4hBlz5oYAJE3m7ORlIEaNKCNxkrMwARhInzZJhDTGwUKBMZC0auVKxcKAACH5BAUCAAEALCkAAAAOAA4AAAh8AAMIDCCmy5gxV1AoGDiQzClRo0al+qTHAUM3vUKd2ngq1q9DA7f4IsWRIylffRQAINWpZMlNm0aEWeXSZagqVz7VdMko586SjHTQ/Hnq5kpOP2F+CFBmZM2TfQYW6rWpZCxThxoMPDCGFMRSE/cgYBhggpQqdeqAecEwIAAh+QQFAgAAACwpAAAADgAOAAAIfAABCASg4s+ePWRODBx4QI+nbsGCdUuVCMFCNd9Ardq4SpSySA0EVvnmiSNHT9ECATDgiZVJk6BAffCh6+XLUVm0pCppc6OnOzp59vxJsydHnAZSjTIa0wSAK9GEnkw5EE9Gkx4pLYyw52GwZMtSzXmwUCAKL368jXmyMCAAIfkEBQIAAAAsKQAAAA4ADgAACH0AAQgEgGLMnDl6igxcmMgXtGnTtPWy8mCggknrkJnaaIpZPE0Dv8TzxZFjtXh2BPY6VrIkMWIslgxr2TJYnTi9qtE0KQenzp2mqslRNBOoqW11APQKBvRlDABkRtI8iWhgJnQaOTKTFuvAwjkO4amTuGbhwBd97NjZQ2VhQAAh+QQFAgAAACwpAAAADgAOAAAIhwABCATwYs+dO4N4DFwIZ1i4cuXQPSO0EMClc9iOBQt2DNq5VAkE1jk3jOOxk8GEnVsj8Jk6kydRQoMmBsq0mDhjUtsjKFq2nDnb9PwJNGabJjeLnqTmB4FLmDGDzWwBIA5JqCnPuWEgENU5axo5ehRV8c6wdeLEoVMmJ0RFAE/S3VmTKMfCgAAh+QQFAgASACw2AAAAFgAOAAAIgQAlCBxIUAKBBQIEDGjAoKDDgQoMIHhAEQGCBAQeEoz4wKLHiQcyapzgoONHjw8gEJjxcIHJkxYfFGDgxSGBAS9hInAQgZBNiTo/AvBZkADQoBYBfLEJICdMniNaOv34wAADBQ9JTvUYQORDBgamPgipcSDYmCYxliV4MOHChgMDAgAh+QQFAgAAACw9AAAADwAOAAAIdwABCASgQECIDCEMBBjIcIEFDCM+fLggwgBDAAE6XNiAoSOGCx8QMLTwwaPJERcOECAwoKRJkx9+3CLg4cJLkzNWPJjAYcTNlx54+vzp0QNNm0RzPmDp8mfMBAJJ/pyRcmDGjSZBimxIAqJEihYvEozgoaxChgEBACH5BAUCAAEALD0AAAAPAA4AAAh9AAMIDMDAwAoLJDw0GMgwAgwVKE6ceNEixASGDVS8QKGio8YTIAZSYHHCo0kULwAIdCDDhUmTL0xECDCi5EuPLlrYGsnxpskZPH3+nDDihVAVOW0FQNBSaMyZFGLYfIlSpcCMG2GCZBggQgyNL06gaOHhItcSBUSISLhwYEAAIfkEBQIABAAsPQAAAA8ADgAACIIACQgkEMCBCRYmOEQYyHDAkxw1avjQEYUDQwIHeNSwcaPjDR0+RDA84WOKR482dDgQGMLHyZNTaggBMEFKjZcnbUSZoeAER5wnW/T8CbRji5o3i+qcQaBl0ZhCCggkafJlSgQDD9jwkeMkyA4XBbywEXEiFRIXBU54YCKGCQsLBwYEACH5BAUCAAEALD4AAAAOAA4AAAh9AAMIpAAihRAcMwYIXBgAwA0iRpQgaeJjBsMITJAwGcJxSBMkJgQq2IEkSUeOSZg0eRDgB5KTJ5Mo4WGgiBKYJ5kAiZFjI86TT3r+7Jjkic2hQ3TGcDlU5iIHI0vCTNkkg0ABGZec/BhyIYAcRJQocUJxBEORBYMIGaFwYUAAIfkEBQIAAQAsPQAAAA8ADgAACH4AAwgMoIAElShUWBgYyNAAkCpesny5YsQEwwAAumjpgqUjlitapDBk8mWLx45bqoABIVCElpMnt2Tp8WCCDi8wT1YxgoLBkio5Y9rwCTQoShs2cRrdiSKAS6MyuTwQSNJkzCpZQEwQmPELR48gU1yswAWiRIoxLg40iFAhw4AAIfkEBQIAAAAsPQAAAA8ADgAACIcAAQgUiGGHjh0qBioEgMBIHUB+AukBI4XCwjGBxmjZSEZPoBcKtwTysrHklz56LAj8MIhMyZdf9igJAWCJny8vX475Q4UBEo05c3LxCTRoSS4UmNw0qmVnEQAsXQaNicSDQCwjc36p40elQAMYx+Dc6PGpwoYP9wiaiMPiQgYzwvAJgwOBwoAAIfkEBQIAAAAsPQAAAA8ADgAACI4AAQgU+AGIIiAvHgxc+MAMoztv1tjR80LBQgeJ1gwCxLGRnTWLFnpZ44ejST9zrKygAMAEHUEmY/qxcsUDBSR3SsY0mUiPjQB/Eu2MCVMJUKFDORa9mTMpoJ42ALBYA3OoHzhgQABgMFLnyZQdWAJAkHGjUjt0ciwEkOFKojtW7kw8YXFtSy5MkpxQODAgACH5BAUCAAAALD0AAAAPAA4AAAiNAAEIBMAgBhQjTagMXAggxBg3eNK0YTMnCsMHa9rcsWIFzhs5bWoMZKCnTR6OKOG4STNDYIs2b1DKzJOmDgcFV9TAkSmTjh0fAOKs4SkzZpegQ4lyNIpTp1IrPoG+jEmUZh0LAvXgOSlTZZojAzHiubPTI0igCz3UcaMmDR42diwyBFBCjBIkStCEWBgQACH5BAUCAAAALD0AAAAPAA4AAAiJAAEIFCgFSxUsNjwMXOhB0KFIkChJKpRDwUIAeCipMcTx0SRKSxbaoSSHo0lDhyB9sJiC0qOTJuVAakRCwZhIME+2IcRkASM8OWF+8Qk0KEc5WmziNLqTCQAULoPKHCRCoJ1IJWGmNGERQIg2Gk0+kkTJ6cIfgx5CiiSJUJiuF1V0udJFh8KBAQEAIfkEBQIAAAAsPgAAAA4ADgAACIMAAQgEgAKMrD81Bir8gYjSpliwULXxodADJE6QJmHSOIsTrYGWYGnERHIjpVcxAJzglKmkS0mv3nQAFGukS5KRDiG5E+nmzUl6ePp0CZSmzZs5kaxs6RPmmw0ACm2S9PNkSgAeIsHKuBFTRyUKOVihFOvVJokUFQII8KIVmVY+QCgMCAAh+QQFAgAAACw9AAAADwAOAAAIiwABCARQ4sQYPXWGgBjIkAObUKVAjVoVaQhDgZpYaTrF8ZQnU2UGBsAzClVHjqhCiWohkIqukydRiZIzAoAdUDBPbqJUpUGaWDk7kkLFyCfQoKeGMrKJE+mmSFUAUDGFVKacDwACtCkJM6UoXANBZPx08mOXiyTkbAIlamIkJhcFLijSZ08fRRwYBgQAIfkEBQIAAAAsPgAAAA4ADgAACIcAAQgMQMVPIj9ELAhcCIDEIVDJiB37pQkKQxCihKVaxdGTL2FgBkIy1omjyU6liKEAcGOYJ5MwOxE79MENMpg4QcXKIgkUTpyd7kzy+fPkHZtFOerMkkPYy5+dih0yEQBSsJIxQakUyEGUsY0dP2Zh2OFQKWTEgpnSpIQBQ4E8As0JpIQEw4AAIfkEBQIAAAAsPQAAAA8ADgAACI8AAQgUeGMOHDtISAxc2CESMWrXpj1LhYTBQg7LpC0zxdFXNGdkFp5yNoqjyVHJsL0QqENaNZMwR1mLxAJAmmswczYTVefAJWI5YVYbJccn0KAch8qxiROpKWI8AbR8GXQUNEoxBJ6aVjImMmwnBpJg5qyXyWrRpI1ZCGBEJGTUrElMhYXtQBt27iDasmJhQAAh+QQFAgAAACw9AAAADwAOAAAIkwABCASwIMwdQne6dBjIcAQpbOLGlXPWqwtDACS+kYsW7FiwbNLIxRm4oFO5bcdSptyGLdwTgT7ImVNJc1u4T2IASBLXkaZKaN32ANhkzSdNYdzaDC1qNKWwbW0Y7OxpFNoyPwBizjRqU1MLgiZR1sQ2rgiDgd/KcfQIkpyeix8+QQw3sdeViwIb8FkjZ02VGQwDAgAh+QQFAgAAACxLAAAAFQAOAAAIdQABCBxIEICCBAMEDFhAoaBDAAQaIEDw4MHECgweEmxgcaJHixk1Kujo8aODCQEeFiBZcuKDBiocKnDQsuUDA0AclqBZs6SDnAV39vQZs+DMoS4NLFDJ0mYCkU1NTtAIQELUiSE1RnTZsUJKqgMVHEi4sKHAgAAh+QQFAgACACxSAAAADgAOAAAIdwAFCBQQwICHDB4GTBg4EAAGDBc+fBhh4cBAAgY+XHj4cIOGEQ0ELriwkSPHDyQoEPCgwaTLDwYYiBjh0uQFDgc6bKjJcYOInDt5YthAosRMoRA5rGwpFKaAkTRrolQgAKNGkxsugGToEKJEihYZEjQYIuFCgQEBACH5BAUCAAAALFIAAAAOAA4AAAhzAAEIBNDgAQYLIhAoGDgQgQoXL068QMFiAMMHL164UMHRxQkUEQQemMixJMcXLRaOOGGy5YkQC1qgaGnyhYkCLVLQLOmiBU6dOx+2iDkzqE0AM1gGfQlgZNGWKAdi1Mjzo0WpKlBInFiRocgHJESsUDgwIAAh+QQFAgAAACxSAAAADgAOAAAIegABCAQQAYQJFiZCDFwIYsoOHzVq2HhhYOEPHTpy3NiYo8aOigAEYJyyseSUGlQYAJDig2TJlz5IHKCy46VNHUIQRLFh82UOKjp59uRIZWbNoTdwrmyJNGbIkTZPphT4w4cjnx5BCvRARQdEiS8cLBzIwUQMFh5UCgwIACH5BAUCAAAALFIAAAAOAA4AAAh9AAEIFNgBh5AUPxgMHGjBRxMkSpQQsfFg4QqIS4ZoXOKECAKBBpo0SaKxZBIlNQIAeIKEZMmXRmZE8EHkpc0mNzIAYWLz5RIfOnn23OhDAM2hGnECKOLEZU8jRwCEJOJU48mUBJE0ybhR4keGDiFK3FFxIYAIHVIEEcJhYUAAIfkEBQIAAgAsUgAAAA4ADgAACH0ABQgU+IFKFCodSgwcSEPJlS9ZvFRZEmLhBy1gsGjEUsbLlQcCHVy5smWjxi1ZmgQQsENLSZMbvcQA4BCmSTBcQJzpYnNjGSU6efbkqITmlaFYcLL88tKmTAEiScJE2WQBQYwmO5rJsHCGkYdZskz0sFDgABNUeETBsFJgQAAh+QQFAgAAACxSAAAADgAOAAAIhQABCAQwIEYuHTouBBg48MMVPYH8AKqDBATDGIP2kNGi5csYQH08CESgJ84Xjii/7KmyAACXQF5QytQSSIWBK31mytRjxEKWMTpRkrlC4mdQjkNv5jzK0yXMo4FQACBpcuYXPywFthikZyNSP3FEDjTxMNAeP32QcGAosECLMDV0fGgpMCAAIfkEBQIAAAAsUgAAAA4ADgAACIMAAQgEUCAFECZDWCwYOLBFHztr3txhBIYEQxdr4AgCxDHQHTs/BD6wY8cPx5N+3tRJAEDJGpMnY655AqDOnJg4EV3poGcQzpiC+vD0+ZNjUAd9bhYFpBOAkZdL79AMgagkzpQrBaZYg2hjx48cGEqJA9HKnURZLDIEYEAIFyZMYjAMCAAh+QQFAgAAACxSAAAADgAOAAAIiQABCARg4AQUI0qkDFzogpGcNmnUFOrTYeGJNobewLEC5w4eQiQEepDDJo+VkyfzqBl0AEAVPIhQyrSCZ8qDRIRmooQjp84FO2t0oryT6GdQoVaI3swplOcYlzCF5sFzA8BIQiZlqmQp8EkbORo5emQTciCKOXLwRHSjZ8ZCgQ6KNEFiREWDgQEBACH5BAUCAAAALFIAAAAOAA4AAAiGAAEIBIAADZYqXYQ0GDjwBB1JlCBFOpToCEMqlDI9MsRRTSRJHQSCmCRJDseTciLdOQCADCWTJ2NG0gFgzaGYODEFMkEID86Yadbw9PmT46M1NW8WNYSpUcuXSyPVADCy5E9IdyIIjHIJ08aOHzcMnFDEkqRIEg/N+cBQIIIbXa5UecFSYEAAIfkEBQIAAAAsUgAAAA4ADgAACIYAAQgUuAOMrFoyDgwcSAXPLFivYlG6Y2KhDU6fME3SCCnWpRECOcxCJQmTSZOSXj2KAGBPqJInY27qEULNpZgxJ52CI+YQJJwxM+GJ4RPoSaEe8Nw0qjNPS1gwgW7iAoDErEtRUb5KM3AHJ1IaOcZC9WFhFIcQJa5hsVDgAx2tyGihwlJgQAAh+QQFAgAAACxSAAAADgAOAAAIgAABCATwwMcYPXGiDFyYA5KnUaBAhUoTY2ENU6lIndr4qVQnEwJJeOqEaqNJVKAyCQAwh1VJkzBHMfEAiRPMm6nYqKCk6SZMUpB29vS5EShNm0RP5WTpMukoIgBWjHx5MuVKAD4waiwKahXIgTYiPRQlUU2LhQJD9KizR8+ihQEBACH5BAUCAAEALFIAAAAOAA4AAAiEAAMIDBBiiZ9EgWxEGDhQBylfxoghAzVJCkMuw7p5WsUxFTJTLAR28GWqE8eTnYihGhDgjjGTJ2MeMwKCFKuYOHsdEhIrFc6Ynkjx9PmTY9CaN4uu0hlgzUulwZAEGFkSZ8pTAAQuGbZsY8ePMRjW+OQrmERQmXgxFOiBibc5icIIGBgQACH5BAUCAAEALFIAAAAOAA4AAAiJAAMIDOAByhw4iPgMHDjBh6dozrBRQ3YpxUIm0rT5MsWxFzVhLQSOeDZsFMeTo651AhBAjjOTJ2NOcwXCE7eYOKNFOiFqGc6Y1Tzx9PmTY1AONoty1BnA0DSYP6d1CXAkmjCoHEdh61RAYJOMGzt+lMKQSypl06xdQ4ZKyEKBIJTYuZPHx4CBAQEAIfkEBQIAAAAsUgAAAA4ADgAACIoAAQgEAALJHUJugAgYOHBJNWnlxonDtukFQyPn0A0LdizYM3HtVAj84GzatmMoUW4bV6oAgEPkkqWceawcGAv2qNFMGUzapyLdou1Maa4fUKFDjxUlYUrn0J6fXpaTOdQmgA/STNJcOcqAwDPk9m3s+BFeCoZEfEEMNw5bqBMMBf7YskYOoSEMAwIAIfkEBQIAAAAsAAAAAA4ADgAACIkAAQgMcMMOHDtISAhcCIBGJGTUrk17lsoIQw7dnC0zxdFXNGleBpKaNoqjyVHJoAkBwEdaNZMwR2GDFEDNNZg4iYligYoYTpjVRuno+dNkUB14bhY1pTNGy5c/R82LFGDBJ5I4UUJ7IZAEs2m9jH7UwvBCpGTUrE0blgqJAoYCbdi5g2iLCIYBAQAh+QQFAgAAACwAAAAADgAOAAAIhAABCARAxU8iP0Q4DBwo4lCpZMSCmdJEZOEPUcJSrdroyZewKgMhHeu0sWSnUsxwAMgxzFPJl52ItQlQCNnLm6A0mZgE6uZLT51yZOrpk2PQmkU35jRho2XRmIcgBIAUjCTMUsRUAuAg6phGjr6OXVlIwyFEiZqaLBS4gEegOYGakFgYEAAh+QQFAgAAACwAAAAADgAOAAAIhAABCCxxYoyeOlxACFwIgIScTaVAjVoVCQhDEJpYaTrF8ZQnU0gEBmgzClVHjqhCiWoBIIqpkydRiWJTwk4pmCc3RfqgJhbOjqROUen5kyMpVFQQgSp6SucHl0VlygkwsiTMlCsF/ojF6tNJT6OwMBQhJxQoURMjLWG4sEifPX0UcWAYEAAh+QQFAgAAACwAAAAADgAOAAAIigABCGSAIousPzU8CFwI4EceSptiwUKFRwdDD5E4QZqEieMsTlAEligESxKmkycnUdLEAsATTihjYpL0ChEDQLE4yjwZqQ2GNZF2osw06QRQoSeJnhCUE2lPDC+R0oTDoAShTSZjqnzVEgDGUBs7YvqohCGJN5RivdqEqo0PhgIDvMhCppUPEAwDAgAh+QQFAgAAACwAAAAADgAOAAAIfAABCAQgBUuVLjZCDBwIItChSJAoSSqUY2EGPJTUGNr4aBKlIQIZ2IkkZ6NJQ4cgfQCAgtLJk3IgNWIwBtLLk20IkZiD5+ZLFDx9nkRRx6bQnCReuPQZs5HAkSVfplwpsE1Gkx0pLVn4Y9BDSJEkEdqxcKCKLle67PCwMCAAIfkEBQIAAAAsAAAAAA4ADgAACIkAAQgEEKOJkSZUHgwc6KGOGzxq2siZQ4XCwAdr2tyBYwXOGzltdAzcgyePlZMn4RQyRANAizZvUMrMk2YMgytqOMpE6caOBT1rdsqM2QKoUJREweQ8aqWnBRUwj+Z5ZJMBSUQ74bhJM0Pgg4cbO35sU2MhCIdq0uBhY4fKQoElxChBooRKiIUBAQAh+QQJAgAAACwAAAAADgAOAAAIhgABCATwAYgiLi8QDBz4wMycO2/W2NHzYiGCRGsGAdrYyM6aKAIVeFnjZ6NJP3OsiADAYo0gkzD9WDGjAMmdkjBNJtIDIkuinDAF+THhE6hJoSZs4gS6E0QMl0ZlXlHAYOTSjSjhrARwcU2go3bo3FiY4cpDK3cmvqCwEAADE1yYJDmhcGBAACH5BAUCAAAALAAAAAAOAA4AAAiLAAEIVIBhB58dLQwIXAgAgZE6gPwE0gNGyoSFBsYEGqOlIxk9gV4QAKAASyAvHVN+6aOHA4APg8iknPlljxIFivx8mTmzDhgPWzjyTCnzQ9ChRLV8YKITqRafHmDKHFrTiYKSJ3l+qbPHJQAHGsfs7AjyyUiBDx4C2iOIogoKDAEwmBGGTxheDhgGBAAh+QQFAgAAACwAAAAADgAOAAAIewABCARAgkoUKiYGKjQApIqXLF+uGEk4sEAXLV2waMQCRouUgUy+bNmocUsVMB4AdNBCkuSWLD4A6MjSkmQVIw8UVanZkoROniRXzASK5eaDlUBfchEYcqTLKllSAjDQ5UvGjVe0qFDogItDiBJZTFAIQEFBHlRYGFAYEAAh+QQJAgAAACwAAAAATAAOAAAIpQABCAQAAocQHDMGDFzIsKHDhxAjSmRYIAcRI0qQNPFBY6LHjyAnCmCCZMmQk0OaIPkQsqXLjzqQJEF5MgkTKA9e6tw58AcSmjSTKOFBgafRlkWUAKXJBIiBo1A97mCyFKXJH1GzQpxa9eRVrWAZJu06pOnTsGg5/KwqlCjatzqczAzKpEnOt2gHkDSJUqUJvHgNWFSixMnGGYATg0gRREjCxGgDAgAh+QQFAgAOACwAAAAATAAOAAAI/wAdCFyAwAQLExwiCFzIsCEIJHcIuQEioKFFgQRe7LlzZxAPBRctLggT8U6XDhYHPMlRo4YPHVE4TAgpcAKTatLKjROHLZYQmgIPwBkWrlw5dM8IPQDqYAQpbOLGlXPWqwuDhRGm1LBxo+sNHT5IEAhJAMk5dMOCHQv2TNy7FjQVXDqHba1aaOdSJaBJ4hu5aGqDZZNGLs5YCid8TPHq1YYOAyE/SIO37Zhly9vGgQIQss65tJfXCju3BqTITuUqh96GLdwTBx58MGasVcjMhgQklUsWOnS5KmMbGnimTm3vYNCgzbBIwAc5c70xh/sUQEqN2YxtRClgkYQpatEtB/+TBm6BRSjTwl+m5sWiAknijEeH1k3FC67YGYewSKVbNPXHmMNKRQ0JEk02AB5DiEUHbGINgMJwA8QJ+OXX1X4N9fefeuaMQiBDBiII4IINNfigesJsA4QK11moHWcNeQdeeOOdYl5DTaQHIDVfWMQAfPL1Bs0yKsRmYW23MZTbbuqVc0VwDCFAXJDiJTcCc85BF9024WiyAAVPKIadYwiEZMJkql2WmTswWhTHZ0EGM5obpjW0AGppYobNOEUIFIENPuTAGFgrQIkbFuewI0xgbbWjQlyonPNgMHedI8oBfH1TDmBrDUaOHlAOcF9LL1FhQZIXTdAETuWEMw42m5xGwFQEdwyzjjjioKOMHBjS9MEnUBVF1RVXMTTBAybEYIIFCjElEAdYrCFHIUMM4KwDEzyRzh1rJJJDnUA1wIe0a1Sx3EIBAQAh+QQFAgABACwAAAAADgAOAAAIdwADCGRgYIUFEiEaCFwYIAIMFShOnHjR4gGBhQ1UvEChoqNGGR4WxjjhsSSKFwACOJDhomTJFyYCjCDp0iOKFhFYcKxZ0oFOnj0vvAAKEScClkBhChzJ82TKAAc0pnh5AgTDCDFcvHhx4qaHiwxLFBAhAqHChQEBACH5BAUCAAAALAAAAAAOAA4AAAhyAAEIVCAgRIYQBgIIXAhgAQkMIz58uCDCAMMANC5swMARw4UPDgROIPGho8kRIw4AGFDSpMkPPwh4uODy5IoFFkbUdCkg506TAmb+hHiT5VCYE0a2dDnjgkoAAehpNPkx5EKHECVStMgQgIIIHsImZBgQACH5BAkCABEALAAAAAAOAA4AAAhiACMIJLBAgIABDRgIXBhBgQEEDyIiQJCAocMHEzNCrCjQAUaNGR9AiLDgI8iJDwoQAGDyJAIHDB661LhA5syJC1jefMmg5M0HBghE8HgzgMCYLVEeYBgT5UeODAkaRKhwYUAAIfkEBQIAAAAsFAADAAEACAAACAwACYCoYsXKFRAEAgIAIfkEBQIAAAAsFAAAAA8ADgAACI4AAQgE4AHKHDiI+EQYyBCIp2jOsF1DdgkHQwBQpGnzZapjL2rHYgwcEU3YqI4oR1ELNYCgoWknUcqctgXAFk/bZOqMBikAI1HLdMqs1knAz6BCO1bzJAALzqQdeQbw8DKm0GlYBH6Ils1qx1HXODFUopGjR2rCWlxkkiraNGsTLwm5KBCEEjt38vgQwDAgACH5BAUCAAAALBQAAAAPAA4AAAiHAAEIFLhkT6JANgYqBFDjky9jxJCBktRi4RJlyzyt2pgqGSsTAzH0MtVpo8lOxFAJzLDmWEmTMIMpAdCE1CiYOHvhAaBnUyqcMD3NitDzJ9CNnk5FUGLz6EadAEKsCfYSqEyBM3qxqroRJaoBA5lg1MgRmSkWC304DBYR1CQVC8P6mTMozMKAACH5BAUCAAAALBQAAAAPAA4AAAiKAAEIBPDAxxg9caIcGMjQBiRPo0CB2pSGBUMAPkylInWq46dSnT4MFOGpE6qOKFGBmiSAoJ1RJ1HKHMUEgCJInGTqTMWmxBhKmnTKJJUpwphIn4SiJBqBCaRQSjvyLPHgZUyhNAWuKHm1o0qWA4FolPkJVMiLYSJBFDUxjZiLAj0AqbNHz6IIDAMCACH5BAUCAAAALBQAAAAPAA4AAAiLAAEIFBgGjCxgMgYqBBAFz6xQr2JFumNi4Q5OnzBN0ggp1qUZA0mcuiQJk0mTkmIZigAAwZ5QJU/KhOUDgA88l2TKnEQKEYMrhyDplJlJzQGgQoeaLHrgJiWlGk/BYeASJtRNPQSKJKlT0quVA3VwIqWRo8cRCxc5hBWR0pqKCwE80PGHjJciBxQGBAAh+QQFAgAAACwUAAAADwAOAAAIjQABCASAIAqWKlWENBg4kMAJOpIoQYp0KNEIhgB4XML0yJBHNRRXDPwxSZIcjyjlRHpzAIADMpROopxJaQcAG3QOzdyJKRCALYTw7JyZ5k4CoEKHeny0JkGYnEo9YhIkkEwkmUMphRHIAZPJoZDuMFy0sePHSJI6YCxiSVIkSJAOzfmAcWCOLleqvMAYEAAh+QQFAgAAACwUAAAADwAOAAAIjgABCARgQAYUI0qkLBjIEMUcOW3SqHHTZwVDACcOGXoDxwqcO3gIkRjoQQ6hPFZSpsyjZlACglfwIFJJ0wqeKACoJCpUUyUcOWMAQLFzp6fKO4kaECFqNCXSBmh2Nv0Z1EDMmUZvCgRhEiVNloMODCxySA5Hj3fUsBnJ8MXDiBPjYLgoEEGRJkiMqGjAMCAAIfkEBQIAAAAsFAAAAA8ADgAACIsAAQgUiAKIoiEsBioE0KKPnTVv7iQCY2GhkDWIBAHaGOiOHRADMyCy42ejST9vxjQAUMDImpImY645AeBEnzkxY/pBVEWBDz2DcsYUVGfBz6BCNxJdYBNnUkCIrigw4BKm0Ds0AXgYaXUjSpUDhdDJaLLjx4Uq4jy08ibRHxILBRoQwoWJohgLFAYEACH5BAUCAAAALBQAAAAPAA4AAAiGAAEIBDCgRS4dOi4EGMjQBBg9gfwAqoMEBEMALQbpIaNFy5cxgPp4GPhAT5wvHVN+2VNlAUEugbyknKklkAoAvK70oTlTjxIAObKM4ZmSzJUANoQS7Wg0AA6dS7X4fBlzqSAcAkuepPnFT8uBGTcWBRRn5EACDiHu8dMHyY+LYMPU0PHhYkAAIfkEBQIAAAAsFAAAAA8ADgAACIoAAQgEIOADlShUOjAYyHCGkitfsnipMiQEQwAmyIDBwhFLmYkPBjoAc2VLR45bskAJACBCGC0mT3b8wgIACyVVZJ4E0wNAkTNddHYso6TEz6BCPSoJEANnUixggBDc8SWmTi8wBI4sKTNlE4YmtGwc6sVMyIZGIGbJUmWJh4sCB5igwgMNBpYDAwIAIfkEBQIAAAAsFAAAAA8ADgAACIIAAQgEEAEDDiEofgxcCICEjyZIlCghkuMBwxURlwzZuMQJEQcDDTQhkmSjySRKagg8UARJSZMwncwAMMIHEZg4m9wAgAMIE5wwl/hg0PMnUI5Da948OkQnAJYumRo5IlAkSZwoawQY2AFJk6ATETB0CFEiERsWGRLEkCKIEA4MFgYEACH5BAUCAAEALBQAAAAPAA4AAAiCAAMIFAjCBAsWIRQMXAhiyg4fNWrYeGFgYYAfOnTkuMExh0QAAwdknMKx5JQaRRgEaCDFB8mSMH2QCGCByg6YOHUImWAiig2cMHNQYdDzJ9COQ2vePHpD5wSWLpnKFChSx0uTNYYO/OHDUdAaOyoypKIDosQXFSwKPMDBRAwWHiwGBAAh+QQFAgAAACwUAAAADwAOAAAIfAABCATQ4AEGCyIQKBjI8IEKFy9OvEBhYgBDAA9evHChoqOLEygiDDwwsaPJji/ELFww4sTJlydCAAjRAsXLky9MACDRguNNjy0U8PT500VQmjZ/qsgJgKVLpTEFkkz68kXQgSE0noQY8qJDFBInsrB4EcCBByRErFDIMCAAIfkECQIAAAAsFAAAAA8ADgAACHoAAQgEEMCAhwweBkwYyNAABgwXPnwYweEAQwAVPlx4+HCDhhENBi64MIKjyQ8kKABgAEKDyZcfKgAwIKLkS44XOEzI0GHDTY4bROzs+bMjiQk0bf7MOYGly6IfHAgcqfQkCYYZNwIlGbIhhg0RJ1qweJGgwRAJFw4MCAAh+QQJAgAAACwUAAAADwAOAAAIbgABCASgIMEAAQIWUBg4kEADBAgePIBYgQFDAA0mQtw40SIAAgo0buToYALBAiJHQnzQgEACBypVPjBAQADMmCNL2sSZc8JLnitpKkAJ9EECAiBTjnxQcqAEpRs9CnS4UmOFABcFKjhwcIBChgEBACH5BAUCAAAALCkAAwABAAgAAAgMAAmAqGLFyhUQBAICACH5BAUCAAAALCkAAAAOAA4AAAh9AAEIBIBizJw5eooMXJjIF7Rp07T1svJg4aR1yExpNMUsnqYGAr/E87VxY7V4dih46HWsZElixDpsGebSZbArjHpVq2kSTs6dPE1Vs4KFZlBT266sDBYUJgYAZEbWPIloYCZ0GTcykxZrIYA5DuGpk7imotcXfezY2UNlYUAAIfkEBQIAAAAsKQAAAA4ADgAACHwAAQgEoOLPnj1kTgxcqMdTt2DBuqVKhGAgBTXfQK3auEqUskgDq3zzxJGjp2iBKGTwxKpkSVCgSDTR5dLlKCx6UpGsudFTopw7efpUQpPnxpshUo0yCpMEgCvRgppESUEgnowlPVJqsHCPw2DJlqWas3AgCi9+vI15sjAgACH5BAUCAAAALCkAAAAOAA4AAAh6AAEIBCCmy5gxV1AMHNiAzClRo0al+qTHwUI3vUKd2ngq1q9DCwRu8UWKI0dSvvpMeECqk0mTmzZxULTq5ctQSsZ8svlSz5iSPDnqYVIz6CmcLDkFjSmwDEmbKPsMLNRrk8lYpg4tPPATYqmJexAsFCilSp06YF4sDAgAIfkEBQIAAAAsKQAAAA4ADgAACIAAAQgEYMIIGDBbWlAYOPAKplewNn2CRMYAQzueKGGahAlTpE5sBkLpBIljx5OdWk1AAOmSyZMdI0UC4QMVzJuYKCm6AgnnTS08fcLUUlNoR50sXfqUCYLAyJI4O3mZIBCjxpOROMlZMDABGEifNkmENMYBQwAEYiBp1cqVCoYBAQAh+QQFAgAAACwpAAAADgAOAAAIewABCATwgQkWLE1iDBy4YEsaSJEiQVJzZeGEPagOGdpoCM8lRAEEJkGlhiPHR5e6THCgRpVJk23aeLAh6eXLQz62qHlk82QVnTx7brwSpqZQQzgBtBQaU+CSS2lsouwy0E9Gkx7hLGyARQ1EiWrAGFgo0ASRLl2aiFkYEAAh+QQFAgAAACwpAAAADgAOAAAIgQABCARAwwcUKFxMTBgoMACRN4bw4DH0BkmBgRS0HHJjpaOVNW38DNRx6A4cjx3fHFIywcAdQidRdnTjJgQVNjJlFrIB5c6bnB7fGCHiE2hKI2hwGrWy0yVMoGvceADAp2RMlCsFUhizESVIQAEGLugZceIdJAwHzujRRElCCgMDAgAh+QQJAgAAACwpAAAADgAOAAAIgwABCARAwgaQHjpmDFzYQxCcNXfgBFI0YOCELoXmANoIKBEdLQwE8nATyA/HjYLcDJlQoJHGkxwTMXpwwg5MmHOo+Agk6CZHQUx29vQJSJCimkQ35gQQ6OVNmQ8ALHIjyOTJlEsGVimU6KRHMgsB7GoE584dRIGYVAy7YgcXLjpGLAwIACH5BAUCAAAALCkAAAAOAA4AAAiDAAEIJPCDio0caEhMEMiQgQ0yewIJ2kNGRwSGE6AkqqOlo5Yxg7YEAEDgRCIyHj2SEZQDwAAyfVKmHFPHH684MmXqE5JjDMqcHcnUsDEGqMoaOHAa1bLzZUygNBGUPAl0kI6FFJpsnDmoCwOGAXZAFARIz5gaAhgO5EAlV5goKxYKDAgAIfkECQIAAAAsKQAAAA4ADgAACHQAAQgE4EEIFSovfgxc+ARLli9fwJSJkmChjzFVsGjEUoUMk4EqxmwcieXLEwARylwhubFKFQMsVrJs2aJIl5kjo9jEuTFKDJk4q7QQgAUoSZcGAITEOYbKwIsZN3YhQ2QhAypYwHjxInFKhIUCQRhEyGFhQAAh+QQJAgABACwpAAAADgAOAAAIegADCCTwIAYOHDE8TBDIUIGKJUqcOGmyREgDhhOibCEypOMQJkh2MAhAwMSWJR49LnGiIsCBJRxTemTCZMCImDI9EvmAA2XOlEJ6/gR6c2jHnS9xyqQJgAALJD5lshQ4gcfGlCDDjBTIoGdEIxRfXGRIsiCOFC0UMgwIACH5BAkCAAAALCkAAAAOAA4AAAh6AAEIBGBghgkTFx4QGCiQgQkeNXz4qJEjRoCBE3DU2HGj4w0bPk4wAEAAg48cHlP6MAGgQQ6OKT3asBHBgo6YMXeIMIESZ0oWPH3+tCm04w4SLmHinBmBAI2TPlcKnICih42UIEUOVGDiRo2IFGMsYEgSwQigCScMDAgAIfkEBQIAAAAsKQAAAA4ADgAACHwAAQgEEOGHCAsWDBAYKFABCRUoXpx4oWIFg4EEPpxAoaIjRBksFAAgAEKGC48oT1gAsAAiSpQuUCQIQfElShQeSJy0iVKETp49QwgB2hHngphAYyYg8MMkzxMkBE748IKjRxQnYIgUyOChxIkqOpRgKFAABxIkbBmYMDAgACH5BAkCAAAALCkAAAAOAA4AAAhwAAEIBNAAgYcQDyIQGCiQwgMMIz58uEDDg4KBBH5cGIGhI4YNH0hQAEAAgYkNHlN+eACAAcSUKTeMCGCAI8yUIxxkQHkzZaWdPX3WDNoxp0ubN2UGKHmy50qBGTfGDDmyYYaPEilaZCiw4MGECwUGBAAh+QQJAgAAACwpAAAAFQAOAAAIbAABCAQA4YCAgwEGKlwIYIIABAgePIAogAJDhQQKTITI8YGBCRcBEDiwkWPHCCEVmFzJUcHFBCxZHrj4MKZJATRt3nypk6OEiyp7InDJcGTJlQ9Qhsx4lOPHkAIdQpQIcYBFqAMhRDgoICHWgAAh+QQFAgAAACwAAAAAAQABAAAIBAABBAQAIfkEBQIAAAAsPgAAAA4ADgAACIkAAQgMcGMOHDtISAhcCKBDJGLUrk17lgoJQw7LpC0zxdFXNGdkBp5yNoqjyVHJsL0AoENaNZMwR1mLFCDNNZg4m4kSc4kYTpjVRtXo+dNk0Bo2i3IkJqpFy5c/R0GjtCDAqWklYyLDdmIhM2e9jEaTNobhiEjIqFmbmAoLQ4ELbNi5g2jLCoYBAQAh+QQFAgAAACw+AAAADgAOAAAIhQABCARAxU8iP0QsDBxI4hCoZMSO/dIERcFAEKKEpVrF0ZMvYWAGQjLWiaPJTqWIoQBwY5gnkzA7ETsUwA0ymDhBxTIhCRROnJ1sTPL586QNm0U56mSRQ9jLn52K0QwAKVjJmKBUCuQgytjGjh+zLOxwqBQyYsFMaVKycCCPQHMCKSGxMCAAIfkEBQIAAAAsPgAAAA4ADgAACIMAAQgscWKMnjpDQAhcCIADm1ClQI1aFWkIQw+aWGk6xfGUJ1NlFuIZhaojR1ShRLUAQEWXSZOoRMkpYQfUS5ObKH1IE+tmR1KoovD0yRFolJpET22K9IGKKaIx5QhsQ/IlSlG4BILI+Mnkxy4MScjZBErUxEhMFDAUWKTPnj6KODAMCAAh+QQFAgAAACw+AAAADgAOAAAIhAABCGSAAoysPzU8CFwI4AciSptiwULVxgdDAJA4QZqEieMsTrQGWoLFEZPJjpRexQBwglOmkzAlvXrDAFCskjBNRjo0406knDknPfEJFKZQmzhz7hzR8iVQmW9KMCi0SVLQlCsBeIgEa2NHTB+VMORghVKsV5soWrwY4EUrMq18gGAYEAAh+QQFAgAAACw+AAAADgAOAAAIgQABCAQgBUsVLDYGKvQg6FAkSJQkFcqh8AEeSmoMaXw0idKSgXYoydFI0tAhSB8ApKD0qCRJOZAaMRgTyWXJNoQ6MMJj06WQnT1fvqAZ1BDODihY9oQ5iAEDO5FGujxpQmCINhhJPpJEiYnCH4McQookiVAYhQJLqOhypYsODwoDAgAh+QQFAgAAACw+AAAADgAOAAAIhAABCAQQA4qRJlQeDBwYYowbPGnasJkTZeGDNW3uWLEC542cNjUG6mmTZ6NJOG7SzADQos0bkzDzpKkD4IoaODBh0rFDIs6anDBfqvAJ1KRQmziL7iTR8iVQmTQB6MFTEibKNEcEXsRzB2fHjz4WeqjjRk0aPGzsVFwoUIwSJErQhFgYEAAh+QQFAgAAACw+AAAADgAOAAAIhQABCFTwAYgiIC8EKhT4wAyjO2/W2NGTUKGDRGsGAdrYyM6aRQO9rPGzsaSfOVZWADBBR1DJl36sXFGA5A7JlyUT6fnxJxHOly5Z9PxZMmjNmz91/mCxxuVPP3DACBSJdONJKx0EIsCocaMgO3RyLMxwJdEdK3cmnlgokIEJLkySnHiwMCAAIfkEBQIAAQAsPgAAAA4ADgAACIIAAwgMgGGHjh0qDAwciMBIHUB+AukBI4XCQABjAo3RwpGMnkAvBm4J5IWjyS999FgI8GEQGZMwv+xRomCJny8wYY754wHJxpw5P/gEGpTJTaJadnpo+RKoTCQKFGAhmfNLHT8rAxjIOAYnx49FFjZ8uEfQRBwWFwaYEYZPGBwIFgYEACH5BAUCAAEALD4AAAAOAA4AAAh5AAMIDECCShQqLAYqNACkipcsX64YMTFBYRctXbBoxHJFi5SBTL5s2ahxSxUwIAKI0EKS5JYsPQLo8NKSZBUjD5ZUqelyhU6eG7d0mAkUy80HK4G+5CIw5EiXVbKkDACgy5eMGzumUFiBi0OIEmNUVKig4EEWBhQGBAAh+QQFAgABACw+AAAADgAOAAAIewADCKQAIoUQHDMGCFwYAMANIkaUIGniYwbDCEyQMBnCcUgTJCYW7kCSpCPHJEyaPAjwA4lJk0mU8KBQRMlLk0yAIMix8aZJDjx9dkzCoabQITkRtBQac5HAkSVhpswgUEDGJSY/hlwIIAcRJUqcUBzBcGHBIEJGKFwYEAAh+QQFAgAAACw+AAAADgAOAAAIegABCAzgwAQLExwiCFwIYMCTHDVq+NARhQPDAzxq2LjB8YYOHyIEUjjhY0rHjjZ0OAAQwsfJk1NqCJkgpcbLkzaiGDix8eZJDzx9/qwp9EZOAy2Fxpw5suTNlAgEHrDhI8fJjx0YCnhhI+JEKiQYCpzwwEQMExYULgwIACH5BAUCAAEALD4AAAAOAA4AAAh1AAMIZGBghQUSHhoIXBggAgwVKE6ceNEiBMMGKl6gUMEx4wkQC1mc6EgSxQsAARzIcEGS5AsTAUaMbNnRRQsBLDbSJIkg506eI178VGFTAIKVP18KjDGzpUmUATBqdPmRYYQYGV+cQNHCA0OBJQqIEIFQ4cKAACH5BAUCAAAALD4AAAAOAA4AAAh0AAEIVCAgRIYQBgIIXAhggQUMIz58uCDCAIGFATpc2IChI4YLHxBcnGDhg8eTIy4cADDA5MmTH35M8HDh5ckZKxpwGGHz5YCdPU8OoBkUA84GLYvGnEDS5csZKgVm3HgSpMiFC0hAlEjRIkMACiJ4GJuQYUAAIfkECQIAEQAsPgAAAA4ADgAACGIAIwgksECAgAENGAhcGEGBAQQPIiJAkIChwwcTM0I8sNABRo0ZH0CIsOAjyIkPChAYYPIkAgcMHrrUuEDmzIkLALQ8CbPkzQcGCETweDOAwJg7NzKMifJjRYYRCBpEqHBhQAAh+QQFAgABACxSAAAADgAOAAAIawADCAzgoYobQ3SYDBg4kEmAewLxzQsQhOEWcvvMDYwW4J1AAgGkMRwZQICHAOVICgxWrgwSlQzjUbKyDKbAYQFo2gyAc4u9nTJB7GTZBeTOAAsDYCEZbVy7kU16PQ0gESaIK4TUEIICYGBAACH5BAUCAAAALFIAAAAOAA4AAAiFAAEIFIgE0RpEXAQMFEiAi6dnzrBRQ3YpxUIo0rT5MsWxF7VjLQTOeDZsFMeTo651iuBBzj2TJ2NOMwLFU7CYOKNJSiRqGc6Yvjwx6vnzZFAlnrgV5aiz5culMwmMiHYMJkpsnQYqybix47VsIQcqSvVsmjVqyS4JWSjQQxkrhfIsGTAwIAAh+QQFAgAAACxSAAAADgAOAAAIgwABCAQQoskgO4FqDFxYg5SvY8SSlZokZeESYd08rdqYKpkpFgJX+DLVaaPJTsRQRchwx1hJkzCDEWFyahTMm73S6NmU6iZMT6R29vS5EShNm0RX5QzR8qVPbkQAdPDFyulGlCoFMhHWS2NRZKZiLPTxyVcwYsgmqlg40EgiRIl8LAwIACH5BAUCAAAALFIAAAAOAA4AAAiAAAEIBPBAURw/cXJEGDjQBiRPrESBCpUmBkMfrFKd2njqE6hOJgSS8LQKFceNqEBlIjhnlMmTHFlx8QGJE8yTqdaMoaTpJkdSkHb29HkKKE2bRHM+aPny5qgkAEZ2aopS1EqBPUxp/AlqVciBOh6OkkixBUOBIYjoCaRHh4CBAQEAIfkEBQIAAAAsUgAAAA4ADgAACIkAAQgEgMCHlzFf0BwYOBANHlShXsWidMcEQx2cPmGatBHSpksjBHKYhUoSppMnJ8VKcwDBHlgmUcrcpEOHmksyZU4CN+fKIUg5c+LxCTToyUx4bOI0unOOS5hMN9UAYGHWpZgoJ71KMxCjRo6TIMW6dIHhDTyzYEmktIYFQ4EPgJCpo4VHhIEBAQAh+QQFAgAAACxSAAAADgAOAAAIggABCATgwEYXMFVODFz4xM0kSpAiHUo0YiEPiI8MaVQTSVUHgSAmqZKjsaScSHcSONBCiWTJl5EW8Vhz6KVNTHq2EMJj8+WjNTp59tT4c2bNoYZwImDpsmekHABCjrQpB9KaAwIXUcKUcWNHGgupOIwU8dCcDwsFItBRpVWVIlgFBgQAIfkEBQIAAAAsUgAAAA4ADgAACIcAAQgEYCCKki1GhDQYOFDIHDlt0uBx04ceQxltDN2BY8XKHTyESAj0IKdeno4o86hJlMBAlzaIUMq0gqfIk0SEZsqUU4uInTs6Ub5J5BNoUCtDi+A8aoWnS5hB4eChQoAkoZMy86RhKbBIGzkbrcD5GHIggRcPI6pxo2cGQ4EOeBjBYuQFw4AAIfkEBQIAAQAsUgAAAA4ADgAACIYAAwgMAODFEiJDWgxc2KKPnTVW7swBY2FhijVwAvkB5CfQHTs/BD5AZGcjoJMc79RZUEDJGpMoUa55gaLPnJg4EXXxoWcQzpiC+vD0+fNkUCE2i57UacAlTJx3XgQYWRKnHyt1bgkUsgaRRo6C3tjhsBBXnIdwJGYhsVCgARmKoCiS0mBgQAAh+QQFAgABACxSAAAADgAOAAAIggADCAwwQIWOGjpMLBg40MQVPYH8AKqDBATDFoH2kPmi5QsZQH08CESgJ44XLShRftlT5cAALoE4ppwZSEqLK31m6tRDJMefMTpnkgFj42fQlGSu3Mx5VIseKC9jNq0ZgKRJnSurLAyAcY9QP3EsDmTxMKMfihwYCgSQgo+PhFsDBAQAIfkEBQIAAAAsUgAAAA4ADgAACIAAAQgEEIFFlEVUNgQYOHCDkitaWnmpsiQEww9a/mDZiMXVxAcCDVy5soXjxi1ZmjSIYONLSZMcv5j4oKQKTJNgahRB0uWmSSU7e/rcqISmzaFgfLB0OVQmAJEkYaJsshCACS1gTLrKYiYDwxFGrnj5k6WKIg8MBQqIcTDKCIYBAQAh+QQFAgAAACxSAAAADgAOAAAIewABCARwYISQFyhIMBg4kISPJkiUKCFi4wHDFUiaDNk4ZIkRIggEFmhCJAnHjUmU1Fhw4AkSkyc5OqHRwQeRmCebRFEBhAnOkz54+vy50UfNm0R1HpDxkuhMgVBKxky5UqCIjCeXTAw5cMXDiBMrMhQY4YOQE0JIlBgYEAAh+QQFAgADACxSAAAADgAOAAAIgAAHCBwQgQMLeSY8MBg4EMQiHT5q1NjxwgDDHzp05LjBMYePHQAECtCxYwrHk1NqUAnQQIoPkydj+gDxg8qOmDgdpTARxQZOnFR4bvx5kkrNm0Rv6Gz5MqmPHwNGlsSZcqXAHz4cDb2RY6LFhlQgStxxwgFDgQ1IyBPDAsRCgQEBACH5BAUCAAAALFIAAAAOAA4AAAh5AAEIBNAgBAYRIh4oGDjwgQoXL068QGFiAMMHL164UMHRxQkUEQQemMixJMcXLRgEGHHCpMsTDx60QOHS5AsNFlqkqGmyBYkWG3lybCGTptAXF1a2FHoiA4CRRl2iZCAwRMagJ1EIuKgChcSJLCwyBJAgxIqDCgcGBAAh+QQJAgACACxSAAAADgAOAAAIcAAFCBQQwICHECEATBg4sACGDR8ijuAggaGBCxcwaHz4YUQDgQsujNhI8gIJBQw8fCDJ8oMBAyJGstx4AcSDDhtmkiRxM6dOjSRgytRZM+XKny4FhBxa8qTAixk3QvTI0OEGjB0tVGRI0GAlDwoHBgQAIfkECQIAAAAsUgAAAA4ADgAACGMAAQgEoCDBAAEDFigYKJBAAwQIHjyA6IABwwYTIWqEaJGAgowbIT4wMEFBBJAhIyZI4CDlxgcFBLR0qdGBTJo1WeKMWMAkypAPDnj8uZGkQAlEOQ50KDKjgwAMBRYUgFDhwIAAIfkEBQIAAAAsAAAAAAEAAQAACAQAAQQEACH5BAUCAAAALAAAAAAOAA4AAAhnAAEInBBAgIABCRgIXAiAQQUECB48gCiBwEIFDiZC3PjggEUCFTRu5FiCwAKRIyE+MMBgAMqUCBwcMAAT5gCaNUcOcJkToswFPSOyBPlyZACLDDLC7GhRoEOVGj0yBEDQ4AAJChcGBAAh+QQFAgAAACwAAAAADgAOAAAIcwABCFQgIEMlDw5KCFwIYAEJDCM+fLiwwgDDAB0ubMDAEcOFDwgETrCgoaPJERcOABDwwaTLCyAWgGjpsuMIEQ4szKjp0oNOniY9zASKYYYIBCyJwmwwsmRNlCoBYNRo8mPIhQ4hfqRokSEABRE8iE3IMCAAIfkEBQIAAgAsAAAAAA4ADgAACHIABQgMYGCFCBEeGghcKCACDBUoTpx40SIEwwQqXqBQwRGiDA8LY5zoSBLFCwACHMggyfLFhwgYXrAs2QIEi40zSc64mVNnzJ4QazoY2dNlBAEic5pEKeBARpwcUcgAwdChixcvJrYAyVAAQREYViRkGBAAIfkEBQIAAAAsAAAAAA4ADgAACIEAAQhc8MCEPBYkDghcCEDAkxw+avjQEYXDhIUReNSwcaPjDR0+Viw84WOKx45TbDhyACCDj5Mnp9QQMqBFDZgnbUQR8YIjzpMtTvj82bGFTaI3dIpwSVQmTQpPSsJMqQPBxQg2fOTwmAOkyIUCXuyoIZEiiYsMFXgwIUYeiQgMAwIAIfkEBQIAAAAsAAAAAA4ADgAACHwAAQhUACLFCyEfIghcCKBADiJGlCBp4mMGwwFMkCwZwnFIEyQmBFLQgSRJR45JiDR5MAEEkpMnkyjhYeCEEpgnmfgwsYMJTphPev48+cTm0CE6TbgcKpNHBQU6jJiMqfKBQIwaT34MudDAw4hOmvQYwVAgAw4Gg3wYwDAgACH5BAUCAAEALAAAAAAOAA4AAAiBAAMIZECCyqIoMQAIXBjAAJAqXrJ4uWLEBEMAXbR02YKlIxgtLQQqYCKLY8eOW6pc8RBghZaTMLFsyeIDgY0sMWFWMdJiSZWcMLfY8An0pNCbRbHsVOGy6MweCEZ6MWm0yh8PBBp2+eIK5kcVDB1wgfhnopEYDBd2oJKDRwuFCwMCACH5BAUCAAAALAAAAAAOAA4AAAiEAAEIBDBiRw0dKAwMHIjASB1AfgLpAYNroYExgcZo2UhGT6AXAhlgCfRlo8kvdfRwAHBkEBmTML/safKghx+YOOuAOYGkDk6cX7gg0fjzJBebRTfqPHEkUFKZSkKIJAm0zp6VABxgHFOLo8cnCx84BLQnUBwwKSgsBBDgQxgfNV4oHBgQACH5BAUCAAAALAAAAAAOAA4AAAiJAAEILGGCC5ElRRwIXAjgwZU5d6yssaPnBIWFCAatGQQIkJ9GdtbwWFhrjZ+OKP3MsUKCgIk1glDK9GOli4cmd07KRJlID48/iXbKFORHSZagQjsSVdLkTdKOPXm8jCmUZhUQAL6Y3OknkRURAh8k2ijTDp0cDDM8jHiH4hOGC2MMgcKECgKGAQEAIfkEBQIAAAAsAAAAAA4ADgAACIUAAQgM0KLJFiM5EAhcCMDDGDd40rSRM4cKwwdr2tyBYwXOHTltdCzcgyePlZMn87hJQwNAizZvUMrMk4YMiC5qOMpESceODj10du6EUwWoUJlEceoU2lPHy5hCadoEQNLkzJUzBGbIuLHjxzY1GIKoAzENHjZ2eChgCGCBFCVYzth4wDAgACH5BAUCAAAALAAAAAAOAA4AAAiDAAEIXJACC5gqNR4IXAgARKBDkSBRklTIhoKFHvBQUmOoY5pJlLgstENJTseTcg5B+gAgBaVHJ2PKgbTHQq1IMXO2IbRrDr+cMWF+8Qn0JEwtWiAV7biTi0uYQGf6IVGCpEmjKVcK9NBm48mPlJYw5DAIIqRIFHUwXPiiSyszPkIwDAgAIfkEBQIAAAAsAAAAAA4ADgAACIcAAQgEcALMGC1DPAwcyCEPpU2vYKFq42MhCEicIE3CNCnTLE5QBJYoBEsSppMnJ1F6ZYIgJ5QwMUl6ZUeEnlgbY56M1IbImkg6YU7S8zMoyqE3c+rkSeTEy6Az7WAIQGiTSaErWUwAACISLI0cMX2ktZCEFUqxXm2a2GOhwAZPatUho0jhwIAAIfkEBQIAAAAsAAAAAA4ADgAACH4AAQhsQGWMHz1NBCoUSEJOqFKgRq2KtGThD02sPp3aeMoTqy0CA7RhhYrjRlShRIkhUMSUSZOoRLmhMQjUS5ObIiHBs+nmS0Z4Yvk0ySiRzaE5kVBx6TNmoRkiR5WEmbIFAQAcYmU06bHMQhEOS4mSGInJQoU8+gTaowTEwoAAIfkEBQIAAAAsAAAAAA4ADgAACIUAAQgEkMOPnURIQAwcKOJQqWTEjvnS1GShBVHCUq3a6MmXsCoDIQXrtLFkp1LEcABYNMxTyZediuH5YIXYy5ugNFXBJOrmS5d3ePosCfSNzaGrclbJIcylz07MZjYQSRImShwTAJAQZUwjR1/Zriyk4RAZsWC/NClZKPDAjkCIGGHhsDAgACH5BAUCAAAALAAAAAAOAA4AAAiKAAEITKDDzho4VTgIXAiABqRk6rBNe5ZqC0MSy6QtM8WxWjRnXgQuIDVtFMeTo5LNQwEgjLRqJ2OOmofJRD1qMXMSE5UFFbGcMavZk4OKGdCTQuWwuXaU404vLmECHWUNkokFn0rmTAnthcAVzJz1QvrMGRmGFyIlo2ZtYiosDBfWsEPozhUSDAMCADs="
-          alt="Maintenance">
-      </div>
-      <div class="main">We'll be back soon</div>
-      <div class="sub">OneLab is temporarily down for maintenance.
-        Thank you for your patience.</div>
-    </div>
-  </div>
-</body>
-
-</html>
\ No newline at end of file
diff --git a/app/proxy/not-supported.html b/app/proxy/not-supported.html
deleted file mode 100644
index 29e4bc0..0000000
--- a/app/proxy/not-supported.html
+++ /dev/null
@@ -1,82 +0,0 @@
-<!doctype html>
-
-<html lang="en">
-
-<head>
-  <meta charset="utf-8">
-
-  <title>OneLab - Browser not supported</title>
-  <meta name="description" content="Your browser is not supported">
-
-  <meta charset="UTF-8">
-  <meta http-equiv="refresh" content="30">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-
-  <link href="https://fonts.googleapis.com/css?family=Open+Sans&display=swap" rel="stylesheet">
-
-  <style>
-    body {
-      font-family: "Open Sans", sans-serif, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;
-    }
-
-    .page {
-      position: absolute;
-      top: 0;
-      bottom: 0;
-      left: 0;
-      right: 0;
-      text-align: center;
-      padding: 128px;
-      display: flex;
-      flex-direction: column;
-      align-items: center;
-    }
-
-    .content {
-      width: 320px;
-    }
-
-    .main {
-      font-size: 32px;
-      font-weight: 600;
-      margin-top: 64px;
-      font-stretch: normal;
-      font-style: normal;
-      line-height: normal;
-      letter-spacing: normal;
-      text-align: center;
-      color: #4a4a4a;
-    }
-
-    .sub {
-      margin-top: 32px;
-      font-size: 15px;
-      font-weight: normal;
-      font-stretch: normal;
-      font-style: normal;
-      line-height: 1.47;
-      letter-spacing: normal;
-      text-align: center;
-      color: #4a4a4a;
-    }
-  </style>
-
-</head>
-
-<body>
-  <div class="page">
-    <div class="content">
-      <div class="img">
-        <img
-          src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAALsAAAAvCAQAAAARbnO0AAAABGdBTUEAALGPC/xhBQAAC7VJREFUeNrtW3l0FdUdHgIkCAiyb1ZEkH1TREQRBVzqgrIVkCMFpbREPEKAIgoRxIWlilatuIRzEMUcN5YgtYYeEFRA+b47bxKeiX0algAqYFDZpDVMzyx3Zt7+XhJSqLn3n7yZO3f57u/+7vdboii/suLrIgYZlZ3O2Ait2EuvoVQVb+Eb0M2adWb6xxSWQqemXpDUZ3oKrxJzkMUc/pPZfJZ3a00rHxz1RjxtVD58bsEeSOMpq3/OTHyxF2A+vren5VSexiZxXeXCjkx79KJzC3bUxi9W/2JOohMazyOhkHvA/7toUgV7Av0/bva+x988gcb+VL4UHXK7FvuurII9gSv1Mt5eeH4i+rwasz3wHuZLYrjvSq0rBjCDH3kk/qjvsirYK24qizx6fGGgXsjba/mFA/0BXBQTrsZqT7bz100A2Mais9Y1v5lerSJh9zf0dUGf/GYxxl0ZCru/oeiRdwlqVxianTiw+Lz4APThaXsqJ8UdEe/nesh1Nmad58sx+Nqo3KAoHMzNLLHblFLDQ9EoFLsji/ud/r7Da2rP8sMeqIdMao54/ISPOVJP4TP2DJ8Ih31XLTGBW/GD/fsXbhXTEoArThFzzFUF0Dje7myTks5R0dpodQhnSTc5Q0yynxzi1giX8H70Ce1nVy0uczbZy5VeDDYwkoUdQ3gwwgwCKLD/eiUM9q9xOML9dUC9tTygF5+H/9gjxqa+am9nkitiXhTtZYdYHwZ7NPZzRL3Y20deA3wWtfV6L/DJwS4mGSZKzJmEwx6tZSkeKDvsu2rh33ZPs2LL+hNS4oIhiiBRWXbLU/Ke9sLO0/RhJefyBXzsebrKc3FXx4fO881iNDuhLQcjy5H+BWWDHQMkV4bOEm7gEj7O91DgPVWRYWcpduJtzOez2Iif3JWIEeXQ7DPNcQv8DWM3s9UDP4/b4c1yYuKWUNi5w6tQ1FtxSC5Mu9BZ8ANO68lB5+16y7JjKTomD3sgDcUOkFmo7+n3aqgxYf/Ey8tEE77lvPmhoFE5WFhb9AukxWu0x57Y3+J1l9fAmdYfQmAv0lNCjv1Yp+0YqfX4nf3kqbA5PGTPYVnysPN+RxgmhRHj6pIKhMPOVeEcSs4DOhedafL4sz3UIwns47+DDV8H9i/DLQFnOxfb4wyW3D+cqqG+rZsPSSiSgF2e1g8izvjNUNhj8XY9xbFS9sRxo1yv3umuA/041DWQeBWHuSyOvcQI9+yIHvid6eNyfDAL44JeU2pLZsSDXVH4j2AJxnPSyaB1CK/40t7QzsnBXni+1OuRLehw2MN5exCc10h5Vy+Na3IVWhYOlpoj7LLA5WKLxYmW5rtHzF8H8y4x8ZpmEQ3RWaHfHujNBHSWPM6jE4BdOhvetr9eE9f5YCz2xuRgR0fJunfVKr+0m0TZ5kQcGJVMt/EqW9HEUUxTvd8jU1H0GjjpPfPSrsFShe/ZLw6G6uewJdzngNMzAdhfsPt91/69JRHYpeWQKOyir/3d7ihzTlLa3btODI+KQwuHI40xFKQ8b/yT4duSQGOGobSkMcZ5JgbSSHxawThHhkfE8cP7QpeYFOw5dtu93Bq9ikHJwc5OFSvtgTRpnYgbYow6zwCeG1DTHGOGKeGfWBYu0o0eCFsBjTNZWr6lgMQInDDQEi2Vgkbmn6ZNF8uX4iGLi8oCO160235Yka6wQD3nUPepCGnH5c4qYwb9fK3YyWVCaOHr4uoKranWVa/u+p7QzTUE8xqwu7VZCh5zhspxm4eAfp0TNSlxDYFkYBfDHbPs0or0QDp27/sVIe2OJ/ZAZBddBRatDvY62jU3knUlRssTAR33RTgBCcBeeL5zoeSHO8kwJNgXkgSBnOoIzT0R3q6NytuzI2zSGKev58tByW8W98bygXp9gj86Ax5khssz9Wq8ius8l96rERVPArB7jRF8hm5B3v6JPMVSPFQW2IvPwzeO33OJ14OodZAkNqK061zHdkH9LHS8Tics+lcm0C0G9308V4sF4A085vVVEFiNlcjFt0E8Y1WwnzA52P2p/NTjDVnJybiJQznbdddyfCjsLOHD0apWxx7pt673hfv4FmdzKl/mFscpFd0nc4qbsRRTOJvZHheDyUnKVvx1HdtmXmKhqC7SZIlC7U5zXqi+Sw52RfE39wRMIngJPZdUZnyy6R5kZoQ7k8vqgUzEcIxpUkrxnZJ4oGCBV+aDpr0tUu5AsrCbLDei2cSD4l7vpiYHu6KIu5xwhbcWoTAq7HsjrZXHxIRyhjnGmsx9U1LRKtFEPIhN3uOJYmS5gY3ywm75M7CGRz0KbTOm5DWIwmQShF0xiPBCBlz1AYFxeo1YBNLfUMzxqhbswVMJXYVxKUr+b8oaI2kr+opB7B477UCvodUxaqRQmD/VehfZBepPRUfRX/Rnu8hSgZrW17FqJIqnXaj2xgCtjSTCgTSrrT/VNYiCn/jrsjtuE/0tr0lVOUeLnsJRYprWpgqJSi2WEuNRrUMVFpVWAvUcTjW/Co3KUzHVHUZ1XxUalVg41MwkXeNe4lWlkiQ+NK8u/l7Ni5vNpOgpvvZn9aXW7Zw74DgeH1K1J44nf4Q4kj7kcVE013IFHvNR3PF/CLthciTbr3opDovOqMkPwtMqfrWwq735OrZzlRiOExbs6MM3uA0r2Uux0i+mYBO34U31TiOygnfsBd6Mt7Gd2RzMtYalymViBJZjO9dxaAgUt2ON6U6YEO7JRm3Mx0Z8iBnGSeBU/tn+5losN0J1HMhsbsNyJ6ugJjOwHhvFo8aYYpo7FlbnN+N4gke4lmvZXVFwEZbyU67isLPv7h3FI5iu9lZv5bvQDdjFcO7GEFwk7sDXor+icDI3oI+vi/g9Bxt+bJw0Fzkd33Aie6l3YiN04xrhPpAj2UtM4jGjpdfXgyI0zm/GHer1YY6InXxG66B1xWvGdhY0wlcYZ8bnvzHyCMQEfCluEa05EntEDzPauR3rcZOxKXzZME/kNikKS7U2ojUy+YXoK/qiPjriW6SrF6vXYHt5MhvPQPGnsgS3eZWMnoJv0c9eyGB8oihcwuddD4gFu785jhvypFj/82TDrl5jw/xoqAsMT6GIO2Qan+f5LJknqaeg0IiI+rrgkLgFOw3XqVYHP0op53jmmJknuU4SU81w2L1KBuudjJ6W+CF51XgmFUxPlgTrdrZjKV/nCqPiHRzXq+U3Qy6K+boYa0zdgh23UXP6CId9eLB+xXL6OJc+w8OHtt44EnP4uTUWV3CXxUHEHdCx3FJ2OOG8zeE+ReFHMr1PGuPRYWcJ18mvcdwb0fqfF197nPDEuY/72ouW+EUMUq+W1ZItf3NxF1ZT86dasIu+KI4OO4ZAeKDphx+NWJC4CzvRllu9iobZfMkdy9fKorE8ys8NvY5uPMZr5VvjLOB9/jFIRS5z0wjDYN+HdLfvhP6fqPI8ZigwUmkUywn6s6HboXK2LbWtvTFBPQWHzdS5k6aOLZRSK3rEhl0M4m5ra8VonpJZkfa7sfjK8rbr1Yx7xLDzcEBrY8ipmVdVhHRHQFqYmSf/skLg/rpGDgJncou8JSzYMURm8vAVrLaFpq5FDs4m0ng592M1ZnAxAzxtwK725H7mMINLjKvVlL43kC5GI4uaXkNeqVpXFBB4FeuNTCqTc0SB3Z/KLcgV9zIDecjCV8HeOa7gPvEoZvEjrgqkaV35nbjCAAoqppsn5RDf4lQ8x91W8hL+imI+gUz6jXilvyH3IRfTuchIKzRhb8FjeBHp2oV5DSC4gzPxGAqkIJ1NwNfnRC7iVF8rPmxlDeQ14EQs4HgrToLaHIZM/oUTDVVR0EguIZDGgbyHA3k7d5kAZsi4CjoGh4H16hyG+cww5FNcFxrDEYM4VzyIAZb0y+xDXysxxxhPa4p0LODdbshFXMGZnCvDjOoFvJ+Leb/WFI9Y50D0EE9iljGKXkOMFk9y8lml18tXRGsriR/dUFjlb6s8vn8PdqIIe6HKfzOoKomW/wIUYeDeIwVFgwAAAABJRU5ErkJggg=="
-          alt="OneLab logo">
-      </div>
-      <div class="main">Your browser is not supported</div>
-      <div class="sub">OneLab works better on <a olLink href="https://www.google.com/chrome/">Chrome</a>, <a olLink
-          href="https://www.mozilla.org/en-US/firefox/new/">Firefox</a> and <a olLink
-          href="https://www.microsoft.com/en-us/windows/microsoft-edge">Microsoft Edge</a></div>
-    </div>
-  </div>
-</body>
-
-</html>
\ No newline at end of file
diff --git a/app/proxy/proxy.conf b/app/proxy/proxy.conf
deleted file mode 100644
index 38a14bd..0000000
--- a/app/proxy/proxy.conf
+++ /dev/null
@@ -1,174 +0,0 @@
-# Load the headers-more module
-load_module /etc/nginx/modules/ngx_http_headers_more_filter_module.so;
-
-worker_processes 4;
-
-events { worker_connections 1024; }
-
-http {
-  server_names_hash_bucket_size 128;
-  include /etc/nginx/mime.types;
-
-  types {
-    image/svg+xml   svg svgz;
-  }
-
-  client_max_body_size 600m;
-
-  # don't send the nginx version number in error pages and Server header
-  server_tokens off;
-  more_set_headers 'Server: OneLab';
-
-  sendfile on;
-
-  resolver 8.8.8.8;
-
-  limit_req_zone $binary_remote_addr zone=proxy_global:10m rate=50r/s;
-
-  upstream onelab {
-    server host.docker.internal:8080;
-    server maintenance:80 backup;
-  }
-
-  # redirect all http traffic to https
-  server {
-    listen 80 default_server;
-{% if (onelab.services.revproxy.ipv6|default(true)) != false %}
-    listen [::]:80 default_server;
-{% endif %}
-    server_name {{ onelab.domain[8:] }};
-    return 301 https://$host$request_uri;
-  }
-
-  include /etc/nginx/custom-http.conf;
-
-  server {
-    listen 443 ssl default_server;
-{% if (onelab.services.revproxy.ipv6|default(true)) != false %}
-    listen [::]:443 ssl default_server;
-{% endif %}
-    http2 on;
-    server_name {{ onelab.domain[8:] }};
-
-    ssl_certificate /etc/nginx/ssl/server.pem;
-    ssl_certificate_key /etc/nginx/ssl/server.key;
-{% if docker_secrets is defined and "ssl_passphrase" in docker_secrets.stdout_lines %}
-    ssl_password_file /run/secrets/ssl_passphrase;
-{% endif %}
-    # ssl_client_certificate /etc/nginx/ssl/ca.crt;
-    # ssl_verify_client      off;
-
-    # enable session resumption to improve https performance
-    # http://vincent.bernat.im/en/blog/2011-ssl-session-reuse-rfc5077.html
-    ssl_session_cache shared:SSL:50m;
-    ssl_session_timeout 1d;
-    ssl_session_tickets off;
-
-    # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
-    ssl_dhparam /etc/nginx/ssl/dhparam.pem;
-
-    # enables server-side protection from BEAST attacks
-    # http://blog.ivanristic.com/2013/09/is-beast-still-a-threat.html
-    ssl_prefer_server_ciphers on;
-    # disable SSLv3(enabled by default since nginx 0.8.19) since it's less secure then TLS http://en.wikipedia.org/wiki/Secure_Sockets_Layer#SSL_3.0
-    ssl_protocols TLSv1.2 TLSv1.3;
-    # ciphers chosen for forward secrecy and compatibility
-    # http://blog.ivanristic.com/2013/08/configuring-apache-nginx-and-openssl-for-forward-secrecy.html
-    ssl_ciphers 'TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256';
-    ssl_ecdh_curve X25519:P-384:P-256;
-
-    # enable ocsp stapling (mechanism by which a site can convey certificate revocation information to visitors in a privacy-preserving, scalable manner)
-    # http://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
-    resolver 8.8.8.8 8.8.4.4;
-    ssl_stapling on;
-    ssl_stapling_verify on;
-    ssl_trusted_certificate /etc/nginx/ssl/chain.pem;
-
-    # read more here http://tautt.com/best-nginx-configuration-for-security/
-    # config to enable HSTS(HTTP Strict Transport Security) https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
-    # to avoid ssl stripping https://en.wikipedia.org/wiki/SSL_stripping#SSL_stripping
-    # also https://hstspreload.org/
-    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
-
-    # config to don't allow the browser to render the page inside an frame or iframe
-    # and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking
-    # if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri
-    # https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
-    add_header X-Frame-Options SAMEORIGIN;
-
-    # when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header,
-    # to disable content-type sniffing on some browsers.
-    # https://www.owasp.org/index.php/List_of_useful_HTTP_headers
-    # currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx
-    # http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx
-    # 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020
-    add_header X-Content-Type-Options nosniff;
-
-    # This header enables the Cross-site scripting (XSS) filter built into most recent web browsers.
-    # It's usually enabled by default anyway, so the role of this header is to re-enable the filter for 
-    # this particular website if it was disabled by the user.
-    # https://www.owasp.org/index.php/List_of_useful_HTTP_headers
-    add_header X-XSS-Protection "1; mode=block";
-
-    # with Content Security Policy (CSP) enabled(and a browser that supports it(http://caniuse.com/#feat=contentsecuritypolicy),
-    # you can tell the browser that it can only download content from the domains you explicitly allow
-    # http://www.html5rocks.com/en/tutorials/security/content-security-policy/
-    # https://www.owasp.org/index.php/Content_Security_Policy
-    # I need to change our application code so we can increase security by disabling 'unsafe-inline' 'unsafe-eval'
-    # directives for css and js(if you have inline css or js, you will need to keep it too).
-    # more: http://www.html5rocks.com/en/tutorials/security/content-security-policy/#inline-code-considered-harmful
-    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' https://app.intercom.io  https://widget.intercom.io  https://js.intercomcdn.com https://*.google-analytics.com https://*.googletagmanager.com https://recaptcha.net https://*.recaptcha.net https://*.gstatic.com; img-src * data:; media-src *; style-src 'self' 'unsafe-inline' https://*.google-analytics.com https://*.googletagmanager.com https://recaptcha.net https://*.recaptcha.net https://*.gstatic.com; font-src 'self' https://*.intercomcdn.com https://*.google-analytics.com https://*.googletagmanager.com https://recaptcha.net https://*.recaptcha.net https://*.gstatic.com; frame-src *; connect-src 'self' https://*.intercom.io wss://*.intercom.io https://*.intercomcdn.com https://*.intercomcdn.eu https://*.intercomusercontent.com https://*.intercom-messenger.com  wss://*.intercom-messenger.com https://*.google-analytics.com https://*.googletagmanager.com https://recaptcha.net https://*.recaptcha.net https://*.gstatic.com; object-src 'none'";
-
-    add_header Referrer-Policy "same-origin";
-
-    add_header Permissions-Policy "accelerometer=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), sync-xhr=(self), usb=()";
-
-    gzip on;
-    gzip_vary on;
-    gzip_min_length 10240;
-    gzip_proxied expired no-cache no-store private auth;
-    gzip_types text/plain text/css application/json application/x-javascript application/javascript text/xml application/xml application/xml+rss text/javascript;
-    gzip_disable "MSIE [1-6]\.";
-
-    root /usr/onelab/;
-
-    include /etc/nginx/custom-server.conf;
-
-    location /not-supported {
-      index not-supported.html not-supported.htm;
-      try_files $uri $uri/ /not-supported.html =404;
-    }
-
-    location /error-404 {
-      index error-404.html error-404.htm;
-      try_files $uri $uri/ /error-404.html =404;
-    }
-
-    # Also used as workaround for a Docker swarm issue 
-    # https://github.com/moby/moby/issues/25526
-    # Redirect to HTTP, but assume that we will be on the same server
-    location / {
-      limit_req zone=proxy_global burst=50 nodelay;
-
-      if ($http_user_agent ~* '(MSIE 11.0|MSIE 10.0|MSIE 9.0|MSIE 8.0|MSIE 7.0|MSIE 6.0)') {
-        return 301 https://$host/not-supported;
-      }
-
-      proxy_pass  http://onelab;
-      proxy_next_upstream error;
-      proxy_redirect  off;
-      proxy_set_header  Cookie $http_cookie;
-      proxy_set_header  Host $host;
-      proxy_set_header  X-Real-IP $remote_addr;
-      proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
-      proxy_set_header  X-Forwarded-Host $server_name;
-      proxy_set_header  X-Forwarded-Proto $scheme;
-
-      # WebSocket support
-      proxy_http_version 1.1;
-      proxy_set_header Upgrade $http_upgrade;
-      proxy_set_header Connection "upgrade";
-    }
-  }
-}
-
diff --git a/app/rabbit/advanced.conf b/app/rabbit/advanced.conf
deleted file mode 100644
index dcbcaf6..0000000
--- a/app/rabbit/advanced.conf
+++ /dev/null
@@ -1,5 +0,0 @@
-[
- {rabbit, [
-  {tcp_listeners, []}
-  ]}
-].
diff --git a/app/rabbit/definitions.json b/app/rabbit/definitions.json
deleted file mode 100644
index 52c0e0a..0000000
--- a/app/rabbit/definitions.json
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-    "rabbit_version": "3.6.5",
-    "users": [
-    ],
-    "vhosts": [
-        {
-            "name": "devices"
-        },
-        {
-            "name": "internal"
-        }
-    ],
-    "permissions": [
-      ],
-    "parameters": [],
-    "policies": [],
-    "queues": [],
-    "exchanges": [],
-    "bindings": []
-}
\ No newline at end of file
diff --git a/app/rabbit/enable_plugins b/app/rabbit/enable_plugins
deleted file mode 100644
index 64e1fe1..0000000
--- a/app/rabbit/enable_plugins
+++ /dev/null
@@ -1 +0,0 @@
-[rabbitmq_auth_backend_http, rabbitmq_auth_backend_cache, rabbitmq_management, rabbitmq_event_exchange].
\ No newline at end of file
diff --git a/app/rabbit/rabbit.conf b/app/rabbit/rabbit.conf
deleted file mode 100644
index ce56423..0000000
--- a/app/rabbit/rabbit.conf
+++ /dev/null
@@ -1,54 +0,0 @@
-# Auth server config
-
-auth_backends.1             = cache
-
-auth_cache.cached_backend   = http
-auth_cache.cache_ttl        = 5000
-
-auth_http.user_path         = http://revproxy/api/v1/rmq/user
-auth_http.vhost_path        = http://revproxy/api/v1/rmq/vhost
-auth_http.resource_path     = http://revproxy/api/v1/rmq/resource
-auth_http.topic_path        = http://revproxy/api/v1/rmq/topic
-
-listeners.ssl.default = 5671
-
-# generated with "cat server.crt server.key > server.pem"
-# fullchain
-ssl_options.cacertfile = /etc/rabbitmq/ssl/rabbit.fullchain.pem 
-
-ssl_options.certfile   = /etc/rabbitmq/ssl/rabbit.crt
-ssl_options.keyfile    = /etc/rabbitmq/ssl/rabbit.key
-
-# not very secure
-ssl_options.verify     = verify_peer
-ssl_options.fail_if_no_peer_cert = false
-
-# for TLS version and cipher
-ssl_options.versions.1 = tlsv1.2
-
-# these MUST be disabled if TLSv1.3 is used
-ssl_options.honor_cipher_order   = true
-ssl_options.honor_ecc_order      = true
-
-# These are highly recommended for TLSv1.2 but cannot be used
-# with TLSv1.3. If TLSv1.3 is enabled, these lines MUST be removed.
-ssl_options.client_renegotiation = false
-ssl_options.secure_renegotiate   = true
-
-ssl_options.ciphers.1  = ECDHE-ECDSA-AES256-GCM-SHA384
-ssl_options.ciphers.2  = ECDHE-RSA-AES256-GCM-SHA384
-ssl_options.ciphers.3  = ECDH-ECDSA-AES256-GCM-SHA384
-ssl_options.ciphers.4  = ECDH-RSA-AES256-GCM-SHA384
-ssl_options.ciphers.5  = DHE-RSA-AES256-GCM-SHA384
-ssl_options.ciphers.6  = DHE-DSS-AES256-GCM-SHA384
-ssl_options.ciphers.7  = ECDHE-ECDSA-AES128-GCM-SHA256
-ssl_options.ciphers.8  = ECDHE-RSA-AES128-GCM-SHA256
-ssl_options.ciphers.9  = ECDH-ECDSA-AES128-GCM-SHA256
-ssl_options.ciphers.10 = ECDH-RSA-AES128-GCM-SHA256
-ssl_options.ciphers.11 = DHE-RSA-AES128-GCM-SHA256
-ssl_options.ciphers.12 = DHE-DSS-AES128-GCM-SHA256
-
-management.load_definitions = /opt/definitions.json
-
-# For connection events
-event_exchange.vhost = devices
\ No newline at end of file
diff --git a/app/rabbit/ssl/rabbit.crt b/app/rabbit/ssl/rabbit.crt
deleted file mode 100644
index f1c446a..0000000
--- a/app/rabbit/ssl/rabbit.crt
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIJANBW7LFskUGkMA0GCSqGSIb3DQEBCwUAMHcxCzAJBgNV
-BAYTAkNIMQ8wDQYDVQQIDAZHZW5ldmExDzANBgNVBAcMBkdlbmV2YTEYMBYGA1UE
-CgwPQW5kcmV3IEFsbGlhbmNlMQ8wDQYDVQQLDAZPbmVMYWIxGzAZBgNVBAMMEmFu
-ZHJld2FsbGlhbmNlLmNvbTAeFw0xOTA5MzAxNTE5NDJaFw0zOTA5MjUxNTE5NDJa
-MHcxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIDAZHZW5ldmExDzANBgNVBAcMBkdlbmV2
-YTEYMBYGA1UECgwPQW5kcmV3IEFsbGlhbmNlMQ8wDQYDVQQLDAZPbmVMYWIxGzAZ
-BgNVBAMMEmFuZHJld2FsbGlhbmNlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBAMxODu2ql2+397wUYVRjuNppa2+nLZwSvzsnyfG5RwmQX/Q3V9sy
-17RluFW42WLFv5TfS/soRILbShyHmYJL9iGfsa1nkg9XAs681ebHESrGP9jZZ25x
-alg97IaVI6rQcUN/7WrB183sAokL4AinY2Zh+wOt9LQWsovKO3TB3Oetxw3AImqX
-onuzTZkzlbJ0KTHGpn8dZ/xjGMvkd1ByjKLQ/gb630vZOJErjcLEWji20fWhwA5S
-7vhGy4dqivEpLrnEjd2njclADphOxYoHr2rN11n7ASl1+Lu5HhCAFNoeaDi+rliu
-pupKcbFYCPLIpTq2yw81BOkKn0fPMn5C+m0CAwEAAaNQME4wHQYDVR0OBBYEFGYz
-XZCPfN8IfCDjPVS0NUcK+c6zMB8GA1UdIwQYMBaAFGYzXZCPfN8IfCDjPVS0NUcK
-+c6zMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAABxoVD1aZ8NJU2+
-cL8lMFfrrQEg3vSNzYWuI78OHixGYDF3NPARFL6m20hLusxtmtsM+OsWios58RoO
-0b9unY3ce0S/567LFpBZgKvo7hdEwDBY2cuX5p8snWfucn4j8KZhebtz4kvcSPOH
-VTWtgfobKxcryiM8pYA8uRzu/WQKr2q92oYliiOoUg6ZQEWhBCqXzcHJ7D32UcuW
-fHfZCp48D9LqfSXALNOHyXWaLXRIiQHBuWMhBI57tgbPA4m2hHN8c8y1rc0cSNGt
-Og8tQoRlj9PRM3WMMrdGuG4TvBe3y5666wo1ZLErfyCbM4/sIPHdrp1cCXFDyyVj
-nKZ2gjE=
------END CERTIFICATE-----
diff --git a/app/rabbit/ssl/rabbit.fullchain.pem b/app/rabbit/ssl/rabbit.fullchain.pem
deleted file mode 100644
index f0872bf..0000000
--- a/app/rabbit/ssl/rabbit.fullchain.pem
+++ /dev/null
@@ -1,51 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIJANBW7LFskUGkMA0GCSqGSIb3DQEBCwUAMHcxCzAJBgNV
-BAYTAkNIMQ8wDQYDVQQIDAZHZW5ldmExDzANBgNVBAcMBkdlbmV2YTEYMBYGA1UE
-CgwPQW5kcmV3IEFsbGlhbmNlMQ8wDQYDVQQLDAZPbmVMYWIxGzAZBgNVBAMMEmFu
-ZHJld2FsbGlhbmNlLmNvbTAeFw0xOTA5MzAxNTE5NDJaFw0zOTA5MjUxNTE5NDJa
-MHcxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIDAZHZW5ldmExDzANBgNVBAcMBkdlbmV2
-YTEYMBYGA1UECgwPQW5kcmV3IEFsbGlhbmNlMQ8wDQYDVQQLDAZPbmVMYWIxGzAZ
-BgNVBAMMEmFuZHJld2FsbGlhbmNlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBAMxODu2ql2+397wUYVRjuNppa2+nLZwSvzsnyfG5RwmQX/Q3V9sy
-17RluFW42WLFv5TfS/soRILbShyHmYJL9iGfsa1nkg9XAs681ebHESrGP9jZZ25x
-alg97IaVI6rQcUN/7WrB183sAokL4AinY2Zh+wOt9LQWsovKO3TB3Oetxw3AImqX
-onuzTZkzlbJ0KTHGpn8dZ/xjGMvkd1ByjKLQ/gb630vZOJErjcLEWji20fWhwA5S
-7vhGy4dqivEpLrnEjd2njclADphOxYoHr2rN11n7ASl1+Lu5HhCAFNoeaDi+rliu
-pupKcbFYCPLIpTq2yw81BOkKn0fPMn5C+m0CAwEAAaNQME4wHQYDVR0OBBYEFGYz
-XZCPfN8IfCDjPVS0NUcK+c6zMB8GA1UdIwQYMBaAFGYzXZCPfN8IfCDjPVS0NUcK
-+c6zMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAABxoVD1aZ8NJU2+
-cL8lMFfrrQEg3vSNzYWuI78OHixGYDF3NPARFL6m20hLusxtmtsM+OsWios58RoO
-0b9unY3ce0S/567LFpBZgKvo7hdEwDBY2cuX5p8snWfucn4j8KZhebtz4kvcSPOH
-VTWtgfobKxcryiM8pYA8uRzu/WQKr2q92oYliiOoUg6ZQEWhBCqXzcHJ7D32UcuW
-fHfZCp48D9LqfSXALNOHyXWaLXRIiQHBuWMhBI57tgbPA4m2hHN8c8y1rc0cSNGt
-Og8tQoRlj9PRM3WMMrdGuG4TvBe3y5666wo1ZLErfyCbM4/sIPHdrp1cCXFDyyVj
-nKZ2gjE=
------END CERTIFICATE-----
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDMTg7tqpdvt/e8
-FGFUY7jaaWtvpy2cEr87J8nxuUcJkF/0N1fbMte0ZbhVuNlixb+U30v7KESC20oc
-h5mCS/Yhn7GtZ5IPVwLOvNXmxxEqxj/Y2WducWpYPeyGlSOq0HFDf+1qwdfN7AKJ
-C+AIp2NmYfsDrfS0FrKLyjt0wdznrccNwCJql6J7s02ZM5WydCkxxqZ/HWf8YxjL
-5HdQcoyi0P4G+t9L2TiRK43CxFo4ttH1ocAOUu74RsuHaorxKS65xI3dp43JQA6Y
-TsWKB69qzddZ+wEpdfi7uR4QgBTaHmg4vq5YrqbqSnGxWAjyyKU6tssPNQTpCp9H
-zzJ+QvptAgMBAAECggEBAMNTqcAeBdSgvTBLB9bH1Ja0jSvdWKTL45qp6s+5BKqn
-JqX1N4DxNftZ+Qezx9pAF288oYcJM58sCsoF9oT1HOd+pz+TMriJxrxjG9oc3lPX
-4HjxOYsE0dh1s6nj8oq/6FnRd+pGU42jo7Tk7pc3ebgL2xHkgXyf6qntejShmBLC
-gbXM86sPp1GYFNrVh6JveL8UBQzsXnY1u8tm4J2xA47+UvF0uPV5b7xzblplqycv
-K/cijsqiaBhDZR71Nj7/HnHqcJqs4pYjnNplkfJ5fjkifJh8xZcX0vdJnc7hgC/x
-BLFuMVLUSXoWtBmajVoJaD/46b0pFTEeGmXs6h3TMj0CgYEA+26WRyiyDGl3wgYJ
-dm9ITuwBZQo1HiA8wGgAEqyM8BcxNh7zGhYTBKPUYJtuJsUZcFCAbXlD5nIDOYeR
-bODqEgtN6RQPtQHU4My1gtd8Aaa2IlVD+GVYFSldpcud0pswbiE0xA3GcknGM3hf
-Jh/7pDEYoN0DkSgyVwL5+d/irVcCgYEA0ARIZC/NyhHC17FGXF5qIG45b+pyvpAE
-+ytjRHZ09WPErONnD29Q7dhNaYqi6ZtLS1XuG7GVo5VnV+xdr75e93sQuyXzAKnx
-f1zn+qEDDY/K0qPeh96sHxJjwE6Ha5mO/kL7mx1yV9QEPHTNEynZMM1n2ahgv0kW
-LM3vymDdN9sCgYAxCrX3NUHdV+kLCEBqQHR7KF9xRNdtg941rVNuUQfAgNWRd+H1
-EZ8uBYKUQVzv5Pv8Q0d5kvCij1R/sSi1cv1U/a15q/cQWEYcfvFcjwlaDRlzguwa
-FDJlFkd04k1rWefNY162avVtL2Sgf3cXqZ9cvFLQdauPcaa4ABWgHoJJSwKBgQCF
-3JuxTUoC5Vcbcosy2dc1s3jm2lqo4wkxkQQ6hHhTibaBA33I4vuTc4StjHe2GSdk
-/ZFS5P7E3Fo6rHLFq551aA6mQI+WN8afDWyDTqYmTghZcPa9PMBK5oymrmJbDeCF
-IxnDAjoY5ukq9ocZ8+4+h5By8vX/YssQXh4XgCobzQKBgDMgav9ABc0idoE8sQ0g
-bnPI/QX+bRhm+yYUQM/zB0h/CRuUC44ZP7dssST7c4L/OirYiZQEtXnHdxZ2DmV3
-v/5MNbLnx+1z75KLwtg4f24BRB6p26/YxN1Wtudu7QwSSjffGRcUucbS5X3//Fjb
-3YIcbL9y2FZJHQFybilFQJgu
------END PRIVATE KEY-----
diff --git a/app/rabbit/ssl/rabbit.key b/app/rabbit/ssl/rabbit.key
deleted file mode 100644
index 1cd0dee..0000000
--- a/app/rabbit/ssl/rabbit.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDMTg7tqpdvt/e8
-FGFUY7jaaWtvpy2cEr87J8nxuUcJkF/0N1fbMte0ZbhVuNlixb+U30v7KESC20oc
-h5mCS/Yhn7GtZ5IPVwLOvNXmxxEqxj/Y2WducWpYPeyGlSOq0HFDf+1qwdfN7AKJ
-C+AIp2NmYfsDrfS0FrKLyjt0wdznrccNwCJql6J7s02ZM5WydCkxxqZ/HWf8YxjL
-5HdQcoyi0P4G+t9L2TiRK43CxFo4ttH1ocAOUu74RsuHaorxKS65xI3dp43JQA6Y
-TsWKB69qzddZ+wEpdfi7uR4QgBTaHmg4vq5YrqbqSnGxWAjyyKU6tssPNQTpCp9H
-zzJ+QvptAgMBAAECggEBAMNTqcAeBdSgvTBLB9bH1Ja0jSvdWKTL45qp6s+5BKqn
-JqX1N4DxNftZ+Qezx9pAF288oYcJM58sCsoF9oT1HOd+pz+TMriJxrxjG9oc3lPX
-4HjxOYsE0dh1s6nj8oq/6FnRd+pGU42jo7Tk7pc3ebgL2xHkgXyf6qntejShmBLC
-gbXM86sPp1GYFNrVh6JveL8UBQzsXnY1u8tm4J2xA47+UvF0uPV5b7xzblplqycv
-K/cijsqiaBhDZR71Nj7/HnHqcJqs4pYjnNplkfJ5fjkifJh8xZcX0vdJnc7hgC/x
-BLFuMVLUSXoWtBmajVoJaD/46b0pFTEeGmXs6h3TMj0CgYEA+26WRyiyDGl3wgYJ
-dm9ITuwBZQo1HiA8wGgAEqyM8BcxNh7zGhYTBKPUYJtuJsUZcFCAbXlD5nIDOYeR
-bODqEgtN6RQPtQHU4My1gtd8Aaa2IlVD+GVYFSldpcud0pswbiE0xA3GcknGM3hf
-Jh/7pDEYoN0DkSgyVwL5+d/irVcCgYEA0ARIZC/NyhHC17FGXF5qIG45b+pyvpAE
-+ytjRHZ09WPErONnD29Q7dhNaYqi6ZtLS1XuG7GVo5VnV+xdr75e93sQuyXzAKnx
-f1zn+qEDDY/K0qPeh96sHxJjwE6Ha5mO/kL7mx1yV9QEPHTNEynZMM1n2ahgv0kW
-LM3vymDdN9sCgYAxCrX3NUHdV+kLCEBqQHR7KF9xRNdtg941rVNuUQfAgNWRd+H1
-EZ8uBYKUQVzv5Pv8Q0d5kvCij1R/sSi1cv1U/a15q/cQWEYcfvFcjwlaDRlzguwa
-FDJlFkd04k1rWefNY162avVtL2Sgf3cXqZ9cvFLQdauPcaa4ABWgHoJJSwKBgQCF
-3JuxTUoC5Vcbcosy2dc1s3jm2lqo4wkxkQQ6hHhTibaBA33I4vuTc4StjHe2GSdk
-/ZFS5P7E3Fo6rHLFq551aA6mQI+WN8afDWyDTqYmTghZcPa9PMBK5oymrmJbDeCF
-IxnDAjoY5ukq9ocZ8+4+h5By8vX/YssQXh4XgCobzQKBgDMgav9ABc0idoE8sQ0g
-bnPI/QX+bRhm+yYUQM/zB0h/CRuUC44ZP7dssST7c4L/OirYiZQEtXnHdxZ2DmV3
-v/5MNbLnx+1z75KLwtg4f24BRB6p26/YxN1Wtudu7QwSSjffGRcUucbS5X3//Fjb
-3YIcbL9y2FZJHQFybilFQJgu
------END PRIVATE KEY-----
diff --git a/app/reconfigure.sh b/app/reconfigure.sh
deleted file mode 100644
index 2aac25f..0000000
--- a/app/reconfigure.sh
+++ /dev/null
@@ -1,21 +0,0 @@
-
-#!/bin/bash
-# Usage: ./reconfigure.sh [--no-pull]
-
-onelab_no_pull=""
-
-for arg in "$@"; do
-  if [[ "$arg" == "--no-pull" ]]; then
-    onelab_no_pull="no-pull"
-  fi
-done
-
-LOG_PATH="./logs/ansible/$(date +%F)-ansible.log"
-PLAYBOOK="./installation/1.27.0/app/playbooks/reconfigure.yml"
-EXTRA_VARS=()
-
-if [[ -n "$onelab_no_pull" ]]; then
-  EXTRA_VARS+=("-e" "policy=$onelab_no_pull")
-fi
-
-ANSIBLE_LOG_PATH="$LOG_PATH" ansible-playbook "$PLAYBOOK" "${EXTRA_VARS[@]}"
\ No newline at end of file
diff --git a/app/start.sh b/app/start.sh
deleted file mode 100644
index 9098003..0000000
--- a/app/start.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-
-#!/bin/bash
-ANSIBLE_LOG_PATH=./logs/ansible/$(date +%F)-ansible.log ansible-playbook ./installation/latest/app/playbooks/deploy.yml
\ No newline at end of file
diff --git a/app/stop.sh b/app/stop.sh
deleted file mode 100644
index 9704fb9..0000000
--- a/app/stop.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-
-#!/bin/bash
-ANSIBLE_LOG_PATH=./logs/ansible/$(date +%F)-ansible.log ansible-playbook ./installation/latest/app/playbooks/stop.yml
\ No newline at end of file
diff --git a/app/uninstall.sh b/app/uninstall.sh
deleted file mode 100644
index 8e3df1e..0000000
--- a/app/uninstall.sh
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/bash
-ansible-playbook ./installation/1.27.0/app/playbooks/uninstall.yml
\ No newline at end of file
diff --git a/app/update.sh b/app/update.sh
deleted file mode 100644
index dca5e40..0000000
--- a/app/update.sh
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/bin/bash
-# Usage: ./update.sh [version] [--force]
-
-onelab_version=""
-onelab_force_update=""
-
-for arg in "$@"; do
-  if [[ "$arg" == "--force" ]]; then
-    onelab_force_update="--force"
-  else
-    onelab_version="$arg"
-  fi
-done
-
-LOG_PATH="./logs/ansible/$(date +%F)-ansible.log"
-PLAYBOOK="./installation/1.27.0/app/playbooks/update.yml"
-EXTRA_VARS=()
-
-if [[ -n "$onelab_version" ]]; then
-  EXTRA_VARS+=("-e" "version=$onelab_version")
-fi
-if [[ -n "$onelab_force_update" ]]; then
-  EXTRA_VARS+=("-e" "userchoice=yes")
-fi
-
-ANSIBLE_LOG_PATH="$LOG_PATH" ansible-playbook "$PLAYBOOK" "${EXTRA_VARS[@]}"
diff --git a/gitops/README.md b/gitops/README.md
index f184894..5e7b5a7 100644
--- a/gitops/README.md
+++ b/gitops/README.md
@@ -1,33 +1,89 @@
 # OneLab GitOps (Argo CD)
 
-This directory is the **declarative source** for OneLab on Kubernetes. Argo CD applies two **Helm-based sources** from Git (Argo invokes Helm internally; you do not run a separate Helm install workflow).
+This directory is the **declarative source** for OneLab on Kubernetes. [Argo CD](https://argo-cd.readthedocs.io/) applies **two Helm-based sources** from Git (Argo invokes Helm; you do not use Helm CLI as the primary install path for the cluster).
 
-Legacy Swarm install lives under [`app/`](../app/) (`docker-compose.yml`); this tree replaces `docker stack deploy` for k3s/Kubernetes.
+This repository is **GitOps-only**: everything required to deploy OneLab on Kubernetes lives under **`gitops/`**.
+
+## What gets deployed
+
+| Helm release | Chart path | Namespace | Role |
+|--------------|------------|-----------|------|
+| `onelab` | [`charts/onelab`](charts/onelab) | `onelab` | Application workloads, Postgres, Redis, RabbitMQ, revproxy, ingress hooks |
+| `onelab-obs` | [`observability/`](observability/) | `onelab` | Loki, Promtail, Grafana (logs) |
+
+Both are wired by a single Argo CD [`Application`](argocd/application.yaml) using **`spec.sources`** (requires **Argo CD 2.6+**).
+
+## Architecture
+
+```mermaid
+flowchart LR
+  subgraph git [Git repository]
+    V[gitops/values]
+    C[charts/onelab]
+    O[observability]
+  end
+  subgraph argo [Argo CD]
+    App[Application onelab]
+  end
+  subgraph cluster [Kubernetes cluster]
+    NS[namespace onelab]
+  end
+  V --> App
+  C --> App
+  O --> App
+  App --> NS
+```
+
+1. You commit changes under **`gitops/values/`** (and optionally edit `repoURL` / `targetRevision` in the Application).
+2. Argo reconciles: Helm renders `onelab` + `onelab-obs` into namespace **`onelab`**.
+3. Sync waves order StatefulSets and app Deployments (Postgres → Redis/Rabbit/config → apps).
 
 ## Layout
 
 | Path | Purpose |
 |------|---------|
-| [`charts/onelab`](charts/onelab) | OneLab chart (StatefulSets, Deployments, Services, ConfigMaps, Secrets) — **Argo source 1** |
-| [`values/`](values/) | Environment values (e.g. [`values/k3s-example.yaml`](values/k3s-example.yaml)); reference from `helm.valueFiles` |
+| [`charts/onelab`](charts/onelab) | OneLab Helm chart — **Argo source 1** |
+| [`values/`](values/) | **Operator entry point**: [`values/env-example.yaml`](values/env-example.yaml), [`values/observability.yaml`](values/observability.yaml), templates — see [`values/README.md`](values/README.md) |
 | [`observability/`](observability/) | Loki / Promtail / Grafana umbrella chart — **Argo source 2** (`releaseName: onelab-obs`) |
-| [`argocd/application.yaml`](argocd/application.yaml) | `Application` manifest (`spec.sources`, namespace `onelab`) |
-| [`argocd/jsonpatch-multisource.json`](argocd/jsonpatch-multisource.json) | One-time JSON patch if the live `Application` stuck on `spec.source` |
+| [`argocd/application.yaml`](argocd/application.yaml) | `Application` manifest (`spec.sources`, destination namespace `onelab`) |
+| [`argocd/jsonpatch-multisource.json`](argocd/jsonpatch-multisource.json) | One-time JSON patch if a live `Application` still has legacy `spec.source` only |
 
 ## Prerequisites
 
-1. **Kubernetes** (e.g. k3s) with a default **StorageClass** for Postgres/Rabbit PVCs (e.g. `local-path`).
-2. **Image pull** to `hub.andrewalliance.com` — registry Secret + `imagePullSecrets` (see [`values/k3s-example.yaml`](values/k3s-example.yaml) and [Private registry credentials](#private-registry-credentials)).
-3. **RabbitMQ TLS** Secret `onelab-rabbit-tls` (or `rabbitmq.tls.embed` in a private values file) — [RabbitMQ TLS](#rabbitmq-tls).
-4. **Host paths** when using `persistence.mode: hostPath`: `/opt/onelab/data` and `/opt/onelab/logs` on nodes that run those pods, or use RWX storage for multi-node.
+1. **Kubernetes** (e.g. k3s) with a default **StorageClass** for Postgres/Rabbit/Loki/Grafana PVCs (e.g. `local-path`).
+2. **Container images** from `hub.andrewalliance.com` (or your mirror): registry credentials via Helm values or a pre-created `docker-registry` Secret — see [Private registry credentials](#private-registry-credentials).
+3. **RabbitMQ TLS** before RabbitMQ starts: Kubernetes Secret `onelab-rabbit-tls`, or `rabbitmq.tls.embed` in private values — see [RabbitMQ TLS](#rabbitmq-tls).
+4. **Host paths** when using `persistence.mode: hostPath`: `/opt/onelab/data` and `/opt/onelab/logs` on nodes that run those pods (aligned with Promtail in [`values/observability.yaml`](values/observability.yaml)), or use RWX storage for multi-node.
 
-## Bootstrap (registry, Argo repo, TLS)
+## Configuration (single place to edit)
 
-### Private registry credentials
+- **OneLab app / ingress / DB / tokens / registry**: [`values/env-example.yaml`](values/env-example.yaml) — copy patterns, replace **`REPLACE_*`** placeholders, or overlay a gitignored file; see [`values/secrets.example.yaml`](values/secrets.example.yaml) and [`values/README.md`](values/README.md).
+- **Observability**: [`values/observability.yaml`](values/observability.yaml) — Grafana password (**`REPLACE_GRAFANA_ADMIN_PASSWORD`**), ingress host, Promtail log hostPath.
+- **Argo Git coordinates**: [`argocd/application.yaml`](argocd/application.yaml) — set `repoURL`, `targetRevision`, and `helm.valueFiles` if you add e.g. `secrets.local.yaml`.
 
-By default, `gitops/values/k3s-example.yaml` matches the Swarm installer (`app/playbooks/tasks/manage-images.yml`): user **`public`**, password **`Andrew01..Release`**, and the chart creates Secret **`hub-andrewalliance`** when `registry.createPullSecret: true`.
+The chart default [`charts/onelab/values.yaml`](charts/onelab/values.yaml) holds non-secret structure and safe placeholders only; **do not rely on it for production secrets**.
 
-To use other credentials, override `registry.username` / `registry.password` or create the secret manually:
+## Bootstrap checklist
+
+1. Fork or clone this repository and push it to a Git remote your cluster can reach.
+2. Edit [`argocd/application.yaml`](argocd/application.yaml): **`repoURL`** → your remote, **`targetRevision`** → your branch/tag.
+3. Edit [`values/env-example.yaml`](values/env-example.yaml): DNS hostnames, TLS secret names, cert-manager issuer, and all **`REPLACE_*`** values (or use a gitignored overlay).
+4. Edit [`values/observability.yaml`](values/observability.yaml): Grafana host/password aligned with your DNS and TLS.
+5. If the Git repo is **private**, register it in Argo CD (see below).
+6. Ensure **RabbitMQ TLS** Secret exists (or use embedded TLS in private values).
+7. Apply the Application:
+
+   ```bash
+   kubectl apply -f gitops/argocd/application.yaml
+   ```
+
+8. In Argo UI or CLI, confirm sync to namespace **`onelab`** and fix any `ImagePullBackOff` / TLS issues using the sections below.
+
+**Single controller:** Use **only** this Argo CD `Application` for `onelab` / `onelab-obs`. Do not manage the same namespace with a parallel **Helm CLI** release.
+
+## Private registry credentials
+
+Set `registry.username` / `registry.password` in values (prefer a **gitignored** file merged last), or create the Secret manually:
 
 ```bash
 kubectl create secret docker-registry hub-andrewalliance -n onelab \
@@ -36,72 +92,50 @@ kubectl create secret docker-registry hub-andrewalliance -n onelab \
   --docker-password='YOUR_PASSWORD'
 ```
 
-…and set `registry.createPullSecret: false` plus `imagePullSecrets: [{ name: hub-andrewalliance }]`.
+…then set `registry.createPullSecret: false` and keep `imagePullSecrets: [{ name: hub-andrewalliance }]` in values.
 
-#### StatefulSet pods still get `401 Unauthorized` / `ImagePullBackOff` after enabling registry auth
+### StatefulSet pods still get `401 Unauthorized` / `ImagePullBackOff` after enabling registry auth
 
-If `db-0` / `rabbitmq-0` were created **before** `imagePullSecrets` existed, their **Pod** spec can still use anonymous pulls until they are recreated:
+If `db-0` / `rabbitmq-0` were created **before** `imagePullSecrets` existed, delete those pods once so they pick up the new Pod spec:
 
 ```bash
 kubectl delete pod -n onelab db-0 rabbitmq-0
 ```
 
-The chart adds a pod-template checksum so after you change registry settings in Git and **Argo syncs**, workloads normally roll; a one-time delete is enough if pods were created before pull secrets existed.
+## Argo CD private Git repository
 
-### Argo CD private Git repository
-
-If the Application shows `authentication required: Unauthorized`, register the repo in Argo CD (CLI or UI):
+If the Application shows `authentication required: Unauthorized`, register the repo (use a deploy token or PAT with read access):
 
 ```bash
-# Example; use a deploy token or PAT with repo read access
-argocd repo add https://git.luneski.fr/luneski/onelab-k8s.git \
+argocd repo add https://github.com/YOUR_ORG/YOUR_REPO.git \
   --username git \
   --password YOUR_TOKEN
 ```
 
-Then apply the Application:
+## RabbitMQ TLS
+
+Secret **`onelab-rabbit-tls`** must exist in namespace **`onelab`** before RabbitMQ starts (keys: typically `tls.crt`, `tls.key`, and optionally chain). **PEM material is not shipped in this GitOps tree** — generate certs or use your PKI, then:
 
 ```bash
-kubectl apply -f gitops/argocd/application.yaml
+kubectl create secret tls onelab-rabbit-tls -n onelab \
+  --cert=path/to/fullchain.pem \
+  --key=path/to/key.pem
 ```
 
-**Single controller:** Use **only** this Argo CD `Application` for `onelab` / `onelab-obs`. Do not manage the same namespace with a separate **Helm CLI** release.
+Alternatively, set `rabbitmq.tls.embed: true` and supply `rabbitmq.tls.crt` / `rabbitmq.tls.key` / `rabbitmq.tls.fullchain` via a **private** values file (never commit real keys).
 
-### RabbitMQ TLS
-
-Secret `onelab-rabbit-tls` must exist before RabbitMQ starts (created once from `app/rabbit/ssl/` or your own PEMs).
-
-### Argo CD version and observability stack
-
-[`argocd/application.yaml`](argocd/application.yaml) uses **`spec.sources`** (two Helm charts in one Application). Use **Argo CD 2.6 or newer**.
-
-If the `onelab` Application was created earlier with **`spec.source` only**, Argo will **not** show the observability resources until you remove `source` and set `sources` — see [Migrating `spec.source` → `spec.sources`](#migrating-specsource--specsources) below.
-
-The second source installs Loki/Promtail/Grafana from [`observability/`](observability/) (`releaseName: onelab-obs`). Set a strong **`grafana.adminPassword`** in [`observability/values.yaml`](observability/values.yaml) before production — details in [Observability](#observability-loki--promtail--grafana).
-
-## Deploy with Argo CD
-
-1. Push this repo to a Git remote Argo CD can read.
-2. Register the repo in Argo CD (CLI or UI) if it is private — [Argo CD private Git repository](#argo-cd-private-git-repository).
-3. Edit [`argocd/application.yaml`](argocd/application.yaml): `repoURL`, `targetRevision`, and per-source `helm.valueFiles` if needed.
-4. Apply the Application:
-
-   ```bash
-   kubectl apply -f gitops/argocd/application.yaml
-   ```
+## Deploy with Argo CD (details)
 
 **Requirements:** Argo CD **2.6+** (`spec.sources`).
 
 Each entry under `spec.sources` has its own `helm.releaseName` and `helm.valueFiles` (paths are **relative to that source’s `path`**):
 
-- Source `gitops/charts/onelab` → e.g. `../../values/k3s-example.yaml`
-- Source `gitops/observability` → e.g. `values.yaml`
-
-Both targets deploy into namespace **`onelab`**. Sync waves order: Postgres → Redis/Rabbit/config → application workloads.
+- Source `gitops/charts/onelab` → e.g. `../../values/env-example.yaml`, optionally `../../values/secrets.local.yaml`
+- Source `gitops/observability` → e.g. `../../values/observability.yaml`
 
 ### Migrating `spec.source` → `spec.sources`
 
-If the `onelab` `Application` was created earlier with **`spec.source` only**, a plain `kubectl apply` of the new file may **not** remove `spec.source`, and Argo will never reconcile the observability chart.
+If the `onelab` `Application` was created earlier with **`spec.source` only**, a plain `kubectl apply` may **not** remove `spec.source`, and Argo will not reconcile the observability chart.
 
 Check:
 
@@ -109,66 +143,41 @@ Check:
 kubectl get application onelab -n argocd -o jsonpath='{.spec.source}{"\n"}{.spec.sources}{"\n"}'
 ```
 
-If `source` is set and `sources` is empty, patch once (adjust `repoURL` in the patch file if needed):
+If `source` is set and `sources` is empty, patch once (edit `repoURL` in the patch file to match your remote):
 
 ```bash
 kubectl patch application onelab -n argocd --type json --patch-file gitops/argocd/jsonpatch-multisource.json
 ```
 
-Then sync in Argo (or wait for auto-sync).
-
-### Single controller
-
-Manage these workloads **only** through this Argo CD `Application`. Do not drive the same resources with a parallel **Helm CLI** release.
-
-### Logs / Grafana
-
-See [Observability (Loki / Promtail / Grafana)](#observability-loki--promtail--grafana) — set a strong `grafana.adminPassword` in [`observability/values.yaml`](observability/values.yaml) before production.
-
 ## Observability (Loki / Promtail / Grafana)
 
 The umbrella chart under [`observability/`](observability/) deploys:
 
-- **Loki** — log storage (SingleBinary, filesystem PVC, 7-day retention by default).
-- **Promtail** — DaemonSet: Kubernetes pod logs (`/var/log/pods`) plus **OneLab file logs** from the same host path the app chart uses (`/opt/onelab/logs` by default).
-- **Grafana** — explore logs; datasource points at this release’s Loki gateway.
-
-It is synced by the **same** Argo CD Application as the OneLab chart ([`argocd/application.yaml`](argocd/application.yaml)): second `sources` entry, Argo **`helm.releaseName`** **`onelab-obs`** (so services are like `onelab-obs-loki-gateway`).
+- **Loki** — log storage (SingleBinary, filesystem PVC; retention from [`values/observability.yaml`](values/observability.yaml)).
+- **Promtail** — DaemonSet: Kubernetes pod logs plus **OneLab file logs** from the host path configured in [`values/observability.yaml`](values/observability.yaml) (keep in sync with OneLab `persistence.hostPath.logs`).
+- **Grafana** — Explore; datasource points at this release’s Loki gateway.
 
 ### First-time setup
 
-1. **Change the Grafana admin password** in [`observability/values.yaml`](observability/values.yaml) (`grafana.adminPassword`) or switch to `admin.existingSecret` per the upstream Grafana chart.
-2. **Align host paths** — if you change `persistence.hostPath.logs` for OneLab, update `promtail.extraVolumes` / `extraVolumeMounts` in the same `values.yaml` so Promtail still reads the shared log directory.
-3. **Multi-node** — with `hostPath` logs, each node only sees its own files; Promtail runs on every node, so you still get coverage when pods move.
+1. Set a strong **`grafana.adminPassword`** in [`values/observability.yaml`](values/observability.yaml) (or use `admin.existingSecret` per the upstream Grafana chart).
+2. Align **Grafana ingress host** with `grafana.ini.server.domain` / `root_url` in the same file.
+3. **Multi-node** — with `hostPath` logs, each node only sees its own files; Promtail runs on every node.
 
 ### OneLab-only ingestion
 
-Promtail adds **`extraRelabelConfigs`** so the **kubernetes-pods** job **keeps only** pods in namespace **`onelab`**. Other namespaces no longer reach Loki (Explore only sees OneLab). Host file logs under `/opt/onelab/logs` are tagged with **`namespace: onelab`** and **`component: host-logs`** so they appear in the same queries.
-
-Existing Loki data from before this change may still show non-`onelab` streams until **retention** drops them; for a clean index you would need to wipe the Loki PVC (destructive).
+Promtail **`extraRelabelConfigs`** keep only pods in namespace **`onelab`**. Host file logs are tagged **`namespace: onelab`**, **`component: host-logs`**.
 
 ### Dashboard: **OneLab logs**
 
-Grafana’s **dashboard sidecar** loads ConfigMap **`…-dashboard-onelab-logs`** (JSON: `observability/dashboards/onelab-logs.json`). Open **Dashboards → OneLab logs** (`uid` `onelab-logs`):
-
-- **Component** — multi-select from `label_values({namespace="onelab"}, component)` (includes **`host-logs`** for file logs).
-- **Line filter** — regex applied to log line content (`.*` = all).
-- Stat panels: total lines, heuristic **error** / **warning** counts (tuned for typical text logs, not strict JSON parsing).
+Grafana sidecar loads the dashboard from `observability/dashboards/onelab-logs.json` (`uid` `onelab-logs`).
 
 #### Grafana pod: `init-chown-data` CrashLoopBackOff
 
-The upstream chart runs an init container as **root** to `chown` `/var/lib/grafana`. Clusters with **Pod Security Admission** (often on k3s) commonly block that. This repo sets **`grafana.initChownData.enabled: false`**; the Grafana pod keeps **`fsGroup: 472`** so the PVC is usually group-writable. If Grafana still cannot write to disk, delete the Grafana PVC once after the change or relax PSA for namespace `onelab`.
+This repo sets **`grafana.initChownData.enabled: false`** with **`fsGroup: 472`** for Pod Security–friendly clusters. If Grafana cannot write to the PVC, delete the Grafana PVC once after changing values or adjust Pod Security for namespace `onelab`.
 
 ### Access Grafana
 
-An **Ingress** named **`grafana-onelab`** is created by the umbrella chart (`observability/templates/ingress-grafana-onelab.yaml`), Traefik + cert-manager, matching the OneLab web UI pattern in `gitops/values/k3s-example.yaml`:
-
-- Host: **`grafana.k8s.selair.it`** — edit `grafanaOnelabIngress` and `grafana.ini.server` in `gitops/observability/values.yaml` together.
-- TLS Secret: **`grafana-tls-k8s-selair`** (cert-manager with `letsencrypt-prod`).
-
-Point DNS at your ingress, sync the app, then open `https://<grafana-host>/` (user `admin` until you change values).
-
-For debugging without DNS:
+Ingress **`grafana-onelab`** is defined in `observability/templates/ingress-grafana-onelab.yaml`. Defaults use example hosts in [`values/observability.yaml`](values/observability.yaml) (`grafana.onelab.example.com`); change to your DNS and TLS Secret name.
 
 ```bash
 kubectl -n onelab port-forward svc/onelab-obs-grafana 3000:80
@@ -176,42 +185,39 @@ kubectl -n onelab port-forward svc/onelab-obs-grafana 3000:80
 
 ### Maintainers: vendored chart dependencies
 
-The observability umbrella vendors upstream charts under `gitops/observability/charts/*.tgz` so **Argo CD** can render without relying on live Helm repo access at sync time.
-
-When bumping Loki / Promtail / Grafana versions, from `gitops/observability/` run:
+From `gitops/observability/`:
 
 ```bash
 helm dependency update
 ```
 
-Commit the updated `Chart.lock` and `charts/*.tgz` with your Git change. This is **repository packaging**, not an alternative install path — deploy still happens only via Argo CD.
-
-### OneLab `logs.path`
-
-The OneLab chart sets `onelab.logs.path: "/logs"` in the generated configuration so application file logs match the `/logs` volume mount (see Enterprise guide §7.2).
-
-## kubectl / credentials
-
-If `kubectl` reports *You must be logged in*, refresh your kubeconfig (e.g. k3s `/etc/rancher/k3s/k3s.yaml` on the server or your auth plugin) before applying manifests.
+Commit updated `Chart.lock` and `charts/*.tgz` so Argo can render without live Helm repo access at sync time.
 
 ## Application configuration (`configurations.yml`)
 
-You do not need to edit [`app/configurations.yml`](../app/configurations.yml) in Git for Kubernetes. The chart renders `configurations.yml` from [`charts/onelab/files/configurations.gotmpl`](charts/onelab/files/configurations.gotmpl) into Secret **`onelab-configurations`**.
+For Kubernetes you do **not** need a separate `configurations.yml` in Git. The OneLab chart renders it from [`charts/onelab/files/configurations.gotmpl`](charts/onelab/files/configurations.gotmpl) into Secret **`onelab-configurations`**.
 
-1. **Values (recommended)** — set `onelab.compliance`, `onelab.ldap`, etc. See [`values/instance-overrides.example.yaml`](values/instance-overrides.example.yaml). Add extra paths under **`spec.sources[].helm.valueFiles`** for the `gitops/charts/onelab` source (paths relative to `gitops/charts/onelab`).
+1. **Values (recommended)** — set `onelab.compliance`, `onelab.ldap`, etc. See [`values/instance-overrides.example.yaml`](values/instance-overrides.example.yaml) and add paths under **`spec.sources[].helm.valueFiles`** for the `gitops/charts/onelab` source.
 2. **Bring your own Secret** — set `configuration.existingSecretName`; the Secret must contain key **`configurations.yml`**.
 
-LDAP TLS paths in values are container paths; mount PEMs on `ldap-worker` if required.
-
 ## Ingress (web UI)
 
-Set `ingress.enabled`, `ingress.host`, and optional TLS in values. Traffic goes to Service **`revproxy`**. On k3s, `ingress.className: traefik` matches the default controller. For cert-manager, set `ingress.tls`, `ingress.tlsSecretName`, and `ingress.certManager.clusterIssuer`; DNS for `ingress.host` must resolve before ACME runs.
+Set `ingress.enabled`, `ingress.host`, and optional TLS in [`values/env-example.yaml`](values/env-example.yaml). Traffic goes to Service **`revproxy`**. On k3s, `ingress.className: traefik` matches the default controller. For cert-manager, set `ingress.certManager.clusterIssuer` and TLS secret name; DNS for `ingress.host` must resolve before ACME completes.
+
+## Security notes for public repositories
+
+- Never commit real passwords, tokens, or TLS private keys. Use **`REPLACE_*`** in tracked files and a **`*.local.yaml`** overlay (ignored at repo root) for secrets.
+- If this repo ever contained real credentials, **rotate** them after sanitizing Git history or publishing a clean fork.
+
+## kubectl / credentials
+
+If `kubectl` reports *You must be logged in*, refresh your kubeconfig before applying manifests.
 
 ## Developer note (local render)
 
-Running **`helm template` on Windows** against some paths can return empty `.Files.Get` content; the OneLab chart uses `fromYaml (.Files.AsConfig)` where needed. **Argo CD runs on Linux** and renders the same charts in-cluster — this is a local-tooling caveat, not a second deploy path.
+Running **`helm template` on Windows** against some paths can return empty `.Files.Get` content; the OneLab chart uses `fromYaml (.Files.AsConfig)` where needed. **Argo CD runs on Linux** and renders the same charts in-cluster.
 
-## Not migrated in this chart
+## Not covered by this chart
 
-- **Edge proxy stack** (`app/proxy/docker-compose.yml`, host 80/443 Swarm) — use **Ingress** + `revproxy` and optional cert-manager.
-- **Swarm-only secrets** (e.g. `ssl_passphrase`) — use Kubernetes Secrets or external operators.
+- **Edge proxy** in front of the cluster — use **Ingress** + `revproxy` and optional cert-manager.
+- **Non-Kubernetes** install paths — not included; use Kubernetes Secrets or external secret operators as needed.
diff --git a/gitops/argocd/application.yaml b/gitops/argocd/application.yaml
index 72f8684..706eaee 100644
--- a/gitops/argocd/application.yaml
+++ b/gitops/argocd/application.yaml
@@ -13,20 +13,20 @@ metadata:
 spec:
   project: default
   sources:
-    - repoURL: https://git.luneski.fr/luneski/onelab-k8s.git
+    - repoURL: https://github.com/YOUR_ORG/YOUR_REPO.git
       targetRevision: main
       path: gitops/charts/onelab
       helm:
         releaseName: onelab
         valueFiles:
-          - ../../values/k3s-example.yaml
-    - repoURL: https://git.luneski.fr/luneski/onelab-k8s.git
+          - ../../values/env-example.yaml
+    - repoURL: https://github.com/YOUR_ORG/YOUR_REPO.git
       targetRevision: main
       path: gitops/observability
       helm:
         releaseName: onelab-obs
         valueFiles:
-          - values.yaml
+          - ../../values/observability.yaml
   destination:
     server: https://kubernetes.default.svc
     namespace: onelab
diff --git a/gitops/argocd/jsonpatch-multisource.json b/gitops/argocd/jsonpatch-multisource.json
index 3f8bb41..cf25577 100644
--- a/gitops/argocd/jsonpatch-multisource.json
+++ b/gitops/argocd/jsonpatch-multisource.json
@@ -2,21 +2,21 @@
   {"op": "remove", "path": "/spec/source"},
   {"op": "add", "path": "/spec/sources", "value": [
     {
-      "repoURL": "https://git.luneski.fr/luneski/onelab-k8s.git",
+      "repoURL": "https://github.com/YOUR_ORG/YOUR_REPO.git",
       "targetRevision": "main",
       "path": "gitops/charts/onelab",
       "helm": {
         "releaseName": "onelab",
-        "valueFiles": ["../../values/k3s-example.yaml"]
+        "valueFiles": ["../../values/env-example.yaml"]
       }
     },
     {
-      "repoURL": "https://git.luneski.fr/luneski/onelab-k8s.git",
+      "repoURL": "https://github.com/YOUR_ORG/YOUR_REPO.git",
       "targetRevision": "main",
       "path": "gitops/observability",
       "helm": {
         "releaseName": "onelab-obs",
-        "valueFiles": ["values.yaml"]
+        "valueFiles": ["../../values/observability.yaml"]
       }
     }
   ]}
diff --git a/gitops/charts/onelab/values.yaml b/gitops/charts/onelab/values.yaml
index 30aec72..bcba982 100644
--- a/gitops/charts/onelab/values.yaml
+++ b/gitops/charts/onelab/values.yaml
@@ -23,13 +23,13 @@ images:
 imagePullSecrets: []
 # - name: hub-andrewalliance
 
-# Same defaults as app/playbooks/tasks/manage-images.yml (docker login before pull).
+# Override registry credentials in gitops/values/ (see gitops/values/secrets.example.yaml).
 registry:
   createPullSecret: false
   pullSecretName: hub-andrewalliance
   server: hub.andrewalliance.com
   username: public
-  password: Andrew01..Release
+  password: "REPLACE_REGISTRY_PASSWORD"
 
 # hostPath: matches typical single-node Swarm-style install (shared /data and /logs).
 # Use persistence.mode: pvc + a ReadWriteMany class for multi-node shared storage.
@@ -71,12 +71,12 @@ syncWaves:
 onelab:
   domain: "https://localhost"
   mailer:
-    noreply: "no-reply@andrewalliance.com"
+    noreply: "no-reply@example.com"
   secrets:
     authTokenKey: "TokenAuthPlaceholder"
     monitoringToken: "TokenMonitoringPlaceholder"
     rabbitToken: "TokenRabbitPlaceholder"
-  # Mirrors app/configurations.yml params.compliance (enable without editing app/).
+  # Mirrors legacy OneLab configurations.yml params.compliance (templated from charts/onelab/files/configurations.gotmpl).
   compliance:
     enabled: false
     requireElectronicSignature: true
@@ -97,8 +97,8 @@ onelab:
     tlsCiphers: ""
     tlsSslVersion: ""
   intercom:
-    appid: "zxvgsagz"
-    secret: "QUw2jEV8utIpe9DeYjOqBjhBY9VxjXddKUCISUNu"
+    appid: "REPLACE_INTERCOM_APP_ID"
+    secret: "REPLACE_INTERCOM_SECRET"
 
 features:
   # Deprecated for LDAP: prefer onelab.ldap.enabled (either enables ldap-worker + ldap.enabled in config).
diff --git a/gitops/observability/values.yaml b/gitops/observability/values.yaml
index 825b4ee..a6c2fe3 100644
--- a/gitops/observability/values.yaml
+++ b/gitops/observability/values.yaml
@@ -1,149 +1,3 @@
-# Umbrella chart: Loki (SingleBinary + filesystem) + Promtail + Grafana.
-# Keep hostPath below in sync with persistence.hostPath.logs in gitops/values/k3s-example.yaml.
-
-loki:
-  deploymentMode: SingleBinary
-  loki:
-    auth_enabled: false
-    commonConfig:
-      replication_factor: 1
-    storage:
-      type: filesystem
-    schemaConfig:
-      configs:
-        - from: "2024-04-01"
-          store: tsdb
-          object_store: filesystem
-          schema: v13
-          index:
-            prefix: loki_index_
-            period: 24h
-    limits_config:
-      retention_period: 168h
-      ingestion_rate_mb: 16
-      ingestion_burst_size_mb: 32
-  singleBinary:
-    replicas: 1
-    persistence:
-      enabled: true
-      size: 10Gi
-  backend:
-    replicas: 0
-  read:
-    replicas: 0
-  write:
-    replicas: 0
-  ingester:
-    replicas: 0
-  querier:
-    replicas: 0
-  queryFrontend:
-    replicas: 0
-  queryScheduler:
-    replicas: 0
-  distributor:
-    replicas: 0
-  compactor:
-    replicas: 0
-  indexGateway:
-    replicas: 0
-  bloomCompactor:
-    replicas: 0
-  bloomGateway:
-    replicas: 0
-  ruler:
-    replicas: 0
-  minio:
-    enabled: false
-  lokiCanary:
-    enabled: false
-  test:
-    enabled: false
-  chunksCache:
-    enabled: false
-  resultsCache:
-    enabled: false
-
-promtail:
-  config:
-    clients:
-      - url: http://{{ .Release.Name }}-loki-gateway.{{ .Release.Namespace }}.svc.cluster.local/loki/api/v1/push
-    snippets:
-      # Only ingest pod logs from namespace onelab (Explore / Loki stay focused on OneLab).
-      extraRelabelConfigs:
-        - action: keep
-          source_labels:
-            - __meta_kubernetes_namespace
-          regex: onelab
-      extraScrapeConfigs: |
-        - job_name: onelab-host-log-files
-          static_configs:
-            - targets:
-                - localhost
-              labels:
-                job: onelab-files
-                namespace: onelab
-                component: host-logs
-                __path__: /onelab-host-logs/**/*
-  extraVolumes:
-    - name: onelab-host-logs
-      hostPath:
-        path: /opt/onelab/logs
-        type: DirectoryOrCreate
-  extraVolumeMounts:
-    - name: onelab-host-logs
-      mountPath: /onelab-host-logs
-      readOnly: true
-
-# Named Ingress grafana-onelab (templates/ingress-grafana-onelab.yaml). Grafana subchart ingress is disabled.
-grafanaOnelabIngress:
-  enabled: true
-  className: traefik
-  host: grafana.k8s.selair.it
-  tls: true
-  tlsSecretName: grafana-tls-k8s-selair
-  clusterIssuer: letsencrypt-prod
-  servicePort: 80
-  annotations: {}
-
-grafana:
-  adminUser: admin
-  adminPassword: changeme
-  # Root+CHOWN init breaks under Pod Security / restricted policies (k3s). fsGroup:472 on the pod is enough for most PVCs.
-  initChownData:
-    enabled: false
-  # Load dashboards from ConfigMaps labeled grafana_dashboard (see templates/configmap-dashboard-onelab-logs.yaml).
-  sidecar:
-    dashboards:
-      enabled: true
-      label: grafana_dashboard
-      folder: /tmp/dashboards
-      provider:
-        foldersFromFilesStructure: false
-        allowUiUpdates: true
-    datasources:
-      enabled: false
-  persistence:
-    enabled: true
-    size: 2Gi
-  service:
-    type: ClusterIP
-  # Required when served behind Ingress (redirects, OAuth callbacks).
-  grafana.ini:
-    server:
-      domain: grafana.k8s.selair.it
-      root_url: https://grafana.k8s.selair.it/
-  ingress:
-    enabled: false
-  datasources:
-    datasources.yaml:
-      apiVersion: 1
-      datasources:
-        - name: Loki
-          type: loki
-          uid: loki
-          url: http://{{ .Release.Name }}-loki-gateway.{{ .Release.Namespace }}.svc.cluster.local
-          access: proxy
-          isDefault: true
-          jsonData:
-            maxLines: 1000
+# Operator-facing overrides live in gitops/values/observability.yaml (see gitops/argocd/application.yaml helm.valueFiles).
+# This file is kept minimal on purpose.
+{}
diff --git a/gitops/values/README.md b/gitops/values/README.md
new file mode 100644
index 0000000..f056ddb
--- /dev/null
+++ b/gitops/values/README.md
@@ -0,0 +1,31 @@
+# GitOps values (operator entry point)
+
+All environment-specific Helm input for the Argo CD `Application` should live here (plus `repoURL` / `targetRevision` in [`../argocd/application.yaml`](../argocd/application.yaml)).
+
+## Files
+
+| File | Purpose |
+|------|---------|
+| [`env-example.yaml`](env-example.yaml) | Tracked example for OneLab chart: ingress, persistence, registry pull secret wiring, **placeholder** secrets. Fork and edit hostnames/TLS names, then replace placeholders or overlay `secrets.local.yaml`. |
+| [`observability.yaml`](observability.yaml) | Loki / Promtail / Grafana: retention, Promtail host paths, Grafana ingress host, **placeholder** admin password. Edit hosts/TLS together with `grafana.ini.server`. |
+| [`secrets.example.yaml`](secrets.example.yaml) | Template of secret-shaped keys only — copy to `*.local.yaml` (gitignored) and reference from Argo. |
+| [`instance-overrides.example.yaml`](instance-overrides.example.yaml) | Optional features (compliance, LDAP) — merge or add as another value file. |
+
+## Argo `helm.valueFiles` (path rules)
+
+Paths are **relative to each source’s `path`** in the Application:
+
+- Source `gitops/charts/onelab` → e.g. `../../values/env-example.yaml`, then optionally `../../values/secrets.local.yaml`.
+- Source `gitops/observability` → e.g. `../../values/observability.yaml`, then optionally `../../values/observability.local.yaml`.
+
+Later files in the list **override** earlier ones.
+
+## Private secrets without committing them
+
+1. Copy `secrets.example.yaml` to `secrets.local.yaml` (ignored by `*.local.yaml` at repo root).
+2. Fill in real registry password, Postgres password, app tokens, Intercom, etc.
+3. Add `- ../../values/secrets.local.yaml` under the onelab source’s `helm.valueFiles` in your **local** Application manifest or a private overlay — or keep that change only on a private branch.
+
+For Grafana, set `grafana.adminPassword` in a gitignored file merged with [`observability.yaml`](observability.yaml), or edit `observability.yaml` in a private fork.
+
+See the full bootstrap narrative in [`../README.md`](../README.md).
diff --git a/gitops/values/env-example.yaml b/gitops/values/env-example.yaml
new file mode 100644
index 0000000..d69de94
--- /dev/null
+++ b/gitops/values/env-example.yaml
@@ -0,0 +1,48 @@
+# Example environment overrides — copy patterns to a gitignored file (e.g. secrets.local.yaml)
+# and add it to Argo helm.valueFiles after this file so secrets stay out of Git.
+# See gitops/values/README.md and gitops/values/secrets.example.yaml.
+
+registry:
+  createPullSecret: true
+  pullSecretName: hub-andrewalliance
+  server: hub.andrewalliance.com
+  username: public
+  password: "REPLACE_REGISTRY_PASSWORD"
+
+imagePullSecrets:
+  - name: hub-andrewalliance
+
+persistence:
+  mode: hostPath
+  hostPath:
+    data: /opt/onelab/data
+    logs: /opt/onelab/logs
+
+postgresql:
+  auth:
+    password: "REPLACE_POSTGRES_PASSWORD"
+
+onelab:
+  domain: "https://onelab.example.com"
+  secrets:
+    authTokenKey: "REPLACE_AUTH_TOKEN_KEY"
+    monitoringToken: "REPLACE_MONITORING_TOKEN"
+    rabbitToken: "REPLACE_RABBIT_TOKEN"
+  intercom:
+    appid: "REPLACE_INTERCOM_APP_ID"
+    secret: "REPLACE_INTERCOM_SECRET"
+
+revproxy:
+  serviceType: ClusterIP
+
+ingress:
+  enabled: true
+  className: traefik
+  host: onelab.example.com
+  path: /
+  pathType: Prefix
+  tls: true
+  tlsSecretName: onelab-tls
+  certManager:
+    clusterIssuer: letsencrypt-prod
+  annotations: {}
diff --git a/gitops/values/instance-overrides.example.yaml b/gitops/values/instance-overrides.example.yaml
index 6c4eed6..5ac1375 100644
--- a/gitops/values/instance-overrides.example.yaml
+++ b/gitops/values/instance-overrides.example.yaml
@@ -1,9 +1,10 @@
-# Copy to a private file (e.g. gitops/values/private-k3s.yaml, gitignored) or merge into gitops/values/k3s-example.yaml.
+# Copy to a private file (e.g. gitops/values/overrides.local.yaml, gitignored) or merge into gitops/values/env-example.yaml.
 #
 # Argo CD: under spec.sources, for the source with path gitops/charts/onelab, add another path to helm.valueFiles
 # (paths are relative to that chart directory), e.g.:
-#   - ../../values/k3s-example.yaml
-#   - ../../values/private-k3s.yaml
+#   - ../../values/env-example.yaml
+#   - ../../values/secrets.local.yaml
+#   - ../../values/overrides.local.yaml
 
 onelab:
   compliance:
diff --git a/gitops/values/k3s-example.yaml b/gitops/values/k3s-example.yaml
deleted file mode 100644
index 7d092b8..0000000
--- a/gitops/values/k3s-example.yaml
+++ /dev/null
@@ -1,51 +0,0 @@
-# Aligned with Swarm installer defaults:
-#   - Registry: app/playbooks/tasks/manage-images.yml (user public, password Andrew01..Release)
-#   - App config sample: app/configurations.yml (placeholders + intercom block)
-
-registry:
-  createPullSecret: true
-  pullSecretName: hub-andrewalliance
-  server: hub.andrewalliance.com
-  username: public
-  password: Andrew01..Release
-
-imagePullSecrets:
-  - name: hub-andrewalliance
-
-persistence:
-  mode: hostPath
-  hostPath:
-    data: /opt/onelab/data
-    logs: /opt/onelab/logs
-
-postgresql:
-  auth:
-    password: "DBPasswordPlaceholder"
-
-onelab:
-  # Public URL (must match ingress host + scheme).
-  domain: "https://onelab.k8s.selair.it"
-  secrets:
-    authTokenKey: "TokenAuthPlaceholder"
-    monitoringToken: "TokenMonitoringPlaceholder"
-    rabbitToken: "TokenRabbitPlaceholder"
-  intercom:
-    appid: "zxvgsagz"
-    secret: "QUw2jEV8utIpe9DeYjOqBjhBY9VxjXddKUCISUNu"
-
-# ClusterIP keeps traffic via Ingress only; use NodePort instead if you need direct node:port access.
-revproxy:
-  serviceType: ClusterIP
-
-ingress:
-  enabled: true
-  className: traefik
-  host: onelab.k8s.selair.it
-  path: /
-  pathType: Prefix
-  tls: true
-  # cert-manager writes the certificate into this Secret in the release namespace
-  tlsSecretName: onelab-tls-k8s-selair
-  certManager:
-    clusterIssuer: letsencrypt-prod
-  annotations: {}
diff --git a/gitops/values/observability.yaml b/gitops/values/observability.yaml
new file mode 100644
index 0000000..50d5369
--- /dev/null
+++ b/gitops/values/observability.yaml
@@ -0,0 +1,144 @@
+# Umbrella chart: Loki (SingleBinary + filesystem) + Promtail + Grafana.
+# Keep promtail hostPath below in sync with persistence.hostPath.logs in gitops/values/env-example.yaml.
+
+loki:
+  deploymentMode: SingleBinary
+  loki:
+    auth_enabled: false
+    commonConfig:
+      replication_factor: 1
+    storage:
+      type: filesystem
+    schemaConfig:
+      configs:
+        - from: "2024-04-01"
+          store: tsdb
+          object_store: filesystem
+          schema: v13
+          index:
+            prefix: loki_index_
+            period: 24h
+    limits_config:
+      retention_period: 168h
+      ingestion_rate_mb: 16
+      ingestion_burst_size_mb: 32
+  singleBinary:
+    replicas: 1
+    persistence:
+      enabled: true
+      size: 10Gi
+  backend:
+    replicas: 0
+  read:
+    replicas: 0
+  write:
+    replicas: 0
+  ingester:
+    replicas: 0
+  querier:
+    replicas: 0
+  queryFrontend:
+    replicas: 0
+  queryScheduler:
+    replicas: 0
+  distributor:
+    replicas: 0
+  compactor:
+    replicas: 0
+  indexGateway:
+    replicas: 0
+  bloomCompactor:
+    replicas: 0
+  bloomGateway:
+    replicas: 0
+  ruler:
+    replicas: 0
+  minio:
+    enabled: false
+  lokiCanary:
+    enabled: false
+  test:
+    enabled: false
+  chunksCache:
+    enabled: false
+  resultsCache:
+    enabled: false
+
+promtail:
+  config:
+    clients:
+      - url: http://{{ .Release.Name }}-loki-gateway.{{ .Release.Namespace }}.svc.cluster.local/loki/api/v1/push
+    snippets:
+      extraRelabelConfigs:
+        - action: keep
+          source_labels:
+            - __meta_kubernetes_namespace
+          regex: onelab
+      extraScrapeConfigs: |
+        - job_name: onelab-host-log-files
+          static_configs:
+            - targets:
+                - localhost
+              labels:
+                job: onelab-files
+                namespace: onelab
+                component: host-logs
+                __path__: /onelab-host-logs/**/*
+  extraVolumes:
+    - name: onelab-host-logs
+      hostPath:
+        path: /opt/onelab/logs
+        type: DirectoryOrCreate
+  extraVolumeMounts:
+    - name: onelab-host-logs
+      mountPath: /onelab-host-logs
+      readOnly: true
+
+grafanaOnelabIngress:
+  enabled: true
+  className: traefik
+  host: grafana.onelab.example.com
+  tls: true
+  tlsSecretName: grafana-onelab-tls
+  clusterIssuer: letsencrypt-prod
+  servicePort: 80
+  annotations: {}
+
+grafana:
+  adminUser: admin
+  adminPassword: "REPLACE_GRAFANA_ADMIN_PASSWORD"
+  initChownData:
+    enabled: false
+  sidecar:
+    dashboards:
+      enabled: true
+      label: grafana_dashboard
+      folder: /tmp/dashboards
+      provider:
+        foldersFromFilesStructure: false
+        allowUiUpdates: true
+    datasources:
+      enabled: false
+  persistence:
+    enabled: true
+    size: 2Gi
+  service:
+    type: ClusterIP
+  grafana.ini:
+    server:
+      domain: grafana.onelab.example.com
+      root_url: https://grafana.onelab.example.com/
+  ingress:
+    enabled: false
+  datasources:
+    datasources.yaml:
+      apiVersion: 1
+      datasources:
+        - name: Loki
+          type: loki
+          uid: loki
+          url: http://{{ .Release.Name }}-loki-gateway.{{ .Release.Namespace }}.svc.cluster.local
+          access: proxy
+          isDefault: true
+          jsonData:
+            maxLines: 1000
diff --git a/gitops/values/secrets.example.yaml b/gitops/values/secrets.example.yaml
new file mode 100644
index 0000000..5e0809d
--- /dev/null
+++ b/gitops/values/secrets.example.yaml
@@ -0,0 +1,26 @@
+# Copy to a gitignored file (e.g. gitops/values/secrets.local.yaml — match *.local.yaml in repo .gitignore).
+# Add it as the LAST entry in spec.sources[].helm.valueFiles for the onelab chart so these values win.
+#
+# Do not commit real values.
+
+registry:
+  username: public
+  password: "YOUR_REGISTRY_PASSWORD"
+
+postgresql:
+  auth:
+    password: "YOUR_POSTGRES_PASSWORD"
+
+onelab:
+  secrets:
+    authTokenKey: "YOUR_AUTH_TOKEN_KEY"
+    monitoringToken: "YOUR_MONITORING_TOKEN"
+    rabbitToken: "YOUR_RABBIT_TOKEN"
+  intercom:
+    appid: "YOUR_INTERCOM_APP_ID"
+    secret: "YOUR_INTERCOM_SECRET"
+
+# Optional: Grafana admin password is normally set in gitops/values/observability.yaml;
+# override there or add a second gitignored value file for the observability source.
+# grafana:
+#   adminPassword: "YOUR_GRAFANA_PASSWORD"
diff --git a/install.sh b/install.sh
deleted file mode 100644
index 6b8b15a..0000000
--- a/install.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/bash
-
-# Define OneLab along with the Ansible logs directory
-
-directory="../onelab/logs/ansible"
-
-# Check if the directory structure exists
-if [ ! -d "$directory" ]; then
-    # If it doesn't exist, create it
-    mkdir -p "$directory"
-fi
-
-# To allow writing the logs
-chown -R $USER "$directory"
-
-ANSIBLE_LOG_PATH="$directory/$(date +%F)-ansible.log" ansible-playbook ./app/playbooks/install.yml
\ No newline at end of file
diff --git a/resources/restore/restore.sh b/resources/restore/restore.sh
deleted file mode 100644
index 92590ba..0000000
--- a/resources/restore/restore.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-
-#!/bin/bash
-ANSIBLE_LOG_PATH=../../logs/ansible/$(date +%F)-ansible.log ansible-playbook ./restore.yml
diff --git a/resources/restore/restore.yml b/resources/restore/restore.yml
deleted file mode 100644
index 6feb685..0000000
--- a/resources/restore/restore.yml
+++ /dev/null
@@ -1,104 +0,0 @@
----
-- name: Restoring OneLab (1.27.0)
-  hosts: localhost
-  vars_prompt:
-    - name: "userchoice"
-      prompt: "Confirm OneLab 1.27.0 restore: yes/no"
-      private: no
-  vars:
-    onelab_path: '../..'
-    onelab_images_path: '../../../onelab-images-1.27.0.tar.gz'
-    main_path: '../../..'
-
-  tasks: 
-    - name: Checking if the OneLab images bundle is existing
-      stat:
-        path: "{{ onelab_images_path }}"
-        get_checksum: no
-      register: docker_images_tar
-
-    - name: Aborting the restore process
-      fail:
-        msg: Aborting the restore process
-      when: userchoice != "yes"
-
-    # Stop OneLab if OneLab is running
-    - name: Checking if OneLab is running
-      shell: docker stack ls | grep 'onelab' | wc -l
-      become: true
-      register: stack_count
-
-    # Stop OneLab (unkown version) if OneLab is running
-    - include_tasks: "{{ onelab_path }}/installation/latest/app/playbooks/tasks/stop-onelab.yml"
-      when: stack_count.stdout != "0"
-    - include_tasks: "{{ onelab_path }}/installation/latest/app/playbooks/tasks/stop-proxy.yml"
-      when: stack_count.stdout != "0"
-
-    # Load docker images
-    - name: Loading Docker images
-      debug:
-        msg:
-        - "Loading images could take few minutes, please do not interrupt"
-      when: (docker_images_tar is defined) and (docker_images_tar.stat.exists)
-
-    - name: Loading OneLab images from the tar file
-      shell:
-        docker load --input {{ onelab_images_path }}
-      become: true
-      when: (docker_images_tar is defined) and (docker_images_tar.stat.exists)
-
-    - name: Unzipping backup
-      shell: |
-        tar xzvf ./onelab.tar.gz -C ./../..
-      become: true
-
-    - name: Cleaning latest installation
-      ansible.builtin.file:
-        path: "{{ onelab_path }}/installation/latest"
-        state: absent
-
-    - name: Flagging restored version as current
-      ansible.builtin.copy:
-        src: ../../installation/1.27.0/
-        dest: ../../installation/latest
-        directory_mode: no
-        remote_src: yes
-
-    # Load configuration
-    - include_vars:
-        file: "{{ onelab_path }}/configurations.yml"
-
-    # Perform reconfiguration
-    - include_tasks: "{{ onelab_path }}/installation/latest/app/playbooks/tasks/reconfigure-task.yml"
-
-    # Checking if volumes are existing
-    - name: Getting the list of docker volumes
-      shell: docker volume ls
-      become: true
-      register: volumes_result
-
-    # Removing volumes
-
-    - name: Resetting postgres database & cleaning cache
-      shell: |
-        docker volume rm onelab_pgdata -f
-        docker volume rm onelab_rabbitmq_data -f
-      become: true
-      when: "'rabbitmq' in volumes_result.stdout or 'pgdata' in volumes_result.stdout"
-
-    # Restoring database
-
-    - include_tasks: "{{ onelab_path }}/installation/latest/app/playbooks/tasks/start-db-only.yml"
-
-    - name: Restoring database
-      shell: >
-        docker exec -i $(docker ps --filter "name=onelab_db|onelab-db" -q) pg_restore -Upostgres -dpostgres -v -Fc  < ./db.tar.gz
-      become: true
-
-    - include_tasks: "{{ onelab_path }}/installation/latest/app/playbooks/tasks/stop-db-only.yml"
-
-    # Start OneLab if OneLab was running
-    - include_tasks: "{{ onelab_path }}/installation/latest/app/playbooks/tasks/start-proxy.yml"
-      when: stack_count.stdout != "0"
-    - include_tasks: "{{ onelab_path }}/installation/latest/app/playbooks/tasks/start-onelab.yml"
-      when: stack_count.stdout != "0"
diff --git a/resources/scripts/centos/install_ansible.sh b/resources/scripts/centos/install_ansible.sh
deleted file mode 100644
index 3da1831..0000000
--- a/resources/scripts/centos/install_ansible.sh
+++ /dev/null
@@ -1,27 +0,0 @@
-#!/bin/bash
-
-sudo yum install dnf
-
-# update the DNF package repository cache
-sudo dnf makecache
-
-# To enable EPEL repository, install the epel-release package
-sudo dnf install epel-release -y
-
-# update the DNF package repository cache again
-sudo dnf makecache
-
-# Install Ansible
-sudo dnf install ansible -y
-
-# Create the ansible log file
-sudo touch /var/log/ansible.log
-
-# Provide permissions for ansible log file
-sudo chmod 666 /var/log/ansible.log
-
-# Update Ansible hosts file for local connection
-sudo sed -i '$ a localhost ansible_connection=local' /etc/ansible/hosts
-
-# Update Ansible configuration file with logs path
-sudo sed -i '13 a log_path = /var/log/ansible.log' /etc/ansible/ansible.cfg
diff --git a/resources/scripts/centos/install_docker.sh b/resources/scripts/centos/install_docker.sh
deleted file mode 100644
index 0c08dda..0000000
--- a/resources/scripts/centos/install_docker.sh
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/bin/bash
-
-# Install the yum-utils package (which provides the yum-config-manager utility) and set up the stable repository
-
-sudo yum install -y yum-utils
-sudo yum-config-manager \
-    --add-repo \
-    https://download.docker.com/linux/centos/docker-ce.repo
-
-# Install Docker Engine
-sudo yum install docker-ce docker-ce-cli containerd.io -y
-
-# Start Docker
-sudo systemctl start docker
-
-# Enable Docker
-sudo systemctl enable docker
diff --git a/resources/scripts/debian10/install_ansible.sh b/resources/scripts/debian10/install_ansible.sh
deleted file mode 100644
index 26e2448..0000000
--- a/resources/scripts/debian10/install_ansible.sh
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/bin/bash
-
-sudo sed -i '$ a deb http://ppa.launchpad.net/ansible/ansible/ubuntu trusty main' /etc/apt/sources.list
-sudo apt-get update
-sudo apt-get install -y gnupg2
-
-sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367
-sudo apt update
-sudo apt install -y ansible
-
-# Create the ansible log file
-sudo touch /var/log/ansible.log
-
-# Provide permissions for ansible log file
-sudo chmod 666 /var/log/ansible.log
-
-# Update Ansible hosts file for local connection
-sudo sed -i '$ a localhost ansible_connection=local' /etc/ansible/hosts
-
-# Update Ansible configuration file with logs path
-sudo sed -i '13 a log_path = /var/log/ansible.log' /etc/ansible/ansible.cfg
-
diff --git a/resources/scripts/debian10/install_docker.sh b/resources/scripts/debian10/install_docker.sh
deleted file mode 100644
index 3c2a404..0000000
--- a/resources/scripts/debian10/install_docker.sh
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/bin/bash
-
-# Install Dependencies
-sudo apt-get update
-sudo apt-get install \
-    apt-transport-https \
-    ca-certificates \
-    curl \
-    gnupg \
-    lsb-release -y
-
-# Install Docker
-curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor --yes -o /usr/share/keyrings/docker-archive-keyring.gpg
-
-echo \
-  "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian \
-  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
-
-sudo apt-get update
-sudo apt-get install docker-ce docker-ce-cli containerd.io -y
-
-sudo systemctl start docker
-sudo systemctl enable docker
-
-# Add user to docker group
-sudo usermod -aG docker $USER
diff --git a/resources/scripts/debian11/install_ansible.sh b/resources/scripts/debian11/install_ansible.sh
deleted file mode 100644
index 0373293..0000000
--- a/resources/scripts/debian11/install_ansible.sh
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/bash
-sudo apt update
-
-sudo apt install ansible
-
-# Create the ansible log file
-sudo touch /var/log/ansible.log
-
-# Provide permissions for ansible log file
-sudo chmod 666 /var/log/ansible.log
-
-
-
diff --git a/resources/scripts/debian11/install_docker.sh b/resources/scripts/debian11/install_docker.sh
deleted file mode 100644
index bc47a9a..0000000
--- a/resources/scripts/debian11/install_docker.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/bash
-# Add Docker's official GPG key:
-sudo apt-get update
-sudo apt-get install ca-certificates curl
-sudo install -m 0755 -d /etc/apt/keyrings
-sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
-sudo chmod a+r /etc/apt/keyrings/docker.asc
-
-# Add the repository to Apt sources:
-echo \
-  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
-  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
-  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
-sudo apt-get update
-sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin
-sudo usermod -aG docker $USER
diff --git a/resources/scripts/debian12/install_ansible.sh b/resources/scripts/debian12/install_ansible.sh
deleted file mode 100644
index 0373293..0000000
--- a/resources/scripts/debian12/install_ansible.sh
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/bash
-sudo apt update
-
-sudo apt install ansible
-
-# Create the ansible log file
-sudo touch /var/log/ansible.log
-
-# Provide permissions for ansible log file
-sudo chmod 666 /var/log/ansible.log
-
-
-
diff --git a/resources/scripts/debian12/install_docker.sh b/resources/scripts/debian12/install_docker.sh
deleted file mode 100644
index bc47a9a..0000000
--- a/resources/scripts/debian12/install_docker.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/bash
-# Add Docker's official GPG key:
-sudo apt-get update
-sudo apt-get install ca-certificates curl
-sudo install -m 0755 -d /etc/apt/keyrings
-sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
-sudo chmod a+r /etc/apt/keyrings/docker.asc
-
-# Add the repository to Apt sources:
-echo \
-  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
-  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
-  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
-sudo apt-get update
-sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin
-sudo usermod -aG docker $USER
diff --git a/resources/scripts/fedora/install_ansible.sh b/resources/scripts/fedora/install_ansible.sh
deleted file mode 100644
index 77dd084..0000000
--- a/resources/scripts/fedora/install_ansible.sh
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/bash
-
-sudo dnf install ansible -y
-
-#Install openssl
-sudo yum install openssl -y
-
-# Create the ansible log file
-sudo touch /var/log/ansible.log
-
-# Provide permissions for ansible log file
-sudo chmod 666 /var/log/ansible.log
-
-# Update Ansible hosts file for local connection
-sudo sed -i '$ a localhost ansible_connection=local' /etc/ansible/hosts
-
-# Update Ansible configuration file with logs path
-sudo sed -i '13 a log_path = /var/log/ansible.log' /etc/ansible/ansible.cfg
-
diff --git a/resources/scripts/fedora/install_docker.sh b/resources/scripts/fedora/install_docker.sh
deleted file mode 100644
index 256553c..0000000
--- a/resources/scripts/fedora/install_docker.sh
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-
-# Install the dnf-plugins-core package (which provides the commands to manage your DNF repositories)
-
-sudo dnf -y install dnf-plugins-core -y
-
-# Setup stable repository
-
-sudo dnf config-manager \
-    --add-repo \
-    https://download.docker.com/linux/fedora/docker-ce.repo -y
-
-# Install the latest version of Docker Engine and containerd
-
-sudo dnf install docker-ce docker-ce-cli containerd.io -y
-
-sudo systemctl start docker
-
-sudo systemctl enable docker
-
-sudo usermod -aG docker $USER
\ No newline at end of file
diff --git a/resources/scripts/redhat7/install_ansible.sh b/resources/scripts/redhat7/install_ansible.sh
deleted file mode 100644
index 8ba9664..0000000
--- a/resources/scripts/redhat7/install_ansible.sh
+++ /dev/null
@@ -1,20 +0,0 @@
-#!/bin/bash
-
-# Install Extra Packages for Linux
-sudo yum  install  https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm -y
-
-# Install Ansible
-sudo yum install ansible -y
-
-# Create the ansible log file
-sudo touch /var/log/ansible.log
-
-# Provide permissions for ansible log file
-sudo chmod 666 /var/log/ansible.log
-
-# Update Ansible hosts file for local connection
-sudo sed -i '$ a localhost ansible_connection=local' /etc/ansible/hosts
-
-# Update Ansible configuration file with logs path
-sudo sed -i '13 a log_path = /var/log/ansible.log' /etc/ansible/ansible.cfg
-
diff --git a/resources/scripts/redhat7/install_docker.sh b/resources/scripts/redhat7/install_docker.sh
deleted file mode 100644
index 1e0cb94..0000000
--- a/resources/scripts/redhat7/install_docker.sh
+++ /dev/null
@@ -1,27 +0,0 @@
-#!/bin/bash
-
-# Install the yum-utils package
-
-sudo yum install -y yum-utils
-
-sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
-
-# RHEL-7 requires the below dependencies to be installed to setup Docker
-
-sudo yum install http://mirror.centos.org/centos/7/extras/x86_64/Packages/container-selinux-2.119.2-1.911c772.el7_8.noarch.rpm -y
-
-sudo yum install http://mirror.centos.org/centos/7/extras/x86_64/Packages/fuse3-libs-3.6.1-4.el7.x86_64.rpm -y
-
-sudo yum install  http://mirror.centos.org/centos/7/extras/x86_64/Packages/fuse-overlayfs-0.7.2-6.el7_8.x86_64.rpm -y
-
-sudo yum install http://mirror.centos.org/centos/7/extras/x86_64/Packages/slirp4netns-0.4.3-4.el7_8.x86_64.rpm -y
-
-# Ended dependencies installation
-
-sudo yum install docker-ce -y
-
-sudo systemctl start docker
-
-sudo systemctl enable docker
-
-sudo usermod -aG docker $USER
\ No newline at end of file
diff --git a/resources/scripts/redhat8/install_ansible.sh b/resources/scripts/redhat8/install_ansible.sh
deleted file mode 100644
index 35f2168..0000000
--- a/resources/scripts/redhat8/install_ansible.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/bash
-
-sudo dnf update
-
-sudo dnf install ansible-core
\ No newline at end of file
diff --git a/resources/scripts/redhat8/install_docker.sh b/resources/scripts/redhat8/install_docker.sh
deleted file mode 100644
index 1bc2877..0000000
--- a/resources/scripts/redhat8/install_docker.sh
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/bash
-
-sudo dnf update -y
-
-sudo dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
-
-# To verify which version of docker is available for installation
-# sudo dnf list docker-ce
-
-sudo dnf install docker-ce --nobest -y
-sudo systemctl start docker
-sudo systemctl enable docker
-
-# Get current user and add to 'docker' group
-sudo usermod -aG docker $USER
diff --git a/resources/scripts/redhat9/install_ansible.sh b/resources/scripts/redhat9/install_ansible.sh
deleted file mode 100644
index 35f2168..0000000
--- a/resources/scripts/redhat9/install_ansible.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/bash
-
-sudo dnf update
-
-sudo dnf install ansible-core
\ No newline at end of file
diff --git a/resources/scripts/redhat9/install_docker.sh b/resources/scripts/redhat9/install_docker.sh
deleted file mode 100644
index 1bc2877..0000000
--- a/resources/scripts/redhat9/install_docker.sh
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/bash
-
-sudo dnf update -y
-
-sudo dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
-
-# To verify which version of docker is available for installation
-# sudo dnf list docker-ce
-
-sudo dnf install docker-ce --nobest -y
-sudo systemctl start docker
-sudo systemctl enable docker
-
-# Get current user and add to 'docker' group
-sudo usermod -aG docker $USER
diff --git a/resources/scripts/ubuntu/install_ansible.sh b/resources/scripts/ubuntu/install_ansible.sh
deleted file mode 100644
index b231165..0000000
--- a/resources/scripts/ubuntu/install_ansible.sh
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/bin/bash
-
-# Install Dependencies
-sudo apt update
-sudo apt install software-properties-common
-
-# Install Ansible
-sudo add-apt-repository --yes --update ppa:ansible/ansible
-sudo apt update
-sudo apt install ansible
-
-# Create the ansible log file
-sudo touch /var/log/ansible.log
-
-# Provide permissions for ansible log file
-sudo chmod 666 /var/log/ansible.log
-
-# Update Ansible hosts file for local connection
-sudo sed -i '$ a localhost ansible_connection=local' /etc/ansible/hosts
-
-# Update Ansible configuration file with logs path
-sudo sed -i '13 a log_path = /var/log/ansible.log' /etc/ansible/ansible.cfg
\ No newline at end of file
diff --git a/resources/scripts/ubuntu/install_docker.sh b/resources/scripts/ubuntu/install_docker.sh
deleted file mode 100644
index 091bea7..0000000
--- a/resources/scripts/ubuntu/install_docker.sh
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/bin/bash
-
-# Install Dependencies
-sudo apt-get update
-sudo apt-get install \
-    apt-transport-https \
-    ca-certificates \
-    curl \
-    gnupg \
-    lsb-release
-
-# Install Docker
-curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor --yes -o /usr/share/keyrings/docker-archive-keyring.gpg
-
-echo \
-  "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
-  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
-
-sudo apt-get update
-sudo apt-get install docker-ce docker-ce-cli containerd.io
-
-# Add user to docker group
-sudo usermod -aG docker $USER
diff --git a/resources/services/onelab.service b/resources/services/onelab.service
deleted file mode 100644
index a963ffd..0000000
--- a/resources/services/onelab.service
+++ /dev/null
@@ -1,14 +0,0 @@
-# /etc/systemd/system/onelab.service
-[Unit]
-Description=OneLab
-Requires=docker.service
-After=docker.service
-
-[Service]
-Type=simple
-RemainAfterExit=yes
-ExecStart={{ ansiblebin_result.stdout }} {{ playbook_dir.split('/onelab-enterprise-installer')[0].split('/onelab/installation')[0] }}/onelab/installation/latest/app/playbooks/deploy.yml
-ExecStop={{ ansiblebin_result.stdout }} {{ playbook_dir.split('/onelab-enterprise-installer')[0].split('/onelab/installation')[0] }}/onelab/installation/latest/app/playbooks/stop.yml
-
-[Install]
-WantedBy=default.target
\ No newline at end of file