From 4d3d3316abb29a67395b83b1abe6817c8d3f4d71 Mon Sep 17 00:00:00 2001
From: Viktor Barzin <vbarzin@gmail.com>
Date: Fri, 10 Apr 2026 14:19:25 +0000
Subject: [PATCH] feat(phpipam): deploy phpIPAM for live IP address management

Lightweight IPAM with auto-discovery scanning every 15min via fping.
Replaces disabled NetBox (OOM'd). Uses existing MySQL InnoDB cluster
with Vault-rotated credentials. Cloudflare DNS + Authentik auth.

[ci skip]

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 config.tfvars                 | Bin 10121 -> 10132 bytes
 stacks/phpipam/main.tf        | 260 ++++++++++++++++++++++++++++++++++
 stacks/phpipam/terragrunt.hcl |   8 ++
 stacks/vault/main.tf          |  10 +-
 4 files changed, 277 insertions(+), 1 deletion(-)
 create mode 100644 stacks/phpipam/main.tf
 create mode 100644 stacks/phpipam/terragrunt.hcl

diff --git a/config.tfvars b/config.tfvars
index 213689ff76427007aa2897260666259e395f201a..2ef9c6d244d28b7cf84e40e3a8b7100d410b9efe 100644
GIT binary patch
literal 10132
zcmV;FCu`UMM@dveQdv+`0H3kzvNA`91m?|p(m1kGnzmGpS+^O>j>&LyEm^1)sAZAu
zV`%-YLho}Y#d9FTKECIm^bvJY-?Yc1b(hCjDysHZ@}QPRJhXtH;C!2LR;B26UZNL2
zv2+B@V}U!E6hyN(W3nIc*8X1kP2|^6Ogx=^Nsvtu%>49|)_@N~tPivJk7|ElAUe^f
z(zeR&$fUrdOi-h=%eo_-R`3i}ZSk?2+rp7KqcJL7EArMs%!0d&A4(qD!eQPCy~8<-
z6<z<oz&58#Bd(H#<#^B4$(1G}%H!;}w{&1a32H5RMGKE_WKunN($e{9HK)+Sjv*N^
zemshB8F-vw%^O9TH4-(!w@o-3E~Gh>#$w@M!BI7#Wo{$=Ni9TU02Q2!u%Rn@O&sfe
zo<5MzmcX6m7m#GHik`c+`ip=t$k`J-Y>8jMU7(xlL3rU=G(sngmgHacN`KCy(FiHC
z`M!k^cGxWH)C-z$4)|0Gy{CgO^tSGt74@p>X&h{4C-f8_A=dNSp1x){B+Td%36vf-
z>WJrxG=&&f+Q<?^dm8itdXJ{jxC+a_87d1QC!KEN@Q$K!^J$Z?R-posHN?dzNg6pI
zllyoSFeEWyv!}Td@W#Jwej%>b#gb;AJ?66FXh3^PV=bAMH-}g4WdWnPAFj`}E9@ym
zMKuC+&>c%p0I?HE)au{_5GP&kTQ{!k$+K65Z3Oj{l{?){N>tyf#jvA`#2sSv^;=lH
zKwSK~K`27Md*P_XbJ#yBm#j-nl+rO|ot(I!bN;9kj2{>9lr9ENHX;Toimbm75mm)c
z((RhRXJz~TcCmkfn)x0(CRjf0r8{u-H%k@X)3;r@l!IeDj_BU7kz(Q#z}h$Vt=T(q
z`CAMeWT}nyHdlw%HIVUznP!s_jL(gu$Rg+kw0nwc2$r1Or!jMc`#=TOf4&dN^)$b8
zVzLup3dDHu9qbv>nd|!fc0q-Da#pcUw@#OP9eK^L)g1a+bU!>E_M(zG0}@c|zD?iV
zc5*(>aCADdKv8zSULMrolv4s~xUY@Q1w8kv6Ya1kDRWbLP{9r<`hO5s?41gyv{7>O
z2D!O}Oz$!Szfuv~o7@pbHr+9%TRgjmHNx%1YH6MZ$^;J;RoT-|h{-|V5hrc(X8@9|
z@@8j$DO-Lcusdw;79x`74A;A<UXw)`v-*@P-AQS<AG_Hec3w5HA5{aDA!*!?HV(od
zJqZPsm!z>14?Uq-QfqR&pfP9d%w^DHokJ2Y;aFn1dp%oc8w&c`n|%XQTR7W3*`Z(M
zM>0GIREnV4@WD#yL&0X+?NJC)J~$(ocLcZ$wd?o|84=ij5k~6Am~8R0NXc!+SJr5n
z80Aow>9N6^X#+m*9(Fv)5qi1@g^*YFn9;8*($h8#Ho74z?n`=q?W#p9BF-^}Ewo|&
z&e0X3305D=&tD;YhmB`1`r9H)Q?D!>A1wiMa6hQDoOouQEg+)UF!2s3Pb}Dx)fwd2
zJ;RrsLf951(6N6P=Ptkx7me|Q#^oYfunB=Z?7EL?zQ8Z&S;Q}_4bjQsmuF)_BLoF-
zbKy7=S_eB%-}@Mkv-kbxeC{(zeT^VXEk;-r<9oCiWEbr_TKyTKWSSttei$ihd9KRB
z_~I`=pw=&cMy6pqw$q`d{w0}$)0W>VqSNK;5@SVGP5t{=$psp5nO}^p9zf!q9F>SD
zG4$-?*M)tLhgn|Ybnp2{>d^5ydHk@K9FwT3PXja4mX|gC4FbYVnEhSPzH;u+O?vm1
zjgD`Q#=WcAb;f90s~c2`BB7R<@ezAw7O+FY=F7RyX}2FbP{FS#VQUALzD3U6;F`_k
zftSYK+>>*(7hi540$X)iR>226_RllEqy@bb)Lo9Ye>v2DF9dLDT#|$Sk&de*yrQi2
z8bwz!YvmN*2~Xg#2jm2WwM6L%K5rs(8tu?Q4jZ><hag{~$Z(QjD|nlwYz9w9T~160
zVC9RPgD<Pe{Q{Fd=DiwUHsfLe0mn~0Ze>%GovZ?#4mx=cU;oE<96~f|WvIkBF{3CE
z`<U#>K>0TlHaB7jQwdso+!t!Y5H7!^LLyisHBwOyRE~A)aliCbksvm?)m}(Ga{_ry
zKM%f7K5R>Ye&wS+EKv0f1RhAkACg?7)fJDiPS#L2bLSoZRr1G9a)M2iF^h*At>Ec*
z2f8dFn|GzPWOB)~!pC~&RU&#4%1?>ILKB}mcCS377{oRhl<;f+Yo7~IO>17u=Vjqm
z45Bn>2ti!ijp%~dG{Xh|qoVYPdZc)QO=ARq+0}C(;Er1d=SR1)b0&rQSKf69QWDLV
z&r2P0lJhOk`BMOy`VCXR#eMPk#{B5(t<RF>4b4jg9~fPZzmnmj8y-K~^`4R-+?C=I
zsy+?9H6vI-L#PI+EU-%|O%57UnYg&(gALkgWG%!_T@9Bx0Ay|dNbDynLPPViP;0n`
zrVo6NLtb#97jgeMk402Z<@fw6B885qR;x+(P_UK}PZ&j-K_M>R@Yuw#ECKXY#RfXm
z)Tn=u5~mvpIuRW;lZ*QKvYkIukiQCGYF<=AaRP2I)%n}>+XI|A7hYU&k6I1R2@Dm{
z$=Ons&OvGy*c~mgUX&GVWOrg$tY3yuBf)u(t!uHh5NH8<?<%bi=pBt(QDyfh`f0MD
zWRqe9)izuwo=~-%CGg%8fYgBA(LDj#`}%-uU1$xcH0S@dt}984h^~#`q}a14V&~83
z^-<~ZVG14rhsYxUToSie)X9m4cTvEe06D)3fLaxNCI$|Tem*u^<bdhU5eep*2+=cI
z&QE^T>Bimp$yVi|6zP6!W;{;8K|YXfo&oxIe%biylJ>{{712h4hgyZvSpGMY84$x2
z*y%V?T|IVj0ULo};K{^=l%o~3_4i<|Z{z0)9UymV^WB}QYV4h1LUT?YuuXgpRT}N;
zt;C>i)-90<N0sR>72Q_Ohp@2y$cb^n(6^e#JQy^K{va!IcmL?RFvhMVHi4>6`o+>0
zLW;~l-af`*R1Lo{5ho$?9HW1nmZ8G`h}u3$Q`5v;m`ua2=mGuvAz6W<tG1cFk%>L`
z$naC7_@rGEf0qlS0+}r5_vf0NDVpqXM?DNv%$TRHT{+Zt@|<k`=l?rMNokLX_rxa}
zKXU3ARzlxSM@MpwRoh}{0&iG$4V)RJmFO8rKmQe$kMX0aIa{WV72obIYx`yJHRaTL
zv+XS1B<g%Tw-tU{arw15B<?$EnBv_O_k39L1V=uUDWL@lnjshGOWwc_D-bHBOu@eH
zF7spgx8^V|A!p=9%D^)#)61*1Bgr4_wUswB1^T@q(&2I7*OH*~K?DmtDEsCApOwA0
z5kX~%fXoqn`h7=e82D6371Sj>lPW)kx2rLZkwi#LG0<9}7YLpoC3!EnbFxQa9T@1F
zGQq*mE*L!xJo$m$Lr$OZly2!v@C~-8RJd>cz^E$iy(RUzBcrE3DuGA+DZ6wsf|iv<
zIf}|iCN|I)x5i#JRqVh7W#)kt5)4Q6d#OZ{5&fa1OG7YvaO-}pRO5R?91X+tY91lA
zudJ8KMIA5uETnGi8@JD3^BFzVkp2ae%e(>G4DE({ZpPjIgq_ZL`=UZ5^a4HBz0V+U
zy)gA%q{B4Z)JV<3WZV`!CQR+WKMP&Y*{lO|gV1X({V<r`3m>(+C47e(Ke8p_GL)dU
zZ9aD`a=RD!sEw4QPSuDq)w^jkdxPSwJQ4>yhVR1gIks^%#%9Nr(7L!^V_bfzxDcSH
zmP|kjlMa<89j=8P<3q1!6)W(WbY=|Gz}3iCM%WpQ$Q^S^Mor-I^9nygF{$h?%T0U&
zAcK_JYiBHfaif>UzHN)rG~)l1vbLF$<uXMJEYW<r)iXvz%)?=$Z(_tB?FXLeGl4uN
zGaw1en-geMjp(GkP!0~kL6_9V^*b~!yz9JR&+N3J3IM^^akCEX`nG!A0@>K1OwL<S
zE$xFqT<|HF7pdme3CQoKMgYiUnWe!5ij04UM7qLm)>de2PPuv;JUt-y-o3L%GbP+(
z@qjhd%&=*&Lx*Ung1G%>XY?9*@#MQRgJN;V$PrLRre{JBt!ZJ?Jw8L+b;znmh!h#q
z8YdU|K6ee!a_5(jHiuI2nntpN_KT?GHc%Z~DezY>>E!g6A(>~nNB&;`p%by_1_9^s
zDRK69EknwdK<ZPxnQkplI%A~=1O=WezNR$JZ)>1<UKDBRRwPYm?GFtvz$J>OG<}Eh
z4h!=8f>obu!U`ZKZhIhNl}IZNN-1p!7RZOUqQgh?^JaD61(r9yuCgz>1E7tX;u0OF
zx6}sQ=qrd+R_?o^^&iw9G&{t*PSaQ`l#0T}CMeCP=a3IclQ4QFub5?`$B{YPvcY?p
zF^J%zBRN=|anDrLnpI{Krxswp{RnVxo7<_CE`@!Yo%JASB8vSqd7Oku;<2kxQ4Coj
zlR=KikHzzQ{-HM4PLi)>INDnqpJaJS$OX@NSlxnEzkm$+mU%vmoO;9$!4M)LD#^vu
zc_F+&XPZOl8U+5v;CW{i9%y@opTv<ltDu!kua@XJKCP3j5Os3TE;08eUVd{Zc&&Fk
z{CV-vo*GqQnu}Nx*5LM@j|EtAj_0X=THv)MIN~=PF))a;9xn3j&wx0-<Yv~fnDL-<
zx%W485PTUkxRLs^KOD+{k;Iv&w~QLISvIEc9}&Bxbh^<(|9=$AVf%fSKX=I2O=LM$
z>`<brcNNczh%9w!bNW@4GpM718?(P7Viw)I>Zm1PK^a@HO$C2yxMw@u=>5kEmq;Je
zn}+IGi%%PO0AUrUZ{a@eMlcITP<=V=4;nd9fBSS4%>`%%PBr#R&PkV!BG^1yx0Xjm
z0^T=R+4Dqi*0h?t7<J1*esqsaM@V*~|22y~<hsaQk~mo_*_XTR#fN0HCj&Ew;^4!4
zP~2ZJ3N7Ubt%B02jHH}Q>ooO#`Wt3C7N^)M$S%d~=yJ0F&?m{(0_h+?J;abX(u&)D
z$(YSO@G=LWrkUaT=hb?`O|*`Fg(JjVTrHQ->fsQ(lo>ZKkaYyRGsc3e+iqDSR&%z#
z)avJyRUvI*$IjZ|!@9m>EZx%2GR8Fv1!cTYSN1#ZzW>4U$B3=GDn3V|VZZvqRKY&f
z=%}P}E4m0Wp39u*H{7zoE(w$14Q^Xa7@9shie9$-LM^h_Ibd<G6vxRZiKCB3`?1_3
zMRpTf0}J<KtC2!`K#GEe=V9Wst%=@fK=#gZOn%V^x%aGih1wAZn7#uUPS?}AY}zGD
ze|>Jo)@^cBev)38MI4p9NcbIB#)C1Z1nSAf`VMO`&=*aWG6RMbyGr#Hhd8>Oo+eqT
zzFJX0_^0qVTdz~C*5=C%UBqLqsS3*7zdb9obOyT)8sW#aLMQ13mA8Z?GuG~b3(wWB
zLx&h&jr=nY;Wu`HOGS4g>8p`JsH%Cw!6x&}ZF05RT~EuCDt>E3J;bv97X=RWVlsu_
z4LO?RenQCr=GP=zFXpp&R5ko(6{Qjyw<<nSr#Fr9RkPh<=JxBG?=9zVU>!^=<p8&l
zj<$M666vb0${ujGS*-5>#at|_a}DNzFitcZzDZKc@;CB>fc6EnBLWg0ujKu|H~nDP
zWrRHA!?~}Z**PLJ?%ERAYXK;z2ANvKu;>*R6U=}d%oMz?Ou{uOvqdv6Z0{F;f*TIX
z+0$#VSS_yG1^$N(7ia6_LL?S~bf~l<zxcCfHlfJus{N<|r45Uh=H_aYpb~Bf8mwH4
zU$+SHcmFW5AJ$|4q?+3Xrr@A}ng$WI$|7Fo3d0o>ivmGxp`)2Cx{DjWx3N)WSt({o
z*?v*4WMdaE)}~O6l4#6Dd%1l6ok9;3Yo(m$fX#I*pkrf+KP;^?soQcE4!L5f0G>`q
zv9AY@aDkz0{l73F1u4#-7?pu8a@0gLOyBKSM*Nqd8C5f;Tvj)QS}9(P0Bm&(k|Z0$
zwHoT)J21&Q5HJ=-lMvn#t&g50#<rkMKT`_(!bc0QJUnsuq+u};xPs5X<pPu|+tlmt
zLTnNKNKOBtcjYCR34Y=BHD~X`R_`<KTdI?#QC=CbQQHIHPo^&nuVQG3J=xF({(TgT
ztZH-~8preb69V*;u4bo2MB7iGJn@D*NtbTQVdkoO61+<M55Eu&@_FO0^|15B!}<m^
zt_SaKlkx<DlP*G#NFBB*AY_xeu%w3lJPz76=4qzuy7lmTf~777R;$tCF<2A{4W(%Z
z?PM9fnRf963@4NP{Z7oIy?)w!D4HlJ&VF7w!dvUIojUtIHx+!XI%QU4(hKv9pB+^&
z;E3FV%f_-S;eGE0@e#QsuzWGu!|eyjf>PU|q`9X8VjuucTRNIX$A}XRAFLQaxdRcQ
zUC5nc=jJnFDrwqcKtJbihj@vJ*~?+?!-&n}mglXiFU4mEL~0W>inG+$6l+ng-6j0W
z_1Cz`I)c$d?7EKUzu1!GY!|;ph)xtc5?l<({N6Mdtc6D~{YbZ>kSutCu{HO8nMJZ2
z9Zcoa$!TN??%C=jP^2NSOQ1&v?EwCGwo`m}?KZj2y(B6;I{l8?VV2PD2S6oY-$@>2
zMAtSHqml;|atoPQkBhh)1i%D60Drwl4~VNMjruu#UOF2?p4ht*aMxGKvO85vT?gmp
zLR-$QUROCf%$Xe2{#Ou6kVYfQmOcND)xawcE>HN{J;SpUu6@Nds{BczOdlTAzs$r}
zcup$8wyv7h#Ki&@1md*W<^BGEp2qr0)OjTSBW(?z!BsBV?oCbT5QSa8r$JJu3uc`X
zo8bm&c?oezc_fUI2?P)BsrKrGM}bEqJhA3i_IGD_vw2KzrzZA6!JrFrGHbHJ$I9I0
z`|b(X9QbO@^pf&@%qvNj<cCa`Ah=_Oeu;9kHa~~DB{nt3R6RsOwVpc*K9vxr#)=)^
zS5_JOad9O#db(;s=$nWcsiP$&DW+JOIe(DVDh}F&$`;BGF53x{!`~QbB<OY_vE^c~
zrkvhnl5=r@7{%qvR(o<C-5T;5?-5u<lFrj1e@2ikAi5>~i`%;{3{h~cd<UOaFaE+>
zd|BIe?l-71@3khUoD4?tL9Upo>v+d7<Ig*YfgB$d{td?Vz;uLg1lyP-ZCt0;zS^i^
zMkBk!?}(i1!?Y|bm)A_uN|?Plo3`}XrpKNYVV5ID`xHRD;As0BQAiUk?wz9Dz!COg
zc>Dh5Sn^N<6#1GvCL+56h!L9i?An9_*$>vYm#z=YB~rD212?BKIGOID*g)=}>7D4u
z#WvU^4iHVG8g{{~o`mw@5>2CzZ7F2j$Hfq4+^d-@Yjl~!CyWJ>S*9}3bpQcQpWIah
zlf@xe3;xgmE{-`b7?LJkd~VCw9Q8>b|I)Z62_#fj#|cK1<Q92Sd-*2{_;b~@R8PTh
zAuJuT#?2Hm8!Mn%j^9#*IK5*OLZAf!(;Jk#$9zn8nUUBY#kb^llFkyh#kHYCn**yz
zl73eYt!Xq3h$|*r_MbQM&Gcj4B+E8+1fEqC#mVoMxS8$9lq@s#V9s6o!q>~Qb1@gQ
z6K%_1kYQQlso>kt_%vaDIrY7n8;#}VfoR!P!gKjwr3^RgCT?@sgY9*W;%HLBG^&s6
z79_^j2qe;xsbh~VDOl`50+P|}lkq+&=BqUn?8zy2L)PU2^wDk%7>>(j<^1TTuSH`~
z<w3eAFb>C8w3kGjR=DgPX?ll&3BE>0E?LZxeimIPa7{!QSiLpC=_>d|pFg4q9vXY`
z7N6ehUH?yp`U|*n5H#I@FNj6oyxF@*(UDvg{)1tNW2N&y%sRuG3DXm|ou6!yN?Tq+
zxfze0q<A7lE16Ws-C30=1WF_;QF=O9wiKMk`~q6>A7B(vzGZiInz%pD(HkzxZM9;2
zF=x2T3tUlR0A6i{h!(j+ChG@Re8qnnG%YibYaH=hPSM^Qx7mRH>u`r2M$|FUB)O2$
zT$m{x%xNddm&llTNDgFa=_IF9buYfc=;F-cT;kwRAv@-L4T=g{KkQDJcq?y%k!J@u
zFivviIK5VC;Eu59PB9C8+NiL$f|^AlAFz|{-nI9sn(etRj^8ZtHr}>BP;1|VI?vTU
zxc;3*7jb$v7~>Rctm0wvOo{%EkFk47+^V&a5?Zuz-xqlR%neLL|9ip)2c4R&lSR|u
zUGBR!oJ@{CKOz)B9!Bu>Wd39WP&cq)&z2304Yee+k*bMD9n!ZrghJjVsiI1JO!>mF
zQ@vby3CluL{Se6%pK!639km(1v7lTD7A_;2WN;Rd8jjJHiSh8<Mxm6XC1Z`jnO~JO
zlUKlVkKA-iK1YY*;P<x+9#$f&3=-fg_Hn`!PC>WVRfQ(12v{RWq7w<TwcTWds37oc
z-WnuPVu~DA1Lnf!h(U(gcHR@3Qei+FK;U#{x{T4tj}+b45I$|l&f%(jp?R<+!GCq%
zzK_Gvw5b!?wHF;|N=Hkt_tFfKm#Ffyv{6v&n9+I#VIoJRGP{jhKEP?KL8dk*A=h7Q
zYUQTKLBu5(V!=?%0mGql#L&r%cOXU_t1d{ziGltq4MbGL2-j$$OlSX`Km6X70#97w
zLITw_nOP)>U`zPz-b@eMlE9{jDh14r-|aunsl|>ND`Ju{s5OMSG$bJ&`T4#nH{K2Z
z=*w2}2>T0San9bL9|pu~y)>G6%m+Y>tWvWmai#LAkks59$UFjcG_g?v8Nm|Mw2ZwH
zs3k4-_FA2ySD|Bj#=j?N7~Cn-;;uHovj&rHHuTRNp@h$H%QI0jn+k{B&=T*C<D~KN
z<borfBtEICb2$LOoQ0{|mt4{~(TP7MLDfk%m`U+>q8yf|xYgQJ)F&P#`E-#1IN>cV
z8an)I0HPa2Vi;M^tHnM3M(s$CAxJOlHwQs*co--91BAX=S@ir|(%B>@>@$jK2|B$3
z0jc@IDvImBsAc%kTzPR^M!%(AeAP;Yyvdl$q(ZS<d>!4Vk%bK7+|1{}vJ!5X%<#SP
zdzu^-_+uVKs4HPx=Yb@CdoYsZT?L^2aA~{%@^Aj&EZgty7C0om1t+Wg^#9=4YJyR+
zc*Q<fho2MC=rq$b(f;?{h^6^_oFvs#Pigg6jd0xV1lZmEK<-Pv9<FWCi~vs5I`>Wi
z#u0IVqc?@4yKZIuS#>xKwGPmU)H=DgzI$KYo&R|09Y>}o-f34Sn9N0zvbcDdQwkM*
zk|_0Y*kFraC4>U|<I(2e3r6?Y3OM0(NUO;03#u=;u6y^9|L7g#_03I_KN0FpJ5Bj{
zO<xnh{MEg?y|9*5%d1J+-95%CX;q6o-yo-Ylx;+NKrDlaKK%0ML25$8+&Xn6a8g1R
z(n>oWNR-WRdf^2$rgGd7vgm{5w^_5pskgv_lvFA5xh+{|qPGWkdSMCD(9YAOh&Fsi
zvbJ{@Xyp1GjK5{Uh2l>43{>=Gc^%S+wZ9FA8S^S8WGK!PSX0pup-U?uK+nQP=J)Fj
z*-DIYHg$xvS@@(y17Hz7>5*ANo8S=kYUZ__=JE=Bkh)B}ZhFkpT22q@s|bpm1GBc5
z*|}`44Fw8W;p1tldm`2+f7N&PlFkScOlGYYVZB0%*j#1e;bFpY4Z#Uk?uvCo&|@H(
zIY^})Lhh9`_n%C1;~`IBl$W^b^Ro$9U!-=ViylAW>ZvVc9oTf~8548MokYtra}gJ1
zl(+jiy7<(PYeT8Lzvflbiqsf}WfZn>t3UMCX{{1}TA_Y++*JQxqC=F$XzsWq18fZu
zwt1o*xhfssd%zEcksMeuK^*`^dwO_y;a}P7??)P-m=N&M)nw^cN}aeP4=WtM7`gvj
zxj3}Y!Ub?R-^#`z0T|v_j6&C##3DYmtrXBEmo*CDO|{d(_CcwlX|@`HcIveq|8HhF
zO~xd$xSA{OW~eAI7tTR+tPO4qT0L=I7%VjC*RC?@9&7yO=4eE%=%cT0Mhw=655257
zJ<Q91F5F4d8;htydx6|sv_;M6)FI7CmYc1q#CbqIczFumjHI5D-*tSq&_&!*V3|Um
z0Ik@uC8kJMh*;qkwR{cL<R={2bXcF{dt`I02XGB1OuDq_fA(~!*_n+~mK-U9zb*+f
zHf{OYkEm_kc!+QFgoxyqwPpKPTD!zz9jmL^jK|(J*v*K|zOCBh={Pu}^AG+Li;IWh
zPpK_p_7xdZ)XRbi%?NDn_`169LAB&Nyhw?xw_Qg~xhEw;I%+vADZWIh$!XLuh~wCv
zAew@ZJ!FC<wwY!*xqiD^-01xMu1#-jS9geY%XQa#j^Y&K&4-2R;@W$718VSGt=f%4
zH>kC?ABL;@m3q2!=$lu45P`&yugLiCq(c@<m=0CYQ>hy)gG9?=WFuvZzCEm|P8>GE
zOhLhk=9C0flEOxr>+bJd=v{=4Y-BRbjb^yowrWN_hY1bJ@PrlxHXWGlZU7cXhtLXz
zm%Yj#E1tUcp6r>?7XKUaX4k;uz!pqb{y%pB!}_RUqRu4ddo)Bs+fabu2e5(1A(HW1
z+5H<EtQMdHIKk*gv6tybu@qfD>UX-$3Tt(+@r4Z1XTjq)+#bj0dZ9a(<wJpEM5|Qe
zdZ>;pc_U6<VnVG}XY2BEh0sdM6+_Pb5l(*z#mOAC`k<kNd&yd+=npFS*K30Cowyi3
zf&5Dfga6R<^Wj6AY?|a)D8LmgUxMva$r@f$8vt5w54n5XG<KcUbp6G1)Kb<k5zpg#
zTsMW@V&qis6O|no&G*cV`B#2=7F?oGh2rypI!W?1&PFTx&K(;Zumtf)4DItYSs)MO
zmvw!B(Qp{jAz;+BSAz&VaYyUG5idc@lhUbrF#ZW?DYs(58#C8!2e8BP`$88)tkoPp
zO!pJ5aAePF%*^_t)#bWj%C|^ewszO6y2#C-CZ`L^#_ogK<7aMhuA&wua7EtWT#NwL
zP^Gnw5vKNDf$z17cN-bnK5#9d6q*Gr7;En62i`L}AY&9dPM1QkIxrQaz$)iW$XY4>
zDfC^kyz_)YvU~{appX`7)d$%lYq<$8v#T1L9&T$_aRV8~9<V12-+d|3Lj5=uRw(Ht
zzfrkZzQwlz+t4C`9HHo%w#&YJO=UCBLC(23bX5-3MN0`5N`#LUa7%KB`_1~CO-_uN
zZ;Mr;FvNA!-=_EgT`AIpRmBT%+I$DKE4li0HO!!>uYP>IqHu{qf_J{(3@;Mo8PXfu
z@1!pAv{Dbp!GQ{jw6%KM%{LWN(`>t#*1uydPI<B*AYq#K<JtS@kuM*6(UnGpd8Xmd
z{AV2CdrMoutu<730eV*5NPH~MK|*NN?IVd!Pl%ABqjYZv?P4`7$2g!)3bkg>^R+YO
z60FR(h&7D4*+iX5hj=C*|2p-WC}@VGzyP?Lyf)Ekz5;K-_$dZB8RxzSz|`EtNbm4E
zBtWCd5Yz7jPrlA)W4jSxH@bYZZ|gLU|Foj2Hg**IPmIg(%x_pl;Cp4QWoNvlM=+qv
zR6HIdPvy?Faq@?5p;r~GLLU})KkD-<I6eFnmk)_FN4{D(78HLy_L%u#jYx}c74r9T
zR-(wBb8ip8T=&@=pdhI~&ucXV$<npKQ<A{FGGn{O(~eI+RShvVry*_*`;WTjSFXaz
zp?VkjjHUXjU(a|`os@FcJ^Ec87?^0=wq9`X&RB~lI<m%Yl~U)_TVgjeTu2>U#5N2n
zT&bAG``Kz&7@_O*Ndot}M@A#in8Se1*<`+eg(FL0-dKK76ix-Fe?P`)I8>MUhjwsa
z(s0#1D+gP^qov?MAYm!(QLGT~ZUZ&D5i6}%4EzQqyB3zWvhE&x?a%`z+7hStuG8B`
z%i*}EPmYL){serz(JjG!^gL}gl)fhT|2b+8JxB8lXPisSGL@K`)i>lEo%EU4(s*xa
z{dRIoZ9*Lkd%$kvZsT`GsW4nMfKF^#fTeoF)EIg*@ASjhuh0gcxp#%pBWaX*`B_;d
z;;w$@D;SgnOx2roxm!CK+&J@`7hz}hd%u@xJ#DQRdXPD?_uJH}Lv$U>rUt+Lzaqbi
zD#nB9Dfl%JyjjwqiK<%@1dg0Nh#bZMFeZtPhou+i-;UUz;>Q=wv7F6za9-YXh%*HW
z>jE+foxLxB=5xa8XRAdd$E|ufaU$(u<$)-HAlqmao@iD6bATE)@n-rb(8CsTwrA&5
z#BbyT2l3N3H=X-3s2(MlHP!j3GXBKsQe@Ixbtr^pojU;cG9Z<G;nH~i`%8*xNm9ib
z34;$jorCvk%FMGqPrCZNGZZF$(L#dp!vzae3O@|IQ5xD1X9AGT|5;kdk)kIB_>p-}
zM96$`CCj<LI-Q%X<qj2$`%z_?H|>q6!Alc7jcCh;Yzn(-FzrVfOQTfQzcpeoUu#K`
zJ4)*~cq>mc5{m6p*B<km#^36zRu?)e+Aw$scT&ik>nZ~s$Q2~chiwQ{xRrWjxb&P-
zx<aY&t=m|Hb=VpC8A18-YS17ZPD-2eh~!?xS(kp<G(-0|8$vn+u|rFau(R9n;A1wb
zjC<k9Q|N^ZoOZ%g={IehEJThipIR0H?tU<pf<1tJ7o<fqAdmOYF%$u6sOfmI9xhF+
z_{->`GLusYthkMUnr22$6l;GC`s(nXW&M%qsW!bf9rljTr$obQkgH^0_`30pv&%GB
zOf0e5oyGCsAST8kJ%vwOQC^L1nf~zuTK#gVf#u2Ik-1Goh;SzD%T%2iHBu>#g%hCQ
zJMxs`d1BC-S$RDtAG_`NuZ)Us{CiN2`Sm`YQ;t02(;xTKW93f7*%O)`cT7<?O8Lzi
zNcJQIe8=3p3Kz9wEBI&8UG|tla_wvA77Xy1+TNa*H4p5aa?|cV2QI=qnf;tBQ7C`c
z+8dwe`C&mg7U&(g;!ofHBYee37-E)l!KeA>FaT5C^K>Yvg}c%pa-?j3fZGi7fa5*(
zrTi=ylaHPoHg+h_<1C<WN&{(DVD;n0RSUo^qiKm3hzR0n!{RQ|gB`F27624r&P2<{
z0HQdXqmCun$ztVENk}fH+bc|0#hfdr(YAgFGW>7*^3`zhL}avs#qOmewf@@66rfGG
zA_6CMgTUkGKU)~VGpBv_OP(x_Mi!#aafCZ_jp&yB|M!g%n;Db=lPzN{D~yfkRy2A@
z%tLRA>Fz)92_oh3{V`=ps26_#Mg@0G&SIwXBd)CiL%_MSvZK+ehg-Q*-K@uAsZ`Ue
z9F1N<Hs9Mja4jz4Cnd3z6w_?MZ*r(~R+%JN&*tMJ@FJajqeu32usIEGDrp~C^ds>>
z<!%ixDw@*r`bkITSnJ6;5JnG~VoiYeV#yR-Y6{`Fb@(I}T%|X(T+}Y6ndkz2K7hf3
zg}q)$x0)23H*rRJPdYZadRyS|(zsAWRV1X$P++oTLTj2LXELo@og4Zlx*W3VYh2jV
C!?p+j

literal 10121
zcmV;4CwABXM@dveQdv+`01{ndUIwoZIZn8e5RDx6;iK>tX6J|czCwpV+v_F0xCrIO
zhViyGsHAD9>G^8qdNym2r7RvAlh!@kZksqoPH&6G<i&$k3DN6-=OHxSn-BVqa*>O}
z8w2Za&FkfV#}li2*w^BeZokoxuo?{j3O}eRJW6eF%K?!am}8wmKyWk4QNEGgwlgii
z>Y~Ke)m;!}Sf1=yh;Pbr@tF8&Geuk(6}^&J3vdfJXbq6GU3=S<V!YV@+qRfdvCNk1
z{m+eALOd#!g|*I6s)r=NKAIsFZ@vE<N(JH-vVw!YF>a)>AI&SMNCi5W{Y{Nkaz1WX
z!al4gZ0guntKm!V*TlrD?e;Tb(zb$VC?I|&NJbc!5z$!~4H3JKuI=pH2^EnFsgKIj
zJTd}wbfnQW7sS}A(ti}+IsM!dk^kMy>bvo39kInzXygbyE^RjY@~&S;^_yKSi({9R
zV(*u_SWyebAv@4jM}m?bk%hIww7BgCYia%<KFq{gYh*!~4(SxkCFxazm|1oJoMK&P
z0WtPJ|5a5cWBLW!^bxL<o76OwZ+ypIL5{@~8pd<$yzorwSDzN<Z@0PBOS&cYX~jk4
z2f9Ns&HKlSxL^F=MQuAbJGx9E0%M`pD}JHc4dETUL%*Nk4FcM38wM2choKoOvDy_u
z2UhH#iD2Orqn%yw*iCCeytK-o!~TwWXHbN_wl?LVkkJN@{!r#|P4AdR=e?r9`sj{>
z<r$lE2eQV4;C~`6C>nO|8&Yyxz}ixqay`Ni09$0k(y2z)f}EsEMNnnI>m^^t*DFZk
zrOX3TGJ48z`k)#fq`%6QkMs_7ssHaW%KXfi%_q3SK}~i2xtWIQc@)=yd^_9%v(Tfu
zSHMY`>BGa<`DQL8yJO|M78Fvk$9&hv1P1n{-%@W4+&Dg)%h=nh*8xIw04KEdt>=Vh
z%BS3hJ*yxnM;+|qvT}(BD>{Yqvk<JL|KZ<mo<KK=yhr)S22JBPCoNSMB6dIkng^qx
zFNHenU!@#!`<SNMZTTSHI6R$*<l74Srv(!QaUFxS4L)a$LC+gxFC=Mqj5I}a#1EP~
z&Q6>YJ3Gevc%ekdb?wOY(5bJWM=uW8UM{|@av74;w_+@a1Y``K%JG~Xw)N99R?j?>
zUoRJ*)Agc&@k2)`qAcO2E6u@`sUQDZ%O^##>CriXo4`4Xj*V$RX3QlZ?9ncbtzeC!
z`nk5(xgvcQuRqt)|2Q?zimWz-h0tAavRR?s`-b84(Iin+4{qpAI$d$Jk}5dxD(D}J
z_yJ70*>JnU)oIK};yrXkc-aJ!kjtuLXGlDZas`)0J-qsKJfZF-0`&7^9f)hc3+kjh
zn}sw;Y?pxr9?ViyP*K;raPa99pOO%bTMCW5hD=RS){0^wfO5%T3*+@(Jx!&fFn-n0
zP`bTL(F7Ewse`=)D~O%vOM9Lk9~hq?-ER7=)sVPGq6hRKrIe`bb=4Z75dLk)p++pW
zzV0#ueBE!?Gjm7?pwa+9>LuxD);%-ub*@@1IZ=j<W@>G~-81OEyXm;}kh0*(kRuSQ
zd(LI)w29iN*^2xdjp_Za&CpuUm$ITy7rPmI_v@5(M+u4?O%kHtCvqMmgFwC4+XG~$
z{MmObydXFbZ=Z$A?0UWWLwG%0i({vYx(din^|c9+-O?`s83rICmPjkUwu$PD)J9C~
zGLD>M{z;R3)R=aewTG_n3OV~zI3?1ui%dBQoG1+|Vg8i^Zah@C5s=Ae%cs_IP;(^8
z`)HXXVJ-!C*VUHRm#Xl+Dp1qr5MX&16-|^kRNoBNe<)BbTjhlbqaQ|BtjF}wx;ZQ1
zs(~(aX&q}2<V_yX+k$2S7NN*?V6~?{7#{?^0%XzBdzuvpdq)eOi6;guq$J9b6&Xw1
zC5wEaGI}8<VYn(2I9Krp>~f5yY#AKxxc8ja?S^mz#O&K%(VUf!k%U<%NUk02gpR~m
zO3~FxZ*0-=;$K1Bg`{CrN&`g$Ilg!rJJs*HRc${-k9krct~{e>aL&@sibY*+;hE03
zHTu^<9PWs5ZW5*rj86eEs?}skR0K%`FHJeb!dn%~?^k+wHHi$@zUjchO+KfabXcOx
z2cbJ=<ZI!|<fi=$he+w~Qi4y_*OUmsI*ak{s~5m0KF4u@oLgE-&e<!x7F;QF=w|29
zb9oUN8O7FLzC3S$-;RN)IXHIhcM6^=IXy?NgJl&xzH1jdInT_OA5<bHZbY4iIO~5P
zxbMmIYKz+hEYGmQm0aSRbAwDg9n*0p!gY%`O8bSuDcYg47KQPkuEH*GC{06p9+=eC
zV{zpcJkgVumx-dz1TJ@s{dC66PeXWXH+eDYH>4m8VmF2exFQVL5_7$Q>dW5-NR3)<
ztmQ<X0u+x}%~lC2pi2AX2*j(h?QVfG`W`aC@kj(f#VhT@^P!lGCts+#g;vMXGknGR
zF*;44-%m%G)2=fG5x%f)kuq>E`O5~<<C>MR!!1A`CJT~ugA!&VU3HBs_;<zuTQ74V
zj6Bk&dLr3DfY0iHmKT3`3aEbD{d4=fE!9oxB%CVx(Q&A#OYq^ILcwRZK2oB`a>(y`
zKX3?lfsySI31=metdWDyrXVP+Ev^+1N#|OGEl-&<j5#QiaO*RiWhrp1Dq<f5YQUrW
zxD?C4zE!L+x4DpdK1;BUuNf>zDZJZtJ*y<8EPj^UERwC=?h+Eh6My!mxDKafbyfUD
z5fymV)}M(ho0A6pLhT#ma+K=jVj;kKJDB!Sj+f*0FNCC}IaC8i$$YV<{~ycm%B^0s
z?3&1I2=*bLsR;O@HK@9EyfNMdE_MXZD+MkTjR77YHTnJ2CEy+BXHmWuQhP>V0_6Ct
zm0jc~Iz|sGAI77-9u*K@+m20$OXI~bq$R3&dOvpP9T^xF$=zg-Jl=(Zy`14JgFw(e
z`i@X!P(KO59j14-La<A?Vj>q|EpC)$#R`ovk;G~dzb_9~4PJS72$!%;8#}nIPJ}Nh
z^G`2Wq%~1RC||15a-BR@xA|$f``Tk};b|;*`1V7|24GxnJa(1zvyXo+%h%)VK$mZF
zq-gW_>aJ%kGLv7GbB(v;0#(|H%SeeDKHbz>Fu--?avYN?ppHjZQ$K6iZ<`}RzFfV4
zDiw|;%Cv@OEoO+%+n0K13@Y$%IxG03?+pbl5MTD6`}3R;ZreJMp{~oaTq=u7Qv(RR
zbd(|ax2RV#>Iid32`k&xdBcV+>3~t=m|uUonXO}RZNC6Z{e6}HaATx#uIhv;R{Klu
zl<Q?WEjba@!#KMr`K|+0Mq3{E-E%F7Fafj{Lb$bjG6Bvn^^N|9Jq#Ieo^M=st)PT+
zC<MlV<_t{@cw?Sdcg04W<Q8EOhq&bQhceOj@K1MT(T&L0JbN2J0$Tck7SQk9lV4cD
zxF6EQb$~Q<KkW(S`TN^#I7+)2)Gi+<?;53sX1UtrCO-4;B$w0@;QhsjCVmfa;Gm~h
zdL+Y>SM1M&7M9gxL<w#Qa^8$fKe7_^v4;7sQDG&Aw}I6HVK+xtz?))JQV#WsuwAjH
z`Aat7YTGoWt;mk~AbAc;GSf>OwnZm%&j?d$v4bkEA35gvSmLMavb0v8Hj+jv^qqwJ
zn`2Nnj0t+kRNE8Ioi-OMv--H%eZ6zmX_DCMdBef*AzQi24Ui2%f=0f+zAXiIoF7J|
zd0YhcsWEH;3HPmWI4o-+Ee5(_ed+hiew5MvFl3Yx2(|xQb~03TEH4D~=Y9}I6;Znx
zl$fgh@gNFY&VZf+_8C&>qhV|i*oM4e$a<6<ifS=Zl@4%{SwE}f_<;%LkB=T%%WQp<
z$GhI7wgk?bapj0qy-}?(h_r>0)smqMp;kDlfw#-C`o&CJQL6{ttvGraCSF7@U~otd
zR{=*XL8OC}viXIZ@EVn@n<@LP^N76LRZ_Qm(gHk)r@svSEN;)>k1(6y5|2Q4z6@^a
z(42bsNr={+l2=EhfFm1&t3}GC1<`7~5p}K8;t5;vp5NIx9<<VoH<^4nM(_2^6W{c?
z$F$1PobA{(5WH^no4Y)7ZZ)thXtSAl2+X%yhrlnPGsD#wb!`Gzne898!fQ-pw#}$}
z!i2UC(dVx2JfV8$OZ|U3e-qmV4<?Al^9PMYjn<=Ul-d3*^HHyKoyLPZvK5apCXK0a
z$Yx&>E-?^=L$~zegURT2jiA*xN`H)>)6?f07fi|=6H12oljS6gT&&7mGcYWKlx+u_
zn4)j2g{XK_Vnk}s{rXeSnKBC<QASy3!Y)}lZVPWwob6fUU5GzE40;{AGQb6|`1y2{
zPJSPv_to7Xl=P?90u1%%pyqAmJ0TfEY?X{JV`qsneMu5}e1nlUVgb3^x)9usTz1VE
z;4(pBxg8ggI5nHu)Uh~olL~?wFr-He9K4J4vr}Yy9DKuW5xoJWL?h~4A%rApwNu$f
zZ_+N8_@F+LqW27bUs#?8YEtdBVX8;0?A)@vDudnPvn|5B&gzcp>q>cRG`L*9+2On<
zY05V^zl5a;Vp)C7^^%J9A$GP=6YVc$p<=-iHg>>1h80F=&BFaw5abCs!7}9LcusQ0
zU$>tog(cxEmf1&DXv)9xJE=`xYvh9gbO;b$Vew^Ar6vWwcppIjo=R*9XrguoS(Bj0
z5QQ3oBdbPHoaH`AcwBAMp^3HqCx`+u%fw8vbo-c;{HD$Iw!-qh9x0ca=Tm`!B&!Hp
zViJL#5faDev|GH}hm=_OBZSPQizjODs|*}s3j_PUYax~((uC))0Wq6?iFs<i(X7#z
zt$vDEmLdXnyC+Jf@kq}YH-wG6*2mez9t1*ynQ`eqaS0E=)_sXg2ljo!T4?)AoSS6?
zG$dChj68RnuBNev8_jUcBF;dT*H^T$+y`!d+8x5I0=)%!>Jiv38fey0h9QT!SJWZo
z!UZaC=~Ne<`sGlHArzwROc`ZIoVIOn6eJTZZ%>gbsa$7PuefO4GvEOWz-C`dyR*4)
zUw{iWNhUft;^PDbru66O*Ci&)Yr{pjel~lP9V?gMU#RlNxy<JmqSB9&0;HPSb~JMM
z(^NRO?B1YXT=52X@7S0?Pp87ncBm0wf<RNo6*D^#nuvso=f~iA0rh2-USxco{o4g5
zE|AM$?Ytg2?y-KJd+C~;Ue#=hhxM!md)b7)(8U)GWUxL*bVqJZ8L*2r+a(CigNueV
zbEC*Ti#G-c^S6ShKB@?;II%r7NDb%F1SxtWhWU7wVtLG+eQa!o`6a6Cfu>N{A{{e5
zQG@*Rwxo!5qKaiPLk2?Z|M}ARJAr-E0YrV;*g8Axp7{{4??(3vWKva_1mEMM;cewM
z-K!M;6CHpPN;MXLjp7&UrZn*r@PYI<f5)B0Z*h8t9EjA|GVuk4Y_ar2#ZEMn^i$q~
z769utc>-)~a9<uzG2u)<rBH-UQ7H7`z0w&{(@nsP+^0v^*ITuBg+O6jpMN#pW_E!I
z%@xE+Gs*&akS!B!Q9@GA0O3n9zs`1~<p6{SNFFasnQN!QP1x$|;1N{U0Ff&W;p(kN
zqnjxU#kycn>Jw$5+>y<RDXz9Q#^uU@dS$O1U81Gc!7o=8R#s<TYOSyF0=E?!@wrm>
zQ6!&9ZxBHx-H!)d-o+&oE==rSiV`Wjm&mKhrIJzn0U<;&$JG5S_{KHn5FcHQ0#Z}1
zqFQ1WtO|+-Q_JmH8dL&h22RKU{OF=2tQ=8I=7p-$p5{4axsa-n*S^~gE8@v>o28<A
zEKCyIhRJG#E-1~cEa=R$aJUm8h%q!K?E+OeCOXXC$H;5<3103B)(AMaw3X3}7hTe~
zzMlhGx|kO_;rDA23%tTCyDl+&qT}qEDv>U7Tr`<h9hbnxO3xg%N*jk^TC;{u(ilzN
z)yl78Qr9YLuQaS#B?wjwYMT*Yr*wp?j5YTPNK<4(>5-)ej7#WC)*^k<>0<><sm`@y
zP+Re@DK`~_|Kgm;x5wE00o6<z$*4@;Wk;`Z8zl$D6;T^-nHr0N=8aP*i(6y{>i%TM
z<^6XFv>=%*EG!ccS=i*xpQ_`rx?3RUlf8I(XM?7vA?h3#dd0!{HUDAGVSq=C^ji!i
z2i%EW^21Vxx+984x7d#x6y*B+ed|F6pC(FA#<$_w-y`+jWKJu(|FD`kG@9RR=!{6D
z#qk`Pwb-Bnm_E1Tt(&g8EXC^oC|l?Vi4-TtSMl9+;k%WS3d0_%%h0a7P^4oDgJoQ>
zEC`ADd!lSB`enJSjIvlBElUJi^>(MKIEFEOkQqR&OnI()a!4OD5L9Ic5>0B>yYlC!
z)S;HuMy1ARSG+MW;J%JLs)cca<3@>|M`tx;6eSmh(ONjjKvUa);q+L^+k=h&<x296
zm4(s;SnbdEOKy9)wMzVVM*Tj79H5#V8!n=rf=9qSDM*sNfKyB`pN$={wgfggRGn1h
zMgxeT=1?BbqFqn1xM;}J;Mi^RkMoB4!N+Gqo&gH>jzt|`V-yn~T&sDak}n)<twRwa
zz=0B6cc0geDI8stx@yj>H&shQNq#;eW-6P+A<%Y=TM7amCBWKqx{`=5;FU%;sG<~R
zVSTKH^nVp#VeN0wv7+uCXqLh}B<`*u6W5Am0q|{;rkx$HaS%cOw7i4<H=a5S-KwhE
zoLyqzx8X{hpz=9^w~9eulPZGgQg~>a{Dch@7ti|)t&A*M3iL=8aJkwE3Wq*IlD)G#
z^N-nU7e@}#2vK839_5j2Rr}wu7qGhs5R#N77#dk<Y>l%hi<i-f77`%H??CI(wsP*b
zz`I1k=O+kWn(h4;OFoXqfx}!jLAj^x1~#TowS4&<`Q>7I6Ekkr+{ZR<YzY&#wmuVE
zT?Z$hB#+?PrE~AX@BYEK&y-McO+su=FbFV3@<dey-Z#-O7f4C!ik4?ihX@TDzwD<Y
zis?k87cP*<7Iq(`|3Zw~9{;Qe3=L4*FQ9j1hh~qr#SXu0udxgRyBmEbG71@ykGT3~
z8$2{JNZ*ZE=w2W~Aqz&8JvY2N(0jEvZ8(@lh#qGc{(%eG$Q|pydWg*8^9th<4Z@~$
zr?OCI^=FuI2(na7mIhCYD06E2R}$$lXMq}^S-<1tn&NTf>i6$+vB<v58FcmCHJATx
z%{tN)p677YOS&jbaSO`4u5(aS$$wVZ#<|u(<!5|=k!DO}DsrhgTIocmuvl{y>&dV>
zoF%0l(|J5JG8;X-Yy<Q=X;yL$1A$mi3%|~W4Kq`I!8``eL=S^`rr+nAX`bCYtY0I1
z89g;UA&V@~aFPC7Xkeq4Q{liSt+%t1dNYzolg(Qz9d;~d*B2U%`BXzEg|+p%L03<@
zmO{ZHAKjeKbRJf4Z}_wZ4!DE<dKK^>FnEFZo-+72f{2DQ$u~;l%%c$>i;%YWA!~xN
z+!;JRo;y5p0X%<jm&LRLc8H*%brJUkKSZHrsDOMk_^PY+BtE(86N38x#+*JEPVYaY
z3leJL7HLJM%dcVj;%=&WyWE5x>$U979rVL^_NUhR0TNG3`CncO5U9q|S@SX|{^0+z
zd(?<M;S?!oy^`h3J(NP9`!2AYQJ~%zfY3l4yr9(UWK<O|9lu)JE~>m+AUfpTZYsKD
z`GhaW@L@UeB2*$*5bJaQZ*s$|7t<)QJYK|MC{(b1;YC6iA*2ff-)-oB*CCbxb}(1T
znd#G>(QSBe$uof56!&EkZHoLa58FsT`iebcz5r8Z(N2|Ta#>i;)>P;TxOBKS)qsy)
z^RBle7bt;x-cohkyUWSq-@-PN=I#WKFi&85{=s1&H`1B=jCt5t^V1%AG)I;_sFXVZ
zp2C}h{{Dr8HhA{ixOmM<p5dQDOlC6R@qYUX>@J3T9&}-8pH0SQ3EP-{RFn#cCR-{X
z?}rl8z>`ixv=HqiCU3tLBWD?4v_u|JH*08|fMSKUhTC&n(EuG`yTl(<Ha<iPuC(J4
zxUFilMVit-?1%sQ-_$x-2Z+aD_cR_lwqdg;Bl5TVDQM`{aK{6rrdDWNSn9G`&?Wdk
zXOM8+u}3fX(O~cWv05#gK%Rw5E`~jJx42qtl%q$=dEDTvYkiJ7YhPeVe(ytZa-CQN
z9<`|0H<8J_SRBndpio8+6kr0g;zeq~qJG0uTA}^#go#pn#fZ%vkQ`+Wom_@?6mKMZ
zl#m;E6!4R-t3==r6TDCn9Sr?>5Z9j9TkAi_N9YmFhMaV~Yh;1x6d-->m2`4Ru_BI!
zaIvUC5`rj^x36FNylt@uT8<6_q+6$j3lb_#K(MF!i>}u>Xbwq&!i~bXTekZwWYz5z
z>&+CmaRP1MkC_%7bcOnMDAD3Lr4QLB1vAsQZp4B-l-nPM?3jGsHusRdj52Y9w|3ex
zzr%3)Y&j9z^u3sH>A3?4XzR3e<NdL3$;06rx|xTPANS!0A=lrXN$#@U>AW_*DZ5c%
z<@TWoE6w0&37%Q@Jmsh6nBRd~k=kz1YLfp1(39B*P{-xvcIYAQaP!QkLSpMZhh{-A
zAB%J`s~t){$<NRuk+rMOcED*H^P5c;SON(lGLci%EZt(ulPR^T(!!N+D~m66eA$HX
z(k*vf&+wLVvI!ZM|B%e24bvGeWFg5OGI7#8x}wZ?W)nzrp3Q6%CXsKC?+YWuixLIR
zJ2aRCz66i<Zx|jH1&T(1aWjHtAbfj5r<l*sewiQtQpVr{eRoIS;%r4oG=GU}D9c=<
z-um>D?MAaNvhOkW3Drc271M0MT8fcE4AOMxeeo#GP6vnT@Y&p<v?-ZfXJ_m;PKa(}
zTxxnT((VSvyUCT1r+P=h*S!UvUx6kJ`%=18Z;F9Mf^BkO4+3s@tU0^s+xMtzMpGIQ
z$b*d{rbrFhPB!~_YKY5f;*T`SECnt~Ev%KWIW!STHZC)Vn%sWPxRiCHsy6pi4Bx3a
z%0rnJ>o<$Dxfa*0oCtq?Q+?)CsbAQb<*d!{@w#;H5>oLVLumn_y3>S4Bb6BG>t8ye
zL$zCU5y8*9!9Maka)^@HQD+TC-gNrI25Jk2MsADU$*JGf$a50EwVv*m6EUpC*W(PA
z8O!@W-^&Gte)2d@HfrMb_7XQPHeSa64?8D#GYUi)&H0E^OAXsppp>xZe>!txc~L~u
zc{sw9A2K~!^k1Rz%b9p|xBp^@T?Vavp3qj&bh1bX6S9q#`M#b#=b?>){>tvXJ4tL~
zoX%Y>w*`yS5-<M!I3;t5@$R$*Avlib-yRbsdlp9QdAHG{$Ui%8Xx}0)akTxx>$g+~
z)4@JTIDpJx%y6riN4wS0t+<}CneUm?<S{E_RO!A~Luhf;MRU^-ck+)lxyY0Rz?9Xw
z0~QKCv~o(|?>4XXXViftP?!c!e91AB7%m-YPW!knxTUMNMbOE(%Ua@>Jk}p*piA8P
z&;X*KJgJz1we2YafVVOD`nRh)mvT@tB_V2sk=2Au+>@`tZat7;lzw{q-&x9C)i=bj
z#xPumJAu2PJeC>7&)J0y`6f~r=56{E=mZJqe@-C&kY9^gfiA9NcyT>=P46*3dh)-l
zB`!=oIow9ZevB3Bg-1@Q4<8fE9bDN`K!2pmh7q1!(n{Su5dLJrUPIUtyMmJji=}+X
zk62>PjZ#(#Hut;;iUorpIc|>@_ATw#oenj&?zNHoLQgx4*dNW0tSPx0n_AGqNfeK3
zsIsRFDNdNyy0Ci=J(I{nyj&<TjOy{S@lLBGGsEu{y!){?-ZhK0+6?>IJ)-orJqqcp
zD$H%8oX_}jslL7fUW0)9)PCyTV6S7b_0KM47JyTk9K962L#j5;2Rdp@k_SUDh&eSK
zw+HVlDk+xUg}mB(BSi?Ar^my4%rmBF0Nu~0brfDfc^TN6t6mT{Tqm?p@9=kvHU`l(
zo;#QSN^?EUlt`DKdWM%3QzOLm`e-r<IH;W56Q<e=2*!LD`W}4z8)DS%V+z|Jp=(K?
zjkBdaGk+_Gg?N5aXH?4Z-{dMf9Mx>vnp?Q{zjgRO%elgM$a>`glxru;@?ciz1639f
z0-$WLgGZ&O|2H0aUNFbfR^pW)!8&g}=Dcac(dB2GUC1=Hu2_rFWc*iSs=Q8b3@|D<
z-DwTcZ$;EUG-Q)<ium%JOvk1;=ZRZ91%|_5=Zkyw#@2P49w;GyLdD6X%)Hfk-)4J3
zOT>bzQUh_l4!v<TLevy*Ec%qtGQU;%pbZp(_W}S+jh(jNYm%!54~Y>Gaj^#bk3vqQ
zPc)!^a(E`6CL@?$1VEX`vAs;Iik<(kkh0<EkA#5~K8F2<o!YPhROJ0id0Nv|4yn>>
zy-URYp?42Z8+Tdqy_-2+pASF!ZfQrWxYO51U8f?ARBZn3wS^ZZH!+Tq;&#k=+}!T&
z);%72;xJKmG$)&rHd2HPB3WW1$`}g664Fx{Q4IySKy(CIZnIV+ps)*2uD7MI<@9~$
z{2Jn+H`c6@sx~Li`yRDgbj9ciNH&$d`8TG!HP0}CA4)=0p+DniieBA^zr)~n5bW;!
zTM_$eKzvB{UAvIx#nMs3XRHl;{AyP?U?u;~A=cS1S?$P_m!`i2;v~>^LG)MJF>Up0
z5QE;fIC16Y<WCR`LdoRQEwWRlMMj8AzV=?<Kq6jB)D;wt3hLR@u2kAPBxN$SD{-W8
z2~4v(OyZ+L)<JU(<T{x9OJs}Vz#zQR5LffnaL|c<pL2DF^~o>a4IKd~nv=#xy-U-9
zGTkM_HAe4{f#O%IW$MW1c`ebt=WVGk=?B(l&kl$+D4Mpaho)k(12}I3X8swwU7%+K
zlc-dASgsv*?}R~8Xo}opH!DOhh`8qVU-6y)LF-4dLf59~$Kpir0=VuJ;GX2$TUs<n
zE5!#FW8A#_9WLn|8+Pfp#Lp9aDO$133fZtL(ih*otnQMEV%q#?E7NBfpcN>`uoPAd
zk_<$g<7Y)B_1N3DJe_;A1a%HJVqZ@l!%)rhAi#?qLMG<G6782@P88}=8*t4>D2aM-
zN`5x`?H-8^jcO(ZhT7$tZ{%1&=XOzeUp=y{nJ11Avz!~}6dA}WHPmWAKZ*gF^>o`I
z$QdVhr`B(cU32(kVE0s3Lq>XWP5^$EWZw0!1UQ64kLU)F-`ECl$5;cR^KDPeXEnki
z4V}o;8vel?#LM;>59cEoq<0ZpwtR}YRs*BIe*JgYARFl@6o#7z*Y+#=X$)`|xx&*c
z#+oG|T{cKiqQFtcu&U~CV_AO5I_T?EL5G_aJo!)M*nF|nk4Sk+yO0&N5(mu54&HX#
z&6+*6A6lTPiGVP6!QSpa(}?FW?i644^<DAKvs*?jO$Alfj^t!Uw}Zn6U9j4Sfv^MS
z%8Qu(N<e`5VTRo+JByEr^jq}H;gBU<#6jsrBBI0IwO_VLl120OndS)MZkuL_p(QQ4
z#n}wSt2lJen`@sc=FmdaN}3FcP&K{#rQo+442L+Ei9FbuG)QuIq#b*wn7vt{%`^VU
zY?!=(MQxN@#aMTlw0GA`&iqjHft@rMUxlyCxySU(Re-2Hu;*9r%n{>374L#9oZS(S
zhWXrF{fM`z5$5~Z884A&*Qd=?U>MbLgf188`UU?9o{DImZkNI8O|0O^x$Pm`2<F`i
z8G?P2DrOy@`1YV`wnnQ@?l-BR3DgsN|4Sl=;hu1-1khdXO7&C%VLbNgDb1B*k*bmA
zyt4v04au-F$*zF;uxp>)s1JB}-&J#o#v3$eqJ@!S!4_u2ruJyLT|r<zK3laEcMR<1
zcUqQBlVIyrJpxbuJw#-x6Lg~t%3|%<p!{X5fL2~c3e#3~YmHORhKRdiGA|VXF8><z
z(zeaTU>(jjq?=PXvoQlm)bx;34*^hg__4U$!5tE8&QN@Uh|bXG>f6sP;U^bZRyrPg
zLmIh$L>^ZeZ@|XEU@mJnTytORSgPpjPINx_^F12~gGOpW;y8w4Ln5BQR-!0$@seH{
z%cSEe6U;xnnC7T_6J5w<REhvV;O}3`D^*U6tCOMDA}b3`qa(^K>#2o2jK{{x?zV=T
ztZyW<9hTdvz%5kq7yp>t-3siKsVYw&{$)TcVvytGvw{4VKoR~;4gR_!8KW4NRtLt|
zZiV4n@|Cv6p8>ob^G}d`1h0V+x`%9Q*Y@h1U2||mffufIWUp=6)G#L4t~suX{1{}w
z2%NfJbGN|HKTu-3>hTIwy{4BDPuY^AkMMk6R6n{GVysmTYTpXAz%;M;HlrY#EY~WI
z)Lis}#-EPnYp7+-ZUS@khQBj+uVX}EGYB26Y<|{uy`F|I+X`!!!yLz(ff5ZM6Zfkr
zq_0~2;Ke%0IPYu{ef9+nG&`}hU(MP-=w7KN<Lp*BgjF{yk3`2u?V)MUP<dnd?Vt(_
zV#3278GvRr7^E}cv<koKso1^MG9!bPvMZ&neptaUTtkW;ZH}h{TBWQw!paZ4jI*`V
zRj_jKG%$e*-Pg-}YF;bl#93@=%k|IVav&_>FOlQO1}PnQSX$DXlwSm~ZV0SC9HrHJ
zs_<V~bXDEsf!Tjl{Pc)!`%!bQL)foMvX4J2Yn~K7oy_OCb7p`nFFU5?j=2XE=E(9X
z@cn`8COO{a>=ykWkX0!p86HAC=@+inVT~ngh6d(8gp$8>`NA7@hedD@H>R0D$b)pI
zHV5=2rL<$QLN8(%McGjYal|qFUn40p|B5XrM-wc?=E{FO`|QNq&RppdU{?D-R(Mv7
z!P2nLrnP2X#&JtV{g;VyRDt?`Nb<pHV@3_f@RtPG3hNieAVL#oE@55KKL&jVO8m)X
z_a*<{oQ3tL!!VPK3E<pQP3gnH%SiXD<CWgqMx!xj1gM3Wzo*Ij9(o_T6%A$GlvJx5
z!=!JeT~Zn&H`w3EB3$M2Ld76Sa(1mfV~>RnRF^F4_ek0u@)_^^@8?@8qK@gZK*Vb4
zp1Sg=ls`nc*NU<Fx)X#Vn$!4!DHO3(?T4mQ#<G9IFLXfW#)ziy86%B*CqTC)oC}lF
zONB+hjGn@m*Bsiq^>~FL7#w5~iZ?H52Fw-5dP}lq#J1O|*w`CzeVV5aq=45YwcWlt
z(CzlF-Fjp|m2huBjqQ@vBrr;|6xEe1(nSig7P?iPS2M?32F)#}CvObxAG0B(A!O9l
zMKBQXtLQ*W(#Sezcj1~c+<u4z3*9*4@B+QqO<WP&q|mLK)qgy74eh%!5q$q00D{x|
z9+z1{^B}JXqJZuw^CPw@;pp2opq~T<;-%=?-cw&Cw(xZXq}vGS^k;P2ol9kF#8Dao
zz4*n{);+~^48S6NqbyfozmH(ModvsX@dEVAcdXZtuj~L?5fC2GyQYh;LRdS>`p`6A
r7OJJ!#gEcE0|Y;oydquV#8V}^T)8nwnWN)a>j=0^StO@P1(8ZuiQu^~

diff --git a/stacks/phpipam/main.tf b/stacks/phpipam/main.tf
new file mode 100644
index 00000000..dab4cf22
--- /dev/null
+++ b/stacks/phpipam/main.tf
@@ -0,0 +1,260 @@
+variable "tls_secret_name" {
+  type      = string
+  sensitive = true
+}
+variable "mysql_host" { type = string }
+
+resource "kubernetes_namespace" "phpipam" {
+  metadata {
+    name = "phpipam"
+    labels = {
+      tier = local.tiers.aux
+    }
+  }
+}
+
+resource "kubernetes_manifest" "external_secret" {
+  manifest = {
+    apiVersion = "external-secrets.io/v1beta1"
+    kind       = "ExternalSecret"
+    metadata = {
+      name      = "phpipam-secrets"
+      namespace = "phpipam"
+    }
+    spec = {
+      refreshInterval = "15m"
+      secretStoreRef = {
+        name = "vault-database"
+        kind = "ClusterSecretStore"
+      }
+      target = {
+        name = "phpipam-secrets"
+      }
+      data = [{
+        secretKey = "db_password"
+        remoteRef = {
+          key      = "static-creds/mysql-phpipam"
+          property = "password"
+        }
+      }]
+    }
+  }
+  depends_on = [kubernetes_namespace.phpipam]
+}
+
+module "tls_secret" {
+  source          = "../../modules/kubernetes/setup_tls_secret"
+  namespace       = kubernetes_namespace.phpipam.metadata[0].name
+  tls_secret_name = var.tls_secret_name
+}
+
+resource "kubernetes_deployment" "phpipam_web" {
+  metadata {
+    name      = "phpipam-web"
+    namespace = kubernetes_namespace.phpipam.metadata[0].name
+    labels = {
+      app  = "phpipam"
+      tier = local.tiers.aux
+    }
+    annotations = {
+      "reloader.stakater.com/auto" = "true"
+    }
+  }
+  spec {
+    replicas = 1
+    strategy {
+      type = "Recreate"
+    }
+    selector {
+      match_labels = {
+        app = "phpipam"
+      }
+    }
+    template {
+      metadata {
+        labels = {
+          app = "phpipam"
+        }
+        annotations = {
+          "diun.enable"                    = "true"
+          "dependency.kyverno.io/wait-for" = "mysql.dbaas:3306"
+        }
+      }
+      spec {
+        container {
+          image = "phpipam/phpipam-www:v1.7.0"
+          name  = "phpipam-web"
+          port {
+            container_port = 80
+          }
+          env {
+            name  = "TZ"
+            value = "Europe/Sofia"
+          }
+          env {
+            name  = "IPAM_DATABASE_HOST"
+            value = var.mysql_host
+          }
+          env {
+            name  = "IPAM_DATABASE_USER"
+            value = "phpipam"
+          }
+          env {
+            name = "IPAM_DATABASE_PASS"
+            value_from {
+              secret_key_ref {
+                name = "phpipam-secrets"
+                key  = "db_password"
+              }
+            }
+          }
+          env {
+            name  = "IPAM_DATABASE_NAME"
+            value = "phpipam"
+          }
+          env {
+            name  = "IPAM_TRUST_X_FORWARDED"
+            value = "true"
+          }
+          resources {
+            requests = {
+              cpu    = "10m"
+              memory = "64Mi"
+            }
+            limits = {
+              memory = "256Mi"
+            }
+          }
+        }
+      }
+    }
+  }
+  lifecycle {
+    ignore_changes = [spec[0].template[0].spec[0].dns_config]
+  }
+}
+
+resource "kubernetes_deployment" "phpipam_cron" {
+  metadata {
+    name      = "phpipam-cron"
+    namespace = kubernetes_namespace.phpipam.metadata[0].name
+    labels = {
+      app       = "phpipam-cron"
+      component = "scanner"
+      tier      = local.tiers.aux
+    }
+    annotations = {
+      "reloader.stakater.com/auto" = "true"
+    }
+  }
+  spec {
+    replicas = 1
+    strategy {
+      type = "Recreate"
+    }
+    selector {
+      match_labels = {
+        app = "phpipam-cron"
+      }
+    }
+    template {
+      metadata {
+        labels = {
+          app       = "phpipam-cron"
+          component = "scanner"
+        }
+        annotations = {
+          "dependency.kyverno.io/wait-for" = "mysql.dbaas:3306"
+        }
+      }
+      spec {
+        container {
+          image = "phpipam/phpipam-cron:v1.7.0"
+          name  = "phpipam-cron"
+          env {
+            name  = "TZ"
+            value = "Europe/Sofia"
+          }
+          env {
+            name  = "IPAM_DATABASE_HOST"
+            value = var.mysql_host
+          }
+          env {
+            name  = "IPAM_DATABASE_USER"
+            value = "phpipam"
+          }
+          env {
+            name = "IPAM_DATABASE_PASS"
+            value_from {
+              secret_key_ref {
+                name = "phpipam-secrets"
+                key  = "db_password"
+              }
+            }
+          }
+          env {
+            name  = "IPAM_DATABASE_NAME"
+            value = "phpipam"
+          }
+          env {
+            name  = "SCAN_INTERVAL"
+            value = "15m"
+          }
+          resources {
+            requests = {
+              cpu    = "10m"
+              memory = "64Mi"
+            }
+            limits = {
+              memory = "512Mi"
+            }
+          }
+          security_context {
+            capabilities {
+              add = ["NET_RAW"]
+            }
+          }
+        }
+      }
+    }
+  }
+  lifecycle {
+    ignore_changes = [spec[0].template[0].spec[0].dns_config]
+  }
+}
+
+resource "kubernetes_service" "phpipam" {
+  metadata {
+    name      = "phpipam"
+    namespace = kubernetes_namespace.phpipam.metadata[0].name
+    labels = {
+      app = "phpipam"
+    }
+  }
+  spec {
+    selector = {
+      app = "phpipam"
+    }
+    port {
+      name        = "http"
+      port        = 80
+      target_port = 80
+    }
+  }
+}
+
+module "ingress" {
+  source          = "../../modules/kubernetes/ingress_factory"
+  namespace       = kubernetes_namespace.phpipam.metadata[0].name
+  name            = "phpipam"
+  tls_secret_name = var.tls_secret_name
+  protected       = true
+  extra_annotations = {
+    "gethomepage.dev/enabled"      = "true"
+    "gethomepage.dev/name"         = "phpIPAM"
+    "gethomepage.dev/description"  = "IP Address Management"
+    "gethomepage.dev/icon"         = "phpipam.png"
+    "gethomepage.dev/group"        = "Infrastructure"
+    "gethomepage.dev/pod-selector" = ""
+  }
+}
diff --git a/stacks/phpipam/terragrunt.hcl b/stacks/phpipam/terragrunt.hcl
new file mode 100644
index 00000000..0d1c8e53
--- /dev/null
+++ b/stacks/phpipam/terragrunt.hcl
@@ -0,0 +1,8 @@
+include "root" {
+  path = find_in_parent_folders()
+}
+
+dependency "platform" {
+  config_path  = "../platform"
+  skip_outputs = true
+}
diff --git a/stacks/vault/main.tf b/stacks/vault/main.tf
index c106dd51..59fd8bba 100644
--- a/stacks/vault/main.tf
+++ b/stacks/vault/main.tf
@@ -466,7 +466,7 @@ resource "vault_database_secret_backend_connection" "mysql" {
   allowed_roles = [
     "mysql-speedtest", "mysql-wrongmove", "mysql-codimd",
     "mysql-nextcloud", "mysql-shlink", "mysql-grafana",
-    "mysql-technitium"
+    "mysql-technitium", "mysql-phpipam"
   ]
 
   mysql {
@@ -553,6 +553,14 @@ resource "vault_database_secret_backend_static_role" "mysql_technitium" {
   rotation_period = 604800
 }
 
+resource "vault_database_secret_backend_static_role" "mysql_phpipam" {
+  backend         = vault_mount.database.path
+  db_name         = vault_database_secret_backend_connection.mysql.name
+  name            = "mysql-phpipam"
+  username        = "phpipam"
+  rotation_period = 604800
+}
+
 # --- PostgreSQL Static Roles ---
 
 /*