From 6dda15afa060f7bd48c91a590c8efcf97c8c6c38 Mon Sep 17 00:00:00 2001
From: Viktor Barzin <viktorbarzin@meta.com>
Date: Wed, 25 Mar 2026 13:03:35 +0200
Subject: [PATCH] add insta2spotify stack: namespace, ESO, NFS, 2-container
 deploy, split ingress

- Namespace insta2spotify (tier 4-aux)
- ExternalSecret from Vault secret/insta2spotify
- NFS volume at /mnt/main/insta2spotify for SQLite + Spotify cache
- Frontend (128Mi) + backend (512Mi req / 2Gi limit) in one pod
- Split ingress: protected (Authentik) for frontend, unprotected for /api/*
- DNS via Cloudflare (proxied)
---
 config.tfvars                       | Bin 10058 -> 10075 bytes
 stacks/insta2spotify/main.tf        | 243 ++++++++++++++++++++++++++++
 stacks/insta2spotify/terragrunt.hcl |  13 ++
 stacks/insta2spotify/tiers.tf       |  10 ++
 4 files changed, 266 insertions(+)
 create mode 100644 stacks/insta2spotify/main.tf
 create mode 100644 stacks/insta2spotify/terragrunt.hcl
 create mode 100644 stacks/insta2spotify/tiers.tf

diff --git a/config.tfvars b/config.tfvars
index d633b6aabec76b842475167fef4cac28116908c5..fb8f2a00184d6b367c5a406edb6904fbc31a0a34 100644
GIT binary patch
literal 10075
zcmV-hC#2W_M@dveQdv+`0FR@!GK^&(HRZjpe|XMIDIO|SA1~h4_7Y1#pB70KaVhZg
zEVK!RKAt)UB6@WIO7^F7=m_ks+Za2lz{Oo!#VurTBS-ZaU7Nh^lb4!Og|5fH2DSOA
zNxyaAwAn`kIa)yIelVkoz^Pdh)AsECa_?7vt$6;PhhCv6mP8VTC<U)XLP;?<1$_Xv
zzi+s>=3Lre-@FS)iUKv>)l>^P22fDU;Q)&;3k4e903Yg%H{I{<10W}GHJ?63!l5xb
zsza4^aMf}AX=_+Gtkn*RV*w*!4QdMa&oKT1eXk={fXZxyx6b9!bV#ZGu?q2SCq!jj
z<q0ZZF|-CMn<L6^`mDV^(FWa)nt(V$v>s0zGnWeVt1LYT)HRaKjHoMZQ54zqg=mlD
ze~quM_zePQZ=eE}+eDVYh(RY=!Li+gHtuAdPU4xFd)K~hy|l0}l%YXIBUWIT_3Aho
zEZC?|dQ+(F7VpL+>^H*uZs<nB4{vr|2rdRgZmis1IOeRl%ib+>2<*2rFR-$6INfbk
zrm64#CW}Lex?%@70rsXoo)cf|xy<BPy`&`91vaILqf%b#U*+}kIp2;qZLAf&A>&!C
zMx>^*0d3b32-NQW)9@n>6lRSG&k=NT?k`j6>1-xhEGP0nnIU2H7=ce?VMIPFtnt#a
zHxonC58rt{=IoIZ2%SoE*hOe{ghp_LP<8=<;Ig-Vv^_^gP6#I<0@J__3}Vu|SZ!eV
z6v*i%uovgG;d>3B_1}V@&B8WcC#e`f0@f*9awLsPl058r73p1x(fUGt^^v}@XlAW*
zEc`)iTfv~JDp;3KrV=B8hNM(c+*t?M1}lu@Q*9mD{h5`YCd&>WS+D6SUeYO1d<=hC
zEqPvyFt8Y7D@VO^Lnlor(%TL;TfnMWHUv5g{j%8K7t)-rpvg8h0Zc+AcmTokmZ5=y
z!-8Dp_lb2a)n}zoLs7j=MepsE-^pbLQY3@|A=8zPj38N|&hSkMg&z4%0W!0N6-^Rd
zA<es1Smq(ks-9&&;8qHTB^Fpx0%7&#$6cEmJC~oeB5c>146JYy^f++KhNQIRlSLV<
zDL|nzsN`7g(NLktQXooBG75I5@dxM{ZXwwq6fg5Aml$7|Wm;Y$PVdK#HMM0#ms-p*
zd-CukW97n^l3<!(&(PeC#hgX}KdEVDY}e~ZWUhn}*jgz-g^|Q^n)3Pn2#dj;sSLY#
z{_}A1IldaAL98r^=HNk{l(Iach-0wMnQbt(ZFVFF3D(EGD%oa}4GN-omBY&MixFCl
zZ6|TQVlRK1wBC>MIL}TOXT|J;{*=yctp<>H`;NW?#2M7Wjw?a3x(Ag$`Gba*cG@ZY
z(bw)l)=hV9*Q9~>a+Bx4>$kK}4q*sYFCj+fkpjtFoT6zbKgMk<H<^L^G$`}Tq1D(a
z>-iC&mGFLMgh}ICt*5M^{H`9UJC(ay>^U6GH|r90HsPW3yM)!}OKvJfkO#;pG@4jz
zk$9VtnOmDR^fUm?wCdDH5d`i7+-pSBa6*<E0m6VYJ872bXak|kH>TcP!hhydHUs3}
zq1nOl_Sv@dJq)F5Wbjn!3}XeqhF=&)M6wGQh$RbfgW2$Vi+>GzjS5|QAT<RkNFPX{
zVLHh<IVhg-?+==M7ikH=Ern!Od_^U781H<#EqLPIU)k1R^N9&$3BBWqRyO5f4b2j)
zTz!g@<v5_An`*al=g4D8MIf@mp&8G5fBz5VIiL&KJBGh^W$-#>vv>kjwckE)CaLw;
zafK`(O&;$>ijP~vn68hugYkk#hBLDaT-%K<jwn5V+1o_k0FMwZn}wuD3VGq0;%(CW
z#F6q7*`{6bU%F)!Qfn@zd7}Y*ZT;f~fxxl(?6C*<>Z~+nz&SYHa5Ye~kbR;goNi%N
z5N<Y&R=RAnQY!UbS~yD`D{OWetILZ;F!1i54B5S7d3kT$<ip3^PNVM56{Xgpp?k7+
z=r69Fbj*;PGOXC-SdprHbjlLZ<>_IPMNr~KQ1>_Jh^EkhW{Y483hooj)7=52?Q@6$
z!2ZuVN4geu_NVW_8+#ZwG;5bCGFF7?(z&4#x}ie%0R=NzeH5nKlr@7~t`S}Q{>)l#
zo?ibr5>41IdFf5^mp$D35nX?vISCU*isfaRAB#ohzo~@trHhlxP#CMdHh+UNbn8x4
zD*b}Y*^;o7XqxI)GS}joa%OC2?3aSU9q-BSE3jA3g<4WLrY`Sw(;@ikGR~1r5jwjJ
zK!TnBa#vLZs7W{-QBqpt9{;~y7%4SC#hcCN_>l;u6=?e)z`%!Z;uVX$MU*BUjBURs
zWR4p@Um0`OM^dQRI+obAKMvWI*oP6>2HPw{+Y~Mcscuc?sWw(Lb3lktAI73i7i!*q
zOMOg0S8z3_q;xZdj{!b~p~K3gl1qapX&|5gY9SDewmi9pjk>hfAeu3q=NhL3iLS{i
zIHoZ%x=pRD<Wg>6bLjX4<av@c-;<4|{ftd9U5Ux$c7JD4a1~Vi|KrABoPFZ|J)J!0
zyWqJ<W>BpX{%Gke$q^aD0wfRhKT2LHE83(xUZgW^5WxZZAXxtgl1(8|BVwG9d%>n-
z_1z<Yw4`ChthjwaG>X&h;ZtH7s6)5+^w{+{>&#xZQJYc<k7Tw3JAA+5@rTr*W6zb9
z66@fFIl<Km1dB8wV*a$Al=UR^g6r<rmj5#2C+MOvp}2)oZK}GFYX$ZMy1iH&iaqBf
z3yr06%Oksx|LW;8#L=Q(gJtF1KSo9GgM5K;Iz!c-(I@kb9ppOnIE#8K*6a(%G%#HW
z+$n&nF~8N2(48$w8CZwGu@tDN4zqPqx+Za-WufQLYqW@N`B5**>LN=c)c9$x3;kRq
z1MkaNQGdC5^5}IbIQ-$(Q9L?9-%1VCBG&J87eE_$6PllTVJH~=({z-0rN`3DqWGr2
zx^{|Xv*&Czlb%gF2Q52ciIq9Uxv_x3!A1!w0SV{_6N}UJz0{9r4a!uV33le|Jsr<%
ze(uMWs9kEpnE>bRU{*?_tE}gBd}c4}u^Mo-!aVG@=>8ZP0L4CfT2<=Ox5Nqyh-Die
zg7P+>RB#<o;KVLaJ<R)cV!qJ21^SLYeNOa05m}5LHDkYins;}~>63t?$QU1|)=2#3
zg@(I1OWIKp+CePLFtHp8p%AG&jp`b*dE}rrMzVu@gZB!aj7?nogvif#(WQ6gfUPG^
z?WSqb4TSToAk4=Tbo;nRmplC2q^6E#pn=8fgZJ6YP~}exy?_#kV=Kcn3%qV`5G8AB
zsP1);YvR*%K(!8(?w27L;+vw$soXMMZOTeLw^}RqClYTADi~?18Fdou(nGK!Q{fvK
zCRJ|$|G#}jSaje;Yz@vVPTNto&d}ycLOGR|bqBw|eqZQ(4+N}-%egoFUBgrfj#Y7>
zsE7pQ%6P(Lu-XqKjKY8Nf8+1vAU90txt3cW-LkY(XA>-RQ8Gudl+`fFZP@c11(ul>
z&lME#ME#*e#u$h@uA=474NV;cFCidyU!9cb@5MZ0w&jr5sG#arFtl3_hj&8K4@Gpa
z#A)BkYMAi_Fb4~VbpeQZ8h)N*5dKHWBY&hw3Q+a3GdQ>W;|Yv#+gtI`(rNvEf5na}
zMG8lsiz^J;$D<_@DY!5`{M82^JoV2<53mmfv_*`bsS;3L^AGb-p8<(EhU?HN-qE~s
z7T+2icdUNlu#a*<k^Y*4vRw%E?(4N|2soYw)}e$-v}gnoWji8iVm>pfpx^ZDagXdA
z+|@5%{?!?9qv03ho!-@me(Dm!AURiwg+$=pSAM0|k*RdbtaA)|YRKP#Mg4Ah9<Li5
z*N+gkoaw=tPR1C#M<C=PwWHxvFzl(<TfBsP2`kiOo(o9U+<<+-ULb9#dC->*nyr2R
zEWSaK=x8|ow*q<nDuGIstjsTF+A^U#>{Pu$k6tD%Jc2%bIN#foBZ7G+O;{Q^E2KA=
zPbR*7*!PU*3u?29Lcjv#n0h$>Sr2ZNv2(oR9GF>?a;s&o3XY@+OQ!1n|A}|jWV1QI
zP-n3mI!K(POW|rVh=i#{5IS8?aOi3QGxLflMXF|yfRxZAd|e|IIT}8yAOMVH4xUIM
z@mGt8g%)h*E+<?&d5mmpY~E{%)_{SX9kYBP1XzJ8QKil?i^eL)QeiWP`&DC2aOr?b
z6kn;3umo?k@VI5I=)-PaRz|R=xNa)~p5X+Cx=zKAZ&Gb;H-(R3T*w(8adkh?V?*8Y
zcF~%J!z257HWC5#_7pdbHpPeqOt-iSyS0~G&+N^uW6SUH0&F>6H#jxv{^TukNnG=!
zu=c<w6_>2#PA$gz`DKA0Z~_#Mq6j1veclTq1k}tut>fTkB2zRD9W^87xNja~Wyf}T
zLNEt{EYYv%y41BKMp&WWoZ@F)9<9I*mugF1+$?gh&`XS*QH;3FUOwqrFAEnC8BxFG
zhDE@|jWVl-HFgK7=!v0xWxVo(=N<E+p+-f$W?$d$O!e4=$AW~F13k81{lD|<r;id$
z?Jt7SB8qQ9Xa|4C-D<(M;4`H>I%eYdroF)^^9dOHT4RC0J+Q8m&@1*tRQvV#G>4<#
zGyx#lysv)g$<gGAqV-)~Fe?l45GnR1CuS{-Ns^*nITFord1om|j{K0MOgVIpO{CJE
zCmxZGizY<`>+hjb(R9xTFfMm4Ql;rboE_s}E$H;e_hw{Uoe4=1WrAZoPNUcE*Za)U
z8Wb*6ab_}xPy|f?3pBB#(Q=uiClkV~u=pGPIm!Ku;QVQ|Bz>;fsOaA@deD!q_Fu!$
zgk;am?ck!-=1gi!)IEWf8u>EN>kHjsM4`IejPn)hphpM*v-W`0gwB}mQ59MPw3*)2
zvm-U}2tDLosD*}v&odiGLyb>s%-%_(`wQA|>g;Bj+>E~P1F*6TRcdmZH)7~Ir0{|4
z{?Er}eBW3Uo_2EEywp`|NlF&ViCj18(S&fJ!njus_ED9rWHubk2F<3BJjf<k){Y9Z
z{y@D%)7`IxleSnB%3RJ?;L|xyf=&_Je3-EO11<bHL7#Z-A%mFaet72Ug|X~KJ~0OZ
zM)XHx(|6T;#w~|j^{=%|RE6Wh6~6XEvBg|)kRy4z+zqMD3uPxK|M`v>qN;{hS>2u)
zj*xY-On>%f^BXD?*&FXLPD9c@4w1dZ6n^?ody-(wI%Vsq%`#&pQnAF$+Ub&FZ6PmU
z%RZGIDMM%ahx!Ouq(`4tvv#pYqo8XFC}WynX^^?thF>}<#8tIFfaL$4@IscgG&58b
zmV(R$00HjgZo8TnZhoJ6mC;mY@6)~}oOQ544&@r&{~oFUi;!TAN)*@ge*QDmQN=7&
zhtA3cMG+7H8DLNnO;rmNvONGGP;>H*)=>UupJ*lm;ZkC~>-8{`S;*~am#2O4$h<t3
zW*uE(#uyFRnS#tMHrB=ntw){4=+Nzx@PryN#XN$(Yp+y&wXT1uDDmp?>SO0j`}4()
zoX>B#m75$xCr7mw*Dd5coZ0#*U3jP4Wgz$p)M%XIiha_WkZX;VSd6Lm04M-9x|^CZ
zH6t5u2%}6T?M^ktw6!Tf>B_OH*0=$>5g;wY%i9bRn_N04`r&lk2y0F<WB;*dWHqrx
zEo5TKv#?mU<zV3&Wp(zn75+Fj&&t#;(iCbS71Z)T!8K9`S|DbY7U3WMH>Y*s<9sk7
z6JnndJ2%q=oc82KYPizHRY#Tryb~k|Ada-`(SC*$e2wOf$H2047O4L;O|N`L)~#DY
zezF0l@fsOV476N<-3xh(TJ5B72R}^tlQScia3qJZwbw#l(-nbJmkBm6q>R8{KZD$`
z6PoL4_@`VXsq|#8H;9Hy7%&jSuv6gmcNLJkk7!wvm@T*hV|rconbZiuPeqEy6KKhh
z-<I#@WwAgx&BU!9d}((oZ{T>}^R-x~GJeB&f6rLL{{Q}$eSt?_j4-ICNGC!g;30hx
zfg{8(*Jx(Npz`Ql@PH<ED=g5ih3bPPGz5q4w7Bg_F9Z8A7~~W<1@hRsf+~5nm<mgW
zkjL*ssUcb&+P-Wy+Vsn-V9#ZX@KJy?KkjAc1{8>hgFO=Wl+O$l9=XbE)Cv1l!pO&A
zDIfX)1G4HD0@b9cw+#E9F?<yXp0Vk=L&Vr8zdDsz@-m7@sU63jtWbh=NVK(zXchp5
z1Wd9y!(9Cun6XJs8m5lQ7HDX>6!<JggYK&&R~S!D(JP0Ncj>!YDEwCO|7F$n%cgW$
z%&IFtZ(uhR)bfD@rD;QMZ;x;}gKeboAML;27`)ok;&tOj$9Rsy@X(Nxqu`b%f_5Ig
zI-%u-m2(DULl|WA&{RCp<S#w!44yecg3)}`eyw`*&0^UGLc9Ry%v06tN0b<)1t)70
zn-<xyIyXi<8j!f6(3NK@ycZ3UyI#8m7_}fH6iF%+!)PB?N&ao?rDsB#J}F--fOb3*
z--5phsNBGz(&jOxUUK8o_u_N@i{cDVYcLq0xfDACZedlMx0%3dcByjP6k?LiZw$uL
zk|TKo#hKf9^s_g(Q0xjU0UaM~kGDk{WIhc=PX^z1qBv9T&t>DL|5Ec)r<Otq3Z@tt
zav|kA-5Q_E25h5u1ZwqR$SqSyUHuLsRpUllwB<tK(vBA0`SZgU09f4@CtZTb6BCcp
zEtuI4N?w|qHB0GTJQ0g$z_w_WGDH#05uz*ZVgbmzx;-KvlFq?;OcTJ&t3)zK;v8Ng
zDNGCR-}$7HIkm>TiIsua?GreVih4@6D70M2ZTXvM53kH-A<e&Jia9h;jCx{fFuZ9~
zpkL(;rB(!cwC}z5Z%2#KhjVaUYu}G!IJ1{H99%Xwkp(`eF3d8Xh4S#DpCU>oGK`*n
zJVG66Y!nn|IexGZGm2eitb2(_A15zh+7Fdk^cBLfuStEqzo^DNlgdjKV`zxu$0RHG
z*e(+Ci<ra?r7-iOrsaWcG*66S&%h^Pi`h(bf}vfeivV2uwoBMee8SE!;Siaa-ZGgI
z8{(r;ga_lD(O~HkvcAi{QztdWLzdo9H`>zEgNn^3i69_viSGxq81}wQHLkTz<8wL`
zP6~&_LTOv$3PK?EQR`P+mUtvglIx;4x%UfpdZ)CSLrUlvSogD?oJ*Z-v0$JPrder0
z{HYrok1~Dnc_}RwxH0c4ZKZxEEj+OCYI`~I8&%d$uKXguf!<d9oh8g#gNqv2>~B~X
zc!0+#3N^R!Je+o`RZKP+mty^Xtc>QHa0d0zUBFrtVOC#l00$S(J_@}9Z2Hxcybav{
zW<IBUG2Bx{5FMYSF^F@|$K^?hq@Xs4U4KV~4%lJ)RKxJZ2MulKdP<zF@>WVS!Yb?V
z0>R5s1^8L4A3dUVSDBfaVD{@Bfqf6@Bp*B0fjdR>$<8g-`(;t&BJ3s})u4&qGv@HU
znkrJZUwm{<^RRwgG_fr-aU5>T>}*BqF%)gri=TpVS|gH!fO|f!o}(qi5OKR`^LQT^
zft5byLl3pgyhq<t=|VGiSLfb2^<kI`OF#@rnb%!jKG-u+rc<;d@2$klK&#dHJG*k)
zifgD&6>Z(oKv4lYKLrDX-!G&tB?hSy@M8N{{u*xIaxdLshcl?ghTZA_*g8Sle@~Wk
zg?%M#wkkMj97zjT7FcT8ARofN#S%d+cA)6@T0W3@UA<}z9UgCIBHXEEf*$wHjmgu<
zS1nQNK1)C<+q;<nZ<L=}KGMrgk@8L|?Y+#E=Qotq`Ui*D3D`LV^rRk*FlT3}yvvux
z{k+Ku^L9#16rADntF54?^-H1VO6w4tF48q_Qk}L3>T<WfJ(O2LD{pBk^1VL)ja!JK
z0#VM0ID(azj5#b+gM}S(UxKtZ^&llmuD*8yXof^i{x3qIq;oh?uftU}0^cn!q1;DF
z+fj*AGOr`CG9i{k-6Q-O^-=ZI^SZceh>h99*^C10FuU+eN5UOk2OTmX!X(ePZJHFq
z(RTRBGaikEy7z7MU7Z__HNTvYGHA>A30s#@m;+IM{Yx!0^|USIhPLlq;akaZdlR-3
ze3H<kYX>M`+K7AHET5`C%yP5DsBin+nrKXHBjt;Ui)P#UeSxTn#&evVK(NZ;9Ra{D
zyaGIfj$k0Bnd-&}c)m*1#rp<bA&0gQ`h-s~B%T*jR1VxH6T(cBA2N6CJQPmvS2jen
zB26N>jyC<N#Bd1L$bX8k0)gt%b3$iwI)jyv=FZD^>ZzjxScImx$%1NR+EBAzt;b-u
znN}}P$~)Fg<{4nTSA_t2W$dawi_myq6P_R2?P9E8!;-N*;>inbtip?irIHgo1eJw<
zsn<@+W0~1@@Ibz}e>&)Yp7#SDo0XvG+z*!mAnF1B`cpd9(qfnDt4*kpTgB5dMu8!#
z>IQGyO3WMRM#I1tp13ynhNYZ7T%54r6T*!acDU+tg|JwEn`XrW(tLvcyw(22b?k07
zeU%s#pzEOe8&5SwRz{L=w@o&W-s!BGY++p0xR`@#4UxLOnzbv1%MzhAwd=Ze)H3J_
zd!AE>nh#f{2K&Vb<xLcGVREa+$CNqfzmezt!9Z6=Jt03@6a?Vq<1dj}ABO2kOycyB
zrh)c%X7ucklq@~TL38JlhOPLuvNNOBh81XwU~r?&yHoDD^a?>2q<!gH9;g1cB5Tz)
zK_<l#@00C1Pz@2z-J!Z>w{nb=FLltER^Fj?F1%h`oB58sfkKC+%P6S;RQ_?1$vkCI
z!H&X5=;)u?sGlC#14&$)@6sy~QwY@P0QR?WW%K5xBMbjckR`kF=8Ct#v36L-J#-mD
zwBzQn&vwg~i2FlApPer43}a!U#%@`+pF|{tHQVC3sCzbXg3h5fiT7WP&Ro@FWni&D
z%p>^V;-&C`>Y^HsPdT%C3T_yVOt*}x0yHg>c5t$T;Dyt2tP0Y3r<kdYH?B<f^@MR@
z14)`-<5JO7$f)2X3`y>#^;8oTbQ8q(+^#9La2OcTEp?Eis#<j5x#;z`Z5^k{Z=^f9
z^NC&?-Lb_~OKa}rsyQ7AAA^_x16aYg*h9=TEIY@DMAm_?5Hm1%O3QmPokOUhZVwzk
zUusQw3)sRNd@(v=4PFGlMmkpz(Df}@<m3;)3^|1lLAOOg-TWkb-{sw)H6%X$aFK^j
z4*CTE`~-Gr4r_K>Fi0%N0?Et0A;DbtnO4LegXkoY(7I0MJs+xV!{$w!Suq=XDSTFq
zC>7XvV_I&0;^GPrUr*MggdpC1#*R8tIOjf8chIJGpG}1cVk2D~q5_Cc6FdR($x+mO
z6OJP*sOg^=-x*5&EiW2{AsN!|cw@^@-{A7!4E)#!i+b&ZKr`XakvMcb^$D^&X3kdD
zW{y$GYt$F%QN@U{=|6YwfILLUv>z1eHrBEt5~QydDzGm-GBr;C0Qm(NE4Z;Ws?CvT
zzr{!G*-=Xipvq~3h}D}o8nre?XiA{#u|M}#^*JVvYtHdZCC1FacAYhWE18N9Ibk#P
zh&p!cU?lUex*xzqI7%f0jjTWu)gkUvX8bl?47L#3r=co&<Ng5A66^l$9MQ|D*l8I`
z-5Pt;k1BHDT-A*b90qQ*NbLH%l-D2G%2RUin{!a|cM~nZ-oPH`SgbiZIMbLOlpmLD
zbTs~QDLcBe@P!~iH`K77AGoD4yO-I_JzJ7QNm=&`@7dB-m+;@2d$K$5ee)%-QUz;?
z2LfQnCn*o(ARP>ewlbPg<YxHq{un+S>CJ+rtLnwyfx=hai$pOB*))e%mPayvh%h~S
zLObu-q{iTT%u3QS4=f)Juw|ioJi?k{%8cCx#bI#M&P%&{kR**E03pAtPyKqpWTtbk
zFevysvIR7|lWxyovmj|LHm*}p$C<u+#vFYVC+}|MNu$@YIEMD9EOUWQn<!dBWvmOt
zF4-a-z;O0q_&FN~o5EL;>Qm%1mLb{z;h-k&5FVBe2?_6eQSBwAx6E#m*LvF=-I<ae
z)CreKn%q)VG<kmLn5BuqC}y&_ug>XPE=%-<U6p&)1w>S*vP%#9QEo7Qz=26po#H3<
z_o8a2GOwYG2JIWpC1cQ47O@BscTGt%`ALM&l)FzK!L2bqjY`I;5Ab^(F~Pfo;*HGY
zo3g*rL%)e|8)l8!0WaXYK;!dU#a<9)HCIWdCT|_<wDB5Z9|ETJz^&V`S_v9R+e>){
z>q`FyH6zzhE6YWK*irZbX<dl7I1Xj5)6TzZVl@IOKhm!*FiUgtxNQjnI5VK`F~tHy
z#D{4wB~`o1A|^Uv^=_meygGo)xHAdiH|_X@x+25StVe$@xRz=V9p+wPg5nhAWz^RK
zO8KCjrEOKowY16!@gN~Vj^=Qj&(%5PhNzn+{iRZla}j*E;*w}N5rTCCWk))hBx!GT
znH=-MfPJB~U;+XQF*yb5sgJOWY@PhM-6_%~Gk<^7o34*J^sF)O3uO_X6s5(&IWpc~
zh?Tn&$JCfn$sd$oL9uKT@}Z%@keW~g%k*CwL4c9bM!T}J^d!}P{N5^`K_&Pg0lMlU
zxk@mdG4o9}SnwOi?c9#5@PHXBNcDc2?UQLDLFJN~q1-U8;XGUt#w@&zb<+2T%`jt?
ze5tG?ZIX3hcH72S2%R-+PgLN#If%Nam(NPB9XFz|^P`m9n7tx2SM5I2<F!dn`s81-
z+vD;92YN)h{-nRa!v_-vA^xl%RsY@YWH$eI?`_TV8{bn+q@{o=$n|UUo>ICQB&d6r
zYL!yX769S69hJSDIqi^6?-iAuOXSxDs4EXUAfjII(G6LJ^;4=O_zQx*>+ozR(Gk!_
z;$c(ct9AC5*H1^jg-h+ZPW*4225YG&_1LhcwjtY?`h<hOmuG&H12fBntN(C{L@oB4
zXDXfY=!G=sL0wg9OxCm8pUggmu-}tm9{R^<at|>w#+`&sqZd+<?^=l#^4B?P#83+k
zCKg$tW3%@D1UJlT>1}}Z=0NOnf|$1SJMXWV!9=(=L^{`l|J8PVINTG?T9Y8GuR!@_
z+FK7Egyh5U`vYy<ZbXtK4K^l3=piU+LGD?1?)P8_Jyqc(@d0>BDShYK<is8N@iK-f
z{xrPHx4g9c`zP%iSZ7&ZmYT*G$b(O0;`7d+BA`T012U}BLXGr1u-r#{JXxd)s@L*!
z?|lq*3nLdwLcx9>Hh=I2DGSC)Hg-lau-ReI^mfh*%jLBeM3KBO4NOdNI|l3U>GOW}
zlj10mqLZ29%{ZD|yc@?4+!pZN&r6AZlOIcoRElC{%THE`+Osyas3FM?Hp`2kMbs1Y
zHU3H6y_))s>#*Fe<B8<0f5L<HLflXEEFqb`oP8vTi~^qGJYwNVu4;m-8k9wCpOua~
zY~^YYYdTtIe3&ip2_`WLQ#il4p$Mqink`CuS>TKI1+u+AaKBtAKK+Dp%9<(DrlsUa
zV(>R`$6^P!G;4FYKbR-wz+b<^T)8%sU30R7{y<W9#X|DJF?~qB>sfm!i{%80ANPc=
z3z=MBU^+<XvIRXiBJOG5vUx5Eum7f?yDOubZH;Jvn^VblK6$g|i8p@D+ydWRkGG>0
zD@5(?WC4DSy*F@pu>0v@KR*jw)*v7B6hlzaN;tZZs5iPPzO`=GMBj4@O%OqOa+0Db
z*l~ZsjwG5hM7#!Mq{JY}=@ztOhbE5l*-BxRiEA8uJ)2TeNs4Q=kS_S!ifHn}2xblk
zihN1qdf=r2OClL|e;eoVJzgG+{rYdRzv4EE8cNsd`P*g^fCX05@~9|qJO{xSL+SqI
zCl8-$AoFuz+BOHe``rp>@NT&>`4HB7*`uSRuynIXyP#!bT#G;rx5al(%&k+$5Y?Rl
z9#;cFdSbw{(rPc)5{D4}3tQN`f7<qH1&MK7l^;T@GEb%5K!mwuuIWQ+hXa@Ttxa!m
zyl!LD<v$DIVg}M32ODbiHy5#TB}9yqH}6R?sWTQtmy)lQtPM;VE`+GPxjz0*3*jVx
zL@7~(QFV%~eX=lJeoLx?Qd1zwSW2B75tAfIt;62O9m!xDZ?$ycEjwhe-q|2Jxbz)q
z$7gYFt{FD_aRmQ~s28g+R=&q@qT^_~r1!7$topiBi;o~_BTw>v6#qRFd)De)Ep9h3
zE<V5Sn9Xv@4Xo}AVo~CeZ;hgU!C1oeIw=I&T43wOi#kKimHi~`o}|XaR%`m;;us7G
zlV2eL*;t>FFyo`N>~Dd*HIW~IZD6G;cdZ=<LyYY|$t)O#$R534Yh3Y>APUtPzLVd^
zIvYVM@=2GSbL*S3R`o(+IZy+^nqR|S;{lf>>1sv*_AE2loNv~NgVB|DcfV-xiY5XS
zmZ-Ni>7Gk1hBQPwh~d~|HnB{2p94+TVm@__-gsm!fHlmTVNIyboBdG5p(<qF-s~!N
zgXw$A@md&h14iACKOPSZr3RvSXgRO=r5@~S^9YrD$f}Zkocw*|0=s}8e`*m`q_r>&
zYhua`&9b=e3u>}#sJekl>ChUp;$xVwJF87KcIurY2T@yn@oKeBlbiU-&vBN7w&~B8
zDx97LvMuPneDE^*I~+#Q`X}G!F8<T{WwbK2+1IYH*cclE^AB8G`pv<f^vuAb@2fn@
zS&%I#?)?+b%$OobFx<ybs4noJeWp6@@25Im7fvdvQKsAYwSls{0QM0ExJBLSI~d{G
zlX@mZCiPfaLYh$`!}Ay5@4|_Q3V*8_q2ygmrdQ2hCjhs66?kBOIhm2n>FBCSM}FVA
z{sj~1TyuG5J~+@eGm?=~M6Of%qGI0lpO5$iUim3hN71%aP>DSsAP(bGaQ8Z6PLXfU
z?%XkPX)H`|7A(yjv?yP$r5|tzKGZ%}#JXWg+W6t6Q^$k*(i$8RkP2?O9WQ-^?nWtN
zkoGiqW<yu3#5mX`EY+iNov$Zo5wk%<zkH?EzIOp;?Fq-1e{ey@#L_9x-wckpzt6G)
zQ5bRJlEd7?X9K`~9o{0L+z`Wdle;+}rT{E6mIl8=_qgs7$8Bw_Y2qndK~i(srwQg5
z!ckVGX(iX62ng*BD!PgYl>t4mPe+pEr)AloVc6^|QBB>?tctW|!UI(QS|sm%tHV73
zX(Em>Ba!#&HwmG*!);_#Zze5_AyN3Imr<@sQOK@9QYm9noV!4*Y(&w2YcL7IZiOnx
z#yFG5;wa^=L`&(;kF~nzF}`S-g$rVyt!E^8aJP9kK-(Dnv1aW2sTi0mjfll+em|J&
z=g)6RQ7@RwhKHpcMFl1!?tuA_;`|2tcCT19ZJD?CJwZ~wAKzG5<-o<&SN0>mM&R)&
xcd`bwIg#@L=nk{4130f@3&pYFgjrXkn3RDVKtL8kYsrR$M0pox1pCin;s_h}kr@C0

literal 10058
zcmV-QC$-oBM@dveQdv+`0GTy~`bU_|VhAeQ5@W;}sR9oA8LQIHdVuA?3Il=SlNuGZ
zzGL>_icQ$Fa}Z_)Ij`D2M@TnAdm4x&-i#Zfc|DDO%>ajD(#YOJUZ<MHuFxk}J|r(n
zYUi!j_;^pX2sRkx%;Xxq99CLi{xqangxbq?RVXrw!0hb1%o*b#kr+8kx7qByaok>7
z&O#-1r->x-u2E+od-lFP*&dT>O?h$^98{kPrU0<UjSIDPwtTzF-xhZ?T_>{PBKN;+
z5WTXK4sUa^dTNz(XuynZ8{juH^cc!*n6+1kH~80jU5Mx8*>w@gReepjcyF1x@{Q3E
zE#NAe6sS0c&Oo!T`N6hD%q5O_9O=g-_uB%EXX@5PrsWly2BK_vLy+>J%fF{RSLzMQ
zz~<QwY|F1u{jUn+fO;$f@S7(MJhID&H6ub?cywEKui#)>wH^G0!I<30l5c-IU!heh
zGX(IoooK`2gEu-ABuZvYR(@=`uraWf?!lqxbfDTLeA_}NPXJ!Q={FPtw(9}Xn7Hbr
z9~$^)1yxgb@Or!k>#^EVkfPW^dskJ<4MlD+3``?0Zt!?xT>*d(9;_#fOlXCihJc7K
zUEnX;TGHjPHg}3qF;E=wLmj~9Q}ckVdAVMLifl^$Kx~Vh!u=n)8_t709c681vPM!}
zTw@grgQ`0+0pmpDF_X!`Kw*ofp3o00u`;u&FYVmR%AS{MU&t}*eX~)2|99?1Q)hzx
zTbW474bWd?F=}&z=KX4ZVUcauEc<cUpDD5@n)7-^R?-qk#Kja@b@%tW;^yMeJG~5L
ziK!Ddd0Q?K#oRm`_$I{6NxZz{-SJ3NqyoW`V$+u%7sDi|m};Nc9rk7{lAWdm^6v1z
zjy2wZ%ik*oWI)77-|?Pb|LH3?&%EZqMER(zjP>4wEAr(JWr9>C<zpXYAmp`}e8*A8
zw}^T!)z3pP8um1Jeb1H4WrcM={J3iT)KHO}Y@^t-p;irePzX;Udi#UZp<Qxj!dJey
zw=AsAAI&ba$hOY#6j6grk9rNH#qd`T88nxfXTCX$>@}ab0`W2Amx99})*Pf~q^Q%2
zq}w1;N-+%~rm54p@hH2k4`LOGR2aVb-Rx`PZ#bgiKX}sHqU%Q|+dcwIk-OvJo~sNZ
zpoChp{z^e444f$G4*EZ-D1~`wXI4Lz=vyn!B#0w3cZi>kg7I`A+=oly;sVrG(+tlm
z%kVgUA4vQ(=r0U)=}F;ZhprY5s<<<3Tj#N$F7TFH-S})zHKdS|qQ3Rgr)+5+0HNAR
z1L^+S>ngTgsPW-`RV#dQCVC$-he3ptHCruGwmvyL=3+Q^ToJ#ngu^?q79-Sn(JW*T
zuE|gA>vmNV4x}7yFagdex^Ay*tPIjr{S3s2C;1z8@LA9`FiAd)X?oDMQ29X2laGK6
zsSf#>=+A`#etUI<%W|VoDzUiz#@2peo%0#>FQh>H7|7THOesuFnpg7uAI01`&)6B)
zQoHTr3%L#HQ1}-dWtPfcnMGARpRta^O|WA-QJ#I)YE3mL?5}DO%Bb}CU|hYax2-am
ze8cR8;;Gnl=n+QY31<;}6SjueDlV3SK!v;95>m)vNE?E8lI!i&w`Fj7UXQ3?{Ew4J
zpH6i-%>wq(AED6P0RI-^J=i5ck-0j3qjXw=DforLjf_Bhz*qY{O8@9XC%hUEA8=C<
ztsi4*2GG=jNJN{(8wis|MApbh24$?LeS+1B9KCK4tXDc8vC{IkhAgc$)ydKmXW$>?
z2kV@zU6~n-KWzY<pzt5-u*byTJ*^wX(ZXJwpfw6%k-PxWQoK|BImPFNs9M$Tq~Qn;
zNm$(vti*y-zr<d=g#oGV@WCR0FXedQWCT!jsSQ@TOY+^>1bkt<TxigEbkXS+KDt#;
zNmXWiK>CH8&P_lBQ+f-|VcizF6+*1dG>X+l2Pu@J6z7GU^6y-h4chU;Zava1Py~|>
zll}U%63gO%N9)(WZT`S+&2CSqo8BE1_9KZg`b{iK`isHt?lA#pH!w8km97=mKupaA
z-^^(08Yyeq#AP4vByKIrhiq1af@pTU89GKV-;&J6=A=m`fBlRCzZSxx@@n2(8TEU@
zVZA`(GmfL!5LtDYxf2s9w_o3NYl51IlTVGGs2yE2SU3k|H;K^-US)=h5c)I`C8z8_
zj(r8xh(*FnGm*Lz^kcz`D73>AOpWHzZu_ZedZxUbhx<mgzve9Uxa#s5LXKLp<HFs+
zbRek$sn@MaHW3K(h^3gBa5gMx%lIlj4sBJ}XAN=22IH>v*E7xaZAy0kyo?F-#J_rR
z?pMa5%AiKErR5C>CRWHKOmE#?qFU>aH<W$TQ^NmktR4AsBES)8{O>g=f6KC}&=P6n
zpKJ!MT(nq1@5B(<QiTKKV*V>$i^)4YmkT@M@CN!G_<!X6<Tz%?v;E6<F&^jUW@M(@
zP!u75IR|a@1tDTWBodHoKgDk@YCOE{H5KfGzfAHZmq^;gT}G@=^Jv7^_c;{&@IZ;4
z0avSVF`+8*Y|p@jigZiR_LP5@<72thSG0$4kSxr^+u)>yYrxh`p<cwxG<5jI5TDc@
zgy64d1c750AaKPFWvq<0W8Vqa^0@popHFIwEV*#P7zZz@)&4#-o_Tl{@wpaiV$Q~I
zNZunj)zT~|=s9f_#ylko)KsowwF}RclNrv-Xrsv8?1uzC6F+%TEaqJ%ja6yafX}-0
zzg9C}F)M5uPzL5)0TKL?lj8!|yd?Ll+?oqtC%4v>mQ@%bmNSghpLD-Iq*WqYmWy3X
zV9o4;<yFjY!&t+n8r^9{6_PtA%pCaT@~Xg93Z0kt-&=l0<6qD+Z+!kPG;7Gtl2}FD
zX!ucmm&wbFi~rFTu7ER)%_Q#Yb3)=s_bwqOKUC8iJVfI50+NN0`{BkD4DaT{I_3@W
zWs$(gE0A}WU|OCD;%2X3L*BUw8daUini2P6y~NLT&=mU(tlvhYr5K$<f}oOFbzGX~
zht^^<Csy?R=tMB;s5eZww4!tS&iUVa{4<TM2}nE}p->h4Z61ZbI{JgWfrvMZ*J!O4
zmT;)`a*(;QF%My=hzccC`^LBK4#p1C6O_ZQ!+6F+_;-=L53N~TQyOb<di{XzB81rz
zZZyUe_B$b^c8A>fv&VLKfLcXL26}nx&<dE1CQ`fGQ<q1|Lnfxqz|w<KU0LV+5UE2q
zb2gWO7My#K5HdJ`V(gdSp$|#CsSSr&qBb~d-PHBm{YpRFlu7A6zF2Z#jYsZB79w3d
zJws?DiC%R63TntB_Qdx;lyt4tW~zF5IwTtlE|yK|HuF)~{=n32+2wLWhp7=FW0_}|
zoQXksrn+ugwhfkQ|8T`M(l^teNVj5i@$QFE1$EeKY~2|Ao*2v$5ic22&ND|f@l5di
zg|gVP5&Elst)Dz3r;PdiBgS#U`Ey7idfky|nNQ=A7M<x|%tr({XIzoYLd4p34l}zQ
zn-Kdarjg9w@_Mgqqhu97?zx(iB~>Kmk7r^r_iE2^AU#>5zCtmn))kNpP@If0q;sw2
zg{;Q-x4xNoPvUA&K>b(+IXiYRUjiA(ola&)yVk03b({01eY2UEqy9b?rs?LlOuwgz
ziIHFzd&~4sO}=~>G~EDq8Ly6jd8)i(TYPL-AAP@YH!_AB1EQ<tj@z>v{40wF!oZXd
z&?m!{?xe&?nD_^QRTbi^hNgZeV7vrjQ~V)f75T$n?ant<;7FR-8wj6km1et^JO;3q
zVT&~-%xgk*qp$caZ~(;<2p*m`MYOt~cvIKH`jZa%Pow>4#C@tic7;<mVTC|;kbE=2
z|2mp5z1hi&)ECI6mPD_p7Flqi2kr?AXDlt-B%~d%?<Cstbw$wbyn~#<3r0wlDVN)z
z(UY2wk$w7Gb=PjMk+=tN|Haf_X0{FQHj2`;EMnj9oJ1@|m4qT)VXlQ)K>|^qsN)jy
zg_y<zC<Px_w+pOwqY9L;kT_?Q^af;7K`BmNADK>+Gb+uWsvT&0Pk`xNmU;&5>*>~(
zC|a&?3dnC2%_&?utrqzvZZSDP2wZa0k@2AznNUa2YH^~RIqOp0!3@`g;%H^1I;JdA
zB2dhSrpXc#T&)c7>I1?7cY8oRY1Et~2gZ8g-<?8{ndINN3Wk@=SAo6qE3>9^|G)nq
zX?V~>`rHj62Bm{7xo46N-^?RUIYOSUlufr~z&8_&-yREr!2vj+bcWYRh)|Hn!ZF^T
z7a|rFy>HAbNM2cRXnrz=bqiQoQh<i-_FlNq6A-h$B+bkW1XkAx)~f?9Mx3$Pjsb=I
zM$5tK9bacYqy?Nz#Fyd`g~t<NJ7sQ7X`j)nyu^x5^s(AApT4`|;S=@rKU+P3g@6V<
zBYrEqz`S!1Gl>gCBPKmLo^17~fs_t<w3;OE`<kY<MHCSCA?HTmywTJQ5d-<@+pL7Q
zC}3wmjBD45@+=F9naGIi;i=kF4{pC)NIr^(BVj*f@PG)xb>HIMlLf*_MD5QGWdKJe
zTZ%+uTf>!-2Cy?$nDsd77iImw&f+Fy)J{1M7%_yZK?cE;4pfm9bodW*70ZYRYs@lw
zk`J~+1QaD6`SqaRz@n>7^h&SR(v8qAF;Mk-te+4QT;PG-L8Y5C;A1|@=~rT|UNP_E
zUGnmP${z08g7O$!cAL#9es<4sErvgJSWaRu=#mu`Cg9coqg}LDz?EjI{xd~Xgq|M?
zBI_TV0ve;ZgK`;OLPJBq$jlo)YhbbSrYN}65d1e?X8WRn(TK1HA)c@_x?Efrum4qq
zdVBV4@rN*$5q}2AniB-JxPD0J(DLb=K04yPkJ2u6_=qo)w+CbU<eF>+6O1jfVU?2Y
z)`$(5KW;{+yJzjl;SoZ^Sj-ZgU=tZer8zEoNz1g1I0AR$QVAIpvnHNRO~g(8&f(xT
zs3R-Zn<34feopdA`@fL3cb~C;KyRe;UHk-xmzc}e_K30{BOsI2H}sD}lTS3d$Ag6N
z;D@{6gVbuaMh}}5v}2kJpSe<j{KPfmq%`Znz`%@Mgry$q*q6#sq=lE?B%K81kEfCy
z{Sb5KqnlN83L;GdoCP3?{#Q`Uh%EzJo^_)rPbn>_ljqn@7wG^+EJhGxH(hgm+|e-f
z3`i(OALEb)AcI6DR`HII2bbsZ;X7!*KBKNf2$$Kcbf1M2sG0iId8|`5hpiH60vT+R
zxlUX`He0O8XSR9Q;5~TC41xA3cZ5&C8t(}$QG4_)+M&m&e2!)X+FO$B2$t8w%;F+k
zN3n-$5=kmb*bVSO0v&DzVN3}b>?49H#ng$CmbmK(y7iGX(<S!U4z~pZymOw^7>W@k
zS~y-;Wj?TakJ$brkx`$&=IbhgIoM&WW-=g-nZ7_0MhH>mZ))Mq4v1Mt$RY5XL&}t2
z^nf|1z{{k3L%+59r&4Al{mBGx`#&skZfDae@FJbL1YeGh=lVXbMv_l3D3ea_dbUDL
zk}Q~xk1{4O$JiXO5+*@HRawQJ<oi>fB&(-ACXlvNgIXeTOf!qTFH|w}r^*){ZQI|n
zaXA6xwEs;U;i4c8Fxc2XbELzB*+OG#(Dh15)argo>r^{0P_xLa6(9}5zN}<(XMxe%
z`tg(;zzsq8FRs~U>I^7rKvRC$s?$f`sEy2k;setzpg`TW3{2f<sU(h>IQr6pm{@%<
z-eX}RZ&XD~g3yUoEuMHhG|3WC=V%pni+ZpT$B+3Oa||%Tn2(^#2Y+2&IOan@u5KKV
zSmB?8p=VJ|kdxUaqL@(ij7A!fCNQ*0d+zL>?|qO)bovX1xZTsY{;9%xw=M^(luvx7
zSjrK0CZhC7C^<NZN9~k+&!yD}5&550@e%{dYbL&v&{cB^fKVl^{LB~v!=8+2d=jnz
z`7B3oY;B2J`Ca)$ecmQ2g{*)J^xBT9>)sik5B7k{P^V7Sc(I$zYti0VC9?I_v4Eyf
z3K_P2mWOq<X)&vH2$j5ks~u+6ciZ6%(#%#meYGoT$;ZSQ1v-aY;V%ZWd<G118*7(i
zL9p*WW;BWv*W)C8oq13fFVI>!?J>K_T#F@J%BaN$u}*{+rnQ9*M{1e3`dKmQM*Rgf
z2Z1j#H?FYka1b>?JB=QGdHOYi3d-%`XIaZUlli1R&bV@9H}=UQ=u^X%NRax#;d|JM
zqE|DA`sAy*j44qh-9n4qIx|-U7Y$H~?*GYu_tZuu22lnD6-$Os){7=DsLco}M51Z>
zEYtR<^UMU=5k!coJrK!0x(4+yf<&rqhc776brM8zu^V-2XubxOh0Y=}Th*E<v&0Y1
zp>zVd7-6K?iB0yAFi$5PAvIiPV4(b8((w>ZX7HSw8Ai3`Q7*|Y&g$ZwC#hJO7JAC<
z>cqy&OZQV-eBkJP?K?Gdg?ajjgb;a$z8^B25QB-&XhZq14tiBs;OK7xLtxEI(POj+
zU!h`JinMqp{0fg1q3v)ltzqjQPpm92C4cnc>xkUog4bVdr=AatkZI=C8r2+;4CAyg
z(S4f<9e53-3C#3CZEMfNmG)Q#S1k_N!i!X^E@bWss6Tn5asY~e&)PV0{Z>RiHCIVA
z9c!r2mStd(61+%2EoDRJ(I0CsjfmGrvYx+HhWzWcF`1ao1FoyCeTIv|^IZgNiEL6s
zq;ds(XKquwhpo3dW@UIIIIv@HEg(Q2_|melSq1W<^Ce>6_qDVcp+c8^<roNbkW*VH
zgW{q=P-SOgkk59IIG!;$!a6c1HCw0-=hqPbJC|F&tdVGK9}3%wC*^AL>JB+Zk--Cy
znN#oDP|Y2`#J3vw>Bq70CuttV_No1->tC0>CK$>(i3&-$aud7J4Nf>Z?cAfu3SU-2
z?t42xU<#jFU$IrxJomFE$a9S4Z2iWF!9YGd<<ZaQYIrXgU?i?0QfD#-U{aS2L3FY6
zn|X9cEfyF;JD{60usH?kL{S#i!W{XEh?WRI(uI+@VC1e4CH!s5&!fLI3>K>)Is{~X
zsx>6`7|m}EVC2EY<8*N<Vd$wg3a8wF1eH9FPDohWa-%`EIbuQ>uOtjL`d#csU9uW5
z`e--LY5}U3|DH}|E-xjg^IdEEx+oC}h@UiF9}x`DO^nm@7dd&n7YV=|1+=WfWY7EW
z5<e|^7L3!GIUyjIx$%BKU10TT13{CMr|1wxhx`)3^TYi{EOB2e_DRS%Fn5{@f_yEW
z0)POuLux?KU<H^>8dLcq@rq6-?|5E%x!SBKdD(IAq;!Z+S2qP_M~>DmVB3%9WE@j7
z$4SFeaI*Az!Bc2>5NbKnKhhAP-K7a41P4v+3H9l)IkUqS59{lcl?}<+Jmw;t?>L)B
z&P5Zkjx9-vjHJW)a0@5?GLCtD&b)@Jcg=rNlg*x;4@+TRf&yA=lXpKE+U$U);n4=F
zqmS<031;9<YmfUEX0`+`xP0<Fosxng2paAMKGc7x!c@Wco!wE*V>3(MjO<X%mC-S|
zHMY9|mZ0IV8YH90V_`VBSU@!KT}J4aGu!YY)toV7x51$$rhX|JT|z4|9=A5LI)!*S
z;{S?Zhs%l0q*vY6ObuLFi0T>4!g%{|DX6CNOCvfWy%Q3xL6)%4M-P_>Ltu|JMWL@)
z2@a(h1ZlDkxX#sAHbl*6|H6Bs;uB~aP0*}BY&0Usth|<EmgTV-d~%406-Ru5SP7v-
zJh4Jeu7WKjI`Gp;=Z#vcx4A~DZr+?vqOTHg4LWU9r<Os6I>{5RX5|$99S)dod);&R
z2GOVYhJpI=!UB&)KyU2rCUAy(mh8v^g;!J}h?1q3)4_*Wp;}#DnC4k}aF^&Yt$+)d
zp2v2CL*IFG6cGmVgJ1P97?K@mc30@wv~>d7)o34Vwv9cZj>V-KnIpSl*n6CCCP=2S
zALRL{HE7VI(b=3UFRfq`CA_4FL*qEJgi>lbYwZAfynnd~vPKSa+8@x!33ODA5bW8H
zU6I~F5V8xEGEkXTcBP#m(oY|fF9mP|eOS<<O?GHzqeu*R@!v4vfOlRuY}KK<dr45#
zYY5DN6jlMLv(3tldx<NrzUgKb4>9zzGYI?+ADIrVR<HtS6b*NRPcwHvS+@5s2(sb!
zyuWKhuH^cN2AARY<5C4p7F&opz9>=!sn4(M$xsaRIB%y6?F=|-j!-dA#?H}n5=1;r
zJNH;@_yX--%<-yU)ur&}r(}S0uiPu+vC}SrDvetz$U59JDc-1`{;=N(5l`|dX~CV`
z=3Cu5R?sl0=`HVriFH_o|3&S(<m}<-n}~zqj*RHbM$gllPI-YwQrzEVq38kl0V8sQ
zj~B;5b*Ya;vF_wfv#OY^M%<R9QYwyL$GiI~F4i)QYWuKrh&{ie24ta(d2a}&_<G`!
zhjGuA7==w8Gv1{fbNNec8n5-N^G{Jr!*{SQ##UznE2_CqLLREcu9{D_Igt{;HkHig
z1m{2--)aYVP%fZP{dp?xB-@)56YGQ9cq9-9$r>J8MF+d@wr2Sub3%aO&>%qrIyiGV
zbiAg_n-6Qg?A3w>pEw2kaET5-jk%&DT9ob<S3;BnZa-V1Y>Ebg^u==+H~0+6g1=kg
zCY+SW%_c-n=&N1x>t`=d(FCRGo6i@r_=5WZ!CuLjO*w&wE7)Te(*Xq)Qo5ytT*_m?
z5yurfb4!HT-9O@bV?9EwrPlOq6{%$Kyz8K_zC#i&M(PAcUv!)PofnHoz#852c&$M-
z{0t{gOOsb=s-(Y|p<taQvYNlqG%r<LWrf_u58tCuDBtrdyXaJ42`?>I1Mg)d%gH@I
zEi*|QZ+fmei&`<B$#k}^Ah3?q3&e;HBu?=QV55Z0?w1cgyLE!KLs?m{_hx&=8=v;W
zXdS6#>H8ggLiF_|4}jU50XR)Q;e^-is|>^Yzg+;a9yzsdQ8b;~+-(rr)$ilwnAt4P
zHL46KINd>A+l_o#n+;n4SVs*p)%@L_|6@8C?O<7@;+a`a$99zizVnQY7C*j+pcQ4k
zig)}O5lJXpXF9jBoH@tqBRIz)i$9PGVs271I}7`YRKKcY;$J-c2L}e0O)Z*7yv9A!
z{>S9l*cTn$V=sNIqZ3P&0&>yU9NC*Nk3z%Cm=eM;a6Tu%X#cBmtu(E@>sch;eK6T`
zvEL2k@37{ef#WOi&*rPgB|8d2^4H0Of2BdZpKzLzM2V@4y|vuYpj$<%3qM+Q<Q)1n
zP9ueCPy<zz>}d`75a^zfe(b(PX$7Eaf~%}&aaSP~n7T*D?E$iLk!-p&VM@j>M_#@x
zw`~B74qqe^FP*)*xL3HXkOCM~Jsz@+SLo3LPwD}mx7yB{?5s?P+xJ9u{czDdixX8?
zwc6-9sRA85RA~p<|ECeSTbU|65=TODy9D%|r#Y>JFzJfgGS>=CiUzC4{3*iY{{+>)
z;!`Zl{1NoVvh2=;fk_kS+Eei{;!*4uKh^}BeB@X^u`_#Aq~;02p*ofJaeh*abP_|P
zjrL#)Nr2K?Ep`=F5qz;DujE-O*FG?tl5S@kNML|yatO^BBoKpL(4DPw{J@ae-<oN_
z=xwaxzZy~r4Sl*5&{VaYLE&lb=B(fzcJQ-T8eiTu7YR5%WIw-cyt)@oHshJB@*a>b
z0y92h63=jpjR_<%f1R5EbcUe}1-Q6SpFN%#1#u!2qke>VRiHI5Kgh#ES)9QalX0R2
zQnjI`70}`1Fl_T_^@Gk)#%h^wMSar6|Le$w`oDRAqUylW=%1?w0KWkZX9=Y{{ZTc^
zH){V6Z<PpLXKCw$3)0%)?+-G}es9dy$h4lT0{dzWtN~B5GxNGBiyptt<m)MXxi>XE
zHXrwOO-f4~MC|5p6Igckc&nX?hsZ}Wtt>0@D}5U|bv>@8yL6gZHUMj>D@+$d%fh-S
z+s!|9x#awUFs8?hJml<DGO_2oQwHRm0sKX|xOwWMM~U07oN&?oKGqE-3GY|QNVDmm
zntYw1{h{ihA=I!<{J+=-TBxI|CBdK#J_hsUBS#;U&Lk_*hVtn4*}zztq~;t0uU!{M
zyiwht=_UIMyVvmtjbK<Nh-}uA38DEMucpbq^J%tD+}J3LKlCc=SlMHwQh{XU#q_!p
zOP;F?yb~`l6N=y|W(*4omMqUWNOPbbWVz6?P0vSx#tx-qxvDX%l-ZeY6(#BMjzuE0
zhbA4C-kah;to6Ciwth^J;&;tVcd%vwBQhKUf_Z%(T#ha&az1qT0^^)fvBZn%dRG80
z8nyM{xrfdl!0Bco!VxR<p=XB9fDI8KOrZjCr;baM^-DEPHcl=V+dN+&AD?4e#c)3f
z3C;)rQ;W|g{(HO6<F7f@DO-!o5^lx}LjP%_wAL`{nS{(PYYVwqaVh>uON!S8)6%P+
zkK0X3Ggm-()BLXds2L_#qPN-`{jJ)f2`Gb~F-CkBz*shb=-5EJp8VVBX_dc5Kv_^U
z??Ez|SW!VunAFRP*rMd+BE3IZXMk(~Zp-}p)`eF*bQXIRg~por6C^=K@IeyU;9XwE
zd~6j02HGqzi*nk=okxGZFoCD{>8nv{{~oZIQK+z-zi;FaR$Kh>@>WYqIZew@&&^`3
zPgER%KTBUIK5x<d9oL`=5}8L%q1C@V8*yX)ufKabj{6S2;LU)v_&W`8@RQQH6TEzk
z+46@EQUnh66%hzkCJ@qaikwadG>h-x<=ucq1%f$-{tbt-S0N@HI8~$^evB+K&g;Wx
zAg(W_F`++q#&9?FU@duAu)Da3m04;i`+8zl`*vqjrO9Z)9lD9%Z3^2JKAwXgpRHHS
zmx&+2C*gnwdfMd`e#jgNqKb9T9<AgEf_L)G;==WYa?oUdtP$ePQy4mx6<&3bgn&}1
z;Y1%uHo5^1);{d46JSh2TddB(M~%t*#~+C)-zWYq{YvDYru14RI=+m1CEJ9AWCV|+
zu`%tuKY7LUNZU1w05=G@MjacVz<<7P6Bt2+4!O&;3BpA147CNHy~rNq4WU;Z^QDU9
z3#X!A=4j(mSYEBvZC&ZMqZVEZs{40@uxjS^o`n4sf%lP<|3PK_LcyBN=gw8LiMBx6
zI1=Iqb9Q?4s*qP^gx8q-b2$#_Iwr&1DQFUIE>}V%>{Uwp%qCXs0^sF~j+DD84gkf-
zor0=N6%*SOBXrYS3ysacXE!o@*+%>C7aA42i@o7bt8H2Y!|y#sZ5G!lwOC#u?a7-l
zptQUfGgVN2OJkw^?0Sp@`p*?@@$A#sl4jU8#S;`I`jc&Ze)=<GE98#Vt|XMyj3wxY
zh0_bf!Uv$xL&k;0e=>B+3y$4ROH^AoRBAFWNBNE1>u<-_2};LyvHF3QHwVHWQQ!Is
zvNA$E;y#4^M!CK7QtW@o_0)s0E<j`|<+`kti<zfK0kk{qh4p1HTV_R{4Dtn~juzZK
z5qnb$w66x95v{VyXiw&?gNM87IjS@0;m5}UPVn9XQjoPiiV)03M_NCR8{8!w4tK^e
z3r&j8r2D5EP<4buLEF)&N)JKT4GrmdB+4@)rKs&Gm=wla0Q_YDTLc3-{M=qL>~oHD
zL(>R>?6IIYa9%eP+)y>hF#YYl{A!~`+s!D9c3-u5GL3NIyQQL1MM(lNX0oY@$BWYr
z&%(IbGQ}2$l0<N7*j<5H89}9N+-S|)bf@L#6EivobpY>;Ev2F+_Yrew`+vPNK!Gz!
zmCT+pxjP+{SOm~7>kKYc=pwC!bY>^3m<AJ|(aym|42Q6wdwyZqU|I4_rFe=VAf_Fr
z6TXb;5D2^Xd3Z|N{d5*KQElkn`ZMV+%Z#+j1m;!stD?`{6}5Dm2P3N^=R717%py@Q
zg#CJCMnHAfm$=oAvFp<sX=1lP!?b9Zyq<7O!UhmH{RcTF0phf{B37og0Rm()xo`?R
zUxd1$LA}+Z%Ez}DW-6K(HJx3c;Nlu}s1;M)VQ&gp%)hPd{e-KxDa}js1vT_XD5=A~
z-E+tik|Ysf5N#=v*QJRMywP#YjO+&&v5=ma=E1pW$wl=)|G4M$o%7R3weuTf=HvoP
zXc42jUq`ePOQ||&`>()aSgbnjyG$2fQdL`hLy=jGC;XqikQA>0^}Qd7*x<+&vDX#(
zVP-JTDC0$>TM@5NgwdT7kpNg1u~HCA`cYsBZdGJ}bqBr}g`;r3FQ-x>c5^$KTFma?
zS$wD-WOyIDn<G|HKOFm-PGU7_M5a)&H1elpLNRTWy9mrOl6hLEY#S49GsxyKsk6ZC
zVxo_~&tj5Ckk)}JhPahtx5>!^=k<5{!SU99La4B+Ud4+fvZW3*<>=>X^^{gBDwz?h
zf=se$JY`iX@bQwzjfA0tgV16=Q9ZP>gx{}^*3<Iz*Fh)2G8Yb$HbxSSVHcNd<t{k5
z4?4OWzVw1x3$1^Us-WNDfL_F*pU|!AjEiTW2L$oFapa8gmj|7p<XfLfC`(ZMyb(ve
z&`9py7YNQPHEGV}%Y0{}{XMb_`Vm`v73+9=SU)3k#6_G$kC@4&=SwXNB~wC@UUgbz
z)>)P{lzmfa-o`yB$2V*wlG+YtJt|$6?xyoTR*>2h#bXB}kYAG^?qy(Ht$5QtMnHzu
zuQiNS$C{S(xwpW4=Jm~prPEfM`~YO7F9k%6w<I(eH#Nvqs~yj`3MpamI2SEv{4~e5
z>gX5^8bAj~q6RGe0z%<AW<x4oRb+N2`2MiLt;D8i<UAS(7|uCd?}6$m7&IL}KRy((
zX;}&wdM9QCk>rkppXM2V!3ewF7O2+T&fNuPgy(iuL%D}bd;_f%YM|cFv|6BS_|<J1
zGZL4@Mbw4NxtamXzVS2wvD9fiI+1?>lOKecvCW{;?tWw|Mg=9682zmI$~WX~K*Olt
z0=aB=BQ>V4ywjon|JqkejvB84hFLoqM_r@!-*l5MR52&L9YyiUTah(1NT@~JkgBa!
zpHcN+$@|><mzHFAtn%{=qVfdb5UbZhHqrHLKgs!YSuqKh2K4@A+K*mNLvendJEy!>
zt`o2=5<;D@(20xP745~$KtgqQz5I?~>(cFNx6TN*D1GSq=lqC;#io<gXfIsssIQ88
zRDjzStR{XmT3!=OMlXw})Iw`Db%*ofnA@hd*c2)4ZLo$cA_O%ko)4)0z*lxTUFnX`
z@xoS$WN@Muw;Ef$8A(yzl$=C`Vi`J<SE#qTNJae-KCjjbL*b>HL^N(%5493H`^g%S
z$C@Uj%3~4%A!p(^&EzYSTz6UUgW9%g67rl!Wi=hbdNhQR;RSHh0v6wc<}svH7nKvG
gF1*`P4KqjQr@RrER)Hyh0L0}sVg^E~5(2x8F)D<3H~;_u

diff --git a/stacks/insta2spotify/main.tf b/stacks/insta2spotify/main.tf
new file mode 100644
index 00000000..adbda115
--- /dev/null
+++ b/stacks/insta2spotify/main.tf
@@ -0,0 +1,243 @@
+variable "tls_secret_name" {
+  type      = string
+  sensitive = true
+}
+variable "nfs_server" { type = string }
+
+resource "kubernetes_namespace" "insta2spotify" {
+  metadata {
+    name = "insta2spotify"
+    labels = {
+      "istio-injection" = "disabled"
+      tier              = local.tiers.aux
+    }
+  }
+}
+
+resource "kubernetes_manifest" "external_secret" {
+  manifest = {
+    apiVersion = "external-secrets.io/v1beta1"
+    kind       = "ExternalSecret"
+    metadata = {
+      name      = "insta2spotify-secrets"
+      namespace = "insta2spotify"
+    }
+    spec = {
+      refreshInterval = "15m"
+      secretStoreRef = {
+        name = "vault-kv"
+        kind = "ClusterSecretStore"
+      }
+      target = {
+        name = "insta2spotify-secrets"
+      }
+      dataFrom = [{
+        extract = {
+          key = "insta2spotify"
+        }
+      }]
+    }
+  }
+  depends_on = [kubernetes_namespace.insta2spotify]
+}
+
+module "nfs_data" {
+  source     = "../../modules/kubernetes/nfs_volume"
+  name       = "insta2spotify-data"
+  namespace  = kubernetes_namespace.insta2spotify.metadata[0].name
+  nfs_server = var.nfs_server
+  nfs_path   = "/mnt/main/insta2spotify"
+}
+
+resource "kubernetes_deployment" "insta2spotify" {
+  metadata {
+    name      = "insta2spotify"
+    namespace = kubernetes_namespace.insta2spotify.metadata[0].name
+    labels = {
+      app  = "insta2spotify"
+      tier = local.tiers.aux
+    }
+    annotations = {
+      "reloader.stakater.com/auto" = "true"
+    }
+  }
+  spec {
+    replicas = 1
+    selector {
+      match_labels = {
+        app = "insta2spotify"
+      }
+    }
+    template {
+      metadata {
+        labels = {
+          app = "insta2spotify"
+        }
+      }
+      spec {
+        container {
+          name  = "frontend"
+          image = "viktorbarzin/insta2spotify-frontend:latest"
+          port {
+            container_port = 3000
+          }
+          env {
+            name  = "BACKEND_URL"
+            value = "http://127.0.0.1:8000"
+          }
+          env {
+            name  = "ORIGIN"
+            value = "https://insta2spotify.viktorbarzin.me"
+          }
+          resources {
+            limits = {
+              memory = "128Mi"
+            }
+            requests = {
+              cpu    = "10m"
+              memory = "128Mi"
+            }
+          }
+        }
+        container {
+          name  = "backend"
+          image = "viktorbarzin/insta2spotify-backend:latest"
+          port {
+            container_port = 8000
+          }
+          env {
+            name  = "DATABASE_PATH"
+            value = "/data/insta2spotify.db"
+          }
+          env {
+            name  = "SPOTIFY_CACHE_PATH"
+            value = "/data/.spotify_cache"
+          }
+          env {
+            name  = "SPOTIFY_REDIRECT_URI"
+            value = "https://insta2spotify.viktorbarzin.me/api/auth/callback"
+          }
+          env {
+            name  = "SPOTIFY_PLAYLIST_ID"
+            value = "7lcLakPy8pwwegFoOQ7MoG"
+          }
+          env {
+            name = "SPOTIFY_CLIENT_ID"
+            value_from {
+              secret_key_ref {
+                name = "insta2spotify-secrets"
+                key  = "spotify_client_id"
+              }
+            }
+          }
+          env {
+            name = "SPOTIFY_CLIENT_SECRET"
+            value_from {
+              secret_key_ref {
+                name = "insta2spotify-secrets"
+                key  = "spotify_client_secret"
+              }
+            }
+          }
+          env {
+            name = "API_KEY"
+            value_from {
+              secret_key_ref {
+                name = "insta2spotify-secrets"
+                key  = "api_key"
+              }
+            }
+          }
+          env {
+            name = "SPOTIFY_REFRESH_TOKEN"
+            value_from {
+              secret_key_ref {
+                name = "insta2spotify-secrets"
+                key  = "spotify_refresh_token"
+              }
+            }
+          }
+          volume_mount {
+            name       = "data"
+            mount_path = "/data"
+          }
+          resources {
+            limits = {
+              memory = "2Gi"
+            }
+            requests = {
+              cpu    = "50m"
+              memory = "512Mi"
+            }
+          }
+        }
+        volume {
+          name = "data"
+          persistent_volume_claim {
+            claim_name = module.nfs_data.claim_name
+          }
+        }
+      }
+    }
+  }
+  lifecycle {
+    ignore_changes = [spec[0].template[0].spec[0].dns_config]
+  }
+}
+
+resource "kubernetes_service" "insta2spotify" {
+  metadata {
+    name      = "insta2spotify"
+    namespace = kubernetes_namespace.insta2spotify.metadata[0].name
+    labels = {
+      app = "insta2spotify"
+    }
+  }
+  spec {
+    selector = {
+      app = "insta2spotify"
+    }
+    port {
+      name        = "http"
+      port        = 80
+      target_port = 3000
+    }
+  }
+}
+
+module "tls_secret" {
+  source          = "../../modules/kubernetes/setup_tls_secret"
+  namespace       = kubernetes_namespace.insta2spotify.metadata[0].name
+  tls_secret_name = var.tls_secret_name
+}
+
+# Main ingress — protected by Authentik (frontend)
+module "ingress" {
+  source          = "../../modules/kubernetes/ingress_factory"
+  namespace       = kubernetes_namespace.insta2spotify.metadata[0].name
+  name            = "insta2spotify"
+  tls_secret_name = var.tls_secret_name
+  protected       = true
+  max_body_size   = "50m"
+  extra_annotations = {
+    "gethomepage.dev/enabled"      = "true"
+    "gethomepage.dev/name"         = "insta2spotify"
+    "gethomepage.dev/description"  = "Instagram Reels to Spotify"
+    "gethomepage.dev/icon"         = "si-spotify"
+    "gethomepage.dev/group"        = "Media & Entertainment"
+    "gethomepage.dev/pod-selector" = ""
+  }
+}
+
+# API ingress — unprotected (API key auth handled by backend)
+module "ingress_api" {
+  source          = "../../modules/kubernetes/ingress_factory"
+  namespace       = kubernetes_namespace.insta2spotify.metadata[0].name
+  name            = "insta2spotify-api"
+  host            = "insta2spotify"
+  service_name    = "insta2spotify"
+  tls_secret_name = var.tls_secret_name
+  protected       = false
+  ingress_path    = ["/api/identify", "/api/auth", "/api/health", "/api/history"]
+  max_body_size   = "50m"
+}
diff --git a/stacks/insta2spotify/terragrunt.hcl b/stacks/insta2spotify/terragrunt.hcl
new file mode 100644
index 00000000..f4c920ab
--- /dev/null
+++ b/stacks/insta2spotify/terragrunt.hcl
@@ -0,0 +1,13 @@
+include "root" {
+  path = find_in_parent_folders()
+}
+
+dependency "platform" {
+  config_path  = "../platform"
+  skip_outputs = true
+}
+
+dependency "vault" {
+  config_path  = "../vault"
+  skip_outputs = true
+}
diff --git a/stacks/insta2spotify/tiers.tf b/stacks/insta2spotify/tiers.tf
new file mode 100644
index 00000000..eb0f8083
--- /dev/null
+++ b/stacks/insta2spotify/tiers.tf
@@ -0,0 +1,10 @@
+# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa
+locals {
+  tiers = {
+    core    = "0-core"
+    cluster = "1-cluster"
+    gpu     = "2-gpu"
+    edge    = "3-edge"
+    aux     = "4-aux"
+  }
+}