diff --git a/Berksfile b/Berksfile
index 5f06173..57bd762 100644
--- a/Berksfile
+++ b/Berksfile
@@ -55,4 +55,4 @@ cookbook 'homebrew',               '= 3.0.0'
 cookbook 'mariadb',                '= 0.3.1'
 cookbook 'ipfs',
          git: 'https://github.com/67P/ipfs-cookbook.git',
-         ref: 'v0.1.2'
+         ref: 'feature/reduce_memory_usage'
diff --git a/Berksfile.lock b/Berksfile.lock
index e1f5daa..da37d29 100644
--- a/Berksfile.lock
+++ b/Berksfile.lock
@@ -19,8 +19,8 @@ DEPENDENCIES
   hostsfile (= 2.4.5)
   ipfs
     git: https://github.com/67P/ipfs-cookbook.git
-    revision: 78d3edfd78c56a25494ac84528e152762f38b3be
-    ref: v0.1.2
+    revision: 5aa50ecc7eca5c7f113492057ca3bc8158e5154c
+    ref: feature
   logrotate (= 2.2.0)
   mariadb (= 0.3.1)
   mediawiki
@@ -100,7 +100,7 @@ GRAPH
   hostname (0.4.2)
     hostsfile (>= 0.0.0)
   hostsfile (2.4.5)
-  ipfs (0.1.2)
+  ipfs (0.1.3)
     ark (>= 0.0.0)
   logrotate (2.2.0)
   mariadb (0.3.1)
diff --git a/data_bags/credentials/hal8000_freenode.json b/data_bags/credentials/hal8000_freenode.json
index f6a531f..4e09a1a 100644
--- a/data_bags/credentials/hal8000_freenode.json
+++ b/data_bags/credentials/hal8000_freenode.json
@@ -1,33 +1,31 @@
 {
   "id": "hal8000_freenode",
   "nickserv_password": {
-    "encrypted_data": "wVOuYDPJAjWN/Un+cB/bpKD7gJ4FOOfY6xSTwpOutMD+KmhgjEX4Z99G9rwv\nmeFoBiO3Z9O+C1BeIf3YGAgWnfBgNS5eRnGAxhkzsVyvpyo=\n",
-    "iv": "26SarumevOdpdim4omgXng==\n",
-    "version": 1,
-    "cipher": "aes-256-cbc"
-  },
-  "rs_logger_token": {
-    "encrypted_data": "A3z2klmsLGwmJmB4eMVKJu5yC2mjaQii7SAuYBSl/hVtrrWDqlqR5N6vqHSv\nMWoXhptuF+RBOL7wgg0DN08B8A==\n",
-    "iv": "hpQA2RgJhHytnvoxgsuAhw==\n",
-    "version": 1,
-    "cipher": "aes-256-cbc"
+    "encrypted_data": "rkCsvjS6EipHlxgxPdSiPVl6CCyjyy845P2ftSykmIW0+fxahTSOxbSMYJl8\n1DW6Go88ZE+eKKWIugp2nWDS+5Pnx58I\n",
+    "iv": "EvNcR0eqpZngoNJx\n",
+    "auth_tag": "kKFPUuff8llgVZYROTg/EA==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
   },
   "webhook_token": {
-    "encrypted_data": "w/cC18Wte2w2j1mU9SkeepRxOm4zBgZKd7djU6N1t3i7YgjEhHMPeQmD4m8f\nxhes\n",
-    "iv": "dqFAa3sXHLePuH26YrJUxw==\n",
-    "version": 1,
-    "cipher": "aes-256-cbc"
+    "encrypted_data": "ItDsU9w6HCGS7ykQdkZEXQEZzPEt6bW42Fbh00AtZz+h7JmQ\n",
+    "iv": "OdaAg/XoUMIEfQEQ\n",
+    "auth_tag": "9ThqnVhWEZbo4jF4lqa5TA==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
   },
   "kredits_webhook_token": {
-    "encrypted_data": "mBESEC0w2Q2wf8LRtHUtKAPDkqqt/xTjtoKCXVbu92xJedCccS51qZNcHp69\nw64Y\n",
-    "iv": "iZX6EzyyFkTHvJ6nnUWT6Q==\n",
-    "version": 1,
-    "cipher": "aes-256-cbc"
+    "encrypted_data": "kUp4XAQkwWFphQT1f4wsGVJJtmhBqrEiW6W1D1ONrpZ0z94=\n",
+    "iv": "XiGtQlKn4BvAeaS1\n",
+    "auth_tag": "1hkTI7ccxBN4/6U4VF19WQ==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
   },
   "kredits_wallet_password": {
-    "encrypted_data": "6Lq61jWP1oRSLiI0JucQtCdGnPFeJOYpSMZ9nw6oIkWEFbdMXnrEnKNxYJax\n0abI\n",
-    "iv": "XMDv5T30HTK/BhsR1lH79g==\n",
-    "version": 1,
-    "cipher": "aes-256-cbc"
+    "encrypted_data": "mKcJBPto0OdPpBXB5x3ynxq01DA2CEz476lTAgjGjTNDHQ==\n",
+    "iv": "LIvTZ+fx1suOcnjD\n",
+    "auth_tag": "mcjLU242nqtNn5XR7ku4BQ==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
   }
 }
\ No newline at end of file
diff --git a/data_bags/credentials/hal8000_xmpp.json b/data_bags/credentials/hal8000_xmpp.json
new file mode 100644
index 0000000..c9eccfa
--- /dev/null
+++ b/data_bags/credentials/hal8000_xmpp.json
@@ -0,0 +1,31 @@
+{
+  "id": "hal8000_xmpp",
+  "xmpp_password": {
+    "encrypted_data": "7pE9C6Tdjeg7ZFjtwzgPzC4ekSgPzN18A5ia5awJnKA=\n",
+    "iv": "p3RqfadD1sPKEof3\n",
+    "auth_tag": "4zYf0anagoLn5bF3Rt95BQ==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  },
+  "webhook_token": {
+    "encrypted_data": "T6zu7cd5/PXZP56PwjIo5XIjUOJQQSvobvgIekCIB3SgyWQr\n",
+    "iv": "LwCkuGJP2eZC8S4Y\n",
+    "auth_tag": "qH5ckddELQR32z3oYxELMg==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  },
+  "kredits_webhook_token": {
+    "encrypted_data": "W6xJKRCsoX6qY3QJW/kR5I7Y9LNS1L5zB6X1oLzE71soQ/Y=\n",
+    "iv": "Piw00LKQysN3AVJN\n",
+    "auth_tag": "BwH/mJoBtqhA5wNXwFUM6w==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  },
+  "kredits_wallet_password": {
+    "encrypted_data": "dFKch6Gjt9oN21w15EeHvho1/f7+mZlKe/aOtoHJtmCgbw==\n",
+    "iv": "GCueL9BRmLFqlmDw\n",
+    "auth_tag": "Yq3nOeQenXz+c6VoLhZbQw==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  }
+}
\ No newline at end of file
diff --git a/data_bags/credentials/kredits-github.json b/data_bags/credentials/kredits-github.json
new file mode 100644
index 0000000..cda8c04
--- /dev/null
+++ b/data_bags/credentials/kredits-github.json
@@ -0,0 +1,24 @@
+{
+  "id": "kredits-github",
+  "app_id": {
+    "encrypted_data": "DVvsNFAlZIO1NMmo1dVbA05MYdyJfPG9\n",
+    "iv": "JP4lpX3pFT8l43Hl\n",
+    "auth_tag": "EncRbtgQigRvLIfbMS+IxQ==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  },
+  "private_key": {
+    "encrypted_data": "nV2ecoeWtL/TIM9grbsDAVh34gkaE/bJFc7qebUA9fOU40eeC7xMQst9pBZ+\nIfok2Y4Q0+ABQEKTrilfhSAOA+Hck66W2k1oNdCKXRcNb40T0Y01L77nNdzO\n0b6+uzopQ9oe2M5PF283gk8JWWQV9qED4eKpXEyU8prooA26KabXSrnsMESU\nIztULMsHNhUbDPHBRiEA6q/YUKlw8R++Sh9BcOjjeAEK+pueiARDh+yNMfJV\nomZRWfqncLlryDY6g+hbWEy5Oh+uMD8Th7zhbO//5dPOP1T6ZJjzHfhVQw+v\ng8txFD505yCBKiv70K4cHy9dF+ExFzJBcgr42gJ60gzShemZywAxOCDIc2yz\nFSEVwxGlxYRs5PLHhOT+KCaDzE7w5JmHDyMzv0j+IJnUtPPeInUUI9CNw42F\nmXygqGaY2BmJXAqYtCqEeMsZBtXijqu3TY3mmqxudupxethRrXZ9uZ0I3Ohf\nw6BCnqTw/sT3JkBxtNRQeEQvF+2G8ysXyLujkbqAyWiT+fCmS14FhisEOr8H\n6ojfRGb5iHHScG5wTwXn6tr4de9jjVk5Hrth3Rj46ZImMd1lzROPYyIcWFlS\no57Y3nmF6j7pjDBz++nInnpGlzPG+17sG4OSp6t0t93Vwkr8q9WNQjLo0Jqc\nLNaziU1ke3g+ZpKnHhUwJ2sCyVk4xvVD98hx4lhwCPzKghGQhWu6Vo2YfN79\nhSMjNw5N/3WFxdb5EuF4vYWOFitBvogPkAusZjrexlhUmGIS2qf+jlKvo6yD\nIl8CrCYZttj1UnyCuDmftIXTY9/7czBDQgq+vHlT33e7hNLHD7tFDeTEaz0t\nS+/I0+BgEnKv7aQHSSKExg3ZNc86yqfREKNsKxf4O6YiceBP7r/0qqFR6VBH\nIOQpUwK2e6cv70VmmtoEIjIpRZIOScrVVc1w2QlCj7xH9WfdEG9GSft3uHqd\nqbpegChVNuq2tEq7DoAC8ednjzbYdka4bpGJCqF6zm1c48WaL0G6VBLioi/r\nwFhCNi6AOEYkX0v3wovxME1aodfzBiu1Q6nEuzflZthr+1zERZXXaXY59VZ8\nqzWnLd5Xd/SxvvODY67fdykP90Kn94Xf+6XD9r72ch3S3ZqoWi66YFyqZ5Aa\n0LVKK+nCUwlGWjdgzcEcGx5OOyvbqm2VVnwWo2HuVk/iTzkrppF9y5nvFWUc\n6FfDdGWytkmzRH3KBZ9GKqgrIrswUmsSoIHESugVouJ+QfbFZZLLQS/0p4wH\nPFT8H8GSUvg8CEbap4JRW3R/+yspqSXipfIH5TrKr6NkyggWSE7EMNYq41eU\nuFWtwqX/z8x0SVVo+thAXkgg7KcZrZ9W4LdSGnfrx90QGZ0/K9Xs27pPY8R1\nSUNpaUc3S4Vxt28ualRBksuiIXT9AJGPGQf5UOgpOzBmDFw0GSjZdzz33tLL\n49Ymktapc6mC1FCxkJO3e+pI/I34+FcD9oiVea5v0Gg1cuuZInGJBYrq0PBE\nTaz0w2e8X/eQ2fVnQlUgmHlPcOugtoK8sLEO2+HDyBmIx9ypCfqFo6tu+MHG\nZTRp1GFmifYKUMnGvyxgo7mMFuSJtzgF/UR4PddbfX9yFAxPUTzM2Ba4s9um\nBZXKQoQB/dS9wXhmZVme9Yjq/D1d8w3wosSOcDV3apNerDxegbFqt8ugYbtQ\nmy35aHCXU560Xi1uyWBggRXsoWSsb3RZhNbTz6vsvsly9kj6pSUtxbAiwvwI\nrZuGwvNUgYHdXaHdQAqyCAiIF3KJfQGTyk2di26BZ3K8eTnP3tKbTT157Adf\nOt4e+sHhfmacjmXN9FFuOlLddOk45Y7YSRDwGgqS3NqTSo21GAPBSDqfwqkr\neG76OKxoijCMYeJQ6h0lqh8lXYO5h376BdbUMvZfiy8PzkfbCZ9j45b/jHQD\n8CSWz+T8LmQM4Mg69MZn3zAYOSrPQj9DMbwuQshqe19qRlrexRRemWATvkSO\nYchQJ2891WGn7WZ2vrd9VpEdiXdC6JmCpDfoBBJ3JcaknTrNx7VBPc/48rli\nIlso0fzzxTGIrJjFbYL38Br20/qZcXzOO+YJXuHY+n5vuZ2870yPck4r1vUX\n6HSRALY768YGSLNWwfg9sDfbOcpfxKrnrNJxF5Nz7cGN63CKm1e6GZG+vSX+\nNBkumwPGyUWtLJO+JE8l6yivOZeq01W+XOjSh8NzrQJ3Tt2XVhuqWy+ruXS0\nA9O2/tdI2pu0ed63TVaWL/ULYrfXtHtCOYyjc5ulIwX7+L9LXU2I9zmycp0u\n3eR50MpHBgGSCyk=\n",
+    "iv": "IlCQ6yNhvGFeTJlP\n",
+    "auth_tag": "bItEhCOGVHB2HMzWKuyExg==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  },
+  "webhook_secret": {
+    "encrypted_data": "5aUw9uwoX7BmUXCXLjJ82VtEOAAaneldYMUnv2XJqL+XUNokmdf/tQwTjI7R\n8Ov1+sXCp2R073apPUk=\n",
+    "iv": "6VeynEodre6uhBE7\n",
+    "auth_tag": "kRGFN3q+N0NKPwoLRrtgtw==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  }
+}
\ No newline at end of file
diff --git a/nodes/andromeda.kosmos.org.json b/nodes/andromeda.kosmos.org.json
index 42ec74a..6645f82 100644
--- a/nodes/andromeda.kosmos.org.json
+++ b/nodes/andromeda.kosmos.org.json
@@ -8,7 +8,8 @@
     "kosmos-mediawiki",
     "sockethub",
     "sockethub::proxy",
-    "kosmos-btcpayserver::proxy"
+    "kosmos-btcpayserver::proxy",
+    "role[mastodon]"
   ],
   "normal": {
     "postgresql": {
diff --git a/nodes/barnard.kosmos.org.json b/nodes/barnard.kosmos.org.json
new file mode 100644
index 0000000..0790fc7
--- /dev/null
+++ b/nodes/barnard.kosmos.org.json
@@ -0,0 +1,13 @@
+{
+  "run_list": [
+    "role[base]",
+    "role[kredits_github]",
+    "kosmos-ipfs::cluster",
+    "kosmos-hubot::botka_freenode",
+    "kosmos-hubot::hal8000",
+    "kosmos-hubot::hal8000_xmpp"
+  ],
+  "automatic": {
+    "ipaddress": "barnard.kosmos.org"
+  }
+}
diff --git a/nodes/dev.kosmos.org.json b/nodes/dev.kosmos.org.json
index d9d39ae..32e0f3d 100644
--- a/nodes/dev.kosmos.org.json
+++ b/nodes/dev.kosmos.org.json
@@ -2,14 +2,8 @@
   "run_list": [
     "role[base]",
     "kosmos-redis",
-    "kosmos-hubot",
     "5apps-xmpp_server",
-    "5apps-hubot::xmpp_schlupp",
-    "5apps-hubot::xmpp_botka",
-    "kosmos-mastodon",
-    "kosmos-mastodon::nginx",
-    "sockethub::_firewall",
-    "kosmos-ipfs::cluster"
+    "sockethub::_firewall"
   ],
   "normal": {
     "postgresql": {
diff --git a/roles/kredits_github.rb b/roles/kredits_github.rb
new file mode 100644
index 0000000..57f3d88
--- /dev/null
+++ b/roles/kredits_github.rb
@@ -0,0 +1,6 @@
+name "kredits_github"
+
+run_list %w(
+  kredits-github::default
+  kredits-github::nginx
+)
diff --git a/site-cookbooks/5apps-xmpp_server/recipes/default.rb b/site-cookbooks/5apps-xmpp_server/recipes/default.rb
index bfb1d13..0dd353f 100644
--- a/site-cookbooks/5apps-xmpp_server/recipes/default.rb
+++ b/site-cookbooks/5apps-xmpp_server/recipes/default.rb
@@ -10,7 +10,7 @@
 unless node.chef_environment == "development"
   include_recipe "firewall"
   firewall_rule "xmpp" do
-    port     [5222, 5269]
+    port     [5222, 5269, 5281]
     protocol :tcp
     command  :allow
   end
diff --git a/site-cookbooks/backup/metadata.rb b/site-cookbooks/backup/metadata.rb
index fb8bbce..d364631 100644
--- a/site-cookbooks/backup/metadata.rb
+++ b/site-cookbooks/backup/metadata.rb
@@ -3,7 +3,7 @@ maintainer_email 'mail@kosmos.org'
 license          'MIT'
 description      "Installs/configures backup via the Backup gem"
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.rdoc'))
-version "0.5.0"
+version "0.5.1"
 name "backup"
 
 depends 'logrotate'
diff --git a/site-cookbooks/backup/recipes/default.rb b/site-cookbooks/backup/recipes/default.rb
index bf6db5a..a7f215b 100644
--- a/site-cookbooks/backup/recipes/default.rb
+++ b/site-cookbooks/backup/recipes/default.rb
@@ -26,7 +26,7 @@
 build_essential 'backup gem'
 
 # Don't try to install packages on older Ubuntu, the repositories are 404
-package ["ruby", "ruby-dev"] if node[:platform_version].to_f >= 16.04
+package ["ruby", "ruby-dev", "zlib1g-dev"] if node[:platform_version].to_f >= 16.04
 
 gem_package 'backup' do
   version '5.0.0.beta.2'
diff --git a/site-cookbooks/backup/templates/default/config.rb.erb b/site-cookbooks/backup/templates/default/config.rb.erb
index dec61a8..1123f80 100644
--- a/site-cookbooks/backup/templates/default/config.rb.erb
+++ b/site-cookbooks/backup/templates/default/config.rb.erb
@@ -1,7 +1,7 @@
 # encoding: utf-8
 
 ##
-# Backup v4.x Configuration
+# Backup v5.x Configuration
 #
 # Documentation: http://backup.github.io/backup
 # Issue Tracker: https://github.com/backup/backup/issues
diff --git a/site-cookbooks/kosmos-base/recipes/firewall.rb b/site-cookbooks/kosmos-base/recipes/firewall.rb
index 233a34c..96dd212 100644
--- a/site-cookbooks/kosmos-base/recipes/firewall.rb
+++ b/site-cookbooks/kosmos-base/recipes/firewall.rb
@@ -38,27 +38,3 @@ firewall_rule 'mosh' do
   protocol :udp
   command  :allow
 end
-
-firewall_rule 'prosody_http_upload' do
-  port     5281
-  protocol :tcp
-  command  :allow
-end
-
-firewall_rule 'hubot_express_hal8000' do
-  port     8080
-  protocol :tcp
-  command  :allow
-end
-
-firewall_rule 'hubot_express_botka_xmpp' do
-  port     8082
-  protocol :tcp
-  command  :allow
-end
-
-firewall_rule 'hubot_express_schlupp_xmpp' do
-  port     8083
-  protocol :tcp
-  command  :allow
-end
diff --git a/site-cookbooks/kosmos-hubot/attributes/default.rb b/site-cookbooks/kosmos-hubot/attributes/default.rb
index e67c2d1..f4339af 100644
--- a/site-cookbooks/kosmos-hubot/attributes/default.rb
+++ b/site-cookbooks/kosmos-hubot/attributes/default.rb
@@ -1,9 +1,36 @@
-node.default['hal8000']['kredits']['ipfs_host']     = 'localhost'
-node.default['hal8000']['kredits']['ipfs_port']     = '5001'
-node.default['hal8000']['kredits']['ipfs_protocol'] = 'http'
-node.default['hal8000']['kredits']['room']          = '#kosmos'
-node.default['hal8000']['kredits']['provider_url']  = 'https://rinkeby.infura.io/v3/c5e74367261d475ab935e2f0e726482f'
-node.default['hal8000']['kredits']['network_id']    = '4'
-node.default['hal8000']['kredits']['wallet_path']   = 'wallet.json'
-node.default['hal8000']['kredits']['mediawiki_url'] = 'https://wiki.kosmos.org/'
-node.default['hal8000']['kredits']['github_repo_blacklist'] = '67P/test-one-two'
+node.default['hal8000']['http_port'] = 8080
+
+node.default['botka_freenode']['http_port'] = 8081
+node.default['botka_freenode']['domain'] = "freenode.botka.kosmos.org"
+
+node.default['hal8000_xmpp']['http_port'] = 8082
+node.default['hal8000_xmpp']['domain'] = "hal8000.chat.kosmos.org"
+
+node.default['hal8000_xmpp']['hubot_scripts'] = [
+  "hubot-help", "hubot-read-tweet", "hubot-redis-brain",
+  "hubot-rules", "hubot-shipit", "hubot-plusplus",
+  "hubot-tell", "hubot-seen", "hubot-rss-reader",
+  "hubot-incoming-webhook", "hubot-auth",
+  "hubot-kredits", "hubot-schedule"
+]
+
+node.default['hal8000_xmpp']['rooms'] = [
+  'kosmos@chat.kosmos.org',
+  'kosmos-dev@chat.kosmos.org',
+  'kredits@chat.kosmos.org',
+]
+
+node.default['hal8000_xmpp']['auth_admins'] = []
+
+node.default['hal8000_xmpp']['kredits']['ipfs_host']     = 'localhost'
+# Use the running ipfs-cluster, so adding documents adds and pins them on all
+# members of the cluster
+node.default['hal8000_xmpp']['kredits']['ipfs_port']     = '9095'
+node.default['hal8000_xmpp']['kredits']['ipfs_protocol'] = 'http'
+node.default['hal8000_xmpp']['kredits']['room']          = 'kredits@chat.kosmos.org'
+node.default['hal8000_xmpp']['kredits']['provider_url']  = 'https://rinkeby.infura.io/v3/c5e74367261d475ab935e2f0e726482f'
+node.default['hal8000_xmpp']['kredits']['network_id']    = '4'
+node.default['hal8000_xmpp']['kredits']['wallet_path']   = 'wallet.json'
+node.default['hal8000_xmpp']['kredits']['mediawiki_url'] = 'https://wiki.kosmos.org/'
+node.default['hal8000_xmpp']['kredits']['github_repo_blacklist'] = '67P/test-one-two'
+node.default['hal8000_xmpp']['kredits']['gitea_repo_blacklist']  = 'kosmos/test-one-two'
diff --git a/site-cookbooks/kosmos-hubot/metadata.rb b/site-cookbooks/kosmos-hubot/metadata.rb
index bbd1a5b..6458988 100644
--- a/site-cookbooks/kosmos-hubot/metadata.rb
+++ b/site-cookbooks/kosmos-hubot/metadata.rb
@@ -4,7 +4,7 @@ maintainer_email 'mail@kosmos.org'
 license          'MIT'
 description      'Configures Kosmos chat bots'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version          '0.1.0'
+version          '0.1.1'
 
 depends 'kosmos-nodejs'
 depends 'kosmos-redis'
diff --git a/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb b/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb
index 65c2779..a974cd4 100644
--- a/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb
+++ b/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb
@@ -2,34 +2,55 @@
 # Cookbook Name:: kosmos-hubot
 # Recipe:: botka_freenode
 #
-# Copyright 2017-2018, Kosmos
+# Copyright:: 2019, Kosmos Developers
 #
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#
+app_name  = "botka_freenode"
+app_path  = "/opt/#{app_name}"
+app_user  = "hubot"
+app_group = "hubot"
 
-build_essential 'botka' do
+build_essential app_name do
   compile_time true
 end
 
 include_recipe "kosmos-nodejs"
 include_recipe "kosmos-redis"
 
-botka_freenode_data_bag_item = Chef::EncryptedDataBagItem.load('credentials', 'botka_freenode')
+application app_path do
+  data_bag = Chef::EncryptedDataBagItem.load('credentials', app_name)
 
-botka_freenode_path = "/opt/botka_freenode"
-application botka_freenode_path do
-  owner "hubot"
-  group "hubot"
+  owner app_user
+  group app_group
 
   git do
-    user       "hubot"
-    group      "hubot"
+    user       app_user
+    group      app_group
     repository "https://github.com/67P/botka.git"
     revision   "master"
   end
 
-  file "#{name}/external-scripts.json" do
+  file "#{app_path}/external-scripts.json" do
     mode  "0640"
-    owner "hubot"
-    group "hubot"
+    owner app_user
+    group app_group
     content [
       "hubot-help",
       "hubot-redis-brain",
@@ -39,7 +60,7 @@ application botka_freenode_path do
   end
 
   npm_install do
-    user "hubot"
+    user app_user
   end
 
   execute "systemctl daemon-reload" do
@@ -47,46 +68,46 @@ application botka_freenode_path do
     action :nothing
   end
 
-  template "/lib/systemd/system/botka_freenode_nodejs.service" do
+  template "/lib/systemd/system/#{app_name}.service" do
     source 'nodejs.systemd.service.erb'
     owner 'root'
     group 'root'
     mode '0644'
     variables(
-      user: "hubot",
-      group: "hubot",
-      app_dir: botka_freenode_path,
-      entry: "#{botka_freenode_path}/bin/hubot -a irc",
+      user: app_user,
+      group: app_group,
+      app_dir: app_path,
+      entry: "#{app_path}/bin/hubot -a irc",
       environment: {
+        "HUBOT_LOG_LEVEL"             => node.chef_environment == "development" ? "debug" : "info",
         "HUBOT_IRC_SERVER"            => "irc.freenode.net",
         "HUBOT_IRC_ROOMS"             => "#5apps,#kosmos,#kosmos-dev,#kosmos-random,#remotestorage,#hackerbeach,#unhosted,#sockethub,#opensourcedesign,#openknot,#emberjs,#mastodon,#indieweb,#lnd",
         "HUBOT_IRC_NICK"              => "botka",
         "HUBOT_IRC_NICKSERV_USERNAME" => "botka",
-        "HUBOT_IRC_NICKSERV_PASSWORD" => botka_freenode_data_bag_item['nickserv_password'],
+        "HUBOT_IRC_NICKSERV_PASSWORD" => data_bag['nickserv_password'],
         "HUBOT_IRC_UNFLOOD"           => "100",
         "HUBOT_RSS_PRINTSUMMARY"      => "false",
         "HUBOT_RSS_PRINTERROR"        => "false",
         "HUBOT_RSS_IRCCOLORS"         => "true",
-        # "HUBOT_LOG_LEVEL"             => "error",
-        "EXPRESS_PORT"                => "8081",
-        "HUBOT_AUTH_ADMIN"            => "bkero,derbumi,galfert,gregkare,jaaan,slvrbckt,raucao",
+        "REDIS_URL"                   => "redis://localhost:6379/botka",
+        "EXPRESS_PORT"                => node[app_name]['http_port'],
+        "HUBOT_AUTH_ADMIN"            => "derbumi,galfert,gregkare,slvrbckt,raucao",
         "HUBOT_HELP_REPLY_IN_PRIVATE" => "true",
         "RS_LOGGER_USER"              => "kosmos@5apps.com",
-        "RS_LOGGER_TOKEN"             => botka_freenode_data_bag_item['rs_logger_token'],
+        "RS_LOGGER_TOKEN"             => data_bag['rs_logger_token'],
         "RS_LOGGER_SERVER_NAME"       => "freenode",
         "RS_LOGGER_PUBLIC"            => "true",
-        "GCM_API_KEY"                 => botka_freenode_data_bag_item['gcm_api_key'],
+        "GCM_API_KEY"                 => data_bag['gcm_api_key'],
         "VAPID_SUBJECT"               => "https://kosmos.org",
-        "VAPID_PUBLIC_KEY"            => botka_freenode_data_bag_item['vapid_public_key'],
-        "VAPID_PRIVATE_KEY"           => botka_freenode_data_bag_item['vapid_private_key'],
-        "REDIS_URL"                   => "redis://localhost:6379/botka"
+        "VAPID_PUBLIC_KEY"            => data_bag['vapid_public_key'],
+        "VAPID_PRIVATE_KEY"           => data_bag['vapid_private_key']
       }
     )
     notifies :run, "execute[systemctl daemon-reload]", :delayed
-    notifies :restart, "service[botka_freenode_nodejs]", :delayed
+    notifies :restart, "service[#{app_name}]", :delayed
   end
 
-  service "botka_freenode_nodejs" do
+  service app_name do
     action [:enable, :start]
   end
 end
@@ -95,27 +116,23 @@ end
 # Nginx reverse proxy
 #
 unless node.chef_environment == "development"
-  express_port = 8081
-  express_domain = "freenode.botka.kosmos.org"
-
   include_recipe "kosmos-base::letsencrypt"
-
   include_recipe "kosmos-nginx"
 
-  template "#{node['nginx']['dir']}/sites-available/#{express_domain}" do
+  template "#{node['nginx']['dir']}/sites-available/#{node[app_name]['domain']}" do
     source 'nginx_conf_hubot.erb'
     owner node["nginx"]["user"]
     mode 0640
-    variables express_port: express_port,
-              server_name:  express_domain,
-              ssl_cert:     "/etc/letsencrypt/live/#{express_domain}/fullchain.pem",
-              ssl_key:      "/etc/letsencrypt/live/#{express_domain}/privkey.pem"
+    variables express_port: node[app_name]['http_port'],
+              server_name:  node[app_name]['domain'],
+              ssl_cert:     "/etc/letsencrypt/live/#{node[app_name]['domain']}/fullchain.pem",
+              ssl_key:      "/etc/letsencrypt/live/#{node[app_name]['domain']}/privkey.pem"
     notifies :reload, 'service[nginx]', :delayed
   end
 
-  nginx_site express_domain do
+  nginx_site node[app_name]['domain'] do
     action :enable
   end
 
-  nginx_certbot_site express_domain
+  nginx_certbot_site node[app_name]['domain']
 end
diff --git a/site-cookbooks/kosmos-hubot/recipes/default.rb b/site-cookbooks/kosmos-hubot/recipes/default.rb
index 30c7091..65bcf67 100644
--- a/site-cookbooks/kosmos-hubot/recipes/default.rb
+++ b/site-cookbooks/kosmos-hubot/recipes/default.rb
@@ -5,15 +5,6 @@
 # Copyright 2017-2018, Kosmos
 #
 
-unless node.chef_environment == "development"
-  include_recipe 'firewall'
-  firewall_rule 'hubot_express_hal8000_freenode' do
-    port     8080
-    protocol :tcp
-    command  :allow
-  end
-end
-
 include_recipe "kosmos-nodejs"
 include_recipe "kosmos-redis"
 
diff --git a/site-cookbooks/kosmos-hubot/recipes/hal8000.rb b/site-cookbooks/kosmos-hubot/recipes/hal8000.rb
index 11941fe..87e92c6 100644
--- a/site-cookbooks/kosmos-hubot/recipes/hal8000.rb
+++ b/site-cookbooks/kosmos-hubot/recipes/hal8000.rb
@@ -2,7 +2,25 @@
 # Cookbook Name:: kosmos-hubot
 # Recipe:: hal8000
 #
-# Copyright 2017-2018, Kosmos
+# Copyright:: 2019, Kosmos Developers
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
 #
 
 build_essential 'hal8000' do
@@ -13,18 +31,10 @@ include_recipe "kosmos-nodejs"
 include_recipe "kosmos-redis"
 include_recipe "kosmos-hubot::_user"
 
-# Needed for hubot-kredits
-include_recipe "kosmos-ipfs"
-
 unless node.chef_environment == "development"
   include_recipe 'firewall'
   firewall_rule 'hubot_express_hal8000_freenode' do
-    port     8080
-    protocol :tcp
-    command  :allow
-  end
-  firewall_rule 'ipfs_swarm_p2p' do
-    port     4001
+    port     node['hal8000']['http_port']
     protocol :tcp
     command  :allow
   end
@@ -60,7 +70,7 @@ application hal8000_path do
       "hubot-rss-reader",
       "hubot-incoming-webhook",
       "hubot-auth",
-      "hubot-kredits",
+      "hubot-schedule"
     ].to_json
   end
 
@@ -84,43 +94,28 @@ application hal8000_path do
       app_dir: hal8000_path,
       entry: "#{hal8000_path}/bin/hubot -a irc",
       environment: {
-        # "HUBOT_LOG_LEVEL"           => "error",
-        "HUBOT_IRC_SERVER"            => "irc.freenode.net",
-        "HUBOT_IRC_ROOMS"             => "#5apps,#kosmos,#kosmos-dev,#kosmos-random,#remotestorage,#hackerbeach,#unhosted,#sockethub",
-        "HUBOT_IRC_NICK"              => "hal8000",
-        "HUBOT_IRC_NICKSERV_USERNAME" => "hal8000",
-        "HUBOT_IRC_NICKSERV_PASSWORD" => hal8000_freenode_data_bag_item['nickserv_password'],
-        "HUBOT_IRC_UNFLOOD"           => "100",
-        "HUBOT_RSS_PRINTSUMMARY"      => "false",
-        "HUBOT_RSS_PRINTERROR"        => "false",
-        "HUBOT_RSS_IRCCOLORS"         => "true",
-        "HUBOT_PLUSPLUS_POINTS_TERM"  => "karma,karma",
-        "EXPRESS_PORT"                => "8080",
-        "HUBOT_RSS_HEADER"            => "Update:",
-        "HUBOT_AUTH_ADMIN"            => "bkero,derbumi,galfert,gregkare,slvrbckt,raucao",
-        "HUBOT_HELP_REPLY_IN_PRIVATE" => "true",
-        "WEBHOOK_TOKEN"               => hal8000_freenode_data_bag_item['webhook_token'],
-        "IPFS_API_HOST"               => node['hal8000']['kredits']['ipfs_host'],
-        "IPFS_API_PORT"               => node['hal8000']['kredits']['ipfs_port'],
-        "IPFS_API_PROTOCOL"           => node['hal8000']['kredits']['ipfs_protocol'],
-        "KREDITS_ROOM"                => node['hal8000']['kredits']['room'],
-        "KREDITS_WEBHOOK_TOKEN"       => hal8000_freenode_data_bag_item['kredits_webhook_token'],
-        "KREDITS_PROVIDER_URL"        => node['hal8000']['kredits']['provider_url'],
-        "KREDITS_NETWORK_ID"          => node['hal8000']['kredits']['network_id'],
-        "KREDITS_WALLET_PATH"         => node['hal8000']['kredits']['wallet_path'],
-        "KREDITS_WALLET_PASSWORD"     => hal8000_freenode_data_bag_item['kredits_wallet_password'],
-        "KREDITS_MEDIAWIKI_URL"       => node['hal8000']['kredits']['mediawiki_url'],
-        "KREDITS_GITHUB_REPO_BLACKLIST" => node['hal8000']['kredits']['github_repo_blacklist']
+        # "HUBOT_LOG_LEVEL"             => "error",
+        "HUBOT_IRC_SERVER"              => "irc.freenode.net",
+        "HUBOT_IRC_ROOMS"               => "#5apps,#kosmos,#kosmos-dev,#kosmos-random,#remotestorage,#hackerbeach,#unhosted,#sockethub",
+        "HUBOT_IRC_NICK"                => "hal8000",
+        "HUBOT_IRC_NICKSERV_USERNAME"   => "hal8000",
+        "HUBOT_IRC_NICKSERV_PASSWORD"   => hal8000_freenode_data_bag_item['nickserv_password'],
+        "HUBOT_IRC_UNFLOOD"             => "100",
+        "HUBOT_RSS_PRINTSUMMARY"        => "false",
+        "HUBOT_RSS_PRINTERROR"          => "false",
+        "HUBOT_RSS_IRCCOLORS"           => "true",
+        "HUBOT_PLUSPLUS_POINTS_TERM"    => "karma,karma",
+        "HUBOT_RSS_HEADER"              => "Update:",
+        "HUBOT_AUTH_ADMIN"              => "bkero,derbumi,galfert,gregkare,slvrbckt,raucao",
+        "HUBOT_HELP_REPLY_IN_PRIVATE"   => "true",
+        "WEBHOOK_TOKEN"                 => hal8000_freenode_data_bag_item['webhook_token'],
+        "EXPRESS_PORT"                  => node['hal8000']['http_port']
       }
     )
     notifies :run, "execute[systemctl daemon-reload]", :delayed
     notifies :restart, "service[hal8000_nodejs]", :delayed
   end
 
-  cookbook_file "#{name}/wallet.json" do
-    source "wallet.json"
-  end
-
   service "hal8000_nodejs" do
     action [:enable, :start]
   end
diff --git a/site-cookbooks/kosmos-hubot/recipes/hal8000_xmpp.rb b/site-cookbooks/kosmos-hubot/recipes/hal8000_xmpp.rb
new file mode 100644
index 0000000..159b305
--- /dev/null
+++ b/site-cookbooks/kosmos-hubot/recipes/hal8000_xmpp.rb
@@ -0,0 +1,155 @@
+#
+# Cookbook Name:: kosmos-hubot
+# Recipe:: hal8000_xmpp
+#
+# Copyright:: 2019, Kosmos Developers
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#
+app_name  = "hal8000_xmpp"
+app_path  = "/opt/#{app_name}"
+app_user  = "hubot"
+app_group = "hubot"
+
+build_essential app_name do
+  compile_time true
+end
+
+include_recipe "kosmos-nodejs"
+include_recipe "kosmos-redis"
+include_recipe "kosmos-hubot::_user"
+
+# Needed for hubot-kredits
+include_recipe "kosmos-ipfs"
+
+unless node.chef_environment == "development"
+  include_recipe 'firewall'
+  firewall_rule 'ipfs_swarm_p2p' do
+    port     4001
+    protocol :tcp
+    command  :allow
+  end
+end
+
+application app_path do
+  data_bag = Chef::EncryptedDataBagItem.load('credentials', app_name)
+
+  owner app_user
+  group app_group
+
+  git do
+    user       app_user
+    group      app_group
+    repository "https://github.com/67P/hal8000.git"
+    revision   "master"
+  end
+
+  file "#{app_path}/external-scripts.json" do
+    mode  "0640"
+    owner app_user
+    group app_group
+    content node[app_name]['hubot_scripts'].to_json
+  end
+
+  npm_install do
+    user app_user
+  end
+
+  execute "systemctl daemon-reload" do
+    command "systemctl daemon-reload"
+    action :nothing
+  end
+
+  template "/lib/systemd/system/#{app_name}.service" do
+    source 'nodejs.systemd.service.erb'
+    owner 'root'
+    group 'root'
+    mode '0644'
+    variables(
+      user: app_user,
+      group: app_user,
+      app_dir: app_path,
+      entry: "#{app_path}/bin/hubot -a xmpp --name hal8000",
+      environment: {
+        "HUBOT_LOG_LEVEL"               => node.chef_environment == "development" ? "debug" : "info",
+        "HUBOT_XMPP_USERNAME"           => "hal8000@kosmos.org/hubot",
+        "HUBOT_XMPP_PASSWORD"           => data_bag['xmpp_password'],
+        "HUBOT_XMPP_HOST"               => "xmpp.kosmos.org",
+        "HUBOT_XMPP_ROOMS"              => node[app_name]['rooms'].join(','),
+        "HUBOT_AUTH_ADMIN"              => node[app_name]['auth_admins'].join(','),
+        "HUBOT_RSS_PRINTSUMMARY"        => "false",
+        "HUBOT_RSS_PRINTERROR"          => "false",
+        "HUBOT_RSS_IRCCOLORS"           => "true",
+        "HUBOT_PLUSPLUS_POINTS_TERM"    => "karma,karma",
+        "HUBOT_RSS_HEADER"              => "Update:",
+        "HUBOT_HELP_REPLY_IN_PRIVATE"   => "true",
+        "REDIS_URL"                     => "redis://localhost:6379/#{app_name}",
+        "EXPRESS_PORT"                  => node[app_name]['http_port'],
+        "WEBHOOK_TOKEN"                 => data_bag['webhook_token'],
+        "IPFS_API_HOST"                 => node[app_name]['kredits']['ipfs_host'],
+        "IPFS_API_PORT"                 => node[app_name]['kredits']['ipfs_port'],
+        "IPFS_API_PROTOCOL"             => node[app_name]['kredits']['ipfs_protocol'],
+        "KREDITS_ROOM"                  => node[app_name]['kredits']['room'],
+        "KREDITS_WEBHOOK_TOKEN"         => data_bag['kredits_webhook_token'],
+        "KREDITS_PROVIDER_URL"          => node[app_name]['kredits']['provider_url'],
+        "KREDITS_NETWORK_ID"            => node[app_name]['kredits']['network_id'],
+        "KREDITS_WALLET_PATH"           => node[app_name]['kredits']['wallet_path'],
+        "KREDITS_WALLET_PASSWORD"       => data_bag['kredits_wallet_password'],
+        "KREDITS_MEDIAWIKI_URL"         => node[app_name]['kredits']['mediawiki_url'],
+        "KREDITS_GITHUB_REPO_BLACKLIST" => node[app_name]['kredits']['github_repo_blacklist'],
+        "KREDITS_GITEA_REPO_BLACKLIST"  => node[app_name]['kredits']['gitea_repo_blacklist']
+      }
+    )
+    notifies :run, "execute[systemctl daemon-reload]", :delayed
+    notifies :restart, "service[#{app_name}]", :delayed
+  end
+
+  cookbook_file "#{app_path}/wallet.json" do
+    source "wallet.json"
+  end
+
+  service app_name do
+    action [:enable, :start]
+  end
+end
+
+#
+# Nginx reverse proxy
+#
+unless node.chef_environment == "development"
+  include_recipe "kosmos-base::letsencrypt"
+  include_recipe "kosmos-nginx"
+
+  template "#{node['nginx']['dir']}/sites-available/#{node[app_name]['domain']}" do
+    source 'nginx_conf_hubot.erb'
+    owner node["nginx"]["user"]
+    mode 0640
+    variables express_port: node[app_name]['http_port'],
+              server_name:  node[app_name]['domain'],
+              ssl_cert:     "/etc/letsencrypt/live/#{node[app_name]['domain']}/fullchain.pem",
+              ssl_key:      "/etc/letsencrypt/live/#{node[app_name]['domain']}/privkey.pem"
+    notifies :reload, 'service[nginx]', :delayed
+  end
+
+  nginx_site node[app_name]['domain'] do
+    action :enable
+  end
+
+  nginx_certbot_site node[app_name]['domain']
+end
diff --git a/site-cookbooks/kosmos-hubot/templates/default/nginx_conf_hubot.erb b/site-cookbooks/kosmos-hubot/templates/default/nginx_conf_hubot.erb
index a143bcd..e7848c1 100644
--- a/site-cookbooks/kosmos-hubot/templates/default/nginx_conf_hubot.erb
+++ b/site-cookbooks/kosmos-hubot/templates/default/nginx_conf_hubot.erb
@@ -8,10 +8,10 @@ upstream _express_<%= @server_name.gsub(".", "_") %> {
 <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
 server {
   listen 443 ssl http2;
-  add_header Strict-Transport-Security "max-age=15768000";
-
   server_name <%= @server_name %>;
 
+  add_header Strict-Transport-Security "max-age=15768000";
+
   access_log <%= node[:nginx][:log_dir] %>/<%= @server_name %>.access.log json;
   error_log <%= node[:nginx][:log_dir] %>/<%= @server_name %>.error.log warn;
 
diff --git a/site-cookbooks/kosmos-ipfs/metadata.rb b/site-cookbooks/kosmos-ipfs/metadata.rb
index 36f810d..0803761 100644
--- a/site-cookbooks/kosmos-ipfs/metadata.rb
+++ b/site-cookbooks/kosmos-ipfs/metadata.rb
@@ -4,7 +4,7 @@ maintainer_email 'mail@kosmos.org'
 license          'MIT'
 description      'Installs/Configures kosmos-ipfs'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version          '0.1.0'
+version          '0.1.3'
 
 depends 'ipfs'
 depends 'kosmos-base'
diff --git a/site-cookbooks/kosmos-ipfs/recipes/cluster.rb b/site-cookbooks/kosmos-ipfs/recipes/cluster.rb
index 82a3478..5de8619 100644
--- a/site-cookbooks/kosmos-ipfs/recipes/cluster.rb
+++ b/site-cookbooks/kosmos-ipfs/recipes/cluster.rb
@@ -24,7 +24,7 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 # THE SOFTWARE.
 
-node.override['ipfs']['cluster']['version'] = '0.9.0'
+node.override['ipfs']['cluster']['version'] = '0.10.1'
 
 include_recipe "ipfs::cluster"
 include_recipe "ipfs::cluster_service"
diff --git a/site-cookbooks/kosmos-ipfs/recipes/default.rb b/site-cookbooks/kosmos-ipfs/recipes/default.rb
index 7ee0e95..b61e129 100644
--- a/site-cookbooks/kosmos-ipfs/recipes/default.rb
+++ b/site-cookbooks/kosmos-ipfs/recipes/default.rb
@@ -24,8 +24,8 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 # THE SOFTWARE.
 
-node.override['ipfs']['version'] = '0.4.18'
-node.override['ipfs']['checksum'] = '21e6c44c0fa8edf91a727f1e8257342a4c3a879462e656861b0a179e1f6a03f6'
+node.override['ipfs']['version'] = '0.4.20'
+node.override['ipfs']['checksum'] = '155dbdb2d7a9b8df38feccf48eb925cf9ab650754dc51994aa1e0bda1c1f9123'
 include_recipe "ipfs"
 
 # Configure ipfs
diff --git a/site-cookbooks/kosmos-ipfs/templates/default/nginx_conf_ipfs.kosmos.org.erb b/site-cookbooks/kosmos-ipfs/templates/default/nginx_conf_ipfs.kosmos.org.erb
index 00ce7b9..5759129 100644
--- a/site-cookbooks/kosmos-ipfs/templates/default/nginx_conf_ipfs.kosmos.org.erb
+++ b/site-cookbooks/kosmos-ipfs/templates/default/nginx_conf_ipfs.kosmos.org.erb
@@ -33,6 +33,9 @@ server {
   location /api/v0/object/data {
     proxy_pass http://_ipfs/api/v0/object/data;
   }
+  location /api/v0/id {
+    proxy_pass http://_ipfs/api/v0/id;
+  }
 
   ssl_certificate <%= @ssl_cert %>;
   ssl_certificate_key <%= @ssl_key %>;
diff --git a/site-cookbooks/kosmos-mastodon/recipes/default.rb b/site-cookbooks/kosmos-mastodon/recipes/default.rb
index 48d0665..a9c866f 100644
--- a/site-cookbooks/kosmos-mastodon/recipes/default.rb
+++ b/site-cookbooks/kosmos-mastodon/recipes/default.rb
@@ -152,14 +152,14 @@ application mastodon_path do
               db_pass: postgresql_data_bag_item['mastodon_user_password']
   end
 
-  execute do
+  execute "bundle install" do
     environment "HOME" => mastodon_path
     user mastodon_user
     cwd mastodon_path
     command "/opt/ruby_build/builds/#{ruby_version}/bin/bundle install --without development,test --deployment"
   end
 
-  execute do
+  execute "yarn install" do
     environment "HOME" => mastodon_path
     user mastodon_user
     cwd mastodon_path
@@ -212,7 +212,7 @@ unless node.chef_environment == "development"
   node.override["backup"]["postgresql"]["host"]     = "localhost"
   unless platform?('ubuntu') && node[:platform_version].to_f < 18.04
     node.override["backup"]["postgresql"]["username"] = "mastodon"
-    node.override["backup"]["postgresql"]["password"] = postgres_password
+    node.override["backup"]["postgresql"]["password"] = postgresql_data_bag_item['mastodon_user_password']
   else
     node.override["backup"]["postgresql"]["username"] = "postgres"
     node.override["backup"]["postgresql"]["password"] = node['postgresql']['password']['postgres']
diff --git a/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb b/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb
index 297c858..895a81b 100644
--- a/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb
+++ b/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb
@@ -35,6 +35,11 @@ server {
   add_header Strict-Transport-Security "max-age=31536000";
 
   location / {
+    # If the maintenance file is present, show maintenance page
+    if (-f <%= @mastodon_path %>/public/maintenance.html) {
+      return 503;
+    }
+
     try_files $uri @proxy;
   }
 
@@ -83,5 +88,11 @@ server {
     tcp_nodelay on;
   }
 
-  error_page 500 501 502 503 504 /500.html;
+  error_page 500 501 502 504 /500.html;
+  error_page 503 /maintenance.html;
+
+  location = /maintenance.html {
+    root <%= @mastodon_path %>/public;
+  }
+
 }
diff --git a/site-cookbooks/kosmos-mediawiki/recipes/default.rb b/site-cookbooks/kosmos-mediawiki/recipes/default.rb
index 488f14d..9503785 100644
--- a/site-cookbooks/kosmos-mediawiki/recipes/default.rb
+++ b/site-cookbooks/kosmos-mediawiki/recipes/default.rb
@@ -101,7 +101,7 @@ nginx_site server_name do
   action :enable
 end
 
-nginx_certbot_site server_name unless node.chef_environment == "development"
+nginx_certbot_site server_name
 
 #
 # Extensions
diff --git a/site-cookbooks/kosmos-nginx/files/default/maintenance.html b/site-cookbooks/kosmos-nginx/files/default/maintenance.html
new file mode 100644
index 0000000..1ef576c
--- /dev/null
+++ b/site-cookbooks/kosmos-nginx/files/default/maintenance.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>Down for maintenance</title>
+    <meta content='width=device-width, minimum-scale=1.0, maximum-scale=1.0' name='viewport'>
+    <style type="text/css">
+      *              { margin: 0; padding: 0; }
+      html, body     { height: 100%; }
+      body           { display: -webkit-flex; display: flex; align-items: center; background: #232323; font-family: monospace; font-size: 16px; color: #ccc; text-align: center; text-rendering: optimizelegibility; }
+      main           { display: block; margin: 2rem auto; padding-bottom: 4rem; width: 500px; max-width: 80%; }
+      h1             { font-size: 2rem; font-weight: 500; margin-bottom: 2rem; }
+      p#logo         { margin-bottom: 3rem; }
+      p#logo img     { width: 6rem; height: 6rem; }
+      p              { line-height: 1.4em; margin-bottom: 1rem; }
+      p:last-of-type { margin-bottom: 0; }
+      nav            { display: block; padding-top: 3rem; font-size: 14px; }
+      nav ul         { display: inline; }
+      nav ul li      { display: inline; margin: 0 0.5rem; }
+      nav a          { color: #888; text-decoration: none; }
+    </style>
+  </head>
+  <body>
+    <main>
+      <p id="logo">
+        <img alt="Kosmos" src="data:image/svg+xml;base64,iVBORw0KGgoAAAANSUhEUgAAAcwAAAHMEAYAAAAIS0TFAAA/LklEQVR4nOzdd2BW5f3//zsDCCAgMpU9HICIgrhZ4t57orVqW6utddYtuIuCW0BxACIqIChLNmHIkCWyZYUhZSZsyP59f5/X+1hFIhnnPtc9no9/niUJyZsKSa6cc64rMQQAAAAAgA9YYAIAAAAAfMECEwAAAADgCxaYAAAAAABfsMAEAAAAAPiCBSYAAAAAwBcsMAEAAAAAvmCBCQAAAADwBQtMAAAAAIAvWGACAAAAAHzBAhMAAAAA4AsWmAAAAAAAX7DABAAAAAD4ggUmAAAAAMAXLDABAAAAAL5ggQkAAAAA8AULTAAAAACAL1hgAgAAAAB8wQITAAAAAOALFpgAAAAAAF+wwAQAAAAA+IIFJgAAAADAFywwAQAAAAC+YIEJAAAAAPAFC0wAAAAAgC9YYAIAAAAAfMECEwAAAADgCxaYAAAAAABfsMAEAAAAAPiCBSYAAAAAwBcsMAEAAAAAvmCBCQAAAADwBQtMAAAAAIAvWGACAH6l9HS12ha3cwAAAAAAolzpk9WpNdReU9RL6qmV/2pveH2gYwEAAAAAok57ZehJan6+ta26tr764jS18d32+5YEMBsAAAAAIPp0vV39ZYF5cJ9Vt96rPp2jVn7L3kH7cE8IAAAAAIgKd92pFrjAPKh516hLl6qPjFBr9bZ32D5ckwIAAAAAIlrbNqp3a2xhF5q/LDgnqOv6qq9+rx43QE1o5v/MAAAAAIAIVPcidV9rtagLzIJuqd22Ve3SVK26yD5ge78mBwAAAABElJTG6oKr1BIvMA/uMerGs9TPrlRvsuOzqt9ngwwq0R8DAAAAAOCcXWHsYceR+L7ALOTmQU8dq1ZeUPw/CgAAAAAgAtyRpnrPVAa20Dxo86DF76oPP6Qe85MN2KWIfyAAAAAAgBsnP6Du3asGvcAsaPOg9Q3Vl15SG9qut2weBAAAAAARquIV6upVqusF5u86Ud2yRX32WrVKlcL9+QAAgJ+SXA8AAIhk2bXUDmvV4y9yN8shNVDKl1fb2660V1Wyl3dT0+zNd79j/6NP+EcDACD+JLgeAAAQDe57T33XrhiGBjsbpWg6K+lHq9My1GFl1OFdVe8KKAAAAAAgzE7cpu49VXV+a6xPXXuH+uBOtcaN9gdODQEAAAAAwqFiRfWn91XXC8NwbR60zm65fbGj2vhuNeG5EAAAAADAD4n2SMXgQarrBWFgmwc1UXvVUBtlhgAAAAAAfnhkhOp8Aeio679VH9ql1lqhJrCnAQAAIXaRBQAUSa5tjnPL+WqpUu5mcaFiY/XCb9Q/2cLzzLlq+UfVDSnqvuXBzQYAAAAAUaVCd3WZbYbj+opixNVurU17Vb1/iFpjqRrqEgIAIPbdZN8oNO6vlnnFXtHexTQAgIjVRRk0UHW+oIv0tlXX3K4++6zawM4V5dZaAEBM2r9PTU9XZ9tPXt9ZqF5nB1dX36qymx4AxLeHh6v5tmByvpCLltoVzk3Hq+9eq9bbo/KDXQBATFhoC8mCviDmjlc3vK5+Zs+g3NVQPWGTWvZie4ftwzUpACASnJOjZj2hOl+4RWttwbn2NfXBB9RjjlG5pRYAEJW6dVOLe+vPzq/VOXPUN2wh2m6LWs6uiLLwBIDYUO16deOxqvOFWozUO49z7R3qKy+rjTeoCR1CAABEvpNvUXf8S/XrC2VWqrruz+qY9Wq38uqtt6rNT1SPOMIGalrcPwkAIAiJ9uz+UNvExvXCLGZrtyDv3KGOq6Te0katdKYasvNJAQCICInnql9uVoP+App7jurtSvjmleqls1Vv973E54v25wIAhNffPledL8Tirfbs5qoP1S6d1fppKlc6AQAR4Sr7yWhOtur6C2jOU+rGv6jDHlT/dZJ6rN2alfxi4f58AAB/tR6pZmaqrr9uxG3tkZVNf1O9Tfq8zYMS7U4hAAACdeRV6rJlqvMvmAXVNkXIqKmOsl1wvV0NT31ErVDB/mBdDvWnBQCUVJV31M222Zvzrw/0N11bTn11jXr0zSp7IgAAgtFFeek81fUXxuIuPPe1VpdUsz/PUPVke4al3CX2500NAQBKwHvEYu5+1fnXAXronqCmpanP2/mb9e9QuaUWABBW3qY73u6wzr8wlrS2ScI+u9K5ZIna8wb1qh/U2p1Ub/MKAEDhfMGzmNFV+7q4xfZe6PGe2rBfCAAA/yUlqb16qs6/EIa5eXbg9Q67cjstTe2aot6UqDb5Ui1vV0gTmoUAAP/PY8mq68/ntGTd1kPt95h6rT3LWc3uCArZD2gBACiWE+yZmowM1fUXPtfNPktd/ZH62d3q5fYT36N+VBMmhwAgrlxwgeptNuP68zX1qXalc7PdYuvt8n7iYJXNgwAARZLUUR18n+r8C12ENmeBurKW2re+evNytWFDtVQplXM+AcSahgfUA1bXn5dpeOudm/3Ky2oN79GSLiEAAA7vYrtVNPc41fUXtmhpnh2EnXG/Orm9+nfbjKjOKrXU+SEAiGrlXlXXNVBdf/6lwTQvT037RH3ezqtuYH8PuKMHAHBIR8xR19yuuv6CFu31viBv/4c63s77fKSV2sqOW0m5LQQAUSHRnlUfYZ/HXH+epY7q3VL7hfqOHWNz0hDV+3sCAMD/6Xa06vwLWKx2kZo5T11mz7b0/bf6L3sWtq3t+lejhpr8ohqqHQIAp+5LVb2FhvPPqzQiuq+eOsy+vl1juw5XraIm2LEpAIA4c355NWeA6voLVtzUdq/NzFTXfauOsgO0X2qhXlRRrW7PzCbZT4wBICin29eJ/bNV558/aWS1m+rtVvuVLSzvGKnWeUhNqBMCAMSDFHsWc659gXD+hYr+tteq2+z4lInPqE+OVVs/qlaooLLdPAC/VbhcXfyu6vzzIo2qZpyk/qeM2sReHmofAgDEsvsGqWxHHyW1TYUyH1eX3qC+vEJteYrqfWPILoAAisu71bF/I9X55z8anbUfmG6+R33Wvo416KsmPBcCAMSSo99X1/ZRnX8hoiXq/tPUH99S36uqXvG6etTfVDZnAFBY9w5U+UEk9bOb7NnNt+3r1Um2SztfnwAgynk/oX7tNdX1FxwanubY7rYr7fzOfpepF12oVrteTZwSAoDfOPURdd9e1fXnMxqb3blTfXWEWqOnyqZBABClGtjupmvvUF1/oaHBNPdHNd12sZ05U+1pmzbceovayDYlSrFjV0JNQwDiRPnW6iJ2k6VB9AF1azt1kH29ud32jqg9Q+XWWgCIEo+eqnIrFP11vVtvFy1Ue9gVz0u+V71brRO/CgGINV0U7xxE15+PaJzWnt1Mt68zfeqpxx+nhlJDAABf+XQLSa3e6qyL7de1/Hm/iE3eDyI2naCOPUv9ook6/w11q+2Gm/dscLMB8NcNtlv1F/bsXMLz7mYBPN7mQe/angP9j1XXrlXzOwc/EwDgV355JpNzz2gJmnO2us6+wA+28zz/0lg99jO1lD0TCiDyef9ud9lu1a4/z1D6m9oVzv/+VX3bHgFpukVljwEAcKyZPfOQYbu6Of/CQWOieXnq7mHqiFZqp05qwwZq6ZdDACJM2VnqgiNV159PKP3D2oJz58mqd9xOM3vEg2O8AOBwfN5lLamj2jdNvXWlv+8f+I12SrodzP2j/eR5/DnWXHv52+r+/cGNBsCkKh/WVu9q5GwSoNg228Lz/WlqX7vTZs0nqrdABQCEyYlL1V0XqM5/Iknjq4vUrP7qiipq30vVfx2ttpmg1tiuJtULAQiT6+zfZ0626vzzBKXF6ZfqTtt7YvQ69b731GPs60ti3RAAwFepytChqvMvCJQeqrbZ0LZt6pCb1BtvVOvaNwhJSSEAJVTnNnXTJtX5v39Kw9Cf71Z7tFfrfqxyay0A+ORO+8me60/4lBaluXZr7Wbb5XakHRT/oD2T0yJDTbFvmAEcXvJ56rQXVNf/zikNa2338w2fqt3Kq00HqvzgEgCKqZ5dAcpIV51/wqe0JLVncPaNVFPbqf+w41ROtCuh5cqFABTg1a6q83/PlDpoxhC17x1qU9sckSucAFBIiYnqADtfyvUndkrD2d0t1dmXqF1t98xzO6gVKqh8I4F4dtkc1btTwPW/W0pddlNltfMktd4aNeG5EABEKZ93kS1IG9vVc8wTatlLgvm4QCTIGacuPVcdmqyOfUpd0kPdYbfg5k8KbjYgaHVvVxfbAfdHdHc3CxAxOitb7Irml3YOZ+8V6pLqau4zwY4FAEUX0AIz2b6h7mW7dd613l7RLJiPD0Si3KvVLe3VZbbJ0A92xT91uDrbnlnbat9g5Cywd7Ak3BMC/kuyv89z7ZbzFhPdzQJEun2z1fm2K3qf5erQfep2O3c8dH2gYwFA5Gh0l7qZXQQpPXxtk6GdD6jTS6nerVTnnK2Wt/PYgGjy0QzV+b8zSqOpdkzKRvtBZLduapPNauLzIQCILwmT1ffsvCjnn6gpjeJmPq5+f7H6+AG1dWu1vO1aGGofAiLOI7YJnOt/R5TGQrcPVvukqWecoSZ+FQKAgAV0i+zBTjlF9XbhrPiGmzmAmDJJ2b9fXWHP7ky17fBH2ctnDlPT7dgINh2CC5c8oo58ze0cQCzaO0LtZ884d/2Tus47Pq5z8DMBQFh5z+B8abcAuv7JH6XxUG/XzmUnqt5xEee9qFZdpLJ7IYLQKFPdb8+Suf73QWlM1j6v//ev6hvz1eb/VDmPE4D/HF3B9LS1g4jHjlHLzHQ3CxCvvF1u1zdSp9uzcd/aFc8JtjDdbM/48JNv+KH8HeqPOWrDT52NAsSdnbZr+TDbTO6VOuoKe9Y/Jyf4mQDAF8k3q713qM5/0kcp/V/tDoP0surEo9TuR6i32L/fZoPUlG1qqHYIODz7e9P7GNX533dK47g77Qf+4+1KZyd7lKnWTjXhhhAARJcGfdUdR6uuP9FSSgtfb7OhH65U37IromedpVaYq4ZSQ8DvXG4/sMjJVl3/faaU/r/a8UHb7ZGKj29TW+9Vk5qHAKAAjm+R9XjPfI1co178ibtZAJTQYiXLzm1bU0+dbLtIjx6tTntJ3WpXsliAxqdathnVwrfVym+7mwXAH9v3qPpJffU1O6dzXUOVRygARMwC0/O3c9ReU93OASB88u1WrFUp6rcV1NGPqXMuV7dutbefFNxsCF6p79SJz6jnTHA3C4Ci8TYP+vJetbf9wGhZLzVvYvAzAcBv1LefjO2ye/+d3yJCKQ2s2XaL5No71MHN1Lts85fatvlQ4rkhxJIuyku20HT995BSWox6t9Tas/j9+qln2CMUSUNCAOJGhF3BTLBntrras1yPfm+vGOxkHACRYKCy41t1oT2zN9+OuZhn2+7Pu0JNO03dvcR+/0NhnxA+OHODOqmNWma1u1kA+CPLPi9PmaL2qa9OmKRurqJ6C1UACJuaN6mrPlSd/2SOUhrxzXpCXfdntYfdYtvGjlk58io1IcJ+sAYpb89y/fiW6vrvE6U0DLVHJLbZs/fe5kGt7LiU5PNCABBenduq3ick558YKaXRUztgPOtM9afl6kf2g6sbq6vVbfOhxMQQXEpV3rcfMDr/+0MpDay77U6TIXYrrbfgDLUPAYC/6t+hbvxZdf0JkFIaO80dr65uqQ44Vr34YrVmDZVnPoN18/uq99/H9d8TSmnw3f4Ptdul6vH/Vfl8DESDSL9VLFXpZs9cPbzLXt7BxTAA4oG3sNm8WZ1pC85v7dnOsU+p6+9SvW+I4I/Gd6uzL1GPvNrdLAAcm6RkDFW/3qG+f4s6x85Rz/0i2LEA/JFIX2Ca449Tp9kug1WrupsFQJyyb3Q2DlAn5qljbHOy6dPVdXeqOecEN1osKV1KndpRPe1bd7MAiEx7R6h97fNDH7vSOaebyvFWAA4r4Qb1KTvGIO8a1fUtHJRSmmcLzd271UUnqJ8eUO8eozaxty9/hxq6PoRDaar8u4+a733DGCH/vSmlEVS78LDHPv+OPFX9W2W1oZ2vnPh8CEBgouQKpqey3So1xTblOHG7u1kAoCi8zYbWNlCn2W6JY8aqM+ycz/W2IM1vEtxskaiJ/fnnXa6mdHU3C4Do5P3gb6x9nn3pZHV+f3uDLkFPBMSDKFtgeu6z7a3ffcZesNTZKABQInl27uP25up428zis7PVuXYFb4t93strG9xsLpUtqy62hWaDue5mARAb0v+pflTXaruKr6it5k0MfiYg9kTptvxf2uYbm/7udg4AKKnEqWq1HurNtpnFsJ3qHNvkbJCd6/mXz9R69dTkoeGf0YX9p6tLbnQ7B4DYcdQ76qN2K+300uqHttA8bZTKeZxASUTpFUzvloZPH1c7lXE2CQAEynv2aNPb6hy75fazjerMi9SfbSGa83Rws4XDy3ZL2xPz3c4BIPbteVgdZ3t+vGALzfmV7A3aBz0RgMBdu1DNf9bq+mFzSil11F9utT1RHW/HrXg/qT8+V02yK6bR4rovVdf//1JK46/pdu5m9+5qs2ZqUlIIQIGi9QqmqTBandpTbfG1u1kAIJLtsU0ulk9Qf7ArnHM/VefbFcLly9Udi9T86cHMV5C6tov4Ijv/rsIYd7MAiG97H1HnXKaOTFNHrVWXHqnmPRDoWECEifIFpucau1XsSzseIPl8d7MAQDTKs03Ttm1TR9sP8D6zcz/nVVS32yYZQZ0zl2SbH415Q+3YMZiPCwCFlWmPbA2wz5cvXaCuXq1yLifiS4wsMMu9qk7IUc94wt0sABBLcmw32w12xXPOHHW0nfM5xW4hW2XHAeSdEJ45HrGD1V/73l7wXHg+DgAU22Jly3XqV/YDsvftzpCFVVV2q0Vsi5EFpueWD9R+d6rcIw8A4eE9+77TdruddK86wDYV+v4SdaNtPlTSzYZOtkcgZtgtu5yLCSBa7LTPX0Nt07KXbPOg1faMfN6Xwc8EhE+MLTArzlMn2Tc+LYe7mwUA4pG38Nxmmw3NtVtrR52mTrVNhpYOVjP7F+79lrMrl1Mmq60eKdmcAODKersQ0v9Jtbs9kuA9ggBEtxi7wpf5vppnuyVeZrt9JTR0Mw8AxJuEDmp5+/zbuLF68Uy10zi141dq8k/qbrvFdredU5dnzy6F0pTsFWrdP6lt6/o5NQAEp9KV6jn2+fDyM1TvTo8Vt6re97VAdImxK5ieI+wn5V/brQgd+QcKAJHJnlXa10/dUEFdcLw6+XZ12o9qit2ZMvp09cjx4R8RAIKQf626zj4PfvON2ut+delSe8NBgY4FFFGMLjA9Z9gtB6lb1DK3uZsFAFB82XbMykbbpbGqbZZRvpubeQAgKOnp6uv2yEGvZer25m7mAf5YjC8wk19Uv5umnvatu1kAAACA4sq33WeXHa2+bMfyfTVE3X968DMBv5foeoDw8u5l/6al2zkAAACAkkiwY6GaNFE/SVNHPKy2a2tvNzjQsYCDxPgVTM9JtpnRrD1qSoq7WQAAAAC/7bHvc1+wW2fftEcKss5yMw/iVYztIluQrT+rjWxXrpNL2SuaORkHAAAA8FXp0mpHW1heaMc7hbYqaeXV/fsDHQtxJ06uYHrq91FnvqLWWOZsFAAAACD8OiurVqnP2HF+3rObWVnBj4RYFuPPYB5sbV+1/wa3cwAAAACBeE5p1F/tu1btZ98XH3108CMhlsXJLbK/SFPWNlRvrK6W51ZZAAAAxIGku9QTT1TPPFOdYhee0u04FO/7ZqBo4m2BabzzhOrlqadVs1c0cDIOAAAA4ESdOuo1D6rptknQ0p5q7kfBz4RoFme3yHry89WeS9WMDHezAAAAAK7Vtmc0e9dSP7aFZb26buZBtIrTK5iebR3U0tlq+/fUhBvdzAMAAAC4lNRRPamRetMUdVcXNS1H3b8i0LEQNeJsF9mCHPmDOrm9ehJXNAEAAIBf5B2vfmdXOG/prW5o7GYeRCoWmL9xzya1R6rKlUwAAADgVxYry+zK5j+2qxPbqvntgh8JkSTOb5E92Jo1aqdz1IqN3M0CAAAARBw7haFqa/XqB9Q8W2DOO0nNGR/sWIgUcbrJT0G2209gxo51OwcAAAAQDSrMU1+apvaz4wArs8CMU9wie0iX2XElw2w3rQT+fwIAAAAOb5Iy0I4BvPOAure1m3EQNK5gHtLEW9WZF7qdAwAAAIgqdkrD9c3USQvVy+aoycnBj4QgcWXuD51nz6gO36OmpLibBQAAAIhWOU+pvTupTz6p7vjazTwIF65g/qHJtjtWKrthAQAAAMWW/JL693vUgfeq9es7GQdhwwLzD2Wfrb5RSc06090sAAAAQNSbrJxvt8oOb6k2fMzNOPAbx5QUyoZj1bPOUht1dDcLAAAAEPVsU83qdu78Sc3VYXXUA6ODHwl+4ApmoWSOUZ+2S/oZLDABAAAA33Tor05so170kJq4zM08KC6uYBbJli1qkyZqi3R7RTMn4wAAAACxwe4UrGnfX595p7r5XXXZC2rexGDHQlFxBbNIsgeonZuqm/PczQIAAADEHLtw0yhL/dRule1WXi1XLviRUBQcU1IsCfb/W9dZ6qMcHAsAAACETZ5d2OnXT723mrr/MjfzoCBcwSyW/Hz1g5/UndPdzQIAAADEukRbt/xptfpIXTWBC2YRhmcwSyQjQ21TWj32bHezAAAAALEuoYN6ejd1lS00F9sVzVBa0BPht1hglkyasmekemMXNeFcF8MAAAAA8aHUBeqle9WK96uzL1UzPw1+Jvz/WGD6Is0eOr7oYrVWLXezAAAAAPGi1Mnq2T+orSaoY1eoe/cGP1N84xlMX2Q+ob61QM3NdTcLAAAAEHfs1tnzz1f71lcrrHcyTRxjgemrYS3VBVe5nQMAAACIS7bQvLCM+ugetfwoN+PEHxaYvtrdSn3XHjLmSiYAAADgwGTlQXt07YEP7OVdXAwTT3gGMyxWf6xetk2tUcPdLAAAAEC8Km1XMlvNVGeWVdO8N0gLdp7YxwIzLDLfVzfYPd9XZ6veQ8gAAAAAgpNykXr5UnVbA3XhRDUvL/iZYhMLzLBaZQfBHme7WrX4l7tZAAAAgHhXrrV6iT2bmWm3zs6wK535k4KfKbawwAyr/Hx1w1/Um75Vy1zoZh4AAAAA/28Z1Eg9O0vd9Dd1/g4388QONvkJxLx56ih2rwIAAAAiRtlyavfL1VZl3M0SG1hgBiLXDnx9s7Ka+am7WQAAAAD8VsU31BeT1dIvu5slurHADNTsS9X5T7idAwAAAMDvnX+M+oDdKpv4vLtZolOC6wHi05/PUz/eYC9Y6mwUAAAAAAfJzFS7pqgvd7KX93czT/Rgkx8n1kxVb7hBrXyUu1kAAAAA/Fay3Srbpo392jYDmjxZ5ViTgnCLrBM7a6m9V6r5E93NAgAAAODQEjuqD+1UO31or0h1MU004BZZp2r0VGf9R62X5mwUAAAAAIex/UT1qiPVad+5myUycQXTqc2b1V417QXtnI0CAAAA4DCqLFK979+rcCfiQXgG061UZfE+tb3tMlv7QifTAAAAACiE6t5eKherox5Q8ye5mSdycAUzImRkqL3sHu/sK93NAgAAAKBwrn9dPXebvaCLq0kiBQvMiPKZ3cs9/h63cwAAAAA4vCMvUT8bq7Zq5W6WyMACM6Jkn62+3t1+neVuFgAAAACFU22J+p49o3nUj+5mcYtnMCPShr+oV1RSjz7a3SwAAAAACqeWXTAq31Qd95SaFzebAXEFMyJlPal+PdTtHAAAAAAKL8GOgbz7Z9U7ziR+sMCMaP37q9t7up0DAAAAQOGlpKg9FqvnTbNX1HYyToBYYEa01aeq79ol9lBnZ6MAAAAAKKJqPdRP6qq18tzNEgyewYxs9rDwqlz1hlFqxfvdjAMAAACg6Cra3ioZdiVzyjJ3s4QXVzCjwvq71I/q2Avi/gBXAAAAIPr8xZ7JrFbV7RzhwwIzOrRXPrpd3bjR2SQAAAAAiqmu3Sr75Dg1cYq7WcKDW2Sjys5T1KNaqm0/sld0cDIOAAAAgKKw79ubz1FnvaquXu1mHP8luB4AxVG1rTrermS2WOFuFgAAAADFs8ouIF3+hLr0Rnez+INbZKPSNruU/tTf1KxMd7MAAAAAKJ5G89UPjlErdHc3iz+4RTaqre+otrXtjhs0cDcLAAAAgOKpbXckbqugzrRTJLxTJaIHt8jGhCvmqUPsknrST+5mAQAAAFA8/x2gtqpnvz7H3SzFwy2yMWHsWHX5ULdzAAAAACi+o29Rb7heTYy68zK5RTYm5IxXa9dS27RxNwsAAACAkqlZU515obopz90sRcMtsjHl+HLqrEpqJc7LBAAAAKJO3lr1C+tt99nLF7mZp/C4RTamLLfzdHrvtBdMcjYKAAAAgGJKtGcwr31NPXO+u1mKhgVmbGmq9Hpf3dLM3SgAAAAASqbMcPVZewSuzAx3sxQOC8yYtPpjtX8jewFXMgEAAICoda6t2y6f63aOw2OBGZPybUHZo6e6dZC7WQAAAACUTPJ36uP71UqV3M3yx1hgxrTVt6svd1Jzc93NAgAAAKBkWtotso81UBO/cjfLoXFMSVxYa7tPXdparVbd3SwAAAAAiifhRrVhQ3XUPnXbYDfz/B4LzLiwZ426ebN6zQI1saObeQAAAAAUX0Xba6XuberAyWr+u27m+R9ukY0ro05TZ81yOwcAAACAkjvfns1sco3bOf6HBWZc2f+Y+vqVau6P7mYBAAAAUDIpZdWrst3O8T8sMOPS6NHqypPdzgEAAACg5K62BWapl9zOwQIzTu0bpX7ovWCxq0kAAAAAlNRJE9TrvrQXNHU1SYKrD4xIUKODuvAEtVoPd7MAAAAAKJmflqtnZqnpJwU9AVcw49qWVLVvQ6djAAAAAPBB4w3qdYtcTcACM67l56u9aqreMSYAAAAAoo93DOFff1aPmBP4BEF/QESi1avV/nfZCyY5GwUAAABACZ38tXp+qaA/Ms9g4lcafapOt7+I1W90NwsAAACAkhlnu8teOlvNPjvcH5ErmPiVVa3Ul3aouTnuZgEAAABQMu3skbjL1gb1EVlg4tdsO+Pep6jfTXc3CgAAAICSKV1afWK9Wu7VcH9EFpg4hP2nq29eqeZ+7m4WAAAAACXT4gH17OxwfyQWmPgDo59QV6xwOwcAAACA4vOuZP65j5oYtnUgC0z8gf2PqV/fqnIlEwAAAIheF6Wo1duH6yOwwEQhDHlBXXGL2zkAAAAAFF/lq9UzzgjXR2CBiUKYX0PtHba/iAAAAADC7jnluh3h+gAsMFEIObbb1GenqptPcDcLAAAAgJI5z76fr1rV7/fMAhNFsLmd2q+hvaCzs1EAAAAAFFO1amq7SX6/ZxaYKIrrlZ411S0D3Y0CAAAAoHgSb1JvWma/nuLbe/brHSGepNVXP+njcgoAAAAAJdHO7lCsU8ev95jk1ztCXElVVk9Qb6yuHtHcyTQAAAAAiqFcOXXZaHXuVyV9jywwUQIZ09WsF9ULVqiJ57qZBwAAAEDhJSSoNW2PlQEb1ewfiv0eSzoSEAqVLauO3q+2zXc3CwAAAICiyX5SvexydexZxX1PPIMJH+y3hWW3uWru0+5mAQAAAFA0pV5Wr7rSXtCluO+JBSZ8NC5bXVbie7cBAAAABK3jC+qRRxb3PbDAhI8OnKF+XdrtHAAAAACKrsFatUVGcd8DC0yEQd99avp2t3MAAAAAKDzvVtlOF6iJRV4vssBEGKzopPa4wV7Q2dkoAAAAAIro8n5q1XeL+jtZYCIcuii9a6s//+xsEgAAAABFVPU69fTTi/o7WWAijNbdqX60yu0cAAAAAAov6Tz1ohR7QdPC/k7OwUQA6tgC87tk+3Vdd7MAAAAAKJyFb6utbY+VzCcO9zu4gokArP9U/chbWLZzNgoAAACAQmrYUK3Zs7C/IylcowC/kqosrKJ2rKAec76TaQAAAAAUQmk7535Kc/Xw591zBRMBSr9ffbyimvm4u1kAAAAAHEYz5YwKhf0NLDDhwFS7cj7+GbdzAAAAADi8ZoPsf7Q/3FtyiywcyJ2gbi6r3rxeTTrJzTwAAAAACpa4VH3f9lbJzSvwLYMYBzi0KeeqCxe6nQMAAABAwWrao27H3Hq4t2SBCYeyz1a/au52DgAAAAAFK3+q2nzw4d6SBSYiwGe3q5snup0DAAAAwO8lLFMvXHW4t2SBiQiw1u7hfv1MNT/f3SwAAAAADq3N52rZlILeggUmIki/Burq1W7nAAAAAPB7tW9Tj+ld0FuwwEQE2dRE7dXTXtDO2SgAAAAADlLpdbXJPQW9BQtMRJJUpd9d6spOziYBAAAAcJCkF9WTCjxekAUmItCWpmpPu5LJM5kAAABA5Gi5S03ocPBrWGAign1kDw9Pnep2DgAAAAD/0+JrtcKnB7+GBSYi2M4Z6uMH1P2nuZsFAAAAgNS6RW1Q/uDXsMBEFJh9iTq8lds5AAAAAIRCKTPVYxsf/JqkoEcBii7PnsHckKzetlJNPs/NPAAAAEA8S0hVl9ZUU1O913AFE1FkzhHq3H5u5wAAAADimm3u0+QLNeGXV7DARBTJGa/2KqfmL3I3CwAAABDvmlnLtPRewgITUWjoJnXpZLdzAAAAAPHsmFJqzSHeS1hgIgrt2au+/baal+duFgAAACBelbddZGv28l7CAhNRbOB96qJ33M4BAAAAxKPkF9X6ad5LWGAiimX8S333ejXvGXezAAAAAPEmsaPaoO8vL3E1CuCfQfZ08cIqbucAAAAA4lHd27z/xQITMWDHDvXx19V99dzNAgAAAMSbxnerSc1ZYCKGjP1M/XSs2zkAAACAeFJrhVquPgtMxJC8tuq716rp6e5mAQAAAOLFkT+o5b9PcjsIEA7btqv1Vqutm9orqjsZBwAAAIhpCdZPJnEFEzHIOxfzbbuSufdid7MAAAAAsa70hWrVqiwwEcOWH61O6eV2DgAAACCWJU9Vq17PAhMxLL+d2tPO58nNdTcLAAAAEKu88zBrLmWBiTgw9g31+7Ju5wAAAABi2dEfsMBEHMh8Qu1u52TmnO1uFgAAACBWVeMZTMSTUaepM8q4nQMAAACIRUctTHA9AhC8K+erg7aopS5wNwsAAAAQK0afzjmYiENr9qgNa6gtku0VnJMJAAAAFNu2wdwiiziU9ZnawxaYGe+7mwUAAACIFeVGssBEHJuZovboYS8Y6GwUAAAAIOpVbMQCE/GsvfLBrWp6urNJAAAAgKhXZgYLTCC07k51wia3cwAAAADRrMyFLDCBX65kDmpmv27nahAAAAAgepV+mQUm8Itvm6izT3M7BwAAABCNSl3AAhP4xZ7m6mMV1AOnu5sFAAAAiDZJU1hgAr8z7Tx1zFi3cwAAAADRJDExwfUIQORq21b91m6ZLfeau1kAAACASJfXhiuYQIGmX6COPsPtHAAAAEA0yM3lCiZwWGdmquOy1PJHuJsFAAAAiFQHHuMKJnBYs0ao771nL2jibBQAAAAgYuUM4AomUGhVqqiTu6jN/uFsFAAAACDibN/OFUyg0LZvV9+tpuY/624WAAAAINIceIwrmECRVT5S/WGBWreuu1kAAACASLGyd5LrEYDoc+CAemxjtfVp7mYBAAAAIsXPpblFFii2QTeqeW3czgEAAABEgv37WGACxTa9uzpij9s5AAAAgEiQ/j4LTKDYsv6jPnm2mt7c3SwAAACAa5vb8gwmUGLbLlNr262yp+21VzRwMg4AAADgxKR8dpEFfHP8ceq0ZLXqYnezAAAAAEF75hxukQV889Ot6qd3u50DAAAAcGHLIG6RBfyTqvxo52NeuEut3sHJNAAAAEAg8vLUj17hCibgu//eo35wjJp7tbtZAAAAgHDLtUfFtnbgGUwgbFIuUkfZpj8dpribBQAAAAiXPcPVk7/hCiYQNgdGq90uV3MWuJsFAAAACJddD6l79rDABMJugh1fsrip2zkAAACAcEi/X2WBCQQg80x1aCm3cwAAAADhsG2weuAAC0wgMH2HqtuquZ0DAAAA8NOqVWruUSwwgcCkfa5232Av6OxsFAAAAMA33nnwoUEsMIHgDFL69FFXf+xsEgAAAKDEcnPVlZ28l7DABAK3yc7J7NlLzX/W3SwAAABAcWVnq+v6eS9hgQk407eBuuojt3MAAAAAxbH3VHVzE+8lLDABZ7bep75nm/5wJRMAAADRJD1d9XaRZYEJuJSqfJSiTvy7s0kAAACAIlu4ST1wl/cSFpiAc7tnqU9UUnftcjcLAAAAcFiTlDmPq/nXea9ggQlEjLlz1W92up0DAAAA+CP5+eqS6ge/JiHoUQAczikPqt8lq2VfdTcLAAAAcLC9e9QzMtVFVb3XcAUTiDgLKqszLnQ7BwAAAHAo205UN9x98GtYYAIRJ892kx00yO0cAAAAwKGstGP29uw5+DUsMIGINbiuuvJlt3MAAAAAvzb9AzVn/MGvYYEJRKxtT6ldlqi5T7ubBQAAAMix70+nF3jqAQtMIOJ9vUOdc7nbOQAAABDfdtj3pctqFvQWLDCBiLd3pNq9gpozzt0sAAAAiF/r+qkb/1rQW7DABKLGyL3qrFlu5wAAAEB8mn+lmnVWQW/BOZhA1Gljx5gMT1ErbXQ3CwAAAGJf/rXqTUPUgQW+JVcwgagzy7aDHj7CXjDd2SgAAACIA/v3q/OfPNxbssAEok5WtvrMQjXjC3ezAAAAIPatW6eu+f5wb8kCE4haafXVCfc4HQMAAAAxbvlyNSfncG/JAhOIXu2Vgd5N8O1cDQIAAIBYtniQ/Y/Uw70lC0wg6o3/r7quods5AAAAEJsWHPbKpYcFJhD1MuxZzKfs2cysJ9zNAgAAgNixv746b0thf0dSmCYBEJwNypKeags7n6hJWTfjAAAAIDYszFVf/7eam3u438EVTCBm5Jyjdq+g7n3E3SwAAACIfpPPVbOyCvs7WGACMWfWLHVEa7dzAAAAIDrljFNHjy7q72SBCcSc3DZq9+7qnofdzQIAAIDos2mTOueIov5OFphAzJp7uTok3e0cAAAAiC7Tzld3/Kuov5MFJhCz8p5Vn7N759ekuJsFAAAAkS/nWPWzs9S8/KK+BxaYQMxbfbv63DI17wt3swAAACByLTtJnbytuO+BBSYQN4bcr6aNdDsHAAAAItPYseru3cV9Dywwgbixe7j6zTdu5wAAAEBkycxUh5f4mDsWmEDcGdhFzclxOgYAAAAixOo6atF3jT0YC0wg7szvr8680O0cAAAAcGySMqylumdPSd9hQknfAYBoddYb6sg16pFvuZsFAAAAwUvvpZ79N3VZiS9AcgUTiFszHlJ7LrUXdHY2CgAAABz4do76U7Jf75EFJhC38u1co5411Q13u5sFAAAAwcn9Uf38czUvz6/3zAITiHvr71J7r7QXcCUTAAAgpm2yW2Knne/3e2aBCaC98mFtde1aZ5MAAAAgALPqqTt9P76OBSYAs/E49ZmFatZ8d7MAAAAgDOxOtSH/DdcHYIEJ4CDDyqjff+92DgAAAPhrZ2/1O9+euTwYC0wAB9k5Q/233Sp74IC7WQAAAOCfQc+pa31/9tLDOZgACpA0VZ0yWD3rTXezAAAAoPi8CwYXlFanJoXrI3EFE0ABctuog5a4nQMAAAAlM+dSdfZr4f5ILDABHMY3K9Tdu9zOAQAAgKLJe0btXUs98Hi4PyILTACHkXaa2v1ONf9ad7MAAACg8Kbbpj5fnRTUR+QZTACFVPF1ddKzasvd7mYBAABAwbKfVK+Yp44eE9RH5gomgELa9ZD6xg9q7tPuZgEAAEDBvOPmJj8f9EdmgQmgiIZmqHPnup0DAAAAv+VdAOhRQ91/etATsMAEUER7W6vd5qg5T7mbBQAAAP+zuJo6/GFXE7DABFBMI0aqM2a4nQMAACDe5X+p9uyp7m7lahIWmACKybvl4rGG6t6/uJsFAAAgni3+UO1/lts5WGACKLEZddTRtglQqLOzUQAAAOLSx7aZz55P3M7BAhNAyXVRvshTt3d0NgkAAEBc2fuIOtzZLbEHY4EJwCcT26jj3nQ7BwAAQLwYtktdPcLtHP/DAhOAT9LPU7941l7QztkoAAAAMW3nTvXV8mrete5m+S0WmAD8MkhJte2xV61yNwoAAEAs++IL9cdr3M7xeywwAfhs5xnqk7arbGamu1kAAABiyVL7gf6LQ9S8tu5mOTQWmAD8tkH5yjb7GdLc3SgAAACxwPuB/cMfqxvGupvlj7HABBAmubbpT/d56u6H3M0CAAAQzUY8rI4f73aOw0tyPQCAWLelnHrCPWqLSu5mAQAAiCb7HlXvtHXbz9+5m6VwuIIJIMxyn1HfqqzubuluFgAAgKgwUJncQ/3hB3ejFA0LTAABmTdG7Xqxmh8x22kDAABElqUfqa/8R82b6G6WomGBCSAg+depfRqoP7/pbhYAAIBI9nmu+v3NbucoOhaYAAL2sx1f8vEst3MAAABEmrR6as+r1cxq7mYpHjb5AeDI5ibqHaeppUu7mwUAAMClnBz10erqd39xN0vJcAUTgCPLl6sDB7qdAwAAwLVxdq7l55+7naPkElwPACDeNb5bnWKfj47+wN0sAAAAQUr/p9pxqvrDAnez+IMrmAAcW1lbfXCnum+fu1kAAACCsM+etbw/Xf0h6q9celhgAnCtizLwPvU922021M7FMAAAAOGTn6++ulYdcLy9oqmTccKAW2QBRJjqN6iptsBscq+7WQAAAPy04mu1dZq680Fno4QJVzABRJgttunPM3lq1pnuZgEAAPBTr45q7C0sPRxTAiBCrbTtuhv1V1tUcjcLAABASazqpN4/Td03290s4cUVTAARKnuc+qxdydy6xd0sAAAAxXHgW/VR28Rwaw93swSDBSaACJd2ifrKKtV7OB4AACBSZTZUH79L/aaTu1mCxS2yACLdVmVBttqmslq/vpNpAAAACpTfVn35bfXVamre393MEzx2kQUQZU6x8zLHjFar3eBuFgAAgF8bd5Z6bVV193B3s7jBFUwAUWbTReqe1uqFZdREbvkHAACObGik3mJ7SGz8q7tZ3OIbMgDRpr3y8Wp18DZnkwAAgDiXNV998BR12U3uZokM3CILIMrVtofmxxxQmw5yNwsAAIgvQ5qrNyxVc3PdzRIZWGACiBHN7fPZF3asSVN3owAAgBi38hv1orrqqpbuZoks3CILIEYstONLrrPzMrd3cDcLAACITT/frV7XTmVheTAWmABizNIaaq+ObucAAACxY59tLvgPuyV2QWV3s0Q2FpgAYtTbVdRlS93OAQAAolfuePUF+8H1sGHuZokOLDABxKgt96p/OU7d/g93swAAgChjt8D2W6++uUDNm+hmnOjBOZgAYtw6+0Ha7MvUdl+qR57tZh4AABC5ctPUt65XH+2j7h/sYppoxC6yAOJE4onqzTerb9stL0fxk0gAAGCmP6BeeZW6jU0Di4grmADiRL7tLrvQjjH5cYZ69QVq6VrBzwQAACLDlr+r12xS1z3mbpboxgITQLxJU1ZOUKt+r7aybcaTkgOfCAAAOLJrp3pXY3XaNHvFEifjxAA2+QEQr9or/0lRBwxwNgkAAAhY5uPqv/er33xjrxjkZJwYwjOYAPB/6tRWJ9ottI1/djcLAAAIjxzb5K9zF7VrWTW3jZNxYhBXMAHg/6zfoF5yhzr2bjV/kZNxAACAj3Y3U/9qx5d1raeysPQbVzAB4JCO6Ka+v0y9+QM1gc+bAABEjZ291eeWqm+84W6W+MBmFgBwSHseUe+rpJYurV632d6A87AAAIhY+c+qL3+q9rzH3SzxhV1kAeAPHchUx92qtrdbbGq3dDMPAAAoWH6+OtC+Xj9ZSj3wuJt54g+3egFAkbROU78tr1ap6mwUAABg8ieqX3+t3rle3fG1m3niF5v8AECRzH5Uve1jdfMJ7mYBACDeeQvLQdtUFpaucQUTAIqnqdL8JrW7bQrUMUNN5Ad4AACEzb4X1OcvUd+uou5v4GYeeFhgAoAvUmaqL5yrPnCymvydm3kAAIhFeXasyEO3qW99bq9IdTENfo9NfgDAFzkfqpM7qFlj1bbXqEk3Bz8TAACxIuds9Z2F6ispau5wN/OgICwwAcBXuavU6XasSeWn1TO62xt0CHwkAACiVqbt5v6iHTfSxW6BzeIZywjFAhMAwiJ/kjp9h9rwdLWpPbuZwCMKAAAUaO8I9XHb6+CNI9XscW7mQWGxwASAsMqar357QC1v53K1ss0Ikvg8DADAL7afqP71b2qf51TvDiFEOr6xAYBAZK9QJ3ykztmnnmBfQGt2VBOqBzsXAACRYLZdqbzGvg5O2qJ6dwQhWrDABIBA5eWpK6arn9tueOXz1VNts4LEjsHOBQBAoNop045Vr31NXTXLXp8a9EDwB+e0AYBTu21B+Uhr9e1Nan5bN/MAABBO3jEjX5ygXvOj+t9NbuaB31hgAkBEyDlHfTpHfftaNfNxN/MAAOCnA4+pXV9V79qgbr3PzTwIF3YxBICIlDRVva2T2vVitXpPN/MAAFAcW2339IdPVQdsVHMnuJkH4cYzmAAQkfI/UX+4QB36nZq8TD3Rdqctxa20AIBIcp0y1naDvf5zdVJVNX9E8CMhSCwwASCyLVEyMtRpLdTS96qNJqoVmgY7FgAAv5YzQB1n51Q+/B91mV2x9L6eIdaxwASAqJJpVy4n2Dma4+yW2TZPq9Xt+JNQh0DHAgDEqa1b1X8doz4xRt201M08cI0FJgBEp1Rls50T9nUl9SjbHKjpl2ryeYFOBQCIdU2U2f9Wb7Pjt0a8q+ZNDH4kRBIWmAAQE/bsUUfacSc/1VJbL1KPLGVvWD3QsQAAMSI7Wx1ZX71hlLrCbokNpQU8EAAACF6j9erUf6r59pPl/HxKKaX08M0+S+2yWK3yTgj4A5yDCQAxbVUd9bIV6iPl1OX2+T9/UfAzAQAiV1Z/ddQd6kVd1ecrq9v/GfhIiCqcgwkAcaniFeq9A9WHd6tVq7qZBwDgiF2ZXG6Pzj1qm8WNsmcsOa8SRcMzmAAQlzKXq9OS1XH2bM0x76uNp6mJ5wY7FwAgIJ2VkWvU6werc/6h5q8JfiQAABBjUlLUp3PU/baJg+tngCillPrTfXaFssd7auUjQ4CPeAYTAPArBw6oL69Ur7BzN2eUVvPaBD8TAKD4vM3d5l6mXmPPUv5ziJqxI/iZEMt4BhMAUAgV5qq3f6w+tFNt2NDe4LnARwIA/IHtJ6pvLlDfs2ctM1q4mQcAAOD3miqV/6ve1lKdNVPNe0Z1fQsYpZTGW3ddoL79vVrvEzXUJQQEiCuYAAAflPuT+qey6sOt1Eaf2htMDnwkAIhpWU+ow3apz9mmbItswRm6PvCRgBALTACAv7ooNZepf6qreseh1LVfs+AEgKLxnoGfdbH6Yil1/Hg1a2zwMwG/xwITABBOXZQ6q9S77YrmfdXUKlsCnwgAosrGn9Xnp6oDNqq7H3YzDwAAQORor5zaVR2Tqe7fr7p+holSSl03c7TqfX5scZLqff4EIluS6wEAAHElTdlot3QNtM0opq5XK5+i1slVS5UKbDIAcCJnnDr9r+r9ldSXzld/tiuW3udPAAAAFFLSC+rxtsDsYrsirrKFZ+7TqusrDJRSWuQuUn8+U/3Ejn066261zLAQAAAAglD+NfWKy9WRI9S9j6jOv3GklNICuul49a231KPT1QT2QkFM4i82ACAKlbJbx1raOZy3fajefLN61DvBzwQgznVW0tLUPg3UTxupaz5R8ycFOhUAAACKKuE5tYUtMD+xb+Q2f6Hm5amur2RQSmOoE9X05mrX4WrNm9RQaggAAACxIKGDWj9NfXSvOqe8mmm7Mzr/BpVSGj1tq6bVU18rpzbZrHo/6ALiG7fIAgDiSBk7j7PxPPXyOeql/1abn6hWtHPneEYKiD95dufDTy3U4fbM97g31Tn91Ixp9hu6BDUZEA34wgkAiGNJdiWi7o3q6evU9tXU09LU445Ty3cLbDQA4bZY2XuxuuR5dco2ddDD6rxOavaA4EYDohcLTAAACuSdw9ngz+rtH6m33KLWrasmvRjsXACKLtd+UPTjCeqX96pDM9TVt6s5OcHOBcQWFpgAABTeEqVytnraKPWyI9Rz7RmsY+3g9FInBzcaANNZST9JnTlT7b1CHTde3dva3j41qMEAAACAIqhoz3Ze8bg6YKO6xg5U966MON+shNJY6CJ1j93KOmaM+sAD6nH27y+ZOwyAAHEFEwCAsEk8Vz3qKLXVMPX8l9Q2uWqzf6jlywc3GxBtDjymrqqjDrLdor89TZ1/tpo9Lti5APwaC0wAAILXVEm2ZznrVVZb2K17LezlJyaqxy9Qa/dWK76hJtwY3jGBIOQ9o2Ycoy62W1y/u0Cdbbs8L7Irl+u7qwcm2TvYEPYRARQaC0wAACJXe6WUXfGsUkU953j1UtsFt+VDar1P1CNst9uk88I+IXBYuXalPsOeiVx2kzotWZ1g50v+8IOaPlXN+zKY+QD4iQUmAADRK1UpW1atUUNt+ne149HqKaXVEyao1WyzouTksE+IOJA/Uc34l7ruU3WePZM88lV1ht0ivm2w+sutrKnhnhBAcFhgAgAQu65XSn+jVlmoNmigtrArSi1sYXDqGrVxplp+tvrLQnRy2CZFJGqnZD+l7typLrZzYqfYlcbvy6mLqqpb7Bbw/aer3qY8AOIBC0wAAJCqpNhxDlWvU2uvVJvco3qbER3bWD3OFh41bDOjIy5TS10QtknhB3t2cf+36pYt6vqKqndO5PxK9mvbpGpdP3W7PRucbbu0cgUSwP+wwAQAAEWUYLt3VrBbIavZguVouyW3nh1YX3+tWne12vgutZadR1jpStXbtKisLXATetgHuuGgQmwTnPwuao53hfEUq12xXj9aXZakrrL/Dqs+Utfalez19t9l54dq1pW+TwwgbrDABAAA4Wa3TCb1UUu9o3rPjpazA++PGKVW/VqttFQ9ym7RrWgLpoqvq96xLhVtgVRprL1fW+CWtVt+U16xj3uyWsZu8SxjV2KTlx9U+3iJQwr48yxW8uyW47w8NdduNc61hfYBu8U0K8t67G+72xbUuy5U91yi7rXNmnbvVnfUUrdfbe1qvd9e/539vu/VffvUTFso5l5TwJ8DAAAAAFBCXRTvnNKkjlZ7prDU+Wrp0n9c7+1KlVK9hWmSXTH0rvQCAAAAAAAAKJJE1wMAAAAAAGIDC0wAAAAAgC9YYAIAAAAAfMECEwAAAADgCxaYAAAAAABfsMAEAAAAAPiCBSYAAAAAwBcsMAEAAAAAvmCBCQAAAADwBQtMAAAAAIAvWGACAAAAAHzBAhMAAAAA4AsWmAAAAAAAX7DABAAAAAD4ggUmAAAAAMAXLDABAAAAAL5ggQkAAAAA8AULTAAAAACAL1hgAgAAAAB8wQITAAAAAOALFpgAAAAAAF+wwAQAAAAA+IIFJgAAAADAFywwAQAAAAC+YIEJAAAAAPAFC0wAAAAAgC9YYAIAAAAAfMECEwAAAADgCxaYAAAAAABfsMAEAAAAAPiCBSYAAAAAwBcsMAEAAAAAvvj/AgAA//9tuL3sHmmIHAAAAABJRU5ErkJggg==">
+      </p>
+      <h1>Back soon</h1>
+      <p>
+        This website is currently down for maintenance.
+      </p>
+      <nav>
+        <ul>
+          <li><a href="https://kosmos.org">kosmos.org</a></li>
+          <li><a href="xmpp://kosmos@chat.kosmos.org?join">XMPP chatroom</a></li>
+          <li><a href="https://kosmos.social/@kosmos">Fediverse</a></li>
+        </ul>
+      </nav>
+    </main>
+  </body>
+</html>
diff --git a/site-cookbooks/kosmos-nginx/recipes/default.rb b/site-cookbooks/kosmos-nginx/recipes/default.rb
index 12fb1c6..bee6c27 100644
--- a/site-cookbooks/kosmos-nginx/recipes/default.rb
+++ b/site-cookbooks/kosmos-nginx/recipes/default.rb
@@ -60,6 +60,22 @@ cookbook_file "#{node['nginx']['dir']}/conf.d/tls_config.conf" do
   notifies :restart, 'service[nginx]'
 end
 
+directory node["nginx"]["user_home"] do
+  owner node["nginx"]["user"]
+  group node["nginx"]["group"]
+  action :create
+  recursive true
+end
+
+# Maintenance page, to be copied or served when putting things in maintenance
+# mode
+cookbook_file "#{node["nginx"]["user_home"]}/maintenance.html" do
+  source "maintenance.html"
+  owner node['nginx']['user']
+  group node['nginx']['group']
+  mode "0640"
+end
+
 unless node.chef_environment == "development"
   include_recipe 'kosmos-base::firewall'
 
diff --git a/site-cookbooks/kosmos-nginx/resources/nginx_certbot_site.rb b/site-cookbooks/kosmos-nginx/resources/nginx_certbot_site.rb
index de6fc30..de17158 100644
--- a/site-cookbooks/kosmos-nginx/resources/nginx_certbot_site.rb
+++ b/site-cookbooks/kosmos-nginx/resources/nginx_certbot_site.rb
@@ -6,6 +6,8 @@ property :domain, String, name_property: true
 property :site, String
 
 action :create do
+  return if node.chef_environment == "development"
+
   include_recipe "kosmos-nginx"
 
   domain = new_resource.domain
diff --git a/site-cookbooks/kredits-github/CHANGELOG.md b/site-cookbooks/kredits-github/CHANGELOG.md
new file mode 100644
index 0000000..f1e847a
--- /dev/null
+++ b/site-cookbooks/kredits-github/CHANGELOG.md
@@ -0,0 +1,6 @@
+kredits-github CHANGELOG
+========================
+
+0.1.0
+-----
+- [Râu Cao] - Initial release of kredits-github
diff --git a/site-cookbooks/kredits-github/LICENSE b/site-cookbooks/kredits-github/LICENSE
new file mode 100644
index 0000000..f3b5d1c
--- /dev/null
+++ b/site-cookbooks/kredits-github/LICENSE
@@ -0,0 +1,20 @@
+Copyright (c) 2019 Kosmos Developers
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/site-cookbooks/kredits-github/README.md b/site-cookbooks/kredits-github/README.md
new file mode 100644
index 0000000..2bf8f4b
--- /dev/null
+++ b/site-cookbooks/kredits-github/README.md
@@ -0,0 +1,35 @@
+kredits-github Cookbook
+=======================
+
+This cookbook installs [kredits-github](https://github.com/67P/kredits-github).
+
+Attributes
+----------
+
+#### kredits-github::default
+<table>
+  <tr>
+    <th>Key</th>
+    <th>Type</th>
+    <th>Description</th>
+    <th>Default</th>
+  </tr>
+  <tr>
+    <td><tt>['kredits-github']['port']</tt></td>
+    <td>String</td>
+    <td>The local port that kredits-github is running on</td>
+    <td><tt>3000</tt></td>
+  </tr>
+  <tr>
+    <td><tt>['kredits-github']['revision']</tt></td>
+    <td>String</td>
+    <td>Git revision/branch to deploy</td>
+    <td><tt>master</tt></td>
+  </tr>
+  <tr>
+    <td><tt>['kredits-github']['domain']</tt></td>
+    <td>String</td>
+    <td>Domain name for requests to the app</td>
+    <td><tt>kredits-github.kosmos.org</tt></td>
+  </tr>
+</table>
diff --git a/site-cookbooks/kredits-github/attributes/default.rb b/site-cookbooks/kredits-github/attributes/default.rb
new file mode 100644
index 0000000..d024a64
--- /dev/null
+++ b/site-cookbooks/kredits-github/attributes/default.rb
@@ -0,0 +1,3 @@
+node.default['kredits-github']['port']          = '3000'
+node.default['kredits-github']['revision']      = 'master'
+node.default['kredits-github']['domain']        = 'kredits-github.kosmos.org'
diff --git a/site-cookbooks/kredits-github/metadata.rb b/site-cookbooks/kredits-github/metadata.rb
new file mode 100644
index 0000000..fdcf098
--- /dev/null
+++ b/site-cookbooks/kredits-github/metadata.rb
@@ -0,0 +1,11 @@
+name             'kredits-github'
+maintainer       'Kosmos'
+maintainer_email 'mail@kosmos.org'
+license          'MIT'
+description      'Installs/Configures kredits-github'
+long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
+version          '0.1.0'
+
+depends 'application_javascript'
+depends 'kosmos-nodejs'
+depends 'kosmos-nginx'
diff --git a/site-cookbooks/kredits-github/recipes/default.rb b/site-cookbooks/kredits-github/recipes/default.rb
new file mode 100644
index 0000000..5412cf5
--- /dev/null
+++ b/site-cookbooks/kredits-github/recipes/default.rb
@@ -0,0 +1,95 @@
+#
+# Cookbook Name:: kredits-github
+# Recipe:: default
+#
+# The MIT License (MIT)
+#
+# Copyright:: 2019, Kosmos Developers
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+include_recipe 'kosmos-nodejs'
+
+app_name     = "kredits-github"
+deploy_user  = "deploy"
+deploy_group = "deploy"
+credentials  = Chef::EncryptedDataBagItem.load('credentials', app_name)
+
+group deploy_group
+
+user deploy_user do
+  group       deploy_group
+  manage_home true
+  shell       "/bin/bash"
+  comment     "deploy user"
+end
+
+path_to_deploy = "/opt/#{app_name}"
+application path_to_deploy do
+  owner deploy_user
+  group deploy_group
+
+  git do
+    user  deploy_user
+    group deploy_group
+    repository "https://github.com/67P/#{app_name}.git"
+    revision   node[app_name]['revision']
+  end
+
+  npm_install do
+    user deploy_user
+  end
+
+  execute "systemctl daemon-reload" do
+    command "systemctl daemon-reload"
+    action :nothing
+  end
+
+  file "#{path_to_deploy}/github_app_key.pem" do
+    content credentials['private_key']
+    owner deploy_user
+    group deploy_group
+    mode '0440'
+  end
+
+  template "/lib/systemd/system/#{app_name}.service" do
+    source 'nodejs.systemd.service.erb'
+    owner 'root'
+    group 'root'
+    mode '0640'
+    variables(
+      user: deploy_user,
+      group: deploy_group,
+      app_dir: path_to_deploy,
+      entry: "/usr/bin/node /usr/bin/npm start",
+      environment: {
+        'LOG_LEVEL'        => "info",
+        'APP_ID'           => credentials['app_id'],
+        'PRIVATE_KEY_PATH' => "#{path_to_deploy}/github_app_key.pem",
+        'WEBHOOK_SECRET'   => credentials['webhook_secret'],
+      }
+    )
+    notifies :run, "execute[systemctl daemon-reload]", :delayed
+    notifies :restart, "service[#{app_name}]", :delayed
+  end
+
+  service app_name do
+    action [:enable, :start]
+  end
+end
diff --git a/site-cookbooks/kredits-github/recipes/nginx.rb b/site-cookbooks/kredits-github/recipes/nginx.rb
new file mode 100644
index 0000000..54b576a
--- /dev/null
+++ b/site-cookbooks/kredits-github/recipes/nginx.rb
@@ -0,0 +1,46 @@
+#
+# Cookbook Name:: kredits-github
+# Recipe:: nginx
+#
+# The MIT License (MIT)
+#
+# Copyright:: 2019, Kosmos Developers
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+include_recipe 'kosmos-nginx'
+server_name = node['kredits-github']['domain']
+
+template "#{node['nginx']['dir']}/sites-available/#{server_name}" do
+  source 'nginx_conf.erb'
+  owner 'www-data'
+  mode 0640
+  variables app_name:    "kredits-github",
+            nodejs_port: node['kredits-github']['port'],
+            server_name: server_name,
+            ssl_cert:    "/etc/letsencrypt/live/#{server_name}/fullchain.pem",
+            ssl_key:     "/etc/letsencrypt/live/#{server_name}/privkey.pem"
+  notifies :reload, 'service[nginx]', :delayed
+end
+
+nginx_site server_name do
+  action :enable
+end
+
+nginx_certbot_site server_name
diff --git a/site-cookbooks/kredits-github/templates/default/nginx_conf.erb b/site-cookbooks/kredits-github/templates/default/nginx_conf.erb
new file mode 100644
index 0000000..257de71
--- /dev/null
+++ b/site-cookbooks/kredits-github/templates/default/nginx_conf.erb
@@ -0,0 +1,26 @@
+# Generated by Chef
+upstream _<%= @app_name %> {
+  server   localhost:<%= @nodejs_port %>;
+}
+
+<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
+server {
+  listen 443 ssl http2;
+  server_name <%= @server_name %>;
+
+  access_log <%= node[:nginx][:log_dir] %>/<%= @app_name %>.access.log json;
+  error_log <%= node[:nginx][:log_dir] %>/<%= @app_name %>.error.log warn;
+
+  gzip on;
+
+  add_header Strict-Transport-Security "max-age=15768000";
+
+  location / {
+    proxy_buffers 1024 8k; # Increase number of buffers. Default is 8
+    proxy_pass http://_<%= @app_name %>;
+  }
+
+  ssl_certificate <%= @ssl_cert %>;
+  ssl_certificate_key <%= @ssl_key %>;
+}
+<% end -%>
diff --git a/site-cookbooks/kredits-github/templates/default/nodejs.systemd.service.erb b/site-cookbooks/kredits-github/templates/default/nodejs.systemd.service.erb
new file mode 100644
index 0000000..68f7a05
--- /dev/null
+++ b/site-cookbooks/kredits-github/templates/default/nodejs.systemd.service.erb
@@ -0,0 +1,15 @@
+[Unit]
+Description=Start nodejs app
+
+[Service]
+ExecStart=<%= @entry %>
+WorkingDirectory=<%= @app_dir %>
+User=<%= @user %>
+Group=<%= @group %>
+<% unless @environment.empty? -%>
+Environment=<% @environment.each do |key, value| -%>'<%= key %>=<%= value %>' <% end %>
+<% end -%>
+Restart=always
+
+[Install]
+WantedBy=multi-user.target