Merge branch 'master' of https://github.com/SkynetLabs/skynet-webportal into pj/mail-scanner

2021-12-20 13:46:36 +01:00 · 2021-12-20 13:46:36 +01:00 · b9feec9f1e
parent c79310f08a ee2afa6861
commit b9feec9f1e
55 changed files with 3824 additions and 3391 deletions
--- a/.github/workflows/lint-packages-dashboard.yml
+++ b/.github/workflows/lint-packages-dashboard.yml
@ -0,0 +1,24 @@
 name: Lint - packages/dashboard
 on:
  pull_request:
    paths:
      - packages/dashboard/**
 defaults:
  run:
    working-directory: packages/dashboard
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-node@v2
        with:
          node-version: 16.x
      - run: yarn
      - run: yarn prettier --check .
      - run: yarn next lint
--- a/.github/workflows/lint-packages-dnslink-api.yml
+++ b/.github/workflows/lint-packages-dnslink-api.yml
@ -0,0 +1,23 @@
 name: Lint - packages/dnslink-api
 on:
  pull_request:
    paths:
      - packages/dnslink-api/**
 defaults:
  run:
    working-directory: packages/dnslink-api
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-node@v2
        with:
          node-version: 16.x
      - run: yarn
      - run: yarn prettier --check .
--- a/.github/workflows/lint-packages-handshake-api.yml
+++ b/.github/workflows/lint-packages-handshake-api.yml
@ -0,0 +1,23 @@
 name: Lint - packages/handshake-api
 on:
  pull_request:
    paths:
      - packages/handshake-api/**
 defaults:
  run:
    working-directory: packages/handshake-api
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-node@v2
        with:
          node-version: 16.x
      - run: yarn
      - run: yarn prettier --check .
--- a/.github/workflows/lint-packages-health-check.yml
+++ b/.github/workflows/lint-packages-health-check.yml
@ -0,0 +1,23 @@
 name: Lint - packages/health-check
 on:
  pull_request:
    paths:
      - packages/health-check/**
 defaults:
  run:
    working-directory: packages/health-check
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-node@v2
        with:
          node-version: 16.x
      - run: yarn
      - run: yarn prettier --check .
--- a/.github/workflows/lint-packages-website.yml
+++ b/.github/workflows/lint-packages-website.yml
@ -0,0 +1,23 @@
 name: Lint - packages/website
 on:
  pull_request:
    paths:
      - packages/website/**
 defaults:
  run:
    working-directory: packages/website
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-node@v2
        with:
          node-version: 16.x
      - run: yarn
      - run: yarn prettier --check .
--- a/.github/workflows/lint-python.yml
+++ b/.github/workflows/lint-python.yml
@ -1,4 +1,4 @@
-name: Python Lint
+name: Lint - Python Scripts
 on:
  push:
--- a/.github/workflows/static-code-analysis.yml
+++ b/.github/workflows/static-code-analysis.yml
@ -1,25 +0,0 @@
 name: Static Code Analysis
 on: [pull_request]
 jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        package: [dashboard, dnslink-api, handshake-api, health-check, website]
      fail-fast: false
    defaults:
      run:
        working-directory: packages/${{ matrix.package }}
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-node@v2
        with:
          node-version: 16.x
      - run: yarn
      - run: yarn prettier --check .
--- a/.gitignore
+++ b/.gitignore
@ -86,16 +86,6 @@ __pycache__
 /.idea/
 /venv*
 # CockroachDB certificates
 docker/cockroach/certs/*.crt
 docker/cockroach/certs/*.key
 docker/kratos/cr_certs/*.crt
 docker/kratos/cr_certs/*.key
 # Oathkeeper JWKS signing token
 docker/kratos/oathkeeper/id_token.jwks.json
 docker/kratos/config/kratos.yml
 # Setup-script log files
 setup-scripts/serverload.log
 setup-scripts/serverload.json
--- a/README.md
+++ b/README.md
@ -89,95 +89,6 @@ Add more nodes when they are ready:
 rs.add("second.node.net:27017")
 ```
 ### Kratos & Oathkeeper Setup
 [Kratos](https://www.ory.sh/kratos) is our user management system of choice and
 [Oathkeeper](https://www.ory.sh/oathkeeper) is the identity and access proxy.
 Most of the needed config is already under `docker/kratos`. The only two things that need to be changed are the config
 for Kratos that might contain you email server password, and the JWKS Oathkeeper uses to sign its JWT tokens.
 Make sure to create your own`docker/kratos/config/kratos.yml` by copying the `kratos.yml.sample` in the same directory.
 Also make sure to never add that file to source control because it will most probably contain your email password in
 plain text!
 To override the JWKS you will need to directly edit
 `docker/kratos/oathkeeper/id_token.jwks.json` and replace it with your generated key set. If you don't know how to
 generate a key set you can use this code:
 ```go
 package main
 import (
 	"encoding/json"
 	"log"
 	"os"
 	"github.com/ory/hydra/jwk"
 )
 func main() {
 	gen := jwk.RS256Generator{
 		KeyLength: 2048,
 	}
 	jwks, err := gen.Generate("", "sig")
 	if err != nil {
 		log.Fatal(err)
 	}
 	jsonbuf, err := json.MarshalIndent(jwks, "", "  ")
 	if err != nil {
 		log.Fatal("failed to generate JSON: %s", err)
 	}
 	os.Stdout.Write(jsonbuf)
 }
 ```
 While you can directly put the output of this programme into the file mentioned above, you can also remove the public
 key from the set and change the `kid` of the private key to not include the prefix `private:`.
 ### CockroachDB Setup
 Kratos uses CockroachDB to store its data. For that data to be shared across all nodes that comprise your portal cluster
 setup, we need to set up a CockroachDB cluster, complete with secure communication.
 #### Generate the certificates for secure communication
 For a detailed walk-through, please check [this guide](https://www.cockroachlabs.com/docs/v20.2/secure-a-cluster.html)
 out.
 Steps:
 1. Start a local cockroach docker instance:
   `docker run -d -v "<local dir>:/cockroach/cockroach-secure" --name=crdb cockroachdb/cockroach start --insecure`
 1. Get a shall into that instance: `docker exec -it crdb /bin/bash`
 1. Go to the directory we which we mapped to a local dir: `cd /cockroach/cockroach-secure`
 1. Create the subdirectories in which to create certificates and keys: `mkdir certs my-safe-directory`
 1. Create the CA (Certificate Authority) certificate and key
   pair: `cockroach cert create-ca --certs-dir=certs --ca-key=my-safe-directory/ca.key`
 1. Create a client certificate and key pair for the root
   user: `cockroach cert create-client root --certs-dir=certs --ca-key=my-safe-directory/ca.key`
 1. Create the certificate and key pair for your
   nodes: `cockroach cert create-node cockroach mynode.siasky.net --certs-dir=certs --ca-key=my-safe-directory/ca.key`.
   Don't forget the `cockroach` node name - it's needed by our docker-compose setup. If you want to create certificates
   for more nodes, just delete the `node.*` files (after you've finished the next steps for this node!) and re-run the
   above command with the new node name.
 1. Put the contents of the `certs` folder under `docker/cockroach/certs/*` under your portal's root dir and store the
   content of `my-safe-directory` somewhere safe.
 1. Put _another copy_ of those certificates under `docker/kratos/cr_certs` and change permissions of the `*.key` files,
   so they can be read by anyone (644).
 #### Configure your CockroachDB node
 Open port 26257 on all nodes that will take part in the cluster. Ideally, you would only open the port for the other
 nodes in the cluster.
 There is some configuration that needs to be added to your `.env`file, namely:
 1. CR_IP - the public IP of your node
 1. CR_CLUSTER_NODES - a list of IPs and ports which make up your cluster, e.g.
   `95.216.13.185:26257,147.135.37.21:26257,144.76.136.122:26257`. This will be the list of nodes that will make up your
   cluster, so make sure those are accurate.
 ## Contributing
 ### Testing Your Code
--- a/changelog/items/key-updates/malware-scanner.md
+++ b/changelog/items/key-updates/malware-scanner.md
@ -0,0 +1 @@
 - Add malware scanner service, activated by adding `s` to `PORTAL_MODULES`
--- a/changelog/items/key-updates/remove-kratos.md
+++ b/changelog/items/key-updates/remove-kratos.md
@ -0,0 +1 @@
 - Remove ORY Kratos, ORY Oathkeeper, CockroachDB.
--- a/changelog/items/other/nginx-prune-hot-reload.md
+++ b/changelog/items/other/nginx-prune-hot-reload.md
@ -0,0 +1 @@
 - Hot reload Nginx after pruning cache files.
--- a/changelog/items/other/skylinks-block-batch.md
+++ b/changelog/items/other/skylinks-block-batch.md
@ -0,0 +1 @@
 - Block skylinks in batches to improve performance.
--- a/19
+++ b/19
@ -1,7 +1,15 @@
 #!/bin/bash
 # The dc command is an alias to docker-compose which also scans the current portal configuration (as defined in .env)
 # and selects the right docker-compose files to include in the operation. You can use the command in the same way you
 # would use docker-compose with the only difference being that you don't need to specify compose files. For more
 # information you can run `./dc` or `./dc help`.
 if [ -f .env ]; then
-  OLD_IFS=$IFS; IFS=$'\n'; for x in `grep -v '^#.*' .env`; do export $x; done; IFS=$OLD_IFS
+  OLD_IFS=$IFS
  IFS=$'\n'
  for x in $(grep -v '^#.*' .env); do export $x; done
  IFS=$OLD_IFS
 fi
 # include base docker compose file
@ -15,7 +23,7 @@ for i in $(seq 1 ${#PORTAL_MODULES}); do
  # blocker module - alias "b"
  if [[ ${PORTAL_MODULES:i-1:1} == "b" ]]; then
-    COMPOSE_FILES+=" -f docker-compose.blocker.yml"
+    COMPOSE_FILES+=" -f docker-compose.mongodb.yml -f docker-compose.blocker.yml"
  fi
  # jaeger module - alias "j"
@ -23,7 +31,12 @@ for i in $(seq 1 ${#PORTAL_MODULES}); do
    COMPOSE_FILES+=" -f docker-compose.jaeger.yml"
  fi
-  # mongodb module - alias "m". implied by "a" or "u"
+  # malware-scanner module - alias "s"
  if [[ ${PORTAL_MODULES:i-1:1} == "s" ]]; then
    COMPOSE_FILES+=" -f docker-compose.blocker.yml -f docker-compose.mongodb.yml -f docker-compose.malware-scanner.yml"
  fi
  # mongodb module - alias "m"
  if [[ ${PORTAL_MODULES:i-1:1} == "m" ]]; then
    COMPOSE_FILES+=" -f docker-compose.mongodb.yml"
  fi
--- a/docker-compose.accounts.yml
+++ b/docker-compose.accounts.yml
@ -77,21 +77,3 @@ services:
      - 3000
    depends_on:
      - mongo
  cockroach:
    image: cockroachdb/cockroach:v20.2.3
    container_name: cockroach
    restart: unless-stopped
    logging: *default-logging
    env_file:
      - .env
    command: start --advertise-addr=${CR_IP} --join=${CR_CLUSTER_NODES} --certs-dir=/certs --listen-addr=0.0.0.0:26257 --http-addr=0.0.0.0:8080
    volumes:
      - ./docker/data/cockroach/sqlite:/cockroach/cockroach-data
      - ./docker/cockroach/certs:/certs
    ports:
      - "4080:8080"
      - "26257:26257"
    networks:
      shared:
        ipv4_address: 10.10.10.84
--- a/docker-compose.blocker.yml
+++ b/docker-compose.blocker.yml
@ -22,7 +22,7 @@ services:
      - 4000
    networks:
      shared:
-        ipv4_address: 10.10.10.102
+        ipv4_address: 10.10.10.110
    depends_on:
      - mongo
      - sia
--- a/docker-compose.malware-scanner.yml
+++ b/docker-compose.malware-scanner.yml
@ -0,0 +1,53 @@
 version: "3.7"
 x-logging: &default-logging
  driver: json-file
  options:
    max-size: "10m"
    max-file: "3"
 services:
  clamav:
    image: clamav/clamav:stable_base
    container_name: clamav
    restart: on-failure
    logging: *default-logging
    volumes:
      - ./docker/data/clamav/clamav/defs:/var/lib/clamav
      - ./docker/clamav/clamd.conf:/etc/clamav/clamd.conf:ro
    expose:
      - 3310 # NEVER expose this outside of the local network!
    deploy:
      resources:
        limits:
          cpus: '${CLAMAV_CPU:-0.50}'
    networks:
      shared:
        ipv4_address: 10.10.10.100
  malware-scanner:
    build:
      context: ./docker/malware-scanner
      dockerfile: Dockerfile
      args:
        branch: main
    container_name: malware-scanner
    restart: unless-stopped
    logging: *default-logging
    env_file:
      - .env
    environment:
      - CLAMAV_IP=${CLAMAV_IP:-10.10.10.100}
      - CLAMAV_PORT=${CLAMAV_PORT:-3310}
      - BLOCKER_IP=${BLOCKER_IP:-10.10.10.110}
      - BLOCKER_PORT=${BLOCKER_PORT:-4000}
    expose:
      - 4000
    networks:
      shared:
        ipv4_address: 10.10.10.101
    depends_on:
      - mongo
      - clamav
      - blocker
--- a/docker/clamav/clamd.conf
+++ b/docker/clamav/clamd.conf
@ -0,0 +1,794 @@
 ##
 ## Example config file for the Clam AV daemon
 ## Please read the clamd.conf(5) manual before editing this file.
 ##
 # Comment or remove the line below.
 # Example
 # Uncomment this option to enable logging.
 # LogFile must be writable for the user running daemon.
 # A full path is required.
 # Default: disabled
 LogFile /var/log/clamav/clamd.log
 # By default the log file is locked for writing - the lock protects against
 # running clamd multiple times (if want to run another clamd, please
 # copy the configuration file, change the LogFile variable, and run
 # the daemon with --config-file option).
 # This option disables log file locking.
 # Default: no
 #LogFileUnlock yes
 # Maximum size of the log file.
 # Value of 0 disables the limit.
 # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
 # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
 # in bytes just don't use modifiers. If LogFileMaxSize is enabled, log
 # rotation (the LogRotate option) will always be enabled.
 # Default: 1M
 LogFileMaxSize 50M
 # Log time with each message.
 # Default: no
 LogTime yes
 # Also log clean files. Useful in debugging but drastically increases the
 # log size.
 # Default: no
 #LogClean yes
 # Use system logger (can work together with LogFile).
 # Default: no
 #LogSyslog yes
 # Specify the type of syslog messages - please refer to 'man syslog'
 # for facility names.
 # Default: LOG_LOCAL6
 #LogFacility LOG_MAIL
 # Enable verbose logging.
 # Default: no
 #LogVerbose yes
 # Enable log rotation. Always enabled when LogFileMaxSize is enabled.
 # Default: no
 #LogRotate yes
 # Enable Prelude output.
 # Default: no
 #PreludeEnable yes
 #
 # Set the name of the analyzer used by prelude-admin.
 # Default: ClamAV
 #PreludeAnalyzerName ClamAV
 # Log additional information about the infected file, such as its
 # size and hash, together with the virus name.
 #ExtendedDetectionInfo yes
 # This option allows you to save a process identifier of the listening
 # daemon (main thread).
 # This file will be owned by root, as long as clamd was started by root.
 # It is recommended that the directory where this file is stored is
 # also owned by root to keep other users from tampering with it.
 # Default: disabled
 PidFile /run/lock/clamd.pid
 # Optional path to the global temporary directory.
 # Default: system specific (usually /tmp or /var/tmp).
 #TemporaryDirectory /var/tmp
 # Path to the database directory.
 # Default: hardcoded (depends on installation options)
 #DatabaseDirectory /var/lib/clamav
 # Only load the official signatures published by the ClamAV project.
 # Default: no
 #OfficialDatabaseOnly no
 # The daemon can work in local mode, network mode or both.
 # Due to security reasons we recommend the local mode.
 # Path to a local socket file the daemon will listen on.
 # Default: disabled (must be specified by a user)
 LocalSocket /run/clamav/clamd.sock
 # Sets the group ownership on the unix socket.
 # Default: disabled (the primary group of the user running clamd)
 #LocalSocketGroup virusgroup
 # Sets the permissions on the unix socket to the specified mode.
 # Default: disabled (socket is world accessible)
 #LocalSocketMode 660
 # Remove stale socket after unclean shutdown.
 # Default: yes
 #FixStaleSocket yes
 # TCP port address.
 # Default: no
 TCPSocket 3310
 # TCP address.
 # By default we bind to INADDR_ANY, probably not wise.
 # Enable the following to provide some degree of protection
 # from the outside world. This option can be specified multiple
 # times if you want to listen on multiple IPs. IPv6 is now supported.
 # Default: no
 TCPAddr 0.0.0.0
 # Maximum length the queue of pending connections may grow to.
 # Default: 200
 #MaxConnectionQueueLength 30
 # Clamd uses FTP-like protocol to receive data from remote clients.
 # If you are using clamav-milter to balance load between remote clamd daemons
 # on firewall servers you may need to tune the options below.
 # Close the connection when the data size limit is exceeded.
 # The value should match your MTA's limit for a maximum attachment size.
 # Default: 25M
 StreamMaxLength 100M
 # Limit port range.
 # Default: 1024
 #StreamMinPort 30000
 # Default: 2048
 #StreamMaxPort 32000
 # Maximum number of threads running at the same time.
 # Default: 10
 #MaxThreads 20
 # Waiting for data from a client socket will timeout after this time (seconds).
 # Default: 120
 #ReadTimeout 300
 # This option specifies the time (in seconds) after which clamd should
 # timeout if a client doesn't provide any initial command after connecting.
 # Default: 30
 #CommandReadTimeout 30
 # This option specifies how long to wait (in milliseconds) if the send buffer
 # is full.
 # Keep this value low to prevent clamd hanging.
 #
 # Default: 500
 #SendBufTimeout 200
 # Maximum number of queued items (including those being processed by
 # MaxThreads threads).
 # It is recommended to have this value at least twice MaxThreads if possible.
 # WARNING: you shouldn't increase this too much to avoid running out  of file
 # descriptors, the following condition should hold:
 # MaxThreads*MaxRecursion + (MaxQueue - MaxThreads) + 6< RLIMIT_NOFILE (usual
 # max is 1024).
 #
 # Default: 100
 #MaxQueue 200
 # Waiting for a new job will timeout after this time (seconds).
 # Default: 30
 #IdleTimeout 60
 # Don't scan files and directories matching regex
 # This directive can be used multiple times
 # Default: scan all
 #ExcludePath ^/proc/
 #ExcludePath ^/sys/
 # Maximum depth directories are scanned at.
 # Default: 15
 #MaxDirectoryRecursion 20
 # Follow directory symlinks.
 # Default: no
 #FollowDirectorySymlinks yes
 # Follow regular file symlinks.
 # Default: no
 #FollowFileSymlinks yes
 # Scan files and directories on other filesystems.
 # Default: yes
 #CrossFilesystems yes
 # Perform a database check.
 # Default: 600 (10 min)
 #SelfCheck 600
 # Enable non-blocking (multi-threaded/concurrent) database reloads.
 # This feature will temporarily load a second scanning engine while scanning
 # continues using the first engine. Once loaded, the new engine takes over.
 # The old engine is removed as soon as all scans using the old engine have
 # completed.
 # This feature requires more RAM, so this option is provided in case users are
 # willing to block scans during reload in exchange for lower RAM requirements.
 # Default: yes
 ConcurrentDatabaseReload no
 # Execute a command when virus is found. In the command string %v will
 # be replaced with the virus name and %f will be replaced with the file name.
 # Additionally, two environment variables will be defined: $CLAM_VIRUSEVENT_FILENAME
 # and $CLAM_VIRUSEVENT_VIRUSNAME.
 # Default: no
 #VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v in %f"
 # Run as another user (clamd must be started by root for this option to work)
 # Default: don't drop privileges
 User clamav
 # Stop daemon when libclamav reports out of memory condition.
 #ExitOnOOM yes
 # Don't fork into background.
 # Default: no
 #Foreground yes
 # Enable debug messages in libclamav.
 # Default: no
 #Debug yes
 # Do not remove temporary files (for debug purposes).
 # Default: no
 #LeaveTemporaryFiles yes
 # Permit use of the ALLMATCHSCAN command. If set to no, clamd will reject
 # any ALLMATCHSCAN command as invalid.
 # Default: yes
 #AllowAllMatchScan no
 # Detect Possibly Unwanted Applications.
 # Default: no
 #DetectPUA yes
 # Exclude a specific PUA category. This directive can be used multiple times.
 # See https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-pua.md for
 # the complete list of PUA categories.
 # Default: Load all categories (if DetectPUA is activated)
 #ExcludePUA NetTool
 #ExcludePUA PWTool
 # Only include a specific PUA category. This directive can be used multiple
 # times.
 # Default: Load all categories (if DetectPUA is activated)
 #IncludePUA Spy
 #IncludePUA Scanner
 #IncludePUA RAT
 # This option causes memory or nested map scans to dump the content to disk.
 # If you turn on this option, more data is written to disk and is available
 # when the LeaveTemporaryFiles option is enabled.
 #ForceToDisk yes
 # This option allows you to disable the caching feature of the engine. By
 # default, the engine will store an MD5 in a cache of any files that are
 # not flagged as virus or that hit limits checks. Disabling the cache will
 # have a negative performance impact on large scans.
 # Default: no
 #DisableCache yes
 # In some cases (eg. complex malware, exploits in graphic files, and others),
 # ClamAV uses special algorithms to detect abnormal patterns and behaviors that
 # may be malicious.  This option enables alerting on such heuristically
 # detected potential threats.
 # Default: yes
 #HeuristicAlerts yes
 # Allow heuristic alerts to take precedence.
 # When enabled, if a heuristic scan (such as phishingScan) detects
 # a possible virus/phish it will stop scan immediately. Recommended, saves CPU
 # scan-time.
 # When disabled, virus/phish detected by heuristic scans will be reported only
 # at the end of a scan. If an archive contains both a heuristically detected
 # virus/phish, and a real malware, the real malware will be reported
 #
 # Keep this disabled if you intend to handle "Heuristics.*" viruses
 # differently from "real" malware.
 # If a non-heuristically-detected virus (signature-based) is found first,
 # the scan is interrupted immediately, regardless of this config option.
 #
 # Default: no
 #HeuristicScanPrecedence yes
 ##
 ## Heuristic Alerts
 ##
 # With this option clamav will try to detect broken executables (both PE and
 # ELF) and alert on them with the Broken.Executable heuristic signature.
 # Default: no
 #AlertBrokenExecutables yes
 # With this option clamav will try to detect broken media file (JPEG,
 # TIFF, PNG, GIF) and alert on them with a Broken.Media heuristic signature.
 # Default: no
 #AlertBrokenMedia yes
 # Alert on encrypted archives _and_ documents with heuristic signature
 # (encrypted .zip, .7zip, .rar, .pdf).
 # Default: no
 #AlertEncrypted yes
 # Alert on encrypted archives with heuristic signature (encrypted .zip, .7zip,
 # .rar).
 # Default: no
 #AlertEncryptedArchive yes
 # Alert on encrypted archives with heuristic signature (encrypted .pdf).
 # Default: no
 #AlertEncryptedDoc yes
 # With this option enabled OLE2 files containing VBA macros, which were not
 # detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros".
 # Default: no
 #AlertOLE2Macros yes
 # Alert on SSL mismatches in URLs, even if the URL isn't in the database.
 # This can lead to false positives.
 # Default: no
 #AlertPhishingSSLMismatch yes
 # Alert on cloaked URLs, even if URL isn't in database.
 # This can lead to false positives.
 # Default: no
 #AlertPhishingCloak yes
 # Alert on raw DMG image files containing partition intersections
 # Default: no
 #AlertPartitionIntersection yes
 ##
 ## Executable files
 ##
 # PE stands for Portable Executable - it's an executable file format used
 # in all 32 and 64-bit versions of Windows operating systems. This option
 # allows ClamAV to perform a deeper analysis of executable files and it's also
 # required for decompression of popular executable packers such as UPX, FSG,
 # and Petite. If you turn off this option, the original files will still be
 # scanned, but without additional processing.
 # Default: yes
 #ScanPE yes
 # Certain PE files contain an authenticode signature. By default, we check
 # the signature chain in the PE file against a database of trusted and
 # revoked certificates if the file being scanned is marked as a virus.
 # If any certificate in the chain validates against any trusted root, but
 # does not match any revoked certificate, the file is marked as trusted.
 # If the file does match a revoked certificate, the file is marked as virus.
 # The following setting completely turns off authenticode verification.
 # Default: no
 #DisableCertCheck yes
 # Executable and Linking Format is a standard format for UN*X executables.
 # This option allows you to control the scanning of ELF files.
 # If you turn off this option, the original files will still be scanned, but
 # without additional processing.
 # Default: yes
 #ScanELF yes
 ##
 ## Documents
 ##
 # This option enables scanning of OLE2 files, such as Microsoft Office
 # documents and .msi files.
 # If you turn off this option, the original files will still be scanned, but
 # without additional processing.
 # Default: yes
 #ScanOLE2 yes
 # This option enables scanning within PDF files.
 # If you turn off this option, the original files will still be scanned, but
 # without decoding and additional processing.
 # Default: yes
 #ScanPDF yes
 # This option enables scanning within SWF files.
 # If you turn off this option, the original files will still be scanned, but
 # without decoding and additional processing.
 # Default: yes
 #ScanSWF yes
 # This option enables scanning xml-based document files supported by libclamav.
 # If you turn off this option, the original files will still be scanned, but
 # without additional processing.
 # Default: yes
 #ScanXMLDOCS yes
 # This option enables scanning of HWP3 files.
 # If you turn off this option, the original files will still be scanned, but
 # without additional processing.
 # Default: yes
 #ScanHWP3 yes
 ##
 ## Mail files
 ##
 # Enable internal e-mail scanner.
 # If you turn off this option, the original files will still be scanned, but
 # without parsing individual messages/attachments.
 # Default: yes
 #ScanMail yes
 # Scan RFC1341 messages split over many emails.
 # You will need to periodically clean up $TemporaryDirectory/clamav-partial
 # directory.
 # WARNING: This option may open your system to a DoS attack.
 #	   Never use it on loaded servers.
 # Default: no
 #ScanPartialMessages yes
 # With this option enabled ClamAV will try to detect phishing attempts by using
 # HTML.Phishing and Email.Phishing NDB signatures.
 # Default: yes
 #PhishingSignatures no
 # With this option enabled ClamAV will try to detect phishing attempts by
 # analyzing URLs found in emails using WDB and PDB signature databases.
 # Default: yes
 #PhishingScanURLs no
 ##
 ## Data Loss Prevention (DLP)
 ##
 # Enable the DLP module
 # Default: No
 #StructuredDataDetection yes
 # This option sets the lowest number of Credit Card numbers found in a file
 # to generate a detect.
 # Default: 3
 #StructuredMinCreditCardCount 5
 # With this option enabled the DLP module will search for valid Credit Card
 # numbers only. Debit and Private Label cards will not be searched.
 # Default: no
 #StructuredCCOnly yes
 # This option sets the lowest number of Social Security Numbers found
 # in a file to generate a detect.
 # Default: 3
 #StructuredMinSSNCount 5
 # With this option enabled the DLP module will search for valid
 # SSNs formatted as xxx-yy-zzzz
 # Default: yes
 #StructuredSSNFormatNormal yes
 # With this option enabled the DLP module will search for valid
 # SSNs formatted as xxxyyzzzz
 # Default: no
 #StructuredSSNFormatStripped yes
 ##
 ## HTML
 ##
 # Perform HTML normalisation and decryption of MS Script Encoder code.
 # Default: yes
 # If you turn off this option, the original files will still be scanned, but
 # without additional processing.
 #ScanHTML yes
 ##
 ## Archives
 ##
 # ClamAV can scan within archives and compressed files.
 # If you turn off this option, the original files will still be scanned, but
 # without unpacking and additional processing.
 # Default: yes
 #ScanArchive yes
 ##
 ## Limits
 ##
 # The options below protect your system against Denial of Service attacks
 # using archive bombs.
 # This option sets the maximum amount of time to a scan may take.
 # In this version, this field only affects the scan time of ZIP archives.
 # Value of 0 disables the limit.
 # Note: disabling this limit or setting it too high may result allow scanning
 # of certain files to lock up the scanning process/threads resulting in a
 # Denial of Service.
 # Time is in milliseconds.
 # Default: 120000
 MaxScanTime 300000
 # This option sets the maximum amount of data to be scanned for each input
 # file. Archives and other containers are recursively extracted and scanned
 # up to this value.
 # Value of 0 disables the limit
 # Note: disabling this limit or setting it too high may result in severe damage
 # to the system.
 # Default: 100M
 MaxScanSize 1024M
 # Files larger than this limit won't be scanned. Affects the input file itself
 # as well as files contained inside it (when the input file is an archive, a
 # document or some other kind of container).
 # Value of 0 disables the limit.
 # Note: disabling this limit or setting it too high may result in severe damage
 # to the system.
 # Technical design limitations prevent ClamAV from scanning files greater than
 # 2 GB at this time.
 # Default: 25M
 MaxFileSize 1024M
 # Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
 # file, all files within it will also be scanned. This options specifies how
 # deeply the process should be continued.
 # Note: setting this limit too high may result in severe damage to the system.
 # Default: 17
 #MaxRecursion 10
 # Number of files to be scanned within an archive, a document, or any other
 # container file.
 # Value of 0 disables the limit.
 # Note: disabling this limit or setting it too high may result in severe damage
 # to the system.
 # Default: 10000
 #MaxFiles 15000
 # Maximum size of a file to check for embedded PE. Files larger than this value
 # will skip the additional analysis step.
 # Note: disabling this limit or setting it too high may result in severe damage
 # to the system.
 # Default: 10M
 #MaxEmbeddedPE 10M
 # Maximum size of a HTML file to normalize. HTML files larger than this value
 # will not be normalized or scanned.
 # Note: disabling this limit or setting it too high may result in severe damage
 # to the system.
 # Default: 10M
 #MaxHTMLNormalize 10M
 # Maximum size of a normalized HTML file to scan. HTML files larger than this
 # value after normalization will not be scanned.
 # Note: disabling this limit or setting it too high may result in severe damage
 # to the system.
 # Default: 2M
 #MaxHTMLNoTags 2M
 # Maximum size of a script file to normalize. Script content larger than this
 # value will not be normalized or scanned.
 # Note: disabling this limit or setting it too high may result in severe damage
 # to the system.
 # Default: 5M
 #MaxScriptNormalize 5M
 # Maximum size of a ZIP file to reanalyze type recognition. ZIP files larger
 # than this value will skip the step to potentially reanalyze as PE.
 # Note: disabling this limit or setting it too high may result in severe damage
 # to the system.
 # Default: 1M
 #MaxZipTypeRcg 1M
 # This option sets the maximum number of partitions of a raw disk image to be
 # scanned.
 # Raw disk images with more partitions than this value will have up to
 # the value number partitions scanned. Negative values are not allowed.
 # Note: setting this limit too high may result in severe damage or impact
 # performance.
 # Default: 50
 #MaxPartitions 128
 # This option sets the maximum number of icons within a PE to be scanned.
 # PE files with more icons than this value will have up to the value number
 # icons scanned.
 # Negative values are not allowed.
 # WARNING: setting this limit too high may result in severe damage or impact
 # performance.
 # Default: 100
 #MaxIconsPE 200
 # This option sets the maximum recursive calls for HWP3 parsing during
 # scanning. HWP3 files using more than this limit will be terminated and
 # alert the user.
 # Scans will be unable to scan any HWP3 attachments if the recursive limit
 # is reached.
 # Negative values are not allowed.
 # WARNING: setting this limit too high may result in severe damage or impact
 # performance.
 # Default: 16
 #MaxRecHWP3 16
 # This option sets the maximum calls to the PCRE match function during
 # an instance of regex matching.
 # Instances using more than this limit will be terminated and alert the user
 # but the scan will continue.
 # For more information on match_limit, see the PCRE documentation.
 # Negative values are not allowed.
 # WARNING: setting this limit too high may severely impact performance.
 # Default: 100000
 #PCREMatchLimit 20000
 # This option sets the maximum recursive calls to the PCRE match function
 # during an instance of regex matching.
 # Instances using more than this limit will be terminated and alert the user
 # but the scan will continue.
 # For more information on match_limit_recursion, see the PCRE documentation.
 # Negative values are not allowed and values > PCREMatchLimit are superfluous.
 # WARNING: setting this limit too high may severely impact performance.
 # Default: 2000
 #PCRERecMatchLimit 10000
 # This option sets the maximum filesize for which PCRE subsigs will be
 # executed. Files exceeding this limit will not have PCRE subsigs executed
 # unless a subsig is encompassed to a smaller buffer.
 # Negative values are not allowed.
 # Setting this value to zero disables the limit.
 # WARNING: setting this limit too high or disabling it may severely impact
 # performance.
 # Default: 25M
 #PCREMaxFileSize 100M
 # When AlertExceedsMax is set, files exceeding the MaxFileSize, MaxScanSize, or
 # MaxRecursion limit will be flagged with the virus name starting with
 # "Heuristics.Limits.Exceeded".
 # Default: no
 #AlertExceedsMax yes
 ##
 ## On-access Scan Settings
 ##
 # Don't scan files larger than OnAccessMaxFileSize
 # Value of 0 disables the limit.
 # Default: 5M
 #OnAccessMaxFileSize 10M
 # Max number of scanning threads to allocate to the OnAccess thread pool at
 # startup. These threads are the ones responsible for creating a connection
 # with the daemon and kicking off scanning after an event has been processed.
 # To prevent clamonacc from consuming all clamd's resources keep this lower
 # than clamd's max threads.
 # Default: 5
 #OnAccessMaxThreads 10
 # Max amount of time (in milliseconds) that the OnAccess client should spend
 # for every connect, send, and recieve attempt when communicating with clamd
 # via curl.
 # Default: 5000 (5 seconds)
 # OnAccessCurlTimeout 10000
 # Toggles dynamic directory determination. Allows for recursively watching
 # include paths.
 # Default: no
 #OnAccessDisableDDD yes
 # Set the include paths (all files inside them will be scanned). You can have
 # multiple OnAccessIncludePath directives but each directory must be added
 # in a separate line.
 # Default: disabled
 #OnAccessIncludePath /home
 #OnAccessIncludePath /students
 # Set the exclude paths. All subdirectories are also excluded.
 # Default: disabled
 #OnAccessExcludePath /home/user
 # Modifies fanotify blocking behaviour when handling permission events.
 # If off, fanotify will only notify if the file scanned is a virus,
 # and not perform any blocking.
 # Default: no
 #OnAccessPrevention yes
 # When using prevention, if this option is turned on, any errors that occur
 # during scanning will result in the event attempt being denied. This could
 # potentially lead to unwanted system behaviour with certain configurations,
 # so the client defaults this to off and prefers allowing access events in
 # case of scan or connection error.
 # Default: no
 #OnAccessDenyOnError yes
 # Toggles extra scanning and notifications when a file or directory is
 # created or moved.
 # Requires the  DDD system to kick-off extra scans.
 # Default: no
 #OnAccessExtraScanning yes
 # Set the  mount point to be scanned. The mount point specified, or the mount
 # point containing the specified directory will be watched. If any directories
 # are specified, this option will preempt (disable and ignore all options
 # related to) the DDD system. This option will result in verdicts only.
 # Note that prevention is explicitly disallowed to prevent common, fatal
 # misconfigurations. (e.g. watching "/" with prevention on and no exclusions
 # made on vital system directories)
 # It can be used multiple times.
 # Default: disabled
 #OnAccessMountPath /
 #OnAccessMountPath /home/user
 # With this option you can exclude the root UID (0). Processes run under
 # root with be able to access all files without triggering scans or
 # permission denied events.
 # Note that if clamd cannot check the uid of the process that generated an
 # on-access scan event (e.g., because OnAccessPrevention was not enabled, and
 # the process already exited), clamd will perform a scan.  Thus, setting
 # OnAccessExcludeRootUID is not *guaranteed* to prevent every access by the
 # root user from triggering a scan (unless OnAccessPrevention is enabled).
 # Default: no
 #OnAccessExcludeRootUID no
 # With this option you can exclude specific UIDs. Processes with these UIDs
 # will be able to access all files without triggering scans or permission
 # denied events.
 # This option can be used multiple times (one per line).
 # Using a value of 0 on any line will disable this option entirely.
 # To exclude the root UID (0) please enable the OnAccessExcludeRootUID
 # option.
 # Also note that if clamd cannot check the uid of the process that generated an
 # on-access scan event (e.g., because OnAccessPrevention was not enabled, and
 # the process already exited), clamd will perform a scan.  Thus, setting
 # OnAccessExcludeUID is not *guaranteed* to prevent every access by the
 # specified uid from triggering a scan (unless OnAccessPrevention is enabled).
 # Default: disabled
 #OnAccessExcludeUID -1
 # This option allows exclusions via user names when using the on-access
 # scanning client. It can be used multiple times.
 # It has the same potential race condition limitations of the
 # OnAccessExcludeUID option.
 # Default: disabled
 #OnAccessExcludeUname clamav
 # Number of times the OnAccess client will retry a failed scan due to
 # connection problems (or other issues).
 # Default: 0
 #OnAccessRetryAttempts 3
 ##
 ## Bytecode
 ##
 # With this option enabled ClamAV will load bytecode from the database.
 # It is highly recommended you keep this option on, otherwise you'll miss
 # detections for many new viruses.
 # Default: yes
 #Bytecode yes
 # Set bytecode security level.
 # Possible values:
 #   None -      No security at all, meant for debugging.
 #               DO NOT USE THIS ON PRODUCTION SYSTEMS.
 #               This value is only available if clamav was built
 #               with --enable-debug!
 #   TrustSigned - Trust bytecode loaded from signed .c[lv]d files, insert
 #               runtime safety checks for bytecode loaded from other sources.
 #   Paranoid -  Don't trust any bytecode, insert runtime checks for all.
 # Recommended: TrustSigned, because bytecode in .cvd files already has these
 # checks.
 # Note that by default only signed bytecode is loaded, currently you can only
 # load unsigned bytecode in --enable-debug mode.
 #
 # Default: TrustSigned
 #BytecodeSecurity TrustSigned
 # Allow loading bytecode from outside digitally signed .c[lv]d files.
 # **Caution**: You should NEVER run bytecode signatures from untrusted sources.
 # Doing so may result in arbitrary code execution.
 # Default: no
 #BytecodeUnsigned yes
 # Set bytecode timeout in milliseconds.
 #
 # Default: 5000
 # BytecodeTimeout 1000
--- a/docker/handshake/Dockerfile
+++ b/docker/handshake/Dockerfile
@ -1,4 +1,4 @@
-FROM node:16.13.0-alpine
+FROM node:16.13.1-alpine
 WORKDIR /opt/hsd
--- a/docker/malware-scanner/Dockerfile
+++ b/docker/malware-scanner/Dockerfile
@ -0,0 +1,23 @@
 FROM golang:1.17.3
 LABEL maintainer="SkynetLabs <devs@siasky.net>"
 ENV GOOS linux
 ENV GOARCH amd64
 ARG branch=main
 WORKDIR /root
 RUN git clone --single-branch --branch ${branch} https://github.com/SkynetLabs/malware-scanner.git && \
    cd malware-scanner && \
    go mod download && \
    make release
 ENV SKYNET_DB_HOST="localhost"
 ENV SKYNET_DB_PORT="27017"
 ENV SKYNET_DB_USER="username"
 ENV SKYNET_DB_PASS="password"
 ENV CLAMAV_IP=127.0.0.1
 ENV CLAMAV_PORT=3310
 ENTRYPOINT ["malware-scanner"]
--- a/docker/nginx/conf.d/include/track-download
+++ b/docker/nginx/conf.d/include/track-download
@ -20,8 +20,29 @@ log_by_lua_block {
        end
    end
    local function scan(premature, skylink, jwt)
        if premature then return end
        local httpc = require("resty.http").new()
        -- 10.10.10.101 points to malware-scanner service (alias not available when using resty-http)
        local res, err = httpc:request_uri("http://10.10.10.101:4000/scan/" .. skylink, {
            method = "POST",
            headers = { ["Cookie"] = "skynet-jwt=" .. jwt },
        })
        if err or (res and res.status ~= ngx.HTTP_OK) then
            ngx.log(ngx.ERR, "Failed malware-scanner request /scan/" .. skylink .. ": ", err or ("[HTTP " .. res.status .. "] " .. res.body))
        end
    end
    if ngx.header["Skynet-Skylink"] and ngx.var.skynet_jwt ~= "" and ngx.status >= ngx.HTTP_OK and ngx.status < ngx.HTTP_SPECIAL_RESPONSE then
        local ok, err = ngx.timer.at(0, track, ngx.header["Skynet-Skylink"], ngx.status, ngx.var.body_bytes_sent, ngx.var.skynet_jwt)
        if err then ngx.log(ngx.ERR, "Failed to create timer: ", err) end
    end
    -- Unlike accounts, malware-scanner wants to be pinged about each skylink,
    -- not only the ones downloaded by registered accounts.
    local scan_ok, scan_err = ngx.timer.at(0, scan, ngx.header["Skynet-Skylink"], ngx.var.skynet_jwt)
    if scan_err then ngx.log(ngx.ERR, "Failed to create timer: ", scan_err) end
 }
--- a/docker/nginx/conf.d/include/track-upload
+++ b/docker/nginx/conf.d/include/track-upload
@ -19,8 +19,29 @@ log_by_lua_block {
        end
    end
    local function scan(premature, skylink, jwt)
        if premature then return end
        local httpc = require("resty.http").new()
        -- 10.10.10.101 points to malware-scanner service (alias not available when using resty-http)
        local res, err = httpc:request_uri("http://10.10.10.101:4000/scan/" .. skylink, {
            method = "POST",
            headers = { ["Cookie"] = "skynet-jwt=" .. jwt },
        })
        if err or (res and res.status ~= ngx.HTTP_OK) then
            ngx.log(ngx.ERR, "Failed malware-scanner request /scan/" .. skylink .. ": ", err or ("[HTTP " .. res.status .. "] " .. res.body))
        end
    end
    if ngx.header["Skynet-Skylink"] and ngx.var.skynet_jwt ~= "" then
        local ok, err = ngx.timer.at(0, track, ngx.header["Skynet-Skylink"], ngx.var.skynet_jwt)
        if err then ngx.log(ngx.ERR, "Failed to create timer: ", err) end
    end
    -- Unlike accounts, malware-scanner wants to be pinged about each skylink,
    -- not only the ones uploaded by registered accounts.
    local scan_ok, scan_err = ngx.timer.at(0, scan, ngx.header["Skynet-Skylink"], ngx.var.skynet_jwt)
    if scan_err then ngx.log(ngx.ERR, "Failed to create timer: ", scan_err) end
 }
--- a/docker/nginx/conf.d/server/server.account
+++ b/docker/nginx/conf.d/server/server.account
@ -8,6 +8,14 @@ location / {
    proxy_pass http://dashboard:3000;
 }
 location /health {
    proxy_pass http://accounts:3000;
 }
 location /stripe/webhook {
    proxy_pass http://accounts:3000;
 }
 location /api/stripe/billing {
    proxy_pass http://dashboard:3000;
 }
--- a/docker/nginx/conf.d/server/server.api
+++ b/docker/nginx/conf.d/server/server.api
@ -120,7 +120,7 @@ location /abuse/ {
        return 204;
    }
-    proxy_pass http://10.10.10.102:4000/;
+    proxy_pass http://10.10.10.110:4000/;
 }
 location /report-abuse {
@ -180,7 +180,7 @@ location /skynet/skyfile {
    limit_conn upload_conn 5;
    limit_conn upload_conn_rl 1;
-    client_max_body_size 1000M; # make sure to limit the size of upload to a sane value
+    client_max_body_size 5000M; # make sure to limit the size of upload to a sane value
    # increase request timeouts
    proxy_read_timeout 600;
@ -239,8 +239,8 @@ location /skynet/tus {
    # set max upload size dynamically based on account limits
    rewrite_by_lua_block {
-        -- set default limit value to 1 GB
+        -- set default limit value to 5 GB
-        ngx.req.set_header("SkynetMaxUploadSize", 1073741824)
+        ngx.req.set_header("SkynetMaxUploadSize", 5368709120)
        -- this block runs only when accounts are enabled
        if os.getenv("ACCOUNTS_ENABLED") ~= "true" then return end
--- a/packages/dashboard/Dockerfile
+++ b/packages/dashboard/Dockerfile
@ -1,4 +1,4 @@
-FROM node:16.13.0-alpine
+FROM node:16.13.1-alpine
 WORKDIR /usr/app
--- a/packages/dashboard/next.config.js
+++ b/packages/dashboard/next.config.js
@ -0,0 +1,15 @@
 module.exports = {
  async redirects() {
    const redirects = [];
    if (process.env.ACCOUNTS_MAINTENANCE === "true") {
      redirects.push({
        source: "/((?!maintenance$).*)",
        destination: "/maintenance",
        permanent: false,
      });
    }
    return redirects;
  },
 };
--- a/packages/dashboard/package.json
+++ b/packages/dashboard/package.json
@ -9,10 +9,9 @@
  },
  "dependencies": {
    "@fontsource/sora": "4.5.0",
-    "@fontsource/source-sans-pro": "4.5.0",
+    "@fontsource/source-sans-pro": "4.5.1",
-    "@stripe/react-stripe-js": "1.6.0",
+    "@stripe/react-stripe-js": "1.7.0",
-    "@stripe/stripe-js": "1.21.1",
+    "@stripe/stripe-js": "1.22.0",
    "autoprefixer": "10.4.0",
    "classnames": "2.3.1",
    "copy-text-to-clipboard": "^3.0.1",
    "dayjs": "1.10.7",
@ -21,25 +20,26 @@
    "formik": "2.2.9",
    "http-status-codes": "2.1.4",
    "ky": "0.28.7",
-    "next": "12.0.3",
+    "next": "12.0.5",
    "normalize.css": "8.0.1",
    "postcss": "8.3.11",
    "prettier": "2.4.1",
    "pretty-bytes": "5.6.0",
    "react": "17.0.2",
    "react-dom": "17.0.2",
    "react-toastify": "8.1.0",
    "skynet-js": "3.0.2",
-    "stripe": "8.188.0",
+    "stripe": "8.194.0",
    "superagent": "6.1.0",
-    "swr": "1.0.1",
+    "swr": "1.1.1",
    "yup": "0.32.11"
  },
  "devDependencies": {
-    "@tailwindcss/forms": "0.3.4",
+    "@tailwindcss/forms": "0.4.0",
-    "@tailwindcss/typography": "0.4.1",
+    "@tailwindcss/typography": "0.5.0",
-    "eslint": "<8.0.0",
+    "autoprefixer": "10.4.0",
-    "eslint-config-next": "12.0.3",
+    "eslint": "8.5.0",
-    "tailwindcss": "2.2.19"
+    "eslint-config-next": "12.0.7",
    "postcss": "8.4.5",
    "prettier": "2.5.1",
    "tailwindcss": "3.0.7"
  }
 }
--- a/packages/dashboard/src/pages/maintenance.js
+++ b/packages/dashboard/src/pages/maintenance.js
@ -0,0 +1,44 @@
 export default function Maintenance() {
  return (
    <div className="maintenance-gradient">
      <div className="container mx-auto">
        <section className="flex flex-wrap lg:flex-nowrap justify-center h-screen relative">
          <div className="my-auto font-poppins text-palette-600 text-center lg:text-left">
            <h1 className="font-bold text-5xl pb-5">
              Skynet Accounts <br /> is down for maintenance
            </h1>
            <p className="lg:w-5/6 pb-1">we are upgrading the service and should be back soon</p>
            <p className="lg:w-5/6">you can always contact us at hello@siasky.net</p>
            <a
              className="block lg:w-5/6 pt-5 text-xs hover:underline cursor-pointer text-palette-500 hover:text-palette-600"
              href="https://siasky.net"
            >
              <svg
                xmlns="http://www.w3.org/2000/svg"
                width={24}
                height={24}
                viewBox="0 0 32 32"
                className="inline-block transform rotate-180 fill-current"
              >
                <path
                  fillRule="evenodd"
                  d="M17.4969298,9.4969297 L17.4960469,19.1129297 L20.7869064,15.797325 L22.2069531,17.2056813 L17.2526515,22.2011078 C16.8937661,22.5629722 16.3268563,22.5931492 15.9333017,22.289983 L15.8387453,22.2072458 L10.7930469,17.2072458 L12.2008126,15.7866136 L15.4960469,19.0519297 L15.4969298,9.4969297 L17.4969298,9.4969297 Z"
                  transform="rotate(-90 16.5 15.997)"
                />
              </svg>
              go back to siasky.net
            </a>
          </div>
          <div className="my-auto text-center w-3/4 lg:w-2/5">
            <svg role="img" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg" className="animate-wiggle">
              <title>Skynet</title>
              <path d="m-.0004 6.4602 21.3893 11.297c.561.2935.6633 1.0532.1999 1.4846h-.011a10.0399 10.0399 0 0 1-2.2335 1.5307c-6.912 3.4734-14.9917-1.838-14.5438-9.5605l2.8601 1.9752c.856 4.508 5.6187 7.1094 9.8742 5.3932zm8.6477 3.1509 14.3661 5.6785a.8704.8704 0 0 1 .5197 1.0466v.0182c-.1537.5377-.7668.7938-1.2575.5252zm5.2896-7.4375c2.7093-.2325 6.0946.7869 8.1116 3.3871 1.699 2.1951 2.0497 4.8772 1.9298 7.6465v-.007c-.0478.5874-.6494.9616-1.1975.745l-9.7652-3.8596 9.0656 2.4313a7.296 7.296 0 0 0-1.0677-4.5631c-2.9683-4.7678-9.9847-4.5344-12.6297.4201a7.5048 7.5048 0 0 0-.398.8831L5.5546 7.9614c.069-.1017.1417-.198.2144-.2962.1163-.2416.2417-.487.3798-.7268 1.6118-2.7911 4.3102-4.4338 7.1558-4.6973.2108-.0182.4215-.049.6323-.0672z" />
            </svg>
          </div>
        </section>
      </div>
    </div>
  );
 }
--- a/packages/dashboard/styles/globals.css
+++ b/packages/dashboard/styles/globals.css
@ -1,3 +1,9 @@
@tailwind base;
@tailwind components;
@tailwind utilities;
 .maintenance-gradient {
  background: #00c65e; /* fallback for old browsers */
  background: -webkit-linear-gradient(to right, #33d17e, #00c65e); /* Chrome 10-25, Safari 5.1-6 */
  background: linear-gradient(to right, #33d17e, #00c65e);
 }
--- a/packages/dashboard/tailwind.config.js
+++ b/packages/dashboard/tailwind.config.js
@ -16,8 +16,7 @@ const colors = {
 };
 module.exports = {
-  purge: ["./src/**/*.{js,jsx,ts,tsx}"],
+  content: ["./src/**/*.{js,jsx,ts,tsx}"],
  darkMode: false, // or 'media' or 'class'
  theme: {
    screens: {
      sm: "640px",
@ -40,15 +39,15 @@ module.exports = {
      },
      backgroundColor: ["disabled"],
      textColor: ["disabled"],
-    },
+      keyframes: {
-  },
+        wiggle: {
-  variants: {
+          "0%, 100%": { transform: "rotate(-3deg)" },
-    extend: {
+          "50%": { transform: "rotate(3deg)" },
-      animation: ["hover"],
+        },
-      rotate: ["hover"],
+      },
-      backgroundColor: ["disabled"],
+      animation: {
-      textColor: ["disabled"],
+        wiggle: "wiggle 3s ease-in-out infinite",
-      margin: ["first"],
+      },
    },
  },
  plugins: [
--- a/packages/dashboard/yarn.lock
+++ b/packages/dashboard/yarn.lock
--- a/packages/dnslink-api/Dockerfile
+++ b/packages/dnslink-api/Dockerfile
@ -1,4 +1,4 @@
-FROM node:16.13.0-alpine
+FROM node:16.13.1-alpine
 WORKDIR /usr/app
--- a/packages/dnslink-api/package.json
+++ b/packages/dnslink-api/package.json
@ -4,10 +4,10 @@
  "main": "index.js",
  "license": "SEE LICENSE IN LICENSE.md",
  "dependencies": {
-    "express": "^4.17.1",
+    "express": "^4.17.2",
-    "is-valid-domain": "^0.1.4"
+    "is-valid-domain": "^0.1.5"
  },
  "devDependencies": {
-    "prettier": "^2.4.1"
+    "prettier": "^2.5.1"
  }
 }
--- a/packages/dnslink-api/yarn.lock
+++ b/packages/dnslink-api/yarn.lock
@ -15,33 +15,33 @@ array-flatten@1.1.1:
  resolved "https://registry.yarnpkg.com/array-flatten/-/array-flatten-1.1.1.tgz#9a5f699051b1e7073328f2a008968b64ea2955d2"
  integrity sha1-ml9pkFGx5wczKPKgCJaLZOopVdI=
-body-parser@1.19.0:
+body-parser@1.19.1:
-  version "1.19.0"
+  version "1.19.1"
-  resolved "https://registry.yarnpkg.com/body-parser/-/body-parser-1.19.0.tgz#96b2709e57c9c4e09a6fd66a8fd979844f69f08a"
+  resolved "https://registry.yarnpkg.com/body-parser/-/body-parser-1.19.1.tgz#1499abbaa9274af3ecc9f6f10396c995943e31d4"
-  integrity sha512-dhEPs72UPbDnAQJ9ZKMNTP6ptJaionhP5cBb541nXPlW60Jepo9RV/a4fX4XWW9CuFNK22krhrj1+rgzifNCsw==
+  integrity sha512-8ljfQi5eBk8EJfECMrgqNGWPEY5jWP+1IzkzkGdFFEwFQZZyaZ21UqdaHktgiMlH0xLHqIFtE/u2OYE5dOtViA==
  dependencies:
-    bytes "3.1.0"
+    bytes "3.1.1"
    content-type "~1.0.4"
    debug "2.6.9"
    depd "~1.1.2"
-    http-errors "1.7.2"
+    http-errors "1.8.1"
    iconv-lite "0.4.24"
    on-finished "~2.3.0"
-    qs "6.7.0"
+    qs "6.9.6"
-    raw-body "2.4.0"
+    raw-body "2.4.2"
-    type-is "~1.6.17"
+    type-is "~1.6.18"
-bytes@3.1.0:
+bytes@3.1.1:
-  version "3.1.0"
+  version "3.1.1"
-  resolved "https://registry.yarnpkg.com/bytes/-/bytes-3.1.0.tgz#f6cf7933a360e0588fa9fde85651cdc7f805d1f6"
+  resolved "https://registry.yarnpkg.com/bytes/-/bytes-3.1.1.tgz#3f018291cb4cbad9accb6e6970bca9c8889e879a"
-  integrity sha512-zauLjrfCG+xvoyaqLoV8bLVXXNGC4JqlxFCutSDWA6fJrTo2ZuvLYTqZ7aHBLZSMOopbzwv8f+wZcVzfVTI2Dg==
+  integrity sha512-dWe4nWO/ruEOY7HkUJ5gFt1DCFV9zPRoJr8pV0/ASQermOZjtq8jMjOprC0Kd10GLN+l7xaUPvxzJFWtxGu8Fg==
-content-disposition@0.5.3:
+content-disposition@0.5.4:
-  version "0.5.3"
+  version "0.5.4"
-  resolved "https://registry.yarnpkg.com/content-disposition/-/content-disposition-0.5.3.tgz#e130caf7e7279087c5616c2007d0485698984fbd"
+  resolved "https://registry.yarnpkg.com/content-disposition/-/content-disposition-0.5.4.tgz#8b82b4efac82512a02bb0b1dcec9d2c5e8eb5bfe"
-  integrity sha512-ExO0774ikEObIAEV9kDo50o+79VCUdEB6n6lzKgGwupcVeRlhrj3qGAfwq8G6uBJjkqLrhT0qEYFcWng8z1z0g==
+  integrity sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==
  dependencies:
-    safe-buffer "5.1.2"
+    safe-buffer "5.2.1"
 content-type@~1.0.4:
  version "1.0.4"
@ -53,10 +53,10 @@ cookie-signature@1.0.6:
  resolved "https://registry.yarnpkg.com/cookie-signature/-/cookie-signature-1.0.6.tgz#e303a882b342cc3ee8ca513a79999734dab3ae2c"
  integrity sha1-4wOogrNCzD7oylE6eZmXNNqzriw=
-cookie@0.4.0:
+cookie@0.4.1:
-  version "0.4.0"
+  version "0.4.1"
-  resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.4.0.tgz#beb437e7022b3b6d49019d088665303ebe9c14ba"
+  resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.4.1.tgz#afd713fe26ebd21ba95ceb61f9a8116e50a537d1"
-  integrity sha512-+Hp8fLp57wnUSt0tY0tHEXh4voZRDnoIrZPqlo3DPiI4y9lwg/jqx+1Om94/W6ZaPDOUbnjOt/99w66zk+l1Xg==
+  integrity sha512-ZwrFkGJxUR3EIoXtO+yVE69Eb7KlixbaeAWfBQB9vVsNn/o+Yw69gBWSSDK825hQNdN+wF8zELf3dFNl/kxkUA==
 debug@2.6.9:
  version "2.6.9"
@ -95,17 +95,17 @@ etag@~1.8.1:
  resolved "https://registry.yarnpkg.com/etag/-/etag-1.8.1.tgz#41ae2eeb65efa62268aebfea83ac7d79299b0887"
  integrity sha1-Qa4u62XvpiJorr/qg6x9eSmbCIc=
-express@^4.17.1:
+express@^4.17.2:
-  version "4.17.1"
+  version "4.17.2"
-  resolved "https://registry.yarnpkg.com/express/-/express-4.17.1.tgz#4491fc38605cf51f8629d39c2b5d026f98a4c134"
+  resolved "https://registry.yarnpkg.com/express/-/express-4.17.2.tgz#c18369f265297319beed4e5558753cc8c1364cb3"
-  integrity sha512-mHJ9O79RqluphRrcw2X/GTh3k9tVv8YcoyY4Kkh4WDMUYKRZUq0h1o0w2rrrxBqM7VoeUVqgb27xlEMXTnYt4g==
+  integrity sha512-oxlxJxcQlYwqPWKVJJtvQiwHgosH/LrLSPA+H4UxpyvSS6jC5aH+5MoHFM+KABgTOt0APue4w66Ha8jCUo9QGg==
  dependencies:
    accepts "~1.3.7"
    array-flatten "1.1.1"
-    body-parser "1.19.0"
+    body-parser "1.19.1"
-    content-disposition "0.5.3"
+    content-disposition "0.5.4"
    content-type "~1.0.4"
-    cookie "0.4.0"
+    cookie "0.4.1"
    cookie-signature "1.0.6"
    debug "2.6.9"
    depd "~1.1.2"
@ -119,13 +119,13 @@ express@^4.17.1:
    on-finished "~2.3.0"
    parseurl "~1.3.3"
    path-to-regexp "0.1.7"
-    proxy-addr "~2.0.5"
+    proxy-addr "~2.0.7"
-    qs "6.7.0"
+    qs "6.9.6"
    range-parser "~1.2.1"
-    safe-buffer "5.1.2"
+    safe-buffer "5.2.1"
-    send "0.17.1"
+    send "0.17.2"
-    serve-static "1.14.1"
+    serve-static "1.14.2"
-    setprototypeof "1.1.1"
+    setprototypeof "1.2.0"
    statuses "~1.5.0"
    type-is "~1.6.18"
    utils-merge "1.0.1"
@ -154,27 +154,16 @@ fresh@0.5.2:
  resolved "https://registry.yarnpkg.com/fresh/-/fresh-0.5.2.tgz#3d8cadd90d976569fa835ab1f8e4b23a105605a7"
  integrity sha1-PYyt2Q2XZWn6g1qx+OSyOhBWBac=
-http-errors@1.7.2:
+http-errors@1.8.1:
-  version "1.7.2"
+  version "1.8.1"
-  resolved "https://registry.yarnpkg.com/http-errors/-/http-errors-1.7.2.tgz#4f5029cf13239f31036e5b2e55292bcfbcc85c8f"
+  resolved "https://registry.yarnpkg.com/http-errors/-/http-errors-1.8.1.tgz#7c3f28577cbc8a207388455dbd62295ed07bd68c"
-  integrity sha512-uUQBt3H/cSIVfch6i1EuPNy/YsRSOUBXTVfZ+yR7Zjez3qjBz6i9+i4zjNaoqcoFVI4lQJ5plg63TvGfRSDCRg==
+  integrity sha512-Kpk9Sm7NmI+RHhnj6OIWDI1d6fIoFAtFt9RLaTMRlg/8w49juAStsrBgp0Dp4OdxdVbRIeKhtCUvoi/RuAhO4g==
  dependencies:
    depd "~1.1.2"
    inherits "2.0.3"
    setprototypeof "1.1.1"
    statuses ">= 1.5.0 < 2"
    toidentifier "1.0.0"
 http-errors@~1.7.2:
  version "1.7.3"
  resolved "https://registry.yarnpkg.com/http-errors/-/http-errors-1.7.3.tgz#6c619e4f9c60308c38519498c14fbb10aacebb06"
  integrity sha512-ZTTX0MWrsQ2ZAhA1cejAwDLycFsd7I7nVtnkT3Ol0aqodaKW+0CTZDQ1uBv5whptCnc8e8HeRRJxRs0kmm/Qfw==
  dependencies:
    depd "~1.1.2"
    inherits "2.0.4"
-    setprototypeof "1.1.1"
+    setprototypeof "1.2.0"
    statuses ">= 1.5.0 < 2"
-    toidentifier "1.0.0"
+    toidentifier "1.0.1"
 iconv-lite@0.4.24:
  version "0.4.24"
@ -183,11 +172,6 @@ iconv-lite@0.4.24:
  dependencies:
    safer-buffer ">= 2.1.2 < 3"
 inherits@2.0.3:
  version "2.0.3"
  resolved "https://registry.yarnpkg.com/inherits/-/inherits-2.0.3.tgz#633c2c83e3da42a502f52466022480f4208261de"
  integrity sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4=
 inherits@2.0.4:
  version "2.0.4"
  resolved "https://registry.yarnpkg.com/inherits/-/inherits-2.0.4.tgz#0fa2c64f932917c3433a0ded55363aae37416b7c"
@ -198,10 +182,10 @@ ipaddr.js@1.9.1:
  resolved "https://registry.yarnpkg.com/ipaddr.js/-/ipaddr.js-1.9.1.tgz#bff38543eeb8984825079ff3a2a8e6cbd46781b3"
  integrity sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==
-is-valid-domain@^0.1.4:
+is-valid-domain@^0.1.5:
-  version "0.1.4"
+  version "0.1.5"
-  resolved "https://registry.yarnpkg.com/is-valid-domain/-/is-valid-domain-0.1.4.tgz#5d5d811e1627cac9d39f504b645c57e76d946629"
+  resolved "https://registry.yarnpkg.com/is-valid-domain/-/is-valid-domain-0.1.5.tgz#38b00f8fb70778b650c71356915a184321d22609"
-  integrity sha512-Caa6rwGze6pihA29wy3T1yNXzd53caGHvL0OfJ8RLtv0tVVzVZGlxFcQ0W8kls/uG0QUrv2B3J9xi/YB5/cfUQ==
+  integrity sha512-ilzfGo1kXzoVpSLplJWOexoiuAc6mRK+vPlNAeEPVJ29RagETpCz0izg6CZfY72DCuA+PCrEAEJeaecRLMNq5Q==
  dependencies:
    punycode "^2.1.1"
@ -242,10 +226,10 @@ ms@2.0.0:
  resolved "https://registry.yarnpkg.com/ms/-/ms-2.0.0.tgz#5608aeadfc00be6c2901df5f9861788de0d597c8"
  integrity sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=
-ms@2.1.1:
+ms@2.1.3:
-  version "2.1.1"
+  version "2.1.3"
-  resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.1.tgz#30a5864eb3ebb0a66f2ebe6d727af06a09d86e0a"
+  resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.3.tgz#574c8138ce1d2b5861f0b44579dbadd60c6615b2"
-  integrity sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg==
+  integrity sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==
 negotiator@0.6.2:
  version "0.6.2"
@ -269,12 +253,12 @@ path-to-regexp@0.1.7:
  resolved "https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-0.1.7.tgz#df604178005f522f15eb4490e7247a1bfaa67f8c"
  integrity sha1-32BBeABfUi8V60SQ5yR6G/qmf4w=
-prettier@^2.4.1:
+prettier@^2.5.1:
-  version "2.4.1"
+  version "2.5.1"
-  resolved "https://registry.yarnpkg.com/prettier/-/prettier-2.4.1.tgz#671e11c89c14a4cfc876ce564106c4a6726c9f5c"
+  resolved "https://registry.yarnpkg.com/prettier/-/prettier-2.5.1.tgz#fff75fa9d519c54cf0fce328c1017d94546bc56a"
-  integrity sha512-9fbDAXSBcc6Bs1mZrDYb3XKzDLm4EXXL9sC1LqKP5rZkT6KRr/rf9amVUcODVXgguK/isJz0d0hP72WeaKWsvA==
+  integrity sha512-vBZcPRUR5MZJwoyi3ZoyQlc1rXeEck8KgeC9AwwOn+exuxLxq5toTRDTSaVrXHxelDMHy9zlicw8u66yxoSUFg==
-proxy-addr@~2.0.5:
+proxy-addr@~2.0.7:
  version "2.0.7"
  resolved "https://registry.yarnpkg.com/proxy-addr/-/proxy-addr-2.0.7.tgz#f19fe69ceab311eeb94b42e70e8c2070f9ba1025"
  integrity sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==
@ -287,40 +271,40 @@ punycode@^2.1.1:
  resolved "https://registry.yarnpkg.com/punycode/-/punycode-2.1.1.tgz#b58b010ac40c22c5657616c8d2c2c02c7bf479ec"
  integrity sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==
-qs@6.7.0:
+qs@6.9.6:
-  version "6.7.0"
+  version "6.9.6"
-  resolved "https://registry.yarnpkg.com/qs/-/qs-6.7.0.tgz#41dc1a015e3d581f1621776be31afb2876a9b1bc"
+  resolved "https://registry.yarnpkg.com/qs/-/qs-6.9.6.tgz#26ed3c8243a431b2924aca84cc90471f35d5a0ee"
-  integrity sha512-VCdBRNFTX1fyE7Nb6FYoURo/SPe62QCaAyzJvUjwRaIsc+NePBEniHlvxFmmX56+HZphIGtV0XeCirBtpDrTyQ==
+  integrity sha512-TIRk4aqYLNoJUbd+g2lEdz5kLWIuTMRagAXxl78Q0RiVjAOugHmeKNGdd3cwo/ktpf9aL9epCfFqWDEKysUlLQ==
 range-parser@~1.2.1:
  version "1.2.1"
  resolved "https://registry.yarnpkg.com/range-parser/-/range-parser-1.2.1.tgz#3cf37023d199e1c24d1a55b84800c2f3e6468031"
  integrity sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==
-raw-body@2.4.0:
+raw-body@2.4.2:
-  version "2.4.0"
+  version "2.4.2"
-  resolved "https://registry.yarnpkg.com/raw-body/-/raw-body-2.4.0.tgz#a1ce6fb9c9bc356ca52e89256ab59059e13d0332"
+  resolved "https://registry.yarnpkg.com/raw-body/-/raw-body-2.4.2.tgz#baf3e9c21eebced59dd6533ac872b71f7b61cb32"
-  integrity sha512-4Oz8DUIwdvoa5qMJelxipzi/iJIi40O5cGV1wNYp5hvZP8ZN0T+jiNkL0QepXs+EsQ9XJ8ipEDoiH70ySUJP3Q==
+  integrity sha512-RPMAFUJP19WIet/99ngh6Iv8fzAbqum4Li7AD6DtGaW2RpMB/11xDoalPiJMTbu6I3hkbMVkATvZrqb9EEqeeQ==
  dependencies:
-    bytes "3.1.0"
+    bytes "3.1.1"
-    http-errors "1.7.2"
+    http-errors "1.8.1"
    iconv-lite "0.4.24"
    unpipe "1.0.0"
-safe-buffer@5.1.2:
+safe-buffer@5.2.1:
-  version "5.1.2"
+  version "5.2.1"
-  resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.2.tgz#991ec69d296e0313747d59bdfd2b745c35f8828d"
+  resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.2.1.tgz#1eaf9fa9bdb1fdd4ec75f58f9cdb4e6b7827eec6"
-  integrity sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==
+  integrity sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==
 "safer-buffer@>= 2.1.2 < 3":
  version "2.1.2"
  resolved "https://registry.yarnpkg.com/safer-buffer/-/safer-buffer-2.1.2.tgz#44fa161b0187b9549dd84bb91802f9bd8385cd6a"
  integrity sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==
-send@0.17.1:
+send@0.17.2:
-  version "0.17.1"
+  version "0.17.2"
-  resolved "https://registry.yarnpkg.com/send/-/send-0.17.1.tgz#c1d8b059f7900f7466dd4938bdc44e11ddb376c8"
+  resolved "https://registry.yarnpkg.com/send/-/send-0.17.2.tgz#926622f76601c41808012c8bf1688fe3906f7820"
-  integrity sha512-BsVKsiGcQMFwT8UxypobUKyv7irCNRHk1T0G680vk88yf6LBByGcZJOTJCrTP2xVN6yI+XjPJcNuE3V4fT9sAg==
+  integrity sha512-UJYB6wFSJE3G00nEivR5rgWp8c2xXvJ3OPWPhmuteU0IKj8nKbG3DrjiOmLwpnHGYWAVwA69zmTm++YG0Hmwww==
  dependencies:
    debug "2.6.9"
    depd "~1.1.2"
@ -329,39 +313,39 @@ send@0.17.1:
    escape-html "~1.0.3"
    etag "~1.8.1"
    fresh "0.5.2"
-    http-errors "~1.7.2"
+    http-errors "1.8.1"
    mime "1.6.0"
-    ms "2.1.1"
+    ms "2.1.3"
    on-finished "~2.3.0"
    range-parser "~1.2.1"
    statuses "~1.5.0"
-serve-static@1.14.1:
+serve-static@1.14.2:
-  version "1.14.1"
+  version "1.14.2"
-  resolved "https://registry.yarnpkg.com/serve-static/-/serve-static-1.14.1.tgz#666e636dc4f010f7ef29970a88a674320898b2f9"
+  resolved "https://registry.yarnpkg.com/serve-static/-/serve-static-1.14.2.tgz#722d6294b1d62626d41b43a013ece4598d292bfa"
-  integrity sha512-JMrvUwE54emCYWlTI+hGrGv5I8dEwmco/00EvkzIIsR7MqrHonbD9pO2MOfFnpFntl7ecpZs+3mW+XbQZu9QCg==
+  integrity sha512-+TMNA9AFxUEGuC0z2mevogSnn9MXKb4fa7ngeRMJaaGv8vTwnIEkKi+QGvPt33HSnf8pRS+WGM0EbMtCJLKMBQ==
  dependencies:
    encodeurl "~1.0.2"
    escape-html "~1.0.3"
    parseurl "~1.3.3"
-    send "0.17.1"
+    send "0.17.2"
-setprototypeof@1.1.1:
+setprototypeof@1.2.0:
-  version "1.1.1"
+  version "1.2.0"
-  resolved "https://registry.yarnpkg.com/setprototypeof/-/setprototypeof-1.1.1.tgz#7e95acb24aa92f5885e0abef5ba131330d4ae683"
+  resolved "https://registry.yarnpkg.com/setprototypeof/-/setprototypeof-1.2.0.tgz#66c9a24a73f9fc28cbe66b09fed3d33dcaf1b424"
-  integrity sha512-JvdAWfbXeIGaZ9cILp38HntZSFSo3mWg6xGcJJsd+d4aRMOqauag1C63dJfDw7OaMYwEbHMOxEZ1lqVRYP2OAw==
+  integrity sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==
 "statuses@>= 1.5.0 < 2", statuses@~1.5.0:
  version "1.5.0"
  resolved "https://registry.yarnpkg.com/statuses/-/statuses-1.5.0.tgz#161c7dac177659fd9811f43771fa99381478628c"
  integrity sha1-Fhx9rBd2Wf2YEfQ3cfqZOBR4Yow=
-toidentifier@1.0.0:
+toidentifier@1.0.1:
-  version "1.0.0"
+  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/toidentifier/-/toidentifier-1.0.0.tgz#7e1be3470f1e77948bc43d94a3c8f4d7752ba553"
+  resolved "https://registry.yarnpkg.com/toidentifier/-/toidentifier-1.0.1.tgz#3be34321a88a820ed1bd80dfaa33e479fbb8dd35"
-  integrity sha512-yaOH/Pk/VEhBWWTlhI+qXxDFXlejDGcQipMlyxda9nthulaxLZUNcUqFxokp0vcYnvteJln5FNQDRrxj3YcbVw==
+  integrity sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==
-type-is@~1.6.17, type-is@~1.6.18:
+type-is@~1.6.18:
  version "1.6.18"
  resolved "https://registry.yarnpkg.com/type-is/-/type-is-1.6.18.tgz#4e552cd05df09467dcbc4ef739de89f2cf37c131"
  integrity sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==
--- a/packages/handshake-api/Dockerfile
+++ b/packages/handshake-api/Dockerfile
@ -1,4 +1,4 @@
-FROM node:16.13.0-alpine
+FROM node:16.13.1-alpine
 WORKDIR /usr/app
--- a/packages/handshake-api/package.json
+++ b/packages/handshake-api/package.json
@ -10,6 +10,6 @@
    "punycode": "^2.1.1"
  },
  "devDependencies": {
-    "prettier": "^2.4.1"
+    "prettier": "^2.5.1"
  }
 }
--- a/packages/handshake-api/yarn.lock
+++ b/packages/handshake-api/yarn.lock
@ -318,10 +318,10 @@ path-to-regexp@0.1.7:
  resolved "https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-0.1.7.tgz#df604178005f522f15eb4490e7247a1bfaa67f8c"
  integrity sha1-32BBeABfUi8V60SQ5yR6G/qmf4w=
-prettier@^2.4.1:
+prettier@^2.5.1:
-  version "2.4.1"
+  version "2.5.1"
-  resolved "https://registry.yarnpkg.com/prettier/-/prettier-2.4.1.tgz#671e11c89c14a4cfc876ce564106c4a6726c9f5c"
+  resolved "https://registry.yarnpkg.com/prettier/-/prettier-2.5.1.tgz#fff75fa9d519c54cf0fce328c1017d94546bc56a"
-  integrity sha512-9fbDAXSBcc6Bs1mZrDYb3XKzDLm4EXXL9sC1LqKP5rZkT6KRr/rf9amVUcODVXgguK/isJz0d0hP72WeaKWsvA==
+  integrity sha512-vBZcPRUR5MZJwoyi3ZoyQlc1rXeEck8KgeC9AwwOn+exuxLxq5toTRDTSaVrXHxelDMHy9zlicw8u66yxoSUFg==
 proxy-addr@~2.0.5:
  version "2.0.7"
--- a/packages/health-check/Dockerfile
+++ b/packages/health-check/Dockerfile
@ -1,4 +1,4 @@
-FROM node:16.13.0-alpine
+FROM node:16.13.1-alpine
 RUN apk update && apk add dnsmasq
--- a/packages/health-check/package.json
+++ b/packages/health-check/package.json
@ -5,7 +5,7 @@
  "license": "MIT",
  "dependencies": {
    "deep-object-diff": "^1.1.0",
-    "express": "^4.17.1",
+    "express": "^4.17.2",
    "form-data": "^4.0.0",
    "got": "^11.8.2",
    "graceful-fs": "^4.2.8",
@ -15,9 +15,9 @@
    "lowdb": "^1.0.0",
    "skynet-js": "^4.0.19-beta",
    "write-file-atomic": "^3.0.3",
-    "yargs": "^17.2.1"
+    "yargs": "^17.3.0"
  },
  "devDependencies": {
-    "prettier": "^2.4.1"
+    "prettier": "^2.5.1"
  }
 }
--- a/packages/health-check/yarn.lock
+++ b/packages/health-check/yarn.lock
@ -107,21 +107,21 @@ blakejs@^1.1.0:
  resolved "https://registry.yarnpkg.com/blakejs/-/blakejs-1.1.1.tgz#bf313053978b2cd4c444a48795710be05c785702"
  integrity sha512-bLG6PHOCZJKNshTjGRBvET0vTciwQE6zFKOKKXPDJfwFBd4Ac0yBfPZqcGvGJap50l7ktvlpFqc2jGVaUgbJgg==
-body-parser@1.19.0:
+body-parser@1.19.1:
-  version "1.19.0"
+  version "1.19.1"
-  resolved "https://registry.yarnpkg.com/body-parser/-/body-parser-1.19.0.tgz#96b2709e57c9c4e09a6fd66a8fd979844f69f08a"
+  resolved "https://registry.yarnpkg.com/body-parser/-/body-parser-1.19.1.tgz#1499abbaa9274af3ecc9f6f10396c995943e31d4"
-  integrity sha512-dhEPs72UPbDnAQJ9ZKMNTP6ptJaionhP5cBb541nXPlW60Jepo9RV/a4fX4XWW9CuFNK22krhrj1+rgzifNCsw==
+  integrity sha512-8ljfQi5eBk8EJfECMrgqNGWPEY5jWP+1IzkzkGdFFEwFQZZyaZ21UqdaHktgiMlH0xLHqIFtE/u2OYE5dOtViA==
  dependencies:
-    bytes "3.1.0"
+    bytes "3.1.1"
    content-type "~1.0.4"
    debug "2.6.9"
    depd "~1.1.2"
-    http-errors "1.7.2"
+    http-errors "1.8.1"
    iconv-lite "0.4.24"
    on-finished "~2.3.0"
-    qs "6.7.0"
+    qs "6.9.6"
-    raw-body "2.4.0"
+    raw-body "2.4.2"
-    type-is "~1.6.17"
+    type-is "~1.6.18"
 buffer-from@^0.1.1:
  version "0.1.2"
@ -136,10 +136,10 @@ buffer@^6.0.1:
    base64-js "^1.3.1"
    ieee754 "^1.2.1"
-bytes@3.1.0:
+bytes@3.1.1:
-  version "3.1.0"
+  version "3.1.1"
-  resolved "https://registry.yarnpkg.com/bytes/-/bytes-3.1.0.tgz#f6cf7933a360e0588fa9fde85651cdc7f805d1f6"
+  resolved "https://registry.yarnpkg.com/bytes/-/bytes-3.1.1.tgz#3f018291cb4cbad9accb6e6970bca9c8889e879a"
-  integrity sha512-zauLjrfCG+xvoyaqLoV8bLVXXNGC4JqlxFCutSDWA6fJrTo2ZuvLYTqZ7aHBLZSMOopbzwv8f+wZcVzfVTI2Dg==
+  integrity sha512-dWe4nWO/ruEOY7HkUJ5gFt1DCFV9zPRoJr8pV0/ASQermOZjtq8jMjOprC0Kd10GLN+l7xaUPvxzJFWtxGu8Fg==
 cacheable-lookup@^5.0.3:
  version "5.0.4"
@ -202,12 +202,12 @@ combined-stream@^1.0.8:
  dependencies:
    delayed-stream "~1.0.0"
-content-disposition@0.5.3:
+content-disposition@0.5.4:
-  version "0.5.3"
+  version "0.5.4"
-  resolved "https://registry.yarnpkg.com/content-disposition/-/content-disposition-0.5.3.tgz#e130caf7e7279087c5616c2007d0485698984fbd"
+  resolved "https://registry.yarnpkg.com/content-disposition/-/content-disposition-0.5.4.tgz#8b82b4efac82512a02bb0b1dcec9d2c5e8eb5bfe"
-  integrity sha512-ExO0774ikEObIAEV9kDo50o+79VCUdEB6n6lzKgGwupcVeRlhrj3qGAfwq8G6uBJjkqLrhT0qEYFcWng8z1z0g==
+  integrity sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==
  dependencies:
-    safe-buffer "5.1.2"
+    safe-buffer "5.2.1"
 content-type@~1.0.4:
  version "1.0.4"
@ -219,10 +219,10 @@ cookie-signature@1.0.6:
  resolved "https://registry.yarnpkg.com/cookie-signature/-/cookie-signature-1.0.6.tgz#e303a882b342cc3ee8ca513a79999734dab3ae2c"
  integrity sha1-4wOogrNCzD7oylE6eZmXNNqzriw=
-cookie@0.4.0:
+cookie@0.4.1:
-  version "0.4.0"
+  version "0.4.1"
-  resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.4.0.tgz#beb437e7022b3b6d49019d088665303ebe9c14ba"
+  resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.4.1.tgz#afd713fe26ebd21ba95ceb61f9a8116e50a537d1"
-  integrity sha512-+Hp8fLp57wnUSt0tY0tHEXh4voZRDnoIrZPqlo3DPiI4y9lwg/jqx+1Om94/W6ZaPDOUbnjOt/99w66zk+l1Xg==
+  integrity sha512-ZwrFkGJxUR3EIoXtO+yVE69Eb7KlixbaeAWfBQB9vVsNn/o+Yw69gBWSSDK825hQNdN+wF8zELf3dFNl/kxkUA==
 custom-error-instance@2.1.1:
  version "2.1.1"
@ -305,17 +305,17 @@ etag@~1.8.1:
  resolved "https://registry.yarnpkg.com/etag/-/etag-1.8.1.tgz#41ae2eeb65efa62268aebfea83ac7d79299b0887"
  integrity sha1-Qa4u62XvpiJorr/qg6x9eSmbCIc=
-express@^4.17.1:
+express@^4.17.2:
-  version "4.17.1"
+  version "4.17.2"
-  resolved "https://registry.yarnpkg.com/express/-/express-4.17.1.tgz#4491fc38605cf51f8629d39c2b5d026f98a4c134"
+  resolved "https://registry.yarnpkg.com/express/-/express-4.17.2.tgz#c18369f265297319beed4e5558753cc8c1364cb3"
-  integrity sha512-mHJ9O79RqluphRrcw2X/GTh3k9tVv8YcoyY4Kkh4WDMUYKRZUq0h1o0w2rrrxBqM7VoeUVqgb27xlEMXTnYt4g==
+  integrity sha512-oxlxJxcQlYwqPWKVJJtvQiwHgosH/LrLSPA+H4UxpyvSS6jC5aH+5MoHFM+KABgTOt0APue4w66Ha8jCUo9QGg==
  dependencies:
    accepts "~1.3.7"
    array-flatten "1.1.1"
-    body-parser "1.19.0"
+    body-parser "1.19.1"
-    content-disposition "0.5.3"
+    content-disposition "0.5.4"
    content-type "~1.0.4"
-    cookie "0.4.0"
+    cookie "0.4.1"
    cookie-signature "1.0.6"
    debug "2.6.9"
    depd "~1.1.2"
@ -329,13 +329,13 @@ express@^4.17.1:
    on-finished "~2.3.0"
    parseurl "~1.3.3"
    path-to-regexp "0.1.7"
-    proxy-addr "~2.0.5"
+    proxy-addr "~2.0.7"
-    qs "6.7.0"
+    qs "6.9.6"
    range-parser "~1.2.1"
-    safe-buffer "5.1.2"
+    safe-buffer "5.2.1"
-    send "0.17.1"
+    send "0.17.2"
-    serve-static "1.14.1"
+    serve-static "1.14.2"
-    setprototypeof "1.1.1"
+    setprototypeof "1.2.0"
    statuses "~1.5.0"
    type-is "~1.6.18"
    utils-merge "1.0.1"
@ -425,27 +425,16 @@ http-cache-semantics@^4.0.0:
  resolved "https://registry.yarnpkg.com/http-cache-semantics/-/http-cache-semantics-4.1.0.tgz#49e91c5cbf36c9b94bcfcd71c23d5249ec74e390"
  integrity sha512-carPklcUh7ROWRK7Cv27RPtdhYhUsela/ue5/jKzjegVvXDqM2ILE9Q2BGn9JZJh1g87cp56su/FgQSzcWS8cQ==
-http-errors@1.7.2:
+http-errors@1.8.1:
-  version "1.7.2"
+  version "1.8.1"
-  resolved "https://registry.yarnpkg.com/http-errors/-/http-errors-1.7.2.tgz#4f5029cf13239f31036e5b2e55292bcfbcc85c8f"
+  resolved "https://registry.yarnpkg.com/http-errors/-/http-errors-1.8.1.tgz#7c3f28577cbc8a207388455dbd62295ed07bd68c"
-  integrity sha512-uUQBt3H/cSIVfch6i1EuPNy/YsRSOUBXTVfZ+yR7Zjez3qjBz6i9+i4zjNaoqcoFVI4lQJ5plg63TvGfRSDCRg==
+  integrity sha512-Kpk9Sm7NmI+RHhnj6OIWDI1d6fIoFAtFt9RLaTMRlg/8w49juAStsrBgp0Dp4OdxdVbRIeKhtCUvoi/RuAhO4g==
  dependencies:
    depd "~1.1.2"
    inherits "2.0.3"
    setprototypeof "1.1.1"
    statuses ">= 1.5.0 < 2"
    toidentifier "1.0.0"
 http-errors@~1.7.2:
  version "1.7.3"
  resolved "https://registry.yarnpkg.com/http-errors/-/http-errors-1.7.3.tgz#6c619e4f9c60308c38519498c14fbb10aacebb06"
  integrity sha512-ZTTX0MWrsQ2ZAhA1cejAwDLycFsd7I7nVtnkT3Ol0aqodaKW+0CTZDQ1uBv5whptCnc8e8HeRRJxRs0kmm/Qfw==
  dependencies:
    depd "~1.1.2"
    inherits "2.0.4"
-    setprototypeof "1.1.1"
+    setprototypeof "1.2.0"
    statuses ">= 1.5.0 < 2"
-    toidentifier "1.0.0"
+    toidentifier "1.0.1"
 http-status-codes@^2.1.2:
  version "2.1.4"
@ -477,11 +466,6 @@ imurmurhash@^0.1.4:
  resolved "https://registry.yarnpkg.com/imurmurhash/-/imurmurhash-0.1.4.tgz#9218b9b2b928a238b13dc4fb6b6d576f231453ea"
  integrity sha1-khi5srkoojixPcT7a21XbyMUU+o=
 inherits@2.0.3:
  version "2.0.3"
  resolved "https://registry.yarnpkg.com/inherits/-/inherits-2.0.3.tgz#633c2c83e3da42a502f52466022480f4208261de"
  integrity sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4=
 inherits@2.0.4:
  version "2.0.4"
  resolved "https://registry.yarnpkg.com/inherits/-/inherits-2.0.4.tgz#0fa2c64f932917c3433a0ded55363aae37416b7c"
@ -652,10 +636,10 @@ ms@2.0.0:
  resolved "https://registry.yarnpkg.com/ms/-/ms-2.0.0.tgz#5608aeadfc00be6c2901df5f9861788de0d597c8"
  integrity sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=
-ms@2.1.1:
+ms@2.1.3:
-  version "2.1.1"
+  version "2.1.3"
-  resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.1.tgz#30a5864eb3ebb0a66f2ebe6d727af06a09d86e0a"
+  resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.3.tgz#574c8138ce1d2b5861f0b44579dbadd60c6615b2"
-  integrity sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg==
+  integrity sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==
 negotiator@0.6.2:
  version "0.6.2"
@ -711,10 +695,10 @@ post-me@^0.4.5:
  resolved "https://registry.yarnpkg.com/post-me/-/post-me-0.4.5.tgz#6171b721c7b86230c51cfbe48ddea047ef8831ce"
  integrity sha512-XgPdktF/2M5jglgVDULr9NUb/QNv3bY3g6RG22iTb5MIMtB07/5FJB5fbVmu5Eaopowc6uZx7K3e7x1shPwnXw==
-prettier@^2.4.1:
+prettier@^2.5.1:
-  version "2.4.1"
+  version "2.5.1"
-  resolved "https://registry.yarnpkg.com/prettier/-/prettier-2.4.1.tgz#671e11c89c14a4cfc876ce564106c4a6726c9f5c"
+  resolved "https://registry.yarnpkg.com/prettier/-/prettier-2.5.1.tgz#fff75fa9d519c54cf0fce328c1017d94546bc56a"
-  integrity sha512-9fbDAXSBcc6Bs1mZrDYb3XKzDLm4EXXL9sC1LqKP5rZkT6KRr/rf9amVUcODVXgguK/isJz0d0hP72WeaKWsvA==
+  integrity sha512-vBZcPRUR5MZJwoyi3ZoyQlc1rXeEck8KgeC9AwwOn+exuxLxq5toTRDTSaVrXHxelDMHy9zlicw8u66yxoSUFg==
 proper-lockfile@^2.0.1:
  version "2.0.1"
@ -724,7 +708,7 @@ proper-lockfile@^2.0.1:
    graceful-fs "^4.1.2"
    retry "^0.10.0"
-proxy-addr@~2.0.5:
+proxy-addr@~2.0.7:
  version "2.0.7"
  resolved "https://registry.yarnpkg.com/proxy-addr/-/proxy-addr-2.0.7.tgz#f19fe69ceab311eeb94b42e70e8c2070f9ba1025"
  integrity sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==
@ -740,10 +724,10 @@ pump@^3.0.0:
    end-of-stream "^1.1.0"
    once "^1.3.1"
-qs@6.7.0:
+qs@6.9.6:
-  version "6.7.0"
+  version "6.9.6"
-  resolved "https://registry.yarnpkg.com/qs/-/qs-6.7.0.tgz#41dc1a015e3d581f1621776be31afb2876a9b1bc"
+  resolved "https://registry.yarnpkg.com/qs/-/qs-6.9.6.tgz#26ed3c8243a431b2924aca84cc90471f35d5a0ee"
-  integrity sha512-VCdBRNFTX1fyE7Nb6FYoURo/SPe62QCaAyzJvUjwRaIsc+NePBEniHlvxFmmX56+HZphIGtV0XeCirBtpDrTyQ==
+  integrity sha512-TIRk4aqYLNoJUbd+g2lEdz5kLWIuTMRagAXxl78Q0RiVjAOugHmeKNGdd3cwo/ktpf9aL9epCfFqWDEKysUlLQ==
 querystringify@^2.1.1:
  version "2.2.0"
@ -767,13 +751,13 @@ range-parser@~1.2.1:
  resolved "https://registry.yarnpkg.com/range-parser/-/range-parser-1.2.1.tgz#3cf37023d199e1c24d1a55b84800c2f3e6468031"
  integrity sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==
-raw-body@2.4.0:
+raw-body@2.4.2:
-  version "2.4.0"
+  version "2.4.2"
-  resolved "https://registry.yarnpkg.com/raw-body/-/raw-body-2.4.0.tgz#a1ce6fb9c9bc356ca52e89256ab59059e13d0332"
+  resolved "https://registry.yarnpkg.com/raw-body/-/raw-body-2.4.2.tgz#baf3e9c21eebced59dd6533ac872b71f7b61cb32"
-  integrity sha512-4Oz8DUIwdvoa5qMJelxipzi/iJIi40O5cGV1wNYp5hvZP8ZN0T+jiNkL0QepXs+EsQ9XJ8ipEDoiH70ySUJP3Q==
+  integrity sha512-RPMAFUJP19WIet/99ngh6Iv8fzAbqum4Li7AD6DtGaW2RpMB/11xDoalPiJMTbu6I3hkbMVkATvZrqb9EEqeeQ==
  dependencies:
-    bytes "3.1.0"
+    bytes "3.1.1"
-    http-errors "1.7.2"
+    http-errors "1.8.1"
    iconv-lite "0.4.24"
    unpipe "1.0.0"
@ -804,12 +788,7 @@ retry@^0.10.0:
  resolved "https://registry.yarnpkg.com/retry/-/retry-0.10.1.tgz#e76388d217992c252750241d3d3956fed98d8ff4"
  integrity sha1-52OI0heZLCUnUCQdPTlW/tmNj/Q=
-safe-buffer@5.1.2:
+safe-buffer@5.2.1, safe-buffer@^5.1.0:
  version "5.1.2"
  resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.2.tgz#991ec69d296e0313747d59bdfd2b745c35f8828d"
  integrity sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==
 safe-buffer@^5.1.0:
  version "5.2.1"
  resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.2.1.tgz#1eaf9fa9bdb1fdd4ec75f58f9cdb4e6b7827eec6"
  integrity sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==
@ -819,10 +798,10 @@ safe-buffer@^5.1.0:
  resolved "https://registry.yarnpkg.com/safer-buffer/-/safer-buffer-2.1.2.tgz#44fa161b0187b9549dd84bb91802f9bd8385cd6a"
  integrity sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==
-send@0.17.1:
+send@0.17.2:
-  version "0.17.1"
+  version "0.17.2"
-  resolved "https://registry.yarnpkg.com/send/-/send-0.17.1.tgz#c1d8b059f7900f7466dd4938bdc44e11ddb376c8"
+  resolved "https://registry.yarnpkg.com/send/-/send-0.17.2.tgz#926622f76601c41808012c8bf1688fe3906f7820"
-  integrity sha512-BsVKsiGcQMFwT8UxypobUKyv7irCNRHk1T0G680vk88yf6LBByGcZJOTJCrTP2xVN6yI+XjPJcNuE3V4fT9sAg==
+  integrity sha512-UJYB6wFSJE3G00nEivR5rgWp8c2xXvJ3OPWPhmuteU0IKj8nKbG3DrjiOmLwpnHGYWAVwA69zmTm++YG0Hmwww==
  dependencies:
    debug "2.6.9"
    depd "~1.1.2"
@ -831,27 +810,27 @@ send@0.17.1:
    escape-html "~1.0.3"
    etag "~1.8.1"
    fresh "0.5.2"
-    http-errors "~1.7.2"
+    http-errors "1.8.1"
    mime "1.6.0"
-    ms "2.1.1"
+    ms "2.1.3"
    on-finished "~2.3.0"
    range-parser "~1.2.1"
    statuses "~1.5.0"
-serve-static@1.14.1:
+serve-static@1.14.2:
-  version "1.14.1"
+  version "1.14.2"
-  resolved "https://registry.yarnpkg.com/serve-static/-/serve-static-1.14.1.tgz#666e636dc4f010f7ef29970a88a674320898b2f9"
+  resolved "https://registry.yarnpkg.com/serve-static/-/serve-static-1.14.2.tgz#722d6294b1d62626d41b43a013ece4598d292bfa"
-  integrity sha512-JMrvUwE54emCYWlTI+hGrGv5I8dEwmco/00EvkzIIsR7MqrHonbD9pO2MOfFnpFntl7ecpZs+3mW+XbQZu9QCg==
+  integrity sha512-+TMNA9AFxUEGuC0z2mevogSnn9MXKb4fa7ngeRMJaaGv8vTwnIEkKi+QGvPt33HSnf8pRS+WGM0EbMtCJLKMBQ==
  dependencies:
    encodeurl "~1.0.2"
    escape-html "~1.0.3"
    parseurl "~1.3.3"
-    send "0.17.1"
+    send "0.17.2"
-setprototypeof@1.1.1:
+setprototypeof@1.2.0:
-  version "1.1.1"
+  version "1.2.0"
-  resolved "https://registry.yarnpkg.com/setprototypeof/-/setprototypeof-1.1.1.tgz#7e95acb24aa92f5885e0abef5ba131330d4ae683"
+  resolved "https://registry.yarnpkg.com/setprototypeof/-/setprototypeof-1.2.0.tgz#66c9a24a73f9fc28cbe66b09fed3d33dcaf1b424"
-  integrity sha512-JvdAWfbXeIGaZ9cILp38HntZSFSo3mWg6xGcJJsd+d4aRMOqauag1C63dJfDw7OaMYwEbHMOxEZ1lqVRYP2OAw==
+  integrity sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==
 signal-exit@^3.0.2:
  version "3.0.5"
@ -904,7 +883,7 @@ steno@^0.4.1:
  dependencies:
    graceful-fs "^4.1.3"
-string-width@^4.1.0, string-width@^4.2.0:
+string-width@^4.1.0, string-width@^4.2.0, string-width@^4.2.3:
  version "4.2.3"
  resolved "https://registry.yarnpkg.com/string-width/-/string-width-4.2.3.tgz#269c7117d27b05ad2e536830a8ec895ef9c6d010"
  integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==
@ -925,10 +904,10 @@ to-data-view@^1.1.0:
  resolved "https://registry.yarnpkg.com/to-data-view/-/to-data-view-1.1.0.tgz#08d6492b0b8deb9b29bdf1f61c23eadfa8994d00"
  integrity sha512-1eAdufMg6mwgmlojAx3QeMnzB/BTVp7Tbndi3U7ftcT2zCZadjxkkmLmd97zmaxWi+sgGcgWrokmpEoy0Dn0vQ==
-toidentifier@1.0.0:
+toidentifier@1.0.1:
-  version "1.0.0"
+  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/toidentifier/-/toidentifier-1.0.0.tgz#7e1be3470f1e77948bc43d94a3c8f4d7752ba553"
+  resolved "https://registry.yarnpkg.com/toidentifier/-/toidentifier-1.0.1.tgz#3be34321a88a820ed1bd80dfaa33e479fbb8dd35"
-  integrity sha512-yaOH/Pk/VEhBWWTlhI+qXxDFXlejDGcQipMlyxda9nthulaxLZUNcUqFxokp0vcYnvteJln5FNQDRrxj3YcbVw==
+  integrity sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==
 tus-js-client@^2.2.0:
  version "2.3.0"
@ -953,7 +932,7 @@ type-fest@^0.8.0:
  resolved "https://registry.yarnpkg.com/type-fest/-/type-fest-0.8.1.tgz#09e249ebde851d3b1e48d27c105444667f17b83d"
  integrity sha512-4dbzIzqvjtgiM5rw1k5rEHtBANKmdudhGyBEajN01fEyhaAIhsoKNy6y7+IN93IfpFtwY9iqi7kD+xwKhQsNJA==
-type-is@~1.6.17, type-is@~1.6.18:
+type-is@~1.6.18:
  version "1.6.18"
  resolved "https://registry.yarnpkg.com/type-is/-/type-is-1.6.18.tgz#4e552cd05df09467dcbc4ef739de89f2cf37c131"
  integrity sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==
@ -1025,20 +1004,20 @@ y18n@^5.0.5:
  resolved "https://registry.yarnpkg.com/y18n/-/y18n-5.0.8.tgz#7f4934d0f7ca8c56f95314939ddcd2dd91ce1d55"
  integrity sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==
-yargs-parser@^20.2.2:
+yargs-parser@^21.0.0:
-  version "20.2.9"
+  version "21.0.0"
-  resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-20.2.9.tgz#2eb7dc3b0289718fc295f362753845c41a0c94ee"
+  resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-21.0.0.tgz#a485d3966be4317426dd56bdb6a30131b281dc55"
-  integrity sha512-y11nGElTIV+CT3Zv9t7VKl+Q3hTQoT9a1Qzezhhl6Rp21gJ/IVTW7Z3y9EWXhuUBC2Shnf+DX0antecpAwSP8w==
+  integrity sha512-z9kApYUOCwoeZ78rfRYYWdiU/iNL6mwwYlkkZfJoyMR1xps+NEBX5X7XmRpxkZHhXJ6+Ey00IwKxBBSW9FIjyA==
-yargs@^17.2.1:
+yargs@^17.3.0:
-  version "17.2.1"
+  version "17.3.0"
-  resolved "https://registry.yarnpkg.com/yargs/-/yargs-17.2.1.tgz#e2c95b9796a0e1f7f3bf4427863b42e0418191ea"
+  resolved "https://registry.yarnpkg.com/yargs/-/yargs-17.3.0.tgz#295c4ffd0eef148ef3e48f7a2e0f58d0e4f26b1c"
-  integrity sha512-XfR8du6ua4K6uLGm5S6fA+FIJom/MdJcFNVY8geLlp2v8GYbOXD4EB1tPNZsRn4vBzKGMgb5DRZMeWuFc2GO8Q==
+  integrity sha512-GQl1pWyDoGptFPJx9b9L6kmR33TGusZvXIZUT+BOz9f7X2L94oeAskFYLEg/FkhV06zZPBYLvLZRWeYId29lew==
  dependencies:
    cliui "^7.0.2"
    escalade "^3.1.1"
    get-caller-file "^2.0.5"
    require-directory "^2.1.1"
-    string-width "^4.2.0"
+    string-width "^4.2.3"
    y18n "^5.0.5"
-    yargs-parser "^20.2.2"
+    yargs-parser "^21.0.0"
--- a/packages/website/Dockerfile
+++ b/packages/website/Dockerfile
@ -1,4 +1,4 @@
-FROM node:16.13.0-alpine
+FROM node:16.13.1-alpine
 RUN apk update && apk add autoconf automake build-base libtool nasm pkgconfig
--- a/packages/website/data/news/1inch-integrates-with-homescreen/index.md
+++ b/packages/website/data/news/1inch-integrates-with-homescreen/index.md
@ -0,0 +1,10 @@
 ---
 title: "1inch Integrates with Skynet's Homescreen"
 date: "2021-12-14"
 description: 1inch leads DeFi industry's efforts in decentralizing front-ends
 thumbnail: ./thumbnail.png
 categories: ["blog"]
 author: Daniel Helm
 avatar: ../../team/daniel-helm.png
 external: https://blog.sia.tech/1inch-integrates-with-homescreen-8146f7971aad
 ---
--- a/packages/website/data/news/1inch-integrates-with-homescreen/thumbnail.png
+++ b/packages/website/data/news/1inch-integrates-with-homescreen/thumbnail.png
--- a/packages/website/package.json
+++ b/packages/website/package.json
@ -5,70 +5,70 @@
  "version": "0.1.0",
  "author": "Skynet Labs.",
  "dependencies": {
-    "@fontsource/sora": "^4.5.0",
+    "@fontsource/sora": "4.5.0",
-    "@fontsource/source-sans-pro": "^4.5.0",
+    "@fontsource/source-sans-pro": "4.5.1",
-    "@svgr/webpack": "^5.5.0",
+    "@svgr/webpack": "6.1.2",
-    "@tailwindcss/typography": "^0.4.1",
+    "bytes": "3.1.1",
-    "autoprefixer": "^10.4.0",
+    "classnames": "2.3.1",
-    "bytes": "^3.1.0",
+    "copy-text-to-clipboard": "3.0.1",
-    "classnames": "^2.3.1",
+    "crypto-browserify": "3.12.0",
-    "copy-text-to-clipboard": "^3.0.1",
+    "framer-motion": "5.5.3",
-    "crypto-browserify": "^3.12.0",
+    "gatsby": "4.4.0",
-    "framer-motion": "^5.2.1",
+    "gatsby-background-image": "1.5.3",
-    "gatsby": "^3.14.5",
+    "gatsby-image": "3.11.0",
-    "gatsby-background-image": "^1.5.3",
+    "gatsby-plugin-image": "2.4.0",
-    "gatsby-image": "^3.11.0",
+    "gatsby-plugin-manifest": "4.4.0",
-    "gatsby-plugin-image": "^1.14.1",
+    "gatsby-plugin-matomo": "0.11.0",
-    "gatsby-plugin-manifest": "^3.14.0",
+    "gatsby-plugin-offline": "5.4.0",
-    "gatsby-plugin-matomo": "^0.10.0",
+    "gatsby-plugin-postcss": "5.4.0",
-    "gatsby-plugin-offline": "^4.14.0",
+    "gatsby-plugin-purgecss": "6.1.0",
-    "gatsby-plugin-postcss": "^4.14.0",
+    "gatsby-plugin-react-helmet": "5.4.0",
-    "gatsby-plugin-purgecss": "^6.1.0",
+    "gatsby-plugin-robots-txt": "1.6.14",
-    "gatsby-plugin-react-helmet": "^4.14.0",
+    "gatsby-plugin-sharp": "4.4.0",
-    "gatsby-plugin-robots-txt": "^1.6.14",
+    "gatsby-plugin-svgr": "3.0.0-beta.0",
-    "gatsby-plugin-sharp": "^4.1.0",
+    "gatsby-remark-classes": "1.0.2",
-    "gatsby-plugin-svgr": "^3.0.0-beta.0",
+    "gatsby-remark-copy-linked-files": "5.4.0",
-    "gatsby-remark-classes": "^1.0.2",
+    "gatsby-remark-images": "6.4.0",
-    "gatsby-remark-copy-linked-files": "^4.11.0",
+    "gatsby-remark-prismjs": "6.4.0",
-    "gatsby-remark-images": "^5.11.0",
+    "gatsby-remark-responsive-iframe": "5.4.0",
-    "gatsby-remark-prismjs": "^5.11.0",
+    "gatsby-remark-smartypants": "5.4.0",
-    "gatsby-remark-responsive-iframe": "^4.11.0",
+    "gatsby-source-filesystem": "4.4.0",
-    "gatsby-remark-smartypants": "^4.11.0",
+    "gatsby-transformer-json": "4.4.0",
-    "gatsby-source-filesystem": "^3.14.0",
+    "gatsby-transformer-remark": "5.4.0",
-    "gatsby-transformer-json": "^3.14.0",
+    "gatsby-transformer-sharp": "4.4.0",
-    "gatsby-transformer-remark": "^4.11.0",
+    "gatsby-transformer-yaml": "4.4.0",
-    "gatsby-transformer-sharp": "^3.14.0",
+    "gbimage-bridge": "0.1.4",
-    "gatsby-transformer-yaml": "^3.14.0",
+    "http-status-codes": "2.1.4",
-    "gbimage-bridge": "^0.1.4",
+    "jsonp": "0.2.1",
-    "http-status-codes": "^2.1.4",
+    "ms": "2.1.3",
-    "jsonp": "^0.2.1",
+    "nanoid": "3.1.30",
-    "ms": "^2.1.2",
+    "normalize.css": "8.0.1",
-    "nanoid": "^3.1.30",
+    "path-browserify": "1.0.1",
-    "normalize.css": "^8.0.1",
+    "polished": "4.1.3",
-    "path-browserify": "^1.0.1",
+    "popmotion": "11.0.3",
-    "polished": "^4.1.3",
+    "postcss": "8.4.5",
-    "popmotion": "^11.0.0",
+    "preact-svg-loader": "0.2.1",
-    "postcss": "^8.3.11",
+    "prop-types": "15.7.2",
-    "preact-svg-loader": "^0.2.1",
+    "react": "17.0.2",
-    "prop-types": "^15.7.2",
+    "react-dom": "17.0.2",
-    "react": "^17.0.2",
+    "react-dropzone": "11.4.2",
-    "react-dom": "^17.0.2",
+    "react-helmet": "6.1.0",
-    "react-dropzone": "^11.4.2",
+    "react-share": "4.4.0",
-    "react-helmet": "^6.1.0",
+    "react-svg-loader": "3.0.3",
-    "react-share": "^4.4.0",
+    "react-syntax-highlighter": "15.4.5",
-    "react-svg-loader": "^3.0.3",
+    "react-use": "17.3.1",
-    "react-syntax-highlighter": "^15.4.4",
+    "skynet-js": "4.0.19-beta",
-    "react-use": "^17.3.1",
+    "stream-browserify": "3.0.0",
-    "skynet-js": "^4.0.19-beta",
+    "swr": "1.1.1"
    "stream-browserify": "^3.0.0",
    "swr": "^1.0.1",
    "tailwindcss": "^2.2.19"
  },
  "devDependencies": {
-    "cross-env": "^7.0.3",
+    "@tailwindcss/typography": "0.5.0",
-    "cypress": "^8.7.0",
+    "autoprefixer": "10.4.0",
-    "cypress-file-upload": "^5.0.8",
+    "cross-env": "7.0.3",
-    "prettier": "^2.4.1"
+    "cypress": "9.1.1",
    "cypress-file-upload": "5.0.8",
    "prettier": "2.5.1",
    "tailwindcss": "3.0.5"
  },
  "keywords": [
    "gatsby"
--- a/packages/website/src/components/CommunitySection/CommunitySection.js
+++ b/packages/website/src/components/CommunitySection/CommunitySection.js
@ -12,7 +12,6 @@ import {
 } from "../../components/Icons";
 import useSubscribe from "./useSubscribe";
 import Link from "../Link";
 const social = [
  { name: "Discord", Icon: DiscordSmall, href: "https://discord.gg/skynetlabs" },
  { name: "Twitter", Icon: TwitterSmall, href: "https://twitter.com/SkynetLabs" },
@ -73,7 +72,7 @@ const CommunitySection = () => {
            />
            <button type="button" onClick={() => setExperienced(!experienced)}>
              <CheckActive
-                className={classnames("bg-palette-600 rounded-full h-6 w-6", { "opacity-20": !experienced })}
+                className={classnames("bg-palette-600 rounded-full h-8 w-8", { "opacity-20": !experienced })}
              />
            </button>
            <label htmlFor="newsletter-experience" className="text-xs font-content pl-2 leading-6 cursor-pointer">
--- a/packages/website/tailwind.config.js
+++ b/packages/website/tailwind.config.js
@ -16,8 +16,7 @@ const colors = {
 };
 module.exports = {
-  purge: ["./src/**/*.{js,jsx,ts,tsx}"],
+  content: ["./src/**/*.{js,jsx,ts,tsx}"],
  darkMode: false, // or 'media' or 'class'
  theme: {
    screens: {
      sm: "640px",
@ -59,15 +58,6 @@ module.exports = {
      },
    },
  },
  variants: {
    extend: {
      animation: ["hover"],
      rotate: ["hover"],
      backgroundColor: ["disabled"],
      textColor: ["disabled"],
      margin: ["first"],
    },
  },
  plugins: [
    require("@tailwindcss/typography"),
    plugin(function ({ addBase, theme }) {
--- a/packages/website/yarn.lock
+++ b/packages/website/yarn.lock
--- a/scripts/blocklist-skylink.sh
+++ b/scripts/blocklist-skylink.sh
@ -8,6 +8,9 @@
 set -e # exit on first error
 # Number of skylinks to block within one batch
 BATCH_SIZE=1000
 if [ -z "$1" ]; then
    echo "Please provide either a skylink or file with skylinks separated by new lines" && exit 1
 fi
@ -34,23 +37,45 @@ else
    skylinks=("$1") # just single skylink passed as input argument
 fi
-for skylink in "${skylinks[@]}";
+# Block skylinks in batches
-do
+skylinks_len=${#skylinks[@]}
-    echo ".. ⌁ Blocking skylink ${skylink}"
+for (( i = 0; i < $skylinks_len; i++ )); do
    # Add skylink to batch
    skylink="${skylinks[$i]}"
    echo ".. ⌁ Adding skylink ${skylink} to batch..."
    batch_skylinks+=("$skylink")
-    # Add to Sia blocklist
+    # For performance reasons on each iteration we do not block a single
-    docker exec sia siac skynet blocklist add "${skylink}"
+    # skylink, but we block skylinks in batches with BATCH_SIZE size mainly
    # because of nginx cache search.
    # If (batch len == batch size) or (we have last batch):
    if (( ${#batch_skylinks[@]} == $BATCH_SIZE || $i == $skylinks_len - 1 )); then
        echo "--------------------------------------------"
-    # Remove from NGINX cache
+        # Add to Sia blocklist
-    # NOTE:
+        echo "Blocking batch skylinks in skyd..."
-    # If there are changes to how the NGINX cache is being cleared, the same
+        skylinks_space_separated="$(IFS=' '; echo "${batch_skylinks[*]}")"
-    # changes need to be applied to the /setup-scripts/blocklist-airtable.py
+        docker exec sia siac skynet blocklist add $skylinks_space_separated
    # script.
    cached_files_command="find /data/nginx/cache/ -type f | xargs -r grep -Els '^Skynet-Skylink: ${skylink}'"
    docker exec -it nginx bash -c "${cached_files_command} | xargs -r rm"
-    echo ".. ⌁ Skylink ${skylink} Blocked"
+        # Remove from NGINX cache
-    echo "--------------------------------------------"
+        # NOTE:
        # If there are changes to how the NGINX cache is being cleared, the same
        # changes need to be applied to the /setup-scripts/blocklist-airtable.py
        # script.
        echo "Removing batch skylinks from Nginx cache..."
        skylinks_pipe_separated="$(IFS='|'; echo "${batch_skylinks[*]}")"
        cached_files_command="find /data/nginx/cache/ -type f | xargs -r grep -Els '^Skynet-Skylink: ($skylinks_pipe_separated)'"
        docker exec -it nginx bash -c "${cached_files_command} | xargs -r rm"
        # Clear batch
        batch_skylinks=()
        echo "--------------------------------------------"
    fi
 done
 # Hot reload Nginx to get rid of deleted open files
 echo "Hot reloading nginx..."
 docker exec nginx nginx -s reload
 echo "✓ All done !"
--- a/scripts/db_backup.sh
+++ b/scripts/db_backup.sh
@ -53,23 +53,3 @@ else
  fi
  docker exec mongo rm -rf /data/db/backups/$DT
 fi
 ### COCKROACH DB ###
 echo "Creating a backup of CockroachDB:"
 # Check if a backup already exists:
 totalFoundObjects=$(aws s3 ls $S3_BACKUP_PATH/$DT --recursive --summarize | grep "cockroach" | wc -l)
 if [ "$totalFoundObjects" -ge "1" ]; then
  echo "Backup already exists for today. Skipping."
 else
  # Create a cockroachdb backup:
  docker exec cockroach \
    cockroach sql \
    --host cockroach:26257 \
    --certs-dir=/certs \
    --execute="BACKUP TO '$S3_BACKUP_PATH/$DT/cockroach/?AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID&AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY';"
  if [[ $? > 0 ]]; then
    echo "Creating a CockroachDB backup failed. Skipping."
  else
    echo "Successfully backed up CockroachDB."
  fi
 fi
--- a/scripts/db_restore.sh
+++ b/scripts/db_restore.sh
@ -28,59 +28,6 @@ if [[ $S3_BACKUP_PATH == "" ]]; then
  exit 1
 fi
 ### COCKROACH DB ###
 echo "Restoring CockroachDB."
 # Check if the backup exists:
 totalFoundObjects=$(aws s3 ls $S3_BACKUP_PATH/$BACKUP --recursive --summarize | grep "cockroach" | wc -l)
 if [ "$totalFoundObjects" -eq "0" ]; then
  echo "This backup doesn't exist!"
  exit 1
 fi
 # Restore the backup:
 docker exec cockroach \
  cockroach sql \
  --host cockroach:26257 \
  --certs-dir=/certs \
  --execute="ALTER DATABASE defaultdb RENAME TO defaultdb_backup;"
 if [[ $? > 0 ]]; then
  echo "Failed to rename existing CockroachDB database. Exiting."
  exit $?
 fi
 docker exec cockroach \
  cockroach sql \
  --host cockroach:26257 \
  --certs-dir=/certs \
  --execute="RESTORE DATABASE defaultdb FROM '$S3_BACKUP_PATH/$BACKUP/cockroach?AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID&AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY';"
 if [[ $? == 0 ]]; then
  # Restoration succeeded, drop the backup.
  docker exec cockroach \
    cockroach sql \
    --host cockroach:26257 \
    --certs-dir=/certs \
    --execute="DROP DATABASE defaultdb_backup;"
  echo "CockroachDB restoration succeeded."
 else
  # Restoration failed, drop the new DB and put back the old one.
  echo "CockroachDB restoration failed, rolling back."
  docker exec cockroach \
    cockroach sql \
    --host cockroach:26257 \
    --certs-dir=/certs \
    --execute="DROP DATABASE defaultdb;"
  docker exec cockroach \
    cockroach sql \
    --host cockroach:26257 \
    --certs-dir=/certs \
    --execute="ALTER DATABASE defaultdb_backup RENAME TO defaultdb;"
  if [[ $? > 0 ]]; then
    echo "ERROR: Rollback failed! Inspect manually!"
    exit $?
  else
    echo "Rollback successful. Restoration cancelled. Exiting."
    exit 0
  fi
 fi
 ### MONGO DB ###
 # Check if the backup exists:
 totalFoundObjects=$(aws s3 ls $S3_BACKUP_PATH/$BACKUP --recursive --summarize | grep "mongo.tgz" | wc -l)
--- a/scripts/nginx-prune.sh
+++ b/scripts/nginx-prune.sh
@ -2,5 +2,8 @@
 # We execute the nginx cache pruning subscript from docker container so that we
 # can run the pruning script in user crontab without sudo.
 docker run --rm -v /home/user:/home/user bash /home/user/skynet-webportal/scripts/lib/nginx-prune-cache-subscript.sh
 # Some cache files are deleted, but are kept open, we hot reload nginx to get
 # them closed and removed from filesystem.
 docker exec nginx nginx -s reload
--- a/setup-scripts/README.md
+++ b/setup-scripts/README.md
@ -19,8 +19,6 @@ You may want to fork this repository and replace ssh keys in
  - [handshake](https://handshake.org) ([github](https://github.com/handshake-org/hsd)): full handshake node
  - [handshake-api](https://github.com/SkynetLabs/skynet-webportal/tree/master/packages/handshake-api): simple API talking to the handshake node - [read more](https://github.com/SkynetLabs/skynet-webportal/blob/master/packages/handshake-api/README.md)
  - [website](https://github.com/SkynetLabs/skynet-webportal/tree/master/packages/website): portal frontend application - [read more](https://github.com/SkynetLabs/skynet-webportal/blob/master/packages/website/README.md)
  - [kratos](https://www.ory.sh/kratos/): user account management system
  - [oathkeeper](https://www.ory.sh/oathkeeper/): identity and access proxy
 - discord integration
  - [funds-checker](funds-checker.py): script that checks wallet balance and sends status messages to discord periodically
  - [health-checker](health-checker.py): script that monitors health-check service for server health issues and reports them to discord periodically
@ -107,7 +105,6 @@ At this point we have almost everything running, we just need to set up your wal
     with path to the location in the bucket where we want to store the daily backups.
 1. `docker-compose up -d` to restart the services so they pick up new env variables
 1. add your custom Kratos configuration to `/home/user/skynet-webportal/docker/kratos/config/kratos.yml` (in particular, the credentials for your mail server should be here, rather than in your source control). For a starting point you can take `docker/kratos/config/kratos.yml.sample`.
 ## Subdomains
--- a/setup-scripts/blocklist-airtable.py
+++ b/setup-scripts/blocklist-airtable.py
@ -171,6 +171,9 @@ async def block_skylinks_from_airtable():
    if cached_files_count == 0:
        return print("No nginx cached files matching blocked skylinks were found")
    else:
        print("Hot reloading nginx")
        exec("docker exec nginx nginx -s reload")
    message = (
        "Purged " + str(cached_files_count) + " blocklisted files from nginx cache"
--- a/setup-scripts/disk-usage-dump.sh
+++ b/setup-scripts/disk-usage-dump.sh
@ -23,11 +23,21 @@ dump () {
    echo
    df -h /home/user
    # Root dirs
    echo
    echo "Root dirs:"
    docker run -v /:/host-root alpine:3.15.0 sh -c 'du -hs /host-root/*' | sed 's#/host-root##'
    # Home dirs
    echo
    echo "Home dirs:"
    docker run -v /home/user:/home/user alpine:3.15.0 du -hs /home/user/*
    # Skynet webportal dirs
    echo
    echo "skynet-webportal dirs:"
    docker run -v /home/user:/home/user alpine:3.15.0 du -hs /home/user/skynet-webportal/*
    # Docker data dirs
    echo
    echo "Docker data dirs:"
--- a/setup-scripts/setup-docker-services.sh
+++ b/setup-scripts/setup-docker-services.sh
@ -43,8 +43,6 @@ docker-compose --version # sanity check
 # * COOKIE_DOMAIN - (optional) if using `accounts` this is the domain to which your cookies will be issued
 # * COOKIE_HASH_KEY - (optional) if using `accounts` hashing secret, at least 32 bytes
 # * COOKIE_ENC_KEY - (optional) if using `accounts` encryption key, at least 32 bytes
 # * CR_IP - (optional) if using `accounts` the public IP/domain of your server, e.g. `helsinki.siasky.net`
 # * CR_CLUSTER_NODES - (optional) if using `accounts` the list of servers (with ports) which make up your CockroachDB cluster, e.g. `helsinki.siasky.net:26257,germany.siasky.net:26257,us-east.siasky.net:26257`
 if ! [ -f /home/user/skynet-webportal/.env ]; then
    HSD_API_KEY=$(openssl rand -base64 32) # generate safe random key for handshake
    printf "PORTAL_DOMAIN=siasky.net\nSERVER_DOMAIN=\nSKYNET_PORTAL_API=https://siasky.net\nSKYNET_SERVER_API=https://eu-dc-1.siasky.net\nSKYNET_DASHBOARD_URL=https://account.example.com\nEMAIL_ADDRESS=email@example.com\nSIA_WALLET_PASSWORD=\nHSD_API_KEY=${HSD_API_KEY}\nCLOUDFLARE_AUTH_TOKEN=\nAWS_ACCESS_KEY_ID=\nAWS_SECRET_ACCESS_KEY=\nPORTAL_NAME=\DISCORD_WEBHOOK_URL=\nDISCORD_MENTION_USER_ID=\nDISCORD_MENTION_ROLE_ID=\n" > /home/user/skynet-webportal/.env
		`@ -0,0 +1 @@`
							- Add malware scanner service, activated by adding `s` to `PORTAL_MODULES`
		`@ -0,0 +1 @@`
							`- Remove ORY Kratos, ORY Oathkeeper, CockroachDB.`
		`@ -0,0 +1 @@`
							`- Hot reload Nginx after pruning cache files.`
		`@ -0,0 +1 @@`
							`- Block skylinks in batches to improve performance.`
`@ -1,4 +1,4 @@`
	`FROM node:16.13.0-alpine`	`FROM node:16.13.1-alpine`

	`WORKDIR /opt/hsd`	`WORKDIR /opt/hsd`