Merge pull request #2255 from SkynetLabs/renovate/skynetlabs-webportal-health-check-1.x

chore(deps): update skynetlabs/webportal-health-check docker tag to v1
2022-10-06 01:47:34 +02:00 · 2022-10-05 23:46:59 +00:00 · 2022-10-05 21:07:44 +02:00 · 2022-10-05 19:04:22 +00:00 · 2022-10-05 09:56:53 +02:00 · 2022-10-05 09:56:13 +02:00
31 changed files with 118 additions and 859 deletions
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@ -0,0 +1 @@
 * @kwypchlo @meeh0w
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@ -1,71 +0,0 @@
 # For most projects, this workflow file will not need changing; you simply need
 # to commit it to your repository.
 #
 # You may wish to alter this file to override the set of languages analyzed,
 # or to provide custom queries or build logic.
 #
 # ******** NOTE ********
 # We have attempted to detect the languages in your repository. Please check
 # the `language` matrix defined below to confirm you have the correct set of
 # supported CodeQL languages.
 #
 name: "CodeQL"
 on:
  push:
    branches: [ main ]
  pull_request:
    # The branches below must be a subset of the branches above
    branches: [ main ]
  schedule:
    - cron: '32 21 * * 0'
 jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write
    strategy:
      fail-fast: false
      matrix:
        language: [ 'javascript', 'python' ]
        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
        # Learn more:
        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
    steps:
    - name: Checkout repository
      uses: actions/checkout@v2
    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
      uses: github/codeql-action/init@v1
      with:
        languages: ${{ matrix.language }}
        # If you wish to specify custom queries, you can do so here or in a config file.
        # By default, queries listed here will override any specified in a config file.
        # Prefix the list here with "+" to use these queries and those in the config file.
        # queries: ./path/to/local/query, your-org/your-repo/queries@main
    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
    # If this step fails, then you should remove it and run the build manually (see below)
    - name: Autobuild
      uses: github/codeql-action/autobuild@v1
    # ℹ️ Command-line programs to run using the OS shell.
    # 📚 https://git.io/JvXDl
    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
    #    and modify them (or add more) to build your code if your project
    #    uses a compiled language
    #- run: |
    #   make bootstrap
    #   make release
    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v1
--- a/.github/workflows/lint-dockerfiles.yml
+++ b/.github/workflows/lint-dockerfiles.yml
@ -1,21 +0,0 @@
 name: Dockerfile Lint
 on:
  push:
    branches:
      - master
  pull_request:
 jobs:
  hadolint:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        dockerfile:
          - docker/sia/Dockerfile
    steps:
      - uses: actions/checkout@v3
      - uses: hadolint/hadolint-action@v2.0.0
        with:
          dockerfile: ${{ matrix.dockerfile }}
--- a/README.md
+++ b/README.md
@ -8,23 +8,6 @@ supports is located at https://portal-docs.skynetlabs.com/.
 Some scripts and setup documentation contained in this repository
 (`skynet-webportal`) may be outdated and generally should not be used.
 ## Web application
 Change current directory with `cd packages/website`.
 Use `yarn start` to start the development server.
 Use `yarn build` to compile the application to `/public` directory.
 You can use the below build parameters to customize your web application.
 - development example `GATSBY_API_URL=https://siasky.dev yarn start`
 - production example `GATSBY_API_URL=https://siasky.net yarn build`
 List of available parameters:
 - `GATSBY_API_URL`: override api url (defaults to location origin)
 ## License
 Skynet uses a custom [License](./LICENSE.md). The Skynet License is a source code license that allows you to use, modify
@ -33,19 +16,3 @@ and distribute the software, but you must preserve the payment mechanism in the
 For the purposes of complying with our code license, you can use the following Siacoin address:
 `fb6c9320bc7e01fbb9cd8d8c3caaa371386928793c736837832e634aaaa484650a3177d6714a`
 ## Running a Portal
 For those interested in running a Webportal, head over to our developer docs [here](https://portal-docs.skynetlabs.com/) to learn more.
 ## Contributing
 ### Testing Your Code
 Before pushing your code, you should verify that it will pass our online test suite.
 **Cypress Tests**
 Verify the Cypress test suite by doing the following:
 1. In one terminal screen run `GATSBY_API_URL=https://siasky.net website serve`
 1. In a second terminal screen run `yarn cypress run`
--- a/31
+++ b/31
@ -5,56 +5,59 @@
 # would use docker-compose with the only difference being that you don't need to specify compose files. For more
 # information you can run `./dc` or `./dc help`.
-if [ -f .env ]; then
+# get current working directory of this script and prefix all files with it to
-  OLD_IFS=$IFS
+# be able to call this script from anywhere and not only root directory of
-  IFS=$'\n'
+# skynet-webportal project
-  for x in $(grep -v '^#.*' .env); do export $x; done
+cwd="$(dirname -- "$0";)";
-  IFS=$OLD_IFS
+
 # get portal modules configuration from .env file (if defined more than once, the last one is used)
 if [[ -f "${cwd}/.env" ]]; then
  PORTAL_MODULES=$(grep -e "^PORTAL_MODULES=" ${cwd}/.env | tail -1 | sed "s/PORTAL_MODULES=//")
 fi
 # include base docker compose file
-COMPOSE_FILES="-f docker-compose.yml"
+COMPOSE_FILES="-f ${cwd}/docker-compose.yml"
 for i in $(seq 1 ${#PORTAL_MODULES}); do
  # accounts module - alias "a"
  if [[ ${PORTAL_MODULES:i-1:1} == "a" ]]; then
-    COMPOSE_FILES+=" -f docker-compose.mongodb.yml -f docker-compose.accounts.yml"
+    COMPOSE_FILES+=" -f ${cwd}/docker-compose.mongodb.yml -f ${cwd}/docker-compose.accounts.yml"
  fi
  # blocker module - alias "b"
  if [[ ${PORTAL_MODULES:i-1:1} == "b" ]]; then
-    COMPOSE_FILES+=" -f docker-compose.mongodb.yml -f docker-compose.blocker.yml"
+    COMPOSE_FILES+=" -f ${cwd}/docker-compose.mongodb.yml -f ${cwd}/docker-compose.blocker.yml"
  fi
  # jaeger module - alias "j"
  if [[ ${PORTAL_MODULES:i-1:1} == "j" ]]; then
-    COMPOSE_FILES+=" -f docker-compose.jaeger.yml"
+    COMPOSE_FILES+=" -f ${cwd}/docker-compose.jaeger.yml"
  fi
  # malware-scanner module - alias "s"
  if [[ ${PORTAL_MODULES:i-1:1} == "s" ]]; then
-    COMPOSE_FILES+=" -f docker-compose.blocker.yml -f docker-compose.mongodb.yml -f docker-compose.malware-scanner.yml"
+    COMPOSE_FILES+=" -f ${cwd}/docker-compose.blocker.yml -f ${cwd}/docker-compose.mongodb.yml -f ${cwd}/docker-compose.malware-scanner.yml"
  fi
  # mongodb module - alias "m"
  if [[ ${PORTAL_MODULES:i-1:1} == "m" ]]; then
-    COMPOSE_FILES+=" -f docker-compose.mongodb.yml"
+    COMPOSE_FILES+=" -f ${cwd}/docker-compose.mongodb.yml"
  fi
  # abuse-scanner module - alias "u"
  if [[ ${PORTAL_MODULES:i-1:1} == "u" ]]; then
-    COMPOSE_FILES+=" -f docker-compose.mongodb.yml -f docker-compose.blocker.yml -f docker-compose.abuse-scanner.yml"
+    COMPOSE_FILES+=" -f ${cwd}/docker-compose.mongodb.yml -f ${cwd}/docker-compose.blocker.yml -f ${cwd}/docker-compose.abuse-scanner.yml"
  fi
  # pinner module - alias "p"
  if [[ ${PORTAL_MODULES:i-1:1} == "p" ]]; then
-    COMPOSE_FILES+=" -f docker-compose.mongodb.yml -f docker-compose.pinner.yml"
+    COMPOSE_FILES+=" -f ${cwd}/docker-compose.mongodb.yml -f ${cwd}/docker-compose.pinner.yml"
  fi
 done
 # override file if exists
 if [[ -f docker-compose.override.yml ]]; then
-  COMPOSE_FILES+=" -f docker-compose.override.yml"
+  COMPOSE_FILES+=" -f ${cwd}/docker-compose.override.yml"
 fi
 docker-compose $COMPOSE_FILES $@
--- a/docker-compose.abuse-scanner.yml
+++ b/docker-compose.abuse-scanner.yml
@ -1,4 +1,4 @@
-version: "3.7"
+version: "3.8"
 x-logging: &default-logging
  driver: json-file
@ -10,7 +10,7 @@ services:
  abuse-scanner:
    # uncomment "build" and comment out "image" to build from sources
    # build: https://github.com/SkynetLabs/abuse-scanner.git#main
-    image: skynetlabs/abuse-scanner:0.1.1
+    image: skynetlabs/abuse-scanner:0.4.0
    container_name: abuse-scanner
    restart: unless-stopped
    logging: *default-logging
@ -36,3 +36,6 @@ services:
    depends_on:
      - mongo
      - blocker
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /tmp:/tmp
--- a/docker-compose.accounts.yml
+++ b/docker-compose.accounts.yml
@ -1,4 +1,4 @@
-version: "3.7"
+version: "3.8"
 x-logging: &default-logging
  driver: json-file
@ -22,7 +22,7 @@ services:
  accounts:
    # uncomment "build" and comment out "image" to build from sources
    # build: https://github.com/SkynetLabs/skynet-accounts.git#main
-    image: skynetlabs/skynet-accounts:1.2.0
+    image: skynetlabs/skynet-accounts:1.3.0
    container_name: accounts
    restart: unless-stopped
    logging: *default-logging
@ -59,15 +59,12 @@ services:
    # build:
    #   context: https://github.com/SkynetLabs/webportal-accounts-dashboard.git#main
    #   dockerfile: Dockerfile
-    image: skynetlabs/webportal-accounts-dashboard:1.1.2
+    image: skynetlabs/webportal-accounts-dashboard:2.1.1
    container_name: dashboard
    restart: unless-stopped
    logging: *default-logging
    env_file:
      - .env
    environment:
      - GATSBY_PORTAL_DOMAIN=${PORTAL_DOMAIN}
      - GATSBY_STRIPE_PUBLISHABLE_KEY=${STRIPE_PUBLISHABLE_KEY}
    volumes:
      - ./docker/data/dashboard/.cache:/usr/app/.cache
      - ./docker/data/dashboard/public:/usr/app/public
--- a/docker-compose.blocker.yml
+++ b/docker-compose.blocker.yml
@ -1,4 +1,4 @@
-version: "3.7"
+version: "3.8"
 x-logging: &default-logging
  driver: json-file
@ -15,7 +15,7 @@ services:
  blocker:
    # uncomment "build" and comment out "image" to build from sources
    # build: https://github.com/SkynetLabs/blocker.git#main
-    image: skynetlabs/blocker:0.1.1
+    image: skynetlabs/blocker:0.1.2
    container_name: blocker
    restart: unless-stopped
    logging: *default-logging
--- a/docker-compose.jaeger.yml
+++ b/docker-compose.jaeger.yml
@ -1,4 +1,4 @@
-version: "3.7"
+version: "3.8"
 x-logging: &default-logging
  driver: json-file
@ -21,7 +21,7 @@ services:
      - JAEGER_REPORTER_LOG_SPANS=false
  jaeger-agent:
-    image: jaegertracing/jaeger-agent:1.32.0
+    image: jaegertracing/jaeger-agent:1.38.1
    command:
      [
        "--reporter.grpc.host-port=jaeger-collector:14250",
@ -43,7 +43,7 @@ services:
      - jaeger-collector
  jaeger-collector:
-    image: jaegertracing/jaeger-collector:1.32.0
+    image: jaegertracing/jaeger-collector:1.38.1
    entrypoint: /wait_to_start.sh
    container_name: jaeger-collector
    restart: on-failure
@ -68,7 +68,7 @@ services:
      - elasticsearch
  jaeger-query:
-    image: jaegertracing/jaeger-query:1.32.0
+    image: jaegertracing/jaeger-query:1.38.1
    entrypoint: /wait_to_start.sh
    container_name: jaeger-query
    restart: on-failure
@ -93,7 +93,7 @@ services:
      - elasticsearch
  elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch:7.17.4
+    image: docker.elastic.co/elasticsearch/elasticsearch:7.17.6
    container_name: elasticsearch
    restart: on-failure
    logging: *default-logging
--- a/docker-compose.malware-scanner.yml
+++ b/docker-compose.malware-scanner.yml
@ -1,4 +1,4 @@
-version: "3.7"
+version: "3.8"
 x-logging: &default-logging
  driver: json-file
@ -17,10 +17,6 @@ services:
      - ./docker/clamav/clamd.conf:/etc/clamav/clamd.conf:ro
    expose:
      - 3310 # NEVER expose this outside of the local network!
    deploy:
      resources:
        limits:
          cpus: "${CLAMAV_CPU:-0.50}"
    networks:
      shared:
        ipv4_address: 10.10.10.100
--- a/docker-compose.mongodb.yml
+++ b/docker-compose.mongodb.yml
@ -1,4 +1,4 @@
-version: "3.7"
+version: "3.8"
 x-logging: &default-logging
  driver: json-file
@ -14,7 +14,7 @@ services:
      - MONGODB_PASSWORD=${SKYNET_DB_PASS}
  mongo:
-    image: mongo:4.4.14
+    image: mongo:4.4.17
    command: --keyFile=/data/mgkey --replSet=${SKYNET_DB_REPLICASET:-skynet} --setParameter ShardingTaskExecutorPoolMinSize=10
    container_name: mongo
    restart: unless-stopped
--- a/docker-compose.pinner.yml
+++ b/docker-compose.pinner.yml
@ -1,4 +1,4 @@
-version: "3.7"
+version: "3.8"
 x-logging: &default-logging
  driver: json-file
@ -10,12 +10,14 @@ services:
  pinner:
    # uncomment "build" and comment out "image" to build from sources
    # build: https://github.com/SkynetLabs/pinner.git#main
-    image: skynetlabs/pinner:0.3.1
+    image: skynetlabs/pinner:0.7.8
    container_name: pinner
    restart: unless-stopped
    logging: *default-logging
    env_file:
      - .env
    volumes:
      - ./docker/data/pinner/logs:/logs
    environment:
      - PINNER_LOG_LEVEL=${PINNER_LOG_LEVEL:-info}
    expose:
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,4 +1,4 @@
-version: "3.7"
+version: "3.8"
 x-logging: &default-logging
  driver: json-file
@ -15,18 +15,19 @@ networks:
 services:
  sia:
-    build:
+    # uncomment "build" and comment out "image" to build from sources
-      context: https://github.com/SkynetLabs/docker-skyd.git#main
+    # build:
-      dockerfile: bullseye-slim/Dockerfile
+    #   context: https://github.com/SkynetLabs/docker-skyd.git#main
-      args:
+    #   dockerfile: scratch/Dockerfile
-        branch: portal-latest
+    #   args:
-    command: --disable-api-security --api-addr :9980 --modules gtcwra
+    #     branch: master
    image: skynetlabs/skyd:1.6.9
    command: --disable-api-security --api-addr :9980 --modules gctwra
    container_name: sia
    restart: unless-stopped
    stop_grace_period: 5m
    logging: *default-logging
    environment:
      - SIA_MODULES=gctwra
      - SKYD_DISK_CACHE_ENABLED=${SKYD_DISK_CACHE_ENABLED:-true}
      - SKYD_DISK_CACHE_SIZE=${SKYD_DISK_CACHE_SIZE:-53690000000} # 50GB
      - SKYD_DISK_CACHE_MIN_HITS=${SKYD_DISK_CACHE_MIN_HITS:-3}
@ -42,7 +43,24 @@ services:
      - 9980
  certbot:
-    image: certbot/dns-route53:v1.28.0
+    # replace this image with the image supporting your dns provider from
    # https://hub.docker.com/r/certbot/certbot and adjust CERTBOT_ARGS env variable
    # note: you will need to authenticate your dns request so consult the plugin docs
    # configuration https://eff-certbot.readthedocs.io/en/stable/using.html#dns-plugins
    #
    # =================================================================================
    # example docker-compose.yml changes required for Cloudflare dns provider:
    #
    # image: certbot/dns-cloudflare
    # environment:
    #   - CERTBOT_ARGS=--dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/cloudflare.ini
    #
    # create ./docker/data/certbot/cloudflare.ini file with the following content:
    # dns_cloudflare_api_token = <api key generated at https://dash.cloudflare.com/profile/api-tokens>
    #
    # make sure that the file has 0400 permissions with:
    # chmod 0400 ./docker/data/certbot/cloudflare.ini
    image: certbot/dns-route53:v1.31.0
    entrypoint: sh /entrypoint.sh
    container_name: certbot
    restart: unless-stopped
@ -60,7 +78,7 @@ services:
    # build:
    #   context: https://github.com/SkynetLabs/webportal-nginx.git#main
    #   dockerfile: Dockerfile
-    image: skynetlabs/webportal-nginx:0.3.1
+    image: skynetlabs/webportal-nginx:1.0.0
    container_name: nginx
    restart: unless-stopped
    logging: *default-logging
@ -90,7 +108,7 @@ services:
    # build:
    #   context: https://github.com/SkynetLabs/webportal-website.git#main
    #   dockerfile: Dockerfile
-    image: skynetlabs/webportal-website:0.2.0
+    image: skynetlabs/webportal-website:0.2.3
    container_name: website
    restart: unless-stopped
    logging: *default-logging
@ -106,18 +124,11 @@ services:
      - 9000
  handshake:
-    image: skynetlabs/hsd:3.0.1
+    image: handshakeorg/hsd:4.0.2
-    command: --chain-migrate=2 --wallet-migrate=1
+    command: --chain-migrate=3 --no-wallet --no-auth --compact-tree-on-init --network=main --http-host=0.0.0.0
    container_name: handshake
    restart: unless-stopped
    logging: *default-logging
    environment:
      - HSD_LOG_CONSOLE=false
      - HSD_HTTP_HOST=0.0.0.0
      - HSD_NETWORK=main
      - HSD_PORT=12037
    env_file:
      - .env
    volumes:
      - ./docker/data/handshake/.hsd:/root/.hsd
    networks:
@ -131,7 +142,7 @@ services:
    # build:
    #   context: https://github.com/SkynetLabs/webportal-handshake-api.git#main
    #   dockerfile: Dockerfile
-    image: skynetlabs/webportal-handshake-api:0.1.1
+    image: skynetlabs/webportal-handshake-api:0.1.3
    container_name: handshake-api
    restart: unless-stopped
    logging: *default-logging
@ -155,7 +166,7 @@ services:
    # build:
    #   context: https://github.com/SkynetLabs/webportal-dnslink-api.git#main
    #   dockerfile: Dockerfile
-    image: skynetlabs/webportal-dnslink-api:0.1.1
+    image: skynetlabs/webportal-dnslink-api:0.2.1
    container_name: dnslink-api
    restart: unless-stopped
    logging: *default-logging
@ -170,7 +181,7 @@ services:
    # build:
    #   context: https://github.com/SkynetLabs/webportal-health-check.git#main
    #   dockerfile: Dockerfile
-    image: skynetlabs/webportal-health-check:0.1.3
+    image: skynetlabs/webportal-health-check:1.0.0
    container_name: health-check
    restart: unless-stopped
    logging: *default-logging
--- a/docker/sia/Dockerfile
+++ b/docker/sia/Dockerfile
@ -1,16 +0,0 @@
 FROM golang:1.16.7 AS sia-builder
 ENV GOOS linux
 ENV GOARCH amd64
 ARG branch=portal-latest
 RUN git clone https://gitlab.com/SkynetLabs/skyd.git Sia --single-branch --branch ${branch} && \
    make release --directory Sia
 FROM nebulouslabs/sia:1.5.6
 COPY --from=sia-builder /go/bin/ /usr/bin/
 RUN if [ -f "/usr/bin/skyd" ]; then mv /usr/bin/skyd /usr/bin/siad; fi && \
    if [ -f "/usr/bin/skyc" ]; then mv /usr/bin/skyc /usr/bin/siac; fi
--- a/scripts/backup-aws-s3.sh
+++ b/scripts/backup-aws-s3.sh
@ -50,6 +50,7 @@ aws s3 sync --no-progress /home/user/skynet-webportal/docker/data/nginx/logs s3:
 # generate and sync skylinks dump
 SKYLINKS_PATH=logs/skylinks/$(date +"%Y-%m-%d").log
 mkdir -p /home/user/skynet-webportal/logs/skylinks # ensure path exists
 find /home/user/skynet-webportal/logs/skylinks -type f -mtime +7 -delete # delete skylink dumps older than 7 days
 docker exec sia siac skynet ls --recursive --alert-suppress > /home/user/skynet-webportal/${SKYLINKS_PATH}
 aws s3 cp --no-progress /home/user/skynet-webportal/${SKYLINKS_PATH} s3://${BUCKET_NAME}/${SERVER_PREFIX}/${SKYLINKS_PATH}
--- a/scripts/blocklist-skylink.sh
+++ b/scripts/blocklist-skylink.sh
@ -3,8 +3,6 @@
 # This script is for manual skylink blocking. It accepts either a single 
 # skylink or a file containing list of skylinks. The script is intented
 # for manual use and it should be run locally on each skynet webportal server. 
 # The automatic script that is used to continuously sync an Airtable sheet 
 # list with the blocklist on the web portals is /setup-scripts/blocklist-airtable.py 
 set -e # exit on first error
--- a/scripts/es_cleaner.py
+++ b/scripts/es_cleaner.py
@ -1,164 +0,0 @@
 #!/usr/bin/env python3
 import curator
 import elasticsearch
 import os
 import ssl
 import sys
 TIMEOUT = 120
 def main():
    if len(sys.argv) != 3:
        print(
            'USAGE: [INDEX_PREFIX=(default "")] [ARCHIVE=(default false)] ... {} NUM_OF_DAYS http://HOSTNAME[:PORT]'.format(
                sys.argv[0]
            )
        )
        print(
            "NUM_OF_DAYS ... delete indices that are older than the given number of days."
        )
        print(
            "HOSTNAME ... specifies which Elasticsearch hosts URL to search and delete indices from."
        )
        print(
            "TIMEOUT ...  number of seconds to wait for master node response, default: {}".format(
                TIMEOUT
            )
        )
        print("INDEX_PREFIX ... specifies index prefix.")
        print("INDEX_DATE_SEPARATOR ... specifies index date separator.")
        print(
            "ARCHIVE ... specifies whether to remove archive indices (only works for rollover) (default false)."
        )
        print(
            "ROLLOVER ... specifies whether to remove indices created by rollover (default false)."
        )
        print("ES_USERNAME ... The username required by Elasticsearch.")
        print("ES_PASSWORD ... The password required by Elasticsearch.")
        print("ES_TLS ... enable TLS (default false).")
        print("ES_TLS_CA ... Path to TLS CA file.")
        print("ES_TLS_CERT ... Path to TLS certificate file.")
        print("ES_TLS_KEY ... Path to TLS key file.")
        print(
            "ES_TLS_SKIP_HOST_VERIFY ... (insecure) Skip server's certificate chain and host name verification."
        )
        sys.exit(1)
    client = create_client(
        os.getenv("ES_USERNAME"),
        os.getenv("ES_PASSWORD"),
        str2bool(os.getenv("ES_TLS", "false")),
        os.getenv("ES_TLS_CA"),
        os.getenv("ES_TLS_CERT"),
        os.getenv("ES_TLS_KEY"),
        str2bool(os.getenv("ES_TLS_SKIP_HOST_VERIFY", "false")),
    )
    ilo = curator.IndexList(client)
    empty_list(ilo, "Elasticsearch has no indices")
    prefix = os.getenv("INDEX_PREFIX", "")
    if prefix != "":
        prefix += "-"
    separator = os.getenv("INDEX_DATE_SEPARATOR", "-")
    if str2bool(os.getenv("ARCHIVE", "false")):
        filter_archive_indices_rollover(ilo, prefix)
    else:
        if str2bool(os.getenv("ROLLOVER", "false")):
            filter_main_indices_rollover(ilo, prefix)
        else:
            filter_main_indices(ilo, prefix, separator)
    empty_list(ilo, "No indices to delete")
    for index in ilo.working_list():
        print("Removing", index)
    timeout = int(os.getenv("TIMEOUT", TIMEOUT))
    delete_indices = curator.DeleteIndices(ilo, master_timeout=timeout)
    delete_indices.do_action()
 def filter_main_indices(ilo, prefix, separator):
    date_regex = "\d{4}" + separator + "\d{2}" + separator + "\d{2}"
    time_string = "%Y" + separator + "%m" + separator + "%d"
    ilo.filter_by_regex(
        kind="regex", value=prefix + "jaeger-(span|service|dependencies)-" + date_regex
    )
    empty_list(ilo, "No indices to delete")
    # This excludes archive index as we use source='name'
    # source `creation_date` would include archive index
    ilo.filter_by_age(
        source="name",
        direction="older",
        timestring=time_string,
        unit="days",
        unit_count=int(sys.argv[1]),
    )
 def filter_main_indices_rollover(ilo, prefix):
    ilo.filter_by_regex(kind="regex", value=prefix + "jaeger-(span|service)-\d{6}")
    empty_list(ilo, "No indices to delete")
    # do not remove active write indices
    ilo.filter_by_alias(aliases=[prefix + "jaeger-span-write"], exclude=True)
    empty_list(ilo, "No indices to delete")
    ilo.filter_by_alias(aliases=[prefix + "jaeger-service-write"], exclude=True)
    empty_list(ilo, "No indices to delete")
    ilo.filter_by_age(
        source="creation_date",
        direction="older",
        unit="days",
        unit_count=int(sys.argv[1]),
    )
 def filter_archive_indices_rollover(ilo, prefix):
    # Remove only rollover archive indices
    # Do not remove active write archive index
    ilo.filter_by_regex(kind="regex", value=prefix + "jaeger-span-archive-\d{6}")
    empty_list(ilo, "No indices to delete")
    ilo.filter_by_alias(aliases=[prefix + "jaeger-span-archive-write"], exclude=True)
    empty_list(ilo, "No indices to delete")
    ilo.filter_by_age(
        source="creation_date",
        direction="older",
        unit="days",
        unit_count=int(sys.argv[1]),
    )
 def empty_list(ilo, error_msg):
    try:
        ilo.empty_list_check()
    except curator.NoIndices:
        print(error_msg)
        sys.exit(0)
 def str2bool(v):
    return v.lower() in ("true", "1")
 def create_client(username, password, tls, ca, cert, key, skipHostVerify):
    context = ssl.create_default_context()
    if ca is not None:
        context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH, cafile=ca)
    elif skipHostVerify:
        context.check_hostname = False
        context.verify_mode = ssl.CERT_NONE
    if username is not None and password is not None:
        return elasticsearch.Elasticsearch(
            sys.argv[2:], http_auth=(username, password), ssl_context=context
        )
    elif tls:
        context.load_cert_chain(certfile=cert, keyfile=key)
        return elasticsearch.Elasticsearch(sys.argv[2:], ssl_context=context)
    else:
        return elasticsearch.Elasticsearch(sys.argv[2:], ssl_context=context)
 if __name__ == "__main__":
    main()
--- a/scripts/maintenance-upgrade.sh
+++ b/scripts/maintenance-upgrade.sh
@ -1,16 +0,0 @@
 #! /usr/bin/env bash
 ###############################################################
 # this script is an automation for restarting docker containers 
 # on maintenance nodes strictly built for purpose of siasky.net
 ###############################################################
 set -e # exit on first error
 docker build --no-cache --quiet --build-arg branch=master -t sia-master /home/user/sia-dockerfile
 for container in `docker container ls --format '{{.Names}}'`; do 
    docker stop $container
    docker rm $container
    docker run -d -v /home/user/nodes/$container/sia-data:/sia-data --env-file /home/user/nodes/$container/.env --name $container --log-opt max-size=100m --log-opt max-file=3 sia-master
 done
--- a/scripts/portal-restart.sh
+++ b/scripts/portal-restart.sh
@ -1,18 +0,0 @@
 #!/bin/bash
 set -e # exit on first error
 # get current working directory (pwd doesn't cut it)
 cwd=$(cd -P -- "$(dirname -- "$0")" && pwd -P)
 # put the server down for maintenance
 . ${cwd}/portal-down.sh
 # stop the docker services
 docker-compose down
 # start the docker services
 docker-compose up -d
 # enable the server again
 . ${cwd}/portal-up.sh
--- a/scripts/portal-upgrade.sh
+++ b/scripts/portal-upgrade.sh
@ -1,26 +0,0 @@
 #!/bin/bash
 set -e # exit on first error
 # get current working directory (pwd doesn't cut it)
 cwd=$(cd -P -- "$(dirname -- "$0")" && pwd -P)
 # put the server down for maintenance
 . ${cwd}/portal-down.sh
 # build all container without cache
 docker-compose build --no-cache --parallel --pull --quiet
 # stop the docker services
 docker-compose down -v
 # clear unused docker containers so we don't run into out of disk space
 # it should be done after the container have been stopped and before 
 # building them again
 docker system prune --force
 # start the docker services
 docker-compose up -d
 # enable the server again
 . ${cwd}/portal-up.sh
--- a/setup-scripts/README.md
+++ b/setup-scripts/README.md
@ -1,155 +0,0 @@
 # Skynet Portal Setup Scripts
 > :warning: This documentation is outdated and should be used for reference
 only. Portal setup documentation is located at
 https://portal-docs.skynetlabs.com/.
 This directory contains a setup guide and scripts that will install and
 configure some basic requirements for running a Skynet Portal. The assumption is
 that we are working with a Debian Buster Minimal system or similar.
 ## Latest Setup Documentation
 Latest Skynet Webportal setup documentation and the setup process Skynet Labs
 supports is located at https://docs.siasky.net/webportal-management/overview.
 Some of the scripts and setup documentation contained in this repository
 (`skynet-webportal`) can be outdated and generally should not be used.
 ## Initial Setup
 You may want to fork this repository and replace ssh keys in
 `setup-scripts/support/authorized_keys` and optionally edit the `setup-scripts/support/tmux.conf` and `setup-scripts/support/bashrc` configurations to fit your needs.
 ### Step 0: stack overview
 - dockerized services inside `docker-compose.yml`
  - [sia](https://sia.tech) ([docker hub](https://hub.docker.com/r/nebulouslabs/sia)): storage provider, heart of the portal setup
  - [caddy](https://caddyserver.com) ([docker hub](https://hub.docker.com/r/caddy/caddy)): reverse proxy (similar to nginx) that handles ssl out of a box and acts as a transparent entry point
  - [openresty](https://openresty.org) ([docker hub](https://hub.docker.com/r/openresty/openresty)): nginx custom build, acts as a cached proxy to siad and exposes all api endpoints
  - [health-check](https://github.com/SkynetLabs/skynet-webportal/tree/master/packages/health-check): simple service that runs periodically and collects health data about the server (status and response times) - [read more](https://github.com/SkynetLabs/skynet-webportal/blob/master/packages/health-check/README.md)
  - [handshake](https://handshake.org) ([github](https://github.com/handshake-org/hsd)): full handshake node
  - [handshake-api](https://github.com/SkynetLabs/skynet-webportal/tree/master/packages/handshake-api): simple API talking to the handshake node - [read more](https://github.com/SkynetLabs/skynet-webportal/blob/master/packages/handshake-api/README.md)
  - [website](https://github.com/SkynetLabs/skynet-webportal/tree/master/packages/website): portal frontend application - [read more](https://github.com/SkynetLabs/skynet-webportal/blob/master/packages/website/README.md)
 - discord integration
  - [funds-checker](funds-checker.py): script that checks wallet balance and sends status messages to discord periodically
  - [health-checker](health-checker.py): script that monitors health-check service for server health issues and reports them to discord periodically
  - [log-checker](log-checker.py): script that scans siad logs for critical errors and reports them to discord periodically
 - [blocklist-skylink](../scripts/blocklist-skylink.sh): script that can be run locally from a machine that has access to all your skynet portal servers that blocklists provided skylink and prunes nginx cache to ensure it's not available any more (that is a bit much but that's the best we can do right now without paid nginx version) - if you want to use it, make sure to adjust the server addresses
 ### Step 1: setting up server user
 1. SSH in a freshly installed Debian machine on a user with sudo access (can be root)
 1. `apt-get update && apt-get install sudo libnss3-tools -y` to make sure `sudo` is available
 1. `adduser user` to create user called `user` (creates `/home/user` directory)
 1. `usermod -aG sudo user` to add this new user to sudo group
 1. `sudo groupadd docker` to create a group for docker (it might already exist)
 1. `sudo usermod -aG docker user` to add your user to that group
 1. Quit the ssh session with `exit` command
 You can now ssh into your machine as the user `user`.
 ### Step 2: setting up environment
 1. On your local machine: `ssh-copy-id user@ip-addr` to copy over your ssh key to server
 1. On your local machine: `ssh user@ip-addr` to log in to server as user `user`
 1. You are now logged in as `user`
 **Following step will be executed on remote host logged in as a `user`:**
 1. `sudo apt-get install git -y` to install git
 1. `git clone https://github.com/SkynetLabs/skynet-webportal`
 1. `cd skynet-webportal`
 1. run setup scripts in the exact order and provide sudo password when asked (if one of them fails, you can retry just this one before proceeding further)
   1. `/home/user/skynet-webportal/setup-scripts/setup-server.sh`
   1. `/home/user/skynet-webportal/setup-scripts/setup-docker-services.sh`
   1. `/home/user/skynet-webportal/setup-scripts/setup-health-check-scripts.sh` (optional)
 ### Step 3: configuring siad
 At this point we have almost everything running, we just need to set up your wallet and allowance:
 1. Create a new wallet (remember to save the seed)
   > `docker exec -it sia siac wallet init`
 1. Unlock the wallet (use the seed as password)
   > `docker exec -it sia siac wallet unlock`
 1. Generate a new wallet address (save it for later to transfer the funds)
   > `docker exec -it sia siac wallet address`
 1. Set up allowance
   > `docker exec -it sia siac renter setallowance`
   1. 10 KS (keep 25 KS in your wallet)
   1. default period
   1. default number of hosts
   1. 4 week renewal time
   1. 500 GB expected storage
   1. 500 GB expected upload
   1. 5 TB expected download
   1. default redundancy
 1. Set a maximum storage price
   > `docker exec -it sia siac renter setallowance --max-storage-price 100SC`
 1. Instruct siad to start making 10 contracts per block with many hosts to potentially view the whole network's files
   > `docker exec -it sia siac renter setallowance --payment-contract-initial-funding 10SC`
 ### Step 4: configuring docker services
 1. edit `/home/user/skynet-webportal/.env` and configure following environment variables
   - `PORTAL_DOMAIN` (required) is a skynet portal domain (ex. siasky.net)
   - `SERVER_DOMAIN` (optional) is an optional direct server domain (ex. eu-ger-1.siasky.net) - leave blank unless it is different than PORTAL_DOMAIN
   - `EMAIL_ADDRESS` is your email address used for communication regarding SSL certification (required if you're using http-01 challenge)
   - `SIA_WALLET_PASSWORD` is your wallet password (or seed if you did not set a password)
   - `HSD_API_KEY` this is a random security key for a handshake integration that gets generated automatically
   - `CLOUDFLARE_AUTH_TOKEN` (optional) if using cloudflare as dns loadbalancer (need to change it in Caddyfile too)
   - `AWS_ACCESS_KEY_ID` (optional) if using route53 as a dns loadbalancer
   - `AWS_SECRET_ACCESS_KEY` (optional) if using route53 as a dns loadbalancer
   - `DISCORD_WEBHOOK_URL` (required if using Discord notifications) discord webhook url (generate from discord app)
   - `DISCORD_MENTION_USER_ID` (optional) add `/cc @user` mention to important messages from webhook (has to be id not user name)
   - `DISCORD_MENTION_ROLE_ID` (optional) add `/cc @role` mention to important messages from webhook (has to be id not role name)
   - `SKYNET_DB_USER` (optional) if using `accounts` this is the MongoDB username
   - `SKYNET_DB_PASS` (optional) if using `accounts` this is the MongoDB password
   - `SKYNET_DB_HOST` (optional) if using `accounts` this is the MongoDB address or container name
   - `SKYNET_DB_PORT` (optional) if using `accounts` this is the MongoDB port
   - `COOKIE_DOMAIN` (optional) if using `accounts` this is the domain to which your cookies will be issued
   - `COOKIE_HASH_KEY` (optional) if using `accounts` hashing secret, at least 32 bytes
   - `COOKIE_ENC_KEY` (optional) if using `accounts` encryption key, at least 32 bytes
   - `S3_BACKUP_PATH` (optional) is using `accounts` and backing up the databases to S3. This path should be an S3 bucket
     with path to the location in the bucket where we want to store the daily backups.
 1. `docker-compose up -d` to restart the services so they pick up new env variables
 ## Subdomains
 It might prove useful for certain skapps to be accessible through a custom subdomain. So instead of being accessed through `https://portal.com/[skylink]`, it would be accessible through `https://[skylink_base32].portal.com`. We call this "subdomain access" and it is made possible by encoding Skylinks using a base32 encoding. We have to use a base32 encoding scheme because subdomains have to be all lower case and the base64 encoded Skylink is case sensitive and thus might contain uppercase characters.
 You can convert Skylinks using this [converter skapp](https://convert-skylink.hns.siasky.net). To see how the encoding and decoding works, please follow the link to the repo in the application itself.
 There is also an option to access handshake domain through the subdomain using `https://[domain_name].hns.portal.com`.
 To configure this on your portal, you have to make sure to configure the following:
 ## Useful Commands
 - Starting the whole stack
  > `docker-compose up -d`
 - Stopping the whole stack
  > `docker-compose down`
 - Accessing siac
  > `docker exec -it sia siac`
 - Portal maintenance
  - Pulling portal out for maintenance
    > `scripts/portal-down.sh`
  - Putting portal back into place after maintenance
    > `scripts/portal-up.sh`
  - Upgrading portal containers (takes care of pulling it and putting it back)
    > `scripts/portal-upgrade.sh`
 - Restarting caddy gracefully after making changes to Caddyfile (no downtime)
  > `docker exec caddy caddy reload --config /etc/caddy/Caddyfile`
 - Restarting nginx gracefully after making changes to nginx configs (no downtime)
  > `docker exec nginx openresty -s reload`
 - Checking siad service logs (since last hour)
  > `docker logs --since 1h $(docker ps -q --filter "name=^sia$")`
 - Checking caddy logs (for example in case ssl certificate fails)
  > `docker logs caddy -f`
 - Checking nginx logs (nginx handles all communication to siad instances)
  > `tail -n 50 docker/data/nginx/logs/access.log` to follow last 50 lines of access log
  > `tail -n 50 docker/data/nginx/logs/error.log` to follow last 50 lines of error log
--- a/setup-scripts/blocklist-airtable.py
+++ b/setup-scripts/blocklist-airtable.py
@ -1,161 +0,0 @@
 #!/usr/bin/env python3
 from bot_utils import get_api_password, setup, send_msg
 from random import randint
 from time import sleep
 import traceback
 import os
 import sys
 import asyncio
 import requests
 import json
 from requests.auth import HTTPBasicAuth
 setup()
 AIRTABLE_API_KEY = os.getenv("AIRTABLE_API_KEY")
 AIRTABLE_BASE = os.getenv("AIRTABLE_BASE")
 AIRTABLE_TABLE = os.getenv("AIRTABLE_TABLE")
 AIRTABLE_FIELD = os.getenv("AIRTABLE_FIELD")
 # Check environment variables are defined
 for value in [AIRTABLE_API_KEY, AIRTABLE_BASE, AIRTABLE_TABLE, AIRTABLE_FIELD]:
    if not value:
        sys.exit("Configuration error: Missing AirTable environment variable.")
 async def run_checks():
    try:
        await block_skylinks_from_airtable()
    except:  # catch all exceptions
        trace = traceback.format_exc()
        await send_msg("```\n{}\n```".format(trace), force_notify=True)
 def exec(command):
    return os.popen(command).read().strip()
 async def block_skylinks_from_airtable():
    # Get sia IP before doing anything else. If this step fails we don't
    # need to continue with the execution of the script.
    ipaddress = exec(
        "docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' sia"
    )
    if ipaddress == "":
        print("Skyd IP could not be detected. Exiting.")
        return
    print("Pulling blocked skylinks from Airtable via api integration")
    headers = {"Authorization": "Bearer " + AIRTABLE_API_KEY}
    skylinks = []
    offset = None
    retry = 0
    while len(skylinks) == 0 or offset:
        print(
            "Requesting a batch of records from Airtable with "
            + (offset if offset else "empty")
            + " offset"
            + (" (retry " + str(retry) + ")" if retry else "")
        )
        query = "&".join(
            ["fields%5B%5D=" + AIRTABLE_FIELD, ("offset=" + offset) if offset else ""]
        )
        response = requests.get(
            "https://api.airtable.com/v0/"
            + AIRTABLE_BASE
            + "/"
            + AIRTABLE_TABLE
            + "?"
            + query,
            headers=headers,
        )
        # rate limited - sleep for 2-10 secs and retry (up to 100 times, ~10 minutes)
        # https://support.airtable.com/hc/en-us/articles/203313985-Public-REST-API
        # > 5 requests per second, per base
        if response.status_code == 429:
            if retry < 100:
                retry = retry + 1
                sleep(randint(1, 10))
                continue
            else:
                return await send_msg(
                    "Airtable: too many retries, aborting!", force_notify=True
                )
        retry = 0  # reset retry counter
        if response.status_code != 200:
            status_code = str(response.status_code)
            response_text = response.text or "empty response"
            message = (
                "Airtable blocklist integration responded with code "
                + status_code
                + ": "
                + response_text
            )
            return await send_msg(message, force_notify=False)
        data = response.json()
        if len(data["records"]) == 0:
            return print(
                "Airtable returned 0 records - make sure your configuration is correct"
            )
        skylinks = skylinks + [
            entry["fields"].get(AIRTABLE_FIELD, "") for entry in data["records"]
        ]
        skylinks = [
            skylink.strip() for skylink in skylinks if skylink
        ]  # filter empty skylinks, most likely empty rows, trim whitespace
        offset = data.get("offset")
    print(
        "Sending /skynet/blocklist request with "
        + str(len(skylinks))
        + " skylinks to siad"
    )
    response = requests.post(
        "http://" + ipaddress + ":9980/skynet/blocklist",
        data=json.dumps({"add": skylinks}),
        headers={"User-Agent": "Sia-Agent"},
        auth=HTTPBasicAuth("", get_api_password()),
    )
    if response.status_code != 200:
        status_code = str(response.status_code)
        response_text = response.text or "empty response"
        message = (
            "Airtable blocklist request responded with code "
            + status_code
            + ": "
            + response_text
        )
        return await send_msg(message, force_notify=False)
    response_json = json.loads(response.text)
    invalid_skylinks = response_json["invalids"]
    if invalid_skylinks is None:
        return await send_msg("Blocklist successfully updated all skylinks")
    return await send_msg(
        "Blocklist responded ok but failed to update "
        + str(len(invalid_skylinks))
        + " skylinks: "
        + json.dumps(invalid_skylinks)
    )
 loop = asyncio.get_event_loop()
 loop.run_until_complete(run_checks())
 # --- BASH EQUIVALENT
 # skylinks=$(curl "https://api.airtable.com/v0/${AIRTABLE_BASE}/${AIRTABLE_TABLE}?fields%5B%5D=${AIRTABLE_FIELD}" -H "Authorization: Bearer ${AIRTABLE_KEY}" | python3 -c "import sys, json; print('[\"' + '\",\"'.join([entry['fields']['Link'] for entry in json.load(sys.stdin)['records']]) + '\"]')")
 # ipaddress=$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' sia)
 # curl --data "{\"add\" : ${skylinks}}" "${ipaddress}:8000/skynet/blocklist"
--- a/setup-scripts/health-checker.py
+++ b/setup-scripts/health-checker.py
@ -232,8 +232,7 @@ async def check_health():
        message += "{}/{} CRITICAL checks failed over the last {} hours! ".format(
            critical_checks_failed, critical_checks_total, CHECK_HOURS
        )
-        # Disabling as it creates notification fatigue.
+        force_notify = True
        # force_notify = True
    else:
        message += "All {} critical checks passed. ".format(critical_checks_total)
@ -241,8 +240,7 @@ async def check_health():
        message += "{}/{} extended checks failed over the last {} hours! ".format(
            extended_checks_failed, extended_checks_total, CHECK_HOURS
        )
-        # Disabling as it creates notification fatigue.
+        force_notify = True
        # force_notify = True
    else:
        message += "All {} extended checks passed. ".format(extended_checks_total)
--- a/setup-scripts/logrotate.d/skynet-webportal-nginx
+++ b/setup-scripts/logrotate.d/skynet-webportal-nginx
@ -0,0 +1,16 @@
 /home/user/skynet-webportal/docker/data/nginx/logs/*.log {
    daily
    rotate 3650
    minsize 500M
    create 644 root root
    notifempty
    dateext
    missingok
    compress
    compressoptions --best
    delaycompress
    sharedscripts
    postrotate
        docker exec nginx nginx -s reopen
    endscript
 }
--- a/setup-scripts/logrotate.d/skynet-webportal-pinner
+++ b/setup-scripts/logrotate.d/skynet-webportal-pinner
@ -0,0 +1,11 @@
 /home/user/skynet-webportal/docker/data/pinner/*.log {
    daily
    rotate 10
    minsize 100M
    copytruncate
    notifempty
    dateext
    missingok
    compress
    compressoptions --best
 }
--- a/setup-scripts/logrotate.d/skynet-webportal-skyd
+++ b/setup-scripts/logrotate.d/skynet-webportal-skyd
@ -0,0 +1,12 @@
 /home/user/skynet-webportal/docker/data/sia/*.log 
 /home/user/skynet-webportal/docker/data/sia/*/*.log {
    daily
    rotate 10
    minsize 100M
    copytruncate
    notifempty
    dateext
    missingok
    compress
    compressoptions --best
 }
--- a/setup-scripts/setup-docker-services.sh
+++ b/setup-scripts/setup-docker-services.sh
@ -1,48 +0,0 @@
 #! /usr/bin/env bash
 set -e # exit on first error
 # Install docker (cleans up old docker installation)
 # sudo apt-get remove -y docker docker-engine docker.io containerd runc # fails if it is the first installation
 sudo apt-get update
 sudo apt-get install -y apt-transport-https ca-certificates curl gnupg-agent software-properties-common
 curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
 sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
 sudo apt-get update
 sudo apt-get install -y docker-ce docker-ce-cli containerd.io
 docker --version # sanity check
 # add user to docker group to avoid having to use sudo for every docker command
 sudo usermod -aG docker user
 # Install docker-compose
 sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
 sudo chmod +x /usr/local/bin/docker-compose
 docker-compose --version # sanity check
 # Create dummy .env file for docker-compose usage with variables
 # * PORTAL_DOMAIN - (required) is a skynet portal domain (ex. siasky.net)
 # * SERVER_DOMAIN - (optional) is an optional direct server domain (ex. eu-ger-1.siasky.net) - leave blank unless it is different than PORTAL_DOMAIN
 # * EMAIL_ADDRESS - this is the administrator contact email you need to supply for communication regarding SSL certification
 # * HSD_API_KEY - this is auto generated secure key for your handshake service integration
 # * CLOUDFLARE_AUTH_TOKEN - (optional) if using cloudflare as dns loadbalancer (need to change it in Caddyfile too)
 # * AWS_ACCESS_KEY_ID - (optional) if using route53 as a dns loadbalancer
 # * AWS_SECRET_ACCESS_KEY - (optional) if using route53 as a dns loadbalancer
 # * API_PORT - (optional) the port on which siad is listening, defaults to 9980
 # * DISCORD_WEBHOOK_URL - (required if using Discord notifications) discord webhook url (generate from discord app)
 # * DISCORD_MENTION_USER_ID - (optional) add `/cc @user` mention to important messages from webhook (has to be id not user name)
 # * DISCORD_MENTION_ROLE_ID - (optional) add `/cc @role` mention to important messages from webhook (has to be id not role name)
 # * SKYNET_DB_USER - (optional) if using `accounts` this is the MongoDB username
 # * SKYNET_DB_PASS - (optional) if using `accounts` this is the MongoDB password
 # * SKYNET_DB_HOST - (optional) if using `accounts` this is the MongoDB address or container name
 # * SKYNET_DB_PORT - (optional) if using `accounts` this is the MongoDB port
 # * COOKIE_DOMAIN - (optional) if using `accounts` this is the domain to which your cookies will be issued
 # * COOKIE_HASH_KEY - (optional) if using `accounts` hashing secret, at least 32 bytes
 # * COOKIE_ENC_KEY - (optional) if using `accounts` encryption key, at least 32 bytes
 if ! [ -f /home/user/skynet-webportal/.env ]; then
    HSD_API_KEY=$(openssl rand -base64 32) # generate safe random key for handshake
    printf "PORTAL_DOMAIN=siasky.net\nSERVER_DOMAIN=\nEMAIL_ADDRESS=email@example.com\nSIA_WALLET_PASSWORD=\nHSD_API_KEY=${HSD_API_KEY}\nCLOUDFLARE_AUTH_TOKEN=\nAWS_ACCESS_KEY_ID=\nAWS_SECRET_ACCESS_KEY=\nDISCORD_WEBHOOK_URL=\nDISCORD_MENTION_USER_ID=\nDISCORD_MENTION_ROLE_ID=\n" > /home/user/skynet-webportal/.env
 fi
 # Start docker container with nginx and client
 docker-compose -f docker-compose.yml up --build -d
--- a/setup-scripts/setup-health-check-scripts.sh
+++ b/setup-scripts/setup-health-check-scripts.sh
@ -1,11 +0,0 @@
 #! /usr/bin/env bash
 set -e # exit on first error
 sudo apt-get update
 sudo apt-get -y install python3-pip
 pip3 install discord-webhook python-dotenv requests elasticsearch-curator
 # add cron entries to user crontab
 crontab -u user /home/user/skynet-webportal/setup-scripts/support/crontab
--- a/setup-scripts/setup-server.sh
+++ b/setup-scripts/setup-server.sh
@ -1,48 +0,0 @@
 #! /usr/bin/env bash
 set -e # exit on first error
 # Copy over basic configuration files
 cp /home/user/skynet-webportal/setup-scripts/support/tmux.conf /home/user/.tmux.conf
 cp /home/user/skynet-webportal/setup-scripts/support/bashrc /home/user/.bashrc
 source /home/user/.bashrc
 # Add SSH keys and set SSH configs
 sudo cp /home/user/skynet-webportal/setup-scripts/support/ssh_config /etc/ssh/ssh_config
 mkdir -p /home/user/.ssh
 # cat /home/user/skynet-webportal/setup-scripts/support/authorized_keys >> /home/user/.ssh/authorized_keys
 # Install apt packages
 sudo apt-get update
 sudo apt-get -y install ufw tmux ranger htop nload gcc g++ make git vim unzip curl awscli
 # Setup GIT credentials (so commands like git stash would work)
 git config --global user.email "devs@nebulous.tech"
 git config --global user.name "Sia Dev"
 # Setup firewall
 sudo ufw --force enable # --force to make it non-interactive
 sudo ufw logging low # enable logging for debugging purpose: tail -f /var/log/ufw.log
 sudo ufw allow ssh # allow ssh connection to server
 sudo ufw allow 80,443/tcp # allow http and https ports
 # Block outgoing traffic to local networks
 # https://community.hetzner.com/tutorials/block-outgoing-traffic-to-private-networks
 sudo ufw deny out from any to 10.0.0.0/8
 sudo ufw deny out from any to 172.16.0.0/12
 sudo ufw deny out from any to 192.168.0.0/16
 sudo ufw deny out from any to 100.64.0.0/10
 sudo ufw deny out from any to 198.18.0.0/15
 sudo ufw deny out from any to 169.254.0.0/16
 # OPTIONAL: terminfo for alacritty terminal via ssh
 # If you don't use the alacritty terminal you can remove this step.
 wget -c https://raw.githubusercontent.com/alacritty/alacritty/master/extra/alacritty.info
 sudo tic -xe alacritty,alacritty-direct alacritty.info
 rm alacritty.info
 # Set up file limits - siad uses a lot so we need to adjust so it doesn't choke up
 sudo cp /home/user/skynet-webportal/setup-scripts/support/limits.conf /etc/security/limits.conf
 # Set UTC timezone so all of the servers report the same time
 sudo timedatectl set-timezone UTC
--- a/setup-scripts/support/authorized_keys
+++ b/setup-scripts/support/authorized_keys
@ -6,6 +6,5 @@ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG67M3zC4eDJEjma0iKKksGclteKbB86ONQtBaWY93M6
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF+XC8f0dumhzDE93i9IIMsMp7/MJPwGH+Uc9JFKOvyw karol@siasky.net
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPM43lzbKjFLChe5rKETxDpWpNlqXCGTBPiWlDN2vlLD pj@siasky.net
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN6Kcx8yetova4/ALUQHigo/PBMJO33ZTKOsg2jxSO2a user@deploy.siasky.dev
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDcenWnMQ6q/OEC4ZmQgjLDV2obWlR3fENV0zRGFvJF+ marcins@siasky.net
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB7prtVOTwtcSN9HkXum107RwcW5H8Vggx6Qv7T57ItT daniel@siasky.net
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH+4IrfEM9H16jqvPZncHkWWoHO4/BVq7d4pEyzK4e0W michal.leszczyk@skynetlabs.com
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHptEpqs57lhnHkfa+0SQgXQ4A63/YGV2cNTcGMQW+Jt david@skynetlabs.com
--- a/setup-scripts/support/crontab
+++ b/setup-scripts/support/crontab
@ -1,7 +1,6 @@
 0 0,8,16 * * * /home/user/skynet-webportal/setup-scripts/funds-checker.py /home/user/skynet-webportal/.env
 0 0,8,16 * * * /home/user/skynet-webportal/setup-scripts/log-checker.py /home/user/skynet-webportal/.env sia 8
 0 * * * * /home/user/skynet-webportal/setup-scripts/health-checker.py /home/user/skynet-webportal/.env sia 1
 30 */4 * * * /home/user/skynet-webportal/setup-scripts/blocklist-airtable.py /home/user/skynet-webportal/.env
 44 5 * * * /home/user/skynet-webportal/scripts/backup-aws-s3.sh 1>>/home/user/skynet-webportal/logs/backup-aws-s3.log 2>>/home/user/skynet-webportal/logs/backup-aws-s3.log
 6 13 * * * /home/user/skynet-webportal/scripts/db_backup.sh 1>>/home/user/skynet-webportal/logs/db_backup.log 2>>/home/user/skynet-webportal/logs/db_backup.log
-0 5 * * * /home/user/skynet-webportal/scripts/es_cleaner.py 1 http://localhost:9200
+0 5 * * * /usr/bin/docker run --rm --net=host -e ROLLOVER=true jaegertracing/jaeger-es-index-cleaner:latest 1 http://localhost:9200