From 896599aa57028e8a62495244800068392caac0f6 Mon Sep 17 00:00:00 2001
From: Zoltan Papp <zoltan.pmail@gmail.com>
Date: Wed, 6 Mar 2024 11:38:08 +0100
Subject: [PATCH] Implement API response cache (#1645)

Apply peer validator cache mechanism

---------

Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
Co-authored-by: Yury Gargay <yury.gargay@gmail.com>
Co-authored-by: Viktor Liu <viktor@netbird.io>
Co-authored-by: Bethuel Mmbaga <bethuelmbaga12@gmail.com>
Co-authored-by: pascal-fischer <32096965+pascal-fischer@users.noreply.github.com>
Co-authored-by: Misha Bragin <bangvalo@gmail.com>
---
 .github/ISSUE_TEMPLATE/bug-issue-report.md    |    2 +-
 .../workflows/test-infrastructure-files.yml   |    9 +-
 .golangci.yaml                                |    9 +
 .goreleaser_ui.yaml                           |    4 +-
 README.md                                     |   31 +-
 client/cmd/testutil.go                        |    5 +-
 client/internal/auth/oauth.go                 |    2 +-
 client/internal/dns/file_linux.go             |   27 +-
 client/internal/dns/file_parser_linux.go      |   63 ++
 client/internal/dns/file_parser_linux_test.go |  130 +++
 client/internal/dns/host_linux.go             |    2 +-
 client/internal/dns/resolvconf_linux.go       |    4 +-
 client/internal/engine_test.go                |   14 +-
 client/ui/client_ui.go                        |   92 +-
 client/ui/netbird-systemtray-connected.ico    |  Bin 4452 -> 5139 bytes
 client/ui/netbird-systemtray-connected.png    |  Bin 7251 -> 9105 bytes
 client/ui/netbird-systemtray-default.ico      |  Bin 2876 -> 0 bytes
 client/ui/netbird-systemtray-default.png      |  Bin 4938 -> 0 bytes
 client/ui/netbird-systemtray-disconnected.ico |  Bin 0 -> 5167 bytes
 client/ui/netbird-systemtray-disconnected.png |  Bin 0 -> 9258 bytes
 .../netbird-systemtray-update-connected.ico   |  Bin 0 -> 7678 bytes
 .../netbird-systemtray-update-connected.png   |  Bin 0 -> 11471 bytes
 ...netbird-systemtray-update-disconnected.ico |  Bin 0 -> 7966 bytes
 ...netbird-systemtray-update-disconnected.png |  Bin 0 -> 11929 bytes
 client/ui/netbird-systemtray-update.ico       |  Bin 4726 -> 0 bytes
 client/ui/netbird-systemtray-update.png       |  Bin 7521 -> 0 bytes
 go.mod                                        |    2 +-
 go.sum                                        |    4 +-
 iface/netstack/tun.go                         |    2 +-
 infrastructure_files/download-geolite2.sh     |   11 +-
 .../getting-started-with-zitadel.sh           |   26 +-
 infrastructure_files/management.json.tmpl     |    7 +
 infrastructure_files/nginx.tmpl.conf          |    1 +
 management/client/client_test.go              |   18 +-
 management/client/grpc.go                     |   10 +-
 management/cmd/management.go                  |   11 +-
 management/proto/management.pb.go             | 1000 +++++++++--------
 management/proto/management.proto             |    9 +
 management/server/account.go                  |   20 +-
 management/server/account_test.go             |   13 +-
 management/server/activity/event.go           |    2 +-
 management/server/geolocation/database.go     |  210 ++++
 management/server/geolocation/geolocation.go  |   32 +-
 management/server/geolocation/store.go        |   31 +-
 management/server/geolocation/utils.go        |  176 +++
 management/server/grpcserver.go               |    4 +
 management/server/http/api/openapi.yml        |   34 +-
 management/server/http/api/types.gen.go       |   40 +-
 .../http/middleware/auth_middleware_test.go   |    5 +-
 .../server/http/middleware/bypass/bypass.go   |   43 +-
 .../http/middleware/bypass/bypass_test.go     |   30 +-
 .../server/http/posture_checks_handler.go     |   36 +-
 .../http/posture_checks_handler_test.go       |   69 +-
 management/server/idp/auth0.go                |   76 +-
 .../server/integrated_approval/interface.go   |    3 +-
 management/server/management_test.go          |    8 +-
 management/server/mock_server/account_mock.go |   12 +-
 management/server/peer.go                     |   20 +-
 management/server/peer/peer.go                |   20 +-
 management/server/posture/checks.go           |   32 +-
 management/server/posture/checks_test.go      |    2 +-
 management/server/posture/network.go          |   16 +-
 management/server/posture/network_test.go     |   28 +-
 management/server/scheduler.go                |   59 +-
 management/server/scheduler_test.go           |   20 +-
 management/server/user.go                     |   19 +-
 management/server/user_test.go                |    3 +-
 signal/client/grpc.go                         |    7 +-
 signal/cmd/run.go                             |    6 +-
 69 files changed, 1799 insertions(+), 772 deletions(-)
 delete mode 100644 client/ui/netbird-systemtray-default.ico
 delete mode 100644 client/ui/netbird-systemtray-default.png
 create mode 100644 client/ui/netbird-systemtray-disconnected.ico
 create mode 100644 client/ui/netbird-systemtray-disconnected.png
 create mode 100644 client/ui/netbird-systemtray-update-connected.ico
 create mode 100644 client/ui/netbird-systemtray-update-connected.png
 create mode 100644 client/ui/netbird-systemtray-update-disconnected.ico
 create mode 100644 client/ui/netbird-systemtray-update-disconnected.png
 delete mode 100644 client/ui/netbird-systemtray-update.ico
 delete mode 100644 client/ui/netbird-systemtray-update.png
 create mode 100644 management/server/geolocation/database.go
 create mode 100644 management/server/geolocation/utils.go

diff --git a/.github/ISSUE_TEMPLATE/bug-issue-report.md b/.github/ISSUE_TEMPLATE/bug-issue-report.md
index 1c63eeaee..0aa6cd77e 100644
--- a/.github/ISSUE_TEMPLATE/bug-issue-report.md
+++ b/.github/ISSUE_TEMPLATE/bug-issue-report.md
@@ -2,7 +2,7 @@
 name: Bug/Issue report
 about: Create a report to help us improve
 title: ''
-labels: ['triage']
+labels: ['triage-needed']
 assignees: ''
 
 ---
diff --git a/.github/workflows/test-infrastructure-files.yml b/.github/workflows/test-infrastructure-files.yml
index e1261dabc..ee9739e09 100644
--- a/.github/workflows/test-infrastructure-files.yml
+++ b/.github/workflows/test-infrastructure-files.yml
@@ -162,6 +162,13 @@ jobs:
           test $count -eq 4
         working-directory: infrastructure_files/artifacts
 
+      - name: test geolocation databases
+        working-directory: infrastructure_files/artifacts
+        run: |
+          sleep 30
+          docker compose exec management ls -l /var/lib/netbird/ | grep -i GeoLite2-City.mmdb
+          docker compose exec management ls -l /var/lib/netbird/ | grep -i geonames.db
+
   test-getting-started-script:
     runs-on: ubuntu-latest
     steps:
@@ -199,6 +206,6 @@ jobs:
       - name: test script
         run: bash -x infrastructure_files/download-geolite2.sh
       - name: test mmdb file exists
-        run: ls -l GeoLite2-City_*/GeoLite2-City.mmdb
+        run: test -f GeoLite2-City.mmdb
       - name: test geonames file exists
         run: test -f geonames.db
diff --git a/.golangci.yaml b/.golangci.yaml
index 757a60a39..3c5f4d5b8 100644
--- a/.golangci.yaml
+++ b/.golangci.yaml
@@ -63,6 +63,14 @@ linters-settings:
     enable:
       - nilness
 
+  revive:
+    rules:
+      - name: exported
+        severity: warning
+        disabled: false
+        arguments:
+          - "checkPrivateReceivers"
+          - "sayRepetitiveInsteadOfStutters"
   tenv:
     # The option `all` will run against whole test files (`_test.go`) regardless of method/function signatures.
     # Otherwise, only methods that take `*testing.T`, `*testing.B`, and `testing.TB` as arguments are checked.
@@ -93,6 +101,7 @@ linters:
     - nilerr # finds the code that returns nil even if it checks that the error is not nil
     - nilnil # checks that there is no simultaneous return of nil error and an invalid value
     - predeclared # predeclared finds code that shadows one of Go's predeclared identifiers
+    - revive # Fast, configurable, extensible, flexible, and beautiful linter for Go. Drop-in replacement of golint.
     - sqlclosecheck # checks that sql.Rows and sql.Stmt are closed
     - thelper # thelper detects Go test helpers without t.Helper() call and checks the consistency of test helpers.
     - wastedassign # wastedassign finds wasted assignment statements
diff --git a/.goreleaser_ui.yaml b/.goreleaser_ui.yaml
index 66a22ee34..b13085e86 100644
--- a/.goreleaser_ui.yaml
+++ b/.goreleaser_ui.yaml
@@ -54,7 +54,7 @@ nfpms:
     contents:
       - src: client/ui/netbird.desktop
         dst: /usr/share/applications/netbird.desktop
-      - src: client/ui/netbird-systemtray-default.png
+      - src: client/ui/netbird-systemtray-connected.png
         dst: /usr/share/pixmaps/netbird.png
     dependencies:
       - netbird
@@ -71,7 +71,7 @@ nfpms:
     contents:
       - src: client/ui/netbird.desktop
         dst: /usr/share/applications/netbird.desktop
-      - src: client/ui/netbird-systemtray-default.png
+      - src: client/ui/netbird-systemtray-connected.png
         dst: /usr/share/pixmaps/netbird.png
     dependencies:
       - netbird
diff --git a/README.md b/README.md
index 192377f06..0fa0a7dd2 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 <p align="center">
- <strong>:hatching_chick: New Release! Self-hosting in under 5 min.</strong>
-  <a href="https://github.com/netbirdio/netbird#quickstart-with-self-hosted-netbird">
+ <strong>:hatching_chick: New Release! Device Posture Checks.</strong>
+  <a href="https://docs.netbird.io/how-to/manage-posture-checks">
        Learn more
      </a>   
 </p>
@@ -42,25 +42,22 @@
 
 **Secure.** NetBird enables secure remote access by applying granular access policies, while allowing you to manage them intuitively from a single place. Works universally on any infrastructure.
 
-### Secure peer-to-peer VPN with SSO and MFA in minutes
+### Open-Source Network Security in a Single Platform
 
-https://user-images.githubusercontent.com/700848/197345890-2e2cded5-7b7a-436f-a444-94e80dd24f46.mov
+![download (2)](https://github.com/netbirdio/netbird/assets/700848/16210ac2-7265-44c1-8d4e-8fae85534dac)
 
 ### Key features
 
-| Connectivity                             	                                                                                      | Management                                 	                             | Automation                                    	                            | Platforms    	                        |
-|---------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------|----------------------------------------------------------------------------|---------------------------------------|
-| <ul><li> - \[x] Kernel WireGuard </ul></li>                   	                                                                 | <ul><li> - \[x] [Admin Web UI](https://github.com/netbirdio/dashboard) </ul></li>                           	      | <ul><li> - \[x] [Public API](https://docs.netbird.io/api) </ul></li>                                	     | <ul><li> - \[x] Linux </ul></li>    	 |
-| <ul><li> - \[x] Peer-to-peer connections </ul></li>             	                                                               | <ul><li> - \[x] Auto peer discovery and configuration </ul></li>  	      | <ul><li> - \[x] [Setup keys for bulk network provisioning](https://docs.netbird.io/how-to/register-machines-using-setup-keys) </ul></li>  	     | <ul><li> - \[x] Mac </ul></li>      	 |
-| <ul><li> - \[x] Peer-to-peer encryption </ul></li>              	                                                               | <ul><li> - \[x] [IdP integrations](https://docs.netbird.io/selfhosted/identity-providers) </ul></li>                       	      | <ul><li> - \[x] [Self-hosting quickstart script](https://docs.netbird.io/selfhosted/selfhosted-quickstart) </ul></li>              	 | <ul><li> - \[x] Windows </ul></li>  	 |
-| <ul><li> - \[x] Connection relay fallback </ul></li>            	                                                               | <ul><li> - \[x] [SSO & MFA support](https://docs.netbird.io/how-to/installation#running-net-bird-with-sso-login) </ul></li>                      	      | <ul><li> - \[x] IdP groups sync with JWT </ul></li> 	                      | <ul><li> - \[x] Android </ul></li>  	 |
-| <ul><li> - \[x] [Routes to external networks](https://docs.netbird.io/how-to/routing-traffic-to-private-networks) </ul></li>  	 | <ul><li> - \[x] [Access control - groups & rules](https://docs.netbird.io/how-to/manage-network-access) </ul></li>      	        | 	                                                                          | <ul><li> - \[x] iOS </ul></li>      	 |
-| <ul><li> - \[x] NAT traversal with BPF </ul></li>                                                                               | <ul><li> - \[x] [Private DNS](https://docs.netbird.io/how-to/manage-dns-in-your-network) </ul></li>                            	      | 	                                                                          | <ul><li> - \[x] Docker </ul></li>   	 |
-| <ul><li> - \[x] Post-quantum-secure connection through [Rosenpass](https://rosenpass.eu) </ul></li>                             | <ul><li> - \[x] [Multiuser support](https://docs.netbird.io/how-to/add-users-to-your-network) </ul></li>                      	      | 	                                                                          | <ul><li> - \[x] OpenWRT </ul></li>  	 |
-| 	                                                                                                                               | <ul><li> - \[x] [Activity logging](https://docs.netbird.io/how-to/monitor-system-and-network-activity) </ul></li>                       	      | 	                                                                          | 	                                     |
-| 	                                                                                                                               | <ul><li> - \[x] SSH access management </ul></li>                       	 | 	                                                                          | 	                                     |
-
-
+| Connectivity                                                                                                                 | Management                                                                                               | Security                                                                                                                              | Automation                                                                                                                               | Platforms                                                                               |
+|------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------|
+| <ul><li> - \[x] Kernel WireGuard </ul></li>                                                                                  | <ul><li> - \[x] [Admin Web UI](https://github.com/netbirdio/dashboard) </ul></li>                        | <ul><li> - \[x] [SSO & MFA support](https://docs.netbird.io/how-to/installation#running-net-bird-with-sso-login) </ul></li>           | <ul><li> - \[x] [Public API](https://docs.netbird.io/api) </ul></li>                                                                     | <ul><li> - \[x] Linux </ul></li>                                                        |
+| <ul><li> - \[x] Peer-to-peer connections </ul></li>                                                                          | <ul><li> - \[x] Auto peer discovery and configuration </ul></li>                                         | <ul><li> - \[x] [Access control - groups & rules](https://docs.netbird.io/how-to/manage-network-access) </ul></li>                    | <ul><li> - \[x] [Setup keys for bulk network provisioning](https://docs.netbird.io/how-to/register-machines-using-setup-keys) </ul></li> | <ul><li> - \[x] Mac </ul></li>                                                          |
+| <ul><li> - \[x] Connection relay fallback </ul></li>                                                                         | <ul><li> - \[x] [IdP integrations](https://docs.netbird.io/selfhosted/identity-providers) </ul></li>     | <ul><li> - \[x] [Activity logging](https://docs.netbird.io/how-to/monitor-system-and-network-activity) </ul></li>                     | <ul><li> - \[x] [Self-hosting quickstart script](https://docs.netbird.io/selfhosted/selfhosted-quickstart) </ul></li>                    | <ul><li> - \[x] Windows </ul></li>                                                      |
+| <ul><li> - \[x] [Routes to external networks](https://docs.netbird.io/how-to/routing-traffic-to-private-networks) </ul></li> | <ul><li> - \[x] [Private DNS](https://docs.netbird.io/how-to/manage-dns-in-your-network) </ul></li>      | <ul><li> - \[x] [Device posture checks](https://docs.netbird.io/how-to/manage-posture-checks) </ul></li>                              | <ul><li> - \[x] IdP groups sync with JWT </ul></li>                                                                                      | <ul><li> - \[x] Android </ul></li>                                                      |
+| <ul><li> - \[x] NAT traversal with BPF </ul></li>                                                                            | <ul><li> - \[x] [Multiuser support](https://docs.netbird.io/how-to/add-users-to-your-network) </ul></li> | <ul><li> -  \[x] Peer-to-peer encryption </ul></li>                                                                                   |                                                                                                                                          | <ul><li> - \[x] iOS </ul></li>                                                          |
+|                                                                                                                              |                                                                                                          | <ul><li> - \[x] [Quantum-resistance with Rosenpass](https://netbird.io/knowledge-hub/the-first-quantum-resistant-mesh-vpn) </ul></li> |                                                                                                                                          | <ul><li> - \[x] OpenWRT </ul></li>                                                      |
+|                                                                                                                              |                                                                                                          | <ui><li> - \[x] [Periodic re-authentication](https://docs.netbird.io/how-to/enforce-periodic-user-authentication)</ul></li>           |                                                                                                                                          | <ul><li> - \[x] [Serverless](https://docs.netbird.io/how-to/netbird-on-faas) </ul></li> |
+|                                                                                                                              |                                                                                                          |                                                                                                                                       |                                                                                                                                          | <ul><li> - \[x] Docker </ul></li>                                                       |
 ### Quickstart with NetBird Cloud
 
 - Download and install NetBird at [https://app.netbird.io/install](https://app.netbird.io/install)
diff --git a/client/cmd/testutil.go b/client/cmd/testutil.go
index 40fd86f1d..13a434c7d 100644
--- a/client/cmd/testutil.go
+++ b/client/cmd/testutil.go
@@ -76,10 +76,7 @@ func startManagement(t *testing.T, config *mgmt.Config) (*grpc.Server, net.Liste
 
 	peersUpdateManager := mgmt.NewPeersUpdateManager(nil)
 	eventStore := &activity.InMemoryEventStore{}
-	if err != nil {
-		return nil, nil
-	}
-	iv := integrations.NewIntegratedApproval()
+	iv, _ := integrations.NewIntegratedApproval(eventStore)
 	accountManager, err := mgmt.BuildManager(store, peersUpdateManager, nil, "", "", eventStore, nil, false, iv)
 	if err != nil {
 		t.Fatal(err)
diff --git a/client/internal/auth/oauth.go b/client/internal/auth/oauth.go
index 23bde2be2..7467584a3 100644
--- a/client/internal/auth/oauth.go
+++ b/client/internal/auth/oauth.go
@@ -26,7 +26,7 @@ type HTTPClient interface {
 }
 
 // AuthFlowInfo holds information for the OAuth 2.0  authorization flow
-type AuthFlowInfo struct {
+type AuthFlowInfo struct { //nolint:revive
 	DeviceCode              string `json:"device_code"`
 	UserCode                string `json:"user_code"`
 	VerificationURI         string `json:"verification_uri"`
diff --git a/client/internal/dns/file_linux.go b/client/internal/dns/file_linux.go
index c62da7016..b427a30e1 100644
--- a/client/internal/dns/file_linux.go
+++ b/client/internal/dns/file_linux.go
@@ -8,6 +8,7 @@ import (
 	"net/netip"
 	"os"
 	"strings"
+	"time"
 
 	log "github.com/sirupsen/logrus"
 )
@@ -23,10 +24,16 @@ const (
 	fileMaxNumberOfSearchDomains = 6
 )
 
+const (
+	dnsFailoverTimeout  = 4 * time.Second
+	dnsFailoverAttempts = 1
+)
+
 type fileConfigurator struct {
 	repair *repair
 
-	originalPerms os.FileMode
+	originalPerms  os.FileMode
+	nbNameserverIP string
 }
 
 func newFileConfigurator() (hostManager, error) {
@@ -64,7 +71,7 @@ func (f *fileConfigurator) applyDNSConfig(config HostDNSConfig) error {
 	}
 
 	nbSearchDomains := searchDomains(config)
-	nbNameserverIP := config.ServerIP
+	f.nbNameserverIP = config.ServerIP
 
 	resolvConf, err := parseBackupResolvConf()
 	if err != nil {
@@ -73,11 +80,11 @@ func (f *fileConfigurator) applyDNSConfig(config HostDNSConfig) error {
 
 	f.repair.stopWatchFileChanges()
 
-	err = f.updateConfig(nbSearchDomains, nbNameserverIP, resolvConf)
+	err = f.updateConfig(nbSearchDomains, f.nbNameserverIP, resolvConf)
 	if err != nil {
 		return err
 	}
-	f.repair.watchFileChanges(nbSearchDomains, nbNameserverIP)
+	f.repair.watchFileChanges(nbSearchDomains, f.nbNameserverIP)
 	return nil
 }
 
@@ -85,10 +92,11 @@ func (f *fileConfigurator) updateConfig(nbSearchDomains []string, nbNameserverIP
 	searchDomainList := mergeSearchDomains(nbSearchDomains, cfg.searchDomains)
 	nameServers := generateNsList(nbNameserverIP, cfg)
 
+	options := prepareOptionsWithTimeout(cfg.others, int(dnsFailoverTimeout.Seconds()), dnsFailoverAttempts)
 	buf := prepareResolvConfContent(
 		searchDomainList,
 		nameServers,
-		cfg.others)
+		options)
 
 	log.Debugf("creating managed file %s", defaultResolvConfPath)
 	err := os.WriteFile(defaultResolvConfPath, buf.Bytes(), f.originalPerms)
@@ -131,7 +139,12 @@ func (f *fileConfigurator) backup() error {
 }
 
 func (f *fileConfigurator) restore() error {
-	err := copyFile(fileDefaultResolvConfBackupLocation, defaultResolvConfPath)
+	err := removeFirstNbNameserver(fileDefaultResolvConfBackupLocation, f.nbNameserverIP)
+	if err != nil {
+		log.Errorf("Failed to remove netbird nameserver from %s on backup restore: %s", fileDefaultResolvConfBackupLocation, err)
+	}
+
+	err = copyFile(fileDefaultResolvConfBackupLocation, defaultResolvConfPath)
 	if err != nil {
 		return fmt.Errorf("restoring %s from %s: %w", defaultResolvConfPath, fileDefaultResolvConfBackupLocation, err)
 	}
@@ -157,7 +170,7 @@ func (f *fileConfigurator) restoreUncleanShutdownDNS(storedDNSAddress *netip.Add
 	currentDNSAddress, err := netip.ParseAddr(resolvConf.nameServers[0])
 	// not a valid first nameserver -> restore
 	if err != nil {
-		log.Errorf("restoring unclean shutdown: parse dns address %s failed: %s", resolvConf.nameServers[1], err)
+		log.Errorf("restoring unclean shutdown: parse dns address %s failed: %s", resolvConf.nameServers[0], err)
 		return restoreResolvConfFile()
 	}
 
diff --git a/client/internal/dns/file_parser_linux.go b/client/internal/dns/file_parser_linux.go
index 95e1ddb54..02f6d03a5 100644
--- a/client/internal/dns/file_parser_linux.go
+++ b/client/internal/dns/file_parser_linux.go
@@ -5,6 +5,7 @@ package dns
 import (
 	"fmt"
 	"os"
+	"regexp"
 	"strings"
 
 	log "github.com/sirupsen/logrus"
@@ -14,6 +15,9 @@ const (
 	defaultResolvConfPath = "/etc/resolv.conf"
 )
 
+var timeoutRegex = regexp.MustCompile(`timeout:\d+`)
+var attemptsRegex = regexp.MustCompile(`attempts:\d+`)
+
 type resolvConf struct {
 	nameServers   []string
 	searchDomains []string
@@ -103,3 +107,62 @@ func parseResolvConfFile(resolvConfFile string) (*resolvConf, error) {
 	}
 	return rconf, nil
 }
+
+// prepareOptionsWithTimeout appends timeout to existing options if it doesn't exist,
+// otherwise it adds a new option with timeout and attempts.
+func prepareOptionsWithTimeout(input []string, timeout int, attempts int) []string {
+	configs := make([]string, len(input))
+	copy(configs, input)
+
+	for i, config := range configs {
+		if strings.HasPrefix(config, "options") {
+			config = strings.ReplaceAll(config, "rotate", "")
+			config = strings.Join(strings.Fields(config), " ")
+
+			if strings.Contains(config, "timeout:") {
+				config = timeoutRegex.ReplaceAllString(config, fmt.Sprintf("timeout:%d", timeout))
+			} else {
+				config = strings.Replace(config, "options ", fmt.Sprintf("options timeout:%d ", timeout), 1)
+			}
+
+			if strings.Contains(config, "attempts:") {
+				config = attemptsRegex.ReplaceAllString(config, fmt.Sprintf("attempts:%d", attempts))
+			} else {
+				config = strings.Replace(config, "options ", fmt.Sprintf("options attempts:%d ", attempts), 1)
+			}
+
+			configs[i] = config
+			return configs
+		}
+	}
+
+	return append(configs, fmt.Sprintf("options timeout:%d attempts:%d", timeout, attempts))
+}
+
+// removeFirstNbNameserver removes the given nameserver from the given file if it is in the first position
+// and writes the file back to the original location
+func removeFirstNbNameserver(filename, nameserverIP string) error {
+	resolvConf, err := parseResolvConfFile(filename)
+	if err != nil {
+		return fmt.Errorf("parse backup resolv.conf: %w", err)
+	}
+	content, err := os.ReadFile(filename)
+	if err != nil {
+		return fmt.Errorf("read %s: %w", filename, err)
+	}
+
+	if len(resolvConf.nameServers) > 1 && resolvConf.nameServers[0] == nameserverIP {
+		newContent := strings.Replace(string(content), fmt.Sprintf("nameserver %s\n", nameserverIP), "", 1)
+
+		stat, err := os.Stat(filename)
+		if err != nil {
+			return fmt.Errorf("stat %s: %w", filename, err)
+		}
+		if err := os.WriteFile(filename, []byte(newContent), stat.Mode()); err != nil {
+			return fmt.Errorf("write %s: %w", filename, err)
+		}
+
+	}
+
+	return nil
+}
diff --git a/client/internal/dns/file_parser_linux_test.go b/client/internal/dns/file_parser_linux_test.go
index 180ad2f9d..4263d4063 100644
--- a/client/internal/dns/file_parser_linux_test.go
+++ b/client/internal/dns/file_parser_linux_test.go
@@ -6,6 +6,8 @@ import (
 	"os"
 	"path/filepath"
 	"testing"
+
+	"github.com/stretchr/testify/assert"
 )
 
 func Test_parseResolvConf(t *testing.T) {
@@ -172,3 +174,131 @@ nameserver 192.168.0.1
 		t.Errorf("unexpected resolv.conf content: %v", cfg)
 	}
 }
+
+func TestPrepareOptionsWithTimeout(t *testing.T) {
+	tests := []struct {
+		name     string
+		others   []string
+		timeout  int
+		attempts int
+		expected []string
+	}{
+		{
+			name:     "Append new options with timeout and attempts",
+			others:   []string{"some config"},
+			timeout:  2,
+			attempts: 2,
+			expected: []string{"some config", "options timeout:2 attempts:2"},
+		},
+		{
+			name:     "Modify existing options to exclude rotate and include timeout and attempts",
+			others:   []string{"some config", "options rotate someother"},
+			timeout:  3,
+			attempts: 2,
+			expected: []string{"some config", "options attempts:2 timeout:3 someother"},
+		},
+		{
+			name:     "Existing options with timeout and attempts are updated",
+			others:   []string{"some config", "options timeout:4 attempts:3"},
+			timeout:  5,
+			attempts: 4,
+			expected: []string{"some config", "options timeout:5 attempts:4"},
+		},
+		{
+			name:     "Modify existing options, add missing attempts before timeout",
+			others:   []string{"some config", "options timeout:4"},
+			timeout:  4,
+			attempts: 3,
+			expected: []string{"some config", "options attempts:3 timeout:4"},
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			result := prepareOptionsWithTimeout(tc.others, tc.timeout, tc.attempts)
+			assert.Equal(t, tc.expected, result)
+		})
+	}
+}
+
+func TestRemoveFirstNbNameserver(t *testing.T) {
+	testCases := []struct {
+		name       string
+		content    string
+		ipToRemove string
+		expected   string
+	}{
+		{
+			name: "Unrelated nameservers with comments and options",
+			content: `# This is a comment
+options rotate
+nameserver 1.1.1.1
+# Another comment
+nameserver 8.8.4.4
+search example.com`,
+			ipToRemove: "9.9.9.9",
+			expected: `# This is a comment
+options rotate
+nameserver 1.1.1.1
+# Another comment
+nameserver 8.8.4.4
+search example.com`,
+		},
+		{
+			name: "First nameserver matches",
+			content: `search example.com
+nameserver 9.9.9.9
+# oof, a comment
+nameserver 8.8.4.4
+options attempts:5`,
+			ipToRemove: "9.9.9.9",
+			expected: `search example.com
+# oof, a comment
+nameserver 8.8.4.4
+options attempts:5`,
+		},
+		{
+			name: "Target IP not the first nameserver",
+			// nolint:dupword
+			content: `# Comment about the first nameserver
+nameserver 8.8.4.4
+# Comment before our target
+nameserver 9.9.9.9
+options timeout:2`,
+			ipToRemove: "9.9.9.9",
+			// nolint:dupword
+			expected: `# Comment about the first nameserver
+nameserver 8.8.4.4
+# Comment before our target
+nameserver 9.9.9.9
+options timeout:2`,
+		},
+		{
+			name: "Only nameserver matches",
+			content: `options debug
+nameserver 9.9.9.9
+search localdomain`,
+			ipToRemove: "9.9.9.9",
+			expected: `options debug
+nameserver 9.9.9.9
+search localdomain`,
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			tempDir := t.TempDir()
+			tempFile := filepath.Join(tempDir, "resolv.conf")
+			err := os.WriteFile(tempFile, []byte(tc.content), 0644)
+			assert.NoError(t, err)
+
+			err = removeFirstNbNameserver(tempFile, tc.ipToRemove)
+			assert.NoError(t, err)
+
+			content, err := os.ReadFile(tempFile)
+			assert.NoError(t, err)
+
+			assert.Equal(t, tc.expected, string(content), "The resulting content should match the expected output.")
+		})
+	}
+}
diff --git a/client/internal/dns/host_linux.go b/client/internal/dns/host_linux.go
index 37d8f704a..cb246bcfe 100644
--- a/client/internal/dns/host_linux.go
+++ b/client/internal/dns/host_linux.go
@@ -65,7 +65,7 @@ func newHostManager(wgInterface string) (hostManager, error) {
 		return nil, err
 	}
 
-	log.Debugf("discovered mode is: %s", osManager)
+	log.Infof("System DNS manager discovered: %s", osManager)
 	return newHostManagerFromType(wgInterface, osManager)
 }
 
diff --git a/client/internal/dns/resolvconf_linux.go b/client/internal/dns/resolvconf_linux.go
index b8f753e28..72db5faf1 100644
--- a/client/internal/dns/resolvconf_linux.go
+++ b/client/internal/dns/resolvconf_linux.go
@@ -53,10 +53,12 @@ func (r *resolvconf) applyDNSConfig(config HostDNSConfig) error {
 	searchDomainList := searchDomains(config)
 	searchDomainList = mergeSearchDomains(searchDomainList, r.originalSearchDomains)
 
+	options := prepareOptionsWithTimeout(r.othersConfigs, int(dnsFailoverTimeout.Seconds()), dnsFailoverAttempts)
+
 	buf := prepareResolvConfContent(
 		searchDomainList,
 		append([]string{config.ServerIP}, r.originalNameServers...),
-		r.othersConfigs)
+		options)
 
 	// create a backup for unclean shutdown detection before the resolv.conf is changed
 	if err := createUncleanShutdownIndicator(defaultResolvConfPath, resolvConfManager, config.ServerIP); err != nil {
diff --git a/client/internal/engine_test.go b/client/internal/engine_test.go
index ffcb8fabb..7b8509cc5 100644
--- a/client/internal/engine_test.go
+++ b/client/internal/engine_test.go
@@ -71,10 +71,10 @@ func TestEngine_SSH(t *testing.T) {
 	defer cancel()
 
 	engine := NewEngine(ctx, cancel, &signal.MockClient{}, &mgmt.MockClient{}, &EngineConfig{
-		WgIfaceName:  "utun101",
-		WgAddr:       "100.64.0.1/24",
-		WgPrivateKey: key,
-		WgPort:       33100,
+		WgIfaceName:      "utun101",
+		WgAddr:           "100.64.0.1/24",
+		WgPrivateKey:     key,
+		WgPort:           33100,
 		ServerSSHAllowed: true,
 	}, MobileDependency{}, peer.NewRecorder("https://mgm"))
 
@@ -1048,10 +1048,8 @@ func startManagement(dataDir string) (*grpc.Server, string, error) {
 
 	peersUpdateManager := server.NewPeersUpdateManager(nil)
 	eventStore := &activity.InMemoryEventStore{}
-	if err != nil {
-		return nil, "", err
-	}
-	accountManager, err := server.BuildManager(store, peersUpdateManager, nil, "", "", eventStore, nil, false, integrations.NewIntegratedApproval())
+	ia, _ := integrations.NewIntegratedApproval(eventStore)
+	accountManager, err := server.BuildManager(store, peersUpdateManager, nil, "", "", eventStore, nil, false, ia)
 	if err != nil {
 		return nil, "", err
 	}
diff --git a/client/ui/client_ui.go b/client/ui/client_ui.go
index d90156f56..e242a26db 100644
--- a/client/ui/client_ui.go
+++ b/client/ui/client_ui.go
@@ -61,7 +61,7 @@ func main() {
 
 	flag.Parse()
 
-	a := app.New()
+	a := app.NewWithID("NetBird")
 	a.SetIcon(fyne.NewStaticResource("netbird", iconDisconnectedPNG))
 
 	client := newServiceClient(daemonAddr, a, showSettings)
@@ -82,17 +82,23 @@ var iconConnectedICO []byte
 //go:embed netbird-systemtray-connected.png
 var iconConnectedPNG []byte
 
-//go:embed netbird-systemtray-default.ico
+//go:embed netbird-systemtray-disconnected.ico
 var iconDisconnectedICO []byte
 
-//go:embed netbird-systemtray-default.png
+//go:embed netbird-systemtray-disconnected.png
 var iconDisconnectedPNG []byte
 
-//go:embed netbird-systemtray-update.ico
-var iconUpdateICO []byte
+//go:embed netbird-systemtray-update-disconnected.ico
+var iconUpdateDisconnectedICO []byte
 
-//go:embed netbird-systemtray-update.png
-var iconUpdatePNG []byte
+//go:embed netbird-systemtray-update-disconnected.png
+var iconUpdateDisconnectedPNG []byte
+
+//go:embed netbird-systemtray-update-connected.ico
+var iconUpdateConnectedICO []byte
+
+//go:embed netbird-systemtray-update-connected.png
+var iconUpdateConnectedPNG []byte
 
 //go:embed netbird-systemtray-update-cloud.ico
 var iconUpdateCloudICO []byte
@@ -105,10 +111,11 @@ type serviceClient struct {
 	addr string
 	conn proto.DaemonServiceClient
 
-	icConnected    []byte
-	icDisconnected []byte
-	icUpdate       []byte
-	icUpdateCloud  []byte
+	icConnected          []byte
+	icDisconnected       []byte
+	icUpdateConnected    []byte
+	icUpdateDisconnected []byte
+	icUpdateCloud        []byte
 
 	// systray menu items
 	mStatus        *systray.MenuItem
@@ -123,9 +130,10 @@ type serviceClient struct {
 	mQuit          *systray.MenuItem
 
 	// application with main windows.
-	app          fyne.App
-	wSettings    fyne.Window
-	showSettings bool
+	app              fyne.App
+	wSettings        fyne.Window
+	showSettings     bool
+	sendNotification bool
 
 	// input elements for settings form
 	iMngURL       *widget.Entry
@@ -139,6 +147,7 @@ type serviceClient struct {
 	preSharedKey  string
 	adminURL      string
 
+	connected            bool
 	update               *version.Update
 	daemonVersion        string
 	updateIndicationLock sync.Mutex
@@ -150,9 +159,10 @@ type serviceClient struct {
 // This constructor also builds the UI elements for the settings window.
 func newServiceClient(addr string, a fyne.App, showSettings bool) *serviceClient {
 	s := &serviceClient{
-		ctx:  context.Background(),
-		addr: addr,
-		app:  a,
+		ctx:              context.Background(),
+		addr:             addr,
+		app:              a,
+		sendNotification: false,
 
 		showSettings: showSettings,
 		update:       version.NewUpdate(),
@@ -161,13 +171,15 @@ func newServiceClient(addr string, a fyne.App, showSettings bool) *serviceClient
 	if runtime.GOOS == "windows" {
 		s.icConnected = iconConnectedICO
 		s.icDisconnected = iconDisconnectedICO
-		s.icUpdate = iconUpdateICO
+		s.icUpdateConnected = iconUpdateConnectedICO
+		s.icUpdateDisconnected = iconUpdateDisconnectedICO
 		s.icUpdateCloud = iconUpdateCloudICO
 
 	} else {
 		s.icConnected = iconConnectedPNG
 		s.icDisconnected = iconDisconnectedPNG
-		s.icUpdate = iconUpdatePNG
+		s.icUpdateConnected = iconUpdateConnectedPNG
+		s.icUpdateDisconnected = iconUpdateDisconnectedPNG
 		s.icUpdateCloud = iconUpdateCloudPNG
 	}
 
@@ -367,9 +379,18 @@ func (s *serviceClient) updateStatus() error {
 		s.updateIndicationLock.Lock()
 		defer s.updateIndicationLock.Unlock()
 
+		// notify the user when the session has expired
+		if status.Status == string(internal.StatusNeedsLogin) {
+			s.onSessionExpire()
+		}
+
 		var systrayIconState bool
 		if status.Status == string(internal.StatusConnected) && !s.mUp.Disabled() {
-			if !s.isUpdateIconActive {
+			s.connected = true
+			s.sendNotification = true
+			if s.isUpdateIconActive {
+				systray.SetIcon(s.icUpdateConnected)
+			} else {
 				systray.SetIcon(s.icConnected)
 			}
 			systray.SetTooltip("NetBird (Connected)")
@@ -378,7 +399,10 @@ func (s *serviceClient) updateStatus() error {
 			s.mDown.Enable()
 			systrayIconState = true
 		} else if status.Status != string(internal.StatusConnected) && s.mUp.Disabled() {
-			if !s.isUpdateIconActive {
+			s.connected = false
+			if s.isUpdateIconActive {
+				systray.SetIcon(s.icUpdateDisconnected)
+			} else {
 				systray.SetIcon(s.icDisconnected)
 			}
 			systray.SetTooltip("NetBird (Disconnected)")
@@ -605,10 +629,30 @@ func (s *serviceClient) onUpdateAvailable() {
 	defer s.updateIndicationLock.Unlock()
 
 	s.mUpdate.Show()
-	s.mAbout.SetIcon(s.icUpdateCloud)
-
 	s.isUpdateIconActive = true
-	systray.SetIcon(s.icUpdate)
+
+	if s.connected {
+		systray.SetIcon(s.icUpdateConnected)
+	} else {
+		systray.SetIcon(s.icUpdateDisconnected)
+	}
+}
+
+// onSessionExpire sends a notification to the user when the session expires.
+func (s *serviceClient) onSessionExpire() {
+	if s.sendNotification {
+		title := "Connection session expired"
+		if runtime.GOOS == "darwin" {
+			title = "NetBird connection session expired"
+		}
+		s.app.SendNotification(
+			fyne.NewNotification(
+				title,
+				"Please re-authenticate to connect to the network",
+			),
+		)
+		s.sendNotification = false
+	}
 }
 
 func openURL(url string) error {
diff --git a/client/ui/netbird-systemtray-connected.ico b/client/ui/netbird-systemtray-connected.ico
index 621afce9fb2a65c34e68df372aaa6770ee98c8d0..80550aa37e20d9d134cda6c0cfdeb731f1765cfe 100644
GIT binary patch
literal 5139
zcmb_ghgTEZ*PR5AraX#-UX@5SGy#DJp;wg>qzMTi(xiwWodf|3y@L&qB8W%`y(dU7
zDn%tKRiz_EA(RmKhPS>y;Wt@XGwa-Y=bpRIKKq;m03hJ!<bnXA0F4U(VBqs(i>pRw
zSom4M$1^6z`c@~SCts#h;O$0W`7Hq8>Ne5WL4`j5JvHk0{rXeJ&0{esiJBJ<S5<s7
z-Ya{<Ah1@RF0IZc|1{0cTlu0-h75ifrZ^0{b73}$3-2nllFXejj1jd+&1)9x1~E{G
zLs+`W82_D5$-X^`1GPLkR`G=MR^nkF#Eyw?dV@>o`VK<(qJ9+s9RG_enZ1Gsshm2!
zF=e>al?^?^+C=~O6s~0@_z4nNl?86ne+^p2`!>bkeCUWdq?OsOtF`P)vXd08KomaK
z^SSeo6T_web0r0515}?E&91886^!u#NKoXrv@4Ar9&;7GbE+@9Z3f;(!sC#w;X{8x
zRL79``6|=d4_dPhNGDU3GDUZ{sJ#MNprm{D`H>;hq@eKf{>zW~^j~<6KChlW9xk{%
z?;Tp#H~Tz4P}%b^Ir^~%Fxayhi`eh9HH;(Prp-iN>Cr9M4DFtX!!-tcr>Y&euLF`?
z?XSKw2~DPRPT1h%0T+>ET9F+f8BCSiHDpqb|HXTaQMb@Z!0RyC6;k+VEqcA>`Xff*
zM!uuBZlRJoC9&qu4OZ@n=%IF(_`OrOH{o*ItWsM6lcORSuC#?uJ}qawenQB<#y={!
z5he4XBg5fxA(!YoINNU8n)QKOg|Z-(mg^@qI77StA-<Bm{Yh)*+jvK^24H%7LunV%
z7ZJ_{i{@FRf-b3m5dSNH*7*~O_Q>pww$x-Ov<tt|I9j{Kbepp5J4i+(XaG+uCV~XU
zI?us3m#)Rx;ipnUwi(q<l}PQ)sTwB{&{<m=z)7U8>8p<(ZKJP$*Hx_^5jxuc1!*Z-
z4!%HpQIme9ar)=O8D6VipTp#_TZ|*r_V3ktpZ?KPF3}f)t>_l{G2eg!m(3%%WB-YG
zK+NJ?Vu`tUUOg5O9FJ7ZB4<FI#6}6Yi-JKvR2<FgW&*?93&g;P-uq7V{Xxv_aV@$z
z{#NAr$P#0K%S$cJnMoXSYVTYU(!)Zwg>z3tYLvjBet|CZ)w(ogqXmteeYFy7q4}=U
zs8%q^N(Lwv2^@Nd@3CxnCKF@$1OZD&+5*D#ZS3S43C$_iu37Pd|K@Yrp>O<sT6;Lv
z%`p3((aAM9;C#sZ=oGq?miDoqZiJcP$lENm{*u4-&V2xbpLgaa*;Y*GC@=?kYiZ^0
z;1mf!|0~CtMuId0e<ZKoMHR7GlgGr1^yJ})Tv7@#EUw%C=Z!xal#SG*m&eVk6p8Em
zE)x$JW3Gs81q*A$(LPR!?D_kp@%2V;v~`2bfXqraZiNeMbE@b)#{Xtf8PC_+Y@5-n
zRXLgtPoDbdWE<D^W(fK0Wp|fyLg#G$k%*N8&phS}VMYT_*Jk1urF>jtoZg(!={!U;
z44C#m%^W1hC{jjXjU1<2nhM67#W4Qu5S3~ai+PynGi~_Xf4Y6uxp8m9FDndWiT@>t
zJw1zlVJy2q(S2%W%Guk8eDL_*nes+I#;T~5dWj!1rpEl4o*>lQTV2y0>#?214Krgt
z%^@IV%%11r_3<H-Ji88l)`I`Ok5AAq<a%I-KKSHQyX7Go^FIFj^o8Y)U%awV2KWdw
z`eJb9!Ft6?sYRq$5^Xx{y~%N=L1Es_na;UJ5nWUic@h0ioo2d|;h9hey2f>`6E@Ly
zi%HX*dc{QUc#8oriYLveCwBR3>o?ss-Ky}cj8j0Hn7^mL;qbSrmg%ff(_NOD<9lqw
zo?>aOmkeZznc-Ih7dWVXB<G>1ZjaVyS5CnWH!gNq14WhNt<@iiapl4bb&C8l^8_?%
z4K+IfsTwGDv>ULPyEbI4eF(6x%g$|nM~j6vWOP+{X4Lh80gKM?j|MZuMj$oxYkAm%
zWMYZ_=ZAOa`9kPeZhqbq$X;p&WUk<S7@AIP!DUiUE3A$lmIoZNbY?20K}61_ze(c9
z7IPjaetGI_w6_;$KoSgWR0+w|COZpn|06B+HUXYa3Kx#4Rmu*6L2CCLJ*>lCsJ22V
zr)nfd2!eHgL*G2v4U&c4QuA9=#n0}uur&+xCo%oKd_X5v0#&lmN7rnSu#sXrQ2Fx}
zT5E|2jNFF%pM%n@Ei%G;z3Ri5+{a9qRywXhVZxnT({W&}>z~ss!@DAzS)v9hq<YO6
zM0UeEIEgN8x#@mJdenu+p@`T;na#%O#VpKKQ0V?Wke!FuV+lQ%{Pm1s5T{>JD7KIs
zHHkc1HaB89%Iw~6Yy6q?Lr8p9Rls6a#<Pf&aJEHz`deueWQ2642i+eP*LpT0O@93D
z@#{7AY?+Uu-i#|>Fd5GUu*Hg(y&S>3OoCaTdlc4=ZAh#R*xS>5SHSbRs*Bwoy`jC;
zUK@F5o&Hbu4%r_@DfK0v7Ua7|a%}n?Rk`w8$@e=O)L`9XUwAvQvM;)pso{e-hTL!W
z?nB5LPxk)gEwA^j1IYBX`O6fu1cTX7-NLs;TdLBzopRRkHH%p6)g4Z_E61aL`30HB
zlU0*yrvox$#J@6yT-BjeROBkyZ2mfZb0coW-BZU@6BV`1sOSeZRIoTNFxVGuLKc%g
z-fIkGOp+9&8qA0PUN9YBrO-|5<iUjmuv`q+mk}_l%ap`H+K=DauO{YwyO-0V7(4I&
z_3P%F)<^Y5FoFt5c|CExJw;677&^>p{BR&-ZorwlGm~iDo^<FnvL{elNngt}Y(%;0
zsX<AUnY34Ic_dNVMMjt|3*WY*&yz@deoSMm$W2R_-8a1~Y*;h^4(*%Ry<HCGmCP`Q
zDWIi=qK|dvp4|`Yjg&}V<qhC8OzbKCxpU;jZicsP{)5_4ta&+lvWN}ixtz0TpJ5Lj
zk3%E`Z;NEKUf{Tmc;jpc4`Le}eFXqUG2-gS)hMOlH6Gi|U*>ZM5Re&;e^qSoZh~)F
z021n@$>4~>ZsP~o>H%;DjBMSZ31X76u3+)Y_s^oi&%Wq8{T;E@qVZR4hHW_=U;ys5
zuH{jt66pRjOvKkiYe>uoU0ei+dU68;fZ^bk{zgWyjkD%65iUN>rxg48_Tn<v8YUxP
z0eU;?D9IIYl=_2}?18=Bp7cvum}=nFPRA>Kw<7IM2(?r)w88bJo&|YNe~15v;zF5Y
zFG}o%TSp*=UGJ2935Y-@uQh=CQ_Av$GE@*B;4zT*ppd?$C6!i`Bn@;S(-qIg1T3Bf
zX^2ATv36W`>!iYkXb`=pI7_fINMjS$DS8<$XRjc=Aj5dV=bUiR?|hwPqNU+);6XyZ
zgvCPdj9SYEG$>);^j$v`INQi{a{5Bmo?*T9{7;QM7#F>=JpB12IRL4Uh<ja(*Ia60
zWzT8et>Qg?cD)4kax9hhYUB<N21H?S4}8G|n|^Gh&JJf?+2@PMad0V%C4kc@WcsA#
zc}Lj2Z5j(x{|yaF-Zw3hX8-_ipXpbRW5gA!P4D2b4s~P(rXX|Q!(?d`1Q<5wX2Civ
zjA}!gBdo$6mCG7OI?b^F0VsO&=H#X&1++bLNKRIJBfBS}DokJymR6(-14z$hA$~Lu
zuEV-YzZ>46KmAcItUw`_1C-np+AVH7)98Ef?nnvCB`C1uM1T0Uwjvi(SKXSoA;1zO
z%lJETM%ghQ0gx;?M&!(JZp8h8sm!!?uI6?$2dMd_k^s&*M!aTYb5dKPc}meK4U}fD
z|6HQ4ejP3(NG-jvCsiO&Cg`$ma4R#b0su&>zy#`4LVt%f*$5-WVfO^hCrSV9v!k<^
zo~NlTfGT6Tvs%z0x;l=7f(;dD!4->R7@Bf+eY@vANTtve**p5zJsj%5jikVXz|C+*
z$4NJX`9(+UK{Z+?R%@9$0=URTB&iqusz&XM{3TE!tat#?0&!9ver=!*!NR$jphiiQ
zj)DLw2}sERxi?6T2a&g~QC^@n*w5Zm=!>?L1?bEgH4%v@vEIn}3vUzeo2TxZ-e<t*
z!(QtieW7}F2wq7WY=<yBI<bn1zel|UIrnRQK-oFLHLcy7AK^AR9<|U34M?i9idUly
zeQo<mDlVf=n)&M-xIuW`rcq)lN1vD$$#=3{)_8iL@|~6TP(kWzu8ya^jH2}4+<B=6
z1i)OujAM2@>eG|ve=Lf6XC#kudecgn0@ljxFcKG`E(2g~vIATbo=JC?QOkMYUi2(M
zw;4;lPkLKpj6(&xTgP_Vd3fa`u<9~>W|bd3={SJ(rHPxE&f|4)R@^E5&qnhF$Ev-m
zMYUi9ElK5GPSn8h3Gzt3%R@x<cW}L7_W8zDQbU5u$GTLEY_jQUO&RG~U!?=}uVKM=
zp_Vs_01SJUE(bqs<oKJQO^X|cLnMSwTpxb<Wm|nN<}Nz7&t@C}zXVMb{+mtDN_t+&
zb#!KN(3-?%gNQfmrzvOvpm<nJ6VPW_NrDu|^)trGCteLI!63;=KK%*ot3}K1oQJOB
zFdW~`Q$ISW>O(B7o(^^KxIEBAS-N`q3X}BGe^|>Gk8}zdD;pBwIpNg^Ul|7u0|Nvz
zOhwDG?yN89Q6bn$>;5>nbNo?@mSBM7DlUV#gE<aH_0-E`Je-E5Zp(lz%|g8(zndL!
zeq^4!5h@EX|DF!U8zJblQli!+5^=8QG;m|nzg5q$B6V}(HSQ2|4UhyHS7~U=M@>6`
zbE$qZgdaOz%~XDl?oAem`=%c$5A5p2d=KSUXF!Qnlsxb8qutq~nT9Uy`0mfY4!E+s
z*mFGosg~Q|@*+C>OQ7T_>h{IdBkKT0_O3RgW6OuBh)sLQ<!ac0zy@tj+iWWo9|n%a
z25m~dov64G&1Sh;wi6h1+H!|u&kU?TY+TiVIU!=AJ-=>CHC?DEa9%1A`Cx6{IbuE)
zyH@V}kl7A^FI}24%pjm|-(y<*bN5k2!GRf<`aQR2i$@9|>s)`Lt^PeoWw#OekX<GV
zm8xB#woPb5R3LrEwOgu>*EBXo(3pG-iyFl&MFXd>AVlryd4UYCEbSV57zytIN#C9m
z5j;5+ZGZBLc@aKIMMj^k!l;#*qX_FAb@MK0z-h5fgY^x24NS#I(n+|7g$1xm7|0{z
zsI^>Nxe&=E2N`ICZNKMVTO7^@cZKk#e<dRzK4Gab;sZg`t%q4+1xldx&W+(*7Rs`1
zHKN0!{q#AtWZwsoA7b1{F>SrkCiEX|Ne@$!`Uo?JO?13z_l}Z@UU?Go`PF)H_*}j}
zmoGR+-Pif~Pg6y>P#@u=5I3++KMlVs++f==xdg(r+(d`0$wP3j-9@+%k84-lmrAVn
z%ZPW@a_^7v;Ot#HP}Rpr40Hyky2n-@woPjbmHI&`PyO`NLvQLrc%>ui^6WI1WU>1^
zDo0jUD?+%7Zp8D?6A`8_BrpXuZ9ked>YETQ#f?aYu1Y#osxB}$F}T~jOWr+-id8^M
zN&jZUd>fCdQ!(e39u<l!S~<slf$wj2jTH>nbZvL^sZh>}ifeDAdvO*6a+iR<Au-5_
z8MZY9<<gvw+GF!TToeM1mY}X6iv_UOU;*pexCqrDc&p=gKVBz9JHG0dSukU;++pPd
za~*#>`xaw0wRzP+ti!TBrE*}JSx`$0{pba*K6E5{V~AJ{-0VM`$;gxS+62R3sUfMK
zgDXE^V!KAz$|YEx1+u|@g<OVyQXq}mnYc_Da-L(wvHid8xdbS?&(C%M#;mG?LE9qk
z-i42XtA<W&EzEYm2xv~YK_ZAMUUvgX(4?5XD|rF9b^Ng*L#t0nyf_{e<e^)URv$`Q
zrQN+whFbLY&L}@EV^LTzi_wMQXgQAGK*NVp-$$hr6}ek%y^*gio8X0y70}J&vKIPk
zE*|^ZD&#%u!T=3`3+y9QPoEt<?=al4ci$0fz*0{)OGfa04Vl&M0KVGphBAT6Z7PLu
z$zXGa;rwh5P1?7@%QIkht0J7BZz?8S__Ga=C};}ptc*Eimh68oApz)%=9komNIHOA
zEL!PmK6LYo5l`A5i`}|Havt}MQ|aJ9I_)?lh^8VrK>ZZy-2ikM!JlK-Qp<%31NZyP
zXSy7;FoUV^q-jXNTJ8(X;@SIeYhM$q*o)c^%d`oA=es2#T+pWR4u66)SdqX)zb<|I
z(5oB7q5&kR)irL{;oN&kvOvx97Z7}-gcGmF($X1b>z$^-31gDbF9UkLkzV~xa8Uv5
z$}qoNFR1T)jdYmdTy;uwt`b9n{DK+UkQ)akE*MMi%ef6)+#rFL-<Ly0>A~DO#b3hG
zGr(Eh<p-uJcwVJf09b}{)ndepz7Wx^jb8^m43t^VJ;i|=qcC%ut%*OO2I@Q7$4`>A
z-}4bpHhQ%du;$x+)$N%hmd=w1!hQ`q>Z#Bh`9zN@gsc0yH$LTA_^29mlTY7?|K{lk
zxm{`c8-UPfpO*vO%p%#?&<C+^Yti^am*V2^fA#+-m(m`VVj=nW@~w9&;NN<HiNRI<
JDqYO|{{v|<ky-!%

literal 4452
zcmb_Ai8~Zr_cLQKNHc@ik~hPMEZHl)e3_xK#Dpl>GTwv~S+a#@(IychgJQf9r6My~
zUfYZ%WTzs@PIksVX8rX0{R`i@&wcJ$?!C`>?z!hV3jhGzAHM+zPzKn;0RY*3{E?%*
zwWRnV@qJYCtPRHLxAgafi0m((VXysuQ^8^O7l6GlqjCTMIOHtG{6h4Pm0X9%&xiha
z$b)l*-}Q^mPpKV|KPnjs(dmiyoH^erS$MAaQ|iD}Opd&#Q`76rbCKC@4`pN1&(Rz!
zRU~vqd$3xE4$Z$bPnEJc`)2WT(m6ZxZ@1NM&y@QW#*TBw=)FSZfx+^_$vta%9MieH
z*eUS79{&SqX=;w5F5->eu8ejJD*fy@sdSt+=w0DP8*288d=d-;o72;BGxXkp+07oq
zx#l0DL~&DQcDE$WPz@I+c2~_HtVValiYxei<M#N7TdVPbx{=x4n|^Pp&Cmh163M;i
zX)ifgF}mVQr>;YvhZHf2sx@xHoW#=Y`$jI`?X7LBg1%VW0jstmV60=$-w3(`p9Ldf
ztbkSi;f7>yJ*J{t1a5H~jA%s^ewvVolDw5dMI31zTREl}H)#US#kC@8QLe+=Vy8Or
zsS|F9^xxt|=B>fvWzhf;fr<IA^_tuYR;Gof<5<D6s2GyRd9ka>F|YAMsG02_xym#m
ziB3Zycv)Z6TF<Me8~>?%P*CVs_K0AGM>O5($fis{-z*f%uG$+xEV7+59ik5x8W?iV
z*JQQyMV|`K9obX3(2%M|(A@m7!|auJa12Ury>P;cQ1-(WeMJ_~!<8qrMoNjThI%_B
z1+QYtoBvF()Rq&=zF`bYNTnr;8gEkIjh4d>r`y#S*0qsGx9!XO=>!k6^ti$ZKodG0
z%Hz|7c-}|-vkJzZZq=NS6~@Kmo)~ijn>x(wMjU61mFP81J_lS}@-*B1SCMv%b%(lT
z<FR3}$P_C0FMGER7%Tgz>yF~+w0bhM+3wn`h>zF<=o}xDOt1fYA$bDItoF7&U=`F5
zSM(;6XO-@;=Pmum-8+lCM&G-wG_-*<E2O|x=h>4Fr}3*9JQ(SeBr@Pvc7?Myw||Xr
z>Tn>_+`7`o#&kQw7SxKU+TYL;nNr^`2btDur{G5XtmTm~8mw+FNS)KSmI66)`$#lr
zflnusIlH($FTxtRcQZR=WKEu2ojp1$3LARLkORu=-6I;{63|FH&>ce-RHBieY!qjo
zw3qYaSWC9S)>r!aSLs^8$BNk5+PgkYMsa>gdnWnDbqY3Zu8gJUlzM$5)=@Gy#>_a9
zfKf(HJ4DR3#lvX8fRLKg1|8>$&L^v%`25sVKix=WQ((pxwE8Sqsk4f>W}K>JXw`aH
zmt0h9vuEw4h5|J}3Y9d3>q>!njXkZ)O(BmQTPm87K67n$HR(W08mg+rl^OZ#2om;v
zl`xI{XJS`VF<ORcSk;scNQ+K=_cyL9>`dq+k2aQouJ)zB?5r`?=jH{mkDCMy{=pG#
zZZruRC5$Vp+pB{9CiBF7h01iF<wz#=j5LCIp$3MBGDai^SU&kS-&-jQqk=~wFPC~1
z)}o-N=Tn~7mZRPltG5i@**8cs%ELN-{idFgro$0NsGIo*3UIn`T7$DtT6f!~+*X;S
z=Xa^2mwHazoY@;=<anfh6jyAEo^X(h*T~E1Tq*#2XS7np;O*lvGdy<n<e^YcU({@c
z)6yC}!bIT~6b2-)d1ZMKid<==@*na2cAYmcU?fAlZn?N_aeJq^;+Fjvo_n$T<)0;f
zk3EWA^a3vpW>#t^OPD@0wJvqgQrs(3;Qk;-+JDQed^;yX7xlVd`L7CD6Vh`nnXc+m
zR#g{xXNZg@GrEOt*A6Iv!-AQVJJL5;u{s|ul`+_vUS!Rj98e??<FaEKcDXbnwye&n
zqM~*Vh=O3#8%vSmk4GeQ;NZPl*g^u)bb9TZ+Fav!ZFm6f(%WY_x^}h=)tB9HKTE=c
zM7e*yRaF38(HHg;YjN9&mEo!tal=H&`Mu5|f_T1-fwB=A?4-fjj?tsXmA)JG>e<vC
zh%LCmTqDA;2>@frX!4$6o$X(1b0oyz%@o*c#)&D7B-C^xB4|PtoPfUIOOL7d8CZTh
z`qstzRW060J3<8w7GLHE=RQHQKK+#7C*iQ*nk%yEI-o8oNDIqIo?B3qYfmMiEFn+3
zMdUT4FvDdxv{>Xytsw||Vd)j>!XONo8O-Bb9iVgHQQ|*e3OO6~_tRm3kY(L5j)EBf
z=j1LeHboVPL=UgEAEZBfmXtwJC0)$Ynz0`4#l)^n*wvXU%bk|GFqke4^b`B@2d@m}
z&%5F<$>+)3;LN_4#1N^Jid%&KiQ<+^_S3Nad&;<-r-iYocm!M@hr~vgq^?lMCw|gx
znW`YOM8@SL`cvzep{4r`t}pi1!7x%tC;t8-ubFfhtp1H8bv7u!eKn<5G>t9I-4as<
zsVEY*W2|@QR0?QfnBuqOpZBI@O5q+S_{W_EbybudFWip@4oJ`zXP*VZQwA+e>tluB
ziD<7Kk2kl2xuL6VP&62%$Jx##EB<(c0?xfcr2dj@vMCaG)8hmjWGQdYX-wc!&|o1;
zi+PsnZz@>5udC<$j`rHJ!y@AA`H8DJNZ15Ajo0ez5=FQ?Cjh-~_$h}5Hz77((Kt}V
zit+~w_YEUE7qG>@R)Miy<ek-&^@l165RCpWyJ;1N+tu;jNC`9;yT&)}aiuWdZYt=8
zwo#7lM}0vAB3Fg-g7+CTH80H!%p^V@x)a`odLfuv;^`T)DXU{kDSL4O8ozebc%@tN
z`<uW#00G1Jykxdr6Q*S|O8?IOOrfk0_!Bh#`2<*d**|)Wn>5Ff+rw+yaw}{6Lkp-{
zLV1KIGbOEy(PNN5pv-otMrce;MNm8e*DI0+D5D<<Uij^y&MeZK1mX&nQp!o$E2f{U
z3EsNMVo?y@BJL>hQ`J_>^KQZKe<214yjy}X!K$_xppA&ZFdAuN&0BP@vNS%Kt}9sZ
z;1RfUYj-XNiV>3zsxBUW#4x_pYa+()-xC~JAnYxT(ajc@n3I?26+2PbFz<vL@DQgR
zZT<DAfMV)dG})hhxYbEBq;4>Q6>u7)c2FktDmQ>42;g1x=%!!pKgi#u$B_povMd=F
zhaIZ;sF?8-hKoKgyoXomEcjfcjO4MbR0^E$uhJ{$T>vt{f>8b?kD5lka~3^$GIlE}
za9_CoamSX6!(~}O*8te}&G%3`JJ*Hz_?oNP?zB)f4CvoF-soh%JCkG+((AQ$XI*jS
zmf#!xg}<jOMCSi(`$hu&RWN6|yR<PTCyDR_hbOE`Su!@3%v!Yo^2GBwczIH#CBt{P
zti2N@Poxda)bky&s6+9`5{XMxTv{7ScjIf6X1AGA7T)uK;lNS-HZ&ZXgj$ixuWoLL
zGoMX-SJ<^1gP65bpRYcE{HBQa%EmhnesZvXFV+9RlJSs=`$q`?btleRbhqIM`X^Fn
zGIJ%Q&&@rc;EE8&Lgx^oCZ)JtO&^ho`|mqOVY**!v{pHis9r4U7dYqY4>Vk_18*tJ
z2!#@DbAs%^W_<SU`7HbvC_@=Et$5E&fuJHmENS+tgtS~`s{nk%C7zVRIZivKbrwsY
zuYdWI)j(G)TCcKCF91Wd`;s(SJ6~=z<no-Qh=!Pa8(K<P5d!2W^%OW`4S<>mEaU*A
z>WW{Gu!4n$fDAadd-+F!7Q>^sUK;rAIk8k2{lG`2@g8J;jJY|sbq3J!m%tRiY@{Xq
z!RB-K|FI>SwoE-mxIVLIURK-aG2SoteDxqIoe+8>&KT&i(4Of$X^F{im!!k6s1iU?
zlwi6P6pI9vlmYkpATt(VCw<;Eu-3oQOffiXPvRp;6bY*N<zrKXc+V*6z>BBHdp;&E
z2B9gsLc>zPQ9nu_7NsksaEzmQP9#hNR3c51tFnLJdYtH!`CCVc{;g?~507XBBafj&
z&|fy-7_zQr?&fumZ^tS%|6~0Kou-I4&%t9wbca}*p|*}#)kbV0IxWoSb<y~wB}P$;
zb6W>w(i<P7w{=AhII4(Od5%9I98t|Njng<%Q$C@NQMUY&qOSb7b-dh8<Y8USOsG++
z0DAX_EJ+@VQW7b5+}S)2j@gbmH#=^e(U^bIQd#6nia7D+B5r^-S($g>QYjd`b&@Cv
zPx!Re4EX4}vuO)P5)Qw{!V}uIre*V;r+dpG8j2(p7Qpv08e4?WVLa);HzW`jU**Ga
z5JOE6JO}?m@GPF5{Vh<Ko=ifP=rm3Vv3^1w_y2<*`>-d_YhG%!vJ-EXKzsn5XbuF(
z{kCn}0l<(i>V8EO?_Z}lz_)d86_iYgHpn0cUnt1S;AQASpXobdB2J=Tw*fB06TWS!
z@^-(no@;{Wr<Oh<lv}P7OCc?R>`8vC%g(LnWY_vX<(UTFUhq`y#{L|<^io{0yIMzz
z5kJSR(-^3)11f1F)@inHcA9V6D`sx;3Sl-Ao!TwsYuqdXP@XV|K^Gr_naeU=t(Xh6
zy+pHl0|8f$qxp#8fD3n$l&=)g3wIXJs+Nrs<nC~ud#Z~hZe^06bt@zMg{i-kconu8
zv0gj0V<7igWh%gykim;{74Z|B&mzf1m7IuAq@jH2@)&gUfuvW+)SlIpO#*in)wX0d
z_83i4yl3Ku4*UbS$j{)#d)+UE-|z$e6D3-d#{RM`7dPDd05X3S_|G_;!75m;QnF*p
z$pX8N0nWgtq0_x*;C<O@`RT$TGRoV<%X0;gc}bamTZPSq#x0Rlwx|zxw1=8?m!1H5
z{p5h@JnWqx3+RPquS~L!Ughq;Z(%VzzRx@u?VGGzI7+7C=8=wNRpBTc7tq7o;&3!T
ziO%;gP~Zi2ed|3am=`k6WszVsVq?HM;V*U#A^gB0Q70UNE!}h4k#GYaj}^MNxm$8k
zODHlP2PQ-I>w!!AKHwq@1Dej7{Yglo4-|`UySNx)h`AIh?yBA2`8Jn^_5&>hU)4C?
zRSI9WF5{Hx^el<W80J{XJ#+^LH&$Hy*N*ADbIZ_ihQG04)lYf!wM6Xd;(l>6naGIg
zr$`*WySP%n?{WQ;`<X||jTTESAr|NqFA|)eT_Lu-f$^^L5~L}>U;k9=OIcl=u5%dH
zyAFqKREe~UD2;3@{4yWb(}XK4dJh>tW0y&{MEZ+mF~J9^r0bbiPJZ}U-{&`E?9E*<
zrYQjfabWBP(Wn2BO<i@~*>nfre34!2`~4#XqYFO#Aj)y)ad5s({n)_mh-f7h*TjiL
zgEwZaIC1Cu;-iPNR^S&_9~>t*@=LF*!dV%-fkPV9I?wBgrXAw$4I=g2(IfMr+jfQH
z?e<hotTt$mM>2c@PPZY>LNja>`d{HbTwHh(6%(IFMIgN=Z9*<MkRVO^^0Qq*{A&Fl
zlOr4cHtH4(AFc}MU<p{uEq=MH+2_ow(9q&A|E!mDp#C1o*2aToUekih_)+GN%b|_l
zMA7pF#uO^TE+D_%{7dR5Ea1vPzMqRKq*;nIitws#HkQ-id^&mYTAmw7yJBoV*<R+O
zhxI;@kh?gKKxVhF(SG?$ryxVNBrUw&3MbJol)=~P*ST8bp83n<e8@7MJ~;JU!Y_&L
zH;8O+k^*+%y-Sym`V(B_mxg-7V^OX@XP!&^54s2d0BM7O_>-Qt6iwalm;eB0E$uO-
I7T)py1qRz*Pyhe`

diff --git a/client/ui/netbird-systemtray-connected.png b/client/ui/netbird-systemtray-connected.png
index c5878d0187e9a5151814a6dfb29e311e475110b4..f4d156da87ab794a49d48359f653e24a673d69cd 100644
GIT binary patch
literal 9105
zcmeHLc{G&$+rLd@%NDZ6G*VK`jIoY=&63DY#F!b3Z7gG7W+-haDS4tuRHUqxWEm1d
z64_<Rqimy8jD6<4)w7=Wcg}mB^S<wY&p6K9_xHN4&-c1M*YdsZxnO<#C=Zu77XSb}
zW~N3q0KfuXvH%=A!7ta4LND;EDca77WP^!-289s42>y5|DJlpL#YYlAVdQXt^$1TB
zbl2vJ(B8&Uir6{jqFx?!JdgT`^C9V7=Wa>1lrih2BUKQGX3`ZhuD#7O=5`c0yW<He
zFI-2j(RT0gww&h5l(TnN=L_HAPTRRDh{(ho#om%IKI&B?)@<B!z*FR;Xa-`p6c5*F
zbWT!{Q@svmH27>P#U#CEg%G0aM_&j?7D<W{*-hHhjifxbP8&8}Ud-E+2~$W%pFB3n
z9X0%pWp&4Jud~Q#N!4dCwlf4nLu)fb!{5UJgSZ)YMccGVPqNwF_AX3;caM<3YwKII
zJFrQ+V(T+pcO88C8mD^TK0Rp#&(yg}*w}UV6!R*+d5(U@l{mqEzVh_dJIU8psReIg
zEvJ8tudP{m7Q@bw%4OSGB6{2R`jz7^oBadrchwp+00yFs4__XOQ_L`b5gI$%)H+Zj
z*Y!<jWt!tq)KwOpE9xzzCfFD>XY4WQ&BjZNL%Psp=w$F|Mbph!VM8C)-WZ=_%Mnvm
znvI%7lsnNps!uz&Szow+UgqM16ZL6f&L3)<ogei&&F5?;HP$|@cpaA2Wa=ScVXA*7
zMZCSR!Qh%hs*oUI_;SqZIZ5(GSEcH9k0~cTVfp>7d<=GKjSBZw!9W`XFNr!xZ<XU8
zWXlR0Vdy+v_{2Fu-dXbaDRmg|(lINodh$x(Z55BJYn4hA-?R5DJ99~GX_9SLwsJz0
z71a7Y$+u+grIPBpC-mTT09RN%#S;|7ks^F3X7txl?OSzQG57k$`G%i|ymg2;@f<9>
zNCH@1PL{{eSYm)821oS7D@FzcfprG}TDp-z7_1+j1ogyw69TniUuvi@C;_Jpb5yZJ
zSOyv5eF&z}A$Z&9<966+Kdc50rmMrH6^RA`0`MdZG%~<HFcclB4f}zM2Cui5;V|eA
z6_TGe%*oOkYDf&hLzNYk6%h)?k%Vw1m<|_ID+K3-wlOmK4FbH=hWU_4L1;KUA|gUD
z0;Na{@rENcG&JA{CAgB30;r)78Wl*wL@ES^%4|dY#4y5#VnYZ)BmyxIx{ZnPB!-c+
zVK7h*{oTKSAWO?X-~&T{V*%s?9*GHpBNY+wfB^VkEka4g;ULIw4*f@qP&=?o;WqeC
zVps?kZyb&fB+2|00*C#>J}4~2|3^4DEFABT4**p|!CjGm+w!QHrS%^c+Z1>c0)l>6
zfn@(plSJ_PldQk_wk`P)&R-n?&HuptoA&Rq|4;_CEG^MSL~Pi$duB%3u<iZPI3kvS
zL;t));E*cH>No{2b*#FAvXVMpK?9FcQc%L<Jv~usSWt}o3zS)4C<zmY#cxA_;EDtg
z2kEJS!sC^c6;!-H9Az&gLILB6Q&R9!!g;A6JuwKJr{`ZFtU?H2Rbu@A>eV(B4uta3
zz^EWlNOc8O1YSu&*%O0Rz^JIB6p$!&6;D-!vIfS>>jxALi#8#K1Yp2)5&|&Zcz95t
z_Yc7~;b?tpGi{iXBI3^#Ykv&M3pCJ%9U}yWMgA$UBLv`WNtkUmk!lEaRSgxCh6Yka
zNm)htPbCL@NGMo|+n7j%BI>7PJ1uB17?4=ZcAbI%KP<pl(1sy+42c+GM<n`d!?s<5
zZd?8#wglS=haq8%FeE$(icnHUBb3leC_AJw8l{RxsUJol(TKn36LAEusQ*cOyLq5m
zKT~c>2nF|#`myx0qipfPKkt6t`V)S%5)}HQDbN_~&k#Z};dtB+KS8XYBCHQ4&>Ig<
zkKfAm_jSU5C<TNnR!tp=R8_zsaH<N*C>&A&Oq{xc8dh0Z1CPKcfwk~=^iZM~DFPFM
z*Y^f_1i1ps^9NT@xgUu-^mpwDAN+O}K*AIdV2%Dkn8t5}!G8-FzCAO3k5~)--#F3w
zq41X>1KRyu1BVwl3*mnZ!{0dD9y|Y!pWkxv|F{DP{qH9Kh~Izd`j@VM#K1pN{<pgR
zrRyIt@Q;-Lt*-wwy14#)ox%r#PeBpj%hIADa|nFV+UaR=)Cgd1|J|;;e-&Ke3^H{N
z1pscr?SB>^>!v8U$WAh|G-jWHi16$`IJ)vG695D?&5ZQzB8L}lxe<jNvs#(=9|ZVN
zU#cE4^SF`M#6@@#gUql(Oi45xbo$2Wq3G!06LhC~muZYu{_AF%IV!kd??R_}q>jEX
z9A<1_K3seZS`K)B<$hW-PfH5$-1T(h?x{CL>sz1G)x%ecq8VMGIrraC_k*td?>~d5
zF`NzF{bXsC^h+?mUXFs$3SZMKFMKo?V}t{UOb9S}2RAf!%a^+rkG-3$*~oj^m>feh
z+0;+X0K6+VTuCQ-h>u9YZqMb+5;Bfhpp;eeJJQbp6kF$bmA7{hZ;67%7T0ZbvZsi>
z;&oE39Dw@O*+(Ql%Zm`guuGQhjoowfVslC#1+uc_C^$PDc<<m$s8hr&eURF+;O@c#
zu;F4BXtVpehRHQwS6tu}`vk2W<GWXzo5|lSX06x&+@>#{83{V{fkC!p1BO`RQNH_C
zMk^c~op{(Mb>B;E>;uv?{6f3?jC{pAM7u6bsQLD-C^PthS7$P;^5slP?lv#SdT#Vk
z>mq1XxfJ2V#})BuGl$Itia+r7&o$}~kxxnkXW!3{Sg#mg?P{Y@$+XrzKo2*gdd3qL
zhl#`ubgo+QDsBxy8p;~U9p-$T@kcq8-Kk<#m)4Q;z)W_Z)t!x$70E6}Li|8S*FNAa
z>ZzDz>A7`->s$5j8p*E)FDn4M9KNaLw?r47yE8N$xg@Pa&xcSF636?O_}QiSCUv_P
z)>FqSm`_gu{F`^%7)MjL%pF+<y_C1U4b~qgP0wVj?0Wp3=W*>uSF74%|E#Y{5#9CL
zx{Y7DmMiL17&jjR+xdNA^zP&Z@qS;IgnOxdBo9*Hbcf1*%MKcA%vrU&8P`+0D;|bh
z6ydRtZ#pTs<m0h@yao8a-p@~lCT09W1+3_6>6@u8%MxE(k8@GLsyHd*>mM$B=<Sl!
z#;3C>_v*S3CJTGZou2kEor=SKdUeL^X@2(Q;Rn}`nGA3!SOqp_>4@$ZyKy8@i(^Tm
za$#YQbJ2;9=Zqgd_AhWU35F@0bts>IQT9E}>T21yPf|77Iud-Oy4MW}fnmW1uO1EG
zSQ4>1vwZYO(Jj#}mB$z7E59akOZ$c?KF1ZnpJ_4da+fdZNGj+3lAjo-&};11JAvO-
zT?Wk`blD1fSe#T_%!+16wNU$7>$JX&Tm}5&#f`HaL^#9GJz&je!!F~cgkKCF?2d2^
zrB;xsSgKll^RO$)zDKq_5+2RTeW5S&!}&cuIXY!uRuBw!|IIqOrh`r@>}t@1j@AVO
z&t)hNa!}(PbFanRiA6qjdd&PDkJjqteH|{ANT*xL^-8Zd>K^PoouzXupDVU+hZ9xM
zt=weA`P7#iRXwM_4n@{yN}sA0bmM&Xxt_D30ZZM%1_;QVOf7u6yE9v0RP%`K+tu%1
zp7V~Zj&%67Cd{k-dfooZQO?F$<?gg@m67g<;#{MZh*M9t*2l<-&y5#j_At$!e<kn^
z3aWO}M_g~?hGfi0F_T{J?|hy9xO`HyMu2>+8h}EC`4guF7d)ar!jeC9<1H|>fl6>y
zc5JVI|KsK5QoM;KmzAz#&?H;(Wc1>FWxD2L_OjfsL(guQ@;Na=x}!*+GWbb*tO)b-
z?uVmP+g_-<mM>$!XJi4UJum%Z*#zYH+A7V4I)^2M8%y{HGtkLXQY#hTZq2MIPprEx
zrA5@loLZ0A5mv9UaTch(B7FRzoYt1B7b)2|6uNO=gFasa8T^QM%v_)gI4r7cFqOk_
zi$q6G!Qu6F$2pxGO!vi0%>5(fvF`CeS9bT3PvJQ&)j14(oUpkZcRD59u4eHU-`nRW
zx(dIlS+haSP@Rz)GjkOw!>&?PQRQqRcWY_y7NfvFbHH@U{Fg1ms5tlTXjEYKB^?7+
zt#-!Y<-D5B(Yr;r7>yj<S*<Ep1E(?SnrQ_xkoazAt&B<4#4$bk6Y8+O<s&UdZ-dHS
z*aSOKVuPpdR-{tC!h;0bq;A{64WeIXnupwEkXW^|?R58zUbcz8PSo&;NP1CXk^LUc
zW?JsYLHH9ckIW16!TvkqaI#|$eia>UMcrUy9!^-JYd>W@WP^Hsb9&t3?jy}$?Mt$8
zuRn$!-k4sFB(Aijpp(BS$%?A3Njx#B!nVO#(h9(08gnvgxJ%0=mSPeQHI|)OiwQ1}
zA6m{1wz$U>5i%HVRCj*$A!i|{iD2ZB_QW<ml{#>eSF8a!={dB%K5*mn*5x<23nq$M
z*Nccj$mrx3t`g)M_CU<j9hMK9x#YKEV#jnx_ym0By9u(omqYcVFE9(9Ikhb<G}u9m
zuT6Mg6rt2LH&n|eiC&W2lkjygb+zdZBlcdv$X>%MF|HqP?k2WisR=soCJ%)nB{b9-
zO|h-<)m)VQmakg|5JDhhHFI;PIVAZvO&-C-$<<s9mpCTmuOV*{$0KUc`mFR!#saJ*
zK8b^}KOiiO$MA~3X^v%k$>rx%<26PBZ5^rj%YMJ*+cPxkBSVeEJX4cNm!-i{=@&*a
z%+)Gii4-Aq`r(I=w5L4Asx>#E$5e{ZgR7dGJJ>VGPKB?^-SZ%2har+O$BR<lKP=k7
zwRCiiuF>nvbM_)k9<6sivv+1mTik7m+K4%PYCeB1o*B_s<CAxi@0IX@#`6tjETq>P
znNj<@4#<aH8%!$CMM26OSr>QD<i4r;l97KgO35}g^NP9>J=7csHwFx^#G|GQ+*7GC
zgX{FV9yPY_kJsj`G9_93%B3vG?71seA5CsX7G2@iy{5WR16q|p2Jw^8lI(ln2{M(;
zcWpgv)cr#lzs@OIW}p~*RojDod2PXCCrB8rwXva2pRbl)+-mDt-jQ;mSVsa51>(*F
zB?j!Qrfld>x0-D~M(aRHBO*<08B#R@<IUDMcRDlb{YJTasr_-A-Fb)GKXt^gqy-5_
z%b?=P73hpNJ=d5gS@P*ljuCFmUycvBoNrLYOKjNdFCM!ya!*WCcUV>D$ftH!l3H4c
zL&Xw&cChsR!uO&3Tvl5&Z+ZlYHf_&VW|85RRI9m=Nsm}5+vj5tH`U?2>=jl#BR^Hq
z>8QiS9~t5Cs(E_LVjp0$?3yGW<q{~}R>?^ePjqkzkE2aL0cheE?etmGy|0?bO9`6p
zCATE5#I`fi4_Y>CJygp-`)D@rp*X&7wyt8WJ>d%XW&DADw@dqp;^Z+0pyt}B#qIV~
zUH4)j)4$#v4&e8&)HvJP^cW%yA9b_`N5rrsd~&N;dvFH0X3rYCH_pDA3z0zecC4ko
zYoC(0TPx2!XHOwwsXd$xB^=ip?F+xp>^kw;R(PVY)A1v#-Y`<=L^<3=@~phhmoG8G
z6AwBaW!d!7=fIQd@>$qZ3A^^aRYLZZ6C(pH?gTcyZ}05o)(97A<3wTWvI~U@7vkIw
zjdX&2+L4KUiLY8~5A0Ar;rdO@H?^zfI|rp{by8MuR(In0ma_f(XUaz|A2lvwe^Zi7
zaVtX6C7f6i4f@}(XTw<=1O;Y}<iOI-4edN~dD?ZOcyDj7{5x@n$t#uM<etsS1h7<P
z`NCf-=3BodGYedYs7erMHD1nB&5ySAZg)@ZrDK^mnxiwzpfHP!f>8WBCAvka@S?2_
z`+eV*@pG^FDcZHPxsWSoVd0ey!;T)p`GEc>tDWNc{WHtzCV;tKcZtC@hS)<w{|Ke5
zwtp!@D+2v4CG&KN;&fb!I(SM9!jr?|vPQG62hh#|H0v{&z|eSQ0OdqXtZLx(s9E_1
ztt<CANQBL(DxSr@Puwg)$5_kO+NHAThWaMKVy*EU4J@!UQMWhk)~r{%Bw0Nwug`Jn
z3tkTe(IgvQE~~$JVb76Wx@kI}2OSTn=cnv5f(AI|y_u{z;(rQ~)}nfwRn?uN0Wp#w
z<dy{1QN`g_=ib_<Ec5w<&8!&vHU>w7J}fQ0m>)~MDHbmIY%4ss#@<DVb%I|&^phwu
zm74gJ#n8^xUKD(;j6)P|(+OdlX!a1MAbssIpc7M2NbP8Ala8KK9qlrJgF;faBxiOk
z9fFuOi<3DTD6qH5c^t%*;5@#!t*Q-$d;3XM5B!pVrN$E_27|HH6+APe2Og%Vx^H<r
zb6fWgQ(SL1?e<f1Q?s7VuH>L_t1bH+m0@mDweieyiLdPTrw+?gSR%9YI8@zv?Sbqk
zIay^o^(MS5K@>N~yivh3pfCED26u|)JH)A;(gQp^1O~NDUJH^xUy)SdESwqSV==t~
zo_Yr*p2U>YmWb2+ckmVg?SbEufT?OqE85XdBtGrMndTrfpr5x8NEybC&RyE#rwBP`
zCzrH8z?f)?S1*bRfMQ;sS6N0?mZ(!+N&J*NC!z_Dm|IL3wogqtgmH9Fi}3TtY+ilY
zxEel)HDG30h3ku4U}QNtMh0GJ4!*~?xUSl8X8pXqK48<vXqjstVVsPdWP?pisNOaQ
z^QG56q}wZUZfj-nC3n*O+)C?99F&afVqgx6%0do4uV5l4sxCHcbP2FT$Wvl)WLD@c
zHf~b!K&~+>m)C-m?AYhiz|@nK+~hHz&3zDFM_}}JI!JK?q2bhNs+fv@;g_9TOwHu`
z2(Gq`Px0P$+I{P#d`_J5lsq%vx=aQ!KRnQ^@q)+^+@&)I9bPf)fM#!Ioxe7^sRr`x
zl|MH7`<KlRy70=~c0kh?S-<FC`oD;4Fpcijx83o&(PyGL7k(hV)f@^KR)Ws<5P$u$
z_*}XBRgyG+!VwE*(Q^N5Y387pEJ&LLGrlE$>%88=rr?ck-sGD)3uWam$D~<IWvrLs
zMPAG}yzjybzVmv+YD-Jv-dh{he9nodE6FaYRKpGKY?UynTa8wT)a)DO(!zQ!yEN(f
zyX7Xlat7CbvDX96dVx>Nq_+g>Yom$H%c2)|h00teK0d%)po%zgvU;pil-G}}P@Tsc
z?0q;`_G(m{|H{WAn$z1FA9qoY2cEzXTX<hG?&ed;&(UCwQ>D*OCmws`Dc2*t5b=gd
zX*&o(Xb~&d<P*0u<eeL$AAP&u>BUs&FAuKDuF7sqBkA+!K3^64+H=J)@Kj5@9YDY|
zZAy@jIzS>hB_%g8ccwlH9ms8Rus+gw{8y{zQ<L7@<Kue(`Ghz~P;9Zv_qEvUjN1^=
zcmb}!&1E~z+6|P*oXD^Yb4jfwo<ol-hRNbz&n1vRC11>Y6-dvGT%$~H*}8O?vy)N2
zgIQARP@u+c)a7*w@$r2fCU>f?Jmo_$o;JYuq|)l}f-HZ|x~@4{o^q{%ip5fMW_OPC
zd(P+gwL8ePZE7-gE_aFu>v0V+&sS|cyR|a{Jef#|Z&Sj1Ra(o}41lxu2f%ejh&|dQ
zrBeiwHkKJ4OB=9qczB+}1MH)M$15v1+BuHR#0+qd%`uAX7B}9nYRa3c`VFstdf2Ow
zdGC9zuCSi(6#l!tovgKqp@4sVAz*{~_)d;%cbq-_3t`|gVZM9T#tzcBYBGPTi<t;m
zvlJ{EKWfEN<Av(#PjJCmz=z5Rzw{PqNSXm1{`ONb#|uIDW`wZ#!h0`pDD6t+R&`Ih
zK%t(3494yQ4lP{R;r7UePPSy#QW4@Db8q={xb%_3P$k*9HGXU2>Jw2cNKmib_rcPK
z8Nhb`$v=F5p=4?;TpDiF5bT)e5qo-iOMr5%-bs&6He`JtF8l%<)u!j3R2NpHQu7OM
zolL(GIXgBcon7kLU+3@s>S%W9`{38sFMHGJz2w*LR`VgEQqlqS-^RIVq8HUY753!B
znS-zMX*P6k+5jrN^4^<#R7G}kofIS+E>97%z3@5IY{QzFSO*>k27nFr<8e~6xkz;Z
z<2*%dR*7y1*sQ}+wqgZYwyVKBhM7JTD|`SlO@7^J&6*8AT2iypIG!SIR#=*%-1+g?
zK13)&=);1J9Z+<omy|qVg;bxH06P}@RBg0(r=qSMFpDF%#1FlVQ!V;DS+qn{$GX^(
z*99SZY-tA7F7FH#F{-!^@;DPsa}yJAq5w^{D%qtkjG&#^m)ran;TT@ZorCa$0;XLS
z0C*}x_ntaC`8d}b#xFVk;!}rytskUk_3$PAN6lqxcOa%b{`D6hvF=0)HEy$*)K@*T
zTh+bUMzg9n^JfWFxg*z8EIys(SelaMKhPm_&~bbAH8l-(DMTZMkjtGh%Qf6Ma^}?s
zeA2tYcxQKlrA5;}3tO1gW!`9!7H(Md`2JB26EcCEbirQe$>oCHrF9K<5$GqAG2e~Z
z(#AT4dsahrl4&3sCb2W~Xs;_Hs5rD+R?Ikk*j2vOc)|%hb{3r^lJD2wTx-%A;QrtL
e^aLWrPBB^N)^gtu9k!L;1~fB1Zd796k@#OS_F8=a

literal 7251
zcmbtZi9b~D_rEj77$RdUS%+-dTkOjq%8-4_I?7HWyD&4zp6p~_vJ2%ywirq!Lbg<v
zDOs|Pbu44}P2YdvcVDmjdY=0_=XIWQ&+|U-d(U$cj16xyF>o;e0KkOO)iwnH5OoRy
zU{LB{=U44Y9q4^^t^EPu9NWJe1mqQP{!{Tcy{!c_4D+l|A0Td;2ATlyI_2ESJz4<Z
z{)^JqG!Fr7%%Y##O-9gd5!!=YH)z>LV&UKqq~{DRiRM?cfeNFSSz?|*f*fkHTIRXs
zUVRINlVx5Gx_G5&cB*>crdC|=e%LIO%OXov)g)J!Z$czdn<M2jKln)q{hKM$a97oG
zu-iu!6&38Jl0UKiVCD!T^qg{it|gdsvZ;h8DB<-XRNwypml_15_+Y=Y#q)bv9=rK|
zd{A0>?Xho+qomwn3If2fE!?m7dtYUPs9s`IlT27riRQfn^PJn>__)amT9{ZJ{rUEB
zNC6#LoH^u!8BsS1l?B;I;-g219*Sd!UeFR=e7cD`$7*(D4%5`XE^~wHL>>${KWp6c
ze8t~wXl}N4n3$<+STRs_c~*f1K(H0cQ6f|SIv(hyXcnvQ|EKQvsg-MJlYE#PZ82M?
z7Wi$?(L{86iY)L2=t<n{$>BWAW%+$PaYp(CL+G^4FFz@X?Kmc`oXNTZsfm*xY~&<s
zB)ZEfkX$xQ=lT>g2w)ASxF=_XC25sC&7rd+<!_))_O$?9pIt<S<*t@;&D_g--nnez
z+f%lrwPh9!@L_Eu^h{^pH5s8W!MZ;2st$RxBsO8o27Nqgfh|Iyp_!E9d-T9Z#rKWh
zj@@YAtS^m~G@+4_pq_ZH6T5L_N^h|lpVSDZ>h+CHkLMuV8!wqD!?L$IKJQ-Kd{h)i
zMb-8x#iDpPz3(w{<W|=IjJ@`4GGaR2ed3JnPQF6kf6oYfOuR-BmOC7c6g^PfRv>SL
zSe^Yng2;lQ_?!2s4k#gM;)k<*RtB|O@1HhhPXyFBtr^&`Bqei1O_#|bq4?|O_vJ0;
z8?7F?0yDFd%r#9HOf7c!{8Gf<=FG4)Cn04zXB~9hUR53H*9_Q7h^IA`&AA7uvv=|9
zbx2OWI1ZDu*l~`b(VcNlN^0P*zvotbxvY=S$~}@MA_2lR3VFHI&M{2LWN>{~+sLmQ
z#RX9q-Y4V)y}E1C`-hj~WnTC3_is3^hGFprytzu{sXZNi0Ya~Ndf|TNUEnY8LeXvJ
zq#&QxJTCa8$DAbVkVrgNIG>78$GX1ff|_iA{E;N9V&ruA?9qLvG)8wi+%%2-WR!}P
zAK!x9I&A!-y>)(RiGq^Ym+tS?X6NlxY;27i7p=hx)wxR#l1R@TjBh~!zV)eyyyeb@
zU#^Un6QPwQu7*ByEXK1WNzf(iL3Q|q|D!i2=PA2g#F@txmVYEvpkWWU#!4F;7X0O1
zVN>V^`*&WO@aQH&rA+T~+vFc`<@V9H&%zTH!t({_%Ex1qbT7%XPI-sZTXJnlNw7z?
zgPJ^yhQch2%5KLpEQ;@&*IQTCw$79bZAaMJJj)zQSg{vrS1H54ew0|1sr^U)1?;m7
zSfXn;tUh;VKpJc<@rWvOYj>sLjK<oj+4pOknWzB_MP3NR0%3TfAR5ywIS_DvA`6^=
z{3MimxYqJpQ8tH7u>;;_bgNU6dEkQmJe04{*4w8i0m+DI?eo~J*x!dn7}wKZ)FD5V
zHWpf4WvNA%c#D6%yuFODV70V5>&h%C<&K0y7@pGfW_cSl`UMvCTta11<RgYminZZl
zBB6EKUdUP0{YstF2&;bbdKKg-+x$l(p+DQPz=P4^R&I&04RMZN%@5&j-z~}j{Y@ka
z_Foy2M=O6ML1swzosdx)kG3?HBMEg1@cz30AV;h%M|w3x?e%e-xKlXaK~Qi$qpBz6
zB+>v>Qhe~EZgfoJ%S#q#$=^+A{CE3EA4s#&o0L~kFWxb?rtqGO?qcu;L(m}Oty3P&
zH|f%3@8e@-qwc1=bzcrg+d&Vw1MetoS0%B<RK(2%`^fjKxoR>AsMOCWZ_Kutu_0?e
ze@$#WT~k+s)x48hIox<P`=zps)n~(1o^K=3W(?Ii<UOW$;(f?hPVe?{w$JMX#Ts#{
zR-F225G<#+Bcv?6Vq%~CbI`LyVNCH#`)~3iHk)Ek)9R#>l27ddhBi(D$yBTmHKB0G
z%)5lHmSExw)Z#sP->@G2$7YAks`=5CFID-pka-+3@j=GbV^7j&h{!|}z!3)CjBg^h
zrmq1+>~FnHq2|ijfc=7F7yDuTwPusU_%2Zo2TDY7wn(dq*_i{!4CyEA;YSco0Jgwy
zL=HVJzHv1yNsk$m`tw1_IIx&05sl&GyDUzSC5Ez-XFimBcL&^I2ROMB7p%+)*n?B;
z#?!8{!Y9n(cjic5na_jHHD8uyKE8LTkv&kdZsoN2qtr;ReZBQ)S{Tqo6pI*~e2`m7
zF9~ar32nZytMy{5V#(w`@c#AhPP=ZYx`3m*XrWA{3({<Ksgw>=Wg+}4vXRelhUM$F
zN0*fCL}~>a>;aXngfINhgSh%SY-5`RnDJyt5ngWpjz?$|=xM;)sZ=}sc7o)hB(^Vp
zYD4r`DXD)?kK5rbhXb6?SllF5nu_IH7{&bI&%4@BUxP&t?6UR##q9@7ea5i2ky!bq
z24VbjpCw^q>Tr1Awz(@=QFF7Lx?~j2-Xn+7Om9MH`txVmHDxM4Gc6`*a<yKr!H`x?
zKwG%O!+SY<mu7o|aP#=dE_-RJ0s2^?f>kd2;KsS!I$b&7Ro!i`Pikc}keWfkZ3PHH
zgwj8gd)>0}*vPKBR+DeIj<6aRn$mr|*f8)!Z(Q(LApsiNBtUcYEN}kCT*%9n@Xy!w
zfgW@C-JM(B7+k^+X)==qL;l!wNATvPRet8R?vBQmceMLnC(Q`!jO>F_Ut<_*0u{UL
zI)JesV$ECNq>`-wtlTS^JL2WAadvs8=)~ED<?I}@d}-u<P@sBwD)Y?x@}G`O8P8aa
z{ifwYUt!L>=YYS$sYQ~582i=LFtPe8_>M8Fhb`}DqWaz*8}2T|Lh1V6jxfHY1!57Y
z&z=rqB*u10LzJz!Ks`?MMg^?cV(~rg%8tChroIb7CH<3zqZ}Z69&D=@z#<CE==JW5
zBDj9*sJr6k%8Dl5rYT;y7uP`AUXX>~Wd;~O#b=~FnwQz`MSqVZ$lQ)ZWB@&Ih)9n0
z4<ncb!#R>j*1BzozRT{Q0Dt@sqj4d+NJNm;uks;j`Mffnu$u95mc9N-sTj@^qqkkV
zzIE&l1s%O36ZlXm*a-5`y-%0{UDxZl218^^(qG{c(TqNHR5boSk2s@ef&yPAVvL8N
zq@P7h&hj*W=W}s;?mo-$VtulIH`OoP$ly9Lvi}~c!E~DRq!(`}6*Fb?yP}bDFdXe{
zvUD9M9l((&`hs$rAaqjJf<YBYhNt^zrT6XJLGd(Q<?auMer?%^x%ECHAl|Wj>rZC^
z&q={=^zQpz&XYg%>E{Z#f7K6XHqAhQkA=qVm&JQERJXjRPAZ7R{E)4>D|jKf!`;?E
z1-zsby&nf~cjCOYqlj$$M%cd2bQn6!yNu1psJm<TIr|d_AXc^b*`talrs?@S8pu7?
z@46U2(R#|fLsQJb>ybh=ukif@5|Qrr)vL*iT>(5;%IE<rUUo?ykcC7BW)EV926C@|
z>{<!ks#~eEAzmIV7Sq&kMD940=`YMkfgW#njkdjp7$^<8;5iJB(*zh#*=v4GWFUX!
zx=(G`(E%Sd5kktEX5xA$)^_CEYnb=t{7^hCJzeAs9q?x3!$(aHh~X&ve6P>is?3wS
zc`E*{35?r$#j=OvpENaut*(F!AwXqR&#A{bu<Dl7=7CS_V$-%?()CH*L+e1<gjL*i
z5U!p!z}RoP;tI>js=u@TMBljYDnApZOb1+d=%&7+9%*L<g63v7Xjx8&(~njcsCUIN
zhHr?fTu{B@Yt+B~Qg>xTZo_zef)O_)C2#o_N8+GxzMkwux4%tc+?vD4u(vVUy%B$R
zZp06q&8T=0xH}p~f7j^bk|E_q7v=k0ewX|7s~dSSN|%7UCea$1hh%pZ>-z<VNvy`4
zCrX0L20Nf(C}7!#fZJ1ORAiF$P71HJAMZ}^qwpu&;mR+=qQ0&GJsp}QFeaS`ITSI*
z<nt@dDf?RIEhbDgyfRXEK{$?zI=I5|D`9c+rGSIp2_$hZ8yo`zBt6BnoHK`pX$HxZ
z{2SNJL=B!Fcb5Lg9&f=Rb_a0$Pey)KTAuy49Db;&c;IBp;M=Lm+CyJWm-;TLu$Nl2
zz|wuI(yjL!)Uf0_pSD*_nZMZ#%6eR1Hud1?J6h__^<+8qy`c)fQ7RbO)M6P{ya+BH
z&00`kNlyke?cJ><(9CSEqtKu+KceY}nUO4c1;Q<=!KfeRH^j~H8|_JrqJ1E+XmUO+
zyE5=fl@8<;7ol9P>6ArcQhD@|VE@7m6vGU>9Jdg&>VjNr?;QE^<(fyjV0gBpAU5Jm
z;CQq61c%w{U;K;5p3Gyv<{%Gpob|=t#oR0Q-&EWZYT&Dvs)^4zk_iwAJ}{}k53G#a
zbe;YT-l3Oa;cO3H0zLj+N*s^=56yFUgtj}o)U|^h8K-N-=v=YAlJj<UFf1=$9%Jx<
zu_URJp(fs{>M4~>uU=VH8hg@l=6s6@L;A&wE|2cS-@agOQ}6q0v!{juSihw~Zdw;-
z&!Vgsl58)=299xzsYbFCky5x$?6E;pIb~;KA}Ce$zkkdw0&S)J^$2B!R22M`J!#E-
zSW3o=6855xMGt$cd#Bx}8i1cUHx!2V{Br&^K?`JCSP2-OSWA<2Le^wFw01@q8_C6l
z(pJBDq|<Fh!dY4kBOsaN0KQ~TnY>ffJazW`bggszj4|TC2n$zRN@LGw`(?%rJRd^9
zol_5O&z3apmsg&j<|~;~_#)<hd7dV%A%!J`EXdrkcLD)N`6%3?Jer$+^sD*-vg{#a
z^rJDNzCT)+?Tplm%#iY`Pj1|p_+S3An*<`VVg=>%!%1u+pAAtdY<(YT(4s3-YiO+h
zmyhZ=zWJ5812~}ER;tToA0yd%^iwEvhqrLq|1$jpN^%NY2)6b8gU-Ho=2H|c@S@=X
zTPnAMEd<Bs5y0VTf2!&-u-ohk)L($&&l?_JswZ1vZxPNG^)n*}*e=$#qMaZ(byN^X
zB8iNi)yws4xse0p>+8sJ=8*3|&*D4>&IUS1%q*YW#U`@=P~F-(V@nr2pF{_J&pnlo
zjxVZ+6x)3QAvGa~5HYvYfln!k>+}%>7_WL*l}fT<Td8}xlHQ~zYZ~_7NN|7O0X9@9
z@6=6?K@v1CyCIzF@uM*g(KY5efx57NmKL(L+d+VcQiiQ1kC<Bd7Fd9fvh-ki;^y_l
zTEOmGs5&d|5AO^`Z7LlTZQj8h1qbebr3YK*P>yc|7D;M52E_gF=*^F~W4P&3xW}zc
zOBP4EzSRw+ql={e6-+*&=KtKRo8*Yss;XLMnVwQF&4zwf<5-t%kTwzDvQxZ=$A(D!
zw~)I@k9Wuwr9j~h#*4Qh0Mm@IHZ6$j0_2*<ZWf~S+nK3p<spJ8XDXy;f8Nno>hNZ>
z|1e4U=fV@Tm2^6Wrr+57h(#YT;DJE*Szkp27vI&Zs2m=5(an_s9cmby{UWYH>53Ak
zuYIP+p9oRp&*_j`ZUM5g)up=67d`Ohu-8e~`e=~Dkz7<I2C&_xgvOW;n}tB)fH@3+
zcG$;sh{C)HvsKmI;lU@vit<qameR->u=d$$%!d;K+~k3De2Vv1*eA-i)85T)LsdSz
z5e<k6BxUZci7L~hAvk*NPw_t4hFiQC1h)qSWO&SbZT(yRR5?Kw2C(hCX+EFHcg&Q=
z&w3}8ypXS}40~R*HR%7(Hjds7X`|BPo!xgQX@I$_xD(;)a<8{0S?z3h#nxH82I2Vl
zoeU9$zXt~x>!rWddQz}qX=1KErboTZVpeY+28sh)le_QfzYS+VLE~%~X<<soJ7dhd
z6c`Zuj+J+*4om#h_r_u;I6}LDRj@GI{n7TVVjs#$<28D4M!}Z9z{-@-VL%K&3&6NF
ziPrsz{Of<}h8!}2w>`S)1x2V>#Yk>zH1R@2lzuPUj5X@B-h(=d@2#v?kKES$)h&_P
zZi<osU^3H}G;%in`8x8U9GxRN-6#jfRo2N&9ztI@r3@XT+tMT8u=lmY;}y+eRpllR
zX#e@zAVTSQBAR~^50re~6(iN8@<2dc!nn-#=b(TJUdSDz!}jOY0N=!aroIiAWy&{s
z;nR<wZ@}E&9OMZg|LYWC&ai|(UwBfSgu-J4vVq5n+f}ThNzS-vT-6TvO=wZoRL;wS
zVquNO^5`BR(Gxp^<NdHduU*;KS%CYA0~j{3ngQGfq9iOjWl?R2LsQUd5Z53Sja#8d
z=44>F>lKo8fcSgnKaA+;K(9BT)=po4TjkB@eMv8m!hNPkPGw-a%-auw8g(H!PUnPS
zGpzyU)9k)=sitzj#eBlc)f14w-a}zmTUJdCE0*+s%B^z|+#p9rY4VE5>8+ic;>bPj
zFil5q1FuU6-EUWxAJ9b#3Q-=@@4SM<M^~LHyWqc@!^O7mI9BS^oZEl6zevUu@;FMs
z*oCP~b~{CWZMKyKxV63VgIdt2Q8WGOd~-Bz>up?M(MW>Ez-VlV$=G@D2h?%B8EWn^
zkqiTF-Z3R54eG&DP06nOp2;E4c+xE4Vy0t0mycYDVgKYdRJj(s+Rpm!*K^=8Tah>+
zUPxm0-gJMRPe_VmhSzPcbJX&9J~0Y7VAZWFjb9#GQ|&S@yX9~|!<gX=7qb~7$_wOm
ztzlyUSsXmzsbmsYV)=xHE^NDbc=v@W?yd|+yI=ysxUZbhF~q?~CCY>x$_-z*SjDKm
z#v-VBIvVvTisuFjE_Q#cF(-Ad<}^hB*wd|Fuj-w~NF~P#a>zAK4bZf;G5)0@_=CZ5
zAmj7X>r`fr{u%Bf;3>A#^C`0$arbNJ<FHEzqqG+RQ5vr^Fy30{F;Xmma{5nVG5cAO
z5v$s*mpj0S=b6B#S`cL(0@}QJ_j@@y#qzT)*WM!t?)=KM(MfWKuT11XmQT2o!!mPo
z)l+VTXKk@`B*NLA*XVJ#0(`6ItdT%TJ=Kh8XhY%8Yw9EC#vhzNW!FwX8hu3#T<In{
z3byjIl{qLyJZ>E34_)0@eOoU3`n|DrXRtn*bBj(PDdGcBxPMy3okBR}`MRIum9z7T
z#4mifKg%9oJw<TBaa@Y+q*gjD>0w3=-vd!nf_0GdtjSaSU2omKyH#Q69mkd=&Yki{
z6lmW}V+bt@VpEl)QPlb+q*Pg;G6_QbB+Be$9CC{$G-!DaR24FY|9Op;PGdI!w^ol4
zxKreEZmGG{(r7pgV3hT0RTb~aMAkmMmKs{5yR1Hw$|dl@|4-5N77)URibGa+u`<th
zKl2MuDQQbhYaEd^W!KK$vtqj{<$<T2okk6T|MEub%CdngC<@{SdIk%Z`Q{~;1ww4j
zM))OnG8n)icU(c?IxJBIs+VOACWxf8dx2*dvr9nJ9I-ev;W0huFj%j<_3!GX$Qt;@
z5!UDG=6IDf&_+e9S31J++PU~mUc^Vy90d2Hf6Iyk-`#h!VjjZ3ZVEdpp8NF#kqth2
zZ+51bfOjzC03Ng)4S?xD8L@(bjLB~_c1?jW8b59SRf3!x=+~-5OJ0Txk}1|crq-$`
z^j26fLWWi-A)=qoIRzcvbJ504wWCr52pRj`R17^2?&yL{Ol-f}<bA?Pa5PQV_K<Zd
zWsjS8rH~DDfc~Z-s|#hZf{*QE#P53#{Z-ssOX&{gIl`@Pbzo<L2v@P)-^=>=3DZ7_
zU=6FS(I5s)VDS2~z5r>cP~Ce1vhcYzxX=oHuc(Ks22A8md0W*LzGiWF3AgvR=f-(V
z<+O!v7Ohd9B<<aHA=3U_5Z9OpSH^ja<zJx33M=<1_b_hZ+E9bmTXxx6247QI_ZkFl
z07qL^3T`kNYebjQXrv8dl$)afB9m-2!z=!?(Elz$Rxh$?BGhVUE>{1roM@Iykhx8p
zbs&$n{<<PA6oDO?@oKzeuyQtE?>Tv}7#hH$XG0z+p7`Y!QwU;r!DG_{Iv5fVie7ol
zJ$DdHpP4b1{eUmU-P@B5`^VQx;Pu9>f+|Z3^_~zSgf7z0dYwh6;GtB}xpc#dtB2OV
zvw?9tQj*k``^GF8)iC@tqV||pshjd8H=zThwoe+?K|N2)bte+12=m-lzg+?8H%Co|
zFX~dc+USs>OSuV9pXH03QXg(?ksOQ$mdAKbHi%}3(Mdv;KIC=3t+40z9SyZ-5e-~D
z{%*rORrClYPBypWh}TmAVU5r34*}uMl)%4xtj1P}PT0faseK=rZ%%4Ty2Eq+vfghy
z8`qQ6<e^B3FN}Z-(qH*H$S9stOikZ;&`DnmFPSzp?ke|RW2=aVOQm5&SkstXP|3QR
zp_>R?ul>f#9o%*oRF>O)&0*i08kG1;K<knC{VM+Hh1CldylpbItWP5zf|Vj0M5WEW
zq85I5<TJ%r4|OP}f9OG<sVF{U!<HIdq$Q9TL@L=J6C>d!SunOWI$62FsHc@=nltf*
zwtt7{7rMq%ymwX~sKEMC1K^Id=OIj2y4W%b2u6A1AixE`2f^c$q6QE8!kXZN*I-5C
zU29v4JTTSYys1Kk-ElYhDv#eQ@&a~k^{s<cSeTd%e_1aK+n*E>epz@K#>^m4WZB!3
zP{HT3Kp&&Ji1JZNp}`OS0B}vkyuCilVj)=R&2cN`&%MHWC^yTVNXJOO%5g+X!<@2-
zxXI<@E;7ph8qoj2#-&C3;-mf6o7Z95%XIH#Rnzy<OQzm^@Dzr*J4Env!215=E}kpT
zI|>P)Hboj3j~xu5Kqh5<oC%ycpY8~sbG4H;lPd9@%b35nUurWp7&FY#U0O*Z8jEpX
zcftN>0TD*psr?Id5Mz{vxJ6W3NcLAx6RAwiNwzX^$VR%Uukl}KY+~k`rq&{7-p1`q
zYI>-go1cBip0CCSnkqKh<&`c1#-u?@ePP<0Sv(V^uHa7ZA&5qbnQdevZ@rY`mRk~c
zV&8^%-&++Q>3dttIc6XYgWpddI)FYWb})SSE3AQOGwmjGZSrI~4MT7qR0^E?;2~C~
zj=fI`=|ZL28ZH1|mn5p%TE36)a|S(avsUtVRnTlux=N#w-&nBozVuVP{$z^mez3--
z8z4qrL}PEVH1bGem*@t`Fh7}t>ww&0+TmdPX{=!6_e5yPGfo1H_)R;KnLoQa{Wqb0
yxz`msi%3lILx=9=nHhY62kZa8Cq}h^3p?f4O#7o&5ebX_XAq@hsNJCD81;WL_oh1l

diff --git a/client/ui/netbird-systemtray-default.ico b/client/ui/netbird-systemtray-default.ico
deleted file mode 100644
index 5a025267599c8bb00849160cc4da5dbdb4ea41ca..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 2876
zcmb7Gi$9b5AKzRTIks|5StcQ6m5Nm68ltE;Dlw)amzI`XVzUa1x&11)bu!M04##Cb
zMdh-HktV{)+%~yabC}DF?b&{het*IFKCkEXe4pp@c|N!I=ktCZ2m}fq8w(2A3E8a*
zfoOsIhn{Dg)l{~rfLk?J7sqoO(v1_Q1YR!RdU0*z4u9*67qq)Lx&Q)E8FO{C^NJao
z8;!it->%Dw%*ZmFg#Et9)c#P5>FI(kmntYBXI)X-o}*6D#%f($ybxMpW~5}jU6vd}
z5zI!;`DW3PoW;!gn%etrkh=pl^%hISrd~;I*1|AP%w{jK8<>O{(C5Ejjn%6WafIkR
zrDH#?uMEbm|1-EhofXt)70XxaOSOcZu4d+NJJ8|g%Z)3`z-taN6FZ&|#5zDEa`*I~
zsLxa-9@pRg=|XDlm?+ZF2(ME{n~K&i@r_MJqJPwBevdy%Y~mjAI@~vN(f>2r1=4gH
zANRxa{WB@K7|Yke%pb-hb8LpqPO^|1O^lA`viG+?(qKtQf{?d(1Q(eE`X1?uZ5$7h
z7-&ss|MLsMgP#(>5C7v3@oTMypC7Am5UHBKqWP4g4qaV$w_zafSxbcLI85tasdDOH
z<BaT++;eP2!81_)VP<u1wT(y#6FwBR5@8o5)(iWkbdeeZ8zt^-m|SB<_MH0u%COGS
zS~@?8ael+R(p@F;wO+Oei7wIA4m9s{O&Jgz+-*r>m*)Mqh!H(zjXxu#uO&TQay$B=
zR$Z#+yu-^mC8F%hFEXamR)cTxRad*aMP^4HO^(~_;Rnsp>fYuBK1*v0L2Y?cHF{y^
zC4cYZcdgdaHF7!lbyT+^(JBn@gfYD%TII33uk`l5g$Ca2XpfaWQU%uBEAuD94bfH3
z&c&W?f|<E=UP;B@Gb6hnOO%lbQElxyS_gNVB}v%1j8kJG<xC*s+MPE4&wC8;rCKlT
z7ih{<;FtMGUsl~$BkFFYiS3(_Vkw=)`((FVBGMZ%f4t@X`=F+0*ZVp1)r4|oJ+IAo
zrhu*rrL-!!n*6b^cMhEFdkPyC)TaRy+d`$YHf%z#d$WkZm9<Tc6)2AmQnNG9Gk3WL
zNZ!mjE8OeSKbC@qPgH&2;R)HsEfm{s`-Lj(H~vHe1_66xB$}=OWS8q}Ws@wVFj^|e
z2p+HHg<T#GTyIwI8R$qVR2&O|%SAL%Y_qaeffxbPM4^7wJm$>Grgx!gK8|y`zS#9D
zU_7`+_L0@s%|qh1a)s=dYjK~1&0V&}tZn)-U~zP7noQIoYnUndV2qgU5Yg_q*DC%h
zKNSDQf-8(!U%P9u>77S8c{tbD7uJ2ylZHn1eBhJjTk=zRq4cFASjU~e@}s{r>&+e)
z8p<8OF)b>TZur02MhTEyH|ebv_{0figV5r7?Gr!rgD|Lfq8g(Ml8%I<G)dNjJG}|5
z#F~r`Ukyy{NQ}Z{)HRZ+-2w;S`K7m<$hJwxpx{<QLb}xrzU9hm8xF6L#KnKE5jZRC
zIWaH$`}vfX>;NJQep^S3Airkt+&7VJ<c+(ezB6&xg7fs(io}Pd6v%{!Lv|tqiGYJj
z1ym-@r(6qy>Y0rtH7c|cd!auiPqvb0XB6V7KnVhB3CkUrE>A`P)t+^X!mw5<^Uuny
z$_>Zhogy&3Am(**_(OmKLF8Q(GD%I}#xrA{aQHG6M2{PtFfsoCF&?z*GY+HX)Jpsh
zl!ZjVZgQCvQ_(j~239nen2hpc5le;gO-=nXe2lwU84dOz11MgHQkl9v-Y>d2^Zh9g
ztgVsnL^MRBf`1+`@6T@%Ws;KFu_QS8Ob`?9OI}%yA?<4{N`08f!LxpE!C|&LJ|Net
ztZWlU{iZ?zrcrX3{nC5s@wPAQ9J0V#wG!>nn;!zxE-#Z&9<oKd7-+}`INSJQm((#)
zpuL<|&B327Rg}MMm=P*DT(1%!K|p7KiAuRvq9gq>KRSUv>w8Ht{EzI=U2-@ky&S^A
zDx!KE&`<{UZaIX3-50E29b(cV3Jceycllg3BL`kWh%YMcm!i^a@2fd2M*7r{f<VO$
z1olO0R!{COo|v1qeeUgUHbBuOS#UKZ!}V0mOEhR*ctho&lwzAdDB~(7ja*<tW&kit
zbeXP+FiiB+_UZ;?N$hvxnKojGn*yqCE%eJ~4RI9VLI~j-gE#jvwT`a)n!@9^r$6@c
zP~KZ#MB!95J|g2VsGY*{H~2B_+%{s~Ewkze8?Xv%p+5y_Z`Ht@$v76zCs!jhX!!r3
z9$xnT+EOFS>7?8~8IYmoq(hn;g<k<{!@%~`LvhTGVRDOK(qe2>+hETq80Xot4QI_(
zH&0ZQK{OCh7B(o7&QWha`tdL>qG_mp`!1ma0<jQPD2#`&kQ?Atoj@iEQcxSA6}fhx
zOD)1uzGYi(H@;PnjG{7GpX4ck=P5AZCnKt&A7Uzo9d)dF>W9sa5mmT2P|N>|rz77d
zU;Sn(UTN}tA@>@4ubi_bOqVpb1GYu{mA&21P)qzOSmB`5lcgb<uJFDqtEJjTG<i}R
z<nqFyPbK9aVGXe>Pgp!@jCi`MZ7_|L_mAXI`3S~CVVf1gMCkAtU}h#9={IoUr<~(g
zmd<12RC@yHp{!4%X<#tdg``pM0F<ZSmYqU}H-j<_tY+tGuV&zmiWWkla}B1mm3aQP
z3QErHjGT?Qf}=ha#Qf7*9zmYsZVHeTak!*BeRjV-6}ESuiiSAQfK_O2r&$TP0es?T
zuCc(*8`oJVoX-Ool0jaIeNGl6K0a!)tL+?>Igl}8H976=WF5SO7qiqDNG&~ZvQOnm
z>v)7&<)j=bVLkk{M{;*W$l}8(&{Dv|yRvQ@(5LxCCX52W_k%2@+9X+8<^2^yh!l<^
zOPY&Qu@2exZZZ#>E0UrXP9|*cF5$4RU!bI@mxC{u?;mY^@uF0QS}3s8_HHMh_tWq7
zyi&&Tc;s;?Sn`{R92R?S<dgXKI!^at90M78NSb`ziw1#{2Q*|W<R$6sdyqJA7zL1B
zwvf^0X7OON#Lr`9mZU~0$tWD=Cw-Zw${wlfl4jAuJ~vx_${08<R?Q-DpDhioQ2=-d
zq6)t|?d(yrk7$DL1{v`J4Xuy~P!c)n%^;`V++SPe2Y&Ql3!+sJvy9xtB`IZxSP^eh
z+@;;AL((%{xhy%63O)^xC`Oo|g!eh<YM9l0<}DVMKFE9&);bhl)YB^qTsOxF>h{Wc
zFeR@z>Nq9^Y|Wpl`=#$hszcr`d}Ri9BpC(f>M2m~+tDWdE|}~y!(k{uOGf9m)Z=Rt
zi2`L7)(g=ytqM}b0Oi%1{ZXh+$?2rg4A7rC0~-L6fE{1k2W)GT+GP@*GW^|$-ld(Y
zOR9hWvLbO90mZJ8IaSvXucPf~XbND@)5|;WkZp`iXcfs%po>8OcM4VG(>bvu4THM0
zgJMf#xuJN_qPM~`>Dnp|WIj}C;t?!dtat<DB!_$uUNS1&P2uTk3a6^Q(!TVY(anVF
z#=5sSVG0M0b3ibVow}rJGHa)?zc;2QK;qPR@~<v!kTjjZ+CR1c!Th6R2thU;P{v_2
xsK6qZ7ZM~9&$SODv9Xg~ivRu>64GNLlOI#n>C;qFx7c{y)#;35rG3D?{{a~Ij{pDw

diff --git a/client/ui/netbird-systemtray-default.png b/client/ui/netbird-systemtray-default.png
deleted file mode 100644
index 12e7a2dc1008861fe1d98914b8fb44364990c7aa..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 4938
zcmb6-i91y9_jd-xh$2fQy9|@9>|_^`C9=~fvTvbK%nb68b?n>7l8`M8Mb^<`-$F7G
z%9fCA7^WHHcl-VazxzD*dEa~9_q^x4XFoT=(%gs*#t#DkfX&3%zzP5$;1mKdp8yBv
z;FliYz!GHa5CQ<KXaBtrprG*FzbzqFMtZ=j5rN;}2cxI1nJxg}v8=Q^OaQ<+Z(^W(
zD;)A?78xio716un>5-G=H70t`?$w`ar9XN)W4GODFi`>nh5J?nla(y16WhI>)pCiF
zgPb4EFPJzdbYkbY&X8blI^eEdI_=V&8VSNliBeXaVV=Q7B6bcbeY5%BC?O+52MppF
za6`Pw$Q93`Uxo8eL010XPu>rfAFn&mtW(cRpWr2ZJNukC2MZ|M)vgyqc93O27t7A0
zcYjsWf|g9qJ*5frv;>9Y%a|=r$VCy+ZIYOBvhoMkm3X1G?#@cy_MbT9r<jO+%?NGE
zO~7>3g`O_Q%Ya0k>kd}%kV3MIX5x~B_NaeDU;uw**rO2qvAdnP;^<Dz{Tm_GR?*Jq
zkF%hdYXVvm$W((@$y<BQdy`j+*L~%VOwsamrQ(n;K9SA2A3Yy^S$(~uLJ_eAUUnaT
zz_x6kUo=EJ{MDxB0o)6zfh-n(S2m9W{(h_lEE78RgJjn7HBgsw8B<6xv3Mju6Hq=g
z%lx*bd9yot$FIbVP@d2;FAf8)H<Iq3`<ou=gW})y^JbYi#0gN#DbOsPt-mV^1UD2v
ztoDxJ`+y5!2X<UOLx#osi^47I$TP&{r{JMj0DeP*w&HLcf|Y5rRrlG*?GXcD3cQ4o
zy}*zir-9tza`d11!u?)*h;Xx!Hk<anc2AYjTp>?N2p8a9K|MHtQk?G=9r!Ez{}1)@
zm`8ETVIb?UR@?A7YB?U-b;G2R;3<pZ46m(BA(WqPoIT3amh0kjrm^?SlTAZVOlgG(
z?esN+)1K(Y6P<q8A#@Kxi(=5!u}^RMk-wB*oHWl@p@6H}QRy$>##FSONUz;AYT#KH
z3`W{MkZalMclt}+QT;Qi(N09rDijy%{3ndRDQoiypx~4TT!XVjnisw0L`6h{|G+O{
z-^Omkw(}wyRDpCwy4J?Aad34xu=>m$t^2hobx0+%<+bDjZYqOydS4@1`8IoEcaxOh
zv2Ws}u)L6lT1ID0P2w!}gT)YGiaYvjdr`Z~lE*DaNM3ti6cY90f_q!sN{s#bu1C7N
zlF0ZJiJ0CuE1c8$C+=rZ=4fjd3qR?>nh)9q*5?8gxvYBdM21UFC26`F*#{I1s6W-D
zyyb~2uQ`&zca^1VKc_gNWP@TIyk*&zXP>KNRWa$vk!N*eSDoy_`SfL)Ld#uk%?T)P
zai<6MoU4azy?bS-tb2o7_+x56Qu9dl)c(jwcK};dDDg6KNp8(vWP`3qE2wYLhb14~
zK1A#ZG*fm&2gBPgkU5)%#21oWb(;o?w6?!*6+KTO{Gzj)-QN*4f1qZZ^uF$L;`^WZ
z^m?WdxH|dq&#kdz^&0^lGC`Bh-Cc_G&F~@Wv(g$}g5;KL_G?(=R|X;#-tJxyRSa`(
z_U_aT$j5*7$kA?h>)g~rhE)z-A)7va#bV6i#W7pR)nCyptWq&6<waAgc+xZf;#Vre
zx~gtXQdiXdhQZzInpyQqU5nc`GoxcYLc9d0hEI{pf2pZ|OCl~hAF$7@#3(C-Vf!K(
zWN>;Gi=(<8;(nX-Et7=QS!M$cF9jLK(>W*UYa>k2R|d{eJGR5jsb+~f8r>F;8;;Rv
z$+-o~7!|>%#{&n@wrnM`DUP3|;#p5$Xckl5W!l>Cl93GK$2QN*yJw;f8oI31+&Xvj
z@>$+RzC|a9einRGx*n(P-EiiUhADLYyL~l0OqArUGojEq+%`MQgN@`vMQp}F(^d!#
znVS6JNz|DCvNg%3gM~0!xcFA@NhAB8FITaMD{}Ou(WquWTLv_uEO3;$z=llRiX&)`
z3ZY&LzLGuB-vVh$QTO<MIB0r4u7fn+!0)AFlR_|QnPUy|=pg*TW$TP*VXPD9hEK!d
z9oT5($t4b`60CYYE0>CBeKRK%t{;IF{lV_PF+8&@H0z|cA#{nkx>6%J*N3@K=GM3r
zG+>M!%~w=+VwLUIptBvyBH%h3to}C~8ldX4p;AA#HQJ|D6Fndvcu*x3pcMx9;*S<3
zUtggjI~*QC&Y3>sENYXZ4~XfSNDETShi4}p=q2;ms0a&v7^Cf2`6C-%!gbhCAicmS
zhI3zY!oB{cl)sA%bS3_JFL$4j+(>KF!J63n?M>esEGsYE2;H&1Rm$a2-HOrI#1ffo
zUs7My;^Ol-hooL=CzXB4c(#=Jn1Zx?8vOeiA>rfIlUL(a;83P7|5Vq;63&&%p@LBR
zLVEL_SNml8rPa;%<&rU{d;(}@)k~#jSdOzYUz2b49MLD~`iBjHw$QPU)-m6z=eD%>
zkDa7HT`#$9gFQ-Qo@<qaM2q#3UIc=cbX{NCe@5^`;`cLOp0DAN9A#~u_Y8=A`1X=H
zJkoJF1h-ssgkVg(RX>79-sXxflc+r6_X6qN3o@;?-2aad;o^6V!?;R*1%aJ@7_fm|
zf<=o?8k4D8GKqgO#JV3#GJ16L4Axa_(W}QVx`Lve^orcbjZbAh{uwsQe$G2+BiD9)
z&Ww#KLVbbpPQITX&8)oT$%Xk#UzUh+b>!h0M@H3a&g>oA4}>~>d*YwAhCdYcru|NJ
zFjd^;7B(#rkS+c&QPjQKjFx!jrn?wu<tC9QDlg<;(L%p``l`;C^0H6L$w%Y-F0m;|
zfCH5Bo3oW|kE7zOoEYAHBlqi}ejX15YPee^x>938oj&aqVf}g}uU^yV0)x5!8+&Et
z%>%jEW|}?E2wJSpeT*nKT%cTA0i!55KpPDXW*!^}C54$^99#5v53x+O2|0HGn<gEq
zY1fN#kkDXq`g+=!A8ki<x+}GQ0{;Sbp`P_ZNL0LT4f&)!@et>}>^ZF|=OSsj6tVNs
zdIWpaU~I0`^y0G;Hz_;*ZF$bE(qC-DyYCQhcz@8!Fv|36!7i6P_Z^c&gG&6}2$!7Y
z!qv&7uhg&DraC?b^TtMw+bY>>4WX7!AoW$J_?X7i-D*78qw&JkrcgDTzLp7;#C7`Y
z1wZCT(e09{K`V_j-M2(=Zk;}NWKmP>r@p<LNAp(>_)b~HsYf`<8lFDYGJfVpQ=^j>
zn82!mWCp`lOU8_5s%E5#D}T&pGE?BY&;vVjMaTsC>&Lh6B%96pT{3fmrB`ZB^yB`^
zIr!wru0+46*0Nmv#{udRK)cXOw!xSwAR|=Uel^q?f?9mLXE~&~_d4xu2Y^)ePoxZd
z{B1Vne+l|3wR6pNUAl`jd$nzW7UqZpInpNM-uKvGeBB6dY`^<VXGp)$pvynAsR2yE
zpyf5}c!h;4-2?eX6)OvB>_deOrVga^X6=r3EU)t^t}#!#Z298IV4@ACh1xcKi2KqS
zkeO7aHzs8Fj`}OD7Rt}gk>bROoEmu8$OExU<!HXTQX}1J_)cp2P~*W{f|ShX>4;2(
z1N72S65sFYs;c`{i(rhZ6I7kK&G;t2n^-R#vZJ!o5+VZn!PhNSd<(M|a4|8d$-<=W
z#^UH!znOQsxu4pEsH;;B;6|WG40m;$waWcxnd*(dzEtR>zu4(*L`(T-T%OGU{jO5^
znJ>q-LDP#n$wvca!(HlonqeyWW)m&el31f%RA#hj|7`IDYFS~pt2*q&8ZmGu7KPCF
zQnv#N%(?IWMt0tu#6o2FspSuLzgO`<=4%<(w5}C?ic}yYo^{H<mG(amE|GskoOOVH
zKSEedx?w1DpII{A*jHvsu3dtP@uRb=7ZkcCK~GQ@x@v92A-q!a=>9icjOOp=`y08}
z$XNnh(S4>B4B3o{XLcQ~9?^0l^ggprtC3C10D*CxbZM)&r<7_72V9IZmNF0vl`l=a
zRr+&wig6#l?5D$ew{y1yc#)Maowac=uO{`<sJ$635w!V7i&O##l-Ax7=|L&s!UV#%
z9~Q5Vi*RAwhH%mbi}ieC0*F_#pwQreHP<kw>&8^!D)lY`^I~Tz`d{tn`k$yFrkSc(
z86;Gq59%i}*CVZxS)S~hM}`FRM89+cVO*Hxh6>ou!{Qag2>$4b9p1ec*8c+wc$C99
zNcZA374G;agSL2fiR>lT?xuDB=Th%pKKgK34TfQA?=HPWn>hA7jO{0G`Tv%;1(*c5
z;d(>4S2IE&d<Cy%JFmU+<HA6Ds`M7mK53ur)w?3dkb$3{r00YRFqH_)Ko{LUZ5%dQ
zDEe}K9{V59?EMN0k{#!p+F$Xb73w&MWKigEAY|9#l-$7x+HDh_-X*xRsel0dX(_E5
z{{%dACrqr}FF?}QWQsy-=7J;%Or=fYi#-MB8ChUDx{ud?7PR1;`HrWZ9*MGU(R5u|
zW;ycAnSFlGM6KvT;PAD6i@i;4ib7z7MNIQ1%SPH9=LS=SchWCQ0QR|!kS~H%Upt7g
z>#St9zq_kYVhVZ^xbhTAiJab&H2jfrGR7l?RVRbgN8B>z!W2H#g2|OPLxd#4k06F6
zcg`X(BSmB!SQ%t);XIF%;ZU}jt78ex)S*~t+Q+$ThkA>FJc&9Xdzw1Dpzr=rbiFox
zn8ZMFgz?W^HMKMzZl8D@n~gi3{XKzdd=2e`^HGOOJufnJdb2;*dXLcfe&p%Ol=i+o
z?AQd%(fw^upC5$1P}1Hgz2<EFLBUA`=F~#b_neGN?WD&$IYqGQGN(qPkIO==9?yXx
zu%T#AAymZ}g8^Ni<E7>6hA`65C|c{xkO3r5FP9$CgUZhr{XCJ4X|XO1jdlGaI7;Wc
z2~@Bw6`OWYEj}k9u^iTn1IzWB!C$pc7GQeejXNqSo3<11`@4+4dWmw{wm@%Q*hVfl
zB6|05koxR2Whe<6^u*}=&+bKYs*Q*gv_L|q#P|-qN>T+$KREuzxugeCjrr9tY1Jrh
z`Q%oqUWP%1ozU1J0s~F6`b(5MDFeOQz_{xqaNDW1Q|ZjoHAtT2HxP_o=7<)hoH8en
z*hGq%ZUPqtxJi>w#4VS;N4@vEdW9sp)Tr8niC^QVE|&(LUnm#rb=yz@xr-m_Mm`2L
z(7>4bE8oL=FFY=7R1HrxU_Xx*<?YsUWaL6b|B8@22rQ!bg$U=dB7lBg@L+d|?P>k@
zS7PJPv<q$o&d^SPD}mypx2<x(!lkw(qutq!It~tPWyw>d@6{3*m|Sbu$L`KmNycW6
zq6`=7#h=}V5HFJl%RGBxT}C*WN9YOV=mhmP=xZ>XeCyMG$}{7XCA-7>e0bs*Z!%=}
zZz*s8p-@eVb)0%=jC=xR*PN4N(_qensSP~97gWF=yktH@vPm)L0cOB__W*8+$*WHc
zeFeM&sZ_HX3iF7p)QCRwfvV3Q;&jEj$pp<@Mdq0&U~#ne1y=GZul}NV={cEGT;Mjx
zXAY2!NP+)Q;$bhA7dp;*7#v<h*h0Zh=5HhNCLsMKpBp2jp-CRpwT_!klSoTGA|oqy
z?C|DXn2T<m1!;_l?~0_~sJ8bI>mSw00m`2ul|Vgjda!^DW`5<x5OW7zTB#PnN|v9{
zQMkPNf;X)!#1%YJP}VR>fm~x(V+Z&PQkQ>@UkC5-=xq}qPCfFCY{UL>Hs&733#AbL
z!9wvnDoM*#df?$D*-WlsVjF&-7NbaMV0GfBKV)~saf&fiVWs9_4pU-yhu7=fVw@tK
z|8pxhCP@ML_Wa32drldi!nV<If=HbsM4mioWO0W5fyDNkmMQ%+q{-TcbpVudE6riT
z0Sc0+S7OrXMdACHbY;zWAc1#25$o^NNdd`6iM}tvfZC{ofa%QK1@F!k9Y(iwDq&VY
zJ`Cz)d6`0hr)jJp-EHKX)uD#rZP=@YNXRM?n?%s$hc}cUqG1$-g)s&HWC8*7peFgi
zz9V_FD7zt|C@f@|mrw%OfB4O<)3A6t`=zLjG4<5g2WX0RlByHX$^#nVxHXtn8d5Wv
zgm0g=<D*WNeYym>+j(ip9TF}Os<KkUa*qpgyriXo<Ov4buf=*b!?JD=AvXj8fV`F=
zqD7-cKSh2Utb%TXq1|}Mu2Ioa+yYE)g8}B;z-XogV~VL&T!T9c;~4ov4fY(>VJIKk
zMI4oNfEo^M&D;NTK>NXji^2-XoN+I_+~@^f_+|T}WjSw}!$<-*0D@u9-LM=7UpMi4
zVVM1YcO;t{C2^3J+1KrWm4(V3&z622j?r4!Q%bN=h<6&_Dsi;-rXFb`y31!S0n9B&
r&AUsR-{eMUp!5B|e-?oVKZ>*&$d+)@j9=;KKYSBIbAwlUt}*`yfVgwU

diff --git a/client/ui/netbird-systemtray-disconnected.ico b/client/ui/netbird-systemtray-disconnected.ico
new file mode 100644
index 0000000000000000000000000000000000000000..aa75268b0c7c110352eed1b76b21a97e8e24b909
GIT binary patch
literal 5167
zcmb_gi9b}|`#-~EmnFLpvJ@eaHCrT+M3#^tiW)US))_O(7TG>2OV%QZX^bTiV-!-7
zErYC;NXEX5F=qN*-@oB^?(4qpecf~Kd7kq=@8@~m=K=tOj=cs0hk&FA0AkSn0|$F+
zejX_v=$7B+tfk{#@7~G90bM+UUtR~`z_g8}`K5^b#fkpl1FnS}E6Y>Ie55Z2C-@;7
zvN*{Cf?l{v5u=1x-%4i{;v|Ia++NjCI}RH;8|gi&%&i<BO=v%PdG<Q(a~S_)wKXsU
z>teTb{-iD8@#e5%fl0J{F4yRjrm`iIxln9tr8n8os*2z-H^tO7v;6;PnDz~}B;{2a
zs`d5JvRT+At5P0(CHVYe_%}TB@x6In!T8lbZOod1C@&;t@_+#$mbb4-N_BJLq8;*)
zZD`8bTRwN@x!G}5^(}Xn*>K^-n?^^uG{A(DOOM`8JG%EBFW>_;ozFRG-M7j#b_!|s
z#hX?EJx+9ZQrB!5vdDO!1n`SpOpO*V-YhRTltZ)p?2f!`uXNTJMgP+(3H&UVPcWVF
zn?uhPPfcxn8YHi^dNE4FHju2RPOs9^wtz;Cm+exh9&2*(pKvcw6(vk=yRWCBk}2Ky
z5m$l3v+d4?xURwYj<TLM%@aUX$OEb7ygGBTj&wEZ7(AkdICY2vbli@{Y_jw3O6w51
zYGacEw@|yAzQ7^yjownv=>=2voVleMCCi&k-&S)zkleAg^Ov)4hj(zHc=!hX!l@nh
zgX{xwZzwLW6xNjVDYd=a(0j)0#l%~v@pr}bES_e@S9_I*OpfCqKz&S_cKh_gm~njF
zqlmTb200ly20!Gc-<WhIBDmRKPiUFo!#c>0vxwf9j=8+A&9!g08CB~8jp#LyQW7}g
z?osjT&^E_7wRS8C^1Tq&cXpz3r@7v1LTuD-;diw)7Uydw6^n{VjFVvS2ebI5`|mTZ
z9b5Y@ag^&`gEjNi)cRkk5u=^@fGe#V{XJ2_$WZ6yLJWy6Q&PXbes#Dv4{S3U5U%@P
zhGxCGiSHi3IAx#8JPQ6if8(0T(}Z}*hU2+M^ty25E)_YpP&t9(|7KOXACLXZbh%>r
zH<qFc?gCw*is(X`Q`X?I;SH1Z^`2!QH0tT*8Fi4ptVGN)PnR9nJUz1*RvzMI`5Cj>
z<D7IU-}HUbw<w>B!{l`Lg}k{)UBpa9rN5}hLS+$e(9njV>cL*xl+2vBhzHnc{dB6=
zNYm^x663{=vP~n144PfRl?&1@BCj0Cl)EL6@H_==N4WpKpS<>ap}}H#mzHu6Sfe)5
z9G5rJX6EkFmI&jdPaii#%+9l$CUvFrrr2Jv)8qngD6X13E05>zI-FI2>@)8OsGeru
zL+`hJLwd{ie_9Ddv2#Ag^94tC9afrEZWJj6eVnqvy1$J<&M38(M;-&R7{(^rx*~l0
zdPApE(k_^0=zJA~IE4B5Z*IS&FEyO%5lA4!fN6ybzZNNDwh_VsOiYPGgfML*wumut
zVyP2hIy(7Qk5JD_K*h`%bJtBKEAmCrHn8Hu?^PoeYUpDfWv1tMF*w&A{FEI@UEA-O
z)`&ZTDF>T<<R;N^f&K0jZ7Thj`pS?j86v4DK-ll_e|q~-YNQFxba|O#adOz@b;QIO
zx#0H05TgjU*tFr=mZdN1W2g+)2On#m+q(wJ38}3ygo*vlK}^aEj;l6e+I9=CfGc|$
zX>8JsSwnldIJ|L^wLKedlaxnLwQt_<jl^ue0pmhnr83<G;oYvc(M_LHO*tPJUv~4{
z(WjsyzoWF^+IFR3BLPeu-4h+b0*UR%w~V$<U0|ek52KE)|1vvSVPEb(Re>0x(+%8H
zpUnSu;JSE|^i0B?o5CB5e~ZZa@;&+uFK{?YW~E@XxYWgovueqi1-NX&)Q)C?Sy-La
zG1bkeL<_87oxoUv%bC-B1v7RE8xuGv+DJbX3n#?jQt$pXgs20K^F8@(qvyCu%jI?2
zhR$Cg6iPf|#}>D)Oti#5J~%XvdWc?UC;O}`g~d#^wN0AyR6Z-YD$C&KkpasS%}&dq
zhH@w1<E2>^A+3`0%R02Dkk9l7n>VtIg+}vdT&A=XPKi&qJPrTbx1(XHJ$66aIdx(+
zZT8&05qcyiLvu?AZaC}QuVr&<cQa+zJEL3A1V4Z1ZJS__HKRK91Eu=`$-1)t@1opF
z;30mgq;JcnuZe|x?Setwtdxl4__VJaZ}l>?GV_)h4+?kWBpLnQd@#Lyovo*rLRudb
zAR<m?<Ro37<+iuu$?77+Y)78x-Y{PQoFZxYM_^f8MQ(*939F%Gyd|x(`oUaWEW0qd
z>thpx%vW>Pmv)G#XWGX+>o8TZu4w)cO5IOq7dqBLr=i?g4wPT3Jlj?+Q=Z)Bt!$jK
z#Q3K>-Q#}nzZ70-cs+e_b-IN^Dgmd|DZ@xzsHXo1^_Csql7<2nOjrmdS;m;jcT^4q
zl!a|9mtX1|3-RW%d`uZZIaEQ_6pBEBNNM8bo~REaNHx*v4o%Iz8{rS}Z3YVUZw*<`
zl1~8;#+~!+W#YR@QyX_A)nu&0XT9%_VSeVyChNmtVE|5(;bkKGk2Mky$kZKs8T|bK
zn%qoU*I+4uCZ|jUz$>0S^&gsl$9cfF^$vAeRtui6;wa0IiDs4}rq?z-us$Vc*9HzU
ztU3hsFFWcYE*_Qzz$1R3nwEZQ&{iT@Uh7aBM0ZDS0RDs;VtumBwB1w1E`4P6kF|N-
zAB>g7*RMV|&A1Ax9S$2Pe~h_!@H}TQwgA^goGSjt2DWwK5u85g{ae(rZRs<}o|JgL
zG$u!x6fo0+M@Zi>?yR8K#5%&ZSed=ioC7cE$qJhQj3^0a*AZyxkN&D2q|PpLI7**n
z?MQM1oV-?r{X5^q5zVR(v)!H(=K?>BpfaFI#_+?!xGi0=w`ow<Y|IHc0Y#!8Rj(@m
zS_47vlCwHC-_W^rG_)q;>AfQqw3UxB0B?A#O0t5lQ^lW9q&DXySqM$X+8e(JMWQgU
zVFA3e$z1sRfileW(C;!jTeYHrn5tu+iOK-yRg%>4&+SE{;TCTtaky(d2A345p{{Z2
zcuU%#o9G^P33no?;uKa&)Qi^w)pwvF@4`T}^Pj_-9*JMmneQErnkgziH+O=tc9VoS
zV8tObGyMl!Iuy|O@1j|$%Sv<Ni|pgc^)R3XPxHG)74Kv%k>-``&Mf@4m7A!Gsq?uD
zK%nU7pCg)lLl>9q_o+isT4Mrm=mwrqxAn(QuD8t3Boxm@>e&(G)m7L)mw#nOk1pay
zpSw}`hm6!=hQKd70O&|j!-yZ-bJG$BPa+I!<zL1&Eka4bexF&PdpxwnUWRM;i*yo~
zB+!2b`sISu0q!=J*}}Wat*QFy(%AC(I-{+keQuZ5MdL$Yz^~PoT%SkKal?vvU+i%e
zvF8986M_!seyotw${8c=v$bG#hNuRO{}t-#5e%Tp9_m|4B@K8lT*f8MQCrmPIY9>A
zrKCBXd4{;EPOgVa{2V*zvajr$ti3X5TV3ev4|@VFUFHLb)Ac-(n7*Hf*CJZ}=~o%@
zR@XsU@e3S)jb!nBH4$#M9wGwnlD|(swB?^xE)O90xRlJs+_(P6Ww@BODtr-NUn`Ae
zYK!lY(6cdBe?b>vb3^jr<K(VcsBp?kdzd}cmIOGXD{PT3>E|pKimy@a&4=|^JJ(JE
zz&Kru8JQhH*|{U@q~?nZ8XeX}tzNK$Y9sg-LjP2~&eF9LzgI*m=%nS{PDJY$POx$m
zUiDXadIS|*5XM;$rqUw*g$yMC4K`3+>2R0;8P^Y#eX(vKDaqjfe14CzxTMuY9i4^q
zvP|FqC^}@CvA?Faw6ZIdF&4uZuRmD`m5I3XPcDj!<L~}-<$&CV^rT-+oN_qKyU97p
zw{=^IdHj$qgmxn@AbVCiRQ5w;f!T1FQ95Jp2SZcK)qvgJRZ=9T!_xLJ9Rpy1KlV()
zFhk`?W-YKrlAd)zB%6=JIr1cqZ`)pCXw9a(C|s!3-;&N^0MH~4rf)mOD@4XLU2xCh
zx!Q8NulvskN|3#{+*MULx>68H8aOcg5e!2Ed4mm`XU;EK`NNEIr6<ws+7Mp**uBm2
z@fP?qY7@wz5c|7V>0Hy}gBayDpl|Mpw>ZcsL;k!|{6B^5gI24NW1kjz^oD13-sF07
zzMoXa{XOkU7W@^)y)thy`!Jg0kiyeQNc3F=54G&M{`c&iKt?%K&iQbH&*H$xnCmz2
zim2wB(@;&`Uib*Ojs#W;7A^UDm11zWdxo(p4N~up0|kkpqwRT`MlZwS(qWQS^yGUm
z!Hb&kw7Yv|w*EBpH45eQL%C1_`07_U#9g2f6CKS*{5kYD;T4CqKxfdmqoJXk^3b?)
zx>pq)EKf$eVrHe-z3ukur)g7ajxJ*BMnfW&uWMlsD{r=J6xw~E&PX7#r4^HK3x2(2
zR*i>)9LLk~e(1ADh@jA*ZHY;FLd{wHbYx@GBvyih41Y81YKo&cPtlHl6s$fM^gW@9
z(w%M6^eMV78glD9B$6#=K0HT=C-1xT)!9zt!A<}^T@QYT8qNp#@$=KIfGdmt-0!?f
z8g2ZqLa873wR_l<Bcd?;L!V<+2axzc`F>7R%GG|SWqyF~G+CJG4<cXf;h?oYlaRpN
z3cbN`qV~iMe1g4DXcGfSy$qp-Yjc=cK1Hgz!gJ&{=gvJAK25GBoxphxp{?3LQrCL(
zn9o1;)8wk+=fSI?MK)SMVPx`cc;GLTNCM8lyg20Y9vcpoE_D{|$80RSzRJ?l#V9W+
z^>f8P>m^Qc@!>Ms9}y>atv}Bl<%`WaUr;dHkA-uXaee5FxtP`K?4T<4(@i)Py2!R-
z=cXbz<YHlh_aY|UJ*SXMc!TYIrms=fDk~U)SRU5RC>afJ@UXh^O|a76PDrra(__u^
zCz##)YF9M6`zIYcGolHHcm-{ghE#o9t1aP=_0(1{taX)Q7ZbgYy)5}vl_0LwX18<}
z6Fp`98*h+c_67R(M+-}6g*D_9h{s>Dnt4}>us#ys;{T3%;Gy}dT}jxc0HPTQnf~!(
zPUKM<^Zn0UGjy_(e=uTAQWX2wzPg?ibv%uTa3d{0N56h=k;yHR65lh0-I8n6q(4lC
z1+fXyjTeX2MR)^6r5-Iu=V<f<{X+5a;b3>tna@;3cylnmly+OA^U%IAJly10=ahs5
z!2Bo0usRNDPK(Tdn<&=0!4q`a16bc&X`beR7q%z#Jq(ahlJ?M-Pn3!dKoQ!0w*~9@
z^=skpTkVP>y&^Z8C$ZXmIN1Zz*yq)@)1if2msGqz&Ba9^rJ|&<WUIjieVdAb34!Ta
zPQ;w}Zck+qwk@@ldzBCL-z3?oI-kqYIRDfu;rz{3dbXayR*Lx&yLUch`ug1U%c=uT
zs$y=dGLJkt$$NCG_J_FehUYGlWU{-<yO;46K=n1Mcn1~rxp7H&S`@qb`4$*Cxy7s2
z8?QiGh7|DiMt<ByDEvk%1-trX;z-Np$ZF^*ozDIDz}CFU$pe|56KB5U5&UL;mHXqM
zs#YERO^KXGi1TBq_-8;>s5)4P&AoP3O}?>-Zj6T<%W{lZ?dA=@pVw4!siL2ANf40!
zSmwNb?cOpYS6#%X$F(N-0Dv_0>=j5UW!AgMQ_xD9dN4p9B_c%PufodsLb<m|oMmiK
zR#g`dXV0smYx^{PYl)A*(#R|4I#miA(5c}JC5?4|a1zoYT37P!G}_{H5l23uf!WN>
z!Za4s^O#8Pk@JvON~0sk46UB*X(_6VzLV;EBBDtf!;$eDvZYbL4Ndh*?gX5Ad-qy2
zRotq=@g7AAfB(sRS^g_Gb*S@N?kV;zhz6=p8hD7a-8egry)6-E<ixgg8T$1-i+<7p
zQwlmavk~m=sV!zs4=z-Xj(dc-h$crAR?l{4eA$Off#gCh-uX{pS-W1VJXAtmkt91o
zp-Yoh60LiA?E1B%pnaXB)54LRvn1@@lO37MjhozLiQ5rA=qjHkuNza)l2390RP@jZ
z7C2v1UOxp;<MKa1Rf{T1hoR-rRMW?5nxUw)R<^A31SMX>#r<JLi^}fDD43>R>{=9-
zS0Br9sBnDtsi_GB@#B!kmWW?pHbjsl^&g=ih?@QI=Ov-qkTOeBLlWe+f;}fLVlr=D
z*Ka8FhVqsm6!Qx2Q%zI!r9osRU0Z(1MSivUS{jr3(+?O&1+{)5A`Gum_k54f=L2PT
zZ$mRoQiSvDE7C=X1>ffD%F_(##Ebd%WVhrSu|uyJl%2a#Wg$dCk9Jo;&>>p7h((uw
zhde$j@1QOg(bC$H&jW<$;~P>hrP+L%;FhH(SMq+0^j`f6hYC;_x0C8m@!iDMck7br
zEU^#;u(lH__q64vs3CK|1qE$DegGgF1(q}4#*+M}a(+LZf>AgDfz~i)bA_#n9-O!d
zBd3}&HWP6w@AEVhM_dJ`{Gt7)g5@kMNbyr}ObPDu(~yy95`$T<slTPD@c+?Nn5IwA
Xg26-6vL(<jKVV~JZ~5B7``-TnGBCij

literal 0
HcmV?d00001

diff --git a/client/ui/netbird-systemtray-disconnected.png b/client/ui/netbird-systemtray-disconnected.png
new file mode 100644
index 0000000000000000000000000000000000000000..0e1b7275f3f048770befda090aba02ee1deb4de8
GIT binary patch
literal 9258
zcmeHrc{G&$`~PiBlBLFyrNlI{X3SzRJVY6?FB3w<m>Eo#5tA*;P)ey#A(bUXWNER5
z7%7pI7LP1hLZxKM&M?0B=vmMAd(Q7X=kxpg_l)DreZSw=`*mH{>w3Mf`+d(DTkHM8
z0^0-t01!4aB@h9C2fX9~`1!yu*PsF~@asv0y%U2-3WWy-(Y<JXR5&9%kP4@U(ZI>D
z9)H_j;U{pR74Neb1`jsKp2ih+2<t`*<LwfHF1DY}lzB#5i!%87tD&-4T5fj`-{~t-
z4w3@A6&i7jJ<P`k^fNE&m3hkwzx?suuK79Ny&4yFljRG~bhRx_6zim$j6WzMBo9eB
zOJUCQo!YyjJ<iXi)W#|F$_;s<ym}uSSDl@=IA7V6Xj!g-#cRBfVjeOb>M@>c;p}|y
z(4_LP3g!%Igl4nxtz55*v-G>0yh~tiCul}Swq`~~zo!ExaXl(U-}H&0Oq2To<CL=}
zcHF{K3TnEH^YERj;y3mcY;`$?uAUXVirb~4ej(2H@#CbXJ0}v$N;j9r!54Xkz7O6S
zMJRAkD&+}31|P~zPUuhc^Xw~Y#T6;>_|*7&5zR2^?pxW1cf#XfLsybBsBLD%ZS})r
zvOM+uO<`$k)dtNuF88Ehurp$9X#XMMp~Zavz<#C8We<u)v&C$#GWHJbFWoK6I;vi+
zHq~}7<7J!J=`&44$=z;kt@$Q;MlueXnbYytn^nIcU%6Dg>RA{;32mKCrIx;vF&0R4
zii3&>d@INi*p6{IMpUEt7<?U0dKi7iRiIkcW5mf&cpK&Y7S2XiZN=Gl2M!aJH_g`L
zUo}g;t`aQYc3~#!JHA8=z9{7Sbw^Cerncyd{i8l_<UM@0KYTdh(<&QS&3jHy`hiL<
zF*)B>4KnFHYZdOXC?VxE6X82KJj>HUJot6{;2=y2Wj9~bUdygM&R(#rWyyUV3F>^G
zKVtv@n-9@IbvapC>XPaH>Ld!?ld2x(9|+100Q3yP0!d_FDg*9G^`-^rBPMHE2sn+R
zk2t7lg|-SbqWaKGBZ8<0BCPGn5x!&{3c_HIfL@p`2;fg;kl<ndegVO{Vfu)5TwU;*
zJB&iW*G(9{`Uod0TeuNDhziH4<J8ee<1ktX7O_VFt`|h{(j^j1euDt-^btM`MxZVV
z6&f0<9;%^E5AsG~baZr3Xe<hgMS>Q{;P3zjDGV79EYF4bi9w(SlY?l13>rNE&c!5o
z(vLCp5eRS|{(F4>fmT+3zy}2X#sbI(DvT6}!l<KB{{E=Ht_Wrrhkziz1@wQe2(|||
zDT+u9rXLF;Q;kEY0Sx)SLQu$mtPeaE<hPy<g^Z&5QT;*FV9+b(Z!Y(nS=s)vf=hun
z%|CE`6-f5qEEzPfKgs%AY}}dkbp9F$xcm>?zghpD`?@h`Wo4yHpp%br!!sl3Be?!`
zDReT8qPu>H!C=ui3P}U0gCpaSI1-tJ#G`d^NUWDOUK36BBxAg^{{m$e5X>M2kf~fK
z5L}%G;%I1-G|4zm5|XUpMMdH;T2v&7<mH9LX_F{ABrhBuL(=>UgiR0)R3*vpuTgQK
zC?J$J4nswgHFc0=k~Rg2!)fD@Bs7MM#NzQfco0+vk0-4|QOLR`^dNr{SWcQh$(xD_
z4Deo`;1aI8*VarQfmKKUIb!QaVt9cI^bwY{fMa2QPT14@sRtM&E}Ix_G+swjLsLr|
zgU4erT7McjQiFm)C2}z_Xmt(T`V6-$x?nOOu_UfeL4fsfFc)2;AS#JL53;Az{qzys
zkl@^ve@t6}+lfMAkO(9O6$C|Nak^-%E>_DPgVV+6=wh{ZqcOVZzu40$G_Uagmo<0u
z!1aEX+>{m!`VU_p`njVHP>=q+`+4g}Ti;4>`1+>MC6Rxo5KIc8Qr6=Hv3^dGeMkY`
zRIq#eCfDD`Y5#{5uy`~cr%m-lQm}Y!Bn}PgiiE-9kYqAN17sD4$9euF=@0Z^x)&pq
z6hz(Y4e|(b1<G@sE4cD{p;Z1JOQ;W(TLq9XBpQpvYH$hD(9p$Ve<KX_-%k;T#cGkU
z;10oQXla2GCE<`HO&kVE@$&K_qp?_REghY|2mK$V_`fvqTZ(!pZd?4lsCuaXRra3-
zf9azjH9yC|{tUKz)F1u+H_pJ4{5L<p$?d=C0uKMz$v@)vU%LLK>mM=jkBt9S*S~cA
zBL@DF@xSW&|3;U<pKpxR0Pvs}3ce4vG=I?o-zE7xE%p<DHSS+d-R(=@$fiJ3=U@O3
z6yyH$09UU|frA?vW>&@<M<LsU#kMEUwSm7Eh)$ak_S%Q_jAy<G+P**Sl#OF7LM1uJ
zW%{XQ!xs1+<}AcT2WO>{dvizKJvF-rRvE+mNnV(@jHf;tE)@rR>@NEg=kIB2>`s2O
z`R>TZ964q*Am1ok5yrEL3Aqy_0Z>Nwi5gNJsE$zst@);|4^-EJr?0oM2w*V(`6p*f
z6O8#{WxV%p>t0yfSyN{f2Z@pw2<*!iAuRjXn~<A;`c$8`yY)tw_9G?j$IUa}BP5N-
zf~24<V@!#3!DFSEV*$}5kR9Ldu<6Cz1XoxI3Q7vQpZ?&8Vgx0!y;dF(2QVG%>bFAE
z!8_QID6?|K)Fg$)qSjAia`c^mhs~|`%kM&@UPYK&`Ie|yH>m(wRUK?P6nN|U&i$Q>
z`<QWrV$_OHN?uGo=jdFX6na;(Nx5W7;yII{YOeE-bsV`A9>WJ>?!JoAM?Siv>NxUH
z;L74s0_RZhjNn!%AWDk*Wak`y#IC%))#p~ydw=#$02b5X?#3}pTuJl^8R-^TamZs$
zodyhDzjBIwR^1U;i(}nayWPj>T+>4xk|mQE(U2Pzd$7xiulb;2zEOFy{Qmm8Z?28`
z8(;x+#<Y8fi-EZHK=(FIy7e;X(<E~xF?SB3ax3rgzyX_>nBkX|au9$|ac!En=Xj;}
zTEFCp6<G+tJF`wMY0(xp7FDan(yg3&pVS=q7+!o=Pjw?{vBLIyS=78-@4P%OGewa#
z{V27xPonEwr^N}A7?B=k!$`aRtU=*;dbQACExrDFr+MAmQvy$>`Yv%^Ej+p^(S2Me
z#O1yEz~ZfEZnHgCL55fwkKJQ1-v^xJff)9D(F0MHiW51-6<Lm%X8PkQ4inMU7kZ0`
zc@tI0!~`e_|CYUB@6@w)Eywg<P)Ond^Ir*L*|lr-;Kja@A_P$^<qq-A=kWgaC$|oj
zzHyt;Sjyz*+`($IrWm6v3)PDW#L3E@@fq{NuY1^^A1FHn?P*kY7(Z)lmAG=NqBJ7w
z;9P1?kY<sSyIXw`p%hc`p<!lq!DN$(>IJij@cwWGY)QqQyT<(vI{hm7#z)L47MGXJ
zeBB((S1GmVS*;~>$@S{yw9*fc>Ts<CckGlRe&JVV$S;NW>8v(|y#ClFnsP^C$xdbN
z-G`ONe1(*?i=yEzpN=ZAXHz3$I+(fESHF*6kUL(zMiM#~;pZ2k5icj0Rh7X=Gi(|#
zn`rNQ<R<NGa5!UXAX>9`bDW@MNa6!%UbJ|M+{G4{R+b(o%Xh+YR<3e<;hBYBv3d*~
zk#0JiS)kx|%4N+~SzOC1RL*Ikwz(jlb#TMr^I_+bx%ZaQ3u%HkI>!{B<{ZyoJASGo
zZ}6@vE8G2{+|sd{Z!vb|oU5dlx21~js;?!9W>BU2p7TWw#0(H579a54yI&LOK#)a0
zdNpI8SnOUMemuu&XKL#HgLM~fZh0sV$XBgi5C;hGU>#2f-_?$V)rw)nhIoU8Qs0io
zf!)VWa@I0x!)tSm)1*GBo!sQ+h<M)!UyL4pK7C^1W~F=fN}^@-m(rp)ONAGl#MD(q
zR2!ww$&#eh-RkCO@r~J+-qVA@y>_!}10d2;50mM<W{_lafjsdMrq~nRtj@Ds9W*m9
z`Xbg(w7mCIPssStJgPm<nT~~9`^*n&xtl<9Y@nUe9KZVuepT|&y~^xg*m1C~?EAvx
z8LA~vgP6)rFbwhOye1008=*WaxOePc6TG|G#kF3HH=FMR*jjvLe|*;>6;Kz}DhFW9
z_tM#V3b!qce?(>PErTy#^J5EV^33{FxP&sk@bAW(lUdP2Ba$LIevgvJ-77zNOfvUc
zY=7d<O4%^DB|Fm5x2jieCnP`=8jG9XZX{r0R2dV_ab)965sO9Umv7daY{*f9<j(D|
zyVLsVXyWpO&l^4decc@Dq505x1tCq|j9b7{`^D|f0D(~YVY&RylPL+r;O3GiX);>w
zgoyKAb=@U$$-=uXE+widknq2}y%Y=Msp=ZQkkvX~@D&I@&0-&n8o0abhoii~HX)I~
z6IB(fxo^AZE%SFNyg%Y&>MmdIi=-U%5HkL*zz^v@Ug_%!L@d@TfeA}z%Xr@tHd({>
zMnA(cWx)n_$h<I#@g-K;Lu9V+M3-U=-ORSP^!_fi%AKrGrRNJ8(~QCDrFf)Bb^E8X
z-OKxtE5c>F3j8PEC?v?NIDDF(ORBmq28g7T@(Lq7>}G8)K6xfs1GU=#kF9j~gTUWn
z#6|Mz2Z{L>W&M_F%dGlcqa8A^Sd!VDamgZpk<RNYBX6B<Qj#_FR{nCPd+4pcBf&fQ
z+E<J6^*BUH=0p&HiY+Iux#)K`4j8_%^zDwS+<p4Ik$Q^<Z(5J*kD&+>0e*gTd&>=l
zFUu93#NJY~nViS*I(wGsO?3kXTX{ysVp&0{VrMy+s#OzG%mN^S4}d6sn76R!ibhh%
zSoADMMVteRReo$Bdks|t&DjlkDA3f_Kd?~DiA-qNUdFm=(u>;40~4WD^~OB5fXiN;
z%ZK{2579RsKUTx*R^C~-e~qvKFiKf8EgRP!u|m~;7c;FGPrnMxCIU+QRwfQ?ff%JT
zh7;O?d0q1s4nPE=0pqE0&U1#^{ADwBa&k%Um*kT#(|?7)<I<Tb7yBpa_RyYKneU$`
zfkNSURtLCa60B=~t*ji^Rz7`RvRc>N&#1S38_%dD&m-um+w+kqv4NZS2U?n+n5xm(
z&I*9ONP{f}KXh-&{8HVQ<J~9$MW2~Zmw|*qRa{4p4*zu;TX>Ilc}JG_;@jO06@^pY
znZP4)9+5{->$9AV-Df%aJtdVL3uDf8ex2Jsg=s}yDK#HbWw_1`v`>WeEFabno&)mi
zsq2qzDHCYm)(AGV`(<=fWX$cf!c`tE2~M#Dw{Qn<ybpV$$EY9Ic1ja7*OxDOT<%wY
zT@nxxGCuspL)&0=+N<s>hiF)M<nc_W-`bU|mvWm$7X9~8?oWk&Cwhbq{Fu6%&VBZr
z0<MU}ey9<k-XGU~y%4Z*B4mSF09!{1a1&`MDM~)C<!<(-K=Zm9e?(U3i;VVfts7t7
zEJ}W<<^G)Vrl*?MNNZxD{Uneu((W+o;q5;CiZmRrv0*QgSXMXwr5qS}?oi-NZ%x#b
zxhPHG@1qHpR*SD@iZQeJ6FNg5M4!Va#k1r!SdP6MwFbnsyOx4X)A>56YuOS)5LV<@
zk3|8_60vapk*S>L=R%bQZL=c2nfIbJAju9Q1(UL-1)3WDH`EMO+PlkkXN_qar@6*Y
z_s<7o1OrRP({*@8&lpMw8P8{pV_&$nLewgjS~G!!M~tmC!{5HN4@bv*DFZD0>w{Fl
zT)V_K3L7`tzMBt53I_VHVgjIsPpuB#cov;GYCw@lt~^uFsVkPRd02v;Tz#!-cd3m0
ztD2Vw{Veju59OH`wx(XI%0>VZ!)MbC_4k{|<!^wOT#74|<OJ;m)DsNH?iu&eXT@Ew
z&W&g&N&3~pfc*rInA6R0!bf9y(hvJP-`LR#7Ua=SA5FfVWjY*&l&|K#3#iEJJED{k
zLQ!4*Vgl|bkMlQ75Bt{-4c<F?#c8&EUoWZ(@>-0?PIc}y4tGR2msMz~dLw{286Nro
zAAPt#;EH3>F(oUb6gdAa=P%{i)y1yO^%}M+4%LyX!$>Hc_tv;7p|`z`YM9m&T`dV#
z<km;kj$&;ZTSpOa_63htbrFUFhaut|nL~W|BQx=UlQLv(8+$eL1w^J|X&;~_#w|>8
zqkD1rW?@vx<(^j0-Yq=%eNe)Pwd*NFcyx^o5xUoB_GC`_8}N7)2z4_O87|$|6<J*+
z6xjD!kS9SAVv@?5zrM;bBaQeO@`1cCeGndPT*WBX9@L+F!K_SCXmB~4YXAwn%r6zR
zHFrE+Eu}Zs+~Lb-$<Aq<7k>i=0sAC{u~{&qNyGBCC!YWvp`kY;Hcc_IXQecGZOt8~
zU(Xu>qA;GUiQ&UL;5P9FP`HUm&UkwC4v((JB8es6EP)vQhEYUd?hSsMg`>rrU*BI^
zo_us+D+GO=UuH}dY#s_Pn4Pc}Orf60oxqR8hV6$TdVS5ZJt#gks8<I!5jNlPMDFVQ
z%DnuId$Xkj4JOI)z&XQqhl0?!<lF47heAHtFz^^#J0`}%d_%|yJtuVy#rCPV;LbNv
zF@74jQoIp-QuPE>yziQ%llcM}JJDlW?)-*v;?D%$n@_eS5YIlommqKKyuO{Kc0%FU
z?L{x-5;~~^3sgRlduOK#;)**h(&>?n(*98Rwz1twt+^eiqcWJ6U!_S&S-f^(eT5Og
z@}T3VJ92&8Cf2&U7Oz;o6qlAcl*WTP?8X<C6`E+b7ic5IAP)}A)5V(12o0jk8ce-z
zFzNfJW9FtF#$+j5w~ln|8onH|Bd4#B*C%D0zX7y?pL@(nZTW7-I;gf)gy%SxsR<U$
z!>d7$e)RQ#G4$;#AkI~<ZzGRs!g-~n0p*pQ5D7uUf?ygbsi%gwr*2E`U+VQNR2~+)
zE%o%I%DJWTRT!Y5Y=bmeVt*}DAizn_Y;0hwBEW$+YvcYbl5q~&(Zf*e3@85fWX$|s
zLJYKlFuUMrS=ZV2i^h;-B%h{9<iI5~Kg(kmjM-xEDC@SPaw@d=in4+?=c5n;CVyMe
z+96<NsU7sg94%Z!gP4RIM(M8l_NivWW6R%#d_hRlZ*<%;>uUZoF~XZq1TD9!GiK1H
z{|Y9vV>OjH(7d{5FRZ1%%xwiKj1IYDTQ@(s&`;jg0tgXeDy}?bCvTDxXZ|>_AiV(!
zkC+7y(3IS9?Q{H=*+`PID0Mn%t7^>h%7B*iChqjXZvk&7ouzhzPml-92&~=pTj0wM
zp_$Q3cM`dxtI=dE6;b^ex%#85U1en_AaY>sN>B6?^d6lHH(CPi+gFF3E%%53Vkrb<
z{?=7?23Vu7Z)xf+fMsSz<A@j!T5R=_+DhiruZ8bq<oCqhKM=3V2FcWTV-VjsU^b`_
z*ml0?GIShvsXZYOXH^q#kYb?~UFlhPV9Q|liMvCRE3Fl^3(6}gJW^68FAK(;NN6A&
zjT4;P{_DW%JDr|renW=I{U!4gg&8VB#u2nJC!Rz)6t2q^AYxveV+}cY<HF1Lr$Z-2
zRz;YjU2o^NtBNi5F-q&8T|YqGCvti+N7snuL4L|ZY*|q9%=;O$ulthvx5mn3!e^sw
z$|bmMVN__DA=hgRw`oqe54N7RDB6qO=o9;!K7?)Z0A+OLacZR;;`QmyuE?fTv(H~&
zC{kxq`M?Ujy8BCR#jB2m#?OgD4cB`VC^M;!ipj=CBHSK)pm41?5iEYo)gl<zvzhGY
zj}{Wo1c+_Sbmru7QRvQi*2Bqky~yV{|N6Hcxm`N@9<h!OP6fR@RP%~vfMphRdCa7y
z@#DWMFkebSJX9|i_=cb5tUf%VjCH==@OgLP*Oa-@>|ZMf&@$h5;K|DSdXt1226c(Z
zpfi1~Q1Aqi)+WL8OFYZ3YW37so{|dOmaFq7Yxf~q?iAouz0+pF7$s8m&)B5Fmpp?O
z-;a~K^4rsHp}pLPPIFzJoJ-wLwfknIKK`cdkp?;SM#2{rZfY72eP&V@rJO&jGHUE8
z)AGQnT!VO4tT8C_%gY!~uE~iv1IHT_c6d$ajr|P&+(h(RqAM|!&@iLNH6Uw?`5ROb
zm|#owI91#onWq4G=WX#k9Auo@{GfXd_1d4kdRH{#bCAjHz9TOt%KDs2nsjXzmbT2Z
zFY!p(qHU1aB`fP!abOGbj7mBnHrxfa5-<>dgW+@Mlb&~2Vq_mX3S2`$8|=aT`|#us
zwB2=_I;4K`4DoEE90Zp6Xx*t|lF07%L%Cp=Bz)$+M(2;G3-Q%~^np5n`9z%`olN5w
z7uciauBCp{jor`{nb%y<>Dd(tD%N$s=S-@XBKqtNer|y?Mp-qHXDZ!mz<nsJ03nk%
z%(J=Fu!y16l#ql5_+f~7VGrTxMKER9j-KccOu~%>_o?@s#qKX)n}K_N%YJv8?UZ%?
z7-4W!?Bsen0a||b#am-<UJ$X#%<u%6_5ztUI39j29pJiru59$NeW%FO<;Kr1b{0ot
zUoU@~R<JwbNKoF@tqzF?xp~>rKhq~yI&gD*<A45x5r|+ty_OaU3(DN9v6G8uW^7F;
I-RBYaKXK0?wEzGB

literal 0
HcmV?d00001

diff --git a/client/ui/netbird-systemtray-update-connected.ico b/client/ui/netbird-systemtray-update-connected.ico
new file mode 100644
index 0000000000000000000000000000000000000000..cc056e68e98c2402cb1dd519a04806cc38bf0b05
GIT binary patch
literal 7678
zcmb_hhgVZiu-+sPI)n~Vr3;9m3HlQVD2UQ~lP1yxDN0dlLhpjoixg=p(xpQ}5v2%H
zq&HDfKw6}i<b`+MpYU!@PVPB(_wMZMH(%zP0RTe!oL>;Y5B~4~z(%@{)z`gEM}2{s
zbW3+f^OoWH)AKJSob+?=ak&!!JXLpYsTx1c-I&+&WO05)vAt#V&0};5l@lR^6k@rh
zDfr$=3=7RRLuX}m&mpUDD@}J}W)-KW$Dp6CHIHoCn`T3vm~YsBczj#peSMjfOdQMQ
zQA3xyixKD?JD2L#_34|w;q#k*W+o~od&UO`g6bDb->t=N{5Bh2T!bMQ{~xZAs{$KP
z1l{W$idlSibqU%Li1OP*#7eCzB@s9#7;p@eoc(Af@;4p*2<j}P|Io}YP7OCt%z7e|
z;dd?O*i~{?7&r^-KLo-6Da3Dd`J2mUs(S#y!Dtj|B0Jnk2j;94YtdI4BpHDcCcgOr
zXhAWix7PXvZdnU=6<w6dog0@HTQbDQ3B*`8l+W5IBz+ckD|UBY;zkKr-?^dCe}THO
zYi%1Nn`1^{GqBKEY!4d{E;8B?mI!$manP_zTyb+{iRh(RJj_OT?T4-m`h;d(265`I
z-K}is;|=diZPX(8wL@pBxM1MY!Q<&y2k6@5+}<$^qMW6H?)1?ofa-S-a-EHeW(8MI
z(n&9A)I0H&eIZGcSeY@f-}b!_j?-<G+)Ynyn%>%A@IoX<jf>5u%hf>X@vCK@>TMPL
zAY!$oE#c9#VOoA4#@$FuwE~tq4%0TNxC;{4QrZeOWq<K-<z6-rxxY*k7&#Ugzzmn7
zIO2u@a*+YQ8vEs|LMJEJXa8@eCdqU<X167~`~|r7iLV0<8vZc#k=9CeFYS$EX5Mt_
zeDc5(ST4L6VtynmgsZo09Bc#+rlmS&CgqvtX%7do!)K3v{8web?pRh?>uw=RTB5T*
zpVJV|bvUb=!-o37(BK##=JBk$_!c8PPOZp=G8cg9zJ2kTG^JkKyHw+mC?32Hx|{~n
zBD#a39*>N01HM0(;5_bqMHvHE&GsE5NX}D!A{E&omDJ_)(y_Hk9^zI<&ION~9aXSG
zh&d7H1eY4Z)vclaB@u4aO<VO#4?dXe;NJ$*L1|nw!owJ^<tE@|4B0?~+2d{;=l9=!
zb;5Ru|L!wVjgv2-a64#<(umiAb}m=&m&&Z^sWqTlFU@ivr@GywKr66X7mbI!oE=>}
zlW$17AwYp%rwVess~9PvE58AS;Nl$vO+n+B6a~4^5?gj=?6KOkEcje&9pqXhL@vqO
zn;auf#(in$8-eZZokk|b<$NWzWy54)Y;e^gfiK5)X20}SY??I}J=t5eWnHGr5gE2q
z2S>8Q$&_OutsXlh{7@hVoZ1#<9H>n6mXoew-mXnk?4Q($uHhDw0?&ce^`o+q_H6)@
zf(cpp{wu;sT)#S1%=L}Nb!A-6;Cr`j_IN`XW8~8s_erwfC$cx8zJk%5tnYCO4j}Q}
zelCkS=YCXbiwV_SZrgGN{Ajz^ByebHSji|VYk$4L0g<d~7eU#yT`ex+<xr(SPC<~-
z=)^7h{nr3vCxMKqvytgVuaG3A<Y$ph>|vLUE8mCqn<OMY_%)o)@7kd@Up2{YD>>`<
zJ%2^*^)1}q4N0BgO=HFF3{~j2v;1qn#}{fD;21`crGRy#N`pDE5^EM}-H-K)m4Tak
z8MM&XcRW_A_r82W9El9RUPsca=(TFfq2Ib<JpxO~a@v+tm6l4^q77TJ50W6;Fx7vZ
zjPAkzq}$3U45e82SY^JLaloEHb*;TuILI`j4|c)Nm7yERSr}$ctk_s)?e<giIEk%W
zOY`VN$G}AAR_7ddPM46tAT#jCiF*P4%!fw+o2K7ae&yp>$UM}UJmgy!`KqUVNdi9P
zhFmoshCcA2wpt8|nCM<5yQ>~(phR*y!Ctw|rXl_rv)jF^*-CjBZ1t^<*tykcce-N!
zN(`1~m@*J@kl<|euQR0(emp2RY{zXKjZ}&(iL({Oz6SRWiMW?ft0(25V$_(MXySiT
z5Q)Ua1I5xaKPAC_bz11OfCBYYi@(pGlRtA8l2O(i<z3w{y)F!u^JALI{$g=1+nI*d
zLNRi8%G@-j^yHoTD3i*AMXjH?Xwuvok}EOC1l26Q%I+I2m48E04r9%?o-*ljA2D{h
zkjV9t9nDgkDC^H}2(QT4CwER&=+anHRZ*b}V=xzG#iG-WqUzYWH@9Oyz-M%xQQ&y&
z@0<Mg`Ma^PSBFsKEAgPsS&<m8i)x23$NkarSozxKue~}O`d^A?*9`($Zy|fl++rx@
z+gH&!FL_OUhl=NhdovmyJ<X)yroI1afA&m~oP%sv?k~<(zrU3XTAA9^jE!8ksMtM|
zOW$}wF-Wy^A3OY$cJQZ)FH??(nV%FGyR$C5R&Q(E`<*WHQ|JYcbetZ#rC2L&w@I$Q
z;hT)U4DH{kq`V#yXO@V<qzhw|Uj&?Zviqi^D2@5OpNva{T;Vd?Xx8P|ygyTwgMZy=
z6Jmb_wVb_nV(8^fcS_DELP?3C9z2|Ab|$f_R0$(+xW<({8#7iCFmpw2th;A58WB0!
zPP8dlqq_I%ZgrJb`$s=Tv2fINOBG(Vb>f0fD+hY@qW|*F5GNF3rg`ter_zqf`${~S
zs{9t-dME1kub$HW*#37N&2^{3eYQj-{&Tk)%~hc|5SL6y`4>!e1L#MiX)xEby`%-_
zgyM4Qr=C+Rnm1H&;ezId3w_{(eF6HmuAUuH6Y0HULxHnX&*DTjci_x#5Qa^+{WV@c
zW`j9orByskD;IC`7r)N{Ky{6~S%T7vvg^}3dM9-E+fJS+`7f81kYaJtAy8At5{ab2
z)NN4bpI&FdJp7N}xQ+wCL<K-NYObL}iGKQXnKf;w@6sog=9S%nrxUf4#fjWQ-QAMA
zv+0{^1=N@v3o3XlIapze(aRnSnT>^2+3{LqrH^!9SNM?I>af|jS?F3B`Yk?fMwqM9
zDERQIXi5S=3-!JeJi~zAA;|trQfaQJ@3Vc$ragG`KD~vFla&6*2a{wM08aU<uS8$)
zN4y;gP)wX)SS{U@Nvdq^t=XgLU)dvyYbBcxew|eoV~1)Tekd=tPEP890o<dWx5Y}^
zqS_2AHNKOl+gaI!4q~q@XJ_1^P7W&hE&v>4#+pxN^fGxLm+@ZHsPVS{({KAyJ<~j*
zCoFr^F+xSd>)IFTuyH8B@gr%cr=s6`hNkq_sgr_QR7LSb^y)C3(v-j15KK&PAo$dt
zQ|xstS0-buXRxk303nEN?eR=4{@i*v;Z_ILzn{+)L=W06Io{%*>pf8sV~0x#E9qwj
z0FbFKR8e1g7C{2b@%Oc#i)WLOg&sYPA)(O89XIc5Z$6PLa|r1g<zG*d^U{S1zC06_
zdMumKkKxHvCK689|4>Ohtc|Jq^$1LM_Alo2KsWnO%I`?TesX05K!uWnDOSCs0{`l-
z^6V9=mD_rAXOSAa%Aq<lNd54hishn20UG$jCJ6^VmTw{epuRsT6A)t3iA@zgUn3Xm
z?K3a`{Kj*eqpkjUWHsEYS|LIJ?RNMs!B^qEDFkeX12QXUd-2GwLeh;VqDfV^^M7L{
z*dfL^kx)6_{zJ<J4V_;6*_adnIKpu5I@1nsT&6sJ`T_nL;dG;Iq!Ax-xvG=z?`wO_
z!7iL7_YbHgDdo*1kvk{Z!o!dZ_jJA#PXYgWUZtB`laC$$vhDW_BneWwaFOyp4E>fX
z9v0ecq+%*UB&ZCeNbO4yb4Q_!OAPelbWlqQfMbC2dI@ekE*4I7Rr&E*c2aR$+;YkB
z*YliF{(@it&~GG$!YJmnTe)3blyY@<H?EK(Dq>G)reJXre?cNtK$1gW2ALU4O2UoI
za+|$rpd_dK!Q~^Bu#0>p_{Fpzjaj1BR|miAE%$4aUiY4jO$d3l`KQ%ld&ZxCJtxC+
znrDPYt-wonm`e7wwH{<qgE7alj_IyuZ%QbMR<~bm=>2^ru-MbHv-hO%%I-<gjxeFP
z{YWcXu(3^s^?#4=@;x*<$IoIpbr+ZKs?@>QvbyE`%R0X77E71>sY!a#z078kd6Bh0
z;zWiLA0jk^mbUD=<r(C=upf2q!7>ikI=k<ts&;C_ft^n{dTy{YFi5QCcWe;z%J;-=
zSSX=@PhtO0_iz>B1=|sbl746r`9k-fBloiv-qRo0d|Ka>#a%3)QHqOVhPMWp#}~&2
z@~<PVR0(QQn4YpTyiVq){D{S;A49N1Y~7Mf{XyrEilnAeC;cf4AK&;f|NC2?#L&a?
z_|y4dQ%Q0G);RkXs30Ri`>8S7H5r>+x*O1r{j893;-xhA*p~RE>!WhZOEL01R*tOm
zU6InPcq;V=1DYZ2#Ma?=h5pA`=41zZ&f)A8tVlx$`0QkQaqH8~zRi7ErI_F^UITC4
zMwhP>wQIc0(kX&nenP<#1*XDXP*?CvMrP24?pb%Jv6?lDeO#=ef{M!{REy}{UKf0v
zQAmyZO;EF9%w>APwPUcG%l?E=V(@v<Rt_S;Fh!2b2K1bS$?LrCkUh4gHfU}X@ppnm
z7Y@2VRhDw(3&PvX8wOh7kY)qiMEmPlWg~5m35F2-e4jp*GB(}Kf)12iS~`Ug7yT~I
zeb^Myp9h;aC`|J|8g-D3fB*gfYZR@a48SoQBd2@N$Mei4>-YzjoKJAI_}@@+5!E1;
zLb9##ADv1<zyJeOOXV1I(IMSSBQ@~sqh=Ds$IY2_R6GMkvfC~IS(YDtqMVue{Eb|{
z#WTBKiq!-K)Dg@#jc<EP-k+n1s72&7wV7{c{(9i7$aWc>l<3%cAFz)}Mb8ZuKHD;1
zhM>6Jo1(>u7lNieHPTQ077l+gya@I<V)Xh^mXN^8p*Xod*IDBN@zExwRb=`)t=zFB
z{qlFVjTs-;tQc2l=t^Clr`v&t5oF!UWJfO~x3}UPNH|_Hp<y4@786i-;v(EMyG1v4
z^ZO6cH2q1A)yDLF86t1BpZGkr%daz!PPN*;oUWH*d)Z9ftsvRYv{0_}44~TTR##Mf
z!-y)A52!9w9oZgHHof{g5vyeVA6&BZD>c=}srH1xzfh2DL&C!<rbq8!6?x!k(rsO^
zH5>X%&`v5(v84=8kxc=?)Xm#o7yzL7rM}SnMimg#W!gl*mi{BOm=fsUhocwisvAOG
z-C-cv9pO?UzfBSPdy#Oz{lXzsCx;l%_s9C^zkWVYM=>U)&euC6sq4T4&=0~;qplq-
zR7R#Z-=E6vYVFA@<PB+t8cXoGUjL8ZE94|Ji9|N1{7Y2#Vk8PRNAD=N_MNWG>$6kl
z#=a3tF@Khr^DUS~C$ux!uf++*0cJ{-eRCCSsfF`a-my!MRKN*dI&8k{#48<DtFu1n
z(bQ7wbnd_BGPWUB@SXm@&J%G@_P(AzQTx&x8=ZW2bY1&x!*Wa}lipars36JK_)p-g
zy5qTLAfFTcjpxK=YN{+4((toi*Edv%9&HCzjmy^kR&w(9gzDd)4-S7@q2{W4;!CL)
zVYOXsKwRvH)k!DiNhv`~u{*@(rCxT*6<-?g!WxZ<`XZjXk6X-njEdp{<9~u870X87
zauJ+fC4I|3OH}d}%SO4%yb8Q+{I`O_4or3bWG&+srYt69%XtP<k71!xd^{6Qv`aw=
zkfnF*t=JX0<-i5?vtDU;G{mkzOtoOo>q2eGr^bodOxiK>>SgiU9O|-`@O=Ak?T4H1
z=ezj3i5BZSR&Se;s;FpJ?1o6G4LpBBZtOhdLj4!dY>$Z(9=k!5>as`Zt7vj0AY+qz
zr$1VDLM!7MyhU=XL>~D1=FqL|ROPwh$3@+D-T-qGz))i6eBU015_j#`zaK!^Or|(;
zQzcHs>!fEkPGzm$a!}|R9MLz<>Rf3ibsn~y<&I4ktE%sdsq6W54wo|jmdp33rv@9$
zuQ-6fpEP};4|2AFh-+8oYFGT~kREv=SSMBizuyeUs$2V1p|M{5L?SIP@U5lx^+S|;
zx9A~i9i!$a5rOPDse}b!%i-7QxmOXC8W3d<N84*><OMi$)%fXz>R3D@Zrt|tHB7Yq
zFI!jt0pL(8{M)p!K1bJFIC-iYo#Iw%9l_IEGtD>NmEt2qD+_4*rY3WT^9a01hkNQw
zDefzC^#fmP4j~dme$xd8s9)I0Ck_y`O_H9`5yE&K?c9)ZYsB^qz4(sUv`HV^wx~Ff
z>is*9RnZXsB8}+={)JKtw#dm$#XXlQEhbUgoAGxVDnxcQwMNK1tonk6NxR2CHvhYD
zO|<j^QtyWDn_I_s15)&SVNJU{UPpoQ6wfBC2ovA679k3g(O6qV-V^#CrIS6r8l)Uv
z*m29DZm@e80^U>Hej#b7^1XCVh__q{<tjei80yH=w2Sp52JZd-4(D6HyfjB_o4;iK
zY>jwi36<#3G9uu=KYX4SPu&EpK+01QkFC9fmG8fi&qa3MPQ}j!vlx%QSRkJ~i}F)A
zqvkFV{z?jLaVmm~gLaf91qV=@ZF)Ey3j$ZZFiiSVLhWJbcP+q~c>x&x-QnU9rrdpZ
zdS|^Jn#xQIQaCiWj7$SZ_$ec3fOKwR@-Ev{$ZBI38AdftWtGKNdLzRN0!Qm#7}zIi
zK-E!t=sK3z&U)B=`2&PMG3`;w8$!6VY8bAdAA6{Zr%1h*;6VLBX`ve+^hvcDCb8Si
z6Q^E08i8I&?<$)}SMnxtzPyP5VsrOM7&?i>?AYi16oyKnvRp6}%0}wx7&c=r_R}gE
zq?_{94^NGzm{p(RVmfMQI~<=I6_SP(jEYp1!U4p2;iqW0-j<`8`T50Cn@eH_Vy2&m
zTcuMkvIdf4kfW8SDBAaLI6K);`ZCe-CI{Jyd$3!ooolIR+KXMA*ps{8>P#fNI47z}
zf!EI$uFx#W0pL?4uU-0*<{6NwcouwL6?NBw+7~mGx8cHJK@SzQJn}zH-~{_$#b!-2
zU9mWA22$>Z`pG<9>Gpnj2+l|8UicROy&b<*cF`U2^*z4TirRA`V7A`@OvT5>d*`JJ
z;&p!NhURM{KL0Z0qO9;JZyDPTgG1)URSMdKKeFNYyR}cq)65auZPjIGa|U~VzUBW=
z3X-i*RYgtqS0O=D9t4Gk6ja%lorT>MqKx39D1RH^(@s8jWbti&{0}>sPsJ&E`3uTg
z#R`t*wUL~y6E8grV>%Kc$%BvS`nM>(ua1*nu6P?1^6O21>l<nR!;NQT=R}iFItcwX
z^5ze9zM?D(0T0?vyE^iFFE!WJFjyTVL8Wsg#FRXp0(|8UDT$Mh>6nB~hO2^D#$HS?
z{`P>1Vom&7uMfrWsE{{+7P0(&8dVk>L3T4W#%{65;~=ehMF1p&swT}*rjl>8WrY12
z|8kI+|Iy49vL9dL&1<QtE)GSv6&K-;_Sn2SO`d%kF|#ns4J^2=?+m6&&9bZHGNbdm
zZxC*6=#)rCS~4I7*TgAckWi%7D%Yck=A3@4nUoWm6*w!m+^ULu_A~4FQBRaK``W+v
zcDIY74MKYOk($nCMWf9`<<4A4flhW)x*uoDn;~ID3l~!GZH)aBL^vw6yBIlZly5f#
z(EB((WRBmp0D}u;U4A4LwjRoTjO>4o&LU1YRH3DEHMCtnlZkJzzG_7R{(I-<ktz~F
z#H{R`$PGA{WHd?wzgdw_p1;TF&g_^koPw`ii6No#`w;%S=Yz3Ni-Za_BRo(%HbmP3
z`)^huZc9HK31J!D4;ja;aEbY+{N^DnV{&g$z9*xL^Px(;7aV6_T&r-r2z=!DxG@L2
zIQ@g<C~uGB;m}HWM}bH@(u<FZn~(lb;-3=()Olg&Wn9vz!SZG)R(0)N25zm6Y(j%W
zG1@lvAr{NK9<JKP&88kDt^!DEwbRsr?}1>z3&o4SZXoW*d1{Osyi`cmH+$1k^Mu`g
zggcQx`RTewL9N-Z0~MLlb2~&f%dC?$E#VEDJY3?Gn!`D-Y^>=P8V{@>@)3H{8m>ED
zwTnx(pQe%^wAbfvyX94=b^qm;ONi{`o9X4FY2rS^q?Rjb5d1^jX&>GD@S7HsRzDyu
z*_?Ir--7h#FPcitExT<m3oRjNyp9?R4Lk1;ITdi2hJFp6xl(@d2^GuDMkpwV)Z$1P
z|1LPtZJ6B8kYEo!_t)F%cauRNgV8n|a)S4su4PcZ6bKo^GVT5#rEf1Z|D{FgB4U#D
zg)AlPH13(T8^ok~b#E?myaUO`q%(;LVrDMmi=u}@&1ro@>?m5H$5bP`TO2u{dZ*;k
zdj0Gb`l9XYmWZhtY8C!9e{w~Mg6Abj9b!@q6^I(#uD7KmJr0tBT+&*{o>*Vn?LM__
zno6fKvZEi0d7Mh~NdOdQtw_+3_`9%<nrhgJN{OEmIQKw5!3=+Obw`%7KMw+5FMct*
zAn<^-mbN=)KltHysKy`t5!yEtd0Sh~KVfJ&q>8R5aihzL^#x9?rxHz!|ID8($&eBC
z<`frGMK-t_5E^NzqWyXg>80z@n5TB*l=567S4Tzo(Iv?<WJn8EG6d$Nct8^HB+k58
zN3Fg^JxEzL&$P5_*OqQ<9AXz?1zy)K*p^HX+v6vmM?-@r5cfBiYza)4c{r?~-j;FK
zmlp><H-KL6CC_A}MdXc3Rktnq$=p4uno=su7H-@#wK&2s(t#@(8#O$KTtfcK(mmtv
z`1vl!efjc1(<mH-qb>LL(fKc&h<<|XfCQ#6)ZyNS!-M5<21F!k)m73ydxTy8=p8vH
zS=89{j8*K971B7LYv(YE5Ks+6r<OQlk92lrnMo22R>_gj<!VM)if)OLGYm)P?$d~B
zt1&`S8RlE$=dLbgONyqMd6CVbqh*|KRmh6J{su)}TjSHnya#0xBc9GK+HkL7WQ%AS
zL_4KAZB7XU&KiXOFA5DY;7)?2Q080l3ZyFTWo;2ZWwqAV=O|WQr{%S+0~r|zdMsq5
z1VOf@D9EOWI*iKq+MB#z?t5mCa0_sdvLshhxtBz@<o&`0LX?2;{k3yXUyZJ`h`wvt
zmZ|bb_P;xvlcbi2bCF2Xnl{yWO(yU*W@5=doJ>k@v87~%y;0;chZu}Qx%vSH#d=xt
zgPxtP&WaTv^=B$h*J8Tdv~#KbEXzQp(#aRkai4alh<Mril}ef%1F=1p+b2iAXTF?0
zJpR~+)IIrFwzmr`8Is73D?lY*i?7zBfNBFbMi+eVR{AQ~#?zcApAdGan92Af1Vu%p
zw27;Fm7{9o#pHJMa4CVnPcObf<|3j^=EXy9JHdeeiLjuL6efs}i|7Ap@KTr~6XwNx
z-T&mY@r(zg39aCxQ~CfuseO`iGtrayAc7Y9(3Fne@MRsTDz_v#>d85Nap^(HsAonW
z_-fw3etQSakQYf0RWojjjV+n7gw1{{rYj)B)FG<Dl(b3>eXO`p2XyJrOdEs169^g>
zx=O`G2AY`6vpam>F&U)<yz3J<<+tlblVfC)#k#hxnnSh>qisj>_OV-Cw)H=S+Ra6E
zvuMDTj%qWFGtye}|I3}Ia<}5&I=B0!IoMTDyIeQRo!?NYRA`f<*$4J3a8J3n3+qVd
zo*86)?eIDA@ud|3gIigaltN@hTUw%yk41SY288Vb_G0~Q6Sia)X+LWNj>fTIA9kU_
z7%}$+v3pf5eW@`;pKq}j7&KhY>b?L&JCV4uLuuhkVT@Iq@A`vL^&&5s5vX1E6`d@b
z#Ya8Y)}?a@oCU!&Bv>7<>t1%!e)^7r_)H#;NlWG4umYn$arv7q%yIQS|2<TI8@R)r
z!?j09Z5uY|)l7Mf!27n$%=tHZ)+ugpY7@sUD{SEZUs|1v>f1z_#}9Qj$8@ie>KNdT
My6&w?HM_9?0TFN?z5oCK

literal 0
HcmV?d00001

diff --git a/client/ui/netbird-systemtray-update-connected.png b/client/ui/netbird-systemtray-update-connected.png
new file mode 100644
index 0000000000000000000000000000000000000000..a0c4533406c399aacba6184ad7e74be9e20a0cf0
GIT binary patch
literal 11471
zcmeHscT`i$+Wt-q5UK>}MPmQ~F%Wu_9+aw45JXW3AwZNKdJ70BMHCPa6{#XcngY_K
z2m%%a6l@^9Dpe@~NyxYHoO|xM>-VkoTX(JR{&!))-h1YqXWsXjXWl(CI}Uf^I47Gh
z8vp>DCdSy)0004RApo2iyx92^IfIuM!B%H|PvZlSUOt}ABsU_`H^_^KBnFbe%D_Q)
zoIY1OlB01oUK=vO+eV%nG}(ThrMrjp;Y1a0mqZyW>-H?2?IxFru&+$|<(}lek~6|F
z9dWAaMq;5zjnVJpscjt2-B*c>`J%#m7UqeU>IJ{_i_ABj@^gNCK)eMWhRXf?wWtB%
zq?#g9y;Yj=C~bb<N9_^3l7Up}c-UQ9R*hH4P#X&CFM(CeAp>iD5vo{%mvs1p0X<3C
zZmDsDoyBi@o6w<HTM>QS^bat&Xp*5J&cx90AMt=uWQHYc8@KC;cGz1MpwL|Wyohex
z{e?W#gw-QlG+TkS>xbu4@8w<JCq1ZBXDer7(dB={CD+rSS;ux|j3u@z>Q-Jt>SoJ>
zK2&GaWcag2YF!8mJdw@vZMk61rS#+zFFM>j&Tu?4Xax)epO?Nc50gtXZ6k*cw|9MN
zl<xhhL!E`o1l@w@B&&D&wxdRnStHfHJ=-tv)+xLb<O%O6Ib+&Ozc15jJx14<vV>F>
zzXeTT9-m!ssE@LJg^MeU6^}1D)tuyKJN~T0wrt?+d=@R{`Lm}_y8Z698#^G(jP;|h
z3%@REHAuBi<lRRaycx22O_UOEr&#~mVd|_N-(iWay*n%|jVkQ7_IaGfaQU`;-sqC%
z{>*gOZ)iv7>EaCQ7=^jK`f1A`;H+a(QCss8(O1i9XIHBdw72dnggM*yRg&ndla|uF
z5mcpL4@LVZ>}%!qO*I?dzW}GAM^l_$UhwODG9km0!`k<o=phe3jP4z5@aeM-IMo2^
zE|3K3>#T*jCc)EP4)5gYNR$h7_X33n07rELz3_y~L|>#M(S_upjaqJOK_N*_+9(?p
z3yg)AA<>m&9PC513_f8+2)<0va6;+oupJH51OeQMzIbGyyPF4DGf*4#8&?y&-z}C$
zA%C0rUe-pPwZI__J$;BsWjSRz4B9A=<gbX*VM8AEadOr?jXm}!1o)(la`pA~(v+7E
z2ndi1P?GcXagkTh(9n>_D9S4;qCpEZImp8oABgrKi|<1Gfq^BG2|gq*Uy`Q>au*Zt
z=;`OHjY5I-$bb0f?qy-|7rY1gPZmHv<OA_u@(OYod3SgDzqcU!8u^1De>(KPwjf)9
z(^UR6k?iT`Lm(RY6Fq#z{|@0q_^Z8_pO4$`aGVJ8L^q;4Xi5fqRrr@KkDFNF{%WyH
zfeXpq>vt=V?0>QJB{~0-tbg%sx8`>^e|H3I{ul1QSpOsT-^QSog@q>8li;`Oo(WbP
zwcEd@lP7`Xr1|@n;H-)#U{ncc4QCY%v@#x#N8?pBl+a29HD_f7C3Ph=1*N}1nRt+W
z@g4-?E))nZM*?vaR24CJq6P*{BseRfmDN?%(He^C%4k)B8c_+auB7USSNj{pNgooZ
zO1#_Oz1oFx0-=<NP8f9pK?P03IIE(S6`T}7Z<G|!3d-urcnvj2Clz)4Zzv~%<}ptn
zcRV<pBzL?EQQphL<#)v{;hOq56K#~D9Oj=TI5)hnGuS{IWlr+&3;bt=70I1w>5JcG
zQ$Y=*uBxG;qOPHUQPNOQ_@|LI(T5BwaTikoBd4VNyJmM-G{Im%V)45=1p$7SgRy8D
z`VjHHo<3Hdo^INxU6+u%E&r;v0H>1^-WQL>`w~G=jH0q8Mp08y$x1<4Q%OTpSzQ*R
zpo#gLy{8k&Iq3gqy*qi3NB<adV-gwcKj?SSA2Z65=>5mjACGRN-%|;R{5>f&@q|A@
zAmjasPQU#GvHqwcxZ*urh+y{kQ?CCgC;cx{z$>b&Ix0F7(P~OWP)#ZrHMFBMIL+0R
zG*q3G2ntH7&VQ)sFLbh}vu^<2hp6uY@(6MT%JVl@Na^1LCG)So1h^7+M*$=ZjZsAZ
zlQ4}x36uXbVENsg@sEg)%Ktx{9Q|$Zw<H6$`=bm@USKYi|0@~($r<SHfAZ(gvG`AR
zfkghdlYfif|I+ney8bN&{w?GGs_VaW{aXzDTgLxY*Z&z^Z2#O&5k0_FPyo1DN+~4w
zfEz7lN3-KtfU*0V(^Pm1EMfIBwj~1q`@Y>j2yi!35G-WzHL);anS%;&N-03O<d^_J
zG|&XAZxuMWc>jVYug%>qMq!DYtDD!o7bXtIuCYnS&b_UpvAR;A3wP=>w7R7#>+K|O
z45@$l@~EahQ&w%TDI?9f)vk2IvBoDq&3aH)K*%VbpCog+>R@!l&~yK&;R`PEB_eK<
zw@bbUYn)kUn7|FZ0-7>s8P77wS$nt*;0L4s@BjH9+=Lt7CDEQA(Xhxko$~-9aPSlq
zH+AcW6RnCDNMUp8IMVzc{}g5}CYY{Q@4g_Bu|8C&Q!6JF%7e9C)^SOP*rn;!LsB7n
zw<4zUzX=;Uhyv08Rz|+17;pZ`>qD~OEsp7Y?;Yrek=`Q-P`%V2YdjfWpyr&?rmrTf
z9?WHg?PFabCBewQOjt6$2L=m=arBC1Xs_3%)1UI{8AC_*FJ@-F5ZZ2xY0<6$boh7*
z$IXPpeKwY#angk#+`+WaAj<r}?8lcoEzU5#JOx_3tq(`HaU81-C)0v`Kp|Zkknnjr
z(`~|11b;<3DtX;L=iKKroB2SJ@#oFg$|@`gfcZ@N>*$@0B~lCBHPk@jNJWLlS%||=
zQc+ZD9XW#<upXHtM-D3{AddW$`9`On+*V*hjtem|ZT%xcu9*3MsHV)W^kvHc-#%`-
zNK~3n+VFCk#mJX__hwv206*T&+@3)dQhBL6!XCj}0ldJ3kgY-jrx+D^XIa*rcHDdy
z?zzEEyzQmAv&;!$@#h)u`opgS#>mOr%;{eurI<FB9iFb#t1T~oXF907(;di|d`MRm
zfV_;i4fS)hmu&dvT`3%xpDJaaFL&7be!i=H&&kP?z1t}xY!uUDK%#Dj<gmVXm%fQ9
zZ*H!%MEu>>j*Yiz0Pn%U&i&&#sd^XS0|!UpSnwhicSZ&$!1I)O0N=WC&do&pJo%8#
zMnT6GyA^x(d9_qt0Q6i-TiU(W!NAblW_yMQ7GF%oK>g1j`OXt4E$MclRp-l<w2wuO
z^XVFUBW3Pdn_kU{G}F&aj%|CX!r9)oxae$}lRDdh;wfTpy%I4EJZgw8XuwnpY+1Ql
z7Yh-p!uqXqsFF~T25kM}D~oSSI}`C3%2~ke_*kSIp6_AVT{eLl4VN3NWBct-2Iut}
z>=V})i&yXYT<e=!pci*d;e`PwG(9!Yt0d;!*Hcj09hquMoXEv=S};$<Vud;Re4aVM
zM%t9Sh&6888w)>gfA{8APyaNXeqy_66>*+CBN3r+^+$1$<bY`0cJSUy_+A~%^2uB}
z%Mse**7d{+b4&HFAJRH~pC{MtyDC^sUDKTrw@CiMlDVOUVR8-dxG+O_TPWz(b4T{d
zD!n+KS!Itn9vkU-2}nFY6U}>eYSKd6jHj+&%^e-I)g@Bf&6>EZ?GEJ*99+gha^Ozr
zW6_)}W_c{NH-GXTp%pAQ`Jdk$dYiS_3aY6jnpzf(C8?dd(wgcv@dFf<<95+vQ#~V7
z!*KHC9lF-|V4=E%R4JUQERdqGJg%Ox$Y?8hvU2-1)kbT*UPZVbz`=Zwu*>wP)?cMp
z@ek%|Vla!dwtzHLsE6w*=R)WzE7o)0uX+_%7yF;NMIN++7TaRBdp@5Wtv=%&p%qH|
zlD9QS6FKNw&V`@7cXI5R`dgNKuNO0gZ*5$m06_2m2s1)zsmq@*^blFb!o&_Hi7@F%
zd{`KL?q(Gxb#$58t^3ZKqeI%$xfC<Q)gks}c&paM@df5J@@4KOtx#9CKnA9e9(o)Q
zyI6yf8%CE(l#MXDA_<A3i9Ej^ufFYa)fSpEv~1lz{zzWu?4yj1i(+r=RPP!rkIK=u
z_9L4t1Z}b~!p3cz;)iKW{6IuVXTK@gujr9MwoWzI;#cA5r3Yr4gLF|Qhju#CamRJR
zd}+2wNUPW+kF=!1NPfn~{5g;dnYA4eriG)LpXd&!)P<AuF1Qvwe_kSv*T43mc8^x~
z!^0x>cOEX~NHdwk?b3K859Y^RZMR!K&;XMAzN1GiJMcAK`}m#%W%|0c>0Y56B0N+v
zR@wL+c(WV6=ZG1^68I!4WMIz;IX@?uIGNROiOm#&J22ZpQntC)c0fJGUGR2xCqHMk
zVGw(3ST4b2+J9kjah<?j$NxgL!F`qQ9^l)CQsq6Ryf&)Z7wW5HwcMgB*(ZPWnrfxc
zG`viMYiUj6tSKR3eOIew%(yKFDr<xN0vOo$_wM8Jk5lzp(|H0;)Kn%F^xqXGJAZ*3
zf_c#^DFj!+Z}jdbrzHVk$mG!+J<5EW$w;daLT@`c{FbMV6X$Y<l)V2Aw^jFPGeg_{
zN*67E(f;scR-pANDrjwI+wuys3TBYQ7N=#aM%$A=dwvFc96ph;kzfS?4)bPYHl9`G
z=TosID*{j9@W{h!b06yq(b~oafVhT8(opOz$pw-w!wABnZIh+Pd+~tqcP*&eHlf?k
z<T_LjVSMA`%{{L4(U4d6u}iIWn{LY-kr8MKk12(L-uoc&6H?zvEqa<>KZL5Q<mUm8
zuE$Rn#jKqWP13nc`*@51BV+2zE%8!EK0Pt0D(t&!TW4&g44@w`N}jpGZ2taezEoV>
zXmZs2n(Ufg;KhCP3eOiQvlMZQY6qy`Rjkm`xgAX5!?F#w7c6}a<2HH6AS;KUXBK1Y
zPx9QL-Xsq$t5;LQ%S8kzceU5+Yq)a*<n`MHVdYObn=>MqJ`7&LndKv6>zZRx+-R-Q
zixF;Xhjep-@Ac_!z52*fn`ir`8D$|@$IL>&d7f|Jj1-0~Juu>M+y`v%#NLo7q;FiK
z{i?4S3X>8^!`ZBqy+l>3y&=7k2|}yF()-%n)8<)FJ@WZ*>=gZ0*2bQkuu87Uw$*#N
zS81|OU}CqDGW71=zQb;HCXo&M)xOSJAwi0x)QbhLUY*5}w{G~Ptg)JW`Kf=n`_bwk
zddq7?3Fp&Oi*zhg)n-l6j5Ppwh;t=8V5b-a<Ye1dt>66E{)&3xW=n>CyNxv*d)nR{
zF_#7U7!8gJZQy-;;*at~iV=S<ftkm$J~+}Nam+bI1)4lXw}dsU>?H2{ytN_lisSCc
zq3b6pl_%ESZu(zX2$7b8SS8JtO$i@%olrf7)wY55At1-Q*g{x0#f#gr=iCii)+X;a
z@2hy&ptwVe-X7_Pa;i<p@v`wPWpWzPk_W1@`^3Pxe`K9LOiApYKkl5&zFAWzWWSON
z(6epR2QY^tHIKI{<T9Qnzl;>SpUJRVo*(0s1qEXNCIsMjrCn=sFdxqiz0PO*IuY>2
z>fNe)h48vgrG#rH_t`Tx>%&U=;908`#`}b=kqVu)fkz}=&ptQQNE3ko5p4q2XN<p&
zZR@seOJQa!?w_w(&%OOTk&*k1i}MYT(4->`&FHe9Hur$#h(o!r!?;j!efA>fYD45o
znX+do(k_6N&`%c5E!^`@KlfWZDF}e66kJ~MOXO+uD)^01n&fx(Q<nTk#?A+|q_27<
zggt0%XcbgGa{QD)pH<UrGwG25BG7ELF|d&q3-U@{9}^31Nl&Oh|9KzUnHQB)9NNVj
z>Cd}~+G)%7-s-wEI?8Y<V4uv+d3*JQj2oiQs$~+ym;h?YB6La2Vj*YQ(BL<lD&?Jp
zgoyO3T1(kaABv8h*gxt&|H`3s#6B}TChPsGgHcPx^wC6JRRp{MQ&cd0W4o{{?pa*K
zS5-$ejdj?2bqCqW!1Z8eZ`L2m383)YPJgI1Lc*Iu>%U2k{#v4+Z8;fQ>A~`PdsJ>w
z@^LUcbw~-l#U1fH{>-QcUU@GHe7A7A(5*r{M~ASzF*T<~b?0XC*sD8VU>!>C@kN~*
zTneak{7}Q+dC<XStEuzCX1`gl$2J#zxcu3h>b4hmy6lM>yF|vs6B7;{t2zvQEU?p~
z>=u?YKAJF}!E&2=m`Bl3!T1!;Y@Y6X1~&B+GW$iZG`A((znwDPi~i+JxT#r3=c6?<
zsz?1kHn4RJ&zON@)=T>_D$fL`ALyS+ojP<iX4dtD+4itMD)Pu0Pi)v=MJ+46jm!|K
z$e=#zzMgGlaE^be4)=KBh%zrpNAtium9*Scx^8jatl5w<LqBY}c8kr`wtjx6_lVh^
z&i-J!cLh}de2X0@+d98AAIvYeaY`o@`(?f~BE4W+&is6hvMO&f8ojf=1Hx>Ld@Cd{
zfBlrrb8`aC*7wAJl(cYoil)xJ?4dgxss3)Qwlvr%y{<?1OzH~G+D8fyLm0nNosbv|
zjcfko&(NhE|4>M^e_&B?<JIIxW<lGgRZs;_G+Yb-rNj0vJnqeFRU+YJh7bQQs(@e4
z0DA^g&cGfH*QHUvv%`?@=+<DSvz*jkQVY>FqYbgG3{&ix$+SHMQh5xbb+e~qfnGcB
zqC;OwsbJ2we=}XprdNNU&VP_Td}MRmHbkVz9iZAn&E|_$A~i+rG#3VPyV)aNqmo{H
z)9LJcbBS?)@irv!L4S`HF)RFMn8SB^)Ba{z*-P~(%yzykhYW$gJul^+aI5~eh)Yed
z6xUUz;Ygj$_oL)Kg*)j~yYEc=^1x-v9xEM=-c7AMMQ{E<ni*Bgv`OX>)07I+=eM1i
zwjUzq<F4%tG2gw}(<KK?n78jQ+Id7Jw#eB29Qv`Dws(>~^4fB2<D^V6pR1tu+*f_{
zNob$0y9GQay^eY_WU!(=ZgE?O;)vqZ*m<3{nRvjfg*<I)ng<E;V#|~T^MVcfy3`jO
z)<eX#qi)DEVAFncD(FMur@Hc=jhUeb&NgS3LehhWs~x_FO*7?$_N6*3!I0m|4NT0p
zArb2J?$mJSpq5!a+pBGtcLa2q`FkFbwO3~&@9gC}KpSj)Q%C+iqIr*!RwsNH3b&uJ
z0w)$X&BA>BnivyZtuJzdKb_gac_X;%Od+nfu!hMGp6LRyZ8utI_V0oyXA*V!P-71v
zl5BcVRG(?d3QNH3XtCpP2rS2SQ+G9Yu(Rbntg}b@9`p56fFplo-B4(gIM7hKb#AM$
z_|x~xj+i^96t(2|l&U?@PtpKOY=k&w{~5#Nx_hC`;(AR(d&9U=@M$9_i`AHzo`&)I
z1w2p6Bk3hWD{q2YmyIts@UGp`?8^$d8{WpqyR^mVW+^@&#L{{pKga2{W9tJz6a~cx
z@LehoPudJyw+mi!dEIZ-6WjAJ!2E6Y-T)IHX?0J_qin4^zQ`Bl20aP=Ng`6W)_0`t
z`q`sfRBE0vrb6C@hd1#po*v07A4BC{klD{PhD5-NAK_B^!#zi8#7lFc3}e1hj<gMa
zTd;Ik5utvn6T8oCUUCRXk%^E(%sqUBdmq!H_6f4pH#;U>{F5s$)AW&h-Mt{qBlHE2
zg}B3P(o`9hX9@S$0p1AlxqD9!>tm7MNG;lkFnm|Y=Cbv*v|@-|0uI>k*1R2HE#9!)
zSbkBg{Q-cLfR;%`C81UJmsP!+m14rRZ40bBh=n$kv#5W&?tCSP83T<qfLUd13|X9H
zq*F;2+O`mBYGdQ}e#U$Hh5GM7xAXXGbAk{dY!Q1AEAP)pFZGArXj*zt9kGnCR)qE`
z(5BxkWmh?EhAdeYXhyUGOs!Jj%KXJCRFd(%3UTd*J=tav1nsr_qCHf(W))g#{($45
zSHgM@2=$`ddOU^OqRa18hL!~r=ihf<8M1J3L+TQaKmKsth)qwA>yq?@MBUJGpLDMm
z4Sm_;T8wuLjbt}6#QCYGE-zp?uMw+0zFi2w3i{6!RYhUq`ooSI1)-bvJK?a4TUFL$
zt04@+o+Xdx(OMjqKm%W7kE-Le0VT$8EJR>S)W4skqC=4rI`shX)z5YO(sOz8=~rp#
zps>5|tiA{T6x;|QUXs4U)y^B?abPTN=7INgh+aTyqv{uBw=?C$8AIWg+i=n}n?u$E
z;K7wL4Kfdp<U8=~ktX#zE@DzWs)S>K)!Af(hb(q>M_C7v1Hc}fQZVE896FNFc6rS%
zyktOy&BD?#1zpCeox&R#QV^IW#DpvgP{CADW;5qJ^;$Ns?{zugE&sFF9Z+lD;}L$K
zM?Y&lz0q&8GobZ;&1T+1^>gt;qFK+MwWP8fxL1%J#tOKWamkFE)A%?mg=2nneWO3R
z+?vP;+a5L34X_C<t&Moc2x_#f{MANZ4dsw+enVgSIX>ttallgv3ja>``>OSwG4En;
z0PZAcF{ZZWzj!7_m}*B2hla`_EOD?65r#){96Bt%T<Fq$D0jr}7IUT2<s!q?f(fxA
z3;2H)@KTxK#B}UA=F5#x@7}y+oQ?W|m5>G^`>LZ(+Mcn3#p|#b%|W@T{GZzgJ+}~%
zlh<{Z`0Wvkw;kBVw5ZuiF0`lJrsrTE!x<sVpN80MfRwXete1431<n}3ZYb^C**mG5
zGZoBhS+p3um#Ov951Z~3*kS!}YlbW5xkhzCt%{3VanRH9Kt$s+)mV6uEA9TQVDP~Y
z-fC5+fM+`L?ICj%?#>RESFsTfgO-1&q1>>(nkko1Ubut3mx^3yo~Mgf1eg_=Rwn5k
z2m8arjr7)9;<taA=`$buXw<sbM1&&oZXnhHHl}ewu~PJ-%evhTB(G9zsOGZ4<}ihd
zR2HbZACAC1-xMFSkY{IWRdD;NC}psiR-rXl|1-=Dg)BI-{R;w-?Or}v1$P?Qq&_2n
zM!7B7BwbyU!!DRw`eH*t&0~e-m{$Hv`0%YL3zd-qdj#(7=Hh*B-O_c{*ZF`bsi<!M
z2NR9FTGq+e)E}`CcnNEGsr!S9Lpgb~do@xVVPhTJEcZ7oPryXGmPxwQ_Fvx%vh%e=
zmD~`x51WR(K%*r9COx9kF<36;G-|Aci~F1~&J#kVSkDjdKLjnAq2+oo4^lm30G3Md
z@FPZHan=kbr<+)s8_PXW(ktpM)4g2Lj9V5vnHd(cU%!5Ic)0M=bNK=E%d)0-_jBr7
z-h8}0GbwT6RT{Vi5Ax-T9kbK_rY;_3W;P;AvwuT0PBq*Yc~kt{`@7x??qlz3bHnV!
z+8vV+t%zuy#n~=Pfs5_2CAqN=x0GhA1N{IX<JZNqb9(18IICWz2C6;D2NqCIK+60z
zD}_vK4jz1=(sDuz^r$w%`yQeD6Z={AdTJ{q?*!y?hrWArik|K^&##!-gR{Vsh0EHl
zu|?NxIbdHMKQ36_P^!qKyzG75367~(D)na7N<b-`qwHEs;@N)Mu>G5%<hk&oqXqE5
zxb!Rj3YsXIF0NY!5MwDOT&%gw)_6N&S=j+Q!2Ns%8Q=OYOV@W&*8r?{71)VT;HyAe
zAy)1&0}<p+@44al)|Zq=k8Sk$N{?aPU&2Zj`LcK;qQobi*eO}qv8Z*Y_kaTgu@0}i
z2ob+2$mu(H<M_nZg=NZi-+0pYS6#h(6<F+;K(8T5ng_{Q)UFW<#3*dao*b@U(z?7A
z5C4t^mk#A{>#SqS7Kd>|O>5L)#(kH`iVR7Tg9azGFSlM3Hrw%SNfBZpB1T)yzMMsI
z0Jlx!3XbYJqFy#LiT5E_Pc~Q>Rr#jYH7$B11y?d1DeJ0KHE5R(m*fijRIelWLIERw
z+KC1@*ahCW-^u#&*vcVqgV!dlUA&{QMFgXfW9G%D-3iNbZFyOoh*<3gMA3dCt^Nie
z%vUAhcl5+`N3Ak=$}yS-H|`P=wLAASYpC&5D_fG>^KKO`IWcS6n=sC?y8f^MIe2v=
zn_pEFuKyu)0P69+<a8S%jq&w3uzPxC;h?ZcJy^@BeBl1IuUx6GJ`_ya{p4c;ay@xa
z@0>)uFyD;;A0bE)s3O~`#(7EHnivzH$F7!?{Bc}}i|*1SNReYgqWi<WV<Uh=Ve%Zp
z2-VD$+wfaBLq>^<ONQ*^&D^&(DJbroT;ob<2kepPrc<%eyuY@;wj|3!VjsP=IgRQg
zPse#8xLdDRtnRtP=7d@Uj|AL8iFXe#ZX{q~Y!y*)tvxpwSBmbjd0Fd;In$$e>h}Q_
z4+95#3*nnfl1O6EVnB;53wPvU?qNmzgb;f>3U}!qJH+_OTN|D^7yDmJhb2T^-UaA$
z16MnE=OL`Kbgs@lTAii3Vtj+4l82x>sK}Iuq~}?d?2|A1a`R;Jmi(G^YoSOL^O;xM
z%LqvJg%}A8ABNA11!aW1DEf7-b2IXK1<ZUsn88h=V`4w<>(#Db^k?^G@a^!C4B8bP
z2URl2lPz(G$9;=kPMXk{KdZAVj9cw(a>t5WV=D)ffkKviqAJH^uP-bqZG9*A7?eTX
ze@>SxaFxTrJag-f{gs+M1PSi4A1tMtvxlKC3FFJ3ja!e~96bIyMvpyu;~2D*HCk-r
znk(%NUqqRPQf*AjBt}jrYK}5Joz35|vEh?btRJuUd0>dCC8knWoeb?O%8-Pcdv}YT
z=$$@*WXl@tPmL~TvDcd}=YIhAJ??VZQzgY%gM2ClRk&SrpS@ZnJ`e$sc{AU#^)~c2
z3Ii<{<hb%dHC(nt{-qTnsXu&Yr5}d{(jprJ8i$ylp=2H0J7sIfbFLr|->#cJMFIEE
zQ0%`i=iiQi9oA)R)P8FG)rL3~8D(b9dUR^L-SP0H$=+08H=9d*E;($9@On^s6$v$G
z<=R_y$qU1Cra7Ag8LPH0!RFk+D|A4|_g7H%weaT;%Pqbw0G!I++Bl-Twu%ccLUUsy
zWML{C31;;k3Wsp+waXWcXXg7oXna*ub7v8De*A1tyrJNR22wT|76tR*8fg;gX}ypv
z=~@KTW$kOP$c_23!P@=GsE0(kaU)Vlm=ZhrWJOr}c6P96dxkyZt!JA_)3NA8yuv#<
zo{?A8<6465*S2e><fW!Zvirl|^#ywimwh-`5#@>>TN?HniXx&>xEGTyrohu?<pWAo
z8$%c}S~4WKlZCM+rR94NIFvK4`99!?tyrs=`q|TOS1jd$uZse=;G2t*eM4Hp4e)1t
zQHsjuKpk^hzs{$jQ5IYxK~6USij;MJjCY6`u{S}$T|SKcaKtck5`gl<+(H8f9SS<;
zK%7Jk@}UHlP$yGZbdjdEc2%;`o{)}K818E88F(s?ku35I%gM7BI9qa+dWRR_-+3<%
z1>9J>K}yait{d1mJw`(hDW@Va9C40X?$SZ3KA-x^HkS8}%bj~Nak118O#Zt^)*tt7
z;_l3R=gt%;q!+l|P!cTaa;S!$Iy$go$=fz-3aHL@D@2Bht|apz`hH!s>7`A!d>ym2
zyk&)k@jzEYiLVHDp)+N-BbEk2Muw(L+IS<DUJZTIDVZ$Djg@vAl{+%vrh|S6TzCfx
zmgH~;nj?tj1P|TR!B^#lXCYLc13cmp<@kH@M(^$$)*?g-TsXjwNYPVtjm1Lc?ehsF
z?Vk5{C>MoiZ{cBm^s)E0o0cO93zwze^GJFAEPk-Za5`ZqQ>hE-aODDFKp=9T#aieu
sScT2CrM)}-7n<e&GhgV8g|{e*K9?*C5`99!&ys+N(Ftt1fy0&m0pR7Nt^fc4

literal 0
HcmV?d00001

diff --git a/client/ui/netbird-systemtray-update-disconnected.ico b/client/ui/netbird-systemtray-update-disconnected.ico
new file mode 100644
index 0000000000000000000000000000000000000000..04c35b058e563d58cf02803d5c97a33b00daa598
GIT binary patch
literal 7966
zcmcI}hd)*SAOE@c;$HjOLR=zyRkF7vGCpQeE-HkO%`NvD8I`DPWrXaNJ+6C;RQAkX
z$-MTuxVXRD_xCUSe)m4^x#w}t>+yKM*7G$107Uuz`+xuh022TJPRf0(naNE?IvzU8
zE#oZ%J@bEW|NUSzl)rmEh0XxL-*-z-+cN0G#<ZOW-)Jy&n;hsIJewh=pugIb!$!qw
z*8T}jxB+%EGz~@EHqyCwE!o&GQPwTur9K-kr-wmtgmAz>XQ=p)x#YXLJ=Tak*X^&S
zLT3(GG2k&2^q0Lb?fQ&Pxt?@mp200u-xIm!-#*yCz1_Ww-J3)R1K~^aRiWT>-=%x4
zAnpgR<vaf0Uv7x4usM|SSZu}ltu(dLM>2u^4YDCxQY(9O5O635?TIjVwbR=4D|y|{
z`>Z~qZ^vlGiH6y_iVT=;LMp=%Ut1(*Kc_XUgb%oV_x*z+EWn?H&uvOX^=OJ1{4&Pc
z>cnURbAUr<Y6#Iu%4G%mqMtu0>ZzHJ%?z8~wGmQxl{)|hEbxEtxK&Wu4>LaCdK+^~
z9Jl%VDv|b6&bJC>;0|J!xPLQ0@g}Zy&^MQunW&5H<1^w4?Lt0XD)~0TkDtlz%b)oR
zJ?ED_zq$#ML$dR<{*4mgre#PvzW@dH*cG2Cz`ZxjX7QG*S-yar>Faogzy!FcNI&m>
zV<l-QG+zlwC0y<>H`VRLK};9K1vNKPWQc)$K(_+hgQEMuIW1m>f4~L;TK)4FXHI#{
zL3vyNYGK_Eu8hk|%&<QLWzsyf>YOFuK>U9#Od2UvQxJzY#&7Zu4aH|^W(kr-Q#D9&
zCSd93-#cr0R3^LF*7TT_-5i&A^n-~Cb|_H&#7XLa#&oO57><3k=ubK0OHrU~hhKG9
zACW{i={8Z3xP9{Q&J%8d3!DA<x5IdGgA&H1q(A&XiR-h64Z5(W@<`8D;<v%N))nV~
zDdY=X!%lQ`5`~eREzoT&N}lEu<B(aDqnhg?RwqUlcOI8GKI0Paa$f^$*0nXh+#$ef
zZfFESe@~>v6cP1RfOh};TL}sBLNB$2^mY6IOyU=a)@zIsz#b~*FAj=U_~X|$woQty
zN<5|)uhvUU(h@{;&+_W?L`n${>LqgMJbPTw%yIn~73z5^sHJBSeL^EM8Jfi<Y9WD6
z3Y9BZ4q*MSwD6fP6tq)`bc7i!w+YdUYo;VT))tbEDSuIGBQGB^{|J7O@kA|EAsrsC
z+Q{9=34D*cmoP^ADK*hYH1Anu%`1DGyzcN79#EFi&ud{CHtO81_J7;HX?Nzdory}t
zpK?`S1YSgy^Pc1$OCFmTG?tX}HeMYC@<7LS;OC)*UUP2!qErA|E*Dey%0_ly#NGE<
zhoqb#`p#sK+`;DeR8MY{_KH|2cSN<tBhGswbH3t>UJ8QcC(}lAEM&8gGw(D*P3tGH
ze+mm&jXD=o40v?!(p){@e7Yid`%S*apRM2^rL;p*hs$5$Q-QypEq}VJB1_D9uChq`
zjBJcUTep}63Me{vb&{&3H~&nrSg)0M9P>0R;xzL-eo94tNnI#iWq*BVwB(#`j?h_F
zv}XE>I<HtRl^eUw3*XrN)1C^=>vl^&)Kv@#L&k${zs?T<wfwgM{er(Al_<c!sp<Im
zzn@1d-m-7!wos{-@*6g8Z3slP)&>G0o!?UWc!FeiUp#0|_TCitkz}2t>h^qVn7F~J
z;g?E>TiFo3oBnM_6y^@}&;Og`r2ve=VNB8$WI*D5s2s&U!ZAU54IS`=>v{5idE`cM
z{v&z;a5?`PFSqyc)vg72;eD#SQLhU0`0zyccXgfiIEp)FSW~G?p`Bv9pl%j2DTF({
zQd{?1LLr0_ckL{uYP?CBtZJPUZ9oILJt1*dx1PB(yw>k31nBpNjOR-!!G@jdyHhT5
zxP$puHFtO@g4{vgk0|#ljWFY*B5qDGu5^z%uO}aWY1{S0|EjWlDX_!m8RdxBL%*7Z
zVa$ztj9p*VYrhh+kp1l0sJ>y->0>pAYMeskwJeRq%59aEm0Ek80^TlXOq@8|_O&lx
zMCjL|CMgj@3W~RY$UgLK(!dMCO+sX%CnXOz_q-}f9d}L`R~kRubopMVqh~SVaZu~W
z(Cjs*zA#_Y(h#Xi2;{@z@@p@Y?TAIf#&d;t4=!r&i(sw+25n;}q3L2KdjGM9cH}>k
zi^&R<{d{JqEJ52L2$!LVa^te*E|Srh&A`L7Sou2QQF3I1ME)sKJkDM3k8j+Hk>aaj
zin#;c9wUZ7B0{bq3x8)ATgsFZXJ0O)WB9=HRY7M_`6zUWZLYNID`+!H4H@IFZ@7@o
zb-=RzQ?`1B_7h}KuDHBJTgw*qbSfTgVRb`WnQFMcwJB=-9VsICZA?@U>KkqbGoFN_
zanOf7y}RhMe!Ou2rB#}%d}3*})b*yg1njHL;=kI+m+a|$4|~EjbS<ndh}~GaC-a$x
zLpfS8Z^u#3HN~ntuO%(EYFGxqTDRc|k8xLil<-Gm(u*%1Rd;UKg`Zk4i5tfd+s0ND
zuPP@`Nan9o53prm_1XRu&A7ZdzCN@x;R|Z`P-DA)kLeXs`Xr#`^U`I#_f^Htw6F%c
zIh*1{17hdVPj4s;MIFmHSv4)O_b9r=l;%&k(AqX(4cWaa1!6JQ?qqhy&Zk_}P?@rW
zfi)?*ZajCb{8cslA8pI};qnzi3(ryYHxn3qAQ7?a@e!3uLGU3B3no*IH^H5js%zu1
zW^)Ye*TyY99^Ou}y0;aW{H(zXW0OSFT^$|a1EX392;e9gAIUa_=tbVSQs)?j=}ro&
z7=2)aw93@Dn5v6M+MAM;S&a1t1}EN8Z?_6aP8u5bJ!2&t|8CvVxydE`4tSSvbeQZV
zbjqSd6G;uf^3xH7a{U^=caX6h4;2u=Zqu=-ZyY?mBL_j-J$Cibl45C|7#lunk|iGF
zQttN;P&+6JH-Y@X22DYc!EjE*jy%=U&hvEtoodK@FaY3>R$gQcaQbGIhJ>1utOkb%
z6OBEL7%r~y2F+GSbpJAesnLFWa7?r1{GdKcE`vF8T#hDO76f?1f;N8JD8B7l)y|^1
zW{gOW$+xq$Yq{H{A=(VrmSs?*&F(trtLO#8su8bWh%h{($IRxPt8)(2uxo~QKG!xO
zakx{swJY5i?ddTlFD=ovuBMqfsc(>Iv{rhMt8EUTNTdFpH=PU6R%!q*IG2=Na0XP{
zYe`)|ca6x9KdeVaStP97gioXD;rdn^97j9=<^q`U?N4Y+ME}K-uDg>-p;Nzkp4_Vc
z{ve{fhd?$7(EW2eru@)a8sp6r-|yNlYCeYofR?y1X>I0HT5Z?3y8PUoLRBJZi36QS
z!y798C>)V+Vsi71ddhW%g`iMJn6In9as#!d4*bs~>*$p0>Cn}z_U$w^<}lf{>>Y@f
zsIdNa+K2WJ>kPYk;8hU2w<*4HY8utxzhI5{@%vg>5Ng-f;z66%NW}B3P79z{sGE2+
z!m6bDe4!I}$Tzk{GVsg>0jZSKDBvv(LWT1jQLr;scNE=YZ0uz{azrR-_8I|Gy*XAl
z;|`)!qGs*o*`LoM5yBJiQ?f!fzke;(h^aWqxYQDNb43KlRG=5P-1ZzYs&x$zkI3q_
z{&078mW(2QQ%74^<SvAB9HY)|0bUWj=wQ}}Bg@eF(J>6GItDBwW`5UfD75OK)b#J)
zC%QkT&y~li!)~P#_U=Bq04!HdPD<Dr?gMnYNoLQbW7#j8WNt1*{dP5KlAZ{ddb&Wi
zJk)lenL64q04v4M{<><<uU7;B-EhQQS$3c94ei?`h5G9S3%?@widsz<F95l7GPtWW
zy??GME35CtiY`1boCdQm*n)Yd@7w(tEPI5EAMYQ-JW;J<RFaw7p(s0cjfUawS2YGc
z9~3goM;#MR$?H*w{4Hu>%i1q3e+WC*jI*VGU$?xmATZytRV)MRZctY$^Z)=pFf}Ek
zwDukUs2BNszI6P)xAo9@VJndMnj2$MudB8CkIe-0bCs1nm?3;9w5P0Rl@e4uPu+YJ
zs1lh0Kxq*D$5?zZT083|+&abPIrc>H+I7Turr-4ymzh0cGupaTPn7E31#X5L6kxqQ
zXR8>ogHiH8g~E9xqUQU=hmlpXW#&986zPB9F>B+Gf*At<rkvoV)7excg8TA!3y<`5
z_njDcPCm=WcAK(JAKlKZSh}Rc0hltjB=oGFXsJiyPu6%gXBr8U6gd%@xB2SN^!Mx&
zvuH1{`>s|lWZD#h0XbbQL*+Y!TB=k2qgNsexVq^B#gg6LAV0(IroE$&>jAqR{nUUN
ziTZ|hN_8mnX?})X`fT-?KI8J&F4TyF!^4mzw#gD{-3x%$MieHq%kk{6$?FHj7ngoJ
zlOX7&?AiDHA33Wls$EE}EX`i#0pgWbwboWYw+cwtD7Gb;VD}r!6w~gLWz|$ftUso#
zuOk?qFlT4?vlYIu1yjPz<8(@xs>bcS+#*>8bo2`4^g{uMC@pDr_Pb4KI|o6OWMRWh
z%xdr;7%y$MnwXlzGz!u(CVNr42?0QLF`VT^fZ)qn!kL0Gf+zmG^LIwKq>(GG!(aE)
z<XWj#4;29X4J?0Ao*m=J-D*lwsJ(`)#SWRaUD$3t_m(R?0J}*57;kG1Tf3b=tR{>0
zE7!y1x4pki?3V>3J|0<SmhFE^rw0%MV8L;HKE1RG16|>>-1nN9Uk)zw5|eIUD3B;)
zj5+eZ9I8qwT3ns>!Il*g>}F}QsCgyPX7`*>v^hkDH>{j9yBcHw+v}q{4`Tkgf<IM}
z!#SU;{C)Q?##MdSi0iL_6zVMwI{nM*9m{XYlw+C~>?Q^3t>*TwDzp6tR^EWI@_Xd_
z(uXt6-dw5oL7%_i^F_RR`=Dv7-zAxed}GK%XxS13FjJ%o4{9<svg;bICd;`#f88#%
ztiC)i-Y8Q9DhL1~RIl65m%JV5fh!S{E-(oCGBvMyG~x<>$z#lqi**b~SYe;Kxma=<
z^T%gKwcEtwO@8=)jKlv#0`=!~N+b*_PC!nx1b6YsDJA%IuRc*@5}FapO!x#flhX*9
zchTF|>tD`U_PIl`ojSn7!#ntcyd(NM<t*yqFR%HR=tB@X9(Aa)-5ZzinghlsMx6TE
zv;t!1`&X=idW)x;T%Rlkm@yyLG)LCYzS{G)2xLzsWs)g}#w!!C3Hvm{of-~#<zN8V
zT=a?1=42o6RW3bln5@9WBuusT%nWB~W!)@Tcxj=EN!y~D1XOu@Cd0p8{Q5CMgmrrH
zGZjGw2rrjlZ?6#mTv?>2N!{`U@{;m6<BQSLcr~h)vi|eFy^HuXAVe_WZvmBJVKV@P
zmq^sKHZ2i6aZZeJi~%WU5~u@#VA#qm=l<PiL*r0(X3)0>`Dn`&5I|*NCLHr4giB9|
z1w|yk>?M^<9MLB-fnqlY%f9*Z0vMd2w<=*PgzS`lxu5e%?F_`MhJ;=M)$*dhjzck`
z3))%VFSmC{nD}1=Fq(o6$;Z3osu^m%KgDH9XdSFM@@z8v!fK$~U%?wLP#E?*u8j1*
zIEBx)p}uh%+GHx8Ga%rB4Xd2YwRoCW{olOj!R2@9jSdFNBGn*1AUK*tQy%;u1)Nuq
zi!ec{KyrbLMr=_48NFop(%x8d<xO#L*I@Mnq|N*&A8@0kP$CgqyT0^8`5i^IyZcB}
zpIPP>HLm8S+$GkjN|o99&36xNxQSjnN`PU*T`Sk;{*1)U#i=8)AJ>e#CM1rfhnr5a
zCN?*gUHrUKb}uVXbJ224|9J`|&RbjMAPUYls~hKT<&em|`g6Y`1GCVZDwP|=C3G}r
z3w^jnF*Sy27Hnz$#7YpCwOM_kE#Z&`$X6Lc+neO~l&59{)5%C@@S<80hB2Ghy)-6s
z9y+Q6P&_9SF^k)W6&$KL?IQU$>Su~IG6OyH%;r1SN#1B1aMW;n*<+?HZ9?OqL%s=M
z!o2(tiC^25V9*WmH>~@+IYXLSb4R@+wGtK^?<5U>u-Y!N?r3Am@S%^093NT$D)A<;
zLb(l_(yF3?lbX+*9z>j~+vX<8DdiZwsNYwTFnr2fL#F~_0=i1AId(~_8c80LRXw}X
zz`g@GyMNoI^}%^lGEb;{eg_Cfi-F*iFP(|nPfAdQi|y5N2!;2E;9E8JFBO5_&$iBP
zyMHu)l_neyQu4_ox4SR8(NgXBWf|rr1`rkfLZ0$3`qie6__cgkvWPPWC7{2tK{1d;
zx|c_1egcw_@WW)mrREp*l77b=?(j@PTt<%K@e|)zZ#+4a2`HemdO@cOiwJ6p=NOb*
z-*n$T<;*Uj)U!wHD{k^A^-Iju_KvBLY@UC~M%v>NQ*pP=nBVnu8_fV@&hXK(Ci7)>
zWuVym@0joEJsD!?<_tF5G+!#G=wPGlhbPV|0?m2*g=1}~j*b{>ET6H5X}AIQrWAM7
zhPGDUhhPjZTI6G#Gt5tc6nL8nBSGm?GLyBUIb#t;4lsi@GpDn=F1hKXKURsu6d0dy
zf%yQYILb^0zI}V1__l*acw!`dNJvP;d9=;8|B~1(#?<xwW%mxy9Gv#4Iha>sNb#D2
zP`cTt9`Wy6H#Djx@l~22+5G9?1Q&h9dL{u9n_NK2NniD+?GL&YH(E6HHZD-6Cct%0
z8!6Yv?$ki3RM}CmVMgqDNNu~ov_{xwA<l+8V27_FH<C$4T_cPd&VF-v^z^K_Qj_cX
zNeeTx$m*N)u4or*+Cy8Q0Xhd`!D2^d>uYL1DNL-5u6h`P!{R|lSo-pPI;{7o2i_zE
zoF9jC7%s2}<{rxrGvGlElmD9Vm;kGg`*v!@I<PSU=x+s`XGr%lquj46ngb>}4%Ho7
z^*XY6|8~$^4C3kFnmY#!gaT=8LNT*;4vLbvN1{{`3ZXcoXTdc{C(s;F`N&7=ATA7N
z7|s+nuQ*#1+S=3%g12|pZLTauxLE6Cn=feYVaUv4t9wp#3Ys%*Acp};lN3!Qg*<yz
z`#smy&C`dJC^g_e-FyEiJmUwG8y1aju7;ac?Ld}B2M)q4A$tH6^GLWf@T@DgUKC6V
z0teWJ?(o}cg?fvvOT5r(3~M=7IN(8tLFpqn0VcqxF8#3j(oCk7Zp7BriU844&K9Lu
zga-#WfNJ^(#2jLQia`O^w1P5C2X|vBeU#AoLEJ4^GibZY?nl4_7L(dyMi2)N4!T5-
zn*$0Rp7}M5ZsKRH4Pe579(&SMd5Nee*sx8qcY|QJpjmDlx{a6$aiCwg)OIo8^I55o
zAl%DTYtN<G^G8MKxi4WTOvQOxEvWH?q+Q7iE><|FRt)?=Afkf#06Vx&L&$;b=Nm$l
z=K6#c{O#Mf{E9|3xKc^`OV{@!aI>-<NI5aD0cv(jVJOu4m;-EXNVp36EMEWS`Q!1)
zXs-z?aVpCvr!q8n9Y+8@2aH+P{-a|D2mAmzPpf$ALqCV3bxvq9USM9v33vxzHTy+O
zhGf5v9iWHKf2+x|vK0<Ls*4Pyz7fM;ySKZVVbd|KcDnK@BWvl+`5~$A(#o6kW|F1H
zDW=OV;UEsHT5C8a=0vggTN~oJ-LGkEbaxL!o*%g}+`O~EUhVnBN$xkz_g52E0tiRB
z%)vEzwH?w^)ckcs46*ECWybYqTohTpQ94*vp*Y4Ekqyte>L|btiy4%>QA;!A7DpZV
zy^)ZFd~jjjd{y8nz`o-)(f8(ava@M19m@bnwIZwc-mS*q)7MOVw%&Ve?z1b>DelaP
zwEj#Op~cQ;)H(TO98aDGDux+3RD3)D)S-ti(|in6-Cw0_DqIyj=F17l66$rqO^`=N
z*}=Kz<G8xU*0|L5bCTZ&-vcV(1GZPt?3Sa=rxIUsMx-)Si=TGKr+?Y3bHf%K;039S
zcAo#bgkTEmv9kE)Vf2pz*nQNBiJ;Wx%AQe}=}Agu9VTzXWdCQ~-=R-ncuX?;<*`D1
zX9A1<o}?Ns3<4bfV^W&`hEaxUZSDFD&25+RQ+l;x7C9W#`myOIBYWo?l+Pj*xVYtU
zXyY#cm{8~i(_<RV&DuAgX!V7i-Q~_816Go`8Q8GsiZpurwW6B|17U%lse(a=O*e<~
zBFF#a<7Q6@D%UlxObJFda7O`RckJ(d`*@&g^_&I->BF6@S(Q{|WgZLv9%|jf&9^PI
zfqWm$ynpHtSbf*BCYfKP)q8Xbaj^4bZtxwm`z0!-InuS}apdShgtlcG1y;$gwQ+BC
zWo$-Fdxroi=>M4N{uPMu{+u3RtI+)ADVL*pNgR9|8>q`YUA&VaTV(MM8N%&1wX>qx
z2IUeOpOzF;TAoex&i-oY$mlW(lm%MxduFyI3t{%Ueq>`-{{TqJ+|2!=W0m6;0B7|c
z?j`I!0LdzAAofN%FOk2mT>(lprf)tH*7Ki?iG4GX$vUN*GG%}9r&^VRKa0(M8q696
z1Xg#A5YF{n0MP%GLBU+5#rcAg%i<dIup<!pXriyUSO<Ss)&UenGKx$y>Mkc2j--rQ
z0Z0EWNy1*hz0J(pDQ}svJ@sJ2FH;Ayg(bjtNw*EW#(?UUsGyeL;O{*M{gJhn`t_!B
zYJWE1-*n#0wLXiB;?{3;w0Jsr>zJKq=(bBSD!t>YCtSnE031H?f8D;$oz}o%3w`>B
z>yR!Q{F96iuDhLj_j>%a-|t_%1R)??YL6o_xz2jh>V@!j)CNc!7&DGg<A)bgb1VJb
z?@<r{BodG5!Xt`xE{6Xc7=3)Qlq71V%gn*}mVtq<5;cn~U4md@-uxaK!KF?Y>#!=V
z{k2Bm47UL#s?$evcNF3T3U`2i<9p!k+2e8^r~2%e1v`+h*)}}L881L%FJZILSDwy<
zvCTZJZgYkywQ}J3)BA{2N>nZWOsJ{xF7s+og6y8v&`@Z=SdoNqSZ*8cbdl{1Q@h|?
zt*^<=)2^a%pzsGJA*@?+T*-U(eE=+&twhDihs{cInG;du)ilcm$;l^&G}%MXB`5*C
zzu%#V>2|l=>sN0&AOI66@X;<Lw7lX`QRDyEM9ig8n)pZm3)IPm>wYnAYnM|Y5q#j0
zyFX12;zD-j6}SLLslCN|9c>m#!33np%4r%c%GEJsr}NSrM}$fDGB5e_4fPT$3sCmN
z&~r<D9mGs#WlfwCP6NM_YWNRT>z}n}^gX&%hhEv7H%$be8&bM8N@b&1J1nnSOC{_*
zxYMomm0yJ(!W`j6Tjw;hwe|UHCWItC>fu-H3`XE)X3wLNRa``=7{t*_I<Rf&ug<V)
zxym0Uq%$A4%RtaXpE6E2dnFkIg&AMq4x)`Wvm%^)EQ|#TYp)=+`-NEA>qVqSSiSQ_
zfmCLJX=CQmgE7F-k0JpwME<+W#<rj$1<%@g0+^rU&lDyRfkgf*idPfNtwXC4y|CUV
z`=oNdAd>){IVp^WjfSaz<lPme6g1e^L1z|%5H#^w2sF*B0>vIi)^f37@Aa(XX;7}9
z<|0i^gOy)wu}Kay%K|?Gi7pYEAK~<S6cyFih44xmNhTp-7z{BBeK1mgPd&_*z#``J
zU6x}FNaZtn-cCH9sk#6jHHi7TY#%JLv383xxC74ME4oMgMwGn;4J5_V{fIh;5wkNe
zZ!eTdBu=dD(s@=))t&6t!2dK51kL0`n+5xseXCMrO(g=_TP946UCQ%LQ@bkk#UKv<
zchSduw6?{ZAqaq@GAUdLGMmz-zBkpGy9LAx9%X9NL>^aOJ8{Zkz?{|y^pQwE17L7t
zmVpEpY?zbp7kVv4SbSJNWhl6C$r&L}9~%$qE}6jA3;BWY5cJn7UNA72;Ir~#sGy)l
zrNHMirAIjsCY}LWTvRIBV~nxF-IGx!uLRzQjrT9_k;&{!pYnroT!bKTzyG-}q-9=I
zuIrUiLv`qn->AGq5>oBCZJOs(4MbhaS#x(%hU3~d8%awFZOA;Lc$|{D97U;kc!Vr|
zpm&Ex)ip$x%nCWdEN}OouXZc!97g8bg7p%gJa#__kV~)<xdt-xG9~`^F)3W=ZOq~M
zZ00Fy3kphmkORYnJa3Bcq}0`QW7?@2=kK$2N03i*V1UeC{$*CDp(pKC4`1`5VPXQn
zy(Ob3lw#gBz2THHN;vdii&xHl1|-1MwhI~t;R&ppo(xWzRh9@1v45*4)=GMSSy)_#
xH5M_D**;j7pT?&7JPn8Z|FY|ST_tydruh&9wAo=hC>w6z)(sQAavg{8{{vbfHH!cM

literal 0
HcmV?d00001

diff --git a/client/ui/netbird-systemtray-update-disconnected.png b/client/ui/netbird-systemtray-update-disconnected.png
new file mode 100644
index 0000000000000000000000000000000000000000..44a30dc9a773cdbf9ba60b3dd2cc0b849aeb2d0f
GIT binary patch
literal 11929
zcmeHtc{r49`~N*-FpYi5zKoF~VeI=7CVR<Fw!v7k#$Y6dlBI-7sO&;0R8)3CR79y1
z*^-cD?CY5M-RgOt_j!)*_c(sXd;EUyf6vTe=AP?1&(C$9pYy!V>%OjAlKDvkCIlY>
z001T<LwySXfPj|}08R&fIR@YN1i#wPTiM|)u;Iv{;6P6wKO7Pt5rjkH2tHsZVaVTn
zn5iAfNcOstGH%-{l%P=dfk`czN#%56@QuEN9D$cU)F|!Qk2>N;8HHbh=@PPdtho_1
zwelD7S}|>wnmIQ#o_Gl{^)3&d?s`R6UGE@$VkhOLnzHGM!%e)Mn6HOX+-G>~d1SBA
z#UB^!yXfaodCD$4t3cF3RC;7rp)Rj@YvXC>Rnr=IITiUgJTYeszYSs5yD1`%pPzW@
z{4T45d!?q7W|n36qCKDUNs&F!w@W^HdgexYdjE0<bRs+Ix~5^fjzFi2CFc5-OM>@Q
zJnq+j#uTf3I?7p~d;g$AD7tQq;f}%~3F(xJzHM!(o#mIVKB;7`yolU_e48J?H-i$R
z$Vk*AE{{JKCM{|%jzV;wyjG|<0`ac*_p~sQ&2%}q>nwu2$oefS?KZB*$bzqVa!v@+
zJlaXfpw?-3<vUdKu(Bp`^q~E}F@4)A@edk3!u;g%1NJ<QQ+M#kzZq0Y3bmY*t~<8W
zQ+>O)ha(}W(}G*lspoac2@O2~YsH+E%h_E=r={LH)V>|s{4T?IaP1bZazFrsxN3J1
z#)kNLKOey_>kw*j%)?uIb~5#Obdn>Y?x^c`I~^uIk3kj+eM>{_l>tj<3-JSM%_?uZ
zc>13))bOROM$M}{<UnpQI?f6bA0Ft5zA-xE{Z7=?oB#RqMeo-_L3K3A8oZAs8Z6RE
z%#T4yUTbC%u3KC@cB|)oNt0`kZVTI4{_$~E9+}e{^?ePy4UxN>rVTB^v)_Y14VJ8G
z0|4_GA27S@%uLnX1O2739)WH+X@Y+cn05f5p-l+Fy8GhrNH?69Pk<(h)X;)L`gmxf
zY!%JWW<h#5Zy&?+!8ptFC#~Gi`?{-optQ9R8U!^Ez#oUlA_@L}0U>GxP1G-3HSl`B
zSq6ptC4%?WMA?~{BlQA<aYzMe1!=SthTsz>htfhIHG(}n)hzT+`~d;}(nNXV@j+@b
zGU4Ij(&6&bfx%ufvZ|`8GH5v&IXNj%LMkL80FNa|1%!z1L;S|j$A!2D`vl>A0t1ly
zm{_;KP`oAz1@<HVWuJeLnc1K40U>{|0P-P2zy`_4N~2}`{bl~D5rW5rfgpbv^uKC^
zSb>vN#sU`-7#i%3!-U}i@S=Z(@NoZAKPWWV@0U9s?lL$(oIfZU0*)&Cw;>IT%*_AP
z*r&kD$3N(o7D)ErB=J6;|0e5iw(a-)a_6sxfa-tZ{!RK{zW)*irOeFK^aI^P_suiX
z*F^1)ujUcx?&G2M>rz2gS<cPP4K3w~Rgjlbz~OLGZYpRMDJ)J=39YE;CadBu_ZKLm
zfDk-3z#X>_1%gZafH-b)9^eb@CMBmN=LSMxl|XG(cPV*g6%QQN6N^>xaQh3ysbC*4
zE3tlmwQ3*A1B7x{R8p2#@RXC1S3oOEDR?S@)}XOCDXfB$yoZOPhntG~ZzvCUwG)BC
z{#Y=aKK@uQoJ>%F*RL`530FIAZlsBllSco$#oP~z_XHI*QKmitp@e^TSo!$lEb-WV
zHf5F3DyoX|ib^U<a%dH0g?|g#;DSTIOx(wmMN7;7?%5BE8t4p2EOtLnL4aQxpf75A
z!8j~FFxV<E&`%S!ZxV7}^UrQGa5{Nl@mPH<9tVP=<rLJ=a%yr)R<a6evZ`uwDw1ef
zHS}NP13i2^BmQsF`;!N$@jK*(J|W=v5x<&#&nQdWx!=Ej|Mc_uHI<OaUz0)&>;Bt?
z5NsIE<CmQv*6%KNZ)|`U4y+!3r0c)heg2nJQ1Vc8Q}9$)lv4G;g4ra8Q;||ZD|kqG
zU_ISEl;l<2-BfXZM-K_~#D`;pamT$t9zm|a^!&vYQv6q-B>pZP?v2}z0!Ww?T24w%
zexEP}c{O>}KM0fg@4JXoQc+ZqRYFUl6+KnKYzIG7+!Pe0JUwtKI5#D<il_YV!2L<!
z|C5XVBPafFQA1|GEdDE~8Z!SQ?7s#6Qb$2*ez$@387%iQf7bgyI0NndZ@&IWxBuo4
zNaR0*{73x$L)Sla{YMP^N5cPP*FSXqM-2Q&!vAE~|2Mi2|K2g;0>B%+aBx4UygEDr
z?j`BmObqk^>i#>wsq`k;av;diJ_G<5IQIV_z@2O!u#p~bWQL)if$}kN2ryr_cK`rE
ztdah4E5gu1&KW;}!H6#E^!&=(rZfxp^nkN!$B|IXF+{ENq5Q+^-|1259vv9>FZcAf
zUnt%8R(OPMi@$%=(2e`y_ssVanCmsSGI>xKJ(g(pS^7B)L|+1~Q>xQjv&<DNcJ`GR
z#&{@aAi>G_Q16?bdB?Z&WMT}~{zq__=i5!H^mH}}h-1}-i~N88NIMAEg0g$O)Z+8&
zo(eW&^=4&dLU;qLlQ(5?WMTbn9z!JKUVDhFUfE&VT0M9jjq!qwj^0}|aDCJLO6sdC
z%cabCyi+m2>dz}E^qFbghgKuU^6chHzx9<8=VKPHg@Am3^<m?MPu&YQ<yLCslB2E^
zG^&rfBtF{UW;t~lNL0#ohEz>478${LEsZr9=aLw}&gLm?OCT{%bx)-DLqS4r?g^5X
z@p^3wL8Z2kODA!2RH!vTiz!u)dSQa}<rc9E9z!_0btRsZw@SbBi6TfF)4$X{vA1v8
zHE@I@jy&^$tQKLC`8lWBi5aDP;y_2}iFkVF7z-lH$;sJ?z14we2?TI%c<C-cmXA4X
zvsQax&r<T2pk@_I<EtYD+{R^0O~m6!xP;oEHZ9k7%^JnGbdLwZ+QkF9{V-jv-O<I8
z)bh4Qm^MZQM;<}Ucve=GZE}BGiOoz&294m~rbwJ5&0gdDrYWy&06~`U?k+hV%VgQU
zO`2QSQ<fq>WJhR8yTvnH+GA2Jrt>D>;iqy9L?;7@Qj?h$xso-*D88Z?ttX=`NS?U<
zEtAgOK*a^yV7AuJ3Da(@ZXXrWu{^1FUlZ?<e_qFzo9>zz$O)XN$a`48c}-h<)TM0m
zLG%fJ2+yu}HAF`v^NphT{VY}#-Q}#b#|1$lOn@6Sky|&14(OJk{XEZ>DW7aj)s)j%
zGG~lq<)uBwpigOG5~Yo0<h0ODOio{sl$@~X7ynLHpdblEk(c`!@RUuF@S|9`@5f{H
zIMzo87w+=ISXt^5*mTN~T)g7zmoFL{iC9`BmgS!~D5~c*7Q>q0?a+oqO+5+Az8=)x
zU7V(l)Hju=r7_lQR?=s&cg%=owS;cz9xsM<aMv@mw_~&piMu}_xlX^+QWriL#-!=>
zJy)8rB4}PN@!>>3sstdRvuC4o;aq;vT>0T#qHvr_`yfa5j3r`OuYnokhnrVz|I8E{
ze=9+D=~2T=YsiIy^c{cw*A>nN2OezE-w0=}9GLCO0Ft8=KBvnEpBnhQp2QAYIs;5P
z>%)uMY4TQb=-=#~$=TR_NfMu*9PL7DvDU^_81qiPGh8blc*4@NdnsY$#h3%c`=SMn
z0%g3I!I(EsMTG9M=3d^)b-M0d2HCLjVo{O`D@J4ft6FOp-$_{>UbS6*_`8lSo@{S4
zdlI=nNqh;*<my4l7i^W#8fgvTHI53dUcFz25#f&C8NQr$fz-wh3=c%}BLGZ(hps-d
zIK5sVN&ju&4+*<1hS5l=r%TUnSP#dtgyF9pFVoWc!5+k}LldWxE}wkLAfEo@!IU9q
zU-F0orM1b{V8PNajU!ACZWCwHAIbB2CbDvMN|uWP-KJCu&CL7^b^^qq#WFCH@XY4&
z`;{IcslY@>%~**<YdJoD)mwNV_Whx|y-GdB(_wvI8!s1M#%QG>6Q5pIa!G-=K8A}I
zYfVhbNO=a9LV&vL*d9MRPUxPflB9pL09bGdm8&zuoU!k*K3KN8uRpcml9$KZnszT3
z-oe)PW{N7t)Fv~tFfJudySnqxy{9U#GC}N2FgV(?-xL$|zsOn8lStod@}}Ufx9Pw5
zv83PmCV4>m>MFw-K5gLZnfip=RbJKTE@mG!0#TXR;sYTx&wVsi%A6~N!)`h%U2RzX
zv_fuJy_!`Q!BFRy!P3t{lIgIMJrgBp2FaMnU3QgImcJTlvgt=`F0W_*xa?raTU~Sr
zu_q|fVGCFQ`HZ5qm!~=}v)0-PO&V)1b`iqehpN0G`EXb&{pO;m(|t0xB2tt+$=^uR
zm&O<umu`E@f?AO-D;7sap*n0&Dp~XL3VE|{UosEZNi1c!cJ{7gy>Qp3U3F=IGuBl$
zWHqDg>)5f6wbu8Oz!THP{=`s63HR66C~zC`V^2mQA`Z8(oFle+fP};po6KU_{gQl6
z$ez7}oxbO%Z8v8HzT=Hr6HW?gEK{XGvWbMu+}D(*>Za&Cz`=j$rFy_L1q@KIT}M3X
z{EauBvXSZw_cvYcvVZ9CJ$>4G_6N{(R($g2{bWaGx2x;dCt?o+3!a^=3qIOiv@xiB
znNBVW+4unB%<V3eMXpToz?~Bb^kI_4Ln0k4N}Sdbd4a^`C98ZG;HvH;*hK9al+Sgl
zDtrvBePwt02@LuiF;3&;aIc~BavOyXKA)jmIh3+sbyvm(md|>iy1=lzkvf##`u12X
zs~e+nl*P~ZmP#JR^=C2+vD^dEl?WY?9@Tp>%H9_#6E+ilK5VSI$wneO#@iP#lC!bG
z(3#g?V&=uhWlo;jwHLC|Mb=3rc}IMSFKC8Rrd$oUZEx))`zBnnfRQHxJRuCXX{q!X
ztchao6`pYYXt7asEaSS~5r7jyIu|+A$6TA_U}bHK1F|>WaKjGL*N8&CyPtANs02^(
zLy$uSOC4M`%LafC+*A*F?O4ep6H`mT@1W}2W{EgL?2lQkXikb!(St_DNBZ+;BQV?Q
zx!<>2Y<s&4cw0}3*8twIH2f0cCTmvw3$L`Sj?GROZEH51Z0aYsX_UQ8aXz{0kHJ`D
z4xi4PQSW~jI$C?x(ehf_XO>tm1YO=*+r`6(i)c3e<E+k3iKubu@aE=geoE83n~C~|
z&T>4mvJSna?)#;x%v1jzGtDkU!FPkNL<9|qoybp&^@1+ljdkfPyxt9@<_8ODm+pOv
zCo4X><6>)LLvFY!x%JD_im?IO*o}*&EYJbg=ZONNgLTo!#zr1Ys~|adgJxw9>h@|Y
zG9{ioXeEkLp}Tz2<wfN513$yT`#OZEwlPNXQ5&vn(LI83Z>!OnkG{@!`IP%sSST*r
zrMj=~v{*`+tFR#h1I3Q2B$alUd(#5rN^Ye~4NFIgbwd5k%9WhwOq=sIw=Ri!Zw(=0
zW%hD%)ycuH(aEBhFN<_M-E>*{xHTD?Byl8}`hII#_N#fR$TAL|EDZ1!pcDDeat>O#
z&!B)4(9WApR3JQHWO-`ndZK=#ma6q>=TFx7N2Gc+x_sq+)#&Ab=bP^zN>V?4s#oSX
z3bEsYh;($#i@7qjAc&yG18Is84%69y;UyAYM6LS7c3`U*F6$<!d+D+HZYeH+<`!y2
zY;R|}%oPlV_oDj7C6><{4FaEntBZUQy7=P~x%!W2w<#2cW*%arw5;{%(*X@wjL4uc
zZBYEn76?M~d1dojxe^jzAFjmtg|DS#&+V06c}dAm!qaw&Z#ge}QFm3}kux{xg4oqZ
z79JOWlwi4h@;+&4B=E;xlQQM!P`Q<ve=pncOQKV#j$8K2z@$Sl16w(2Y<&B^KpML?
zTXHuywbrU0RGN0)Jg{pSHTdxWpvSoF@0QQ4{9&eexz8ygT6b{QQzrJ~R~N?@^Es-g
zs_bo?<Lehfou2X&Kxzy6+n-ItZ=!=*XQOC`gx12U!P=kxb273|UR#+oyN+T@x?^YN
z!uC?za56mI(=b`xN#MiIJ%cMcx!{t}H%$g3^{6GPxS<L@NxIjocCu&ymA`koie5c+
zL!vlZ@RRalSB(oU6jxsO_~J`pC>y-PzOOG-D9To1-H2yw<HgsDrK2t2M0&Mzuc^>Q
zYr1qfQWToPNk<d%c{e1-V2t@L{QG13Q;}pN33HB$M}wu*dbPIfvEe&9!%sDf3fKSu
zysstcmi4dQ$je)Qx@2qbbo=qGO>KuElScglTICP3{qWXRrz+3Kb&j??`mW%Lv`HG-
zoIej{fW~bVx9v;Yj_F>yJ4c{kxX$Z}0B=zF=|3gbouSU$6mS|;NhMIWD;p<kbjMV$
zjg@7X!vXUhCJfgPIk4a2mh~-Rdlvp6KF84tdOErVPFkEf>6sM<nc3?$yLh9tfQSn%
zUVq`zJo79sqm=2I|L_K*!(JME$0^gnR;23GW*Hc}P=Uxjd;S7yW{s*;#K>!AUEZ|@
zrxciRL1xV0Ks0FQF}5eo%U2>=-ey-nHZ;t5A*da`HDx8Cz<IkVXJhUBLF-$#EMY=T
zeyVF;qgC=o`e>e`5MagWavW={Q{uPv^Hf9qLM7+j*r|SD$N3^ngp{Wjt%t-&ICk1$
zobL)x{KR&R3&wiN`i=S?N(Hhw$I_iI$4%R9(Lh3m9dyXv3~Op(g<kjW7<&BExBU7X
znFb?TSuxswpjD3z-mT=OJ#+!{rm##nluGC++!VfNMw{Y(<{?vJ#?Kt#d5s}uIXqW=
z_`#L3-b}@FjU^7o1w^78R3U?=*ILJ&H!W?u<;;&%mKZ#9mLv2q_bQQjN9x%}(rnw|
zT?Lr2K+c(~n$N?9eNrW<?;d-5?ml~}>08z|&7>$~1@SJU9dh3$D%;xc&aXwex(V^T
z0l2+re4(=@^0v8tz9V;;i-DPA(CF+%OKVHTjrZCcSyk7+4@bB#+$q(5Dme3{d8nNm
zhpB6XXOq=r7$K8~!mf<=e*iw2(BtRC#trVuh`^3k9DS&n08gQv(p1i%xkQ9~-ImPX
zl$}l{+FPm3#md}W8T3BJVk3pDk!UrRX3W{U&H9Z#nwSdSh<q9L>7&hm(0DBLdtS6#
z^p`-L46<}2d9<ssDS%`)zIO&vcF?e<GJG+g@g|@#7_sILaa`YxJoa{Mea`h%g$Y6Z
zQre`;ZtmtwmhV*&3z3i{I?j`EO0;&bF8Mv}>WfF!`EgwpTHH9pOF8oFqy62Tn=}1t
zl_Si_#4Z;azhix+w3@@U+%XyJB`|R1iw0xhKEwi`-Witfb+-Q?ZQnT?`_dPDHq4a$
z&YL<tOE=!(em-^YMY`*AT334*dFE(MP4&!dK#Ssb%ST*`pc+5XD<^uaVpFykqchHn
zXbskEO^8QD3(Pf{D)7~2P<_=%RTazhx-d?MPXPy+9|8m^Xt+E>GbbhHg{({M#~-4A
zSv!>@b=IFOiE$-54#*s_4L^sd1qfo$Z6%kh%_BvuE9J$vh!!n2E;*qTtDUP!RyEmz
ztlp)-15qeq=3GTV;$Z3Sh4x(0Z!BE&uTJKSo^r3F&_1m_B)Uzjr&a=y^r8_5Xqm(C
zW_9nZyXTZ#<`6OICGAv`$-E<>Z>Xm(NCrugfbWCiGg*&o{Kp1NA)j?%*^5Wh>*S|f
zl!t7*&hJ!7ZF>iKyX&vF30ju&XFJ`PhrcZ1Oodj{9ce&FNgeyvcIiRYCP$LKT!urm
zNmC>Bk^drvf`2<w-1sUn{%V}fJpyOUx+uh;9<i;u@C-G3_p!PPzI$);$k*MyBZ1J+
zmOg5T>yW01O37V798HTBgJSRpS9b7uOhuY{du`vwy+2F|K3Bb^B%3$Z^Q5P<j{H*S
zSz$~D-^2Lu;0R5C)>WQuMq|j!0M@8A;w4{*dso#%@heb!V8)a`f`M%L<&68i@4P+4
zy!Vr*mlMd;cf|%k;tOiFC|`D2n$f#Y{9kE05U3s<&h&YOa}a4dzac5c8?LbNc=!x@
z;n|IqE5WM+ci4#S)QlnWVl$ZG)K8V?o$uX`kn%pG1F1d=^{hukMAi4%eDJT5&w(PR
zQ-Ndrl&$a;qO@4MOK6_jM+l6a6S%sc(hI%%t*J^bcbnZsT+bb-E=`C&B-%Q|k;>Te
z;oVu;n{G_4PvH*+O<Ge2qMlypGPWNX8@Gq`JKiFdO#V<1rgaV3D+WG$G{vKw^A_D-
z7nu0?^SX%~TRZxl<=e`rn|JCoCU7l@%#O_?<w0FDrz&;dsKfVEM!KwEt~|WzmtOey
zxtyids@QDNzCI>36Ow>M=sZGIH(vW(rQ~v)G1ee&JjCu*aK-WfaWPfg0=QB}FA%MI
ztJky7OIV|SW%pI0bCq&3w#EKDr6-TMoihfNbfPGMefS2eZi^@vqh2w7Tl$Dl(emA-
zw8|(J@5*}s>>_wq&CS`*nsnm&2Xk0Dwj-4H^KtK~VwzWQG{uRe9|Lv0xql1*B`jkP
znLEepH#vtm=)$Eu2QLlvx1VC;@n8FK`!q1mmzh3-u={ws`9Yxoc(<yRtw?C<_Hq+a
zAs-oEPnV~UC<)nq*q%UzF^(-upIs>|wo7jx$lav3QMPp~DKFsz(Aw%%?Y7tK-|#LO
zC?}7ZkhJmiDrD_c%I-JEbDdpyX79Z!19jR2&lRH9LR-NhsoL$Sc8*0;IWu`^wXj3p
zmwBq~N2{Xxr$baeU_6qkb<QcsS95J`uMskw1pCBCHNL)lEGoE)_v{_0Yu7Hz`ZK-6
zl84cihn*`f!8?vo$Tb5l<GiWLt%nAA--YSBicW5dMg`+IuIB@vbrE0uH@p;CW3xJs
zPdo<*O|)S}8)t0vT_q<s>pL?|cEz%wb~rp?od2@+2qvF865dN3%YFhK?|S_-W9Zsd
zFVB5Z?d7aZ`gHtr*~<?1H_d^bcnZiXV&>`UmpcThqemq#Y>(DCzBT3&B7p1R8{dV*
zn3R_-WC1~$dwf~<0K24=;(6&GtIIoa;Qx%o2$m2DnOP?aR5<ZZ*<;rc5jU^y@KW2Y
zUT<GMZVGuoAo`&fysTlbUu)z=_*cuLjh$c*#-A-Wu$wKgCj&jGVvXq!Bx64l6yLhE
z5|@R;!I(aQ5ZTR3GEg<176wx-fnf!bR3p`#*zkA}qbzTD=-FVzVW@H02v<nFk-=mS
za8)OXk6IoMmL$~LGr0vX4D8$b0sY1=mBUMIeZ+uhHFUy(BQliRhaa*(xDpfaQhVWh
z%Ieo5aj-N+%#grcp3xybjN6&_9BgTaxuhR<GnG!biUhei=WY7f!0>BiW&;b*P6DxE
zAi6#&#^P*3XKJ!)=)%>IMWN=|8u-jvGBcueEf|sp;$@94bcSlMLn=anuJ_>D%yV~O
zZY1CkwEhP<C4kOhH9!KGL(AdAgaxuTo}i%1^>L9*m^i}F>r|KesHuxLGllQGBMF9o
z(pF2&FIH-4I5l`Nujou#NJWwQ@eu0a{Uew9Tf2cLHYhar0!s_hSEmt2i*tz!Tjy2{
zE{~Z{ntPu!g*7j{zwwFPYe#G8d%Amz^tGJA6t-5+x|a5VXq&{0Op%P_x|If6R|$mO
zoWzylBgM8-Nb&5(*%{>X=NnbxfaJBYVjpcuD=X{z_tu8+cV{J-3|)AGR(56uf?V&o
z_gH+ucTJ4a%q6PPx)xu5F!19IOZnOI(;VSp9M7R)XY5(}!HvVDhb(J1_Y;A2Z!w`A
zb@BsnD~N`E?%8c`e=%lbHTX%T`I?<wQ;Wb!wJ4V+WeKQfp;&`cvQotM+!a;Y@#~vJ
zy=SEFco|5A4-l4g;CZ!bBC5J>I{fRFGFu1&K=?PuM5#q9AHlSq<pTgTdj4h9`Y0@H
z?|5nxv>shIW5F*MTkryL3ej56(l-4fkC*L!d0DXcF*_3)>EbG~q~lLEbRBGd=hO+B
zH~w8t%j5_Wl@jl+J^wPWv^P`u!(q1+1<prz=xS;gds{yf09Dzo$iN@d^$DanNtEGq
z%x2&erh2o)WZ)i@Lo$<6ImxOku*0&UY$(x3dmPBPefM@}Q*mVH35Ziw<N7D-fzz#9
z(~q9+Xi}M2QdsC$Bv&`OVsmb7mlPJ`)3?_4$aH0Wi%@PaO*?*(cUMSPlde(1@3YXo
z!wvNz9(gd<ow4_Lg1MH>4P<e}JpI(f>u5>R`xeK&sUq8Qo*OG?!G{`;z>A`5ZZ9XO
zL7$^Pk0I}o6%xmsc<J6hTjUf2XG>F+pmy#f9@?)!Kb)PBQKRnkvdo%d%)^tL?=*ss
z2S+-cR)^CDb)S$L4|T9Mr+fAC7PX%t=F317o;$YiDI3GN?v?a$>2vR9KgM?C__fcY
zD$Nlwiv!V~5|1-=dd_l!`-us(@x4&OfdtBtUINt|p<`aMr@;n^Jl(3mIGqXSFwmol
z47^2K6|~U%H<LLb{7jg645Xohw*=b8yr(AtIM;5kn80p?>FXp0m`u~l9TZRM*TzH9
zavJ@xYhk-}$7>pUGT`FvDmYO@){h4<HrX}oI|(NNSkPg{O<pOPCtpo;APv+>?v~H~
zda!t4GvffqfT>&QOzmo$IXos095uhZWGL8Hgf{!JBP%Q>r!Zk1$Xku3p`VX_{+(7Q
zLCGaLDW=mf|2P6Wr|JYwNWgf;{2g#TKGvopf_NXM13xEjI!Y9?X+TJfr{!4XKMW0w
zMq0ocJ6k8*l3Tvhj=yjvf(MJ7KV;o%3lbNskS?4Wz*|NFj$BnWI0+V<_q%VFE>oBj
zV-~D{h7J!A_I&vBH%9Zpo-!t{5IP0Dw(4E4McL59)`pOT9pd&IVRM**V)WgERPzHm
zJPgD$*y4(`f)96}a={;RK|aB<nRf*hC^rtq?5~|K9JYq95Tc+sT**#r2V=X6SA~!c
zThJYR!T9u+L&gn`nBU9ib$3s9a3xMWVOIOuC#`eMtecxo0@^9-l=YK8Sj<AYw)9|!
zl8csxC|GH4v&X(T+NOMkEp~rv0JUWt!ajB-->fWtUHoIO?M0psTjJmmQ-4wE2Q1Z2
zmOkLtq3z_mcK?nH0`+~*trm%}Tx}~TvRI?@oV$=@6O6OpKhksjv_d}v%_%uC^mP)6
zQ`7%pq<rPD=_>-2e4aWYpuLzBQ}CfrfE7{#<B!K>#l$)VOznzE0ofZ2Dewn|2kej+
zzOTD<Sr&d=NNYJnoBv_x!nW9cB`tG?rszYry<MT|oi__Anc$30cj{I$15B51H(cn~
zqk?B^;6Vl}>V&*>?))CT;n+z%iQ07*$@S5SuGGBn?=Qe(n?vUz__)Jg`zAalV4hUe
zbgQ<3M1v3cEt`~#UZECtW#X#xmD_@LXZTxBzOxr+XU?pd;P;k_+vT7TbMhmpF}aIH
z>Q@=UWwq4<!&q~OQxBhwhO9B9JLu;pb;(FTz^5Wx>2)niD74tU`H1aaWy=%>NdJK(
zW*Eutu|f=%=lT7+6ZFo2G<dql&=x^_W}kJpYh=5@lc*t9tnuwRT!Z}*mmwb2@>#NM
zLGMlE?jw^~NgC&#DR3IR)Y9OVPv6NJbunR!0d|}t<{oO<wtP^m6=vUsXcQgyNQ-av
zFi+N6f|_S-Og6T>MIk$~SPT1Vy<Ka06llC-Tjg23Vg2*<ZIY%s6Y{{#`uI&T3E&u+
z)&K_F%eNW>SxSxA)|A;l^D|l8_62&=yyL)gyF&~<dPP2>ef&Ef6JvwdU1}6&*WCmW
ztqAa8(#cr<=nL)vo?M$5i}pLo7H3JmU8%ktT--3X;d-h})KplS?w0w1*6#i<QLNt>
zd(kQ=a~m!}^_81>&F!TnM`9h|hvEpAs(Ogvnr_(yi(|cAe&?r_mMlVNxsKQkRxd$$
zCQRYG?(LR2N&;sd7j3@EB+KlqmV<%&<x1VV^GH*{?N_H}_auN6My17#0V|l&&<O#P
zm)>Mfz^hT)ZhbIg{rmxa)XGX~JyGLjsU9Tg#hdCSZZw-Yg0x%)yLA7pOMu7BycR?O
z;woaa8OwPMbvmzOKIhAFk#^K2($)XU<40C@eTuOC=R_LL4T==_{1q_5oYb$>b-nn1
E0BadFW&i*H

literal 0
HcmV?d00001

diff --git a/client/ui/netbird-systemtray-update.ico b/client/ui/netbird-systemtray-update.ico
deleted file mode 100644
index 1a1c4086d5ec7ed97f8c633b4ade786fe24fb522..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 4726
zcmb_gi96KY7ylZA5z5F;FGiMZV@)A5G8iq4>>)!*Zz>~&3Nu3nQITat45_?rWXs-=
zon*;2*~yk=3|VLU>3{g0``qWAd(Y>5&hy;ot_J{k_RC-40TcnO7ywA_>+u*n8<7LD
z2liDFTQuszU+dor;oomOZ~u4oZ!hq+ofA*@%g{^!5R<h<SvZCLT*+R!<vAchiV*w)
z_WlZuA|dn7rS?5Fd>wuMfb#)iv6~p^<FgKy(MdMX-B@Mx`l{%ugL7h}hc3<znyw#{
zFi>H;Wt3H#oqzW8pd0>X2Fw@i;w@UY@(Q9&X2!t3?m@&#IXQhl`2Rt2b<Floc${3g
z(#0O3?KO_j1{>`Lj}-nBz`5VwE?a9M%6HGyBVEcxnBBW_!~fcHO(Xe)f0}3Ge5(gv
zb?A0p!=a&;u-32Fv<vCSOB0QS`&ZVP6(#A*YnBy}guH6^_3(Qm$N@WejhQvw7BK(r
z61If2JVzz=GQAq-$L3a|Cu>f%pr;S%hNs&Paa{(d&x3^#U1QYl5eP?^n*C88UH8w7
zGDF~Bz3{2Rl+pZUf%szTbH7HZ!l%89XIRC|XtI|=^!~75%ihslb*9BjnMmJ=j>x1p
zj6m#_M?+T!XSMm%Fyns_FgCM^naWliyP}|Cz7KiDFd)V@DPUPz9g)AMF9h9t^08O_
z?e0<=HMzTCw4jM4jX!rD(G?b&nFsB7QR4e`spoO>)YHD^qk@lZ@;?L@#aYb8++kgi
zEMMuRXPm>VJZW_*Z{>P-#S{A7fw)~;mivfpQ>7Xy;!1chRnqj^<>CcNm{RZx2?Q;5
zWvsa{j`(<{vcEm{6b`Qq*mk6g%W>JK?x{ATmmm*`stSATdAYrr>=!;yX45N&#^Tkl
z=|u_#?%bMQH_yJQzTS}H;aZv4(5Yd@cW+Lq7Oc;SC$m*eO<M}v&L-hHQex{vbFj3)
z@F#M{=1)9NSD<xG&^w~rYMDDD3TflI97rRdhp+CfjoIgKE^f)$-<oYu)!-NCXXbD4
ze|$iEc5ZTN(D&|nldoI5<Hwjvpv`llwg%m`*-=djY>wJk!|_AaS4~M}j`nYlChg3W
zDZrA3SBnvmL^R84m%SMt@=ytMS279_PH8v)!&C;@lE4b5vhg+5ne@6n-!EKdu-Rcd
zW>=e7Xo+b!&*nwn9T<=jBdR+m1Vvwo&r>ksq@2d#X0*EF^}HRkV&Y^jhq6cPPZcxm
zJ+>$IrgYDRk^EaSidu!O)p!@B6T(jIti)8c;P13|Z;TGJp+s2~&N)}8<fMr1T!O(&
zP!Th*4s!-LSVs(yN)Uy0IHo>B)nsp~Zm7JjHVP2oj&1Gu&rbX~T}Qv}ZwCV<%QQSL
zO-n@Z2j=Sj>GJ*lD@5<XZG+Amhn$nUwGMu7H~cU~H>q6tF6V;(Xbck#q!s<XkSr%%
z_h6)OPFb4r=7>mNv4N{{`bdN*v9dEVt(N$nTz8-Mvg;RD>CD?R(h5ZrIstMHW2=ow
z=vX{rq=tJ~1Vu;CYq?$_yKXig5+bDIEfOo3iu=>f;u8`iSu5({#%=|Obx&gL9J9a8
zCayod{Nm23jz~Y(UNfiiGm7q^R?2-|r0+9KgOC9-TU!0=D!uy5+Cu6*zGFBi$n~HB
zPX|~75b%7bR2vjC6-;LPgkiD}q{~g48cdlY%`VpD+;dudo!ezEB-m-2Nqu1cfuR5;
zs%d~POxX1g*nr)7$?P-E5YkkfQ(V;D&zl>wuc^OieRZ|vcZ|Ii3b*<ScE5j9K`0|0
zzyoz6(v3+Ji;N2<?Mg<N#M004)aSbdW1ZPU2(up>lJoY$>`Pya3@14_5t3#_<z8d=
zs^qldS3oEM;I+E$vX$i_$=W>hDmZYAvHC@S{B6y_#E9a%aJs}lyio)Q_&m$2?!)CF
z@@hT8e7=xehZvnjbQ-sqh8NygImqWDpqBwE1^;&6GF@D!<8dJ)_XQ|TjQs2`1w9M?
z@ePu@yr^7`A0lXX;!B1{=x%eEHG`!HYoti3PD;p2@Ysox<ThrTb|$Jm1(X-UTf~NL
z1x`zpE!>}$4$>CGKe(_&jU2yJi}=Y{y0!!1fnkbDDAL^h1rwp!0@vfT4RohmyikWe
zX+wZG4YLDt1V`xHsqH<NXAz+rOTDc-&SWPe6xdOM=c-^+%8q77IR5^Yo!^Xo>zKEh
z7TU<64ViqRBl1DMrMXu~M1fC(B&`0z5FHV}tGU9;ccUic!6!vtWyoQ3<Hk!SI1lDS
zG-dHFwZqceF9R@!2qn;m9zVp}4cCsXiLQzI*`g%Hb0TjJEFNQyQA3K~?H`M6E*&xd
zItyl~;C#37++D>wb{c=!E4Pu*ioNz(K2ajhkNR?u+Yr2RpoJRU`%E4MhG{d8jE08@
z%-DeMq(TnoXo$aDc0IP*x&!60f#G7CC<T?&TE^iGW|yFrGANb3e4Ls3nAyG+D`S%`
z_Eto^iaYnTZiuN_w&j~tc2F5qtjamsjp^7_5SeQdZ7eJ^;deY?y==-*D`lOLMXc1B
znDEQR0c_4}2zSuF!;gJ(IRB&mr$k79-g4;c#qDtJgZYa`+1LB@UyM%WWyTZeC6s<v
zJhNQ@1qa>DP?@Y-R$KX!{lVRLTWxhHJn=-cJLs;o`m`xydoo+-lqY_V_xFt8of3XO
zM05#d(UzLL)Lj+%4)n-M@hcG~uu?ER%wF7h`d%YRqd1<ht>=9^FZSO#N|Sfu`|J;p
zrrU`pnlj*TndD)%%+wM8(>NJu?sDku`hvyPiT|Q4w74g`OS?B}H|b`9_~-K;-1d#^
zA_e$v;F9;Rdov38lx86$cyyIx{C#hN?OkK0o3kp%ScSJ}k;d^Ea;40PWL-mUyc7Y_
z|0{&T4uCI9uX5ZIP1!9tV+9txf)t(}*U;h308K9+#vDJZ*tTNsnz@^QDCg!ruJ;P3
z`9w3?>u{c^a60lS1Y9%LYPc(9JBKfsVOmG}8&*X*F+pz(g*Kze>_RW$;EIXzgb@;`
z=ZR7a+3l40dQJWs|Am!<X0{7NSl+E|=r*^eOY6O3H+K_$+X%ghtb@GD5$;z6DRo5V
zFLPBKx4rK!2F_=B9uX5u5>8YRhu{)V^p}snF5x~(!OK2I9DphcLo`83V)$68h!4h@
zcX3=JIlMS5Y1+X@1hzIgw$YI2{jl}FU7NQ|1=tVo^f?_~OHpFIAGPr<!WBPgFv_kd
zudDospLI}rY^m{{_aRTgAIJ%LbukS_=mJmeu5#%*rDV`s?^V+4FC~Be!HA$Qfuqvc
zPwoTMs$oMMmpstS_MY#B<p`a(2r@e0o~==~z4v+&gf(3EaA(0Eo9ij(5x(APxTzJ9
z4snxJ7b{r~UEpxntxC<;YO1Tb)f3gmn5<aRn_kW{GvqUvsQ!Lj4s|`a6z<XMry#~;
z>Yr=>StAD8^*ktGg-*NNG~ODXUBX{fTX}PV=TCX<e@osw=X=VJq|3<R3ltP(plcB|
z-7gLk5{4quRDfo5MD^@6-wD&xtj8ui*L=sGpcL=W=otcQ>zyLJJQzKe<+H2LSiv$`
z_J;wopiPVqAY!3|LR!-3!!m@y*WVO5fu!#{orQFhV^XI9@N*lqisGC(k&pk;H8ksp
z7fHK*Nl9cvO$m$~NcK6o%ok$y*Y}q&(4~S5+Vmpt8Vc5LxxO<am=AiI%P#~}j`<VI
z1Jr@g@H)cu!Ppyg5hZ}K92AVv&Nz-iou$#;_$H;!8>DUb^G=#H6gUH58GD^ePs<<z
z=2|E?(ixiZLa{%6$J8?*;LUmDDFst1|7k(OJHbXwu?H?Z(an)&UkY3^87Qy<RNH1%
z#=C_HF|Q_V?29xL*`1$xOeKKxHuuW~36l|Db)9U?2rw|FZ#Ps+;M3>N`Bp&L`Hfz6
zAcd5-90)<mw@kDbD!B06%5hKwMUyY>p`w9n@(X#+K<y*I=_%LJdrQXhAaVwIs0%cy
zEl)U52UL`1zbycajChYhfr%RG9f=N!$-aA`Kk3Jz04;fTe%62<KC?|n0%fb5(kGw*
zD6!nA)Ep3ajQkQhkW#Q}CxnocAbdT-9i7ngd)gZJFSvvzxbqNF8%(sTugTwXrNlwu
z&!XK>z#AFvtC%YOOTfqa*Bz1kDN*8a$h9DB-|k$>k2wZKoOlm}%VaPm0sl+D<%SM2
zJ5iOFPm-rm9@)8-Fqh?SI_Ch*PytF45h&Xq?Mg5^-t;)ODb4yV1IuHDUHkoBQ;17U
zR|7G}k3Ic7^!+gL2N;>fFqK#BYk8@y$|<uGlr_wHP6R$Q8TOYxf}G15f|H86cGTS9
zg8E|L>}d8i5MdWr57Iq?#St(z2hudyevMsdA;aa54B;k8#R&7|-c$$J)ewR<w5O-#
z2AiaWBkyEYUBR^tbl&ggb^9Xi#OsVgcFOQ~f{=neRy6y!kc>@`TOs(`NnVUK*zgFp
zL<4XFggx;#LnLOcet6Ffo!B$ry&Ku($3Q>r;C2DHccR>iPq$+I5I14iJH~`rRPM58
zrW*=eCPUrS00fcLcxn$!*Uii8(14g$9gsKAeI7@!o+0Z#G610I?6Npyd=>Dqn#5Cz
zLgq8<O(#(-`p+Fx_a9`&16g(75Y_tiBgDSWLg>G8>BAQX2VJW!YPE6=fqUA_V^E&_
zC-uovJ@0FzM0wN4@YY0uV@#P3>}|?WvcRYC^BFCkNMQ`;y)CVKVJ#_v2z&E`DDNpz
zXe8eAXj8K}h`V`|Gxw;T{yla@04K`db{!w@1OL6}VGf|Sye(<)UwYGGKFG#qLs=B|
zxR{1Jf*s35s4<4xtAB#)t05UAp8Onw7iymXv4p<Ow~go1bj{q^I0kC*K~9XNP3bc)
zjYRM$B{TlDvnG}@m$aBN@%1B8mN7h?$33D8oCPjy^Q&HN%^nj$F9lXc;<GwCkjeT!
z1WWkj!ZNTZfo@k8Z6x2r+ra^!odQk?B@n7>F8^y-DC2mRy|AUp=I=pMMUdLfw%hG-
z<Pid*Q_k%^*bh-u3LYG+maQYW`$R22D~8j%p9~`kODOhG^<-hs5N9a%WCFXLMX6@O
zaWzlxL;u4?^@O=hqQRNcE=Lo_5aT73g3C?3m*Mpep^BXib@*jY5SbkwhqQ%boBdBG
zHMbRA>5TjbmHR>pyZcH}Xo%88;e)ChoXt&@LaGy%>}mFSkW_hf-#d84JfIMt8c*H7
zfJzyzVnqEhqB8WFPuO)AIZgYcjCtSOxS-HUaHp|gaphuciMKR#SUXMhr~-1-o=Uv{
z)qSB+R#9E;tS_E>R`;7MmbKx@^`N;tYVi(9M=oNpsp2RwOO>7J7WUE)5evhZizfxo
zJMo9ha7`q0!f4%Tkko^GqCEPXqnzJ*&I_EMKlk4xE%vmctDV@~wp^#^o*<~A8ev4C
ze#ew{H<A6Pe0xu2dlwLk{#?qwv+J-Wq>FiVgRBU{mVT%B(2jDV;*qakP0pC}nDBSr
z*>RXJST2~7W?;a_HSiWZ^9QUeKMPHPd3hGDoDv?%hB&<w78MhvJ8oHmA%b(?)>>x^
zmdOtxi4Sv$#<<EQ$LaTzdx6-dNPj`M!^HkzUj45LZq$p@^xPB?T`U)d4ey?0jn-#3
zjk5VA&(Z8DkkJzXw{Kw^e@k5qRjOY*#vHhri=H(nia!Jz)flczZ%+pVu+R7lTor6k
zxA`RJcRSFjyLBI?qJOqN1|nZ1JL-V%!<CH`rHlrn#=oc2*qe3|B{@<VI{aP5(#!9L
z7xnIUM8?%ap>7@{LBB=hrJ_IRezD)U)r+7vPR@ot7XD{Dr%3^ZyN>=;{d1l3tW8IY
zbh7&EjR$7sm4OS|!jC9YmfW)c28yIE31r_--T%V)hRq|>o`Y7wzO$(@LPdl7JNvM5
z;#u%2b<0ubJ-8#XJWHdjO^c}6)sVl*uVaAOIvbSRHoipuSzCowW3;XoIfCsF7L}b@
zLPt4br>twa<5iM@I{PrpK1bj3`dn0YlegNE@0Fl<LIuAfI(J#E7@_%ObIPD5+S}{r
hTo>Q}A;kg^(7TA<2n&Ee@DTbhpRJW0s_-;6>VH|*=$-%o

diff --git a/client/ui/netbird-systemtray-update.png b/client/ui/netbird-systemtray-update.png
deleted file mode 100644
index 1f4651df9db198901f4498d240c498c504731f40..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 7521
zcmcIpi8s{W|9;OHjF1^3yFvEsOA^i4$-eK5J?dj$!!VY}5-KG7UW7zsYbLU!EJ-NK
zkezJV%`iWm-{0`P=iGDeJ?FXG>-9YM-t)STj19HvFR@<&0DxXsN5d2VKo?aI0HwMp
z>;qnUTog2ZIyQj-K+E(mgMb(Ltp6Z^rrK&i-4N&6MFZlgYM=@L4e7KbXG#FzJk-@t
zH4g)A7C87`v3bx}WcEXWmE%pWyUbS^y>6(8Y177`5Iz$8b<6P&*D@1YqO5>s(^>Gd
z1wJPt!6cv|GlVS=zQmV2Eo@qD-<tbFrwoyxmCHrt!FnUE;bVx^W_Wd5$;?)c(m}ww
z`2ksot!2|EZ>w%4x^S<9i|=AR|AU0$hz0tk?8wHVO6}$Wl+5C#W{ajKn20BMRQax?
z8h{e?`%>}QN+F9q_Kw20COx?+xeyqY>N|BF3!|%0K>cT%<BP1Kp@s(EhL3vJPZIPH
zqLivvJBJ}LygQ=g(bAh!rGbz20wwHEG+?pW+R=8kfB%C5I$Vxx6%9^P*F--@k;*st
z6tjdC#G8FCrW2Jr+PC5?O&Gt!P-et^Vk^mgI^|t^AnzDhoHg!kG^nC7q9eOAaV{PP
zplHRrL!FOb@#eSGk@L3U08K120S2*HT1S3A`7aDWz?%muO3gCFKIrX1OtmL5zv`Kw
zKvKcrhQQ^mtb`P~LK?qczOTi1CN4vOPrbdK6;GB%#KRloJ1cnm@lFvJ@Dv~k<akiA
zTmLyv0NjgcLAONIp3}v%Ys4O%)@|0FHbTCZ>RsUOgHU%ByCjcJi)f$yVb^VGauS*Z
z#~AA@tmL1IrV@;=+p-bc*Z&r`f205gI!H}Hv}-Dja25yp03;NE(oJmp{@lOWI=P*v
zkNf|wD8DyG>|{~iNlyieQA`1z0-)ICJEQa>J;%E$a~^XLg(ugyXNrJTid3XJM28ss
zB%A@iA%+}*KboZvYhWpFA6uNeSDg~@&Tx)?wveZ{h|LYHU_4jP<*E!6Zh7C5Yh5t@
zw!|KgBG{Te%@~v%z13XVnOxZ*6lOB8Z|Oi~y8c(I_C$R9USEZF9qBsRNuEvlRbvc<
zzS%AF!hq(7?hwhHBa;Ieky1?{OyDP5$?p(#NBz+^Q@uB?s>BVQUh2kPb-KQ8s=TGw
zQ2q071T}~GV6|1liSF9NNJm<T3|4q#O)ACYK6u1uF<bL{SJ9^B6DkwVWf%Bx9-=w`
z*{r_bAM(n(O-e2$asVO&N<U#IzqhS~3De>^)N@+rmhTK{IjU(smr>4ow+wCTE0sF*
zf2T&Z^Y?+5;fI_erhcl?@0?Q=xo>FiIDycvgeI?SBZrU9bha<wR3TKVA`;onzikR2
zeix~@DX#})JRuaO`;uLVji!&RLRj0Scg9Qj2#f7X%JG9ndJMaTo=Gq-Tof*r_<m{S
z=KEcb@2LXjZi2t-RMfKGH!@5fd8WU?;#6>PRqvtH4i0SbJ#!(PE+c=|qID3m@dm_A
zq6*0<FknLz`<hXg&TY=u06{2Xo8)M^Bqz%fclB71>dk?!mm?L?2i~tF_7~hL{#{K>
zb*qDy5K6lpQJM7QaKp_A2II@%f3Nttgjrfm@67TN<XlFJ4vPypY@!HM!v07=9r|~Q
zexVG_;r<JxFPlt7%;9-bk#-Qay^4KeTa?)r&6h6ZAmt)W>jTBV;1?Nc>3AoqOcCeS
z)1oTYH5(`d-Y<O}vcV*OFTgb$<&ng{*|HsaNaWQ(6uqCK{B`oz^O{!Z=i3d2;|*6K
zUj^$fs2Zgm>tFsY6YdUfbvgP-ob_ahozd=7k@mwV>f?>C^hLgs@)Ml<)b}Gi357wc
zdv^O)IY6h=q`@BZX(xB?ZfVT<pxC4xdwy>H?ETNWiTLAl6nNxO@cr&7_M~rIU=gOk
zU-eJ%W>_cr)zXcYH?gU|l~t5Rjys8GQoNm5hL^ix$*8tZ1&32dM2oEsM+t++zZ?m`
zfR?P5*iO|Y>PxhqJlz~R*m7`m#5t8nY~k+xt_YGa_BQc2@NJkK`qnc6+dZzO1V?^y
zTv)R!uFuakKk};yADMmSm8F;cwr=^^;TioUkOsoe5AD11ktR9$^K6XgDvL#biS{VI
zM#kHbi%?>luWs=^Fq?X!P3-|bc4)WQc3yCSzRzZxkZugdqabhNuFeo1`+_^pX4|e_
z(`Sx`Z8#_#UR&mWIT!r>l5b%z<q7%GZ7cQLH=MtRa}A3$0a7r~o^wml4Ea6Wb;?|E
zPb2TfNYK(vXp|Lu-@x;a3zK=92Z5t)67dabFI_)8J7>{^P-uSb`Lc}+LyrHzan(QB
zS(JVI_(S<8n7Kb^o61l@8XITB(4q59IUZ{|MnmEzIZzsaOFeyw#T9@0AdsPjIGSi-
zkYDvEG`#0BjCyFiQc+;P9$XZwDO-lC_10_Y;{)h=b@MbQo1CmWewREYXn$cmrZB#0
zz?NBfr6btKTJD}rQx%t;_JzMDAu%6O@W7FGr!7nhdibj!<l?8oZ;*V#m~vmJ74vUS
z=)MNy?_+FjGmMt0uwy!+J69ph@EtmWVcn35-p(O{9+c_;ur|S~^rpR#?u!cOcun-5
z;G?2Iw9&{9nzRUqkpc}!3>I3hzOZKEO*-Ma!zBVvFe7XZ!u&9KX7=i<>v?xv{+WLN
zNzgAzI)xN`!&T1DPNOD2o73e(pJ=%krx{g-bY5pJ(u%6yc8#|ZwLeNuJAQuba1yRH
zCY*Rp6!_YEFlvypdI|eUmw#u1!T*>!EkDu{&QvdX@8?SNTDG#f(2H!X+j<!B==@h}
z-i_d0ZkxY{!<q>)hQGmh9k_M#>EdnGprEQVD(B8U*G|86V$a2;>1%5Gx>eIF$=*M-
z&THp%!`Mx^Oaz*B{ZcFo2#o-Le%l>)yID)*zm9c$QIu0-mBQ0k?oLl@BC!$~{Pcv5
z=KU8!&{!W&O}Zu;z=P(R_6sju$mCLs(QC;xo@voO+mC(3unmKoo7debSmKyl1#Dz)
zVu}p_)+CfndEwzx>+RcBU7tOzT!T-3_O!T@`m=hAmSh6!LZ!yUMnnO+6g(DOTM{S5
z9d_SpVJb*F)JACh-Z*jNs_T~x^5=rAiN1GqwTG(C_2^6tZ}w+c6D<&@@H<TB)=pnA
z`H;9FPwZUT{d082Ot!pCk7II;M=<}});C?*&AwhI#l3QG10RRf`=pM(mQLnq>_Zx)
zmY@6}tE%@uXLT+3aAjnYi%i+W4$gTnb}DjjqizSh+5YfFp3j|q*)l-yHrYYa`eo<A
zO$!j(8p4@3E~SS`YXV0*zS!RXKD9vYD6S!MKJR}NXZlpl&nC23Dj0;8GS*0I8pRY&
zMIY`C923aHn#o|xvsq}Hh%1GaE)$l4N|*65cRNeLN~<sAw5tZgP94&8NJ`XlO60Nr
z7;z?P&&}TbN{u!8hT`P_Ley%w4!e{Zz{&#pBJkfpjzzv_qM85MCPU$m%W3~55cUEo
zi<T;)SD<vItDTldGoRv0d!a!0Q{z^LXDF+VAIOA!<jTqBf@Bv5IqK+1$Ef8a*dL1+
zm2!@Kp&Q?PY|9`qyS==$Vc;2^?t_-c$ojN=dxoMF+_nS$3nT~0`8YLer}<Hf5e+&Y
zkg_)%5GsR(#StUz$*D+O!Hr0<?W+>$55<_0sC@G#<L)3N(B*)XvND)&Cwr#;!0==@
z;7n+JUT7aPKg-_MRp=%nzzgoZ1W>?t=Chna=j#2I*Zv+O&qH&&<~Yd8*!Lp6;$SUW
zpqp<FCjKqsiPo?5qqFgOtNHk=y+v{j$uYZNyndv;Lk6E;-b0uIrl1DbvMqU=_UitE
z3NqD+`Z~A)LM6)!q+Y?EI5UA1A`7s{`pLwjGw0Nzva`v(jdG2U{ip9`_<^s6aV++w
zCAk8G<5Qt>rroVQ+m}(~sZqybrmeCaS@Dw3&j9_bnuE=URx<e!@VP8PI3_9Rqe=A8
z(NocLN4eIIMa4+Wn%~`FF*7j!4b+;xZ8gnvNV<(8I%Kz9z<q*HG|+wr@t;qa*)z3_
zn;>-Wz>gP`6?@^#piL}}-%g&mntdwj6XA(sp(#&SZ|Q<i%8CH`j+%H{QdH=(p!tI%
zo+)Dn(upck?(lgW(n%H0zYNmg^)*WfN<aCXPtGKqt$0;XpVX1n!GZx<m6~W@iAHWz
zO14l&q7C@hcTC4=QDo(8SV9!;v%Q%J<3I->bsZeeD%?dKvHt17il#ehVLf>?j<ofG
z4`h~W{`1n}1<QPkp(afx79yqXvxIwx;l2*F(-TfM#(!Lu?0H~PVi_DD^!q^Z6bjAh
zhZVS4r@Hfj0!(x0*sask#u%orwEbCtluf?qqOwYL%hYg)4(FtWSk3Yep5SwvQsI_+
zORAv*1^<>|<Hc|2`Zb3&+9B__ifn5cuK)ZBlTLwHoHxa&iiwQs`?TYw1ICq`Oa-r4
zvgCRr{b!xlK=)>Cq8gw13;x%7{V`)!@8Sx)v@Dz4$&w!8cBNI-JW2rBOqya#G_qKJ
zZqPcxCF4Xb1r-6in`z=_Sj!5ig>-~mBHJ;G-StLd^v9$whr#L#7Qh@7|3rIqTa`2$
znEyny5o7Nz-E_}tOQp`=3SKwfqKuKYfQ%~6RQZv5{(jm%=MPIQmmj*NzEh1^5|VM)
zecCA&d1aCV4Y!V5r&aH@F84CoI*haL1(duDnPt4QQS7cC6puZPI*lW^?zgG2VP}YT
zLXXDDTBjY+%tgDhr1s@>xC-eW*>{I908=4!m+Szx_w6Oc^?KShM7kdiYa-hyWAZSM
zCCCvwZwaZ-NX?d!3J(gN6~V-#iZZRSnk(%Ew-m2%qi737uQAuFiIk~qPW;9nI+(f^
z(j^`p-t#=*Kz2tzC5H%hfLe$wVJ{&u;XjH~ye?na9mTM>pUom>$PGm*c9!8u9ZIH0
z*{2_C&ewB;=rhO)zO*d+mwinW<K8=%#;OYeUPjD!_&58K;-=nxBUr{ESLExTHR(JI
z*q|uQdtfJY8lZmeR97*VAnd#;xxlRiLXW->T}(R}jchZbC5{+sE}hF9d;VD;?nM?o
zetekF0?|r|DGn?ku;00WvI;*LUms3t;Cgq4D+!M_OT#66<D2uPNZur{+k((R$teC>
zJkLo%bfVx!7M?+B?98)U=I6298|YUqUfG62Lw|Pf3s_Rjmb6m=bgEX^;@oCA?bM}P
zGVep5Pn-%fe<MY#L{s$5{eN;*?D}%~nvAi=QO2<0^tVmo9R`@30oBKcZjmvy6m<r3
zvAheb{ZuI6#SSX-TIHoR?!6!M(r@i(B0WDS(oK<_B5nj`g>u`Mp%=3&P!;0_P!xx*
zKJ%}reTj;}{xwfgkzq!*cu$Q!;YPm)QbSJ`t^H<wb`b#Ar<)f2HAe(R9WTDif5x-4
zFm@ib=T@^N8uK!<*Yv`F9;b;hdQbgU1=?T}<|T69G2-$3W0wl)evuoekU8i-LAx~H
z#&XX4dTayK{Cea-ehrkYI%BWYyr|D-NyvT+T7W(1gW8i<a$9>V9)&Do$kQ|xUA!ay
zk7Dj8w;FB$JVNcmf0-ZbRdx2Op*O@EyZuKyG3^n^UdI^N>YOI46oQ{!$@!Y%8n!J9
zK?BYjc)K$WkB+9H-uDA6#X3}Twa<A4k2NZ`j9pl*Slv#x<sk?_ln<@;tG*!f(cqky
z!7T?6x@=|Z_Ez1(aIfYtKYm!VrI^0BpNs;)j6u~ITi>Ioq#a3>EXPA>L6BniW75Z#
zJ-6dcR%UA0;-(2NaOuM27`}{w=k=H!QuI4UbZsK$O-VFny>@<ut1LO!{u7|~k#FR`
z3vE>q>B^md=%n#^#m+bvR?2#6y*8(PXd(N+g#iRrZNc&xCeL6xVU*gnuUpqx1P#6{
z4ZDQ<UQw+1SlZ{vkOQqEk$3@TF9T-pU|6Mpn-OgKVePMpjAND<tMd-ZWAnL{VMm5g
z+Dc_-Rxpf`1#8LC;9rL;*-03x;R(~bH+G!Hw3fsNL4X}Ob~m~hi*{W3ES+=oU07$%
zi?4GUd3H%b5Paj<8L@;$LKr;syI&}+ybNS(C2{vC(TRrz`=s|=8j6A_)aTUsZ7Qcv
zv)?36D#HCZ`;t0ooF;8pm)yY}^wwv_MNkx=_SQmzdFh-y_}pFk@P*cpGVfDZw!6j?
z@fr%1(XN_w;q~xA1i<TmDX6wF&`|$=X4LvEaKtx<#qI)34o<M`)Iga!JRnc1<?`Nk
zN2j6f-Gad9avlP8vf%pjx~a3t>%>Xg?ZAa^{xZP3rb4}RVUNk<;JWiKqbNx-d8)p3
z@W!2;%rr8I+_`zh{`?~@N?pC@1}?<@wtcv+uJJ<j94H>&u(pRmdcxlr-L(}xoo}<%
zi)b%tr>zT2@L-6cS4<Te@gj+5%YS%Bb6NesTLS?k-;Xr?O`%17_;qT#HV*-=1{;?>
zzgg7^@_74&nM(`ufDPwk>xlXTg`$M7*APW&W~5M%F$e<N2oGw(AF|^r_`q?gPDe@g
z@uvdbBnAiyTf0$lubRJclm&Z0AXTznkSvT6kv5><C>=pL9GiqkEO_SFAAtmNp6HY)
zEU3U@V#2V<lUXyUHRQF2pYg4F$5&w>`Q*%|^|RIvg;ePCyCgc?;|6L|E?h1>7zUHv
zyo!z0XQ<=@XER6k5>j89s8#W=d1OF?Xcrsi^E^o6jKXx)yGU3Ju(K}tp#01n4Tmw+
z>&R-FmTBEADT2PtXx^1=h%l1{bEAx>!L_FPsre__pRDPAh=3a6jW==a+R`T9kK`g4
zEg<?*=a4YjFJQ0~U`Xsy5+j7%UHo(7mj*t#v+P40zs@Ei6Xa$C3GgOG%(_BRJd+1j
zx<pE?WE55fYa+hc)^pI>I)}wmSqN)w37GX%rdC6rdyw97C8zh=Niu*(81f_pf=w@T
zAY0(~;8-=@cPPZfQl6SIT*`kb{pZtIYN;e)FI@3mCQzS=%I1nh4`kxEQ224BXq*P#
zd?DQg@U8_A6rferu_h<urlgn$oW*L=AA6&Zv}KYV`Oxcy$Z?P2$44ySk%XKHy+Hr+
zv)JE{fMG_RyTwVc-}$2y>`iLYU0gwx7kXAok3qg~A0CTwdM)0c);U{%c$5Aw6!KkB
zU}8oIb&J7pM>#r~W5VB~($X?k`xxhEwRBHPPr8AmswPl-Gtq(k-O0p$%**yq_|-X3
z5G>-C5vWkqT*tdO$$hYTx-+mMX`t(dM-TXImrK5S<tNPWW$=iWix-meb(thnuIRNE
z&{dr@_hh)jd5S#vl3(lJfY>c01?X<s)bo0|9jfH~NUa7w3hbQ&K(>_IQz~N~Jzi?#
z%9NJiKz{Bd_V~P;VpY@r;N0JtCz?B&qrrW!X4;{S75iAjs)PjLlS;C*a(UfK=61OZ
zy8HWAP#hiqmJN7dDu&IZ1o9#d0q%Sx)Ad?X<r60uHHhc=#>uAhny<Kx9-TkiSE7y8
zL@!4Vt};te`e+)u(dB0Ba^kuId0>Dk$6gjyA+&>-@1h#afeL!c_yTSmC7?M6>cEaq
z?rK<KDpmD5F>?E0n8#Nu_DN(E%NJB8Y$~R0ADk`Bd;HteHzsh#en&>18-zTn*p7lP
zP9QSnM7GbS?nEDv!;*F{bTEOW0FSsFee(~vh_aaYiEog`c+QP!NHOxErV`8yy4}0;
zbXLo|io0uZ=f>ZZxdev5ee|YB3Xd!c@4ZZWv#NYHow5|<{*r-ezNx4`V^@|kmwWoB
z5^BrxnAg86xW3=$;zCDDq6Z!L4D19HG7crwSYniuVnVhb9-T*}5^!HKe%GEiw^X~Q
zKh(U%Fq?i2T(_WaQ2QD}m?Apj*-e@ufiL}6gX-s;QcBW5bV@UQcWuoQN`qjw<FTV>
zXV!QN@XunS#pvyshcH8;O{|YeuYU_|)0aYg$jbtIhX<gltPVhMS&%maDlam=5(mW_
zKL9GL&SDw;v+?C`uj1uaWtQB6!hHPiN+<2gUOa_tE_5c44AnW>P7ZK}IawQ$1iBD{
zkrUB3S7#FM070oIcjB_4@vOp(L$uG~Hx_)ZfE$d>HVLevpb`0HF?wr=*3fNB7SI}{
zy_pj74P`TUxn%CNg_RvNdHmX3=GBxWO<1vxFnsc-2}9DU9mtLHtFuYZfv>b27~RTd
zNEE^I6)Wq-<i%soHf&6LaC3}eOjOucqfNqQ(1&WkDCY$&W>N5-S884UJ|fhRT(5?h
zFjVy$p^!|qClMei=L<5#KNr2`BqTPyF}5RtX9vxU#Vr#fG9y5K;%zeeHPN@K%@W)m
zy74Yr;&Cuu@B@E0ghK4DY-=6lYfxu&s@#Wy(%uEUZ0o&2`0sW2xqQpDoGZ6=ZS*GQ
zjJrYBhJ9MsCb&_B-!Y=XhRm06%yS<C2~4O5QZ_6LQW(J&Zj|Ht*+Tj5O6beo{kz3P
zTeYt|Cks5?X%uln8P`&r`OjziYpJDDu{hP2`pg0LM;<T1yvwyh#{4jzKZkvHN%|6$
z=)DJCcPXOd=AI^g`c#7mEx0l@Ra0UbN2h@>Tpx^ay6zKwtCb13O!}Ob_8^J~lMYz6
zV|2y#e!r6NU!r93-x^9@@VC3~4kgUMi-v&y&409^(2Pxr*%-P_UXtuC%AHHW)0MbL
z(fz30rACffWZF}LG7rtv-HVetj0d#0ryq?|bu4GoG~^av*Ikf|kY}NJBFTW)8grt|
zvH?$Poh{U3f*+Mi@l#kUS6#M?#T*l(BpM7Sk8`J?K-Jlzrjj0th8dobi(O*X0PJEN
z{fsDa3N)KX?U@`P)GtY8ktEcN-8>9&f1bhqEFsB!g6E+<6gAr$S%DP-dlo`o2*6UH
zQjy22O^PaG{JmlEImi#U4zD=9K^FNd?yO8U2^t5p&~A-`euevW-HJfZMLnuBoM~km
zPH10dSqd=EZYibJV?l@F=Ck%Kg*9ciL19%y{IP3yo@kKZq*uY;U>vVm{O<kE$%6ux
zy+MRCpAaJl7B`F}1RaSzlgT{<G7j|~_cA2D+FcDRCJv;mR_eohZ*gDu<;L=gVT5v7
zV*Z`s4M#?onc)cD>aG6%o>v6&2QB|DHI$rWPfS9w&d=EIVJ%C^IF}dmE&Z>7;wdAB
zfkudy_HdsBSbTiiMg+3=mxagQXRCSGX>)tP?u$~uiAjGs@P27@(GolU=5#~V1oHb8
zJLjhtw}g7ohO<iAYY|kzC*?IZ(x)LZB0&D(mjw`yVA*xB+Vxxf{3(yZDK>XVAPF#&
zDP6n}mB5|sHv34?zYE;{ogYfJqF^#Y0F+dbSPg~w(j>9CSNr7#b!q1k`S5YN?{5X!
zvWrEhBa=bVdIgc{^$JLW5bo})>UL`(-HU#bNb#8g;>Bc*VsWvL=`L5#DGiywWQ)_C
zr`4!uRa4QEh%}cG03_>kmKUSLgfAaUu`$En^g2oMoUBB*>*IA~ETGpQ3EO(q4f6)f
zmt^$tA?y6x9h|c=1iB115Nq@ID1D)R6#Qhbq9HGf9pw7?6U#-wfcY*n7|lwb67oUm
z=e=T`|NagYe21h8GI0aFk!;DE`}g@JuHfP}ia@DH7Y>sx8v5okp41qy=wzkFV@<Q~
z+(C^<<G~`k*EoeoVblx%(SaXHhq1dQ`~5OH6}BHS;YZ8;#!I9{9zS<PDq%v`owmlH
h|AW85e?z|Qa{^=nybY|Y*gF2Tbu|q&>eSG&{|7|q!a4u|

diff --git a/go.mod b/go.mod
index 79862cab2..c69dd248b 100644
--- a/go.mod
+++ b/go.mod
@@ -59,7 +59,7 @@ require (
 	github.com/mitchellh/hashstructure/v2 v2.0.2
 	github.com/nadoo/ipset v0.5.0
 	github.com/netbirdio/management-integrations/additions v0.0.0-20240226151841-2e4fe2407450
-	github.com/netbirdio/management-integrations/integrations v0.0.0-20240226151841-2e4fe2407450
+	github.com/netbirdio/management-integrations/integrations v0.0.0-20240305130559-469a80446ac7
 	github.com/okta/okta-sdk-golang/v2 v2.18.0
 	github.com/oschwald/maxminddb-golang v1.12.0
 	github.com/patrickmn/go-cache v2.1.0+incompatible
diff --git a/go.sum b/go.sum
index 15c8db563..c2d32a0c1 100644
--- a/go.sum
+++ b/go.sum
@@ -379,8 +379,8 @@ github.com/nadoo/ipset v0.5.0 h1:5GJUAuZ7ITQQQGne5J96AmFjRtI8Avlbk6CabzYWVUc=
 github.com/nadoo/ipset v0.5.0/go.mod h1:rYF5DQLRGGoQ8ZSWeK+6eX5amAuPqwFkWjhQlEITGJQ=
 github.com/netbirdio/management-integrations/additions v0.0.0-20240226151841-2e4fe2407450 h1:qA4S5YFt6/s0kQ8wKLjq8faLxuBSte1WzjWfmQmyJTU=
 github.com/netbirdio/management-integrations/additions v0.0.0-20240226151841-2e4fe2407450/go.mod h1:31FhBNvQ+riHEIu6LSTmqr8IeuSIsGfQffqV4LFmbwA=
-github.com/netbirdio/management-integrations/integrations v0.0.0-20240226151841-2e4fe2407450 h1:jEepZRVo60IN+us4E8BvNUbasoViFwqJ7exKix4aQyc=
-github.com/netbirdio/management-integrations/integrations v0.0.0-20240226151841-2e4fe2407450/go.mod h1:B0nMS3es77gOvPYhc0K91fAzTkQLi/jRq5TffUN3klM=
+github.com/netbirdio/management-integrations/integrations v0.0.0-20240305130559-469a80446ac7 h1:YYIQJbRhANmNFClkCmjBa0w33RpTzsF2DpbGAWhul6Y=
+github.com/netbirdio/management-integrations/integrations v0.0.0-20240305130559-469a80446ac7/go.mod h1:B0nMS3es77gOvPYhc0K91fAzTkQLi/jRq5TffUN3klM=
 github.com/netbirdio/service v0.0.0-20230215170314-b923b89432b0 h1:hirFRfx3grVA/9eEyjME5/z3nxdJlN9kfQpvWWPk32g=
 github.com/netbirdio/service v0.0.0-20230215170314-b923b89432b0/go.mod h1:CIMRFEJVL+0DS1a3Nx06NaMn4Dz63Ng6O7dl0qH0zVM=
 github.com/netbirdio/systray v0.0.0-20231030152038-ef1ed2a27949 h1:xbWM9BU6mwZZLHxEjxIX/V8Hv3HurQt4mReIE4mY4DM=
diff --git a/iface/netstack/tun.go b/iface/netstack/tun.go
index 8c7c3a8ff..c180e4ef5 100644
--- a/iface/netstack/tun.go
+++ b/iface/netstack/tun.go
@@ -8,7 +8,7 @@ import (
 	"golang.zx2c4.com/wireguard/tun/netstack"
 )
 
-type NetStackTun struct {
+type NetStackTun struct { //nolint:revive
 	address       string
 	mtu           int
 	listenAddress string
diff --git a/infrastructure_files/download-geolite2.sh b/infrastructure_files/download-geolite2.sh
index e09873627..4a9db5e01 100755
--- a/infrastructure_files/download-geolite2.sh
+++ b/infrastructure_files/download-geolite2.sh
@@ -43,21 +43,18 @@ download_geolite_mmdb() {
   mkdir -p "$EXTRACTION_DIR"
   tar -xzvf "$DATABASE_FILE" > /dev/null 2>&1
 
-  # Create a SHA256 signature file
   MMDB_FILE="GeoLite2-City.mmdb"
-  cd "$EXTRACTION_DIR"
-  sha256sum "$MMDB_FILE" > "$MMDB_FILE.sha256"
-  echo "SHA256 signature created for $MMDB_FILE."
-  cd - > /dev/null 2>&1
+  cp "$EXTRACTION_DIR"/"$MMDB_FILE" $MMDB_FILE
 
   # Remove downloaded files
+  rm -r "$EXTRACTION_DIR"
   rm "$DATABASE_FILE" "$SIGNATURE_FILE"
 
   # Done. Print next steps
   echo ""
   echo "Process completed successfully."
-  echo "Now you can place $EXTRACTION_DIR/$MMDB_FILE to 'datadir' of management service."
-  echo -e "Example:\n\tdocker compose cp $EXTRACTION_DIR/$MMDB_FILE management:/var/lib/netbird/"
+  echo "Now you can place $MMDB_FILE to 'datadir' of management service."
+  echo -e "Example:\n\tdocker compose cp $MMDB_FILE management:/var/lib/netbird/"
 }
 
 
diff --git a/infrastructure_files/getting-started-with-zitadel.sh b/infrastructure_files/getting-started-with-zitadel.sh
index 24cb108e1..29f0e4606 100644
--- a/infrastructure_files/getting-started-with-zitadel.sh
+++ b/infrastructure_files/getting-started-with-zitadel.sh
@@ -137,6 +137,13 @@ create_new_application() {
   BASE_REDIRECT_URL2=$5
   LOGOUT_URL=$6
   ZITADEL_DEV_MODE=$7
+  DEVICE_CODE=$8
+
+  if [[ $DEVICE_CODE == "true" ]]; then
+    GRANT_TYPES='["OIDC_GRANT_TYPE_AUTHORIZATION_CODE","OIDC_GRANT_TYPE_DEVICE_CODE","OIDC_GRANT_TYPE_REFRESH_TOKEN"]'
+  else
+    GRANT_TYPES='["OIDC_GRANT_TYPE_AUTHORIZATION_CODE","OIDC_GRANT_TYPE_REFRESH_TOKEN"]'
+  fi
 
   RESPONSE=$(
     curl -sS -X POST "$INSTANCE_URL/management/v1/projects/$PROJECT_ID/apps/oidc" \
@@ -154,10 +161,7 @@ create_new_application() {
     "RESPONSETypes": [
       "OIDC_RESPONSE_TYPE_CODE"
     ],
-    "grantTypes": [
-      "OIDC_GRANT_TYPE_AUTHORIZATION_CODE",
-      "OIDC_GRANT_TYPE_REFRESH_TOKEN"
-    ],
+    "grantTypes": '"$GRANT_TYPES"',
     "appType": "OIDC_APP_TYPE_USER_AGENT",
     "authMethodType": "OIDC_AUTH_METHOD_TYPE_NONE",
     "version": "OIDC_VERSION_1_0",
@@ -340,10 +344,10 @@ init_zitadel() {
 
   # create zitadel spa applications
   echo "Creating new Zitadel SPA Dashboard application"
-  DASHBOARD_APPLICATION_CLIENT_ID=$(create_new_application "$INSTANCE_URL" "$PAT" "Dashboard" "$BASE_REDIRECT_URL/nb-auth" "$BASE_REDIRECT_URL/nb-silent-auth" "$BASE_REDIRECT_URL/" "$ZITADEL_DEV_MODE")
+  DASHBOARD_APPLICATION_CLIENT_ID=$(create_new_application "$INSTANCE_URL" "$PAT" "Dashboard" "$BASE_REDIRECT_URL/nb-auth" "$BASE_REDIRECT_URL/nb-silent-auth" "$BASE_REDIRECT_URL/" "$ZITADEL_DEV_MODE" "false")
 
   echo "Creating new Zitadel SPA Cli application"
-  CLI_APPLICATION_CLIENT_ID=$(create_new_application "$INSTANCE_URL" "$PAT" "Cli" "http://localhost:53000/" "http://localhost:54000/" "http://localhost:53000/" "true")
+  CLI_APPLICATION_CLIENT_ID=$(create_new_application "$INSTANCE_URL" "$PAT" "Cli" "http://localhost:53000/" "http://localhost:54000/" "http://localhost:53000/" "true" "true")
 
   MACHINE_USER_ID=$(create_service_user "$INSTANCE_URL" "$PAT")
 
@@ -561,6 +565,8 @@ renderCaddyfile() {
     reverse_proxy /.well-known/openid-configuration h2c://zitadel:8080
     reverse_proxy /openapi/* h2c://zitadel:8080
     reverse_proxy /debug/* h2c://zitadel:8080
+    reverse_proxy /device/* h2c://zitadel:8080
+    reverse_proxy /device h2c://zitadel:8080
     # Dashboard
     reverse_proxy /* dashboard:80
 }
@@ -629,6 +635,14 @@ renderManagementJson() {
             "ManagementEndpoint": "$NETBIRD_HTTP_PROTOCOL://$NETBIRD_DOMAIN/management/v1"
         }
      },
+   "DeviceAuthorizationFlow": {
+       "Provider": "hosted",
+       "ProviderConfig": {
+           "Audience": "$NETBIRD_AUTH_CLIENT_ID_CLI",
+           "ClientID": "$NETBIRD_AUTH_CLIENT_ID_CLI",
+           "Scope": "openid"
+       }
+     },
     "PKCEAuthorizationFlow": {
         "ProviderConfig": {
             "Audience": "$NETBIRD_AUTH_CLIENT_ID_CLI",
diff --git a/infrastructure_files/management.json.tmpl b/infrastructure_files/management.json.tmpl
index 0b607245f..eadb90ce2 100644
--- a/infrastructure_files/management.json.tmpl
+++ b/infrastructure_files/management.json.tmpl
@@ -26,6 +26,13 @@
         "Username": "",
         "Password": null
     },
+    "ReverseProxy": {
+        "TrustedHTTPProxies": [],
+        "TrustedHTTPProxiesCount": 0,
+        "TrustedPeers": [
+             "0.0.0.0/0"
+        ]
+    },
     "Datadir": "",
     "DataStoreEncryptionKey": "$NETBIRD_DATASTORE_ENC_KEY",
     "StoreConfig": {
diff --git a/infrastructure_files/nginx.tmpl.conf b/infrastructure_files/nginx.tmpl.conf
index 77739a67a..23fd760aa 100644
--- a/infrastructure_files/nginx.tmpl.conf
+++ b/infrastructure_files/nginx.tmpl.conf
@@ -46,6 +46,7 @@ server {
     proxy_set_header        X-Scheme $scheme;
     proxy_set_header        X-Forwarded-Proto https;
     proxy_set_header        X-Forwarded-Host $host;
+    grpc_set_header         X-Forwarded-For $proxy_add_x_forwarded_for;
 
     # Proxy dashboard
     location / {
diff --git a/management/client/client_test.go b/management/client/client_test.go
index b97d7862d..5c9a8b24c 100644
--- a/management/client/client_test.go
+++ b/management/client/client_test.go
@@ -2,7 +2,6 @@ package client
 
 import (
 	"context"
-	"github.com/netbirdio/management-integrations/integrations"
 	"net"
 	"path/filepath"
 	"sync"
@@ -16,6 +15,7 @@ import (
 	log "github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/assert"
 
+	"github.com/netbirdio/management-integrations/integrations"
 	"github.com/netbirdio/netbird/encryption"
 	mgmtProto "github.com/netbirdio/netbird/management/proto"
 	mgmt "github.com/netbirdio/netbird/management/server"
@@ -61,7 +61,8 @@ func startManagement(t *testing.T) (*grpc.Server, net.Listener) {
 
 	peersUpdateManager := mgmt.NewPeersUpdateManager(nil)
 	eventStore := &activity.InMemoryEventStore{}
-	accountManager, err := mgmt.BuildManager(store, peersUpdateManager, nil, "", "", eventStore, nil, false, integrations.NewIntegratedApproval())
+	ia, _ := integrations.NewIntegratedApproval(eventStore)
+	accountManager, err := mgmt.BuildManager(store, peersUpdateManager, nil, "", "", eventStore, nil, false, ia)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -364,10 +365,11 @@ func Test_SystemMetaDataFromClient(t *testing.T) {
 		WiretrusteeVersion: info.WiretrusteeVersion,
 		KernelVersion:      info.KernelVersion,
 
-		NetworkAddresses:   protoNetAddr,
-		SysSerialNumber:    info.SystemSerialNumber,
-		SysProductName:     info.SystemProductName,
-		SysManufacturer:    info.SystemManufacturer,
+		NetworkAddresses: protoNetAddr,
+		SysSerialNumber:  info.SystemSerialNumber,
+		SysProductName:   info.SystemProductName,
+		SysManufacturer:  info.SystemManufacturer,
+		Environment:      &mgmtProto.Environment{Cloud: info.Environment.Cloud, Platform: info.Environment.Platform},
 	}
 
 	assert.Equal(t, ValidKey, actualValidKey)
@@ -408,7 +410,9 @@ func isEqual(a, b *mgmtProto.PeerSystemMeta) bool {
 		a.GetUiVersion() == b.GetUiVersion() &&
 		a.GetSysSerialNumber() == b.GetSysSerialNumber() &&
 		a.GetSysProductName() == b.GetSysProductName() &&
-		a.GetSysManufacturer() == b.GetSysManufacturer()
+		a.GetSysManufacturer() == b.GetSysManufacturer() &&
+		a.GetEnvironment().Cloud == b.GetEnvironment().Cloud &&
+		a.GetEnvironment().Platform == b.GetEnvironment().Platform
 }
 
 func Test_GetDeviceAuthorizationFlow(t *testing.T) {
diff --git a/management/client/grpc.go b/management/client/grpc.go
index 3c4106aef..0234f866c 100644
--- a/management/client/grpc.go
+++ b/management/client/grpc.go
@@ -26,6 +26,8 @@ import (
 	"github.com/netbirdio/netbird/management/proto"
 )
 
+const ConnectTimeout = 10 * time.Second
+
 // ConnStateNotifier is a wrapper interface of the status recorders
 type ConnStateNotifier interface {
 	MarkManagementDisconnected(error)
@@ -49,7 +51,7 @@ func NewClient(ctx context.Context, addr string, ourPrivateKey wgtypes.Key, tlsE
 		transportOption = grpc.WithTransportCredentials(credentials.NewTLS(&tls.Config{}))
 	}
 
-	mgmCtx, cancel := context.WithTimeout(ctx, 5*time.Second)
+	mgmCtx, cancel := context.WithTimeout(ctx, ConnectTimeout)
 	defer cancel()
 	conn, err := grpc.DialContext(
 		mgmCtx,
@@ -318,7 +320,7 @@ func (c *GrpcClient) login(serverKey wgtypes.Key, req *proto.LoginRequest) (*pro
 		log.Errorf("failed to encrypt message: %s", err)
 		return nil, err
 	}
-	mgmCtx, cancel := context.WithTimeout(c.ctx, 5*time.Second)
+	mgmCtx, cancel := context.WithTimeout(c.ctx, ConnectTimeout)
 	defer cancel()
 	resp, err := c.realClient.Login(mgmCtx, &proto.EncryptedMessage{
 		WgPubKey: c.key.PublicKey().String(),
@@ -474,5 +476,9 @@ func infoToMetaData(info *system.Info) *proto.PeerSystemMeta {
 		SysSerialNumber:    info.SystemSerialNumber,
 		SysManufacturer:    info.SystemManufacturer,
 		SysProductName:     info.SystemProductName,
+		Environment: &proto.Environment{
+			Cloud:    info.Environment.Cloud,
+			Platform: info.Environment.Platform,
+		},
 	}
 }
diff --git a/management/cmd/management.go b/management/cmd/management.go
index cea8dfae9..d2f91829e 100644
--- a/management/cmd/management.go
+++ b/management/cmd/management.go
@@ -43,6 +43,7 @@ import (
 	"github.com/netbirdio/netbird/management/server/metrics"
 	"github.com/netbirdio/netbird/management/server/telemetry"
 	"github.com/netbirdio/netbird/util"
+	"github.com/netbirdio/netbird/version"
 )
 
 // ManagementLegacyPort is the port that was used before by the Management gRPC server.
@@ -166,13 +167,15 @@ var (
 
 			geo, err := geolocation.NewGeolocation(config.Datadir)
 			if err != nil {
-				log.Warnf("could not initialize geo location service, we proceed without geo support")
+				log.Warnf("could not initialize geo location service: %v, we proceed without geo support", err)
 			} else {
 				log.Infof("geo location service has been initialized from %s", config.Datadir)
 			}
 
-			integratedPeerApproval := integrations.NewIntegratedApproval()
-
+			integratedPeerApproval, err := integrations.NewIntegratedApproval(eventStore)
+			if err != nil {
+				return fmt.Errorf("failed to initialize integrated peer approval: %v", err)
+			}
 			accountManager, err := server.BuildManager(store, peersUpdateManager, idpManager, mgmtSingleAccModeDomain,
 				dnsDomain, eventStore, geo, userDeleteFromIDPEnabled, integratedPeerApproval)
 			if err != nil {
@@ -317,12 +320,14 @@ var (
 				}
 			}
 
+			log.Infof("management server version %s", version.NetbirdVersion())
 			log.Infof("running HTTP server and gRPC server on the same port: %s", listener.Addr().String())
 			serveGRPCWithHTTP(listener, rootHandler, tlsEnabled)
 
 			SetupCloseHandler()
 
 			<-stopCh
+			integratedPeerApproval.Stop()
 			if geo != nil {
 				_ = geo.Stop()
 			}
diff --git a/management/proto/management.pb.go b/management/proto/management.pb.go
index aa5122909..18077ea89 100644
--- a/management/proto/management.pb.go
+++ b/management/proto/management.pb.go
@@ -73,7 +73,7 @@ func (x HostConfig_Protocol) Number() protoreflect.EnumNumber {
 
 // Deprecated: Use HostConfig_Protocol.Descriptor instead.
 func (HostConfig_Protocol) EnumDescriptor() ([]byte, []int) {
-	return file_management_proto_rawDescGZIP(), []int{10, 0}
+	return file_management_proto_rawDescGZIP(), []int{11, 0}
 }
 
 type DeviceAuthorizationFlowProvider int32
@@ -116,7 +116,7 @@ func (x DeviceAuthorizationFlowProvider) Number() protoreflect.EnumNumber {
 
 // Deprecated: Use DeviceAuthorizationFlowProvider.Descriptor instead.
 func (DeviceAuthorizationFlowProvider) EnumDescriptor() ([]byte, []int) {
-	return file_management_proto_rawDescGZIP(), []int{17, 0}
+	return file_management_proto_rawDescGZIP(), []int{18, 0}
 }
 
 type FirewallRuleDirection int32
@@ -162,7 +162,7 @@ func (x FirewallRuleDirection) Number() protoreflect.EnumNumber {
 
 // Deprecated: Use FirewallRuleDirection.Descriptor instead.
 func (FirewallRuleDirection) EnumDescriptor() ([]byte, []int) {
-	return file_management_proto_rawDescGZIP(), []int{27, 0}
+	return file_management_proto_rawDescGZIP(), []int{28, 0}
 }
 
 type FirewallRuleAction int32
@@ -208,7 +208,7 @@ func (x FirewallRuleAction) Number() protoreflect.EnumNumber {
 
 // Deprecated: Use FirewallRuleAction.Descriptor instead.
 func (FirewallRuleAction) EnumDescriptor() ([]byte, []int) {
-	return file_management_proto_rawDescGZIP(), []int{27, 1}
+	return file_management_proto_rawDescGZIP(), []int{28, 1}
 }
 
 type FirewallRuleProtocol int32
@@ -263,7 +263,7 @@ func (x FirewallRuleProtocol) Number() protoreflect.EnumNumber {
 
 // Deprecated: Use FirewallRuleProtocol.Descriptor instead.
 func (FirewallRuleProtocol) EnumDescriptor() ([]byte, []int) {
-	return file_management_proto_rawDescGZIP(), []int{27, 2}
+	return file_management_proto_rawDescGZIP(), []int{28, 2}
 }
 
 type EncryptedMessage struct {
@@ -589,6 +589,64 @@ func (x *PeerKeys) GetWgPubKey() []byte {
 	return nil
 }
 
+// Environment is part of the PeerSystemMeta and describes the environment the agent is running in.
+type Environment struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// cloud is the cloud provider the agent is running in if applicable.
+	Cloud string `protobuf:"bytes,1,opt,name=cloud,proto3" json:"cloud,omitempty"`
+	// platform is the platform the agent is running on if applicable.
+	Platform string `protobuf:"bytes,2,opt,name=platform,proto3" json:"platform,omitempty"`
+}
+
+func (x *Environment) Reset() {
+	*x = Environment{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_management_proto_msgTypes[5]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Environment) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Environment) ProtoMessage() {}
+
+func (x *Environment) ProtoReflect() protoreflect.Message {
+	mi := &file_management_proto_msgTypes[5]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Environment.ProtoReflect.Descriptor instead.
+func (*Environment) Descriptor() ([]byte, []int) {
+	return file_management_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *Environment) GetCloud() string {
+	if x != nil {
+		return x.Cloud
+	}
+	return ""
+}
+
+func (x *Environment) GetPlatform() string {
+	if x != nil {
+		return x.Platform
+	}
+	return ""
+}
+
 // PeerSystemMeta is machine meta data like OS and version.
 type PeerSystemMeta struct {
 	state         protoimpl.MessageState
@@ -609,12 +667,13 @@ type PeerSystemMeta struct {
 	SysSerialNumber    string            `protobuf:"bytes,12,opt,name=sysSerialNumber,proto3" json:"sysSerialNumber,omitempty"`
 	SysProductName     string            `protobuf:"bytes,13,opt,name=sysProductName,proto3" json:"sysProductName,omitempty"`
 	SysManufacturer    string            `protobuf:"bytes,14,opt,name=sysManufacturer,proto3" json:"sysManufacturer,omitempty"`
+	Environment        *Environment      `protobuf:"bytes,15,opt,name=environment,proto3" json:"environment,omitempty"`
 }
 
 func (x *PeerSystemMeta) Reset() {
 	*x = PeerSystemMeta{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_management_proto_msgTypes[5]
+		mi := &file_management_proto_msgTypes[6]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -627,7 +686,7 @@ func (x *PeerSystemMeta) String() string {
 func (*PeerSystemMeta) ProtoMessage() {}
 
 func (x *PeerSystemMeta) ProtoReflect() protoreflect.Message {
-	mi := &file_management_proto_msgTypes[5]
+	mi := &file_management_proto_msgTypes[6]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -640,7 +699,7 @@ func (x *PeerSystemMeta) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use PeerSystemMeta.ProtoReflect.Descriptor instead.
 func (*PeerSystemMeta) Descriptor() ([]byte, []int) {
-	return file_management_proto_rawDescGZIP(), []int{5}
+	return file_management_proto_rawDescGZIP(), []int{6}
 }
 
 func (x *PeerSystemMeta) GetHostname() string {
@@ -741,6 +800,13 @@ func (x *PeerSystemMeta) GetSysManufacturer() string {
 	return ""
 }
 
+func (x *PeerSystemMeta) GetEnvironment() *Environment {
+	if x != nil {
+		return x.Environment
+	}
+	return nil
+}
+
 type LoginResponse struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -755,7 +821,7 @@ type LoginResponse struct {
 func (x *LoginResponse) Reset() {
 	*x = LoginResponse{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_management_proto_msgTypes[6]
+		mi := &file_management_proto_msgTypes[7]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -768,7 +834,7 @@ func (x *LoginResponse) String() string {
 func (*LoginResponse) ProtoMessage() {}
 
 func (x *LoginResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_management_proto_msgTypes[6]
+	mi := &file_management_proto_msgTypes[7]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -781,7 +847,7 @@ func (x *LoginResponse) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use LoginResponse.ProtoReflect.Descriptor instead.
 func (*LoginResponse) Descriptor() ([]byte, []int) {
-	return file_management_proto_rawDescGZIP(), []int{6}
+	return file_management_proto_rawDescGZIP(), []int{7}
 }
 
 func (x *LoginResponse) GetWiretrusteeConfig() *WiretrusteeConfig {
@@ -814,7 +880,7 @@ type ServerKeyResponse struct {
 func (x *ServerKeyResponse) Reset() {
 	*x = ServerKeyResponse{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_management_proto_msgTypes[7]
+		mi := &file_management_proto_msgTypes[8]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -827,7 +893,7 @@ func (x *ServerKeyResponse) String() string {
 func (*ServerKeyResponse) ProtoMessage() {}
 
 func (x *ServerKeyResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_management_proto_msgTypes[7]
+	mi := &file_management_proto_msgTypes[8]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -840,7 +906,7 @@ func (x *ServerKeyResponse) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use ServerKeyResponse.ProtoReflect.Descriptor instead.
 func (*ServerKeyResponse) Descriptor() ([]byte, []int) {
-	return file_management_proto_rawDescGZIP(), []int{7}
+	return file_management_proto_rawDescGZIP(), []int{8}
 }
 
 func (x *ServerKeyResponse) GetKey() string {
@@ -873,7 +939,7 @@ type Empty struct {
 func (x *Empty) Reset() {
 	*x = Empty{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_management_proto_msgTypes[8]
+		mi := &file_management_proto_msgTypes[9]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -886,7 +952,7 @@ func (x *Empty) String() string {
 func (*Empty) ProtoMessage() {}
 
 func (x *Empty) ProtoReflect() protoreflect.Message {
-	mi := &file_management_proto_msgTypes[8]
+	mi := &file_management_proto_msgTypes[9]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -899,7 +965,7 @@ func (x *Empty) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use Empty.ProtoReflect.Descriptor instead.
 func (*Empty) Descriptor() ([]byte, []int) {
-	return file_management_proto_rawDescGZIP(), []int{8}
+	return file_management_proto_rawDescGZIP(), []int{9}
 }
 
 // WiretrusteeConfig is a common configuration of any Wiretrustee peer. It contains STUN, TURN, Signal and Management servers configurations
@@ -919,7 +985,7 @@ type WiretrusteeConfig struct {
 func (x *WiretrusteeConfig) Reset() {
 	*x = WiretrusteeConfig{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_management_proto_msgTypes[9]
+		mi := &file_management_proto_msgTypes[10]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -932,7 +998,7 @@ func (x *WiretrusteeConfig) String() string {
 func (*WiretrusteeConfig) ProtoMessage() {}
 
 func (x *WiretrusteeConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_management_proto_msgTypes[9]
+	mi := &file_management_proto_msgTypes[10]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -945,7 +1011,7 @@ func (x *WiretrusteeConfig) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use WiretrusteeConfig.ProtoReflect.Descriptor instead.
 func (*WiretrusteeConfig) Descriptor() ([]byte, []int) {
-	return file_management_proto_rawDescGZIP(), []int{9}
+	return file_management_proto_rawDescGZIP(), []int{10}
 }
 
 func (x *WiretrusteeConfig) GetStuns() []*HostConfig {
@@ -983,7 +1049,7 @@ type HostConfig struct {
 func (x *HostConfig) Reset() {
 	*x = HostConfig{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_management_proto_msgTypes[10]
+		mi := &file_management_proto_msgTypes[11]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -996,7 +1062,7 @@ func (x *HostConfig) String() string {
 func (*HostConfig) ProtoMessage() {}
 
 func (x *HostConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_management_proto_msgTypes[10]
+	mi := &file_management_proto_msgTypes[11]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1009,7 +1075,7 @@ func (x *HostConfig) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use HostConfig.ProtoReflect.Descriptor instead.
 func (*HostConfig) Descriptor() ([]byte, []int) {
-	return file_management_proto_rawDescGZIP(), []int{10}
+	return file_management_proto_rawDescGZIP(), []int{11}
 }
 
 func (x *HostConfig) GetUri() string {
@@ -1041,7 +1107,7 @@ type ProtectedHostConfig struct {
 func (x *ProtectedHostConfig) Reset() {
 	*x = ProtectedHostConfig{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_management_proto_msgTypes[11]
+		mi := &file_management_proto_msgTypes[12]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1054,7 +1120,7 @@ func (x *ProtectedHostConfig) String() string {
 func (*ProtectedHostConfig) ProtoMessage() {}
 
 func (x *ProtectedHostConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_management_proto_msgTypes[11]
+	mi := &file_management_proto_msgTypes[12]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1067,7 +1133,7 @@ func (x *ProtectedHostConfig) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use ProtectedHostConfig.ProtoReflect.Descriptor instead.
 func (*ProtectedHostConfig) Descriptor() ([]byte, []int) {
-	return file_management_proto_rawDescGZIP(), []int{11}
+	return file_management_proto_rawDescGZIP(), []int{12}
 }
 
 func (x *ProtectedHostConfig) GetHostConfig() *HostConfig {
@@ -1111,7 +1177,7 @@ type PeerConfig struct {
 func (x *PeerConfig) Reset() {
 	*x = PeerConfig{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_management_proto_msgTypes[12]
+		mi := &file_management_proto_msgTypes[13]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1124,7 +1190,7 @@ func (x *PeerConfig) String() string {
 func (*PeerConfig) ProtoMessage() {}
 
 func (x *PeerConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_management_proto_msgTypes[12]
+	mi := &file_management_proto_msgTypes[13]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1137,7 +1203,7 @@ func (x *PeerConfig) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use PeerConfig.ProtoReflect.Descriptor instead.
 func (*PeerConfig) Descriptor() ([]byte, []int) {
-	return file_management_proto_rawDescGZIP(), []int{12}
+	return file_management_proto_rawDescGZIP(), []int{13}
 }
 
 func (x *PeerConfig) GetAddress() string {
@@ -1199,7 +1265,7 @@ type NetworkMap struct {
 func (x *NetworkMap) Reset() {
 	*x = NetworkMap{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_management_proto_msgTypes[13]
+		mi := &file_management_proto_msgTypes[14]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1212,7 +1278,7 @@ func (x *NetworkMap) String() string {
 func (*NetworkMap) ProtoMessage() {}
 
 func (x *NetworkMap) ProtoReflect() protoreflect.Message {
-	mi := &file_management_proto_msgTypes[13]
+	mi := &file_management_proto_msgTypes[14]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1225,7 +1291,7 @@ func (x *NetworkMap) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use NetworkMap.ProtoReflect.Descriptor instead.
 func (*NetworkMap) Descriptor() ([]byte, []int) {
-	return file_management_proto_rawDescGZIP(), []int{13}
+	return file_management_proto_rawDescGZIP(), []int{14}
 }
 
 func (x *NetworkMap) GetSerial() uint64 {
@@ -1311,7 +1377,7 @@ type RemotePeerConfig struct {
 func (x *RemotePeerConfig) Reset() {
 	*x = RemotePeerConfig{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_management_proto_msgTypes[14]
+		mi := &file_management_proto_msgTypes[15]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1324,7 +1390,7 @@ func (x *RemotePeerConfig) String() string {
 func (*RemotePeerConfig) ProtoMessage() {}
 
 func (x *RemotePeerConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_management_proto_msgTypes[14]
+	mi := &file_management_proto_msgTypes[15]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1337,7 +1403,7 @@ func (x *RemotePeerConfig) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use RemotePeerConfig.ProtoReflect.Descriptor instead.
 func (*RemotePeerConfig) Descriptor() ([]byte, []int) {
-	return file_management_proto_rawDescGZIP(), []int{14}
+	return file_management_proto_rawDescGZIP(), []int{15}
 }
 
 func (x *RemotePeerConfig) GetWgPubKey() string {
@@ -1384,7 +1450,7 @@ type SSHConfig struct {
 func (x *SSHConfig) Reset() {
 	*x = SSHConfig{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_management_proto_msgTypes[15]
+		mi := &file_management_proto_msgTypes[16]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1397,7 +1463,7 @@ func (x *SSHConfig) String() string {
 func (*SSHConfig) ProtoMessage() {}
 
 func (x *SSHConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_management_proto_msgTypes[15]
+	mi := &file_management_proto_msgTypes[16]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1410,7 +1476,7 @@ func (x *SSHConfig) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use SSHConfig.ProtoReflect.Descriptor instead.
 func (*SSHConfig) Descriptor() ([]byte, []int) {
-	return file_management_proto_rawDescGZIP(), []int{15}
+	return file_management_proto_rawDescGZIP(), []int{16}
 }
 
 func (x *SSHConfig) GetSshEnabled() bool {
@@ -1437,7 +1503,7 @@ type DeviceAuthorizationFlowRequest struct {
 func (x *DeviceAuthorizationFlowRequest) Reset() {
 	*x = DeviceAuthorizationFlowRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_management_proto_msgTypes[16]
+		mi := &file_management_proto_msgTypes[17]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1450,7 +1516,7 @@ func (x *DeviceAuthorizationFlowRequest) String() string {
 func (*DeviceAuthorizationFlowRequest) ProtoMessage() {}
 
 func (x *DeviceAuthorizationFlowRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_management_proto_msgTypes[16]
+	mi := &file_management_proto_msgTypes[17]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1463,7 +1529,7 @@ func (x *DeviceAuthorizationFlowRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use DeviceAuthorizationFlowRequest.ProtoReflect.Descriptor instead.
 func (*DeviceAuthorizationFlowRequest) Descriptor() ([]byte, []int) {
-	return file_management_proto_rawDescGZIP(), []int{16}
+	return file_management_proto_rawDescGZIP(), []int{17}
 }
 
 // DeviceAuthorizationFlow represents Device Authorization Flow information
@@ -1482,7 +1548,7 @@ type DeviceAuthorizationFlow struct {
 func (x *DeviceAuthorizationFlow) Reset() {
 	*x = DeviceAuthorizationFlow{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_management_proto_msgTypes[17]
+		mi := &file_management_proto_msgTypes[18]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1495,7 +1561,7 @@ func (x *DeviceAuthorizationFlow) String() string {
 func (*DeviceAuthorizationFlow) ProtoMessage() {}
 
 func (x *DeviceAuthorizationFlow) ProtoReflect() protoreflect.Message {
-	mi := &file_management_proto_msgTypes[17]
+	mi := &file_management_proto_msgTypes[18]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1508,7 +1574,7 @@ func (x *DeviceAuthorizationFlow) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use DeviceAuthorizationFlow.ProtoReflect.Descriptor instead.
 func (*DeviceAuthorizationFlow) Descriptor() ([]byte, []int) {
-	return file_management_proto_rawDescGZIP(), []int{17}
+	return file_management_proto_rawDescGZIP(), []int{18}
 }
 
 func (x *DeviceAuthorizationFlow) GetProvider() DeviceAuthorizationFlowProvider {
@@ -1535,7 +1601,7 @@ type PKCEAuthorizationFlowRequest struct {
 func (x *PKCEAuthorizationFlowRequest) Reset() {
 	*x = PKCEAuthorizationFlowRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_management_proto_msgTypes[18]
+		mi := &file_management_proto_msgTypes[19]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1548,7 +1614,7 @@ func (x *PKCEAuthorizationFlowRequest) String() string {
 func (*PKCEAuthorizationFlowRequest) ProtoMessage() {}
 
 func (x *PKCEAuthorizationFlowRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_management_proto_msgTypes[18]
+	mi := &file_management_proto_msgTypes[19]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1561,7 +1627,7 @@ func (x *PKCEAuthorizationFlowRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use PKCEAuthorizationFlowRequest.ProtoReflect.Descriptor instead.
 func (*PKCEAuthorizationFlowRequest) Descriptor() ([]byte, []int) {
-	return file_management_proto_rawDescGZIP(), []int{18}
+	return file_management_proto_rawDescGZIP(), []int{19}
 }
 
 // PKCEAuthorizationFlow represents Authorization Code Flow information
@@ -1578,7 +1644,7 @@ type PKCEAuthorizationFlow struct {
 func (x *PKCEAuthorizationFlow) Reset() {
 	*x = PKCEAuthorizationFlow{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_management_proto_msgTypes[19]
+		mi := &file_management_proto_msgTypes[20]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1591,7 +1657,7 @@ func (x *PKCEAuthorizationFlow) String() string {
 func (*PKCEAuthorizationFlow) ProtoMessage() {}
 
 func (x *PKCEAuthorizationFlow) ProtoReflect() protoreflect.Message {
-	mi := &file_management_proto_msgTypes[19]
+	mi := &file_management_proto_msgTypes[20]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1604,7 +1670,7 @@ func (x *PKCEAuthorizationFlow) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use PKCEAuthorizationFlow.ProtoReflect.Descriptor instead.
 func (*PKCEAuthorizationFlow) Descriptor() ([]byte, []int) {
-	return file_management_proto_rawDescGZIP(), []int{19}
+	return file_management_proto_rawDescGZIP(), []int{20}
 }
 
 func (x *PKCEAuthorizationFlow) GetProviderConfig() *ProviderConfig {
@@ -1646,7 +1712,7 @@ type ProviderConfig struct {
 func (x *ProviderConfig) Reset() {
 	*x = ProviderConfig{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_management_proto_msgTypes[20]
+		mi := &file_management_proto_msgTypes[21]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1659,7 +1725,7 @@ func (x *ProviderConfig) String() string {
 func (*ProviderConfig) ProtoMessage() {}
 
 func (x *ProviderConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_management_proto_msgTypes[20]
+	mi := &file_management_proto_msgTypes[21]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1672,7 +1738,7 @@ func (x *ProviderConfig) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use ProviderConfig.ProtoReflect.Descriptor instead.
 func (*ProviderConfig) Descriptor() ([]byte, []int) {
-	return file_management_proto_rawDescGZIP(), []int{20}
+	return file_management_proto_rawDescGZIP(), []int{21}
 }
 
 func (x *ProviderConfig) GetClientID() string {
@@ -1763,7 +1829,7 @@ type Route struct {
 func (x *Route) Reset() {
 	*x = Route{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_management_proto_msgTypes[21]
+		mi := &file_management_proto_msgTypes[22]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1776,7 +1842,7 @@ func (x *Route) String() string {
 func (*Route) ProtoMessage() {}
 
 func (x *Route) ProtoReflect() protoreflect.Message {
-	mi := &file_management_proto_msgTypes[21]
+	mi := &file_management_proto_msgTypes[22]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1789,7 +1855,7 @@ func (x *Route) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use Route.ProtoReflect.Descriptor instead.
 func (*Route) Descriptor() ([]byte, []int) {
-	return file_management_proto_rawDescGZIP(), []int{21}
+	return file_management_proto_rawDescGZIP(), []int{22}
 }
 
 func (x *Route) GetID() string {
@@ -1855,7 +1921,7 @@ type DNSConfig struct {
 func (x *DNSConfig) Reset() {
 	*x = DNSConfig{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_management_proto_msgTypes[22]
+		mi := &file_management_proto_msgTypes[23]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1868,7 +1934,7 @@ func (x *DNSConfig) String() string {
 func (*DNSConfig) ProtoMessage() {}
 
 func (x *DNSConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_management_proto_msgTypes[22]
+	mi := &file_management_proto_msgTypes[23]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1881,7 +1947,7 @@ func (x *DNSConfig) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use DNSConfig.ProtoReflect.Descriptor instead.
 func (*DNSConfig) Descriptor() ([]byte, []int) {
-	return file_management_proto_rawDescGZIP(), []int{22}
+	return file_management_proto_rawDescGZIP(), []int{23}
 }
 
 func (x *DNSConfig) GetServiceEnable() bool {
@@ -1918,7 +1984,7 @@ type CustomZone struct {
 func (x *CustomZone) Reset() {
 	*x = CustomZone{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_management_proto_msgTypes[23]
+		mi := &file_management_proto_msgTypes[24]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1931,7 +1997,7 @@ func (x *CustomZone) String() string {
 func (*CustomZone) ProtoMessage() {}
 
 func (x *CustomZone) ProtoReflect() protoreflect.Message {
-	mi := &file_management_proto_msgTypes[23]
+	mi := &file_management_proto_msgTypes[24]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1944,7 +2010,7 @@ func (x *CustomZone) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use CustomZone.ProtoReflect.Descriptor instead.
 func (*CustomZone) Descriptor() ([]byte, []int) {
-	return file_management_proto_rawDescGZIP(), []int{23}
+	return file_management_proto_rawDescGZIP(), []int{24}
 }
 
 func (x *CustomZone) GetDomain() string {
@@ -1977,7 +2043,7 @@ type SimpleRecord struct {
 func (x *SimpleRecord) Reset() {
 	*x = SimpleRecord{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_management_proto_msgTypes[24]
+		mi := &file_management_proto_msgTypes[25]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1990,7 +2056,7 @@ func (x *SimpleRecord) String() string {
 func (*SimpleRecord) ProtoMessage() {}
 
 func (x *SimpleRecord) ProtoReflect() protoreflect.Message {
-	mi := &file_management_proto_msgTypes[24]
+	mi := &file_management_proto_msgTypes[25]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -2003,7 +2069,7 @@ func (x *SimpleRecord) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use SimpleRecord.ProtoReflect.Descriptor instead.
 func (*SimpleRecord) Descriptor() ([]byte, []int) {
-	return file_management_proto_rawDescGZIP(), []int{24}
+	return file_management_proto_rawDescGZIP(), []int{25}
 }
 
 func (x *SimpleRecord) GetName() string {
@@ -2056,7 +2122,7 @@ type NameServerGroup struct {
 func (x *NameServerGroup) Reset() {
 	*x = NameServerGroup{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_management_proto_msgTypes[25]
+		mi := &file_management_proto_msgTypes[26]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2069,7 +2135,7 @@ func (x *NameServerGroup) String() string {
 func (*NameServerGroup) ProtoMessage() {}
 
 func (x *NameServerGroup) ProtoReflect() protoreflect.Message {
-	mi := &file_management_proto_msgTypes[25]
+	mi := &file_management_proto_msgTypes[26]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -2082,7 +2148,7 @@ func (x *NameServerGroup) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use NameServerGroup.ProtoReflect.Descriptor instead.
 func (*NameServerGroup) Descriptor() ([]byte, []int) {
-	return file_management_proto_rawDescGZIP(), []int{25}
+	return file_management_proto_rawDescGZIP(), []int{26}
 }
 
 func (x *NameServerGroup) GetNameServers() []*NameServer {
@@ -2127,7 +2193,7 @@ type NameServer struct {
 func (x *NameServer) Reset() {
 	*x = NameServer{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_management_proto_msgTypes[26]
+		mi := &file_management_proto_msgTypes[27]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2140,7 +2206,7 @@ func (x *NameServer) String() string {
 func (*NameServer) ProtoMessage() {}
 
 func (x *NameServer) ProtoReflect() protoreflect.Message {
-	mi := &file_management_proto_msgTypes[26]
+	mi := &file_management_proto_msgTypes[27]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -2153,7 +2219,7 @@ func (x *NameServer) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use NameServer.ProtoReflect.Descriptor instead.
 func (*NameServer) Descriptor() ([]byte, []int) {
-	return file_management_proto_rawDescGZIP(), []int{26}
+	return file_management_proto_rawDescGZIP(), []int{27}
 }
 
 func (x *NameServer) GetIP() string {
@@ -2193,7 +2259,7 @@ type FirewallRule struct {
 func (x *FirewallRule) Reset() {
 	*x = FirewallRule{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_management_proto_msgTypes[27]
+		mi := &file_management_proto_msgTypes[28]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2206,7 +2272,7 @@ func (x *FirewallRule) String() string {
 func (*FirewallRule) ProtoMessage() {}
 
 func (x *FirewallRule) ProtoReflect() protoreflect.Message {
-	mi := &file_management_proto_msgTypes[27]
+	mi := &file_management_proto_msgTypes[28]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -2219,7 +2285,7 @@ func (x *FirewallRule) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use FirewallRule.ProtoReflect.Descriptor instead.
 func (*FirewallRule) Descriptor() ([]byte, []int) {
-	return file_management_proto_rawDescGZIP(), []int{27}
+	return file_management_proto_rawDescGZIP(), []int{28}
 }
 
 func (x *FirewallRule) GetPeerIP() string {
@@ -2269,7 +2335,7 @@ type NetworkAddress struct {
 func (x *NetworkAddress) Reset() {
 	*x = NetworkAddress{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_management_proto_msgTypes[28]
+		mi := &file_management_proto_msgTypes[29]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2282,7 +2348,7 @@ func (x *NetworkAddress) String() string {
 func (*NetworkAddress) ProtoMessage() {}
 
 func (x *NetworkAddress) ProtoReflect() protoreflect.Message {
-	mi := &file_management_proto_msgTypes[28]
+	mi := &file_management_proto_msgTypes[29]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -2295,7 +2361,7 @@ func (x *NetworkAddress) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use NetworkAddress.ProtoReflect.Descriptor instead.
 func (*NetworkAddress) Descriptor() ([]byte, []int) {
-	return file_management_proto_rawDescGZIP(), []int{28}
+	return file_management_proto_rawDescGZIP(), []int{29}
 }
 
 func (x *NetworkAddress) GetNetIP() string {
@@ -2360,291 +2426,299 @@ var file_management_proto_rawDesc = []byte{
 	0x73, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x73, 0x68, 0x50, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x18, 0x01,
 	0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x73, 0x73, 0x68, 0x50, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x12,
 	0x1a, 0x0a, 0x08, 0x77, 0x67, 0x50, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28,
-	0x0c, 0x52, 0x08, 0x77, 0x67, 0x50, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x22, 0xee, 0x03, 0x0a, 0x0e,
-	0x50, 0x65, 0x65, 0x72, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x1a,
-	0x0a, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x67, 0x6f,
-	0x4f, 0x53, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x67, 0x6f, 0x4f, 0x53, 0x12, 0x16,
-	0x0a, 0x06, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06,
-	0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x6f, 0x72, 0x65, 0x18, 0x04,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x63, 0x6f, 0x72, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x6c,
-	0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x6c,
-	0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x12, 0x0e, 0x0a, 0x02, 0x4f, 0x53, 0x18, 0x06, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x02, 0x4f, 0x53, 0x12, 0x2e, 0x0a, 0x12, 0x77, 0x69, 0x72, 0x65, 0x74, 0x72,
-	0x75, 0x73, 0x74, 0x65, 0x65, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x07, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x12, 0x77, 0x69, 0x72, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x65, 0x56,
-	0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x1c, 0x0a, 0x09, 0x75, 0x69, 0x56, 0x65, 0x72, 0x73,
-	0x69, 0x6f, 0x6e, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x75, 0x69, 0x56, 0x65, 0x72,
-	0x73, 0x69, 0x6f, 0x6e, 0x12, 0x24, 0x0a, 0x0d, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x56, 0x65,
-	0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x6b, 0x65, 0x72,
-	0x6e, 0x65, 0x6c, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x1c, 0x0a, 0x09, 0x4f, 0x53,
-	0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x4f,
-	0x53, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x46, 0x0a, 0x10, 0x6e, 0x65, 0x74, 0x77,
-	0x6f, 0x72, 0x6b, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x18, 0x0b, 0x20, 0x03,
-	0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e,
-	0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x52, 0x10,
-	0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73,
-	0x12, 0x28, 0x0a, 0x0f, 0x73, 0x79, 0x73, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x4e, 0x75, 0x6d,
-	0x62, 0x65, 0x72, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x73, 0x79, 0x73, 0x53, 0x65,
-	0x72, 0x69, 0x61, 0x6c, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x26, 0x0a, 0x0e, 0x73, 0x79,
-	0x73, 0x50, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x0d, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x0e, 0x73, 0x79, 0x73, 0x50, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x4e, 0x61,
-	0x6d, 0x65, 0x12, 0x28, 0x0a, 0x0f, 0x73, 0x79, 0x73, 0x4d, 0x61, 0x6e, 0x75, 0x66, 0x61, 0x63,
-	0x74, 0x75, 0x72, 0x65, 0x72, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x73, 0x79, 0x73,
-	0x4d, 0x61, 0x6e, 0x75, 0x66, 0x61, 0x63, 0x74, 0x75, 0x72, 0x65, 0x72, 0x22, 0x94, 0x01, 0x0a,
-	0x0d, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4b,
-	0x0a, 0x11, 0x77, 0x69, 0x72, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x65, 0x43, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x6d, 0x61, 0x6e, 0x61,
-	0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x57, 0x69, 0x72, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74,
-	0x65, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x11, 0x77, 0x69, 0x72, 0x65, 0x74, 0x72,
-	0x75, 0x73, 0x74, 0x65, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x36, 0x0a, 0x0a, 0x70,
-	0x65, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x16, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x50, 0x65, 0x65,
-	0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0a, 0x70, 0x65, 0x65, 0x72, 0x43, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x22, 0x79, 0x0a, 0x11, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4b, 0x65, 0x79,
-	0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x38, 0x0a, 0x09, 0x65, 0x78,
-	0x70, 0x69, 0x72, 0x65, 0x73, 0x41, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e,
-	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
-	0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x65, 0x78, 0x70, 0x69, 0x72,
-	0x65, 0x73, 0x41, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18,
-	0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x07,
-	0x0a, 0x05, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0xa8, 0x01, 0x0a, 0x11, 0x57, 0x69, 0x72, 0x65,
-	0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x2c, 0x0a,
-	0x05, 0x73, 0x74, 0x75, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x6d,
-	0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x48, 0x6f, 0x73, 0x74, 0x43, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x52, 0x05, 0x73, 0x74, 0x75, 0x6e, 0x73, 0x12, 0x35, 0x0a, 0x05, 0x74,
-	0x75, 0x72, 0x6e, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x6d, 0x61, 0x6e,
-	0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x50, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x65,
-	0x64, 0x48, 0x6f, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x05, 0x74, 0x75, 0x72,
-	0x6e, 0x73, 0x12, 0x2e, 0x0a, 0x06, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x18, 0x03, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x16, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e,
-	0x48, 0x6f, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x73, 0x69, 0x67, 0x6e,
-	0x61, 0x6c, 0x22, 0x98, 0x01, 0x0a, 0x0a, 0x48, 0x6f, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x69, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03,
-	0x75, 0x72, 0x69, 0x12, 0x3b, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1f, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65,
-	0x6e, 0x74, 0x2e, 0x48, 0x6f, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x50, 0x72,
-	0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c,
-	0x22, 0x3b, 0x0a, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x07, 0x0a, 0x03,
-	0x55, 0x44, 0x50, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x54, 0x43, 0x50, 0x10, 0x01, 0x12, 0x08,
-	0x0a, 0x04, 0x48, 0x54, 0x54, 0x50, 0x10, 0x02, 0x12, 0x09, 0x0a, 0x05, 0x48, 0x54, 0x54, 0x50,
-	0x53, 0x10, 0x03, 0x12, 0x08, 0x0a, 0x04, 0x44, 0x54, 0x4c, 0x53, 0x10, 0x04, 0x22, 0x7d, 0x0a,
-	0x13, 0x50, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x65, 0x64, 0x48, 0x6f, 0x73, 0x74, 0x43, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x12, 0x36, 0x0a, 0x0a, 0x68, 0x6f, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67,
-	0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x48, 0x6f, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x52, 0x0a, 0x68, 0x6f, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04,
-	0x75, 0x73, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x75, 0x73, 0x65, 0x72,
-	0x12, 0x1a, 0x0a, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x18, 0x03, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x22, 0x81, 0x01, 0x0a,
-	0x0a, 0x50, 0x65, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x18, 0x0a, 0x07, 0x61,
-	0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x61, 0x64,
-	0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x64, 0x6e, 0x73, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x03, 0x64, 0x6e, 0x73, 0x12, 0x33, 0x0a, 0x09, 0x73, 0x73, 0x68, 0x43, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x6d, 0x61, 0x6e,
-	0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x53, 0x53, 0x48, 0x43, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x52, 0x09, 0x73, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04,
-	0x66, 0x71, 0x64, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x71, 0x64, 0x6e,
-	0x22, 0xe2, 0x03, 0x0a, 0x0a, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x4d, 0x61, 0x70, 0x12,
-	0x16, 0x0a, 0x06, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52,
-	0x06, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x36, 0x0a, 0x0a, 0x70, 0x65, 0x65, 0x72, 0x43,
+	0x0c, 0x52, 0x08, 0x77, 0x67, 0x50, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x22, 0x3f, 0x0a, 0x0b, 0x45,
+	0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x63, 0x6c,
+	0x6f, 0x75, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x63, 0x6c, 0x6f, 0x75, 0x64,
+	0x12, 0x1a, 0x0a, 0x08, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x08, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x22, 0xa9, 0x04, 0x0a,
+	0x0e, 0x50, 0x65, 0x65, 0x72, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x4d, 0x65, 0x74, 0x61, 0x12,
+	0x1a, 0x0a, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x67,
+	0x6f, 0x4f, 0x53, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x67, 0x6f, 0x4f, 0x53, 0x12,
+	0x16, 0x0a, 0x06, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x06, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x6f, 0x72, 0x65, 0x18,
+	0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x63, 0x6f, 0x72, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x70,
+	0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70,
+	0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x12, 0x0e, 0x0a, 0x02, 0x4f, 0x53, 0x18, 0x06, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x02, 0x4f, 0x53, 0x12, 0x2e, 0x0a, 0x12, 0x77, 0x69, 0x72, 0x65, 0x74,
+	0x72, 0x75, 0x73, 0x74, 0x65, 0x65, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x07, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x12, 0x77, 0x69, 0x72, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x65,
+	0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x1c, 0x0a, 0x09, 0x75, 0x69, 0x56, 0x65, 0x72,
+	0x73, 0x69, 0x6f, 0x6e, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x75, 0x69, 0x56, 0x65,
+	0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x24, 0x0a, 0x0d, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x56,
+	0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x6b, 0x65,
+	0x72, 0x6e, 0x65, 0x6c, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x1c, 0x0a, 0x09, 0x4f,
+	0x53, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09,
+	0x4f, 0x53, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x46, 0x0a, 0x10, 0x6e, 0x65, 0x74,
+	0x77, 0x6f, 0x72, 0x6b, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x18, 0x0b, 0x20,
+	0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74,
+	0x2e, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x52,
+	0x10, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65,
+	0x73, 0x12, 0x28, 0x0a, 0x0f, 0x73, 0x79, 0x73, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x4e, 0x75,
+	0x6d, 0x62, 0x65, 0x72, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x73, 0x79, 0x73, 0x53,
+	0x65, 0x72, 0x69, 0x61, 0x6c, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x26, 0x0a, 0x0e, 0x73,
+	0x79, 0x73, 0x50, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x0d, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x0e, 0x73, 0x79, 0x73, 0x50, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x4e,
+	0x61, 0x6d, 0x65, 0x12, 0x28, 0x0a, 0x0f, 0x73, 0x79, 0x73, 0x4d, 0x61, 0x6e, 0x75, 0x66, 0x61,
+	0x63, 0x74, 0x75, 0x72, 0x65, 0x72, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x73, 0x79,
+	0x73, 0x4d, 0x61, 0x6e, 0x75, 0x66, 0x61, 0x63, 0x74, 0x75, 0x72, 0x65, 0x72, 0x12, 0x39, 0x0a,
+	0x0b, 0x65, 0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65, 0x6e, 0x74, 0x18, 0x0f, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x17, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e,
+	0x45, 0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65, 0x6e, 0x74, 0x52, 0x0b, 0x65, 0x6e, 0x76,
+	0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65, 0x6e, 0x74, 0x22, 0x94, 0x01, 0x0a, 0x0d, 0x4c, 0x6f, 0x67,
+	0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4b, 0x0a, 0x11, 0x77, 0x69,
+	0x72, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65,
+	0x6e, 0x74, 0x2e, 0x57, 0x69, 0x72, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x65, 0x43, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x52, 0x11, 0x77, 0x69, 0x72, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65,
+	0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x36, 0x0a, 0x0a, 0x70, 0x65, 0x65, 0x72, 0x43,
 	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x6d, 0x61,
 	0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x43, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x52, 0x0a, 0x70, 0x65, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12,
-	0x3e, 0x0a, 0x0b, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72, 0x73, 0x18, 0x03,
-	0x20, 0x03, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e,
-	0x74, 0x2e, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x52, 0x0b, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72, 0x73, 0x12,
-	0x2e, 0x0a, 0x12, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72, 0x73, 0x49, 0x73,
-	0x45, 0x6d, 0x70, 0x74, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x12, 0x72, 0x65, 0x6d,
-	0x6f, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72, 0x73, 0x49, 0x73, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x12,
-	0x29, 0x0a, 0x06, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32,
-	0x11, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x52, 0x6f, 0x75,
-	0x74, 0x65, 0x52, 0x06, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x12, 0x33, 0x0a, 0x09, 0x44, 0x4e,
-	0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e,
-	0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x44, 0x4e, 0x53, 0x43, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x52, 0x09, 0x44, 0x4e, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12,
-	0x40, 0x0a, 0x0c, 0x6f, 0x66, 0x66, 0x6c, 0x69, 0x6e, 0x65, 0x50, 0x65, 0x65, 0x72, 0x73, 0x18,
-	0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65,
-	0x6e, 0x74, 0x2e, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72, 0x43, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x52, 0x0c, 0x6f, 0x66, 0x66, 0x6c, 0x69, 0x6e, 0x65, 0x50, 0x65, 0x65, 0x72,
-	0x73, 0x12, 0x3e, 0x0a, 0x0d, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c,
-	0x65, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67,
-	0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75,
-	0x6c, 0x65, 0x52, 0x0d, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65,
-	0x73, 0x12, 0x32, 0x0a, 0x14, 0x66, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c,
-	0x65, 0x73, 0x49, 0x73, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x18, 0x09, 0x20, 0x01, 0x28, 0x08, 0x52,
+	0x66, 0x69, 0x67, 0x52, 0x0a, 0x70, 0x65, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22,
+	0x79, 0x0a, 0x11, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70,
+	0x6f, 0x6e, 0x73, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x38, 0x0a, 0x09, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65,
+	0x73, 0x41, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65,
+	0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x41, 0x74,
+	0x12, 0x18, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28,
+	0x05, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x07, 0x0a, 0x05, 0x45, 0x6d,
+	0x70, 0x74, 0x79, 0x22, 0xa8, 0x01, 0x0a, 0x11, 0x57, 0x69, 0x72, 0x65, 0x74, 0x72, 0x75, 0x73,
+	0x74, 0x65, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x2c, 0x0a, 0x05, 0x73, 0x74, 0x75,
+	0x6e, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67,
+	0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x48, 0x6f, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x52, 0x05, 0x73, 0x74, 0x75, 0x6e, 0x73, 0x12, 0x35, 0x0a, 0x05, 0x74, 0x75, 0x72, 0x6e, 0x73,
+	0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d,
+	0x65, 0x6e, 0x74, 0x2e, 0x50, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x65, 0x64, 0x48, 0x6f, 0x73,
+	0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x05, 0x74, 0x75, 0x72, 0x6e, 0x73, 0x12, 0x2e,
+	0x0a, 0x06, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16,
+	0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x48, 0x6f, 0x73, 0x74,
+	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x22, 0x98,
+	0x01, 0x0a, 0x0a, 0x48, 0x6f, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x10, 0x0a,
+	0x03, 0x75, 0x72, 0x69, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x69, 0x12,
+	0x3b, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28,
+	0x0e, 0x32, 0x1f, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x48,
+	0x6f, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63,
+	0x6f, 0x6c, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x22, 0x3b, 0x0a, 0x08,
+	0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x07, 0x0a, 0x03, 0x55, 0x44, 0x50, 0x10,
+	0x00, 0x12, 0x07, 0x0a, 0x03, 0x54, 0x43, 0x50, 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x48, 0x54,
+	0x54, 0x50, 0x10, 0x02, 0x12, 0x09, 0x0a, 0x05, 0x48, 0x54, 0x54, 0x50, 0x53, 0x10, 0x03, 0x12,
+	0x08, 0x0a, 0x04, 0x44, 0x54, 0x4c, 0x53, 0x10, 0x04, 0x22, 0x7d, 0x0a, 0x13, 0x50, 0x72, 0x6f,
+	0x74, 0x65, 0x63, 0x74, 0x65, 0x64, 0x48, 0x6f, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x12, 0x36, 0x0a, 0x0a, 0x68, 0x6f, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e,
+	0x74, 0x2e, 0x48, 0x6f, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0a, 0x68, 0x6f,
+	0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x75, 0x73, 0x65, 0x72,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x75, 0x73, 0x65, 0x72, 0x12, 0x1a, 0x0a, 0x08,
+	0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08,
+	0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x22, 0x81, 0x01, 0x0a, 0x0a, 0x50, 0x65, 0x65,
+	0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65,
+	0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73,
+	0x73, 0x12, 0x10, 0x0a, 0x03, 0x64, 0x6e, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03,
+	0x64, 0x6e, 0x73, 0x12, 0x33, 0x0a, 0x09, 0x73, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d,
+	0x65, 0x6e, 0x74, 0x2e, 0x53, 0x53, 0x48, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x09, 0x73,
+	0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x71, 0x64, 0x6e,
+	0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x71, 0x64, 0x6e, 0x22, 0xe2, 0x03, 0x0a,
+	0x0a, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x4d, 0x61, 0x70, 0x12, 0x16, 0x0a, 0x06, 0x53,
+	0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x06, 0x53, 0x65, 0x72,
+	0x69, 0x61, 0x6c, 0x12, 0x36, 0x0a, 0x0a, 0x70, 0x65, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65,
+	0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52,
+	0x0a, 0x70, 0x65, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x3e, 0x0a, 0x0b, 0x72,
+	0x65, 0x6d, 0x6f, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b,
+	0x32, 0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x52, 0x65,
+	0x6d, 0x6f, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0b,
+	0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72, 0x73, 0x12, 0x2e, 0x0a, 0x12, 0x72,
+	0x65, 0x6d, 0x6f, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72, 0x73, 0x49, 0x73, 0x45, 0x6d, 0x70, 0x74,
+	0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x12, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x50,
+	0x65, 0x65, 0x72, 0x73, 0x49, 0x73, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x12, 0x29, 0x0a, 0x06, 0x52,
+	0x6f, 0x75, 0x74, 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x6d, 0x61,
+	0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x06,
+	0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x12, 0x33, 0x0a, 0x09, 0x44, 0x4e, 0x53, 0x43, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x6d, 0x61, 0x6e, 0x61,
+	0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x44, 0x4e, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x52, 0x09, 0x44, 0x4e, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x40, 0x0a, 0x0c, 0x6f,
+	0x66, 0x66, 0x6c, 0x69, 0x6e, 0x65, 0x50, 0x65, 0x65, 0x72, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28,
+	0x0b, 0x32, 0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x52,
+	0x65, 0x6d, 0x6f, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52,
+	0x0c, 0x6f, 0x66, 0x66, 0x6c, 0x69, 0x6e, 0x65, 0x50, 0x65, 0x65, 0x72, 0x73, 0x12, 0x3e, 0x0a,
+	0x0d, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x08,
+	0x20, 0x03, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e,
+	0x74, 0x2e, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x52, 0x0d,
+	0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x73, 0x12, 0x32, 0x0a,
 	0x14, 0x66, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x73, 0x49, 0x73,
-	0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x97, 0x01, 0x0a, 0x10, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65,
-	0x50, 0x65, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1a, 0x0a, 0x08, 0x77, 0x67,
-	0x50, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x77, 0x67,
-	0x50, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x12, 0x1e, 0x0a, 0x0a, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65,
-	0x64, 0x49, 0x70, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x61, 0x6c, 0x6c, 0x6f,
-	0x77, 0x65, 0x64, 0x49, 0x70, 0x73, 0x12, 0x33, 0x0a, 0x09, 0x73, 0x73, 0x68, 0x43, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x6d, 0x61, 0x6e, 0x61,
-	0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x53, 0x53, 0x48, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x52, 0x09, 0x73, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x66,
-	0x71, 0x64, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x71, 0x64, 0x6e, 0x22,
-	0x49, 0x0a, 0x09, 0x53, 0x53, 0x48, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1e, 0x0a, 0x0a,
-	0x73, 0x73, 0x68, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08,
-	0x52, 0x0a, 0x73, 0x73, 0x68, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x1c, 0x0a, 0x09,
-	0x73, 0x73, 0x68, 0x50, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52,
-	0x09, 0x73, 0x73, 0x68, 0x50, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x22, 0x20, 0x0a, 0x1e, 0x44, 0x65,
-	0x76, 0x69, 0x63, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x46, 0x6c, 0x6f, 0x77, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0xbf, 0x01, 0x0a,
-	0x17, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x46, 0x6c, 0x6f, 0x77, 0x12, 0x48, 0x0a, 0x08, 0x50, 0x72, 0x6f, 0x76,
-	0x69, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2c, 0x2e, 0x6d, 0x61, 0x6e,
-	0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x41, 0x75,
-	0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x46, 0x6c, 0x6f, 0x77, 0x2e,
-	0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x08, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64,
-	0x65, 0x72, 0x12, 0x42, 0x0a, 0x0e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x43, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x6d, 0x61, 0x6e,
-	0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72,
-	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72,
-	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22, 0x16, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64,
-	0x65, 0x72, 0x12, 0x0a, 0x0a, 0x06, 0x48, 0x4f, 0x53, 0x54, 0x45, 0x44, 0x10, 0x00, 0x22, 0x1e,
-	0x0a, 0x1c, 0x50, 0x4b, 0x43, 0x45, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x46, 0x6c, 0x6f, 0x77, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x5b,
-	0x0a, 0x15, 0x50, 0x4b, 0x43, 0x45, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x46, 0x6c, 0x6f, 0x77, 0x12, 0x42, 0x0a, 0x0e, 0x50, 0x72, 0x6f, 0x76, 0x69,
-	0x64, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x1a, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x50, 0x72, 0x6f,
-	0x76, 0x69, 0x64, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0e, 0x50, 0x72, 0x6f,
-	0x76, 0x69, 0x64, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22, 0xea, 0x02, 0x0a, 0x0e,
-	0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1a,
-	0x0a, 0x08, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x08, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x49, 0x44, 0x12, 0x22, 0x0a, 0x0c, 0x43, 0x6c,
-	0x69, 0x65, 0x6e, 0x74, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x0c, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x12, 0x16,
-	0x0a, 0x06, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06,
-	0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x1a, 0x0a, 0x08, 0x41, 0x75, 0x64, 0x69, 0x65, 0x6e,
-	0x63, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x41, 0x75, 0x64, 0x69, 0x65, 0x6e,
-	0x63, 0x65, 0x12, 0x2e, 0x0a, 0x12, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x41, 0x75, 0x74, 0x68,
-	0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12,
-	0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x41, 0x75, 0x74, 0x68, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69,
-	0x6e, 0x74, 0x12, 0x24, 0x0a, 0x0d, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x45, 0x6e, 0x64, 0x70, 0x6f,
-	0x69, 0x6e, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x54, 0x6f, 0x6b, 0x65, 0x6e,
-	0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x53, 0x63, 0x6f, 0x70,
-	0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x53, 0x63, 0x6f, 0x70, 0x65, 0x12, 0x1e,
-	0x0a, 0x0a, 0x55, 0x73, 0x65, 0x49, 0x44, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x08, 0x20, 0x01,
-	0x28, 0x08, 0x52, 0x0a, 0x55, 0x73, 0x65, 0x49, 0x44, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x34,
-	0x0a, 0x15, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x45,
-	0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x15, 0x41,
-	0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x6e, 0x64, 0x70,
-	0x6f, 0x69, 0x6e, 0x74, 0x12, 0x22, 0x0a, 0x0c, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74,
-	0x55, 0x52, 0x4c, 0x73, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x52, 0x65, 0x64, 0x69,
-	0x72, 0x65, 0x63, 0x74, 0x55, 0x52, 0x4c, 0x73, 0x22, 0xb5, 0x01, 0x0a, 0x05, 0x52, 0x6f, 0x75,
-	0x74, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02,
-	0x49, 0x44, 0x12, 0x18, 0x0a, 0x07, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x07, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x12, 0x20, 0x0a, 0x0b,
-	0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x54, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28,
-	0x03, 0x52, 0x0b, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x54, 0x79, 0x70, 0x65, 0x12, 0x12,
-	0x0a, 0x04, 0x50, 0x65, 0x65, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x50, 0x65,
-	0x65, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x18, 0x05, 0x20, 0x01,
-	0x28, 0x03, 0x52, 0x06, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x12, 0x1e, 0x0a, 0x0a, 0x4d, 0x61,
-	0x73, 0x71, 0x75, 0x65, 0x72, 0x61, 0x64, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a,
-	0x4d, 0x61, 0x73, 0x71, 0x75, 0x65, 0x72, 0x61, 0x64, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x4e, 0x65,
-	0x74, 0x49, 0x44, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x4e, 0x65, 0x74, 0x49, 0x44,
-	0x22, 0xb4, 0x01, 0x0a, 0x09, 0x44, 0x4e, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x24,
-	0x0a, 0x0d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x45, 0x6e,
-	0x61, 0x62, 0x6c, 0x65, 0x12, 0x47, 0x0a, 0x10, 0x4e, 0x61, 0x6d, 0x65, 0x53, 0x65, 0x72, 0x76,
-	0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1b,
-	0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x4e, 0x61, 0x6d, 0x65,
-	0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x52, 0x10, 0x4e, 0x61, 0x6d,
-	0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x12, 0x38, 0x0a,
-	0x0b, 0x43, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x5a, 0x6f, 0x6e, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03,
-	0x28, 0x0b, 0x32, 0x16, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e,
-	0x43, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x5a, 0x6f, 0x6e, 0x65, 0x52, 0x0b, 0x43, 0x75, 0x73, 0x74,
-	0x6f, 0x6d, 0x5a, 0x6f, 0x6e, 0x65, 0x73, 0x22, 0x58, 0x0a, 0x0a, 0x43, 0x75, 0x73, 0x74, 0x6f,
-	0x6d, 0x5a, 0x6f, 0x6e, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x32, 0x0a,
-	0x07, 0x52, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x18,
-	0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x53, 0x69, 0x6d, 0x70,
-	0x6c, 0x65, 0x52, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x52, 0x07, 0x52, 0x65, 0x63, 0x6f, 0x72, 0x64,
-	0x73, 0x22, 0x74, 0x0a, 0x0c, 0x53, 0x69, 0x6d, 0x70, 0x6c, 0x65, 0x52, 0x65, 0x63, 0x6f, 0x72,
-	0x64, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x03, 0x52, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x43, 0x6c, 0x61,
-	0x73, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x12,
-	0x10, 0x0a, 0x03, 0x54, 0x54, 0x4c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x03, 0x52, 0x03, 0x54, 0x54,
-	0x4c, 0x12, 0x14, 0x0a, 0x05, 0x52, 0x44, 0x61, 0x74, 0x61, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x05, 0x52, 0x44, 0x61, 0x74, 0x61, 0x22, 0xb3, 0x01, 0x0a, 0x0f, 0x4e, 0x61, 0x6d, 0x65,
-	0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x38, 0x0a, 0x0b, 0x4e,
-	0x61, 0x6d, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b,
-	0x32, 0x16, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x4e, 0x61,
-	0x6d, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x0b, 0x4e, 0x61, 0x6d, 0x65, 0x53, 0x65,
-	0x72, 0x76, 0x65, 0x72, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x50, 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x50, 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x12,
-	0x18, 0x0a, 0x07, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09,
-	0x52, 0x07, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73, 0x12, 0x32, 0x0a, 0x14, 0x53, 0x65, 0x61,
-	0x72, 0x63, 0x68, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65,
-	0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x14, 0x53, 0x65, 0x61, 0x72, 0x63, 0x68, 0x44,
-	0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x22, 0x48, 0x0a,
-	0x0a, 0x4e, 0x61, 0x6d, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x0e, 0x0a, 0x02, 0x49,
-	0x50, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x50, 0x12, 0x16, 0x0a, 0x06, 0x4e,
-	0x53, 0x54, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x06, 0x4e, 0x53, 0x54,
-	0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28,
-	0x03, 0x52, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x22, 0xf0, 0x02, 0x0a, 0x0c, 0x46, 0x69, 0x72, 0x65,
-	0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x50, 0x65, 0x65, 0x72,
-	0x49, 0x50, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x50, 0x65, 0x65, 0x72, 0x49, 0x50,
-	0x12, 0x40, 0x0a, 0x09, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x0e, 0x32, 0x22, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74,
-	0x2e, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x2e, 0x64, 0x69,
-	0x72, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x69,
-	0x6f, 0x6e, 0x12, 0x37, 0x0a, 0x06, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01,
-	0x28, 0x0e, 0x32, 0x1f, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e,
-	0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x2e, 0x61, 0x63, 0x74,
-	0x69, 0x6f, 0x6e, 0x52, 0x06, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x3d, 0x0a, 0x08, 0x50,
-	0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x21, 0x2e,
-	0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x46, 0x69, 0x72, 0x65, 0x77,
-	0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c,
-	0x52, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x6f,
-	0x72, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x22, 0x1c,
-	0x0a, 0x09, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x06, 0x0a, 0x02, 0x49,
-	0x4e, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x4f, 0x55, 0x54, 0x10, 0x01, 0x22, 0x1e, 0x0a, 0x06,
-	0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x0a, 0x0a, 0x06, 0x41, 0x43, 0x43, 0x45, 0x50, 0x54,
-	0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x44, 0x52, 0x4f, 0x50, 0x10, 0x01, 0x22, 0x3c, 0x0a, 0x08,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e,
-	0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x41, 0x4c, 0x4c, 0x10, 0x01, 0x12, 0x07,
-	0x0a, 0x03, 0x54, 0x43, 0x50, 0x10, 0x02, 0x12, 0x07, 0x0a, 0x03, 0x55, 0x44, 0x50, 0x10, 0x03,
-	0x12, 0x08, 0x0a, 0x04, 0x49, 0x43, 0x4d, 0x50, 0x10, 0x04, 0x22, 0x38, 0x0a, 0x0e, 0x4e, 0x65,
-	0x74, 0x77, 0x6f, 0x72, 0x6b, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x14, 0x0a, 0x05,
-	0x6e, 0x65, 0x74, 0x49, 0x50, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x6e, 0x65, 0x74,
-	0x49, 0x50, 0x12, 0x10, 0x0a, 0x03, 0x6d, 0x61, 0x63, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x03, 0x6d, 0x61, 0x63, 0x32, 0xd1, 0x03, 0x0a, 0x11, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d,
-	0x65, 0x6e, 0x74, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x45, 0x0a, 0x05, 0x4c, 0x6f,
-	0x67, 0x69, 0x6e, 0x12, 0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74,
+	0x45, 0x6d, 0x70, 0x74, 0x79, 0x18, 0x09, 0x20, 0x01, 0x28, 0x08, 0x52, 0x14, 0x66, 0x69, 0x72,
+	0x65, 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x73, 0x49, 0x73, 0x45, 0x6d, 0x70, 0x74,
+	0x79, 0x22, 0x97, 0x01, 0x0a, 0x10, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72,
+	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1a, 0x0a, 0x08, 0x77, 0x67, 0x50, 0x75, 0x62, 0x4b,
+	0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x77, 0x67, 0x50, 0x75, 0x62, 0x4b,
+	0x65, 0x79, 0x12, 0x1e, 0x0a, 0x0a, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x49, 0x70, 0x73,
+	0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x49,
+	0x70, 0x73, 0x12, 0x33, 0x0a, 0x09, 0x73, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18,
+	0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65,
+	0x6e, 0x74, 0x2e, 0x53, 0x53, 0x48, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x09, 0x73, 0x73,
+	0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x71, 0x64, 0x6e, 0x18,
+	0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x71, 0x64, 0x6e, 0x22, 0x49, 0x0a, 0x09, 0x53,
+	0x53, 0x48, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1e, 0x0a, 0x0a, 0x73, 0x73, 0x68, 0x45,
+	0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x73, 0x73,
+	0x68, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x73, 0x68, 0x50,
+	0x75, 0x62, 0x4b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x73, 0x73, 0x68,
+	0x50, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x22, 0x20, 0x0a, 0x1e, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65,
+	0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x46, 0x6c, 0x6f,
+	0x77, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0xbf, 0x01, 0x0a, 0x17, 0x44, 0x65, 0x76,
+	0x69, 0x63, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x46, 0x6c, 0x6f, 0x77, 0x12, 0x48, 0x0a, 0x08, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2c, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d,
+	0x65, 0x6e, 0x74, 0x2e, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72,
+	0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x46, 0x6c, 0x6f, 0x77, 0x2e, 0x70, 0x72, 0x6f, 0x76,
+	0x69, 0x64, 0x65, 0x72, 0x52, 0x08, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x42,
+	0x0a, 0x0e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d,
+	0x65, 0x6e, 0x74, 0x2e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x52, 0x0e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x22, 0x16, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x0a,
+	0x0a, 0x06, 0x48, 0x4f, 0x53, 0x54, 0x45, 0x44, 0x10, 0x00, 0x22, 0x1e, 0x0a, 0x1c, 0x50, 0x4b,
+	0x43, 0x45, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x46,
+	0x6c, 0x6f, 0x77, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x5b, 0x0a, 0x15, 0x50, 0x4b,
+	0x43, 0x45, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x46,
+	0x6c, 0x6f, 0x77, 0x12, 0x42, 0x0a, 0x0e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x43,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x6d, 0x61,
+	0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65,
+	0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65,
+	0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22, 0xea, 0x02, 0x0a, 0x0e, 0x50, 0x72, 0x6f, 0x76,
+	0x69, 0x64, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1a, 0x0a, 0x08, 0x43, 0x6c,
+	0x69, 0x65, 0x6e, 0x74, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x43, 0x6c,
+	0x69, 0x65, 0x6e, 0x74, 0x49, 0x44, 0x12, 0x22, 0x0a, 0x0c, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74,
+	0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x43, 0x6c,
+	0x69, 0x65, 0x6e, 0x74, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x44, 0x6f,
+	0x6d, 0x61, 0x69, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x44, 0x6f, 0x6d, 0x61,
+	0x69, 0x6e, 0x12, 0x1a, 0x0a, 0x08, 0x41, 0x75, 0x64, 0x69, 0x65, 0x6e, 0x63, 0x65, 0x18, 0x04,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x41, 0x75, 0x64, 0x69, 0x65, 0x6e, 0x63, 0x65, 0x12, 0x2e,
+	0x0a, 0x12, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x41, 0x75, 0x74, 0x68, 0x45, 0x6e, 0x64, 0x70,
+	0x6f, 0x69, 0x6e, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x44, 0x65, 0x76, 0x69,
+	0x63, 0x65, 0x41, 0x75, 0x74, 0x68, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x24,
+	0x0a, 0x0d, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18,
+	0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x45, 0x6e, 0x64, 0x70,
+	0x6f, 0x69, 0x6e, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x53, 0x63, 0x6f, 0x70, 0x65, 0x18, 0x07, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x05, 0x53, 0x63, 0x6f, 0x70, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x55, 0x73,
+	0x65, 0x49, 0x44, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x08, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a,
+	0x55, 0x73, 0x65, 0x49, 0x44, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x34, 0x0a, 0x15, 0x41, 0x75,
+	0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x6e, 0x64, 0x70, 0x6f,
+	0x69, 0x6e, 0x74, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x15, 0x41, 0x75, 0x74, 0x68, 0x6f,
+	0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74,
+	0x12, 0x22, 0x0a, 0x0c, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x55, 0x52, 0x4c, 0x73,
+	0x18, 0x0a, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74,
+	0x55, 0x52, 0x4c, 0x73, 0x22, 0xb5, 0x01, 0x0a, 0x05, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x0e,
+	0x0a, 0x02, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x44, 0x12, 0x18,
+	0x0a, 0x07, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x07, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x12, 0x20, 0x0a, 0x0b, 0x4e, 0x65, 0x74, 0x77,
+	0x6f, 0x72, 0x6b, 0x54, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0b, 0x4e,
+	0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x54, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x65,
+	0x65, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x50, 0x65, 0x65, 0x72, 0x12, 0x16,
+	0x0a, 0x06, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x18, 0x05, 0x20, 0x01, 0x28, 0x03, 0x52, 0x06,
+	0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x12, 0x1e, 0x0a, 0x0a, 0x4d, 0x61, 0x73, 0x71, 0x75, 0x65,
+	0x72, 0x61, 0x64, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x4d, 0x61, 0x73, 0x71,
+	0x75, 0x65, 0x72, 0x61, 0x64, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x4e, 0x65, 0x74, 0x49, 0x44, 0x18,
+	0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x4e, 0x65, 0x74, 0x49, 0x44, 0x22, 0xb4, 0x01, 0x0a,
+	0x09, 0x44, 0x4e, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x24, 0x0a, 0x0d, 0x53, 0x65,
+	0x72, 0x76, 0x69, 0x63, 0x65, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x08, 0x52, 0x0d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65,
+	0x12, 0x47, 0x0a, 0x10, 0x4e, 0x61, 0x6d, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x47, 0x72,
+	0x6f, 0x75, 0x70, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x6d, 0x61, 0x6e,
+	0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x53, 0x65, 0x72, 0x76,
+	0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x52, 0x10, 0x4e, 0x61, 0x6d, 0x65, 0x53, 0x65, 0x72,
+	0x76, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x12, 0x38, 0x0a, 0x0b, 0x43, 0x75, 0x73,
+	0x74, 0x6f, 0x6d, 0x5a, 0x6f, 0x6e, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x16,
+	0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x43, 0x75, 0x73, 0x74,
+	0x6f, 0x6d, 0x5a, 0x6f, 0x6e, 0x65, 0x52, 0x0b, 0x43, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x5a, 0x6f,
+	0x6e, 0x65, 0x73, 0x22, 0x58, 0x0a, 0x0a, 0x43, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x5a, 0x6f, 0x6e,
+	0x65, 0x12, 0x16, 0x0a, 0x06, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x06, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x32, 0x0a, 0x07, 0x52, 0x65, 0x63,
+	0x6f, 0x72, 0x64, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x6d, 0x61, 0x6e,
+	0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x53, 0x69, 0x6d, 0x70, 0x6c, 0x65, 0x52, 0x65,
+	0x63, 0x6f, 0x72, 0x64, 0x52, 0x07, 0x52, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x73, 0x22, 0x74, 0x0a,
+	0x0c, 0x53, 0x69, 0x6d, 0x70, 0x6c, 0x65, 0x52, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x12, 0x12, 0x0a,
+	0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d,
+	0x65, 0x12, 0x12, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52,
+	0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x18, 0x03,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x54,
+	0x54, 0x4c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x03, 0x52, 0x03, 0x54, 0x54, 0x4c, 0x12, 0x14, 0x0a,
+	0x05, 0x52, 0x44, 0x61, 0x74, 0x61, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x52, 0x44,
+	0x61, 0x74, 0x61, 0x22, 0xb3, 0x01, 0x0a, 0x0f, 0x4e, 0x61, 0x6d, 0x65, 0x53, 0x65, 0x72, 0x76,
+	0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x38, 0x0a, 0x0b, 0x4e, 0x61, 0x6d, 0x65, 0x53,
+	0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x6d,
+	0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x53, 0x65,
+	0x72, 0x76, 0x65, 0x72, 0x52, 0x0b, 0x4e, 0x61, 0x6d, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72,
+	0x73, 0x12, 0x18, 0x0a, 0x07, 0x50, 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x08, 0x52, 0x07, 0x50, 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x44,
+	0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x44, 0x6f,
+	0x6d, 0x61, 0x69, 0x6e, 0x73, 0x12, 0x32, 0x0a, 0x14, 0x53, 0x65, 0x61, 0x72, 0x63, 0x68, 0x44,
+	0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x04, 0x20,
+	0x01, 0x28, 0x08, 0x52, 0x14, 0x53, 0x65, 0x61, 0x72, 0x63, 0x68, 0x44, 0x6f, 0x6d, 0x61, 0x69,
+	0x6e, 0x73, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x22, 0x48, 0x0a, 0x0a, 0x4e, 0x61, 0x6d,
+	0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x50, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x50, 0x12, 0x16, 0x0a, 0x06, 0x4e, 0x53, 0x54, 0x79, 0x70,
+	0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x06, 0x4e, 0x53, 0x54, 0x79, 0x70, 0x65, 0x12,
+	0x12, 0x0a, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x04, 0x50,
+	0x6f, 0x72, 0x74, 0x22, 0xf0, 0x02, 0x0a, 0x0c, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c,
+	0x52, 0x75, 0x6c, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x50, 0x65, 0x65, 0x72, 0x49, 0x50, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x50, 0x65, 0x65, 0x72, 0x49, 0x50, 0x12, 0x40, 0x0a, 0x09,
+	0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32,
+	0x22, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x46, 0x69, 0x72,
+	0x65, 0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x2e, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74,
+	0x69, 0x6f, 0x6e, 0x52, 0x09, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x37,
+	0x0a, 0x06, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1f,
+	0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x46, 0x69, 0x72, 0x65,
+	0x77, 0x61, 0x6c, 0x6c, 0x52, 0x75, 0x6c, 0x65, 0x2e, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52,
+	0x06, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x3d, 0x0a, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f,
+	0x63, 0x6f, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x21, 0x2e, 0x6d, 0x61, 0x6e, 0x61,
+	0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x52,
+	0x75, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x52, 0x08, 0x50, 0x72,
+	0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x05,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x22, 0x1c, 0x0a, 0x09, 0x64, 0x69,
+	0x72, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x06, 0x0a, 0x02, 0x49, 0x4e, 0x10, 0x00, 0x12,
+	0x07, 0x0a, 0x03, 0x4f, 0x55, 0x54, 0x10, 0x01, 0x22, 0x1e, 0x0a, 0x06, 0x61, 0x63, 0x74, 0x69,
+	0x6f, 0x6e, 0x12, 0x0a, 0x0a, 0x06, 0x41, 0x43, 0x43, 0x45, 0x50, 0x54, 0x10, 0x00, 0x12, 0x08,
+	0x0a, 0x04, 0x44, 0x52, 0x4f, 0x50, 0x10, 0x01, 0x22, 0x3c, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10,
+	0x00, 0x12, 0x07, 0x0a, 0x03, 0x41, 0x4c, 0x4c, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x54, 0x43,
+	0x50, 0x10, 0x02, 0x12, 0x07, 0x0a, 0x03, 0x55, 0x44, 0x50, 0x10, 0x03, 0x12, 0x08, 0x0a, 0x04,
+	0x49, 0x43, 0x4d, 0x50, 0x10, 0x04, 0x22, 0x38, 0x0a, 0x0e, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72,
+	0x6b, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x6e, 0x65, 0x74, 0x49,
+	0x50, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x6e, 0x65, 0x74, 0x49, 0x50, 0x12, 0x10,
+	0x0a, 0x03, 0x6d, 0x61, 0x63, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6d, 0x61, 0x63,
+	0x32, 0xd1, 0x03, 0x0a, 0x11, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x53,
+	0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x45, 0x0a, 0x05, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x12,
+	0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6e, 0x63,
+	0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x1a, 0x1c, 0x2e,
+	0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79,
+	0x70, 0x74, 0x65, 0x64, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x22, 0x00, 0x12, 0x46, 0x0a,
+	0x04, 0x53, 0x79, 0x6e, 0x63, 0x12, 0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65,
+	0x6e, 0x74, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x4d, 0x65, 0x73, 0x73,
+	0x61, 0x67, 0x65, 0x1a, 0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74,
 	0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67,
-	0x65, 0x1a, 0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45,
-	0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x22,
-	0x00, 0x12, 0x46, 0x0a, 0x04, 0x53, 0x79, 0x6e, 0x63, 0x12, 0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61,
-	0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64,
-	0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x1a, 0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65,
-	0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x4d, 0x65,
-	0x73, 0x73, 0x61, 0x67, 0x65, 0x22, 0x00, 0x30, 0x01, 0x12, 0x42, 0x0a, 0x0c, 0x47, 0x65, 0x74,
-	0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4b, 0x65, 0x79, 0x12, 0x11, 0x2e, 0x6d, 0x61, 0x6e, 0x61,
-	0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x1d, 0x2e, 0x6d,
-	0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72,
-	0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x33, 0x0a,
-	0x09, 0x69, 0x73, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x79, 0x12, 0x11, 0x2e, 0x6d, 0x61, 0x6e,
-	0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x11, 0x2e,
-	0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79,
-	0x22, 0x00, 0x12, 0x5a, 0x0a, 0x1a, 0x47, 0x65, 0x74, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x41,
-	0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x46, 0x6c, 0x6f, 0x77,
-	0x12, 0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6e,
-	0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x1a, 0x1c,
-	0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6e, 0x63, 0x72,
-	0x79, 0x70, 0x74, 0x65, 0x64, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x22, 0x00, 0x12, 0x58,
-	0x0a, 0x18, 0x47, 0x65, 0x74, 0x50, 0x4b, 0x43, 0x45, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69,
-	0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x46, 0x6c, 0x6f, 0x77, 0x12, 0x1c, 0x2e, 0x6d, 0x61, 0x6e,
+	0x65, 0x22, 0x00, 0x30, 0x01, 0x12, 0x42, 0x0a, 0x0c, 0x47, 0x65, 0x74, 0x53, 0x65, 0x72, 0x76,
+	0x65, 0x72, 0x4b, 0x65, 0x79, 0x12, 0x11, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65,
+	0x6e, 0x74, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x1d, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67,
+	0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4b, 0x65, 0x79, 0x52,
+	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x33, 0x0a, 0x09, 0x69, 0x73, 0x48,
+	0x65, 0x61, 0x6c, 0x74, 0x68, 0x79, 0x12, 0x11, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d,
+	0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x11, 0x2e, 0x6d, 0x61, 0x6e, 0x61,
+	0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x5a,
+	0x0a, 0x1a, 0x47, 0x65, 0x74, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f,
+	0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x46, 0x6c, 0x6f, 0x77, 0x12, 0x1c, 0x2e, 0x6d,
+	0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70,
+	0x74, 0x65, 0x64, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x1a, 0x1c, 0x2e, 0x6d, 0x61, 0x6e,
 	0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65,
-	0x64, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x1a, 0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67,
-	0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x4d,
-	0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x22, 0x00, 0x42, 0x08, 0x5a, 0x06, 0x2f, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x64, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x22, 0x00, 0x12, 0x58, 0x0a, 0x18, 0x47, 0x65,
+	0x74, 0x50, 0x4b, 0x43, 0x45, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x46, 0x6c, 0x6f, 0x77, 0x12, 0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d,
+	0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x4d, 0x65, 0x73,
+	0x73, 0x61, 0x67, 0x65, 0x1a, 0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e,
+	0x74, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x4d, 0x65, 0x73, 0x73, 0x61,
+	0x67, 0x65, 0x22, 0x00, 0x42, 0x08, 0x5a, 0x06, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
@@ -2660,7 +2734,7 @@ func file_management_proto_rawDescGZIP() []byte {
 }
 
 var file_management_proto_enumTypes = make([]protoimpl.EnumInfo, 5)
-var file_management_proto_msgTypes = make([]protoimpl.MessageInfo, 29)
+var file_management_proto_msgTypes = make([]protoimpl.MessageInfo, 30)
 var file_management_proto_goTypes = []interface{}{
 	(HostConfig_Protocol)(0),               // 0: management.HostConfig.Protocol
 	(DeviceAuthorizationFlowProvider)(0),   // 1: management.DeviceAuthorizationFlow.provider
@@ -2672,83 +2746,85 @@ var file_management_proto_goTypes = []interface{}{
 	(*SyncResponse)(nil),                   // 7: management.SyncResponse
 	(*LoginRequest)(nil),                   // 8: management.LoginRequest
 	(*PeerKeys)(nil),                       // 9: management.PeerKeys
-	(*PeerSystemMeta)(nil),                 // 10: management.PeerSystemMeta
-	(*LoginResponse)(nil),                  // 11: management.LoginResponse
-	(*ServerKeyResponse)(nil),              // 12: management.ServerKeyResponse
-	(*Empty)(nil),                          // 13: management.Empty
-	(*WiretrusteeConfig)(nil),              // 14: management.WiretrusteeConfig
-	(*HostConfig)(nil),                     // 15: management.HostConfig
-	(*ProtectedHostConfig)(nil),            // 16: management.ProtectedHostConfig
-	(*PeerConfig)(nil),                     // 17: management.PeerConfig
-	(*NetworkMap)(nil),                     // 18: management.NetworkMap
-	(*RemotePeerConfig)(nil),               // 19: management.RemotePeerConfig
-	(*SSHConfig)(nil),                      // 20: management.SSHConfig
-	(*DeviceAuthorizationFlowRequest)(nil), // 21: management.DeviceAuthorizationFlowRequest
-	(*DeviceAuthorizationFlow)(nil),        // 22: management.DeviceAuthorizationFlow
-	(*PKCEAuthorizationFlowRequest)(nil),   // 23: management.PKCEAuthorizationFlowRequest
-	(*PKCEAuthorizationFlow)(nil),          // 24: management.PKCEAuthorizationFlow
-	(*ProviderConfig)(nil),                 // 25: management.ProviderConfig
-	(*Route)(nil),                          // 26: management.Route
-	(*DNSConfig)(nil),                      // 27: management.DNSConfig
-	(*CustomZone)(nil),                     // 28: management.CustomZone
-	(*SimpleRecord)(nil),                   // 29: management.SimpleRecord
-	(*NameServerGroup)(nil),                // 30: management.NameServerGroup
-	(*NameServer)(nil),                     // 31: management.NameServer
-	(*FirewallRule)(nil),                   // 32: management.FirewallRule
-	(*NetworkAddress)(nil),                 // 33: management.NetworkAddress
-	(*timestamppb.Timestamp)(nil),          // 34: google.protobuf.Timestamp
+	(*Environment)(nil),                    // 10: management.Environment
+	(*PeerSystemMeta)(nil),                 // 11: management.PeerSystemMeta
+	(*LoginResponse)(nil),                  // 12: management.LoginResponse
+	(*ServerKeyResponse)(nil),              // 13: management.ServerKeyResponse
+	(*Empty)(nil),                          // 14: management.Empty
+	(*WiretrusteeConfig)(nil),              // 15: management.WiretrusteeConfig
+	(*HostConfig)(nil),                     // 16: management.HostConfig
+	(*ProtectedHostConfig)(nil),            // 17: management.ProtectedHostConfig
+	(*PeerConfig)(nil),                     // 18: management.PeerConfig
+	(*NetworkMap)(nil),                     // 19: management.NetworkMap
+	(*RemotePeerConfig)(nil),               // 20: management.RemotePeerConfig
+	(*SSHConfig)(nil),                      // 21: management.SSHConfig
+	(*DeviceAuthorizationFlowRequest)(nil), // 22: management.DeviceAuthorizationFlowRequest
+	(*DeviceAuthorizationFlow)(nil),        // 23: management.DeviceAuthorizationFlow
+	(*PKCEAuthorizationFlowRequest)(nil),   // 24: management.PKCEAuthorizationFlowRequest
+	(*PKCEAuthorizationFlow)(nil),          // 25: management.PKCEAuthorizationFlow
+	(*ProviderConfig)(nil),                 // 26: management.ProviderConfig
+	(*Route)(nil),                          // 27: management.Route
+	(*DNSConfig)(nil),                      // 28: management.DNSConfig
+	(*CustomZone)(nil),                     // 29: management.CustomZone
+	(*SimpleRecord)(nil),                   // 30: management.SimpleRecord
+	(*NameServerGroup)(nil),                // 31: management.NameServerGroup
+	(*NameServer)(nil),                     // 32: management.NameServer
+	(*FirewallRule)(nil),                   // 33: management.FirewallRule
+	(*NetworkAddress)(nil),                 // 34: management.NetworkAddress
+	(*timestamppb.Timestamp)(nil),          // 35: google.protobuf.Timestamp
 }
 var file_management_proto_depIdxs = []int32{
-	14, // 0: management.SyncResponse.wiretrusteeConfig:type_name -> management.WiretrusteeConfig
-	17, // 1: management.SyncResponse.peerConfig:type_name -> management.PeerConfig
-	19, // 2: management.SyncResponse.remotePeers:type_name -> management.RemotePeerConfig
-	18, // 3: management.SyncResponse.NetworkMap:type_name -> management.NetworkMap
-	10, // 4: management.LoginRequest.meta:type_name -> management.PeerSystemMeta
+	15, // 0: management.SyncResponse.wiretrusteeConfig:type_name -> management.WiretrusteeConfig
+	18, // 1: management.SyncResponse.peerConfig:type_name -> management.PeerConfig
+	20, // 2: management.SyncResponse.remotePeers:type_name -> management.RemotePeerConfig
+	19, // 3: management.SyncResponse.NetworkMap:type_name -> management.NetworkMap
+	11, // 4: management.LoginRequest.meta:type_name -> management.PeerSystemMeta
 	9,  // 5: management.LoginRequest.peerKeys:type_name -> management.PeerKeys
-	33, // 6: management.PeerSystemMeta.networkAddresses:type_name -> management.NetworkAddress
-	14, // 7: management.LoginResponse.wiretrusteeConfig:type_name -> management.WiretrusteeConfig
-	17, // 8: management.LoginResponse.peerConfig:type_name -> management.PeerConfig
-	34, // 9: management.ServerKeyResponse.expiresAt:type_name -> google.protobuf.Timestamp
-	15, // 10: management.WiretrusteeConfig.stuns:type_name -> management.HostConfig
-	16, // 11: management.WiretrusteeConfig.turns:type_name -> management.ProtectedHostConfig
-	15, // 12: management.WiretrusteeConfig.signal:type_name -> management.HostConfig
-	0,  // 13: management.HostConfig.protocol:type_name -> management.HostConfig.Protocol
-	15, // 14: management.ProtectedHostConfig.hostConfig:type_name -> management.HostConfig
-	20, // 15: management.PeerConfig.sshConfig:type_name -> management.SSHConfig
-	17, // 16: management.NetworkMap.peerConfig:type_name -> management.PeerConfig
-	19, // 17: management.NetworkMap.remotePeers:type_name -> management.RemotePeerConfig
-	26, // 18: management.NetworkMap.Routes:type_name -> management.Route
-	27, // 19: management.NetworkMap.DNSConfig:type_name -> management.DNSConfig
-	19, // 20: management.NetworkMap.offlinePeers:type_name -> management.RemotePeerConfig
-	32, // 21: management.NetworkMap.FirewallRules:type_name -> management.FirewallRule
-	20, // 22: management.RemotePeerConfig.sshConfig:type_name -> management.SSHConfig
-	1,  // 23: management.DeviceAuthorizationFlow.Provider:type_name -> management.DeviceAuthorizationFlow.provider
-	25, // 24: management.DeviceAuthorizationFlow.ProviderConfig:type_name -> management.ProviderConfig
-	25, // 25: management.PKCEAuthorizationFlow.ProviderConfig:type_name -> management.ProviderConfig
-	30, // 26: management.DNSConfig.NameServerGroups:type_name -> management.NameServerGroup
-	28, // 27: management.DNSConfig.CustomZones:type_name -> management.CustomZone
-	29, // 28: management.CustomZone.Records:type_name -> management.SimpleRecord
-	31, // 29: management.NameServerGroup.NameServers:type_name -> management.NameServer
-	2,  // 30: management.FirewallRule.Direction:type_name -> management.FirewallRule.direction
-	3,  // 31: management.FirewallRule.Action:type_name -> management.FirewallRule.action
-	4,  // 32: management.FirewallRule.Protocol:type_name -> management.FirewallRule.protocol
-	5,  // 33: management.ManagementService.Login:input_type -> management.EncryptedMessage
-	5,  // 34: management.ManagementService.Sync:input_type -> management.EncryptedMessage
-	13, // 35: management.ManagementService.GetServerKey:input_type -> management.Empty
-	13, // 36: management.ManagementService.isHealthy:input_type -> management.Empty
-	5,  // 37: management.ManagementService.GetDeviceAuthorizationFlow:input_type -> management.EncryptedMessage
-	5,  // 38: management.ManagementService.GetPKCEAuthorizationFlow:input_type -> management.EncryptedMessage
-	5,  // 39: management.ManagementService.Login:output_type -> management.EncryptedMessage
-	5,  // 40: management.ManagementService.Sync:output_type -> management.EncryptedMessage
-	12, // 41: management.ManagementService.GetServerKey:output_type -> management.ServerKeyResponse
-	13, // 42: management.ManagementService.isHealthy:output_type -> management.Empty
-	5,  // 43: management.ManagementService.GetDeviceAuthorizationFlow:output_type -> management.EncryptedMessage
-	5,  // 44: management.ManagementService.GetPKCEAuthorizationFlow:output_type -> management.EncryptedMessage
-	39, // [39:45] is the sub-list for method output_type
-	33, // [33:39] is the sub-list for method input_type
-	33, // [33:33] is the sub-list for extension type_name
-	33, // [33:33] is the sub-list for extension extendee
-	0,  // [0:33] is the sub-list for field type_name
+	34, // 6: management.PeerSystemMeta.networkAddresses:type_name -> management.NetworkAddress
+	10, // 7: management.PeerSystemMeta.environment:type_name -> management.Environment
+	15, // 8: management.LoginResponse.wiretrusteeConfig:type_name -> management.WiretrusteeConfig
+	18, // 9: management.LoginResponse.peerConfig:type_name -> management.PeerConfig
+	35, // 10: management.ServerKeyResponse.expiresAt:type_name -> google.protobuf.Timestamp
+	16, // 11: management.WiretrusteeConfig.stuns:type_name -> management.HostConfig
+	17, // 12: management.WiretrusteeConfig.turns:type_name -> management.ProtectedHostConfig
+	16, // 13: management.WiretrusteeConfig.signal:type_name -> management.HostConfig
+	0,  // 14: management.HostConfig.protocol:type_name -> management.HostConfig.Protocol
+	16, // 15: management.ProtectedHostConfig.hostConfig:type_name -> management.HostConfig
+	21, // 16: management.PeerConfig.sshConfig:type_name -> management.SSHConfig
+	18, // 17: management.NetworkMap.peerConfig:type_name -> management.PeerConfig
+	20, // 18: management.NetworkMap.remotePeers:type_name -> management.RemotePeerConfig
+	27, // 19: management.NetworkMap.Routes:type_name -> management.Route
+	28, // 20: management.NetworkMap.DNSConfig:type_name -> management.DNSConfig
+	20, // 21: management.NetworkMap.offlinePeers:type_name -> management.RemotePeerConfig
+	33, // 22: management.NetworkMap.FirewallRules:type_name -> management.FirewallRule
+	21, // 23: management.RemotePeerConfig.sshConfig:type_name -> management.SSHConfig
+	1,  // 24: management.DeviceAuthorizationFlow.Provider:type_name -> management.DeviceAuthorizationFlow.provider
+	26, // 25: management.DeviceAuthorizationFlow.ProviderConfig:type_name -> management.ProviderConfig
+	26, // 26: management.PKCEAuthorizationFlow.ProviderConfig:type_name -> management.ProviderConfig
+	31, // 27: management.DNSConfig.NameServerGroups:type_name -> management.NameServerGroup
+	29, // 28: management.DNSConfig.CustomZones:type_name -> management.CustomZone
+	30, // 29: management.CustomZone.Records:type_name -> management.SimpleRecord
+	32, // 30: management.NameServerGroup.NameServers:type_name -> management.NameServer
+	2,  // 31: management.FirewallRule.Direction:type_name -> management.FirewallRule.direction
+	3,  // 32: management.FirewallRule.Action:type_name -> management.FirewallRule.action
+	4,  // 33: management.FirewallRule.Protocol:type_name -> management.FirewallRule.protocol
+	5,  // 34: management.ManagementService.Login:input_type -> management.EncryptedMessage
+	5,  // 35: management.ManagementService.Sync:input_type -> management.EncryptedMessage
+	14, // 36: management.ManagementService.GetServerKey:input_type -> management.Empty
+	14, // 37: management.ManagementService.isHealthy:input_type -> management.Empty
+	5,  // 38: management.ManagementService.GetDeviceAuthorizationFlow:input_type -> management.EncryptedMessage
+	5,  // 39: management.ManagementService.GetPKCEAuthorizationFlow:input_type -> management.EncryptedMessage
+	5,  // 40: management.ManagementService.Login:output_type -> management.EncryptedMessage
+	5,  // 41: management.ManagementService.Sync:output_type -> management.EncryptedMessage
+	13, // 42: management.ManagementService.GetServerKey:output_type -> management.ServerKeyResponse
+	14, // 43: management.ManagementService.isHealthy:output_type -> management.Empty
+	5,  // 44: management.ManagementService.GetDeviceAuthorizationFlow:output_type -> management.EncryptedMessage
+	5,  // 45: management.ManagementService.GetPKCEAuthorizationFlow:output_type -> management.EncryptedMessage
+	40, // [40:46] is the sub-list for method output_type
+	34, // [34:40] is the sub-list for method input_type
+	34, // [34:34] is the sub-list for extension type_name
+	34, // [34:34] is the sub-list for extension extendee
+	0,  // [0:34] is the sub-list for field type_name
 }
 
 func init() { file_management_proto_init() }
@@ -2818,7 +2894,7 @@ func file_management_proto_init() {
 			}
 		}
 		file_management_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*PeerSystemMeta); i {
+			switch v := v.(*Environment); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -2830,7 +2906,7 @@ func file_management_proto_init() {
 			}
 		}
 		file_management_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*LoginResponse); i {
+			switch v := v.(*PeerSystemMeta); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -2842,7 +2918,7 @@ func file_management_proto_init() {
 			}
 		}
 		file_management_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ServerKeyResponse); i {
+			switch v := v.(*LoginResponse); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -2854,7 +2930,7 @@ func file_management_proto_init() {
 			}
 		}
 		file_management_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Empty); i {
+			switch v := v.(*ServerKeyResponse); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -2866,7 +2942,7 @@ func file_management_proto_init() {
 			}
 		}
 		file_management_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*WiretrusteeConfig); i {
+			switch v := v.(*Empty); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -2878,7 +2954,7 @@ func file_management_proto_init() {
 			}
 		}
 		file_management_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HostConfig); i {
+			switch v := v.(*WiretrusteeConfig); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -2890,7 +2966,7 @@ func file_management_proto_init() {
 			}
 		}
 		file_management_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ProtectedHostConfig); i {
+			switch v := v.(*HostConfig); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -2902,7 +2978,7 @@ func file_management_proto_init() {
 			}
 		}
 		file_management_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*PeerConfig); i {
+			switch v := v.(*ProtectedHostConfig); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -2914,7 +2990,7 @@ func file_management_proto_init() {
 			}
 		}
 		file_management_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*NetworkMap); i {
+			switch v := v.(*PeerConfig); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -2926,7 +3002,7 @@ func file_management_proto_init() {
 			}
 		}
 		file_management_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*RemotePeerConfig); i {
+			switch v := v.(*NetworkMap); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -2938,7 +3014,7 @@ func file_management_proto_init() {
 			}
 		}
 		file_management_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*SSHConfig); i {
+			switch v := v.(*RemotePeerConfig); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -2950,7 +3026,7 @@ func file_management_proto_init() {
 			}
 		}
 		file_management_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*DeviceAuthorizationFlowRequest); i {
+			switch v := v.(*SSHConfig); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -2962,7 +3038,7 @@ func file_management_proto_init() {
 			}
 		}
 		file_management_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*DeviceAuthorizationFlow); i {
+			switch v := v.(*DeviceAuthorizationFlowRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -2974,7 +3050,7 @@ func file_management_proto_init() {
 			}
 		}
 		file_management_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*PKCEAuthorizationFlowRequest); i {
+			switch v := v.(*DeviceAuthorizationFlow); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -2986,7 +3062,7 @@ func file_management_proto_init() {
 			}
 		}
 		file_management_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*PKCEAuthorizationFlow); i {
+			switch v := v.(*PKCEAuthorizationFlowRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -2998,7 +3074,7 @@ func file_management_proto_init() {
 			}
 		}
 		file_management_proto_msgTypes[20].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ProviderConfig); i {
+			switch v := v.(*PKCEAuthorizationFlow); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3010,7 +3086,7 @@ func file_management_proto_init() {
 			}
 		}
 		file_management_proto_msgTypes[21].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Route); i {
+			switch v := v.(*ProviderConfig); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3022,7 +3098,7 @@ func file_management_proto_init() {
 			}
 		}
 		file_management_proto_msgTypes[22].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*DNSConfig); i {
+			switch v := v.(*Route); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3034,7 +3110,7 @@ func file_management_proto_init() {
 			}
 		}
 		file_management_proto_msgTypes[23].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*CustomZone); i {
+			switch v := v.(*DNSConfig); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3046,7 +3122,7 @@ func file_management_proto_init() {
 			}
 		}
 		file_management_proto_msgTypes[24].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*SimpleRecord); i {
+			switch v := v.(*CustomZone); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3058,7 +3134,7 @@ func file_management_proto_init() {
 			}
 		}
 		file_management_proto_msgTypes[25].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*NameServerGroup); i {
+			switch v := v.(*SimpleRecord); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3070,7 +3146,7 @@ func file_management_proto_init() {
 			}
 		}
 		file_management_proto_msgTypes[26].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*NameServer); i {
+			switch v := v.(*NameServerGroup); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3082,7 +3158,7 @@ func file_management_proto_init() {
 			}
 		}
 		file_management_proto_msgTypes[27].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*FirewallRule); i {
+			switch v := v.(*NameServer); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3094,6 +3170,18 @@ func file_management_proto_init() {
 			}
 		}
 		file_management_proto_msgTypes[28].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*FirewallRule); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_management_proto_msgTypes[29].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*NetworkAddress); i {
 			case 0:
 				return &v.state
@@ -3112,7 +3200,7 @@ func file_management_proto_init() {
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_management_proto_rawDesc,
 			NumEnums:      5,
-			NumMessages:   29,
+			NumMessages:   30,
 			NumExtensions: 0,
 			NumServices:   1,
 		},
diff --git a/management/proto/management.proto b/management/proto/management.proto
index aeadafc2e..2cc0efa22 100644
--- a/management/proto/management.proto
+++ b/management/proto/management.proto
@@ -92,6 +92,14 @@ message PeerKeys {
   bytes wgPubKey = 2;
 }
 
+// Environment is part of the PeerSystemMeta and describes the environment the agent is running in.
+message Environment {
+  // cloud is the cloud provider the agent is running in if applicable.
+  string cloud = 1;
+  // platform is the platform the agent is running on if applicable.
+  string platform = 2;
+}
+
 // PeerSystemMeta is machine meta data like OS and version.
 message PeerSystemMeta {
   string hostname = 1;
@@ -108,6 +116,7 @@ message PeerSystemMeta {
   string sysSerialNumber = 12;
   string sysProductName = 13;
   string sysManufacturer = 14;
+  Environment environment = 15;
 }
 
 message LoginResponse {
diff --git a/management/server/account.go b/management/server/account.go
index cfa94bead..56d4c262f 100644
--- a/management/server/account.go
+++ b/management/server/account.go
@@ -126,6 +126,7 @@ type AccountManager interface {
 	SavePostureChecks(accountID, userID string, postureChecks *posture.Checks) error
 	DeletePostureChecks(accountID, postureChecksID, userID string) error
 	ListPostureChecks(accountID, userID string) ([]*posture.Checks, error)
+	GetIdpManager() idp.Manager
 	UpdateIntegratedApprovalGroups(accountID string, userID string, groups []string) error
 	GroupValidation(accountId string, groups []string) (bool, error)
 }
@@ -209,6 +210,7 @@ type Account struct {
 
 	// User.Id it was created by
 	CreatedBy              string
+	CreatedAt              time.Time
 	Domain                 string `gorm:"index"`
 	DomainCategory         string
 	IsDomainPrimaryAccount bool
@@ -703,6 +705,7 @@ func (a *Account) Copy() *Account {
 	return &Account{
 		Id:                     a.Id,
 		CreatedBy:              a.CreatedBy,
+		CreatedAt:              a.CreatedAt,
 		Domain:                 a.Domain,
 		DomainCategory:         a.DomainCategory,
 		IsDomainPrimaryAccount: a.IsDomainPrimaryAccount,
@@ -922,6 +925,10 @@ func (am *DefaultAccountManager) GetExternalCacheManager() ExternalCacheManager
 	return am.externalCacheManager
 }
 
+func (am *DefaultAccountManager) GetIdpManager() idp.Manager {
+	return am.idpManager
+}
+
 // UpdateAccountSettings updates Account settings.
 // Only users with role UserRoleAdmin can update the account.
 // User that performs the update has to belong to the account.
@@ -939,12 +946,7 @@ func (am *DefaultAccountManager) UpdateAccountSettings(accountID, userID string,
 	unlock := am.Store.AcquireAccountLock(accountID)
 	defer unlock()
 
-	account, err := am.Store.GetAccountByUser(userID)
-	if err != nil {
-		return nil, err
-	}
-
-	err = additions.ValidateExtraSettings(newSettings.Extra, account.Settings.Extra, account.Peers, userID, accountID, am.eventStore)
+	account, err := am.Store.GetAccount(accountID)
 	if err != nil {
 		return nil, err
 	}
@@ -958,6 +960,11 @@ func (am *DefaultAccountManager) UpdateAccountSettings(accountID, userID string,
 		return nil, status.Errorf(status.PermissionDenied, "user is not allowed to update account")
 	}
 
+	err = additions.ValidateExtraSettings(newSettings.Extra, account.Settings.Extra, account.Peers, userID, accountID, am.eventStore)
+	if err != nil {
+		return nil, err
+	}
+
 	oldSettings := account.Settings
 	if oldSettings.PeerLoginExpirationEnabled != newSettings.PeerLoginExpirationEnabled {
 		event := activity.AccountPeerLoginExpirationEnabled
@@ -1892,6 +1899,7 @@ func newAccountWithId(accountID, userID, domain string) *Account {
 
 	acc := &Account{
 		Id:               accountID,
+		CreatedAt:        time.Now().UTC(),
 		SetupKeys:        setupKeys,
 		Network:          network,
 		Peers:            peers,
diff --git a/management/server/account_test.go b/management/server/account_test.go
index 1e698eb96..02d242e3a 100644
--- a/management/server/account_test.go
+++ b/management/server/account_test.go
@@ -32,8 +32,12 @@ func (MocIntegratedApproval) PreparePeer(accountID string, peer *nbpeer.Peer, pe
 	return peer
 }
 
-func (MocIntegratedApproval) SyncPeer(accountID string, peer *nbpeer.Peer, peersGroup []string, extraSettings *account.ExtraSettings) (*nbpeer.Peer, bool) {
-	return peer.Copy(), false
+func (MocIntegratedApproval) IsRequiresApproval(accountID string, peer *nbpeer.Peer, peersGroup []string, extraSettings *account.ExtraSettings) bool {
+	return false
+}
+
+func (MocIntegratedApproval) Stop() {
+
 }
 
 func verifyCanAddPeerToAccount(t *testing.T, manager AccountManager, account *Account, userID string) {
@@ -104,6 +108,10 @@ func verifyNewAccountHasDefaultFields(t *testing.T, account *Account, createdBy
 		t.Errorf("expecting newly created account to be created by user %s, got %s", createdBy, account.CreatedBy)
 	}
 
+	if account.CreatedAt.IsZero() {
+		t.Errorf("expecting newly created account to have a non-zero creation time")
+	}
+
 	if account.Domain != domain {
 		t.Errorf("expecting newly created account to have domain %s, got %s", domain, account.Domain)
 	}
@@ -1483,6 +1491,7 @@ func TestAccount_Copy(t *testing.T) {
 	account := &Account{
 		Id:                     "account1",
 		CreatedBy:              "tester",
+		CreatedAt:              time.Now().UTC(),
 		Domain:                 "test.com",
 		DomainCategory:         "public",
 		IsDomainPrimaryAccount: true,
diff --git a/management/server/activity/event.go b/management/server/activity/event.go
index 249547122..0e819c3a7 100644
--- a/management/server/activity/event.go
+++ b/management/server/activity/event.go
@@ -9,7 +9,7 @@ const (
 )
 
 // ActivityDescriber is an interface that describes an activity
-type ActivityDescriber interface {
+type ActivityDescriber interface { //nolint:revive
 	StringCode() string
 	Message() string
 }
diff --git a/management/server/geolocation/database.go b/management/server/geolocation/database.go
new file mode 100644
index 000000000..1bada6075
--- /dev/null
+++ b/management/server/geolocation/database.go
@@ -0,0 +1,210 @@
+package geolocation
+
+import (
+	"encoding/csv"
+	"fmt"
+	"io"
+	"net/url"
+	"os"
+	"path"
+	"strconv"
+
+	"gorm.io/driver/sqlite"
+	"gorm.io/gorm"
+	"gorm.io/gorm/logger"
+)
+
+const (
+	geoLiteCityTarGZURL     = "https://pkgs.netbird.io/geolocation-dbs/GeoLite2-City/download?suffix=tar.gz"
+	geoLiteCityZipURL       = "https://pkgs.netbird.io/geolocation-dbs/GeoLite2-City-CSV/download?suffix=zip"
+	geoLiteCitySha256TarURL = "https://pkgs.netbird.io/geolocation-dbs/GeoLite2-City/download?suffix=tar.gz.sha256"
+	geoLiteCitySha256ZipURL = "https://pkgs.netbird.io/geolocation-dbs/GeoLite2-City-CSV/download?suffix=zip.sha256"
+)
+
+// loadGeolocationDatabases loads the MaxMind databases.
+func loadGeolocationDatabases(dataDir string) error {
+	files := []string{MMDBFileName, GeoSqliteDBFile}
+	for _, file := range files {
+		exists, _ := fileExists(path.Join(dataDir, file))
+		if exists {
+			continue
+		}
+
+		switch file {
+		case MMDBFileName:
+			extractFunc := func(src string, dst string) error {
+				if err := decompressTarGzFile(src, dst); err != nil {
+					return err
+				}
+				return copyFile(path.Join(dst, MMDBFileName), path.Join(dataDir, MMDBFileName))
+			}
+			if err := loadDatabase(
+				geoLiteCitySha256TarURL,
+				geoLiteCityTarGZURL,
+				extractFunc,
+			); err != nil {
+				return err
+			}
+
+		case GeoSqliteDBFile:
+			extractFunc := func(src string, dst string) error {
+				if err := decompressZipFile(src, dst); err != nil {
+					return err
+				}
+				extractedCsvFile := path.Join(dst, "GeoLite2-City-Locations-en.csv")
+				return importCsvToSqlite(dataDir, extractedCsvFile)
+			}
+
+			if err := loadDatabase(
+				geoLiteCitySha256ZipURL,
+				geoLiteCityZipURL,
+				extractFunc,
+			); err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+// loadDatabase downloads a file from the specified URL and verifies its checksum.
+// It then calls the extract function to perform additional processing on the extracted files.
+func loadDatabase(checksumURL string, fileURL string, extractFunc func(src string, dst string) error) error {
+	temp, err := os.MkdirTemp(os.TempDir(), "geolite")
+	if err != nil {
+		return err
+	}
+	defer os.RemoveAll(temp)
+
+	checksumFile := path.Join(temp, getDatabaseFileName(checksumURL))
+	err = downloadFile(checksumURL, checksumFile)
+	if err != nil {
+		return err
+	}
+
+	sha256sum, err := loadChecksumFromFile(checksumFile)
+	if err != nil {
+		return err
+	}
+
+	dbFile := path.Join(temp, getDatabaseFileName(fileURL))
+	err = downloadFile(fileURL, dbFile)
+	if err != nil {
+		return err
+	}
+
+	if err := verifyChecksum(dbFile, sha256sum); err != nil {
+		return err
+	}
+
+	return extractFunc(dbFile, temp)
+}
+
+// importCsvToSqlite imports a CSV file into a SQLite database.
+func importCsvToSqlite(dataDir string, csvFile string) error {
+	geonames, err := loadGeonamesCsv(csvFile)
+	if err != nil {
+		return err
+	}
+
+	db, err := gorm.Open(sqlite.Open(path.Join(dataDir, GeoSqliteDBFile)), &gorm.Config{
+		Logger:          logger.Default.LogMode(logger.Silent),
+		CreateBatchSize: 1000,
+		PrepareStmt:     true,
+	})
+	if err != nil {
+		return err
+	}
+	defer func() {
+		sql, err := db.DB()
+		if err != nil {
+			return
+		}
+		sql.Close()
+	}()
+
+	if err := db.AutoMigrate(&GeoNames{}); err != nil {
+		return err
+	}
+
+	return db.Create(geonames).Error
+}
+
+func loadGeonamesCsv(filepath string) ([]GeoNames, error) {
+	f, err := os.Open(filepath)
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+
+	reader := csv.NewReader(f)
+	records, err := reader.ReadAll()
+	if err != nil {
+		return nil, err
+	}
+
+	var geoNames []GeoNames
+	for index, record := range records {
+		if index == 0 {
+			continue
+		}
+		geoNameID, err := strconv.Atoi(record[0])
+		if err != nil {
+			return nil, err
+		}
+
+		geoName := GeoNames{
+			GeoNameID:           geoNameID,
+			LocaleCode:          record[1],
+			ContinentCode:       record[2],
+			ContinentName:       record[3],
+			CountryIsoCode:      record[4],
+			CountryName:         record[5],
+			Subdivision1IsoCode: record[6],
+			Subdivision1Name:    record[7],
+			Subdivision2IsoCode: record[8],
+			Subdivision2Name:    record[9],
+			CityName:            record[10],
+			MetroCode:           record[11],
+			TimeZone:            record[12],
+			IsInEuropeanUnion:   record[13],
+		}
+		geoNames = append(geoNames, geoName)
+	}
+
+	return geoNames, nil
+}
+
+// getDatabaseFileName extracts the file name from a given URL string.
+func getDatabaseFileName(urlStr string) string {
+	u, err := url.Parse(urlStr)
+	if err != nil {
+		panic(err)
+	}
+
+	ext := u.Query().Get("suffix")
+	fileName := fmt.Sprintf("%s.%s", path.Base(u.Path), ext)
+	return fileName
+}
+
+// copyFile performs a file copy operation from the source file to the destination.
+func copyFile(src string, dst string) error {
+	srcFile, err := os.Open(src)
+	if err != nil {
+		return err
+	}
+	defer srcFile.Close()
+
+	dstFile, err := os.Create(dst)
+	if err != nil {
+		return err
+	}
+	defer dstFile.Close()
+
+	_, err = io.Copy(dstFile, srcFile)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/management/server/geolocation/geolocation.go b/management/server/geolocation/geolocation.go
index de7a8af82..88cdfcb9f 100644
--- a/management/server/geolocation/geolocation.go
+++ b/management/server/geolocation/geolocation.go
@@ -2,9 +2,7 @@ package geolocation
 
 import (
 	"bytes"
-	"crypto/sha256"
 	"fmt"
-	"io"
 	"net"
 	"os"
 	"path"
@@ -54,20 +52,23 @@ type Country struct {
 	CountryName    string
 }
 
-func NewGeolocation(datadir string) (*Geolocation, error) {
-	mmdbPath := path.Join(datadir, MMDBFileName)
+func NewGeolocation(dataDir string) (*Geolocation, error) {
+	if err := loadGeolocationDatabases(dataDir); err != nil {
+		return nil, fmt.Errorf("failed to load MaxMind databases: %v", err)
+	}
 
+	mmdbPath := path.Join(dataDir, MMDBFileName)
 	db, err := openDB(mmdbPath)
 	if err != nil {
 		return nil, err
 	}
 
-	sha256sum, err := getSha256sum(mmdbPath)
+	sha256sum, err := calculateFileSHA256(mmdbPath)
 	if err != nil {
 		return nil, err
 	}
 
-	locationDB, err := NewSqliteStore(datadir)
+	locationDB, err := NewSqliteStore(dataDir)
 	if err != nil {
 		return nil, err
 	}
@@ -104,21 +105,6 @@ func openDB(mmdbPath string) (*maxminddb.Reader, error) {
 	return db, nil
 }
 
-func getSha256sum(mmdbPath string) ([]byte, error) {
-	f, err := os.Open(mmdbPath)
-	if err != nil {
-		return nil, err
-	}
-	defer f.Close()
-
-	h := sha256.New()
-	if _, err := io.Copy(h, f); err != nil {
-		return nil, err
-	}
-
-	return h.Sum(nil), nil
-}
-
 func (gl *Geolocation) Lookup(ip net.IP) (*Record, error) {
 	gl.mux.RLock()
 	defer gl.mux.RUnlock()
@@ -189,7 +175,7 @@ func (gl *Geolocation) reloader() {
 				log.Errorf("geonames db reload failed: %s", err)
 			}
 
-			newSha256sum1, err := getSha256sum(gl.mmdbPath)
+			newSha256sum1, err := calculateFileSHA256(gl.mmdbPath)
 			if err != nil {
 				log.Errorf("failed to calculate sha256 sum for '%s': %s", gl.mmdbPath, err)
 				continue
@@ -198,7 +184,7 @@ func (gl *Geolocation) reloader() {
 				// we check sum twice just to avoid possible case when we reload during update of the file
 				// considering the frequency of file update (few times a week) checking sum twice should be enough
 				time.Sleep(50 * time.Millisecond)
-				newSha256sum2, err := getSha256sum(gl.mmdbPath)
+				newSha256sum2, err := calculateFileSHA256(gl.mmdbPath)
 				if err != nil {
 					log.Errorf("failed to calculate sha256 sum for '%s': %s", gl.mmdbPath, err)
 					continue
diff --git a/management/server/geolocation/store.go b/management/server/geolocation/store.go
index 9f3638a7c..74401d6ca 100644
--- a/management/server/geolocation/store.go
+++ b/management/server/geolocation/store.go
@@ -20,6 +20,27 @@ const (
 	GeoSqliteDBFile = "geonames.db"
 )
 
+type GeoNames struct {
+	GeoNameID           int    `gorm:"column:geoname_id"`
+	LocaleCode          string `gorm:"column:locale_code"`
+	ContinentCode       string `gorm:"column:continent_code"`
+	ContinentName       string `gorm:"column:continent_name"`
+	CountryIsoCode      string `gorm:"column:country_iso_code"`
+	CountryName         string `gorm:"column:country_name"`
+	Subdivision1IsoCode string `gorm:"column:subdivision_1_iso_code"`
+	Subdivision1Name    string `gorm:"column:subdivision_1_name"`
+	Subdivision2IsoCode string `gorm:"column:subdivision_2_iso_code"`
+	Subdivision2Name    string `gorm:"column:subdivision_2_name"`
+	CityName            string `gorm:"column:city_name"`
+	MetroCode           string `gorm:"column:metro_code"`
+	TimeZone            string `gorm:"column:time_zone"`
+	IsInEuropeanUnion   string `gorm:"column:is_in_european_union"`
+}
+
+func (*GeoNames) TableName() string {
+	return "geonames"
+}
+
 // SqliteStore represents a location storage backed by a Sqlite DB.
 type SqliteStore struct {
 	db        *gorm.DB
@@ -37,7 +58,7 @@ func NewSqliteStore(dataDir string) (*SqliteStore, error) {
 		return nil, err
 	}
 
-	sha256sum, err := getSha256sum(file)
+	sha256sum, err := calculateFileSHA256(file)
 	if err != nil {
 		return nil, err
 	}
@@ -60,7 +81,7 @@ func (s *SqliteStore) GetAllCountries() ([]Country, error) {
 	}
 
 	var countries []Country
-	result := s.db.Table("geonames").
+	result := s.db.Model(&GeoNames{}).
 		Select("country_iso_code", "country_name").
 		Group("country_name").
 		Scan(&countries)
@@ -81,7 +102,7 @@ func (s *SqliteStore) GetCitiesByCountry(countryISOCode string) ([]City, error)
 	}
 
 	var cities []City
-	result := s.db.Table("geonames").
+	result := s.db.Model(&GeoNames{}).
 		Select("geoname_id", "city_name").
 		Where("country_iso_code = ?", countryISOCode).
 		Group("city_name").
@@ -98,7 +119,7 @@ func (s *SqliteStore) reload() error {
 	s.mux.Lock()
 	defer s.mux.Unlock()
 
-	newSha256sum1, err := getSha256sum(s.filePath)
+	newSha256sum1, err := calculateFileSHA256(s.filePath)
 	if err != nil {
 		log.Errorf("failed to calculate sha256 sum for '%s': %s", s.filePath, err)
 	}
@@ -107,7 +128,7 @@ func (s *SqliteStore) reload() error {
 		// we check sum twice just to avoid possible case when we reload during update of the file
 		// considering the frequency of file update (few times a week) checking sum twice should be enough
 		time.Sleep(50 * time.Millisecond)
-		newSha256sum2, err := getSha256sum(s.filePath)
+		newSha256sum2, err := calculateFileSHA256(s.filePath)
 		if err != nil {
 			return fmt.Errorf("failed to calculate sha256 sum for '%s': %s", s.filePath, err)
 		}
diff --git a/management/server/geolocation/utils.go b/management/server/geolocation/utils.go
new file mode 100644
index 000000000..bdbd4732d
--- /dev/null
+++ b/management/server/geolocation/utils.go
@@ -0,0 +1,176 @@
+package geolocation
+
+import (
+	"archive/tar"
+	"archive/zip"
+	"bufio"
+	"bytes"
+	"compress/gzip"
+	"crypto/sha256"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"path"
+	"strings"
+)
+
+// decompressTarGzFile decompresses a .tar.gz file.
+func decompressTarGzFile(filepath, destDir string) error {
+	file, err := os.Open(filepath)
+	if err != nil {
+		return err
+	}
+	defer file.Close()
+
+	gzipReader, err := gzip.NewReader(file)
+	if err != nil {
+		return err
+	}
+	defer gzipReader.Close()
+
+	tarReader := tar.NewReader(gzipReader)
+
+	for {
+		header, err := tarReader.Next()
+		if err != nil {
+			if errors.Is(err, io.EOF) {
+				break
+			}
+			return err
+		}
+
+		if header.Typeflag == tar.TypeReg {
+			outFile, err := os.Create(path.Join(destDir, path.Base(header.Name)))
+			if err != nil {
+				return err
+			}
+
+			_, err = io.Copy(outFile, tarReader) // #nosec G110
+			outFile.Close()
+			if err != nil {
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// decompressZipFile decompresses a .zip file.
+func decompressZipFile(filepath, destDir string) error {
+	r, err := zip.OpenReader(filepath)
+	if err != nil {
+		return err
+	}
+	defer r.Close()
+
+	for _, f := range r.File {
+		if f.FileInfo().IsDir() {
+			continue
+		}
+
+		outFile, err := os.Create(path.Join(destDir, path.Base(f.Name)))
+		if err != nil {
+			return err
+		}
+
+		rc, err := f.Open()
+		if err != nil {
+			outFile.Close()
+			return err
+		}
+
+		_, err = io.Copy(outFile, rc) // #nosec G110
+		outFile.Close()
+		rc.Close()
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// calculateFileSHA256 calculates the SHA256 checksum of a file.
+func calculateFileSHA256(filepath string) ([]byte, error) {
+	file, err := os.Open(filepath)
+	if err != nil {
+		return nil, err
+	}
+	defer file.Close()
+
+	h := sha256.New()
+	if _, err := io.Copy(h, file); err != nil {
+		return nil, err
+	}
+
+	return h.Sum(nil), nil
+}
+
+// loadChecksumFromFile loads the first checksum from a file.
+func loadChecksumFromFile(filepath string) (string, error) {
+	file, err := os.Open(filepath)
+	if err != nil {
+		return "", err
+	}
+	defer file.Close()
+
+	scanner := bufio.NewScanner(file)
+	if scanner.Scan() {
+		parts := strings.Fields(scanner.Text())
+		if len(parts) > 0 {
+			return parts[0], nil
+		}
+	}
+	if err := scanner.Err(); err != nil {
+		return "", err
+	}
+
+	return "", nil
+}
+
+// verifyChecksum compares the calculated SHA256 checksum of a file against the expected checksum.
+func verifyChecksum(filepath, expectedChecksum string) error {
+	calculatedChecksum, err := calculateFileSHA256(filepath)
+
+	fileCheckSum := fmt.Sprintf("%x", calculatedChecksum)
+	if err != nil {
+		return err
+	}
+
+	if fileCheckSum != expectedChecksum {
+		return fmt.Errorf("checksum mismatch: expected %s, got %s", expectedChecksum, fileCheckSum)
+	}
+
+	return nil
+}
+
+// downloadFile downloads a file from a URL and saves it to a local file path.
+func downloadFile(url, filepath string) error {
+	resp, err := http.Get(url)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	bodyBytes, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return err
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		return fmt.Errorf("unexpected error occurred while downloading the file: %s", string(bodyBytes))
+	}
+
+	out, err := os.Create(filepath)
+	if err != nil {
+		return err
+	}
+	defer out.Close()
+
+	_, err = io.Copy(out, bytes.NewBuffer(bodyBytes))
+	return err
+}
diff --git a/management/server/grpcserver.go b/management/server/grpcserver.go
index a79fe6456..341d202b6 100644
--- a/management/server/grpcserver.go
+++ b/management/server/grpcserver.go
@@ -288,6 +288,10 @@ func extractPeerMeta(loginReq *proto.LoginRequest) nbpeer.PeerSystemMeta {
 		SystemSerialNumber: loginReq.GetMeta().GetSysSerialNumber(),
 		SystemProductName:  loginReq.GetMeta().GetSysProductName(),
 		SystemManufacturer: loginReq.GetMeta().GetSysManufacturer(),
+		Environment: nbpeer.Environment{
+			Cloud:    loginReq.GetMeta().GetEnvironment().GetCloud(),
+			Platform: loginReq.GetMeta().GetEnvironment().GetPlatform(),
+		},
 	}
 }
 
diff --git a/management/server/http/api/openapi.yml b/management/server/http/api/openapi.yml
index 5c05c15ad..b2ddfd5cc 100644
--- a/management/server/http/api/openapi.yml
+++ b/management/server/http/api/openapi.yml
@@ -121,7 +121,7 @@ components:
           description: Last time this user performed a login to the dashboard
           type: string
           format: date-time
-          example: 2023-05-05T09:00:35.477782Z
+          example: "2023-05-05T09:00:35.477782Z"
         auto_groups:
           description: Group IDs to auto-assign to peers registered by this user
           type: array
@@ -259,7 +259,7 @@ components:
               description: Last time peer connected to Netbird's management service
               type: string
               format: date-time
-              example: 2023-05-05T10:05:26.420578Z
+              example: "2023-05-05T10:05:26.420578Z"
             os:
               description: Peer's operating system and version
               type: string
@@ -313,7 +313,7 @@ components:
               description: Last time this peer performed log in (authentication). E.g., user authenticated.
               type: string
               format: date-time
-              example: 2023-05-05T09:00:35.477782Z
+              example: "2023-05-05T09:00:35.477782Z"
             approval_required:
               description: (Cloud only) Indicates whether peer needs approval
               type: boolean
@@ -405,7 +405,7 @@ components:
           description: Setup Key expiration date
           type: string
           format: date-time
-          example: 2023-06-01T14:47:22.291057Z
+          example: "2023-06-01T14:47:22.291057Z"
         type:
           description: Setup key type, one-off for single time usage and reusable
           type: string
@@ -426,7 +426,7 @@ components:
           description: Setup key last usage date
           type: string
           format: date-time
-          example: 2023-05-05T09:00:35.477782Z
+          example: "2023-05-05T09:00:35.477782Z"
         state:
           description: Setup key status, "valid", "overused","expired" or "revoked"
           type: string
@@ -441,7 +441,7 @@ components:
           description: Setup key last update date
           type: string
           format: date-time
-          example: 2023-05-05T09:00:35.477782Z
+          example: "2023-05-05T09:00:35.477782Z"
         usage_limit:
           description: A number of times this key can be used. The value of 0 indicates the unlimited usage.
           type: integer
@@ -522,7 +522,7 @@ components:
           description: Date the token expires
           type: string
           format: date-time
-          example: 2023-05-05T14:38:28.977616Z
+          example: "2023-05-05T14:38:28.977616Z"
         created_by:
           description: User ID of the user who created the token
           type: string
@@ -531,12 +531,12 @@ components:
           description: Date the token was created
           type: string
           format: date-time
-          example: 2023-05-02T14:48:20.465209Z
+          example: "2023-05-02T14:48:20.465209Z"
         last_used:
           description: Date the token was last used
           type: string
           format: date-time
-          example: 2023-05-04T12:45:25.9723616Z
+          example: "2023-05-04T12:45:25.9723616Z"
       required:
         - id
         - name
@@ -862,8 +862,8 @@ components:
           $ref: '#/components/schemas/OSVersionCheck'
         geo_location_check:
           $ref: '#/components/schemas/GeoLocationCheck'
-        private_network_check:
-          $ref: '#/components/schemas/PrivateNetworkCheck'
+        peer_network_range_check:
+          $ref: '#/components/schemas/PeerNetworkRangeCheck'
     NBVersionCheck:
       description: Posture check for the version of NetBird
       type: object
@@ -934,16 +934,16 @@ components:
       required:
         - locations
         - action
-    PrivateNetworkCheck:
-      description: Posture check for allow or deny private network
+    PeerNetworkRangeCheck:
+      description: Posture check for allow or deny access based on peer local network addresses
       type: object
       properties:
         ranges:
-          description: List of private network ranges in CIDR notation
+          description: List of peer network ranges in CIDR notation
           type: array
           items:
             type: string
-            example: ["192.168.1.0/24", "10.0.0.0/8"]
+            example: ["192.168.1.0/24", "10.0.0.0/8", "2001:db8:1234:1a00::/56"]
         action:
           description: Action to take upon policy match
           type: string
@@ -979,7 +979,7 @@ components:
           type: string
           example: "Germany"
         country_code:
-            $ref: '#/components/schemas/CountryCode'
+          $ref: '#/components/schemas/CountryCode'
       required:
         - country_name
         - country_code
@@ -1197,7 +1197,7 @@ components:
           description: The date and time when the event occurred
           type: string
           format: date-time
-          example: 2023-05-05T10:04:37.473542Z
+          example: "2023-05-05T10:04:37.473542Z"
         activity:
           description: The activity that occurred during the event
           type: string
diff --git a/management/server/http/api/types.gen.go b/management/server/http/api/types.gen.go
index 28fe63c9d..c007663a4 100644
--- a/management/server/http/api/types.gen.go
+++ b/management/server/http/api/types.gen.go
@@ -74,6 +74,12 @@ const (
 	NameserverNsTypeUdp NameserverNsType = "udp"
 )
 
+// Defines values for PeerNetworkRangeCheckAction.
+const (
+	PeerNetworkRangeCheckActionAllow PeerNetworkRangeCheckAction = "allow"
+	PeerNetworkRangeCheckActionDeny  PeerNetworkRangeCheckAction = "deny"
+)
+
 // Defines values for PolicyRuleAction.
 const (
 	PolicyRuleActionAccept PolicyRuleAction = "accept"
@@ -116,12 +122,6 @@ const (
 	PolicyRuleUpdateProtocolUdp  PolicyRuleUpdateProtocol = "udp"
 )
 
-// Defines values for PrivateNetworkCheckAction.
-const (
-	PrivateNetworkCheckActionAllow PrivateNetworkCheckAction = "allow"
-	PrivateNetworkCheckActionDeny  PrivateNetworkCheckAction = "deny"
-)
-
 // Defines values for UserStatus.
 const (
 	UserStatusActive  UserStatus = "active"
@@ -199,8 +199,8 @@ type Checks struct {
 	// OsVersionCheck Posture check for the version of operating system
 	OsVersionCheck *OSVersionCheck `json:"os_version_check,omitempty"`
 
-	// PrivateNetworkCheck Posture check for allow or deny private network
-	PrivateNetworkCheck *PrivateNetworkCheck `json:"private_network_check,omitempty"`
+	// PeerNetworkRangeCheck Posture check for allow or deny access based on peer local network addresses
+	PeerNetworkRangeCheck *PeerNetworkRangeCheck `json:"peer_network_range_check,omitempty"`
 }
 
 // City Describe city geographical location information
@@ -656,6 +656,18 @@ type PeerMinimum struct {
 	Name string `json:"name"`
 }
 
+// PeerNetworkRangeCheck Posture check for allow or deny access based on peer local network addresses
+type PeerNetworkRangeCheck struct {
+	// Action Action to take upon policy match
+	Action PeerNetworkRangeCheckAction `json:"action"`
+
+	// Ranges List of peer network ranges in CIDR notation
+	Ranges []string `json:"ranges"`
+}
+
+// PeerNetworkRangeCheckAction Action to take upon policy match
+type PeerNetworkRangeCheckAction string
+
 // PeerRequest defines model for PeerRequest.
 type PeerRequest struct {
 	// ApprovalRequired (Cloud only) Indicates whether peer needs approval
@@ -898,18 +910,6 @@ type PostureCheckUpdate struct {
 	Name string `json:"name"`
 }
 
-// PrivateNetworkCheck Posture check for allow or deny private network
-type PrivateNetworkCheck struct {
-	// Action Action to take upon policy match
-	Action PrivateNetworkCheckAction `json:"action"`
-
-	// Ranges List of private network ranges in CIDR notation
-	Ranges []string `json:"ranges"`
-}
-
-// PrivateNetworkCheckAction Action to take upon policy match
-type PrivateNetworkCheckAction string
-
 // Route defines model for Route.
 type Route struct {
 	// Description Route description
diff --git a/management/server/http/middleware/auth_middleware_test.go b/management/server/http/middleware/auth_middleware_test.go
index 3e3e84194..588bcaf02 100644
--- a/management/server/http/middleware/auth_middleware_test.go
+++ b/management/server/http/middleware/auth_middleware_test.go
@@ -177,7 +177,10 @@ func TestAuthMiddleware_Handler(t *testing.T) {
 	for _, tc := range tt {
 		t.Run(tc.name, func(t *testing.T) {
 			if tc.shouldBypassAuth {
-				bypass.AddBypassPath(tc.path)
+				err := bypass.AddBypassPath(tc.path)
+				if err != nil {
+					t.Fatalf("failed to add bypass path: %v", err)
+				}
 			}
 
 			req := httptest.NewRequest("GET", "http://testing"+tc.path, nil)
diff --git a/management/server/http/middleware/bypass/bypass.go b/management/server/http/middleware/bypass/bypass.go
index 2f2652eb6..87b41c6fc 100644
--- a/management/server/http/middleware/bypass/bypass.go
+++ b/management/server/http/middleware/bypass/bypass.go
@@ -1,8 +1,12 @@
 package bypass
 
 import (
+	"fmt"
 	"net/http"
+	"path"
 	"sync"
+
+	log "github.com/sirupsen/logrus"
 )
 
 var byPassMutex sync.RWMutex
@@ -11,10 +15,16 @@ var byPassMutex sync.RWMutex
 var bypassPaths = make(map[string]struct{})
 
 // AddBypassPath adds an exact path to the list of paths that bypass middleware.
-func AddBypassPath(path string) {
+// Paths can include wildcards, such as /api/*. Paths are matched using path.Match.
+// Returns an error if the path has invalid pattern.
+func AddBypassPath(path string) error {
 	byPassMutex.Lock()
 	defer byPassMutex.Unlock()
+	if err := validatePath(path); err != nil {
+		return fmt.Errorf("validate: %w", err)
+	}
 	bypassPaths[path] = struct{}{}
+	return nil
 }
 
 // RemovePath removes a path from the list of paths that bypass middleware.
@@ -24,16 +34,41 @@ func RemovePath(path string) {
 	delete(bypassPaths, path)
 }
 
+// GetList returns a list of all bypass paths.
+func GetList() []string {
+	byPassMutex.RLock()
+	defer byPassMutex.RUnlock()
+
+	list := make([]string, 0, len(bypassPaths))
+	for k := range bypassPaths {
+		list = append(list, k)
+	}
+
+	return list
+}
+
 // ShouldBypass checks if the request path is one of the auth bypass paths and returns true if the middleware should be bypassed.
 // This can be used to bypass authz/authn middlewares for certain paths, such as webhooks that implement their own authentication.
 func ShouldBypass(requestPath string, h http.Handler, w http.ResponseWriter, r *http.Request) bool {
 	byPassMutex.RLock()
 	defer byPassMutex.RUnlock()
 
-	if _, ok := bypassPaths[requestPath]; ok {
-		h.ServeHTTP(w, r)
-		return true
+	for bypassPath := range bypassPaths {
+		matched, err := path.Match(bypassPath, requestPath)
+		if err != nil {
+			log.Errorf("Error matching path %s with %s from %s: %v", bypassPath, requestPath, GetList(), err)
+			continue
+		}
+		if matched {
+			h.ServeHTTP(w, r)
+			return true
+		}
 	}
 
 	return false
 }
+
+func validatePath(p string) error {
+	_, err := path.Match(p, "")
+	return err
+}
diff --git a/management/server/http/middleware/bypass/bypass_test.go b/management/server/http/middleware/bypass/bypass_test.go
index efcfe1c3d..c65e6fa1f 100644
--- a/management/server/http/middleware/bypass/bypass_test.go
+++ b/management/server/http/middleware/bypass/bypass_test.go
@@ -11,6 +11,19 @@ import (
 	"github.com/netbirdio/netbird/management/server/http/middleware/bypass"
 )
 
+func TestGetList(t *testing.T) {
+	bypassPaths := []string{"/path1", "/path2", "/path3"}
+
+	for _, path := range bypassPaths {
+		err := bypass.AddBypassPath(path)
+		require.NoError(t, err, "Adding bypass path should not fail")
+	}
+
+	list := bypass.GetList()
+
+	assert.ElementsMatch(t, bypassPaths, list, "Bypass path list did not match expected paths")
+}
+
 func TestAuthBypass(t *testing.T) {
 	dummyHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.WriteHeader(http.StatusOK)
@@ -31,6 +44,13 @@ func TestAuthBypass(t *testing.T) {
 			expectBypass:   true,
 			expectHTTPCode: http.StatusOK,
 		},
+		{
+			name:           "Wildcard path added to bypass",
+			pathToAdd:      "/bypass/*",
+			testPath:       "/bypass/extra",
+			expectBypass:   true,
+			expectHTTPCode: http.StatusOK,
+		},
 		{
 			name:           "Path not added to bypass",
 			testPath:       "/no-bypass",
@@ -59,6 +79,13 @@ func TestAuthBypass(t *testing.T) {
 			expectBypass:   false,
 			expectHTTPCode: http.StatusOK,
 		},
+		{
+			name:           "Wildcard subpath does not match bypass",
+			pathToAdd:      "/webhook/*",
+			testPath:       "/webhook/extra/path",
+			expectBypass:   false,
+			expectHTTPCode: http.StatusOK,
+		},
 		{
 			name:           "Similar path does not match bypass",
 			pathToAdd:      "/webhook",
@@ -78,7 +105,8 @@ func TestAuthBypass(t *testing.T) {
 	for _, tc := range tests {
 		t.Run(tc.name, func(t *testing.T) {
 			if tc.pathToAdd != "" {
-				bypass.AddBypassPath(tc.pathToAdd)
+				err := bypass.AddBypassPath(tc.pathToAdd)
+				require.NoError(t, err, "Adding bypass path should not fail")
 				defer bypass.RemovePath(tc.pathToAdd)
 			}
 
diff --git a/management/server/http/posture_checks_handler.go b/management/server/http/posture_checks_handler.go
index 581bba2b7..fcccc1997 100644
--- a/management/server/http/posture_checks_handler.go
+++ b/management/server/http/posture_checks_handler.go
@@ -213,8 +213,8 @@ func (p *PostureChecksHandler) savePostureChecks(
 		postureChecks.Checks.GeoLocationCheck = toPostureGeoLocationCheck(geoLocationCheck)
 	}
 
-	if privateNetworkCheck := req.Checks.PrivateNetworkCheck; privateNetworkCheck != nil {
-		postureChecks.Checks.PrivateNetworkCheck, err = toPrivateNetworkCheck(privateNetworkCheck)
+	if peerNetworkRangeCheck := req.Checks.PeerNetworkRangeCheck; peerNetworkRangeCheck != nil {
+		postureChecks.Checks.PeerNetworkRangeCheck, err = toPeerNetworkRangeCheck(peerNetworkRangeCheck)
 		if err != nil {
 			util.WriteError(status.Errorf(status.InvalidArgument, "invalid network prefix"), w)
 			return
@@ -235,7 +235,7 @@ func validatePostureChecksUpdate(req api.PostureCheckUpdate) error {
 	}
 
 	if req.Checks == nil || (req.Checks.NbVersionCheck == nil && req.Checks.OsVersionCheck == nil &&
-		req.Checks.GeoLocationCheck == nil && req.Checks.PrivateNetworkCheck == nil) {
+		req.Checks.GeoLocationCheck == nil && req.Checks.PeerNetworkRangeCheck == nil) {
 		return status.Errorf(status.InvalidArgument, "posture checks shouldn't be empty")
 	}
 
@@ -278,17 +278,17 @@ func validatePostureChecksUpdate(req api.PostureCheckUpdate) error {
 		}
 	}
 
-	if privateNetworkCheck := req.Checks.PrivateNetworkCheck; privateNetworkCheck != nil {
-		if privateNetworkCheck.Action == "" {
-			return status.Errorf(status.InvalidArgument, "action for private network check shouldn't be empty")
+	if peerNetworkRangeCheck := req.Checks.PeerNetworkRangeCheck; peerNetworkRangeCheck != nil {
+		if peerNetworkRangeCheck.Action == "" {
+			return status.Errorf(status.InvalidArgument, "action for peer network range check shouldn't be empty")
 		}
 
-		allowedActions := []api.PrivateNetworkCheckAction{api.PrivateNetworkCheckActionAllow, api.PrivateNetworkCheckActionDeny}
-		if !slices.Contains(allowedActions, privateNetworkCheck.Action) {
-			return status.Errorf(status.InvalidArgument, "action for private network check is not valid value")
+		allowedActions := []api.PeerNetworkRangeCheckAction{api.PeerNetworkRangeCheckActionAllow, api.PeerNetworkRangeCheckActionDeny}
+		if !slices.Contains(allowedActions, peerNetworkRangeCheck.Action) {
+			return status.Errorf(status.InvalidArgument, "action for peer network range check is not valid value")
 		}
-		if len(privateNetworkCheck.Ranges) == 0 {
-			return status.Errorf(status.InvalidArgument, "network ranges for private network check shouldn't be empty")
+		if len(peerNetworkRangeCheck.Ranges) == 0 {
+			return status.Errorf(status.InvalidArgument, "network ranges for peer network range check shouldn't be empty")
 		}
 	}
 
@@ -318,8 +318,8 @@ func toPostureChecksResponse(postureChecks *posture.Checks) *api.PostureCheck {
 		checks.GeoLocationCheck = toGeoLocationCheckResponse(postureChecks.Checks.GeoLocationCheck)
 	}
 
-	if postureChecks.Checks.PrivateNetworkCheck != nil {
-		checks.PrivateNetworkCheck = toPrivateNetworkCheckResponse(postureChecks.Checks.PrivateNetworkCheck)
+	if postureChecks.Checks.PeerNetworkRangeCheck != nil {
+		checks.PeerNetworkRangeCheck = toPeerNetworkRangeCheckResponse(postureChecks.Checks.PeerNetworkRangeCheck)
 	}
 
 	return &api.PostureCheck{
@@ -369,19 +369,19 @@ func toPostureGeoLocationCheck(apiGeoLocationCheck *api.GeoLocationCheck) *postu
 	}
 }
 
-func toPrivateNetworkCheckResponse(check *posture.PrivateNetworkCheck) *api.PrivateNetworkCheck {
+func toPeerNetworkRangeCheckResponse(check *posture.PeerNetworkRangeCheck) *api.PeerNetworkRangeCheck {
 	netPrefixes := make([]string, 0, len(check.Ranges))
 	for _, netPrefix := range check.Ranges {
 		netPrefixes = append(netPrefixes, netPrefix.String())
 	}
 
-	return &api.PrivateNetworkCheck{
+	return &api.PeerNetworkRangeCheck{
 		Ranges: netPrefixes,
-		Action: api.PrivateNetworkCheckAction(check.Action),
+		Action: api.PeerNetworkRangeCheckAction(check.Action),
 	}
 }
 
-func toPrivateNetworkCheck(check *api.PrivateNetworkCheck) (*posture.PrivateNetworkCheck, error) {
+func toPeerNetworkRangeCheck(check *api.PeerNetworkRangeCheck) (*posture.PeerNetworkRangeCheck, error) {
 	prefixes := make([]netip.Prefix, 0)
 	for _, prefix := range check.Ranges {
 		parsedPrefix, err := netip.ParsePrefix(prefix)
@@ -391,7 +391,7 @@ func toPrivateNetworkCheck(check *api.PrivateNetworkCheck) (*posture.PrivateNetw
 		prefixes = append(prefixes, parsedPrefix)
 	}
 
-	return &posture.PrivateNetworkCheck{
+	return &posture.PeerNetworkRangeCheck{
 		Ranges: prefixes,
 		Action: string(check.Action),
 	}, nil
diff --git a/management/server/http/posture_checks_handler_test.go b/management/server/http/posture_checks_handler_test.go
index 24a28f3ec..70e803214 100644
--- a/management/server/http/posture_checks_handler_test.go
+++ b/management/server/http/posture_checks_handler_test.go
@@ -131,7 +131,7 @@ func TestGetPostureCheck(t *testing.T) {
 		ID:   "privateNetworkPostureCheck",
 		Name: "privateNetwork",
 		Checks: posture.ChecksDefinition{
-			PrivateNetworkCheck: &posture.PrivateNetworkCheck{
+			PeerNetworkRangeCheck: &posture.PeerNetworkRangeCheck{
 				Ranges: []netip.Prefix{
 					netip.MustParsePrefix("192.168.0.0/24"),
 				},
@@ -375,7 +375,7 @@ func TestPostureCheckUpdate(t *testing.T) {
 			},
 		},
 		{
-			name:        "Create Posture Checks Private Network",
+			name:        "Create Posture Checks Peer Network Range",
 			requestType: http.MethodPost,
 			requestPath: "/api/posture-checks",
 			requestBody: bytes.NewBuffer(
@@ -383,7 +383,7 @@ func TestPostureCheckUpdate(t *testing.T) {
 					"name": "default",
 					"description": "default",
 					"checks": {
-						"private_network_check": {
+						"peer_network_range_check": {
 							"action": "allow",
 							"ranges": [
 								"10.0.0.0/8"
@@ -398,11 +398,11 @@ func TestPostureCheckUpdate(t *testing.T) {
 				Name:        "default",
 				Description: str("default"),
 				Checks: api.Checks{
-					PrivateNetworkCheck: &api.PrivateNetworkCheck{
+					PeerNetworkRangeCheck: &api.PeerNetworkRangeCheck{
 						Ranges: []string{
 							"10.0.0.0/8",
 						},
-						Action: api.PrivateNetworkCheckActionAllow,
+						Action: api.PeerNetworkRangeCheckActionAllow,
 					},
 				},
 			},
@@ -715,14 +715,14 @@ func TestPostureCheckUpdate(t *testing.T) {
 			expectedBody:   false,
 		},
 		{
-			name:        "Update Posture Checks Private Network",
+			name:        "Update Posture Checks Peer Network Range",
 			requestType: http.MethodPut,
-			requestPath: "/api/posture-checks/privateNetworkPostureCheck",
+			requestPath: "/api/posture-checks/peerNetworkRangePostureCheck",
 			requestBody: bytes.NewBuffer(
 				[]byte(`{
 					"name": "default",
 					"checks": {
-						"private_network_check": {
+						"peer_network_range_check": {
 							"action": "deny",
 							"ranges": [
 								"192.168.1.0/24"
@@ -737,11 +737,11 @@ func TestPostureCheckUpdate(t *testing.T) {
 				Name:        "default",
 				Description: str(""),
 				Checks: api.Checks{
-					PrivateNetworkCheck: &api.PrivateNetworkCheck{
+					PeerNetworkRangeCheck: &api.PeerNetworkRangeCheck{
 						Ranges: []string{
 							"192.168.1.0/24",
 						},
-						Action: api.PrivateNetworkCheckActionDeny,
+						Action: api.PeerNetworkRangeCheckActionDeny,
 					},
 				},
 			},
@@ -784,10 +784,10 @@ func TestPostureCheckUpdate(t *testing.T) {
 			},
 		},
 		&posture.Checks{
-			ID:   "privateNetworkPostureCheck",
-			Name: "privateNetwork",
+			ID:   "peerNetworkRangePostureCheck",
+			Name: "peerNetworkRange",
 			Checks: posture.ChecksDefinition{
-				PrivateNetworkCheck: &posture.PrivateNetworkCheck{
+				PeerNetworkRangeCheck: &posture.PeerNetworkRangeCheck{
 					Ranges: []netip.Prefix{
 						netip.MustParsePrefix("192.168.0.0/24"),
 					},
@@ -891,29 +891,50 @@ func TestPostureCheck_validatePostureChecksUpdate(t *testing.T) {
 	err = validatePostureChecksUpdate(api.PostureCheckUpdate{Name: "Default", Checks: &api.Checks{OsVersionCheck: &osVersionCheck}})
 	assert.NoError(t, err)
 
-	// valid private network check
-	privateNetworkCheck := api.PrivateNetworkCheck{
-		Action: api.PrivateNetworkCheckActionAllow,
+	// valid peer network range check
+	peerNetworkRangeCheck := api.PeerNetworkRangeCheck{
+		Action: api.PeerNetworkRangeCheckActionAllow,
 		Ranges: []string{
 			"192.168.1.0/24", "10.0.0.0/8",
 		},
 	}
-	err = validatePostureChecksUpdate(api.PostureCheckUpdate{Name: "Default", Checks: &api.Checks{PrivateNetworkCheck: &privateNetworkCheck}})
+	err = validatePostureChecksUpdate(
+		api.PostureCheckUpdate{
+			Name: "Default",
+			Checks: &api.Checks{
+				PeerNetworkRangeCheck: &peerNetworkRangeCheck,
+			},
+		},
+	)
 	assert.NoError(t, err)
 
-	// invalid private network check
-	privateNetworkCheck = api.PrivateNetworkCheck{
-		Action: api.PrivateNetworkCheckActionDeny,
+	// invalid peer network range check
+	peerNetworkRangeCheck = api.PeerNetworkRangeCheck{
+		Action: api.PeerNetworkRangeCheckActionDeny,
 		Ranges: []string{},
 	}
-	err = validatePostureChecksUpdate(api.PostureCheckUpdate{Name: "Default", Checks: &api.Checks{PrivateNetworkCheck: &privateNetworkCheck}})
+	err = validatePostureChecksUpdate(
+		api.PostureCheckUpdate{
+			Name: "Default",
+			Checks: &api.Checks{
+				PeerNetworkRangeCheck: &peerNetworkRangeCheck,
+			},
+		},
+	)
 	assert.Error(t, err)
 
-	// invalid private network check
-	privateNetworkCheck = api.PrivateNetworkCheck{
+	// invalid peer network range check
+	peerNetworkRangeCheck = api.PeerNetworkRangeCheck{
 		Action: "unknownAction",
 		Ranges: []string{},
 	}
-	err = validatePostureChecksUpdate(api.PostureCheckUpdate{Name: "Default", Checks: &api.Checks{PrivateNetworkCheck: &privateNetworkCheck}})
+	err = validatePostureChecksUpdate(
+		api.PostureCheckUpdate{
+			Name: "Default",
+			Checks: &api.Checks{
+				PeerNetworkRangeCheck: &peerNetworkRangeCheck,
+			},
+		},
+	)
 	assert.Error(t, err)
 }
diff --git a/management/server/idp/auth0.go b/management/server/idp/auth0.go
index 745136f62..34a5c0de5 100644
--- a/management/server/idp/auth0.go
+++ b/management/server/idp/auth0.go
@@ -114,6 +114,22 @@ type auth0Profile struct {
 	LastLogin     string `json:"last_login"`
 }
 
+// Connections represents a single Auth0 connection
+// https://auth0.com/docs/api/management/v2/connections/get-connections
+type Connection struct {
+	Id                 string            `json:"id"`
+	Name               string            `json:"name"`
+	DisplayName        string            `json:"display_name"`
+	IsDomainConnection bool              `json:"is_domain_connection"`
+	Realms             []string          `json:"realms"`
+	Metadata           map[string]string `json:"metadata"`
+	Options            ConnectionOptions `json:"options"`
+}
+
+type ConnectionOptions struct {
+	DomainAliases []string `json:"domain_aliases"`
+}
+
 // NewAuth0Manager creates a new instance of the Auth0Manager
 func NewAuth0Manager(config Auth0ClientConfig, appMetrics telemetry.AppMetrics) (*Auth0Manager, error) {
 	httpTransport := http.DefaultTransport.(*http.Transport).Clone()
@@ -581,13 +597,13 @@ func (am *Auth0Manager) GetAllAccounts() (map[string][]*UserData, error) {
 
 	body, err := io.ReadAll(jobResp.Body)
 	if err != nil {
-		log.Debugf("Coudln't read export job response; %v", err)
+		log.Debugf("Couldn't read export job response; %v", err)
 		return nil, err
 	}
 
 	err = am.helper.Unmarshal(body, &exportJobResp)
 	if err != nil {
-		log.Debugf("Coudln't unmarshal export job response; %v", err)
+		log.Debugf("Couldn't unmarshal export job response; %v", err)
 		return nil, err
 	}
 
@@ -635,7 +651,7 @@ func (am *Auth0Manager) GetUserByEmail(email string) ([]*UserData, error) {
 
 	err = am.helper.Unmarshal(body, &userResp)
 	if err != nil {
-		log.Debugf("Coudln't unmarshal export job response; %v", err)
+		log.Debugf("Couldn't unmarshal export job response; %v", err)
 		return nil, err
 	}
 
@@ -684,13 +700,13 @@ func (am *Auth0Manager) CreateUser(email, name, accountID, invitedByEmail string
 
 	body, err := io.ReadAll(resp.Body)
 	if err != nil {
-		log.Debugf("Coudln't read export job response; %v", err)
+		log.Debugf("Couldn't read export job response; %v", err)
 		return nil, err
 	}
 
 	err = am.helper.Unmarshal(body, &createResp)
 	if err != nil {
-		log.Debugf("Coudln't unmarshal export job response; %v", err)
+		log.Debugf("Couldn't unmarshal export job response; %v", err)
 		return nil, err
 	}
 
@@ -777,6 +793,56 @@ func (am *Auth0Manager) DeleteUser(userID string) error {
 	return nil
 }
 
+// GetAllConnections returns detailed list of all connections filtered by given params.
+// Note this method is not part of the IDP Manager interface as this is Auth0 specific.
+func (am *Auth0Manager) GetAllConnections(strategy []string) ([]Connection, error) {
+	var connections []Connection
+
+	q := make(url.Values)
+	q.Set("strategy", strings.Join(strategy, ","))
+
+	req, err := am.createRequest(http.MethodGet, "/api/v2/connections?"+q.Encode(), nil)
+	if err != nil {
+		return connections, err
+	}
+
+	resp, err := am.httpClient.Do(req)
+	if err != nil {
+		log.Debugf("execute get connections request: %v", err)
+		if am.appMetrics != nil {
+			am.appMetrics.IDPMetrics().CountRequestError()
+		}
+		return connections, err
+	}
+
+	defer func() {
+		err = resp.Body.Close()
+		if err != nil {
+			log.Errorf("close get connections request body: %v", err)
+		}
+	}()
+	if resp.StatusCode != 200 {
+		if am.appMetrics != nil {
+			am.appMetrics.IDPMetrics().CountRequestStatusError()
+		}
+		return connections, fmt.Errorf("unable to get connections, statusCode %d", resp.StatusCode)
+	}
+
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		log.Debugf("Couldn't read get connections response; %v", err)
+		return connections, err
+	}
+
+	err = am.helper.Unmarshal(body, &connections)
+	if err != nil {
+		log.Debugf("Couldn't unmarshal get connection response; %v", err)
+		return connections, err
+	}
+
+	return connections, err
+}
+
 // checkExportJobStatus checks the status of the job created at CreateExportUsersJob.
 // If the status is "completed", then return the downloadLink
 func (am *Auth0Manager) checkExportJobStatus(jobID string) (bool, string, error) {
diff --git a/management/server/integrated_approval/interface.go b/management/server/integrated_approval/interface.go
index bf1219f47..be09d2669 100644
--- a/management/server/integrated_approval/interface.go
+++ b/management/server/integrated_approval/interface.go
@@ -8,5 +8,6 @@ import (
 // IntegratedApproval interface exists to avoid the circle dependencies
 type IntegratedApproval interface {
 	PreparePeer(accountID string, peer *nbpeer.Peer, peersGroup []string, extraSettings *account.ExtraSettings) *nbpeer.Peer
-	SyncPeer(accountID string, peer *nbpeer.Peer, peersGroup []string, extraSettings *account.ExtraSettings) (*nbpeer.Peer, bool)
+	IsRequiresApproval(accountID string, peer *nbpeer.Peer, peersGroup []string, extraSettings *account.ExtraSettings) bool
+	Stop()
 }
diff --git a/management/server/management_test.go b/management/server/management_test.go
index af8f51d0a..bc74eded1 100644
--- a/management/server/management_test.go
+++ b/management/server/management_test.go
@@ -452,8 +452,12 @@ func (MocIntegratedApproval) PreparePeer(accountID string, peer *nbpeer.Peer, pe
 	return peer
 }
 
-func (MocIntegratedApproval) SyncPeer(accountID string, peer *nbpeer.Peer, peersGroup []string, extraSettings *account.ExtraSettings) (*nbpeer.Peer, bool) {
-	return peer.Copy(), false
+func (MocIntegratedApproval) IsRequiresApproval(accountID string, peer *nbpeer.Peer, peersGroup []string, extraSettings *account.ExtraSettings) bool {
+	return false
+}
+
+func (MocIntegratedApproval) Stop() {
+
 }
 
 func loginPeerWithValidSetupKey(serverPubKey wgtypes.Key, key wgtypes.Key, client mgmtProto.ManagementServiceClient) *mgmtProto.LoginResponse {
diff --git a/management/server/mock_server/account_mock.go b/management/server/mock_server/account_mock.go
index a5628da46..32076cb1f 100644
--- a/management/server/mock_server/account_mock.go
+++ b/management/server/mock_server/account_mock.go
@@ -11,6 +11,7 @@ import (
 	nbdns "github.com/netbirdio/netbird/dns"
 	"github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/activity"
+	"github.com/netbirdio/netbird/management/server/idp"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
 	nbpeer "github.com/netbirdio/netbird/management/server/peer"
 	"github.com/netbirdio/netbird/management/server/posture"
@@ -93,6 +94,7 @@ type MockAccountManager struct {
 	DeletePostureChecksFunc         func(accountID, postureChecksID, userID string) error
 	ListPostureChecksFunc           func(accountID, userID string) ([]*posture.Checks, error)
 	GetUsageFunc                    func(ctx context.Context, accountID string, start, end time.Time) (*server.AccountUsageStats, error)
+	GetIdpManagerFunc               func() idp.Manager
 	UpdateIntegratedApprovalGroupsFunc func(accountID string, userID string, groups []string) error
 	GroupValidationFunc                func(accountId string, groups []string) (bool, error)
 }
@@ -707,7 +709,7 @@ func (am *MockAccountManager) ListPostureChecks(accountID, userID string) ([]*po
 	return nil, status.Errorf(codes.Unimplemented, "method ListPostureChecks is not implemented")
 }
 
-// GetUsage mocks GetCurrentUsage of the AccountManager interface
+// GetUsage mocks GetUsage of the AccountManager interface
 func (am *MockAccountManager) GetUsage(ctx context.Context, accountID string, start time.Time, end time.Time) (*server.AccountUsageStats, error) {
 	if am.GetUsageFunc != nil {
 		return am.GetUsageFunc(ctx, accountID, start, end)
@@ -715,6 +717,14 @@ func (am *MockAccountManager) GetUsage(ctx context.Context, accountID string, st
 	return nil, status.Errorf(codes.Unimplemented, "method GetUsage is not implemented")
 }
 
+// GetIdpManager mocks GetIdpManager of the AccountManager interface
+func (am *MockAccountManager) GetIdpManager() idp.Manager {
+	if am.GetIdpManagerFunc != nil {
+		return am.GetIdpManagerFunc()
+	}
+	return nil
+}
+
 // UpdateIntegratedApprovalGroups mocks UpdateIntegratedApprovalGroups of the AccountManager interface
 func (am *MockAccountManager) UpdateIntegratedApprovalGroups(accountID string, userID string, groups []string) error {
 	if am.UpdateIntegratedApprovalGroupsFunc != nil {
diff --git a/management/server/peer.go b/management/server/peer.go
index 4a5a9c53e..b8ab3091d 100644
--- a/management/server/peer.go
+++ b/management/server/peer.go
@@ -408,6 +408,8 @@ func (am *DefaultAccountManager) AddPeer(setupKey, userID string, peer *nbpeer.P
 		return nil, nil, err
 	}
 
+	registrationTime := time.Now().UTC()
+
 	newPeer := &nbpeer.Peer{
 		ID:                     xid.New().String(),
 		Key:                    peer.Key,
@@ -417,10 +419,11 @@ func (am *DefaultAccountManager) AddPeer(setupKey, userID string, peer *nbpeer.P
 		Name:                   peer.Meta.Hostname,
 		DNSLabel:               newLabel,
 		UserID:                 userID,
-		Status:                 &nbpeer.PeerStatus{Connected: false, LastSeen: time.Now().UTC()},
+		Status:                 &nbpeer.PeerStatus{Connected: false, LastSeen: registrationTime},
 		SSHEnabled:             false,
 		SSHKey:                 peer.SSHKey,
-		LastLogin:              time.Now().UTC(),
+		LastLogin:              registrationTime,
+		CreatedAt:              registrationTime,
 		LoginExpirationEnabled: addedByUser,
 		Ephemeral:              ephemeral,
 	}
@@ -518,10 +521,9 @@ func (am *DefaultAccountManager) SyncPeer(sync PeerSync) (*nbpeer.Peer, *Network
 		return nil, nil, status.Errorf(status.PermissionDenied, "peer login has expired, please log in once more")
 	}
 
-	peer, updated := am.integratedPeerValidator.SyncPeer(account.Id, peer, account.GetPeerGroupsList(peer.ID), account.Settings.Extra)
-
-	if updated {
-		account.UpdatePeer(peer)
+	requiresApproval := am.integratedPeerValidator.IsRequiresApproval(account.Id, peer, account.GetPeerGroupsList(peer.ID), account.Settings.Extra)
+	if peer.Status.RequiresApproval != requiresApproval {
+		peer.Status.RequiresApproval = requiresApproval
 		err = am.Store.SaveAccount(account)
 		if err != nil {
 			return nil, nil, err
@@ -594,12 +596,12 @@ func (am *DefaultAccountManager) LoginPeer(login PeerLogin) (*nbpeer.Peer, *Netw
 		am.StoreEvent(login.UserID, peer.ID, account.Id, activity.UserLoggedInPeer, peer.EventMeta(am.GetDNSDomain()))
 	}
 
-	peer, updated := am.integratedPeerValidator.SyncPeer(account.Id, peer, account.GetPeerGroupsList(peer.ID), account.Settings.Extra)
-	if updated {
+	isRequiresApproval := am.integratedPeerValidator.IsRequiresApproval(account.Id, peer, account.GetPeerGroupsList(peer.ID), account.Settings.Extra)
+	if peer.Status.RequiresApproval != isRequiresApproval {
 		shouldStoreAccount = true
 	}
 
-	peer, updated = updatePeerMeta(peer, login.Meta, account)
+	peer, updated := updatePeerMeta(peer, login.Meta, account)
 	if updated {
 		shouldStoreAccount = true
 	}
diff --git a/management/server/peer/peer.go b/management/server/peer/peer.go
index f45c1cb9e..e62843180 100644
--- a/management/server/peer/peer.go
+++ b/management/server/peer/peer.go
@@ -40,13 +40,15 @@ type Peer struct {
 	LoginExpirationEnabled bool
 	// LastLogin the time when peer performed last login operation
 	LastLogin time.Time
+	// CreatedAt records the time the peer was created
+	CreatedAt time.Time
 	// Indicate ephemeral peer attribute
 	Ephemeral bool
 	// Geo location based on connection IP
 	Location Location `gorm:"embedded;embeddedPrefix:location_"`
 }
 
-type PeerStatus struct {
+type PeerStatus struct { //nolint:revive
 	// LastSeen is the last time peer was connected to the management service
 	LastSeen time.Time
 	// Connected indicates whether peer is connected to the management service or not
@@ -71,8 +73,14 @@ type NetworkAddress struct {
 	Mac   string
 }
 
+// Environment is a system environment information
+type Environment struct {
+	Cloud    string
+	Platform string
+}
+
 // PeerSystemMeta is a metadata of a Peer machine system
-type PeerSystemMeta struct {
+type PeerSystemMeta struct { //nolint:revive
 	Hostname           string
 	GoOS               string
 	Kernel             string
@@ -87,6 +95,7 @@ type PeerSystemMeta struct {
 	SystemSerialNumber string
 	SystemProductName  string
 	SystemManufacturer string
+	Environment        Environment `gorm:"serializer:json"`
 }
 
 func (p PeerSystemMeta) isEqual(other PeerSystemMeta) bool {
@@ -119,7 +128,9 @@ func (p PeerSystemMeta) isEqual(other PeerSystemMeta) bool {
 		p.UIVersion == other.UIVersion &&
 		p.SystemSerialNumber == other.SystemSerialNumber &&
 		p.SystemProductName == other.SystemProductName &&
-		p.SystemManufacturer == other.SystemManufacturer
+		p.SystemManufacturer == other.SystemManufacturer &&
+		p.Environment.Cloud == other.Environment.Cloud &&
+		p.Environment.Platform == other.Environment.Platform
 }
 
 // AddedWithSSOLogin indicates whether this peer has been added with an SSO login by a user.
@@ -148,6 +159,7 @@ func (p *Peer) Copy() *Peer {
 		SSHEnabled:             p.SSHEnabled,
 		LoginExpirationEnabled: p.LoginExpirationEnabled,
 		LastLogin:              p.LastLogin,
+		CreatedAt:              p.CreatedAt,
 		Ephemeral:              p.Ephemeral,
 		Location:               p.Location,
 	}
@@ -204,7 +216,7 @@ func (p *Peer) FQDN(dnsDomain string) string {
 
 // EventMeta returns activity event meta related to the peer
 func (p *Peer) EventMeta(dnsDomain string) map[string]any {
-	return map[string]any{"name": p.Name, "fqdn": p.FQDN(dnsDomain), "ip": p.IP}
+	return map[string]any{"name": p.Name, "fqdn": p.FQDN(dnsDomain), "ip": p.IP, "created_at": p.CreatedAt}
 }
 
 // Copy PeerStatus
diff --git a/management/server/posture/checks.go b/management/server/posture/checks.go
index ee85be405..1b1f9d322 100644
--- a/management/server/posture/checks.go
+++ b/management/server/posture/checks.go
@@ -10,10 +10,10 @@ import (
 )
 
 const (
-	NBVersionCheckName      = "NBVersionCheck"
-	OSVersionCheckName      = "OSVersionCheck"
-	GeoLocationCheckName    = "GeoLocationCheck"
-	PrivateNetworkCheckName = "PrivateNetworkCheck"
+	NBVersionCheckName        = "NBVersionCheck"
+	OSVersionCheckName        = "OSVersionCheck"
+	GeoLocationCheckName      = "GeoLocationCheck"
+	PeerNetworkRangeCheckName = "PeerNetworkRangeCheck"
 
 	CheckActionAllow string = "allow"
 	CheckActionDeny  string = "deny"
@@ -44,10 +44,10 @@ type Checks struct {
 
 // ChecksDefinition contains definition of actual check
 type ChecksDefinition struct {
-	NBVersionCheck      *NBVersionCheck      `json:",omitempty"`
-	OSVersionCheck      *OSVersionCheck      `json:",omitempty"`
-	GeoLocationCheck    *GeoLocationCheck    `json:",omitempty"`
-	PrivateNetworkCheck *PrivateNetworkCheck `json:",omitempty"`
+	NBVersionCheck        *NBVersionCheck        `json:",omitempty"`
+	OSVersionCheck        *OSVersionCheck        `json:",omitempty"`
+	GeoLocationCheck      *GeoLocationCheck      `json:",omitempty"`
+	PeerNetworkRangeCheck *PeerNetworkRangeCheck `json:",omitempty"`
 }
 
 // Copy returns a copy of a checks definition.
@@ -85,13 +85,13 @@ func (cd ChecksDefinition) Copy() ChecksDefinition {
 		}
 		copy(cdCopy.GeoLocationCheck.Locations, geoCheck.Locations)
 	}
-	if cd.PrivateNetworkCheck != nil {
-		privateNetCheck := cd.PrivateNetworkCheck
-		cdCopy.PrivateNetworkCheck = &PrivateNetworkCheck{
-			Action: privateNetCheck.Action,
-			Ranges: make([]netip.Prefix, len(privateNetCheck.Ranges)),
+	if cd.PeerNetworkRangeCheck != nil {
+		peerNetRangeCheck := cd.PeerNetworkRangeCheck
+		cdCopy.PeerNetworkRangeCheck = &PeerNetworkRangeCheck{
+			Action: peerNetRangeCheck.Action,
+			Ranges: make([]netip.Prefix, len(peerNetRangeCheck.Ranges)),
 		}
-		copy(cdCopy.PrivateNetworkCheck.Ranges, privateNetCheck.Ranges)
+		copy(cdCopy.PeerNetworkRangeCheck.Ranges, peerNetRangeCheck.Ranges)
 	}
 	return cdCopy
 }
@@ -130,8 +130,8 @@ func (pc *Checks) GetChecks() []Check {
 	if pc.Checks.GeoLocationCheck != nil {
 		checks = append(checks, pc.Checks.GeoLocationCheck)
 	}
-	if pc.Checks.PrivateNetworkCheck != nil {
-		checks = append(checks, pc.Checks.PrivateNetworkCheck)
+	if pc.Checks.PeerNetworkRangeCheck != nil {
+		checks = append(checks, pc.Checks.PeerNetworkRangeCheck)
 	}
 	return checks
 }
diff --git a/management/server/posture/checks_test.go b/management/server/posture/checks_test.go
index fc36e7f12..d36d4f50c 100644
--- a/management/server/posture/checks_test.go
+++ b/management/server/posture/checks_test.go
@@ -254,7 +254,7 @@ func TestChecks_Copy(t *testing.T) {
 				},
 				Action: CheckActionAllow,
 			},
-			PrivateNetworkCheck: &PrivateNetworkCheck{
+			PeerNetworkRangeCheck: &PeerNetworkRangeCheck{
 				Ranges: []netip.Prefix{
 					netip.MustParsePrefix("192.168.0.0/24"),
 					netip.MustParsePrefix("10.0.0.0/8"),
diff --git a/management/server/posture/network.go b/management/server/posture/network.go
index 8607d07aa..9bf969f4c 100644
--- a/management/server/posture/network.go
+++ b/management/server/posture/network.go
@@ -8,16 +8,16 @@ import (
 	nbpeer "github.com/netbirdio/netbird/management/server/peer"
 )
 
-type PrivateNetworkCheck struct {
+type PeerNetworkRangeCheck struct {
 	Action string
 	Ranges []netip.Prefix `gorm:"serializer:json"`
 }
 
-var _ Check = (*PrivateNetworkCheck)(nil)
+var _ Check = (*PeerNetworkRangeCheck)(nil)
 
-func (p *PrivateNetworkCheck) Check(peer nbpeer.Peer) (bool, error) {
+func (p *PeerNetworkRangeCheck) Check(peer nbpeer.Peer) (bool, error) {
 	if len(peer.Meta.NetworkAddresses) == 0 {
-		return false, fmt.Errorf("peer's does not contain private network addresses")
+		return false, fmt.Errorf("peer's does not contain peer network range addresses")
 	}
 
 	maskedPrefixes := make([]netip.Prefix, 0, len(p.Ranges))
@@ -34,7 +34,7 @@ func (p *PrivateNetworkCheck) Check(peer nbpeer.Peer) (bool, error) {
 			case CheckActionAllow:
 				return true, nil
 			default:
-				return false, fmt.Errorf("invalid private network check action: %s", p.Action)
+				return false, fmt.Errorf("invalid peer network range check action: %s", p.Action)
 			}
 		}
 	}
@@ -46,9 +46,9 @@ func (p *PrivateNetworkCheck) Check(peer nbpeer.Peer) (bool, error) {
 		return false, nil
 	}
 
-	return false, fmt.Errorf("invalid private network check action: %s", p.Action)
+	return false, fmt.Errorf("invalid peer network range check action: %s", p.Action)
 }
 
-func (p *PrivateNetworkCheck) Name() string {
-	return PrivateNetworkCheckName
+func (p *PeerNetworkRangeCheck) Name() string {
+	return PeerNetworkRangeCheckName
 }
diff --git a/management/server/posture/network_test.go b/management/server/posture/network_test.go
index 018005460..36ead4660 100644
--- a/management/server/posture/network_test.go
+++ b/management/server/posture/network_test.go
@@ -9,17 +9,17 @@ import (
 	nbpeer "github.com/netbirdio/netbird/management/server/peer"
 )
 
-func TestPrivateNetworkCheck_Check(t *testing.T) {
+func TestPeerNetworkRangeCheck_Check(t *testing.T) {
 	tests := []struct {
 		name    string
-		check   PrivateNetworkCheck
+		check   PeerNetworkRangeCheck
 		peer    nbpeer.Peer
 		wantErr bool
 		isValid bool
 	}{
 		{
-			name: "Peer private networks matches the allowed range",
-			check: PrivateNetworkCheck{
+			name: "Peer networks range matches the allowed range",
+			check: PeerNetworkRangeCheck{
 				Action: CheckActionAllow,
 				Ranges: []netip.Prefix{
 					netip.MustParsePrefix("192.168.0.0/24"),
@@ -42,8 +42,8 @@ func TestPrivateNetworkCheck_Check(t *testing.T) {
 			isValid: true,
 		},
 		{
-			name: "Peer private networks doesn't matches the allowed range",
-			check: PrivateNetworkCheck{
+			name: "Peer networks range doesn't matches the allowed range",
+			check: PeerNetworkRangeCheck{
 				Action: CheckActionAllow,
 				Ranges: []netip.Prefix{
 					netip.MustParsePrefix("192.168.0.0/24"),
@@ -63,8 +63,8 @@ func TestPrivateNetworkCheck_Check(t *testing.T) {
 			isValid: false,
 		},
 		{
-			name: "Peer with no privates network in the allow range",
-			check: PrivateNetworkCheck{
+			name: "Peer with no network range in the allow range",
+			check: PeerNetworkRangeCheck{
 				Action: CheckActionAllow,
 				Ranges: []netip.Prefix{
 					netip.MustParsePrefix("192.168.0.0/16"),
@@ -76,8 +76,8 @@ func TestPrivateNetworkCheck_Check(t *testing.T) {
 			isValid: false,
 		},
 		{
-			name: "Peer private networks matches the denied range",
-			check: PrivateNetworkCheck{
+			name: "Peer networks range matches the denied range",
+			check: PeerNetworkRangeCheck{
 				Action: CheckActionDeny,
 				Ranges: []netip.Prefix{
 					netip.MustParsePrefix("192.168.0.0/24"),
@@ -100,8 +100,8 @@ func TestPrivateNetworkCheck_Check(t *testing.T) {
 			isValid: false,
 		},
 		{
-			name: "Peer private networks doesn't matches the denied range",
-			check: PrivateNetworkCheck{
+			name: "Peer networks range doesn't matches the denied range",
+			check: PeerNetworkRangeCheck{
 				Action: CheckActionDeny,
 				Ranges: []netip.Prefix{
 					netip.MustParsePrefix("192.168.0.0/24"),
@@ -121,8 +121,8 @@ func TestPrivateNetworkCheck_Check(t *testing.T) {
 			isValid: true,
 		},
 		{
-			name: "Peer with no private networks in the denied range",
-			check: PrivateNetworkCheck{
+			name: "Peer with no networks range in the denied range",
+			check: PeerNetworkRangeCheck{
 				Action: CheckActionDeny,
 				Ranges: []netip.Prefix{
 					netip.MustParsePrefix("192.168.0.0/16"),
diff --git a/management/server/scheduler.go b/management/server/scheduler.go
index a35bdc30c..356348056 100644
--- a/management/server/scheduler.go
+++ b/management/server/scheduler.go
@@ -1,9 +1,10 @@
 package server
 
 import (
-	log "github.com/sirupsen/logrus"
 	"sync"
 	"time"
+
+	log "github.com/sirupsen/logrus"
 )
 
 // Scheduler is an interface which implementations can schedule and cancel jobs
@@ -55,14 +56,8 @@ func (wm *DefaultScheduler) cancel(ID string) bool {
 	cancel, ok := wm.jobs[ID]
 	if ok {
 		delete(wm.jobs, ID)
-		select {
-		case cancel <- struct{}{}:
-			log.Debugf("cancelled scheduled job %s", ID)
-		default:
-			log.Warnf("couldn't cancel job %s because there was no routine listening on the cancel event", ID)
-			return false
-		}
-
+		close(cancel)
+		log.Debugf("cancelled scheduled job %s", ID)
 	}
 	return ok
 }
@@ -90,25 +85,41 @@ func (wm *DefaultScheduler) Schedule(in time.Duration, ID string, job func() (ne
 		return
 	}
 
+	ticker := time.NewTicker(in)
+
 	wm.jobs[ID] = cancel
 	log.Debugf("scheduled a job %s to run in %s. There are %d total jobs scheduled.", ID, in.String(), len(wm.jobs))
 	go func() {
-		select {
-		case <-time.After(in):
-			log.Debugf("time to do a scheduled job %s", ID)
-			runIn, reschedule := job()
-			wm.mu.Lock()
-			defer wm.mu.Unlock()
-			delete(wm.jobs, ID)
-			if reschedule {
-				go wm.Schedule(runIn, ID, job)
+		for {
+			select {
+			case <-ticker.C:
+				select {
+				case <-cancel:
+					log.Debugf("scheduled job %s was canceled, stop timer", ID)
+					ticker.Stop()
+					return
+				default:
+					log.Debugf("time to do a scheduled job %s", ID)
+				}
+				runIn, reschedule := job()
+				if !reschedule {
+					wm.mu.Lock()
+					defer wm.mu.Unlock()
+					delete(wm.jobs, ID)
+					log.Debugf("job %s is not scheduled to run again", ID)
+					ticker.Stop()
+					return
+				}
+				// we need this comparison to avoid resetting the ticker with the same duration and missing the current elapsesed time
+				if runIn != in {
+					ticker.Reset(runIn)
+				}
+			case <-cancel:
+				log.Debugf("job %s was canceled, stopping timer", ID)
+				ticker.Stop()
+				return
 			}
-		case <-cancel:
-			log.Debugf("stopped scheduled job %s ", ID)
-			wm.mu.Lock()
-			defer wm.mu.Unlock()
-			delete(wm.jobs, ID)
-			return
 		}
+
 	}()
 }
diff --git a/management/server/scheduler_test.go b/management/server/scheduler_test.go
index 0c0cef99b..4b2c2e30d 100644
--- a/management/server/scheduler_test.go
+++ b/management/server/scheduler_test.go
@@ -2,11 +2,12 @@ package server
 
 import (
 	"fmt"
-	"github.com/stretchr/testify/assert"
 	"math/rand"
 	"sync"
 	"testing"
 	"time"
+
+	"github.com/stretchr/testify/assert"
 )
 
 func TestScheduler_Performance(t *testing.T) {
@@ -36,15 +37,24 @@ func TestScheduler_Cancel(t *testing.T) {
 	jobID1 := "test-scheduler-job-1"
 	jobID2 := "test-scheduler-job-2"
 	scheduler := NewDefaultScheduler()
-	scheduler.Schedule(2*time.Second, jobID1, func() (nextRunIn time.Duration, reschedule bool) {
-		return 0, false
+	tChan := make(chan struct{})
+	p := []string{jobID1, jobID2}
+	scheduler.Schedule(2*time.Millisecond, jobID1, func() (nextRunIn time.Duration, reschedule bool) {
+		tt := p[0]
+		<-tChan
+		t.Logf("job %s", tt)
+		return 2 * time.Millisecond, true
 	})
-	scheduler.Schedule(2*time.Second, jobID2, func() (nextRunIn time.Duration, reschedule bool) {
-		return 0, false
+	scheduler.Schedule(2*time.Millisecond, jobID2, func() (nextRunIn time.Duration, reschedule bool) {
+		return 2 * time.Millisecond, true
 	})
 
+	time.Sleep(4 * time.Millisecond)
 	assert.Len(t, scheduler.jobs, 2)
 	scheduler.Cancel([]string{jobID1})
+	close(tChan)
+	p = []string{}
+	time.Sleep(4 * time.Millisecond)
 	assert.Len(t, scheduler.jobs, 1)
 	assert.NotNil(t, scheduler.jobs[jobID2])
 }
diff --git a/management/server/user.go b/management/server/user.go
index 651488f2b..f1516139b 100644
--- a/management/server/user.go
+++ b/management/server/user.go
@@ -85,6 +85,8 @@ type User struct {
 	Blocked bool
 	// LastLogin is the last time the user logged in to IdP
 	LastLogin time.Time
+	// CreatedAt records the time the user was created
+	CreatedAt time.Time
 
 	// Issued of the user
 	Issued string `gorm:"default:api"`
@@ -173,6 +175,7 @@ func (u *User) Copy() *User {
 		PATs:                 pats,
 		Blocked:              u.Blocked,
 		LastLogin:            u.LastLogin,
+		CreatedAt:            u.CreatedAt,
 		Issued:               u.Issued,
 		IntegrationReference: u.IntegrationReference,
 	}
@@ -188,6 +191,7 @@ func NewUser(id string, role UserRole, isServiceUser bool, nonDeletable bool, se
 		ServiceUserName: serviceUserName,
 		AutoGroups:      autoGroups,
 		Issued:          issued,
+		CreatedAt:       time.Now().UTC(),
 	}
 }
 
@@ -338,6 +342,7 @@ func (am *DefaultAccountManager) inviteNewUser(accountID, userID string, invite
 		AutoGroups:           invite.AutoGroups,
 		Issued:               invite.Issued,
 		IntegrationReference: invite.IntegrationReference,
+		CreatedAt:            time.Now().UTC(),
 	}
 	account.Users[idpUser.ID] = newUser
 
@@ -414,7 +419,7 @@ func (am *DefaultAccountManager) ListUsers(accountID string) ([]*User, error) {
 }
 
 func (am *DefaultAccountManager) deleteServiceUser(account *Account, initiatorUserID string, targetUser *User) {
-	meta := map[string]any{"name": targetUser.ServiceUserName}
+	meta := map[string]any{"name": targetUser.ServiceUserName, "created_at": targetUser.CreatedAt}
 	am.StoreEvent(initiatorUserID, targetUser.Id, account.Id, activity.ServiceUserDeleted, meta)
 	delete(account.Users, targetUser.Id)
 }
@@ -494,13 +499,23 @@ func (am *DefaultAccountManager) deleteRegularUser(account *Account, initiatorUs
 		return err
 	}
 
+	u, err := account.FindUser(targetUserID)
+	if err != nil {
+		log.Errorf("failed to find user %s for deletion, this should never happen: %s", targetUserID, err)
+	}
+
+	var tuCreatedAt time.Time
+	if u != nil {
+		tuCreatedAt = u.CreatedAt
+	}
+
 	delete(account.Users, targetUserID)
 	err = am.Store.SaveAccount(account)
 	if err != nil {
 		return err
 	}
 
-	meta := map[string]any{"name": tuName, "email": tuEmail}
+	meta := map[string]any{"name": tuName, "email": tuEmail, "created_at": tuCreatedAt}
 	am.StoreEvent(initiatorUserID, targetUserID, account.Id, activity.UserDeleted, meta)
 
 	am.updateAccountPeers(account)
diff --git a/management/server/user_test.go b/management/server/user_test.go
index 8de2267b3..50cd726ef 100644
--- a/management/server/user_test.go
+++ b/management/server/user_test.go
@@ -273,7 +273,8 @@ func TestUser_Copy(t *testing.T) {
 			},
 		},
 		Blocked:   false,
-		LastLogin: time.Now(),
+		LastLogin: time.Now().UTC(),
+		CreatedAt: time.Now().UTC(),
 		Issued:    "test",
 		IntegrationReference: IntegrationReference{
 			ID:              0,
diff --git a/signal/client/grpc.go b/signal/client/grpc.go
index 07276aef1..7531608c3 100644
--- a/signal/client/grpc.go
+++ b/signal/client/grpc.go
@@ -21,11 +21,10 @@ import (
 	"google.golang.org/grpc/status"
 
 	"github.com/netbirdio/netbird/encryption"
+	"github.com/netbirdio/netbird/management/client"
 	"github.com/netbirdio/netbird/signal/proto"
 )
 
-const defaultSendTimeout = 5 * time.Second
-
 // ConnStateNotifier is a wrapper interface of the status recorder
 type ConnStateNotifier interface {
 	MarkSignalDisconnected(error)
@@ -71,7 +70,7 @@ func NewClient(ctx context.Context, addr string, key wgtypes.Key, tlsEnabled boo
 		transportOption = grpc.WithTransportCredentials(credentials.NewTLS(&tls.Config{}))
 	}
 
-	sigCtx, cancel := context.WithTimeout(ctx, 5*time.Second)
+	sigCtx, cancel := context.WithTimeout(ctx, client.ConnectTimeout)
 	defer cancel()
 	conn, err := grpc.DialContext(
 		sigCtx,
@@ -353,7 +352,7 @@ func (c *GrpcClient) Send(msg *proto.Message) error {
 		return err
 	}
 
-	attemptTimeout := defaultSendTimeout
+	attemptTimeout := client.ConnectTimeout
 
 	for attempt := 0; attempt < 4; attempt++ {
 		if attempt > 1 {
diff --git a/signal/cmd/run.go b/signal/cmd/run.go
index 9b52fb52d..10a2da636 100644
--- a/signal/cmd/run.go
+++ b/signal/cmd/run.go
@@ -4,7 +4,6 @@ import (
 	"errors"
 	"flag"
 	"fmt"
-	"golang.org/x/crypto/acme/autocert"
 	"io"
 	"io/fs"
 	"net"
@@ -14,10 +13,14 @@ import (
 	"strings"
 	"time"
 
+	"golang.org/x/crypto/acme/autocert"
+
 	"github.com/netbirdio/netbird/encryption"
 	"github.com/netbirdio/netbird/signal/proto"
 	"github.com/netbirdio/netbird/signal/server"
 	"github.com/netbirdio/netbird/util"
+	"github.com/netbirdio/netbird/version"
+
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 	"google.golang.org/grpc"
@@ -129,6 +132,7 @@ var (
 				log.Infof("running gRPC server: %s", grpcListener.Addr().String())
 			}
 
+			log.Infof("signal server version %s", version.NetbirdVersion())
 			log.Infof("started Signal Service")
 
 			SetupCloseHandler()